From ae25582c29aced240c543b1986e1c2810ab049ca Mon Sep 17 00:00:00 2001 From: purplerain Date: Sun, 25 Jun 2023 21:25:02 +0000 Subject: [PATCH] sync --- lib/libcrypto/Makefile | 3 +- lib/libcrypto/bn/arch/amd64/bn_arch.c | 6 +- lib/libcrypto/bn/arch/arm/bn_arch.h | 51 ++- lib/libcrypto/bn/bn_internal.h | 100 ++++-- lib/libcrypto/bn/bn_local.h | 3 +- lib/libcrypto/bn/bn_sqr.c | 79 ++-- lib/libcrypto/ec/ec_key.c | 50 +-- lib/libcrypto/ec/ec_kmeth.c | 3 +- lib/libcrypto/ec/ec_lib.c | 196 +--------- lib/libcrypto/ec/ec_local.h | 48 +-- lib/libcrypto/ec/ec_mult.c | 439 +---------------------- lib/libcrypto/ec/ec_pmeth.c | 3 +- lib/libcrypto/ecdh/ecdh_kdf.c | 4 +- lib/libcrypto/ecdh/ech_key.c | 48 +-- lib/libcrypto/ecdh/ech_lib.c | 150 ++------ lib/libcrypto/ecdh/ech_local.h | 99 ----- lib/libcrypto/ecdsa/ecs_lib.c | 169 +-------- lib/libcrypto/ecdsa/ecs_local.h | 20 +- lib/libcrypto/ecdsa/ecs_ossl.c | 105 +++--- lib/libcrypto/man/X509_check_purpose.3 | 6 +- lib/libcrypto/x509/x509_purp.c | 46 ++- lib/libcrypto/x509/x509v3.h | 5 +- regress/usr.sbin/rpki-client/test-rrdp.c | 3 +- sbin/iked/ca.c | 14 +- sbin/iked/iked.c | 3 +- sbin/iked/iked.h | 3 +- sys/netinet/in_pcb.c | 58 +-- sys/netinet/in_pcb.h | 7 +- sys/netinet6/in6_pcb.c | 31 +- usr.bin/tmux/input.c | 6 +- usr.sbin/relayd/config.c | 3 +- usr.sbin/relayd/relayd.c | 5 +- usr.sbin/relayd/relayd.h | 3 +- usr.sbin/relayd/ssl.c | 24 +- usr.sbin/rpki-client/cert.c | 6 +- usr.sbin/smtpd/ssl.c | 25 +- usr.sbin/smtpd/ssl.h | 3 +- 37 files changed, 421 insertions(+), 1406 deletions(-) delete mode 100644 lib/libcrypto/ecdh/ech_local.h diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 6fe129bcd..f5114d5ca 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.131 2023/06/21 07:41:55 jsing Exp $ +# $OpenBSD: Makefile,v 1.132 2023/06/25 19:29:30 tb Exp $ LIB= crypto LIBREBUILD=y @@ -42,7 +42,6 @@ CFLAGS+= -I${LCRYPTO_SRC}/curve25519 CFLAGS+= -I${LCRYPTO_SRC}/dh CFLAGS+= -I${LCRYPTO_SRC}/dsa CFLAGS+= -I${LCRYPTO_SRC}/ec -CFLAGS+= -I${LCRYPTO_SRC}/ecdh CFLAGS+= -I${LCRYPTO_SRC}/ecdsa CFLAGS+= -I${LCRYPTO_SRC}/evp CFLAGS+= -I${LCRYPTO_SRC}/hidden diff --git a/lib/libcrypto/bn/arch/amd64/bn_arch.c b/lib/libcrypto/bn/arch/amd64/bn_arch.c index 55275aa14..a377a0568 100644 --- a/lib/libcrypto/bn/arch/amd64/bn_arch.c +++ b/lib/libcrypto/bn/arch/amd64/bn_arch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_arch.c,v 1.6 2023/02/22 05:46:37 jsing Exp $ */ +/* $OpenBSD: bn_arch.c,v 1.7 2023/06/24 16:01:44 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -96,9 +96,9 @@ bn_mul_comba8(BN_ULONG *rd, BN_ULONG *ad, BN_ULONG *bd) #ifdef HAVE_BN_SQR int -bn_sqr(BIGNUM *r, const BIGNUM *a, int rn, BN_CTX *ctx) +bn_sqr(BIGNUM *r, const BIGNUM *a, int r_len, BN_CTX *ctx) { - bignum_sqr(rn, (uint64_t *)r->d, a->top, (uint64_t *)a->d); + bignum_sqr(r_len, (uint64_t *)r->d, a->top, (uint64_t *)a->d); return 1; } diff --git a/lib/libcrypto/bn/arch/arm/bn_arch.h b/lib/libcrypto/bn/arch/arm/bn_arch.h index 136adf0e9..ef9bf7f15 100644 --- a/lib/libcrypto/bn/arch/arm/bn_arch.h +++ b/lib/libcrypto/bn/arch/arm/bn_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_arch.h,v 1.1 2023/01/20 10:04:33 jsing Exp $ */ +/* $OpenBSD: bn_arch.h,v 1.2 2023/06/24 15:51:47 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -15,10 +15,59 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include + #ifndef HEADER_BN_ARCH_H #define HEADER_BN_ARCH_H #ifndef OPENSSL_NO_ASM +#if defined(__GNUC__) + +#define HAVE_BN_SUBW + +static inline void +bn_subw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_borrow, BN_ULONG *out_r0) +{ + BN_ULONG borrow, r0; + + __asm__ ( + "mov %[borrow], #0 \n" + "subs %[r0], %[a], %[b] \n" + "sbc %[borrow], %[borrow], #0 \n" + "neg %[borrow], %[borrow] \n" + : [borrow]"=&r"(borrow), [r0]"=r"(r0) + : [a]"r"(a), [b]"r"(b) + : "cc"); + + *out_borrow = borrow; + *out_r0 = r0; +} + +#define HAVE_BN_SUBW_SUBW + +static inline void +bn_subw_subw(BN_ULONG a, BN_ULONG b, BN_ULONG c, BN_ULONG *out_borrow, + BN_ULONG *out_r0) +{ + BN_ULONG borrow, r0; + + __asm__ ( + "mov %[borrow], #0 \n" + "subs %[r0], %[a], %[b] \n" + "sbc %[borrow], %[borrow], #0 \n" + "subs %[r0], %[r0], %[c] \n" + "sbc %[borrow], %[borrow], #0 \n" + "neg %[borrow], %[borrow] \n" + : [borrow]"=&r"(borrow), [r0]"=&r"(r0) + : [a]"r"(a), [b]"r"(b), [c]"r"(c) + : "cc"); + + *out_borrow = borrow; + *out_r0 = r0; +} + +#endif /* __GNUC__ */ + #endif #endif diff --git a/lib/libcrypto/bn/bn_internal.h b/lib/libcrypto/bn/bn_internal.h index b712b736f..fd04bc9f8 100644 --- a/lib/libcrypto/bn/bn_internal.h +++ b/lib/libcrypto/bn/bn_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_internal.h,v 1.14 2023/06/21 07:48:41 jsing Exp $ */ +/* $OpenBSD: bn_internal.h,v 1.15 2023/06/25 11:42:26 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -80,12 +80,18 @@ bn_clzw(BN_ULONG w) */ /* - * bn_addw() computes (r1:r0) = a + b, where both inputs are single words, - * producing a double word result. The value of r1 is the carry from the - * addition. + * Default implementations for BN_ULLONG architectures. + * + * On these platforms the C compiler is generally better at optimising without + * the use of inline assembly primitives. However, it can be difficult for the + * compiler to see through primitives in order to combine operations, due to + * type changes/narrowing. For this reason compound primitives are usually + * explicitly provided. */ +#ifdef BN_ULLONG + #ifndef HAVE_BN_ADDW -#ifdef BN_LLONG +#define HAVE_BN_ADDW static inline void bn_addw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_r1, BN_ULONG *out_r0) { @@ -96,8 +102,75 @@ bn_addw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_r1, BN_ULONG *out_r0) *out_r1 = r >> BN_BITS2; *out_r0 = r & BN_MASK2; } -#else +#endif +#ifndef HAVE_BN_ADDW_ADDW +#define HAVE_BN_ADDW_ADDW +static inline void +bn_addw_addw(BN_ULONG a, BN_ULONG b, BN_ULONG c, BN_ULONG *out_r1, + BN_ULONG *out_r0) +{ + BN_ULLONG r; + + r = (BN_ULLONG)a + (BN_ULLONG)b + (BN_ULLONG)c; + + *out_r1 = r >> BN_BITS2; + *out_r0 = r & BN_MASK2; +} +#endif + +#ifndef HAVE_BN_MULW +#define HAVE_BN_MULW +static inline void +bn_mulw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_r1, BN_ULONG *out_r0) +{ + BN_ULLONG r; + + r = (BN_ULLONG)a * (BN_ULLONG)b; + + *out_r1 = r >> BN_BITS2; + *out_r0 = r & BN_MASK2; +} +#endif + +#ifndef HAVE_BN_MULW_ADDW +#define HAVE_BN_MULW_ADDW +static inline void +bn_mulw_addw(BN_ULONG a, BN_ULONG b, BN_ULONG c, BN_ULONG *out_r1, + BN_ULONG *out_r0) +{ + BN_ULLONG r; + + r = (BN_ULLONG)a * (BN_ULLONG)b + (BN_ULLONG)c; + + *out_r1 = r >> BN_BITS2; + *out_r0 = r & BN_MASK2; +} +#endif + +#ifndef HAVE_BN_MULW_ADDW_ADDW +#define HAVE_BN_MULW_ADDW_ADDW +static inline void +bn_mulw_addw_addw(BN_ULONG a, BN_ULONG b, BN_ULONG c, BN_ULONG d, + BN_ULONG *out_r1, BN_ULONG *out_r0) +{ + BN_ULLONG r; + + r = (BN_ULLONG)a * (BN_ULLONG)b + (BN_ULLONG)c + (BN_ULLONG)d; + + *out_r1 = r >> BN_BITS2; + *out_r0 = r & BN_MASK2; +} +#endif + +#endif /* !BN_ULLONG */ + +/* + * bn_addw() computes (r1:r0) = a + b, where both inputs are single words, + * producing a double word result. The value of r1 is the carry from the + * addition. + */ +#ifndef HAVE_BN_ADDW static inline void bn_addw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_r1, BN_ULONG *out_r0) { @@ -112,7 +185,6 @@ bn_addw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_r1, BN_ULONG *out_r0) *out_r0 = r0; } #endif -#endif /* * bn_addw_addw() computes (r1:r0) = a + b + c, where all inputs are single @@ -230,19 +302,6 @@ bn_qwsubqw(BN_ULONG a3, BN_ULONG a2, BN_ULONG a1, BN_ULONG a0, BN_ULONG b3, * producing a double word result. */ #ifndef HAVE_BN_MULW -#ifdef BN_LLONG -static inline void -bn_mulw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_r1, BN_ULONG *out_r0) -{ - BN_ULLONG r; - - r = (BN_ULLONG)a * (BN_ULLONG)b; - - *out_r1 = r >> BN_BITS2; - *out_r0 = r & BN_MASK2; -} - -#else /* !BN_LLONG */ /* * Multiply two words (a * b) producing a double word result (h:l). * @@ -339,7 +398,6 @@ bn_mulw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_r1, BN_ULONG *out_r0) *out_r0 = (acc1 << BN_BITS4) | acc0; } #endif -#endif /* !BN_LLONG */ #endif #ifndef HAVE_BN_MULW_LO diff --git a/lib/libcrypto/bn/bn_local.h b/lib/libcrypto/bn/bn_local.h index c86e4d032..17f5447be 100644 --- a/lib/libcrypto/bn/bn_local.h +++ b/lib/libcrypto/bn/bn_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_local.h,v 1.23 2023/06/21 07:41:55 jsing Exp $ */ +/* $OpenBSD: bn_local.h,v 1.24 2023/06/24 16:01:43 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -252,7 +252,6 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); -void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp); void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a); void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a); diff --git a/lib/libcrypto/bn/bn_sqr.c b/lib/libcrypto/bn/bn_sqr.c index d414800fe..5ea1bd45b 100644 --- a/lib/libcrypto/bn/bn_sqr.c +++ b/lib/libcrypto/bn/bn_sqr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_sqr.c,v 1.30 2023/04/19 10:51:22 jsing Exp $ */ +/* $OpenBSD: bn_sqr.c,v 1.34 2023/06/24 17:06:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -191,52 +191,60 @@ bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) } #endif -/* tmp must have 2*n words */ -void -bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) +#ifndef HAVE_BN_SQR +static void +bn_sqr_normal(BN_ULONG *r, int r_len, const BN_ULONG *a, int a_len, + BN_ULONG *tmp) { - int i, j, max; const BN_ULONG *ap; BN_ULONG *rp; + BN_ULONG w; + int n; + + if (a_len <= 0) + return; - max = n * 2; ap = a; + w = ap[0]; + ap++; + rp = r; - rp[0] = rp[max - 1] = 0; + rp[0] = rp[r_len - 1] = 0; rp++; - j = n; - if (--j > 0) { + /* Compute initial product - r[n:1] = a[n:1] * a[0] */ + n = a_len - 1; + if (n > 0) { + rp[n] = bn_mul_words(rp, ap, n, w); + } + rp += 2; + n--; + + /* Compute and sum remaining products. */ + while (n > 0) { + w = ap[0]; ap++; - rp[j] = bn_mul_words(rp, ap, j, ap[-1]); + + rp[n] = bn_mul_add_words(rp, ap, n, w); rp += 2; + n--; } - for (i = n - 2; i > 0; i--) { - j--; - ap++; - rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]); - rp += 2; - } + /* Double the sum of products. */ + bn_add_words(r, r, r, r_len); - bn_add_words(r, r, r, max); - - /* There will not be a carry */ - - bn_sqr_words(tmp, a, n); - - bn_add_words(r, r, tmp, max); + /* Add squares. */ + bn_sqr_words(tmp, a, a_len); + bn_add_words(r, r, tmp, r_len); } - /* * bn_sqr() computes a * a, storing the result in r. The caller must ensure that * r is not the same BIGNUM as a and that r has been expanded to rn = a->top * 2 * words. */ -#ifndef HAVE_BN_SQR int -bn_sqr(BIGNUM *r, const BIGNUM *a, int rn, BN_CTX *ctx) +bn_sqr(BIGNUM *r, const BIGNUM *a, int r_len, BN_CTX *ctx) { BIGNUM *tmp; int ret = 0; @@ -245,10 +253,10 @@ bn_sqr(BIGNUM *r, const BIGNUM *a, int rn, BN_CTX *ctx) if ((tmp = BN_CTX_get(ctx)) == NULL) goto err; - - if (!bn_wexpand(tmp, rn)) + if (!bn_wexpand(tmp, r_len)) goto err; - bn_sqr_normal(r->d, a->d, a->top, tmp->d); + + bn_sqr_normal(r->d, r_len, a->d, a->top, tmp->d); ret = 1; @@ -263,12 +271,12 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { BIGNUM *rr; - int rn; + int r_len; int ret = 1; BN_CTX_start(ctx); - if (BN_is_zero(a)) { + if (a->top < 1) { BN_zero(r); goto done; } @@ -278,10 +286,9 @@ BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) if (rr == NULL) goto err; - rn = a->top * 2; - if (rn < a->top) + if ((r_len = a->top * 2) < a->top) goto err; - if (!bn_wexpand(rr, rn)) + if (!bn_wexpand(rr, r_len)) goto err; if (a->top == 4) { @@ -289,11 +296,11 @@ BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) } else if (a->top == 8) { bn_sqr_comba8(rr->d, a->d); } else { - if (!bn_sqr(rr, a, rn, ctx)) + if (!bn_sqr(rr, a, r_len, ctx)) goto err; } - rr->top = rn; + rr->top = r_len; bn_correct_top(rr); rr->neg = 0; diff --git a/lib/libcrypto/ec/ec_key.c b/lib/libcrypto/ec/ec_key.c index 2f9f05cc5..412735252 100644 --- a/lib/libcrypto/ec/ec_key.c +++ b/lib/libcrypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.32 2023/03/27 10:25:02 tb Exp $ */ +/* $OpenBSD: ec_key.c,v 1.33 2023/06/25 18:52:27 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -122,16 +122,12 @@ EC_KEY_free(EC_KEY *r) EC_POINT_free(r->pub_key); BN_free(r->priv_key); - EC_EX_DATA_free_all_data(&r->method_data); - freezero(r, sizeof(EC_KEY)); } EC_KEY * EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) { - EC_EXTRA_DATA *d; - if (dest == NULL || src == NULL) { ECerror(ERR_R_PASSED_NULL_PARAMETER); return NULL; @@ -175,18 +171,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) if (!bn_copy(dest->priv_key, src->priv_key)) return NULL; } - /* copy method/extra data */ - EC_EX_DATA_free_all_data(&dest->method_data); - - for (d = src->method_data; d != NULL; d = d->next) { - void *t = d->dup_func(d->data); - - if (t == NULL) - return 0; - if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, - d->free_func, d->clear_free_func)) - return 0; - } /* copy the rest */ dest->enc_flag = src->enc_flag; @@ -526,38 +510,6 @@ EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) EC_GROUP_set_point_conversion_form(key->group, cform); } -void * -EC_KEY_get_key_method_data(EC_KEY *key, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - void *ret; - - CRYPTO_r_lock(CRYPTO_LOCK_EC); - ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); - CRYPTO_r_unlock(CRYPTO_LOCK_EC); - - return ret; -} - -void * -EC_KEY_insert_key_method_data(EC_KEY *key, void *data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - EC_EXTRA_DATA *ex_data; - - CRYPTO_w_lock(CRYPTO_LOCK_EC); - ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); - if (ex_data == NULL) - EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); - CRYPTO_w_unlock(CRYPTO_LOCK_EC); - - return ex_data; -} - void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) { diff --git a/lib/libcrypto/ec/ec_kmeth.c b/lib/libcrypto/ec/ec_kmeth.c index 56fb43709..4e296cfa6 100644 --- a/lib/libcrypto/ec/ec_kmeth.c +++ b/lib/libcrypto/ec/ec_kmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_kmeth.c,v 1.7 2022/11/26 16:08:52 tb Exp $ */ +/* $OpenBSD: ec_kmeth.c,v 1.8 2023/06/25 18:52:27 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -168,7 +168,6 @@ EC_KEY_new_method(ENGINE *engine) ret->enc_flag = 0; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ret->references = 1; - ret->method_data = NULL; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) goto err; diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c index 817b0239b..2e180e966 100644 --- a/lib/libcrypto/ec/ec_lib.c +++ b/lib/libcrypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.58 2023/06/20 14:37:15 tb Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.61 2023/06/25 18:52:27 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -93,8 +93,6 @@ EC_GROUP_new(const EC_METHOD *meth) } ret->meth = meth; - ret->extra_data = NULL; - ret->generator = NULL; BN_init(&ret->order); BN_init(&ret->cofactor); @@ -123,8 +121,6 @@ EC_GROUP_free(EC_GROUP *group) if (group->meth->group_finish != NULL) group->meth->group_finish(group); - EC_EX_DATA_clear_free_all_data(&group->extra_data); - EC_POINT_free(group->generator); BN_free(&group->order); BN_free(&group->cofactor); @@ -142,8 +138,6 @@ EC_GROUP_clear_free(EC_GROUP *group) int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) { - EC_EXTRA_DATA *d; - if (dest->meth->group_copy == NULL) { ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -155,18 +149,6 @@ EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; - EC_EX_DATA_free_all_data(&dest->extra_data); - - for (d = src->extra_data; d != NULL; d = d->next) { - void *t = d->dup_func(d->data); - - if (t == NULL) - return 0; - if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, - d->free_func, d->clear_free_func)) - return 0; - } - if (src->generator != NULL) { if (dest->generator == NULL) { dest->generator = EC_POINT_new(dest); @@ -669,158 +651,6 @@ ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) return group->meth->blind_coordinates(group, p, ctx); } -/* this has 'package' visibility */ -int -EC_EX_DATA_set_data(EC_EXTRA_DATA ** ex_data, void *data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - EC_EXTRA_DATA *d; - - if (ex_data == NULL) - return 0; - - for (d = *ex_data; d != NULL; d = d->next) { - if (d->dup_func == dup_func && d->free_func == free_func && - d->clear_free_func == clear_free_func) { - ECerror(EC_R_SLOT_FULL); - return 0; - } - } - - if (data == NULL) - /* no explicit entry needed */ - return 1; - - d = malloc(sizeof *d); - if (d == NULL) - return 0; - - d->data = data; - d->dup_func = dup_func; - d->free_func = free_func; - d->clear_free_func = clear_free_func; - - d->next = *ex_data; - *ex_data = d; - - return 1; -} - -/* this has 'package' visibility */ -void * -EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - const EC_EXTRA_DATA *d; - - for (d = ex_data; d != NULL; d = d->next) { - if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) - return d->data; - } - - return NULL; -} - -/* this has 'package' visibility */ -void -EC_EX_DATA_free_data(EC_EXTRA_DATA ** ex_data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - EC_EXTRA_DATA **p; - - if (ex_data == NULL) - return; - - for (p = ex_data; *p != NULL; p = &((*p)->next)) { - if ((*p)->dup_func == dup_func && - (*p)->free_func == free_func && - (*p)->clear_free_func == clear_free_func) { - EC_EXTRA_DATA *next = (*p)->next; - - (*p)->free_func((*p)->data); - free(*p); - - *p = next; - return; - } - } -} - -/* this has 'package' visibility */ -void -EC_EX_DATA_clear_free_data(EC_EXTRA_DATA ** ex_data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - EC_EXTRA_DATA **p; - - if (ex_data == NULL) - return; - - for (p = ex_data; *p != NULL; p = &((*p)->next)) { - if ((*p)->dup_func == dup_func && - (*p)->free_func == free_func && - (*p)->clear_free_func == clear_free_func) { - EC_EXTRA_DATA *next = (*p)->next; - - (*p)->clear_free_func((*p)->data); - free(*p); - - *p = next; - return; - } - } -} - -/* this has 'package' visibility */ -void -EC_EX_DATA_free_all_data(EC_EXTRA_DATA ** ex_data) -{ - EC_EXTRA_DATA *d; - - if (ex_data == NULL) - return; - - d = *ex_data; - while (d) { - EC_EXTRA_DATA *next = d->next; - - d->free_func(d->data); - free(d); - - d = next; - } - *ex_data = NULL; -} - -/* this has 'package' visibility */ -void -EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA ** ex_data) -{ - EC_EXTRA_DATA *d; - - if (ex_data == NULL) - return; - - d = *ex_data; - while (d) { - EC_EXTRA_DATA *next = d->next; - - d->clear_free_func(d->data); - free(d); - - d = next; - } - *ex_data = NULL; -} - EC_POINT * EC_POINT_new(const EC_GROUP *group) { @@ -1408,33 +1238,13 @@ EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx_in) { - BN_CTX *ctx; - int ret = 0; - - if (group->meth->precompute_mult == NULL) - return 1; - - if ((ctx = ctx_in) == NULL) - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - - ret = group->meth->precompute_mult(group, ctx); - - err: - if (ctx != ctx_in) - BN_CTX_free(ctx); - - return ret; + return 1; } int EC_GROUP_have_precompute_mult(const EC_GROUP *group) { - if (group->meth->have_precompute_mult == NULL) - return 0; - - return group->meth->have_precompute_mult(group); + return 0; } int diff --git a/lib/libcrypto/ec/ec_local.h b/lib/libcrypto/ec/ec_local.h index c827a8f70..9bdc3e733 100644 --- a/lib/libcrypto/ec/ec_local.h +++ b/lib/libcrypto/ec/ec_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_local.h,v 1.14 2023/06/12 18:17:18 jsing Exp $ */ +/* $OpenBSD: ec_local.h,v 1.21 2023/06/25 19:22:21 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -145,8 +145,6 @@ struct ec_method_st { int (*mul_double_nonct)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const BIGNUM *p_scalar, const EC_POINT *point, BN_CTX *); - int (*precompute_mult)(EC_GROUP *group, BN_CTX *); - int (*have_precompute_mult)(const EC_GROUP *group); /* * Internal methods. @@ -175,14 +173,6 @@ struct ec_method_st { BN_CTX *ctx); } /* EC_METHOD */; -typedef struct ec_extra_data_st { - struct ec_extra_data_st *next; - void *data; - void *(*dup_func)(void *); - void (*free_func)(void *); - void (*clear_free_func)(void *); -} EC_EXTRA_DATA; /* used in EC_GROUP */ - struct ec_group_st { /* * Methods and members exposed via the public API. @@ -209,8 +199,6 @@ struct ec_group_st { * if they appear to be generic. */ - EC_EXTRA_DATA *extra_data; - /* * Field specification. For GF(p) this is the modulus; for GF(2^m), * this is the irreducible polynomial defining the field. @@ -264,28 +252,9 @@ struct ec_key_st { int references; int flags; - EC_EXTRA_DATA *method_data; CRYPTO_EX_DATA ex_data; } /* EC_KEY */; -/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only - * (with visibility limited to 'package' level for now). - * We use the function pointers as index for retrieval; this obviates - * global ex_data-style index tables. - */ -int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); -void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); -void EC_EX_DATA_free_data(EC_EXTRA_DATA **, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); -void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); -void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **); -void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **); - -int ec_group_simple_order_bits(const EC_GROUP *group); - struct ec_point_st { const EC_METHOD *meth; @@ -308,9 +277,6 @@ struct ec_point_st { * (ec_lib.c uses these as defaults if group->method->mul is 0) */ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); -int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); -int ec_wNAF_have_precompute_mult(const EC_GROUP *group); - /* method functions in ecp_smpl.c */ int ec_GFp_simple_group_init(EC_GROUP *); @@ -355,6 +321,7 @@ int ec_GFp_simple_mul_single_ct(const EC_GROUP *, EC_POINT *r, const BIGNUM *sca int ec_GFp_simple_mul_double_nonct(const EC_GROUP *, EC_POINT *r, const BIGNUM *g_scalar, const BIGNUM *p_scalar, const EC_POINT *point, BN_CTX *); +int ec_group_simple_order_bits(const EC_GROUP *group); int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); /* EC_METHOD definitions */ @@ -395,12 +362,11 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); -void *EC_KEY_get_key_method_data(EC_KEY *key, - void *(*dup_func)(void *), void (*free_func)(void *), - void (*clear_free_func)(void *)); -void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, - void *(*dup_func)(void *), void (*free_func)(void *), - void (*clear_free_func)(void *)); +/* + * ECDH Key Derivation Function as defined in ANSI X9.63. + */ +int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z, + size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md); int EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); diff --git a/lib/libcrypto/ec/ec_mult.c b/lib/libcrypto/ec/ec_mult.c index b70e60a1b..a0e97437b 100644 --- a/lib/libcrypto/ec/ec_mult.c +++ b/lib/libcrypto/ec/ec_mult.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_mult.c,v 1.29 2023/04/11 18:58:20 jsing Exp $ */ +/* $OpenBSD: ec_mult.c,v 1.31 2023/06/24 17:49:44 jsing Exp $ */ /* * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ @@ -67,7 +67,6 @@ #include "ec_local.h" - /* * This file implements the wNAF-based interleaving multi-exponentation method * (); @@ -75,114 +74,6 @@ * (). */ - - - -/* structure for precomputed multiples of the generator */ -typedef struct ec_pre_comp_st { - const EC_GROUP *group; /* parent EC_GROUP object */ - size_t blocksize; /* block size for wNAF splitting */ - size_t numblocks; /* max. number of blocks for which we have - * precomputation */ - size_t w; /* window size */ - EC_POINT **points; /* array with pre-calculated multiples of - * generator: 'num' pointers to EC_POINT - * objects followed by a NULL */ - size_t num; /* numblocks * 2^(w-1) */ - int references; -} EC_PRE_COMP; - -/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ -static void *ec_pre_comp_dup(void *); -static void ec_pre_comp_free(void *); -static void ec_pre_comp_clear_free(void *); - -static EC_PRE_COMP * -ec_pre_comp_new(const EC_GROUP *group) -{ - EC_PRE_COMP *ret = NULL; - - if (!group) - return NULL; - - ret = malloc(sizeof(EC_PRE_COMP)); - if (!ret) { - ECerror(ERR_R_MALLOC_FAILURE); - return ret; - } - ret->group = group; - ret->blocksize = 8; /* default */ - ret->numblocks = 0; - ret->w = 4; /* default */ - ret->points = NULL; - ret->num = 0; - ret->references = 1; - return ret; -} - -static void * -ec_pre_comp_dup(void *src_) -{ - EC_PRE_COMP *src = src_; - - /* no need to actually copy, these objects never change! */ - - CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); - - return src_; -} - -static void -ec_pre_comp_free(void *pre_) -{ - int i; - EC_PRE_COMP *pre = pre_; - - if (!pre) - return; - - i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); - if (i > 0) - return; - - if (pre->points) { - EC_POINT **p; - - for (p = pre->points; *p != NULL; p++) - EC_POINT_free(*p); - free(pre->points); - } - free(pre); -} - -static void -ec_pre_comp_clear_free(void *pre_) -{ - int i; - EC_PRE_COMP *pre = pre_; - - if (!pre) - return; - - i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); - if (i > 0) - return; - - if (pre->points) { - EC_POINT **p; - - for (p = pre->points; *p != NULL; p++) { - EC_POINT_free(*p); - explicit_bzero(p, sizeof *p); - } - free(pre->points); - } - freezero(pre, sizeof *pre); -} - - - - /* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. * This is an array r[] of values that are either zero or odd with an * absolute value less than 2^w satisfying @@ -338,8 +229,7 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *generator = NULL; EC_POINT *tmp = NULL; size_t totalnum; - size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ - size_t pre_points_per_block = 0; + size_t numblocks = 0; /* for wNAF splitting */ size_t i, j; int k; int r_is_inverted = 0; @@ -354,7 +244,6 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, EC_POINT **v; EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or * 'pre_comp->points' */ - const EC_PRE_COMP *pre_comp = NULL; int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be * treated like other scalars, i.e. * precomputation is not available */ @@ -380,42 +269,10 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, ECerror(EC_R_UNDEFINED_GENERATOR); goto err; } - /* look if we can use precomputed multiples of generator */ - pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); - - if (pre_comp && pre_comp->numblocks && - (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) { - blocksize = pre_comp->blocksize; - - /* - * determine maximum number of blocks that wNAF - * splitting may yield (NB: maximum wNAF length is - * bit length plus one) - */ - numblocks = (BN_num_bits(scalar) / blocksize) + 1; - - /* - * we cannot use more blocks than we have - * precomputation for - */ - if (numblocks > pre_comp->numblocks) - numblocks = pre_comp->numblocks; - - pre_points_per_block = (size_t) 1 << (pre_comp->w - 1); - - /* check that pre_comp looks sane */ - if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - } else { - /* can't use precomputation */ - pre_comp = NULL; - numblocks = 1; - num_scalar = 1; /* treat 'scalar' like 'num'-th - * element of 'scalars' */ - } + numblocks = 1; + num_scalar = 1; /* treat 'scalar' like 'num'-th + * element of 'scalars' */ } totalnum = num + numblocks; @@ -457,111 +314,9 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (numblocks) { /* we go here iff scalar != NULL */ - if (pre_comp == NULL) { - if (num_scalar != 1) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - /* we have already generated a wNAF for 'scalar' */ - } else { - size_t tmp_len = 0; - - if (num_scalar != 0) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - /* - * use the window size for which we have - * precomputation - */ - wsize[num] = pre_comp->w; - tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); - if (tmp_wNAF == NULL) - goto err; - - if (tmp_len <= max_len) { - /* - * One of the other wNAFs is at least as long - * as the wNAF belonging to the generator, so - * wNAF splitting will not buy us anything. - */ - - numblocks = 1; - totalnum = num + 1; /* don't use wNAF - * splitting */ - wNAF[num] = tmp_wNAF; - tmp_wNAF = NULL; - wNAF[num + 1] = NULL; - wNAF_len[num] = tmp_len; - if (tmp_len > max_len) - max_len = tmp_len; - /* - * pre_comp->points starts with the points - * that we need here: - */ - val_sub[num] = pre_comp->points; - } else { - /* - * don't include tmp_wNAF directly into wNAF - * array - use wNAF splitting and include the - * blocks - */ - - signed char *pp; - EC_POINT **tmp_points; - - if (tmp_len < numblocks * blocksize) { - /* - * possibly we can do with fewer - * blocks than estimated - */ - numblocks = (tmp_len + blocksize - 1) / blocksize; - if (numblocks > pre_comp->numblocks) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - totalnum = num + numblocks; - } - /* split wNAF in 'numblocks' parts */ - pp = tmp_wNAF; - tmp_points = pre_comp->points; - - for (i = num; i < totalnum; i++) { - if (i < totalnum - 1) { - wNAF_len[i] = blocksize; - if (tmp_len < blocksize) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - tmp_len -= blocksize; - } else - /* - * last block gets whatever - * is left (this could be - * more or less than - * 'blocksize'!) - */ - wNAF_len[i] = tmp_len; - - wNAF[i + 1] = NULL; - wNAF[i] = malloc(wNAF_len[i]); - if (wNAF[i] == NULL) { - ECerror(ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(wNAF[i], pp, wNAF_len[i]); - if (wNAF_len[i] > max_len) - max_len = wNAF_len[i]; - - if (*tmp_points == NULL) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - val_sub[i] = tmp_points; - tmp_points += pre_points_per_block; - pp += blocksize; - } - } + if (num_scalar != 1) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; } } /* @@ -693,181 +448,3 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, free(val_sub); return ret; } - - -/* ec_wNAF_precompute_mult() - * creates an EC_PRE_COMP object with preprecomputed multiples of the generator - * for use with wNAF splitting as implemented in ec_wNAF_mul(). - * - * 'pre_comp->points' is an array of multiples of the generator - * of the following form: - * points[0] = generator; - * points[1] = 3 * generator; - * ... - * points[2^(w-1)-1] = (2^(w-1)-1) * generator; - * points[2^(w-1)] = 2^blocksize * generator; - * points[2^(w-1)+1] = 3 * 2^blocksize * generator; - * ... - * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator - * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator - * ... - * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator - * points[2^(w-1)*numblocks] = NULL - */ -int -ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -{ - const EC_POINT *generator; - EC_POINT *tmp_point = NULL, *base = NULL, **var; - BIGNUM *order; - size_t i, bits, w, pre_points_per_block, blocksize, numblocks, - num; - EC_POINT **points = NULL; - EC_PRE_COMP *pre_comp; - int ret = 0; - - /* if there is an old EC_PRE_COMP object, throw it away */ - EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); - - if ((pre_comp = ec_pre_comp_new(group)) == NULL) - return 0; - - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) { - ECerror(EC_R_UNDEFINED_GENERATOR); - goto err; - } - - BN_CTX_start(ctx); - - if ((order = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!EC_GROUP_get_order(group, order, ctx)) - goto err; - if (BN_is_zero(order)) { - ECerror(EC_R_UNKNOWN_ORDER); - goto err; - } - bits = BN_num_bits(order); - /* - * The following parameters mean we precompute (approximately) one - * point per bit. - * - * TBD: The combination 8, 4 is perfect for 160 bits; for other bit - * lengths, other parameter combinations might provide better - * efficiency. - */ - blocksize = 8; - w = 4; - if (EC_window_bits_for_scalar_size(bits) > w) { - /* let's not make the window too small ... */ - w = EC_window_bits_for_scalar_size(bits); - } - numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks - * to use for wNAF - * splitting */ - - pre_points_per_block = (size_t) 1 << (w - 1); - num = pre_points_per_block * numblocks; /* number of points to - * compute and store */ - - points = reallocarray(NULL, (num + 1), sizeof(EC_POINT *)); - if (!points) { - ECerror(ERR_R_MALLOC_FAILURE); - goto err; - } - var = points; - var[num] = NULL; /* pivot */ - for (i = 0; i < num; i++) { - if ((var[i] = EC_POINT_new(group)) == NULL) { - ECerror(ERR_R_MALLOC_FAILURE); - goto err; - } - } - - if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) { - ECerror(ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EC_POINT_copy(base, generator)) - goto err; - - /* do the precomputation */ - for (i = 0; i < numblocks; i++) { - size_t j; - - if (!EC_POINT_dbl(group, tmp_point, base, ctx)) - goto err; - - if (!EC_POINT_copy(*var++, base)) - goto err; - - for (j = 1; j < pre_points_per_block; j++, var++) { - /* calculate odd multiples of the current base point */ - if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) - goto err; - } - - if (i < numblocks - 1) { - /* - * get the next base (multiply current one by - * 2^blocksize) - */ - size_t k; - - if (blocksize <= 2) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - if (!EC_POINT_dbl(group, base, tmp_point, ctx)) - goto err; - for (k = 2; k < blocksize; k++) { - if (!EC_POINT_dbl(group, base, base, ctx)) - goto err; - } - } - } - - if (!EC_POINTs_make_affine(group, num, points, ctx)) - goto err; - - pre_comp->group = group; - pre_comp->blocksize = blocksize; - pre_comp->numblocks = numblocks; - pre_comp->w = w; - pre_comp->points = points; - points = NULL; - pre_comp->num = num; - - if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp, - ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) - goto err; - pre_comp = NULL; - - ret = 1; - - err: - BN_CTX_end(ctx); - ec_pre_comp_free(pre_comp); - if (points) { - EC_POINT **p; - - for (p = points; *p != NULL; p++) - EC_POINT_free(*p); - free(points); - } - EC_POINT_free(tmp_point); - EC_POINT_free(base); - return ret; -} - - -int -ec_wNAF_have_precompute_mult(const EC_GROUP *group) -{ - if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL) - return 1; - else - return 0; -} diff --git a/lib/libcrypto/ec/ec_pmeth.c b/lib/libcrypto/ec/ec_pmeth.c index d1bb52d9e..7c94f80c7 100644 --- a/lib/libcrypto/ec/ec_pmeth.c +++ b/lib/libcrypto/ec/ec_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_pmeth.c,v 1.17 2023/04/25 15:48:48 tb Exp $ */ +/* $OpenBSD: ec_pmeth.c,v 1.18 2023/06/25 19:26:04 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -68,7 +68,6 @@ #include "bn_local.h" #include "ec_local.h" -#include "ech_local.h" #include "evp_local.h" /* EC pkey context structure */ diff --git a/lib/libcrypto/ecdh/ecdh_kdf.c b/lib/libcrypto/ecdh/ecdh_kdf.c index 5c22e9c8e..f9340749a 100644 --- a/lib/libcrypto/ecdh/ecdh_kdf.c +++ b/lib/libcrypto/ecdh/ecdh_kdf.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ecdh_kdf.c,v 1.9 2023/06/25 19:43:28 tb Exp $ */ /* * Written by Stephen Henson for the OpenSSL project. */ @@ -52,10 +53,11 @@ #include +#include #include #include -#include "ech_local.h" +#include "ec_local.h" /* * Key derivation function from X9.63/SECG. diff --git a/lib/libcrypto/ecdh/ech_key.c b/lib/libcrypto/ecdh/ech_key.c index a5c6371f9..e41092a41 100644 --- a/lib/libcrypto/ecdh/ech_key.c +++ b/lib/libcrypto/ecdh/ech_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_key.c,v 1.14 2022/11/26 16:08:52 tb Exp $ */ +/* $OpenBSD: ech_key.c,v 1.19 2023/06/25 19:35:56 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -73,18 +73,13 @@ #include #include +#include #include #include #include -#include "bn_local.h" -#include "ech_local.h" #include "ec_local.h" -static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, - EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); - /* * This implementation is based on the following primitives in the IEEE 1363 * standard: @@ -92,8 +87,8 @@ static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, * - ECSVDP-DH * Finally an optional KDF is applied. */ -static int -ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, +int +ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) { @@ -184,39 +179,14 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, ret = outlen; } -err: + err: EC_POINT_free(tmp); - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); free(buf); return (ret); } -static ECDH_METHOD openssl_ecdh_meth = { - .name = "OpenSSL ECDH method", - .compute_key = ecdh_compute_key -}; - -const ECDH_METHOD * -ECDH_OpenSSL(void) -{ - return &openssl_ecdh_meth; -} - -/* replace w/ ecdh_compute_key() when ECDH_METHOD gets removed */ -int -ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - EC_KEY *eckey, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) -{ - ECDH_DATA *ecdh; - - if ((ecdh = ecdh_check(eckey)) == NULL) - return 0; - return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); -} - int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *eckey, @@ -227,3 +197,9 @@ ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, ECerror(EC_R_NOT_IMPLEMENTED); return 0; } + +int +ECDH_size(const EC_KEY *d) +{ + return ((EC_GROUP_get_degree(EC_KEY_get0_group(d)) + 7) / 8); +} diff --git a/lib/libcrypto/ecdh/ech_lib.c b/lib/libcrypto/ecdh/ech_lib.c index 15d7737c3..eb1b6bfeb 100644 --- a/lib/libcrypto/ecdh/ech_lib.c +++ b/lib/libcrypto/ecdh/ech_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_lib.c,v 1.16 2023/04/25 19:26:45 tb Exp $ */ +/* $OpenBSD: ech_lib.c,v 1.22 2023/06/25 19:17:43 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -77,13 +77,27 @@ #include #include "ec_local.h" -#include "ech_local.h" + +struct ecdh_method { + const char *name; + int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); + int flags; + char *app_data; +}; static const ECDH_METHOD *default_ECDH_method = NULL; -static void *ecdh_data_new(void); -static void *ecdh_data_dup(void *); -static void ecdh_data_free(void *); +static const ECDH_METHOD openssl_ecdh_meth = { + .name = "OpenSSL ECDH method", + .compute_key = ossl_ecdh_compute_key, +}; + +const ECDH_METHOD * +ECDH_OpenSSL(void) +{ + return &openssl_ecdh_meth; +} void ECDH_set_default_method(const ECDH_METHOD *meth) @@ -103,142 +117,24 @@ ECDH_get_default_method(void) int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) { - ECDH_DATA *ecdh; - - ecdh = ecdh_check(eckey); - - if (ecdh == NULL) - return 0; - -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ecdh->engine); - ecdh->engine = NULL; -#endif - ecdh->meth = meth; - return 1; -} - -static ECDH_DATA * -ECDH_DATA_new_method(ENGINE *engine) -{ - ECDH_DATA *ret; - - ret = malloc(sizeof(ECDH_DATA)); - if (ret == NULL) { - ECDHerror(ERR_R_MALLOC_FAILURE); - return (NULL); - } - - ret->init = NULL; - - ret->meth = ECDH_get_default_method(); - ret->engine = engine; -#ifndef OPENSSL_NO_ENGINE - if (!ret->engine) - ret->engine = ENGINE_get_default_ECDH(); - if (ret->engine) { - ret->meth = ENGINE_get_ECDH(ret->engine); - if (ret->meth == NULL) { - ECDHerror(ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - free(ret); - return NULL; - } - } -#endif - - ret->flags = ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); - return (ret); -} - -static void * -ecdh_data_new(void) -{ - return (void *)ECDH_DATA_new_method(NULL); -} - -static void * -ecdh_data_dup(void *data) -{ - ECDH_DATA *r = (ECDH_DATA *)data; - - /* XXX: dummy operation */ - if (r == NULL) - return NULL; - - return (void *)ecdh_data_new(); -} - -void -ecdh_data_free(void *data) -{ - ECDH_DATA *r = (ECDH_DATA *)data; - -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); - - freezero(r, sizeof(ECDH_DATA)); -} - -ECDH_DATA * -ecdh_check(EC_KEY *key) -{ - ECDH_DATA *ecdh_data; - - void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, - ecdh_data_free, ecdh_data_free); - if (data == NULL) { - ecdh_data = (ECDH_DATA *)ecdh_data_new(); - if (ecdh_data == NULL) - return NULL; - data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, - ecdh_data_dup, ecdh_data_free, ecdh_data_free); - if (data != NULL) { - /* Another thread raced us to install the key_method - * data and won. */ - ecdh_data_free(ecdh_data); - ecdh_data = (ECDH_DATA *)data; - } - } else - ecdh_data = (ECDH_DATA *)data; - - return ecdh_data; + return 0; } int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, - new_func, dup_func, free_func); + return -1; } int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) { - ECDH_DATA *ecdh; - ecdh = ecdh_check(d); - if (ecdh == NULL) - return 0; - return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg)); + return 0; } void * ECDH_get_ex_data(EC_KEY *d, int idx) { - ECDH_DATA *ecdh; - ecdh = ecdh_check(d); - if (ecdh == NULL) - return NULL; - return (CRYPTO_get_ex_data(&ecdh->ex_data, idx)); -} - -int -ECDH_size(const EC_KEY *d) -{ - return ((EC_GROUP_get_degree(EC_KEY_get0_group(d)) + 7) / 8); + return NULL; } diff --git a/lib/libcrypto/ecdh/ech_local.h b/lib/libcrypto/ecdh/ech_local.h deleted file mode 100644 index 3c2a2673c..000000000 --- a/lib/libcrypto/ecdh/ech_local.h +++ /dev/null @@ -1,99 +0,0 @@ -/* $OpenBSD: ech_local.h,v 1.2 2022/11/26 17:23:17 tb Exp $ */ -/* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_ECH_LOCAL_H -#define HEADER_ECH_LOCAL_H - -#include - -__BEGIN_HIDDEN_DECLS - -struct ecdh_method { - const char *name; - int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); - int flags; - char *app_data; -}; - -/* If this flag is set the ECDH method is FIPS compliant and can be used - * in FIPS mode. This is set in the validated module method. If an - * application sets this flag in its own methods it is its responsibility - * to ensure the result is compliant. - */ - -#define ECDH_FLAG_FIPS_METHOD 0x1 - -typedef struct ecdh_data_st { - /* EC_KEY_METH_DATA part */ - int (*init)(EC_KEY *); - /* method specific part */ - ENGINE *engine; - int flags; - const ECDH_METHOD *meth; - CRYPTO_EX_DATA ex_data; -} ECDH_DATA; - -ECDH_DATA *ecdh_check(EC_KEY *); - -/* - * ECDH Key Derivation Function as defined in ANSI X9.63. - */ -int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z, - size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md); - -__END_HIDDEN_DECLS - -#endif /* !HEADER_ECH_LOCAL_H */ diff --git a/lib/libcrypto/ecdsa/ecs_lib.c b/lib/libcrypto/ecdsa/ecs_lib.c index 9a35a030d..743d51716 100644 --- a/lib/libcrypto/ecdsa/ecs_lib.c +++ b/lib/libcrypto/ecdsa/ecs_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_lib.c,v 1.17 2023/04/25 19:26:45 tb Exp $ */ +/* $OpenBSD: ecs_lib.c,v 1.22 2023/06/25 19:33:39 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * @@ -68,9 +68,18 @@ static const ECDSA_METHOD *default_ECDSA_method = NULL; -static void *ecdsa_data_new(void); -static void *ecdsa_data_dup(void *); -static void ecdsa_data_free(void *); +static const ECDSA_METHOD openssl_ecdsa_meth = { + .name = "OpenSSL ECDSA method", + .ecdsa_do_sign = ossl_ecdsa_sign_sig, + .ecdsa_sign_setup = ossl_ecdsa_sign_setup, + .ecdsa_do_verify = ossl_ecdsa_verify_sig, +}; + +const ECDSA_METHOD * +ECDSA_OpenSSL(void) +{ + return &openssl_ecdsa_meth; +} void ECDSA_set_default_method(const ECDSA_METHOD *meth) @@ -90,168 +99,24 @@ ECDSA_get_default_method(void) int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) { - ECDSA_DATA *ecdsa; - - ecdsa = ecdsa_check(eckey); - - if (ecdsa == NULL) - return 0; - -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ecdsa->engine); - ecdsa->engine = NULL; -#endif - ecdsa->meth = meth; - - return 1; -} - -static ECDSA_DATA * -ECDSA_DATA_new_method(ENGINE *engine) -{ - ECDSA_DATA *ret; - - ret = malloc(sizeof(ECDSA_DATA)); - if (ret == NULL) { - ECDSAerror(ERR_R_MALLOC_FAILURE); - return (NULL); - } - - ret->init = NULL; - - ret->meth = ECDSA_get_default_method(); - ret->engine = engine; -#ifndef OPENSSL_NO_ENGINE - if (!ret->engine) - ret->engine = ENGINE_get_default_ECDSA(); - if (ret->engine) { - ret->meth = ENGINE_get_ECDSA(ret->engine); - if (ret->meth == NULL) { - ECDSAerror(ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - free(ret); - return NULL; - } - } -#endif - - ret->flags = ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); - return (ret); -} - -static void * -ecdsa_data_new(void) -{ - return (void *)ECDSA_DATA_new_method(NULL); -} - -static void * -ecdsa_data_dup(void *data) -{ - ECDSA_DATA *r = (ECDSA_DATA *)data; - - /* XXX: dummy operation */ - if (r == NULL) - return NULL; - - return ecdsa_data_new(); -} - -static void -ecdsa_data_free(void *data) -{ - ECDSA_DATA *r = (ECDSA_DATA *)data; - -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); - - freezero(r, sizeof(ECDSA_DATA)); -} - -ECDSA_DATA * -ecdsa_check(EC_KEY *key) -{ - ECDSA_DATA *ecdsa_data; - - void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, - ecdsa_data_free, ecdsa_data_free); - if (data == NULL) { - ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); - if (ecdsa_data == NULL) - return NULL; - data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, - ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); - if (data != NULL) { - /* Another thread raced us to install the key_method - * data and won. */ - ecdsa_data_free(ecdsa_data); - ecdsa_data = (ECDSA_DATA *)data; - } - } else - ecdsa_data = (ECDSA_DATA *)data; - - return ecdsa_data; -} - -int -ECDSA_size(const EC_KEY *r) -{ - BIGNUM *order = NULL; - const EC_GROUP *group; - ECDSA_SIG signature; - int ret = 0; - - if (r == NULL) - goto err; - - if ((group = EC_KEY_get0_group(r)) == NULL) - goto err; - - if ((order = BN_new()) == NULL) - goto err; - - if (!EC_GROUP_get_order(group, order, NULL)) - goto err; - - signature.r = order; - signature.s = order; - - if ((ret = i2d_ECDSA_SIG(&signature, NULL)) < 0) - ret = 0; - - err: - BN_free(order); - - return ret; + return 0; } int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, - new_func, dup_func, free_func); + return -1; } int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) { - ECDSA_DATA *ecdsa; - ecdsa = ecdsa_check(d); - if (ecdsa == NULL) - return 0; - return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg)); + return 0; } void * ECDSA_get_ex_data(EC_KEY *d, int idx) { - ECDSA_DATA *ecdsa; - ecdsa = ecdsa_check(d); - if (ecdsa == NULL) - return NULL; - return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx)); + return NULL; } diff --git a/lib/libcrypto/ecdsa/ecs_local.h b/lib/libcrypto/ecdsa/ecs_local.h index 5cdf26455..20ad0c246 100644 --- a/lib/libcrypto/ecdsa/ecs_local.h +++ b/lib/libcrypto/ecdsa/ecs_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_local.h,v 1.2 2022/11/26 17:23:17 tb Exp $ */ +/* $OpenBSD: ecs_local.h,v 1.3 2023/06/25 18:45:56 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -63,29 +63,11 @@ __BEGIN_HIDDEN_DECLS -typedef struct ecdsa_data_st { - /* EC_KEY_METH_DATA part */ - int (*init)(EC_KEY *); - /* method (ECDSA) specific part */ - ENGINE *engine; - int flags; - const ECDSA_METHOD *meth; - CRYPTO_EX_DATA ex_data; -} ECDSA_DATA; - struct ECDSA_SIG_st { BIGNUM *r; BIGNUM *s; }; -/** ecdsa_check - * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure - * and if not it removes the old meth_data and creates a ECDSA_DATA structure. - * \param eckey pointer to a EC_KEY object - * \return pointer to a ECDSA_DATA structure - */ -ECDSA_DATA *ecdsa_check(EC_KEY *eckey); - int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, diff --git a/lib/libcrypto/ecdsa/ecs_ossl.c b/lib/libcrypto/ecdsa/ecs_ossl.c index 9702cd6da..251a938e2 100644 --- a/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/lib/libcrypto/ecdsa/ecs_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_ossl.c,v 1.33 2023/04/13 15:00:24 tb Exp $ */ +/* $OpenBSD: ecs_ossl.c,v 1.37 2023/06/25 19:33:39 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -71,25 +71,6 @@ static int ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, BIGNUM *order, BIGNUM *ret); -static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, - const BIGNUM *, const BIGNUM *, EC_KEY *eckey); -static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); -static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); - -static ECDSA_METHOD openssl_ecdsa_meth = { - .name = "OpenSSL ECDSA method", - .ecdsa_do_sign = ecdsa_do_sign, - .ecdsa_sign_setup = ecdsa_sign_setup, - .ecdsa_do_verify = ecdsa_do_verify -}; - -const ECDSA_METHOD * -ECDSA_OpenSSL(void) -{ - return &openssl_ecdsa_meth; -} static int ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, BIGNUM *order, @@ -139,8 +120,8 @@ ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *si return ret; } -static int -ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +int +ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { BN_CTX *ctx = ctx_in; BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; @@ -260,18 +241,6 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) return (ret); } -/* replace w/ ecdsa_sign_setup() when ECDSA_METHOD gets removed */ -int -ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) -{ - ECDSA_DATA *ecdsa; - - if ((ecdsa = ecdsa_check(eckey)) == NULL) - return 0; - return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); -} - - /* * It is too expensive to check curve parameters on every sign operation. * Instead, cap the number of retries. A single retry is very unlikely, so @@ -279,8 +248,8 @@ ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp */ #define ECDSA_MAX_SIGN_ITERATIONS 32 -static ECDSA_SIG * -ecdsa_do_sign(const unsigned char *dgst, int dgst_len, +ECDSA_SIG * +ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) { BIGNUM *b = NULL, *binv = NULL, *bm = NULL, *bxr = NULL; @@ -289,15 +258,13 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, BN_CTX *ctx = NULL; const EC_GROUP *group; ECDSA_SIG *ret; - ECDSA_DATA *ecdsa; int attempts = 0; int ok = 0; - ecdsa = ecdsa_check(eckey); group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); - if (group == NULL || priv_key == NULL || ecdsa == NULL) { + if (group == NULL || priv_key == NULL) { ECDSAerror(ERR_R_PASSED_NULL_PARAMETER); return NULL; } @@ -434,18 +401,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, return ret; } -/* replace w/ ecdsa_do_sign() when ECDSA_METHOD gets removed */ -ECDSA_SIG * -ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) -{ - ECDSA_DATA *ecdsa; - - if ((ecdsa = ecdsa_check(eckey)) == NULL) - return NULL; - return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey); -} - int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) @@ -472,8 +427,8 @@ ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, return (ret); } -static int -ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, +int +ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { BN_CTX *ctx; @@ -563,18 +518,6 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, return ret; } -/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */ -int -ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) -{ - ECDSA_DATA *ecdsa; - - if ((ecdsa = ecdsa_check(eckey)) == NULL) - return 0; - return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); -} - ECDSA_SIG * ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { @@ -637,3 +580,35 @@ ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); return 0; } + +int +ECDSA_size(const EC_KEY *r) +{ + BIGNUM *order = NULL; + const EC_GROUP *group; + ECDSA_SIG signature; + int ret = 0; + + if (r == NULL) + goto err; + + if ((group = EC_KEY_get0_group(r)) == NULL) + goto err; + + if ((order = BN_new()) == NULL) + goto err; + + if (!EC_GROUP_get_order(group, order, NULL)) + goto err; + + signature.r = order; + signature.s = order; + + if ((ret = i2d_ECDSA_SIG(&signature, NULL)) < 0) + ret = 0; + + err: + BN_free(order); + + return ret; +} diff --git a/lib/libcrypto/man/X509_check_purpose.3 b/lib/libcrypto/man/X509_check_purpose.3 index 635608113..ebd627bd5 100644 --- a/lib/libcrypto/man/X509_check_purpose.3 +++ b/lib/libcrypto/man/X509_check_purpose.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_check_purpose.3,v 1.10 2023/04/30 14:49:47 tb Exp $ +.\" $OpenBSD: X509_check_purpose.3,v 1.11 2023/06/25 13:54:58 tb Exp $ .\" .\" Copyright (c) 2019, 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: April 30 2023 $ +.Dd $Mdocdate: June 25 2023 $ .Dt X509_CHECK_PURPOSE 3 .Os .Sh NAME @@ -38,7 +38,7 @@ ignores the argument and checks that all the extensions of the .Fa certificate can be parsed and pass minimal sanity checks, ensuring that -extensions that must not occur more than once do not. +no extension occurs more than once. It also makes sure that all extensions are cached in the .Vt X509 object. diff --git a/lib/libcrypto/x509/x509_purp.c b/lib/libcrypto/x509/x509_purp.c index 75d229b03..f7bc7ea53 100644 --- a/lib/libcrypto/x509/x509_purp.c +++ b/lib/libcrypto/x509/x509_purp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_purp.c,v 1.26 2023/06/20 14:21:19 tb Exp $ */ +/* $OpenBSD: x509_purp.c,v 1.27 2023/06/25 13:52:27 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -441,6 +441,47 @@ setup_crldp(X509 *x) setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); } +static int +x509_extension_oid_cmp(const X509_EXTENSION *const *a, + const X509_EXTENSION *const *b) +{ + return OBJ_cmp((*a)->object, (*b)->object); +} + +static int +x509_extension_oids_are_unique(X509 *x509) +{ + STACK_OF(X509_EXTENSION) *exts = NULL; + const X509_EXTENSION *prev_ext, *curr_ext; + int i; + int ret = 0; + + if (X509_get_ext_count(x509) <= 1) + goto done; + + if ((exts = sk_X509_EXTENSION_dup(x509->cert_info->extensions)) == NULL) + goto err; + + (void)sk_X509_EXTENSION_set_cmp_func(exts, x509_extension_oid_cmp); + sk_X509_EXTENSION_sort(exts); + + prev_ext = sk_X509_EXTENSION_value(exts, 0); + for (i = 1; i < sk_X509_EXTENSION_num(exts); i++) { + curr_ext = sk_X509_EXTENSION_value(exts, i); + if (x509_extension_oid_cmp(&prev_ext, &curr_ext) == 0) + goto err; + prev_ext = curr_ext; + } + + done: + ret = 1; + + err: + sk_X509_EXTENSION_free(exts); + + return ret; +} + static void x509v3_cache_extensions_internal(X509 *x) { @@ -612,6 +653,9 @@ x509v3_cache_extensions_internal(X509 *x) } } + if (!x509_extension_oids_are_unique(x)) + x->ex_flags |= EXFLAG_INVALID; + x509_verify_cert_info_populate(x); x->ex_flags |= EXFLAG_SET; diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h index 74dbf8d63..f867cc38c 100644 --- a/lib/libcrypto/x509/x509v3.h +++ b/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.24 2023/04/25 19:01:01 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.25 2023/06/25 18:15:21 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -426,8 +426,7 @@ typedef struct x509_purpose_st { int purpose; int trust; /* Default trust ID */ int flags; - int (*check_purpose)(const struct x509_purpose_st *, - const X509 *, int); + int (*check_purpose)(const struct x509_purpose_st *, const X509 *, int); char *name; char *sname; void *usr_data; diff --git a/regress/usr.sbin/rpki-client/test-rrdp.c b/regress/usr.sbin/rpki-client/test-rrdp.c index b6da63c67..1a0b07997 100644 --- a/regress/usr.sbin/rpki-client/test-rrdp.c +++ b/regress/usr.sbin/rpki-client/test-rrdp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test-rrdp.c,v 1.7 2023/06/20 12:52:32 job Exp $ */ +/* $OpenBSD: test-rrdp.c,v 1.8 2023/06/24 07:07:36 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher * Copyright (c) 2021 Claudio Jeker @@ -203,6 +203,7 @@ rrdp_finished(struct rrdp *s) switch (s->task) { case NOTIFICATION: + notification_done(s->nxml, NULL); log_notification_xml(s->nxml); break; case SNAPSHOT: diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c index 7f7c8bee0..93ccda1e6 100644 --- a/sbin/iked/ca.c +++ b/sbin/iked/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.93 2023/06/17 22:33:34 tobhe Exp $ */ +/* $OpenBSD: ca.c,v 1.94 2023/06/25 08:07:04 op Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -33,7 +33,6 @@ #include #include -#include #include #include #include @@ -1958,17 +1957,6 @@ ca_x509_subjectaltname_get(X509 *cert, struct iked_id *retid) return ca_x509_subjectaltname_do(cert, MODE_ALT_GET, NULL, NULL, retid); } -void -ca_sslinit(void) -{ - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Init hardware crypto engines. */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); -} - void ca_sslerror(const char *caller) { diff --git a/sbin/iked/iked.c b/sbin/iked/iked.c index aa824d6f1..7af05d9a6 100644 --- a/sbin/iked/iked.c +++ b/sbin/iked/iked.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.c,v 1.64 2023/03/05 22:17:22 tobhe Exp $ */ +/* $OpenBSD: iked.c,v 1.65 2023/06/25 08:07:04 op Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -175,7 +175,6 @@ main(int argc, char *argv[]) if (strlcpy(env->sc_conffile, conffile, PATH_MAX) >= PATH_MAX) errx(1, "config file exceeds PATH_MAX"); - ca_sslinit(); group_init(); policy_init(env); diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index 85958e1c2..b220f1890 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.218 2023/06/19 17:19:50 claudio Exp $ */ +/* $OpenBSD: iked.h,v 1.219 2023/06/25 08:07:04 op Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -1178,7 +1178,6 @@ int ca_setauth(struct iked *, struct iked_sa *, void ca_getkey(struct privsep *, struct iked_id *, enum imsg_type); int ca_privkey_serialize(EVP_PKEY *, struct iked_id *); int ca_pubkey_serialize(EVP_PKEY *, struct iked_id *); -void ca_sslinit(void); void ca_sslerror(const char *); char *ca_asn1_name(uint8_t *, size_t); void *ca_x509_name_parse(char *); diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index acc9a06a6..292a64364 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.276 2022/10/03 16:43:52 bluhm Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.277 2023/06/24 20:54:46 bluhm Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -121,15 +121,15 @@ struct baddynamicports rootonlyports; struct pool inpcb_pool; void in_pcbhash_insert(struct inpcb *); -struct inpcb *in_pcbhash_lookup(struct inpcbtable *, u_int, +struct inpcb *in_pcbhash_lookup(struct inpcbtable *, uint64_t, u_int, const struct in_addr *, u_short, const struct in_addr *, u_short); int in_pcbresize(struct inpcbtable *, int); #define INPCBHASH_LOADFACTOR(_x) (((_x) * 3) / 4) -struct inpcbhead *in_pcbhash(struct inpcbtable *, u_int, +uint64_t in_pcbhash(struct inpcbtable *, u_int, const struct in_addr *, u_short, const struct in_addr *, u_short); -struct inpcbhead *in_pcblhash(struct inpcbtable *, u_int, u_short); +uint64_t in_pcblhash(struct inpcbtable *, u_int, u_short); /* * in_pcb is used for inet and inet6. in6_pcb only contains special @@ -142,7 +142,7 @@ in_init(void) IPL_SOFTNET, 0, "inpcb", NULL); } -struct inpcbhead * +uint64_t in_pcbhash(struct inpcbtable *table, u_int rdomain, const struct in_addr *faddr, u_short fport, const struct in_addr *laddr, u_short lport) @@ -156,11 +156,10 @@ in_pcbhash(struct inpcbtable *table, u_int rdomain, SipHash24_Update(&ctx, &fport, sizeof(fport)); SipHash24_Update(&ctx, laddr, sizeof(*laddr)); SipHash24_Update(&ctx, &lport, sizeof(lport)); - - return (&table->inpt_hashtbl[SipHash24_End(&ctx) & table->inpt_mask]); + return SipHash24_End(&ctx); } -struct inpcbhead * +uint64_t in_pcblhash(struct inpcbtable *table, u_int rdomain, u_short lport) { SIPHASH_CTX ctx; @@ -169,8 +168,7 @@ in_pcblhash(struct inpcbtable *table, u_int rdomain, u_short lport) SipHash24_Init(&ctx, &table->inpt_lkey); SipHash24_Update(&ctx, &nrdom, sizeof(nrdom)); SipHash24_Update(&ctx, &lport, sizeof(lport)); - - return (&table->inpt_lhashtbl[SipHash24_End(&ctx) & table->inpt_lmask]); + return SipHash24_End(&ctx); } void @@ -816,11 +814,14 @@ in_pcblookup_local(struct inpcbtable *table, void *laddrp, u_int lport_arg, struct in6_addr *laddr6 = (struct in6_addr *)laddrp; #endif struct inpcbhead *head; + uint64_t lhash; u_int rdomain; rdomain = rtable_l2(rtable); + lhash = in_pcblhash(table, rdomain, lport); + mtx_enter(&table->inpt_mtx); - head = in_pcblhash(table, rdomain, lport); + head = &table->inpt_lhashtbl[lhash & table->inpt_lmask]; LIST_FOREACH(inp, head, inp_lhash) { if (rtable_l2(inp->inp_rtableid) != rdomain) continue; @@ -1056,37 +1057,38 @@ in_pcbhash_insert(struct inpcb *inp) { struct inpcbtable *table = inp->inp_table; struct inpcbhead *head; + uint64_t hash, lhash; - NET_ASSERT_LOCKED(); MUTEX_ASSERT_LOCKED(&table->inpt_mtx); - head = in_pcblhash(table, inp->inp_rtableid, inp->inp_lport); + lhash = in_pcblhash(table, inp->inp_rtableid, inp->inp_lport); + head = &table->inpt_lhashtbl[lhash & table->inpt_lmask]; LIST_INSERT_HEAD(head, inp, inp_lhash); #ifdef INET6 if (inp->inp_flags & INP_IPV6) - head = in6_pcbhash(table, rtable_l2(inp->inp_rtableid), + hash = in6_pcbhash(table, rtable_l2(inp->inp_rtableid), &inp->inp_faddr6, inp->inp_fport, &inp->inp_laddr6, inp->inp_lport); else #endif /* INET6 */ - head = in_pcbhash(table, rtable_l2(inp->inp_rtableid), + hash = in_pcbhash(table, rtable_l2(inp->inp_rtableid), &inp->inp_faddr, inp->inp_fport, &inp->inp_laddr, inp->inp_lport); + head = &table->inpt_hashtbl[hash & table->inpt_mask]; LIST_INSERT_HEAD(head, inp, inp_hash); } struct inpcb * -in_pcbhash_lookup(struct inpcbtable *table, u_int rdomain, +in_pcbhash_lookup(struct inpcbtable *table, uint64_t hash, u_int rdomain, const struct in_addr *faddr, u_short fport, const struct in_addr *laddr, u_short lport) { struct inpcbhead *head; struct inpcb *inp; - NET_ASSERT_LOCKED(); MUTEX_ASSERT_LOCKED(&table->inpt_mtx); - head = in_pcbhash(table, rdomain, faddr, fport, laddr, lport); + head = &table->inpt_hashtbl[hash & table->inpt_mask]; LIST_FOREACH(inp, head, inp_hash) { #ifdef INET6 if (ISSET(inp->inp_flags, INP_IPV6)) @@ -1140,8 +1142,6 @@ in_pcbresize(struct inpcbtable *table, int hashsize) table->inpt_mask = nmask; table->inpt_lmask = nlmask; table->inpt_size = hashsize; - arc4random_buf(&table->inpt_key, sizeof(table->inpt_key)); - arc4random_buf(&table->inpt_lkey, sizeof(table->inpt_lkey)); TAILQ_FOREACH(inp, &table->inpt_queue, inp_queue) { LIST_REMOVE(inp, inp_lhash); @@ -1172,13 +1172,18 @@ in_pcblookup(struct inpcbtable *table, struct in_addr faddr, u_int fport, struct in_addr laddr, u_int lport, u_int rtable) { struct inpcb *inp; + uint64_t hash; u_int rdomain; rdomain = rtable_l2(rtable); + hash = in_pcbhash(table, rdomain, &faddr, fport, &laddr, lport); + mtx_enter(&table->inpt_mtx); - inp = in_pcbhash_lookup(table, rdomain, &faddr, fport, &laddr, lport); + inp = in_pcbhash_lookup(table, hash, rdomain, + &faddr, fport, &laddr, lport); in_pcbref(inp); mtx_leave(&table->inpt_mtx); + #ifdef DIAGNOSTIC if (inp == NULL && in_pcbnotifymiss) { printf("%s: faddr=%08x fport=%d laddr=%08x lport=%d rdom=%u\n", @@ -1202,6 +1207,7 @@ in_pcblookup_listen(struct inpcbtable *table, struct in_addr laddr, { const struct in_addr *key1, *key2; struct inpcb *inp; + uint64_t hash; u_int16_t lport = lport_arg; u_int rdomain; @@ -1239,14 +1245,20 @@ in_pcblookup_listen(struct inpcbtable *table, struct in_addr laddr, #endif rdomain = rtable_l2(rtable); + hash = in_pcbhash(table, rdomain, &zeroin_addr, 0, key1, lport); + mtx_enter(&table->inpt_mtx); - inp = in_pcbhash_lookup(table, rdomain, &zeroin_addr, 0, key1, lport); + inp = in_pcbhash_lookup(table, hash, rdomain, + &zeroin_addr, 0, key1, lport); if (inp == NULL && key1->s_addr != key2->s_addr) { - inp = in_pcbhash_lookup(table, rdomain, + hash = in_pcbhash(table, rdomain, + &zeroin_addr, 0, key2, lport); + inp = in_pcbhash_lookup(table, hash, rdomain, &zeroin_addr, 0, key2, lport); } in_pcbref(inp); mtx_leave(&table->inpt_mtx); + #ifdef DIAGNOSTIC if (inp == NULL && in_pcbnotifymiss) { printf("%s: laddr=%08x lport=%d rdom=%u\n", diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index fd8877894..61c26da36 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.135 2022/10/03 16:43:52 bluhm Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.136 2023/06/24 20:54:46 bluhm Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -172,7 +172,7 @@ struct inpcbtable { TAILQ_HEAD(inpthead, inpcb) inpt_queue; /* [t] inet PCB queue */ struct inpcbhead *inpt_hashtbl; /* [t] local and foreign hash */ struct inpcbhead *inpt_lhashtbl; /* [t] local port hash */ - SIPHASH_KEY inpt_key, inpt_lkey; /* [t] secrets for hashes */ + SIPHASH_KEY inpt_key, inpt_lkey; /* [I] secrets for hashes */ u_long inpt_mask, inpt_lmask; /* [t] hash masks */ int inpt_count, inpt_size; /* [t] queue count, hash size */ }; @@ -294,8 +294,7 @@ struct inpcb * in_pcblookup_listen(struct inpcbtable *, struct in_addr, u_int, struct mbuf *, u_int); #ifdef INET6 -struct inpcbhead * - in6_pcbhash(struct inpcbtable *, u_int, const struct in6_addr *, +uint64_t in6_pcbhash(struct inpcbtable *, u_int, const struct in6_addr *, u_short, const struct in6_addr *, u_short); struct inpcb * in6_pcblookup(struct inpcbtable *, const struct in6_addr *, diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 1e17ada32..5feb33c82 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_pcb.c,v 1.123 2022/09/03 22:43:38 mvs Exp $ */ +/* $OpenBSD: in6_pcb.c,v 1.124 2023/06/24 20:54:46 bluhm Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -126,10 +126,10 @@ const struct in6_addr zeroin6_addr; -struct inpcb *in6_pcbhash_lookup(struct inpcbtable *, u_int, +struct inpcb *in6_pcbhash_lookup(struct inpcbtable *, uint64_t, u_int, const struct in6_addr *, u_short, const struct in6_addr *, u_short); -struct inpcbhead * +uint64_t in6_pcbhash(struct inpcbtable *table, u_int rdomain, const struct in6_addr *faddr, u_short fport, const struct in6_addr *laddr, u_short lport) @@ -143,8 +143,7 @@ in6_pcbhash(struct inpcbtable *table, u_int rdomain, SipHash24_Update(&ctx, &fport, sizeof(fport)); SipHash24_Update(&ctx, laddr, sizeof(*laddr)); SipHash24_Update(&ctx, &lport, sizeof(lport)); - - return (&table->inpt_hashtbl[SipHash24_End(&ctx) & table->inpt_mask]); + return SipHash24_End(&ctx); } int @@ -541,7 +540,7 @@ in6_pcbnotify(struct inpcbtable *table, struct sockaddr_in6 *dst, } struct inpcb * -in6_pcbhash_lookup(struct inpcbtable *table, u_int rdomain, +in6_pcbhash_lookup(struct inpcbtable *table, uint64_t hash, u_int rdomain, const struct in6_addr *faddr, u_short fport, const struct in6_addr *laddr, u_short lport) { @@ -551,7 +550,7 @@ in6_pcbhash_lookup(struct inpcbtable *table, u_int rdomain, NET_ASSERT_LOCKED(); MUTEX_ASSERT_LOCKED(&table->inpt_mtx); - head = in6_pcbhash(table, rdomain, faddr, fport, laddr, lport); + head = &table->inpt_hashtbl[hash & table->inpt_mask]; LIST_FOREACH(inp, head, inp_hash) { if (!ISSET(inp->inp_flags, INP_IPV6)) continue; @@ -581,13 +580,18 @@ in6_pcblookup(struct inpcbtable *table, const struct in6_addr *faddr, u_int fport, const struct in6_addr *laddr, u_int lport, u_int rtable) { struct inpcb *inp; + uint64_t hash; u_int rdomain; rdomain = rtable_l2(rtable); + hash = in6_pcbhash(table, rdomain, faddr, fport, laddr, lport); + mtx_enter(&table->inpt_mtx); - inp = in6_pcbhash_lookup(table, rdomain, faddr, fport, laddr, lport); + inp = in6_pcbhash_lookup(table, hash, rdomain, + faddr, fport, laddr, lport); in_pcbref(inp); mtx_leave(&table->inpt_mtx); + #ifdef DIAGNOSTIC if (inp == NULL && in_pcbnotifymiss) { printf("%s: faddr= fport=%d laddr= lport=%d rdom=%u\n", @@ -603,6 +607,7 @@ in6_pcblookup_listen(struct inpcbtable *table, struct in6_addr *laddr, { const struct in6_addr *key1, *key2; struct inpcb *inp; + uint64_t hash; u_int rdomain; key1 = laddr; @@ -636,14 +641,20 @@ in6_pcblookup_listen(struct inpcbtable *table, struct in6_addr *laddr, #endif rdomain = rtable_l2(rtable); + hash = in6_pcbhash(table, rdomain, &zeroin6_addr, 0, key1, lport); + mtx_enter(&table->inpt_mtx); - inp = in6_pcbhash_lookup(table, rdomain, &zeroin6_addr, 0, key1, lport); + inp = in6_pcbhash_lookup(table, hash, rdomain, + &zeroin6_addr, 0, key1, lport); if (inp == NULL && ! IN6_ARE_ADDR_EQUAL(key1, key2)) { - inp = in6_pcbhash_lookup(table, rdomain, + hash = in6_pcbhash(table, rdomain, + &zeroin6_addr, 0, key2, lport); + inp = in6_pcbhash_lookup(table, hash, rdomain, &zeroin6_addr, 0, key2, lport); } in_pcbref(inp); mtx_leave(&table->inpt_mtx); + #ifdef DIAGNOSTIC if (inp == NULL && in_pcbnotifymiss) { printf("%s: laddr= lport=%d rdom=%u\n", diff --git a/usr.bin/tmux/input.c b/usr.bin/tmux/input.c index 64b32ff0f..422e1ceb5 100644 --- a/usr.bin/tmux/input.c +++ b/usr.bin/tmux/input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: input.c,v 1.214 2023/03/27 08:47:57 nicm Exp $ */ +/* $OpenBSD: input.c,v 1.215 2023/06/25 15:53:07 nicm Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott @@ -2065,7 +2065,7 @@ static void input_csi_dispatch_sgr(struct input_ctx *ictx) { struct grid_cell *gc = &ictx->cell.cell; - u_int i; + u_int i, link; int n; if (ictx->param_list_len == 0) { @@ -2097,7 +2097,9 @@ input_csi_dispatch_sgr(struct input_ctx *ictx) switch (n) { case 0: + link = gc->link; memcpy(gc, &grid_default_cell, sizeof *gc); + gc->link = link; break; case 1: gc->attr |= GRID_ATTR_BRIGHT; diff --git a/usr.sbin/relayd/config.c b/usr.sbin/relayd/config.c index a2f1c130d..b8f91bb7a 100644 --- a/usr.sbin/relayd/config.c +++ b/usr.sbin/relayd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.43 2021/12/05 13:48:14 jsg Exp $ */ +/* $OpenBSD: config.c,v 1.44 2023/06/25 08:07:38 op Exp $ */ /* * Copyright (c) 2011 - 2014 Reyk Floeter @@ -293,7 +293,6 @@ config_getcfg(struct relayd *env, struct imsg *imsg) } if (env->sc_conf.flags & (F_TLS|F_TLSCLIENT)) { - ssl_init(env); if (what & CONFIG_CA_ENGINE) ca_engine_init(env); } diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c index edc862189..df93c9527 100644 --- a/usr.sbin/relayd/relayd.c +++ b/usr.sbin/relayd/relayd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.c,v 1.190 2022/11/10 00:00:11 mbuhl Exp $ */ +/* $OpenBSD: relayd.c,v 1.191 2023/06/25 08:07:38 op Exp $ */ /* * Copyright (c) 2007 - 2016 Reyk Floeter @@ -255,9 +255,6 @@ main(int argc, char *argv[]) exit(0); } - if (env->sc_conf.flags & (F_TLS|F_TLSCLIENT)) - ssl_init(env); - /* rekey the TLS tickets before pushing the config */ parent_tls_ticket_rekey(0, 0, env); if (parent_configure(env) == -1) diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index 990cec350..ca178871a 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.270 2023/06/21 07:54:54 claudio Exp $ */ +/* $OpenBSD: relayd.h,v 1.271 2023/06/25 08:07:39 op Exp $ */ /* * Copyright (c) 2006 - 2016 Reyk Floeter @@ -1293,7 +1293,6 @@ void script_done(struct relayd *, struct ctl_script *); int script_exec(struct relayd *, struct ctl_script *); /* ssl.c */ -void ssl_init(struct relayd *); char *ssl_load_key(struct relayd *, const char *, off_t *, char *); uint8_t *ssl_update_certificate(const uint8_t *, size_t, EVP_PKEY *, EVP_PKEY *, X509 *, size_t *); diff --git a/usr.sbin/relayd/ssl.c b/usr.sbin/relayd/ssl.c index 0d76f8ba5..31eebee64 100644 --- a/usr.sbin/relayd/ssl.c +++ b/usr.sbin/relayd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.36 2021/12/08 19:25:04 tb Exp $ */ +/* $OpenBSD: ssl.c,v 1.37 2023/06/25 08:07:39 op Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter @@ -27,30 +27,11 @@ #include #include -#include #include "relayd.h" int ssl_password_cb(char *, int, int, void *); -void -ssl_init(struct relayd *env) -{ - static int initialized = 0; - - if (initialized) - return; - - SSL_library_init(); - SSL_load_error_strings(); - - /* Init hardware crypto engines. */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); - - initialized = 1; -} - int ssl_password_cb(char *buf, int size, int rwflag, void *u) { @@ -73,9 +54,6 @@ ssl_load_key(struct relayd *env, const char *name, off_t *len, char *pass) long size; char *data, *buf = NULL; - /* Initialize SSL library once */ - ssl_init(env); - /* * Read (possibly) encrypted key from file */ diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index e9ca4840c..508e48a3e 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.112 2023/06/23 20:05:30 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.113 2023/06/24 04:15:14 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Job Snijders @@ -738,9 +738,9 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) obj = X509_EXTENSION_get_object(ext); assert(obj != NULL); - switch ((nid = OBJ_obj2nid(obj))) { + switch (nid = OBJ_obj2nid(obj)) { case NID_sbgp_ipAddrBlock: - if (ip++ >= 1) + if (ip++ > 0) goto dup; if (!sbgp_ipaddrblk(&p, ext)) goto out; diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c index 9802ee144..ef719264f 100644 --- a/usr.sbin/smtpd/ssl.c +++ b/usr.sbin/smtpd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.99 2023/06/11 10:30:10 op Exp $ */ +/* $OpenBSD: ssl.c,v 1.100 2023/06/25 08:08:03 op Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard @@ -22,7 +22,6 @@ #include #include -#include #include #include #include @@ -31,25 +30,6 @@ #include "log.h" #include "ssl.h" -void -ssl_init(void) -{ - static int inited = 0; - - if (inited) - return; - - SSL_library_init(); - SSL_load_error_strings(); - - OpenSSL_add_all_algorithms(); - - /* Init hardware crypto engines. */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); - inited = 1; -} - static char * ssl_load_file(const char *name, off_t *len, mode_t perm) { @@ -140,9 +120,6 @@ ssl_load_key(const char *name, off_t *len, char *pass, mode_t perm, const char * char mode[12]; char prompt[2048]; - /* Initialize SSL library once */ - ssl_init(); - /* * Read (possibly) encrypted key from file */ diff --git a/usr.sbin/smtpd/ssl.h b/usr.sbin/smtpd/ssl.h index 912e6a25f..ced63ebd6 100644 --- a/usr.sbin/smtpd/ssl.h +++ b/usr.sbin/smtpd/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.26 2022/02/18 16:57:36 millert Exp $ */ +/* $OpenBSD: ssl.h,v 1.27 2023/06/25 08:08:03 op Exp $ */ /* * Copyright (c) 2013 Gilles Chehade * @@ -39,7 +39,6 @@ struct ca { /* ssl.c */ -void ssl_init(void); void ssl_error(const char *); int ssl_load_certificate(struct pki *, const char *); int ssl_load_keyfile(struct pki *, const char *, const char *);