sync with OpenBSD -current

lib/libc/sys/getrusage.2

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: getrusage.2,v 1.17 2015/02/28 21:51:57 bentley Exp $
+.\"	$OpenBSD: getrusage.2,v 1.18 2024/07/17 13:29:05 claudio Exp $
 .\"
 .\" Copyright (c) 1985, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"     @(#)getrusage.2	8.1 (Berkeley) 6/4/93
 .\"
-.Dd $Mdocdate: February 28 2015 $
+.Dd $Mdocdate: July 17 2024 $
 .Dt GETRUSAGE 2
 .Os
 .Sh NAME
@@ -48,7 +48,10 @@ which can be one of the following:
 .It Dv RUSAGE_SELF
 Resources used by the current process.
 .It Dv RUSAGE_CHILDREN
-Resources used by all the terminated children of the current process.
+Resources used by all the terminated children of the current process which
+were waited upon.
+If the child is never waited for, the resource information for the child
+process is discarded.
 .It Dv RUSAGE_THREAD
 Resources used by the current thread.
 .El
@@ -186,4 +189,4 @@ flag has been available since
 .Ox 4.8 .
 .Sh BUGS
 There is no way to obtain information about a child process
-that has not yet terminated.
+that has not yet terminated or has not been waited for by the parent.

lib/libc/sys/link.2

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: link.2,v 1.30 2024/03/25 17:57:07 guenther Exp $
+.\"	$OpenBSD: link.2,v 1.31 2024/07/18 15:38:57 millert Exp $
 .\"	$NetBSD: link.2,v 1.7 1995/02/27 12:34:01 cgd Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)link.2	8.3 (Berkeley) 1/12/94
 .\"
-.Dd $Mdocdate: March 25 2024 $
+.Dd $Mdocdate: July 18 2024 $
 .Dt LINK 2
 .Os
 .Sh NAME
@@ -65,15 +65,13 @@ is removed, the file
 .Fa name2
 is not deleted and the link count of the underlying object is decremented.
 .Pp
+For the hard link to succeed,
 .Fa name1
-must exist for the hard link to succeed and both
+must exist and not be a directory, and both
 .Fa name1
 and
 .Fa name2
 must be in the same file system.
-As mandated by POSIX.1
-.Fa name1
-may not be a directory.
 .Pp
 The
 .Fn linkat

libexec/login_radius/Makefile

@@ -1,10 +1,10 @@
-#	$OpenBSD: Makefile,v 1.2 2002/11/21 22:26:32 millert Exp $
+#	$OpenBSD: Makefile,v 1.3 2024/07/17 20:50:28 yasuoka Exp $
 
 PROG=	login_radius
 SRCS=	login_radius.c raddauth.c
 MAN=	login_radius.8
-DPADD=	${LIBUTIL}
+DPADD=	${LIBUTIL} ${LIBCRYPTO}
-LDADD=	-lutil
+LDADD=	-lutil -lcrypto
 CFLAGS+=-Wall
 
 BINOWN=	root

libexec/login_radius/raddauth.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: raddauth.c,v 1.31 2023/03/02 16:13:57 millert Exp $	*/
+/*	$OpenBSD: raddauth.c,v 1.33 2024/07/18 02:45:31 yasuoka Exp $	*/
 
 /*-
  * Copyright (c) 1996, 1997 Berkeley Software Design, Inc. All rights reserved.
@@ -84,8 +84,9 @@
 #include <syslog.h>
 #include <time.h>
 #include <unistd.h>
-#include <md5.h>
 #include <readpassphrase.h>
+#include <openssl/hmac.h>
+#include <openssl/md5.h>
 #include "login_radius.h"
 
 
@@ -95,6 +96,7 @@
 #define AUTH_VECTOR_LEN			16
 #define AUTH_HDR_LEN			20
 #define	AUTH_PASS_LEN			(256 - 16)
+#define AUTH_MSGAUTH_LEN		16
 #define	PW_AUTHENTICATION_REQUEST	1
 #define	PW_AUTHENTICATION_ACK		2
 #define	PW_AUTHENTICATION_REJECT	3
@@ -105,6 +107,7 @@
 #define	PW_CLIENT_PORT_ID		5
 #define PW_PORT_MESSAGE			18
 #define PW_STATE			24
+#define PW_MSG_AUTH			80
 
 #ifndef	RADIUS_DIR
 #define RADIUS_DIR		"/etc/raddb"
@@ -347,7 +350,7 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
 	int i, len, secretlen, total_length, p;
 	struct sockaddr_in sin;
 	u_char md5buf[MAXSECRETLEN+AUTH_VECTOR_LEN], digest[AUTH_VECTOR_LEN],
-	    pass_buf[AUTH_PASS_LEN], *pw, *ptr;
+	    pass_buf[AUTH_PASS_LEN], *pw, *ptr, *ma;
 	u_int length;
 	in_addr_t ipaddr;
 	MD5_CTX context;
@@ -359,6 +362,15 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
 	total_length = AUTH_HDR_LEN;
 	ptr = auth.data;
 
+	/* Preserve space for msgauth */
+	*ptr++ = PW_MSG_AUTH;
+	length = 16;
+	*ptr++ = length + 2;
+	ma = ptr;
+	memset(ma, 0, 16);
+	ptr += length;
+	total_length += length + 2;
+
 	/* User name */
 	*ptr++ = PW_USER_NAME;
 	length = strlen(name);
@@ -391,9 +403,9 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
 	/* XOR the password into the md5 digest */
 	pw = pass_buf;
 	while (p-- > 0) {
-		MD5Init(&context);
+		MD5_Init(&context);
-		MD5Update(&context, md5buf, secretlen + AUTH_VECTOR_LEN);
+		MD5_Update(&context, md5buf, secretlen + AUTH_VECTOR_LEN);
-		MD5Final(digest, &context);
+		MD5_Final(digest, &context);
 		for (i = 0; i < AUTH_VECTOR_LEN; ++i) {
 			*ptr = digest[i] ^ *pw;
 			md5buf[secretlen+i] = *ptr++;
@@ -431,6 +443,11 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
 
 	auth.length = htons(total_length);
 
+	/* Calc msgauth */
+	if (HMAC(EVP_md5(), auth_secret, secretlen, (unsigned char *)&auth,
+	    total_length, ma, NULL) == NULL)
+		errx(1, "HMAC() failed");
+
 	memset(&sin, 0, sizeof (sin));
 	sin.sin_family = AF_INET;
 	sin.sin_addr.s_addr = auth_server;
@@ -473,10 +490,10 @@ rad_recv(char *state, char *challenge, u_char *req_vector)
 	/* verify server's shared secret */
 	memcpy(recv_vector, auth.vector, AUTH_VECTOR_LEN);
 	memcpy(auth.vector, req_vector, AUTH_VECTOR_LEN);
-	MD5Init(&context);
+	MD5_Init(&context);
-	MD5Update(&context, (u_char *)&auth, ntohs(auth.length));
+	MD5_Update(&context, (u_char *)&auth, ntohs(auth.length));
-	MD5Update(&context, auth_secret, strlen(auth_secret));
+	MD5_Update(&context, auth_secret, strlen(auth_secret));
-	MD5Final(test_vector, &context);
+	MD5_Final(test_vector, &context);
 	if (memcmp(recv_vector, test_vector, AUTH_VECTOR_LEN) != 0)
 		errx(1, "shared secret incorrect");
 

regress/lib/libssl/ciphers/cipherstest.c

@@ -1,3 +1,4 @@
+/*	$OpenBSD: cipherstest.c,v 1.15 2024/07/17 15:22:56 tb Exp $ */
 /*
  * Copyright (c) 2015, 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -14,6 +15,8 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 #include <openssl/ssl.h>
 
 #include <err.h>
@@ -67,16 +70,674 @@ check_cipher_order(void)
 	return 0;
 }
 
+struct ssl_cipher_test {
+	uint16_t value;
+	int auth_nid;
+	int cipher_nid;
+	int digest_nid;
+	int handshake_digest_nid;
+	int kx_nid;
+	int strength_bits;
+	int symmetric_bits;
+	int is_aead;
+};
+
+static const struct ssl_cipher_test ssl_cipher_tests[] = {
+	{
+		.value = 0x0004,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_rc4,
+		.digest_nid = NID_md5,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x0005,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_rc4,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x000a,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_des_ede3_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 112,
+		.symmetric_bits = 168,
+	},
+	{
+		.value = 0x0016,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_des_ede3_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 112,
+		.symmetric_bits = 168,
+	},
+	{
+		.value = 0x0018,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_rc4,
+		.digest_nid = NID_md5,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x001b,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_des_ede3_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 112,
+		.symmetric_bits = 168,
+	},
+	{
+		.value = 0x002f,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x0033,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x0034,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x0035,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x0039,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x003a,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x003c,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x003d,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x0041,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_camellia_128_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x0045,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_camellia_128_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x0046,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_camellia_128_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x0067,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x006b,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x006c,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x006d,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x0084,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_camellia_256_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x0088,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_camellia_256_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x0089,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_camellia_256_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x009c,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_128_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+		.is_aead = 1,
+	},
+	{
+		.value = 0x009d,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_256_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha384,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+	{
+		.value = 0x009e,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_128_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+		.is_aead = 1,
+	},
+	{
+		.value = 0x009f,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_256_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha384,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+	{
+		.value = 0x00a6,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_aes_128_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+		.is_aead = 1,
+	},
+	{
+		.value = 0x00a7,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_aes_256_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha384,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+	{
+		.value = 0x00ba,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_camellia_128_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x00be,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_camellia_128_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x00bf,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_camellia_128_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0x00c0,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_camellia_256_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_rsa,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x00c4,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_camellia_256_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x00c5,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_camellia_256_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0x1301,
+		.auth_nid = NID_undef,
+		.cipher_nid = NID_aes_128_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_undef,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+		.is_aead = 1,
+	},
+	{
+		.value = 0x1302,
+		.auth_nid = NID_undef,
+		.cipher_nid = NID_aes_256_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha384,
+		.kx_nid = NID_undef,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+	{
+		.value = 0x1303,
+		.auth_nid = NID_undef,
+		.cipher_nid = NID_chacha20_poly1305,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_undef,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+	{
+		.value = 0xc007,
+		.auth_nid = NID_auth_ecdsa,
+		.cipher_nid = NID_rc4,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0xc008,
+		.auth_nid = NID_auth_ecdsa,
+		.cipher_nid = NID_des_ede3_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 112,
+		.symmetric_bits = 168,
+	},
+	{
+		.value = 0xc009,
+		.auth_nid = NID_auth_ecdsa,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0xc00a,
+		.auth_nid = NID_auth_ecdsa,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0xc011,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_rc4,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0xc012,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_des_ede3_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 112,
+		.symmetric_bits = 168,
+	},
+	{
+		.value = 0xc013,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0xc014,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0xc016,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_rc4,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0xc017,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_des_ede3_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 112,
+		.symmetric_bits = 168,
+	},
+	{
+		.value = 0xc018,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0xc019,
+		.auth_nid = NID_auth_null,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha1,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0xc023,
+		.auth_nid = NID_auth_ecdsa,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0xc024,
+		.auth_nid = NID_auth_ecdsa,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha384,
+		.handshake_digest_nid = NID_sha384,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0xc027,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_128_cbc,
+		.digest_nid = NID_sha256,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+	},
+	{
+		.value = 0xc028,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_256_cbc,
+		.digest_nid = NID_sha384,
+		.handshake_digest_nid = NID_sha384,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+	},
+	{
+		.value = 0xc02b,
+		.auth_nid = NID_auth_ecdsa,
+		.cipher_nid = NID_aes_128_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+		.is_aead = 1,
+	},
+	{
+		.value = 0xc02c,
+		.auth_nid = NID_auth_ecdsa,
+		.cipher_nid = NID_aes_256_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha384,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+	{
+		.value = 0xc02f,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_128_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 128,
+		.symmetric_bits = 128,
+		.is_aead = 1,
+	},
+	{
+		.value = 0xc030,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_aes_256_gcm,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha384,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+	{
+		.value = 0xcca8,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_chacha20_poly1305,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+	{
+		.value = 0xcca9,
+		.auth_nid = NID_auth_ecdsa,
+		.cipher_nid = NID_chacha20_poly1305,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_ecdhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+	{
+		.value = 0xccaa,
+		.auth_nid = NID_auth_rsa,
+		.cipher_nid = NID_chacha20_poly1305,
+		.digest_nid = NID_undef,
+		.handshake_digest_nid = NID_sha256,
+		.kx_nid = NID_kx_dhe,
+		.strength_bits = 256,
+		.symmetric_bits = 256,
+		.is_aead = 1,
+	},
+};
+
+#define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0]))
+
 static int
-cipher_find_test(void)
+test_ssl_ciphers(void)
 {
+	int i, strength_bits, symmetric_bits;
+	const struct ssl_cipher_test *sct;
 	STACK_OF(SSL_CIPHER) *ciphers;
 	const SSL_CIPHER *cipher;
+	const EVP_MD *digest;
 	unsigned char buf[2];
+	const char *description;
+	char desc_buf[256];
 	SSL_CTX *ssl_ctx = NULL;
 	SSL *ssl = NULL;
+	size_t j;
 	int ret = 1;
-	int i;
 
 	if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
 		fprintf(stderr, "SSL_CTX_new() returned NULL\n");
@@ -96,6 +757,12 @@ cipher_find_test(void)
 		goto failure;
 	}
 
+	if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) {
+		fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n",
+		    sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS);
+		goto failure;
+	}
+
 	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
 		uint16_t cipher_value;
 
@@ -106,18 +773,94 @@ cipher_find_test(void)
 		buf[1] = cipher_value & 0xff;
 
 		if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) {
-			fprintf(stderr,
+			fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n",
-			    "SSL_CIPHER_find() returned NULL for %s\n",
 			    SSL_CIPHER_get_name(cipher));
 			goto failure;
 		}
-
 		if (SSL_CIPHER_get_value(cipher) != cipher_value) {
-			fprintf(stderr,
+			fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n",
-			    "got cipher with value 0x%x, want 0x%x\n",
 			    SSL_CIPHER_get_value(cipher), cipher_value);
 			goto failure;
 		}
+		if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) {
+			fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n",
+			    SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value));
+			goto failure;
+		}
+
+		sct = NULL;
+		for (j = 0; j < N_SSL_CIPHER_TESTS; j++) {
+			if (ssl_cipher_tests[j].value == cipher_value) {
+				sct = &ssl_cipher_tests[j];
+				break;
+			}
+		}
+		if (sct == NULL) {
+			fprintf(stderr, "cipher '%s' (0x%04x) not found in test "
+			    "table\n", SSL_CIPHER_get_name(cipher), cipher_value);
+			goto failure;
+		}
+
+		if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) {
+			fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, "
+			    "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
+			    SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid);
+			goto failure;
+		}
+		if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) {
+			fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, "
+			    "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
+			    SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid);
+			goto failure;
+		}
+		if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) {
+			fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, "
+			    "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
+			    SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid);
+			goto failure;
+		}
+		if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) {
+			fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, "
+			    "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
+			    SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid);
+			goto failure;
+		}
+
+		/* Having API consistency is a wonderful thing... */
+		digest = SSL_CIPHER_get_handshake_digest(cipher);
+		if (EVP_MD_nid(digest) != sct->handshake_digest_nid) {
+			fprintf(stderr, "cipher '%s' (0x%04x) - got handshake "
+			    "digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher),
+			    cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid);
+			goto failure;
+		}
+
+		strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits);
+		if (strength_bits != sct->strength_bits) {
+			fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits "
+			    "%d, want %d\n", SSL_CIPHER_get_name(cipher),
+			    cipher_value, strength_bits, sct->strength_bits);
+			goto failure;
+		}
+		if (symmetric_bits != sct->symmetric_bits) {
+			fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits "
+			    "%d, want %d\n", SSL_CIPHER_get_name(cipher),
+			    cipher_value, symmetric_bits, sct->symmetric_bits);
+			goto failure;
+		}
+		if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) {
+			fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, "
+			    "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
+			    SSL_CIPHER_is_aead(cipher), sct->is_aead);
+			goto failure;
+		}
+
+		if ((description = SSL_CIPHER_description(cipher, desc_buf,
+		    sizeof(desc_buf))) != desc_buf) {
+			fprintf(stderr, "cipher '%s' (0x%04x) - failed to get "
+			    "description\n", SSL_CIPHER_get_name(cipher), cipher_value);
+			goto failure;
+		}
 	}
 
 	ret = 0;
@@ -466,7 +1209,7 @@ main(int argc, char **argv)
 
 	failed |= check_cipher_order();
 
-	failed |= cipher_find_test();
+	failed |= test_ssl_ciphers();
 
 	failed |= parse_ciphersuites_test();
 	failed |= cipher_set_test();

sbin/iked/radius.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radius.c,v 1.7 2024/07/13 14:28:27 yasuoka Exp $	*/
+/*	$OpenBSD: radius.c,v 1.8 2024/07/18 08:58:59 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2024 Internet Initiative Japan Inc.
@@ -177,6 +177,7 @@ iked_radius_on_event(int fd, short ev, void *ctx)
 	if (req == NULL) {
 		log_debug("%s: received an unknown RADIUS message: id=%u",
 		    __func__, (unsigned)resid);
+		radius_delete_packet(pkt);
 		return;
 	}
 
@@ -184,6 +185,7 @@ iked_radius_on_event(int fd, short ev, void *ctx)
 	if (radius_check_response_authenticator(pkt, server->rs_secret) != 0) {
 		log_info("%s: received an invalid RADIUS message: bad "
 		    "response authenticator", __func__);
+		radius_delete_packet(pkt);
 		return;
 	}
 	if (req->rr_accounting) {
@@ -200,6 +202,7 @@ iked_radius_on_event(int fd, short ev, void *ctx)
 		TAILQ_REMOVE(&server->rs_reqs, req, rr_entry);
 		req->rr_server = NULL;
 		free(req);
+		radius_delete_packet(pkt);
 		return;
 	}
 
@@ -207,6 +210,7 @@ iked_radius_on_event(int fd, short ev, void *ctx)
 	if (radius_check_message_authenticator(pkt, server->rs_secret) != 0) {
 		log_info("%s: received an invalid RADIUS message: bad "
 		    "message authenticator", __func__);
+		radius_delete_packet(pkt);
 		return;
 	}
 
@@ -314,10 +318,14 @@ iked_radius_on_event(int fd, short ev, void *ctx)
 		log_info("%s: failed to retrieve the EAP message", __func__);
 		goto fail;
 	}
+	radius_delete_packet(pkt);
 	ikev2_send_ike_e(env, req->rr_sa, e, IKEV2_PAYLOAD_EAP,
 	    IKEV2_EXCHANGE_IKE_AUTH, 1);
+	/* keep request for challenge state and config parameters */
+	req->rr_reqid = -1;	/* release reqid */
 	return;
  fail:
+	radius_delete_packet(pkt);
 	if (req->rr_server != NULL)
 		TAILQ_REMOVE(&server->rs_reqs, req, rr_entry);
 	req->rr_server = NULL;
@@ -416,8 +424,10 @@ iked_radius_request_send(struct iked *env, void *ctx)
 	if (req->rr_ntry == 0) {
 		/* decide the ID */
 		seq = ++server->rs_reqseq;
-		for (i = 0; i < UCHAR_MAX; i++) {
+		for (i = 0; i <= UCHAR_MAX; i++) {
 			TAILQ_FOREACH(req0, &server->rs_reqs, rr_entry) {
+				if (req0->rr_reqid == -1)
+					continue;
 				if (req0->rr_reqid == seq)
 					break;
 			}
@@ -425,7 +435,7 @@ iked_radius_request_send(struct iked *env, void *ctx)
 				break;
 			seq++;
 		}
-		if (i >= UCHAR_MAX) {
+		if (i > UCHAR_MAX) {
 			log_info("%s: RADIUS server %s failed.  Too many "
 			    "pending requests", __func__,
 			    print_addr(&server->rs_sockaddr));

share/man/man4/speaker.4

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: speaker.4,v 1.11 2022/09/11 06:38:11 jmc Exp $
+.\"	$OpenBSD: speaker.4,v 1.12 2024/07/18 05:44:46 jmc Exp $
 .\"	$NetBSD: speaker.4,v 1.9 1998/08/18 08:16:56 augustss Exp $
 .\"
 .\" Copyright (c) 1993 Christopher G. Demetriou
@@ -29,7 +29,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 11 2022 $
+.Dd $Mdocdate: July 18 2024 $
 .Dt SPKR 4
 .Os
 .Sh NAME
@@ -123,7 +123,7 @@ or
 the first two of these cause it to be sharped one half-tone, the last causes
 it to be flatted one half-tone.
 It may also be followed by a time value number and by sustain dots (see below).
-Time values are interpreted as for the L command below;.
+Time values are interpreted as for the L command below.
 .It O Aq Ar n
 If
 .Ar n

sys/arch/arm64/arm64/autoconf.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: autoconf.c,v 1.14 2022/09/08 10:22:06 kn Exp $	*/
+/*	$OpenBSD: autoconf.c,v 1.15 2024/07/17 15:21:59 kettenis Exp $	*/
 /*
  * Copyright (c) 2009 Miodrag Vallat.
  *
@@ -61,6 +61,8 @@ cpu_configure(void)
 
 	unmap_startup();
 
+	cpu_identify_cleanup();
+
 #ifdef CRYPTO
 	if (arm64_has_aes)
 		cryptox_setup();

sys/arch/arm64/arm64/cpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.126 2024/07/14 09:48:48 jca Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.127 2024/07/17 15:21:59 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@@ -1024,6 +1024,40 @@ cpu_identify(struct cpu_info *ci)
 #endif
 }
 
+void
+cpu_identify_cleanup(void)
+{
+	uint64_t value;
+
+	/* ID_AA64ISAR0_EL1 */
+	value = cpu_id_aa64isar0 & ID_AA64ISAR0_MASK;
+	value &= ~ID_AA64ISAR0_TLB_MASK;
+	cpu_id_aa64isar0 = value;
+
+	/* ID_AA64ISAR1_EL1 */
+	value = cpu_id_aa64isar1 &= ID_AA64ISAR1_MASK;
+	value &= ~ID_AA64ISAR1_SPECRES_MASK;
+	cpu_id_aa64isar1 = value;
+
+	/* ID_AA64ISAR2_EL1 */
+	value = cpu_id_aa64isar2 &= ID_AA64ISAR2_MASK;
+	value &= ~ID_AA64ISAR2_CLRBHB_MASK;
+	cpu_id_aa64isar2 = value;
+
+	/* ID_AA64PFR0_EL1 */
+	value = 0;
+	value |= cpu_id_aa64pfr0 & ID_AA64PFR0_FP_MASK;
+	value |= cpu_id_aa64pfr0 & ID_AA64PFR0_ADV_SIMD_MASK;
+	value |= cpu_id_aa64pfr0 & ID_AA64PFR0_DIT_MASK;
+	cpu_id_aa64pfr0 = value;
+
+	/* ID_AA64PFR1_EL1 */
+	value = 0;
+	value |= cpu_id_aa64pfr1 & ID_AA64PFR1_BT_MASK;
+	value |= cpu_id_aa64pfr1 & ID_AA64PFR1_SSBS_MASK;
+	cpu_id_aa64pfr1 = value;
+}
+
 void	cpu_init(void);
 int	cpu_start_secondary(struct cpu_info *ci, int, uint64_t);
 int	cpu_clockspeed(int *);

sys/arch/arm64/arm64/machdep.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: machdep.c,v 1.90 2024/07/03 21:04:04 kettenis Exp $ */
+/* $OpenBSD: machdep.c,v 1.91 2024/07/17 15:21:59 kettenis Exp $ */
 /*
  * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se>
  * Copyright (c) 2021 Mark Kettenis <kettenis@openbsd.org>
@@ -332,7 +332,6 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 {
 	char *compatible;
 	int node, len, error;
-	uint64_t value;
 
 	/* all sysctl names at this level are terminal */
 	if (namelen != 1)
@@ -351,25 +350,15 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 		free(compatible, M_TEMP, len);
 		return error;
 	case CPU_ID_AA64ISAR0:
-		value = cpu_id_aa64isar0 & ID_AA64ISAR0_MASK;
+		return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64isar0);
-		value &= ~ID_AA64ISAR0_TLB_MASK;
-		return sysctl_rdquad(oldp, oldlenp, newp, value);
 	case CPU_ID_AA64ISAR1:
-		value = cpu_id_aa64isar1 & ID_AA64ISAR1_MASK;
+		return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64isar1);
-		value &= ~ID_AA64ISAR1_SPECRES_MASK;
-		return sysctl_rdquad(oldp, oldlenp, newp, value);
-	case CPU_ID_AA64PFR0:
-		value = 0;
-		value |= cpu_id_aa64pfr0 & ID_AA64PFR0_FP_MASK;
-		value |= cpu_id_aa64pfr0 & ID_AA64PFR0_ADV_SIMD_MASK;
-		value |= cpu_id_aa64pfr0 & ID_AA64PFR0_DIT_MASK;
-		return sysctl_rdquad(oldp, oldlenp, newp, value);
-	case CPU_ID_AA64PFR1:
-		value = 0;
-		value |= cpu_id_aa64pfr1 & ID_AA64PFR1_BT_MASK;
-		value |= cpu_id_aa64pfr1 & ID_AA64PFR1_SSBS_MASK;
-		return sysctl_rdquad(oldp, oldlenp, newp, value);
 	case CPU_ID_AA64ISAR2:
+		return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64isar2);
+	case CPU_ID_AA64PFR0:
+		return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64pfr0);
+	case CPU_ID_AA64PFR1:
+		return sysctl_rdquad(oldp, oldlenp, newp, cpu_id_aa64pfr1);
 	case CPU_ID_AA64MMFR0:
 	case CPU_ID_AA64MMFR1:
 	case CPU_ID_AA64MMFR2:

sys/arch/arm64/include/cpu.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: cpu.h,v 1.48 2024/07/10 11:01:24 kettenis Exp $ */
+/* $OpenBSD: cpu.h,v 1.49 2024/07/17 15:21:59 kettenis Exp $ */
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
  *
@@ -63,9 +63,12 @@
 
 extern uint64_t cpu_id_aa64isar0;
 extern uint64_t cpu_id_aa64isar1;
+extern uint64_t cpu_id_aa64isar2;
 extern uint64_t cpu_id_aa64pfr0;
 extern uint64_t cpu_id_aa64pfr1;
 
+void cpu_identify_cleanup(void);
+
 #include <machine/intr.h>
 #include <machine/frame.h>
 #include <machine/armreg.h>

sys/net/pf_ioctl.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.417 2024/05/13 01:15:53 jsg Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.418 2024/07/18 14:46:28 bluhm Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -287,7 +287,7 @@ pfattach(int num)
 	 */
 	pf_anchor_stack = cpumem_malloc(
 	    sizeof(struct pf_anchor_stackframe) * (PF_ANCHOR_STACK_MAX + 2),
-	    M_WAITOK|M_ZERO);
+	    M_PF);
 	CPUMEM_FOREACH(sf, &cmi, pf_anchor_stack)
 		sf[PF_ANCHOR_STACK_MAX].sf_stack_top = &sf[0];
 }

sys/sys/proc.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: proc.h,v 1.363 2024/07/15 07:24:03 jsg Exp $	*/
+/*	$OpenBSD: proc.h,v 1.364 2024/07/17 09:54:14 claudio Exp $	*/
 /*	$NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $	*/
 
 /*-
@@ -444,8 +444,8 @@ struct proc {
 #define	P_BITS \
     ("\20" "\01INKTR" "\02PROFPEND" "\03ALRMPEND" "\04SIGSUSPEND" \
      "\05CANTSLEEP" "\06WSLEEP" "\010SINTR" "\012SYSTEM" "\013TIMEOUT" \
-     "\016WEXIT" "\020OWEUPC" "\024SUSPSINGLE" "\027XX" \
+     "\016WEXIT" "\020OWEUPC" "\024SUSPSINGLE" "\030CONTINUED" "\033THREAD" \
-     "\030CONTINUED" "\033THREAD" "\034SUSPSIG" "\035SOFTDEP" "\037CPUPEG")
+     "\034SUSPSIG" "\037CPUPEG")
 
 #define	THREAD_PID_OFFSET	100000
 

usr.bin/sed/compile.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: compile.c,v 1.52 2024/06/18 00:32:22 millert Exp $	*/
+/*	$OpenBSD: compile.c,v 1.53 2024/07/17 20:57:15 millert Exp $	*/
 
 /*-
  * Copyright (c) 1992 Diomidis Spinellis.
@@ -37,7 +37,7 @@
 #include <sys/stat.h>
 
 #include <ctype.h>
-#include <errno.h>
+#include <err.h>
 #include <fcntl.h>
 #include <limits.h>
 #include <regex.h>
@@ -153,7 +153,7 @@ compile_stream(struct s_command **link)
 	for (;;) {
 		if ((p = cu_getline(&lbuf, &bufsize)) == NULL) {
 			if (stack != 0)
-				error(COMPILE, "unexpected EOF (pending }'s)");
+				error("unexpected EOF (pending }'s)");
 			return (link);
 		}
 
@@ -193,17 +193,16 @@ semicolon:	EATSPACE();
 
 nonsel:		/* Now parse the command */
 		if (!*p)
-			error(COMPILE, "command expected");
+			error("command expected");
 		cmd->code = *p;
 		for (fp = cmd_fmts; fp->code; fp++)
 			if (fp->code == *p)
 				break;
 		if (!fp->code)
-			error(COMPILE, "invalid command code %c", *p);
+			error("invalid command code %c", *p);
 		if (naddr > fp->naddr)
-			error(COMPILE,
+			error("command %c expects up to %d address(es),"
-			    "command %c expects up to %d address(es), found %d",
+			    " found %d", *p, fp->naddr, naddr);
-			    *p, fp->naddr, naddr);
 		switch (fp->args) {
 		case NONSEL:			/* ! */
 			p++;
@@ -226,7 +225,7 @@ nonsel:		/* Now parse the command */
 			 */
 			cmd->nonsel = 1;
 			if (stack == 0)
-				error(COMPILE, "unexpected }");
+				error("unexpected }");
 			cmd2 = stack;
 			stack = cmd2->next;
 			cmd2->next = cmd;
@@ -240,19 +239,19 @@ nonsel:		/* Now parse the command */
 				goto semicolon;
 			}
 			if (*p)
-				error(COMPILE,
+				error("extra characters at the end of %c"
-"extra characters at the end of %c command", cmd->code);
+				    " command", cmd->code);
 			break;
 		case TEXT:			/* a c i */
 			p++;
 			EATSPACE();
 			if (*p != '\\')
-				error(COMPILE, "command %c expects \\ followed by"
+				error("command %c expects \\ followed by text",
-				    " text", cmd->code);
+				    cmd->code);
 			p++;
 			EATSPACE();
 			if (*p)
-				error(COMPILE, "extra characters after \\ at the"
+				error("extra characters after \\ at the"
 				    " end of %c command", cmd->code);
 			cmd->t = compile_text();
 			break;
@@ -262,7 +261,7 @@ nonsel:		/* Now parse the command */
 			p++;
 			EATSPACE();
 			if (*p == '\0')
-				error(COMPILE, "filename expected");
+				error("filename expected");
 			cmd->t = duptoeol(p, "w command", NULL);
 			if (aflag) {
 				cmd->u.fd = -1;
@@ -271,14 +270,14 @@ nonsel:		/* Now parse the command */
 			else if ((cmd->u.fd = open(p,
 			    O_WRONLY|O_APPEND|O_CREAT|O_TRUNC,
 			    DEFFILEMODE)) == -1)
-				error(FATAL, "%s: %s", p, strerror(errno));
+				err(1, "%s", p);
 			break;
 		case RFILE:			/* r */
 			pledge_rpath = 1;
 			p++;
 			EATSPACE();
 			if (*p == '\0')
-				error(COMPILE, "filename expected");
+				error("filename expected");
 			cmd->t = duptoeol(p, "read command", NULL);
 			break;
 		case BRANCH:			/* b t */
@@ -298,7 +297,7 @@ nonsel:		/* Now parse the command */
 			EATSPACE();
 			cmd->t = duptoeol(p, "label", &p);
 			if (strlen(cmd->t) == 0)
-				error(COMPILE, "empty label");
+				error("empty label");
 			enterlabel(cmd);
 			if (*p == ';') {
 				p++;
@@ -308,12 +307,12 @@ nonsel:		/* Now parse the command */
 		case SUBST:			/* s */
 			p++;
 			if (*p == '\0' || *p == '\\')
-				error(COMPILE, "substitute pattern can not be"
+				error("substitute pattern can not be"
 				    " delimited by newline or backslash");
 			cmd->u.s = xmalloc(sizeof(struct s_subst));
 			p = compile_re(p, &cmd->u.s->re);
 			if (p == NULL)
-				error(COMPILE, "unterminated substitute pattern");
+				error("unterminated substitute pattern");
 			--p;
 			p = compile_subst(p, cmd->u.s);
 			p = compile_flags(p, cmd->u.s);
@@ -334,7 +333,7 @@ nonsel:		/* Now parse the command */
 				goto semicolon;
 			}
 			if (*p)
-				error(COMPILE, "extra text at the end of a"
+				error("extra text at the end of a"
 				    " transform command");
 			break;
 		}
@@ -359,9 +358,9 @@ compile_delimited(char *p, char *d)
 	if (c == '\0')
 		return (NULL);
 	else if (c == '\\')
-		error(COMPILE, "\\ can not be used as a string delimiter");
+		error("\\ can not be used as a string delimiter");
 	else if (c == '\n')
-		error(COMPILE, "newline can not be used as a string delimiter");
+		error("newline can not be used as a string delimiter");
 
 	while (p[0]) {
 		/* Unescaped delimiter: We are done. */
@@ -393,7 +392,7 @@ compile_delimited(char *p, char *d)
 		 * It may contain the delimiter without escaping.
 		 */
 		else if ((d = compile_ccl(&p, d)) == NULL)
-			error(COMPILE, "unbalanced brackets ([])");
+			error("unbalanced brackets ([])");
 	}
 	return NULL;
 }
@@ -453,7 +452,7 @@ compile_re(char *p, regex_t **repp)
 	}
 	*repp = xmalloc(sizeof(regex_t));
 	if (p && (eval = regcomp(*repp, re, Eflag ? REG_EXTENDED : 0)) != 0)
-		error(COMPILE, "RE error: %s", strregerror(eval, *repp));
+		error("RE error: %s", strregerror(eval, *repp));
 	if (maxnsub < (*repp)->re_nsub)
 		maxnsub = (*repp)->re_nsub;
 	free(re);
@@ -519,8 +518,8 @@ compile_subst(char *p, struct s_subst *s)
 					ref = *p - '0';
 					if (s->re != NULL &&
 					    ref > s->re->re_nsub)
-						error(COMPILE,
+						error("\\%c not defined in the"
-"\\%c not defined in the RE", *p);
+						    " RE", *p);
 					if (s->maxbref < ref)
 						s->maxbref = ref;
 				} else if (*p == '&' || *p == '\\')
@@ -532,14 +531,14 @@ compile_subst(char *p, struct s_subst *s)
 				s->new = xrealloc(text, size);
 				return (p);
 			} else if (*p == '\n') {
-				error(COMPILE,
+				error("unescaped newline inside substitute"
-"unescaped newline inside substitute pattern");
+				    " pattern");
 			}
 			*sp++ = *p;
 		}
 		size += sp - op;
 	} while ((p = cu_getline(&lbuf, &bufsize)));
-	error(COMPILE, "unterminated substitute in regular expression");
+	error("unterminated substitute in regular expression");
 }
 
 /*
@@ -560,7 +559,7 @@ compile_flags(char *p, struct s_subst *s)
 		switch (*p) {
 		case 'g':
 			if (gn)
-				error(COMPILE, "more than one number or 'g' in"
+				error("more than one number or 'g' in"
 				    " substitute flags");
 			gn = 1;
 			s->n = 0;
@@ -576,20 +575,20 @@ compile_flags(char *p, struct s_subst *s)
 		case '4': case '5': case '6':
 		case '7': case '8': case '9':
 			if (gn)
-				error(COMPILE, "more than one number or 'g' in"
+				error("more than one number or 'g' in"
 				    " substitute flags");
 			gn = 1;
 			l = strtol(p, &p, 10);
 			if (l <= 0 || l >= INT_MAX)
-				error(COMPILE,
+				error("number in substitute flags out of"
-				    "number in substitute flags out of range");
+				    " range");
 			s->n = (int)l;
 			continue;
 		case 'w':
 			p++;
 			EATSPACE();
 			if (*p == '\0')
-				error(COMPILE, "filename expected");
+				error("filename expected");
 			s->wfile = duptoeol(p, "s command w flag", NULL);
 			*p = '\0';
 			if (aflag)
@@ -597,11 +596,10 @@ compile_flags(char *p, struct s_subst *s)
 			else if ((s->wfd = open(s->wfile,
 			    O_WRONLY|O_APPEND|O_CREAT|O_TRUNC,
 			    DEFFILEMODE)) == -1)
-				error(FATAL, "%s: %s", s->wfile, strerror(errno));
+				err(1, "%s", s->wfile);
 			return (p);
 		default:
-			error(COMPILE,
+			error("bad flag in substitute command: '%c'", *p);
-			    "bad flag in substitute command: '%c'", *p);
 			break;
 		}
 		p++;
@@ -621,20 +619,20 @@ compile_tr(char *old, char **transtab)
 	memset(check, 0, sizeof(check));
 	delimiter = *old;
 	if (delimiter == '\\')
-		error(COMPILE, "\\ can not be used as a string delimiter");
+		error("\\ can not be used as a string delimiter");
 	else if (delimiter == '\n' || delimiter == '\0')
-		error(COMPILE, "newline can not be used as a string delimiter");
+		error("newline can not be used as a string delimiter");
 
 	new = old++;
 	do {
 		if ((new = strchr(new + 1, delimiter)) == NULL)
-			error(COMPILE, "unterminated transform source string");
+			error("unterminated transform source string");
 	} while (*(new - 1) == '\\' && *(new -2) != '\\');
 	*new = '\0';
 	end = new++;
 	do {
 		if ((end = strchr(end + 1, delimiter)) == NULL)
-			error(COMPILE, "unterminated transform target string");
+			error("unterminated transform target string");
 	} while (*(end -1) == '\\' && *(end -2) != '\\');
 	*end = '\0';
 
@@ -649,24 +647,22 @@ compile_tr(char *old, char **transtab)
 			if (*old == 'n')
 				*old = '\n';
 			else if (*old != delimiter && *old != '\\')
-				error(COMPILE, "Unexpected character after "
+				error("Unexpected character after backslash");
-				    "backslash");
 		}
 		if (*new == '\\') {
 			new++;
 			if (*new == 'n')
 				*new = '\n';
 			else if (*new != delimiter && *new != '\\')
-				error(COMPILE, "Unexpected character after "
+				error("Unexpected character after backslash");
-				    "backslash");
 		}
 		if (check[(u_char) *old] == 1)
-			error(COMPILE, "Repeated character in source string");
+			error("Repeated character in source string");
 		check[(u_char) *old] = 1;
 		(*transtab)[(u_char) *old++] = *new++;
 	}
 	if (*old != '\0' || *new != '\0')
-		error(COMPILE, "transform strings are not the same length");
+		error("transform strings are not the same length");
 	return end + 1;
 }
 
@@ -724,7 +720,7 @@ compile_addr(char *p, struct s_addr *a)
 	case '/':				/* Context address */
 		p = compile_re(p, &a->u.r);
 		if (p == NULL)
-			error(COMPILE, "unterminated regular expression");
+			error("unterminated regular expression");
 		a->type = AT_RE;
 		return (p);
 
@@ -738,7 +734,7 @@ compile_addr(char *p, struct s_addr *a)
 		a->u.l = strtoul(p, &end, 10);
 		return (end);
 	default:
-		error(COMPILE, "expected context address");
+		error("expected context address");
 		return (NULL);
 	}
 }
@@ -798,7 +794,7 @@ fixuplabel(struct s_command *cp, struct s_command *end)
 				break;
 			}
 			if ((cp->u.c = findlabel(cp->t)) == NULL)
-				error(COMPILE, "undefined label '%s'", cp->t);
+				error("undefined label '%s'", cp->t);
 			free(cp->t);
 			break;
 		case '{':
@@ -823,7 +819,7 @@ enterlabel(struct s_command *cp)
 	lhp = &labels[h & LHMASK];
 	for (lh = *lhp; lh != NULL; lh = lh->lh_next)
 		if (lh->lh_hash == h && strcmp(cp->t, lh->lh_cmd->t) == 0)
-			error(COMPILE, "duplicate label '%s'", cp->t);
+			error("duplicate label '%s'", cp->t);
 	lh = xmalloc(sizeof *lh);
 	lh->lh_next = *lhp;
 	lh->lh_hash = h;

usr.bin/sed/defs.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: defs.h,v 1.10 2022/12/26 19:16:02 jmc Exp $ */
+/*	$OpenBSD: defs.h,v 1.11 2024/07/17 20:57:15 millert Exp $ */
 /*-
  * Copyright (c) 1992 Diomidis Spinellis.
  * Copyright (c) 1992, 1993
@@ -133,12 +133,6 @@ typedef struct {
 	size_t blen;		/* Backing memory length. */
 } SPACE;
 
-/*
- * Error severity codes:
- */
-#define	FATAL		1	/* Exit immediately with 1 */
-#define	COMPILE		2	/* Print error, count and finish script */
-
 /*
  * Round up to the nearest multiple of _POSIX2_LINE_MAX
  */

usr.bin/sed/extern.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.15 2024/06/18 00:32:22 millert Exp $ */
+/*	$OpenBSD: extern.h,v 1.16 2024/07/17 20:57:16 millert Exp $ */
 /*-
  * Copyright (c) 1992 Diomidis Spinellis.
  * Copyright (c) 1992, 1993
@@ -49,8 +49,8 @@ void	 cfclose(struct s_command *, struct s_command *);
 void	 compile(void);
 void	 cspace(SPACE *, const char *, size_t, enum e_spflag);
 char	*cu_getline(char **, size_t *);
-__dead void error(int, const char *, ...);
+__dead void error(const char *, ...) __attribute__((__format__ (printf, 1, 2)));
-void	warning(const char *, ...);
+void	warning(const char *, ...) __attribute__((__format__ (printf, 1, 2)));
 int	 mf_getline(SPACE *, enum e_spflag);
 int	 lastline(void);
 void	 finish_file(void);

usr.bin/sed/main.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.45 2024/06/18 00:32:22 millert Exp $	*/
+/*	$OpenBSD: main.c,v 1.47 2024/07/17 20:57:16 millert Exp $	*/
 
 /*-
  * Copyright (c) 1992 Diomidis Spinellis.
@@ -38,6 +38,7 @@
 #include <sys/stat.h>
 
 #include <ctype.h>
+#include <err.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
@@ -166,10 +167,10 @@ main(int argc, char *argv[])
 
 	if (inplace != NULL) {
 		if (pledge("stdio rpath wpath cpath fattr chown", NULL) == -1)
-			error(FATAL, "pledge: %s", strerror(errno));
+			err(1, "pledge");
 	} else {
 		if (pledge("stdio rpath wpath cpath", NULL) == -1)
-			error(FATAL, "pledge: %s", strerror(errno));
+			err(1, "pledge");
 	}
 
 	/* First usage case; script is the first arg */
@@ -184,27 +185,27 @@ main(int argc, char *argv[])
 	if (*argv) {
 		if (!pledge_wpath && inplace == NULL) {
 			if (pledge("stdio rpath", NULL) == -1)
-				error(FATAL, "pledge: %s", strerror(errno));
+				err(1, "pledge");
 		}
 		for (; *argv; argv++)
 			add_file(*argv);
 	} else {
 		if (!pledge_wpath && !pledge_rpath) {
 			if (pledge("stdio", NULL) == -1)
-				error(FATAL, "pledge: %s", strerror(errno));
+				err(1, "pledge");
 		} else if (pledge_rpath) {
 			if (pledge("stdio rpath", NULL) == -1)
-				error(FATAL, "pledge: %s", strerror(errno));
+				err(1, "pledge");
 		} else if (pledge_wpath) {
 			if (pledge("stdio wpath cpath", NULL) == -1)
-				error(FATAL, "pledge: %s", strerror(errno));
+				err(1, "pledge");
 		}
 		add_file(NULL);
 	}
 	process();
 	cfclose(prog, NULL);
 	if (fclose(stdout))
-		error(FATAL, "stdout: %s", strerror(errno));
+		err(1, "stdout");
 	exit (rval);
 }
 
@@ -234,8 +235,7 @@ again:
 		switch (script->type) {
 		case CU_FILE:
 			if ((f = fopen(script->s, "r")) == NULL)
-				error(FATAL,
+				err(1, "%s", script->s);
-				    "%s: %s", script->s, strerror(errno));
 			fname = script->s;
 			state = ST_FILE;
 			goto again;
@@ -310,7 +310,7 @@ finish_file(void)
 		fclose(infile);
 		if (*oldfname != '\0') {
 			if (rename(fname, oldfname) != 0) {
-				warning("rename()");
+				warn("rename %s to %s", fname, oldfname);
 				unlink(tmpfname);
 				exit(1);
 			}
@@ -320,7 +320,11 @@ finish_file(void)
 			if (outfile != NULL && outfile != stdout)
 				fclose(outfile);
 			outfile = NULL;
-			rename(tmpfname, fname);
+			if (rename(tmpfname, fname) != 0) {
+				warn("rename %s to %s", tmpfname, fname);
+				unlink(tmpfname);
+				exit(1);
+			}
 			*tmpfname = '\0';
 		}
 		outfname = NULL;
@@ -346,7 +350,7 @@ mf_getline(SPACE *sp, enum e_spflag spflag)
 		/* stdin? */
 		if (files->fname == NULL) {
 			if (inplace != NULL)
-				error(FATAL, "-i may not be used with stdin");
+				errx(1, "-i may not be used with stdin");
 			infile = stdin;
 			fname = "stdin";
 			outfile = stdout;
@@ -377,34 +381,36 @@ mf_getline(SPACE *sp, enum e_spflag spflag)
 		}
 		fname = files->fname;
 		if (inplace != NULL) {
-			if (lstat(fname, &sb) != 0)
+			if (stat(fname, &sb) != 0)
-				error(FATAL, "%s: %s", fname,
+				err(1, "%s", fname);
-				    strerror(errno ? errno : EIO));
 			if (!S_ISREG(sb.st_mode))
-				error(FATAL, "%s: %s %s", fname,
+				errx(1, "%s: %s %s", fname,
 				    "in-place editing only",
 				    "works for regular files");
 			if (*inplace != '\0') {
-				strlcpy(oldfname, fname,
+				(void)strlcpy(oldfname, fname,
 				    sizeof(oldfname));
 				len = strlcat(oldfname, inplace,
 				    sizeof(oldfname));
-				if (len > sizeof(oldfname))
+				if (len >= sizeof(oldfname))
-					error(FATAL, "%s: name too long", fname);
+					errc(1, ENAMETOOLONG, "%s", fname);
 			}
-			strlcpy(dirbuf, fname, sizeof(dirbuf));
+			len = strlcpy(dirbuf, fname, sizeof(dirbuf));
+			if (len >= sizeof(dirbuf))
+				errc(1, ENAMETOOLONG, "%s", fname);
 			len = snprintf(tmpfname, sizeof(tmpfname),
 			    "%s/sedXXXXXXXXXX", dirname(dirbuf));
 			if (len >= sizeof(tmpfname))
-				error(FATAL, "%s: name too long", fname);
+				errc(1, ENAMETOOLONG, "%s", fname);
 			if ((fd = mkstemp(tmpfname)) == -1)
-				error(FATAL, "%s: %s", fname, strerror(errno));
+				err(1, "%s", fname);
+			(void)fchown(fd, sb.st_uid, sb.st_gid);
+			(void)fchmod(fd, sb.st_mode & ALLPERMS);
 			if ((outfile = fdopen(fd, "w")) == NULL) {
+				warn("%s", fname);
 				unlink(tmpfname);
-				error(FATAL, "%s", fname);
+				exit(1);
 			}
-			fchown(fileno(outfile), sb.st_uid, sb.st_gid);
-			fchmod(fileno(outfile), sb.st_mode & ALLPERMS);
 			outfname = tmpfname;
 			linenum = 0;
 			resetstate();
@@ -413,7 +419,7 @@ mf_getline(SPACE *sp, enum e_spflag spflag)
 			outfname = "stdout";
 		}
 		if ((infile = fopen(fname, "r")) == NULL) {
-			warning("%s", strerror(errno));
+			warn("%s", fname);
 			rval = 1;
 			continue;
 		}
@@ -429,7 +435,7 @@ mf_getline(SPACE *sp, enum e_spflag spflag)
 	 */
 	len = getline(&p, &psize, infile);
 	if ((ssize_t)len == -1)
-		error(FATAL, "%s: %s", fname, strerror(errno));
+		err(1, "%s", fname);
 	if (len != 0 && p[len - 1] == '\n') {
 		sp->append_newline = 1;
 		len--;

usr.bin/sed/misc.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: misc.c,v 1.12 2017/01/20 10:26:16 krw Exp $	*/
+/*	$OpenBSD: misc.c,v 1.13 2024/07/17 20:57:16 millert Exp $	*/
 
 /*-
  * Copyright (c) 1992 Diomidis Spinellis.
@@ -35,7 +35,7 @@
 
 #include <sys/types.h>
 
-#include <errno.h>
+#include <err.h>
 #include <regex.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -54,7 +54,7 @@ xmalloc(size_t size)
 	void *p;
 
 	if ((p = malloc(size)) == NULL)
-		error(FATAL, "%s", strerror(errno));
+		err(1, NULL);
 	return (p);
 }
 
@@ -64,7 +64,7 @@ xreallocarray(void *o, size_t nmemb, size_t size)
 	void *p;
 
 	if ((p = reallocarray(o, nmemb, size)) == NULL)
-		error(FATAL, "%s", strerror(errno));
+		err(1, NULL);
 	return (p);
 }
 
@@ -76,7 +76,7 @@ xrealloc(void *p, size_t size)
 {
 
 	if ((p = realloc(p, size)) == NULL)
-		error(FATAL, "%s", strerror(errno));
+		err(1, NULL);
 	return (p);
 }
 
@@ -102,16 +102,12 @@ strregerror(int errcode, regex_t *preg)
  * Error reporting function
  */
 __dead void
-error(int severity, const char *fmt, ...)
+error(const char *fmt, ...)
 {
 	va_list ap;
 
+	(void)fprintf(stderr, "sed: %lu: %s: ", linenum, fname);
 	va_start(ap, fmt);
-	(void)fprintf(stderr, "sed: ");
-	switch (severity) {
-	case COMPILE:
-		(void)fprintf(stderr, "%lu: %s: ", linenum, fname);
-	}
 	(void)vfprintf(stderr, fmt, ap);
 	va_end(ap);
 	(void)fprintf(stderr, "\n");
@@ -123,9 +119,8 @@ warning(const char *fmt, ...)
 {
 	va_list ap;
 
+	(void)fprintf(stderr, "sed: %lu: %s: ", linenum, fname);
 	va_start(ap, fmt);
-	(void)fprintf(stderr, "sed: ");
-	(void)fprintf(stderr, "%lu: %s: ", linenum, fname);
 	(void)vfprintf(stderr, fmt, ap);
 	va_end(ap);
 	(void)fprintf(stderr, "\n");

usr.bin/sed/process.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: process.c,v 1.36 2024/06/18 00:32:22 millert Exp $	*/
+/*	$OpenBSD: process.c,v 1.37 2024/07/17 20:57:16 millert Exp $	*/
 
 /*-
  * Copyright (c) 1992 Diomidis Spinellis.
@@ -38,7 +38,7 @@
 #include <sys/uio.h>
 
 #include <ctype.h>
-#include <errno.h>
+#include <err.h>
 #include <fcntl.h>
 #include <limits.h>
 #include <regex.h>
@@ -226,12 +226,10 @@ redirect:
 				if (cp->u.fd == -1 && (cp->u.fd = open(cp->t,
 				    O_WRONLY|O_APPEND|O_CREAT|O_TRUNC,
 				    DEFFILEMODE)) == -1)
-					error(FATAL, "%s: %s",
+					err(1, "%s", cp->t);
-					    cp->t, strerror(errno));
 				if ((size_t)write(cp->u.fd, ps, psl) != psl ||
 				    write(cp->u.fd, "\n", 1) != 1)
-					error(FATAL, "%s: %s",
+					err(1, "%s", cp->t);
-					    cp->t, strerror(errno));
 				break;
 			case 'x':
 				if (hs == NULL)
@@ -346,8 +344,7 @@ substitute(struct s_command *cp)
 	if (re == NULL) {
 		if (defpreg != NULL && cp->u.s->maxbref > defpreg->re_nsub) {
 			linenum = cp->u.s->linenum;
-			error(COMPILE, "\\%d not defined in the RE",
+			error("\\%d not defined in the RE", cp->u.s->maxbref);
-			    cp->u.s->maxbref);
 		}
 	}
 	if (!regexec_e(re, ps, 0, 0, 0, psl))
@@ -431,10 +428,10 @@ substitute(struct s_command *cp)
 	if (cp->u.s->wfile && !pd) {
 		if (cp->u.s->wfd == -1 && (cp->u.s->wfd = open(cp->u.s->wfile,
 		    O_WRONLY|O_APPEND|O_CREAT|O_TRUNC, DEFFILEMODE)) == -1)
-			error(FATAL, "%s: %s", cp->u.s->wfile, strerror(errno));
+			err(1, "%s", cp->u.s->wfile);
 		if ((size_t)write(cp->u.s->wfd, ps, psl) != psl ||
 		    write(cp->u.s->wfd, "\n", 1) != 1)
-			error(FATAL, "%s: %s", cp->u.s->wfile, strerror(errno));
+			err(1, "%s", cp->u.s->wfile);
 	}
 	return (1);
 }
@@ -473,7 +470,7 @@ flush_appends(void)
 			break;
 		}
 	if (ferror(outfile))
-		error(FATAL, "%s: %s", outfname, strerror(errno ? errno : EIO));
+		err(1, "%s", outfname);
 	appendx = sdone = 0;
 }
 
@@ -513,7 +510,7 @@ lputs(char *s, size_t len)
 	(void)fputc('$', outfile);
 	(void)fputc('\n', outfile);
 	if (ferror(outfile))
-		error(FATAL, "%s: %s", outfname, strerror(errno ? errno : EIO));
+		err(1, "%s", outfname);
 }
 
 static inline int
@@ -524,7 +521,7 @@ regexec_e(regex_t *preg, const char *string, int eflags,
 
 	if (preg == NULL) {
 		if (defpreg == NULL)
-			error(FATAL, "first RE may not be empty");
+			errx(1, "first RE may not be empty");
 	} else
 		defpreg = preg;
 
@@ -540,7 +537,7 @@ regexec_e(regex_t *preg, const char *string, int eflags,
 	case REG_NOMATCH:
 		return (0);
 	}
-	error(FATAL, "RE error: %s", strregerror(eval, defpreg));
+	errx(1, "RE error: %s", strregerror(eval, defpreg));
 }
 
 /*
@@ -624,13 +621,12 @@ cfclose(struct s_command *cp, struct s_command *end)
 		switch (cp->code) {
 		case 's':
 			if (cp->u.s->wfd != -1 && close(cp->u.s->wfd))
-				error(FATAL,
+				err(1, "%s", cp->u.s->wfile);
-				    "%s: %s", cp->u.s->wfile, strerror(errno));
 			cp->u.s->wfd = -1;
 			break;
 		case 'w':
 			if (cp->u.fd != -1 && close(cp->u.fd))
-				error(FATAL, "%s: %s", cp->t, strerror(errno));
+				err(1, "%s", cp->t);
 			cp->u.fd = -1;
 			break;
 		case '{':

usr.bin/ssh/ssh.1

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.442 2024/06/27 21:02:16 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.443 2024/07/18 01:47:27 djm Exp $
-.Dd $Mdocdate: June 27 2024 $
+.Dd $Mdocdate: July 18 2024 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -490,6 +490,8 @@ Valid commands are:
 (request forwardings without command execution),
 .Dq cancel
 (cancel forwardings),
+.Dq proxy
+(connect to a running multiplexing master in proxy mode),
 .Dq exit
 (request the master to exit), and
 .Dq stop

usr.sbin/npppd/npppd/parse.y

@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.29 2024/07/11 14:05:59 yasuoka Exp $ */
+/*	$OpenBSD: parse.y,v 1.30 2024/07/17 08:26:19 yasuoka Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -1543,7 +1543,7 @@ npppd_conf_fini(struct npppd_conf *xconf)
 	TAILQ_FOREACH_SAFE(radc, &xconf->raddaeclientconfs, entry, radct)
 		free(radc);
 	TAILQ_FOREACH_SAFE(radl, &xconf->raddaelistenconfs, entry, radlt)
-	free(radl);
+		free(radl);
 	TAILQ_INIT(&xconf->l2tp_confs);
 	TAILQ_INIT(&xconf->pptp_confs);
 	TAILQ_INIT(&xconf->pppoe_confs);

usr.sbin/radiusd/radiusd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusd.c,v 1.50 2024/07/14 15:31:49 yasuoka Exp $	*/
+/*	$OpenBSD: radiusd.c,v 1.51 2024/07/17 11:05:11 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2013, 2023 Internet Initiative Japan Inc.
@@ -811,36 +811,10 @@ radius_query_client_secret(struct radius_query *q)
 void
 radiusd_access_request_answer(struct radius_query *q)
 {
-	const char	*authen_secret = q->authen->auth->module->secret;
-
 	radius_set_request_packet(q->res, q->req);
-
-	if (authen_secret == NULL) {
-		/*
-		 * The module diddn't check the authenticators
-		 */
-		if (radius_check_response_authenticator(q->res,
-		    q->client->secret) != 0) {
-			log_info("Response from module has bad response "
-			    "authenticator: id=%d", q->id);
-			goto on_error;
-		}
-		if (radius_has_attr(q->res,
-		    RADIUS_TYPE_MESSAGE_AUTHENTICATOR) &&
-		    radius_check_message_authenticator(q->res,
-		    q->client->secret) != 0) {
-			log_info("Response from module has bad message "
-			    "authenticator: id=%d", q->id);
-			goto on_error;
-		}
-	}
-
 	RADIUSD_ASSERT(q->deco == NULL);
-	radius_query_access_response(q);
 
-	return;
+	radius_query_access_response(q);
-on_error:
-	radiusd_access_request_aborted(q);
 }
 
 void
@@ -1535,8 +1509,8 @@ radiusd_module_imsg(struct radiusd_module *module, struct imsg *imsg)
 			case IMSG_RADIUSD_MODULE_REQDECO_DONE:
 				if (q->deco == NULL || q->deco->type !=
 				    IMSG_RADIUSD_MODULE_REQDECO) {
-					log_warnx("q=%u received %s "
+					log_warnx("q=%u received %s but not "
-					    "but not requested", q->id, typestr);
+					    "requested", q->id, typestr);
 					if (radpkt != NULL)
 						radius_delete_packet(radpkt);
 					break;
@@ -1791,9 +1765,8 @@ radiusd_module_access_request(struct radiusd_module *module,
 		radiusd_access_request_aborted(q);
 		return;
 	}
-	if (q->client->secret[0] != '\0' && module->secret != NULL &&
+	if (radius_get_user_password_attr(radpkt, pass, sizeof(pass),
-	    radius_get_user_password_attr(radpkt, pass, sizeof(pass),
+	    q->client->secret) == 0) {
-		    q->client->secret) == 0) {
 		radius_del_attr_all(radpkt, RADIUS_TYPE_USER_PASSWORD);
 		(void)radius_put_raw_attr(radpkt, RADIUS_TYPE_USER_PASSWORD,
 		    pass, strlen(pass));

usr.sbin/radiusd/radiusd.conf.5

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: radiusd.conf.5,v 1.32 2024/07/14 18:03:59 jmc Exp $
+.\"	$OpenBSD: radiusd.conf.5,v 1.34 2024/07/18 00:28:53 yasuoka Exp $
 .\"
 .\" Copyright (c) 2014 Esdenera Networks GmbH
 .\" Copyright (c) 2014, 2023 Internet Initiative Japan Inc.
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 14 2024 $
+.Dd $Mdocdate: July 18 2024 $
 .Dt RADIUSD.CONF 5
 .Os
 .Sh NAME
@@ -92,6 +92,8 @@ See
 The
 .Dq file
 module provides authentication by a local file.
+See
+.Xr radiusd_file 8 .
 .It Do ipcp Dc module
 The
 .Dq ipcp
@@ -154,6 +156,18 @@ Optionally decoration modules can be specified by
 .Ar deco .
 The specified modules decorate the RADIUS messages in the configured order.
 .It Xo
+.Ic authentication-filter
+.Ar username-pattern ...
+.Ic by Ar auth
+.Op Ic decorate-by Ar deco ...
+.Xc
+.Ic authentication-filter
+works the same as
+.Ic authenticate ,
+but the module can work as a filter,
+it can ask the authentication to the following authentication modules,
+and then it receives the authentication reply and modifies the reply.
+.It Xo
 .Ic account
 .Op Ic quick
 .Ar username-pattern ...

usr.sbin/radiusd/radiusd/Makefile

@@ -1,4 +1,5 @@
-#	$OpenBSD: Makefile,v 1.3 2024/07/14 15:31:49 yasuoka Exp $
+#	$OpenBSD: Makefile,v 1.4 2024/07/17 11:20:24 deraadt Exp $
+
 PROG=		radiusd
 BINDIR=		/usr/sbin
 MAN=		radiusd.8 radiusd.conf.5

usr.sbin/radiusd/radiusd_eap2mschap.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusd_eap2mschap.c,v 1.1 2024/07/14 16:09:23 yasuoka Exp $	*/
+/*	$OpenBSD: radiusd_eap2mschap.c,v 1.2 2024/07/17 11:19:27 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2024 Internet Initiative Japan Inc.
@@ -119,7 +119,12 @@ eap2mschap_config_set(void *ctx, const char *name, int argc,
 	} else if (strcmp(name, "_debug") == 0)
 		log_init(1);
 	else if (strncmp(name, "_", 1) == 0)
-		/* ignore */;
+		/* ignore all internal messages */;
+	else {
+		module_send_message(self->base, IMSG_NG,
+		    "Unknown config parameter `%s'", name);
+		return;
+	}
 
 	module_send_message(self->base, IMSG_OK, NULL);
 	return;

usr.sbin/radiusd/radiusd_eap2mschap/Makefile

@@ -1,4 +1,5 @@
-#	$OpenBSD: Makefile,v 1.1 2024/07/14 16:09:23 yasuoka Exp $
+#	$OpenBSD: Makefile,v 1.2 2024/07/17 11:20:24 deraadt Exp $
+
 PROG=		radiusd_eap2mschap
 BINDIR=		/usr/libexec/radiusd
 SRCS=		radiusd_eap2mschap.c radiusd_module.c radius_subr.c log.c

usr.sbin/radiusd/radiusd_file.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusd_file.c,v 1.2 2024/07/14 15:13:41 yasuoka Exp $	*/
+/*	$OpenBSD: radiusd_file.c,v 1.3 2024/07/17 10:15:39 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2024 YASUOKA Masahiko <yasuoka@yasuoka.net>
@@ -405,7 +405,6 @@ auth_pap(struct module_file *self, u_int q_id, RADIUS_PACKET *radpkt,
 		return;
 	}
 	ret = strcmp(ent->password, pass);
-	log_info("%s %s", ent->password, pass);
 	explicit_bzero(ent->password, strlen(ent->password));
 	log_info("q=%u User `%s' authentication %s (PAP)", q_id, username,
 	    (ret == 0)? "succeeded" : "failed");

usr.sbin/radiusd/radiusd_ipcp.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusd_ipcp.c,v 1.4 2024/07/12 15:54:52 yasuoka Exp $	*/
+/*	$OpenBSD: radiusd_ipcp.c,v 1.5 2024/07/17 11:31:46 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2024 Internet Initiative Japan Inc.
@@ -972,7 +972,7 @@ ipcp_accounting_request(void *ctx, u_int q_id, const u_char *pkt,
 	struct module_ipcp	*self = ctx;
 	struct assigned_ipv4	*assign, *assignt;
 	char			 username[256], nas_id[256], buf[256],
-				    buf1[80];
+				    buf1[384];
 	struct timespec		 dur;
 	struct radiusd_ipcp_statistics
 				 stat;

usr.sbin/radiusd/radiusd_local.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusd_local.h,v 1.15 2024/07/14 15:31:49 yasuoka Exp $	*/
+/*	$OpenBSD: radiusd_local.h,v 1.16 2024/07/17 11:31:46 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2013 Internet Initiative Japan Inc.
@@ -160,7 +160,7 @@ extern struct radiusd *radiusd_s;
 #ifdef RADIUSD_DEBUG
 #define	RADIUSD_DBG(x)	log_debug x
 #else
-#define	RADIUSD_DBG(x)
+#define	RADIUSD_DBG(x)	((void)0)
 #endif
 #define	RADIUSD_ASSERT(_cond)					\
 	do {							\

usr.sbin/radiusd/radiusd_standard/Makefile

@@ -1,10 +1,10 @@
+#	$OpenBSD: Makefile,v 1.4 2024/07/17 11:20:24 deraadt Exp $
 
-#	$OpenBSD: Makefile,v 1.3 2024/07/02 16:18:11 deraadt Exp $
 PROG=		radiusd_standard
 BINDIR=		/usr/libexec/radiusd
 SRCS=		radiusd_standard.c radiusd_module.c
 LDADD=		-lradius -lcrypto -lutil
-DPADD=		${LIBRADIUS} ${LIBCRYPTO} ${LIBUTIL} 
+DPADD=		${LIBRADIUS} ${LIBCRYPTO} ${LIBUTIL}
 MAN=		radiusd_standard.8
 
 .include <bsd.prog.mk>