diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 3fdff78bc..000000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -**/obj -**/tags diff --git a/distrib/alpha/miniroot/Makefile b/distrib/alpha/miniroot/Makefile index 85e3e8a58..c85d10d3a 100644 --- a/distrib/alpha/miniroot/Makefile +++ b/distrib/alpha/miniroot/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.26 2023/04/28 12:26:43 krw Exp $ +# $OpenBSD: Makefile,v 1.27 2023/04/30 22:44:18 krw Exp $ FS= miniroot${OSrev}.img -FSSIZE= 5760 +FSSIZE= 6080 FSDISKTYPE= fakeramdisk CDROM= cd${OSrev}.iso MOUNT_POINT= /mnt diff --git a/distrib/sets/lists/comp/mi b/distrib/sets/lists/comp/mi index e397ebf0b..b0b7ccd9a 100644 --- a/distrib/sets/lists/comp/mi +++ b/distrib/sets/lists/comp/mi @@ -2019,7 +2019,6 @@ ./usr/share/man/man3/PKCS8_pkey_set0.3 ./usr/share/man/man3/PKEY_USAGE_PERIOD_new.3 ./usr/share/man/man3/POLICYINFO_new.3 -./usr/share/man/man3/PROXY_POLICY_new.3 ./usr/share/man/man3/RAND_add.3 ./usr/share/man/man3/RAND_bytes.3 ./usr/share/man/man3/RAND_load_file.3 @@ -2253,9 +2252,6 @@ ./usr/share/man/man3/X509_load_cert_file.3 ./usr/share/man/man3/X509_new.3 ./usr/share/man/man3/X509_ocspid_print.3 -./usr/share/man/man3/X509_policy_check.3 -./usr/share/man/man3/X509_policy_tree_get0_policies.3 -./usr/share/man/man3/X509_policy_tree_level_count.3 ./usr/share/man/man3/X509_print_ex.3 ./usr/share/man/man3/X509_sign.3 ./usr/share/man/man3/X509_signature_dump.3 @@ -2416,7 +2412,6 @@ ./usr/share/man/man3/d2i_PKCS8_PRIV_KEY_INFO.3 ./usr/share/man/man3/d2i_PKEY_USAGE_PERIOD.3 ./usr/share/man/man3/d2i_POLICYINFO.3 -./usr/share/man/man3/d2i_PROXY_POLICY.3 ./usr/share/man/man3/d2i_PrivateKey.3 ./usr/share/man/man3/d2i_RSAPublicKey.3 ./usr/share/man/man3/d2i_SSL_SESSION.3 diff --git a/etc/skel/dot.version b/etc/skel/dot.version index 2d009da46..b4d7149af 100644 --- a/etc/skel/dot.version +++ b/etc/skel/dot.version @@ -1 +1 @@ -# SecBSD 1.3-89f0212: Sun Apr 30 00:00:00 UTC 2023 (Quetzalcoatl) +# SecBSD 1.3-5179fdb: Mon May 1 00:00:00 UTC 2023 (Quetzalcoatl) diff --git a/include/arpa/inet.h b/include/arpa/inet.h index 8d6ac635e..41cd5623f 100644 --- a/include/arpa/inet.h +++ b/include/arpa/inet.h @@ -5,7 +5,7 @@ * - * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -17,7 +17,7 @@ * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,14 @@ * SUCH DAMAGE. * - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * + * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies, and that * the name of Digital Equipment Corporation not be used in advertising or * publicity pertaining to distribution of the document or software without * specific, written prior permission. - * + * * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT diff --git a/include/arpa/nameser.h b/include/arpa/nameser.h index 60ca73f6a..78a1ba7fa 100644 --- a/include/arpa/nameser.h +++ b/include/arpa/nameser.h @@ -5,7 +5,7 @@ * - * Copyright (c) 1983, 1989, 1993 * The Regents of the University of California. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -17,7 +17,7 @@ * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,14 @@ * SUCH DAMAGE. * - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * + * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies, and that * the name of Digital Equipment Corporation not be used in advertising or * publicity pertaining to distribution of the document or software without * specific, written prior permission. - * + * * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT @@ -231,7 +231,7 @@ #define KEYFLAG_RESERVED_BITMASK ( KEYFLAG_RESERVED3 | \ KEYFLAG_RESERVED4 | \ - KEYFLAG_RESERVED10| KEYFLAG_RESERVED11) + KEYFLAG_RESERVED10| KEYFLAG_RESERVED11) /* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */ #define ALGORITHM_MD5RSA 1 /* MD5 with RSA */ diff --git a/include/bsd_auth.h b/include/bsd_auth.h index 19c5fbc9c..6b17d1529 100644 --- a/include/bsd_auth.h +++ b/include/bsd_auth.h @@ -80,7 +80,7 @@ void auth_setenv(auth_session_t *); void auth_clrenv(auth_session_t *); void auth_setstate(auth_session_t *, int); -int auth_call(auth_session_t *, char *, ...) +int auth_call(auth_session_t *, char *, ...) __attribute__((__sentinel__)); int auth_setdata(auth_session_t *, void *, size_t); diff --git a/include/complex.h b/include/complex.h index b29f5a729..f275a3121 100644 --- a/include/complex.h +++ b/include/complex.h @@ -37,7 +37,7 @@ #define I _Complex_I __BEGIN_DECLS -/* +/* * Double versions of C99 functions */ double complex cacos(double complex); @@ -63,7 +63,7 @@ double complex conj(double complex); double complex cproj(double complex); double creal(double complex); -/* +/* * Float versions of C99 functions */ float complex cacosf(float complex); @@ -89,7 +89,7 @@ float complex conjf(float complex); float complex cprojf(float complex); float crealf(float complex); -/* +/* * Long double versions of C99 functions */ long double complex cacosl(long double complex); diff --git a/include/cpio.h b/include/cpio.h index c38d59fab..6e44fa974 100644 --- a/include/cpio.h +++ b/include/cpio.h @@ -53,7 +53,7 @@ #define C_ISCTG 0110000 #define C_ISLNK 0120000 #define C_ISSOCK 0140000 - + #define MAGIC "070707" #endif /* _CPIO_H_ */ diff --git a/include/db.h b/include/db.h index 4381efebe..cad7bd648 100644 --- a/include/db.h +++ b/include/db.h @@ -148,11 +148,11 @@ typedef struct { unsigned int cachesize; /* bytes to cache */ unsigned int psize; /* page size */ int lorder; /* byte order */ - size_t reclen; /* record length + size_t reclen; /* record length (fixed-length records) */ - unsigned char bval; /* delimiting byte + unsigned char bval; /* delimiting byte (variable-length records) */ - char *bfname; /* btree file name */ + char *bfname; /* btree file name */ } RECNOINFO; __BEGIN_DECLS diff --git a/include/dirent.h b/include/dirent.h index 61a5e011f..79d5fbe51 100644 --- a/include/dirent.h +++ b/include/dirent.h @@ -47,7 +47,7 @@ #endif /* - * The kernel defines the format of directory entries returned by + * The kernel defines the format of directory entries returned by * the getdents(2) system call. */ #include diff --git a/include/getopt.h b/include/getopt.h index dd5186445..445a3a4ad 100644 --- a/include/getopt.h +++ b/include/getopt.h @@ -72,5 +72,5 @@ extern int optopt; extern int optreset; #endif __END_DECLS - + #endif /* !_GETOPT_H_ */ diff --git a/include/glob.h b/include/glob.h index 6e64bca2b..90454bcf8 100644 --- a/include/glob.h +++ b/include/glob.h @@ -63,7 +63,7 @@ typedef struct { * and lstat(2). */ void (*gl_closedir)(void *); - struct dirent *(*gl_readdir)(void *); + struct dirent *(*gl_readdir)(void *); void *(*gl_opendir)(const char *); int (*gl_lstat)(const char *, struct stat *); int (*gl_stat)(const char *, struct stat *); diff --git a/include/ieeefp.h b/include/ieeefp.h index 627ce507a..7ca42f337 100644 --- a/include/ieeefp.h +++ b/include/ieeefp.h @@ -1,6 +1,6 @@ /* $OpenBSD: ieeefp.h,v 1.4 2009/09/27 21:23:55 martynas Exp $ */ -/* +/* * Written by J.T. Conklin, Apr 6, 1995 * Public domain. */ diff --git a/include/iso646.h b/include/iso646.h index 535e96bcf..1d232343b 100644 --- a/include/iso646.h +++ b/include/iso646.h @@ -1,7 +1,7 @@ /* $OpenBSD: iso646.h,v 1.3 2001/10/11 00:05:21 espie Exp $ */ /* $NetBSD: iso646.h,v 1.1 1995/02/17 09:08:10 jtc Exp $ */ -/* +/* * Written by J.T. Conklin 02/16/95. * Public domain. */ diff --git a/include/math.h b/include/math.h index e6dd268c7..d5e46076e 100644 --- a/include/math.h +++ b/include/math.h @@ -5,7 +5,7 @@ * * Developed at SunPro, a Sun Microsystems, Inc. business. * Permission to use, copy, modify, and distribute this - * software is freely granted, provided that this notice + * software is freely granted, provided that this notice * is preserved. * ==================================================== */ diff --git a/include/netdb.h b/include/netdb.h index 0f7303e22..25c7ff155 100644 --- a/include/netdb.h +++ b/include/netdb.h @@ -210,7 +210,7 @@ struct addrinfo { char *ai_canonname; /* canonical name for service location (iff req) */ struct addrinfo *ai_next; /* pointer to next in list */ }; - + #if __BSD_VISIBLE /* * Flags for getrrsetbyname() diff --git a/include/poll.h b/include/poll.h index cea7b0453..f053202f0 100644 --- a/include/poll.h +++ b/include/poll.h @@ -3,7 +3,7 @@ /* * Written by Theo de Raadt, Public Domain * - * Typical poll() implementations expect poll.h to be in /usr/include. + * Typical poll() implementations expect poll.h to be in /usr/include. * However this is not a convenient place for the real definitions. */ #include diff --git a/include/protocols/talkd.h b/include/protocols/talkd.h index fae2b42b2..73ff31cbc 100644 --- a/include/protocols/talkd.h +++ b/include/protocols/talkd.h @@ -83,11 +83,11 @@ typedef struct { typedef struct { unsigned char vers; /* protocol version */ unsigned char type; /* type of request message, see below */ - unsigned char answer; /* response to request message, + unsigned char answer; /* response to request message, see below */ unsigned char pad; u_int32_t id_num; /* message id */ - struct osockaddr addr; /* address for establishing + struct osockaddr addr; /* address for establishing conversation */ } CTL_RESPONSE; diff --git a/include/protocols/timed.h b/include/protocols/timed.h index 12531d175..5260a0462 100644 --- a/include/protocols/timed.h +++ b/include/protocols/timed.h @@ -58,14 +58,14 @@ struct tsp { #define tsp_time tsp_u.tspu_time #define tsp_hopcnt tsp_u.tspu_hopcnt - + /* * Command types. */ #define TSP_ANY 0 /* match any types */ #define TSP_ADJTIME 1 /* send adjtime */ #define TSP_ACK 2 /* generic acknowledgement */ -#define TSP_MASTERREQ 3 /* ask for master's name */ +#define TSP_MASTERREQ 3 /* ask for master's name */ #define TSP_MASTERACK 4 /* acknowledge master request */ #define TSP_SETTIME 5 /* send network time */ #define TSP_MASTERUP 6 /* inform slaves that master is up */ @@ -92,8 +92,8 @@ struct tsp { #ifdef TSPTYPES char *tsptype[TSPTYPENUMBER] = - { "ANY", "ADJTIME", "ACK", "MASTERREQ", "MASTERACK", "SETTIME", "MASTERUP", - "SLAVEUP", "ELECTION", "ACCEPT", "REFUSE", "CONFLICT", "RESOLVE", "QUIT", + { "ANY", "ADJTIME", "ACK", "MASTERREQ", "MASTERACK", "SETTIME", "MASTERUP", + "SLAVEUP", "ELECTION", "ACCEPT", "REFUSE", "CONFLICT", "RESOLVE", "QUIT", "DATE", "DATEREQ", "DATEACK", "TRACEON", "TRACEOFF", "MSITE", "MSITEREQ", "TEST", "SETDATE", "SETDATEREQ", "LOOP" }; #endif diff --git a/include/pthread.h b/include/pthread.h index cfb1356a1..f0406eb89 100644 --- a/include/pthread.h +++ b/include/pthread.h @@ -16,20 +16,20 @@ * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Chris Provenzano. - * 4. The name of Chris Provenzano may not be used to endorse or promote + * 4. The name of Chris Provenzano may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY CHRIS PROVENZANO ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL CHRIS PROVENZANO BE LIABLE FOR ANY + * ARE DISCLAIMED. IN NO EVENT SHALL CHRIS PROVENZANO BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD: pthread.h,v 1.13 1999/07/31 08:36:07 rse Exp $ @@ -71,7 +71,7 @@ * Flags for read/write lock attributes */ #define PTHREAD_PROCESS_PRIVATE 0 -#define PTHREAD_PROCESS_SHARED 1 +#define PTHREAD_PROCESS_SHARED 1 /* * Flags for cancelling threads @@ -147,12 +147,12 @@ struct pthread_once { #define PTHREAD_DONE_INIT 1 /* - * Static once initialization values. + * Static once initialization values. */ #define PTHREAD_ONCE_INIT { PTHREAD_NEEDS_INIT, PTHREAD_MUTEX_INITIALIZER } /* - * Static initialization values. + * Static initialization values. */ #define PTHREAD_MUTEX_INITIALIZER NULL #define PTHREAD_COND_INITIALIZER NULL diff --git a/include/resolv.h b/include/resolv.h index 449779e40..0d144b9af 100644 --- a/include/resolv.h +++ b/include/resolv.h @@ -3,7 +3,7 @@ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -15,7 +15,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -34,7 +34,7 @@ * - * Copyright (c) 1983, 1987, 1989, 1993 * The Regents of the University of California. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -46,7 +46,7 @@ * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -60,14 +60,14 @@ * SUCH DAMAGE. * - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * + * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies, and that * the name of Digital Equipment Corporation not be used in advertising or * publicity pertaining to distribution of the document or software without * specific, written prior permission. - * + * * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT @@ -282,7 +282,7 @@ int res_dnok(const char *); const char * sym_ntos(const struct res_sym *, int, int *); int b64_ntop(unsigned char const *, size_t, char *, size_t); int b64_pton(char const *, unsigned char *, size_t); -int dn_skipname(const unsigned char *, +int dn_skipname(const unsigned char *, const unsigned char *); void putlong(u_int32_t, unsigned char *); void putshort(u_int16_t, unsigned char *); @@ -290,7 +290,7 @@ const char * p_class(int); const char * p_type(int); int dn_comp(const char *, unsigned char *, int, unsigned char **, unsigned char **); -int dn_expand(const unsigned char *, const unsigned char *, +int dn_expand(const unsigned char *, const unsigned char *, const unsigned char *, char *, int); int res_init(void); unsigned int res_randomid(void); @@ -301,12 +301,12 @@ int res_search(const char *, int, int, unsigned char *, int) int res_querydomain(const char *, const char *, int, int, unsigned char *, int) __attribute__((__bounded__(__string__,5,6))); -int res_mkquery(int, const char *, int, int, - const unsigned char *, int, const unsigned char *, +int res_mkquery(int, const char *, int, int, + const unsigned char *, int, const unsigned char *, unsigned char *, int) __attribute__((__bounded__(__string__,5,6))) __attribute__((__bounded__(__string__,8,9))); -int res_send(const unsigned char *, int, unsigned char *, +int res_send(const unsigned char *, int, unsigned char *, int) __attribute__((__bounded__(__string__,3,4))); __END_DECLS diff --git a/include/search.h b/include/search.h index 37f2e60bf..3e04e2ea8 100644 --- a/include/search.h +++ b/include/search.h @@ -49,7 +49,7 @@ void *tdelete(const void * __restrict, void ** __restrict, int (*)(const void *, const void *)); void *tfind(const void *, void * const *, int (*)(const void *, const void *)); -void *tsearch(const void *, void **, +void *tsearch(const void *, void **, int (*)(const void *, const void *)); void twalk(const void *, void (*)(const void *, VISIT, int)); __END_DECLS diff --git a/include/sha2.h b/include/sha2.h index 52ddb3f79..a03a27623 100644 --- a/include/sha2.h +++ b/include/sha2.h @@ -3,7 +3,7 @@ /* * FILE: sha2.h * AUTHOR: Aaron D. Gifford - * + * * Copyright (c) 2000-2001, Aaron D. Gifford * All rights reserved. * @@ -18,7 +18,7 @@ * 3. Neither the name of the copyright holder nor the names of contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE diff --git a/include/stdbool.h b/include/stdbool.h index 077c12ae4..19d7eca6e 100644 --- a/include/stdbool.h +++ b/include/stdbool.h @@ -6,7 +6,7 @@ */ #ifndef _STDBOOL_H_ -#define _STDBOOL_H_ +#define _STDBOOL_H_ #ifndef __cplusplus diff --git a/include/stdio.h b/include/stdio.h index 0db964f34..ecee3ef94 100644 --- a/include/stdio.h +++ b/include/stdio.h @@ -384,7 +384,7 @@ int __swbuf(int, FILE *); __END_DECLS /* - * The __sfoo macros are here so that we can + * The __sfoo macros are here so that we can * define function versions in the C library. */ #define __sgetc(p) (--(p)->_r < 0 ? __srget(p) : (int)(*(p)->_p++)) diff --git a/include/string.h b/include/string.h index 9141c3000..e0afaf2b4 100644 --- a/include/string.h +++ b/include/string.h @@ -132,7 +132,7 @@ void strmode(int, char *); char *strsep(char **, const char *); int timingsafe_bcmp(const void *, const void *, size_t); int timingsafe_memcmp(const void *, const void *, size_t); -#endif +#endif __END_DECLS #endif /* _STRING_H_ */ diff --git a/include/unistd.h b/include/unistd.h index 771347031..44fb855e5 100644 --- a/include/unistd.h +++ b/include/unistd.h @@ -329,10 +329,10 @@ int chown(const char *, uid_t, gid_t); int close(int); int dup(int); int dup2(int, int); -int execl(const char *, const char *, ...) +int execl(const char *, const char *, ...) __attribute__((__sentinel__)); int execle(const char *, const char *, ...); -int execlp(const char *, const char *, ...) +int execlp(const char *, const char *, ...) __attribute__((__sentinel__)); int execv(const char *, char *const *); int execve(const char *, char *const *, char *const *); diff --git a/lib/check_sym b/lib/check_sym index 704fb1ebd..b6130e2ee 100755 --- a/lib/check_sym +++ b/lib/check_sym @@ -233,7 +233,7 @@ fi # relative paths), chdir into our work directory, whatever it is cd $odir -jump_slots() { +jump_slots() { case $cpu in hppa) awk '/IPLT/ && $5 != ""{print $5}' r$1 ;; @@ -260,7 +260,7 @@ dynamic_sym() { {print $4, $5, $6, $8}' s$1 | sort -o d$1 } -static_sym() { +static_sym() { awk '/^Symbol table ..symtab/{s=1} /LOCAL/{next} s&&/^ *[1-9]/{print $4, $5, $6, $8}' s$1 | sort -o S$1 diff --git a/lib/csu/Makefile b/lib/csu/Makefile index 691e0f934..bccd4c6a6 100644 --- a/lib/csu/Makefile +++ b/lib/csu/Makefile @@ -35,7 +35,7 @@ RCFLAGS=-DRCRT0 # amd64 can access the stack protector before relocation has occurred. # Other archs aren't so lucky .if ${MACHINE_ARCH} != "amd64" -RCFLAGS+=-fno-stack-protector +RCFLAGS+=-fno-stack-protector .endif # Prevent use of builtins in _dl_boot_bind(). diff --git a/lib/csu/aarch64/md_init.h b/lib/csu/aarch64/md_init.h index 71356c6e9..6701c5c44 100644 --- a/lib/csu/aarch64/md_init.h +++ b/lib/csu/aarch64/md_init.h @@ -3,7 +3,7 @@ /*- * Copyright (c) 2001 Ross Harvey * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: diff --git a/lib/csu/alpha/md_init.h b/lib/csu/alpha/md_init.h index d503c7519..fa2143f24 100644 --- a/lib/csu/alpha/md_init.h +++ b/lib/csu/alpha/md_init.h @@ -2,7 +2,7 @@ /*- * Copyright (c) 2001 Ross Harvey * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: diff --git a/lib/csu/amd64/md_init.h b/lib/csu/amd64/md_init.h index 948e7c928..9781a7614 100644 --- a/lib/csu/amd64/md_init.h +++ b/lib/csu/amd64/md_init.h @@ -3,7 +3,7 @@ /*- * Copyright (c) 2001 Ross Harvey * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: diff --git a/lib/csu/arm/md_init.h b/lib/csu/arm/md_init.h index 3a9b581b6..fa6cf6309 100644 --- a/lib/csu/arm/md_init.h +++ b/lib/csu/arm/md_init.h @@ -3,7 +3,7 @@ /*- * Copyright (c) 2001 Ross Harvey * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: diff --git a/lib/csu/crtbeginS.c b/lib/csu/crtbeginS.c index cfaf7e406..059dcf86e 100644 --- a/lib/csu/crtbeginS.c +++ b/lib/csu/crtbeginS.c @@ -166,7 +166,7 @@ _do_fini(void) __cxa_finalize(__dso_handle); /* - * since the _init() function sets up the destructors to + * since the _init() function sets up the destructors to * be called by atexit, do not call the destructors here. */ __dtors(); diff --git a/lib/csu/hppa/md_init.h b/lib/csu/hppa/md_init.h index 5abe6daff..ca3436853 100644 --- a/lib/csu/hppa/md_init.h +++ b/lib/csu/hppa/md_init.h @@ -22,7 +22,7 @@ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + */ /* * hppa overrides these because it has different label syntax diff --git a/lib/csu/i386/md_init.h b/lib/csu/i386/md_init.h index efd601d12..90a837432 100644 --- a/lib/csu/i386/md_init.h +++ b/lib/csu/i386/md_init.h @@ -3,7 +3,7 @@ /*- * Copyright (c) 2001 Ross Harvey * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: diff --git a/lib/csu/mips64/md_init.h b/lib/csu/mips64/md_init.h index ad4e70af9..2d0bb2811 100644 --- a/lib/csu/mips64/md_init.h +++ b/lib/csu/mips64/md_init.h @@ -4,7 +4,7 @@ * Copyright (c) 2001 Ross Harvey * Copyright (c) 2001 Simon Burge * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: diff --git a/lib/csu/powerpc/md_init.h b/lib/csu/powerpc/md_init.h index fa4a3f514..96680e248 100644 --- a/lib/csu/powerpc/md_init.h +++ b/lib/csu/powerpc/md_init.h @@ -3,7 +3,7 @@ /*- * Copyright (c) 2001 Ross Harvey * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: diff --git a/lib/csu/sh/md_init.h b/lib/csu/sh/md_init.h index f2940122c..305ac81a5 100644 --- a/lib/csu/sh/md_init.h +++ b/lib/csu/sh/md_init.h @@ -4,7 +4,7 @@ /*- * Copyright (c) 2001 Ross Harvey * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: diff --git a/lib/csu/sparc64/md_init.h b/lib/csu/sparc64/md_init.h index 09f0f0cc1..d3e83a4cb 100644 --- a/lib/csu/sparc64/md_init.h +++ b/lib/csu/sparc64/md_init.h @@ -3,7 +3,7 @@ /*- * Copyright (c) 2001 Ross Harvey * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c index ac59cc7e2..8964d467c 100644 --- a/lib/libcrypto/asn1/tasn_dec.c +++ b/lib/libcrypto/asn1/tasn_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_dec.c,v 1.85 2023/04/28 17:59:53 job Exp $ */ +/* $OpenBSD: tasn_dec.c,v 1.86 2023/04/30 16:46:49 job Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -736,7 +736,7 @@ static int asn1_item_d2i_sequence(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it, int tag_number, int tag_class, int optional, int depth) { - CBS cbs_seq, cbs_seq_content; + CBS cbs_seq, cbs_seq_content, cbs_object; int constructed, indefinite, optional_field; const ASN1_TEMPLATE *errat = NULL; const ASN1_TEMPLATE *seqat, *at; @@ -878,9 +878,14 @@ asn1_item_d2i_sequence(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it, ASN1_template_free(pseqval, seqat); } - if (!CBS_skip(cbs, CBS_offset(&cbs_seq))) + if (!CBS_get_bytes(cbs, &cbs_object, CBS_offset(&cbs_seq))) goto err; + if (!asn1_enc_save(&aseq, &cbs_object, it)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_POST, &aseq, it, NULL)) { ASN1error(ASN1_R_AUX_ERROR); goto err; diff --git a/lib/libcrypto/asn1/tasn_enc.c b/lib/libcrypto/asn1/tasn_enc.c index 430e8e1e8..bbe8a2e94 100644 --- a/lib/libcrypto/asn1/tasn_enc.c +++ b/lib/libcrypto/asn1/tasn_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_enc.c,v 1.30 2023/04/28 17:59:53 job Exp $ */ +/* $OpenBSD: tasn_enc.c,v 1.31 2023/04/30 16:46:49 job Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -210,6 +210,14 @@ ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, /* fall through */ case ASN1_ITYPE_SEQUENCE: + i = asn1_enc_restore(&seqcontlen, out, pval, it); + /* An error occurred */ + if (i < 0) + return 0; + /* We have a valid cached encoding... */ + if (i > 0) + return seqcontlen; + /* Otherwise carry on */ seqcontlen = 0; /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ if (tag == -1) { diff --git a/lib/libcrypto/bio/bio.h b/lib/libcrypto/bio/bio.h index 5030a2c2d..23913a298 100644 --- a/lib/libcrypto/bio/bio.h +++ b/lib/libcrypto/bio/bio.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -139,7 +139,7 @@ extern "C" { #define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ #define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally * connected socket to be - * passed in */ + * passed in */ #define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ #define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ #define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ @@ -232,7 +232,7 @@ void BIO_clear_flags(BIO *b, int flags); /* The next three are used in conjunction with the * BIO_should_io_special() condition. After this returns true, - * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO + * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO * stack and return the 'reason' for the special and the offending BIO. * Given a BIO, BIO_get_retry_reason(bio) will return the code. */ /* Returned from the SSL bio when the certificate retrieval code had an error */ diff --git a/lib/libcrypto/bio/bss_acpt.c b/lib/libcrypto/bio/bss_acpt.c index a619bd7c5..7c913b47e 100644 --- a/lib/libcrypto/bio/bss_acpt.c +++ b/lib/libcrypto/bio/bss_acpt.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c index 439bdb1e9..389dd3ff3 100644 --- a/lib/libcrypto/bn/bn_lib.c +++ b/lib/libcrypto/bn/bn_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_lib.c,v 1.85 2023/04/25 19:57:59 tb Exp $ */ +/* $OpenBSD: bn_lib.c,v 1.86 2023/04/30 19:15:48 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -601,12 +601,6 @@ BN_zero(BIGNUM *a) a->top = 0; } -void -BN_zero_ex(BIGNUM *a) -{ - BN_zero(a); -} - int BN_one(BIGNUM *a) { diff --git a/lib/libcrypto/bn/bn_mont.c b/lib/libcrypto/bn/bn_mont.c index f6ca5a34f..6194e0995 100644 --- a/lib/libcrypto/bn/bn_mont.c +++ b/lib/libcrypto/bn/bn_mont.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_mont.c,v 1.58 2023/04/25 17:20:24 tb Exp $ */ +/* $OpenBSD: bn_mont.c,v 1.59 2023/04/30 05:21:20 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -351,7 +351,7 @@ bn_montgomery_multiply_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *b /* Compute new t[0] * n0, as we need it inside the loop. */ w = (a0 * b + tp[0]) * n0; - + for (j = 0; j < n_len; j++) { bn_mulw_addw_addw(ap[j], b, tp[j], carry_a, &carry_a, &x); bn_mulw_addw_addw(np[j], w, x, carry_n, &carry_n, &tp[j]); diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h index 5b1618ac9..051920203 100644 --- a/lib/libcrypto/crypto.h +++ b/lib/libcrypto/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.59 2023/04/28 21:40:14 tb Exp $ */ +/* $OpenBSD: crypto.h,v 1.60 2023/04/30 17:07:46 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -488,7 +488,7 @@ typedef int *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); int CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); /* die if we have to */ -__dead void OpenSSLDie(const char *file, int line, const char *assertion); +void OpenSSLDie(const char *file, int line, const char *assertion); #define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) uint64_t OPENSSL_cpu_caps(void); diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h index e63b91afd..24aa1f22f 100644 --- a/lib/libcrypto/hidden/openssl/x509v3.h +++ b/lib/libcrypto/hidden/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.3 2023/04/26 20:43:32 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.4 2023/04/30 19:31:05 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -21,14 +21,6 @@ #include_next #include "crypto_namespace.h" -LCRYPTO_USED(PROXY_POLICY_new); -LCRYPTO_USED(PROXY_POLICY_free); -LCRYPTO_USED(d2i_PROXY_POLICY); -LCRYPTO_USED(i2d_PROXY_POLICY); -LCRYPTO_USED(PROXY_CERT_INFO_EXTENSION_new); -LCRYPTO_USED(PROXY_CERT_INFO_EXTENSION_free); -LCRYPTO_USED(d2i_PROXY_CERT_INFO_EXTENSION); -LCRYPTO_USED(i2d_PROXY_CERT_INFO_EXTENSION); LCRYPTO_USED(BASIC_CONSTRAINTS_new); LCRYPTO_USED(BASIC_CONSTRAINTS_free); LCRYPTO_USED(d2i_BASIC_CONSTRAINTS); diff --git a/lib/libcrypto/man/BIO_accept.3 b/lib/libcrypto/man/BIO_accept.3 index 7e9839c1c..e2547ac0d 100644 --- a/lib/libcrypto/man/BIO_accept.3 +++ b/lib/libcrypto/man/BIO_accept.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_accept.3,v 1.1 2022/12/22 21:05:48 schwarze Exp $ +.\" $OpenBSD: BIO_accept.3,v 1.2 2023/04/30 13:38:48 schwarze Exp $ .\" .\" Copyright (c) 2022 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 22 2022 $ +.Dd $Mdocdate: April 30 2023 $ .Dt BIO_ACCEPT 3 .Os .Sh NAME @@ -32,6 +32,11 @@ .Nm BIO_set_tcp_ndelay .\" deprecated in OpenSSL and unused anywhere, hence intentionally undocumented .\" .Nm BIO_gethostbyname +.\" .Nm BIO_GHBN_CTRL_CACHE_SIZE +.\" .Nm BIO_GHBN_CTRL_FLUSH +.\" .Nm BIO_GHBN_CTRL_GET_ENTRY +.\" .Nm BIO_GHBN_CTRL_HITS +.\" .Nm BIO_GHBN_CTRL_MISSES .\" .Nm BIO_socket_ioctl .\" does almost nothing and used very rarely, hence intentionally undocumented .\" .Nm BIO_sock_init diff --git a/lib/libcrypto/man/BIO_s_connect.3 b/lib/libcrypto/man/BIO_s_connect.3 index 580687c80..bce68a26b 100644 --- a/lib/libcrypto/man/BIO_s_connect.3 +++ b/lib/libcrypto/man/BIO_s_connect.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_connect.3,v 1.18 2023/04/29 13:06:10 schwarze Exp $ +.\" $OpenBSD: BIO_s_connect.3,v 1.19 2023/04/30 13:53:54 schwarze Exp $ .\" full merge up to: OpenSSL 0e474b8b Nov 1 15:45:49 2015 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 29 2023 $ +.Dd $Mdocdate: April 30 2023 $ .Dt BIO_S_CONNECT 3 .Os .Sh NAME @@ -212,6 +212,40 @@ Usually, \-1 is used to indicate failure and return values less than or equal to zero abort the operation in question, whereas positive values indicate success and allow the operation to proceed. .Pp +The +.Fa state +constants passed to the callback are named according to +which operation needs to be performed next. +They are listed here in the order the states are passed through: +.Pp +.Bl -tag -width BIO_CONN_S_BLOCKED_CONNECT -offset 3n -compact +.It Dv BIO_CONN_S_BEFORE +The BIO is idle and no connection has been initiated yet. +.It Dv BIO_CONN_S_GET_IP +The hostname to connect to needs to be converted to an IP address. +.It Dv BIO_CONN_S_GET_PORT +The service name to connect to needs to be converted to a TCP port number. +.It Dv BIO_CONN_S_CREATE_SOCKET +The TCP socket needs to be created with the +.Xr socket 2 +system call. +.It Dv BIO_CONN_S_NBIO +Socket options may need to be set using +.Xr fcntl 2 +and +.Xr setsockopt 2 . +.It Dv BIO_CONN_S_CONNECT +The connection needs to be initiated with the +.Xr connect 2 +system call. +.It Dv BIO_CONN_S_BLOCKED_CONNECT +The +.Xr connect 2 +system call would have blocked and needs to be tried again. +.It Dv BIO_CONN_S_OK +The connection has been established and can now be used to transfer data. +.El +.Pp .Fn BIO_set_conn_hostname uses the string .Fa name diff --git a/lib/libcrypto/man/BIO_set_callback.3 b/lib/libcrypto/man/BIO_set_callback.3 index 7a653c781..56a0102be 100644 --- a/lib/libcrypto/man/BIO_set_callback.3 +++ b/lib/libcrypto/man/BIO_set_callback.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_set_callback.3,v 1.11 2023/04/07 14:47:37 schwarze Exp $ +.\" $OpenBSD: BIO_set_callback.3,v 1.12 2023/04/30 13:57:29 schwarze Exp $ .\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 7 2023 $ +.Dd $Mdocdate: April 30 2023 $ .Dt BIO_SET_CALLBACK 3 .Os .Sh NAME @@ -190,7 +190,14 @@ The arguments of the callback functions are as follows: .It Fa b The BIO the callback is attached to. .It Fa oper -The operation being performed. +The operation being performed, which is one of +.Dv BIO_CB_CTRL , +.Dv BIO_CB_FREE , +.Dv BIO_CB_GETS , +.Dv BIO_CB_PUTS , +.Dv BIO_CB_READ , +or +.Dv BIO_CB_WRITE . For some operations, the callback is called twice, once before and once after the actual operation. The latter case has diff --git a/lib/libcrypto/man/BIO_should_retry.3 b/lib/libcrypto/man/BIO_should_retry.3 index 4d7a214db..9b9374351 100644 --- a/lib/libcrypto/man/BIO_should_retry.3 +++ b/lib/libcrypto/man/BIO_should_retry.3 @@ -1,8 +1,25 @@ -.\" $OpenBSD: BIO_should_retry.3,v 1.10 2022/11/27 19:11:11 schwarze Exp $ +.\" $OpenBSD: BIO_should_retry.3,v 1.11 2023/04/30 14:03:47 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" selective merge up to: OpenSSL 57fd5170 May 13 11:24:11 2018 +0200 .\" -.\" This file was written by Dr. Stephen Henson . +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2023 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . .\" Copyright (c) 2000, 2010, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -49,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 27 2022 $ +.Dd $Mdocdate: April 30 2023 $ .Dt BIO_SHOULD_RETRY 3 .Os .Sh NAME @@ -140,18 +157,50 @@ Current BIO types only set one of the flags at a time. .Pp .Fn BIO_get_retry_BIO determines the precise reason for the special condition. -It returns the BIO that caused this condition and if +It walks the BIO chain starting at +.Fa bio +and returns the BIO that caused this condition. +If there is no special condition, +.Fa bio +itself is returned. +If .Fa reason -is not +is not a .Dv NULL -it contains the reason code. -The meaning of the reason code and the action that should be taken -depends on the type of BIO that resulted in this condition. +pointer, +.Pf * Fa reason +is set to one of the following reason codes: +.Bl -tag -width 1n -offset 3n +.It 0 +There is no special condition. +.It Dv BIO_RR_ACCEPT +.Xr accept 2 +would have blocked. +This can occur for BIOs created from +.Xr BIO_s_accept 3 +or +.Xr BIO_f_ssl 3 . +.It Dv BIO_RR_CONNECT +.Xr connect 2 +would have blocked. +This can occur for BIOs created from +.Xr BIO_s_connect 3 +or +.Xr BIO_f_ssl 3 . +.It Dv BIO_RR_SSL_X509_LOOKUP +An application callback set by +.Xr SSL_CTX_set_client_cert_cb 3 +has asked to be called again. +This can occur for BIOs created from +.Xr BIO_f_ssl 3 . +.El .Pp .Fn BIO_get_retry_reason -returns the reason for a special condition -if passed the relevant BIO, for example as returned by -.Fn BIO_get_retry_BIO . +returns one of the above reason codes for a special condition that occurred in +.Fa bio . +It does not walk the chain and returns 0 if no special condition occurred in +.Fa bio +itself. .Pp .Fn BIO_set_retry_reason sets the retry reason for a special condition for the given diff --git a/lib/libcrypto/man/BN_generate_prime.3 b/lib/libcrypto/man/BN_generate_prime.3 index df28d3775..268bc02a0 100644 --- a/lib/libcrypto/man/BN_generate_prime.3 +++ b/lib/libcrypto/man/BN_generate_prime.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_generate_prime.3,v 1.20 2022/11/24 19:06:38 schwarze Exp $ +.\" $OpenBSD: BN_generate_prime.3,v 1.22 2023/04/30 20:17:59 tb Exp $ .\" full merge up to: OpenSSL f987a4dd Jun 27 10:12:08 2019 +0200 .\" .\" This file is a derived work. @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 24 2022 $ +.Dd $Mdocdate: April 30 2023 $ .Dt BN_GENERATE_PRIME 3 .Os .Sh NAME @@ -79,10 +79,7 @@ .Nm BN_GENCB_free , .Nm BN_GENCB_set , .Nm BN_GENCB_get_arg , -.Nm BN_GENCB_set_old , -.Nm BN_generate_prime , -.Nm BN_is_prime , -.Nm BN_is_prime_fasttest +.Nm BN_GENCB_set_old .\" Nm BN_prime_checks_for_size is intentionally undocumented .\" because it is no longer used by LibreSSL. .Nd generate primes and test for primality @@ -143,33 +140,6 @@ Deprecated: .Fa "void (*cb_fp)(int, int, void *)" .Fa "void *cb_arg" .Fc -.Ft BIGNUM * -.Fo BN_generate_prime -.Fa "BIGNUM *ret" -.Fa "int num" -.Fa "int safe" -.Fa "BIGNUM *modulus" -.Fa "BIGNUM *remainder" -.Fa "void (*cb_fp)(int, int, void *)" -.Fa "void *cb_arg" -.Fc -.Ft int -.Fo BN_is_prime -.Fa "const BIGNUM *a" -.Fa "int checks" -.Fa "void (*cb_fp)(int, int, void *)" -.Fa "BN_CTX *ctx" -.Fa "void *cb_arg" -.Fc -.Ft int -.Fo BN_is_prime_fasttest -.Fa "const BIGNUM *a" -.Fa "int checks" -.Fa "void (*cb_fp)(int, int, void *)" -.Fa "BN_CTX *ctx" -.Fa "void *cb_arg" -.Fa "int do_trial_division" -.Fc .Sh DESCRIPTION .Fn BN_is_prime_ex and @@ -325,36 +295,10 @@ to use the old-style callback function pointer .Fa cb_fp and the additional callback argument .Fa cb_arg . -.Pp -.Fn BN_generate_prime -is a deprecated wrapper around -.Fn BN_GENCB_set_old -and -.Fn BN_generate_prime_ex . -In contrast to -.Fn BN_generate_prime_ex , -if -.Dv NULL -is passed for the -.Fa ret -argument, a new -.Vt BIGNUM -object is allocated and returned. -.Pp -Similarly, -.Fn BN_is_prime -and -.Fn BN_is_prime_fasttest -are deprecated wrappers around -.Fn BN_GENCB_set_old -and -.Fn BN_is_prime_ex . .Sh RETURN VALUES -.Fn BN_is_prime_ex , -.Fn BN_is_prime_fasttest_ex , -.Fn BN_is_prime , +.Fn BN_is_prime_ex and -.Fn BN_is_prime_fasttest +.Fn BN_is_prime_fasttest_ex return 0 if the number is composite, 1 if it is prime with a very small error probability, or \-1 on error. .Pp @@ -390,11 +334,6 @@ using or .Fn BN_GENCB_set_old . .Pp -.Fn BN_generate_prime -returns the prime number on success or -.Dv NULL -on failure. -.Pp In some cases, error codes can be obtained by .Xr ERR_get_error 3 . .Sh SEE ALSO @@ -403,26 +342,6 @@ In some cases, error codes can be obtained by .Xr DSA_generate_parameters 3 , .Xr RSA_generate_key 3 .Sh HISTORY -.Fn BN_generate_prime -and -.Fn BN_is_prime -first appeared in SSLeay 0.5.1 and had their -.Fa cb_arg -argument added in SSLeay 0.9.0. -These two functions have been available since -.Ox 2.4 . -.Pp -The -.Fa ret -argument to -.Fn BN_generate_prime -was added in SSLeay 0.9.1 and -.Ox 2.6 . -.Pp -.Fn BN_is_prime_fasttest -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp .Fn BN_generate_prime_ex , .Fn BN_is_prime_ex , .Fn BN_is_prime_fasttest_ex , diff --git a/lib/libcrypto/man/BN_zero.3 b/lib/libcrypto/man/BN_zero.3 index 876e1c3fd..0b677b246 100644 --- a/lib/libcrypto/man/BN_zero.3 +++ b/lib/libcrypto/man/BN_zero.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_zero.3,v 1.12 2022/11/22 19:02:07 schwarze Exp $ +.\" $OpenBSD: BN_zero.3,v 1.13 2023/04/30 19:23:54 tb Exp $ .\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 .\" selective merge up to: OpenSSL b713c4ff Jan 22 14:41:09 2018 -0500 .\" @@ -67,11 +67,10 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 22 2022 $ +.Dd $Mdocdate: April 30 2023 $ .Dt BN_ZERO 3 .Os .Sh NAME -.Nm BN_zero_ex , .Nm BN_zero , .Nm BN_one , .Nm BN_value_one , @@ -80,10 +79,6 @@ .Nd BIGNUM assignment operations .Sh SYNOPSIS .In openssl/bn.h -.Ft void -.Fo BN_zero_ex -.Fa "BIGNUM *a" -.Fc .Ft int .Fo BN_zero .Fa "BIGNUM *a" @@ -117,7 +112,7 @@ platforms and .Vt unsigned int Pq = Vt uint32_t elsewhere. .Pp -.Fn BN_zero_ex , +.Fn BN_zero , .Fn BN_one , and .Fn BN_set_word @@ -126,16 +121,6 @@ set to the values 0, 1 and .Fa w respectively. -.Fn BN_zero -is a deprecated version of -.Fn BN_zero_ex -that may attempt to allocate memory; consequently, and in contrast to -.Fn BN_zero_ex , -it may fail. -.Fn BN_zero -and -.Fn BN_one -are macros. .Pp .Fn BN_value_one returns a @@ -174,10 +159,6 @@ first appeared in SSLeay 0.5.1. first appeared in SSLeay 0.6.0. These functions have been available since .Ox 2.4 . -.Pp -.Fn BN_zero_ex -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . .Sh BUGS Someone might change the constant. .Pp diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index 3616c157d..42b4c2fbe 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.248 2023/04/27 09:43:55 tb Exp $ +# $OpenBSD: Makefile,v 1.250 2023/04/30 19:40:23 tb Exp $ .include @@ -265,7 +265,6 @@ MAN= \ PKCS8_pkey_set0.3 \ PKEY_USAGE_PERIOD_new.3 \ POLICYINFO_new.3 \ - PROXY_POLICY_new.3 \ RAND_add.3 \ RAND_bytes.3 \ RAND_load_file.3 \ @@ -377,9 +376,6 @@ MAN= \ X509_load_cert_file.3 \ X509_new.3 \ X509_ocspid_print.3 \ - X509_policy_check.3 \ - X509_policy_tree_get0_policies.3 \ - X509_policy_tree_level_count.3 \ X509_print_ex.3 \ X509_sign.3 \ X509_signature_dump.3 \ @@ -410,7 +406,6 @@ MAN= \ d2i_PKCS8_PRIV_KEY_INFO.3 \ d2i_PKEY_USAGE_PERIOD.3 \ d2i_POLICYINFO.3 \ - d2i_PROXY_POLICY.3 \ d2i_PrivateKey.3 \ d2i_RSAPublicKey.3 \ d2i_TS_REQ.3 \ diff --git a/lib/libcrypto/man/PROXY_POLICY_new.3 b/lib/libcrypto/man/PROXY_POLICY_new.3 deleted file mode 100644 index c23a62017..000000000 --- a/lib/libcrypto/man/PROXY_POLICY_new.3 +++ /dev/null @@ -1,97 +0,0 @@ -.\" $OpenBSD: PROXY_POLICY_new.3,v 1.6 2021/10/27 11:24:47 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: October 27 2021 $ -.Dt PROXY_POLICY_NEW 3 -.Os -.Sh NAME -.Nm PROXY_POLICY_new , -.Nm PROXY_POLICY_free , -.Nm PROXY_CERT_INFO_EXTENSION_new , -.Nm PROXY_CERT_INFO_EXTENSION_free -.Nd X.509 proxy certificate extension -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft PROXY_POLICY * -.Fn PROXY_POLICY_new void -.Ft void -.Fn PROXY_POLICY_free "PROXY_POLICY *pp" -.Ft PROXY_CERT_INFO_EXTENSION * -.Fn PROXY_CERT_INFO_EXTENSION_new void -.Ft void -.Fn PROXY_CERT_INFO_EXTENSION_free "PROXY_CERT_INFO_EXTENSION *pcie" -.Sh DESCRIPTION -If a given non-CA certificate grants any privileges, using that -certificate to issue a proxy certificate and handing that proxy -certificate over to another person, organization, or service allows -the bearer of the proxy certificate to exercise some or all of the -privileges on behalf of the subject of the original certificate. -.Pp -.Fn PROXY_POLICY_new -allocates and initializes an empty -.Vt PROXY_POLICY -object, representing an ASN.1 -.Vt ProxyPolicy -structure defined in RFC 3820 section 3.8. -It defines which privileges are to be delegated. -.Fn PROXY_POLICY_free -frees -.Fa pp . -.Pp -.Fn PROXY_CERT_INFO_EXTENSION_new -allocates and initializes an empty -.Vt PROXY_CERT_INFO_EXTENSION -object, representing an ASN.1 -.Vt ProxyCertInfo -structure defined in RFC 3820 section 3.8. -It can contain a -.Vt PROXY_POLICY -object, and it can additionally restrict the maximum depth of the -path of proxy certificates that can be signed by this proxy -certificate. -.Fn PROXY_CERT_INFO_EXTENSION_free -frees -.Fa pcie . -.Pp -If a non-CA certificate contains a -.Vt PROXY_CERT_INFO_EXTENSION , -it is a proxy certificate; otherwise, it is an end entity certificate. -.Sh RETURN VALUES -.Fn PROXY_POLICY_new -and -.Fn PROXY_CERT_INFO_EXTENSION_new -return the new -.Vt PROXY_POLICY -or -.Vt PROXY_CERT_INFO_EXTENSION -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr d2i_PROXY_POLICY 3 , -.Xr EXTENDED_KEY_USAGE_new 3 , -.Xr POLICYINFO_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_get_extension_flags 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy -Certificate Profile -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7g -and have been available since -.Ox 3.8 . diff --git a/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/lib/libcrypto/man/X509_EXTENSION_set_object.3 index 3ade50e4d..dcfe075eb 100644 --- a/lib/libcrypto/man/X509_EXTENSION_set_object.3 +++ b/lib/libcrypto/man/X509_EXTENSION_set_object.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.16 2023/04/25 18:48:32 tb Exp $ +.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.17 2023/04/30 19:40:23 tb Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 25 2023 $ +.Dd $Mdocdate: April 30 2023 $ .Dt X509_EXTENSION_SET_OBJECT 3 .Os .Sh NAME @@ -291,7 +291,6 @@ pointer. .Xr OCSP_SERVICELOC_new 3 , .Xr PKEY_USAGE_PERIOD_new 3 , .Xr POLICYINFO_new 3 , -.Xr PROXY_POLICY_new 3 , .Xr TS_REQ_new 3 , .Xr X509_check_ca 3 , .Xr X509_check_host 3 , diff --git a/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index 30e402473..b3d0ee306 100644 --- a/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.26 2023/04/21 06:45:56 tb Exp $ +.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.27 2023/04/30 14:49:47 tb Exp $ .\" full merge up to: .\" OpenSSL man3/X509_STORE_CTX_get_error 24a535ea Sep 22 13:14:20 2020 +0100 .\" OpenSSL man3/X509_STORE_CTX_new 24a535ea Sep 22 13:14:20 2020 +0100 @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 21 2023 $ +.Dd $Mdocdate: April 30 2023 $ .Dt X509_STORE_CTX_GET_ERROR 3 .Os .Sh NAME @@ -86,8 +86,6 @@ .Nm X509_STORE_CTX_get_chain , .Nm X509_STORE_CTX_get1_chain , .Nm X509_STORE_CTX_set0_verified_chain , -.Nm X509_STORE_CTX_get0_policy_tree , -.Nm X509_STORE_CTX_get_explicit_policy , .Nm X509_verify_cert_error_string .Nd get or set certificate verification status information .Sh SYNOPSIS @@ -152,14 +150,6 @@ .Fa "X509_STORE_CTX *ctx" .Fa "STACK_OF(X509) *chain" .Fc -.Ft X509_POLICY_TREE * -.Fo X509_STORE_CTX_get0_policy_tree -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft int -.Fo X509_STORE_CTX_get_explicit_policy -.Fa "X509_STORE_CTX *ctx" -.Fc .In openssl/x509.h .Ft const char * .Fo X509_verify_cert_error_string @@ -337,24 +327,6 @@ return a pointer to a stack of certificates or .Dv NULL if an error occurs. .Pp -.Fn X509_STORE_CTX_get0_policy_tree -returns an internal pointer to the -.Fa valid_policy_tree -created by -.Xr X509_policy_check 3 -or -.Dv NULL -if validation failed or the resulting tree was empty. -.Pp -.Fn X509_STORE_CTX_get_explicit_policy -returns the -.Pf * Fa pexplicit_policy -output argument of -.Xr X509_policy_check 3 . -If validation succeeded, it is 1 if -.Dv X509_V_FLAG_EXPLICIT_POLICY -was requested or 0 otherwise. -.Pp .Fn X509_verify_cert_error_string returns a human readable error string for verification error .Fa n . @@ -576,8 +548,6 @@ This will never be returned unless explicitly set by an application. .\" No CA signature digest algorithm too weak .El .Sh SEE ALSO -.Xr X509_policy_check 3 , -.Xr X509_policy_tree_level_count 3 , .Xr X509_STORE_CTX_new 3 , .Xr X509_STORE_CTX_set_verify 3 , .Xr X509_STORE_CTX_set_verify_cb 3 , @@ -599,12 +569,6 @@ first appeared in SSLeay 0.8.0 and have been available since first appeared in OpenSSL 0.9.5 and has been available since .Ox 2.7 . .Pp -.Fn X509_STORE_CTX_get0_policy_tree -and -.Fn X509_STORE_CTX_get_explicit_policy -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp .Fn X509_STORE_CTX_get0_current_issuer , .Fn X509_STORE_CTX_get0_current_crl , and diff --git a/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index 08961eb4d..a0ae839f9 100644 --- a/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.27 2022/12/01 05:33:55 tb Exp $ +.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.29 2023/04/30 19:40:23 tb Exp $ .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 1 2022 $ +.Dd $Mdocdate: April 30 2023 $ .Dt X509_VERIFY_PARAM_SET_FLAGS 3 .Os .Sh NAME @@ -540,7 +540,9 @@ flag disables workarounds for some broken certificates and makes the verification strictly apply X509 rules. .Pp .Dv X509_V_FLAG_ALLOW_PROXY_CERTS -enables proxy certificate verification. +deprecated flag that used to +enable proxy certificate verification. +In LibreSSL, this flag has no effect. .Pp .Dv X509_V_FLAG_POLICY_CHECK enables certificate policy checking; by default no policy checking is @@ -566,8 +568,6 @@ If .Dv X509_V_FLAG_NOTIFY_POLICY is set and policy checking is successful, a special status code is sent to the verification callback. -This permits it to examine the valid policy tree and perform additional -checks or simply log it for debugging purposes. .Pp By default some additional features such as indirect CRLs and CRLs signed by different keys are disabled. diff --git a/lib/libcrypto/man/X509_check_purpose.3 b/lib/libcrypto/man/X509_check_purpose.3 index 611697fa3..635608113 100644 --- a/lib/libcrypto/man/X509_check_purpose.3 +++ b/lib/libcrypto/man/X509_check_purpose.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_check_purpose.3,v 1.9 2022/12/17 12:48:53 tb Exp $ +.\" $OpenBSD: X509_check_purpose.3,v 1.10 2023/04/30 14:49:47 tb Exp $ .\" .\" Copyright (c) 2019, 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 17 2022 $ +.Dd $Mdocdate: April 30 2023 $ .Dt X509_CHECK_PURPOSE 3 .Os .Sh NAME @@ -412,7 +412,6 @@ can be used as a CA for the .Xr EXTENDED_KEY_USAGE_new 3 , .Xr X509_check_trust 3 , .Xr X509_new 3 , -.Xr X509_policy_check 3 , .Xr X509_PURPOSE_set 3 , .Xr X509V3_get_d2i 3 , .Xr x509v3.cnf 5 diff --git a/lib/libcrypto/man/X509_check_trust.3 b/lib/libcrypto/man/X509_check_trust.3 index be4489e94..0f02a1b1e 100644 --- a/lib/libcrypto/man/X509_check_trust.3 +++ b/lib/libcrypto/man/X509_check_trust.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_check_trust.3,v 1.7 2022/12/26 07:18:52 jmc Exp $ +.\" $OpenBSD: X509_check_trust.3,v 1.8 2023/04/30 14:49:47 tb Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 26 2022 $ +.Dd $Mdocdate: April 30 2023 $ .Dt X509_CHECK_TRUST 3 .Os .Sh NAME @@ -238,7 +238,6 @@ was never called before. .Xr X509_CERT_AUX_new 3 , .Xr X509_check_purpose 3 , .Xr X509_new 3 , -.Xr X509_policy_check 3 , .Xr X509_TRUST_set 3 , .Xr X509_VERIFY_PARAM_set_trust 3 .Sh HISTORY diff --git a/lib/libcrypto/man/X509_get_extension_flags.3 b/lib/libcrypto/man/X509_get_extension_flags.3 index 1f63c6a91..1d7f29c68 100644 --- a/lib/libcrypto/man/X509_get_extension_flags.3 +++ b/lib/libcrypto/man/X509_get_extension_flags.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_get_extension_flags.3,v 1.3 2021/11/11 13:58:59 schwarze Exp $ +.\" $OpenBSD: X509_get_extension_flags.3,v 1.4 2023/04/30 19:40:23 tb Exp $ .\" full merge up to: OpenSSL 361136f4 Sep 1 18:56:58 2015 +0100 .\" selective merge up to: OpenSSL 2b2e3106f Feb 16 15:04:45 2021 +0000 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 11 2021 $ +.Dd $Mdocdate: April 30 2023 $ .Dt X509_GET_EXTENSION_FLAGS 3 .Os .Sh NAME @@ -87,6 +87,7 @@ The certificate contains a basic constraints extension. The certificate contains basic constraints and asserts the CA flag. .It Dv EXFLAG_PROXY The certificate is a valid proxy certificate. +In LibreSSL this flag is never set. .It Dv EXFLAG_SI The certificate is self issued (that is subject and issuer names match). .It Dv EXFLAG_SS @@ -217,7 +218,6 @@ return sets of flags corresponding to the certificate extension values. .Xr BASIC_CONSTRAINTS_new 3 , .Xr EXTENDED_KEY_USAGE_new 3 , .Xr POLICYINFO_new 3 , -.Xr PROXY_CERT_INFO_EXTENSION_new 3 , .Xr X509_check_ca 3 , .Xr X509_check_purpose 3 , .Xr X509_EXTENSION_new 3 , diff --git a/lib/libcrypto/man/X509_new.3 b/lib/libcrypto/man/X509_new.3 index 4b85f67eb..c38dfc00b 100644 --- a/lib/libcrypto/man/X509_new.3 +++ b/lib/libcrypto/man/X509_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_new.3,v 1.36 2021/11/18 10:09:24 schwarze Exp $ +.\" $OpenBSD: X509_new.3,v 1.37 2023/04/30 14:49:47 tb Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 18 2021 $ +.Dd $Mdocdate: April 30 2023 $ .Dt X509_NEW 3 .Os .Sh NAME @@ -229,8 +229,6 @@ if an error occurs. .Xr X509_NAME_new 3 , .Xr X509_OBJECT_new 3 , .Xr X509_PKEY_new 3 , -.Xr X509_policy_check 3 , -.Xr X509_policy_tree_level_count 3 , .Xr X509_print_ex 3 , .Xr X509_PUBKEY_new 3 , .Xr X509_PURPOSE_set 3 , diff --git a/lib/libcrypto/man/X509_policy_check.3 b/lib/libcrypto/man/X509_policy_check.3 deleted file mode 100644 index 5ea774a3e..000000000 --- a/lib/libcrypto/man/X509_policy_check.3 +++ /dev/null @@ -1,192 +0,0 @@ -.\" $OpenBSD: X509_policy_check.3,v 1.6 2021/11/11 12:06:25 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: November 11 2021 $ -.Dt X509_POLICY_CHECK 3 -.Os -.Sh NAME -.Nm X509_policy_check , -.Nm X509_policy_tree_free -.Nd construct X.509 valid policy tree -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fo X509_policy_check -.Fa "X509_POLICY_TREE **ptree" -.Fa "int *pexplicit_policy" -.Fa "STACK_OF(X509) *certs" -.Fa "STACK_OF(ASN1_OBJECT) *policy_oids" -.Fa "unsigned int flags" -.Fc -.Ft void -.Fn X509_policy_tree_free "X509_POLICY_TREE *tree" -.Sh DESCRIPTION -.Fn X509_policy_check -performs those parts of Basic Certification Path Validation -described in RFC 5280 section 6.1 that are related to the -construction of the valid policy tree. -.Pp -The -.Fa certs -input argument contains the prospective certification path -according to RFC 5280 paragraph 6.1.1(a), starting with the -target certificate and ending with the trust anchor. -.Pp -The -.Fa policy_oids -input argument contains the -.Va user-initial-policy-set -according to RFC 5280 section 6.1.1(c). -It specifies a set of certificate policies acceptable to the certificate user. -.Pp -The -.Fa flags -argument can contain zero or more of the following constants, OR'ed together: -.Bl -tag -width Ds -.It Dv X509_V_FLAG_EXPLICIT_POLICY -Set -.Va initial-explicit-policy -as defined by RFC 5280 paragraph 6.1.1(f). -It requires the path to be valid for at least one of the -.Fa policy_oids . -.It Dv X509_V_FLAG_INHIBIT_ANY -Set -.Va initial-any-policy-inhibit -as defined by RFC 5280 paragraph 6.1.1(g). -It causes the -.Sy anyPolicy -OID to be skipped if it is encountered in a certificate. -.It Dv X509_V_FLAG_INHIBIT_MAP -Set -.Va initial-policy-mapping-inhibit -as defined by RFC 5280 paragraph 6.1.1(e). -It disables policy mapping in the certification path. -.El -.Pp -Upon success and in some cases of failure, the storage location pointed to by -.Fa pexplicit_policy -is set to 1 if -.Dv X509_V_FLAG_EXPLICIT_POLICY -was requested. -Otherwise, it is set to 0. -.Pp -In many cases of success and in a few cases of failure, a pointer to the -.Vt valid_policy_tree -output value mentioned in RFC 5280 section 6.1.6 is returned in -.Pf * Fa ptree . -It contains one level for each of the -.Fa certs , -in reverse order: level 0 corresponds to the trust anchor, -the last level corresponds to the target certificate. -Level 0 is initialized to contain a single node with a -.Fa valid_policy -of -.Sy anyPolicy -and an empty -.Fa qualifier_set . -.Pp -If a policy tree is returned, the reference count of each of the -.Fa certs -is incremented by 1. -In that case, the caller is responsible for calling -.Fn X509_policy_tree_free -to release all memory used by the -.Fa tree -and to decrement the reference counts -of the certificates referenced from it by 1. -If -.Fa tree -is a -.Dv NULL -pointer, -.Fn X509_policy_tree_free -has no effect. -.Sh RETURN VALUES -.Fn X509_policy_check -returns these values: -.Bl -tag -width 2n -.It \-2 -Validation failed because -.Dv X509_V_FLAG_EXPLICIT_POLICY -was requested but the resulting policy tree -or the resulting user policy set would have been empty. -In this case, -.Pf * Fa pexplicit_policy -is set to 1. -If the resulting tree is empty, -.Pf * Fa ptree -is set to -.Dv NULL ; -otherwise, it is set to the resulting tree. -.It \-1 -At least one of the -.Fa certs -contains invalid or inconsistent extensions. -.Pf * Fa ptree -is set to -.Dv NULL -and -.Pf * Fa pexplicit_policy -to 0. -.It 0 -Internal error. -For example, setting up the policy caches failed, or memory allocation -failed while constructing the tree. -.Pf * Fa ptree -is set to -.Dv NULL -and -.Pf * Fa pexplicit_policy -may or may not be set. -.It 1 -Validation succeeded and -.Pf * Fa ptree -and -.Pf * Fa pexplicit_policy -have been set. -In the special cases that the -.Fa certs -argument contains exactly one certificate or that -.Dv X509_V_FLAG_EXPLICIT_POLICY -was not requested and at least one of the certificates contains no -certificate policies or the resulting policy tree would have been empty, -.Pf * Fa ptree -is set to -.Dv NULL -and -.Pf * Fa pexplicit_policy -to 0. -.El -.Sh SEE ALSO -.Xr ASN1_OBJECT_new 3 , -.Xr OBJ_nid2obj 3 , -.Xr STACK_OF 3 , -.Xr X509_check_purpose 3 , -.Xr X509_check_trust 3 , -.Xr X509_new 3 , -.Xr X509_policy_tree_get0_policies 3 , -.Xr X509_policy_tree_level_count 3 , -.Xr X509_verify_cert 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate -and Certificate Revocation List (CRL) Profile, -section 6.1: Basic Path Validation -.Sh HISTORY -.Fn X509_policy_check -and -.Fn X509_policy_tree_free -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/lib/libcrypto/man/X509_policy_tree_get0_policies.3 b/lib/libcrypto/man/X509_policy_tree_get0_policies.3 deleted file mode 100644 index cb0715d6c..000000000 --- a/lib/libcrypto/man/X509_policy_tree_get0_policies.3 +++ /dev/null @@ -1,101 +0,0 @@ -.\" $OpenBSD: X509_policy_tree_get0_policies.3,v 1.1 2021/11/11 12:06:25 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: November 11 2021 $ -.Dt X509_POLICY_TREE_GET0_POLICIES 3 -.Os -.Sh NAME -.Nm X509_policy_tree_get0_policies , -.Nm X509_policy_tree_get0_user_policies -.Nd retrieve arrays of policy tree nodes -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft STACK_OF(X509_POLICY_NODE) * -.Fn X509_policy_tree_get0_policies "const X509_POLICY_TREE *tree" -.Ft STACK_OF(X509_POLICY_NODE) * -.Fn X509_policy_tree_get0_user_policies "const X509_POLICY_TREE *tree" -.Sh DESCRIPTION -The -.Em authority set -and the -.Em user set -are arrays of nodes from a policy -.Fa tree . -.Pp -If the last level of a -.Fa tree , -or equivalently, all levels of it, contain an -.Sy anyPolicy -node, the authority set contains -only this anyPolicy node from the last level. -Unless the array of -.Fa policy_oids -passed to -.Xr X509_policy_check 3 -contained an anyPolicy object, -the user set contains one node for each of the -.Fa policy_oids ; -specifically, the first matching node that is a child of an anyPolicy node. -.Pp -If the last level of the -.Fa tree -does not contain an -.Sy anyPolicy -node, the authority set contains -all non-anyPolicy nodes that are children of anyPolicy nodes. -For each element of the -.Fa policy_oids , -the user set contains the first node from the authority set -matching it, if any. -.Pp -These functions are intended to be called after -.Xr X509_policy_check 3 -was called either directly or indirectly through -.Xr X509_verify_cert 3 . -.Sh RETURN VALUES -.Fn X509_policy_tree_get0_policies -returns an internal pointer to the authority set -or -.Dv NULL -if the -.Fa tree -argument is -.Dv NULL . -.Pp -.Fn X509_policy_tree_get0_user_policies -returns an internal pointer to the user set or -.Dv NULL -if the -.Fa tree -argument is -.Dv NULL -or if the array of -.Fa policy_oids -passed to -.Xr X509_policy_check 3 -was empty or contained an anyPolicy object. -.Sh SEE ALSO -.Xr STACK_OF 3 , -.Xr X509_policy_check 3 , -.Xr X509_policy_level_get0_node 3 , -.Xr X509_STORE_CTX_get0_policy_tree 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate -and Certificate Revocation List (CRL) Profile, -section 6.1: Basic Path Validation -.Sh HISTORY -These function first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/lib/libcrypto/man/X509_policy_tree_level_count.3 b/lib/libcrypto/man/X509_policy_tree_level_count.3 deleted file mode 100644 index ff2036c40..000000000 --- a/lib/libcrypto/man/X509_policy_tree_level_count.3 +++ /dev/null @@ -1,178 +0,0 @@ -.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.5 2022/09/10 08:50:53 jsg Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: September 10 2022 $ -.Dt X509_POLICY_TREE_LEVEL_COUNT 3 -.Os -.Sh NAME -.Nm X509_policy_tree_level_count , -.Nm X509_policy_tree_get0_level , -.Nm X509_policy_level_node_count , -.Nm X509_policy_level_get0_node , -.Nm X509_policy_node_get0_policy , -.Nm X509_policy_node_get0_qualifiers , -.Nm X509_policy_node_get0_parent -.Nd inspect X.509 policy tree objects -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fn X509_policy_tree_level_count "const X509_POLICY_TREE *tree" -.Ft X509_POLICY_LEVEL * -.Fn X509_policy_tree_get0_level "const X509_POLICY_TREE *tree" "int index" -.Ft int -.Fn X509_policy_level_node_count "X509_POLICY_LEVEL *level" -.Ft X509_POLICY_NODE * -.Fn X509_policy_level_get0_node "X509_POLICY_LEVEL *level" "int index" -.Ft const ASN1_OBJECT * -.Fn X509_policy_node_get0_policy "const X509_POLICY_NODE *node" -.Ft STACK_OF(POLICYQUALINFO) * -.Fn X509_policy_node_get0_qualifiers "const X509_POLICY_NODE *node" -.Ft const X509_POLICY_NODE * -.Fn X509_policy_node_get0_parent "const X509_POLICY_NODE *node" -.Sh DESCRIPTION -The -.Vt X509_POLICY_TREE -object represents a -.Vt valid_policy_tree -as described in RFC 5280 section 6.1. -.Pp -The -.Vt X509_POLICY_LEVEL -object represents one level of such a tree, -corresponding to one certificate. -.Pp -The -.Vt X509_POLICY_NODE -object represents one node in the tree. -.Sh RETURN VALUES -.Fn X509_policy_tree_level_count -returns the number of levels in the -.Fa tree -or 0 if the -.Fa tree -argument is -.Dv NULL . -If it is not 0, it equals the number of certificates in the -certification path the tree was created from, including both -the target certificate and the trust anchor. -.Pp -.Fn X509_policy_tree_get0_level -returns an internal pointer to the level of the -.Fa tree -with the given -.Fa index -or -.Dv NULL -if the -.Fa tree -argument is -.Dv NULL -or the -.Fa index -is less than 0 or greater than or equal to the number of levels in the -.Fa tree . -An -.Fa index -of 0 corresponds to the trust anchor -and the last level corresponds to the target certificate. -.Pp -.Fn X509_policy_level_node_count -returns the number of nodes on the -.Fa level , -including an -.Sy anyPolicy -node if it is present, or 0 if the -.Fa level -argument is -.Dv NULL . -.Pp -.Fn X509_policy_level_get0_node -returns an internal pointer to the node on the -.Fa level -with the given -.Fa index -or -.Dv NULL -if the -.Fa level -argument is -.Dv NULL -or the -.Fa index -is less than 0 or greater than or equal to the number of nodes on the level. -If an -.Sy anyPolicy -node is present on the level, it can be retrieved by passing an -.Fa index -of 0. -.Pp -.Fn X509_policy_node_get0_policy -returns an internal pointer to the -.Fa valid_policy -child object of the node or -.Dv NULL -if the -.Fa node -argument is -.Dv NULL . -It represents a single policy that is valid for the path -from the trust anchor to the certificate corresponding -to the level containing the -.Fa node . -.Pp -.Fn X509_policy_node_get0_qualifiers -returns an internal pointer to the -.Fa qualifier_set -child object of the node or -.Dv NULL -if the -.Fa node -argument is -.Dv NULL . -It contains the policy qualifiers associated with the -.Fa valid_policy -of the -.Fa node -in the certificate corresponding to the level containing the -.Fa node . -.Pp -.Fn X509_policy_node_get0_parent -returns -.Dv NULL -if the -.Fa node -argument is -.Dv NULL -or located on level 0. -Otherwise, it returns an internal pointer to the parent node of the -.Fa node -argument. -The parent node is always located on the previous level. -.Sh SEE ALSO -.Xr ASN1_OBJECT_new 3 , -.Xr OBJ_obj2txt 3 , -.Xr POLICYQUALINFO_new 3 , -.Xr STACK_OF 3 , -.Xr X509_new 3 , -.Xr X509_policy_check 3 , -.Xr X509_policy_tree_get0_policies 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate -and Certificate Revocation List (CRL) Profile, -section 6.1: Basic Path Validation -.Sh HISTORY -These function first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/lib/libcrypto/man/d2i_PROXY_POLICY.3 b/lib/libcrypto/man/d2i_PROXY_POLICY.3 deleted file mode 100644 index 794c6edce..000000000 --- a/lib/libcrypto/man/d2i_PROXY_POLICY.3 +++ /dev/null @@ -1,97 +0,0 @@ -.\" $OpenBSD: d2i_PROXY_POLICY.3,v 1.2 2018/03/22 22:07:12 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt D2I_PROXY_POLICY 3 -.Os -.Sh NAME -.Nm d2i_PROXY_POLICY , -.Nm i2d_PROXY_POLICY , -.Nm d2i_PROXY_CERT_INFO_EXTENSION , -.Nm i2d_PROXY_CERT_INFO_EXTENSION -.Nd decode and encode X.509 proxy certificate extensions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft PROXY_POLICY * -.Fo d2i_PROXY_POLICY -.Fa "PROXY_POLICY **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PROXY_POLICY -.Fa "PROXY_POLICY *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PROXY_CERT_INFO_EXTENSION * -.Fo d2i_PROXY_CERT_INFO_EXTENSION -.Fa "PROXY_CERT_INFO_EXTENSION **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PROXY_CERT_INFO_EXTENSION -.Fa "PROXY_CERT_INFO_EXTENSION *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions encode and decode X.509 extensions that decide -whether a certificate is a proxy certificate, and which policies -apply to it. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_PROXY_POLICY -and -.Fn i2d_PROXY_POLICY -decode and encode an ASN.1 -.Vt ProxyPolicy -structure defined in RFC 3820 section 3.8. -.Pp -.Fn d2i_PROXY_CERT_INFO_EXTENSION -and -.Fn i2d_PROXY_CERT_INFO_EXTENSION -decode and encode an ASN.1 -.Vt ProxyCertInfo -structure defined in RFC 3820 section 3.8. -.Sh RETURN VALUES -.Fn d2i_PROXY_POLICY -and -.Fn d2i_PROXY_CERT_INFO_EXTENSION -return a -.Vt PROXY_POLICY -or -.Vt PROXY_CERT_INFO_EXTENSION -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_PROXY_POLICY -and -.Fn i2d_PROXY_CERT_INFO_EXTENSION -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr PROXY_POLICY_new 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy -Certificate Profile -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7g -and have been available since -.Ox 3.8 . diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index f1aa10c56..bb94d55da 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.118 2023/04/28 16:50:16 beck Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.120 2023/04/30 14:59:52 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -156,14 +156,6 @@ null_callback(int ok, X509_STORE_CTX *e) return ok; } -#if 0 -static int -x509_subject_cmp(X509 **a, X509 **b) -{ - return X509_subject_name_cmp(*a, *b); -} -#endif - /* Return 1 if a certificate is self signed */ static int cert_self_signed(X509 *x) @@ -1743,7 +1735,6 @@ cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) return 1; } - int x509_vfy_check_policy(X509_STORE_CTX *ctx) { diff --git a/lib/libm/Makefile b/lib/libm/Makefile index 689f38168..052663e3c 100644 --- a/lib/libm/Makefile +++ b/lib/libm/Makefile @@ -1,14 +1,14 @@ # $OpenBSD: Makefile,v 1.123 2022/01/21 03:12:55 gnezdo Exp $ # $NetBSD: Makefile,v 1.28 1995/11/20 22:06:19 jtc Exp $ # -# @(#)Makefile 5.1beta 93/09/24 -# +# @(#)Makefile 5.1beta 93/09/24 +# # ==================================================== # Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved. -# +# # Developed at SunPro, a Sun Microsystems, Inc. business. # Permission to use, copy, modify, and distribute this -# software is freely granted, provided that this notice +# software is freely granted, provided that this notice # is preserved. # ==================================================== @@ -130,7 +130,7 @@ PURE_SRCS = s_cabs.c s_cacos.c s_cacosh.c s_carg.c s_casin.c \ s_cimag.c s_cimagf.c s_clog.c s_conj.c s_conjf.c s_cpow.c \ s_creal.c s_crealf.c s_csin.c s_csinh.c s_csqrt.c s_ctan.c \ s_ctanh.c s_fdim.c s_fmax.c s_fmaxf.c s_fmin.c s_fminf.c \ - s_cproj.c s_cprojf.c s_round.c s_roundf.c s_scalbln.c s_signgam.c + s_cproj.c s_cprojf.c s_round.c s_roundf.c s_scalbln.c s_signgam.c SRCS= ${COMMON_SRCS} ${PURE_SRCS} .if (${MACHINE_ARCH} == "amd64") || (${MACHINE_ARCH} == "i386") @@ -150,7 +150,7 @@ CPPFLAGS+=-I${.CURDIR}/hidden -include namespace.h \ VERSION_SCRIPT= ${.CURDIR}/Symbols.map -# Substitute common sources with any arch specific sources +# Substitute common sources with any arch specific sources .for i in ${ARCH_SRCS} SRCS:=${SRCS:S/${i:S/.S/.c/}/$i/} .endfor diff --git a/lib/libm/arch/amd64/abi.h b/lib/libm/arch/amd64/abi.h index a94d7961b..8464aa7e6 100644 --- a/lib/libm/arch/amd64/abi.h +++ b/lib/libm/arch/amd64/abi.h @@ -22,7 +22,7 @@ #define XMM_ONE_ARG_DOUBLE_PROLOGUE \ movsd %xmm0, ARG_DOUBLE_ONE - + #define XMM_TWO_ARG_DOUBLE_PROLOGUE \ movsd %xmm0, ARG_DOUBLE_ONE ; \ movsd %xmm1, ARG_DOUBLE_TWO diff --git a/lib/libm/arch/amd64/e_acos.S b/lib/libm/arch/amd64/e_acos.S index 1a6b2cb0f..2b5597a57 100644 --- a/lib/libm/arch/amd64/e_acos.S +++ b/lib/libm/arch/amd64/e_acos.S @@ -15,7 +15,7 @@ ENTRY(acos) fldl ARG_DOUBLE_ONE /* x */ fld %st(0) fmul %st(0) /* x^2 */ - fld1 + fld1 fsubp /* 1 - x^2 */ fsqrt /* sqrt (1 - x^2) */ fxch %st(1) diff --git a/lib/libm/arch/amd64/e_exp.S b/lib/libm/arch/amd64/e_exp.S index f67850cf0..236fbad2d 100644 --- a/lib/libm/arch/amd64/e_exp.S +++ b/lib/libm/arch/amd64/e_exp.S @@ -74,7 +74,7 @@ ENTRY(exp) frndint /* int(x * log2(e)) */ fst %st(2) fsubrp /* fract(x * log2(e)) */ - f2xm1 /* 2^(fract(x * log2(e))) - 1 */ + f2xm1 /* 2^(fract(x * log2(e))) - 1 */ fld1 faddp /* 2^(fract(x * log2(e))) */ fscale /* e^x */ diff --git a/lib/libm/arch/amd64/s_cos.S b/lib/libm/arch/amd64/s_cos.S index de43b3b07..47133af8a 100644 --- a/lib/libm/arch/amd64/s_cos.S +++ b/lib/libm/arch/amd64/s_cos.S @@ -18,7 +18,7 @@ ENTRY(cos) jnz 1f XMM_DOUBLE_EPILOGUE RETGUARD_CHECK(cos, r11) - ret + ret 1: fldpi fadd %st(0) fxch %st(1) diff --git a/lib/libm/arch/amd64/s_cosf.S b/lib/libm/arch/amd64/s_cosf.S index 3e7539d82..3f9440d58 100644 --- a/lib/libm/arch/amd64/s_cosf.S +++ b/lib/libm/arch/amd64/s_cosf.S @@ -16,5 +16,5 @@ ENTRY(cosf) fcos XMM_FLOAT_EPILOGUE RETGUARD_CHECK(cosf, r11) - ret + ret END_STD(cosf) diff --git a/lib/libm/arch/amd64/s_floorf.S b/lib/libm/arch/amd64/s_floorf.S index dd17b6f18..647be677f 100644 --- a/lib/libm/arch/amd64/s_floorf.S +++ b/lib/libm/arch/amd64/s_floorf.S @@ -13,7 +13,7 @@ ENTRY(floorf) fstcw -8(%rsp) movw -8(%rsp),%dx orw $0x0400,%dx - andw $0xf7ff,%dx + andw $0xf7ff,%dx movw %dx,-12(%rsp) fldcw -12(%rsp) flds -4(%rsp) diff --git a/lib/libm/arch/amd64/s_log1p.S b/lib/libm/arch/amd64/s_log1p.S index f33874632..9ff3c1ffe 100644 --- a/lib/libm/arch/amd64/s_log1p.S +++ b/lib/libm/arch/amd64/s_log1p.S @@ -36,7 +36,7 @@ * which can be done with just one conditional branch. If x is * inside this range, we use fyl2xp1. Outside of this range, * the use of fyl2x is accurate enough. - * + * */ ENTRY(log1p) diff --git a/lib/libm/arch/amd64/s_log1pf.S b/lib/libm/arch/amd64/s_log1pf.S index b8fa85705..e77fb9a62 100644 --- a/lib/libm/arch/amd64/s_log1pf.S +++ b/lib/libm/arch/amd64/s_log1pf.S @@ -36,7 +36,7 @@ * which can be done with just one conditional branch. If x is * inside this range, we use fyl2xp1. Outside of this range, * the use of fyl2x is accurate enough. - * + * */ ENTRY(log1pf) diff --git a/lib/libz/generate_pkgconfig.sh b/lib/libz/generate_pkgconfig.sh index 5d75d1cb9..a370375a5 100644 --- a/lib/libz/generate_pkgconfig.sh +++ b/lib/libz/generate_pkgconfig.sh @@ -64,7 +64,7 @@ includedir=\${prefix}/include Name: zlib Description: zlib compression library Version: ${lib_version} -Requires: +Requires: Libs: -L\${libdir} -lz Cflags: -I\${includedir} __EOF__ diff --git a/libexec/ld.so/aarch64/ldasm.S b/libexec/ld.so/aarch64/ldasm.S index 578313ae6..451888522 100644 --- a/libexec/ld.so/aarch64/ldasm.S +++ b/libexec/ld.so/aarch64/ldasm.S @@ -106,7 +106,7 @@ ENTRY(_dl_bind_start) ldp x2, x3, [sp], #16 ldp x0, x1, [sp], #16 - // restore LR saved by PLT stub + // restore LR saved by PLT stub ldp xzr, x30, [sp], #16 br x17 END(_dl_bind_start) diff --git a/libexec/ld.so/dlfcn.c b/libexec/ld.so/dlfcn.c index a5b410b14..7987f91d7 100644 --- a/libexec/ld.so/dlfcn.c +++ b/libexec/ld.so/dlfcn.c @@ -101,7 +101,7 @@ dlopen(const char *libname, int flags) object->obj_flags |= DF_1_NODELETE; object->nodelete = 1; } - + _dl_link_dlopen(object); if (OBJECT_REF_CNT(object) > 1) { diff --git a/libexec/ld.so/loader.c b/libexec/ld.so/loader.c index 99d9f6cdb..01742b94e 100644 --- a/libexec/ld.so/loader.c +++ b/libexec/ld.so/loader.c @@ -781,7 +781,7 @@ _dl_rtld(elf_object_t *object) } } - /* + /* * TEXTREL binaries are loaded without immutable on un-writeable sections. * After text relocations are finished, these regions can become * immutable. OPENBSD_MUTABLE section always overlaps writeable LOADs, diff --git a/libexec/ld.so/powerpc64/ldasm.S b/libexec/ld.so/powerpc64/ldasm.S index f88031bc9..abcea1644 100644 --- a/libexec/ld.so/powerpc64/ldasm.S +++ b/libexec/ld.so/powerpc64/ldasm.S @@ -89,7 +89,7 @@ _dl_start: END(_dl_start) ENTRY(_dl_bind_start) - # r0 contains offset, do not overwrite + # r0 contains offset, do not overwrite # r2 ld.so toc is loaded on entry to this function. mflr %r12 std %r12,16(%r1) # save lr diff --git a/libexec/ld.so/resolve.c b/libexec/ld.so/resolve.c index 70e8dd0de..f3000100f 100644 --- a/libexec/ld.so/resolve.c +++ b/libexec/ld.so/resolve.c @@ -612,7 +612,7 @@ _dl_find_symbol_obj(elf_object_t *obj, struct symlookup *sl) if (((*hashval ^ hash) >> 1) == 0) { const Elf_Sym *sym = symt + (hashval - obj->chains_gnu); - + int r = matched_symbol(obj, sym, sl); if (r) return r > 0; diff --git a/libexec/security/Makefile b/libexec/security/Makefile index f0a393d5e..212f1a403 100644 --- a/libexec/security/Makefile +++ b/libexec/security/Makefile @@ -1,6 +1,6 @@ # $OpenBSD: Makefile,v 1.1 2011/03/23 21:13:27 schwarze Exp $ -realinstall: +realinstall: ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \ ${.CURDIR}/security ${DESTDIR}${BINDIR}/security diff --git a/libexec/security/security b/libexec/security/security index 4eb3fb981..20fe8e958 100644 --- a/libexec/security/security +++ b/libexec/security/security @@ -282,7 +282,7 @@ sub check_ksh { # is particularly important, so make sure we are really there. chdir '/root'; - # A good .kshrc will not have a umask or path, + # A good .kshrc will not have a umask or path, # that being set in .profile; check anyway. foreach my $filename (@list) { next unless -s $filename; diff --git a/regress/lib/libcrypto/man/check_complete.pl b/regress/lib/libcrypto/man/check_complete.pl index 87f49cf57..f4b63a6f2 100755 --- a/regress/lib/libcrypto/man/check_complete.pl +++ b/regress/lib/libcrypto/man/check_complete.pl @@ -27,8 +27,8 @@ my %internal = ( bn => [qw( BN_BITS BN_BITS4 BN_BYTES BN_DEC_CONV BN_DEC_FMT1 BN_DEC_FMT2 BN_DEC_NUM BN_LLONG BN_LONG - BN_MASK2 BN_MASK2h BN_MASK2h1 BN_MASK2l BN_MUL_COMBA - BN_RECURSION BN_SQR_COMBA BN_TBIT BN_ULLONG + BN_MASK2 BN_MASK2h BN_MASK2h1 BN_MASK2l + BN_TBIT BN_ULLONG )], objects => [qw( OBJ_bsearch OBJ_bsearch_ OBJ_bsearch_ex OBJ_bsearch_ex_ @@ -58,9 +58,8 @@ my %obsolete = ( BIO_set_proxy_cb BIO_set_proxy_header BIO_set_url )], bn => [qw( - BN_FLG_EXP_CONSTTIME BN_FLG_FREE BN_get_params BN_HEX_FMT1 BN_HEX_FMT2 BN_MASK - BN_options BN_prime_checks BN_set_params + BN_options BN_prime_checks )], objects => [qw( _DECLARE_OBJ_BSEARCH_CMP_FN diff --git a/regress/lib/libcrypto/x509/Makefile b/regress/lib/libcrypto/x509/Makefile index a8796ebe3..283e3379d 100644 --- a/regress/lib/libcrypto/x509/Makefile +++ b/regress/lib/libcrypto/x509/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.19 2023/04/28 09:11:35 beck Exp $ +# $OpenBSD: Makefile,v 1.21 2023/04/30 05:02:59 tb Exp $ PROGS = constraints verify x509attribute x509name x509req_ext callback PROGS += expirecallback callbackfailures x509_asn1 @@ -13,7 +13,7 @@ CFLAGS += -DLIBRESSL_INTERNAL -Wall -Werror CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/x509 CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/bytestring -SUBDIR += bettertls rfc3779 policy +SUBDIR += bettertls policy rfc3779 CLEANFILES += x509name.result callback.out @@ -24,9 +24,6 @@ CLEANFILES += x509name.result callback.out . endif .endif -run-regress-x509_asn1: x509_asn1 - ./x509_asn1 - run-regress-verify: verify perl ${.CURDIR}/make-dir-roots.pl ${.CURDIR}/../certs . ./verify ${.CURDIR}/../certs diff --git a/regress/lib/libcrypto/x509/policy/Makefile b/regress/lib/libcrypto/x509/policy/Makefile index d760071f9..3df3d51d9 100644 --- a/regress/lib/libcrypto/x509/policy/Makefile +++ b/regress/lib/libcrypto/x509/policy/Makefile @@ -1,22 +1,15 @@ -# $OpenBSD: Makefile,v 1.3 2023/04/28 16:18:17 tb Exp $ +# $OpenBSD: Makefile,v 1.4 2023/04/30 04:55:30 tb Exp $ PROGS = policy -LDADD = -lcrypto +LDADD = ${CRYPTO_INT} DPADD = ${LIBCRYPTO} -LDADD_policy = ${CRYPTO_INT} - WARNINGS = Yes CFLAGS += -DLIBRESSL_INTERNAL -Wall -Werror CFLAGS += -I${.CURDIR}/../../../../../lib/libcrypto/x509 CFLAGS += -I${.CURDIR}/../../../../../lib/libcrypto/bytestring CFLAGS += -DCERTSDIR=\"${.CURDIR}/../../../libcrypto/x509/policy\" -REGRESS_TARGETS = policy-test - -policy-test: policy - ./policy - .include "../../Makefile.inc" .include diff --git a/regress/lib/libcrypto/x509/x509_asn1.c b/regress/lib/libcrypto/x509/x509_asn1.c index 402fd7fca..7629d0425 100644 --- a/regress/lib/libcrypto/x509/x509_asn1.c +++ b/regress/lib/libcrypto/x509/x509_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_asn1.c,v 1.14 2023/04/28 18:32:40 job Exp $ */ +/* $OpenBSD: x509_asn1.c,v 1.15 2023/04/30 21:31:16 tb Exp $ */ /* * Copyright (c) 2023 Job Snijders * @@ -253,7 +253,7 @@ test_x509_setters(void) x509_set_name(X509_set_issuer_name, &x, "NL"); x509_set_name(X509_set_subject_name, &x, "BE"); - // one time creation of the original DER + /* one time creation of the original DER */ if (!X509_sign(x, pkey, EVP_sha256())) errx(1, "X509_sign"); if ((dersz = i2d_X509(x, &der)) <= 0) @@ -339,7 +339,7 @@ test_x509_crl_setters(void) x509_crl_set_time(X509_CRL_set_nextUpdate, &xc, 60); x509_crl_set_name(X509_CRL_set_issuer_name, &xc, "NL"); - // one time creation of the original DER + /* one time creation of the original DER */ if (!X509_CRL_sign(xc, pkey, EVP_sha256())) errx(1, "X509_CRL_sign"); if ((dersz = i2d_X509_CRL(xc, &der)) <= 0) @@ -517,8 +517,8 @@ int main(void) int failed = 0; failed |= test_x509_setters(); - failed |= test_x509_crl_setters(); - failed |= test_x509_req_setters(); + /* failed |= */ test_x509_crl_setters(); + /* failed |= */ test_x509_req_setters(); OPENSSL_cleanup(); diff --git a/sbin/dumpfs/dumpfs.c b/sbin/dumpfs/dumpfs.c index d846fa1fb..f5a1a0bf2 100644 --- a/sbin/dumpfs/dumpfs.c +++ b/sbin/dumpfs/dumpfs.c @@ -219,14 +219,14 @@ dumpfs(int fd, const char *name) "maxbsize", afs.fs_maxbsize, afs.fs_maxbpg, afs.fs_maxcontig, afs.fs_contigsumsize); printf("nbfree\t%jd\tndir\t%jd\tnifree\t%jd\tnffree\t%jd\n", - (intmax_t)afs.fs_cstotal.cs_nbfree, + (intmax_t)afs.fs_cstotal.cs_nbfree, (intmax_t)afs.fs_cstotal.cs_ndir, - (intmax_t)afs.fs_cstotal.cs_nifree, + (intmax_t)afs.fs_cstotal.cs_nifree, (intmax_t)afs.fs_cstotal.cs_nffree); printf("bpg\t%d\tfpg\t%d\tipg\t%u\n", afs.fs_fpg / afs.fs_frag, afs.fs_fpg, afs.fs_ipg); printf("nindir\t%d\tinopb\t%u\tmaxfilesize\t%ju\n", - afs.fs_nindir, afs.fs_inopb, + afs.fs_nindir, afs.fs_inopb, (uintmax_t)afs.fs_maxfilesize); printf("sbsize\t%d\tcgsize\t%d\tcsaddr\t%jd\tcssize\t%d\n", afs.fs_sbsize, afs.fs_cgsize, (intmax_t)afs.fs_csaddr, diff --git a/sbin/slaacd/engine.c b/sbin/slaacd/engine.c index 7ca00650e..07b818a69 100644 --- a/sbin/slaacd/engine.c +++ b/sbin/slaacd/engine.c @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.c,v 1.84 2022/08/26 00:02:08 kn Exp $ */ +/* $OpenBSD: engine.c,v 1.85 2023/04/30 13:08:40 phessler Exp $ */ /* * Copyright (c) 2017 Florian Obser @@ -1927,7 +1927,7 @@ update_iface_ra_prefix(struct slaacd_iface *iface, struct radv *ra, struct radv_prefix *prefix) { struct address_proposal *addr_proposal; - uint32_t remaining_lifetime, pltime, vltime; + uint32_t pltime, vltime; int found, found_temporary, duplicate_found; found = found_temporary = duplicate_found = 0; @@ -1966,16 +1966,7 @@ update_iface_ra_prefix(struct slaacd_iface *iface, struct radv *ra, continue; } - remaining_lifetime = real_lifetime(&addr_proposal->uptime, - addr_proposal->vltime); - - /* RFC 4862 5.5.3 two hours rule */ -#define TWO_HOURS 2 * 3600 - if (prefix->vltime > TWO_HOURS || - prefix->vltime >= remaining_lifetime) - vltime = prefix->vltime; - else - vltime = TWO_HOURS; + vltime = prefix->vltime; if (addr_proposal->temporary) { struct timespec now; diff --git a/sbin/unwind/frontend.c b/sbin/unwind/frontend.c index 20061e6f7..3bc7b485c 100644 --- a/sbin/unwind/frontend.c +++ b/sbin/unwind/frontend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.c,v 1.77 2023/02/08 08:01:25 tb Exp $ */ +/* $OpenBSD: frontend.c,v 1.78 2023/04/30 23:46:52 jsg Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -1747,6 +1747,7 @@ tcp_response(int fd, short events, void *arg) if (errno == EAGAIN || errno == EINTR) return; free_pending_query(pq); + return; } sldns_buffer_skip(pq->abuf, n); if (sldns_buffer_remaining(pq->abuf) == 0) diff --git a/sys/arch/amd64/amd64/efi_machdep.c b/sys/arch/amd64/amd64/efi_machdep.c index a5f4563ce..97be06b22 100644 --- a/sys/arch/amd64/amd64/efi_machdep.c +++ b/sys/arch/amd64/amd64/efi_machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: efi_machdep.c,v 1.5 2023/01/14 12:11:10 kettenis Exp $ */ +/* $OpenBSD: efi_machdep.c,v 1.6 2023/04/30 17:24:24 kettenis Exp $ */ /* * Copyright (c) 2022 Mark Kettenis @@ -40,8 +40,6 @@ const struct cfattach efi_ca = { }; void efi_map_runtime(struct efi_softc *); -int efi_gettime(struct todr_chip_handle *, struct timeval *); -int efi_settime(struct todr_chip_handle *, struct timeval *); label_t efi_jmpbuf; @@ -67,8 +65,6 @@ efi_attach(struct device *parent, struct device *self, void *aux) uint64_t system_table; bus_space_handle_t memh; EFI_SYSTEM_TABLE *st; - EFI_TIME time; - EFI_STATUS status; uint16_t major, minor; int i; @@ -121,25 +117,6 @@ efi_attach(struct device *parent, struct device *self, void *aux) printf(" rev 0x%x\n", st->FirmwareRevision); } efi_leave(sc); - - if (efi_enter_check(sc)) - return; - status = sc->sc_rs->GetTime(&time, NULL); - efi_leave(sc); - if (status != EFI_SUCCESS) - return; - - /* - * EDK II implementations provide an implementation of - * GetTime() that returns a fixed compiled-in time on hardware - * without a (supported) RTC. So only use this interface as a - * last resort. - */ - sc->sc_todr.cookie = sc; - sc->sc_todr.todr_gettime = efi_gettime; - sc->sc_todr.todr_settime = efi_settime; - sc->sc_todr.todr_quality = -1000; - todr_attach(&sc->sc_todr); } void @@ -243,65 +220,3 @@ efi_leave(struct efi_softc *sc) lcr3(sc->sc_cr3); intr_restore(sc->sc_psw); } - -int -efi_gettime(struct todr_chip_handle *handle, struct timeval *tv) -{ - struct efi_softc *sc = handle->cookie; - struct clock_ymdhms dt; - EFI_TIME time; - EFI_STATUS status; - - if (efi_enter_check(sc)) - return EFAULT; - status = sc->sc_rs->GetTime(&time, NULL); - efi_leave(sc); - if (status != EFI_SUCCESS) - return EIO; - - dt.dt_year = time.Year; - dt.dt_mon = time.Month; - dt.dt_day = time.Day; - dt.dt_hour = time.Hour; - dt.dt_min = time.Minute; - dt.dt_sec = time.Second; - - if (dt.dt_sec > 59 || dt.dt_min > 59 || dt.dt_hour > 23 || - dt.dt_day > 31 || dt.dt_day == 0 || - dt.dt_mon > 12 || dt.dt_mon == 0 || - dt.dt_year < POSIX_BASE_YEAR) - return EINVAL; - - tv->tv_sec = clock_ymdhms_to_secs(&dt); - tv->tv_usec = 0; - return 0; -} - -int -efi_settime(struct todr_chip_handle *handle, struct timeval *tv) -{ - struct efi_softc *sc = handle->cookie; - struct clock_ymdhms dt; - EFI_TIME time; - EFI_STATUS status; - - clock_secs_to_ymdhms(tv->tv_sec, &dt); - - time.Year = dt.dt_year; - time.Month = dt.dt_mon; - time.Day = dt.dt_day; - time.Hour = dt.dt_hour; - time.Minute = dt.dt_min; - time.Second = dt.dt_sec; - time.Nanosecond = 0; - time.TimeZone = 0; - time.Daylight = 0; - - if (efi_enter_check(sc)) - return EFAULT; - status = sc->sc_rs->SetTime(&time); - efi_leave(sc); - if (status != EFI_SUCCESS) - return EIO; - return 0; -} diff --git a/sys/arch/amd64/amd64/locore.S b/sys/arch/amd64/amd64/locore.S index e8b4c2400..9c69022f4 100644 --- a/sys/arch/amd64/amd64/locore.S +++ b/sys/arch/amd64/amd64/locore.S @@ -994,7 +994,7 @@ END(intr_fast_exit) * FPU/"extended CPU state" handling * int xrstor_user(sfp, mask) * load given state, returns 0/1 if okay/it trapped - * void fpusave(sfp) + * void fpusave(sfp) * save current state, but retain it in the FPU * void fpusavereset(sfp) * save current state and reset FPU to initial/kernel state diff --git a/sys/arch/arm/arm/fault.c b/sys/arch/arm/arm/fault.c index 94ea3eba6..9a91ab481 100644 --- a/sys/arch/arm/arm/fault.c +++ b/sys/arch/arm/arm/fault.c @@ -360,7 +360,7 @@ data_abort_handler(trapframe_t *tf) p->p_ucred ? (int)p->p_ucred->cr_uid : -1); sd.signo = SIGKILL; sd.code = 0; - } else if (error == EACCES) + } else if (error == EACCES) sd.code = SEGV_ACCERR; else if (error == EIO) { sd.signo = SIGBUS; diff --git a/sys/arch/arm/arm/pmap7.c b/sys/arch/arm/arm/pmap7.c index 603b7245a..f3a9d6819 100644 --- a/sys/arch/arm/arm/pmap7.c +++ b/sys/arch/arm/arm/pmap7.c @@ -711,7 +711,7 @@ pmap_free_l2_ptp(pt_entry_t *l2) * bucket/page table in place. * * Note that if a new L2 bucket/page was allocated, the caller *must* - * increment the bucket occupancy counter appropriately *before* + * increment the bucket occupancy counter appropriately *before* * releasing the pmap's lock to ensure no other thread or cpu deallocates * the bucket/page in the meantime. */ diff --git a/sys/arch/arm64/dev/apldc.c b/sys/arch/arm64/dev/apldc.c index a4a4b3010..58112860e 100644 --- a/sys/arch/arm64/dev/apldc.c +++ b/sys/arch/arm64/dev/apldc.c @@ -846,7 +846,7 @@ apldchidev_wait(struct apldchidev_softc *sc) } return; } - + while (sc->sc_busy) { error = tsleep_nsec(sc, PZERO, "apldcwt", SEC_TO_NSEC(1)); if (error == EWOULDBLOCK) diff --git a/sys/arch/octeon/stand/boot/Makefile b/sys/arch/octeon/stand/boot/Makefile index 87f316b8c..b31eed9e9 100644 --- a/sys/arch/octeon/stand/boot/Makefile +++ b/sys/arch/octeon/stand/boot/Makefile @@ -1,11 +1,11 @@ -# $OpenBSD: Makefile,v 1.11 2023/04/28 08:45:26 krw Exp $ +# $OpenBSD: Makefile,v 1.12 2023/04/30 22:28:27 krw Exp $ NOMAN= #MAN= boot.8 RDBOOT= ${.CURDIR}/../rdboot/obj/rdboot -MRDISKTYPE= rdroot +MRDISKTYPE= rdboot MRMAKEFSARGS= -o disklabel=${MRDISKTYPE},minfree=0,density=1024 .if ${MACHINE} == "octeon" diff --git a/sys/dev/pci/drm/amd/amdgpu/amdgpu_devlist.h b/sys/dev/pci/drm/amd/amdgpu/amdgpu_devlist.h index ba431f5f4..a1ee77ae9 100644 --- a/sys/dev/pci/drm/amd/amdgpu/amdgpu_devlist.h +++ b/sys/dev/pci/drm/amd/amdgpu/amdgpu_devlist.h @@ -205,7 +205,8 @@ static const struct pci_matchid amdgpu_devices[] = { /* GC 11.0.0, DCN 3.2.0, dGPU, Radeon RX 7900 XT/XTX "Navi 31" */ {0x1002, 0x744c }, - /* GC 11.0.1, DCN 3.1.4, APU */ + /* GC 11.0.1, DCN 3.1.4, APU, Ryzen 7040 "Phoenix" */ + {0x1002, 0x15bf }, /* GC 11.0.2, DCN 3.2.1, dGPU, "Navi 33" */ {0x1002, 0x7480 }, diff --git a/sys/dev/pci/pcidevs b/sys/dev/pci/pcidevs index dc389b9f9..caf0d475c 100644 --- a/sys/dev/pci/pcidevs +++ b/sys/dev/pci/pcidevs @@ -1,4 +1,4 @@ -$OpenBSD: pcidevs,v 1.2032 2023/04/25 21:57:29 kettenis Exp $ +$OpenBSD: pcidevs,v 1.2033 2023/04/30 23:38:52 jsg Exp $ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* @@ -1278,6 +1278,7 @@ product ATI CYAN_SKILLFISH_2 0x143f Cyan Skillfish product ATI PPB_1 0x1478 PCIE product ATI PPB_2 0x1479 PCIE product ATI MENDOCINO 0x1506 Mendocino +product ATI PHOENIX 0x15bf Phoenix product ATI PICASSO 0x15d8 Picasso product ATI RAVEN_VEGA 0x15dd Radeon Vega product ATI RAVEN_VEGA_HDA 0x15de Radeon Vega HD Audio diff --git a/sys/dev/pci/pcidevs.h b/sys/dev/pci/pcidevs.h index 1f4fc2d82..6ef80398e 100644 --- a/sys/dev/pci/pcidevs.h +++ b/sys/dev/pci/pcidevs.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2032 2023/04/25 21:57:29 kettenis Exp + * OpenBSD: pcidevs,v 1.2033 2023/04/30 23:38:52 jsg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -1283,6 +1283,7 @@ #define PCI_PRODUCT_ATI_PPB_1 0x1478 /* PCIE */ #define PCI_PRODUCT_ATI_PPB_2 0x1479 /* PCIE */ #define PCI_PRODUCT_ATI_MENDOCINO 0x1506 /* Mendocino */ +#define PCI_PRODUCT_ATI_PHOENIX 0x15bf /* Phoenix */ #define PCI_PRODUCT_ATI_PICASSO 0x15d8 /* Picasso */ #define PCI_PRODUCT_ATI_RAVEN_VEGA 0x15dd /* Radeon Vega */ #define PCI_PRODUCT_ATI_RAVEN_VEGA_HDA 0x15de /* Radeon Vega HD Audio */ diff --git a/sys/dev/pci/pcidevs_data.h b/sys/dev/pci/pcidevs_data.h index 46be6c6ec..3359a0b3f 100644 --- a/sys/dev/pci/pcidevs_data.h +++ b/sys/dev/pci/pcidevs_data.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2032 2023/04/25 21:57:29 kettenis Exp + * OpenBSD: pcidevs,v 1.2033 2023/04/30 23:38:52 jsg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -3259,6 +3259,10 @@ static const struct pci_known_product pci_known_products[] = { PCI_VENDOR_ATI, PCI_PRODUCT_ATI_MENDOCINO, "Mendocino", }, + { + PCI_VENDOR_ATI, PCI_PRODUCT_ATI_PHOENIX, + "Phoenix", + }, { PCI_VENDOR_ATI, PCI_PRODUCT_ATI_PICASSO, "Picasso", diff --git a/sys/msdosfs/msdosfs_fat.c b/sys/msdosfs/msdosfs_fat.c index c15b6257d..d31abf7d1 100644 --- a/sys/msdosfs/msdosfs_fat.c +++ b/sys/msdosfs/msdosfs_fat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msdosfs_fat.c,v 1.34 2021/03/11 13:31:35 jsg Exp $ */ +/* $OpenBSD: msdosfs_fat.c,v 1.35 2023/04/30 17:16:36 sf Exp $ */ /* $NetBSD: msdosfs_fat.c,v 1.26 1997/10/17 11:24:02 ws Exp $ */ /*- @@ -409,6 +409,7 @@ updatefats(struct msdosfsmount *pmp, struct buf *bp, uint32_t fatbn) static __inline void usemap_alloc(struct msdosfsmount *pmp, uint32_t cn) { + KASSERT(cn <= pmp->pm_maxcluster); pmp->pm_inusemap[cn / N_INUSEBITS] |= 1 << (cn % N_INUSEBITS); pmp->pm_freeclustercount--; @@ -417,6 +418,7 @@ usemap_alloc(struct msdosfsmount *pmp, uint32_t cn) static __inline void usemap_free(struct msdosfsmount *pmp, uint32_t cn) { + KASSERT(cn <= pmp->pm_maxcluster); pmp->pm_freeclustercount++; pmp->pm_inusemap[cn / N_INUSEBITS] &= ~(1 << (cn % N_INUSEBITS)); @@ -644,6 +646,8 @@ chainlength(struct msdosfsmount *pmp, uint32_t start, uint32_t count) u_int map; uint32_t len; + if (start > pmp->pm_maxcluster) + return (0); max_idx = pmp->pm_maxcluster / N_INUSEBITS; idx = start / N_INUSEBITS; start %= N_INUSEBITS; @@ -651,11 +655,15 @@ chainlength(struct msdosfsmount *pmp, uint32_t start, uint32_t count) map &= ~((1 << start) - 1); if (map) { len = ffs(map) - 1 - start; - return (len > count ? count : len); + len = MIN(len, count); + len = MIN(len, pmp->pm_maxcluster - start + 1); + return (len); } len = N_INUSEBITS - start; - if (len >= count) - return (count); + if (len >= count) { + len = MIN(count, pmp->pm_maxcluster - start + 1); + return (len); + } while (++idx <= max_idx) { if (len >= count) break; @@ -665,7 +673,9 @@ chainlength(struct msdosfsmount *pmp, uint32_t start, uint32_t count) } len += N_INUSEBITS; } - return (len > count ? count : len); + len = MIN(len, count); + len = MIN(len, pmp->pm_maxcluster - start + 1); + return (len); } /* diff --git a/usr.bin/ssh/sftp-client.c b/usr.bin/ssh/sftp-client.c index 8b9c50c65..230e8791e 100644 --- a/usr.bin/ssh/sftp-client.c +++ b/usr.bin/ssh/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.170 2023/03/28 07:44:32 dtucker Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.171 2023/04/30 22:54:22 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1580,7 +1580,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, u_char *handle; int local_fd = -1, write_error; int read_error, write_errno, lmodified = 0, reordered = 0, r; - u_int64_t offset = 0, size, highwater; + u_int64_t offset = 0, size, highwater = 0, maxack = 0; u_int mode, id, buflen, num_req, max_req, status = SSH2_FX_OK; off_t progress_counter; size_t handle_len; @@ -1627,7 +1627,6 @@ do_download(struct sftp_conn *conn, const char *remote_path, error("open local \"%s\": %s", local_path, strerror(errno)); goto fail; } - offset = highwater = 0; if (resume_flag) { if (fstat(local_fd, &st) == -1) { error("stat local \"%s\": %s", @@ -1648,7 +1647,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, close(local_fd); return -1; } - offset = highwater = st.st_size; + offset = highwater = maxack = st.st_size; } /* Read from remote and write to local */ @@ -1730,11 +1729,21 @@ do_download(struct sftp_conn *conn, const char *remote_path, write_errno = errno; write_error = 1; max_req = 0; + } else { + /* + * Track both the highest offset acknowledged + * and the highest *contiguous* offset + * acknowledged. + * We'll need the latter for ftruncate()ing + * interrupted transfers. + */ + if (maxack < req->offset + len) + maxack = req->offset + len; + if (!reordered && req->offset <= highwater) + highwater = maxack; + else if (!reordered && req->offset > highwater) + reordered = 1; } - else if (!reordered && req->offset <= highwater) - highwater = req->offset + len; - else if (!reordered && req->offset > highwater) - reordered = 1; progress_counter += len; free(data); @@ -1783,12 +1792,19 @@ do_download(struct sftp_conn *conn, const char *remote_path, /* Sanity check */ if (TAILQ_FIRST(&requests) != NULL) fatal("Transfer complete, but requests still in queue"); + + if (!read_error && !write_error && !interrupted) { + /* we got everything */ + highwater = maxack; + } + /* * Truncate at highest contiguous point to avoid holes on interrupt, * or unconditionally if writing in place. */ if (inplace_flag || read_error || write_error || interrupted) { - if (reordered && resume_flag) { + if (reordered && resume_flag && + (read_error || write_error || interrupted)) { error("Unable to resume download of \"%s\": " "server reordered requests", local_path); } @@ -1984,7 +2000,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, struct stat sb; Attrib a, t, *c = NULL; u_int32_t startid, ackid; - u_int64_t highwater = 0; + u_int64_t highwater = 0, maxack = 0; struct request *ack = NULL; struct requests acks; size_t handle_len; @@ -2125,8 +2141,16 @@ do_upload(struct sftp_conn *conn, const char *local_path, ack->id, ack->len, (unsigned long long)ack->offset); ++ackid; progress_counter += ack->len; + /* + * Track both the highest offset acknowledged and the + * highest *contiguous* offset acknowledged. + * We'll need the latter for ftruncate()ing + * interrupted transfers. + */ + if (maxack < ack->offset + ack->len) + maxack = ack->offset + ack->len; if (!reordered && ack->offset <= highwater) - highwater = ack->offset + ack->len; + highwater = maxack; else if (!reordered && ack->offset > highwater) { debug3_f("server reordered ACKs"); reordered = 1; @@ -2143,6 +2167,10 @@ do_upload(struct sftp_conn *conn, const char *local_path, stop_progress_meter(); free(data); + if (status == SSH2_FX_OK && !interrupted) { + /* we got everything */ + highwater = maxack; + } if (status != SSH2_FX_OK) { error("write remote \"%s\": %s", remote_path, fx2txt(status)); status = SSH2_FX_FAILURE; diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8 index 47d14ca01..cc01982f7 100644 --- a/usr.sbin/rpki-client/rpki-client.8 +++ b/usr.sbin/rpki-client/rpki-client.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpki-client.8,v 1.94 2023/04/26 22:05:28 beck Exp $ +.\" $OpenBSD: rpki-client.8,v 1.95 2023/04/30 20:10:38 benno Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: April 26 2023 $ +.Dd $Mdocdate: April 30 2023 $ .Dt RPKI-CLIENT 8 .Os .Sh NAME @@ -63,7 +63,8 @@ in various formats. The options are as follows: .Bl -tag -width Ds .It Fl A -Exclude the aspa-set in the OpenBGPD specific output file. +Exclude the ASPA-set from the output files that support it (JSON and +OpenBGPD). .It Fl B Create output in the files .Pa bird1v4 ,