sync with OpenBSD -current

lib/libc/gen/syslog.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: syslog.3,v 1.37 2022/03/31 17:27:15 naddy Exp $
+.\"	$OpenBSD: syslog.3,v 1.38 2024/06/11 23:35:27 jsg Exp $
 .\"
 .\" Copyright (c) 1985, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: June 11 2024 $
 .Dt SYSLOG 3
 .Os
 .Sh NAME
@@ -392,8 +392,6 @@ The functions
 and
 .Fn setlogmask_r
 appeared in
-.Bx 386 0.1
-and have been available since
 .Ox 3.1 .
 .Sh CAVEATS
 It is important never to pass a string with user-supplied data as a

lib/libcrypto/x509/x509.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.111 2024/03/02 10:59:41 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.112 2024/06/12 03:55:46 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -693,8 +693,8 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
 #endif
 
 const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
-void		X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+void		X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **issuerUID,
-		    const ASN1_BIT_STRING **psuid);
+		    const ASN1_BIT_STRING **subjectUID);
 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
 int 		X509_set_version(X509 *x, long version);
 long		X509_get_version(const X509 *x);

lib/libtls/tls_signer.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.12 2024/03/28 06:55:02 joshua Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.13 2024/06/11 16:35:24 op Exp $ */
 /*
  * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
  *
@@ -16,10 +16,19 @@
  */
 
 #include <limits.h>
+#include <pthread.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
 
-#include <openssl/ecdsa.h>
+#include <openssl/bio.h>
+#include <openssl/ec.h>
 #include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
 #include <openssl/rsa.h>
+#include <openssl/x509.h>
 
 #include "tls.h"
 #include "tls_internal.h"

regress/usr.bin/ssh/test-exec.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.114 2024/06/06 19:48:40 djm Exp $
+#	$OpenBSD: test-exec.sh,v 1.115 2024/06/11 01:58:27 djm Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
@@ -265,6 +265,7 @@ export SSH_PKCS11_HELPER SSH_SK_HELPER
 
 stop_sshd ()
 {
+	[ -z $PIDFILE ] && return
 	[ -f $PIDFILE ] || return
 	pid=`$SUDO cat $PIDFILE`
 	if [ "X$pid" = "X" ]; then
@@ -675,6 +676,7 @@ chmod a+x $OBJ/ssh_proxy.sh
 
 start_sshd ()
 {
+	PIDFILE=$OBJ/pidfile
 	# start sshd
 	logfile="${TEST_SSH_LOGDIR}/sshd.`$OBJ/timestamp`.$$.log"
 	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"

sys/arch/amd64/amd64/conf.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.c,v 1.78 2023/03/06 17:20:05 miod Exp $	*/
+/*	$OpenBSD: conf.c,v 1.80 2024/06/11 09:21:32 jsg Exp $	*/
 
 /*
  * Copyright (c) 1994, 1995 Charles M. Hannum.  All rights reserved.
@@ -117,14 +117,6 @@ cdev_decl(pcmcia);
 #endif
 #include "spkr.h"
 cdev_decl(spkr);
-#if 0 /* old (non-wsmouse) drivers */
-#include "mms.h"
-cdev_decl(mms);
-#include "lms.h"
-cdev_decl(lms);
-#include "opms.h"
-cdev_decl(pms);
-#endif
 #include "cy.h"
 cdev_decl(cy);
 #include "tun.h"
@@ -149,7 +141,6 @@ cdev_decl(cztty);
 #include "nvram.h"
 cdev_decl(nvram);
 #include "drm.h"
-cdev_decl(drm);
 #include "viocon.h"
 cdev_decl(viocon);
 

sys/arch/arm/arm/cpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.59 2023/10/24 13:20:09 claudio Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.60 2024/06/11 15:44:55 kettenis Exp $	*/
 /*	$NetBSD: cpu.c,v 1.56 2004/04/14 04:01:49 bsh Exp $	*/
 
 
@@ -836,6 +836,10 @@ cpu_opp_mountroot(struct device *self)
 			min = ot->ot_opp_hz_min;
 			max = ot->ot_opp_hz_max;
 			level_hz = clock_get_frequency(ci->ci_node, NULL);
+			if (level_hz < min)
+				level_hz = min;
+			if (level_hz > max)
+				level_hz = max;
 			level = howmany(100 * (level_hz - min), (max - min));
 		}
 

sys/arch/arm64/arm64/conf.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.c,v 1.22 2023/03/06 17:20:06 miod Exp $	*/
+/*	$OpenBSD: conf.c,v 1.24 2024/06/12 02:50:25 jsg Exp $	*/
 
 /*
  * Copyright (c) 1994, 1995 Charles M. Hannum.  All rights reserved.
@@ -100,7 +100,6 @@ cdev_decl(lpt);
 #include "ucom.h"
 #include "radio.h"
 #include "drm.h"
-cdev_decl(drm);
 
 #include "wsdisplay.h"
 #include "wskbd.h"
@@ -237,6 +236,8 @@ struct cdevsw	cdevsw[] =
 };
 int	nchrdev = nitems(cdevsw);
 
+int	mem_no = 2;	/* major device number of memory special file */
+
 /*
  * Swapdev is a fake device implemented
  * in sw.c used only internally to get to swstrategy.
@@ -246,7 +247,7 @@ int	nchrdev = nitems(cdevsw);
  * confuse, e.g. the hashing routines. Instead, /dev/drum is
  * provided as a character (raw) device.
  */
-dev_t	swapdev = makedev(BMAJ_SW, 0);
+dev_t	swapdev = makedev(1, 0);
 
 /*
  * Returns true if dev is /dev/mem or /dev/kmem.
@@ -254,8 +255,7 @@ dev_t	swapdev = makedev(BMAJ_SW, 0);
 int
 iskmemdev(dev_t dev)
 {
-
+	return (major(dev) == mem_no && minor(dev) < 2);
-	return (major(dev) == CMAJ_MM && minor(dev) < 2);
 }
 
 /*
@@ -264,14 +264,13 @@ iskmemdev(dev_t dev)
 int
 iszerodev(dev_t dev)
 {
-
+	return (major(dev) == mem_no && minor(dev) == 12);
-	return (major(dev) == CMAJ_MM && minor(dev) == 12);
 }
 
 dev_t
 getnulldev(void)
 {
-	return makedev(CMAJ_MM, 2);
+	return makedev(mem_no, 2);
 }
 
 const int chrtoblktbl[] = {
@@ -348,8 +347,8 @@ dev_rawpart(struct device *dv)
 
 	switch (majdev) {
 	/* add here any device you want to be checksummed on boot */
-	case BMAJ_WD:
+	case 0:		/* wd */
-	case BMAJ_SD:
+	case 4:		/* sd */
 		return (MAKEDISKDEV(majdev, dv->dv_unit, RAW_PART));
 		break;
 	default:

sys/arch/arm64/arm64/cpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.118 2024/05/30 04:16:25 tb Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.119 2024/06/11 15:44:55 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@@ -1802,6 +1802,10 @@ cpu_opp_mountroot(struct device *self)
 			min = ot->ot_opp_hz_min;
 			max = ot->ot_opp_hz_max;
 			level_hz = clock_get_frequency(ci->ci_node, NULL);
+			if (level_hz < min)
+				level_hz = min;
+			if (level_hz > max)
+				level_hz = max;
 			level = howmany(100 * (level_hz - min), (max - min));
 		}
 

sys/arch/arm64/include/conf.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.h,v 1.4 2022/06/28 14:43:50 visa Exp $	*/
+/*	$OpenBSD: conf.h,v 1.5 2024/06/12 02:50:25 jsg Exp $	*/
 /*	$NetBSD: conf.h,v 1.2 1996/05/05 19:28:34 christos Exp $	*/
 
 /*
@@ -58,43 +58,4 @@ cdev_decl(openprom);
 cdev_decl(apm);
 cdev_decl(acpiapm);
 
-/*
- * These numbers have to be in sync with bdevsw/cdevsw.
- */
-
-#define BMAJ_WD		0
-#define BMAJ_SW		1
-#define BMAJ_SD		4
-#define BMAJ_ST		5
-
-#define CMAJ_MM		2
-#define CMAJ_PTS	5
-#define CMAJ_PTC	6
-#define CMAJ_COM	8
-#define CMAJ_WSDISPLAY	12
-#define CMAJ_ST		14
-#define CMAJ_LPT	16
-#define CMAJ_CH		17
-#define CMAJ_UK		20
-#define CMAJ_BPF	23
-#define CMAJ_TUN	40
-#define CMAJ_AUDIO	42
-#define CMAJ_VIDEO	44
-#define CMAJ_BKTR	49
-#define CMAJ_MIDI	52
-#define CMAJ_USB	61
-#define CMAJ_UHID	62
-#define CMAJ_UGEN	63
-#define CMAJ_ULPT	64
-#define CMAJ_UCOM	66
-#define CMAJ_WSKBD	67
-#define CMAJ_WSMOUSE	68
-#ifdef USER_PCICONF
-#define CMAJ_PCI	72
-#endif
-#define CMAJ_RADIO	76
-#define CMAJ_DRM	87
-#define CMAJ_GPIO	88
-#define CMAJ_VSCSI	89
-
 #endif	/* _MACHINE_CONF_H_ */

sys/arch/i386/i386/conf.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.c,v 1.176 2023/03/06 17:20:06 miod Exp $	*/
+/*	$OpenBSD: conf.c,v 1.178 2024/06/11 09:21:32 jsg Exp $	*/
 /*	$NetBSD: conf.c,v 1.75 1996/05/03 19:40:20 christos Exp $	*/
 
 /*
@@ -115,14 +115,6 @@ cdev_decl(pcmcia);
 #endif
 #include "spkr.h"
 cdev_decl(spkr);
-#if 0 /* old (non-wsmouse) drivers */
-#include "mms.h"
-cdev_decl(mms);
-#include "lms.h"
-cdev_decl(lms);
-#include "opms.h"
-cdev_decl(pms);
-#endif
 #include "cy.h"
 cdev_decl(cy);
 #include "tun.h"
@@ -148,7 +140,6 @@ cdev_decl(cztty);
 #include "nvram.h"
 cdev_decl(nvram);
 #include "drm.h"
-cdev_decl(drm);
 
 #include "wsdisplay.h"
 #include "wskbd.h"

sys/arch/i386/include/conf.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.h,v 1.20 2022/06/28 14:43:50 visa Exp $	*/
+/*	$OpenBSD: conf.h,v 1.21 2024/06/11 03:28:42 jsg Exp $	*/
 /*	$NetBSD: conf.h,v 1.2 1996/05/05 19:28:34 christos Exp $	*/
 
 /*
@@ -35,7 +35,6 @@
 #define	mmread	mmrw
 #define	mmwrite	mmrw
 cdev_decl(mm);
-cdev_decl(pms);
 
 bdev_decl(fd);
 cdev_decl(fd);
@@ -48,12 +47,6 @@ cdev_decl(fd);
 
 cdev_decl(spkr);
 
-cdev_decl(mms);
-
-cdev_decl(lms);
-
-cdev_decl(pms);
-
 cdev_decl(joy);
 
 cdev_decl(bios);

sys/dev/acpi/acpi.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: acpi.c,v 1.430 2024/06/02 11:08:41 kettenis Exp $ */
+/* $OpenBSD: acpi.c,v 1.431 2024/06/11 17:35:26 kettenis Exp $ */
 /*
  * Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
  * Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
@@ -26,6 +26,7 @@
 #include <sys/signalvar.h>
 #include <sys/proc.h>
 #include <sys/kthread.h>
+#include <sys/reboot.h>
 #include <sys/sched.h>
 
 #include <machine/conf.h>
@@ -726,8 +727,10 @@ acpi_pci_min_powerstate(pci_chipset_tag_t pc, pcitag_t tag)
 		if (pdev->bus == bus && pdev->dev == dev && pdev->fun == fun) {
 			switch (acpi_softc->sc_state) {
 			case ACPI_STATE_S0:
-				defaultstate = PCI_PMCSR_STATE_D3;
+				if (boothowto & RB_POWERDOWN) {
-				state = pdev->_s0w;
+					defaultstate = PCI_PMCSR_STATE_D3;
+					state = pdev->_s0w;
+				}
 				break;
 			case ACPI_STATE_S3:
 				defaultstate = PCI_PMCSR_STATE_D3;

sys/dev/fdt/rkclock.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: rkclock.c,v 1.88 2024/04/01 11:16:11 patrick Exp $	*/
+/*	$OpenBSD: rkclock.c,v 1.89 2024/06/11 09:15:33 kettenis Exp $	*/
 /*
  * Copyright (c) 2017, 2018 Mark Kettenis <kettenis@openbsd.org>
  *
@@ -4002,6 +4002,11 @@ const struct rkclock rk3588_clocks[] = {
 		SEL(11, 10), 0,
 		{ RK3588_CLK_200M_SRC, RK3588_CLK_150M_SRC, RK3588_XIN24M },
 	},
+	{
+		RK3588_CLK_TSADC, RK3588_CRU_CLKSEL_CON(41),
+		SEL(8, 8), DIV(7, 0),
+		{ RK3588_PLL_GPLL, RK3588_XIN24M },
+	},
 	{
 		RK3588_CLK_UART1_SRC, RK3588_CRU_CLKSEL_CON(41),
 		SEL(14, 14), DIV(13, 9),
@@ -4554,6 +4559,14 @@ rk3588_reset(void *cookie, uint32_t *cells, int on)
 	uint32_t bit, mask, reg;
 
 	switch (idx) {
+	case RK3588_SRST_P_TSADC:
+		reg = RK3588_CRU_SOFTRST_CON(12);
+		bit = 0;
+		break;
+	case RK3588_SRST_TSADC:
+		reg = RK3588_CRU_SOFTRST_CON(12);
+		bit = 1;
+		break;
 	case RK3588_SRST_A_GMAC0:
 		reg = RK3588_CRU_SOFTRST_CON(32);
 		bit = 10;

sys/dev/fdt/rkclock_clocks.h

@@ -427,6 +427,7 @@
 #define RK3588_CLK_SPI2			153
 #define RK3588_CLK_SPI3			154
 #define RK3588_CLK_SPI4			155
+#define RK3588_CLK_TSADC		158
 #define RK3588_CLK_UART1_SRC		168
 #define RK3588_CLK_UART1_FRAC		169
 #define RK3588_CLK_UART1		170
@@ -510,6 +511,8 @@
 #define RK3588_PLL_SPLL			1022
 #define RK3588_XIN24M			1023
 
+#define RK3588_SRST_P_TSADC		86
+#define RK3588_SRST_TSADC		87
 #define RK3588_SRST_A_GMAC0		291
 #define RK3588_SRST_A_GMAC1		292
 #define RK3588_SRST_PCIE0_POWER_UP	294

sys/dev/ic/qwx.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: qwx.c,v 1.62 2024/05/29 07:24:26 stsp Exp $	*/
+/*	$OpenBSD: qwx.c,v 1.63 2024/06/11 10:06:35 stsp Exp $	*/
 
 /*
  * Copyright 2023 Stefan Sperling <stsp@openbsd.org>
@@ -23150,7 +23150,8 @@ qwx_init_task(void *arg)
 	int s = splnet();
 	rw_enter_write(&sc->ioctl_rwl);
 
-	qwx_stop(ifp);
+	if (ifp->if_flags & IFF_RUNNING)
+		qwx_stop(ifp);
 
 	if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP)
 		qwx_init(ifp);

sys/dev/pci/if_qwx_pci.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_qwx_pci.c,v 1.19 2024/05/28 09:26:55 stsp Exp $	*/
+/*	$OpenBSD: if_qwx_pci.c,v 1.20 2024/06/11 10:06:35 stsp Exp $	*/
 
 /*
  * Copyright 2023 Stefan Sperling <stsp@openbsd.org>
@@ -4091,7 +4091,9 @@ qwx_pci_intr(void *arg)
 #else
 		printf("%s: fatal firmware error\n",
 		   sc->sc_dev.dv_xname);
-		if (!test_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags)) {
+		if (!test_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags) &&
+		    (sc->sc_ic.ic_if.if_flags & (IFF_UP | IFF_RUNNING)) ==
+		    (IFF_UP | IFF_RUNNING)) {
 			/* Try to reset the device. */
 			set_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags);
 			task_add(systq, &sc->init_task);

sys/dev/pv/if_vio.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_vio.c,v 1.38 2024/06/09 16:25:28 jan Exp $	*/
+/*	$OpenBSD: if_vio.c,v 1.40 2024/06/10 19:26:17 jan Exp $	*/
 
 /*
  * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg.
@@ -169,6 +169,9 @@ struct virtio_net_ctrl_cmd {
 # define VIRTIO_NET_CTRL_VLAN_ADD	0
 # define VIRTIO_NET_CTRL_VLAN_DEL	1
 
+#define VIRTIO_NET_CTRL_GUEST_OFFLOADS	5
+# define VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET	0
+
 struct virtio_net_ctrl_status {
 	uint8_t	ack;
 } __packed;
@@ -179,6 +182,10 @@ struct virtio_net_ctrl_rx {
 	uint8_t	onoff;
 } __packed;
 
+struct virtio_net_ctrl_guest_offloads {
+	uint64_t offloads;
+} __packed;
+
 struct virtio_net_ctrl_mac_tbl {
 	uint32_t nentries;
 	uint8_t macs[][ETHER_ADDR_LEN];
@@ -220,6 +227,7 @@ struct vio_softc {
 	struct virtio_net_ctrl_cmd *sc_ctrl_cmd;
 	struct virtio_net_ctrl_status *sc_ctrl_status;
 	struct virtio_net_ctrl_rx *sc_ctrl_rx;
+	struct virtio_net_ctrl_guest_offloads *sc_ctrl_guest_offloads;
 	struct virtio_net_ctrl_mac_tbl *sc_ctrl_mac_tbl_uc;
 #define sc_ctrl_mac_info sc_ctrl_mac_tbl_uc
 	struct virtio_net_ctrl_mac_tbl *sc_ctrl_mac_tbl_mc;
@@ -289,6 +297,7 @@ void	vio_txtick(void *);
 void	vio_link_state(struct ifnet *);
 int	vio_config_change(struct virtio_softc *);
 int	vio_ctrl_rx(struct vio_softc *, int, int);
+int	vio_ctrl_guest_offloads(struct vio_softc *, uint64_t);
 int	vio_set_rx_filter(struct vio_softc *);
 void	vio_iff(struct vio_softc *);
 int	vio_media_change(struct ifnet *);
@@ -414,6 +423,7 @@ vio_alloc_mem(struct vio_softc *sc)
 		allocsize += sizeof(struct virtio_net_ctrl_cmd) * 1;
 		allocsize += sizeof(struct virtio_net_ctrl_status) * 1;
 		allocsize += sizeof(struct virtio_net_ctrl_rx) * 1;
+		allocsize += sizeof(struct virtio_net_ctrl_guest_offloads) * 1;
 		allocsize += VIO_CTRL_MAC_INFO_SIZE;
 	}
 	sc->sc_dma_size = allocsize;
@@ -433,6 +443,8 @@ vio_alloc_mem(struct vio_softc *sc)
 		offset += sizeof(*sc->sc_ctrl_status);
 		sc->sc_ctrl_rx = (void*)(kva + offset);
 		offset += sizeof(*sc->sc_ctrl_rx);
+		sc->sc_ctrl_guest_offloads = (void*)(kva + offset);
+		offset += sizeof(*sc->sc_ctrl_guest_offloads);
 		sc->sc_ctrl_mac_tbl_uc = (void*)(kva + offset);
 		offset += sizeof(*sc->sc_ctrl_mac_tbl_uc) +
 		    ETHER_ADDR_LEN * VIRTIO_NET_CTRL_MAC_UC_ENTRIES;
@@ -454,7 +466,8 @@ vio_alloc_mem(struct vio_softc *sc)
 	sc->sc_tx_mbufs = sc->sc_rx_mbufs + rxqsize;
 
 	for (i = 0; i < rxqsize; i++) {
-		r = bus_dmamap_create(vsc->sc_dmat, MCLBYTES, 1, MCLBYTES, 0,
+		r = bus_dmamap_create(vsc->sc_dmat, MAXMCLBYTES,
+		    MAXMCLBYTES/PAGE_SIZE + 1, MCLBYTES, 0,
 		    BUS_DMA_NOWAIT|BUS_DMA_ALLOCNOW, &sc->sc_rx_dmamaps[i]);
 		if (r != 0)
 			goto err_reqs;
@@ -550,6 +563,10 @@ vio_attach(struct device *parent, struct device *self, void *aux)
 	vsc->sc_driver_features |= VIRTIO_NET_F_HOST_TSO4;
 	vsc->sc_driver_features |= VIRTIO_NET_F_HOST_TSO6;
 
+	vsc->sc_driver_features |= VIRTIO_NET_F_CTRL_GUEST_OFFLOADS;
+	vsc->sc_driver_features |= VIRTIO_NET_F_GUEST_TSO4;
+	vsc->sc_driver_features |= VIRTIO_NET_F_GUEST_TSO6;
+
 	virtio_negotiate_features(vsc, virtio_net_feature_names);
 	if (virtio_has_feature(vsc, VIRTIO_NET_F_MAC)) {
 		vio_get_lladdr(&sc->sc_ac, vsc);
@@ -616,6 +633,14 @@ vio_attach(struct device *parent, struct device *self, void *aux)
 		ifp->if_capabilities |= IFCAP_TSOv4;
 	if (virtio_has_feature(vsc, VIRTIO_NET_F_HOST_TSO6))
 		ifp->if_capabilities |= IFCAP_TSOv6;
+
+	if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) &&
+	    (virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO4) ||
+	     virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO6))) {
+		ifp->if_xflags |= IFXF_LRO;
+		ifp->if_capabilities |= IFCAP_LRO;
+	}
+
 	ifq_init_maxlen(&ifp->if_snd, vsc->sc_vqs[1].vq_num - 1);
 	ifmedia_init(&sc->sc_media, 0, vio_media_change, vio_media_status);
 	ifmedia_add(&sc->sc_media, IFM_ETHER | IFM_AUTO, 0, NULL);
@@ -692,6 +717,7 @@ int
 vio_init(struct ifnet *ifp)
 {
 	struct vio_softc *sc = ifp->if_softc;
+	struct virtio_softc *vsc = sc->sc_virtio;
 
 	vio_stop(ifp, 0);
 	if_rxr_init(&sc->sc_rx_ring, 2 * ((ifp->if_hardmtu / MCLBYTES) + 1),
@@ -701,6 +727,22 @@ vio_init(struct ifnet *ifp)
 	ifq_clr_oactive(&ifp->if_snd);
 	vio_iff(sc);
 	vio_link_state(ifp);
+
+	if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
+		uint64_t features = 0;
+
+		SET(features, VIRTIO_NET_F_GUEST_CSUM);
+
+		if (ISSET(ifp->if_xflags, IFXF_LRO)) {
+			if (virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO4))
+				SET(features, VIRTIO_NET_F_GUEST_TSO4);
+			if (virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO6))
+				SET(features, VIRTIO_NET_F_GUEST_TSO6);
+		}
+
+		vio_ctrl_guest_offloads(sc, features);
+	}
+
 	return 0;
 }
 
@@ -844,7 +886,8 @@ again:
 			break;
 		}
 		if (r != 0)
-			panic("enqueue_prep for a tx buffer: %d", r);
+			panic("%s: enqueue_prep for tx buffer: %d",
+			    sc->sc_dev.dv_xname, r);
 
 		hdr = &sc->sc_tx_hdrs[slot];
 		memset(hdr, 0, sc->sc_hdr_size);
@@ -1025,7 +1068,8 @@ vio_populate_rx_mbufs(struct vio_softc *sc)
 		if (r == EAGAIN)
 			break;
 		if (r != 0)
-			panic("enqueue_prep for rx buffers: %d", r);
+			panic("%s: enqueue_prep for rx buffer: %d",
+			    sc->sc_dev.dv_xname, r);
 		if (sc->sc_rx_mbufs[slot] == NULL) {
 			r = vio_add_rx_mbuf(sc, slot);
 			if (r != 0) {
@@ -1087,6 +1131,24 @@ vio_rx_offload(struct mbuf *m, struct virtio_net_hdr *hdr)
 		if (ISSET(hdr->flags, VIRTIO_NET_HDR_F_NEEDS_CSUM))
 			SET(m->m_pkthdr.csum_flags, M_UDP_CSUM_OUT);
 	}
+
+	if (hdr->gso_type == VIRTIO_NET_HDR_GSO_TCPV4 ||
+	    hdr->gso_type == VIRTIO_NET_HDR_GSO_TCPV6) {
+		uint16_t mss = hdr->gso_size;
+
+		if (!ext.tcp || mss == 0) {
+			tcpstat_inc(tcps_inbadlro);
+			return;
+		}
+
+		if ((ext.paylen + mss - 1) / mss <= 1)
+			return;
+
+		tcpstat_inc(tcps_inhwlro);
+		tcpstat_add(tcps_inpktlro, (ext.paylen + mss - 1) / mss);
+		SET(m->m_pkthdr.csum_flags, M_TCP_TSO);
+		m->m_pkthdr.ph_mss = mss;
+	}
 }
 
 /* dequeue received packets */
@@ -1341,10 +1403,12 @@ vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff)
 
 	r = virtio_enqueue_prep(vq, &slot);
 	if (r != 0)
-		panic("%s: control vq busy!?", sc->sc_dev.dv_xname);
+		panic("%s: %s virtio_enqueue_prep: control vq busy",
+		    sc->sc_dev.dv_xname, __func__);
 	r = virtio_enqueue_reserve(vq, slot, 3);
 	if (r != 0)
-		panic("%s: control vq busy!?", sc->sc_dev.dv_xname);
+		panic("%s: %s virtio_enqueue_reserve: control vq busy",
+		    sc->sc_dev.dv_xname, __func__);
 	VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd,
 	    sizeof(*sc->sc_ctrl_cmd), 1);
 	VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_rx,
@@ -1376,6 +1440,69 @@ out:
 	return r;
 }
 
+int
+vio_ctrl_guest_offloads(struct vio_softc *sc, uint64_t features)
+{
+	struct virtio_softc *vsc = sc->sc_virtio;
+	struct virtqueue *vq = &sc->sc_vq[VQCTL];
+	int r, slot;
+
+	splassert(IPL_NET);
+
+	if ((r = vio_wait_ctrl(sc)) != 0)
+		return r;
+
+	sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_GUEST_OFFLOADS;
+	sc->sc_ctrl_cmd->command = VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET;
+	sc->sc_ctrl_guest_offloads->offloads = features;
+
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd,
+	    sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_PREWRITE);
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_guest_offloads,
+	    sizeof(*sc->sc_ctrl_guest_offloads), BUS_DMASYNC_PREWRITE);
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status,
+	    sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_PREREAD);
+
+	r = virtio_enqueue_prep(vq, &slot);
+	if (r != 0)
+		panic("%s: %s virtio_enqueue_prep: control vq busy",
+		    sc->sc_dev.dv_xname, __func__);
+	r = virtio_enqueue_reserve(vq, slot, 3);
+	if (r != 0)
+		panic("%s: %s virtio_enqueue_reserve: control vq busy",
+		    sc->sc_dev.dv_xname, __func__);
+	VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd,
+	    sizeof(*sc->sc_ctrl_cmd), 1);
+	VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_guest_offloads,
+	    sizeof(*sc->sc_ctrl_guest_offloads), 1);
+	VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_status,
+	    sizeof(*sc->sc_ctrl_status), 0);
+	virtio_enqueue_commit(vsc, vq, slot, 1);
+
+	if ((r = vio_wait_ctrl_done(sc)) != 0)
+		goto out;
+
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd,
+	    sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE);
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_guest_offloads,
+	    sizeof(*sc->sc_ctrl_guest_offloads), BUS_DMASYNC_POSTWRITE);
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status,
+	    sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD);
+
+	if (sc->sc_ctrl_status->ack == VIRTIO_NET_OK) {
+		r = 0;
+	} else {
+		printf("%s: features 0x%llx failed\n", sc->sc_dev.dv_xname,
+		    features);
+		r = EIO;
+	}
+
+	DPRINTF("%s: features 0x%llx: %d\n", __func__, features, r);
+ out:
+	vio_ctrl_wakeup(sc, FREE);
+	return r;
+}
+
 int
 vio_wait_ctrl(struct vio_softc *sc)
 {
@@ -1463,10 +1590,12 @@ vio_set_rx_filter(struct vio_softc *sc)
 
 	r = virtio_enqueue_prep(vq, &slot);
 	if (r != 0)
-		panic("%s: control vq busy!?", sc->sc_dev.dv_xname);
+		panic("%s: %s virtio_enqueue_prep: control vq busy",
+		    sc->sc_dev.dv_xname, __func__);
 	r = virtio_enqueue_reserve(vq, slot, 4);
 	if (r != 0)
-		panic("%s: control vq busy!?", sc->sc_dev.dv_xname);
+		panic("%s: %s virtio_enqueue_reserve: control vq busy",
+		    sc->sc_dev.dv_xname, __func__);
 	VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd,
 	    sizeof(*sc->sc_ctrl_cmd), 1);
 	VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_mac_tbl_uc,

sys/sys/conf.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.h,v 1.161 2023/01/14 12:11:11 kettenis Exp $	*/
+/*	$OpenBSD: conf.h,v 1.163 2024/06/11 01:49:17 jsg Exp $	*/
 /*	$NetBSD: conf.h,v 1.33 1996/05/03 20:03:32 christos Exp $	*/
 
 /*-
@@ -582,8 +582,6 @@ cdev_decl(ch);
 bdev_decl(sd);
 cdev_decl(sd);
 
-cdev_decl(ses);
-
 cdev_decl(st);
 
 bdev_decl(cd);
@@ -621,7 +619,6 @@ cdev_decl(kstat);
 cdev_decl(bio);
 cdev_decl(vscsi);
 
-cdev_decl(gpr);
 cdev_decl(bktr);
 
 cdev_decl(usb);
@@ -631,7 +628,6 @@ cdev_decl(fido);
 cdev_decl(ujoy);
 cdev_decl(ucom);
 cdev_decl(ulpt);
-cdev_decl(urio);
 
 cdev_decl(hotplug);
 cdev_decl(gpio);

sys/sys/msg.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: msg.h,v 1.21 2024/04/30 17:03:05 op Exp $	*/
+/*	$OpenBSD: msg.h,v 1.22 2024/06/10 04:10:25 jsg Exp $	*/
 /*	$NetBSD: msg.h,v 1.9 1996/02/09 18:25:18 christos Exp $	*/
 
 /*
@@ -85,25 +85,7 @@ struct que {
 	if (--(q)->que_references == 0 && (q)->que_flags & MSGQ_DYING)	\
 		wakeup_one(&(q)->que_references);			\
 } while (0)
-#endif
 
-/*
- * Structure describing a message.  The SVID doesn't suggest any
- * particular name for this structure.  There is a reference in the
- * msgop man page that reads "The structure mymsg is an example of what
- * this user defined buffer might look like, and includes the following
- * members:".  This sentence is followed by two lines equivalent
- * to the mtype and mtext field declarations below.  It isn't clear
- * if "mymsg" refers to the name of the structure type or the name of an
- * instance of the structure...
- */
-struct mymsg {
-	long	mtype;		/* message type (+ve integer) */
-	char	mtext[1];	/* message body */
-};
-
-
-#ifdef _KERNEL
 /*
  * Based on the configuration parameters described in an SVR2 (yes, two)
  * config(1m) man page.

usr.bin/ssh/monitor_wrap.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.131 2024/06/06 17:15:25 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.135 2024/06/11 02:54:51 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -160,7 +160,8 @@ mm_reap(void)
 		cleanup_exit(signal_is_crash(WTERMSIG(status)) ?
 		    EXIT_CHILD_CRASH : 255);
 	} else {
-		error_f("preauth child terminated abnormally");
+		error_f("preauth child terminated abnormally (status=0x%x)",
+		    status);
 		cleanup_exit(EXIT_CHILD_CRASH);
 	}
 }
@@ -170,7 +171,7 @@ mm_request_receive(int sock, struct sshbuf *m)
 {
 	u_char buf[4], *p = NULL;
 	u_int msg_len;
-	int r;
+	int oerrno, r;
 
 	debug3_f("entering");
 
@@ -188,8 +189,13 @@ mm_request_receive(int sock, struct sshbuf *m)
 	sshbuf_reset(m);
 	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
 		fatal_fr(r, "reserve");
-	if (atomicio(read, sock, p, msg_len) != msg_len)
+	if (atomicio(read, sock, p, msg_len) != msg_len) {
-		fatal_f("read: %s", strerror(errno));
+		oerrno = errno;
+		error_f("read: %s", strerror(errno));
+		if (oerrno == EPIPE)
+			mm_reap();
+		cleanup_exit(255);
+	}
 }
 
 void

usr.bin/ssh/servconf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.409 2024/06/06 20:25:48 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.410 2024/06/11 00:36:20 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1924,7 +1924,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 		charptr = &options->per_source_penalty_exempt;
 		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing file name.",
+			fatal("%s line %d: missing argument.",
 			    filename, linenum);
 		if (addr_match_list(NULL, arg) != 0) {
 			fatal("%s line %d: keyword %s "

usr.bin/ssh/srclimit.c

@@ -106,6 +106,8 @@ srclimit_init(int max, int persource, int ipv4len, int ipv6len,
 	penalty_cfg = *penalty_conf;
 	penalty_exempt = penalty_exempt_conf == NULL ?
 	    NULL : xstrdup(penalty_exempt_conf);
+	RB_INIT(&penalties_by_addr);
+	RB_INIT(&penalties_by_expiry);
 	if (max_persource == INT_MAX)	/* no limit */
 		return;
 	debug("%s: max connections %d, per source %d, masks %d,%d", __func__,
@@ -115,8 +117,6 @@ srclimit_init(int max, int persource, int ipv4len, int ipv6len,
 	children = xcalloc(max_children, sizeof(*children));
 	for (i = 0; i < max_children; i++)
 		children[i].id = -1;
-	RB_INIT(&penalties_by_addr);
-	RB_INIT(&penalties_by_expiry);
 }
 
 /* returns 1 if connection allowed, 0 if not allowed. */
@@ -259,7 +259,7 @@ srclimit_penalty_check_allow(int sock, const char **reason)
 			return 1;
 		}
 	}
-	if (npenalties > (size_t)penalty_cfg.max_sources &&
+	if (npenalties >= (size_t)penalty_cfg.max_sources &&
 	    penalty_cfg.overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) {
 		*reason = "too many penalised addresses";
 		return 0;
@@ -293,14 +293,14 @@ srclimit_remove_expired_penalties(void)
 	while (npenalties > (size_t)penalty_cfg.max_sources) {
 		if ((p = RB_MIN(penalties_by_expiry,
 		    &penalties_by_expiry)) == NULL)
-			break; /* shouldn't happen */
+			fatal_f("internal error: penalty tables corrupt (find)");
 		bits = p->addr.af == AF_INET ? ipv4_masklen : ipv6_masklen;
 		addr_masklen_ntop(&p->addr, bits, s, sizeof(s));
 		debug3_f("overflow, remove %s", s);
 		if (RB_REMOVE(penalties_by_expiry,
 		    &penalties_by_expiry, p) != p ||
 		    RB_REMOVE(penalties_by_addr, &penalties_by_addr, p) != p)
-			fatal_f("internal error: penalty tables corrupt");
+			fatal_f("internal error: penalty tables corrupt (remove)");
 		free(p);
 		npenalties--;
 	}

usr.bin/ssh/sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.358 2024/06/06 21:14:49 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.360 2024/06/11 05:24:39 jmc Exp $
-.Dd $Mdocdate: June 6 2024 $
+.Dd $Mdocdate: June 11 2024 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1562,45 +1562,51 @@ which means each address is considered individually.
 Controls penalties for various conditions that may represent attacks on
 .Xr sshd 8 .
 If a penalty is enforced against a client then its source address and any
-others in the
+others in the same network, as defined by
-.Cm PerSourceNetBlockSize
+.Cm PerSourceNetBlockSize ,
 will be refused connection for a period.
+.Pp
 A penalty doesn't affect concurrent connections in progress, but multiple
 penalties from the same source from concurrent connections will accumulate
 up to a maximum.
 Conversely, penalties are not applied until a minimum threshold time has been
 accumulated.
-Penalties are off by default but may be enabled using default settings using the
-.Cm yes
-keyword or by specifying one or more of the keywords below.
 .Pp
-Penalties are controlled using the following keywords, all of which accept
+Penalties are enabled by default with the default settings listed below
-arguments, e.g.\&
+but may disabled using the
+.Cm off
+keyword.
+The defaults may be overridden by specifying one or more of the keywords below,
+separated by whitespace.
+All keywords accept arguments, e.g.\&
 .Qq crash:2m .
 .Bl -tag -width Ds
 .It Cm crash:duration
 Specifies how long to refuse clients that cause a crash of
-.Xr sshd 8 .
+.Xr sshd 8 (default: 90s).
 .It Cm authfail:duration
 Specifies how long to refuse clients that disconnect after making one or more
-unsuccessful authentication attempts.
+unsuccessful authentication attempts (default: 5s).
 .It Cm noauth:duration
 Specifies how long to refuse clients that disconnect without attempting
-authentication.
+authentication (default: 1s).
 This timeout should be used cautiously otherwise it may penalise legitimate
 scanning tools such as
 .Xr ssh-keyscan 1 .
 .It Cm grace-exceeded:duration
 Specifies how long to refuse clients that fail to authenticate after
-.Cm LoginGraceTime .
+.Cm LoginGraceTime
+(default: 20s).
 .It Cm max:duration
 Specifies the maximum time a particular source address range will be refused
-access for.
+access for (default: 10m).
 Repeated penalties will accumulate up to this maximum.
 .It Cm min:duration
-Specifies the minimum penalty that must accrue before enforcement begins.
+Specifies the minimum penalty that must accrue before enforcement begins
+(default: 15s).
 .It Cm max-sources:number
-Specifies the maximum number of penalise client address ranges to track.
+Specifies the maximum number of penalise client address ranges to track
+(default: 65536).
 .It Cm overflow:mode
 Controls how the server behaves when
 .Cm max-sources
@@ -1611,7 +1617,8 @@ which denies all incoming connections other than those exempted via
 .Cm PerSourcePenaltyExemptList
 until a penalty expires, and
 .Cm permissive ,
-which allows new connections by removing existing penalties early.
+which allows new connections by removing existing penalties early
+(default: permissive).
 .El
 .It Cm PerSourcePenaltyExemptList
 Specifies a comma-separated list of addresses to exempt from penalties.

usr.sbin/bgpd/session.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: session.c,v 1.479 2024/05/29 10:38:24 claudio Exp $ */
+/*	$OpenBSD: session.c,v 1.480 2024/06/10 12:51:25 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org>
@@ -1254,7 +1254,11 @@ get_alternate_addr(struct bgpd_addr *local, struct bgpd_addr *remote,
 		    match->ifa_addr->sa_family != AF_INET6)
 			continue;
 		if (sa_equal(local, match->ifa_addr)) {
-			if (match->ifa_flags & IFF_POINTOPOINT &&
+			if (remote->aid == AID_INET6 &&
+			    IN6_IS_ADDR_LINKLOCAL(&remote->v6)) {
+				/* IPv6 LLA are by definition connected */
+				connected = 1;
+			} else if (match->ifa_flags & IFF_POINTOPOINT &&
 			    match->ifa_dstaddr != NULL) {
 				if (sa_equal(remote, match->ifa_dstaddr))
 					connected = 1;

usr.sbin/rpki-client/cert.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cert.c,v 1.144 2024/06/08 13:33:49 tb Exp $ */
+/*	$OpenBSD: cert.c,v 1.147 2024/06/12 04:01:20 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2021 Job Snijders <job@openbsd.org>
@@ -753,18 +753,6 @@ cert_parse_ee_cert(const char *fn, int talid, X509 *x)
 		goto out;
 	}
 
-	if (X509_get_key_usage(x) != KU_DIGITAL_SIGNATURE) {
-		warnx("%s: RFC 6487 section 4.8.4: KU must be digitalSignature",
-		    fn);
-		goto out;
-	}
-
-	/* EKU may be allowed for some purposes in the future. */
-	if (X509_get_extended_key_usage(x) != UINT32_MAX) {
-		warnx("%s: RFC 6487 section 4.8.5: EKU not allowed", fn);
-		goto out;
-	}
-
 	index = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1);
 	if ((ext = X509_get_ext(x, index)) != NULL) {
 		if (!sbgp_ipaddrblk(fn, cert, ext))
@@ -809,9 +797,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
 	int			 i, extsz;
 	X509			*x = NULL;
 	X509_EXTENSION		*ext = NULL;
-	const X509_ALGOR	*palg;
+	const ASN1_BIT_STRING	*issuer_uid = NULL, *subject_uid = NULL;
-	const ASN1_BIT_STRING	*piuid = NULL, *psuid = NULL;
-	const ASN1_OBJECT	*cobj;
 	ASN1_OBJECT		*obj;
 	EVP_PKEY		*pkey;
 	int			 nid, ip, as, sia, cp, crldp, aia, aki, ski,
@@ -844,13 +830,10 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
 		goto out;
 	}
 
-	X509_get0_signature(NULL, &palg, x);
+	if ((nid = X509_get_signature_nid(x)) == NID_undef) {
-	if (palg == NULL) {
+		warnx("%s: unknown signature type", fn);
-		warnx("%s: X509_get0_signature", fn);
 		goto out;
 	}
-	X509_ALGOR_get0(&cobj, NULL, NULL, palg);
-	nid = OBJ_obj2nid(cobj);
 	if (experimental && nid == NID_ecdsa_with_SHA256) {
 		if (verbose)
 			warnx("%s: P-256 support is experimental", fn);
@@ -860,8 +843,8 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
 		goto out;
 	}
 
-	X509_get0_uids(x, &piuid, &psuid);
+	X509_get0_uids(x, &issuer_uid, &subject_uid);
-	if (piuid != NULL || psuid != NULL) {
+	if (issuer_uid != NULL || subject_uid != NULL) {
 		warnx("%s: issuer or subject unique identifiers not allowed",
 		    fn);
 		goto out;
@@ -977,19 +960,6 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
 		if (!valid_ca_pkey(fn, pkey))
 			goto out;
 
-		if (X509_get_key_usage(x) != (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) {
-			warnx("%s: RFC 6487 section 4.8.4: key usage violation",
-			    fn);
-			goto out;
-		}
-
-		/* EKU may be allowed for some purposes in the future. */
-		if (X509_get_extended_key_usage(x) != UINT32_MAX) {
-			warnx("%s: RFC 6487 section 4.8.5: EKU not allowed",
-			    fn);
-			goto out;
-		}
-
 		if (cert->mft == NULL) {
 			warnx("%s: RFC 6487 section 4.8.8: missing SIA", fn);
 			goto out;

usr.sbin/rpki-client/cms.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cms.c,v 1.46 2024/06/08 13:28:35 tb Exp $ */
+/*	$OpenBSD: cms.c,v 1.48 2024/06/11 13:09:02 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -15,7 +15,6 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#include <assert.h>
 #include <err.h>
 #include <stdint.h>
 #include <stdlib.h>
@@ -287,7 +286,21 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
 	/* Compare content-type with eContentType */
 	octype = CMS_signed_get0_data_by_OBJ(si, cnt_type_oid,
 	    -3, V_ASN1_OBJECT);
-	assert(octype != NULL);
+	/*
+	 * Since lastpos == -3, octype can be NULL for 4 reasons:
+	 * 1. requested attribute OID is missing
+	 * 2. signedAttrs contains multiple attributes with requested OID
+	 * 3. attribute with requested OID has multiple values (malformed)
+	 * 4. X509_ATTRIBUTE_get0_data() returned NULL. This is also malformed,
+	 *    but libcrypto will create, sign, and verify such objects.
+	 * Reasons 1 and 2 are excluded because has_ct == 1. We don't know which
+	 * one of 3 or 4 we hit. Doesn't matter, drop the garbage on the floor.
+	 */
+	if (octype == NULL) {
+		warnx("%s: RFC 6488, section 2.1.6.4.1: malformed value "
+		    "for content-type attribute", fn);
+		goto out;
+	}
 	if (OBJ_cmp(obj, octype) != 0) {
 		OBJ_obj2txt(buf, sizeof(buf), obj, 1);
 		OBJ_obj2txt(obuf, sizeof(obuf), octype, 1);

usr.sbin/rpki-client/crl.c

@@ -1,5 +1,6 @@
-/*	$OpenBSD: crl.c,v 1.37 2024/06/05 13:36:28 tb Exp $ */
+/*	$OpenBSD: crl.c,v 1.40 2024/06/11 15:33:46 tb Exp $ */
 /*
+ * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -131,6 +132,7 @@ crl_check_revoked(const char *fn, X509_CRL *x509_crl)
 		 * XXX - as of May 2024, ~15% of RPKI CRLs fail this check due
 		 * to a bug in rpki-rs/Krill. So silently accept this for now.
 		 * https://github.com/NLnetLabs/krill/issues/1197
+		 * https://github.com/NLnetLabs/rpki-rs/pull/295
 		 */
 		if (verbose > 1)
 			warnx("%s: RFC 5280, section 5.1.2.6: revoked "
@@ -165,9 +167,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
 {
 	const unsigned char	*oder;
 	struct crl		*crl;
-	const X509_ALGOR	*palg;
 	const X509_NAME		*name;
-	const ASN1_OBJECT	*cobj;
 	const ASN1_TIME		*at;
 	int			 count, nid, rc = 0;
 
@@ -200,13 +200,10 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
 	if (!x509_valid_name(fn, "issuer", name))
 		goto out;
 
-	X509_CRL_get0_signature(crl->x509_crl, NULL, &palg);
+	if ((nid = X509_CRL_get_signature_nid(crl->x509_crl)) == NID_undef) {
-	if (palg == NULL) {
+		warnx("%s: unknown signature type", fn);
-		warnx("%s: X509_CRL_get0_signature", fn);
 		goto out;
 	}
-	X509_ALGOR_get0(&cobj, NULL, NULL, palg);
-	nid = OBJ_obj2nid(cobj);
 	if (experimental && nid == NID_ecdsa_with_SHA256) {
 		if (verbose)
 			warnx("%s: P-256 support is experimental", fn);

usr.sbin/rpki-client/mft.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: mft.c,v 1.116 2024/05/24 12:57:20 tb Exp $ */
+/*	$OpenBSD: mft.c,v 1.117 2024/06/11 10:38:40 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -366,9 +366,8 @@ mft_parse_econtent(const char *fn, struct mft *mft, const unsigned char *d,
 
 	if (OBJ_obj2nid(mft_asn1->fileHashAlg) != NID_sha256) {
 		warnx("%s: RFC 6486 section 4.2.1: fileHashAlg: "
-		    "want SHA256 object, have %s (NID %d)", fn,
+		    "want SHA256 object, have %s", fn,
-		    ASN1_tag2str(OBJ_obj2nid(mft_asn1->fileHashAlg)),
+		    nid2str(OBJ_obj2nid(mft_asn1->fileHashAlg)));
-		    OBJ_obj2nid(mft_asn1->fileHashAlg));
 		goto out;
 	}
 

usr.sbin/rpki-client/parser.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.139 2024/06/07 13:24:35 tb Exp $ */
+/*	$OpenBSD: parser.c,v 1.140 2024/06/10 11:49:29 tb Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -686,7 +686,6 @@ proc_parser_gbr(char *file, const unsigned char *der, size_t len,
 	a = find_issuer(file, entp->certid, gbr->aki, entp->mftaki);
 	crl = crl_get(&crlt, a);
 
-	/* return value can be ignored since nothing happens here */
 	if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
 		warnx("%s: %s", file, errstr);
 		X509_free(x509);

usr.sbin/rpki-client/rpki-client.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rpki-client.8,v 1.105 2024/05/29 13:27:52 tb Exp $
+.\"	$OpenBSD: rpki-client.8,v 1.106 2024/06/12 04:24:59 tb Exp $
 .\"
 .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: May 29 2024 $
+.Dd $Mdocdate: June 12 2024 $
 .Dt RPKI-CLIENT 8
 .Os
 .Sh NAME
@@ -461,6 +461,12 @@ agreement regarding ARIN service restrictions.
 .%U https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-crl-numbers
 .%D May, 2024
 .Re
+.Pp
+.Rs
+.%T Same-Origin Policy for RRDP
+.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rrdp-same-origin
+.%D June, 2024
+.Re
 .Sh HISTORY
 .Nm
 first appeared in

usr.sbin/rpki-client/rsc.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: rsc.c,v 1.34 2024/02/21 09:17:06 tb Exp $ */
+/*	$OpenBSD: rsc.c,v 1.35 2024/06/11 10:38:40 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2022 Job Snijders <job@fastly.com>
@@ -253,8 +253,8 @@ rsc_check_digesttype(const char *fn, struct rsc *rsc, const X509_ALGOR *alg)
 	}
 
 	if ((nid = OBJ_obj2nid(obj)) != NID_sha256) {
-		warnx("%s: RSC DigestAlgorithmIdentifier: want SHA256, have %s"
+		warnx("%s: RSC DigestAlgorithmIdentifier: want SHA256, have %s",
-		    " (NID %d)", fn, ASN1_tag2str(nid), nid);
+		    fn, nid2str(nid));
 		return 0;
 	}
 

usr.sbin/rpki-client/version.h

@@ -1,3 +1,3 @@
-/* $OpenBSD: version.h,v 1.22 2024/03/01 16:27:34 tb Exp $ */
+/* $OpenBSD: version.h,v 1.23 2024/06/12 04:11:19 tb Exp $ */
 
-#define RPKI_VERSION	"9.0"
+#define RPKI_VERSION	"9.1"

usr.sbin/rpki-client/x509.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509.c,v 1.97 2024/06/08 13:32:30 tb Exp $ */
+/*	$OpenBSD: x509.c,v 1.99 2024/06/10 12:44:06 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -267,15 +267,17 @@ x509_get_ski(X509 *x, const char *fn, char **ski)
 
 /*
  * Check the cert's purpose: the cA bit in basic constraints distinguishes
- * between TA/CA and EE/BGPsec router. TAs are self-signed, CAs not self-issued,
+ * between TA/CA and EE/BGPsec router and the key usage bits must match.
- * EEs have no extended key usage, BGPsec router have id-kp-bgpsec-router OID.
+ * TAs are self-signed, CAs not self-issued, EEs have no extended key usage,
+ * BGPsec router have id-kp-bgpsec-router OID.
  */
 enum cert_purpose
 x509_get_purpose(X509 *x, const char *fn)
 {
 	BASIC_CONSTRAINTS		*bc = NULL;
 	EXTENDED_KEY_USAGE		*eku = NULL;
-	int				 crit, ext_flags, is_ca;
+	const X509_EXTENSION		*ku;
+	int				 crit, ext_flags, i, is_ca, ku_idx;
 	enum cert_purpose		 purpose = CERT_PURPOSE_INVALID;
 
 	if (!x509_cache_extensions(x, fn))
@@ -283,6 +285,20 @@ x509_get_purpose(X509 *x, const char *fn)
 
 	ext_flags = X509_get_extension_flags(x);
 
+	/* Key usage must be present and critical. KU bits are checked below. */
+	if ((ku_idx = X509_get_ext_by_NID(x, NID_key_usage, -1)) < 0) {
+		warnx("%s: RFC 6487, section 4.8.4: missing KeyUsage", fn);
+		goto out;
+	}
+	if ((ku = X509_get_ext(x, ku_idx)) == NULL) {
+		warnx("%s: RFC 6487, section 4.8.4: missing KeyUsage", fn);
+		goto out;
+	}
+	if (!X509_EXTENSION_get_critical(ku)) {
+		warnx("%s: RFC 6487, section 4.8.4: KeyUsage not critical", fn);
+		goto out;
+	}
+
 	/* This weird API can return 0, 1, 2, 4, 5 but can't error... */
 	if ((is_ca = X509_check_ca(x)) > 1) {
 		if (is_ca == 4)
@@ -314,6 +330,19 @@ x509_get_purpose(X509 *x, const char *fn)
 			    "Constraint must be absent", fn);
 			goto out;
 		}
+
+		if (X509_get_key_usage(x) != (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) {
+			warnx("%s: RFC 6487 section 4.8.4: key usage violation",
+			    fn);
+			goto out;
+		}
+
+		if (X509_get_extended_key_usage(x) != UINT32_MAX) {
+			warnx("%s: RFC 6487 section 4.8.5: EKU not allowed",
+			    fn);
+			goto out;
+		}
+
 		/*
 		 * EXFLAG_SI means that issuer and subject are identical.
 		 * EXFLAG_SS is SI plus the AKI is absent or matches the SKI.
@@ -335,6 +364,12 @@ x509_get_purpose(X509 *x, const char *fn)
 		goto out;
 	}
 
+	if (X509_get_key_usage(x) != KU_DIGITAL_SIGNATURE) {
+		warnx("%s: RFC 6487 section 4.8.4: KU must be digitalSignature",
+		    fn);
+		goto out;
+	}
+
 	/*
 	 * EKU is only defined for BGPsec Router certs and must be absent from
 	 * EE certs.
@@ -353,20 +388,15 @@ x509_get_purpose(X509 *x, const char *fn)
 	}
 
 	/*
-	 * XXX - this isn't quite correct: other EKU OIDs are allowed per
+	 * Per RFC 8209, section 3.1.3.2 the id-kp-bgpsec-router OID must be
-	 * RFC 8209, section 3.1.3.2, e.g., anyEKU could potentially help
+	 * present and others are allowed, which we don't need to recognize.
-	 * avoid tripping up validators that don't know about the BGPsec
+	 * This matches RFC 5280, section 4.2.1.12.
-	 * router purpose. Drop check or downgrade from error to warning?
 	 */
-	if (sk_ASN1_OBJECT_num(eku) != 1) {
+	for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
-		warnx("%s: EKU: expected 1 purpose, have %d", fn,
+		if (OBJ_cmp(bgpsec_oid, sk_ASN1_OBJECT_value(eku, i)) == 0) {
-		    sk_ASN1_OBJECT_num(eku));
+			purpose = CERT_PURPOSE_BGPSEC_ROUTER;
-		goto out;
+			break;
-	}
+		}
-
-	if (OBJ_cmp(bgpsec_oid, sk_ASN1_OBJECT_value(eku, 0)) == 0) {
-		purpose = CERT_PURPOSE_BGPSEC_ROUTER;
-		goto out;
 	}
 
  out:

usr.sbin/smtpd/lka.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: lka.c,v 1.249 2024/06/09 10:13:05 gilles Exp $	*/
+/*	$OpenBSD: lka.c,v 1.250 2024/06/11 16:30:06 tb Exp $	*/
 
 /*
  * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -294,7 +294,7 @@ lka_imsg(struct mproc *p, struct imsg *imsg)
 
 		/* revoke proc & exec */
 		if (pledge("stdio rpath inet dns getpw recvfd sendfd",
-			NULL) == -1)
+		    NULL) == -1)
 			fatal("pledge");
 
 		/* setup proc registering task */