sync with OpenBSD -current

etc/etc.amd64/sysctl.conf

@@ -1,4 +1,4 @@
 #machdep.allowaperture=2	# See xf86(4)
 #machdep.kbdreset=1		# permit console CTRL-ALT-DEL to do a nice halt
-#machdep.lidaction=0		# 1=suspend, 2=hibernate laptop upon lid closing
-#machdep.pwraction=1		# ACPI power button action: 0=none, 1=shutdown, 2=suspend
+#machdep.lidaction=0		# laptop lid closing action: 0=none, 1=suspend, 2=hibernate
+#machdep.pwraction=0		# acpibtn(4) power button action: 0=none, 1=shutdown, 2=suspend

etc/etc.arm64/sysctl.conf

@@ -1 +1 @@
-#machdep.lidaction=0		# 1=suspend, 2=hibernate laptop upon lid closing
+#machdep.lidaction=0		# laptop lid closing action: 0=none, 1=suspend, 2=hibernate

etc/etc.i386/sysctl.conf

@@ -1,4 +1,4 @@
 #machdep.allowaperture=2	# See xf86(4)
 #machdep.apmhalt=1		# 1=powerdown hack, try if halt -p doesn't work
 #machdep.kbdreset=1		# permit console CTRL-ALT-DEL to do a nice halt
-#machdep.lidaction=0		# 1=suspend, 2=hibernate laptop upon lid closing
+#machdep.lidaction=0		# laptop lid closing action: 0=none, 1=suspend, 2=hibernate

lib/libc/asr/getrrsetbyname_async.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: getrrsetbyname_async.c,v 1.13 2023/03/15 22:12:00 millert Exp $	*/
+/*	$OpenBSD: getrrsetbyname_async.c,v 1.14 2024/05/07 23:40:53 djm Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -170,7 +170,7 @@ getrrsetbyname_async_run(struct asr_query *as, struct asr_result *ar)
 
 /* The rest of this file is taken from the original implementation. */
 
-/* $OpenBSD: getrrsetbyname_async.c,v 1.13 2023/03/15 22:12:00 millert Exp $ */
+/* $OpenBSD: getrrsetbyname_async.c,v 1.14 2024/05/07 23:40:53 djm Exp $ */
 
 /*
  * Copyright (c) 2001 Jakob Schlyter. All rights reserved.
@@ -334,13 +334,14 @@ get_response(struct asr_result *ar, const char *pkt, int pktlen)
 
 		if (rdata) {
 			rdata->rdi_length = rr->size;
-			rdata->rdi_data   = malloc(rr->size);
-
-			if (rdata->rdi_data == NULL) {
-				ar->ar_rrset_errno = ERRSET_NOMEMORY;
-				goto fail;
+			if (rr->size != 0) {
+				rdata->rdi_data = malloc(rr->size);
+				if (rdata->rdi_data == NULL) {
+					ar->ar_rrset_errno = ERRSET_NOMEMORY;
+					goto fail;
+				}
+				memcpy(rdata->rdi_data, rr->rdata, rr->size);
 			}
-			memcpy(rdata->rdi_data, rr->rdata, rr->size);
 		}
 	}
 	free_dns_response(response);
@@ -552,12 +553,13 @@ parse_dns_rrsection(const u_char *answer, int size, const u_char **cp,
 
 		/* rdata itself */
 		NEED(curr->size);
-		curr->rdata = malloc(curr->size);
-		if (curr->rdata == NULL) {
-			free_dns_rr(head);
-			return (NULL);
+		if (curr->size != 0) {
+			if ((curr->rdata = malloc(curr->size)) == NULL) {
+				free_dns_rr(head);
+				return (NULL);
+			}
+			memcpy(curr->rdata, *cp, curr->size);
 		}
-		memcpy(curr->rdata, *cp, curr->size);
 		*cp += curr->size;
 	}
 #undef NEED

lib/libcrypto/man/PEM_read_bio_PrivateKey.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.21 2023/04/25 18:57:57 tb Exp $
+.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.22 2024/05/07 20:40:07 tb Exp $
 .\" full merge up to:
 .\" OpenSSL man3/PEM_read_bio_PrivateKey.pod 18bad535 Apr 9 15:13:55 2019 +0100
 .\" OpenSSL man3/PEM_read_CMS.pod 83cf7abf May 29 13:07:08 2018 +0100
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 25 2023 $
+.Dd $Mdocdate: May 7 2024 $
 .Dt PEM_READ_BIO_PRIVATEKEY 3
 .Os
 .Sh NAME
@@ -1034,7 +1034,7 @@ are used as the passphrase and
 .Fa cb
 is ignored.
 .Ss PEM encryption format
-This old
+These old
 .Sy PrivateKey
 routines use a non-standard technique for encryption.
 .Pp

lib/libcrypto/x509/x509_req.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_req.c,v 1.33 2023/04/25 09:46:36 job Exp $ */
+/* $OpenBSD: x509_req.c,v 1.36 2024/05/08 08:20:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -170,64 +170,33 @@ X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
 }
 LCRYPTO_ALIAS(X509_REQ_check_private_key);
 
-/* It seems several organisations had the same idea of including a list of
- * extensions in a certificate request. There are at least two OIDs that are
- * used and there may be more: so the list is configurable.
- */
-
-static int ext_nid_list[] = {NID_ext_req, NID_ms_ext_req, NID_undef};
-
-static int *ext_nids = ext_nid_list;
-
 int
-X509_REQ_extension_nid(int req_nid)
+X509_REQ_extension_nid(int nid)
 {
-	int i, nid;
-
-	for (i = 0; ; i++) {
-		nid = ext_nids[i];
-		if (nid == NID_undef)
-			return 0;
-		else if (req_nid == nid)
-			return 1;
-	}
+	return nid == NID_ext_req || nid == NID_ms_ext_req;
 }
 LCRYPTO_ALIAS(X509_REQ_extension_nid);
 
-int *
-X509_REQ_get_extension_nids(void)
-{
-	return ext_nids;
-}
-LCRYPTO_ALIAS(X509_REQ_get_extension_nids);
-
-void
-X509_REQ_set_extension_nids(int *nids)
-{
-	ext_nids = nids;
-}
-LCRYPTO_ALIAS(X509_REQ_set_extension_nids);
-
 STACK_OF(X509_EXTENSION) *
 X509_REQ_get_extensions(X509_REQ *req)
 {
 	X509_ATTRIBUTE *attr;
 	ASN1_TYPE *ext = NULL;
-	int idx, *pnid;
+	int idx;
 	const unsigned char *p;
 
-	if (req == NULL || req->req_info == NULL || ext_nids == NULL)
+	if (req == NULL || req->req_info == NULL)
+		return NULL;
+
+	if ((idx = X509_REQ_get_attr_by_NID(req, NID_ext_req, -1)) == -1)
+		idx = X509_REQ_get_attr_by_NID(req, NID_ms_ext_req, -1);
+	if (idx == -1)
+		return NULL;
+
+	if ((attr = X509_REQ_get_attr(req, idx)) == NULL)
+		return NULL;
+	if ((ext = X509_ATTRIBUTE_get0_type(attr, 0)) == NULL)
 		return NULL;
-	for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
-		idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
-		if (idx == -1)
-			continue;
-		attr = X509_REQ_get_attr(req, idx);
-		ext = X509_ATTRIBUTE_get0_type(attr, 0);
-		break;
-	}
-	if (ext == NULL)
-		return sk_X509_EXTENSION_new_null();
 	if (ext->type != V_ASN1_SEQUENCE)
 		return NULL;
 	p = ext->value.sequence->data;
@@ -354,3 +323,22 @@ i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
 	return i2d_X509_REQ_INFO(req->req_info, pp);
 }
 LCRYPTO_ALIAS(i2d_re_X509_REQ_tbs);
+
+/*
+ * XXX - remove the API below in the next major bump
+ */
+
+int *
+X509_REQ_get_extension_nids(void)
+{
+	X509error(ERR_R_DISABLED);
+	return NULL;
+}
+LCRYPTO_ALIAS(X509_REQ_get_extension_nids);
+
+void
+X509_REQ_set_extension_nids(int *nids)
+{
+	X509error(ERR_R_DISABLED);
+}
+LCRYPTO_ALIAS(X509_REQ_set_extension_nids);

lib/libssl/man/ssl.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssl.3,v 1.22 2022/09/17 16:03:21 kn Exp $
+.\" $OpenBSD: ssl.3,v 1.23 2024/05/08 09:41:33 tb Exp $
 .\" full merge up to: OpenSSL e330f55d Nov 11 00:51:04 2016 +0100
 .\" selective merge up to: OpenSSL 322755cc Sep 1 08:40:51 2018 +0800
 .\"
@@ -51,16 +51,17 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 17 2022 $
+.Dd $Mdocdate: May 8 2024 $
 .Dt SSL 3
 .Os
 .Sh NAME
 .Nm ssl
-.Nd OpenSSL SSL/TLS library
+.Nd OpenSSL TLS library
 .Sh DESCRIPTION
-The OpenSSL
+The
 .Nm ssl
-library implements the Transport Layer Security (TLS v1) protocols.
+library implements the Transport Layer Security (TLS) protocol,
+the successor to the secure sockets layer (SSL) protocol.
 .Pp
 An
 .Vt SSL_CTX
@@ -93,7 +94,7 @@ are used to read and write data on the TLS/SSL connection.
 .Xr SSL_shutdown 3
 can be used to shut down the TLS/SSL connection.
 .Sh DATA STRUCTURES
-Currently the OpenSSL
+Currently the
 .Nm ssl
 library functions deal with the following data structures:
 .Bl -tag -width Ds
@@ -131,7 +132,7 @@ At run-time the application usually deals with this structure which has
 links to mostly all other structures.
 .El
 .Sh HEADER FILES
-Currently the OpenSSL
+Currently the
 .Nm ssl
 library provides the following C header files containing the prototypes for the
 data structures and functions:

regress/lib/libcrypto/lhash/lhash_test.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: lhash_test.c,v 1.1 2024/05/06 14:31:25 jsing Exp $	*/
+/*	$OpenBSD: lhash_test.c,v 1.2 2024/05/08 15:13:23 jsing Exp $	*/
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -21,8 +21,182 @@
 
 #include <openssl/lhash.h>
 
+/*
+ * Need to add test coverage for:
+ *  - custom hash function
+ *  - custom comparison function
+ */
+
 static void
-test_doall_fn(void *arg1, void *arg2)
+test_doall_count(void *arg1, void *arg2)
+{
+	int *count = arg2;
+
+	(*count)++;
+}
+
+static int
+test_lhash(void)
+{
+	const char *a = "a", *b = "b", *c = "c", *d = "d";
+	const char *a2 = "a", *b2 = "b";
+	_LHASH *lh;
+	int count;
+	int failed = 1;
+
+	if ((lh = lh_new(NULL, NULL)) == NULL)
+		goto failure;
+
+	/*
+	 * Another amazing API... both a successful insert and a failure will
+	 * return NULL. The only way you can tell the difference is to follow
+	 * with a call to lh_error().
+	 */
+	if (lh_retrieve(lh, "a") != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: retrieved a before insert\n");
+		goto failure;
+	}
+	if (lh_insert(lh, (void *)a) != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: insert a\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "a") != a) {
+		fprintf(stderr, "FAIL: failed to retrieve a\n");
+		goto failure;
+	}
+
+	if (lh_retrieve(lh, "b") != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: retrieved b before insert\n");
+		goto failure;
+	}
+	if (lh_insert(lh, (void *)b) != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: insert b\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "b") != b) {
+		fprintf(stderr, "FAIL: failed to retrieve b\n");
+		goto failure;
+	}
+
+	if (lh_retrieve(lh, "c") != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: retrieved c before insert\n");
+		goto failure;
+	}
+	if (lh_insert(lh, (void *)c) != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: insert c\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "c") != c) {
+		fprintf(stderr, "FAIL: failed to retrieve c\n");
+		goto failure;
+	}
+
+	if (lh_retrieve(lh, "d") != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: retrieved d before insert\n");
+		goto failure;
+	}
+	if (lh_insert(lh, (void *)d) != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: insert d\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "d") != d) {
+		fprintf(stderr, "FAIL: failed to retrieve d\n");
+		goto failure;
+	}
+
+	if (lh_num_items(lh) != 4) {
+		fprintf(stderr, "FAIL: lh_num_items() = %ld, want 4\n",
+		    lh_num_items(lh));
+		goto failure;
+	}
+
+	/* Insert should replace. */
+	if (lh_insert(lh, (void *)a2) != a || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: replace a\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "a") != a2) {
+		fprintf(stderr, "FAIL: failed to retrieve a2\n");
+		goto failure;
+	}
+	if (lh_insert(lh, (void *)b2) != b || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: replace b\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "b") != b2) {
+		fprintf(stderr, "FAIL: failed to retrieve b2\n");
+		goto failure;
+	}
+
+	if (lh_num_items(lh) != 4) {
+		fprintf(stderr, "FAIL: lh_num_items() = %ld, want 4\n",
+		    lh_num_items(lh));
+		goto failure;
+	}
+
+	/* Do all. */
+	count = 0;
+	lh_doall_arg(lh, test_doall_count, &count);
+	if (count != 4) {
+		fprintf(stderr, "FAIL: lh_doall_arg failed (count = %d)\n",
+		    count);
+		goto failure;
+	}
+
+	/* Delete. */
+	if (lh_delete(lh, "z") != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: delete succeeded for z\n");
+		goto failure;
+	}
+	if (lh_delete(lh, "a") != a2 || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: delete failed for a\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "a") != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: retrieved a after deletion\n");
+		goto failure;
+	}
+	if (lh_delete(lh, "b") != b2 || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: delete failed for b\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "b") != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: retrieved b after deletion\n");
+		goto failure;
+	}
+	if (lh_delete(lh, "c") != c || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: delete failed for c\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "c") != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: retrieved c after deletion\n");
+		goto failure;
+	}
+	if (lh_delete(lh, "d") != d || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: delete failed for d\n");
+		goto failure;
+	}
+	if (lh_retrieve(lh, "d") != NULL || lh_error(lh) != 0) {
+		fprintf(stderr, "FAIL: retrieved d after deletion\n");
+		goto failure;
+	}
+
+	if (lh_num_items(lh) != 0) {
+		fprintf(stderr, "FAIL: lh_num_items() = %ld, want 0\n",
+		    lh_num_items(lh));
+		goto failure;
+	}
+
+	failed = 0;
+
+ failure:
+	lh_free(lh);
+
+	return failed;
+}
+
+static void
+test_doall_fn(void *arg1)
 {
 }
 
@@ -38,13 +212,97 @@ test_lhash_doall(void)
 
 	/* Call doall multiple times while linked hash is empty. */
 	for (i = 0; i < 100; i++)
-		lh_doall_arg(lh, test_doall_fn, NULL);
-
-	lh_free(lh);
+		lh_doall(lh, test_doall_fn);
 
 	failed = 0;
 
  failure:
+	lh_free(lh);
+
+	return failed;
+}
+
+static void
+test_doall_delete_some(void *arg1, void *arg2)
+{
+	void *data;
+
+	if (arc4random_uniform(32) != 0)
+		return;
+
+	data = lh_delete(arg2, arg1);
+	free(data);
+}
+
+static void
+test_doall_delete_all(void *arg1, void *arg2)
+{
+	void *data;
+
+	data = lh_delete(arg2, arg1);
+	free(data);
+}
+
+static int
+test_lhash_load(void)
+{
+	uint8_t c3 = 1, c2 = 1, c1 = 1, c0 = 1;
+	_LHASH *lh;
+	char *data = NULL;
+	int i, j;
+	int failed = 1;
+
+	if ((lh = lh_new(NULL, NULL)) == NULL)
+		goto failure;
+
+	for (i = 0; i < 1024; i++) {
+		for (j = 0; j < 1024; j++) {
+			if ((data = calloc(1, 128)) == NULL)
+				goto failure;
+
+			data[0] = c0;
+			data[1] = c1;
+			data[2] = c2;
+			data[3] = c3;
+
+			if (++c0 == 0) {
+				c0++;
+				c1++;
+			}
+			if (c1 == 0) {
+				c1++;
+				c2++;
+			}
+			if (c2 == 0) {
+				c2++;
+				c3++;
+			}
+
+			if (lh_insert(lh, data) != NULL || lh_error(lh) != 0) {
+				fprintf(stderr, "FAIL: lh_insert() failed\n");
+				goto failure;
+			}
+			data = NULL;
+		}
+		lh_doall_arg(lh, test_doall_delete_some, lh);
+	}
+
+	/* We should have ~31,713 entries. */
+	if (lh_num_items(lh) < 31000 || lh_num_items(lh) > 33000) {
+		fprintf(stderr, "FAIL: unexpected number of entries (%ld)\n",
+		    lh_num_items(lh));
+		goto failure;
+	}
+
+	failed = 0;
+
+ failure:
+	if (lh != NULL)
+		lh_doall_arg(lh, test_doall_delete_all, lh);
+
+	lh_free(lh);
+	free(data);
+
 	return failed;
 }
 
@@ -53,7 +311,9 @@ main(int argc, char **argv)
 {
 	int failed = 0;
 
+	failed |= test_lhash();
 	failed |= test_lhash_doall();
+	failed |= test_lhash_load();
 
 	return failed;
 }

regress/lib/libssl/symbols/symbols.awk

@@ -1,4 +1,4 @@
-# $OpenBSD: symbols.awk,v 1.3 2024/04/17 22:48:17 tb Exp $
+# $OpenBSD: symbols.awk,v 1.4 2024/05/08 06:54:43 tb Exp $
 
 # Copyright (c) 2018,2020,2023 Theo Buehler <tb@openbsd.org>
 #
@@ -21,9 +21,6 @@ BEGIN {
 
 	printf("#include <openssl/dtls1.h>\n")
 	printf("#include <openssl/ssl.h>\n")
-	printf("#include <openssl/ssl2.h>\n")
-	printf("#include <openssl/ssl23.h>\n")
-	printf("#include <openssl/ssl3.h>\n")
 	printf("#include <openssl/tls1.h>\n\n")
 
 	printf("#include <openssl/srtp.h>\n\n")		# depends on ssl.h

share/man/man3/intro.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: intro.3,v 1.97 2023/02/20 16:08:37 jmc Exp $
+.\"	$OpenBSD: intro.3,v 1.98 2024/05/08 08:24:23 tb Exp $
 .\"	$NetBSD: intro.3,v 1.5 1995/05/10 22:46:24 jtc Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)intro.3	8.1 (Berkeley) 6/5/93
 .\"
-.Dd $Mdocdate: February 20 2023 $
+.Dd $Mdocdate: May 8 2024 $
 .Dt INTRO 3
 .Os
 .Sh NAME
@@ -100,9 +100,8 @@ An implementation of the Concise Binary Object Representation
 encoding format defined in RFC 7049.
 .Pp
 .It libcrypto Pq Fl lcrypto
-The OpenSSL crypto library.
-Implements a range of cryptographic algorithms,
-providing such functionality as symmetric encryption, public key cryptography,
+Provides functionality such as symmetric encryption, public key cryptography,
+digests, message authentication codes,
 and certificate handling.
 See
 .Xr crypto 3 .
@@ -338,11 +337,9 @@ See
 .Xr sio_open 3 .
 .Pp
 .It libssl Pq Fl lssl
-The OpenSSL ssl library implements the Secure Sockets Layer
-.Pq SSL v3
-and Transport Layer Security
-.Pq TLS v1
-protocols.
+Implements the Transport Layer Security
+.Pq TLS
+protocol, the successor to the Secure Sockets Layer protocol.
 See
 .Xr ssl 3 .
 .Pp

sys/dev/pci/if_iwx.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_iwx.c,v 1.183 2024/04/13 23:44:11 jsg Exp $	*/
+/*	$OpenBSD: if_iwx.c,v 1.184 2024/05/08 14:03:54 stsp Exp $	*/
 
 /*
  * Copyright (c) 2014, 2016 genua gmbh <info@genua.de>
@@ -8323,6 +8323,9 @@ iwx_run(struct iwx_softc *sc)
 		return err;
 	}
 #endif
+	if (ic->ic_opmode == IEEE80211_M_MONITOR)
+		return 0;
+
 	err = iwx_power_mac_update_mode(sc, in);
 	if (err) {
 		printf("%s: could not update MAC power (error %d)\n",
@@ -8330,9 +8333,6 @@ iwx_run(struct iwx_softc *sc)
 		return err;
 	}
 
-	if (ic->ic_opmode == IEEE80211_M_MONITOR)
-		return 0;
-
 	/* Start at lowest available bit-rate. Firmware will raise. */
 	in->in_ni.ni_txrate = 0;
 	in->in_ni.ni_txmcs = 0;

sys/dev/pci/if_iwxreg.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_iwxreg.h,v 1.52 2023/10/06 15:15:41 stsp Exp $	*/
+/*	$OpenBSD: if_iwxreg.h,v 1.53 2024/05/08 14:03:54 stsp Exp $	*/
 
 /*-
  * Based on BSD-licensed source modules in the Linux iwlwifi driver,
@@ -1760,7 +1760,7 @@ struct iwx_gen3_bc_tbl_entry {
 #define IWX_DQA_CMD_QUEUE		0
 #define IWX_DQA_AUX_QUEUE		1
 
-#define IWX_DQA_INJECT_MONITOR_QUEUE	2 /* used in monitor mode only */
+#define IWX_DQA_INJECT_MONITOR_QUEUE	1 /* used in monitor mode only */
 #define IWX_DQA_MGMT_QUEUE		1 /* default queue other modes */
 
 /* Reserve 8 DQA Tx queues for QoS data frames. */

sys/kern/kern_sig.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_sig.c,v 1.326 2024/05/07 10:46:35 claudio Exp $	*/
+/*	$OpenBSD: kern_sig.c,v 1.327 2024/05/08 13:05:33 claudio Exp $	*/
 /*	$NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $	*/
 
 /*
@@ -921,7 +921,7 @@ void
 ptsignal(struct proc *p, int signum, enum signal_type type)
 {
 	int s, prop;
-	sig_t action;
+	sig_t action, altaction = SIG_DFL;
 	sigset_t mask, sigmask;
 	int *siglist;
 	struct process *pr = p->p_p;
@@ -1026,6 +1026,8 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
 			return;
 		if (sigmask & mask) {
 			action = SIG_HOLD;
+			if (sigcatch & mask)
+				altaction = SIG_CATCH;
 		} else if (sigcatch & mask) {
 			action = SIG_CATCH;
 		} else {
@@ -1050,15 +1052,8 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
 	 * marked at thread level.
 	 */
 	siglist = (type == SPROCESS) ? &pr->ps_siglist : &p->p_siglist;
-	if (prop & SA_CONT) {
+	if (prop & (SA_CONT | SA_STOP))
 		siglist = &p->p_siglist;
-		atomic_clearbits_int(siglist, STOPSIGMASK);
-	}
-	if (prop & SA_STOP) {
-		siglist = &p->p_siglist;
-		atomic_clearbits_int(siglist, CONTSIGMASK);
-		atomic_clearbits_int(&p->p_flag, P_CONTINUED);
-	}
 
 	/*
 	 * XXX delay processing of SA_STOP signals unless action == SIG_DFL?
@@ -1068,16 +1063,6 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
 			if (q != p)
 				ptsignal(q, signum, SPROPAGATED);
 
-	/*
-	 * Defer further processing for signals which are held,
-	 * except that stopped processes must be continued by SIGCONT.
-	 */
-	if (action == SIG_HOLD && ((prop & SA_CONT) == 0 ||
-	    p->p_stat != SSTOP)) {
-		atomic_setbits_int(siglist, mask);
-		return;
-	}
-
 	SCHED_LOCK(s);
 
 	switch (p->p_stat) {
@@ -1107,6 +1092,25 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
 		sigmask = READ_ONCE(p->p_sigmask);
 		if (sigmask & mask)
 			goto out;
+		else if (action == SIG_HOLD) {
+			/* signal got unmasked, get proper action */
+			action = altaction;
+
+			if (action == SIG_DFL) {
+				if (prop & SA_KILL && pr->ps_nice > NZERO)
+					 pr->ps_nice = NZERO;
+
+				/*
+				 * Discard tty stop signals sent to an
+				 * orphaned process group, see above.
+				 */
+				if (prop & SA_TTYSTOP &&
+				    pr->ps_pgrp->pg_jobc == 0) {
+					SCHED_UNLOCK(s);
+					return;
+				}
+			}
+		}
 
 		/*
 		 * If SIGCONT is default (or ignored) and process is
@@ -1181,6 +1185,13 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
 			goto out;
 		}
 
+		/*
+		 * Defer further processing for signals which are held,
+		 * except that stopped processes must be continued by SIGCONT.
+		 */
+		if (action == SIG_HOLD)
+			goto out;
+
 		if (prop & SA_STOP) {
 			/*
 			 * Already stopped, don't need to stop again.
@@ -1201,6 +1212,9 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
 		goto out;
 
 	case SONPROC:
+		if (action == SIG_HOLD)
+			goto out;
+
 		/* set siglist before issuing the ast */
 		atomic_setbits_int(siglist, mask);
 		mask = 0;
@@ -1229,6 +1243,14 @@ out:
 	/* finally adjust siglist */
 	if (mask)
 		atomic_setbits_int(siglist, mask);
+	if (prop & SA_CONT) {
+		atomic_clearbits_int(siglist, STOPSIGMASK);
+	}
+	if (prop & SA_STOP) {
+		atomic_clearbits_int(siglist, CONTSIGMASK);
+		atomic_clearbits_int(&p->p_flag, P_CONTINUED);
+	}
+
 	SCHED_UNLOCK(s);
 	if (wakeparent)
 		wakeup(pr->ps_pptr);

sys/net80211/ieee80211_output.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ieee80211_output.c,v 1.138 2024/04/14 03:26:25 jsg Exp $	*/
+/*	$OpenBSD: ieee80211_output.c,v 1.139 2024/05/08 14:02:59 stsp Exp $	*/
 /*	$NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $	*/
 
 /*-
@@ -569,6 +569,9 @@ ieee80211_encap(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node **pni)
 	}
 
  fallback:
+	if (ic->ic_opmode == IEEE80211_M_MONITOR)
+		goto bad;
+
 	if (m->m_len < sizeof(struct ether_header)) {
 		m = m_pullup(m, sizeof(struct ether_header));
 		if (m == NULL) {

sys/netinet/ip_input.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_input.c,v 1.393 2024/04/16 12:56:39 bluhm Exp $	*/
+/*	$OpenBSD: ip_input.c,v 1.394 2024/05/08 13:01:30 bluhm Exp $	*/
 /*	$NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $	*/
 
 /*
@@ -587,6 +587,7 @@ ip_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp)
 
 	ip_forward(m, ifp, &ro, pfrdr);
 	*mp = NULL;
+	rtfree(ro.ro_rt);
 	return IPPROTO_DONE;
  bad:
 	nxt = IPPROTO_DONE;

sys/netinet6/ip6_input.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_input.c,v 1.261 2024/04/16 12:56:39 bluhm Exp $	*/
+/*	$OpenBSD: ip6_input.c,v 1.262 2024/05/08 13:01:30 bluhm Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -615,6 +615,7 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp)
 
 	ip6_forward(m, &ro, pfrdr);
 	*mp = NULL;
+	rtfree(ro.ro_rt);
 	return IPPROTO_DONE;
  bad:
 	nxt = IPPROTO_DONE;

usr.bin/openssl/openssl.1

@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.155 2024/01/26 11:58:37 job Exp $
+.\" $OpenBSD: openssl.1,v 1.156 2024/05/07 21:00:18 tb Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -110,7 +110,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: January 26 2024 $
+.Dd $Mdocdate: May 7 2024 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -136,7 +136,7 @@
 .Nm OpenSSL
 is a cryptography toolkit implementing the
 Transport Layer Security
-.Pq TLS v1
+.Pq TLS
 network protocol,
 as well as related cryptography standards.
 .Pp