diff --git a/distrib/sets/lists/comp/mi b/distrib/sets/lists/comp/mi index f077954bf..4c2403560 100644 --- a/distrib/sets/lists/comp/mi +++ b/distrib/sets/lists/comp/mi @@ -1917,6 +1917,7 @@ ./usr/share/man/man3/ESS_SIGNING_CERT_new.3 ./usr/share/man/man3/EVP_AEAD_CTX_init.3 ./usr/share/man/man3/EVP_BytesToKey.3 +./usr/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 ./usr/share/man/man3/EVP_CIPHER_meth_new.3 ./usr/share/man/man3/EVP_DigestInit.3 ./usr/share/man/man3/EVP_DigestSignInit.3 @@ -1957,6 +1958,7 @@ ./usr/share/man/man3/EVP_chacha20.3 ./usr/share/man/man3/EVP_des_cbc.3 ./usr/share/man/man3/EVP_rc4.3 +./usr/share/man/man3/EVP_sha1.3 ./usr/share/man/man3/EVP_sha3_224.3 ./usr/share/man/man3/EVP_sm3.3 ./usr/share/man/man3/EVP_sm4_cbc.3 @@ -1964,6 +1966,7 @@ ./usr/share/man/man3/EXTENDED_KEY_USAGE_new.3 ./usr/share/man/man3/GENERAL_NAME_new.3 ./usr/share/man/man3/HMAC.3 +./usr/share/man/man3/MB_CUR_MAX.3 ./usr/share/man/man3/MD5.3 ./usr/share/man/man3/MD5Init.3 ./usr/share/man/man3/NAME_CONSTRAINTS_new.3 diff --git a/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 b/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 index e60e1fb30..4f75c8b00 100644 --- a/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 +++ b/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 @@ -1,7 +1,24 @@ -.\" $OpenBSD: EVP_CIPHER_CTX_get_cipher_data.3,v 1.2 2023/08/26 06:19:09 jsg Exp $ +.\" $OpenBSD: EVP_CIPHER_CTX_get_cipher_data.3,v 1.3 2023/08/26 15:12:04 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" -.\" This file was written by Matt Caswell +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2023 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Matt Caswell . .\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -53,7 +70,8 @@ .Os .Sh NAME .Nm EVP_CIPHER_CTX_get_cipher_data , -.Nm EVP_CIPHER_CTX_set_cipher_data +.Nm EVP_CIPHER_CTX_set_cipher_data , +.Nm EVP_CIPHER_CTX_buf_noconst .Nd inspect and modify EVP_CIPHER_CTX objects .Sh SYNOPSIS .In openssl/evp.h @@ -66,6 +84,10 @@ .Fa "EVP_CIPHER_CTX *ctx" .Fa "void *cipher_data" .Fc +.Ft unsigned char * +.Fo EVP_CIPHER_CTX_buf_noconst +.Fa "EVP_CIPHER_CTX *ctx" +.Fc .Sh DESCRIPTION .Fn EVP_CIPHER_CTX_get_cipher_data returns a pointer to the cipher data of @@ -89,6 +111,15 @@ A pointer to any existing cipher data is returned from this function. If the old data is no longer required, it should be freed through a call to .Xr free 3 . +.Pp +.Fn EVP_CIPHER_CTX_buf_noconst +provides engines and custom cipher implementations +with access to the internal buffer that +.Xr EVP_EncryptUpdate 3 +copies input data into before encrypting it. +This function can for example be used +inside callback functions installed with +.Xr EVP_CIPHER_meth_set_do_cipher 3 . .Sh RETURN VALUES .Fn EVP_CIPHER_CTX_get_cipher_data returns an internal pointer owned by @@ -98,12 +129,18 @@ returns an internal pointer owned by returns a pointer to the old cipher data of .Fa ctx and transfers ownership to the caller. +.Pp +.Fn EVP_CIPHER_CTX_buf_noconst +returns a pointer to an internal buffer owned by +.Fa ctx . .Sh SEE ALSO .Xr evp 3 , +.Xr EVP_CIPHER_meth_new 3 , .Xr EVP_EncryptInit 3 .Sh HISTORY -.Fn EVP_CIPHER_CTX_get_cipher_data +.Fn EVP_CIPHER_CTX_get_cipher_data , +.Fn EVP_CIPHER_CTX_set_cipher_data , and -.Fn EVP_CIPHER_CTX_set_cipher_data +.Fn EVP_CIPHER_CTX_buf_noconst first appeared in OpenSSL 1.1.0 and have been available since .Ox 7.1 . diff --git a/lib/libcrypto/man/EVP_CIPHER_meth_new.3 b/lib/libcrypto/man/EVP_CIPHER_meth_new.3 index 21555edfd..0ecb87340 100644 --- a/lib/libcrypto/man/EVP_CIPHER_meth_new.3 +++ b/lib/libcrypto/man/EVP_CIPHER_meth_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.1 2023/03/16 15:05:23 tb Exp $ +.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.2 2023/08/26 15:14:28 schwarze Exp $ .\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 .\" .\" The original file was written by Richard Levitte @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 16 2023 $ +.Dd $Mdocdate: August 26 2023 $ .Dt EVP_CIPHER_METH_NEW 3 .Os .Sh NAME @@ -179,7 +179,10 @@ At most one of the following cipher modes can be set: .Dv EVP_CIPH_XTS_MODE , and .Dv EVP_CIPH_WRAP_MODE . -The available flags are: +.Pp +Zero or more of the following flags can be OR'ed into the +.Fa flags +argument: .Bl -tag -width Ds .It EVP_CIPH_VARIABLE_LENGTH This cipher is of variable length. @@ -329,6 +332,7 @@ All .Fn EVP_CIPHER_meth_set_* functions return 1. .Sh SEE ALSO +.Xr evp 3 . .Xr EVP_EncryptInit 3 .Sh HISTORY These functions first appeared in OpenSSL 1.1.0 and have been available since diff --git a/lib/libcrypto/man/EVP_DigestInit.3 b/lib/libcrypto/man/EVP_DigestInit.3 index 2d790cb2c..54cc771b1 100644 --- a/lib/libcrypto/man/EVP_DigestInit.3 +++ b/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_DigestInit.3,v 1.28 2023/08/14 14:22:32 schwarze Exp $ +.\" $OpenBSD: EVP_DigestInit.3,v 1.29 2023/08/27 15:33:08 schwarze Exp $ .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -70,7 +70,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 14 2023 $ +.Dd $Mdocdate: August 27 2023 $ .Dt EVP_DIGESTINIT 3 .Os .Sh NAME @@ -107,9 +107,6 @@ .Nm EVP_MD_CTX_pkey_ctx , .Nm EVP_MD_CTX_set_pkey_ctx , .Nm EVP_md_null , -.Nm EVP_md5 , -.Nm EVP_md5_sha1 , -.Nm EVP_sha1 , .Nm EVP_sha224 , .Nm EVP_sha256 , .Nm EVP_sha384 , @@ -270,12 +267,6 @@ .Ft const EVP_MD * .Fn EVP_md_null void .Ft const EVP_MD * -.Fn EVP_md5 void -.Ft const EVP_MD * -.Fn EVP_md5_sha1 void -.Ft const EVP_MD * -.Fn EVP_sha1 void -.Ft const EVP_MD * .Fn EVP_sha224 void .Ft const EVP_MD * .Fn EVP_sha256 void @@ -413,7 +404,7 @@ from The .Fa type will typically be supplied by a function such as -.Fn EVP_sha1 . +.Fn EVP_sha512 . If .Fa impl is @@ -537,9 +528,9 @@ and .Fn EVP_MD_CTX_type return the NID of the OBJECT IDENTIFIER representing the message digest. For example -.Fn EVP_MD_type EVP_sha1() +.Fn EVP_MD_type EVP_sha512() returns -.Dv NID_sha1 . +.Dv NID_sha512 . These functions are normally used when setting ASN.1 OIDs. .Pp .Fn EVP_MD_CTX_md_data @@ -563,9 +554,9 @@ for more information. returns the NID of the public key signing algorithm associated with this digest. For example -.Fn EVP_sha1 +.Fn EVP_sha512 is associated with RSA so this will return -.Dv NID_sha1WithRSAEncryption . +.Dv NID_sha512WithRSAEncryption . Since digests and signature algorithms are no longer linked, this function is only retained for compatibility reasons. .Pp @@ -619,8 +610,6 @@ is dissociated from it as described above, but no new .Vt EVP_PKEY_CTX is assigned. .Pp -.Fn EVP_md5 , -.Fn EVP_sha1 , .Fn EVP_sha224 , .Fn EVP_sha256 , .Fn EVP_sha384 , @@ -629,7 +618,7 @@ and .Fn EVP_ripemd160 return .Vt EVP_MD -structures for the MD5, SHA1, SHA224, SHA256, SHA384, SHA512 and +structures for the SHA224, SHA256, SHA384, SHA512 and RIPEMD160 digest algorithms respectively. .Pp .Fn EVP_sha512_224 @@ -640,11 +629,6 @@ return an structure that provides the truncated SHA512 variants SHA512/224 and SHA512/256, respectively. .Pp -.Fn EVP_md5_sha1 -returns an -.Vt EVP_MD -structure that provides concatenated MD5 and SHA1 message digests. -.Pp .Fn EVP_md_null is a "null" message digest that does nothing: i.e. the hash it returns is of zero length. @@ -671,9 +655,6 @@ in preference to the low-level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. .Pp -New applications should use the SHA2 digest algorithms such as SHA256. -The other digest algorithms are still in common use. -.Pp For most applications the .Fa impl parameter to @@ -757,10 +738,7 @@ if is .Dv NULL . .Pp -.Fn EVP_md_null , -.Fn EVP_md5 , -.Fn EVP_md5_sha1 , -.Fn EVP_sha1 , +.Fn EVP_md_null and .Fn EVP_ripemd160 return pointers to the corresponding @@ -830,6 +808,7 @@ main(int argc, char *argv[]) .Xr EVP_MD_meth_new 3 , .Xr EVP_PKEY_CTX_set_signature_md 3 , .Xr EVP_PKEY_meth_set_signctx 3 , +.Xr EVP_sha1 3 , .Xr EVP_sha3_224 3 , .Xr EVP_SignInit 3 , .Xr EVP_sm3 3 , @@ -847,10 +826,8 @@ main(int argc, char *argv[]) .Fn EVP_DigestInit , .Fn EVP_DigestUpdate , .Fn EVP_DigestFinal , -.Dv EVP_MAX_MD_SIZE , -.Fn EVP_md5 , and -.Fn EVP_sha1 +.Dv EVP_MAX_MD_SIZE first appeared in SSLeay 0.5.1. .Fn EVP_MD_size first appeared in SSLeay 0.6.6. @@ -869,8 +846,6 @@ first appeared in SSLeay 0.8.1. .Fn EVP_MD_block_size , .Fn EVP_MD_CTX_size , .Fn EVP_MD_CTX_block_size , -.Fn EVP_rc4_40 , -.Fn EVP_rc2_40_cbc , and .Fn EVP_ripemd160 first appeared in SSLeay 0.9.0. @@ -920,9 +895,8 @@ first appeared in OpenSSL 1.1.0 and has been available since .Pp .Fn EVP_MD_CTX_new , .Fn EVP_MD_CTX_reset , -.Fn EVP_MD_CTX_free , and -.Fn EVP_md5_sha1 +.Fn EVP_MD_CTX_free first appeared in OpenSSL 1.1.0 and have been available since .Ox 6.3 . .Pp @@ -940,8 +914,3 @@ and .Fn EVP_sha512_256 first appeared in OpenSSL 1.1.1 and have been available since .Ox 7.4 . -.Pp -The link between digests and signing algorithms was fixed in OpenSSL 1.0 -and later, so now -.Fn EVP_sha1 -can be used with RSA and DSA. diff --git a/lib/libcrypto/man/EVP_EncryptInit.3 b/lib/libcrypto/man/EVP_EncryptInit.3 index 556b50c92..b6d9080be 100644 --- a/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_EncryptInit.3,v 1.46 2023/08/16 13:50:05 schwarze Exp $ +.\" $OpenBSD: EVP_EncryptInit.3,v 1.47 2023/08/26 15:01:56 schwarze Exp $ .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 .\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod .\" 7c6d372a Nov 20 13:20:01 2018 +0000 @@ -6,7 +6,7 @@ .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2019 Ingo Schwarze +.\" Copyright (c) 2019, 2023 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -69,7 +69,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 16 2023 $ +.Dd $Mdocdate: August 26 2023 $ .Dt EVP_ENCRYPTINIT 3 .Os .Sh NAME @@ -78,6 +78,7 @@ .Nm EVP_CIPHER_CTX_cleanup , .Nm EVP_CIPHER_CTX_init , .Nm EVP_CIPHER_CTX_free , +.Nm EVP_CIPHER_CTX_copy , .Nm EVP_EncryptInit_ex , .Nm EVP_EncryptUpdate , .Nm EVP_EncryptFinal_ex , @@ -94,6 +95,7 @@ .Nm EVP_CipherInit , .Nm EVP_CipherFinal , .Nm EVP_Cipher , +.Nm EVP_CIPHER_CTX_encrypting , .Nm EVP_CIPHER_CTX_set_flags , .Nm EVP_CIPHER_CTX_clear_flags , .Nm EVP_CIPHER_CTX_test_flags , @@ -170,6 +172,11 @@ .Fa "EVP_CIPHER_CTX *ctx" .Fc .Ft int +.Fo EVP_CIPHER_CTX_copy +.Fa "EVP_CIPHER_CTX *out" +.Fa "const EVP_CIPHER_CTX *in" +.Fc +.Ft int .Fo EVP_EncryptInit_ex .Fa "EVP_CIPHER_CTX *ctx" .Fa "const EVP_CIPHER *type" @@ -283,6 +290,10 @@ .Fa "const unsigned char *in" .Fa "unsigned int inl" .Fc +.Ft int +.Fo EVP_CIPHER_CTX_encrypting +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc .Ft void .Fo EVP_CIPHER_CTX_set_flags .Fa "EVP_CIPHER_CTX *ctx" @@ -465,6 +476,55 @@ is a .Dv NULL pointer, no action occurs. .Pp +.Fn EVP_CIPHER_CTX_copy +calls +.Fn EVP_CIPHER_CTX_reset +on +.Fa out +and copies all the data from +.Fa in +to +.Fa out , +except that the +.Vt EVP_CIPHER +and +.Vt ENGINE +objects used by +.Fa in +and any application specific data set with +.Fn EVP_CIPHER_CTX_set_app_data +are not copied and +.Fa out +will point to the same three objects. +The algorithm- and implementation-specific cipher data described in +.Xr EVP_CIPHER_CTX_get_cipher_data 3 +is copied with +.Xr malloc 3 +and +.Xr memcpy 3 , +i.e. assuming that it does not contain pointers to any sub-objects. +If the bit +.Dv EVP_CIPH_CUSTOM_COPY +has been set with +.Xr EVP_CIPHER_meth_set_flags 3 , +.Fn EVP_CIPHER_CTX_ctrl +is called at the end with arguments +.Fa in , +.Dv EVP_CTRL_COPY , +.No 0 , +and +.Fa out +such that the cipher implementation can perform further algorithm- +and implementation-specific initializations after the algorithm- +and implementation-specific cipher data has been copied. +Among the cipher algorithms built into the library, +.Dv EVP_CIPH_CUSTOM_COPY +and +.Dv EVP_CTRL_COPY +are used by some of the ciphers documented in the +.Xr EVP_aes_256_gcm 3 +manual page. +.Pp .Fn EVP_EncryptInit_ex sets up the cipher context .Fa ctx @@ -877,6 +937,7 @@ for failure. .Pp .Fn EVP_CIPHER_CTX_reset , .Fn EVP_CIPHER_CTX_cleanup , +.Fn EVP_CIPHER_CTX_copy , .Fn EVP_CIPHER_CTX_get_iv , .Fn EVP_CIPHER_CTX_set_iv , .Fn EVP_EncryptInit_ex , @@ -900,6 +961,12 @@ and .Fn EVP_CIPHER_CTX_rand_key return 1 for success or 0 for failure. .Pp +.Fn EVP_CIPHER_CTX_encrypting +returns 1 if +.Fa ctx +is initialized for encryption or 0 otherwise, in which case +it may be uninitialized or initialized for decryption. +.Pp .Fn EVP_CIPHER_CTX_set_padding always returns 1. .Pp @@ -1243,6 +1310,7 @@ do_crypt(FILE *in, FILE *out, int do_encrypt) .Xr EVP_aes_128_cbc 3 , .Xr EVP_camellia_128_cbc 3 , .Xr EVP_chacha20 3 , +.Xr EVP_CIPHER_CTX_get_cipher_data 3 , .Xr EVP_des_cbc 3 , .Xr EVP_OpenInit 3 , .Xr EVP_rc4 3 , @@ -1355,14 +1423,23 @@ first appeared in OpenSSL 0.9.8b. These functions have been available since .Ox 4.5 . .Pp +.Fn EVP_CIPHER_CTX_copy +first appeared in OpenSSL 1.0.0 +and has been available since +.Ox 4.9 . +.Pp .Fn EVP_CIPHER_CTX_reset first appeared in OpenSSL 1.1.0 and has been available since .Ox 6.3 . .Pp +.Fn EVP_CIPHER_CTX_encrypting +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.4 . +.Pp .Fn EVP_CIPHER_CTX_get_iv and .Fn EVP_CIPHER_CTX_set_iv -first appeared in LibreSSL 2.8.1 and has been available since +first appeared in LibreSSL 2.8.1 and have been available since .Ox 6.4 . .Sh BUGS .Dv EVP_MAX_KEY_LENGTH @@ -1378,3 +1455,8 @@ bytes. The ASN.1 code is incomplete (and sometimes inaccurate). It has only been tested for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. +.Pp +.Fn EVP_CIPHER_CTX_copy +may already have cleared the data in +.Fa out +and copied some new data into it even if it fails and returns 0. diff --git a/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 index c14420ba5..d5bc0ea8e 100644 --- a/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 +++ b/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.5 2020/06/24 19:55:54 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.6 2023/08/27 13:23:12 schwarze Exp $ .\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2020 Ingo Schwarze +.\" Copyright (c) 2020, 2023 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: August 27 2023 $ .Dt EVP_PKEY_ASN1_GET_COUNT 3 .Os .Sh NAME @@ -141,8 +141,17 @@ If one is found, is set to that engine and the method from that engine is returned instead. .Pp .Fn EVP_PKEY_asn1_find_str -looks up the method with PEM type string +looks up the method with the PEM type string given by the first +.Fa len +bytes of .Fa str . +If +.Fa len +is \-1, the +.Xr strlen 3 +of +.Fa str +is used instead. The PEM type strings supported by default are listed in the .Xr EVP_PKEY_base_id 3 manual page. @@ -190,6 +199,13 @@ is out of range. returns the public key method used by .Fa pkey . .Pp +.Fn EVP_PKEY_asn1_find +and +.Fn EVP_PKEY_asn1_find_str +return a matching public key method or +.Dv NULL +if no match is found. +.Pp .Fn EVP_PKEY_asn1_get0_info returns 1 on success or 0 on failure. .Sh SEE ALSO diff --git a/lib/libcrypto/man/EVP_PKEY_asn1_new.3 b/lib/libcrypto/man/EVP_PKEY_asn1_new.3 index d9947ad74..aa6e016df 100644 --- a/lib/libcrypto/man/EVP_PKEY_asn1_new.3 +++ b/lib/libcrypto/man/EVP_PKEY_asn1_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.8 2022/07/13 19:10:40 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.9 2023/08/27 13:15:29 schwarze Exp $ .\" selective merge up to: .\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 13 2022 $ +.Dd $Mdocdate: August 27 2023 $ .Dt EVP_PKEY_ASN1_NEW 3 .Os .Sh NAME @@ -332,7 +332,7 @@ Free the internals of This method is called by .Xr EVP_PKEY_free 3 , .Xr EVP_PKEY_set_type 3 , -.Fn EVP_PKEY_set_type_str , +.Xr EVP_PKEY_set_type_str 3 , and .Xr EVP_PKEY_assign 3 . .Bd -filled diff --git a/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index cf2786d6e..4a382e115 100644 --- a/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.19 2022/09/11 04:39:46 jsg Exp $ +.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.20 2023/08/27 13:08:15 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2019, 2020 Ingo Schwarze +.\" Copyright (c) 2019, 2020, 2023 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 11 2022 $ +.Dd $Mdocdate: August 27 2023 $ .Dt EVP_PKEY_SET1_RSA 3 .Os .Sh NAME @@ -92,7 +92,8 @@ .Nm EVP_PKEY_base_id , .Nm EVP_PKEY_id , .Nm EVP_PKEY_type , -.Nm EVP_PKEY_set_type +.Nm EVP_PKEY_set_type , +.Nm EVP_PKEY_set_type_str .\" The function X509_certificate_type(3) is intentionally undocumented .\" and scheduled for deletion from the library. BoringSSL already .\" deleted it and OpenSSL deprecates it in version 3.0. @@ -208,6 +209,12 @@ .Fa "EVP_PKEY *pkey" .Fa "int type" .Fc +.Ft int +.Fo EVP_PKEY_set_type_str +.Fa "EVP_PKEY *pkey" +.Fa "const char *str" +.Fa "int len" +.Fc .Sh DESCRIPTION .Fn EVP_PKEY_set1_RSA , .Fn EVP_PKEY_set1_DSA , @@ -361,6 +368,36 @@ and .Fn EVP_PKEY_id can be passed. .Pp +.Fn EVP_PKEY_set_type_str +frees the key referenced in +.Fa pkey , +if any, and sets the key type of +.Fa pkey +according to the PEM type string given by the first +.Fa len +bytes of +.Fa str . +If +.Fa len +is \-1, the +.Xr strlen 3 +of +.Fa str +is used instead. +The PEM type strings supported by default are listed in the table above. +This function does not reference a new key from +.Fa pkey . +.Pp +If +.Fa pkey +is a +.Dv NULL +pointer, +.Fn EVP_PKEY_set_type +and +.Fn EVP_PKEY_set_type_str +check that a matching key type exists but do not change any object. +.Pp In accordance with the OpenSSL naming convention, the key obtained from or assigned to .Fa pkey @@ -379,8 +416,9 @@ functions must be freed as well as .Fn EVP_PKEY_assign_EC_KEY , .Fn EVP_PKEY_assign_GOST , .Fn EVP_PKEY_assign , +.Fn EVP_PKEY_set_type , and -.Fn EVP_PKEY_set_type +.Fn EVP_PKEY_set_type_str return 1 for success or 0 for failure. .Pp .Fn EVP_PKEY_get1_RSA , @@ -454,10 +492,11 @@ first appeared in OpenSSL 0.9.8 and have been available since .Ox 4.5 . .Pp .Fn EVP_PKEY_get0 , -.Fn EVP_PKEY_set_type , .Fn EVP_PKEY_base_id , +.Fn EVP_PKEY_id , +.Fn EVP_PKEY_set_type , and -.Fn EVP_PKEY_id +.Fn EVP_PKEY_set_type_str first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . .Pp diff --git a/lib/libcrypto/man/EVP_sha1.3 b/lib/libcrypto/man/EVP_sha1.3 new file mode 100644 index 000000000..43898a5f6 --- /dev/null +++ b/lib/libcrypto/man/EVP_sha1.3 @@ -0,0 +1,121 @@ +.\" $OpenBSD: EVP_sha1.3,v 1.1 2023/08/27 15:33:08 schwarze Exp $ +.\" +.\" Copyright (c) 2023 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 27 2023 $ +.Dt EVP_SHA1 3 +.Os +.Sh NAME +.Nm EVP_sha1 , +.Nm EVP_md5 , +.Nm EVP_md5_sha1 , +.Nm EVP_md4 +.Nd legacy message digest algorithms +.Sh SYNOPSIS +.In openssl/evp.h +.Ft const EVP_MD * +.Fn EVP_sha1 void +.Ft const EVP_MD * +.Fn EVP_md5 void +.Ft const EVP_MD * +.Fn EVP_md5_sha1 void +.Ft const EVP_MD * +.Fn EVP_md4 void +.Sh DESCRIPTION +The following message digest algorithms are cryptographically broken. +None of them should be used in new code unless there is no way around it. +.Pp +.Fn EVP_sha1 +implements the SHA-1 algorithm and produces 160 bits of output +from a given input. +Examples of protocols and software still requiring it +include OCSP, DNS, and the +.Sy git +version control system. +.Pp +.Fn EVP_md5 +implements the MD5 algorithm and produces 128 bits of output +from a given input. +It is still occasionally used when no security is required +but a fast hash algorithm is beneficial. +.Pp +.Fn EVP_md5_sha1 +produces concatenated MD5 and SHA-1 message digests. +Do not use this except where it is required for the historic SSLv3 protocol. +.Pp +.Fn EVP_md4 +implements the MD4 algorithm and produces 128 bits of output +from a given input. +It has been marked as +.Dq historic +by the Internet Engineering Task Force since 2011. +.Sh RETURN VALUES +These functions return pointers to static +.Vt EVP_MD +objects implementing the hash functions. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_MD_meth_new 3 +.Sh STANDARDS +.Rs +.%A T. Polk +.%A L. Chen +.%A S. Turner +.%A P. Hoffman +.%T Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms +.%R RFC 6194 +.%D March 2011 +.Re +.Pp +.Rs +.%A S. Turner +.%A L. Chen +.%T Updated Security Considerations for the MD5 Message-Digest\ + and the HMAC-MD5 Algorithms +.%R RFC 6151 +.%D March 2011 +.Re +.Pp +.Rs +.%A S. Turner +.%A L. Chen +.%T MD4 to Historic Status +.%R RFC 6150 +.%D March 2011 +.Re +.Pp +.Rs +.%A P. Kocher +.%A P. Karlton +.%A A. Freier +.%T The Secure Sockets Layer (SSL) Protocol Version 3.0 +.%R RFC 6101 +.%D August 2011 +.Re +.Sh HISTORY +.Fn EVP_sha1 +and +.Fn EVP_md5 +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn EVP_md4 +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . +.Pp +.Fn EVP_md5_sha1 +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index 24b53b9eb..2c243f7fe 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.263 2023/08/25 18:22:41 schwarze Exp $ +# $OpenBSD: Makefile,v 1.264 2023/08/27 15:33:08 schwarze Exp $ .include @@ -205,6 +205,7 @@ MAN= \ EVP_chacha20.3 \ EVP_des_cbc.3 \ EVP_rc4.3 \ + EVP_sha1.3 \ EVP_sha3_224.3 \ EVP_sm3.3 \ EVP_sm4_cbc.3 \ diff --git a/lib/libcrypto/man/evp.3 b/lib/libcrypto/man/evp.3 index 92a6c6a41..d53fa94fe 100644 --- a/lib/libcrypto/man/evp.3 +++ b/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: evp.3,v 1.19 2023/08/25 18:22:41 schwarze Exp $ +.\" $OpenBSD: evp.3,v 1.20 2023/08/27 15:33:08 schwarze Exp $ .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Ulf Moeller , @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 25 2023 $ +.Dd $Mdocdate: August 27 2023 $ .Dt EVP 3 .Os .Sh NAME @@ -234,6 +234,7 @@ operations are more efficient using the high-level interfaces. .Xr EVP_PKEY_verify_recover 3 , .Xr EVP_rc4 3 , .Xr EVP_SealInit 3 , +.Xr EVP_sha1 3 , .Xr EVP_sha3_224 3 , .Xr EVP_SignInit 3 , .Xr EVP_sm3 3 , diff --git a/share/man/man4/man4.loongson/glxclk.4 b/share/man/man4/man4.loongson/glxclk.4 index c2cffb97a..f717315d8 100644 --- a/share/man/man4/man4.loongson/glxclk.4 +++ b/share/man/man4/man4.loongson/glxclk.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: glxclk.4,v 1.8 2022/02/17 12:24:08 jsg Exp $ +.\" $OpenBSD: glxclk.4,v 1.9 2023/08/26 11:10:05 visa Exp $ .\" .\" Copyright (c) 2013 Paul Irofti. .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: February 17 2022 $ +.Dd $Mdocdate: August 26 2023 $ .Dt GLXCLK 4 loongson .Os .Sh NAME @@ -25,23 +25,11 @@ .Sh DESCRIPTION The .Nm -driver enables two of the multi-function general purpose timers found on the -Geode companion chip to be used as the system clock and the statistics clock. -.Pp -The statistics clock is implemented with interval variance support based on -Chris Torek's paper on randomized sampling. +driver enables one of the multi-function general purpose timers found on the +Geode companion chip to be used as the system clock. .Sh SEE ALSO .Xr glxpcib 4 , .Xr intro 4 -.Rs -.%A Steven McCanne -.%A Chris Torek -.%T "A Randomized Sampling Clock for CPU Utilization Estimation and Code Profiling" -.%B "In Proc. Winter 1993 USENIX Conference" -.%D 1993 -.%P pp. 387\(en394 -.%I USENIX Association -.Re .Sh HISTORY The .Nm diff --git a/sys/dev/ic/pckbc.c b/sys/dev/ic/pckbc.c index 52f634139..3c8212630 100644 --- a/sys/dev/ic/pckbc.c +++ b/sys/dev/ic/pckbc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pckbc.c,v 1.54 2023/07/25 10:00:44 miod Exp $ */ +/* $OpenBSD: pckbc.c,v 1.55 2023/08/26 15:01:00 jmc Exp $ */ /* $NetBSD: pckbc.c,v 1.5 2000/06/09 04:58:35 soda Exp $ */ /* @@ -459,7 +459,7 @@ pckbc_release_console(void) * In that case, we want to release ourselves from console * duties, unless we have been able to attach a mouse, * which would mean this is a real PS/2 controller - * afterwards. + * after all. */ if (pckbc_console != 0) { extern void wscn_input_init(int); diff --git a/sys/dev/pci/if_iwx.c b/sys/dev/pci/if_iwx.c index 26b002045..01bf04f48 100644 --- a/sys/dev/pci/if_iwx.c +++ b/sys/dev/pci/if_iwx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_iwx.c,v 1.175 2023/07/05 15:07:28 stsp Exp $ */ +/* $OpenBSD: if_iwx.c,v 1.176 2023/08/26 09:05:34 stsp Exp $ */ /* * Copyright (c) 2014, 2016 genua gmbh @@ -425,7 +425,7 @@ void iwx_scan_umac_dwell_v10(struct iwx_softc *, void iwx_scan_umac_fill_general_p_v10(struct iwx_softc *, struct iwx_scan_general_params_v10 *, uint16_t, int); void iwx_scan_umac_fill_ch_p_v6(struct iwx_softc *, - struct iwx_scan_channel_params_v6 *, uint32_t, int, int); + struct iwx_scan_channel_params_v6 *, uint32_t, int); int iwx_umac_scan_v14(struct iwx_softc *, int); void iwx_mcc_update(struct iwx_softc *, struct iwx_mcc_chub_notif *); uint8_t iwx_ridx2rate(struct ieee80211_rateset *, int); @@ -6855,7 +6855,7 @@ iwx_rm_sta(struct iwx_softc *sc, struct iwx_node *in) uint8_t iwx_umac_scan_fill_channels(struct iwx_softc *sc, struct iwx_scan_channel_cfg_umac *chan, size_t chan_nitems, - int n_ssids, int bgscan) + int n_ssids, uint32_t channel_cfg_flags) { struct ieee80211com *ic = &sc->sc_ic; struct ieee80211_channel *c; @@ -6886,8 +6886,8 @@ iwx_umac_scan_fill_channels(struct iwx_softc *sc, chan->v1.iter_count = 1; chan->v1.iter_interval = htole16(0); } - if (n_ssids != 0 && !bgscan) - chan->flags = htole32(1 << 0); /* select SSID 0 */ + + chan->flags = htole32(channel_cfg_flags); chan++; nchan++; } @@ -7128,12 +7128,12 @@ iwx_scan_umac_fill_general_p_v10(struct iwx_softc *sc, void iwx_scan_umac_fill_ch_p_v6(struct iwx_softc *sc, struct iwx_scan_channel_params_v6 *cp, uint32_t channel_cfg_flags, - int n_ssid, int bgscan) + int n_ssid) { cp->flags = IWX_SCAN_CHANNEL_FLAG_ENABLE_CHAN_ORDER; cp->count = iwx_umac_scan_fill_channels(sc, cp->channel_config, - nitems(cp->channel_config), n_ssid, bgscan); + nitems(cp->channel_config), n_ssid, channel_cfg_flags); cp->n_aps_override[0] = IWX_SCAN_ADWELL_N_APS_GO_FRIENDLY; cp->n_aps_override[1] = IWX_SCAN_ADWELL_N_APS_SOCIAL_CHS; @@ -7188,7 +7188,7 @@ iwx_umac_scan_v14(struct iwx_softc *sc, int bgscan) } iwx_scan_umac_fill_ch_p_v6(sc, &scan_p->channel_params, bitmap_ssid, - n_ssid, bgscan); + n_ssid); hcmd.len[0] = sizeof(*cmd); hcmd.data[0] = (void *)cmd; diff --git a/sys/dev/usb/if_umb.c b/sys/dev/usb/if_umb.c index 77dd53942..9f98b65dd 100644 --- a/sys/dev/usb/if_umb.c +++ b/sys/dev/usb/if_umb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_umb.c,v 1.51 2023/04/18 22:01:23 mvs Exp $ */ +/* $OpenBSD: if_umb.c,v 1.52 2023/08/26 11:33:46 dlg Exp $ */ /* * Copyright (c) 2016 genua mbH @@ -138,7 +138,6 @@ void umb_close_bulkpipes(struct umb_softc *); int umb_ioctl(struct ifnet *, u_long, caddr_t); int umb_output(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); -void umb_input(struct ifnet *, struct mbuf *); void umb_start(struct ifnet *); void umb_rtrequest(struct ifnet *, int, struct rtentry *); void umb_watchdog(struct ifnet *); @@ -610,7 +609,8 @@ umb_attach(struct device *parent, struct device *self, void *aux) sizeof (struct ncm_pointer16); ifp->if_mtu = 1500; /* use a common default */ ifp->if_hardmtu = sc->sc_maxpktlen; - ifp->if_input = umb_input; + ifp->if_bpf_mtap = p2p_bpf_mtap; + ifp->if_input = p2p_input; ifp->if_output = umb_output; if_attach(ifp); if_alloc_sadl(ifp); @@ -910,48 +910,6 @@ umb_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, return if_enqueue(ifp, m); } -void -umb_input(struct ifnet *ifp, struct mbuf *m) -{ - uint32_t af; - - if ((ifp->if_flags & IFF_UP) == 0) { - m_freem(m); - return; - } - if (m->m_pkthdr.len < sizeof (struct ip) + sizeof(af)) { - ifp->if_ierrors++; - DPRINTFN(4, "%s: dropping short packet (len %d)\n", __func__, - m->m_pkthdr.len); - m_freem(m); - return; - } - m->m_pkthdr.ph_rtableid = ifp->if_rdomain; - - /* pop off DLT_LOOP header, no longer needed */ - af = *mtod(m, uint32_t *); - m_adj(m, sizeof (af)); - af = ntohl(af); - - ifp->if_ibytes += m->m_pkthdr.len; - switch (af) { - case AF_INET: - ipv4_input(ifp, m); - return; -#ifdef INET6 - case AF_INET6: - ipv6_input(ifp, m); - return; -#endif /* INET6 */ - default: - ifp->if_ierrors++; - DPRINTFN(4, "%s: dropping packet with bad IP version (af %d)\n", - __func__, af); - m_freem(m); - return; - } -} - static inline int umb_align(size_t bufsz, int offs, int alignment, int remainder) { @@ -2376,7 +2334,7 @@ umb_decap(struct umb_softc *sc, struct usbd_xfer *xfer) struct ifnet *ifp = GET_IFP(sc); int s; void *buf; - uint32_t len, af = 0; + uint32_t len; char *dp; struct ncm_header16 *hdr16; struct ncm_header32 *hdr32; @@ -2499,20 +2457,14 @@ umb_decap(struct umb_softc *sc, struct usbd_xfer *xfer) ifp->if_iqdrops++; continue; } - m = m_prepend(m, sizeof(uint32_t), M_DONTWAIT); - if (m == NULL) { - ifp->if_iqdrops++; - continue; - } switch (*dp & 0xf0) { case 4 << 4: - af = htonl(AF_INET); + m->m_pkthdr.ph_family = AF_INET; break; case 6 << 4: - af = htonl(AF_INET6); + m->m_pkthdr.ph_family = AF_INET6; break; } - *mtod(m, uint32_t *) = af; ml_enqueue(&ml, m); } done: diff --git a/sys/kern/kern_clockintr.c b/sys/kern/kern_clockintr.c index 48fb0def3..1f234f15b 100644 --- a/sys/kern/kern_clockintr.c +++ b/sys/kern/kern_clockintr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_clockintr.c,v 1.32 2023/08/21 17:22:04 cheloha Exp $ */ +/* $OpenBSD: kern_clockintr.c,v 1.33 2023/08/26 22:21:00 cheloha Exp $ */ /* * Copyright (c) 2003 Dale Rahn * Copyright (c) 2020 Mark Kettenis @@ -49,6 +49,8 @@ uint64_t clockintr_nsecuptime(const struct clockintr *); void clockintr_schedule(struct clockintr *, uint64_t); void clockintr_schedule_locked(struct clockintr *, uint64_t); void clockintr_statclock(struct clockintr *, void *); +void clockqueue_intrclock_install(struct clockintr_queue *, + const struct intrclock *); uint64_t clockqueue_next(const struct clockintr_queue *); void clockqueue_reset_intrclock(struct clockintr_queue *); uint64_t nsec_advance(uint64_t *, uint64_t, uint64_t); @@ -106,10 +108,8 @@ clockintr_cpu_init(const struct intrclock *ic) KASSERT(ISSET(clockintr_flags, CL_INIT)); - if (ic != NULL && !ISSET(cq->cq_flags, CQ_INTRCLOCK)) { - cq->cq_intrclock = *ic; - SET(cq->cq_flags, CQ_INTRCLOCK); - } + if (ic != NULL) + clockqueue_intrclock_install(cq, ic); /* TODO: Remove these from struct clockintr_queue. */ if (cq->cq_hardclock == NULL) { @@ -533,6 +533,18 @@ clockqueue_init(struct clockintr_queue *cq) SET(cq->cq_flags, CQ_INIT); } +void +clockqueue_intrclock_install(struct clockintr_queue *cq, + const struct intrclock *ic) +{ + mtx_enter(&cq->cq_mtx); + if (!ISSET(cq->cq_flags, CQ_INTRCLOCK)) { + cq->cq_intrclock = *ic; + SET(cq->cq_flags, CQ_INTRCLOCK); + } + mtx_leave(&cq->cq_mtx); +} + uint64_t clockqueue_next(const struct clockintr_queue *cq) {