jsing [Sun, 2 Jul 2023 14:57:58 +0000 (14:57 +0000)]
Demacro SHA-512.
Use static inline functions instead of macros to implement SHA-512. At
the same time, make two key changes - firstly, rather than trying to
outsmart the compiler and shuffle variables around, write the algorithm
the way it is documented and actually swap the variable contents. Secondly,
instead of interleaving the message schedule update and the round, do the
full message schedule update first, then process the round.
Overall, we get safer and more readable code. Additionally, the compiler
can generate smaller and faster code (with a gain of 5-10% across a range
of architectures).
ok beck@ tb@
tb [Sun, 2 Jul 2023 14:54:37 +0000 (14:54 +0000)]
Fix typo in previous
tb [Sun, 2 Jul 2023 14:53:18 +0000 (14:53 +0000)]
Use asprintf() to avoid repetition in string constants
... since ASN1_bn_print() is stupid.
ok jsing
tb [Sun, 2 Jul 2023 13:48:47 +0000 (13:48 +0000)]
Split ECPKParameters_print()
This function has two entirely independent parts, so instead of a huge
if/else just use two functions. In ecpk_print_explicity parameters() do
some additional boring cleanup such as switching to actually using the
local BN_CTX and shuffling things into a slightly more sensible order.
ok jsing
tb [Sun, 2 Jul 2023 13:37:09 +0000 (13:37 +0000)]
Switch sign_sig() and sign_setup() to using BN_CTX
Both these functions use a BN_CTX internally to deal with the EC API
that usually requires one. However, they don't actually make use of it.
Get the BIGNUMs from the BN_CTX instead, which simplifies the cleanup.
Also defer allocation of the ECDSA_SIG to the very end. Instead of using
its internal r and s, use two local r and s variables and transfer those
to the ECDSA_SIG on success.
ok beck jsing
espie [Sun, 2 Jul 2023 13:33:10 +0000 (13:33 +0000)]
lost silence_children behavior by accident
add a hook to compute the exit_code in more fun ways
tb [Sun, 2 Jul 2023 13:26:36 +0000 (13:26 +0000)]
Revert hunk accidentally committed in r1.39
tb [Sun, 2 Jul 2023 13:18:54 +0000 (13:18 +0000)]
Rework handling of the out_kinv and out_r pointers
suggested by jsing
jsing [Sun, 2 Jul 2023 13:11:23 +0000 (13:11 +0000)]
Replace bn_sqr_words() with bn_sqr_add_words().
In order to implement efficient squaring, we compute the sum of products
(omitting the squares), double the sum of products and then finally
compute and add in the squares. However, for reasons unknown the final
calculation was implemented as two separate steps.
Replace bn_sqr_words() with bn_sqr_add_words() such that we do the
computation in one step, avoid the need for temporary BN and remove
needless overhead. This gives us a performance gain across most
architectures (even with the loss of sse2 on i386, for example).
ok tb@
tb [Sun, 2 Jul 2023 13:05:29 +0000 (13:05 +0000)]
Rename ctx_in into in_ctx, kinvp into out_kinv and rp into out_r
tb [Sun, 2 Jul 2023 12:48:59 +0000 (12:48 +0000)]
Rename a few variables from X to x
deraadt [Sun, 2 Jul 2023 12:45:01 +0000 (12:45 +0000)]
sync
tb [Sun, 2 Jul 2023 12:25:33 +0000 (12:25 +0000)]
Simplify things by switching to bn_rand_interval()
This avoids some silly dances in ECDSA signature generation by replacing
them with a single API call. Also garbage collect the now unnecessary
range.
ok beck jsing
tb [Sun, 2 Jul 2023 11:29:36 +0000 (11:29 +0000)]
Unconditionally zero the ECDH key
While memset() is quite expensive, we can afford zeroing a few extra bytes
to make this code more readable.
ok beck jsing
deraadt [Sun, 2 Jul 2023 11:16:03 +0000 (11:16 +0000)]
PS_CHROOT flag must also be copied when forking. This will block
a ypconnect(2) from reading inside an incorrectly configured space.
ok kettenis
tb [Sun, 2 Jul 2023 07:08:57 +0000 (07:08 +0000)]
Teach openssl ca about
Ed25519 certificates
This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null()
as required by the API. This way ASN1_item_sign() now knows how to behave.
"ok = (rv == 2);" beck
tb [Sun, 2 Jul 2023 07:05:14 +0000 (07:05 +0000)]
Teach openssl req about EdDSA certs
After a few things in libcrypto were adjusted, this diff makes issuing
certificate requests with
Ed25519 work.
ok beck
beck [Sun, 2 Jul 2023 06:37:27 +0000 (06:37 +0000)]
Remove the ability to do tls 1.0 and 1.1 from libtls.
With this change any requests from configurations to request
versions of tls before tls 1.2 will use tls 1.2. This prepares
us to deprecate tls 1.0 and tls 1.1 support from libssl.
ok tb@
tb [Sun, 2 Jul 2023 04:17:00 +0000 (04:17 +0000)]
ECDSA_size(): move order a few lines down
tb [Sun, 2 Jul 2023 03:20:44 +0000 (03:20 +0000)]
Invert method checks to avoid stupid line breaks
tb [Sun, 2 Jul 2023 03:11:51 +0000 (03:11 +0000)]
Move the EC_POINT a bit down and a * to the right place
tb [Sun, 2 Jul 2023 02:28:20 +0000 (02:28 +0000)]
ech_key.c: Fix includes
We need stdint.h for uintptr_t, stdlib.h for malloc, ec.h for various
things, but there's no need for objects. or sha.h.
cheloha [Sun, 2 Jul 2023 00:55:18 +0000 (00:55 +0000)]
clockintr_cpu_init: stagger clock interrupts by MAXCPUS
During clockintr_cpu_init(), we can't stagger by ncpus because not
every platform has fully incremented it yet. Instead, stagger by
MAXCPUS. The resulting intervals are smaller, but are probably still
sufficiently large to avoid aggravating lock contention, even on
platforms where MAXCPUS is large.
While here, don't bother staggering the statclock if it is randomized.
With input from claudio@.
drahn [Sat, 1 Jul 2023 18:59:11 +0000 (18:59 +0000)]
Add sensor to qccpu to be able to show all cpu frequencies.
otto [Sat, 1 Jul 2023 18:35:14 +0000 (18:35 +0000)]
Document that small allocations are initially junked with 0xdf now
drahn [Sat, 1 Jul 2023 16:39:11 +0000 (16:39 +0000)]
Manpage for qccpu.4
drahn [Sat, 1 Jul 2023 16:34:29 +0000 (16:34 +0000)]
Add driver for QC cpu Power States.
ok kettenis@ patrick@
drahn [Sat, 1 Jul 2023 15:50:18 +0000 (15:50 +0000)]
Enable AC detection in qcpas driver.
Will enable apm -A once cpu P-state driver is added.
tb [Sat, 1 Jul 2023 15:10:28 +0000 (15:10 +0000)]
Reverse polarity to avoid an overlong line
tb [Sat, 1 Jul 2023 15:09:54 +0000 (15:09 +0000)]
Reword comment to fit on a single line
tb [Sat, 1 Jul 2023 15:03:05 +0000 (15:03 +0000)]
tmp is a silly name for a point on an elliptic curve
tb [Sat, 1 Jul 2023 14:57:51 +0000 (14:57 +0000)]
Garbage collect the now unused len
tb [Sat, 1 Jul 2023 14:56:12 +0000 (14:56 +0000)]
Test and assign for EC_KEY_get0_private_key()
tb [Sat, 1 Jul 2023 14:53:48 +0000 (14:53 +0000)]
Add a missing NULL check for group
ok jsing
tb [Sat, 1 Jul 2023 14:52:34 +0000 (14:52 +0000)]
Reference commit needed in the next major bump
tb [Sat, 1 Jul 2023 14:50:39 +0000 (14:50 +0000)]
Simplify handling of ret
ok jsing
tb [Sat, 1 Jul 2023 14:48:01 +0000 (14:48 +0000)]
Use BN_bn2binpad() instead of handrolling it
As ugly as the BN_bn2binpad() internals are, what it does is quite handy
with all sorts of EC stuff. So use it here too and eliminate some ugly
manual pointer zeroing and offsets. Also switch len and buflen from size_t
to int to remove an iffy cast: both are set by functions that return a
non-negative int.
ok jsing
tb [Sat, 1 Jul 2023 14:39:34 +0000 (14:39 +0000)]
Remove unused y from ECDH key computation
ok jsing
tb [Sat, 1 Jul 2023 09:04:19 +0000 (09:04 +0000)]
crypto.h: move the error stuff to the end
The other public headers have function and reason codes at the end because
the error header was inlined. This was also the case here, too, until the
automatic library initialization was appended.
jsing [Sat, 1 Jul 2023 08:27:26 +0000 (08:27 +0000)]
Warn and fail to attach dwmmc(4) if no clock base is found.
This makes it easier to track down clock related issues.
ok kettenis@
jsing [Sat, 1 Jul 2023 08:22:41 +0000 (08:22 +0000)]
Add support for JH7110 to dwmmc(4).
This makes the eMMC and microSD mostly work on the Starfive VisionFive 2.
ok kettenis@
jsing [Sat, 1 Jul 2023 08:20:38 +0000 (08:20 +0000)]
Add support for JH7110 to stftemp(4).
This adds temperature sensor support for the Starfive VisionFive 2.
ok kettenis@
tb [Sat, 1 Jul 2023 08:15:31 +0000 (08:15 +0000)]
Simplify ASN1_bn_print() usage in ec/
ASN1_bn_print() doesn't print anything if the BIGNUM passed in is NULL.
Also simplify the handling of the point conversion form of the generator.
ok jsing
nicm [Fri, 30 Jun 2023 21:55:08 +0000 (21:55 +0000)]
Change a few types to fix warnings, from Thomas Klausner.
tb [Fri, 30 Jun 2023 18:19:35 +0000 (18:19 +0000)]
whitespace
jsg [Fri, 30 Jun 2023 13:31:37 +0000 (13:31 +0000)]
sepcific -> specific
ok claudio@
nicm [Fri, 30 Jun 2023 13:19:32 +0000 (13:19 +0000)]
Get rid of some warnings with GCC 10, from Thomas Klausner.
sashan [Fri, 30 Jun 2023 12:16:00 +0000 (12:16 +0000)]
let check_table() also print table@anchor when it exits
unexpectedly via call to fatal()
OK claudio@
mvs [Fri, 30 Jun 2023 11:52:11 +0000 (11:52 +0000)]
Use "newcon" instead of "netlck" as identifier of the sleep reason while
awaiting concurrent sonewconn() threads termination.
ok bluhm
mvs [Fri, 30 Jun 2023 09:58:30 +0000 (09:58 +0000)]
Introduce M_PF type for pf(4) related memory allocations. Currently used
M_TEMP and M_IFADDR types are unreasonable for that purpose. This
dedicated statistics simplify the future pf(4) unlocking work by
decreasing search area of possible memory leaks.
ok bluhm sashan
otto [Fri, 30 Jun 2023 06:24:58 +0000 (06:24 +0000)]
Recommit "Allow to ask for deeper callers for leak reports using
malloc options"
Now only enabled for platforms where it's know to work and written
as a inline functions instead of a macro.
dv [Thu, 29 Jun 2023 20:58:08 +0000 (20:58 +0000)]
acpi(4)/acpibtn(4): use opt-in approach for wakeup GPEs
Previously, any discovered GPE that could be enabled for wake was
being enabled prior to entering ACPI-based S3 or S4. On some newer
machines, this caused S3-based suspend to break as some devices we
don't fully control (e.g. lack of driver) might be capable of waking
the system and will do so almost instantly if the GPE is enabled for
wake up (i.e. the so called "instant wake" issue).
This changes to a model of having device drivers explicitly opt
into using their GPE for wake up.
The first driver to explicitly toggle a GPE for wake is acpibtn(4).
Variations of the above have been in snapshots for 2 weeks, so
tested by many.
ok deraadt@
krw [Thu, 29 Jun 2023 20:10:11 +0000 (20:10 +0000)]
Fix handling of 'N-* 100' template entries.
'N-* 100' means a max of all 'extra' disk space not all disk
space.
Fixes templates with partitions after a 'N-* 100' entry.
Reported by anton@
florian [Thu, 29 Jun 2023 19:38:49 +0000 (19:38 +0000)]
Update to nsd 4.7.0
OK tb
claudio [Thu, 29 Jun 2023 16:24:53 +0000 (16:24 +0000)]
Spaces vs tabs
from florian@
claudio [Thu, 29 Jun 2023 16:11:02 +0000 (16:11 +0000)]
Rewrite pfe_route() to actually work on 64bit archs since IPv6 had to be
special. One can not define a struct for the route message since there is
different padding between 32 and 64 bit systems for struct sockaddr_in6.
Instead do what all other daemons do and use struct sockaddr_storage,
iovec and writev.
Problem reported by Joerg Streckfuss (streckfuss at dfn-cert.de)
OK tb@
tb [Thu, 29 Jun 2023 14:33:35 +0000 (14:33 +0000)]
rpki-client: fix vap_pas stats
A small mistake in a diff broke the counters. Make them AFI agnostic and
adjust ometric output.
guidance & ok claudio
claudio [Thu, 29 Jun 2023 14:09:42 +0000 (14:09 +0000)]
In rrdp_session_save() stop the loop over deltas once MAX_RRDP_DELTAS
have been processed.
With and OK tb@
tb [Thu, 29 Jun 2023 10:29:18 +0000 (10:29 +0000)]
update rpki-regress. log.c is no more.
tb [Thu, 29 Jun 2023 10:28:25 +0000 (10:28 +0000)]
Retire log.c
Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.
suggested by claudio
ok job
job [Thu, 29 Jun 2023 10:22:37 +0000 (10:22 +0000)]
There no longer is a need to wrap the (now AFI-agnostic) ASPA providers in objects in filemode
OK claudio@
jsg [Thu, 29 Jun 2023 07:58:54 +0000 (07:58 +0000)]
regen
jsg [Thu, 29 Jun 2023 07:58:15 +0000 (07:58 +0000)]
add Intel Raptor Lake / 700 Series LP ids
from:
13th Generation Intel Core Processors
Datasheet, Volume 1 of 2, Doc. No.: 743844, Rev.: 005
Intel 700 Series Chipset Family On-Package Platform Controller Hub (PCH)
Datasheet, Volume 1 of 2, Doc. No.: 763122, Rev.: 001
0xa75d (IPU) 0xa72f 0xa76e (TBT PCIE) not in tables
inferred from a dmesg and pci dev:func descriptions in
13th Generation Intel Core Processors
Datasheet, Volume 2 of 2, Doc. No.: 764981, Rev.: 1.2
tb [Thu, 29 Jun 2023 06:12:04 +0000 (06:12 +0000)]
Drop the no longer necessary -DLIBRESSL_CRYPTO_INTERNAL
ok miod
tb [Thu, 29 Jun 2023 06:11:33 +0000 (06:11 +0000)]
Move check_defer() and obj_cleanup_defer to evp/names.c
These formerly public symbols are the last things hidden by
LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c
Unfortunately, check_defer() needs to know about NUM_NIDS, so
its implementation needs to remain in obj_dat.c, the only file
that can include obj_dat.h due to NID tables.
ok miod
sashan [Wed, 28 Jun 2023 21:33:35 +0000 (21:33 +0000)]
pfioctl() must make sure pfioctl_rw() gets unlocked before function returns.
OK bluhm@
tb [Wed, 28 Jun 2023 18:07:07 +0000 (18:07 +0000)]
Adjust EC_GROUP_get_basis_type() documentation
After the GF2m removal, this function always returns 0, so adjust the
documentation and remove EC_GROUP_get_{trinomial,pentanomial}_basis()
that were left behind. Also add a tiny grammar tweak in the HISTORY
section.
op [Wed, 28 Jun 2023 17:36:51 +0000 (17:36 +0000)]
revert makefile change included by mistake in previous
op [Wed, 28 Jun 2023 17:36:09 +0000 (17:36 +0000)]
drop needless strcspn in the header parsing
like done in ftp' fetch.c revision 1.216.
ok tb
op [Wed, 28 Jun 2023 17:35:06 +0000 (17:35 +0000)]
drop needless strcspn in the header parsing
since fetch.c revision 1.211, ftp removes trailingwhitespaces early so
there's no need to re-do that when parsing a header.
while here, remove an unused variable too.
ok tb, millert
tb [Wed, 28 Jun 2023 17:24:20 +0000 (17:24 +0000)]
The warning noise due to the ASPA transition is just that: noise.
Switch to warnx() instead of cryptowarnx() for now.
ok job
kn [Wed, 28 Jun 2023 15:36:08 +0000 (15:36 +0000)]
Revert r1.406 "Close all pf transactions before opening a new one in DIOCGETRULES."
regress/sbin/pfctl panics with "rw_enter: pfioctl_rw locking against myself"
as reported by bluhm on bugs@.
tobhe [Wed, 28 Jun 2023 14:10:24 +0000 (14:10 +0000)]
Add support to verify X509 chain from CERT payloads.
Encode cert and intermediate CAs in new cert bundle object,
so the information can be passed to the ca process in one step.
Pass untrusted intermediates to X509_verify_cert().
From markus@
gerhard [Wed, 28 Jun 2023 12:31:19 +0000 (12:31 +0000)]
Don't call daemon() after proc_init(), otherwise the child processes
would lose their parent.
ok tobhe@
krw [Wed, 28 Jun 2023 12:12:48 +0000 (12:12 +0000)]
Refactor editor_allocspace() into easier to follow pieces.
editor_allocspace() interates over alloc_tables calling
allocate_space(). allocate_space() iterates over
space_allocations calling allocate_partition().
allocate_partition() calls allocate_diskchunk() which finds disk
space for the partition.
No intentional functional change.
ok otto@
kn [Wed, 28 Jun 2023 11:49:49 +0000 (11:49 +0000)]
use refcnt API for multicast addresses, add tracepoint:refcnt:ifmaddr probe
Replace hand-rolled reference counting with refcnt_init(9) and hook it up
with a new dt(4) probe.
OK bluhm mvs
op [Wed, 28 Jun 2023 11:07:28 +0000 (11:07 +0000)]
fix parsing of the Last-Modified header
Was overlooked in r1.209.
diff from 'a dog' (OpenBSD [at] anthropomorphic [dot] dog)
ok tb, sthen
op [Wed, 28 Jun 2023 08:37:52 +0000 (08:37 +0000)]
add `notab' to the list of modes that can be set with set-default-mode
specify also that it can be set globally with set-default-mode, as done
in the description of the other built-in modes.
Diff from Simon Branch (that I got via jmc@), thanks!
claudio [Wed, 28 Jun 2023 08:23:25 +0000 (08:23 +0000)]
First step at removing struct sleep_state.
Pass the timeout and sleep priority not only to sleep_setup() but also
to sleep_finish(). With that sls_timeout and sls_catch can be removed
from struct sleep_state.
The timeout is now setup first thing in sleep_finish() and no longer as
last thing in sleep_setup(). This should not cause a noticeable difference
since the code run between sleep_setup() and sleep_finish() is minimal.
OK kettenis@
patrick [Tue, 27 Jun 2023 22:38:46 +0000 (22:38 +0000)]
Add qctsens(4), a driver for the Temperature Sensor found on Qualcomm SoCs.
The driver not only provides the temperature readings for the cores, cluster
and memory in hw.sensors, but also allows the thermal zone code to act on
temperature changes.
ok drahn@
patrick [Tue, 27 Jun 2023 22:31:27 +0000 (22:31 +0000)]
Inform fw_update(8) about qcpas(4) pattern.
ok kettenis@
mvs [Tue, 27 Jun 2023 21:02:13 +0000 (21:02 +0000)]
Introduce M_IFGROUP type of memory allocation. M_TEMP is unreasonable
for interface groups data allocations.
ok kn claudio bluhm
tb [Tue, 27 Jun 2023 18:19:59 +0000 (18:19 +0000)]
Zap stray space
kn [Tue, 27 Jun 2023 17:36:56 +0000 (17:36 +0000)]
Use shared net lock for DIOCGETIFACES
snmpd(8) and 'pfctl -s Interfaces' dump pf's internal list of interfaces.
pf's internal interface list is completely protected by the pf lock,
pf lock assertions since pf_if.c r1.110 from over a week ago support this.
pfi_*() iterate over net lock protected if_groups lists, but only to read,
so downgrade from exclusive write net lock to a shared read-only one.
Feedback mvs
OK sashan
kn [Tue, 27 Jun 2023 17:29:38 +0000 (17:29 +0000)]
Remove net lock from DIOC{SET,CLR}IFFLAG
pf.conf's 'set skip on ifN' and 'pfctl -F all|Reset' set and clear flags,
PFI_IFLAG_SKIP being the only flag. Nothing else in base uses these ioctls
and internal state is protected by the pf lock already.
OK sashan
stsp [Tue, 27 Jun 2023 15:31:27 +0000 (15:31 +0000)]
Attach 0x51f1 devices to iwx(4) and fix params used for 0x7a70 devices.
from reyk@
stsp [Tue, 27 Jun 2023 15:30:55 +0000 (15:30 +0000)]
regen
stsp [Tue, 27 Jun 2023 15:30:25 +0000 (15:30 +0000)]
add 0x51f1 iwx(4) PCI device ID; from reyk@
claudio [Tue, 27 Jun 2023 14:17:00 +0000 (14:17 +0000)]
Make it possible to store the kstack or ustack in a map (as value, not key).
Additionally fix the bacmp() function to work on integers and strings.
bacmp() is used when maps are printed out since the output is sorted by value.
Also adjust the rule parser to look into correctly into if branches to figure
out which values to request from the kernel.
OK kn@
claudio [Tue, 27 Jun 2023 14:13:33 +0000 (14:13 +0000)]
Document the map specific functions (count, max, min, sum) in their own
part of the bt.5 man page.
Input and OK kn@
espie [Tue, 27 Jun 2023 11:11:46 +0000 (11:11 +0000)]
remove allupdates marker, it was only used by the short-lived
"@option explicit-update" flavor of firmware circa 2013.
pkg_add hasn't needed to know about this since basically forever
tb [Tue, 27 Jun 2023 11:03:41 +0000 (11:03 +0000)]
Switch from get_rfc*() to BN_get_rfc*()
The existence of the public get_rfc*() API is a historic curiosity that may
soon be corrected. We inherited its use and it survived in libssl until now.
Switch to the better named BN_get_rfc*() wrappers.
ok jsing
cheloha [Tue, 27 Jun 2023 10:11:15 +0000 (10:11 +0000)]
amd64: MCOUNT_EXIT: restore interrupts, don't unconditionally reenable them
This bug can cause all sorts of problems, but in particular it was
most easily reproduced as a double fault in the syscall return path on
this CPU model:
Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
Tons of help from guenther@ in narrowing down the root cause. Fix
tweaked by guenther@. Additional input from deraadt@ and kettenis@.
ok guenther@
ratchov [Tue, 27 Jun 2023 09:28:08 +0000 (09:28 +0000)]
Return error if the USB request to get the sample rate fails.
found by mlarkin
tb [Tue, 27 Jun 2023 07:32:29 +0000 (07:32 +0000)]
Remove some dead code from ECPKParameters_print()
This code is unreachable since binary curve support was removed.
There is a lot more to clean up in here...
ok jsing
tb [Tue, 27 Jun 2023 07:31:18 +0000 (07:31 +0000)]
Remove the now unused poly[] from EC_GROUP
This was needed for defining the multiplication over binary fields. Since
that code is gone, this is no longer needed.
ok jsing
tb [Tue, 27 Jun 2023 07:28:57 +0000 (07:28 +0000)]
Simplify EC_GROUP_get_basis_type()
The remaining EC_METHODs in libcrypto all have a field type of
NID_X9_62_prime_field, so this function always returns 0. Make
that more obvious.
ok jsing
guenther [Mon, 26 Jun 2023 19:03:03 +0000 (19:03 +0000)]
On amd64, test whether PKU has been enabled and set our expectation
of the results based on that. Also, the system now enforces
unreadability in copyin() of ld.so, libc, and application text,
even when PKU isn't enabled, so adjust those results to match.
ok deraadt@ anton@
job [Mon, 26 Jun 2023 18:55:52 +0000 (18:55 +0000)]
Update regress files to aspa-profile-15 format
job [Mon, 26 Jun 2023 18:39:53 +0000 (18:39 +0000)]
Decode and validate ASPA objects following the v1 syntax
Through draft-ietf-sidrops-aspa-profile-15, the ASPA profile was
made AFI-agnostic. This represents a simplification for both operators
and implementers in both the RPKI and BGP layers of the stack.
This update changes the JSON structure.
No effort was made to simultaneously support ASPA v0 and v1 objects.
OK tb@ claudio@
projects / openbsd / log