SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2025-01-18 01:43:49 +00:00
parent ec3f37444a
commit cc53d18db3
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
17 changed files with 332 additions and 357 deletions
Download patch file Download diff file Expand all files Collapse all files

1
distrib/sets/lists/base/mi
View file

@ -297,6 +297,7 @@
./etc/rpki/apnic.constraints ./etc/rpki/apnic.constraints
./etc/rpki/apnic.tal ./etc/rpki/apnic.tal
./etc/rpki/arin.constraints ./etc/rpki/arin.constraints
./etc/rpki/arin.tal
./etc/rpki/lacnic.constraints ./etc/rpki/lacnic.constraints
./etc/rpki/lacnic.tal ./etc/rpki/lacnic.tal
./etc/rpki/ripe.constraints ./etc/rpki/ripe.constraints

6
etc/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.490 2024/06/30 17:30:54 deraadt Exp $ # $OpenBSD: Makefile,v 1.491 2025/01/17 00:20:15 job Exp $
.include <bsd.own.mk> .include <bsd.own.mk>
@ -156,8 +156,8 @@ distribution-etc-root-var: distrib-dirs
${DESTDIR}/etc/ppp ${DESTDIR}/etc/ppp
cd rpki; \ cd rpki; \
${INSTALL} -c -o root -g wheel -m 644 \ ${INSTALL} -c -o root -g wheel -m 644 \
afrinic.tal apnic.tal lacnic.tal ripe.tal \ afrinic.tal apnic.tal arin.tal lacnic.tal ripe.tal \
arin.constraints afrinic.constraints apnic.constraints \ afrinic.constraints apnic.constraints arin.constraints \
lacnic.constraints ripe.constraints \ lacnic.constraints ripe.constraints \
${DESTDIR}/etc/rpki ${DESTDIR}/etc/rpki
cd examples; \ cd examples; \

20
etc/rpki/arin.tal Normal file
View file

@ -0,0 +1,20 @@
# THIS TRUST ANCHOR LOCATOR IS PROVIDED BY THE AMERICAN REGISTRY FOR
# INTERNET NUMBERS (ARIN) "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL ARIN BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS PUBLIC KEY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
https://rrdp.arin.net/arin-rpki-ta.cer
rsync://rpki.arin.net/repository/arin-rpki-ta.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lZPjbHvMRV5sDDqfLc/685th5Fn
reHMJjg8pEZUbG8Y8TQxSBsDebbsDpl3Ov3Cj1WtdrJ3CIfQODCPrrJdOBSrMATeUbPC+JlN
f2SRP3UB+VJFgtTj0RN8cEYIuhBW5t6AxQbHhdNQH+A1F/OJdw0q9da2U29Lx85nfFxvnC1E
pK9CbLJS4m37+RlpNbT1cba+b+loXpx0Qcb1C4UpJCGDy7uNf5w6/+l7RpATAHqqsX4qCtww
DYlbHzp2xk9owF3mkCxzl0HwncO+sEHHeaL3OjtwdIGrRGeHi2Mpt+mvWHhtQqVG+51MHTyg
+nIjWFKKGx1Q9+KDx4wJStwveQIDAQAB

5
lib/libcrypto/asn1/asn_mime.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: asn_mime.c,v 1.34 2024/03/29 04:35:42 tb Exp $ */ /* $OpenBSD: asn_mime.c,v 1.35 2025/01/17 05:02:18 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project. * project.
*/ */
@ -379,7 +379,8 @@ asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
ASN1_STREAM_ARG sarg; ASN1_STREAM_ARG sarg;
int rv = 1; int rv = 1;
/* If data is not deteched or resigning then the output BIO is /*
* If data is not detached or resigning then the output BIO is
* already set up to finalise when it is written through. * already set up to finalise when it is written through.
*/ */
if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) { if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {

4
lib/libcrypto/dh/dh_ameth.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dh_ameth.c,v 1.41 2024/08/29 16:58:19 tb Exp $ */ /* $OpenBSD: dh_ameth.c,v 1.42 2025/01/17 05:04:25 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006. * project 2006.
*/ */
@ -185,7 +185,7 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
/* /*
* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
* that the AlgorithmIdentifier contains the parameters, the private key * that the AlgorithmIdentifier contains the parameters, the private key
* is explcitly included and the pubkey must be recalculated. * is explicitly included and the pubkey must be recalculated.
*/ */
static int static int

263
lib/libcrypto/ec/ecp_methods.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ecp_methods.c,v 1.36 2025/01/11 21:20:39 tb Exp $ */ /* $OpenBSD: ecp_methods.c,v 1.39 2025/01/17 11:11:27 tb Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
* for the OpenSSL project. * for the OpenSSL project.
* Includes code written by Bodo Moeller for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project.
@ -84,6 +84,19 @@
* representation (i.e. 'encoding' means multiplying by some factor R). * representation (i.e. 'encoding' means multiplying by some factor R).
*/ */
static inline int
ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_CTX *ctx)
{
return group->meth->field_mul(group, r, a, b, ctx);
}
static inline int
ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
{
return group->meth->field_sqr(group, r, a, ctx);
}
static int static int
ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx) ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx)
{ {
@ -169,19 +182,12 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
static int static int
ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
{ {
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
const BIGNUM *p;
BIGNUM *rh, *tmp, *Z4, *Z6; BIGNUM *rh, *tmp, *Z4, *Z6;
int ret = -1; int ret = -1;
if (EC_POINT_is_at_infinity(group, point)) if (EC_POINT_is_at_infinity(group, point))
return 1; return 1;
field_mul = group->meth->field_mul;
field_sqr = group->meth->field_sqr;
p = group->p;
BN_CTX_start(ctx); BN_CTX_start(ctx);
if ((rh = BN_CTX_get(ctx)) == NULL) if ((rh = BN_CTX_get(ctx)) == NULL)
@ -201,56 +207,56 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
*/ */
/* rh := X^2 */ /* rh := X^2 */
if (!field_sqr(group, rh, point->X, ctx)) if (!ec_field_sqr(group, rh, point->X, ctx))
goto err; goto err;
if (!point->Z_is_one) { if (!point->Z_is_one) {
if (!field_sqr(group, tmp, point->Z, ctx)) if (!ec_field_sqr(group, tmp, point->Z, ctx))
goto err; goto err;
if (!field_sqr(group, Z4, tmp, ctx)) if (!ec_field_sqr(group, Z4, tmp, ctx))
goto err; goto err;
if (!field_mul(group, Z6, Z4, tmp, ctx)) if (!ec_field_mul(group, Z6, Z4, tmp, ctx))
goto err; goto err;
/* rh := (rh + a*Z^4)*X */ /* rh := (rh + a*Z^4)*X */
if (group->a_is_minus3) { if (group->a_is_minus3) {
if (!BN_mod_lshift1_quick(tmp, Z4, p)) if (!BN_mod_lshift1_quick(tmp, Z4, group->p))
goto err; goto err;
if (!BN_mod_add_quick(tmp, tmp, Z4, p)) if (!BN_mod_add_quick(tmp, tmp, Z4, group->p))
goto err; goto err;
if (!BN_mod_sub_quick(rh, rh, tmp, p)) if (!BN_mod_sub_quick(rh, rh, tmp, group->p))
goto err; goto err;
if (!field_mul(group, rh, rh, point->X, ctx)) if (!ec_field_mul(group, rh, rh, point->X, ctx))
goto err; goto err;
} else { } else {
if (!field_mul(group, tmp, Z4, group->a, ctx)) if (!ec_field_mul(group, tmp, Z4, group->a, ctx))
goto err; goto err;
if (!BN_mod_add_quick(rh, rh, tmp, p)) if (!BN_mod_add_quick(rh, rh, tmp, group->p))
goto err; goto err;
if (!field_mul(group, rh, rh, point->X, ctx)) if (!ec_field_mul(group, rh, rh, point->X, ctx))
goto err; goto err;
} }
/* rh := rh + b*Z^6 */ /* rh := rh + b*Z^6 */
if (!field_mul(group, tmp, group->b, Z6, ctx)) if (!ec_field_mul(group, tmp, group->b, Z6, ctx))
goto err; goto err;
if (!BN_mod_add_quick(rh, rh, tmp, p)) if (!BN_mod_add_quick(rh, rh, tmp, group->p))
goto err; goto err;
} else { } else {
/* point->Z_is_one */ /* point->Z_is_one */
/* rh := (rh + a)*X */ /* rh := (rh + a)*X */
if (!BN_mod_add_quick(rh, rh, group->a, p)) if (!BN_mod_add_quick(rh, rh, group->a, group->p))
goto err; goto err;
if (!field_mul(group, rh, rh, point->X, ctx)) if (!ec_field_mul(group, rh, rh, point->X, ctx))
goto err; goto err;
/* rh := rh + b */ /* rh := rh + b */
if (!BN_mod_add_quick(rh, rh, group->b, p)) if (!BN_mod_add_quick(rh, rh, group->b, group->p))
goto err; goto err;
} }
/* 'lh' := Y^2 */ /* 'lh' := Y^2 */
if (!field_sqr(group, tmp, point->Y, ctx)) if (!ec_field_sqr(group, tmp, point->Y, ctx))
goto err; goto err;
ret = (0 == BN_ucmp(tmp, rh)); ret = (0 == BN_ucmp(tmp, rh));
@ -269,8 +275,6 @@ static int
ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
BN_CTX *ctx) BN_CTX *ctx)
{ {
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
BIGNUM *tmp1, *tmp2, *Za23, *Zb23; BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
const BIGNUM *tmp1_, *tmp2_; const BIGNUM *tmp1_, *tmp2_;
int ret = -1; int ret = -1;
@ -283,9 +287,6 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
if (a->Z_is_one && b->Z_is_one) if (a->Z_is_one && b->Z_is_one)
return BN_cmp(a->X, b->X) != 0 || BN_cmp(a->Y, b->Y) != 0; return BN_cmp(a->X, b->X) != 0 || BN_cmp(a->Y, b->Y) != 0;
field_mul = group->meth->field_mul;
field_sqr = group->meth->field_sqr;
BN_CTX_start(ctx); BN_CTX_start(ctx);
if ((tmp1 = BN_CTX_get(ctx)) == NULL) if ((tmp1 = BN_CTX_get(ctx)) == NULL)
@ -303,17 +304,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
*/ */
if (!b->Z_is_one) { if (!b->Z_is_one) {
if (!field_sqr(group, Zb23, b->Z, ctx)) if (!ec_field_sqr(group, Zb23, b->Z, ctx))
goto end; goto end;
if (!field_mul(group, tmp1, a->X, Zb23, ctx)) if (!ec_field_mul(group, tmp1, a->X, Zb23, ctx))
goto end; goto end;
tmp1_ = tmp1; tmp1_ = tmp1;
} else } else
tmp1_ = a->X; tmp1_ = a->X;
if (!a->Z_is_one) { if (!a->Z_is_one) {
if (!field_sqr(group, Za23, a->Z, ctx)) if (!ec_field_sqr(group, Za23, a->Z, ctx))
goto end; goto end;
if (!field_mul(group, tmp2, b->X, Za23, ctx)) if (!ec_field_mul(group, tmp2, b->X, Za23, ctx))
goto end; goto end;
tmp2_ = tmp2; tmp2_ = tmp2;
} else } else
@ -325,17 +326,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
goto end; goto end;
} }
if (!b->Z_is_one) { if (!b->Z_is_one) {
if (!field_mul(group, Zb23, Zb23, b->Z, ctx)) if (!ec_field_mul(group, Zb23, Zb23, b->Z, ctx))
goto end; goto end;
if (!field_mul(group, tmp1, a->Y, Zb23, ctx)) if (!ec_field_mul(group, tmp1, a->Y, Zb23, ctx))
goto end; goto end;
/* tmp1_ = tmp1 */ /* tmp1_ = tmp1 */
} else } else
tmp1_ = a->Y; tmp1_ = a->Y;
if (!a->Z_is_one) { if (!a->Z_is_one) {
if (!field_mul(group, Za23, Za23, a->Z, ctx)) if (!ec_field_mul(group, Za23, Za23, a->Z, ctx))
goto end; goto end;
if (!field_mul(group, tmp2, b->Y, Za23, ctx)) if (!ec_field_mul(group, tmp2, b->Y, Za23, ctx))
goto end; goto end;
/* tmp2_ = tmp2 */ /* tmp2_ = tmp2 */
} else } else
@ -422,7 +423,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
} }
if (group->meth->field_encode == NULL) { if (group->meth->field_encode == NULL) {
/* field_sqr works on standard representation */ /* field_sqr works on standard representation */
if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) if (!ec_field_sqr(group, Z_2, Z_1, ctx))
goto err; goto err;
} else { } else {
if (!BN_mod_sqr(Z_2, Z_1, group->p, ctx)) if (!BN_mod_sqr(Z_2, Z_1, group->p, ctx))
@ -434,13 +435,13 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
* in the Montgomery case, field_mul will cancel out * in the Montgomery case, field_mul will cancel out
* Montgomery factor in X: * Montgomery factor in X:
*/ */
if (!group->meth->field_mul(group, x, point->X, Z_2, ctx)) if (!ec_field_mul(group, x, point->X, Z_2, ctx))
goto err; goto err;
} }
if (y != NULL) { if (y != NULL) {
if (group->meth->field_encode == NULL) { if (group->meth->field_encode == NULL) {
/* field_mul works on standard representation */ /* field_mul works on standard representation */
if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) if (!ec_field_mul(group, Z_3, Z_2, Z_1, ctx))
goto err; goto err;
} else { } else {
if (!BN_mod_mul(Z_3, Z_2, Z_1, group->p, ctx)) if (!BN_mod_mul(Z_3, Z_2, Z_1, group->p, ctx))
@ -451,7 +452,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
* in the Montgomery case, field_mul will cancel out * in the Montgomery case, field_mul will cancel out
* Montgomery factor in Y: * Montgomery factor in Y:
*/ */
if (!group->meth->field_mul(group, y, point->Y, Z_3, ctx)) if (!ec_field_mul(group, y, point->Y, Z_3, ctx))
goto err; goto err;
} }
@ -510,7 +511,7 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT **points,
for (i = 1; i < num; i++) { for (i = 1; i < num; i++) {
if (!BN_is_zero(points[i]->Z)) { if (!BN_is_zero(points[i]->Z)) {
if (!group->meth->field_mul(group, prod_Z[i], if (!ec_field_mul(group, prod_Z[i],
prod_Z[i - 1], points[i]->Z, ctx)) prod_Z[i - 1], points[i]->Z, ctx))
goto err; goto err;
} else { } else {
@ -549,10 +550,10 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT **points,
continue; continue;
/* Set tmp_Z to the inverse of points[i]->Z. */ /* Set tmp_Z to the inverse of points[i]->Z. */
if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) if (!ec_field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx))
goto err; goto err;
/* Adjust tmp to satisfy loop invariant. */ /* Adjust tmp to satisfy loop invariant. */
if (!group->meth->field_mul(group, tmp, tmp, points[i]->Z, ctx)) if (!ec_field_mul(group, tmp, tmp, points[i]->Z, ctx))
goto err; goto err;
/* Replace points[i]->Z by its inverse. */ /* Replace points[i]->Z by its inverse. */
if (!bn_copy(points[i]->Z, tmp_Z)) if (!bn_copy(points[i]->Z, tmp_Z))
@ -574,14 +575,14 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT **points,
/* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */
if (!group->meth->field_sqr(group, tmp, p->Z, ctx)) if (!ec_field_sqr(group, tmp, p->Z, ctx))
goto err; goto err;
if (!group->meth->field_mul(group, p->X, p->X, tmp, ctx)) if (!ec_field_mul(group, p->X, p->X, tmp, ctx))
goto err; goto err;
if (!group->meth->field_mul(group, tmp, tmp, p->Z, ctx)) if (!ec_field_mul(group, tmp, tmp, p->Z, ctx))
goto err; goto err;
if (!group->meth->field_mul(group, p->Y, p->Y, tmp, ctx)) if (!ec_field_mul(group, p->Y, p->Y, tmp, ctx))
goto err; goto err;
if (!bn_copy(p->Z, one)) if (!bn_copy(p->Z, one))
@ -602,10 +603,7 @@ static int
ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
BN_CTX *ctx) BN_CTX *ctx)
{ {
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
const BIGNUM *p;
int ret = 0; int ret = 0;
if (a == b) if (a == b)
@ -615,10 +613,6 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
if (EC_POINT_is_at_infinity(group, b)) if (EC_POINT_is_at_infinity(group, b))
return EC_POINT_copy(r, a); return EC_POINT_copy(r, a);
field_mul = group->meth->field_mul;
field_sqr = group->meth->field_sqr;
p = group->p;
BN_CTX_start(ctx); BN_CTX_start(ctx);
if ((n0 = BN_CTX_get(ctx)) == NULL) if ((n0 = BN_CTX_get(ctx)) == NULL)
@ -651,15 +645,15 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
/* n1 = X_a */ /* n1 = X_a */
/* n2 = Y_a */ /* n2 = Y_a */
} else { } else {
if (!field_sqr(group, n0, b->Z, ctx)) if (!ec_field_sqr(group, n0, b->Z, ctx))
goto end; goto end;
if (!field_mul(group, n1, a->X, n0, ctx)) if (!ec_field_mul(group, n1, a->X, n0, ctx))
goto end; goto end;
/* n1 = X_a * Z_b^2 */ /* n1 = X_a * Z_b^2 */
if (!field_mul(group, n0, n0, b->Z, ctx)) if (!ec_field_mul(group, n0, n0, b->Z, ctx))
goto end; goto end;
if (!field_mul(group, n2, a->Y, n0, ctx)) if (!ec_field_mul(group, n2, a->Y, n0, ctx))
goto end; goto end;
/* n2 = Y_a * Z_b^3 */ /* n2 = Y_a * Z_b^3 */
} }
@ -673,23 +667,23 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
/* n3 = X_b */ /* n3 = X_b */
/* n4 = Y_b */ /* n4 = Y_b */
} else { } else {
if (!field_sqr(group, n0, a->Z, ctx)) if (!ec_field_sqr(group, n0, a->Z, ctx))
goto end; goto end;
if (!field_mul(group, n3, b->X, n0, ctx)) if (!ec_field_mul(group, n3, b->X, n0, ctx))
goto end; goto end;
/* n3 = X_b * Z_a^2 */ /* n3 = X_b * Z_a^2 */
if (!field_mul(group, n0, n0, a->Z, ctx)) if (!ec_field_mul(group, n0, n0, a->Z, ctx))
goto end; goto end;
if (!field_mul(group, n4, b->Y, n0, ctx)) if (!ec_field_mul(group, n4, b->Y, n0, ctx))
goto end; goto end;
/* n4 = Y_b * Z_a^3 */ /* n4 = Y_b * Z_a^3 */
} }
/* n5, n6 */ /* n5, n6 */
if (!BN_mod_sub_quick(n5, n1, n3, p)) if (!BN_mod_sub_quick(n5, n1, n3, group->p))
goto end; goto end;
if (!BN_mod_sub_quick(n6, n2, n4, p)) if (!BN_mod_sub_quick(n6, n2, n4, group->p))
goto end; goto end;
/* n5 = n1 - n3 */ /* n5 = n1 - n3 */
/* n6 = n2 - n4 */ /* n6 = n2 - n4 */
@ -710,9 +704,9 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
} }
} }
/* 'n7', 'n8' */ /* 'n7', 'n8' */
if (!BN_mod_add_quick(n1, n1, n3, p)) if (!BN_mod_add_quick(n1, n1, n3, group->p))
goto end; goto end;
if (!BN_mod_add_quick(n2, n2, n4, p)) if (!BN_mod_add_quick(n2, n2, n4, group->p))
goto end; goto end;
/* 'n7' = n1 + n3 */ /* 'n7' = n1 + n3 */
/* 'n8' = n2 + n4 */ /* 'n8' = n2 + n4 */
@ -729,44 +723,44 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
if (!bn_copy(n0, a->Z)) if (!bn_copy(n0, a->Z))
goto end; goto end;
} else { } else {
if (!field_mul(group, n0, a->Z, b->Z, ctx)) if (!ec_field_mul(group, n0, a->Z, b->Z, ctx))
goto end; goto end;
} }
if (!field_mul(group, r->Z, n0, n5, ctx)) if (!ec_field_mul(group, r->Z, n0, n5, ctx))
goto end; goto end;
} }
r->Z_is_one = 0; r->Z_is_one = 0;
/* Z_r = Z_a * Z_b * n5 */ /* Z_r = Z_a * Z_b * n5 */
/* X_r */ /* X_r */
if (!field_sqr(group, n0, n6, ctx)) if (!ec_field_sqr(group, n0, n6, ctx))
goto end; goto end;
if (!field_sqr(group, n4, n5, ctx)) if (!ec_field_sqr(group, n4, n5, ctx))
goto end; goto end;
if (!field_mul(group, n3, n1, n4, ctx)) if (!ec_field_mul(group, n3, n1, n4, ctx))
goto end; goto end;
if (!BN_mod_sub_quick(r->X, n0, n3, p)) if (!BN_mod_sub_quick(r->X, n0, n3, group->p))
goto end; goto end;
/* X_r = n6^2 - n5^2 * 'n7' */ /* X_r = n6^2 - n5^2 * 'n7' */
/* 'n9' */ /* 'n9' */
if (!BN_mod_lshift1_quick(n0, r->X, p)) if (!BN_mod_lshift1_quick(n0, r->X, group->p))
goto end; goto end;
if (!BN_mod_sub_quick(n0, n3, n0, p)) if (!BN_mod_sub_quick(n0, n3, n0, group->p))
goto end; goto end;
/* n9 = n5^2 * 'n7' - 2 * X_r */ /* n9 = n5^2 * 'n7' - 2 * X_r */
/* Y_r */ /* Y_r */
if (!field_mul(group, n0, n0, n6, ctx)) if (!ec_field_mul(group, n0, n0, n6, ctx))
goto end; goto end;
if (!field_mul(group, n5, n4, n5, ctx)) if (!ec_field_mul(group, n5, n4, n5, ctx))
goto end; /* now n5 is n5^3 */ goto end; /* now n5 is n5^3 */
if (!field_mul(group, n1, n2, n5, ctx)) if (!ec_field_mul(group, n1, n2, n5, ctx))
goto end; goto end;
if (!BN_mod_sub_quick(n0, n0, n1, p)) if (!BN_mod_sub_quick(n0, n0, n1, group->p))
goto end; goto end;
if (BN_is_odd(n0)) if (BN_is_odd(n0))
if (!BN_add(n0, n0, p)) if (!BN_add(n0, n0, group->p))
goto end; goto end;
/* now 0 <= n0 < 2*p, and n0 is even */ /* now 0 <= n0 < 2*p, and n0 is even */
if (!BN_rshift1(r->Y, n0)) if (!BN_rshift1(r->Y, n0))
@ -784,19 +778,12 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
static int static int
ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
{ {
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
const BIGNUM *p;
BIGNUM *n0, *n1, *n2, *n3; BIGNUM *n0, *n1, *n2, *n3;
int ret = 0; int ret = 0;
if (EC_POINT_is_at_infinity(group, a)) if (EC_POINT_is_at_infinity(group, a))
return EC_POINT_set_to_infinity(group, r); return EC_POINT_set_to_infinity(group, r);
field_mul = group->meth->field_mul;
field_sqr = group->meth->field_sqr;
p = group->p;
BN_CTX_start(ctx); BN_CTX_start(ctx);
if ((n0 = BN_CTX_get(ctx)) == NULL) if ((n0 = BN_CTX_get(ctx)) == NULL)
@ -816,46 +803,46 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
/* n1 */ /* n1 */
if (a->Z_is_one) { if (a->Z_is_one) {
if (!field_sqr(group, n0, a->X, ctx)) if (!ec_field_sqr(group, n0, a->X, ctx))
goto err; goto err;
if (!BN_mod_lshift1_quick(n1, n0, p)) if (!BN_mod_lshift1_quick(n1, n0, group->p))
goto err; goto err;
if (!BN_mod_add_quick(n0, n0, n1, p)) if (!BN_mod_add_quick(n0, n0, n1, group->p))
goto err; goto err;
if (!BN_mod_add_quick(n1, n0, group->a, p)) if (!BN_mod_add_quick(n1, n0, group->a, group->p))
goto err; goto err;
/* n1 = 3 * X_a^2 + a_curve */ /* n1 = 3 * X_a^2 + a_curve */
} else if (group->a_is_minus3) { } else if (group->a_is_minus3) {
if (!field_sqr(group, n1, a->Z, ctx)) if (!ec_field_sqr(group, n1, a->Z, ctx))
goto err; goto err;
if (!BN_mod_add_quick(n0, a->X, n1, p)) if (!BN_mod_add_quick(n0, a->X, n1, group->p))
goto err; goto err;
if (!BN_mod_sub_quick(n2, a->X, n1, p)) if (!BN_mod_sub_quick(n2, a->X, n1, group->p))
goto err; goto err;
if (!field_mul(group, n1, n0, n2, ctx)) if (!ec_field_mul(group, n1, n0, n2, ctx))
goto err; goto err;
if (!BN_mod_lshift1_quick(n0, n1, p)) if (!BN_mod_lshift1_quick(n0, n1, group->p))
goto err; goto err;
if (!BN_mod_add_quick(n1, n0, n1, p)) if (!BN_mod_add_quick(n1, n0, n1, group->p))
goto err; goto err;
/* /*
* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) = 3 * X_a^2 - 3 * * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) = 3 * X_a^2 - 3 *
* Z_a^4 * Z_a^4
*/ */
} else { } else {
if (!field_sqr(group, n0, a->X, ctx)) if (!ec_field_sqr(group, n0, a->X, ctx))
goto err; goto err;
if (!BN_mod_lshift1_quick(n1, n0, p)) if (!BN_mod_lshift1_quick(n1, n0, group->p))
goto err; goto err;
if (!BN_mod_add_quick(n0, n0, n1, p)) if (!BN_mod_add_quick(n0, n0, n1, group->p))
goto err; goto err;
if (!field_sqr(group, n1, a->Z, ctx)) if (!ec_field_sqr(group, n1, a->Z, ctx))
goto err; goto err;
if (!field_sqr(group, n1, n1, ctx)) if (!ec_field_sqr(group, n1, n1, ctx))
goto err; goto err;
if (!field_mul(group, n1, n1, group->a, ctx)) if (!ec_field_mul(group, n1, n1, group->a, ctx))
goto err; goto err;
if (!BN_mod_add_quick(n1, n1, n0, p)) if (!BN_mod_add_quick(n1, n1, n0, group->p))
goto err; goto err;
/* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
} }
@ -865,45 +852,45 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
if (!bn_copy(n0, a->Y)) if (!bn_copy(n0, a->Y))
goto err; goto err;
} else { } else {
if (!field_mul(group, n0, a->Y, a->Z, ctx)) if (!ec_field_mul(group, n0, a->Y, a->Z, ctx))
goto err; goto err;
} }
if (!BN_mod_lshift1_quick(r->Z, n0, p)) if (!BN_mod_lshift1_quick(r->Z, n0, group->p))
goto err; goto err;
r->Z_is_one = 0; r->Z_is_one = 0;
/* Z_r = 2 * Y_a * Z_a */ /* Z_r = 2 * Y_a * Z_a */
/* n2 */ /* n2 */
if (!field_sqr(group, n3, a->Y, ctx)) if (!ec_field_sqr(group, n3, a->Y, ctx))
goto err; goto err;
if (!field_mul(group, n2, a->X, n3, ctx)) if (!ec_field_mul(group, n2, a->X, n3, ctx))
goto err; goto err;
if (!BN_mod_lshift_quick(n2, n2, 2, p)) if (!BN_mod_lshift_quick(n2, n2, 2, group->p))
goto err; goto err;
/* n2 = 4 * X_a * Y_a^2 */ /* n2 = 4 * X_a * Y_a^2 */
/* X_r */ /* X_r */
if (!BN_mod_lshift1_quick(n0, n2, p)) if (!BN_mod_lshift1_quick(n0, n2, group->p))
goto err; goto err;
if (!field_sqr(group, r->X, n1, ctx)) if (!ec_field_sqr(group, r->X, n1, ctx))
goto err; goto err;
if (!BN_mod_sub_quick(r->X, r->X, n0, p)) if (!BN_mod_sub_quick(r->X, r->X, n0, group->p))
goto err; goto err;
/* X_r = n1^2 - 2 * n2 */ /* X_r = n1^2 - 2 * n2 */
/* n3 */ /* n3 */
if (!field_sqr(group, n0, n3, ctx)) if (!ec_field_sqr(group, n0, n3, ctx))
goto err; goto err;
if (!BN_mod_lshift_quick(n3, n0, 3, p)) if (!BN_mod_lshift_quick(n3, n0, 3, group->p))
goto err; goto err;
/* n3 = 8 * Y_a^4 */ /* n3 = 8 * Y_a^4 */
/* Y_r */ /* Y_r */
if (!BN_mod_sub_quick(n0, n2, r->X, p)) if (!BN_mod_sub_quick(n0, n2, r->X, group->p))
goto err; goto err;
if (!field_mul(group, n0, n1, n0, ctx)) if (!ec_field_mul(group, n0, n1, n0, ctx))
goto err; goto err;
if (!BN_mod_sub_quick(r->Y, n0, n3, p)) if (!BN_mod_sub_quick(r->Y, n0, n3, group->p))
goto err; goto err;
/* Y_r = n1 * (n2 - X_r) - n3 */ /* Y_r = n1 * (n2 - X_r) - n3 */
@ -925,19 +912,6 @@ ec_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
return BN_usub(point->Y, group->p, point->Y); return BN_usub(point->Y, group->p, point->Y);
} }
static int
ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_CTX *ctx)
{
return BN_mod_mul(r, a, b, group->p, ctx);
}
static int
ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
{
return BN_mod_sqr(r, a, group->p, ctx);
}
/* /*
* Apply randomization of EC point Jacobian projective coordinates: * Apply randomization of EC point Jacobian projective coordinates:
* *
@ -967,23 +941,23 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
goto err; goto err;
/* Z = lambda * Z */ /* Z = lambda * Z */
if (!group->meth->field_mul(group, p->Z, lambda, p->Z, ctx)) if (!ec_field_mul(group, p->Z, lambda, p->Z, ctx))
goto err; goto err;
/* tmp = lambda^2 */ /* tmp = lambda^2 */
if (!group->meth->field_sqr(group, tmp, lambda, ctx)) if (!ec_field_sqr(group, tmp, lambda, ctx))
goto err; goto err;
/* X = lambda^2 * X */ /* X = lambda^2 * X */
if (!group->meth->field_mul(group, p->X, tmp, p->X, ctx)) if (!ec_field_mul(group, p->X, tmp, p->X, ctx))
goto err; goto err;
/* tmp = lambda^3 */ /* tmp = lambda^3 */
if (!group->meth->field_mul(group, tmp, tmp, lambda, ctx)) if (!ec_field_mul(group, tmp, tmp, lambda, ctx))
goto err; goto err;
/* Y = lambda^3 * Y */ /* Y = lambda^3 * Y */
if (!group->meth->field_mul(group, p->Y, tmp, p->Y, ctx)) if (!ec_field_mul(group, p->Y, tmp, p->Y, ctx))
goto err; goto err;
/* Disable optimized arithmetics after replacing Z by lambda * Z. */ /* Disable optimized arithmetics after replacing Z by lambda * Z. */
@ -1241,6 +1215,19 @@ ec_mul_double_nonct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
return ec_wnaf_mul(group, r, g_scalar, point, p_scalar, ctx); return ec_wnaf_mul(group, r, g_scalar, point, p_scalar, ctx);
} }
static int
ec_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
return BN_mod_mul(r, a, b, group->p, ctx);
}
static int
ec_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
{
return BN_mod_sqr(r, a, group->p, ctx);
}
static int static int
ec_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, ec_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx) const BIGNUM *b, BN_CTX *ctx)
@ -1333,8 +1320,8 @@ static const EC_METHOD ec_GFp_simple_method = {
.mul_generator_ct = ec_mul_generator_ct, .mul_generator_ct = ec_mul_generator_ct,
.mul_single_ct = ec_mul_single_ct, .mul_single_ct = ec_mul_single_ct,
.mul_double_nonct = ec_mul_double_nonct, .mul_double_nonct = ec_mul_double_nonct,
.field_mul = ec_field_mul, .field_mul = ec_simple_field_mul,
.field_sqr = ec_field_sqr, .field_sqr = ec_simple_field_sqr,
}; };
const EC_METHOD * const EC_METHOD *

36
lib/libcrypto/rsa/rsa_pmeth.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rsa_pmeth.c,v 1.41 2024/08/26 22:01:28 op Exp $ */ /* $OpenBSD: rsa_pmeth.c,v 1.43 2025/01/17 15:39:19 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006. * project 2006.
*/ */
@ -637,19 +637,17 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
RSAerror(RSA_R_VALUE_MISSING); RSAerror(RSA_R_VALUE_MISSING);
return 0; return 0;
} }
if (!strcmp(type, "rsa_padding_mode")) { if (strcmp(type, "rsa_padding_mode") == 0) {
int pm; int pm;
if (!strcmp(value, "pkcs1")) if (strcmp(value, "pkcs1") == 0)
pm = RSA_PKCS1_PADDING; pm = RSA_PKCS1_PADDING;
else if (!strcmp(value, "none")) else if (strcmp(value, "none") == 0)
pm = RSA_NO_PADDING; pm = RSA_NO_PADDING;
else if (!strcmp(value, "oeap")) else if (strcmp(value, "oaep") == 0 || strcmp(value, "oeap") == 0)
pm = RSA_PKCS1_OAEP_PADDING; pm = RSA_PKCS1_OAEP_PADDING;
else if (!strcmp(value, "oaep")) else if (strcmp(value, "x931") == 0)
pm = RSA_PKCS1_OAEP_PADDING;
else if (!strcmp(value, "x931"))
pm = RSA_X931_PADDING; pm = RSA_X931_PADDING;
else if (!strcmp(value, "pss")) else if (strcmp(value, "pss") == 0)
pm = RSA_PKCS1_PSS_PADDING; pm = RSA_PKCS1_PSS_PADDING;
else { else {
RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
@ -661,14 +659,19 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
if (strcmp(type, "rsa_pss_saltlen") == 0) { if (strcmp(type, "rsa_pss_saltlen") == 0) {
int saltlen; int saltlen;
if (!strcmp(value, "digest")) if (strcmp(value, "digest") == 0)
saltlen = RSA_PSS_SALTLEN_DIGEST; saltlen = RSA_PSS_SALTLEN_DIGEST;
else if (!strcmp(value, "max")) else if (strcmp(value, "max") == 0)
saltlen = RSA_PSS_SALTLEN_MAX; saltlen = RSA_PSS_SALTLEN_MAX;
else if (!strcmp(value, "auto")) else if (strcmp(value, "auto") == 0)
saltlen = RSA_PSS_SALTLEN_AUTO; saltlen = RSA_PSS_SALTLEN_AUTO;
else { else {
saltlen = strtonum(value, 0, INT_MAX, &errstr); /*
* Accept the special values -1, -2, -3 since that's
* what atoi() historically did. Lower values are later
* rejected in EVP_PKEY_CTRL_RSA_PSS_SALTLEN anyway.
*/
saltlen = strtonum(value, -3, INT_MAX, &errstr);
if (errstr != NULL) { if (errstr != NULL) {
RSAerror(RSA_R_INVALID_PSS_SALTLEN); RSAerror(RSA_R_INVALID_PSS_SALTLEN);
return -2; return -2;
@ -718,7 +721,12 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) { if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {
int saltlen; int saltlen;
saltlen = strtonum(value, 0, INT_MAX, &errstr); /*
* Accept the special values -1, -2, -3 since that's
* what atoi() historically did. Lower values are later
* rejected in EVP_PKEY_CTRL_RSA_PSS_SALTLEN anyway.
*/
saltlen = strtonum(value, -3, INT_MAX, &errstr);
if (errstr != NULL) { if (errstr != NULL) {
RSAerror(RSA_R_INVALID_PSS_SALTLEN); RSAerror(RSA_R_INVALID_PSS_SALTLEN);
return -2; return -2;

3
lib/libssl/ssl_local.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_local.h,v 1.23 2024/07/23 14:40:54 jsing Exp $ */ /* $OpenBSD: ssl_local.h,v 1.24 2025/01/17 22:39:42 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved. * All rights reserved.
* *
@ -155,7 +155,6 @@
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/dsa.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>

19
regress/sys/netinet6/rip6cksum/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.6 2020/12/30 21:40:33 kn Exp $ # $OpenBSD: Makefile,v 1.7 2025/01/17 07:57:22 anton Exp $
# The following ports must be installed: # The following ports must be installed:
# #
@ -117,4 +117,21 @@ run-ckoff-2-long:
${SUDO} ./rip6cksum -c 2 -r 5 -s 5 -w -- \ ${SUDO} ./rip6cksum -c 2 -r 5 -s 5 -w -- \
${PYTHON}sendrecv.py -c 2 -s 5 ${PYTHON}sendrecv.py -c 2 -s 5
# XXX expected failures caused by the upgrade to scapy 2.4.5.
REGRESS_EXPECTED_FAILURES+=run-bad-cksum
REGRESS_EXPECTED_FAILURES+=run-ckoff-0
REGRESS_EXPECTED_FAILURES+=run-ckoff-0-empty
REGRESS_EXPECTED_FAILURES+=run-ckoff-0-exact
REGRESS_EXPECTED_FAILURES+=run-ckoff-0-long
REGRESS_EXPECTED_FAILURES+=run-ckoff-0-short
REGRESS_EXPECTED_FAILURES+=run-ckoff-2
REGRESS_EXPECTED_FAILURES+=run-ckoff-2-empty
REGRESS_EXPECTED_FAILURES+=run-ckoff-2-exact
REGRESS_EXPECTED_FAILURES+=run-ckoff-2-long
REGRESS_EXPECTED_FAILURES+=run-ckoff-2-short-1
REGRESS_EXPECTED_FAILURES+=run-ckoff-2-short-2
REGRESS_EXPECTED_FAILURES+=run-ckoff-2-short-3
REGRESS_EXPECTED_FAILURES+=run-disable-cksum
REGRESS_EXPECTED_FAILURES+=run-no-cksum
.include <bsd.regress.mk> .include <bsd.regress.mk>

65
share/man/man5/python-module.5
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: python-module.5,v 1.14 2024/10/28 19:48:37 kirill Exp $ .\" $OpenBSD: python-module.5,v 1.15 2025/01/17 08:52:01 sthen Exp $
.\" .\"
.\" Copyright (c) 2008 Marc Espie .\" Copyright (c) 2008 Marc Espie
.\" .\"
@ -24,7 +24,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: October 28 2024 $ .Dd $Mdocdate: January 17 2025 $
.Dt PYTHON-MODULE 5 .Dt PYTHON-MODULE 5
.Os .Os
.Sh NAME .Sh NAME
@ -37,18 +37,10 @@ in the
.Xr ports 7 .Xr ports 7
tree. tree.
.Pp .Pp
By default, the module sets By default, the module builds ports using Python 3.
For legacy ports using Python 2,
.Ev MODPY_VERSION .Ev MODPY_VERSION
to the appropriate python version may be set manually to ${MODPY_DEFAULT_VERSION_2}.
.Po
depending on the existence/presence of a
.Sq python3
.Ev FLAVOR
.Pc ,
but
.Ev MODPY_VERSION
may be set manually to ${MODPY_DEFAULT_VERSION_2}
for legacy ports.
.Pp .Pp
The module then sets The module then sets
.Ev MODPY_BIN , .Ev MODPY_BIN ,
@ -57,7 +49,6 @@ The module then sets
.Ev MODPY_SITEPKG , .Ev MODPY_SITEPKG ,
.Ev MODPY_SETUP , .Ev MODPY_SETUP ,
.Ev MODPY_TEST_DIR , .Ev MODPY_TEST_DIR ,
.Ev MODPY_TEST_LINK_SO ,
.Ev MODPY_TEST_LOCALE , .Ev MODPY_TEST_LOCALE ,
.Ev MODPY_WANTLIB , .Ev MODPY_WANTLIB ,
.Ev MODPY_LIB_DEPENDS , .Ev MODPY_LIB_DEPENDS ,
@ -102,10 +93,6 @@ and changes to the directory specified in
by default ${WRKSRC} by default ${WRKSRC}
.Pc .Pc
before running tests. before running tests.
In addition, it can link all .so files in ${WRKSRC} if
.Ev MODPY_TEST_LINK_SO
is set to Yes, which is required if you are using tests
which use Python code that loads .so files via relative imports.
.Pp .Pp
Most modern Python software can be packaged using a PEP 517 build Most modern Python software can be packaged using a PEP 517 build
frontend (in the frontend (in the
@ -119,7 +106,7 @@ If the port provides a
file, check the "build-backend" line in the [build-system] section. file, check the "build-backend" line in the [build-system] section.
.Nm .Nm
currently supports flit, flit_core, hatchling, hatch-vcs, jupyter_packaging, currently supports flit, flit_core, hatchling, hatch-vcs, jupyter_packaging,
maturin, pdm, poetry-core, setuptools and setuptools_scm. maturin, pdm, poetry-core, setuptools, setuptools-rust, and setuptools_scm.
If no If no
.Pa pyproject.toml .Pa pyproject.toml
is provided then it probably uses setuptools. is provided then it probably uses setuptools.
@ -129,15 +116,15 @@ adds the backend to
.Ev MODPY_BUILD_DEPENDS , .Ev MODPY_BUILD_DEPENDS ,
and sets and sets
.Ev MODPY_PYTEST . .Ev MODPY_PYTEST .
In cases where a less common backend is used, or where the build backend is In cases where an uncommon backend is used, or where the build backend is
distributed with the software itself, distributed with the software itself,
.Ev MODPY_PYBUILD .Ev MODPY_PYBUILD
can be set to can be set to
.Sq other .Sq other
to use the PEP 517 mechanism without adding a dependency to use the PEP 517 build mechanism without adding a dependency
for a backend. for a backend.
.Pp .Pp
Older ports using setuptools still set Python 2 and some older Python 3 ports using setuptools still set
.Ev MODPY_SETUPTOOLS .Ev MODPY_SETUPTOOLS
to Yes, which appends to to Yes, which appends to
.Ev MODPY_BUILD_DEPENDS .Ev MODPY_BUILD_DEPENDS
@ -156,6 +143,8 @@ and
These ports can often be converted to These ports can often be converted to
.Ev MODPY_PYBUILD .Ev MODPY_PYBUILD
with some small changes to the port. with some small changes to the port.
.Ev MODPY_SETUPTOOLS
should not be used for new ports.
.Pp .Pp
Ports which use the pytest module should set Ports which use the pytest module should set
.Ev MODPY_PYTEST .Ev MODPY_PYTEST
@ -178,8 +167,17 @@ if present, is passed on the command line.
This allows setting py.test flags to increase verbosity, This allows setting py.test flags to increase verbosity,
show test durations, enable colours, etc. show test durations, enable colours, etc.
.Pp .Pp
If
.Ev MODPY_TEST_LINK_SO
is set to Yes, symbolic links to all .so files in the build directory
will be created before running tests.
These are created in
.Ev MODPY_TEST_LINK_SRC ,
which defaults to ${WRKSRC}.
This is required when tests load .so files via relative imports.
.Pp
All ports that generate egg-info or dist-info files should set All ports that generate egg-info or dist-info files should set
.Ev MODPY_EGG_VERSION .Ev MODPY_DISTV
to the version string used by the to the version string used by the
.Fn setup .Fn setup
function in the port's function in the port's
@ -229,25 +227,10 @@ the subdirectory can be overridden with
.Ss Packing-list generation .Ss Packing-list generation
Python 2.x places .pyc files in the same directory as the associated .py file. Python 2.x places .pyc files in the same directory as the associated .py file.
Python 3.x places these in a separate __pycache__ directory and uses an Python 3.x places these in a separate __pycache__ directory and uses an
additional suffix. additional suffix that includes the Python version.
In some cases, an ABI tag is also used for names of compiled extensions. In some cases, an ABI tag is also used for names of compiled extensions.
The python module defines variables to allow a single The python module defines variables so that a
.Pa PLIST .Pa PLIST
to be is likely to still work with a newer Python version without changes.
used for both versions:
generate or update the
.Pa PLIST
using the python3
.Ev FLAVOR ,
then edit it to prefix any lines creating
.Ev MODPY_PYCACHE
directories with
.Ev MODPY_COMMENT .
As python2 and python3 packages should permit being installed together,
it may be necessary to suffix names of common binaries or directories,
or split common files into a subpackage.
If updating the PLIST without using the python3 flavor,
take care not to remove ${MODPY_PYCACHE}, ${MODPY_PYC_MAGIC_TAG}, or
${MODPY_ABI_TAG} variables from the PLIST.
.Sh SEE ALSO .Sh SEE ALSO
.Xr port-modules 5 .Xr port-modules 5

8
sys/dev/pv/if_vio.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_vio.c,v 1.66 2025/01/14 14:32:32 sf Exp $ */ /* $OpenBSD: if_vio.c,v 1.67 2025/01/17 08:58:38 jan Exp $ */
/* /*
* Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg. * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg.
@ -517,7 +517,11 @@ vio_alloc_mem(struct vio_softc *sc, int tx_max_segments)
} }
KASSERT(offset == allocsize); KASSERT(offset == allocsize);
txsize = ifp->if_hardmtu + sc->sc_hdr_size + ETHER_HDR_LEN; if (virtio_has_feature(vsc, VIRTIO_NET_F_HOST_TSO4) ||
virtio_has_feature(vsc, VIRTIO_NET_F_HOST_TSO6))
txsize = MAXMCLBYTES + sc->sc_hdr_size + ETHER_HDR_LEN;
else
txsize = ifp->if_hardmtu + sc->sc_hdr_size + ETHER_HDR_LEN;
for (qidx = 0; qidx < sc->sc_nqueues; qidx++) { for (qidx = 0; qidx < sc->sc_nqueues; qidx++) {
struct vio_queue *vioq = &sc->sc_q[qidx]; struct vio_queue *vioq = &sc->sc_q[qidx];

20
sys/dev/usb/uvideo.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: uvideo.c,v 1.235 2025/01/15 20:34:50 kirill Exp $ */ /* $OpenBSD: uvideo.c,v 1.236 2025/01/16 22:58:19 kirill Exp $ */
/* /*
* Copyright (c) 2008 Robert Nagy <robert@openbsd.org> * Copyright (c) 2008 Robert Nagy <robert@openbsd.org>
@ -392,7 +392,25 @@ const struct uvideo_map_fmts {
{ UVIDEO_FORMAT_GUID_I420, V4L2_PIX_FMT_YUV420 }, { UVIDEO_FORMAT_GUID_I420, V4L2_PIX_FMT_YUV420 },
{ UVIDEO_FORMAT_GUID_Y800, V4L2_PIX_FMT_GREY }, { UVIDEO_FORMAT_GUID_Y800, V4L2_PIX_FMT_GREY },
{ UVIDEO_FORMAT_GUID_Y8, V4L2_PIX_FMT_GREY }, { UVIDEO_FORMAT_GUID_Y8, V4L2_PIX_FMT_GREY },
{ UVIDEO_FORMAT_GUID_D3DFMT_L8, V4L2_PIX_FMT_GREY },
{ UVIDEO_FORMAT_GUID_KSMEDIA_L8_IR, V4L2_PIX_FMT_GREY }, { UVIDEO_FORMAT_GUID_KSMEDIA_L8_IR, V4L2_PIX_FMT_GREY },
{ UVIDEO_FORMAT_GUID_BY8, V4L2_PIX_FMT_SBGGR8 },
{ UVIDEO_FORMAT_GUID_BA81, V4L2_PIX_FMT_SBGGR8 },
{ UVIDEO_FORMAT_GUID_GBRG, V4L2_PIX_FMT_SGBRG8 },
{ UVIDEO_FORMAT_GUID_GRBG, V4L2_PIX_FMT_SGRBG8 },
{ UVIDEO_FORMAT_GUID_RGGB, V4L2_PIX_FMT_SRGGB8 },
{ UVIDEO_FORMAT_GUID_RGBP, V4L2_PIX_FMT_RGB565 },
{ UVIDEO_FORMAT_GUID_D3DFMT_R5G6B5, V4L2_PIX_FMT_RGB565 },
{ UVIDEO_FORMAT_GUID_BGR3, V4L2_PIX_FMT_BGR24 },
{ UVIDEO_FORMAT_GUID_BGR4, V4L2_PIX_FMT_XBGR32 },
{ UVIDEO_FORMAT_GUID_H265, V4L2_PIX_FMT_HEVC },
{ UVIDEO_FORMAT_GUID_RW10, V4L2_PIX_FMT_SRGGB10P },
{ UVIDEO_FORMAT_GUID_BG16, V4L2_PIX_FMT_SBGGR16 },
{ UVIDEO_FORMAT_GUID_GB16, V4L2_PIX_FMT_SGBRG16 },
{ UVIDEO_FORMAT_GUID_RG16, V4L2_PIX_FMT_SRGGB16 },
{ UVIDEO_FORMAT_GUID_GR16, V4L2_PIX_FMT_SGRBG16 },
{ UVIDEO_FORMAT_GUID_INVZ, V4L2_PIX_FMT_Z16 },
{ UVIDEO_FORMAT_GUID_INVI, V4L2_PIX_FMT_Y10 },
}; };
int int

84
sys/dev/usb/uvideo.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: uvideo.h,v 1.62 2025/01/13 15:32:36 kirill Exp $ */ /* $OpenBSD: uvideo.h,v 1.63 2025/01/16 22:58:19 kirill Exp $ */
/* /*
* Copyright (c) 2007 Robert Nagy <robert@openbsd.org> * Copyright (c) 2007 Robert Nagy <robert@openbsd.org>
@ -297,29 +297,101 @@ struct usb_video_probe_commit {
*/ */
/* Table 2-1: Compression Formats */ /* Table 2-1: Compression Formats */
#define UVIDEO_FORMAT_GUID_YUY2 { \ #define UVIDEO_FORMAT_GUID_YUY2 { \
'Y', 'U', 'Y', '2', '\0', 0x00, 0x10, 0x00, \ 'Y', 'U', 'Y', '2', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 } 0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_YV12 { \ #define UVIDEO_FORMAT_GUID_YV12 { \
'Y', 'V', '1', '2', '\0', 0x00, 0x10, 0x00, \ 'Y', 'V', '1', '2', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 } 0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_I420 { \ #define UVIDEO_FORMAT_GUID_I420 { \
'I', '4', '2', '0', '\0', 0x00, 0x10, 0x00, \ 'I', '4', '2', '0', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 } 0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_Y800 { \ #define UVIDEO_FORMAT_GUID_Y800 { \
'Y', '8', '0', '0', '\0', 0x00, 0x10, 0x00, \ 'Y', '8', '0', '0', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 } 0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_Y8 { \ #define UVIDEO_FORMAT_GUID_Y8 { \
'Y', '8', ' ', ' ', '\0', 0x00, 0x10, 0x00, \ 'Y', '8', ' ', ' ', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_D3DFMT_L8 { \
0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 } 0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_KSMEDIA_L8_IR { \ #define UVIDEO_FORMAT_GUID_KSMEDIA_L8_IR { \
0x32, 0x00, 0x00, 0x00, 0x02, 0x00, 0x10, 0x00, \ 0x32, 0x00, 0x00, 0x00, 0x02, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 } 0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_BY8 { \
'B', 'Y', '8', ' ', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_BA81 { \
'B', 'A', '8', '1', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_GBRG { \
'G', 'B', 'R', 'G', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_GRBG { \
'G', 'R', 'B', 'G', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_RGGB { \
'R', 'G', 'G', 'B', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_RGBP { \
'R', 'G', 'B', 'P', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_D3DFMT_R5G6B5 { \
0x7b, 0xeb, 0x36, 0xe4, 0x4f, 0x52, 0xce, 0x11, \
0x9f, 0x53, 0x00, 0x20, 0xaf, 0x0b, 0xa7, 0x70 }
#define UVIDEO_FORMAT_GUID_BGR3 { \
0x7d, 0xeb, 0x36, 0xe4, 0x4f, 0x52, 0xce, 0x11, \
0x9f, 0x53, 0x00, 0x20, 0xaf, 0x0b, 0xa7, 0x70 }
#define UVIDEO_FORMAT_GUID_BGR4 { \
0x7e, 0xeb, 0x36, 0xe4, 0x4f, 0x52, 0xce, 0x11, \
0x9f, 0x53, 0x00, 0x20, 0xaf, 0x0b, 0xa7, 0x70 }
#define UVIDEO_FORMAT_GUID_H265 { \
'H', '2', '6', '5', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_RW10 { \
'R', 'W', '1', '0', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_BG16 { \
'B', 'G', '1', '6', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_GB16 { \
'G', 'B', '1', '6', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_RG16 { \
'R', 'G', '1', '6', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_GR16 { \
'G', 'R', '1', '6', 0x00, 0x00, 0x10, 0x00, \
0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
#define UVIDEO_FORMAT_GUID_INVZ { \
'I', 'N', 'V', 'Z', 0x90, 0x2d, 0x58, 0x4a, \
0x92, 0x0b, 0x77, 0x3f, 0x1f, 0x2c, 0x55, 0x6b }
#define UVIDEO_FORMAT_GUID_INVI { \
'I', 'N', 'V', 'I', 0xdb, 0x57, 0x49, 0x5e, \
0x8e, 0x3f, 0xf4, 0x79, 0x53, 0x2b, 0x94, 0x6f }
/* /*
* USB Video Payload MJPEG * USB Video Payload MJPEG
*/ */

4
usr.bin/ssh/auth2.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.169 2024/05/17 00:30:23 djm Exp $ */ /* $OpenBSD: auth2.c,v 1.170 2025/01/17 00:09:41 dtucker Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -228,7 +228,7 @@ user_specific_delay(const char *user)
/* 0-4.2 ms of delay */ /* 0-4.2 ms of delay */
delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000; delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
freezero(hash, len); freezero(hash, len);
debug3_f("user specific delay %0.3lfms", delay/1000); debug3_f("user specific delay %0.3lfms", delay*1000);
return MIN_FAIL_DELAY_SECONDS + delay; return MIN_FAIL_DELAY_SECONDS + delay;
} }

5
usr.bin/tmux/server-client.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: server-client.c,v 1.423 2024/12/06 09:06:56 nicm Exp $ */ /* $OpenBSD: server-client.c,v 1.424 2025/01/17 15:53:01 nicm Exp $ */
/* /*
* Copyright (c) 2009 Nicholas Marriott <nicholas.marriott@gmail.com> * Copyright (c) 2009 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -159,7 +159,8 @@ server_client_clear_overlay(struct client *c)
c->overlay_data = NULL; c->overlay_data = NULL;
c->tty.flags &= ~(TTY_FREEZE|TTY_NOCURSOR); c->tty.flags &= ~(TTY_FREEZE|TTY_NOCURSOR);
window_update_focus(c->session->curw->window); if (c->session != NULL)
window_update_focus(c->session->curw->window);
server_redraw_client(c); server_redraw_client(c);
} }

136
usr.sbin/bgpd/bgpd.8
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: bgpd.8,v 1.83 2025/01/13 13:50:34 claudio Exp $ .\" $OpenBSD: bgpd.8,v 1.84 2025/01/17 12:38:14 claudio Exp $
.\" .\"
.\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
.\" .\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd $Mdocdate: January 13 2025 $ .Dd $Mdocdate: January 17 2025 $
.Dt BGPD 8 .Dt BGPD 8
.Os .Os
.Sh NAME .Sh NAME
@ -228,378 +228,246 @@ has been started.
.Xr bgplgsh 8 .Xr bgplgsh 8
.Sh STANDARDS .Sh STANDARDS
.Rs .Rs
.%A R. Chandra
.%A P. Traina
.%A "T. Li"
.%D August 1996 .%D August 1996
.%R RFC 1997 .%R RFC 1997
.%T BGP Communities Attribute .%T BGP Communities Attribute
.Re .Re
.Pp .Pp
.Rs .Rs
.%A A. Heffernan
.%D August 1998 .%D August 1998
.%R RFC 2385 .%R RFC 2385
.%T Protection of BGP Sessions via the TCP MD5 Signature Option .%T Protection of BGP Sessions via the TCP MD5 Signature Option
.Re .Re
.Pp .Pp
.Rs .Rs
.%A P. Marques
.%A F. Dupont
.%D March 1999 .%D March 1999
.%R RFC 2545 .%R RFC 2545
.%T Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing .%T Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
.Re .Re
.Pp .Pp
.Rs .Rs
.%A E. Chen
.%D September 2000 .%D September 2000
.%R RFC 2918 .%R RFC 2918
.%T Route Refresh Capability for BGP-4 .%T Route Refresh Capability for BGP-4
.Re .Re
.Pp .Pp
.Rs .Rs
.%A G. Huston
.%D April 2004 .%D April 2004
.%R RFC 3765 .%R RFC 3765
.%T NOPEER Community for Border Gateway Protocol (BGP) Route Scope Control .%T NOPEER Community for Border Gateway Protocol (BGP) Route Scope Control
.Re .Re
.Pp .Pp
.Rs .Rs
.%A Y. Rekhter
.%A "T. Li"
.%A S. Hares
.%D January 2006 .%D January 2006
.%R RFC 4271 .%R RFC 4271
.%T A Border Gateway Protocol 4 (BGP-4) .%T A Border Gateway Protocol 4 (BGP-4)
.Re .Re
.Pp .Pp
.Rs .Rs
.%A S. Sangli
.%A D. Tappan
.%A Y. Rekhter
.%D February 2006 .%D February 2006
.%R RFC 4360 .%R RFC 4360
.%T BGP Extended Communities Attribute .%T BGP Extended Communities Attribute
.Re .Re
.Pp .Pp
.Rs .Rs
.%A E. Rosen
.%A Y. Rekhter
.%D February 2006 .%D February 2006
.%R RFC 4364 .%R RFC 4364
.%T BGP/MPLS IP Virtual Private Networks (VPNs) .%T BGP/MPLS IP Virtual Private Networks (VPNs)
.Re .Re
.Pp .Pp
.Rs .Rs
.%A T. Bates
.%A E. Chen
.%A R. Chandra
.%D April 2006 .%D April 2006
.%R RFC 4456 .%R RFC 4456
.%T "BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)" .%T "BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)"
.Re .Re
.Pp .Pp
.Rs .Rs
.%A E. Chen
.%A V. Gillet
.%D April 2006 .%D April 2006
.%R RFC 4486 .%R RFC 4486
.%T Subcodes for BGP Cease Notification Message .%T Subcodes for BGP Cease Notification Message
.Re .Re
.Pp .Pp
.Rs .Rs
.%A S. Sangli
.%A E. Chen
.%A R. Fernando
.%A J. Scudder
.%A Y. Rekhter
.%D January 2007 .%D January 2007
.%R RFC 4724 .%R RFC 4724
.%T Graceful Restart Mechanism for BGP .%T Graceful Restart Mechanism for BGP
.Re .Re
.Pp .Pp
.Rs .Rs
.%A T. Bates
.%A R. Chandra
.%A D. Katz
.%A Y. Rekhter
.%D January 2007 .%D January 2007
.%R RFC 4760 .%R RFC 4760
.%T Multiprotocol Extensions for BGP-4 .%T Multiprotocol Extensions for BGP-4
.Re .Re
.Pp .Pp
.Rs .Rs
.%A V. Gill
.%A J. Heasley
.%A D. Meyer
.%A P. Savola
.%A C. Pignataro
.%D October 2007 .%D October 2007
.%R RFC 5082 .%R RFC 5082
.%T The Generalized TTL Security Mechanism (GTSM) .%T The Generalized TTL Security Mechanism (GTSM)
.Re .Re
.Pp .Pp
.Rs .Rs
.%A J. Scudder
.%A R. Chandra
.%D February 2009 .%D February 2009
.%R RFC 5492 .%R RFC 5492
.%T Capabilities Advertisement with BGP-4 .%T Capabilities Advertisement with BGP-4
.Re .Re
.Pp .Pp
.Rs .Rs
.%A Y. Rekhter
.%A S. Sangli
.%A D. Tappan
.%D October 2009 .%D October 2009
.%R RFC 5668 .%R RFC 5668
.%T 4-Octet AS Specific BGP Extended Community .%T 4-Octet AS Specific BGP Extended Community
.Re .Re
.Pp .Pp
.Rs .Rs
.%A E. Chen
.%A J. Yuan
.%D June 2011 .%D June 2011
.%R RFC 6286 .%R RFC 6286
.%T Autonomous-System-Wide Unique BGP Identifier for BGP-4 .%T Autonomous-System-Wide Unique BGP Identifier for BGP-4
.Re .Re
.Pp .Pp
.Rs .Rs
.%A J. Dong
.%A M. Chen
.%A A. Suryanarayana
.%D May 2012 .%D May 2012
.%R RFC 6608 .%R RFC 6608
.%T Subcodes for BGP Finite State Machine Error .%T Subcodes for BGP Finite State Machine Error
.Re .Re
.Pp .Pp
.Rs .Rs
.%A Q. Vohra
.%A E. Chen
.%D Dec 2012 .%D Dec 2012
.%R RFC 6793 .%R RFC 6793
.%T BGP Support for Four-Octet Autonomous System (AS) Number Space .%T BGP Support for Four-Octet Autonomous System (AS) Number Space
.Re .Re
.Pp .Pp
.Rs .Rs
.%A E. Chen
.%A J. Scudder
.%A P. Mohapatra
.%A K. Patel
.%D August 2015 .%D August 2015
.%R RFC 7606 .%R RFC 7606
.%T Revised Error Handling for BGP UPDATE Messages .%T Revised Error Handling for BGP UPDATE Messages
.Re .Re
.Pp .Pp
.Rs .Rs
.%A L. Blunk
.%A M. Karir
.%A C. Labovitz
.%D October 2011 .%D October 2011
.%R RFC 6396 .%R RFC 6396
.%T Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format .%T Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format
.Re .Re
.Pp .Pp
.Rs .Rs
.%A J. Dong
.%A M. Chen
.%A A. Suryanarayana
.%D May 2012 .%D May 2012
.%R RFC 6608 .%R RFC 6608
.%T Subcodes for BGP Finite State Machine Error .%T Subcodes for BGP Finite State Machine Error
.Re .Re
.Pp .Pp
.Rs .Rs
.%A K. Patel
.%A E. Chen
.%A B. Venkatachalapathy
.%D July 2014 .%D July 2014
.%R RFC 7313 .%R RFC 7313
.%T Enhanced Route Refresh Capability for BGP-4 .%T Enhanced Route Refresh Capability for BGP-4
.Re .Re
.Pp .Pp
.Rs .Rs
.%A W. Kumari
.%A R. Bush
.%A H. Schiller
.%A K. Patel
.%D August 2015 .%D August 2015
.%R RFC 7607 .%R RFC 7607
.%T Codification of AS 0 Processing .%T Codification of AS 0 Processing
.Re .Re
.Pp .Pp
.Rs .Rs
.%A D. Walton
.%A A. Retana
.%A E. Chen
.%A J. Scudder
.%D July 2016 .%D July 2016
.%R RFC 7911 .%R RFC 7911
.%T Advertisement of Multiple Paths in BGP .%T Advertisement of Multiple Paths in BGP
.Re .Re
.Pp .Pp
.Rs .Rs
.%A E. Jasinska
.%A N. Hilliard
.%A R. Raszuk
.%A N. Bakker
.%D September 2016 .%D September 2016
.%R RFC 7947 .%R RFC 7947
.%T Internet Exchange BGP Route Server .%T Internet Exchange BGP Route Server
.Re .Re
.Pp .Pp
.Rs .Rs
.%A C. Petrie
.%A T. King
.%D May 2017 .%D May 2017
.%R RFC 8050 .%R RFC 8050
.%T Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format with BGP Additional Path Extensions .%T Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format with BGP Additional Path Extensions
.Re .Re
.Pp .Pp
.Rs .Rs
.%A J. Heitz
.%A J. Snijders
.%A K. Patel
.%A I. Bagdonas
.%A N. Hilliard
.%D February 2017 .%D February 2017
.%R RFC 8092 .%R RFC 8092
.%T BGP Large Communities Attribute .%T BGP Large Communities Attribute
.Re .Re
.Pp .Pp
.Rs .Rs
.%A P. Mohapatra
.%A K. Patel
.%A J. Scudder
.%A D. Ward
.%A R. Bush
.%D March 2017 .%D March 2017
.%R RFC 8097 .%R RFC 8097
.%T BGP Prefix Origin Validation State Extended Community .%T BGP Prefix Origin Validation State Extended Community
.Re .Re
.Pp .Pp
.Rs .Rs
.%A J. Snijders
.%A J. Heitz
.%A J. Scudder
.%D July 2017 .%D July 2017
.%R RFC 8203 .%R RFC 8203
.%T BGP Administrative Shutdown Communication .%T BGP Administrative Shutdown Communication
.Re .Re
.Pp .Pp
.Rs .Rs
.%A R. Bush
.%A R. Austein
.%D September 2017 .%D September 2017
.%R RFC 8210 .%R RFC 8210
.%T The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1 .%T The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1
.Re .Re
.Pp .Pp
.Rs .Rs
.%A J. Mauch
.%A J. Snijders
.%A G. Hankins
.%D July 2017 .%D July 2017
.%R RFC 8212 .%R RFC 8212
.%T Default External BGP (EBGP) Route Propagation Behavior without Policies .%T Default External BGP (EBGP) Route Propagation Behavior without Policies
.Re .Re
.Pp .Pp
.Rs .Rs
.%A P. Francois
.%A B. Decraene
.%A C. Pelsser
.%A K. Patel
.%A C. Filsfils
.%D March 2018 .%D March 2018
.%R RFC 8326 .%R RFC 8326
.%T Graceful BGP Session Shutdown .%T Graceful BGP Session Shutdown
.Re .Re
.Pp .Pp
.Rs .Rs
.%A K. Patel
.%A R. Fernando
.%A J. Scudder
.%A J. Haas
.%D March 2019 .%D March 2019
.%R RFC 8538 .%R RFC 8538
.%T Notification Message Support for BGP Graceful Restart .%T Notification Message Support for BGP Graceful Restart
.Re .Re
.Pp .Pp
.Rs .Rs
.%A R. Bush
.%A K. Patel
.%A D. Ward
.%D October 2019 .%D October 2019
.%R RFC 8654 .%R RFC 8654
.%T Extended Message Support for BGP .%T Extended Message Support for BGP
.Re .Re
.Pp .Pp
.Rs .Rs
.%A S. Litkowski
.%A S. Agrawal
.%A K. Ananthamurthy
.%A K. Patel
.%D November 2020 .%D November 2020
.%R RFC 8950 .%R RFC 8950
.%T Advertising IPv4 Network Layer Reachability Information (NLRI) with an IPv6 Next Hop .%T Advertising IPv4 Network Layer Reachability Information (NLRI) with an IPv6 Next Hop
.Re .Re
.Pp .Pp
.Rs .Rs
.%A C. Loibl
.%A S. Hares
.%A R. Raszuk
.%A D. McPherson
.%A M. Bacher
.%D December 2020 .%D December 2020
.%R RFC 8955 .%R RFC 8955
.%T Dissemination of Flow Specification Rules .%T Dissemination of Flow Specification Rules
.Re .Re
.Pp .Pp
.Rs .Rs
.%A C. Loibl
.%A R. Raszuk
.%A S. Hares
.%D December 2020 .%D December 2020
.%R RFC 8956 .%R RFC 8956
.%T Dissemination of Flow Specification Rules for IPv6 .%T Dissemination of Flow Specification Rules for IPv6
.Re .Re
.Pp .Pp
.Rs .Rs
.%A E. Chen
.%A J. Scudder
.%D July 2021 .%D July 2021
.%R RFC 9072 .%R RFC 9072
.%T Extended Optional Parameters Length for BGP OPEN Message .%T Extended Optional Parameters Length for BGP OPEN Message
.Re .Re
.Pp .Pp
.Rs .Rs
.%A A. Azimov
.%A E. Bogomazov
.%A R. Bush
.%A K. Patel
.%A K. Sriram
.%D May 2022 .%D May 2022
.%R RFC 9234 .%R RFC 9234
.%T Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages .%T Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages
.Re .Re
.Pp .Pp
.Rs .Rs
.%A J. Snijders
.%A B. Cartwright-Cox
.%A Y. Qu
.%D November 2024 .%D November 2024
.%R RFC 9687 .%R RFC 9687
.%T Border Gateway Protocol 4 (BGP-4) Send Hold Timer .%T Border Gateway Protocol 4 (BGP-4) Send Hold Timer
.Re .Re
.Pp .Pp
.Rs .Rs
.%A A. Azimov
.%A E. Bogomazov
.%A R. Bush
.%A K. Patel
.%A J. Snijders
.%A K. Sriram
.%D October 2022 .%D October 2022
.%R draft-ietf-sidrops-aspa-verification .%R draft-ietf-sidrops-aspa-verification
.%T BGP AS_PATH Verification Based on Resource Public Key Infrastructure (RPKI) Autonomous System Provider Authorization (ASPA) Objects .%T BGP AS_PATH Verification Based on Resource Public Key Infrastructure (RPKI) Autonomous System Provider Authorization (ASPA) Objects

10
usr.sbin/rpki-client/rpki-client.8
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: rpki-client.8,v 1.119 2025/01/03 10:32:21 job Exp $ .\" $OpenBSD: rpki-client.8,v 1.120 2025/01/17 00:20:15 job Exp $
.\" .\"
.\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
.\" .\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd $Mdocdate: January 3 2025 $ .Dd $Mdocdate: January 17 2025 $
.Dt RPKI-CLIENT 8 .Dt RPKI-CLIENT 8
.Os .Os
.Sh NAME .Sh NAME
@ -303,6 +303,7 @@ URL of HTTP proxy to use.
default TAL files used unless default TAL files used unless
.Fl t Ar tal .Fl t Ar tal
is specified. is specified.
The TAL files of the five Regional Internet Registries are included.
.It Pa /etc/rpki/*.constraints .It Pa /etc/rpki/*.constraints
files containing registry-specific constraints to restrict what IP addresses files containing registry-specific constraints to restrict what IP addresses
and AS identifiers may or may not appear in EE certificates subordinate to the and AS identifiers may or may not appear in EE certificates subordinate to the
@ -316,11 +317,6 @@ cached repository data.
.It Pa /var/db/rpki-client/openbgpd .It Pa /var/db/rpki-client/openbgpd
default roa-set output file. default roa-set output file.
.El .El
.Pp
All the top-level TAL are included, except the ARIN TAL which is not
made available with terms compatible with open source.
That public key is treated as a proprietary object in a lengthy legal
agreement regarding ARIN service restrictions.
.Sh EXIT STATUS .Sh EXIT STATUS
.Ex -std .Ex -std
.Sh SEE ALSO .Sh SEE ALSO