From 5d2411cf50f258fdd57a7766075f07a34230cc07 Mon Sep 17 00:00:00 2001 From: purplerain Date: Sat, 27 Apr 2024 05:51:42 +0000 Subject: [PATCH] sync with OpenBSD -current --- lib/libcrypto/man/EC_GROUP_new.3 | 61 +++++++++++++++++++++-- regress/sys/kern/pledge/generic/manager.c | 4 +- regress/sys/kern/pledge/generic/tests.out | 4 +- 3 files changed, 61 insertions(+), 8 deletions(-) diff --git a/lib/libcrypto/man/EC_GROUP_new.3 b/lib/libcrypto/man/EC_GROUP_new.3 index 7a539eb92..d0e95c985 100644 --- a/lib/libcrypto/man/EC_GROUP_new.3 +++ b/lib/libcrypto/man/EC_GROUP_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EC_GROUP_new.3,v 1.15 2023/04/27 09:35:20 tb Exp $ +.\" $OpenBSD: EC_GROUP_new.3,v 1.16 2024/04/26 14:23:03 tb Exp $ .\" OpenSSL 6328d367 Sat Jul 4 21:58:30 2020 +0200 .\" .\" This file was written by Matt Caswell . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 27 2023 $ +.Dd $Mdocdate: April 26 2024 $ .Dt EC_GROUP_NEW 3 .Os .Sh NAME @@ -61,7 +61,9 @@ .Nm EC_GROUP_get_curve , .Nm EC_GROUP_set_curve_GFp , .Nm EC_GROUP_get_curve_GFp , -.Nm EC_get_builtin_curves +.Nm EC_get_builtin_curves , +.Nm EC_curve_nid2nist , +.Nm EC_curve_nist2nid .Nd create and destroy EC_GROUP objects .Sh SYNOPSIS .In openssl/ec.h @@ -126,6 +128,14 @@ .Fa "EC_builtin_curve *r" .Fa "size_t nitems" .Fc +.Ft "const char *" +.Fo EC_curve_nid2nist +.Fa "int nid" +.Fc +.Ft int +.Fo EC_curve_nist2nid +.Fa "const char *name" +.Fc .Sh DESCRIPTION The EC library provides functions for performing operations on elliptic curves over finite fields. @@ -249,6 +259,30 @@ If is a .Dv NULL pointer, no action occurs. +.Pp +Some builtin curves can be identified by their NIST name +in addition to a numerical identifier (NID). +.Fn EC_curve_nid2nist +and +.Fn EC_curve_nist2nid +translate between the two. +The five built-in prime curves are: +.Pp +.Bl -column "NIST name" NID_X9_62_prime256v1 "deprecated in SP800-186" -compact +.It No NIST Fa name Ta Em ASN.1 NID Ta Em notes +.It Qq P-192 Ta Dv NID_X9_62_prime192v1 Ta No deprecated in SP800-186 +.It Qq P-224 Ta Dv NID_secp224r1 Ta +.It Qq P-256 Ta Dv NID_X9_62_prime256v1 Ta +.It Qq P-384 Ta Dv NID_secp384r1 Ta +.It Qq P-521 Ta Dv NID_secp521r1 Ta +.El +.Pp +.Fn EC_curve_nid2nist +and +.Fn EC_curve_nist2nid +also accept the ten binary curves defined in FIPS\& 186-4 +and deprecated in SP800-186, +although they no longer correspond to builtin curves in LibreSSL. .Sh RETURN VALUES All .Fn EC_GROUP_new* @@ -259,6 +293,19 @@ on error. .Fn EC_get_builtin_curves returns the number of builtin curves that are available. .Pp +.Fn EC_curve_nid2nist +returns a string constant containing the NIST name if +.Fa nid +identifies a NIST curve or +.Dv NULL +otherwise. +.Pp +.Fn EC_curve_nist2nid +returns the NID corresponding to the NIST curve +.Fa name , +or +.Dv NID_undef . +.Pp .Fn EC_GROUP_set_curve , .Fn EC_GROUP_get_curve , .Fn EC_GROUP_set_curve_GFp , @@ -286,11 +333,17 @@ and first appeared in OpenSSL 0.9.7 and have been available since .Ox 3.2 . .Pp -.Fn EC_GROUP_new_by_curve_name , +.Fn EC_GROUP_new_by_curve_name and .Fn EC_get_builtin_curves first appeared in OpenSSL 0.9.8 and have been available since .Ox 4.5 . +.Fn EC_curve_nid2nist , +and +.Fn EC_curve_nist2nid +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 5.8 . +.Pp .Fn EC_GROUP_set_curve and .Fn EC_GROUP_get_curve diff --git a/regress/sys/kern/pledge/generic/manager.c b/regress/sys/kern/pledge/generic/manager.c index 1f4225e1a..207923bc2 100644 --- a/regress/sys/kern/pledge/generic/manager.c +++ b/regress/sys/kern/pledge/generic/manager.c @@ -1,4 +1,4 @@ -/* $OpenBSD: manager.c,v 1.7 2017/12/15 14:45:51 bluhm Exp $ */ +/* $OpenBSD: manager.c,v 1.8 2024/04/26 04:44:43 jsg Exp $ */ /* * Copyright (c) 2015 Sebastien Marie * @@ -330,7 +330,7 @@ _start_test(int *ret, const char *test_name, const char *request, } /* grab pledged syscall from dmesg */ - if ((signal == SIGKILL) || (signal = SIGABRT)) { + if (signal == SIGKILL || signal == SIGABRT) { int syscall = grab_syscall(pid); switch (syscall) { case -1: /* error */ diff --git a/regress/sys/kern/pledge/generic/tests.out b/regress/sys/kern/pledge/generic/tests.out index 0a4be8c28..44c1bb46f 100644 --- a/regress/sys/kern/pledge/generic/tests.out +++ b/regress/sys/kern/pledge/generic/tests.out @@ -1,4 +1,4 @@ -# $OpenBSD: tests.out,v 1.13 2017/02/19 19:59:12 tb Exp $ +# $OpenBSD: tests.out,v 1.14 2024/04/26 04:44:43 jsg Exp $ test(test_nop): pledge=("",NULL) status=0 exit=0 test(test_inet): pledge=("",NULL) status=134 signal=6 coredump=present pledged_syscall=97 test(test_inet): pledge=("abort",NULL) status=5632 exit=22 (errno: "Invalid argument") @@ -6,7 +6,7 @@ test(test_inet): pledge=("stdio",NULL) status=134 signal=6 coredump=present pled test(test_inet): pledge=("inet",NULL) status=134 signal=6 coredump=present pledged_syscall=6 test(test_inet): pledge=("stdio inet",NULL) status=0 exit=0 test(test_kill): pledge=("fattr",NULL) status=134 signal=6 coredump=present pledged_syscall=122 -test(test_kill): pledge=("stdio",NULL) status=2 signal=2 pledged_syscall=not_found +test(test_kill): pledge=("stdio",NULL) status=2 signal=2 test(test_rpath): pledge=("stdio rpath",NULL) status=0 exit=0 test(test_wpath): pledge=("stdio wpath",NULL) status=0 exit=0 test(test_cpath): pledge=("cpath",NULL) status=0 exit=0