sync with OpenBSD -current

lib/libc/thread/rthread_cond.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: rthread_cond.c,v 1.5 2019/01/29 17:40:26 mpi Exp $ */
+/*	$OpenBSD: rthread_cond.c,v 1.6 2024/01/10 04:28:43 cheloha Exp $ */
 /*
  * Copyright (c) 2017 Martin Pieuchot <mpi@openbsd.org>
  * Copyright (c) 2012 Philip Guenther <guenther@openbsd.org>
@@ -142,8 +142,7 @@ pthread_cond_timedwait(pthread_cond_t *condp, pthread_mutex_t *mutexp,
 	}
 
 	cond = *condp;
-	if (abs == NULL || abs->tv_sec < 0 || abs->tv_nsec < 0 ||
+	if (abs == NULL || abs->tv_nsec < 0 || abs->tv_nsec >= 1000000000)
-	    abs->tv_nsec >= 1000000000)
 		return (EINVAL);
 
 	return (_rthread_cond_timedwait(cond, mutexp, abs));

lib/libc/thread/rthread_sync.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: rthread_sync.c,v 1.5 2018/04/24 16:28:42 pirofti Exp $ */
+/*	$OpenBSD: rthread_sync.c,v 1.6 2024/01/10 04:28:43 cheloha Exp $ */
 /*
  * Copyright (c) 2004,2005 Ted Unangst <tedu@openbsd.org>
  * Copyright (c) 2012 Philip Guenther <guenther@openbsd.org>
@@ -317,7 +317,7 @@ pthread_cond_timedwait(pthread_cond_t *condp, pthread_mutex_t *mutexp,
 			abort();
 	}
 
-	if (abstime == NULL || abstime->tv_sec < 0 || abstime->tv_nsec < 0 ||
+	if (abstime == NULL || abstime->tv_nsec < 0 ||
 	    abstime->tv_nsec >= 1000000000)
 		return (EINVAL);
 

lib/libc/thread/synch.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: synch.h,v 1.8 2023/11/08 15:51:28 cheloha Exp $ */
+/*	$OpenBSD: synch.h,v 1.9 2024/01/07 19:44:28 cheloha Exp $ */
 /*
  * Copyright (c) 2017 Martin Pieuchot
  *
@@ -28,7 +28,7 @@ _wake(volatile uint32_t *p, int n)
 static inline int
 _twait(volatile uint32_t *p, int val, clockid_t clockid, const struct timespec *abs)
 {
-	struct timespec rel;
+	struct timespec now, rel;
 	int saved_errno = errno;
 	int error;
 
@@ -41,16 +41,12 @@ _twait(volatile uint32_t *p, int val, clockid_t clockid, const struct timespec *
 		return error;
 	}
 
-	if (!timespecisvalid(abs) || WRAP(clock_gettime)(clockid, &rel))
+	if (!timespecisvalid(abs) || WRAP(clock_gettime)(clockid, &now))
 		return EINVAL;
 
-	rel.tv_sec = abs->tv_sec - rel.tv_sec;
+	if (timespeccmp(abs, &now, <=))
-	if ((rel.tv_nsec = abs->tv_nsec - rel.tv_nsec) < 0) {
-		rel.tv_sec--;
-		rel.tv_nsec += 1000000000;
-	}
-	if (rel.tv_sec < 0)
 		return ETIMEDOUT;
+	timespecsub(abs, &now, &rel);
 
 	error = futex(p, FUTEX_WAIT_PRIVATE, val, &rel, NULL);
 	if (error == -1) {

lib/libcrypto/crypto_init.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_init.c,v 1.14 2024/01/06 17:43:39 tb Exp $ */
+/*	$OpenBSD: crypto_init.c,v 1.15 2024/01/07 19:59:32 tb Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  *
@@ -84,7 +84,6 @@ OPENSSL_cleanup(void)
 	EVP_cleanup();
 
 	X509V3_EXT_cleanup();
-	X509_TRUST_cleanup();
 	X509_VERIFY_PARAM_table_cleanup();
 
 	x509_issuer_cache_free();

lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.19 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.20 2024/01/08 09:31:09 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
  *
@@ -541,7 +541,7 @@ aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 	}
 }
 
-static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
+static const EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
 #ifdef NID_aes_128_cbc_hmac_sha1
 	.nid = NID_aes_128_cbc_hmac_sha1,
 #else
@@ -558,7 +558,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
 	.ctrl = aesni_cbc_hmac_sha1_ctrl
 };
 
-static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
+static const EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
 #ifdef NID_aes_256_cbc_hmac_sha1
 	.nid = NID_aes_256_cbc_hmac_sha1,
 #else

lib/libcrypto/evp/e_null.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_null.c,v 1.19 2024/01/04 17:38:36 tb Exp $ */
+/* $OpenBSD: e_null.c,v 1.20 2024/01/07 15:42:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -70,16 +70,18 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl);
 
 static const EVP_CIPHER n_cipher = {
-	NID_undef,
+	.nid = NID_undef,
-	1, 0, 0,
+	.block_size = 1,
-	0,
+	.key_len = 0,
-	null_init_key,
+	.iv_len = 0,
-	null_cipher,
+	.flags = 0,
-	NULL,
+	.init = null_init_key,
-	0,
+	.do_cipher = null_cipher,
-	NULL,
+	.cleanup = NULL,
-	NULL,
+	.ctx_size = 0,
-	NULL,
+	.set_asn1_parameters = NULL,
+	.get_asn1_parameters = NULL,
+	.ctrl = NULL,
 };
 
 const EVP_CIPHER *

lib/libcrypto/evp/e_rc2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc2.c,v 1.26 2024/01/04 17:38:36 tb Exp $ */
+/* $OpenBSD: e_rc2.c,v 1.27 2024/01/07 15:42:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -248,29 +248,33 @@ EVP_rc2_ecb(void)
 #define RC2_128_MAGIC	0x3a
 
 static const EVP_CIPHER r2_64_cbc_cipher = {
-	NID_rc2_64_cbc,
+	.nid = NID_rc2_64_cbc,
-	8, 8 /* 64 bit */, 8,
+	.block_size = 8,
-	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+	.key_len = 8,
-	rc2_init_key,
+	.iv_len = 8,
-	rc2_cbc_cipher,
+	.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-	NULL,
+	.init = rc2_init_key,
-	sizeof(EVP_RC2_KEY),
+	.do_cipher = rc2_cbc_cipher,
-	rc2_set_asn1_type_and_iv,
+	.cleanup = NULL,
-	rc2_get_asn1_type_and_iv,
+	.ctx_size = sizeof(EVP_RC2_KEY),
-	rc2_ctrl,
+	.set_asn1_parameters = rc2_set_asn1_type_and_iv,
+	.get_asn1_parameters = rc2_get_asn1_type_and_iv,
+	.ctrl = rc2_ctrl,
 };
 
 static const EVP_CIPHER r2_40_cbc_cipher = {
-	NID_rc2_40_cbc,
+	.nid = NID_rc2_40_cbc,
-	8, 5 /* 40 bit */, 8,
+	.block_size = 8,
-	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+	.key_len = 5,
-	rc2_init_key,
+	.iv_len = 8,
-	rc2_cbc_cipher,
+	.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-	NULL,
+	.init = rc2_init_key,
-	sizeof(EVP_RC2_KEY),
+	.do_cipher = rc2_cbc_cipher,
-	rc2_set_asn1_type_and_iv,
+	.cleanup = NULL,
-	rc2_get_asn1_type_and_iv,
+	.ctx_size = sizeof(EVP_RC2_KEY),
-	rc2_ctrl,
+	.set_asn1_parameters = rc2_set_asn1_type_and_iv,
+	.get_asn1_parameters = rc2_get_asn1_type_and_iv,
+	.ctrl = rc2_ctrl,
 };
 
 const EVP_CIPHER *

lib/libcrypto/evp/e_rc4.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc4.c,v 1.18 2024/01/04 17:38:36 tb Exp $ */
+/* $OpenBSD: e_rc4.c,v 1.19 2024/01/07 15:42:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -83,29 +83,33 @@ static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl);
 
 static const EVP_CIPHER r4_cipher = {
-	NID_rc4,
+	.nid = NID_rc4,
-	1, EVP_RC4_KEY_SIZE, 0,
+	.block_size = 1,
-	EVP_CIPH_VARIABLE_LENGTH,
+	.key_len = EVP_RC4_KEY_SIZE,
-	rc4_init_key,
+	.iv_len = 0,
-	rc4_cipher,
+	.flags = EVP_CIPH_VARIABLE_LENGTH,
-	NULL,
+	.init = rc4_init_key,
-	sizeof(EVP_RC4_KEY),
+	.do_cipher = rc4_cipher,
-	NULL,
+	.cleanup = NULL,
-	NULL,
+	.ctx_size = sizeof(EVP_RC4_KEY),
-	NULL,
+	.set_asn1_parameters = NULL,
+	.get_asn1_parameters = NULL,
+	.ctrl = NULL,
 };
 
 static const EVP_CIPHER r4_40_cipher = {
-	NID_rc4_40,
+	.nid = NID_rc4_40,
-	1, 5 /* 40 bit */, 0,
+	.block_size = 1,
-	EVP_CIPH_VARIABLE_LENGTH,
+	.key_len = 5,
-	rc4_init_key,
+	.iv_len = 0,
-	rc4_cipher,
+	.flags = EVP_CIPH_VARIABLE_LENGTH,
-	NULL,
+	.init = rc4_init_key,
-	sizeof(EVP_RC4_KEY),
+	.do_cipher = rc4_cipher,
-	NULL,
+	.cleanup = NULL,
-	NULL,
+	.ctx_size = sizeof(EVP_RC4_KEY),
-	NULL,
+	.set_asn1_parameters = NULL,
+	.get_asn1_parameters = NULL,
+	.ctrl = NULL,
 };
 
 const EVP_CIPHER *

lib/libcrypto/evp/e_rc4_hmac_md5.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc4_hmac_md5.c,v 1.13 2024/01/04 17:38:36 tb Exp $ */
+/* $OpenBSD: e_rc4_hmac_md5.c,v 1.15 2024/01/07 16:18:18 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *
@@ -281,21 +281,23 @@ rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 	}
 }
 
-static EVP_CIPHER r4_hmac_md5_cipher = {
+static const EVP_CIPHER r4_hmac_md5_cipher = {
 #ifdef NID_rc4_hmac_md5
-	NID_rc4_hmac_md5,
+	.nid = NID_rc4_hmac_md5,
 #else
-	NID_undef,
+	.nid = NID_undef,
 #endif
-	1, EVP_RC4_KEY_SIZE, 0,
+	.block_size = 1,
-	EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER,
+	.key_len = EVP_RC4_KEY_SIZE,
-	rc4_hmac_md5_init_key,
+	.iv_len = 0,
-	rc4_hmac_md5_cipher,
+	.flags = EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER,
-	NULL,
+	.init = rc4_hmac_md5_init_key,
-	sizeof(EVP_RC4_HMAC_MD5),
+	.do_cipher = rc4_hmac_md5_cipher,
-	NULL,
+	.cleanup = NULL,
-	NULL,
+	.ctx_size = sizeof(EVP_RC4_HMAC_MD5),
-	rc4_hmac_md5_ctrl,
+	.set_asn1_parameters = NULL,
+	.get_asn1_parameters = NULL,
+	.ctrl = rc4_hmac_md5_ctrl,
 };
 
 const EVP_CIPHER *

lib/libcrypto/evp/e_xcbc_d.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_xcbc_d.c,v 1.16 2024/01/04 17:38:36 tb Exp $ */
+/* $OpenBSD: e_xcbc_d.c,v 1.17 2024/01/07 15:42:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -84,16 +84,18 @@ typedef struct {
 #define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
 
 static const EVP_CIPHER d_xcbc_cipher = {
-	NID_desx_cbc,
+	.nid = NID_desx_cbc,
-	8, 24, 8,
+	.block_size = 8,
-	EVP_CIPH_CBC_MODE,
+	.key_len = 24,
-	desx_cbc_init_key,
+	.iv_len = 8,
-	desx_cbc_cipher,
+	.flags = EVP_CIPH_CBC_MODE,
-	NULL,
+	.init = desx_cbc_init_key,
-	sizeof(DESX_CBC_KEY),
+	.do_cipher = desx_cbc_cipher,
-	EVP_CIPHER_set_asn1_iv,
+	.cleanup = NULL,
-	EVP_CIPHER_get_asn1_iv,
+	.ctx_size = sizeof(DESX_CBC_KEY),
-	NULL,
+	.set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
+	.get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+	.ctrl = NULL,
 };
 
 const EVP_CIPHER *

lib/libcrypto/evp/evp_cipher.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_cipher.c,v 1.15 2024/01/04 09:47:54 tb Exp $ */
+/* $OpenBSD: evp_cipher.c,v 1.16 2024/01/07 15:21:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -902,22 +902,23 @@ EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
 int
 EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
 {
-	int i = 0;
+	int iv_len;
-	int l;
 
-	if (type != NULL) {
+	if (type == NULL)
-		l = EVP_CIPHER_CTX_iv_length(ctx);
+		return 0;
-		if (l < 0 || l > sizeof(ctx->oiv) || l > sizeof(ctx->iv)) {
+
-			EVPerror(EVP_R_IV_TOO_LARGE);
+	iv_len = EVP_CIPHER_CTX_iv_length(ctx);
-			return 0;
+	if (iv_len < 0 || iv_len > sizeof(ctx->oiv) || iv_len > sizeof(ctx->iv)) {
-		}
+		EVPerror(EVP_R_IV_TOO_LARGE);
-		i = ASN1_TYPE_get_octetstring(type, ctx->oiv, l);
+		return 0; /* XXX */
-		if (i != l)
-			return (-1);
-		else if (i > 0)
-			memcpy(ctx->iv, ctx->oiv, l);
 	}
-	return (i);
+	if (ASN1_TYPE_get_octetstring(type, ctx->oiv, iv_len) != iv_len)
+		return -1;
+
+	if (iv_len > 0)
+		memcpy(ctx->iv, ctx->oiv, iv_len);
+
+	return iv_len;
 }
 
 int
@@ -935,18 +936,18 @@ EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
 int
 EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
 {
-	int i = 0;
+	int iv_len;
-	int j;
 
-	if (type != NULL) {
+	if (type == NULL)
-		j = EVP_CIPHER_CTX_iv_length(ctx);
+		return 0;
-		if (j < 0 || j > sizeof(ctx->oiv)) {
+
-			EVPerror(EVP_R_IV_TOO_LARGE);
+	iv_len = EVP_CIPHER_CTX_iv_length(ctx);
-			return 0;
+	if (iv_len < 0 || iv_len > sizeof(ctx->oiv)) {
-		}
+		EVPerror(EVP_R_IV_TOO_LARGE);
-		i = ASN1_TYPE_set_octetstring(type, ctx->oiv, j);
+		return 0;
 	}
-	return (i);
+
+	return ASN1_TYPE_set_octetstring(type, ctx->oiv, iv_len);
 }
 
 int

lib/libcrypto/x509/x509_purp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.34 2024/01/06 17:17:08 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.35 2024/01/07 16:22:46 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -232,7 +232,10 @@ LCRYPTO_ALIAS(X509_PURPOSE_get_by_sname);
 int
 X509_PURPOSE_get_by_id(int purpose)
 {
-	/* X509_PURPOSE_MIN == 1, so the bounds are correct. */
+	/*
+	 * Ensure the purpose identifier is between MIN and MAX inclusive.
+	 * If so, translate it to an index into the xstandard[] table.
+	 */
 	if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX)
 		return -1;
 

lib/libcrypto/x509/x509_trs.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.35 2024/01/08 03:32:01 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -64,9 +64,6 @@
 
 #include "x509_local.h"
 
-static int tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b);
-static void trtable_free(X509_TRUST *p);
-
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
@@ -131,14 +128,6 @@ static X509_TRUST trstandard[] = {
 
 #define X509_TRUST_COUNT	(sizeof(trstandard) / sizeof(trstandard[0]))
 
-static STACK_OF(X509_TRUST) *trtable = NULL;
-
-static int
-tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b)
-{
-	return (*a)->trust - (*b)->trust;
-}
-
 int
 (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
 {
@@ -185,38 +174,31 @@ LCRYPTO_ALIAS(X509_check_trust);
 int
 X509_TRUST_get_count(void)
 {
-	if (!trtable)
+	return X509_TRUST_COUNT;
-		return X509_TRUST_COUNT;
-	return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
 }
 LCRYPTO_ALIAS(X509_TRUST_get_count);
 
 X509_TRUST *
 X509_TRUST_get0(int idx)
 {
-	if (idx < 0)
+	if (idx < 0 || (size_t)idx >= X509_TRUST_COUNT)
 		return NULL;
-	if (idx < (int)X509_TRUST_COUNT)
+
-		return trstandard + idx;
+	return &trstandard[idx];
-	return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
 }
 LCRYPTO_ALIAS(X509_TRUST_get0);
 
 int
 X509_TRUST_get_by_id(int id)
 {
-	X509_TRUST tmp;
+	/*
-	int idx;
+	 * Ensure the trust identifier is between MIN and MAX inclusive.
+	 * If so, translate it into an index into the trstandard[] table.
+	 */
+	if (id < X509_TRUST_MIN || id > X509_TRUST_MAX)
+		return -1;
 
-	if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+	return id - X509_TRUST_MIN;
-		return id - X509_TRUST_MIN;
-	tmp.trust = id;
-	if (!trtable)
-		return -1;
-	idx = sk_X509_TRUST_find(trtable, &tmp);
-	if (idx == -1)
-		return -1;
-	return idx + X509_TRUST_COUNT;
 }
 LCRYPTO_ALIAS(X509_TRUST_get_by_id);
 
@@ -236,85 +218,14 @@ int
 X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
     const char *name, int arg1, void *arg2)
 {
-	int idx;
+	X509error(ERR_R_DISABLED);
-	X509_TRUST *trtmp;
-	char *name_dup;
-
-	/* This is set according to what we change: application can't set it */
-	flags &= ~X509_TRUST_DYNAMIC;
-	/* This will always be set for application modified trust entries */
-	flags |= X509_TRUST_DYNAMIC_NAME;
-	/* Get existing entry if any */
-	idx = X509_TRUST_get_by_id(id);
-	/* Need a new entry */
-	if (idx == -1) {
-		if (!(trtmp = malloc(sizeof(X509_TRUST)))) {
-			X509error(ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		trtmp->flags = X509_TRUST_DYNAMIC;
-	} else {
-		trtmp = X509_TRUST_get0(idx);
-		if (trtmp == NULL) {
-			X509error(X509_R_INVALID_TRUST);
-			return 0;
-		}
-	}
-
-	if ((name_dup = strdup(name)) == NULL)
-		goto err;
-
-	/* free existing name if dynamic */
-	if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
-		free(trtmp->name);
-	/* dup supplied name */
-	trtmp->name = name_dup;
-	/* Keep the dynamic flag of existing entry */
-	trtmp->flags &= X509_TRUST_DYNAMIC;
-	/* Set all other flags */
-	trtmp->flags |= flags;
-
-	trtmp->trust = id;
-	trtmp->check_trust = ck;
-	trtmp->arg1 = arg1;
-	trtmp->arg2 = arg2;
-
-	/* If it's a new entry, manage the dynamic table */
-	if (idx == -1) {
-		if (trtable == NULL &&
-		    (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL)
-			goto err;
-		if (sk_X509_TRUST_push(trtable, trtmp) == 0)
-			goto err;
-	}
-	return 1;
-
-err:
-	free(name_dup);
-	if (idx == -1)
-		free(trtmp);
-	X509error(ERR_R_MALLOC_FAILURE);
 	return 0;
 }
 LCRYPTO_ALIAS(X509_TRUST_add);
 
-static void
-trtable_free(X509_TRUST *p)
-{
-	if (!p)
-		return;
-	if (p->flags & X509_TRUST_DYNAMIC) {
-		if (p->flags & X509_TRUST_DYNAMIC_NAME)
-			free(p->name);
-		free(p);
-	}
-}
-
 void
 X509_TRUST_cleanup(void)
 {
-	sk_X509_TRUST_pop_free(trtable, trtable_free);
-	trtable = NULL;
 }
 LCRYPTO_ALIAS(X509_TRUST_cleanup);
 

lib/libcrypto/x509/x509_vfy.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.135 2023/12/23 00:52:13 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.138 2024/01/09 07:25:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2163,7 +2163,8 @@ X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls);
 
-/* This function is used to set the X509_STORE_CTX purpose and trust
+/*
+ * This function is used to set the X509_STORE_CTX purpose and trust
  * values. This is intended to be used when another structure has its
  * own trust and purpose values which (if set) will be inherited by
  * the ctx. If they aren't set then we will usually have a default
@@ -2172,64 +2173,63 @@ LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls);
  * purpose and trust settings which the application can set: if they
  * aren't set then we use the default of SSL client/server.
  */
-
 int
 X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
     int purpose, int trust)
 {
-	int idx;
+	X509error(ERR_R_DISABLED);
+	return 0;
+}
+LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit);
 
-	/* If purpose not set use default */
+static int
-	if (!purpose)
+x509_vfy_purpose_inherit(X509_STORE_CTX *ctx, int purpose, int trust)
-		purpose = def_purpose;
+{
 	/* If we have a purpose then check it is valid */
-	if (purpose) {
+	if (purpose != 0) {
-		X509_PURPOSE *ptmp;
+		const X509_PURPOSE *purp;
-		idx = X509_PURPOSE_get_by_id(purpose);
+		int purpose_idx;
-		if (idx == -1) {
+
+		if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) {
 			X509error(X509_R_UNKNOWN_PURPOSE_ID);
 			return 0;
 		}
-		ptmp = X509_PURPOSE_get0(idx);
+		purpose_idx = purpose - X509_PURPOSE_MIN;
-		if (ptmp->trust == X509_TRUST_DEFAULT) {
+		if ((purp = X509_PURPOSE_get0(purpose_idx)) == NULL) {
-			idx = X509_PURPOSE_get_by_id(def_purpose);
+			X509error(X509_R_UNKNOWN_PURPOSE_ID);
-			if (idx == -1) {
+			return 0;
-				X509error(X509_R_UNKNOWN_PURPOSE_ID);
-				return 0;
-			}
-			ptmp = X509_PURPOSE_get0(idx);
 		}
-		/* If trust not set then get from purpose default */
+
-		if (!trust)
+		/* If trust is unset, use the purpose's trust. */
-			trust = ptmp->trust;
+		if (trust == 0)
+			trust = purp->trust;
 	}
-	if (trust) {
+	if (trust != 0) {
-		idx = X509_TRUST_get_by_id(trust);
+		if (trust < X509_TRUST_MIN || trust > X509_TRUST_MAX) {
-		if (idx == -1) {
 			X509error(X509_R_UNKNOWN_TRUST_ID);
 			return 0;
 		}
 	}
 
-	if (purpose && !ctx->param->purpose)
+	if (purpose != 0 && ctx->param->purpose == 0)
 		ctx->param->purpose = purpose;
-	if (trust && !ctx->param->trust)
+	if (trust != 0 && ctx->param->trust == 0)
 		ctx->param->trust = trust;
+
 	return 1;
 }
-LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit);
 
 int
 X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
 {
-	return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
+	return x509_vfy_purpose_inherit(ctx, purpose, 0);
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose);
 
 int
 X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
 {
-	return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
+	return x509_vfy_purpose_inherit(ctx, 0, trust);
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_set_trust);
 

lib/libcrypto/x509/x509_vpm.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vpm.c,v 1.41 2023/12/14 12:02:10 tb Exp $ */
+/* $OpenBSD: x509_vpm.c,v 1.42 2024/01/08 09:51:09 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
@@ -61,6 +61,7 @@
 
 #include <openssl/buffer.h>
 #include <openssl/crypto.h>
+#include <openssl/err.h>
 #include <openssl/lhash.h>
 #include <openssl/stack.h>
 #include <openssl/x509.h>
@@ -408,14 +409,26 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_flags);
 int
 X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
 {
-	return X509_PURPOSE_set(&param->purpose, purpose);
+	if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) {
+		X509V3error(X509V3_R_INVALID_PURPOSE);
+		return 0;
+	}
+
+	param->purpose = purpose;
+	return 1;
 }
 LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_purpose);
 
 int
 X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
 {
-	return X509_TRUST_set(&param->trust, trust);
+	if (trust < X509_TRUST_MIN || trust > X509_TRUST_MAX) {
+		X509error(X509_R_INVALID_TRUST);
+		return 0;
+	}
+
+	param->trust = trust;
+	return 1;
 }
 LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_trust);
 

lib/librthread/synch.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: synch.h,v 1.9 2023/11/08 15:51:28 cheloha Exp $ */
+/*	$OpenBSD: synch.h,v 1.10 2024/01/07 19:44:28 cheloha Exp $ */
 /*
  * Copyright (c) 2017 Martin Pieuchot
  *
@@ -28,7 +28,7 @@ _wake(volatile uint32_t *p, int n)
 static inline int
 _twait(volatile uint32_t *p, int val, clockid_t clockid, const struct timespec *abs)
 {
-	struct timespec rel;
+	struct timespec now, rel;
 	int saved_errno = errno;
 	int error;
 
@@ -41,16 +41,12 @@ _twait(volatile uint32_t *p, int val, clockid_t clockid, const struct timespec *
 		return error;
 	}
 
-	if (!timespecisvalid(abs) || clock_gettime(clockid, &rel))
+	if (!timespecisvalid(abs) || clock_gettime(clockid, &now))
 		return EINVAL;
 
-	rel.tv_sec = abs->tv_sec - rel.tv_sec;
+	if (timespeccmp(abs, &now, <=))
-	if ((rel.tv_nsec = abs->tv_nsec - rel.tv_nsec) < 0) {
-		rel.tv_sec--;
-		rel.tv_nsec += 1000000000;
-	}
-	if (rel.tv_sec < 0)
 		return ETIMEDOUT;
+	timespecsub(abs, &now, &rel);
 
 	error = futex(p, FUTEX_WAIT, val, &rel, NULL);
 	if (error == -1) {

regress/usr.bin/ssh/channel-timeout.sh

@@ -1,10 +1,33 @@
-#	$OpenBSD: channel-timeout.sh,v 1.1 2023/01/06 08:07:39 djm Exp $
+#	$OpenBSD: channel-timeout.sh,v 1.2 2024/01/09 22:19:36 djm Exp $
 #	Placed in the Public Domain.
 
 tid="channel timeout"
 
 # XXX not comprehensive. Still need -R -L agent X11 forwarding + interactive
 
+rm -f $OBJ/finished.* $OBJ/mux.*
+
+MUXPATH=$OBJ/mux.$$
+open_mux() {
+	${SSH} -nNfM -oControlPath=$MUXPATH -F $OBJ/ssh_proxy "$@" somehost ||
+	    fatal "open mux failed"
+	test -e $MUXPATH || fatal "mux socket $MUXPATH not established"
+}
+
+close_mux() {
+	test -e $MUXPATH || fatal "mux socket $MUXPATH missing"
+	${SSH} -qF $OBJ/ssh_proxy -oControlPath=$MUXPATH -O exit somehost ||
+	    fatal "could not terminate mux process"
+	for x in 1 2 3 4 5 6 7 8 9 10 ; do
+		test -e $OBJ/mux && break
+		sleep 1
+	done
+	test -e $MUXPATH && fatal "mux did not clean up"
+}
+mux_client() {
+	${SSH} -F $OBJ/ssh_proxy -oControlPath=$MUXPATH somehost "$@"
+}
+
 rm -f $OBJ/sshd_proxy.orig 
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
 
@@ -24,6 +47,15 @@ if [ $r -ne 255 ]; then
 	fail "ssh returned unexpected error code $r"
 fi
 
+verbose "command long timeout"
+(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=60") \
+	> $OBJ/sshd_proxy
+${SSH} -F $OBJ/ssh_proxy somehost "exit 23"
+r=$?
+if [ $r -ne 23 ]; then
+	fail "ssh returned unexpected error code $r"
+fi
+
 verbose "command wildcard timeout"
 (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:*=1") \
 	> $OBJ/sshd_proxy
@@ -42,6 +74,41 @@ if [ $r -ne 23 ]; then
 	fail "ssh failed"
 fi
 
+verbose "multiplexed command timeout"
+(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \
+	> $OBJ/sshd_proxy
+open_mux
+mux_client "sleep 5 ; exit 23"
+r=$?
+if [ $r -ne 255 ]; then
+	fail "ssh returned unexpected error code $r"
+fi
+close_mux
+
+verbose "irrelevant multiplexed command timeout"
+(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \
+	> $OBJ/sshd_proxy
+open_mux
+mux_client "sleep 5 ; exit 23"
+r=$?
+if [ $r -ne 23 ]; then
+	fail "ssh returned unexpected error code $r"
+fi
+close_mux
+
+verbose "global command timeout"
+(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout global=10") \
+	> $OBJ/sshd_proxy
+open_mux
+mux_client "sleep 1 ; echo ok ; sleep 1; echo ok; sleep 60; touch $OBJ/finished.1" >/dev/null &
+mux_client "sleep 60 ; touch $OBJ/finished.2" >/dev/null &
+mux_client "sleep 2 ; touch $OBJ/finished.3" >/dev/null &
+wait
+test -f $OBJ/finished.1 && fail "first mux process completed"
+test -f $OBJ/finished.2 && fail "second mux process completed"
+test -f $OBJ/finished.3 || fail "third mux process did not complete"
+close_mux
+
 # Set up a "slow sftp server" that sleeps before executing the real one.
 cat > $OBJ/slow-sftp-server.sh << _EOF
 #!/bin/sh
@@ -88,4 +155,3 @@ if [ $r -ne 0 ]; then
 	fail "sftp failed"
 fi
 cmp $DATA $COPY || fail "corrupted copy"
-

regress/usr.sbin/rpki-client/Makefile.inc

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.35 2023/10/13 12:12:05 tb Exp $
+# $OpenBSD: Makefile.inc,v 1.36 2024/01/08 08:26:38 tb Exp $
 
 .PATH:		${.CURDIR}/../../../../usr.sbin/rpki-client
 
@@ -92,7 +92,7 @@ run-regress-test-tak: test-tak
 SRCS_test-rrdp+=	test-rrdp.c rrdp_delta.c rrdp_notification.c cms.c \
 			rrdp_snapshot.c rrdp_util.c cert.c as.c mft.c io.c \
 			encoding.c ip.c validate.c crl.c x509.c \
-			constraints-dummy.c rfc3779.c
+			constraints-dummy.c rfc3779.c print.c json.c
 LDADD_test-rrdp+=	-lexpat ${LDADD}
 DPADD_test-rrdp+=	${LIBEXPAT} ${DPADD}
 run-regress-test-rrdp: test-rrdp

regress/usr.sbin/rpki-client/test-rrdp.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: test-rrdp.c,v 1.8 2023/06/24 07:07:36 claudio Exp $ */
+/*	$OpenBSD: test-rrdp.c,v 1.9 2024/01/08 08:26:38 tb Exp $ */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -35,8 +35,9 @@
 #include "extern.h"
 #include "rrdp.h"
 
-int verbose;
 int filemode;
+int outformats;
+int verbose;
 
 #define REGRESS_NOTIFY_URI	"https://rpki.example.com/notify.xml"
 

sbin/dump/main.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.64 2023/12/18 13:23:52 otto Exp $	*/
+/*	$OpenBSD: main.c,v 1.65 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: main.c,v 1.14 1997/06/05 11:13:24 lukem Exp $	*/
 
 /*-
@@ -455,11 +455,9 @@ main(int argc, char *argv[])
 	tp_bshift = ffs(TP_BSIZE) - 1;
 	if (TP_BSIZE != (1 << tp_bshift))
 		quit("TP_BSIZE (%d) is not a power of 2\n", TP_BSIZE);
-#ifdef FS_44INODEFMT
 	if (sblock->fs_magic == FS_UFS2_MAGIC ||
 	    sblock->fs_inodefmt >= FS_44INODEFMT)
 		spcl.c_flags |= DR_NEWINODEFMT;
-#endif
 	maxino = (ino_t)sblock->fs_ipg * sblock->fs_ncg;
 	mapsize = roundup(howmany(maxino, NBBY), TP_BSIZE);
 	usedinomap = calloc((unsigned) mapsize, sizeof(char));

sbin/dump/traverse.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: traverse.c,v 1.40 2023/02/08 08:25:44 tb Exp $	*/
+/*	$OpenBSD: traverse.c,v 1.41 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: traverse.c,v 1.17 1997/06/05 11:13:27 lukem Exp $	*/
 
 /*-
@@ -547,13 +547,7 @@ dumpino(union dinode *dp, ino_t ino)
 		 * Check for short symbolic link.
 		 */
 		if (DIP(dp, di_size) > 0 &&
-#ifdef FS_44INODEFMT
+		    DIP(dp, di_size) < sblock->fs_maxsymlinklen) {
-		    (DIP(dp, di_size) < sblock->fs_maxsymlinklen ||
-		     (sblock->fs_maxsymlinklen == 0 &&
-			 DIP(dp, di_blocks) == 0))) {
-#else
-		    DIP(dp, di_blocks) == 0) {
-#endif
 			void *shortlink;
 
 			spcl.c_addr[0] = 1;

sbin/fsck_ffs/dir.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dir.c,v 1.33 2023/02/08 08:25:44 tb Exp $	*/
+/*	$OpenBSD: dir.c,v 1.34 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: dir.c,v 1.20 1996/09/27 22:45:11 christos Exp $	*/
 
 /*
@@ -52,10 +52,6 @@ struct	dirtemplate dirhead = {
 	0, 12, DT_DIR, 1, ".",
 	0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
 };
-struct	odirtemplate odirhead = {
-	0, 12, 1, ".",
-	0, DIRBLKSIZ - 12, 2, ".."
-};
 
 static int expanddir(union dinode *, char *);
 static void freedir(ino_t, ino_t);
@@ -210,7 +206,7 @@ dircheck(struct inodesc *idesc, struct direct *dp)
 		return (0);
 	if (dp->d_ino == 0)
 		return (1);
-	size = DIRSIZ(0, dp);
+	size = DIRSIZ(dp);
 	namlen = dp->d_namlen;
 	type = dp->d_type;
 	if (dp->d_reclen < size ||
@@ -292,9 +288,9 @@ mkentry(struct inodesc *idesc)
 	int newlen, oldlen;
 
 	newent.d_namlen = strlen(idesc->id_name);
-	newlen = DIRSIZ(0, &newent);
+	newlen = DIRSIZ(&newent);
 	if (dirp->d_ino != 0)
-		oldlen = DIRSIZ(0, dirp);
+		oldlen = DIRSIZ(dirp);
 	else
 		oldlen = 0;
 	if (dirp->d_reclen - oldlen < newlen)

sbin/fsck_ffs/inode.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: inode.c,v 1.50 2020/07/13 06:52:53 otto Exp $	*/
+/*	$OpenBSD: inode.c,v 1.51 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: inode.c,v 1.23 1996/10/11 20:15:47 thorpej Exp $	*/
 
 /*
@@ -71,8 +71,7 @@ ckinode(union dinode *dp, struct inodesc *idesc)
 	idesc->id_filesize = DIP(dp, di_size);
 	mode = DIP(dp, di_mode) & IFMT;
 	if (mode == IFBLK || mode == IFCHR || (mode == IFLNK &&
-	    (DIP(dp, di_size) < sblock.fs_maxsymlinklen ||
+	    DIP(dp, di_size) < sblock.fs_maxsymlinklen))
-	     (sblock.fs_maxsymlinklen == 0 && DIP(dp, di_blocks) == 0))))
 		return (KEEPON);
 	if (sblock.fs_magic == FS_UFS1_MAGIC)
 		dino.dp1 = dp->dp1;

sbin/fsck_ffs/pass1.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: pass1.c,v 1.47 2020/07/13 06:52:53 otto Exp $	*/
+/*	$OpenBSD: pass1.c,v 1.48 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: pass1.c,v 1.16 1996/09/27 22:45:15 christos Exp $	*/
 
 /*
@@ -266,8 +266,7 @@ checkinode(ino_t inumber, struct inodesc *idesc)
 		 * Fake ndb value so direct/indirect block checks below
 		 * will detect any garbage after symlink string.
 		 */
-		if (DIP(dp, di_size) < sblock.fs_maxsymlinklen ||
+		if (DIP(dp, di_size) < sblock.fs_maxsymlinklen) {
-		    (sblock.fs_maxsymlinklen == 0 && DIP(dp, di_blocks) == 0)) {
 			if (sblock.fs_magic == FS_UFS1_MAGIC)
 				ndb = howmany(DIP(dp, di_size),
 				    sizeof(int32_t));

sbin/fsck_ffs/pass2.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: pass2.c,v 1.37 2015/01/20 18:22:21 deraadt Exp $	*/
+/*	$OpenBSD: pass2.c,v 1.38 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: pass2.c,v 1.17 1996/09/27 22:45:15 christos Exp $	*/
 
 /*
@@ -283,7 +283,7 @@ pass2check(struct inodesc *idesc)
 	proto.d_type = DT_DIR;
 	proto.d_namlen = 1;
 	(void)strlcpy(proto.d_name, ".", sizeof proto.d_name);
-	entrysize = DIRSIZ(0, &proto);
+	entrysize = DIRSIZ(&proto);
 	if (dirp->d_ino != 0 && strcmp(dirp->d_name, "..") != 0) {
 		pfatal("CANNOT FIX, FIRST ENTRY IN DIRECTORY CONTAINS %s\n",
 			dirp->d_name);
@@ -314,9 +314,9 @@ chk1:
 	proto.d_type = DT_DIR;
 	proto.d_namlen = 2;
 	(void)strlcpy(proto.d_name, "..", sizeof proto.d_name);
-	entrysize = DIRSIZ(0, &proto);
+	entrysize = DIRSIZ(&proto);
 	if (idesc->id_entryno == 0) {
-		n = DIRSIZ(0, dirp);
+		n = DIRSIZ(dirp);
 		if (dirp->d_reclen < n + entrysize)
 			goto chk2;
 		proto.d_reclen = dirp->d_reclen - n;

sbin/fsdb/fsdb.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fsdb.c,v 1.35 2022/07/22 09:04:44 jsg Exp $	*/
+/*	$OpenBSD: fsdb.c,v 1.36 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: fsdb.c,v 1.7 1997/01/11 06:50:53 lukem Exp $	*/
 
 /*-
@@ -601,7 +601,7 @@ chnamefunc(struct inodesc *idesc)
 	if (slotcount++ == desired) {
 		/* will name fit? */
 		testdir.d_namlen = strlen(idesc->id_name);
-		if (DIRSIZ(NEWDIRFMT, &testdir) <= dirp->d_reclen) {
+		if (DIRSIZ(&testdir) <= dirp->d_reclen) {
 			dirp->d_namlen = testdir.d_namlen;
 			strlcpy(dirp->d_name, idesc->id_name, sizeof dirp->d_name);
 			return STOP|ALTERED|FOUND;

sbin/newfs/mkfs.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: mkfs.c,v 1.101 2020/06/20 07:49:04 otto Exp $	*/
+/*	$OpenBSD: mkfs.c,v 1.102 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: mkfs.c,v 1.25 1995/06/18 21:35:38 cgd Exp $	*/
 
 /*
@@ -279,13 +279,8 @@ mkfs(struct partition *pp, char *fsys, int fi, int fo, mode_t mfsmode,
 		sblock.fs_sblockloc = SBLOCK_UFS1;
 		sblock.fs_nindir = sblock.fs_bsize / sizeof(int32_t);
 		sblock.fs_inopb = sblock.fs_bsize / sizeof(struct ufs1_dinode);
-		if (Oflag == 0) {
+		sblock.fs_maxsymlinklen = MAXSYMLINKLEN_UFS1;
-			sblock.fs_maxsymlinklen = 0;
+		sblock.fs_inodefmt = FS_44INODEFMT;
-			sblock.fs_inodefmt = FS_42INODEFMT;
-		} else {
-			sblock.fs_maxsymlinklen = MAXSYMLINKLEN_UFS1;
-			sblock.fs_inodefmt = FS_44INODEFMT;
-		}
 		sblock.fs_cgoffset = 0;
 		sblock.fs_cgmask = 0xffffffff;
 		sblock.fs_ffs1_size = sblock.fs_size;
@@ -778,15 +773,6 @@ struct direct root_dir[] = {
 	{ ROOTINO, sizeof(struct direct), DT_DIR, 1, "." },
 	{ ROOTINO, sizeof(struct direct), DT_DIR, 2, ".." },
 };
-struct odirect {
-	u_int32_t d_ino;
-	u_int16_t d_reclen;
-	u_int16_t d_namlen;
-	u_char	d_name[MAXNAMLEN + 1];
-} oroot_dir[] = {
-	{ ROOTINO, sizeof(struct direct), 1, "." },
-	{ ROOTINO, sizeof(struct direct), 2, ".." },
-};
 
 int
 fsinit1(time_t utime, mode_t mfsmode, uid_t mfsuid, gid_t mfsgid)
@@ -814,11 +800,7 @@ fsinit1(time_t utime, mode_t mfsmode, uid_t mfsuid, gid_t mfsgid)
 		node.dp1.di_gid = getegid();
 	}
 	node.dp1.di_nlink = PREDEFDIR;
-	if (Oflag == 0)
+	node.dp1.di_size = makedir(root_dir, PREDEFDIR);
-		node.dp1.di_size = makedir((struct direct *)oroot_dir,
-		    PREDEFDIR);
-	else
-		node.dp1.di_size = makedir(root_dir, PREDEFDIR);
 	node.dp1.di_db[0] = alloc(sblock.fs_fsize, node.dp1.di_mode);
 	if (node.dp1.di_db[0] == 0)
 		return (1);
@@ -919,13 +901,13 @@ makedir(struct direct *protodir, int entries)
 
 	spcleft = DIRBLKSIZ;
 	for (cp = iobuf, i = 0; i < entries - 1; i++) {
-		protodir[i].d_reclen = DIRSIZ(0, &protodir[i]);
+		protodir[i].d_reclen = DIRSIZ(&protodir[i]);
 		memcpy(cp, &protodir[i], protodir[i].d_reclen);
 		cp += protodir[i].d_reclen;
 		spcleft -= protodir[i].d_reclen;
 	}
 	protodir[i].d_reclen = spcleft;
-	memcpy(cp, &protodir[i], DIRSIZ(0, &protodir[i]));
+	memcpy(cp, &protodir[i], DIRSIZ(&protodir[i]));
 	return (DIRBLKSIZ);
 }
 

sbin/newfs/newfs.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: newfs.8,v 1.79 2022/11/19 08:02:11 sthen Exp $
+.\"	$OpenBSD: newfs.8,v 1.80 2024/01/09 03:16:00 guenther Exp $
 .\"	$NetBSD: newfs.8,v 1.12 1995/03/18 14:58:41 cgd Exp $
 .\"
 .\" Copyright (c) 1983, 1987, 1991, 1993, 1994
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)newfs.8	8.3 (Berkeley) 3/27/94
 .\"
-.Dd $Mdocdate: November 19 2022 $
+.Dd $Mdocdate: January 9 2024 $
 .Dt NEWFS 8
 .Os
 .Sh NAME
@@ -186,11 +186,6 @@ without really creating the file system.
 Select the filesystem format:
 .Pp
 .Bl -tag -width 3n -offset indent -compact
-.It 0
-.Bx 4.3
-format file system.
-This option is primarily used to build root file systems that can
-be understood by older boot ROMs.
 .It 1
 Fast File System (FFS), the default for
 .Nm mount_mfs .

sbin/newfs/newfs.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: newfs.c,v 1.117 2022/12/04 23:50:47 cheloha Exp $	*/
+/*	$OpenBSD: newfs.c,v 1.118 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: newfs.c,v 1.20 1996/05/16 07:13:03 thorpej Exp $	*/
 
 /*
@@ -121,7 +121,7 @@ u_short	dkcksum(struct disklabel *);
 
 int	mfs;			/* run as the memory based filesystem */
 int	Nflag;			/* run without writing file system */
-int	Oflag = 2;		/* 0 = 4.3BSD ffs, 1 = 4.4BSD ffs, 2 = ffs2 */
+int	Oflag = 2;		/* 1 = 4.4BSD ffs, 2 = ffs2 */
 daddr_t	fssize;			/* file system size in 512-byte blocks */
 long long	sectorsize;		/* bytes/sector */
 int	fsize = 0;		/* fragment size */
@@ -211,7 +211,7 @@ main(int argc, char *argv[])
 			Nflag = 1;
 			break;
 		case 'O':
-			Oflag = strtonum(optarg, 0, 2, &errstr);
+			Oflag = strtonum(optarg, 1, 2, &errstr);
 			if (errstr)
 				fatal("%s: invalid ffs version", optarg);
 			oflagset = 1;

sbin/restore/dirs.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dirs.c,v 1.42 2019/06/28 13:32:46 deraadt Exp $	*/
+/*	$OpenBSD: dirs.c,v 1.43 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: dirs.c,v 1.26 1997/07/01 05:37:49 lukem Exp $	*/
 
 /*
@@ -175,7 +175,7 @@ extractdirs(int genmode)
 	nulldir.d_namlen = 1;
 	nulldir.d_name[0] = '/';
 	nulldir.d_name[1] = '\0';
-	nulldir.d_reclen = DIRSIZ(0, &nulldir);
+	nulldir.d_reclen = DIRSIZ(&nulldir);
 	for (;;) {
 		curfile.name = "<directory file - name unknown>";
 		curfile.action = USING;
@@ -364,17 +364,17 @@ putdir(char *buf, size_t size)
 			i = DIRBLKSIZ - (loc & (DIRBLKSIZ - 1));
 			if ((dp->d_reclen & 0x3) != 0 ||
 			    dp->d_reclen > i ||
-			    dp->d_reclen < DIRSIZ(0, dp) ||
+			    dp->d_reclen < DIRSIZ(dp) ||
 			    dp->d_namlen > NAME_MAX) {
 				Vprintf(stdout, "Mangled directory: ");
 				if ((dp->d_reclen & 0x3) != 0)
 					Vprintf(stdout,
 					   "reclen not multiple of 4 ");
-				if (dp->d_reclen < DIRSIZ(0, dp))
+				if (dp->d_reclen < DIRSIZ(dp))
 					Vprintf(stdout,
 					   "reclen less than DIRSIZ (%u < %u) ",
 					   (unsigned)dp->d_reclen,
-					   (unsigned)DIRSIZ(0, dp));
+					   (unsigned)DIRSIZ(dp));
 				if (dp->d_namlen > NAME_MAX)
 					Vprintf(stdout,
 					   "reclen name too big (%u > %u) ",
@@ -404,7 +404,7 @@ long prev = 0;
 static void
 putent(struct direct *dp)
 {
-	dp->d_reclen = DIRSIZ(0, dp);
+	dp->d_reclen = DIRSIZ(dp);
 	if (dirloc + dp->d_reclen > DIRBLKSIZ) {
 		((struct direct *)(dirbuf + prev))->d_reclen =
 		    DIRBLKSIZ - prev;
@@ -440,7 +440,7 @@ dcvt(struct odirect *odp, struct direct *ndp)
 	ndp->d_type = DT_UNKNOWN;
 	(void)strncpy(ndp->d_name, odp->d_name, ODIRSIZ);
 	ndp->d_namlen = strlen(ndp->d_name);
-	ndp->d_reclen = DIRSIZ(0, ndp);
+	ndp->d_reclen = DIRSIZ(ndp);
 }
 
 /*

sys/arch/amd64/amd64/vmm_machdep.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: vmm_machdep.c,v 1.13 2024/01/06 13:17:20 dv Exp $ */
+/* $OpenBSD: vmm_machdep.c,v 1.14 2024/01/10 04:13:59 dv Exp $ */
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -3989,6 +3989,13 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp)
 			if (vcpu->vc_exit.vei.vei_dir == VEI_DIR_IN)
 				vcpu->vc_gueststate.vg_rax =
 				    vcpu->vc_exit.vei.vei_data;
+			vcpu->vc_gueststate.vg_rip =
+			    vcpu->vc_exit.vrs.vrs_gprs[VCPU_REGS_RIP];
+			if (vmwrite(VMCS_GUEST_IA32_RIP,
+			    vcpu->vc_gueststate.vg_rip)) {
+				printf("%s: failed to update rip\n", __func__);
+				return (EINVAL);
+			}
 			break;
 		case VMX_EXIT_EPT_VIOLATION:
 			ret = vcpu_writeregs_vmx(vcpu, VM_RWREGS_GPRS, 0,
@@ -4525,7 +4532,6 @@ svm_handle_exit(struct vcpu *vcpu)
 	case SVM_VMEXIT_IOIO:
 		if (svm_handle_inout(vcpu) == 0)
 			ret = EAGAIN;
-		update_rip = 1;
 		break;
 	case SVM_VMEXIT_HLT:
 		ret = svm_handle_hlt(vcpu);
@@ -4610,7 +4616,6 @@ vmx_handle_exit(struct vcpu *vcpu)
 	case VMX_EXIT_IO:
 		if (vmx_handle_inout(vcpu) == 0)
 			ret = EAGAIN;
-		update_rip = 1;
 		break;
 	case VMX_EXIT_EXTINT:
 		vmx_handle_intr(vcpu);
@@ -5159,12 +5164,6 @@ svm_handle_inout(struct vcpu *vcpu)
 	struct vmcb *vmcb = (struct vmcb *)vcpu->vc_control_va;
 
 	insn_length = vmcb->v_exitinfo2 - vmcb->v_rip;
-	if (insn_length != 1 && insn_length != 2) {
-		DPRINTF("%s: IN/OUT instruction with length %lld not "
-		    "supported\n", __func__, insn_length);
-		return (EINVAL);
-	}
-
 	exit_qual = vmcb->v_exitinfo1;
 
 	/* Bit 0 - direction */
@@ -5190,11 +5189,11 @@ svm_handle_inout(struct vcpu *vcpu)
 	/* Data */
 	vcpu->vc_exit.vei.vei_data = vmcb->v_rax;
 
+	vcpu->vc_exit.vei.vei_insn_len = (uint8_t)insn_length;
+
 	TRACEPOINT(vmm, inout, vcpu, vcpu->vc_exit.vei.vei_port,
 	    vcpu->vc_exit.vei.vei_dir, vcpu->vc_exit.vei.vei_data);
 
-	vcpu->vc_gueststate.vg_rip += insn_length;
-
 	return (0);
 }
 
@@ -5220,12 +5219,6 @@ vmx_handle_inout(struct vcpu *vcpu)
 		return (EINVAL);
 	}
 
-	if (insn_length != 1 && insn_length != 2) {
-		DPRINTF("%s: IN/OUT instruction with length %lld not "
-		    "supported\n", __func__, insn_length);
-		return (EINVAL);
-	}
-
 	if (vmx_get_exit_qualification(&exit_qual)) {
 		printf("%s: can't get exit qual\n", __func__);
 		return (EINVAL);
@@ -5249,11 +5242,11 @@ vmx_handle_inout(struct vcpu *vcpu)
 	/* Data */
 	vcpu->vc_exit.vei.vei_data = (uint32_t)vcpu->vc_gueststate.vg_rax;
 
+	vcpu->vc_exit.vei.vei_insn_len = (uint8_t)insn_length;
+
 	TRACEPOINT(vmm, inout, vcpu, vcpu->vc_exit.vei.vei_port,
 	    vcpu->vc_exit.vei.vei_dir, vcpu->vc_exit.vei.vei_data);
 
-	vcpu->vc_gueststate.vg_rip += insn_length;
-
 	return (0);
 }
 
@@ -6416,6 +6409,9 @@ vcpu_run_svm(struct vcpu *vcpu, struct vm_run_params *vrp)
 				    vcpu->vc_exit.vei.vei_data;
 				vmcb->v_rax = vcpu->vc_gueststate.vg_rax;
 			}
+			vcpu->vc_gueststate.vg_rip =
+			    vcpu->vc_exit.vrs.vrs_gprs[VCPU_REGS_RIP];
+			vmcb->v_rip = vcpu->vc_gueststate.vg_rip;
 			break;
 		case SVM_VMEXIT_NPF:
 			ret = vcpu_writeregs_svm(vcpu, VM_RWREGS_GPRS,

sys/arch/amd64/include/vmmvar.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmmvar.h,v 1.96 2024/01/06 13:17:20 dv Exp $	*/
+/*	$OpenBSD: vmmvar.h,v 1.97 2024/01/10 04:13:59 dv Exp $	*/
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -338,6 +338,7 @@ struct vm_exit_inout {
 	uint8_t			vei_encoding;	/* operand encoding */
 	uint16_t		vei_port;	/* port */
 	uint32_t		vei_data;	/* data */
+	uint8_t			vei_insn_len;	/* Count of instruction bytes */
 };
 /*
  *  vm_exit_eptviolation	: describes an EPT VIOLATION exit

sys/dev/acpi/acpi.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: acpi.c,v 1.425 2023/07/08 08:01:10 tobhe Exp $ */
+/* $OpenBSD: acpi.c,v 1.426 2024/01/08 19:52:29 kettenis Exp $ */
 /*
  * Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
  * Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
@@ -1104,16 +1104,16 @@ acpi_attach_common(struct acpi_softc *sc, paddr_t base)
 		printf(" !DSDT");
 
 	p_dsdt = entry->q_table;
-	acpi_parse_aml(sc, p_dsdt->aml, p_dsdt->hdr_length -
+	acpi_parse_aml(sc, NULL, p_dsdt->aml,
-	    sizeof(p_dsdt->hdr));
+	    p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
 
 	/* Load SSDT's */
 	SIMPLEQ_FOREACH(entry, &sc->sc_tables, q_next) {
 		if (memcmp(entry->q_table, SSDT_SIG,
 		    sizeof(SSDT_SIG) - 1) == 0) {
 			p_dsdt = entry->q_table;
-			acpi_parse_aml(sc, p_dsdt->aml, p_dsdt->hdr_length -
+			acpi_parse_aml(sc, NULL, p_dsdt->aml,
-			    sizeof(p_dsdt->hdr));
+			    p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
 		}
 	}
 

sys/dev/acpi/dsdt.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dsdt.c,v 1.264 2021/12/09 20:21:35 patrick Exp $ */
+/* $OpenBSD: dsdt.c,v 1.265 2024/01/08 19:52:29 kettenis Exp $ */
 /*
  * Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
  *
@@ -634,8 +634,9 @@ __aml_search(struct aml_node *root, uint8_t *nameseg, int create)
 
 		SIMPLEQ_INIT(&node->son);
 		SIMPLEQ_INSERT_TAIL(&root->son, node, sib);
+		return node;
 	}
-	return node;
+	return NULL;
 }
 
 /* Get absolute pathname of AML node */
@@ -3742,8 +3743,6 @@ aml_loadtable(struct acpi_softc *sc, const char *signature,
 	struct acpi_dsdt *p_dsdt;
 	struct acpi_q *entry;
 
-	if (strlen(rootpath) > 0)
-		aml_die("LoadTable: RootPathString unsupported");
 	if (strlen(parameterpath) > 0)
 		aml_die("LoadTable: ParameterPathString unsupported");
 
@@ -3755,8 +3754,8 @@ aml_loadtable(struct acpi_softc *sc, const char *signature,
 		    strncmp(hdr->oemtableid, oemtableid,
 		    sizeof(hdr->oemtableid)) == 0) {
 			p_dsdt = entry->q_table;
-			acpi_parse_aml(sc, p_dsdt->aml, p_dsdt->hdr_length -
+			acpi_parse_aml(sc, rootpath, p_dsdt->aml,
-			    sizeof(p_dsdt->hdr));
+			    p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
 			return aml_allocvalue(AML_OBJTYPE_DDBHANDLE, 0, 0);
 		}
 	}
@@ -4520,11 +4519,19 @@ parse_error:
 }
 
 int
-acpi_parse_aml(struct acpi_softc *sc, uint8_t *start, uint32_t length)
+acpi_parse_aml(struct acpi_softc *sc, const char *rootpath,
+    uint8_t *start, uint32_t length)
 {
+	struct aml_node *root = &aml_root;
 	struct aml_scope *scope;
 	struct aml_value res;
 
+	if (rootpath) {
+		root = aml_searchname(&aml_root, rootpath);
+		if (root == NULL)
+			aml_die("Invalid RootPathName %s\n", rootpath);
+	}
+
 	aml_root.start = start;
 	memset(&res, 0, sizeof(res));
 	res.type = AML_OBJTYPE_SCOPE;

sys/dev/acpi/dsdt.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: dsdt.h,v 1.80 2023/04/02 11:32:48 jsg Exp $ */
+/* $OpenBSD: dsdt.h,v 1.81 2024/01/08 19:52:29 kettenis Exp $ */
 /*
  * Copyright (c) 2005 Marco Peereboom <marco@openbsd.org>
  *
@@ -56,8 +56,8 @@ void			aml_walktree(struct aml_node *);
 
 void			aml_find_node(struct aml_node *, const char *,
 			    int (*)(struct aml_node *, void *), void *);
-int			acpi_parse_aml(struct acpi_softc *, u_int8_t *,
+int			acpi_parse_aml(struct acpi_softc *, const char *,
-			    uint32_t);
+			    u_int8_t *, uint32_t);
 void			aml_register_notify(struct aml_node *, const char *,
 			    int (*)(struct aml_node *, int, void *), void *,
 			    int);

sys/dev/pci/drm/drm_drv.c

@@ -783,7 +783,9 @@ void *__devm_drm_dev_alloc(struct device *parent,
 {
 	void *container;
 	struct drm_device *drm;
+#ifdef notyet
 	int ret;
+#endif
 
 	container = kzalloc(size, GFP_KERNEL);
 	if (!container)

sys/dev/pci/drm/include/linux/of.h

@@ -82,6 +82,4 @@ struct device_node *__matching_node(struct device_node *,
 #define for_each_matching_node(a, b) \
 	for (a = __matching_node(NULL, b); a; a = __matching_node(a, b))
 
-static const void *of_device_get_match_data(const struct device *);
-
 #endif

sys/dev/pci/drm/include/linux/platform_device.h

@@ -29,19 +29,19 @@ extern struct bus_type platform_bus_type;
 void __iomem *
 devm_platform_ioremap_resource_byname(struct platform_device *, const char *);
 
-inline void
+static inline void
 platform_set_drvdata(struct platform_device *pdev, void *data)
 {
 	dev_set_drvdata(&pdev->dev, data);
 }
 
-inline void *
+static inline void *
 platform_get_drvdata(struct platform_device *pdev)
 {
 	return dev_get_drvdata(&pdev->dev);
 }
 
-inline int
+static inline int
 platform_driver_register(struct platform_driver *platform_drv)
 {
 	return 0;

sys/dev/pci/if_bnxt.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_bnxt.c,v 1.40 2024/01/04 07:08:47 jmatthew Exp $	*/
+/*	$OpenBSD: if_bnxt.c,v 1.43 2024/01/10 05:06:00 jmatthew Exp $	*/
 /*-
  * Broadcom NetXtreme-C/E network driver.
  *
@@ -742,6 +742,8 @@ bnxt_free_slots(struct bnxt_softc *sc, struct bnxt_slot *slots, int allocated,
 	while (i-- > 0) {
 		bs = &slots[i];
 		bus_dmamap_destroy(sc->sc_dmat, bs->bs_map);
+		if (bs->bs_m != NULL)
+			m_freem(bs->bs_m);
 	}
 	free(slots, M_DEVBUF, total * sizeof(*bs));
 }
@@ -1001,8 +1003,6 @@ bnxt_queue_down(struct bnxt_softc *sc, struct bnxt_queue *bq)
 	struct bnxt_rx_queue *rx = &bq->q_rx;
 	struct bnxt_tx_queue *tx = &bq->q_tx;
 
-	/* empty rx ring first i guess */
-
 	bnxt_free_slots(sc, tx->tx_slots, tx->tx_ring.ring_size,
 	    tx->tx_ring.ring_size);
 	tx->tx_slots = NULL;
@@ -1073,7 +1073,7 @@ bnxt_up(struct bnxt_softc *sc)
 	if (bnxt_hwrm_vnic_ctx_alloc(sc, &sc->sc_vnic.rss_id) != 0) {
 		printf("%s: failed to allocate vnic rss context\n",
 		    DEVNAME(sc));
-		goto down_queues;
+		goto down_all_queues;
 	}
 
 	sc->sc_vnic.id = (uint16_t)HWRM_NA_SIGNATURE;
@@ -1139,8 +1139,11 @@ dealloc_vnic:
 	bnxt_hwrm_vnic_free(sc, &sc->sc_vnic);
 dealloc_vnic_ctx:
 	bnxt_hwrm_vnic_ctx_free(sc, &sc->sc_vnic.rss_id);
+
+down_all_queues:
+	i = sc->sc_nqueues;
 down_queues:
-	for (i = 0; i < sc->sc_nqueues; i++)
+	while (i-- > 0)
 		bnxt_queue_down(sc, &sc->sc_queues[i]);
 
 	bnxt_dmamem_free(sc, sc->sc_rx_cfg);

sys/dev/pci/if_ixl.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_ixl.c,v 1.94 2023/12/30 17:52:27 bluhm Exp $ */
+/*	$OpenBSD: if_ixl.c,v 1.95 2024/01/07 21:01:45 bluhm Exp $ */
 
 /*
  * Copyright (c) 2013-2015, Intel Corporation
@@ -1881,6 +1881,7 @@ ixl_attach(struct device *parent, struct device *self, void *aux)
 		goto free_hmc;
 	}
 
+	mtx_init(&sc->sc_link_state_mtx, IPL_NET);
 	if (ixl_get_link_status(sc) != 0) {
 		/* error printed by ixl_get_link_status */
 		goto free_hmc;
@@ -1987,7 +1988,6 @@ ixl_attach(struct device *parent, struct device *self, void *aux)
 	if_attach_queues(ifp, nqueues);
 	if_attach_iqueues(ifp, nqueues);
 
-	mtx_init(&sc->sc_link_state_mtx, IPL_NET);
 	task_set(&sc->sc_link_state_task, ixl_link_state_update, sc);
 	ixl_wr(sc, I40E_PFINT_ICR0_ENA,
 	    I40E_PFINT_ICR0_ENA_LINK_STAT_CHANGE_MASK |

sys/kern/makesyscalls.sh

@@ -1,5 +1,5 @@
 #! /bin/sh -
-#	$OpenBSD: makesyscalls.sh,v 1.21 2023/12/21 19:34:07 miod Exp $
+#	$OpenBSD: makesyscalls.sh,v 1.22 2024/01/07 20:52:44 miod Exp $
 #	$NetBSD: makesyscalls.sh,v 1.26 1998/01/09 06:17:51 thorpej Exp $
 #
 # Copyright (c) 1994,1996 Christopher G. Demetriou
@@ -326,6 +326,11 @@ function parseline() {
 			parserr($f, "argument definition")
 	} else
 		varargc = argc;
+	if (argc > 6) {
+		printf "%s: line %d: too many syscall arguments (%d > 6)\n", \
+		    infile, NR, argc
+		exit 1
+	}
 }
 function putent(nodefs, compatwrap) {
 	# output syscall declaration for switch table.

sys/netinet/in_pcb.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.c,v 1.283 2024/01/01 22:16:51 bluhm Exp $	*/
+/*	$OpenBSD: in_pcb.c,v 1.284 2024/01/09 19:57:00 bluhm Exp $	*/
 /*	$NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $	*/
 
 /*
@@ -133,7 +133,7 @@ uint64_t in_pcblhash(struct inpcbtable *, u_int, u_short);
 
 struct inpcb *in_pcblookup_lock(struct inpcbtable *, struct in_addr, u_int,
     struct in_addr, u_int, u_int, int);
-int	in_pcbaddrisavail_lock(struct inpcb *, struct sockaddr_in *, int,
+int	in_pcbaddrisavail_lock(const struct inpcb *, struct sockaddr_in *, int,
     struct proc *, int);
 int	in_pcbpickport(u_int16_t *, const void *, int, const struct inpcb *,
     struct proc *);
@@ -365,8 +365,8 @@ in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p)
 }
 
 int
-in_pcbaddrisavail_lock(struct inpcb *inp, struct sockaddr_in *sin, int wild,
+in_pcbaddrisavail_lock(const struct inpcb *inp, struct sockaddr_in *sin,
-    struct proc *p, int lock)
+    int wild, struct proc *p, int lock)
 {
 	struct socket *so = inp->inp_socket;
 	struct inpcbtable *table = inp->inp_table;
@@ -436,8 +436,8 @@ in_pcbaddrisavail_lock(struct inpcb *inp, struct sockaddr_in *sin, int wild,
 }
 
 int
-in_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in *sin, int wild,
+in_pcbaddrisavail(const struct inpcb *inp, struct sockaddr_in *sin,
-    struct proc *p)
+    int wild, struct proc *p)
 {
 	return in_pcbaddrisavail_lock(inp, sin, wild, p, IN_PCBLOCK_GRAB);
 }
@@ -962,7 +962,7 @@ in_pcbselsrc(struct in_addr *insrc, struct sockaddr_in *sin,
 {
 	struct ip_moptions *mopts = inp->inp_moptions;
 	struct route *ro = &inp->inp_route;
-	struct in_addr *laddr = &inp->inp_laddr;
+	const struct in_addr *laddr = &inp->inp_laddr;
 	u_int rtableid = inp->inp_rtableid;
 	struct sockaddr	*ip4_source = NULL;
 

sys/netinet/in_pcb.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.h,v 1.147 2024/01/03 11:07:04 bluhm Exp $	*/
+/*	$OpenBSD: in_pcb.h,v 1.148 2024/01/09 19:57:00 bluhm Exp $	*/
 /*	$NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $	*/
 
 /*
@@ -315,7 +315,7 @@ void	 in_losing(struct inpcb *);
 int	 in_pcballoc(struct socket *, struct inpcbtable *, int);
 int	 in_pcbbind_locked(struct inpcb *, struct mbuf *, struct proc *);
 int	 in_pcbbind(struct inpcb *, struct mbuf *, struct proc *);
-int	 in_pcbaddrisavail(struct inpcb *, struct sockaddr_in *, int,
+int	 in_pcbaddrisavail(const struct inpcb *, struct sockaddr_in *, int,
 	    struct proc *);
 int	 in_pcbconnect(struct inpcb *, struct mbuf *);
 void	 in_pcbdetach(struct inpcb *);
@@ -338,9 +338,9 @@ struct inpcb *
 struct inpcb *
 	 in6_pcblookup_listen(struct inpcbtable *, struct in6_addr *, u_int,
 	    struct mbuf *, u_int);
-int	 in6_pcbaddrisavail_lock(struct inpcb *, struct sockaddr_in6 *, int,
+int	 in6_pcbaddrisavail_lock(const struct inpcb *, struct sockaddr_in6 *,
-	    struct proc *, int);
+	    int, struct proc *, int);
-int	 in6_pcbaddrisavail(struct inpcb *, struct sockaddr_in6 *, int,
+int	 in6_pcbaddrisavail(const struct inpcb *, struct sockaddr_in6 *, int,
 	    struct proc *);
 int	 in6_pcbconnect(struct inpcb *, struct mbuf *);
 void	 in6_setsockaddr(struct inpcb *, struct mbuf *);
@@ -370,7 +370,7 @@ struct rtentry *
 void	in6_pcbnotify(struct inpcbtable *, struct sockaddr_in6 *,
 	u_int, const struct sockaddr_in6 *, u_int, u_int, int, void *,
 	void (*)(struct inpcb *, int));
-int	in6_selecthlim(struct inpcb *);
+int	in6_selecthlim(const struct inpcb *);
 int	in_pcbset_rtableid(struct inpcb *, u_int);
 void	in_pcbset_laddr(struct inpcb *, const struct sockaddr *, u_int);
 void	in_pcbunset_faddr(struct inpcb *);

sys/netinet6/in6_pcb.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6_pcb.c,v 1.131 2023/12/07 16:08:30 bluhm Exp $	*/
+/*	$OpenBSD: in6_pcb.c,v 1.132 2024/01/09 19:57:01 bluhm Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -150,8 +150,8 @@ in6_pcbhash(struct inpcbtable *table, u_int rdomain,
 }
 
 int
-in6_pcbaddrisavail_lock(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild,
+in6_pcbaddrisavail_lock(const struct inpcb *inp, struct sockaddr_in6 *sin6,
-    struct proc *p, int lock)
+    int wild, struct proc *p, int lock)
 {
 	struct socket *so = inp->inp_socket;
 	struct inpcbtable *table = inp->inp_table;
@@ -240,8 +240,8 @@ in6_pcbaddrisavail_lock(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild,
 }
 
 int
-in6_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild,
+in6_pcbaddrisavail(const struct inpcb *inp, struct sockaddr_in6 *sin6,
-    struct proc *p)
+    int wild, struct proc *p)
 {
 	return in6_pcbaddrisavail_lock(inp, sin6, wild, p, IN_PCBLOCK_GRAB);
 }

sys/netinet6/in6_src.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6_src.c,v 1.90 2023/12/15 00:24:56 bluhm Exp $	*/
+/*	$OpenBSD: in6_src.c,v 1.91 2024/01/09 19:57:01 bluhm Exp $	*/
 /*	$KAME: in6_src.c,v 1.36 2001/02/06 04:08:17 itojun Exp $	*/
 
 /*
@@ -422,7 +422,7 @@ in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
 }
 
 int
-in6_selecthlim(struct inpcb *inp)
+in6_selecthlim(const struct inpcb *inp)
 {
 	if (inp && inp->inp_hops >= 0)
 		return (inp->inp_hops);

sys/ufs/ext2fs/ext2fs_dir.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ext2fs_dir.h,v 1.11 2014/07/11 07:59:04 pelikan Exp $	*/
+/*	$OpenBSD: ext2fs_dir.h,v 1.12 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: ext2fs_dir.h,v 1.4 2000/01/28 16:00:23 bouyer Exp $	*/
 
 /*
@@ -61,9 +61,9 @@
  * with null bytes.  All names are guaranteed null terminated.
  * The maximum length of a name in a directory is EXT2FS_MAXNAMLEN.
  *
- * The macro EXT2FS_DIRSIZ(fmt, dp) gives the amount of space required to
+ * The macro EXT2FS_DIRSIZ(dp) gives the amount of space required to
  * represent a directory entry.  Free space in a directory is represented by
- * entries which have dp->e2d_reclen > DIRSIZ(fmt, dp).  All d2fs_bsize bytes
+ * entries which have dp->e2d_reclen > DIRSIZ(dp).  All d2fs_bsize bytes
  * in a directory block are claimed by the directory entries.  This
  * usually results in the last entry in a directory having a large
  * dp->e2d_reclen.  When entries are deleted from a directory, the

sys/ufs/ffs/ffs_inode.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ffs_inode.c,v 1.81 2021/12/12 09:14:59 visa Exp $	*/
+/*	$OpenBSD: ffs_inode.c,v 1.82 2024/01/09 03:15:59 guenther Exp $	*/
 /*	$NetBSD: ffs_inode.c,v 1.10 1996/05/11 18:27:19 mycroft Exp $	*/
 
 /*
@@ -152,9 +152,7 @@ ffs_truncate(struct inode *oip, off_t length, int flags, struct ucred *cred)
 		return (0);
 
 	if (ovp->v_type == VLNK &&
-	    (DIP(oip, size) < oip->i_ump->um_maxsymlinklen ||
+	    DIP(oip, size) < oip->i_ump->um_maxsymlinklen) {
-	     (oip->i_ump->um_maxsymlinklen == 0 &&
-	      oip->i_din1->di_blocks == 0))) {
 #ifdef DIAGNOSTIC
 		if (length != 0)
 			panic("ffs_truncate: partial truncate of symlink");

sys/ufs/ffs/ffs_vfsops.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ffs_vfsops.c,v 1.195 2023/07/05 15:13:28 beck Exp $	*/
+/*	$OpenBSD: ffs_vfsops.c,v 1.196 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: ffs_vfsops.c,v 1.19 1996/02/09 22:22:26 christos Exp $	*/
 
 /*
@@ -675,8 +675,8 @@ ffs_validate(struct fs *fsp)
 		return (0); /* Invalid number of fragments */
 
 	if (fsp->fs_inodefmt == FS_42INODEFMT)
-		fsp->fs_maxsymlinklen = 0;
+		return (0); /* Obsolete format, support broken in 2014 */
-	else if (fsp->fs_maxsymlinklen < 0)
+	if (fsp->fs_maxsymlinklen <= 0)
 		return (0); /* Invalid max size of short symlink */
 
 	return (1); /* Super block is okay */

sys/ufs/ffs/ffs_vnops.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ffs_vnops.c,v 1.100 2022/06/26 05:20:43 visa Exp $	*/
+/*	$OpenBSD: ffs_vnops.c,v 1.101 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: ffs_vnops.c,v 1.7 1996/05/11 18:27:24 mycroft Exp $	*/
 
 /*
@@ -202,8 +202,7 @@ ffs_read(void *v)
 		panic("ffs_read: mode");
 
 	if (vp->v_type == VLNK) {
-		if (DIP(ip, size) < ip->i_ump->um_maxsymlinklen ||
+		if (DIP(ip, size) < ip->i_ump->um_maxsymlinklen)
-		    (ip->i_ump->um_maxsymlinklen == 0 && DIP(ip, blocks) == 0))
 			panic("ffs_read: short symlink");
 	} else if (vp->v_type != VREG && vp->v_type != VDIR)
 		panic("ffs_read: type %d", vp->v_type);

sys/ufs/ufs/dir.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dir.h,v 1.12 2019/05/04 15:38:12 deraadt Exp $	*/
+/*	$OpenBSD: dir.h,v 1.13 2024/01/09 03:15:59 guenther Exp $	*/
 /*	$NetBSD: dir.h,v 1.8 1996/03/09 19:42:41 scottr Exp $	*/
 
 /*
@@ -61,9 +61,9 @@
  * with null bytes.  All names are guaranteed null terminated.
  * The maximum length of a name in a directory is MAXNAMLEN.
  *
- * The macro DIRSIZ(fmt, dp) gives the amount of space required to represent
+ * The macro DIRSIZ(dp) gives the amount of space required to represent
  * a directory entry.  Free space in a directory is represented by
- * entries which have dp->d_reclen > DIRSIZ(fmt, dp).  All DIRBLKSIZ bytes
+ * entries which have dp->d_reclen > DIRSIZ(dp).  All DIRBLKSIZ bytes
  * in a directory block are claimed by the directory entries.  This
  * usually results in the last entry in a directory having a large
  * dp->d_reclen.  When entries are deleted from a directory, the
@@ -112,17 +112,8 @@ struct	direct {
 #define DIRECTSIZ(namlen)						\
 	((offsetof(struct direct, d_name) +				\
 	  ((namlen)+1)*sizeof(((struct direct *)0)->d_name[0]) + 3) & ~3)
-#if (BYTE_ORDER == LITTLE_ENDIAN)
+#define DIRSIZ(dp) \
-#define DIRSIZ(oldfmt, dp) \
-    ((oldfmt) ? \
-    ((sizeof(struct direct) - (MAXNAMLEN+1)) + (((dp)->d_type+1 + 3) &~ 3)) : \
-    ((sizeof(struct direct) - (MAXNAMLEN+1)) + (((dp)->d_namlen+1 + 3) &~ 3)))
-#else
-#define DIRSIZ(oldfmt, dp) \
     ((sizeof(struct direct) - (MAXNAMLEN+1)) + (((dp)->d_namlen+1 + 3) &~ 3))
-#endif
-#define OLDDIRFMT	1
-#define NEWDIRFMT	0
 
 /*
  * Template for manipulating directories.  Should use struct direct's,
@@ -140,18 +131,4 @@ struct dirtemplate {
 	u_int8_t	dotdot_namlen;
 	char		dotdot_name[4];	/* ditto */
 };
-
-/*
- * This is the old format of directories, sanz type element.
- */
-struct odirtemplate {
-	u_int32_t	dot_ino;
-	int16_t		dot_reclen;
-	u_int16_t	dot_namlen;
-	char		dot_name[4];	/* must be multiple of 4 */
-	u_int32_t	dotdot_ino;
-	int16_t		dotdot_reclen;
-	u_int16_t	dotdot_namlen;
-	char		dotdot_name[4];	/* ditto */
-};
 #endif /* !_DIR_H_ */

sys/ufs/ufs/ufs_dirhash.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ufs_dirhash.c,v 1.42 2019/03/15 05:42:38 kevlo Exp $	*/
+/* $OpenBSD: ufs_dirhash.c,v 1.43 2024/01/09 03:15:59 guenther Exp $	*/
 /*
  * Copyright (c) 2001, 2002 Ian Dowse.  All rights reserved.
  *
@@ -50,7 +50,6 @@
 
 #define WRAPINCR(val, limit)	(((val) + 1 == (limit)) ? 0 : ((val) + 1))
 #define WRAPDECR(val, limit)	(((val) == 0) ? ((limit) - 1) : ((val) - 1))
-#define OFSFMT(ip)		((ip)->i_ump->um_maxsymlinklen == 0)
 #define BLKFREE2IDX(n)		((n) > DH_NFSTATS ? DH_NFSTATS : (n))
 
 int ufs_mindirhashsize;
@@ -112,7 +111,7 @@ ufsdirhash_build(struct inode *ip)
 
 	/* Check if we can/should use dirhash. */
 	if (ip->i_dirhash == NULL) {
-		if (DIP(ip, size) < ufs_mindirhashsize || OFSFMT(ip))
+		if (DIP(ip, size) < ufs_mindirhashsize)
 			return (-1);
 	} else {
 		/* Hash exists, but sysctls could have changed. */
@@ -224,7 +223,7 @@ ufsdirhash_build(struct inode *ip)
 				slot = WRAPINCR(slot, dh->dh_hlen);
 			dh->dh_hused++;
 			DH_ENTRY(dh, slot) = pos;
-			ufsdirhash_adjfree(dh, pos, -DIRSIZ(0, ep));
+			ufsdirhash_adjfree(dh, pos, -DIRSIZ(ep));
 		}
 		pos += ep->d_reclen;
 	}
@@ -430,7 +429,7 @@ restart:
 			/* Check for sequential access, and update offset. */
 			if (dh->dh_seqopt == 0 && dh->dh_seqoff == offset)
 				dh->dh_seqopt = 1;
-			dh->dh_seqoff = offset + DIRSIZ(0, dp);
+			dh->dh_seqoff = offset + DIRSIZ(dp);
 
 			*bpp = bp;
 			*offp = offset;
@@ -519,7 +518,7 @@ ufsdirhash_findfree(struct inode *ip, int slotneeded, int *slotsize)
 			brelse(bp);
 			return (-1);
 		}
-		if (dp->d_ino == 0 || dp->d_reclen > DIRSIZ(0, dp))
+		if (dp->d_ino == 0 || dp->d_reclen > DIRSIZ(dp))
 			break;
 		i += dp->d_reclen;
 		dp = (struct direct *)((char *)dp + dp->d_reclen);
@@ -535,7 +534,7 @@ ufsdirhash_findfree(struct inode *ip, int slotneeded, int *slotsize)
 	while (i < DIRBLKSIZ && freebytes < slotneeded) {
 		freebytes += dp->d_reclen;
 		if (dp->d_ino != 0)
-			freebytes -= DIRSIZ(0, dp);
+			freebytes -= DIRSIZ(dp);
 		if (dp->d_reclen == 0) {
 			brelse(bp);
 			return (-1);
@@ -627,7 +626,7 @@ ufsdirhash_add(struct inode *ip, struct direct *dirp, doff_t offset)
 	DH_ENTRY(dh, slot) = offset;
 
 	/* Update the per-block summary info. */
-	ufsdirhash_adjfree(dh, offset, -DIRSIZ(0, dirp));
+	ufsdirhash_adjfree(dh, offset, -DIRSIZ(dirp));
 	DIRHASH_UNLOCK(dh);
 }
 
@@ -660,7 +659,7 @@ ufsdirhash_remove(struct inode *ip, struct direct *dirp, doff_t offset)
 	ufsdirhash_delslot(dh, slot);
 
 	/* Update the per-block summary info. */
-	ufsdirhash_adjfree(dh, offset, DIRSIZ(0, dirp));
+	ufsdirhash_adjfree(dh, offset, DIRSIZ(dirp));
 	DIRHASH_UNLOCK(dh);
 }
 
@@ -835,7 +834,7 @@ ufsdirhash_checkblock(struct inode *ip, char *buf, doff_t offset)
 		/* Check that the entry	exists (will panic if it doesn't). */
 		ufsdirhash_findslot(dh, dp->d_name, dp->d_namlen, offset + i);
 
-		nfree += dp->d_reclen - DIRSIZ(0, dp);
+		nfree += dp->d_reclen - DIRSIZ(dp);
 	}
 	if (i != DIRBLKSIZ)
 		panic("ufsdirhash_checkblock: bad dir end");

sys/ufs/ufs/ufs_lookup.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ufs_lookup.c,v 1.59 2022/01/11 03:13:59 jsg Exp $	*/
+/*	$OpenBSD: ufs_lookup.c,v 1.60 2024/01/09 03:15:59 guenther Exp $	*/
 /*	$NetBSD: ufs_lookup.c,v 1.7 1996/02/09 22:36:06 christos Exp $	*/
 
 /*
@@ -64,8 +64,6 @@ int	dirchk = 1;
 int	dirchk = 0;
 #endif
 
-#define OFSFMT(ip)	((ip)->i_ump->um_maxsymlinklen == 0)
-
 /*
  * Convert a component of a pathname into a pointer to a locked inode.
  * This is a very central and rather complicated routine.
@@ -299,7 +297,7 @@ searchloop:
 			int size = ep->d_reclen;
 
 			if (ep->d_ino != 0)
-				size -= DIRSIZ(OFSFMT(dp), ep);
+				size -= DIRSIZ(ep);
 			if (size > 0) {
 				if (size >= slotneeded) {
 					slotstatus = FOUND;
@@ -322,14 +320,7 @@ searchloop:
 		 * Check for a name match.
 		 */
 		if (ep->d_ino) {
-#			if (BYTE_ORDER == LITTLE_ENDIAN)
+			namlen = ep->d_namlen;
-				if (OFSFMT(dp))
-					namlen = ep->d_type;
-				else
-					namlen = ep->d_namlen;
-#			else
-				namlen = ep->d_namlen;
-#			endif
 			if (namlen == cnp->cn_namelen &&
 			    !memcmp(cnp->cn_nameptr, ep->d_name, namlen)) {
 #ifdef UFS_DIRHASH
@@ -440,9 +431,9 @@ found:
 	 * Check that directory length properly reflects presence
 	 * of this entry.
 	 */
-	if (dp->i_offset + DIRSIZ(OFSFMT(dp), ep) > DIP(dp, size)) {
+	if (dp->i_offset + DIRSIZ(ep) > DIP(dp, size)) {
 		ufs_dirbad(dp, dp->i_offset, "i_ffs_size too small");
-		DIP_ASSIGN(dp, size, dp->i_offset + DIRSIZ(OFSFMT(dp), ep));
+		DIP_ASSIGN(dp, size, dp->i_offset + DIRSIZ(ep));
 		dp->i_flag |= IN_CHANGE | IN_UPDATE;
 	}
 	brelse(bp);
@@ -626,17 +617,10 @@ ufs_dirbadentry(struct vnode *vdp, struct direct *ep, int entryoffsetinblock)
 
 	dp = VTOI(vdp);
 
-#	if (BYTE_ORDER == LITTLE_ENDIAN)
+	namlen = ep->d_namlen;
-		if (OFSFMT(dp))
-			namlen = ep->d_type;
-		else
-			namlen = ep->d_namlen;
-#	else
-		namlen = ep->d_namlen;
-#	endif
 	if ((ep->d_reclen & 0x3) != 0 ||
 	    ep->d_reclen > DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1)) ||
-	    ep->d_reclen < DIRSIZ(OFSFMT(dp), ep) || namlen > MAXNAMLEN) {
+	    ep->d_reclen < DIRSIZ(ep) || namlen > MAXNAMLEN) {
 		/*return (1); */
 		printf("First bad\n");
 		goto bad;
@@ -674,15 +658,7 @@ ufs_makedirentry(struct inode *ip, struct componentname *cnp,
 	memset(newdirp->d_name + (cnp->cn_namelen & ~(DIR_ROUNDUP-1)),
 	    0, DIR_ROUNDUP);
 	memcpy(newdirp->d_name, cnp->cn_nameptr, cnp->cn_namelen);
-	if (OFSFMT(ip)) {
+	newdirp->d_type = IFTODT(DIP(ip, mode));
-		newdirp->d_type = 0;
-#		if (BYTE_ORDER == LITTLE_ENDIAN)
-			{ u_char tmp = newdirp->d_namlen;
-			newdirp->d_namlen = newdirp->d_type;
-			newdirp->d_type = tmp; }
-#		endif
-	} else
-		newdirp->d_type = IFTODT(DIP(ip, mode));
 }
 
 /*
@@ -712,7 +688,7 @@ ufs_direnter(struct vnode *dvp, struct vnode *tvp, struct direct *dirp,
 	cr = cnp->cn_cred;
 	p = cnp->cn_proc;
 	dp = VTOI(dvp);
-	newentrysize = DIRSIZ(OFSFMT(dp), dirp);
+	newentrysize = DIRSIZ(dirp);
 
 	if (dp->i_count == 0) {
 		/*
@@ -827,7 +803,7 @@ ufs_direnter(struct vnode *dvp, struct vnode *tvp, struct direct *dirp,
 	 * dp->i_offset + dp->i_count would yield the space.
 	 */
 	ep = (struct direct *)dirbuf;
-	dsize = ep->d_ino ? DIRSIZ(OFSFMT(dp), ep) : 0;
+	dsize = ep->d_ino ? DIRSIZ(ep) : 0;
 	spacefree = ep->d_reclen - dsize;
 	for (loc = ep->d_reclen; loc < dp->i_count; ) {
 		nep = (struct direct *)(dirbuf + loc);
@@ -852,7 +828,7 @@ ufs_direnter(struct vnode *dvp, struct vnode *tvp, struct direct *dirp,
 			dsize = 0;
 			continue;
 		}
-		dsize = DIRSIZ(OFSFMT(dp), nep);
+		dsize = DIRSIZ(nep);
 		spacefree += nep->d_reclen - dsize;
 #ifdef UFS_DIRHASH
 		if (dp->i_dirhash != NULL)
@@ -1030,8 +1006,7 @@ ufs_dirrewrite(struct inode *dp, struct inode *oip, ufsino_t newinum,
 	if (error)
 		return (error);
 	ep->d_ino = newinum;
-	if (!OFSFMT(dp))
+	ep->d_type = newtype;
-		ep->d_type = newtype;
 	oip->i_effnlink--;
 	if (DOINGSOFTDEP(vdp)) {
 		softdep_change_linkcnt(oip, 0);
@@ -1087,14 +1062,7 @@ ufs_dirempty(struct inode *ip, ufsino_t parentino, struct ucred *cred)
 		if (dp->d_ino == 0)
 			continue;
 		/* accept only "." and ".." */
-#		if (BYTE_ORDER == LITTLE_ENDIAN)
+		namlen = dp->d_namlen;
-			if (OFSFMT(ip))
-				namlen = dp->d_type;
-			else
-				namlen = dp->d_namlen;
-#		else
-			namlen = dp->d_namlen;
-#		endif
 		if (namlen > 2)
 			return (0);
 		if (dp->d_name[0] != '.')
@@ -1145,14 +1113,7 @@ ufs_checkpath(struct inode *source, struct inode *target, struct ucred *cred)
 			IO_NODELOCKED, cred, NULL, curproc);
 		if (error != 0)
 			break;
-#		if (BYTE_ORDER == LITTLE_ENDIAN)
+		namlen = dirbuf.dotdot_namlen;
-			if (OFSFMT(VTOI(vp)))
-				namlen = dirbuf.dotdot_type;
-			else
-				namlen = dirbuf.dotdot_namlen;
-#		else
-			namlen = dirbuf.dotdot_namlen;
-#		endif
 		if (namlen != 2 ||
 		    dirbuf.dotdot_name[0] != '.' ||
 		    dirbuf.dotdot_name[1] != '.') {

sys/ufs/ufs/ufs_vnops.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ufs_vnops.c,v 1.158 2023/09/08 20:00:28 mvs Exp $	*/
+/*	$OpenBSD: ufs_vnops.c,v 1.159 2024/01/09 03:15:59 guenther Exp $	*/
 /*	$NetBSD: ufs_vnops.c,v 1.18 1996/05/11 18:28:04 mycroft Exp $	*/
 
 /*
@@ -81,14 +81,10 @@ void filt_ufsdetach(struct knote *);
 /*
  * A virgin directory (no blushing please).
  */
-static struct dirtemplate mastertemplate = {
+static const struct dirtemplate mastertemplate = {
 	0, 12, DT_DIR, 1, ".",
 	0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
 };
-static struct odirtemplate omastertemplate = {
-	0, 12, 1, ".",
-	0, DIRBLKSIZ - 12, 2, ".."
-};
 
 /*
  * Update the times in the inode
@@ -1127,7 +1123,7 @@ ufs_mkdir(void *v)
 	struct vnode *tvp;
 	struct buf *bp;
 	struct direct newdir;
-	struct dirtemplate dirtemplate, *dtp;
+	struct dirtemplate dirtemplate;
 	int error, dmode, blkoff;
 
 #ifdef DIAGNOSTIC
@@ -1187,11 +1183,7 @@ ufs_mkdir(void *v)
 	/*
 	 * Initialize directory with "." and ".." from static template.
 	 */
-	if (dp->i_ump->um_maxsymlinklen > 0)
+	dirtemplate = mastertemplate;
-		dtp = &mastertemplate;
-	else
-		dtp = (struct dirtemplate *)&omastertemplate;
-	dirtemplate = *dtp;
 	dirtemplate.dot_ino = ip->i_number;
 	dirtemplate.dotdot_ino = dp->i_number;
 
@@ -1411,9 +1403,6 @@ ufs_readdir(void *v)
 	caddr_t diskbuf;
 	size_t count, entries;
 	int bufsize, readcnt, error;
-#if (BYTE_ORDER == LITTLE_ENDIAN)
-	int ofmt = VTOI(ap->a_vp)->i_ump->um_maxsymlinklen == 0;
-#endif
 
 	if (uio->uio_rw != UIO_READ)
 		return (EINVAL);
@@ -1468,16 +1457,8 @@ ufs_readdir(void *v)
 		off += dp->d_reclen;
 		u.dn.d_off = off;
 		u.dn.d_fileno = dp->d_ino;
-#if (BYTE_ORDER == LITTLE_ENDIAN)
+		u.dn.d_type = dp->d_type;
-		if (ofmt) {
+		u.dn.d_namlen = dp->d_namlen;
-			u.dn.d_type = dp->d_namlen;
-			u.dn.d_namlen = dp->d_type;
-		} else
-#endif
-		{
-			u.dn.d_type = dp->d_type;
-			u.dn.d_namlen = dp->d_namlen;
-		}
 		memcpy(u.dn.d_name, dp->d_name, u.dn.d_namlen);
 		memset(u.dn.d_name + u.dn.d_namlen, 0, u.dn.d_reclen
 		    - u.dn.d_namlen - offsetof(struct dirent, d_name));
@@ -1513,10 +1494,8 @@ ufs_readlink(void *v)
 	u_int64_t isize;
 
 	isize = DIP(ip, size);
-	if (isize < ip->i_ump->um_maxsymlinklen ||
+	if (isize < ip->i_ump->um_maxsymlinklen)
-	    (ip->i_ump->um_maxsymlinklen == 0 && DIP(ip, blocks) == 0)) {
 		return (uiomove((char *)SHORTLINK(ip), isize, ap->a_uio));
-	}
 	return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
 }
 

usr.bin/ssh/PROTOCOL

@@ -152,12 +152,13 @@ When an endpoint that supports this extension observes this algorithm
 name in a peer's KEXINIT packet, it MUST make the following changes to
 the protocol:
 
-a) During initial KEX, terminate the connection if any unexpected or
+a) During initial KEX, terminate the connection if out-of-sequence
-   out-of-sequence packet is received. This includes terminating the
+   packet or any message that is not strictly required by KEX is
-   connection if the first packet received is not SSH2_MSG_KEXINIT.
+   received. This includes terminating the connection if the first
-   Unexpected packets for the purpose of strict KEX include messages
+   packet received is not SSH2_MSG_KEXINIT. Unexpected packets for
-   that are otherwise valid at any time during the connection such as
+   the purpose of strict KEX include messages that are otherwise
-   SSH2_MSG_DEBUG and SSH2_MSG_IGNORE.
+   valid at any time during the connection such as SSH2_MSG_DEBUG,
+   SSH2_MSG_IGNORE or SSH2_MSG_UNIMPLEMENTED.
 b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
    packet sequence number to zero. This behaviour persists for the
    duration of the connection (i.e. not just the first
@@ -735,6 +736,7 @@ identifiers:
 The server will reply with a SSH_FXP_EXTENDED_REPLY:
 
 	byte		SSH_FXP_EXTENDED_REPLY
+	uint32		id
 	string		usernames
 	string		groupnames
 
@@ -790,4 +792,4 @@ master instance and later clients.
 OpenSSH extends the usual agent protocol. These changes are documented
 in the PROTOCOL.agent file.
 
-$OpenBSD: PROTOCOL,v 1.53 2023/12/20 00:06:25 jsg Exp $
+$OpenBSD: PROTOCOL,v 1.55 2024/01/08 05:05:15 djm Exp $

usr.bin/ssh/PROTOCOL.mux

@@ -188,8 +188,6 @@ For dynamically allocated listen port the server replies with
 
 7. Requesting closure of port forwards
 
-Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
-
 A client may request the master to close a port forward:
 
 	uint32	MUX_C_CLOSE_FWD
@@ -295,4 +293,4 @@ XXX session inspection via master
 XXX signals via mux request
 XXX list active connections via mux
 
-$OpenBSD: PROTOCOL.mux,v 1.13 2022/01/01 01:55:30 jsg Exp $
+$OpenBSD: PROTOCOL.mux,v 1.14 2024/01/08 05:11:18 djm Exp $

usr.bin/ssh/channels.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.435 2023/12/18 14:47:20 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.436 2024/01/09 22:19:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -206,6 +206,9 @@ struct ssh_channels {
 	/* Channel timeouts by type */
 	struct ssh_channel_timeout *timeouts;
 	size_t ntimeouts;
+	/* Global timeout for all OPEN channels */
+	int global_deadline;
+	time_t lastused;
 };
 
 /* helper */
@@ -308,6 +311,11 @@ channel_add_timeout(struct ssh *ssh, const char *type_pattern,
 {
 	struct ssh_channels *sc = ssh->chanctxt;
 
+	if (strcmp(type_pattern, "global") == 0) {
+		debug2_f("global channel timeout %d seconds", timeout_secs);
+		sc->global_deadline = timeout_secs;
+		return;
+	}
 	debug2_f("channel type \"%s\" timeout %d seconds",
 	    type_pattern, timeout_secs);
 	sc->timeouts = xrecallocarray(sc->timeouts, sc->ntimeouts,
@@ -368,6 +376,38 @@ channel_set_xtype(struct ssh *ssh, int id, const char *xctype)
 	    c->inactive_deadline);
 }
 
+/*
+ * update "last used" time on a channel.
+ * NB. nothing else should update lastused except to clear it.
+ */
+static void
+channel_set_used_time(struct ssh *ssh, Channel *c)
+{
+	ssh->chanctxt->lastused = monotime();
+	if (c != NULL)
+		c->lastused = ssh->chanctxt->lastused;
+}
+
+/*
+ * Get the time at which a channel is due to time out for inactivity.
+ * Returns 0 if the channel is not due to time out ever.
+ */
+static time_t
+channel_get_expiry(struct ssh *ssh, Channel *c)
+{
+	struct ssh_channels *sc = ssh->chanctxt;
+	time_t expiry = 0, channel_expiry;
+
+	if (sc->lastused != 0 && sc->global_deadline != 0)
+		expiry = sc->lastused + sc->global_deadline;
+	if (c->lastused != 0 && c->inactive_deadline != 0) {
+		channel_expiry = c->lastused + c->inactive_deadline;
+		if (expiry == 0 || channel_expiry < expiry)
+			expiry = channel_expiry;
+	}
+	return expiry;
+}
+
 /*
  * Register filedescriptors for a channel, used when allocating a channel or
  * when the channel consumer/producer is ready, e.g. shell exec'd
@@ -429,6 +469,8 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd,
 		if (efd != -1)
 			set_nonblock(efd);
 	}
+	/* channel might be entering a larval state, so reset global timeout */
+	channel_set_used_time(ssh, NULL);
 }
 
 /*
@@ -1185,7 +1227,7 @@ channel_set_fds(struct ssh *ssh, int id, int rfd, int wfd, int efd,
 
 	channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, is_tty);
 	c->type = SSH_CHANNEL_OPEN;
-	c->lastused = monotime();
+	channel_set_used_time(ssh, c);
 	c->local_window = c->local_window_max = window_max;
 
 	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 ||
@@ -1356,7 +1398,7 @@ channel_pre_x11_open(struct ssh *ssh, Channel *c)
 
 	if (ret == 1) {
 		c->type = SSH_CHANNEL_OPEN;
-		c->lastused = monotime();
+		channel_set_used_time(ssh, c);
 		channel_pre_open(ssh, c);
 	} else if (ret == -1) {
 		logit("X11 connection rejected because of wrong "
@@ -2004,7 +2046,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c)
 		    c->self, c->connect_ctx.host, c->connect_ctx.port);
 		channel_connect_ctx_free(&c->connect_ctx);
 		c->type = SSH_CHANNEL_OPEN;
-		c->lastused = monotime();
+		channel_set_used_time(ssh, c);
 		if (isopen) {
 			/* no message necessary */
 		} else {
@@ -2087,7 +2129,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c)
 			goto rfail;
 		}
 		if (nr != 0)
-			c->lastused = monotime();
+			channel_set_used_time(ssh, c);
 		return 1;
 	}
 
@@ -2108,7 +2150,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c)
 		}
 		return -1;
 	}
-	c->lastused = monotime();
+	channel_set_used_time(ssh, c);
 	if (c->input_filter != NULL) {
 		if (c->input_filter(ssh, c, buf, len) == -1) {
 			debug2("channel %d: filter stops", c->self);
@@ -2179,7 +2221,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c)
 		}
 		return -1;
 	}
-	c->lastused = monotime();
+	channel_set_used_time(ssh, c);
 	if (c->isatty && dlen >= 1 && buf[0] != '\r') {
 		if (tcgetattr(c->wfd, &tio) == 0 &&
 		    !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
@@ -2225,7 +2267,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c)
 		if ((r = sshbuf_consume(c->extended, len)) != 0)
 			fatal_fr(r, "channel %i: consume", c->self);
 		c->local_consumed += len;
-		c->lastused = monotime();
+		channel_set_used_time(ssh, c);
 	}
 	return 1;
 }
@@ -2249,7 +2291,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c)
 		channel_close_fd(ssh, c, &c->efd);
 		return 1;
 	}
-	c->lastused = monotime();
+	channel_set_used_time(ssh, c);
 	if (c->extended_usage == CHAN_EXTENDED_IGNORE)
 		debug3("channel %d: discard efd", c->self);
 	else if ((r = sshbuf_put(c->extended, buf, len)) != 0)
@@ -2539,10 +2581,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout)
 				continue;
 		}
 		if (ftab[c->type] != NULL) {
-			if (table == CHAN_PRE &&
+			if (table == CHAN_PRE && c->type == SSH_CHANNEL_OPEN &&
-			    c->type == SSH_CHANNEL_OPEN &&
+			    channel_get_expiry(ssh, c) != 0 &&
-			    c->inactive_deadline != 0 && c->lastused != 0 &&
+			    now >= channel_get_expiry(ssh, c)) {
-			    now >= c->lastused + c->inactive_deadline) {
 				/* channel closed for inactivity */
 				verbose("channel %d: closing after %u seconds "
 				    "of inactivity", c->self,
@@ -2554,10 +2595,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout)
 				/* inactivity timeouts must interrupt poll() */
 				if (timeout != NULL &&
 				    c->type == SSH_CHANNEL_OPEN &&
-				    c->lastused != 0 &&
+				    channel_get_expiry(ssh, c) != 0) {
-				    c->inactive_deadline != 0) {
 					ptimeout_deadline_monotime(timeout,
-					    c->lastused + c->inactive_deadline);
+					    channel_get_expiry(ssh, c));
 				}
 			} else if (timeout != NULL) {
 				/*
@@ -3516,7 +3556,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh)
 		c->open_confirm(ssh, c->self, 1, c->open_confirm_ctx);
 		debug2_f("channel %d: callback done", c->self);
 	}
-	c->lastused = monotime();
+	channel_set_used_time(ssh, c);
 	debug2("channel %d: open confirm rwindow %u rmax %u", c->self,
 	    c->remote_window, c->remote_maxpacket);
 	return 0;

usr.bin/ssh/kex.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.184 2023/12/18 14:45:49 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.185 2024/01/08 00:34:33 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -757,10 +757,11 @@ static int
 kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
 {
 	struct kex *kex = ssh->kex;
-	int r;
+	int r, initial = (kex->flags & KEX_INITIAL) != 0;
+	char *cp, **prop;
 
 	debug("SSH2_MSG_NEWKEYS received");
-	if (kex->ext_info_c && (kex->flags & KEX_INITIAL) != 0)
+	if (kex->ext_info_c && initial)
 		ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
 	ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
 	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
@@ -768,10 +769,32 @@ kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
 		return r;
 	if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
 		return r;
+	if (initial) {
+		/* Remove initial KEX signalling from proposal for rekeying */
+		if ((r = kex_buf2prop(kex->my, NULL, &prop)) != 0)
+			return r;
+		if ((cp = match_filter_denylist(prop[PROPOSAL_KEX_ALGS],
+		    kex->server ?
+		    "ext-info-s,kex-strict-s-v00@openssh.com" :
+		    "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) {
+			error_f("match_filter_denylist failed");
+			goto fail;
+		}
+		free(prop[PROPOSAL_KEX_ALGS]);
+		prop[PROPOSAL_KEX_ALGS] = cp;
+		if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) {
+			error_f("kex_prop2buf failed");
+ fail:
+			kex_proposal_free_entries(prop);
+			free(prop);
+			return SSH_ERR_INTERNAL_ERROR;
+		}
+		kex_proposal_free_entries(prop);
+		free(prop);
+	}
 	kex->done = 1;
 	kex->flags &= ~KEX_INITIAL;
 	sshbuf_reset(kex->peer);
-	/* sshbuf_reset(kex->my); */
 	kex->flags &= ~KEX_INIT_SENT;
 	free(kex->name);
 	kex->name = NULL;

usr.bin/ssh/ssh-add.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.170 2023/12/19 06:57:34 jmc Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.171 2024/01/08 00:30:39 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -810,7 +810,7 @@ main(int argc, char **argv)
 	LogLevel log_level = SYSLOG_LEVEL_INFO;
 	struct sshkey *k, **certs = NULL;
 	struct dest_constraint **dest_constraints = NULL;
-	size_t ndest_constraints = 0i, ncerts = 0;
+	size_t ndest_constraints = 0, ncerts = 0;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();

usr.bin/ssh/ssh_api.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.27 2021/04/03 06:18:41 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.28 2024/01/09 21:39:14 djm Exp $ */
 /*
  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
  *
@@ -78,6 +78,7 @@ int
 ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
 {
 	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
+	char *populated[PROPOSAL_MAX];
 	struct ssh *ssh;
 	char **proposal;
 	static int called;
@@ -97,10 +98,19 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
 
 	/* Initialize key exchange */
 	proposal = kex_params ? kex_params->proposal : myproposal;
-	if ((r = kex_ready(ssh, proposal)) != 0) {
+	kex_proposal_populate_entries(ssh, populated,
+	    proposal[PROPOSAL_KEX_ALGS],
+	    proposal[PROPOSAL_ENC_ALGS_CTOS],
+	    proposal[PROPOSAL_MAC_ALGS_CTOS],
+	    proposal[PROPOSAL_COMP_ALGS_CTOS],
+	    proposal[PROPOSAL_SERVER_HOST_KEY_ALGS]);
+	r = kex_ready(ssh, populated);
+	kex_proposal_free_entries(populated);
+	if (r != 0) {
 		ssh_free(ssh);
 		return r;
 	}
+
 	ssh->kex->server = is_server;
 	if (is_server) {
 #ifdef WITH_OPENSSL

usr.bin/ssh/ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.392 2024/01/09 22:19:00 djm Exp $
-.Dd $Mdocdate: October 12 2023 $
+.Dd $Mdocdate: January 9 2024 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -463,8 +463,10 @@ Timeouts are specified as one or more
 .Dq type=interval
 pairs separated by whitespace, where the
 .Dq type
-must be a channel type name (as described in the table below), optionally
+must be the special keyword
-containing wildcard characters.
+.Dq global
+or a channel type name from the list below, optionally containing
+wildcard characters.
 .Pp
 The timeout value
 .Dq interval
@@ -473,11 +475,19 @@ is specified in seconds or may use any of the units documented in the
 section.
 For example,
 .Dq session=5m
-would cause the interactive session to terminate after five minutes of
+would cause interactive sessions to terminate after five minutes of
 inactivity.
 Specifying a zero value disables the inactivity timeout.
 .Pp
-The available channel types include:
+The special timeout
+.Dq global
+Applies to all active channels, taken together.
+Traffic on any active channel will reset the timeout, but when the timeout
+expires then all open channels will be closed.
+Note that this global timeout is not matched by wildcards and must be
+specified explicitly.
+.Pp
+The available channel type names include:
 .Bl -tag -width Ds
 .It Cm agent-connection
 Open connections to

usr.bin/ssh/sshconnect2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.371 2023/12/18 14:45:49 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.372 2024/01/08 00:34:34 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -216,7 +216,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
     const struct ssh_conn_info *cinfo)
 {
 	char *myproposal[PROPOSAL_MAX];
-	char *s, *all_key, *hkalgs = NULL;
+	char *all_key, *hkalgs = NULL;
 	int r, use_known_hosts_order = 0;
 
 	xxx_host = host;
@@ -244,14 +244,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
 		fatal_fr(r, "kex_assemble_namelist");
 	free(all_key);
 
-	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
-		fatal_f("kex_names_cat");
-
 	if (use_known_hosts_order)
 		hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
 
-	kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
+	kex_proposal_populate_entries(ssh, myproposal,
-	    options.macs, compression_alg_list(options.compression),
+	    options.kex_algorithms, options.ciphers, options.macs,
+	    compression_alg_list(options.compression),
 	    hkalgs ? hkalgs : options.hostkeyalgorithms);
 
 	free(hkalgs);
@@ -274,13 +272,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
 	ssh->kex->verify_host_key=&verify_host_key_callback;
 
 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
-
+	kex_proposal_free_entries(myproposal);
-	/* remove ext-info from the KEX proposals for rekeying */
-	free(myproposal[PROPOSAL_KEX_ALGS]);
-	myproposal[PROPOSAL_KEX_ALGS] =
-	    compat_kex_proposal(ssh, options.kex_algorithms);
-	if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
-		fatal_r(r, "kex_prop2buf");
 
 #ifdef DEBUG_KEXDH
 	/* send 1st encrypted/maced/compressed message */
@@ -290,7 +282,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
 	    (r = ssh_packet_write_wait(ssh)) != 0)
 		fatal_fr(r, "send packet");
 #endif
-	kex_proposal_free_entries(myproposal);
 }
 
 /*

usr.bin/ssh/sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.601 2023/12/18 14:45:49 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.602 2024/01/08 00:34:34 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2261,6 +2261,7 @@ do_ssh2_kex(struct ssh *ssh)
 	kex->sign = sshd_hostkey_sign;
 
 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);
+	kex_proposal_free_entries(myproposal);
 
 #ifdef DEBUG_KEXDH
 	/* send 1st encrypted/maced/compressed message */
@@ -2270,7 +2271,6 @@ do_ssh2_kex(struct ssh *ssh)
 	    (r = ssh_packet_write_wait(ssh)) != 0)
 		fatal_fr(r, "send test");
 #endif
-	kex_proposal_free_entries(myproposal);
 	debug("KEX done");
 }
 

usr.bin/ssh/sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.350 2023/07/28 05:42:36 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.351 2024/01/09 22:19:00 djm Exp $
-.Dd $Mdocdate: July 28 2023 $
+.Dd $Mdocdate: January 9 2024 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -410,8 +410,10 @@ Timeouts are specified as one or more
 .Dq type=interval
 pairs separated by whitespace, where the
 .Dq type
-must be a channel type name (as described in the table below), optionally
+must be the special keyword
-containing wildcard characters.
+.Dq global
+or a channel type name from the list below, optionally containing
+wildcard characters.
 .Pp
 The timeout value
 .Dq interval
@@ -419,11 +421,20 @@ is specified in seconds or may use any of the units documented in the
 .Sx TIME FORMATS
 section.
 For example,
-.Dq session:*=5m
+.Dq session=5m
-would cause all sessions to terminate after five minutes of inactivity.
+would cause interactive sessions to terminate after five minutes of
+inactivity.
 Specifying a zero value disables the inactivity timeout.
 .Pp
-The available channel types include:
+The special timeout
+.Dq global
+Applies to all active channels, taken together.
+Traffic on any active channel will reset the timeout, but when the timeout
+expires then all open channels will be closed.
+Note that this global timeout is not matched by wildcards and must be
+specified explicitly.
+.Pp
+The available channel type names include:
 .Bl -tag -width Ds
 .It Cm agent-connection
 Open connections to
@@ -444,15 +455,15 @@ listening on behalf of a
 .Xr ssh 1
 remote forwarding, i.e.\&
 .Cm RemoteForward .
-.It Cm session:command
+.It Cm session
-Command execution sessions.
+The interactive main session, including shell session, command execution,
-.It Cm session:shell
+.Xr scp 1 ,
-Interactive shell sessions.
-.It Cm session:subsystem:...
-Subsystem sessions, e.g. for
 .Xr sftp 1 ,
-which could be identified as
+etc.
-.Cm session:subsystem:sftp .
+.It Cm tun-connection
+Open
+.Cm TunnelForward
+connections.
 .It Cm x11-connection
 Open X11 forwarding sessions.
 .El
@@ -466,9 +477,6 @@ close the SSH connection, nor does it prevent a client from
 requesting another channel of the same type.
 In particular, expiring an inactive forwarding session does not prevent
 another identical forwarding from being subsequently created.
-See also
-.Cm UnusedConnectionTimeout ,
-which may be used in conjunction with this option.
 .Pp
 The default is not to expire channels of any type for inactivity.
 .It Cm ChrootDirectory

usr.sbin/bgpctl/bgpctl.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpctl.c,v 1.298 2023/11/20 14:41:55 claudio Exp $ */
+/*	$OpenBSD: bgpctl.c,v 1.299 2024/01/08 15:09:14 claudio Exp $ */
 
 /*
  * Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@@ -194,19 +194,13 @@ main(int argc, char *argv[])
 		break;
 	case SHOW_FIB:
 		if (!res->addr.aid) {
-			struct ibuf	*msg;
+			struct ctl_kroute_req	req = { 0 };
-			sa_family_t	 af;
 
-			af = aid2af(res->aid);
+			req.af = aid2af(res->aid);
-			if ((msg = imsg_create(imsgbuf, IMSG_CTL_KROUTE,
+			req.flags = res->flags;
-			    res->rtableid, 0, sizeof(res->flags) +
+
-			    sizeof(af))) == NULL)
+			imsg_compose(imsgbuf, IMSG_CTL_KROUTE, res->rtableid,
-				errx(1, "imsg_create failure");
+			    0, -1, &req, sizeof(req));
-			if (imsg_add(msg, &res->flags, sizeof(res->flags)) ==
-			    -1 ||
-			    imsg_add(msg, &af, sizeof(af)) == -1)
-				errx(1, "imsg_add failure");
-			imsg_close(imsgbuf, msg);
 		} else
 			imsg_compose(imsgbuf, IMSG_CTL_KROUTE_ADDR,
 			    res->rtableid, 0, -1,

usr.sbin/bgpd/bgpd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpd.c,v 1.261 2024/01/04 10:26:14 claudio Exp $ */
+/*	$OpenBSD: bgpd.c,v 1.262 2024/01/09 13:41:32 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -834,6 +834,11 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
 	struct imsg		 imsg;
 	struct peer		*p;
 	struct rtr_config	*r;
+	struct kroute_full	 kf;
+	struct bgpd_addr	 addr;
+	struct pftable_msg	 pfmsg;
+	struct demote_msg	 demote;
+	char			 reason[REASON_LEN], ifname[IFNAMSIZ];
 	ssize_t			 n;
 	u_int			 rtableid;
 	int			 rv, verbose;
@@ -846,81 +851,73 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
 		if (n == 0)
 			break;
 
-		switch (imsg.hdr.type) {
+		switch (imsg_get_type(&imsg)) {
 		case IMSG_KROUTE_CHANGE:
 			if (idx != PFD_PIPE_RDE)
 				log_warnx("route request not from RDE");
-			else if (imsg.hdr.len != IMSG_HEADER_SIZE +
+			else if (imsg_get_data(&imsg, &kf, sizeof(kf)) == -1)
-			    sizeof(struct kroute_full))
+				log_warn("wrong imsg len");
-				log_warnx("wrong imsg len");
+			else if (kr_change(imsg_get_id(&imsg), &kf))
-			else if (kr_change(imsg.hdr.peerid, imsg.data))
 				rv = -1;
 			break;
 		case IMSG_KROUTE_DELETE:
 			if (idx != PFD_PIPE_RDE)
 				log_warnx("route request not from RDE");
-			else if (imsg.hdr.len != IMSG_HEADER_SIZE +
+			else if (imsg_get_data(&imsg, &kf, sizeof(kf)) == -1)
-			    sizeof(struct kroute_full))
+				log_warn("wrong imsg len");
-				log_warnx("wrong imsg len");
+			else if (kr_delete(imsg_get_id(&imsg), &kf))
-			else if (kr_delete(imsg.hdr.peerid, imsg.data))
 				rv = -1;
 			break;
 		case IMSG_KROUTE_FLUSH:
 			if (idx != PFD_PIPE_RDE)
 				log_warnx("route request not from RDE");
-			else if (imsg.hdr.len != IMSG_HEADER_SIZE)
+			else if (kr_flush(imsg_get_id(&imsg)))
-				log_warnx("wrong imsg len");
-			else if (kr_flush(imsg.hdr.peerid))
 				rv = -1;
 			break;
 		case IMSG_NEXTHOP_ADD:
 			if (idx != PFD_PIPE_RDE)
 				log_warnx("nexthop request not from RDE");
-			else if (imsg.hdr.len != IMSG_HEADER_SIZE +
+			else if (imsg_get_data(&imsg, &addr, sizeof(addr)) ==
-			    sizeof(struct bgpd_addr))
+			    -1)
-				log_warnx("wrong imsg len");
+				log_warn("wrong imsg len");
 			else {
 				rtableid = conf->default_tableid;
-				if (kr_nexthop_add(rtableid, imsg.data) == -1)
+				if (kr_nexthop_add(rtableid, &addr) == -1)
 					rv = -1;
 			}
 			break;
 		case IMSG_NEXTHOP_REMOVE:
 			if (idx != PFD_PIPE_RDE)
 				log_warnx("nexthop request not from RDE");
-			else if (imsg.hdr.len != IMSG_HEADER_SIZE +
+			else if (imsg_get_data(&imsg, &addr, sizeof(addr)) ==
-			    sizeof(struct bgpd_addr))
+			    -1)
-				log_warnx("wrong imsg len");
+				log_warn("wrong imsg len");
 			else {
 				rtableid = conf->default_tableid;
-				kr_nexthop_delete(rtableid, imsg.data);
+				kr_nexthop_delete(rtableid, &addr);
 			}
 			break;
 		case IMSG_PFTABLE_ADD:
 			if (idx != PFD_PIPE_RDE)
 				log_warnx("pftable request not from RDE");
-			else
+			else if (imsg_get_data(&imsg, &pfmsg, sizeof(pfmsg)) ==
-				if (imsg.hdr.len != IMSG_HEADER_SIZE +
+			    -1)
-				    sizeof(struct pftable_msg))
+				log_warn("wrong imsg len");
-					log_warnx("wrong imsg len");
+			else if (pftable_addr_add(&pfmsg) != 0)
-				else if (pftable_addr_add(imsg.data) != 0)
+				rv = -1;
-					rv = -1;
 			break;
 		case IMSG_PFTABLE_REMOVE:
 			if (idx != PFD_PIPE_RDE)
 				log_warnx("pftable request not from RDE");
-			else
+			else if (imsg_get_data(&imsg, &pfmsg, sizeof(pfmsg)) ==
-				if (imsg.hdr.len != IMSG_HEADER_SIZE +
+			    -1)
-				    sizeof(struct pftable_msg))
+				log_warn("wrong imsg len");
-					log_warnx("wrong imsg len");
+			else if (pftable_addr_remove(&pfmsg) != 0)
-				else if (pftable_addr_remove(imsg.data) != 0)
+				rv = -1;
-					rv = -1;
 			break;
 		case IMSG_PFTABLE_COMMIT:
 			if (idx != PFD_PIPE_RDE)
 				log_warnx("pftable request not from RDE");
-			else if (imsg.hdr.len != IMSG_HEADER_SIZE)
-				log_warnx("wrong imsg len");
 			else if (pftable_commit() != 0)
 				rv = -1;
 			break;
@@ -929,7 +926,7 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
 				log_warnx("pfkey reload request not from SE");
 				break;
 			}
-			p = getpeerbyid(conf, imsg.hdr.peerid);
+			p = getpeerbyid(conf, imsg_get_id(&imsg));
 			if (p != NULL) {
 				if (pfkey_establish(p) == -1)
 					log_peer_warnx(&p->conf,
@@ -941,24 +938,24 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
 				log_warnx("reload request not from SE");
 			else {
 				reconfig = 1;
-				reconfpid = imsg.hdr.pid;
+				reconfpid = imsg_get_pid(&imsg);
-				if (imsg.hdr.len == IMSG_HEADER_SIZE +
+				if (imsg_get_data(&imsg, reason,
-				    REASON_LEN && ((char *)imsg.data)[0])
+				    sizeof(reason)) == 0 && reason[0] != '\0')
 					log_info("reload due to: %s",
-					    log_reason(imsg.data));
+					    log_reason(reason));
 			}
 			break;
 		case IMSG_CTL_FIB_COUPLE:
 			if (idx != PFD_PIPE_SESSION)
 				log_warnx("couple request not from SE");
 			else
-				kr_fib_couple(imsg.hdr.peerid);
+				kr_fib_couple(imsg_get_id(&imsg));
 			break;
 		case IMSG_CTL_FIB_DECOUPLE:
 			if (idx != PFD_PIPE_SESSION)
 				log_warnx("decouple request not from SE");
 			else
-				kr_fib_decouple(imsg.hdr.peerid);
+				kr_fib_decouple(imsg_get_id(&imsg));
 			break;
 		case IMSG_CTL_KROUTE:
 		case IMSG_CTL_KROUTE_ADDR:
@@ -973,28 +970,29 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
 		case IMSG_SESSION_DEPENDON:
 			if (idx != PFD_PIPE_SESSION)
 				log_warnx("DEPENDON request not from SE");
-			else if (imsg.hdr.len != IMSG_HEADER_SIZE + IFNAMSIZ)
+			else if (imsg_get_data(&imsg, ifname, sizeof(ifname)) ==
-				log_warnx("DEPENDON request with wrong len");
+			    -1)
+				log_warn("wrong imsg len");
 			else
-				kr_ifinfo(imsg.data);
+				kr_ifinfo(ifname);
 			break;
 		case IMSG_DEMOTE:
 			if (idx != PFD_PIPE_SESSION)
 				log_warnx("demote request not from SE");
-			else if (imsg.hdr.len != IMSG_HEADER_SIZE +
+			else if (imsg_get_data(&imsg, &demote, sizeof(demote))
-			    sizeof(struct demote_msg))
+			    == -1)
-				log_warnx("DEMOTE request with wrong len");
+				log_warn("wrong imsg len");
-			else {
+			else
-				struct demote_msg	*msg;
+				carp_demote_set(demote.demote_group,
-
+				    demote.level);
-				msg = imsg.data;
-				carp_demote_set(msg->demote_group, msg->level);
-			}
 			break;
 		case IMSG_CTL_LOG_VERBOSE:
 			/* already checked by SE */
-			memcpy(&verbose, imsg.data, sizeof(verbose));
+			if (imsg_get_data(&imsg, &verbose, sizeof(verbose)) ==
-			log_setverbose(verbose);
+			    -1)
+				log_warn("wrong imsg len");
+			else
+				log_setverbose(verbose);
 			break;
 		case IMSG_RECONF_DONE:
 			if (reconfpending == 0) {
@@ -1037,12 +1035,12 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
 				log_warnx("connect request not from RTR");
 			} else {
 				SIMPLEQ_FOREACH(r, &conf->rtrs, entry) {
-					if (imsg.hdr.peerid == r->id)
+					if (imsg_get_id(&imsg) == r->id)
 						break;
 				}
 				if (r == NULL)
 					log_warnx("unknown rtr id %d",
-					    imsg.hdr.peerid);
+					    imsg_get_id(&imsg));
 				else
 					bgpd_rtr_connect(r);
 			}
@@ -1050,32 +1048,35 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
 		case IMSG_CTL_SHOW_RTR:
 			if (idx == PFD_PIPE_SESSION) {
 				SIMPLEQ_FOREACH(r, &conf->rtrs, entry) {
-					imsg_compose(ibuf_rtr, imsg.hdr.type,
+					imsg_compose(ibuf_rtr,
-					    r->id, imsg.hdr.pid, -1, NULL, 0);
+					    IMSG_CTL_SHOW_RTR, r->id,
+					    imsg_get_pid(&imsg), -1, NULL, 0);
 				}
 				imsg_compose(ibuf_rtr, IMSG_CTL_END,
-				    0, imsg.hdr.pid, -1, NULL, 0);
+				    0, imsg_get_pid(&imsg), -1, NULL, 0);
-			} else if (imsg.hdr.len != IMSG_HEADER_SIZE +
-			    sizeof(struct ctl_show_rtr)) {
-				log_warnx("IMSG_CTL_SHOW_RTR with wrong len");
 			} else if (idx == PFD_PIPE_RTR) {
+				struct ctl_show_rtr rtr;
+				if (imsg_get_data(&imsg, &rtr, sizeof(rtr)) ==
+				    -1) {
+					log_warn("wrong imsg len");
+					break;
+				}
+
 				SIMPLEQ_FOREACH(r, &conf->rtrs, entry) {
-					if (imsg.hdr.peerid == r->id)
+					if (imsg_get_id(&imsg) == r->id)
 						break;
 				}
 				if (r != NULL) {
-					struct ctl_show_rtr *msg;
+					strlcpy(rtr.descr, r->descr,
-					msg = imsg.data;
+					    sizeof(rtr.descr));
-					strlcpy(msg->descr, r->descr,
+					rtr.local_addr = r->local_addr;
-					    sizeof(msg->descr));
+					rtr.remote_addr = r->remote_addr;
-					msg->local_addr = r->local_addr;
+					rtr.remote_port = r->remote_port;
-					msg->remote_addr = r->remote_addr;
-					msg->remote_port = r->remote_port;
 
-					imsg_compose(ibuf_se, imsg.hdr.type,
+					imsg_compose(ibuf_se, IMSG_CTL_SHOW_RTR,
-					    imsg.hdr.peerid, imsg.hdr.pid,
+					    imsg_get_id(&imsg),
-					    -1, imsg.data,
+					    imsg_get_pid(&imsg), -1,
-					    imsg.hdr.len - IMSG_HEADER_SIZE);
+					    &rtr, sizeof(rtr));
 				}
 			}
 			break;
@@ -1085,9 +1086,7 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
 				log_warnx("connect request not from RTR");
 				break;
 			}
-			imsg_compose(ibuf_se, imsg.hdr.type, imsg.hdr.peerid,
+			imsg_forward(ibuf_se, &imsg);
-			    imsg.hdr.pid, -1, imsg.data,
-			    imsg.hdr.len - IMSG_HEADER_SIZE);
 			break;
 		default:
 			break;

usr.sbin/bgpd/bgpd.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpd.h,v 1.478 2023/10/16 10:25:45 claudio Exp $ */
+/*	$OpenBSD: bgpd.h,v 1.479 2024/01/08 15:08:34 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -974,6 +974,11 @@ struct ctl_show_rib_request {
 	uint8_t			aid;
 };
 
+struct ctl_kroute_req {
+	int			flags;
+	sa_family_t		af;
+};
+
 enum filter_actions {
 	ACTION_NONE,
 	ACTION_ALLOW,

usr.sbin/bgpd/kroute.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kroute.c,v 1.307 2023/10/17 17:59:59 claudio Exp $ */
+/*	$OpenBSD: kroute.c,v 1.309 2024/01/09 13:41:32 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -883,95 +883,93 @@ kr_show_route(struct imsg *imsg)
 	struct kroute		*kr, *kn;
 	struct kroute6		*kr6, *kn6;
 	struct kroute_full	*kf;
-	struct bgpd_addr	*addr;
+	struct bgpd_addr	 addr;
-	int			 flags;
+	struct ctl_kroute_req	 req;
-	sa_family_t		 af;
 	struct ctl_show_nexthop	 snh;
 	struct knexthop		*h;
 	struct kif		*kif;
+	uint32_t		 tableid;
+	pid_t			 pid;
 	u_int			 i;
 	u_short			 ifindex = 0;
 
-	switch (imsg->hdr.type) {
+	tableid = imsg_get_id(imsg);
+	pid = imsg_get_pid(imsg);
+	switch (imsg_get_type(imsg)) {
 	case IMSG_CTL_KROUTE:
-		if (imsg->hdr.len != IMSG_HEADER_SIZE + sizeof(flags) +
+		if (imsg_get_data(imsg, &req, sizeof(req)) == -1) {
-		    sizeof(af)) {
 			log_warnx("%s: wrong imsg len", __func__);
 			break;
 		}
-		kt = ktable_get(imsg->hdr.peerid);
+		kt = ktable_get(tableid);
 		if (kt == NULL) {
 			log_warnx("%s: table %u does not exist", __func__,
-			    imsg->hdr.peerid);
+			    tableid);
 			break;
 		}
-		memcpy(&flags, imsg->data, sizeof(flags));
+		if (!req.af || req.af == AF_INET)
-		memcpy(&af, (char *)imsg->data + sizeof(flags), sizeof(af));
-		if (!af || af == AF_INET)
 			RB_FOREACH(kr, kroute_tree, &kt->krt) {
-				if (flags && (kr->flags & flags) == 0)
+				if (req.flags && (kr->flags & req.flags) == 0)
 					continue;
 				kn = kr;
 				do {
 					kf = kr_tofull(kn);
 					kf->priority = kr_priority(kf);
 					send_imsg_session(IMSG_CTL_KROUTE,
-					    imsg->hdr.pid, kf, sizeof(*kf));
+					    pid, kf, sizeof(*kf));
 				} while ((kn = kn->next) != NULL);
 			}
-		if (!af || af == AF_INET6)
+		if (!req.af || req.af == AF_INET6)
 			RB_FOREACH(kr6, kroute6_tree, &kt->krt6) {
-				if (flags && (kr6->flags & flags) == 0)
+				if (req.flags && (kr6->flags & req.flags) == 0)
 					continue;
 				kn6 = kr6;
 				do {
 					kf = kr6_tofull(kn6);
 					kf->priority = kr_priority(kf);
 					send_imsg_session(IMSG_CTL_KROUTE,
-					    imsg->hdr.pid, kf, sizeof(*kf));
+					    pid, kf, sizeof(*kf));
 				} while ((kn6 = kn6->next) != NULL);
 			}
 		break;
 	case IMSG_CTL_KROUTE_ADDR:
-		if (imsg->hdr.len != IMSG_HEADER_SIZE +
+		if (imsg_get_data(imsg, &addr, sizeof(addr)) == -1) {
-		    sizeof(struct bgpd_addr)) {
 			log_warnx("%s: wrong imsg len", __func__);
 			break;
 		}
-		kt = ktable_get(imsg->hdr.peerid);
+		kt = ktable_get(tableid);
 		if (kt == NULL) {
 			log_warnx("%s: table %u does not exist", __func__,
-			    imsg->hdr.peerid);
+			    tableid);
 			break;
 		}
-		addr = imsg->data;
 		kr = NULL;
-		switch (addr->aid) {
+		switch (addr.aid) {
 		case AID_INET:
-			kr = kroute_match(kt, addr, 1);
+			kr = kroute_match(kt, &addr, 1);
 			if (kr != NULL) {
 				kf = kr_tofull(kr);
 				kf->priority = kr_priority(kf);
 				send_imsg_session(IMSG_CTL_KROUTE,
-				    imsg->hdr.pid, kf, sizeof(*kf));
+				    pid, kf, sizeof(*kf));
 			}
 			break;
 		case AID_INET6:
-			kr6 = kroute6_match(kt, addr, 1);
+			kr6 = kroute6_match(kt, &addr, 1);
 			if (kr6 != NULL) {
 				kf = kr6_tofull(kr6);
 				kf->priority = kr_priority(kf);
 				send_imsg_session(IMSG_CTL_KROUTE,
-				    imsg->hdr.pid, kf, sizeof(*kf));
+				    pid, kf, sizeof(*kf));
 			}
 			break;
 		}
 		break;
 	case IMSG_CTL_SHOW_NEXTHOP:
-		kt = ktable_get(imsg->hdr.peerid);
+		kt = ktable_get(tableid);
 		if (kt == NULL) {
 			log_warnx("%s: table %u does not exist", __func__,
-			    imsg->hdr.peerid);
+			    tableid);
 			break;
 		}
 		RB_FOREACH(h, knexthop_tree, KT2KNT(kt)) {
@@ -1000,14 +998,14 @@ kr_show_route(struct imsg *imsg)
 					    kr_show_interface(kif),
 					    sizeof(snh.iface));
 			}
-			send_imsg_session(IMSG_CTL_SHOW_NEXTHOP, imsg->hdr.pid,
+			send_imsg_session(IMSG_CTL_SHOW_NEXTHOP, pid,
 			    &snh, sizeof(snh));
 		}
 		break;
 	case IMSG_CTL_SHOW_INTERFACE:
 		RB_FOREACH(kif, kif_tree, &kit)
 			send_imsg_session(IMSG_CTL_SHOW_INTERFACE,
-			    imsg->hdr.pid, kr_show_interface(kif),
+			    pid, kr_show_interface(kif),
 			    sizeof(struct ctl_show_interface));
 		break;
 	case IMSG_CTL_SHOW_FIB_TABLES:
@@ -1025,14 +1023,14 @@ kr_show_route(struct imsg *imsg)
 			TAILQ_INIT(&ktab.krn);
 
 			send_imsg_session(IMSG_CTL_SHOW_FIB_TABLES,
-			    imsg->hdr.pid, &ktab, sizeof(ktab));
+			    pid, &ktab, sizeof(ktab));
 		}
 		break;
 	default:	/* nada */
 		break;
 	}
 
-	send_imsg_session(IMSG_CTL_END, imsg->hdr.pid, NULL, 0);
+	send_imsg_session(IMSG_CTL_END, pid, NULL, 0);
 }
 
 static void

usr.sbin/bgpd/rtr_proto.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtr_proto.c,v 1.23 2024/01/05 11:02:57 claudio Exp $ */
+/*	$OpenBSD: rtr_proto.c,v 1.27 2024/01/09 15:13:49 claudio Exp $ */
 
 /*
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@@ -33,7 +33,7 @@ struct rtr_header {
 	uint8_t		type;
 	uint16_t	session_id; /* or error code */
 	uint32_t	length;
-};
+} __packed;
 
 #define RTR_MAX_VERSION		2
 #define RTR_MAX_LEN		2048
@@ -56,42 +56,76 @@ enum rtr_pdu_type {
 	ASPA = 11,
 };
 
+struct rtr_notify {
+	struct rtr_header	hdr;
+	uint32_t		serial;
+} __packed;
+
+struct rtr_query {
+	struct rtr_header	hdr;
+	uint32_t		serial;
+} __packed;
+
+struct rtr_reset {
+	struct rtr_header	hdr;
+} __packed;
+
+struct rtr_response {
+	struct rtr_header	hdr;
+} __packed;
+
 #define FLAG_ANNOUNCE	0x1
 #define FLAG_MASK	FLAG_ANNOUNCE
 struct rtr_ipv4 {
-	uint8_t		flags;
+	struct rtr_header	hdr;
-	uint8_t		prefixlen;
+	uint8_t			flags;
-	uint8_t		maxlen;
+	uint8_t			prefixlen;
-	uint8_t		zero;
+	uint8_t			maxlen;
-	uint32_t	prefix;
+	uint8_t			zero;
-	uint32_t	asnum;
+	uint32_t		prefix;
-};
+	uint32_t		asnum;
+} __packed;
 
 struct rtr_ipv6 {
-	uint8_t		flags;
+	struct rtr_header	hdr;
-	uint8_t		prefixlen;
+	uint8_t			flags;
-	uint8_t		maxlen;
+	uint8_t			prefixlen;
-	uint8_t		zero;
+	uint8_t			maxlen;
-	uint32_t	prefix[4];
+	uint8_t			zero;
-	uint32_t	asnum;
+	uint32_t		prefix[4];
-};
+	uint32_t		asnum;
+} __packed;
+
+struct rtr_routerkey {
+	struct rtr_header	hdr;
+	uint8_t			ski[20];
+	uint32_t		asnum;
+	/* followed by Subject Public Key Info */
+} __packed;
 
 #define FLAG_AFI_V6	0x1
 #define FLAG_AFI_MASK	FLAG_AFI_V6
 struct rtr_aspa {
-	uint8_t		flags;
+	struct rtr_header	hdr;
-	uint8_t		afi_flags;
+	uint8_t			flags;
-	uint16_t	cnt;
+	uint8_t			afi_flags;
-	uint32_t	cas;
+	uint16_t		cnt;
+	uint32_t		cas;
 	/* array of spas with cnt elements follows */
-};
+} __packed;
 
 struct rtr_endofdata {
-	uint32_t	serial;
+	struct rtr_header	hdr;
-	uint32_t	refresh;
+	uint32_t		serial;
-	uint32_t	retry;
+	uint32_t		refresh;
-	uint32_t	expire;
+	uint32_t		retry;
-};
+	uint32_t		expire;
+} __packed;
+
+struct rtr_endofdata_v0 {
+	struct rtr_header	hdr;
+	uint32_t		serial;
+} __packed;
 
 enum rtr_event {
 	RTR_EVNT_START,
@@ -109,6 +143,7 @@ enum rtr_event {
 	RTR_EVNT_NO_DATA,
 	RTR_EVNT_RESET_AND_CLOSE,
 	RTR_EVNT_UNSUPP_PROTO_VERSION,
+	RTR_EVNT_NEGOTIATION_DONE,
 };
 
 static const char *rtr_eventnames[] = {
@@ -127,6 +162,7 @@ static const char *rtr_eventnames[] = {
 	"no data",
 	"connection closed with reset",
 	"unsupported protocol version",
+	"negotiation done",
 };
 
 enum rtr_state {
@@ -344,7 +380,25 @@ rtr_send_serial_query(struct rtr_session *rs)
 }
 
 /*
- * Validate the common rtr header (first 8 bytes) including the
+ * Check the session_id of the rtr_header to match the expected value.
+ * Returns -1 on failure and 0 on success.
+ */
+static int
+rtr_check_session_id(struct rtr_session *rs, uint16_t session_id,
+    struct rtr_header *rh, struct ibuf *pdu)
+{
+	if (session_id != ntohs(rh->session_id)) {
+		log_warnx("rtr %s: received %s: bad session_id: %d != %d",
+		    log_rtr(rs), log_rtr_type(rh->type), ntohs(rh->session_id),
+		    session_id);
+		rtr_send_error(rs, CORRUPT_DATA, "bad session_id", pdu);
+		return -1;
+	}
+	return 0;
+}
+
+/*
+ * Parse the common rtr header (first 8 bytes) including the
  * included length field.
  * Returns -1 on failure. On success msgtype and msglen are set
  * and the function return 0.
@@ -354,123 +408,133 @@ rtr_parse_header(struct rtr_session *rs, struct ibuf *hdr,
     size_t *msglen, enum rtr_pdu_type *msgtype)
 {
 	struct rtr_header rh;
-	uint32_t len = 16;	/* default for ERROR_REPORT */
+	size_t len;
-	int session_id;
 
 	if (ibuf_get(hdr, &rh, sizeof(rh)) == -1)
 		fatal("%s: ibuf_get", __func__);
 
-	if (rh.version != rs->version && rh.type != ERROR_REPORT) {
+	len = ntohl(rh.length);
- badversion:
+
-		log_warnx("rtr %s: received %s message: unexpected version %d",
+	if (len > RTR_MAX_LEN) {
-		    log_rtr(rs), log_rtr_type(rh.type), rh.version);
+		log_warnx("rtr %s: received %s: pdu too big: %zu byte",
-		rtr_send_error(rs, UNEXP_PROTOCOL_VERS, NULL, hdr);
+		    log_rtr(rs), log_rtr_type(rh.type), len);
+		rtr_send_error(rs, CORRUPT_DATA, "pdu too big", hdr);
 		return -1;
 	}
 
-	*msgtype = rh.type;
+	if (rs->state == RTR_STATE_NEGOTIATION) {
-	*msglen = ntohl(rh.length);
+		switch (rh.type) {
+		case CACHE_RESPONSE:
+		case CACHE_RESET:
+		case ERROR_REPORT:
+			if (rh.version < rs->version)
+				rs->version = rh.version;
+			rtr_fsm(rs, RTR_EVNT_NEGOTIATION_DONE);
+			break;
+		case SERIAL_NOTIFY:
+			/* ignore SERIAL_NOTIFY */
+			break;
+		default:
+			log_warnx("rtr %s: received %s: out of context",
+			    log_rtr(rs), log_rtr_type(rh.type));
+			rtr_send_error(rs, CORRUPT_DATA, "out of context", hdr);
+			return -1;
+		}
+	} else if (rh.version != rs->version && rh.type != ERROR_REPORT) {
+		goto badversion;
+	}
 
 	switch (rh.type) {
 	case SERIAL_NOTIFY:
-		session_id = rs->session_id;
+		if (len != sizeof(struct rtr_notify))
-		len = 12;
+			goto badlen;
 		break;
 	case CACHE_RESPONSE:
-		/* set session_id if not yet happened */
+		if (len != sizeof(struct rtr_response))
-		if (rs->session_id == -1)
+			goto badlen;
-			rs->session_id = ntohs(rh.session_id);
-		session_id = rs->session_id;
-		len = 8;
 		break;
 	case IPV4_PREFIX:
-		session_id = 0;
+		if (len != sizeof(struct rtr_ipv4))
-		len = 20;
+			goto badlen;
 		break;
 	case IPV6_PREFIX:
-		session_id = 0;
+		if (len != sizeof(struct rtr_ipv6))
-		len = 32;
+			goto badlen;
 		break;
 	case END_OF_DATA:
-		session_id = rs->session_id;
+		if (rs->version == 0) {
-		len = 24;
+			if (len != sizeof(struct rtr_endofdata_v0))
+				goto badlen;
+		} else {
+			if (len != sizeof(struct rtr_endofdata))
+				goto badlen;
+		}
 		break;
 	case CACHE_RESET:
-		session_id = 0;
+		if (len != sizeof(struct rtr_reset))
-		len = 8;
+			goto badlen;
 		break;
 	case ROUTER_KEY:
 		if (rs->version < 1)
 			goto badversion;
-		len = 36;	/* XXX probably too small, but we ignore it */
+		if (len < sizeof(struct rtr_routerkey))
-		/* FALLTHROUGH */
+			goto badlen;
+		break;
 	case ERROR_REPORT:
-		if (*msglen > RTR_MAX_LEN) {
+		if (len < 16)
- toobig:
+			goto badlen;
-			log_warnx("rtr %s: received %s: msg too big: %zu byte",
+		break;
-			    log_rtr(rs), log_rtr_type(rh.type), *msglen);
-			rtr_send_error(rs, CORRUPT_DATA, "too big", hdr);
-			return -1;
-		}
-		if (*msglen < len) {
- toosmall:
-			log_warnx("rtr %s: received %s: msg too small: "
-			    "%zu byte", log_rtr(rs), log_rtr_type(rh.type),
-			    *msglen);
-			rtr_send_error(rs, CORRUPT_DATA, "too small", hdr);
-			return -1;
-		}
-		/*
-		 * session_id check omitted since ROUTER_KEY and ERROR_REPORT
-		 * use the field for different things.
-		 */
-		return 0;
 	case ASPA:
 		if (rs->version < 2)
 			goto badversion;
-		session_id = 0;
+		if (len < sizeof(struct rtr_aspa) || (len % 4) != 0)
-		/* unlike all other messages ASPA is variable sized */
+			goto badlen;
-		if (*msglen > RTR_MAX_LEN)
-			goto toobig;
-		if (*msglen < sizeof(struct rtr_aspa))
-			goto toosmall;
-		/* len must be a multiple of 4 */
-		len = *msglen & ~0x3;
 		break;
 	default:
-		log_warnx("rtr %s: received unknown message: type %s",
+		log_warnx("rtr %s: received unsupported pdu: type %s",
 		    log_rtr(rs), log_rtr_type(rh.type));
 		rtr_send_error(rs, UNSUPP_PDU_TYPE, NULL, hdr);
 		return -1;
 	}
 
-	if (len != *msglen) {
+	*msglen = len;
-		log_warnx("rtr %s: received %s: illegal len: %zu byte not %u",
+	*msgtype = rh.type;
-		    log_rtr(rs), log_rtr_type(rh.type), *msglen, len);
-		rtr_send_error(rs, CORRUPT_DATA, "bad length", hdr);
-		return -1;
-	}
-
-	if (session_id != ntohs(rh.session_id)) {
-		/* ignore SERIAL_NOTIFY during startup */
-		if (rs->session_id == -1 && rh.type == SERIAL_NOTIFY)
-			return 0;
-
-		log_warnx("rtr %s: received %s: bad session_id: %d != %d",
-		    log_rtr(rs), log_rtr_type(rh.type), ntohs(rh.session_id),
-		    session_id);
-		rtr_send_error(rs, CORRUPT_DATA, "bad session_id", hdr);
-		return -1;
-	}
 
 	return 0;
+
+ badlen:
+	log_warnx("rtr %s: received %s: bad pdu length: %zu bytes",
+	    log_rtr(rs), log_rtr_type(rh.type), len);
+	rtr_send_error(rs, CORRUPT_DATA, "bad length", hdr);
+	return -1;
+
+ badversion:
+	log_warnx("rtr %s: received %s message: unexpected version %d",
+	    log_rtr(rs), log_rtr_type(rh.type), rh.version);
+	rtr_send_error(rs, UNEXP_PROTOCOL_VERS, NULL, hdr);
+	return -1;
 }
 
 static int
 rtr_parse_notify(struct rtr_session *rs, struct ibuf *pdu)
 {
-	if (rs->state == RTR_STATE_EXCHANGE ||
+	struct rtr_notify notify;
-	    rs->state == RTR_STATE_NEGOTIATION) {
+
+	/* ignore SERIAL_NOTIFY during startup */
+	if (rs->state == RTR_STATE_NEGOTIATION)
+		return 0;
+
+	if (ibuf_get(pdu, &notify, sizeof(notify)) == -1) {
+		log_warnx("rtr %s: received %s: bad pdu length",
+		    log_rtr(rs), log_rtr_type(SERIAL_NOTIFY));
+		rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
+		return -1;
+	}
+
+	if (rtr_check_session_id(rs, rs->session_id, &notify.hdr, pdu) == -1)
+		return -1;
+
+	if (rs->state != RTR_STATE_ESTABLISHED) {
 		log_warnx("rtr %s: received %s: while in state %s (ignored)",
 		    log_rtr(rs), log_rtr_type(SERIAL_NOTIFY),
 		    rtr_statenames[rs->state]);
@@ -484,10 +548,26 @@ rtr_parse_notify(struct rtr_session *rs, struct ibuf *pdu)
 static int
 rtr_parse_cache_response(struct rtr_session *rs, struct ibuf *pdu)
 {
-	if (rs->state != RTR_STATE_ESTABLISHED &&
+	struct rtr_response resp;
-	    rs->state != RTR_STATE_NEGOTIATION) {
+
+	if (ibuf_get(pdu, &resp, sizeof(resp)) == -1) {
+		log_warnx("rtr %s: received %s: bad pdu length",
+		    log_rtr(rs), log_rtr_type(CACHE_RESPONSE));
+		rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
+		return -1;
+	}
+
+	/* set session_id if not yet happened */
+	if (rs->session_id == -1)
+		rs->session_id = ntohs(resp.hdr.session_id);
+
+	if (rtr_check_session_id(rs, rs->session_id, &resp.hdr, pdu) == -1)
+		return -1;
+
+	if (rs->state != RTR_STATE_ESTABLISHED) {
 		log_warnx("rtr %s: received %s: out of context",
 		    log_rtr(rs), log_rtr_type(CACHE_RESPONSE));
+		rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
 		return -1;
 	}
 
@@ -501,18 +581,20 @@ rtr_parse_ipv4_prefix(struct rtr_session *rs, struct ibuf *pdu)
 	struct rtr_ipv4 ip4;
 	struct roa *roa;
 
-	if (ibuf_skip(pdu, sizeof(struct rtr_header)) == -1 ||
+	if (ibuf_get(pdu, &ip4, sizeof(ip4)) == -1) {
-	    ibuf_get(pdu, &ip4, sizeof(ip4)) == -1) {
+		log_warnx("rtr %s: received %s: bad pdu length",
-		log_warnx("rtr %s: received %s: bad pdu len",
 		    log_rtr(rs), log_rtr_type(IPV4_PREFIX));
-		rtr_send_error(rs, CORRUPT_DATA, "bad len", pdu);
+		rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
 		return -1;
 	}
 
+	if (rtr_check_session_id(rs, 0, &ip4.hdr, pdu) == -1)
+		return -1;
+
 	if (rs->state != RTR_STATE_EXCHANGE) {
 		log_warnx("rtr %s: received %s: out of context",
 		    log_rtr(rs), log_rtr_type(IPV4_PREFIX));
-		rtr_send_error(rs, CORRUPT_DATA, NULL, pdu);
+		rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
 		return -1;
 	}
 
@@ -569,18 +651,20 @@ rtr_parse_ipv6_prefix(struct rtr_session *rs, struct ibuf *pdu)
 	struct rtr_ipv6 ip6;
 	struct roa *roa;
 
-	if (ibuf_skip(pdu, sizeof(struct rtr_header)) == -1 ||
+	if (ibuf_get(pdu, &ip6, sizeof(ip6)) == -1) {
-	    ibuf_get(pdu, &ip6, sizeof(ip6)) == -1) {
+		log_warnx("rtr %s: received %s: bad pdu length",
-		log_warnx("rtr %s: received %s: bad pdu len",
 		    log_rtr(rs), log_rtr_type(IPV6_PREFIX));
-		rtr_send_error(rs, CORRUPT_DATA, "bad len", pdu);
+		rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
 		return -1;
 	}
 
+	if (rtr_check_session_id(rs, 0, &ip6.hdr, pdu) == -1)
+		return -1;
+
 	if (rs->state != RTR_STATE_EXCHANGE) {
 		log_warnx("rtr %s: received %s: out of context",
 		    log_rtr(rs), log_rtr_type(IPV6_PREFIX));
-		rtr_send_error(rs, CORRUPT_DATA, NULL, pdu);
+		rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
 		return -1;
 	}
 
@@ -638,25 +722,24 @@ rtr_parse_aspa(struct rtr_session *rs, struct ibuf *pdu)
 	struct aspa_set *aspa, *a;
 	uint16_t cnt, i;
 
-	if (ibuf_skip(pdu, sizeof(struct rtr_header)) == -1 ||
+	if (ibuf_get(pdu, &rtr_aspa, sizeof(rtr_aspa)) == -1) {
-	    ibuf_get(pdu, &rtr_aspa, sizeof(rtr_aspa)) == -1) {
+		log_warnx("rtr %s: received %s: bad pdu length",
-		log_warnx("rtr %s: received %s: bad pdu len",
 		    log_rtr(rs), log_rtr_type(ASPA));
-		rtr_send_error(rs, CORRUPT_DATA, "bad len", pdu);
+		rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
 		return -1;
 	}
 	cnt = ntohs(rtr_aspa.cnt);
 	if (ibuf_size(pdu) != cnt * sizeof(uint32_t)) {
-		log_warnx("rtr %s: received %s: bad pdu len",
+		log_warnx("rtr %s: received %s: bad pdu length",
 		    log_rtr(rs), log_rtr_type(ASPA));
-		rtr_send_error(rs, CORRUPT_DATA, "bad len", pdu);
+		rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
 		return -1;
 	}
 
 	if (rs->state != RTR_STATE_EXCHANGE) {
 		log_warnx("rtr %s: received %s: out of context",
 		    log_rtr(rs), log_rtr_type(ASPA));
-		rtr_send_error(rs, CORRUPT_DATA, NULL, pdu);
+		rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
 		return -1;
 	}
 
@@ -686,9 +769,9 @@ rtr_parse_aspa(struct rtr_session *rs, struct ibuf *pdu)
 		}
 		for (i = 0; i < cnt; i++) {
 			if (ibuf_get_n32(pdu, &aspa->tas[i]) == -1) {
-				log_warnx("rtr %s: received %s: bad pdu len",
+				log_warnx("rtr %s: received %s: bad pdu length",
 				    log_rtr(rs), log_rtr_type(ASPA));
-				rtr_send_error(rs, CORRUPT_DATA, "bad len",
+				rtr_send_error(rs, CORRUPT_DATA, "bad length",
 				    pdu);
 				return -1;
 			}
@@ -727,22 +810,58 @@ rtr_parse_aspa(struct rtr_session *rs, struct ibuf *pdu)
 	return 0;
 }
 
+static int
+rtr_parse_end_of_data_v0(struct rtr_session *rs, struct ibuf *pdu)
+{
+	struct rtr_endofdata_v0 eod;
+
+	if (ibuf_get(pdu, &eod, sizeof(eod)) == -1) {
+		log_warnx("rtr %s: received %s: bad pdu length",
+		    log_rtr(rs), log_rtr_type(END_OF_DATA));
+		rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
+		return -1;
+	}
+
+	if (rtr_check_session_id(rs, rs->session_id, &eod.hdr, pdu) == -1)
+		return -1;
+
+	if (rs->state != RTR_STATE_EXCHANGE) {
+		log_warnx("rtr %s: received %s: out of context",
+		    log_rtr(rs), log_rtr_type(END_OF_DATA));
+		rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
+		return -1;
+	}
+
+	rs->serial = ntohl(eod.serial);
+
+	rtr_fsm(rs, RTR_EVNT_END_OF_DATA);
+	return 0;
+}
+
 static int
 rtr_parse_end_of_data(struct rtr_session *rs, struct ibuf *pdu)
 {
 	struct rtr_endofdata eod;
 	uint32_t t;
 
-	if (ibuf_skip(pdu, sizeof(struct rtr_header)) == -1 ||
+	/* version 0 does not have the timing values */
-	    ibuf_get(pdu, &eod, sizeof(eod)) == -1) {
+	if (rs->version == 0)
-		log_warnx("rtr %s: received %s: bad pdu len",
+		return rtr_parse_end_of_data_v0(rs, pdu);
+
+	if (ibuf_get(pdu, &eod, sizeof(eod)) == -1) {
+		log_warnx("rtr %s: received %s: bad pdu length",
 		    log_rtr(rs), log_rtr_type(END_OF_DATA));
+		rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
 		return -1;
 	}
 
+	if (rtr_check_session_id(rs, rs->session_id, &eod.hdr, pdu) == -1)
+		return -1;
+
 	if (rs->state != RTR_STATE_EXCHANGE) {
 		log_warnx("rtr %s: received %s: out of context",
 		    log_rtr(rs), log_rtr_type(END_OF_DATA));
+		rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
 		return -1;
 	}
 
@@ -769,15 +888,29 @@ rtr_parse_end_of_data(struct rtr_session *rs, struct ibuf *pdu)
 bad:
 	log_warnx("rtr %s: received %s: bad timeout values",
 	    log_rtr(rs), log_rtr_type(END_OF_DATA));
+	rtr_send_error(rs, CORRUPT_DATA, "bad timeout values", pdu);
 	return -1;
 }
 
 static int
 rtr_parse_cache_reset(struct rtr_session *rs, struct ibuf *pdu)
 {
+	struct rtr_reset reset;
+
+	if (ibuf_get(pdu, &reset, sizeof(reset)) == -1) {
+		log_warnx("rtr %s: received %s: bad pdu length",
+		    log_rtr(rs), log_rtr_type(CACHE_RESET));
+		rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
+		return -1;
+	}
+
+	if (rtr_check_session_id(rs, 0, &reset.hdr, pdu) == -1)
+		return -1;
+
 	if (rs->state != RTR_STATE_ESTABLISHED) {
 		log_warnx("rtr %s: received %s: out of context",
 		    log_rtr(rs), log_rtr_type(CACHE_RESET));
+		rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
 		return -1;
 	}
 
@@ -892,38 +1025,28 @@ rtr_process_msg(struct rtr_session *rs)
 
 		switch (msgtype) {
 		case SERIAL_NOTIFY:
-			if (rtr_parse_notify(rs, &msg) == -1) {
+			if (rtr_parse_notify(rs, &msg) == -1)
-				rtr_send_error(rs, CORRUPT_DATA, NULL, &msg);
 				return;
-			}
 			break;
 		case CACHE_RESPONSE:
-			if (rtr_parse_cache_response(rs, &msg) == -1) {
+			if (rtr_parse_cache_response(rs, &msg) == -1)
-				rtr_send_error(rs, CORRUPT_DATA, NULL, &msg);
 				return;
-			}
 			break;
 		case IPV4_PREFIX:
-			if (rtr_parse_ipv4_prefix(rs, &msg) == -1) {
+			if (rtr_parse_ipv4_prefix(rs, &msg) == -1)
 				return;
-			}
 			break;
 		case IPV6_PREFIX:
-			if (rtr_parse_ipv6_prefix(rs, &msg) == -1) {
+			if (rtr_parse_ipv6_prefix(rs, &msg) == -1)
 				return;
-			}
 			break;
 		case END_OF_DATA:
-			if (rtr_parse_end_of_data(rs, &msg) == -1) {
+			if (rtr_parse_end_of_data(rs, &msg) == -1)
-				rtr_send_error(rs, CORRUPT_DATA, NULL, &msg);
 				return;
-			}
 			break;
 		case CACHE_RESET:
-			if (rtr_parse_cache_reset(rs, &msg) == -1) {
+			if (rtr_parse_cache_reset(rs, &msg) == -1)
-				rtr_send_error(rs, CORRUPT_DATA, NULL, &msg);
 				return;
-			}
 			break;
 		case ROUTER_KEY:
 			/* silently ignore router key */
@@ -935,14 +1058,13 @@ rtr_process_msg(struct rtr_session *rs)
 			}
 			break;
 		case ASPA:
-			if (rtr_parse_aspa(rs, &msg) == -1) {
+			if (rtr_parse_aspa(rs, &msg) == -1)
 				return;
-			}
 			break;
 		default:
-			log_warnx("rtr %s: received %s: unexpected pdu type",
+			log_warnx("rtr %s: received %s: unsupported pdu type",
 			    log_rtr(rs), log_rtr_type(msgtype));
-			rtr_send_error(rs, INVALID_REQUEST, NULL, &msg);
+			rtr_send_error(rs, UNSUPP_PDU_TYPE, NULL, &msg);
 			return;
 		}
 	}
@@ -1094,6 +1216,9 @@ rtr_fsm(struct rtr_session *rs, enum rtr_event event)
 		/* flush receive buffer */
 		rs->r.wpos = 0;
 		break;
+	case RTR_EVNT_NEGOTIATION_DONE:
+		rs->state = RTR_STATE_ESTABLISHED;
+		break;
 	}
 
 	log_debug("rtr %s: state change %s -> %s, reason: %s",

usr.sbin/makefs/ffs.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ffs.c,v 1.38 2023/08/08 04:45:44 guenther Exp $	*/
+/*	$OpenBSD: ffs.c,v 1.39 2024/01/09 03:16:00 guenther Exp $	*/
 /*	$NetBSD: ffs.c,v 1.66 2015/12/21 00:58:08 christos Exp $	*/
 
 /*
@@ -550,9 +550,9 @@ ffs_size_dir(fsnode *root, fsinfo_t *fsopts)
 
 #define	ADDDIRENT(e) do {						\
 	tmpdir.d_namlen = strlen((e));					\
-	this = DIRSIZ(NEWDIRFMT, &tmpdir);				\
+	this = DIRSIZ(&tmpdir);						\
-	if (this + curdirsize > roundup(curdirsize, DIRBLKSIZ))	\
+	if (this + curdirsize > roundup(curdirsize, DIRBLKSIZ))		\
-		curdirsize = roundup(curdirsize, DIRBLKSIZ);	\
+		curdirsize = roundup(curdirsize, DIRBLKSIZ);		\
 	curdirsize += this;						\
 } while (0);
 
@@ -887,12 +887,12 @@ ffs_make_dirbuf(dirbuf_t *dbuf, const char *name, fsnode *node)
 	de.d_type = IFTODT(node->type);
 	de.d_namlen = (uint8_t)strlen(name);
 	strlcpy(de.d_name, name, sizeof de.d_name);
-	de.d_reclen = DIRSIZ(NEWDIRFMT, &de);
+	de.d_reclen = DIRSIZ(&de);
 
 	dp = (struct direct *)(dbuf->buf + dbuf->cur);
 	llen = 0;
 	if (dp != NULL)
-		llen = DIRSIZ(NEWDIRFMT, dp);
+		llen = DIRSIZ(dp);
 
 	if (de.d_reclen + dbuf->cur + llen > roundup(dbuf->size, DIRBLKSIZ)) {
 		newbuf = erealloc(dbuf->buf, dbuf->size + DIRBLKSIZ);

usr.sbin/radiusd/radiusd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusd.c,v 1.33 2023/10/23 00:58:32 yasuoka Exp $	*/
+/*	$OpenBSD: radiusd.c,v 1.34 2024/01/08 04:16:48 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2013, 2023 Internet Initiative Japan Inc.
@@ -1545,6 +1545,13 @@ radiusd_module_response_decoration(struct radiusd_module *module,
 		radiusd_access_request_aborted(q);
 		return;
 	}
+	if (imsg_compose_radius_packet(&module->ibuf,
+	    IMSG_RADIUSD_MODULE_RESDECO0_REQ, q->id, q->req) == -1) {
+		log_warn("q=%u Could not send RESDECO0_REQ to `%s'", q->id,
+		    module->name);
+		radiusd_access_request_aborted(q);
+		return;
+	}
 	if (imsg_compose_radius_packet(&module->ibuf,
 	    IMSG_RADIUSD_MODULE_RESDECO, q->id, q->res) == -1) {
 		log_warn("q=%u Could not send RESDECO to `%s'", q->id,

usr.sbin/radiusd/radiusd.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusd.h,v 1.5 2023/09/08 05:56:22 yasuoka Exp $	*/
+/*	$OpenBSD: radiusd.h,v 1.6 2024/01/08 04:16:48 yasuoka Exp $	*/
 
 #ifndef	RADIUSD_H
 #define	RADIUSD_H 1
@@ -42,6 +42,7 @@ enum imsg_type {
 	IMSG_RADIUSD_MODULE_ACCSREQ_ABORTED,
 	IMSG_RADIUSD_MODULE_REQDECO,
 	IMSG_RADIUSD_MODULE_REQDECO_DONE,
+	IMSG_RADIUSD_MODULE_RESDECO0_REQ, /* request pkt for RESDECO */
 	IMSG_RADIUSD_MODULE_RESDECO,
 	IMSG_RADIUSD_MODULE_RESDECO_DONE,
 	IMSG_RADIUSD_MODULE_STOP

usr.sbin/radiusd/radiusd_module.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusd_module.c,v 1.14 2023/09/08 05:56:22 yasuoka Exp $	*/
+/*	$OpenBSD: radiusd_module.c,v 1.15 2024/01/08 04:16:48 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
@@ -49,7 +49,7 @@ static void	(*module_access_request) (void *, u_int, const u_char *,
 static void	(*module_request_decoration) (void *, u_int, const u_char *,
 		    size_t) = NULL;
 static void	(*module_response_decoration) (void *, u_int, const u_char *,
-		    size_t) = NULL;
+		    size_t, const u_char *, size_t) = NULL;
 
 struct module_base {
 	void			*ctx;
@@ -60,6 +60,9 @@ struct module_base {
 	u_char			*radpkt;
 	int			 radpktsiz;
 	int			 radpktoff;
+	u_char			*radpkt2;
+	int			 radpkt2siz;	/* allocated size */
+	int			 radpkt2len;	/* actual size */
 
 #ifdef USE_LIBEVENT
 	struct module_imsgbuf	*module_imsgbuf;
@@ -131,7 +134,11 @@ module_run(struct module_base *base)
 void
 module_destroy(struct module_base *base)
 {
-	imsg_clear(&base->ibuf);
+	if (base != NULL) {
+		free(base->radpkt);
+		free(base->radpkt2);
+		imsg_clear(&base->ibuf);
+	}
 	free(base);
 }
 
@@ -438,6 +445,7 @@ module_imsg_handler(struct module_base *base, struct imsg *imsg)
 	    }
 	case IMSG_RADIUSD_MODULE_ACCSREQ:
 	case IMSG_RADIUSD_MODULE_REQDECO:
+	case IMSG_RADIUSD_MODULE_RESDECO0_REQ:
 	case IMSG_RADIUSD_MODULE_RESDECO:
 	    {
 		struct radiusd_module_radpkt_arg	*accessreq;
@@ -464,7 +472,10 @@ module_imsg_handler(struct module_base *base, struct imsg *imsg)
 				    "module doesn't support");
 				break;
 			}
-			typestr = "RESDECO";
+			if (imsg->hdr.type == IMSG_RADIUSD_MODULE_RESDECO0_REQ)
+				typestr = "RESDECO0_REQ";
+			else
+				typestr = "RESDECO";
 		}
 
 		if (datalen <
@@ -512,9 +523,28 @@ module_imsg_handler(struct module_base *base, struct imsg *imsg)
 		else if (imsg->hdr.type == IMSG_RADIUSD_MODULE_REQDECO)
 			module_request_decoration(base->ctx, accessreq->q_id,
 			    base->radpkt, base->radpktoff);
-		else
+		else if (imsg->hdr.type == IMSG_RADIUSD_MODULE_RESDECO0_REQ) {
+			/* preserve request */
+			if (base->radpktoff > base->radpkt2siz) {
+				u_char *nradpkt;
+				if ((nradpkt = realloc(base->radpkt2,
+				    base->radpktoff)) == NULL) {
+					syslog(LOG_ERR, "Could not handle "
+					    "received %s message: %m", typestr);
+					base->radpktoff = 0;
+					goto accsreq_out;
+				}
+				base->radpkt2 = nradpkt;
+				base->radpkt2siz = base->radpktoff;
+			}
+			memcpy(base->radpkt2, base->radpkt, base->radpktoff);
+			base->radpkt2len = base->radpktoff;
+		} else {
 			module_response_decoration(base->ctx, accessreq->q_id,
-			    base->radpkt, base->radpktoff);
+			    base->radpkt2, base->radpkt2len, base->radpkt,
+			    base->radpktoff);
+			base->radpkt2len = 0;
+		}
 		base->radpktoff = 0;
 accsreq_out:
 		break;

usr.sbin/radiusd/radiusd_module.h

@@ -41,7 +41,7 @@ struct module_handlers {
 	    size_t pktlen);
 
 	void (*response_decoration)(void *ctx, u_int query_id,
-	    const u_char *pkt, size_t pktlen);
+	    const u_char *req, size_t reqlen, const u_char *res, size_t reslen);
 };
 
 #define SYNTAX_ASSERT(_cond, _msg)				\

usr.sbin/radiusd/radiusd_standard.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusd_standard.c,v 1.1 2023/09/08 05:56:22 yasuoka Exp $	*/
+/*	$OpenBSD: radiusd_standard.c,v 1.2 2024/01/08 04:16:48 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2013, 2023 Internet Initiative Japan Inc.
@@ -52,7 +52,8 @@ struct module_standard {
 static void	 module_standard_config_set(void *, const char *, int,
 		    char * const *);
 static void	 module_standard_reqdeco(void *, u_int, const u_char *, size_t);
-static void	 module_standard_resdeco(void *, u_int, const u_char *, size_t);
+static void	 module_standard_resdeco(void *, u_int, const u_char *, size_t,
+		    const u_char *, size_t);
 
 int
 main(int argc, char *argv[])
@@ -261,38 +262,39 @@ module_standard_reqdeco(void *ctx, u_int q_id, const u_char *pkt, size_t pktlen)
 
 /* response message decoration */
 static void
-module_standard_resdeco(void *ctx, u_int q_id, const u_char *pkt, size_t pktlen)
+module_standard_resdeco(void *ctx, u_int q_id, const u_char *req, size_t reqlen,
+    const u_char *res, size_t reslen)
 {
 	struct module_standard	*module = ctx;
-	RADIUS_PACKET		*radpkt = NULL;
+	RADIUS_PACKET		*radres = NULL;
 	struct attr		*attr;
 
 	TAILQ_FOREACH(attr, &module->remove_reqattrs, next) {
-		if (radpkt == NULL &&
+		if (radres == NULL &&
-		    (radpkt = radius_convert_packet(pkt, pktlen)) == NULL) {
+		    (radres = radius_convert_packet(res, reslen)) == NULL) {
-			syslog(LOG_ERR,
+			 syslog(LOG_ERR,
 			    "%s: radius_convert_packet() failed: %m", __func__);
 			module_stop(module->base);
 			return;
 		}
 		if (attr->type != RADIUS_TYPE_VENDOR_SPECIFIC)
-			radius_del_attr_all(radpkt, attr->type);
+			radius_del_attr_all(radres, attr->type);
 		else
-			radius_del_vs_attr_all(radpkt, attr->vendor,
+			radius_del_vs_attr_all(radres, attr->vendor,
 			    attr->vtype);
 	}
-	if (radpkt == NULL) {
+	if (radres == NULL) {
-		pkt = NULL;
+		res = NULL;
-		pktlen = 0;
+		reslen = 0;
 	} else {
-		pkt = radius_get_data(radpkt);
+		res = radius_get_data(radres);
-		pktlen = radius_get_length(radpkt);
+		reslen = radius_get_length(radres);
 	}
-	if (module_resdeco_done(module->base, q_id, pkt, pktlen) == -1) {
+	if (module_resdeco_done(module->base, q_id, res, reslen) == -1) {
 		syslog(LOG_ERR, "%s: module_resdeco_done() failed: %m",
 		    __func__);
 		module_stop(module->base);
 	}
-	if (radpkt != NULL)
+	if (radres != NULL)
-		radius_delete_packet(radpkt);
+		radius_delete_packet(radres);
 }

usr.sbin/rpki-client/parser.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.106 2023/12/29 17:15:10 tb Exp $ */
+/*	$OpenBSD: parser.c,v 1.107 2024/01/08 19:46:19 tb Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -38,6 +38,8 @@
 
 #include "extern.h"
 
+extern int noop;
+
 static X509_STORE_CTX	*ctx;
 static struct auth_tree	 auths = RB_INITIALIZER(&auths);
 static struct crl_tree	 crlt = RB_INITIALIZER(&crlt);
@@ -390,7 +392,7 @@ proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile,
 		warnx("%s: manifest misissuance, #%s was recycled",
 		    file1, mft1->seqnum);
 
-	if (r == 1) {
+	if (!noop && r == 1) {
 		*mp = proc_parser_mft_post(file1, mft1, entp->path, err1,
 		    &warned);
 		if (*mp == NULL) {

usr.sbin/vmd/vm.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: vm.c,v 1.94 2023/09/26 01:53:54 dv Exp $	*/
+/*	$OpenBSD: vm.c,v 1.95 2024/01/10 04:13:59 dv Exp $	*/
 
 /*
  * Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
@@ -1750,6 +1750,8 @@ vcpu_exit_inout(struct vm_run_params *vrp)
 	else if (vei->vei.vei_dir == VEI_DIR_IN)
 		set_return_data(vei, 0xFFFFFFFF);
 
+	vei->vrs.vrs_gprs[VCPU_REGS_RIP] += vei->vei.vei_insn_len;
+
 	if (intr != 0xFF)
 		vcpu_assert_pic_irq(vrp->vrp_vm_id, vrp->vrp_vcpu_id, intr);
 }