sync with OpenBSD -current

etc/rc

@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.572 2023/10/01 20:15:23 naddy Exp $
+#	$OpenBSD: rc,v 1.573 2024/03/30 07:35:01 deraadt Exp $
 
 # System startup script run by init on autoboot or after single-user.
 # Output and error are redirected to console by init, and the console is the
@@ -251,8 +251,12 @@ reorder_libs() {
 		if [[ -f $_bint ]]; then
 			echo " $_binn"
 			tar xf $_bint
+			if [[ -f install.sh ]]; then
+				sh install.sh >/dev/null 2>&1
+			else
 				make -f Makefile.relink relink >/dev/null 2>&1
 			fi
+		fi
 		) || { _error=true; break; }
 	done
 

lib/libc/arch/sparc64/fpu/fpu_add.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fpu_add.c,v 1.4 2021/09/17 15:12:28 deraadt Exp $	*/
+/*	$OpenBSD: fpu_add.c,v 1.5 2024/03/29 21:02:11 miod Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -53,7 +53,6 @@
 
 #include <sys/types.h>
 
-#include <machine/frame.h>
 #include <machine/fsr.h>
 #include <machine/instr.h>
 

lib/libc/arch/sparc64/fpu/fpu_compare.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fpu_compare.c,v 1.3 2019/03/15 05:42:38 kevlo Exp $	*/
+/*	$OpenBSD: fpu_compare.c,v 1.4 2024/03/29 21:02:11 miod Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -54,7 +54,6 @@
 
 #include <sys/types.h>
 
-#include <machine/frame.h>
 #include <machine/fsr.h>
 
 #include "fpu_arith.h"

lib/libc/arch/sparc64/fpu/fpu_div.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fpu_div.c,v 1.4 2019/03/15 05:42:38 kevlo Exp $	*/
+/*	$OpenBSD: fpu_div.c,v 1.5 2024/03/29 21:02:11 miod Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -51,7 +51,6 @@
 
 #include <sys/types.h>
 
-#include <machine/frame.h>
 #include <machine/fsr.h>
 
 #include "fpu_arith.h"

lib/libc/arch/sparc64/fpu/fpu_explode.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fpu_explode.c,v 1.11 2021/09/17 15:12:28 deraadt Exp $	*/
+/*	$OpenBSD: fpu_explode.c,v 1.12 2024/03/29 21:02:11 miod Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -52,7 +52,6 @@
 
 #include <sys/types.h>
 
-#include <machine/frame.h>
 #include <machine/fsr.h>
 #include <machine/ieee.h>
 #include <machine/instr.h>

lib/libc/arch/sparc64/fpu/fpu_implode.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fpu_implode.c,v 1.7 2021/09/17 15:12:28 deraadt Exp $	*/
+/*	$OpenBSD: fpu_implode.c,v 1.8 2024/03/29 21:02:11 miod Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -52,7 +52,6 @@
 
 #include <sys/types.h>
 
-#include <machine/frame.h>
 #include <machine/fsr.h>
 #include <machine/ieee.h>
 #include <machine/instr.h>

lib/libc/arch/sparc64/fpu/fpu_mul.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fpu_mul.c,v 1.3 2019/03/15 05:42:38 kevlo Exp $	*/
+/*	$OpenBSD: fpu_mul.c,v 1.4 2024/03/29 21:02:11 miod Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -51,8 +51,6 @@
 
 #include <sys/types.h>
 
-#include <machine/frame.h>
-
 #include "fpu_arith.h"
 #include "fpu_emu.h"
 #include "fpu_extern.h"

lib/libc/arch/sparc64/fpu/fpu_sqrt.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fpu_sqrt.c,v 1.6 2022/12/27 17:10:06 jmc Exp $	*/
+/*	$OpenBSD: fpu_sqrt.c,v 1.7 2024/03/29 21:02:11 miod Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -51,8 +51,6 @@
 
 #include <sys/types.h>
 
-#include <machine/frame.h>
-
 #include "fpu_arith.h"
 #include "fpu_emu.h"
 #include "fpu_extern.h"

lib/libc/arch/sparc64/fpu/fpu_subr.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fpu_subr.c,v 1.4 2021/09/17 15:12:28 deraadt Exp $	*/
+/*	$OpenBSD: fpu_subr.c,v 1.5 2024/03/29 21:02:11 miod Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -51,7 +51,6 @@
 
 #include <sys/types.h>
 
-#include <machine/frame.h>
 #include <machine/fsr.h>
 #include <machine/instr.h>
 

lib/libc/stdlib/malloc.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: malloc.c,v 1.295 2023/12/19 06:59:28 otto Exp $	*/
+/*	$OpenBSD: malloc.c,v 1.296 2024/03/30 07:50:39 miod Exp $	*/
 /*
  * Copyright (c) 2008, 2010, 2011, 2016, 2023 Otto Moerbeek <otto@drijf.net>
  * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
@@ -1428,7 +1428,7 @@ _malloc_init(int from_rthreads)
 	}
 	if (!mopts.malloc_canary) {
 		char *p;
-		size_t sz, d_avail;
+		size_t sz, roundup_sz, d_avail;
 
 		omalloc_init();
 		/*
@@ -1436,20 +1436,20 @@ _malloc_init(int from_rthreads)
 		 * randomise offset inside the page at which the dir_infos
 		 * lay (subject to alignment by 1 << MALLOC_MINSHIFT)
 		 */
-		sz = mopts.malloc_mutexes * sizeof(*d) + 2 * MALLOC_PAGESIZE;
+		sz = mopts.malloc_mutexes * sizeof(*d);
-		if ((p = MMAPNONE(sz, 0)) == MAP_FAILED)
+		roundup_sz = (sz + MALLOC_PAGEMASK) & ~MALLOC_PAGEMASK;
+		if ((p = MMAPNONE(roundup_sz + 2 * MALLOC_PAGESIZE, 0)) ==
+		    MAP_FAILED)
 			wrterror(NULL, "malloc_init mmap1 failed");
-		if (mprotect(p + MALLOC_PAGESIZE, mopts.malloc_mutexes *
+		if (mprotect(p + MALLOC_PAGESIZE, roundup_sz,
-		    sizeof(*d), PROT_READ | PROT_WRITE))
+		    PROT_READ | PROT_WRITE))
 			wrterror(NULL, "malloc_init mprotect1 failed");
-		if (mimmutable(p, sz))
+		if (mimmutable(p, roundup_sz + 2 * MALLOC_PAGESIZE))
 			wrterror(NULL, "malloc_init mimmutable1 failed");
-		d_avail = (((mopts.malloc_mutexes * sizeof(*d) +
+		d_avail = (roundup_sz - sz) >> MALLOC_MINSHIFT;
-		    MALLOC_PAGEMASK) & ~MALLOC_PAGEMASK) -
-		    (mopts.malloc_mutexes * sizeof(*d))) >> MALLOC_MINSHIFT;
 		d = (struct dir_info *)(p + MALLOC_PAGESIZE +
 		    (arc4random_uniform(d_avail) << MALLOC_MINSHIFT));
-		STATS_ADD(d[1].malloc_used, sz);
+		STATS_ADD(d[1].malloc_used, roundup_sz + 2 * MALLOC_PAGESIZE);
 		for (i = 0; i < mopts.malloc_mutexes; i++)
 			mopts.malloc_pool[i] = &d[i];
 		mopts.internal_funcs = 1;

lib/libcrypto/Symbols.namespace

@@ -2591,3 +2591,40 @@ _libre_BF_ecb_encrypt
 _libre_BF_cbc_encrypt
 _libre_BF_cfb64_encrypt
 _libre_BF_ofb64_encrypt
+_libre_PEM_read_bio_CMS
+_libre_PEM_read_CMS
+_libre_PEM_write_bio_CMS
+_libre_PEM_write_CMS
+_libre_CMS_get1_ReceiptRequest
+_libre_CMS_ReceiptRequest_create0
+_libre_CMS_add1_ReceiptRequest
+_libre_CMS_ReceiptRequest_get0_values
+_libre_WHIRLPOOL_Init
+_libre_WHIRLPOOL_Update
+_libre_WHIRLPOOL_BitUpdate
+_libre_WHIRLPOOL_Final
+_libre_WHIRLPOOL
+_libre_Camellia_set_key
+_libre_Camellia_encrypt
+_libre_Camellia_decrypt
+_libre_Camellia_ecb_encrypt
+_libre_Camellia_cbc_encrypt
+_libre_Camellia_cfb128_encrypt
+_libre_Camellia_cfb1_encrypt
+_libre_Camellia_cfb8_encrypt
+_libre_Camellia_ofb128_encrypt
+_libre_Camellia_ctr128_encrypt
+_libre_AES_set_encrypt_key
+_libre_AES_set_decrypt_key
+_libre_AES_encrypt
+_libre_AES_decrypt
+_libre_AES_ecb_encrypt
+_libre_AES_cbc_encrypt
+_libre_AES_cfb128_encrypt
+_libre_AES_cfb1_encrypt
+_libre_AES_cfb8_encrypt
+_libre_AES_ofb128_encrypt
+_libre_AES_ctr128_encrypt
+_libre_AES_ige_encrypt
+_libre_AES_wrap_key
+_libre_AES_unwrap_key

lib/libcrypto/aes/aes.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: aes.c,v 1.2 2024/03/28 12:52:58 jsing Exp $ */
+/* $OpenBSD: aes.c,v 1.3 2024/03/30 05:14:12 joshua Exp $ */
 /* ====================================================================
  * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -83,6 +83,7 @@ AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 {
 	aes_cbc_encrypt_internal(in, out, len, key, ivec, enc);
 }
+LCRYPTO_ALIAS(AES_cbc_encrypt);
 
 /*
  * The input and output encrypted as though 128bit cfb mode is being
@@ -97,6 +98,7 @@ AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
 	CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
 	    (block128_f)AES_encrypt);
 }
+LCRYPTO_ALIAS(AES_cfb128_encrypt);
 
 /* N.B. This expects the input to be packed, MS bit first */
 void
@@ -106,6 +108,7 @@ AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, size_t length,
 	CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
 	    (block128_f)AES_encrypt);
 }
+LCRYPTO_ALIAS(AES_cfb1_encrypt);
 
 void
 AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length,
@@ -114,6 +117,7 @@ AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length,
 	CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
 	    (block128_f)AES_encrypt);
 }
+LCRYPTO_ALIAS(AES_cfb8_encrypt);
 
 void
 AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
@@ -123,6 +127,7 @@ AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 	CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
 	    (block128_f)AES_encrypt);
 }
+LCRYPTO_ALIAS(AES_ctr128_encrypt);
 
 void
 AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
@@ -133,6 +138,7 @@ AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	else
 		AES_decrypt(in, out, key);
 }
+LCRYPTO_ALIAS(AES_ecb_encrypt);
 
 void
 AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
@@ -141,6 +147,7 @@ AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
 	CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
 	    (block128_f)AES_encrypt);
 }
+LCRYPTO_ALIAS(AES_ofb128_encrypt);
 
 int
 AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
@@ -176,6 +183,7 @@ AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
 	memcpy(out, A, 8);
 	return inlen + 8;
 }
+LCRYPTO_ALIAS(AES_wrap_key);
 
 int
 AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
@@ -213,3 +221,4 @@ AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
 	}
 	return inlen;
 }
+LCRYPTO_ALIAS(AES_unwrap_key);

lib/libcrypto/aes/aes_cbc.c

@@ -1,65 +0,0 @@
-/* $OpenBSD: aes_cbc.c,v 1.12 2014/06/12 15:49:27 deraadt Exp $ */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void
-AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-    size_t len, const AES_KEY *key, unsigned char *ivec, const int enc)
-{
-	if (enc)
-		CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
-		    (block128_f)AES_encrypt);
-	else
-		CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
-		    (block128_f)AES_decrypt);
-}

lib/libcrypto/aes/aes_cfb.c

@@ -1,84 +0,0 @@
-/* $OpenBSD: aes_cfb.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */
-/* ====================================================================
- * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-/* The input and output encrypted as though 128bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-
-void
-AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
-    const AES_KEY *key, unsigned char *ivec, int *num, const int enc)
-{
-	CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
-	    (block128_f)AES_encrypt);
-}
-
-/* N.B. This expects the input to be packed, MS bit first */
-void
-AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, size_t length,
-    const AES_KEY *key, unsigned char *ivec, int *num, const int enc)
-{
-	CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
-	    (block128_f)AES_encrypt);
-}
-
-void
-AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length,
-    const AES_KEY *key, unsigned char *ivec, int *num, const int enc)
-{
-	CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
-	    (block128_f)AES_encrypt);
-}
-

lib/libcrypto/aes/aes_core.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_core.c,v 1.22 2024/03/29 11:19:01 jsing Exp $ */
+/* $OpenBSD: aes_core.c,v 1.23 2024/03/30 05:14:12 joshua Exp $ */
 /**
  * rijndael-alg-fst.c
  *
@@ -746,6 +746,7 @@ AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
 {
 	return aes_set_encrypt_key_internal(userKey, bits, key);
 }
+LCRYPTO_ALIAS(AES_set_encrypt_key);
 
 #ifdef HAVE_AES_SET_DECRYPT_KEY_INTERNAL
 int aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
@@ -818,6 +819,7 @@ AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
 {
 	return aes_set_decrypt_key_internal(userKey, bits, key);
 }
+LCRYPTO_ALIAS(AES_set_decrypt_key);
 
 #ifdef HAVE_AES_ENCRYPT_INTERNAL
 void aes_encrypt_internal(const unsigned char *in, unsigned char *out,
@@ -1020,6 +1022,7 @@ AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
 {
 	return aes_encrypt_internal(in, out, key);
 }
+LCRYPTO_ALIAS(AES_encrypt);
 
 #ifdef HAVE_AES_DECRYPT_INTERNAL
 void aes_decrypt_internal(const unsigned char *in, unsigned char *out,
@@ -1222,3 +1225,4 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
 {
 	return aes_decrypt_internal(in, out, key);
 }
+LCRYPTO_ALIAS(AES_decrypt);

lib/libcrypto/aes/aes_ctr.c

@@ -1,62 +0,0 @@
-/* $OpenBSD: aes_ctr.c,v 1.9 2014/06/12 15:49:27 deraadt Exp $ */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void
-AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE],
-    unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num)
-{
-	CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
-	    (block128_f)AES_encrypt);
-}

lib/libcrypto/aes/aes_ecb.c

@@ -1,69 +0,0 @@
-/* $OpenBSD: aes_ecb.c,v 1.7 2022/11/26 16:08:50 tb Exp $ */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
-#include <openssl/aes.h>
-#include "aes_local.h"
-
-void
-AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key, const int enc)
-{
-	if (AES_ENCRYPT == enc)
-		AES_encrypt(in, out, key);
-	else
-		AES_decrypt(in, out, key);
-}

lib/libcrypto/aes/aes_ige.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_ige.c,v 1.9 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: aes_ige.c,v 1.10 2024/03/30 05:14:12 joshua Exp $ */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
@@ -192,3 +192,4 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
 		}
 	}
 }
+LCRYPTO_ALIAS(AES_ige_encrypt);

lib/libcrypto/aes/aes_ofb.c

@@ -1,61 +0,0 @@
-/* $OpenBSD: aes_ofb.c,v 1.6 2014/06/12 15:49:27 deraadt Exp $ */
-/* ====================================================================
- * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void
-AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
-    const AES_KEY *key, unsigned char *ivec, int *num)
-{
-	CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
-	    (block128_f)AES_encrypt);
-}

lib/libcrypto/aes/aes_wrap.c

@@ -1,133 +0,0 @@
-/* $OpenBSD: aes_wrap.c,v 1.12 2018/11/07 18:31:16 tb Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <string.h>
-
-#include <openssl/aes.h>
-#include <openssl/bio.h>
-
-static const unsigned char default_iv[] = {
-	0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
-};
-
-int
-AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
-    const unsigned char *in, unsigned int inlen)
-{
-	unsigned char *A, B[16], *R;
-	unsigned int i, j, t;
-
-	if ((inlen & 0x7) || (inlen < 16))
-		return -1;
-	A = B;
-	t = 1;
-	memmove(out + 8, in, inlen);
-	if (!iv)
-		iv = default_iv;
-
-	memcpy(A, iv, 8);
-
-	for (j = 0; j < 6; j++) {
-		R = out + 8;
-		for (i = 0; i < inlen; i += 8, t++, R += 8) {
-			memcpy(B + 8, R, 8);
-			AES_encrypt(B, B, key);
-			A[7] ^= (unsigned char)(t & 0xff);
-			if (t > 0xff) {
-				A[6] ^= (unsigned char)((t >> 8) & 0xff);
-				A[5] ^= (unsigned char)((t >> 16) & 0xff);
-				A[4] ^= (unsigned char)((t >> 24) & 0xff);
-			}
-			memcpy(R, B + 8, 8);
-		}
-	}
-	memcpy(out, A, 8);
-	return inlen + 8;
-}
-
-int
-AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
-    const unsigned char *in, unsigned int inlen)
-{
-	unsigned char *A, B[16], *R;
-	unsigned int i, j, t;
-
-	if ((inlen & 0x7) || (inlen < 24))
-		return -1;
-	inlen -= 8;
-	A = B;
-	t = 6 * (inlen >> 3);
-	memcpy(A, in, 8);
-	memmove(out, in + 8, inlen);
-	for (j = 0; j < 6; j++) {
-		R = out + inlen - 8;
-		for (i = 0; i < inlen; i += 8, t--, R -= 8) {
-			A[7] ^= (unsigned char)(t & 0xff);
-			if (t > 0xff) {
-				A[6] ^= (unsigned char)((t >> 8) & 0xff);
-				A[5] ^= (unsigned char)((t >> 16) & 0xff);
-				A[4] ^= (unsigned char)((t >> 24) & 0xff);
-			}
-			memcpy(B + 8, R, 8);
-			AES_decrypt(B, B, key);
-			memcpy(R, B + 8, 8);
-		}
-	}
-	if (!iv)
-		iv = default_iv;
-	if (memcmp(A, iv, 8)) {
-		explicit_bzero(out, inlen);
-		return 0;
-	}
-	return inlen;
-}

lib/libcrypto/camellia/camellia.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: camellia.c,v 1.13 2024/03/29 07:26:21 jsing Exp $ */
+/* $OpenBSD: camellia.c,v 1.14 2024/03/30 04:58:12 joshua Exp $ */
 /* ====================================================================
  * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
  * ALL RIGHTS RESERVED.
@@ -591,6 +591,7 @@ Camellia_set_key(const unsigned char *userKey, const int bits,
 	key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key);
 	return 0;
 }
+LCRYPTO_ALIAS(Camellia_set_key);
 
 void
 Camellia_encrypt(const unsigned char *in, unsigned char *out,
@@ -598,6 +599,7 @@ Camellia_encrypt(const unsigned char *in, unsigned char *out,
 {
 	Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
 }
+LCRYPTO_ALIAS(Camellia_encrypt);
 
 void
 Camellia_decrypt(const unsigned char *in, unsigned char *out,
@@ -605,6 +607,7 @@ Camellia_decrypt(const unsigned char *in, unsigned char *out,
 {
 	Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
 }
+LCRYPTO_ALIAS(Camellia_decrypt);
 
 void
 Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
@@ -617,6 +620,7 @@ Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
 		CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
 		   (block128_f)Camellia_decrypt);
 }
+LCRYPTO_ALIAS(Camellia_cbc_encrypt);
 
 /*
  * The input and output encrypted as though 128bit cfb mode is being
@@ -632,6 +636,7 @@ Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 	CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
 	    (block128_f)Camellia_encrypt);
 }
+LCRYPTO_ALIAS(Camellia_cfb128_encrypt);
 
 /* N.B. This expects the input to be packed, MS bit first */
 void
@@ -642,6 +647,7 @@ Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
 	CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
 	    (block128_f)Camellia_encrypt);
 }
+LCRYPTO_ALIAS(Camellia_cfb1_encrypt);
 
 void
 Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
@@ -651,6 +657,7 @@ Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
 	CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
 	    (block128_f)Camellia_encrypt);
 }
+LCRYPTO_ALIAS(Camellia_cfb8_encrypt);
 
 void
 Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
@@ -661,6 +668,7 @@ Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 	CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
 	    (block128_f)Camellia_encrypt);
 }
+LCRYPTO_ALIAS(Camellia_ctr128_encrypt);
 
 void
 Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
@@ -671,6 +679,7 @@ Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	else
 		Camellia_decrypt(in, out, key);
 }
+LCRYPTO_ALIAS(Camellia_ecb_encrypt);
 
 /*
  * The input and output encrypted as though 128bit ofb mode is being
@@ -684,3 +693,4 @@ Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
 	CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
 	    (block128_f)Camellia_encrypt);
 }
+LCRYPTO_ALIAS(Camellia_ofb128_encrypt);

lib/libcrypto/cms/cms.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms.h,v 1.17 2024/03/29 02:28:50 jsing Exp $ */
+/* $OpenBSD: cms.h,v 1.18 2024/03/30 00:35:15 joshua Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -315,8 +315,6 @@ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
     int lastpos, int type);
 
-#ifdef HEADER_X509V3_H
-
 int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
 CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
     int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList,
@@ -325,7 +323,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
     int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
     STACK_OF(GENERAL_NAMES) **prto);
-#endif
+
 int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg,
     ASN1_OCTET_STRING **pukm);
 STACK_OF(CMS_RecipientEncryptedKey) *

lib/libcrypto/cms/cms_ess.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_ess.c,v 1.24 2024/01/14 18:40:24 tb Exp $ */
+/* $OpenBSD: cms_ess.c,v 1.25 2024/03/30 01:53:05 joshua Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -118,6 +118,7 @@ CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
 
 	return 1;
 }
+LCRYPTO_ALIAS(CMS_get1_ReceiptRequest);
 
 CMS_ReceiptRequest *
 CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst,
@@ -155,6 +156,7 @@ CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst,
 
 	return NULL;
 }
+LCRYPTO_ALIAS(CMS_ReceiptRequest_create0);
 
 int
 CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
@@ -180,6 +182,7 @@ CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
 
 	return r;
 }
+LCRYPTO_ALIAS(CMS_add1_ReceiptRequest);
 
 void
 CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
@@ -202,6 +205,7 @@ CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
 	if (prto)
 		*prto = rr->receiptsTo;
 }
+LCRYPTO_ALIAS(CMS_ReceiptRequest_get0_values);
 
 /* Digest a SignerInfo structure for msgSigDigest attribute processing */
 

lib/libcrypto/cms/cms_io.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_io.c,v 1.20 2023/07/08 08:26:26 beck Exp $ */
+/* $OpenBSD: cms_io.c,v 1.21 2024/03/30 01:53:05 joshua Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -105,6 +105,7 @@ PEM_read_bio_CMS(BIO *bp, CMS_ContentInfo **x, pem_password_cb *cb, void *u)
 	return PEM_ASN1_read_bio((d2i_of_void *)d2i_CMS_ContentInfo,
 	    PEM_STRING_CMS, bp, (void **)x, cb, u);
 }
+LCRYPTO_ALIAS(PEM_read_bio_CMS);
 
 CMS_ContentInfo *
 PEM_read_CMS(FILE *fp, CMS_ContentInfo **x, pem_password_cb *cb, void *u)
@@ -112,6 +113,7 @@ PEM_read_CMS(FILE *fp, CMS_ContentInfo **x, pem_password_cb *cb, void *u)
 	return PEM_ASN1_read((d2i_of_void *)d2i_CMS_ContentInfo,
 	    PEM_STRING_CMS, fp, (void **)x, cb, u);
 }
+LCRYPTO_ALIAS(PEM_read_CMS);
 
 int
 PEM_write_bio_CMS(BIO *bp, const CMS_ContentInfo *x)
@@ -119,6 +121,7 @@ PEM_write_bio_CMS(BIO *bp, const CMS_ContentInfo *x)
 	return PEM_ASN1_write_bio((i2d_of_void *)i2d_CMS_ContentInfo,
 	    PEM_STRING_CMS, bp, (void *)x, NULL, NULL, 0, NULL, NULL);
 }
+LCRYPTO_ALIAS(PEM_write_bio_CMS);
 
 int
 PEM_write_CMS(FILE *fp, const CMS_ContentInfo *x)
@@ -126,6 +129,7 @@ PEM_write_CMS(FILE *fp, const CMS_ContentInfo *x)
 	return PEM_ASN1_write((i2d_of_void *)i2d_CMS_ContentInfo,
 	    PEM_STRING_CMS, fp, (void *)x, NULL, NULL, 0, NULL, NULL);
 }
+LCRYPTO_ALIAS(PEM_write_CMS);
 
 BIO *
 BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)

lib/libcrypto/cms/cms_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_lib.c,v 1.24 2023/08/24 04:56:36 tb Exp $ */
+/* $OpenBSD: cms_lib.c,v 1.25 2024/03/30 01:53:05 joshua Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -314,6 +314,7 @@ CMS_get0_content(CMS_ContentInfo *cms)
 		return NULL;
 	}
 }
+LCRYPTO_ALIAS(CMS_get0_content);
 
 /*
  * Return an ASN1_OBJECT pointer to content type. This allows it to be

lib/libcrypto/hidden/openssl/aes.h

@@ -0,0 +1,43 @@
+/* $OpenBSD: aes.h,v 1.1 2024/03/30 05:14:12 joshua Exp $ */
+/*
+ * Copyright (c) 2024 Joshua Sing <joshua@joshuasing.dev>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _LIBCRYPTO_AES_H
+#define _LIBCRYPTO_AES_H
+
+#ifndef _MSC_VER
+#include_next <openssl/aes.h>
+#else
+#include "../include/openssl/aes.h"
+#endif
+#include "crypto_namespace.h"
+
+LCRYPTO_USED(AES_set_encrypt_key);
+LCRYPTO_USED(AES_set_decrypt_key);
+LCRYPTO_USED(AES_encrypt);
+LCRYPTO_USED(AES_decrypt);
+LCRYPTO_USED(AES_ecb_encrypt);
+LCRYPTO_USED(AES_cbc_encrypt);
+LCRYPTO_USED(AES_cfb128_encrypt);
+LCRYPTO_USED(AES_cfb1_encrypt);
+LCRYPTO_USED(AES_cfb8_encrypt);
+LCRYPTO_USED(AES_ofb128_encrypt);
+LCRYPTO_USED(AES_ctr128_encrypt);
+LCRYPTO_USED(AES_ige_encrypt);
+LCRYPTO_USED(AES_wrap_key);
+LCRYPTO_USED(AES_unwrap_key);
+
+#endif /* _LIBCRYPTO_AES_H */

lib/libcrypto/hidden/openssl/camellia.h

@@ -0,0 +1,39 @@
+/* $OpenBSD: camellia.h,v 1.1 2024/03/30 04:58:12 joshua Exp $ */
+/*
+ * Copyright (c) 2024 Joshua Sing <joshua@joshuasing.dev>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _LIBCRYPTO_CAMELLIA_H
+#define _LIBCRYPTO_CAMELLIA_H
+
+#ifndef _MSC_VER
+#include_next <openssl/camellia.h>
+#else
+#include "../include/openssl/camellia.h"
+#endif
+#include "crypto_namespace.h"
+
+LCRYPTO_USED(Camellia_set_key);
+LCRYPTO_USED(Camellia_encrypt);
+LCRYPTO_USED(Camellia_decrypt);
+LCRYPTO_USED(Camellia_ecb_encrypt);
+LCRYPTO_USED(Camellia_cbc_encrypt);
+LCRYPTO_USED(Camellia_cfb128_encrypt);
+LCRYPTO_USED(Camellia_cfb1_encrypt);
+LCRYPTO_USED(Camellia_cfb8_encrypt);
+LCRYPTO_USED(Camellia_ofb128_encrypt);
+LCRYPTO_USED(Camellia_ctr128_encrypt);
+
+#endif /* _LIBCRYPTO_CAMELLIA_H */

lib/libcrypto/hidden/openssl/cms.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms.h,v 1.2 2023/07/28 10:28:02 tb Exp $ */
+/* $OpenBSD: cms.h,v 1.3 2024/03/30 01:53:05 joshua Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -39,8 +39,13 @@ LCRYPTO_USED(CMS_get_version);
 LCRYPTO_USED(CMS_SignerInfo_get_version);
 LCRYPTO_USED(CMS_dataInit);
 LCRYPTO_USED(CMS_dataFinal);
+LCRYPTO_USED(CMS_get0_content);
 LCRYPTO_USED(CMS_is_detached);
 LCRYPTO_USED(CMS_set_detached);
+LCRYPTO_USED(PEM_read_bio_CMS);
+LCRYPTO_USED(PEM_read_CMS);
+LCRYPTO_USED(PEM_write_bio_CMS);
+LCRYPTO_USED(PEM_write_CMS);
 LCRYPTO_USED(CMS_stream);
 LCRYPTO_USED(d2i_CMS_bio);
 LCRYPTO_USED(i2d_CMS_bio);
@@ -133,6 +138,10 @@ LCRYPTO_USED(CMS_unsigned_add1_attr_by_OBJ);
 LCRYPTO_USED(CMS_unsigned_add1_attr_by_NID);
 LCRYPTO_USED(CMS_unsigned_add1_attr_by_txt);
 LCRYPTO_USED(CMS_unsigned_get0_data_by_OBJ);
+LCRYPTO_USED(CMS_get1_ReceiptRequest);
+LCRYPTO_USED(CMS_ReceiptRequest_create0);
+LCRYPTO_USED(CMS_add1_ReceiptRequest);
+LCRYPTO_USED(CMS_ReceiptRequest_get0_values);
 LCRYPTO_USED(CMS_RecipientInfo_kari_get0_alg);
 LCRYPTO_USED(CMS_RecipientInfo_kari_get0_reks);
 LCRYPTO_USED(CMS_RecipientInfo_kari_get0_orig_id);

lib/libcrypto/hidden/openssl/whrlpool.h

@@ -0,0 +1,34 @@
+/* $OpenBSD: whrlpool.h,v 1.1 2024/03/30 03:45:47 joshua Exp $ */
+/*
+ * Copyright (c) 2024 Joshua Sing <joshua@joshuasing.dev>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _LIBCRYPTO_WHRLPOOL_H
+#define _LIBCRYPTO_WHRLPOOL_H
+
+#ifndef _MSC_VER
+#include_next <openssl/whrlpool.h>
+#else
+#include "../include/openssl/whrlpool.h"
+#endif
+#include "crypto_namespace.h"
+
+LCRYPTO_USED(WHIRLPOOL_Init);
+LCRYPTO_USED(WHIRLPOOL_Update);
+LCRYPTO_USED(WHIRLPOOL_BitUpdate);
+LCRYPTO_USED(WHIRLPOOL_Final);
+LCRYPTO_USED(WHIRLPOOL);
+
+#endif /* _LIBCRYPTO_WHRLPOOL_H */

lib/libcrypto/rsa/rsa_pk1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pk1.c,v 1.16 2023/07/08 12:26:45 beck Exp $ */
+/* $OpenBSD: rsa_pk1.c,v 1.17 2024/03/30 04:34:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -64,31 +64,61 @@
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 
+#include "bytestring.h"
+
 int
 RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
     const unsigned char *from, int flen)
 {
-	int j;
+	CBB cbb;
-	unsigned char *p;
+	int i;
+	int ret = 0;
 
-	if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
+	/*
+	 * Pad data block with PKCS1 type 1 padding - RFC 2313, section 8.1.
+	 */
+
+	memset(&cbb, 0, sizeof(cbb));
+
+	if (flen < 0 || tlen < 0)
+		goto err;
+
+	if (flen > tlen - RSA_PKCS1_PADDING_SIZE) {
 		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return 0;
+		goto err;
 	}
 
-	p = (unsigned char *)to;
+	if (!CBB_init_fixed(&cbb, to, tlen))
+		goto err;
 
-	*(p++) = 0;
+	/*
-	*(p++) = 1; /* Private Key BT (Block Type) */
+	 * Add leading NUL, block type (0x01), padding bytes (0xff) and
+	 * trailing NUL.
+	 */
+	if (!CBB_add_u8(&cbb, 0))
+		goto err;
+	if (!CBB_add_u8(&cbb, 1))
+		goto err;
+	for (i = 0; i < tlen - 3 - flen; i++) {
+		if (!CBB_add_u8(&cbb, 0xff))
+			goto err;
+	}
+	if (!CBB_add_u8(&cbb, 0))
+		goto err;
 
-	/* pad out with 0xff data */
+	/* Now add the actual data. */
-	j = tlen - 3 - flen;
+	if (!CBB_add_bytes(&cbb, from, flen))
-	memset(p, 0xff, j);
+		goto err;
-	p += j;
-	*(p++) = '\0';
-	memcpy(p, from, flen);
 
-	return 1;
+	if (!CBB_finish(&cbb, NULL, NULL))
+		goto err;
+
+	ret = 1;
+
+ err:
+	CBB_cleanup(&cbb);
+
+	return ret;
 }
 LCRYPTO_ALIAS(RSA_padding_add_PKCS1_type_1);
 
@@ -146,33 +176,69 @@ int
 RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     const unsigned char *from, int flen)
 {
-	int i, j;
+	uint8_t padding[256];
-	unsigned char *p;
+	uint8_t pad;
+	CBB cbb;
+	CBS cbs;
+	int i;
+	int ret = 0;
 
-	if (flen > tlen - 11) {
+	/*
+	 * Pad data block with PKCS1 type 2 padding - RFC 2313, section 8.1.
+	 */
+
+	memset(&cbb, 0, sizeof(cbb));
+	CBS_init(&cbs, NULL, 0);
+
+	if (flen < 0 || tlen < 0)
+		goto err;
+
+	if (flen > tlen - RSA_PKCS1_PADDING_SIZE) {
 		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return 0;
+		goto err;
 	}
 
-	p = (unsigned char *)to;
+	if (!CBB_init_fixed(&cbb, to, tlen))
+		goto err;
 
-	*(p++) = 0;
+	/*
-	*(p++) = 2; /* Public Key BT (Block Type) */
+	 * Add leading NUL, block type (0x02), padding bytes (random non-zero
-
+	 * bytes) and trailing NUL.
-	/* pad out with non-zero random data */
+	 */
-	j = tlen - 3 - flen;
+	if (!CBB_add_u8(&cbb, 0))
-
+		goto err;
-	arc4random_buf(p, j);
+	if (!CBB_add_u8(&cbb, 2))
-	for (i = 0; i < j; i++) {
+		goto err;
-		while (*p == '\0')
+	for (i = 0; i < tlen - 3 - flen; i++) {
-			arc4random_buf(p, 1);
+		do {
-		p++;
+			if (CBS_len(&cbs) == 0) {
+				arc4random_buf(padding, sizeof(padding));
+				CBS_init(&cbs, padding, sizeof(padding));
 			}
+			if (!CBS_get_u8(&cbs, &pad))
+				goto err;
+		} while (pad == 0);
 
-	*(p++) = '\0';
+		if (!CBB_add_u8(&cbb, pad))
+			goto err;
+	}
+	if (!CBB_add_u8(&cbb, 0))
+		goto err;
 
-	memcpy(p, from, flen);
+	/* Now add the actual data. */
-	return 1;
+	if (!CBB_add_bytes(&cbb, from, flen))
+		goto err;
+
+	if (!CBB_finish(&cbb, NULL, NULL))
+		goto err;
+
+	ret = 1;
+
+ err:
+	CBB_cleanup(&cbb);
+	explicit_bzero(padding, sizeof(padding));
+
+	return ret;
 }
 LCRYPTO_ALIAS(RSA_padding_add_PKCS1_type_2);
 

lib/libcrypto/whrlpool/whirlpool.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: whirlpool.c,v 1.1 2024/03/29 02:41:49 jsing Exp $ */
+/* $OpenBSD: whirlpool.c,v 1.2 2024/03/30 03:45:47 joshua Exp $ */
 /**
  * The Whirlpool hashing function.
  *
@@ -650,6 +650,7 @@ WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
 	memset (c, 0, sizeof(*c));
 	return (1);
 }
+LCRYPTO_ALIAS(WHIRLPOOL_Init);
 
 int
 WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
@@ -671,6 +672,7 @@ WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
 
 	return (1);
 }
+LCRYPTO_ALIAS(WHIRLPOOL_Update);
 
 void
 WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
@@ -796,6 +798,7 @@ reconsider:
 		}
 	}
 }
+LCRYPTO_ALIAS(WHIRLPOOL_BitUpdate);
 
 int
 WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
@@ -837,6 +840,7 @@ WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
 	}
 	return (0);
 }
+LCRYPTO_ALIAS(WHIRLPOOL_Final);
 
 unsigned char *
 WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
@@ -851,3 +855,4 @@ WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
 	WHIRLPOOL_Final(md, &ctx);
 	return (md);
 }
+LCRYPTO_ALIAS(WHIRLPOOL);

libexec/ld.so/sparc64/rtld_machine.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtld_machine.c,v 1.69 2022/01/08 06:49:42 guenther Exp $ */
+/*	$OpenBSD: rtld_machine.c,v 1.70 2024/03/30 08:44:20 miod Exp $ */
 
 /*
  * Copyright (c) 1999 Dale Rahn
@@ -484,7 +484,6 @@ _dl_reloc_plt(Elf_Word *where1, Elf_Word *where2, Elf_Word *pltaddr,
 	} else if (value < (1L<<42)) {
 		/*
 		 * Target 42bits or smaller.
-		 * We can generate this pattern:
 		 *
 		 * The resulting code in the jump slot is:
 		 *
@@ -507,7 +506,6 @@ _dl_reloc_plt(Elf_Word *where1, Elf_Word *where2, Elf_Word *pltaddr,
 	} else if (value > -(1UL<<41)) {
 		/*
 		 * Large target >= 0xfffffe0000000000UL
-		 * We can generate this pattern:
 		 *
 		 * The resulting code in the jump slot is:
 		 *

regress/lib/libcrypto/dsa/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.5 2022/01/14 09:38:50 tb Exp $
+#	$OpenBSD: Makefile,v 1.7 2024/03/30 00:34:40 jsing Exp $
 
 PROG=		dsatest
 LDADD=		-lcrypto
@@ -6,10 +6,4 @@ DPADD=	${LIBCRYPTO}
 WARNINGS=	Yes
 CFLAGS+=	-DLIBRESSL_INTERNAL -Werror
 
-REGRESS_TARGETS=regress-dsatest
-
-regress-dsatest:	${PROG}
-	./${PROG}
-	./${PROG} -app2_1
-
 .include <bsd.regress.mk>

regress/lib/libcrypto/free/freenull.c.tail

@@ -1,11 +1,9 @@
-/*	$OpenBSD: freenull.c.tail,v 1.2 2018/07/10 20:55:57 tb Exp $	*/
+/*	$OpenBSD: freenull.c.tail,v 1.3 2024/03/30 09:41:25 tb Exp $	*/
 
 	BIO_free_all(NULL);
 	NCONF_free_data(NULL);
 	_CONF_free_data(NULL);
 
-	lh_FUNCTION_free(NULL);
-
 	sk_ASN1_OBJECT_pop_free(NULL, NULL);
 	sk_CONF_VALUE_pop_free(NULL, NULL);
 	sk_GENERAL_NAME_pop_free(NULL, NULL);

regress/lib/libcrypto/rsa/Makefile

@@ -1,15 +1,10 @@
-#	$OpenBSD: Makefile,v 1.1 2017/01/25 06:44:04 beck Exp $
+#	$OpenBSD: Makefile,v 1.4 2024/03/30 00:36:14 jsing Exp $
 
-PROG=	rsa_test
+PROGS=		rsa_test \
+		rsa_padding_test
 LDADD=		-lcrypto
 DPADD=		${LIBCRYPTO}
 WARNINGS=	Yes
 CFLAGS+=	-DLIBRESSL_INTERNAL -Werror
 
-REGRESS_TARGETS=regress-dsatest
-
-regress-dsatest:	${PROG}
-	./${PROG}
-	./${PROG} -app2_1
-
 .include <bsd.regress.mk>

regress/lib/libcrypto/rsa/rsa_padding_test.c

@@ -0,0 +1,335 @@
+/*	$OpenBSD: rsa_padding_test.c,v 1.2 2024/03/30 02:20:39 jsing Exp $	*/
+/*
+ * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdint.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+#if 0
+static void
+hexdump(const unsigned char *buf, size_t len)
+{
+	size_t i;
+
+	for (i = 1; i <= len; i++)
+		fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
+
+	fprintf(stderr, "\n");
+}
+#endif
+
+struct pkcs1_test {
+	uint8_t in[128];
+	size_t in_len;
+	int want;
+	int want_error;
+};
+
+static const struct pkcs1_test pkcs1_type1_tests[] = {
+	{
+		.in = {
+			0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff, 0x00, 0x6f, 0x6f, 0x6f,
+			0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f,
+			0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f,
+		},
+		.in_len = 32,
+		.want = 19,
+	},
+	{
+		.in = {
+			0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0x00,
+		},
+		.in_len = 11,
+		.want = 0,
+	},
+	{
+		.in = {
+			0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0x00, 0xff,
+		},
+		.in_len = 12,
+		.want = 1,
+	},
+	{
+		/* Insufficient padding bytes (< 8). */
+		.in = {
+			0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0x00, 0xff, 0xff,
+		},
+		.in_len = 12,
+		.want = -1,
+		.want_error = RSA_R_BAD_PAD_BYTE_COUNT,
+	},
+	{
+		/* Incorrect padding type (0x00). */
+		.in = {
+			0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0x00, 0xff,
+		},
+		.in_len = 12,
+		.want = -1,
+		.want_error = RSA_R_BLOCK_TYPE_IS_NOT_01,
+	},
+	{
+		/* Incorrect padding type (0x02). */
+		.in = {
+			0x00, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0x00, 0xff,
+		},
+		.in_len = 12,
+		.want = -1,
+		.want_error = RSA_R_BLOCK_TYPE_IS_NOT_01,
+	},
+	{
+		/* Non-padding byte before end of padding marker. */
+		.in = {
+			0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xfe, 0x00, 0xff,
+		},
+		.in_len = 12,
+		.want = -1,
+		.want_error = RSA_R_BAD_FIXED_HEADER_DECRYPT,
+	},
+	{
+		/* No end of padding marker. */
+		.in = {
+			0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		},
+		.in_len = 32,
+		.want = -1,
+		.want_error = RSA_R_NULL_BEFORE_BLOCK_MISSING,
+	},
+};
+
+#define N_PKCS1_TYPE1_TESTS \
+	(sizeof(pkcs1_type1_tests) / sizeof(pkcs1_type1_tests[0]))
+
+static int
+test_pkcs1_type1(void)
+{
+	const struct pkcs1_test *pt;
+	uint8_t buf[32], in[19], out[512];
+	int pad_len;
+	long err;
+	size_t i;
+	int failed = 1;
+
+	for (i = 0; i < 1000; i++) {
+		arc4random_buf(in, sizeof(in));
+
+		if (!RSA_padding_add_PKCS1_type_1(buf, sizeof(buf), in,
+		    sizeof(in))) {
+			fprintf(stderr, "FAIL: failed to add PKCS1 type 1 "
+			    "padding\n");
+			goto failed;
+		}
+
+		pad_len = RSA_padding_check_PKCS1_type_1(out, sizeof(out) - 1,
+		    buf + 1, sizeof(buf) - 1, sizeof(buf));
+		if (pad_len != sizeof(in)) {
+			fprintf(stderr, "FAIL: failed to check PKCS1 type 1 "
+			    "padding\n");
+			ERR_print_errors_fp(stderr);
+			goto failed;
+		}
+	}
+
+	for (i = 0; i < N_PKCS1_TYPE1_TESTS; i++) {
+		pt = &pkcs1_type1_tests[i];
+
+		ERR_clear_error();
+
+		pad_len = RSA_padding_check_PKCS1_type_1(out, sizeof(out) - 1,
+		    pt->in + 1, pt->in_len - 1, pt->in_len);
+
+		if (pad_len != pt->want) {
+			fprintf(stderr, "FAIL: test %zu - failed to check "
+			    "PKCS1 type 1 padding (%d != %d)\n", i, pad_len,
+			    pt->want);
+			ERR_print_errors_fp(stderr);
+			goto failed;
+		}
+
+		err = ERR_peek_error();
+		if (pt->want == -1 && ERR_GET_REASON(err) != pt->want_error) {
+			fprintf(stderr, "FAIL: test %zu - PKCS1 type 1 padding "
+			    "check failed with error reason %i, want %i\n",
+			    i, ERR_GET_REASON(err), pt->want_error);
+			ERR_print_errors_fp(stderr);
+			goto failed;
+		}
+	}
+
+	failed = 0;
+
+ failed:
+	return failed;
+}
+
+static const struct pkcs1_test pkcs1_type2_tests[] = {
+	{
+		.in = {
+			0x00, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff, 0x00, 0x6f, 0x6f, 0x6f,
+			0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f,
+			0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f,
+		},
+		.in_len = 32,
+		.want = 19,
+	},
+	{
+		.in = {
+			0x00, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0x00,
+		},
+		.in_len = 11,
+		.want = 0,
+	},
+	{
+		.in = {
+			0x00, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0x00, 0xff,
+		},
+		.in_len = 12,
+		.want = 1,
+	},
+	{
+		/* Insufficient padding bytes (< 8). */
+		.in = {
+			0x00, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0x00, 0xff, 0xff,
+		},
+		.in_len = 12,
+		.want = -1,
+		.want_error = RSA_R_BAD_PAD_BYTE_COUNT,
+	},
+	{
+		/* Incorrect padding type (0x00). */
+		.in = {
+			0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0x00, 0xff,
+		},
+		.in_len = 12,
+		.want = -1,
+		.want_error = RSA_R_BLOCK_TYPE_IS_NOT_02,
+	},
+	{
+		/* Incorrect padding type (0x01). */
+		.in = {
+			0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0x00, 0xff,
+		},
+		.in_len = 12,
+		.want = -1,
+		.want_error = RSA_R_BLOCK_TYPE_IS_NOT_02,
+	},
+	{
+		/* No end of padding marker. */
+		.in = {
+			0x00, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x6f, 0x6f,
+			0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f,
+			0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f, 0x6f,
+		},
+		.in_len = 32,
+		.want = -1,
+		.want_error = RSA_R_NULL_BEFORE_BLOCK_MISSING,
+	},
+};
+
+#define N_PKCS1_TYPE2_TESTS \
+	(sizeof(pkcs1_type2_tests) / sizeof(pkcs1_type2_tests[0]))
+
+static int
+test_pkcs1_type2(void)
+{
+	const struct pkcs1_test *pt;
+	uint8_t buf[32], in[19], out[512];
+	int pad_len;
+	long err;
+	size_t i;
+	int failed = 1;
+
+	for (i = 0; i < 1000; i++) {
+		arc4random_buf(in, sizeof(in));
+
+		if (!RSA_padding_add_PKCS1_type_2(buf, sizeof(buf), in,
+		    sizeof(in))) {
+			fprintf(stderr, "FAIL: failed to add PKCS1 type 2 "
+			    "padding\n");
+			goto failed;
+		}
+
+		pad_len = RSA_padding_check_PKCS1_type_2(out, sizeof(out) - 1,
+		    buf + 1, sizeof(buf) - 1, sizeof(buf));
+		if (pad_len != sizeof(in)) {
+			fprintf(stderr, "FAIL: failed to check PKCS1 type 2 "
+			    "padding\n");
+			ERR_print_errors_fp(stderr);
+			goto failed;
+		}
+	}
+
+	for (i = 0; i < N_PKCS1_TYPE2_TESTS; i++) {
+		pt = &pkcs1_type2_tests[i];
+
+		ERR_clear_error();
+
+		pad_len = RSA_padding_check_PKCS1_type_2(out, sizeof(out) - 1,
+		    pt->in + 1, pt->in_len - 1, pt->in_len);
+
+		if (pad_len != pt->want) {
+			fprintf(stderr, "FAIL: test %zu - failed to check "
+			    "PKCS1 type 2 padding (%d != %d)\n", i, pad_len,
+			    pt->want);
+			ERR_print_errors_fp(stderr);
+			goto failed;
+		}
+
+		err = ERR_peek_error();
+		if (pt->want == -1 && ERR_GET_REASON(err) != pt->want_error) {
+			fprintf(stderr, "FAIL: test %zu - PKCS1 type 2 padding "
+			    "check failed with error reason %i, want %i\n",
+			    i, ERR_GET_REASON(err), pt->want_error);
+			ERR_print_errors_fp(stderr);
+			goto failed;
+		}
+	}
+
+	failed = 0;
+
+ failed:
+	return failed;
+}
+
+int
+main(int argc, char **argv)
+{
+	int failed = 0;
+
+	failed |= test_pkcs1_type1();
+	failed |= test_pkcs1_type2();
+
+	return failed;
+}

regress/usr.sbin/btrace/if.bt

@@ -9,6 +9,20 @@ BEGIN {
 	if (1) {
 		printf("printed!\n");
 	}
+
+	if (0)
+		printf("simple if\n");
+	else
+		printf("simple else\n");
+
+	if (0) {
+		printf("disabled if\n");
+	} else if (1) {
+		printf("multiple statements in ");
+		printf("else-if branch\n");
+	} else {
+		printf("no else\n");
+	}
 }
 
 END {
@@ -18,4 +32,19 @@ END {
 		printf("(%d) ", @var);
 		printf("statements\n");
 	}
+
+	if (0) printf("single-line if\n"); else printf("single-line else\n");
+
+	if (0) {
+		printf("not printed\n");
+	} else {
+		if (0) {
+			printf("nested not printed\n");
+		} else {
+			printf("nested printed\n");
+			exit();
+			printf("nested not printed\n");
+		}
+		printf("also not printed\n");
+	}
 }

regress/usr.sbin/btrace/if.ok

@@ -1,2 +1,6 @@
 printed!
+simple else
+multiple statements in else-if branch
 multiple (4) statements
+single-line else
+nested printed

sys/dev/fdt/dwiic_fdt.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dwiic_fdt.c,v 1.1 2023/08/29 12:09:40 kettenis Exp $	*/
+/*	$OpenBSD: dwiic_fdt.c,v 1.2 2024/03/29 22:08:09 kettenis Exp $	*/
 /*
  * Copyright (c) 2023 Patrick Wildt <patrick@blueri.se>
  *
@@ -48,6 +48,7 @@ const struct cfattach dwiic_fdt_ca = {
 	sizeof(struct dwiic_fdt_softc), dwiic_fdt_match, dwiic_fdt_attach
 };
 
+void	dwiic_fdt_calc_timings(struct dwiic_fdt_softc *);
 void	dwiic_fdt_bus_scan(struct device *, struct i2cbus_attach_args *,
 	    void *);
 
@@ -66,8 +67,6 @@ dwiic_fdt_attach(struct device *parent, struct device *self, void *aux)
 	struct dwiic_softc *sc = &fsc->sc_sc;
 	struct fdt_attach_args *faa = aux;
 	struct i2cbus_attach_args iba;
-	uint32_t sda_hold, sda_fall, scl_fall;
-	uint64_t freq;
 
 	if (faa->fa_nreg < 1)
 		return;
@@ -84,19 +83,7 @@ dwiic_fdt_attach(struct device *parent, struct device *self, void *aux)
 	reset_deassert_all(faa->fa_node);
 	clock_enable(faa->fa_node, NULL);
 
-	freq = clock_get_frequency(faa->fa_node, NULL);
+	dwiic_fdt_calc_timings(fsc);
-	sda_hold = OF_getpropint(faa->fa_node, "i2c-sda-hold-time-ns", 300);
-	sda_fall = OF_getpropint(faa->fa_node, "i2c-sda-falling-time-ns", 300);
-	scl_fall = OF_getpropint(faa->fa_node, "i2c-scl-falling-time-ns", 300);
-
-	sc->sda_hold_time = round_closest(freq * sda_hold, 1000000000);
-
-	/* Standard-mode: tHIGH = 4.0 us; tLOW = 4.7 us */
-	sc->ss_hcnt = round_closest(freq * (4000 + sda_fall), 1000000000) - 3;
-	sc->ss_lcnt = round_closest(freq * (4700 + scl_fall), 1000000000) - 1;
-	/* Fast-mode: tHIGH = 0.6 us; tLOW = 1.3 us */
-	sc->fs_hcnt = round_closest(freq * (600 + sda_fall), 1000000000) - 3;
-	sc->fs_lcnt = round_closest(freq * (1300 + scl_fall), 1000000000) - 1;
 
 	if (dwiic_init(sc)) {
 		printf(": can't initialize\n");
@@ -129,6 +116,31 @@ dwiic_fdt_attach(struct device *parent, struct device *self, void *aux)
 	config_found(&sc->sc_dev, &iba, iicbus_print);
 }
 
+void
+dwiic_fdt_calc_timings(struct dwiic_fdt_softc *fsc)
+{
+	struct dwiic_softc *sc = &fsc->sc_sc;
+	uint32_t sda_hold, sda_fall, scl_fall;
+	uint64_t freq;
+
+	freq = clock_get_frequency(fsc->sc_node, NULL);
+	if (freq == 0)
+		return;
+
+	sda_hold = OF_getpropint(fsc->sc_node, "i2c-sda-hold-time-ns", 300);
+	sda_fall = OF_getpropint(fsc->sc_node, "i2c-sda-falling-time-ns", 300);
+	scl_fall = OF_getpropint(fsc->sc_node, "i2c-scl-falling-time-ns", 300);
+
+	sc->sda_hold_time = round_closest(freq * sda_hold, 1000000000);
+
+	/* Standard-mode: tHIGH = 4.0 us; tLOW = 4.7 us */
+	sc->ss_hcnt = round_closest(freq * (4000 + sda_fall), 1000000000) - 3;
+	sc->ss_lcnt = round_closest(freq * (4700 + scl_fall), 1000000000) - 1;
+	/* Fast-mode: tHIGH = 0.6 us; tLOW = 1.3 us */
+	sc->fs_hcnt = round_closest(freq * (600 + sda_fall), 1000000000) - 3;
+	sc->fs_lcnt = round_closest(freq * (1300 + scl_fall), 1000000000) - 1;
+}
+
 void
 dwiic_fdt_bus_scan(struct device *self, struct i2cbus_attach_args *iba,
     void *aux)

usr.bin/ssh/PROTOCOL.key

@@ -40,7 +40,7 @@ of the cipher block size.
 	byte[]	privatekey2
 	string	comment2
 	...
-	string	privatekeyN
+	byte[]	privatekeyN
 	string	commentN
 	byte	1
 	byte	2
@@ -68,4 +68,4 @@ For unencrypted keys the cipher "none" and the KDF "none"
 are used with empty passphrases. The options if the KDF "none"
 are the empty string.
 
-$OpenBSD: PROTOCOL.key,v 1.3 2022/07/01 04:45:50 djm Exp $
+$OpenBSD: PROTOCOL.key,v 1.4 2024/03/30 05:56:22 djm Exp $

usr.bin/ssh/readpass.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.70 2022/05/27 04:27:49 dtucker Exp $ */
+/* $OpenBSD: readpass.c,v 1.71 2024/03/30 04:27:44 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -124,8 +124,9 @@ read_passphrase(const char *prompt, int flags)
 	const char *askpass_hint = NULL;
 	const char *s;
 
-	if ((s = getenv("DISPLAY")) != NULL)
+	if (((s = getenv("DISPLAY")) != NULL && *s != '\0') ||
-		allow_askpass = *s != '\0';
+	    ((s = getenv("WAYLAND_DISPLAY")) != NULL && *s != '\0'))
+		allow_askpass = 1;
 	if ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) != NULL) {
 		if (strcasecmp(s, "force") == 0) {
 			use_askpass = 1;
@@ -258,7 +259,7 @@ notify_start(int force_askpass, const char *fmt, ...)
 		debug3_f("cannot notify: no askpass");
 		goto out;
 	}
-	if (getenv("DISPLAY") == NULL &&
+	if (getenv("DISPLAY") == NULL && getenv("WAYLAND_DISPLAY") == NULL &&
 	    ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) == NULL ||
 	    strcmp(s, "force") != 0)) {
 		debug3_f("cannot notify: no display");

usr.sbin/btrace/bt_parse.y

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bt_parse.y,v 1.59 2024/02/12 15:11:06 mpi Exp $	*/
+/*	$OpenBSD: bt_parse.y,v 1.60 2024/03/30 07:41:45 mpi Exp $	*/
 
 /*
  * Copyright (c) 2019-2023 Martin Pieuchot <mpi@openbsd.org>
@@ -119,7 +119,7 @@ static int 	 beflag = 0;		/* BEGIN/END parsing context flag */
 %token	<v.i>		ERROR ENDFILT
 %token	<v.i>		OP_EQ OP_NE OP_LE OP_LT OP_GE OP_GT OP_LAND OP_LOR
 /* Builtins */
-%token	<v.i>		BUILTIN BEGIN END HZ IF STR
+%token	<v.i>		BUILTIN BEGIN ELSE END HZ IF STR
 /* Functions and Map operators */
 %token  <v.i>		F_DELETE F_PRINT
 %token	<v.i>		MFUNC FUNC0 FUNC1 FUNCN OP1 OP2 OP4 MOP0 MOP1
@@ -248,7 +248,9 @@ stmt	: ';' NL			{ $$ = NULL; }
 	| GVAR '=' OP4 '(' expr ',' vargs ')'	{ $$ = bh_inc($1, $5, $7); }
 	;
 
-stmtblck: IF '(' expr ')' block			{ $$ = bt_new($3, $5); }
+stmtblck: IF '(' expr ')' block			{ $$ = bt_new($3, $5, NULL); }
+	| IF '(' expr ')' block ELSE block	{ $$ = bt_new($3, $5, $7); }
+	| IF '(' expr ')' block ELSE stmtblck	{ $$ = bt_new($3, $5, $7); }
 	;
 
 stmtlist: stmtlist stmtblck		{ $$ = bs_append($1, $2); }
@@ -340,15 +342,22 @@ bc_new(struct bt_arg *term, enum bt_argtype op, struct bt_arg *ba)
 
 /* Create a new if/else test */
 struct bt_stmt *
-bt_new(struct bt_arg *ba, struct bt_stmt *condbs)
+bt_new(struct bt_arg *ba, struct bt_stmt *condbs, struct bt_stmt *elsebs)
 {
 	struct bt_arg *bop;
+	struct bt_cond *bc;
 
 	bop = ba_op(B_AT_OP_NE, NULL, ba);
 
-	return bs_new(B_AC_TEST, bop, (struct bt_var *)condbs);
+	bc = calloc(1, sizeof(*bc));
+	if (bc == NULL)
+		err(1, "bt_cond: calloc");
+	bc->bc_condbs = condbs;
+	bc->bc_elsebs = elsebs;
 
+	return bs_new(B_AC_TEST, bop, (struct bt_var *)bc);
 }
+
 /* Create a new probe */
 struct bt_probe *
 bp_new(const char *prov, const char *func, const char *name, int32_t rate)
@@ -714,6 +723,7 @@ lookup(char *s)
 		{ "count",	MOP0, 		B_AT_MF_COUNT },
 		{ "cpu",	BUILTIN,	B_AT_BI_CPU },
 		{ "delete",	F_DELETE,	B_AC_DELETE },
+		{ "else",	ELSE,		0 },
 		{ "exit",	FUNC0,		B_AC_EXIT },
 		{ "hist",	OP1,		0 },
 		{ "hz",		HZ,		0 },

usr.sbin/btrace/bt_parser.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bt_parser.h,v 1.25 2023/10/12 15:16:44 cheloha Exp $	*/
+/*	$OpenBSD: bt_parser.h,v 1.26 2024/03/30 07:41:45 mpi Exp $	*/
 
 /*
  * Copyright (c) 2019-2021 Martin Pieuchot <mpi@openbsd.org>
@@ -180,6 +180,14 @@ struct bt_arg {
 
 #define BA_INITIALIZER(v, t)	{ { NULL }, (void *)(v), NULL, (t) }
 
+/*
+ * Represents branches of an if-else statement.
+ */
+struct bt_cond {
+	struct bt_stmt		*bc_condbs;
+	struct bt_stmt		*bc_elsebs;
+};
+
 /*
  * Each action associated with a given probe is made of at least one
  * statement.

usr.sbin/btrace/btrace.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: btrace.c,v 1.89 2024/02/27 12:38:12 mpi Exp $ */
+/*	$OpenBSD: btrace.c,v 1.90 2024/03/30 07:41:45 mpi Exp $ */
 
 /*
  * Copyright (c) 2019 - 2023 Martin Pieuchot <mpi@openbsd.org>
@@ -460,6 +460,7 @@ static uint64_t
 rules_action_scan(struct bt_stmt *bs)
 {
 	struct bt_arg *ba;
+	struct bt_cond *bc;
 	uint64_t evtflags = 0;
 
 	while (bs != NULL) {
@@ -474,8 +475,9 @@ rules_action_scan(struct bt_stmt *bs)
 			evtflags |= ba2dtflags(ba);
 			break;
 		case B_AC_TEST:
-			evtflags |= rules_action_scan(
+			bc = (struct bt_cond *)bs->bs_var;
-			    (struct bt_stmt *)bs->bs_var);
+			evtflags |= rules_action_scan(bc->bc_condbs);
+			evtflags |= rules_action_scan(bc->bc_elsebs);
 			break;
 		default:
 			break;
@@ -669,18 +671,6 @@ rule_eval(struct bt_rule *r, struct dt_evt *dtev)
 	}
 
 	SLIST_FOREACH(bs, &r->br_action, bs_next) {
-		if ((bs->bs_act == B_AC_TEST) && stmt_test(bs, dtev) == true) {
-			struct bt_stmt *bbs = (struct bt_stmt *)bs->bs_var;
-
-			while (bbs != NULL) {
-				if (stmt_eval(bbs, dtev))
-					return 1;
-				bbs = SLIST_NEXT(bbs, bs_next);
-			}
-
-			continue;
-		}
-
 		if (stmt_eval(bs, dtev))
 			return 1;
 	}
@@ -830,6 +820,8 @@ builtin_arg(struct dt_evt *dtev, enum bt_argtype dat)
 int
 stmt_eval(struct bt_stmt *bs, struct dt_evt *dtev)
 {
+	struct bt_stmt *bbs;
+	struct bt_cond *bc;
 	int halt = 0;
 
 	switch (bs->bs_act) {
@@ -858,7 +850,17 @@ stmt_eval(struct bt_stmt *bs, struct dt_evt *dtev)
 		stmt_store(bs, dtev);
 		break;
 	case B_AC_TEST:
-		/* done before */
+		bc = (struct bt_cond *)bs->bs_var;
+		if (stmt_test(bs, dtev) == true)
+			bbs = bc->bc_condbs;
+		else
+			bbs = bc->bc_elsebs;
+
+		while (bbs != NULL) {
+			if (stmt_eval(bbs, dtev))
+				return 1;
+			bbs = SLIST_NEXT(bbs, bs_next);
+		}
 		break;
 	case B_AC_TIME:
 		stmt_time(bs, dtev);