sync code with last improvements from OpenBSD

distrib/sets/lists/comp/mi

@@ -1951,6 +1951,7 @@
 ./usr/share/man/man3/EVP_SealInit.3
 ./usr/share/man/man3/EVP_SignInit.3
 ./usr/share/man/man3/EVP_VerifyInit.3
+./usr/share/man/man3/EVP_add_cipher.3
 ./usr/share/man/man3/EVP_aes_128_cbc.3
 ./usr/share/man/man3/EVP_camellia_128_cbc.3
 ./usr/share/man/man3/EVP_chacha20.3

lib/libc/locale/MB_CUR_MAX.3

@@ -0,0 +1,118 @@
+.\" $OpenBSD: MB_CUR_MAX.3,v 1.1 2023/08/25 12:45:45 schwarze Exp $
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 25 2023 $
+.Dt MB_CUR_MAX 3
+.Os
+.Sh NAME
+.Nm MB_CUR_MAX
+.Nd maximum number of bytes in a multibyte character
+.Sh SYNOPSIS
+.In stdlib.h
+.Ft size_t
+.Sy MB_CUR_MAX
+.Pp
+.In limits.h
+.Fd #define MB_LEN_MAX 4
+.Sh DESCRIPTION
+.Nm
+is a macro that returns the maximum number of bytes needed to
+represent any multibyte character in the current character encoding.
+Usually, the character encoding is selected for the whole program using
+.Xr setlocale 3
+with a
+.Fa category
+argument of
+.Dv LC_CTYPE ,
+but it can be overridden on a per-thread basis using
+.Xr uselocale 3 .
+.Pp
+By default and in the
+.Qq C
+locale,
+.Nm MB_CUR_MAX
+returns 1.
+On
+.Ox ,
+the only other possible return value is 4;
+it occurs when using a UTF-8 locale.
+On other systems,
+.Nm
+may return positive values other than 1 or 4.
+.Pp
+.Dv MB_LEN_MAX
+is a constant specifying the maximum number of bytes needed to
+represent any multibyte character in any supported character encoding.
+On
+.Ox ,
+it is always 4.
+On other systems, it may have a different value greater than or equal to 1.
+.Sh RETURN VALUES
+On any system,
+.Nm
+returns an integral value in the range from 1 to
+.Dv MB_LEN_MAX ,
+inclusive.
+.Sh EXAMPLES
+Size a buffer in a portable way to hold one single multibyte character:
+.Bd -literal -offset indent
+char	 buf[MB_LEN_MAX];
+wchar_t	 wchar;  /* input value */
+
+if (wctomb(buf, wchar) == -1)
+	/* error */
+.Ed
+.Pp
+Switch between code handling the
+.Xr ascii 7
+and
+UTF-8 character encodings in an
+.Ox Ns -specific
+way
+.Pq not portable :
+.Bd -literal -offset indent
+if (MB_CUR_MAX == 1) {
+	/* Code to handle ASCII-encoded single-byte strings. */
+} else {
+	/* Code to handle UTF-8-encoded multibyte strings. */
+}
+.Ed
+.Sh SEE ALSO
+.Xr mblen 3 ,
+.Xr setlocale 3 ,
+.Xr uselocale 3 ,
+.Xr wctomb 3
+.Sh STANDARDS
+.Nm MB_CUR_MAX
+and
+.Dv MB_LEN_MAX
+conform to
+.St -ansiC .
+.Sh HISTORY
+.Nm MB_CUR_MAX
+has been non-constant and thread-dependent since
+.Ox 6.2 .
+.Sh CAVEATS
+Since
+.Nm
+is thread-dependent, calling it in a loop that processes individual
+bytes or characters is likely to slow down the loop considerably.
+If possible, consider calling it once before the loop and caching
+the return value in a local variable to improve performance.
+The value remains valid as long as the thread does not call
+.Xr setlocale 3
+or
+.Xr uselocale 3 .

lib/libc/locale/Makefile.inc

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.27 2023/08/20 15:02:51 schwarze Exp $
+#	$OpenBSD: Makefile.inc,v 1.28 2023/08/25 12:45:45 schwarze Exp $
 
 # locale sources
 .PATH: ${LIBCSRCDIR}/locale
@@ -18,7 +18,7 @@ SRCS+=	_def_messages.c _def_monetary.c _def_numeric.c _def_time.c \
 
 MAN+=	nl_langinfo.3 setlocale.3 newlocale.3 uselocale.3 localeconv.3 \
 	iswalnum.3 towlower.3 \
-	btowc.3 c16rtomb.3 mblen.3 mbrlen.3 mbrtoc16.3 mbrtowc.3 \
+	btowc.3 c16rtomb.3 MB_CUR_MAX.3 mblen.3 mbrlen.3 mbrtoc16.3 mbrtowc.3 \
 	mbsinit.3 mbsrtowcs.3 \
 	mbstowcs.3 mbtowc.3 wcrtomb.3 wcscoll.3 wcsrtombs.3 wcstod.3 \
 	wcstol.3 wcstombs.3 wcsxfrm.3 wctob.3 wctomb.3 \

lib/libcrypto/arch/riscv64/Makefile.inc

@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile.inc,v 1.1 2023/07/07 15:51:03 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.2 2023/08/25 02:17:41 tb Exp $
 
 # riscv64 libcrypto build rules
 
 # aes
 SRCS+= aes_core.c
-SRCS+= aes_cbc.c 
+SRCS+= aes_cbc.c
 
 # bf
 SRCS+= bf_enc.c

lib/libcrypto/bio/bio.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio.h,v 1.59 2023/07/28 09:58:30 tb Exp $ */
+/* $OpenBSD: bio.h,v 1.60 2023/08/25 12:37:33 schwarze Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -524,9 +524,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
 /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
 int BIO_set_ex_data(BIO *bio, int idx, void *data);
 void *BIO_get_ex_data(BIO *bio, int idx);
-int
-BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 unsigned long BIO_number_read(BIO *bio);
 unsigned long BIO_number_written(BIO *bio);
 
@@ -600,12 +599,10 @@ int BIO_dgram_non_fatal_error(int _error);
 
 int BIO_fd_should_retry(int i);
 int BIO_fd_non_fatal_error(int _error);
-int
-BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
-void *u, const char *s, int len);
-int
-BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
-void *u, const char *s, int len, int indent);
+int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
+    void *u, const char *s, int len);
+int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
+    void *u, const char *s, int len, int indent);
 int BIO_dump(BIO *b, const char *bytes, int len);
 int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
 int BIO_dump_fp(FILE *fp, const char *s, int len);
@@ -636,9 +633,8 @@ BIO *BIO_new_fd(int fd, int close_flag);
 BIO *BIO_new_connect(const char *host_port);
 BIO *BIO_new_accept(const char *host_port);
 
-int
-BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
-BIO **bio2, size_t writebuf2);
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+    BIO **bio2, size_t writebuf2);
 /* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
  * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
  * Size 0 uses default value.

lib/libcrypto/evp/evp.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.118 2023/04/25 18:39:12 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.119 2023/08/25 12:37:33 schwarze Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -310,7 +310,7 @@ typedef struct evp_cipher_info_st {
 } EVP_CIPHER_INFO;
 
 /* Password based encryption function */
-typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+typedef int EVP_PBE_KEYGEN(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
     ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de);
 
 #ifndef OPENSSL_NO_RSA
@@ -925,7 +925,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
 void PKCS5_PBE_add(void);
 
-int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
 
 /* PBE type */
@@ -965,8 +965,8 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags,
     const char **pinfo, const char **ppem_str,
     const EVP_PKEY_ASN1_METHOD *ameth);
 
-const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
-EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, const char *pem_str,
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
+EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, const char *pem_str,
     const char *info);
 void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
     const EVP_PKEY_ASN1_METHOD *src);
@@ -1073,7 +1073,7 @@ void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
 #define EVP_PKEY_FLAG_SIGCTX_CUSTOM	4
 
 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
-EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
+EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
 void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
     const EVP_PKEY_METHOD *meth);
 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);

lib/libcrypto/man/EVP_add_cipher.3

@@ -0,0 +1,180 @@
+.\" $OpenBSD: EVP_add_cipher.3,v 1.5 2023/08/25 13:26:27 schwarze Exp $
+.\"
+.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 25 2023 $
+.Dt EVP_ADD_CIPHER 3
+.Os
+.Sh NAME
+.Nm EVP_add_cipher ,
+.Nm EVP_add_cipher_alias ,
+.Nm EVP_delete_cipher_alias ,
+.Nm EVP_add_digest ,
+.Nm EVP_add_digest_alias ,
+.Nm EVP_delete_digest_alias
+.Nd maintain cipher and digest lookup by names
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_add_cipher
+.Fa "const EVP_CIPHER *cipher"
+.Fc
+.Ft int
+.Fo EVP_add_cipher_alias
+.Fa "const char *name"
+.Fa "const char *alias"
+.Fc
+.Ft int
+.Fo EVP_delete_cipher_alias
+.Fa "const char *alias"
+.Fc
+.Ft int
+.Fo EVP_add_digest
+.Fa "const EVP_MD *md"
+.Fc
+.Ft int
+.Fo EVP_add_digest_alias
+.Fa "const char *name"
+.Fa "const char *alias"
+.Fc
+.Ft int
+.Fo EVP_delete_digest_alias
+.Fa "const char *alias"
+.Fc
+.Sh DESCRIPTION
+.Fn EVP_add_cipher
+adds
+.Fa cipher
+to a global lookup table so that it can be retrieved with
+.Xr EVP_get_cipherbyname 3
+using both its long and short names,
+as determined by the
+.Fa cipher Ns 's
+NID via
+.Xr OBJ_nid2ln 3
+and
+.Xr OBJ_nid2sn 3 .
+It is the caller's responsibility to ensure that the long
+and short names are not
+.Dv NULL .
+Internally, the lookup table is the global associative array and
+.Xr OBJ_NAME_add 3
+is used to add two key-value pairs with value pointer
+.Fa cipher
+and the keys consisting of the names and
+the type
+.Dv OBJ_NAME_TYPE_CIPHER_METH .
+.Pp
+.Fn EVP_add_cipher_alias
+and
+.Fn EVP_delete_cipher_alias
+add and remove the
+.Fa alias
+for the cipher
+.Fa name .
+They are implemented as macros wrapping
+.Xr OBJ_NAME_add 3
+and
+.Xr OBJ_NAME_remove 3
+with
+.Fa type
+set to the bitwise or of
+.Dv OBJ_NAME_TYPE_CIPHER_METH
+and
+.Dv OBJ_NAME_ALIAS .
+.Pp
+.Fn EVP_add_digest
+adds
+.Fa md
+to a global lookup table so that it can be retrieved with
+.Xr EVP_get_digestbyname 3
+using both its long and short names,
+as determined by the
+.Fa md Ns 's
+NID via
+.Xr OBJ_nid2ln 3
+and
+.Xr OBJ_nid2sn 3 .
+If the
+.Fa md
+has an associated public key signing algorithm (see
+.Xr EVP_MD_pkey_type 3 )
+distinct from the
+.Fa md ,
+the signing algorithm's short and long names are added as aliases for
+the short name of
+.Fa md .
+It is the caller's responsibility to ensure that all long
+and short names are not
+.Dv NULL .
+Internally, the lookup table is the global associative array and
+.Xr OBJ_NAME_add 3
+is used to add two key-value pairs with value pointer
+.Fa md
+and the keys consisting of the names and
+the type
+.Dv OBJ_NAME_TYPE_MD_METH .
+The aliases are added with
+.Fn EVP_add_digest_alias .
+.Pp
+.Fn EVP_add_digest_alias
+and
+.Fn EVP_delete_digest_alias
+add and remove the
+.Fa alias
+for the digest
+.Fa name .
+They are implemented as macros wrapping
+.Xr OBJ_NAME_add 3
+and
+.Xr OBJ_NAME_remove 3
+with
+.Fa type
+set to the bitwise or of
+.Dv OBJ_NAME_TYPE_MD_METH
+and
+.Dv OBJ_NAME_ALIAS .
+.Sh RETURN VALUES
+These functions return 1 on success and 0 on failure.
+.Sh SEE ALSO
+.Xr evp 3 ,
+.Xr EVP_CIPHER_meth_new 3 ,
+.Xr EVP_get_cipherbyname 3 ,
+.Xr EVP_get_digestbyname 3 ,
+.Xr EVP_MD_meth_new 3 ,
+.Xr OBJ_create 3 ,
+.Xr OBJ_NAME_add 3 ,
+.Xr OpenSSL_add_all_algorithms 3
+.Sh HISTORY
+.Fn EVP_add_cipher
+and
+.Fn EVP_add_digest
+first appeared in OpenSSL 0.9.0 and have been available since
+.Ox 2.4 .
+.Pp
+.Fn EVP_add_cipher_alias ,
+.Fn EVP_delete_cipher_alias ,
+.Fn EVP_add_digest_alias ,
+and
+.Fn EVP_delete_digest_alias
+first appeared in OpenSSL 0.9.4 and have been available since
+.Ox 2.6 .
+.Sh BUGS
+Key-value pairs already added before an error occurred
+remain in the global associative array,
+leaving it in an unknown state.
+.Pp
+While aliases can be added and removed, there is no dedicated API
+to remove added ciphers or digests.

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.261 2023/08/15 11:26:49 schwarze Exp $
+# $OpenBSD: Makefile,v 1.262 2023/08/25 05:29:35 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -198,6 +198,7 @@ MAN=	\
 	EVP_SealInit.3 \
 	EVP_SignInit.3 \
 	EVP_VerifyInit.3 \
+	EVP_add_cipher.3 \
 	EVP_aes_128_cbc.3 \
 	EVP_camellia_128_cbc.3 \
 	EVP_chacha20.3 \

lib/libcrypto/man/OpenSSL_add_all_algorithms.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.12 2023/07/21 05:02:53 tb Exp $
+.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.13 2023/08/25 05:38:52 tb Exp $
 .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 21 2023 $
+.Dd $Mdocdate: August 25 2023 $
 .Dt OPENSSL_ADD_ALL_ALGORITHMS 3
 .Os
 .Sh NAME
@@ -107,6 +107,7 @@ removing all application-defined types, key-value pairs, and aliases,
 including any that are unrelated to the EVP library.
 .Sh SEE ALSO
 .Xr evp 3 ,
+.Xr EVP_add_cipher 3 ,
 .Xr EVP_DigestInit 3 ,
 .Xr EVP_EncryptInit 3 ,
 .Xr OBJ_cleanup 3 ,

lib/libcrypto/man/evp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.17 2023/08/15 11:26:49 schwarze Exp $
+.\" $OpenBSD: evp.3,v 1.18 2023/08/25 05:29:35 tb Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 15 2023 $
+.Dd $Mdocdate: August 25 2023 $
 .Dt EVP 3
 .Os
 .Sh NAME
@@ -194,6 +194,7 @@ operations are more efficient using the high-level interfaces.
 .Xr ENGINE_get_cipher 3 ,
 .Xr ENGINE_register_RSA 3 ,
 .Xr EVP_AEAD_CTX_init 3 ,
+.Xr EVP_add_cipher 3 ,
 .Xr EVP_aes_128_cbc 3 ,
 .Xr EVP_BytesToKey 3 ,
 .Xr EVP_camellia_128_cbc 3 ,