Merge branch 'openiked:master' into master

openiked · Sep 4, 2023 · 75efb59 · 75efb59
2 parents 2538ef1 + 2699289
commit 75efb59
Show file tree

Hide file tree

Showing 20 changed files with 374 additions and 127 deletions.
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
@@ -106,8 +106,9 @@ jobs:
 
     - name: Build
       run: |
-        git clone https://github.com/openiked/openiked-portable.git
+        git clone --depth=1 https://github.com/openiked/openiked-portable.git
         cd openiked-portable
+        [ "${{ github.event.pull_request.number }}" = "" ] || (echo "fetching PR ${{ github.event.pull_request.number }}"; git fetch origin pull/${{ github.event.pull_request.number }}/head:pr-${{ github.event.pull_request.number }} && git checkout "pr-${{ github.event.pull_request.number }}")
         mkdir build; cd build
         cmake .. -DCMAKE_BUILD_TYPE=$BUILD_TYPE
         make
@@ -127,8 +128,9 @@ jobs:
 
     - name: Build
       run: |
-        git clone https://github.com/openiked/openiked-portable.git
+        git clone --depth=1 https://github.com/openiked/openiked-portable.git
         cd openiked-portable
+        [ "${{ github.event.pull_request.number }}" = "" ] || (echo "fetching PR ${{ github.event.pull_request.number }}"; git fetch origin pull/${{ github.event.pull_request.number }}/head:pr-${{ github.event.pull_request.number }} && git checkout "pr-${{ github.event.pull_request.number }}")
         mkdir build; cd build
         cmake .. -DCMAKE_BUILD_TYPE=$BUILD_TYPE
         make
@@ -145,8 +147,9 @@ jobs:
 
     - name: Build
       run: |
-        git clone https://github.com/openiked/openiked-portable.git
+        git clone --depth=1 https://github.com/openiked/openiked-portable.git
         cd openiked-portable
+        [ "${{ github.event.pull_request.number }}" = "" ] || (echo "fetching PR ${{ github.event.pull_request.number }}"; git fetch origin pull/${{ github.event.pull_request.number }}/head:pr-${{ github.event.pull_request.number }} && git checkout "pr-${{ github.event.pull_request.number }}")
         mkdir build; cd build
         cmake .. -DCMAKE_BUILD_TYPE=$BUILD_TYPE
         make

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -361,6 +361,20 @@ check_function_exists(getopt HAVE_GETOPT)
 if(HAVE_GETOPT)
         add_definitions(-DHAVE_GETOPT)
 endif()
+
+check_function_exists(ibuf_add_buf HAVE_IBUF_ADD_BUF)
+if(HAVE_IBUF_ADD_BUF)
+        add_definitions(-DHAVE_IBUF_ADD_BUF)
+endif()
+check_function_exists(ibuf_add_zero HAVE_IBUF_ADD_ZERO)
+if(HAVE_IBUF_ADD_ZERO)
+        add_definitions(-DHAVE_IBUF_ADD_ZERO)
+endif()
+check_function_exists(ibuf_data HAVE_IBUF_DATA)
+if(HAVE_IBUF_DATA)
+        add_definitions(-DHAVE_IBUF_DATA)
+endif()
+
 if(HAVE_VROUTE OR HAVE_VROUTE_NETLINK)
 	add_definitions(-DHAVE_VROUTE)
 endif()

diff --git a/compat/CMakeLists.txt b/compat/CMakeLists.txt
@@ -73,6 +73,9 @@ endif()
 if(NOT HAVE_VIS)
 	list(APPEND SRCS ${IKED_COMPAT}/vis.c)
 endif()
+if(NOT HAVE_IBUF_ADD_BUF OR NOT HAVE_IBUF_ADD_ZERO OR NOT HAVE_IBUF_DATA)
+	list(APPEND SRCS ${IKED_COMPAT}/ibuf-compat.c)
+endif()
 
 set(CFLAGS)
 list(APPEND CFLAGS

diff --git a/compat/arc4random.c b/compat/arc4random.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $	*/
+/*	$OpenBSD: arc4random.c,v 1.58 2022/07/31 13:41:45 tb Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -49,6 +49,8 @@
 #define BLOCKSZ	64
 #define RSBUFSZ	(16*BLOCKSZ)
 
+#define REKEY_BASE	(1024*1024) /* NB. should be a power of 2 */
+
 /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
 static struct _rs {
 	size_t		rs_have;	/* valid bytes at end of rs_buf */
@@ -78,14 +80,15 @@ _rs_init(u_char *buf, size_t n)
 			_exit(1);
 	}
 
-	chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0);
+	chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8);
 	chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ);
 }
 
 static void
 _rs_stir(void)
 {
 	u_char rnd[KEYSZ + IVSZ];
+	uint32_t rekey_fuzz = 0;
 
 	if (getentropy(rnd, sizeof rnd) == -1)
 		_getentropy_fail();
@@ -100,7 +103,10 @@ _rs_stir(void)
 	rs->rs_have = 0;
 	memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
 
-	rs->rs_count = 1600000;
+	/* rekey interval should not be predictable */
+	chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz,
+	    (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz));
+	rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE);
 }
 
 static inline void

diff --git a/compat/chacha_private.h b/compat/chacha_private.h
@@ -4,7 +4,7 @@ D. J. Bernstein
 Public domain.
 */
 
-/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
+/* $OpenBSD: chacha_private.h,v 1.3 2022/02/28 21:56:29 dtucker Exp $ */
 
 typedef unsigned char u8;
 typedef unsigned int u32;
@@ -52,7 +52,7 @@ static const char sigma[16] = "expand 32-byte k";
 static const char tau[16] = "expand 16-byte k";
 
 static void
-chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
+chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
 {
   const char *constants;
 

diff --git a/compat/ffs.c b/compat/ffs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ffs.c,v 1.9 2014/06/10 04:16:57 deraadt Exp $	*/
+/*	$OpenBSD: ffs.c,v 1.10 2018/01/18 08:23:44 guenther Exp $	*/
 
 /*
  * Public domain.

diff --git a/compat/getopt.h b/compat/getopt.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getopt.h,v 1.2 2008/06/26 05:42:04 ray Exp $	*/
+/*	$OpenBSD: getopt.h,v 1.3 2013/11/22 21:32:49 millert Exp $	*/
 /*	$NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $	*/
 
 /*-
@@ -34,7 +34,7 @@
 #define _GETOPT_H_
 
 /*
- * GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions
+ * GNU-like getopt_long()
  */
 #define no_argument        0
 #define required_argument  1
@@ -61,14 +61,12 @@ int	 getopt_long_only(int, char * const *, const char *,
 #ifndef _GETOPT_DEFINED_
 #define _GETOPT_DEFINED_
 int	 getopt(int, char * const *, const char *);
-int	 getsubopt(char **, char * const *, char **);
 
 extern   char *optarg;                  /* getopt(3) external variables */
 extern   int opterr;
 extern   int optind;
 extern   int optopt;
 extern   int optreset;
-extern   char *suboptarg;               /* getsubopt(3) external variable */
 #endif
 
 #endif /* !_GETOPT_H_ */
diff --git a/compat/getopt_long.c b/compat/getopt_long.c
@@ -1,8 +1,8 @@
-/*	$OpenBSD: getopt_long.c,v 1.25 2011/03/05 22:10:11 guenther Exp $	*/
+/*	$OpenBSD: getopt_long.c,v 1.32 2020/05/27 22:25:09 schwarze Exp $	*/
 /*	$NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $	*/
 
 /*
- * Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2002 Todd C. Miller <millert@openbsd.org>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -55,11 +55,10 @@
 #if !defined(HAVE_GETOPT)
 
 #include <err.h>
-#include <getopt.h>
 #include <errno.h>
+#include <getopt.h>
 #include <stdlib.h>
 #include <string.h>
-#include <stdarg.h>
 
 int	opterr = 1;		/* if error message should be printed */
 int	optind = 1;		/* index into parent argv vector */
@@ -83,7 +82,7 @@ char    *optarg;		/* argument associated with option */
 static int getopt_internal(int, char * const *, const char *,
 			   const struct option *, int *, int);
 static int parse_long_options(char * const *, const char *,
-			      const struct option *, int *, int);
+			      const struct option *, int *, int, int);
 static int gcd(int, int);
 static void permute_args(int, int, int, char * const *);
 
@@ -148,9 +147,7 @@ permute_args(int panonopt_start, int panonopt_end, int opt_end,
 			else
 				pos += nopts;
 			swap = nargv[pos];
-			/* LINTED const cast */
-			((char **) nargv)[pos] = nargv[cstart];
-			/* LINTED const cast */
+			((char **)nargv)[pos] = nargv[cstart];
 			((char **)nargv)[cstart] = swap;
 		}
 	}
@@ -163,14 +160,16 @@ permute_args(int panonopt_start, int panonopt_end, int opt_end,
  */
 static int
 parse_long_options(char * const *nargv, const char *options,
-	const struct option *long_options, int *idx, int short_too)
+	const struct option *long_options, int *idx, int short_too, int flags)
 {
 	char *current_argv, *has_equal;
 	size_t current_argv_len;
-	int i, match;
+	int i, match, exact_match, second_partial_match;
 
 	current_argv = place;
 	match = -1;
+	exact_match = 0;
+	second_partial_match = 0;
 
 	optind++;
 
@@ -190,6 +189,7 @@ parse_long_options(char * const *nargv, const char *options,
 		if (strlen(long_options[i].name) == current_argv_len) {
 			/* exact match */
 			match = i;
+			exact_match = 1;
 			break;
 		}
 		/*
@@ -199,16 +199,20 @@ parse_long_options(char * const *nargv, const char *options,
 		if (short_too && current_argv_len == 1)
 			continue;
 
-		if (match == -1)	/* partial match */
+		if (match == -1)	/* first partial match */
 			match = i;
-		else {
-			/* ambiguous abbreviation */
-			if (PRINT_ERROR)
-				warnx(ambig, (int)current_argv_len,
-				     current_argv);
-			optopt = 0;
-			return (BADCH);
-		}
+		else if ((flags & FLAG_LONGONLY) ||
+		    long_options[i].has_arg != long_options[match].has_arg ||
+		    long_options[i].flag != long_options[match].flag ||
+		    long_options[i].val != long_options[match].val)
+			second_partial_match = 1;
+	}
+	if (!exact_match && second_partial_match) {
+		/* ambiguous abbreviation */
+		if (PRINT_ERROR)
+			warnx(ambig, (int)current_argv_len, current_argv);
+		optopt = 0;
+		return (BADCH);
 	}
 	if (match != -1) {		/* option found */
 		if (long_options[match].has_arg == no_argument
@@ -404,23 +408,15 @@ getopt_internal(int nargc, char * const *nargv, const char *options,
 			short_too = 1;		/* could be short option too */
 
 		optchar = parse_long_options(nargv, options, long_options,
-		    idx, short_too);
+		    idx, short_too, flags);
 		if (optchar != -1) {
 			place = EMSG;
 			return (optchar);
 		}
 	}
 
 	if ((optchar = (int)*place++) == (int)':' ||
-	    (optchar == (int)'-' && *place != '\0') ||
 	    (oli = strchr(options, optchar)) == NULL) {
-		/*
-		 * If the user specified "-" and  '-' isn't listed in
-		 * options, return -1 (non-option) as per POSIX.
-		 * Otherwise, it is an unknown option character (or ':').
-		 */
-		if (optchar == (int)'-' && *place == '\0')
-			return (-1);
 		if (!*place)
 			++optind;
 		if (PRINT_ERROR)
@@ -441,7 +437,7 @@ getopt_internal(int nargc, char * const *nargv, const char *options,
 		} else				/* white space */
 			place = nargv[optind];
 		optchar = parse_long_options(nargv, options, long_options,
-		    idx, 0);
+		    idx, 0, flags);
 		place = EMSG;
 		return (optchar);
 	}
@@ -472,8 +468,6 @@ getopt_internal(int nargc, char * const *nargv, const char *options,
 /*
  * getopt --
  *	Parse argc/argv argument vector.
- *
- * [eventually this will replace the BSD getopt]
  */
 int
 getopt(int nargc, char * const *nargv, const char *options)

diff --git a/compat/ibuf-compat.c b/compat/ibuf-compat.c
@@ -0,0 +1,76 @@
+/*      $OpenBSD: imsg-buffer.c,v 1.16 2023/06/19 17:19:50 claudio Exp $        */
+
+/*
+ * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* ibuf API functions added to OpenBSD's imsg-buffer.c in June 2023. */
+
+#ifdef HAVE_IMSG_H
+
+#if !defined(HAVE_IBUF_ADD_BUF) || !defined(HAVE_IBUF_ADD_ZERO)
+#include <sys/queue.h>
+
+#include <string.h>
+#include <imsg.h>
+#endif /* !defined(HAVE_IBUF_ADD_BUF) || !defined(HAVE_IBUF_ADD_ZERO) */
+
+#if !defined(HAVE_IBUF_ADD_BUF)
+void *ibuf_reserve(struct ibuf *, size_t);
+
+int
+ibuf_add(struct ibuf *buf, const void *data, size_t len)
+{
+	void *b;
+
+	if ((b = ibuf_reserve(buf, len)) == NULL)
+		return (-1);
+
+	memcpy(b, data, len);
+	return (0);
+}
+
+int
+ibuf_add_buf(struct ibuf *buf, const struct ibuf *from)
+{
+	return ibuf_add(buf, from->buf, from->wpos);
+}
+#endif /* !defined(HAVE_IBUF_ADD_BUF) */
+
+#if !defined(HAVE_IBUF_ADD_ZERO)
+void *ibuf_reserve(struct ibuf *, size_t);
+
+int
+ibuf_add_zero(struct ibuf *buf, size_t len)
+{
+	void *b;
+
+	if ((b = ibuf_reserve(buf, len)) == NULL)
+		return (-1);
+	return (0);
+}
+#endif /* !defined(HAVE_IBUF_ADD_ZERO) */
+
+#if !defined(HAVE_IBUF_DATA)
+void *ibuf_seek(struct ibuf *, size_t, size_t);
+
+void *
+ibuf_data(struct ibuf *buf)
+{
+	return (ibuf_seek(buf, 0, 0));
+}
+#endif /* !defined(HAVE_IBUF_DATA) */
+
+#endif /* HAVE_IMSG_H */