sync with OpenBSD -current

distrib/sets/lists/comp/mi

@@ -1925,7 +1925,6 @@
 ./usr/share/man/man3/EVP_EncodeInit.3
 ./usr/share/man/man3/EVP_EncryptInit.3
 ./usr/share/man/man3/EVP_MD_CTX_ctrl.3
-./usr/share/man/man3/EVP_MD_meth_new.3
 ./usr/share/man/man3/EVP_MD_nid.3
 ./usr/share/man/man3/EVP_OpenInit.3
 ./usr/share/man/man3/EVP_PKCS82PKEY.3

lib/libcrypto/man/EVP_DigestInit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_DigestInit.3,v 1.31 2023/09/07 19:59:58 schwarze Exp $
+.\" $OpenBSD: EVP_DigestInit.3,v 1.32 2024/03/05 17:21:40 tb Exp $
 .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -70,7 +70,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 7 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_DIGESTINIT 3
 .Os
 .Sh NAME
@@ -533,7 +533,6 @@ main(int argc, char *argv[])
 .Xr EVP_DigestSignInit 3 ,
 .Xr EVP_DigestVerifyInit 3 ,
 .Xr EVP_MD_CTX_ctrl 3 ,
-.Xr EVP_MD_meth_new 3 ,
 .Xr EVP_MD_nid 3 ,
 .Xr EVP_PKEY_CTX_set_signature_md 3 ,
 .Xr EVP_PKEY_meth_set_signctx 3 ,

lib/libcrypto/man/EVP_MD_CTX_ctrl.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_MD_CTX_ctrl.3,v 1.2 2023/09/07 19:28:37 schwarze Exp $
+.\" $OpenBSD: EVP_MD_CTX_ctrl.3,v 1.3 2024/03/05 17:21:40 tb Exp $
 .\" full merge up to: OpenSSL man3/EVP_DigestInit.pod
 .\" 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 7 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_MD_CTX_CTRL 3
 .Os
 .Sh NAME
@@ -236,8 +236,8 @@ is assigned.
 .Fn EVP_MD_CTX_md_data
 returns the digest method private data of
 .Fa ctx .
-The space was allocated and its size set with
-.Xr EVP_MD_meth_set_app_datasize 3 .
+The space is allocated with a size determined at compile time.
+The size is not exposed by an API.
 .Sh RETURN VALUES
 .Fn EVP_MD_CTX_ctrl
 returns 1 for success or 0 for failure.
@@ -256,7 +256,6 @@ return pointers to storage owned by
 .Sh SEE ALSO
 .Xr evp 3 ,
 .Xr EVP_DigestInit 3 ,
-.Xr EVP_MD_meth_new 3 ,
 .Xr EVP_MD_nid 3
 .Sh HISTORY
 .Fn EVP_MD_CTX_set_flags ,

lib/libcrypto/man/EVP_MD_meth_new.3

@@ -1,352 +0,0 @@
-.\" $OpenBSD: EVP_MD_meth_new.3,v 1.5 2023/09/12 16:26:30 schwarze Exp $
-.\" selective merge up to:
-.\" OpenSSL man3/EVP_MD_meth_new 0388d212 Dec 14 12:47:07 2018 -0800
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Richard Levitte <levitte@openssl.org>
-.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: September 12 2023 $
-.Dt EVP_MD_METH_NEW 3
-.Os
-.Sh NAME
-.Nm EVP_MD_meth_dup ,
-.Nm EVP_MD_meth_new ,
-.Nm EVP_MD_meth_free ,
-.Nm EVP_MD_meth_set_input_blocksize ,
-.Nm EVP_MD_meth_set_result_size ,
-.Nm EVP_MD_meth_set_app_datasize ,
-.Nm EVP_MD_meth_set_flags ,
-.Nm EVP_MD_meth_set_init ,
-.Nm EVP_MD_meth_set_update ,
-.Nm EVP_MD_meth_set_final ,
-.Nm EVP_MD_meth_set_copy ,
-.Nm EVP_MD_meth_set_cleanup ,
-.Nm EVP_MD_meth_set_ctrl
-.Nd Routines to build up EVP_MD methods
-.Sh SYNOPSIS
-.In openssl/evp.h
-.Ft EVP_MD *
-.Fo EVP_MD_meth_new
-.Fa "int md_type"
-.Fa "int pkey_type"
-.Fc
-.Ft void
-.Fo EVP_MD_meth_free
-.Fa "EVP_MD *md"
-.Fc
-.Ft EVP_MD *
-.Fo EVP_MD_meth_dup
-.Fa "const EVP_MD *md"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_input_blocksize
-.Fa "EVP_MD *md"
-.Fa "int blocksize"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_result_size
-.Fa "EVP_MD *md"
-.Fa "int resultsize"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_app_datasize
-.Fa "EVP_MD *md"
-.Fa "int datasize"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_flags
-.Fa "EVP_MD *md"
-.Fa "unsigned long flags"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_init
-.Fa "EVP_MD *md"
-.Fa "int (*init)(EVP_MD_CTX *ctx)"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_update
-.Fa "EVP_MD *md"
-.Fa "int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_final
-.Fa "EVP_MD *md"
-.Fa "int (*final)(EVP_MD_CTX *ctx, unsigned char *md)"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_copy
-.Fa "EVP_MD *md"
-.Fa "int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_cleanup
-.Fa "EVP_MD *md"
-.Fa "int (*cleanup)(EVP_MD_CTX *ctx)"
-.Fc
-.Ft int
-.Fo EVP_MD_meth_set_ctrl
-.Fa "EVP_MD *md"
-.Fa "int (*control)(EVP_MD_CTX *ctx, int command, int p1, void *p2)"
-.Fc
-.Sh DESCRIPTION
-The
-.Vt EVP_MD
-type is a structure for digest method implementation.
-It can also have associated public/private key signing and verifying
-routines.
-.Pp
-.Fn EVP_MD_meth_new
-creates a new
-.Vt EVP_MD
-structure.
-.Pp
-.Fn EVP_MD_meth_dup
-creates a copy of
-.Fa md .
-.Pp
-.Fn EVP_MD_meth_free
-destroys a
-.Vt EVP_MD
-structure.
-.Pp
-.Fn EVP_MD_meth_set_input_blocksize
-sets the internal input block size for the method
-.Fa md
-to
-.Fa blocksize
-bytes.
-.Pp
-.Fn EVP_MD_meth_set_result_size
-sets the size of the result that the digest method in
-.Fa md
-is expected to produce to
-.Fa resultsize
-bytes.
-.Pp
-The digest method may have its own private data, which OpenSSL will
-allocate for it.
-.Fn EVP_MD_meth_set_app_datasize
-should be used to set the size for it to
-.Fa datasize .
-.Pp
-.Fn EVP_MD_meth_set_flags
-sets the flags to describe optional behaviours in the particular
-.Fa md .
-Several flags can be or'd together.
-The available flags are:
-.Bl -tag -width Ds
-.It Dv EVP_MD_FLAG_DIGALGID_NULL
-When setting up a
-.Vt DigestAlgorithmIdentifier
-with
-.Xr X509_ALGOR_set_md 3 ,
-set the parameter type to
-.Dv V_ASN1_NULL
-and the parameter value to
-.Dv NULL .
-This is the default, which means that it takes effect for
-.Vt EVP_MD
-objects that do not have
-.Dv EVP_MD_FLAG_DIGALGID_ABSENT
-set.
-Use this for PKCS#1.
-.It Dv EVP_MD_FLAG_DIGALGID_ABSENT
-When setting up a
-.Vt DigestAlgorithmIdentifier
-with
-.Xr X509_ALGOR_set_md 3 ,
-set the parameter type to
-.Dv V_ASN1_UNDEF
-and the parameter value to
-.Dv NULL .
-This is used by the
-.Vt EVP_MD
-objects documented in the manual page
-.Xr EVP_sha3_224 3
-and by the objects returned from
-.Xr EVP_sha512 3 ,
-.Xr EVP_sha512_256 3 ,
-.Xr EVP_sha512_224 3 ,
-.Xr EVP_sha384 3 ,
-.Xr EVP_sha256 3 ,
-.Xr EVP_sha224 3 ,
-.Xr EVP_sha1 3 ,
-and
-.Xr EVP_sm3 3 .
-.It Dv EVP_MD_FLAG_DIGALGID_CUSTOM
-This flag is reserved for user-defined
-.Vt EVP_MD
-objects supporting custom
-.Vt DigestAlgorithmIdentifier
-handling via
-.Xr EVP_MD_CTX_ctrl 3 ,
-but actually, it is ignored by both LibreSSL and OpenSSL
-and such user-defined behaviour is not supported by the libraries.
-.It Dv EVP_MD_FLAG_FIPS
-Mark the digest method as suitable for FIPS mode.
-This flag is ignored by both LibreSSL and OpenSSL.
-.It Dv EVP_MD_FLAG_ONESHOT
-Intended to indicate that the digest method can only handle one block
-of input, but actually, this flag is ignored by both LibreSSL and OpenSSL.
-.El
-.Pp
-.Fn EVP_MD_meth_set_init
-sets the digest init function for
-.Fa md .
-The digest init function is called by
-.Xr EVP_Digest 3 ,
-.Xr EVP_DigestInit 3 ,
-.Xr EVP_DigestInit_ex 3 ,
-EVP_SignInit,
-.Xr EVP_SignInit_ex 3 ,
-.Xr EVP_VerifyInit 3
-and
-.Xr EVP_VerifyInit_ex 3 .
-.Pp
-.Fn EVP_MD_meth_set_update
-sets the digest update function for
-.Fa md .
-The digest update function is called by
-.Xr EVP_Digest 3 ,
-.Xr EVP_DigestUpdate 3
-and
-.Xr EVP_SignUpdate 3 .
-.Pp
-.Fn EVP_MD_meth_set_final
-sets the digest final function for
-.Fa md .
-The digest final function is called by
-.Xr EVP_Digest 3 ,
-.Xr EVP_DigestFinal 3 ,
-.Xr EVP_DigestFinal_ex 3 ,
-.Xr EVP_SignFinal 3
-and
-.Xr EVP_VerifyFinal 3 .
-.Pp
-.Fn EVP_MD_meth_set_copy
-sets the function for
-.Fa md
-to do extra computations after the method's private data structure has
-been copied from one
-.Vt EVP_MD_CTX
-object to another.
-If all that's needed is to copy the data, there is no need for this copy
-function.
-The copy function is passed two
-.Vt EVP_MD_CTX
-objects, the private data structure is then available with
-.Xr EVP_MD_CTX_md_data 3 .
-This copy function is called by
-.Xr EVP_MD_CTX_copy 3
-and
-.Xr EVP_MD_CTX_copy_ex 3 .
-.Pp
-.Fn EVP_MD_meth_set_cleanup
-sets the function for
-.Fa md
-to do extra cleanup before the method's private data structure is
-cleaned out and freed.
-The cleanup function is passed an
-.Vt EVP_MD_CTX
-object, the private data structure is then available with
-.Xr EVP_MD_CTX_md_data 3 .
-This cleanup function is called by
-.Xr EVP_MD_CTX_reset 3
-and
-.Xr EVP_MD_CTX_free 3 .
-.Pp
-.Fn EVP_MD_meth_set_ctrl
-sets the
-.Fa control
-function for
-.Fa md .
-The
-.Fa control
-function supplied by the application program has to return 1 to indicate
-success, 0 to indicate failure, or \-1 if the
-.Fa command
-is not supported for this digest method.
-See
-.Xr EVP_MD_CTX_ctrl 3
-for the available
-.Fa command
-arguments.
-.Sh RETURN VALUES
-.Fn EVP_MD_meth_new
-and
-.Fn EVP_MD_meth_dup
-return a pointer to a newly created
-.Vt EVP_MD ,
-or NULL on failure.
-All
-.Fn EVP_MD_meth_set_*
-functions return 1.
-.Sh SEE ALSO
-.Xr EVP_DigestInit 3 ,
-.Xr EVP_SignInit 3 ,
-.Xr EVP_VerifyInit 3
-.Sh HISTORY
-All these functions
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 7.1 .

lib/libcrypto/man/EVP_MD_nid.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_MD_nid.3,v 1.3 2023/09/07 16:32:41 schwarze Exp $
+.\" $OpenBSD: EVP_MD_nid.3,v 1.4 2024/03/05 17:21:40 tb Exp $
 .\" full merge up to: OpenSSL man3/EVP_DigestInit.pod
 .\" 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 7 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_MD_NID 3
 .Os
 .Sh NAME
@@ -170,12 +170,56 @@ is configured to use.
 .Fn EVP_MD_flags
 returns the message digest flags used by
 .Fa md .
-The meaning of the flags is described in the
-.Xr EVP_MD_meth_set_flags 3
-manual page.
 Be careful to not confuse these flags with the unrelated
 message digest context flags that can be inspected with
 .Xr EVP_MD_CTX_test_flags 3 .
+The available flags are:
+.Bl -tag -width Ds
+.It Dv EVP_MD_FLAG_DIGALGID_NULL
+The parameters in a
+.Vt DigestAlgorithmIdentifier
+are encoded using an explicit ASN.1
+.Dv NULL
+rather than omitting them.
+This is the default, which means that it takes effect for
+.Vt EVP_MD
+objects that do not have
+.Dv EVP_MD_FLAG_DIGALGID_ABSENT
+set.
+.It Dv EVP_MD_FLAG_DIGALGID_ABSENT
+The parameters in a
+.Vt DigestAlgorithmIdentifier
+are omitted from the ASN.1 encoding.
+This is used by the
+.Vt EVP_MD
+objects documented in the manual page
+.Xr EVP_sha3_224 3
+and by the objects returned from
+.Xr EVP_sha512 3 ,
+.Xr EVP_sha512_256 3 ,
+.Xr EVP_sha512_224 3 ,
+.Xr EVP_sha384 3 ,
+.Xr EVP_sha256 3 ,
+.Xr EVP_sha224 3 ,
+.Xr EVP_sha1 3 ,
+and
+.Xr EVP_sm3 3 .
+.It Dv EVP_MD_FLAG_DIGALGID_CUSTOM
+This flag is reserved for user-defined
+.Vt EVP_MD
+objects supporting custom
+.Vt DigestAlgorithmIdentifier
+handling via
+.Xr EVP_MD_CTX_ctrl 3 ,
+but actually, it is ignored by both LibreSSL and OpenSSL
+and such user-defined behaviour is not supported by the libraries.
+.It Dv EVP_MD_FLAG_FIPS
+Mark the digest method as suitable for FIPS mode.
+This flag is ignored by both LibreSSL and OpenSSL.
+.It Dv EVP_MD_FLAG_ONESHOT
+Intended to indicate that the digest method can only handle one block
+of input, but actually, this flag is ignored by both LibreSSL and OpenSSL.
+.El
 .Pp
 .Fn EVP_MD_pkey_type
 returns the NID of the public key signing algorithm associated with this
@@ -224,6 +268,12 @@ return the digest or block size in bytes.
 .Xr EVP_DigestInit 3 ,
 .Xr EVP_MD_CTX_ctrl 3 ,
 .Xr OBJ_nid2obj 3
+.Sh STANDARDS
+RFC 5754: Using SHA2 Algorithms with Cryptographic Message Syntax
+.Bl -dash -compact -offset indent
+.It
+section 2: Message Digest Algorithms
+.El
 .Sh HISTORY
 .Fn EVP_MD_size
 first appeared in SSLeay 0.6.6,

lib/libcrypto/man/EVP_sha1.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_sha1.3,v 1.1 2023/08/27 15:33:08 schwarze Exp $
+.\" $OpenBSD: EVP_sha1.3,v 1.2 2024/03/05 17:21:40 tb Exp $
 .\"
 .\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 27 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_SHA1 3
 .Os
 .Sh NAME
@@ -67,8 +67,7 @@ These functions return pointers to static
 objects implementing the hash functions.
 .Sh SEE ALSO
 .Xr evp 3 ,
-.Xr EVP_DigestInit 3 ,
-.Xr EVP_MD_meth_new 3
+.Xr EVP_DigestInit 3
 .Sh STANDARDS
 .Rs
 .%A T. Polk

lib/libcrypto/man/EVP_sha3_224.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_sha3_224.3,v 1.2 2023/08/15 11:54:38 schwarze Exp $
+.\" $OpenBSD: EVP_sha3_224.3,v 1.3 2024/03/05 17:21:40 tb Exp $
 .\" selective merge up to: OpenSSL bbda8ce9 Oct 31 15:43:01 2017 +0800
 .\"
 .\" This file was written by Ronald Tse <ronald.tse@ribose.com>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 15 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_SHA3_224 3
 .Os
 .Sh NAME
@@ -86,7 +86,6 @@ These functions return pointers to static
 objects implementing the hash functions.
 .Sh SEE ALSO
 .Xr evp 3 ,
-.Xr EVP_DigestInit 3 ,
-.Xr EVP_MD_meth_new 3
+.Xr EVP_DigestInit 3
 .Sh STANDARDS
 NIST FIPS 202

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.283 2024/03/04 19:04:47 tb Exp $
+# $OpenBSD: Makefile,v 1.284 2024/03/05 17:21:40 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -170,7 +170,6 @@ MAN=	\
 	EVP_EncodeInit.3 \
 	EVP_EncryptInit.3 \
 	EVP_MD_CTX_ctrl.3 \
-	EVP_MD_meth_new.3 \
 	EVP_MD_nid.3 \
 	EVP_OpenInit.3 \
 	EVP_PKCS82PKEY.3 \

lib/libcrypto/man/evp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.27 2024/03/04 19:04:47 tb Exp $
+.\" $OpenBSD: evp.3,v 1.28 2024/03/05 17:21:40 tb Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 4 2024 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP 3
 .Os
 .Sh NAME
@@ -186,7 +186,6 @@ family of functions provides base64 encoding and decoding.
 .Xr EVP_EncodeInit 3 ,
 .Xr EVP_EncryptInit 3 ,
 .Xr EVP_MD_CTX_ctrl 3 ,
-.Xr EVP_MD_meth_new 3 ,
 .Xr EVP_MD_nid 3 ,
 .Xr EVP_OpenInit 3 ,
 .Xr EVP_PKCS82PKEY 3 ,

regress/libexec/ftpd/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.11 2021/05/09 14:26:45 jan Exp $
+#	$OpenBSD: Makefile,v 1.12 2024/03/05 07:01:40 anton Exp $
 
 .PHONY: setup-ftpd
 
@@ -41,6 +41,7 @@ regress:
 setup-ftpd:
 	${SUDO} pkill tcpserver || true
 	${SUDO} pkill ftpd || true
+	nc 127.0.0.1 21 >/dev/null 2>&1 || true
 	# start ftpd
 	${SUDO} ${TCPSERVER} 127.0.0.1 21 ${KTRACE} ${FTPD} -A & \
 	    timeout=$$(($$(date +%s) + 5)); \

sys/net/if_wg.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_wg.c,v 1.36 2024/01/18 08:46:41 mvs Exp $ */
+/*	$OpenBSD: if_wg.c,v 1.37 2024/03/05 17:48:01 mvs Exp $ */
 
 /*
  * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
@@ -150,8 +150,8 @@ struct wg_index {
 };
 
 struct wg_timers {
-	/* t_lock is for blocking wg_timers_event_* when setting t_disabled. */
-	struct rwlock		 t_lock;
+	/* t_mtx is for blocking wg_timers_event_* when setting t_disabled. */
+	struct mutex		 t_mtx;
 
 	int			 t_disabled;
 	int			 t_need_another_keepalive;
@@ -930,7 +930,7 @@ void
 wg_timers_init(struct wg_timers *t)
 {
 	bzero(t, sizeof(*t));
-	rw_init(&t->t_lock, "wg_timers");
+	mtx_init_flags(&t->t_mtx, IPL_NET, "wg_timers", 0);
 	mtx_init(&t->t_handshake_mtx, IPL_NET);
 
 	timeout_set(&t->t_new_handshake, wg_timers_run_new_handshake, t);
@@ -945,19 +945,19 @@ wg_timers_init(struct wg_timers *t)
 void
 wg_timers_enable(struct wg_timers *t)
 {
-	rw_enter_write(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	t->t_disabled = 0;
-	rw_exit_write(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 	wg_timers_run_persistent_keepalive(t);
 }
 
 void
 wg_timers_disable(struct wg_timers *t)
 {
-	rw_enter_write(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	t->t_disabled = 1;
 	t->t_need_another_keepalive = 0;
-	rw_exit_write(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 
 	timeout_del_barrier(&t->t_new_handshake);
 	timeout_del_barrier(&t->t_send_keepalive);
@@ -969,12 +969,12 @@ wg_timers_disable(struct wg_timers *t)
 void
 wg_timers_set_persistent_keepalive(struct wg_timers *t, uint16_t interval)
 {
-	rw_enter_read(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	if (!t->t_disabled) {
 		t->t_persistent_keepalive_interval = interval;
 		wg_timers_run_persistent_keepalive(t);
 	}
-	rw_exit_read(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 }
 
 int
@@ -1020,16 +1020,16 @@ wg_timers_event_data_sent(struct wg_timers *t)
 	int	msecs = NEW_HANDSHAKE_TIMEOUT * 1000;
 	msecs += arc4random_uniform(REKEY_TIMEOUT_JITTER);
 
-	rw_enter_read(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	if (!t->t_disabled && !timeout_pending(&t->t_new_handshake))
 		timeout_add_msec(&t->t_new_handshake, msecs);
-	rw_exit_read(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 }
 
 void
 wg_timers_event_data_received(struct wg_timers *t)
 {
-	rw_enter_read(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	if (!t->t_disabled) {
 		if (!timeout_pending(&t->t_send_keepalive))
 			timeout_add_sec(&t->t_send_keepalive,
@@ -1037,7 +1037,7 @@ wg_timers_event_data_received(struct wg_timers *t)
 		else
 			t->t_need_another_keepalive = 1;
 	}
-	rw_exit_read(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 }
 
 void
@@ -1055,11 +1055,11 @@ wg_timers_event_any_authenticated_packet_received(struct wg_timers *t)
 void
 wg_timers_event_any_authenticated_packet_traversal(struct wg_timers *t)
 {
-	rw_enter_read(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	if (!t->t_disabled && t->t_persistent_keepalive_interval > 0)
 		timeout_add_sec(&t->t_persistent_keepalive,
 		    t->t_persistent_keepalive_interval);
-	rw_exit_read(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 }
 
 void
@@ -1068,10 +1068,10 @@ wg_timers_event_handshake_initiated(struct wg_timers *t)
 	int	msecs = REKEY_TIMEOUT * 1000;
 	msecs += arc4random_uniform(REKEY_TIMEOUT_JITTER);
 
-	rw_enter_read(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	if (!t->t_disabled)
 		timeout_add_msec(&t->t_retry_handshake, msecs);
-	rw_exit_read(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 }
 
 void
@@ -1085,7 +1085,7 @@ wg_timers_event_handshake_responded(struct wg_timers *t)
 void
 wg_timers_event_handshake_complete(struct wg_timers *t)
 {
-	rw_enter_read(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	if (!t->t_disabled) {
 		mtx_enter(&t->t_handshake_mtx);
 		timeout_del(&t->t_retry_handshake);
@@ -1094,25 +1094,25 @@ wg_timers_event_handshake_complete(struct wg_timers *t)
 		mtx_leave(&t->t_handshake_mtx);
 		wg_timers_run_send_keepalive(t);
 	}
-	rw_exit_read(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 }
 
 void
 wg_timers_event_session_derived(struct wg_timers *t)
 {
-	rw_enter_read(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	if (!t->t_disabled)
 		timeout_add_sec(&t->t_zero_key_material, REJECT_AFTER_TIME * 3);
-	rw_exit_read(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 }
 
 void
 wg_timers_event_want_initiation(struct wg_timers *t)
 {
-	rw_enter_read(&t->t_lock);
+	mtx_enter(&t->t_mtx);
 	if (!t->t_disabled)
 		wg_timers_run_send_initiation(t, 0);
-	rw_exit_read(&t->t_lock);
+	mtx_leave(&t->t_mtx);
 }
 
 void

sys/net/wg_noise.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: wg_noise.c,v 1.6 2023/02/03 18:31:17 miod Exp $ */
+/*	$OpenBSD: wg_noise.c,v 1.7 2024/03/05 17:48:01 mvs Exp $ */
 /*
  * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
  * Copyright (C) 2019-2020 Matt Dunwoodie <ncon@noconroy.net>
@@ -20,6 +20,7 @@
 #include <sys/systm.h>
 #include <sys/param.h>
 #include <sys/atomic.h>
+#include <sys/mutex.h>
 #include <sys/rwlock.h>
 
 #include <crypto/blake2s.h>
@@ -139,7 +140,7 @@ noise_remote_init(struct noise_remote *r, uint8_t public[NOISE_PUBLIC_KEY_LEN],
 	bzero(r, sizeof(*r));
 	memcpy(r->r_public, public, NOISE_PUBLIC_KEY_LEN);
 	rw_init(&r->r_handshake_lock, "noise_handshake");
-	rw_init(&r->r_keypair_lock, "noise_keypair");
+	mtx_init_flags(&r->r_keypair_mtx, IPL_NET, "noise_keypair", 0);
 
 	SLIST_INSERT_HEAD(&r->r_unused_keypairs, &r->r_keypair[0], kp_entry);
 	SLIST_INSERT_HEAD(&r->r_unused_keypairs, &r->r_keypair[1], kp_entry);
@@ -468,10 +469,10 @@ noise_remote_begin_session(struct noise_remote *r)
 	kp.kp_remote_index = hs->hs_remote_index;
 	getnanouptime(&kp.kp_birthdate);
 	bzero(&kp.kp_ctr, sizeof(kp.kp_ctr));
-	rw_init(&kp.kp_ctr.c_lock, "noise_counter");
+	mtx_init_flags(&kp.kp_ctr.c_mtx, IPL_NET, "noise_counter", 0);
 
 	/* Now we need to add_new_keypair */
-	rw_enter_write(&r->r_keypair_lock);
+	mtx_enter(&r->r_keypair_mtx);
 	next = r->r_next;
 	current = r->r_current;
 	previous = r->r_previous;
@@ -497,7 +498,7 @@ noise_remote_begin_session(struct noise_remote *r)
 		r->r_next = noise_remote_keypair_allocate(r);
 		*r->r_next = kp;
 	}
-	rw_exit_write(&r->r_keypair_lock);
+	mtx_leave(&r->r_keypair_mtx);
 
 	explicit_bzero(&r->r_handshake, sizeof(r->r_handshake));
 	rw_exit_write(&r->r_handshake_lock);
@@ -514,25 +515,25 @@ noise_remote_clear(struct noise_remote *r)
 	explicit_bzero(&r->r_handshake, sizeof(r->r_handshake));
 	rw_exit_write(&r->r_handshake_lock);
 
-	rw_enter_write(&r->r_keypair_lock);
+	mtx_enter(&r->r_keypair_mtx);
 	noise_remote_keypair_free(r, r->r_next);
 	noise_remote_keypair_free(r, r->r_current);
 	noise_remote_keypair_free(r, r->r_previous);
 	r->r_next = NULL;
 	r->r_current = NULL;
 	r->r_previous = NULL;
-	rw_exit_write(&r->r_keypair_lock);
+	mtx_leave(&r->r_keypair_mtx);
 }
 
 void
 noise_remote_expire_current(struct noise_remote *r)
 {
-	rw_enter_write(&r->r_keypair_lock);
+	mtx_enter(&r->r_keypair_mtx);
 	if (r->r_next != NULL)
 		r->r_next->kp_valid = 0;
 	if (r->r_current != NULL)
 		r->r_current->kp_valid = 0;
-	rw_exit_write(&r->r_keypair_lock);
+	mtx_leave(&r->r_keypair_mtx);
 }
 
 int
@@ -541,7 +542,7 @@ noise_remote_ready(struct noise_remote *r)
 	struct noise_keypair *kp;
 	int ret;
 
-	rw_enter_read(&r->r_keypair_lock);
+	mtx_enter(&r->r_keypair_mtx);
 	/* kp_ctr isn't locked here, we're happy to accept a racy read. */
 	if ((kp = r->r_current) == NULL ||
 	    !kp->kp_valid ||
@@ -551,7 +552,7 @@ noise_remote_ready(struct noise_remote *r)
 		ret = EINVAL;
 	else
 		ret = 0;
-	rw_exit_read(&r->r_keypair_lock);
+	mtx_leave(&r->r_keypair_mtx);
 	return ret;
 }
 
@@ -562,7 +563,7 @@ noise_remote_encrypt(struct noise_remote *r, uint32_t *r_idx, uint64_t *nonce,
 	struct noise_keypair *kp;
 	int ret = EINVAL;
 
-	rw_enter_read(&r->r_keypair_lock);
+	mtx_enter(&r->r_keypair_mtx);
 	if ((kp = r->r_current) == NULL)
 		goto error;
 
@@ -601,7 +602,7 @@ noise_remote_encrypt(struct noise_remote *r, uint32_t *r_idx, uint64_t *nonce,
 
 	ret = 0;
 error:
-	rw_exit_read(&r->r_keypair_lock);
+	mtx_leave(&r->r_keypair_mtx);
 	return ret;
 }
 
@@ -616,7 +617,7 @@ noise_remote_decrypt(struct noise_remote *r, uint32_t r_idx, uint64_t nonce,
 	 * attempt the current keypair first as that is most likely. We also
 	 * want to make sure that the keypair is valid as it would be
 	 * catastrophic to decrypt against a zero'ed keypair. */
-	rw_enter_read(&r->r_keypair_lock);
+	mtx_enter(&r->r_keypair_mtx);
 
 	if (r->r_current != NULL && r->r_current->kp_local_index == r_idx) {
 		kp = r->r_current;
@@ -651,8 +652,6 @@ noise_remote_decrypt(struct noise_remote *r, uint32_t r_idx, uint64_t nonce,
 	 * we skip the REKEY_AFTER_TIME_RECV check. This is safe to do as a
 	 * data packet can't confirm a session that we are an INITIATOR of. */
 	if (kp == r->r_next) {
-		rw_exit_read(&r->r_keypair_lock);
-		rw_enter_write(&r->r_keypair_lock);
 		if (kp == r->r_next && kp->kp_local_index == r_idx) {
 			noise_remote_keypair_free(r, r->r_previous);
 			r->r_previous = r->r_current;
@@ -662,7 +661,6 @@ noise_remote_decrypt(struct noise_remote *r, uint32_t r_idx, uint64_t nonce,
 			ret = ECONNRESET;
 			goto error;
 		}
-		rw_enter(&r->r_keypair_lock, RW_DOWNGRADE);
 	}
 
 	/* Similar to when we encrypt, we want to notify the caller when we
@@ -680,7 +678,7 @@ noise_remote_decrypt(struct noise_remote *r, uint32_t r_idx, uint64_t nonce,
 	ret = 0;
 
 error:
-	rw_exit(&r->r_keypair_lock);
+	mtx_leave(&r->r_keypair_mtx);
 	return ret;
 }
 
@@ -731,9 +729,9 @@ noise_counter_send(struct noise_counter *ctr)
 	return atomic_inc_long_nv((u_long *)&ctr->c_send) - 1;
 #else
 	uint64_t ret;
-	rw_enter_write(&ctr->c_lock);
+	mtx_enter(&ctr->c_mtx);
 	ret = ctr->c_send++;
-	rw_exit_write(&ctr->c_lock);
+	mtx_leave(&ctr->c_mtx);
 	return ret;
 #endif
 }
@@ -745,7 +743,7 @@ noise_counter_recv(struct noise_counter *ctr, uint64_t recv)
 	unsigned long bit;
 	int ret = EEXIST;
 
-	rw_enter_write(&ctr->c_lock);
+	mtx_enter(&ctr->c_mtx);
 
 	/* Check that the recv counter is valid */
 	if (ctr->c_recv >= REJECT_AFTER_MESSAGES ||
@@ -779,7 +777,7 @@ noise_counter_recv(struct noise_counter *ctr, uint64_t recv)
 
 	ret = 0;
 error:
-	rw_exit_write(&ctr->c_lock);
+	mtx_leave(&ctr->c_mtx);
 	return ret;
 }
 
@@ -976,7 +974,7 @@ noise_timer_expired(struct timespec *birthdate, time_t sec, long nsec)
 #define T_LIM (COUNTER_WINDOW_SIZE + 1)
 #define T_INIT do {				\
 	bzero(&ctr, sizeof(ctr));		\
-	rw_init(&ctr.c_lock, "counter");	\
+	mtx_init_flags(&ctr.c_mtx, IPL_NET, "counter", 0);	\
 } while (0)
 #define T(num, v, e) do {						\
 	if (noise_counter_recv(&ctr, v) != e) {				\

sys/net/wg_noise.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: wg_noise.h,v 1.2 2020/12/09 05:53:33 tb Exp $ */
+/*	$OpenBSD: wg_noise.h,v 1.3 2024/03/05 17:48:01 mvs Exp $ */
 /*
  * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
  * Copyright (C) 2019-2020 Matt Dunwoodie <ncon@noconroy.net>
@@ -21,6 +21,7 @@
 
 #include <sys/types.h>
 #include <sys/time.h>
+#include <sys/mutex.h>
 #include <sys/rwlock.h>
 
 #include <crypto/blake2s.h>
@@ -71,7 +72,7 @@ struct noise_handshake {
 };
 
 struct noise_counter {
-	struct rwlock		 c_lock;
+	struct mutex		 c_mtx;
 	uint64_t		 c_send;
 	uint64_t		 c_recv;
 	unsigned long		 c_backtrack[COUNTER_NUM];
@@ -100,7 +101,7 @@ struct noise_remote {
 	uint8_t				 r_timestamp[NOISE_TIMESTAMP_LEN];
 	struct timespec			 r_last_init; /* nanouptime */
 
-	struct rwlock			 r_keypair_lock;
+	struct mutex			 r_keypair_mtx;
 	SLIST_HEAD(,noise_keypair)	 r_unused_keypairs;
 	struct noise_keypair		*r_next, *r_current, *r_previous;
 	struct noise_keypair		 r_keypair[3]; /* 3: next, current, previous. */

sys/netinet/ip_divert.c

@@ -1,4 +1,4 @@
-/*      $OpenBSD: ip_divert.c,v 1.94 2024/02/11 18:14:26 mvs Exp $ */
+/*      $OpenBSD: ip_divert.c,v 1.95 2024/03/05 09:45:13 bluhm Exp $ */
 
 /*
  * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
@@ -100,21 +100,19 @@ divert_output(struct inpcb *inp, struct mbuf *m, struct mbuf *nam,
 	if ((error = in_nam2sin(nam, &sin)))
 		goto fail;
 
-	/* Do basic sanity checks. */
-	if (m->m_pkthdr.len < sizeof(struct ip))
+	if (m->m_pkthdr.len > IP_MAXPACKET) {
+		error = EMSGSIZE;
 		goto fail;
-	if ((m = m_pullup(m, sizeof(struct ip))) == NULL) {
-		/* m_pullup() has freed the mbuf, so just return. */
-		divstat_inc(divs_errors);
-		return (ENOBUFS);
 	}
+
+	m = rip_chkhdr(m, NULL);
+	if (m == NULL) {
+		error = EINVAL;
+		goto fail;
+	}
+
 	ip = mtod(m, struct ip *);
-	if (ip->ip_v != IPVERSION)
-		goto fail;
 	off = ip->ip_hl << 2;
-	if (off < sizeof(struct ip) || ntohs(ip->ip_len) < off ||
-	    m->m_pkthdr.len < ntohs(ip->ip_len))
-		goto fail;
 
 	dir = (sin->sin_addr.s_addr == INADDR_ANY ? PF_OUT : PF_IN);
 
@@ -135,8 +133,10 @@ divert_output(struct inpcb *inp, struct mbuf *m, struct mbuf *nam,
 		min_hdrlen = 0;
 		break;
 	}
-	if (min_hdrlen && m->m_pkthdr.len < off + min_hdrlen)
+	if (min_hdrlen && m->m_pkthdr.len < off + min_hdrlen) {
+		error = EINVAL;
 		goto fail;
+	}
 
 	m->m_pkthdr.pf.flags |= PF_TAG_DIVERTED_PACKET;
 
@@ -181,7 +181,7 @@ divert_output(struct inpcb *inp, struct mbuf *m, struct mbuf *nam,
 fail:
 	m_freem(m);
 	divstat_inc(divs_errors);
-	return (error ? error : EINVAL);
+	return (error);
 }
 
 void

sys/netinet/ip_var.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_var.h,v 1.113 2024/02/13 12:22:09 bluhm Exp $	*/
+/*	$OpenBSD: ip_var.h,v 1.114 2024/03/05 09:45:13 bluhm Exp $	*/
 /*	$NetBSD: ip_var.h,v 1.16 1996/02/13 23:43:20 christos Exp $	*/
 
 /*
@@ -261,6 +261,8 @@ void	 rip_init(void);
 int	 rip_input(struct mbuf **, int *, int, int);
 int	 rip_output(struct mbuf *, struct socket *, struct sockaddr *,
 	    struct mbuf *);
+struct mbuf *
+	 rip_chkhdr(struct mbuf *, struct mbuf *);
 int	 rip_attach(struct socket *, int, int);
 int	 rip_detach(struct socket *);
 void	 rip_lock(struct socket *);

sys/netinet/raw_ip.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: raw_ip.c,v 1.156 2024/02/11 18:14:26 mvs Exp $	*/
+/*	$OpenBSD: raw_ip.c,v 1.157 2024/03/05 09:45:13 bluhm Exp $	*/
 /*	$NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $	*/
 
 /*
@@ -128,8 +128,6 @@ rip_init(void)
 	in_pcbinit(&rawcbtable, 1);
 }
 
-struct mbuf	*rip_chkhdr(struct mbuf *, struct mbuf *);
-
 int
 rip_input(struct mbuf **mp, int *offp, int proto, int af)
 {

usr.bin/whois/whois.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: whois.1,v 1.38 2023/08/21 11:12:28 jsg Exp $
+.\"	$OpenBSD: whois.1,v 1.39 2024/03/05 16:06:32 millert Exp $
 .\"	$NetBSD: whois.1,v 1.5 1995/08/31 21:51:32 jtc Exp $
 .\"
 .\" Copyright (c) 1985, 1990, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)whois.1	8.2 (Berkeley) 6/20/94
 .\"
-.Dd $Mdocdate: August 21 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt WHOIS 1
 .Os
 .Sh NAME
@@ -130,37 +130,26 @@ Use the Internet Assigned Numbers Authority
 root zone database.
 It contains information about top-level domains.
 .It Fl i
-Use the Network Solutions Registry for Internet Numbers
-.Pq Tn whois.networksolutions.com
+Use the traditional Network Information Center (InterNIC)
+.Pq Tn whois.internic.net
 database.
-Historically, it contained network numbers and domain contact information
-for most of
+This now contains only registrations for domain names under
 .Tn \&.COM ,
 .Tn \&.NET ,
 .Tn \&.ORG
 and
-.Tn \&.EDU
-domains.
-However, the registration of these domains is now done by a number of
-independent and competing registrars and this database holds no information
-on the domains registered by organizations other than Network Solutions, Inc.
-Also, note that the
-.Tn InterNIC
-database
-.Pq Pa whois.internic.net
-is no longer handled by Network Solutions, Inc.
-For details, see
-.Lk https://www.internic.net/ .
-.Pp
-(Hint: Contact information, identified by the term
-.Em handle ,
-can be looked up by prefixing
-.Qq Li \&!
-or
-.Qq Li handle\ \&
-to the
-.Tn NIC
-handle in the query.)
+.Tn \&.EDU .
+You can optionally specify the type of object to search for:
+.D1 Ic whois -i ' Ns Ar type Ar name Ns Ic '
+where
+.Ar type
+is one of
+.Em domain , nameserver , registrar .
+The
+.Ar name
+may also contain
+.Li *
+wildcards.
 .It Fl l
 Use the Latin American and Caribbean IP address Regional Registry
 .Pq Tn LACNIC

usr.bin/whois/whois.c

@@ -1,4 +1,4 @@
-/*      $OpenBSD: whois.c,v 1.58 2018/06/19 11:28:11 jca Exp $   */
+/*      $OpenBSD: whois.c,v 1.59 2024/03/05 16:06:32 millert Exp $   */
 
 /*
  * Copyright (c) 1980, 1993
@@ -45,7 +45,7 @@
 #include <unistd.h>
 
 #define	NICHOST		"whois.crsnic.net"
-#define	INICHOST	"whois.networksolutions.com"
+#define	INICHOST	"whois.internic.net"
 #define	CNICHOST	"whois.corenic.net"
 #define	DNICHOST	"whois.nic.mil"
 #define	GNICHOST	"whois.nic.gov"