sync with OpenBSD -current

lib/libcrypto/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.213 2024/10/18 11:12:10 tb Exp $
+# $OpenBSD: Makefile,v 1.214 2024/10/19 08:26:03 tb Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -281,7 +281,6 @@ SRCS+= dsa_prn.c
 # ec/
 SRCS+= ec_ameth.c
 SRCS+= ec_asn1.c
-SRCS+= ec_check.c
 SRCS+= ec_curve.c
 SRCS+= ec_err.c
 SRCS+= ec_key.c

lib/libcrypto/arch/amd64/crypto_arch.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_arch.h,v 1.2 2024/10/18 13:36:24 jsing Exp $ */
+/*	$OpenBSD: crypto_arch.h,v 1.3 2024/10/19 13:06:11 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -19,6 +19,7 @@
 #define HEADER_CRYPTO_ARCH_H
 
 #define HAVE_CRYPTO_CPU_CAPS_INIT
+#define HAVE_CRYPTO_CPU_CAPS_IA32
 
 #ifndef OPENSSL_NO_ASM
 

lib/libcrypto/arch/amd64/crypto_cpu_caps.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_cpu_caps.c,v 1.1 2024/10/18 13:36:24 jsing Exp $ */
+/*	$OpenBSD: crypto_cpu_caps.c,v 1.2 2024/10/19 13:06:11 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -22,7 +22,7 @@
 #include "x86_arch.h"
 
 /* Legacy architecture specific capabilities, used by perlasm. */
-extern uint64_t OPENSSL_ia32cap_P;
+uint64_t OPENSSL_ia32cap_P;
 
 /* Machine independent CPU capabilities. */
 extern uint64_t crypto_cpu_caps;
@@ -112,3 +112,9 @@ crypto_cpu_caps_init(void)
 
 	OPENSSL_ia32cap_P = caps;
 }
+
+uint64_t
+crypto_cpu_caps_ia32(void)
+{
+	return OPENSSL_ia32cap_P;
+}

lib/libcrypto/arch/i386/crypto_arch.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_arch.h,v 1.2 2024/10/18 14:44:02 jsing Exp $ */
+/*	$OpenBSD: crypto_arch.h,v 1.3 2024/10/19 13:06:11 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -19,6 +19,7 @@
 #define HEADER_CRYPTO_ARCH_H
 
 #define HAVE_CRYPTO_CPU_CAPS_INIT
+#define HAVE_CRYPTO_CPU_CAPS_IA32
 
 #ifndef OPENSSL_NO_ASM
 

lib/libcrypto/arch/i386/crypto_cpu_caps.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_cpu_caps.c,v 1.1 2024/10/18 14:44:02 jsing Exp $ */
+/*	$OpenBSD: crypto_cpu_caps.c,v 1.2 2024/10/19 13:06:11 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -22,7 +22,7 @@
 #include "x86_arch.h"
 
 /* Legacy architecture specific capabilities, used by perlasm. */
-extern uint64_t OPENSSL_ia32cap_P;
+uint64_t OPENSSL_ia32cap_P;
 
 /* Machine independent CPU capabilities. */
 extern uint64_t crypto_cpu_caps;
@@ -112,3 +112,9 @@ crypto_cpu_caps_init(void)
 
 	OPENSSL_ia32cap_P = caps;
 }
+
+uint64_t
+crypto_cpu_caps_ia32(void)
+{
+	return OPENSSL_ia32cap_P;
+}

lib/libcrypto/arch/sparc64/Makefile.inc

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.19 2024/08/11 13:02:39 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.20 2024/10/19 11:55:32 jsing Exp $
 
 # sparc64-specific libcrypto build rules
 
@@ -24,7 +24,3 @@ ${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl
 	/usr/bin/env CC=${CC} /usr/bin/perl \
 		${LCRYPTO_SRC}/${dir}/asm/${src}.pl ${.TARGET} -m64 > ${.TARGET}
 .endfor
-
-# not until Montgomery code enabled
-#CFLAGS+= -DOPENSSL_CPUID_OBJ
-#SRCS+=	sparccpuid.S sparcv9cap.c

lib/libcrypto/cryptlib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptlib.c,v 1.56 2024/10/17 14:27:57 jsing Exp $ */
+/* $OpenBSD: cryptlib.c,v 1.57 2024/10/19 13:06:11 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -330,40 +330,6 @@ CRYPTO_THREADID_hash(const CRYPTO_THREADID *id)
 	return id->val;
 }
 
-#if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
-	defined(__INTEL__) || \
-	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
-
-uint64_t OPENSSL_ia32cap_P;
-
-uint64_t
-crypto_cpu_caps_ia32(void)
-{
-	return OPENSSL_ia32cap_P;
-}
-
-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_CPUID_SETUP
-void
-OPENSSL_cpuid_setup(void)
-{
-	uint64_t OPENSSL_ia32_cpuid(void);
-
-	OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid();
-
-	if ((OPENSSL_ia32cap_P & CPUCAP_MASK_AESNI) != 0)
-		crypto_cpu_caps |= CRYPTO_CPU_CAPS_ACCELERATED_AES;
-}
-#endif
-
-#else
-uint64_t
-crypto_cpu_caps_ia32(void)
-{
-	return 0;
-}
-#endif
-
 #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
 void
 OPENSSL_cpuid_setup(void)
@@ -379,6 +345,14 @@ crypto_cpu_caps_init(void)
 }
 #endif
 
+#ifndef HAVE_CRYPTO_CPU_CAPS_IA32
+uint64_t
+crypto_cpu_caps_ia32(void)
+{
+	return 0;
+}
+#endif
+
 uint64_t
 OPENSSL_cpu_caps(void)
 {

lib/libcrypto/dsa/dsa_pmeth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_pmeth.c,v 1.20 2024/08/26 22:00:47 op Exp $ */
+/* $OpenBSD: dsa_pmeth.c,v 1.21 2024/10/19 14:39:44 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -205,7 +205,7 @@ pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 
 	case EVP_PKEY_CTRL_MD:
 		/* ANSI X9.57 and NIST CSOR. */
-		switch (EVP_MD_type((const EVP_MD *)p2)) {
+		switch (EVP_MD_type(p2)) {
 		case NID_sha1:
 		case NID_dsa:
 		case NID_dsaWithSHA:

lib/libcrypto/ec/ec_asn1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1.c,v 1.74 2024/10/17 14:34:06 tb Exp $ */
+/* $OpenBSD: ec_asn1.c,v 1.75 2024/10/18 17:27:07 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -993,6 +993,8 @@ ec_asn1_parameters2group(const ECPARAMETERS *params)
 
 	if (!ec_asn1_parameters_extract_prime_group(params, &group))
 		goto err;
+	if (!ec_group_is_builtin_curve(group))
+		goto err;
 
 	return group;
 

lib/libcrypto/ec/ec_check.c

@@ -1,112 +0,0 @@
-/* $OpenBSD: ec_check.c,v 1.15 2023/07/07 13:54:45 beck Exp $ */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ec_local.h"
-#include <openssl/err.h>
-
-int
-EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
-{
-	BN_CTX *ctx;
-	EC_POINT *point = NULL;
-	const BIGNUM *order;
-	int ret = 0;
-
-	if ((ctx = ctx_in) == NULL)
-		ctx = BN_CTX_new();
-	if (ctx == NULL)
-		goto err;
-
-	/* check the discriminant */
-	if (!EC_GROUP_check_discriminant(group, ctx)) {
-		ECerror(EC_R_DISCRIMINANT_IS_ZERO);
-		goto err;
-	}
-	/* check the generator */
-	if (group->generator == NULL) {
-		ECerror(EC_R_UNDEFINED_GENERATOR);
-		goto err;
-	}
-	if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
-		ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-	}
-	/* check the order of the generator */
-	if ((point = EC_POINT_new(group)) == NULL)
-		goto err;
-	if ((order = EC_GROUP_get0_order(group)) == NULL)
-		goto err;
-	if (BN_is_zero(order)) {
-		ECerror(EC_R_UNDEFINED_ORDER);
-		goto err;
-	}
-	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
-		goto err;
-	if (EC_POINT_is_at_infinity(group, point) <= 0) {
-		ECerror(EC_R_INVALID_GROUP_ORDER);
-		goto err;
-	}
-
-	ret = 1;
-
- err:
-	if (ctx != ctx_in)
-		BN_CTX_free(ctx);
-
-	EC_POINT_free(point);
-
-	return ret;
-}
-LCRYPTO_ALIAS(EC_GROUP_check);

lib/libcrypto/ec/ec_curve.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_curve.c,v 1.43 2024/03/24 06:05:41 tb Exp $ */
+/* $OpenBSD: ec_curve.c,v 1.46 2024/10/18 18:03:45 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -69,6 +69,7 @@
  *
  */
 
+#include <limits.h>
 #include <string.h>
 
 #include <openssl/opensslconf.h>
@@ -1790,7 +1791,7 @@ static const struct {
 	},
 };
 
-static const struct ec_list_element {
+static const struct ec_curve {
 	const char *comment;
 	int nid;
 	int seed_len;
@@ -1803,7 +1804,7 @@ static const struct ec_list_element {
 	const uint8_t *x;
 	const uint8_t *y;
 	const uint8_t *order;
-} curve_list[] = {
+} ec_curve_list[] = {
 	/* secg curves */
 	{
 		.comment = "SECG/WTLS curve over a 112 bit prime field",
@@ -2328,10 +2329,10 @@ static const struct ec_list_element {
 	},
 };
 
-#define CURVE_LIST_LENGTH (sizeof(curve_list) / sizeof(curve_list[0]))
+#define EC_CURVE_LIST_LENGTH (sizeof(ec_curve_list) / sizeof(ec_curve_list[0]))
 
 static EC_GROUP *
-ec_group_new_from_data(const struct ec_list_element *curve)
+ec_group_new_from_data(const struct ec_curve *curve)
 {
 	EC_GROUP *group = NULL, *ret = NULL;
 	EC_POINT *generator = NULL;
@@ -2447,9 +2448,9 @@ EC_GROUP_new_by_curve_name(int nid)
 	if (nid <= 0)
 		return NULL;
 
-	for (i = 0; i < CURVE_LIST_LENGTH; i++) {
-		if (curve_list[i].nid == nid)
-			return ec_group_new_from_data(&curve_list[i]);
+	for (i = 0; i < EC_CURVE_LIST_LENGTH; i++) {
+		if (ec_curve_list[i].nid == nid)
+			return ec_group_new_from_data(&ec_curve_list[i]);
 	}
 
 	ECerror(EC_R_UNKNOWN_GROUP);
@@ -2457,22 +2458,242 @@ EC_GROUP_new_by_curve_name(int nid)
 }
 LCRYPTO_ALIAS(EC_GROUP_new_by_curve_name);
 
+static void
+ec_curve_free(struct ec_curve *curve)
+{
+	if (curve == NULL)
+		return;
+
+	/* PERM UGLY CASTS */
+	free((uint8_t *)curve->seed);
+	free((uint8_t *)curve->p);
+	free((uint8_t *)curve->a);
+	free((uint8_t *)curve->b);
+	free((uint8_t *)curve->x);
+	free((uint8_t *)curve->y);
+	free((uint8_t *)curve->order);
+
+	free(curve);
+}
+
+static int
+ec_curve_encode_parameter(const BIGNUM *bn, int param_len,
+    const uint8_t **out_param)
+{
+	uint8_t *buf = NULL;
+	int ret = 0;
+
+	if (out_param == NULL || *out_param != NULL)
+		goto err;
+
+	if ((buf = calloc(1, param_len)) == NULL)
+		goto err;
+	if (BN_bn2binpad(bn, buf, param_len) != param_len)
+		goto err;
+
+	*out_param = buf;
+	buf = NULL;
+
+	ret = 1;
+
+ err:
+	free(buf);
+
+	return ret;
+}
+
+static struct ec_curve *
+ec_curve_from_group(const EC_GROUP *group)
+{
+	struct ec_curve *curve = NULL;
+	BN_CTX *ctx;
+	BIGNUM *p, *a, *b, *x, *y;
+	const EC_POINT *generator = NULL;
+	const BIGNUM *order, *cofactor;
+	size_t seed_len;
+
+	if ((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	BN_CTX_start(ctx);
+
+	if ((p = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((a = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((b = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((x = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((y = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	if (!EC_GROUP_get_curve(group, p, a, b, ctx))
+		goto err;
+	if ((generator = EC_GROUP_get0_generator(group)) == NULL)
+		goto err;
+	if (!EC_POINT_get_affine_coordinates(group, generator, x, y, ctx))
+		goto err;
+	if ((order = EC_GROUP_get0_order(group)) == NULL)
+		goto err;
+
+	if ((curve = calloc(1, sizeof(*curve))) == NULL)
+		goto err;
+
+	curve->param_len = BN_num_bytes(p);
+	if (BN_num_bytes(order) > curve->param_len)
+		curve->param_len = BN_num_bytes(order);
+
+	if (!ec_curve_encode_parameter(p, curve->param_len, &curve->p))
+		goto err;
+	if (!ec_curve_encode_parameter(a, curve->param_len, &curve->a))
+		goto err;
+	if (!ec_curve_encode_parameter(b, curve->param_len, &curve->b))
+		goto err;
+	if (!ec_curve_encode_parameter(x, curve->param_len, &curve->x))
+		goto err;
+	if (!ec_curve_encode_parameter(y, curve->param_len, &curve->y))
+		goto err;
+	if (!ec_curve_encode_parameter(order, curve->param_len, &curve->order))
+		goto err;
+
+	if ((cofactor = EC_GROUP_get0_cofactor(group)) != NULL) {
+		BN_ULONG cofactor_word;
+
+		if ((cofactor_word = BN_get_word(cofactor)) == BN_MASK2)
+			goto err;
+		if (cofactor_word > INT_MAX)
+			goto err;
+
+		curve->cofactor = cofactor_word;
+	}
+
+	if ((seed_len = EC_GROUP_get_seed_len(group)) > 0) {
+		uint8_t *seed;
+
+		if (seed_len > INT_MAX)
+			goto err;
+		if ((seed = calloc(1, seed_len)) == NULL)
+			goto err;
+		memcpy(seed, EC_GROUP_get0_seed(group), seed_len);
+
+		curve->seed = seed;
+		curve->seed_len = seed_len;
+	}
+
+	BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
+
+	return curve;
+
+ err:
+	BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
+
+	ec_curve_free(curve);
+
+	return NULL;
+}
+
+static int
+ec_curve_cmp(const struct ec_curve *a, const struct ec_curve *b)
+{
+	int cmp;
+
+	/* Treat nid as optional. The OID isn't part of EC parameters. */
+	if (a->nid != NID_undef && b->nid != NID_undef) {
+		if (a->nid < b->nid)
+			return -1;
+		if (a->nid > b->nid)
+			return 1;
+	}
+
+	if (a->cofactor < b->cofactor)
+		return -1;
+	if (a->cofactor > b->cofactor)
+		return 1;
+	if (a->param_len < b->param_len)
+		return -1;
+	if (a->param_len > b->param_len)
+		return 1;
+
+	if ((cmp = memcmp(a->p, b->p, a->param_len)) != 0)
+		return cmp;
+	if ((cmp = memcmp(a->a, b->a, a->param_len)) != 0)
+		return cmp;
+	if ((cmp = memcmp(a->b, b->b, a->param_len)) != 0)
+		return cmp;
+	if ((cmp = memcmp(a->x, b->x, a->param_len)) != 0)
+		return cmp;
+	if ((cmp = memcmp(a->y, b->y, a->param_len)) != 0)
+		return cmp;
+	if ((cmp = memcmp(a->order, b->order, a->param_len)) != 0)
+		return cmp;
+
+	/* Seed is optional, not used for computation. Must match if present. */
+	if (a->seed_len != 0 && b->seed_len != 0) {
+		if (a->seed_len < b->seed_len)
+			return -1;
+		if (a->seed_len > b->seed_len)
+			return 1;
+		if (a->seed != NULL && b->seed != NULL) {
+			if ((cmp = memcmp(a->seed, b->seed, a->seed_len)) != 0)
+				return cmp;
+		}
+	}
+
+	return 0;
+}
+
+static int
+ec_group_nid_from_curve(const struct ec_curve *curve)
+{
+	size_t i;
+
+	for (i = 0; i < EC_CURVE_LIST_LENGTH; i++) {
+		if (ec_curve_cmp(curve, &ec_curve_list[i]) == 0)
+			return ec_curve_list[i].nid;
+	}
+
+	return NID_undef;
+}
+
+int
+ec_group_is_builtin_curve(const EC_GROUP *group)
+{
+	struct ec_curve *curve;
+	int ret = 0;
+
+	if ((curve = ec_curve_from_group(group)) == NULL)
+		goto err;
+
+	if (ec_group_nid_from_curve(curve) == NID_undef)
+		goto err;
+
+	ret = 1;
+
+ err:
+	ec_curve_free(curve);
+
+	return ret;
+}
+
 size_t
 EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
 {
-	size_t i, min;
+	size_t i;
 
 	if (r == NULL || nitems == 0)
-		return CURVE_LIST_LENGTH;
+		return EC_CURVE_LIST_LENGTH;
 
-	min = nitems < CURVE_LIST_LENGTH ? nitems : CURVE_LIST_LENGTH;
+	if (nitems > EC_CURVE_LIST_LENGTH)
+		nitems = EC_CURVE_LIST_LENGTH;
 
-	for (i = 0; i < min; i++) {
-		r[i].nid = curve_list[i].nid;
-		r[i].comment = curve_list[i].comment;
+	for (i = 0; i < nitems; i++) {
+		r[i].nid = ec_curve_list[i].nid;
+		r[i].comment = ec_curve_list[i].comment;
 	}
 
-	return CURVE_LIST_LENGTH;
+	return EC_CURVE_LIST_LENGTH;
 }
 LCRYPTO_ALIAS(EC_get_builtin_curves);
 

lib/libcrypto/ec/ec_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.70 2024/10/18 10:57:26 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.72 2024/10/19 08:29:40 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -601,6 +601,60 @@ EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx_in)
 }
 LCRYPTO_ALIAS(EC_GROUP_check_discriminant);
 
+int
+EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
+{
+	BN_CTX *ctx;
+	EC_POINT *point = NULL;
+	const BIGNUM *order;
+	int ret = 0;
+
+	if ((ctx = ctx_in) == NULL)
+		ctx = BN_CTX_new();
+	if (ctx == NULL)
+		goto err;
+
+	if (!EC_GROUP_check_discriminant(group, ctx)) {
+		ECerror(EC_R_DISCRIMINANT_IS_ZERO);
+		goto err;
+	}
+
+	if (group->generator == NULL) {
+		ECerror(EC_R_UNDEFINED_GENERATOR);
+		goto err;
+	}
+	if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
+		ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
+		goto err;
+	}
+
+	if ((point = EC_POINT_new(group)) == NULL)
+		goto err;
+	if ((order = EC_GROUP_get0_order(group)) == NULL)
+		goto err;
+	if (BN_is_zero(order)) {
+		ECerror(EC_R_UNDEFINED_ORDER);
+		goto err;
+	}
+	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
+		goto err;
+	if (EC_POINT_is_at_infinity(group, point) <= 0) {
+		ECerror(EC_R_INVALID_GROUP_ORDER);
+		goto err;
+	}
+
+	ret = 1;
+
+ err:
+	if (ctx != ctx_in)
+		BN_CTX_free(ctx);
+
+	EC_POINT_free(point);
+
+	return ret;
+}
+LCRYPTO_ALIAS(EC_GROUP_check);
+
 int
 EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
 {

lib/libcrypto/ec/ec_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_local.h,v 1.29 2024/10/15 06:27:43 tb Exp $ */
+/* $OpenBSD: ec_local.h,v 1.30 2024/10/18 17:27:07 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -355,6 +355,8 @@ int EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *p,
 int EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group,
     const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
 
+int ec_group_is_builtin_curve(const EC_GROUP *group);
+
 /* Public API in OpenSSL */
 const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
 const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);

lib/libcrypto/ec/ec_pmeth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_pmeth.c,v 1.22 2024/08/26 22:01:28 op Exp $ */
+/* $OpenBSD: ec_pmeth.c,v 1.23 2024/10/19 14:41:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -381,16 +381,19 @@ pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 
 	case EVP_PKEY_CTRL_MD:
 		/* RFC 3279, RFC 5758 and NIST CSOR. */
-		if (EVP_MD_type((const EVP_MD *) p2) != NID_sha1 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_ecdsa_with_SHA1 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_sha224 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_sha256 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_sha384 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_sha512 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_224 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_256 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_384 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_512) {
+		switch (EVP_MD_type(p2)) {
+		case NID_sha1:
+		case NID_ecdsa_with_SHA1:
+		case NID_sha224:
+		case NID_sha256:
+		case NID_sha384:
+		case NID_sha512:
+		case NID_sha3_224:
+		case NID_sha3_256:
+		case NID_sha3_384:
+		case NID_sha3_512:
+			break;
+		default:
 			ECerror(EC_R_INVALID_DIGEST_TYPE);
 			return 0;
 		}

lib/libcrypto/sparccpuid.S

@@ -1,101 +0,0 @@
-#if defined(__SUNPRO_C) && defined(__sparcv9)
-# define ABI64  /* They've said -xarch=v9 at command line */
-#elif defined(__GNUC__) && defined(__arch64__)
-# define ABI64  /* They've said -m64 at command line */
-#endif
-
-#ifdef ABI64
-  .register	%g2,#scratch
-  .register	%g3,#scratch
-# define	FRAME	-192
-# define	BIAS	2047
-#else
-# define	FRAME	-96
-# define	BIAS	0
-#endif
-
-.global	_sparcv9_vis1_probe
-.align	8
-_sparcv9_vis1_probe:
-	add	%sp,BIAS+2,%o1
-	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
-	retl
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-.type	_sparcv9_vis1_probe,#function
-.size	_sparcv9_vis1_probe,.-_sparcv9_vis1_probe
-
-! Probe and instrument VIS1 instruction. Output is number of cycles it
-! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
-! is slow (documented to be 6 cycles on T2) and the core is in-order
-! single-issue, it should be possible to distinguish Tx reliably...
-! Observed return values are:
-!
-!	UltraSPARC IIe		7
-!	UltraSPARC III		7
-!	UltraSPARC T1		24
-!
-! Numbers for T2 and SPARC64 V-VII are more than welcomed.
-!
-! It would be possible to detect specifically US-T1 by instrumenting
-! fmul8ulx16, which is emulated on T1 and as such accounts for quite
-! a lot of %tick-s, couple of thousand on Linux...
-.global	_sparcv9_vis1_instrument
-.align	8
-_sparcv9_vis1_instrument:
-	.word	0x91410000	!rd	%tick,%o0
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	.word	0x93410000	!rd	%tick,%o1
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	.word	0x95410000	!rd	%tick,%o2
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	.word	0x97410000	!rd	%tick,%o3
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	.word	0x99410000	!rd	%tick,%o4
-
-	! calculate intervals
-	sub	%o1,%o0,%o0
-	sub	%o2,%o1,%o1
-	sub	%o3,%o2,%o2
-	sub	%o4,%o3,%o3
-
-	! find minimum value
-	cmp	%o0,%o1
-	.word	0x38680002	!bgu,a	%xcc,.+8
-	mov	%o1,%o0
-	cmp	%o0,%o2
-	.word	0x38680002	!bgu,a	%xcc,.+8
-	mov	%o2,%o0
-	cmp	%o0,%o3
-	.word	0x38680002	!bgu,a	%xcc,.+8
-	mov	%o3,%o0
-
-	retl
-	nop
-.type	_sparcv9_vis1_instrument,#function
-.size	_sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
-
-.global	_sparcv9_vis2_probe
-.align	8
-_sparcv9_vis2_probe:
-	retl
-	.word	0x81b00980	!bshuffle	%f0,%f0,%f0
-.type	_sparcv9_vis2_probe,#function
-.size	_sparcv9_vis2_probe,.-_sparcv9_vis2_probe
-
-.global	_sparcv9_fmadd_probe
-.align	8
-_sparcv9_fmadd_probe:
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	retl
-	.word	0x81b80440	!fmaddd	%f0,%f0,%f2,%f0
-.type	_sparcv9_fmadd_probe,#function
-.size	_sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
-
-.section	".init",#alloc,#execinstr
-	call	OPENSSL_cpuid_setup
-	nop

lib/libcrypto/sparcv9cap.c

@@ -1,98 +0,0 @@
-/* $OpenBSD: sparcv9cap.c,v 1.7 2014/06/20 21:00:46 deraadt Exp $ */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <setjmp.h>
-#include <signal.h>
-#include <sys/time.h>
-#include <openssl/bn.h>
-
-#define SPARCV9_PREFER_FPU	(1<<1)
-#define SPARCV9_VIS1		(1<<2)
-#define SPARCV9_VIS2		(1<<3)	/* reserved */
-#define SPARCV9_FMADD		(1<<4)	/* reserved for SPARC64 V */
-
-static int OPENSSL_sparcv9cap_P = 0;
-
-int
-bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-    const BN_ULONG *np, const BN_ULONG *n0, int num)
-{
-	int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num);
-	int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num);
-
-	if (num >= 8 && !(num & 1) &&
-	    (OPENSSL_sparcv9cap_P & (SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ==
-	    (SPARCV9_PREFER_FPU|SPARCV9_VIS1))
-		return bn_mul_mont_fpu(rp, ap, bp, np, n0, num);
-	else
-		return bn_mul_mont_int(rp, ap, bp, np, n0, num);
-}
-
-void		_sparcv9_vis1_probe(void);
-unsigned long	_sparcv9_vis1_instrument(void);
-void		_sparcv9_vis2_probe(void);
-void		_sparcv9_fmadd_probe(void);
-
-static sigjmp_buf common_jmp;
-static void
-common_handler(int sig)
-{
-	siglongjmp(common_jmp, sig);
-}
-
-void
-OPENSSL_cpuid_setup(void)
-{
-	char *e;
-	struct sigaction	common_act, ill_oact, bus_oact;
-	sigset_t		all_masked, oset;
-	static int trigger = 0;
-
-	if (trigger)
-		return;
-	trigger = 1;
-
-	/* Initial value, fits UltraSPARC-I&II... */
-	OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU;
-
-	sigfillset(&all_masked);
-	sigdelset(&all_masked, SIGILL);
-	sigdelset(&all_masked, SIGTRAP);
-#ifdef SIGEMT
-	sigdelset(&all_masked, SIGEMT);
-#endif
-	sigdelset(&all_masked, SIGFPE);
-	sigdelset(&all_masked, SIGBUS);
-	sigdelset(&all_masked, SIGSEGV);
-	sigprocmask(SIG_SETMASK, &all_masked, &oset);
-
-	memset(&common_act, 0, sizeof(common_act));
-	common_act.sa_handler = common_handler;
-	common_act.sa_mask = all_masked;
-
-	sigaction(SIGILL, &common_act, &ill_oact);
-	sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */
-
-	if (sigsetjmp(common_jmp, 1) == 0) {
-		_sparcv9_vis1_probe();
-		OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
-		/* detect UltraSPARC-Tx, see sparccpud.S for details... */
-		if (_sparcv9_vis1_instrument() >= 12)
-			OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU);
-		else {
-			_sparcv9_vis2_probe();
-			OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
-		}
-	}
-
-	if (sigsetjmp(common_jmp, 1) == 0) {
-		_sparcv9_fmadd_probe();
-		OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
-	}
-
-	sigaction(SIGBUS, &bus_oact, NULL);
-	sigaction(SIGILL, &ill_oact, NULL);
-
-	sigprocmask(SIG_SETMASK, &oset, NULL);
-}

regress/lib/libcrypto/ec/ec_asn1_test.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1_test.c,v 1.10 2024/10/18 10:40:31 tb Exp $ */
+/* $OpenBSD: ec_asn1_test.c,v 1.13 2024/10/18 19:58:43 tb Exp $ */
 /*
  * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -117,7 +117,7 @@ compare_data(const char *label, const unsigned char *d1, size_t d1_len,
 		return -1;
 	}
 	if (memcmp(d1, d2, d1_len) != 0) {
-		fprintf(stderr, "FAIL: %sdiffer\n", label);
+		fprintf(stderr, "FAIL: %s differ\n", label);
 		fprintf(stderr, "got:\n");
 		hexdump(d1, d1_len);
 		fprintf(stderr, "want:\n");
@@ -287,11 +287,16 @@ static int
 ec_group_roundtrip_builtin_curve(const EC_builtin_curve *curve)
 {
 	EC_GROUP *group = NULL;
-	int failed = 0;
+	int failed = 1;
 
 	if ((group = EC_GROUP_new_by_curve_name(curve->nid)) == NULL)
 		errx(1, "failed to instantiate curve %d", curve->nid);
 
+	if (!EC_GROUP_check(group, NULL)) {
+		fprintf(stderr, "FAIL: EC_GROUP_check(%d) failed\n", curve->nid);
+		goto err;
+	}
+
 	if (EC_GROUP_get_asn1_flag(group) != OPENSSL_EC_NAMED_CURVE) {
 		fprintf(stderr, "FAIL: ASN.1 flag not set for %d\n", curve->nid);
 		goto err;
@@ -303,6 +308,8 @@ ec_group_roundtrip_builtin_curve(const EC_builtin_curve *curve)
 		goto err;
 	}
 
+	failed = 0;
+
 	failed |= ec_group_roundtrip_curve(group, "named", curve->nid);
 
 	EC_GROUP_set_asn1_flag(group, 0);
@@ -834,9 +841,9 @@ ec_group_non_builtin_curve(const struct curve *curve, const EC_METHOD *method,
 	}
 
 	ERR_clear_error();
+
 	pder = curve->param;
 	der_len = curve->param_len;
-#if 0
 	if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) != NULL) {
 		fprintf(stderr, "FAIL: managed to decode non-builtin parameters %s\n",
 		    curve->descr);
@@ -849,18 +856,6 @@ ec_group_non_builtin_curve(const struct curve *curve, const EC_METHOD *method,
 		    curve->descr, EC_R_UNKNOWN_GROUP, ERR_GET_REASON(error));
 		goto err;
 	}
-#else
-	if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) == NULL) {
-		fprintf(stderr, "FAIL: d2i_ECPKParameters(%s)\n", curve->descr);
-		goto err;
-	}
-	if (method == EC_GFp_mont_method() &&
-	    EC_GROUP_cmp(group, new_group, ctx) != 0) {
-		fprintf(stderr, "FAIL: %s Weierstrass groups do not match!\n",
-		    curve->descr);
-		goto err;
-	}
-#endif
 
 	failed = 0;
 

regress/lib/libcrypto/ec/ectest.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ectest.c,v 1.23 2024/02/29 20:04:43 tb Exp $	*/
+/*	$OpenBSD: ectest.c,v 1.24 2024/10/18 19:55:34 tb Exp $	*/
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -703,68 +703,12 @@ prime_field_tests(void)
 
 }
 
-static void
-internal_curve_test(void)
-{
-	EC_builtin_curve *curves = NULL;
-	size_t crv_len = 0, n = 0;
-	int    ok = 1;
-
-	crv_len = EC_get_builtin_curves(NULL, 0);
-
-	curves = reallocarray(NULL, sizeof(EC_builtin_curve),  crv_len);
-
-	if (curves == NULL)
-		return;
-
-	if (!EC_get_builtin_curves(curves, crv_len)) {
-		free(curves);
-		return;
-	}
-
-	fprintf(stdout, "testing internal curves: ");
-
-	for (n = 0; n < crv_len; n++) {
-		EC_GROUP *group = NULL;
-		int nid = curves[n].nid;
-		if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
-			ok = 0;
-			fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
-			    " curve %s\n", OBJ_nid2sn(nid));
-			/* try next curve */
-			continue;
-		}
-		if (!EC_GROUP_check(group, NULL)) {
-			ok = 0;
-			fprintf(stdout, "\nEC_GROUP_check() failed with"
-			    " curve %s\n", OBJ_nid2sn(nid));
-			EC_GROUP_free(group);
-			/* try the next curve */
-			continue;
-		}
-		fprintf(stdout, ".");
-		fflush(stdout);
-		EC_GROUP_free(group);
-	}
-	if (ok)
-		fprintf(stdout, " ok\n\n");
-	else {
-		fprintf(stdout, " failed\n\n");
-		ABORT;
-	}
-	free(curves);
-	return;
-}
-
 int
 main(int argc, char *argv[])
 {
 	ERR_load_crypto_strings();
 
 	prime_field_tests();
-	puts("");
-	/* test the internal curves */
-	internal_curve_test();
 
 	CRYPTO_cleanup_all_ex_data();
 	ERR_free_strings();

regress/sbin/ifconfig/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.6 2020/12/17 00:51:12 bluhm Exp $
+# $OpenBSD: Makefile,v 1.7 2024/10/19 07:10:55 anton Exp $
 
 # Copyright (c) 2019 Alexander Bluhm <bluhm@openbsd.org>
 #
@@ -291,6 +291,8 @@ run-ether-ifaddr-prefixlen:
 	grep 'inet ${ETHER_ADDR} netmask 0xffffff00 ' ifconfig.out
 
 REGRESS_TARGETS +=	run-ppp-ifaddr-destination
+# XXX uses unsupported SIOCSIFDSTADDR ioctl command.
+REGRESS_EXPECTED_FAILURES += run-ppp-ifaddr-destination
 run-ppp-ifaddr-destination:
 	${IFADDR} ${PPP_IF} ${PPP_ADDR} ${PPP_DEST}
 	/sbin/ifconfig ${PPP_IF} >ifconfig.out
@@ -320,6 +322,8 @@ run-ether-ifaddr-change-netmask:
 	grep 'inet ${ETHER_NET}.2 netmask 0xffffff00 ' ifconfig.out
 
 REGRESS_TARGETS +=	run-ppp-ifaddr-change-destination
+# XXX uses unsupported SIOCSIFDSTADDR ioctl command.
+REGRESS_EXPECTED_FAILURES += run-ppp-ifaddr-change-destination
 run-ppp-ifaddr-change-destination:
 	${IFADDR} ${PPP_IF} ${PPP_NET}.1 ${PPP_NET}.11
 	${IFADDR} ${PPP_IF} ${PPP_NET}.2 ${PPP_NET}.12 alias