From 6871d7cb851deae5dd4027a0758aa0213bc10fcf Mon Sep 17 00:00:00 2001 From: purplerain Date: Sun, 18 Jun 2023 10:29:09 +0000 Subject: [PATCH] sync --- distrib/miniroot/install.sub | 6 +- lib/libcrypto/bn/arch/aarch64/bn_arch.h | 29 ++++- lib/libcrypto/bn/bn_mont.c | 47 ++++++-- lib/libtls/tls.c | 10 +- lib/libtls/tls_internal.h | 4 +- lib/libtls/tls_signer.c | 15 +-- sbin/iked/ca.c | 8 +- share/man/man1/dpb.1 | 40 ++++++- sys/arch/arm64/dev/agintc.c | 5 +- usr.sbin/lpr/lpd/lpd.8 | 6 +- usr.sbin/smtpd/ca.c | 146 ++++++++++++++++-------- usr.sbin/vmd/vmd.c | 4 +- 12 files changed, 224 insertions(+), 96 deletions(-) diff --git a/distrib/miniroot/install.sub b/distrib/miniroot/install.sub index ca9341a21..165b302fa 100644 --- a/distrib/miniroot/install.sub +++ b/distrib/miniroot/install.sub @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: install.sub,v 1.1249 2023/06/06 09:35:44 kn Exp $ +# $OpenBSD: install.sub,v 1.1250 2023/06/18 15:17:38 deraadt Exp $ # # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback # Copyright (c) 2015, Robert Peichaer @@ -1103,7 +1103,7 @@ v4_config() { case $resp in none) return ;; - autoconf|dhcp) + a|autoconf|dhcp) dhcp_request $_if echo "inet autoconf" >>$_hn return @@ -1220,7 +1220,7 @@ v6_config() { case $resp in none) return ;; - autoconf) + a|autoconf) ifconfig $_if inet6 autoconf up echo "inet6 autoconf" >>$_hn return diff --git a/lib/libcrypto/bn/arch/aarch64/bn_arch.h b/lib/libcrypto/bn/arch/aarch64/bn_arch.h index f658510c7..aa780e09e 100644 --- a/lib/libcrypto/bn/arch/aarch64/bn_arch.h +++ b/lib/libcrypto/bn/arch/aarch64/bn_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_arch.h,v 1.10 2023/06/12 16:42:11 jsing Exp $ */ +/* $OpenBSD: bn_arch.h,v 1.11 2023/06/17 15:40:46 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -177,6 +177,33 @@ bn_mulw_addtw(BN_ULONG a, BN_ULONG b, BN_ULONG c2, BN_ULONG c1, BN_ULONG c0, *out_r0 = r0; } +#define HAVE_BN_MUL2_MULW_ADDTW + +static inline void +bn_mul2_mulw_addtw(BN_ULONG a, BN_ULONG b, BN_ULONG c2, BN_ULONG c1, BN_ULONG c0, + BN_ULONG *out_r2, BN_ULONG *out_r1, BN_ULONG *out_r0) +{ + BN_ULONG r2, r1, r0, x1, x0; + + __asm__ ( + "umulh %[x1], %[a], %[b] \n" + "mul %[x0], %[a], %[b] \n" + "adds %[r0], %[c0], %[x0] \n" + "adcs %[r1], %[c1], %[x1] \n" + "adc %[r2], xzr, %[c2] \n" + "adds %[r0], %[r0], %[x0] \n" + "adcs %[r1], %[r1], %[x1] \n" + "adc %[r2], xzr, %[r2] \n" + : [r2]"=&r"(r2), [r1]"=&r"(r1), [r0]"=&r"(r0), [x1]"=&r"(x1), + [x0]"=&r"(x0) + : [a]"r"(a), [b]"r"(b), [c2]"r"(c2), [c1]"r"(c1), [c0]"r"(c0) + : "cc"); + + *out_r2 = r2; + *out_r1 = r1; + *out_r0 = r0; +} + #define HAVE_BN_QWMULW_ADDW static inline void diff --git a/lib/libcrypto/bn/bn_mont.c b/lib/libcrypto/bn/bn_mont.c index 6194e0995..b44246e07 100644 --- a/lib/libcrypto/bn/bn_mont.c +++ b/lib/libcrypto/bn/bn_mont.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_mont.c,v 1.59 2023/04/30 05:21:20 tb Exp $ */ +/* $OpenBSD: bn_mont.c,v 1.60 2023/06/17 14:43:50 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -327,6 +327,36 @@ bn_mod_mul_montgomery_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, return ret; } +static void +bn_montgomery_multiply_word(const BN_ULONG *ap, BN_ULONG b, const BN_ULONG *np, + BN_ULONG *tp, BN_ULONG w, BN_ULONG *carry_a, BN_ULONG *carry_n, int n_len) +{ + BN_ULONG x3, x2, x1, x0; + + *carry_a = *carry_n = 0; + + while (n_len & ~3) { + bn_qwmulw_addqw_addw(ap[3], ap[2], ap[1], ap[0], b, + tp[3], tp[2], tp[1], tp[0], *carry_a, carry_a, + &x3, &x2, &x1, &x0); + bn_qwmulw_addqw_addw(np[3], np[2], np[1], np[0], w, + x3, x2, x1, x0, *carry_n, carry_n, + &tp[3], &tp[2], &tp[1], &tp[0]); + ap += 4; + np += 4; + tp += 4; + n_len -= 4; + } + while (n_len > 0) { + bn_mulw_addw_addw(ap[0], b, tp[0], *carry_a, carry_a, &x0); + bn_mulw_addw_addw(np[0], w, x0, *carry_n, carry_n, &tp[0]); + ap++; + np++; + tp++; + n_len--; + } +} + /* * bn_montgomery_multiply_words() computes r = aR * bR * R^-1 = abR for the * given word arrays. The caller must ensure that rp, ap, bp and np are all @@ -336,10 +366,10 @@ void bn_montgomery_multiply_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, BN_ULONG *tp, BN_ULONG n0, int n_len) { - BN_ULONG a0, b, carry_a, carry_n, carry, mask, w, x; - int i, j; + BN_ULONG a0, b, carry_a, carry_n, carry, mask, w; + int i; - carry_a = carry_n = carry = 0; + carry = 0; for (i = 0; i < n_len; i++) tp[i] = 0; @@ -349,15 +379,12 @@ bn_montgomery_multiply_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *b for (i = 0; i < n_len; i++) { b = bp[i]; - /* Compute new t[0] * n0, as we need it inside the loop. */ + /* Compute new t[0] * n0, as we need it for this iteration. */ w = (a0 * b + tp[0]) * n0; - for (j = 0; j < n_len; j++) { - bn_mulw_addw_addw(ap[j], b, tp[j], carry_a, &carry_a, &x); - bn_mulw_addw_addw(np[j], w, x, carry_n, &carry_n, &tp[j]); - } + bn_montgomery_multiply_word(ap, b, np, tp, w, &carry_a, + &carry_n, n_len); bn_addw_addw(carry_a, carry_n, carry, &carry, &tp[n_len]); - carry_a = carry_n = 0; tp++; } diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index 989339dc0..8444169bd 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.96 2023/05/25 07:46:21 op Exp $ */ +/* $OpenBSD: tls.c,v 1.97 2023/06/18 11:43:03 op Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -389,7 +389,7 @@ static int tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey) { RSA_METHOD *rsa_method; - ECDSA_METHOD *ecdsa_method; + EC_KEY_METHOD *ecdsa_method; RSA *rsa = NULL; EC_KEY *eckey = NULL; int ret = -1; @@ -427,15 +427,15 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p break; case EVP_PKEY_EC: if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL || - ECDSA_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) { + EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) { tls_set_errorx(ctx, "EC key setup failure"); goto err; } if (ctx->config->sign_cb != NULL) { ecdsa_method = tls_signer_ecdsa_method(); if (ecdsa_method == NULL || - ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 || - ECDSA_set_method(eckey, ecdsa_method) == 0) { + EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 || + EC_KEY_set_method(eckey, ecdsa_method) == 0) { tls_set_errorx(ctx, "failed to setup EC key"); goto err; } diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h index f4c23f64e..af081a079 100644 --- a/lib/libtls/tls_internal.h +++ b/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.81 2023/04/09 18:26:26 tb Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.82 2023/06/18 11:43:03 op Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * Copyright (c) 2014 Joel Sing @@ -298,7 +298,7 @@ int tls_cert_pubkey_hash(X509 *_cert, char **_hash); int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u); RSA_METHOD *tls_signer_rsa_method(void); -ECDSA_METHOD *tls_signer_ecdsa_method(void); +EC_KEY_METHOD *tls_signer_ecdsa_method(void); #define TLS_PADDING_NONE 0 #define TLS_PADDING_RSA_PKCS1 1 diff --git a/lib/libtls/tls_signer.c b/lib/libtls/tls_signer.c index f6005d3e0..372fa7781 100644 --- a/lib/libtls/tls_signer.c +++ b/lib/libtls/tls_signer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_signer.c,v 1.5 2023/04/09 18:26:26 tb Exp $ */ +/* $OpenBSD: tls_signer.c,v 1.6 2023/06/18 11:43:03 op Exp $ */ /* * Copyright (c) 2021 Eric Faurot * @@ -419,26 +419,21 @@ tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, return (NULL); } -ECDSA_METHOD * +EC_KEY_METHOD * tls_signer_ecdsa_method(void) { - static ECDSA_METHOD *ecdsa_method = NULL; + static EC_KEY_METHOD *ecdsa_method = NULL; pthread_mutex_lock(&signer_method_lock); if (ecdsa_method != NULL) goto out; - ecdsa_method = calloc(1, sizeof(*ecdsa_method)); + ecdsa_method = EC_KEY_METHOD_new(NULL); if (ecdsa_method == NULL) goto out; - ecdsa_method->ecdsa_do_sign = tls_ecdsa_do_sign; - ecdsa_method->name = strdup("libtls ECDSA method"); - if (ecdsa_method->name == NULL) { - free(ecdsa_method); - ecdsa_method = NULL; - } + EC_KEY_METHOD_set_sign(ecdsa_method, NULL, NULL, tls_ecdsa_do_sign); out: pthread_mutex_unlock(&signer_method_lock); diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c index cd10fca4d..7f7c8bee0 100644 --- a/sbin/iked/ca.c +++ b/sbin/iked/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.92 2023/05/23 13:12:19 claudio Exp $ */ +/* $OpenBSD: ca.c,v 1.93 2023/06/17 22:33:34 tobhe Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -560,9 +560,9 @@ ca_getcert(struct iked *env, struct imsg *imsg) iov[2].iov_base = ptr; iov[2].iov_len = len; - if (proc_composev(&env->sc_ps, PROC_IKEV2, cmd, iov, iovcnt) == -1) - return (-1); - return (0); + ret = proc_composev(&env->sc_ps, PROC_IKEV2, cmd, iov, iovcnt); + ibuf_free(key.id_buf); + return (ret); } static unsigned int diff --git a/share/man/man1/dpb.1 b/share/man/man1/dpb.1 index 7dfb46ef9..7945072e5 100644 --- a/share/man/man1/dpb.1 +++ b/share/man/man1/dpb.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: dpb.1,v 1.33 2023/05/29 21:13:24 aisha Exp $ +.\" $OpenBSD: dpb.1,v 1.34 2023/06/17 19:35:54 espie Exp $ .\" .\" Copyright (c) 2010-2013 Marc Espie .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 29 2023 $ +.Dd $Mdocdate: June 17 2023 $ .Dt DPB 1 .Os .Sh NAME @@ -124,6 +124,18 @@ be shared on the cluster. Some log files ("rolling logs") are kept from one run to the run and stored under .Pa ${DISTDIR}/build-stats . +On each run, the most recent entries for each pkgpath +.Po +see +.Ar STATS_USED +.Pc +are used to figure out in which order things should be built. +Meanwhile, some more entries are kept around +.Po +see +.Ar STATS_BACKLOG +.Pc +for potential data analysis over longer periods. .Pp Option .Fl h Ar file @@ -184,7 +196,7 @@ for preparing such an environment. .It Fl b Ar logfile Explicitly prime the heuristics module with a previous build log, so that packages that take a long time to build will happen earlier. -The rolling log under +The rolling log file under .Pa %f/build-stats/%a is automatically used. .It Fl C Ar pathlist @@ -347,6 +359,17 @@ Defaults to can be set to nothing to disable. .It Ar STARTUP Define a start-up script on the command-line, override any host file contents. +.It Ar STATS_BACKLOG +Max number of stats (per individual pkgpath) to save in the rolling log file +.Po +defaults to 25 +.Pc . +.It Ar STATS_USED +Clamp number of stats (per individual pkgpath) used for computing build +order +.Po +defaults to 10 +.Pc . .It Ar STUCK_TIMEOUT Timeout (in seconds * speed factor) after which tasks that don't show any progress will be killed. @@ -686,7 +709,7 @@ as an initial workdir size log. .It Fl s Compute workdir sizes before cleaning up, and stash them in log file .Pa %L/size.log . -Also maintain a rolling log of build sizes under +This will also maintain a rolling log of build sizes under .Pa %f/build-stats/%a-size . In order to save time, .Nm @@ -1265,7 +1288,14 @@ They should be readable for the .Nm also records rolling build statistics under .Pa ${DISTDIR}/build-stats/${ARCH} , -and uses them automatically in the absence of +and uses them automatically +.Po +see +.Ar STATS_BACKLOG +and +.Ar STATS_USED +.Pc +in the absence of .Fl b Ar logfile . That file belongs to the .Ar LOG_USER diff --git a/sys/arch/arm64/dev/agintc.c b/sys/arch/arm64/dev/agintc.c index 490108db6..47c43ebf7 100644 --- a/sys/arch/arm64/dev/agintc.c +++ b/sys/arch/arm64/dev/agintc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: agintc.c,v 1.48 2023/04/25 10:35:48 patrick Exp $ */ +/* $OpenBSD: agintc.c,v 1.49 2023/06/17 22:10:19 kettenis Exp $ */ /* * Copyright (c) 2007, 2009, 2011, 2017 Dale Rahn * Copyright (c) 2018 Mark Kettenis @@ -1962,6 +1962,9 @@ agintc_intr_disestablish_msi(void *cookie) { agintc_intr_disestablish(*(void **)cookie); *(void **)cookie = NULL; + + /* Invalidate cache. */ + agintc_msi_invall(); } void diff --git a/usr.sbin/lpr/lpd/lpd.8 b/usr.sbin/lpr/lpd/lpd.8 index c6606939f..4289d48c6 100644 --- a/usr.sbin/lpr/lpd/lpd.8 +++ b/usr.sbin/lpr/lpd/lpd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: lpd.8,v 1.32 2022/10/10 09:13:43 jsg Exp $ +.\" $OpenBSD: lpd.8,v 1.33 2023/06/17 15:35:08 jmc Exp $ .\" $NetBSD: lpd.8,v 1.23 2002/02/08 01:38:50 ross Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)lpd.8 8.3 (Berkeley) 4/19/94 .\" -.Dd $Mdocdate: October 10 2022 $ +.Dd $Mdocdate: June 17 2023 $ .Dt LPD 8 .Os .Sh NAME @@ -242,7 +242,7 @@ The file contains troff output (cat phototypesetter commands). .It n Ditroff File. The file contains device independent troff output. -.It r +.It d DVI File. The file contains .Tn Tex l diff --git a/usr.sbin/smtpd/ca.c b/usr.sbin/smtpd/ca.c index c0c918601..5c163ef70 100644 --- a/usr.sbin/smtpd/ca.c +++ b/usr.sbin/smtpd/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.43 2023/03/26 18:11:48 tb Exp $ */ +/* $OpenBSD: ca.c,v 1.44 2023/06/18 11:43:49 op Exp $ */ /* * Copyright (c) 2014 Reyk Floeter @@ -47,10 +47,17 @@ static int rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, static int rsae_init(RSA *); static int rsae_finish(RSA *); static int rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *); +static int ecdsae_keygen(EC_KEY *); +static int ecdsae_compute_key(void *, size_t, const EC_POINT *, EC_KEY *, + void *(*)(const void *, size_t, void *, size_t *)); +static int ecdsae_sign(int, const unsigned char *, int, unsigned char *, + unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *); static ECDSA_SIG *ecdsae_do_sign(const unsigned char *, int, const BIGNUM *, const BIGNUM *, EC_KEY *); static int ecdsae_sign_setup(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **); +static int ecdsae_verify(int, const unsigned char *, int, const unsigned char *, + int, EC_KEY *); static int ecdsae_do_verify(const unsigned char *, int, const ECDSA_SIG *, EC_KEY *); @@ -492,29 +499,9 @@ rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) * ECDSA privsep engine (called from unprivileged processes) */ -const ECDSA_METHOD *ecdsa_default = NULL; +const EC_KEY_METHOD *ecdsa_default = NULL; -static ECDSA_METHOD *ecdsae_method = NULL; - -ECDSA_METHOD * -ECDSA_METHOD_new_temporary(const char *name, int); - -ECDSA_METHOD * -ECDSA_METHOD_new_temporary(const char *name, int flags) -{ - ECDSA_METHOD *ecdsa; - - if ((ecdsa = calloc(1, sizeof (*ecdsa))) == NULL) - return NULL; - - if ((ecdsa->name = strdup(name)) == NULL) { - free(ecdsa); - return NULL; - } - - ecdsa->flags = flags; - return ecdsa; -} +static EC_KEY_METHOD *ecdsae_method = NULL; static ECDSA_SIG * ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len, @@ -531,7 +518,7 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len, uint64_t id; ECDSA_SIG *sig = NULL; - if ((hash = ECDSA_get_ex_data(eckey, 0)) == NULL) + if ((hash = EC_KEY_get_ex_data(eckey, 0)) == NULL) return (0); /* @@ -590,30 +577,86 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len, return (sig); } -ECDSA_SIG * -ecdsae_do_sign(const unsigned char *dgst, int dgst_len, - const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey) +static int +ecdsae_keygen(EC_KEY *eckey) { + int (*keygen)(EC_KEY *); + log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); - if (ECDSA_get_ex_data(eckey, 0) != NULL) + EC_KEY_METHOD_get_keygen(ecdsa_default, &keygen); + return (keygen(eckey)); +} + +static int +ecdsae_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, void *(*kdf)(const void *, size_t, void *, size_t *)) +{ + int (*ckey)(void *, size_t, const EC_POINT *, EC_KEY *, + void *(*)(const void *, size_t, void *, size_t *)); + + log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); + EC_KEY_METHOD_get_compute_key(ecdsa_default, &ckey); + return (ckey(out, outlen, pub_key, ecdh, kdf)); +} + +static int +ecdsae_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) +{ + int (*sign)(int, const unsigned char *, int, unsigned char *, + unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *); + + log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); + EC_KEY_METHOD_get_sign(ecdsa_default, &sign, NULL, NULL); + return (sign(type, dgst, dlen, sig, siglen, kinv, r, eckey)); +} + +static ECDSA_SIG * +ecdsae_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, + const BIGNUM *rp, EC_KEY *eckey) +{ + ECDSA_SIG *(*psign_sig)(const unsigned char *, int, const BIGNUM *, + const BIGNUM *, EC_KEY *); + + log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); + if (EC_KEY_get_ex_data(eckey, 0) != NULL) return (ecdsae_send_enc_imsg(dgst, dgst_len, inv, rp, eckey)); - return (ecdsa_default->ecdsa_do_sign(dgst, dgst_len, inv, rp, eckey)); + EC_KEY_METHOD_get_sign(ecdsa_default, NULL, NULL, &psign_sig); + return (psign_sig(dgst, dgst_len, inv, rp, eckey)); } -int -ecdsae_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, - BIGNUM **r) +static int +ecdsae_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r) { + int (*psign_setup)(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **); + log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); - return (ecdsa_default->ecdsa_sign_setup(eckey, ctx, kinv, r)); + EC_KEY_METHOD_get_sign(ecdsa_default, NULL, &psign_setup, NULL); + return (psign_setup(eckey, ctx, kinv, r)); } -int +static int +ecdsae_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) +{ + int (*verify)(int, const unsigned char *, int, const unsigned char *, + int, EC_KEY *); + + log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); + EC_KEY_METHOD_get_verify(ecdsa_default, &verify, NULL); + return (verify(type, dgst, dgst_len, sigbuf, sig_len, eckey)); +} + +static int ecdsae_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { + int (*pverify_sig)(const unsigned char *, int, const ECDSA_SIG *, + EC_KEY *); + log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); - return (ecdsa_default->ecdsa_do_verify(dgst, dgst_len, sig, eckey)); + EC_KEY_METHOD_get_verify(ecdsa_default, NULL, &pverify_sig); + return (pverify_sig(dgst, dgst_len, sig, eckey)); } @@ -694,30 +737,33 @@ ecdsa_engine_init(void) ENGINE *e; const char *errstr, *name; - if ((ecdsae_method = ECDSA_METHOD_new_temporary("ECDSA privsep engine", 0)) == NULL) { - errstr = "ECDSA_METHOD_new_temporary"; + if ((ecdsae_method = EC_KEY_METHOD_new(NULL)) == NULL) { + errstr = "EC_KEY_METHOD_new"; goto fail; } - ecdsae_method->ecdsa_do_sign = ecdsae_do_sign; - ecdsae_method->ecdsa_sign_setup = ecdsae_sign_setup; - ecdsae_method->ecdsa_do_verify = ecdsae_do_verify; + EC_KEY_METHOD_set_keygen(ecdsae_method, ecdsae_keygen); + EC_KEY_METHOD_set_compute_key(ecdsae_method, ecdsae_compute_key); + EC_KEY_METHOD_set_sign(ecdsae_method, ecdsae_sign, ecdsae_sign_setup, + ecdsae_do_sign); + EC_KEY_METHOD_set_verify(ecdsae_method, ecdsae_verify, + ecdsae_do_verify); - if ((e = ENGINE_get_default_ECDSA()) == NULL) { + if ((e = ENGINE_get_default_EC()) == NULL) { if ((e = ENGINE_new()) == NULL) { errstr = "ENGINE_new"; goto fail; } - if (!ENGINE_set_name(e, ecdsae_method->name)) { + if (!ENGINE_set_name(e, "ECDSA privsep engine")) { errstr = "ENGINE_set_name"; goto fail; } - if ((ecdsa_default = ECDSA_get_default_method()) == NULL) { - errstr = "ECDSA_get_default_method"; + if ((ecdsa_default = EC_KEY_get_default_method()) == NULL) { + errstr = "EC_KEY_get_default_method"; goto fail; } - } else if ((ecdsa_default = ENGINE_get_ECDSA(e)) == NULL) { - errstr = "ENGINE_get_ECDSA"; + } else if ((ecdsa_default = ENGINE_get_EC(e)) == NULL) { + errstr = "ENGINE_get_EC"; goto fail; } @@ -726,12 +772,12 @@ ecdsa_engine_init(void) log_debug("debug: %s: using %s", __func__, name); - if (!ENGINE_set_ECDSA(e, ecdsae_method)) { - errstr = "ENGINE_set_ECDSA"; + if (!ENGINE_set_EC(e, ecdsae_method)) { + errstr = "ENGINE_set_EC"; goto fail; } - if (!ENGINE_set_default_ECDSA(e)) { - errstr = "ENGINE_set_default_ECDSA"; + if (!ENGINE_set_default_EC(e)) { + errstr = "ENGINE_set_default_EC"; goto fail; } diff --git a/usr.sbin/vmd/vmd.c b/usr.sbin/vmd/vmd.c index 86a5132fe..3ba9c6792 100644 --- a/usr.sbin/vmd/vmd.c +++ b/usr.sbin/vmd/vmd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmd.c,v 1.149 2023/05/13 23:15:28 dv Exp $ */ +/* $OpenBSD: vmd.c,v 1.150 2023/06/18 11:45:11 op Exp $ */ /* * Copyright (c) 2015 Reyk Floeter @@ -874,7 +874,7 @@ main(int argc, char **argv) log_setverbose(env->vmd_verbose); /* Re-exec from the vmm child process requires an absolute path. */ - if (proc_id == PROC_PARENT && *argv[0] != '/') + if (proc_id == PROC_PARENT && *argv[0] != '/' && !env->vmd_noaction) fatalx("re-exec requires execution with an absolute path"); env->argv0 = argv[0];