sync

distrib/miniroot/install.sub

@@ -1,5 +1,5 @@
 #!/bin/ksh
-#	$OpenBSD: install.sub,v 1.1249 2023/06/06 09:35:44 kn Exp $
+#	$OpenBSD: install.sub,v 1.1250 2023/06/18 15:17:38 deraadt Exp $
 #
 # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
 # Copyright (c) 2015, Robert Peichaer <rpe@openbsd.org>
@@ -1103,7 +1103,7 @@ v4_config() {
 		case $resp in
 		none)	return
 			;;
-		autoconf|dhcp)
+		a|autoconf|dhcp)
 			dhcp_request $_if
 			echo "inet autoconf" >>$_hn
 			return
@@ -1220,7 +1220,7 @@ v6_config() {
 		case $resp in
 		none)	return
 			;;
-		autoconf)
+		a|autoconf)
 			ifconfig $_if inet6 autoconf up
 			echo "inet6 autoconf" >>$_hn
 			return

lib/libcrypto/bn/arch/aarch64/bn_arch.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bn_arch.h,v 1.10 2023/06/12 16:42:11 jsing Exp $ */
+/*	$OpenBSD: bn_arch.h,v 1.11 2023/06/17 15:40:46 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -177,6 +177,33 @@ bn_mulw_addtw(BN_ULONG a, BN_ULONG b, BN_ULONG c2, BN_ULONG c1, BN_ULONG c0,
 	*out_r0 = r0;
 }
 
+#define HAVE_BN_MUL2_MULW_ADDTW
+
+static inline void
+bn_mul2_mulw_addtw(BN_ULONG a, BN_ULONG b, BN_ULONG c2, BN_ULONG c1, BN_ULONG c0,
+    BN_ULONG *out_r2, BN_ULONG *out_r1, BN_ULONG *out_r0)
+{
+	BN_ULONG r2, r1, r0, x1, x0;
+
+	__asm__ (
+	    "umulh  %[x1], %[a], %[b] \n"
+	    "mul    %[x0], %[a], %[b] \n"
+	    "adds   %[r0], %[c0], %[x0] \n"
+	    "adcs   %[r1], %[c1], %[x1] \n"
+	    "adc    %[r2], xzr, %[c2] \n"
+	    "adds   %[r0], %[r0], %[x0] \n"
+	    "adcs   %[r1], %[r1], %[x1] \n"
+	    "adc    %[r2], xzr, %[r2] \n"
+	    : [r2]"=&r"(r2), [r1]"=&r"(r1), [r0]"=&r"(r0), [x1]"=&r"(x1),
+		[x0]"=&r"(x0)
+	    : [a]"r"(a), [b]"r"(b), [c2]"r"(c2), [c1]"r"(c1), [c0]"r"(c0)
+	    : "cc");
+
+	*out_r2 = r2;
+	*out_r1 = r1;
+	*out_r0 = r0;
+}
+
 #define HAVE_BN_QWMULW_ADDW
 
 static inline void

lib/libcrypto/bn/bn_mont.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mont.c,v 1.59 2023/04/30 05:21:20 tb Exp $ */
+/* $OpenBSD: bn_mont.c,v 1.60 2023/06/17 14:43:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -327,6 +327,36 @@ bn_mod_mul_montgomery_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 	return ret;
 }
 
+static void
+bn_montgomery_multiply_word(const BN_ULONG *ap, BN_ULONG b, const BN_ULONG *np,
+    BN_ULONG *tp, BN_ULONG w, BN_ULONG *carry_a, BN_ULONG *carry_n, int n_len)
+{
+	BN_ULONG x3, x2, x1, x0;
+
+	*carry_a = *carry_n = 0;
+
+	while (n_len & ~3) {
+		bn_qwmulw_addqw_addw(ap[3], ap[2], ap[1], ap[0], b,
+		    tp[3], tp[2], tp[1], tp[0], *carry_a, carry_a,
+		    &x3, &x2, &x1, &x0);
+		bn_qwmulw_addqw_addw(np[3], np[2], np[1], np[0], w,
+		    x3, x2, x1, x0, *carry_n, carry_n,
+		    &tp[3], &tp[2], &tp[1], &tp[0]);
+		ap += 4;
+		np += 4;
+		tp += 4;
+		n_len -= 4;
+	}
+	while (n_len > 0) {
+		bn_mulw_addw_addw(ap[0], b, tp[0], *carry_a, carry_a, &x0);
+		bn_mulw_addw_addw(np[0], w, x0, *carry_n, carry_n, &tp[0]);
+		ap++;
+		np++;
+		tp++;
+		n_len--;
+	}
+}
+
 /*
  * bn_montgomery_multiply_words() computes r = aR * bR * R^-1 = abR for the
  * given word arrays. The caller must ensure that rp, ap, bp and np are all
@@ -336,10 +366,10 @@ void
 bn_montgomery_multiply_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
     const BN_ULONG *np, BN_ULONG *tp, BN_ULONG n0, int n_len)
 {
-	BN_ULONG a0, b, carry_a, carry_n, carry, mask, w, x;
+	BN_ULONG a0, b, carry_a, carry_n, carry, mask, w;
-	int i, j;
+	int i;
 
-	carry_a = carry_n = carry = 0;
+	carry = 0;
 
 	for (i = 0; i < n_len; i++)
 		tp[i] = 0;
@@ -349,15 +379,12 @@ bn_montgomery_multiply_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *b
 	for (i = 0; i < n_len; i++) {
 		b = bp[i];
 
-		/* Compute new t[0] * n0, as we need it inside the loop. */
+		/* Compute new t[0] * n0, as we need it for this iteration. */
 		w = (a0 * b + tp[0]) * n0;
 
-		for (j = 0; j < n_len; j++) {
+		bn_montgomery_multiply_word(ap, b, np, tp, w, &carry_a,
-			bn_mulw_addw_addw(ap[j], b, tp[j], carry_a, &carry_a, &x);
+		    &carry_n, n_len);
-			bn_mulw_addw_addw(np[j], w, x, carry_n, &carry_n, &tp[j]);
-		}
 		bn_addw_addw(carry_a, carry_n, carry, &carry, &tp[n_len]);
-		carry_a = carry_n = 0;
 
 		tp++;
 	}

lib/libtls/tls.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.96 2023/05/25 07:46:21 op Exp $ */
+/* $OpenBSD: tls.c,v 1.97 2023/06/18 11:43:03 op Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -389,7 +389,7 @@ static int
 tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey)
 {
 	RSA_METHOD *rsa_method;
-	ECDSA_METHOD *ecdsa_method;
+	EC_KEY_METHOD *ecdsa_method;
 	RSA *rsa = NULL;
 	EC_KEY *eckey = NULL;
 	int ret = -1;
@@ -427,15 +427,15 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p
 		break;
 	case EVP_PKEY_EC:
 		if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
-		    ECDSA_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
+		    EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
 			tls_set_errorx(ctx, "EC key setup failure");
 			goto err;
 		}
 		if (ctx->config->sign_cb != NULL) {
 			ecdsa_method = tls_signer_ecdsa_method();
 			if (ecdsa_method == NULL ||
-			    ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 ||
+			    EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 ||
-			    ECDSA_set_method(eckey, ecdsa_method) == 0) {
+			    EC_KEY_set_method(eckey, ecdsa_method) == 0) {
 				tls_set_errorx(ctx, "failed to setup EC key");
 				goto err;
 			}

lib/libtls/tls_internal.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.81 2023/04/09 18:26:26 tb Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.82 2023/06/18 11:43:03 op Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -298,7 +298,7 @@ int tls_cert_pubkey_hash(X509 *_cert, char **_hash);
 int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
 
 RSA_METHOD *tls_signer_rsa_method(void);
-ECDSA_METHOD *tls_signer_ecdsa_method(void);
+EC_KEY_METHOD *tls_signer_ecdsa_method(void);
 
 #define TLS_PADDING_NONE			0
 #define TLS_PADDING_RSA_PKCS1			1

lib/libtls/tls_signer.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.5 2023/04/09 18:26:26 tb Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.6 2023/06/18 11:43:03 op Exp $ */
 /*
  * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
  *
@@ -419,26 +419,21 @@ tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
 	return (NULL);
 }
 
-ECDSA_METHOD *
+EC_KEY_METHOD *
 tls_signer_ecdsa_method(void)
 {
-	static ECDSA_METHOD *ecdsa_method = NULL;
+	static EC_KEY_METHOD *ecdsa_method = NULL;
 
 	pthread_mutex_lock(&signer_method_lock);
 
 	if (ecdsa_method != NULL)
 		goto out;
 
-	ecdsa_method = calloc(1, sizeof(*ecdsa_method));
+	ecdsa_method = EC_KEY_METHOD_new(NULL);
 	if (ecdsa_method == NULL)
 		goto out;
 
-	ecdsa_method->ecdsa_do_sign = tls_ecdsa_do_sign;
+	EC_KEY_METHOD_set_sign(ecdsa_method, NULL, NULL, tls_ecdsa_do_sign);
-	ecdsa_method->name = strdup("libtls ECDSA method");
-	if (ecdsa_method->name == NULL) {
-		free(ecdsa_method);
-		ecdsa_method = NULL;
-	}
 
  out:
 	pthread_mutex_unlock(&signer_method_lock);

sbin/iked/ca.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ca.c,v 1.92 2023/05/23 13:12:19 claudio Exp $	*/
+/*	$OpenBSD: ca.c,v 1.93 2023/06/17 22:33:34 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -560,9 +560,9 @@ ca_getcert(struct iked *env, struct imsg *imsg)
 	iov[2].iov_base = ptr;
 	iov[2].iov_len = len;
 
-	if (proc_composev(&env->sc_ps, PROC_IKEV2, cmd, iov, iovcnt) == -1)
+	ret = proc_composev(&env->sc_ps, PROC_IKEV2, cmd, iov, iovcnt);
-		return (-1);
+	ibuf_free(key.id_buf);
-	return (0);
+	return (ret);
 }
 
 static unsigned int

share/man/man1/dpb.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: dpb.1,v 1.33 2023/05/29 21:13:24 aisha Exp $
+.\"	$OpenBSD: dpb.1,v 1.34 2023/06/17 19:35:54 espie Exp $
 .\"
 .\" Copyright (c) 2010-2013 Marc Espie <espie@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: May 29 2023 $
+.Dd $Mdocdate: June 17 2023 $
 .Dt DPB 1
 .Os
 .Sh NAME
@@ -124,6 +124,18 @@ be shared on the cluster.
 Some log files ("rolling logs") are kept from one run to the run and
 stored under
 .Pa ${DISTDIR}/build-stats .
+On each run, the most recent entries for each pkgpath
+.Po
+see
+.Ar STATS_USED
+.Pc
+are used to figure out in which order things should be built.
+Meanwhile, some more entries are kept around
+.Po
+see
+.Ar STATS_BACKLOG
+.Pc
+for potential data analysis over longer periods.
 .Pp
 Option
 .Fl h Ar file
@@ -184,7 +196,7 @@ for preparing such an environment.
 .It Fl b Ar logfile
 Explicitly prime the heuristics module with a previous build log,
 so that packages that take a long time to build will happen earlier.
-The rolling log under
+The rolling log file under
 .Pa %f/build-stats/%a
 is automatically used.
 .It Fl C Ar pathlist
@@ -347,6 +359,17 @@ Defaults to
 can be set to nothing to disable.
 .It Ar STARTUP
 Define a start-up script on the command-line, override any host file contents.
+.It Ar STATS_BACKLOG
+Max number of stats (per individual pkgpath) to save in the rolling log file
+.Po
+defaults to 25
+.Pc .
+.It Ar STATS_USED
+Clamp number of stats (per individual pkgpath) used for computing build
+order
+.Po
+defaults to 10
+.Pc .
 .It Ar STUCK_TIMEOUT
 Timeout (in seconds * speed factor) after which tasks that don't show
 any progress will be killed.
@@ -686,7 +709,7 @@ as an initial workdir size log.
 .It Fl s
 Compute workdir sizes before cleaning up, and stash them in log file
 .Pa %L/size.log .
-Also maintain a rolling log of build sizes under
+This will also maintain a rolling log of build sizes under
 .Pa %f/build-stats/%a-size .
 In order to save time,
 .Nm
@@ -1265,7 +1288,14 @@ They should be readable for the
 .Nm
 also records rolling build statistics under
 .Pa ${DISTDIR}/build-stats/${ARCH} ,
-and uses them automatically in the absence of
+and uses them automatically
+.Po
+see
+.Ar STATS_BACKLOG
+and
+.Ar STATS_USED
+.Pc
+in the absence of
 .Fl b Ar logfile .
 That file belongs to the
 .Ar LOG_USER

sys/arch/arm64/dev/agintc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: agintc.c,v 1.48 2023/04/25 10:35:48 patrick Exp $ */
+/* $OpenBSD: agintc.c,v 1.49 2023/06/17 22:10:19 kettenis Exp $ */
 /*
  * Copyright (c) 2007, 2009, 2011, 2017 Dale Rahn <drahn@dalerahn.com>
  * Copyright (c) 2018 Mark Kettenis <kettenis@openbsd.org>
@@ -1962,6 +1962,9 @@ agintc_intr_disestablish_msi(void *cookie)
 {
 	agintc_intr_disestablish(*(void **)cookie);
 	*(void **)cookie = NULL;
+
+	/* Invalidate cache. */
+	agintc_msi_invall();
 }
 
 void

usr.sbin/lpr/lpd/lpd.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: lpd.8,v 1.32 2022/10/10 09:13:43 jsg Exp $
+.\"	$OpenBSD: lpd.8,v 1.33 2023/06/17 15:35:08 jmc Exp $
 .\"	$NetBSD: lpd.8,v 1.23 2002/02/08 01:38:50 ross Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)lpd.8	8.3 (Berkeley) 4/19/94
 .\"
-.Dd $Mdocdate: October 10 2022 $
+.Dd $Mdocdate: June 17 2023 $
 .Dt LPD 8
 .Os
 .Sh NAME
@@ -242,7 +242,7 @@ The file contains troff output (cat phototypesetter commands).
 .It n
 Ditroff File.
 The file contains device independent troff output.
-.It r
+.It d
 DVI File.
 The file contains
 .Tn Tex l

usr.sbin/smtpd/ca.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ca.c,v 1.43 2023/03/26 18:11:48 tb Exp $	*/
+/*	$OpenBSD: ca.c,v 1.44 2023/06/18 11:43:49 op Exp $	*/
 
 /*
  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -47,10 +47,17 @@ static int	 rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *,
 static int	 rsae_init(RSA *);
 static int	 rsae_finish(RSA *);
 static int	 rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
+static int	 ecdsae_keygen(EC_KEY *);
+static int	 ecdsae_compute_key(void *, size_t, const EC_POINT *, EC_KEY *,
+		    void *(*)(const void *, size_t, void *, size_t *));
+static int	 ecdsae_sign(int, const unsigned char *, int, unsigned char *,
+		    unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *);
 
 static ECDSA_SIG *ecdsae_do_sign(const unsigned char *, int, const BIGNUM *,
     const BIGNUM *, EC_KEY *);
 static int ecdsae_sign_setup(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **);
+static int ecdsae_verify(int, const unsigned char *, int, const unsigned char *,
+    int, EC_KEY *);
 static int ecdsae_do_verify(const unsigned char *, int, const ECDSA_SIG *,
     EC_KEY *);
 
@@ -492,29 +499,9 @@ rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
  * ECDSA privsep engine (called from unprivileged processes)
  */
 
-const ECDSA_METHOD *ecdsa_default = NULL;
+const EC_KEY_METHOD *ecdsa_default = NULL;
 
-static ECDSA_METHOD *ecdsae_method = NULL;
+static EC_KEY_METHOD *ecdsae_method = NULL;
-
-ECDSA_METHOD *
-ECDSA_METHOD_new_temporary(const char *name, int);
-
-ECDSA_METHOD *
-ECDSA_METHOD_new_temporary(const char *name, int flags)
-{
-	ECDSA_METHOD	*ecdsa;
-
-	if ((ecdsa = calloc(1, sizeof (*ecdsa))) == NULL)
-		return NULL;
-
-	if ((ecdsa->name = strdup(name)) == NULL) {
-		free(ecdsa);
-		return NULL;
-	}
-
-	ecdsa->flags = flags;
-	return ecdsa;
-}
 
 static ECDSA_SIG *
 ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
@@ -531,7 +518,7 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
 	uint64_t	 id;
 	ECDSA_SIG	*sig = NULL;
 
-	if ((hash = ECDSA_get_ex_data(eckey, 0)) == NULL)
+	if ((hash = EC_KEY_get_ex_data(eckey, 0)) == NULL)
 		return (0);
 
 	/*
@@ -590,30 +577,86 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
 	return (sig);
 }
 
-ECDSA_SIG *
+static int
-ecdsae_do_sign(const unsigned char *dgst, int dgst_len,
+ecdsae_keygen(EC_KEY *eckey)
-    const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)
 {
+	int (*keygen)(EC_KEY *);
+
 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
-	if (ECDSA_get_ex_data(eckey, 0) != NULL)
+	EC_KEY_METHOD_get_keygen(ecdsa_default, &keygen);
+	return (keygen(eckey));
+}
+
+static int
+ecdsae_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+    EC_KEY *ecdh, void *(*kdf)(const void *, size_t, void *, size_t *))
+{
+	int (*ckey)(void *, size_t, const EC_POINT *, EC_KEY *,
+	    void *(*)(const void *, size_t, void *, size_t *));
+
+	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+	EC_KEY_METHOD_get_compute_key(ecdsa_default, &ckey);
+	return (ckey(out, outlen, pub_key, ecdh, kdf));
+}
+
+static int
+ecdsae_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+    unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
+{
+	int (*sign)(int, const unsigned char *, int, unsigned char *,
+	    unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *);
+
+	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+	EC_KEY_METHOD_get_sign(ecdsa_default, &sign, NULL, NULL);
+	return (sign(type, dgst, dlen, sig, siglen, kinv, r, eckey));
+}
+
+static ECDSA_SIG *
+ecdsae_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+    const BIGNUM *rp, EC_KEY *eckey)
+{
+	ECDSA_SIG *(*psign_sig)(const unsigned char *, int, const BIGNUM *,
+	    const BIGNUM *, EC_KEY *);
+
+	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+	if (EC_KEY_get_ex_data(eckey, 0) != NULL)
 		return (ecdsae_send_enc_imsg(dgst, dgst_len, inv, rp, eckey));
-	return (ecdsa_default->ecdsa_do_sign(dgst, dgst_len, inv, rp, eckey));
+	EC_KEY_METHOD_get_sign(ecdsa_default, NULL, NULL, &psign_sig);
+	return (psign_sig(dgst, dgst_len, inv, rp, eckey));
 }
 
-int
+static int
-ecdsae_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
+ecdsae_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r)
-    BIGNUM **r)
 {
+	int (*psign_setup)(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **);
+
 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
-	return (ecdsa_default->ecdsa_sign_setup(eckey, ctx, kinv, r));
+	EC_KEY_METHOD_get_sign(ecdsa_default, NULL, &psign_setup, NULL);
+	return (psign_setup(eckey, ctx, kinv, r));
 }
 
-int
+static int
+ecdsae_verify(int type, const unsigned char *dgst, int dgst_len,
+    const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+	int (*verify)(int, const unsigned char *, int, const unsigned char *,
+	    int, EC_KEY *);
+
+	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+	EC_KEY_METHOD_get_verify(ecdsa_default, &verify, NULL);
+	return (verify(type, dgst, dgst_len, sigbuf, sig_len, eckey));
+}
+
+static int
 ecdsae_do_verify(const unsigned char *dgst, int dgst_len,
     const ECDSA_SIG *sig, EC_KEY *eckey)
 {
+	int (*pverify_sig)(const unsigned char *, int, const ECDSA_SIG *,
+	    EC_KEY *);
+
 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
-	return (ecdsa_default->ecdsa_do_verify(dgst, dgst_len, sig, eckey));
+	EC_KEY_METHOD_get_verify(ecdsa_default, NULL, &pverify_sig);
+	return (pverify_sig(dgst, dgst_len, sig, eckey));
 }
 
 
@@ -694,30 +737,33 @@ ecdsa_engine_init(void)
 	ENGINE		*e;
 	const char	*errstr, *name;
 
-	if ((ecdsae_method = ECDSA_METHOD_new_temporary("ECDSA privsep engine", 0)) == NULL) {
+	if ((ecdsae_method = EC_KEY_METHOD_new(NULL)) == NULL) {
-		errstr = "ECDSA_METHOD_new_temporary";
+		errstr = "EC_KEY_METHOD_new";
 		goto fail;
 	}
 
-	ecdsae_method->ecdsa_do_sign = ecdsae_do_sign;
+	EC_KEY_METHOD_set_keygen(ecdsae_method, ecdsae_keygen);
-	ecdsae_method->ecdsa_sign_setup = ecdsae_sign_setup;
+	EC_KEY_METHOD_set_compute_key(ecdsae_method, ecdsae_compute_key);
-	ecdsae_method->ecdsa_do_verify = ecdsae_do_verify;
+	EC_KEY_METHOD_set_sign(ecdsae_method, ecdsae_sign, ecdsae_sign_setup,
+	    ecdsae_do_sign);
+	EC_KEY_METHOD_set_verify(ecdsae_method, ecdsae_verify,
+	    ecdsae_do_verify);
 
-	if ((e = ENGINE_get_default_ECDSA()) == NULL) {
+	if ((e = ENGINE_get_default_EC()) == NULL) {
 		if ((e = ENGINE_new()) == NULL) {
 			errstr = "ENGINE_new";
 			goto fail;
 		}
-		if (!ENGINE_set_name(e, ecdsae_method->name)) {
+		if (!ENGINE_set_name(e, "ECDSA privsep engine")) {
 			errstr = "ENGINE_set_name";
 			goto fail;
 		}
-		if ((ecdsa_default = ECDSA_get_default_method()) == NULL) {
+		if ((ecdsa_default = EC_KEY_get_default_method()) == NULL) {
-			errstr = "ECDSA_get_default_method";
+			errstr = "EC_KEY_get_default_method";
 			goto fail;
 		}
-	} else if ((ecdsa_default = ENGINE_get_ECDSA(e)) == NULL) {
+	} else if ((ecdsa_default = ENGINE_get_EC(e)) == NULL) {
-		errstr = "ENGINE_get_ECDSA";
+		errstr = "ENGINE_get_EC";
 		goto fail;
 	}
 
@@ -726,12 +772,12 @@ ecdsa_engine_init(void)
 
 	log_debug("debug: %s: using %s", __func__, name);
 
-	if (!ENGINE_set_ECDSA(e, ecdsae_method)) {
+	if (!ENGINE_set_EC(e, ecdsae_method)) {
-		errstr = "ENGINE_set_ECDSA";
+		errstr = "ENGINE_set_EC";
 		goto fail;
 	}
-	if (!ENGINE_set_default_ECDSA(e)) {
+	if (!ENGINE_set_default_EC(e)) {
-		errstr = "ENGINE_set_default_ECDSA";
+		errstr = "ENGINE_set_default_EC";
 		goto fail;
 	}
 

usr.sbin/vmd/vmd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmd.c,v 1.149 2023/05/13 23:15:28 dv Exp $	*/
+/*	$OpenBSD: vmd.c,v 1.150 2023/06/18 11:45:11 op Exp $	*/
 
 /*
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -874,7 +874,7 @@ main(int argc, char **argv)
 	log_setverbose(env->vmd_verbose);
 
 	/* Re-exec from the vmm child process requires an absolute path. */
-	if (proc_id == PROC_PARENT && *argv[0] != '/')
+	if (proc_id == PROC_PARENT && *argv[0] != '/' && !env->vmd_noaction)
 		fatalx("re-exec requires execution with an absolute path");
 	env->argv0 = argv[0];