diff --git a/distrib/sets/lists/man/mi b/distrib/sets/lists/man/mi index 0d2d52bc5..02042a21a 100644 --- a/distrib/sets/lists/man/mi +++ b/distrib/sets/lists/man/mi @@ -1861,6 +1861,7 @@ ./usr/share/man/man4/qle.4 ./usr/share/man/man4/qlw.4 ./usr/share/man/man4/qsphy.4 +./usr/share/man/man4/qwx.4 ./usr/share/man/man4/radio.4 ./usr/share/man/man4/ral.4 ./usr/share/man/man4/random.4 diff --git a/lib/libcrypto/bio/b_dump.c b/lib/libcrypto/bio/b_dump.c index 09b011268..39cd94e76 100644 --- a/lib/libcrypto/bio/b_dump.c +++ b/lib/libcrypto/bio/b_dump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: b_dump.c,v 1.28 2024/02/02 10:53:48 tb Exp $ */ +/* $OpenBSD: b_dump.c,v 1.29 2024/02/15 10:34:30 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include #include @@ -134,6 +135,8 @@ BIO_dump_indent(BIO *bio, const char *s, int len, int indent) if ((written = BIO_printf(bio, "%*s%04x - ", indent, "", dumped)) < 0) goto err; + if (printed > INT_MAX - written) + goto err; printed += written; /* @@ -154,6 +157,8 @@ BIO_dump_indent(BIO *bio, const char *s, int len, int indent) sep = '-'; if ((written = BIO_printf(bio, "%02x%c", u8, sep)) < 0) goto err; + if (printed > INT_MAX - written) + goto err; printed += written; /* Locale-independent version of !isprint(u8). */ @@ -173,6 +178,8 @@ BIO_dump_indent(BIO *bio, const char *s, int len, int indent) if ((written = BIO_printf(bio, "%*s%.*s\n", 3 * missing + 2, "", row_bytes, ascii_dump)) < 0) goto err; + if (printed > INT_MAX - written) + goto err; printed += written; dumped += row_bytes; @@ -182,6 +189,8 @@ BIO_dump_indent(BIO *bio, const char *s, int len, int indent) if ((written = BIO_printf(bio, "%*s%04x - \n", indent, "", dumped + trailing)) < 0) goto err; + if (printed > INT_MAX - written) + goto err; printed += written; } diff --git a/regress/usr.sbin/bgpd/unittests/rde_trie_test.c b/regress/usr.sbin/bgpd/unittests/rde_trie_test.c index 7ace07216..6c742fa2f 100644 --- a/regress/usr.sbin/bgpd/unittests/rde_trie_test.c +++ b/regress/usr.sbin/bgpd/unittests/rde_trie_test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_trie_test.c,v 1.13 2022/02/07 09:31:21 claudio Exp $ */ +/* $OpenBSD: rde_trie_test.c,v 1.14 2024/02/14 07:56:23 claudio Exp $ */ /* * Copyright (c) 2018 Claudio Jeker @@ -100,10 +100,10 @@ print_prefix(struct bgpd_addr *p) static char buf[48]; if (p->aid == AID_INET) { - if (inet_ntop(AF_INET, &p->ba, buf, sizeof(buf)) == NULL) + if (inet_ntop(AF_INET, &p->v4, buf, sizeof(buf)) == NULL) return "?"; } else if (p->aid == AID_INET6) { - if (inet_ntop(AF_INET6, &p->ba, buf, sizeof(buf)) == NULL) + if (inet_ntop(AF_INET6, &p->v6, buf, sizeof(buf)) == NULL) return "?"; } else { return "???"; diff --git a/sbin/iked/config.c b/sbin/iked/config.c index 6398e641b..ff24c4bcc 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.96 2024/02/13 12:25:11 tobhe Exp $ */ +/* $OpenBSD: config.c,v 1.97 2024/02/15 19:11:00 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -651,11 +651,24 @@ config_getsocket(struct iked *env, struct imsg *imsg, event_set(&sock->sock_ev, sock->sock_fd, EV_READ|EV_PERSIST, cb, sock); - event_add(&sock->sock_ev, NULL); return (0); } +void +config_enablesocket(struct iked *env) +{ + struct iked_socket *sock; + size_t i; + + for (i = 0; i < nitems(env->sc_sock4); i++) + if ((sock = env->sc_sock4[i]) != NULL) + event_add(&sock->sock_ev, NULL); + for (i = 0; i < nitems(env->sc_sock6); i++) + if ((sock = env->sc_sock6[i]) != NULL) + event_add(&sock->sock_ev, NULL); +} + int config_setpfkey(struct iked *env) { diff --git a/sbin/iked/iked.c b/sbin/iked/iked.c index f1e60204d..7e9f6adda 100644 --- a/sbin/iked/iked.c +++ b/sbin/iked/iked.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.c,v 1.68 2024/02/13 12:25:11 tobhe Exp $ */ +/* $OpenBSD: iked.c,v 1.69 2024/02/15 19:04:12 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -170,7 +170,6 @@ main(int argc, char *argv[]) ps = &env->sc_ps; ps->ps_env = env; - TAILQ_INIT(&ps->ps_rcsocks); if (strlcpy(env->sc_conffile, conffile, PATH_MAX) >= PATH_MAX) errx(1, "config file exceeds PATH_MAX"); diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index 971748971..f13e6a08d 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.226 2024/01/24 10:09:07 tobhe Exp $ */ +/* $OpenBSD: iked.h,v 1.228 2024/02/15 19:11:00 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -89,10 +89,7 @@ struct control_sock { int cs_fd; int cs_restricted; void *cs_env; - - TAILQ_ENTRY(control_sock) cs_entry; }; -TAILQ_HEAD(control_socks, control_sock); struct ctl_conn { TAILQ_ENTRY(ctl_conn) entry; @@ -719,7 +716,6 @@ struct privsep { int ps_noaction; struct control_sock ps_csock; - struct control_socks ps_rcsocks; unsigned int ps_instances[PROC_MAX]; unsigned int ps_ninstances; @@ -929,6 +925,7 @@ int config_setsocket(struct iked *, struct sockaddr_storage *, in_port_t, enum privsep_procid); int config_getsocket(struct iked *env, struct imsg *, void (*cb)(int, short, void *)); +void config_enablesocket(struct iked *env); int config_setpfkey(struct iked *); int config_getpfkey(struct iked *, struct imsg *); int config_setuser(struct iked *, struct iked_user *, enum privsep_procid); diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 0f7a966a6..8bbbeb34b 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.383 2024/01/24 10:09:07 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.384 2024/02/15 19:11:00 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -248,6 +248,7 @@ ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) case IMSG_CTL_PASSIVE: if (config_getmode(env, imsg->hdr.type) == -1) return (0); /* ignore error */ + config_enablesocket(env); timer_del(env, &env->sc_inittmr); TAILQ_FOREACH(pol, &env->sc_policies, pol_entry) { if (policy_generate_ts(pol) == -1) diff --git a/sbin/iked/proc.c b/sbin/iked/proc.c index 5e23b7bda..69078840e 100644 --- a/sbin/iked/proc.c +++ b/sbin/iked/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.40 2024/01/17 08:25:02 claudio Exp $ */ +/* $OpenBSD: proc.c,v 1.41 2024/02/15 19:04:12 tobhe Exp $ */ /* * Copyright (c) 2010 - 2016 Reyk Floeter @@ -516,7 +516,6 @@ proc_run(struct privsep *ps, struct privsep_proc *p, { struct passwd *pw; const char *root; - struct control_sock *rcs; log_procinit(p->p_title); @@ -526,9 +525,6 @@ proc_run(struct privsep *ps, struct privsep_proc *p, if (p->p_id == PROC_CONTROL && ps->ps_instance == 0) { if (control_init(ps, &ps->ps_csock) == -1) fatalx("%s: control_init", __func__); - TAILQ_FOREACH(rcs, &ps->ps_rcsocks, cs_entry) - if (control_init(ps, rcs) == -1) - fatalx("%s: control_init", __func__); } /* Use non-standard user */ @@ -578,9 +574,6 @@ proc_run(struct privsep *ps, struct privsep_proc *p, if (p->p_id == PROC_CONTROL && ps->ps_instance == 0) { if (control_listen(&ps->ps_csock) == -1) fatalx("%s: control_listen", __func__); - TAILQ_FOREACH(rcs, &ps->ps_rcsocks, cs_entry) - if (control_listen(rcs) == -1) - fatalx("%s: control_listen", __func__); } #if DEBUG diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index 2363983e5..6091a8827 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.845 2023/09/27 07:50:46 phessler Exp $ +# $OpenBSD: Makefile,v 1.846 2024/02/15 15:07:55 deraadt Exp $ MAN= aac.4 abcrtc.4 abl.4 ac97.4 acphy.4 acrtc.4 \ acpi.4 acpiac.4 acpials.4 acpiasus.4 acpibat.4 \ @@ -75,7 +75,7 @@ MAN= aac.4 abcrtc.4 abl.4 ac97.4 acphy.4 acrtc.4 \ pvclock.4 pwdog.4 pwmbl.4 pwmfan.4 pwmleds.4 pwmreg.4 \ qccpu.4 qcdwusb.4 qcgpio.4 qciic.4 qcpdc.4 qcpmic.4 qcpmicgpio.4 \ qcpon.4 qcpwm.4 qcrng.4 qcrtc.4 qcspmi.4 \ - qla.4 qle.4 qlw.4 qsphy.4 \ + qla.4 qle.4 qlw.4 qsphy.4 qwx.4 \ radio.4 ral.4 random.4 rdomain.4 rd.4 rdac.4 re.4 rdcphy.4 rgephy.4 \ rge.4 ricohrtc.4 rkanxdp.4 rkclock.4 rkcomphy.4 \ rkdrm.4 rkdwhdmi.4 rkdwusb.4 \ diff --git a/share/man/man4/pci.4 b/share/man/man4/pci.4 index 40a075b66..051663987 100644 --- a/share/man/man4/pci.4 +++ b/share/man/man4/pci.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pci.4,v 1.403 2023/10/14 06:29:11 jmc Exp $ +.\" $OpenBSD: pci.4,v 1.405 2024/02/15 15:42:16 jmc Exp $ .\" $NetBSD: pci.4,v 1.29 2000/04/01 00:32:23 tsarna Exp $ .\" .\" Copyright (c) 2000 Theo de Raadt. All rights reserved. @@ -31,7 +31,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 14 2023 $ +.Dd $Mdocdate: February 15 2024 $ .Dt PCI 4 .Os .Sh NAME @@ -326,6 +326,8 @@ Intel AX200/AX201/AX210/AX211 IEEE 802.11a/ac/ax/b/g/n wireless network device Marvell Libertas IEEE 802.11b/g wireless network device .It Xr pgt 4 Conexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless network device +.It Xr qwx 4 +Qualcomm IEEE 802.11a/ac/ax/b/g/n wireless network device .It Xr ral 4 Ralink Technology/MediaTek IEEE 802.11a/b/g/n wireless network device .It Xr rtw 4 diff --git a/share/man/man4/qwx.4 b/share/man/man4/qwx.4 new file mode 100644 index 000000000..7da2c9dbe --- /dev/null +++ b/share/man/man4/qwx.4 @@ -0,0 +1,90 @@ +.\" $OpenBSD: qwx.4,v 1.3 2024/02/15 15:42:57 jmc Exp $ +.\" +.\" Copyright (c) 2022 Martin Pieuchot +.\" Copyright (c) 2024 Stefan Sperling +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 15 2024 $ +.Dt QWX 4 +.Os +.Sh NAME +.Nm qwx +.Nd Qualcomm IEEE 802.11a/ac/ax/b/g/n wireless network device +.Sh SYNOPSIS +.Cd "qwx* at pci?" +.Sh DESCRIPTION +The +.Nm +driver provides support for Qualcomm Technologies QCNFA765 +802.11ax devices. +.Pp +The +.Nm +driver can be configured at runtime with +.Xr ifconfig 8 +or on boot with +.Xr hostname.if 5 . +.Sh FILES +The driver needs the following firmware files, +which are loaded when an interface is brought up: +.Pp +.Bl -tag -width Ds -offset indent -compact +.It Pa /etc/firmware/qwx-wcn6855-hw2.0-amms +.It Pa /etc/firmware/qwx-wcn6855-hw2.0-board-2 +.It Pa /etc/firmware/qwx-wcn6855-hw2.0-m3 +.It Pa /etc/firmware/qwx-wcn6855-hw2.0-regdb +.It Pa /etc/firmware/qwx-wcn6855-hw2.1-amms +.It Pa /etc/firmware/qwx-wcn6855-hw2.1-board-2 +.It Pa /etc/firmware/qwx-wcn6855-hw2.1-m3 +.It Pa /etc/firmware/qwx-wcn6855-hw2.1-regdb +.El +.Pp +These firmware files are not free because Qualcomm refuses to grant +distribution rights without contractual obligations. +As a result, even though +.Ox +includes the driver, the firmware files cannot be included and +users have to download these files on their own. +.Pp +A prepackaged version of the firmware can be installed using +.Xr fw_update 8 . +.Sh EXAMPLES +The following example scans for available networks: +.Pp +.Dl # ifconfig qwx0 scan +.Pp +The following +.Xr hostname.if 5 +example configures qwx0 to join network +.Dq mynwid , +using WPA key +.Dq mywpakey , +obtaining an IP address using DHCP: +.Bd -literal -offset indent +join mynwid wpakey mywpakey +inet autoconf +.Ed +.Sh SEE ALSO +.Xr arp 4 , +.Xr ifmedia 4 , +.Xr intro 4 , +.Xr netintro 4 , +.Xr pci 4 , +.Xr hostname.if 5 , +.Xr ifconfig 8 +.Sh HISTORY +The +.Nm +driver first appeared in +.Ox 7.5 . diff --git a/sys/arch/amd64/conf/GENERIC b/sys/arch/amd64/conf/GENERIC index 36f48b2ef..72202e234 100644 --- a/sys/arch/amd64/conf/GENERIC +++ b/sys/arch/amd64/conf/GENERIC @@ -1,4 +1,4 @@ -# $OpenBSD: GENERIC,v 1.521 2023/12/28 17:36:28 stsp Exp $ +# $OpenBSD: GENERIC,v 1.522 2024/02/15 16:33:56 deraadt Exp $ # # For further information on compiling SecBSD kernels, see the config(8) # man page. @@ -586,7 +586,7 @@ wpi* at pci? # Intel PRO/Wireless 3945ABG iwn* at pci? # Intel WiFi Link 4965/5000/1000/6000 iwm* at pci? # Intel WiFi Link 7xxx iwx* at pci? # Intel WiFi Link 22xxx -#qwx* at pci? # Qualcomm 802.11ax +qwx* at pci? # Qualcomm 802.11ax ral* at pci? # Ralink RT2500/RT2501/RT2600 ral* at cardbus? # Ralink RT2500/RT2501/RT2600 rtw* at pci? # Realtek 8180 diff --git a/sys/arch/amd64/conf/RAMDISK_CD b/sys/arch/amd64/conf/RAMDISK_CD index 922458c08..cf08e0d75 100644 --- a/sys/arch/amd64/conf/RAMDISK_CD +++ b/sys/arch/amd64/conf/RAMDISK_CD @@ -1,4 +1,4 @@ -# $OpenBSD: RAMDISK_CD,v 1.204 2023/12/28 17:36:28 stsp Exp $ +# $OpenBSD: RAMDISK_CD,v 1.205 2024/02/15 16:33:56 deraadt Exp $ machine amd64 maxusers 4 @@ -287,7 +287,7 @@ wpi* at pci? # Intel PRO/Wireless 3945ABG iwn* at pci? # Intel Wireless WiFi Link 4965AGN iwm* at pci? # Intel WiFi Link 7xxx iwx* at pci? # Intel WiFi Link 22xxx -#qwx* at pci? # Qualcomm 802.11ax +qwx* at pci? # Qualcomm 802.11ax ral* at pci? # Ralink RT2500/RT2501/RT2600 ral* at cardbus? # Ralink RT2500/RT2501/RT2600 rtw* at pci? # Realtek 8180 diff --git a/sys/arch/arm64/conf/GENERIC b/sys/arch/arm64/conf/GENERIC index 0eda3751a..e05665139 100644 --- a/sys/arch/arm64/conf/GENERIC +++ b/sys/arch/arm64/conf/GENERIC @@ -1,4 +1,4 @@ -# $OpenBSD: GENERIC,v 1.282 2024/01/24 07:36:52 kevlo Exp $ +# $OpenBSD: GENERIC,v 1.283 2024/02/15 16:33:54 deraadt Exp $ # # GENERIC machine description file # @@ -400,7 +400,7 @@ bwfm* at pci? # Broadcom FullMAC iwn* at pci? # Intel WiFi Link 4965/5000/1000/6000 iwm* at pci? # Intel WiFi Link 7xxx iwx* at pci? # Intel WiFi Link 22xxx -#qwx* at pci? # Qualcomm 802.11ax +qwx* at pci? # Qualcomm 802.11ax # PCI SCSI ahci* at pci? flags 0x0000 # AHCI SATA controllers diff --git a/sys/arch/arm64/conf/RAMDISK b/sys/arch/arm64/conf/RAMDISK index dfe1298c6..4264eda3d 100644 --- a/sys/arch/arm64/conf/RAMDISK +++ b/sys/arch/arm64/conf/RAMDISK @@ -1,4 +1,4 @@ -# $OpenBSD: RAMDISK,v 1.212 2023/12/28 17:36:29 stsp Exp $ +# $OpenBSD: RAMDISK,v 1.213 2024/02/15 16:33:54 deraadt Exp $ machine arm64 maxusers 4 @@ -315,7 +315,7 @@ vmx* at pci? # VMware VMXNET3 virtual interface athn* at pci? # Atheros AR9k (802.11a/g/n) bwfm* at pci? # Broadcom FullMAC iwx* at pci? # Intel WiFi Link 22xxx -#qwx* at pci? # Qualcomm 802.11ax +qwx* at pci? # Qualcomm 802.11ax # PCI SCSI ahci* at pci? flags 0x0000 # AHCI SATA controllers diff --git a/sys/dev/fdt/rkdrm.c b/sys/dev/fdt/rkdrm.c index e44457065..16f4374ca 100644 --- a/sys/dev/fdt/rkdrm.c +++ b/sys/dev/fdt/rkdrm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rkdrm.c,v 1.20 2024/01/19 17:51:15 kettenis Exp $ */ +/* $OpenBSD: rkdrm.c,v 1.21 2024/02/15 09:48:03 jsg Exp $ */ /* $NetBSD: rk_drm.c,v 1.3 2019/12/15 01:00:58 mrg Exp $ */ /*- * Copyright (c) 2019 Jared D. McNeill @@ -528,7 +528,7 @@ rkdrm_fb_probe(struct drm_fb_helper *helper, struct drm_fb_helper_surface_size * info = drm_fb_helper_alloc_info(helper); if (IS_ERR(info)) { DRM_ERROR("Failed to allocate fb_info\n"); - return error; + return PTR_ERR(info); } info->par = helper; return 0; diff --git a/sys/dev/ic/oosiop.c b/sys/dev/ic/oosiop.c index ea7307f68..6c8253c27 100644 --- a/sys/dev/ic/oosiop.c +++ b/sys/dev/ic/oosiop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: oosiop.c,v 1.36 2022/04/16 19:19:59 naddy Exp $ */ +/* $OpenBSD: oosiop.c,v 1.37 2024/02/13 17:51:17 miod Exp $ */ /* $NetBSD: oosiop.c,v 1.4 2003/10/29 17:45:55 tsutsui Exp $ */ /* @@ -726,8 +726,6 @@ oosiop_scsicmd(struct scsi_xfer *xs) sc = xs->sc_link->bus->sb_adapter_softc; - s = splbio(); - cb = xs->io; cb->xs = xs; @@ -747,7 +745,6 @@ oosiop_scsicmd(struct scsi_xfer *xs) if (err) { printf("%s: unable to load cmd DMA map: %d", sc->sc_dev.dv_xname, err); - splx(s); xs->error = XS_DRIVER_STUFFUP; scsi_done(xs); return; @@ -769,7 +766,6 @@ oosiop_scsicmd(struct scsi_xfer *xs) printf("%s: unable to load data DMA map: %d", sc->sc_dev.dv_xname, err); bus_dmamap_unload(sc->sc_dmat, cb->cmddma); - splx(s); xs->error = XS_DRIVER_STUFFUP; scsi_done(xs); return; @@ -787,6 +783,12 @@ oosiop_scsicmd(struct scsi_xfer *xs) */ timeout_set(&xs->stimeout, oosiop_timeout, cb); + oosiop_setup(sc, cb); + + s = splbio(); + + TAILQ_INSERT_TAIL(&sc->sc_cbq, cb, chain); + if (xs->flags & SCSI_POLL) dopoll = 1; else { @@ -795,16 +797,13 @@ oosiop_scsicmd(struct scsi_xfer *xs) timeout_add_msec(&xs->stimeout, xs->timeout); } - splx(s); - - oosiop_setup(sc, cb); - - TAILQ_INSERT_TAIL(&sc->sc_cbq, cb, chain); - if (!sc->sc_active) { /* Abort script to start selection */ oosiop_write_1(sc, OOSIOP_ISTAT, OOSIOP_ISTAT_ABRT); } + + splx(s); + if (dopoll) oosiop_poll(sc, cb); } diff --git a/sys/dev/ic/qwx.c b/sys/dev/ic/qwx.c index 587147a7b..4fb42aa2a 100644 --- a/sys/dev/ic/qwx.c +++ b/sys/dev/ic/qwx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qwx.c,v 1.36 2024/02/09 14:11:00 stsp Exp $ */ +/* $OpenBSD: qwx.c,v 1.40 2024/02/15 16:29:45 stsp Exp $ */ /* * Copyright 2023 Stefan Sperling @@ -592,6 +592,14 @@ next_scan: printf("%s: %s -> %s\n", ifp->if_xname, ieee80211_state_name[ic->ic_state], ieee80211_state_name[IEEE80211_S_SCAN]); +#if 0 + if ((sc->sc_flags & QWX_FLAG_BGSCAN) == 0) { +#endif + ieee80211_set_link_state(ic, LINK_STATE_DOWN); + ieee80211_node_cleanup(ic, ic->ic_bss); +#if 0 + } +#endif ic->ic_state = IEEE80211_S_SCAN; refcnt_rele_wake(&sc->task_refs); splx(s); @@ -7734,7 +7742,7 @@ qwx_qmi_mem_seg_send(struct qwx_softc *sc) sc->fwmem_ready = 0; while (sc->sc_req_mem_ind == NULL) { - ret = tsleep_nsec(&sc->qmi_resp, 0, "qwxfwmem", + ret = tsleep_nsec(&sc->sc_req_mem_ind, 0, "qwxfwmem", SEC_TO_NSEC(10)); if (ret) { printf("%s: fw memory request timeout\n", @@ -14018,7 +14026,7 @@ qwx_dp_rxdma_buf_ring_free(struct qwx_softc *sc, struct dp_rxdma_ring *rx_ring) sizeof(rx_ring->rx_data[0]) * rx_ring->bufs_max); rx_ring->rx_data = NULL; rx_ring->bufs_max = 0; - rx_ring->cur = 0; + memset(rx_ring->freemap, 0xff, sizeof(rx_ring->freemap)); } void @@ -14067,7 +14075,20 @@ qwx_hal_rx_buf_addr_info_get(void *desc, uint64_t *paddr, uint32_t *cookie, *rbm = FIELD_GET(BUFFER_ADDR_INFO1_RET_BUF_MGR, binfo->info1); } -/* Returns number of Rx buffers replenished */ +int +qwx_next_free_rxbuf_idx(struct dp_rxdma_ring *rx_ring) +{ + int i, idx; + + for (i = 0; i < nitems(rx_ring->freemap); i++) { + idx = ffs(rx_ring->freemap[i]); + if (idx > 0) + return ((idx - 1) + (i * 8)); + } + + return -1; +} + int qwx_dp_rxbufs_replenish(struct qwx_softc *sc, int mac_id, struct dp_rxdma_ring *rx_ring, int req_entries, @@ -14078,7 +14099,7 @@ qwx_dp_rxbufs_replenish(struct qwx_softc *sc, int mac_id, struct mbuf *m; int num_free; int num_remain; - int ret; + int ret, idx; uint32_t cookie; uint64_t paddr; struct qwx_rx_data *rx_data; @@ -14113,10 +14134,12 @@ qwx_dp_rxbufs_replenish(struct qwx_softc *sc, int mac_id, goto fail_free_mbuf; m->m_len = m->m_pkthdr.len = size; - rx_data = &rx_ring->rx_data[rx_ring->cur]; - if (rx_data->m != NULL) + + idx = qwx_next_free_rxbuf_idx(rx_ring); + if (idx == -1) goto fail_free_mbuf; + rx_data = &rx_ring->rx_data[idx]; if (rx_data->map == NULL) { ret = bus_dmamap_create(sc->sc_dmat, size, 1, size, 0, BUS_DMA_NOWAIT, &rx_data->map); @@ -14137,11 +14160,12 @@ qwx_dp_rxbufs_replenish(struct qwx_softc *sc, int mac_id, goto fail_dma_unmap; rx_data->m = m; + m = NULL; cookie = FIELD_PREP(DP_RXDMA_BUF_COOKIE_PDEV_ID, mac_id) | - FIELD_PREP(DP_RXDMA_BUF_COOKIE_BUF_ID, rx_ring->cur); + FIELD_PREP(DP_RXDMA_BUF_COOKIE_BUF_ID, idx); - rx_ring->cur = (rx_ring->cur + 1) % rx_ring->bufs_max; + clrbit(rx_ring->freemap, idx); num_remain--; paddr = rx_data->map->dm_segs[0].ds_addr; @@ -14183,7 +14207,7 @@ qwx_dp_rxdma_ring_buf_setup(struct qwx_softc *sc, return ENOMEM; rx_ring->bufs_max = num_entries; - rx_ring->cur = 0; + memset(rx_ring->freemap, 0xff, sizeof(rx_ring->freemap)); return qwx_dp_rxbufs_replenish(sc, dp->mac_id, rx_ring, num_entries, sc->hw_params.hal_params->rx_buf_rbm); @@ -15196,16 +15220,14 @@ qwx_dp_process_rx_err_buf(struct qwx_softc *sc, uint32_t *ring_desc, uint16_t msdu_len; uint32_t hal_rx_desc_sz = sc->hw_params.hal_desc_sz; - if (buf_id >= rx_ring->bufs_max) + if (buf_id >= rx_ring->bufs_max || isset(rx_ring->freemap, buf_id)) return; rx_data = &rx_ring->rx_data[buf_id]; - if (rx_data->m == NULL) - return; - bus_dmamap_unload(sc->sc_dmat, rx_data->map); m = rx_data->m; rx_data->m = NULL; + setbit(rx_ring->freemap, buf_id); if (drop) { m_freem(m); @@ -15524,13 +15546,14 @@ qwx_dp_rx_process_wbm_err(struct qwx_softc *sc) continue; rx_ring = &sc->pdev_dp.rx_refill_buf_ring; - if (idx >= rx_ring->bufs_max) + if (idx >= rx_ring->bufs_max || isset(rx_ring->freemap, idx)) continue; - rx_data = &rx_ring->rx_data[idx]; + rx_data = &rx_ring->rx_data[idx]; bus_dmamap_unload(sc->sc_dmat, rx_data->map); m = rx_data->m; rx_data->m = NULL; + setbit(rx_ring->freemap, idx); num_buffs_reaped[mac_id]++; total_num_buffs_reaped++; @@ -16075,16 +16098,14 @@ try_again: continue; rx_ring = &pdev_dp->rx_refill_buf_ring; - if (idx >= rx_ring->bufs_max) + if (idx >= rx_ring->bufs_max || isset(rx_ring->freemap, idx)) continue; rx_data = &rx_ring->rx_data[idx]; - if (rx_data->m == NULL) - continue; - bus_dmamap_unload(sc->sc_dmat, rx_data->map); m = rx_data->m; rx_data->m = NULL; + setbit(rx_ring->freemap, idx); num_buffs_reaped[mac_id]++; @@ -16166,7 +16187,7 @@ qwx_dp_rx_alloc_mon_status_buf(struct qwx_softc *sc, struct mbuf *m; struct qwx_rx_data *rx_data; const size_t size = DP_RX_BUFFER_SIZE; - int ret; + int ret, idx; m = m_gethdr(M_DONTWAIT, MT_DATA); if (m == NULL) @@ -16180,7 +16201,11 @@ qwx_dp_rx_alloc_mon_status_buf(struct qwx_softc *sc, goto fail_free_mbuf; m->m_len = m->m_pkthdr.len = size; - rx_data = &rx_ring->rx_data[rx_ring->cur]; + idx = qwx_next_free_rxbuf_idx(rx_ring); + if (idx == -1) + goto fail_free_mbuf; + + rx_data = &rx_ring->rx_data[idx]; if (rx_data->m != NULL) goto fail_free_mbuf; @@ -16199,8 +16224,9 @@ qwx_dp_rx_alloc_mon_status_buf(struct qwx_softc *sc, goto fail_free_mbuf; } - *buf_idx = rx_ring->cur; + *buf_idx = idx; rx_data->m = m; + clrbit(rx_ring->freemap, idx); return m; fail_free_mbuf: @@ -16250,25 +16276,20 @@ qwx_dp_rx_reap_mon_status_ring(struct qwx_softc *sc, int mac_id, &cookie, &rbm); if (paddr) { buf_idx = FIELD_GET(DP_RXDMA_BUF_COOKIE_BUF_ID, cookie); - - rx_data = &rx_ring->rx_data[buf_idx]; - if (rx_data->m == NULL) { - printf("%s: rx monitor status with invalid " - "buf_idx %d\n", __func__, buf_idx); + if (buf_idx >= rx_ring->bufs_max || + isset(rx_ring->freemap, buf_idx)) { pmon->buf_state = DP_MON_STATUS_REPLINISH; goto move_next; } + rx_data = &rx_ring->rx_data[buf_idx]; + bus_dmamap_sync(sc->sc_dmat, rx_data->map, 0, rx_data->m->m_pkthdr.len, BUS_DMASYNC_POSTREAD); tlv = mtod(rx_data->m, struct hal_tlv_hdr *); if (FIELD_GET(HAL_TLV_HDR_TAG, tlv->tl) != - HAL_RX_STATUS_BUFFER_DONE) { - printf("%s: mon status DONE not set %lx, " - "buf_idx %d\n", __func__, - FIELD_GET(HAL_TLV_HDR_TAG, tlv->tl), - buf_idx); + HAL_RX_STATUS_BUFFER_DONE) { /* If done status is missing, hold onto status * ring until status is done for this status * ring buffer. @@ -16283,6 +16304,7 @@ qwx_dp_rx_reap_mon_status_ring(struct qwx_softc *sc, int mac_id, bus_dmamap_unload(sc->sc_dmat, rx_data->map); m = rx_data->m; rx_data->m = NULL; + setbit(rx_ring->freemap, buf_idx); #if 0 if (ab->hw_params.full_monitor_mode) { ath11k_dp_rx_mon_update_status_buf_state(pmon, tlv); @@ -16304,7 +16326,6 @@ move_next: break; } rx_data = &rx_ring->rx_data[buf_idx]; - KASSERT(rx_data->m == NULL); cookie = FIELD_PREP(DP_RXDMA_BUF_COOKIE_PDEV_ID, mac_id) | FIELD_PREP(DP_RXDMA_BUF_COOKIE_BUF_ID, buf_idx); @@ -16491,7 +16512,8 @@ qwx_dp_process_rxdma_err(struct qwx_softc *sc, int mac_id) for (i = 0; i < num_msdus; i++) { idx = FIELD_GET(DP_RXDMA_BUF_COOKIE_BUF_ID, msdu_cookies[i]); - if (idx >= rx_ring->bufs_max) + if (idx >= rx_ring->bufs_max || + isset(rx_ring->freemap, idx)) continue; rx_data = &rx_ring->rx_data[idx]; @@ -16499,6 +16521,7 @@ qwx_dp_process_rxdma_err(struct qwx_softc *sc, int mac_id) bus_dmamap_unload(sc->sc_dmat, rx_data->map); m_freem(rx_data->m); rx_data->m = NULL; + setbit(rx_ring->freemap, idx); num_buf_freed++; } @@ -16868,15 +16891,18 @@ qwx_dp_service_srng(struct qwx_softc *sc, int grp_id) for (j = 0; j < sc->hw_params.num_rxmda_per_pdev; j++) { int id = i * sc->hw_params.num_rxmda_per_pdev + j; - if ((sc->hw_params.ring_mask->rxdma2host[grp_id] & - (1 << (id))) == 0) - continue; + if (sc->hw_params.ring_mask->rxdma2host[grp_id] & + (1 << (id))) { + if (qwx_dp_process_rxdma_err(sc, id)) + ret = 1; + } - if (qwx_dp_process_rxdma_err(sc, id)) - ret = 1; - - qwx_dp_rxbufs_replenish(sc, id, &dp->rx_refill_buf_ring, - 0, sc->hw_params.hal_params->rx_buf_rbm); + if (sc->hw_params.ring_mask->host2rxdma[grp_id] & + (1 << id)) { + qwx_dp_rxbufs_replenish(sc, id, + &dp->rx_refill_buf_ring, 0, + sc->hw_params.hal_params->rx_buf_rbm); + } } } @@ -21517,6 +21543,7 @@ int qwx_mac_op_start(struct qwx_pdev *pdev) { struct qwx_softc *sc = pdev->sc; + struct ieee80211com *ic = &sc->sc_ic; int ret; ret = qwx_wmi_pdev_set_param(sc, WMI_PDEV_PARAM_PMF_QOS, 1, @@ -21536,7 +21563,7 @@ qwx_mac_op_start(struct qwx_pdev *pdev) } if (isset(sc->wmi.svc_map, WMI_TLV_SERVICE_SPOOF_MAC_SUPPORT)) { - ret = qwx_wmi_scan_prob_req_oui(sc, sc->mac_addr, + ret = qwx_wmi_scan_prob_req_oui(sc, ic->ic_myaddr, pdev->pdev_id); if (ret) { printf("%s: failed to set prob req oui for " @@ -22050,17 +22077,17 @@ qwx_mac_op_add_interface(struct qwx_pdev *pdev) goto err; } - ret = qwx_wmi_vdev_create(sc, sc->mac_addr, &vdev_param); + ret = qwx_wmi_vdev_create(sc, ic->ic_myaddr, &vdev_param); if (ret) { printf("%s: failed to create WMI vdev %d %s: %d\n", sc->sc_dev.dv_xname, arvif->vdev_id, - ether_sprintf(sc->mac_addr), ret); + ether_sprintf(ic->ic_myaddr), ret); goto err; } sc->num_created_vdevs++; DNPRINTF(QWX_D_MAC, "%s: vdev %s created, vdev_id %d\n", __func__, - ether_sprintf(sc->mac_addr), arvif->vdev_id); + ether_sprintf(ic->ic_myaddr), arvif->vdev_id); sc->allocated_vdev_map |= 1U << arvif->vdev_id; sc->free_vdev_map &= ~(1U << arvif->vdev_id); #ifdef notyet diff --git a/sys/dev/ic/qwxvar.h b/sys/dev/ic/qwxvar.h index 73411943b..a51a4d1e6 100644 --- a/sys/dev/ic/qwxvar.h +++ b/sys/dev/ic/qwxvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: qwxvar.h,v 1.18 2024/02/09 14:09:19 stsp Exp $ */ +/* $OpenBSD: qwxvar.h,v 1.19 2024/02/15 11:57:38 stsp Exp $ */ /* * Copyright (c) 2018-2019 The Linux Foundation. @@ -1435,8 +1435,8 @@ struct dp_rxdma_ring { #else struct qwx_rx_data *rx_data; #endif - int cur; int bufs_max; + uint8_t freemap[howmany(DP_RXDMA_BUF_RING_SIZE, 8)]; }; enum hal_rx_mon_status { diff --git a/sys/dev/pci/if_bnxt.c b/sys/dev/pci/if_bnxt.c index 262a1832c..09192af6c 100644 --- a/sys/dev/pci/if_bnxt.c +++ b/sys/dev/pci/if_bnxt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bnxt.c,v 1.46 2024/02/13 13:58:19 bluhm Exp $ */ +/* $OpenBSD: if_bnxt.c,v 1.47 2024/02/14 22:41:48 bluhm Exp $ */ /*- * Broadcom NetXtreme-C/E network driver. * @@ -1432,10 +1432,8 @@ bnxt_start(struct ifqueue *ifq) if (ext.tcp) { lflags |= TX_BD_LONG_LFLAGS_LSO; hdrsize = sizeof(*ext.eh); - if (ext.ip4) - hdrsize += ext.ip4hlen; - else if (ext.ip6) - hdrsize += sizeof(*ext.ip6); + if (ext.ip4 || ext.ip6) + hdrsize += ext.iphlen; else tcpstat_inc(tcps_outbadtso); diff --git a/sys/dev/pci/if_em.c b/sys/dev/pci/if_em.c index 9bee73e46..b7f2006a2 100644 --- a/sys/dev/pci/if_em.c +++ b/sys/dev/pci/if_em.c @@ -31,7 +31,7 @@ POSSIBILITY OF SUCH DAMAGE. ***************************************************************************/ -/* $OpenBSD: if_em.c,v 1.372 2024/02/13 13:58:19 bluhm Exp $ */ +/* $OpenBSD: if_em.c,v 1.373 2024/02/14 22:41:48 bluhm Exp $ */ /* $FreeBSD: if_em.c,v 1.46 2004/09/29 18:28:28 mlaier Exp $ */ #include @@ -2413,7 +2413,6 @@ em_tx_ctx_setup(struct em_queue *que, struct mbuf *mp, u_int head, struct e1000_adv_tx_context_desc *TD; uint32_t vlan_macip_lens = 0, type_tucmd_mlhl = 0, mss_l4len_idx = 0; int off = 0; - uint8_t iphlen; *olinfo_status = 0; *cmd_type_len = 0; @@ -2433,8 +2432,6 @@ em_tx_ctx_setup(struct em_queue *que, struct mbuf *mp, u_int head, vlan_macip_lens |= (sizeof(*ext.eh) << E1000_ADVTXD_MACLEN_SHIFT); if (ext.ip4) { - iphlen = ext.ip4hlen; - type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_IPV4; if (ISSET(mp->m_pkthdr.csum_flags, M_IPV4_CSUM_OUT)) { *olinfo_status |= E1000_TXD_POPTS_IXSM << 8; @@ -2442,18 +2439,14 @@ em_tx_ctx_setup(struct em_queue *que, struct mbuf *mp, u_int head, } #ifdef INET6 } else if (ext.ip6) { - iphlen = sizeof(*ext.ip6); - type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_IPV6; #endif - } else { - iphlen = 0; } *cmd_type_len |= E1000_ADVTXD_DTYP_DATA | E1000_ADVTXD_DCMD_IFCS; *cmd_type_len |= E1000_ADVTXD_DCMD_DEXT; *olinfo_status |= mp->m_pkthdr.len << E1000_ADVTXD_PAYLEN_SHIFT; - vlan_macip_lens |= iphlen; + vlan_macip_lens |= ext.iphlen; type_tucmd_mlhl |= E1000_ADVTXD_DCMD_DEXT | E1000_ADVTXD_DTYP_CTXT; if (ext.tcp) { diff --git a/sys/dev/pci/if_igc.c b/sys/dev/pci/if_igc.c index f108b239f..673ecabdc 100644 --- a/sys/dev/pci/if_igc.c +++ b/sys/dev/pci/if_igc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_igc.c,v 1.16 2024/02/13 13:58:19 bluhm Exp $ */ +/* $OpenBSD: if_igc.c,v 1.17 2024/02/14 22:41:48 bluhm Exp $ */ /*- * SPDX-License-Identifier: BSD-2-Clause * @@ -2005,7 +2005,6 @@ igc_tx_ctx_setup(struct tx_ring *txr, struct mbuf *mp, int prod, struct igc_adv_tx_context_desc *txdesc; uint32_t type_tucmd_mlhl = 0; uint32_t vlan_macip_lens = 0; - uint32_t iphlen; int off = 0; vlan_macip_lens |= (sizeof(*ext.eh) << IGC_ADVTXD_MACLEN_SHIFT); @@ -2028,8 +2027,6 @@ igc_tx_ctx_setup(struct tx_ring *txr, struct mbuf *mp, int prod, ether_extract_headers(mp, &ext); if (ext.ip4) { - iphlen = ext.ip4hlen; - type_tucmd_mlhl |= IGC_ADVTXD_TUCMD_IPV4; if (ISSET(mp->m_pkthdr.csum_flags, M_IPV4_CSUM_OUT)) { *olinfo_status |= IGC_TXD_POPTS_IXSM << 8; @@ -2037,15 +2034,13 @@ igc_tx_ctx_setup(struct tx_ring *txr, struct mbuf *mp, int prod, } #ifdef INET6 } else if (ext.ip6) { - iphlen = sizeof(*ext.ip6); - type_tucmd_mlhl |= IGC_ADVTXD_TUCMD_IPV6; #endif } else { return 0; } - vlan_macip_lens |= iphlen; + vlan_macip_lens |= ext.iphlen; type_tucmd_mlhl |= IGC_ADVTXD_DCMD_DEXT | IGC_ADVTXD_DTYP_CTXT; if (ext.tcp) { diff --git a/sys/dev/pci/if_ix.c b/sys/dev/pci/if_ix.c index 45298828a..a67cab68c 100644 --- a/sys/dev/pci/if_ix.c +++ b/sys/dev/pci/if_ix.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ix.c,v 1.207 2024/02/13 13:58:19 bluhm Exp $ */ +/* $OpenBSD: if_ix.c,v 1.209 2024/02/15 10:56:53 mglocker Exp $ */ /****************************************************************************** @@ -2494,16 +2494,12 @@ ixgbe_tx_offload(struct mbuf *mp, uint32_t *vlan_macip_lens, { struct ether_extracted ext; int offload = 0; - uint32_t ethlen, iphlen; ether_extract_headers(mp, &ext); - ethlen = sizeof(*ext.eh); - *vlan_macip_lens |= (ethlen << IXGBE_ADVTXD_MACLEN_SHIFT); + *vlan_macip_lens |= (sizeof(*ext.eh) << IXGBE_ADVTXD_MACLEN_SHIFT); if (ext.ip4) { - iphlen = ext.ip4hlen; - if (ISSET(mp->m_pkthdr.csum_flags, M_IPV4_CSUM_OUT)) { *olinfo_status |= IXGBE_TXD_POPTS_IXSM << 8; offload = 1; @@ -2512,8 +2508,6 @@ ixgbe_tx_offload(struct mbuf *mp, uint32_t *vlan_macip_lens, *type_tucmd_mlhl |= IXGBE_ADVTXD_TUCMD_IPV4; #ifdef INET6 } else if (ext.ip6) { - iphlen = sizeof(*ext.ip6); - *type_tucmd_mlhl |= IXGBE_ADVTXD_TUCMD_IPV6; #endif } else { @@ -2522,7 +2516,7 @@ ixgbe_tx_offload(struct mbuf *mp, uint32_t *vlan_macip_lens, return offload; } - *vlan_macip_lens |= iphlen; + *vlan_macip_lens |= ext.iphlen; if (ext.tcp) { *type_tucmd_mlhl |= IXGBE_ADVTXD_TUCMD_L4T_TCP; @@ -2548,7 +2542,7 @@ ixgbe_tx_offload(struct mbuf *mp, uint32_t *vlan_macip_lens, *mss_l4len_idx |= outlen << IXGBE_ADVTXD_MSS_SHIFT; *mss_l4len_idx |= thlen << IXGBE_ADVTXD_L4LEN_SHIFT; - hdrlen = ethlen + iphlen + thlen; + hdrlen = sizeof(*ext.eh) + ext.iphlen + thlen; paylen = mp->m_pkthdr.len - hdrlen; CLR(*olinfo_status, IXGBE_ADVTXD_PAYLEN_MASK << IXGBE_ADVTXD_PAYLEN_SHIFT); @@ -3266,22 +3260,24 @@ ixgbe_rxeof(struct rx_ring *rxr) if (pkts > 1) { struct ether_extracted ext; - uint32_t hdrlen, paylen; + uint32_t paylen; - /* Calculate header size. */ + /* + * Calculate the payload size: + * + * The packet length returned by the NIC + * (sendmp->m_pkthdr.len) can contain + * padding, which we don't want to count + * in to the payload size. Therefore, we + * calculate the real payload size based + * on the total ip length field (ext.iplen). + */ ether_extract_headers(sendmp, &ext); - hdrlen = sizeof(*ext.eh); -#if NVLAN > 0 - if (ISSET(sendmp->m_flags, M_VLANTAG) || - ext.evh) - hdrlen += ETHER_VLAN_ENCAP_LEN; -#endif - if (ext.ip4) - hdrlen += ext.ip4hlen; - if (ext.ip6) - hdrlen += sizeof(*ext.ip6); + paylen = ext.iplen; + if (ext.ip4 || ext.ip6) + paylen -= ext.iphlen; if (ext.tcp) { - hdrlen += ext.tcphlen; + paylen -= ext.tcphlen; tcpstat_inc(tcps_inhwlro); tcpstat_add(tcps_inpktlro, pkts); } else { @@ -3293,8 +3289,6 @@ ixgbe_rxeof(struct rx_ring *rxr) * mark it as TSO, set a correct mss, * and recalculate the TCP checksum. */ - paylen = sendmp->m_pkthdr.len > hdrlen ? - sendmp->m_pkthdr.len - hdrlen : 0; if (ext.tcp && paylen >= pkts) { SET(sendmp->m_pkthdr.csum_flags, M_TCP_TSO); diff --git a/sys/dev/pci/if_ixl.c b/sys/dev/pci/if_ixl.c index 450553d5b..3667c6bff 100644 --- a/sys/dev/pci/if_ixl.c +++ b/sys/dev/pci/if_ixl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ixl.c,v 1.95 2024/01/07 21:01:45 bluhm Exp $ */ +/* $OpenBSD: if_ixl.c,v 1.97 2024/02/14 22:41:48 bluhm Exp $ */ /* * Copyright (c) 2013-2015, Intel Corporation @@ -2826,28 +2826,27 @@ ixl_tx_setup_offload(struct mbuf *m0, struct ixl_tx_ring *txr, offload |= ISSET(m0->m_pkthdr.csum_flags, M_IPV4_CSUM_OUT) ? IXL_TX_DESC_CMD_IIPT_IPV4_CSUM : IXL_TX_DESC_CMD_IIPT_IPV4; - - hlen = ext.ip4->ip_hl << 2; #ifdef INET6 } else if (ext.ip6) { offload |= IXL_TX_DESC_CMD_IIPT_IPV6; - - hlen = sizeof(*ext.ip6); #endif } else { panic("CSUM_OUT set for non-IP packet"); /* NOTREACHED */ } + hlen = ext.iphlen; offload |= (ETHER_HDR_LEN >> 1) << IXL_TX_DESC_MACLEN_SHIFT; offload |= (hlen >> 2) << IXL_TX_DESC_IPLEN_SHIFT; if (ext.tcp && ISSET(m0->m_pkthdr.csum_flags, M_TCP_CSUM_OUT)) { offload |= IXL_TX_DESC_CMD_L4T_EOFT_TCP; - offload |= (uint64_t)ext.tcp->th_off << IXL_TX_DESC_L4LEN_SHIFT; + offload |= (uint64_t)(ext.tcphlen >> 2) + << IXL_TX_DESC_L4LEN_SHIFT; } else if (ext.udp && ISSET(m0->m_pkthdr.csum_flags, M_UDP_CSUM_OUT)) { offload |= IXL_TX_DESC_CMD_L4T_EOFT_UDP; - offload |= (sizeof(*ext.udp) >> 2) << IXL_TX_DESC_L4LEN_SHIFT; + offload |= (uint64_t)(sizeof(*ext.udp) >> 2) + << IXL_TX_DESC_L4LEN_SHIFT; } if (ISSET(m0->m_pkthdr.csum_flags, M_TCP_TSO)) { @@ -2855,7 +2854,7 @@ ixl_tx_setup_offload(struct mbuf *m0, struct ixl_tx_ring *txr, struct ixl_tx_desc *ring, *txd; uint64_t cmd = 0, paylen, outlen; - hlen += ext.tcp->th_off << 2; + hlen += ext.tcphlen; outlen = m0->m_pkthdr.ph_mss; paylen = m0->m_pkthdr.len - ETHER_HDR_LEN - hlen; @@ -3285,7 +3284,7 @@ ixl_rxeof(struct ixl_softc *sc, struct ixl_rx_ring *rxr) bus_dmamap_sync(sc->sc_dmat, map, 0, map->dm_mapsize, BUS_DMASYNC_POSTREAD); bus_dmamap_unload(sc->sc_dmat, map); - + m = rxm->rxm_m; rxm->rxm_m = NULL; diff --git a/sys/dev/pci/if_vmx.c b/sys/dev/pci/if_vmx.c index 4a9c76235..7a3c772e2 100644 --- a/sys/dev/pci/if_vmx.c +++ b/sys/dev/pci/if_vmx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vmx.c,v 1.80 2024/02/09 15:22:41 jan Exp $ */ +/* $OpenBSD: if_vmx.c,v 1.81 2024/02/15 13:24:45 jan Exp $ */ /* * Copyright (c) 2013 Tsubai Masanari @@ -400,10 +400,12 @@ vmxnet3_attach(struct device *parent, struct device *self, void *aux) ifp->if_watchdog = vmxnet3_watchdog; ifp->if_hardmtu = VMXNET3_MAX_MTU; ifp->if_capabilities = IFCAP_VLAN_MTU; -#if 0 - if (sc->sc_ds->upt_features & UPT1_F_CSUM) + + if (sc->sc_ds->upt_features & UPT1_F_CSUM) { ifp->if_capabilities |= IFCAP_CSUM_TCPv4 | IFCAP_CSUM_UDPv4; -#endif + ifp->if_capabilities |= IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6; + } + #if NVLAN > 0 if (sc->sc_ds->upt_features & UPT1_F_VLAN) ifp->if_capabilities |= IFCAP_VLAN_HWTAGGING; @@ -1397,6 +1399,55 @@ vmx_load_mbuf(bus_dma_tag_t dmat, bus_dmamap_t map, struct mbuf *m) BUS_DMA_STREAMING | BUS_DMA_NOWAIT)); } +void +vmxnet3_tx_offload(struct vmxnet3_txdesc *sop, struct mbuf *m) +{ + struct ether_extracted ext; + uint32_t offset = 0; + uint32_t hdrlen; + + /* + * VLAN Offload + */ + +#if NVLAN > 0 + if (ISSET(m->m_flags, M_VLANTAG)) { + sop->tx_word3 |= htole32(VMXNET3_TX_VTAG_MODE); + sop->tx_word3 |= htole32((m->m_pkthdr.ether_vtag & + VMXNET3_TX_VLANTAG_M) << VMXNET3_TX_VLANTAG_S); + } +#endif + + /* + * Checksum Offload + */ + + if (!ISSET(m->m_pkthdr.csum_flags, M_TCP_CSUM_OUT) && + !ISSET(m->m_pkthdr.csum_flags, M_UDP_CSUM_OUT)) + return; + + ether_extract_headers(m, &ext); + + hdrlen = sizeof(*ext.eh); + if (ext.evh) + hdrlen = sizeof(*ext.evh); + + if (ext.ip4 || ext.ip6) + hdrlen += ext.iphlen; + + if (ext.tcp) + offset = hdrlen + offsetof(struct tcphdr, th_sum); + else if (ext.udp) + offset = hdrlen + offsetof(struct udphdr, uh_sum); + + hdrlen &= VMXNET3_TX_HLEN_M; + offset &= VMXNET3_TX_OP_M; + + sop->tx_word3 |= htole32(VMXNET3_OM_CSUM << VMXNET3_TX_OM_S); + sop->tx_word3 |= htole32(hdrlen << VMXNET3_TX_HLEN_S); + sop->tx_word2 |= htole32(offset << VMXNET3_TX_OP_S); +} + void vmxnet3_start(struct ifqueue *ifq) { @@ -1469,13 +1520,7 @@ vmxnet3_start(struct ifqueue *ifq) } txd->tx_word3 = htole32(VMXNET3_TX_EOP | VMXNET3_TX_COMPREQ); -#if NVLAN > 0 - if (ISSET(m->m_flags, M_VLANTAG)) { - sop->tx_word3 |= htole32(VMXNET3_TX_VTAG_MODE); - sop->tx_word3 |= htole32((m->m_pkthdr.ether_vtag & - VMXNET3_TX_VLANTAG_M) << VMXNET3_TX_VLANTAG_S); - } -#endif + vmxnet3_tx_offload(sop, m); ring->prod = prod; /* Change the ownership by flipping the "generation" bit */ diff --git a/sys/dev/pv/if_vio.c b/sys/dev/pv/if_vio.c index 3648e4ac3..db399e719 100644 --- a/sys/dev/pv/if_vio.c +++ b/sys/dev/pv/if_vio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vio.c,v 1.30 2024/02/13 13:58:19 bluhm Exp $ */ +/* $OpenBSD: if_vio.c,v 1.31 2024/02/14 22:41:48 bluhm Exp $ */ /* * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg. @@ -764,12 +764,8 @@ again: else hdr->csum_offset = offsetof(struct udphdr, uh_sum); - if (ext.ip4) - hdr->csum_start += ext.ip4hlen; -#ifdef INET6 - else if (ext.ip6) - hdr->csum_start += sizeof(*ext.ip6); -#endif + if (ext.ip4 || ext.ip6) + hdr->csum_start += ext.iphlen; hdr->flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; } diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c index 0b5d2ed56..8d93b049b 100644 --- a/sys/kern/init_main.c +++ b/sys/kern/init_main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: init_main.c,v 1.324 2024/01/01 07:00:18 jsg Exp $ */ +/* $OpenBSD: init_main.c,v 1.325 2024/02/14 06:17:51 miod Exp $ */ /* $NetBSD: init_main.c,v 1.84.4.1 1996/06/02 09:08:06 mrg Exp $ */ /* @@ -537,7 +537,7 @@ main(void *framep) /* * Start the idle pool page garbage collector */ -#if !(defined(__m88k__) && defined(MULTIPROCESSOR)) /* XXX */ +#if defined(MULTIPROCESSOR) pool_gc_pages(NULL); #endif diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 2d732535c..a7c6d5b1e 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.292 2024/02/13 13:58:19 bluhm Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.293 2024/02/14 22:41:48 bluhm Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -1051,7 +1051,7 @@ void ether_extract_headers(struct mbuf *m0, struct ether_extracted *ext) { struct mbuf *m; - size_t hlen; + size_t hlen, iplen; int hoff; uint8_t ipproto; uint16_t ether_type; @@ -1143,7 +1143,19 @@ ether_extract_headers(struct mbuf *m0, struct ether_extracted *ext) ext->ip4 = NULL; return; } - ext->ip4hlen = hlen; + iplen = ntohs(ext->ip4->ip_len); + if (ext->paylen < iplen) { + DPRINTF("paylen %u, ip4len %zu", ext->paylen, iplen); + ext->ip4 = NULL; + return; + } + if (iplen < hlen) { + DPRINTF("ip4len %zu, ip4hlen %zu", iplen, hlen); + ext->ip4 = NULL; + return; + } + ext->iplen = iplen; + ext->iphlen = hlen; ext->paylen -= hlen; ipproto = ext->ip4->ip_p; @@ -1166,6 +1178,14 @@ ether_extract_headers(struct mbuf *m0, struct ether_extracted *ext) ext->ip6 = NULL; return; } + iplen = hlen + ntohs(ext->ip6->ip6_plen); + if (ext->paylen < iplen) { + DPRINTF("paylen %u, ip6len %zu", ext->paylen, iplen); + ext->ip6 = NULL; + return; + } + ext->iplen = iplen; + ext->iphlen = hlen; ext->paylen -= hlen; ipproto = ext->ip6->ip6_nxt; break; @@ -1192,8 +1212,9 @@ ether_extract_headers(struct mbuf *m0, struct ether_extracted *ext) ext->tcp = NULL; return; } - if (ext->paylen < hlen) { - DPRINTF("paylen %u, tcphlen %zu", ext->paylen, hlen); + if (ext->iplen - ext->iphlen < hlen) { + DPRINTF("iplen %u, iphlen %u, tcphlen %zu", + ext->iplen, ext->iphlen, hlen); ext->tcp = NULL; return; } @@ -1211,17 +1232,18 @@ ether_extract_headers(struct mbuf *m0, struct ether_extracted *ext) ext->udp = (struct udphdr *)(mtod(m, caddr_t) + hoff); hlen = sizeof(*ext->udp); - if (ext->paylen < hlen) { - DPRINTF("paylen %u, udphlen %zu", ext->paylen, hlen); + if (ext->iplen - ext->iphlen < hlen) { + DPRINTF("iplen %u, iphlen %u, udphlen %zu", + ext->iplen, ext->iphlen, hlen); ext->udp = NULL; return; } break; } - DNPRINTF(2, "%s%s%s%s%s%s ip4h %u, tcph %u, payl %u", + DNPRINTF(2, "%s%s%s%s%s%s ip %u, iph %u, tcph %u, payl %u", ext->eh ? "eh," : "", ext->evh ? "evh," : "", ext->ip4 ? "ip4," : "", ext->ip6 ? "ip6," : "", ext->tcp ? "tcp," : "", ext->udp ? "udp," : "", - ext->ip4hlen, ext->tcphlen, ext->paylen); + ext->iplen, ext->iphlen, ext->tcphlen, ext->paylen); } diff --git a/sys/net80211/ieee80211.c b/sys/net80211/ieee80211.c index d2e876c03..d5a15b33b 100644 --- a/sys/net80211/ieee80211.c +++ b/sys/net80211/ieee80211.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211.c,v 1.88 2022/03/19 10:25:09 stsp Exp $ */ +/* $OpenBSD: ieee80211.c,v 1.89 2024/02/15 15:40:56 stsp Exp $ */ /* $NetBSD: ieee80211.c,v 1.19 2004/06/06 05:45:29 dyoung Exp $ */ /*- @@ -1125,7 +1125,7 @@ ieee80211_next_mode(struct ifnet *ifp) * Indicate a wrap-around if we're running in a fixed, user-specified * phy mode. */ - if (IFM_MODE(ic->ic_media.ifm_cur->ifm_media) != IFM_AUTO) + if (IFM_SUBTYPE(ic->ic_media.ifm_cur->ifm_media) != IFM_AUTO) return (IEEE80211_MODE_AUTO); /* diff --git a/sys/netinet/if_ether.h b/sys/netinet/if_ether.h index 4f5edd31b..f4240e8c4 100644 --- a/sys/netinet/if_ether.h +++ b/sys/netinet/if_ether.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ether.h,v 1.91 2024/02/13 13:58:19 bluhm Exp $ */ +/* $OpenBSD: if_ether.h,v 1.92 2024/02/14 22:41:48 bluhm Exp $ */ /* $NetBSD: if_ether.h,v 1.22 1996/05/11 13:00:00 mycroft Exp $ */ /* @@ -307,7 +307,8 @@ struct ether_extracted { struct ip6_hdr *ip6; struct tcphdr *tcp; struct udphdr *udp; - u_int ip4hlen; + u_int iplen; + u_int iphlen; u_int tcphlen; u_int paylen; }; diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index f4c068dc0..c1249f797 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.113 2024/02/13 12:22:09 bluhm Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.114 2024/02/14 13:18:21 claudio Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -64,6 +64,70 @@ #ifndef _NETINET6_IP6_VAR_H_ #define _NETINET6_IP6_VAR_H_ +struct ip6stat { + u_int64_t ip6s_total; /* total packets received */ + u_int64_t ip6s_tooshort; /* packet too short */ + u_int64_t ip6s_toosmall; /* not enough data */ + u_int64_t ip6s_fragments; /* fragments received */ + u_int64_t ip6s_fragdropped; /* frags dropped(dups, out of space) */ + u_int64_t ip6s_fragtimeout; /* fragments timed out */ + u_int64_t ip6s_fragoverflow; /* fragments that exceeded limit */ + u_int64_t ip6s_forward; /* packets forwarded */ + u_int64_t ip6s_cantforward; /* packets rcvd for unreachable dest */ + u_int64_t ip6s_redirectsent; /* packets forwarded on same net */ + u_int64_t ip6s_delivered; /* datagrams delivered to upper level*/ + u_int64_t ip6s_localout; /* total ip packets generated here */ + u_int64_t ip6s_odropped; /* lost output due to nobufs, etc. */ + u_int64_t ip6s_reassembled; /* total packets reassembled ok */ + u_int64_t ip6s_fragmented; /* datagrams successfully fragmented */ + u_int64_t ip6s_ofragments; /* output fragments created */ + u_int64_t ip6s_cantfrag; /* don't fragment flag was set, etc. */ + u_int64_t ip6s_badoptions; /* error in option processing */ + u_int64_t ip6s_noroute; /* packets discarded due to no route */ + u_int64_t ip6s_badvers; /* ip6 version != 6 */ + u_int64_t ip6s_rawout; /* total raw ip packets generated */ + u_int64_t ip6s_badscope; /* scope error */ + u_int64_t ip6s_notmember; /* don't join this multicast group */ + u_int64_t ip6s_nxthist[256]; /* next header history */ + u_int64_t ip6s_m1; /* one mbuf */ + u_int64_t ip6s_m2m[32]; /* two or more mbuf */ + u_int64_t ip6s_mext1; /* one ext mbuf */ + u_int64_t ip6s_mext2m; /* two or more ext mbuf */ + u_int64_t ip6s_nogif; /* no match gif found */ + u_int64_t ip6s_toomanyhdr; /* discarded due to too many headers */ + + /* + * statistics for improvement of the source address selection + * algorithm: + * XXX: hardcoded 16 = # of ip6 multicast scope types + 1 + */ + /* number of times that address selection fails */ + u_int64_t ip6s_sources_none; + /* number of times that an address on the outgoing I/F is chosen */ + u_int64_t ip6s_sources_sameif[16]; + /* number of times that an address on a non-outgoing I/F is chosen */ + u_int64_t ip6s_sources_otherif[16]; + /* + * number of times that an address that has the same scope + * from the destination is chosen. + */ + u_int64_t ip6s_sources_samescope[16]; + /* + * number of times that an address that has a different scope + * from the destination is chosen. + */ + u_int64_t ip6s_sources_otherscope[16]; + /* number of times that an deprecated address is chosen */ + u_int64_t ip6s_sources_deprecated[16]; + + u_int64_t ip6s_rtcachehit; /* valid route found in cache */ + u_int64_t ip6s_rtcachemiss; /* route cache with new destination */ + u_int64_t ip6s_wrongif; /* packet received on wrong interface */ + u_int64_t ip6s_idropped; /* lost input due to nobufs, etc. */ +}; + +#ifdef _KERNEL + /* * IP6 reassembly queue structure. Each fragment * being reassembled is attached to one of these structures. @@ -140,70 +204,6 @@ struct ip6_pktopts { #define IP6PO_DONTFRAG 0x04 /* disable fragmentation (IPV6_DONTFRAG) */ }; -struct ip6stat { - u_int64_t ip6s_total; /* total packets received */ - u_int64_t ip6s_tooshort; /* packet too short */ - u_int64_t ip6s_toosmall; /* not enough data */ - u_int64_t ip6s_fragments; /* fragments received */ - u_int64_t ip6s_fragdropped; /* frags dropped(dups, out of space) */ - u_int64_t ip6s_fragtimeout; /* fragments timed out */ - u_int64_t ip6s_fragoverflow; /* fragments that exceeded limit */ - u_int64_t ip6s_forward; /* packets forwarded */ - u_int64_t ip6s_cantforward; /* packets rcvd for unreachable dest */ - u_int64_t ip6s_redirectsent; /* packets forwarded on same net */ - u_int64_t ip6s_delivered; /* datagrams delivered to upper level*/ - u_int64_t ip6s_localout; /* total ip packets generated here */ - u_int64_t ip6s_odropped; /* lost output due to nobufs, etc. */ - u_int64_t ip6s_reassembled; /* total packets reassembled ok */ - u_int64_t ip6s_fragmented; /* datagrams successfully fragmented */ - u_int64_t ip6s_ofragments; /* output fragments created */ - u_int64_t ip6s_cantfrag; /* don't fragment flag was set, etc. */ - u_int64_t ip6s_badoptions; /* error in option processing */ - u_int64_t ip6s_noroute; /* packets discarded due to no route */ - u_int64_t ip6s_badvers; /* ip6 version != 6 */ - u_int64_t ip6s_rawout; /* total raw ip packets generated */ - u_int64_t ip6s_badscope; /* scope error */ - u_int64_t ip6s_notmember; /* don't join this multicast group */ - u_int64_t ip6s_nxthist[256]; /* next header history */ - u_int64_t ip6s_m1; /* one mbuf */ - u_int64_t ip6s_m2m[32]; /* two or more mbuf */ - u_int64_t ip6s_mext1; /* one ext mbuf */ - u_int64_t ip6s_mext2m; /* two or more ext mbuf */ - u_int64_t ip6s_nogif; /* no match gif found */ - u_int64_t ip6s_toomanyhdr; /* discarded due to too many headers */ - - /* - * statistics for improvement of the source address selection - * algorithm: - * XXX: hardcoded 16 = # of ip6 multicast scope types + 1 - */ - /* number of times that address selection fails */ - u_int64_t ip6s_sources_none; - /* number of times that an address on the outgoing I/F is chosen */ - u_int64_t ip6s_sources_sameif[16]; - /* number of times that an address on a non-outgoing I/F is chosen */ - u_int64_t ip6s_sources_otherif[16]; - /* - * number of times that an address that has the same scope - * from the destination is chosen. - */ - u_int64_t ip6s_sources_samescope[16]; - /* - * number of times that an address that has a different scope - * from the destination is chosen. - */ - u_int64_t ip6s_sources_otherscope[16]; - /* number of times that an deprecated address is chosen */ - u_int64_t ip6s_sources_deprecated[16]; - - u_int64_t ip6s_rtcachehit; /* valid route found in cache */ - u_int64_t ip6s_rtcachemiss; /* route cache with new destination */ - u_int64_t ip6s_wrongif; /* packet received on wrong interface */ - u_int64_t ip6s_idropped; /* lost input due to nobufs, etc. */ -}; - -#ifdef _KERNEL - #include enum ip6stat_counters { diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 8b684d600..3999b2e2f 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.98 2022/12/22 19:53:22 kn Exp $ */ +/* $OpenBSD: doas.c,v 1.99 2024/02/15 18:57:58 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst * @@ -145,8 +145,10 @@ permit(uid_t uid, gid_t *groups, int ngroups, const struct rule **lastr, *lastr = rules[i]; } if (!*lastr) + return -1; + if ((*lastr)->action == PERMIT) return 0; - return (*lastr)->action == PERMIT; + return -1; } static void @@ -181,6 +183,7 @@ checkconfig(const char *confpath, int argc, char **argv, uid_t uid, gid_t *groups, int ngroups, uid_t target) { const struct rule *rule; + int rv; setresuid(uid, uid, uid); if (pledge("stdio rpath getpw", NULL) == -1) @@ -188,9 +191,9 @@ checkconfig(const char *confpath, int argc, char **argv, parseconfig(confpath, 0); if (!argc) exit(0); - - if (permit(uid, groups, ngroups, &rule, target, argv[0], - (const char **)argv + 1)) { + rv = permit(uid, groups, ngroups, &rule, target, argv[0], + (const char **)argv + 1); + if (rv == 0) { printf("permit%s\n", (rule->options & NOPASS) ? " nopass" : ""); exit(0); } else { @@ -412,8 +415,9 @@ main(int argc, char **argv) } cmd = argv[0]; - if (!permit(uid, groups, ngroups, &rule, target, cmd, - (const char **)argv + 1)) { + rv = permit(uid, groups, ngroups, &rule, target, cmd, + (const char **)argv + 1); + if (rv != 0) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "command not permitted for %s: %s", mypw->pw_name, cmdline); errc(1, EPERM, NULL); diff --git a/usr.bin/doas/doas.h b/usr.bin/doas/doas.h index b98fe353b..ce6a03618 100644 --- a/usr.bin/doas/doas.h +++ b/usr.bin/doas/doas.h @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.h,v 1.19 2021/11/30 20:08:15 tobias Exp $ */ +/* $OpenBSD: doas.h,v 1.20 2024/02/15 18:57:58 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst * @@ -36,7 +36,7 @@ struct passwd; char **prepenv(const struct rule *, const struct passwd *, const struct passwd *); -#define PERMIT 1 +#define PERMIT -1 #define DENY 2 #define NOPASS 0x1 diff --git a/usr.bin/fgen/fgen.l b/usr.bin/fgen/fgen.l index f2032ae3a..cbaa70133 100644 --- a/usr.bin/fgen/fgen.l +++ b/usr.bin/fgen/fgen.l @@ -1,5 +1,5 @@ %{ -/* $OpenBSD: fgen.l,v 1.16 2023/11/10 16:02:47 jasper Exp $ */ +/* $OpenBSD: fgen.l,v 1.17 2024/02/14 02:40:02 jsg Exp $ */ /* $NetBSD: fgen.l,v 1.37 2016/03/08 20:13:44 christos Exp $ */ /* FLEX input for FORTH input file scanner */ /* @@ -1264,6 +1264,7 @@ tokenize(YY_BUFFER_STATE yinput) token->text); free((void *)fcode->name); free(fcode); + break; } if (debug) printf("Adding %s to dictionary\n", token->text); diff --git a/usr.bin/vi/common/exf.c b/usr.bin/vi/common/exf.c index 9034b6761..030e18a92 100644 --- a/usr.bin/vi/common/exf.c +++ b/usr.bin/vi/common/exf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exf.c,v 1.48 2021/10/25 14:17:24 dv Exp $ */ +/* $OpenBSD: exf.c,v 1.50 2024/02/15 00:55:01 jsg Exp $ */ /*- * Copyright (c) 1992, 1993, 1994 @@ -207,6 +207,7 @@ file_init(SCR *sp, FREF *frp, char *rcv_name, int flags) if ((frp->tname = strdup(tname)) == NULL || (frp->name == NULL && (frp->name = strdup(tname)) == NULL)) { free(frp->tname); + frp->tname = NULL; msgq(sp, M_SYSERR, NULL); (void)unlink(tname); goto err; @@ -666,6 +667,7 @@ file_end(SCR *sp, EXF *ep, int force) TAILQ_REMOVE(&sp->gp->frefq, frp, q); free(frp->name); free(frp); + frp = NULL; } sp->frp = NULL; } @@ -676,7 +678,10 @@ file_end(SCR *sp, EXF *ep, int force) * Close the db structure. */ if (ep->db->close != NULL && ep->db->close(ep->db) && !force) { - msgq_str(sp, M_SYSERR, frp->name, "%s: close"); + if (frp) + msgq_str(sp, M_SYSERR, frp->name, "%s: close"); + else + msgq(sp, M_SYSERR, "close"); ++ep->refcnt; return (1); } @@ -848,8 +853,10 @@ file_write(SCR *sp, MARK *fm, MARK *tm, char *name, int flags) from.lno = 1; from.cno = 0; fm = &from; - if (db_last(sp, &to.lno)) + if (db_last(sp, &to.lno)) { + (void)fclose(fp); return (1); + } to.cno = 0; tm = &to; } @@ -1012,8 +1019,10 @@ file_backup(SCR *sp, char *name, char *bname) ++bname; } else version = 0; - if (argv_exp2(sp, &cmd, bname, strlen(bname))) + if (argv_exp2(sp, &cmd, bname, strlen(bname))) { + (void)close(rfd); return (1); + } /* * 0 args: impossible. diff --git a/usr.sbin/radiusd/radiusd.c b/usr.sbin/radiusd/radiusd.c index 3fc7ad0e4..4419e3095 100644 --- a/usr.sbin/radiusd/radiusd.c +++ b/usr.sbin/radiusd/radiusd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd.c,v 1.35 2024/02/09 07:46:32 yasuoka Exp $ */ +/* $OpenBSD: radiusd.c,v 1.36 2024/02/14 02:44:58 jsg Exp $ */ /* * Copyright (c) 2013, 2023 Internet Initiative Japan Inc. @@ -1286,6 +1286,7 @@ radiusd_module_imsg(struct radiusd_module *module, struct imsg *imsg) log_warn("q=%u wrong pkt from module", q->id); radiusd_access_request_aborted(q); + break; } q->res = radpkt; radiusd_access_request_answer(q); diff --git a/usr.sbin/rpki-client/aspa.c b/usr.sbin/rpki-client/aspa.c index e857c3068..a07198890 100644 --- a/usr.sbin/rpki-client/aspa.c +++ b/usr.sbin/rpki-client/aspa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aspa.c,v 1.25 2024/02/05 19:23:58 job Exp $ */ +/* $OpenBSD: aspa.c,v 1.26 2024/02/13 22:44:21 job Exp $ */ /* * Copyright (c) 2022 Job Snijders * Copyright (c) 2022 Theo Buehler @@ -46,6 +46,8 @@ extern ASN1_OBJECT *aspa_oid; * Types and templates for ASPA eContent draft-ietf-sidrops-aspa-profile-15 */ +ASN1_ITEM_EXP ASProviderAttestation_it; + typedef struct { ASN1_INTEGER *version; ASN1_INTEGER *customerASID; diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c index 0effb92a5..724bbcf7d 100644 --- a/usr.sbin/rpki-client/mft.c +++ b/usr.sbin/rpki-client/mft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mft.c,v 1.106 2024/02/05 19:23:58 job Exp $ */ +/* $OpenBSD: mft.c,v 1.108 2024/02/15 07:01:33 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons @@ -49,6 +49,9 @@ extern ASN1_OBJECT *mft_oid; * Types and templates for the Manifest eContent, RFC 6486, section 4.2. */ +ASN1_ITEM_EXP FileAndHash_it; +ASN1_ITEM_EXP Manifest_it; + typedef struct { ASN1_IA5STRING *file; ASN1_BIT_STRING *hash; @@ -57,8 +60,13 @@ typedef struct { DECLARE_STACK_OF(FileAndHash); #ifndef DEFINE_STACK_OF +#define sk_FileAndHash_dup(sk) SKM_sk_dup(FileAndHash, (sk)) +#define sk_FileAndHash_free(sk) SKM_sk_free(FileAndHash, (sk)) #define sk_FileAndHash_num(sk) SKM_sk_num(FileAndHash, (sk)) #define sk_FileAndHash_value(sk, i) SKM_sk_value(FileAndHash, (sk), (i)) +#define sk_FileAndHash_sort(sk) SKM_sk_sort(FileAndHash, (sk)) +#define sk_FileAndHash_set_cmp_func(sk, cmp) \ + SKM_sk_set_cmp_func(FileAndHash, (sk), (cmp)) #endif typedef struct { @@ -225,6 +233,76 @@ mft_parse_filehash(struct parse *p, const FileAndHash *fh) return rc; } +static int +mft_fh_cmp_name(const FileAndHash *const *a, const FileAndHash *const *b) +{ + if ((*a)->file->length < (*b)->file->length) + return -1; + if ((*a)->file->length > (*b)->file->length) + return 1; + + return memcmp((*a)->file->data, (*b)->file->data, (*b)->file->length); +} + +static int +mft_fh_cmp_hash(const FileAndHash *const *a, const FileAndHash *const *b) +{ + assert((*a)->hash->length == SHA256_DIGEST_LENGTH); + assert((*b)->hash->length == SHA256_DIGEST_LENGTH); + + return memcmp((*a)->hash->data, (*b)->hash->data, (*b)->hash->length); +} + +/* + * Assuming that the hash lengths are validated, this checks that all file names + * and hashes in a manifest are unique. Returns 1 on success, 0 on failure. + */ +static int +mft_has_unique_names_and_hashes(const char *fn, const Manifest *mft) +{ + STACK_OF(FileAndHash) *fhs; + int i, ret = 0; + + if ((fhs = sk_FileAndHash_dup(mft->fileList)) == NULL) + err(1, NULL); + + (void)sk_FileAndHash_set_cmp_func(fhs, mft_fh_cmp_name); + sk_FileAndHash_sort(fhs); + + for (i = 0; i < sk_FileAndHash_num(fhs) - 1; i++) { + const FileAndHash *curr = sk_FileAndHash_value(fhs, i); + const FileAndHash *next = sk_FileAndHash_value(fhs, i + 1); + + if (mft_fh_cmp_name(&curr, &next) == 0) { + warnx("%s: duplicate name: %.*s", fn, + curr->file->length, curr->file->data); + goto err; + } + } + + (void)sk_FileAndHash_set_cmp_func(fhs, mft_fh_cmp_hash); + sk_FileAndHash_sort(fhs); + + for (i = 0; i < sk_FileAndHash_num(fhs) - 1; i++) { + const FileAndHash *curr = sk_FileAndHash_value(fhs, i); + const FileAndHash *next = sk_FileAndHash_value(fhs, i + 1); + + if (mft_fh_cmp_hash(&curr, &next) == 0) { + warnx("%s: duplicate hash for %.*s and %.*s", fn, + curr->file->length, curr->file->data, + next->file->length, next->file->data); + goto err; + } + } + + ret = 1; + + err: + sk_FileAndHash_free(fhs); + + return ret; +} + /* * Handle the eContent of the manifest object, RFC 6486 sec. 4.2. * Returns 0 on failure and 1 on success. @@ -313,6 +391,9 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } + if (!mft_has_unique_names_and_hashes(p->fn, mft)) + goto out; + rc = 1; out: Manifest_free(mft); diff --git a/usr.sbin/rpki-client/output-json.c b/usr.sbin/rpki-client/output-json.c index eb074ef50..9c8f3f2ba 100644 --- a/usr.sbin/rpki-client/output-json.c +++ b/usr.sbin/rpki-client/output-json.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-json.c,v 1.41 2024/02/03 14:30:47 job Exp $ */ +/* $OpenBSD: output-json.c,v 1.42 2024/02/13 20:41:22 job Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * @@ -77,9 +77,6 @@ outputheader_json(struct stats *st) json_do_int("cachedir_del_superfluous_files", st->repo_stats.del_extra_files); - /* XXX: remove in rpki-client 9.0 */ - json_do_int("stalemanifests", 0); - json_do_end(); } diff --git a/usr.sbin/rpki-client/output-ometric.c b/usr.sbin/rpki-client/output-ometric.c index 48713be16..1addf1672 100644 --- a/usr.sbin/rpki-client/output-ometric.c +++ b/usr.sbin/rpki-client/output-ometric.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-ometric.c,v 1.6 2024/02/03 14:30:47 job Exp $ */ +/* $OpenBSD: output-ometric.c,v 1.7 2024/02/13 20:41:22 job Exp $ */ /* * Copyright (c) 2022 Claudio Jeker * @@ -48,10 +48,6 @@ set_common_stats(const struct repotalstats *in, struct ometric *metric, ometric_set_int_with_labels(metric, in->mfts_fail, OKV("type", "state"), OKV("manifest", "failed parse"), ol); - /* XXX: remove in rpki-client 9.0 */ - ometric_set_int_with_labels(metric, 0, - OKV("type", "state"), OKV("manifest", "stale"), ol); - ometric_set_int_with_labels(metric, in->roas, OKV("type", "state"), OKV("roa", "valid"), ol); ometric_set_int_with_labels(metric, in->roas_fail, diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c index 9395cd008..bbd478ce6 100644 --- a/usr.sbin/rpki-client/print.c +++ b/usr.sbin/rpki-client/print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print.c,v 1.46 2024/02/01 15:11:38 tb Exp $ */ +/* $OpenBSD: print.c,v 1.48 2024/02/13 20:40:17 job Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -83,27 +83,26 @@ void tal_print(const struct tal *p) { char *ski; - EVP_PKEY *pk; - RSA *r; - const unsigned char *der; - unsigned char *rder = NULL; + const unsigned char *der, *pkey_der; + X509_PUBKEY *pubkey; + ASN1_OBJECT *obj; unsigned char md[SHA_DIGEST_LENGTH]; - int rder_len; + int nid, der_len; size_t i; - der = p->pkey; - pk = d2i_PUBKEY(NULL, &der, p->pkeysz); - if (pk == NULL) - errx(1, "d2i_PUBKEY failed in %s", __func__); + pkey_der = p->pkey; + if ((pubkey = d2i_X509_PUBKEY(NULL, &pkey_der, p->pkeysz)) == NULL) + errx(1, "d2i_X509_PUBKEY failed"); - r = EVP_PKEY_get0_RSA(pk); - if (r == NULL) - errx(1, "EVP_PKEY_get0_RSA failed in %s", __func__); - if ((rder_len = i2d_RSAPublicKey(r, &rder)) <= 0) - errx(1, "i2d_RSAPublicKey failed in %s", __func__); + if (!X509_PUBKEY_get0_param(&obj, &der, &der_len, NULL, pubkey)) + errx(1, "X509_PUBKEY_get0_param failed"); - if (!EVP_Digest(rder, rder_len, md, NULL, EVP_sha1(), NULL)) - errx(1, "EVP_Digest failed in %s", __func__); + if ((nid = OBJ_obj2nid(obj)) != NID_rsaEncryption) + errx(1, "RFC 7935: wrong signature algorithm %s, want %s", + nid2str(nid), LN_rsaEncryption); + + if (!EVP_Digest(der, der_len, md, NULL, EVP_sha1(), NULL)) + errx(1, "EVP_Digest failed"); ski = hex_encode(md, SHA_DIGEST_LENGTH); @@ -126,8 +125,7 @@ tal_print(const struct tal *p) } } - EVP_PKEY_free(pk); - free(rder); + X509_PUBKEY_free(pubkey); free(ski); } @@ -699,9 +697,11 @@ takey_print(char *name, const struct takey *t) for (i = 0; i < t->commentsz; i++) printf("\t# %s\n", t->comments[i]); - printf("\n"); + if (t->commentsz > 0) + printf("\n"); for (i = 0; i < t->urisz; i++) - printf("\t%s\n\t", t->uris[i]); + printf("\t%s\n", t->uris[i]); + printf("\n\t"); for (i = 0; i < strlen(spki); i++) { printf("%c", spki[i]); if ((++j % 64) == 0) diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c index 5728189cb..227b642f1 100644 --- a/usr.sbin/rpki-client/roa.c +++ b/usr.sbin/rpki-client/roa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roa.c,v 1.73 2024/02/05 19:23:58 job Exp $ */ +/* $OpenBSD: roa.c,v 1.74 2024/02/13 22:44:21 job Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons @@ -45,6 +45,10 @@ extern ASN1_OBJECT *roa_oid; * Types and templates for the ROA eContent, RFC 6482, section 3. */ +ASN1_ITEM_EXP ROAIPAddress_it; +ASN1_ITEM_EXP ROAIPAddressFamily_it; +ASN1_ITEM_EXP RouteOriginAttestation_it; + typedef struct { ASN1_BIT_STRING *address; ASN1_INTEGER *maxLength; diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c index cb58f7379..316ae57ba 100644 --- a/usr.sbin/rpki-client/rsc.c +++ b/usr.sbin/rpki-client/rsc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsc.c,v 1.30 2024/02/05 19:23:58 job Exp $ */ +/* $OpenBSD: rsc.c,v 1.31 2024/02/13 22:44:21 job Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2022 Job Snijders @@ -45,6 +45,13 @@ extern ASN1_OBJECT *rsc_oid; * Types and templates for RSC eContent - RFC 9323 */ +ASN1_ITEM_EXP ConstrainedASIdentifiers_it; +ASN1_ITEM_EXP ConstrainedIPAddressFamily_it; +ASN1_ITEM_EXP ConstrainedIPAddrBlocks_it; +ASN1_ITEM_EXP FileNameAndHash_it; +ASN1_ITEM_EXP ResourceBlock_it; +ASN1_ITEM_EXP RpkiSignedChecklist_it; + typedef struct { ASIdOrRanges *asnum; } ConstrainedASIdentifiers; diff --git a/usr.sbin/rpki-client/tak.c b/usr.sbin/rpki-client/tak.c index 522d1b095..e786630a9 100644 --- a/usr.sbin/rpki-client/tak.c +++ b/usr.sbin/rpki-client/tak.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tak.c,v 1.14 2024/02/05 19:23:58 job Exp $ */ +/* $OpenBSD: tak.c,v 1.16 2024/02/13 22:44:21 job Exp $ */ /* * Copyright (c) 2022 Job Snijders * Copyright (c) 2022 Theo Buehler @@ -45,6 +45,9 @@ extern ASN1_OBJECT *tak_oid; * ASN.1 templates for Trust Anchor Keys (draft-ietf-sidrops-signed-tal-12) */ +ASN1_ITEM_EXP TAKey_it; +ASN1_ITEM_EXP TAK_it; + DECLARE_STACK_OF(ASN1_IA5STRING); #ifndef DEFINE_STACK_OF @@ -90,13 +93,14 @@ parse_takey(const char *fn, const TAKey *takey) { const ASN1_UTF8STRING *comment; const ASN1_IA5STRING *certURI; - EVP_PKEY *pkey; - RSA *r; + X509_PUBKEY *pkey; + ASN1_OBJECT *obj; struct takey *res = NULL; - unsigned char *der = NULL, *rder = NULL; + const unsigned char *der; + unsigned char *pkey_der = NULL; unsigned char md[SHA_DIGEST_LENGTH]; size_t i; - int rdersz, rc = 0; + int der_len, nid, pkey_der_len; if ((res = calloc(1, sizeof(struct takey))) == NULL) err(1, NULL); @@ -118,7 +122,7 @@ parse_takey(const char *fn, const TAKey *takey) res->urisz = sk_ASN1_IA5STRING_num(takey->certificateURIs); if (res->urisz == 0) { warnx("%s: Signed TAL requires at least 1 CertificateURI", fn); - goto out; + goto err; } if ((res->uris = calloc(res->urisz, sizeof(char *))) == NULL) err(1, NULL); @@ -127,7 +131,7 @@ parse_takey(const char *fn, const TAKey *takey) certURI = sk_ASN1_IA5STRING_value(takey->certificateURIs, i); if (!valid_uri(certURI->data, certURI->length, NULL)) { warnx("%s: invalid TA URI", fn); - goto out; + goto err; } /* XXX: enforce that protocol is rsync or https. */ @@ -137,44 +141,36 @@ parse_takey(const char *fn, const TAKey *takey) err(1, NULL); } - if ((pkey = X509_PUBKEY_get0(takey->subjectPublicKeyInfo)) == NULL) { - warnx("%s: X509_PUBKEY_get0 failed", fn); - goto out; + pkey = takey->subjectPublicKeyInfo; + if (!X509_PUBKEY_get0_param(&obj, &der, &der_len, NULL, pkey)) { + warnx("%s: X509_PUBKEY_get0_param failed", fn); + goto err; } - if ((r = EVP_PKEY_get0_RSA(pkey)) == NULL) { - warnx("%s: EVP_PKEY_get0_RSA failed", fn); - goto out; + if ((nid = OBJ_obj2nid(obj)) != NID_rsaEncryption) { + warnx("%s: RFC 7935: wrong signature algorithm %s, want %s", + fn, nid2str(nid), LN_rsaEncryption); + goto err; } - if ((rdersz = i2d_RSAPublicKey(r, &rder)) <= 0) { - warnx("%s: i2d_RSAPublicKey failed", fn); - goto out; - } - - if (!EVP_Digest(rder, rdersz, md, NULL, EVP_sha1(), NULL)) { + if (!EVP_Digest(der, der_len, md, NULL, EVP_sha1(), NULL)) { warnx("%s: EVP_Digest failed", fn); - goto out; + goto err; } res->ski = hex_encode(md, SHA_DIGEST_LENGTH); - if ((res->pubkeysz = i2d_PUBKEY(pkey, &der)) <= 0) { - warnx("%s: i2d_PUBKEY failed", fn); - goto out; + if ((pkey_der_len = i2d_X509_PUBKEY(pkey, &pkey_der)) <= 0) { + warnx("%s: i2d_X509_PUBKEY failed", fn); + goto err; } + res->pubkey = pkey_der; + res->pubkeysz = pkey_der_len; - res->pubkey = der; - der = NULL; - - rc = 1; - out: - if (rc == 0) { - takey_free(res); - res = NULL; - } - free(der); - free(rder); return res; + + err: + takey_free(res); + return NULL; } /* diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c index dd0f33017..679fe5039 100644 --- a/usr.sbin/rpki-client/x509.c +++ b/usr.sbin/rpki-client/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.77 2024/02/01 15:11:38 tb Exp $ */ +/* $OpenBSD: x509.c,v 1.79 2024/02/14 10:49:00 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Claudio Jeker @@ -191,18 +191,18 @@ out: } /* - * Parse X509v3 subject key identifier (SKI), RFC 6487 sec. 4.8.2. - * The SKI must be the SHA1 hash of the Subject Public Key. + * Validate the X509v3 subject key identifier (SKI), RFC 6487 section 4.8.2: + * "The SKI is a SHA-1 hash of the value of the DER-encoded ASN.1 BIT STRING of + * the Subject Public Key, as described in Section 4.2.1.2 of RFC 5280." * Returns the SKI formatted as hex string, or NULL if it couldn't be parsed. */ int x509_get_ski(X509 *x, const char *fn, char **ski) { - const unsigned char *d, *spk; ASN1_OCTET_STRING *os; - X509_PUBKEY *pubkey; - unsigned char spkd[SHA_DIGEST_LENGTH]; - int crit, dsz, spkz, rc = 0; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_len = EVP_MAX_MD_SIZE; + int crit, rc = 0; *ski = NULL; os = X509_get_ext_d2i(x, NID_subject_key_identifier, &crit, NULL); @@ -220,36 +220,24 @@ x509_get_ski(X509 *x, const char *fn, char **ski) goto out; } - d = os->data; - dsz = os->length; + if (!X509_pubkey_digest(x, EVP_sha1(), md, &md_len)) { + warnx("%s: X509_pubkey_digest", fn); + goto out; + } - if (dsz != SHA_DIGEST_LENGTH) { + if (os->length < 0 || md_len != (size_t)os->length) { warnx("%s: RFC 6487 section 4.8.2: SKI: " - "want %d bytes SHA1 hash, have %d bytes", - fn, SHA_DIGEST_LENGTH, dsz); + "want %u bytes SHA1 hash, have %d bytes", + fn, md_len, os->length); goto out; } - if ((pubkey = X509_get_X509_PUBKEY(x)) == NULL) { - warnx("%s: X509_get_X509_PUBKEY", fn); - goto out; - } - if (!X509_PUBKEY_get0_param(NULL, &spk, &spkz, NULL, pubkey)) { - warnx("%s: X509_PUBKEY_get0_param", fn); - goto out; - } - - if (!EVP_Digest(spk, spkz, spkd, NULL, EVP_sha1(), NULL)) { - warnx("%s: EVP_Digest failed", fn); - goto out; - } - - if (memcmp(spkd, d, dsz) != 0) { + if (memcmp(os->data, md, md_len) != 0) { warnx("%s: SKI does not match SHA1 hash of SPK", fn); goto out; } - *ski = hex_encode(d, dsz); + *ski = hex_encode(md, md_len); rc = 1; out: ASN1_OCTET_STRING_free(os);