SecBSD/src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

Browse Source
This commit is contained in:
purplerain 2023-11-20 02:38:22 +00:00
parent a7acbdeab0
commit c22b8a6120
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
202 changed files with 3004 additions and 4921 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
distrib/sets/lists/base/mi
View File

@ -6506,7 +6506,10 @@
./usr/share/zoneinfo/W-SU
./usr/share/zoneinfo/WET
./usr/share/zoneinfo/Zulu
./usr/share/zoneinfo/leap-seconds.list
./usr/share/zoneinfo/leapseconds
./usr/share/zoneinfo/posixrules
./usr/share/zoneinfo/tzdata.zi
./usr/share/zoneinfo/zone.tab
./usr/share/zoneinfo/zone1970.tab
./var

10
distrib/sets/lists/comp/mi
View File

@ -1893,17 +1893,7 @@
./usr/share/man/man3/EC_KEY_new.3
./usr/share/man/man3/EC_POINT_add.3
./usr/share/man/man3/EC_POINT_new.3
./usr/share/man/man3/ENGINE_add.3
./usr/share/man/man3/ENGINE_ctrl.3
./usr/share/man/man3/ENGINE_get_default_RSA.3
./usr/share/man/man3/ENGINE_init.3
./usr/share/man/man3/ENGINE_new.3
./usr/share/man/man3/ENGINE_register_RSA.3
./usr/share/man/man3/ENGINE_register_all_RSA.3
./usr/share/man/man3/ENGINE_set_RSA.3
./usr/share/man/man3/ENGINE_set_default.3
./usr/share/man/man3/ENGINE_set_flags.3
./usr/share/man/man3/ENGINE_unregister_RSA.3
./usr/share/man/man3/ERR.3
./usr/share/man/man3/ERR_GET_LIB.3
./usr/share/man/man3/ERR_asprintf_error_data.3

8
etc/root/dot.login
View File

@ -1,15 +1,11 @@
# $OpenBSD: dot.login,v 1.14 2009/12/20 15:35:35 deraadt Exp $
# $OpenBSD: dot.login,v 1.15 2023/11/16 16:03:51 millert Exp $
#
# csh login file
if ( -x /usr/bin/tset ) then
set noglob histchars=""
onintr finish
if ( $?XTERM_VERSION ) then
eval `tset -IsQ '-munknown:?vt220' $TERM`
else
eval `tset -sQ '-munknown:?vt220' $TERM`
endif
eval `tset -IsQ '-munknown:?vt220' $TERM`
finish:
unset noglob histchars
onintr

8
etc/root/dot.profile
View File

@ -1,4 +1,4 @@
# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
# $OpenBSD: dot.profile,v 1.10 2023/11/16 16:03:51 millert Exp $
#
# sh/ksh initialization
@ -11,11 +11,7 @@ umask 022
case "$-" in
*i*) # interactive shell
if [ -x /usr/bin/tset ]; then
if [ X"$XTERM_VERSION" = X"" ]; then
eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
else
eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
fi
eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
fi
;;
esac

8
etc/skel/dot.login
View File

@ -1,13 +1,9 @@
# $OpenBSD: dot.login,v 1.6 2015/12/15 16:37:58 deraadt Exp $
# $OpenBSD: dot.login,v 1.7 2023/11/16 16:05:13 millert Exp $
#
# csh login file
if ( ! $?TERMCAP ) then
if ( $?XTERM_VERSION ) then
tset -IQ '-munknown:?vt220' $TERM
else
tset -Q '-munknown:?vt220' $TERM
endif
tset -IQ '-munknown:?vt220' $TERM
endif
stty newcrt crterase

2
etc/skel/dot.version
View File

@ -1 +1 @@
# SecBSD 1.4-3174c54: Tue Nov 14 10 00:45:01 UTC 2023 (Mictlantecuhtli)
# SecBSD 1.4-731e06f: Mon Nov 20 02:17:28 UTC 2023 (Mictlantecuhtli)

4
gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td
View File

@ -8113,7 +8113,7 @@ def err_typecheck_convert_pointer_int : Error<
"; remove &}3">;
def ext_typecheck_convert_pointer_int : ExtWarn<
err_typecheck_convert_pointer_int.Summary>,
InGroup<IntConversion>, DefaultError;
InGroup<IntConversion>;
def err_typecheck_convert_int_pointer : Error<
"incompatible integer to pointer conversion "
"%select{%diff{assigning to $ from $|assigning to different types}0,1"
@ -8133,7 +8133,7 @@ def err_typecheck_convert_int_pointer : Error<
"; remove &}3">;
def ext_typecheck_convert_int_pointer : ExtWarn<
err_typecheck_convert_int_pointer.Summary>,
InGroup<IntConversion>, DefaultError;
InGroup<IntConversion>;
def ext_typecheck_convert_pointer_void_func : Extension<
"%select{%diff{assigning to $ from $|assigning to different types}0,1"
"|%diff{passing $ to parameter of type $|"

2
gnu/llvm/llvm/lib/Target/ARM/ARMISelLowering.cpp
View File

@ -21198,6 +21198,8 @@ bool ARMTargetLowering::shouldInsertFencesForAtomic(
}
bool ARMTargetLowering::useLoadStackGuardNode() const {
if (Subtarget->getTargetTriple().isOSOpenBSD())
return false;
// ROPI/RWPI are not supported currently.
return !Subtarget->isROPI() && !Subtarget->isRWPI();
}

3
gnu/llvm/llvm/lib/Target/PowerPC/PPCISelDAGToDAG.cpp
View File

@ -5293,7 +5293,8 @@ void PPCDAGToDAGISel::Select(SDNode *N) {
// generate secure plt code for TLS symbols.
getGlobalBaseReg();
} break;
case PPCISD::CALL: {
case PPCISD::CALL:
case PPCISD::CALL_RM: {
if (PPCLowering->getPointerTy(CurDAG->getDataLayout()) != MVT::i32 ||
!TM.isPositionIndependent() || !Subtarget->isSecurePlt() ||
!Subtarget->isTargetELF())

3
gnu/usr.bin/clang/Makefile.inc
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.27 2023/11/11 18:35:35 robert Exp $
# $OpenBSD: Makefile.inc,v 1.28 2023/11/17 15:46:58 visa Exp $
CLANG_SRCS?= ${.CURDIR}/../../../llvm/clang
LLDB_SRCS?= ${.CURDIR}/../../../llvm/lldb
@ -41,6 +41,7 @@ CXXFLAGS+= -mno-retpoline
# Omit frame pointer to improve performance.
.if ${MACHINE_ARCH} == "mips64" || ${MACHINE_ARCH} == "mips64el"
CXXFLAGS+= -fomit-frame-pointer
CXXFLAGS+= -mxgot
.endif
CPPFLAGS+= -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS \

6
gnu/usr.bin/clang/include/llvm/AMDGPU/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.4 2021/12/17 14:55:44 patrick Exp $
# $OpenBSD: Makefile,v 1.5 2023/11/16 15:05:44 robert Exp $
.include <bsd.own.mk>
@ -33,6 +33,10 @@ HDRS+= R600GenAsmWriter.inc \
HDRS+= InstCombineTables.inc
.if ${MACHINE_CPU} == "i386"
.NOTPARALLEL: ${HDRS}
.endif
all: ${HDRS}
install:

3
gnu/usr.bin/clang/libLLVMRISCVCodeGen/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.3 2023/11/11 18:35:37 robert Exp $
# $OpenBSD: Makefile,v 1.4 2023/11/14 16:42:14 jca Exp $
LIB= LLVMRISCVCodeGen
NOPROFILE=
@ -37,3 +37,4 @@ SRCS+= RISCVAsmPrinter.cpp \
RISCVTargetTransformInfo.cpp
.PATH: ${.CURDIR}/../../../llvm/llvm/lib/Target/RISCV
.PATH: ${.CURDIR}/../../../llvm/llvm/lib/Target/RISCV/GISel

8
lib/csu/aarch64/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.11 2023/03/31 18:46:24 kettenis Exp $ */
/* $OpenBSD: md_init.h,v 1.12 2023/11/18 16:26:16 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@ -112,10 +112,6 @@
" \n" \
" b ___start \n" \
" \n" \
"_dl_exit: \n" \
" mov x8, #" STR(SYS_exit) " \n" \
" svc #0 \n" \
" dsb nsh \n" \
" isb \n" \
"_csu_abort: \n" \
" udf #0 \n" \
".previous");

10
lib/csu/alpha/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.12 2020/10/15 16:30:23 deraadt Exp $ */
/* $OpenBSD: md_init.h,v 1.13 2023/11/18 16:26:16 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
@ -95,11 +95,9 @@
" mov $9, $16 \n" \
" mov 0, $17 \n" \
" jsr $26, ___start \n" \
".globl _dl_exit \n" \
".type _dl_exit@function \n" \
"_dl_exit: \n" \
" lda $0, " STR(SYS_exit) " \n" \
" callsys \n" \
".globl _csu_abort \n" \
".type _csu_abort@function \n" \
"_csu_abort: \n" \
" halt ")
#define MD_START_ARGS char **sp, void (*cleanup)(void)

10
lib/csu/amd64/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.10 2023/04/25 04:10:21 deraadt Exp $ */
/* $OpenBSD: md_init.h,v 1.11 2023/11/18 16:26:16 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@ -107,12 +107,10 @@
" addq $8,%rsp \n" \
" jmp ___start \n" \
" \n" \
" .global _dl_exit \n" \
" .type _dl_exit,@function \n" \
" .global _csu_abort \n" \
" .type _csu_abort,@function \n" \
" .align 8 \n" \
"_dl_exit: \n" \
"_csu_abort: \n" \
" endbr64 \n" \
" movl $ " STR(SYS_exit) ", %eax \n" \
" syscall \n" \
" int3 \n" \
" .previous")

8
lib/csu/arm/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.17 2020/10/19 17:57:40 naddy Exp $ */
/* $OpenBSD: md_init.h,v 1.18 2023/11/18 16:26:16 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@ -154,10 +154,6 @@
".L__DYNAMIC: \n" \
" .long _DYNAMIC(GOTOFF) \n" \
" \n" \
"_dl_exit: \n" \
" mov r12, #" STR(SYS_exit) " \n" \
" swi #0 \n" \
" dsb nsh \n" \
" isb \n" \
"_csu_abort: \n" \
" udf #0 \n" \
".previous");

4
lib/csu/boot.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: boot.h,v 1.34 2022/10/21 18:14:09 deraadt Exp $ */
/* $OpenBSD: boot.h,v 1.35 2023/11/18 16:26:15 deraadt Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -40,7 +40,7 @@
#include <machine/reloc.h>
__dead
void _dl_exit(int);
void _csu_abort(void);
#include "archdep.h"

4
lib/csu/hppa/boot_md.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: boot_md.h,v 1.4 2022/10/27 19:40:21 deraadt Exp $ */
/* $OpenBSD: boot_md.h,v 1.5 2023/11/18 16:26:16 deraadt Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -40,7 +40,7 @@
#include <machine/reloc.h>
__dead
void _dl_exit(int);
void _csu_abort(void);
#include "archdep.h"

14
lib/csu/hppa/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.15 2020/10/15 16:30:23 deraadt Exp $ */
/* $OpenBSD: md_init.h,v 1.16 2023/11/18 16:26:16 deraadt Exp $ */
/*
* Copyright (c) 2003 Dale Rahn. All rights reserved.
@ -137,17 +137,13 @@
" copy %dp, %r19 \n" \
" .exit \n" \
" .procend \n" \
" .export _dl_exit, entry \n" \
" .type _dl_exit,@function \n" \
" .label _dl_exit \n" \
" .export _csu_abort, entry \n" \
" .type _csu_abort,@function \n" \
" .label _csu_abort \n" \
" .proc \n" \
" .callinfo frame=0, calls \n" \
" .entry \n" \
"_dl_exit: \n" \
" stw %rp, -24(%sp) \n" \
" ldil L%0xc0000000, %r1 \n" \
" ble 4(%sr7, %r1) \n" \
" ldi " STR(SYS_exit) ", %t1 \n" \
"_csu_abort: \n" \
" break 0,0 \n" \
" .exit \n" \
" .procend")

10
lib/csu/i386/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.12 2023/04/25 04:06:06 deraadt Exp $ */
/* $OpenBSD: md_init.h,v 1.13 2023/11/18 16:26:16 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@ -114,10 +114,8 @@
" call ___start # ___start(argc,argv,envp,0) \n" \
" \n" \
" .align 4 \n" \
" .globl _dl_exit \n" \
" .type _dl_exit,@function \n" \
"_dl_exit: \n" \
" mov $" STR(SYS_exit) ", %eax\n" \
" int $0x80 \n" \
" .globl _csu_abort \n" \
" .type _csu_abort,@function \n" \
"_csu_abort: \n" \
" int3 \n" \
" .previous")

7
lib/csu/m88k/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.9 2020/10/15 16:30:23 deraadt Exp $ */
/* $OpenBSD: md_init.h,v 1.10 2023/11/18 16:26:16 deraadt Exp $ */
/*
* Copyright (c) 2012 Miodrag Vallat.
@ -99,9 +99,6 @@
" addu %r4, %r4, 4 \n" \
" /* envp = argv + argc + 1 */ \n" \
\
"_dl_exit: \n" \
" or %r13, %r0, " STR(SYS_exit) " \n" \
" tb0 0, %r0, 450 \n" \
" or %r0, %r0, %r0 \n" \
"_csu_abort: \n" \
" tb0 0, %r0, 130 /* breakpoint */ \n" \
" .previous");

4
lib/csu/mips64/boot_md.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: boot_md.h,v 1.3 2022/10/27 19:40:23 deraadt Exp $ */
/* $OpenBSD: boot_md.h,v 1.5 2023/11/18 18:02:47 deraadt Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -40,7 +40,7 @@
#include <machine/reloc.h>
__dead
void _dl_exit(int);
void _csu_abort(void);
#include "archdep.h"

14
lib/csu/mips64/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.20 2020/10/20 15:26:59 visa Exp $ */
/* $OpenBSD: md_init.h,v 1.22 2023/11/19 00:46:54 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@ -140,14 +140,12 @@
" dla $t9, ___start \n" \
" jr $t9 \n" \
" .end __start \n" \
" .globl _dl_exit \n" \
" .ent _dl_exit \n" \
" .type _dl_exit, @function \n" \
"_dl_exit: \n" \
" li $v0, " STR(SYS_exit) " \n" \
" syscall \n" \
" .globl _csu_abort \n" \
" .ent _csu_abort \n" \
" .type _csu_abort, @function \n" \
"_csu_abort: \n" \
" teq $zero, $zero, 0x52 \n" \
" .end _dl_exit \n" \
" .end _csu_abort \n" \
" .previous")
struct kframe {

10
lib/csu/powerpc/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.11 2020/10/15 16:30:23 deraadt Exp $ */
/* $OpenBSD: md_init.h,v 1.12 2023/11/18 16:26:16 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@ -119,10 +119,8 @@ __asm( \
" \n" \
" .text \n" \
" .align 2 \n" \
" .globl _dl_exit \n" \
" .type _dl_exit, @function \n" \
"_dl_exit: \n" \
" li %r0, " STR(SYS_exit) " \n" \
" sc \n" \
" .globl _csu_abort \n" \
" .type _csu_abort, @function \n" \
"_csu_abort: \n" \
" .long 0 # illegal \n" \
)

10
lib/csu/powerpc64/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.4 2020/10/15 16:30:23 deraadt Exp $ */
/* $OpenBSD: md_init.h,v 1.5 2023/11/18 16:26:16 deraadt Exp $ */
/*
* Copyright (c) 2020 Dale Rahn <drahn@openbsd.org>
@ -111,10 +111,8 @@ __asm( \
" li %r6, 0 \n" \
" bl ___start \n" \
" \n" \
" .globl _dl_exit \n" \
" .type _dl_exit, @function \n" \
"_dl_exit: \n" \
" li %r0, " STR(SYS_exit) " \n" \
" sc \n" \
" .globl _csu_abort \n" \
" .type _csu_abort, @function \n" \
"_csu_abort: \n" \
" .long 0 # illegal \n" \
)

6
lib/csu/riscv64/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.3 2021/07/22 18:16:13 kettenis Exp $ */
/* $OpenBSD: md_init.h,v 1.4 2023/11/18 16:26:16 deraadt Exp $ */
/*
* Copyright (c) 2020 Dale Rahn <drahn@openbsd.org>
*
@ -107,8 +107,6 @@
" j ___start \n" \
" .size _start, .-_start \n" \
" .size __start, .-__start \n" \
"_dl_exit: \n" \
" li t0, " STR(SYS_exit) " \n" \
" ecall \n" \
"_csu_abort: \n" \
" unimp \n" \
".previous");

10
lib/csu/sh/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.10 2020/10/15 16:30:23 deraadt Exp $ */
/* $OpenBSD: md_init.h,v 1.11 2023/11/18 16:26:16 deraadt Exp $ */
/* $NetBSD: dot_init.h,v 1.3 2005/12/24 22:02:10 perry Exp $ */
/*-
@ -131,10 +131,8 @@ __asm(".section " #section "\n" \
" .long _DYNAMIC - .L_offbase \n" \
\
" .align 2 \n" \
" .globl _dl_exit \n" \
" .type _dl_exit,@function \n" \
"_dl_exit: \n" \
" mov #" STR(SYS_exit) ", r0 \n" \
" .word 0xc380 /* trapa #0x80 */ \n" \
" .globl _csu_abort \n" \
" .type _csu_abort,@function \n" \
"_csu_abort: \n" \
" sleep /* illegal */ \n" \
".previous")

8
lib/csu/sparc64/md_init.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: md_init.h,v 1.9 2020/10/15 16:30:23 deraadt Exp $ */
/* $OpenBSD: md_init.h,v 1.10 2023/11/18 16:26:16 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@ -100,10 +100,8 @@
" ba,pt %icc, ___start \n" \
" clr %o1 \n" \
" \n" \
" .global _dl_exit \n" \
"_dl_exit: \n" \
" mov " STR(SYS_exit) ", %g1 \n" \
" t 0 \n" \
" .global _csu_abort \n" \
"_csu_abort: \n" \
" unimp \n" \
" .previous")

10
lib/libcrypto/asn1/a_pkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: a_pkey.c,v 1.6 2023/07/07 19:37:52 beck Exp $ */
/* $OpenBSD: a_pkey.c,v 1.7 2023/11/19 15:46:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -67,10 +67,6 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "asn1_local.h"
#include "evp_local.h"
@ -87,10 +83,6 @@ d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
}
} else {
ret = *a;
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ret->engine);
ret->engine = NULL;
#endif
}
if (!EVP_PKEY_set_type(ret, type)) {

29
lib/libcrypto/asn1/ameth_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ameth_lib.c,v 1.32 2023/07/07 19:37:52 beck Exp $ */
/* $OpenBSD: ameth_lib.c,v 1.33 2023/11/19 15:46:09 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@ -64,10 +64,6 @@
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "asn1_local.h"
#include "evp_local.h"
@ -170,15 +166,6 @@ EVP_PKEY_asn1_find(ENGINE **pe, int type)
type = mp->pkey_base_id;
}
if (pe) {
#ifndef OPENSSL_NO_ENGINE
ENGINE *e;
/* type will contain the final unaliased type */
e = ENGINE_get_pkey_asn1_meth_engine(type);
if (e) {
*pe = e;
return ENGINE_get_pkey_asn1_meth(e, type);
}
#endif
*pe = NULL;
}
return mp;
@ -193,20 +180,6 @@ EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
if (len == -1)
len = strlen(str);
if (pe) {
#ifndef OPENSSL_NO_ENGINE
ENGINE *e;
ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
if (ameth) {
/* Convert structural into
* functional reference
*/
if (!ENGINE_init(e))
ameth = NULL;
ENGINE_free(e);
*pe = e;
return ameth;
}
#endif
*pe = NULL;
}
for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {

9
lib/libcrypto/conf/conf_mall.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: conf_mall.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
/* $OpenBSD: conf_mall.c,v 1.10 2023/11/19 15:46:09 tb Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
@ -65,10 +65,6 @@
#include <openssl/crypto.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
/* Load all OpenSSL builtin modules */
void
@ -76,7 +72,4 @@ OPENSSL_load_builtin_modules(void)
{
/* Add builtin modules here */
ASN1_add_oid_module();
#ifndef OPENSSL_NO_ENGINE
ENGINE_add_conf_module();
#endif
}

10
lib/libcrypto/conf/conf_sap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: conf_sap.c,v 1.14 2018/03/19 03:56:08 beck Exp $ */
/* $OpenBSD: conf_sap.c,v 1.15 2023/11/19 15:46:09 tb Exp $ */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
@ -67,10 +67,6 @@
#include <openssl/err.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
/* This is the automatic configuration loader: it is called automatically by
* OpenSSL when any of a number of standard initialisation functions are called,
* unless this is overridden by calling OPENSSL_no_config()
@ -84,10 +80,6 @@ static void
OPENSSL_config_internal(void)
{
OPENSSL_load_builtin_modules();
#ifndef OPENSSL_NO_ENGINE
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
#endif
/* Add others here? */
ERR_clear_error();

8
lib/libcrypto/crypto_init.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: crypto_init.c,v 1.11 2023/07/08 08:28:23 beck Exp $ */
/* $OpenBSD: crypto_init.c,v 1.12 2023/11/19 15:46:09 tb Exp $ */
/*
* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
*
@ -22,9 +22,6 @@
#include <openssl/asn1.h>
#include <openssl/conf.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
@ -84,9 +81,6 @@ OPENSSL_cleanup(void)
ERR_free_strings();
CRYPTO_cleanup_all_ex_data();
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
EVP_cleanup();
ASN1_STRING_TABLE_cleanup();

31
lib/libcrypto/dh/dh_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dh_lib.c,v 1.41 2023/08/13 12:09:14 tb Exp $ */
/* $OpenBSD: dh_lib.c,v 1.42 2023/11/19 15:46:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -65,10 +65,6 @@
#include <openssl/dh.h>
#include <openssl/err.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "dh_local.h"
static const DH_METHOD *default_DH_method = NULL;
@ -101,10 +97,6 @@ DH_set_method(DH *dh, const DH_METHOD *meth)
mtmp = dh->meth;
if (mtmp->finish)
mtmp->finish(dh);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(dh->engine);
dh->engine = NULL;
#endif
dh->meth = meth;
if (meth->init)
meth->init(dh);
@ -133,24 +125,6 @@ DH_new_method(ENGINE *engine)
dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
dh->references = 1;
#ifndef OPENSSL_NO_ENGINE
if (engine != NULL) {
if (!ENGINE_init(engine)) {
DHerror(ERR_R_ENGINE_LIB);
goto err;
}
dh->engine = engine;
} else
dh->engine = ENGINE_get_default_DH();
if (dh->engine != NULL) {
if ((dh->meth = ENGINE_get_DH(dh->engine)) == NULL) {
DHerror(ERR_R_ENGINE_LIB);
goto err;
}
dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
}
#endif
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data))
goto err;
if (dh->meth->init != NULL && !dh->meth->init(dh))
@ -178,9 +152,6 @@ DH_free(DH *r)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);

30
lib/libcrypto/dsa/dsa_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dsa_lib.c,v 1.44 2023/08/12 06:14:36 tb Exp $ */
/* $OpenBSD: dsa_lib.c,v 1.45 2023/11/19 15:46:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -70,9 +70,6 @@
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "dh_local.h"
#include "dsa_local.h"
@ -113,10 +110,6 @@ DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
mtmp = dsa->meth;
if (mtmp->finish)
mtmp->finish(dsa);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(dsa->engine);
dsa->engine = NULL;
#endif
dsa->meth = meth;
if (meth->init)
meth->init(dsa);
@ -138,24 +131,6 @@ DSA_new_method(ENGINE *engine)
dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
dsa->references = 1;
#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (!ENGINE_init(engine)) {
DSAerror(ERR_R_ENGINE_LIB);
goto err;
}
dsa->engine = engine;
} else
dsa->engine = ENGINE_get_default_DSA();
if (dsa->engine != NULL) {
if ((dsa->meth = ENGINE_get_DSA(dsa->engine)) == NULL) {
DSAerror(ERR_R_ENGINE_LIB);
goto err;
}
dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
}
#endif
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data))
goto err;
if (dsa->meth->init != NULL && !dsa->meth->init(dsa))
@ -184,9 +159,6 @@ DSA_free(DSA *r)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);

18
lib/libcrypto/ec/ec_key.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_key.c,v 1.37 2023/08/03 18:53:56 tb Exp $ */
/* $OpenBSD: ec_key.c,v 1.38 2023/11/19 15:46:09 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@ -65,9 +65,6 @@
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include <openssl/err.h>
#include "bn_local.h"
@ -115,9 +112,6 @@ EC_KEY_free(EC_KEY *r)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
EC_GROUP_free(r->group);
@ -138,11 +132,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
if (src->meth != dest->meth) {
if (dest->meth != NULL && dest->meth->finish != NULL)
dest->meth->finish(dest);
#ifndef OPENSSL_NO_ENGINE
if (ENGINE_finish(dest->engine) == 0)
return 0;
dest->engine = NULL;
#endif
}
/* copy the parameters */
if (src->group) {
@ -186,11 +175,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
return NULL;
if (src->meth != dest->meth) {
#ifndef OPENSSL_NO_ENGINE
if (src->engine != NULL && ENGINE_init(src->engine) == 0)
return 0;
dest->engine = src->engine;
#endif
dest->meth = src->meth;
}

27
lib/libcrypto/ec/ec_kmeth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_kmeth.c,v 1.12 2023/07/28 09:28:37 tb Exp $ */
/* $OpenBSD: ec_kmeth.c,v 1.13 2023/11/19 15:46:09 tb Exp $ */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
@ -53,9 +53,6 @@
*/
#include <openssl/ec.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include <openssl/err.h>
#include "bn_local.h"
@ -126,11 +123,6 @@ EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
if (finish != NULL)
finish(key);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(key->engine);
key->engine = NULL;
#endif
key->meth = meth;
if (meth->init != NULL)
return meth->init(key);
@ -148,23 +140,6 @@ EC_KEY_new_method(ENGINE *engine)
return NULL;
}
ret->meth = EC_KEY_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine != NULL) {
if (!ENGINE_init(engine)) {
ECerror(ERR_R_ENGINE_LIB);
goto err;
}
ret->engine = engine;
} else
ret->engine = ENGINE_get_default_EC();
if (ret->engine) {
ret->meth = ENGINE_get_EC(ret->engine);
if (ret->meth == NULL) {
ECerror(ERR_R_ENGINE_LIB);
goto err;
}
}
#endif
ret->version = 1;
ret->flags = 0;
ret->group = NULL;

574
lib/libcrypto/engine/engine.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: engine.h,v 1.42 2023/08/04 05:44:51 tb Exp $ */
/* $OpenBSD: engine.h,v 1.43 2023/11/19 15:41:46 tb Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
@ -89,8 +89,6 @@
extern "C" {
#endif
/* These flags are used to control combinations of algorithm (methods)
* by bitwise "OR"ing. */
#define ENGINE_METHOD_RSA (unsigned int)0x0001
#define ENGINE_METHOD_DSA (unsigned int)0x0002
#define ENGINE_METHOD_DH (unsigned int)0x0004
@ -101,145 +99,43 @@ extern "C" {
#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200
#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400
#define ENGINE_METHOD_EC (unsigned int)0x0800
/* Obvious all-or-nothing cases. */
#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
#define ENGINE_METHOD_NONE (unsigned int)0x0000
/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
* internally to control registration of ENGINE implementations, and can be set
* by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
* initialise registered ENGINEs if they are not already initialised. */
#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001
/* ENGINE flags that can be set by ENGINE_set_flags(). */
/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */
/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
* control commands on their own. Without this flag, ENGINE_ctrl() handles these
* control commands on behalf of the ENGINE using their "cmd_defns" data. */
#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002
/* This flag is for ENGINEs who return new duplicate structures when found via
* "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
* commands are called in sequence as part of some stateful process like
* key-generation setup and execution), it can set this flag - then each attempt
* to obtain the ENGINE will result in it being copied into a new structure.
* Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
* the existing ENGINE's structural reference count. */
#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
/* This flag if for an ENGINE that does not want its methods registered as
* part of ENGINE_register_all_complete() for example if the methods are
* not usable as default methods.
*/
#define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008
/* ENGINEs can support their own command types, and these flags are used in
* ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
* command expects. Currently only numeric and string input is supported. If a
* control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
* then it is regarded as an "internal" control command - and not for use in
* config setting situations. As such, they're not available to the
* ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
* this list of 'command types' should be reflected carefully in
* ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
* ENGINE_ctrl) */
#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
/* Indicates that the control command takes *no* input. Ie. the control command
* is unparameterised. */
#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
/* Indicates that the control command is internal. This control command won't
* be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
* function. */
#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
* relying on these commands should compile conditional support for
* compatibility (eg. if these symbols are defined) but should also migrate the
* same functionality to their own ENGINE-specific control functions that can be
* "discovered" by calling applications. The fact these control commands
* wouldn't be "executable" (ie. usable by text-based config) doesn't change the
* fact that application code can find and use them without requiring per-ENGINE
* hacking. */
/* These flags are used to tell the ctrl function what should be done.
* All command numbers are shared between all engines, even if some don't
* make sense to some engines. In such a case, they do nothing but return
* the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
#define ENGINE_CTRL_SET_LOGSTREAM 1
#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any
handles/connections etc. */
#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */
#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used
when calling the password
callback and the user
interface */
#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given
a string that represents a
file name or so */
#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given
section in the already loaded
configuration */
#define ENGINE_CTRL_HUP 3
#define ENGINE_CTRL_SET_USER_INTERFACE 4
#define ENGINE_CTRL_SET_CALLBACK_DATA 5
#define ENGINE_CTRL_LOAD_CONFIGURATION 6
#define ENGINE_CTRL_LOAD_SECTION 7
/* These control commands allow an application to deal with an arbitrary engine
* in a dynamic way. Warn: Negative return values indicate errors FOR THESE
* COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
* including ENGINE-specific command types, return zero for an error.
*
* An ENGINE can choose to implement these ctrl functions, and can internally
* manage things however it chooses - it does so by setting the
* ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
* ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
* data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
* handler need only implement its own commands - the above "meta" commands will
* be taken care of. */
/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
* all the remaining control commands will return failure, so it is worth
* checking this first if the caller is trying to "discover" the engine's
* capabilities and doesn't want errors generated unnecessarily. */
#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10
/* Returns a positive command number for the first command supported by the
* engine. Returns zero if no ctrl commands are supported. */
#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
/* The 'long' argument specifies a command implemented by the engine, and the
* return value is the next command supported, or zero if there are no more. */
#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
/* The 'void*' argument is a command name (cast from 'const char *'), and the
* return value is the command that corresponds to it. */
#define ENGINE_CTRL_GET_CMD_FROM_NAME 13
/* The next two allow a command to be converted into its corresponding string
* form. In each case, the 'long' argument supplies the command. In the NAME_LEN
* case, the return value is the length of the command name (not counting a
* trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
* large enough, and it will be populated with the name of the command (WITH a
* trailing EOL). */
#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
#define ENGINE_CTRL_GET_NAME_FROM_CMD 15
/* The next two are similar but give a "short description" of a command. */
#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
#define ENGINE_CTRL_GET_DESC_FROM_CMD 17
/* With this command, the return value is the OR'd combination of
* ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
* engine-specific ctrl command expects. */
#define ENGINE_CTRL_GET_CMD_FLAGS 18
/* ENGINE implementations should start the numbering of their own control
* commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
#define ENGINE_CMD_BASE 200
/*
* Prototypes for the stub functions in engine_stubs.c. They are provided to
* build M2Crypto, Dovecot, apr-utils without patching. All the other garbage
* can hopefully go away soon.
* build M2Crypto, Dovecot, apr-utils without patching.
*/
#ifdef OPENSSL_NO_ENGINE
void ENGINE_load_builtin_engines(void);
void ENGINE_load_dynamic(void);
void ENGINE_load_openssl(void);
@ -261,7 +157,7 @@ int ENGINE_set_default(ENGINE *engine, unsigned int flags);
ENGINE *ENGINE_get_default_RSA(void);
int ENGINE_set_default_RSA(ENGINE *engine);
int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
int ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p,
void (*f)(void), int cmd_optional);
int ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg,
int cmd_optional);
@ -270,460 +166,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *engine, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
EVP_PKEY *ENGINE_load_public_key(ENGINE *engine, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
#else
/* If an ENGINE supports its own specific control commands and wishes the
* framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
* behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
* to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
* supports the stated commands (ie. the "cmd_num" entries as described by the
* array). NB: The array must be ordered in increasing order of cmd_num.
* "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
* to zero and/or cmd_name set to NULL. */
typedef struct ENGINE_CMD_DEFN_st {
unsigned int cmd_num; /* The command number */
const char *cmd_name; /* The command name itself */
const char *cmd_desc; /* A short description of the command */
unsigned int cmd_flags; /* The input the command expects */
} ENGINE_CMD_DEFN;
/* Generic function pointer */
typedef int (*ENGINE_GEN_FUNC_PTR)(void);
/* Generic function pointer taking no arguments */
typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
/* Specific control function pointer */
typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *,
void (*f)(void));
/* Generic load_key function pointer */
typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
UI_METHOD *ui_method, void *callback_data);
typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
/* These callback types are for an ENGINE's handler for cipher and digest logic.
* These handlers have these prototypes;
* int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
* int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
* Looking at how to implement these handlers in the case of cipher support, if
* the framework wants the EVP_CIPHER for 'nid', it will call;
* foo(e, &p_evp_cipher, NULL, nid); (return zero for failure)
* If the framework wants a list of supported 'nid's, it will call;
* foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
*/
/* Returns to a pointer to the array of supported cipher 'nid's. If the second
* parameter is non-NULL it is set to the size of the returned array. */
typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **,
const int **, int);
typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **,
const int **, int);
typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **,
const int **, int);
/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
* structures where the pointers have a "structural reference". This means that
* their reference is to allowed access to the structure but it does not imply
* that the structure is functional. To simply increment or decrement the
* structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
* required when iterating using ENGINE_get_next as it will automatically
* decrement the structural reference count of the "current" ENGINE and
* increment the structural reference count of the ENGINE it returns (unless it
* is NULL). */
/* Get the first/last "ENGINE" type available. */
ENGINE *ENGINE_get_first(void);
ENGINE *ENGINE_get_last(void);
/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
ENGINE *ENGINE_get_next(ENGINE *e);
ENGINE *ENGINE_get_prev(ENGINE *e);
/* Add another "ENGINE" type into the array. */
int ENGINE_add(ENGINE *e);
/* Remove an existing "ENGINE" type from the array. */
int ENGINE_remove(ENGINE *e);
/* Retrieve an engine from the list by its unique "id" value. */
ENGINE *ENGINE_by_id(const char *id);
/* Add all the built-in engines. */
void ENGINE_load_openssl(void);
void ENGINE_load_dynamic(void);
#ifndef OPENSSL_NO_STATIC_ENGINE
void ENGINE_load_padlock(void);
#endif
void ENGINE_load_builtin_engines(void);
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
* "registry" handling. */
unsigned int ENGINE_get_table_flags(void);
void ENGINE_set_table_flags(unsigned int flags);
/* Manage registration of ENGINEs per "table". For each type, there are 3
* functions;
* ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
* ENGINE_unregister_***(e) - unregister the implementation from 'e'
* ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
* Cleanup is automatically registered from each table when required, so
* ENGINE_cleanup() will reverse any "register" operations. */
int ENGINE_register_RSA(ENGINE *e);
void ENGINE_unregister_RSA(ENGINE *e);
void ENGINE_register_all_RSA(void);
int ENGINE_register_DSA(ENGINE *e);
void ENGINE_unregister_DSA(ENGINE *e);
void ENGINE_register_all_DSA(void);
int ENGINE_register_EC(ENGINE *e);
void ENGINE_unregister_EC(ENGINE *e);
void ENGINE_register_all_EC(void);
int ENGINE_register_DH(ENGINE *e);
void ENGINE_unregister_DH(ENGINE *e);
void ENGINE_register_all_DH(void);
int ENGINE_register_RAND(ENGINE *e);
void ENGINE_unregister_RAND(ENGINE *e);
void ENGINE_register_all_RAND(void);
int ENGINE_register_STORE(ENGINE *e);
void ENGINE_unregister_STORE(ENGINE *e);
void ENGINE_register_all_STORE(void);
int ENGINE_register_ciphers(ENGINE *e);
void ENGINE_unregister_ciphers(ENGINE *e);
void ENGINE_register_all_ciphers(void);
int ENGINE_register_digests(ENGINE *e);
void ENGINE_unregister_digests(ENGINE *e);
void ENGINE_register_all_digests(void);
int ENGINE_register_pkey_meths(ENGINE *e);
void ENGINE_unregister_pkey_meths(ENGINE *e);
void ENGINE_register_all_pkey_meths(void);
int ENGINE_register_pkey_asn1_meths(ENGINE *e);
void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
void ENGINE_register_all_pkey_asn1_meths(void);
/* These functions register all support from the above categories. Note, use of
* these functions can result in static linkage of code your application may not
* need. If you only need a subset of functionality, consider using more
* selective initialisation. */
int ENGINE_register_complete(ENGINE *e);
int ENGINE_register_all_complete(void);
/* Send parametrised control commands to the engine. The possibilities to send
* down an integer, a pointer to data or a function pointer are provided. Any of
* the parameters may or may not be NULL, depending on the command number. In
* actuality, this function only requires a structural (rather than functional)
* reference to an engine, but many control commands may require the engine be
* functional. The caller should be aware of trying commands that require an
* operational ENGINE, and only use functional references in such situations. */
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
/* This function tests if an ENGINE-specific command is usable as a "setting".
* Eg. in an application's config file that gets processed through
* ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
* ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
/* This function works like ENGINE_ctrl() with the exception of taking a
* command name instead of a command number, and can handle optional commands.
* See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
* use the cmd_name and cmd_optional. */
int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
long i, void *p, void (*f)(void), int cmd_optional);
/* This function passes a command-name and argument to an ENGINE. The cmd_name
* is converted to a command number and the control command is called using
* 'arg' as an argument (unless the ENGINE doesn't support such a command, in
* which case no control command is called). The command is checked for input
* flags, and if necessary the argument will be converted to a numeric value. If
* cmd_optional is non-zero, then if the ENGINE doesn't support the given
* cmd_name the return value will be success anyway. This function is intended
* for applications to use so that users (or config files) can supply
* engine-specific config data to the ENGINE at run-time to control behaviour of
* specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
* functions that return data, deal with binary data, or that are otherwise
* supposed to be used directly through ENGINE_ctrl() in application code. Any
* "return" data from an ENGINE_ctrl() operation in this function will be lost -
* the return value is interpreted as failure if the return value is zero,
* success otherwise, and this function returns a boolean value as a result. In
* other words, vendors of 'ENGINE'-enabled devices should write ENGINE
* implementations with parameterisations that work in this scheme, so that
* compliant ENGINE-based applications can work consistently with the same
* configuration for the same ENGINE-enabled devices, across applications. */
int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
int cmd_optional);
/* These functions are useful for manufacturing new ENGINE structures. They
* don't address reference counting at all - one uses them to populate an ENGINE
* structure with personalised implementations of things prior to using it
* directly or adding it to the builtin ENGINE list in OpenSSL. These are also
* here so that the ENGINE structure doesn't have to be exposed and break binary
* compatibility! */
ENGINE *ENGINE_new(void);
int ENGINE_free(ENGINE *e);
int ENGINE_up_ref(ENGINE *e);
int ENGINE_set_id(ENGINE *e, const char *id);
int ENGINE_set_name(ENGINE *e, const char *name);
int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth);
int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
int ENGINE_set_flags(ENGINE *e, int flags);
int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
/* These functions allow control over any per-structure ENGINE data. */
int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
void *ENGINE_get_ex_data(const ENGINE *e, int idx);
/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
* automatically ensures the list cleanup function is registered to be called
* from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
* ENGINE_cleanup() will clean up after them. */
void ENGINE_cleanup(void);
/* These return values from within the ENGINE structure. These can be useful
* with functional references as well as structural references - it depends
* which you obtained. Using the result for functional purposes if you only
* obtained a structural reference may be problematic! */
const char *ENGINE_get_id(const ENGINE *e);
const char *ENGINE_get_name(const ENGINE *e);
const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
const char *str, int len);
const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
const char *str, int len);
const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
int ENGINE_get_flags(const ENGINE *e);
/* FUNCTIONAL functions. These functions deal with ENGINE structures
* that have (or will) be initialised for use. Broadly speaking, the
* structural functions are useful for iterating the list of available
* engine types, creating new engine types, and other "list" operations.
* These functions actually deal with ENGINEs that are to be used. As
* such these functions can fail (if applicable) when particular
* engines are unavailable - eg. if a hardware accelerator is not
* attached or not functioning correctly. Each ENGINE has 2 reference
* counts; structural and functional. Every time a functional reference
* is obtained or released, a corresponding structural reference is
* automatically obtained or released too. */
/* Initialise a engine type for use (or up its reference count if it's
* already in use). This will fail if the engine is not currently
* operational and cannot initialise. */
int ENGINE_init(ENGINE *e);
/* Free a functional reference to a engine type. This does not require
* a corresponding call to ENGINE_free as it also releases a structural
* reference. */
int ENGINE_finish(ENGINE *e);
/* The following functions handle keys that are stored in some secondary
* location, handled by the engine. The storage may be on a card or
* whatever. */
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
STACK_OF(X509) **pother,
UI_METHOD *ui_method, void *callback_data);
/* This returns a pointer for the current ENGINE structure that
* is (by default) performing any RSA operations. The value returned
* is an incremented reference, so it should be free'd (ENGINE_finish)
* before it is discarded. */
ENGINE *ENGINE_get_default_RSA(void);
/* Same for the other "methods" */
ENGINE *ENGINE_get_default_DSA(void);
ENGINE *ENGINE_get_default_EC(void);
ENGINE *ENGINE_get_default_DH(void);
ENGINE *ENGINE_get_default_RAND(void);
/* These functions can be used to get a functional reference to perform
* ciphering or digesting corresponding to "nid". */
ENGINE *ENGINE_get_cipher_engine(int nid);
ENGINE *ENGINE_get_digest_engine(int nid);
ENGINE *ENGINE_get_pkey_meth_engine(int nid);
ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
/* This sets a new default ENGINE structure for performing RSA
* operations. If the result is non-zero (success) then the ENGINE
* structure will have had its reference count up'd so the caller
* should still free their own reference 'e'. */
int ENGINE_set_default_RSA(ENGINE *e);
int ENGINE_set_default_string(ENGINE *e, const char *def_list);
/* Same for the other "methods" */
int ENGINE_set_default_DSA(ENGINE *e);
int ENGINE_set_default_EC(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e);
int ENGINE_set_default_RAND(ENGINE *e);
int ENGINE_set_default_ciphers(ENGINE *e);
int ENGINE_set_default_digests(ENGINE *e);
int ENGINE_set_default_pkey_meths(ENGINE *e);
int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
/* The combination "set" - the flags are bitwise "OR"d from the
* ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
* function, this function can result in unnecessary static linkage. If your
* application requires only specific functionality, consider using more
* selective functions. */
int ENGINE_set_default(ENGINE *e, unsigned int flags);
void ENGINE_add_conf_module(void);
/* Deprecated functions ... */
/* int ENGINE_clear_defaults(void); */
/**************************/
/* DYNAMIC ENGINE SUPPORT */
/**************************/
/* Binary/behaviour compatibility levels */
#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000
/* Binary versions older than this are too old for us (whether we're a loader or
* a loadee) */
#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000
/* When compiling an ENGINE entirely as an external shared library, loadable by
* the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
* type provides the calling application's (or library's) error functionality
* and memory management function pointers to the loaded library. These should
* be used/set in the loaded library code so that the loading application's
* 'state' will be used/changed in all operations. The 'static_state' pointer
* allows the loaded library to know if it shares the same static data as the
* calling application (or library), and thus whether these callbacks need to be
* set or not. */
typedef void *(*dyn_MEM_malloc_cb)(size_t);
typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
typedef void (*dyn_MEM_free_cb)(void *);
typedef struct st_dynamic_MEM_fns {
dyn_MEM_malloc_cb malloc_cb;
dyn_MEM_realloc_cb realloc_cb;
dyn_MEM_free_cb free_cb;
} dynamic_MEM_fns;
/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
* these types so we (and any other dependent code) can simplify a bit?? */
typedef void (*dyn_lock_locking_cb)(int, int, const char *, int);
typedef int (*dyn_lock_add_lock_cb)(int*, int, int, const char *, int);
typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
const char *, int);
typedef void (*dyn_dynlock_lock_cb)(int, struct CRYPTO_dynlock_value *,
const char *, int);
typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
const char *, int);
typedef struct st_dynamic_LOCK_fns {
dyn_lock_locking_cb lock_locking_cb;
dyn_lock_add_lock_cb lock_add_lock_cb;
dyn_dynlock_create_cb dynlock_create_cb;
dyn_dynlock_lock_cb dynlock_lock_cb;
dyn_dynlock_destroy_cb dynlock_destroy_cb;
} dynamic_LOCK_fns;
/* The top-level structure */
typedef struct st_dynamic_fns {
void *static_state;
const ERR_FNS *err_fns;
const CRYPTO_EX_DATA_IMPL *ex_data_fns;
dynamic_MEM_fns mem_fns;
dynamic_LOCK_fns lock_fns;
} dynamic_fns;
/* The version checking function should be of this prototype. NB: The
* ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
* If this function returns zero, it indicates a (potential) version
* incompatibility and the loaded library doesn't believe it can proceed.
* Otherwise, the returned value is the (latest) version supported by the
* loading library. The loader may still decide that the loaded code's version
* is unsatisfactory and could veto the load. The function is expected to
* be implemented with the symbol name "v_check", and a default implementation
* can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
#define IMPLEMENT_DYNAMIC_CHECK_FN() \
extern unsigned long v_check(unsigned long v); \
extern unsigned long v_check(unsigned long v) { \
if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
return 0; }
/* This function is passed the ENGINE structure to initialise with its own
* function and command settings. It should not adjust the structural or
* functional reference counts. If this function returns zero, (a) the load will
* be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
* structure, and (c) the shared library will be unloaded. So implementations
* should do their own internal cleanup in failure circumstances otherwise they
* could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
* the loader is looking for. If this is NULL, the shared library can choose to
* return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
* library must initialise only an ENGINE matching the passed 'id'. The function
* is expected to be implemented with the symbol name "bind_engine". A standard
* implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
* the parameter 'fn' is a callback function that populates the ENGINE structure
* and returns an int value (zero for failure). 'fn' should have prototype;
* [static] int fn(ENGINE *e, const char *id); */
typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
const dynamic_fns *fns);
#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
extern \
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
extern \
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
return 0; \
if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
return 0; \
if(!ERR_set_implementation(fns->err_fns)) return 0; \
skip_cbs: \
if(!fn(e,id)) return 0; \
return 1; }
/* If the loading application (or library) and the loaded ENGINE library share
* the same static data (eg. they're both dynamically linked to the same
* libcrypto.so) we need a way to avoid trying to set system callbacks - this
* would fail, and for the same reason that it's unnecessary to try. If the
* loaded ENGINE has (or gets from through the loader) its own copy of the
* libcrypto static data, we will need to set the callbacks. The easiest way to
* detect this is to have a function that returns a pointer to some static data
* and let the loading application and loaded ENGINE compare their respective
* values. */
void *ENGINE_get_static_state(void);
void ERR_load_ENGINE_strings(void);
#endif
/* Error codes for the ENGINE functions. */

8
lib/libcrypto/engine/engine_stubs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: engine_stubs.c,v 1.1 2023/07/21 09:04:23 tb Exp $ */
/* $OpenBSD: engine_stubs.c,v 1.3 2023/11/19 15:47:40 tb Exp $ */
/*
* Written by Theo Buehler. Public domain.
@ -6,8 +6,6 @@
#include <openssl/engine.h>
#ifdef OPENSSL_NO_ENGINE
void
ENGINE_load_builtin_engines(void)
{
@ -95,7 +93,7 @@ ENGINE_set_default_RSA(ENGINE *engine)
}
int
ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p,
void (*f)(void), int cmd_optional)
{
return 0;
@ -121,5 +119,3 @@ ENGINE_load_public_key(ENGINE *engine, const char *key_id,
{
return NULL;
}
#endif

8
lib/libcrypto/err/err_all.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: err_all.c,v 1.32 2023/07/28 09:46:36 tb Exp $ */
/* $OpenBSD: err_all.c,v 1.33 2023/11/19 15:46:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -91,9 +91,6 @@
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
#endif
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
@ -129,9 +126,6 @@ ERR_load_crypto_strings_internal(void)
#endif
#ifndef OPENSSL_NO_EC
ERR_load_EC_strings();
#endif
#ifndef OPENSSL_NO_ENGINE
ERR_load_ENGINE_strings();
#endif
ERR_load_EVP_strings();
#ifndef OPENSSL_NO_GOST

62
lib/libcrypto/evp/digest.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: digest.c,v 1.38 2023/07/07 19:37:53 beck Exp $ */
/* $OpenBSD: digest.c,v 1.39 2023/11/19 15:46:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -118,10 +118,6 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "evp_local.h"
int
@ -136,49 +132,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
* the previous handle, re-querying for an ENGINE, and having a
* reinitialisation, when it may all be unnecessary. */
if (ctx->engine && ctx->digest && (!type ||
(type && (type->type == ctx->digest->type))))
goto skip_to_init;
if (type) {
/* Ensure an ENGINE left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
* ENGINE and EVP_MD could be used). */
ENGINE_finish(ctx->engine);
if (impl != NULL) {
if (!ENGINE_init(impl)) {
EVPerror(EVP_R_INITIALIZATION_ERROR);
return 0;
}
} else
/* Ask if an ENGINE is reserved for this job */
impl = ENGINE_get_digest_engine(type->type);
if (impl != NULL) {
/* There's an ENGINE for this job ... (apparently) */
const EVP_MD *d = ENGINE_get_digest(impl, type->type);
if (d == NULL) {
/* Same comment from evp_enc.c */
EVPerror(EVP_R_INITIALIZATION_ERROR);
ENGINE_finish(impl);
return 0;
}
/* We'll use the ENGINE's private digest definition */
type = d;
/* Store the ENGINE functional reference so we know
* 'type' came from an ENGINE and we need to release
* it when done. */
ctx->engine = impl;
} else
ctx->engine = NULL;
} else if (!ctx->digest) {
EVPerror(EVP_R_NO_DIGEST_SET);
return 0;
}
#endif
if (ctx->digest != type) {
if (ctx->digest && ctx->digest->ctx_size && ctx->md_data &&
!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
@ -197,9 +150,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
}
}
}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
if (ctx->pctx) {
int r;
r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
@ -266,13 +216,6 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
return 0;
}
#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a digest context using an ENGINE */
if (in->engine && !ENGINE_init(in->engine)) {
EVPerror(ERR_R_ENGINE_LIB);
return 0;
}
#endif
if (out->digest == in->digest) {
tmp_buf = out->md_data;
@ -397,9 +340,6 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
*/
if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
EVP_PKEY_CTX_free(ctx->pctx);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ctx->engine);
#endif
memset(ctx, 0, sizeof(*ctx));
return 1;

8
lib/libcrypto/evp/e_aes.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: e_aes.c,v 1.54 2023/09/28 11:29:10 tb Exp $ */
/* $OpenBSD: e_aes.c,v 1.55 2023/11/18 09:37:15 tb Exp $ */
/* ====================================================================
* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
*
@ -2460,7 +2460,11 @@ aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
}
if (iv != NULL) {
memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
int iv_len = EVP_CIPHER_CTX_iv_length(ctx);
if (iv_len < 0 || iv_len > sizeof(ctx->iv))
return 0;
memcpy(ctx->iv, iv, iv_len);
wctx->iv = ctx->iv;
}

18
lib/libcrypto/evp/e_rc2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: e_rc2.c,v 1.22 2023/07/07 19:37:53 beck Exp $ */
/* $OpenBSD: e_rc2.c,v 1.24 2023/11/18 10:46:58 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -338,17 +338,17 @@ rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
long num = 0;
int i = 0;
int key_bits;
unsigned int l;
int l;
unsigned char iv[EVP_MAX_IV_LENGTH];
if (type != NULL) {
l = EVP_CIPHER_CTX_iv_length(c);
if (l > sizeof(iv)) {
if (l < 0 || l > sizeof(iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return -1;
}
i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
if (i != (int)l)
if (i != l)
return (-1);
key_bits = rc2_magic_to_meth((int)num);
if (!key_bits)
@ -373,6 +373,8 @@ rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (type != NULL) {
num = rc2_meth_to_magic(c);
j = EVP_CIPHER_CTX_iv_length(c);
if (j < 0 || j > sizeof(c->oiv))
return 0;
i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
}
return (i);
@ -381,9 +383,15 @@ rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
static int
rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
int iv_len;
switch (type) {
case EVP_CTRL_INIT:
data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
data(c)->key_bits = 0;
/* XXX - upper bound? */
if ((iv_len = EVP_CIPHER_CTX_key_length(c)) < 0)
return -1;
data(c)->key_bits = iv_len * 8;
return 1;
case EVP_CTRL_GET_RC2_KEY_BITS:

80
lib/libcrypto/evp/evp_enc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_enc.c,v 1.53 2023/09/10 16:53:56 tb Exp $ */
/* $OpenBSD: evp_enc.c,v 1.55 2023/11/19 15:46:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -68,10 +68,6 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "evp_local.h"
int
@ -94,15 +90,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
enc = 1;
ctx->encrypt = enc;
}
#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
* the previous handle, re-querying for an ENGINE, and having a
* reinitialisation, when it may all be unnecessary. */
if (ctx->engine && ctx->cipher &&
(!cipher || (cipher && (cipher->nid == ctx->cipher->nid))))
goto skip_to_init;
#endif
if (cipher) {
/* Ensure a context left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
@ -114,32 +101,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
ctx->encrypt = enc;
ctx->flags = flags;
}
#ifndef OPENSSL_NO_ENGINE
if (impl) {
if (!ENGINE_init(impl)) {
EVPerror(EVP_R_INITIALIZATION_ERROR);
return 0;
}
} else
/* Ask if an ENGINE is reserved for this job */
impl = ENGINE_get_cipher_engine(cipher->nid);
if (impl) {
/* There's an ENGINE for this job ... (apparently) */
const EVP_CIPHER *c =
ENGINE_get_cipher(impl, cipher->nid);
if (!c) {
EVPerror(EVP_R_INITIALIZATION_ERROR);
return 0;
}
/* We'll use the ENGINE's private cipher definition */
cipher = c;
/* Store the ENGINE functional reference so we know
* 'cipher' came from an ENGINE and we need to release
* it when done. */
ctx->engine = impl;
} else
ctx->engine = NULL;
#endif
ctx->cipher = cipher;
if (ctx->cipher->ctx_size) {
@ -163,9 +124,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
EVPerror(EVP_R_NO_CIPHER_SET);
return 0;
}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
/* we assume block size is a power of 2 in *cryptUpdate */
if (ctx->cipher->block_size != 1 &&
ctx->cipher->block_size != 8 &&
@ -181,6 +139,8 @@ skip_to_init:
}
if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
int iv_len;
switch (EVP_CIPHER_CTX_mode(ctx)) {
case EVP_CIPH_STREAM_CIPHER:
@ -194,25 +154,26 @@ skip_to_init:
/* fall-through */
case EVP_CIPH_CBC_MODE:
if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) >
sizeof(ctx->iv)) {
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
if (iv_len < 0 || iv_len > sizeof(ctx->oiv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
if (iv)
memcpy(ctx->oiv, iv,
EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv,
EVP_CIPHER_CTX_iv_length(ctx));
if (iv != NULL)
memcpy(ctx->oiv, iv, iv_len);
memcpy(ctx->iv, ctx->oiv, iv_len);
break;
case EVP_CIPH_CTR_MODE:
ctx->num = 0;
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
if (iv_len < 0 || iv_len > sizeof(ctx->iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
/* Don't reuse IV for CTR mode */
if (iv)
memcpy(ctx->iv, iv,
EVP_CIPHER_CTX_iv_length(ctx));
if (iv != NULL)
memcpy(ctx->iv, iv, iv_len);
break;
default:
@ -611,10 +572,6 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
/* XXX - store size of cipher_data so we can always freezero(). */
free(c->cipher_data);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(c->engine);
#endif
explicit_bzero(c, sizeof(EVP_CIPHER_CTX));
return 1;
@ -685,13 +642,6 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
return 0;
}
#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a cipher context using an ENGINE */
if (in->engine && !ENGINE_init(in->engine)) {
EVPerror(ERR_R_ENGINE_LIB);
return 0;
}
#endif
EVP_CIPHER_CTX_cleanup(out);
memcpy(out, in, sizeof *out);

12
lib/libcrypto/evp/evp_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_lib.c,v 1.28 2023/09/28 11:29:10 tb Exp $ */
/* $OpenBSD: evp_lib.c,v 1.29 2023/11/18 09:37:15 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -98,16 +98,16 @@ int
EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
int i = 0;
unsigned int l;
int l;
if (type != NULL) {
l = EVP_CIPHER_CTX_iv_length(c);
if (l > sizeof(c->iv)) {
if (l < 0 || l > sizeof(c->iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
if (i != (int)l)
if (i != l)
return (-1);
else if (i > 0)
memcpy(c->iv, c->oiv, l);
@ -119,11 +119,11 @@ int
EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
int i = 0;
unsigned int j;
int j;
if (type != NULL) {
j = EVP_CIPHER_CTX_iv_length(c);
if (j > sizeof(c->iv)) {
if (j < 0 || j > sizeof(c->iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}

21
lib/libcrypto/evp/p_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p_lib.c,v 1.37 2023/09/10 17:32:17 tb Exp $ */
/* $OpenBSD: p_lib.c,v 1.38 2023/11/19 15:46:10 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -77,10 +77,6 @@
#include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "asn1_local.h"
#include "evp_local.h"
@ -245,19 +241,11 @@ pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
*/
if ((type == pkey->save_type) && pkey->ameth)
return 1;
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(pkey->engine);
pkey->engine = NULL;
#endif
}
if (str)
ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
else
ameth = EVP_PKEY_asn1_find(eptr, type);
#ifndef OPENSSL_NO_ENGINE
if (pkey == NULL && eptr != NULL)
ENGINE_finish(e);
#endif
if (!ameth) {
EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
return 0;
@ -583,9 +571,6 @@ EVP_PKEY_type(int type)
ret = ameth->pkey_id;
else
ret = NID_undef;
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(e);
#endif
return ret;
}
@ -626,10 +611,6 @@ EVP_PKEY_free_it(EVP_PKEY *x)
x->ameth->pkey_free(x);
x->pkey.ptr = NULL;
}
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(x->engine);
x->engine = NULL;
#endif
}
static int

11
lib/libcrypto/evp/p_seal.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p_seal.c,v 1.16 2023/07/07 19:37:54 beck Exp $ */
/* $OpenBSD: p_seal.c,v 1.17 2023/11/18 09:37:15 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -74,7 +74,7 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
{
unsigned char key[EVP_MAX_KEY_LENGTH];
int i;
int i, iv_len;
if (type) {
EVP_CIPHER_CTX_init(ctx);
@ -85,8 +85,11 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
if (EVP_CIPHER_CTX_iv_length(ctx))
arc4random_buf(iv, EVP_CIPHER_CTX_iv_length(ctx));
/* XXX - upper bound? */
if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
return 0;
if (iv_len > 0)
arc4random_buf(iv, iv_len);
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0;

42
lib/libcrypto/evp/pmeth_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pmeth_lib.c,v 1.33 2023/07/07 19:37:54 beck Exp $ */
/* $OpenBSD: pmeth_lib.c,v 1.34 2023/11/19 15:43:52 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@ -68,10 +68,6 @@
#include <openssl/objects.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "asn1_local.h"
#include "evp_local.h"
@ -161,26 +157,8 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id)
return NULL;
id = pkey->ameth->pkey_id;
}
#ifndef OPENSSL_NO_ENGINE
if (pkey != NULL && pkey->engine != NULL)
engine = pkey->engine;
/* Try to find an ENGINE which implements this method. */
if (engine != NULL) {
if (!ENGINE_init(engine)) {
EVPerror(ERR_R_ENGINE_LIB);
return NULL;
}
} else
engine = ENGINE_get_pkey_meth_engine(id);
/* Look up method handler in ENGINE or use internal tables. */
if (engine != NULL)
pmeth = ENGINE_get_pkey_meth(engine, id);
else
#endif
pmeth = EVP_PKEY_meth_find(id);
if (pmeth == NULL) {
if ((pmeth = EVP_PKEY_meth_find(id)) == NULL) {
EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
goto err;
}
@ -205,9 +183,6 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id)
err:
EVP_PKEY_CTX_free(pkey_ctx);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(engine);
#endif
return NULL;
}
@ -275,22 +250,12 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
if (pctx->pmeth == NULL || pctx->pmeth->copy == NULL)
goto err;
#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a pkey context using an ENGINE */
if (pctx->engine != NULL && !ENGINE_init(pctx->engine)) {
EVPerror(ERR_R_ENGINE_LIB);
goto err;
}
#endif
if ((rctx = calloc(1, sizeof(*rctx))) == NULL) {
EVPerror(ERR_R_MALLOC_FAILURE);
goto err;
}
rctx->pmeth = pctx->pmeth;
#ifndef OPENSSL_NO_ENGINE
rctx->engine = pctx->engine;
#endif
if ((rctx->pkey = pctx->pkey) != NULL)
EVP_PKEY_up_ref(rctx->pkey);
@ -333,9 +298,6 @@ EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
ctx->pmeth->cleanup(ctx);
EVP_PKEY_free(ctx->pkey);
EVP_PKEY_free(ctx->peerkey);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ctx->engine);
#endif
free(ctx);
}

33
lib/libcrypto/man/ASN1_TIME_set.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ASN1_TIME_set.3,v 1.20 2023/11/13 12:46:07 beck Exp $
.\" $OpenBSD: ASN1_TIME_set.3,v 1.21 2023/11/16 14:20:49 tb Exp $
.\" full merge up to: OpenSSL 3d0f1cb9 Jul 11 03:01:24 2017 +0800
.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\"
@ -68,7 +68,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 13 2023 $
.Dd $Mdocdate: November 16 2023 $
.Dt ASN1_TIME_SET 3
.Os
.Sh NAME
@ -94,9 +94,9 @@
.Nm ASN1_TIME_cmp_time_t ,
.Nm ASN1_UTCTIME_cmp_time_t ,
.Nm ASN1_TIME_compare ,
.Nm ASN1_TIME_to_generalizedtime
.Nm OPENSSL_gmtime,
.Nm OPENSSL_timegm,
.Nm ASN1_TIME_to_generalizedtime ,
.Nm OPENSSL_gmtime ,
.Nm OPENSSL_timegm
.Nd ASN.1 Time functions
.Sh SYNOPSIS
.In openssl/asn1.h
@ -516,6 +516,19 @@ and
functions act only on that specific time format, while the
.Vt ASN1_TIME
functions operate on either format.
.Pp
.Fn OPENSSL_gmtime
converts a time_t value in
.Fa time
to a struct tm in
.Fa out_tm
and also returns the struct passed in on success.
.Pp
.Fn OPENSSL_timegm
converts a time structure in UTC time in
.Fa tm
to a time_t value in
.Fa out_time .
.Sh RETURN VALUES
.Fn ASN1_TIME_set ,
.Fn ASN1_UTCTIME_set ,
@ -576,21 +589,11 @@ is later than
or \-2 on error.
.Pp
.Fn OPENSSL_timegm
converts a time structure in UTC time in
.Fa tm
to a time_t value in
.Fa out_time
.Fn OPENSSL_timegm
returns 1 for success or 0 for failure.
It can fail if the time is not representable in a time_t,
or falls outside the range allowed in RFC 5280 times.
.Pp
.Fn OPENSSL_gmtime
converts a time_t value in
.Fa time
to a struct tm in
.Fa out_tm
.Fn OPENSSL_gmtime
returns
.Fa out_tm
on success or NULL for failure.

9
lib/libcrypto/man/BIO_ctrl.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: BIO_ctrl.3,v 1.24 2023/07/26 20:01:04 tb Exp $
.\" $OpenBSD: BIO_ctrl.3,v 1.25 2023/11/16 20:19:23 schwarze Exp $
.\" full merge up to: OpenSSL 24a535eaf Tue Sep 22 13:14:20 2020 +0100
.\" selective merge up to: OpenSSL 0c5bc96f Tue Mar 15 13:57:22 2022 +0000
.\"
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 26 2023 $
.Dd $Mdocdate: November 16 2023 $
.Dt BIO_CTRL 3
.Os
.Sh NAME
@ -307,11 +307,6 @@ and
return a
.Vt size_t
type and are functions.
.Fn BIO_pending
and
.Fn BIO_wpending
are macros which call
.Fn BIO_ctrl .
.Pp
.Fn BIO_set_info_callback
installs the function pointer

15
lib/libcrypto/man/BIO_get_data.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: BIO_get_data.3,v 1.7 2022/12/19 14:40:14 schwarze Exp $
.\" $OpenBSD: BIO_get_data.3,v 1.8 2023/11/16 20:27:43 schwarze Exp $
.\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 19 2022 $
.Dd $Mdocdate: November 16 2023 $
.Dt BIO_GET_DATA 3
.Os
.Sh NAME
@ -204,7 +204,7 @@ Application programs usually call macros like those documented in
rather than calling
.Fn BIO_test_flags
directly.
Flag bits correspond to accessor functions as follows:
Flag bits correspond to accessor macros as follows:
.Pp
.Bl -tag -width BIO_FLAGS_SHOULD_RETRY -compact
.It Dv BIO_FLAGS_READ
@ -319,6 +319,15 @@ object, call
and
.Xr BIO_get_close 3
instead.
.Pp
.Fn BIO_get_flags ,
.Fn BIO_set_retry_read ,
.Fn BIO_set_retry_write ,
.Fn BIO_set_retry_special ,
.Fn BIO_clear_retry_flags ,
and
.Fn BIO_get_retry_flags
are implemented as macros.
.Sh RETURN VALUES
.Fn BIO_get_data
returns a pointer to the implementation specific custom data associated

17
lib/libcrypto/man/BIO_get_ex_new_index.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.14 2023/07/21 04:39:49 tb Exp $
.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.17 2023/11/19 10:26:36 tb Exp $
.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
.\"
.\" This file was written by Rich Salz <rsalz@akamai.com>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 21 2023 $
.Dd $Mdocdate: November 19 2023 $
.Dt BIO_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
@ -57,9 +57,6 @@
.Nm BIO_get_ex_data ,
.Nm BIO_set_app_data ,
.Nm BIO_get_app_data ,
.Nm ENGINE_get_ex_new_index ,
.Nm ENGINE_set_ex_data ,
.Nm ENGINE_get_ex_data ,
.Nm UI_get_ex_new_index ,
.Nm UI_set_ex_data ,
.Nm UI_get_ex_data ,
@ -72,7 +69,6 @@
.Nd application-specific data
.Sh SYNOPSIS
.In openssl/bio.h
.In openssl/engine.h
.In openssl/ui.h
.In openssl/x509.h
.In openssl/ec.h
@ -126,21 +122,21 @@ with the correct index value.
.Fn TYPE_set_ex_data
is a function that calls
.Xr CRYPTO_set_ex_data 3
with an offset into the opaque exdata part of the
with an offset into the opaque ex_data part of the
.Vt TYPE
object.
.Pp
.Fn TYPE_get_ex_data
is a function that calls
.Xr CRYPTO_get_ex_data 3
with an offset into the opaque exdata part of the
with an offset into the opaque ex_data part of the
.Vt TYPE
object.
.Pp
.Fn TYPE_set_app_data
and
.Fn TYPE_get_app_data
are deprecated wrappers that call
are deprecated wrapper macros that call
.Fn TYPE_set_ex_data
and
.Fn TYPE_get_ex_data
@ -187,9 +183,6 @@ and
first appeared in OpenSSL 0.9.5 and have been available since
.Ox 2.7 .
.Pp
.Fn ENGINE_get_ex_new_index ,
.Fn ENGINE_set_ex_data ,
.Fn ENGINE_get_ex_data ,
.Fn UI_get_ex_new_index ,
.Fn UI_set_ex_data ,
and

6
lib/libcrypto/man/BIO_s_fd.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: BIO_s_fd.3,v 1.12 2023/04/29 12:04:54 schwarze Exp $
.\" $OpenBSD: BIO_s_fd.3,v 1.13 2023/11/16 20:19:23 schwarze Exp $
.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 29 2023 $
.Dd $Mdocdate: November 16 2023 $
.Dt BIO_S_FD 3
.Os
.Sh NAME
@ -147,7 +147,6 @@ to
.Fa fd
and the close flag to
.Fa close_flag .
It is currently implemented as a macro.
.Pp
.Fn BIO_get_fd
places the file descriptor in
@ -155,7 +154,6 @@ places the file descriptor in
if it is not
.Dv NULL
and also returns the file descriptor.
It is currently implemented as a macro.
.Pp
.Fn BIO_new_fd
returns a file descriptor BIO using

10
lib/libcrypto/man/BIO_s_file.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: BIO_s_file.3,v 1.16 2023/05/01 07:04:38 jsg Exp $
.\" $OpenBSD: BIO_s_file.3,v 1.17 2023/11/16 20:19:23 schwarze Exp $
.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100
.\"
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: May 1 2023 $
.Dd $Mdocdate: November 16 2023 $
.Dt BIO_S_FILE 3
.Os
.Sh NAME
@ -196,14 +196,12 @@ sets the file pointer of a file BIO to
.Fa flags
has the same meaning as in
.Fn BIO_new_fp .
.Fn BIO_set_fp
is a macro.
.Pp
.Fn BIO_get_fp
retrieves the file pointer of a file BIO, it is a macro.
retrieves the file pointer of a file BIO.
.Pp
.Xr BIO_seek 3
is a macro that sets the position pointer to
sets the position pointer to
.Fa offset
bytes from the start of file.
.Pp

8
lib/libcrypto/man/BIO_s_mem.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: BIO_s_mem.3,v 1.18 2023/04/29 12:04:54 schwarze Exp $
.\" $OpenBSD: BIO_s_mem.3,v 1.19 2023/11/16 20:19:23 schwarze Exp $
.\" full merge up to: OpenSSL 8711efb4 Mon Apr 20 11:33:12 2009 +0000
.\" selective merge up to: OpenSSL 36359cec Mar 7 14:37:23 2018 +0100
.\"
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 29 2023 $
.Dd $Mdocdate: November 16 2023 $
.Dt BIO_S_MEM 3
.Os
.Sh NAME
@ -158,7 +158,6 @@ sets
.Pf * Fa pp
to a pointer to the start of the memory BIO's data
and returns the total amount of data available.
It is implemented as a macro.
.Pp
.Fn BIO_set_mem_buf
sets the internal BUF_MEM structure to
@ -171,15 +170,12 @@ should be either
.Dv BIO_CLOSE
or
.Dv BIO_NOCLOSE .
.Fn BIO_set_mem_buf
is a macro.
.Pp
.Fn BIO_get_mem_ptr
places the underlying
.Vt BUF_MEM
structure in
.Pf * Fa pp .
It is a macro.
.Pp
.Fn BIO_new_mem_buf
creates a memory BIO using

14
lib/libcrypto/man/CONF_modules_load_file.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: CONF_modules_load_file.3,v 1.11 2023/07/21 10:46:54 tb Exp $
.\" $OpenBSD: CONF_modules_load_file.3,v 1.14 2023/11/19 20:58:07 tb Exp $
.\" full merge up to: e9b77246 Jan 20 19:58:49 2017 +0100
.\" selective merge up to: d090fc00 Feb 26 13:11:10 2019 +0800
.\"
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 21 2023 $
.Dd $Mdocdate: November 19 2023 $
.Dt CONF_MODULES_LOAD_FILE 3
.Os
.Sh NAME
@ -222,7 +222,6 @@ Load custom configuration file and section instead of the standard one,
only print warnings on error, missing configuration file ignored:
.Bd -literal
OPENSSL_no_config();
ENGINE_load_builtin_engines();
OPENSSL_load_builtin_modules();
if (CONF_modules_load_file("/something/app.cnf", "myapp",
CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
@ -234,12 +233,10 @@ if (CONF_modules_load_file("/something/app.cnf", "myapp",
In the previous example, the call to
.Xr OPENSSL_no_config 3
is required first to suppress automatic loading
of the standard configuration file, and the calls to
.Xr ENGINE_load_builtin_engines 3
and
of the standard configuration file, and the call to
.Xr OPENSSL_load_builtin_modules 3
are needed so that the configuration of builtin modules and engines
is also loaded in addition to the configuration of
is needed so that the configuration of builtin modules
is loaded in addition to the configuration of
.Qq myapp .
.Pp
Load and parse configuration file manually, custom error handling:
@ -270,7 +267,6 @@ if (fp == NULL) {
.Ed
.Sh SEE ALSO
.Xr CONF_modules_free 3 ,
.Xr ENGINE_load_builtin_engines 3 ,
.Xr ERR 3 ,
.Xr OPENSSL_config 3 ,
.Xr OPENSSL_load_builtin_modules 3

14
lib/libcrypto/man/DES_set_key.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: DES_set_key.3,v 1.15 2022/03/31 17:27:16 naddy Exp $
.\" $OpenBSD: DES_set_key.3,v 1.16 2023/11/16 20:27:43 schwarze Exp $
.\" full merge up to:
.\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400
.\"
@ -115,7 +115,7 @@
.\" copied and put under another distribution licence
.\" [including the GNU Public Licence.]
.\"
.Dd $Mdocdate: March 31 2022 $
.Dd $Mdocdate: November 16 2023 $
.Dt DES_SET_KEY 3
.Os
.Sh NAME
@ -599,10 +599,11 @@ then update ivec and num.
num contains "how far" we are though ivec.
If this does not make much sense, read more about CFB mode of DES.
.Pp
The
.Fn DES_ede3_cfb64_encrypt
and
function and the
.Fn DES_ede2_cfb64_encrypt
is the same as
macro are the same as
.Fn DES_cfb64_encrypt
except that Triple-DES is used.
.Pp
@ -625,10 +626,11 @@ is the same as
.Fn DES_cfb64_encrypt
using Output Feed Back mode.
.Pp
The
.Fn DES_ede3_ofb64_encrypt
and
function and the
.Fn DES_ede2_ofb64_encrypt
is the same as
macro are the same as
.Fn DES_ofb64_encrypt ,
using Triple-DES.
.Pp

40
lib/libcrypto/man/DH_set_method.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: DH_set_method.3,v 1.8 2022/01/15 23:38:50 jsg Exp $
.\" $OpenBSD: DH_set_method.3,v 1.9 2023/11/19 10:34:26 tb Exp $
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 15 2022 $
.Dd $Mdocdate: November 19 2023 $
.Dt DH_SET_METHOD 3
.Os
.Sh NAME
@ -98,16 +98,9 @@ selects
as the default method for all
.Vt DH
structures created later.
If any
.Vt ENGINE
was registered with
.Xr ENGINE_register_DH 3
that can be successfully initialized, it overrides the default.
.Pp
.Fn DH_get_default_method
returns a pointer to the current default method,
even if it is actually overridden by an
.Vt ENGINE .
returns a pointer to the current default method.
.Pp
.Fn DH_set_method
selects
@ -118,17 +111,12 @@ This replaces the
.Vt DH_METHOD
used by the
.Fa dh
key and if the previous method was supplied by an
.Vt ENGINE ,
.Xr ENGINE_finish 3
is called on it.
key.
It is possible to have
.Vt DH
keys that only work with certain
.Vt DH_METHOD
implementations (e.g. from an
.Vt ENGINE
module that supports embedded hardware-protected keys),
implementations,
and in such cases attempting to change the
.Vt DH_METHOD
for the key can have unexpected results.
@ -136,17 +124,10 @@ for the key can have unexpected results.
.Fn DH_new_method
allocates and initializes a
.Vt DH
structure so that
structure.
The
.Fa engine
is used for the DH operations.
If
.Fa engine
is
.Dv NULL ,
.Xr ENGINE_get_default_DH 3
is used.
If that returns
.Dv NULL ,
argument is ignored and
the default method controlled by
.Fn DH_set_default_method
is used.
@ -202,10 +183,7 @@ and sets an error code that can be obtained by
if the allocation fails.
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr DH_new 3 ,
.Xr ENGINE_get_default_DH 3 ,
.Xr ENGINE_register_DH 3 ,
.Xr ENGINE_set_default_DH 3
.Xr DH_new 3
.Sh HISTORY
.Fn DH_set_default_method ,
.Fn DH_get_default_method ,

40
lib/libcrypto/man/DSA_set_method.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: DSA_set_method.3,v 1.10 2022/01/15 23:38:50 jsg Exp $
.\" $OpenBSD: DSA_set_method.3,v 1.11 2023/11/19 10:34:26 tb Exp $
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 15 2022 $
.Dd $Mdocdate: November 19 2023 $
.Dt DSA_SET_METHOD 3
.Os
.Sh NAME
@ -93,16 +93,9 @@ selects
as the default method for all
.Vt DSA
structures created later.
If any
.Vt ENGINE
was registered with
.Xr ENGINE_register_DSA 3
that can be successfully initialized, it overrides the default.
.Pp
.Fn DSA_get_default_method
returns a pointer to the current default method,
even if it is actually overridden by an
.Vt ENGINE .
returns a pointer to the current default method.
.Pp
.Fn DSA_set_method
selects
@ -111,15 +104,10 @@ to perform all operations using the key
.Fa dsa .
This replaces the
.Vt DSA_METHOD
used by the DSA key and if the previous method was supplied by an
.Vt ENGINE ,
.Xr ENGINE_finish 3
is called on it.
used by the DSA key.
It is possible to have DSA keys that only work with certain
.Vt DSA_METHOD
implementations (e.g. from an
.Vt ENGINE
module that supports embedded hardware-protected keys),
implementations,
and in such cases attempting to change the
.Vt DSA_METHOD
for the key can have unexpected results.
@ -127,17 +115,10 @@ for the key can have unexpected results.
.Fn DSA_new_method
allocates and initializes a
.Vt DSA
structure so that
structure.
The
.Fa engine
is used for the DSA operations.
If
.Fa engine
is
.Dv NULL ,
.Xr ENGINE_get_default_DSA 3
is used.
If that returns
.Dv NULL ,
argument is ignored and
the default method controlled by
.Fn DSA_set_default_method
is used.
@ -206,10 +187,7 @@ if the allocation fails.
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr DSA_meth_new 3 ,
.Xr DSA_new 3 ,
.Xr ENGINE_get_default_DSA 3 ,
.Xr ENGINE_register_DSA 3 ,
.Xr ENGINE_set_default_DSA 3
.Xr DSA_new 3
.Sh HISTORY
.Fn DSA_set_default_method ,
.Fn DSA_get_default_method ,

243
lib/libcrypto/man/ENGINE_add.3
View File

@ -1,243 +0,0 @@
.\" $OpenBSD: ENGINE_add.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $
.\" content checked up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: April 18 2018 $
.Dt ENGINE_ADD 3
.Os
.Sh NAME
.Nm ENGINE_add ,
.Nm ENGINE_set_id ,
.Nm ENGINE_get_id ,
.Nm ENGINE_set_name ,
.Nm ENGINE_get_name ,
.Nm ENGINE_remove ,
.Nm ENGINE_cleanup ,
.Nm ENGINE_get_first ,
.Nm ENGINE_get_last ,
.Nm ENGINE_get_next ,
.Nm ENGINE_get_prev ,
.Nm ENGINE_by_id
.Nd maintain a global list of ENGINE objects
.Sh SYNOPSIS
.In openssl/engine.h
.Ft int
.Fo ENGINE_add
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_id
.Fa "ENGINE *e"
.Fa "const char *id"
.Fc
.Ft const char *
.Fo ENGINE_get_id
.Fa "const ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_name
.Fa "ENGINE *e"
.Fa "const char *name"
.Fc
.Ft const char *
.Fo ENGINE_get_name
.Fa "const ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_remove
.Fa "ENGINE *e"
.Fc
.Ft void
.Fn ENGINE_cleanup void
.Ft ENGINE *
.Fn ENGINE_get_first void
.Ft ENGINE *
.Fn ENGINE_get_last void
.Ft ENGINE *
.Fo ENGINE_get_next
.Fa "ENGINE *e"
.Fc
.Ft ENGINE *
.Fo ENGINE_get_prev
.Fa "ENGINE *e"
.Fc
.Ft ENGINE *
.Fo ENGINE_by_id
.Fa "const char *id"
.Fc
.Sh DESCRIPTION
The crypto library maintains a global list of
.Vt ENGINE
objects.
.Pp
.Fn ENGINE_add
appends
.Fa e
to the end of the list
and increments its structural reference count by 1.
A unique identifier and a name of
.Fa e
have to be set with
.Fn ENGINE_set_id
and
.Fn ENGINE_set_name
before calling this function.
.Fn ENGINE_add
fails if the list already contains an
.Vt ENGINE
with the same identifier.
.Pp
.Fn ENGINE_remove
removes
.Fa e
from the list.
If successful, it calls
.Xr ENGINE_free 3
on
.Fa e .
.Pp
.Fn ENGINE_cleanup
calls
.Xr ENGINE_finish 3
on all
.Vt ENGINE
objects that were selected as default engines, for example using the
functions documented in the
.Xr ENGINE_set_default 3
and
.Xr ENGINE_get_default_RSA 3
manual pages, and it calls
.Fn ENGINE_remove
on all
.Vt ENGINE
objects that were added to the global list with
.Fn ENGINE_add .
Calling this function is required at the end of each program using
.Fn ENGINE_add ,
even if no engines are explicitly registered or used.
.Pp
.Fn ENGINE_get_first
and
.Fn ENGINE_get_last
provide access to the first and last
.Vt ENGINE
object on the list, respectively.
Unless the list is empty, they increment the structural reference
count of the retrieved object by 1.
.Pp
.Fn ENGINE_get_next
and
.Fn ENGINE_get_prev
support iteration of the list.
They always call
.Xr ENGINE_free 3
on
.Fa e .
Unless the end of the list is reached, they increment the structural
reference count of the retrieved object by 1.
.Pp
.Fn ENGINE_by_id
searches the list for an
.Vt ENGINE
object with a matching
.Fa id .
If found, it increments the structural reference count of the
retrieved object by 1.
If
.Dv ENGINE_FLAGS_BY_ID_COPY
was set on
.Fa e
with
.Xr ENGINE_set_flags 3 ,
it returns a shallow copy of the object rather than incrementing
the reference count and returning a pointer to the original.
.Sh RETURN VALUES
.Fn ENGINE_add ,
.Fn ENGINE_set_id ,
.Fn ENGINE_set_name ,
and
.Fn ENGINE_remove
return 1 on success or 0 on error.
.Fn ENGINE_set_id
and
.Fn ENGINE_set_name
can only fail if the supplied
.Fa id
or
.Fa name
is
.Dv NULL .
.Pp
.Fn ENGINE_get_id
and
.Fn ENGINE_get_name
return a pointer to an internal string
representing the identifier and the name of
.Fa e ,
respectively.
.Pp
.Fn ENGINE_get_first
and
.Fn ENGINE_get_last
return an
.Vt ENGINE
object or
.Dv NULL
if the list is empty.
.Pp
.Fn ENGINE_get_next
and
.Fn ENGINE_get_prev
return an
.Vt ENGINE
object or
.Dv NULL
when the end of the list is reached.
.Pp
.Fn ENGINE_by_id
returns an
.Vt ENGINE
object or
.Dv NULL
if no matching object is found.
.Sh SEE ALSO
.Xr ENGINE_get_default_RSA 3 ,
.Xr ENGINE_init 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_all_RSA 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_default 3 ,
.Xr ENGINE_set_flags 3 ,
.Xr ENGINE_unregister_RSA 3
.Sh HISTORY
.Fn ENGINE_add ,
.Fn ENGINE_set_id ,
.Fn ENGINE_get_id ,
.Fn ENGINE_set_name ,
.Fn ENGINE_get_name ,
.Fn ENGINE_remove ,
.Fn ENGINE_get_first ,
.Fn ENGINE_get_last ,
.Fn ENGINE_get_next ,
.Fn ENGINE_get_prev ,
and
.Fn ENGINE_by_id
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 2.9 .
.Pp
.Fn ENGINE_cleanup
first appeared in OpenSSL 0.9.7 and has been available since
.Ox 3.2 .

470
lib/libcrypto/man/ENGINE_ctrl.3
View File

@ -1,470 +0,0 @@
.\" $OpenBSD: ENGINE_ctrl.3,v 1.5 2022/01/15 23:38:50 jsg Exp $
.\" content checked up to:
.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 15 2022 $
.Dt ENGINE_CTRL 3
.Os
.Sh NAME
.Nm ENGINE_ctrl ,
.Nm ENGINE_cmd_is_executable ,
.Nm ENGINE_ctrl_cmd ,
.Nm ENGINE_ctrl_cmd_string ,
.Nm ENGINE_set_ctrl_function ,
.Nm ENGINE_get_ctrl_function ,
.Nm ENGINE_set_cmd_defns ,
.Nm ENGINE_get_cmd_defns
.Nd control commands for ENGINE objects
.Sh SYNOPSIS
.In openssl/engine.h
.Ft int
.Fo ENGINE_ctrl
.Fa "ENGINE *e"
.Fa "int cmd"
.Fa "long i"
.Fa "void *p"
.Fa "void (*f)(void)"
.Fc
.Ft int
.Fo ENGINE_cmd_is_executable
.Fa "ENGINE *e"
.Fa "int cmd"
.Fc
.Ft int
.Fo ENGINE_ctrl_cmd
.Fa "ENGINE *e"
.Fa "const char *cmd_name"
.Fa "long i"
.Fa "void *p"
.Fa "void (*f)(void)"
.Fa "int cmd_optional"
.Fc
.Ft int
.Fo ENGINE_ctrl_cmd_string
.Fa "ENGINE *e"
.Fa "const char *cmd_name"
.Fa "const char *arg"
.Fa "int cmd_optional"
.Fc
.Ft typedef int
.Fo (*ENGINE_CTRL_FUNC_PTR)
.Fa "ENGINE *e"
.Fa "int cmd"
.Fa "long i"
.Fa "void *p"
.Fa "void (*f)(void)"
.Fc
.Ft int
.Fo ENGINE_set_ctrl_function
.Fa "ENGINE *e"
.Fa "ENGINE_CTRL_FUNC_PTR ctrl_f"
.Fc
.Ft ENGINE_CTRL_FUNC_PTR
.Fo ENGINE_get_ctrl_function
.Fa "const ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_cmd_defns
.Fa "ENGINE *e"
.Fa "const ENGINE_CMD_DEFN *defns"
.Fc
.Ft const ENGINE_CMD_DEFN *
.Fo ENGINE_get_cmd_defns
.Fa "const ENGINE *e"
.Fc
.Sh DESCRIPTION
.Fn ENGINE_ctrl
calls the built-in or user-defined
.Fa cmd
for the engine
.Fa e ,
passing the arguments
.Fa i
and
.Fa p .
.Pp
User-defined commands can be used before
.Xr ENGINE_init 3
to provide data required for initialization
or at any time to modify the behaviour of an engine.
.Pp
Most built-in commands operate on user-defined commands installed with
.Fn ENGINE_set_cmd_defns ,
either using the
.Fa p
argument to indicate the user-defined command with the command name
.Fa cmd_name
or using the
.Fa i
argument to indicate the user-defined command with the command number
.Fa cmd_num .
The
.Fa cmd
arguments to call the built-in commands are as follows:
.Bl -tag -width Ds
.It Dv ENGINE_CTRL_GET_CMD_FLAGS
Return the
.Fa cmd_flags
of the user-defined command with the number
.Fa i ,
or a number less than or equal to 0 if an error occurs or
the command number does not exist.
A return value of 0 indicates failure if
.Fa e
is
.Dv NULL
or has a reference count of 0, or success if
.Fa e
is valid.
.It Dv ENGINE_CTRL_GET_CMD_FROM_NAME
Return the positive command number
of the user-defined command with the name
.Fa p ,
or a number less than or equal to 0 if an error occurs or no
matching name is found.
.It Dv ENGINE_CTRL_GET_DESC_FROM_CMD
Copy the description of the user-defined command with the number
.Fa i
into the buffer
.Fa p
and NUL-terminate it.
It is the responsibility of the caller to make sure that the buffer
.Fa p
is large enough, either by calling
.Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
first or using knowledge about the array passed to
.Fn ENGINE_set_cmd_defns .
The return value is the number of bytes written
.Em including
the terminating NUL byte, or a number less than or equal to 0
if an error occurs.
.It Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
Return the length in bytes
.Em excluding
the terminating NUL byte
of the description of the user-defined command with the number
.Fa i ,
or a number less than or equal to 0 if an error occurs.
A return value of 0 indicates failure if
.Fa e
is
.Dv NULL
or has a reference count of 0, or success if
.Fa e
is valid.
.It Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE
Return the positive command number
of the first user-defined command installed with
.Fn ENGINE_set_cmd_defns
or a number less than or equal to 0 if an error occurs or no
user-defined command has been installed.
.It Dv ENGINE_CTRL_GET_NAME_FROM_CMD
Copy the name of the user-defined command with the number
.Fa i
into the buffer
.Fa p
and NUL-terminate it.
It is the responsibility of the caller to make sure that the buffer
.Fa p
is large enough, either by calling
.Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
first or using knowledge about the array passed to
.Fn ENGINE_set_cmd_defns .
The return value is the number of bytes written
.Em including
the terminating NUL byte, or a number less than or equal to 0
if an error occurs.
.It Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
Return the length in bytes
.Em excluding
the terminating NULL byte
of the name of the user-defined command with the number
.Fa i ,
or a number less than or equal to 0 if an error occurs.
A return value of 0 indicates failure if
.Fa e
is
.Dv NULL
or has a reference count of 0, or success if
.Fa e
is valid.
.It Dv ENGINE_CTRL_GET_NEXT_CMD_TYPE
Return the positive command number of the next user-defined command
after the user-defined command with the number
.Fa i ,
or a number less than or equal to 0 if an error occurs or if
.Fa i
is the last user-defined command.
Together with
.Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE ,
this can be used to iterate the user-defined commands installed with
.Fn ENGINE_set_cmd_defns .
.It Dv ENGINE_CTRL_HAS_CTRL_FUNCTION
Return 1 if
.Fa e
has its own
.Fa ctrl_f
installed with
.Fn ENGINE_set_ctrl_function
or 0 otherwise.
.El
.Pp
.Fn ENGINE_ctrl_cmd
translates the
.Fa cmd_name
of a user-defined command to a
.Fa cmd
number and calls
.Fn ENGINE_ctrl
on it.
If
.Fa cmd_optional
is non-zero, lack of a
.Fa ctrl_f
in
.Fa e
and translation failure with
.Dv ENGINE_CTRL_GET_CMD_FROM_NAME
are considered success, and the command has no effect.
Otherwise, these problems cause
.Fn ENGINE_ctrl_cmd
to fail.
.Pp
Neither
.Fn ENGINE_ctrl
nor
.Fn ENGINE_ctrl_cmd
ever call the
.Fa f
callback, but merely pass it on as an argument to the engine-specific
.Fa ctrl_f
control function.
It is up to
.Fa ctrl_f
how to use it, or alternatively to ignore it as well.
.Pp
.Fn ENGINE_ctrl_cmd_string
translates the
.Fa cmd_name
of a user-defined command to a
.Fa cmd
number.
If that command has the
.Dv ENGINE_CMD_FLAG_NO_INPUT
flag set,
.Fa arg
must be
.Dv NULL
and
.Fn ENGINE_ctrl
is called with
.Fa i
set to 0 and
.Fa p
set to
.Dv NULL .
Otherwise,
.Fa arg
must not be
.Dv NULL .
If the command accepts string input,
.Fa i
is set to 0 and
.Fa arg
is passed as the
.Fa p
argument to
.Fn ENGINE_ctrl .
Otherwise,
.Fa arg
is converted with
.Xr strtol 3
and passed as the
.Fa i
argument to
.Fn ENGINE_ctrl ,
setting
.Fa p
to
.Dv NULL .
.Pp
.Fn ENGINE_set_ctrl_function
installs
.Fa ctrl_f
as the engine-specific control function for
.Fa e .
Future calls to
.Fn ENGINE_ctrl
will call that function, passing on their arguments unchanged, if the
.Fa cmd
is not built-in to the library or if the
.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
flag is set in
.Fa e .
Let the
.Fa ctrl_f
return positive values on success or negative values on failure.
Avoid return values of 0 because they cause dangerous ambiguity.
In particular,
.Fn ENGINE_ctrl_cmd
and
.Fn ENGINE_ctrl_cmd_string
cannot be used with user-defined commands
that may return 0 on success.
.Pp
.Fn ENGINE_set_cmd_defns
install an array of command definitions in
.Fa e .
.Pp
The structure
.Vt ENGINE_CMD_DEFN
has the following fields:
.Bl -tag -width Ds
.It Fa "unsigned int cmd_num"
A positive, unique, monotonically increasing command number.
Avoid using numbers below
.Dv ENGINE_CMD_BASE .
.It Fa "const char *cmd_name"
The unique name of the command.
.It Fa "const char *cmd_desc"
A short description of the command.
.It Fa "unsigned int cmd_flags"
The bitwise OR of zero or more of the following flags:
.Bl -tag -width Ds
.It Dv ENGINE_CMD_FLAG_NUMERIC
The command uses
.Fa i .
.It Dv ENGINE_CMD_FLAG_STRING
The command uses
.Fa p .
.It Dv ENGINE_CMD_FLAG_NO_INPUT
The command neither uses
.Fa i
nor
.Fa p .
.It Dv ENGINE_CMD_FLAG_INTERNAL
This flag has no effect and is only provided for compatibility.
.El
.El
.Pp
The last element of
.Fa defns
does not specify a command, but must have a
.Fa cmd_num
of 0 and a
.Fa cmd_name
of
.Dv NULL
to indicate the end of the array.
.Sh RETURN VALUES
For
.Fn ENGINE_ctrl ,
positive return values indicate success and negative return values
indicate failure.
The meaning of a zero return value depends on the particular
.Fa cmd
and may indicate both success and failure, which is pathetic.
.Pp
Regardless of the
.Fa cmd ,
.Fn ENGINE_ctrl
returns 0 if
.Fa e
is
.Dv NULL
or has a reference count of 0.
This is quite unfortunate for commands like
.Dv ENGINE_CTRL_GET_CMD_FLAGS
where 0 may indicate success, so make sure
.Fa e
is valid before issuing a control command.
.Pp
For built-in commands except
.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION ,
.Fn ENGINE_ctrl
returns \-1 if
.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
is set but no
.Fa ctrl_f
has been installed with
.Fn ENGINE_set_ctrl_function .
.Pp
For commands that are not built in,
.Fn ENGINE_ctrl
returns 0 if no
.Fa ctrl_f
has been installed with
.Fn ENGINE_set_ctrl_function .
.Pp
.Fn ENGINE_cmd_is_executable
returns 1 if the user-defined
.Fa cmd
is executable and has at least one of the flags
.Dv ENGINE_CMD_FLAG_NUMERIC ,
.Dv ENGINE_CMD_FLAG_STRING ,
and
.Dv ENGINE_CMD_FLAG_NO_INPUT
set, or 0 otherwise.
.Pp
.Fn ENGINE_ctrl_cmd
and
.Fn ENGINE_ctrl_cmd_string
return 1 on success or 0 on error.
.Pp
.Fn ENGINE_set_ctrl_function
and
.Fn ENGINE_set_cmd_defns
always return 1.
.Pp
.Fn ENGINE_get_ctrl_function
returns a pointer to the function
.Fa ctrl_f
installed with
.Fn ENGINE_set_ctrl_function ,
or
.Dv NULL
if none has been installed.
.Pp
.Fn ENGINE_get_cmd_defns
returns the array of command definitions installed in
.Fa e
or
.Dv NULL
if none is installed.
.Sh SEE ALSO
.Xr ENGINE_add 3 ,
.Xr ENGINE_init 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_flags 3 ,
.Xr ENGINE_set_RSA 3
.Sh HISTORY
.Fn ENGINE_ctrl ,
.Fn ENGINE_set_ctrl_function ,
and
.Fn ENGINE_get_ctrl_function
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 2.9 .
.Pp
.Fn ENGINE_cmd_is_executable ,
.Fn ENGINE_ctrl_cmd ,
.Fn ENGINE_ctrl_cmd_string ,
.Fn ENGINE_set_cmd_defns ,
and
.Fn ENGINE_get_cmd_defns
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .

151
lib/libcrypto/man/ENGINE_get_default_RSA.3
View File

@ -1,151 +0,0 @@
.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.4 2023/07/21 04:35:36 tb Exp $
.\" content checked up to:
.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 21 2023 $
.Dt ENGINE_GET_DEFAULT_RSA 3
.Os
.Sh NAME
.Nm ENGINE_get_default_RSA ,
.Nm ENGINE_get_default_DSA ,
.Nm ENGINE_get_default_EC ,
.Nm ENGINE_get_default_DH ,
.Nm ENGINE_get_default_RAND ,
.Nm ENGINE_get_cipher_engine ,
.Nm ENGINE_get_digest_engine ,
.Nm ENGINE_set_table_flags ,
.Nm ENGINE_get_table_flags
.Nd retrieve the default ENGINE for an algorithm
.Sh SYNOPSIS
.In openssl/engine.h
.Ft ENGINE *
.Fn ENGINE_get_default_RSA void
.Ft ENGINE *
.Fn ENGINE_get_default_DSA void
.Ft ENGINE *
.Fn ENGINE_get_default_EC void
.Ft ENGINE *
.Fn ENGINE_get_default_DH void
.Ft ENGINE *
.Fn ENGINE_get_default_RAND void
.Ft ENGINE *
.Fo ENGINE_get_cipher_engine
.Fa "int nid"
.Fc
.Ft ENGINE *
.Fo ENGINE_get_digest_engine
.Fa "int nid"
.Fc
.Ft void
.Fo ENGINE_set_table_flags
.Fa "unsigned int flags"
.Fc
.Ft unsigned int
.Fn ENGINE_get_table_flags void
.Sh DESCRIPTION
These functions retrieve the current default
.Vt ENGINE
implementing the respective algorithm.
.Pp
If a default engine was previously selected,
.Xr ENGINE_init 3
is called on it again and it is used.
Otherwise, these functions inspect the engines registered
with the functions documented in
.Xr ENGINE_register_RSA 3
in the order of the table for the respective algorithm.
If an inspected engine is already successfully initialized,
.Xr ENGINE_init 3
is called on it again and it is used as the new default.
Otherwise, unless the global flag
.Dv ENGINE_TABLE_FLAG_NOINIT
is set,
.Xr ENGINE_init 3
is tried on it.
If it succeeds, that engine is used as the new default.
If it fails or if
.Dv ENGINE_TABLE_FLAG_NOINIT
is set, inspection continues with the next engine.
.Pp
The global flag can be set by calling
.Fn ENGINE_set_table_flags
with an argument of
.Dv ENGINE_TABLE_FLAG_NOINIT
or cleared by calling it with an argument of 0.
By default, the flag is not set.
.Pp
While all the other functions operate on exactly one algorithm,
.Fn ENGINE_get_cipher_engine
and
.Fn ENGINE_get_digest_engine
are special in so far as they can handle multiple algorithms,
identified by the given
.Fa nid .
The default engine is remembered separately for each algorithm.
.Pp
Application programs rarely need to call these functions because
they are called automatically when needed, in particular from
.Xr RSA_new 3 ,
.Xr DSA_new 3 ,
.Xr EC_KEY_new 3 ,
.Xr DH_new 3 ,
.Xr EVP_CipherInit_ex 3 ,
and
.Xr EVP_DigestInit_ex 3 .
.Sh RETURN VALUES
These functions return a functional reference to an
.Vt ENGINE
object or
.Dv NULL
on failure, in particular when no engine implementing the algorithm
is available, when
.Xr ENGINE_init 3
fails for all implementations,
or when insufficient memory is available.
Even when these functions fail, the application may still be able
to use the algorithm in question because the built-in implementation
is used in that case, if one is available.
.Pp
.Fn ENGINE_get_table_flags
returns
.Dv ENGINE_TABLE_FLAG_NOINIT
if the global flag is set or 0 otherwise.
.Sh SEE ALSO
.Xr ENGINE_init 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_default 3
.Sh HISTORY
.Fn ENGINE_get_default_RSA ,
.Fn ENGINE_get_default_DSA ,
.Fn ENGINE_get_default_DH ,
and
.Fn ENGINE_get_default_RAND
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 2.9 .
.Pp
.Fn ENGINE_get_cipher_engine ,
.Fn ENGINE_get_digest_engine ,
.Fn ENGINE_set_table_flags ,
and
.Fn ENGINE_get_table_flags
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .
.Pp
.Fn ENGINE_get_default_EC
first appeared in OpenSSL 1.1.0 and has been available since
.Ox 6.5 .

134
lib/libcrypto/man/ENGINE_init.3
View File

@ -1,134 +0,0 @@
.\" $OpenBSD: ENGINE_init.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: April 18 2018 $
.Dt ENGINE_INIT 3
.Os
.Sh NAME
.Nm ENGINE_init ,
.Nm ENGINE_finish ,
.Nm ENGINE_set_init_function ,
.Nm ENGINE_set_finish_function ,
.Nm ENGINE_get_init_function ,
.Nm ENGINE_get_finish_function
.Nd initialize ENGINE objects
.Sh SYNOPSIS
.In openssl/engine.h
.Ft int
.Fo ENGINE_init
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_finish
.Fa "ENGINE *e"
.Fc
.Ft typedef int
.Fo (*ENGINE_GEN_INT_FUNC_PTR)
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_init_function
.Fa "ENGINE *e"
.Fa "ENGINE_GEN_INT_FUNC_PTR init_f"
.Fc
.Ft int
.Fo ENGINE_set_finish_function
.Fa "ENGINE *e"
.Fa "ENGINE_GEN_INT_FUNC_PTR finish_f"
.Fc
.Ft ENGINE_GEN_INT_FUNC_PTR
.Fo ENGINE_get_init_function
.Fa "const ENGINE *e"
.Fc
.Ft ENGINE_GEN_INT_FUNC_PTR
.Fo ENGINE_get_finish_function
.Fa "const ENGINE *e"
.Fc
.Sh DESCRIPTION
.Fn ENGINE_init
initializes
.Fa e
by calling the
.Fa init_f
previously installed with
.Fn ENGINE_set_init_function ,
if any.
In case of success, it also increments both the structural
and the functional reference count by 1.
If no
.Fa init_f
was installed,
.Fn ENGINE_init
always succeeds.
Calling
.Fn ENGINE_init
again after it already succeeded always succeeds, but has no effect
except that it increments both the structural and the functional
reference count by 1.
.Pp
.Fn ENGINE_finish
decrements the functional reference count by 1.
When it reaches 0, it calls the
.Fa finish_f
previously installed with
.Fn ENGINE_set_finish_function ,
if any.
If no
.Fa finish_f
was installed,
.Fn ENGINE_finish
always succeeds.
Unless
.Fa finish_f
fails,
.Fn ENGINE_finish
also calls
.Xr ENGINE_free 3 .
.Pp
.Fn ENGINE_init
is internally called by the functions documented in the
.Xr ENGINE_get_default_RSA 3
manual page.
.Sh RETURN VALUES
.Fn ENGINE_init
and
.Fn ENGINE_finish
return 1 on success or 0 on error.
.Pp
.Fn ENGINE_set_init_function
and
.Fn ENGINE_set_finish_function
always return 1.
.Pp
.Fn ENGINE_get_init_function
and
.Fn ENGINE_get_finish_function
return a function pointer to the respective callback, or
.Dv NULL
if none is installed.
.Sh SEE ALSO
.Xr ENGINE_add 3 ,
.Xr ENGINE_ctrl 3 ,
.Xr ENGINE_get_default_RSA 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_default 3 ,
.Xr ENGINE_set_flags 3 ,
.Xr ENGINE_set_RSA 3 ,
.Xr ENGINE_unregister_RSA 3
.Sh HISTORY
These functions first appeared in OpenSSL 0.9.7
and have been available since
.Ox 2.9 .

276
lib/libcrypto/man/ENGINE_new.3
View File

@ -1,7 +1,6 @@
.\" $OpenBSD: ENGINE_new.3,v 1.5 2021/03/12 05:18:00 jsg Exp $
.\" content checked up to:
.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
.\" $OpenBSD: ENGINE_new.3,v 1.10 2023/11/19 21:13:47 tb Exp $
.\"
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -16,175 +15,160 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: March 12 2021 $
.Dd $Mdocdate: November 19 2023 $
.Dt ENGINE_NEW 3
.Os
.Sh NAME
.Nm ENGINE_new ,
.Nm ENGINE_up_ref ,
.Nm ENGINE_free ,
.Nm ENGINE_set_destroy_function ,
.Nm ENGINE_get_destroy_function
.Nd create and destroy ENGINE objects
.Nm ENGINE_init ,
.Nm ENGINE_finish ,
.Nm ENGINE_ctrl_cmd ,
.Nm ENGINE_ctrl_cmd_string ,
.Nm ENGINE_by_id ,
.Nm ENGINE_get_id ,
.Nm ENGINE_get_name ,
.Nm ENGINE_set_default ,
.Nm ENGINE_get_default_RSA ,
.Nm ENGINE_set_default_RSA ,
.Nm ENGINE_load_private_key ,
.Nm ENGINE_load_public_key ,
.Nm ENGINE_load_builtin_engines ,
.Nm ENGINE_load_dynamic ,
.Nm ENGINE_load_openssl ,
.Nm ENGINE_register_all_complete ,
.Nm ENGINE_cleanup
.Nd ENGINE stub functions
.Sh SYNOPSIS
.In openssl/engine.h
.Ft ENGINE *
.Fn ENGINE_new void
.Ft int
.Fo ENGINE_up_ref
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_free
.Fa "ENGINE *e"
.Fc
.Ft typedef int
.Fo (*ENGINE_GEN_INT_FUNC_PTR)
.Fa "ENGINE *e"
.Fa "ENGINE *engine"
.Fc
.Ft int
.Fo ENGINE_set_destroy_function
.Fa "ENGINE *e"
.Fa "ENGINE_GEN_INT_FUNC_PTR destroy_f"
.Fn ENGINE_init "ENGINE *engine"
.Ft int
.Fn ENGINE_finish "ENGINE *engine"
.Ft int
.Fo ENGINE_ctrl_cmd
.Fa "ENGINE *engine"
.Fa "const char *cmd_name"
.Fa "long i"
.Fa "void *p"
.Fa "void (*f)(void)"
.Fa "int cmd_optional"
.Fc
.Ft ENGINE_GEN_INT_FUNC_PTR
.Fo ENGINE_get_destroy_function
.Fa "const ENGINE *e"
.Ft int
.Fo ENGINE_ctrl_cmd_string
.Fa "ENGINE *engine"
.Fa "const char *cmd_name"
.Fa "const char *arg"
.Fa "int cmd_optional"
.Fc
.Ft ENGINE *
.Fn ENGINE_by_id "const char *id"
.Ft const char *
.Fn ENGINE_get_id "const ENGINE *engine"
.Ft const char *
.Fn ENGINE_get_name "const ENGINE *engine"
.Ft int
.Fn ENGINE_set_default "ENGINE *engine" "unsigned int flags"
.Ft ENGINE *
.Fn ENGINE_get_default_RSA "ENGINE *engine"
.Ft int
.Fn ENGINE_set_default_RSA "ENGINE *engine"
.Ft EVP_PKEY *
.Fo ENGINE_load_private_key
.Fa "ENGINE *engine"
.Fa "const char *key_id"
.Fa "UI_METHOD *ui_method"
.Fa "void *callback_data"
.Fc
.Ft EVP_PKEY *
.Fo ENGINE_load_public_key
.Fa "ENGINE *engine"
.Fa "const char *key_id"
.Fa "UI_METHOD *ui_method"
.Fa "void *callback_data"
.Fc
.Ft void
.Fn ENGINE_load_builtin_engines "void"
.Ft void
.Fn ENGINE_load_dynamic "void"
.Ft void
.Fn ENGINE_load_openssl "void"
.Ft int
.Fn ENGINE_register_all_complete "void"
.Ft void
.Fn ENGINE_cleanup "void"
.Sh DESCRIPTION
.Vt ENGINE
objects can be used to provide alternative implementations of
cryptographic algorithms, to support additional algorithms, to
support cryptographic hardware, and to switch among alternative
implementations of algorithms at run time.
LibreSSL generally avoids engines and prefers providing
cryptographic functionality in the crypto library itself.
objects used to provide alternative implementations of
cryptographic algorithms, for example using specialized hardware.
LibreSSL no longer supports this feature.
.Pp
.Fn ENGINE_new
allocates and initializes an empty
All functions in this manual ignore all their arguments and
do nothing except return failure if possible.
They are provided only to avoid patching software that expects
.Vt ENGINE
object and sets its structural reference count to 1
and its functional reference count to 0.
For more information about the functional reference count, see the
.Xr ENGINE_init 3
manual page.
.Pp
Many functions increment the structural reference count by 1
when successful.
Some of them, including
.Xr ENGINE_get_first 3 ,
.Xr ENGINE_get_last 3 ,
.Xr ENGINE_get_next 3 ,
.Xr ENGINE_get_prev 3 ,
and
.Xr ENGINE_by_id 3 ,
do so because they return a structural reference to the user.
Other functions, including
.Xr ENGINE_add 3 ,
.Xr ENGINE_init 3 ,
.Xr ENGINE_get_cipher_engine 3 ,
.Xr ENGINE_get_digest_engine 3 ,
and the
.Xr ENGINE_get_default_RSA 3
and
.Xr ENGINE_set_default 3
families of functions
do so when they store a structural reference internally.
.Pp
.Fn ENGINE_up_ref
explicitly increment the structural reference count by 1.
.Pp
.Fn ENGINE_free
decrements the structural reference count by 1,
and if it reaches 0, the optional
.Fa destroy_f
previously installed with
.Fn ENGINE_set_destroy_function
is called, if one is installed, and both the memory used internally by
.Fa e
and
.Fa e
itself are freed.
If
.Fa e
is a
.Dv NULL
pointer, no action occurs.
.Pp
Many functions internally call the equivalent of
.Fn ENGINE_free .
Some of them, including
.Xr ENGINE_get_next 3
and
.Xr ENGINE_get_prev 3 ,
thus invalidate the structural reference passed in by the user.
Other functions, including
.Xr ENGINE_finish 3 ,
.Xr ENGINE_remove 3 ,
and the
.Xr ENGINE_set_default 3
family of functions
do so when an internally stored structural reference is no longer needed.
.Pp
.Fn ENGINE_set_destroy_function
installs a callback function that will be called by
.Fn ENGINE_free ,
but only when
.Fa e
actually gets destroyed,
not when only its reference count gets decremented.
The value returned from the
.Fa destroy_f
will be ignored.
support to be available.
.Sh RETURN VALUES
.Fn ENGINE_new
returns a structural reference to the new
.Vt ENGINE
object or
.Dv NULL
if an error occurs.
.Pp
.Fn ENGINE_up_ref
returns 0 if
.Fa e
is
.Dv NULL
and 1 otherwise.
.Pp
.Fn ENGINE_free
.Fn ENGINE_new ,
.Fn ENGINE_by_id ,
.Fn ENGINE_get_default_RSA ,
.Fn ENGINE_load_private_key ,
and
.Fn ENGINE_set_destroy_function
always return 1.
.Fn ENGINE_load_public_key
always return
.Dv NULL .
.Pp
.Fn ENGINE_get_destroy_function
returns a function pointer to the callback, or
.Dv NULL
if none is installed.
.Fn ENGINE_free ,
.Fn ENGINE_init ,
.Fn ENGINE_finish ,
.Fn ENGINE_ctrl_cmd ,
.Fn ENGINE_ctrl_cmd_string ,
.Fn ENGINE_set_default ,
.Fn ENGINE_set_default_RSA ,
and
.Fn ENGINE_register_all_complete
always return 0.
.Pp
.Fn ENGINE_get_id
and
.Fn ENGINE_get_name
always return the constant empty string.
.Sh SEE ALSO
.Xr crypto 3 ,
.Xr ENGINE_add 3 ,
.Xr ENGINE_ctrl 3 ,
.Xr ENGINE_get_default_RSA 3 ,
.Xr ENGINE_init 3 ,
.Xr ENGINE_register_all_RSA 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_default 3 ,
.Xr ENGINE_set_flags 3 ,
.Xr ENGINE_set_RSA 3 ,
.Xr ENGINE_unregister_RSA 3
.Xr crypto 3
.Sh HISTORY
.Fn ENGINE_new
.Fn ENGINE_new ,
.Fn ENGINE_free ,
.Fn ENGINE_init ,
.Fn ENGINE_finish ,
.Fn ENGINE_by_id ,
.Fn ENGINE_get_id ,
.Fn ENGINE_get_name ,
.Fn ENGINE_set_default ,
.Fn ENGINE_get_default_RSA ,
.Fn ENGINE_set_default_RSA ,
.Fn ENGINE_load_private_key ,
and
.Fn ENGINE_free
first appeared in OpenSSL 0.9.7 and have been available since
.Fn ENGINE_load_public_key
first appeared in OpenSSL 0.9.7
and have been available since
.Ox 2.9 .
.Pp
.Fn ENGINE_set_destroy_function
.Fn ENGINE_ctrl_cmd ,
.Fn ENGINE_ctrl_cmd_string ,
.Fn ENGINE_load_builtin_engines ,
.Fn ENGINE_load_openssl ,
.Fn ENGINE_register_all_complete ,
and
.Fn ENGINE_get_destroy_function
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .
.Pp
.Fn ENGINE_up_ref
first appeared in OpenSSL 0.9.7 and has been available since
.Fn ENGINE_cleanup
first appeared in OpenSSL 0.9.7
and have been available since
.Ox 3.4 .
.Pp
All these functions were turned into stubs in
.Ox 7.4 .

142
lib/libcrypto/man/ENGINE_register_RSA.3
View File

@ -1,142 +0,0 @@
.\" $OpenBSD: ENGINE_register_RSA.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $
.\" content checked up to:
.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: April 18 2018 $
.Dt ENGINE_REGISTER_RSA 3
.Os
.Sh NAME
.Nm ENGINE_register_RSA ,
.Nm ENGINE_register_DSA ,
.Nm ENGINE_register_ECDH ,
.Nm ENGINE_register_ECDSA ,
.Nm ENGINE_register_DH ,
.Nm ENGINE_register_RAND ,
.Nm ENGINE_register_STORE ,
.Nm ENGINE_register_ciphers ,
.Nm ENGINE_register_digests ,
.Nm ENGINE_register_complete
.Nd register an ENGINE as implementing an algorithm
.Sh SYNOPSIS
.In openssl/engine.h
.Ft int
.Fo ENGINE_register_RSA
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_register_DSA
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_register_ECDH
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_register_ECDSA
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_register_DH
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_register_RAND
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_register_STORE
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_register_ciphers
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_register_digests
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_register_complete
.Fa "ENGINE *e"
.Fc
.Sh DESCRIPTION
In addition to the global table described in
.Xr ENGINE_add 3 ,
the crypto library maintains several tables containing references to
.Vt ENGINE
objects implementing one specific cryptographic algorithm.
.Pp
The functions listed in the present manual page append
.Fa e
to the end of the table for the respective algorithm.
.Pp
If
.Fa e
does not contain a method for the requested algorithm,
these functions succeed without having any effect.
.Pp
If
.Fa e
is already registered for the given algorithm,
they move it to the end of the respective table.
.Pp
.Fn ENGINE_register_ciphers
and
.Fn ENGINE_register_digests
are special in so far as an engine may implement
more than one cipher or more than one digest.
In that case,
.Fa e
is registered for all the ciphers or digests it implements.
.Pp
.Fn ENGINE_register_complete
registers
.Fa e
for all algorithms it implements by calling all the other functions.
.Sh RETURN VALUES
These functions return 1 on success or 0 on error.
They only fail if insufficient memory is available.
.Sh SEE ALSO
.Xr ENGINE_add 3 ,
.Xr ENGINE_get_default_RSA 3 ,
.Xr ENGINE_init 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_all_RSA 3 ,
.Xr ENGINE_set_default 3 ,
.Xr ENGINE_set_RSA 3 ,
.Xr ENGINE_unregister_RSA 3
.Sh HISTORY
.Fn ENGINE_register_RSA ,
.Fn ENGINE_register_DSA ,
.Fn ENGINE_register_DH ,
.Fn ENGINE_register_RAND ,
.Fn ENGINE_register_ciphers ,
.Fn ENGINE_register_digests ,
and
.Fn ENGINE_register_complete
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .
.Pp
.Fn ENGINE_register_ECDH ,
.Fn ENGINE_register_ECDSA ,
and
.Fn ENGINE_register_STORE
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .
.Sh BUGS
.Fn ENGINE_register_complete
ignores all errors, even memory allocation failure, and always returns 1.

123
lib/libcrypto/man/ENGINE_register_all_RSA.3
View File

@ -1,123 +0,0 @@
.\" $OpenBSD: ENGINE_register_all_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $
.\" content checked up to:
.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: April 18 2018 $
.Dt ENGINE_REGISTER_ALL_RSA 3
.Os
.Sh NAME
.Nm ENGINE_register_all_RSA ,
.Nm ENGINE_register_all_DSA ,
.Nm ENGINE_register_all_ECDH ,
.Nm ENGINE_register_all_ECDSA ,
.Nm ENGINE_register_all_DH ,
.Nm ENGINE_register_all_RAND ,
.Nm ENGINE_register_all_STORE ,
.Nm ENGINE_register_all_ciphers ,
.Nm ENGINE_register_all_digests ,
.Nm ENGINE_register_all_complete ,
.Nm ENGINE_load_builtin_engines ,
.Nm ENGINE_load_dynamic
.Nd register all engines as implementing an algorithm
.Sh SYNOPSIS
.In openssl/engine.h
.Ft void
.Fn ENGINE_register_all_RSA void
.Ft void
.Fn ENGINE_register_all_DSA void
.Ft void
.Fn ENGINE_register_all_ECDH void
.Ft void
.Fn ENGINE_register_all_ECDSA void
.Ft void
.Fn ENGINE_register_all_DH void
.Ft void
.Fn ENGINE_register_all_RAND void
.Ft void
.Fn ENGINE_register_all_STORE void
.Ft void
.Fn ENGINE_register_all_ciphers void
.Ft void
.Fn ENGINE_register_all_digests void
.Ft int
.Fn ENGINE_register_all_complete void
.Ft void
.Fn ENGINE_load_builtin_engines void
.Ft void
.Fn ENGINE_load_dynamic void
.Sh DESCRIPTION
These functions loop over all the
.Vt ENGINE
objects contained in the global table described in the
.Xr ENGINE_add 3
manual page.
They register each object for the respective algorithm
by calling the corresponding function described in
.Xr ENGINE_register_RSA 3 .
.Pp
.Fn ENGINE_register_all_complete
calls
.Fn ENGINE_register_complete
in this way, except that it skips those
.Vt ENGINE
objects that have the
.Dv ENGINE_FLAGS_NO_REGISTER_ALL
flag set with
.Xr ENGINE_set_flags 3 .
.Pp
.Fn ENGINE_load_builtin_engines
calls
.Xr OPENSSL_init_crypto 3
with no options, loads any built-in engines
that are enabled by default, and calls
.Fn ENGINE_register_all_complete .
Currently, LibreSSL does not provide any engines.
.Sy GOST
and
.Sy aesni
support is provided by the crypto library itself
and does not require any engines, not even built-in ones.
.Pp
.Fn ENGINE_load_dynamic
has no effect and is only provided for compatibility.
.Sh SEE ALSO
.Xr ENGINE_add 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_flags 3 ,
.Xr OPENSSL_config 3 ,
.Xr OPENSSL_init_crypto 3
.Sh HISTORY
.Fn ENGINE_register_all_RSA ,
.Fn ENGINE_register_all_DSA ,
.Fn ENGINE_register_all_DH ,
.Fn ENGINE_register_all_RAND ,
.Fn ENGINE_register_all_ciphers ,
.Fn ENGINE_register_all_digests ,
.Fn ENGINE_register_all_complete ,
.Fn ENGINE_load_builtin_engines ,
and
.Fn ENGINE_load_dynamic
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .
.Pp
.Fn ENGINE_register_all_ECDH ,
.Fn ENGINE_register_all_ECDSA ,
and
.Fn ENGINE_register_all_STORE
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .

317
lib/libcrypto/man/ENGINE_set_RSA.3
View File

@ -1,317 +0,0 @@
.\" $OpenBSD: ENGINE_set_RSA.3,v 1.7 2023/07/21 04:29:27 tb Exp $
.\" content checked up to:
.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 21 2023 $
.Dt ENGINE_SET_RSA 3
.Os
.Sh NAME
.Nm ENGINE_set_RSA ,
.Nm ENGINE_get_RSA ,
.Nm ENGINE_set_DSA ,
.Nm ENGINE_get_DSA ,
.Nm ENGINE_set_EC ,
.Nm ENGINE_get_EC ,
.Nm ENGINE_set_DH ,
.Nm ENGINE_get_DH ,
.Nm ENGINE_set_RAND ,
.Nm ENGINE_get_RAND ,
.Nm ENGINE_set_STORE ,
.Nm ENGINE_get_STORE ,
.Nm ENGINE_set_ciphers ,
.Nm ENGINE_get_ciphers ,
.Nm ENGINE_get_cipher ,
.Nm ENGINE_set_digests ,
.Nm ENGINE_get_digests ,
.Nm ENGINE_get_digest
.Nd install and retrieve function tables of crypto engines
.Sh SYNOPSIS
.In openssl/engine.h
.Ft int
.Fo ENGINE_set_RSA
.Fa "ENGINE *e"
.Fa "const RSA_METHOD *rsa_meth"
.Fc
.Ft const RSA_METHOD *
.Fo ENGINE_get_RSA
.Fa "const ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_DSA
.Fa "ENGINE *e"
.Fa "const DSA_METHOD *dsa_meth"
.Fc
.Ft const DSA_METHOD *
.Fo ENGINE_get_DSA
.Fa "const ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_EC
.Fa "ENGINE *e"
.Fa "const EC_KEY_METHOD *ec_meth"
.Fc
.Ft const EC_KEY_METHOD *
.Fo ENGINE_get_EC
.Fa "const ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_DH
.Fa "ENGINE *e"
.Fa "const DH_METHOD *dh_meth"
.Fc
.Ft const DH_METHOD *
.Fo ENGINE_get_DH
.Fa "const ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_RAND
.Fa "ENGINE *e"
.Fa "const RAND_METHOD *rand_meth"
.Fc
.Ft const RAND_METHOD *
.Fo ENGINE_get_RAND
.Fa "const ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_STORE
.Fa "ENGINE *e"
.Fa "const STORE_METHOD *rand_meth"
.Fc
.Ft const STORE_METHOD *
.Fo ENGINE_get_STORE
.Fa "const ENGINE *e"
.Fc
.Ft typedef int
.Fo (*ENGINE_CIPHERS_PTR)
.Fa "ENGINE *e"
.Fa "const EVP_CIPHER **impl"
.Fa "const int **nids"
.Fa "int nid"
.Fc
.Ft int
.Fo ENGINE_set_ciphers
.Fa "ENGINE *e"
.Fa "ENGINE_CIPHERS_PTR f"
.Fc
.Ft ENGINE_CIPHERS_PTR
.Fo ENGINE_get_ciphers
.Fa "const ENGINE *e"
.Fc
.Ft const EVP_CIPHER *
.Fo ENGINE_get_cipher
.Fa "ENGINE *e"
.Fa "int nid"
.Fc
.Ft typedef int
.Fo (*ENGINE_DIGESTS_PTR)
.Fa "ENGINE *e"
.Fa "const EVP_MD **impl"
.Fa "const int **nids"
.Fa "int nid"
.Fc
.Ft int
.Fo ENGINE_set_digests
.Fa "ENGINE *e"
.Fa "ENGINE_DIGESTS_PTR f"
.Fc
.Ft ENGINE_DIGESTS_PTR
.Fo ENGINE_get_digests
.Fa "const ENGINE *e"
.Fc
.Ft const EVP_MD *
.Fo ENGINE_get_digest
.Fa "ENGINE *e"
.Fa "int nid"
.Fc
.Sh DESCRIPTION
The
.Fn ENGINE_set_*
functions install a table of function pointers
implementing the respective algorithm in
.Fa e .
Partial information about the various method objects is available from
.Xr RSA_meth_new 3 ,
.Xr RSA_get_default_method 3 ,
.Xr DSA_meth_new 3 ,
.Xr DSA_get_default_method 3 ,
.Xr EC_KEY_get_default_method 3 ,
.Xr DH_get_default_method 3 ,
.Xr RAND_get_rand_method 3 ,
.Xr EVP_get_cipherbynid 3 ,
and
.Xr EVP_get_digestbynid 3 .
.Vt STORE_METHOD
is an incomplete type, and the pointers to it are not used for anything.
For complete descriptions of these types,
refer to the respective header files.
.Pp
The functions described in the
.Xr ENGINE_register_RSA 3
and
.Xr ENGINE_set_default 3
manual pages only have an effect after function pointers
were installed using the functions described here.
.Pp
.Fn ENGINE_set_ciphers
and
.Fn ENGINE_set_digests
are special in so far as the
.Vt ENGINE
structure does not provide fields to store function pointers
implementing ciphers or digests.
Instead, these two functions only install a callback to
retrieve implementations.
Where the pointers to the implementations are stored internally,
how they get initialized, and how the
.Vt ENGINE_CIPHERS_PTR
and
.Vt ENGINE_DIGESTS_PTR
callbacks retrieve them
is up to the implementation of each individual engine.
.Pp
If the
.Vt ENGINE_CIPHERS_PTR
and
.Vt ENGINE_DIGESTS_PTR
callbacks are called with a non-zero
.Fa nid ,
they retrieve the implementation of that cipher or digest,
respectively.
In this case, a
.Dv NULL
pointer can be passed as the
.Fa nids
argument.
.Fn ENGINE_get_cipher
and
.Fn ENGINE_get_digest
call the callbacks installed in
.Fa e
in this way.
.Pp
If 0 is passed as the
.Fa nid
argument, an internal pointer
to the array of implementations available in
.Fa e
is returned in
.Pf * Fa impl ,
and an internal pointer
to the array of corresponding identifiers in
.Pf * Fa nids .
The return value of the callback indicates
the number of implementations returned.
.Pp
The
.Fn ENGINE_get_*
functions retrieve the previously installed function tables.
They are used when constructing basic cryptographic objects
as shown in the following table:
.Bl -column "ENGINE_get_digestMM"
.It Accessor: Ta Called by:
.It Fn ENGINE_get_RSA Ta Xr RSA_new_method 3 , Xr RSA_new 3
.It Fn ENGINE_get_DSA Ta Xr DSA_new_method 3 , Xr DSA_new 3
.It Fn ENGINE_get_EC Ta Xr EC_KEY_new_method 3 , Xr EC_KEY_new 3 ,
.Xr EC_KEY_new_by_curve_name 3
.It Fn ENGINE_get_DH Ta Xr DH_new_method 3 , Xr DH_new 3
.It Fn ENGINE_get_RAND Ta unused
.It Fn ENGINE_get_STORE Ta unused
.It Fn ENGINE_get_cipher Ta Xr EVP_CipherInit_ex 3
.It Fn ENGINE_get_digest Ta Xr EVP_DigestInit_ex 3
.El
.Sh RETURN VALUES
The
.Fn ENGINE_set_*
functions return 1 on success or 0 on error.
Currently, they cannot fail.
.Pp
The
.Fn ENGINE_get_*
functions return a method object for the respective algorithm, or
.Dv NULL
if none is installed.
.Pp
.Fn ENGINE_get_ciphers
and
.Fn ENGINE_get_digests
return a function pointer to the respective callback, or
.Dv NULL
if none is installed.
.Pp
.Fn ENGINE_get_cipher
returns an
.Vt EVP_CIPHER
object implementing the cipher
.Fa nid
or
.Dv NULL
if
.Fa e
does not implement that cipher.
.Pp
.Fn ENGINE_get_digest
returns an
.Vt EVP_MD
object implementing the digest
.Fa nid
or
.Dv NULL
if
.Fa e
does not implement that digest.
.Sh SEE ALSO
.Xr DSA_new 3 ,
.Xr ENGINE_ctrl 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_default 3 ,
.Xr ENGINE_set_flags 3 ,
.Xr EVP_DigestInit 3 ,
.Xr EVP_EncryptInit 3 ,
.Xr RSA_new 3
.Sh HISTORY
.Fn ENGINE_set_RSA ,
.Fn ENGINE_get_RSA ,
.Fn ENGINE_set_DSA ,
.Fn ENGINE_get_DSA ,
.Fn ENGINE_set_DH ,
.Fn ENGINE_get_DH ,
.Fn ENGINE_set_RAND ,
.Fn ENGINE_get_RAND ,
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 2.9 .
.Pp
.Fn ENGINE_set_ciphers ,
.Fn ENGINE_get_ciphers ,
.Fn ENGINE_get_cipher ,
.Fn ENGINE_set_digests ,
.Fn ENGINE_get_digests ,
and
.Fn ENGINE_get_digest
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .
.Pp
.Fn ENGINE_set_STORE
and
.Fn ENGINE_get_STORE
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .
.Fn ENGINE_set_EC
and
.Fn ENGINE_get_EC
first appeared in OpenSSL 1.1.0 and have been available since
.Ox 6.5 .

186
lib/libcrypto/man/ENGINE_set_default.3
View File

@ -1,186 +0,0 @@
.\" $OpenBSD: ENGINE_set_default.3,v 1.4 2019/06/03 14:43:15 schwarze Exp $
.\" content checked up to:
.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: June 3 2019 $
.Dt ENGINE 3
.Os
.Sh NAME
.Nm ENGINE_set_default ,
.Nm ENGINE_set_default_string ,
.Nm ENGINE_set_default_RSA ,
.Nm ENGINE_set_default_DSA ,
.Nm ENGINE_set_default_ECDH ,
.Nm ENGINE_set_default_ECDSA ,
.Nm ENGINE_set_default_DH ,
.Nm ENGINE_set_default_RAND ,
.Nm ENGINE_set_default_ciphers ,
.Nm ENGINE_set_default_digests
.Nd register an ENGINE as the default for an algorithm
.Sh SYNOPSIS
.In openssl/engine.h
.Ft int
.Fo ENGINE_set_default_RSA
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_DSA
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_ECDH
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_ECDSA
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_DH
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_RAND
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_ciphers
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default_digests
.Fa "ENGINE *e"
.Fc
.Ft int
.Fo ENGINE_set_default
.Fa "ENGINE *e"
.Fa "unsigned int flags"
.Fc
.Ft int
.Fo ENGINE_set_default_string
.Fa "ENGINE *e"
.Fa "const char *list"
.Fc
.Sh DESCRIPTION
These functions register
.Fa e
as implementing the respective algorithm
like the functions described in the
.Xr ENGINE_register_RSA 3
manual page do it.
In addition, they call
.Xr ENGINE_init 3
on
.Fa e
and select
.Fa e
as the default implementation of the respective algorithm to be
returned by the functions described in
.Xr ENGINE_get_default_RSA 3
in the future.
If another engine was previously selected
as the default implementation of the respective algorithm,
.Xr ENGINE_finish 3
is called on that previous engine.
.Pp
If
.Fa e
implements more than one cipher or digest,
.Fn ENGINE_set_default_ciphers
and
.Fn ENGINE_set_default_digests
register and select it for all these ciphers and digests, respectively.
.Pp
.Fn ENGINE_set_default
registers
.Fa e
as the default implementation of all algorithms specified by the
.Fa flags
by calling the appropriate ones among the other functions.
Algorithms can be selected by combining any number of the
following constants with bitwise OR:
.Dv ENGINE_METHOD_ALL ,
.Dv ENGINE_METHOD_RSA ,
.Dv ENGINE_METHOD_DSA ,
.Dv ENGINE_METHOD_ECDH ,
.Dv ENGINE_METHOD_ECDSA ,
.Dv ENGINE_METHOD_DH ,
.Dv ENGINE_METHOD_RAND ,
.Dv ENGINE_METHOD_CIPHERS ,
.Dv ENGINE_METHOD_DIGESTS ,
.Dv ENGINE_METHOD_PKEY_METHS ,
and
.Dv ENGINE_METHOD_PKEY_ASN1_METHS .
.Pp
.Fn ENGINE_set_default_string
is similar except that it selects the algorithms according to the string
.Fa def_list ,
which contains an arbitrary number of comma-separated keywords from
the following list: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS,
DIGESTS, PKEY_CRYPTO, PKEY_ASN1, and PKEY.
PKEY_CRYPTO corresponds to
.Dv ENGINE_METHOD_PKEY_METHS ,
PKEY_ASN1 to
.Dv ENGINE_METHOD_PKEY_ASN1_METHS ,
and PKEY selects both.
.Sh RETURN VALUES
These functions return 1 on success or 0 on error.
They fail if
.Xr ENGINE_init 3
fails or if insufficient memory is available.
.Sh SEE ALSO
.Xr ENGINE_get_default_RSA 3 ,
.Xr ENGINE_init 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_RSA 3 ,
.Xr ENGINE_unregister_RSA 3
.Sh HISTORY
.Fn ENGINE_set_default ,
.Fn ENGINE_set_default_RSA ,
.Fn ENGINE_set_default_DSA ,
.Fn ENGINE_set_default_DH ,
and
.Fn ENGINE_set_default_RAND
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 2.9 .
.Pp
.Fn ENGINE_set_default_string ,
.Fn ENGINE_set_default_ciphers ,
and
.Fn ENGINE_set_default_digests
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .
.Pp
.Fn ENGINE_set_default_ECDH
and
.Fn ENGINE_set_default_ECDSA
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .
.Sh CAVEATS
Failure of
.Xr ENGINE_finish 3
is ignored.
.Sh BUGS
Even when
.Fn ENGINE_set_default
or
.Fn ENGINE_set_default_string
fail, they typically still register
.Fa e
for some algorithms, but usually not for all it could be registered
for by calling the individual functions.

92
lib/libcrypto/man/ENGINE_set_flags.3
View File

@ -1,92 +0,0 @@
.\" $OpenBSD: ENGINE_set_flags.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $
.\" content checked up to:
.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: April 18 2018 $
.Dt ENGINE_SET_FLAGS 3
.Os
.Sh NAME
.Nm ENGINE_set_flags ,
.Nm ENGINE_get_flags
.Nd modify the behaviour of an ENGINE object
.Sh SYNOPSIS
.In openssl/engine.h
.Ft int
.Fo ENGINE_set_flags
.Fa "ENGINE *e"
.Fa "int flags"
.Fc
.Ft int
.Fo ENGINE_get_flags
.Fa "const ENGINE *e"
.Fc
.Sh DESCRIPTION
.Fn ENGINE_set_flags
sets the flags attribute of
.Fa e
to the new
.Fa flags .
The previous state of the flags attribute is overwritten.
Flags that were previously set are cleared
unless they are also present in the new
.Fa flags .
.Pp
The
.Fa flags
argument can be the bitwise OR of zero or more
of the following constants:
.Bl -tag -width Ds
.It Dv ENGINE_FLAGS_BY_ID_COPY
.Xr ENGINE_by_id 3
returns a shallow copy of the
.Vt ENGINE
object it found rather than incrementing the reference count
and returning a pointer to the original.
.It Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
.Xr ENGINE_ctrl 3
lets the function installed with
.Xr ENGINE_set_ctrl_function 3
handle all commands except
.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION ,
even the builtin commands.
.It Dv ENGINE_FLAGS_NO_REGISTER_ALL
.Xr ENGINE_register_all_complete 3
skips
.Fa e .
.El
.Sh RETURN VALUES
.Fn ENGINE_set_flags
always returns 1.
.Pp
.Fn ENGINE_get_flags
returns the
.Fa flags
attribute of
.Fa e .
.Sh SEE ALSO
.Xr ENGINE_by_id 3 ,
.Xr ENGINE_ctrl 3 ,
.Xr ENGINE_init 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_all_complete 3 ,
.Xr ENGINE_set_RSA 3
.Sh HISTORY
.Fn ENGINE_set_flags
and
.Fn ENGINE_get_flags
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .

119
lib/libcrypto/man/ENGINE_unregister_RSA.3
View File

@ -1,119 +0,0 @@
.\" $OpenBSD: ENGINE_unregister_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $
.\" content checked up to:
.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: April 18 2018 $
.Dt ENGINE_UNREGISTER_RSA 3
.Os
.Sh NAME
.Nm ENGINE_unregister_RSA ,
.Nm ENGINE_unregister_DSA ,
.Nm ENGINE_unregister_ECDH ,
.Nm ENGINE_unregister_ECDSA ,
.Nm ENGINE_unregister_DH ,
.Nm ENGINE_unregister_RAND ,
.Nm ENGINE_unregister_STORE ,
.Nm ENGINE_unregister_ciphers ,
.Nm ENGINE_unregister_digests
.Nd revoke the registration of an ENGINE object
.Sh SYNOPSIS
.In openssl/engine.h
.Ft void
.Fo ENGINE_unregister_RSA
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_DSA
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_ECDH
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_ECDSA
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_DH
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_RAND
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_STORE
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_ciphers
.Fa "ENGINE *e"
.Fc
.Ft void
.Fo ENGINE_unregister_digests
.Fa "ENGINE *e"
.Fc
.Sh DESCRIPTION
These functions remove
.Fa e
from the list of
.Vt ENGINE
objects that were previously registered for the respective algorithm
with the functions described in
.Xr ENGINE_register_RSA 3 .
.Pp
If
.Fa e
is currently used as the default engine for the algorithm
as described in the
.Fn ENGINE_set_default 3
and
.Fn ENGINE_get_default_RSA 3
manual pages,
.Xr ENGINE_finish 3
is also called.
.Pp
.Fn ENGINE_unregister_ciphers
and
.Fn ENGINE_unregister_digests
unregister
.Fa e
for all ciphers or digests, respectively.
.Sh SEE ALSO
.Xr ENGINE_cleanup 3 ,
.Xr ENGINE_finish 3 ,
.Xr ENGINE_new 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_default 3
.Sh HISTORY
.Fn ENGINE_unregister_RSA ,
.Fn ENGINE_unregister_DSA ,
.Fn ENGINE_unregister_DH ,
.Fn ENGINE_unregister_RAND ,
.Fn ENGINE_unregister_ciphers ,
and
.Fn ENGINE_unregister_digests
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .
.Pp
.Fn ENGINE_unregister_ECDH ,
.Fn ENGINE_unregister_ECDSA ,
and
.Fn ENGINE_unregister_STORE
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .

7
lib/libcrypto/man/EVP_OpenInit.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_OpenInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $
.\" $OpenBSD: EVP_OpenInit.3,v 1.9 2023/11/16 20:27:43 schwarze Exp $
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 7 2019 $
.Dd $Mdocdate: November 16 2023 $
.Dt EVP_OPENINIT 3
.Os
.Sh NAME
@ -131,6 +131,9 @@ parameter is a variable length cipher then the key length will be set to
the value of the recovered key length.
If the cipher is a fixed length cipher then the recovered key length
must match the fixed cipher length.
.Pp
.Fn EVP_OpenUpdate
is implemented as a macro.
.Sh RETURN VALUES
.Fn EVP_OpenInit
returns 0 on error or a non-zero integer (actually the recovered secret

10
lib/libcrypto/man/EVP_PKEY_encrypt.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.8 2023/05/14 09:29:37 tb Exp $
.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.9 2023/11/19 10:09:27 tb Exp $
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: May 14 2023 $
.Dd $Mdocdate: November 19 2023 $
.Dt EVP_PKEY_ENCRYPT 3
.Os
.Sh NAME
@ -138,17 +138,15 @@ to start with the default OpenSSL RSA implementation:
.Bd -literal -offset indent
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>
EVP_PKEY_CTX *ctx;
ENGINE *eng;
unsigned char *out, *in;
size_t outlen, inlen;
EVP_PKEY *key;
/* NB: assumes eng, key in, inlen are already set up
/* NB: assumes that key, in, inlen are already set up
* and that key is an RSA public key
*/
ctx = EVP_PKEY_CTX_new(key, eng);
ctx = EVP_PKEY_CTX_new(key, NULL);
if (!ctx)
/* Error occurred */
if (EVP_PKEY_encrypt_init(ctx) <= 0)

7
lib/libcrypto/man/EVP_SealInit.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_SealInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $
.\" $OpenBSD: EVP_SealInit.3,v 1.9 2023/11/16 20:27:43 schwarze Exp $
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 7 2019 $
.Dd $Mdocdate: November 16 2023 $
.Dt EVP_SEALINIT 3
.Os
.Sh NAME
@ -162,6 +162,9 @@ set to 0 and (after setting any cipher parameters) it should be called
again with
.Fa type
set to NULL.
.Pp
.Fn EVP_SealUpdate
is implemented as a macro.
.Sh RETURN VALUES
.Fn EVP_SealInit
returns 0 on error or

10
lib/libcrypto/man/EVP_SignInit.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_SignInit.3,v 1.16 2022/07/13 19:10:40 schwarze Exp $
.\" $OpenBSD: EVP_SignInit.3,v 1.17 2023/11/16 20:27:43 schwarze Exp $
.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
.\"
@ -50,7 +50,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 13 2022 $
.Dd $Mdocdate: November 16 2023 $
.Dt EVP_SIGNINIT 3
.Os
.Sh NAME
@ -157,6 +157,12 @@ Since only a copy of the digest context is ever finalized, the context
must be cleaned up after use by calling
.Xr EVP_MD_CTX_free 3
or a memory leak will occur.
.Pp
.Fn EVP_SignInit_ex ,
.Fn EVP_SignUpdate ,
and
.Fn EVP_SignInit
are implemented as macros.
.Sh RETURN VALUES
.Fn EVP_SignInit_ex ,
.Fn EVP_SignUpdate ,

10
lib/libcrypto/man/EVP_VerifyInit.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_VerifyInit.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $
.\" $OpenBSD: EVP_VerifyInit.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $
.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
.\"
@ -50,7 +50,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 10 2019 $
.Dd $Mdocdate: November 16 2023 $
.Dt EVP_VERIFYINIT 3
.Os
.Sh NAME
@ -147,6 +147,12 @@ Since only a copy of the digest context is ever finalized, the context
must be cleaned up after use by calling
.Xr EVP_MD_CTX_free 3 ,
or a memory leak will occur.
.Pp
.Fn EVP_VerifyInit_ex ,
.Fn EVP_VerifyUpdate ,
and
.Fn EVP_VerifyInit
are implemented as macros.
.Sh RETURN VALUES
.Fn EVP_VerifyInit_ex
and

7
lib/libcrypto/man/EVP_aes_128_cbc.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.4 2020/06/24 18:15:00 jmc Exp $
.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.5 2023/11/16 20:27:43 schwarze Exp $
.\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000
.\"
.\" This file was written by Ronald Tse <ronald.tse@ribose.com>
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 24 2020 $
.Dd $Mdocdate: November 16 2023 $
.Dt EVP_AES_128_CBC 3
.Os
.Sh NAME
@ -205,7 +205,8 @@ are aliases for
.Fn EVP_aes_128_cfb128 ,
.Fn EVP_aes_192_cfb128 ,
and
.Fn EVP_aes_256_cfb128 .
.Fn EVP_aes_256_cfb128 ,
implemented as macros.
.Pp
.Fn EVP_aes_128_cbc_hmac_sha1
and

7
lib/libcrypto/man/EVP_sm4_cbc.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_sm4_cbc.3,v 1.1 2019/03/18 05:56:24 schwarze Exp $
.\" $OpenBSD: EVP_sm4_cbc.3,v 1.2 2023/11/16 20:27:43 schwarze Exp $
.\" full merge up to: OpenSSL 87103969 Oct 1 14:11:57 2018 -0700
.\"
.\" Copyright (c) 2017 Ribose Inc
@ -18,7 +18,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: March 18 2019 $
.Dd $Mdocdate: November 16 2023 $
.Dt EVP_SM4_CBC 3
.Os
.Sh NAME
@ -53,7 +53,8 @@ bits.
.Pp
.Fn EVP_sm4_cfb
is an alias for
.Fn EVP_sm4_cfb128 .
.Fn EVP_sm4_cfb128 ,
implemented as a macro.
.Pp
With an argument of
.Qq sm4

12
lib/libcrypto/man/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.276 2023/09/29 08:57:49 tb Exp $
# $OpenBSD: Makefile,v 1.277 2023/11/19 10:36:14 tb Exp $
.include <bsd.own.mk>
@ -140,17 +140,7 @@ MAN= \
EC_KEY_new.3 \
EC_POINT_add.3 \
EC_POINT_new.3 \
ENGINE_add.3 \
ENGINE_ctrl.3 \
ENGINE_get_default_RSA.3 \
ENGINE_init.3 \
ENGINE_new.3 \
ENGINE_register_RSA.3 \
ENGINE_register_all_RSA.3 \
ENGINE_set_RSA.3 \
ENGINE_set_default.3 \
ENGINE_set_flags.3 \
ENGINE_unregister_RSA.3 \
ERR.3 \
ERR_GET_LIB.3 \
ERR_asprintf_error_data.3 \

6
lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.12 2019/06/06 01:06:58 schwarze Exp $
.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.13 2023/11/16 20:17:04 schwarze Exp $
.\" full merge up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800
.\"
.\" This file is a derived work.
@ -68,7 +68,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 6 2019 $
.Dd $Mdocdate: November 16 2023 $
.Dt OPENSSL_VERSION_NUMBER 3
.Os
.Sh NAME
@ -217,7 +217,7 @@ is an alias for
and
.Fn SSLeay
for
.Dv OpenSSL_version_num .
.Fn OpenSSL_version_num .
The legacy function
.Fn SSLeay_version
is similar to

9
lib/libcrypto/man/OPENSSL_config.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: OPENSSL_config.3,v 1.15 2019/06/14 13:41:31 schwarze Exp $
.\" $OpenBSD: OPENSSL_config.3,v 1.16 2023/11/19 21:01:27 tb Exp $
.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 14 2019 $
.Dd $Mdocdate: November 19 2023 $
.Dt OPENSSL_CONFIG 3
.Os
.Sh NAME
@ -117,10 +117,9 @@ To use a non-standard configuration file, refer to
Internally,
.Fn OPENSSL_config
calls
.Xr OPENSSL_init_crypto 3 ,
.Xr OPENSSL_load_builtin_modules 3 ,
.Xr OPENSSL_init_crypto 3
and
.Xr ENGINE_load_builtin_engines 3 .
.Xr OPENSSL_load_builtin_modules 3 .
.Pp
If an application is compiled with the preprocessor symbol
.Dv OPENSSL_LOAD_CONF

10
lib/libcrypto/man/OPENSSL_load_builtin_modules.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: OPENSSL_load_builtin_modules.3,v 1.6 2019/06/14 13:41:31 schwarze Exp $
.\" $OpenBSD: OPENSSL_load_builtin_modules.3,v 1.7 2023/11/19 20:59:00 tb Exp $
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -48,13 +48,12 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 14 2019 $
.Dd $Mdocdate: November 19 2023 $
.Dt OPENSSL_LOAD_BUILTIN_MODULES 3
.Os
.Sh NAME
.Nm OPENSSL_load_builtin_modules ,
.Nm ASN1_add_oid_module ,
.Nm ENGINE_add_conf_module
.Nd add standard configuration modules
.Sh SYNOPSIS
.In openssl/conf.h
@ -62,8 +61,6 @@
.Fn OPENSSL_load_builtin_modules void
.Ft void
.Fn ASN1_add_oid_module void
.Ft void
.Fn ENGINE_add_conf_module void
.Sh DESCRIPTION
The function
.Fn OPENSSL_load_builtin_modules
@ -74,9 +71,6 @@ They can then be used by the OpenSSL configuration code.
.Fn ASN1_add_oid_module
adds just the ASN.1 OBJECT module.
.Pp
.Fn ENGINE_add_conf_module
adds just the ENGINE configuration module.
.Pp
If the simple configuration function
.Xr OPENSSL_config 3
is called then

8
lib/libcrypto/man/OPENSSL_malloc.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: OPENSSL_malloc.3,v 1.10 2022/11/06 18:31:15 tb Exp $
.\" $OpenBSD: OPENSSL_malloc.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 6 2022 $
.Dd $Mdocdate: November 16 2023 $
.Dt OPENSSL_MALLOC 3
.Os
.Sh NAME
@ -83,6 +83,10 @@ standard
and
.Xr strdup 3
functions.
.Pp
The four
.Fn OPENSSL_*
functions are implemented as macros.
.Sh RETURN VALUES
These functions return the same type and value as the corresponding
standard functions.

9
lib/libcrypto/man/OpenSSL_add_all_algorithms.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.14 2023/09/10 14:39:58 schwarze Exp $
.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.15 2023/11/16 20:27:43 schwarze Exp $
.\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 10 2023 $
.Dd $Mdocdate: November 16 2023 $
.Dt OPENSSL_ADD_ALL_ALGORITHMS 3
.Os
.Sh NAME
@ -117,6 +117,11 @@ including any that are unrelated to the EVP library.
.Fn SSLeay_add_all_algorithms
is a deprecated alias for
.Fn OpenSSL_add_all_algorithms .
.Pp
.Fn OpenSSL_add_all_algorithms
and
.Fn SSLeay_add_all_algorithms
are implemented as macros.
.Sh SEE ALSO
.Xr evp 3 ,
.Xr EVP_add_cipher 3 ,

25
lib/libcrypto/man/RSA_check_key.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: RSA_check_key.3,v 1.9 2023/05/01 07:28:11 tb Exp $
.\" $OpenBSD: RSA_check_key.3,v 1.10 2023/11/19 21:06:15 tb Exp $
.\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: May 1 2023 $
.Dd $Mdocdate: November 19 2023 $
.Dt RSA_CHECK_KEY 3
.Os
.Sh NAME
@ -92,27 +92,6 @@ key structure must contain all the private key data too.
Therefore, it cannot be used with any arbitrary
.Vt RSA
key object, even if it is otherwise fit for regular RSA operation.
.Pp
Unlike most other RSA functions, this function does
.Sy not
work transparently with any underlying
.Vt ENGINE
implementation because it uses the key data in the
.Vt RSA
structure directly.
An
.Vt ENGINE
implementation can override the way key data is stored and handled,
and can even provide support for HSM keys - in which case the
.Vt RSA
structure may contain
.Sy no
key data at all!
If the
.Vt ENGINE
in question is only being used for acceleration or analysis purposes,
then in all likelihood the RSA key data is complete and untouched,
but this can't be assumed in the general case.
.Sh RETURN VALUES
.Fn RSA_check_key
returns 1 if

6
lib/libcrypto/man/RSA_get_ex_new_index.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.12 2023/09/18 14:49:43 schwarze Exp $
.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.13 2023/11/19 21:08:04 tb Exp $
.\"
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: September 18 2023 $
.Dd $Mdocdate: November 19 2023 $
.Dt RSA_GET_EX_NEW_INDEX 3
.Os
.Sh NAME
@ -47,7 +47,7 @@
The following parent objects can have application specific data called
.Dq ex_data
attached to them:
.Vt BIO , DH , DSA , EC_KEY , ENGINE , RSA ,
.Vt BIO , DH , DSA , EC_KEY , RSA ,
.Vt SSL , SSL_CTX , SSL_SESSION , UI , X509 , X509_STORE ,
and
.Vt X509_STORE_CTX .

20
lib/libcrypto/man/RSA_new.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: RSA_new.3,v 1.17 2022/07/13 21:51:35 schwarze Exp $
.\" $OpenBSD: RSA_new.3,v 1.18 2023/11/19 21:03:22 tb Exp $
.\" full merge up to:
.\" OpenSSL doc/man3/RSA_new.pod e9b77246 Jan 20 19:58:49 2017 +0100
.\" OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400 (final)
@ -67,7 +67,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 13 2022 $
.Dd $Mdocdate: November 19 2023 $
.Dt RSA_NEW 3
.Os
.Sh NAME
@ -128,12 +128,8 @@ decrements the reference count by 1.
If it reaches 0, it calls the optional
.Fa finish
function set up with
.Xr RSA_meth_set_finish 3 ,
calls
.Xr ENGINE_finish 3
if
.Fa rsa
uses an engine, and frees the
.Xr RSA_meth_set_finish 3
and frees the
.Vt RSA
structure and its components.
The key is erased before the memory is returned to the system.
@ -185,12 +181,8 @@ values are available.
.Pp
Note that RSA keys may use non-standard
.Vt RSA_METHOD
implementations, either directly or by the use of
.Vt ENGINE
modules.
In some cases (e.g. an
.Vt ENGINE
providing support for hardware-embedded keys), these
implementations.
In some cases, these
.Vt BIGNUM
values will not be used by the implementation or may be used for
alternative data storage.

44
lib/libcrypto/man/RSA_set_method.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: RSA_set_method.3,v 1.17 2023/05/14 09:33:19 tb Exp $
.\" $OpenBSD: RSA_set_method.3,v 1.18 2023/11/19 10:34:26 tb Exp $
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>
@ -50,7 +50,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: May 14 2023 $
.Dd $Mdocdate: November 19 2023 $
.Dt RSA_SET_METHOD 3
.Os
.Sh NAME
@ -105,16 +105,9 @@ selects
as the default method for all
.Vt RSA
structures created later.
If any
.Vt ENGINE
was registered with
.Xr ENGINE_register_RSA 3
that can be successfully initialized, it overrides the default.
.Pp
.Fn RSA_get_default_method
returns a pointer to the current default method,
even if it is actually overridden by an
.Vt ENGINE .
returns a pointer to the current default method.
.Pp
.Fn RSA_set_method
selects
@ -127,10 +120,7 @@ used by the RSA key, calling the
.Fa finish
function set up with
.Xr RSA_meth_set_finish 3
if any, and if the previous method was supplied by an
.Vt ENGINE ,
.Xr ENGINE_finish 3
is called on it.
if any.
If
.Fa meth
contains an
@ -142,9 +132,7 @@ that function is called just before returning from
.Pp
It is possible to have RSA keys that only work with certain
.Vt RSA_METHOD
implementations (e.g. from an
.Vt ENGINE
module that supports embedded hardware-protected keys),
implementations,
and in such cases attempting to change the
.Vt RSA_METHOD
for the key can have unexpected results.
@ -154,12 +142,6 @@ returns a pointer to the
.Vt RSA_METHOD
being used by
.Fa rsa .
This method may or may not be supplied by an
.Vt ENGINE
implementation but if it is, the return value can only be guaranteed
to be valid as long as the RSA key itself is valid and does not
have its implementation changed by
.Fn RSA_set_method .
.Pp
The misleadingly named function
.Fn RSA_flags
@ -178,17 +160,10 @@ section for more details.
.Fn RSA_new_method
allocates and initializes an
.Vt RSA
structure so that
structure.
The
.Fa engine
is used for the RSA operations.
If
.Fa engine
is
.Dv NULL ,
.Xr ENGINE_get_default_RSA 3
is used.
If that returns
.Dv NULL ,
argument is ignored and
the default method controlled by
.Fn RSA_set_default_method
is used.
@ -224,9 +199,6 @@ and sets an error code that can be obtained by
if the allocation fails.
Otherwise it returns a pointer to the newly allocated structure.
.Sh SEE ALSO
.Xr ENGINE_get_default_RSA 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr ENGINE_set_default_RSA 3 ,
.Xr RSA_meth_new 3 ,
.Xr RSA_new 3
.Sh HISTORY

6
lib/libcrypto/man/X509_STORE_get_by_subject.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.4 2023/08/10 14:15:16 schwarze Exp $
.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.5 2023/11/16 20:27:43 schwarze Exp $
.\"
.\" Copyright (c) 2021, 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: August 10 2023 $
.Dd $Mdocdate: November 16 2023 $
.Dt X509_STORE_GET_BY_SUBJECT 3
.Os
.Sh NAME
@ -160,7 +160,7 @@ encourage checking of validity times, CAs with a valid time are
preferred, but if no matching CA has a valid time, one with an
invalid time is accepted anyway.
.Pp
The following are deprecated aliases:
The following are deprecated aliases implemented as macros:
.Bl -column X509_STORE_get_by_subject F X509_STORE_CTX_get_by_subject
.It Fn X509_STORE_get_by_subject Ta for Ta Fn X509_STORE_CTX_get_by_subject
.It Fn X509_STORE_get1_certs Ta for Ta Fn X509_STORE_CTX_get1_certs

6
lib/libcrypto/man/X509_STORE_set1_param.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_STORE_set1_param.3,v 1.19 2021/10/18 18:20:39 schwarze Exp $
.\" $OpenBSD: X509_STORE_set1_param.3,v 1.20 2023/11/16 20:27:43 schwarze Exp $
.\" content checked up to:
.\" OpenSSL man3/X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000
.\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400
@ -17,7 +17,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: October 18 2021 $
.Dd $Mdocdate: November 16 2023 $
.Dt X509_STORE_SET1_PARAM 3
.Os
.Sh NAME
@ -145,6 +145,8 @@ Their usage is identical to that of
.Xr RSA_set_ex_data 3 ,
and
.Xr RSA_get_ex_data 3 .
.Fn X509_STORE_get_ex_new_index
is implemented as a macro.
.Sh RETURN VALUES
.Fn X509_STORE_set1_param ,
.Fn X509_STORE_set_purpose ,

317
lib/libcrypto/man/bn_dump.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: bn_dump.3,v 1.8 2023/01/20 12:16:46 jsing Exp $
.\" $OpenBSD: bn_dump.3,v 1.9 2023/11/16 18:10:19 schwarze Exp $
.\" full merge up to:
.\" OpenSSL crypto/bn/README.pod aebb9aac Jul 19 09:27:53 2016 -0400
.\"
@ -50,7 +50,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 20 2023 $
.Dd $Mdocdate: November 16 2023 $
.Dt BN_DUMP 3
.Os
.Sh NAME
@ -64,28 +64,12 @@
.Nm bn_mul_comba8 ,
.Nm bn_sqr_comba4 ,
.Nm bn_sqr_comba8 ,
.Nm bn_cmp_words ,
.Nm bn_mul_normal ,
.Nm bn_mul_recursive ,
.Nm bn_mul_part_recursive ,
.Nm bn_sqr_normal ,
.Nm bn_sqr_recursive ,
.Nm bn_expand ,
.Nm bn_wexpand ,
.Nm bn_expand2 ,
.Nm bn_fix_top ,
.Nm bn_check_top ,
.Nm bn_print ,
.Nm bn_dump ,
.Nm bn_set_max ,
.Nm bn_set_high ,
.Nm bn_set_low ,
.Nm mul ,
.Nm mul_add ,
.Nm sqr
.Nm bn_wexpand
.Nd BIGNUM library internal functions
.Sh SYNOPSIS
.In openssl/bn.h
.Fd #include "bn_local.h"
.Ft BN_ULONG
.Fo bn_mul_words
.Fa "BN_ULONG *rp"
@ -148,12 +132,6 @@
.Fa "BN_ULONG *r"
.Fa "BN_ULONG *a"
.Fc
.Ft int
.Fo bn_cmp_words
.Fa "BN_ULONG *a"
.Fa "BN_ULONG *b"
.Fa "int n"
.Fc
.Ft void
.Fo bn_mul_normal
.Fa "BN_ULONG *r"
@ -162,60 +140,6 @@
.Fa "BN_ULONG *b"
.Fa "int nb"
.Fc
.Ft void
.Fo bn_mul_recursive
.Fa "BN_ULONG *r"
.Fa "BN_ULONG *a"
.Fa "BN_ULONG *b"
.Fa "int n2"
.Fa "int dna"
.Fa "int dnb"
.Fa "BN_ULONG *tmp"
.Fc
.Ft void
.Fo bn_mul_part_recursive
.Fa "BN_ULONG *r"
.Fa "BN_ULONG *a"
.Fa "BN_ULONG *b"
.Fa "int n"
.Fa "int tna"
.Fa "int tnb"
.Fa "BN_ULONG *tmp"
.Fc
.Ft void
.Fo bn_sqr_normal
.Fa "BN_ULONG *r"
.Fa "BN_ULONG *a"
.Fa "int n"
.Fa "BN_ULONG *tmp"
.Fc
.Ft void
.Fo bn_sqr_recursive
.Fa "BN_ULONG *r"
.Fa "BN_ULONG *a"
.Fa "int n2"
.Fa "BN_ULONG *tmp"
.Fc
.Ft void
.Fo mul
.Fa "BN_ULONG r"
.Fa "BN_ULONG a"
.Fa "BN_ULONG w"
.Fa "BN_ULONG c"
.Fc
.Ft void
.Fo mul_add
.Fa "BN_ULONG r"
.Fa "BN_ULONG a"
.Fa "BN_ULONG w"
.Fa "BN_ULONG c"
.Fc
.Ft void
.Fo sqr
.Fa "BN_ULONG r0"
.Fa "BN_ULONG r1"
.Fa "BN_ULONG a"
.Fc
.Ft BIGNUM *
.Fo bn_expand
.Fa "BIGNUM *a"
@ -226,46 +150,8 @@
.Fa "BIGNUM *a"
.Fa "int n"
.Fc
.Ft BIGNUM *
.Fo bn_expand2
.Fa "BIGNUM *a"
.Fa "int n"
.Fc
.Ft void
.Fo bn_fix_top
.Fa "BIGNUM *a"
.Fc
.Ft void
.Fo bn_check_top
.Fa "BIGNUM *a"
.Fc
.Ft void
.Fo bn_print
.Fa "BIGNUM *a"
.Fc
.Ft void
.Fo bn_dump
.Fa "BN_ULONG *d"
.Fa "int n"
.Fc
.Ft void
.Fo bn_set_max
.Fa "BIGNUM *a"
.Fc
.Ft void
.Fo bn_set_high
.Fa "BIGNUM *r"
.Fa "BIGNUM *a"
.Fa "int n"
.Fc
.Ft void
.Fo bn_set_low
.Fa "BIGNUM *r"
.Fa "BIGNUM *a"
.Fa "int n"
.Fc
.Sh DESCRIPTION
This page documents the internal functions used by the OpenSSL
This page documents some internal functions used by the
.Vt BIGNUM
implementation.
They are described here to facilitate debugging and extending the
@ -327,16 +213,12 @@ is a bit field of flags which are defined in
.In openssl/bn.h .
The flags begin with
.Dv BN_FLG_ .
The macros
.Fn BN_set_flags b n
The functions
.Xr BN_set_flags 3
and
.Fn BN_get_flags b n
exist to enable or fetch flag(s)
.Fa n
from a
.Vt BIGNUM
structure
.Fa b .
.Xr BN_get_flags 3
enable or inspect
.Fa flags .
.Pp
Various routines in this library require the use of temporary
.Vt BIGNUM
@ -488,18 +370,6 @@ and the 16 word array
.Pp
The following functions are implemented in C:
.Pp
.Fn bn_cmp_words a b n
operates on the
.Fa n
word arrays
.Fa a
and
.Fa b .
It returns 1, 0 and -1 if
.Fa a
is greater than, equal and less than
.Fa b .
.Pp
.Fn bn_mul_normal r a na b nb
operates on the
.Fa na
@ -518,103 +388,15 @@ It computes
and places the result in
.Fa r .
.Pp
.Fn bn_mul_recursive r a b n2 dna dnb t
operates on the word arrays
.Fa a
and
.Fa b
of length
.Fa n2 Ns + Ns Fa dna
and
.Fa n2 Ns + Ns Fa dnb
.Pf ( Fa dna
and
.Fa dnb
are currently allowed to be 0 or negative) and the
.Pf 2* Fa n2
word arrays
.Fa r
and
.Sy t .
.Fa n2
must be a power of 2.
It computes
.Fa a Ns * Ns Fa b
and places the result in
.Fa r .
.Pp
.Fn bn_mul_part_recursive r a b n tna tnb tmp
operates on the word arrays
.Fa a
and
.Fa b
of length
.Fa n Ns + Ns Fa tna
and
.Fa n Ns + Ns Fa tnb
and the
.Pf 4* Fa n
word arrays
.Fa r
and
.Fa tmp .
.Pp
.Xr BN_mul 3
calls
.Fn bn_mul_normal ,
or an optimized implementation if the factors have the same size:
.Fn bn_mul_comba4
if both factors are 4 words long,
.Fn bn_mul_comba8
is used if they are 8 words long,
.Fn bn_mul_recursive
if they are larger than
.Dv BN_MULL_SIZE_NORMAL
and the size is an exact multiple of the word size, and
.Fn bn_mul_part_recursive
for others that are larger than
.Dv BN_MULL_SIZE_NORMAL .
.Pp
.Fn bn_sqr_normal r a n tmp
operates on the
.Fa n
word array
.Fa a
and the
.Pf 2* Fa n
word arrays
.Fa tmp
and
.Fa r .
.Pp
The implementations use the following macros which, depending on the
architecture, may use
.Vt long long
C operations or inline assembler.
They are defined in
.Pa bn_lcl.h .
.Pp
.Fn mul r a w c
computes
.Fa w Ns * Ns Fa a Ns + Ns Fa c
and places the low word of the result in
.Fa r
and the high word in
.Fa c .
.Pp
.Fn mul_add r a w c
computes
.Fa w Ns * Ns Fa a Ns + Ns Fa r Ns + Ns Fa c
and places the low word of the result in
.Fa r
and the high word in
.Fa c .
.Pp
.Fn sqr r0 r1 a
computes
.Fa a Ns * Ns Fa a
and places the low word of the result in
.Fa r0
and the high word in
.Fa r1 .
if both factors are 8 words long,
or
.Fn bn_mul_normal
otherwise.
.Ss Size changes
.Fn bn_expand
ensures that
@ -628,71 +410,6 @@ ensures that
has enough space for an
.Fa n
word number.
If the number has to be expanded, both macros call
.Fn bn_expand2 ,
which allocates a new
.Fa d
array and copies the data.
They return
.Dv NULL
on error,
.Fa b
otherwise.
.Pp
The
.Fn bn_fix_top
macro reduces
.Fa a Ns -> Ns Fa top
to point to the most significant non-zero word plus one when
.Fa a
has shrunk.
.Ss Debugging
.Fn bn_check_top
verifies that
.Ql ((a)-\(ratop \(ra= 0 && (a)-\(ratop \(la= (a)-\(radmax) .
A violation will cause the program to abort.
.Pp
.Fn bn_print
prints
.Fa a
to
.Dv stderr .
.Fn bn_dump
prints
.Fa n
words at
.Fa d
(in reverse order, i.e.\&
most significant word first) to
.Dv stderr .
.Pp
.Fn bn_set_max
makes
.Fa a
a static number with a
.Fa dmax
of its current size.
This is used by
.Fn bn_set_low
and
.Fn bn_set_high
to make
.Fa r
a read-only
.Vt BIGNUM
that contains the
.Fa n
low or high words of
.Fa a .
.Pp
If
.Dv BN_DEBUG
is not defined,
.Fn bn_check_top ,
.Fn bn_print ,
.Fn bn_dump
and
.Fn bn_set_max
are defined as empty macros.
They return 0 on error or 1 otherwise.
.Sh SEE ALSO
.Xr BN_new 3

30
lib/libcrypto/man/evp.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: evp.3,v 1.24 2023/09/09 14:39:09 schwarze Exp $
.\" $OpenBSD: evp.3,v 1.25 2023/11/19 10:25:28 tb Exp $
.\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>,
@ -51,7 +51,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 9 2023 $
.Dd $Mdocdate: November 19 2023 $
.Dt EVP 3
.Os
.Sh NAME
@ -156,30 +156,6 @@ example, PBKDF2 from PCKS#5).
The
.Xr EVP_EncodeInit 3
family of functions provides base64 encoding and decoding.
.Pp
All the symmetric algorithms (ciphers), digests and asymmetric
algorithms (public key algorithms) can be replaced by
.Vt ENGINE
modules providing alternative implementations; see
.Xr ENGINE_register_RSA 3
and the related manual pages for more information.
If
.Vt ENGINE
implementations of ciphers or digests are registered as defaults,
then the various EVP functions will automatically use those
implementations in preference to built in software implementations.
.Pp
Although low-level algorithm specific functions exist for many
algorithms, their use is discouraged.
They cannot be used with an
.Vt ENGINE ,
and
.Vt ENGINE
versions of new algorithms cannot be accessed using the low-level
functions.
Using them also makes code harder to adapt to new algorithms, some
options are not cleanly supported at the low level, and some
operations are more efficient using the high-level interfaces.
.Sh SEE ALSO
.Xr ASN1_item_digest 3 ,
.Xr ASN1_item_sign 3 ,
@ -191,8 +167,6 @@ operations are more efficient using the high-level interfaces.
.Xr crypto 3 ,
.Xr d2i_PKCS8PrivateKey_bio 3 ,
.Xr d2i_PrivateKey 3 ,
.Xr ENGINE_get_cipher 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr EVP_add_cipher 3 ,
.Xr EVP_AEAD_CTX_init 3 ,
.Xr EVP_aes_128_cbc 3 ,

108
lib/libcrypto/man/openssl.cnf.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: openssl.cnf.5,v 1.9 2023/10/21 14:05:49 tb Exp $
.\" $OpenBSD: openssl.cnf.5,v 1.10 2023/11/19 10:23:53 tb Exp $
.\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100
.\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400
.\"
@ -50,7 +50,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: October 21 2023 $
.Dd $Mdocdate: November 19 2023 $
.Dt OPENSSL.CNF 5
.Os
.Sh NAME
@ -192,13 +192,9 @@ openssl_conf = openssl_init
[openssl_init]
oid_section = new_oids
engines = engine_section
[new_oids]
\&... new oids here ...
[engine_section]
\&... engine stuff here ...
.Ed
.Pp
The features of each configuration module are described below.
@ -228,106 +224,6 @@ comma and the numerical OID form.
For example:
.Pp
.Dl shortName = some object long name, 1.2.3.4
.Ss Engine Configuration Module
This ENGINE configuration module has the name
.Ic engines .
The value of this variable points to a section containing further ENGINE
configuration information.
.Pp
The section pointed to by
.Ic engines
is a table of engine names (though see
.Ic engine_id
below) and further sections containing configuration information
specific to each ENGINE.
.Pp
Each ENGINE specific section is used to set default algorithms, load
dynamic ENGINEs, perform initialization and send ctrls.
The actual operation performed depends on the command
name which is the name of the name value pair.
The currently supported commands are listed below.
.Pp
For example:
.Bd -literal -offset indent
[engine_section]
# Configure ENGINE named "foo"
foo = foo_section
# Configure ENGINE named "bar"
bar = bar_section
[foo_section]
\&... foo ENGINE specific commands ...
[bar_section]
\&... "bar" ENGINE specific commands ...
.Ed
.Pp
The command
.Ic engine_id
is used to give the ENGINE name.
If used, this command must be first.
For example:
.Bd -literal -offset indent
[engine_section]
# This would normally handle an ENGINE named "foo"
foo = foo_section
[foo_section]
# Override default name and use "myfoo" instead.
engine_id = myfoo
.Ed
.Pp
The command
.Ic dynamic_path
loads and adds an ENGINE from the given path.
It is equivalent to sending the ctrls
.Sy SO_PATH
with the path argument followed by
.Sy LIST_ADD
with value 2 and
.Sy LOAD
to the dynamic ENGINE.
If this is not the required behaviour then alternative ctrls can be sent
directly to the dynamic ENGINE using ctrl commands.
.Pp
The command
.Ic init
determines whether to initialize the ENGINE.
If the value is 0, the ENGINE will not be initialized.
If it is 1, an attempt is made to initialized the ENGINE immediately.
If the
.Ic init
command is not present, then an attempt will be made to initialize
the ENGINE after all commands in its section have been processed.
.Pp
The command
.Ic default_algorithms
sets the default algorithms an ENGINE will supply using the functions
.Xr ENGINE_set_default_string 3 .
.Pp
If the name matches none of the above command names, it is assumed
to be a ctrl command which is sent to the ENGINE.
The value of the command is the argument to the ctrl command.
If the value is the string
.Cm EMPTY ,
then no value is sent to the command.
.Pp
For example:
.Bd -literal -offset indent
[engine_section]
# Configure ENGINE named "foo"
foo = foo_section
[foo_section]
# Load engine from DSO
dynamic_path = /some/path/fooengine.so
# A foo specific ctrl.
some_ctrl = some_value
# Another ctrl that doesn't take a value.
other_ctrl = EMPTY
# Supply all default algorithms
default_algorithms = ALL
.Ed
.Sh FILES
.Bl -tag -width /etc/ssl/openssl.cnf -compact
.It Pa /etc/ssl/openssl.cnf

8
lib/libcrypto/pem/pem_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pem_lib.c,v 1.53 2023/07/07 13:40:44 beck Exp $ */
/* $OpenBSD: pem_lib.c,v 1.54 2023/11/19 15:46:10 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -74,9 +74,6 @@
#ifndef OPENSSL_NO_DES
#include <openssl/des.h>
#endif
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "asn1_local.h"
#include "evp_local.h"
@ -231,9 +228,6 @@ check_pem(const char *nm, const char *name)
r = 1;
else
r = 0;
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(e);
#endif
return r;
}
}

6
lib/libcrypto/pem/pem_pkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pem_pkey.c,v 1.27 2023/07/07 13:40:44 beck Exp $ */
/* $OpenBSD: pem_pkey.c,v 1.28 2023/11/19 15:46:10 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -69,10 +69,6 @@
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "asn1_local.h"
#include "evp_local.h"

92
lib/libcrypto/pkcs7/pk7_doit.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pk7_doit.c,v 1.52 2023/03/09 18:20:10 tb Exp $ */
/* $OpenBSD: pk7_doit.c,v 1.54 2023/11/15 00:55:43 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -68,10 +68,6 @@
#include "evp_local.h"
#include "x509_local.h"
static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
void *value);
static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
static int
PKCS7_type_is_other(PKCS7* p7)
{
@ -407,7 +403,7 @@ err:
BIO_free_all(btmp);
out = NULL;
}
return (out);
return out;
}
LCRYPTO_ALIAS(PKCS7_dataInit);
@ -636,7 +632,7 @@ err:
BIO_free_all(etmp);
out = NULL;
}
return (out);
return out;
}
LCRYPTO_ALIAS(PKCS7_dataDecode);
@ -865,7 +861,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
ret = 1;
err:
EVP_MD_CTX_cleanup(&ctx_tmp);
return (ret);
return ret;
}
LCRYPTO_ALIAS(PKCS7_dataFinal);
@ -1093,7 +1089,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
ret = 1;
err:
EVP_MD_CTX_cleanup(&mdc_tmp);
return (ret);
return ret;
}
LCRYPTO_ALIAS(PKCS7_signatureVerify);
@ -1114,26 +1110,12 @@ PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
return NULL;
ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
return (NULL);
return NULL;
ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
return (ri->issuer_and_serial);
return ri->issuer_and_serial;
}
LCRYPTO_ALIAS(PKCS7_get_issuer_and_serial);
ASN1_TYPE *
PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
{
return (get_attribute(si->auth_attr, nid));
}
LCRYPTO_ALIAS(PKCS7_get_signed_attribute);
ASN1_TYPE *
PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
{
return (get_attribute(si->unauth_attr, nid));
}
LCRYPTO_ALIAS(PKCS7_get_attribute);
static ASN1_TYPE *
get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
{
@ -1143,15 +1125,29 @@ get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
o = OBJ_nid2obj(nid);
if (!o || !sk)
return (NULL);
return NULL;
for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
xa = sk_X509_ATTRIBUTE_value(sk, i);
if (OBJ_cmp(xa->object, o) == 0)
return (sk_ASN1_TYPE_value(xa->set, 0));
return sk_ASN1_TYPE_value(xa->set, 0);
}
return (NULL);
return NULL;
}
ASN1_TYPE *
PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
{
return get_attribute(si->auth_attr, nid);
}
LCRYPTO_ALIAS(PKCS7_get_signed_attribute);
ASN1_TYPE *
PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
{
return get_attribute(si->unauth_attr, nid);
}
LCRYPTO_ALIAS(PKCS7_get_attribute);
ASN1_OCTET_STRING *
PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
{
@ -1181,9 +1177,9 @@ PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
== NULL)
return (0);
return 0;
}
return (1);
return 1;
}
LCRYPTO_ALIAS(PKCS7_set_signed_attributes);
@ -1202,27 +1198,12 @@ PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
== NULL)
return (0);
return 0;
}
return (1);
return 1;
}
LCRYPTO_ALIAS(PKCS7_set_attributes);
int
PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
void *value)
{
return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
}
LCRYPTO_ALIAS(PKCS7_add_signed_attribute);
int
PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)
{
return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
}
LCRYPTO_ALIAS(PKCS7_add_attribute);
static int
add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value)
{
@ -1260,5 +1241,20 @@ new_attrib:
goto new_attrib;
}
end:
return (1);
return 1;
}
int
PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
void *value)
{
return add_attribute(&(p7si->auth_attr), nid, atrtype, value);
}
LCRYPTO_ALIAS(PKCS7_add_signed_attribute);
int
PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)
{
return add_attribute(&(p7si->unauth_attr), nid, atrtype, value);
}
LCRYPTO_ALIAS(PKCS7_add_attribute);

5
lib/libcrypto/rand/rand.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rand.h,v 1.23 2022/07/12 14:42:50 kn Exp $ */
/* $OpenBSD: rand.h,v 1.24 2023/11/19 15:46:10 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -83,9 +83,6 @@ struct rand_meth_st {
int RAND_set_rand_method(const RAND_METHOD *meth);
const RAND_METHOD *RAND_get_rand_method(void);
#ifndef OPENSSL_NO_ENGINE
int RAND_set_rand_engine(ENGINE *engine);
#endif
RAND_METHOD *RAND_SSLeay(void);
#ifndef LIBRESSL_INTERNAL

11
lib/libcrypto/rand/rand_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rand_lib.c,v 1.22 2023/07/07 19:37:54 beck Exp $ */
/* $OpenBSD: rand_lib.c,v 1.23 2023/11/19 15:46:10 tb Exp $ */
/*
* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
*
@ -45,15 +45,6 @@ RAND_SSLeay(void)
}
LCRYPTO_ALIAS(RAND_SSLeay);
#ifndef OPENSSL_NO_ENGINE
int
RAND_set_rand_engine(ENGINE *engine)
{
return 1;
}
LCRYPTO_ALIAS(RAND_set_rand_engine);
#endif
void
RAND_cleanup(void)
{

35
lib/libcrypto/rsa/rsa_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rsa_lib.c,v 1.48 2023/07/28 10:05:16 tb Exp $ */
/* $OpenBSD: rsa_lib.c,v 1.49 2023/11/19 15:46:10 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -71,10 +71,6 @@
#include "evp_local.h"
#include "rsa_local.h"
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
static const RSA_METHOD *default_RSA_meth = NULL;
RSA *
@ -122,10 +118,6 @@ RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
mtmp = rsa->meth;
if (mtmp->finish)
mtmp->finish(rsa);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(rsa->engine);
rsa->engine = NULL;
#endif
rsa->meth = meth;
if (meth->init)
meth->init(rsa);
@ -145,25 +137,6 @@ RSA_new_method(ENGINE *engine)
ret->meth = RSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine != NULL) {
if (!ENGINE_init(engine)) {
RSAerror(ERR_R_ENGINE_LIB);
goto err;
}
ret->engine = engine;
} else {
ret->engine = ENGINE_get_default_RSA();
}
if (ret->engine != NULL) {
if ((ret->meth = ENGINE_get_RSA(ret->engine)) == NULL) {
RSAerror(ERR_R_ENGINE_LIB);
goto err;
}
}
#endif
ret->references = 1;
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
@ -178,9 +151,6 @@ RSA_new_method(ENGINE *engine)
return ret;
err:
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ret->engine);
#endif
free(ret);
return NULL;
@ -201,9 +171,6 @@ RSA_free(RSA *r)
if (r->meth->finish)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);

7
lib/libcrypto/ts/ts.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ts.h,v 1.22 2023/07/28 09:53:55 tb Exp $ */
/* $OpenBSD: ts.h,v 1.23 2023/11/19 15:46:10 tb Exp $ */
/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
* project 2002, 2003, 2004.
*/
@ -542,11 +542,6 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
TS_RESP_CTX *ctx);
#ifndef OPENSSL_NO_ENGINE
int TS_CONF_set_crypto_device(CONF *conf, const char *section,
const char *device);
int TS_CONF_set_default_engine(const char *name);
#endif
int TS_CONF_set_signer_cert(CONF *conf, const char *section,
const char *cert, TS_RESP_CTX *ctx);
int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,

56
lib/libcrypto/ts/ts_conf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ts_conf.c,v 1.12 2023/07/07 07:25:21 beck Exp $ */
/* $OpenBSD: ts_conf.c,v 1.13 2023/11/19 15:46:10 tb Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
* project 2002.
*/
@ -65,10 +65,6 @@
#include <openssl/pem.h>
#include <openssl/ts.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
/* Macro definitions for the configuration file. */
#define BASE_SECTION "tsa"
@ -211,56 +207,6 @@ err:
}
LCRYPTO_ALIAS(TS_CONF_set_serial);
#ifndef OPENSSL_NO_ENGINE
int
TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device)
{
int ret = 0;
if (!device)
device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
if (device && !TS_CONF_set_default_engine(device)) {
TS_CONF_invalid(section, ENV_CRYPTO_DEVICE);
goto err;
}
ret = 1;
err:
return ret;
}
LCRYPTO_ALIAS(TS_CONF_set_crypto_device);
int
TS_CONF_set_default_engine(const char *name)
{
ENGINE *e = NULL;
int ret = 0;
/* Leave the default if builtin specified. */
if (strcmp(name, "builtin") == 0)
return 1;
if (!(e = ENGINE_by_id(name)))
goto err;
/* All the operations are going to be carried out by the engine. */
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
goto err;
ret = 1;
err:
if (!ret) {
TSerror(TS_R_COULD_NOT_SET_ENGINE);
ERR_asprintf_error_data("engine:%s", name);
}
ENGINE_free(e);
return ret;
}
LCRYPTO_ALIAS(TS_CONF_set_default_engine);
#endif
int
TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert,
TS_RESP_CTX *ctx)

Some files were not shown because too many files have changed in this diff Show More