SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-06-18 04:24:39 +00:00
parent 991d31b9d0
commit 99745de747
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
62 changed files with 774 additions and 285 deletions
Download patch file Download diff file Expand all files Collapse all files

4
distrib/arm64/iso/Makefile
View file

@ -1,7 +1,7 @@
# $OpenBSD: Makefile,v 1.10 2024/06/09 17:24:19 deraadt Exp $
# $OpenBSD: Makefile,v 1.11 2024/06/18 01:31:48 deraadt Exp $
FS= install${OSrev}.img
FSSIZE= 1136400
FSSIZE= 1236400
CDROM= install${OSrev}.iso
MOUNT_POINT= /mnt

121
lib/libcrypto/x509/x509_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_lib.c,v 1.21 2024/05/28 15:40:38 tb Exp $ */
/* $OpenBSD: x509_lib.c,v 1.23 2024/06/17 05:38:08 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -178,77 +178,69 @@ X509V3_EXT_d2i(X509_EXTENSION *ext)
}
LCRYPTO_ALIAS(X509V3_EXT_d2i);
/* Get critical flag and decoded version of extension from a NID.
* The "idx" variable returns the last found extension and can
* be used to retrieve multiple extensions of the same NID.
* However multiple extensions with the same NID is usually
* due to a badly encoded certificate so if idx is NULL we
* choke if multiple extensions exist.
* The "crit" variable is set to the critical value.
* The return value is the decoded extension or NULL on
* error. The actual error can have several different causes,
* the value of *crit reflects the cause:
* >= 0, extension found but not decoded (reflects critical value).
* -1 extension not found.
* -2 extension occurs more than once.
/*
* This API is only safe to call with known nid, crit != NULL and idx == NULL.
* On NULL return, crit acts as a failure indicator: crit == -1 means an
* extension of type nid was not present, crit != -1 is fatal: crit == -2
* means multiple extensions of type nid are present; if crit is 0 or 1, this
* implies the extension was found but could not be decoded.
*/
void *
X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x509_exts, int nid, int *crit,
int *idx)
{
int lastpos, i;
X509_EXTENSION *ex, *found_ex = NULL;
X509_EXTENSION *ext;
int lastpos = idx == NULL ? -1 : *idx;
if (!x) {
if (idx)
*idx = -1;
if (crit)
*crit = -1;
if (crit != NULL)
*crit = -1;
if (idx != NULL)
*idx = -1;
/*
* Nothing to do if no extensions, unknown nid, or missing extension.
*/
if (x509_exts == NULL)
return NULL;
if ((lastpos = X509v3_get_ext_by_NID(x509_exts, nid, lastpos)) < 0)
return NULL;
if ((ext = X509v3_get_ext(x509_exts, lastpos)) == NULL)
return NULL;
/*
* API madness. Only check for a second extension of type nid if
* idx == NULL. Indicate this by setting *crit to -2. If idx != NULL,
* don't care and set *idx to the index of the first extension found.
*/
if (idx == NULL && X509v3_get_ext_by_NID(x509_exts, nid, lastpos) > 0) {
if (crit != NULL)
*crit = -2;
return NULL;
}
if (idx)
lastpos = *idx + 1;
else
lastpos = 0;
if (lastpos < 0)
lastpos = 0;
for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
ex = sk_X509_EXTENSION_value(x, i);
if (OBJ_obj2nid(ex->object) == nid) {
if (idx) {
*idx = i;
found_ex = ex;
break;
} else if (found_ex) {
/* Found more than one */
if (crit)
*crit = -2;
return NULL;
}
found_ex = ex;
}
}
if (found_ex) {
/* Found it */
if (crit)
*crit = X509_EXTENSION_get_critical(found_ex);
return X509V3_EXT_d2i(found_ex);
}
/* Extension not found */
if (idx)
*idx = -1;
if (crit)
*crit = -1;
return NULL;
/*
* Another beautiful API detail: *crit will be set to 0 or 1, so if the
* extension fails to decode, we can deduce this from return value NULL
* and crit != -1.
*/
if (crit != NULL)
*crit = X509_EXTENSION_get_critical(ext);
if (idx != NULL)
*idx = lastpos;
return X509V3_EXT_d2i(ext);
}
LCRYPTO_ALIAS(X509V3_get_d2i);
int
X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x509_exts, int nid, void *value,
int crit, unsigned long flags)
{
STACK_OF(X509_EXTENSION) *exts = *x;
STACK_OF(X509_EXTENSION) *exts = *x509_exts;
X509_EXTENSION *ext = NULL;
X509_EXTENSION *existing;
int extidx;
@ -256,7 +248,7 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
int ret = 0;
/* See if the extension already exists. */
extidx = X509v3_get_ext_by_NID(*x, nid, -1);
extidx = X509v3_get_ext_by_NID(*x509_exts, nid, -1);
switch (flags & X509V3_ADD_OP_MASK) {
case X509V3_ADD_DEFAULT:
@ -296,7 +288,8 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
errcode = X509V3_R_EXTENSION_NOT_FOUND;
goto err;
}
if ((existing = sk_X509_EXTENSION_delete(*x, extidx)) == NULL) {
if ((existing = sk_X509_EXTENSION_delete(*x509_exts,
extidx)) == NULL) {
ret = -1;
goto err;
}
@ -319,10 +312,10 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
/* If extension exists, replace it. */
if (extidx >= 0) {
existing = sk_X509_EXTENSION_value(*x, extidx);
existing = sk_X509_EXTENSION_value(*x509_exts, extidx);
X509_EXTENSION_free(existing);
existing = NULL;
if (sk_X509_EXTENSION_set(*x, extidx, ext) == NULL) {
if (sk_X509_EXTENSION_set(*x509_exts, extidx, ext) == NULL) {
/*
* XXX - Can't happen. If it did happen, |existing| is
* now a freed pointer. Nothing we can do here.
@ -341,7 +334,7 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
goto err;
ext = NULL;
*x = exts;
*x509_exts = exts;
done:
return 1;
@ -350,7 +343,7 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
if ((flags & X509V3_ADD_SILENT) == 0 && errcode != 0)
X509V3error(errcode);
if (exts != *x)
if (exts != *x509_exts)
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
X509_EXTENSION_free(ext);

6
lib/libm/man/feclearexcept.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: feclearexcept.3,v 1.6 2020/11/14 10:35:58 jmc Exp $
.\" $OpenBSD: feclearexcept.3,v 1.7 2024/06/17 12:59:28 tim Exp $
.\"
.\" Copyright (c) 2011 Martynas Venckus <martynas@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 14 2020 $
.Dd $Mdocdate: June 17 2024 $
.Dt FECLEAREXCEPT 3
.Os
.Sh NAME
@ -111,7 +111,7 @@ This function does not raise floating-point exceptions, but only
sets the state of the flags.
.Pp
The
.Fn fetesteexcept
.Fn fetestexcept
function determines which of a specified subset of the floating-point
exception flags are currently set.
The

4
regress/lib/libcrypto/x509/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.22 2024/05/28 15:33:35 tb Exp $
# $OpenBSD: Makefile,v 1.23 2024/06/16 17:57:08 tb Exp $
PROGS = constraints verify x509attribute x509name x509req_ext callback
PROGS += expirecallback callbackfailures x509_asn1 x509_extensions_test
@ -11,7 +11,7 @@ LDADD_verify = ${CRYPTO_INT}
WARNINGS = Yes
CFLAGS += -DLIBRESSL_INTERNAL -Wall -Werror
CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/x509
CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/bytestring
CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/bytestring
SUBDIR += bettertls policy rfc3779

266
regress/lib/libcrypto/x509/x509_extensions_test.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_extensions_test.c,v 1.2 2024/05/28 15:42:09 tb Exp $ */
/* $OpenBSD: x509_extensions_test.c,v 1.3 2024/06/17 05:04:54 tb Exp $ */
/*
* Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@ -27,6 +27,9 @@
#define ASN1_BOOLEAN_TRUE 0xff
#define ASN1_BOOLEAN_FALSE 0x00
#define X509V3_EXT_CRITICAL 1
#define X509V3_EXT_NONCRITICAL 0
static BASIC_CONSTRAINTS *
create_basic_constraints(int ca)
{
@ -40,6 +43,20 @@ create_basic_constraints(int ca)
return bc;
}
static X509_EXTENSION *
ext_create_basic_constraints(int ca, int critical)
{
X509_EXTENSION *ext;
BASIC_CONSTRAINTS *bc;
bc = create_basic_constraints(ca);
if ((ext = X509V3_EXT_i2d(NID_basic_constraints, critical, bc)) == NULL)
errx(1, "X509V3_EXT_i2d");
BASIC_CONSTRAINTS_free(bc);
return ext;
}
static int
test_x509v3_add1_i2d_empty_stack(STACK_OF(X509_EXTENSION) **extensions)
{
@ -644,12 +661,259 @@ test_x509v3_add1_i2d(void)
return failed;
}
static int
test_x509v3_get_d2i_null(void)
{
X509_EXTENSION *ext;
int crit, idx;
int failed = 1;
if ((ext = X509V3_get_d2i(NULL, NID_undef, NULL, NULL)) != NULL) {
fprintf(stderr, "FAIL: %s: expected X509V3_get_d2i with three "
"NULL arguments to return NULL\n", __func__);
goto err;
}
idx = -5;
if (X509V3_get_d2i(NULL, NID_undef, &crit, &idx) != NULL) {
/* Leaks whatever garbage libcrypto decoded. What to do... */
fprintf(stderr, "FAIL: %s: expected X509V3_get_d2i NULL stack"
"to return NULL\n", __func__);
goto err;
}
if (crit != -1 || idx != -1) {
fprintf(stderr, "FAIL: %s: crit: want: %d, got: %d; "
"idx: want: %d, got: %d\n", __func__, -1, crit, -1, idx);
goto err;
}
failed = 0;
err:
X509_EXTENSION_free(ext);
return failed;
}
static int
test_x509v3_get_d2i_multiple_basic_constraints(void)
{
STACK_OF(X509_EXTENSION) *exts = NULL;
ASN1_BIT_STRING *abs = NULL;
BASIC_CONSTRAINTS *bc = NULL;
X509_EXTENSION *ext;
int crit, idx;
int ca, nid;
int failed = 1;
/*
* Create extension stack containing three basic constraints extensions:
* 1. critical CA basic constraints,
* 2. non-critical CA basic constraints,
* 3. critical non-CA basic constraints.
*/
if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
errx(1, "sk_X509_EXTENSION_new_null");
ca = 1;
ext = ext_create_basic_constraints(ca, X509V3_EXT_CRITICAL);
if (sk_X509_EXTENSION_push(exts, ext) <= 0)
errx(1, "sk_X509_EXTENSION_push");
ext = NULL;
ca = 1;
ext = ext_create_basic_constraints(ca, X509V3_EXT_NONCRITICAL);
if (sk_X509_EXTENSION_push(exts, ext) <= 0)
errx(1, "sk_X509_EXTENSION_push");
ext = NULL;
ca = 0;
ext = ext_create_basic_constraints(ca, X509V3_EXT_CRITICAL);
if (sk_X509_EXTENSION_push(exts, ext) <= 0)
errx(1, "sk_X509_EXTENSION_push");
ext = NULL;
/*
* There is no key usage in this stack, so we shouldn't find any.
*/
nid = NID_key_usage;
if ((abs = X509V3_get_d2i(exts, nid, &crit, NULL)) != NULL) {
fprintf(stderr, "FAIL: %s: found key usage extension\n",
__func__);
goto err;
}
if (crit != -1) {
fprintf(stderr, "FAIL: %s: key usage: crit: want %d, got %d\n",
__func__, -1, crit);
goto err;
}
/*
* If we pass no idx and look for basic constraints,
* we should fail with crit == -2.
*/
nid = NID_basic_constraints;
if ((bc = X509V3_get_d2i(exts, nid, &crit, NULL)) != NULL) {
fprintf(stderr, "FAIL: %s (NULL idx): did not expect to find "
"basic constraints\n", __func__);
goto err;
}
if (crit != -2) {
fprintf(stderr, "FAIL: %s: basic constraints, no idx: \n"
"crit: want %d, got %d\n", __func__, -2, crit);
goto err;
}
/*
* If we pass idx = -1 and look for basic constraints, we should find
* the first one: it is critical at idx = 0, with ca bit set to true.
*/
nid = NID_basic_constraints;
idx = -1;
if ((bc = X509V3_get_d2i(exts, nid, &crit, &idx)) == NULL) {
fprintf(stderr, "FAIL: %s (idx %d): expected to find"
"basic constraints\n", __func__, -1);
goto err;
}
if (crit != 1) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"crit: want %d, got %d\n", __func__, -1, 1, crit);
goto err;
}
if (idx != 0) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"idx: want %d, got %d\n", __func__, -1, 0, idx);
goto err;
}
if (bc->ca != ASN1_BOOLEAN_TRUE) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"cA bit: want %x, got %x\n", __func__, -1,
ASN1_BOOLEAN_TRUE, bc->ca);
goto err;
}
BASIC_CONSTRAINTS_free(bc);
bc = NULL;
/*
* Now pass idx = 0 and look for basic constraints, we should find
* the second one: non-critical at idx = 1, with ca bit set to true.
*/
nid = NID_basic_constraints;
idx = 0;
if ((bc = X509V3_get_d2i(exts, nid, &crit, &idx)) == NULL) {
fprintf(stderr, "FAIL: %s (idx %d): expected to find"
"basic constraints\n", __func__, 0);
goto err;
}
if (crit != 0) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"crit: want %d, got %d\n", __func__, 0, 0, crit);
goto err;
}
if (idx != 1) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"idx: want %d, got %d\n", __func__, 0, 1, idx);
goto err;
}
if (bc->ca != ASN1_BOOLEAN_TRUE) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"cA bit: want %x, got %x\n", __func__, 0,
ASN1_BOOLEAN_TRUE, bc->ca);
goto err;
}
BASIC_CONSTRAINTS_free(bc);
bc = NULL;
/*
* Now pass idx = 1 and look for basic constraints, we should find the
* third one: critical at idx = 2, with ca bit set to false.
*/
nid = NID_basic_constraints;
idx = 1;
if ((bc = X509V3_get_d2i(exts, nid, &crit, &idx)) == NULL) {
fprintf(stderr, "FAIL: %s (idx %d): expected to find"
"basic constraints\n", __func__, 1);
goto err;
}
if (crit != 1) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"crit: want %d, got %d\n", __func__, 1, 0, crit);
goto err;
}
if (idx != 2) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"idx: want %d, got %d\n", __func__, 1, 2, idx);
goto err;
}
if (bc->ca != ASN1_BOOLEAN_FALSE) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"cA bit: want %x, got %x\n", __func__, 1,
ASN1_BOOLEAN_FALSE, bc->ca);
goto err;
}
BASIC_CONSTRAINTS_free(bc);
bc = NULL;
/*
* Finally, pass idx = 2 and we should find no basic constraints.
*/
nid = NID_basic_constraints;
idx = 2;
if ((bc = X509V3_get_d2i(exts, nid, &crit, &idx)) != NULL) {
fprintf(stderr, "FAIL: %s (idx %d): expected to find"
"no basic constraints\n", __func__, 2);
goto err;
}
if (crit != -1) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"crit: want %d, got %d\n", __func__, 2, -1, crit);
goto err;
}
if (idx != -1) {
fprintf(stderr, "FAIL: %s: basic constraints (idx %d): "
"idx: want %d, got %d\n", __func__, 2, -1, idx);
goto err;
}
failed = 0;
err:
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
ASN1_BIT_STRING_free(abs);
BASIC_CONSTRAINTS_free(bc);
return failed;
}
static int
test_x509v3_get_d2i(void)
{
int failed = 0;
failed |= test_x509v3_get_d2i_null();
failed |= test_x509v3_get_d2i_multiple_basic_constraints();
return failed;
}
int
main(void)
{
int failed = 0;
failed |= test_x509v3_add1_i2d();
failed |= test_x509v3_get_d2i();
return failed;
}

1
regress/usr.bin/ssh/penalty-expire.sh
View file

@ -24,6 +24,7 @@ verbose "penalty expiry"
# Incur a penalty
cat /dev/null > $OBJ/authorized_keys_${USER}
${SSH} -F $OBJ/ssh_config somehost true && fatal "authfail connect succeeded"
sleep 2
# Check denied
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}

4
regress/usr.bin/ssh/penalty.sh
View file

@ -25,14 +25,17 @@ verbose "penalty for authentication failure"
cat /dev/null > $OBJ/authorized_keys_${USER}
${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded"
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
sleep 2
# Should be below penalty threshold
${SSH} -F $OBJ/ssh_config somehost true || fatal "authfail not expired"
sleep 2
# Fail authentication again; penalty should activate
cat /dev/null > $OBJ/authorized_keys_${USER}
${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded"
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
sleep 2
# These should be refused by the active penalty
${SSH} -F $OBJ/ssh_config somehost true && fail "authfail not rejected"
@ -42,6 +45,7 @@ conf "noauth:100s"
${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed"
verbose "penalty for no authentication"
${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null || fatal "keyscan failed"
sleep 2
# Repeat attempt should be penalised
${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null 2>&1 && fail "keyscan not rejected"

20
share/man/man7/mdoc.7
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: mdoc.7,v 1.183 2024/05/20 18:40:53 schwarze Exp $
.\" $OpenBSD: mdoc.7,v 1.184 2024/06/17 15:35:33 schwarze Exp $
.\"
.\" Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
.\" Copyright (c) 2010, 2011, 2013-2020 Ingo Schwarze <schwarze@openbsd.org>
@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: May 20 2024 $
.Dd $Mdocdate: June 17 2024 $
.Dt MDOC 7
.Os
.Sh NAME
@ -2552,7 +2552,7 @@ It is used as the basis for UNIX 03 certification.
.br
The second and last Technical Corrigendum.
.El
.It Single UNIX Specification version 4
.It POSIX issues 7 and 8
.Pp
.Bl -tag -width "-p1003.1g-2000" -compact
.It \-p1003.1-2008
@ -2560,8 +2560,18 @@ The second and last Technical Corrigendum.
.It \-susv4
.St -susv4
.br
This standard is also called
X/Open Portability Guide version 7.
This standard is based on C99.
It is also called the
Open Group Standard Base Specifications, Issue 7.
.El
.Pp
.Bl -tag -width "-p1003.1g-2000" -compact
.It \-p1003.1-2024
.St -p1003.1-2024
.br
This standard is based on C17.
It is also called the
Open Group Standard Base Specifications, Issue 8.
.El
.It Other standards
.Pp

5
sys/arch/amd64/amd64/identcpu.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: identcpu.c,v 1.143 2024/05/14 01:42:07 guenther Exp $ */
/* $OpenBSD: identcpu.c,v 1.144 2024/06/16 14:01:26 kn Exp $ */
/* $NetBSD: identcpu.c,v 1.1 2003/04/26 18:39:28 fvdl Exp $ */
/*
@ -727,7 +727,8 @@ identifycpu(struct cpu_info *ci)
}
#ifndef SMALL_KERNEL
if (CPU_IS_PRIMARY(ci) && (ci->ci_feature_tpmflags & TPM_SENSOR)) {
if (CPU_IS_PRIMARY(ci) && (ci->ci_feature_tpmflags & TPM_SENSOR) &&
ci->ci_vendor == CPUV_INTEL) {
ci->ci_sensor.type = SENSOR_TEMP;
sensor_task_register(ci, intelcore_update_sensor, 5);
sensor_attach(&ci->ci_sensordev, &ci->ci_sensor);

5
sys/arch/arm64/stand/efiboot/efiboot.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: efiboot.c,v 1.51 2024/06/14 19:49:17 kettenis Exp $ */
/* $OpenBSD: efiboot.c,v 1.52 2024/06/17 09:36:04 kettenis Exp $ */
/*
* Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
@ -101,8 +101,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
/* disable reset by watchdog after 5 minutes */
BS->SetWatchdogTimer(0, 0, 0, NULL);
status = BS->HandleProtocol(image, &imgp_guid,
(void **)&imgp);
status = BS->HandleProtocol(image, &imgp_guid, (void **)&imgp);
if (status == EFI_SUCCESS)
status = BS->HandleProtocol(imgp->DeviceHandle, &devp_guid,
(void **)&dp);

4
sys/arch/armv7/stand/efiboot/conf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: conf.c,v 1.35 2024/03/10 15:37:54 kettenis Exp $ */
/* $OpenBSD: conf.c,v 1.36 2024/06/17 09:12:45 kettenis Exp $ */
/*
* Copyright (c) 1996 Michael Shalayeff
@ -42,7 +42,7 @@
#include "efidev.h"
#include "efipxe.h"
const char version[] = "1.22";
const char version[] = "1.23";
int debug = 0;
struct fs_ops file_system[] = {

26
sys/arch/armv7/stand/efiboot/efiboot.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: efiboot.c,v 1.40 2022/12/22 15:44:02 kettenis Exp $ */
/* $OpenBSD: efiboot.c,v 1.41 2024/06/17 09:12:45 kettenis Exp $ */
/*
* Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
@ -36,6 +36,7 @@
#include "efidev.h"
#include "efiboot.h"
#include "efidt.h"
#include "fdt.h"
EFI_SYSTEM_TABLE *ST;
@ -59,6 +60,7 @@ static EFI_GUID blkio_guid = BLOCK_IO_PROTOCOL;
static EFI_GUID devp_guid = DEVICE_PATH_PROTOCOL;
static EFI_GUID gop_guid = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID;
static EFI_GUID fdt_guid = FDT_TABLE_GUID;
static EFI_GUID dt_fixup_guid = EFI_DT_FIXUP_PROTOCOL_GUID;
#define efi_guidcmp(_a, _b) memcmp((_a), (_b), sizeof(EFI_GUID))
@ -1004,12 +1006,18 @@ efi_fdt(void)
return fdt_sys;
}
#define EXTRA_DT_SPACE (32 * 1024)
int
fdt_load_override(char *file)
{
EFI_DT_FIXUP_PROTOCOL *dt_fixup;
EFI_PHYSICAL_ADDRESS addr;
char path[MAXPATHLEN];
EFI_STATUS status;
struct stat sb;
size_t dt_size;
UINTN sz;
int fd;
if (file == NULL && fdt_override) {
@ -1027,7 +1035,8 @@ fdt_load_override(char *file)
printf("cannot open %s\n", path);
return 0;
}
if (efi_memprobe_find(EFI_SIZE_TO_PAGES(sb.st_size),
dt_size = sb.st_size + EXTRA_DT_SPACE;
if (efi_memprobe_find(EFI_SIZE_TO_PAGES(dt_size),
PAGE_SIZE, EfiLoaderData, &addr) != EFI_SUCCESS) {
printf("cannot allocate memory for %s\n", path);
return 0;
@ -1037,9 +1046,18 @@ fdt_load_override(char *file)
return 0;
}
status = BS->LocateProtocol(&dt_fixup_guid, NULL, (void **)&dt_fixup);
if (status == EFI_SUCCESS) {
sz = dt_size;
status = dt_fixup->Fixup(dt_fixup, (void *)addr, &sz,
EFI_DT_APPLY_FIXUPS | EFI_DT_RESERVE_MEMORY);
if (status != EFI_SUCCESS)
panic("DT fixup failed: 0x%lx", status);
}
if (!fdt_init((void *)addr)) {
printf("invalid device tree\n");
BS->FreePages(addr, EFI_SIZE_TO_PAGES(sb.st_size));
BS->FreePages(addr, EFI_SIZE_TO_PAGES(dt_size));
return 0;
}
@ -1050,7 +1068,7 @@ fdt_load_override(char *file)
}
fdt_override = (void *)addr;
fdt_override_size = sb.st_size;
fdt_override_size = dt_size;
return 0;
}

44
sys/arch/armv7/stand/efiboot/efidt.h Normal file
View file

@ -0,0 +1,44 @@
/* $OpenBSD: efidt.h,v 1.1 2024/06/17 09:12:45 kettenis Exp $ */
/*
* Copyright (c) 2024 Mark Kettenis <kettenis@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/param.h>
#include <efi.h>
#include <efiapi.h>
#define EFI_DT_FIXUP_PROTOCOL_GUID \
{ 0xe617d64c, 0xfe08, 0x46da, \
{ 0xf4, 0xdc, 0xbb, 0xd5, 0x87, 0x0c, 0x73, 0x00 } }
INTERFACE_DECL(_EFI_DT_FIXUP_PROTOCOL);
typedef EFI_STATUS
(EFIAPI *EFI_DT_FIXUP) (
IN struct _EFI_DT_FIXUP_PROTOCOL *This,
IN VOID *Fdt,
IN OUT UINTN *BufferSize,
IN UINT32 Flags
);
#define EFI_DT_APPLY_FIXUPS 0x00000001
#define EFI_DT_RESERVE_MEMORY 0x00000002
typedef struct _EFI_DT_FIXUP_PROTOCOL {
UINT64 Revision;
EFI_DT_FIXUP Fixup;
} EFI_DT_FIXUP_PROTOCOL;

22
sys/dev/pci/ahci_pci.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ahci_pci.c,v 1.17 2024/05/24 06:02:53 jsg Exp $ */
/* $OpenBSD: ahci_pci.c,v 1.18 2024/06/16 18:00:08 kn Exp $ */
/*
* Copyright (c) 2006 David Gwynne <dlg@openbsd.org>
@ -71,6 +71,8 @@ int ahci_intel_attach(struct ahci_softc *,
struct pci_attach_args *);
int ahci_samsung_attach(struct ahci_softc *,
struct pci_attach_args *);
int ahci_storx_attach(struct ahci_softc *,
struct pci_attach_args *);
static const struct ahci_device ahci_devices[] = {
{ PCI_VENDOR_AMD, PCI_PRODUCT_AMD_HUDSON2_SATA_1,
@ -148,7 +150,10 @@ static const struct ahci_device ahci_devices[] = {
NULL, ahci_samsung_attach },
{ PCI_VENDOR_VIATECH, PCI_PRODUCT_VIATECH_VT8251_SATA,
ahci_no_match, ahci_vt8251_attach }
ahci_no_match, ahci_vt8251_attach },
{ PCI_VENDOR_ZHAOXIN, PCI_PRODUCT_ZHAOXIN_STORX_AHCI,
NULL, ahci_storx_attach },
};
int ahci_pci_match(struct device *, void *, void *);
@ -285,6 +290,19 @@ ahci_samsung_attach(struct ahci_softc *sc, struct pci_attach_args *pa)
return (0);
}
int
ahci_storx_attach(struct ahci_softc *sc, struct pci_attach_args *pa)
{
/*
* Disable MSI with the ZX-100/ZX-200/ZX-E StorX AHCI Controller
* in the Unchartevice 6640MA notebook, otherwise ahci(4) hangs
* with SATA speed set to "Gen3" in BIOS.
*/
sc->sc_flags |= AHCI_F_NO_MSI;
return (0);
}
int
ahci_pci_match(struct device *parent, void *match, void *aux)
{

3
sys/dev/pci/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
View file

@ -1135,7 +1135,8 @@ static int reserve_bo_and_cond_vms(struct kgd_mem *mem,
int ret;
ctx->sync = &mem->sync;
drm_exec_init(&ctx->exec, DRM_EXEC_INTERRUPTIBLE_WAIT);
drm_exec_init(&ctx->exec, DRM_EXEC_INTERRUPTIBLE_WAIT |
DRM_EXEC_IGNORE_DUPLICATES);
drm_exec_until_all_locked(&ctx->exec) {
ctx->n_vms = 0;
list_for_each_entry(entry, &mem->attachments, list) {

15
sys/dev/pci/drm/amd/amdgpu/amdgpu_atomfirmware.c
View file

@ -211,6 +211,7 @@ union igp_info {
struct atom_integrated_system_info_v1_11 v11;
struct atom_integrated_system_info_v1_12 v12;
struct atom_integrated_system_info_v2_1 v21;
struct atom_integrated_system_info_v2_3 v23;
};
union umc_info {
@ -359,6 +360,20 @@ amdgpu_atomfirmware_get_vram_info(struct amdgpu_device *adev,
if (vram_type)
*vram_type = convert_atom_mem_type_to_vram_type(adev, mem_type);
break;
case 3:
mem_channel_number = igp_info->v23.umachannelnumber;
if (!mem_channel_number)
mem_channel_number = 1;
mem_type = igp_info->v23.memorytype;
if (mem_type == LpDdr5MemType)
mem_channel_width = 32;
else
mem_channel_width = 64;
if (vram_width)
*vram_width = mem_channel_number * mem_channel_width;
if (vram_type)
*vram_type = convert_atom_mem_type_to_vram_type(adev, mem_type);
break;
default:
return -EINVAL;
}

3
sys/dev/pci/drm/amd/amdgpu/sdma_v4_0.c
View file

@ -2031,6 +2031,9 @@ static int sdma_v4_0_process_trap_irq(struct amdgpu_device *adev,
DRM_DEBUG("IH: SDMA trap\n");
instance = sdma_v4_0_irq_id_to_seq(entry->client_id);
if (instance < 0)
return instance;
switch (entry->ring_id) {
case 0:
amdgpu_fence_process(&adev->sdma.instance[instance].ring);

11
sys/dev/pci/drm/amd/amdkfd/kfd_device.c
View file

@ -402,15 +402,8 @@ struct kfd_dev *kgd2kfd_probe(struct amdgpu_device *adev, bool vf)
f2g = &gfx_v11_kfd2kgd;
break;
case IP_VERSION(11, 0, 3):
if ((adev->pdev->device == 0x7460 &&
adev->pdev->revision == 0x00) ||
(adev->pdev->device == 0x7461 &&
adev->pdev->revision == 0x00))
/* Note: Compiler version is 11.0.5 while HW version is 11.0.3 */
gfx_target_version = 110005;
else
/* Note: Compiler version is 11.0.1 while HW version is 11.0.3 */
gfx_target_version = 110001;
/* Note: Compiler version is 11.0.1 while HW version is 11.0.3 */
gfx_target_version = 110001;
f2g = &gfx_v11_kfd2kgd;
break;
default:

43
sys/dev/pci/drm/amd/include/atomfirmware.h
View file

@ -1625,6 +1625,49 @@ struct atom_integrated_system_info_v2_2
uint32_t reserved4[189];
};
struct uma_carveout_option {
char optionName[29]; //max length of string is 28chars + '\0'. Current design is for "minimum", "Medium", "High". This makes entire struct size 64bits
uint8_t memoryCarvedGb; //memory carved out with setting
uint8_t memoryRemainingGb; //memory remaining on system
union {
struct _flags {
uint8_t Auto : 1;
uint8_t Custom : 1;
uint8_t Reserved : 6;
} flags;
uint8_t all8;
} uma_carveout_option_flags;
};
struct atom_integrated_system_info_v2_3 {
struct atom_common_table_header table_header;
uint32_t vbios_misc; // enum of atom_system_vbiosmisc_def
uint32_t gpucapinfo; // enum of atom_system_gpucapinf_def
uint32_t system_config;
uint32_t cpucapinfo;
uint16_t gpuclk_ss_percentage; // unit of 0.001%, 1000 mean 1%
uint16_t gpuclk_ss_type;
uint16_t dpphy_override; // bit vector, enum of atom_sysinfo_dpphy_override_def
uint8_t memorytype; // enum of atom_dmi_t17_mem_type_def, APU memory type indication.
uint8_t umachannelnumber; // number of memory channels
uint8_t htc_hyst_limit;
uint8_t htc_tmp_limit;
uint8_t reserved1; // dp_ss_control
uint8_t gpu_package_id;
struct edp_info_table edp1_info;
struct edp_info_table edp2_info;
uint32_t reserved2[8];
struct atom_external_display_connection_info extdispconninfo;
uint8_t UMACarveoutVersion;
uint8_t UMACarveoutIndexMax;
uint8_t UMACarveoutTypeDefault;
uint8_t UMACarveoutIndexDefault;
uint8_t UMACarveoutType; //Auto or Custom
uint8_t UMACarveoutIndex;
struct uma_carveout_option UMASizeControlOption[20];
uint8_t reserved3[110];
};
// system_config
enum atom_system_vbiosmisc_def{
INTEGRATED_SYSTEM_INFO__GET_EDID_CALLBACK_FUNC_SUPPORT = 0x01,

20
sys/dev/pci/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c
View file

@ -226,15 +226,17 @@ static int smu_v13_0_4_system_features_control(struct smu_context *smu, bool en)
struct amdgpu_device *adev = smu->adev;
int ret = 0;
if (!en && adev->in_s4) {
/* Adds a GFX reset as workaround just before sending the
* MP1_UNLOAD message to prevent GC/RLC/PMFW from entering
* an invalid state.
*/
ret = smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_GfxDeviceDriverReset,
SMU_RESET_MODE_2, NULL);
if (ret)
return ret;
if (!en && !adev->in_s0ix) {
if (adev->in_s4) {
/* Adds a GFX reset as workaround just before sending the
* MP1_UNLOAD message to prevent GC/RLC/PMFW from entering
* an invalid state.
*/
ret = smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_GfxDeviceDriverReset,
SMU_RESET_MODE_2, NULL);
if (ret)
return ret;
}
ret = smu_cmn_send_smc_msg(smu, SMU_MSG_PrepareMp1ForUnload, NULL);
}

1
sys/dev/pci/drm/drm_fbdev_generic.c
View file

@ -122,7 +122,6 @@ static int drm_fbdev_generic_helper_fb_probe(struct drm_fb_helper *fb_helper,
/* screen */
info->flags |= FBINFO_VIRTFB | FBINFO_READS_FAST;
info->screen_buffer = screen_buffer;
info->fix.smem_start = page_to_phys(vmalloc_to_page(info->screen_buffer));
info->fix.smem_len = screen_size;
#ifdef notyet

46
sys/dev/pci/drm/i915/i915_hwmon.c
View file

@ -793,7 +793,7 @@ void i915_hwmon_register(struct drm_i915_private *i915)
if (!IS_DGFX(i915))
return;
hwmon = devm_kzalloc(dev, sizeof(*hwmon), GFP_KERNEL);
hwmon = kzalloc(sizeof(*hwmon), GFP_KERNEL);
if (!hwmon)
return;
@ -819,14 +819,12 @@ void i915_hwmon_register(struct drm_i915_private *i915)
hwm_get_preregistration_info(i915);
/* hwmon_dev points to device hwmon<i> */
hwmon_dev = devm_hwmon_device_register_with_info(dev, ddat->name,
ddat,
&hwm_chip_info,
hwm_groups);
if (IS_ERR(hwmon_dev)) {
i915->hwmon = NULL;
return;
}
hwmon_dev = hwmon_device_register_with_info(dev, ddat->name,
ddat,
&hwm_chip_info,
hwm_groups);
if (IS_ERR(hwmon_dev))
goto err;
ddat->hwmon_dev = hwmon_dev;
@ -839,16 +837,36 @@ void i915_hwmon_register(struct drm_i915_private *i915)
if (!hwm_gt_is_visible(ddat_gt, hwmon_energy, hwmon_energy_input, 0))
continue;
hwmon_dev = devm_hwmon_device_register_with_info(dev, ddat_gt->name,
ddat_gt,
&hwm_gt_chip_info,
NULL);
hwmon_dev = hwmon_device_register_with_info(dev, ddat_gt->name,
ddat_gt,
&hwm_gt_chip_info,
NULL);
if (!IS_ERR(hwmon_dev))
ddat_gt->hwmon_dev = hwmon_dev;
}
return;
err:
i915_hwmon_unregister(i915);
}
void i915_hwmon_unregister(struct drm_i915_private *i915)
{
fetch_and_zero(&i915->hwmon);
struct i915_hwmon *hwmon = i915->hwmon;
struct intel_gt *gt;
int i;
if (!hwmon)
return;
for_each_gt(gt, i915, i)
if (hwmon->ddat_gt[i].hwmon_dev)
hwmon_device_unregister(hwmon->ddat_gt[i].hwmon_dev);
if (hwmon->ddat.hwmon_dev)
hwmon_device_unregister(hwmon->ddat.hwmon_dev);
mutex_destroy(&hwmon->hwmon_lock);
kfree(i915->hwmon);
i915->hwmon = NULL;
}

2
sys/dev/pci/drm/include/generated/autoconf.h
View file

@ -93,5 +93,5 @@
#endif
#if defined(SUSPEND) || defined(HIBERNATE)
#define CONFIG_PM_SLEEP
#define CONFIG_PM_SLEEP 1
#endif

28
sys/dev/pci/if_vmx.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_vmx.c,v 1.87 2024/06/07 08:44:25 jan Exp $ */
/* $OpenBSD: if_vmx.c,v 1.88 2024/06/17 11:13:43 bluhm Exp $ */
/*
* Copyright (c) 2013 Tsubai Masanari
@ -1619,6 +1619,8 @@ vmxnet3_start(struct ifqueue *ifq)
rgen = ring->gen;
for (;;) {
int hdrlen;
if (free <= NTXSEGS) {
ifq_set_oactive(ifq);
break;
@ -1628,6 +1630,30 @@ vmxnet3_start(struct ifqueue *ifq)
if (m == NULL)
break;
/*
* Headers for Ether, IP, TCP including options must lay in
* first mbuf to support TSO. Usually our stack gets that
* right. To avoid packet parsing here, make a rough estimate
* for simple IPv4. Cases seen in the wild contain only ether
* header in separate mbuf. To support IPv6 with TCP options,
* move as much as possible into first mbuf. Realloc mbuf
* before bus dma load.
*/
hdrlen = sizeof(struct ether_header) + sizeof(struct ip) +
sizeof(struct tcphdr);
if (ISSET(m->m_pkthdr.csum_flags, M_TCP_TSO) &&
m->m_len < hdrlen && hdrlen <= m->m_pkthdr.len) {
hdrlen = MHLEN;
/* m_pullup preserves alignment, reserve space */
hdrlen -= mtod(m, unsigned long) & (sizeof(long) - 1);
if (hdrlen > m->m_pkthdr.len)
hdrlen = m->m_pkthdr.len;
if ((m = m_pullup(m, hdrlen)) == NULL) {
ifq->ifq_errors++;
continue;
}
}
map = ring->dmap[prod];
if (vmx_load_mbuf(sc->sc_dmat, map, m) != 0) {

6
sys/dev/pci/pcidevs
View file

@ -1,4 +1,4 @@
$OpenBSD: pcidevs,v 1.2076 2024/05/22 16:24:59 martijn Exp $
$OpenBSD: pcidevs,v 1.2077 2024/06/16 16:20:51 kn Exp $
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
/*
@ -346,6 +346,7 @@ vendor SYMPHONY2 0x1c1c Symphony Labs
vendor SKHYNIX 0x1c5c SK hynix
vendor ADATA 0x1cc1 ADATA Technology
vendor UMIS 0x1cc4 Union Memory
vendor ZHAOXIN 0x1d17 Zhaoxin
vendor BAIKAL 0x1d39 Baikal Electronics
vendor AQUANTIA 0x1d6a Aquantia
vendor ROCKCHIP 0x1d87 Rockchip
@ -10039,6 +10040,9 @@ product YMTC PC005 0x1001 PC005
/* Zeinet products */
product ZEINET 1221 0x0001 1221
/* Zhaoxin products */
product ZHAOXIN STORX_AHCI 0x9083 StorX AHCI
/* Ziatech products */
product ZIATECH ZT8905 0x8905 PCI-ST32

6
sys/dev/pci/pcidevs.h
View file

@ -2,7 +2,7 @@
* THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT.
*
* generated from:
* OpenBSD: pcidevs,v 1.2075 2024/05/21 07:03:55 jsg Exp
* OpenBSD: pcidevs,v 1.2077 2024/06/16 16:20:51 kn Exp
*/
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
@ -351,6 +351,7 @@
#define PCI_VENDOR_SKHYNIX 0x1c5c /* SK hynix */
#define PCI_VENDOR_ADATA 0x1cc1 /* ADATA Technology */
#define PCI_VENDOR_UMIS 0x1cc4 /* Union Memory */
#define PCI_VENDOR_ZHAOXIN 0x1d17 /* Zhaoxin */
#define PCI_VENDOR_BAIKAL 0x1d39 /* Baikal Electronics */
#define PCI_VENDOR_AQUANTIA 0x1d6a /* Aquantia */
#define PCI_VENDOR_ROCKCHIP 0x1d87 /* Rockchip */
@ -10044,6 +10045,9 @@
/* Zeinet products */
#define PCI_PRODUCT_ZEINET_1221 0x0001 /* 1221 */
/* Zhaoxin products */
#define PCI_PRODUCT_ZHAOXIN_STORX_AHCI 0x9083 /* StorX AHCI */
/* Ziatech products */
#define PCI_PRODUCT_ZIATECH_ZT8905 0x8905 /* PCI-ST32 */

10
sys/dev/pci/pcidevs_data.h
View file

@ -2,7 +2,7 @@
* THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT.
*
* generated from:
* OpenBSD: pcidevs,v 1.2075 2024/05/21 07:03:55 jsg Exp
* OpenBSD: pcidevs,v 1.2077 2024/06/16 16:20:51 kn Exp
*/
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
@ -36047,6 +36047,10 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_ZEINET, PCI_PRODUCT_ZEINET_1221,
"1221",
},
{
PCI_VENDOR_ZHAOXIN, PCI_PRODUCT_ZHAOXIN_STORX_AHCI,
"StorX AHCI",
},
{
PCI_VENDOR_ZIATECH, PCI_PRODUCT_ZIATECH_ZT8905,
"PCI-ST32",
@ -37279,6 +37283,10 @@ static const struct pci_known_vendor pci_known_vendors[] = {
PCI_VENDOR_UMIS,
"Union Memory",
},
{
PCI_VENDOR_ZHAOXIN,
"Zhaoxin",
},
{
PCI_VENDOR_BAIKAL,
"Baikal Electronics",

4
usr.bin/make/buf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: buf.c,v 1.30 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: buf.c,v 1.31 2024/06/18 02:11:03 millert Exp $ */
/* $NetBSD: buf.c,v 1.9 1996/12/31 17:53:21 christos Exp $ */
/*
@ -90,7 +90,7 @@
#endif
static void
fatal_overflow()
fatal_overflow(void)
{
fprintf(stderr, "buffer size overflow\n");
exit(2);

6
usr.bin/make/compat.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: compat.c,v 1.94 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: compat.c,v 1.95 2024/06/18 02:11:03 millert Exp $ */
/* $NetBSD: compat.c,v 1.14 1996/11/06 17:59:01 christos Exp $ */
/*
@ -247,12 +247,12 @@ CompatMake(void *gnp, /* The node to make */
}
void
Compat_Init()
Compat_Init(void)
{
}
void
Compat_Update(GNode *gn)
Compat_Update(GNode *gn UNUSED)
{
}

4
usr.bin/make/error.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: error.c,v 1.26 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: error.c,v 1.27 2024/06/18 02:11:03 millert Exp $ */
/*
* Copyright (c) 2001 Marc Espie.
@ -122,7 +122,7 @@ Punt(const char *fmt, ...)
* The program exits
*/
void
Finish()
Finish(void)
{
Job_Wait();
print_errors();

12
usr.bin/make/job.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: job.c,v 1.165 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: job.c,v 1.166 2024/06/18 02:11:03 millert Exp $ */
/* $NetBSD: job.c,v 1.16 1996/11/06 17:59:08 christos Exp $ */
/*
@ -297,7 +297,7 @@ quick_summary(int signo)
}
static void
internal_print_errors()
internal_print_errors(void)
{
Job *j, *k, *jnext;
int dying;
@ -375,7 +375,7 @@ notice_signal(int sig)
}
void
Sigset_Init()
Sigset_Init(void)
{
sigemptyset(&emptyset);
sigprocmask(SIG_BLOCK, &emptyset, &origset);
@ -664,7 +664,7 @@ may_continue_job(Job *job)
}
static void
may_continue_heldback_jobs()
may_continue_heldback_jobs(void)
{
while (!no_new_jobs) {
if (heldJobs != NULL) {
@ -775,7 +775,7 @@ reap_jobs(void)
}
void
reset_signal_mask()
reset_signal_mask(void)
{
sigprocmask(SIG_SETMASK, &origset, NULL);
}
@ -811,7 +811,7 @@ handle_running_jobs(void)
}
void
loop_handle_running_jobs()
loop_handle_running_jobs(void)
{
while (runningJobs != NULL)
handle_running_jobs();

16
usr.bin/make/main.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.132 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: main.c,v 1.133 2024/06/18 02:11:03 millert Exp $ */
/* $NetBSD: main.c,v 1.34 1997/03/24 20:56:36 gwr Exp $ */
/*
@ -127,7 +127,7 @@ record_option(int c, const char *arg)
}
void
set_notparallel()
set_notparallel(void)
{
compatMake = true;
}
@ -465,7 +465,7 @@ add_dirpath(Lst l, const char *n)
* run-time.
*/
static char *
figure_out_MACHINE()
figure_out_MACHINE(void)
{
char *r = getenv("MACHINE");
if (r == NULL) {
@ -479,7 +479,7 @@ figure_out_MACHINE()
}
static char *
figure_out_MACHINE_ARCH()
figure_out_MACHINE_ARCH(void)
{
char *r = getenv("MACHINE_ARCH");
if (r == NULL) {
@ -492,7 +492,7 @@ figure_out_MACHINE_ARCH()
return r;
}
static char *
figure_out_MACHINE_CPU()
figure_out_MACHINE_CPU(void)
{
char *r = getenv("MACHINE_CPU");
if (r == NULL) {
@ -510,7 +510,7 @@ figure_out_MACHINE_CPU()
}
static char *
figure_out_CURDIR()
figure_out_CURDIR(void)
{
char *dir, *cwd;
struct stat sa, sb;
@ -577,7 +577,7 @@ setup_CURDIR_OBJDIR(struct dirs *d)
* <directory>:<directory>:<directory>...
*/
static void
setup_VPATH()
setup_VPATH(void)
{
if (Var_Value("VPATH") != NULL) {
char *vpath;
@ -936,7 +936,7 @@ found: Var_Set("MAKEFILE", fname);
* exit with usage message
*/
static void
usage()
usage(void)
{
(void)fprintf(stderr,
"usage: make [-BeiknpqrSst] [-C directory] [-D variable] [-d flags] [-f mk]\n\

8
usr.bin/make/make.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: make.c,v 1.84 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: make.c,v 1.85 2024/06/18 02:11:03 millert Exp $ */
/* $NetBSD: make.c,v 1.10 1996/11/06 17:59:15 christos Exp $ */
/*
@ -118,13 +118,13 @@ static bool randomize_queue;
long random_delay = 0;
bool
nothing_left_to_build()
nothing_left_to_build(void)
{
return Array_IsEmpty(&to_build);
}
static void
random_setup()
random_setup(void)
{
randomize_queue = Var_Definedi("RANDOM_ORDER", NULL);
@ -503,7 +503,7 @@ add_targets_to_make(Lst todo)
}
void
Make_Init()
Make_Init(void)
{
/* wild guess at initial sizes */
Array_Init(&to_build, 500);

12
usr.bin/make/parse.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parse.c,v 1.136 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: parse.c,v 1.137 2024/06/18 02:11:03 millert Exp $ */
/* $NetBSD: parse.c,v 1.29 1997/03/10 21:20:04 christos Exp $ */
/*
@ -219,7 +219,7 @@ static struct {
#undef P
static void
create_special_nodes()
create_special_nodes(void)
{
unsigned int i;
@ -690,7 +690,7 @@ parse_do_targets(Lst paths, unsigned int *op, const char *line)
}
static void
dump_targets()
dump_targets(void)
{
size_t i;
for (i = 0; i < gtargets.n; i++)
@ -1436,6 +1436,7 @@ build_target_group(struct growableArray *targets, struct ohash *t)
LstNode ln;
bool seen_target = false;
unsigned int i;
GNode *gn, *gn2;
/* may be 0 if wildcard expansion resulted in zero match */
if (targets->n <= 1)
@ -1465,7 +1466,6 @@ build_target_group(struct growableArray *targets, struct ohash *t)
if (seen_target)
return;
GNode *gn, *gn2;
/* targets may already participate in groupling lists,
* so rebuild the circular list "from scratch"
*/
@ -1488,7 +1488,7 @@ build_target_group(struct growableArray *targets, struct ohash *t)
}
static void
reset_target_hash()
reset_target_hash(void)
{
if (htargets_setup)
ohash_delete(&htargets);
@ -1497,7 +1497,7 @@ reset_target_hash()
}
void
Parse_End()
Parse_End(void)
{
if (htargets_setup)
ohash_delete(&htargets);

15
usr.bin/make/parsevar.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parsevar.c,v 1.17 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: parsevar.c,v 1.18 2024/06/18 02:11:03 millert Exp $ */
/* $NetBSD: parse.c,v 1.29 1997/03/10 21:20:04 christos Exp $ */
/*
@ -38,7 +38,6 @@
#include "parsevar.h"
static const char *find_op1(const char *);
static const char *find_op2(const char *);
static bool parse_variable_assignment(const char *, int);
static const char *
@ -55,18 +54,6 @@ find_op1(const char *p)
return p;
}
static const char *
find_op2(const char *p)
{
for(;; p++) {
if (ISSPACE(*p) || *p == '$' || *p == '\0')
break;
if (p[strspn(p, "?:!+")] == '=')
break;
}
return p;
}
static bool
parse_variable_assignment(const char *line, int ctxt)
{

4
usr.bin/make/targ.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: targ.c,v 1.87 2024/05/21 05:00:48 jsg Exp $ */
/* $OpenBSD: targ.c,v 1.88 2024/06/18 02:11:03 millert Exp $ */
/* $NetBSD: targ.c,v 1.11 1997/02/20 16:51:50 christos Exp $ */
/*
@ -337,7 +337,7 @@ status_to_string(GNode *gn)
}
struct ohash *
targets_hash()
targets_hash(void)
{
return &targets;
}

4
usr.bin/make/targequiv.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: targequiv.c,v 1.10 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: targequiv.c,v 1.11 2024/06/18 02:11:04 millert Exp $ */
/*
* Copyright (c) 2007-2008 Marc Espie.
*
@ -109,7 +109,7 @@ add_to_equiv_list(struct ohash *equiv, GNode *gn)
}
static void
build_equivalence()
build_equivalence(void)
{
unsigned int i;
GNode *gn;

6
usr.bin/make/var.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: var.c,v 1.106 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: var.c,v 1.107 2024/06/18 02:11:04 millert Exp $ */
/* $NetBSD: var.c,v 1.18 1997/03/18 19:24:46 christos Exp $ */
/*
@ -1365,7 +1365,7 @@ Var_SubstVar(Buffer buf, /* To store result */
***/
static void
set_magic_shell_variable()
set_magic_shell_variable(void)
{
const char *name = "SHELL";
const char *ename = NULL;
@ -1380,7 +1380,7 @@ set_magic_shell_variable()
}
static void
set_magic_name_list_variable()
set_magic_name_list_variable(void)
{
const char *name = VARNAME_LIST;
const char *ename = NULL;

4
usr.bin/make/varmodifiers.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: varmodifiers.c,v 1.49 2023/09/04 11:35:11 espie Exp $ */
/* $OpenBSD: varmodifiers.c,v 1.50 2024/06/18 02:11:04 millert Exp $ */
/* $NetBSD: var.c,v 1.18 1997/03/18 19:24:46 christos Exp $ */
/*
@ -174,7 +174,7 @@ static struct modifier {
;
void
VarModifiers_Init()
VarModifiers_Init(void)
{
choose_mod['M'] = &match_mod;
choose_mod['N'] = &nomatch_mod;

3
usr.bin/mandoc/st.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: st.c,v 1.14 2022/01/13 08:39:24 schwarze Exp $ */
/* $OpenBSD: st.c,v 1.15 2024/06/16 18:33:05 job Exp $ */
/*
* Copyright (c) 2009, 2010 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -35,6 +35,7 @@ LINE("-p1003.1-96", "ISO/IEC 9945-1:1996 (\\(lqPOSIX.1\\(rq)")
LINE("-p1003.1-2001", "IEEE Std 1003.1-2001 (\\(lqPOSIX.1\\(rq)")
LINE("-p1003.1-2004", "IEEE Std 1003.1-2004 (\\(lqPOSIX.1\\(rq)")
LINE("-p1003.1-2008", "IEEE Std 1003.1-2008 (\\(lqPOSIX.1\\(rq)")
LINE("-p1003.1-2024", "IEEE Std 1003.1-2024 (\\(lqPOSIX.1\\(rq)")
LINE("-p1003.1", "IEEE Std 1003.1 (\\(lqPOSIX.1\\(rq)")
LINE("-p1003.1b", "IEEE Std 1003.1b (\\(lqPOSIX.1b\\(rq)")
LINE("-p1003.1b-93", "IEEE Std 1003.1b-1993 (\\(lqPOSIX.1b\\(rq)")

8
usr.bin/sed/compile.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: compile.c,v 1.51 2022/12/26 19:16:02 jmc Exp $ */
/* $OpenBSD: compile.c,v 1.52 2024/06/18 00:32:22 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
@ -151,7 +151,7 @@ compile_stream(struct s_command **link)
stack = 0;
for (;;) {
if ((p = cu_fgets(&lbuf, &bufsize)) == NULL) {
if ((p = cu_getline(&lbuf, &bufsize)) == NULL) {
if (stack != 0)
error(COMPILE, "unexpected EOF (pending }'s)");
return (link);
@ -538,7 +538,7 @@ compile_subst(char *p, struct s_subst *s)
*sp++ = *p;
}
size += sp - op;
} while ((p = cu_fgets(&lbuf, &bufsize)));
} while ((p = cu_getline(&lbuf, &bufsize)));
error(COMPILE, "unterminated substitute in regular expression");
}
@ -682,7 +682,7 @@ compile_text(void)
lbuf = text = NULL;
asize = size = 0;
while ((p = cu_fgets(&lbuf, &bufsize))) {
while ((p = cu_getline(&lbuf, &bufsize))) {
size_t len = ROUNDLEN(strlen(p) + 1);
if (asize - size < len) {
do {

6
usr.bin/sed/extern.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.14 2018/11/14 10:59:33 martijn Exp $ */
/* $OpenBSD: extern.h,v 1.15 2024/06/18 00:32:22 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
* Copyright (c) 1992, 1993
@ -48,10 +48,10 @@ extern FILE *infile, *outfile;
void cfclose(struct s_command *, struct s_command *);
void compile(void);
void cspace(SPACE *, const char *, size_t, enum e_spflag);
char *cu_fgets(char **, size_t *);
char *cu_getline(char **, size_t *);
__dead void error(int, const char *, ...);
void warning(const char *, ...);
int mf_fgets(SPACE *, enum e_spflag);
int mf_getline(SPACE *, enum e_spflag);
int lastline(void);
void finish_file(void);
void process(void);

10
usr.bin/sed/main.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.44 2023/02/08 08:18:11 tb Exp $ */
/* $OpenBSD: main.c,v 1.45 2024/06/18 00:32:22 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
@ -209,11 +209,11 @@ main(int argc, char *argv[])
}
/*
* Like fgets, but go through the chain of compilation units chaining them
* Like getline, but go through the chain of compilation units chaining them
* together. Empty strings and files are ignored.
*/
char *
cu_fgets(char **outbuf, size_t *outsize)
cu_getline(char **outbuf, size_t *outsize)
{
static enum {ST_EOF, ST_FILE, ST_STRING} state = ST_EOF;
static FILE *f; /* Current open file */
@ -328,11 +328,11 @@ finish_file(void)
}
/*
* Like fgets, but go through the list of files chaining them together.
* Like getline, but go through the list of files chaining them together.
* Set len to the length of the line.
*/
int
mf_fgets(SPACE *sp, enum e_spflag spflag)
mf_getline(SPACE *sp, enum e_spflag spflag)
{
struct stat sb;
size_t len;

8
usr.bin/sed/process.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: process.c,v 1.35 2022/01/12 15:13:36 martijn Exp $ */
/* $OpenBSD: process.c,v 1.36 2024/06/18 00:32:22 millert Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
@ -90,7 +90,7 @@ process(void)
size_t len, oldpsl;
char *p;
for (linenum = 0; mf_fgets(&PS, REPLACE);) {
for (linenum = 0; mf_getline(&PS, REPLACE);) {
pd = 0;
top:
cp = prog;
@ -164,14 +164,14 @@ redirect:
if (!nflag && !pd)
OUT();
flush_appends();
if (!mf_fgets(&PS, REPLACE))
if (!mf_getline(&PS, REPLACE))
exit(0);
pd = 0;
break;
case 'N':
flush_appends();
cspace(&PS, "\n", 1, 0);
if (!mf_fgets(&PS, 0))
if (!mf_getline(&PS, 0))
exit(0);
break;
case 'p':

4
usr.bin/ssh/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.93 2024/06/04 15:14:45 deraadt Exp $
# $OpenBSD: Makefile.inc,v 1.94 2024/06/17 08:30:29 djm Exp $
.include <bsd.own.mk>
@ -37,7 +37,7 @@ WARNINGS=yes
OPENSSL?= yes
ZLIB?= yes
DSAKEY?= yes
DSAKEY?= no
.if (${OPENSSL:L} == "yes")
CFLAGS+= -DWITH_OPENSSL

6
usr.bin/ssh/serverloop.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.239 2024/05/17 00:30:24 djm Exp $ */
/* $OpenBSD: serverloop.c,v 1.240 2024/06/17 08:28:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -260,11 +260,11 @@ process_input(struct ssh *ssh, int connection_in)
if (errno == EAGAIN || errno == EINTR)
return 0;
if (errno == EPIPE) {
verbose("Connection closed by %.100s port %d",
logit("Connection closed by %.100s port %d",
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
return -1;
}
verbose("Read error from remote host %s port %d: %s",
logit("Read error from remote host %s port %d: %s",
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
strerror(errno));
cleanup_exit(255);

12
usr.bin/ssh/ssh-add.1
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-add.1,v 1.86 2023/12/19 06:57:34 jmc Exp $
.\" $OpenBSD: ssh-add.1,v 1.87 2024/06/17 08:30:29 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 19 2023 $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH-ADD 1
.Os
.Sh NAME
@ -67,10 +67,9 @@ When run without arguments, it adds the files
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_ecdsa ,
.Pa ~/.ssh/id_ecdsa_sk ,
.Pa ~/.ssh/id_ed25519 ,
.Pa ~/.ssh/id_ed25519_sk ,
.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_dsa .
.Pa ~/.ssh/id_ed25519_sk .
After loading a private key,
.Nm
will try to load corresponding certificate information from the
@ -314,13 +313,12 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.ssh/id_dsa
.It Pa ~/.ssh/id_ecdsa
.It Pa ~/.ssh/id_ecdsa_sk
.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_ed25519_sk
.It Pa ~/.ssh/id_rsa
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of the user.
.El
.Pp

20
usr.bin/ssh/ssh-keygen.1
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.230 2023/09/04 10:29:58 job Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.232 2024/06/17 13:50:18 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 4 2023 $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@ -51,7 +51,7 @@
.Op Fl m Ar format
.Op Fl N Ar new_passphrase
.Op Fl O Ar option
.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
.Op Fl t Cm ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
.Op Fl w Ar provider
.Op Fl Z Ar cipher
.Nm ssh-keygen
@ -205,7 +205,6 @@ section for details.
Normally each user wishing to use SSH
with public key authentication runs this once to create the authentication
key in
.Pa ~/.ssh/id_dsa ,
.Pa ~/.ssh/id_ecdsa ,
.Pa ~/.ssh/id_ecdsa_sk ,
.Pa ~/.ssh/id_ed25519 ,
@ -296,7 +295,6 @@ Show the bubblebabble digest of specified private or public key file.
Specifies the number of bits in the key to create.
For RSA keys, the minimum size is 1024 bits and the default is 3072 bits.
Generally, 3072 bits is considered sufficient.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
For ECDSA keys, the
.Fl b
flag determines the key length by selecting from one of three elliptic
@ -414,9 +412,8 @@ section.
Prints the contents of one or more certificates.
.It Fl l
Show fingerprint of specified public key file.
For RSA and DSA keys
.Nm
tries to find the matching public key file and prints its fingerprint.
will try to find the matching public key file and prints its fingerprint.
If combined with
.Fl v ,
a visual ASCII art representation of the key is supplied with the
@ -579,10 +576,9 @@ by key ID or serial number.
See the
.Sx KEY REVOCATION LISTS
section for details.
.It Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
.It Fl t Cm ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
Specifies the type of key to create.
The possible values are
.Dq dsa ,
.Dq ecdsa ,
.Dq ecdsa-sk ,
.Dq ed25519 ,
@ -1290,13 +1286,12 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.ssh/id_dsa
.It Pa ~/.ssh/id_ecdsa
.It Pa ~/.ssh/id_ecdsa_sk
.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_ed25519_sk
.It Pa ~/.ssh/id_rsa
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
@ -1308,13 +1303,12 @@ but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.Pp
.It Pa ~/.ssh/id_dsa.pub
.It Pa ~/.ssh/id_ecdsa.pub
.It Pa ~/.ssh/id_ecdsa_sk.pub
.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_ed25519_sk.pub
.It Pa ~/.ssh/id_rsa.pub
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA public key for authentication.
The contents of this file should be added to
.Pa ~/.ssh/authorized_keys

16
usr.bin/ssh/ssh-keyscan.1
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keyscan.1,v 1.51 2024/06/14 05:20:34 jmc Exp $
.\" $OpenBSD: ssh-keyscan.1,v 1.52 2024/06/17 08:30:29 djm Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
.Dd $Mdocdate: June 14 2024 $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@ -130,7 +130,6 @@ The default is 5 seconds.
.It Fl t Ar type
Specify the type of the key to fetch from the scanned hosts.
The possible values are
.Dq dsa ,
.Dq ecdsa ,
.Dq ed25519 ,
.Dq ecdsa-sk ,
@ -138,14 +137,7 @@ The possible values are
or
.Dq rsa .
Multiple values may be specified by separating them with commas.
The default is to fetch
.Dq rsa ,
.Dq ecdsa ,
.Dq ed25519 ,
.Dq ecdsa-sk ,
and
.Dq ed25519-sk
keys.
The default is to fetch all the above key types.
.It Fl v
Verbose mode:
print debugging messages about progress.
@ -177,7 +169,7 @@ Find all hosts from the file
which have new or different keys from those in the sorted file
.Pa ssh_known_hosts :
.Bd -literal -offset indent
$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
$ ssh-keyscan -t rsa,ecdsa,ed25519 -f ssh_hosts | \e
sort -u - ssh_known_hosts | diff ssh_known_hosts -
.Ed
.Sh SEE ALSO

6
usr.bin/ssh/ssh-keysign.8
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keysign.8,v 1.17 2022/03/31 17:27:27 naddy Exp $
.\" $OpenBSD: ssh-keysign.8,v 1.18 2024/06/17 08:30:29 djm Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 31 2022 $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
@ -61,7 +61,6 @@ Controls whether
.Nm
is enabled.
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_ecdsa_key
.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key
@ -73,7 +72,6 @@ Since they are readable only by root,
.Nm
must be set-uid root if host-based authentication is used.
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub

21
usr.bin/ssh/ssh.1
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.440 2024/05/26 20:35:12 naddy Exp $
.Dd $Mdocdate: May 26 2024 $
.\" $OpenBSD: ssh.1,v 1.441 2024/06/17 08:30:29 djm Exp $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH 1
.Os
.Sh NAME
@ -304,10 +304,9 @@ The default is
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_ecdsa ,
.Pa ~/.ssh/id_ecdsa_sk ,
.Pa ~/.ssh/id_ed25519 ,
.Pa ~/.ssh/id_ed25519_sk
.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_dsa .
.Pa ~/.ssh/id_ed25519_sk .
Identity files may also be specified on
a per-host basis in the configuration file.
It is possible to have multiple
@ -929,10 +928,10 @@ key pair for authentication purposes.
The server knows the public key, and only the user knows the private key.
.Nm
implements public key authentication protocol automatically,
using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
using one of the ECDSA, Ed25519 or RSA algorithms.
The HISTORY section of
.Xr ssl 8
contains a brief discussion of the DSA and RSA algorithms.
contains a brief discussion of the RSA and ECDSA algorithms.
.Pp
The file
.Pa ~/.ssh/authorized_keys
@ -959,8 +958,6 @@ flag).
The user creates their key pair by running
.Xr ssh-keygen 1 .
This stores the private key in
.Pa ~/.ssh/id_dsa
(DSA),
.Pa ~/.ssh/id_ecdsa
(ECDSA),
.Pa ~/.ssh/id_ecdsa_sk
@ -973,8 +970,6 @@ or
.Pa ~/.ssh/id_rsa
(RSA)
and stores the public key in
.Pa ~/.ssh/id_dsa.pub
(DSA),
.Pa ~/.ssh/id_ecdsa.pub
(ECDSA),
.Pa ~/.ssh/id_ecdsa_sk.pub
@ -1556,7 +1551,7 @@ secret, but the recommended permissions are read/write/execute for the user,
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA)
Lists the public keys (ECDSA, Ed25519, RSA)
that can be used for logging in as this user.
The format of this file is described in the
.Xr sshd 8
@ -1576,7 +1571,6 @@ Contains additional definitions for environment variables; see
.Sx ENVIRONMENT ,
above.
.Pp
.It Pa ~/.ssh/id_dsa
.It Pa ~/.ssh/id_ecdsa
.It Pa ~/.ssh/id_ecdsa_sk
.It Pa ~/.ssh/id_ed25519
@ -1592,7 +1586,6 @@ It is possible to specify a passphrase when
generating the key which will be used to encrypt the
sensitive part of this file using AES-128.
.Pp
.It Pa ~/.ssh/id_dsa.pub
.It Pa ~/.ssh/id_ecdsa.pub
.It Pa ~/.ssh/id_ecdsa_sk.pub
.It Pa ~/.ssh/id_ed25519.pub

11
usr.bin/ssh/ssh_config.5
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.395 2024/06/14 05:01:22 djm Exp $
.Dd $Mdocdate: June 14 2024 $
.\" $OpenBSD: ssh_config.5,v 1.396 2024/06/17 08:30:29 djm Exp $
.Dd $Mdocdate: June 17 2024 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -1114,7 +1114,7 @@ section and environment variables as described in the
.Sx ENVIRONMENT VARIABLES
section.
.It Cm IdentityFile
Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA,
Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
You can also specify a public key file to use the corresponding
private key that is loaded in
@ -1124,10 +1124,9 @@ The default is
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_ecdsa ,
.Pa ~/.ssh/id_ecdsa_sk ,
.Pa ~/.ssh/id_ed25519 ,
.Pa ~/.ssh/id_ed25519_sk
.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_dsa .
.Pa ~/.ssh/id_ed25519_sk .
Additionally, any identities represented by the authentication agent
will be used for authentication unless
.Cm IdentitiesOnly

9
usr.bin/ssh/sshd.8
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.325 2023/09/19 20:37:07 deraadt Exp $
.Dd $Mdocdate: September 19 2023 $
.\" $OpenBSD: sshd.8,v 1.326 2024/06/17 08:30:29 djm Exp $
.Dd $Mdocdate: June 17 2024 $
.Dt SSHD 8
.Os
.Sh NAME
@ -438,8 +438,6 @@ sk-ssh-ed25519@openssh.com
.It
ssh-ed25519
.It
ssh-dss
.It
ssh-rsa
.El
.Pp
@ -450,7 +448,6 @@ Note that lines in this file can be several hundred bytes long
(because of the size of the public key encoding) up to a limit of
8 kilobytes, which permits RSA keys up to 16 kilobits.
You don't want to type them in; instead, copy the
.Pa id_dsa.pub ,
.Pa id_ecdsa.pub ,
.Pa id_ecdsa_sk.pub ,
.Pa id_ed25519.pub ,
@ -854,7 +851,7 @@ secret, but the recommended permissions are read/write/execute for the user,
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA)
Lists the public keys (ECDSA, Ed25519, RSA)
that can be used for logging in as this user.
The format of this file is described above.
The content of the file is not highly sensitive, but the recommended

10
usr.bin/timeout/timeout.1
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: timeout.1,v 1.8 2023/11/03 19:16:31 cheloha Exp $
.\" $OpenBSD: timeout.1,v 1.9 2024/06/16 18:33:56 job Exp $
.\" $NetBSD: timeout.1,v 1.4 2016/10/13 06:22:26 dholland Exp $
.\"
.\" Copyright (c) 2014 Baptiste Daroussin <bapt@FreeBSD.org>
@ -27,7 +27,7 @@
.\"
.\" $FreeBSD: head/usr.bin/timeout/timeout.1 268861 2014-07-18 22:56:59Z bapt $
.\"
.Dd $Mdocdate: November 3 2023 $
.Dd $Mdocdate: June 16 2024 $
.Dt TIMEOUT 1
.Os
.Sh NAME
@ -118,6 +118,12 @@ returns the exit status of the
.Sh SEE ALSO
.Xr kill 1 ,
.Xr signal 3
.Sh STANDARDS
The
.Nm
utility is compliant with the
.St -p1003.1-2024
specification.
.Sh HISTORY
The
.Nm

15
usr.sbin/relayd/parse.y
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parse.y,v 1.255 2023/10/29 11:27:11 kn Exp $ */
/* $OpenBSD: parse.y,v 1.256 2024/06/17 08:02:57 sashan Exp $ */
/*
* Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@ -179,14 +179,14 @@ typedef struct {
%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE
%token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE
%token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS
%token WEBSOCKETS
%token WEBSOCKETS PFLOG
%token <v.string> STRING
%token <v.number> NUMBER
%type <v.string> context hostname interface table value path
%type <v.number> http_type loglevel quick
%type <v.number> dstmode flag forwardmode retry
%type <v.number> opttls opttlsclient
%type <v.number> redirect_proto relay_proto match
%type <v.number> redirect_proto relay_proto match pflog
%type <v.number> action ruleaf key_option
%type <v.port> port
%type <v.host> host
@ -605,7 +605,7 @@ rdroptsl : forwardmode TO tablespec interface {
$3->conf.rdrid = rdr->conf.id;
$3->conf.flags |= F_USED;
}
| LISTEN ON STRING redirect_proto port interface {
| LISTEN ON STRING redirect_proto port interface pflog {
if (host($3, &rdr->virts,
SRV_MAX_VIRTS, &$5, $6, $4) <= 0) {
yyerror("invalid virtual ip: %s", $3);
@ -618,6 +618,8 @@ rdroptsl : forwardmode TO tablespec interface {
if (rdr->conf.port == 0)
rdr->conf.port = $5.val[0];
tableport = rdr->conf.port;
if ($7)
rdr->conf.flags |= F_PFLOG;
}
| DISABLE { rdr->conf.flags |= F_DISABLE; }
| STICKYADDR { rdr->conf.flags |= F_STICKY; }
@ -651,6 +653,10 @@ match : /* empty */ { $$ = 0; }
| MATCH { $$ = 1; }
;
pflog : /* empty */ { $$ = 0; }
| PFLOG { $$ = 1; }
;
forwardmode : FORWARD { $$ = FWD_NORMAL; }
| ROUTE { $$ = FWD_ROUTE; }
| TRANSPARENT FORWARD { $$ = FWD_TRANS; }
@ -2454,6 +2460,7 @@ lookup(char *s)
{ "pass", PASS },
{ "password", PASSWORD },
{ "path", PATH },
{ "pflog", PFLOG },
{ "pftag", PFTAG },
{ "port", PORT },
{ "prefork", PREFORK },

36
usr.sbin/relayd/pfe.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pfe.c,v 1.90 2020/09/14 11:30:25 martijn Exp $ */
/* $OpenBSD: pfe.c,v 1.91 2024/06/17 08:36:56 sashan Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@ -584,11 +584,14 @@ int
disable_host(struct ctl_conn *c, struct ctl_id *id, struct host *host)
{
struct host *h;
struct table *table;
struct table *table, *t;
int host_byname = 0;
if (host == NULL) {
if (id->id == EMPTY_ID)
if (id->id == EMPTY_ID) {
host = host_findbyname(env, id->name);
host_byname = 1;
}
else
host = host_find(env, id->id);
if (host == NULL || host->conf.parentid)
@ -625,6 +628,16 @@ disable_host(struct ctl_conn *c, struct ctl_id *id, struct host *host)
/* Disable all children */
SLIST_FOREACH(h, &host->children, child)
disable_host(c, id, h);
/* Disable hosts with same name on all tables */
if (host_byname)
TAILQ_FOREACH(t, env->sc_tables, entry)
TAILQ_FOREACH(h, &t->hosts, entry)
if (strcmp(h->conf.name,
host->conf.name) == 0 &&
h->conf.id != host->conf.id &&
!h->conf.parentid)
disable_host(c, id, h);
pfe_sync();
}
return (0);
@ -634,10 +647,15 @@ int
enable_host(struct ctl_conn *c, struct ctl_id *id, struct host *host)
{
struct host *h;
struct table *t;
int host_byname = 0;
if (host == NULL) {
if (id->id == EMPTY_ID)
if (id->id == EMPTY_ID) {
host = host_findbyname(env, id->name);
host_byname = 1;
}
else
host = host_find(env, id->id);
if (host == NULL || host->conf.parentid)
@ -666,6 +684,16 @@ enable_host(struct ctl_conn *c, struct ctl_id *id, struct host *host)
/* Enable all children */
SLIST_FOREACH(h, &host->children, child)
enable_host(c, id, h);
/* Enable hosts with same name on all tables */
if (host_byname)
TAILQ_FOREACH(t, env->sc_tables, entry)
TAILQ_FOREACH(h, &t->hosts, entry)
if (strcmp(h->conf.name,
host->conf.name) == 0 &&
h->conf.id != host->conf.id &&
!h->conf.parentid)
enable_host(c, id, h);
pfe_sync();
}
return (0);

7
usr.sbin/relayd/pfe_filter.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pfe_filter.c,v 1.65 2023/09/14 09:54:31 yasuoka Exp $ */
/* $OpenBSD: pfe_filter.c,v 1.66 2024/06/17 08:02:57 sashan Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@ -377,6 +377,11 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
rio.rule.direction = PF_IN;
rio.rule.keep_state = PF_STATE_NORMAL;
if (rdr->conf.flags & F_PFLOG)
rio.rule.log = 1;
else
rio.rule.log = 0; /* allow change via reload */
switch (t->conf.fwdmode) {
case FWD_NORMAL:
/* traditional redirection */

11
usr.sbin/relayd/relayd.conf.5
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: relayd.conf.5,v 1.207 2023/10/29 11:27:11 kn Exp $
.\" $OpenBSD: relayd.conf.5,v 1.208 2024/06/17 08:02:57 sashan Exp $
.\"
.\" Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: October 29 2023 $
.Dd $Mdocdate: June 17 2024 $
.Dt RELAYD.CONF 5
.Os
.Sh NAME
@ -517,6 +517,7 @@ At least one entry for the main table is mandatory.
.Op ip-proto
.Ic port Ar port
.Op Ic interface Ar name
.Op Ic pflog
.Xc
Specify an
.Ar address
@ -540,6 +541,12 @@ or
it defaults to
.Cm tcp .
The rule can be optionally restricted to a given interface name.
The optional
.Ic pflog
keyword will add
.Cm log
to the rule. The logged packets are sent to
.Xr pflog 4 .
.It Xo
.Op Ic match
.Ic pftag Ar name

3
usr.sbin/relayd/relayd.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: relayd.h,v 1.272 2024/05/18 06:34:46 jsg Exp $ */
/* $OpenBSD: relayd.h,v 1.273 2024/06/17 08:02:57 sashan Exp $ */
/*
* Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
@ -402,6 +402,7 @@ union hashkey {
#define F_TLSINSPECT 0x04000000
#define F_HASHKEY 0x08000000
#define F_AGENTX_TRAPONLY 0x10000000
#define F_PFLOG 0x20000000
#define F_BITS \
"\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \

6
usr.sbin/rpki-client/crl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: crl.c,v 1.41 2024/06/12 10:03:09 tb Exp $ */
/* $OpenBSD: crl.c,v 1.42 2024/06/17 18:52:50 tb Exp $ */
/*
* Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -296,6 +296,10 @@ crl_get(struct crl_tree *crlt, const struct auth *a)
{
struct crl find;
/* XXX - this should be removed, but filemode relies on it. */
if (a == NULL)
return NULL;
find.aki = a->cert->ski;
find.mftpath = a->cert->mft;

4
usr.sbin/rpki-client/filemode.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: filemode.c,v 1.46 2024/06/12 10:03:09 tb Exp $ */
/* $OpenBSD: filemode.c,v 1.47 2024/06/17 18:54:36 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -227,7 +227,7 @@ parse_load_certchain(char *uri)
cert->talid = a->cert->talid;
a = auth_insert(uri, &auths, cert, a);
uripath_add(uri, cert);
stack[i] = NULL;
stack[i - 1] = NULL;
}
return a;

6
usr.sbin/rpki-client/validate.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: validate.c,v 1.75 2024/06/12 10:03:09 tb Exp $ */
/* $OpenBSD: validate.c,v 1.76 2024/06/17 18:52:50 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -304,6 +304,10 @@ build_chain(const struct auth *a, STACK_OF(X509) **intermediates,
*intermediates = NULL;
*root = NULL;
/* XXX - this should be removed, but filemode relies on it. */
if (a == NULL)
return;
if ((*intermediates = sk_X509_new_null()) == NULL)
err(1, "sk_X509_new_null");
if ((*root = sk_X509_new_null()) == NULL)