sync code with last improvements from OpenBSD

distrib/sets/lists/comp/mi

@@ -1917,6 +1917,7 @@
 ./usr/share/man/man3/ESS_SIGNING_CERT_new.3
 ./usr/share/man/man3/EVP_AEAD_CTX_init.3
 ./usr/share/man/man3/EVP_BytesToKey.3
+./usr/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3
 ./usr/share/man/man3/EVP_CIPHER_meth_new.3
 ./usr/share/man/man3/EVP_DigestInit.3
 ./usr/share/man/man3/EVP_DigestSignInit.3
@@ -1957,6 +1958,7 @@
 ./usr/share/man/man3/EVP_chacha20.3
 ./usr/share/man/man3/EVP_des_cbc.3
 ./usr/share/man/man3/EVP_rc4.3
+./usr/share/man/man3/EVP_sha1.3
 ./usr/share/man/man3/EVP_sha3_224.3
 ./usr/share/man/man3/EVP_sm3.3
 ./usr/share/man/man3/EVP_sm4_cbc.3
@@ -1964,6 +1966,7 @@
 ./usr/share/man/man3/EXTENDED_KEY_USAGE_new.3
 ./usr/share/man/man3/GENERAL_NAME_new.3
 ./usr/share/man/man3/HMAC.3
+./usr/share/man/man3/MB_CUR_MAX.3
 ./usr/share/man/man3/MD5.3
 ./usr/share/man/man3/MD5Init.3
 ./usr/share/man/man3/NAME_CONSTRAINTS_new.3

lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3

@@ -1,7 +1,24 @@
-.\" $OpenBSD: EVP_CIPHER_CTX_get_cipher_data.3,v 1.2 2023/08/26 06:19:09 jsg Exp $
+.\" $OpenBSD: EVP_CIPHER_CTX_get_cipher_data.3,v 1.3 2023/08/26 15:12:04 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
-.\" This file was written by Matt Caswell <matt@openssl.org>
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Matt Caswell <matt@openssl.org>.
 .\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -53,7 +70,8 @@
 .Os
 .Sh NAME
 .Nm EVP_CIPHER_CTX_get_cipher_data ,
-.Nm EVP_CIPHER_CTX_set_cipher_data
+.Nm EVP_CIPHER_CTX_set_cipher_data ,
+.Nm EVP_CIPHER_CTX_buf_noconst
 .Nd inspect and modify EVP_CIPHER_CTX objects
 .Sh SYNOPSIS
 .In openssl/evp.h
@@ -66,6 +84,10 @@
 .Fa "EVP_CIPHER_CTX *ctx"
 .Fa "void *cipher_data"
 .Fc
+.Ft unsigned char *
+.Fo EVP_CIPHER_CTX_buf_noconst
+.Fa "EVP_CIPHER_CTX *ctx"
+.Fc
 .Sh DESCRIPTION
 .Fn EVP_CIPHER_CTX_get_cipher_data
 returns a pointer to the cipher data of
@@ -89,6 +111,15 @@ A pointer to any existing cipher data is returned from this function.
 If the old data is no longer required,
 it should be freed through a call to
 .Xr free 3 .
+.Pp
+.Fn EVP_CIPHER_CTX_buf_noconst
+provides engines and custom cipher implementations
+with access to the internal buffer that
+.Xr EVP_EncryptUpdate 3
+copies input data into before encrypting it.
+This function can for example be used
+inside callback functions installed with
+.Xr EVP_CIPHER_meth_set_do_cipher 3 .
 .Sh RETURN VALUES
 .Fn EVP_CIPHER_CTX_get_cipher_data
 returns an internal pointer owned by
@@ -98,12 +129,18 @@ returns an internal pointer owned by
 returns a pointer to the old cipher data of
 .Fa ctx
 and transfers ownership to the caller.
+.Pp
+.Fn EVP_CIPHER_CTX_buf_noconst
+returns a pointer to an internal buffer owned by
+.Fa ctx .
 .Sh SEE ALSO
 .Xr evp 3 ,
+.Xr EVP_CIPHER_meth_new 3 ,
 .Xr EVP_EncryptInit 3
 .Sh HISTORY
-.Fn EVP_CIPHER_CTX_get_cipher_data
+.Fn EVP_CIPHER_CTX_get_cipher_data ,
+.Fn EVP_CIPHER_CTX_set_cipher_data ,
 and
-.Fn EVP_CIPHER_CTX_set_cipher_data
+.Fn EVP_CIPHER_CTX_buf_noconst
 first appeared in OpenSSL 1.1.0 and have been available since
 .Ox 7.1 .

lib/libcrypto/man/EVP_CIPHER_meth_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.1 2023/03/16 15:05:23 tb Exp $
+.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.2 2023/08/26 15:14:28 schwarze Exp $
 .\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000
 .\"
 .\" The original file was written by Richard Levitte <levitte@openssl.org>
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 16 2023 $
+.Dd $Mdocdate: August 26 2023 $
 .Dt EVP_CIPHER_METH_NEW 3
 .Os
 .Sh NAME
@@ -179,7 +179,10 @@ At most one of the following cipher modes can be set:
 .Dv EVP_CIPH_XTS_MODE ,
 and
 .Dv EVP_CIPH_WRAP_MODE .
-The available flags are:
+.Pp
+Zero or more of the following flags can be OR'ed into the
+.Fa flags
+argument:
 .Bl -tag -width Ds
 .It EVP_CIPH_VARIABLE_LENGTH
 This cipher is of variable length.
@@ -329,6 +332,7 @@ All
 .Fn EVP_CIPHER_meth_set_*
 functions return 1.
 .Sh SEE ALSO
+.Xr evp 3 .
 .Xr EVP_EncryptInit 3
 .Sh HISTORY
 These functions first appeared in OpenSSL 1.1.0 and have been available since

lib/libcrypto/man/EVP_DigestInit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_DigestInit.3,v 1.28 2023/08/14 14:22:32 schwarze Exp $
+.\" $OpenBSD: EVP_DigestInit.3,v 1.29 2023/08/27 15:33:08 schwarze Exp $
 .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -70,7 +70,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 14 2023 $
+.Dd $Mdocdate: August 27 2023 $
 .Dt EVP_DIGESTINIT 3
 .Os
 .Sh NAME
@@ -107,9 +107,6 @@
 .Nm EVP_MD_CTX_pkey_ctx ,
 .Nm EVP_MD_CTX_set_pkey_ctx ,
 .Nm EVP_md_null ,
-.Nm EVP_md5 ,
-.Nm EVP_md5_sha1 ,
-.Nm EVP_sha1 ,
 .Nm EVP_sha224 ,
 .Nm EVP_sha256 ,
 .Nm EVP_sha384 ,
@@ -270,12 +267,6 @@
 .Ft const EVP_MD *
 .Fn EVP_md_null void
 .Ft const EVP_MD *
-.Fn EVP_md5 void
-.Ft const EVP_MD *
-.Fn EVP_md5_sha1 void
-.Ft const EVP_MD *
-.Fn EVP_sha1 void
-.Ft const EVP_MD *
 .Fn EVP_sha224 void
 .Ft const EVP_MD *
 .Fn EVP_sha256 void
@@ -413,7 +404,7 @@ from
 The
 .Fa type
 will typically be supplied by a function such as
-.Fn EVP_sha1 .
+.Fn EVP_sha512 .
 If
 .Fa impl
 is
@@ -537,9 +528,9 @@ and
 .Fn EVP_MD_CTX_type
 return the NID of the OBJECT IDENTIFIER representing the message digest.
 For example
-.Fn EVP_MD_type EVP_sha1()
+.Fn EVP_MD_type EVP_sha512()
 returns
-.Dv NID_sha1 .
+.Dv NID_sha512 .
 These functions are normally used when setting ASN.1 OIDs.
 .Pp
 .Fn EVP_MD_CTX_md_data
@@ -563,9 +554,9 @@ for more information.
 returns the NID of the public key signing algorithm associated with this
 digest.
 For example
-.Fn EVP_sha1
+.Fn EVP_sha512
 is associated with RSA so this will return
-.Dv NID_sha1WithRSAEncryption .
+.Dv NID_sha512WithRSAEncryption .
 Since digests and signature algorithms are no longer linked, this
 function is only retained for compatibility reasons.
 .Pp
@@ -619,8 +610,6 @@ is dissociated from it as described above, but no new
 .Vt EVP_PKEY_CTX
 is assigned.
 .Pp
-.Fn EVP_md5 ,
-.Fn EVP_sha1 ,
 .Fn EVP_sha224 ,
 .Fn EVP_sha256 ,
 .Fn EVP_sha384 ,
@@ -629,7 +618,7 @@ and
 .Fn EVP_ripemd160
 return
 .Vt EVP_MD
-structures for the MD5, SHA1, SHA224, SHA256, SHA384, SHA512 and
+structures for the SHA224, SHA256, SHA384, SHA512 and
 RIPEMD160 digest algorithms respectively.
 .Pp
 .Fn EVP_sha512_224
@@ -640,11 +629,6 @@ return an
 structure that provides the truncated SHA512 variants SHA512/224 and SHA512/256,
 respectively.
 .Pp
-.Fn EVP_md5_sha1
-returns an
-.Vt EVP_MD
-structure that provides concatenated MD5 and SHA1 message digests.
-.Pp
 .Fn EVP_md_null
 is a "null" message digest that does nothing:
 i.e. the hash it returns is of zero length.
@@ -671,9 +655,6 @@ in preference to the low-level interfaces.
 This is because the code then becomes transparent to the digest used and
 much more flexible.
 .Pp
-New applications should use the SHA2 digest algorithms such as SHA256.
-The other digest algorithms are still in common use.
-.Pp
 For most applications the
 .Fa impl
 parameter to
@@ -757,10 +738,7 @@ if
 is
 .Dv NULL .
 .Pp
-.Fn EVP_md_null ,
-.Fn EVP_md5 ,
-.Fn EVP_md5_sha1 ,
-.Fn EVP_sha1 ,
+.Fn EVP_md_null
 and
 .Fn EVP_ripemd160
 return pointers to the corresponding
@@ -830,6 +808,7 @@ main(int argc, char *argv[])
 .Xr EVP_MD_meth_new 3 ,
 .Xr EVP_PKEY_CTX_set_signature_md 3 ,
 .Xr EVP_PKEY_meth_set_signctx 3 ,
+.Xr EVP_sha1 3 ,
 .Xr EVP_sha3_224 3 ,
 .Xr EVP_SignInit 3 ,
 .Xr EVP_sm3 3 ,
@@ -847,10 +826,8 @@ main(int argc, char *argv[])
 .Fn EVP_DigestInit ,
 .Fn EVP_DigestUpdate ,
 .Fn EVP_DigestFinal ,
-.Dv EVP_MAX_MD_SIZE ,
-.Fn EVP_md5 ,
 and
-.Fn EVP_sha1
+.Dv EVP_MAX_MD_SIZE
 first appeared in SSLeay 0.5.1.
 .Fn EVP_MD_size
 first appeared in SSLeay 0.6.6.
@@ -869,8 +846,6 @@ first appeared in SSLeay 0.8.1.
 .Fn EVP_MD_block_size ,
 .Fn EVP_MD_CTX_size ,
 .Fn EVP_MD_CTX_block_size ,
-.Fn EVP_rc4_40 ,
-.Fn EVP_rc2_40_cbc ,
 and
 .Fn EVP_ripemd160
 first appeared in SSLeay 0.9.0.
@@ -920,9 +895,8 @@ first appeared in OpenSSL 1.1.0 and has been available since
 .Pp
 .Fn EVP_MD_CTX_new ,
 .Fn EVP_MD_CTX_reset ,
-.Fn EVP_MD_CTX_free ,
 and
-.Fn EVP_md5_sha1
+.Fn EVP_MD_CTX_free
 first appeared in OpenSSL 1.1.0 and have been available since
 .Ox 6.3 .
 .Pp
@@ -940,8 +914,3 @@ and
 .Fn EVP_sha512_256
 first appeared in OpenSSL 1.1.1 and have been available since
 .Ox 7.4 .
-.Pp
-The link between digests and signing algorithms was fixed in OpenSSL 1.0
-and later, so now
-.Fn EVP_sha1
-can be used with RSA and DSA.

lib/libcrypto/man/EVP_EncryptInit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.46 2023/08/16 13:50:05 schwarze Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.47 2023/08/26 15:01:56 schwarze Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
 .\"   7c6d372a Nov 20 13:20:01 2018 +0000
@@ -6,7 +6,7 @@
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
 .\"
-.\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2019, 2023 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 16 2023 $
+.Dd $Mdocdate: August 26 2023 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -78,6 +78,7 @@
 .Nm EVP_CIPHER_CTX_cleanup ,
 .Nm EVP_CIPHER_CTX_init ,
 .Nm EVP_CIPHER_CTX_free ,
+.Nm EVP_CIPHER_CTX_copy ,
 .Nm EVP_EncryptInit_ex ,
 .Nm EVP_EncryptUpdate ,
 .Nm EVP_EncryptFinal_ex ,
@@ -94,6 +95,7 @@
 .Nm EVP_CipherInit ,
 .Nm EVP_CipherFinal ,
 .Nm EVP_Cipher ,
+.Nm EVP_CIPHER_CTX_encrypting ,
 .Nm EVP_CIPHER_CTX_set_flags ,
 .Nm EVP_CIPHER_CTX_clear_flags ,
 .Nm EVP_CIPHER_CTX_test_flags ,
@@ -170,6 +172,11 @@
 .Fa "EVP_CIPHER_CTX *ctx"
 .Fc
 .Ft int
+.Fo EVP_CIPHER_CTX_copy
+.Fa "EVP_CIPHER_CTX *out"
+.Fa "const EVP_CIPHER_CTX *in"
+.Fc
+.Ft int
 .Fo EVP_EncryptInit_ex
 .Fa "EVP_CIPHER_CTX *ctx"
 .Fa "const EVP_CIPHER *type"
@@ -283,6 +290,10 @@
 .Fa "const unsigned char *in"
 .Fa "unsigned int inl"
 .Fc
+.Ft int
+.Fo EVP_CIPHER_CTX_encrypting
+.Fa "const EVP_CIPHER_CTX *ctx"
+.Fc
 .Ft void
 .Fo EVP_CIPHER_CTX_set_flags
 .Fa "EVP_CIPHER_CTX *ctx"
@@ -465,6 +476,55 @@ is a
 .Dv NULL
 pointer, no action occurs.
 .Pp
+.Fn EVP_CIPHER_CTX_copy
+calls
+.Fn EVP_CIPHER_CTX_reset
+on
+.Fa out
+and copies all the data from
+.Fa in
+to
+.Fa out ,
+except that the
+.Vt EVP_CIPHER
+and
+.Vt ENGINE
+objects used by
+.Fa in
+and any application specific data set with
+.Fn EVP_CIPHER_CTX_set_app_data
+are not copied and
+.Fa out
+will point to the same three objects.
+The algorithm- and implementation-specific cipher data described in
+.Xr EVP_CIPHER_CTX_get_cipher_data 3
+is copied with
+.Xr malloc 3
+and
+.Xr memcpy 3 ,
+i.e. assuming that it does not contain pointers to any sub-objects.
+If the bit
+.Dv EVP_CIPH_CUSTOM_COPY
+has been set with
+.Xr EVP_CIPHER_meth_set_flags 3 ,
+.Fn EVP_CIPHER_CTX_ctrl
+is called at the end with arguments
+.Fa in ,
+.Dv EVP_CTRL_COPY ,
+.No 0 ,
+and
+.Fa out
+such that the cipher implementation can perform further algorithm-
+and implementation-specific initializations after the algorithm-
+and implementation-specific cipher data has been copied.
+Among the cipher algorithms built into the library,
+.Dv EVP_CIPH_CUSTOM_COPY
+and
+.Dv EVP_CTRL_COPY
+are used by some of the ciphers documented in the
+.Xr EVP_aes_256_gcm 3
+manual page.
+.Pp
 .Fn EVP_EncryptInit_ex
 sets up the cipher context
 .Fa ctx
@@ -877,6 +937,7 @@ for failure.
 .Pp
 .Fn EVP_CIPHER_CTX_reset ,
 .Fn EVP_CIPHER_CTX_cleanup ,
+.Fn EVP_CIPHER_CTX_copy ,
 .Fn EVP_CIPHER_CTX_get_iv ,
 .Fn EVP_CIPHER_CTX_set_iv ,
 .Fn EVP_EncryptInit_ex ,
@@ -900,6 +961,12 @@ and
 .Fn EVP_CIPHER_CTX_rand_key
 return 1 for success or 0 for failure.
 .Pp
+.Fn EVP_CIPHER_CTX_encrypting
+returns 1 if
+.Fa ctx
+is initialized for encryption or 0 otherwise, in which case
+it may be uninitialized or initialized for decryption.
+.Pp
 .Fn EVP_CIPHER_CTX_set_padding
 always returns 1.
 .Pp
@@ -1243,6 +1310,7 @@ do_crypt(FILE *in, FILE *out, int do_encrypt)
 .Xr EVP_aes_128_cbc 3 ,
 .Xr EVP_camellia_128_cbc 3 ,
 .Xr EVP_chacha20 3 ,
+.Xr EVP_CIPHER_CTX_get_cipher_data 3 ,
 .Xr EVP_des_cbc 3 ,
 .Xr EVP_OpenInit 3 ,
 .Xr EVP_rc4 3 ,
@@ -1355,14 +1423,23 @@ first appeared in OpenSSL 0.9.8b.
 These functions have been available since
 .Ox 4.5 .
 .Pp
+.Fn EVP_CIPHER_CTX_copy
+first appeared in OpenSSL 1.0.0
+and has been available since
+.Ox 4.9 .
+.Pp
 .Fn EVP_CIPHER_CTX_reset
 first appeared in OpenSSL 1.1.0 and has been available since
 .Ox 6.3 .
 .Pp
+.Fn EVP_CIPHER_CTX_encrypting
+first appeared in OpenSSL 1.1.0 and has been available since
+.Ox 6.4 .
+.Pp
 .Fn EVP_CIPHER_CTX_get_iv
 and
 .Fn EVP_CIPHER_CTX_set_iv
-first appeared in LibreSSL 2.8.1 and has been available since
+first appeared in LibreSSL 2.8.1 and have been available since
 .Ox 6.4 .
 .Sh BUGS
 .Dv EVP_MAX_KEY_LENGTH
@@ -1378,3 +1455,8 @@ bytes.
 The ASN.1 code is incomplete (and sometimes inaccurate).
 It has only been tested for certain common S/MIME ciphers
 (RC2, DES, triple DES) in CBC mode.
+.Pp
+.Fn EVP_CIPHER_CTX_copy
+may already have cleared the data in
+.Fa out
+and copied some new data into it even if it fails and returns 0.

lib/libcrypto/man/EVP_PKEY_asn1_get_count.3

@@ -1,10 +1,10 @@
-.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.5 2020/06/24 19:55:54 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.6 2023/08/27 13:23:12 schwarze Exp $
 .\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
 .\"
-.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2020, 2023 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 24 2020 $
+.Dd $Mdocdate: August 27 2023 $
 .Dt EVP_PKEY_ASN1_GET_COUNT 3
 .Os
 .Sh NAME
@@ -141,8 +141,17 @@ If one is found,
 is set to that engine and the method from that engine is returned instead.
 .Pp
 .Fn EVP_PKEY_asn1_find_str
-looks up the method with PEM type string
+looks up the method with the PEM type string given by the first
+.Fa len
+bytes of
 .Fa str .
+If
+.Fa len
+is \-1, the
+.Xr strlen 3
+of
+.Fa str
+is used instead.
 The PEM type strings supported by default are listed in the
 .Xr EVP_PKEY_base_id 3
 manual page.
@@ -190,6 +199,13 @@ is out of range.
 returns the public key method used by
 .Fa pkey .
 .Pp
+.Fn EVP_PKEY_asn1_find
+and
+.Fn EVP_PKEY_asn1_find_str
+return a matching public key method or
+.Dv NULL
+if no match is found.
+.Pp
 .Fn EVP_PKEY_asn1_get0_info
 returns 1 on success or 0 on failure.
 .Sh SEE ALSO

lib/libcrypto/man/EVP_PKEY_asn1_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.8 2022/07/13 19:10:40 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.9 2023/08/27 13:15:29 schwarze Exp $
 .\" selective merge up to:
 .\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 13 2022 $
+.Dd $Mdocdate: August 27 2023 $
 .Dt EVP_PKEY_ASN1_NEW 3
 .Os
 .Sh NAME
@@ -332,7 +332,7 @@ Free the internals of
 This method is called by
 .Xr EVP_PKEY_free 3 ,
 .Xr EVP_PKEY_set_type 3 ,
-.Fn EVP_PKEY_set_type_str ,
+.Xr EVP_PKEY_set_type_str 3 ,
 and
 .Xr EVP_PKEY_assign 3 .
 .Bd -filled

lib/libcrypto/man/EVP_PKEY_set1_RSA.3

@@ -1,10 +1,10 @@
-.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.19 2022/09/11 04:39:46 jsg Exp $
+.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.20 2023/08/27 13:08:15 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
 .\"
-.\" Copyright (c) 2019, 2020 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2019, 2020, 2023 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 11 2022 $
+.Dd $Mdocdate: August 27 2023 $
 .Dt EVP_PKEY_SET1_RSA 3
 .Os
 .Sh NAME
@@ -92,7 +92,8 @@
 .Nm EVP_PKEY_base_id ,
 .Nm EVP_PKEY_id ,
 .Nm EVP_PKEY_type ,
-.Nm EVP_PKEY_set_type
+.Nm EVP_PKEY_set_type ,
+.Nm EVP_PKEY_set_type_str
 .\" The function X509_certificate_type(3) is intentionally undocumented
 .\" and scheduled for deletion from the library.  BoringSSL already
 .\" deleted it and OpenSSL deprecates it in version 3.0.
@@ -208,6 +209,12 @@
 .Fa "EVP_PKEY *pkey"
 .Fa "int type"
 .Fc
+.Ft int
+.Fo EVP_PKEY_set_type_str
+.Fa "EVP_PKEY *pkey"
+.Fa "const char *str"
+.Fa "int len"
+.Fc
 .Sh DESCRIPTION
 .Fn EVP_PKEY_set1_RSA ,
 .Fn EVP_PKEY_set1_DSA ,
@@ -361,6 +368,36 @@ and
 .Fn EVP_PKEY_id
 can be passed.
 .Pp
+.Fn EVP_PKEY_set_type_str
+frees the key referenced in
+.Fa pkey ,
+if any, and sets the key type of
+.Fa pkey
+according to the PEM type string given by the first
+.Fa len
+bytes of
+.Fa str .
+If
+.Fa len
+is \-1, the
+.Xr strlen 3
+of
+.Fa str
+is used instead.
+The PEM type strings supported by default are listed in the table above.
+This function does not reference a new key from
+.Fa pkey .
+.Pp
+If
+.Fa pkey
+is a
+.Dv NULL
+pointer,
+.Fn EVP_PKEY_set_type
+and
+.Fn EVP_PKEY_set_type_str
+check that a matching key type exists but do not change any object.
+.Pp
 In accordance with the OpenSSL naming convention, the key obtained from
 or assigned to
 .Fa pkey
@@ -379,8 +416,9 @@ functions must be freed as well as
 .Fn EVP_PKEY_assign_EC_KEY ,
 .Fn EVP_PKEY_assign_GOST ,
 .Fn EVP_PKEY_assign ,
+.Fn EVP_PKEY_set_type ,
 and
-.Fn EVP_PKEY_set_type
+.Fn EVP_PKEY_set_type_str
 return 1 for success or 0 for failure.
 .Pp
 .Fn EVP_PKEY_get1_RSA ,
@@ -454,10 +492,11 @@ first appeared in OpenSSL 0.9.8 and have been available since
 .Ox 4.5 .
 .Pp
 .Fn EVP_PKEY_get0 ,
-.Fn EVP_PKEY_set_type ,
 .Fn EVP_PKEY_base_id ,
+.Fn EVP_PKEY_id ,
+.Fn EVP_PKEY_set_type ,
 and
-.Fn EVP_PKEY_id
+.Fn EVP_PKEY_set_type_str
 first appeared in OpenSSL 1.0.0 and have been available since
 .Ox 4.9 .
 .Pp

lib/libcrypto/man/EVP_sha1.3

@@ -0,0 +1,121 @@
+.\" $OpenBSD: EVP_sha1.3,v 1.1 2023/08/27 15:33:08 schwarze Exp $
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 27 2023 $
+.Dt EVP_SHA1 3
+.Os
+.Sh NAME
+.Nm EVP_sha1 ,
+.Nm EVP_md5 ,
+.Nm EVP_md5_sha1 ,
+.Nm EVP_md4
+.Nd legacy message digest algorithms
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft const EVP_MD *
+.Fn EVP_sha1 void
+.Ft const EVP_MD *
+.Fn EVP_md5 void
+.Ft const EVP_MD *
+.Fn EVP_md5_sha1 void
+.Ft const EVP_MD *
+.Fn EVP_md4 void
+.Sh DESCRIPTION
+The following message digest algorithms are cryptographically broken.
+None of them should be used in new code unless there is no way around it.
+.Pp
+.Fn EVP_sha1
+implements the SHA-1 algorithm and produces 160 bits of output
+from a given input.
+Examples of protocols and software still requiring it
+include OCSP, DNS, and the
+.Sy git
+version control system.
+.Pp
+.Fn EVP_md5
+implements the MD5 algorithm and produces 128 bits of output
+from a given input.
+It is still occasionally used when no security is required
+but a fast hash algorithm is beneficial.
+.Pp
+.Fn EVP_md5_sha1
+produces concatenated MD5 and SHA-1 message digests.
+Do not use this except where it is required for the historic SSLv3 protocol.
+.Pp
+.Fn EVP_md4
+implements the MD4 algorithm and produces 128 bits of output
+from a given input.
+It has been marked as
+.Dq historic
+by the Internet Engineering Task Force since 2011.
+.Sh RETURN VALUES
+These functions return pointers to static
+.Vt EVP_MD
+objects implementing the hash functions.
+.Sh SEE ALSO
+.Xr evp 3 ,
+.Xr EVP_DigestInit 3 ,
+.Xr EVP_MD_meth_new 3
+.Sh STANDARDS
+.Rs
+.%A T. Polk
+.%A L. Chen
+.%A S. Turner
+.%A P. Hoffman
+.%T Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms
+.%R RFC 6194
+.%D March 2011
+.Re
+.Pp
+.Rs
+.%A S. Turner
+.%A L. Chen
+.%T Updated Security Considerations for the MD5 Message-Digest\
+ and the HMAC-MD5 Algorithms
+.%R RFC 6151
+.%D March 2011
+.Re
+.Pp
+.Rs
+.%A S. Turner
+.%A L. Chen
+.%T MD4 to Historic Status
+.%R RFC 6150
+.%D March 2011
+.Re
+.Pp
+.Rs
+.%A P. Kocher
+.%A P. Karlton
+.%A A. Freier
+.%T The Secure Sockets Layer (SSL) Protocol Version 3.0
+.%R RFC 6101
+.%D August 2011
+.Re
+.Sh HISTORY
+.Fn EVP_sha1
+and
+.Fn EVP_md5
+first appeared in SSLeay 0.5.1 and have been available since
+.Ox 2.4 .
+.Pp
+.Fn EVP_md4
+first appeared in OpenSSL 0.9.6 and has been available since
+.Ox 2.9 .
+.Pp
+.Fn EVP_md5_sha1
+first appeared in OpenSSL 1.1.0 and has been available since
+.Ox 6.3 .

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.263 2023/08/25 18:22:41 schwarze Exp $
+# $OpenBSD: Makefile,v 1.264 2023/08/27 15:33:08 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -205,6 +205,7 @@ MAN=	\
 	EVP_chacha20.3 \
 	EVP_des_cbc.3 \
 	EVP_rc4.3 \
+	EVP_sha1.3 \
 	EVP_sha3_224.3 \
 	EVP_sm3.3 \
 	EVP_sm4_cbc.3 \

lib/libcrypto/man/evp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.19 2023/08/25 18:22:41 schwarze Exp $
+.\" $OpenBSD: evp.3,v 1.20 2023/08/27 15:33:08 schwarze Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 25 2023 $
+.Dd $Mdocdate: August 27 2023 $
 .Dt EVP 3
 .Os
 .Sh NAME
@@ -234,6 +234,7 @@ operations are more efficient using the high-level interfaces.
 .Xr EVP_PKEY_verify_recover 3 ,
 .Xr EVP_rc4 3 ,
 .Xr EVP_SealInit 3 ,
+.Xr EVP_sha1 3 ,
 .Xr EVP_sha3_224 3 ,
 .Xr EVP_SignInit 3 ,
 .Xr EVP_sm3 3 ,

share/man/man4/man4.loongson/glxclk.4

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: glxclk.4,v 1.8 2022/02/17 12:24:08 jsg Exp $
+.\"	$OpenBSD: glxclk.4,v 1.9 2023/08/26 11:10:05 visa Exp $
 .\"
 .\" Copyright (c) 2013 Paul Irofti.
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: February 17 2022 $
+.Dd $Mdocdate: August 26 2023 $
 .Dt GLXCLK 4 loongson
 .Os
 .Sh NAME
@@ -25,23 +25,11 @@
 .Sh DESCRIPTION
 The
 .Nm
-driver enables two of the multi-function general purpose timers found on the
-Geode companion chip to be used as the system clock and the statistics clock.
-.Pp
-The statistics clock is implemented with interval variance support based on
-Chris Torek's paper on randomized sampling.
+driver enables one of the multi-function general purpose timers found on the
+Geode companion chip to be used as the system clock.
 .Sh SEE ALSO
 .Xr glxpcib 4 ,
 .Xr intro 4
-.Rs
-.%A Steven McCanne
-.%A Chris Torek
-.%T "A Randomized Sampling Clock for CPU Utilization Estimation and Code Profiling"
-.%B "In Proc. Winter 1993 USENIX Conference"
-.%D 1993
-.%P pp. 387\(en394
-.%I USENIX Association
-.Re
 .Sh HISTORY
 The
 .Nm

sys/dev/ic/pckbc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pckbc.c,v 1.54 2023/07/25 10:00:44 miod Exp $ */
+/* $OpenBSD: pckbc.c,v 1.55 2023/08/26 15:01:00 jmc Exp $ */
 /* $NetBSD: pckbc.c,v 1.5 2000/06/09 04:58:35 soda Exp $ */
 
 /*
@@ -459,7 +459,7 @@ pckbc_release_console(void)
 	 * In that case, we want to release ourselves from console
 	 * duties, unless we have been able to attach a mouse,
 	 * which would mean this is a real PS/2 controller
-	 * afterwards.
+	 * after all.
 	 */
 	if (pckbc_console != 0) {
 		extern void wscn_input_init(int);

sys/dev/pci/if_iwx.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_iwx.c,v 1.175 2023/07/05 15:07:28 stsp Exp $	*/
+/*	$OpenBSD: if_iwx.c,v 1.176 2023/08/26 09:05:34 stsp Exp $	*/
 
 /*
  * Copyright (c) 2014, 2016 genua gmbh <info@genua.de>
@@ -425,7 +425,7 @@ void	iwx_scan_umac_dwell_v10(struct iwx_softc *,
 void	iwx_scan_umac_fill_general_p_v10(struct iwx_softc *,
 	    struct iwx_scan_general_params_v10 *, uint16_t, int);
 void	iwx_scan_umac_fill_ch_p_v6(struct iwx_softc *,
-	    struct iwx_scan_channel_params_v6 *, uint32_t, int, int);
+	    struct iwx_scan_channel_params_v6 *, uint32_t, int);
 int	iwx_umac_scan_v14(struct iwx_softc *, int);
 void	iwx_mcc_update(struct iwx_softc *, struct iwx_mcc_chub_notif *);
 uint8_t	iwx_ridx2rate(struct ieee80211_rateset *, int);
@@ -6855,7 +6855,7 @@ iwx_rm_sta(struct iwx_softc *sc, struct iwx_node *in)
 uint8_t
 iwx_umac_scan_fill_channels(struct iwx_softc *sc,
     struct iwx_scan_channel_cfg_umac *chan, size_t chan_nitems,
-    int n_ssids, int bgscan)
+    int n_ssids, uint32_t channel_cfg_flags)
 {
 	struct ieee80211com *ic = &sc->sc_ic;
 	struct ieee80211_channel *c;
@@ -6886,8 +6886,8 @@ iwx_umac_scan_fill_channels(struct iwx_softc *sc,
 			chan->v1.iter_count = 1;
 			chan->v1.iter_interval = htole16(0);
 		}
-		if (n_ssids != 0 && !bgscan)
-			chan->flags = htole32(1 << 0); /* select SSID 0 */
+
+		chan->flags = htole32(channel_cfg_flags);
 		chan++;
 		nchan++;
 	}
@@ -7128,12 +7128,12 @@ iwx_scan_umac_fill_general_p_v10(struct iwx_softc *sc,
 void
 iwx_scan_umac_fill_ch_p_v6(struct iwx_softc *sc,
     struct iwx_scan_channel_params_v6 *cp, uint32_t channel_cfg_flags,
-    int n_ssid, int bgscan)
+    int n_ssid)
 {
 	cp->flags = IWX_SCAN_CHANNEL_FLAG_ENABLE_CHAN_ORDER;
 
 	cp->count = iwx_umac_scan_fill_channels(sc, cp->channel_config,
-	    nitems(cp->channel_config), n_ssid, bgscan);
+	    nitems(cp->channel_config), n_ssid, channel_cfg_flags);
 
 	cp->n_aps_override[0] = IWX_SCAN_ADWELL_N_APS_GO_FRIENDLY;
 	cp->n_aps_override[1] = IWX_SCAN_ADWELL_N_APS_SOCIAL_CHS;
@@ -7188,7 +7188,7 @@ iwx_umac_scan_v14(struct iwx_softc *sc, int bgscan)
 	}
 
 	iwx_scan_umac_fill_ch_p_v6(sc, &scan_p->channel_params, bitmap_ssid,
-	    n_ssid, bgscan);
+	    n_ssid);
 
 	hcmd.len[0] = sizeof(*cmd);
 	hcmd.data[0] = (void *)cmd;

sys/dev/usb/if_umb.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_umb.c,v 1.51 2023/04/18 22:01:23 mvs Exp $ */
+/*	$OpenBSD: if_umb.c,v 1.52 2023/08/26 11:33:46 dlg Exp $ */
 
 /*
  * Copyright (c) 2016 genua mbH
@@ -138,7 +138,6 @@ void		 umb_close_bulkpipes(struct umb_softc *);
 int		 umb_ioctl(struct ifnet *, u_long, caddr_t);
 int		 umb_output(struct ifnet *, struct mbuf *, struct sockaddr *,
 		    struct rtentry *);
-void		 umb_input(struct ifnet *, struct mbuf *);
 void		 umb_start(struct ifnet *);
 void		 umb_rtrequest(struct ifnet *, int, struct rtentry *);
 void		 umb_watchdog(struct ifnet *);
@@ -610,7 +609,8 @@ umb_attach(struct device *parent, struct device *self, void *aux)
 	    sizeof (struct ncm_pointer16);
 	ifp->if_mtu = 1500;		/* use a common default */
 	ifp->if_hardmtu = sc->sc_maxpktlen;
-	ifp->if_input = umb_input;
+	ifp->if_bpf_mtap = p2p_bpf_mtap;
+	ifp->if_input = p2p_input;
 	ifp->if_output = umb_output;
 	if_attach(ifp);
 	if_alloc_sadl(ifp);
@@ -910,48 +910,6 @@ umb_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
 	return if_enqueue(ifp, m);
 }
 
-void
-umb_input(struct ifnet *ifp, struct mbuf *m)
-{
-	uint32_t af;
-
-	if ((ifp->if_flags & IFF_UP) == 0) {
-		m_freem(m);
-		return;
-	}
-	if (m->m_pkthdr.len < sizeof (struct ip) + sizeof(af)) {
-		ifp->if_ierrors++;
-		DPRINTFN(4, "%s: dropping short packet (len %d)\n", __func__,
-		    m->m_pkthdr.len);
-		m_freem(m);
-		return;
-	}
-	m->m_pkthdr.ph_rtableid = ifp->if_rdomain;
-
-	/* pop off DLT_LOOP header, no longer needed */
-	af = *mtod(m, uint32_t *);
-	m_adj(m, sizeof (af));
-	af = ntohl(af);
-
-	ifp->if_ibytes += m->m_pkthdr.len;
-	switch (af) {
-	case AF_INET:
-		ipv4_input(ifp, m);
-		return;
-#ifdef INET6
-	case AF_INET6:
-		ipv6_input(ifp, m);
-		return;
-#endif /* INET6 */
-	default:
-		ifp->if_ierrors++;
-		DPRINTFN(4, "%s: dropping packet with bad IP version (af %d)\n",
-		    __func__, af);
-		m_freem(m);
-		return;
-	}
-}
-
 static inline int
 umb_align(size_t bufsz, int offs, int alignment, int remainder)
 {
@@ -2376,7 +2334,7 @@ umb_decap(struct umb_softc *sc, struct usbd_xfer *xfer)
 	struct ifnet *ifp = GET_IFP(sc);
 	int	 s;
 	void	*buf;
-	uint32_t len, af = 0;
+	uint32_t len;
 	char	*dp;
 	struct ncm_header16 *hdr16;
 	struct ncm_header32 *hdr32;
@@ -2499,20 +2457,14 @@ umb_decap(struct umb_softc *sc, struct usbd_xfer *xfer)
 			ifp->if_iqdrops++;
 			continue;
 		}
-		m = m_prepend(m, sizeof(uint32_t), M_DONTWAIT);
-		if (m == NULL) {
-			ifp->if_iqdrops++;
-			continue;
-		}
 		switch (*dp & 0xf0) {
 		case 4 << 4:
-			af = htonl(AF_INET);
+			m->m_pkthdr.ph_family = AF_INET;
 			break;
 		case 6 << 4:
-			af = htonl(AF_INET6);
+			m->m_pkthdr.ph_family = AF_INET6;
 			break;
 		}
-		*mtod(m, uint32_t *) = af;
 		ml_enqueue(&ml, m);
 	}
 done:

sys/kern/kern_clockintr.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_clockintr.c,v 1.32 2023/08/21 17:22:04 cheloha Exp $ */
+/* $OpenBSD: kern_clockintr.c,v 1.33 2023/08/26 22:21:00 cheloha Exp $ */
 /*
  * Copyright (c) 2003 Dale Rahn <drahn@openbsd.org>
  * Copyright (c) 2020 Mark Kettenis <kettenis@openbsd.org>
@@ -49,6 +49,8 @@ uint64_t clockintr_nsecuptime(const struct clockintr *);
 void clockintr_schedule(struct clockintr *, uint64_t);
 void clockintr_schedule_locked(struct clockintr *, uint64_t);
 void clockintr_statclock(struct clockintr *, void *);
+void clockqueue_intrclock_install(struct clockintr_queue *,
+    const struct intrclock *);
 uint64_t clockqueue_next(const struct clockintr_queue *);
 void clockqueue_reset_intrclock(struct clockintr_queue *);
 uint64_t nsec_advance(uint64_t *, uint64_t, uint64_t);
@@ -106,10 +108,8 @@ clockintr_cpu_init(const struct intrclock *ic)
 
 	KASSERT(ISSET(clockintr_flags, CL_INIT));
 
-	if (ic != NULL && !ISSET(cq->cq_flags, CQ_INTRCLOCK)) {
-		cq->cq_intrclock = *ic;
-		SET(cq->cq_flags, CQ_INTRCLOCK);
-	}
+	if (ic != NULL)
+		clockqueue_intrclock_install(cq, ic);
 
 	/* TODO: Remove these from struct clockintr_queue. */
 	if (cq->cq_hardclock == NULL) {
@@ -533,6 +533,18 @@ clockqueue_init(struct clockintr_queue *cq)
 	SET(cq->cq_flags, CQ_INIT);
 }
 
+void
+clockqueue_intrclock_install(struct clockintr_queue *cq,
+    const struct intrclock *ic)
+{
+	mtx_enter(&cq->cq_mtx);
+	if (!ISSET(cq->cq_flags, CQ_INTRCLOCK)) {
+		cq->cq_intrclock = *ic;
+		SET(cq->cq_flags, CQ_INTRCLOCK);
+	}
+	mtx_leave(&cq->cq_mtx);
+}
+
 uint64_t
 clockqueue_next(const struct clockintr_queue *cq)
 {