diff --git a/etc/services b/etc/services index 0fed1cea8..0405aa38d 100644 --- a/etc/services +++ b/etc/services @@ -1,4 +1,4 @@ -# $OpenBSD: services,v 1.106 2023/12/07 14:53:31 sthen Exp $ +# $OpenBSD: services,v 1.107 2024/06/04 18:13:23 landry Exp $ # # Network services, Internet style # https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt @@ -274,6 +274,7 @@ afs3-update 7008/udp # AFS server to server update afs3-rmtsys 7009/tcp # AFS remote cache manager service afs3-rmtsys 7009/udp # AFS remote cache manager service puppet 8140/tcp # Puppet master service +matrix-fed 8448/tcp # Matrix Federation Protocol ub-dns-control 8953/tcp # unbound dns nameserver control git 9418/tcp # git pack transfer service git 9418/udp # git pack transfer service diff --git a/lib/libc/arch/amd64/Makefile.inc b/lib/libc/arch/amd64/Makefile.inc index 8b5442a43..a84eb110c 100644 --- a/lib/libc/arch/amd64/Makefile.inc +++ b/lib/libc/arch/amd64/Makefile.inc @@ -1 +1,3 @@ -# $OpenBSD: Makefile.inc,v 1.5 2014/06/09 20:47:10 miod Exp $ +# $OpenBSD: Makefile.inc,v 1.6 2024/06/04 15:14:44 deraadt Exp $ + +CFLAGS+=-fret-clean diff --git a/lib/libcrypto/arch/amd64/Makefile.inc b/lib/libcrypto/arch/amd64/Makefile.inc index a35410582..0cf212b18 100644 --- a/lib/libcrypto/arch/amd64/Makefile.inc +++ b/lib/libcrypto/arch/amd64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.27 2024/03/29 11:00:57 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.28 2024/06/04 15:14:45 deraadt Exp $ # amd64-specific libcrypto build rules @@ -83,3 +83,5 @@ GENERATED+=x86_64cpuid.S x86_64cpuid.S: ${LCRYPTO_SRC}/x86_64cpuid.pl ${EXTRA_PL} (cd ${LCRYPTO_SRC}/${dir} ; \ /usr/bin/perl ./x86_64cpuid.pl) > ${.TARGET} + +CFLAGS+=-fret-clean diff --git a/libexec/ld.so/amd64/Makefile.inc b/libexec/ld.so/amd64/Makefile.inc index 3181b632d..2211d1a9e 100644 --- a/libexec/ld.so/amd64/Makefile.inc +++ b/libexec/ld.so/amd64/Makefile.inc @@ -1,6 +1,7 @@ -# $OpenBSD: Makefile.inc,v 1.7 2019/10/20 03:44:49 guenther Exp $ +# $OpenBSD: Makefile.inc,v 1.8 2024/06/04 15:14:45 deraadt Exp $ CFLAGS += -fPIC -mno-sse2 -mno-sse -mno-3dnow -mno-mmx +CFLAGS +=-fret-clean AFLAGS += -fpic LD_SCRIPT = ${.CURDIR}/${MACHINE_CPU}/ld.script diff --git a/sbin/dhcp6leased/engine.c b/sbin/dhcp6leased/engine.c index 0e059c19b..1db154326 100644 --- a/sbin/dhcp6leased/engine.c +++ b/sbin/dhcp6leased/engine.c @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.c,v 1.7 2024/06/03 15:53:26 deraadt Exp $ */ +/* $OpenBSD: engine.c,v 1.8 2024/06/04 15:48:47 florian Exp $ */ /* * Copyright (c) 2017, 2021, 2024 Florian Obser @@ -484,7 +484,7 @@ engine_dispatch_main(int fd, short event, void *bula) SIMPLEQ_INIT(&iface_ia_conf->iface_pd_list); SIMPLEQ_INSERT_TAIL(&iface_conf->iface_ia_list, iface_ia_conf, entry); - iface_conf->ia_count++; + iface_ia_conf->id = iface_conf->ia_count++; if (iface_conf->ia_count > MAX_IA) fatalx("Too many prefix delegation requests."); break; @@ -787,11 +787,11 @@ parse_dhcp(struct dhcp6leased_iface *iface, struct imsg_dhcp *dhcp) log_debug("%s: IA_PD, IAID: %08x, T1: %u, T2: %u", __func__, ntohl(iapd.iaid), ntohl(iapd.t1), ntohl(iapd.t2)); - if (ntohl(iapd.iaid) <= iface_conf->ia_count) + if (ntohl(iapd.iaid) < iface_conf->ia_count) parse_ia_pd_options(p + sizeof(struct dhcp_iapd), opt_hdr.len - sizeof(struct dhcp_iapd), - &pds[ntohl(iapd.iaid) -1]); + &pds[ntohl(iapd.iaid)]); break; case DHO_RAPID_COMMIT: if (opt_hdr.len != 0) { @@ -818,7 +818,7 @@ parse_dhcp(struct dhcp6leased_iface *iface, struct imsg_dhcp *dhcp) SIMPLEQ_FOREACH(ia_conf, &iface_conf->iface_ia_list, entry) { - struct prefix *pd = &pds[ia_conf->id - 1]; + struct prefix *pd = &pds[ia_conf->id]; if (pd->prefix_len == 0) { log_warnx("%s: no IA for IAID %d found", __func__, @@ -1280,7 +1280,7 @@ configure_interfaces(struct dhcp6leased_iface *iface) } SIMPLEQ_FOREACH(ia_conf, &iface_conf->iface_ia_list, entry) { - struct prefix *pd = &iface->pds[ia_conf->id - 1]; + struct prefix *pd = &iface->pds[ia_conf->id]; SIMPLEQ_FOREACH(pd_conf, &ia_conf->iface_pd_list, entry) { send_configure_interface(pd_conf, pd); diff --git a/sbin/dhcp6leased/frontend.c b/sbin/dhcp6leased/frontend.c index d683a6823..6dc1abe52 100644 --- a/sbin/dhcp6leased/frontend.c +++ b/sbin/dhcp6leased/frontend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.c,v 1.8 2024/06/03 15:53:26 deraadt Exp $ */ +/* $OpenBSD: frontend.c,v 1.9 2024/06/04 15:48:47 florian Exp $ */ /* * Copyright (c) 2017, 2021, 2024 Florian Obser @@ -362,7 +362,7 @@ frontend_dispatch_main(int fd, short event, void *bula) SIMPLEQ_INIT(&iface_ia_conf->iface_pd_list); SIMPLEQ_INSERT_TAIL(&iface_conf->iface_ia_list, iface_ia_conf, entry); - iface_conf->ia_count++; + iface_ia_conf->id = iface_conf->ia_count++; if (iface_conf->ia_count > MAX_IA) fatalx("Too many prefix delegation requests."); break; @@ -873,7 +873,7 @@ build_packet(uint8_t message_type, struct iface *iface, char *if_name) case DHCPREQUEST: case DHCPRENEW: case DHCPREBIND: - pd = &iface->pds[ia_conf->id - 1]; + pd = &iface->pds[ia_conf->id]; iaprefix.prefix_len = pd->prefix_len; memcpy(&iaprefix.prefix, &pd->prefix, sizeof(struct in6_addr)); diff --git a/sbin/dhcp6leased/parse.y b/sbin/dhcp6leased/parse.y index 0e8a50c7d..940ec15d1 100644 --- a/sbin/dhcp6leased/parse.y +++ b/sbin/dhcp6leased/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.6 2024/06/03 15:53:26 deraadt Exp $ */ +/* $OpenBSD: parse.y,v 1.7 2024/06/04 15:48:47 florian Exp $ */ /* * Copyright (c) 2018, 2024 Florian Obser @@ -176,8 +176,8 @@ ia_pd : REQUEST PREFIX DELEGATION ON STRING FOR { iface_ia_conf = calloc(1, sizeof(*iface_ia_conf)); if (iface_ia_conf == NULL) err(1, "%s: calloc", __func__); - iface_ia_conf->id = ++iface_conf->ia_count; - if (iface_ia_conf->id > MAX_IA) { + iface_ia_conf->id = iface_conf->ia_count++; + if (iface_conf->ia_count > MAX_IA) { yyerror("Too many prefix delegation requests"); YYERROR; } diff --git a/sys/arch/amd64/conf/Makefile.amd64 b/sys/arch/amd64/conf/Makefile.amd64 index 8183af31b..b369f9476 100644 --- a/sys/arch/amd64/conf/Makefile.amd64 +++ b/sys/arch/amd64/conf/Makefile.amd64 @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.amd64,v 1.134 2023/09/06 01:47:36 jsg Exp $ +# $OpenBSD: Makefile.amd64,v 1.135 2024/06/04 15:14:45 deraadt Exp $ # For instructions on building kernels consult the config(8) and options(4) # manual pages. @@ -73,6 +73,7 @@ CMACHFLAGS+= -mno-retpoline -fcf-protection=none .endif .else CMACHFLAGS+= -mretpoline-external-thunk -fcf-protection=branch +CMACHFLAGS+= -fret-clean .endif .if ${COMPILER_VERSION:Mclang} NO_INTEGR_AS= -no-integrated-as diff --git a/sys/arch/amd64/stand/boot/conf.c b/sys/arch/amd64/stand/boot/conf.c index 9e8a4a70d..9709ea06b 100644 --- a/sys/arch/amd64/stand/boot/conf.c +++ b/sys/arch/amd64/stand/boot/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.57 2023/07/22 10:11:19 jsg Exp $ */ +/* $OpenBSD: conf.c,v 1.58 2024/06/04 21:48:20 krw Exp $ */ /* * Copyright (c) 1996 Michael Shalayeff @@ -41,7 +41,7 @@ #include #include -const char version[] = "3.65"; +const char version[] = "3.67"; int debug = 1; diff --git a/sys/arch/amd64/stand/efiboot/conf.c b/sys/arch/amd64/stand/efiboot/conf.c index 1204987c8..d7749f97b 100644 --- a/sys/arch/amd64/stand/efiboot/conf.c +++ b/sys/arch/amd64/stand/efiboot/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.43 2024/04/25 18:31:49 kn Exp $ */ +/* $OpenBSD: conf.c,v 1.44 2024/06/04 21:48:20 krw Exp $ */ /* * Copyright (c) 1996 Michael Shalayeff @@ -40,7 +40,7 @@ #include "efidev.h" #include "efipxe.h" -const char version[] = "3.66"; +const char version[] = "3.67"; #ifdef EFI_DEBUG int debug = 0; diff --git a/sys/arch/amd64/stand/efiboot/diskprobe.c b/sys/arch/amd64/stand/efiboot/diskprobe.c index 48f089c29..5522d10cd 100644 --- a/sys/arch/amd64/stand/efiboot/diskprobe.c +++ b/sys/arch/amd64/stand/efiboot/diskprobe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: diskprobe.c,v 1.2 2020/12/09 18:10:18 krw Exp $ */ +/* $OpenBSD: diskprobe.c,v 1.3 2024/06/04 20:31:35 krw Exp $ */ /* * Copyright (c) 1997 Tobias Weingartner @@ -282,9 +282,10 @@ bootdev_has_hibernate(void) void check_hibernate(struct diskinfo *dip) { + uint8_t buf[DEV_BSIZE]; daddr_t sec; int error; - union hibernate_info hib; + union hibernate_info *hib = (union hibernate_info *)&buf; /* read hibernate */ if (dip->disklabel.d_partitions[1].p_fstype != FS_SWAP || @@ -292,10 +293,10 @@ check_hibernate(struct diskinfo *dip) return; sec = DL_GETPOFFSET(&dip->disklabel.d_partitions[1]) + - DL_GETPSIZE(&dip->disklabel.d_partitions[1]) - - (sizeof(union hibernate_info) / DEV_BSIZE); + DL_GETPSIZE(&dip->disklabel.d_partitions[1]) - 1; - error = dip->strategy(dip, F_READ, sec, sizeof hib, &hib, NULL); - if (error == 0 && hib.magic == HIBERNATE_MAGIC) + error = dip->strategy(dip, F_READ, DL_SECTOBLK(&dip->disklabel, sec), + sizeof buf, &buf, NULL); + if (error == 0 && hib->magic == HIBERNATE_MAGIC) dip->bios_info.flags |= BDI_HIBVALID; /* Hibernate present */ } diff --git a/sys/arch/amd64/stand/libsa/diskprobe.c b/sys/arch/amd64/stand/libsa/diskprobe.c index 5b15988bf..66e068b31 100644 --- a/sys/arch/amd64/stand/libsa/diskprobe.c +++ b/sys/arch/amd64/stand/libsa/diskprobe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: diskprobe.c,v 1.27 2022/09/01 13:45:26 krw Exp $ */ +/* $OpenBSD: diskprobe.c,v 1.28 2024/06/04 20:31:35 krw Exp $ */ /* * Copyright (c) 1997 Tobias Weingartner @@ -390,9 +390,10 @@ bootdev_has_hibernate(void) void check_hibernate(struct diskinfo *dip) { + uint8_t buf[DEV_BSIZE]; daddr_t sec; int error; - union hibernate_info hib; + union hibernate_info *hib = (union hibernate_info *)&buf; /* read hibernate */ if (dip->disklabel.d_partitions[1].p_fstype != FS_SWAP || @@ -400,11 +401,10 @@ check_hibernate(struct diskinfo *dip) return; sec = DL_GETPOFFSET(&dip->disklabel.d_partitions[1]) + - DL_GETPSIZE(&dip->disklabel.d_partitions[1]) - - (sizeof(union hibernate_info) / DEV_BSIZE); + DL_GETPSIZE(&dip->disklabel.d_partitions[1]) - 1; - error = dip->strategy(dip, F_READ, sec, sizeof hib, &hib, - NULL); - if (error == 0 && hib.magic == HIBERNATE_MAGIC) + error = dip->strategy(dip, F_READ, DL_SECTOBLK(&dip->disklabel, sec), + sizeof buf, &buf, NULL); + if (error == 0 && hib->magic == HIBERNATE_MAGIC) dip->bios_info.flags |= BDI_HIBVALID; /* Hibernate present */ } diff --git a/sys/arch/i386/stand/boot/conf.c b/sys/arch/i386/stand/boot/conf.c index 082480a01..aaa3057c2 100644 --- a/sys/arch/i386/stand/boot/conf.c +++ b/sys/arch/i386/stand/boot/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.78 2023/07/22 10:11:20 jsg Exp $ */ +/* $OpenBSD: conf.c,v 1.79 2024/06/04 21:48:20 krw Exp $ */ /* * Copyright (c) 1996 Michael Shalayeff @@ -42,7 +42,7 @@ #include #include "debug.h" -const char version[] = "3.65"; +const char version[] = "3.67"; int debug = 1; diff --git a/sys/arch/i386/stand/libsa/diskprobe.c b/sys/arch/i386/stand/libsa/diskprobe.c index d2876cb8d..b309a5c0a 100644 --- a/sys/arch/i386/stand/libsa/diskprobe.c +++ b/sys/arch/i386/stand/libsa/diskprobe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: diskprobe.c,v 1.48 2022/09/01 13:45:26 krw Exp $ */ +/* $OpenBSD: diskprobe.c,v 1.49 2024/06/04 20:31:35 krw Exp $ */ /* * Copyright (c) 1997 Tobias Weingartner @@ -467,9 +467,10 @@ bootdev_has_hibernate(void) void check_hibernate(struct diskinfo *dip) { + uint8_t buf[DEV_BSIZE]; daddr_t sec; int error; - union hibernate_info hib; + union hibernate_info *hib = (union hibernate_info *)&buf; /* read hibernate */ if (dip->disklabel.d_partitions[1].p_fstype != FS_SWAP || @@ -477,10 +478,10 @@ check_hibernate(struct diskinfo *dip) return; sec = DL_GETPOFFSET(&dip->disklabel.d_partitions[1]) + - DL_GETPSIZE(&dip->disklabel.d_partitions[1]) - - (sizeof(union hibernate_info) / DEV_BSIZE); + DL_GETPSIZE(&dip->disklabel.d_partitions[1]) - 1; - error = dip->strategy(dip, F_READ, sec, sizeof hib, &hib, NULL); - if (error == 0 && hib.magic == HIBERNATE_MAGIC) + error = dip->strategy(dip, F_READ, DL_SECTOBLK(&dip->disklabel, sec), + sizeof buf, &buf, NULL); + if (error == 0 && hib->magic == HIBERNATE_MAGIC) dip->bios_info.flags |= BDI_HIBVALID; /* Hibernate present */ } diff --git a/sys/dev/ic/nvme.c b/sys/dev/ic/nvme.c index 4f0f2a336..fe8764b03 100644 --- a/sys/dev/ic/nvme.c +++ b/sys/dev/ic/nvme.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nvme.c,v 1.116 2024/06/03 12:01:57 mglocker Exp $ */ +/* $OpenBSD: nvme.c,v 1.117 2024/06/04 20:31:35 krw Exp $ */ /* * Copyright (c) 2014 David Gwynne @@ -1695,6 +1695,7 @@ nvme_hibernate_io(dev_t dev, daddr_t blkno, vaddr_t addr, size_t size, daddr_t poffset; size_t psize; + u_int32_t secsize; } *my = page; struct nvme_sqe_io *isqe; struct nvme_cqe *icqe; @@ -1707,6 +1708,8 @@ nvme_hibernate_io(dev_t dev, daddr_t blkno, vaddr_t addr, size_t size, if (op == HIB_INIT) { struct device *disk; struct device *scsibus; + struct nvm_identify_namespace *ns; + struct nvm_namespace_format *f; extern struct cfdriver sd_cd; struct scsi_link *link; struct scsibus_softc *bus_sc; @@ -1729,9 +1732,12 @@ nvme_hibernate_io(dev_t dev, daddr_t blkno, vaddr_t addr, size_t size, } if (my->nsid == 0) return (EIO); + ns = my->sc->sc_namespaces[my->nsid].ident; + f = &ns->lbaf[NVME_ID_NS_FLBAS(ns->flbas)]; my->poffset = blkno; my->psize = size; + my->secsize = 1 << f->lbads; memset(NVME_DMA_KVA(my->sc->sc_hib_q->q_cq_dmamem), 0, my->sc->sc_hib_q->q_entries * sizeof(struct nvme_cqe)); @@ -1771,6 +1777,9 @@ nvme_hibernate_io(dev_t dev, daddr_t blkno, vaddr_t addr, size_t size, if (op != HIB_W) return (0); + if (blkno + (size / DEV_BSIZE) > my->psize) + return E2BIG; + isqe = NVME_DMA_KVA(my->sc->sc_hib_q->q_sq_dmamem); isqe += my->sq_tail; if (++my->sq_tail == my->sc->sc_hib_q->q_entries) @@ -1796,8 +1805,8 @@ nvme_hibernate_io(dev_t dev, daddr_t blkno, vaddr_t addr, size_t size, } } - isqe->slba = blkno + my->poffset; - isqe->nlb = (size / DEV_BSIZE) - 1; + isqe->slba = (blkno + my->poffset) / (my->secsize / DEV_BSIZE); + isqe->nlb = (size / my->secsize) - 1; isqe->cid = blkno % 0xffff; nvme_write4(my->sc, NVME_SQTDBL(NVME_HIB_Q, my->sc->sc_dstrd), diff --git a/sys/dev/pv/if_vio.c b/sys/dev/pv/if_vio.c index 2f750c271..8ce83ed05 100644 --- a/sys/dev/pv/if_vio.c +++ b/sys/dev/pv/if_vio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vio.c,v 1.36 2024/05/28 12:11:26 jan Exp $ */ +/* $OpenBSD: if_vio.c,v 1.37 2024/06/04 09:51:52 jan Exp $ */ /* * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg. @@ -124,7 +124,7 @@ static const struct virtio_feature_name virtio_net_feature_names[] = { { VIRTIO_NET_F_MQ, "MQ" }, { VIRTIO_NET_F_CTRL_MAC_ADDR, "CtrlMAC" }, #endif - { 0, NULL } + { 0, NULL } }; /* Status */ @@ -586,8 +586,8 @@ vio_attach(struct device *parent, struct device *self, void *aux) virtio_postpone_intr_far(&sc->sc_vq[VQTX]); else virtio_stop_vq_intr(vsc, &sc->sc_vq[VQTX]); - if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ) - && virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_RX)) { + if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ) && + virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_RX)) { if (virtio_alloc_vq(vsc, &sc->sc_vq[VQCTL], 2, NBPG, 1, "control") == 0) { sc->sc_vq[VQCTL].vq_done = vio_ctrleof; @@ -1036,7 +1036,7 @@ vio_populate_rx_mbufs(struct vio_softc *sc) break; } bus_dmamap_sync(vsc->sc_dmat, sc->sc_rx_dmamaps[slot], 0, - MCLBYTES, BUS_DMASYNC_PREREAD); + sc->sc_rx_dmamaps[slot]->dm_mapsize, BUS_DMASYNC_PREREAD); if (mrg_rxbuf) { virtio_enqueue(vq, slot, sc->sc_rx_dmamaps[slot], 0); } else { @@ -1101,7 +1101,7 @@ vio_rxeof(struct vio_softc *sc) while (virtio_dequeue(vsc, vq, &slot, &len) == 0) { r = 1; bus_dmamap_sync(vsc->sc_dmat, sc->sc_rx_dmamaps[slot], 0, - MCLBYTES, BUS_DMASYNC_POSTREAD); + sc->sc_rx_dmamaps[slot]->dm_mapsize, BUS_DMASYNC_POSTREAD); m = sc->sc_rx_mbufs[slot]; KASSERT(m != NULL); bus_dmamap_unload(vsc->sc_dmat, sc->sc_rx_dmamaps[slot]); @@ -1134,9 +1134,8 @@ vio_rxeof(struct vio_softc *sc) } } if (m0 != NULL) { - DPRINTF("%s: expected %d buffers, got %d\n", __func__, - (int)hdr->num_buffers, - (int)hdr->num_buffers - bufs_left); + DPRINTF("%s: expected %u buffers, got %u\n", __func__, + hdr->num_buffers, hdr->num_buffers - bufs_left); ifp->if_ierrors++; m_freem(m0); } @@ -1247,8 +1246,7 @@ vio_txeof(struct virtqueue *vq) VIO_DMAMEM_SYNC(vsc, sc, hdr, sc->sc_hdr_size, BUS_DMASYNC_POSTWRITE); bus_dmamap_sync(vsc->sc_dmat, sc->sc_tx_dmamaps[slot], 0, - sc->sc_tx_dmamaps[slot]->dm_mapsize, - BUS_DMASYNC_POSTWRITE); + sc->sc_tx_dmamaps[slot]->dm_mapsize, BUS_DMASYNC_POSTWRITE); m = sc->sc_tx_mbufs[slot]; bus_dmamap_unload(vsc->sc_dmat, sc->sc_tx_dmamaps[slot]); sc->sc_tx_mbufs[slot] = NULL; @@ -1368,7 +1366,7 @@ vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff) r = EIO; } - DPRINTF("%s: cmd %d %d: %d\n", __func__, cmd, (int)onoff, r); + DPRINTF("%s: cmd %d %d: %d\n", __func__, cmd, onoff, r); out: vio_ctrl_wakeup(sc, FREE); return r; diff --git a/sys/dev/rnd.c b/sys/dev/rnd.c index 9bce17cc9..483ee30a2 100644 --- a/sys/dev/rnd.c +++ b/sys/dev/rnd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rnd.c,v 1.226 2023/03/08 04:43:08 guenther Exp $ */ +/* $OpenBSD: rnd.c,v 1.227 2024/06/04 08:26:11 claudio Exp $ */ /* * Copyright (c) 2011,2020 Theo de Raadt. @@ -261,7 +261,7 @@ dequeue_randomness(void *v) add_entropy_words(buf, 2); } /* and some probably more damaged */ - startc = rnd_event_cons; + startc = atomic_add_int_nv(&rnd_event_cons, QEVCONSUME) - QEVCONSUME; for (i = 0; i < QEVCONSUME; i++) { u_int e = (startc + i) & (QEVLEN-1); @@ -269,7 +269,6 @@ dequeue_randomness(void *v) buf[1] = rnd_event_space[e].re_val; add_entropy_words(buf, 2); } - rnd_event_cons = startp + QEVCONSUME; } /* diff --git a/sys/kern/subr_hibernate.c b/sys/kern/subr_hibernate.c index 2fe5eb2cb..08f641dad 100644 --- a/sys/kern/subr_hibernate.c +++ b/sys/kern/subr_hibernate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_hibernate.c,v 1.139 2024/04/30 17:12:19 krw Exp $ */ +/* $OpenBSD: subr_hibernate.c,v 1.140 2024/06/04 20:31:35 krw Exp $ */ /* * Copyright (c) 2011 Ariane van der Steldt @@ -36,7 +36,7 @@ #include /* Make sure the signature can fit in one block */ -CTASSERT(sizeof(union hibernate_info) <= DEV_BSIZE); +CTASSERT((offsetof(union hibernate_info, sec_size) + sizeof(u_int32_t)) <= DEV_BSIZE); /* * Hibernate piglet layout information @@ -98,6 +98,8 @@ int hib_debug = 99; #define DNPRINTF(n,x...) #endif +#define ROUNDUP(_x, _y) ((((_x)+(_y)-1)/(_y))*(_y)) + #ifndef NO_PROPOLICE extern long __guard_local; #endif /* ! NO_PROPOLICE */ @@ -592,6 +594,7 @@ get_hibernate_info(union hibernate_info *hib, int suspend) /* Make sure we have a swap partition. */ part = DISKPART(hib->dev); if (dl.d_npartitions <= part || + dl.d_secsize > sizeof(union hibernate_info) || dl.d_partitions[part].p_fstype != FS_SWAP || DL_GETPSIZE(&dl.d_partitions[part]) == 0) return (1); @@ -600,8 +603,9 @@ get_hibernate_info(union hibernate_info *hib, int suspend) hib->magic = HIBERNATE_MAGIC; /* Calculate signature block location */ - hib->sig_offset = DL_GETPSIZE(&dl.d_partitions[part]) - - sizeof(union hibernate_info)/DEV_BSIZE; + hib->sec_size = dl.d_secsize; + hib->sig_offset = DL_GETPSIZE(&dl.d_partitions[part]) - 1; + hib->sig_offset = DL_SECTOBLK(&dl, hib->sig_offset); SHA256Init(&ctx); SHA256Update(&ctx, version, strlen(version)); @@ -629,8 +633,10 @@ get_hibernate_info(union hibernate_info *hib, int suspend) * a matching HIB_DONE call performed after the write is * completed. */ - if (hib->io_func(hib->dev, DL_GETPOFFSET(&dl.d_partitions[part]), - (vaddr_t)NULL, DL_GETPSIZE(&dl.d_partitions[part]), + if (hib->io_func(hib->dev, + DL_SECTOBLK(&dl, DL_GETPOFFSET(&dl.d_partitions[part])), + (vaddr_t)NULL, + DL_SECTOBLK(&dl, DL_GETPSIZE(&dl.d_partitions[part])), HIB_INIT, hib->io_page)) goto fail; @@ -877,9 +883,12 @@ hibernate_deflate(union hibernate_info *hib, paddr_t src, int hibernate_write_signature(union hibernate_info *hib) { + memset(&disk_hib, 0, hib->sec_size); + memcpy(&disk_hib, hib, DEV_BSIZE); + /* Write hibernate info to disk */ return (hib->io_func(hib->dev, hib->sig_offset, - (vaddr_t)hib, DEV_BSIZE, HIB_W, + (vaddr_t)&disk_hib, hib->sec_size, HIB_W, hib->io_page)); } @@ -921,19 +930,21 @@ hibernate_write_chunktable(union hibernate_info *hib) int hibernate_clear_signature(union hibernate_info *hib) { - union hibernate_info blank_hiber_info; + uint8_t buf[DEV_BSIZE]; /* Zero out a blank hiber_info */ - memset(&blank_hiber_info, 0, sizeof(union hibernate_info)); + memcpy(&buf, &disk_hib, sizeof(buf)); + memset(&disk_hib, 0, hib->sec_size); /* Write (zeroed) hibernate info to disk */ DPRINTF("clearing hibernate signature block location: %lld\n", hib->sig_offset); if (hibernate_block_io(hib, hib->sig_offset, - DEV_BSIZE, (vaddr_t)&blank_hiber_info, 1)) + hib->sec_size, (vaddr_t)&disk_hib, 1)) printf("Warning: could not clear hibernate signature\n"); + memcpy(&disk_hib, buf, sizeof(buf)); return (0); } @@ -1110,7 +1121,8 @@ hibernate_reprotect_ssp(vaddr_t va) void hibernate_resume(void) { - union hibernate_info hib; + uint8_t buf[DEV_BSIZE]; + union hibernate_info *hib = (union hibernate_info *)&buf; int s; #ifndef NO_PROPOLICE vsize_t off = (vaddr_t)&__guard_local - @@ -1119,8 +1131,8 @@ hibernate_resume(void) #endif /* Get current running machine's hibernate info */ - memset(&hib, 0, sizeof(hib)); - if (get_hibernate_info(&hib, 0)) { + memset(buf, 0, sizeof(buf)); + if (get_hibernate_info(hib, 0)) { DPRINTF("couldn't retrieve machine's hibernate info\n"); return; } @@ -1129,11 +1141,11 @@ hibernate_resume(void) s = splbio(); DPRINTF("reading hibernate signature block location: %lld\n", - hib.sig_offset); + hib->sig_offset); - if (hibernate_block_io(&hib, - hib.sig_offset, - DEV_BSIZE, (vaddr_t)&disk_hib, 0)) { + if (hibernate_block_io(hib, + hib->sig_offset, + hib->sec_size, (vaddr_t)&disk_hib, 0)) { DPRINTF("error in hibernate read\n"); splx(s); return; @@ -1151,7 +1163,7 @@ hibernate_resume(void) * We (possibly) found a hibernate signature. Clear signature first, * to prevent accidental resume or endless resume cycles later. */ - if (hibernate_clear_signature(&hib)) { + if (hibernate_clear_signature(hib)) { DPRINTF("error clearing hibernate signature block\n"); splx(s); return; @@ -1161,12 +1173,12 @@ hibernate_resume(void) * If on-disk and in-memory hibernate signatures match, * this means we should do a resume from hibernate. */ - if (hibernate_compare_signature(&hib, &disk_hib)) { + if (hibernate_compare_signature(hib, &disk_hib)) { DPRINTF("mismatched hibernate signature block\n"); splx(s); return; } - disk_hib.dev = hib.dev; + disk_hib.dev = hib->dev; #ifdef MULTIPROCESSOR /* XXX - if we fail later, we may need to rehatch APs on some archs */ @@ -1237,8 +1249,9 @@ fail: void hibernate_unpack_image(union hibernate_info *hib) { + uint8_t buf[DEV_BSIZE]; struct hibernate_disk_chunk *chunks; - union hibernate_info local_hib; + union hibernate_info *local_hib = (union hibernate_info *)&buf; paddr_t image_cur = global_pig_start; short i, *fchunks; char *pva; @@ -1251,11 +1264,11 @@ hibernate_unpack_image(union hibernate_info *hib) chunks = (struct hibernate_disk_chunk *)(pva + HIBERNATE_CHUNK_SIZE); /* Can't use hiber_info that's passed in after this point */ - bcopy(hib, &local_hib, sizeof(union hibernate_info)); - local_hib.retguard_ofs = 0; + memcpy(buf, hib, sizeof(buf)); + local_hib->retguard_ofs = 0; /* VA == PA */ - local_hib.piglet_va = local_hib.piglet_pa; + local_hib->piglet_va = local_hib->piglet_pa; /* * Point of no return. Once we pass this point, only kernel code can @@ -1271,12 +1284,12 @@ hibernate_unpack_image(union hibernate_info *hib) DPRINTF("hibernate: activating alt. pagetable and starting unpack\n"); hibernate_activate_resume_pt_machdep(); - for (i = 0; i < local_hib.chunk_ctr; i++) { + for (i = 0; i < local_hib->chunk_ctr; i++) { /* Reset zlib for inflate */ - if (hibernate_zlib_reset(&local_hib, 0) != Z_OK) + if (hibernate_zlib_reset(local_hib, 0) != Z_OK) panic("hibernate failed to reset zlib for inflate"); - hibernate_process_chunk(&local_hib, &chunks[fchunks[i]], + hibernate_process_chunk(local_hib, &chunks[fchunks[i]], image_cur); image_cur += chunks[fchunks[i]].compressed_size; @@ -1446,7 +1459,7 @@ int hibernate_write_chunks(union hibernate_info *hib) { paddr_t range_base, range_end, inaddr, temp_inaddr; - size_t nblocks, out_remaining, used; + size_t out_remaining, used; struct hibernate_disk_chunk *chunks; vaddr_t hibernate_io_page = hib->piglet_va + PAGE_SIZE; daddr_t blkctr = 0; @@ -1553,8 +1566,6 @@ hibernate_write_chunks(union hibernate_info *hib) if (out_remaining == 0) { /* Filled up the page */ - nblocks = PAGE_SIZE / DEV_BSIZE; - if ((err = hib->io_func(hib->dev, blkctr + hib->image_offset, (vaddr_t)hibernate_io_page, @@ -1563,8 +1574,7 @@ hibernate_write_chunks(union hibernate_info *hib) err); return (err); } - - blkctr += nblocks; + blkctr += PAGE_SIZE / DEV_BSIZE; } } } @@ -1600,22 +1610,18 @@ hibernate_write_chunks(union hibernate_info *hib) out_remaining = hibernate_state->hib_stream.avail_out; - used = 2 * PAGE_SIZE - out_remaining; - nblocks = used / DEV_BSIZE; - - /* Round up to next block if needed */ - if (used % DEV_BSIZE != 0) - nblocks ++; + /* Round up to next sector if needed */ + used = ROUNDUP(2 * PAGE_SIZE - out_remaining, hib->sec_size); /* Write final block(s) for this chunk */ if ((err = hib->io_func(hib->dev, blkctr + hib->image_offset, - (vaddr_t)hibernate_io_page, nblocks*DEV_BSIZE, + (vaddr_t)hibernate_io_page, used, HIB_W, hib->io_page))) { DPRINTF("hib final write error %d\n", err); return (err); } - blkctr += nblocks; + blkctr += used / DEV_BSIZE; chunks[i].compressed_size = (blkctr + hib->image_offset - chunks[i].offset) * DEV_BSIZE; @@ -1905,7 +1911,8 @@ hibernate_read_chunks(union hibernate_info *hib, paddr_t pig_start, int hibernate_suspend(void) { - union hibernate_info hib; + uint8_t buf[DEV_BSIZE]; + union hibernate_info *hib = (union hibernate_info *)&buf; u_long start, end; /* @@ -1913,13 +1920,13 @@ hibernate_suspend(void) * This also allocates a piglet whose physaddr is stored in * hib->piglet_pa and vaddr stored in hib->piglet_va */ - if (get_hibernate_info(&hib, 1)) { + if (get_hibernate_info(hib, 1)) { DPRINTF("failed to obtain hibernate info\n"); return (1); } /* Find a page-addressed region in swap [start,end] */ - if (uvm_hibswap(hib.dev, &start, &end)) { + if (uvm_hibswap(hib->dev, &start, &end)) { printf("hibernate: cannot find any swap\n"); return (1); } @@ -1936,26 +1943,26 @@ hibernate_suspend(void) &retguard_end_phys); /* Calculate block offsets in swap */ - hib.image_offset = ctod(start); + hib->image_offset = ctod(start); DPRINTF("hibernate @ block %lld max-length %lu blocks\n", - hib.image_offset, ctod(end) - ctod(start) + 1); + hib->image_offset, ctod(end) - ctod(start) + 1); pmap_activate(curproc); DPRINTF("hibernate: writing chunks\n"); - if (hibernate_write_chunks(&hib)) { + if (hibernate_write_chunks(hib)) { DPRINTF("hibernate_write_chunks failed\n"); return (1); } DPRINTF("hibernate: writing chunktable\n"); - if (hibernate_write_chunktable(&hib)) { + if (hibernate_write_chunktable(hib)) { DPRINTF("hibernate_write_chunktable failed\n"); return (1); } DPRINTF("hibernate: writing signature\n"); - if (hibernate_write_signature(&hib)) { + if (hibernate_write_signature(hib)) { DPRINTF("hibernate_write_signature failed\n"); return (1); } @@ -1967,7 +1974,7 @@ hibernate_suspend(void) * Give the device-specific I/O function a notification that we're * done, and that it can clean up or shutdown as needed. */ - hib.io_func(hib.dev, 0, (vaddr_t)NULL, 0, HIB_DONE, hib.io_page); + hib->io_func(hib->dev, 0, (vaddr_t)NULL, 0, HIB_DONE, hib->io_page); return (0); } diff --git a/sys/sys/hibernate.h b/sys/sys/hibernate.h index 75feaebac..d6c37b277 100644 --- a/sys/sys/hibernate.h +++ b/sys/sys/hibernate.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hibernate.h,v 1.45 2022/01/17 02:54:28 mlarkin Exp $ */ +/* $OpenBSD: hibernate.h,v 1.46 2024/06/04 20:31:35 krw Exp $ */ /* * Copyright (c) 2011 Ariane van der Steldt @@ -106,10 +106,11 @@ union hibernate_info { long guard; #endif /* ! NO_PROPOLICE */ u_int32_t retguard_ofs; + u_int32_t sec_size; }; - /* XXX - remove restriction to have this union fit in a single block */ - char pad[512]; /* Pad to 512 bytes */ + /* XXX - remove restriction to have the struct fit in a single block */ + char pad[4096]; /* Pad to largest allowable disk sector size in bytes */ }; void *hib_alloc(struct hiballoc_arena*, size_t); diff --git a/usr.bin/awk/run.c b/usr.bin/awk/run.c index 04903e121..6f195ede3 100644 --- a/usr.bin/awk/run.c +++ b/usr.bin/awk/run.c @@ -1,4 +1,4 @@ -/* $OpenBSD: run.c,v 1.87 2024/06/03 00:55:05 millert Exp $ */ +/* $OpenBSD: run.c,v 1.88 2024/06/04 14:40:46 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -602,20 +602,18 @@ Cell *intest(Node **a, int n) /* a[0] is index (list), a[1] is symtab */ /* return length 1..4 if yes, 0 if no */ static int u8_isutf(const char *s) { - int n, ret; + int ret; unsigned char c; c = s[0]; - if (c < 128 || awk_mb_cur_max == 1) - return 1; /* what if it's 0? */ - - n = strlen(s); - if (n >= 2 && ((c>>5) & 0x7) == 0x6 && (s[1] & 0xC0) == 0x80) { + if (c < 128 || awk_mb_cur_max == 1) { + ret = 1; /* what if it's 0? */ + } else if (((c>>5) & 0x7) == 0x6 && (s[1] & 0xC0) == 0x80) { ret = 2; /* 110xxxxx 10xxxxxx */ - } else if (n >= 3 && ((c>>4) & 0xF) == 0xE && (s[1] & 0xC0) == 0x80 + } else if (((c>>4) & 0xF) == 0xE && (s[1] & 0xC0) == 0x80 && (s[2] & 0xC0) == 0x80) { ret = 3; /* 1110xxxx 10xxxxxx 10xxxxxx */ - } else if (n >= 4 && ((c>>3) & 0x1F) == 0x1E && (s[1] & 0xC0) == 0x80 + } else if (((c>>3) & 0x1F) == 0x1E && (s[1] & 0xC0) == 0x80 && (s[2] & 0xC0) == 0x80 && (s[3] & 0xC0) == 0x80) { ret = 4; /* 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */ } else { @@ -1018,7 +1016,7 @@ Cell *substr(Node **a, int nnn) /* substr(a[0], a[1], a[2]) */ DPRINTF("substr: m=%d, n=%d, s=%s\n", m, n, s); y = gettemp(); mb = u8_char2byte(s, m-1); /* byte offset of start char in s */ - nb = u8_char2byte(s, m-1+n); /* byte offset of end+1 char in s */ + nb = mb + u8_char2byte(&s[mb], n); /* byte offset of end+1 char in s */ temp = s[nb]; /* with thanks to John Linderman */ s[nb] = '\0'; diff --git a/usr.bin/mg/dired.c b/usr.bin/mg/dired.c index dcb372e3b..a2fe94ddd 100644 --- a/usr.bin/mg/dired.c +++ b/usr.bin/mg/dired.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dired.c,v 1.102 2023/03/08 04:43:11 guenther Exp $ */ +/* $OpenBSD: dired.c,v 1.104 2024/06/04 06:51:15 op Exp $ */ /* This file is in the public domain. */ @@ -34,6 +34,7 @@ static int d_otherwindow(int, int); static int d_undel(int, int); static int d_undelbak(int, int); static int d_findfile(int, int); +static int d_updirectory(int, int); static int d_ffotherwindow(int, int); static int d_expunge(int, int); static int d_copy(int, int); @@ -122,6 +123,10 @@ static PF diredcz[] = { d_create_directory /* + */ }; +static PF diredcaret[] = { + d_updirectory /* ^ */ +}; + static PF direda[] = { d_filevisitalt, /* a */ rescan, /* b */ @@ -172,9 +177,9 @@ static struct KEYMAPE (1) d_backpagemap = { } }; -static struct KEYMAPE (7) diredmap = { - 7, - 7, +static struct KEYMAPE (8) diredmap = { + 8, + 8, rescan, { { @@ -190,6 +195,9 @@ static struct KEYMAPE (7) diredmap = { { CCHR('Z'), '+', diredcz, (KEYMAP *) & metamap }, + { + '^', '^', diredcaret, NULL + }, { 'a', 'j', direda, NULL }, @@ -224,6 +232,7 @@ dired_init(void) funmap_add(d_undel, "dired-unmark", 0); funmap_add(d_undelbak, "dired-unmark-backward", 0); funmap_add(d_killbuffer_cmd, "quit-window", 0); + funmap_add(d_updirectory, "dired-up-directory", 0); maps_add((KEYMAP *)&diredmap, "dired"); dobindkey(fundamental_map, "dired", "^Xd"); } @@ -363,6 +372,28 @@ d_findfile(int f, int n) return (readin(fname)); } +int +d_updirectory(int f, int n) +{ + struct buffer *bp; + int ret; + char fname[NFILEN]; + + ret = snprintf(fname, sizeof(fname), "%s..", curbp->b_fname); + if (ret < 0 || (size_t)ret >= sizeof(fname)) + return (ABORT); /* Name is too long. */ + + bp = dired_(fname); + if (bp == NULL) + return (FALSE); + curbp = bp; + if (showbuffer(bp, curwp, WFFULL) != TRUE) + return (FALSE); + if (bp->b_fname[0] != 0) + return (TRUE); + return (readin(fname)); +} + int d_ffotherwindow(int f, int n) { @@ -1094,7 +1125,7 @@ dired_jump(int f, int n) for (i = 0; i <= curbp->b_nmodes; i++) { modename = curbp->b_modes[i]->p_name; if (strncmp(modename, "dired", 5) == 0) - return (dobeep_msg("In dired mode already")); + return (d_updirectory(f, n)); } if (getbufcwd(dname, sizeof(dname)) != TRUE) diff --git a/usr.bin/mg/mg.1 b/usr.bin/mg/mg.1 index 4faeb8fb2..ca684157d 100644 --- a/usr.bin/mg/mg.1 +++ b/usr.bin/mg/mg.1 @@ -1,7 +1,7 @@ -.\" $OpenBSD: mg.1,v 1.136 2023/10/16 08:33:16 op Exp $ +.\" $OpenBSD: mg.1,v 1.137 2024/06/04 06:48:34 op Exp $ .\" This file is in the public domain. .\" -.Dd $Mdocdate: October 16 2023 $ +.Dd $Mdocdate: June 4 2024 $ .Dt MG 1 .Os .Sh NAME @@ -1055,6 +1055,8 @@ dired-next-line dired-shell-command .It + dired-create-directory +.It ^ +dired-up-directory .It a dired-find-alternate-file .It c @@ -1130,6 +1132,8 @@ Remove the deletion flag for the file on the current line. .It Ic dired-unmark-backward Remove the deletion flag from the file listed on the previous line of the dired buffer, then move up to that line. +.It Ic dired-up-directory +Open a dired buffer in the parent directory. .It Ic quit-window Close the current dired buffer. .El diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc index 7c350905e..5e4cb3856 100644 --- a/usr.bin/ssh/Makefile.inc +++ b/usr.bin/ssh/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.92 2024/05/22 15:24:55 naddy Exp $ +# $OpenBSD: Makefile.inc,v 1.93 2024/06/04 15:14:45 deraadt Exp $ .include @@ -6,6 +6,9 @@ CFLAGS+= -I${.CURDIR}/.. .if ${MACHINE} != "hppa" CFLAGS+= -fstack-protector-all .endif +.if ${MACHINE} == "amd64" +CFLAGS+= -fret-clean +.endif CDIAGFLAGS= -Wall CDIAGFLAGS+= -Wextra diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 625f04793..76d4e4eb8 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.133 2024/06/03 12:58:39 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.136 2024/06/04 14:10:53 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Job Snijders @@ -506,7 +506,7 @@ sbgp_sia(const char *fn, struct cert *cert, X509_EXTENSION *ext) ACCESS_DESCRIPTION *ad; ASN1_OBJECT *oid; const char *mftfilename; - char *carepo = NULL, *rpkimft = NULL; + char *carepo = NULL, *rpkimft = NULL, *notify = NULL; int i, rc = 0; assert(cert->repo == NULL && cert->mft == NULL && cert->notify == NULL); @@ -529,7 +529,7 @@ sbgp_sia(const char *fn, struct cert *cert, X509_EXTENSION *ext) oid = ad->method; if (OBJ_cmp(oid, carepo_oid) == 0) { - if (!x509_location(fn, "SIA: caRepository", NULL, + if (!x509_location(fn, "SIA: caRepository", ad->location, &carepo)) goto out; if (cert->repo == NULL && strncasecmp(carepo, @@ -544,7 +544,7 @@ sbgp_sia(const char *fn, struct cert *cert, X509_EXTENSION *ext) free(carepo); carepo = NULL; } else if (OBJ_cmp(oid, manifest_oid) == 0) { - if (!x509_location(fn, "SIA: rpkiManifest", NULL, + if (!x509_location(fn, "SIA: rpkiManifest", ad->location, &rpkimft)) goto out; if (cert->mft == NULL && strncasecmp(rpkimft, @@ -560,8 +560,30 @@ sbgp_sia(const char *fn, struct cert *cert, X509_EXTENSION *ext) rpkimft = NULL; } else if (OBJ_cmp(oid, notify_oid) == 0) { if (!x509_location(fn, "SIA: rpkiNotify", - HTTPS_PROTO, ad->location, &cert->notify)) + ad->location, ¬ify)) goto out; + if (strncasecmp(notify, HTTPS_PROTO, + HTTPS_PROTO_LEN) != 0) { + warnx("%s: non-https uri in rpkiNotify: %s", + fn, cert->notify); + free(notify); + goto out; + } + if (cert->notify != NULL) { + warnx("%s: unexpected rpkiNotify accessMethod", + fn); + free(notify); + goto out; + } + cert->notify = notify; + notify = NULL; + } else { + char buf[128]; + + OBJ_obj2txt(buf, sizeof(buf), oid, 0); + warnx("%s: RFC 6487 section 4.8.8.1: unexpected" + " accessMethod: %s", fn, buf); + goto out; } } diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 46c64afc9..601d7d289 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.220 2024/05/31 02:45:15 tb Exp $ */ +/* $OpenBSD: extern.h,v 1.221 2024/06/04 04:17:18 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -913,8 +913,8 @@ char *x509_pubkey_get_ski(X509_PUBKEY *, const char *); enum cert_purpose x509_get_purpose(X509 *, const char *); int x509_get_time(const ASN1_TIME *, time_t *); char *x509_convert_seqnum(const char *, const ASN1_INTEGER *); -int x509_location(const char *, const char *, const char *, - GENERAL_NAME *, char **); +int x509_location(const char *, const char *, GENERAL_NAME *, + char **); int x509_inherits(X509 *); int x509_any_inherits(X509 *); int x509_valid_name(const char *, const char *, const X509_NAME *); diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c index 1aad594f3..4082242e5 100644 --- a/usr.sbin/rpki-client/x509.c +++ b/usr.sbin/rpki-client/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.91 2024/06/03 12:58:39 tb Exp $ */ +/* $OpenBSD: x509.c,v 1.93 2024/06/04 14:17:24 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Claudio Jeker @@ -17,6 +17,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include #include #include #include @@ -413,13 +414,14 @@ x509_pubkey_get_ski(X509_PUBKEY *pubkey, const char *fn) * (which has to be freed after use). */ int -x509_get_aia(X509 *x, const char *fn, char **aia) +x509_get_aia(X509 *x, const char *fn, char **out_aia) { ACCESS_DESCRIPTION *ad; AUTHORITY_INFO_ACCESS *info; int crit, rc = 0; - *aia = NULL; + assert(*out_aia == NULL); + info = X509_get_ext_d2i(x, NID_info_access, &crit, NULL); if (info == NULL) { if (crit != -1) { @@ -456,12 +458,12 @@ x509_get_aia(X509 *x, const char *fn, char **aia) goto out; } - if (!x509_location(fn, "AIA: caIssuers", NULL, ad->location, aia)) + if (!x509_location(fn, "AIA: caIssuers", ad->location, out_aia)) goto out; rc = 1; -out: + out: AUTHORITY_INFO_ACCESS_free(info); return rc; } @@ -473,14 +475,14 @@ out: * (which has to be freed after use). */ int -x509_get_sia(X509 *x, const char *fn, char **sia) +x509_get_sia(X509 *x, const char *fn, char **out_sia) { ACCESS_DESCRIPTION *ad; AUTHORITY_INFO_ACCESS *info; ASN1_OBJECT *oid; - int i, crit, rsync_found = 0; + int i, crit, rc = 0; - *sia = NULL; + assert(*out_sia == NULL); info = X509_get_ext_d2i(x, NID_sinfo_access, &crit, NULL); if (info == NULL) { @@ -498,6 +500,8 @@ x509_get_sia(X509 *x, const char *fn, char **sia) } for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) { + char *sia; + ad = sk_ACCESS_DESCRIPTION_value(info, i); oid = ad->method; @@ -522,53 +526,50 @@ x509_get_sia(X509 *x, const char *fn, char **sia) goto out; } - /* Don't fail on non-rsync URI, so check this afterward. */ - if (!x509_location(fn, "SIA: signedObject", NULL, ad->location, - sia)) + sia = NULL; + if (!x509_location(fn, "SIA: signedObject", ad->location, &sia)) goto out; - if (rsync_found) - continue; - - if (strncasecmp(*sia, RSYNC_PROTO, RSYNC_PROTO_LEN) == 0) { - const char *p = *sia + RSYNC_PROTO_LEN; + if (*out_sia == NULL && strncasecmp(sia, RSYNC_PROTO, + RSYNC_PROTO_LEN) == 0) { + const char *p = sia + RSYNC_PROTO_LEN; size_t fnlen, plen; - rsync_found = 1; - - if (filemode) + if (filemode) { + *out_sia = sia; continue; + } fnlen = strlen(fn); plen = strlen(p); if (fnlen < plen || strcmp(p, fn + fnlen - plen) != 0) { warnx("%s: mismatch between pathname and SIA " - "(%s)", fn, *sia); + "(%s)", fn, sia); + free(sia); goto out; } + *out_sia = sia; continue; } - - free(*sia); - *sia = NULL; + if (verbose) + warnx("%s: RFC 6487 section 4.8.8: SIA: " + "ignoring location %s", fn, sia); + free(sia); } - if (!rsync_found) { + if (*out_sia == NULL) { warnx("%s: RFC 6487 section 4.8.8.2: " "SIA without rsync accessLocation", fn); goto out; } - AUTHORITY_INFO_ACCESS_free(info); - return 1; + rc = 1; out: - free(*sia); - *sia = NULL; AUTHORITY_INFO_ACCESS_free(info); - return 0; + return rc; } /* @@ -700,15 +701,16 @@ x509_any_inherits(X509 *x) * after use. */ int -x509_get_crl(X509 *x, const char *fn, char **crl) +x509_get_crl(X509 *x, const char *fn, char **out_crl) { CRL_DIST_POINTS *crldp; DIST_POINT *dp; GENERAL_NAMES *names; GENERAL_NAME *name; - int i, crit, rsync_found = 0; + int i, crit, rc = 0; + + assert(*out_crl == NULL); - *crl = NULL; crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &crit, NULL); if (crldp == NULL) { if (crit != -1) { @@ -762,28 +764,35 @@ x509_get_crl(X509 *x, const char *fn, char **crl) names = dp->distpoint->name.fullname; for (i = 0; i < sk_GENERAL_NAME_num(names); i++) { + char *crl = NULL; + name = sk_GENERAL_NAME_value(names, i); - /* Don't fail on non-rsync URI, so check this afterward. */ - if (!x509_location(fn, "CRL distribution point", NULL, name, - crl)) + if (!x509_location(fn, "CRL distribution point", name, &crl)) goto out; - if (strncasecmp(*crl, RSYNC_PROTO, RSYNC_PROTO_LEN) == 0) { - rsync_found = 1; - goto out; + if (*out_crl == NULL && strncasecmp(crl, RSYNC_PROTO, + RSYNC_PROTO_LEN) == 0) { + *out_crl = crl; + continue; } - - free(*crl); - *crl = NULL; + if (verbose) + warnx("%s: ignoring CRL distribution point %s", + fn, crl); + free(crl); } - warnx("%s: RFC 6487 section 4.8.6: no rsync URI " - "in CRL distributionPoint", fn); + if (*out_crl == NULL) { + warnx("%s: RFC 6487 section 4.8.6: no rsync URI " + "in CRL distributionPoint", fn); + goto out; + } + + rc = 1; out: CRL_DIST_POINTS_free(crldp); - return rsync_found; + return rc; } /* @@ -812,11 +821,13 @@ x509_get_time(const ASN1_TIME *at, time_t *t) * Returns 0 on failure and 1 on success. */ int -x509_location(const char *fn, const char *descr, const char *proto, - GENERAL_NAME *location, char **out) +x509_location(const char *fn, const char *descr, GENERAL_NAME *location, + char **out) { ASN1_IA5STRING *uri; + assert(*out == NULL); + if (location->type != GEN_URI) { warnx("%s: RFC 6487 section 4.8: %s not URI", fn, descr); return 0; @@ -824,17 +835,11 @@ x509_location(const char *fn, const char *descr, const char *proto, uri = location->d.uniformResourceIdentifier; - if (!valid_uri(uri->data, uri->length, proto)) { + if (!valid_uri(uri->data, uri->length, NULL)) { warnx("%s: RFC 6487 section 4.8: %s bad location", fn, descr); return 0; } - if (*out != NULL) { - warnx("%s: RFC 6487 section 4.8: multiple %s specified, " - "using the first one", fn, descr); - return 1; - } - if ((*out = strndup(uri->data, uri->length)) == NULL) err(1, NULL);