sync code with last fixes and improvements from OpenBSD

distrib/sets/lists/comp/mi

@@ -1767,7 +1767,6 @@
 ./usr/share/man/man3/ASN1_TIME_set.3
 ./usr/share/man/man3/ASN1_TYPE_get.3
 ./usr/share/man/man3/ASN1_UNIVERSALSTRING_to_string.3
-./usr/share/man/man3/ASN1_buf_print.3
 ./usr/share/man/man3/ASN1_generate_nconf.3
 ./usr/share/man/man3/ASN1_get_object.3
 ./usr/share/man/man3/ASN1_item_d2i.3

etc/root/root.mail

@@ -1,6 +1,6 @@
-From purplerain@secbsd.org Thu Jul 20 00:00:00 UTC 2023
+From purplerain@secbsd.org Sat Jul 22 00:00:00 UTC 2023
 Return-Path: root
-Date: Jul 20 00:00:00 UTC 2023
+Date: Jul 22 00:00:00 UTC 2023
 From: purplerain@secbsd.org (Purple Rain)
 To: root
 Subject: Welcome to SecBSD 1.3!

etc/skel/dot.version

@@ -1 +1 @@
-# SecBSD 1.3-3be5e12: Thu Jul 20 00:00:00 UTC 2023 (Tezcatlipoca)
+# SecBSD 1.3-91d9be7: Sat Jul 22 00:00:00 UTC 2023 (Tezcatlipoca)

lib/libcrypto/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.138 2023/07/20 16:36:06 tb Exp $
+# $OpenBSD: Makefile,v 1.139 2023/07/21 09:04:23 tb Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -362,6 +362,7 @@ SRCS+= ecs_lib.c
 SRCS+= ecdsa.c
 
 # engine/
+SRCS+= engine_stubs.c
 SRCS+= eng_all.c
 SRCS+= eng_cnf.c
 SRCS+= eng_ctrl.c

lib/libcrypto/engine/engine.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: engine.h,v 1.38 2023/04/18 09:10:44 tb Exp $ */
+/* $OpenBSD: engine.h,v 1.39 2023/07/21 09:04:23 tb Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -66,10 +66,6 @@
 
 #include <openssl/opensslconf.h>
 
-#ifdef OPENSSL_NO_ENGINE
-#error ENGINE is disabled.
-#endif
-
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
@@ -246,6 +242,43 @@ extern "C" {
  * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
 #define ENGINE_CMD_BASE				200
 
+/*
+ * Prototypes for the stub functions in engine_stubs.c. They are provided to
+ * build M2Crypto, Dovecot, apr-utils without patching. All the other garbage
+ * can hopefully go away soon.
+ */
+#ifdef OPENSSL_NO_ENGINE
+void ENGINE_load_builtin_engines(void);
+void ENGINE_load_dynamic(void);
+void ENGINE_load_openssl(void);
+int ENGINE_register_all_complete(void);
+
+void ENGINE_cleanup(void);
+ENGINE *ENGINE_new(void);
+
+int ENGINE_free(ENGINE *engine);
+int ENGINE_init(ENGINE *engine);
+int ENGINE_finish(ENGINE *engine);
+
+ENGINE *ENGINE_by_id(const char *id);
+const char *ENGINE_get_id(const ENGINE *engine);
+const char *ENGINE_get_name(const ENGINE *engine);
+
+int ENGINE_set_default(ENGINE *engine, unsigned int flags);
+
+ENGINE *ENGINE_get_default_RSA(void);
+int ENGINE_set_default_RSA(ENGINE *engine);
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
+    void (*f)(void), int cmd_optional);
+int ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg,
+    int cmd_optional);
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *engine, const char *key_id,
+    UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *engine, const char *key_id,
+    UI_METHOD *ui_method, void *callback_data);
+#else
 /* If an ENGINE supports its own specific control commands and wishes the
  * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
  * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
@@ -714,6 +747,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
 					void *ENGINE_get_static_state(void);
 
 void ERR_load_ENGINE_strings(void);
+#endif
 
 /* Error codes for the ENGINE functions. */
 

lib/libcrypto/engine/engine_stubs.c

@@ -0,0 +1,125 @@
+/*	$OpenBSD: engine_stubs.c,v 1.1 2023/07/21 09:04:23 tb Exp $ */
+
+/*
+ * Written by Theo Buehler. Public domain.
+ */
+
+#include <openssl/engine.h>
+
+#ifdef OPENSSL_NO_ENGINE
+
+void
+ENGINE_load_builtin_engines(void)
+{
+}
+
+void
+ENGINE_load_dynamic(void)
+{
+}
+
+void
+ENGINE_load_openssl(void)
+{
+}
+
+int
+ENGINE_register_all_complete(void)
+{
+	return 0;
+}
+
+void
+ENGINE_cleanup(void)
+{
+}
+
+ENGINE *
+ENGINE_new(void)
+{
+	return NULL;
+}
+
+int
+ENGINE_free(ENGINE *engine)
+{
+	return 0;
+}
+
+int
+ENGINE_init(ENGINE *engine)
+{
+	return 0;
+}
+
+int
+ENGINE_finish(ENGINE *engine)
+{
+	return 0;
+}
+
+ENGINE *
+ENGINE_by_id(const char *id)
+{
+	return NULL;
+}
+
+const char *
+ENGINE_get_id(const ENGINE *engine)
+{
+	return "";
+}
+
+const char *
+ENGINE_get_name(const ENGINE *engine)
+{
+	return "";
+}
+
+int
+ENGINE_set_default(ENGINE *engine, unsigned int flags)
+{
+	return 0;
+}
+
+ENGINE *
+ENGINE_get_default_RSA(void)
+{
+	return NULL;
+}
+
+int
+ENGINE_set_default_RSA(ENGINE *engine)
+{
+	return 0;
+}
+
+int
+ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
+    void (*f)(void), int cmd_optional)
+{
+	return 0;
+}
+
+int
+ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg,
+    int cmd_optional)
+{
+	return 0;
+}
+
+EVP_PKEY *
+ENGINE_load_private_key(ENGINE *engine, const char *key_id,
+    UI_METHOD *ui_method, void *callback_data)
+{
+	return NULL;
+}
+
+EVP_PKEY *
+ENGINE_load_public_key(ENGINE *engine, const char *key_id,
+    UI_METHOD *ui_method, void *callback_data)
+{
+	return NULL;
+}
+
+#endif

lib/libcrypto/man/ASN1_buf_print.3

@@ -1,69 +0,0 @@
-.\" $OpenBSD: ASN1_buf_print.3,v 1.2 2023/07/09 06:45:03 tb Exp $
-.\"
-.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: July 9 2023 $
-.Dt ASN1_BUF_PRINT 3
-.Os
-.Sh NAME
-.Nm ASN1_buf_print
-.Nd pretty-print a byte array
-.Sh SYNOPSIS
-.In openssl/asn1.h
-.Ft int
-.Fo ASN1_buf_print
-.Fa "BIO *bio_out"
-.Fa "const unsigned char *buf"
-.Fa "size_t buflen"
-.Fa "int indent"
-.Fc
-.Sh DESCRIPTION
-.Fn ASN1_buf_print
-prints a hexadecimal representation of the first
-.Fa buflen
-bytes from
-.Fa buf
-to
-.Fa bio_out .
-Despite its name and the header file,
-this function has nothing to do with ASN.1.
-.Pp
-Each byte from
-.Fa buf
-is represented by two lower-case hexadecimal digits.
-Fifteen pairs of digits are printed per output line,
-or at most fifteen on the last output line.
-Every output line including the last one ends with a newline character.
-Every pair except the last is followed by a colon
-.Pq Sq \&: .
-If
-.Fa indent
-is greater than zero,
-every output line is indented by
-.Fa indent
-space characters, but not by more than 64 characters.
-.Sh RETURN VALUES
-.Fn ASN1_buf_print
-returns 1 if successful or 0 if printing fails.
-.Sh SEE ALSO
-.Xr ASN1_item_print 3 ,
-.Xr ASN1_STRING_print_ex 3 ,
-.Xr ASN1_TIME_print 3 ,
-.Xr BIO_new 3 ,
-.Xr BIO_write 3
-.Sh HISTORY
-.Fn ASN1_buf_print
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 7.3 .

lib/libcrypto/man/BIO_get_ex_new_index.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.13 2022/12/23 17:52:32 schwarze Exp $
+.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.14 2023/07/21 04:39:49 tb Exp $
 .\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
 .\" This file was written by Rich Salz <rsalz@akamai.com>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 23 2022 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt BIO_GET_EX_NEW_INDEX 3
 .Os
 .Sh NAME
@@ -68,13 +68,7 @@
 .Nm X509_get_ex_data ,
 .Nm EC_KEY_get_ex_new_index ,
 .Nm EC_KEY_get_ex_data ,
-.Nm EC_KEY_set_ex_data ,
+.Nm EC_KEY_set_ex_data
-.Nm ECDH_get_ex_new_index ,
-.Nm ECDH_set_ex_data ,
-.Nm ECDH_get_ex_data ,
-.Nm ECDSA_get_ex_new_index ,
-.Nm ECDSA_set_ex_data ,
-.Nm ECDSA_get_ex_data
 .Nd application-specific data
 .Sh SYNOPSIS
 .In openssl/bio.h
@@ -82,8 +76,6 @@
 .In openssl/ui.h
 .In openssl/x509.h
 .In openssl/ec.h
-.In openssl/ecdh.h
-.In openssl/ecdsa.h
 .Ft int
 .Fo TYPE_get_ex_new_index
 .Fa "long argl"
@@ -205,16 +197,6 @@ and
 first appeared in OpenSSL 0.9.7 and have been available since
 .Ox 3.2 .
 .Pp
-.Fn ECDH_get_ex_new_index ,
-.Fn ECDH_set_ex_data ,
-.Fn ECDH_get_ex_data ,
-.Fn ECDSA_get_ex_new_index ,
-.Fn ECDSA_set_ex_data ,
-and
-.Fn ECDSA_get_ex_data
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Pp
 .Fn EC_KEY_get_ex_new_index ,
 .Fn EC_KEY_set_ex_data ,
 and

lib/libcrypto/man/BIO_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_new.3,v 1.26 2022/12/23 15:59:34 schwarze Exp $
+.\" $OpenBSD: BIO_new.3,v 1.27 2023/07/21 04:50:47 tb Exp $
 .\" full merge up to:
 .\" OpenSSL man3/BIO_new.pod fb46be03 Feb 26 11:51:31 2016 +0000
 .\" OpenSSL man7/bio.pod 631c37be Dec 12 16:56:50 2017 +0100
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 23 2022 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt BIO_NEW 3
 .Os
 .Sh NAME
@@ -228,7 +228,6 @@ Create a memory BIO:
 .Pp
 .Dl BIO *mem = BIO_new(BIO_s_mem());
 .Sh SEE ALSO
-.Xr ASN1_buf_print 3 ,
 .Xr BIO_accept 3 ,
 .Xr BIO_ctrl 3 ,
 .Xr BIO_dump 3 ,

lib/libcrypto/man/BN_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BN_new.3,v 1.29 2023/07/20 09:38:45 tb Exp $
+.\" $OpenBSD: BN_new.3,v 1.30 2023/07/21 05:04:48 tb Exp $
 .\" full merge up to: OpenSSL man3/BN_new 2457c19d Mar 6 08:43:36 2004 +0000
 .\" selective merge up to: man3/BN_new 681acb31 Sep 29 13:10:34 2017 +0200
 .\" full merge up to: OpenSSL man7/bn 05ea606a May 20 20:52:46 2016 -0400
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 20 2023 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt BN_NEW 3
 .Os
 .Sh NAME
@@ -142,6 +142,7 @@ and sets an error code that can be obtained by
 .Xr BN_CTX_new 3 ,
 .Xr BN_CTX_start 3 ,
 .Xr BN_generate_prime 3 ,
+.Xr BN_get_rfc3526_prime_8192 3 ,
 .Xr BN_kronecker 3 ,
 .Xr BN_mod_inverse 3 ,
 .Xr BN_mod_mul_montgomery 3 ,
@@ -154,8 +155,7 @@ and sets an error code that can be obtained by
 .Xr BN_set_negative 3 ,
 .Xr BN_swap 3 ,
 .Xr BN_zero 3 ,
-.Xr crypto 3 ,
+.Xr crypto 3
-.Xr BN_get_rfc3526_prime_8192 3
 .Sh HISTORY
 .Fn BN_new ,
 .Fn BN_clear ,

lib/libcrypto/man/CONF_modules_free.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: CONF_modules_free.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $
+.\"	$OpenBSD: CONF_modules_free.3,v 1.6 2023/07/21 10:46:54 tb Exp $
 .\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 22 2018 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt CONF_MODULES_FREE 3
 .Os
 .Sh NAME
@@ -87,10 +87,7 @@ that module may have performed.
 finishes and unloads configuration modules.
 If
 .Fa all
-is set to 0, only modules loaded from DSOs will be unloaded.
+is set to 1, the builtin modules will be unloaded as well.
-If
-.Fa all
-is 1, all modules, including builtin modules, will be unloaded.
 .Sh SEE ALSO
 .Xr CONF_modules_load_file 3 ,
 .Xr OPENSSL_config 3

lib/libcrypto/man/CONF_modules_load_file.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: CONF_modules_load_file.3,v 1.10 2021/08/03 18:49:30 schwarze Exp $
+.\" $OpenBSD: CONF_modules_load_file.3,v 1.11 2023/07/21 10:46:54 tb Exp $
 .\" full merge up to: e9b77246 Jan 20 19:58:49 2017 +0100
 .\" selective merge up to: d090fc00 Feb 26 13:11:10 2019 +0800
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 3 2021 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt CONF_MODULES_LOAD_FILE 3
 .Os
 .Sh NAME
@@ -143,6 +143,7 @@ Do not add any error information.
 By default, all module errors add error information to the error queue.
 .It Dv CONF_MFLAGS_NO_DSO
 Disable loading of configuration modules from DSOs.
+This flag is provided for compatibility and has no effect.
 .It Dv CONF_MFLAGS_IGNORE_MISSING_FILE
 Let
 .Fn CONF_modules_load_file

lib/libcrypto/man/ECDSA_SIG_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ECDSA_SIG_new.3,v 1.18 2023/07/20 09:28:30 tb Exp $
+.\" $OpenBSD: ECDSA_SIG_new.3,v 1.19 2023/07/21 04:44:40 tb Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\" selective merge up to: OpenSSL da4ea0cf Aug 5 16:13:24 2019 +0100
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 20 2023 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt ECDSA_SIG_NEW 3
 .Os
 .Sh NAME
@@ -66,11 +66,7 @@
 .Nm ECDSA_sign ,
 .Nm ECDSA_verify ,
 .Nm ECDSA_do_sign ,
-.Nm ECDSA_do_verify ,
+.Nm ECDSA_do_verify
-.Nm ECDSA_OpenSSL ,
-.Nm ECDSA_get_default_method ,
-.Nm ECDSA_set_default_method ,
-.Nm ECDSA_set_method
 .Nd Elliptic Curve Digital Signature Algorithm
 .Sh SYNOPSIS
 .In openssl/ecdsa.h
@@ -148,23 +144,6 @@
 .Fa "const ECDSA_SIG *sig"
 .Fa "EC_KEY* eckey"
 .Fc
-.Ft const ECDSA_METHOD*
-.Fo ECDSA_OpenSSL
-.Fa void
-.Fc
-.Ft const ECDSA_METHOD*
-.Fo ECDSA_get_default_method
-.Fa void
-.Fc
-.Ft void
-.Fo ECDSA_set_default_method
-.Fa "const ECDSA_METHOD *meth"
-.Fc
-.Ft int
-.Fo ECDSA_set_method
-.Fa "EC_KEY *eckey"
-.Fa "const ECDSA_METHOD *meth"
-.Fc
 .Sh DESCRIPTION
 These functions provide a low level interface to ECDSA.
 Most applications should use the higher level EVP interface such as
@@ -453,12 +432,8 @@ ANSI X9.62, US Federal Information Processing Standard FIPS 186-5
 .Fn ECDSA_sign ,
 .Fn ECDSA_verify ,
 .Fn ECDSA_do_sign ,
-.Fn ECDSA_do_verify ,
-.Fn ECDSA_OpenSSL ,
-.Fn ECDSA_get_default_method ,
-.Fn ECDSA_set_default_method ,
 and
-.Fn ECDSA_set_method
+.Fn ECDSA_do_verify
 first appeared in OpenSSL 0.9.8 and have been available since
 .Ox 4.5 .
 .Pp

lib/libcrypto/man/ENGINE_get_default_RSA.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.3 2023/07/20 09:28:30 tb Exp $
+.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.4 2023/07/21 04:35:36 tb Exp $
 .\" content checked up to:
 .\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
 .\"
@@ -16,14 +16,13 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 20 2023 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt ENGINE_GET_DEFAULT_RSA 3
 .Os
 .Sh NAME
 .Nm ENGINE_get_default_RSA ,
 .Nm ENGINE_get_default_DSA ,
-.Nm ENGINE_get_default_ECDH ,
+.Nm ENGINE_get_default_EC ,
-.Nm ENGINE_get_default_ECDSA ,
 .Nm ENGINE_get_default_DH ,
 .Nm ENGINE_get_default_RAND ,
 .Nm ENGINE_get_cipher_engine ,
@@ -38,9 +37,7 @@
 .Ft ENGINE *
 .Fn ENGINE_get_default_DSA void
 .Ft ENGINE *
-.Fn ENGINE_get_default_ECDH void
+.Fn ENGINE_get_default_EC void
-.Ft ENGINE *
-.Fn ENGINE_get_default_ECDSA void
 .Ft ENGINE *
 .Fn ENGINE_get_default_DH void
 .Ft ENGINE *
@@ -104,11 +101,7 @@ Application programs rarely need to call these functions because
 they are called automatically when needed, in particular from
 .Xr RSA_new 3 ,
 .Xr DSA_new 3 ,
-.Fn ECDH_set_method ,
+.Xr EC_KEY_new 3 ,
-.Fn ECDH_compute_key ,
-.Xr ECDSA_set_method 3 ,
-.Xr ECDSA_do_sign 3 ,
-.Xr ECDSA_do_verify 3 ,
 .Xr DH_new 3 ,
 .Xr EVP_CipherInit_ex 3 ,
 and
@@ -153,8 +146,6 @@ and
 first appeared in OpenSSL 0.9.7 and have been available since
 .Ox 3.2 .
 .Pp
-.Fn ENGINE_get_default_ECDH
+.Fn ENGINE_get_default_EC
-and
+first appeared in OpenSSL 1.1.0 and has been available since
-.Fn ENGINE_get_default_ECDSA
+.Ox 6.5 .
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .

lib/libcrypto/man/ENGINE_set_RSA.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ENGINE_set_RSA.3,v 1.6 2023/07/20 09:28:30 tb Exp $
+.\" $OpenBSD: ENGINE_set_RSA.3,v 1.7 2023/07/21 04:29:27 tb Exp $
 .\" content checked up to:
 .\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
 .\"
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 20 2023 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt ENGINE_SET_RSA 3
 .Os
 .Sh NAME
@@ -24,10 +24,8 @@
 .Nm ENGINE_get_RSA ,
 .Nm ENGINE_set_DSA ,
 .Nm ENGINE_get_DSA ,
-.Nm ENGINE_set_ECDH ,
+.Nm ENGINE_set_EC ,
-.Nm ENGINE_get_ECDH ,
+.Nm ENGINE_get_EC ,
-.Nm ENGINE_set_ECDSA ,
-.Nm ENGINE_get_ECDSA ,
 .Nm ENGINE_set_DH ,
 .Nm ENGINE_get_DH ,
 .Nm ENGINE_set_RAND ,
@@ -62,21 +60,12 @@
 .Fa "const ENGINE *e"
 .Fc
 .Ft int
-.Fo ENGINE_set_ECDH
+.Fo ENGINE_set_EC
 .Fa "ENGINE *e"
-.Fa "const ECDH_METHOD *dh_meth"
+.Fa "const EC_KEY_METHOD *ec_meth"
 .Fc
-.Ft const ECDH_METHOD *
+.Ft const EC_KEY_METHOD *
-.Fo ENGINE_get_ECDH
+.Fo ENGINE_get_EC
-.Fa "const ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_ECDSA
-.Fa "ENGINE *e"
-.Fa "const ECDSA_METHOD *dh_meth"
-.Fc
-.Ft const ECDSA_METHOD *
-.Fo ENGINE_get_ECDSA
 .Fa "const ENGINE *e"
 .Fc
 .Ft int
@@ -159,8 +148,7 @@ Partial information about the various method objects is available from
 .Xr RSA_get_default_method 3 ,
 .Xr DSA_meth_new 3 ,
 .Xr DSA_get_default_method 3 ,
-.Fn ECDH_get_default_method ,
+.Xr EC_KEY_get_default_method 3 ,
-.Xr ECDSA_get_default_method 3 ,
 .Xr DH_get_default_method 3 ,
 .Xr RAND_get_rand_method 3 ,
 .Xr EVP_get_cipherbynid 3 ,
@@ -237,9 +225,8 @@ as shown in the following table:
 .It Accessor: Ta Called by:
 .It Fn ENGINE_get_RSA Ta Xr RSA_new_method 3 , Xr RSA_new 3
 .It Fn ENGINE_get_DSA Ta Xr DSA_new_method 3 , Xr DSA_new 3
-.It Fn ENGINE_get_ECDH Ta Fn ECDH_set_method , Fn ECDH_compute_key
+.It Fn ENGINE_get_EC Ta Xr EC_KEY_new_method 3 , Xr EC_KEY_new 3 ,
-.It Fn ENGINE_get_ECDSA Ta Xr ECDSA_set_method 3 ,
+.Xr EC_KEY_new_by_curve_name 3
-.Xr ECDSA_do_sign 3 , Xr ECDSA_do_verify 3
 .It Fn ENGINE_get_DH Ta Xr DH_new_method 3 , Xr DH_new 3
 .It Fn ENGINE_get_RAND Ta unused
 .It Fn ENGINE_get_STORE Ta unused
@@ -318,12 +305,13 @@ and
 first appeared in OpenSSL 0.9.7 and have been available since
 .Ox 3.2 .
 .Pp
-.Fn ENGINE_set_ECDH ,
+.Fn ENGINE_set_STORE
-.Fn ENGINE_get_ECDH ,
-.Fn ENGINE_set_ECDSA ,
-.Fn ENGINE_get_ECDSA ,
-.Fn ENGINE_set_STORE ,
 and
 .Fn ENGINE_get_STORE
 first appeared in OpenSSL 0.9.8 and have been available since
 .Ox 4.5 .
+.Fn ENGINE_set_EC
+and
+.Fn ENGINE_get_EC
+first appeared in OpenSSL 1.1.0 and have been available since
+.Ox 6.5 .

lib/libcrypto/man/ERR_load_crypto_strings.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.10 2021/11/11 13:13:38 schwarze Exp $
+.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.11 2023/07/21 10:45:44 tb Exp $
 .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
 .\" selective merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 11 2021 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt ERR_LOAD_CRYPTO_STRINGS 3
 .Os
 .Sh NAME
@@ -86,11 +86,7 @@
 .\" ERR_load_CRYPTO_strings()
 .\" ERR_load_DH_strings()
 .\" ERR_load_DSA_strings()
-.\" ERR_load_DSO_strings()
 .\" ERR_load_EC_strings()
-.\" ERR_load_ECDH_strings()
-.\" ERR_load_ECDSA_strings()
-.\" ERR_load_ENGINE_strings()
 .\" ERR_load_ERR_strings()
 .\" ERR_load_EVP_strings()
 .\" ERR_load_GOST_strings()

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.254 2023/07/20 16:26:40 tb Exp $
+# $OpenBSD: Makefile,v 1.255 2023/07/21 04:50:47 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -18,7 +18,6 @@ MAN=	\
 	ASN1_TIME_set.3 \
 	ASN1_TYPE_get.3 \
 	ASN1_UNIVERSALSTRING_to_string.3 \
-	ASN1_buf_print.3 \
 	ASN1_generate_nconf.3 \
 	ASN1_get_object.3 \
 	ASN1_item_d2i.3 \

lib/libcrypto/man/OBJ_NAME_add.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_NAME_add.3,v 1.3 2022/09/10 10:22:46 jsg Exp $
+.\" $OpenBSD: OBJ_NAME_add.3,v 1.4 2023/07/21 05:02:53 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 10 2022 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt OBJ_NAME_ADD 3
 .Os
 .Sh NAME
@@ -315,7 +315,6 @@ representing the new type or 0 if memory allocation fails.
 .Xr EVP_get_cipherbyname 3 ,
 .Xr EVP_get_digestbyname 3 ,
 .Xr lh_new 3 ,
-.Xr OBJ_add_sigid 3 ,
 .Xr OBJ_create 3 ,
 .Xr OBJ_nid2obj 3
 .Sh BUGS

lib/libcrypto/man/OBJ_add_sigid.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_add_sigid.3,v 1.1 2021/12/18 17:47:45 schwarze Exp $
+.\" $OpenBSD: OBJ_add_sigid.3,v 1.2 2023/07/21 05:02:53 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,26 +14,16 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: December 18 2021 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt OBJ_ADD_SIGID 3
 .Os
 .Sh NAME
-.Nm OBJ_add_sigid ,
-.Nm OBJ_sigid_free ,
 .Nm OBJ_find_sigid_algs ,
 .Nm OBJ_find_sigid_by_algs
 .Nd signature algorithm mappings
 .Sh SYNOPSIS
 .In openssl/objects.h
 .Ft int
-.Fo OBJ_add_sigid
-.Fa "int signature"
-.Fa "int digest"
-.Fa "int encryption"
-.Fc
-.Ft void
-.Fn OBJ_sigid_free void
-.Ft int
 .Fo OBJ_find_sigid_algs
 .Fa "int signature"
 .Fa "int *pdigest"
@@ -46,25 +36,6 @@
 .Fa "int encryption"
 .Fc
 .Sh DESCRIPTION
-.Fn OBJ_add_sigid
-defines the
-.Fa signature
-algorithm to use the specified
-.Fa digest
-and
-.Fa encryption
-algorithms.
-Making sure that this does not conflict with earlier invocations of
-.Fn OBJ_add_sigid
-is the responsibility of the caller.
-Definitions made with
-.Fn OBJ_add_sigid
-take precedence over definitions built into the library.
-.Pp
-.Fn OBJ_sigid_free
-deletes all definitions made with
-.Fn OBJ_add_sigid .
-.Pp
 .Fn OBJ_find_sigid_algs
 looks up the
 .Fa signature
@@ -94,16 +65,12 @@ is a
 .Dv NULL
 pointer.
 .Sh RETURN VALUES
-.Fn OBJ_add_sigid
-returns 1 on success or 0 if memory allocation fails.
-.Pp
 .Fn OBJ_find_sigid_algs
 returns 1 if a definition of the
 .Fa signature
 algorithm is found or 0 if a definition of the
 .Fa signature
-algorithm is neither built into the library nor provided with
+algorithm is not built into the library.
-.Fn OBJ_add_sigid .
 .Pp
 .Fn OBJ_find_sigid_by_algs
 returns 1 if a signature algorithm using the specified
@@ -111,8 +78,7 @@ returns 1 if a signature algorithm using the specified
 and
 .Fa encryption
 algorithms is defined or 0 if the definition of such an algorithm
-is neither built into the library nor provided with
+is not built into the library.
-.Fn OBJ_add_sigid .
 .Sh SEE ALSO
 .Xr EVP_cleanup 3 ,
 .Xr OBJ_create 3 ,

lib/libcrypto/man/OBJ_create.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_create.3,v 1.6 2022/01/01 02:06:07 jsg Exp $
+.\" $OpenBSD: OBJ_create.3,v 1.7 2023/07/21 05:02:53 tb Exp $
 .\" full merge up to:
 .\" OpenSSL OBJ_nid2obj.pod 9b86974e Aug 17 15:21:33 2015 -0400
 .\" selective merge up to:
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 1 2022 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt OBJ_CREATE 3
 .Os
 .Sh NAME
@@ -253,7 +253,6 @@ obj = OBJ_nid2obj(new_nid);
 .Sh SEE ALSO
 .Xr ASN1_OBJECT_new 3 ,
 .Xr EVP_cleanup 3 ,
-.Xr OBJ_add_sigid 3 ,
 .Xr OBJ_NAME_add 3 ,
 .Xr OBJ_nid2obj 3
 .Sh HISTORY

lib/libcrypto/man/OBJ_nid2obj.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_nid2obj.3,v 1.19 2022/03/31 17:27:17 naddy Exp $
+.\" $OpenBSD: OBJ_nid2obj.3,v 1.20 2023/07/21 05:02:53 tb Exp $
 .\" full merge up to: OpenSSL c264592d May 14 11:28:00 2006 +0000
 .\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt OBJ_NID2OBJ 3
 .Os
 .Sh NAME
@@ -389,7 +389,6 @@ obj = OBJ_txt2obj("1.2.3.4", 1);
 .Xr ASN1_OBJECT_new 3 ,
 .Xr BIO_new 3 ,
 .Xr d2i_ASN1_OBJECT 3 ,
-.Xr OBJ_add_sigid 3 ,
 .Xr OBJ_create 3 ,
 .Xr OBJ_NAME_add 3
 .Sh HISTORY

lib/libcrypto/man/OpenSSL_add_all_algorithms.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.11 2021/12/18 17:47:45 schwarze Exp $
+.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.12 2023/07/21 05:02:53 tb Exp $
 .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 18 2021 $
+.Dd $Mdocdate: July 21 2023 $
 .Dt OPENSSL_ADD_ALL_ALGORITHMS 3
 .Os
 .Sh NAME
@@ -100,12 +100,10 @@ only the first call has an effect.
 .Fn EVP_cleanup
 removes all ciphers and digests from the table and also calls
 .Xr OBJ_NAME_cleanup 3
-with an argument of \-1 and
+with an argument of \-1 ,
-.Xr OBJ_sigid_free 3 ,
 thus resetting the global associative array of names
 and all signature algorithm definitions to their default states,
-removing all application-defined types, key-value pairs, aliases,
+removing all application-defined types, key-value pairs, and aliases,
-and signature algorithm definitions,
 including any that are unrelated to the EVP library.
 .Sh SEE ALSO
 .Xr evp 3 ,
@@ -113,7 +111,6 @@ including any that are unrelated to the EVP library.
 .Xr EVP_EncryptInit 3 ,
 .Xr OBJ_cleanup 3 ,
 .Xr OBJ_NAME_add 3 ,
-.Xr OBJ_sigid_free 3 ,
 .Xr OPENSSL_config 3
 .Sh HISTORY
 .Fn EVP_cleanup

lib/libcrypto/rsa/rsa_local.h

@@ -1,4 +1,60 @@
-/* $OpenBSD: rsa_local.h,v 1.2 2023/05/05 12:21:44 tb Exp $ */
+/* $OpenBSD: rsa_local.h,v 1.3 2023/07/21 15:26:51 tb Exp $ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
 
 __BEGIN_HIDDEN_DECLS
 

regress/lib/libcrypto/bio/bio_asn1.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bio_asn1.c,v 1.4 2023/05/02 09:30:37 tb Exp $ */
+/*	$OpenBSD: bio_asn1.c,v 1.5 2023/07/21 20:22:47 tb Exp $ */
 
 /*
  * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -105,13 +105,12 @@ read_leak_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret)
 static int
 test_prefix_leak(void)
 {
-	const char *data = "some data\n";
 	BIO *bio_in = NULL, *bio_out = NULL;
 	PKCS7 *pkcs7 = NULL;
 	char set_me = 0;
 	int failed = 1;
 
-	if ((bio_in = BIO_new_mem_buf(data, -1)) == NULL)
+	if ((bio_in = BIO_new_mem_buf("some data\n", -1)) == NULL)
 		goto err;
 
 	BIO_set_callback(bio_in, read_leak_cb);

sys/arch/amd64/amd64/cpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.170 2023/07/10 03:32:10 guenther Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.171 2023/07/21 04:04:51 guenther Exp $	*/
 /* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */
 
 /*-
@@ -273,7 +273,7 @@ replacemds(void)
 
 	if (strcmp(cpu_vendor, "GenuineIntel") != 0 ||
 	    ((ci->ci_feature_sefflags_edx & SEFF0EDX_ARCH_CAP) &&
-	     (rdmsr(MSR_ARCH_CAPABILITIES) & ARCH_CAPABILITIES_MDS_NO))) {
+	     (rdmsr(MSR_ARCH_CAPABILITIES) & ARCH_CAP_MDS_NO))) {
 		/* Unaffected, nop out the handling code */
 		has_verw = 0;
 	} else if (ci->ci_feature_sefflags_edx & SEFF0EDX_MD_CLEAR) {
@@ -1242,7 +1242,7 @@ cpu_tsx_disable(struct cpu_info *ci)
 	if (strcmp(cpu_vendor, "GenuineIntel") == 0 &&
 	    (sefflags_edx & SEFF0EDX_ARCH_CAP)) {
 		msr = rdmsr(MSR_ARCH_CAPABILITIES);
-		if (msr & ARCH_CAPABILITIES_TSX_CTRL) {
+		if (msr & ARCH_CAP_TSX_CTRL) {
 			msr = rdmsr(MSR_TSX_CTRL);
 			msr |= TSX_CTRL_RTM_DISABLE | TSX_CTRL_TSX_CPUID_CLEAR;
 			wrmsr(MSR_TSX_CTRL, msr);

sys/arch/amd64/amd64/identcpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: identcpu.c,v 1.133 2023/04/22 18:27:28 guenther Exp $	*/
+/*	$OpenBSD: identcpu.c,v 1.134 2023/07/21 04:04:51 guenther Exp $	*/
 /*	$NetBSD: identcpu.c,v 1.1 2003/04/26 18:39:28 fvdl Exp $	*/
 
 /*
@@ -1049,8 +1049,8 @@ cpu_check_vmm_cap(struct cpu_info *ci)
 		 */
 		if (ci->ci_feature_sefflags_edx & SEFF0EDX_ARCH_CAP) {
 			msr = rdmsr(MSR_ARCH_CAPABILITIES);
-			if ((msr & ARCH_CAPABILITIES_RDCL_NO) ||
+			if ((msr & ARCH_CAP_RDCL_NO) ||
-			    ((msr & ARCH_CAPABILITIES_SKIP_L1DFL_VMENTRY) &&
+			    ((msr & ARCH_CAP_SKIP_L1DFL_VMENTRY) &&
 			    ci->ci_vmm_cap.vcc_vmx.vmx_has_l1_flush_msr))
 				ci->ci_vmm_cap.vcc_vmx.vmx_has_l1_flush_msr =
 				    VMX_SKIP_L1D_FLUSH;

sys/arch/amd64/amd64/locore0.S

@@ -1,4 +1,4 @@
-/*	$OpenBSD: locore0.S,v 1.21 2022/12/01 00:26:15 guenther Exp $	*/
+/*	$OpenBSD: locore0.S,v 1.22 2023/07/21 04:04:51 guenther Exp $	*/
 /*	$NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $	*/
 
 /*
@@ -235,7 +235,7 @@ bi_size_ok:
 	/* IA32_ARCH_CAPABILITIES MSR available, use it to check CPU security */
 	movl	$MSR_ARCH_CAPABILITIES, %ecx
 	rdmsr
-	testl	$ARCH_CAPABILITIES_RDCL_NO, %eax
+	testl	$ARCH_CAP_RDCL_NO, %eax
 	jz	.Lcpu_check_finished
 
 .Lcpu_secure:

sys/arch/amd64/include/specialreg.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: specialreg.h,v 1.103 2023/07/10 03:32:10 guenther Exp $	*/
+/*	$OpenBSD: specialreg.h,v 1.104 2023/07/21 04:04:51 guenther Exp $	*/
 /*	$NetBSD: specialreg.h,v 1.1 2003/04/26 18:39:48 fvdl Exp $	*/
 /*	$NetBSD: x86/specialreg.h,v 1.2 2003/04/25 21:54:30 fvdl Exp $	*/
 
@@ -400,15 +400,29 @@
 #define MTRRcap_WC		0x400	/* bit 10 - WC type supported */
 #define MTRRcap_SMRR		0x800	/* bit 11 - SMM range reg supported */
 #define MSR_ARCH_CAPABILITIES	0x10a
-#define ARCH_CAPABILITIES_RDCL_NO	(1 << 0)	/* Meltdown safe */
+#define ARCH_CAP_RDCL_NO		(1 <<  0) /* Meltdown safe */
-#define ARCH_CAPABILITIES_IBRS_ALL	(1 << 1)	/* enhanced IBRS */
+#define ARCH_CAP_IBRS_ALL		(1 <<  1) /* enhanced IBRS */
-#define ARCH_CAPABILITIES_RSBA		(1 << 2)	/* RSB Alternate */
+#define ARCH_CAP_RSBA			(1 <<  2) /* RSB Alternate */
-#define ARCH_CAPABILITIES_SKIP_L1DFL_VMENTRY	(1 << 3)
+#define ARCH_CAP_SKIP_L1DFL_VMENTRY	(1 <<  3)
-#define ARCH_CAPABILITIES_SSB_NO	(1 << 4)	/* Spec St Byp safe */
+#define ARCH_CAP_SSB_NO			(1 <<  4) /* Spec St Byp safe */
-#define ARCH_CAPABILITIES_MDS_NO	(1 << 5) /* microarch data-sampling */
+#define ARCH_CAP_MDS_NO			(1 <<  5) /* microarch data-sampling */
-#define ARCH_CAPABILITIES_IF_PSCHANGE_MC_NO	(1 << 6) /* PS MCE safe */
+#define ARCH_CAP_IF_PSCHANGE_MC_NO	(1 <<  6) /* PS MCE safe */
-#define ARCH_CAPABILITIES_TSX_CTRL	(1 << 7)	/* has TSX_CTRL MSR */
+#define ARCH_CAP_TSX_CTRL		(1 <<  7) /* has TSX_CTRL MSR */
-#define ARCH_CAPABILITIES_TAA_NO	(1 << 8)	/* TSX AA safe */
+#define ARCH_CAP_TAA_NO			(1 <<  8) /* TSX AA safe */
+#define ARCH_CAP_MCU_CONTROL		(1 <<  9) /* has MCU_CTRL MSR */
+#define ARCH_CAP_MISC_PACKAGE_CTLS	(1 << 10) /* has MISC_PKG_CTLS MSR */
+#define ARCH_CAP_ENERGY_FILTERING_CTL	(1 << 11) /* r/w energy fltring bit */
+#define ARCH_CAP_DOITM			(1 << 12) /* Data oprnd indpdnt tmng */
+#define ARCH_CAP_SBDR_SSDP_NO		(1 << 13) /* SBDR/SSDP safe */
+#define ARCH_CAP_FBSDP_NO		(1 << 14) /* FBSDP safe */
+#define ARCH_CAP_PSDP_NO		(1 << 15) /* PSDP safe */
+#define ARCH_CAP_FB_CLEAR		(1 << 17) /* MD_CLEAR covers FB */
+#define ARCH_CAP_FB_CLEAR_CTRL		(1 << 18)
+#define ARCH_CAP_RRSBA			(1 << 19) /* has RRSBA if not dis */
+#define ARCH_CAP_BHI_NO			(1 << 20) /* BHI safe */
+#define ARCH_CAP_XAPIC_DISABLE_STATUS	(1 << 21) /* can disable xAPIC */
+#define ARCH_CAP_OVERCLOCKING_STATUS	(1 << 23) /* has OVRCLCKNG_STAT MSR */
+#define ARCH_CAP_PBRSB_NO		(1 << 24) /* PBSR safe */
 #define MSR_FLUSH_CMD		0x10b
 #define FLUSH_CMD_L1D_FLUSH	0x1	/* (1ULL << 0) */
 #define	MSR_BBL_CR_ADDR		0x116	/* PII+ only */

sys/arch/i386/i386/cpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.112 2023/06/15 22:18:07 cheloha Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.113 2023/07/21 04:04:52 guenther Exp $	*/
 /* $NetBSD: cpu.c,v 1.1.2.7 2000/06/26 02:04:05 sommerfeld Exp $ */
 
 /*-
@@ -478,7 +478,7 @@ cpu_tsx_disable(struct cpu_info *ci)
 	if (strcmp(cpu_vendor, "GenuineIntel") == 0 &&
 	    (sefflags_edx & SEFF0EDX_ARCH_CAP)) {
 		msr = rdmsr(MSR_ARCH_CAPABILITIES);
-		if (msr & ARCH_CAPABILITIES_TSX_CTRL) {
+		if (msr & ARCH_CAP_TSX_CTRL) {
 			msr = rdmsr(MSR_TSX_CTRL);
 			msr |= TSX_CTRL_RTM_DISABLE | TSX_CTRL_TSX_CPUID_CLEAR;
 			wrmsr(MSR_TSX_CTRL, msr);

sys/arch/i386/i386/locore0.S

@@ -1,4 +1,4 @@
-/*	$OpenBSD: locore0.S,v 1.10 2022/12/08 01:25:44 guenther Exp $	*/
+/*	$OpenBSD: locore0.S,v 1.11 2023/07/21 04:04:52 guenther Exp $	*/
 /*	$NetBSD: locore.s,v 1.145 1996/05/03 19:41:19 christos Exp $	*/
 
 /*-
@@ -178,7 +178,7 @@ start:	movw	$0x1234,0x472			# warm boot
         /* IA32_ARCH_CAPABILITIES MSR available, use it to check CPU security */
         movl	$MSR_ARCH_CAPABILITIES,%ecx
         rdmsr
-        testl	$ARCH_CAPABILITIES_RDCL_NO,%eax
+        testl	$ARCH_CAP_RDCL_NO,%eax
         jz	.Lcpu_check_finished
 
 .Lcpu_secure:

sys/arch/i386/include/specialreg.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: specialreg.h,v 1.81 2023/01/10 01:09:14 dv Exp $	*/
+/*	$OpenBSD: specialreg.h,v 1.82 2023/07/21 04:04:52 guenther Exp $	*/
 /*	$NetBSD: specialreg.h,v 1.7 1994/10/27 04:16:26 cgd Exp $	*/
 
 /*-
@@ -347,15 +347,29 @@
 #define MTRRcap_WC		0x400	/* bit 10 - WC type supported */
 #define MTRRcap_SMRR		0x800	/* bit 11 - SMM range reg supported */
 #define MSR_ARCH_CAPABILITIES	0x10a
-#define ARCH_CAPABILITIES_RDCL_NO	(1 << 0)	/* Meltdown safe */
+#define ARCH_CAP_RDCL_NO		(1 <<  0) /* Meltdown safe */
-#define ARCH_CAPABILITIES_IBRS_ALL	(1 << 1)	/* enhanced IBRS */
+#define ARCH_CAP_IBRS_ALL		(1 <<  1) /* enhanced IBRS */
-#define ARCH_CAPABILITIES_RSBA		(1 << 2)	/* RSB Alternate */
+#define ARCH_CAP_RSBA			(1 <<  2) /* RSB Alternate */
-#define ARCH_CAPABILITIES_SKIP_L1DFL_VMENTRY	(1 << 3)
+#define ARCH_CAP_SKIP_L1DFL_VMENTRY	(1 <<  3)
-#define ARCH_CAPABILITIES_SSB_NO	(1 << 4)	/* Spec St Byp safe */
+#define ARCH_CAP_SSB_NO			(1 <<  4) /* Spec St Byp safe */
-#define ARCH_CAPABILITIES_MDS_NO	(1 << 5) /* microarch data-sampling */
+#define ARCH_CAP_MDS_NO			(1 <<  5) /* microarch data-sampling */
-#define ARCH_CAPABILITIES_IF_PSCHANGE_MC_NO	(1 << 6) /* PS MCE safe */
+#define ARCH_CAP_IF_PSCHANGE_MC_NO	(1 <<  6) /* PS MCE safe */
-#define ARCH_CAPABILITIES_TSX_CTRL	(1 << 7)	/* has TSX_CTRL MSR */
+#define ARCH_CAP_TSX_CTRL		(1 <<  7) /* has TSX_CTRL MSR */
-#define ARCH_CAPABILITIES_TAA_NO	(1 << 8)	/* TSX AA safe */
+#define ARCH_CAP_TAA_NO			(1 <<  8) /* TSX AA safe */
+#define ARCH_CAP_MCU_CONTROL		(1 <<  9) /* has MCU_CTRL MSR */
+#define ARCH_CAP_MISC_PACKAGE_CTLS	(1 << 10) /* has MISC_PKG_CTLS MSR */
+#define ARCH_CAP_ENERGY_FILTERING_CTL	(1 << 11) /* r/w energy fltring bit */
+#define ARCH_CAP_DOITM			(1 << 12) /* Data oprnd indpdnt tmng */
+#define ARCH_CAP_SBDR_SSDP_NO		(1 << 13) /* SBDR/SSDP safe */
+#define ARCH_CAP_FBSDP_NO		(1 << 14) /* FBSDP safe */
+#define ARCH_CAP_PSDP_NO		(1 << 15) /* PSDP safe */
+#define ARCH_CAP_FB_CLEAR		(1 << 17) /* MD_CLEAR covers FB */
+#define ARCH_CAP_FB_CLEAR_CTRL		(1 << 18)
+#define ARCH_CAP_RRSBA			(1 << 19) /* has RRSBA if not dis */
+#define ARCH_CAP_BHI_NO			(1 << 20) /* BHI safe */
+#define ARCH_CAP_XAPIC_DISABLE_STATUS	(1 << 21) /* can disable xAPIC */
+#define ARCH_CAP_OVERCLOCKING_STATUS	(1 << 23) /* has OVRCLCKNG_STAT MSR */
+#define ARCH_CAP_PBRSB_NO		(1 << 24) /* PBSR safe */
 #define MSR_FLUSH_CMD		0x10b
 #define FLUSH_CMD_L1D_FLUSH	(1ULL << 0)
 #define	MSR_BBL_CR_ADDR		0x116	/* PII+ only */

sys/dev/i2c/ietp.c

@@ -1,6 +1,6 @@
-/* $OpenBSD: ietp.c,v 1.1 2023/07/08 02:43:02 jcs Exp $ */
+/* $OpenBSD: ietp.c,v 1.2 2023/07/21 02:19:49 jcs Exp $ */
 /*
- * elan-i2c driver
+ * Elan I2C Touchpad driver
  *
  * Copyright (c) 2015, 2016 joshua stein <jcs@openbsd.org>
  * Copyright (c) 2020, 2022 Vladimir Kondratyev <wulf@FreeBSD.org>
@@ -19,9 +19,10 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* Protocol documentation: https://lkml.indiana.edu/hypermail/linux/kernel/1205.0/02551.html.
+/* Protocol documentation:
-   Based on FreeBSD ietp driver.
+ * https://lkml.indiana.edu/hypermail/linux/kernel/1205.0/02551.html
-*/
+ * Based on FreeBSD ietp driver.
+ */
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -166,7 +167,7 @@ ietp_attach(struct device *parent, struct device *self, void *aux)
 		sc->sc_ih = iic_intr_establish(sc->sc_tag, ia->ia_intr,
 		    IPL_TTY, ietp_intr, sc, sc->sc_dev.dv_xname);
 		if (sc->sc_ih == NULL) {
-			printf(", can't establish interrupt");
+			printf(", can't establish interrupt\n");
 			return;
 		}
 	}
@@ -177,13 +178,13 @@ ietp_attach(struct device *parent, struct device *self, void *aux)
 	buf8 = (uint8_t *)&buf;
 
 	if (ietp_iic_read_reg(sc, IETP_UNIQUEID, sizeof(buf), &buf) != 0) {
-		printf("%s: failed reading product ID\n", sc->sc_dev.dv_xname);
+		printf(": failed reading product ID\n");
 		return;
 	}
 	sc->product_id = le16toh(buf);
 
 	if (ietp_iic_read_reg(sc, IETP_PATTERN, sizeof(buf), &buf) != 0) {
-		printf("%s: failed reading pattern\n", sc->sc_dev.dv_xname);
+		printf(": failed reading pattern\n");
 		return;
 	}
 	pattern = buf == 0xFFFF ? 0 : buf8[1];
@@ -191,49 +192,49 @@ ietp_attach(struct device *parent, struct device *self, void *aux)
 
 	reg = pattern >= 0x01 ? IETP_IC_TYPE : IETP_OSM_VERSION;
 	if (ietp_iic_read_reg(sc, reg, sizeof(buf), &buf) != 0) {
-		printf("%s: failed reading IC type\n", sc->sc_dev.dv_xname);
+		printf(": failed reading IC type\n");
 		return;
 	}
 	sc->ic_type = pattern >= 0x01 ? be16toh(buf) : buf8[1];
 
 	if (ietp_iic_read_reg(sc, IETP_NSM_VERSION, sizeof(buf), &buf) != 0) {
-		printf("%s: failed reading SM version\n", sc->sc_dev.dv_xname);
+		printf(": failed reading SM version\n");
 		return;
 	}
 	sc->is_clickpad = (buf8[0] & 0x10) != 0;
 
 	if (ietp_iic_set_absolute_mode(sc, true) != 0) {
-		printf("%s: failed to set absolute mode\n", sc->sc_dev.dv_xname);
+		printf(": failed to set absolute mode\n");
 		return;
 	}
 
 	if (ietp_iic_read_reg(sc, IETP_MAX_X_AXIS, sizeof(buf), &buf) != 0) {
-		printf("%s: failed reading max x\n", sc->sc_dev.dv_xname);
+		printf(": failed reading max x\n");
 		return;
 	}
 	sc->max_x = le16toh(buf);
 
 	if (ietp_iic_read_reg(sc, IETP_MAX_Y_AXIS, sizeof(buf), &buf) != 0) {
-		printf("%s: failed reading max y\n", sc->sc_dev.dv_xname);
+		printf(": failed reading max y\n");
 		return;
 	}
 	sc->max_y = le16toh(buf);
 
 	if (ietp_iic_read_reg(sc, IETP_TRACENUM, sizeof(buf), &buf) != 0) {
-		printf("%s: failed reading trace info\n", sc->sc_dev.dv_xname);
+		printf(": failed reading trace info\n");
 		return;
 	}
 	sc->trace_x = sc->max_x / buf8[0];
 	sc->trace_y = sc->max_y / buf8[1];
 
 	if (ietp_iic_read_reg(sc, IETP_PRESSURE, sizeof(buf), &buf) != 0) {
-		printf("%s: failed reading pressure format\n", sc->sc_dev.dv_xname);
+		printf(": failed reading pressure format\n");
 		return;
 	}
 	sc->pressure_base = (buf8[0] & 0x10) ? 0 : IETP_PRESSURE_BASE;
 
 	if (ietp_iic_read_reg(sc, IETP_RESOLUTION, sizeof(buf), &buf)  != 0) {
-		printf("%s: failed reading resolution\n", sc->sc_dev.dv_xname);
+		printf(": failed reading resolution\n");
 		return;
 	}
 	/* Conversion from internal format to dot per mm */
@@ -245,7 +246,8 @@ ietp_attach(struct device *parent, struct device *self, void *aux)
 	sc->report_len = sc->hi_precision ?
 	    IETP_REPORT_LEN_HI : IETP_REPORT_LEN_LO;
 
-	sc->sc_ibuf = malloc(IETP_REPORT_LEN_HI + 12, M_DEVBUF, M_NOWAIT | M_ZERO);
+	sc->sc_ibuf = malloc(IETP_REPORT_LEN_HI + 12, M_DEVBUF,
+	    M_NOWAIT | M_ZERO);
 	sc->sc_isize = sc->report_len + 3;
 
 	a.accessops = &ietp_mouse_access;
@@ -267,10 +269,12 @@ ietp_attach(struct device *parent, struct device *self, void *aux)
 
 	/* power down until we're opened */
 	if (ietp_set_power(sc, I2C_HID_POWER_OFF)) {
-		printf("%s: failed to power down\n", sc->sc_dev.dv_xname);
+		printf(": failed to power down\n");
 		return;
 	}
 
+	printf("\n");
+
 	DPRINTF(("%s: max_x=%d, max_y=%d, %s\n", sc->sc_dev.dv_xname,
 		 sc->max_x, sc->max_y,
 		 sc->is_clickpad ? "clickpad" : "touchpad"));
@@ -359,18 +363,21 @@ ietp_iic_set_absolute_mode(struct ietp_softc *sc, bool enable)
 	}
 
 	if (require_wakeup && ietp_set_power(sc, I2C_HID_POWER_ON) != 0) {
-		printf("%s: failed writing poweron command\n", sc->sc_dev.dv_xname);
+		printf("%s: failed writing poweron command\n",
+		    sc->sc_dev.dv_xname);
 		return (EIO);
 	}
 
 	val = enable ? IETP_CTRL_ABSOLUTE : IETP_CTRL_STANDARD;
 	if (ietp_iic_write_reg(sc, IETP_CONTROL, val) != 0) {
-		printf("%s: failed setting absolute mode\n", sc->sc_dev.dv_xname);
+		printf("%s: failed setting absolute mode\n",
+		    sc->sc_dev.dv_xname);
 		error = EIO;
 	}
 
 	if (require_wakeup && ietp_set_power(sc, I2C_HID_POWER_OFF) != 0) {
-		printf("%s: failed writing poweroff command\n", sc->sc_dev.dv_xname);
+		printf("%s: failed writing poweroff command\n",
+		    sc->sc_dev.dv_xname);
 		error = EIO;
 	}
 
@@ -524,7 +531,8 @@ parse_input(struct ietp_softc *sc, u_char *report, int len)
 	if (len == 0)
 		return;
 	if (len != sc->report_len) {
-		printf("%s: wrong report length (%d vs %d expected)", sc->sc_dev.dv_xname, len, (int) sc->report_len);
+		printf("%s: wrong report length (%d vs %d expected)",
+		    sc->sc_dev.dv_xname, len, (int) sc->report_len);
 		return;
 	}
 
@@ -551,7 +559,8 @@ parse_input(struct ietp_softc *sc, u_char *report, int len)
 
 			if (x > sc->max_x || y > sc->max_y) {
 				printf("%s: [%d] x=%d y=%d over max (%d, %d)\n",
-				       sc->sc_dev.dv_xname, finger, x, y, sc->max_x, sc->max_y);
+				    sc->sc_dev.dv_xname, finger, x, y,
+				    sc->max_x, sc->max_y);
 				continue;
 			}
 
@@ -565,7 +574,8 @@ parse_input(struct ietp_softc *sc, u_char *report, int len)
 			p = 0;
 		}
 
-		DPRINTF(("position: [finger=%d, x=%d, y=%d, p=%d]\n", finger, x, y, p));
+		DPRINTF(("position: [finger=%d, x=%d, y=%d, p=%d]\n", finger,
+		    x, y, p));
 		wsmouse_mtstate(sc->sc_wsmousedev, finger, x, y, p);
 	}