SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync

Browse source
This commit is contained in:
purplerain 2023-06-29 10:53:26 +00:00
parent 905ea23f06
commit 91df569df5
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
32 changed files with 393 additions and 395 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/libcrypto/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.132 2023/06/25 19:29:30 tb Exp $ # $OpenBSD: Makefile,v 1.133 2023/06/29 06:12:04 tb Exp $
LIB= crypto LIB= crypto
LIBREBUILD=y LIBREBUILD=y
@ -18,7 +18,7 @@ CFLAGS+= -Wall -Wundef
.if ${COMPILER_VERSION:L} == "clang" .if ${COMPILER_VERSION:L} == "clang"
CFLAGS+= -Werror -Wshadow CFLAGS+= -Werror -Wshadow
.endif .endif
CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL CFLAGS+= -DLIBRESSL_INTERNAL
.ifdef NAMESPACE .ifdef NAMESPACE
CFLAGS+= -DLIBRESSL_NAMESPACE -DLIBRESSL_CRYPTO_NAMESPACE CFLAGS+= -DLIBRESSL_NAMESPACE -DLIBRESSL_CRYPTO_NAMESPACE
.endif .endif

5
lib/libcrypto/evp/names.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: names.c,v 1.16 2022/11/26 16:08:52 tb Exp $ */ /* $OpenBSD: names.c,v 1.17 2023/06/29 06:11:33 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved. * All rights reserved.
* *
@ -64,6 +64,9 @@
#include "evp_local.h" #include "evp_local.h"
extern int obj_cleanup_defer;
void check_defer(int nid);
int int
EVP_add_cipher(const EVP_CIPHER *c) EVP_add_cipher(const EVP_CIPHER *c)
{ {

72
lib/libcrypto/man/EC_GROUP_copy.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EC_GROUP_copy.3,v 1.13 2022/07/02 17:09:09 jsing Exp $ .\" $OpenBSD: EC_GROUP_copy.3,v 1.14 2023/06/28 18:07:07 tb Exp $
.\" full merge up to: OpenSSL d900a015 Oct 8 14:40:42 2015 +0200 .\" full merge up to: OpenSSL d900a015 Oct 8 14:40:42 2015 +0200
.\" selective merge up to: OpenSSL 24c23e1f Aug 22 10:51:25 2019 +0530 .\" selective merge up to: OpenSSL 24c23e1f Aug 22 10:51:25 2019 +0530
.\" .\"
@ -51,7 +51,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: July 2 2022 $ .Dd $Mdocdate: June 28 2023 $
.Dt EC_GROUP_COPY 3 .Dt EC_GROUP_COPY 3
.Os .Os
.Sh NAME .Sh NAME
@ -76,9 +76,7 @@
.Nm EC_GROUP_check , .Nm EC_GROUP_check ,
.Nm EC_GROUP_check_discriminant , .Nm EC_GROUP_check_discriminant ,
.Nm EC_GROUP_cmp , .Nm EC_GROUP_cmp ,
.Nm EC_GROUP_get_basis_type , .Nm EC_GROUP_get_basis_type
.Nm EC_GROUP_get_trinomial_basis ,
.Nm EC_GROUP_get_pentanomial_basis
.Nd manipulate EC_GROUP objects .Nd manipulate EC_GROUP objects
.Sh SYNOPSIS .Sh SYNOPSIS
.In openssl/ec.h .In openssl/ec.h
@ -188,18 +186,6 @@
.Fo EC_GROUP_get_basis_type .Fo EC_GROUP_get_basis_type
.Fa "const EC_GROUP *" .Fa "const EC_GROUP *"
.Fc .Fc
.Ft int
.Fo EC_GROUP_get_trinomial_basis
.Fa "const EC_GROUP *"
.Fa "unsigned int *k"
.Fc
.Ft int
.Fo EC_GROUP_get_pentanomial_basis
.Fa "const EC_GROUP *"
.Fa "unsigned int *k1"
.Fa "unsigned int *k2"
.Fa "unsigned int *k3"
.Fc
.Sh DESCRIPTION .Sh DESCRIPTION
These functions operate on These functions operate on
.Vt EC_GROUP .Vt EC_GROUP
@ -398,48 +384,15 @@ and
.Fa b .Fa b
to determine whether they represent the same curve or not. to determine whether they represent the same curve or not.
.Pp .Pp
The functions
.Fn EC_GROUP_get_basis_type ,
.Fn EC_GROUP_get_trinomial_basis ,
and
.Fn EC_GROUP_get_pentanomial_basis
should only be called for curves defined over an F2^m field.
Addition and multiplication operations within an F2^m field are
performed using an irreducible polynomial function f(x).
This function is either a trinomial of the form:
.Pp
.Dl f(x) = x^m + x^k + 1 with m > k >= 1
.Pp
or a pentanomial of the form:
.Pp
.Dl f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1
.Pp
The function
.Fn EC_GROUP_get_basis_type .Fn EC_GROUP_get_basis_type
returns a NID identifying whether a trinomial or pentanomial is in always returns 0 and is only provided for compatibility.
use for the field.
The function
.Fn EC_GROUP_get_trinomial_basis
must only be called where f(x) is of the trinomial form, and returns
the value of
.Fa k .
Similarly, the function
.Fn EC_GROUP_get_pentanomial_basis
must only be called where f(x) is of the pentanomial form, and
returns the values of
.Fa k1 ,
.Fa k2 ,
and
.Fa k3 .
.Sh RETURN VALUES .Sh RETURN VALUES
The following functions return 1 on success or 0 on error: The following functions return 1 on success or 0 on error:
.Fn EC_GROUP_copy , .Fn EC_GROUP_copy ,
.Fn EC_GROUP_set_generator , .Fn EC_GROUP_set_generator ,
.Fn EC_GROUP_check , .Fn EC_GROUP_check ,
.Fn EC_GROUP_check_discriminant ,
.Fn EC_GROUP_get_trinomial_basis ,
and and
.Fn EC_GROUP_get_pentanomial_basis . .Fn EC_GROUP_check_discriminant .
.Pp .Pp
.Fn EC_GROUP_dup .Fn EC_GROUP_dup
returns a pointer to the duplicated curve or returns a pointer to the duplicated curve or
@ -516,14 +469,7 @@ returns 0 if the curves are equal, 1 if they are not equal,
or -1 on error. or -1 on error.
.Pp .Pp
.Fn EC_GROUP_get_basis_type .Fn EC_GROUP_get_basis_type
returns the values always returns 0.
.Dv NID_X9_62_tpBasis
or
.Dv NID_X9_62_ppBasis
as defined in
.In openssl/objects.h
for a trinomial or pentanomial, respectively.
Alternatively in the event of an error a 0 is returned.
.Sh SEE ALSO .Sh SEE ALSO
.Xr d2i_ECPKParameters 3 , .Xr d2i_ECPKParameters 3 ,
.Xr EC_GFp_simple_method 3 , .Xr EC_GFp_simple_method 3 ,
@ -556,11 +502,9 @@ first appeared in OpenSSL 0.9.7 and have been available since
.Fn EC_GROUP_check , .Fn EC_GROUP_check ,
.Fn EC_GROUP_check_discriminant , .Fn EC_GROUP_check_discriminant ,
.Fn EC_GROUP_cmp , .Fn EC_GROUP_cmp ,
.Fn EC_GROUP_get_basis_type ,
.Fn EC_GROUP_get_trinomial_basis ,
and and
.Fn EC_GROUP_get_pentanomial_basis .Fn EC_GROUP_get_basis_type
first appeared in OpenSSL 0.9.8 and has been available since first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 . .Ox 4.5 .
.Pp .Pp
.Fn EC_GROUP_order_bits .Fn EC_GROUP_order_bits

7
lib/libcrypto/objects/objects.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: objects.h,v 1.21 2022/11/13 14:03:13 tb Exp $ */ /* $OpenBSD: objects.h,v 1.22 2023/06/29 06:11:33 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved. * All rights reserved.
* *
@ -142,11 +142,6 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
int OBJ_add_sigid(int signid, int dig_id, int pkey_id); int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
void OBJ_sigid_free(void); void OBJ_sigid_free(void);
#if defined(LIBRESSL_CRYPTO_INTERNAL)
extern int obj_cleanup_defer;
void check_defer(int nid);
#endif
void ERR_load_OBJ_strings(void); void ERR_load_OBJ_strings(void);
/* Error codes for the OBJ functions. */ /* Error codes for the OBJ functions. */

24
regress/usr.sbin/rpki-client/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.33 2023/06/20 12:52:32 job Exp $ # $OpenBSD: Makefile.inc,v 1.34 2023/06/29 10:29:18 tb Exp $
.PATH: ${.CURDIR}/../../../../usr.sbin/rpki-client .PATH: ${.CURDIR}/../../../../usr.sbin/rpki-client
@ -25,7 +25,7 @@ DPADD+= ${LIBCRYPTO} ${LIBUTIL}
CLEANFILES+= *.out *.err *.txt CLEANFILES+= *.out *.err *.txt
SRCS_test-ip += test-ip.c ip.c io.c encoding.c print.c x509.c \ SRCS_test-ip += test-ip.c ip.c io.c encoding.c print.c x509.c \
log.c validate.c as.c cert.c cms.c crl.c mft.c json.c validate.c as.c cert.c cms.c crl.c mft.c json.c
run-regress-test-ip: test-ip run-regress-test-ip: test-ip
./test-ip ./test-ip
@ -34,55 +34,55 @@ TALARGS += ta/apnic-rpki-root-iana-origin.cer tal/apnic.tal
TALARGS += ta/ripe-ncc-ta.cer tal/ripe.tal TALARGS += ta/ripe-ncc-ta.cer tal/ripe.tal
SRCS_test-cert+= test-cert.c cert.c cms.c crl.c x509.c ip.c as.c io.c \ SRCS_test-cert+= test-cert.c cert.c cms.c crl.c x509.c ip.c as.c io.c \
log.c tal.c validate.c encoding.c print.c mft.c json.c tal.c validate.c encoding.c print.c mft.c json.c
run-regress-test-cert: test-cert run-regress-test-cert: test-cert
./test-cert -v ${.CURDIR}/../cer/*.cer ./test-cert -v ${.CURDIR}/../cer/*.cer
./test-cert -vt ${TALARGS:S,,${.CURDIR}/../&,} ./test-cert -vt ${TALARGS:S,,${.CURDIR}/../&,}
SRCS_test-mft+= test-mft.c mft.c crl.c cms.c x509.c ip.c io.c log.c validate.c \ SRCS_test-mft+= test-mft.c mft.c crl.c cms.c x509.c ip.c io.c validate.c \
encoding.c print.c json.c cert.c as.c encoding.c print.c json.c cert.c as.c
run-regress-test-mft: test-mft run-regress-test-mft: test-mft
./test-mft -v ${.CURDIR}/../mft/*.mft ./test-mft -v ${.CURDIR}/../mft/*.mft
SRCS_test-roa+= test-roa.c roa.c cms.c x509.c ip.c as.c io.c log.c json.c \ SRCS_test-roa+= test-roa.c roa.c cms.c x509.c ip.c as.c io.c json.c \
encoding.c print.c validate.c cert.c crl.c mft.c repo-dummy.c encoding.c print.c validate.c cert.c crl.c mft.c repo-dummy.c
run-regress-test-roa: test-roa run-regress-test-roa: test-roa
./test-roa -v ${.CURDIR}/../roa/*.roa ./test-roa -v ${.CURDIR}/../roa/*.roa
SRCS_test-rsc+= test-rsc.c rsc.c cms.c x509.c ip.c as.c io.c log.c \ SRCS_test-rsc+= test-rsc.c rsc.c cms.c x509.c ip.c as.c io.c \
encoding.c print.c validate.c cert.c crl.c mft.c json.c encoding.c print.c validate.c cert.c crl.c mft.c json.c
run-regress-test-rsc: test-rsc run-regress-test-rsc: test-rsc
./test-rsc -v ${.CURDIR}/../rsc/*.sig ./test-rsc -v ${.CURDIR}/../rsc/*.sig
SRCS_test-gbr+= test-gbr.c gbr.c cms.c crl.c x509.c ip.c io.c log.c \ SRCS_test-gbr+= test-gbr.c gbr.c cms.c crl.c x509.c ip.c io.c \
encoding.c print.c validate.c as.c cert.c mft.c json.c encoding.c print.c validate.c as.c cert.c mft.c json.c
run-regress-test-gbr: test-gbr run-regress-test-gbr: test-gbr
./test-gbr -v ${.CURDIR}/../gbr/*.gbr ./test-gbr -v ${.CURDIR}/../gbr/*.gbr
SRCS_test-geofeed+= test-geofeed.c geofeed.c cms.c x509.c ip.c io.c log.c \ SRCS_test-geofeed+= test-geofeed.c geofeed.c cms.c x509.c ip.c io.c \
encoding.c print.c validate.c as.c cert.c crl.c mft.c json.c encoding.c print.c validate.c as.c cert.c crl.c mft.c json.c
run-regress-test-geofeed: test-geofeed run-regress-test-geofeed: test-geofeed
./test-geofeed -v ${.CURDIR}/../geofeed/*.csv ./test-geofeed -v ${.CURDIR}/../geofeed/*.csv
SRCS_test-tal+= test-tal.c tal.c ip.c io.c log.c validate.c cms.c \ SRCS_test-tal+= test-tal.c tal.c ip.c io.c validate.c cms.c \
encoding.c print.c crl.c x509.c json.c cert.c as.c mft.c encoding.c print.c crl.c x509.c json.c cert.c as.c mft.c
run-regress-test-tal: test-tal run-regress-test-tal: test-tal
./test-tal -v ${.CURDIR}/../tal/*.tal ./test-tal -v ${.CURDIR}/../tal/*.tal
SRCS_test-aspa+= test-aspa.c aspa.c cms.c x509.c ip.c as.c io.c log.c \ SRCS_test-aspa+= test-aspa.c aspa.c cms.c x509.c ip.c as.c io.c \
encoding.c print.c validate.c cert.c crl.c mft.c repo-dummy.c \ encoding.c print.c validate.c cert.c crl.c mft.c repo-dummy.c \
json.c json.c
run-regress-test-aspa: test-aspa run-regress-test-aspa: test-aspa
./test-aspa -v ${.CURDIR}/../aspa/*.asa ./test-aspa -v ${.CURDIR}/../aspa/*.asa
SRCS_test-tak+= test-tak.c tak.c cms.c x509.c ip.c as.c io.c log.c \ SRCS_test-tak+= test-tak.c tak.c cms.c x509.c ip.c as.c io.c \
encoding.c print.c validate.c cert.c crl.c mft.c json.c encoding.c print.c validate.c cert.c crl.c mft.c json.c
run-regress-test-tak: test-tak run-regress-test-tak: test-tak
./test-tak -v ${.CURDIR}/../tak/*.tak ./test-tak -v ${.CURDIR}/../tak/*.tak
SRCS_test-rrdp+= test-rrdp.c rrdp_delta.c rrdp_notification.c cms.c \ SRCS_test-rrdp+= test-rrdp.c rrdp_delta.c rrdp_notification.c cms.c \
rrdp_snapshot.c rrdp_util.c cert.c as.c mft.c io.c \ rrdp_snapshot.c rrdp_util.c cert.c as.c mft.c io.c \
log.c encoding.c ip.c validate.c crl.c x509.c encoding.c ip.c validate.c crl.c x509.c
LDADD_test-rrdp+= -lexpat ${LDADD} LDADD_test-rrdp+= -lexpat ${LDADD}
DPADD_test-rrdp+= ${LIBEXPAT} ${DPADD} DPADD_test-rrdp+= ${LIBEXPAT} ${DPADD}
run-regress-test-rrdp: test-rrdp run-regress-test-rrdp: test-rrdp

35
sys/dev/pci/pcidevs
View file

@ -1,4 +1,4 @@
$OpenBSD: pcidevs,v 1.2040 2023/06/27 15:30:25 stsp Exp $ $OpenBSD: pcidevs,v 1.2041 2023/06/29 07:58:15 jsg Exp $
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
/* /*
@ -5611,7 +5611,9 @@ product INTEL ADL_HX_HB_2 0x463b Core 12G Host
product INTEL ADL_PCIE_1 0x463d Core 12G PCIE product INTEL ADL_PCIE_1 0x463d Core 12G PCIE
product INTEL ADL_TBT_DMA0 0x463e Core 12G TBT product INTEL ADL_TBT_DMA0 0x463e Core 12G TBT
product INTEL ADL_TBT_PCIE1 0x463f Core 12G PCIE product INTEL ADL_TBT_PCIE1 0x463f Core 12G PCIE
product INTEL RPL_S_HB_1 0x4640 Core 13G Host
product INTEL ADL_HP_HB_1 0x4641 Core 12G Host product INTEL ADL_HP_HB_1 0x4641 Core 12G Host
product INTEL RPL_HX_HB_1 0x4647 Core 13G Host
product INTEL ADL_S_HB_3 0x4648 Core 12G Host product INTEL ADL_S_HB_3 0x4648 Core 12G Host
product INTEL ADL_H_HB_1 0x4649 Core 12G Host product INTEL ADL_H_HB_1 0x4649 Core 12G Host
product INTEL ADL_S_PCIE_3 0x464d Core 12G PCIE product INTEL ADL_S_PCIE_3 0x464d Core 12G PCIE
@ -5829,6 +5831,7 @@ product INTEL EP80579_LAN_5 0x5045 EP80579 LAN
product INTEL EP80579_LAN_3 0x5048 EP80579 LAN product INTEL EP80579_LAN_3 0x5048 EP80579 LAN
product INTEL EP80579_LAN_6 0x5049 EP80579 LAN product INTEL EP80579_LAN_6 0x5049 EP80579 LAN
product INTEL 600SERIES_LP_ESPI 0x5182 600 Series eSPI product INTEL 600SERIES_LP_ESPI 0x5182 600 Series eSPI
product INTEL 700SERIES_LP_ESPI 0x519d 700 Series eSPI
product INTEL 600SERIES_LP_P2SB 0x51a0 600 Series P2SB product INTEL 600SERIES_LP_P2SB 0x51a0 600 Series P2SB
product INTEL 600SERIES_LP_PMC 0x51a1 600 Series PMC product INTEL 600SERIES_LP_PMC 0x51a1 600 Series PMC
product INTEL 600SERIES_LP_SMB 0x51a3 600 Series SMBus product INTEL 600SERIES_LP_SMB 0x51a3 600 Series SMBus
@ -5854,6 +5857,7 @@ product INTEL 600SERIES_LP_I2C_0 0x51c5 600 Series I2C
product INTEL 600SERIES_LP_I2C_1 0x51c6 600 Series I2C product INTEL 600SERIES_LP_I2C_1 0x51c6 600 Series I2C
product INTEL 600SERIES_LP_UART_2 0x51c7 600 Series UART product INTEL 600SERIES_LP_UART_2 0x51c7 600 Series UART
product INTEL 600SERIES_LP_HDA 0x51c8 600 Series HD Audio product INTEL 600SERIES_LP_HDA 0x51c8 600 Series HD Audio
product INTEL 700SERIES_LP_HDA 0x51ca 700 Series HD Audio
product INTEL 600SERIES_LP_THC_0 0x51d0 600 Series THC product INTEL 600SERIES_LP_THC_0 0x51d0 600 Series THC
product INTEL 600SERIES_LP_THC_1 0x51d1 600 Series THC product INTEL 600SERIES_LP_THC_1 0x51d1 600 Series THC
product INTEL 600SERIES_LP_AHCI 0x51d3 600 Series AHCI product INTEL 600SERIES_LP_AHCI 0x51d3 600 Series AHCI
@ -6930,8 +6934,37 @@ product INTEL 400SERIES_V_PCIE_20 0xa3ea 400 Series PCIE
product INTEL 400SERIES_V_PCIE_21 0xa3eb 400 Series PCIE product INTEL 400SERIES_V_PCIE_21 0xa3eb 400 Series PCIE
product INTEL 400SERIES_V_PCIE_22 0xa3ec 400 Series PCIE product INTEL 400SERIES_V_PCIE_22 0xa3ec 400 Series PCIE
product INTEL 400SERIES_V_PCIE_23 0xa3ed 400 Series PCIE product INTEL 400SERIES_V_PCIE_23 0xa3ed 400 Series PCIE
product INTEL RPL_S_HB_2 0xa700 Core 13G Host
product INTEL RPL_HX_HB_2 0xa702 Core 13G Host
product INTEL RPL_S_HB_3 0xa703 Core 13G Host
product INTEL RPL_S_HB_4 0xa704 Core 13G Host
product INTEL RPL_S_HB_5 0xa705 Core 13G Host
product INTEL RPL_H_HB_1 0xa706 Core 13G Host
product INTEL RPL_H_HB_2 0xa707 Core 13G Host
product INTEL RPL_U_HB_1 0xa708 Core 13G Host
product INTEL RPL_PCIE_1 0xa70d Core 13G PCIE
product INTEL RPL_H_HB_3 0xa716 Core 13G Host
product INTEL RPL_HX_HB_3 0xa719 Core 13G Host
product INTEL RPL_U_HB_2 0xa71b Core 13G Host
product INTEL RPL_U_HB_3 0xa71c Core 13G Host
product INTEL RPL_DTT 0xa71d Core 13G DTT
product INTEL RPL_XHCI 0xa71e Core 13G xHCI
product INTEL RPL_P_GT_1 0xa720 Graphics product INTEL RPL_P_GT_1 0xa720 Graphics
product INTEL RPL_P_GT_2 0xa721 Graphics product INTEL RPL_P_GT_2 0xa721 Graphics
product INTEL RPL_HX_HB_4 0xa728 Core 13G Host
product INTEL RPL_HX_HB_5 0xa729 Core 13G Host
product INTEL RPL_HX_HB_6 0xa72a Core 13G Host
product INTEL RPL_PCIE_2 0xa72d Core 13G PCIE
product INTEL RPL_TBT_PCIE2 0xa72f Core 13G PCIE
product INTEL RPL_TBT_DMA0 0xa73e Core 13G TBT
product INTEL RPL_PCIE_3 0xa74d Core 13G PCIE
product INTEL RPL_GNA 0xa74f Core 13G GNA
product INTEL RPL_IPU 0xa75d Core 13G IPU
product INTEL RPL_TBT_DMA1 0xa76d Core 13G TBT
product INTEL RPL_TBT_PCIE0 0xa76e Core 13G PCIE
product INTEL RPL_TH 0xa76f Core 13G TH
product INTEL RPL_CL 0xa77d Core 13G CL
product INTEL RPL_VMD 0xa77f Core 13G VMD
product INTEL RPL_S_GT_1 0xa780 Graphics product INTEL RPL_S_GT_1 0xa780 Graphics
product INTEL RPL_S_GT_2 0xa781 Graphics product INTEL RPL_S_GT_2 0xa781 Graphics
product INTEL RPL_S_GT_3 0xa782 Graphics product INTEL RPL_S_GT_3 0xa782 Graphics

35
sys/dev/pci/pcidevs.h
View file

@ -2,7 +2,7 @@
* THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT.
* *
* generated from: * generated from:
* OpenBSD: pcidevs,v 1.2040 2023/06/27 15:30:25 stsp Exp * OpenBSD: pcidevs,v 1.2041 2023/06/29 07:58:15 jsg Exp
*/ */
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
@ -5616,7 +5616,9 @@
#define PCI_PRODUCT_INTEL_ADL_PCIE_1 0x463d /* Core 12G PCIE */ #define PCI_PRODUCT_INTEL_ADL_PCIE_1 0x463d /* Core 12G PCIE */
#define PCI_PRODUCT_INTEL_ADL_TBT_DMA0 0x463e /* Core 12G TBT */ #define PCI_PRODUCT_INTEL_ADL_TBT_DMA0 0x463e /* Core 12G TBT */
#define PCI_PRODUCT_INTEL_ADL_TBT_PCIE1 0x463f /* Core 12G PCIE */ #define PCI_PRODUCT_INTEL_ADL_TBT_PCIE1 0x463f /* Core 12G PCIE */
#define PCI_PRODUCT_INTEL_RPL_S_HB_1 0x4640 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_ADL_HP_HB_1 0x4641 /* Core 12G Host */ #define PCI_PRODUCT_INTEL_ADL_HP_HB_1 0x4641 /* Core 12G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_1 0x4647 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_ADL_S_HB_3 0x4648 /* Core 12G Host */ #define PCI_PRODUCT_INTEL_ADL_S_HB_3 0x4648 /* Core 12G Host */
#define PCI_PRODUCT_INTEL_ADL_H_HB_1 0x4649 /* Core 12G Host */ #define PCI_PRODUCT_INTEL_ADL_H_HB_1 0x4649 /* Core 12G Host */
#define PCI_PRODUCT_INTEL_ADL_S_PCIE_3 0x464d /* Core 12G PCIE */ #define PCI_PRODUCT_INTEL_ADL_S_PCIE_3 0x464d /* Core 12G PCIE */
@ -5834,6 +5836,7 @@
#define PCI_PRODUCT_INTEL_EP80579_LAN_3 0x5048 /* EP80579 LAN */ #define PCI_PRODUCT_INTEL_EP80579_LAN_3 0x5048 /* EP80579 LAN */
#define PCI_PRODUCT_INTEL_EP80579_LAN_6 0x5049 /* EP80579 LAN */ #define PCI_PRODUCT_INTEL_EP80579_LAN_6 0x5049 /* EP80579 LAN */
#define PCI_PRODUCT_INTEL_600SERIES_LP_ESPI 0x5182 /* 600 Series eSPI */ #define PCI_PRODUCT_INTEL_600SERIES_LP_ESPI 0x5182 /* 600 Series eSPI */
#define PCI_PRODUCT_INTEL_700SERIES_LP_ESPI 0x519d /* 700 Series eSPI */
#define PCI_PRODUCT_INTEL_600SERIES_LP_P2SB 0x51a0 /* 600 Series P2SB */ #define PCI_PRODUCT_INTEL_600SERIES_LP_P2SB 0x51a0 /* 600 Series P2SB */
#define PCI_PRODUCT_INTEL_600SERIES_LP_PMC 0x51a1 /* 600 Series PMC */ #define PCI_PRODUCT_INTEL_600SERIES_LP_PMC 0x51a1 /* 600 Series PMC */
#define PCI_PRODUCT_INTEL_600SERIES_LP_SMB 0x51a3 /* 600 Series SMBus */ #define PCI_PRODUCT_INTEL_600SERIES_LP_SMB 0x51a3 /* 600 Series SMBus */
@ -5859,6 +5862,7 @@
#define PCI_PRODUCT_INTEL_600SERIES_LP_I2C_1 0x51c6 /* 600 Series I2C */ #define PCI_PRODUCT_INTEL_600SERIES_LP_I2C_1 0x51c6 /* 600 Series I2C */
#define PCI_PRODUCT_INTEL_600SERIES_LP_UART_2 0x51c7 /* 600 Series UART */ #define PCI_PRODUCT_INTEL_600SERIES_LP_UART_2 0x51c7 /* 600 Series UART */
#define PCI_PRODUCT_INTEL_600SERIES_LP_HDA 0x51c8 /* 600 Series HD Audio */ #define PCI_PRODUCT_INTEL_600SERIES_LP_HDA 0x51c8 /* 600 Series HD Audio */
#define PCI_PRODUCT_INTEL_700SERIES_LP_HDA 0x51ca /* 700 Series HD Audio */
#define PCI_PRODUCT_INTEL_600SERIES_LP_THC_0 0x51d0 /* 600 Series THC */ #define PCI_PRODUCT_INTEL_600SERIES_LP_THC_0 0x51d0 /* 600 Series THC */
#define PCI_PRODUCT_INTEL_600SERIES_LP_THC_1 0x51d1 /* 600 Series THC */ #define PCI_PRODUCT_INTEL_600SERIES_LP_THC_1 0x51d1 /* 600 Series THC */
#define PCI_PRODUCT_INTEL_600SERIES_LP_AHCI 0x51d3 /* 600 Series AHCI */ #define PCI_PRODUCT_INTEL_600SERIES_LP_AHCI 0x51d3 /* 600 Series AHCI */
@ -6935,8 +6939,37 @@
#define PCI_PRODUCT_INTEL_400SERIES_V_PCIE_21 0xa3eb /* 400 Series PCIE */ #define PCI_PRODUCT_INTEL_400SERIES_V_PCIE_21 0xa3eb /* 400 Series PCIE */
#define PCI_PRODUCT_INTEL_400SERIES_V_PCIE_22 0xa3ec /* 400 Series PCIE */ #define PCI_PRODUCT_INTEL_400SERIES_V_PCIE_22 0xa3ec /* 400 Series PCIE */
#define PCI_PRODUCT_INTEL_400SERIES_V_PCIE_23 0xa3ed /* 400 Series PCIE */ #define PCI_PRODUCT_INTEL_400SERIES_V_PCIE_23 0xa3ed /* 400 Series PCIE */
#define PCI_PRODUCT_INTEL_RPL_S_HB_2 0xa700 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_2 0xa702 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_S_HB_3 0xa703 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_S_HB_4 0xa704 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_S_HB_5 0xa705 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_H_HB_1 0xa706 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_H_HB_2 0xa707 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_U_HB_1 0xa708 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_PCIE_1 0xa70d /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_H_HB_3 0xa716 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_3 0xa719 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_U_HB_2 0xa71b /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_U_HB_3 0xa71c /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_DTT 0xa71d /* Core 13G DTT */
#define PCI_PRODUCT_INTEL_RPL_XHCI 0xa71e /* Core 13G xHCI */
#define PCI_PRODUCT_INTEL_RPL_P_GT_1 0xa720 /* Graphics */ #define PCI_PRODUCT_INTEL_RPL_P_GT_1 0xa720 /* Graphics */
#define PCI_PRODUCT_INTEL_RPL_P_GT_2 0xa721 /* Graphics */ #define PCI_PRODUCT_INTEL_RPL_P_GT_2 0xa721 /* Graphics */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_4 0xa728 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_5 0xa729 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_6 0xa72a /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_PCIE_2 0xa72d /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_TBT_PCIE2 0xa72f /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_TBT_DMA0 0xa73e /* Core 13G TBT */
#define PCI_PRODUCT_INTEL_RPL_PCIE_3 0xa74d /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_GNA 0xa74f /* Core 13G GNA */
#define PCI_PRODUCT_INTEL_RPL_IPU 0xa75d /* Core 13G IPU */
#define PCI_PRODUCT_INTEL_RPL_TBT_DMA1 0xa76d /* Core 13G TBT */
#define PCI_PRODUCT_INTEL_RPL_TBT_PCIE0 0xa76e /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_TH 0xa76f /* Core 13G TH */
#define PCI_PRODUCT_INTEL_RPL_CL 0xa77d /* Core 13G CL */
#define PCI_PRODUCT_INTEL_RPL_VMD 0xa77f /* Core 13G VMD */
#define PCI_PRODUCT_INTEL_RPL_S_GT_1 0xa780 /* Graphics */ #define PCI_PRODUCT_INTEL_RPL_S_GT_1 0xa780 /* Graphics */
#define PCI_PRODUCT_INTEL_RPL_S_GT_2 0xa781 /* Graphics */ #define PCI_PRODUCT_INTEL_RPL_S_GT_2 0xa781 /* Graphics */
#define PCI_PRODUCT_INTEL_RPL_S_GT_3 0xa782 /* Graphics */ #define PCI_PRODUCT_INTEL_RPL_S_GT_3 0xa782 /* Graphics */

134
sys/dev/pci/pcidevs_data.h
View file

@ -2,7 +2,7 @@
* THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT.
* *
* generated from: * generated from:
* OpenBSD: pcidevs,v 1.2040 2023/06/27 15:30:25 stsp Exp * OpenBSD: pcidevs,v 1.2041 2023/06/29 07:58:15 jsg Exp
*/ */
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
@ -19819,10 +19819,18 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_ADL_TBT_PCIE1, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_ADL_TBT_PCIE1,
"Core 12G PCIE", "Core 12G PCIE",
}, },
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_1,
"Core 13G Host",
},
{ {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_ADL_HP_HB_1, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_ADL_HP_HB_1,
"Core 12G Host", "Core 12G Host",
}, },
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_1,
"Core 13G Host",
},
{ {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_ADL_S_HB_3, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_ADL_S_HB_3,
"Core 12G Host", "Core 12G Host",
@ -20691,6 +20699,10 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_ESPI, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_ESPI,
"600 Series eSPI", "600 Series eSPI",
}, },
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_700SERIES_LP_ESPI,
"700 Series eSPI",
},
{ {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_P2SB, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_P2SB,
"600 Series P2SB", "600 Series P2SB",
@ -20791,6 +20803,10 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_HDA, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_HDA,
"600 Series HD Audio", "600 Series HD Audio",
}, },
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_700SERIES_LP_HDA,
"700 Series HD Audio",
},
{ {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_THC_0, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_THC_0,
"600 Series THC", "600 Series THC",
@ -25095,6 +25111,66 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_400SERIES_V_PCIE_23, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_400SERIES_V_PCIE_23,
"400 Series PCIE", "400 Series PCIE",
}, },
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_2,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_2,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_3,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_4,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_5,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_H_HB_1,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_H_HB_2,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_HB_1,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_PCIE_1,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_H_HB_3,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_3,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_HB_2,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_HB_3,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_DTT,
"Core 13G DTT",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_XHCI,
"Core 13G xHCI",
},
{ {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_1, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_1,
"Graphics", "Graphics",
@ -25103,6 +25179,62 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_2, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_2,
"Graphics", "Graphics",
}, },
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_4,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_5,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_6,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_PCIE_2,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TBT_PCIE2,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TBT_DMA0,
"Core 13G TBT",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_PCIE_3,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_GNA,
"Core 13G GNA",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_IPU,
"Core 13G IPU",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TBT_DMA1,
"Core 13G TBT",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TBT_PCIE0,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TH,
"Core 13G TH",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_CL,
"Core 13G CL",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_VMD,
"Core 13G VMD",
},
{ {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_GT_1, PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_GT_1,
"Graphics", "Graphics",

14
sys/net/pf_ioctl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf_ioctl.c,v 1.409 2023/06/28 15:36:08 kn Exp $ */ /* $OpenBSD: pf_ioctl.c,v 1.410 2023/06/28 21:33:35 sashan Exp $ */
/* /*
* Copyright (c) 2001 Daniel Hartmeier * Copyright (c) 2001 Daniel Hartmeier
@ -1506,11 +1506,15 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
int i; int i;
t = pf_find_trans(minor(dev), pr->ticket); t = pf_find_trans(minor(dev), pr->ticket);
if (t == NULL) if (t == NULL) {
return (ENXIO); error = ENXIO;
goto fail;
}
KASSERT(t->pft_unit == minor(dev)); KASSERT(t->pft_unit == minor(dev));
if (t->pft_type != PF_TRANS_GETRULE) if (t->pft_type != PF_TRANS_GETRULE) {
return (EINVAL); error = EINVAL;
goto fail;
}
NET_LOCK(); NET_LOCK();
PF_LOCK(); PF_LOCK();

2
usr.bin/ftp/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.35 2021/02/16 16:27:34 naddy Exp $ # $OpenBSD: Makefile,v 1.37 2023/06/28 17:36:51 op Exp $
# Define SMALL to disable command line editing and some other features, # Define SMALL to disable command line editing and some other features,
# NOSSL to disable https support. # NOSSL to disable https support.

7
usr.bin/ftp/fetch.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: fetch.c,v 1.215 2023/06/28 11:07:28 op Exp $ */ /* $OpenBSD: fetch.c,v 1.216 2023/06/28 17:35:06 op Exp $ */
/* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */
/*- /*-
@ -891,7 +891,6 @@ noslash:
if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) { if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) {
cp += sizeof(CONTENTLEN) - 1; cp += sizeof(CONTENTLEN) - 1;
cp += strspn(cp, " \t"); cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
filesize = strtonum(cp, 0, LLONG_MAX, &errstr); filesize = strtonum(cp, 0, LLONG_MAX, &errstr);
if (errstr != NULL) if (errstr != NULL)
goto improper; goto improper;
@ -964,10 +963,8 @@ noslash:
#define RETRYAFTER "Retry-After:" #define RETRYAFTER "Retry-After:"
} else if (isunavail && } else if (isunavail &&
strncasecmp(cp, RETRYAFTER, sizeof(RETRYAFTER) - 1) == 0) { strncasecmp(cp, RETRYAFTER, sizeof(RETRYAFTER) - 1) == 0) {
size_t s;
cp += sizeof(RETRYAFTER) - 1; cp += sizeof(RETRYAFTER) - 1;
cp += strspn(cp, " \t"); cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
retryafter = strtonum(cp, 0, 0, &errstr); retryafter = strtonum(cp, 0, 0, &errstr);
if (errstr != NULL) if (errstr != NULL)
retryafter = -1; retryafter = -1;
@ -976,7 +973,6 @@ noslash:
sizeof(TRANSFER_ENCODING) - 1) == 0) { sizeof(TRANSFER_ENCODING) - 1) == 0) {
cp += sizeof(TRANSFER_ENCODING) - 1; cp += sizeof(TRANSFER_ENCODING) - 1;
cp += strspn(cp, " \t"); cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
if (strcasecmp(cp, "chunked") == 0) if (strcasecmp(cp, "chunked") == 0)
chunked = 1; chunked = 1;
#ifndef SMALL #ifndef SMALL
@ -985,7 +981,6 @@ noslash:
sizeof(LAST_MODIFIED) - 1) == 0) { sizeof(LAST_MODIFIED) - 1) == 0) {
cp += sizeof(LAST_MODIFIED) - 1; cp += sizeof(LAST_MODIFIED) - 1;
cp += strspn(cp, " \t"); cp += strspn(cp, " \t");
cp[strcspn(cp, "\t")] = '\0';
if (strptime(cp, "%a, %d %h %Y %T %Z", &lmt) == NULL) if (strptime(cp, "%a, %d %h %Y %T %Z", &lmt) == NULL)
server_timestamps = 0; server_timestamps = 0;
#endif /* !SMALL */ #endif /* !SMALL */

183
usr.sbin/relayd/pfe_route.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pfe_route.c,v 1.12 2017/05/28 10:39:15 benno Exp $ */ /* $OpenBSD: pfe_route.c,v 1.14 2023/06/29 16:24:53 claudio Exp $ */
/* /*
* Copyright (c) 2009 - 2011 Reyk Floeter <reyk@openbsd.org> * Copyright (c) 2009 - 2011 Reyk Floeter <reyk@openbsd.org>
@ -19,12 +19,14 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/queue.h> #include <sys/queue.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/uio.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <net/route.h> #include <net/route.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <limits.h> #include <limits.h>
#include <stddef.h>
#include <stdio.h> #include <stdio.h>
#include <unistd.h> #include <unistd.h>
#include <string.h> #include <string.h>
@ -32,24 +34,6 @@
#include "relayd.h" #include "relayd.h"
struct relay_rtmsg {
struct rt_msghdr rm_hdr;
union {
struct {
struct sockaddr_in rm_dst;
struct sockaddr_in rm_gateway;
struct sockaddr_in rm_netmask;
struct sockaddr_rtlabel rm_label;
} u4;
struct {
struct sockaddr_in6 rm_dst;
struct sockaddr_in6 rm_gateway;
struct sockaddr_in6 rm_netmask;
struct sockaddr_rtlabel rm_label;
} u6;
} rm_u;
};
void void
init_routes(struct relayd *env) init_routes(struct relayd *env)
{ {
@ -103,110 +87,97 @@ sync_routes(struct relayd *env, struct router *rt)
} }
} }
static void
pfe_apply_prefixlen(struct sockaddr_storage *ss, int af, int len)
{
int q, r, off;
uint8_t *b = (uint8_t *)ss;
q = len >> 3;
r = len & 7;
bzero(ss, sizeof(*ss));
ss->ss_family = af;
switch (af) {
case AF_INET:
ss->ss_len = sizeof(struct sockaddr_in);
off = offsetof(struct sockaddr_in, sin_addr);
break;
case AF_INET6:
ss->ss_len = sizeof(struct sockaddr_in6);
off = offsetof(struct sockaddr_in6, sin6_addr);
break;
default:
fatal("%s: invalid address family", __func__);
}
if (q > 0)
memset(b + off, 0xff, q);
if (r > 0)
b[off + q] = (0xff00 >> r) & 0xff;
}
#define ROUNDUP(a) \
((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
int int
pfe_route(struct relayd *env, struct ctl_netroute *crt) pfe_route(struct relayd *env, struct ctl_netroute *crt)
{ {
struct relay_rtmsg rm; struct iovec iov[5];
struct sockaddr_rtlabel sr; struct rt_msghdr hdr;
struct sockaddr_storage *gw; struct sockaddr_storage dst, gw, mask, label;
struct sockaddr_in *s4; struct sockaddr_rtlabel *sr = (struct sockaddr_rtlabel *)&label;
struct sockaddr_in6 *s6; int iovcnt = 0;
size_t len = 0;
char *gwname; char *gwname;
int i = 0;
gw = &crt->host.ss; bzero(&hdr, sizeof(hdr));
hdr.rtm_msglen = sizeof(hdr);
hdr.rtm_version = RTM_VERSION;
hdr.rtm_type = HOST_ISUP(crt->up) ? RTM_ADD : RTM_DELETE;
hdr.rtm_flags = RTF_STATIC | RTF_GATEWAY | RTF_MPATH;
hdr.rtm_seq = env->sc_rtseq++;
hdr.rtm_addrs = RTA_DST | RTA_GATEWAY | RTA_NETMASK;
hdr.rtm_tableid = crt->rt.rtable;
hdr.rtm_priority = crt->host.priority;
iov[iovcnt].iov_base = &hdr;
iov[iovcnt++].iov_len = sizeof(hdr);
dst = crt->nr.ss;
gw = crt->host.ss;
gwname = crt->host.name; gwname = crt->host.name;
pfe_apply_prefixlen(&mask, dst.ss_family, crt->nr.prefixlen);
bzero(&rm, sizeof(rm)); iov[iovcnt].iov_base = &dst;
bzero(&sr, sizeof(sr)); iov[iovcnt++].iov_len = ROUNDUP(dst.ss_len);
hdr.rtm_msglen += ROUNDUP(dst.ss_len);
rm.rm_hdr.rtm_msglen = len; iov[iovcnt].iov_base = &gw;
rm.rm_hdr.rtm_version = RTM_VERSION; iov[iovcnt++].iov_len = ROUNDUP(gw.ss_len);
rm.rm_hdr.rtm_type = HOST_ISUP(crt->up) ? RTM_ADD : RTM_DELETE; hdr.rtm_msglen += ROUNDUP(gw.ss_len);
rm.rm_hdr.rtm_flags = RTF_STATIC | RTF_GATEWAY | RTF_MPATH;
rm.rm_hdr.rtm_seq = env->sc_rtseq++; iov[iovcnt].iov_base = &mask;
rm.rm_hdr.rtm_addrs = RTA_DST | RTA_GATEWAY; iov[iovcnt++].iov_len = ROUNDUP(mask.ss_len);
rm.rm_hdr.rtm_tableid = crt->rt.rtable; hdr.rtm_msglen += ROUNDUP(mask.ss_len);
rm.rm_hdr.rtm_priority = crt->host.priority;
if (strlen(crt->rt.label)) { if (strlen(crt->rt.label)) {
rm.rm_hdr.rtm_addrs |= RTA_LABEL; sr->sr_len = sizeof(*sr);
sr.sr_len = sizeof(sr); strlcpy(sr->sr_label, crt->rt.label, sizeof(sr->sr_label));
if (snprintf(sr.sr_label, sizeof(sr.sr_label),
"%s", crt->rt.label) == -1) iov[iovcnt].iov_base = &label;
goto bad; iov[iovcnt++].iov_len = ROUNDUP(label.ss_len);
hdr.rtm_msglen += ROUNDUP(label.ss_len);
hdr.rtm_addrs |= RTA_LABEL;
} }
if (crt->nr.ss.ss_family == AF_INET) {
rm.rm_hdr.rtm_msglen = len =
sizeof(rm.rm_hdr) + sizeof(rm.rm_u.u4);
bcopy(&sr, &rm.rm_u.u4.rm_label, sizeof(sr));
s4 = &rm.rm_u.u4.rm_dst;
s4->sin_family = AF_INET;
s4->sin_len = sizeof(rm.rm_u.u4.rm_dst);
s4->sin_addr.s_addr =
((struct sockaddr_in *)&crt->nr.ss)->sin_addr.s_addr;
s4 = &rm.rm_u.u4.rm_gateway;
s4->sin_family = AF_INET;
s4->sin_len = sizeof(rm.rm_u.u4.rm_gateway);
s4->sin_addr.s_addr =
((struct sockaddr_in *)gw)->sin_addr.s_addr;
rm.rm_hdr.rtm_addrs |= RTA_NETMASK;
s4 = &rm.rm_u.u4.rm_netmask;
s4->sin_family = AF_INET;
s4->sin_len = sizeof(rm.rm_u.u4.rm_netmask);
if (crt->nr.prefixlen)
s4->sin_addr.s_addr =
htonl(0xffffffff << (32 - crt->nr.prefixlen));
else if (crt->nr.prefixlen < 0)
rm.rm_hdr.rtm_flags |= RTF_HOST;
} else if (crt->nr.ss.ss_family == AF_INET6) {
rm.rm_hdr.rtm_msglen = len =
sizeof(rm.rm_hdr) + sizeof(rm.rm_u.u6);
bcopy(&sr, &rm.rm_u.u6.rm_label, sizeof(sr));
s6 = &rm.rm_u.u6.rm_dst;
bcopy(((struct sockaddr_in6 *)&crt->nr.ss),
s6, sizeof(*s6));
s6->sin6_family = AF_INET6;
s6->sin6_len = sizeof(*s6);
s6 = &rm.rm_u.u6.rm_gateway;
bcopy(((struct sockaddr_in6 *)gw), s6, sizeof(*s6));
s6->sin6_family = AF_INET6;
s6->sin6_len = sizeof(*s6);
rm.rm_hdr.rtm_addrs |= RTA_NETMASK;
s6 = &rm.rm_u.u6.rm_netmask;
s6->sin6_family = AF_INET6;
s6->sin6_len = sizeof(*s6);
if (crt->nr.prefixlen) {
for (i = 0; i < crt->nr.prefixlen / 8; i++)
s6->sin6_addr.s6_addr[i] = 0xff;
i = crt->nr.prefixlen % 8;
if (i)
s6->sin6_addr.s6_addr[crt->nr.prefixlen
/ 8] = 0xff00 >> i;
} else if (crt->nr.prefixlen < 0)
rm.rm_hdr.rtm_flags |= RTF_HOST;
} else
fatal("%s: invalid address family", __func__);
retry: retry:
if (write(env->sc_rtsock, &rm, len) == -1) { if (writev(env->sc_rtsock, iov, iovcnt) == -1) {
switch (errno) { switch (errno) {
case EEXIST: case EEXIST:
case ESRCH: case ESRCH:
if (rm.rm_hdr.rtm_type == RTM_ADD) { if (hdr.rtm_type == RTM_ADD) {
rm.rm_hdr.rtm_type = RTM_CHANGE; hdr.rtm_type = RTM_CHANGE;
goto retry; goto retry;
} else if (rm.rm_hdr.rtm_type == RTM_DELETE) { } else if (hdr.rtm_type == RTM_DELETE) {
/* Ignore */ /* Ignore */
break; break;
} }

4
usr.sbin/rpki-client/Makefile
View file

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.31 2023/06/12 14:56:38 claudio Exp $ # $OpenBSD: Makefile,v 1.32 2023/06/29 10:28:25 tb Exp $
PROG= rpki-client PROG= rpki-client
SRCS= as.c aspa.c cert.c cms.c crl.c encoding.c filemode.c gbr.c geofeed.c \ SRCS= as.c aspa.c cert.c cms.c crl.c encoding.c filemode.c gbr.c geofeed.c \
http.c io.c ip.c json.c log.c main.c mft.c mkdir.c ometric.c output.c \ http.c io.c ip.c json.c main.c mft.c mkdir.c ometric.c output.c \
output-bgpd.c output-bird.c output-csv.c output-json.c \ output-bgpd.c output-bird.c output-csv.c output-json.c \
output-ometric.c parser.c print.c repo.c roa.c rrdp.c rrdp_delta.c \ output-ometric.c parser.c print.c repo.c roa.c rrdp.c rrdp_delta.c \
rrdp_notification.c rrdp_snapshot.c rrdp_util.c rsc.c rsync.c tak.c \ rrdp_notification.c rrdp_snapshot.c rrdp_util.c rsc.c rsync.c tak.c \

4
usr.sbin/rpki-client/aspa.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: aspa.c,v 1.20 2023/06/28 17:24:20 tb Exp $ */ /* $OpenBSD: aspa.c,v 1.21 2023/06/29 14:33:35 tb Exp $ */
/* /*
* Copyright (c) 2022 Job Snijders <job@fastly.com> * Copyright (c) 2022 Job Snijders <job@fastly.com>
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org> * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@ -369,7 +369,7 @@ aspa_insert_vaps(struct vap_tree *tree, struct aspa *aspa, struct repo *rp)
aspa->providers[i] < v->providers[j]) { aspa->providers[i] < v->providers[j]) {
/* merge provider from aspa into v */ /* merge provider from aspa into v */
repo_stat_inc(rp, v->talid, RTYPE_ASPA, repo_stat_inc(rp, v->talid, RTYPE_ASPA,
STYPE_BOTH + aspa->providers[i]); STYPE_PROVIDERS);
insert_vap(v, j, &aspa->providers[i]); insert_vap(v, j, &aspa->providers[i]);
i++; i++;
} else if (aspa->providers[i] == v->providers[j]) } else if (aspa->providers[i] == v->providers[j])

34
usr.sbin/rpki-client/cert.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cert.c,v 1.113 2023/06/24 04:15:14 tb Exp $ */ /* $OpenBSD: cert.c,v 1.114 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org> * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Job Snijders <job@openbsd.org> * Copyright (c) 2021 Job Snijders <job@openbsd.org>
@ -167,13 +167,13 @@ sbgp_assysnum(struct parse *p, X509_EXTENSION *ext)
int i, rc = 0; int i, rc = 0;
if (!X509_EXTENSION_get_critical(ext)) { if (!X509_EXTENSION_get_critical(ext)) {
cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: " warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"extension not critical", p->fn); "extension not critical", p->fn);
goto out; goto out;
} }
if ((asidentifiers = X509V3_EXT_d2i(ext)) == NULL) { if ((asidentifiers = X509V3_EXT_d2i(ext)) == NULL) {
cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: " warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"failed extension parse", p->fn); "failed extension parse", p->fn);
goto out; goto out;
} }
@ -348,13 +348,13 @@ sbgp_ipaddrblk(struct parse *p, X509_EXTENSION *ext)
int i, j, rc = 0; int i, j, rc = 0;
if (!X509_EXTENSION_get_critical(ext)) { if (!X509_EXTENSION_get_critical(ext)) {
cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: " warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"extension not critical", p->fn); "extension not critical", p->fn);
goto out; goto out;
} }
if ((addrblk = X509V3_EXT_d2i(ext)) == NULL) { if ((addrblk = X509V3_EXT_d2i(ext)) == NULL) {
cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: " warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"failed extension parse", p->fn); "failed extension parse", p->fn);
goto out; goto out;
} }
@ -453,8 +453,8 @@ sbgp_sia(struct parse *p, X509_EXTENSION *ext)
} }
if ((sia = X509V3_EXT_d2i(ext)) == NULL) { if ((sia = X509V3_EXT_d2i(ext)) == NULL) {
cryptowarnx("%s: RFC 6487 section 4.8.8: SIA: " warnx("%s: RFC 6487 section 4.8.8: SIA: failed extension parse",
"failed extension parse", p->fn); p->fn);
goto out; goto out;
} }
@ -530,13 +530,13 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext)
int rc = 0; int rc = 0;
if (!X509_EXTENSION_get_critical(ext)) { if (!X509_EXTENSION_get_critical(ext)) {
cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: " warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"extension not critical", p->fn); "extension not critical", p->fn);
goto out; goto out;
} }
if ((policies = X509V3_EXT_d2i(ext)) == NULL) { if ((policies = X509V3_EXT_d2i(ext)) == NULL) {
cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: " warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"failed extension parse", p->fn); "failed extension parse", p->fn);
goto out; goto out;
} }
@ -641,7 +641,7 @@ cert_parse_ee_cert(const char *fn, X509 *x)
} }
if (!X509_up_ref(x)) { if (!X509_up_ref(x)) {
cryptowarnx("%s: X509_up_ref failed", fn); warnx("%s: X509_up_ref failed", fn);
goto out; goto out;
} }
@ -688,7 +688,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
oder = der; oder = der;
if ((x = d2i_X509(NULL, &der, len)) == NULL) { if ((x = d2i_X509(NULL, &der, len)) == NULL) {
cryptowarnx("%s: d2i_X509", p.fn); warnx("%s: d2i_X509", p.fn);
goto out; goto out;
} }
if (der != oder + len) { if (der != oder + len) {
@ -698,7 +698,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
/* Cache X509v3 extensions, see X509_check_ca(3). */ /* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(x, -1, -1) <= 0) { if (X509_check_purpose(x, -1, -1) <= 0) {
cryptowarnx("%s: could not cache X509v3 extensions", p.fn); warnx("%s: could not cache X509v3 extensions", p.fn);
goto out; goto out;
} }
@ -709,7 +709,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
X509_get0_signature(NULL, &palg, x); X509_get0_signature(NULL, &palg, x);
if (palg == NULL) { if (palg == NULL) {
cryptowarnx("%s: X509_get0_signature", p.fn); warnx("%s: X509_get0_signature", p.fn);
goto out; goto out;
} }
X509_ALGOR_get0(&cobj, NULL, NULL, palg); X509_ALGOR_get0(&cobj, NULL, NULL, palg);
@ -730,7 +730,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
/* Look for X509v3 extensions. */ /* Look for X509v3 extensions. */
if ((extsz = X509_get_ext_count(x)) < 0) if ((extsz = X509_get_ext_count(x)) < 0)
cryptoerrx("X509_get_ext_count"); errx(1, "X509_get_ext_count");
for (i = 0; i < (size_t)extsz; i++) { for (i = 0; i < (size_t)extsz; i++) {
ext = X509_get_ext(x, i); ext = X509_get_ext(x, i);
@ -941,15 +941,15 @@ ta_parse(const char *fn, struct cert *p, const unsigned char *pkey,
/* first check pubkey against the one from the TAL */ /* first check pubkey against the one from the TAL */
pk = d2i_PUBKEY(NULL, &pkey, pkeysz); pk = d2i_PUBKEY(NULL, &pkey, pkeysz);
if (pk == NULL) { if (pk == NULL) {
cryptowarnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn); warnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn);
goto badcert; goto badcert;
} }
if ((opk = X509_get0_pubkey(p->x509)) == NULL) { if ((opk = X509_get0_pubkey(p->x509)) == NULL) {
cryptowarnx("%s: RFC 6487 (trust anchor): missing pubkey", fn); warnx("%s: RFC 6487 (trust anchor): missing pubkey", fn);
goto badcert; goto badcert;
} }
if (EVP_PKEY_cmp(pk, opk) != 1) { if (EVP_PKEY_cmp(pk, opk) != 1) {
cryptowarnx("%s: RFC 6487 (trust anchor): " warnx("%s: RFC 6487 (trust anchor): "
"pubkey does not match TAL pubkey", fn); "pubkey does not match TAL pubkey", fn);
goto badcert; goto badcert;
} }

34
usr.sbin/rpki-client/cms.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cms.c,v 1.37 2023/06/20 02:46:18 job Exp $ */ /* $OpenBSD: cms.c,v 1.38 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
* *
@ -123,7 +123,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
oder = der; oder = der;
if ((cms = d2i_CMS_ContentInfo(NULL, &der, len)) == NULL) { if ((cms = d2i_CMS_ContentInfo(NULL, &der, len)) == NULL) {
cryptowarnx("%s: RFC 6488: failed CMS parse", fn); warnx("%s: RFC 6488: failed CMS parse", fn);
goto out; goto out;
} }
if (der != oder + len) { if (der != oder + len) {
@ -137,7 +137,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
*/ */
if (!CMS_verify(cms, NULL, NULL, bio, NULL, if (!CMS_verify(cms, NULL, NULL, bio, NULL,
CMS_NO_SIGNER_CERT_VERIFY)) { CMS_NO_SIGNER_CERT_VERIFY)) {
cryptowarnx("%s: CMS verification error", fn); warnx("%s: CMS verification error", fn);
goto out; goto out;
} }
@ -156,14 +156,14 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
goto out; goto out;
} }
if (sk_CMS_SignerInfo_num(sinfos) != 1) { if (sk_CMS_SignerInfo_num(sinfos) != 1) {
cryptowarnx("%s: RFC 6488: CMS has multiple signerInfos", fn); warnx("%s: RFC 6488: CMS has multiple signerInfos", fn);
goto out; goto out;
} }
si = sk_CMS_SignerInfo_value(sinfos, 0); si = sk_CMS_SignerInfo_value(sinfos, 0);
nattrs = CMS_signed_get_attr_count(si); nattrs = CMS_signed_get_attr_count(si);
if (nattrs <= 0) { if (nattrs <= 0) {
cryptowarnx("%s: RFC 6488: error extracting signedAttrs", fn); warnx("%s: RFC 6488: error extracting signedAttrs", fn);
goto out; goto out;
} }
for (i = 0; i < nattrs; i++) { for (i = 0; i < nattrs; i++) {
@ -171,31 +171,31 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
attr = CMS_signed_get_attr(si, i); attr = CMS_signed_get_attr(si, i);
if (attr == NULL || X509_ATTRIBUTE_count(attr) != 1) { if (attr == NULL || X509_ATTRIBUTE_count(attr) != 1) {
cryptowarnx("%s: RFC 6488: " warnx("%s: RFC 6488: bad signed attribute encoding",
"bad signed attribute encoding", fn); fn);
goto out; goto out;
} }
obj = X509_ATTRIBUTE_get0_object(attr); obj = X509_ATTRIBUTE_get0_object(attr);
if (obj == NULL) { if (obj == NULL) {
cryptowarnx("%s: RFC 6488: bad signed attribute", fn); warnx("%s: RFC 6488: bad signed attribute", fn);
goto out; goto out;
} }
if (OBJ_cmp(obj, cnt_type_oid) == 0) { if (OBJ_cmp(obj, cnt_type_oid) == 0) {
if (has_ct++ != 0) { if (has_ct++ != 0) {
cryptowarnx("%s: RFC 6488: duplicate " warnx("%s: RFC 6488: duplicate "
"signed attribute", fn); "signed attribute", fn);
goto out; goto out;
} }
} else if (OBJ_cmp(obj, msg_dgst_oid) == 0) { } else if (OBJ_cmp(obj, msg_dgst_oid) == 0) {
if (has_md++ != 0) { if (has_md++ != 0) {
cryptowarnx("%s: RFC 6488: duplicate " warnx("%s: RFC 6488: duplicate "
"signed attribute", fn); "signed attribute", fn);
goto out; goto out;
} }
} else if (OBJ_cmp(obj, sign_time_oid) == 0) { } else if (OBJ_cmp(obj, sign_time_oid) == 0) {
if (has_st++ != 0) { if (has_st++ != 0) {
cryptowarnx("%s: RFC 6488: duplicate " warnx("%s: RFC 6488: duplicate "
"signed attribute", fn); "signed attribute", fn);
goto out; goto out;
} }
@ -203,13 +203,13 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
goto out; goto out;
} else if (OBJ_cmp(obj, bin_sign_time_oid) == 0) { } else if (OBJ_cmp(obj, bin_sign_time_oid) == 0) {
if (has_bst++ != 0) { if (has_bst++ != 0) {
cryptowarnx("%s: RFC 6488: duplicate " warnx("%s: RFC 6488: duplicate "
"signed attribute", fn); "signed attribute", fn);
goto out; goto out;
} }
} else { } else {
OBJ_obj2txt(buf, sizeof(buf), obj, 1); OBJ_obj2txt(buf, sizeof(buf), obj, 1);
cryptowarnx("%s: RFC 6488: " warnx("%s: RFC 6488: "
"CMS has unexpected signed attribute %s", "CMS has unexpected signed attribute %s",
fn, buf); fn, buf);
goto out; goto out;
@ -217,7 +217,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
} }
if (!has_ct || !has_md) { if (!has_ct || !has_md) {
cryptowarnx("%s: RFC 6488: CMS missing required " warnx("%s: RFC 6488: CMS missing required "
"signed attribute", fn); "signed attribute", fn);
goto out; goto out;
} }
@ -229,7 +229,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
warnx("%s: missing CMS signing-time attribute", fn); warnx("%s: missing CMS signing-time attribute", fn);
if (CMS_unsigned_get_attr_count(si) != -1) { if (CMS_unsigned_get_attr_count(si) != -1) {
cryptowarnx("%s: RFC 6488: CMS has unsignedAttrs", fn); warnx("%s: RFC 6488: CMS has unsignedAttrs", fn);
goto out; goto out;
} }
@ -288,7 +288,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
crls = CMS_get1_crls(cms); crls = CMS_get1_crls(cms);
if (crls != NULL) { if (crls != NULL) {
sk_X509_CRL_pop_free(crls, X509_CRL_free); sk_X509_CRL_pop_free(crls, X509_CRL_free);
cryptowarnx("%s: RFC 6488: CMS has CRLs", fn); warnx("%s: RFC 6488: CMS has CRLs", fn);
goto out; goto out;
} }
@ -312,7 +312,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
/* Cache X509v3 extensions, see X509_check_ca(3). */ /* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(*xp, -1, -1) <= 0) { if (X509_check_purpose(*xp, -1, -1) <= 0) {
cryptowarnx("%s: could not cache X509v3 extensions", fn); warnx("%s: could not cache X509v3 extensions", fn);
goto out; goto out;
} }

6
usr.sbin/rpki-client/crl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: crl.c,v 1.26 2023/06/20 12:48:32 job Exp $ */ /* $OpenBSD: crl.c,v 1.27 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
* *
@ -43,7 +43,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
oder = der; oder = der;
if ((crl->x509_crl = d2i_X509_CRL(NULL, &der, len)) == NULL) { if ((crl->x509_crl = d2i_X509_CRL(NULL, &der, len)) == NULL) {
cryptowarnx("%s: d2i_X509_CRL", fn); warnx("%s: d2i_X509_CRL", fn);
goto out; goto out;
} }
if (der != oder + len) { if (der != oder + len) {
@ -58,7 +58,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
X509_CRL_get0_signature(crl->x509_crl, NULL, &palg); X509_CRL_get0_signature(crl->x509_crl, NULL, &palg);
if (palg == NULL) { if (palg == NULL) {
cryptowarnx("%s: X509_CRL_get0_signature", fn); warnx("%s: X509_CRL_get0_signature", fn);
goto out; goto out;
} }
X509_ALGOR_get0(&cobj, NULL, NULL, palg); X509_ALGOR_get0(&cobj, NULL, NULL, palg);

16
usr.sbin/rpki-client/extern.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.186 2023/06/26 18:39:53 job Exp $ */ /* $OpenBSD: extern.h,v 1.188 2023/06/29 14:33:35 tb Exp $ */
/* /*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
* *
@ -530,9 +530,7 @@ enum stype {
STYPE_TOTAL, STYPE_TOTAL,
STYPE_UNIQUE, STYPE_UNIQUE,
STYPE_DEC_UNIQUE, STYPE_DEC_UNIQUE,
STYPE_BOTH, STYPE_PROVIDERS,
STYPE_ONLY_IPV4,
STYPE_ONLY_IPV6,
}; };
struct repo; struct repo;
@ -562,8 +560,6 @@ struct repotalstats {
uint32_t vaps; /* total number of Validated ASPA Payloads */ uint32_t vaps; /* total number of Validated ASPA Payloads */
uint32_t vaps_uniqs; /* total number of unique VAPs */ uint32_t vaps_uniqs; /* total number of unique VAPs */
uint32_t vaps_pas; /* total number of providers */ uint32_t vaps_pas; /* total number of providers */
uint32_t vaps_pas4; /* total number of IPv4 only providers */
uint32_t vaps_pas6; /* total number of IPv6 only providers */
uint32_t vrps; /* total number of Validated ROA Payloads */ uint32_t vrps; /* total number of Validated ROA Payloads */
uint32_t vrps_uniqs; /* number of unique vrps */ uint32_t vrps_uniqs; /* number of unique vrps */
}; };
@ -799,14 +795,6 @@ void rrdp_fetch(unsigned int, const char *, const char *,
void rrdp_abort(unsigned int); void rrdp_abort(unsigned int);
void rrdp_http_done(unsigned int, enum http_result, const char *); void rrdp_http_done(unsigned int, enum http_result, const char *);
/* Logging (though really used for OpenSSL errors). */
void cryptowarnx(const char *, ...)
__attribute__((format(printf, 1, 2)));
void cryptoerrx(const char *, ...)
__attribute__((format(printf, 1, 2)))
__attribute__((noreturn));
/* Encoding functions for hex and base64. */ /* Encoding functions for hex and base64. */
unsigned char *load_file(const char *, size_t *); unsigned char *load_file(const char *, size_t *);

4
usr.sbin/rpki-client/filemode.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: filemode.c,v 1.33 2023/05/30 16:02:28 job Exp $ */ /* $OpenBSD: filemode.c,v 1.34 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -650,7 +650,7 @@ proc_filemode(int fd)
x509_init_oid(); x509_init_oid();
if ((ctx = X509_STORE_CTX_new()) == NULL) if ((ctx = X509_STORE_CTX_new()) == NULL)
cryptoerrx("X509_STORE_CTX_new"); err(1, "X509_STORE_CTX_new");
TAILQ_INIT(&q); TAILQ_INIT(&q);
msgbuf_init(&msgq); msgbuf_init(&msgq);

6
usr.sbin/rpki-client/http.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: http.c,v 1.77 2023/06/20 15:15:14 claudio Exp $ */ /* $OpenBSD: http.c,v 1.78 2023/06/28 17:36:09 op Exp $ */
/* /*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@ -1369,7 +1369,6 @@ http_parse_header(struct http_connection *conn, char *buf)
else if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) { else if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) {
cp += sizeof(CONTENTLEN) - 1; cp += sizeof(CONTENTLEN) - 1;
cp += strspn(cp, " \t"); cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
conn->iosz = strtonum(cp, 0, MAX_CONTENTLEN, &errstr); conn->iosz = strtonum(cp, 0, MAX_CONTENTLEN, &errstr);
if (errstr != NULL) { if (errstr != NULL) {
warnx("Content-Length of %s is %s", warnx("Content-Length of %s is %s",
@ -1422,14 +1421,12 @@ http_parse_header(struct http_connection *conn, char *buf)
sizeof(TRANSFER_ENCODING) - 1) == 0) { sizeof(TRANSFER_ENCODING) - 1) == 0) {
cp += sizeof(TRANSFER_ENCODING) - 1; cp += sizeof(TRANSFER_ENCODING) - 1;
cp += strspn(cp, " \t"); cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
if (strcasecmp(cp, "chunked") == 0) if (strcasecmp(cp, "chunked") == 0)
conn->chunked = 1; conn->chunked = 1;
} else if (strncasecmp(cp, CONTENT_ENCODING, } else if (strncasecmp(cp, CONTENT_ENCODING,
sizeof(CONTENT_ENCODING) - 1) == 0) { sizeof(CONTENT_ENCODING) - 1) == 0) {
cp += sizeof(CONTENT_ENCODING) - 1; cp += sizeof(CONTENT_ENCODING) - 1;
cp += strspn(cp, " \t"); cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
if (strcasecmp(cp, "gzip") == 0 || if (strcasecmp(cp, "gzip") == 0 ||
strcasecmp(cp, "deflate") == 0) { strcasecmp(cp, "deflate") == 0) {
if (http_inflate_new(conn) == -1) if (http_inflate_new(conn) == -1)
@ -1439,7 +1436,6 @@ http_parse_header(struct http_connection *conn, char *buf)
} else if (strncasecmp(cp, CONNECTION, sizeof(CONNECTION) - 1) == 0) { } else if (strncasecmp(cp, CONNECTION, sizeof(CONNECTION) - 1) == 0) {
cp += sizeof(CONNECTION) - 1; cp += sizeof(CONNECTION) - 1;
cp += strspn(cp, " \t"); cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
if (strcasecmp(cp, "close") == 0) if (strcasecmp(cp, "close") == 0)
conn->keep_alive = 0; conn->keep_alive = 0;
else if (strcasecmp(cp, "keep-alive") == 0) else if (strcasecmp(cp, "keep-alive") == 0)

74
usr.sbin/rpki-client/log.c
View file

@ -1,74 +0,0 @@
/* $OpenBSD: log.c,v 1.6 2020/09/12 15:46:48 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <err.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdint.h>
#include <openssl/err.h>
#include "extern.h"
/*
* Print the chain of openssl errors that led to the current one.
* This should only be invoked in the event that OpenSSL fails with
* something.
* It's followed by the (optional) given error message, then terminates.
*/
void
cryptoerrx(const char *fmt, ...)
{
unsigned long er;
char buf[BUFSIZ];
va_list ap;
while ((er = ERR_get_error()) > 0) {
ERR_error_string_n(er, buf, sizeof(buf));
warnx(" ...trace: %s", buf);
}
if (fmt != NULL) {
va_start(ap, fmt);
vwarnx(fmt, ap);
va_end(ap);
}
exit(1);
}
/*
* Like cryptoerrx(), but without exiting.
*/
void
cryptowarnx(const char *fmt, ...)
{
unsigned long er;
char buf[BUFSIZ];
va_list ap;
while ((er = ERR_get_error()) > 0) {
ERR_error_string_n(er, buf, sizeof(buf));
warnx(" ...trace: %s", buf);
}
if (fmt != NULL) {
va_start(ap, fmt);
vwarnx(fmt, ap);
va_end(ap);
}
}

4
usr.sbin/rpki-client/main.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.243 2023/06/23 11:36:24 claudio Exp $ */ /* $OpenBSD: main.c,v 1.244 2023/06/29 14:33:35 tb Exp $ */
/* /*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -750,8 +750,6 @@ sum_stats(const struct repo *rp, const struct repotalstats *in, void *arg)
out->vaps += in->vaps; out->vaps += in->vaps;
out->vaps_uniqs += in->vaps_uniqs; out->vaps_uniqs += in->vaps_uniqs;
out->vaps_pas += in->vaps_pas; out->vaps_pas += in->vaps_pas;
out->vaps_pas4 += in->vaps_pas4;
out->vaps_pas6 += in->vaps_pas6;
} }
static void static void

4
usr.sbin/rpki-client/mft.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: mft.c,v 1.95 2023/06/20 12:39:50 job Exp $ */ /* $OpenBSD: mft.c,v 1.96 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org> * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -281,7 +281,7 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
int i, rc = 0; int i, rc = 0;
if ((mft = d2i_Manifest(NULL, &d, dsz)) == NULL) { if ((mft = d2i_Manifest(NULL, &d, dsz)) == NULL) {
cryptowarnx("%s: RFC 6486 section 4: failed to parse Manifest", warnx("%s: RFC 6486 section 4: failed to parse Manifest",
p->fn); p->fn);
goto out; goto out;
} }

8
usr.sbin/rpki-client/output-ometric.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: output-ometric.c,v 1.4 2023/06/05 14:19:13 claudio Exp $ */ /* $OpenBSD: output-ometric.c,v 1.5 2023/06/29 14:33:35 tb Exp $ */
/* /*
* Copyright (c) 2022 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2022 Claudio Jeker <claudio@openbsd.org>
* *
@ -83,11 +83,7 @@ set_common_stats(const struct repotalstats *in, struct ometric *metric,
ometric_set_int_with_labels(metric, in->vaps_uniqs, ometric_set_int_with_labels(metric, in->vaps_uniqs,
OKV("type", "state"), OKV("vap", "unique"), ol); OKV("type", "state"), OKV("vap", "unique"), ol);
ometric_set_int_with_labels(metric, in->vaps_pas, ometric_set_int_with_labels(metric, in->vaps_pas,
OKV("type", "state"), OKV("vap providers", "both"), ol); OKV("type", "state"), OKV("vap providers", "total"), ol);
ometric_set_int_with_labels(metric, in->vaps_pas4,
OKV("type", "state"), OKV("vap providers", "IPv4 only"), ol);
ometric_set_int_with_labels(metric, in->vaps_pas6,
OKV("type", "state"), OKV("vap providers", "IPv6 only"), ol);
} }
static void static void

4
usr.sbin/rpki-client/parser.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parser.c,v 1.96 2023/05/30 16:02:28 job Exp $ */ /* $OpenBSD: parser.c,v 1.97 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -815,7 +815,7 @@ proc_parser(int fd)
x509_init_oid(); x509_init_oid();
if ((ctx = X509_STORE_CTX_new()) == NULL) if ((ctx = X509_STORE_CTX_new()) == NULL)
cryptoerrx("X509_STORE_CTX_new"); err(1, "X509_STORE_CTX_new");
TAILQ_INIT(&q); TAILQ_INIT(&q);

25
usr.sbin/rpki-client/print.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: print.c,v 1.41 2023/06/26 18:39:53 job Exp $ */ /* $OpenBSD: print.c,v 1.42 2023/06/29 10:22:37 job Exp $ */
/* /*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -612,19 +612,6 @@ rsc_print(const X509 *x, const struct rsc *p)
json_do_end(); json_do_end();
} }
static void
aspa_provider(uint32_t as)
{
if (outformats & FORMAT_JSON) {
json_do_object("aspa", 1);
json_do_uint("asid", as);
json_do_end();
} else {
printf("AS: %u", as);
printf("\n");
}
}
void void
aspa_print(const X509 *x, const struct aspa *p) aspa_print(const X509 *x, const struct aspa *p)
{ {
@ -662,9 +649,13 @@ aspa_print(const X509 *x, const struct aspa *p)
} }
for (i = 0; i < p->providersz; i++) { for (i = 0; i < p->providersz; i++) {
if ((outformats & FORMAT_JSON) == 0 && i > 0) if (outformats & FORMAT_JSON)
printf("%26s", ""); json_do_uint("asid", p->providers[i]);
aspa_provider(p->providers[i]); else {
if (i > 0)
printf("%26s", "");
printf("AS: %u\n", p->providers[i]);
}
} }
if (outformats & FORMAT_JSON) if (outformats & FORMAT_JSON)

12
usr.sbin/rpki-client/repo.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: repo.c,v 1.48 2023/06/23 11:36:24 claudio Exp $ */ /* $OpenBSD: repo.c,v 1.50 2023/06/29 14:33:35 tb Exp $ */
/* /*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -727,7 +727,7 @@ rrdp_session_save(unsigned int id, struct rrdp_session *state)
if (fprintf(f, "-\n") < 0) if (fprintf(f, "-\n") < 0)
goto fail; goto fail;
} }
for (i = 0; state->deltas[i] != NULL; i++) { for (i = 0; i < MAX_RRDP_DELTAS && state->deltas[i] != NULL; i++) {
if (fprintf(f, "%s\n", state->deltas[i]) < 0) if (fprintf(f, "%s\n", state->deltas[i]) < 0)
goto fail; goto fail;
} }
@ -1473,15 +1473,9 @@ repo_stat_inc(struct repo *rp, int talid, enum rtype type, enum stype subtype)
case STYPE_DEC_UNIQUE: case STYPE_DEC_UNIQUE:
rp->stats[talid].vaps_uniqs--; rp->stats[talid].vaps_uniqs--;
break; break;
case STYPE_BOTH: case STYPE_PROVIDERS:
rp->stats[talid].vaps_pas++; rp->stats[talid].vaps_pas++;
break; break;
case STYPE_ONLY_IPV4:
rp->stats[talid].vaps_pas4++;
break;
case STYPE_ONLY_IPV6:
rp->stats[talid].vaps_pas6++;
break;
default: default:
break; break;
} }

4
usr.sbin/rpki-client/roa.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: roa.c,v 1.68 2023/06/07 10:46:34 job Exp $ */ /* $OpenBSD: roa.c,v 1.69 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org> * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -114,7 +114,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
int i, j, rc = 0; int i, j, rc = 0;
if ((roa = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) { if ((roa = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) {
cryptowarnx("%s: RFC 6482 section 3: failed to parse " warnx("%s: RFC 6482 section 3: failed to parse "
"RouteOriginAttestation", p->fn); "RouteOriginAttestation", p->fn);
goto out; goto out;
} }

5
usr.sbin/rpki-client/rsc.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rsc.c,v 1.26 2023/06/07 10:46:34 job Exp $ */ /* $OpenBSD: rsc.c,v 1.27 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org> * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2022 Job Snijders <job@fastly.com> * Copyright (c) 2022 Job Snijders <job@fastly.com>
@ -334,8 +334,7 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
*/ */
if ((rsc = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) { if ((rsc = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) {
cryptowarnx("%s: RSC: failed to parse RpkiSignedChecklist", warnx("%s: RSC: failed to parse RpkiSignedChecklist", p->fn);
p->fn);
goto out; goto out;
} }

4
usr.sbin/rpki-client/tak.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tak.c,v 1.10 2023/06/20 12:39:50 job Exp $ */ /* $OpenBSD: tak.c,v 1.11 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2022 Job Snijders <job@fastly.com> * Copyright (c) 2022 Job Snijders <job@fastly.com>
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org> * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@ -191,7 +191,7 @@ tak_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
fn = p->fn; fn = p->fn;
if ((tak = d2i_TAK(NULL, &d, dsz)) == NULL) { if ((tak = d2i_TAK(NULL, &d, dsz)) == NULL) {
cryptowarnx("%s: failed to parse Trust Anchor Key", fn); warnx("%s: failed to parse Trust Anchor Key", fn);
goto out; goto out;
} }

4
usr.sbin/rpki-client/tal.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tal.c,v 1.38 2022/11/30 09:02:58 job Exp $ */ /* $OpenBSD: tal.c,v 1.39 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
* *
@ -137,7 +137,7 @@ tal_parse_buffer(const char *fn, char *buf, size_t len)
/* Make sure it's a valid public key. */ /* Make sure it's a valid public key. */
pkey = d2i_PUBKEY(NULL, (const unsigned char **)&der, dersz); pkey = d2i_PUBKEY(NULL, (const unsigned char **)&der, dersz);
if (pkey == NULL) { if (pkey == NULL) {
cryptowarnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: " warnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: "
"failed public key parse", fn); "failed public key parse", fn);
goto out; goto out;
} }

10
usr.sbin/rpki-client/validate.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: validate.c,v 1.65 2023/06/07 11:09:08 tb Exp $ */ /* $OpenBSD: validate.c,v 1.66 2023/06/29 10:28:25 tb Exp $ */
/* /*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
* *
@ -407,14 +407,14 @@ valid_x509(char *file, X509_STORE_CTX *store_ctx, X509 *x509, struct auth *a,
assert(store_ctx != NULL); assert(store_ctx != NULL);
assert(x509 != NULL); assert(x509 != NULL);
if (!X509_STORE_CTX_init(store_ctx, NULL, x509, NULL)) if (!X509_STORE_CTX_init(store_ctx, NULL, x509, NULL))
cryptoerrx("X509_STORE_CTX_init"); err(1, "X509_STORE_CTX_init");
if ((params = X509_STORE_CTX_get0_param(store_ctx)) == NULL) if ((params = X509_STORE_CTX_get0_param(store_ctx)) == NULL)
cryptoerrx("X509_STORE_CTX_get0_param"); errx(1, "X509_STORE_CTX_get0_param");
if ((cp_oid = OBJ_dup(certpol_oid)) == NULL) if ((cp_oid = OBJ_dup(certpol_oid)) == NULL)
cryptoerrx("OBJ_dup"); err(1, "OBJ_dup");
if (!X509_VERIFY_PARAM_add0_policy(params, cp_oid)) if (!X509_VERIFY_PARAM_add0_policy(params, cp_oid))
cryptoerrx("X509_VERIFY_PARAM_add0_policy"); err(1, "X509_VERIFY_PARAM_add0_policy");
X509_VERIFY_PARAM_set_time(params, get_current_time()); X509_VERIFY_PARAM_set_time(params, get_current_time());
flags = X509_V_FLAG_CRL_CHECK; flags = X509_V_FLAG_CRL_CHECK;