SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-06-12 05:27:08 +00:00
parent 14e313b3c5
commit d22f2a15f3
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
34 changed files with 352 additions and 240 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/libc/gen/syslog.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: syslog.3,v 1.37 2022/03/31 17:27:15 naddy Exp $
.\" $OpenBSD: syslog.3,v 1.38 2024/06/11 23:35:27 jsg Exp $
.\"
.\" Copyright (c) 1985, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@ -27,7 +27,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 31 2022 $
.Dd $Mdocdate: June 11 2024 $
.Dt SYSLOG 3
.Os
.Sh NAME
@ -392,8 +392,6 @@ The functions
and
.Fn setlogmask_r
appeared in
.Bx 386 0.1
and have been available since
.Ox 3.1 .
.Sh CAVEATS
It is important never to pass a string with user-supplied data as a

6
lib/libcrypto/x509/x509.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509.h,v 1.111 2024/03/02 10:59:41 tb Exp $ */
/* $OpenBSD: x509.h,v 1.112 2024/06/12 03:55:46 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -693,8 +693,8 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
#endif
const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
const ASN1_BIT_STRING **psuid);
void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **issuerUID,
const ASN1_BIT_STRING **subjectUID);
const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
int X509_set_version(X509 *x, long version);
long X509_get_version(const X509 *x);

13
lib/libtls/tls_signer.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls_signer.c,v 1.12 2024/03/28 06:55:02 joshua Exp $ */
/* $OpenBSD: tls_signer.c,v 1.13 2024/06/11 16:35:24 op Exp $ */
/*
* Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
*
@ -16,10 +16,19 @@
*/
#include <limits.h>
#include <pthread.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/ecdsa.h>
#include <openssl/bio.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include "tls.h"
#include "tls_internal.h"

4
regress/usr.bin/ssh/test-exec.sh
View file

@ -1,4 +1,4 @@
# $OpenBSD: test-exec.sh,v 1.114 2024/06/06 19:48:40 djm Exp $
# $OpenBSD: test-exec.sh,v 1.115 2024/06/11 01:58:27 djm Exp $
# Placed in the Public Domain.
#SUDO=sudo
@ -265,6 +265,7 @@ export SSH_PKCS11_HELPER SSH_SK_HELPER
stop_sshd ()
{
[ -z $PIDFILE ] && return
[ -f $PIDFILE ] || return
pid=`$SUDO cat $PIDFILE`
if [ "X$pid" = "X" ]; then
@ -675,6 +676,7 @@ chmod a+x $OBJ/ssh_proxy.sh
start_sshd ()
{
PIDFILE=$OBJ/pidfile
# start sshd
logfile="${TEST_SSH_LOGDIR}/sshd.`$OBJ/timestamp`.$$.log"
$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"

11
sys/arch/amd64/amd64/conf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: conf.c,v 1.78 2023/03/06 17:20:05 miod Exp $ */
/* $OpenBSD: conf.c,v 1.80 2024/06/11 09:21:32 jsg Exp $ */
/*
* Copyright (c) 1994, 1995 Charles M. Hannum. All rights reserved.
@ -117,14 +117,6 @@ cdev_decl(pcmcia);
#endif
#include "spkr.h"
cdev_decl(spkr);
#if 0 /* old (non-wsmouse) drivers */
#include "mms.h"
cdev_decl(mms);
#include "lms.h"
cdev_decl(lms);
#include "opms.h"
cdev_decl(pms);
#endif
#include "cy.h"
cdev_decl(cy);
#include "tun.h"
@ -149,7 +141,6 @@ cdev_decl(cztty);
#include "nvram.h"
cdev_decl(nvram);
#include "drm.h"
cdev_decl(drm);
#include "viocon.h"
cdev_decl(viocon);

6
sys/arch/arm/arm/cpu.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.59 2023/10/24 13:20:09 claudio Exp $ */
/* $OpenBSD: cpu.c,v 1.60 2024/06/11 15:44:55 kettenis Exp $ */
/* $NetBSD: cpu.c,v 1.56 2004/04/14 04:01:49 bsh Exp $ */
@ -836,6 +836,10 @@ cpu_opp_mountroot(struct device *self)
min = ot->ot_opp_hz_min;
max = ot->ot_opp_hz_max;
level_hz = clock_get_frequency(ci->ci_node, NULL);
if (level_hz < min)
level_hz = min;
if (level_hz > max)
level_hz = max;
level = howmany(100 * (level_hz - min), (max - min));
}

19
sys/arch/arm64/arm64/conf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: conf.c,v 1.22 2023/03/06 17:20:06 miod Exp $ */
/* $OpenBSD: conf.c,v 1.24 2024/06/12 02:50:25 jsg Exp $ */
/*
* Copyright (c) 1994, 1995 Charles M. Hannum. All rights reserved.
@ -100,7 +100,6 @@ cdev_decl(lpt);
#include "ucom.h"
#include "radio.h"
#include "drm.h"
cdev_decl(drm);
#include "wsdisplay.h"
#include "wskbd.h"
@ -237,6 +236,8 @@ struct cdevsw cdevsw[] =
};
int nchrdev = nitems(cdevsw);
int mem_no = 2; /* major device number of memory special file */
/*
* Swapdev is a fake device implemented
* in sw.c used only internally to get to swstrategy.
@ -246,7 +247,7 @@ int nchrdev = nitems(cdevsw);
* confuse, e.g. the hashing routines. Instead, /dev/drum is
* provided as a character (raw) device.
*/
dev_t swapdev = makedev(BMAJ_SW, 0);
dev_t swapdev = makedev(1, 0);
/*
* Returns true if dev is /dev/mem or /dev/kmem.
@ -254,8 +255,7 @@ dev_t swapdev = makedev(BMAJ_SW, 0);
int
iskmemdev(dev_t dev)
{
return (major(dev) == CMAJ_MM && minor(dev) < 2);
return (major(dev) == mem_no && minor(dev) < 2);
}
/*
@ -264,14 +264,13 @@ iskmemdev(dev_t dev)
int
iszerodev(dev_t dev)
{
return (major(dev) == CMAJ_MM && minor(dev) == 12);
return (major(dev) == mem_no && minor(dev) == 12);
}
dev_t
getnulldev(void)
{
return makedev(CMAJ_MM, 2);
return makedev(mem_no, 2);
}
const int chrtoblktbl[] = {
@ -348,8 +347,8 @@ dev_rawpart(struct device *dv)
switch (majdev) {
/* add here any device you want to be checksummed on boot */
case BMAJ_WD:
case BMAJ_SD:
case 0: /* wd */
case 4: /* sd */
return (MAKEDISKDEV(majdev, dv->dv_unit, RAW_PART));
break;
default:

6
sys/arch/arm64/arm64/cpu.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.118 2024/05/30 04:16:25 tb Exp $ */
/* $OpenBSD: cpu.c,v 1.119 2024/06/11 15:44:55 kettenis Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@ -1802,6 +1802,10 @@ cpu_opp_mountroot(struct device *self)
min = ot->ot_opp_hz_min;
max = ot->ot_opp_hz_max;
level_hz = clock_get_frequency(ci->ci_node, NULL);
if (level_hz < min)
level_hz = min;
if (level_hz > max)
level_hz = max;
level = howmany(100 * (level_hz - min), (max - min));
}

41
sys/arch/arm64/include/conf.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: conf.h,v 1.4 2022/06/28 14:43:50 visa Exp $ */
/* $OpenBSD: conf.h,v 1.5 2024/06/12 02:50:25 jsg Exp $ */
/* $NetBSD: conf.h,v 1.2 1996/05/05 19:28:34 christos Exp $ */
/*
@ -58,43 +58,4 @@ cdev_decl(openprom);
cdev_decl(apm);
cdev_decl(acpiapm);
/*
* These numbers have to be in sync with bdevsw/cdevsw.
*/
#define BMAJ_WD 0
#define BMAJ_SW 1
#define BMAJ_SD 4
#define BMAJ_ST 5
#define CMAJ_MM 2
#define CMAJ_PTS 5
#define CMAJ_PTC 6
#define CMAJ_COM 8
#define CMAJ_WSDISPLAY 12
#define CMAJ_ST 14
#define CMAJ_LPT 16
#define CMAJ_CH 17
#define CMAJ_UK 20
#define CMAJ_BPF 23
#define CMAJ_TUN 40
#define CMAJ_AUDIO 42
#define CMAJ_VIDEO 44
#define CMAJ_BKTR 49
#define CMAJ_MIDI 52
#define CMAJ_USB 61
#define CMAJ_UHID 62
#define CMAJ_UGEN 63
#define CMAJ_ULPT 64
#define CMAJ_UCOM 66
#define CMAJ_WSKBD 67
#define CMAJ_WSMOUSE 68
#ifdef USER_PCICONF
#define CMAJ_PCI 72
#endif
#define CMAJ_RADIO 76
#define CMAJ_DRM 87
#define CMAJ_GPIO 88
#define CMAJ_VSCSI 89
#endif /* _MACHINE_CONF_H_ */

11
sys/arch/i386/i386/conf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: conf.c,v 1.176 2023/03/06 17:20:06 miod Exp $ */
/* $OpenBSD: conf.c,v 1.178 2024/06/11 09:21:32 jsg Exp $ */
/* $NetBSD: conf.c,v 1.75 1996/05/03 19:40:20 christos Exp $ */
/*
@ -115,14 +115,6 @@ cdev_decl(pcmcia);
#endif
#include "spkr.h"
cdev_decl(spkr);
#if 0 /* old (non-wsmouse) drivers */
#include "mms.h"
cdev_decl(mms);
#include "lms.h"
cdev_decl(lms);
#include "opms.h"
cdev_decl(pms);
#endif
#include "cy.h"
cdev_decl(cy);
#include "tun.h"
@ -148,7 +140,6 @@ cdev_decl(cztty);
#include "nvram.h"
cdev_decl(nvram);
#include "drm.h"
cdev_decl(drm);
#include "wsdisplay.h"
#include "wskbd.h"

9
sys/arch/i386/include/conf.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: conf.h,v 1.20 2022/06/28 14:43:50 visa Exp $ */
/* $OpenBSD: conf.h,v 1.21 2024/06/11 03:28:42 jsg Exp $ */
/* $NetBSD: conf.h,v 1.2 1996/05/05 19:28:34 christos Exp $ */
/*
@ -35,7 +35,6 @@
#define mmread mmrw
#define mmwrite mmrw
cdev_decl(mm);
cdev_decl(pms);
bdev_decl(fd);
cdev_decl(fd);
@ -48,12 +47,6 @@ cdev_decl(fd);
cdev_decl(spkr);
cdev_decl(mms);
cdev_decl(lms);
cdev_decl(pms);
cdev_decl(joy);
cdev_decl(bios);

9
sys/dev/acpi/acpi.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: acpi.c,v 1.430 2024/06/02 11:08:41 kettenis Exp $ */
/* $OpenBSD: acpi.c,v 1.431 2024/06/11 17:35:26 kettenis Exp $ */
/*
* Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
* Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
@ -26,6 +26,7 @@
#include <sys/signalvar.h>
#include <sys/proc.h>
#include <sys/kthread.h>
#include <sys/reboot.h>
#include <sys/sched.h>
#include <machine/conf.h>
@ -726,8 +727,10 @@ acpi_pci_min_powerstate(pci_chipset_tag_t pc, pcitag_t tag)
if (pdev->bus == bus && pdev->dev == dev && pdev->fun == fun) {
switch (acpi_softc->sc_state) {
case ACPI_STATE_S0:
defaultstate = PCI_PMCSR_STATE_D3;
state = pdev->_s0w;
if (boothowto & RB_POWERDOWN) {
defaultstate = PCI_PMCSR_STATE_D3;
state = pdev->_s0w;
}
break;
case ACPI_STATE_S3:
defaultstate = PCI_PMCSR_STATE_D3;

15
sys/dev/fdt/rkclock.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rkclock.c,v 1.88 2024/04/01 11:16:11 patrick Exp $ */
/* $OpenBSD: rkclock.c,v 1.89 2024/06/11 09:15:33 kettenis Exp $ */
/*
* Copyright (c) 2017, 2018 Mark Kettenis <kettenis@openbsd.org>
*
@ -4002,6 +4002,11 @@ const struct rkclock rk3588_clocks[] = {
SEL(11, 10), 0,
{ RK3588_CLK_200M_SRC, RK3588_CLK_150M_SRC, RK3588_XIN24M },
},
{
RK3588_CLK_TSADC, RK3588_CRU_CLKSEL_CON(41),
SEL(8, 8), DIV(7, 0),
{ RK3588_PLL_GPLL, RK3588_XIN24M },
},
{
RK3588_CLK_UART1_SRC, RK3588_CRU_CLKSEL_CON(41),
SEL(14, 14), DIV(13, 9),
@ -4554,6 +4559,14 @@ rk3588_reset(void *cookie, uint32_t *cells, int on)
uint32_t bit, mask, reg;
switch (idx) {
case RK3588_SRST_P_TSADC:
reg = RK3588_CRU_SOFTRST_CON(12);
bit = 0;
break;
case RK3588_SRST_TSADC:
reg = RK3588_CRU_SOFTRST_CON(12);
bit = 1;
break;
case RK3588_SRST_A_GMAC0:
reg = RK3588_CRU_SOFTRST_CON(32);
bit = 10;

3
sys/dev/fdt/rkclock_clocks.h
View file

@ -427,6 +427,7 @@
#define RK3588_CLK_SPI2 153
#define RK3588_CLK_SPI3 154
#define RK3588_CLK_SPI4 155
#define RK3588_CLK_TSADC 158
#define RK3588_CLK_UART1_SRC 168
#define RK3588_CLK_UART1_FRAC 169
#define RK3588_CLK_UART1 170
@ -510,6 +511,8 @@
#define RK3588_PLL_SPLL 1022
#define RK3588_XIN24M 1023
#define RK3588_SRST_P_TSADC 86
#define RK3588_SRST_TSADC 87
#define RK3588_SRST_A_GMAC0 291
#define RK3588_SRST_A_GMAC1 292
#define RK3588_SRST_PCIE0_POWER_UP 294

5
sys/dev/ic/qwx.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: qwx.c,v 1.62 2024/05/29 07:24:26 stsp Exp $ */
/* $OpenBSD: qwx.c,v 1.63 2024/06/11 10:06:35 stsp Exp $ */
/*
* Copyright 2023 Stefan Sperling <stsp@openbsd.org>
@ -23150,7 +23150,8 @@ qwx_init_task(void *arg)
int s = splnet();
rw_enter_write(&sc->ioctl_rwl);
qwx_stop(ifp);
if (ifp->if_flags & IFF_RUNNING)
qwx_stop(ifp);
if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == IFF_UP)
qwx_init(ifp);

6
sys/dev/pci/if_qwx_pci.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_qwx_pci.c,v 1.19 2024/05/28 09:26:55 stsp Exp $ */
/* $OpenBSD: if_qwx_pci.c,v 1.20 2024/06/11 10:06:35 stsp Exp $ */
/*
* Copyright 2023 Stefan Sperling <stsp@openbsd.org>
@ -4091,7 +4091,9 @@ qwx_pci_intr(void *arg)
#else
printf("%s: fatal firmware error\n",
sc->sc_dev.dv_xname);
if (!test_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags)) {
if (!test_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags) &&
(sc->sc_ic.ic_if.if_flags & (IFF_UP | IFF_RUNNING)) ==
(IFF_UP | IFF_RUNNING)) {
/* Try to reset the device. */
set_bit(ATH11K_FLAG_CRASH_FLUSH, sc->sc_flags);
task_add(systq, &sc->init_task);

145
sys/dev/pv/if_vio.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_vio.c,v 1.38 2024/06/09 16:25:28 jan Exp $ */
/* $OpenBSD: if_vio.c,v 1.40 2024/06/10 19:26:17 jan Exp $ */
/*
* Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg.
@ -169,6 +169,9 @@ struct virtio_net_ctrl_cmd {
# define VIRTIO_NET_CTRL_VLAN_ADD 0
# define VIRTIO_NET_CTRL_VLAN_DEL 1
#define VIRTIO_NET_CTRL_GUEST_OFFLOADS 5
# define VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET 0
struct virtio_net_ctrl_status {
uint8_t ack;
} __packed;
@ -179,6 +182,10 @@ struct virtio_net_ctrl_rx {
uint8_t onoff;
} __packed;
struct virtio_net_ctrl_guest_offloads {
uint64_t offloads;
} __packed;
struct virtio_net_ctrl_mac_tbl {
uint32_t nentries;
uint8_t macs[][ETHER_ADDR_LEN];
@ -220,6 +227,7 @@ struct vio_softc {
struct virtio_net_ctrl_cmd *sc_ctrl_cmd;
struct virtio_net_ctrl_status *sc_ctrl_status;
struct virtio_net_ctrl_rx *sc_ctrl_rx;
struct virtio_net_ctrl_guest_offloads *sc_ctrl_guest_offloads;
struct virtio_net_ctrl_mac_tbl *sc_ctrl_mac_tbl_uc;
#define sc_ctrl_mac_info sc_ctrl_mac_tbl_uc
struct virtio_net_ctrl_mac_tbl *sc_ctrl_mac_tbl_mc;
@ -289,6 +297,7 @@ void vio_txtick(void *);
void vio_link_state(struct ifnet *);
int vio_config_change(struct virtio_softc *);
int vio_ctrl_rx(struct vio_softc *, int, int);
int vio_ctrl_guest_offloads(struct vio_softc *, uint64_t);
int vio_set_rx_filter(struct vio_softc *);
void vio_iff(struct vio_softc *);
int vio_media_change(struct ifnet *);
@ -414,6 +423,7 @@ vio_alloc_mem(struct vio_softc *sc)
allocsize += sizeof(struct virtio_net_ctrl_cmd) * 1;
allocsize += sizeof(struct virtio_net_ctrl_status) * 1;
allocsize += sizeof(struct virtio_net_ctrl_rx) * 1;
allocsize += sizeof(struct virtio_net_ctrl_guest_offloads) * 1;
allocsize += VIO_CTRL_MAC_INFO_SIZE;
}
sc->sc_dma_size = allocsize;
@ -433,6 +443,8 @@ vio_alloc_mem(struct vio_softc *sc)
offset += sizeof(*sc->sc_ctrl_status);
sc->sc_ctrl_rx = (void*)(kva + offset);
offset += sizeof(*sc->sc_ctrl_rx);
sc->sc_ctrl_guest_offloads = (void*)(kva + offset);
offset += sizeof(*sc->sc_ctrl_guest_offloads);
sc->sc_ctrl_mac_tbl_uc = (void*)(kva + offset);
offset += sizeof(*sc->sc_ctrl_mac_tbl_uc) +
ETHER_ADDR_LEN * VIRTIO_NET_CTRL_MAC_UC_ENTRIES;
@ -454,7 +466,8 @@ vio_alloc_mem(struct vio_softc *sc)
sc->sc_tx_mbufs = sc->sc_rx_mbufs + rxqsize;
for (i = 0; i < rxqsize; i++) {
r = bus_dmamap_create(vsc->sc_dmat, MCLBYTES, 1, MCLBYTES, 0,
r = bus_dmamap_create(vsc->sc_dmat, MAXMCLBYTES,
MAXMCLBYTES/PAGE_SIZE + 1, MCLBYTES, 0,
BUS_DMA_NOWAIT|BUS_DMA_ALLOCNOW, &sc->sc_rx_dmamaps[i]);
if (r != 0)
goto err_reqs;
@ -550,6 +563,10 @@ vio_attach(struct device *parent, struct device *self, void *aux)
vsc->sc_driver_features |= VIRTIO_NET_F_HOST_TSO4;
vsc->sc_driver_features |= VIRTIO_NET_F_HOST_TSO6;
vsc->sc_driver_features |= VIRTIO_NET_F_CTRL_GUEST_OFFLOADS;
vsc->sc_driver_features |= VIRTIO_NET_F_GUEST_TSO4;
vsc->sc_driver_features |= VIRTIO_NET_F_GUEST_TSO6;
virtio_negotiate_features(vsc, virtio_net_feature_names);
if (virtio_has_feature(vsc, VIRTIO_NET_F_MAC)) {
vio_get_lladdr(&sc->sc_ac, vsc);
@ -616,6 +633,14 @@ vio_attach(struct device *parent, struct device *self, void *aux)
ifp->if_capabilities |= IFCAP_TSOv4;
if (virtio_has_feature(vsc, VIRTIO_NET_F_HOST_TSO6))
ifp->if_capabilities |= IFCAP_TSOv6;
if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) &&
(virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO4) ||
virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO6))) {
ifp->if_xflags |= IFXF_LRO;
ifp->if_capabilities |= IFCAP_LRO;
}
ifq_init_maxlen(&ifp->if_snd, vsc->sc_vqs[1].vq_num - 1);
ifmedia_init(&sc->sc_media, 0, vio_media_change, vio_media_status);
ifmedia_add(&sc->sc_media, IFM_ETHER | IFM_AUTO, 0, NULL);
@ -692,6 +717,7 @@ int
vio_init(struct ifnet *ifp)
{
struct vio_softc *sc = ifp->if_softc;
struct virtio_softc *vsc = sc->sc_virtio;
vio_stop(ifp, 0);
if_rxr_init(&sc->sc_rx_ring, 2 * ((ifp->if_hardmtu / MCLBYTES) + 1),
@ -701,6 +727,22 @@ vio_init(struct ifnet *ifp)
ifq_clr_oactive(&ifp->if_snd);
vio_iff(sc);
vio_link_state(ifp);
if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
uint64_t features = 0;
SET(features, VIRTIO_NET_F_GUEST_CSUM);
if (ISSET(ifp->if_xflags, IFXF_LRO)) {
if (virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO4))
SET(features, VIRTIO_NET_F_GUEST_TSO4);
if (virtio_has_feature(vsc, VIRTIO_NET_F_GUEST_TSO6))
SET(features, VIRTIO_NET_F_GUEST_TSO6);
}
vio_ctrl_guest_offloads(sc, features);
}
return 0;
}
@ -844,7 +886,8 @@ again:
break;
}
if (r != 0)
panic("enqueue_prep for a tx buffer: %d", r);
panic("%s: enqueue_prep for tx buffer: %d",
sc->sc_dev.dv_xname, r);
hdr = &sc->sc_tx_hdrs[slot];
memset(hdr, 0, sc->sc_hdr_size);
@ -1025,7 +1068,8 @@ vio_populate_rx_mbufs(struct vio_softc *sc)
if (r == EAGAIN)
break;
if (r != 0)
panic("enqueue_prep for rx buffers: %d", r);
panic("%s: enqueue_prep for rx buffer: %d",
sc->sc_dev.dv_xname, r);
if (sc->sc_rx_mbufs[slot] == NULL) {
r = vio_add_rx_mbuf(sc, slot);
if (r != 0) {
@ -1087,6 +1131,24 @@ vio_rx_offload(struct mbuf *m, struct virtio_net_hdr *hdr)
if (ISSET(hdr->flags, VIRTIO_NET_HDR_F_NEEDS_CSUM))
SET(m->m_pkthdr.csum_flags, M_UDP_CSUM_OUT);
}
if (hdr->gso_type == VIRTIO_NET_HDR_GSO_TCPV4 ||
hdr->gso_type == VIRTIO_NET_HDR_GSO_TCPV6) {
uint16_t mss = hdr->gso_size;
if (!ext.tcp || mss == 0) {
tcpstat_inc(tcps_inbadlro);
return;
}
if ((ext.paylen + mss - 1) / mss <= 1)
return;
tcpstat_inc(tcps_inhwlro);
tcpstat_add(tcps_inpktlro, (ext.paylen + mss - 1) / mss);
SET(m->m_pkthdr.csum_flags, M_TCP_TSO);
m->m_pkthdr.ph_mss = mss;
}
}
/* dequeue received packets */
@ -1341,10 +1403,12 @@ vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff)
r = virtio_enqueue_prep(vq, &slot);
if (r != 0)
panic("%s: control vq busy!?", sc->sc_dev.dv_xname);
panic("%s: %s virtio_enqueue_prep: control vq busy",
sc->sc_dev.dv_xname, __func__);
r = virtio_enqueue_reserve(vq, slot, 3);
if (r != 0)
panic("%s: control vq busy!?", sc->sc_dev.dv_xname);
panic("%s: %s virtio_enqueue_reserve: control vq busy",
sc->sc_dev.dv_xname, __func__);
VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd,
sizeof(*sc->sc_ctrl_cmd), 1);
VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_rx,
@ -1376,6 +1440,69 @@ out:
return r;
}
int
vio_ctrl_guest_offloads(struct vio_softc *sc, uint64_t features)
{
struct virtio_softc *vsc = sc->sc_virtio;
struct virtqueue *vq = &sc->sc_vq[VQCTL];
int r, slot;
splassert(IPL_NET);
if ((r = vio_wait_ctrl(sc)) != 0)
return r;
sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_GUEST_OFFLOADS;
sc->sc_ctrl_cmd->command = VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET;
sc->sc_ctrl_guest_offloads->offloads = features;
VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd,
sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_PREWRITE);
VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_guest_offloads,
sizeof(*sc->sc_ctrl_guest_offloads), BUS_DMASYNC_PREWRITE);
VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status,
sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_PREREAD);
r = virtio_enqueue_prep(vq, &slot);
if (r != 0)
panic("%s: %s virtio_enqueue_prep: control vq busy",
sc->sc_dev.dv_xname, __func__);
r = virtio_enqueue_reserve(vq, slot, 3);
if (r != 0)
panic("%s: %s virtio_enqueue_reserve: control vq busy",
sc->sc_dev.dv_xname, __func__);
VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd,
sizeof(*sc->sc_ctrl_cmd), 1);
VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_guest_offloads,
sizeof(*sc->sc_ctrl_guest_offloads), 1);
VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_status,
sizeof(*sc->sc_ctrl_status), 0);
virtio_enqueue_commit(vsc, vq, slot, 1);
if ((r = vio_wait_ctrl_done(sc)) != 0)
goto out;
VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd,
sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE);
VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_guest_offloads,
sizeof(*sc->sc_ctrl_guest_offloads), BUS_DMASYNC_POSTWRITE);
VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status,
sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD);
if (sc->sc_ctrl_status->ack == VIRTIO_NET_OK) {
r = 0;
} else {
printf("%s: features 0x%llx failed\n", sc->sc_dev.dv_xname,
features);
r = EIO;
}
DPRINTF("%s: features 0x%llx: %d\n", __func__, features, r);
out:
vio_ctrl_wakeup(sc, FREE);
return r;
}
int
vio_wait_ctrl(struct vio_softc *sc)
{
@ -1463,10 +1590,12 @@ vio_set_rx_filter(struct vio_softc *sc)
r = virtio_enqueue_prep(vq, &slot);
if (r != 0)
panic("%s: control vq busy!?", sc->sc_dev.dv_xname);
panic("%s: %s virtio_enqueue_prep: control vq busy",
sc->sc_dev.dv_xname, __func__);
r = virtio_enqueue_reserve(vq, slot, 4);
if (r != 0)
panic("%s: control vq busy!?", sc->sc_dev.dv_xname);
panic("%s: %s virtio_enqueue_reserve: control vq busy",
sc->sc_dev.dv_xname, __func__);
VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd,
sizeof(*sc->sc_ctrl_cmd), 1);
VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_mac_tbl_uc,

6
sys/sys/conf.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: conf.h,v 1.161 2023/01/14 12:11:11 kettenis Exp $ */
/* $OpenBSD: conf.h,v 1.163 2024/06/11 01:49:17 jsg Exp $ */
/* $NetBSD: conf.h,v 1.33 1996/05/03 20:03:32 christos Exp $ */
/*-
@ -582,8 +582,6 @@ cdev_decl(ch);
bdev_decl(sd);
cdev_decl(sd);
cdev_decl(ses);
cdev_decl(st);
bdev_decl(cd);
@ -621,7 +619,6 @@ cdev_decl(kstat);
cdev_decl(bio);
cdev_decl(vscsi);
cdev_decl(gpr);
cdev_decl(bktr);
cdev_decl(usb);
@ -631,7 +628,6 @@ cdev_decl(fido);
cdev_decl(ujoy);
cdev_decl(ucom);
cdev_decl(ulpt);
cdev_decl(urio);
cdev_decl(hotplug);
cdev_decl(gpio);

20
sys/sys/msg.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: msg.h,v 1.21 2024/04/30 17:03:05 op Exp $ */
/* $OpenBSD: msg.h,v 1.22 2024/06/10 04:10:25 jsg Exp $ */
/* $NetBSD: msg.h,v 1.9 1996/02/09 18:25:18 christos Exp $ */
/*
@ -85,25 +85,7 @@ struct que {
if (--(q)->que_references == 0 && (q)->que_flags & MSGQ_DYING) \
wakeup_one(&(q)->que_references); \
} while (0)
#endif
/*
* Structure describing a message. The SVID doesn't suggest any
* particular name for this structure. There is a reference in the
* msgop man page that reads "The structure mymsg is an example of what
* this user defined buffer might look like, and includes the following
* members:". This sentence is followed by two lines equivalent
* to the mtype and mtext field declarations below. It isn't clear
* if "mymsg" refers to the name of the structure type or the name of an
* instance of the structure...
*/
struct mymsg {
long mtype; /* message type (+ve integer) */
char mtext[1]; /* message body */
};
#ifdef _KERNEL
/*
* Based on the configuration parameters described in an SVR2 (yes, two)
* config(1m) man page.

16
usr.bin/ssh/monitor_wrap.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.131 2024/06/06 17:15:25 djm Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.135 2024/06/11 02:54:51 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -160,7 +160,8 @@ mm_reap(void)
cleanup_exit(signal_is_crash(WTERMSIG(status)) ?
EXIT_CHILD_CRASH : 255);
} else {
error_f("preauth child terminated abnormally");
error_f("preauth child terminated abnormally (status=0x%x)",
status);
cleanup_exit(EXIT_CHILD_CRASH);
}
}
@ -170,7 +171,7 @@ mm_request_receive(int sock, struct sshbuf *m)
{
u_char buf[4], *p = NULL;
u_int msg_len;
int r;
int oerrno, r;
debug3_f("entering");
@ -188,8 +189,13 @@ mm_request_receive(int sock, struct sshbuf *m)
sshbuf_reset(m);
if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
fatal_fr(r, "reserve");
if (atomicio(read, sock, p, msg_len) != msg_len)
fatal_f("read: %s", strerror(errno));
if (atomicio(read, sock, p, msg_len) != msg_len) {
oerrno = errno;
error_f("read: %s", strerror(errno));
if (oerrno == EPIPE)
mm_reap();
cleanup_exit(255);
}
}
void

4
usr.bin/ssh/servconf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.409 2024/06/06 20:25:48 djm Exp $ */
/* $OpenBSD: servconf.c,v 1.410 2024/06/11 00:36:20 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -1924,7 +1924,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
charptr = &options->per_source_penalty_exempt;
arg = argv_next(&ac, &av);
if (!arg || *arg == '\0')
fatal("%s line %d: missing file name.",
fatal("%s line %d: missing argument.",
filename, linenum);
if (addr_match_list(NULL, arg) != 0) {
fatal("%s line %d: keyword %s "

10
usr.bin/ssh/srclimit.c
View file

@ -106,6 +106,8 @@ srclimit_init(int max, int persource, int ipv4len, int ipv6len,
penalty_cfg = *penalty_conf;
penalty_exempt = penalty_exempt_conf == NULL ?
NULL : xstrdup(penalty_exempt_conf);
RB_INIT(&penalties_by_addr);
RB_INIT(&penalties_by_expiry);
if (max_persource == INT_MAX) /* no limit */
return;
debug("%s: max connections %d, per source %d, masks %d,%d", __func__,
@ -115,8 +117,6 @@ srclimit_init(int max, int persource, int ipv4len, int ipv6len,
children = xcalloc(max_children, sizeof(*children));
for (i = 0; i < max_children; i++)
children[i].id = -1;
RB_INIT(&penalties_by_addr);
RB_INIT(&penalties_by_expiry);
}
/* returns 1 if connection allowed, 0 if not allowed. */
@ -259,7 +259,7 @@ srclimit_penalty_check_allow(int sock, const char **reason)
return 1;
}
}
if (npenalties > (size_t)penalty_cfg.max_sources &&
if (npenalties >= (size_t)penalty_cfg.max_sources &&
penalty_cfg.overflow_mode == PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL) {
*reason = "too many penalised addresses";
return 0;
@ -293,14 +293,14 @@ srclimit_remove_expired_penalties(void)
while (npenalties > (size_t)penalty_cfg.max_sources) {
if ((p = RB_MIN(penalties_by_expiry,
&penalties_by_expiry)) == NULL)
break; /* shouldn't happen */
fatal_f("internal error: penalty tables corrupt (find)");
bits = p->addr.af == AF_INET ? ipv4_masklen : ipv6_masklen;
addr_masklen_ntop(&p->addr, bits, s, sizeof(s));
debug3_f("overflow, remove %s", s);
if (RB_REMOVE(penalties_by_expiry,
&penalties_by_expiry, p) != p ||
RB_REMOVE(penalties_by_addr, &penalties_by_addr, p) != p)
fatal_f("internal error: penalty tables corrupt");
fatal_f("internal error: penalty tables corrupt (remove)");
free(p);
npenalties--;
}

41
usr.bin/ssh/sshd_config.5
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.358 2024/06/06 21:14:49 jmc Exp $
.Dd $Mdocdate: June 6 2024 $
.\" $OpenBSD: sshd_config.5,v 1.360 2024/06/11 05:24:39 jmc Exp $
.Dd $Mdocdate: June 11 2024 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -1562,45 +1562,51 @@ which means each address is considered individually.
Controls penalties for various conditions that may represent attacks on
.Xr sshd 8 .
If a penalty is enforced against a client then its source address and any
others in the
.Cm PerSourceNetBlockSize
others in the same network, as defined by
.Cm PerSourceNetBlockSize ,
will be refused connection for a period.
.Pp
A penalty doesn't affect concurrent connections in progress, but multiple
penalties from the same source from concurrent connections will accumulate
up to a maximum.
Conversely, penalties are not applied until a minimum threshold time has been
accumulated.
Penalties are off by default but may be enabled using default settings using the
.Cm yes
keyword or by specifying one or more of the keywords below.
.Pp
Penalties are controlled using the following keywords, all of which accept
arguments, e.g.\&
Penalties are enabled by default with the default settings listed below
but may disabled using the
.Cm off
keyword.
The defaults may be overridden by specifying one or more of the keywords below,
separated by whitespace.
All keywords accept arguments, e.g.\&
.Qq crash:2m .
.Bl -tag -width Ds
.It Cm crash:duration
Specifies how long to refuse clients that cause a crash of
.Xr sshd 8 .
.Xr sshd 8 (default: 90s).
.It Cm authfail:duration
Specifies how long to refuse clients that disconnect after making one or more
unsuccessful authentication attempts.
unsuccessful authentication attempts (default: 5s).
.It Cm noauth:duration
Specifies how long to refuse clients that disconnect without attempting
authentication.
authentication (default: 1s).
This timeout should be used cautiously otherwise it may penalise legitimate
scanning tools such as
.Xr ssh-keyscan 1 .
.It Cm grace-exceeded:duration
Specifies how long to refuse clients that fail to authenticate after
.Cm LoginGraceTime .
.Cm LoginGraceTime
(default: 20s).
.It Cm max:duration
Specifies the maximum time a particular source address range will be refused
access for.
access for (default: 10m).
Repeated penalties will accumulate up to this maximum.
.It Cm min:duration
Specifies the minimum penalty that must accrue before enforcement begins.
Specifies the minimum penalty that must accrue before enforcement begins
(default: 15s).
.It Cm max-sources:number
Specifies the maximum number of penalise client address ranges to track.
Specifies the maximum number of penalise client address ranges to track
(default: 65536).
.It Cm overflow:mode
Controls how the server behaves when
.Cm max-sources
@ -1611,7 +1617,8 @@ which denies all incoming connections other than those exempted via
.Cm PerSourcePenaltyExemptList
until a penalty expires, and
.Cm permissive ,
which allows new connections by removing existing penalties early.
which allows new connections by removing existing penalties early
(default: permissive).
.El
.It Cm PerSourcePenaltyExemptList
Specifies a comma-separated list of addresses to exempt from penalties.

8
usr.sbin/bgpd/session.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.479 2024/05/29 10:38:24 claudio Exp $ */
/* $OpenBSD: session.c,v 1.480 2024/06/10 12:51:25 claudio Exp $ */
/*
* Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org>
@ -1254,7 +1254,11 @@ get_alternate_addr(struct bgpd_addr *local, struct bgpd_addr *remote,
match->ifa_addr->sa_family != AF_INET6)
continue;
if (sa_equal(local, match->ifa_addr)) {
if (match->ifa_flags & IFF_POINTOPOINT &&
if (remote->aid == AID_INET6 &&
IN6_IS_ADDR_LINKLOCAL(&remote->v6)) {
/* IPv6 LLA are by definition connected */
connected = 1;
} else if (match->ifa_flags & IFF_POINTOPOINT &&
match->ifa_dstaddr != NULL) {
if (sa_equal(remote, match->ifa_dstaddr))
connected = 1;

42
usr.sbin/rpki-client/cert.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cert.c,v 1.144 2024/06/08 13:33:49 tb Exp $ */
/* $OpenBSD: cert.c,v 1.147 2024/06/12 04:01:20 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Job Snijders <job@openbsd.org>
@ -753,18 +753,6 @@ cert_parse_ee_cert(const char *fn, int talid, X509 *x)
goto out;
}
if (X509_get_key_usage(x) != KU_DIGITAL_SIGNATURE) {
warnx("%s: RFC 6487 section 4.8.4: KU must be digitalSignature",
fn);
goto out;
}
/* EKU may be allowed for some purposes in the future. */
if (X509_get_extended_key_usage(x) != UINT32_MAX) {
warnx("%s: RFC 6487 section 4.8.5: EKU not allowed", fn);
goto out;
}
index = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1);
if ((ext = X509_get_ext(x, index)) != NULL) {
if (!sbgp_ipaddrblk(fn, cert, ext))
@ -809,9 +797,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
int i, extsz;
X509 *x = NULL;
X509_EXTENSION *ext = NULL;
const X509_ALGOR *palg;
const ASN1_BIT_STRING *piuid = NULL, *psuid = NULL;
const ASN1_OBJECT *cobj;
const ASN1_BIT_STRING *issuer_uid = NULL, *subject_uid = NULL;
ASN1_OBJECT *obj;
EVP_PKEY *pkey;
int nid, ip, as, sia, cp, crldp, aia, aki, ski,
@ -844,13 +830,10 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
goto out;
}
X509_get0_signature(NULL, &palg, x);
if (palg == NULL) {
warnx("%s: X509_get0_signature", fn);
if ((nid = X509_get_signature_nid(x)) == NID_undef) {
warnx("%s: unknown signature type", fn);
goto out;
}
X509_ALGOR_get0(&cobj, NULL, NULL, palg);
nid = OBJ_obj2nid(cobj);
if (experimental && nid == NID_ecdsa_with_SHA256) {
if (verbose)
warnx("%s: P-256 support is experimental", fn);
@ -860,8 +843,8 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
goto out;
}
X509_get0_uids(x, &piuid, &psuid);
if (piuid != NULL || psuid != NULL) {
X509_get0_uids(x, &issuer_uid, &subject_uid);
if (issuer_uid != NULL || subject_uid != NULL) {
warnx("%s: issuer or subject unique identifiers not allowed",
fn);
goto out;
@ -977,19 +960,6 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
if (!valid_ca_pkey(fn, pkey))
goto out;
if (X509_get_key_usage(x) != (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) {
warnx("%s: RFC 6487 section 4.8.4: key usage violation",
fn);
goto out;
}
/* EKU may be allowed for some purposes in the future. */
if (X509_get_extended_key_usage(x) != UINT32_MAX) {
warnx("%s: RFC 6487 section 4.8.5: EKU not allowed",
fn);
goto out;
}
if (cert->mft == NULL) {
warnx("%s: RFC 6487 section 4.8.8: missing SIA", fn);
goto out;

19
usr.sbin/rpki-client/cms.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cms.c,v 1.46 2024/06/08 13:28:35 tb Exp $ */
/* $OpenBSD: cms.c,v 1.48 2024/06/11 13:09:02 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -15,7 +15,6 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <assert.h>
#include <err.h>
#include <stdint.h>
#include <stdlib.h>
@ -287,7 +286,21 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
/* Compare content-type with eContentType */
octype = CMS_signed_get0_data_by_OBJ(si, cnt_type_oid,
-3, V_ASN1_OBJECT);
assert(octype != NULL);
/*
* Since lastpos == -3, octype can be NULL for 4 reasons:
* 1. requested attribute OID is missing
* 2. signedAttrs contains multiple attributes with requested OID
* 3. attribute with requested OID has multiple values (malformed)
* 4. X509_ATTRIBUTE_get0_data() returned NULL. This is also malformed,
* but libcrypto will create, sign, and verify such objects.
* Reasons 1 and 2 are excluded because has_ct == 1. We don't know which
* one of 3 or 4 we hit. Doesn't matter, drop the garbage on the floor.
*/
if (octype == NULL) {
warnx("%s: RFC 6488, section 2.1.6.4.1: malformed value "
"for content-type attribute", fn);
goto out;
}
if (OBJ_cmp(obj, octype) != 0) {
OBJ_obj2txt(buf, sizeof(buf), obj, 1);
OBJ_obj2txt(obuf, sizeof(obuf), octype, 1);

13
usr.sbin/rpki-client/crl.c
View file

@ -1,5 +1,6 @@
/* $OpenBSD: crl.c,v 1.37 2024/06/05 13:36:28 tb Exp $ */
/* $OpenBSD: crl.c,v 1.40 2024/06/11 15:33:46 tb Exp $ */
/*
* Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
* Permission to use, copy, modify, and distribute this software for any
@ -131,6 +132,7 @@ crl_check_revoked(const char *fn, X509_CRL *x509_crl)
* XXX - as of May 2024, ~15% of RPKI CRLs fail this check due
* to a bug in rpki-rs/Krill. So silently accept this for now.
* https://github.com/NLnetLabs/krill/issues/1197
* https://github.com/NLnetLabs/rpki-rs/pull/295
*/
if (verbose > 1)
warnx("%s: RFC 5280, section 5.1.2.6: revoked "
@ -165,9 +167,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
{
const unsigned char *oder;
struct crl *crl;
const X509_ALGOR *palg;
const X509_NAME *name;
const ASN1_OBJECT *cobj;
const ASN1_TIME *at;
int count, nid, rc = 0;
@ -200,13 +200,10 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
if (!x509_valid_name(fn, "issuer", name))
goto out;
X509_CRL_get0_signature(crl->x509_crl, NULL, &palg);
if (palg == NULL) {
warnx("%s: X509_CRL_get0_signature", fn);
if ((nid = X509_CRL_get_signature_nid(crl->x509_crl)) == NID_undef) {
warnx("%s: unknown signature type", fn);
goto out;
}
X509_ALGOR_get0(&cobj, NULL, NULL, palg);
nid = OBJ_obj2nid(cobj);
if (experimental && nid == NID_ecdsa_with_SHA256) {
if (verbose)
warnx("%s: P-256 support is experimental", fn);

7
usr.sbin/rpki-client/mft.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: mft.c,v 1.116 2024/05/24 12:57:20 tb Exp $ */
/* $OpenBSD: mft.c,v 1.117 2024/06/11 10:38:40 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -366,9 +366,8 @@ mft_parse_econtent(const char *fn, struct mft *mft, const unsigned char *d,
if (OBJ_obj2nid(mft_asn1->fileHashAlg) != NID_sha256) {
warnx("%s: RFC 6486 section 4.2.1: fileHashAlg: "
"want SHA256 object, have %s (NID %d)", fn,
ASN1_tag2str(OBJ_obj2nid(mft_asn1->fileHashAlg)),
OBJ_obj2nid(mft_asn1->fileHashAlg));
"want SHA256 object, have %s", fn,
nid2str(OBJ_obj2nid(mft_asn1->fileHashAlg)));
goto out;
}

3
usr.sbin/rpki-client/parser.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parser.c,v 1.139 2024/06/07 13:24:35 tb Exp $ */
/* $OpenBSD: parser.c,v 1.140 2024/06/10 11:49:29 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -686,7 +686,6 @@ proc_parser_gbr(char *file, const unsigned char *der, size_t len,
a = find_issuer(file, entp->certid, gbr->aki, entp->mftaki);
crl = crl_get(&crlt, a);
/* return value can be ignored since nothing happens here */
if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
warnx("%s: %s", file, errstr);
X509_free(x509);

10
usr.sbin/rpki-client/rpki-client.8
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: rpki-client.8,v 1.105 2024/05/29 13:27:52 tb Exp $
.\" $OpenBSD: rpki-client.8,v 1.106 2024/06/12 04:24:59 tb Exp $
.\"
.\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: May 29 2024 $
.Dd $Mdocdate: June 12 2024 $
.Dt RPKI-CLIENT 8
.Os
.Sh NAME
@ -461,6 +461,12 @@ agreement regarding ARIN service restrictions.
.%U https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-crl-numbers
.%D May, 2024
.Re
.Pp
.Rs
.%T Same-Origin Policy for RRDP
.%U https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rrdp-same-origin
.%D June, 2024
.Re
.Sh HISTORY
.Nm
first appeared in

6
usr.sbin/rpki-client/rsc.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rsc.c,v 1.34 2024/02/21 09:17:06 tb Exp $ */
/* $OpenBSD: rsc.c,v 1.35 2024/06/11 10:38:40 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2022 Job Snijders <job@fastly.com>
@ -253,8 +253,8 @@ rsc_check_digesttype(const char *fn, struct rsc *rsc, const X509_ALGOR *alg)
}
if ((nid = OBJ_obj2nid(obj)) != NID_sha256) {
warnx("%s: RSC DigestAlgorithmIdentifier: want SHA256, have %s"
" (NID %d)", fn, ASN1_tag2str(nid), nid);
warnx("%s: RSC DigestAlgorithmIdentifier: want SHA256, have %s",
fn, nid2str(nid));
return 0;
}

4
usr.sbin/rpki-client/version.h
View file

@ -1,3 +1,3 @@
/* $OpenBSD: version.h,v 1.22 2024/03/01 16:27:34 tb Exp $ */
/* $OpenBSD: version.h,v 1.23 2024/06/12 04:11:19 tb Exp $ */
#define RPKI_VERSION "9.0"
#define RPKI_VERSION "9.1"

64
usr.sbin/rpki-client/x509.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509.c,v 1.97 2024/06/08 13:32:30 tb Exp $ */
/* $OpenBSD: x509.c,v 1.99 2024/06/10 12:44:06 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -267,15 +267,17 @@ x509_get_ski(X509 *x, const char *fn, char **ski)
/*
* Check the cert's purpose: the cA bit in basic constraints distinguishes
* between TA/CA and EE/BGPsec router. TAs are self-signed, CAs not self-issued,
* EEs have no extended key usage, BGPsec router have id-kp-bgpsec-router OID.
* between TA/CA and EE/BGPsec router and the key usage bits must match.
* TAs are self-signed, CAs not self-issued, EEs have no extended key usage,
* BGPsec router have id-kp-bgpsec-router OID.
*/
enum cert_purpose
x509_get_purpose(X509 *x, const char *fn)
{
BASIC_CONSTRAINTS *bc = NULL;
EXTENDED_KEY_USAGE *eku = NULL;
int crit, ext_flags, is_ca;
const X509_EXTENSION *ku;
int crit, ext_flags, i, is_ca, ku_idx;
enum cert_purpose purpose = CERT_PURPOSE_INVALID;
if (!x509_cache_extensions(x, fn))
@ -283,6 +285,20 @@ x509_get_purpose(X509 *x, const char *fn)
ext_flags = X509_get_extension_flags(x);
/* Key usage must be present and critical. KU bits are checked below. */
if ((ku_idx = X509_get_ext_by_NID(x, NID_key_usage, -1)) < 0) {
warnx("%s: RFC 6487, section 4.8.4: missing KeyUsage", fn);
goto out;
}
if ((ku = X509_get_ext(x, ku_idx)) == NULL) {
warnx("%s: RFC 6487, section 4.8.4: missing KeyUsage", fn);
goto out;
}
if (!X509_EXTENSION_get_critical(ku)) {
warnx("%s: RFC 6487, section 4.8.4: KeyUsage not critical", fn);
goto out;
}
/* This weird API can return 0, 1, 2, 4, 5 but can't error... */
if ((is_ca = X509_check_ca(x)) > 1) {
if (is_ca == 4)
@ -314,6 +330,19 @@ x509_get_purpose(X509 *x, const char *fn)
"Constraint must be absent", fn);
goto out;
}
if (X509_get_key_usage(x) != (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) {
warnx("%s: RFC 6487 section 4.8.4: key usage violation",
fn);
goto out;
}
if (X509_get_extended_key_usage(x) != UINT32_MAX) {
warnx("%s: RFC 6487 section 4.8.5: EKU not allowed",
fn);
goto out;
}
/*
* EXFLAG_SI means that issuer and subject are identical.
* EXFLAG_SS is SI plus the AKI is absent or matches the SKI.
@ -335,6 +364,12 @@ x509_get_purpose(X509 *x, const char *fn)
goto out;
}
if (X509_get_key_usage(x) != KU_DIGITAL_SIGNATURE) {
warnx("%s: RFC 6487 section 4.8.4: KU must be digitalSignature",
fn);
goto out;
}
/*
* EKU is only defined for BGPsec Router certs and must be absent from
* EE certs.
@ -353,20 +388,15 @@ x509_get_purpose(X509 *x, const char *fn)
}
/*
* XXX - this isn't quite correct: other EKU OIDs are allowed per
* RFC 8209, section 3.1.3.2, e.g., anyEKU could potentially help
* avoid tripping up validators that don't know about the BGPsec
* router purpose. Drop check or downgrade from error to warning?
* Per RFC 8209, section 3.1.3.2 the id-kp-bgpsec-router OID must be
* present and others are allowed, which we don't need to recognize.
* This matches RFC 5280, section 4.2.1.12.
*/
if (sk_ASN1_OBJECT_num(eku) != 1) {
warnx("%s: EKU: expected 1 purpose, have %d", fn,
sk_ASN1_OBJECT_num(eku));
goto out;
}
if (OBJ_cmp(bgpsec_oid, sk_ASN1_OBJECT_value(eku, 0)) == 0) {
purpose = CERT_PURPOSE_BGPSEC_ROUTER;
goto out;
for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
if (OBJ_cmp(bgpsec_oid, sk_ASN1_OBJECT_value(eku, i)) == 0) {
purpose = CERT_PURPOSE_BGPSEC_ROUTER;
break;
}
}
out:

4
usr.sbin/smtpd/lka.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: lka.c,v 1.249 2024/06/09 10:13:05 gilles Exp $ */
/* $OpenBSD: lka.c,v 1.250 2024/06/11 16:30:06 tb Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@ -294,7 +294,7 @@ lka_imsg(struct mproc *p, struct imsg *imsg)
/* revoke proc & exec */
if (pledge("stdio rpath inet dns getpw recvfd sendfd",
NULL) == -1)
NULL) == -1)
fatal("pledge");
/* setup proc registering task */