sync with OpenBSD -current

etc/skel/dot.version

@@ -1 +1 @@
-# SecBSD 1.4-266d9df: Thu Jan 18 08:15:34 UTC 2024 (Mictlantecuhtli)
+# SecBSD 1.4-ddf4db4: Thu Feb  1 02:09:51 UTC 2024 (Mictlantecuhtli)

gnu/usr.bin/binutils/gdb/amd64obsd-tdep.c

@@ -362,7 +362,7 @@ static int amd64obsd_tf_reg_offset[] =
 {
   14 * 8,			/* %rax */
   13 * 8,			/* %rbx */
-  3 * 8,			/* %rcx */
+  6 * 8,			/* %rcx */
   2 * 8,			/* %rdx */
   1 * 8,			/* %rsi */
   0 * 8,			/* %rdi */
@@ -370,7 +370,7 @@ static int amd64obsd_tf_reg_offset[] =
   20 * 8,			/* %rsp */
   4 * 8,			/* %r8 ... */
   5 * 8,
-  6 * 8,
+  3 * 8,
   7 * 8,
   8 * 8,
   9 * 8,

lib/libcrypto/man/EVP_CIPHER_do_all.3

@@ -1,6 +1,7 @@
-.\" $OpenBSD: EVP_CIPHER_do_all.3,v 1.1 2023/08/30 00:58:57 tb Exp $
+.\" $OpenBSD: EVP_CIPHER_do_all.3,v 1.2 2024/01/31 08:02:53 tb Exp $
 .\"
-.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
+.\" Copyright (c) 2023,2024 Theo Buehler <tb@openbsd.org>
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 30 2023 $
+.Dd $Mdocdate: January 31 2024 $
 .Dt EVP_CIPHER_DO_ALL 3
 .Os
 .Sh NAME
@@ -49,6 +50,27 @@
  const char *to, void *arg)"
 .Fa "void *arg"
 .Fc
+.Bd -literal
+typedef struct {
+        int	    type;
+        int	    alias;
+        const char *name;
+        const char *data;
+} OBJ_NAME;
+.Ed
+.Pp
+.Ft void
+.Fo OBJ_NAME_do_all
+.Fa "int type"
+.Fa "void (*fn)(const OBJ_NAME *obj_name, void *arg)"
+.Fa "void *arg"
+.Fc
+.Ft void
+.Fo OBJ_NAME_do_all_sorted
+.Fa "int type"
+.Fa "void (*fn)(const OBJ_NAME *obj_name, void *arg)"
+.Fa "void *arg"
+.Fc
 .Sh DESCRIPTION
 .Fn EVP_CIPHER_do_all
 calls
@@ -117,18 +139,71 @@ in lexicographic order of their
 .Fa from
 names as determined by
 .Xr strcmp 3 .
+.Pp
+.Vt OBJ_NAME
+is an abstraction of the types underlying the lookup tables
+for ciphers and their aliases, and digests and their aliases, respectively.
+For a cipher,
+.Fa type
+is
+.Dv OBJ_NAME_TYPE_CIPHER_METH ,
+.Fa alias
+is 0,
+.Fa name
+is its lookup name and
+.Fa data
+is the
+.Vt EVP_CIPHER
+object it represents, cast to
+.Vt const char * .
+For a cipher alias,
+.Fa type
+is
+.Dv OBJ_NAME_TYPE_CIPHER_METH ,
+.Fa alias
+is
+.Dv OBJ_NAME_ALIAS ,
+.Fa name
+is its lookup name and
+.Fa data
+is the name it aliases.
+Digests representing an
+.Vt EVP_MD
+object and their aliases are represented similarly, except that their type is
+.Dv OBJ_NAME_TYPE_MD_METH .
+.Pp
+.Fn OBJ_NAME_do_all
+calls
+.Fa fn
+on every
+.Fa obj_name
+in the table that has the given
+.Fa type
+(either
+.Dv OBJ_NAME_TYPE_CIPHER_METH
+or
+.Dv OBJ_NAME_TYPE_MD_METH ) ,
+also passing the
+.Fa arg
+pointer.
+.Fn OBJ_NAME_do_all_sorted
+is similar except that it processes the
+.Fa obj_name
+in lexicographic order of their names as determined by
+.Xr strcmp 3 .
 .Sh SEE ALSO
 .Xr evp 3 ,
-.Xr EVP_add_cipher 3 ,
+.Xr EVP_get_cipherbyname 3 ,
-.Xr OBJ_NAME_do_all 3
+.Xr EVP_get_digestbyname 3
 .Sh HISTORY
 These functions first appeared in OpenSSL 1.0.0 and have been available since
 .Ox 4.9 .
-.Sh BUGS
+.Sh CAVEATS
-.Fn EVP_CIPHER_do_all_sorted
+.Fn EVP_CIPHER_do_all_sorted ,
+.Fn EVP_MD_do_all_sorted ,
 and
-.Fn EVP_MD_do_all_sorted
+.Fn OBJ_NAME_do_all_sorted
-are wrappers of
+cannot report errors.
-.Xr OBJ_NAME_do_all_sorted 3 .
+In some implementations they need to allocate internally and
-In particular, if memory allocation fails, they do nothing at all
+if memory allocation fails they do nothing at all,
 without telling the caller about the problem.

lib/libcrypto/man/OBJ_NAME_add.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_NAME_add.3,v 1.5 2023/09/01 12:13:13 schwarze Exp $
+.\" $OpenBSD: OBJ_NAME_add.3,v 1.6 2024/01/31 08:02:53 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 1 2023 $
+.Dd $Mdocdate: January 31 2024 $
 .Dt OBJ_NAME_ADD 3
 .Os
 .Sh NAME
@@ -23,9 +23,7 @@
 .Nm OBJ_NAME_get ,
 .Nm OBJ_NAME_new_index ,
 .Nm OBJ_NAME_init ,
-.Nm OBJ_NAME_cleanup ,
+.Nm OBJ_NAME_cleanup
-.Nm OBJ_NAME_do_all ,
-.Nm OBJ_NAME_do_all_sorted
 .Nd global associative array
 .Sh SYNOPSIS
 .In openssl/objects.h
@@ -63,19 +61,6 @@ typedef struct {
         const char *data;
 } OBJ_NAME;
 .Ed
-.Pp
-.Ft void
-.Fo OBJ_NAME_do_all
-.Fa "int type"
-.Fa "void (*fn)(const OBJ_NAME *pair, void *arg)"
-.Fa "void *arg"
-.Fc
-.Ft void
-.Fo OBJ_NAME_do_all_sorted
-.Fa "int type"
-.Fa "void (*fn)(const OBJ_NAME *pair, void *arg)"
-.Fa "void *arg"
-.Fc
 .Sh DESCRIPTION
 These functions implement a single, static associative array
 with the following properties:
@@ -264,25 +249,6 @@ If the
 field is 0, the
 .Fa data
 field contains the value; otherwise, it contains the alias target name.
-.Pp
-.Fn OBJ_NAME_do_all
-calls
-.Fa fn
-on every
-.Fa pair
-and alias in the array that has the given
-.Fa type ,
-also passing the
-.Fa arg
-pointer.
-.Fn OBJ_NAME_do_all_sorted
-is similar except that it processes the pairs and aliases
-in lexicographic order of their names as determined by
-.Xr strcmp 3 ,
-ignoring any
-.Fa cmp_func
-that may be defined for the
-.Fa type .
 .Sh RETURN VALUES
 .Fn OBJ_NAME_add
 and
@@ -339,8 +305,3 @@ that requires more cleanup than merely calling
 .Xr free 3
 on it, instances of the type need to begin with a magic number or string
 that cannot occur at the beginning of a name.
-.Pp
-.Fn OBJ_NAME_do_all_sorted
-is unable to report errors.
-If memory allocations fails, it does nothing at all
-without telling the caller about the problem.

lib/libcrypto/man/OBJ_create.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_create.3,v 1.9 2024/01/13 19:06:20 tb Exp $
+.\" $OpenBSD: OBJ_create.3,v 1.10 2024/01/31 08:02:53 tb Exp $
 .\" full merge up to:
 .\" OpenSSL OBJ_nid2obj.pod 9b86974e Aug 17 15:21:33 2015 -0400
 .\" selective merge up to:
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 13 2024 $
+.Dd $Mdocdate: January 31 2024 $
 .Dt OBJ_CREATE 3
 .Os
 .Sh NAME
@@ -200,7 +200,6 @@ obj = OBJ_nid2obj(new_nid);
 .Ed
 .Sh SEE ALSO
 .Xr ASN1_OBJECT_new 3 ,
-.Xr OBJ_NAME_add 3 ,
 .Xr OBJ_nid2obj 3
 .Sh HISTORY
 .Fn OBJ_new_nid ,

lib/libcrypto/man/OBJ_find_sigid_algs.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_find_sigid_algs.3,v 1.1 2023/07/22 06:35:26 tb Exp $
+.\" $OpenBSD: OBJ_find_sigid_algs.3,v 1.2 2024/01/31 08:02:53 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 22 2023 $
+.Dd $Mdocdate: January 31 2024 $
 .Dt OBJ_FIND_SIGID_ALGS 3
 .Os
 .Sh NAME
@@ -82,7 +82,6 @@ is not built into the library.
 .Sh SEE ALSO
 .Xr EVP_cleanup 3 ,
 .Xr OBJ_create 3 ,
-.Xr OBJ_NAME_add 3 ,
 .Xr OBJ_nid2obj 3
 .Sh HISTORY
 These functions first appeared in OpenSSL 1.0.0

lib/libcrypto/man/OBJ_nid2obj.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_nid2obj.3,v 1.21 2023/09/05 13:50:22 schwarze Exp $
+.\" $OpenBSD: OBJ_nid2obj.3,v 1.22 2024/01/31 08:02:53 tb Exp $
 .\" full merge up to: OpenSSL c264592d May 14 11:28:00 2006 +0000
 .\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 5 2023 $
+.Dd $Mdocdate: January 31 2024 $
 .Dt OBJ_NID2OBJ 3
 .Os
 .Sh NAME
@@ -435,8 +435,7 @@ object = OBJ_txt2obj("1.2.3.4", 1);
 .Xr ASN1_OBJECT_new 3 ,
 .Xr BIO_new 3 ,
 .Xr d2i_ASN1_OBJECT 3 ,
-.Xr OBJ_create 3 ,
+.Xr OBJ_create 3
-.Xr OBJ_NAME_add 3
 .Sh HISTORY
 .Fn OBJ_nid2obj ,
 .Fn OBJ_nid2ln ,

share/man/man4/pfsync.4

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pfsync.4,v 1.38 2023/10/18 07:56:45 benno Exp $
+.\"	$OpenBSD: pfsync.4,v 1.39 2024/01/31 06:50:16 jmc Exp $
 .\"
 .\" Copyright (c) 2002 Michael Shalayeff
 .\" Copyright (c) 2003-2004 Ryan McBride
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 18 2023 $
+.Dd $Mdocdate: January 31 2024 $
 .Dt PFSYNC 4
 .Os
 .Sh NAME
@@ -69,11 +69,9 @@ packet where possible.
 The maximum number of times a single state can be updated before a
 .Nm
 packet will be sent out is controlled by the
-.Ar maxupd
-parameter to ifconfig
-(see
 .Xr ifconfig 8
-and the example below for more details).
+.Ar maxupd
+parameter.
 The sending out of a
 .Nm
 packet will be delayed by a maximum of one second.

sys/arch/amd64/amd64/trap.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: trap.c,v 1.103 2024/01/11 19:16:26 miod Exp $	*/
+/*	$OpenBSD: trap.c,v 1.104 2024/01/31 06:06:28 guenther Exp $	*/
 /*	$NetBSD: trap.c,v 1.2 2003/05/04 23:51:56 fvdl Exp $	*/
 
 /*-
@@ -553,7 +553,7 @@ syscall(struct trapframe *frame)
 	const struct sysent *callp;
 	struct proc *p;
 	int error = ENOSYS;
-	register_t code, args[6], rval[2], *argp;
+	register_t code, *args, rval[2];
 
 	verify_smap(__func__);
 	uvmexp.syscalls++;
@@ -565,30 +565,16 @@ syscall(struct trapframe *frame)
 	}
 
 	code = frame->tf_rax;
-	argp = &args[0];
+	args = (register_t *)&frame->tf_rdi;
 
 	if (code <= 0 || code >= SYS_MAXSYSCALL)
 		goto bad;
 	callp = sysent + code;
-	switch (callp->sy_narg) {
-	case 6:
-		args[5] = frame->tf_r9;
-	case 5:
-		args[4] = frame->tf_r8;
-	case 4:
-		args[3] = frame->tf_r10;
-	case 3:
-		args[2] = frame->tf_rdx;
-	case 2:
-		args[1] = frame->tf_rsi;
-	case 1:
-		args[0] = frame->tf_rdi;
-	}
 
 	rval[0] = 0;
 	rval[1] = 0;
 
-	error = mi_syscall(p, code, callp, argp, rval);
+	error = mi_syscall(p, code, callp, args, rval);
 
 	switch (error) {
 	case 0:

sys/arch/amd64/amd64/vmm_machdep.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: vmm_machdep.c,v 1.15 2024/01/11 17:13:48 jan Exp $ */
+/* $OpenBSD: vmm_machdep.c,v 1.16 2024/01/31 05:49:33 guenther Exp $ */
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -4187,7 +4187,7 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp)
 
 		/* Restore any guest PKRU state. */
 		if (vmm_softc->sc_md.pkru_enabled)
-			wrpkru(vcpu->vc_pkru);
+			wrpkru(0, vcpu->vc_pkru);
 
 		ret = vmx_enter_guest(&vcpu->vc_control_pa,
 		    &vcpu->vc_gueststate,
@@ -4197,7 +4197,7 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp)
 		/* Restore host PKRU state. */
 		if (vmm_softc->sc_md.pkru_enabled) {
 			vcpu->vc_pkru = rdpkru(0);
-			wrpkru(PGK_VALUE);
+			wrpkru(0, PGK_VALUE);
 		}
 
 		lidt(&idtr);
@@ -6500,7 +6500,7 @@ vcpu_run_svm(struct vcpu *vcpu, struct vm_run_params *vrp)
 
 		/* Restore any guest PKRU state. */
 		if (vmm_softc->sc_md.pkru_enabled)
-			wrpkru(vcpu->vc_pkru);
+			wrpkru(0, vcpu->vc_pkru);
 
 		KASSERT(vmcb->v_intercept1 & SVM_INTERCEPT_INTR);
 		wrmsr(MSR_AMD_VM_HSAVE_PA, vcpu->vc_svm_hsa_pa);
@@ -6511,7 +6511,7 @@ vcpu_run_svm(struct vcpu *vcpu, struct vm_run_params *vrp)
 		/* Restore host PKRU state. */
 		if (vmm_softc->sc_md.pkru_enabled) {
 			vcpu->vc_pkru = rdpkru(0);
-			wrpkru(PGK_VALUE);
+			wrpkru(0, PGK_VALUE);
 		}
 
 		/*

sys/arch/amd64/include/cpufunc.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpufunc.h,v 1.39 2023/01/30 02:32:01 dv Exp $	*/
+/*	$OpenBSD: cpufunc.h,v 1.40 2024/01/31 05:49:33 guenther Exp $	*/
 /*	$NetBSD: cpufunc.h,v 1.3 2003/05/08 10:27:43 fvdl Exp $	*/
 
 /*-
@@ -241,10 +241,10 @@ rdpkru(u_int ecx)
 }
 
 static __inline void
-wrpkru(uint32_t pkru)
+wrpkru(u_int ecx, uint32_t pkru)
 {
-	uint32_t ecx = 0, edx = 0;
+	uint32_t edx = 0;
-	__asm volatile("wrpkru" : : "a" (pkru), "c" (ecx), "d" (edx));
+	asm volatile("wrpkru" : : "a" (pkru), "c" (ecx), "d" (edx));
 }
 
 static __inline void

sys/arch/amd64/include/frame.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: frame.h,v 1.10 2018/07/10 08:57:44 guenther Exp $	*/
+/*	$OpenBSD: frame.h,v 1.11 2024/01/31 06:06:28 guenther Exp $	*/
 /*	$NetBSD: frame.h,v 1.1 2003/04/26 18:39:40 fvdl Exp $	*/
 
 /*-
@@ -82,13 +82,13 @@
  * Exception/Trap Stack Frame
  */
 struct trapframe {
-	int64_t	tf_rdi;
+	int64_t	tf_rdi;		/* ordered by syscall args... */
 	int64_t	tf_rsi;
 	int64_t	tf_rdx;
-	int64_t	tf_rcx;
-	int64_t tf_r8;
-	int64_t tf_r9;
 	int64_t tf_r10;
+	int64_t tf_r8;
+	int64_t tf_r9;		/* ...to here */
+	int64_t	tf_rcx;
 	int64_t tf_r11;
 	int64_t tf_r12;
 	int64_t tf_r13;
@@ -115,10 +115,10 @@ struct intrframe {
 	int64_t	if_rdi;
 	int64_t	if_rsi;
 	int64_t	if_rdx;
-	int64_t	if_rcx;
+	int64_t if_r10;
 	int64_t if_r8;
 	int64_t if_r9;
-	int64_t if_r10;
+	int64_t	if_rcx;
 	int64_t if_r11;
 	int64_t if_r12;
 	int64_t if_r13;

sys/arch/arm/include/vmparam.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmparam.h,v 1.19 2018/03/05 01:39:13 deraadt Exp $	*/
+/*	$OpenBSD: vmparam.h,v 1.20 2024/02/01 00:39:57 deraadt Exp $	*/
 /*	$NetBSD: vmparam.h,v 1.18 2003/05/21 18:04:44 thorpej Exp $	*/
 
 /*
@@ -46,7 +46,8 @@
 #define	USRSTACK	VM_MAXUSER_ADDRESS
 #define	KERNBASE	VM_MAXUSER_ADDRESS
 
-#define	MAXTSIZ		(64*1024*1024)		/* max text size */
+#define	MAXTSIZ		(128*1024*1024)		/* max text size */
+
 #ifndef	DFLDSIZ
 #define	DFLDSIZ		(128*1024*1024)		/* initial data size limit */
 #endif

sys/dev/fdt/com_fdt.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: com_fdt.c,v 1.8 2023/08/15 07:56:27 miod Exp $ */
+/* $OpenBSD: com_fdt.c,v 1.9 2024/01/31 01:01:10 hastings Exp $ */
 /*
  * Copyright (c) 2016 Patrick Wildt <patrick@blueri.se>
  *
@@ -55,6 +55,7 @@ com_fdt_init_cons(void)
 
 	if ((node = fdt_find_cons("brcm,bcm2835-aux-uart")) == NULL &&
 	    (node = fdt_find_cons("marvell,armada-38x-uart")) == NULL &&
+	    (node = fdt_find_cons("mediatek,mt6577-uart")) == NULL &&
 	    (node = fdt_find_cons("ns16550a")) == NULL &&
 	    (node = fdt_find_cons("snps,dw-apb-uart")) == NULL &&
 	    (node = fdt_find_cons("ti,omap3-uart")) == NULL &&
@@ -96,6 +97,7 @@ com_fdt_match(struct device *parent, void *match, void *aux)
 
 	return (OF_is_compatible(faa->fa_node, "brcm,bcm2835-aux-uart") ||
 	    OF_is_compatible(faa->fa_node, "marvell,armada-38x-uart") ||
+	    OF_is_compatible(faa->fa_node, "mediatek,mt6577-uart") ||
 	    OF_is_compatible(faa->fa_node, "ns16550a") ||
 	    OF_is_compatible(faa->fa_node, "snps,dw-apb-uart") ||
 	    OF_is_compatible(faa->fa_node, "ti,omap3-uart") ||
@@ -141,6 +143,9 @@ com_fdt_attach(struct device *parent, struct device *self, void *aux)
 	sc->sc_reg_width = OF_getpropint(faa->fa_node, "reg-io-width", width);
 	sc->sc_reg_shift = OF_getpropint(faa->fa_node, "reg-shift", shift);
 
+	if (OF_is_compatible(faa->fa_node, "mediatek,mt6577-uart"))
+		sc->sc_uarttype = COM_UART_16550A;
+
 	if (OF_is_compatible(faa->fa_node, "snps,dw-apb-uart") ||
 	    OF_is_compatible(faa->fa_node, "marvell,armada-38x-uart")) {
 		sc->sc_uarttype = COM_UART_DW_APB;

sys/net/route.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: route.c,v 1.426 2023/11/13 17:18:27 bluhm Exp $	*/
+/*	$OpenBSD: route.c,v 1.427 2024/01/31 14:56:42 bluhm Exp $	*/
 /*	$NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $	*/
 
 /*
@@ -140,6 +140,7 @@
 
 /*
  * Locks used to protect struct members:
+ *      a       atomic operations
  *      I       immutable after creation
  *      L       rtlabel_mtx
  *      T       rttimer_mtx
@@ -152,8 +153,9 @@ static uint32_t		rt_hashjitter;
 
 extern unsigned int	rtmap_limit;
 
-struct cpumem *		rtcounters;
+struct cpumem	*rtcounters;
-int			rttrash;	/* routes not in table but not freed */
+int		 rttrash;	/* [a] routes not in table but not freed */
+u_long		 rtgeneration;	/* [a] generation number, routes changed */
 
 struct pool	rtentry_pool;		/* pool for rtentry structures */
 struct pool	rttimer_pool;		/* pool for rttimer structures */
@@ -199,6 +201,33 @@ route_init(void)
 #endif
 }
 
+void
+route_cache(struct route *ro, struct in_addr addr, u_int rtableid)
+{
+	u_long gen;
+
+	gen = atomic_load_long(&rtgeneration);
+	membar_consumer();
+
+	if (rtisvalid(ro->ro_rt) &&
+	    ro->ro_generation == gen &&
+	    ro->ro_tableid == rtableid &&
+	    ro->ro_dst.sa_family == AF_INET &&
+	    satosin(&ro->ro_dst)->sin_addr.s_addr == addr.s_addr) {
+		return;
+	}
+
+	rtfree(ro->ro_rt);
+	ro->ro_rt = NULL;
+	ro->ro_generation = gen;
+	ro->ro_tableid = rtableid;
+
+	memset(&ro->ro_dst, 0, sizeof(ro->ro_dst));
+	satosin(&ro->ro_dst)->sin_family = AF_INET;
+	satosin(&ro->ro_dst)->sin_len = sizeof(struct sockaddr_in);
+	satosin(&ro->ro_dst)->sin_addr = addr;
+}
+
 /*
  * Returns 1 if the (cached) ``rt'' entry is still valid, 0 otherwise.
  */
@@ -824,6 +853,9 @@ rtrequest_delete(struct rt_addrinfo *info, u_int8_t prio, struct ifnet *ifp,
 	else
 		rtfree(rt);
 
+	membar_producer();
+	atomic_inc_long(&rtgeneration);
+
 	return (0);
 }
 
@@ -992,6 +1024,10 @@ rtrequest(int req, struct rt_addrinfo *info, u_int8_t prio,
 			*ret_nrt = rt;
 		else
 			rtfree(rt);
+
+		membar_producer();
+		atomic_inc_long(&rtgeneration);
+
 		break;
 	}
 
@@ -1829,6 +1865,9 @@ rt_if_linkstate_change(struct rtentry *rt, void *arg, u_int id)
 	}
 	if_group_routechange(rt_key(rt), rt_plen2mask(rt, &sa_mask));
 
+	membar_producer();
+	atomic_inc_long(&rtgeneration);
+
 	return (error);
 }
 

sys/net/route.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: route.h,v 1.203 2023/11/12 17:51:40 bluhm Exp $	*/
+/*	$OpenBSD: route.h,v 1.204 2024/01/31 14:56:42 bluhm Exp $	*/
 /*	$NetBSD: route.h,v 1.9 1996/02/13 22:00:49 christos Exp $	*/
 
 /*
@@ -377,6 +377,7 @@ struct sockaddr_rtsearch {
  */
 struct route {
 	struct	rtentry *ro_rt;
+	u_long		 ro_generation;
 	u_long		 ro_tableid;	/* u_long because of alignment */
 	struct	sockaddr ro_dst;
 };
@@ -438,15 +439,18 @@ void		 rtlabel_unref(u_int16_t);
 #define	RT_RESOLVE	1
 
 extern struct rtstat rtstat;
+extern u_long rtgeneration;
 
 struct mbuf;
 struct socket;
 struct ifnet;
+struct in_addr;
 struct sockaddr_in6;
 struct if_ieee80211_data;
 struct bfd_config;
 
 void	 route_init(void);
+void	 route_cache(struct route *, struct in_addr, u_int);
 void	 rtm_ifchg(struct ifnet *);
 void	 rtm_ifannounce(struct ifnet *, int);
 void	 rtm_bfd(struct bfd_config *);

sys/netinet/in_pcb.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.c,v 1.287 2024/01/28 20:34:25 bluhm Exp $	*/
+/*	$OpenBSD: in_pcb.c,v 1.288 2024/01/31 12:27:57 bluhm Exp $	*/
 /*	$NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $	*/
 
 /*
@@ -909,6 +909,11 @@ in_pcbrtentry(struct inpcb *inp)
 {
 	struct route *ro;
 
+#ifdef INET6
+	if (ISSET(inp->inp_flags, INP_IPV6))
+		in6_pcbrtentry(inp);
+#endif
+
 	ro = &inp->inp_route;
 
 	/* check if route is still valid */
@@ -921,34 +926,16 @@ in_pcbrtentry(struct inpcb *inp)
 	 * No route yet, so try to acquire one.
 	 */
 	if (ro->ro_rt == NULL) {
-#ifdef INET6
-		memset(ro, 0, sizeof(struct route_in6));
-#else
 		memset(ro, 0, sizeof(struct route));
-#endif
 
-#ifdef INET6
+		if (inp->inp_faddr.s_addr == INADDR_ANY)
-		if (ISSET(inp->inp_flags, INP_IPV6)) {
+			return (NULL);
-			if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6))
+		ro->ro_dst.sa_family = AF_INET;
-				return (NULL);
+		ro->ro_dst.sa_len = sizeof(struct sockaddr_in);
-			ro->ro_dst.sa_family = AF_INET6;
+		satosin(&ro->ro_dst)->sin_addr = inp->inp_faddr;
-			ro->ro_dst.sa_len = sizeof(struct sockaddr_in6);
+		ro->ro_tableid = inp->inp_rtableid;
-			satosin6(&ro->ro_dst)->sin6_addr = inp->inp_faddr6;
+		ro->ro_rt = rtalloc_mpath(&ro->ro_dst,
-			ro->ro_tableid = inp->inp_rtableid;
+		    &inp->inp_laddr.s_addr, ro->ro_tableid);
-			ro->ro_rt = rtalloc_mpath(&ro->ro_dst,
-			    &inp->inp_laddr6.s6_addr32[0], ro->ro_tableid);
-		} else
-#endif /* INET6 */
-		{
-			if (inp->inp_faddr.s_addr == INADDR_ANY)
-				return (NULL);
-			ro->ro_dst.sa_family = AF_INET;
-			ro->ro_dst.sa_len = sizeof(struct sockaddr_in);
-			satosin(&ro->ro_dst)->sin_addr = inp->inp_faddr;
-			ro->ro_tableid = inp->inp_rtableid;
-			ro->ro_rt = rtalloc_mpath(&ro->ro_dst,
-			    &inp->inp_laddr.s_addr, ro->ro_tableid);
-		}
 	}
 	return (ro->ro_rt);
 }

sys/netinet/in_pcb.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.h,v 1.149 2024/01/28 20:34:25 bluhm Exp $	*/
+/*	$OpenBSD: in_pcb.h,v 1.150 2024/01/31 12:27:57 bluhm Exp $	*/
 /*	$NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $	*/
 
 /*
@@ -367,6 +367,8 @@ struct rtentry *
 	in_pcbrtentry(struct inpcb *);
 
 /* INET6 stuff */
+struct rtentry *
+	in6_pcbrtentry(struct inpcb *);
 void	in6_pcbnotify(struct inpcbtable *, const struct sockaddr_in6 *,
 	u_int, const struct sockaddr_in6 *, u_int, u_int, int, void *,
 	void (*)(struct inpcb *, int));

sys/netinet/ip_input.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_input.c,v 1.387 2023/09/16 09:33:27 mpi Exp $	*/
+/*	$OpenBSD: ip_input.c,v 1.388 2024/01/31 14:56:42 bluhm Exp $	*/
 /*	$NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $	*/
 
 /*
@@ -1475,7 +1475,6 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt)
 {
 	struct mbuf mfake, *mcopy = NULL;
 	struct ip *ip = mtod(m, struct ip *);
-	struct sockaddr_in *sin;
 	struct route ro;
 	int error = 0, type = 0, code = 0, destmtu = 0, fake = 0, len;
 	u_int32_t dest;
@@ -1491,15 +1490,11 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt)
 		goto freecopy;
 	}
 
-	memset(&ro, 0, sizeof(ro));
+	ro.ro_rt = NULL;
-	sin = satosin(&ro.ro_dst);
+	route_cache(&ro, ip->ip_dst, m->m_pkthdr.ph_rtableid);
-	sin->sin_family = AF_INET;
-	sin->sin_len = sizeof(*sin);
-	sin->sin_addr = ip->ip_dst;
-
 	if (!rtisvalid(rt)) {
 		rtfree(rt);
-		rt = rtalloc_mpath(sintosa(sin), &ip->ip_src.s_addr,
+		rt = rtalloc_mpath(&ro.ro_dst, &ip->ip_src.s_addr,
 		    m->m_pkthdr.ph_rtableid);
 		if (rt == NULL) {
 			ipstat_inc(ips_noroute);
@@ -1507,6 +1502,7 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt)
 			return;
 		}
 	}
+	ro.ro_rt = rt;
 
 	/*
 	 * Save at most 68 bytes of the packet in case
@@ -1557,8 +1553,6 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt)
 		}
 	}
 
-	ro.ro_rt = rt;
-	ro.ro_tableid = m->m_pkthdr.ph_rtableid;
 	error = ip_output(m, NULL, &ro,
 	    (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)),
 	    NULL, NULL, 0);

sys/netinet/ip_output.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_output.c,v 1.393 2024/01/18 11:03:16 claudio Exp $	*/
+/*	$OpenBSD: ip_output.c,v 1.394 2024/01/31 14:56:43 bluhm Exp $	*/
 /*	$NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $	*/
 
 /*
@@ -159,28 +159,15 @@ reroute:
 	 */
 	if (ro == NULL) {
 		ro = &iproute;
-		memset(ro, 0, sizeof(*ro));
+		ro->ro_rt = NULL;
 	}
 
-	dst = satosin(&ro->ro_dst);
-
 	/*
 	 * If there is a cached route, check that it is to the same
 	 * destination and is still up.  If not, free it and try again.
 	 */
-	if (!rtisvalid(ro->ro_rt) ||
+	route_cache(ro, ip->ip_dst, m->m_pkthdr.ph_rtableid);
-	    dst->sin_addr.s_addr != ip->ip_dst.s_addr ||
+	dst = satosin(&ro->ro_dst);
-	    ro->ro_tableid != m->m_pkthdr.ph_rtableid) {
-		rtfree(ro->ro_rt);
-		ro->ro_rt = NULL;
-	}
-
-	if (ro->ro_rt == NULL) {
-		dst->sin_family = AF_INET;
-		dst->sin_len = sizeof(*dst);
-		dst->sin_addr = ip->ip_dst;
-		ro->ro_tableid = m->m_pkthdr.ph_rtableid;
-	}
 
 	if ((IN_MULTICAST(ip->ip_dst.s_addr) ||
 	    (ip->ip_dst.s_addr == INADDR_BROADCAST)) &&

sys/netinet6/in6.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6.h,v 1.112 2024/01/27 21:13:46 bluhm Exp $	*/
+/*	$OpenBSD: in6.h,v 1.113 2024/01/31 14:56:43 bluhm Exp $	*/
 /*	$KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $	*/
 
 /*
@@ -145,10 +145,11 @@ extern const struct in6_addr in6addr_linklocal_allrouters;
 
 #if __BSD_VISIBLE
 /*
- * IPv6 route structure
+ * IPv6 route structure, keep fields in sync with struct route
  */
 struct route_in6 {
 	struct	rtentry *ro_rt;
+	u_long		 ro_generation;
 	u_long		 ro_tableid;	/* padded to long for alignment */
 	struct	sockaddr_in6 ro_dst;
 };

sys/netinet6/in6_pcb.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6_pcb.c,v 1.133 2024/01/28 20:34:25 bluhm Exp $	*/
+/*	$OpenBSD: in6_pcb.c,v 1.134 2024/01/31 12:27:57 bluhm Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -561,6 +561,35 @@ in6_pcbnotify(struct inpcbtable *table, const struct sockaddr_in6 *dst,
 	rw_exit_write(&table->inpt_notify);
 }
 
+struct rtentry *
+in6_pcbrtentry(struct inpcb *inp)
+{
+	struct route_in6 *ro = &inp->inp_route6;
+
+	/* check if route is still valid */
+	if (!rtisvalid(ro->ro_rt)) {
+		rtfree(ro->ro_rt);
+		ro->ro_rt = NULL;
+	}
+
+	/*
+	 * No route yet, so try to acquire one.
+	 */
+	if (ro->ro_rt == NULL) {
+		memset(ro, 0, sizeof(struct route_in6));
+
+		if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6))
+			return (NULL);
+		ro->ro_dst.sin6_family = AF_INET6;
+		ro->ro_dst.sin6_len = sizeof(struct sockaddr_in6);
+		ro->ro_dst.sin6_addr = inp->inp_faddr6;
+		ro->ro_tableid = inp->inp_rtableid;
+		ro->ro_rt = rtalloc_mpath(sin6tosa(&ro->ro_dst),
+		    &inp->inp_laddr6.s6_addr32[0], ro->ro_tableid);
+	}
+	return (ro->ro_rt);
+}
+
 struct inpcb *
 in6_pcbhash_lookup(struct inpcbtable *table, uint64_t hash, u_int rdomain,
     const struct in6_addr *faddr, u_short fport,

sys/netinet6/ip6_output.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_output.c,v 1.283 2024/01/18 11:03:16 claudio Exp $	*/
+/*	$OpenBSD: ip6_output.c,v 1.284 2024/01/31 12:27:57 bluhm Exp $	*/
 /*	$KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $	*/
 
 /*
@@ -1486,7 +1486,7 @@ do { \
 			if (!(so->so_state & SS_ISCONNECTED))
 				return (ENOTCONN);
 
-			rt = in_pcbrtentry(inp);
+			rt = in6_pcbrtentry(inp);
 			if (!rtisvalid(rt))
 				return (EHOSTUNREACH);
 

usr.sbin/bgpctl/bgpctl.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpctl.c,v 1.303 2024/01/30 13:51:13 claudio Exp $ */
+/*	$OpenBSD: bgpctl.c,v 1.304 2024/01/31 11:23:19 claudio Exp $ */
 
 /*
  * Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@@ -471,7 +471,7 @@ show(struct imsg *imsg, struct parse_result *res)
 	struct ctl_show_rib	 rib;
 	struct rde_memstats	 stats;
 	struct ibuf		 ibuf;
-	u_int			 rescode, ilen;
+	u_int			 rescode;
 
 	switch (imsg->hdr.type) {
 	case IMSG_CTL_SHOW_NEIGHBOR:
@@ -542,14 +542,11 @@ show(struct imsg *imsg, struct parse_result *res)
 		output->communities(&ibuf, res);
 		break;
 	case IMSG_CTL_SHOW_RIB_ATTR:
-		ilen = imsg->hdr.len - IMSG_HEADER_SIZE;
-		if (ilen < 3) {
-			warnx("bad IMSG_CTL_SHOW_RIB_ATTR received");
-			break;
-		}
 		if (output->attr == NULL)
 			break;
-		output->attr(imsg->data, ilen, res->flags, 0);
+		if (imsg_get_ibuf(imsg, &ibuf) == -1)
+			err(1, "imsg_get_ibuf");
+		output->attr(&ibuf, res->flags, 0);
 		break;
 	case IMSG_CTL_SHOW_RIB_MEM:
 		if (output->rib_mem == NULL)
@@ -1295,9 +1292,11 @@ show_mrt_dump(struct mrt_rib *mr, struct mrt_peer *mp, void *arg)
 		ibuf_from_buffer(&ibuf, mre->aspath, mre->aspath_len);
 		output->rib(&ctl, &ibuf, &res);
 		if (req->flags & F_CTL_DETAIL) {
-			for (j = 0; j < mre->nattrs; j++)
+			for (j = 0; j < mre->nattrs; j++) {
-				output->attr(mre->attrs[j].attr,
+				ibuf_from_buffer(&ibuf, mre->attrs[j].attr,
-				    mre->attrs[j].attr_len, req->flags, 0);
+				    mre->attrs[j].attr_len);
+				output->attr(&ibuf, req->flags, 0);
+			}
 		}
 	}
 }
@@ -1752,8 +1751,7 @@ show_mrt_update(u_char *p, uint16_t len, int reqflags, int addpath)
 		if (ibuf_skip(&abuf, ibuf_size(&attrbuf)) == -1)
 			goto trunc;
 
-		output->attr(ibuf_data(&attrbuf), ibuf_size(&attrbuf),
+		output->attr(&attrbuf, reqflags, addpath);
-		    reqflags, addpath);
 	}
 
 	if (ibuf_size(b) > 0) {

usr.sbin/bgpctl/bgpctl.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpctl.h,v 1.23 2024/01/30 13:51:13 claudio Exp $ */
+/*	$OpenBSD: bgpctl.h,v 1.24 2024/01/31 11:23:20 claudio Exp $ */
 
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
@@ -27,7 +27,7 @@ struct output {
 	void	(*flowspec)(struct flowspec *);
 	void	(*nexthop)(struct ctl_show_nexthop *);
 	void	(*interface)(struct ctl_show_interface *);
-	void	(*attr)(u_char *, size_t, int, int);
+	void	(*attr)(struct ibuf *, int, int);
 	void	(*communities)(struct ibuf *, struct parse_result *);
 	void	(*rib)(struct ctl_show_rib *, struct ibuf *,
 		    struct parse_result *);

usr.sbin/bgpctl/output.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: output.c,v 1.49 2024/01/30 13:51:13 claudio Exp $ */
+/*	$OpenBSD: output.c,v 1.50 2024/01/31 11:23:20 claudio Exp $ */
 
 /*
  * Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@@ -698,128 +698,103 @@ show_communities(struct ibuf *data, struct parse_result *res)
 }
 
 static void
-show_community(u_char *data, uint16_t len)
+show_community(struct ibuf *buf)
 {
 	uint16_t	a, v;
-	uint16_t	i;
 
-	if (len & 0x3) {
+	while (ibuf_size(buf) > 0) {
-		printf("bad length");
+		if (ibuf_get_n16(buf, &a) == -1 ||
-		return;
+		    ibuf_get_n16(buf, &v) == -1) {
-	}
+			printf("bad length");
-
+			return;
-	for (i = 0; i < len; i += 4) {
+		}
-		memcpy(&a, data + i, sizeof(a));
-		memcpy(&v, data + i + 2, sizeof(v));
-		a = ntohs(a);
-		v = ntohs(v);
 		printf("%s", fmt_community(a, v));
 
-		if (i + 4 < len)
+		if (ibuf_size(buf) > 0)
 			printf(" ");
 	}
 }
 
 static void
-show_large_community(u_char *data, uint16_t len)
+show_large_community(struct ibuf *buf)
 {
 	uint32_t	a, l1, l2;
-	uint16_t	i;
 
-	if (len % 12) {
+	while (ibuf_size(buf) > 0) {
-		printf("bad length");
+		if (ibuf_get_n32(buf, &a) == -1 ||
-		return;
+		    ibuf_get_n32(buf, &l1) == -1 ||
-	}
+		    ibuf_get_n32(buf, &l2) == -1) {
-
+			printf("bad length");
-	for (i = 0; i < len; i += 12) {
+			return;
-		memcpy(&a, data + i, sizeof(a));
+		}
-		memcpy(&l1, data + i + 4, sizeof(l1));
-		memcpy(&l2, data + i + 8, sizeof(l2));
-		a = ntohl(a);
-		l1 = ntohl(l1);
-		l2 = ntohl(l2);
 		printf("%s", fmt_large_community(a, l1, l2));
 
-		if (i + 12 < len)
+		if (ibuf_size(buf) > 0)
 			printf(" ");
 	}
 }
 
 static void
-show_ext_community(u_char *data, uint16_t len)
+show_ext_community(struct ibuf *buf)
 {
 	uint64_t	ext;
-	uint16_t	i;
 
-	if (len & 0x7) {
+	while (ibuf_size(buf) > 0) {
-		printf("bad length");
+		if (ibuf_get_n64(buf, &ext) == -1) {
-		return;
+			printf("bad length");
-	}
+			return;
-
+		}
-	for (i = 0; i < len; i += 8) {
-		memcpy(&ext, data + i, sizeof(ext));
-		ext = be64toh(ext);
 		printf("%s", fmt_ext_community(ext));
 
-		if (i + 8 < len)
+		if (ibuf_size(buf) > 0)
 			printf(" ");
 	}
 }
 
 static void
-show_attr(u_char *data, size_t len, int reqflags, int addpath)
+show_attr(struct ibuf *buf, int reqflags, int addpath)
 {
 	struct in_addr	 id;
 	struct bgpd_addr prefix;
-	struct ibuf	 ibuf, *buf = &ibuf, asbuf, *path = NULL;
+	struct ibuf	 asbuf, *path = NULL;
 	char		*aspath;
-	uint32_t	 as, pathid;
+	size_t		 i, alen;
-	uint16_t	 alen, ioff, short_as, afi;
+	uint32_t	 as, pathid, val;
-	uint8_t		 flags, type, safi, aid, prefixlen;
+	uint16_t	 short_as, afi;
-	int		 i, e2, e4;
+	uint8_t		 flags, type, safi, aid, prefixlen, origin, b;
+	int		 e2, e4;
 
-	if (len < 3) {
+	if (ibuf_get_n8(buf, &flags) == -1 ||
-		warnx("Too short BGP attribute");
+	    ibuf_get_n8(buf, &type) == -1)
-		return;
+		goto bad_len;
-	}
-
-	flags = data[0];
-	type = data[1];
 
 	/* get the attribute length */
 	if (flags & ATTR_EXTLEN) {
-		if (len < 4) {
+		uint16_t attr_len;
-			warnx("Too short BGP attribute");
+		if (ibuf_get_n16(buf, &attr_len) == -1)
-			return;
+			goto bad_len;
-		}
+		alen = attr_len;
-		memcpy(&alen, data+2, sizeof(uint16_t));
-		alen = ntohs(alen);
-		data += 4;
-		len -= 4;
 	} else {
-		alen = data[2];
+		uint8_t attr_len;
-		data += 3;
+		if (ibuf_get_n8(buf, &attr_len) == -1)
-		len -= 3;
+			goto bad_len;
+		alen = attr_len;
 	}
 
 	/* bad imsg len how can that happen!? */
-	if (alen > len) {
+	if (alen > ibuf_size(buf))
-		warnx("Bad BGP attribute length");
+		goto bad_len;
-		return;
-	}
 
 	printf("    %s: ", fmt_attr(type, flags));
 
 	switch (type) {
 	case ATTR_ORIGIN:
-		if (alen == 1)
+		if (alen != 1 || ibuf_get_n8(buf, &origin) == -1)
-			printf("%s", fmt_origin(*data, 0));
+			goto bad_len;
-		else
+		printf("%s", fmt_origin(origin, 0));
-			printf("bad length");
 		break;
 	case ATTR_ASPATH:
 	case ATTR_AS4_PATH:
-		ibuf_from_buffer(buf, data, alen);
 		/* prefer 4-byte AS here */
 		e4 = aspath_verify(buf, 1, 0);
 		e2 = aspath_verify(buf, 0, 0);
@@ -842,68 +817,48 @@ show_attr(u_char *data, size_t len, int reqflags, int addpath)
 		ibuf_free(path);
 		break;
 	case ATTR_NEXTHOP:
-		if (alen == 4) {
+	case ATTR_ORIGINATOR_ID:
-			memcpy(&id, data, sizeof(id));
+		if (alen != 4 || ibuf_get(buf, &id, sizeof(id)) == -1)
-			printf("%s", inet_ntoa(id));
+			goto bad_len;
-		} else
+		printf("%s", inet_ntoa(id));
-			printf("bad length");
 		break;
 	case ATTR_MED:
 	case ATTR_LOCALPREF:
-		if (alen == 4) {
+		if (alen != 4 || ibuf_get_n32(buf, &val) == -1)
-			uint32_t val;
+			goto bad_len;
-			memcpy(&val, data, sizeof(val));
+		printf("%u", val);
-			val = ntohl(val);
-			printf("%u", val);
-		} else
-			printf("bad length");
 		break;
 	case ATTR_AGGREGATOR:
 	case ATTR_AS4_AGGREGATOR:
 		if (alen == 8) {
-			memcpy(&as, data, sizeof(as));
+			if (ibuf_get_n32(buf, &as) == -1 ||
-			memcpy(&id, data + sizeof(as), sizeof(id));
+			    ibuf_get(buf, &id, sizeof(id)) == -1)
-			as = ntohl(as);
+				goto bad_len;
 		} else if (alen == 6) {
-			memcpy(&short_as, data, sizeof(short_as));
+			if (ibuf_get_n16(buf, &short_as) == -1 ||
-			memcpy(&id, data + sizeof(short_as), sizeof(id));
+			    ibuf_get(buf, &id, sizeof(id)) == -1)
-			as = ntohs(short_as);
+				goto bad_len;
+			as = short_as;
 		} else {
-			printf("bad length");
+			goto bad_len;
-			break;
 		}
 		printf("%s [%s]", log_as(as), inet_ntoa(id));
 		break;
 	case ATTR_COMMUNITIES:
-		show_community(data, alen);
+		show_community(buf);
-		break;
-	case ATTR_ORIGINATOR_ID:
-		if (alen == 4) {
-			memcpy(&id, data, sizeof(id));
-			printf("%s", inet_ntoa(id));
-		} else
-			printf("bad length");
 		break;
 	case ATTR_CLUSTER_LIST:
-		for (ioff = 0; ioff + sizeof(id) <= alen;
+		while (ibuf_size(buf) > 0) {
-		    ioff += sizeof(id)) {
+			if (ibuf_get(buf, &id, sizeof(id)) == -1)
-			memcpy(&id, data + ioff, sizeof(id));
+				goto bad_len;
 			printf(" %s", inet_ntoa(id));
 		}
 		break;
 	case ATTR_MP_REACH_NLRI:
 	case ATTR_MP_UNREACH_NLRI:
-		if (alen < 3) {
+		if (ibuf_get_n16(buf, &afi) == -1 ||
- bad_len:
+		    ibuf_get_n8(buf, &safi) == -1)
-			printf("bad length");
+			goto bad_len;
-			break;
-		}
-		memcpy(&afi, data, 2);
-		data += 2;
-		alen -= 2;
-		afi = ntohs(afi);
-		safi = *data++;
-		alen--;
 
 		if (afi2aid(afi, safi, &aid) == -1) {
 			printf("bad AFI/SAFI pair");
@@ -914,11 +869,7 @@ show_attr(u_char *data, size_t len, int reqflags, int addpath)
 		if (type == ATTR_MP_REACH_NLRI) {
 			struct bgpd_addr nexthop;
 			uint8_t nhlen;
-			if (len == 0)
+			if (ibuf_get_n8(buf, &nhlen) == -1)
-				goto bad_len;
-			nhlen = *data++;
-			alen--;
-			if (nhlen > len)
 				goto bad_len;
 			memset(&nexthop, 0, sizeof(nexthop));
 			switch (aid) {
@@ -926,35 +877,39 @@ show_attr(u_char *data, size_t len, int reqflags, int addpath)
 				nexthop.aid = aid;
 				if (nhlen != 16 && nhlen != 32)
 					goto bad_len;
-				memcpy(&nexthop.v6.s6_addr, data, 16);
+				if (ibuf_get(buf, &nexthop.v6,
+				    sizeof(nexthop.v6)) == -1)
+					goto bad_len;
 				break;
 			case AID_VPN_IPv4:
 				if (nhlen != 12)
 					goto bad_len;
 				nexthop.aid = AID_INET;
-				memcpy(&nexthop.v4, data + sizeof(uint64_t),
+				if (ibuf_skip(buf, sizeof(uint64_t)) == -1 ||
-				    sizeof(nexthop.v4));
+				    ibuf_get(buf, &nexthop.v4,
+				    sizeof(nexthop.v4)) == -1)
+					goto bad_len;
 				break;
 			case AID_VPN_IPv6:
 				if (nhlen != 24)
 					goto bad_len;
 				nexthop.aid = AID_INET6;
-				memcpy(&nexthop.v6, data + sizeof(uint64_t),
+				if (ibuf_skip(buf, sizeof(uint64_t)) == -1 ||
-				    sizeof(nexthop.v6));
+				    ibuf_get(buf, &nexthop.v6,
+				    sizeof(nexthop.v6)) == -1)
+					goto bad_len;
 				break;
 			default:
 				printf("unhandled AID #%u", aid);
 				goto done;
 			}
 			/* ignore reserved (old SNPA) field as per RFC4760 */
-			data += nhlen + 1;
+			if (ibuf_skip(buf, 1) == -1)
-			alen -= nhlen + 1;
+				goto bad_len;
 
 			printf(" nexthop: %s", log_addr(&nexthop));
 		}
 
-		ibuf_from_buffer(buf, data, alen);
-
 		while (ibuf_size(buf) > 0) {
 			if (addpath)
 				if (ibuf_get_n32(buf, &pathid) == -1)
@@ -985,32 +940,36 @@ show_attr(u_char *data, size_t len, int reqflags, int addpath)
 		}
 		break;
 	case ATTR_EXT_COMMUNITIES:
-		show_ext_community(data, alen);
+		show_ext_community(buf);
 		break;
 	case ATTR_LARGE_COMMUNITIES:
-		show_large_community(data, alen);
+		show_large_community(buf);
 		break;
 	case ATTR_OTC:
-		if (alen == 4) {
+		if (alen != 4 || ibuf_get_n32(buf, &as) == -1)
-			memcpy(&as, data, sizeof(as));
+			goto bad_len;
-			as = ntohl(as);
+		printf("%s", log_as(as));
-			printf("%s", log_as(as));
-		} else {
-			printf("bad length");
-		}
 		break;
 	case ATTR_ATOMIC_AGGREGATE:
 	default:
-		printf(" len %u", alen);
+		printf(" len %zu", alen);
 		if (alen) {
 			printf(":");
-			for (i=0; i < alen; i++)
+			for (i = 0; i < alen; i++) {
-				printf(" %02x", *(data+i));
+				if (ibuf_get_n8(buf, &b) == -1)
+					goto bad_len;
+				printf(" %02x", b);
+			}
 		}
 		break;
 	}
+
  done:
 	printf("%c", EOL0(reqflags));
+	return;
+
+ bad_len:
+	printf("bad length%c", EOL0(reqflags));
 }
 
 static void

usr.sbin/bgpctl/output_json.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: output_json.c,v 1.41 2024/01/30 13:51:13 claudio Exp $ */
+/*	$OpenBSD: output_json.c,v 1.42 2024/01/31 11:23:20 claudio Exp $ */
 
 /*
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@@ -512,22 +512,18 @@ json_communities(struct ibuf *data, struct parse_result *res)
 }
 
 static void
-json_do_community(u_char *data, uint16_t len)
+json_do_community(struct ibuf *buf)
 {
-	uint16_t a, v, i;
+	uint16_t a, v;
-
-	if (len & 0x3) {
-		json_do_string("error", "bad length");
-		return;
-	}
 
 	json_do_array("communities");
 
-	for (i = 0; i < len; i += 4) {
+	while (ibuf_size(buf) > 0) {
-		memcpy(&a, data + i, sizeof(a));
+		if (ibuf_get_n16(buf, &a) == -1 ||
-		memcpy(&v, data + i + 2, sizeof(v));
+		    ibuf_get_n16(buf, &v) == -1) {
-		a = ntohs(a);
+			json_do_string("error", "bad length");
-		v = ntohs(v);
+			return;
+		}
 		json_do_string("community", fmt_community(a, v));
 	}
 
@@ -535,49 +531,36 @@ json_do_community(u_char *data, uint16_t len)
 }
 
 static void
-json_do_large_community(u_char *data, uint16_t len)
+json_do_large_community(struct ibuf *buf)
 {
 	uint32_t a, l1, l2;
-	uint16_t i;
-
-	if (len % 12) {
-		json_do_string("error", "bad length");
-		return;
-	}
 
 	json_do_array("large_communities");
 
-	for (i = 0; i < len; i += 12) {
+	while (ibuf_size(buf) > 0) {
-		memcpy(&a, data + i, sizeof(a));
+		if (ibuf_get_n32(buf, &a) == -1 ||
-		memcpy(&l1, data + i + 4, sizeof(l1));
+		    ibuf_get_n32(buf, &l1) == -1 ||
-		memcpy(&l2, data + i + 8, sizeof(l2));
+		    ibuf_get_n32(buf, &l2) == -1) {
-		a = ntohl(a);
+			json_do_string("error", "bad length");
-		l1 = ntohl(l1);
+			return;
-		l2 = ntohl(l2);
+		}
-
+		json_do_string("community", fmt_large_community(a, l1, l2));
-		json_do_string("community",
-		    fmt_large_community(a, l1, l2));
 	}
 
 	json_do_end();
 }
 
 static void
-json_do_ext_community(u_char *data, uint16_t len)
+json_do_ext_community(struct ibuf *buf)
 {
 	uint64_t ext;
-	uint16_t i;
-
-	if (len & 0x7) {
-		json_do_string("error", "bad length");
-		return;
-	}
-
 	json_do_array("extended_communities");
 
-	for (i = 0; i < len; i += 8) {
+	while (ibuf_size(buf) > 0) {
-		memcpy(&ext, data + i, sizeof(ext));
+		if (ibuf_get_n64(buf, &ext) == -1) {
-		ext = be64toh(ext);
+			json_do_string("error", "bad length");
+			return;
+		}
 		json_do_string("community", fmt_ext_community(ext));
 	}
 
@@ -585,66 +568,57 @@ json_do_ext_community(u_char *data, uint16_t len)
 }
 
 static void
-json_attr(u_char *data, size_t len, int reqflags, int addpath)
+json_attr(struct ibuf *buf, int reqflags, int addpath)
 {
 	struct bgpd_addr prefix;
 	struct in_addr id;
-	struct ibuf ibuf, *buf = &ibuf, asbuf, *path = NULL;
+	struct ibuf asbuf, *path = NULL;
 	char *aspath;
-	uint32_t as, pathid;
+	uint32_t as, pathid, val;
-	uint16_t alen, afi, off, short_as;
+	uint16_t alen, afi, short_as;
-	uint8_t flags, type, safi, aid, prefixlen;
+	uint8_t flags, type, safi, aid, prefixlen, origin;
 	int e4, e2;
 
-	if (len < 3) {
-		warnx("Too short BGP attribute");
-		return;
-	}
-
-	flags = data[0];
-	type = data[1];
-	if (flags & ATTR_EXTLEN) {
-		if (len < 4) {
-			warnx("Too short BGP attribute");
-			return;
-		}
-		memcpy(&alen, data+2, sizeof(uint16_t));
-		alen = ntohs(alen);
-		data += 4;
-		len -= 4;
-	} else {
-		alen = data[2];
-		data += 3;
-		len -= 3;
-	}
-
-	/* bad imsg len how can that happen!? */
-	if (alen > len) {
-		warnx("Bad BGP attribute length");
-		return;
-	}
-
 	json_do_array("attributes");
-
 	json_do_object("attribute", 0);
+
+	if (ibuf_get_n8(buf, &flags) == -1 ||
+	    ibuf_get_n8(buf, &type) == -1)
+		goto bad_len;
+
 	json_do_string("type", fmt_attr(type, -1));
-	json_do_uint("length", alen);
 	json_do_object("flags", 1);
 	json_do_bool("partial", flags & ATTR_PARTIAL);
 	json_do_bool("transitive", flags & ATTR_TRANSITIVE);
 	json_do_bool("optional", flags & ATTR_OPTIONAL);
 	json_do_end();
 
+	if (flags & ATTR_EXTLEN) {
+		uint16_t attr_len;
+		if (ibuf_get_n16(buf, &attr_len) == -1)
+			goto bad_len;
+		alen = attr_len;
+	} else {
+		uint8_t attr_len;
+		if (ibuf_get_n8(buf, &attr_len) == -1)
+			goto bad_len;
+		alen = attr_len;
+	}
+
+	json_do_uint("length", alen);
+
+	/* bad imsg len how can that happen!? */
+	if (alen > ibuf_size(buf))
+		goto bad_len;
+
 	switch (type) {
 	case ATTR_ORIGIN:
-		if (alen == 1)
+		if (alen != 1 || ibuf_get_n8(buf, &origin) == -1)
-			json_do_string("origin", fmt_origin(*data, 0));
+			goto bad_len;
-		else
+		json_do_string("origin", fmt_origin(origin, 0));
-			json_do_string("error", "bad length");
 		break;
 	case ATTR_ASPATH:
 	case ATTR_AS4_PATH:
-		ibuf_from_buffer(buf, data, alen);
 		/* prefer 4-byte AS here */
 		e4 = aspath_verify(buf, 1, 0);
 		e2 = aspath_verify(buf, 0, 0);
@@ -668,70 +642,55 @@ json_attr(u_char *data, size_t len, int reqflags, int addpath)
 		ibuf_free(path);
 		break;
 	case ATTR_NEXTHOP:
-		if (alen == 4) {
+		if (alen != 4 || ibuf_get(buf, &id, sizeof(id)) == -1)
-			memcpy(&id, data, sizeof(id));
+			goto bad_len;
-			json_do_string("nexthop", inet_ntoa(id));
+		json_do_string("nexthop", inet_ntoa(id));
-		} else
-			json_do_string("error", "bad length");
 		break;
 	case ATTR_MED:
 	case ATTR_LOCALPREF:
-		if (alen == 4) {
+		if (alen != 4 || ibuf_get_n32(buf, &val) == -1)
-			uint32_t val;
+			goto bad_len;
-			memcpy(&val, data, sizeof(val));
+		json_do_uint("metric", val);
-			json_do_uint("metric", ntohl(val));
-		} else
-			json_do_string("error", "bad length");
 		break;
 	case ATTR_AGGREGATOR:
 	case ATTR_AS4_AGGREGATOR:
 		if (alen == 8) {
-			memcpy(&as, data, sizeof(as));
+			if (ibuf_get_n32(buf, &as) == -1 ||
-			memcpy(&id, data + sizeof(as), sizeof(id));
+			    ibuf_get(buf, &id, sizeof(id)) == -1)
-			as = ntohl(as);
+				goto bad_len;
 		} else if (alen == 6) {
-			memcpy(&short_as, data, sizeof(short_as));
+			if (ibuf_get_n16(buf, &short_as) == -1 ||
-			memcpy(&id, data + sizeof(short_as), sizeof(id));
+			    ibuf_get(buf, &id, sizeof(id)) == -1)
-			as = ntohs(short_as);
+				goto bad_len;
+			as = short_as;
 		} else {
-			json_do_string("error", "bad AS-Path");
+			goto bad_len;
-			break;
 		}
 		json_do_uint("AS", as);
 		json_do_string("router_id", inet_ntoa(id));
 		break;
 	case ATTR_COMMUNITIES:
-		json_do_community(data, alen);
+		json_do_community(buf);
 		break;
 	case ATTR_ORIGINATOR_ID:
-		if (alen == 4) {
+		if (alen != 4 || ibuf_get(buf, &id, sizeof(id)) == -1)
-			memcpy(&id, data, sizeof(id));
+			goto bad_len;
-			json_do_string("originator", inet_ntoa(id));
+		json_do_string("originator", inet_ntoa(id));
-		} else
-			json_do_string("error", "bad length");
 		break;
 	case ATTR_CLUSTER_LIST:
 		json_do_array("cluster_list");
-		for (off = 0; off + sizeof(id) <= alen;
+		while (ibuf_size(buf) > 0) {
-		    off += sizeof(id)) {
+			if (ibuf_get(buf, &id, sizeof(id)) == -1)
-			memcpy(&id, data + off, sizeof(id));
+				goto bad_len;
 			json_do_string("cluster_id", inet_ntoa(id));
 		}
 		json_do_end();
 		break;
 	case ATTR_MP_REACH_NLRI:
 	case ATTR_MP_UNREACH_NLRI:
-		if (alen < 3) {
+		if (ibuf_get_n16(buf, &afi) == -1 ||
-bad_len:
+		    ibuf_get_n8(buf, &safi) == -1)
-			json_do_string("error", "bad length");
+			goto bad_len;
-			break;
-		}
-		memcpy(&afi, data, 2);
-		data += 2;
-		alen -= 2;
-		afi = ntohs(afi);
-		safi = *data++;
-		alen--;
 
 		if (afi2aid(afi, safi, &aid) == -1) {
 			json_do_printf("error", "bad AFI/SAFI pair: %d/%d",
@@ -743,11 +702,7 @@ bad_len:
 		if (type == ATTR_MP_REACH_NLRI) {
 			struct bgpd_addr nexthop;
 			uint8_t nhlen;
-			if (len == 0)
+			if (ibuf_get_n8(buf, &nhlen) == -1)
-				goto bad_len;
-			nhlen = *data++;
-			alen--;
-			if (nhlen > len)
 				goto bad_len;
 			memset(&nexthop, 0, sizeof(nexthop));
 			switch (aid) {
@@ -755,21 +710,27 @@ bad_len:
 				nexthop.aid = aid;
 				if (nhlen != 16 && nhlen != 32)
 					goto bad_len;
-				memcpy(&nexthop.v6.s6_addr, data, 16);
+				if (ibuf_get(buf, &nexthop.v6,
+				    sizeof(nexthop.v6)) == -1)
+					goto bad_len;
 				break;
 			case AID_VPN_IPv4:
 				if (nhlen != 12)
 					goto bad_len;
 				nexthop.aid = AID_INET;
-				memcpy(&nexthop.v4, data + sizeof(uint64_t),
+				if (ibuf_skip(buf, sizeof(uint64_t)) == -1 ||
-				    sizeof(nexthop.v4));
+				    ibuf_get(buf, &nexthop.v4,
+				    sizeof(nexthop.v4)) == -1)
+					goto bad_len;
 				break;
 			case AID_VPN_IPv6:
 				if (nhlen != 24)
 					goto bad_len;
 				nexthop.aid = AID_INET6;
-				memcpy(&nexthop.v6, data + sizeof(uint64_t),
+				if (ibuf_skip(buf, sizeof(uint64_t)) == -1 ||
-				    sizeof(nexthop.v6));
+				    ibuf_get(buf, &nexthop.v6,
+				    sizeof(nexthop.v6)) == -1)
+					goto bad_len;
 				break;
 			default:
 				json_do_printf("error", "unhandled AID: %d",
@@ -777,14 +738,12 @@ bad_len:
 				return;
 			}
 			/* ignore reserved (old SNPA) field as per RFC4760 */
-			data += nhlen + 1;
+			if (ibuf_skip(buf, 1) == -1)
-			alen -= nhlen + 1;
+				goto bad_len;
 
 			json_do_string("nexthop", log_addr(&nexthop));
 		}
 
-		ibuf_from_buffer(buf, data, alen);
-
 		json_do_array("NLRI");
 		while (ibuf_size(buf) > 0) {
 			json_do_object("prefix", 1);
@@ -821,25 +780,26 @@ bad_len:
 		json_do_end();
 		break;
 	case ATTR_EXT_COMMUNITIES:
-		json_do_ext_community(data, alen);
+		json_do_ext_community(buf);
 		break;
 	case ATTR_LARGE_COMMUNITIES:
-		json_do_large_community(data, alen);
+		json_do_large_community(buf);
 		break;
 	case ATTR_OTC:
-		if (alen == 4) {
+		if (alen != 4 || ibuf_get_n32(buf, &as) == -1)
-			memcpy(&as, data, sizeof(as));
+			goto bad_len;
-			as = ntohl(as);
+		json_do_uint("as", as);
-			json_do_uint("as", as);
-		} else
-			json_do_string("error", "bad length");
 		break;
 	case ATTR_ATOMIC_AGGREGATE:
 	default:
 		if (alen)
-			json_do_hexdump("data", data, alen);
+			json_do_hexdump("data", ibuf_data(buf), ibuf_size(buf));
 		break;
 	}
+	return;
+
+ bad_len:
+	json_do_string("error", "bad length");
 }
 
 static void

usr.sbin/rpki-client/extern.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.199 2024/01/18 14:34:26 job Exp $ */
+/*	$OpenBSD: extern.h,v 1.201 2024/01/31 06:57:21 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -629,7 +629,8 @@ void		 mft_free(struct mft *);
 struct mft	*mft_parse(X509 **, const char *, int, const unsigned char *,
 		    size_t);
 struct mft	*mft_read(struct ibuf *);
-int		 mft_compare(const struct mft *, const struct mft *);
+int		 mft_compare_issued(const struct mft *, const struct mft *);
+int		 mft_compare_seqnum(const struct mft *, const struct mft *);
 
 void		 roa_buffer(struct ibuf *, const struct roa *);
 void		 roa_free(struct roa *);

usr.sbin/rpki-client/mft.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: mft.c,v 1.100 2023/12/11 15:50:23 job Exp $ */
+/*	$OpenBSD: mft.c,v 1.102 2024/01/31 06:57:21 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -545,20 +545,26 @@ mft_read(struct ibuf *b)
 }
 
 /*
- * Compare the manifestNumber of two MFT files.
+ * Compare the thisupdate time of two mft files.
- * Returns 1 if first MFT should be used, 0 if both are equal, and -1 if the
- * second MFT should be used.
  */
 int
-mft_compare(const struct mft *a, const struct mft *b)
+mft_compare_issued(const struct mft *a, const struct mft *b)
+{
+	if (a->thisupdate > b->thisupdate)
+		return 1;
+	if (a->thisupdate < b->thisupdate)
+		return -1;
+	return 0;
+}
+
+/*
+ * Compare the manifestNumber of two mft files.
+ */
+int
+mft_compare_seqnum(const struct mft *a, const struct mft *b)
 {
 	int r;
 
-	if (b == NULL)
-		return 1;
-	if (a == NULL)
-		return -1;
-
 	r = strlen(a->seqnum) - strlen(b->seqnum);
 	if (r > 0)	/* seqnum in a is longer -> higher */
 		return 1;

usr.sbin/rpki-client/parser.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.108 2024/01/18 14:34:26 job Exp $ */
+/*	$OpenBSD: parser.c,v 1.113 2024/01/31 06:57:21 tb Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -258,22 +258,28 @@ parse_load_crl_from_mft(struct entity *entp, struct mft *mft, enum location loc,
  */
 static struct mft *
 proc_parser_mft_pre(struct entity *entp, enum location loc, char **file,
-    struct crl **crl, char **crlfile, const char **errstr)
+    struct crl **crl, char **crlfile, struct mft *cached_mft,
+    const char **errstr)
 {
 	struct mft	*mft;
 	X509		*x509;
 	struct auth	*a;
 	unsigned char	*der;
 	size_t		 len;
+	int		 issued_cmp, seqnum_cmp;
 
 	*crl = NULL;
 	*crlfile = NULL;
 	*errstr = NULL;
 
+	/* XXX - pull this into proc_parser_mft. */
 	*file = parse_filepath(entp->repoid, entp->path, entp->file, loc);
 	if (*file == NULL)
 		return NULL;
 
+	if (noop && loc == DIR_TEMP)
+		return NULL;
+
 	der = load_file(*file, &len);
 	if (der == NULL && errno != ENOENT)
 		warn("parse file %s", *file);
@@ -293,21 +299,63 @@ proc_parser_mft_pre(struct entity *entp, enum location loc, char **file,
 		*crl = parse_load_crl_from_mft(entp, mft, DIR_VALID, crlfile);
 
 	a = valid_ski_aki(*file, &auths, mft->ski, mft->aki, NULL);
-	if (!valid_x509(*file, ctx, x509, a, *crl, errstr)) {
+	if (!valid_x509(*file, ctx, x509, a, *crl, errstr))
-		X509_free(x509);
+		goto err;
-		mft_free(mft);
-		crl_free(*crl);
-		*crl = NULL;
-		free(*crlfile);
-		*crlfile = NULL;
-		return NULL;
-	}
 	X509_free(x509);
+	x509 = NULL;
 
 	mft->repoid = entp->repoid;
 	mft->talid = a->cert->talid;
 
+	if (cached_mft == NULL)
+		return mft;
+
+	/*
+	 * Check that the cached manifest is older in the sense that it was
+	 * issued earlier and that it has a smaller sequence number.
+	 */
+
+	if ((issued_cmp = mft_compare_issued(mft, cached_mft)) < 0) {
+		warnx("%s: unexpected manifest issuance time (want >= %lld, "
+		    "got %lld)", *file, (long long)cached_mft->thisupdate,
+		    (long long)mft->thisupdate);
+		goto err;
+	}
+	if ((seqnum_cmp = mft_compare_seqnum(mft, cached_mft)) < 0) {
+		warnx("%s: unexpected manifest number (want >= #%s, got #%s)",
+		    *file, cached_mft->seqnum, mft->seqnum);
+		goto err;
+	}
+	if (issued_cmp > 0 && seqnum_cmp == 0) {
+		warnx("%s#%s: reissued manifest at %lld and %lld with same "
+		    "sequence number", *file, cached_mft->seqnum,
+		    (long long)mft->thisupdate,
+		    (long long)cached_mft->thisupdate);
+		goto err;
+	}
+	if (issued_cmp == 0 && seqnum_cmp > 0) {
+		warnx("%s#%s: reissued manifest same issuance time %lld as #%s",
+		    *file, mft->seqnum, (long long)mft->thisupdate,
+		    cached_mft->seqnum);
+		goto err;
+	}
+	if (issued_cmp == 0 && seqnum_cmp == 0 && memcmp(mft->mfthash,
+	    cached_mft->mfthash, SHA256_DIGEST_LENGTH) != 0) {
+		warnx("%s: manifest misissuance, #%s was recycled",
+		    *file, mft->seqnum);
+		goto err;
+	}
+
 	return mft;
+
+ err:
+	X509_free(x509);
+	mft_free(mft);
+	crl_free(*crl);
+	*crl = NULL;
+	free(*crlfile);
+	*crlfile = NULL;
+	return NULL;
 }
 
 /*
@@ -367,32 +415,22 @@ proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile,
 	struct crl	*crl, *crl1, *crl2;
 	char		*file, *file1, *file2, *crl1file, *crl2file;
 	const char	*err1, *err2;
-	int		 r, warned = 0;
+	int		 warned = 0;
 
 	*mp = NULL;
 	*crlmtime = 0;
 
-	mft1 = proc_parser_mft_pre(entp, DIR_TEMP, &file1, &crl1, &crl1file,
-	    &err1);
 	mft2 = proc_parser_mft_pre(entp, DIR_VALID, &file2, &crl2, &crl2file,
-	    &err2);
+	    NULL, &err2);
+	mft1 = proc_parser_mft_pre(entp, DIR_TEMP, &file1, &crl1, &crl1file,
+	    mft2, &err1);
 
 	/* overload error from temp file if it is set */
 	if (mft1 == NULL && mft2 == NULL)
-		if (err2 != NULL)
+		if (err1 != NULL)
-			err1 = err2;
+			err2 = err1;
 
-	r = mft_compare(mft1, mft2);
+	if (!noop && mft1 != NULL) {
-	if (r == -1 && mft1 != NULL && mft2 != NULL)
-		warnx("%s: unexpected manifest number (want >= #%s, got #%s)",
-		    file1, mft2->seqnum, mft1->seqnum);
-
-	if (r == 0 && memcmp(mft1->mfthash, mft2->mfthash,
-	    SHA256_DIGEST_LENGTH) != 0)
-		warnx("%s: manifest misissuance, #%s was recycled",
-		    file1, mft1->seqnum);
-
-	if (!noop && r == 1) {
 		*mp = proc_parser_mft_post(file1, mft1, entp->path, err1,
 		    &warned);
 		if (*mp == NULL) {

usr.sbin/rpki-client/rpki-client.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rpki-client.8,v 1.99 2024/01/16 19:52:39 job Exp $
+.\"	$OpenBSD: rpki-client.8,v 1.100 2024/01/31 17:19:02 job Exp $
 .\"
 .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 16 2024 $
+.Dd $Mdocdate: January 31 2024 $
 .Dt RPKI-CLIENT 8
 .Os
 .Sh NAME
@@ -445,6 +445,12 @@ agreement regarding ARIN service restrictions.
 .%U https://datatracker.ietf.org/doc/html/draft-snijders-constraining-rpki-trust-anchors
 .%D September, 2023
 .Re
+.Pp
+.Rs
+.%T Detecting RRDP Session Desynchronization
+.%U https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rrdp-desynchronization-00
+.%D Jan, 2024
+.Re
 .Sh HISTORY
 .Nm
 first appeared in

usr.sbin/rpki-client/x509.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509.c,v 1.75 2023/11/16 11:10:59 tb Exp $ */
+/*	$OpenBSD: x509.c,v 1.76 2024/01/31 15:01:13 job Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -956,7 +956,7 @@ x509_valid_subject(const char *fn, const X509 *x)
 			return 0;
 		default:
 			warnx("%s: RFC 6487 section 4.5: unexpected attribute "
-			    "%s", fn, OBJ_nid2sn(nid));
+			    "%d (%s)", fn, nid, OBJ_nid2ln(nid));
 			return 0;
 		}
 	}