SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-07-22 19:19:50 +00:00
parent 2682037f04
commit 174b61403d
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
57 changed files with 960 additions and 743 deletions
Download patch file Download diff file Expand all files Collapse all files

6
bin/ps/ps.1
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ps.1,v 1.134 2024/02/03 18:51:57 beck Exp $
.\" $OpenBSD: ps.1,v 1.135 2024/07/22 09:44:37 claudio Exp $
.\" $NetBSD: ps.1,v 1.16 1996/03/21 01:36:28 jtc Exp $
.\"
.\" Copyright (c) 1980, 1990, 1991, 1993, 1994
@ -30,7 +30,7 @@
.\"
.\" @(#)ps.1 8.3 (Berkeley) 4/18/94
.\"
.Dd $Mdocdate: February 3 2024 $
.Dd $Mdocdate: July 22 2024 $
.Dt PS 1
.Os
.Sh NAME
@ -346,7 +346,7 @@ PS_SINGLEEXIT 0x1000 other threads must die
PS_SINGLEUNWIND 0x2000 other threads must unwind
PS_NOZOMBIE 0x4000 pid 1 waits for me instead of
dad
PS_STOPPED 0x8000 just stopped, need to send
PS_STOPPING 0x8000 just stopped, need to send
SIGCHLD
PS_SYSTEM 0x10000 No signals, stats or swapping
PS_EMBRYO 0x20000 New process, not yet fledged

15
lib/libcrypto/man/DH_get0_pqg.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: DH_get0_pqg.3,v 1.7 2023/03/06 13:25:46 tb Exp $
.\" $OpenBSD: DH_get0_pqg.3,v 1.8 2024/07/21 08:36:43 tb Exp $
.\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 6 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt DH_GET0_PQG 3
.Os
.Sh NAME
@ -307,15 +307,8 @@ or 0 if none of the given
are set.
.Pp
.Fn DH_get0_engine
returns a pointer to the
.Vt ENGINE
used by the
.Vt DH
object
.Fa dh ,
or
.Dv NULL
if no engine was set for this object.
always returns
.Dv NULL .
.Sh SEE ALSO
.Xr DH_generate_key 3 ,
.Xr DH_generate_parameters 3 ,

15
lib/libcrypto/man/DSA_get0_pqg.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: DSA_get0_pqg.3,v 1.10 2023/12/29 22:37:47 tb Exp $
.\" $OpenBSD: DSA_get0_pqg.3,v 1.11 2024/07/21 08:36:43 tb Exp $
.\" full merge up to: OpenSSL e90fc053 Jul 15 09:39:45 2017 -0400
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 29 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt DSA_GET0_PQG 3
.Os
.Sh NAME
@ -283,15 +283,8 @@ or 0 if none of the given
are set.
.Pp
.Fn DSA_get0_engine
returns a pointer to the
.Vt ENGINE
used by the
.Vt DSA
object
Fa d ,
or
.Dv NULL
if no engine was set for this object.
always returns
.Dv NULL .
.Sh SEE ALSO
.Xr DSA_do_sign 3 ,
.Xr DSA_dup_DH 3 ,

20
lib/libcrypto/man/EC_KEY_METHOD_new.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.3 2023/08/29 10:07:42 tb Exp $
.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.4 2024/07/21 08:36:43 tb Exp $
.\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -13,7 +13,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: August 29 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt EC_KEY_METHOD_NEW 3
.Os
.Sh NAME
@ -262,17 +262,15 @@ is
.Fn EC_KEY_new_method
creates and initializes a new
.Vt EC_KEY
object using the given
.Fa engine ,
or the using the
object using the
.Vt EC_KEY_METHOD
set with
.Fn EC_KEY_set_default_method
if
.Fa engine
is
.Dv NULL ,
or using the default EC_KEY implementation by default.
.Fn EC_KEY_set_default_method .
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
.Fn EC_KEY_set_method
dissociates the

10
lib/libcrypto/man/EVP_AEAD_CTX_init.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.15 2023/09/12 13:58:06 schwarze Exp $
.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.16 2024/07/21 08:36:43 tb Exp $
.\"
.\" Copyright (c) 2014, Google Inc.
.\" Parts of the text were written by Adam Langley and David Benjamin.
@ -17,7 +17,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: September 12 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_AEAD_CTX_INIT 3
.Os
.Sh NAME
@ -51,7 +51,7 @@
.Fa "const unsigned char *key"
.Fa "size_t key_len"
.Fa "size_t tag_len"
.Fa "ENGINE *impl"
.Fa "ENGINE *engine"
.Fc
.Ft void
.Fo EVP_AEAD_CTX_cleanup
@ -142,11 +142,11 @@ initializes the context
for the given AEAD algorithm
.Fa aead .
The
.Fa impl
.Fa engine
argument must be
.Dv NULL
for the default implementation;
other values are currently not supported.
other values are not supported.
Authentication tags may be truncated by passing a tag length.
A
.Fa tag_len

49
lib/libcrypto/man/EVP_DigestInit.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_DigestInit.3,v 1.33 2024/03/19 17:34:05 tb Exp $
.\" $OpenBSD: EVP_DigestInit.3,v 1.34 2024/07/21 08:36:43 tb Exp $
.\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\"
@ -70,7 +70,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 19 2024 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_DIGESTINIT 3
.Os
.Sh NAME
@ -132,7 +132,7 @@
.Fo EVP_DigestInit_ex
.Fa "EVP_MD_CTX *ctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *impl"
.Fa "ENGINE *engine"
.Fc
.Ft int
.Fo EVP_DigestUpdate
@ -153,7 +153,7 @@
.Fa "unsigned char *md"
.Fa "unsigned int *s"
.Fa "const EVP_MD *type"
.Fa "ENGINE *impl"
.Fa "ENGINE *engine"
.Fc
.Ft int
.Fo EVP_MD_CTX_copy_ex
@ -249,21 +249,16 @@ respectively.
sets up the digest context
.Fa ctx
to use a digest
.Fa type
from
.Vt ENGINE
.Fa impl .
.Fa type .
The
.Fa type
will typically be supplied by a function such as
.Fn EVP_sha512 .
If
.Fa impl
is
.Dv NULL ,
then the default implementation of digest
.Fa type
is used.
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
.Fn EVP_DigestUpdate
hashes
@ -306,9 +301,6 @@ bytes of data at
.Fa d
using the digest
.Fa type
from
.Vt ENGINE
.Fa impl
in a one-shot operation and place the digest value into
.Fa md ,
and, unless
@ -323,6 +315,11 @@ This wrapper uses a temporary digest context and passes its arguments to
and
.Fn EVP_DigestFinal_ex
internally.
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
.Fn EVP_MD_CTX_copy_ex
can be used to copy the message digest state from
@ -335,8 +332,7 @@ differ in the last few bytes.
.Fn EVP_DigestInit
is a deprecated function behaving like
.Fn EVP_DigestInit_ex
except that it always uses the default digest implementation
and that it requires
except that it requires
.Fn EVP_MD_CTX_reset
before it can be used on a context that was already used.
.Pp
@ -399,11 +395,11 @@ in preference to the low-level interfaces.
This is because the code then becomes transparent to the digest used and
much more flexible.
.Pp
For most applications the
.Fa impl
parameter to
.Fn EVP_DigestInit_ex
will be set to NULL to use the default digest implementation.
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
The functions
.Fn EVP_DigestInit ,
@ -418,8 +414,7 @@ New applications should use
and
.Fn EVP_MD_CTX_copy_ex
because they can efficiently reuse a digest context instead of
initializing and cleaning it up on each call and allow non-default
implementations of digests to be specified.
initializing and cleaning it up on each call.
.Pp
If digest contexts are not cleaned up after use, memory leaks will occur.
.Sh RETURN VALUES

14
lib/libcrypto/man/EVP_DigestSignInit.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_DigestSignInit.3,v 1.12 2022/01/15 09:08:51 tb Exp $
.\" $OpenBSD: EVP_DigestSignInit.3,v 1.13 2024/07/21 08:36:43 tb Exp $
.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 15 2022 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_DIGESTSIGNINIT 3
.Os
.Sh NAME
@ -65,7 +65,7 @@
.Fa "EVP_MD_CTX *ctx"
.Fa "EVP_PKEY_CTX **pctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *e"
.Fa "ENGINE *engine"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft int
@ -97,11 +97,13 @@ sets up the signing context
.Fa ctx
to use the digest
.Fa type
from
.Vt ENGINE
.Fa e
and private key
.Fa pkey .
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Fa ctx
must be initialized with
.Xr EVP_MD_CTX_init 3

14
lib/libcrypto/man/EVP_DigestVerifyInit.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.14 2022/01/15 09:08:51 tb Exp $
.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.15 2024/07/21 08:36:43 tb Exp $
.\" OpenSSL fb552ac6 Sep 30 23:43:01 2009 +0000
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 15 2022 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_DIGESTVERIFYINIT 3
.Os
.Sh NAME
@ -65,7 +65,7 @@
.Fa "EVP_MD_CTX *ctx"
.Fa "EVP_PKEY_CTX **pctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *e"
.Fa "ENGINE *engine"
.Fa "EVP_PKEY *pkey"
.Fc
.Ft int
@ -97,9 +97,6 @@ sets up verification context
.Fa ctx
to use digest
.Fa type
from
.Vt ENGINE
.Fa e
and public key
.Fa pkey .
.Fa ctx
@ -124,6 +121,11 @@ value returned must not be freed directly by the application.
It will be freed automatically when the
.Vt EVP_MD_CTX
is freed.
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
.Fn EVP_DigestVerifyUpdate
hashes

12
lib/libcrypto/man/EVP_EncryptInit.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_EncryptInit.3,v 1.51 2023/12/26 22:13:00 schwarze Exp $
.\" $OpenBSD: EVP_EncryptInit.3,v 1.52 2024/07/21 08:36:43 tb Exp $
.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
.\" 7c6d372a Nov 20 13:20:01 2018 +0000
@ -69,7 +69,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 26 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_ENCRYPTINIT 3
.Os
.Sh NAME
@ -142,7 +142,7 @@
.Fo EVP_EncryptInit_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const EVP_CIPHER *type"
.Fa "ENGINE *impl"
.Fa "ENGINE *engine"
.Fa "const unsigned char *key"
.Fa "const unsigned char *iv"
.Fc
@ -164,7 +164,7 @@
.Fo EVP_DecryptInit_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const EVP_CIPHER *type"
.Fa "ENGINE *impl"
.Fa "ENGINE *engine"
.Fa "const unsigned char *key"
.Fa "const unsigned char *iv"
.Fc
@ -186,7 +186,7 @@
.Fo EVP_CipherInit_ex
.Fa "EVP_CIPHER_CTX *ctx"
.Fa "const EVP_CIPHER *type"
.Fa "ENGINE *impl"
.Fa "ENGINE *engine"
.Fa "const unsigned char *key"
.Fa "const unsigned char *iv"
.Fa "int enc"
@ -361,7 +361,7 @@ is the IV to use (if necessary).
The actual number of bytes used for the
key and IV depends on the cipher.
The
.Fa ENGINE *impl
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.

35
lib/libcrypto/man/EVP_PKEY_CTX_new.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.13 2023/09/09 14:39:09 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.14 2024/07/21 08:36:43 tb Exp $
.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 9 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_PKEY_CTX_NEW 3
.Os
.Sh NAME
@ -79,12 +79,12 @@
.Ft EVP_PKEY_CTX *
.Fo EVP_PKEY_CTX_new
.Fa "EVP_PKEY *pkey"
.Fa "ENGINE *e"
.Fa "ENGINE *engine"
.Fc
.Ft EVP_PKEY_CTX *
.Fo EVP_PKEY_CTX_new_id
.Fa "int id"
.Fa "ENGINE *e"
.Fa "ENGINE *engine"
.Fc
.Ft EVP_PKEY_CTX *
.Fo EVP_PKEY_CTX_dup
@ -99,26 +99,23 @@ The
.Fn EVP_PKEY_CTX_new
function allocates a public key algorithm context using the algorithm
specified in
.Fa pkey
and using
.Fa e
unless it is
.Dv NULL .
If
.Fa pkey
is associated with an engine, that engine is used and
.Fa e
is ignored.
.Fa pkey .
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
The
.Fn EVP_PKEY_CTX_new_id
function allocates a public key algorithm context using the algorithm
specified by
.Fa id
and using
.Fa e
unless it is
.Dv NULL .
.Fa id .
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
It is normally used when no
.Vt EVP_PKEY
structure is associated with the operations, for example during

24
lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.8 2023/12/21 21:32:01 tb Exp $
.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.9 2024/07/21 08:36:43 tb Exp $
.\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 21 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_PKEY_ASN1_GET_COUNT 3
.Os
.Sh NAME
@ -90,12 +90,12 @@
.Fc
.Ft const EVP_PKEY_ASN1_METHOD *
.Fo EVP_PKEY_asn1_find
.Fa "ENGINE **pe"
.Fa "ENGINE **engine"
.Fa "int type"
.Fc
.Ft const EVP_PKEY_ASN1_METHOD *
.Fo EVP_PKEY_asn1_find_str
.Fa "ENGINE **pe"
.Fa "ENGINE **engine"
.Fa "const char *str"
.Fa "int len"
.Fc
@ -130,14 +130,12 @@ and
.Xr EVP_PKEY_id 3
may return.
If
.Fa pe
.Fa engine
is not
.Dv NULL ,
it first looks for an engine implementing a method for the NID
.Fa type .
If one is found,
.Pf * Fa pe
is set to that engine and the method from that engine is returned instead.
.Pf * Fa engine
is set to
.Dv NULL .
.Pp
.Fn EVP_PKEY_asn1_find_str
looks up the method with the PEM type string given by the first
@ -157,10 +155,12 @@ manual page.
Just like
.Fn EVP_PKEY_asn1_find ,
if
.Fa pe
.Fa engine
is not
.Dv NULL ,
methods from engines are preferred.
.Pf * Fa engine
is set to
.Dv NULL .
.Pp
.Fn EVP_PKEY_asn1_get0_info
retrieves the public key ID as returned by

9
lib/libcrypto/man/EVP_PKEY_decrypt.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.8 2022/03/31 17:27:17 naddy Exp $
.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.9 2024/07/21 08:10:17 tb Exp $
.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 31 2022 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_PKEY_DECRYPT 3
.Os
.Sh NAME
@ -130,16 +130,15 @@ Decrypt data using OAEP (for RSA keys):
#include <openssl/rsa.h>
EVP_PKEY_CTX *ctx;
ENGINE *eng;
unsigned char *out, *in;
size_t outlen, inlen;
EVP_PKEY *key;
/*
* Assumes that key, eng, in, and inlen are already set up
* Assumes that key, in, and inlen are already set up
* and that key is an RSA private key.
*/
ctx = EVP_PKEY_CTX_new(key, eng);
ctx = EVP_PKEY_CTX_new(key, NULL);
if (!ctx)
/* Error occurred */
if (EVP_PKEY_decrypt_init(ctx) <= 0)

9
lib/libcrypto/man/EVP_PKEY_derive.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_derive.3,v 1.10 2024/03/05 19:21:31 tb Exp $
.\" $OpenBSD: EVP_PKEY_derive.3,v 1.11 2024/07/21 08:25:33 tb Exp $
.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
.\"
.\" This file is a derived work.
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 5 2024 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_PKEY_DERIVE 3
.Os
.Sh NAME
@ -209,13 +209,12 @@ Derive shared secret (for example DH or EC keys):
#include <openssl/rsa.h>
EVP_PKEY_CTX *ctx;
ENGINE *eng;
unsigned char *skey;
size_t skeylen;
EVP_PKEY *pkey, *peerkey;
/* Assumes that pkey, eng, and peerkey have already been set up. */
ctx = EVP_PKEY_CTX_new(pkey, eng);
/* Assumes that pkey and peerkey have already been set up. */
ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!ctx)
/* Error occurred */
if (EVP_PKEY_derive_init(ctx) <= 0)

9
lib/libcrypto/man/EVP_PKEY_keygen.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.13 2023/09/10 04:05:26 jsg Exp $
.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.14 2024/07/21 08:02:17 tb Exp $
.\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\"
.\" This file is a derived work.
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 10 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_PKEY_KEYGEN 3
.Os
.Sh NAME
@ -286,11 +286,10 @@ Generate a key from a set of parameters:
#include <openssl/rsa.h>
EVP_PKEY_CTX *ctx;
ENGINE *eng;
EVP_PKEY *pkey = NULL, *param;
/* Assumes that param and eng are already set up. */
ctx = EVP_PKEY_CTX_new(param, eng);
/* Assumes that param is already set up. */
ctx = EVP_PKEY_CTX_new(param, NULL);
if (!ctx)
/* Error occurred */
if (EVP_PKEY_keygen_init(ctx) <= 0)

23
lib/libcrypto/man/EVP_PKEY_new.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_new.3,v 1.18 2022/12/14 22:37:07 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_new.3,v 1.19 2024/07/21 08:36:43 tb Exp $
.\" full merge up to: OpenSSL 4dcfdfce May 27 11:50:05 2020 +0100
.\"
.\" This file is a derived work.
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 14 2022 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_PKEY_NEW 3
.Os
.Sh NAME
@ -95,20 +95,20 @@
.Ft EVP_PKEY *
.Fo EVP_PKEY_new_raw_private_key
.Fa "int type"
.Fa "ENGINE *e"
.Fa "ENGINE *engine"
.Fa "const unsigned char *rawpriv"
.Fa "size_t rawlen"
.Fc
.Ft EVP_PKEY *
.Fo EVP_PKEY_new_raw_public_key
.Fa "int type"
.Fa "ENGINE *e"
.Fa "ENGINE *engine"
.Fa "const unsigned char *rawpub"
.Fa "size_t rawlen"
.Fc
.Ft EVP_PKEY *
.Fo EVP_PKEY_new_CMAC_key
.Fa "ENGINE *e"
.Fa "ENGINE *engine"
.Fa "const unsigned char *rawpriv"
.Fa "size_t rawlen"
.Fa "const EVP_CIPHER *cipher"
@ -116,7 +116,7 @@
.Ft EVP_PKEY *
.Fo EVP_PKEY_new_mac_key
.Fa "int type"
.Fa "ENGINE *e"
.Fa "ENGINE *engine"
.Fa "const unsigned char *rawpriv"
.Fa "int rawlen"
.Fc
@ -165,12 +165,6 @@ pointer, no action occurs.
.Fn EVP_PKEY_new_raw_private_key
allocates a new
.Vt EVP_PKEY .
If
.Fa e
is
.Pf non- Dv NULL ,
the new structure is associated with the engine
.Fa e .
The NID of a public key algorithm that supports raw private keys, i.e.\&
.Dv EVP_PKEY_HMAC ,
.Dv EVP_PKEY_X25519 ,
@ -184,6 +178,11 @@ bytes of raw private key data of that type in
.Fa rawpriv .
The public key data is automatically derived from the given private
key data, if appropriate for the algorithm type.
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
.Fn EVP_PKEY_new_raw_public_key
works in the same way as

16
lib/libcrypto/man/EVP_SignInit.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_SignInit.3,v 1.17 2023/11/16 20:27:43 schwarze Exp $
.\" $OpenBSD: EVP_SignInit.3,v 1.19 2024/07/21 09:24:07 tb Exp $
.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
.\"
@ -50,7 +50,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 16 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_SIGNINIT 3
.Os
.Sh NAME
@ -65,7 +65,7 @@
.Fo EVP_SignInit_ex
.Fa "EVP_MD_CTX *ctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *impl"
.Fa "ENGINE *engine"
.Fc
.Ft int
.Fo EVP_SignUpdate
@ -93,14 +93,16 @@ signatures.
sets up a signing context
.Fa ctx
to use the digest
.Fa type
from
.Vt ENGINE
.Fa impl .
.Fa type .
.Fa ctx
must be initialized with
.Xr EVP_MD_CTX_init 3
before calling this function.
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
.Fn EVP_SignUpdate
hashes

16
lib/libcrypto/man/EVP_VerifyInit.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_VerifyInit.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $
.\" $OpenBSD: EVP_VerifyInit.3,v 1.12 2024/07/21 08:36:43 tb Exp $
.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
.\"
@ -50,7 +50,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 16 2023 $
.Dd $Mdocdate: July 21 2024 $
.Dt EVP_VERIFYINIT 3
.Os
.Sh NAME
@ -65,7 +65,7 @@
.Fo EVP_VerifyInit_ex
.Fa "EVP_MD_CTX *ctx"
.Fa "const EVP_MD *type"
.Fa "ENGINE *impl"
.Fa "ENGINE *engine"
.Fc
.Ft int
.Fo EVP_VerifyUpdate
@ -93,14 +93,16 @@ digital signatures.
sets up a verification context
.Fa ctx
to use the digest
.Fa type
from
.Vt ENGINE
.Fa impl .
.Fa type .
.Fa ctx
must be initialized by calling
.Xr EVP_MD_CTX_init 3
before calling this function.
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
.Fn EVP_VerifyUpdate
hashes

11
lib/libcrypto/man/HMAC.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: HMAC.3,v 1.21 2024/05/26 09:54:16 tb Exp $
.\" $OpenBSD: HMAC.3,v 1.22 2024/07/21 08:36:43 tb Exp $
.\" full merge up to: OpenSSL crypto/hmac a528d4f0 Oct 27 13:40:11 2015 -0400
.\" selective merge up to: OpenSSL man3/HMAC b3696a55 Sep 2 09:35:50 2017 -0400
.\"
@ -52,7 +52,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: May 26 2024 $
.Dd $Mdocdate: July 21 2024 $
.Dt HMAC 3
.Os
.Sh NAME
@ -97,7 +97,7 @@
.Fa "const void *key"
.Fa "int key_len"
.Fa "const EVP_MD *md"
.Fa "ENGINE *impl"
.Fa "ENGINE *engine"
.Fc
.Ft int
.Fo HMAC_Init
@ -223,6 +223,11 @@ nor the same as the previous digest used by
.Fa ctx ,
then an error is returned because reuse of an existing key with a
different digest is not supported.
The
.Fa ENGINE *engine
argument is always ignored and passing
.Dv NULL
is recommended.
.Pp
.Fn HMAC_Init
is a deprecated wrapper around

418
lib/libssl/s3_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: s3_lib.c,v 1.255 2024/07/19 08:54:31 jsing Exp $ */
/* $OpenBSD: s3_lib.c,v 1.256 2024/07/22 14:47:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -171,12 +171,12 @@
/* list of available SSLv3 ciphers (sorted by id) */
const SSL_CIPHER ssl3_ciphers[] = {
/* The RSA ciphers */
/* Cipher 01 */
/*
* SSLv3 RSA cipher suites (RFC 6101, appendix A.6).
*/
{
.valid = 1,
.value = 0x0001,
.name = SSL3_TXT_RSA_NULL_MD5,
.id = SSL3_CK_RSA_NULL_MD5,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_eNULL,
@ -187,12 +187,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 0,
.alg_bits = 0,
},
/* Cipher 02 */
{
.valid = 1,
.value = 0x0002,
.name = SSL3_TXT_RSA_NULL_SHA,
.id = SSL3_CK_RSA_NULL_SHA,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_eNULL,
@ -203,12 +200,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 0,
.alg_bits = 0,
},
/* Cipher 04 */
{
.valid = 1,
.value = 0x0004,
.name = SSL3_TXT_RSA_RC4_128_MD5,
.id = SSL3_CK_RSA_RC4_128_MD5,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_RC4,
@ -219,12 +213,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 05 */
{
.valid = 1,
.value = 0x0005,
.name = SSL3_TXT_RSA_RC4_128_SHA,
.id = SSL3_CK_RSA_RC4_128_SHA,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_RC4,
@ -235,12 +226,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 0A */
{
.valid = 1,
.value = 0x000a,
.name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
.id = SSL3_CK_RSA_DES_192_CBC3_SHA,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_3DES,
@ -253,14 +241,11 @@ const SSL_CIPHER ssl3_ciphers[] = {
},
/*
* Ephemeral DH (DHE) ciphers.
* SSLv3 DHE cipher suites (RFC 6101, appendix A.6).
*/
/* Cipher 16 */
{
.valid = 1,
.value = 0x0016,
.name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
.id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_3DES,
@ -271,12 +256,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 112,
.alg_bits = 168,
},
/* Cipher 18 */
{
.valid = 1,
.value = 0x0018,
.name = SSL3_TXT_ADH_RC4_128_MD5,
.id = SSL3_CK_ADH_RC4_128_MD5,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_RC4,
@ -287,12 +269,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 1B */
{
.valid = 1,
.value = 0x001b,
.name = SSL3_TXT_ADH_DES_192_CBC_SHA,
.id = SSL3_CK_ADH_DES_192_CBC_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_3DES,
@ -305,14 +284,11 @@ const SSL_CIPHER ssl3_ciphers[] = {
},
/*
* AES ciphersuites.
* TLSv1.0 AES cipher suites (RFC 3268).
*/
/* Cipher 2F */
{
.valid = 1,
.value = 0x002f,
.name = TLS1_TXT_RSA_WITH_AES_128_SHA,
.id = TLS1_CK_RSA_WITH_AES_128_SHA,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
@ -323,12 +299,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 33 */
{
.valid = 1,
.value = 0x0033,
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
@ -339,12 +312,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 34 */
{
.valid = 1,
.value = 0x0034,
.name = TLS1_TXT_ADH_WITH_AES_128_SHA,
.id = TLS1_CK_ADH_WITH_AES_128_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128,
@ -355,12 +325,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 35 */
{
.valid = 1,
.value = 0x0035,
.name = TLS1_TXT_RSA_WITH_AES_256_SHA,
.id = TLS1_CK_RSA_WITH_AES_256_SHA,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
@ -371,12 +338,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher 39 */
{
.valid = 1,
.value = 0x0039,
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
@ -387,12 +351,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher 3A */
{
.valid = 1,
.value = 0x003a,
.name = TLS1_TXT_ADH_WITH_AES_256_SHA,
.id = TLS1_CK_ADH_WITH_AES_256_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256,
@ -404,12 +365,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256,
},
/* TLS v1.2 ciphersuites */
/* Cipher 3B */
/*
* TLSv1.2 RSA cipher suites (RFC 5246, appendix A.5).
*/
{
.valid = 1,
.value = 0x003b,
.name = TLS1_TXT_RSA_WITH_NULL_SHA256,
.id = TLS1_CK_RSA_WITH_NULL_SHA256,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_eNULL,
@ -420,12 +381,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 0,
.alg_bits = 0,
},
/* Cipher 3C */
{
.valid = 1,
.value = 0x003c,
.name = TLS1_TXT_RSA_WITH_AES_128_SHA256,
.id = TLS1_CK_RSA_WITH_AES_128_SHA256,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
@ -436,12 +394,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 3D */
{
.valid = 1,
.value = 0x003d,
.name = TLS1_TXT_RSA_WITH_AES_256_SHA256,
.id = TLS1_CK_RSA_WITH_AES_256_SHA256,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
@ -454,13 +409,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
},
#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (128-bit portion) */
/* Cipher 41 */
/*
* TLSv1.0 Camellia 128 bit cipher suites (RFC 4132).
*/
{
.valid = 1,
.value = 0x0041,
.name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
.id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA128,
@ -471,12 +425,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 45 */
{
.valid = 1,
.value = 0x0045,
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA128,
@ -487,12 +438,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 46 */
{
.valid = 1,
.value = 0x0046,
.name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
.id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_CAMELLIA128,
@ -505,12 +453,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
},
#endif /* OPENSSL_NO_CAMELLIA */
/* TLS v1.2 ciphersuites */
/* Cipher 67 */
/*
* TLSv1.2 DHE cipher suites (RFC 5246, appendix A.5).
*/
{
.valid = 1,
.value = 0x0067,
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
@ -521,12 +469,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 6B */
{
.valid = 1,
.value = 0x006b,
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
@ -537,12 +482,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher 6C */
{
.valid = 1,
.value = 0x006c,
.name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
.id = TLS1_CK_ADH_WITH_AES_128_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128,
@ -553,12 +495,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 6D */
{
.valid = 1,
.value = 0x006d,
.name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
.id = TLS1_CK_ADH_WITH_AES_256_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256,
@ -571,13 +510,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
},
#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
/* Cipher 84 */
/*
* TLSv1.0 Camellia 256 bit cipher suites (RFC 4132).
*/
{
.valid = 1,
.value = 0x0084,
.name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
.id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA256,
@ -588,12 +526,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher 88 */
{
.valid = 1,
.value = 0x0088,
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA256,
@ -604,12 +539,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher 89 */
{
.valid = 1,
.value = 0x0089,
.name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
.id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_CAMELLIA256,
@ -623,14 +555,11 @@ const SSL_CIPHER ssl3_ciphers[] = {
#endif /* OPENSSL_NO_CAMELLIA */
/*
* GCM ciphersuites from RFC5288.
* TLSv1.2 AES GCM cipher suites (RFC 5288).
*/
/* Cipher 9C */
{
.valid = 1,
.value = 0x009c,
.name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128GCM,
@ -641,12 +570,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 9D */
{
.valid = 1,
.value = 0x009d,
.name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256GCM,
@ -657,12 +583,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher 9E */
{
.valid = 1,
.value = 0x009e,
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128GCM,
@ -673,12 +596,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 9F */
{
.valid = 1,
.value = 0x009f,
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256GCM,
@ -689,12 +609,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher A6 */
{
.valid = 1,
.value = 0x00a6,
.name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128GCM,
@ -705,12 +622,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher A7 */
{
.valid = 1,
.value = 0x00a7,
.name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256GCM,
@ -723,13 +637,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
},
#ifndef OPENSSL_NO_CAMELLIA
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
/* Cipher BA */
/*
* TLSv1.2 Camellia SHA-256 cipher suites (RFC 5932).
*/
{
.valid = 1,
.value = 0x00ba,
.name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
.id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA128,
@ -740,12 +653,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher BE */
{
.valid = 1,
.value = 0x000be,
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA128,
@ -756,12 +666,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher BF */
{
.valid = 1,
.value = 0x00bf,
.name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
.id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_CAMELLIA128,
@ -772,12 +679,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C0 */
{
.valid = 1,
.value = 0x00c0,
.name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
.id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
.algorithm_mkey = SSL_kRSA,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA256,
@ -788,12 +692,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher C4 */
{
.valid = 1,
.value = 0x00c4,
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA256,
@ -804,12 +705,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher C5 */
{
.valid = 1,
.value = 0x00c5,
.name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
.id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_CAMELLIA256,
@ -822,16 +720,13 @@ const SSL_CIPHER ssl3_ciphers[] = {
},
#endif /* OPENSSL_NO_CAMELLIA */
/*
* TLSv1.3 cipher suites.
*/
#ifdef LIBRESSL_HAS_TLS1_3
/* Cipher 1301 */
/*
* TLSv1.3 cipher suites (RFC 8446).
*/
{
.valid = 1,
.value = 0x1301,
.name = TLS1_3_RFC_AES_128_GCM_SHA256,
.id = TLS1_3_CK_AES_128_GCM_SHA256,
.algorithm_mkey = SSL_kTLS1_3,
.algorithm_auth = SSL_aTLS1_3,
.algorithm_enc = SSL_AES128GCM,
@ -842,12 +737,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher 1302 */
{
.valid = 1,
.value = 0x1302,
.name = TLS1_3_RFC_AES_256_GCM_SHA384,
.id = TLS1_3_CK_AES_256_GCM_SHA384,
.algorithm_mkey = SSL_kTLS1_3,
.algorithm_auth = SSL_aTLS1_3,
.algorithm_enc = SSL_AES256GCM,
@ -858,12 +750,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher 1303 */
{
.valid = 1,
.value = 0x1303,
.name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
.id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
.algorithm_mkey = SSL_kTLS1_3,
.algorithm_auth = SSL_aTLS1_3,
.algorithm_enc = SSL_CHACHA20POLY1305,
@ -876,11 +765,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
},
#endif
/* Cipher C006 */
/*
* TLSv1.0 Elliptic Curve cipher suites (RFC 4492, section 6).
*/
{
.valid = 1,
.value = 0xc006,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_eNULL,
@ -891,12 +781,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 0,
.alg_bits = 0,
},
/* Cipher C007 */
{
.valid = 1,
.value = 0xc007,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_RC4,
@ -907,12 +794,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C008 */
{
.valid = 1,
.value = 0xc008,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_3DES,
@ -923,12 +807,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 112,
.alg_bits = 168,
},
/* Cipher C009 */
{
.valid = 1,
.value = 0xc009,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES128,
@ -939,12 +820,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C00A */
{
.valid = 1,
.value = 0xc00a,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES256,
@ -955,12 +833,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher C010 */
{
.valid = 1,
.value = 0xc010,
.name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_eNULL,
@ -971,12 +846,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 0,
.alg_bits = 0,
},
/* Cipher C011 */
{
.valid = 1,
.value = 0xc011,
.name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_RC4,
@ -987,12 +859,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C012 */
{
.valid = 1,
.value = 0xc012,
.name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_3DES,
@ -1003,12 +872,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 112,
.alg_bits = 168,
},
/* Cipher C013 */
{
.valid = 1,
.value = 0xc013,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
@ -1019,12 +885,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C014 */
{
.valid = 1,
.value = 0xc014,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
@ -1035,12 +898,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher C015 */
{
.valid = 1,
.value = 0xc015,
.name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
.id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_eNULL,
@ -1051,12 +911,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 0,
.alg_bits = 0,
},
/* Cipher C016 */
{
.valid = 1,
.value = 0xc016,
.name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
.id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_RC4,
@ -1067,12 +924,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C017 */
{
.valid = 1,
.value = 0xc017,
.name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
.id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_3DES,
@ -1083,12 +937,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 112,
.alg_bits = 168,
},
/* Cipher C018 */
{
.valid = 1,
.value = 0xc018,
.name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
.id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128,
@ -1099,12 +950,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C019 */
{
.valid = 1,
.value = 0xc019,
.name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
.id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256,
@ -1116,14 +964,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256,
},
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
/* Cipher C023 */
/*
* TLSv1.2 Elliptic Curve HMAC cipher suites (RFC 5289, section 3.1).
*/
{
.valid = 1,
.value = 0xc023,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES128,
@ -1134,12 +980,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C024 */
{
.valid = 1,
.value = 0xc024,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES256,
@ -1150,12 +993,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher C027 */
{
.valid = 1,
.value = 0xc027,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
@ -1166,12 +1006,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C028 */
{
.valid = 1,
.value = 0xc028,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
@ -1183,13 +1020,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256,
},
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
/* Cipher C02B */
/*
* TLSv1.2 Elliptic Curve GCM cipher suites (RFC 5289, section 3.2).
*/
{
.valid = 1,
.value = 0xc02b,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES128GCM,
@ -1200,12 +1036,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C02C */
{
.valid = 1,
.value = 0xc02c,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES256GCM,
@ -1216,12 +1049,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher C02F */
{
.valid = 1,
.value = 0xc02f,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128GCM,
@ -1232,12 +1062,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 128,
.alg_bits = 128,
},
/* Cipher C030 */
{
.valid = 1,
.value = 0xc030,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256GCM,
@ -1249,11 +1076,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256,
},
/* Cipher CCA8 */
/*
* TLSv1.2 ChaCha20-Poly1305 cipher suites (RFC 7905).
*/
{
.valid = 1,
.value = 0xcca8,
.name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
.id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CHACHA20POLY1305,
@ -1264,12 +1092,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher CCA9 */
{
.valid = 1,
.value = 0xcca9,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
.id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
.algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_CHACHA20POLY1305,
@ -1280,12 +1105,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* Cipher CCAA */
{
.valid = 1,
.value = 0xccaa,
.name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
.id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
.algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CHACHA20POLY1305,
@ -1296,8 +1118,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
/* end of list */
};
int
@ -1316,37 +1136,19 @@ ssl3_get_cipher(unsigned int u)
}
static int
ssl3_cipher_id_cmp(const void *id, const void *cipher)
ssl3_cipher_value_cmp(const void *value, const void *cipher)
{
unsigned long a = *(const unsigned long *)id;
unsigned long b = ((const SSL_CIPHER *)cipher)->id;
uint16_t a = *(const uint16_t *)value;
uint16_t b = ((const SSL_CIPHER *)cipher)->value;
return a < b ? -1 : a > b;
}
const SSL_CIPHER *
ssl3_get_cipher_by_id(unsigned long id)
{
const SSL_CIPHER *cipher;
cipher = bsearch(&id, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(*cipher),
ssl3_cipher_id_cmp);
if (cipher != NULL && cipher->valid == 1)
return cipher;
return NULL;
}
const SSL_CIPHER *
ssl3_get_cipher_by_value(uint16_t value)
{
return ssl3_get_cipher_by_id(SSL3_CK_ID | value);
}
uint16_t
ssl3_cipher_get_value(const SSL_CIPHER *c)
{
return (c->id & SSL3_CK_VALUE_MASK);
return bsearch(&value, ssl3_ciphers, SSL3_NUM_CIPHERS,
sizeof(ssl3_ciphers[0]), ssl3_cipher_value_cmp);
}
int

18
lib/libssl/ssl_asn1.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_asn1.c,v 1.68 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: ssl_asn1.c,v 1.69 2024/07/22 14:47:15 jsing Exp $ */
/*
* Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
*
@ -51,7 +51,6 @@ SSL_SESSION_encode(SSL_SESSION *s, unsigned char **out, size_t *out_len,
CBB peer_cert, sidctx, verify_result, hostname, lifetime, ticket, value;
unsigned char *peer_cert_bytes = NULL;
int len, rv = 0;
uint16_t cid;
if (!CBB_init(&cbb, 0))
goto err;
@ -69,11 +68,10 @@ SSL_SESSION_encode(SSL_SESSION *s, unsigned char **out, size_t *out_len,
if (!CBB_add_asn1_uint64(&session, s->ssl_version))
goto err;
/* Cipher suite ID. */
cid = (uint16_t)(s->cipher_id & SSL3_CK_VALUE_MASK);
/* Cipher suite value. */
if (!CBB_add_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING))
goto err;
if (!CBB_add_u16(&cipher_suite, cid))
if (!CBB_add_u16(&cipher_suite, s->cipher_value))
goto err;
/* Session ID - zero length for a ticket. */
@ -193,7 +191,7 @@ SSL_SESSION_ticket(SSL_SESSION *ss, unsigned char **out, size_t *out_len)
if (ss == NULL)
return 0;
if (ss->cipher_id == 0)
if (ss->cipher_value == 0)
return 0;
return SSL_SESSION_encode(ss, out, out_len, 1);
@ -209,7 +207,7 @@ i2d_SSL_SESSION(SSL_SESSION *ss, unsigned char **pp)
if (ss == NULL)
return 0;
if (ss->cipher_id == 0)
if (ss->cipher_value == 0)
return 0;
if (!SSL_SESSION_encode(ss, &data, &data_len, 0))
@ -244,7 +242,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
CBS hostname, ticket;
uint64_t version, tls_version, stime, timeout, verify_result, lifetime;
const unsigned char *peer_cert_bytes;
uint16_t cipher_value;
SSL_SESSION *s = NULL;
size_t data_len;
int present;
@ -277,14 +274,13 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
goto err;
s->ssl_version = (int)tls_version;
/* Cipher suite. */
/* Cipher suite value. */
if (!CBS_get_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING))
goto err;
if (!CBS_get_u16(&cipher_suite, &cipher_value))
if (!CBS_get_u16(&cipher_suite, &s->cipher_value))
goto err;
if (CBS_len(&cipher_suite) != 0)
goto err;
s->cipher_id = SSL3_CK_ID | cipher_value;
/* Session ID. */
if (!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING))

56
lib/libssl/ssl_ciph.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_ciph.c,v 1.145 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: ssl_ciph.c,v 1.146 2024/07/22 14:47:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -373,21 +373,18 @@ static const SSL_CIPHER cipher_aliases[] = {
/* cipher suite aliases */
#ifdef LIBRESSL_HAS_TLS1_3
{
.valid = 1,
.value = 0x1301,
.name = "TLS_AES_128_GCM_SHA256",
.id = TLS1_3_CK_AES_128_GCM_SHA256,
.algorithm_ssl = SSL_TLSV1_3,
},
{
.valid = 1,
.value = 0x1302,
.name = "TLS_AES_256_GCM_SHA384",
.id = TLS1_3_CK_AES_256_GCM_SHA384,
.algorithm_ssl = SSL_TLSV1_3,
},
{
.valid = 1,
.value = 0x1303,
.name = "TLS_CHACHA20_POLY1305_SHA256",
.id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
.algorithm_ssl = SSL_TLSV1_3,
},
#endif
@ -619,7 +616,7 @@ ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
* Drop any invalid ciphers and any which use unavailable
* algorithms.
*/
if ((c != NULL) && c->valid &&
if ((c != NULL) &&
!(c->algorithm_mkey & disabled_mkey) &&
!(c->algorithm_auth & disabled_auth) &&
!(c->algorithm_enc & disabled_enc) &&
@ -725,7 +722,7 @@ ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases,
}
static void
ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
ssl_cipher_apply_rule(uint16_t cipher_value, unsigned long alg_mkey,
unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac,
unsigned long alg_ssl, unsigned long algo_strength, int rule,
int strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
@ -757,7 +754,7 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
cp = curr->cipher;
if (cipher_id && cp->id != cipher_id)
if (cipher_value != 0 && cp->value != cipher_value)
continue;
/*
@ -882,7 +879,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
unsigned long algo_strength;
int j, multi, found, rule, retval, ok, buflen;
unsigned long cipher_id = 0;
uint16_t cipher_value = 0;
const char *l, *buf;
char ch;
@ -974,7 +971,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
* '\0' terminated.)
*/
j = found = 0;
cipher_id = 0;
cipher_value = 0;
while (ca_list[j]) {
if (!strncmp(buf, ca_list[j]->name, buflen) &&
(ca_list[j]->name[buflen] == '\0')) {
@ -1047,13 +1044,13 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
SSL_STRONG_MASK;
}
if (ca_list[j]->valid) {
if (ca_list[j]->value != 0) {
/*
* explicit ciphersuite found; its protocol
* version does not become part of the search
* pattern!
*/
cipher_id = ca_list[j]->id;
cipher_value = ca_list[j]->value;
if (ca_list[j]->algorithm_ssl == SSL_TLSV1_3)
*tls13_seen = 1;
} else {
@ -1109,7 +1106,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
} else if (found) {
if (alg_ssl == SSL_TLSV1_3)
*tls13_seen = 1;
ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth,
ssl_cipher_apply_rule(cipher_value, alg_mkey, alg_auth,
alg_enc, alg_mac, alg_ssl, algo_strength, rule,
-1, head_p, tail_p);
} else {
@ -1470,24 +1467,23 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
LSSL_ALIAS(SSL_CIPHER_description);
const char *
SSL_CIPHER_get_version(const SSL_CIPHER *c)
SSL_CIPHER_get_version(const SSL_CIPHER *cipher)
{
if (c == NULL)
return("(NONE)");
if ((c->id >> 24) == 3)
return("TLSv1/SSLv3");
else
return("unknown");
if (cipher == NULL)
return "(NONE)";
return "TLSv1/SSLv3";
}
LSSL_ALIAS(SSL_CIPHER_get_version);
/* return the actual cipher being used */
const char *
SSL_CIPHER_get_name(const SSL_CIPHER *c)
SSL_CIPHER_get_name(const SSL_CIPHER *cipher)
{
if (c != NULL)
return (c->name);
return("(NONE)");
if (cipher == NULL)
return "(NONE)";
return cipher->name;
}
LSSL_ALIAS(SSL_CIPHER_get_name);
@ -1507,16 +1503,16 @@ SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
LSSL_ALIAS(SSL_CIPHER_get_bits);
unsigned long
SSL_CIPHER_get_id(const SSL_CIPHER *c)
SSL_CIPHER_get_id(const SSL_CIPHER *cipher)
{
return c->id;
return SSL3_CK_ID | cipher->value;
}
LSSL_ALIAS(SSL_CIPHER_get_id);
uint16_t
SSL_CIPHER_get_value(const SSL_CIPHER *c)
SSL_CIPHER_get_value(const SSL_CIPHER *cipher)
{
return ssl3_cipher_get_value(c);
return cipher->value;
}
LSSL_ALIAS(SSL_CIPHER_get_value);

20
lib/libssl/ssl_ciphers.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_ciphers.c,v 1.17 2022/11/26 16:08:55 tb Exp $ */
/* $OpenBSD: ssl_ciphers.c,v 1.18 2024/07/22 14:47:15 jsing Exp $ */
/*
* Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
* Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
@ -28,7 +28,7 @@ ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher)
int i;
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
if (sk_SSL_CIPHER_value(ciphers, i)->id == cipher->id)
if (sk_SSL_CIPHER_value(ciphers, i)->value == cipher->value)
return 1;
}
@ -72,7 +72,7 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
continue;
if (!ssl_security_cipher_check(s, cipher))
continue;
if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher)))
if (!CBB_add_u16(cbb, cipher->value))
return 0;
num_ciphers++;
@ -165,34 +165,34 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
struct ssl_tls13_ciphersuite {
const char *name;
const char *alias;
unsigned long cid;
uint16_t value;
};
static const struct ssl_tls13_ciphersuite ssl_tls13_ciphersuites[] = {
{
.name = TLS1_3_RFC_AES_128_GCM_SHA256,
.alias = TLS1_3_TXT_AES_128_GCM_SHA256,
.cid = TLS1_3_CK_AES_128_GCM_SHA256,
.value = 0x1301,
},
{
.name = TLS1_3_RFC_AES_256_GCM_SHA384,
.alias = TLS1_3_TXT_AES_256_GCM_SHA384,
.cid = TLS1_3_CK_AES_256_GCM_SHA384,
.value = 0x1302,
},
{
.name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
.alias = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
.cid = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
.value = 0x1303,
},
{
.name = TLS1_3_RFC_AES_128_CCM_SHA256,
.alias = TLS1_3_TXT_AES_128_CCM_SHA256,
.cid = TLS1_3_CK_AES_128_CCM_SHA256,
.value = 0x1304,
},
{
.name = TLS1_3_RFC_AES_128_CCM_8_SHA256,
.alias = TLS1_3_TXT_AES_128_CCM_8_SHA256,
.cid = TLS1_3_CK_AES_128_CCM_8_SHA256,
.value = 0x1305,
},
{
.name = NULL,
@ -234,7 +234,7 @@ ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str)
goto err;
/* We know about the cipher suite, but it is not supported. */
if ((cipher = ssl3_get_cipher_by_id(ciphersuite->cid)) == NULL)
if ((cipher = ssl3_get_cipher_by_value(ciphersuite->value)) == NULL)
continue;
if (!sk_SSL_CIPHER_push(ciphers, cipher))

8
lib/libssl/ssl_clnt.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_clnt.c,v 1.167 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: ssl_clnt.c,v 1.168 2024/07/22 14:47:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -481,7 +481,7 @@ ssl3_connect(SSL *s)
s->s3->hs.state = SSL3_ST_CW_FINISHED_A;
s->init_num = 0;
s->session->cipher_id = s->s3->hs.cipher->id;
s->session->cipher_value = s->s3->hs.cipher->value;
if (!tls1_setup_key_block(s)) {
ret = -1;
@ -1016,13 +1016,13 @@ ssl3_get_server_hello(SSL *s)
* and/or cipher_id values may not be set. Make sure that
* cipher_id is set and use it for comparison.
*/
if (s->hit && (s->session->cipher_id != cipher->id)) {
if (s->hit && (s->session->cipher_value != cipher->value)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
goto fatal_err;
}
s->s3->hs.cipher = cipher;
s->session->cipher_id = cipher->id;
s->session->cipher_value = cipher->value;
if (!tls1_transcript_hash_init(s))
goto err;

12
lib/libssl/ssl_local.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_local.h,v 1.21 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: ssl_local.h,v 1.22 2024/07/22 14:47:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -339,9 +339,9 @@ struct ssl_comp_st {
};
struct ssl_cipher_st {
int valid;
uint16_t value; /* Cipher suite value. */
const char *name; /* text name */
unsigned long id; /* id, 4 bytes, first is version */
unsigned long algorithm_mkey; /* key exchange algorithm */
unsigned long algorithm_auth; /* server authentication */
@ -438,9 +438,7 @@ struct ssl_session_st {
time_t time;
int references;
unsigned long cipher_id; /* when ASN.1 loaded, this
* needs to be used to load
* the 'cipher' structure */
uint16_t cipher_value;
char *tlsext_hostname;
@ -1293,9 +1291,7 @@ int ssl3_get_req_cert_types(SSL *s, CBB *cbb);
int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);
int ssl3_num_ciphers(void);
const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned long id);
const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c);
int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl);

4
lib/libssl/ssl_pkt.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_pkt.c,v 1.67 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: ssl_pkt.c,v 1.68 2024/07/22 14:47:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -1235,7 +1235,7 @@ ssl3_do_change_cipher_spec(SSL *s)
return (0);
}
s->session->cipher_id = s->s3->hs.cipher->id;
s->session->cipher_value = s->s3->hs.cipher->value;
if (!tls1_setup_key_block(s))
return (0);

6
lib/libssl/ssl_sess.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_sess.c,v 1.127 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: ssl_sess.c,v 1.128 2024/07/22 14:47:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -287,7 +287,7 @@ ssl_session_dup(SSL_SESSION *sess, int include_ticket)
copy->time = sess->time;
copy->references = 1;
copy->cipher_id = sess->cipher_id;
copy->cipher_value = sess->cipher_value;
if (sess->tlsext_hostname != NULL) {
copy->tlsext_hostname = strdup(sess->tlsext_hostname);
@ -984,7 +984,7 @@ LSSL_ALIAS(SSL_SESSION_get_protocol_version);
const SSL_CIPHER *
SSL_SESSION_get0_cipher(const SSL_SESSION *s)
{
return ssl3_get_cipher_by_id(s->cipher_id);
return ssl3_get_cipher_by_value(s->cipher_value);
}
LSSL_ALIAS(SSL_SESSION_get0_cipher);

15
lib/libssl/ssl_srvr.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_srvr.c,v 1.164 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: ssl_srvr.c,v 1.165 2024/07/22 14:47:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -651,7 +651,7 @@ ssl3_accept(SSL *s)
goto end;
s->s3->hs.state = SSL3_ST_SW_FINISHED_A;
s->init_num = 0;
s->session->cipher_id = s->s3->hs.cipher->id;
s->session->cipher_value = s->s3->hs.cipher->value;
if (!tls1_setup_key_block(s)) {
ret = -1;
@ -781,7 +781,6 @@ ssl3_get_client_hello(SSL *s)
uint8_t comp_method;
int comp_null;
int i, j, al, ret, cookie_valid = 0;
unsigned long id;
SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *ciphers = NULL;
const SSL_METHOD *method;
@ -978,11 +977,10 @@ ssl3_get_client_hello(SSL *s)
/* XXX - CBS_len(&cipher_suites) will always be zero here... */
if (s->hit && CBS_len(&cipher_suites) > 0) {
j = 0;
id = s->session->cipher_id;
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
c = sk_SSL_CIPHER_value(ciphers, i);
if (c->id == id) {
if (c->value == s->session->cipher_value) {
j = 1;
break;
}
@ -1127,9 +1125,9 @@ ssl3_get_client_hello(SSL *s)
goto fatal_err;
}
s->s3->hs.cipher = c;
s->session->cipher_id = s->s3->hs.cipher->id;
s->session->cipher_value = s->s3->hs.cipher->value;
} else {
s->s3->hs.cipher = ssl3_get_cipher_by_id(s->session->cipher_id);
s->s3->hs.cipher = ssl3_get_cipher_by_value(s->session->cipher_value);
if (s->s3->hs.cipher == NULL)
goto fatal_err;
}
@ -1269,8 +1267,7 @@ ssl3_send_server_hello(SSL *s)
goto err;
/* Cipher suite. */
if (!CBB_add_u16(&server_hello,
ssl3_cipher_get_value(s->s3->hs.cipher)))
if (!CBB_add_u16(&server_hello, s->s3->hs.cipher->value))
goto err;
/* Compression method (null). */

8
lib/libssl/ssl_txt.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_txt.c,v 1.38 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: ssl_txt.c,v 1.39 2024/07/22 14:47:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -122,9 +122,9 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
ssl_version_string(x->ssl_version)) <= 0)
goto err;
if ((cipher = ssl3_get_cipher_by_id(x->cipher_id)) == NULL) {
if (BIO_printf(bp, " Cipher : %04lX\n",
x->cipher_id & SSL3_CK_VALUE_MASK) <= 0)
if ((cipher = ssl3_get_cipher_by_value(x->cipher_value)) == NULL) {
if (BIO_printf(bp, " Cipher : %04X\n",
x->cipher_value) <= 0)
goto err;
} else {
const char *cipher_name = "unknown";

4
lib/libssl/tls13_client.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls13_client.c,v 1.103 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: tls13_client.c,v 1.104 2024/07/22 14:47:15 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@ -347,7 +347,7 @@ tls13_client_engage_record_protection(struct tls13_ctx *ctx)
&shared_key_len))
goto err;
s->session->cipher_id = ctx->hs->cipher->id;
s->session->cipher_value = ctx->hs->cipher->value;
s->session->ssl_version = ctx->hs->tls13.server_version;
if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL)

4
lib/libssl/tls13_server.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls13_server.c,v 1.108 2024/07/20 04:04:23 jsing Exp $ */
/* $OpenBSD: tls13_server.c,v 1.109 2024/07/22 14:47:15 jsing Exp $ */
/*
* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@ -383,7 +383,7 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx)
&shared_key_len))
goto err;
s->session->cipher_id = ctx->hs->cipher->id;
s->session->cipher_value = ctx->hs->cipher->value;
if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL)
goto err;

11
regress/lib/libcrypto/asn1/asn1time.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: asn1time.c,v 1.29 2024/05/25 18:59:03 tb Exp $ */
/* $OpenBSD: asn1time.c,v 1.30 2024/07/21 13:25:11 tb Exp $ */
/*
* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2024 Google Inc.
@ -581,14 +581,16 @@ asn1_time_compare_families(const struct asn1_time_test *fam1, size_t fam1_size,
asn1_cmp = ASN1_TIME_compare(t1, t2);
if (time_cmp != asn1_cmp) {
fprintf(stderr, "%s vs. %s: want %d, got %d\n",
fprintf(stderr, "ASN1_TIME_compare - %s vs. %s: "
"want %d, got %d\n",
att1->str, att2->str, time_cmp, asn1_cmp);
comparison_failure |= 1;
}
time_cmp = ASN1_TIME_cmp_time_t(t1, att2->time);
if (time_cmp != asn1_cmp) {
fprintf(stderr, "%s vs. %lld: want %d, got %d\n",
fprintf(stderr, "ASN1_TIME_cmp_time_t - %s vs. %lld: "
"want %d, got %d\n",
att1->str, (long long)att2->time,
asn1_cmp, time_cmp);
comparison_failure |= 1;
@ -598,7 +600,8 @@ asn1_time_compare_families(const struct asn1_time_test *fam1, size_t fam1_size,
if (t1->type != V_ASN1_UTCTIME)
asn1_cmp = -2;
if (time_cmp != asn1_cmp) {
fprintf(stderr, "%s vs. %lld: want %d, got %d\n",
fprintf(stderr, "ASN1_UTCTIME_cmp_time_t - %s vs. %lld: "
"want %d, got %d\n",
att1->str, (long long)att2->time,
asn1_cmp, time_cmp);
comparison_failure |= 1;

18
regress/lib/libssl/asn1/asn1test.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: asn1test.c,v 1.12 2022/11/26 16:08:56 tb Exp $ */
/* $OpenBSD: asn1test.c,v 1.13 2024/07/22 14:50:45 jsing Exp $ */
/*
* Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org>
*
@ -82,7 +82,7 @@ unsigned char tlsext_tick[] = {
struct ssl_asn1_test ssl_asn1_tests[] = {
{
.session = {
.cipher_id = 0x03000000L | 1,
.cipher_value = 1,
.ssl_version = TLS1_2_VERSION,
},
.asn1 = {
@ -94,7 +94,7 @@ struct ssl_asn1_test ssl_asn1_tests[] = {
},
{
.session = {
.cipher_id = 0x03000000L | 1,
.cipher_value = 1,
.ssl_version = TLS1_2_VERSION,
.master_key_length = 26,
.session_id = "0123456789",
@ -119,7 +119,7 @@ struct ssl_asn1_test ssl_asn1_tests[] = {
},
{
.session = {
.cipher_id = 0x03000000L | 1,
.cipher_value = 1,
.ssl_version = TLS1_2_VERSION,
.master_key_length = 26,
.session_id = "0123456789",
@ -232,7 +232,7 @@ struct ssl_asn1_test ssl_asn1_tests[] = {
},
{
.session = {
.cipher_id = 0x03000000L | 1,
.cipher_value = 1,
.ssl_version = TLS1_2_VERSION,
.timeout = -1,
},
@ -243,7 +243,7 @@ struct ssl_asn1_test ssl_asn1_tests[] = {
},
{
.session = {
.cipher_id = 0x03000000L | 1,
.cipher_value = 1,
.ssl_version = TLS1_2_VERSION,
.time = -1,
},
@ -276,9 +276,9 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2)
s1->ssl_version, s2->ssl_version);
return (1);
}
if (s1->cipher_id != s2->cipher_id) {
fprintf(stderr, "cipher_id differs: %ld != %ld\n",
s1->cipher_id, s2->cipher_id);
if (s1->cipher_value != s2->cipher_value) {
fprintf(stderr, "cipher_value differs: %d != %d\n",
s1->cipher_value, s2->cipher_value);
return (1);
}

5
regress/lib/libssl/client/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.5 2024/04/22 07:31:54 anton Exp $
# $OpenBSD: Makefile,v 1.6 2024/07/20 18:37:38 tb Exp $
PROG= clienttest
LDADD= ${SSL_INT} -lcrypto
@ -6,7 +6,4 @@ DPADD= ${LIBSSL} ${LIBCRYPTO}
WARNINGS= Yes
CFLAGS+= -DLIBRESSL_INTERNAL -Werror
# Disable for now for upcoming changes. This needs to be easier to deal with.
REGRESS_EXPECTED_FAILURES+=run-regress-clienttest
.include <bsd.regress.mk>

46
regress/lib/libssl/client/clienttest.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: clienttest.c,v 1.43 2024/02/03 15:58:34 beck Exp $ */
/* $OpenBSD: clienttest.c,v 1.44 2024/07/20 18:37:38 tb Exp $ */
/*
* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
*
@ -36,8 +36,8 @@
#define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
#define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
#define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 184)
#define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98)
#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 198)
#define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 112)
#define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
@ -116,9 +116,9 @@ static const uint8_t client_hello_dtls12[] = {
0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00,
0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 0xc0,
0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01,
0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01,
0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
0x00, 0x00, 0x34, 0x00, 0x0a, 0x00, 0x0a, 0x00,
0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00,
0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
@ -225,9 +225,9 @@ static const uint8_t client_hello_tls12[] = {
0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34,
0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17,
0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d,
0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x0b,
0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00,
0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
@ -288,14 +288,14 @@ static const uint8_t client_hello_tls13[] = {
0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b,
0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00,
0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00,
0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00,
0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x33, 0x00,
0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08,
0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
@ -323,14 +323,14 @@ static const uint8_t client_hello_tls13_only[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03,
0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00,
0x00, 0x61, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03,
0x04, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00,
0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01,
0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
0x04, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00,
0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00,
0x12, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,

12
regress/lib/libssl/tlsext/tlsexttest.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tlsexttest.c,v 1.90 2024/03/30 09:53:41 tb Exp $ */
/* $OpenBSD: tlsexttest.c,v 1.91 2024/07/22 14:50:45 jsing Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@ -1151,9 +1151,7 @@ test_tlsext_ecpf_server(void)
errx(1, "failed to create session");
/* Setup the state so we can call needs. */
if ((ssl->s3->hs.cipher =
ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
== NULL) {
if ((ssl->s3->hs.cipher = ssl3_get_cipher_by_value(0xcca9)) == NULL) {
FAIL("server cannot find cipher\n");
goto err;
}
@ -3362,8 +3360,7 @@ test_tlsext_serverhello_build(void)
ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
ssl->s3->hs.cipher =
ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
ssl->s3->hs.cipher = ssl3_get_cipher_by_value(0x003c);
if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
FAIL("failed to build serverhello extensions\n");
@ -3397,8 +3394,7 @@ test_tlsext_serverhello_build(void)
/* Turn a few things on so we get extensions... */
ssl->s3->send_connection_binding = 1;
ssl->s3->hs.cipher =
ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
ssl->s3->hs.cipher = ssl3_get_cipher_by_value(0xc027);
ssl->tlsext_status_expected = 1;
ssl->tlsext_ticket_expected = 1;
if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) {

3
sys/arch/amd64/amd64/cpu.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.190 2024/06/07 16:53:35 kettenis Exp $ */
/* $OpenBSD: cpu.c,v 1.191 2024/07/21 19:41:31 bluhm Exp $ */
/* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */
/*-
@ -157,6 +157,7 @@ int cpu_ebxfeature = 0; /* cpuid(1).ebx */
int cpu_ecxfeature = 0; /* INTERSECTION(cpuid(1).ecx) */
int cpu_feature = 0; /* cpuid(1).edx */
int ecpu_ecxfeature = 0; /* cpuid(0x80000001).ecx */
int cpu_sev_guestmode = 0;
int cpu_meltdown = 0;
int cpu_use_xsaves = 0;
int need_retpoline = 1; /* most systems need retpoline */

74
sys/arch/amd64/amd64/locore0.S
View file

@ -1,4 +1,4 @@
/* $OpenBSD: locore0.S,v 1.24 2024/07/10 12:36:13 bluhm Exp $ */
/* $OpenBSD: locore0.S,v 1.25 2024/07/21 19:41:31 bluhm Exp $ */
/* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */
/*
@ -268,6 +268,78 @@ bi_size_ok:
cont:
orl %edx, RELOC(cpu_feature)
/*
* Determine AMD SME and SEV capabilities.
*/
movl $RELOC(cpu_vendor),%ebp
cmpl $0x68747541, (%ebp) /* "Auth" */
jne .Lno_smesev
cmpl $0x69746e65, 4(%ebp) /* "enti" */
jne .Lno_smesev
cmpl $0x444d4163, 8(%ebp) /* "cAMD" */
jne .Lno_smesev
/* AMD CPU, check for SME and SEV. */
movl $0x8000001f, %eax
cpuid
pushl %eax
andl $CPUIDEAX_SME, %eax /* SME */
popl %eax
jz .Lno_smesev
andl $CPUIDEAX_SEV, %eax /* SEV */
jz .Lno_smesev
/* Are we in guest mode with SEV enabled? */
movl $MSR_SEV_STATUS, %ecx
rdmsr
andl $SEV_STAT_ENABLED, %eax
jz .Lno_smesev
/* Determine C bit position */
movl %ebx, %ecx /* %ebx from previous cpuid */
andl $0x3f, %ecx
cmpl $0x20, %ecx /* must be at least bit 32 (counting from 0) */
jl .Lno_smesev
xorl %eax, %eax
movl %eax, RELOC(pg_crypt)
subl $0x20, %ecx
movl $0x1, %eax
shll %cl, %eax
movl %eax, RELOC((pg_crypt + 4))
/*
* Determine physical address reduction. Adjust page frame masks.
*
* The top 12 bits of a physical address are reserved and
* supposed to be 0. Thus PG_FRAME masks of the top 12 bits
* and low 10 bits (offset into page). PG_LGFRAME is defined
* similarly.
*
* According to the number of reduction bits we shrink the
* page frame masks beginning at bit 51.
*
* E.g. with a 5 bit reduction PG_FRAME will be reduced from
* 0x000ffffffffff000 to 0x00007ffffffff000.
*
* One of the now freed bits will be used as the C bit, e.g.
* bit 51.
*/
movl %ebx, %ecx /* %ebx from previous cpuid */
andl $0xfc0, %ecx
shrl $6, %ecx /* number of bits to reduce */
movl $1, %eax /* calculate mask */
shll $20, %eax
shrl %cl, %eax
decl %eax
andl %eax, RELOC(pg_frame + 4) /* apply mask */
andl %eax, RELOC(pg_lgframe + 4)
movl $0x1, RELOC(cpu_sev_guestmode) /* we are a SEV guest */
.Lno_smesev:
/*
* Finished with old stack; load new %esp now instead of later so we
* can trace this code without having to worry about the trace trap

4
sys/arch/amd64/amd64/pmap.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pmap.c,v 1.169 2024/07/09 19:11:06 bluhm Exp $ */
/* $OpenBSD: pmap.c,v 1.170 2024/07/21 19:41:31 bluhm Exp $ */
/* $NetBSD: pmap.c,v 1.3 2003/05/08 18:13:13 thorpej Exp $ */
/*
@ -660,6 +660,8 @@ pmap_bootstrap(paddr_t first_avail, paddr_t max_pa)
vaddr_t kva, kva_end;
pt_entry_t *pml3, *pml2;
KASSERT(((0x1000ULL | pg_crypt) & pg_frame) == 0x1000ULL);
/*
* define the boundaries of the managed kernel virtual address
* space.

17
sys/arch/amd64/amd64/vector.S
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vector.S,v 1.95 2024/02/12 01:18:17 guenther Exp $ */
/* $OpenBSD: vector.S,v 1.96 2024/07/21 16:19:25 deraadt Exp $ */
/* $NetBSD: vector.S,v 1.5 2004/06/28 09:13:11 fvdl Exp $ */
/*
@ -145,6 +145,7 @@ INTRENTRY_LABEL(calltrap_specstk):
SMAP_CLAC
movq %rsp,%rdi
call kerntrap
movq $0,-8(%rsp)
movl $MSR_GSBASE,%ecx # restore GS.base
movq %r12,%rax
movq %r13,%rdx
@ -157,6 +158,7 @@ INTRENTRY_LABEL(calltrap_specstk):
wrmsr
CODEPATCH_END(CPTAG_IBPB_NOP)
call pku_xonly
movq $0,-8(%rsp)
popq %rdi
popq %rsi
popq %rdx
@ -199,6 +201,7 @@ INTRENTRY_LABEL(trap03):
leaq dt_prov_kprobe, %rdi
movq %rsp, %rsi
call dt_prov_kprobe_hook
movq $0,-8(%rsp)
cmpl $0, %eax
je .Lreal_kern_trap
@ -451,6 +454,7 @@ GENTRY(alltraps)
recall_trap:
movq %rsp, %rdi
call usertrap
movq $0,-8(%rsp)
cli
jmp intr_user_exit
END(alltraps)
@ -476,6 +480,7 @@ GENTRY(alltraps_kern_meltdown)
#endif /* DIAGNOSTIC */
movq %rsp, %rdi
call kerntrap
movq $0,-8(%rsp)
2: cli
#ifndef DIAGNOSTIC
INTRFASTEXIT
@ -489,6 +494,7 @@ GENTRY(alltraps_kern_meltdown)
movl %ebx,%edx
xorq %rax,%rax
call printf
movq $0,-8(%rsp)
#ifdef DDB
int $3
#endif /* DDB */
@ -567,6 +573,7 @@ KIDTVEC_FALLTHROUGH(resume_lapic_ipi)
SMAP_CLAC
movq %rbx,IF_PPL(%rsp)
call x86_ipi_handler
movq $0,-8(%rsp)
jmp Xdoreti
2:
movq $(1 << LIR_IPI),%rax
@ -775,6 +782,7 @@ KIDTVEC_FALLTHROUGH(resume_lapic_ltimer)
movq %rbx,IF_PPL(%rsp)
xorq %rdi,%rdi
call lapic_clockintr
movq $0,-8(%rsp)
jmp Xdoreti
2:
movq $(1 << LIR_TIMER),%rax
@ -794,6 +802,7 @@ END(Xrecurse_xen_upcall)
IDTVEC(intr_xen_upcall)
INTRENTRY(intr_xen_upcall)
call xen_intr_ack
movq $0,-8(%rsp)
movl CPUVAR(ILEVEL),%ebx
cmpl $IPL_NET,%ebx
jae 2f
@ -808,6 +817,7 @@ KIDTVEC_FALLTHROUGH(resume_xen_upcall)
SMAP_CLAC
movq %rbx,IF_PPL(%rsp)
call xen_intr
movq $0,-8(%rsp)
jmp Xdoreti
2:
movq $(1 << LIR_XEN),%rax
@ -841,6 +851,7 @@ KIDTVEC_FALLTHROUGH(resume_hyperv_upcall)
SMAP_CLAC
movq %rbx,IF_PPL(%rsp)
call hv_intr
movq $0,-8(%rsp)
jmp Xdoreti
2:
movq $(1 << LIR_HYPERV),%rax
@ -898,6 +909,7 @@ IDTVEC(intr_##name##num) ;\
movq %rbx, %rsi ;\
movq %rsp, %rdi ;\
call intr_handler /* call it */ ;\
movq $0,-8(%rsp) ;\
orl %eax,%eax /* should it be counted? */ ;\
jz 4f /* no, skip it */ ;\
incq IH_COUNT(%rbx) /* count the intrs */ ;\
@ -1288,6 +1300,7 @@ KIDTVEC(softtty)
incl CPUVAR(IDEPTH)
movl $X86_SOFTINTR_SOFTTTY,%edi
call softintr_dispatch
movq $0,-8(%rsp)
decl CPUVAR(IDEPTH)
CODEPATCH_START
jmp retpoline_r13
@ -1301,6 +1314,7 @@ KIDTVEC(softnet)
incl CPUVAR(IDEPTH)
movl $X86_SOFTINTR_SOFTNET,%edi
call softintr_dispatch
movq $0,-8(%rsp)
decl CPUVAR(IDEPTH)
CODEPATCH_START
jmp retpoline_r13
@ -1314,6 +1328,7 @@ KIDTVEC(softclock)
incl CPUVAR(IDEPTH)
movl $X86_SOFTINTR_SOFTCLOCK,%edi
call softintr_dispatch
movq $0,-8(%rsp)
decl CPUVAR(IDEPTH)
CODEPATCH_START
jmp retpoline_r13

3
sys/arch/amd64/include/cpu.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.h,v 1.174 2024/06/24 21:22:14 bluhm Exp $ */
/* $OpenBSD: cpu.h,v 1.175 2024/07/21 19:41:31 bluhm Exp $ */
/* $NetBSD: cpu.h,v 1.1 2003/04/26 18:39:39 fvdl Exp $ */
/*-
@ -398,6 +398,7 @@ extern int cpu_feature;
extern int cpu_ebxfeature;
extern int cpu_ecxfeature;
extern int ecpu_ecxfeature;
extern int cpu_sev_guestmode;
extern int cpu_id;
extern char cpu_vendor[];
extern int cpuid_level;

5
sys/arch/amd64/include/specialreg.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: specialreg.h,v 1.114 2024/07/14 07:57:42 dv Exp $ */
/* $OpenBSD: specialreg.h,v 1.115 2024/07/21 19:41:31 bluhm Exp $ */
/* $NetBSD: specialreg.h,v 1.1 2003/04/26 18:39:48 fvdl Exp $ */
/* $NetBSD: x86/specialreg.h,v 1.2 2003/04/25 21:54:30 fvdl Exp $ */
@ -713,6 +713,9 @@
#define NB_CFG_DISIOREQLOCK 0x0000000000000004ULL
#define NB_CFG_DISDATMSK 0x0000001000000000ULL
#define MSR_SEV_STATUS 0xc0010131
#define SEV_STAT_ENABLED 0x00000001
#define MSR_LS_CFG 0xc0011020
#define LS_CFG_DIS_LS2_SQUISH 0x02000000

121
sys/arch/arm64/arm64/cpu.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.128 2024/07/18 17:18:01 kettenis Exp $ */
/* $OpenBSD: cpu.c,v 1.129 2024/07/21 18:57:31 kettenis Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@ -742,10 +742,6 @@ cpu_identify(struct cpu_info *ci)
printf("%sAtomic", sep);
sep = ",";
arm64_has_lse = 1;
/*
* XXX should be populated and sanitized like cpu_sysctl() does
*/
hwcap |= HWCAP_ATOMICS;
}
if (ID_AA64ISAR0_CRC32(id) >= ID_AA64ISAR0_CRC32_BASE) {
@ -1056,6 +1052,121 @@ cpu_identify_cleanup(void)
value |= cpu_id_aa64pfr1 & ID_AA64PFR1_BT_MASK;
value |= cpu_id_aa64pfr1 & ID_AA64PFR1_SSBS_MASK;
cpu_id_aa64pfr1 = value;
/* HWCAP */
hwcap |= HWCAP_FP; /* OpenBSD assumes Floating-point support */
hwcap |= HWCAP_ASIMD; /* OpenBSD assumes Advanced SIMD support */
/* HWCAP_EVTSTRM: OpenBSD kernel doesn't configure event stream */
if (ID_AA64ISAR0_AES(cpu_id_aa64isar0) >= ID_AA64ISAR0_AES_BASE)
hwcap |= HWCAP_AES;
if (ID_AA64ISAR0_AES(cpu_id_aa64isar0) >= ID_AA64ISAR0_AES_PMULL)
hwcap |= HWCAP_PMULL;
if (ID_AA64ISAR0_SHA1(cpu_id_aa64isar0) >= ID_AA64ISAR0_SHA1_BASE)
hwcap |= HWCAP_SHA1;
if (ID_AA64ISAR0_SHA2(cpu_id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE)
hwcap |= HWCAP_SHA2;
if (ID_AA64ISAR0_CRC32(cpu_id_aa64isar0) >= ID_AA64ISAR0_CRC32_BASE)
hwcap |= HWCAP_CRC32;
if (ID_AA64ISAR0_ATOMIC(cpu_id_aa64isar0) >= ID_AA64ISAR0_ATOMIC_IMPL)
hwcap |= HWCAP_ATOMICS;
/* HWCAP_FPHP */
/* HWCAP_ASIMDHP */
/* HWCAP_CPUID */
if (ID_AA64ISAR0_RDM(cpu_id_aa64isar0) >= ID_AA64ISAR0_RDM_IMPL)
hwcap |= HWCAP_ASIMDRDM;
if (ID_AA64ISAR1_JSCVT(cpu_id_aa64isar1) >= ID_AA64ISAR1_JSCVT_IMPL)
hwcap |= HWCAP_JSCVT;
if (ID_AA64ISAR1_FCMA(cpu_id_aa64isar1) >= ID_AA64ISAR1_FCMA_IMPL)
hwcap |= HWCAP_FCMA;
if (ID_AA64ISAR1_LRCPC(cpu_id_aa64isar1) >= ID_AA64ISAR1_LRCPC_BASE)
hwcap |= HWCAP_LRCPC;
if (ID_AA64ISAR1_DPB(cpu_id_aa64isar1) >= ID_AA64ISAR1_DPB_IMPL)
hwcap |= HWCAP_DCPOP;
if (ID_AA64ISAR0_SHA3(cpu_id_aa64isar0) >= ID_AA64ISAR0_SHA3_IMPL)
hwcap |= HWCAP_SHA3;
if (ID_AA64ISAR0_SM3(cpu_id_aa64isar0) >= ID_AA64ISAR0_SM3_IMPL)
hwcap |= HWCAP_SM3;
if (ID_AA64ISAR0_SM4(cpu_id_aa64isar0) >= ID_AA64ISAR0_SM4_IMPL)
hwcap |= HWCAP_SM4;
if (ID_AA64ISAR0_DP(cpu_id_aa64isar0) >= ID_AA64ISAR0_DP_IMPL)
hwcap |= HWCAP_ASIMDDP;
if (ID_AA64ISAR0_SHA2(cpu_id_aa64isar0) >= ID_AA64ISAR0_SHA2_512)
hwcap |= HWCAP_SHA512;
/* HWCAP_SVE: OpenBSD kernel doesn't provide SVE support */
if (ID_AA64ISAR0_FHM(cpu_id_aa64isar0) >= ID_AA64ISAR0_FHM_IMPL)
hwcap |= HWCAP_ASIMDFHM;
if (ID_AA64PFR0_DIT(cpu_id_aa64pfr0) >= ID_AA64PFR0_DIT_IMPL)
hwcap |= HWCAP_DIT;
/* HWCAP_USCAT */
if (ID_AA64ISAR1_LRCPC(cpu_id_aa64isar1) >= ID_AA64ISAR1_LRCPC_LDAPUR)
hwcap |= HWCAP_ILRCPC;
if (ID_AA64ISAR0_TS(cpu_id_aa64isar0) >= ID_AA64ISAR0_TS_BASE)
hwcap |= HWCAP_FLAGM;
if (ID_AA64PFR1_SSBS(cpu_id_aa64pfr1) >= ID_AA64PFR1_SSBS_PSTATE_MSR)
hwcap |= HWCAP_SSBS;
if (ID_AA64ISAR1_SB(cpu_id_aa64isar1) >= ID_AA64ISAR1_SB_IMPL)
hwcap |= HWCAP_SB;
if (ID_AA64ISAR1_APA(cpu_id_aa64isar1) >= ID_AA64ISAR1_APA_BASE ||
ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_BASE)
hwcap |= HWCAP_PACA;
if (ID_AA64ISAR1_GPA(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPA_IMPL ||
ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL)
hwcap |= HWCAP_PACG;
/* HWCAP2 */
/* HWCAP2_DCPODP */
/* HWCAP2_SVE2: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_SVEAES: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_SVEPMULL: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_SVEBITPERM: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_SVESHA3: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_SVESM4: OpenBSD kernel doesn't provide SVE support */
if (ID_AA64ISAR0_TS(cpu_id_aa64isar0) >= ID_AA64ISAR0_TS_AXFLAG)
hwcap2 |= HWCAP2_FLAGM2;
if (ID_AA64ISAR1_FRINTTS(cpu_id_aa64isar1) >= ID_AA64ISAR1_FRINTTS_IMPL)
hwcap2 |= HWCAP2_FRINT;
/* HWCAP2_SVEI8MM: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_SVEF32MM: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_SVEF64MM: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_SVEBF16: OpenBSD kernel doesn't provide SVE support */
if (ID_AA64ISAR1_I8MM(cpu_id_aa64isar1) >= ID_AA64ISAR1_I8MM_IMPL)
hwcap2 |= HWCAP2_I8MM;
if (ID_AA64ISAR1_BF16(cpu_id_aa64isar1) >= ID_AA64ISAR1_BF16_BASE)
hwcap2 |= HWCAP2_BF16;
if (ID_AA64ISAR1_DGH(cpu_id_aa64isar1) >= ID_AA64ISAR1_DGH_IMPL)
hwcap2 |= HWCAP2_DGH;
if (ID_AA64ISAR0_RNDR(cpu_id_aa64isar0) >= ID_AA64ISAR0_RNDR_IMPL)
hwcap2 |= HWCAP2_RNG;
if (ID_AA64PFR1_BT(cpu_id_aa64pfr1) >= ID_AA64PFR1_BT_IMPL)
hwcap2 |= HWCAP2_BTI;
/* HWCAP2_MTE: OpenBSD kernel doesn't provide MTE support */
/* HWCAP2_ECV */
/* HWCAP2_AFP */
/* HWCAP2_RPRES */
/* HWCAP2_MTE3: OpenBSD kernel doesn't provide MTE support */
/* HWCAP2_SME: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_I16I64: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_F64F64: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_I8I32: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_F16F32: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_B16F32: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_F32F32: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_FA64: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_WFXT */
if (ID_AA64ISAR1_BF16(cpu_id_aa64isar1) >= ID_AA64ISAR1_BF16_EBF)
hwcap2 |= HWCAP2_EBF16;
/* HWCAP2_SVE_EBF16: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_CSSC */
/* HWCAP2_RPRFM */
/* HWCAP2_SVE2P1: OpenBSD kernel doesn't provide SVE support */
/* HWCAP2_SME2: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME2P1: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_I16I32: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_BI32I32: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_B16B16: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_SME_F16F16: OpenBSD kernel doesn't provide SME support */
/* HWCAP2_MOPS */
/* HWCAP2_HBC */
}
void cpu_init(void);

3
sys/dev/ata/wd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: wd.c,v 1.131 2024/05/26 10:01:01 jsg Exp $ */
/* $OpenBSD: wd.c,v 1.132 2024/07/22 14:03:22 jsg Exp $ */
/* $NetBSD: wd.c,v 1.193 1999/02/28 17:15:27 explorer Exp $ */
/*
@ -116,7 +116,6 @@ int wdprobe(struct device *, void *, void *);
void wdattach(struct device *, struct device *, void *);
int wddetach(struct device *, int);
int wdactivate(struct device *, int);
int wdprint(void *, char *);
const struct cfattach wd_ca = {
sizeof(struct wd_softc), wdprobe, wdattach,

4
sys/dev/i2c/ipmi_i2c.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ipmi_i2c.c,v 1.4 2022/04/06 18:59:28 naddy Exp $ */
/* $OpenBSD: ipmi_i2c.c,v 1.5 2024/07/22 14:03:22 jsg Exp $ */
/*
* Copyright (c) 2019 Mark Kettenis <kettenis@openbsd.org>
*
@ -52,8 +52,6 @@ struct ipmi_if ssif_if = {
IPMI_MSG_DATARCV
};
extern void ipmi_attach(struct device *, struct device *, void *);
int ipmi_i2c_match(struct device *, void *, void *);
void ipmi_i2c_attach(struct device *, struct device *, void *);

3
sys/dev/pci/tga.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tga.c,v 1.44 2024/06/22 10:22:29 jsg Exp $ */
/* $OpenBSD: tga.c,v 1.45 2024/07/22 12:05:38 jsg Exp $ */
/* $NetBSD: tga.c,v 1.40 2002/03/13 15:05:18 ad Exp $ */
/*
@ -68,7 +68,6 @@
int tgamatch(struct device *, struct cfdata *, void *);
void tgaattach(struct device *, struct device *, void *);
int tgaprint(void *, const char *);
struct cfdriver tga_cd = {
NULL, "tga", DV_DULL

13
sys/dev/rasops/rasops32.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rasops32.c,v 1.13 2023/01/18 11:08:49 nicm Exp $ */
/* $OpenBSD: rasops32.c,v 1.14 2024/07/21 13:18:15 fcambus Exp $ */
/* $NetBSD: rasops32.c,v 1.7 2000/04/12 14:22:29 pk Exp $ */
/*-
@ -112,6 +112,17 @@ rasops32_putchar(void *cookie, int row, int col, u_int uc, uint32_t attr)
/* double-pixel special cases for the common widths */
switch (width) {
case 6:
while (height--) {
fb = fr[0];
rp[0] = u.q[fb >> 6];
rp[1] = u.q[(fb >> 4) & 3];
rp[2] = u.q[(fb >> 2) & 3];
rp += step;
fr += 1;
}
break;
case 8:
while (height--) {
fb = fr[0];

13
sys/kern/kern_exit.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kern_exit.c,v 1.224 2024/07/08 13:17:12 claudio Exp $ */
/* $OpenBSD: kern_exit.c,v 1.225 2024/07/22 08:18:53 claudio Exp $ */
/* $NetBSD: kern_exit.c,v 1.39 1996/04/22 01:38:25 christos Exp $ */
/*
@ -69,7 +69,7 @@
#include <sys/kcov.h>
#endif
void proc_finish_wait(struct proc *, struct proc *);
void proc_finish_wait(struct proc *, struct process *);
void process_clear_orphan(struct process *);
void process_zap(struct process *);
void proc_free(struct proc *);
@ -546,7 +546,7 @@ loop:
if (rusage != NULL)
memcpy(rusage, pr->ps_ru, sizeof(*rusage));
if ((options & WNOWAIT) == 0)
proc_finish_wait(q, p);
proc_finish_wait(q, pr);
return (0);
}
if ((options & WTRAPPED) &&
@ -737,16 +737,15 @@ sys_waitid(struct proc *q, void *v, register_t *retval)
}
void
proc_finish_wait(struct proc *waiter, struct proc *p)
proc_finish_wait(struct proc *waiter, struct process *pr)
{
struct process *pr, *tr;
struct process *tr;
struct rusage *rup;
/*
* If we got the child via a ptrace 'attach',
* we need to give it back to the old parent.
*/
pr = p->p_p;
if (pr->ps_oppid != 0 && (pr->ps_oppid != pr->ps_pptr->ps_pid) &&
(tr = prfind(pr->ps_oppid))) {
pr->ps_oppid = 0;
@ -755,7 +754,7 @@ proc_finish_wait(struct proc *waiter, struct proc *p)
prsignal(tr, SIGCHLD);
wakeup(tr);
} else {
scheduler_wait_hook(waiter, p);
scheduler_wait_hook(waiter, pr->ps_mainproc);
rup = &waiter->p_p->ps_cru;
ruadd(rup, pr->ps_ru);
LIST_REMOVE(pr, ps_list); /* off zombprocess */

8
sys/kern/kern_sig.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kern_sig.c,v 1.332 2024/07/10 12:28:46 claudio Exp $ */
/* $OpenBSD: kern_sig.c,v 1.333 2024/07/22 09:43:47 claudio Exp $ */
/* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */
/*
@ -1482,7 +1482,7 @@ proc_stop(struct proc *p, int sw)
p->p_stat = SSTOP;
atomic_clearbits_int(&pr->ps_flags, PS_WAITED);
atomic_setbits_int(&pr->ps_flags, PS_STOPPED);
atomic_setbits_int(&pr->ps_flags, PS_STOPPING);
atomic_setbits_int(&p->p_flag, P_SUSPSIG);
/*
* We need this soft interrupt to be handled fast.
@ -1505,9 +1505,9 @@ proc_stop_sweep(void *v)
struct process *pr;
LIST_FOREACH(pr, &allprocess, ps_list) {
if ((pr->ps_flags & PS_STOPPED) == 0)
if ((pr->ps_flags & PS_STOPPING) == 0)
continue;
atomic_clearbits_int(&pr->ps_flags, PS_STOPPED);
atomic_clearbits_int(&pr->ps_flags, PS_STOPPING);
if ((pr->ps_pptr->ps_sigacts->ps_sigflags & SAS_NOCLDSTOP) == 0)
prsignal(pr->ps_pptr, SIGCHLD);

302
sys/kern/uipc_socket.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: uipc_socket.c,v 1.338 2024/07/14 15:42:23 bluhm Exp $ */
/* $OpenBSD: uipc_socket.c,v 1.339 2024/07/20 17:26:19 mvs Exp $ */
/* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */
/*
@ -324,31 +324,22 @@ sofree(struct socket *so, int keep_lock)
sounlock(head);
}
if (persocket) {
switch (so->so_proto->pr_domain->dom_family) {
case AF_INET:
case AF_INET6:
if (so->so_proto->pr_type == SOCK_STREAM)
break;
/* FALLTHROUGH */
default:
sounlock(so);
refcnt_finalize(&so->so_refcnt, "sofinal");
solock(so);
break;
}
sigio_free(&so->so_sigio);
klist_free(&so->so_rcv.sb_klist);
klist_free(&so->so_snd.sb_klist);
#ifdef SOCKET_SPLICE
if (issplicedback(so)) {
int freeing = SOSP_FREEING_WRITE;
if (so->so_sp->ssp_soback == so)
freeing |= SOSP_FREEING_READ;
sounsplice(so->so_sp->ssp_soback, so, freeing);
}
if (isspliced(so)) {
int freeing = SOSP_FREEING_READ;
if (so == so->so_sp->ssp_socket)
freeing |= SOSP_FREEING_WRITE;
sounsplice(so, so->so_sp->ssp_socket, freeing);
}
#endif /* SOCKET_SPLICE */
mtx_enter(&so->so_snd.sb_mtx);
sbrelease(so, &so->so_snd);
@ -458,6 +449,85 @@ discard:
if (so->so_state & SS_NOFDREF)
panic("soclose NOFDREF: so %p, so_type %d", so, so->so_type);
so->so_state |= SS_NOFDREF;
#ifdef SOCKET_SPLICE
if (so->so_sp) {
struct socket *soback;
if (so->so_proto->pr_flags & PR_WANTRCVD) {
/*
* Copy - Paste, but can't relock and sleep in
* sofree() in tcp(4) case. That's why tcp(4)
* still rely on solock() for splicing and
* unsplicing.
*/
if (issplicedback(so)) {
int freeing = SOSP_FREEING_WRITE;
if (so->so_sp->ssp_soback == so)
freeing |= SOSP_FREEING_READ;
sounsplice(so->so_sp->ssp_soback, so, freeing);
}
if (isspliced(so)) {
int freeing = SOSP_FREEING_READ;
if (so == so->so_sp->ssp_socket)
freeing |= SOSP_FREEING_WRITE;
sounsplice(so, so->so_sp->ssp_socket, freeing);
}
goto free;
}
sounlock(so);
mtx_enter(&so->so_snd.sb_mtx);
/*
* Concurrent sounsplice() locks `sb_mtx' mutexes on
* both `so_snd' and `so_rcv' before unsplice sockets.
*/
if ((soback = so->so_sp->ssp_soback) == NULL) {
mtx_leave(&so->so_snd.sb_mtx);
goto notsplicedback;
}
soref(soback);
mtx_leave(&so->so_snd.sb_mtx);
/*
* `so' can be only unspliced, and never spliced again.
* Thus if issplicedback(so) check is positive, socket is
* still spliced and `ssp_soback' points to the same
* socket that `soback'.
*/
sblock(&soback->so_rcv, SBL_WAIT | SBL_NOINTR);
if (issplicedback(so)) {
int freeing = SOSP_FREEING_WRITE;
if (so->so_sp->ssp_soback == so)
freeing |= SOSP_FREEING_READ;
solock(soback);
sounsplice(so->so_sp->ssp_soback, so, freeing);
sounlock(soback);
}
sbunlock(&soback->so_rcv);
sorele(soback);
notsplicedback:
sblock(&so->so_rcv, SBL_WAIT | SBL_NOINTR);
if (isspliced(so)) {
int freeing = SOSP_FREEING_READ;
if (so == so->so_sp->ssp_socket)
freeing |= SOSP_FREEING_WRITE;
solock(so);
sounsplice(so, so->so_sp->ssp_socket, freeing);
sounlock(so);
}
sbunlock(&so->so_rcv);
solock(so);
}
free:
#endif /* SOCKET_SPLICE */
/* sofree() calls sounlock(). */
sofree(so, 0);
return (error);
@ -1411,14 +1481,6 @@ sosplice(struct socket *so, int fd, off_t max, struct timeval *tv)
goto release;
}
/* Splice so and sosp together. */
mtx_enter(&so->so_rcv.sb_mtx);
mtx_enter(&sosp->so_snd.sb_mtx);
so->so_sp->ssp_socket = sosp;
sosp->so_sp->ssp_soback = so;
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&so->so_rcv.sb_mtx);
so->so_splicelen = 0;
so->so_splicemax = max;
if (tv)
@ -1429,9 +1491,20 @@ sosplice(struct socket *so, int fd, off_t max, struct timeval *tv)
task_set(&so->so_splicetask, sotask, so);
/*
* To prevent softnet interrupt from calling somove() while
* we sleep, the socket buffers are not marked as spliced yet.
* To prevent sorwakeup() calling somove() before this somove()
* has finished, the socket buffers are not marked as spliced yet.
*/
/* Splice so and sosp together. */
mtx_enter(&so->so_rcv.sb_mtx);
mtx_enter(&sosp->so_snd.sb_mtx);
so->so_sp->ssp_socket = sosp;
sosp->so_sp->ssp_soback = so;
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&so->so_rcv.sb_mtx);
if ((so->so_proto->pr_flags & PR_WANTRCVD) == 0)
sounlock(so);
if (somove(so, M_WAIT)) {
mtx_enter(&so->so_rcv.sb_mtx);
mtx_enter(&sosp->so_snd.sb_mtx);
@ -1440,6 +1513,8 @@ sosplice(struct socket *so, int fd, off_t max, struct timeval *tv)
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&so->so_rcv.sb_mtx);
}
if ((so->so_proto->pr_flags & PR_WANTRCVD) == 0)
solock(so);
release:
sounlock(so);
@ -1454,6 +1529,8 @@ sosplice(struct socket *so, int fd, off_t max, struct timeval *tv)
void
sounsplice(struct socket *so, struct socket *sosp, int freeing)
{
if ((so->so_proto->pr_flags & PR_WANTRCVD) == 0)
sbassertlocked(&so->so_rcv);
soassertlocked(so);
task_del(sosplice_taskq, &so->so_splicetask);
@ -1479,32 +1556,51 @@ soidle(void *arg)
{
struct socket *so = arg;
sblock(&so->so_rcv, SBL_WAIT | SBL_NOINTR);
solock(so);
/*
* Depending on socket type, sblock(&so->so_rcv) or solock()
* is always held while modifying SB_SPLICE and
* so->so_sp->ssp_socket.
*/
if (so->so_rcv.sb_flags & SB_SPLICE) {
so->so_error = ETIMEDOUT;
sounsplice(so, so->so_sp->ssp_socket, 0);
}
sounlock(so);
sbunlock(&so->so_rcv);
}
void
sotask(void *arg)
{
struct socket *so = arg;
int doyield = 0;
int sockstream = (so->so_proto->pr_flags & PR_WANTRCVD);
/*
* sblock() on `so_rcv' protects sockets from beind unspliced
* for UDP case. TCP sockets still rely on solock().
*/
sblock(&so->so_rcv, SBL_WAIT | SBL_NOINTR);
if (sockstream)
solock(so);
solock(so);
if (so->so_rcv.sb_flags & SB_SPLICE) {
/*
* We may not sleep here as sofree() and unsplice() may be
* called from softnet interrupt context. This would remove
* the socket during somove().
*/
if (sockstream)
doyield = 1;
somove(so, M_DONTWAIT);
}
sounlock(so);
/* Avoid user land starvation. */
yield();
if (sockstream)
sounlock(so);
sbunlock(&so->so_rcv);
if (doyield) {
/* Avoid user land starvation. */
yield();
}
}
/*
@ -1546,24 +1642,32 @@ somove(struct socket *so, int wait)
struct mbuf *m, **mp, *nextrecord;
u_long len, off, oobmark;
long space;
int error = 0, maxreached = 0;
int error = 0, maxreached = 0, unsplice = 0;
unsigned int rcvstate;
int sockdgram = ((so->so_proto->pr_flags &
PR_WANTRCVD) == 0);
soassertlocked(so);
if (sockdgram)
sbassertlocked(&so->so_rcv);
else
soassertlocked(so);
mtx_enter(&so->so_rcv.sb_mtx);
mtx_enter(&sosp->so_snd.sb_mtx);
nextpkt:
if (so->so_error) {
error = so->so_error;
if ((error = READ_ONCE(so->so_error)))
goto release;
}
if (sosp->so_snd.sb_state & SS_CANTSENDMORE) {
error = EPIPE;
goto release;
}
if (sosp->so_error && sosp->so_error != ETIMEDOUT &&
sosp->so_error != EFBIG && sosp->so_error != ELOOP) {
error = sosp->so_error;
goto release;
error = READ_ONCE(sosp->so_error);
if (error) {
if (error != ETIMEDOUT && error != EFBIG && error != ELOOP)
goto release;
error = 0;
}
if ((sosp->so_state & SS_ISCONNECTED) == 0)
goto release;
@ -1577,26 +1681,21 @@ somove(struct socket *so, int wait)
maxreached = 1;
}
}
mtx_enter(&sosp->so_snd.sb_mtx);
space = sbspace_locked(sosp, &sosp->so_snd);
if (so->so_oobmark && so->so_oobmark < len &&
so->so_oobmark < space + 1024)
space += 1024;
if (space <= 0) {
mtx_leave(&sosp->so_snd.sb_mtx);
maxreached = 0;
goto release;
}
if (space < len) {
maxreached = 0;
if (space < sosp->so_snd.sb_lowat) {
mtx_leave(&sosp->so_snd.sb_mtx);
if (space < sosp->so_snd.sb_lowat)
goto release;
}
len = space;
}
sosp->so_snd.sb_state |= SS_ISSENDING;
mtx_leave(&sosp->so_snd.sb_mtx);
SBLASTRECORDCHK(&so->so_rcv, "somove 1");
SBLASTMBUFCHK(&so->so_rcv, "somove 1");
@ -1618,8 +1717,13 @@ somove(struct socket *so, int wait)
m = m->m_next;
if (m == NULL) {
sbdroprecord(so, &so->so_rcv);
if (so->so_proto->pr_flags & PR_WANTRCVD)
if (so->so_proto->pr_flags & PR_WANTRCVD) {
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&so->so_rcv.sb_mtx);
pru_rcvd(so);
mtx_enter(&so->so_rcv.sb_mtx);
mtx_enter(&sosp->so_snd.sb_mtx);
}
goto nextpkt;
}
@ -1724,11 +1828,15 @@ somove(struct socket *so, int wait)
}
/* Send window update to source peer as receive buffer has changed. */
if (so->so_proto->pr_flags & PR_WANTRCVD)
if (so->so_proto->pr_flags & PR_WANTRCVD) {
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&so->so_rcv.sb_mtx);
pru_rcvd(so);
mtx_enter(&so->so_rcv.sb_mtx);
mtx_enter(&sosp->so_snd.sb_mtx);
}
/* Receive buffer did shrink by len bytes, adjust oob. */
mtx_enter(&so->so_rcv.sb_mtx);
rcvstate = so->so_rcv.sb_state;
so->so_rcv.sb_state &= ~SS_RCVATMARK;
oobmark = so->so_oobmark;
@ -1739,7 +1847,6 @@ somove(struct socket *so, int wait)
if (oobmark >= len)
oobmark = 0;
}
mtx_leave(&so->so_rcv.sb_mtx);
/*
* Handle oob data. If any malloc fails, ignore error.
@ -1755,7 +1862,12 @@ somove(struct socket *so, int wait)
} else if (oobmark) {
o = m_split(m, oobmark, wait);
if (o) {
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&so->so_rcv.sb_mtx);
error = pru_send(sosp, m, NULL, NULL);
mtx_enter(&so->so_rcv.sb_mtx);
mtx_enter(&sosp->so_snd.sb_mtx);
if (error) {
if (sosp->so_snd.sb_state &
SS_CANTSENDMORE)
@ -1773,7 +1885,13 @@ somove(struct socket *so, int wait)
if (o) {
o->m_len = 1;
*mtod(o, caddr_t) = *mtod(m, caddr_t);
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&so->so_rcv.sb_mtx);
error = pru_sendoob(sosp, o, NULL, NULL);
mtx_enter(&so->so_rcv.sb_mtx);
mtx_enter(&sosp->so_snd.sb_mtx);
if (error) {
if (sosp->so_snd.sb_state & SS_CANTSENDMORE)
error = EPIPE;
@ -1791,15 +1909,25 @@ somove(struct socket *so, int wait)
}
}
mtx_enter(&sosp->so_snd.sb_mtx);
/* Append all remaining data to drain socket. */
if (so->so_rcv.sb_cc == 0 || maxreached)
sosp->so_snd.sb_state &= ~SS_ISSENDING;
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&so->so_rcv.sb_mtx);
if (sockdgram)
solock_shared(sosp);
error = pru_send(sosp, m, NULL, NULL);
if (sockdgram)
sounlock_shared(sosp);
mtx_enter(&so->so_rcv.sb_mtx);
mtx_enter(&sosp->so_snd.sb_mtx);
if (error) {
if (sosp->so_snd.sb_state & SS_CANTSENDMORE)
if (sosp->so_snd.sb_state & SS_CANTSENDMORE ||
sosp->so_pcb == NULL)
error = EPIPE;
goto release;
}
@ -1810,26 +1938,35 @@ somove(struct socket *so, int wait)
goto nextpkt;
release:
mtx_enter(&sosp->so_snd.sb_mtx);
sosp->so_snd.sb_state &= ~SS_ISSENDING;
mtx_leave(&sosp->so_snd.sb_mtx);
if (!error && maxreached && so->so_splicemax == so->so_splicelen)
error = EFBIG;
if (error)
so->so_error = error;
WRITE_ONCE(so->so_error, error);
if (((so->so_rcv.sb_state & SS_CANTRCVMORE) &&
so->so_rcv.sb_cc == 0) ||
(sosp->so_snd.sb_state & SS_CANTSENDMORE) ||
maxreached || error) {
maxreached || error)
unsplice = 1;
mtx_leave(&sosp->so_snd.sb_mtx);
mtx_leave(&so->so_rcv.sb_mtx);
if (unsplice) {
if (sockdgram)
solock(so);
sounsplice(so, sosp, 0);
if (sockdgram)
sounlock(so);
return (0);
}
if (timerisset(&so->so_idletv))
timeout_add_tv(&so->so_idleto, &so->so_idletv);
return (1);
}
#endif /* SOCKET_SPLICE */
void
@ -1839,22 +1976,16 @@ sorwakeup(struct socket *so)
soassertlocked_readonly(so);
#ifdef SOCKET_SPLICE
if (so->so_rcv.sb_flags & SB_SPLICE) {
/*
* TCP has a sendbuffer that can handle multiple packets
* at once. So queue the stream a bit to accumulate data.
* The sosplice thread will call somove() later and send
* the packets calling tcp_output() only once.
* In the UDP case, send out the packets immediately.
* Using a thread would make things slower.
*/
if (so->so_proto->pr_flags & PR_WANTRCVD)
if (so->so_proto->pr_flags & PR_SPLICE) {
sb_mtx_lock(&so->so_rcv);
if (so->so_rcv.sb_flags & SB_SPLICE)
task_add(sosplice_taskq, &so->so_splicetask);
else
somove(so, M_DONTWAIT);
if (isspliced(so)) {
sb_mtx_unlock(&so->so_rcv);
return;
}
sb_mtx_unlock(&so->so_rcv);
}
if (isspliced(so))
return;
#endif
sowakeup(so, &so->so_rcv);
if (so->so_upcall)
@ -1868,10 +1999,17 @@ sowwakeup(struct socket *so)
soassertlocked_readonly(so);
#ifdef SOCKET_SPLICE
if (so->so_snd.sb_flags & SB_SPLICE)
task_add(sosplice_taskq, &so->so_sp->ssp_soback->so_splicetask);
if (issplicedback(so))
return;
if (so->so_proto->pr_flags & PR_SPLICE) {
sb_mtx_lock(&so->so_snd);
if (so->so_snd.sb_flags & SB_SPLICE)
task_add(sosplice_taskq,
&so->so_sp->ssp_soback->so_splicetask);
if (issplicedback(so)) {
sb_mtx_unlock(&so->so_snd);
return;
}
sb_mtx_unlock(&so->so_snd);
}
#endif
sowakeup(so, &so->so_snd);
}

7
sys/netinet/udp_usrreq.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: udp_usrreq.c,v 1.322 2024/07/19 15:41:58 bluhm Exp $ */
/* $OpenBSD: udp_usrreq.c,v 1.323 2024/07/20 17:26:19 mvs Exp $ */
/* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */
/*
@ -1209,6 +1209,11 @@ udp_send(struct socket *so, struct mbuf *m, struct mbuf *addr,
soassertlocked_readonly(so);
if (inp == NULL) {
/* PCB could be destroyed, but socket still spliced. */
return (EINVAL);
}
#ifdef PIPEX
if (inp->inp_pipex) {
struct pipex_session *session;

4
sys/sys/proc.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: proc.h,v 1.364 2024/07/17 09:54:14 claudio Exp $ */
/* $OpenBSD: proc.h,v 1.365 2024/07/22 09:43:47 claudio Exp $ */
/* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */
/*-
@ -287,7 +287,7 @@ struct process {
#define PS_SINGLEEXIT 0x00001000 /* Other threads must die. */
#define PS_SINGLEUNWIND 0x00002000 /* Other threads must unwind. */
#define PS_NOZOMBIE 0x00004000 /* No signal or zombie at exit. */
#define PS_STOPPED 0x00008000 /* Just stopped, need sig to parent. */
#define PS_STOPPING 0x00008000 /* Just stopped, need sig to parent. */
#define PS_SYSTEM 0x00010000 /* No sigs, stats or swapping. */
#define PS_EMBRYO 0x00020000 /* New process, not yet fledged */
#define PS_ZOMBIE 0x00040000 /* Dead and ready to be waited for */

49
sys/sys/socketvar.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: socketvar.h,v 1.132 2024/07/12 17:20:18 mvs Exp $ */
/* $OpenBSD: socketvar.h,v 1.133 2024/07/20 17:26:19 mvs Exp $ */
/* $NetBSD: socketvar.h,v 1.18 1996/02/09 18:25:38 christos Exp $ */
/*-
@ -51,6 +51,33 @@ typedef __socklen_t socklen_t; /* length type for network syscalls */
TAILQ_HEAD(soqhead, socket);
/*
* Locks used to protect global data and struct members:
* I immutable after creation
* mr sb_mxt of so_rcv buffer
* ms sb_mtx of so_snd buffer
* br sblock() of so_rcv buffer
* bs sblock() od so_snd buffer
* s solock()
*/
/*
* XXXSMP: tcp(4) sockets rely on exclusive solock() for all the cases.
*/
/*
* Variables for socket splicing, allocated only when needed.
*/
struct sosplice {
struct socket *ssp_socket; /* [mr ms] send data to drain socket */
struct socket *ssp_soback; /* [ms ms] back ref to source socket */
off_t ssp_len; /* [mr] number of bytes spliced */
off_t ssp_max; /* [I] maximum number of bytes */
struct timeval ssp_idletv; /* [I] idle timeout */
struct timeout ssp_idleto;
struct task ssp_task; /* task for somove */
};
/*
* Kernel structure per socket.
* Contains send and receive buffer queues,
@ -89,18 +116,8 @@ struct socket {
short so_timeo; /* connection timeout */
u_long so_oobmark; /* chars to oob mark */
u_int so_error; /* error affecting connection */
/*
* Variables for socket splicing, allocated only when needed.
*/
struct sosplice {
struct socket *ssp_socket; /* send data to drain socket */
struct socket *ssp_soback; /* back ref to source socket */
off_t ssp_len; /* number of bytes spliced */
off_t ssp_max; /* maximum number of bytes */
struct timeval ssp_idletv; /* idle timeout */
struct timeout ssp_idleto;
struct task ssp_task; /* task for somove */
} *so_sp;
struct sosplice *so_sp; /* [s br] */
/*
* Variables for socket buffering.
*/
@ -330,6 +347,12 @@ int sblock(struct sockbuf *, int);
/* release lock on sockbuf sb */
void sbunlock(struct sockbuf *);
static inline void
sbassertlocked(struct sockbuf *sb)
{
rw_assert_wrlock(&sb->sb_lock);
}
#define SB_EMPTY_FIXUP(sb) do { \
if ((sb)->sb_mb == NULL) { \
(sb)->sb_mbtail = NULL; \

7
usr.bin/rpcgen/rpc_main.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rpc_main.c,v 1.35 2019/06/28 13:35:03 deraadt Exp $ */
/* $OpenBSD: rpc_main.c,v 1.36 2024/07/22 17:55:18 dv Exp $ */
/* $NetBSD: rpc_main.c,v 1.9 1996/02/19 11:12:43 pk Exp $ */
/*
@ -480,7 +480,10 @@ h_output(infile, define, extend, outfile)
outfilename = extend ? extendfile(infile, outfile) : outfile;
open_output(infile, outfilename);
add_warning();
guard = generate_guard(outfilename ? outfilename : infile);
if (outfilename || infile)
guard = generate_guard(outfilename ? outfilename : infile);
else
guard = generate_guard("STDIN");
fprintf(fout, "#ifndef _%s\n#define _%s\n\n", guard,
guard);

24
usr.bin/tmux/options.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: options.c,v 1.69 2022/06/17 07:28:05 nicm Exp $ */
/* $OpenBSD: options.c,v 1.70 2024/07/22 15:27:42 nicm Exp $ */
/*
* Copyright (c) 2008 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -578,10 +578,28 @@ char *
options_to_string(struct options_entry *o, int idx, int numeric)
{
struct options_array_item *a;
char *result = NULL;
char *last = NULL;
char *next;
if (OPTIONS_IS_ARRAY(o)) {
if (idx == -1)
return (xstrdup(""));
if (idx == -1) {
RB_FOREACH(a, options_array, &o->value.array) {
next = options_value_to_string(o, &a->value,
numeric);
if (last == NULL)
result = next;
else {
xasprintf(&result, "%s %s", last, next);
free(last);
free(next);
}
last = result;
}
if (result == NULL)
return (xstrdup(""));
return (result);
}
a = options_array_item(o, idx);
if (a == NULL)
return (xstrdup(""));

11
usr.sbin/radiusctl/radiusctl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusctl.c,v 1.10 2024/07/14 11:12:32 yasuoka Exp $ */
/* $OpenBSD: radiusctl.c,v 1.11 2024/07/22 09:39:23 yasuoka Exp $ */
/*
* Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
*
@ -180,7 +180,6 @@ main(int argc, char *argv[])
iov[niov++].iov_len = sizeof(res->session_seq);
imsg_composev(&ibuf, IMSG_RADIUSD_MODULE_IPCP_DISCONNECT, 0, 0,
-1, iov, niov);
done = 1;
break;
}
while (ibuf.w.queued) {
@ -200,6 +199,7 @@ main(int argc, char *argv[])
case IPCP_SHOW:
case IPCP_DUMP:
case IPCP_MONITOR:
case IPCP_DISCONNECT:
done = ipcp_handle_imsg(res, &imsg, cnt++);
break;
default:
@ -625,6 +625,13 @@ ipcp_handle_imsg(struct parse_result *res, struct imsg *imsg, int cnt)
datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
switch (imsg->hdr.type) {
case IMSG_OK:
if (datalen > 0 && *((char *)imsg->data + datalen - 1) == '\0')
fprintf(stderr, "OK: %s\n", (char *)imsg->data);
else
fprintf(stderr, "OK\n");
done = 1;
break;
case IMSG_NG:
if (datalen > 0 && *((char *)imsg->data + datalen - 1) == '\0')
fprintf(stderr, "error: %s\n", (char *)imsg->data);

6
usr.sbin/radiusd/radiusd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd.c,v 1.51 2024/07/17 11:05:11 yasuoka Exp $ */
/* $OpenBSD: radiusd.c,v 1.52 2024/07/22 09:27:16 yasuoka Exp $ */
/*
* Copyright (c) 2013, 2023 Internet Initiative Japan Inc.
@ -83,8 +83,8 @@ static struct radiusd_module_radpkt_arg *
radiusd_module_recv_radpkt(struct radiusd_module *,
struct imsg *, uint32_t, const char *);
static void radiusd_module_on_imsg_io(int, short, void *);
void radiusd_module_start(struct radiusd_module *);
void radiusd_module_stop(struct radiusd_module *);
static void radiusd_module_start(struct radiusd_module *);
static void radiusd_module_stop(struct radiusd_module *);
static void radiusd_module_close(struct radiusd_module *);
static void radiusd_module_userpass(struct radiusd_module *,
struct radius_query *);

50
usr.sbin/radiusd/radiusd_ipcp.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd_ipcp.c,v 1.5 2024/07/17 11:31:46 yasuoka Exp $ */
/* $OpenBSD: radiusd_ipcp.c,v 1.7 2024/07/22 10:00:16 yasuoka Exp $ */
/*
* Copyright (c) 2024 Internet Initiative Japan Inc.
@ -68,6 +68,11 @@ struct user {
char name[0];
};
struct radiusctl_client {
int peerid;
TAILQ_ENTRY(radiusctl_client) entry;
};
struct module_ipcp_dae;
struct assigned_ipv4 {
@ -98,6 +103,7 @@ struct assigned_ipv4 {
TAILQ_ENTRY(assigned_ipv4) dae_next;
int dae_ntry;
struct event dae_evtimer;
TAILQ_HEAD(, radiusctl_client) dae_clients;
};
struct module_ipcp_ctrlconn {
@ -517,6 +523,7 @@ ipcp_config_set(void *ctx, const char *name, int argc, char * const * argv)
*dae0 = dae;
TAILQ_INIT(&dae0->reqs);
TAILQ_INSERT_TAIL(&module->daes, dae0, next);
dae0->ipcp = module;
} else if (strcmp(name, "_debug") == 0)
log_init(1);
else if (strncmp(name, "_", 1) == 0)
@ -544,6 +551,8 @@ ipcp_dispatch_control(void *ctx, struct imsg *imsg)
size_t dumpsiz;
u_int datalen;
unsigned seq;
struct radiusctl_client *client;
const char *cause;
datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
switch (imsg->hdr.type) {
@ -616,9 +625,13 @@ ipcp_dispatch_control(void *ctx, struct imsg *imsg)
if (assign->seq == seq)
break;
}
if (assign == NULL)
if (assign == NULL) {
cause = "session not found";
log_warnx("Disconnect seq=%u requested, but the "
"session is not found", seq);
module_imsg_compose(self->base, IMSG_NG,
imsg->hdr.peerid, 0, -1, cause, strlen(cause) + 1);
}
else {
if (assign->dae == NULL)
log_warnx("Disconnect seq=%u requested, but "
@ -626,9 +639,18 @@ ipcp_dispatch_control(void *ctx, struct imsg *imsg)
else {
log_info("Disconnect seq=%u requested",
assign->seq);
if ((client = calloc(1, sizeof(struct
radiusctl_client))) == NULL) {
log_warn("%s: calloc: %m",
__func__);
goto fail;
}
client->peerid = imsg->hdr.peerid;
if (assign->dae_ntry == 0)
ipcp_dae_send_disconnect_request(
assign);
TAILQ_INSERT_TAIL(&assign->dae_clients,
client, entry);
}
}
break;
@ -1189,6 +1211,7 @@ ipcp_ipv4_assign(struct module_ipcp *self, struct user *user,
ip->authtime = self->uptime;
RB_INSERT(assigned_ipv4_tree, &self->ipv4s, ip);
TAILQ_INSERT_TAIL(&user->ipv4s, ip, next);
TAILQ_INIT(&ip->dae_clients);
self->nsessions++;
ip->seq = self->seq++;
@ -1324,8 +1347,8 @@ ipcp_restore_from_db(struct module_ipcp *self)
if ((assigned = ipcp_ipv4_assign(self, user, ipv4))
== NULL)
return (-1);
self->seq = MAXIMUM(assigned->seq + 1, self->seq);
assigned->seq = record->seq;
self->seq = MAXIMUM(assigned->seq + 1, self->seq);
strlcpy(assigned->auth_method, record->auth_method,
sizeof(assigned->auth_method));
strlcpy(assigned->session_id, record->session_id,
@ -1562,12 +1585,14 @@ void
ipcp_dae_on_event(int fd, short ev, void *ctx)
{
struct module_ipcp_dae *dae = ctx;
struct module_ipcp *self = dae->ipcp;
RADIUS_PACKET *radres = NULL;
int code;
uint32_t u32;
struct assigned_ipv4 *assign;
char buf[80], causestr[80];
const char *cause = "";
struct radiusctl_client *client;
if ((ev & EV_READ) == 0)
return;
@ -1627,6 +1652,19 @@ ipcp_dae_on_event(int fd, short ev, void *ctx)
&dae->nas_addr, buf, sizeof(buf)));
break;
}
TAILQ_FOREACH(client, &assign->dae_clients, entry) {
if (*cause != '\0')
module_imsg_compose(self->base,
(code == RADIUS_CODE_DISCONNECT_ACK)
? IMSG_OK : IMSG_NG, client->peerid, 0, -1,
cause + 1, strlen(cause + 1) + 1);
else
module_imsg_compose(self->base,
(code == RADIUS_CODE_DISCONNECT_ACK)
? IMSG_OK : IMSG_NG, client->peerid, 0, -1,
NULL, 0);
}
ipcp_dae_reset_request(assign);
out:
if (radres != NULL)
@ -1636,6 +1674,8 @@ ipcp_dae_on_event(int fd, short ev, void *ctx)
void
ipcp_dae_reset_request(struct assigned_ipv4 *assign)
{
struct radiusctl_client *client, *clientt;
if (assign->dae != NULL) {
if (assign->dae_ntry > 0)
TAILQ_REMOVE(&assign->dae->reqs, assign, dae_next);
@ -1645,6 +1685,10 @@ ipcp_dae_reset_request(struct assigned_ipv4 *assign)
assign->dae_reqpkt = NULL;
if (evtimer_pending(&assign->dae_evtimer, NULL))
evtimer_del(&assign->dae_evtimer);
TAILQ_FOREACH_SAFE(client, &assign->dae_clients, entry, clientt) {
TAILQ_REMOVE(&assign->dae_clients, client, entry);
free(client);
}
assign->dae_ntry = 0;
}