From 83b491b0d5a03235616ad47461e8986e888bf360 Mon Sep 17 00:00:00 2001 From: purplerain Date: Thu, 18 Apr 2024 01:54:22 +0000 Subject: [PATCH] sync with OpenBSD -current --- bin/pax/extern.h | 3 +- bin/pax/options.c | 6 +- bin/pax/pax.1 | 7 +- bin/pax/tar.c | 25 +- distrib/arm64/ramdisk/install.md | 6 +- distrib/sets/lists/comp/mi | 1 + etc/rpki/apnic.constraints | 884 ++++++++++++++++++++++++- etc/rpki/arin.constraints | 884 ++++++++++++++++++++++++- etc/rpki/lacnic.constraints | 679 ++++++++++++++++++- etc/rpki/ripe.constraints | 884 ++++++++++++++++++++++++- lib/libcrypto/bn/bn_convert.c | 122 ++-- lib/libcrypto/crypto_internal.h | 69 +- lib/libcrypto/ec/ec_ameth.c | 115 ++-- lib/libcrypto/ec/ec_asn1.c | 44 +- lib/libcrypto/evp/pmeth_gn.c | 14 +- lib/libcrypto/o_fips.c | 5 +- regress/lib/libcrypto/bn/bn_convert.c | 20 +- regress/lib/libssl/symbols/symbols.awk | 6 +- regress/usr.bin/snmp/Makefile | 6 +- share/man/man5/python-module.5 | 12 +- sys/arch/amd64/include/cpu.h | 5 +- sys/arch/arm64/include/cpu.h | 5 +- sys/arch/i386/include/cpu.h | 5 +- sys/kern/kern_resource.c | 5 +- sys/netinet/in_pcb.c | 10 +- sys/netinet/in_pcb.h | 8 +- sys/netinet/ip_ipsp.h | 11 +- sys/netinet/ip_output.c | 29 +- sys/netinet/ip_spd.c | 36 +- sys/netinet/ip_var.h | 5 +- sys/netinet/raw_ip.c | 4 +- sys/netinet/tcp_input.c | 11 +- sys/netinet/tcp_output.c | 6 +- sys/netinet/tcp_subr.c | 6 +- sys/netinet/udp_usrreq.c | 6 +- sys/netinet6/in6.c | 17 +- sys/netinet6/ip6_output.c | 22 +- sys/netinet6/ip6_var.h | 8 +- sys/netinet6/raw_ip6.c | 4 +- sys/netinet6/udp6_output.c | 4 +- sys/uvm/uvm_amap.c | 8 +- sys/uvm/uvm_page.c | 20 +- sys/uvm/uvm_pdaemon.c | 4 +- sys/uvm/uvm_percpu.h | 48 ++ sys/uvm/uvm_pmemrange.c | 155 ++++- sys/uvm/uvm_pmemrange.h | 6 +- sys/uvm/uvmexp.h | 8 +- usr.bin/ftp/fetch.c | 9 +- usr.bin/netstat/inet.c | 10 +- usr.bin/systat/uvm.c | 13 +- usr.bin/vmstat/vmstat.c | 7 +- usr.sbin/rpki-client/http.c | 3 +- usr.sbin/rpki-client/parser.c | 12 +- 53 files changed, 3929 insertions(+), 373 deletions(-) create mode 100644 sys/uvm/uvm_percpu.h diff --git a/bin/pax/extern.h b/bin/pax/extern.h index 6e7031ab1..c9358dd0b 100644 --- a/bin/pax/extern.h +++ b/bin/pax/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.63 2024/04/16 18:52:43 jca Exp $ */ +/* $OpenBSD: extern.h,v 1.64 2024/04/17 18:12:12 jca Exp $ */ /* $NetBSD: extern.h,v 1.5 1996/03/26 23:54:16 mrg Exp $ */ /*- @@ -285,6 +285,7 @@ int ustar_id(char *, int); int ustar_rd(ARCHD *, char *); int ustar_wr(ARCHD *); int pax_id(char *, int); +int pax_opt(void); int pax_wr(ARCHD *); /* diff --git a/bin/pax/options.c b/bin/pax/options.c index 54c6b3050..2e9960168 100644 --- a/bin/pax/options.c +++ b/bin/pax/options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: options.c,v 1.112 2024/04/16 23:09:35 jca Exp $ */ +/* $OpenBSD: options.c,v 1.114 2024/04/17 18:12:12 jca Exp $ */ /* $NetBSD: options.c,v 1.6 1996/03/26 23:54:18 mrg Exp $ */ /*- @@ -230,7 +230,7 @@ FSUB fsub[] = { /* 10: POSIX PAX */ {"pax", 5120, BLKMULT, 0, 1, BLKMULT, 0, pax_id, no_op, ustar_rd, tar_endrd, no_op, pax_wr, tar_endwr, tar_trail, - tar_opt}, + pax_opt}, #endif }; #define F_OCPIO 0 /* format when called as cpio -6 */ @@ -241,7 +241,7 @@ FSUB fsub[] = { # define F_TAR 5 /* default write format when called as tar: ustar */ # define DEFLT 5 /* default write format when called as pax: ustar */ #else -# define F_TAR 10 /* default write format when called as tar: ustar */ +# define F_TAR 10 /* default write format when called as tar: pax */ # define DEFLT 10 /* default write format when called as pax: pax */ #endif diff --git a/bin/pax/pax.1 b/bin/pax/pax.1 index 19a23fe43..777780b04 100644 --- a/bin/pax/pax.1 +++ b/bin/pax/pax.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pax.1,v 1.78 2024/04/15 17:33:10 jca Exp $ +.\" $OpenBSD: pax.1,v 1.79 2024/04/17 15:48:44 jca Exp $ .\" $NetBSD: pax.1,v 1.3 1995/03/21 09:07:37 cgd Exp $ .\" .\" Copyright (c) 1992 Keith Muller. @@ -34,7 +34,7 @@ .\" .\" @(#)pax.1 8.4 (Berkeley) 4/18/94 .\" -.Dd $Mdocdate: April 15 2024 $ +.Dd $Mdocdate: April 17 2024 $ .Dt PAX 1 .Os .Sh NAME @@ -762,7 +762,8 @@ the file in the destination hierarchy is replaced by the file in the source hierarchy or by a link to the file in the source hierarchy if the file in the source hierarchy is newer. .It Fl v -During a list operation, produce a verbose table of contents using the format of the +During a list operation, produce a verbose table of contents using the +format of the .Xr ls 1 utility with the .Fl l diff --git a/bin/pax/tar.c b/bin/pax/tar.c index 01f4491ac..ef22a9fd2 100644 --- a/bin/pax/tar.c +++ b/bin/pax/tar.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tar.c,v 1.84 2024/04/16 22:58:10 jca Exp $ */ +/* $OpenBSD: tar.c,v 1.85 2024/04/17 18:12:12 jca Exp $ */ /* $NetBSD: tar.c,v 1.5 1995/03/21 09:07:49 cgd Exp $ */ /*- @@ -1447,6 +1447,29 @@ pax_wr(ARCHD *arcn) } #endif +/* + * pax_opt() + * handle pax format specific -o options + * Return: + * 0 if ok -1 otherwise + */ +#ifndef SMALL +int +pax_opt(void) +{ + OPLIST *opt; + + while ((opt = opt_next()) != NULL) { + if (1) { + paxwarn(1, "Unknown pax format -o option/value pair %s=%s", + opt->name, opt->value); + return(-1); + } + } + return 0; +} +#endif + /* * name_split() * see if the name has to be split for storage in a ustar header. We try diff --git a/distrib/arm64/ramdisk/install.md b/distrib/arm64/ramdisk/install.md index 756c32299..5bca2c3d5 100644 --- a/distrib/arm64/ramdisk/install.md +++ b/distrib/arm64/ramdisk/install.md @@ -1,4 +1,4 @@ -# $OpenBSD: install.md,v 1.48 2023/10/11 17:53:52 kn Exp $ +# $OpenBSD: install.md,v 1.49 2024/04/17 04:36:39 kn Exp $ # # # Copyright (c) 1996 The NetBSD Foundation, Inc. @@ -46,9 +46,9 @@ md_installboot() { raspberrypi,*) _plat=rpi;; esac - if ! installboot -r /mnt ${1}; then + if ! installboot -r /mnt $_disk; then echo "\nFailed to install bootblocks." - echo "You will not be able to boot SecBSD from ${1}." + echo "You will not be able to boot SecBSD from $_disk." exit fi diff --git a/distrib/sets/lists/comp/mi b/distrib/sets/lists/comp/mi index 70901e3cc..c965d9795 100644 --- a/distrib/sets/lists/comp/mi +++ b/distrib/sets/lists/comp/mi @@ -1485,6 +1485,7 @@ ./usr/include/uvm/uvm_page.h ./usr/include/uvm/uvm_pager.h ./usr/include/uvm/uvm_param.h +./usr/include/uvm/uvm_percpu.h ./usr/include/uvm/uvm_pmap.h ./usr/include/uvm/uvm_pmemrange.h ./usr/include/uvm/uvm_swap.h diff --git a/etc/rpki/apnic.constraints b/etc/rpki/apnic.constraints index 449555a46..b1706c102 100644 --- a/etc/rpki/apnic.constraints +++ b/etc/rpki/apnic.constraints @@ -1,4 +1,4 @@ -# $OpenBSD: apnic.constraints,v 1.5 2024/01/30 03:40:01 job Exp $ +# $OpenBSD: apnic.constraints,v 1.6 2024/04/17 14:31:59 job Exp $ # From https://www.iana.org/assignments/ipv6-unicast-address-assignments allow 2001:200::/23 @@ -21,6 +21,684 @@ deny 61440 - 61951 deny 64099 - 64197 deny 262144 - 273820 +# LACNIC ASNs cannot be transferred to APNIC +# From nro-delegated-stats 20240417 +deny 278 +deny 676 +deny 1251 +deny 1292 +deny 1296 +deny 1797 +deny 1831 +deny 1840 +deny 1916 +deny 2146 +deny 2277 +deny 2549 +deny 2638 +deny 2708 +deny 2715 - 2716 +deny 2739 +deny 2904 +deny 3132 +deny 3141 +deny 3449 +deny 3454 +deny 3484 +deny 3487 +deny 3496 +deny 3548 +deny 3551 +deny 3556 +deny 3596 - 3597 +deny 3603 +deny 3631 - 3632 +deny 3636 +deny 3640 +deny 3790 +deny 3816 +deny 3905 +deny 3968 +deny 4141 +deny 4209 +deny 4230 +deny 4242 +deny 4244 +deny 4270 +deny 4387 +deny 4493 +deny 4535 +deny 4914 +deny 4926 +deny 4944 +deny 4964 +deny 4967 +deny 4995 +deny 5005 +deny 5633 +deny 5639 +deny 5648 +deny 5692 +deny 5708 +deny 5722 +deny 5745 +deny 5772 +deny 6057 +deny 6063 - 6065 +deny 6084 +deny 6121 +deny 6125 +deny 6133 +deny 6135 +deny 6147 - 6148 +deny 6193 +deny 6240 +deny 6306 +deny 6332 +deny 6342 +deny 6400 +deny 6429 +deny 6458 +deny 6471 +deny 6487 +deny 6495 +deny 6503 +deny 6505 +deny 6535 +deny 6543 +deny 6545 +deny 6568 +deny 6590 +deny 6927 +deny 6945 +deny 6957 +deny 7002 +deny 7004 - 7005 +deny 7038 +deny 7048 - 7049 +deny 7056 +deny 7063 +deny 7080 +deny 7087 +deny 7103 +deny 7120 +deny 7125 +deny 7137 +deny 7149 +deny 7157 +deny 7162 +deny 7167 +deny 7173 +deny 7184 +deny 7195 +deny 7199 +deny 7236 +deny 7298 +deny 7303 +deny 7313 +deny 7315 +deny 7325 +deny 7340 +deny 7365 +deny 7399 +deny 7408 +deny 7414 +deny 7417 - 7418 +deny 7428 +deny 7437 - 7438 +deny 7465 +deny 7727 +deny 7738 +deny 7803 +deny 7864 +deny 7890 +deny 7906 +deny 7908 +deny 7910 +deny 7927 +deny 7934 +deny 7953 +deny 7965 +deny 7974 +deny 7980 +deny 7984 +deny 7993 - 7995 +deny 7997 +deny 8007 +deny 8024 +deny 8026 +deny 8048 +deny 8053 - 8056 +deny 8065 - 8066 +deny 8096 +deny 8140 - 8141 +deny 8151 +deny 8163 +deny 8167 +deny 8178 +deny 10269 +deny 10277 +deny 10285 +deny 10293 +deny 10299 +deny 10301 +deny 10318 +deny 10362 +deny 10391 +deny 10412 +deny 10417 +deny 10420 +deny 10429 +deny 10436 +deny 10452 +deny 10454 +deny 10463 +deny 10476 +deny 10479 +deny 10481 +deny 10495 +deny 10502 +deny 10531 +deny 10560 +deny 10569 +deny 10586 +deny 10600 +deny 10605 - 10606 +deny 10617 +deny 10620 +deny 10624 +deny 10630 +deny 10640 +deny 10649 +deny 10670 - 10671 +deny 10688 +deny 10691 +deny 10697 +deny 10704 +deny 10706 +deny 10715 +deny 10733 +deny 10757 +deny 10778 +deny 10785 +deny 10795 +deny 10824 +deny 10834 +deny 10841 +deny 10847 +deny 10875 +deny 10881 +deny 10895 +deny 10897 +deny 10906 +deny 10938 +deny 10954 +deny 10964 +deny 10983 +deny 10986 +deny 10992 +deny 11008 +deny 11014 +deny 11053 +deny 11058 +deny 11063 +deny 11081 +deny 11083 +deny 11087 +deny 11097 +deny 11136 +deny 11172 +deny 11193 +deny 11237 +deny 11242 +deny 11254 +deny 11256 +deny 11271 +deny 11284 +deny 11295 +deny 11311 +deny 11315 +deny 11335 +deny 11338 +deny 11340 +deny 11356 +deny 11373 +deny 11390 +deny 11392 +deny 11411 +deny 11415 +deny 11419 +deny 11431 - 11432 +deny 11447 +deny 11450 - 11451 +deny 11497 - 11498 +deny 11503 +deny 11514 +deny 11519 +deny 11556 +deny 11562 +deny 11571 +deny 11581 +deny 11585 +deny 11592 +deny 11599 +deny 11617 +deny 11642 +deny 11644 +deny 11664 +deny 11673 +deny 11677 +deny 11694 +deny 11706 +deny 11750 - 11752 +deny 11786 +deny 11800 - 11802 +deny 11815 - 11816 +deny 11830 +deny 11835 +deny 11844 +deny 11888 +deny 11896 +deny 11921 +deny 11947 +deny 11960 +deny 11993 +deny 12034 +deny 12066 +deny 12127 +deny 12135 - 12136 +deny 12140 +deny 12146 +deny 12150 +deny 12248 +deny 12252 +deny 12264 +deny 13316 +deny 13318 +deny 13320 +deny 13353 +deny 13357 +deny 13381 +deny 13424 +deny 13440 +deny 13459 +deny 13474 +deny 13489 +deny 13495 +deny 13514 +deny 13521 - 13522 +deny 13544 +deny 13579 +deny 13584 - 13585 +deny 13591 +deny 13643 +deny 13679 +deny 13682 +deny 13761 +deny 13774 +deny 13835 +deny 13874 +deny 13878 +deny 13914 +deny 13929 +deny 13934 - 13936 +deny 13991 +deny 13999 - 14000 +deny 14026 +deny 14030 +deny 14069 +deny 14080 +deny 14084 +deny 14087 +deny 14111 +deny 14117 +deny 14122 +deny 14178 - 14179 +deny 14186 - 14187 +deny 14202 +deny 14204 +deny 14231 - 14232 +deny 14234 +deny 14249 - 14250 +deny 14259 +deny 14282 +deny 14285 - 14286 +deny 14316 +deny 14318 +deny 14339 +deny 14346 +deny 14377 +deny 14420 +deny 14457 +deny 14463 +deny 14522 +deny 14535 +deny 14553 +deny 14560 +deny 14571 +deny 14624 +deny 14650 +deny 14664 +deny 14674 +deny 14692 +deny 14708 - 14709 +deny 14723 +deny 14754 +deny 14759 +deny 14769 +deny 14795 +deny 14840 +deny 14845 +deny 14867 - 14868 +deny 14886 +deny 14966 +deny 14970 +deny 15030 +deny 15034 +deny 15064 +deny 15066 +deny 15075 +deny 15078 +deny 15107 +deny 15125 +deny 15151 +deny 15180 +deny 15201 +deny 15208 +deny 15236 +deny 15241 +deny 15246 +deny 15252 +deny 15256 +deny 15274 +deny 15311 +deny 16397 +deny 16418 +deny 16471 +deny 16506 +deny 16522 +deny 16528 +deny 16531 +deny 16592 +deny 16594 +deny 16596 +deny 16606 - 16607 +deny 16629 +deny 16663 +deny 16685 +deny 16689 +deny 16701 +deny 16712 +deny 16732 +deny 16735 - 16736 +deny 16742 +deny 16762 +deny 16772 +deny 16780 +deny 16814 +deny 16847 +deny 16849 +deny 16864 +deny 16874 +deny 16885 +deny 16891 +deny 16906 +deny 16911 +deny 16960 +deny 16973 +deny 16975 +deny 16990 +deny 17069 +deny 17072 +deny 17079 +deny 17086 +deny 17108 +deny 17126 +deny 17147 +deny 17182 +deny 17205 +deny 17208 +deny 17222 +deny 17249 - 17250 +deny 17255 +deny 17257 +deny 17287 +deny 17329 +deny 17376 +deny 17379 +deny 17399 +deny 17401 +deny 18449 +deny 18455 +deny 18466 +deny 18479 +deny 18492 +deny 18496 +deny 18532 +deny 18547 +deny 18576 +deny 18579 +deny 18592 +deny 18644 +deny 18667 +deny 18678 +deny 18734 +deny 18739 +deny 18782 +deny 18809 +deny 18822 +deny 18836 +deny 18840 +deny 18846 +deny 18869 +deny 18881 +deny 18941 +deny 18998 +deny 19033 +deny 19037 - 19038 +deny 19064 +deny 19077 +deny 19089 - 19090 +deny 19109 +deny 19114 +deny 19132 +deny 19169 +deny 19180 +deny 19182 +deny 19192 +deny 19196 +deny 19200 +deny 19228 +deny 19244 +deny 19259 +deny 19278 +deny 19315 +deny 19332 +deny 19338 +deny 19361 +deny 19373 +deny 19411 +deny 19422 +deny 19429 +deny 19447 +deny 19519 +deny 19553 +deny 19582 - 19583 +deny 19611 +deny 19632 +deny 19688 +deny 19723 +deny 19731 +deny 19763 +deny 19767 +deny 19863 +deny 19873 +deny 19889 +deny 19960 +deny 19978 +deny 19989 - 19990 +deny 20002 +deny 20015 +deny 20032 +deny 20043 - 20044 +deny 20106 +deny 20116 - 20117 +deny 20121 +deny 20142 +deny 20173 +deny 20191 +deny 20207 +deny 20232 +deny 20244 +deny 20255 - 20256 +deny 20266 +deny 20297 +deny 20299 +deny 20305 +deny 20312 +deny 20321 +deny 20345 +deny 20361 +deny 20363 +deny 20418 +deny 21506 +deny 21520 +deny 21571 +deny 21574 - 21575 +deny 21578 +deny 21590 +deny 21599 +deny 21603 +deny 21612 +deny 21614 +deny 21674 +deny 21692 +deny 21741 +deny 21753 +deny 21756 +deny 21765 +deny 21768 +deny 21824 +deny 21826 +deny 21838 +deny 21862 +deny 21883 +deny 21888 +deny 21911 +deny 21917 +deny 21980 +deny 22010 - 22011 +deny 22019 +deny 22047 +deny 22055 +deny 22080 +deny 22085 +deny 22092 +deny 22122 +deny 22128 - 22129 +deny 22133 +deny 22148 +deny 22177 +deny 22185 +deny 22227 +deny 22250 +deny 22305 +deny 22313 +deny 22341 +deny 22356 +deny 22368 +deny 22371 +deny 22381 - 22382 +deny 22407 +deny 22411 +deny 22431 +deny 22453 +deny 22501 +deny 22508 +deny 22515 +deny 22529 +deny 22541 +deny 22548 +deny 22566 +deny 22628 +deny 22661 +deny 22678 +deny 22689 +deny 22698 - 22699 +deny 22706 +deny 22724 +deny 22726 +deny 22745 +deny 22798 +deny 22818 - 22819 +deny 22833 +deny 22860 +deny 22869 +deny 22876 +deny 22882 +deny 22884 +deny 22889 +deny 22894 +deny 22908 +deny 22924 +deny 22927 +deny 22975 +deny 23002 +deny 23007 +deny 23020 +deny 23031 +deny 23074 +deny 23091 +deny 23105 - 23106 +deny 23113 +deny 23128 +deny 23140 +deny 23201 - 23202 +deny 23216 +deny 23243 +deny 23246 +deny 23289 +deny 23353 +deny 23360 +deny 23382 - 23383 +deny 23416 +deny 23487 - 23488 +deny 23495 +deny 23541 +deny 25607 +deny 25620 +deny 25701 +deny 25705 +deny 25718 +deny 25734 +deny 25812 +deny 25832 +deny 25908 +deny 25927 +deny 25933 +deny 25998 +deny 26048 +deny 26061 +deny 26090 +deny 26104 - 26105 +deny 26107 +deny 26112 +deny 26118 - 26119 +deny 26136 +deny 26162 +deny 26173 +deny 26194 +deny 26210 +deny 26218 +deny 26317 +deny 26418 +deny 26426 +deny 26434 +deny 26473 +deny 26505 +deny 26592 - 26596 +deny 26598 - 26623 + # AFRINIC IPv4 resources cannot be transferred to APNIC # From https://www.iana.org/assignments/ipv4-address-space/ deny 41.0.0.0/8 @@ -73,6 +751,210 @@ deny 36864 - 37887 deny 327680 - 328703 deny 328704 - 329727 +# AFRINIC ASNs cannot be transferred to APNIC +# From nro-delegated-stats 20240417 +deny 1228 - 1232 +deny 2018 +deny 2561 +deny 2905 +deny 3067 - 3068 +deny 3208 +deny 3741 +deny 4178 +deny 4571 +deny 5536 +deny 5713 +deny 5734 +deny 6083 +deny 6089 +deny 6127 +deny 6149 +deny 6180 +deny 6187 +deny 6351 +deny 6529 +deny 6560 +deny 6713 +deny 6879 +deny 6968 +deny 7020 +deny 7154 +deny 7231 +deny 7390 +deny 7420 +deny 7460 +deny 7971 - 7972 +deny 8094 +deny 8524 +deny 8770 +deny 9129 +deny 10247 +deny 10262 +deny 10331 +deny 10393 +deny 10474 +deny 10505 +deny 10540 +deny 10575 +deny 10798 +deny 10803 +deny 10898 +deny 11125 +deny 11157 +deny 11201 +deny 11259 +deny 11265 +deny 11380 +deny 11569 +deny 11645 +deny 11744 +deny 11845 +deny 11909 +deny 12091 +deny 12143 +deny 12258 +deny 12455 +deny 12556 +deny 13224 +deny 13402 +deny 13519 +deny 13569 +deny 13854 +deny 14029 +deny 14115 +deny 14331 +deny 14429 +deny 14516 +deny 14988 +deny 15022 +deny 15159 +deny 15399 +deny 15475 +deny 15706 +deny 15804 +deny 15825 +deny 15834 +deny 15964 +deny 16058 +deny 16214 +deny 16284 +deny 16416 +deny 16547 +deny 16630 +deny 16637 +deny 16800 +deny 16853 +deny 16907 +deny 17148 +deny 17220 +deny 17260 +deny 17312 +deny 17400 +deny 17652 +deny 18775 +deny 18922 +deny 18931 +deny 19136 +deny 19232 +deny 19676 +deny 19711 +deny 19832 +deny 19847 +deny 20011 +deny 20086 +deny 20095 +deny 20180 +deny 20294 +deny 20459 +deny 20484 +deny 20858 +deny 20928 +deny 21003 +deny 21152 +deny 21242 +deny 21271 +deny 21278 +deny 21280 +deny 21391 +deny 21452 +deny 21739 +deny 21819 +deny 22354 - 22355 +deny 22386 +deny 22572 +deny 22690 +deny 22735 +deny 22750 +deny 22939 +deny 23058 +deny 23549 +deny 23889 +deny 24736 +deny 24757 +deny 24788 +deny 24801 +deny 24835 +deny 24863 +deny 24878 +deny 24987 +deny 25163 +deny 25250 +deny 25362 +deny 25364 +deny 25543 +deny 25568 +deny 25576 +deny 25695 +deny 25726 +deny 25793 +deny 25818 +deny 26106 +deny 26130 +deny 26422 +deny 26625 +deny 26754 +deny 27576 +deny 27598 +deny 28683 +deny 28698 +deny 28913 +deny 29091 +deny 29338 +deny 29340 +deny 29428 +deny 29495 +deny 29544 +deny 29571 +deny 29614 +deny 29674 +deny 29918 +deny 29975 +deny 30073 +deny 30306 +deny 30429 +deny 30619 +deny 30896 +deny 30980 +deny 30982 - 30999 +deny 31065 +deny 31245 +deny 31619 +deny 31810 +deny 31856 +deny 31960 +deny 32017 +deny 32279 +deny 32398 +deny 32437 +deny 32653 +deny 32714 +deny 32717 +deny 32842 +deny 32860 +deny 33567 +deny 33579 +deny 33762 - 33791 + # Private use IPv4 & IPv6 addresses and ASNs deny 0.0.0.0/8 # RFC 1122 Local Identification deny 10.0.0.0/8 # RFC 1918 private space diff --git a/etc/rpki/arin.constraints b/etc/rpki/arin.constraints index 711512061..fb7e10cf3 100644 --- a/etc/rpki/arin.constraints +++ b/etc/rpki/arin.constraints @@ -1,4 +1,4 @@ -# $OpenBSD: arin.constraints,v 1.4 2024/01/30 03:40:01 job Exp $ +# $OpenBSD: arin.constraints,v 1.5 2024/04/17 14:31:59 job Exp $ # From https://www.iana.org/assignments/ipv6-unicast-address-assignments allow 2001:400::/23 @@ -17,6 +17,684 @@ deny 61440 - 61951 deny 64099 - 64197 deny 262144 - 273820 +# LACNIC ASNs cannot be transferred to ARIN +# From nro-delegated-stats 20240417 +deny 278 +deny 676 +deny 1251 +deny 1292 +deny 1296 +deny 1797 +deny 1831 +deny 1840 +deny 1916 +deny 2146 +deny 2277 +deny 2549 +deny 2638 +deny 2708 +deny 2715 - 2716 +deny 2739 +deny 2904 +deny 3132 +deny 3141 +deny 3449 +deny 3454 +deny 3484 +deny 3487 +deny 3496 +deny 3548 +deny 3551 +deny 3556 +deny 3596 - 3597 +deny 3603 +deny 3631 - 3632 +deny 3636 +deny 3640 +deny 3790 +deny 3816 +deny 3905 +deny 3968 +deny 4141 +deny 4209 +deny 4230 +deny 4242 +deny 4244 +deny 4270 +deny 4387 +deny 4493 +deny 4535 +deny 4914 +deny 4926 +deny 4944 +deny 4964 +deny 4967 +deny 4995 +deny 5005 +deny 5633 +deny 5639 +deny 5648 +deny 5692 +deny 5708 +deny 5722 +deny 5745 +deny 5772 +deny 6057 +deny 6063 - 6065 +deny 6084 +deny 6121 +deny 6125 +deny 6133 +deny 6135 +deny 6147 - 6148 +deny 6193 +deny 6240 +deny 6306 +deny 6332 +deny 6342 +deny 6400 +deny 6429 +deny 6458 +deny 6471 +deny 6487 +deny 6495 +deny 6503 +deny 6505 +deny 6535 +deny 6543 +deny 6545 +deny 6568 +deny 6590 +deny 6927 +deny 6945 +deny 6957 +deny 7002 +deny 7004 - 7005 +deny 7038 +deny 7048 - 7049 +deny 7056 +deny 7063 +deny 7080 +deny 7087 +deny 7103 +deny 7120 +deny 7125 +deny 7137 +deny 7149 +deny 7157 +deny 7162 +deny 7167 +deny 7173 +deny 7184 +deny 7195 +deny 7199 +deny 7236 +deny 7298 +deny 7303 +deny 7313 +deny 7315 +deny 7325 +deny 7340 +deny 7365 +deny 7399 +deny 7408 +deny 7414 +deny 7417 - 7418 +deny 7428 +deny 7437 - 7438 +deny 7465 +deny 7727 +deny 7738 +deny 7803 +deny 7864 +deny 7890 +deny 7906 +deny 7908 +deny 7910 +deny 7927 +deny 7934 +deny 7953 +deny 7965 +deny 7974 +deny 7980 +deny 7984 +deny 7993 - 7995 +deny 7997 +deny 8007 +deny 8024 +deny 8026 +deny 8048 +deny 8053 - 8056 +deny 8065 - 8066 +deny 8096 +deny 8140 - 8141 +deny 8151 +deny 8163 +deny 8167 +deny 8178 +deny 10269 +deny 10277 +deny 10285 +deny 10293 +deny 10299 +deny 10301 +deny 10318 +deny 10362 +deny 10391 +deny 10412 +deny 10417 +deny 10420 +deny 10429 +deny 10436 +deny 10452 +deny 10454 +deny 10463 +deny 10476 +deny 10479 +deny 10481 +deny 10495 +deny 10502 +deny 10531 +deny 10560 +deny 10569 +deny 10586 +deny 10600 +deny 10605 - 10606 +deny 10617 +deny 10620 +deny 10624 +deny 10630 +deny 10640 +deny 10649 +deny 10670 - 10671 +deny 10688 +deny 10691 +deny 10697 +deny 10704 +deny 10706 +deny 10715 +deny 10733 +deny 10757 +deny 10778 +deny 10785 +deny 10795 +deny 10824 +deny 10834 +deny 10841 +deny 10847 +deny 10875 +deny 10881 +deny 10895 +deny 10897 +deny 10906 +deny 10938 +deny 10954 +deny 10964 +deny 10983 +deny 10986 +deny 10992 +deny 11008 +deny 11014 +deny 11053 +deny 11058 +deny 11063 +deny 11081 +deny 11083 +deny 11087 +deny 11097 +deny 11136 +deny 11172 +deny 11193 +deny 11237 +deny 11242 +deny 11254 +deny 11256 +deny 11271 +deny 11284 +deny 11295 +deny 11311 +deny 11315 +deny 11335 +deny 11338 +deny 11340 +deny 11356 +deny 11373 +deny 11390 +deny 11392 +deny 11411 +deny 11415 +deny 11419 +deny 11431 - 11432 +deny 11447 +deny 11450 - 11451 +deny 11497 - 11498 +deny 11503 +deny 11514 +deny 11519 +deny 11556 +deny 11562 +deny 11571 +deny 11581 +deny 11585 +deny 11592 +deny 11599 +deny 11617 +deny 11642 +deny 11644 +deny 11664 +deny 11673 +deny 11677 +deny 11694 +deny 11706 +deny 11750 - 11752 +deny 11786 +deny 11800 - 11802 +deny 11815 - 11816 +deny 11830 +deny 11835 +deny 11844 +deny 11888 +deny 11896 +deny 11921 +deny 11947 +deny 11960 +deny 11993 +deny 12034 +deny 12066 +deny 12127 +deny 12135 - 12136 +deny 12140 +deny 12146 +deny 12150 +deny 12248 +deny 12252 +deny 12264 +deny 13316 +deny 13318 +deny 13320 +deny 13353 +deny 13357 +deny 13381 +deny 13424 +deny 13440 +deny 13459 +deny 13474 +deny 13489 +deny 13495 +deny 13514 +deny 13521 - 13522 +deny 13544 +deny 13579 +deny 13584 - 13585 +deny 13591 +deny 13643 +deny 13679 +deny 13682 +deny 13761 +deny 13774 +deny 13835 +deny 13874 +deny 13878 +deny 13914 +deny 13929 +deny 13934 - 13936 +deny 13991 +deny 13999 - 14000 +deny 14026 +deny 14030 +deny 14069 +deny 14080 +deny 14084 +deny 14087 +deny 14111 +deny 14117 +deny 14122 +deny 14178 - 14179 +deny 14186 - 14187 +deny 14202 +deny 14204 +deny 14231 - 14232 +deny 14234 +deny 14249 - 14250 +deny 14259 +deny 14282 +deny 14285 - 14286 +deny 14316 +deny 14318 +deny 14339 +deny 14346 +deny 14377 +deny 14420 +deny 14457 +deny 14463 +deny 14522 +deny 14535 +deny 14553 +deny 14560 +deny 14571 +deny 14624 +deny 14650 +deny 14664 +deny 14674 +deny 14692 +deny 14708 - 14709 +deny 14723 +deny 14754 +deny 14759 +deny 14769 +deny 14795 +deny 14840 +deny 14845 +deny 14867 - 14868 +deny 14886 +deny 14966 +deny 14970 +deny 15030 +deny 15034 +deny 15064 +deny 15066 +deny 15075 +deny 15078 +deny 15107 +deny 15125 +deny 15151 +deny 15180 +deny 15201 +deny 15208 +deny 15236 +deny 15241 +deny 15246 +deny 15252 +deny 15256 +deny 15274 +deny 15311 +deny 16397 +deny 16418 +deny 16471 +deny 16506 +deny 16522 +deny 16528 +deny 16531 +deny 16592 +deny 16594 +deny 16596 +deny 16606 - 16607 +deny 16629 +deny 16663 +deny 16685 +deny 16689 +deny 16701 +deny 16712 +deny 16732 +deny 16735 - 16736 +deny 16742 +deny 16762 +deny 16772 +deny 16780 +deny 16814 +deny 16847 +deny 16849 +deny 16864 +deny 16874 +deny 16885 +deny 16891 +deny 16906 +deny 16911 +deny 16960 +deny 16973 +deny 16975 +deny 16990 +deny 17069 +deny 17072 +deny 17079 +deny 17086 +deny 17108 +deny 17126 +deny 17147 +deny 17182 +deny 17205 +deny 17208 +deny 17222 +deny 17249 - 17250 +deny 17255 +deny 17257 +deny 17287 +deny 17329 +deny 17376 +deny 17379 +deny 17399 +deny 17401 +deny 18449 +deny 18455 +deny 18466 +deny 18479 +deny 18492 +deny 18496 +deny 18532 +deny 18547 +deny 18576 +deny 18579 +deny 18592 +deny 18644 +deny 18667 +deny 18678 +deny 18734 +deny 18739 +deny 18782 +deny 18809 +deny 18822 +deny 18836 +deny 18840 +deny 18846 +deny 18869 +deny 18881 +deny 18941 +deny 18998 +deny 19033 +deny 19037 - 19038 +deny 19064 +deny 19077 +deny 19089 - 19090 +deny 19109 +deny 19114 +deny 19132 +deny 19169 +deny 19180 +deny 19182 +deny 19192 +deny 19196 +deny 19200 +deny 19228 +deny 19244 +deny 19259 +deny 19278 +deny 19315 +deny 19332 +deny 19338 +deny 19361 +deny 19373 +deny 19411 +deny 19422 +deny 19429 +deny 19447 +deny 19519 +deny 19553 +deny 19582 - 19583 +deny 19611 +deny 19632 +deny 19688 +deny 19723 +deny 19731 +deny 19763 +deny 19767 +deny 19863 +deny 19873 +deny 19889 +deny 19960 +deny 19978 +deny 19989 - 19990 +deny 20002 +deny 20015 +deny 20032 +deny 20043 - 20044 +deny 20106 +deny 20116 - 20117 +deny 20121 +deny 20142 +deny 20173 +deny 20191 +deny 20207 +deny 20232 +deny 20244 +deny 20255 - 20256 +deny 20266 +deny 20297 +deny 20299 +deny 20305 +deny 20312 +deny 20321 +deny 20345 +deny 20361 +deny 20363 +deny 20418 +deny 21506 +deny 21520 +deny 21571 +deny 21574 - 21575 +deny 21578 +deny 21590 +deny 21599 +deny 21603 +deny 21612 +deny 21614 +deny 21674 +deny 21692 +deny 21741 +deny 21753 +deny 21756 +deny 21765 +deny 21768 +deny 21824 +deny 21826 +deny 21838 +deny 21862 +deny 21883 +deny 21888 +deny 21911 +deny 21917 +deny 21980 +deny 22010 - 22011 +deny 22019 +deny 22047 +deny 22055 +deny 22080 +deny 22085 +deny 22092 +deny 22122 +deny 22128 - 22129 +deny 22133 +deny 22148 +deny 22177 +deny 22185 +deny 22227 +deny 22250 +deny 22305 +deny 22313 +deny 22341 +deny 22356 +deny 22368 +deny 22371 +deny 22381 - 22382 +deny 22407 +deny 22411 +deny 22431 +deny 22453 +deny 22501 +deny 22508 +deny 22515 +deny 22529 +deny 22541 +deny 22548 +deny 22566 +deny 22628 +deny 22661 +deny 22678 +deny 22689 +deny 22698 - 22699 +deny 22706 +deny 22724 +deny 22726 +deny 22745 +deny 22798 +deny 22818 - 22819 +deny 22833 +deny 22860 +deny 22869 +deny 22876 +deny 22882 +deny 22884 +deny 22889 +deny 22894 +deny 22908 +deny 22924 +deny 22927 +deny 22975 +deny 23002 +deny 23007 +deny 23020 +deny 23031 +deny 23074 +deny 23091 +deny 23105 - 23106 +deny 23113 +deny 23128 +deny 23140 +deny 23201 - 23202 +deny 23216 +deny 23243 +deny 23246 +deny 23289 +deny 23353 +deny 23360 +deny 23382 - 23383 +deny 23416 +deny 23487 - 23488 +deny 23495 +deny 23541 +deny 25607 +deny 25620 +deny 25701 +deny 25705 +deny 25718 +deny 25734 +deny 25812 +deny 25832 +deny 25908 +deny 25927 +deny 25933 +deny 25998 +deny 26048 +deny 26061 +deny 26090 +deny 26104 - 26105 +deny 26107 +deny 26112 +deny 26118 - 26119 +deny 26136 +deny 26162 +deny 26173 +deny 26194 +deny 26210 +deny 26218 +deny 26317 +deny 26418 +deny 26426 +deny 26434 +deny 26473 +deny 26505 +deny 26592 - 26596 +deny 26598 - 26623 + # AFRINIC IPv4 resources cannot be transferred to ARIN # From https://www.iana.org/assignments/ipv4-address-space/ deny 41.0.0.0/8 @@ -69,6 +747,210 @@ deny 36864 - 37887 deny 327680 - 328703 deny 328704 - 329727 +# AFRINIC ASNs cannot be transferred to ARIN +# From nro-delegated-stats 20240417 +deny 1228 - 1232 +deny 2018 +deny 2561 +deny 2905 +deny 3067 - 3068 +deny 3208 +deny 3741 +deny 4178 +deny 4571 +deny 5536 +deny 5713 +deny 5734 +deny 6083 +deny 6089 +deny 6127 +deny 6149 +deny 6180 +deny 6187 +deny 6351 +deny 6529 +deny 6560 +deny 6713 +deny 6879 +deny 6968 +deny 7020 +deny 7154 +deny 7231 +deny 7390 +deny 7420 +deny 7460 +deny 7971 - 7972 +deny 8094 +deny 8524 +deny 8770 +deny 9129 +deny 10247 +deny 10262 +deny 10331 +deny 10393 +deny 10474 +deny 10505 +deny 10540 +deny 10575 +deny 10798 +deny 10803 +deny 10898 +deny 11125 +deny 11157 +deny 11201 +deny 11259 +deny 11265 +deny 11380 +deny 11569 +deny 11645 +deny 11744 +deny 11845 +deny 11909 +deny 12091 +deny 12143 +deny 12258 +deny 12455 +deny 12556 +deny 13224 +deny 13402 +deny 13519 +deny 13569 +deny 13854 +deny 14029 +deny 14115 +deny 14331 +deny 14429 +deny 14516 +deny 14988 +deny 15022 +deny 15159 +deny 15399 +deny 15475 +deny 15706 +deny 15804 +deny 15825 +deny 15834 +deny 15964 +deny 16058 +deny 16214 +deny 16284 +deny 16416 +deny 16547 +deny 16630 +deny 16637 +deny 16800 +deny 16853 +deny 16907 +deny 17148 +deny 17220 +deny 17260 +deny 17312 +deny 17400 +deny 17652 +deny 18775 +deny 18922 +deny 18931 +deny 19136 +deny 19232 +deny 19676 +deny 19711 +deny 19832 +deny 19847 +deny 20011 +deny 20086 +deny 20095 +deny 20180 +deny 20294 +deny 20459 +deny 20484 +deny 20858 +deny 20928 +deny 21003 +deny 21152 +deny 21242 +deny 21271 +deny 21278 +deny 21280 +deny 21391 +deny 21452 +deny 21739 +deny 21819 +deny 22354 - 22355 +deny 22386 +deny 22572 +deny 22690 +deny 22735 +deny 22750 +deny 22939 +deny 23058 +deny 23549 +deny 23889 +deny 24736 +deny 24757 +deny 24788 +deny 24801 +deny 24835 +deny 24863 +deny 24878 +deny 24987 +deny 25163 +deny 25250 +deny 25362 +deny 25364 +deny 25543 +deny 25568 +deny 25576 +deny 25695 +deny 25726 +deny 25793 +deny 25818 +deny 26106 +deny 26130 +deny 26422 +deny 26625 +deny 26754 +deny 27576 +deny 27598 +deny 28683 +deny 28698 +deny 28913 +deny 29091 +deny 29338 +deny 29340 +deny 29428 +deny 29495 +deny 29544 +deny 29571 +deny 29614 +deny 29674 +deny 29918 +deny 29975 +deny 30073 +deny 30306 +deny 30429 +deny 30619 +deny 30896 +deny 30980 +deny 30982 - 30999 +deny 31065 +deny 31245 +deny 31619 +deny 31810 +deny 31856 +deny 31960 +deny 32017 +deny 32279 +deny 32398 +deny 32437 +deny 32653 +deny 32714 +deny 32717 +deny 32842 +deny 32860 +deny 33567 +deny 33579 +deny 33762 - 33791 + # Private use IPv4 & IPv6 addresses and ASNs deny 0.0.0.0/8 # RFC 1122 Local Identification deny 10.0.0.0/8 # RFC 1918 private space diff --git a/etc/rpki/lacnic.constraints b/etc/rpki/lacnic.constraints index 93592a04f..b223bbc1d 100644 --- a/etc/rpki/lacnic.constraints +++ b/etc/rpki/lacnic.constraints @@ -1,4 +1,4 @@ -# $OpenBSD: lacnic.constraints,v 1.5 2024/03/23 04:18:56 job Exp $ +# $OpenBSD: lacnic.constraints,v 1.6 2024/04/17 14:31:59 job Exp $ # From https://www.iana.org/assignments/ipv6-unicast-address-assignments allow 2001:1200::/23 @@ -11,6 +11,683 @@ allow 61440 - 61951 allow 64099 - 64197 allow 262144 - 274844 +# From nro-delegated-stats 20240417 +allow 278 +allow 676 +allow 1251 +allow 1292 +allow 1296 +allow 1797 +allow 1831 +allow 1840 +allow 1916 +allow 2146 +allow 2277 +allow 2549 +allow 2638 +allow 2708 +allow 2715 - 2716 +allow 2739 +allow 2904 +allow 3132 +allow 3141 +allow 3449 +allow 3454 +allow 3484 +allow 3487 +allow 3496 +allow 3548 +allow 3551 +allow 3556 +allow 3596 - 3597 +allow 3603 +allow 3631 - 3632 +allow 3636 +allow 3640 +allow 3790 +allow 3816 +allow 3905 +allow 3968 +allow 4141 +allow 4209 +allow 4230 +allow 4242 +allow 4244 +allow 4270 +allow 4387 +allow 4493 +allow 4535 +allow 4914 +allow 4926 +allow 4944 +allow 4964 +allow 4967 +allow 4995 +allow 5005 +allow 5633 +allow 5639 +allow 5648 +allow 5692 +allow 5708 +allow 5722 +allow 5745 +allow 5772 +allow 6057 +allow 6063 - 6065 +allow 6084 +allow 6121 +allow 6125 +allow 6133 +allow 6135 +allow 6147 - 6148 +allow 6193 +allow 6240 +allow 6306 +allow 6332 +allow 6342 +allow 6400 +allow 6429 +allow 6458 +allow 6471 +allow 6487 +allow 6495 +allow 6503 +allow 6505 +allow 6535 +allow 6543 +allow 6545 +allow 6568 +allow 6590 +allow 6927 +allow 6945 +allow 6957 +allow 7002 +allow 7004 - 7005 +allow 7038 +allow 7048 - 7049 +allow 7056 +allow 7063 +allow 7080 +allow 7087 +allow 7103 +allow 7120 +allow 7125 +allow 7137 +allow 7149 +allow 7157 +allow 7162 +allow 7167 +allow 7173 +allow 7184 +allow 7195 +allow 7199 +allow 7236 +allow 7298 +allow 7303 +allow 7313 +allow 7315 +allow 7325 +allow 7340 +allow 7365 +allow 7399 +allow 7408 +allow 7414 +allow 7417 - 7418 +allow 7428 +allow 7437 - 7438 +allow 7465 +allow 7727 +allow 7738 +allow 7803 +allow 7864 +allow 7890 +allow 7906 +allow 7908 +allow 7910 +allow 7927 +allow 7934 +allow 7953 +allow 7965 +allow 7974 +allow 7980 +allow 7984 +allow 7993 - 7995 +allow 7997 +allow 8007 +allow 8024 +allow 8026 +allow 8048 +allow 8053 - 8056 +allow 8065 - 8066 +allow 8096 +allow 8140 - 8141 +allow 8151 +allow 8163 +allow 8167 +allow 8178 +allow 10269 +allow 10277 +allow 10285 +allow 10293 +allow 10299 +allow 10301 +allow 10318 +allow 10362 +allow 10391 +allow 10412 +allow 10417 +allow 10420 +allow 10429 +allow 10436 +allow 10452 +allow 10454 +allow 10463 +allow 10476 +allow 10479 +allow 10481 +allow 10495 +allow 10502 +allow 10531 +allow 10560 +allow 10569 +allow 10586 +allow 10600 +allow 10605 - 10606 +allow 10617 +allow 10620 +allow 10624 +allow 10630 +allow 10640 +allow 10649 +allow 10670 - 10671 +allow 10688 +allow 10691 +allow 10697 +allow 10704 +allow 10706 +allow 10715 +allow 10733 +allow 10757 +allow 10778 +allow 10785 +allow 10795 +allow 10824 +allow 10834 +allow 10841 +allow 10847 +allow 10875 +allow 10881 +allow 10895 +allow 10897 +allow 10906 +allow 10938 +allow 10954 +allow 10964 +allow 10983 +allow 10986 +allow 10992 +allow 11008 +allow 11014 +allow 11053 +allow 11058 +allow 11063 +allow 11081 +allow 11083 +allow 11087 +allow 11097 +allow 11136 +allow 11172 +allow 11193 +allow 11237 +allow 11242 +allow 11254 +allow 11256 +allow 11271 +allow 11284 +allow 11295 +allow 11311 +allow 11315 +allow 11335 +allow 11338 +allow 11340 +allow 11356 +allow 11373 +allow 11390 +allow 11392 +allow 11411 +allow 11415 +allow 11419 +allow 11431 - 11432 +allow 11447 +allow 11450 - 11451 +allow 11497 - 11498 +allow 11503 +allow 11514 +allow 11519 +allow 11556 +allow 11562 +allow 11571 +allow 11581 +allow 11585 +allow 11592 +allow 11599 +allow 11617 +allow 11642 +allow 11644 +allow 11664 +allow 11673 +allow 11677 +allow 11694 +allow 11706 +allow 11750 - 11752 +allow 11786 +allow 11800 - 11802 +allow 11815 - 11816 +allow 11830 +allow 11835 +allow 11844 +allow 11888 +allow 11896 +allow 11921 +allow 11947 +allow 11960 +allow 11993 +allow 12034 +allow 12066 +allow 12127 +allow 12135 - 12136 +allow 12140 +allow 12146 +allow 12150 +allow 12248 +allow 12252 +allow 12264 +allow 13316 +allow 13318 +allow 13320 +allow 13353 +allow 13357 +allow 13381 +allow 13424 +allow 13440 +allow 13459 +allow 13474 +allow 13489 +allow 13495 +allow 13514 +allow 13521 - 13522 +allow 13544 +allow 13579 +allow 13584 - 13585 +allow 13591 +allow 13643 +allow 13679 +allow 13682 +allow 13761 +allow 13774 +allow 13835 +allow 13874 +allow 13878 +allow 13914 +allow 13929 +allow 13934 - 13936 +allow 13991 +allow 13999 - 14000 +allow 14026 +allow 14030 +allow 14069 +allow 14080 +allow 14084 +allow 14087 +allow 14111 +allow 14117 +allow 14122 +allow 14178 - 14179 +allow 14186 - 14187 +allow 14202 +allow 14204 +allow 14231 - 14232 +allow 14234 +allow 14249 - 14250 +allow 14259 +allow 14282 +allow 14285 - 14286 +allow 14316 +allow 14318 +allow 14339 +allow 14346 +allow 14377 +allow 14420 +allow 14457 +allow 14463 +allow 14522 +allow 14535 +allow 14553 +allow 14560 +allow 14571 +allow 14624 +allow 14650 +allow 14664 +allow 14674 +allow 14692 +allow 14708 - 14709 +allow 14723 +allow 14754 +allow 14759 +allow 14769 +allow 14795 +allow 14840 +allow 14845 +allow 14867 - 14868 +allow 14886 +allow 14966 +allow 14970 +allow 15030 +allow 15034 +allow 15064 +allow 15066 +allow 15075 +allow 15078 +allow 15107 +allow 15125 +allow 15151 +allow 15180 +allow 15201 +allow 15208 +allow 15236 +allow 15241 +allow 15246 +allow 15252 +allow 15256 +allow 15274 +allow 15311 +allow 16397 +allow 16418 +allow 16471 +allow 16506 +allow 16522 +allow 16528 +allow 16531 +allow 16592 +allow 16594 +allow 16596 +allow 16606 - 16607 +allow 16629 +allow 16663 +allow 16685 +allow 16689 +allow 16701 +allow 16712 +allow 16732 +allow 16735 - 16736 +allow 16742 +allow 16762 +allow 16772 +allow 16780 +allow 16814 +allow 16847 +allow 16849 +allow 16864 +allow 16874 +allow 16885 +allow 16891 +allow 16906 +allow 16911 +allow 16960 +allow 16973 +allow 16975 +allow 16990 +allow 17069 +allow 17072 +allow 17079 +allow 17086 +allow 17108 +allow 17126 +allow 17147 +allow 17182 +allow 17205 +allow 17208 +allow 17222 +allow 17249 - 17250 +allow 17255 +allow 17257 +allow 17287 +allow 17329 +allow 17376 +allow 17379 +allow 17399 +allow 17401 +allow 18449 +allow 18455 +allow 18466 +allow 18479 +allow 18492 +allow 18496 +allow 18532 +allow 18547 +allow 18576 +allow 18579 +allow 18592 +allow 18644 +allow 18667 +allow 18678 +allow 18734 +allow 18739 +allow 18782 +allow 18809 +allow 18822 +allow 18836 +allow 18840 +allow 18846 +allow 18869 +allow 18881 +allow 18941 +allow 18998 +allow 19033 +allow 19037 - 19038 +allow 19064 +allow 19077 +allow 19089 - 19090 +allow 19109 +allow 19114 +allow 19132 +allow 19169 +allow 19180 +allow 19182 +allow 19192 +allow 19196 +allow 19200 +allow 19228 +allow 19244 +allow 19259 +allow 19278 +allow 19315 +allow 19332 +allow 19338 +allow 19361 +allow 19373 +allow 19411 +allow 19422 +allow 19429 +allow 19447 +allow 19519 +allow 19553 +allow 19582 - 19583 +allow 19611 +allow 19632 +allow 19688 +allow 19723 +allow 19731 +allow 19763 +allow 19767 +allow 19863 +allow 19873 +allow 19889 +allow 19960 +allow 19978 +allow 19989 - 19990 +allow 20002 +allow 20015 +allow 20032 +allow 20043 - 20044 +allow 20106 +allow 20116 - 20117 +allow 20121 +allow 20142 +allow 20173 +allow 20191 +allow 20207 +allow 20232 +allow 20244 +allow 20255 - 20256 +allow 20266 +allow 20297 +allow 20299 +allow 20305 +allow 20312 +allow 20321 +allow 20345 +allow 20361 +allow 20363 +allow 20418 +allow 21506 +allow 21520 +allow 21571 +allow 21574 - 21575 +allow 21578 +allow 21590 +allow 21599 +allow 21603 +allow 21612 +allow 21614 +allow 21674 +allow 21692 +allow 21741 +allow 21753 +allow 21756 +allow 21765 +allow 21768 +allow 21824 +allow 21826 +allow 21838 +allow 21862 +allow 21883 +allow 21888 +allow 21911 +allow 21917 +allow 21980 +allow 22010 - 22011 +allow 22019 +allow 22047 +allow 22055 +allow 22080 +allow 22085 +allow 22092 +allow 22122 +allow 22128 - 22129 +allow 22133 +allow 22148 +allow 22177 +allow 22185 +allow 22227 +allow 22250 +allow 22305 +allow 22313 +allow 22341 +allow 22356 +allow 22368 +allow 22371 +allow 22381 - 22382 +allow 22407 +allow 22411 +allow 22431 +allow 22453 +allow 22501 +allow 22508 +allow 22515 +allow 22529 +allow 22541 +allow 22548 +allow 22566 +allow 22628 +allow 22661 +allow 22678 +allow 22689 +allow 22698 - 22699 +allow 22706 +allow 22724 +allow 22726 +allow 22745 +allow 22798 +allow 22818 - 22819 +allow 22833 +allow 22860 +allow 22869 +allow 22876 +allow 22882 +allow 22884 +allow 22889 +allow 22894 +allow 22908 +allow 22924 +allow 22927 +allow 22975 +allow 23002 +allow 23007 +allow 23020 +allow 23031 +allow 23074 +allow 23091 +allow 23105 - 23106 +allow 23113 +allow 23128 +allow 23140 +allow 23201 - 23202 +allow 23216 +allow 23243 +allow 23246 +allow 23289 +allow 23353 +allow 23360 +allow 23382 - 23383 +allow 23416 +allow 23487 - 23488 +allow 23495 +allow 23541 +allow 25607 +allow 25620 +allow 25701 +allow 25705 +allow 25718 +allow 25734 +allow 25812 +allow 25832 +allow 25908 +allow 25927 +allow 25933 +allow 25998 +allow 26048 +allow 26061 +allow 26090 +allow 26104 - 26105 +allow 26107 +allow 26112 +allow 26118 - 26119 +allow 26136 +allow 26162 +allow 26173 +allow 26194 +allow 26210 +allow 26218 +allow 26317 +allow 26418 +allow 26426 +allow 26434 +allow 26473 +allow 26505 +allow 26592 - 26596 +allow 26598 - 26623 + # AFRINIC Internet Number Resources cannot be transferred # From https://www.iana.org/assignments/ipv4-address-space/ deny 41.0.0.0/8 diff --git a/etc/rpki/ripe.constraints b/etc/rpki/ripe.constraints index 6f3879337..a07d3635e 100644 --- a/etc/rpki/ripe.constraints +++ b/etc/rpki/ripe.constraints @@ -1,4 +1,4 @@ -# $OpenBSD: ripe.constraints,v 1.4 2024/01/30 03:40:01 job Exp $ +# $OpenBSD: ripe.constraints,v 1.5 2024/04/17 14:31:59 job Exp $ # From https://www.iana.org/assignments/ipv6-unicast-address-assignments allow 2001:600::/23 @@ -24,6 +24,684 @@ deny 61440 - 61951 deny 64099 - 64197 deny 262144 - 273820 +# LACNIC ASNs cannot be transferred to RIPE NCC +# From nro-delegated-stats 20240417 +deny 278 +deny 676 +deny 1251 +deny 1292 +deny 1296 +deny 1797 +deny 1831 +deny 1840 +deny 1916 +deny 2146 +deny 2277 +deny 2549 +deny 2638 +deny 2708 +deny 2715 - 2716 +deny 2739 +deny 2904 +deny 3132 +deny 3141 +deny 3449 +deny 3454 +deny 3484 +deny 3487 +deny 3496 +deny 3548 +deny 3551 +deny 3556 +deny 3596 - 3597 +deny 3603 +deny 3631 - 3632 +deny 3636 +deny 3640 +deny 3790 +deny 3816 +deny 3905 +deny 3968 +deny 4141 +deny 4209 +deny 4230 +deny 4242 +deny 4244 +deny 4270 +deny 4387 +deny 4493 +deny 4535 +deny 4914 +deny 4926 +deny 4944 +deny 4964 +deny 4967 +deny 4995 +deny 5005 +deny 5633 +deny 5639 +deny 5648 +deny 5692 +deny 5708 +deny 5722 +deny 5745 +deny 5772 +deny 6057 +deny 6063 - 6065 +deny 6084 +deny 6121 +deny 6125 +deny 6133 +deny 6135 +deny 6147 - 6148 +deny 6193 +deny 6240 +deny 6306 +deny 6332 +deny 6342 +deny 6400 +deny 6429 +deny 6458 +deny 6471 +deny 6487 +deny 6495 +deny 6503 +deny 6505 +deny 6535 +deny 6543 +deny 6545 +deny 6568 +deny 6590 +deny 6927 +deny 6945 +deny 6957 +deny 7002 +deny 7004 - 7005 +deny 7038 +deny 7048 - 7049 +deny 7056 +deny 7063 +deny 7080 +deny 7087 +deny 7103 +deny 7120 +deny 7125 +deny 7137 +deny 7149 +deny 7157 +deny 7162 +deny 7167 +deny 7173 +deny 7184 +deny 7195 +deny 7199 +deny 7236 +deny 7298 +deny 7303 +deny 7313 +deny 7315 +deny 7325 +deny 7340 +deny 7365 +deny 7399 +deny 7408 +deny 7414 +deny 7417 - 7418 +deny 7428 +deny 7437 - 7438 +deny 7465 +deny 7727 +deny 7738 +deny 7803 +deny 7864 +deny 7890 +deny 7906 +deny 7908 +deny 7910 +deny 7927 +deny 7934 +deny 7953 +deny 7965 +deny 7974 +deny 7980 +deny 7984 +deny 7993 - 7995 +deny 7997 +deny 8007 +deny 8024 +deny 8026 +deny 8048 +deny 8053 - 8056 +deny 8065 - 8066 +deny 8096 +deny 8140 - 8141 +deny 8151 +deny 8163 +deny 8167 +deny 8178 +deny 10269 +deny 10277 +deny 10285 +deny 10293 +deny 10299 +deny 10301 +deny 10318 +deny 10362 +deny 10391 +deny 10412 +deny 10417 +deny 10420 +deny 10429 +deny 10436 +deny 10452 +deny 10454 +deny 10463 +deny 10476 +deny 10479 +deny 10481 +deny 10495 +deny 10502 +deny 10531 +deny 10560 +deny 10569 +deny 10586 +deny 10600 +deny 10605 - 10606 +deny 10617 +deny 10620 +deny 10624 +deny 10630 +deny 10640 +deny 10649 +deny 10670 - 10671 +deny 10688 +deny 10691 +deny 10697 +deny 10704 +deny 10706 +deny 10715 +deny 10733 +deny 10757 +deny 10778 +deny 10785 +deny 10795 +deny 10824 +deny 10834 +deny 10841 +deny 10847 +deny 10875 +deny 10881 +deny 10895 +deny 10897 +deny 10906 +deny 10938 +deny 10954 +deny 10964 +deny 10983 +deny 10986 +deny 10992 +deny 11008 +deny 11014 +deny 11053 +deny 11058 +deny 11063 +deny 11081 +deny 11083 +deny 11087 +deny 11097 +deny 11136 +deny 11172 +deny 11193 +deny 11237 +deny 11242 +deny 11254 +deny 11256 +deny 11271 +deny 11284 +deny 11295 +deny 11311 +deny 11315 +deny 11335 +deny 11338 +deny 11340 +deny 11356 +deny 11373 +deny 11390 +deny 11392 +deny 11411 +deny 11415 +deny 11419 +deny 11431 - 11432 +deny 11447 +deny 11450 - 11451 +deny 11497 - 11498 +deny 11503 +deny 11514 +deny 11519 +deny 11556 +deny 11562 +deny 11571 +deny 11581 +deny 11585 +deny 11592 +deny 11599 +deny 11617 +deny 11642 +deny 11644 +deny 11664 +deny 11673 +deny 11677 +deny 11694 +deny 11706 +deny 11750 - 11752 +deny 11786 +deny 11800 - 11802 +deny 11815 - 11816 +deny 11830 +deny 11835 +deny 11844 +deny 11888 +deny 11896 +deny 11921 +deny 11947 +deny 11960 +deny 11993 +deny 12034 +deny 12066 +deny 12127 +deny 12135 - 12136 +deny 12140 +deny 12146 +deny 12150 +deny 12248 +deny 12252 +deny 12264 +deny 13316 +deny 13318 +deny 13320 +deny 13353 +deny 13357 +deny 13381 +deny 13424 +deny 13440 +deny 13459 +deny 13474 +deny 13489 +deny 13495 +deny 13514 +deny 13521 - 13522 +deny 13544 +deny 13579 +deny 13584 - 13585 +deny 13591 +deny 13643 +deny 13679 +deny 13682 +deny 13761 +deny 13774 +deny 13835 +deny 13874 +deny 13878 +deny 13914 +deny 13929 +deny 13934 - 13936 +deny 13991 +deny 13999 - 14000 +deny 14026 +deny 14030 +deny 14069 +deny 14080 +deny 14084 +deny 14087 +deny 14111 +deny 14117 +deny 14122 +deny 14178 - 14179 +deny 14186 - 14187 +deny 14202 +deny 14204 +deny 14231 - 14232 +deny 14234 +deny 14249 - 14250 +deny 14259 +deny 14282 +deny 14285 - 14286 +deny 14316 +deny 14318 +deny 14339 +deny 14346 +deny 14377 +deny 14420 +deny 14457 +deny 14463 +deny 14522 +deny 14535 +deny 14553 +deny 14560 +deny 14571 +deny 14624 +deny 14650 +deny 14664 +deny 14674 +deny 14692 +deny 14708 - 14709 +deny 14723 +deny 14754 +deny 14759 +deny 14769 +deny 14795 +deny 14840 +deny 14845 +deny 14867 - 14868 +deny 14886 +deny 14966 +deny 14970 +deny 15030 +deny 15034 +deny 15064 +deny 15066 +deny 15075 +deny 15078 +deny 15107 +deny 15125 +deny 15151 +deny 15180 +deny 15201 +deny 15208 +deny 15236 +deny 15241 +deny 15246 +deny 15252 +deny 15256 +deny 15274 +deny 15311 +deny 16397 +deny 16418 +deny 16471 +deny 16506 +deny 16522 +deny 16528 +deny 16531 +deny 16592 +deny 16594 +deny 16596 +deny 16606 - 16607 +deny 16629 +deny 16663 +deny 16685 +deny 16689 +deny 16701 +deny 16712 +deny 16732 +deny 16735 - 16736 +deny 16742 +deny 16762 +deny 16772 +deny 16780 +deny 16814 +deny 16847 +deny 16849 +deny 16864 +deny 16874 +deny 16885 +deny 16891 +deny 16906 +deny 16911 +deny 16960 +deny 16973 +deny 16975 +deny 16990 +deny 17069 +deny 17072 +deny 17079 +deny 17086 +deny 17108 +deny 17126 +deny 17147 +deny 17182 +deny 17205 +deny 17208 +deny 17222 +deny 17249 - 17250 +deny 17255 +deny 17257 +deny 17287 +deny 17329 +deny 17376 +deny 17379 +deny 17399 +deny 17401 +deny 18449 +deny 18455 +deny 18466 +deny 18479 +deny 18492 +deny 18496 +deny 18532 +deny 18547 +deny 18576 +deny 18579 +deny 18592 +deny 18644 +deny 18667 +deny 18678 +deny 18734 +deny 18739 +deny 18782 +deny 18809 +deny 18822 +deny 18836 +deny 18840 +deny 18846 +deny 18869 +deny 18881 +deny 18941 +deny 18998 +deny 19033 +deny 19037 - 19038 +deny 19064 +deny 19077 +deny 19089 - 19090 +deny 19109 +deny 19114 +deny 19132 +deny 19169 +deny 19180 +deny 19182 +deny 19192 +deny 19196 +deny 19200 +deny 19228 +deny 19244 +deny 19259 +deny 19278 +deny 19315 +deny 19332 +deny 19338 +deny 19361 +deny 19373 +deny 19411 +deny 19422 +deny 19429 +deny 19447 +deny 19519 +deny 19553 +deny 19582 - 19583 +deny 19611 +deny 19632 +deny 19688 +deny 19723 +deny 19731 +deny 19763 +deny 19767 +deny 19863 +deny 19873 +deny 19889 +deny 19960 +deny 19978 +deny 19989 - 19990 +deny 20002 +deny 20015 +deny 20032 +deny 20043 - 20044 +deny 20106 +deny 20116 - 20117 +deny 20121 +deny 20142 +deny 20173 +deny 20191 +deny 20207 +deny 20232 +deny 20244 +deny 20255 - 20256 +deny 20266 +deny 20297 +deny 20299 +deny 20305 +deny 20312 +deny 20321 +deny 20345 +deny 20361 +deny 20363 +deny 20418 +deny 21506 +deny 21520 +deny 21571 +deny 21574 - 21575 +deny 21578 +deny 21590 +deny 21599 +deny 21603 +deny 21612 +deny 21614 +deny 21674 +deny 21692 +deny 21741 +deny 21753 +deny 21756 +deny 21765 +deny 21768 +deny 21824 +deny 21826 +deny 21838 +deny 21862 +deny 21883 +deny 21888 +deny 21911 +deny 21917 +deny 21980 +deny 22010 - 22011 +deny 22019 +deny 22047 +deny 22055 +deny 22080 +deny 22085 +deny 22092 +deny 22122 +deny 22128 - 22129 +deny 22133 +deny 22148 +deny 22177 +deny 22185 +deny 22227 +deny 22250 +deny 22305 +deny 22313 +deny 22341 +deny 22356 +deny 22368 +deny 22371 +deny 22381 - 22382 +deny 22407 +deny 22411 +deny 22431 +deny 22453 +deny 22501 +deny 22508 +deny 22515 +deny 22529 +deny 22541 +deny 22548 +deny 22566 +deny 22628 +deny 22661 +deny 22678 +deny 22689 +deny 22698 - 22699 +deny 22706 +deny 22724 +deny 22726 +deny 22745 +deny 22798 +deny 22818 - 22819 +deny 22833 +deny 22860 +deny 22869 +deny 22876 +deny 22882 +deny 22884 +deny 22889 +deny 22894 +deny 22908 +deny 22924 +deny 22927 +deny 22975 +deny 23002 +deny 23007 +deny 23020 +deny 23031 +deny 23074 +deny 23091 +deny 23105 - 23106 +deny 23113 +deny 23128 +deny 23140 +deny 23201 - 23202 +deny 23216 +deny 23243 +deny 23246 +deny 23289 +deny 23353 +deny 23360 +deny 23382 - 23383 +deny 23416 +deny 23487 - 23488 +deny 23495 +deny 23541 +deny 25607 +deny 25620 +deny 25701 +deny 25705 +deny 25718 +deny 25734 +deny 25812 +deny 25832 +deny 25908 +deny 25927 +deny 25933 +deny 25998 +deny 26048 +deny 26061 +deny 26090 +deny 26104 - 26105 +deny 26107 +deny 26112 +deny 26118 - 26119 +deny 26136 +deny 26162 +deny 26173 +deny 26194 +deny 26210 +deny 26218 +deny 26317 +deny 26418 +deny 26426 +deny 26434 +deny 26473 +deny 26505 +deny 26592 - 26596 +deny 26598 - 26623 + # AFRINIC IPv4 resources cannot be transferred to RIPE NCC # From https://www.iana.org/assignments/ipv4-address-space/ deny 41.0.0.0/8 @@ -76,6 +754,210 @@ deny 36864 - 37887 deny 327680 - 328703 deny 328704 - 329727 +# AFRINIC ASNs cannot be transferred to RIPE NCC +# From nro-delegated-stats 20240417 +deny 1228 - 1232 +deny 2018 +deny 2561 +deny 2905 +deny 3067 - 3068 +deny 3208 +deny 3741 +deny 4178 +deny 4571 +deny 5536 +deny 5713 +deny 5734 +deny 6083 +deny 6089 +deny 6127 +deny 6149 +deny 6180 +deny 6187 +deny 6351 +deny 6529 +deny 6560 +deny 6713 +deny 6879 +deny 6968 +deny 7020 +deny 7154 +deny 7231 +deny 7390 +deny 7420 +deny 7460 +deny 7971 - 7972 +deny 8094 +deny 8524 +deny 8770 +deny 9129 +deny 10247 +deny 10262 +deny 10331 +deny 10393 +deny 10474 +deny 10505 +deny 10540 +deny 10575 +deny 10798 +deny 10803 +deny 10898 +deny 11125 +deny 11157 +deny 11201 +deny 11259 +deny 11265 +deny 11380 +deny 11569 +deny 11645 +deny 11744 +deny 11845 +deny 11909 +deny 12091 +deny 12143 +deny 12258 +deny 12455 +deny 12556 +deny 13224 +deny 13402 +deny 13519 +deny 13569 +deny 13854 +deny 14029 +deny 14115 +deny 14331 +deny 14429 +deny 14516 +deny 14988 +deny 15022 +deny 15159 +deny 15399 +deny 15475 +deny 15706 +deny 15804 +deny 15825 +deny 15834 +deny 15964 +deny 16058 +deny 16214 +deny 16284 +deny 16416 +deny 16547 +deny 16630 +deny 16637 +deny 16800 +deny 16853 +deny 16907 +deny 17148 +deny 17220 +deny 17260 +deny 17312 +deny 17400 +deny 17652 +deny 18775 +deny 18922 +deny 18931 +deny 19136 +deny 19232 +deny 19676 +deny 19711 +deny 19832 +deny 19847 +deny 20011 +deny 20086 +deny 20095 +deny 20180 +deny 20294 +deny 20459 +deny 20484 +deny 20858 +deny 20928 +deny 21003 +deny 21152 +deny 21242 +deny 21271 +deny 21278 +deny 21280 +deny 21391 +deny 21452 +deny 21739 +deny 21819 +deny 22354 - 22355 +deny 22386 +deny 22572 +deny 22690 +deny 22735 +deny 22750 +deny 22939 +deny 23058 +deny 23549 +deny 23889 +deny 24736 +deny 24757 +deny 24788 +deny 24801 +deny 24835 +deny 24863 +deny 24878 +deny 24987 +deny 25163 +deny 25250 +deny 25362 +deny 25364 +deny 25543 +deny 25568 +deny 25576 +deny 25695 +deny 25726 +deny 25793 +deny 25818 +deny 26106 +deny 26130 +deny 26422 +deny 26625 +deny 26754 +deny 27576 +deny 27598 +deny 28683 +deny 28698 +deny 28913 +deny 29091 +deny 29338 +deny 29340 +deny 29428 +deny 29495 +deny 29544 +deny 29571 +deny 29614 +deny 29674 +deny 29918 +deny 29975 +deny 30073 +deny 30306 +deny 30429 +deny 30619 +deny 30896 +deny 30980 +deny 30982 - 30999 +deny 31065 +deny 31245 +deny 31619 +deny 31810 +deny 31856 +deny 31960 +deny 32017 +deny 32279 +deny 32398 +deny 32437 +deny 32653 +deny 32714 +deny 32717 +deny 32842 +deny 32860 +deny 33567 +deny 33579 +deny 33762 - 33791 + # Private use IPv4 & IPv6 addresses and ASNs deny 0.0.0.0/8 # RFC 1122 Local Identification deny 10.0.0.0/8 # RFC 1918 private space diff --git a/lib/libcrypto/bn/bn_convert.c b/lib/libcrypto/bn/bn_convert.c index 5c3c98b78..d509a86c0 100644 --- a/lib/libcrypto/bn/bn_convert.c +++ b/lib/libcrypto/bn/bn_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_convert.c,v 1.18 2024/04/16 13:14:46 jsing Exp $ */ +/* $OpenBSD: bn_convert.c,v 1.21 2024/04/17 21:55:43 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -154,7 +154,7 @@ BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) LCRYPTO_ALIAS(BN_bn2binpad); static int -bn_bin2bn_cbs(BIGNUM **bnp, CBS *cbs) +bn_bin2bn_cbs(BIGNUM **bnp, CBS *cbs, int lebin) { BIGNUM *bn = NULL; BN_ULONG w; @@ -173,8 +173,13 @@ bn_bin2bn_cbs(BIGNUM **bnp, CBS *cbs) w = 0; while (CBS_len(cbs) > 0) { - if (!CBS_get_last_u8(cbs, &v)) - goto err; + if (lebin) { + if (!CBS_get_u8(cbs, &v)) + goto err; + } else { + if (!CBS_get_last_u8(cbs, &v)) + goto err; + } w |= (BN_ULONG)v << b; b += 8; @@ -212,7 +217,7 @@ BN_bin2bn(const unsigned char *d, int len, BIGNUM *bn) CBS_init(&cbs, d, len); - if (!bn_bin2bn_cbs(&bn, &cbs)) + if (!bn_bin2bn_cbs(&bn, &cbs, 0)) return NULL; return bn; @@ -230,56 +235,19 @@ BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) LCRYPTO_ALIAS(BN_bn2lebinpad); BIGNUM * -BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) +BN_lebin2bn(const unsigned char *d, int len, BIGNUM *bn) { - unsigned int i, m, n; - BN_ULONG l; - BIGNUM *bn = NULL; + CBS cbs; - if (ret == NULL) - ret = bn = BN_new(); - if (ret == NULL) + if (len < 0) return NULL; + CBS_init(&cbs, d, len); - s += len; - /* Skip trailing zeroes. */ - for (; len > 0 && s[-1] == 0; s--, len--) - continue; - - n = len; - if (n == 0) { - ret->top = 0; - return ret; - } - - i = ((n - 1) / BN_BYTES) + 1; - m = (n - 1) % BN_BYTES; - if (!bn_wexpand(ret, (int)i)) { - BN_free(bn); + if (!bn_bin2bn_cbs(&bn, &cbs, 1)) return NULL; - } - ret->top = i; - ret->neg = 0; - l = 0; - while (n-- > 0) { - s--; - l = (l << 8L) | *s; - if (m-- == 0) { - ret->d[--i] = l; - l = 0; - m = BN_BYTES - 1; - } - } - - /* - * need to call this due to clear byte at top if avoiding having the - * top bit set (-ve number) - */ - bn_correct_top(ret); - - return ret; + return bn; } LCRYPTO_ALIAS(BN_lebin2bn); @@ -752,45 +720,41 @@ BN_bn2mpi(const BIGNUM *a, unsigned char *d) LCRYPTO_ALIAS(BN_bn2mpi); BIGNUM * -BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) +BN_mpi2bn(const unsigned char *d, int n, BIGNUM *bn_in) { - BIGNUM *a = ain; - long len; + BIGNUM *bn = bn_in; + uint32_t mpi_len; + uint8_t v; int neg = 0; + CBS cbs; - if (n < 4) { + if (n < 0) + return NULL; + + CBS_init(&cbs, d, n); + + if (!CBS_get_u32(&cbs, &mpi_len)) { BNerror(BN_R_INVALID_LENGTH); - return (NULL); + return NULL; } - len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | - (int)d[3]; - if ((len + 4) != n) { + if (CBS_len(&cbs) != mpi_len) { BNerror(BN_R_ENCODING_ERROR); - return (NULL); + return NULL; + } + if (CBS_len(&cbs) > 0) { + if (!CBS_peek_u8(&cbs, &v)) + return NULL; + neg = (v >> 7) & 1; } - if (a == NULL) - a = BN_new(); - if (a == NULL) - return (NULL); + if (!bn_bin2bn_cbs(&bn, &cbs, 0)) + return NULL; - if (len == 0) { - a->neg = 0; - a->top = 0; - return (a); - } - d += 4; - if ((*d) & 0x80) - neg = 1; - if (BN_bin2bn(d, (int)len, a) == NULL) { - if (ain == NULL) - BN_free(a); - return (NULL); - } - BN_set_negative(a, neg); - if (neg) { - BN_clear_bit(a, BN_num_bits(a) - 1); - } - return (a); + if (neg) + BN_clear_bit(bn, BN_num_bits(bn) - 1); + + BN_set_negative(bn, neg); + + return bn; } LCRYPTO_ALIAS(BN_mpi2bn); diff --git a/lib/libcrypto/crypto_internal.h b/lib/libcrypto/crypto_internal.h index 924cf6db4..8229db2d6 100644 --- a/lib/libcrypto/crypto_internal.h +++ b/lib/libcrypto/crypto_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_internal.h,v 1.9 2024/03/28 08:36:13 jsing Exp $ */ +/* $OpenBSD: crypto_internal.h,v 1.10 2024/04/17 14:43:37 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -26,6 +26,73 @@ #define CTASSERT(x) \ extern char _ctassert[(x) ? 1 : -1] __attribute__((__unused__)) +/* + * Constant time operations for uint8_t. + */ +#ifndef HAVE_CRYPTO_CT_NE_ZERO_U8 +static inline int +crypto_ct_ne_zero_u8(uint8_t v) +{ + return (uint8_t)(v | ~(v - 1)) >> ((sizeof(v) * 8) - 1); +} +#endif + +#ifndef HAVE_CRYPTO_CT_NE_ZERO_MASK_U8 +static inline uint8_t +crypto_ct_ne_zero_mask_u8(uint8_t v) +{ + return 0 - crypto_ct_ne_zero_u8(v); +} +#endif + +#ifndef HAVE_CRYPTO_CT_EQ_ZERO_U8 +static inline int +crypto_ct_eq_zero_u8(uint8_t v) +{ + return 1 - crypto_ct_ne_zero_u8(v); +} +#endif + +#ifndef HAVE_CRYPTO_CT_EQ_ZERO_MASK_U8 +static inline uint8_t +crypto_ct_eq_zero_mask_u8(uint8_t v) +{ + return 0 - crypto_ct_eq_zero_u8(v); +} +#endif + +#ifndef HAVE_CRYPTO_CT_NE_U8 +static inline int +crypto_ct_ne_u8(uint8_t a, uint8_t b) +{ + return crypto_ct_ne_zero_u8(a - b); +} +#endif + +#ifndef HAVE_CRYPTO_CT_NE_MASK_U8 +static inline uint8_t +crypto_ct_ne_mask_u8(uint8_t a, uint8_t b) +{ + return 0 - crypto_ct_ne_u8(a, b); +} +#endif + +#ifndef HAVE_CRYPTO_CT_EQ_U8 +static inline int +crypto_ct_eq_u8(uint8_t a, uint8_t b) +{ + return crypto_ct_eq_zero_u8(a - b); +} +#endif + +#ifndef HAVE_CRYPTO_CT_EQ_MASK_U8 +static inline uint8_t +crypto_ct_eq_mask_u8(uint8_t a, uint8_t b) +{ + return 0 - crypto_ct_eq_u8(a, b); +} +#endif + /* * crypto_load_be32toh() loads a 32 bit unsigned big endian value as a 32 bit * unsigned host endian value, from the specified address in memory. The memory diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c index a73add0c2..155c1855b 100644 --- a/lib/libcrypto/ec/ec_ameth.c +++ b/lib/libcrypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.53 2024/04/14 15:41:09 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.63 2024/04/17 14:01:33 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -912,77 +912,61 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) { EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; EVP_CIPHER_CTX *ctx; int keylen; X509_ALGOR *talg, *wrap_alg = NULL; const ASN1_OBJECT *aoid; ASN1_BIT_STRING *pubkey; - ASN1_STRING *wrap_str; + ASN1_STRING *wrap_str = NULL; ASN1_OCTET_STRING *ukm; unsigned char *penc = NULL; int penclen; - int ecdh_nid, kdf_type, kdf_nid, wrap_nid; + int ecdh_nid, kdf_nid, wrap_nid; const EVP_MD *kdf_md; - int rv = 0; + int ret = 0; - pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (!pctx) - return 0; - /* Get ephemeral key */ - pkey = EVP_PKEY_CTX_get0_pkey(pctx); + if ((pctx = CMS_RecipientInfo_get0_pkey_ctx(ri)) == NULL) + goto err; if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, NULL, NULL, NULL)) goto err; + X509_ALGOR_get0(&aoid, NULL, NULL, talg); - - /* Is everything uninitialised? */ if (aoid == OBJ_nid2obj(NID_undef)) { - EC_KEY *eckey = pkey->pkey.ec; - unsigned char *p; + EVP_PKEY *pkey; - /* Set the key */ - penclen = i2o_ECPublicKey(eckey, NULL); - if (penclen <= 0) + if ((pkey = EVP_PKEY_CTX_get0_pkey(pctx)) == NULL) goto err; - penc = malloc(penclen); - if (penc == NULL) - goto err; - p = penc; - penclen = i2o_ECPublicKey(eckey, &p); - if (penclen <= 0) + + penc = NULL; + if ((penclen = i2o_ECPublicKey(pkey->pkey.ec, &penc)) <= 0) goto err; + ASN1_STRING_set0(pubkey, penc, penclen); - if (!asn1_abs_set_unused_bits(pubkey, 0)) - goto err; penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), - V_ASN1_UNDEF, NULL); + if (!asn1_abs_set_unused_bits(pubkey, 0)) + goto err; + + if (!X509_ALGOR_set0_by_nid(talg, NID_X9_62_id_ecPublicKey, + V_ASN1_UNDEF, NULL)) + goto err; } - /* See if custom parameters set */ - kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx); - if (kdf_type <= 0) + if (EVP_PKEY_CTX_get_ecdh_kdf_type(pctx) != EVP_PKEY_ECDH_KDF_NONE) goto err; - if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md)) + if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0) goto err; - ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx); - if (ecdh_nid < 0) + + if ((ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx)) < 0) goto err; - else if (ecdh_nid == 0) + if (ecdh_nid == 0) ecdh_nid = NID_dh_std_kdf; else if (ecdh_nid == 1) ecdh_nid = NID_dh_cofactor_kdf; - if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { - kdf_type = EVP_PKEY_ECDH_KDF_X9_63; - if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) - goto err; - } else { - /* Unknown KDF */ + if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md)) goto err; - } if (kdf_md == NULL) { /* Fixme later for better MD */ kdf_md = EVP_sha1(); @@ -1002,53 +986,60 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri) wrap_nid = EVP_CIPHER_CTX_type(ctx); keylen = EVP_CIPHER_CTX_key_length(ctx); - /* Package wrap algorithm in an AlgorithmIdentifier */ + /* + * Package wrap algorithm in an AlgorithmIdentifier. + * + * Incompatibility of X509_ALGOR_set0() with EVP_CIPHER_param_to_asn1() + * makes this really gross. + */ - wrap_alg = X509_ALGOR_new(); - if (wrap_alg == NULL) + if ((wrap_alg = X509_ALGOR_new()) == NULL) goto err; - wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); - wrap_alg->parameter = ASN1_TYPE_new(); - if (wrap_alg->parameter == NULL) + if ((wrap_alg->algorithm = OBJ_nid2obj(wrap_nid)) == NULL) + goto err; + if ((wrap_alg->parameter = ASN1_TYPE_new()) == NULL) goto err; if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) goto err; - if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) { + if (ASN1_TYPE_get(wrap_alg->parameter) == V_ASN1_UNDEF) { ASN1_TYPE_free(wrap_alg->parameter); wrap_alg->parameter = NULL; } + if ((penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen)) <= 0) + goto err; + if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) goto err; - - penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen); - if (penclen <= 0) - goto err; - if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0) goto err; penc = NULL; /* - * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter - * of another AlgorithmIdentifier. + * Wrap encoded wrap AlgorithmIdentifier into parameter of another + * AlgorithmIdentifier. */ - penclen = i2d_X509_ALGOR(wrap_alg, &penc); - if (penclen <= 0) + + if ((penclen = i2d_X509_ALGOR(wrap_alg, &penc)) <= 0) goto err; - wrap_str = ASN1_STRING_new(); - if (wrap_str == NULL) + + if ((wrap_str = ASN1_STRING_new()) == NULL) goto err; ASN1_STRING_set0(wrap_str, penc, penclen); penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str); - rv = 1; + if (!X509_ALGOR_set0_by_nid(talg, kdf_nid, V_ASN1_SEQUENCE, wrap_str)) + goto err; + wrap_str = NULL; + + ret = 1; err: free(penc); + ASN1_STRING_free(wrap_str); X509_ALGOR_free(wrap_alg); - return rv; + + return ret; } #endif diff --git a/lib/libcrypto/ec/ec_asn1.c b/lib/libcrypto/ec/ec_asn1.c index 3bb550d56..2ce7d785c 100644 --- a/lib/libcrypto/ec/ec_asn1.c +++ b/lib/libcrypto/ec/ec_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_asn1.c,v 1.52 2024/04/15 15:46:29 tb Exp $ */ +/* $OpenBSD: ec_asn1.c,v 1.53 2024/04/17 23:24:18 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -74,7 +74,6 @@ EC_GROUP_get_basis_type(const EC_GROUP *group) } LCRYPTO_ALIAS(EC_GROUP_get_basis_type); -/* some structures needed for the asn1 encoding */ typedef struct x9_62_pentanomial_st { long k1; long k2; @@ -134,7 +133,6 @@ typedef struct ecpk_parameters_st { } value; } ECPKPARAMETERS; -/* SEC1 ECPrivateKey */ typedef struct ec_privatekey_st { long version; ASN1_OCTET_STRING *privateKey; @@ -142,7 +140,6 @@ typedef struct ec_privatekey_st { ASN1_BIT_STRING *publicKey; } EC_PRIVATEKEY; -/* the OpenSSL ASN.1 definitions */ static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt[] = { { .flags = 0, @@ -418,9 +415,6 @@ const ASN1_ITEM ECPARAMETERS_it = { .sname = "ECPARAMETERS", }; -static ECPARAMETERS *ECPARAMETERS_new(void); -static void ECPARAMETERS_free(ECPARAMETERS *a); - static ECPARAMETERS * ECPARAMETERS_new(void) { @@ -467,11 +461,6 @@ const ASN1_ITEM ECPKPARAMETERS_it = { .sname = "ECPKPARAMETERS", }; -static ECPKPARAMETERS *ECPKPARAMETERS_new(void); -static void ECPKPARAMETERS_free(ECPKPARAMETERS *a); -static ECPKPARAMETERS *d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len); -static int i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out); - static ECPKPARAMETERS * d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len) { @@ -538,11 +527,6 @@ static const ASN1_ITEM EC_PRIVATEKEY_it = { .sname = "EC_PRIVATEKEY", }; -static EC_PRIVATEKEY *EC_PRIVATEKEY_new(void); -static void EC_PRIVATEKEY_free(EC_PRIVATEKEY *a); -static EC_PRIVATEKEY *d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len); -static int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out); - static EC_PRIVATEKEY * d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len) { @@ -568,28 +552,6 @@ EC_PRIVATEKEY_free(EC_PRIVATEKEY *a) ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it); } -/* some declarations of internal function */ - -/* ec_asn1_group2fieldid() sets the values in a X9_62_FIELDID object */ -static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); -/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ -static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); -/* ec_asn1_parameters2group() creates a EC_GROUP object from a - * ECPARAMETERS object */ -static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); -/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a - * EC_GROUP object */ -static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *); -/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a - * ECPKPARAMETERS object */ -static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); -/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a - * EC_GROUP object */ -static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, - ECPKPARAMETERS *); - -/* the function definitions */ - static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) { @@ -1046,8 +1008,6 @@ ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) return ret; } -/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ - EC_GROUP * d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) { @@ -1093,8 +1053,6 @@ i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) } LCRYPTO_ALIAS(i2d_ECPKParameters); -/* some EC_KEY functions */ - EC_KEY * d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) { diff --git a/lib/libcrypto/evp/pmeth_gn.c b/lib/libcrypto/evp/pmeth_gn.c index b8b51ced3..1c355e594 100644 --- a/lib/libcrypto/evp/pmeth_gn.c +++ b/lib/libcrypto/evp/pmeth_gn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_gn.c,v 1.18 2024/04/12 09:41:39 tb Exp $ */ +/* $OpenBSD: pmeth_gn.c,v 1.19 2024/04/17 08:24:11 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -87,7 +87,7 @@ EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { int ret; - if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) { + if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->paramgen == NULL) { EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } @@ -97,17 +97,19 @@ EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) return -1; } - if (!ppkey) + if (ppkey == NULL) return -1; - if (!*ppkey) + if (*ppkey == NULL) *ppkey = EVP_PKEY_new(); + if (*ppkey == NULL) + return -1; - ret = ctx->pmeth->paramgen(ctx, *ppkey); - if (ret <= 0) { + if ((ret = ctx->pmeth->paramgen(ctx, *ppkey)) <= 0) { EVP_PKEY_free(*ppkey); *ppkey = NULL; } + return ret; } LCRYPTO_ALIAS(EVP_PKEY_paramgen); diff --git a/lib/libcrypto/o_fips.c b/lib/libcrypto/o_fips.c index 9ae2ecc33..3ed10d404 100644 --- a/lib/libcrypto/o_fips.c +++ b/lib/libcrypto/o_fips.c @@ -1,4 +1,4 @@ -/* $OpenBSD: o_fips.c,v 1.8 2024/04/15 16:05:49 tb Exp $ */ +/* $OpenBSD: o_fips.c,v 1.9 2024/04/17 22:43:42 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2011. */ @@ -56,9 +56,8 @@ * */ -#include - #include +#include int FIPS_mode(void) diff --git a/regress/lib/libcrypto/bn/bn_convert.c b/regress/lib/libcrypto/bn/bn_convert.c index c787036cc..65f014693 100644 --- a/regress/lib/libcrypto/bn/bn_convert.c +++ b/regress/lib/libcrypto/bn/bn_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_convert.c,v 1.5 2024/04/09 16:06:01 tb Exp $ */ +/* $OpenBSD: bn_convert.c,v 1.6 2024/04/17 08:51:11 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -25,7 +25,6 @@ * * - BN_bn2binpad() * - BN_bn2lebinpad() - * - BN_lebin2bn() * - BN_print()/BN_print_fp() * * - Invalid inputs to {asc,dec,hex,mpi}2bn @@ -440,9 +439,10 @@ test_bn_convert(void) const struct bn_convert_test *bct; uint8_t *mpi_out = NULL; char *out_str = NULL; + uint8_t lebin[64]; BIGNUM *bn = NULL; int mpi_len; - size_t i; + size_t i, j; int failed = 1; for (i = 0; i < N_BN_CONVERT_TESTS; i++) { @@ -459,6 +459,20 @@ test_bn_convert(void) bn) != 0) goto failure; + for (j = 0; j < bct->bin_len; j++) + lebin[j] = bct->bin[bct->bin_len - j - 1]; + + BN_free(bn); + if ((bn = BN_lebin2bn(lebin, bct->bin_len, NULL)) == NULL) { + fprintf(stderr, "FAIL: BN_lebin2bn() failed\n"); + goto failure; + } + BN_set_negative(bn, bct->neg); + + if (check_bin_output(i, "BN_lebin2bn()", bct->bin, bct->bin_len, + bn) != 0) + goto failure; + free(out_str); if ((out_str = BN_bn2dec(bn)) == NULL) { fprintf(stderr, "FAIL: BN_bn2dec() failed\n"); diff --git a/regress/lib/libssl/symbols/symbols.awk b/regress/lib/libssl/symbols/symbols.awk index a847ade6d..adf8716cc 100644 --- a/regress/lib/libssl/symbols/symbols.awk +++ b/regress/lib/libssl/symbols/symbols.awk @@ -1,4 +1,4 @@ -# $OpenBSD: symbols.awk,v 1.2 2023/07/19 21:01:29 tb Exp $ +# $OpenBSD: symbols.awk,v 1.3 2024/04/17 22:48:17 tb Exp $ # Copyright (c) 2018,2020,2023 Theo Buehler # @@ -29,10 +29,6 @@ BEGIN { printf("#include \n\n") # depends on ssl.h } -/^SSL_version_str$/ { - printf("extern const char *%s;\n", $0) -} - { symbols[$0] = $0 diff --git a/regress/usr.bin/snmp/Makefile b/regress/usr.bin/snmp/Makefile index 983efc2dd..d398d3f9d 100644 --- a/regress/usr.bin/snmp/Makefile +++ b/regress/usr.bin/snmp/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.7 2024/02/08 17:09:51 martijn Exp $ +# $OpenBSD: Makefile,v 1.8 2024/04/17 06:18:18 claudio Exp $ SNMP?= /usr/bin/snmp SNMPD?= /usr/sbin/snmpd -f ${.OBJDIR}/snmpd.conf @@ -18,8 +18,8 @@ REGRESS_CLEANUP= stop REGRESS_SKIP_TARGETS= CLEANFILES= -IFIDX!= ifconfig egress | awk '/index/{print $$2}' -IFLLADDR!= ifconfig egress | awk '/lladdr/{gsub(":", " ", $$2); print toupper($$2)}' +IFIDX!= ifconfig egress | awk '/index/{print $$2; exit}' +IFLLADDR!= ifconfig egress | awk '/lladdr/{gsub(":", " ", $$2); print toupper($$2); exit}' CLEANFILES+= snmpd.conf snmpd.conf: Makefile diff --git a/share/man/man5/python-module.5 b/share/man/man5/python-module.5 index 39546b30e..a05f97830 100644 --- a/share/man/man5/python-module.5 +++ b/share/man/man5/python-module.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: python-module.5,v 1.10 2024/04/14 12:09:28 sthen Exp $ +.\" $OpenBSD: python-module.5,v 1.11 2024/04/17 13:34:23 sthen Exp $ .\" .\" Copyright (c) 2008 Marc Espie .\" @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 14 2024 $ +.Dd $Mdocdate: April 17 2024 $ .Dt PYTHON-MODULE 5 .Os .Sh NAME @@ -124,11 +124,11 @@ adds the backend to .Ev MODPY_BUILD_DEPENDS , and sets .Ev MODPY_PYTEST . -In rare cases, the build backend is distributed with the software -itself and +In cases where a less common backend is used, or where the build backend is +distributed with the software itself, .Ev MODPY_PYBUILD -can be set to bootstrap to use this mechanism without adding a dependency -for another backend. +can be set to other to use the PEP 517 mechanism without adding a dependency +for a backend. .Pp Older ports using setuptools still set .Ev MODPY_SETUPTOOLS diff --git a/sys/arch/amd64/include/cpu.h b/sys/arch/amd64/include/cpu.h index 7bd9a54fa..a6377384e 100644 --- a/sys/arch/amd64/include/cpu.h +++ b/sys/arch/amd64/include/cpu.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.h,v 1.165 2024/04/14 09:59:04 kettenis Exp $ */ +/* $OpenBSD: cpu.h,v 1.166 2024/04/17 13:12:58 mpi Exp $ */ /* $NetBSD: cpu.h,v 1.1 2003/04/26 18:39:39 fvdl Exp $ */ /*- @@ -53,6 +53,7 @@ #include #include #include +#include #ifdef _KERNEL @@ -210,6 +211,8 @@ struct cpu_info { #ifdef MULTIPROCESSOR struct srp_hazard ci_srp_hazards[SRP_HAZARD_NUM]; +#define __HAVE_UVM_PERCPU + struct uvm_pmr_cache ci_uvm; /* [o] page cache */ #endif struct ksensordev ci_sensordev; diff --git a/sys/arch/arm64/include/cpu.h b/sys/arch/arm64/include/cpu.h index d0521a33a..ee820bb65 100644 --- a/sys/arch/arm64/include/cpu.h +++ b/sys/arch/arm64/include/cpu.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.h,v 1.43 2024/02/25 19:15:50 cheloha Exp $ */ +/* $OpenBSD: cpu.h,v 1.44 2024/04/17 13:12:58 mpi Exp $ */ /* * Copyright (c) 2016 Dale Rahn * @@ -108,6 +108,7 @@ void arm32_vector_init(vaddr_t, int); #include #include #include +#include struct cpu_info { struct device *ci_dev; /* Device corresponding to this CPU */ @@ -161,6 +162,8 @@ struct cpu_info { #ifdef MULTIPROCESSOR struct srp_hazard ci_srp_hazards[SRP_HAZARD_NUM]; +#define __HAVE_UVM_PERCPU + struct uvm_pmr_cache ci_uvm; volatile int ci_flags; volatile int ci_ddb_paused; diff --git a/sys/arch/i386/include/cpu.h b/sys/arch/i386/include/cpu.h index 64bfd3530..c46b586b1 100644 --- a/sys/arch/i386/include/cpu.h +++ b/sys/arch/i386/include/cpu.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.h,v 1.185 2024/02/25 19:15:50 cheloha Exp $ */ +/* $OpenBSD: cpu.h,v 1.186 2024/04/17 13:12:58 mpi Exp $ */ /* $NetBSD: cpu.h,v 1.35 1996/05/05 19:29:26 christos Exp $ */ /*- @@ -69,6 +69,7 @@ #include #include #include +#include struct intrsource; @@ -99,6 +100,8 @@ struct cpu_info { #if defined(MULTIPROCESSOR) struct srp_hazard ci_srp_hazards[SRP_HAZARD_NUM]; +#define __HAVE_UVM_PERCPU + struct uvm_pmr_cache ci_uvm; #endif /* diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index d21ef7b32..abe7d4f76 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_resource.c,v 1.80 2023/09/13 14:25:49 claudio Exp $ */ +/* $OpenBSD: kern_resource.c,v 1.81 2024/04/17 09:41:44 claudio Exp $ */ /* $NetBSD: kern_resource.c,v 1.38 1996/10/23 07:19:38 matthias Exp $ */ /*- @@ -476,8 +476,9 @@ dogetrusage(struct proc *p, int who, struct rusage *rup) struct process *pr = p->p_p; struct proc *q; - switch (who) { + KERNEL_ASSERT_LOCKED(); + switch (who) { case RUSAGE_SELF: /* start with the sum of dead threads, if any */ if (pr->ps_ru != NULL) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 7a79b6b4c..958d8ea9b 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.300 2024/04/12 16:07:09 bluhm Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.301 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -240,10 +240,10 @@ in_pcballoc(struct socket *so, struct inpcbtable *table, int wait) inp->inp_socket = so; refcnt_init_trace(&inp->inp_refcnt, DT_REFCNT_IDX_INPCB); mtx_init(&inp->inp_mtx, IPL_SOFTNET); - inp->inp_seclevel[SL_AUTH] = IPSEC_AUTH_LEVEL_DEFAULT; - inp->inp_seclevel[SL_ESP_TRANS] = IPSEC_ESP_TRANS_LEVEL_DEFAULT; - inp->inp_seclevel[SL_ESP_NETWORK] = IPSEC_ESP_NETWORK_LEVEL_DEFAULT; - inp->inp_seclevel[SL_IPCOMP] = IPSEC_IPCOMP_LEVEL_DEFAULT; + inp->inp_seclevel.sl_auth = IPSEC_AUTH_LEVEL_DEFAULT; + inp->inp_seclevel.sl_esp_trans = IPSEC_ESP_TRANS_LEVEL_DEFAULT; + inp->inp_seclevel.sl_esp_network = IPSEC_ESP_NETWORK_LEVEL_DEFAULT; + inp->inp_seclevel.sl_ipcomp = IPSEC_IPCOMP_LEVEL_DEFAULT; inp->inp_rtableid = curproc->p_p->ps_rtableid; inp->inp_hops = -1; #ifdef INET6 diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index a8e72f7c9..60b3ae537 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.155 2024/04/15 18:31:04 bluhm Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.156 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -166,11 +166,7 @@ struct inpcb { } inp_mou; #define inp_moptions inp_mou.mou_mo /* [N] IPv4 multicast options */ #define inp_moptions6 inp_mou.mou_mo6 /* [N] IPv6 multicast options */ - u_char inp_seclevel[4]; /* [N] IPsec level of socket */ -#define SL_AUTH 0 /* Authentication level */ -#define SL_ESP_TRANS 1 /* ESP transport level */ -#define SL_ESP_NETWORK 2 /* ESP network (encapsulation) level */ -#define SL_IPCOMP 3 /* Compression level */ + struct ipsec_level inp_seclevel; /* [N] IPsec level of socket */ u_char inp_ip_minttl; /* minimum TTL or drop */ #define inp_ip6_minhlim inp_ip_minttl /* minimum Hop Limit or drop */ #define inp_flowinfo inp_hu.hu_ipv6.ip6_flow diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index d6e9e4c8a..3098c4ca9 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.244 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.245 2024/04/17 20:48:51 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -149,6 +149,13 @@ struct ipsecstat { uint64_t ipsec_exctdb; /* TDBs with hardlimit excess */ }; +struct ipsec_level { + u_char sl_auth; /* Authentication level */ + u_char sl_esp_trans; /* ESP transport level */ + u_char sl_esp_network; /* ESP network (encapsulation) level */ + u_char sl_ipcomp; /* Compression level */ +}; + #ifdef _KERNEL #include @@ -671,7 +678,7 @@ int checkreplaywindow(struct tdb *, u_int64_t, u_int32_t, u_int32_t *, int); int ipsp_process_packet(struct mbuf *, struct tdb *, int, int); int ipsp_process_done(struct mbuf *, struct tdb *); int ipsp_spd_lookup(struct mbuf *, int, int, int, struct tdb *, - const u_char[], struct tdb **, struct ipsec_ids *); + const struct ipsec_level *, struct tdb **, struct ipsec_ids *); int ipsp_is_unspecified(union sockaddr_union); int ipsp_aux_match(struct tdb *, struct ipsec_ids *, struct sockaddr_encap *, struct sockaddr_encap *); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 3154be349..c5a9b419c 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.397 2024/04/09 11:05:05 bluhm Exp $ */ +/* $OpenBSD: ip_output.c,v 1.398 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -84,8 +84,8 @@ void ip_mloopback(struct ifnet *, struct mbuf *, struct sockaddr_in *); static u_int16_t in_cksum_phdr(u_int32_t, u_int32_t, u_int32_t); void in_delayed_cksum(struct mbuf *); -int ip_output_ipsec_lookup(struct mbuf *m, int hlen, const u_char seclevel[], - struct tdb **, int ipsecflowinfo); +int ip_output_ipsec_lookup(struct mbuf *m, int hlen, + const struct ipsec_level *seclevel, struct tdb **, int ipsecflowinfo); void ip_output_ipsec_pmtu_update(struct tdb *, struct route *, struct in_addr, int, int); int ip_output_ipsec_send(struct tdb *, struct mbuf *, struct route *, int); @@ -98,7 +98,8 @@ int ip_output_ipsec_send(struct tdb *, struct mbuf *, struct route *, int); */ int ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, - struct ip_moptions *imo, const u_char seclevel[], u_int32_t ipsecflowinfo) + struct ip_moptions *imo, const struct ipsec_level *seclevel, + u_int32_t ipsecflowinfo) { struct ip *ip; struct ifnet *ifp = NULL; @@ -498,8 +499,8 @@ bad: #ifdef IPSEC int -ip_output_ipsec_lookup(struct mbuf *m, int hlen, const u_char seclevel[], - struct tdb **tdbout, int ipsecflowinfo) +ip_output_ipsec_lookup(struct mbuf *m, int hlen, + const struct ipsec_level *seclevel, struct tdb **tdbout, int ipsecflowinfo) { struct m_tag *mtag; struct tdb_ident *tdbi; @@ -1019,7 +1020,7 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, error = EACCES; break; } - inp->inp_seclevel[SL_AUTH] = optval; + inp->inp_seclevel.sl_auth = optval; break; case IP_ESP_TRANS_LEVEL: @@ -1028,7 +1029,7 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, error = EACCES; break; } - inp->inp_seclevel[SL_ESP_TRANS] = optval; + inp->inp_seclevel.sl_esp_trans = optval; break; case IP_ESP_NETWORK_LEVEL: @@ -1037,7 +1038,7 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, error = EACCES; break; } - inp->inp_seclevel[SL_ESP_NETWORK] = optval; + inp->inp_seclevel.sl_esp_network = optval; break; case IP_IPCOMP_LEVEL: if (optval < IPSEC_IPCOMP_LEVEL_DEFAULT && @@ -1045,7 +1046,7 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, error = EACCES; break; } - inp->inp_seclevel[SL_IPCOMP] = optval; + inp->inp_seclevel.sl_ipcomp = optval; break; } #endif @@ -1189,18 +1190,18 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, m->m_len = sizeof(int); switch (optname) { case IP_AUTH_LEVEL: - optval = inp->inp_seclevel[SL_AUTH]; + optval = inp->inp_seclevel.sl_auth; break; case IP_ESP_TRANS_LEVEL: - optval = inp->inp_seclevel[SL_ESP_TRANS]; + optval = inp->inp_seclevel.sl_esp_trans; break; case IP_ESP_NETWORK_LEVEL: - optval = inp->inp_seclevel[SL_ESP_NETWORK]; + optval = inp->inp_seclevel.sl_esp_network; break; case IP_IPCOMP_LEVEL: - optval = inp->inp_seclevel[SL_IPCOMP]; + optval = inp->inp_seclevel.sl_ipcomp; break; } *mtod(m, int *) = optval; diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index ed27d5a4e..bb1de16f0 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.119 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.120 2024/04/17 20:48:51 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -39,8 +39,8 @@ #include #include -int ipsp_spd_inp(struct mbuf *, const u_char *, struct ipsec_policy *, - struct tdb **); +int ipsp_spd_inp(struct mbuf *, const struct ipsec_level *, + struct ipsec_policy *, struct tdb **); int ipsp_acquire_sa(struct ipsec_policy *, union sockaddr_union *, union sockaddr_union *, struct sockaddr_encap *, struct mbuf *); int ipsp_pending_acquire(struct ipsec_policy *, union sockaddr_union *); @@ -153,7 +153,7 @@ spd_table_walk(unsigned int rtableid, */ int ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, - struct tdb *tdbin, const u_char seclevel[], struct tdb **tdbout, + struct tdb *tdbin, const struct ipsec_level *seclevel, struct tdb **tdbout, struct ipsec_ids *ipsecflowinfo_ids) { struct radix_node_head *rnh; @@ -178,9 +178,9 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, * If an input packet is destined to a BYPASS socket, just accept it. */ if ((seclevel != NULL) && (direction == IPSP_DIRECTION_IN) && - (seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS) && - (seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_BYPASS) && - (seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS)) { + (seclevel->sl_esp_trans == IPSEC_LEVEL_BYPASS) && + (seclevel->sl_esp_network == IPSEC_LEVEL_BYPASS) && + (seclevel->sl_auth == IPSEC_LEVEL_BYPASS)) { if (tdbout != NULL) *tdbout = NULL; return 0; @@ -385,9 +385,9 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, * option set, skip IPsec processing. */ if ((seclevel != NULL) && - (seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS) && - (seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_BYPASS) && - (seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS)) { + (seclevel->sl_esp_trans == IPSEC_LEVEL_BYPASS) && + (seclevel->sl_esp_network == IPSEC_LEVEL_BYPASS) && + (seclevel->sl_auth == IPSEC_LEVEL_BYPASS)) { /* Direct match. */ if (dignore || !memcmp(&sdst, &ipo->ipo_dst, sdst.sa.sa_len)) { @@ -904,8 +904,8 @@ ipsp_acquire_sa(struct ipsec_policy *ipo, union sockaddr_union *gw, * Deal with PCB security requirements. */ int -ipsp_spd_inp(struct mbuf *m, const u_char seclevel[], struct ipsec_policy *ipo, - struct tdb **tdbout) +ipsp_spd_inp(struct mbuf *m, const struct ipsec_level *seclevel, + struct ipsec_policy *ipo, struct tdb **tdbout) { /* Sanity check. */ if (seclevel == NULL) @@ -913,14 +913,14 @@ ipsp_spd_inp(struct mbuf *m, const u_char seclevel[], struct ipsec_policy *ipo, /* We only support IPSEC_LEVEL_BYPASS or IPSEC_LEVEL_AVAIL */ - if (seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS && - seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_BYPASS && - seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS) + if (seclevel->sl_esp_trans == IPSEC_LEVEL_BYPASS && + seclevel->sl_esp_network == IPSEC_LEVEL_BYPASS && + seclevel->sl_auth == IPSEC_LEVEL_BYPASS) goto justreturn; - if (seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_AVAIL && - seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_AVAIL && - seclevel[SL_AUTH] == IPSEC_LEVEL_AVAIL) + if (seclevel->sl_esp_trans == IPSEC_LEVEL_AVAIL && + seclevel->sl_esp_network == IPSEC_LEVEL_AVAIL && + seclevel->sl_auth == IPSEC_LEVEL_AVAIL) goto justreturn; return -EINVAL; /* Silently drop packet. */ diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index cdbdd2d43..a963798db 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_var.h,v 1.116 2024/04/16 12:56:39 bluhm Exp $ */ +/* $OpenBSD: ip_var.h,v 1.117 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: ip_var.h,v 1.16 1996/02/13 23:43:20 christos Exp $ */ /* @@ -235,6 +235,7 @@ extern struct pool ipqent_pool; struct rtentry; struct route; struct inpcb; +struct ipsec_level; int ip_ctloutput(int, struct socket *, int, int, struct mbuf *); int ip_fragment(struct mbuf *, struct mbuf_list *, struct ifnet *, u_long); @@ -246,7 +247,7 @@ struct mbuf* int ip_mforward(struct mbuf *, struct ifnet *); int ip_optcopy(struct ip *, struct ip *); int ip_output(struct mbuf *, struct mbuf *, struct route *, int, - struct ip_moptions *, const u_char[], u_int32_t); + struct ip_moptions *, const struct ipsec_level *, u_int32_t); u_int16_t ip_randomid(void); void ip_send(struct mbuf *); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index ea57cc31a..5481346b9 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip.c,v 1.158 2024/04/12 12:25:58 bluhm Exp $ */ +/* $OpenBSD: raw_ip.c,v 1.159 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */ /* @@ -332,7 +332,7 @@ rip_output(struct mbuf *m, struct socket *so, struct sockaddr *dstaddr, #endif error = ip_output(m, inp->inp_options, &inp->inp_route, flags, - inp->inp_moptions, inp->inp_seclevel, 0); + inp->inp_moptions, &inp->inp_seclevel, 0); return (error); } diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 8a64d59fe..328521d6f 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.404 2024/04/13 23:44:11 jsg Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.405 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -590,7 +590,7 @@ findpcb: &tdbi->dst, tdbi->proto); } error = ipsp_spd_lookup(m, af, iphlen, IPSP_DIRECTION_IN, - tdb, inp ? inp->inp_seclevel : NULL, NULL, NULL); + tdb, inp ? &inp->inp_seclevel : NULL, NULL, NULL); tdb_unref(tdb); if (error) { tcpstat_inc(tcps_rcvnosec); @@ -3541,8 +3541,7 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, * from the old pcb. Ditto for any other * IPsec-related information. */ - memcpy(inp->inp_seclevel, oldinp->inp_seclevel, - sizeof(oldinp->inp_seclevel)); + inp->inp_seclevel = oldinp->inp_seclevel; #endif /* IPSEC */ #ifdef INET6 if (ISSET(inp->inp_flags, INP_IPV6)) { @@ -4150,7 +4149,7 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) error = ip_output(m, sc->sc_ipopts, &sc->sc_route, (ip_mtudisc ? IP_MTUDISC : 0), NULL, - inp ? inp->inp_seclevel : NULL, 0); + inp ? &inp->inp_seclevel : NULL, 0); break; #ifdef INET6 case AF_INET6: @@ -4161,7 +4160,7 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) /* leave flowlabel = 0, it is legal and require no state mgmt */ error = ip6_output(m, NULL /*XXX*/, &sc->sc_route, 0, - NULL, inp ? inp->inp_seclevel : NULL); + NULL, inp ? &inp->inp_seclevel : NULL); break; #endif } diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index cd21dfe9c..c695cb0d5 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_output.c,v 1.143 2024/02/13 12:22:09 bluhm Exp $ */ +/* $OpenBSD: tcp_output.c,v 1.144 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $ */ /* @@ -1090,7 +1090,7 @@ send: error = ip_output(m, tp->t_inpcb->inp_options, &tp->t_inpcb->inp_route, (ip_mtudisc ? IP_MTUDISC : 0), NULL, - tp->t_inpcb->inp_seclevel, 0); + &tp->t_inpcb->inp_seclevel, 0); break; #ifdef INET6 case AF_INET6: @@ -1110,7 +1110,7 @@ send: } error = ip6_output(m, tp->t_inpcb->inp_outputopts6, &tp->t_inpcb->inp_route, 0, NULL, - tp->t_inpcb->inp_seclevel); + &tp->t_inpcb->inp_seclevel); break; #endif /* INET6 */ } diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 61cd51830..851e23f54 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_subr.c,v 1.200 2024/04/12 16:07:09 bluhm Exp $ */ +/* $OpenBSD: tcp_subr.c,v 1.201 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $ */ /* @@ -406,7 +406,7 @@ tcp_respond(struct tcpcb *tp, caddr_t template, struct tcphdr *th0, ip6_output(m, tp ? tp->t_inpcb->inp_outputopts6 : NULL, tp ? &tp->t_inpcb->inp_route : NULL, 0, NULL, - tp ? tp->t_inpcb->inp_seclevel : NULL); + tp ? &tp->t_inpcb->inp_seclevel : NULL); break; #endif /* INET6 */ case AF_INET: @@ -416,7 +416,7 @@ tcp_respond(struct tcpcb *tp, caddr_t template, struct tcphdr *th0, ip_output(m, NULL, tp ? &tp->t_inpcb->inp_route : NULL, ip_mtudisc ? IP_MTUDISC : 0, NULL, - tp ? tp->t_inpcb->inp_seclevel : NULL, 0); + tp ? &tp->t_inpcb->inp_seclevel : NULL, 0); break; } } diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 0a9c1afb5..ecf2a9081 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.319 2024/04/12 16:07:09 bluhm Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.320 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -562,7 +562,7 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af) } else tdb = NULL; error = ipsp_spd_lookup(m, af, iphlen, IPSP_DIRECTION_IN, - tdb, inp ? inp->inp_seclevel : NULL, NULL, NULL); + tdb, inp ? &inp->inp_seclevel : NULL, NULL, NULL); if (error) { udpstat_inc(udps_nosec); tdb_unref(tdb); @@ -1084,7 +1084,7 @@ udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr, error = ip_output(m, inp->inp_options, &inp->inp_route, (inp->inp_socket->so_options & SO_BROADCAST), inp->inp_moptions, - inp->inp_seclevel, ipsecflowinfo); + &inp->inp_seclevel, ipsecflowinfo); bail: m_freem(control); diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index 244fb26e0..50bceb006 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6.c,v 1.263 2024/04/16 14:37:49 florian Exp $ */ +/* $OpenBSD: in6.c,v 1.264 2024/04/17 08:36:30 florian Exp $ */ /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */ /* @@ -565,7 +565,7 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, * The destination address for a p2p link must have a family * of AF_UNSPEC or AF_INET6. */ - if ((ifp->if_flags & IFF_POINTOPOINT) && + if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && ifra->ifra_dstaddr.sin6_family != AF_INET6 && ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) return (EAFNOSUPPORT); @@ -603,18 +603,19 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, * zone identifier. */ dst6 = ifra->ifra_dstaddr; - if ((ifp->if_flags & IFF_POINTOPOINT) && + if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && (dst6.sin6_family == AF_INET6)) { error = in6_check_embed_scope(&dst6, ifp->if_index); if (error) return error; } /* - * The destination address can be specified only for a p2p interface. - * If specified, the corresponding prefix length must be 128. + * The destination address can be specified only for a p2p or a + * loopback interface. If specified, the corresponding prefix length + * must be 128. */ if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { - if (!(ifp->if_flags & IFF_POINTOPOINT)) + if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) return (EINVAL); if (plen != 128) return (EINVAL); @@ -651,7 +652,7 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, ia6->ia_addr.sin6_family = AF_INET6; ia6->ia_addr.sin6_len = sizeof(ia6->ia_addr); ia6->ia6_updatetime = getuptime(); - if (ifp->if_flags & IFF_POINTOPOINT) { + if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { /* * XXX: some functions expect that ifa_dstaddr is not * NULL for p2p interfaces. @@ -686,7 +687,7 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, /* * If a new destination address is specified, scrub the old one and * install the new destination. Note that the interface must be - * p2p (see the check above.) + * p2p or loopback (see the check above.) */ if ((ifp->if_flags & IFF_POINTOPOINT) && dst6.sin6_family == AF_INET6 && !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_dstaddr.sin6_addr)) { diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 99d494df5..c65bfd0b9 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.290 2024/04/16 12:56:39 bluhm Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.291 2024/04/17 20:48:51 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -161,7 +161,7 @@ struct idgen32_ctx ip6_id_ctx; */ int ip6_output(struct mbuf *m, struct ip6_pktopts *opt, struct route *ro, - int flags, struct ip6_moptions *im6o, const u_char seclevel[]) + int flags, struct ip6_moptions *im6o, const struct ipsec_level *seclevel) { struct ip6_hdr *ip6; struct ifnet *ifp = NULL; @@ -1326,7 +1326,7 @@ do { \ error = EACCES; break; } - inp->inp_seclevel[SL_AUTH] = optval; + inp->inp_seclevel.sl_auth = optval; break; case IPV6_ESP_TRANS_LEVEL: @@ -1335,7 +1335,7 @@ do { \ error = EACCES; break; } - inp->inp_seclevel[SL_ESP_TRANS] = optval; + inp->inp_seclevel.sl_esp_trans = optval; break; case IPV6_ESP_NETWORK_LEVEL: @@ -1344,7 +1344,7 @@ do { \ error = EACCES; break; } - inp->inp_seclevel[SL_ESP_NETWORK] = optval; + inp->inp_seclevel.sl_esp_network = optval; break; case IPV6_IPCOMP_LEVEL: @@ -1353,7 +1353,7 @@ do { \ error = EACCES; break; } - inp->inp_seclevel[SL_IPCOMP] = optval; + inp->inp_seclevel.sl_ipcomp = optval; break; } #endif @@ -1548,21 +1548,21 @@ do { \ m->m_len = sizeof(int); switch (optname) { case IPV6_AUTH_LEVEL: - optval = inp->inp_seclevel[SL_AUTH]; + optval = inp->inp_seclevel.sl_auth; break; case IPV6_ESP_TRANS_LEVEL: optval = - inp->inp_seclevel[SL_ESP_TRANS]; + inp->inp_seclevel.sl_esp_trans; break; case IPV6_ESP_NETWORK_LEVEL: optval = - inp->inp_seclevel[SL_ESP_NETWORK]; + inp->inp_seclevel.sl_esp_network; break; case IPV6_IPCOMP_LEVEL: - optval = inp->inp_seclevel[SL_IPCOMP]; + optval = inp->inp_seclevel.sl_ipcomp; break; } *mtod(m, int *) = optval; @@ -2730,7 +2730,7 @@ in6_proto_cksum_out(struct mbuf *m, struct ifnet *ifp) #ifdef IPSEC int -ip6_output_ipsec_lookup(struct mbuf *m, const u_char seclevel[], +ip6_output_ipsec_lookup(struct mbuf *m, const struct ipsec_level *seclevel, struct tdb **tdbout) { struct tdb *tdb; diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index 1b9ae82c4..986bc45e5 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.115 2024/04/16 12:56:39 bluhm Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.116 2024/04/17 20:48:51 bluhm Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -302,6 +302,7 @@ extern uint8_t ip6_soiikey[IP6_SOIIKEY_LEN]; extern const struct pr_usrreqs rip6_usrreqs; struct inpcb; +struct ipsec_level; int icmp6_ctloutput(int, struct socket *, int, int, struct mbuf *); @@ -324,7 +325,7 @@ void ip6_forward(struct mbuf *, struct route *, int); void ip6_mloopback(struct ifnet *, struct mbuf *, struct sockaddr_in6 *); int ip6_output(struct mbuf *, struct ip6_pktopts *, struct route *, int, - struct ip6_moptions *, const u_char[]); + struct ip6_moptions *, const struct ipsec_level *); int ip6_fragment(struct mbuf *, struct mbuf_list *, int, u_char, u_long); int ip6_ctloutput(int, struct socket *, int, int, struct mbuf *); int ip6_raw_ctloutput(int, struct socket *, int, int, struct mbuf *); @@ -376,7 +377,8 @@ u_int32_t ip6_randomflowlabel(void); #ifdef IPSEC struct tdb; -int ip6_output_ipsec_lookup(struct mbuf *, const u_char[], struct tdb **); +int ip6_output_ipsec_lookup(struct mbuf *, const struct ipsec_level *, + struct tdb **); int ip6_output_ipsec_send(struct tdb *, struct mbuf *, struct route *, int, int); #endif /* IPSEC */ diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 5804af262..c16c69d53 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip6.c,v 1.183 2024/04/16 12:40:40 bluhm Exp $ */ +/* $OpenBSD: raw_ip6.c,v 1.184 2024/04/17 20:48:51 bluhm Exp $ */ /* $KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $ */ /* @@ -521,7 +521,7 @@ rip6_output(struct mbuf *m, struct socket *so, struct sockaddr *dstaddr, #endif error = ip6_output(m, optp, &inp->inp_route, flags, - inp->inp_moptions6, inp->inp_seclevel); + inp->inp_moptions6, &inp->inp_seclevel); if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { icmp6stat_inc(icp6s_outhist + type); } else diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c index 324092ce7..55485d695 100644 --- a/sys/netinet6/udp6_output.c +++ b/sys/netinet6/udp6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp6_output.c,v 1.64 2024/02/13 12:22:09 bluhm Exp $ */ +/* $OpenBSD: udp6_output.c,v 1.65 2024/04/17 20:48:51 bluhm Exp $ */ /* $KAME: udp6_output.c,v 1.21 2001/02/07 11:51:54 itojun Exp $ */ /* @@ -233,7 +233,7 @@ udp6_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr6, #endif error = ip6_output(m, optp, &inp->inp_route, - flags, inp->inp_moptions6, inp->inp_seclevel); + flags, inp->inp_moptions6, &inp->inp_seclevel); goto releaseopt; release: diff --git a/sys/uvm/uvm_amap.c b/sys/uvm/uvm_amap.c index 991f4ae90..f15aee252 100644 --- a/sys/uvm/uvm_amap.c +++ b/sys/uvm/uvm_amap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_amap.c,v 1.93 2024/04/16 08:53:02 mpi Exp $ */ +/* $OpenBSD: uvm_amap.c,v 1.94 2024/04/17 13:17:31 mpi Exp $ */ /* $NetBSD: uvm_amap.c,v 1.27 2000/11/25 06:27:59 chs Exp $ */ /* @@ -482,7 +482,6 @@ amap_wipeout(struct vm_amap *amap) int slot; struct vm_anon *anon; struct vm_amap_chunk *chunk; - struct pglist pgl; KASSERT(rw_write_held(amap->am_lock)); KASSERT(amap->am_ref == 0); @@ -495,7 +494,6 @@ amap_wipeout(struct vm_amap *amap) return; } - TAILQ_INIT(&pgl); amap_list_remove(amap); AMAP_CHUNK_FOREACH(chunk, amap) { @@ -515,12 +513,10 @@ amap_wipeout(struct vm_amap *amap) */ refs = --anon->an_ref; if (refs == 0) { - uvm_anfree_list(anon, &pgl); + uvm_anfree(anon); } } } - /* free the pages */ - uvm_pglistfree(&pgl); /* * Finally, destroy the amap. diff --git a/sys/uvm/uvm_page.c b/sys/uvm/uvm_page.c index 179fd72c6..48eba5f85 100644 --- a/sys/uvm/uvm_page.c +++ b/sys/uvm/uvm_page.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_page.c,v 1.174 2024/02/13 10:16:28 miod Exp $ */ +/* $OpenBSD: uvm_page.c,v 1.175 2024/04/17 13:12:58 mpi Exp $ */ /* $NetBSD: uvm_page.c,v 1.44 2000/11/27 08:40:04 chs Exp $ */ /* @@ -877,13 +877,11 @@ uvm_pagerealloc_multi(struct uvm_object *obj, voff_t off, vsize_t size, * => only one of obj or anon can be non-null * => caller must activate/deactivate page if it is not wired. */ - struct vm_page * uvm_pagealloc(struct uvm_object *obj, voff_t off, struct vm_anon *anon, int flags) { - struct vm_page *pg; - struct pglist pgl; + struct vm_page *pg = NULL; int pmr_flags; KASSERT(obj == NULL || anon == NULL); @@ -906,13 +904,10 @@ uvm_pagealloc(struct uvm_object *obj, voff_t off, struct vm_anon *anon, if (flags & UVM_PGA_ZERO) pmr_flags |= UVM_PLA_ZERO; - TAILQ_INIT(&pgl); - if (uvm_pmr_getpages(1, 0, 0, 1, 0, 1, pmr_flags, &pgl) != 0) - goto fail; - - pg = TAILQ_FIRST(&pgl); - KASSERT(pg != NULL && TAILQ_NEXT(pg, pageq) == NULL); + pg = uvm_pmr_cache_get(pmr_flags); + if (pg == NULL) + return NULL; uvm_pagealloc_pg(pg, obj, off, anon); KASSERT((pg->pg_flags & PG_DEV) == 0); if (flags & UVM_PGA_ZERO) @@ -921,9 +916,6 @@ uvm_pagealloc(struct uvm_object *obj, voff_t off, struct vm_anon *anon, atomic_setbits_int(&pg->pg_flags, PG_CLEAN); return pg; - -fail: - return NULL; } /* @@ -1025,7 +1017,7 @@ void uvm_pagefree(struct vm_page *pg) { uvm_pageclean(pg); - uvm_pmr_freepages(pg, 1); + uvm_pmr_cache_put(pg); } /* diff --git a/sys/uvm/uvm_pdaemon.c b/sys/uvm/uvm_pdaemon.c index e94cae2b7..099a4e261 100644 --- a/sys/uvm/uvm_pdaemon.c +++ b/sys/uvm/uvm_pdaemon.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_pdaemon.c,v 1.111 2024/04/10 15:26:18 mpi Exp $ */ +/* $OpenBSD: uvm_pdaemon.c,v 1.112 2024/04/17 13:12:58 mpi Exp $ */ /* $NetBSD: uvm_pdaemon.c,v 1.23 2000/08/20 10:24:14 bjh21 Exp $ */ /* @@ -262,6 +262,8 @@ uvm_pageout(void *arg) #if NDRM > 0 drmbackoff(size * 2); #endif + uvm_pmr_cache_drain(); + /* * scan if needed */ diff --git a/sys/uvm/uvm_percpu.h b/sys/uvm/uvm_percpu.h new file mode 100644 index 000000000..bbf6897e4 --- /dev/null +++ b/sys/uvm/uvm_percpu.h @@ -0,0 +1,48 @@ +/* $OpenBSD: uvm_percpu.h,v 1.1 2024/04/17 13:12:58 mpi Exp $ */ + +/* + * Copyright (c) 2024 Martin Pieuchot + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _UVM_UVM_PCPU_H_ +#define _UVM_UVM_PCPU_H_ + +struct vm_page; + +/* + * The number of pages per magazine should be large enough to get rid of the + * contention in the pmemrange allocator during concurrent page faults and + * small enough to limit fragmentation. + */ +#define UVM_PMR_CACHEMAGSZ 8 + +/* + * Magazine + */ +struct uvm_pmr_cache_item { + struct vm_page *upci_pages[UVM_PMR_CACHEMAGSZ]; + int upci_npages; /* # of pages in magazine */ +}; + +/* + * Per-CPU cache of physical pages. + */ +struct uvm_pmr_cache { + struct uvm_pmr_cache_item upc_magz[2]; /* magazines */ + int upc_actv; /* index of active magazine */ + +}; + +#endif /* _UVM_UVM_PCPU_H_ */ diff --git a/sys/uvm/uvm_pmemrange.c b/sys/uvm/uvm_pmemrange.c index 775ea8412..133aceda7 100644 --- a/sys/uvm/uvm_pmemrange.c +++ b/sys/uvm/uvm_pmemrange.c @@ -1,6 +1,7 @@ -/* $OpenBSD: uvm_pmemrange.c,v 1.63 2023/04/10 04:21:20 jsg Exp $ */ +/* $OpenBSD: uvm_pmemrange.c,v 1.64 2024/04/17 13:12:58 mpi Exp $ */ /* + * Copyright (c) 2024 Martin Pieuchot * Copyright (c) 2009, 2010 Ariane van der Steldt * * Permission to use, copy, modify, and distribute this software for any @@ -1261,6 +1262,28 @@ out: return 0; } +/* + * Acquire a single page. + * + * flags: UVM_PLA_* flags + * result: returned page. + */ +struct vm_page * +uvm_pmr_getone(int flags) +{ + struct vm_page *pg; + struct pglist pgl; + + TAILQ_INIT(&pgl); + if (uvm_pmr_getpages(1, 0, 0, 1, 0, 1, flags, &pgl) != 0) + return NULL; + + pg = TAILQ_FIRST(&pgl); + KASSERT(pg != NULL && TAILQ_NEXT(pg, pageq) == NULL); + + return pg; +} + /* * Free a number of contig pages (invoked by uvm_page_init). */ @@ -2190,3 +2213,133 @@ uvm_pagezero_thread(void *arg) yield(); } } + +#if defined(MULTIPROCESSOR) && defined(__HAVE_UVM_PERCPU) +int +uvm_pmr_cache_alloc(struct uvm_pmr_cache_item *upci) +{ + struct vm_page *pg; + struct pglist pgl; + int flags = UVM_PLA_NOWAIT|UVM_PLA_NOWAKE; + int npages = UVM_PMR_CACHEMAGSZ; + + KASSERT(upci->upci_npages == 0); + + TAILQ_INIT(&pgl); + if (uvm_pmr_getpages(npages, 0, 0, 1, 0, npages, flags, &pgl)) + return -1; + + while ((pg = TAILQ_FIRST(&pgl)) != NULL) { + TAILQ_REMOVE(&pgl, pg, pageq); + upci->upci_pages[upci->upci_npages] = pg; + upci->upci_npages++; + } + atomic_add_int(&uvmexp.percpucaches, npages); + + return 0; +} + +struct vm_page * +uvm_pmr_cache_get(int flags) +{ + struct uvm_pmr_cache *upc = &curcpu()->ci_uvm; + struct uvm_pmr_cache_item *upci; + struct vm_page *pg; + + upci = &upc->upc_magz[upc->upc_actv]; + if (upci->upci_npages == 0) { + unsigned int prev; + + prev = (upc->upc_actv == 0) ? 1 : 0; + upci = &upc->upc_magz[prev]; + if (upci->upci_npages == 0) { + atomic_inc_int(&uvmexp.pcpmiss); + if (uvm_pmr_cache_alloc(upci)) + return uvm_pmr_getone(flags); + } + /* Swap magazines */ + upc->upc_actv = prev; + } else { + atomic_inc_int(&uvmexp.pcphit); + } + + atomic_dec_int(&uvmexp.percpucaches); + upci->upci_npages--; + pg = upci->upci_pages[upci->upci_npages]; + + if (flags & UVM_PLA_ZERO) + uvm_pagezero(pg); + + return pg; +} + +void +uvm_pmr_cache_free(struct uvm_pmr_cache_item *upci) +{ + struct pglist pgl; + unsigned int i; + + TAILQ_INIT(&pgl); + for (i = 0; i < upci->upci_npages; i++) + TAILQ_INSERT_TAIL(&pgl, upci->upci_pages[i], pageq); + + uvm_pmr_freepageq(&pgl); + + atomic_sub_int(&uvmexp.percpucaches, upci->upci_npages); + upci->upci_npages = 0; + memset(upci->upci_pages, 0, sizeof(upci->upci_pages)); +} + +void +uvm_pmr_cache_put(struct vm_page *pg) +{ + struct uvm_pmr_cache *upc = &curcpu()->ci_uvm; + struct uvm_pmr_cache_item *upci; + + upci = &upc->upc_magz[upc->upc_actv]; + if (upci->upci_npages >= UVM_PMR_CACHEMAGSZ) { + unsigned int prev; + + prev = (upc->upc_actv == 0) ? 1 : 0; + upci = &upc->upc_magz[prev]; + if (upci->upci_npages > 0) + uvm_pmr_cache_free(upci); + + /* Swap magazines */ + upc->upc_actv = prev; + KASSERT(upci->upci_npages == 0); + } + + upci->upci_pages[upci->upci_npages] = pg; + upci->upci_npages++; + atomic_inc_int(&uvmexp.percpucaches); +} + +void +uvm_pmr_cache_drain(void) +{ + struct uvm_pmr_cache *upc = &curcpu()->ci_uvm; + + uvm_pmr_cache_free(&upc->upc_magz[0]); + uvm_pmr_cache_free(&upc->upc_magz[1]); +} + +#else /* !(MULTIPROCESSOR && __HAVE_UVM_PERCPU) */ + +struct vm_page * +uvm_pmr_cache_get(int flags) +{ + return uvm_pmr_getone(flags); +} + +void +uvm_pmr_cache_put(struct vm_page *pg) +{ + uvm_pmr_freepages(pg, 1); +} + +void +uvm_pmr_cache_drain(void) +{ +} +#endif diff --git a/sys/uvm/uvm_pmemrange.h b/sys/uvm/uvm_pmemrange.h index 923807c21..3369085a2 100644 --- a/sys/uvm/uvm_pmemrange.h +++ b/sys/uvm/uvm_pmemrange.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_pmemrange.h,v 1.14 2016/09/16 02:47:09 dlg Exp $ */ +/* $OpenBSD: uvm_pmemrange.h,v 1.15 2024/04/17 13:12:58 mpi Exp $ */ /* * Copyright (c) 2009 Ariane van der Steldt @@ -147,5 +147,9 @@ void uvm_pmr_remove(struct uvm_pmemrange *, struct vm_page *uvm_pmr_extract_range(struct uvm_pmemrange *, struct vm_page *, paddr_t, paddr_t, struct pglist *); +struct vm_page *uvm_pmr_cache_get(int); +void uvm_pmr_cache_put(struct vm_page *); +void uvm_pmr_cache_drain(void); + #endif /* _UVM_UVM_PMEMRANGE_H_ */ diff --git a/sys/uvm/uvmexp.h b/sys/uvm/uvmexp.h index 5b8b18239..dc4994fa7 100644 --- a/sys/uvm/uvmexp.h +++ b/sys/uvm/uvmexp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uvmexp.h,v 1.12 2024/03/24 10:29:35 mpi Exp $ */ +/* $OpenBSD: uvmexp.h,v 1.13 2024/04/17 13:12:58 mpi Exp $ */ #ifndef _UVM_UVMEXP_ #define _UVM_UVMEXP_ @@ -66,7 +66,7 @@ struct uvmexp { int zeropages; /* [F] number of zero'd pages */ int reserve_pagedaemon; /* [I] # of pages reserved for pagedaemon */ int reserve_kernel; /* [I] # of pages reserved for kernel */ - int unused01; /* formerly anonpages */ + int percpucaches; /* [a] # of pages in per-CPU caches */ int vnodepages; /* XXX # of pages used by vnode page cache */ int vtextpages; /* XXX # of pages used by vtext vnodes */ @@ -101,8 +101,8 @@ struct uvmexp { int syscalls; /* system calls */ int pageins; /* [p] pagein operation count */ /* pageouts are in pdpageouts below */ - int unused07; /* formerly obsolete_swapins */ - int unused08; /* formerly obsolete_swapouts */ + int pcphit; /* [a] # of pagealloc from per-CPU cache */ + int pcpmiss; /* [a] # of times a per-CPU cache was empty */ int pgswapin; /* pages swapped in */ int pgswapout; /* pages swapped out */ int forks; /* forks */ diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index 02911b534..55b6a9fea 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.216 2023/06/28 17:35:06 op Exp $ */ +/* $OpenBSD: fetch.c,v 1.217 2024/04/17 09:51:18 tb Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -705,7 +705,8 @@ noslash: */ ftp_printf(fin, "GET %s HTTP/1.1\r\n" "Connection: close\r\n" - "Host: %s\r\n%s%s\r\n", + "Host: %s\r\n%s%s\r\n" + "Accept: */*\r\n", epath, proxyhost, buf ? buf : "", httpuseragent); if (credentials) ftp_printf(fin, "Authorization: Basic %s\r\n", @@ -773,8 +774,8 @@ noslash: ftp_printf(fin, "\r\nIf-Modified-Since: %s", tmbuf); #endif /* SMALL */ - ftp_printf(fin, "\r\n%s%s\r\n", - buf ? buf : "", httpuseragent); + ftp_printf(fin, "\r\n%s%s\r\n", buf ? buf : "", httpuseragent); + ftp_printf(fin, "Accept: */*\r\n"); if (credentials) ftp_printf(fin, "Authorization: Basic %s\r\n", credentials); diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c index d1836a743..b195038bc 100644 --- a/usr.bin/netstat/inet.c +++ b/usr.bin/netstat/inet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet.c,v 1.181 2024/02/13 12:22:09 bluhm Exp $ */ +/* $OpenBSD: inet.c,v 1.182 2024/04/17 20:48:51 bluhm Exp $ */ /* $NetBSD: inet.c,v 1.14 1995/10/03 21:42:37 thorpej Exp $ */ /* @@ -1489,10 +1489,10 @@ inpcb_dump(u_long off, short protocol, int af) printf("ro_dst %s\n ", raddr); p("%#.8x", inp_flags, "\n "); p("%d", inp_hops, "\n "); - p("%u", inp_seclevel[0], ", "); - p("%u", inp_seclevel[1], ", "); - p("%u", inp_seclevel[2], ", "); - p("%u", inp_seclevel[3], "\n "); + p("%u", inp_seclevel.sl_auth, ", "); + p("%u", inp_seclevel.sl_esp_trans, ", "); + p("%u", inp_seclevel.sl_esp_network, ", "); + p("%u", inp_seclevel.sl_ipcomp, "\n "); p("%u", inp_ip_minttl, "\n "); p("%d", inp_cksum6, "\n "); pp("%p", inp_icmp6filt, "\n "); diff --git a/usr.bin/systat/uvm.c b/usr.bin/systat/uvm.c index 957b4dbf3..4bb759add 100644 --- a/usr.bin/systat/uvm.c +++ b/usr.bin/systat/uvm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm.c,v 1.6 2022/11/27 23:18:54 kn Exp $ */ +/* $OpenBSD: uvm.c,v 1.7 2024/04/17 13:12:58 mpi Exp $ */ /* * Copyright (c) 2008 Can Erkin Acar * Copyright (c) 2018 Kenneth R Westerback @@ -80,11 +80,10 @@ struct uvmline uvmline[] = { { &uvmexp.zeropages, &last_uvmexp.zeropages, "zeropages", &uvmexp.pageins, &last_uvmexp.pageins, "pageins", &uvmexp.fltrelckok, &last_uvmexp.fltrelckok, "fltrelckok" }, - { &uvmexp.reserve_pagedaemon, &last_uvmexp.reserve_pagedaemon, - "reserve_pagedaemon", + { &uvmexp.percpucaches, &last_uvmexp.percpucaches, "percpucaches", &uvmexp.pgswapin, &last_uvmexp.pgswapin, "pgswapin", &uvmexp.fltanget, &last_uvmexp.fltanget, "fltanget" }, - { &uvmexp.reserve_kernel, &last_uvmexp.reserve_kernel, "reserve_kernel", + { NULL, NULL, NULL, &uvmexp.pgswapout, &last_uvmexp.pgswapout, "pgswapout", &uvmexp.fltanretry, &last_uvmexp.fltanretry, "fltanretry" }, { NULL, NULL, NULL, @@ -143,13 +142,13 @@ struct uvmline uvmline[] = { NULL, NULL, NULL }, { &uvmexp.pagesize, &last_uvmexp.pagesize, "pagesize", &uvmexp.pdpending, &last_uvmexp.pdpending, "pdpending", - NULL, NULL, NULL }, + NULL, NULL, "Per-CPU Counters" }, { &uvmexp.pagemask, &last_uvmexp.pagemask, "pagemask", &uvmexp.pddeact, &last_uvmexp.pddeact, "pddeact", - NULL, NULL, NULL }, + &uvmexp.pcphit, &last_uvmexp.pcphit, "pcphit" }, { &uvmexp.pageshift, &last_uvmexp.pageshift, "pageshift", NULL, NULL, NULL, - NULL, NULL, NULL } + &uvmexp.pcpmiss, &last_uvmexp.pcpmiss, "pcpmiss" } }; field_def fields_uvm[] = { diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index 870bc9f5d..a737d36ad 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -1,5 +1,5 @@ /* $NetBSD: vmstat.c,v 1.29.4.1 1996/06/05 00:21:05 cgd Exp $ */ -/* $OpenBSD: vmstat.c,v 1.155 2022/12/04 23:50:50 cheloha Exp $ */ +/* $OpenBSD: vmstat.c,v 1.156 2024/04/17 13:12:58 mpi Exp $ */ /* * Copyright (c) 1980, 1986, 1991, 1993 @@ -513,7 +513,12 @@ dosum(void) uvmexp.reserve_pagedaemon); (void)printf("%11u pages reserved for kernel\n", uvmexp.reserve_kernel); + (void)printf("%11u pages in per-cpu caches\n", + uvmexp.percpucaches); + /* per-cpu cache */ + (void)printf("%11u per-cpu cache hits\n", uvmexp.pcphit); + (void)printf("%11u per-cpu cache misses\n", uvmexp.pcpmiss); /* swap */ (void)printf("%11u swap pages\n", uvmexp.swpages); (void)printf("%11u swap pages in use\n", uvmexp.swpginuse); diff --git a/usr.sbin/rpki-client/http.c b/usr.sbin/rpki-client/http.c index c066ef075..fdf57974f 100644 --- a/usr.sbin/rpki-client/http.c +++ b/usr.sbin/rpki-client/http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http.c,v 1.82 2024/03/22 03:38:12 job Exp $ */ +/* $OpenBSD: http.c,v 1.83 2024/04/17 14:01:17 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher * Copyright (c) 2020 Claudio Jeker @@ -1221,6 +1221,7 @@ http_request(struct http_connection *conn) if ((r = asprintf(&conn->buf, "GET /%s HTTP/1.1\r\n" "Host: %s\r\n" + "Accept: */*\r\n" "Accept-Encoding: gzip, deflate\r\n" "User-Agent: " HTTP_USER_AGENT "\r\n" "%s\r\n", diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index d6a49373e..d26d9c77d 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.132 2024/04/15 13:57:45 job Exp $ */ +/* $OpenBSD: parser.c,v 1.134 2024/04/17 15:03:22 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -480,13 +480,11 @@ proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile, if (*mp != NULL) { *crlmtime = crl->thisupdate; - if (!crl_insert(&crlt, crl)) { - warnx("%s: duplicate AKI %s", file, crl->aki); - crl_free(crl); - } - } else { - crl_free(crl); + if (crl_insert(&crlt, crl)) + crl = NULL; } + crl_free(crl); + return file; }