From c22b8a612035a02d155d8b76c42de0ca618d2873 Mon Sep 17 00:00:00 2001 From: purplerain Date: Mon, 20 Nov 2023 02:38:22 +0000 Subject: [PATCH] sync with OpenBSD -current --- distrib/sets/lists/base/mi | 3 + distrib/sets/lists/comp/mi | 10 - etc/root/dot.login | 8 +- etc/root/dot.profile | 8 +- etc/skel/dot.login | 8 +- etc/skel/dot.version | 2 +- .../clang/Basic/DiagnosticSemaKinds.td | 4 +- .../llvm/lib/Target/ARM/ARMISelLowering.cpp | 2 + .../lib/Target/PowerPC/PPCISelDAGToDAG.cpp | 3 +- gnu/usr.bin/clang/Makefile.inc | 3 +- .../clang/include/llvm/AMDGPU/Makefile | 6 +- .../clang/libLLVMRISCVCodeGen/Makefile | 3 +- lib/csu/aarch64/md_init.h | 8 +- lib/csu/alpha/md_init.h | 10 +- lib/csu/amd64/md_init.h | 10 +- lib/csu/arm/md_init.h | 8 +- lib/csu/boot.h | 4 +- lib/csu/hppa/boot_md.h | 4 +- lib/csu/hppa/md_init.h | 14 +- lib/csu/i386/md_init.h | 10 +- lib/csu/m88k/md_init.h | 7 +- lib/csu/mips64/boot_md.h | 4 +- lib/csu/mips64/md_init.h | 14 +- lib/csu/powerpc/md_init.h | 10 +- lib/csu/powerpc64/md_init.h | 10 +- lib/csu/riscv64/md_init.h | 6 +- lib/csu/sh/md_init.h | 10 +- lib/csu/sparc64/md_init.h | 8 +- lib/libcrypto/asn1/a_pkey.c | 10 +- lib/libcrypto/asn1/ameth_lib.c | 29 +- lib/libcrypto/conf/conf_mall.c | 9 +- lib/libcrypto/conf/conf_sap.c | 10 +- lib/libcrypto/crypto_init.c | 8 +- lib/libcrypto/dh/dh_lib.c | 31 +- lib/libcrypto/dsa/dsa_lib.c | 30 +- lib/libcrypto/ec/ec_key.c | 18 +- lib/libcrypto/ec/ec_kmeth.c | 27 +- lib/libcrypto/engine/engine.h | 574 +----------------- lib/libcrypto/engine/engine_stubs.c | 8 +- lib/libcrypto/err/err_all.c | 8 +- lib/libcrypto/evp/digest.c | 62 +- lib/libcrypto/evp/e_aes.c | 8 +- lib/libcrypto/evp/e_rc2.c | 18 +- lib/libcrypto/evp/evp_enc.c | 80 +-- lib/libcrypto/evp/evp_lib.c | 12 +- lib/libcrypto/evp/p_lib.c | 21 +- lib/libcrypto/evp/p_seal.c | 11 +- lib/libcrypto/evp/pmeth_lib.c | 42 +- lib/libcrypto/man/ASN1_TIME_set.3 | 33 +- lib/libcrypto/man/BIO_ctrl.3 | 9 +- lib/libcrypto/man/BIO_get_data.3 | 15 +- lib/libcrypto/man/BIO_get_ex_new_index.3 | 17 +- lib/libcrypto/man/BIO_s_fd.3 | 6 +- lib/libcrypto/man/BIO_s_file.3 | 10 +- lib/libcrypto/man/BIO_s_mem.3 | 8 +- lib/libcrypto/man/CONF_modules_load_file.3 | 14 +- lib/libcrypto/man/DES_set_key.3 | 14 +- lib/libcrypto/man/DH_set_method.3 | 40 +- lib/libcrypto/man/DSA_set_method.3 | 40 +- lib/libcrypto/man/ENGINE_add.3 | 243 -------- lib/libcrypto/man/ENGINE_ctrl.3 | 470 -------------- lib/libcrypto/man/ENGINE_get_default_RSA.3 | 151 ----- lib/libcrypto/man/ENGINE_init.3 | 134 ---- lib/libcrypto/man/ENGINE_new.3 | 276 ++++----- lib/libcrypto/man/ENGINE_register_RSA.3 | 142 ----- lib/libcrypto/man/ENGINE_register_all_RSA.3 | 123 ---- lib/libcrypto/man/ENGINE_set_RSA.3 | 317 ---------- lib/libcrypto/man/ENGINE_set_default.3 | 186 ------ lib/libcrypto/man/ENGINE_set_flags.3 | 92 --- lib/libcrypto/man/ENGINE_unregister_RSA.3 | 119 ---- lib/libcrypto/man/EVP_OpenInit.3 | 7 +- lib/libcrypto/man/EVP_PKEY_encrypt.3 | 10 +- lib/libcrypto/man/EVP_SealInit.3 | 7 +- lib/libcrypto/man/EVP_SignInit.3 | 10 +- lib/libcrypto/man/EVP_VerifyInit.3 | 10 +- lib/libcrypto/man/EVP_aes_128_cbc.3 | 7 +- lib/libcrypto/man/EVP_sm4_cbc.3 | 7 +- lib/libcrypto/man/Makefile | 12 +- lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 | 6 +- lib/libcrypto/man/OPENSSL_config.3 | 9 +- .../man/OPENSSL_load_builtin_modules.3 | 10 +- lib/libcrypto/man/OPENSSL_malloc.3 | 8 +- .../man/OpenSSL_add_all_algorithms.3 | 9 +- lib/libcrypto/man/RSA_check_key.3 | 25 +- lib/libcrypto/man/RSA_get_ex_new_index.3 | 6 +- lib/libcrypto/man/RSA_new.3 | 20 +- lib/libcrypto/man/RSA_set_method.3 | 44 +- lib/libcrypto/man/X509_STORE_get_by_subject.3 | 6 +- lib/libcrypto/man/X509_STORE_set1_param.3 | 6 +- lib/libcrypto/man/bn_dump.3 | 317 +--------- lib/libcrypto/man/evp.3 | 30 +- lib/libcrypto/man/openssl.cnf.5 | 108 +--- lib/libcrypto/pem/pem_lib.c | 8 +- lib/libcrypto/pem/pem_pkey.c | 6 +- lib/libcrypto/pkcs7/pk7_doit.c | 92 ++- lib/libcrypto/rand/rand.h | 5 +- lib/libcrypto/rand/rand_lib.c | 11 +- lib/libcrypto/rsa/rsa_lib.c | 35 +- lib/libcrypto/ts/ts.h | 7 +- lib/libcrypto/ts/ts_conf.c | 56 +- lib/libssl/ssl.h | 5 +- lib/libssl/ssl_ciph.c | 6 +- lib/libssl/ssl_clnt.c | 21 +- lib/libssl/ssl_lib.c | 30 +- lib/libssl/ssl_local.h | 8 +- lib/libssl/ssl_sess.c | 25 +- lib/libssl/ssl_srvr.c | 8 +- lib/libssl/t1_lib.c | 14 +- lib/libutil/imsg.c | 98 +-- lib/libz/ChangeLog | 3 + lib/libz/README | 4 +- lib/libz/deflate.c | 21 + lib/libz/deflate.h | 31 +- lib/libz/inflate.c | 2 +- lib/libz/inftrees.c | 2 +- lib/libz/inftrees.h | 4 +- lib/libz/trees.c | 18 +- lib/libz/zlib.h | 16 +- libexec/ld.so/aarch64/archdep.h | 4 +- libexec/ld.so/alpha/archdep.h | 4 +- libexec/ld.so/amd64/archdep.h | 4 +- libexec/ld.so/arm/archdep.h | 4 +- libexec/ld.so/hppa/archdep.h | 6 +- libexec/ld.so/i386/archdep.h | 4 +- libexec/ld.so/m88k/archdep.h | 4 +- libexec/ld.so/mips64/archdep.h | 6 +- libexec/ld.so/powerpc/archdep.h | 6 +- libexec/ld.so/powerpc64/archdep.h | 6 +- libexec/ld.so/powerpc64/ldasm.S | 2 +- libexec/ld.so/riscv64/archdep.h | 4 +- libexec/ld.so/sh/archdep.h | 4 +- libexec/ld.so/sparc64/archdep.h | 4 +- regress/lib/libcrypto/dsa/dsatest.c | 4 +- regress/lib/libcrypto/ec/ectest.c | 8 +- regress/lib/libcrypto/ecdsa/ecdsatest.c | 5 +- regress/lib/libcrypto/evp/evptest.c | 25 +- regress/lib/libcrypto/free/freenull.awk | 9 +- regress/lib/libcrypto/free/freenull.c.head | 5 +- regress/lib/libcrypto/gost/gost2814789t.c | 8 +- regress/lib/libcrypto/pbkdf2/pbkdf2.c | 12 +- regress/lib/libssl/ssl/ssltest.c | 8 +- regress/lib/libz/example.c | 109 +--- regress/lib/libz/minigzip.c | 176 ++---- regress/usr.bin/grep/Makefile | 25 +- regress/usr.bin/grep/t28.in | 7 + regress/usr.bin/grep/t28_1.out | 4 + regress/usr.bin/grep/t28_2.out | 7 + regress/usr.bin/grep/t28_3.out | 9 + regress/usr.bin/grep/t28_4.out | 10 + regress/usr.bin/grep/t28_5.out | 1 + regress/usr.bin/grep/t28_6.out | 2 + regress/usr.bin/grep/t28_7.out | 3 + regress/usr.bin/grep/t28_8.out | 4 + regress/usr.sbin/snmpd/Makefile | 5 +- regress/usr.sbin/snmpd/backend.c | 166 +++++ regress/usr.sbin/snmpd/regress.h | 3 + regress/usr.sbin/snmpd/snmpd_regress.c | 3 + sbin/fdisk/cmd.c | 3 +- sbin/pflogd/pflogd.c | 4 +- share/zoneinfo/Makefile | 131 +++- share/zoneinfo/datfiles/leap-seconds.list | 256 ++++++++ share/zoneinfo/datfiles/leapseconds | 83 --- share/zoneinfo/leapseconds.awk | 252 ++++++++ share/zoneinfo/version | 1 + share/zoneinfo/ziguard.awk | 386 ++++++++++++ share/zoneinfo/zishrink.awk | 356 +++++++++++ sys/dev/bio.c | 63 +- sys/kern/subr_disk.c | 4 +- sys/lib/libz/deflate.c | 21 + sys/lib/libz/deflate.h | 31 +- sys/lib/libz/inflate.c | 2 +- sys/lib/libz/inftrees.c | 2 +- sys/lib/libz/inftrees.h | 4 +- sys/lib/libz/trees.c | 18 +- sys/lib/libz/zlib.h | 16 +- sys/net/if_vxlan.c | 8 +- sys/netinet/tcp_input.c | 147 +++-- sys/netinet/tcp_usrreq.c | 8 +- sys/netinet/tcp_var.h | 88 +-- sys/sys/disk.h | 4 +- sys/sys/kstat.h | 7 +- usr.bin/awk/b.c | 25 +- usr.bin/grep/grep.1 | 8 +- usr.bin/grep/util.c | 11 +- usr.bin/kstat/kstat.c | 79 ++- usr.bin/openssl/pkcs12.c | 15 +- usr.bin/openssl/ts.c | 13 +- usr.bin/ssh/channels.c | 19 +- usr.bin/ssh/channels.h | 3 +- usr.bin/ssh/clientloop.c | 4 +- usr.bin/ssh/sshconnect.c | 10 +- usr.bin/tmux/arguments.c | 5 +- usr.sbin/fw_update/fw_update.sh | 165 +++-- usr.sbin/ikectl/ikeca.cnf | 4 +- usr.sbin/ntpd/ntp.h | 4 +- usr.sbin/ntpd/util.c | 11 +- usr.sbin/rpki-client/crl.c | 20 +- usr.sbin/rpki-client/extern.h | 4 +- usr.sbin/rpki-client/print.c | 13 +- usr.sbin/rpki-client/x509.c | 32 +- usr.sbin/smtpd/dns.c | 5 +- usr.sbin/snmpd/application.c | 18 +- 202 files changed, 3004 insertions(+), 4921 deletions(-) delete mode 100644 lib/libcrypto/man/ENGINE_add.3 delete mode 100644 lib/libcrypto/man/ENGINE_ctrl.3 delete mode 100644 lib/libcrypto/man/ENGINE_get_default_RSA.3 delete mode 100644 lib/libcrypto/man/ENGINE_init.3 delete mode 100644 lib/libcrypto/man/ENGINE_register_RSA.3 delete mode 100644 lib/libcrypto/man/ENGINE_register_all_RSA.3 delete mode 100644 lib/libcrypto/man/ENGINE_set_RSA.3 delete mode 100644 lib/libcrypto/man/ENGINE_set_default.3 delete mode 100644 lib/libcrypto/man/ENGINE_set_flags.3 delete mode 100644 lib/libcrypto/man/ENGINE_unregister_RSA.3 create mode 100644 regress/usr.bin/grep/t28.in create mode 100644 regress/usr.bin/grep/t28_1.out create mode 100644 regress/usr.bin/grep/t28_2.out create mode 100644 regress/usr.bin/grep/t28_3.out create mode 100644 regress/usr.bin/grep/t28_4.out create mode 100644 regress/usr.bin/grep/t28_5.out create mode 100644 regress/usr.bin/grep/t28_6.out create mode 100644 regress/usr.bin/grep/t28_7.out create mode 100644 regress/usr.bin/grep/t28_8.out create mode 100644 share/zoneinfo/datfiles/leap-seconds.list delete mode 100644 share/zoneinfo/datfiles/leapseconds create mode 100755 share/zoneinfo/leapseconds.awk create mode 100644 share/zoneinfo/version create mode 100644 share/zoneinfo/ziguard.awk create mode 100644 share/zoneinfo/zishrink.awk diff --git a/distrib/sets/lists/base/mi b/distrib/sets/lists/base/mi index 6e126fe50..1d6334861 100644 --- a/distrib/sets/lists/base/mi +++ b/distrib/sets/lists/base/mi @@ -6506,7 +6506,10 @@ ./usr/share/zoneinfo/W-SU ./usr/share/zoneinfo/WET ./usr/share/zoneinfo/Zulu +./usr/share/zoneinfo/leap-seconds.list +./usr/share/zoneinfo/leapseconds ./usr/share/zoneinfo/posixrules +./usr/share/zoneinfo/tzdata.zi ./usr/share/zoneinfo/zone.tab ./usr/share/zoneinfo/zone1970.tab ./var diff --git a/distrib/sets/lists/comp/mi b/distrib/sets/lists/comp/mi index a6109dea5..33a646b16 100644 --- a/distrib/sets/lists/comp/mi +++ b/distrib/sets/lists/comp/mi @@ -1893,17 +1893,7 @@ ./usr/share/man/man3/EC_KEY_new.3 ./usr/share/man/man3/EC_POINT_add.3 ./usr/share/man/man3/EC_POINT_new.3 -./usr/share/man/man3/ENGINE_add.3 -./usr/share/man/man3/ENGINE_ctrl.3 -./usr/share/man/man3/ENGINE_get_default_RSA.3 -./usr/share/man/man3/ENGINE_init.3 ./usr/share/man/man3/ENGINE_new.3 -./usr/share/man/man3/ENGINE_register_RSA.3 -./usr/share/man/man3/ENGINE_register_all_RSA.3 -./usr/share/man/man3/ENGINE_set_RSA.3 -./usr/share/man/man3/ENGINE_set_default.3 -./usr/share/man/man3/ENGINE_set_flags.3 -./usr/share/man/man3/ENGINE_unregister_RSA.3 ./usr/share/man/man3/ERR.3 ./usr/share/man/man3/ERR_GET_LIB.3 ./usr/share/man/man3/ERR_asprintf_error_data.3 diff --git a/etc/root/dot.login b/etc/root/dot.login index a347eb868..1f5791e34 100644 --- a/etc/root/dot.login +++ b/etc/root/dot.login @@ -1,15 +1,11 @@ -# $OpenBSD: dot.login,v 1.14 2009/12/20 15:35:35 deraadt Exp $ +# $OpenBSD: dot.login,v 1.15 2023/11/16 16:03:51 millert Exp $ # # csh login file if ( -x /usr/bin/tset ) then set noglob histchars="" onintr finish - if ( $?XTERM_VERSION ) then - eval `tset -IsQ '-munknown:?vt220' $TERM` - else - eval `tset -sQ '-munknown:?vt220' $TERM` - endif + eval `tset -IsQ '-munknown:?vt220' $TERM` finish: unset noglob histchars onintr diff --git a/etc/root/dot.profile b/etc/root/dot.profile index 1332dbf08..25b89cb62 100644 --- a/etc/root/dot.profile +++ b/etc/root/dot.profile @@ -1,4 +1,4 @@ -# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $ +# $OpenBSD: dot.profile,v 1.10 2023/11/16 16:03:51 millert Exp $ # # sh/ksh initialization @@ -11,11 +11,7 @@ umask 022 case "$-" in *i*) # interactive shell if [ -x /usr/bin/tset ]; then - if [ X"$XTERM_VERSION" = X"" ]; then - eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM` - else - eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM` - fi + eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM` fi ;; esac diff --git a/etc/skel/dot.login b/etc/skel/dot.login index 1087d67d3..e6f84d586 100644 --- a/etc/skel/dot.login +++ b/etc/skel/dot.login @@ -1,13 +1,9 @@ -# $OpenBSD: dot.login,v 1.6 2015/12/15 16:37:58 deraadt Exp $ +# $OpenBSD: dot.login,v 1.7 2023/11/16 16:05:13 millert Exp $ # # csh login file if ( ! $?TERMCAP ) then - if ( $?XTERM_VERSION ) then - tset -IQ '-munknown:?vt220' $TERM - else - tset -Q '-munknown:?vt220' $TERM - endif + tset -IQ '-munknown:?vt220' $TERM endif stty newcrt crterase diff --git a/etc/skel/dot.version b/etc/skel/dot.version index cab1d12d7..5f599ba13 100644 --- a/etc/skel/dot.version +++ b/etc/skel/dot.version @@ -1 +1 @@ -# SecBSD 1.4-3174c54: Tue Nov 14 10 00:45:01 UTC 2023 (Mictlantecuhtli) +# SecBSD 1.4-731e06f: Mon Nov 20 02:17:28 UTC 2023 (Mictlantecuhtli) diff --git a/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td b/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td index f09bce005..39f678783 100644 --- a/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td +++ b/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td @@ -8113,7 +8113,7 @@ def err_typecheck_convert_pointer_int : Error< "; remove &}3">; def ext_typecheck_convert_pointer_int : ExtWarn< err_typecheck_convert_pointer_int.Summary>, - InGroup, DefaultError; + InGroup; def err_typecheck_convert_int_pointer : Error< "incompatible integer to pointer conversion " "%select{%diff{assigning to $ from $|assigning to different types}0,1" @@ -8133,7 +8133,7 @@ def err_typecheck_convert_int_pointer : Error< "; remove &}3">; def ext_typecheck_convert_int_pointer : ExtWarn< err_typecheck_convert_int_pointer.Summary>, - InGroup, DefaultError; + InGroup; def ext_typecheck_convert_pointer_void_func : Extension< "%select{%diff{assigning to $ from $|assigning to different types}0,1" "|%diff{passing $ to parameter of type $|" diff --git a/gnu/llvm/llvm/lib/Target/ARM/ARMISelLowering.cpp b/gnu/llvm/llvm/lib/Target/ARM/ARMISelLowering.cpp index 2e78b52d0..200d45053 100644 --- a/gnu/llvm/llvm/lib/Target/ARM/ARMISelLowering.cpp +++ b/gnu/llvm/llvm/lib/Target/ARM/ARMISelLowering.cpp @@ -21198,6 +21198,8 @@ bool ARMTargetLowering::shouldInsertFencesForAtomic( } bool ARMTargetLowering::useLoadStackGuardNode() const { + if (Subtarget->getTargetTriple().isOSOpenBSD()) + return false; // ROPI/RWPI are not supported currently. return !Subtarget->isROPI() && !Subtarget->isRWPI(); } diff --git a/gnu/llvm/llvm/lib/Target/PowerPC/PPCISelDAGToDAG.cpp b/gnu/llvm/llvm/lib/Target/PowerPC/PPCISelDAGToDAG.cpp index d80a33ff6..7704d1efc 100644 --- a/gnu/llvm/llvm/lib/Target/PowerPC/PPCISelDAGToDAG.cpp +++ b/gnu/llvm/llvm/lib/Target/PowerPC/PPCISelDAGToDAG.cpp @@ -5293,7 +5293,8 @@ void PPCDAGToDAGISel::Select(SDNode *N) { // generate secure plt code for TLS symbols. getGlobalBaseReg(); } break; - case PPCISD::CALL: { + case PPCISD::CALL: + case PPCISD::CALL_RM: { if (PPCLowering->getPointerTy(CurDAG->getDataLayout()) != MVT::i32 || !TM.isPositionIndependent() || !Subtarget->isSecurePlt() || !Subtarget->isTargetELF()) diff --git a/gnu/usr.bin/clang/Makefile.inc b/gnu/usr.bin/clang/Makefile.inc index f3f959cb0..f52706521 100644 --- a/gnu/usr.bin/clang/Makefile.inc +++ b/gnu/usr.bin/clang/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.27 2023/11/11 18:35:35 robert Exp $ +# $OpenBSD: Makefile.inc,v 1.28 2023/11/17 15:46:58 visa Exp $ CLANG_SRCS?= ${.CURDIR}/../../../llvm/clang LLDB_SRCS?= ${.CURDIR}/../../../llvm/lldb @@ -41,6 +41,7 @@ CXXFLAGS+= -mno-retpoline # Omit frame pointer to improve performance. .if ${MACHINE_ARCH} == "mips64" || ${MACHINE_ARCH} == "mips64el" CXXFLAGS+= -fomit-frame-pointer +CXXFLAGS+= -mxgot .endif CPPFLAGS+= -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS \ diff --git a/gnu/usr.bin/clang/include/llvm/AMDGPU/Makefile b/gnu/usr.bin/clang/include/llvm/AMDGPU/Makefile index 6a680750d..2abacfe3e 100644 --- a/gnu/usr.bin/clang/include/llvm/AMDGPU/Makefile +++ b/gnu/usr.bin/clang/include/llvm/AMDGPU/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.4 2021/12/17 14:55:44 patrick Exp $ +# $OpenBSD: Makefile,v 1.5 2023/11/16 15:05:44 robert Exp $ .include @@ -33,6 +33,10 @@ HDRS+= R600GenAsmWriter.inc \ HDRS+= InstCombineTables.inc +.if ${MACHINE_CPU} == "i386" +.NOTPARALLEL: ${HDRS} +.endif + all: ${HDRS} install: diff --git a/gnu/usr.bin/clang/libLLVMRISCVCodeGen/Makefile b/gnu/usr.bin/clang/libLLVMRISCVCodeGen/Makefile index a8fef8dfb..1b21714cd 100644 --- a/gnu/usr.bin/clang/libLLVMRISCVCodeGen/Makefile +++ b/gnu/usr.bin/clang/libLLVMRISCVCodeGen/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2023/11/11 18:35:37 robert Exp $ +# $OpenBSD: Makefile,v 1.4 2023/11/14 16:42:14 jca Exp $ LIB= LLVMRISCVCodeGen NOPROFILE= @@ -37,3 +37,4 @@ SRCS+= RISCVAsmPrinter.cpp \ RISCVTargetTransformInfo.cpp .PATH: ${.CURDIR}/../../../llvm/llvm/lib/Target/RISCV +.PATH: ${.CURDIR}/../../../llvm/llvm/lib/Target/RISCV/GISel diff --git a/lib/csu/aarch64/md_init.h b/lib/csu/aarch64/md_init.h index 6701c5c44..5d1f95506 100644 --- a/lib/csu/aarch64/md_init.h +++ b/lib/csu/aarch64/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.11 2023/03/31 18:46:24 kettenis Exp $ */ +/* $OpenBSD: md_init.h,v 1.12 2023/11/18 16:26:16 deraadt Exp $ */ /*- * Copyright (c) 2001 Ross Harvey @@ -112,10 +112,6 @@ " \n" \ " b ___start \n" \ " \n" \ - "_dl_exit: \n" \ - " mov x8, #" STR(SYS_exit) " \n" \ - " svc #0 \n" \ - " dsb nsh \n" \ - " isb \n" \ + "_csu_abort: \n" \ " udf #0 \n" \ ".previous"); diff --git a/lib/csu/alpha/md_init.h b/lib/csu/alpha/md_init.h index fa2143f24..60f21b53d 100644 --- a/lib/csu/alpha/md_init.h +++ b/lib/csu/alpha/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.12 2020/10/15 16:30:23 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.13 2023/11/18 16:26:16 deraadt Exp $ */ /*- * Copyright (c) 2001 Ross Harvey * All rights reserved. @@ -95,11 +95,9 @@ " mov $9, $16 \n" \ " mov 0, $17 \n" \ " jsr $26, ___start \n" \ - ".globl _dl_exit \n" \ - ".type _dl_exit@function \n" \ - "_dl_exit: \n" \ - " lda $0, " STR(SYS_exit) " \n" \ - " callsys \n" \ + ".globl _csu_abort \n" \ + ".type _csu_abort@function \n" \ + "_csu_abort: \n" \ " halt ") #define MD_START_ARGS char **sp, void (*cleanup)(void) diff --git a/lib/csu/amd64/md_init.h b/lib/csu/amd64/md_init.h index 9781a7614..d74566582 100644 --- a/lib/csu/amd64/md_init.h +++ b/lib/csu/amd64/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.10 2023/04/25 04:10:21 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.11 2023/11/18 16:26:16 deraadt Exp $ */ /*- * Copyright (c) 2001 Ross Harvey @@ -107,12 +107,10 @@ " addq $8,%rsp \n" \ " jmp ___start \n" \ " \n" \ - " .global _dl_exit \n" \ - " .type _dl_exit,@function \n" \ + " .global _csu_abort \n" \ + " .type _csu_abort,@function \n" \ " .align 8 \n" \ - "_dl_exit: \n" \ + "_csu_abort: \n" \ " endbr64 \n" \ - " movl $ " STR(SYS_exit) ", %eax \n" \ - " syscall \n" \ " int3 \n" \ " .previous") diff --git a/lib/csu/arm/md_init.h b/lib/csu/arm/md_init.h index fa6cf6309..3d9c7f6ac 100644 --- a/lib/csu/arm/md_init.h +++ b/lib/csu/arm/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.17 2020/10/19 17:57:40 naddy Exp $ */ +/* $OpenBSD: md_init.h,v 1.18 2023/11/18 16:26:16 deraadt Exp $ */ /*- * Copyright (c) 2001 Ross Harvey @@ -154,10 +154,6 @@ ".L__DYNAMIC: \n" \ " .long _DYNAMIC(GOTOFF) \n" \ " \n" \ - "_dl_exit: \n" \ - " mov r12, #" STR(SYS_exit) " \n" \ - " swi #0 \n" \ - " dsb nsh \n" \ - " isb \n" \ + "_csu_abort: \n" \ " udf #0 \n" \ ".previous"); diff --git a/lib/csu/boot.h b/lib/csu/boot.h index 72cbfee00..da6d424bd 100644 --- a/lib/csu/boot.h +++ b/lib/csu/boot.h @@ -1,4 +1,4 @@ -/* $OpenBSD: boot.h,v 1.34 2022/10/21 18:14:09 deraadt Exp $ */ +/* $OpenBSD: boot.h,v 1.35 2023/11/18 16:26:15 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -40,7 +40,7 @@ #include __dead -void _dl_exit(int); +void _csu_abort(void); #include "archdep.h" diff --git a/lib/csu/hppa/boot_md.h b/lib/csu/hppa/boot_md.h index a770f7af4..0a8f40607 100644 --- a/lib/csu/hppa/boot_md.h +++ b/lib/csu/hppa/boot_md.h @@ -1,4 +1,4 @@ -/* $OpenBSD: boot_md.h,v 1.4 2022/10/27 19:40:21 deraadt Exp $ */ +/* $OpenBSD: boot_md.h,v 1.5 2023/11/18 16:26:16 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -40,7 +40,7 @@ #include __dead -void _dl_exit(int); +void _csu_abort(void); #include "archdep.h" diff --git a/lib/csu/hppa/md_init.h b/lib/csu/hppa/md_init.h index ca3436853..120104f07 100644 --- a/lib/csu/hppa/md_init.h +++ b/lib/csu/hppa/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.15 2020/10/15 16:30:23 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.16 2023/11/18 16:26:16 deraadt Exp $ */ /* * Copyright (c) 2003 Dale Rahn. All rights reserved. @@ -137,17 +137,13 @@ " copy %dp, %r19 \n" \ " .exit \n" \ " .procend \n" \ - " .export _dl_exit, entry \n" \ - " .type _dl_exit,@function \n" \ - " .label _dl_exit \n" \ + " .export _csu_abort, entry \n" \ + " .type _csu_abort,@function \n" \ + " .label _csu_abort \n" \ " .proc \n" \ " .callinfo frame=0, calls \n" \ " .entry \n" \ - "_dl_exit: \n" \ - " stw %rp, -24(%sp) \n" \ - " ldil L%0xc0000000, %r1 \n" \ - " ble 4(%sr7, %r1) \n" \ - " ldi " STR(SYS_exit) ", %t1 \n" \ + "_csu_abort: \n" \ " break 0,0 \n" \ " .exit \n" \ " .procend") diff --git a/lib/csu/i386/md_init.h b/lib/csu/i386/md_init.h index 90a837432..3a100fca1 100644 --- a/lib/csu/i386/md_init.h +++ b/lib/csu/i386/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.12 2023/04/25 04:06:06 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.13 2023/11/18 16:26:16 deraadt Exp $ */ /*- * Copyright (c) 2001 Ross Harvey @@ -114,10 +114,8 @@ " call ___start # ___start(argc,argv,envp,0) \n" \ " \n" \ " .align 4 \n" \ - " .globl _dl_exit \n" \ - " .type _dl_exit,@function \n" \ - "_dl_exit: \n" \ - " mov $" STR(SYS_exit) ", %eax\n" \ - " int $0x80 \n" \ + " .globl _csu_abort \n" \ + " .type _csu_abort,@function \n" \ + "_csu_abort: \n" \ " int3 \n" \ " .previous") diff --git a/lib/csu/m88k/md_init.h b/lib/csu/m88k/md_init.h index f73ed3e23..6f37b9d2f 100644 --- a/lib/csu/m88k/md_init.h +++ b/lib/csu/m88k/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.9 2020/10/15 16:30:23 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.10 2023/11/18 16:26:16 deraadt Exp $ */ /* * Copyright (c) 2012 Miodrag Vallat. @@ -99,9 +99,6 @@ " addu %r4, %r4, 4 \n" \ " /* envp = argv + argc + 1 */ \n" \ \ - "_dl_exit: \n" \ - " or %r13, %r0, " STR(SYS_exit) " \n" \ - " tb0 0, %r0, 450 \n" \ - " or %r0, %r0, %r0 \n" \ + "_csu_abort: \n" \ " tb0 0, %r0, 130 /* breakpoint */ \n" \ " .previous"); diff --git a/lib/csu/mips64/boot_md.h b/lib/csu/mips64/boot_md.h index 09fb17f4d..dde114e81 100644 --- a/lib/csu/mips64/boot_md.h +++ b/lib/csu/mips64/boot_md.h @@ -1,4 +1,4 @@ -/* $OpenBSD: boot_md.h,v 1.3 2022/10/27 19:40:23 deraadt Exp $ */ +/* $OpenBSD: boot_md.h,v 1.5 2023/11/18 18:02:47 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -40,7 +40,7 @@ #include __dead -void _dl_exit(int); +void _csu_abort(void); #include "archdep.h" diff --git a/lib/csu/mips64/md_init.h b/lib/csu/mips64/md_init.h index 2d0bb2811..696cb7226 100644 --- a/lib/csu/mips64/md_init.h +++ b/lib/csu/mips64/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.20 2020/10/20 15:26:59 visa Exp $ */ +/* $OpenBSD: md_init.h,v 1.22 2023/11/19 00:46:54 deraadt Exp $ */ /*- * Copyright (c) 2001 Ross Harvey @@ -140,14 +140,12 @@ " dla $t9, ___start \n" \ " jr $t9 \n" \ " .end __start \n" \ - " .globl _dl_exit \n" \ - " .ent _dl_exit \n" \ - " .type _dl_exit, @function \n" \ - "_dl_exit: \n" \ - " li $v0, " STR(SYS_exit) " \n" \ - " syscall \n" \ + " .globl _csu_abort \n" \ + " .ent _csu_abort \n" \ + " .type _csu_abort, @function \n" \ + "_csu_abort: \n" \ " teq $zero, $zero, 0x52 \n" \ - " .end _dl_exit \n" \ + " .end _csu_abort \n" \ " .previous") struct kframe { diff --git a/lib/csu/powerpc/md_init.h b/lib/csu/powerpc/md_init.h index 96680e248..d46361b48 100644 --- a/lib/csu/powerpc/md_init.h +++ b/lib/csu/powerpc/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.11 2020/10/15 16:30:23 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.12 2023/11/18 16:26:16 deraadt Exp $ */ /*- * Copyright (c) 2001 Ross Harvey @@ -119,10 +119,8 @@ __asm( \ " \n" \ " .text \n" \ " .align 2 \n" \ -" .globl _dl_exit \n" \ -" .type _dl_exit, @function \n" \ -"_dl_exit: \n" \ -" li %r0, " STR(SYS_exit) " \n" \ -" sc \n" \ +" .globl _csu_abort \n" \ +" .type _csu_abort, @function \n" \ +"_csu_abort: \n" \ " .long 0 # illegal \n" \ ) diff --git a/lib/csu/powerpc64/md_init.h b/lib/csu/powerpc64/md_init.h index e2054bd57..110cc5b2e 100644 --- a/lib/csu/powerpc64/md_init.h +++ b/lib/csu/powerpc64/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.4 2020/10/15 16:30:23 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.5 2023/11/18 16:26:16 deraadt Exp $ */ /* * Copyright (c) 2020 Dale Rahn @@ -111,10 +111,8 @@ __asm( \ " li %r6, 0 \n" \ " bl ___start \n" \ " \n" \ -" .globl _dl_exit \n" \ -" .type _dl_exit, @function \n" \ -"_dl_exit: \n" \ -" li %r0, " STR(SYS_exit) " \n" \ -" sc \n" \ +" .globl _csu_abort \n" \ +" .type _csu_abort, @function \n" \ +"_csu_abort: \n" \ " .long 0 # illegal \n" \ ) diff --git a/lib/csu/riscv64/md_init.h b/lib/csu/riscv64/md_init.h index 1f454384c..62bf46385 100644 --- a/lib/csu/riscv64/md_init.h +++ b/lib/csu/riscv64/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.3 2021/07/22 18:16:13 kettenis Exp $ */ +/* $OpenBSD: md_init.h,v 1.4 2023/11/18 16:26:16 deraadt Exp $ */ /* * Copyright (c) 2020 Dale Rahn * @@ -107,8 +107,6 @@ " j ___start \n" \ " .size _start, .-_start \n" \ " .size __start, .-__start \n" \ - "_dl_exit: \n" \ - " li t0, " STR(SYS_exit) " \n" \ - " ecall \n" \ + "_csu_abort: \n" \ " unimp \n" \ ".previous"); diff --git a/lib/csu/sh/md_init.h b/lib/csu/sh/md_init.h index 305ac81a5..4bd405111 100644 --- a/lib/csu/sh/md_init.h +++ b/lib/csu/sh/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.10 2020/10/15 16:30:23 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.11 2023/11/18 16:26:16 deraadt Exp $ */ /* $NetBSD: dot_init.h,v 1.3 2005/12/24 22:02:10 perry Exp $ */ /*- @@ -131,10 +131,8 @@ __asm(".section " #section "\n" \ " .long _DYNAMIC - .L_offbase \n" \ \ " .align 2 \n" \ - " .globl _dl_exit \n" \ - " .type _dl_exit,@function \n" \ - "_dl_exit: \n" \ - " mov #" STR(SYS_exit) ", r0 \n" \ - " .word 0xc380 /* trapa #0x80 */ \n" \ + " .globl _csu_abort \n" \ + " .type _csu_abort,@function \n" \ + "_csu_abort: \n" \ " sleep /* illegal */ \n" \ ".previous") diff --git a/lib/csu/sparc64/md_init.h b/lib/csu/sparc64/md_init.h index d3e83a4cb..d34d1f45c 100644 --- a/lib/csu/sparc64/md_init.h +++ b/lib/csu/sparc64/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.9 2020/10/15 16:30:23 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.10 2023/11/18 16:26:16 deraadt Exp $ */ /*- * Copyright (c) 2001 Ross Harvey @@ -100,10 +100,8 @@ " ba,pt %icc, ___start \n" \ " clr %o1 \n" \ " \n" \ - " .global _dl_exit \n" \ - "_dl_exit: \n" \ - " mov " STR(SYS_exit) ", %g1 \n" \ - " t 0 \n" \ + " .global _csu_abort \n" \ + "_csu_abort: \n" \ " unimp \n" \ " .previous") diff --git a/lib/libcrypto/asn1/a_pkey.c b/lib/libcrypto/asn1/a_pkey.c index 6e715d4f9..1e8ebc913 100644 --- a/lib/libcrypto/asn1/a_pkey.c +++ b/lib/libcrypto/asn1/a_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_pkey.c,v 1.6 2023/07/07 19:37:52 beck Exp $ */ +/* $OpenBSD: a_pkey.c,v 1.7 2023/11/19 15:46:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,10 +67,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "asn1_local.h" #include "evp_local.h" @@ -87,10 +83,6 @@ d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) } } else { ret = *a; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ret->engine); - ret->engine = NULL; -#endif } if (!EVP_PKEY_set_type(ret, type)) { diff --git a/lib/libcrypto/asn1/ameth_lib.c b/lib/libcrypto/asn1/ameth_lib.c index 153ad21a8..42f2f6fd5 100644 --- a/lib/libcrypto/asn1/ameth_lib.c +++ b/lib/libcrypto/asn1/ameth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ameth_lib.c,v 1.32 2023/07/07 19:37:52 beck Exp $ */ +/* $OpenBSD: ameth_lib.c,v 1.33 2023/11/19 15:46:09 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -64,10 +64,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "asn1_local.h" #include "evp_local.h" @@ -170,15 +166,6 @@ EVP_PKEY_asn1_find(ENGINE **pe, int type) type = mp->pkey_base_id; } if (pe) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e; - /* type will contain the final unaliased type */ - e = ENGINE_get_pkey_asn1_meth_engine(type); - if (e) { - *pe = e; - return ENGINE_get_pkey_asn1_meth(e, type); - } -#endif *pe = NULL; } return mp; @@ -193,20 +180,6 @@ EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len) if (len == -1) len = strlen(str); if (pe) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e; - ameth = ENGINE_pkey_asn1_find_str(&e, str, len); - if (ameth) { - /* Convert structural into - * functional reference - */ - if (!ENGINE_init(e)) - ameth = NULL; - ENGINE_free(e); - *pe = e; - return ameth; - } -#endif *pe = NULL; } for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) { diff --git a/lib/libcrypto/conf/conf_mall.c b/lib/libcrypto/conf/conf_mall.c index 18631b3ba..e2a1d2db0 100644 --- a/lib/libcrypto/conf/conf_mall.c +++ b/lib/libcrypto/conf/conf_mall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_mall.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: conf_mall.c,v 1.10 2023/11/19 15:46:09 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -65,10 +65,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - /* Load all OpenSSL builtin modules */ void @@ -76,7 +72,4 @@ OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ ASN1_add_oid_module(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_add_conf_module(); -#endif } diff --git a/lib/libcrypto/conf/conf_sap.c b/lib/libcrypto/conf/conf_sap.c index 827cf96e7..689b7a325 100644 --- a/lib/libcrypto/conf/conf_sap.c +++ b/lib/libcrypto/conf/conf_sap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_sap.c,v 1.14 2018/03/19 03:56:08 beck Exp $ */ +/* $OpenBSD: conf_sap.c,v 1.15 2023/11/19 15:46:09 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -67,10 +67,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, * unless this is overridden by calling OPENSSL_no_config() @@ -84,10 +80,6 @@ static void OPENSSL_config_internal(void) { OPENSSL_load_builtin_modules(); -#ifndef OPENSSL_NO_ENGINE - /* Need to load ENGINEs */ - ENGINE_load_builtin_engines(); -#endif /* Add others here? */ ERR_clear_error(); diff --git a/lib/libcrypto/crypto_init.c b/lib/libcrypto/crypto_init.c index a2c1c786c..2b39d2604 100644 --- a/lib/libcrypto/crypto_init.c +++ b/lib/libcrypto/crypto_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_init.c,v 1.11 2023/07/08 08:28:23 beck Exp $ */ +/* $OpenBSD: crypto_init.c,v 1.12 2023/11/19 15:46:09 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck * @@ -22,9 +22,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include #include @@ -84,9 +81,6 @@ OPENSSL_cleanup(void) ERR_free_strings(); CRYPTO_cleanup_all_ex_data(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif EVP_cleanup(); ASN1_STRING_TABLE_cleanup(); diff --git a/lib/libcrypto/dh/dh_lib.c b/lib/libcrypto/dh/dh_lib.c index 8d6378768..90ce7625c 100644 --- a/lib/libcrypto/dh/dh_lib.c +++ b/lib/libcrypto/dh/dh_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_lib.c,v 1.41 2023/08/13 12:09:14 tb Exp $ */ +/* $OpenBSD: dh_lib.c,v 1.42 2023/11/19 15:46:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,10 +65,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "dh_local.h" static const DH_METHOD *default_DH_method = NULL; @@ -101,10 +97,6 @@ DH_set_method(DH *dh, const DH_METHOD *meth) mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(dh->engine); - dh->engine = NULL; -#endif dh->meth = meth; if (meth->init) meth->init(dh); @@ -133,24 +125,6 @@ DH_new_method(ENGINE *engine) dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; dh->references = 1; -#ifndef OPENSSL_NO_ENGINE - if (engine != NULL) { - if (!ENGINE_init(engine)) { - DHerror(ERR_R_ENGINE_LIB); - goto err; - } - dh->engine = engine; - } else - dh->engine = ENGINE_get_default_DH(); - if (dh->engine != NULL) { - if ((dh->meth = ENGINE_get_DH(dh->engine)) == NULL) { - DHerror(ERR_R_ENGINE_LIB); - goto err; - } - dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; - } -#endif - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data)) goto err; if (dh->meth->init != NULL && !dh->meth->init(dh)) @@ -178,9 +152,6 @@ DH_free(DH *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); diff --git a/lib/libcrypto/dsa/dsa_lib.c b/lib/libcrypto/dsa/dsa_lib.c index a9d2179ae..5c01c2025 100644 --- a/lib/libcrypto/dsa/dsa_lib.c +++ b/lib/libcrypto/dsa/dsa_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_lib.c,v 1.44 2023/08/12 06:14:36 tb Exp $ */ +/* $OpenBSD: dsa_lib.c,v 1.45 2023/11/19 15:46:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,9 +70,6 @@ #ifndef OPENSSL_NO_DH #include #endif -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include "dh_local.h" #include "dsa_local.h" @@ -113,10 +110,6 @@ DSA_set_method(DSA *dsa, const DSA_METHOD *meth) mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(dsa->engine); - dsa->engine = NULL; -#endif dsa->meth = meth; if (meth->init) meth->init(dsa); @@ -138,24 +131,6 @@ DSA_new_method(ENGINE *engine) dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; dsa->references = 1; -#ifndef OPENSSL_NO_ENGINE - if (engine) { - if (!ENGINE_init(engine)) { - DSAerror(ERR_R_ENGINE_LIB); - goto err; - } - dsa->engine = engine; - } else - dsa->engine = ENGINE_get_default_DSA(); - if (dsa->engine != NULL) { - if ((dsa->meth = ENGINE_get_DSA(dsa->engine)) == NULL) { - DSAerror(ERR_R_ENGINE_LIB); - goto err; - } - dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; - } -#endif - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data)) goto err; if (dsa->meth->init != NULL && !dsa->meth->init(dsa)) @@ -184,9 +159,6 @@ DSA_free(DSA *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); diff --git a/lib/libcrypto/ec/ec_key.c b/lib/libcrypto/ec/ec_key.c index d9ddd5d79..2716db6dd 100644 --- a/lib/libcrypto/ec/ec_key.c +++ b/lib/libcrypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.37 2023/08/03 18:53:56 tb Exp $ */ +/* $OpenBSD: ec_key.c,v 1.38 2023/11/19 15:46:09 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -65,9 +65,6 @@ #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include "bn_local.h" @@ -115,9 +112,6 @@ EC_KEY_free(EC_KEY *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); EC_GROUP_free(r->group); @@ -138,11 +132,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) if (src->meth != dest->meth) { if (dest->meth != NULL && dest->meth->finish != NULL) dest->meth->finish(dest); -#ifndef OPENSSL_NO_ENGINE - if (ENGINE_finish(dest->engine) == 0) - return 0; - dest->engine = NULL; -#endif } /* copy the parameters */ if (src->group) { @@ -186,11 +175,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) return NULL; if (src->meth != dest->meth) { -#ifndef OPENSSL_NO_ENGINE - if (src->engine != NULL && ENGINE_init(src->engine) == 0) - return 0; - dest->engine = src->engine; -#endif dest->meth = src->meth; } diff --git a/lib/libcrypto/ec/ec_kmeth.c b/lib/libcrypto/ec/ec_kmeth.c index 38aca0028..856afc89d 100644 --- a/lib/libcrypto/ec/ec_kmeth.c +++ b/lib/libcrypto/ec/ec_kmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_kmeth.c,v 1.12 2023/07/28 09:28:37 tb Exp $ */ +/* $OpenBSD: ec_kmeth.c,v 1.13 2023/11/19 15:46:09 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -53,9 +53,6 @@ */ #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include "bn_local.h" @@ -126,11 +123,6 @@ EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth) if (finish != NULL) finish(key); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(key->engine); - key->engine = NULL; -#endif - key->meth = meth; if (meth->init != NULL) return meth->init(key); @@ -148,23 +140,6 @@ EC_KEY_new_method(ENGINE *engine) return NULL; } ret->meth = EC_KEY_get_default_method(); -#ifndef OPENSSL_NO_ENGINE - if (engine != NULL) { - if (!ENGINE_init(engine)) { - ECerror(ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_EC(); - if (ret->engine) { - ret->meth = ENGINE_get_EC(ret->engine); - if (ret->meth == NULL) { - ECerror(ERR_R_ENGINE_LIB); - goto err; - } - } -#endif ret->version = 1; ret->flags = 0; ret->group = NULL; diff --git a/lib/libcrypto/engine/engine.h b/lib/libcrypto/engine/engine.h index 1e04b61e5..bb5112a02 100644 --- a/lib/libcrypto/engine/engine.h +++ b/lib/libcrypto/engine/engine.h @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.h,v 1.42 2023/08/04 05:44:51 tb Exp $ */ +/* $OpenBSD: engine.h,v 1.43 2023/11/19 15:41:46 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -89,8 +89,6 @@ extern "C" { #endif -/* These flags are used to control combinations of algorithm (methods) - * by bitwise "OR"ing. */ #define ENGINE_METHOD_RSA (unsigned int)0x0001 #define ENGINE_METHOD_DSA (unsigned int)0x0002 #define ENGINE_METHOD_DH (unsigned int)0x0004 @@ -101,145 +99,43 @@ extern "C" { #define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 #define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 #define ENGINE_METHOD_EC (unsigned int)0x0800 -/* Obvious all-or-nothing cases. */ #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 -/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used - * internally to control registration of ENGINE implementations, and can be set - * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to - * initialise registered ENGINEs if they are not already initialised. */ #define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 -/* ENGINE flags that can be set by ENGINE_set_flags(). */ -/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */ - -/* This flag is for ENGINEs that wish to handle the various 'CMD'-related - * control commands on their own. Without this flag, ENGINE_ctrl() handles these - * control commands on behalf of the ENGINE using their "cmd_defns" data. */ #define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 - -/* This flag is for ENGINEs who return new duplicate structures when found via - * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl() - * commands are called in sequence as part of some stateful process like - * key-generation setup and execution), it can set this flag - then each attempt - * to obtain the ENGINE will result in it being copied into a new structure. - * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments - * the existing ENGINE's structural reference count. */ #define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 - -/* This flag if for an ENGINE that does not want its methods registered as - * part of ENGINE_register_all_complete() for example if the methods are - * not usable as default methods. - */ - #define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 - -/* ENGINEs can support their own command types, and these flags are used in - * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each - * command expects. Currently only numeric and string input is supported. If a - * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options, - * then it is regarded as an "internal" control command - and not for use in - * config setting situations. As such, they're not available to the - * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to - * this list of 'command types' should be reflected carefully in - * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */ - -/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 -/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to - * ENGINE_ctrl) */ #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 -/* Indicates that the control command takes *no* input. Ie. the control command - * is unparameterised. */ #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 -/* Indicates that the control command is internal. This control command won't - * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() - * function. */ #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 -/* NB: These 3 control commands are deprecated and should not be used. ENGINEs - * relying on these commands should compile conditional support for - * compatibility (eg. if these symbols are defined) but should also migrate the - * same functionality to their own ENGINE-specific control functions that can be - * "discovered" by calling applications. The fact these control commands - * wouldn't be "executable" (ie. usable by text-based config) doesn't change the - * fact that application code can find and use them without requiring per-ENGINE - * hacking. */ - -/* These flags are used to tell the ctrl function what should be done. - * All command numbers are shared between all engines, even if some don't - * make sense to some engines. In such a case, they do nothing but return - * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ #define ENGINE_CTRL_SET_LOGSTREAM 1 #define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 -#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any - handles/connections etc. */ -#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ -#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used - when calling the password - callback and the user - interface */ -#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given - a string that represents a - file name or so */ -#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given - section in the already loaded - configuration */ +#define ENGINE_CTRL_HUP 3 +#define ENGINE_CTRL_SET_USER_INTERFACE 4 +#define ENGINE_CTRL_SET_CALLBACK_DATA 5 +#define ENGINE_CTRL_LOAD_CONFIGURATION 6 +#define ENGINE_CTRL_LOAD_SECTION 7 -/* These control commands allow an application to deal with an arbitrary engine - * in a dynamic way. Warn: Negative return values indicate errors FOR THESE - * COMMANDS because zero is used to indicate 'end-of-list'. Other commands, - * including ENGINE-specific command types, return zero for an error. - * - * An ENGINE can choose to implement these ctrl functions, and can internally - * manage things however it chooses - it does so by setting the - * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the - * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns - * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl() - * handler need only implement its own commands - the above "meta" commands will - * be taken care of. */ - -/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then - * all the remaining control commands will return failure, so it is worth - * checking this first if the caller is trying to "discover" the engine's - * capabilities and doesn't want errors generated unnecessarily. */ #define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 -/* Returns a positive command number for the first command supported by the - * engine. Returns zero if no ctrl commands are supported. */ #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 -/* The 'long' argument specifies a command implemented by the engine, and the - * return value is the next command supported, or zero if there are no more. */ #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 -/* The 'void*' argument is a command name (cast from 'const char *'), and the - * return value is the command that corresponds to it. */ #define ENGINE_CTRL_GET_CMD_FROM_NAME 13 -/* The next two allow a command to be converted into its corresponding string - * form. In each case, the 'long' argument supplies the command. In the NAME_LEN - * case, the return value is the length of the command name (not counting a - * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer - * large enough, and it will be populated with the name of the command (WITH a - * trailing EOL). */ #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 #define ENGINE_CTRL_GET_NAME_FROM_CMD 15 -/* The next two are similar but give a "short description" of a command. */ #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 #define ENGINE_CTRL_GET_DESC_FROM_CMD 17 -/* With this command, the return value is the OR'd combination of - * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given - * engine-specific ctrl command expects. */ #define ENGINE_CTRL_GET_CMD_FLAGS 18 -/* ENGINE implementations should start the numbering of their own control - * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ #define ENGINE_CMD_BASE 200 /* * Prototypes for the stub functions in engine_stubs.c. They are provided to - * build M2Crypto, Dovecot, apr-utils without patching. All the other garbage - * can hopefully go away soon. + * build M2Crypto, Dovecot, apr-utils without patching. */ -#ifdef OPENSSL_NO_ENGINE void ENGINE_load_builtin_engines(void); void ENGINE_load_dynamic(void); void ENGINE_load_openssl(void); @@ -261,7 +157,7 @@ int ENGINE_set_default(ENGINE *engine, unsigned int flags); ENGINE *ENGINE_get_default_RSA(void); int ENGINE_set_default_RSA(ENGINE *engine); -int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p, +int ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p, void (*f)(void), int cmd_optional); int ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg, int cmd_optional); @@ -270,460 +166,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *engine, const char *key_id, UI_METHOD *ui_method, void *callback_data); EVP_PKEY *ENGINE_load_public_key(ENGINE *engine, const char *key_id, UI_METHOD *ui_method, void *callback_data); -#else -/* If an ENGINE supports its own specific control commands and wishes the - * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its - * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries - * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that - * supports the stated commands (ie. the "cmd_num" entries as described by the - * array). NB: The array must be ordered in increasing order of cmd_num. - * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set - * to zero and/or cmd_name set to NULL. */ -typedef struct ENGINE_CMD_DEFN_st { - unsigned int cmd_num; /* The command number */ - const char *cmd_name; /* The command name itself */ - const char *cmd_desc; /* A short description of the command */ - unsigned int cmd_flags; /* The input the command expects */ -} ENGINE_CMD_DEFN; - -/* Generic function pointer */ -typedef int (*ENGINE_GEN_FUNC_PTR)(void); -/* Generic function pointer taking no arguments */ -typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); -/* Specific control function pointer */ -typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, - void (*f)(void)); -/* Generic load_key function pointer */ -typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, - UI_METHOD *ui_method, void *callback_data); -typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, - STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); - -/* These callback types are for an ENGINE's handler for cipher and digest logic. - * These handlers have these prototypes; - * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); - * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); - * Looking at how to implement these handlers in the case of cipher support, if - * the framework wants the EVP_CIPHER for 'nid', it will call; - * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) - * If the framework wants a list of supported 'nid's, it will call; - * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) - */ -/* Returns to a pointer to the array of supported cipher 'nid's. If the second - * parameter is non-NULL it is set to the size of the returned array. */ -typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, - const int **, int); -typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); -typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, - const int **, int); -typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, - const int **, int); - -/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE - * structures where the pointers have a "structural reference". This means that - * their reference is to allowed access to the structure but it does not imply - * that the structure is functional. To simply increment or decrement the - * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not - * required when iterating using ENGINE_get_next as it will automatically - * decrement the structural reference count of the "current" ENGINE and - * increment the structural reference count of the ENGINE it returns (unless it - * is NULL). */ - -/* Get the first/last "ENGINE" type available. */ -ENGINE *ENGINE_get_first(void); -ENGINE *ENGINE_get_last(void); -/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ -ENGINE *ENGINE_get_next(ENGINE *e); -ENGINE *ENGINE_get_prev(ENGINE *e); -/* Add another "ENGINE" type into the array. */ -int ENGINE_add(ENGINE *e); -/* Remove an existing "ENGINE" type from the array. */ -int ENGINE_remove(ENGINE *e); -/* Retrieve an engine from the list by its unique "id" value. */ -ENGINE *ENGINE_by_id(const char *id); -/* Add all the built-in engines. */ -void ENGINE_load_openssl(void); -void ENGINE_load_dynamic(void); -#ifndef OPENSSL_NO_STATIC_ENGINE -void ENGINE_load_padlock(void); -#endif -void ENGINE_load_builtin_engines(void); - -/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation - * "registry" handling. */ -unsigned int ENGINE_get_table_flags(void); -void ENGINE_set_table_flags(unsigned int flags); - -/* Manage registration of ENGINEs per "table". For each type, there are 3 - * functions; - * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) - * ENGINE_unregister_***(e) - unregister the implementation from 'e' - * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list - * Cleanup is automatically registered from each table when required, so - * ENGINE_cleanup() will reverse any "register" operations. */ - -int ENGINE_register_RSA(ENGINE *e); -void ENGINE_unregister_RSA(ENGINE *e); -void ENGINE_register_all_RSA(void); - -int ENGINE_register_DSA(ENGINE *e); -void ENGINE_unregister_DSA(ENGINE *e); -void ENGINE_register_all_DSA(void); - -int ENGINE_register_EC(ENGINE *e); -void ENGINE_unregister_EC(ENGINE *e); -void ENGINE_register_all_EC(void); - -int ENGINE_register_DH(ENGINE *e); -void ENGINE_unregister_DH(ENGINE *e); -void ENGINE_register_all_DH(void); - -int ENGINE_register_RAND(ENGINE *e); -void ENGINE_unregister_RAND(ENGINE *e); -void ENGINE_register_all_RAND(void); - -int ENGINE_register_STORE(ENGINE *e); -void ENGINE_unregister_STORE(ENGINE *e); -void ENGINE_register_all_STORE(void); - -int ENGINE_register_ciphers(ENGINE *e); -void ENGINE_unregister_ciphers(ENGINE *e); -void ENGINE_register_all_ciphers(void); - -int ENGINE_register_digests(ENGINE *e); -void ENGINE_unregister_digests(ENGINE *e); -void ENGINE_register_all_digests(void); - -int ENGINE_register_pkey_meths(ENGINE *e); -void ENGINE_unregister_pkey_meths(ENGINE *e); -void ENGINE_register_all_pkey_meths(void); - -int ENGINE_register_pkey_asn1_meths(ENGINE *e); -void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); -void ENGINE_register_all_pkey_asn1_meths(void); - -/* These functions register all support from the above categories. Note, use of - * these functions can result in static linkage of code your application may not - * need. If you only need a subset of functionality, consider using more - * selective initialisation. */ -int ENGINE_register_complete(ENGINE *e); -int ENGINE_register_all_complete(void); - -/* Send parametrised control commands to the engine. The possibilities to send - * down an integer, a pointer to data or a function pointer are provided. Any of - * the parameters may or may not be NULL, depending on the command number. In - * actuality, this function only requires a structural (rather than functional) - * reference to an engine, but many control commands may require the engine be - * functional. The caller should be aware of trying commands that require an - * operational ENGINE, and only use functional references in such situations. */ -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); - -/* This function tests if an ENGINE-specific command is usable as a "setting". - * Eg. in an application's config file that gets processed through - * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to - * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ -int ENGINE_cmd_is_executable(ENGINE *e, int cmd); - -/* This function works like ENGINE_ctrl() with the exception of taking a - * command name instead of a command number, and can handle optional commands. - * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to - * use the cmd_name and cmd_optional. */ -int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(void), int cmd_optional); - -/* This function passes a command-name and argument to an ENGINE. The cmd_name - * is converted to a command number and the control command is called using - * 'arg' as an argument (unless the ENGINE doesn't support such a command, in - * which case no control command is called). The command is checked for input - * flags, and if necessary the argument will be converted to a numeric value. If - * cmd_optional is non-zero, then if the ENGINE doesn't support the given - * cmd_name the return value will be success anyway. This function is intended - * for applications to use so that users (or config files) can supply - * engine-specific config data to the ENGINE at run-time to control behaviour of - * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl() - * functions that return data, deal with binary data, or that are otherwise - * supposed to be used directly through ENGINE_ctrl() in application code. Any - * "return" data from an ENGINE_ctrl() operation in this function will be lost - - * the return value is interpreted as failure if the return value is zero, - * success otherwise, and this function returns a boolean value as a result. In - * other words, vendors of 'ENGINE'-enabled devices should write ENGINE - * implementations with parameterisations that work in this scheme, so that - * compliant ENGINE-based applications can work consistently with the same - * configuration for the same ENGINE-enabled devices, across applications. */ -int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional); - -/* These functions are useful for manufacturing new ENGINE structures. They - * don't address reference counting at all - one uses them to populate an ENGINE - * structure with personalised implementations of things prior to using it - * directly or adding it to the builtin ENGINE list in OpenSSL. These are also - * here so that the ENGINE structure doesn't have to be exposed and break binary - * compatibility! */ -ENGINE *ENGINE_new(void); -int ENGINE_free(ENGINE *e); -int ENGINE_up_ref(ENGINE *e); -int ENGINE_set_id(ENGINE *e, const char *id); -int ENGINE_set_name(ENGINE *e, const char *name); -int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); -int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); -int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth); -int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); -int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); -int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); -int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); -int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); -int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); -int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); -int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); -int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); -int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, - ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); -int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); -int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); -int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); -int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); -int ENGINE_set_flags(ENGINE *e, int flags); -int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); -/* These functions allow control over any per-structure ENGINE data. */ -int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); -void *ENGINE_get_ex_data(const ENGINE *e, int idx); - -/* This function cleans up anything that needs it. Eg. the ENGINE_add() function - * automatically ensures the list cleanup function is registered to be called - * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure - * ENGINE_cleanup() will clean up after them. */ -void ENGINE_cleanup(void); - -/* These return values from within the ENGINE structure. These can be useful - * with functional references as well as structural references - it depends - * which you obtained. Using the result for functional purposes if you only - * obtained a structural reference may be problematic! */ -const char *ENGINE_get_id(const ENGINE *e); -const char *ENGINE_get_name(const ENGINE *e); -const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); -const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); -const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); -const DH_METHOD *ENGINE_get_DH(const ENGINE *e); -const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); -const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); -ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); -ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); -ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); -ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); -ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); -ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); -ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); -ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); -const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); -const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); -const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, - const char *str, int len); -const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, - const char *str, int len); -const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); -int ENGINE_get_flags(const ENGINE *e); - -/* FUNCTIONAL functions. These functions deal with ENGINE structures - * that have (or will) be initialised for use. Broadly speaking, the - * structural functions are useful for iterating the list of available - * engine types, creating new engine types, and other "list" operations. - * These functions actually deal with ENGINEs that are to be used. As - * such these functions can fail (if applicable) when particular - * engines are unavailable - eg. if a hardware accelerator is not - * attached or not functioning correctly. Each ENGINE has 2 reference - * counts; structural and functional. Every time a functional reference - * is obtained or released, a corresponding structural reference is - * automatically obtained or released too. */ - -/* Initialise a engine type for use (or up its reference count if it's - * already in use). This will fail if the engine is not currently - * operational and cannot initialise. */ -int ENGINE_init(ENGINE *e); -/* Free a functional reference to a engine type. This does not require - * a corresponding call to ENGINE_free as it also releases a structural - * reference. */ -int ENGINE_finish(ENGINE *e); - -/* The following functions handle keys that are stored in some secondary - * location, handled by the engine. The storage may be on a card or - * whatever. */ -EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, - STACK_OF(X509) **pother, - UI_METHOD *ui_method, void *callback_data); - -/* This returns a pointer for the current ENGINE structure that - * is (by default) performing any RSA operations. The value returned - * is an incremented reference, so it should be free'd (ENGINE_finish) - * before it is discarded. */ -ENGINE *ENGINE_get_default_RSA(void); -/* Same for the other "methods" */ -ENGINE *ENGINE_get_default_DSA(void); -ENGINE *ENGINE_get_default_EC(void); -ENGINE *ENGINE_get_default_DH(void); -ENGINE *ENGINE_get_default_RAND(void); -/* These functions can be used to get a functional reference to perform - * ciphering or digesting corresponding to "nid". */ -ENGINE *ENGINE_get_cipher_engine(int nid); -ENGINE *ENGINE_get_digest_engine(int nid); -ENGINE *ENGINE_get_pkey_meth_engine(int nid); -ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); - -/* This sets a new default ENGINE structure for performing RSA - * operations. If the result is non-zero (success) then the ENGINE - * structure will have had its reference count up'd so the caller - * should still free their own reference 'e'. */ -int ENGINE_set_default_RSA(ENGINE *e); -int ENGINE_set_default_string(ENGINE *e, const char *def_list); -/* Same for the other "methods" */ -int ENGINE_set_default_DSA(ENGINE *e); -int ENGINE_set_default_EC(ENGINE *e); -int ENGINE_set_default_DH(ENGINE *e); -int ENGINE_set_default_RAND(ENGINE *e); -int ENGINE_set_default_ciphers(ENGINE *e); -int ENGINE_set_default_digests(ENGINE *e); -int ENGINE_set_default_pkey_meths(ENGINE *e); -int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); - -/* The combination "set" - the flags are bitwise "OR"d from the - * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" - * function, this function can result in unnecessary static linkage. If your - * application requires only specific functionality, consider using more - * selective functions. */ -int ENGINE_set_default(ENGINE *e, unsigned int flags); - -void ENGINE_add_conf_module(void); - -/* Deprecated functions ... */ -/* int ENGINE_clear_defaults(void); */ - -/**************************/ -/* DYNAMIC ENGINE SUPPORT */ -/**************************/ - -/* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 -/* Binary versions older than this are too old for us (whether we're a loader or - * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 - -/* When compiling an ENGINE entirely as an external shared library, loadable by - * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure - * type provides the calling application's (or library's) error functionality - * and memory management function pointers to the loaded library. These should - * be used/set in the loaded library code so that the loading application's - * 'state' will be used/changed in all operations. The 'static_state' pointer - * allows the loaded library to know if it shares the same static data as the - * calling application (or library), and thus whether these callbacks need to be - * set or not. */ -typedef void *(*dyn_MEM_malloc_cb)(size_t); -typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); -typedef void (*dyn_MEM_free_cb)(void *); -typedef struct st_dynamic_MEM_fns { - dyn_MEM_malloc_cb malloc_cb; - dyn_MEM_realloc_cb realloc_cb; - dyn_MEM_free_cb free_cb; -} dynamic_MEM_fns; -/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use - * these types so we (and any other dependent code) can simplify a bit?? */ -typedef void (*dyn_lock_locking_cb)(int, int, const char *, int); -typedef int (*dyn_lock_add_lock_cb)(int*, int, int, const char *, int); -typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)( - const char *, int); -typedef void (*dyn_dynlock_lock_cb)(int, struct CRYPTO_dynlock_value *, - const char *, int); -typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *, - const char *, int); -typedef struct st_dynamic_LOCK_fns { - dyn_lock_locking_cb lock_locking_cb; - dyn_lock_add_lock_cb lock_add_lock_cb; - dyn_dynlock_create_cb dynlock_create_cb; - dyn_dynlock_lock_cb dynlock_lock_cb; - dyn_dynlock_destroy_cb dynlock_destroy_cb; -} dynamic_LOCK_fns; -/* The top-level structure */ -typedef struct st_dynamic_fns { - void *static_state; - const ERR_FNS *err_fns; - const CRYPTO_EX_DATA_IMPL *ex_data_fns; - dynamic_MEM_fns mem_fns; - dynamic_LOCK_fns lock_fns; -} dynamic_fns; - -/* The version checking function should be of this prototype. NB: The - * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code. - * If this function returns zero, it indicates a (potential) version - * incompatibility and the loaded library doesn't believe it can proceed. - * Otherwise, the returned value is the (latest) version supported by the - * loading library. The loader may still decide that the loaded code's version - * is unsatisfactory and could veto the load. The function is expected to - * be implemented with the symbol name "v_check", and a default implementation - * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ -typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); -#define IMPLEMENT_DYNAMIC_CHECK_FN() \ - extern unsigned long v_check(unsigned long v); \ - extern unsigned long v_check(unsigned long v) { \ - if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ - return 0; } - -/* This function is passed the ENGINE structure to initialise with its own - * function and command settings. It should not adjust the structural or - * functional reference counts. If this function returns zero, (a) the load will - * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the - * structure, and (c) the shared library will be unloaded. So implementations - * should do their own internal cleanup in failure circumstances otherwise they - * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that - * the loader is looking for. If this is NULL, the shared library can choose to - * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared - * library must initialise only an ENGINE matching the passed 'id'. The function - * is expected to be implemented with the symbol name "bind_engine". A standard - * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where - * the parameter 'fn' is a callback function that populates the ENGINE structure - * and returns an int value (zero for failure). 'fn' should have prototype; - * [static] int fn(ENGINE *e, const char *id); */ -typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, - const dynamic_fns *fns); -#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ - extern \ - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ - extern \ - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ - if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ - if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ - fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ - return 0; \ - if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ - return 0; \ - if(!ERR_set_implementation(fns->err_fns)) return 0; \ - skip_cbs: \ - if(!fn(e,id)) return 0; \ - return 1; } - -/* If the loading application (or library) and the loaded ENGINE library share - * the same static data (eg. they're both dynamically linked to the same - * libcrypto.so) we need a way to avoid trying to set system callbacks - this - * would fail, and for the same reason that it's unnecessary to try. If the - * loaded ENGINE has (or gets from through the loader) its own copy of the - * libcrypto static data, we will need to set the callbacks. The easiest way to - * detect this is to have a function that returns a pointer to some static data - * and let the loading application and loaded ENGINE compare their respective - * values. */ - void *ENGINE_get_static_state(void); - -void ERR_load_ENGINE_strings(void); -#endif /* Error codes for the ENGINE functions. */ diff --git a/lib/libcrypto/engine/engine_stubs.c b/lib/libcrypto/engine/engine_stubs.c index 3621da80e..bd031e49f 100644 --- a/lib/libcrypto/engine/engine_stubs.c +++ b/lib/libcrypto/engine/engine_stubs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: engine_stubs.c,v 1.1 2023/07/21 09:04:23 tb Exp $ */ +/* $OpenBSD: engine_stubs.c,v 1.3 2023/11/19 15:47:40 tb Exp $ */ /* * Written by Theo Buehler. Public domain. @@ -6,8 +6,6 @@ #include -#ifdef OPENSSL_NO_ENGINE - void ENGINE_load_builtin_engines(void) { @@ -95,7 +93,7 @@ ENGINE_set_default_RSA(ENGINE *engine) } int -ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p, +ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p, void (*f)(void), int cmd_optional) { return 0; @@ -121,5 +119,3 @@ ENGINE_load_public_key(ENGINE *engine, const char *key_id, { return NULL; } - -#endif diff --git a/lib/libcrypto/err/err_all.c b/lib/libcrypto/err/err_all.c index 2c8a273f1..4829e46a1 100644 --- a/lib/libcrypto/err/err_all.c +++ b/lib/libcrypto/err/err_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err_all.c,v 1.32 2023/07/28 09:46:36 tb Exp $ */ +/* $OpenBSD: err_all.c,v 1.33 2023/11/19 15:46:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,9 +91,6 @@ #ifndef OPENSSL_NO_EC #include #endif -#ifndef OPENSSL_NO_ENGINE -#include -#endif #ifndef OPENSSL_NO_RSA #include #endif @@ -129,9 +126,6 @@ ERR_load_crypto_strings_internal(void) #endif #ifndef OPENSSL_NO_EC ERR_load_EC_strings(); -#endif -#ifndef OPENSSL_NO_ENGINE - ERR_load_ENGINE_strings(); #endif ERR_load_EVP_strings(); #ifndef OPENSSL_NO_GOST diff --git a/lib/libcrypto/evp/digest.c b/lib/libcrypto/evp/digest.c index ca3fb219c..9a2a30425 100644 --- a/lib/libcrypto/evp/digest.c +++ b/lib/libcrypto/evp/digest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest.c,v 1.38 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: digest.c,v 1.39 2023/11/19 15:46:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -118,10 +118,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "evp_local.h" int @@ -136,49 +132,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); -#ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unnecessary. */ - if (ctx->engine && ctx->digest && (!type || - (type && (type->type == ctx->digest->type)))) - goto skip_to_init; - if (type) { - /* Ensure an ENGINE left lying around from last time is cleared - * (the previous check attempted to avoid this if the same - * ENGINE and EVP_MD could be used). */ - ENGINE_finish(ctx->engine); - if (impl != NULL) { - if (!ENGINE_init(impl)) { - EVPerror(EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_digest_engine(type->type); - if (impl != NULL) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_MD *d = ENGINE_get_digest(impl, type->type); - if (d == NULL) { - /* Same comment from evp_enc.c */ - EVPerror(EVP_R_INITIALIZATION_ERROR); - ENGINE_finish(impl); - return 0; - } - /* We'll use the ENGINE's private digest definition */ - type = d; - /* Store the ENGINE functional reference so we know - * 'type' came from an ENGINE and we need to release - * it when done. */ - ctx->engine = impl; - } else - ctx->engine = NULL; - } else if (!ctx->digest) { - EVPerror(EVP_R_NO_DIGEST_SET); - return 0; - } -#endif if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { @@ -197,9 +150,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } } } -#ifndef OPENSSL_NO_ENGINE -skip_to_init: -#endif if (ctx->pctx) { int r; r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, @@ -266,13 +216,6 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVPerror(EVP_R_INPUT_NOT_INITIALIZED); return 0; } -#ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a digest context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - EVPerror(ERR_R_ENGINE_LIB); - return 0; - } -#endif if (out->digest == in->digest) { tmp_buf = out->md_data; @@ -397,9 +340,6 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) */ if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) EVP_PKEY_CTX_free(ctx->pctx); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ctx->engine); -#endif memset(ctx, 0, sizeof(*ctx)); return 1; diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c index 3d357f011..eb7f52028 100644 --- a/lib/libcrypto/evp/e_aes.c +++ b/lib/libcrypto/evp/e_aes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes.c,v 1.54 2023/09/28 11:29:10 tb Exp $ */ +/* $OpenBSD: e_aes.c,v 1.55 2023/11/18 09:37:15 tb Exp $ */ /* ==================================================================== * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * @@ -2460,7 +2460,11 @@ aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } if (iv != NULL) { - memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + int iv_len = EVP_CIPHER_CTX_iv_length(ctx); + + if (iv_len < 0 || iv_len > sizeof(ctx->iv)) + return 0; + memcpy(ctx->iv, iv, iv_len); wctx->iv = ctx->iv; } diff --git a/lib/libcrypto/evp/e_rc2.c b/lib/libcrypto/evp/e_rc2.c index 32559e223..202abc69c 100644 --- a/lib/libcrypto/evp/e_rc2.c +++ b/lib/libcrypto/evp/e_rc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc2.c,v 1.22 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_rc2.c,v 1.24 2023/11/18 10:46:58 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -338,17 +338,17 @@ rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) long num = 0; int i = 0; int key_bits; - unsigned int l; + int l; unsigned char iv[EVP_MAX_IV_LENGTH]; if (type != NULL) { l = EVP_CIPHER_CTX_iv_length(c); - if (l > sizeof(iv)) { + if (l < 0 || l > sizeof(iv)) { EVPerror(EVP_R_IV_TOO_LARGE); return -1; } i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); - if (i != (int)l) + if (i != l) return (-1); key_bits = rc2_magic_to_meth((int)num); if (!key_bits) @@ -373,6 +373,8 @@ rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { num = rc2_meth_to_magic(c); j = EVP_CIPHER_CTX_iv_length(c); + if (j < 0 || j > sizeof(c->oiv)) + return 0; i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); } return (i); @@ -381,9 +383,15 @@ rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { + int iv_len; + switch (type) { case EVP_CTRL_INIT: - data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; + data(c)->key_bits = 0; + /* XXX - upper bound? */ + if ((iv_len = EVP_CIPHER_CTX_key_length(c)) < 0) + return -1; + data(c)->key_bits = iv_len * 8; return 1; case EVP_CTRL_GET_RC2_KEY_BITS: diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c index 7534b4c9d..172d8b401 100644 --- a/lib/libcrypto/evp/evp_enc.c +++ b/lib/libcrypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.53 2023/09/10 16:53:56 tb Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.55 2023/11/19 15:46:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,10 +68,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "evp_local.h" int @@ -94,15 +90,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, enc = 1; ctx->encrypt = enc; } -#ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unnecessary. */ - if (ctx->engine && ctx->cipher && - (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) - goto skip_to_init; -#endif if (cipher) { /* Ensure a context left lying around from last time is cleared * (the previous check attempted to avoid this if the same @@ -114,32 +101,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, ctx->encrypt = enc; ctx->flags = flags; } -#ifndef OPENSSL_NO_ENGINE - if (impl) { - if (!ENGINE_init(impl)) { - EVPerror(EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_cipher_engine(cipher->nid); - if (impl) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_CIPHER *c = - ENGINE_get_cipher(impl, cipher->nid); - if (!c) { - EVPerror(EVP_R_INITIALIZATION_ERROR); - return 0; - } - /* We'll use the ENGINE's private cipher definition */ - cipher = c; - /* Store the ENGINE functional reference so we know - * 'cipher' came from an ENGINE and we need to release - * it when done. */ - ctx->engine = impl; - } else - ctx->engine = NULL; -#endif ctx->cipher = cipher; if (ctx->cipher->ctx_size) { @@ -163,9 +124,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, EVPerror(EVP_R_NO_CIPHER_SET); return 0; } -#ifndef OPENSSL_NO_ENGINE -skip_to_init: -#endif /* we assume block size is a power of 2 in *cryptUpdate */ if (ctx->cipher->block_size != 1 && ctx->cipher->block_size != 8 && @@ -181,6 +139,8 @@ skip_to_init: } if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { + int iv_len; + switch (EVP_CIPHER_CTX_mode(ctx)) { case EVP_CIPH_STREAM_CIPHER: @@ -194,25 +154,26 @@ skip_to_init: /* fall-through */ case EVP_CIPH_CBC_MODE: - - if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) > - sizeof(ctx->iv)) { + iv_len = EVP_CIPHER_CTX_iv_length(ctx); + if (iv_len < 0 || iv_len > sizeof(ctx->oiv)) { EVPerror(EVP_R_IV_TOO_LARGE); return 0; } - if (iv) - memcpy(ctx->oiv, iv, - EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, - EVP_CIPHER_CTX_iv_length(ctx)); + if (iv != NULL) + memcpy(ctx->oiv, iv, iv_len); + memcpy(ctx->iv, ctx->oiv, iv_len); break; case EVP_CIPH_CTR_MODE: ctx->num = 0; + iv_len = EVP_CIPHER_CTX_iv_length(ctx); + if (iv_len < 0 || iv_len > sizeof(ctx->iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } /* Don't reuse IV for CTR mode */ - if (iv) - memcpy(ctx->iv, iv, - EVP_CIPHER_CTX_iv_length(ctx)); + if (iv != NULL) + memcpy(ctx->iv, iv, iv_len); break; default: @@ -611,10 +572,6 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) /* XXX - store size of cipher_data so we can always freezero(). */ free(c->cipher_data); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(c->engine); -#endif - explicit_bzero(c, sizeof(EVP_CIPHER_CTX)); return 1; @@ -685,13 +642,6 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) EVPerror(EVP_R_INPUT_NOT_INITIALIZED); return 0; } -#ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a cipher context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - EVPerror(ERR_R_ENGINE_LIB); - return 0; - } -#endif EVP_CIPHER_CTX_cleanup(out); memcpy(out, in, sizeof *out); diff --git a/lib/libcrypto/evp/evp_lib.c b/lib/libcrypto/evp/evp_lib.c index f4e46aea4..55573b21d 100644 --- a/lib/libcrypto/evp/evp_lib.c +++ b/lib/libcrypto/evp/evp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_lib.c,v 1.28 2023/09/28 11:29:10 tb Exp $ */ +/* $OpenBSD: evp_lib.c,v 1.29 2023/11/18 09:37:15 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -98,16 +98,16 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int i = 0; - unsigned int l; + int l; if (type != NULL) { l = EVP_CIPHER_CTX_iv_length(c); - if (l > sizeof(c->iv)) { + if (l < 0 || l > sizeof(c->iv)) { EVPerror(EVP_R_IV_TOO_LARGE); return 0; } i = ASN1_TYPE_get_octetstring(type, c->oiv, l); - if (i != (int)l) + if (i != l) return (-1); else if (i > 0) memcpy(c->iv, c->oiv, l); @@ -119,11 +119,11 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int i = 0; - unsigned int j; + int j; if (type != NULL) { j = EVP_CIPHER_CTX_iv_length(c); - if (j > sizeof(c->iv)) { + if (j < 0 || j > sizeof(c->iv)) { EVPerror(EVP_R_IV_TOO_LARGE); return 0; } diff --git a/lib/libcrypto/evp/p_lib.c b/lib/libcrypto/evp/p_lib.c index 23ec8e603..eaeb456cb 100644 --- a/lib/libcrypto/evp/p_lib.c +++ b/lib/libcrypto/evp/p_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_lib.c,v 1.37 2023/09/10 17:32:17 tb Exp $ */ +/* $OpenBSD: p_lib.c,v 1.38 2023/11/19 15:46:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -77,10 +77,6 @@ #include #endif -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "asn1_local.h" #include "evp_local.h" @@ -245,19 +241,11 @@ pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len) */ if ((type == pkey->save_type) && pkey->ameth) return 1; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(pkey->engine); - pkey->engine = NULL; -#endif } if (str) ameth = EVP_PKEY_asn1_find_str(eptr, str, len); else ameth = EVP_PKEY_asn1_find(eptr, type); -#ifndef OPENSSL_NO_ENGINE - if (pkey == NULL && eptr != NULL) - ENGINE_finish(e); -#endif if (!ameth) { EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); return 0; @@ -583,9 +571,6 @@ EVP_PKEY_type(int type) ret = ameth->pkey_id; else ret = NID_undef; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(e); -#endif return ret; } @@ -626,10 +611,6 @@ EVP_PKEY_free_it(EVP_PKEY *x) x->ameth->pkey_free(x); x->pkey.ptr = NULL; } -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(x->engine); - x->engine = NULL; -#endif } static int diff --git a/lib/libcrypto/evp/p_seal.c b/lib/libcrypto/evp/p_seal.c index b98da9436..7f29ea0ca 100644 --- a/lib/libcrypto/evp/p_seal.c +++ b/lib/libcrypto/evp/p_seal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_seal.c,v 1.16 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: p_seal.c,v 1.17 2023/11/18 09:37:15 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,7 +74,7 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) { unsigned char key[EVP_MAX_KEY_LENGTH]; - int i; + int i, iv_len; if (type) { EVP_CIPHER_CTX_init(ctx); @@ -85,8 +85,11 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, return 1; if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; - if (EVP_CIPHER_CTX_iv_length(ctx)) - arc4random_buf(iv, EVP_CIPHER_CTX_iv_length(ctx)); + /* XXX - upper bound? */ + if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0) + return 0; + if (iv_len > 0) + arc4random_buf(iv, iv_len); if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) return 0; diff --git a/lib/libcrypto/evp/pmeth_lib.c b/lib/libcrypto/evp/pmeth_lib.c index b480a574f..7ebf27341 100644 --- a/lib/libcrypto/evp/pmeth_lib.c +++ b/lib/libcrypto/evp/pmeth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_lib.c,v 1.33 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: pmeth_lib.c,v 1.34 2023/11/19 15:43:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -68,10 +68,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "asn1_local.h" #include "evp_local.h" @@ -161,26 +157,8 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id) return NULL; id = pkey->ameth->pkey_id; } -#ifndef OPENSSL_NO_ENGINE - if (pkey != NULL && pkey->engine != NULL) - engine = pkey->engine; - /* Try to find an ENGINE which implements this method. */ - if (engine != NULL) { - if (!ENGINE_init(engine)) { - EVPerror(ERR_R_ENGINE_LIB); - return NULL; - } - } else - engine = ENGINE_get_pkey_meth_engine(id); - /* Look up method handler in ENGINE or use internal tables. */ - if (engine != NULL) - pmeth = ENGINE_get_pkey_meth(engine, id); - else -#endif - pmeth = EVP_PKEY_meth_find(id); - - if (pmeth == NULL) { + if ((pmeth = EVP_PKEY_meth_find(id)) == NULL) { EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); goto err; } @@ -205,9 +183,6 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id) err: EVP_PKEY_CTX_free(pkey_ctx); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(engine); -#endif return NULL; } @@ -275,22 +250,12 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) if (pctx->pmeth == NULL || pctx->pmeth->copy == NULL) goto err; -#ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a pkey context using an ENGINE */ - if (pctx->engine != NULL && !ENGINE_init(pctx->engine)) { - EVPerror(ERR_R_ENGINE_LIB); - goto err; - } -#endif if ((rctx = calloc(1, sizeof(*rctx))) == NULL) { EVPerror(ERR_R_MALLOC_FAILURE); goto err; } rctx->pmeth = pctx->pmeth; -#ifndef OPENSSL_NO_ENGINE - rctx->engine = pctx->engine; -#endif if ((rctx->pkey = pctx->pkey) != NULL) EVP_PKEY_up_ref(rctx->pkey); @@ -333,9 +298,6 @@ EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) ctx->pmeth->cleanup(ctx); EVP_PKEY_free(ctx->pkey); EVP_PKEY_free(ctx->peerkey); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ctx->engine); -#endif free(ctx); } diff --git a/lib/libcrypto/man/ASN1_TIME_set.3 b/lib/libcrypto/man/ASN1_TIME_set.3 index 3b649e05b..cf8dadbb3 100644 --- a/lib/libcrypto/man/ASN1_TIME_set.3 +++ b/lib/libcrypto/man/ASN1_TIME_set.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_TIME_set.3,v 1.20 2023/11/13 12:46:07 beck Exp $ +.\" $OpenBSD: ASN1_TIME_set.3,v 1.21 2023/11/16 14:20:49 tb Exp $ .\" full merge up to: OpenSSL 3d0f1cb9 Jul 11 03:01:24 2017 +0800 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 13 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt ASN1_TIME_SET 3 .Os .Sh NAME @@ -94,9 +94,9 @@ .Nm ASN1_TIME_cmp_time_t , .Nm ASN1_UTCTIME_cmp_time_t , .Nm ASN1_TIME_compare , -.Nm ASN1_TIME_to_generalizedtime -.Nm OPENSSL_gmtime, -.Nm OPENSSL_timegm, +.Nm ASN1_TIME_to_generalizedtime , +.Nm OPENSSL_gmtime , +.Nm OPENSSL_timegm .Nd ASN.1 Time functions .Sh SYNOPSIS .In openssl/asn1.h @@ -516,6 +516,19 @@ and functions act only on that specific time format, while the .Vt ASN1_TIME functions operate on either format. +.Pp +.Fn OPENSSL_gmtime +converts a time_t value in +.Fa time +to a struct tm in +.Fa out_tm +and also returns the struct passed in on success. +.Pp +.Fn OPENSSL_timegm +converts a time structure in UTC time in +.Fa tm +to a time_t value in +.Fa out_time . .Sh RETURN VALUES .Fn ASN1_TIME_set , .Fn ASN1_UTCTIME_set , @@ -576,21 +589,11 @@ is later than or \-2 on error. .Pp .Fn OPENSSL_timegm -converts a time structure in UTC time in -.Fa tm -to a time_t value in -.Fa out_time -.Fn OPENSSL_timegm returns 1 for success or 0 for failure. It can fail if the time is not representable in a time_t, or falls outside the range allowed in RFC 5280 times. .Pp .Fn OPENSSL_gmtime -converts a time_t value in -.Fa time -to a struct tm in -.Fa out_tm -.Fn OPENSSL_gmtime returns .Fa out_tm on success or NULL for failure. diff --git a/lib/libcrypto/man/BIO_ctrl.3 b/lib/libcrypto/man/BIO_ctrl.3 index d4515ea9a..2c537956e 100644 --- a/lib/libcrypto/man/BIO_ctrl.3 +++ b/lib/libcrypto/man/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_ctrl.3,v 1.24 2023/07/26 20:01:04 tb Exp $ +.\" $OpenBSD: BIO_ctrl.3,v 1.25 2023/11/16 20:19:23 schwarze Exp $ .\" full merge up to: OpenSSL 24a535eaf Tue Sep 22 13:14:20 2020 +0100 .\" selective merge up to: OpenSSL 0c5bc96f Tue Mar 15 13:57:22 2022 +0000 .\" @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 26 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_CTRL 3 .Os .Sh NAME @@ -307,11 +307,6 @@ and return a .Vt size_t type and are functions. -.Fn BIO_pending -and -.Fn BIO_wpending -are macros which call -.Fn BIO_ctrl . .Pp .Fn BIO_set_info_callback installs the function pointer diff --git a/lib/libcrypto/man/BIO_get_data.3 b/lib/libcrypto/man/BIO_get_data.3 index b4b0014d1..63750ac37 100644 --- a/lib/libcrypto/man/BIO_get_data.3 +++ b/lib/libcrypto/man/BIO_get_data.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_get_data.3,v 1.7 2022/12/19 14:40:14 schwarze Exp $ +.\" $OpenBSD: BIO_get_data.3,v 1.8 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 19 2022 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_GET_DATA 3 .Os .Sh NAME @@ -204,7 +204,7 @@ Application programs usually call macros like those documented in rather than calling .Fn BIO_test_flags directly. -Flag bits correspond to accessor functions as follows: +Flag bits correspond to accessor macros as follows: .Pp .Bl -tag -width BIO_FLAGS_SHOULD_RETRY -compact .It Dv BIO_FLAGS_READ @@ -319,6 +319,15 @@ object, call and .Xr BIO_get_close 3 instead. +.Pp +.Fn BIO_get_flags , +.Fn BIO_set_retry_read , +.Fn BIO_set_retry_write , +.Fn BIO_set_retry_special , +.Fn BIO_clear_retry_flags , +and +.Fn BIO_get_retry_flags +are implemented as macros. .Sh RETURN VALUES .Fn BIO_get_data returns a pointer to the implementation specific custom data associated diff --git a/lib/libcrypto/man/BIO_get_ex_new_index.3 b/lib/libcrypto/man/BIO_get_ex_new_index.3 index 69f0ffc43..54d00775e 100644 --- a/lib/libcrypto/man/BIO_get_ex_new_index.3 +++ b/lib/libcrypto/man/BIO_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.14 2023/07/21 04:39:49 tb Exp $ +.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.17 2023/11/19 10:26:36 tb Exp $ .\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" .\" This file was written by Rich Salz . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 21 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt BIO_GET_EX_NEW_INDEX 3 .Os .Sh NAME @@ -57,9 +57,6 @@ .Nm BIO_get_ex_data , .Nm BIO_set_app_data , .Nm BIO_get_app_data , -.Nm ENGINE_get_ex_new_index , -.Nm ENGINE_set_ex_data , -.Nm ENGINE_get_ex_data , .Nm UI_get_ex_new_index , .Nm UI_set_ex_data , .Nm UI_get_ex_data , @@ -72,7 +69,6 @@ .Nd application-specific data .Sh SYNOPSIS .In openssl/bio.h -.In openssl/engine.h .In openssl/ui.h .In openssl/x509.h .In openssl/ec.h @@ -126,21 +122,21 @@ with the correct index value. .Fn TYPE_set_ex_data is a function that calls .Xr CRYPTO_set_ex_data 3 -with an offset into the opaque exdata part of the +with an offset into the opaque ex_data part of the .Vt TYPE object. .Pp .Fn TYPE_get_ex_data is a function that calls .Xr CRYPTO_get_ex_data 3 -with an offset into the opaque exdata part of the +with an offset into the opaque ex_data part of the .Vt TYPE object. .Pp .Fn TYPE_set_app_data and .Fn TYPE_get_app_data -are deprecated wrappers that call +are deprecated wrapper macros that call .Fn TYPE_set_ex_data and .Fn TYPE_get_ex_data @@ -187,9 +183,6 @@ and first appeared in OpenSSL 0.9.5 and have been available since .Ox 2.7 . .Pp -.Fn ENGINE_get_ex_new_index , -.Fn ENGINE_set_ex_data , -.Fn ENGINE_get_ex_data , .Fn UI_get_ex_new_index , .Fn UI_set_ex_data , and diff --git a/lib/libcrypto/man/BIO_s_fd.3 b/lib/libcrypto/man/BIO_s_fd.3 index de5d5d700..852a06756 100644 --- a/lib/libcrypto/man/BIO_s_fd.3 +++ b/lib/libcrypto/man/BIO_s_fd.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_fd.3,v 1.12 2023/04/29 12:04:54 schwarze Exp $ +.\" $OpenBSD: BIO_s_fd.3,v 1.13 2023/11/16 20:19:23 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 29 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_S_FD 3 .Os .Sh NAME @@ -147,7 +147,6 @@ to .Fa fd and the close flag to .Fa close_flag . -It is currently implemented as a macro. .Pp .Fn BIO_get_fd places the file descriptor in @@ -155,7 +154,6 @@ places the file descriptor in if it is not .Dv NULL and also returns the file descriptor. -It is currently implemented as a macro. .Pp .Fn BIO_new_fd returns a file descriptor BIO using diff --git a/lib/libcrypto/man/BIO_s_file.3 b/lib/libcrypto/man/BIO_s_file.3 index 7b5890312..14950cad1 100644 --- a/lib/libcrypto/man/BIO_s_file.3 +++ b/lib/libcrypto/man/BIO_s_file.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_file.3,v 1.16 2023/05/01 07:04:38 jsg Exp $ +.\" $OpenBSD: BIO_s_file.3,v 1.17 2023/11/16 20:19:23 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 .\" @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 1 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_S_FILE 3 .Os .Sh NAME @@ -196,14 +196,12 @@ sets the file pointer of a file BIO to .Fa flags has the same meaning as in .Fn BIO_new_fp . -.Fn BIO_set_fp -is a macro. .Pp .Fn BIO_get_fp -retrieves the file pointer of a file BIO, it is a macro. +retrieves the file pointer of a file BIO. .Pp .Xr BIO_seek 3 -is a macro that sets the position pointer to +sets the position pointer to .Fa offset bytes from the start of file. .Pp diff --git a/lib/libcrypto/man/BIO_s_mem.3 b/lib/libcrypto/man/BIO_s_mem.3 index 475cd8869..d7bbf6af4 100644 --- a/lib/libcrypto/man/BIO_s_mem.3 +++ b/lib/libcrypto/man/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_mem.3,v 1.18 2023/04/29 12:04:54 schwarze Exp $ +.\" $OpenBSD: BIO_s_mem.3,v 1.19 2023/11/16 20:19:23 schwarze Exp $ .\" full merge up to: OpenSSL 8711efb4 Mon Apr 20 11:33:12 2009 +0000 .\" selective merge up to: OpenSSL 36359cec Mar 7 14:37:23 2018 +0100 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 29 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_S_MEM 3 .Os .Sh NAME @@ -158,7 +158,6 @@ sets .Pf * Fa pp to a pointer to the start of the memory BIO's data and returns the total amount of data available. -It is implemented as a macro. .Pp .Fn BIO_set_mem_buf sets the internal BUF_MEM structure to @@ -171,15 +170,12 @@ should be either .Dv BIO_CLOSE or .Dv BIO_NOCLOSE . -.Fn BIO_set_mem_buf -is a macro. .Pp .Fn BIO_get_mem_ptr places the underlying .Vt BUF_MEM structure in .Pf * Fa pp . -It is a macro. .Pp .Fn BIO_new_mem_buf creates a memory BIO using diff --git a/lib/libcrypto/man/CONF_modules_load_file.3 b/lib/libcrypto/man/CONF_modules_load_file.3 index 964473d49..d1bcd49a3 100644 --- a/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/lib/libcrypto/man/CONF_modules_load_file.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CONF_modules_load_file.3,v 1.11 2023/07/21 10:46:54 tb Exp $ +.\" $OpenBSD: CONF_modules_load_file.3,v 1.14 2023/11/19 20:58:07 tb Exp $ .\" full merge up to: e9b77246 Jan 20 19:58:49 2017 +0100 .\" selective merge up to: d090fc00 Feb 26 13:11:10 2019 +0800 .\" @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 21 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt CONF_MODULES_LOAD_FILE 3 .Os .Sh NAME @@ -222,7 +222,6 @@ Load custom configuration file and section instead of the standard one, only print warnings on error, missing configuration file ignored: .Bd -literal OPENSSL_no_config(); -ENGINE_load_builtin_engines(); OPENSSL_load_builtin_modules(); if (CONF_modules_load_file("/something/app.cnf", "myapp", CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { @@ -234,12 +233,10 @@ if (CONF_modules_load_file("/something/app.cnf", "myapp", In the previous example, the call to .Xr OPENSSL_no_config 3 is required first to suppress automatic loading -of the standard configuration file, and the calls to -.Xr ENGINE_load_builtin_engines 3 -and +of the standard configuration file, and the call to .Xr OPENSSL_load_builtin_modules 3 -are needed so that the configuration of builtin modules and engines -is also loaded in addition to the configuration of +is needed so that the configuration of builtin modules +is loaded in addition to the configuration of .Qq myapp . .Pp Load and parse configuration file manually, custom error handling: @@ -270,7 +267,6 @@ if (fp == NULL) { .Ed .Sh SEE ALSO .Xr CONF_modules_free 3 , -.Xr ENGINE_load_builtin_engines 3 , .Xr ERR 3 , .Xr OPENSSL_config 3 , .Xr OPENSSL_load_builtin_modules 3 diff --git a/lib/libcrypto/man/DES_set_key.3 b/lib/libcrypto/man/DES_set_key.3 index e74c7c5e4..16188f1f2 100644 --- a/lib/libcrypto/man/DES_set_key.3 +++ b/lib/libcrypto/man/DES_set_key.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DES_set_key.3,v 1.15 2022/03/31 17:27:16 naddy Exp $ +.\" $OpenBSD: DES_set_key.3,v 1.16 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: .\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400 .\" @@ -115,7 +115,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: November 16 2023 $ .Dt DES_SET_KEY 3 .Os .Sh NAME @@ -599,10 +599,11 @@ then update ivec and num. num contains "how far" we are though ivec. If this does not make much sense, read more about CFB mode of DES. .Pp +The .Fn DES_ede3_cfb64_encrypt -and +function and the .Fn DES_ede2_cfb64_encrypt -is the same as +macro are the same as .Fn DES_cfb64_encrypt except that Triple-DES is used. .Pp @@ -625,10 +626,11 @@ is the same as .Fn DES_cfb64_encrypt using Output Feed Back mode. .Pp +The .Fn DES_ede3_ofb64_encrypt -and +function and the .Fn DES_ede2_ofb64_encrypt -is the same as +macro are the same as .Fn DES_ofb64_encrypt , using Triple-DES. .Pp diff --git a/lib/libcrypto/man/DH_set_method.3 b/lib/libcrypto/man/DH_set_method.3 index e89fdc64a..70cf367c9 100644 --- a/lib/libcrypto/man/DH_set_method.3 +++ b/lib/libcrypto/man/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DH_set_method.3,v 1.8 2022/01/15 23:38:50 jsg Exp $ +.\" $OpenBSD: DH_set_method.3,v 1.9 2023/11/19 10:34:26 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 15 2022 $ +.Dd $Mdocdate: November 19 2023 $ .Dt DH_SET_METHOD 3 .Os .Sh NAME @@ -98,16 +98,9 @@ selects as the default method for all .Vt DH structures created later. -If any -.Vt ENGINE -was registered with -.Xr ENGINE_register_DH 3 -that can be successfully initialized, it overrides the default. .Pp .Fn DH_get_default_method -returns a pointer to the current default method, -even if it is actually overridden by an -.Vt ENGINE . +returns a pointer to the current default method. .Pp .Fn DH_set_method selects @@ -118,17 +111,12 @@ This replaces the .Vt DH_METHOD used by the .Fa dh -key and if the previous method was supplied by an -.Vt ENGINE , -.Xr ENGINE_finish 3 -is called on it. +key. It is possible to have .Vt DH keys that only work with certain .Vt DH_METHOD -implementations (e.g. from an -.Vt ENGINE -module that supports embedded hardware-protected keys), +implementations, and in such cases attempting to change the .Vt DH_METHOD for the key can have unexpected results. @@ -136,17 +124,10 @@ for the key can have unexpected results. .Fn DH_new_method allocates and initializes a .Vt DH -structure so that +structure. +The .Fa engine -is used for the DH operations. -If -.Fa engine -is -.Dv NULL , -.Xr ENGINE_get_default_DH 3 -is used. -If that returns -.Dv NULL , +argument is ignored and the default method controlled by .Fn DH_set_default_method is used. @@ -202,10 +183,7 @@ and sets an error code that can be obtained by if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .Sh SEE ALSO -.Xr DH_new 3 , -.Xr ENGINE_get_default_DH 3 , -.Xr ENGINE_register_DH 3 , -.Xr ENGINE_set_default_DH 3 +.Xr DH_new 3 .Sh HISTORY .Fn DH_set_default_method , .Fn DH_get_default_method , diff --git a/lib/libcrypto/man/DSA_set_method.3 b/lib/libcrypto/man/DSA_set_method.3 index 31ded16d8..ec6d2b4cd 100644 --- a/lib/libcrypto/man/DSA_set_method.3 +++ b/lib/libcrypto/man/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DSA_set_method.3,v 1.10 2022/01/15 23:38:50 jsg Exp $ +.\" $OpenBSD: DSA_set_method.3,v 1.11 2023/11/19 10:34:26 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 15 2022 $ +.Dd $Mdocdate: November 19 2023 $ .Dt DSA_SET_METHOD 3 .Os .Sh NAME @@ -93,16 +93,9 @@ selects as the default method for all .Vt DSA structures created later. -If any -.Vt ENGINE -was registered with -.Xr ENGINE_register_DSA 3 -that can be successfully initialized, it overrides the default. .Pp .Fn DSA_get_default_method -returns a pointer to the current default method, -even if it is actually overridden by an -.Vt ENGINE . +returns a pointer to the current default method. .Pp .Fn DSA_set_method selects @@ -111,15 +104,10 @@ to perform all operations using the key .Fa dsa . This replaces the .Vt DSA_METHOD -used by the DSA key and if the previous method was supplied by an -.Vt ENGINE , -.Xr ENGINE_finish 3 -is called on it. +used by the DSA key. It is possible to have DSA keys that only work with certain .Vt DSA_METHOD -implementations (e.g. from an -.Vt ENGINE -module that supports embedded hardware-protected keys), +implementations, and in such cases attempting to change the .Vt DSA_METHOD for the key can have unexpected results. @@ -127,17 +115,10 @@ for the key can have unexpected results. .Fn DSA_new_method allocates and initializes a .Vt DSA -structure so that +structure. +The .Fa engine -is used for the DSA operations. -If -.Fa engine -is -.Dv NULL , -.Xr ENGINE_get_default_DSA 3 -is used. -If that returns -.Dv NULL , +argument is ignored and the default method controlled by .Fn DSA_set_default_method is used. @@ -206,10 +187,7 @@ if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .Sh SEE ALSO .Xr DSA_meth_new 3 , -.Xr DSA_new 3 , -.Xr ENGINE_get_default_DSA 3 , -.Xr ENGINE_register_DSA 3 , -.Xr ENGINE_set_default_DSA 3 +.Xr DSA_new 3 .Sh HISTORY .Fn DSA_set_default_method , .Fn DSA_get_default_method , diff --git a/lib/libcrypto/man/ENGINE_add.3 b/lib/libcrypto/man/ENGINE_add.3 deleted file mode 100644 index 4ae878b4f..000000000 --- a/lib/libcrypto/man/ENGINE_add.3 +++ /dev/null @@ -1,243 +0,0 @@ -.\" $OpenBSD: ENGINE_add.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_ADD 3 -.Os -.Sh NAME -.Nm ENGINE_add , -.Nm ENGINE_set_id , -.Nm ENGINE_get_id , -.Nm ENGINE_set_name , -.Nm ENGINE_get_name , -.Nm ENGINE_remove , -.Nm ENGINE_cleanup , -.Nm ENGINE_get_first , -.Nm ENGINE_get_last , -.Nm ENGINE_get_next , -.Nm ENGINE_get_prev , -.Nm ENGINE_by_id -.Nd maintain a global list of ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_add -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_id -.Fa "ENGINE *e" -.Fa "const char *id" -.Fc -.Ft const char * -.Fo ENGINE_get_id -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_name -.Fa "ENGINE *e" -.Fa "const char *name" -.Fc -.Ft const char * -.Fo ENGINE_get_name -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_remove -.Fa "ENGINE *e" -.Fc -.Ft void -.Fn ENGINE_cleanup void -.Ft ENGINE * -.Fn ENGINE_get_first void -.Ft ENGINE * -.Fn ENGINE_get_last void -.Ft ENGINE * -.Fo ENGINE_get_next -.Fa "ENGINE *e" -.Fc -.Ft ENGINE * -.Fo ENGINE_get_prev -.Fa "ENGINE *e" -.Fc -.Ft ENGINE * -.Fo ENGINE_by_id -.Fa "const char *id" -.Fc -.Sh DESCRIPTION -The crypto library maintains a global list of -.Vt ENGINE -objects. -.Pp -.Fn ENGINE_add -appends -.Fa e -to the end of the list -and increments its structural reference count by 1. -A unique identifier and a name of -.Fa e -have to be set with -.Fn ENGINE_set_id -and -.Fn ENGINE_set_name -before calling this function. -.Fn ENGINE_add -fails if the list already contains an -.Vt ENGINE -with the same identifier. -.Pp -.Fn ENGINE_remove -removes -.Fa e -from the list. -If successful, it calls -.Xr ENGINE_free 3 -on -.Fa e . -.Pp -.Fn ENGINE_cleanup -calls -.Xr ENGINE_finish 3 -on all -.Vt ENGINE -objects that were selected as default engines, for example using the -functions documented in the -.Xr ENGINE_set_default 3 -and -.Xr ENGINE_get_default_RSA 3 -manual pages, and it calls -.Fn ENGINE_remove -on all -.Vt ENGINE -objects that were added to the global list with -.Fn ENGINE_add . -Calling this function is required at the end of each program using -.Fn ENGINE_add , -even if no engines are explicitly registered or used. -.Pp -.Fn ENGINE_get_first -and -.Fn ENGINE_get_last -provide access to the first and last -.Vt ENGINE -object on the list, respectively. -Unless the list is empty, they increment the structural reference -count of the retrieved object by 1. -.Pp -.Fn ENGINE_get_next -and -.Fn ENGINE_get_prev -support iteration of the list. -They always call -.Xr ENGINE_free 3 -on -.Fa e . -Unless the end of the list is reached, they increment the structural -reference count of the retrieved object by 1. -.Pp -.Fn ENGINE_by_id -searches the list for an -.Vt ENGINE -object with a matching -.Fa id . -If found, it increments the structural reference count of the -retrieved object by 1. -If -.Dv ENGINE_FLAGS_BY_ID_COPY -was set on -.Fa e -with -.Xr ENGINE_set_flags 3 , -it returns a shallow copy of the object rather than incrementing -the reference count and returning a pointer to the original. -.Sh RETURN VALUES -.Fn ENGINE_add , -.Fn ENGINE_set_id , -.Fn ENGINE_set_name , -and -.Fn ENGINE_remove -return 1 on success or 0 on error. -.Fn ENGINE_set_id -and -.Fn ENGINE_set_name -can only fail if the supplied -.Fa id -or -.Fa name -is -.Dv NULL . -.Pp -.Fn ENGINE_get_id -and -.Fn ENGINE_get_name -return a pointer to an internal string -representing the identifier and the name of -.Fa e , -respectively. -.Pp -.Fn ENGINE_get_first -and -.Fn ENGINE_get_last -return an -.Vt ENGINE -object or -.Dv NULL -if the list is empty. -.Pp -.Fn ENGINE_get_next -and -.Fn ENGINE_get_prev -return an -.Vt ENGINE -object or -.Dv NULL -when the end of the list is reached. -.Pp -.Fn ENGINE_by_id -returns an -.Vt ENGINE -object or -.Dv NULL -if no matching object is found. -.Sh SEE ALSO -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_all_RSA 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_add , -.Fn ENGINE_set_id , -.Fn ENGINE_get_id , -.Fn ENGINE_set_name , -.Fn ENGINE_get_name , -.Fn ENGINE_remove , -.Fn ENGINE_get_first , -.Fn ENGINE_get_last , -.Fn ENGINE_get_next , -.Fn ENGINE_get_prev , -and -.Fn ENGINE_by_id -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_cleanup -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/lib/libcrypto/man/ENGINE_ctrl.3 b/lib/libcrypto/man/ENGINE_ctrl.3 deleted file mode 100644 index b4965a5a0..000000000 --- a/lib/libcrypto/man/ENGINE_ctrl.3 +++ /dev/null @@ -1,470 +0,0 @@ -.\" $OpenBSD: ENGINE_ctrl.3,v 1.5 2022/01/15 23:38:50 jsg Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: January 15 2022 $ -.Dt ENGINE_CTRL 3 -.Os -.Sh NAME -.Nm ENGINE_ctrl , -.Nm ENGINE_cmd_is_executable , -.Nm ENGINE_ctrl_cmd , -.Nm ENGINE_ctrl_cmd_string , -.Nm ENGINE_set_ctrl_function , -.Nm ENGINE_get_ctrl_function , -.Nm ENGINE_set_cmd_defns , -.Nm ENGINE_get_cmd_defns -.Nd control commands for ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_ctrl -.Fa "ENGINE *e" -.Fa "int cmd" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)(void)" -.Fc -.Ft int -.Fo ENGINE_cmd_is_executable -.Fa "ENGINE *e" -.Fa "int cmd" -.Fc -.Ft int -.Fo ENGINE_ctrl_cmd -.Fa "ENGINE *e" -.Fa "const char *cmd_name" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)(void)" -.Fa "int cmd_optional" -.Fc -.Ft int -.Fo ENGINE_ctrl_cmd_string -.Fa "ENGINE *e" -.Fa "const char *cmd_name" -.Fa "const char *arg" -.Fa "int cmd_optional" -.Fc -.Ft typedef int -.Fo (*ENGINE_CTRL_FUNC_PTR) -.Fa "ENGINE *e" -.Fa "int cmd" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)(void)" -.Fc -.Ft int -.Fo ENGINE_set_ctrl_function -.Fa "ENGINE *e" -.Fa "ENGINE_CTRL_FUNC_PTR ctrl_f" -.Fc -.Ft ENGINE_CTRL_FUNC_PTR -.Fo ENGINE_get_ctrl_function -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_cmd_defns -.Fa "ENGINE *e" -.Fa "const ENGINE_CMD_DEFN *defns" -.Fc -.Ft const ENGINE_CMD_DEFN * -.Fo ENGINE_get_cmd_defns -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Fn ENGINE_ctrl -calls the built-in or user-defined -.Fa cmd -for the engine -.Fa e , -passing the arguments -.Fa i -and -.Fa p . -.Pp -User-defined commands can be used before -.Xr ENGINE_init 3 -to provide data required for initialization -or at any time to modify the behaviour of an engine. -.Pp -Most built-in commands operate on user-defined commands installed with -.Fn ENGINE_set_cmd_defns , -either using the -.Fa p -argument to indicate the user-defined command with the command name -.Fa cmd_name -or using the -.Fa i -argument to indicate the user-defined command with the command number -.Fa cmd_num . -The -.Fa cmd -arguments to call the built-in commands are as follows: -.Bl -tag -width Ds -.It Dv ENGINE_CTRL_GET_CMD_FLAGS -Return the -.Fa cmd_flags -of the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs or -the command number does not exist. -A return value of 0 indicates failure if -.Fa e -is -.Dv NULL -or has a reference count of 0, or success if -.Fa e -is valid. -.It Dv ENGINE_CTRL_GET_CMD_FROM_NAME -Return the positive command number -of the user-defined command with the name -.Fa p , -or a number less than or equal to 0 if an error occurs or no -matching name is found. -.It Dv ENGINE_CTRL_GET_DESC_FROM_CMD -Copy the description of the user-defined command with the number -.Fa i -into the buffer -.Fa p -and NUL-terminate it. -It is the responsibility of the caller to make sure that the buffer -.Fa p -is large enough, either by calling -.Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD -first or using knowledge about the array passed to -.Fn ENGINE_set_cmd_defns . -The return value is the number of bytes written -.Em including -the terminating NUL byte, or a number less than or equal to 0 -if an error occurs. -.It Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD -Return the length in bytes -.Em excluding -the terminating NUL byte -of the description of the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs. -A return value of 0 indicates failure if -.Fa e -is -.Dv NULL -or has a reference count of 0, or success if -.Fa e -is valid. -.It Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE -Return the positive command number -of the first user-defined command installed with -.Fn ENGINE_set_cmd_defns -or a number less than or equal to 0 if an error occurs or no -user-defined command has been installed. -.It Dv ENGINE_CTRL_GET_NAME_FROM_CMD -Copy the name of the user-defined command with the number -.Fa i -into the buffer -.Fa p -and NUL-terminate it. -It is the responsibility of the caller to make sure that the buffer -.Fa p -is large enough, either by calling -.Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD -first or using knowledge about the array passed to -.Fn ENGINE_set_cmd_defns . -The return value is the number of bytes written -.Em including -the terminating NUL byte, or a number less than or equal to 0 -if an error occurs. -.It Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD -Return the length in bytes -.Em excluding -the terminating NULL byte -of the name of the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs. -A return value of 0 indicates failure if -.Fa e -is -.Dv NULL -or has a reference count of 0, or success if -.Fa e -is valid. -.It Dv ENGINE_CTRL_GET_NEXT_CMD_TYPE -Return the positive command number of the next user-defined command -after the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs or if -.Fa i -is the last user-defined command. -Together with -.Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE , -this can be used to iterate the user-defined commands installed with -.Fn ENGINE_set_cmd_defns . -.It Dv ENGINE_CTRL_HAS_CTRL_FUNCTION -Return 1 if -.Fa e -has its own -.Fa ctrl_f -installed with -.Fn ENGINE_set_ctrl_function -or 0 otherwise. -.El -.Pp -.Fn ENGINE_ctrl_cmd -translates the -.Fa cmd_name -of a user-defined command to a -.Fa cmd -number and calls -.Fn ENGINE_ctrl -on it. -If -.Fa cmd_optional -is non-zero, lack of a -.Fa ctrl_f -in -.Fa e -and translation failure with -.Dv ENGINE_CTRL_GET_CMD_FROM_NAME -are considered success, and the command has no effect. -Otherwise, these problems cause -.Fn ENGINE_ctrl_cmd -to fail. -.Pp -Neither -.Fn ENGINE_ctrl -nor -.Fn ENGINE_ctrl_cmd -ever call the -.Fa f -callback, but merely pass it on as an argument to the engine-specific -.Fa ctrl_f -control function. -It is up to -.Fa ctrl_f -how to use it, or alternatively to ignore it as well. -.Pp -.Fn ENGINE_ctrl_cmd_string -translates the -.Fa cmd_name -of a user-defined command to a -.Fa cmd -number. -If that command has the -.Dv ENGINE_CMD_FLAG_NO_INPUT -flag set, -.Fa arg -must be -.Dv NULL -and -.Fn ENGINE_ctrl -is called with -.Fa i -set to 0 and -.Fa p -set to -.Dv NULL . -Otherwise, -.Fa arg -must not be -.Dv NULL . -If the command accepts string input, -.Fa i -is set to 0 and -.Fa arg -is passed as the -.Fa p -argument to -.Fn ENGINE_ctrl . -Otherwise, -.Fa arg -is converted with -.Xr strtol 3 -and passed as the -.Fa i -argument to -.Fn ENGINE_ctrl , -setting -.Fa p -to -.Dv NULL . -.Pp -.Fn ENGINE_set_ctrl_function -installs -.Fa ctrl_f -as the engine-specific control function for -.Fa e . -Future calls to -.Fn ENGINE_ctrl -will call that function, passing on their arguments unchanged, if the -.Fa cmd -is not built-in to the library or if the -.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL -flag is set in -.Fa e . -Let the -.Fa ctrl_f -return positive values on success or negative values on failure. -Avoid return values of 0 because they cause dangerous ambiguity. -In particular, -.Fn ENGINE_ctrl_cmd -and -.Fn ENGINE_ctrl_cmd_string -cannot be used with user-defined commands -that may return 0 on success. -.Pp -.Fn ENGINE_set_cmd_defns -install an array of command definitions in -.Fa e . -.Pp -The structure -.Vt ENGINE_CMD_DEFN -has the following fields: -.Bl -tag -width Ds -.It Fa "unsigned int cmd_num" -A positive, unique, monotonically increasing command number. -Avoid using numbers below -.Dv ENGINE_CMD_BASE . -.It Fa "const char *cmd_name" -The unique name of the command. -.It Fa "const char *cmd_desc" -A short description of the command. -.It Fa "unsigned int cmd_flags" -The bitwise OR of zero or more of the following flags: -.Bl -tag -width Ds -.It Dv ENGINE_CMD_FLAG_NUMERIC -The command uses -.Fa i . -.It Dv ENGINE_CMD_FLAG_STRING -The command uses -.Fa p . -.It Dv ENGINE_CMD_FLAG_NO_INPUT -The command neither uses -.Fa i -nor -.Fa p . -.It Dv ENGINE_CMD_FLAG_INTERNAL -This flag has no effect and is only provided for compatibility. -.El -.El -.Pp -The last element of -.Fa defns -does not specify a command, but must have a -.Fa cmd_num -of 0 and a -.Fa cmd_name -of -.Dv NULL -to indicate the end of the array. -.Sh RETURN VALUES -For -.Fn ENGINE_ctrl , -positive return values indicate success and negative return values -indicate failure. -The meaning of a zero return value depends on the particular -.Fa cmd -and may indicate both success and failure, which is pathetic. -.Pp -Regardless of the -.Fa cmd , -.Fn ENGINE_ctrl -returns 0 if -.Fa e -is -.Dv NULL -or has a reference count of 0. -This is quite unfortunate for commands like -.Dv ENGINE_CTRL_GET_CMD_FLAGS -where 0 may indicate success, so make sure -.Fa e -is valid before issuing a control command. -.Pp -For built-in commands except -.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION , -.Fn ENGINE_ctrl -returns \-1 if -.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL -is set but no -.Fa ctrl_f -has been installed with -.Fn ENGINE_set_ctrl_function . -.Pp -For commands that are not built in, -.Fn ENGINE_ctrl -returns 0 if no -.Fa ctrl_f -has been installed with -.Fn ENGINE_set_ctrl_function . -.Pp -.Fn ENGINE_cmd_is_executable -returns 1 if the user-defined -.Fa cmd -is executable and has at least one of the flags -.Dv ENGINE_CMD_FLAG_NUMERIC , -.Dv ENGINE_CMD_FLAG_STRING , -and -.Dv ENGINE_CMD_FLAG_NO_INPUT -set, or 0 otherwise. -.Pp -.Fn ENGINE_ctrl_cmd -and -.Fn ENGINE_ctrl_cmd_string -return 1 on success or 0 on error. -.Pp -.Fn ENGINE_set_ctrl_function -and -.Fn ENGINE_set_cmd_defns -always return 1. -.Pp -.Fn ENGINE_get_ctrl_function -returns a pointer to the function -.Fa ctrl_f -installed with -.Fn ENGINE_set_ctrl_function , -or -.Dv NULL -if none has been installed. -.Pp -.Fn ENGINE_get_cmd_defns -returns the array of command definitions installed in -.Fa e -or -.Dv NULL -if none is installed. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_set_RSA 3 -.Sh HISTORY -.Fn ENGINE_ctrl , -.Fn ENGINE_set_ctrl_function , -and -.Fn ENGINE_get_ctrl_function -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_cmd_is_executable , -.Fn ENGINE_ctrl_cmd , -.Fn ENGINE_ctrl_cmd_string , -.Fn ENGINE_set_cmd_defns , -and -.Fn ENGINE_get_cmd_defns -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/lib/libcrypto/man/ENGINE_get_default_RSA.3 b/lib/libcrypto/man/ENGINE_get_default_RSA.3 deleted file mode 100644 index 348f13670..000000000 --- a/lib/libcrypto/man/ENGINE_get_default_RSA.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.4 2023/07/21 04:35:36 tb Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 21 2023 $ -.Dt ENGINE_GET_DEFAULT_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_get_default_RSA , -.Nm ENGINE_get_default_DSA , -.Nm ENGINE_get_default_EC , -.Nm ENGINE_get_default_DH , -.Nm ENGINE_get_default_RAND , -.Nm ENGINE_get_cipher_engine , -.Nm ENGINE_get_digest_engine , -.Nm ENGINE_set_table_flags , -.Nm ENGINE_get_table_flags -.Nd retrieve the default ENGINE for an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft ENGINE * -.Fn ENGINE_get_default_RSA void -.Ft ENGINE * -.Fn ENGINE_get_default_DSA void -.Ft ENGINE * -.Fn ENGINE_get_default_EC void -.Ft ENGINE * -.Fn ENGINE_get_default_DH void -.Ft ENGINE * -.Fn ENGINE_get_default_RAND void -.Ft ENGINE * -.Fo ENGINE_get_cipher_engine -.Fa "int nid" -.Fc -.Ft ENGINE * -.Fo ENGINE_get_digest_engine -.Fa "int nid" -.Fc -.Ft void -.Fo ENGINE_set_table_flags -.Fa "unsigned int flags" -.Fc -.Ft unsigned int -.Fn ENGINE_get_table_flags void -.Sh DESCRIPTION -These functions retrieve the current default -.Vt ENGINE -implementing the respective algorithm. -.Pp -If a default engine was previously selected, -.Xr ENGINE_init 3 -is called on it again and it is used. -Otherwise, these functions inspect the engines registered -with the functions documented in -.Xr ENGINE_register_RSA 3 -in the order of the table for the respective algorithm. -If an inspected engine is already successfully initialized, -.Xr ENGINE_init 3 -is called on it again and it is used as the new default. -Otherwise, unless the global flag -.Dv ENGINE_TABLE_FLAG_NOINIT -is set, -.Xr ENGINE_init 3 -is tried on it. -If it succeeds, that engine is used as the new default. -If it fails or if -.Dv ENGINE_TABLE_FLAG_NOINIT -is set, inspection continues with the next engine. -.Pp -The global flag can be set by calling -.Fn ENGINE_set_table_flags -with an argument of -.Dv ENGINE_TABLE_FLAG_NOINIT -or cleared by calling it with an argument of 0. -By default, the flag is not set. -.Pp -While all the other functions operate on exactly one algorithm, -.Fn ENGINE_get_cipher_engine -and -.Fn ENGINE_get_digest_engine -are special in so far as they can handle multiple algorithms, -identified by the given -.Fa nid . -The default engine is remembered separately for each algorithm. -.Pp -Application programs rarely need to call these functions because -they are called automatically when needed, in particular from -.Xr RSA_new 3 , -.Xr DSA_new 3 , -.Xr EC_KEY_new 3 , -.Xr DH_new 3 , -.Xr EVP_CipherInit_ex 3 , -and -.Xr EVP_DigestInit_ex 3 . -.Sh RETURN VALUES -These functions return a functional reference to an -.Vt ENGINE -object or -.Dv NULL -on failure, in particular when no engine implementing the algorithm -is available, when -.Xr ENGINE_init 3 -fails for all implementations, -or when insufficient memory is available. -Even when these functions fail, the application may still be able -to use the algorithm in question because the built-in implementation -is used in that case, if one is available. -.Pp -.Fn ENGINE_get_table_flags -returns -.Dv ENGINE_TABLE_FLAG_NOINIT -if the global flag is set or 0 otherwise. -.Sh SEE ALSO -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 -.Sh HISTORY -.Fn ENGINE_get_default_RSA , -.Fn ENGINE_get_default_DSA , -.Fn ENGINE_get_default_DH , -and -.Fn ENGINE_get_default_RAND -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_get_cipher_engine , -.Fn ENGINE_get_digest_engine , -.Fn ENGINE_set_table_flags , -and -.Fn ENGINE_get_table_flags -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_get_default_EC -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.5 . diff --git a/lib/libcrypto/man/ENGINE_init.3 b/lib/libcrypto/man/ENGINE_init.3 deleted file mode 100644 index d41d98a2f..000000000 --- a/lib/libcrypto/man/ENGINE_init.3 +++ /dev/null @@ -1,134 +0,0 @@ -.\" $OpenBSD: ENGINE_init.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_INIT 3 -.Os -.Sh NAME -.Nm ENGINE_init , -.Nm ENGINE_finish , -.Nm ENGINE_set_init_function , -.Nm ENGINE_set_finish_function , -.Nm ENGINE_get_init_function , -.Nm ENGINE_get_finish_function -.Nd initialize ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_init -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_finish -.Fa "ENGINE *e" -.Fc -.Ft typedef int -.Fo (*ENGINE_GEN_INT_FUNC_PTR) -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_init_function -.Fa "ENGINE *e" -.Fa "ENGINE_GEN_INT_FUNC_PTR init_f" -.Fc -.Ft int -.Fo ENGINE_set_finish_function -.Fa "ENGINE *e" -.Fa "ENGINE_GEN_INT_FUNC_PTR finish_f" -.Fc -.Ft ENGINE_GEN_INT_FUNC_PTR -.Fo ENGINE_get_init_function -.Fa "const ENGINE *e" -.Fc -.Ft ENGINE_GEN_INT_FUNC_PTR -.Fo ENGINE_get_finish_function -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Fn ENGINE_init -initializes -.Fa e -by calling the -.Fa init_f -previously installed with -.Fn ENGINE_set_init_function , -if any. -In case of success, it also increments both the structural -and the functional reference count by 1. -If no -.Fa init_f -was installed, -.Fn ENGINE_init -always succeeds. -Calling -.Fn ENGINE_init -again after it already succeeded always succeeds, but has no effect -except that it increments both the structural and the functional -reference count by 1. -.Pp -.Fn ENGINE_finish -decrements the functional reference count by 1. -When it reaches 0, it calls the -.Fa finish_f -previously installed with -.Fn ENGINE_set_finish_function , -if any. -If no -.Fa finish_f -was installed, -.Fn ENGINE_finish -always succeeds. -Unless -.Fa finish_f -fails, -.Fn ENGINE_finish -also calls -.Xr ENGINE_free 3 . -.Pp -.Fn ENGINE_init -is internally called by the functions documented in the -.Xr ENGINE_get_default_RSA 3 -manual page. -.Sh RETURN VALUES -.Fn ENGINE_init -and -.Fn ENGINE_finish -return 1 on success or 0 on error. -.Pp -.Fn ENGINE_set_init_function -and -.Fn ENGINE_set_finish_function -always return 1. -.Pp -.Fn ENGINE_get_init_function -and -.Fn ENGINE_get_finish_function -return a function pointer to the respective callback, or -.Dv NULL -if none is installed. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 2.9 . diff --git a/lib/libcrypto/man/ENGINE_new.3 b/lib/libcrypto/man/ENGINE_new.3 index eaab08d1f..55ed96356 100644 --- a/lib/libcrypto/man/ENGINE_new.3 +++ b/lib/libcrypto/man/ENGINE_new.3 @@ -1,7 +1,6 @@ -.\" $OpenBSD: ENGINE_new.3,v 1.5 2021/03/12 05:18:00 jsg Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" $OpenBSD: ENGINE_new.3,v 1.10 2023/11/19 21:13:47 tb Exp $ .\" +.\" Copyright (c) 2023 Theo Buehler .\" Copyright (c) 2018 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -16,175 +15,160 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 12 2021 $ +.Dd $Mdocdate: November 19 2023 $ .Dt ENGINE_NEW 3 .Os .Sh NAME .Nm ENGINE_new , -.Nm ENGINE_up_ref , .Nm ENGINE_free , -.Nm ENGINE_set_destroy_function , -.Nm ENGINE_get_destroy_function -.Nd create and destroy ENGINE objects +.Nm ENGINE_init , +.Nm ENGINE_finish , +.Nm ENGINE_ctrl_cmd , +.Nm ENGINE_ctrl_cmd_string , +.Nm ENGINE_by_id , +.Nm ENGINE_get_id , +.Nm ENGINE_get_name , +.Nm ENGINE_set_default , +.Nm ENGINE_get_default_RSA , +.Nm ENGINE_set_default_RSA , +.Nm ENGINE_load_private_key , +.Nm ENGINE_load_public_key , +.Nm ENGINE_load_builtin_engines , +.Nm ENGINE_load_dynamic , +.Nm ENGINE_load_openssl , +.Nm ENGINE_register_all_complete , +.Nm ENGINE_cleanup +.Nd ENGINE stub functions .Sh SYNOPSIS .In openssl/engine.h .Ft ENGINE * .Fn ENGINE_new void .Ft int -.Fo ENGINE_up_ref -.Fa "ENGINE *e" -.Fc -.Ft int .Fo ENGINE_free -.Fa "ENGINE *e" -.Fc -.Ft typedef int -.Fo (*ENGINE_GEN_INT_FUNC_PTR) -.Fa "ENGINE *e" +.Fa "ENGINE *engine" .Fc .Ft int -.Fo ENGINE_set_destroy_function -.Fa "ENGINE *e" -.Fa "ENGINE_GEN_INT_FUNC_PTR destroy_f" +.Fn ENGINE_init "ENGINE *engine" +.Ft int +.Fn ENGINE_finish "ENGINE *engine" +.Ft int +.Fo ENGINE_ctrl_cmd +.Fa "ENGINE *engine" +.Fa "const char *cmd_name" +.Fa "long i" +.Fa "void *p" +.Fa "void (*f)(void)" +.Fa "int cmd_optional" .Fc -.Ft ENGINE_GEN_INT_FUNC_PTR -.Fo ENGINE_get_destroy_function -.Fa "const ENGINE *e" +.Ft int +.Fo ENGINE_ctrl_cmd_string +.Fa "ENGINE *engine" +.Fa "const char *cmd_name" +.Fa "const char *arg" +.Fa "int cmd_optional" .Fc +.Ft ENGINE * +.Fn ENGINE_by_id "const char *id" +.Ft const char * +.Fn ENGINE_get_id "const ENGINE *engine" +.Ft const char * +.Fn ENGINE_get_name "const ENGINE *engine" +.Ft int +.Fn ENGINE_set_default "ENGINE *engine" "unsigned int flags" +.Ft ENGINE * +.Fn ENGINE_get_default_RSA "ENGINE *engine" +.Ft int +.Fn ENGINE_set_default_RSA "ENGINE *engine" +.Ft EVP_PKEY * +.Fo ENGINE_load_private_key +.Fa "ENGINE *engine" +.Fa "const char *key_id" +.Fa "UI_METHOD *ui_method" +.Fa "void *callback_data" +.Fc +.Ft EVP_PKEY * +.Fo ENGINE_load_public_key +.Fa "ENGINE *engine" +.Fa "const char *key_id" +.Fa "UI_METHOD *ui_method" +.Fa "void *callback_data" +.Fc +.Ft void +.Fn ENGINE_load_builtin_engines "void" +.Ft void +.Fn ENGINE_load_dynamic "void" +.Ft void +.Fn ENGINE_load_openssl "void" +.Ft int +.Fn ENGINE_register_all_complete "void" +.Ft void +.Fn ENGINE_cleanup "void" .Sh DESCRIPTION .Vt ENGINE -objects can be used to provide alternative implementations of -cryptographic algorithms, to support additional algorithms, to -support cryptographic hardware, and to switch among alternative -implementations of algorithms at run time. -LibreSSL generally avoids engines and prefers providing -cryptographic functionality in the crypto library itself. +objects used to provide alternative implementations of +cryptographic algorithms, for example using specialized hardware. +LibreSSL no longer supports this feature. .Pp -.Fn ENGINE_new -allocates and initializes an empty +All functions in this manual ignore all their arguments and +do nothing except return failure if possible. +They are provided only to avoid patching software that expects .Vt ENGINE -object and sets its structural reference count to 1 -and its functional reference count to 0. -For more information about the functional reference count, see the -.Xr ENGINE_init 3 -manual page. -.Pp -Many functions increment the structural reference count by 1 -when successful. -Some of them, including -.Xr ENGINE_get_first 3 , -.Xr ENGINE_get_last 3 , -.Xr ENGINE_get_next 3 , -.Xr ENGINE_get_prev 3 , -and -.Xr ENGINE_by_id 3 , -do so because they return a structural reference to the user. -Other functions, including -.Xr ENGINE_add 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_get_cipher_engine 3 , -.Xr ENGINE_get_digest_engine 3 , -and the -.Xr ENGINE_get_default_RSA 3 -and -.Xr ENGINE_set_default 3 -families of functions -do so when they store a structural reference internally. -.Pp -.Fn ENGINE_up_ref -explicitly increment the structural reference count by 1. -.Pp -.Fn ENGINE_free -decrements the structural reference count by 1, -and if it reaches 0, the optional -.Fa destroy_f -previously installed with -.Fn ENGINE_set_destroy_function -is called, if one is installed, and both the memory used internally by -.Fa e -and -.Fa e -itself are freed. -If -.Fa e -is a -.Dv NULL -pointer, no action occurs. -.Pp -Many functions internally call the equivalent of -.Fn ENGINE_free . -Some of them, including -.Xr ENGINE_get_next 3 -and -.Xr ENGINE_get_prev 3 , -thus invalidate the structural reference passed in by the user. -Other functions, including -.Xr ENGINE_finish 3 , -.Xr ENGINE_remove 3 , -and the -.Xr ENGINE_set_default 3 -family of functions -do so when an internally stored structural reference is no longer needed. -.Pp -.Fn ENGINE_set_destroy_function -installs a callback function that will be called by -.Fn ENGINE_free , -but only when -.Fa e -actually gets destroyed, -not when only its reference count gets decremented. -The value returned from the -.Fa destroy_f -will be ignored. +support to be available. .Sh RETURN VALUES -.Fn ENGINE_new -returns a structural reference to the new -.Vt ENGINE -object or -.Dv NULL -if an error occurs. -.Pp -.Fn ENGINE_up_ref -returns 0 if -.Fa e -is -.Dv NULL -and 1 otherwise. -.Pp -.Fn ENGINE_free +.Fn ENGINE_new , +.Fn ENGINE_by_id , +.Fn ENGINE_get_default_RSA , +.Fn ENGINE_load_private_key , and -.Fn ENGINE_set_destroy_function -always return 1. +.Fn ENGINE_load_public_key +always return +.Dv NULL . .Pp -.Fn ENGINE_get_destroy_function -returns a function pointer to the callback, or -.Dv NULL -if none is installed. +.Fn ENGINE_free , +.Fn ENGINE_init , +.Fn ENGINE_finish , +.Fn ENGINE_ctrl_cmd , +.Fn ENGINE_ctrl_cmd_string , +.Fn ENGINE_set_default , +.Fn ENGINE_set_default_RSA , +and +.Fn ENGINE_register_all_complete +always return 0. +.Pp +.Fn ENGINE_get_id +and +.Fn ENGINE_get_name +always return the constant empty string. .Sh SEE ALSO -.Xr crypto 3 , -.Xr ENGINE_add 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_register_all_RSA 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 +.Xr crypto 3 .Sh HISTORY -.Fn ENGINE_new +.Fn ENGINE_new , +.Fn ENGINE_free , +.Fn ENGINE_init , +.Fn ENGINE_finish , +.Fn ENGINE_by_id , +.Fn ENGINE_get_id , +.Fn ENGINE_get_name , +.Fn ENGINE_set_default , +.Fn ENGINE_get_default_RSA , +.Fn ENGINE_set_default_RSA , +.Fn ENGINE_load_private_key , and -.Fn ENGINE_free -first appeared in OpenSSL 0.9.7 and have been available since +.Fn ENGINE_load_public_key +first appeared in OpenSSL 0.9.7 +and have been available since .Ox 2.9 . .Pp -.Fn ENGINE_set_destroy_function +.Fn ENGINE_ctrl_cmd , +.Fn ENGINE_ctrl_cmd_string , +.Fn ENGINE_load_builtin_engines , +.Fn ENGINE_load_openssl , +.Fn ENGINE_register_all_complete , and -.Fn ENGINE_get_destroy_function -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_up_ref -first appeared in OpenSSL 0.9.7 and has been available since +.Fn ENGINE_cleanup +first appeared in OpenSSL 0.9.7 +and have been available since .Ox 3.4 . +.Pp +All these functions were turned into stubs in +.Ox 7.4 . diff --git a/lib/libcrypto/man/ENGINE_register_RSA.3 b/lib/libcrypto/man/ENGINE_register_RSA.3 deleted file mode 100644 index 5c63729cf..000000000 --- a/lib/libcrypto/man/ENGINE_register_RSA.3 +++ /dev/null @@ -1,142 +0,0 @@ -.\" $OpenBSD: ENGINE_register_RSA.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_REGISTER_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_register_RSA , -.Nm ENGINE_register_DSA , -.Nm ENGINE_register_ECDH , -.Nm ENGINE_register_ECDSA , -.Nm ENGINE_register_DH , -.Nm ENGINE_register_RAND , -.Nm ENGINE_register_STORE , -.Nm ENGINE_register_ciphers , -.Nm ENGINE_register_digests , -.Nm ENGINE_register_complete -.Nd register an ENGINE as implementing an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_register_RSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_DSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_ECDH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_ECDSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_DH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_RAND -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_STORE -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_ciphers -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_digests -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_complete -.Fa "ENGINE *e" -.Fc -.Sh DESCRIPTION -In addition to the global table described in -.Xr ENGINE_add 3 , -the crypto library maintains several tables containing references to -.Vt ENGINE -objects implementing one specific cryptographic algorithm. -.Pp -The functions listed in the present manual page append -.Fa e -to the end of the table for the respective algorithm. -.Pp -If -.Fa e -does not contain a method for the requested algorithm, -these functions succeed without having any effect. -.Pp -If -.Fa e -is already registered for the given algorithm, -they move it to the end of the respective table. -.Pp -.Fn ENGINE_register_ciphers -and -.Fn ENGINE_register_digests -are special in so far as an engine may implement -more than one cipher or more than one digest. -In that case, -.Fa e -is registered for all the ciphers or digests it implements. -.Pp -.Fn ENGINE_register_complete -registers -.Fa e -for all algorithms it implements by calling all the other functions. -.Sh RETURN VALUES -These functions return 1 on success or 0 on error. -They only fail if insufficient memory is available. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_all_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_register_RSA , -.Fn ENGINE_register_DSA , -.Fn ENGINE_register_DH , -.Fn ENGINE_register_RAND , -.Fn ENGINE_register_ciphers , -.Fn ENGINE_register_digests , -and -.Fn ENGINE_register_complete -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_register_ECDH , -.Fn ENGINE_register_ECDSA , -and -.Fn ENGINE_register_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Sh BUGS -.Fn ENGINE_register_complete -ignores all errors, even memory allocation failure, and always returns 1. diff --git a/lib/libcrypto/man/ENGINE_register_all_RSA.3 b/lib/libcrypto/man/ENGINE_register_all_RSA.3 deleted file mode 100644 index 3016eec3d..000000000 --- a/lib/libcrypto/man/ENGINE_register_all_RSA.3 +++ /dev/null @@ -1,123 +0,0 @@ -.\" $OpenBSD: ENGINE_register_all_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_REGISTER_ALL_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_register_all_RSA , -.Nm ENGINE_register_all_DSA , -.Nm ENGINE_register_all_ECDH , -.Nm ENGINE_register_all_ECDSA , -.Nm ENGINE_register_all_DH , -.Nm ENGINE_register_all_RAND , -.Nm ENGINE_register_all_STORE , -.Nm ENGINE_register_all_ciphers , -.Nm ENGINE_register_all_digests , -.Nm ENGINE_register_all_complete , -.Nm ENGINE_load_builtin_engines , -.Nm ENGINE_load_dynamic -.Nd register all engines as implementing an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft void -.Fn ENGINE_register_all_RSA void -.Ft void -.Fn ENGINE_register_all_DSA void -.Ft void -.Fn ENGINE_register_all_ECDH void -.Ft void -.Fn ENGINE_register_all_ECDSA void -.Ft void -.Fn ENGINE_register_all_DH void -.Ft void -.Fn ENGINE_register_all_RAND void -.Ft void -.Fn ENGINE_register_all_STORE void -.Ft void -.Fn ENGINE_register_all_ciphers void -.Ft void -.Fn ENGINE_register_all_digests void -.Ft int -.Fn ENGINE_register_all_complete void -.Ft void -.Fn ENGINE_load_builtin_engines void -.Ft void -.Fn ENGINE_load_dynamic void -.Sh DESCRIPTION -These functions loop over all the -.Vt ENGINE -objects contained in the global table described in the -.Xr ENGINE_add 3 -manual page. -They register each object for the respective algorithm -by calling the corresponding function described in -.Xr ENGINE_register_RSA 3 . -.Pp -.Fn ENGINE_register_all_complete -calls -.Fn ENGINE_register_complete -in this way, except that it skips those -.Vt ENGINE -objects that have the -.Dv ENGINE_FLAGS_NO_REGISTER_ALL -flag set with -.Xr ENGINE_set_flags 3 . -.Pp -.Fn ENGINE_load_builtin_engines -calls -.Xr OPENSSL_init_crypto 3 -with no options, loads any built-in engines -that are enabled by default, and calls -.Fn ENGINE_register_all_complete . -Currently, LibreSSL does not provide any engines. -.Sy GOST -and -.Sy aesni -support is provided by the crypto library itself -and does not require any engines, not even built-in ones. -.Pp -.Fn ENGINE_load_dynamic -has no effect and is only provided for compatibility. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_flags 3 , -.Xr OPENSSL_config 3 , -.Xr OPENSSL_init_crypto 3 -.Sh HISTORY -.Fn ENGINE_register_all_RSA , -.Fn ENGINE_register_all_DSA , -.Fn ENGINE_register_all_DH , -.Fn ENGINE_register_all_RAND , -.Fn ENGINE_register_all_ciphers , -.Fn ENGINE_register_all_digests , -.Fn ENGINE_register_all_complete , -.Fn ENGINE_load_builtin_engines , -and -.Fn ENGINE_load_dynamic -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_register_all_ECDH , -.Fn ENGINE_register_all_ECDSA , -and -.Fn ENGINE_register_all_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/lib/libcrypto/man/ENGINE_set_RSA.3 b/lib/libcrypto/man/ENGINE_set_RSA.3 deleted file mode 100644 index b2cec473b..000000000 --- a/lib/libcrypto/man/ENGINE_set_RSA.3 +++ /dev/null @@ -1,317 +0,0 @@ -.\" $OpenBSD: ENGINE_set_RSA.3,v 1.7 2023/07/21 04:29:27 tb Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 21 2023 $ -.Dt ENGINE_SET_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_set_RSA , -.Nm ENGINE_get_RSA , -.Nm ENGINE_set_DSA , -.Nm ENGINE_get_DSA , -.Nm ENGINE_set_EC , -.Nm ENGINE_get_EC , -.Nm ENGINE_set_DH , -.Nm ENGINE_get_DH , -.Nm ENGINE_set_RAND , -.Nm ENGINE_get_RAND , -.Nm ENGINE_set_STORE , -.Nm ENGINE_get_STORE , -.Nm ENGINE_set_ciphers , -.Nm ENGINE_get_ciphers , -.Nm ENGINE_get_cipher , -.Nm ENGINE_set_digests , -.Nm ENGINE_get_digests , -.Nm ENGINE_get_digest -.Nd install and retrieve function tables of crypto engines -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_set_RSA -.Fa "ENGINE *e" -.Fa "const RSA_METHOD *rsa_meth" -.Fc -.Ft const RSA_METHOD * -.Fo ENGINE_get_RSA -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_DSA -.Fa "ENGINE *e" -.Fa "const DSA_METHOD *dsa_meth" -.Fc -.Ft const DSA_METHOD * -.Fo ENGINE_get_DSA -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_EC -.Fa "ENGINE *e" -.Fa "const EC_KEY_METHOD *ec_meth" -.Fc -.Ft const EC_KEY_METHOD * -.Fo ENGINE_get_EC -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_DH -.Fa "ENGINE *e" -.Fa "const DH_METHOD *dh_meth" -.Fc -.Ft const DH_METHOD * -.Fo ENGINE_get_DH -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_RAND -.Fa "ENGINE *e" -.Fa "const RAND_METHOD *rand_meth" -.Fc -.Ft const RAND_METHOD * -.Fo ENGINE_get_RAND -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_STORE -.Fa "ENGINE *e" -.Fa "const STORE_METHOD *rand_meth" -.Fc -.Ft const STORE_METHOD * -.Fo ENGINE_get_STORE -.Fa "const ENGINE *e" -.Fc -.Ft typedef int -.Fo (*ENGINE_CIPHERS_PTR) -.Fa "ENGINE *e" -.Fa "const EVP_CIPHER **impl" -.Fa "const int **nids" -.Fa "int nid" -.Fc -.Ft int -.Fo ENGINE_set_ciphers -.Fa "ENGINE *e" -.Fa "ENGINE_CIPHERS_PTR f" -.Fc -.Ft ENGINE_CIPHERS_PTR -.Fo ENGINE_get_ciphers -.Fa "const ENGINE *e" -.Fc -.Ft const EVP_CIPHER * -.Fo ENGINE_get_cipher -.Fa "ENGINE *e" -.Fa "int nid" -.Fc -.Ft typedef int -.Fo (*ENGINE_DIGESTS_PTR) -.Fa "ENGINE *e" -.Fa "const EVP_MD **impl" -.Fa "const int **nids" -.Fa "int nid" -.Fc -.Ft int -.Fo ENGINE_set_digests -.Fa "ENGINE *e" -.Fa "ENGINE_DIGESTS_PTR f" -.Fc -.Ft ENGINE_DIGESTS_PTR -.Fo ENGINE_get_digests -.Fa "const ENGINE *e" -.Fc -.Ft const EVP_MD * -.Fo ENGINE_get_digest -.Fa "ENGINE *e" -.Fa "int nid" -.Fc -.Sh DESCRIPTION -The -.Fn ENGINE_set_* -functions install a table of function pointers -implementing the respective algorithm in -.Fa e . -Partial information about the various method objects is available from -.Xr RSA_meth_new 3 , -.Xr RSA_get_default_method 3 , -.Xr DSA_meth_new 3 , -.Xr DSA_get_default_method 3 , -.Xr EC_KEY_get_default_method 3 , -.Xr DH_get_default_method 3 , -.Xr RAND_get_rand_method 3 , -.Xr EVP_get_cipherbynid 3 , -and -.Xr EVP_get_digestbynid 3 . -.Vt STORE_METHOD -is an incomplete type, and the pointers to it are not used for anything. -For complete descriptions of these types, -refer to the respective header files. -.Pp -The functions described in the -.Xr ENGINE_register_RSA 3 -and -.Xr ENGINE_set_default 3 -manual pages only have an effect after function pointers -were installed using the functions described here. -.Pp -.Fn ENGINE_set_ciphers -and -.Fn ENGINE_set_digests -are special in so far as the -.Vt ENGINE -structure does not provide fields to store function pointers -implementing ciphers or digests. -Instead, these two functions only install a callback to -retrieve implementations. -Where the pointers to the implementations are stored internally, -how they get initialized, and how the -.Vt ENGINE_CIPHERS_PTR -and -.Vt ENGINE_DIGESTS_PTR -callbacks retrieve them -is up to the implementation of each individual engine. -.Pp -If the -.Vt ENGINE_CIPHERS_PTR -and -.Vt ENGINE_DIGESTS_PTR -callbacks are called with a non-zero -.Fa nid , -they retrieve the implementation of that cipher or digest, -respectively. -In this case, a -.Dv NULL -pointer can be passed as the -.Fa nids -argument. -.Fn ENGINE_get_cipher -and -.Fn ENGINE_get_digest -call the callbacks installed in -.Fa e -in this way. -.Pp -If 0 is passed as the -.Fa nid -argument, an internal pointer -to the array of implementations available in -.Fa e -is returned in -.Pf * Fa impl , -and an internal pointer -to the array of corresponding identifiers in -.Pf * Fa nids . -The return value of the callback indicates -the number of implementations returned. -.Pp -The -.Fn ENGINE_get_* -functions retrieve the previously installed function tables. -They are used when constructing basic cryptographic objects -as shown in the following table: -.Bl -column "ENGINE_get_digestMM" -.It Accessor: Ta Called by: -.It Fn ENGINE_get_RSA Ta Xr RSA_new_method 3 , Xr RSA_new 3 -.It Fn ENGINE_get_DSA Ta Xr DSA_new_method 3 , Xr DSA_new 3 -.It Fn ENGINE_get_EC Ta Xr EC_KEY_new_method 3 , Xr EC_KEY_new 3 , -.Xr EC_KEY_new_by_curve_name 3 -.It Fn ENGINE_get_DH Ta Xr DH_new_method 3 , Xr DH_new 3 -.It Fn ENGINE_get_RAND Ta unused -.It Fn ENGINE_get_STORE Ta unused -.It Fn ENGINE_get_cipher Ta Xr EVP_CipherInit_ex 3 -.It Fn ENGINE_get_digest Ta Xr EVP_DigestInit_ex 3 -.El -.Sh RETURN VALUES -The -.Fn ENGINE_set_* -functions return 1 on success or 0 on error. -Currently, they cannot fail. -.Pp -The -.Fn ENGINE_get_* -functions return a method object for the respective algorithm, or -.Dv NULL -if none is installed. -.Pp -.Fn ENGINE_get_ciphers -and -.Fn ENGINE_get_digests -return a function pointer to the respective callback, or -.Dv NULL -if none is installed. -.Pp -.Fn ENGINE_get_cipher -returns an -.Vt EVP_CIPHER -object implementing the cipher -.Fa nid -or -.Dv NULL -if -.Fa e -does not implement that cipher. -.Pp -.Fn ENGINE_get_digest -returns an -.Vt EVP_MD -object implementing the digest -.Fa nid -or -.Dv NULL -if -.Fa e -does not implement that digest. -.Sh SEE ALSO -.Xr DSA_new 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_EncryptInit 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn ENGINE_set_RSA , -.Fn ENGINE_get_RSA , -.Fn ENGINE_set_DSA , -.Fn ENGINE_get_DSA , -.Fn ENGINE_set_DH , -.Fn ENGINE_get_DH , -.Fn ENGINE_set_RAND , -.Fn ENGINE_get_RAND , -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_set_ciphers , -.Fn ENGINE_get_ciphers , -.Fn ENGINE_get_cipher , -.Fn ENGINE_set_digests , -.Fn ENGINE_get_digests , -and -.Fn ENGINE_get_digest -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_set_STORE -and -.Fn ENGINE_get_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Fn ENGINE_set_EC -and -.Fn ENGINE_get_EC -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.5 . diff --git a/lib/libcrypto/man/ENGINE_set_default.3 b/lib/libcrypto/man/ENGINE_set_default.3 deleted file mode 100644 index c2655f2b9..000000000 --- a/lib/libcrypto/man/ENGINE_set_default.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" $OpenBSD: ENGINE_set_default.3,v 1.4 2019/06/03 14:43:15 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 3 2019 $ -.Dt ENGINE 3 -.Os -.Sh NAME -.Nm ENGINE_set_default , -.Nm ENGINE_set_default_string , -.Nm ENGINE_set_default_RSA , -.Nm ENGINE_set_default_DSA , -.Nm ENGINE_set_default_ECDH , -.Nm ENGINE_set_default_ECDSA , -.Nm ENGINE_set_default_DH , -.Nm ENGINE_set_default_RAND , -.Nm ENGINE_set_default_ciphers , -.Nm ENGINE_set_default_digests -.Nd register an ENGINE as the default for an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_set_default_RSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_DSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_ECDH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_ECDSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_DH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_RAND -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_ciphers -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_digests -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default -.Fa "ENGINE *e" -.Fa "unsigned int flags" -.Fc -.Ft int -.Fo ENGINE_set_default_string -.Fa "ENGINE *e" -.Fa "const char *list" -.Fc -.Sh DESCRIPTION -These functions register -.Fa e -as implementing the respective algorithm -like the functions described in the -.Xr ENGINE_register_RSA 3 -manual page do it. -In addition, they call -.Xr ENGINE_init 3 -on -.Fa e -and select -.Fa e -as the default implementation of the respective algorithm to be -returned by the functions described in -.Xr ENGINE_get_default_RSA 3 -in the future. -If another engine was previously selected -as the default implementation of the respective algorithm, -.Xr ENGINE_finish 3 -is called on that previous engine. -.Pp -If -.Fa e -implements more than one cipher or digest, -.Fn ENGINE_set_default_ciphers -and -.Fn ENGINE_set_default_digests -register and select it for all these ciphers and digests, respectively. -.Pp -.Fn ENGINE_set_default -registers -.Fa e -as the default implementation of all algorithms specified by the -.Fa flags -by calling the appropriate ones among the other functions. -Algorithms can be selected by combining any number of the -following constants with bitwise OR: -.Dv ENGINE_METHOD_ALL , -.Dv ENGINE_METHOD_RSA , -.Dv ENGINE_METHOD_DSA , -.Dv ENGINE_METHOD_ECDH , -.Dv ENGINE_METHOD_ECDSA , -.Dv ENGINE_METHOD_DH , -.Dv ENGINE_METHOD_RAND , -.Dv ENGINE_METHOD_CIPHERS , -.Dv ENGINE_METHOD_DIGESTS , -.Dv ENGINE_METHOD_PKEY_METHS , -and -.Dv ENGINE_METHOD_PKEY_ASN1_METHS . -.Pp -.Fn ENGINE_set_default_string -is similar except that it selects the algorithms according to the string -.Fa def_list , -which contains an arbitrary number of comma-separated keywords from -the following list: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, -DIGESTS, PKEY_CRYPTO, PKEY_ASN1, and PKEY. -PKEY_CRYPTO corresponds to -.Dv ENGINE_METHOD_PKEY_METHS , -PKEY_ASN1 to -.Dv ENGINE_METHOD_PKEY_ASN1_METHS , -and PKEY selects both. -.Sh RETURN VALUES -These functions return 1 on success or 0 on error. -They fail if -.Xr ENGINE_init 3 -fails or if insufficient memory is available. -.Sh SEE ALSO -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_set_default , -.Fn ENGINE_set_default_RSA , -.Fn ENGINE_set_default_DSA , -.Fn ENGINE_set_default_DH , -and -.Fn ENGINE_set_default_RAND -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_set_default_string , -.Fn ENGINE_set_default_ciphers , -and -.Fn ENGINE_set_default_digests -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_set_default_ECDH -and -.Fn ENGINE_set_default_ECDSA -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Sh CAVEATS -Failure of -.Xr ENGINE_finish 3 -is ignored. -.Sh BUGS -Even when -.Fn ENGINE_set_default -or -.Fn ENGINE_set_default_string -fail, they typically still register -.Fa e -for some algorithms, but usually not for all it could be registered -for by calling the individual functions. diff --git a/lib/libcrypto/man/ENGINE_set_flags.3 b/lib/libcrypto/man/ENGINE_set_flags.3 deleted file mode 100644 index 33e8f333c..000000000 --- a/lib/libcrypto/man/ENGINE_set_flags.3 +++ /dev/null @@ -1,92 +0,0 @@ -.\" $OpenBSD: ENGINE_set_flags.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_SET_FLAGS 3 -.Os -.Sh NAME -.Nm ENGINE_set_flags , -.Nm ENGINE_get_flags -.Nd modify the behaviour of an ENGINE object -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_set_flags -.Fa "ENGINE *e" -.Fa "int flags" -.Fc -.Ft int -.Fo ENGINE_get_flags -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Fn ENGINE_set_flags -sets the flags attribute of -.Fa e -to the new -.Fa flags . -The previous state of the flags attribute is overwritten. -Flags that were previously set are cleared -unless they are also present in the new -.Fa flags . -.Pp -The -.Fa flags -argument can be the bitwise OR of zero or more -of the following constants: -.Bl -tag -width Ds -.It Dv ENGINE_FLAGS_BY_ID_COPY -.Xr ENGINE_by_id 3 -returns a shallow copy of the -.Vt ENGINE -object it found rather than incrementing the reference count -and returning a pointer to the original. -.It Dv ENGINE_FLAGS_MANUAL_CMD_CTRL -.Xr ENGINE_ctrl 3 -lets the function installed with -.Xr ENGINE_set_ctrl_function 3 -handle all commands except -.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION , -even the builtin commands. -.It Dv ENGINE_FLAGS_NO_REGISTER_ALL -.Xr ENGINE_register_all_complete 3 -skips -.Fa e . -.El -.Sh RETURN VALUES -.Fn ENGINE_set_flags -always returns 1. -.Pp -.Fn ENGINE_get_flags -returns the -.Fa flags -attribute of -.Fa e . -.Sh SEE ALSO -.Xr ENGINE_by_id 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_all_complete 3 , -.Xr ENGINE_set_RSA 3 -.Sh HISTORY -.Fn ENGINE_set_flags -and -.Fn ENGINE_get_flags -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/lib/libcrypto/man/ENGINE_unregister_RSA.3 b/lib/libcrypto/man/ENGINE_unregister_RSA.3 deleted file mode 100644 index d03730638..000000000 --- a/lib/libcrypto/man/ENGINE_unregister_RSA.3 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $OpenBSD: ENGINE_unregister_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_UNREGISTER_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_unregister_RSA , -.Nm ENGINE_unregister_DSA , -.Nm ENGINE_unregister_ECDH , -.Nm ENGINE_unregister_ECDSA , -.Nm ENGINE_unregister_DH , -.Nm ENGINE_unregister_RAND , -.Nm ENGINE_unregister_STORE , -.Nm ENGINE_unregister_ciphers , -.Nm ENGINE_unregister_digests -.Nd revoke the registration of an ENGINE object -.Sh SYNOPSIS -.In openssl/engine.h -.Ft void -.Fo ENGINE_unregister_RSA -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_DSA -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_ECDH -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_ECDSA -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_DH -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_RAND -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_STORE -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_ciphers -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_digests -.Fa "ENGINE *e" -.Fc -.Sh DESCRIPTION -These functions remove -.Fa e -from the list of -.Vt ENGINE -objects that were previously registered for the respective algorithm -with the functions described in -.Xr ENGINE_register_RSA 3 . -.Pp -If -.Fa e -is currently used as the default engine for the algorithm -as described in the -.Fn ENGINE_set_default 3 -and -.Fn ENGINE_get_default_RSA 3 -manual pages, -.Xr ENGINE_finish 3 -is also called. -.Pp -.Fn ENGINE_unregister_ciphers -and -.Fn ENGINE_unregister_digests -unregister -.Fa e -for all ciphers or digests, respectively. -.Sh SEE ALSO -.Xr ENGINE_cleanup 3 , -.Xr ENGINE_finish 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 -.Sh HISTORY -.Fn ENGINE_unregister_RSA , -.Fn ENGINE_unregister_DSA , -.Fn ENGINE_unregister_DH , -.Fn ENGINE_unregister_RAND , -.Fn ENGINE_unregister_ciphers , -and -.Fn ENGINE_unregister_digests -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_unregister_ECDH , -.Fn ENGINE_unregister_ECDSA , -and -.Fn ENGINE_unregister_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/lib/libcrypto/man/EVP_OpenInit.3 b/lib/libcrypto/man/EVP_OpenInit.3 index 766d178cb..fbd0e7557 100644 --- a/lib/libcrypto/man/EVP_OpenInit.3 +++ b/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_OpenInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $ +.\" $OpenBSD: EVP_OpenInit.3,v 1.9 2023/11/16 20:27:43 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 7 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_OPENINIT 3 .Os .Sh NAME @@ -131,6 +131,9 @@ parameter is a variable length cipher then the key length will be set to the value of the recovered key length. If the cipher is a fixed length cipher then the recovered key length must match the fixed cipher length. +.Pp +.Fn EVP_OpenUpdate +is implemented as a macro. .Sh RETURN VALUES .Fn EVP_OpenInit returns 0 on error or a non-zero integer (actually the recovered secret diff --git a/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/lib/libcrypto/man/EVP_PKEY_encrypt.3 index a13594b5e..6b9f8fa68 100644 --- a/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ b/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.8 2023/05/14 09:29:37 tb Exp $ +.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.9 2023/11/19 10:09:27 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 14 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt EVP_PKEY_ENCRYPT 3 .Os .Sh NAME @@ -138,17 +138,15 @@ to start with the default OpenSSL RSA implementation: .Bd -literal -offset indent #include #include -#include EVP_PKEY_CTX *ctx; -ENGINE *eng; unsigned char *out, *in; size_t outlen, inlen; EVP_PKEY *key; -/* NB: assumes eng, key in, inlen are already set up +/* NB: assumes that key, in, inlen are already set up * and that key is an RSA public key */ -ctx = EVP_PKEY_CTX_new(key, eng); +ctx = EVP_PKEY_CTX_new(key, NULL); if (!ctx) /* Error occurred */ if (EVP_PKEY_encrypt_init(ctx) <= 0) diff --git a/lib/libcrypto/man/EVP_SealInit.3 b/lib/libcrypto/man/EVP_SealInit.3 index 15938fcb3..da5353527 100644 --- a/lib/libcrypto/man/EVP_SealInit.3 +++ b/lib/libcrypto/man/EVP_SealInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_SealInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $ +.\" $OpenBSD: EVP_SealInit.3,v 1.9 2023/11/16 20:27:43 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 7 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_SEALINIT 3 .Os .Sh NAME @@ -162,6 +162,9 @@ set to 0 and (after setting any cipher parameters) it should be called again with .Fa type set to NULL. +.Pp +.Fn EVP_SealUpdate +is implemented as a macro. .Sh RETURN VALUES .Fn EVP_SealInit returns 0 on error or diff --git a/lib/libcrypto/man/EVP_SignInit.3 b/lib/libcrypto/man/EVP_SignInit.3 index 59dbca1e5..dc042910b 100644 --- a/lib/libcrypto/man/EVP_SignInit.3 +++ b/lib/libcrypto/man/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_SignInit.3,v 1.16 2022/07/13 19:10:40 schwarze Exp $ +.\" $OpenBSD: EVP_SignInit.3,v 1.17 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 13 2022 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_SIGNINIT 3 .Os .Sh NAME @@ -157,6 +157,12 @@ Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling .Xr EVP_MD_CTX_free 3 or a memory leak will occur. +.Pp +.Fn EVP_SignInit_ex , +.Fn EVP_SignUpdate , +and +.Fn EVP_SignInit +are implemented as macros. .Sh RETURN VALUES .Fn EVP_SignInit_ex , .Fn EVP_SignUpdate , diff --git a/lib/libcrypto/man/EVP_VerifyInit.3 b/lib/libcrypto/man/EVP_VerifyInit.3 index 5556f6c83..90a774e51 100644 --- a/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_VerifyInit.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: EVP_VerifyInit.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_VERIFYINIT 3 .Os .Sh NAME @@ -147,6 +147,12 @@ Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling .Xr EVP_MD_CTX_free 3 , or a memory leak will occur. +.Pp +.Fn EVP_VerifyInit_ex , +.Fn EVP_VerifyUpdate , +and +.Fn EVP_VerifyInit +are implemented as macros. .Sh RETURN VALUES .Fn EVP_VerifyInit_ex and diff --git a/lib/libcrypto/man/EVP_aes_128_cbc.3 b/lib/libcrypto/man/EVP_aes_128_cbc.3 index ac63f7f1f..4d153e5cb 100644 --- a/lib/libcrypto/man/EVP_aes_128_cbc.3 +++ b/lib/libcrypto/man/EVP_aes_128_cbc.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.4 2020/06/24 18:15:00 jmc Exp $ +.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.5 2023/11/16 20:27:43 schwarze Exp $ .\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000 .\" .\" This file was written by Ronald Tse @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_AES_128_CBC 3 .Os .Sh NAME @@ -205,7 +205,8 @@ are aliases for .Fn EVP_aes_128_cfb128 , .Fn EVP_aes_192_cfb128 , and -.Fn EVP_aes_256_cfb128 . +.Fn EVP_aes_256_cfb128 , +implemented as macros. .Pp .Fn EVP_aes_128_cbc_hmac_sha1 and diff --git a/lib/libcrypto/man/EVP_sm4_cbc.3 b/lib/libcrypto/man/EVP_sm4_cbc.3 index 85ff88f54..0605a52fa 100644 --- a/lib/libcrypto/man/EVP_sm4_cbc.3 +++ b/lib/libcrypto/man/EVP_sm4_cbc.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_sm4_cbc.3,v 1.1 2019/03/18 05:56:24 schwarze Exp $ +.\" $OpenBSD: EVP_sm4_cbc.3,v 1.2 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: OpenSSL 87103969 Oct 1 14:11:57 2018 -0700 .\" .\" Copyright (c) 2017 Ribose Inc @@ -18,7 +18,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 18 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_SM4_CBC 3 .Os .Sh NAME @@ -53,7 +53,8 @@ bits. .Pp .Fn EVP_sm4_cfb is an alias for -.Fn EVP_sm4_cfb128 . +.Fn EVP_sm4_cfb128 , +implemented as a macro. .Pp With an argument of .Qq sm4 diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index f42e9327a..01be88116 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.276 2023/09/29 08:57:49 tb Exp $ +# $OpenBSD: Makefile,v 1.277 2023/11/19 10:36:14 tb Exp $ .include @@ -140,17 +140,7 @@ MAN= \ EC_KEY_new.3 \ EC_POINT_add.3 \ EC_POINT_new.3 \ - ENGINE_add.3 \ - ENGINE_ctrl.3 \ - ENGINE_get_default_RSA.3 \ - ENGINE_init.3 \ ENGINE_new.3 \ - ENGINE_register_RSA.3 \ - ENGINE_register_all_RSA.3 \ - ENGINE_set_RSA.3 \ - ENGINE_set_default.3 \ - ENGINE_set_flags.3 \ - ENGINE_unregister_RSA.3 \ ERR.3 \ ERR_GET_LIB.3 \ ERR_asprintf_error_data.3 \ diff --git a/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 06ca55848..76427a864 100644 --- a/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.12 2019/06/06 01:06:58 schwarze Exp $ +.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.13 2023/11/16 20:17:04 schwarze Exp $ .\" full merge up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800 .\" .\" This file is a derived work. @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt OPENSSL_VERSION_NUMBER 3 .Os .Sh NAME @@ -217,7 +217,7 @@ is an alias for and .Fn SSLeay for -.Dv OpenSSL_version_num . +.Fn OpenSSL_version_num . The legacy function .Fn SSLeay_version is similar to diff --git a/lib/libcrypto/man/OPENSSL_config.3 b/lib/libcrypto/man/OPENSSL_config.3 index 2960e2389..f5f31571a 100644 --- a/lib/libcrypto/man/OPENSSL_config.3 +++ b/lib/libcrypto/man/OPENSSL_config.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_config.3,v 1.15 2019/06/14 13:41:31 schwarze Exp $ +.\" $OpenBSD: OPENSSL_config.3,v 1.16 2023/11/19 21:01:27 tb Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: November 19 2023 $ .Dt OPENSSL_CONFIG 3 .Os .Sh NAME @@ -117,10 +117,9 @@ To use a non-standard configuration file, refer to Internally, .Fn OPENSSL_config calls -.Xr OPENSSL_init_crypto 3 , -.Xr OPENSSL_load_builtin_modules 3 , +.Xr OPENSSL_init_crypto 3 and -.Xr ENGINE_load_builtin_engines 3 . +.Xr OPENSSL_load_builtin_modules 3 . .Pp If an application is compiled with the preprocessor symbol .Dv OPENSSL_LOAD_CONF diff --git a/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index bcfb363ca..bcaa57a9a 100644 --- a/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_load_builtin_modules.3,v 1.6 2019/06/14 13:41:31 schwarze Exp $ +.\" $OpenBSD: OPENSSL_load_builtin_modules.3,v 1.7 2023/11/19 20:59:00 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,13 +48,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: November 19 2023 $ .Dt OPENSSL_LOAD_BUILTIN_MODULES 3 .Os .Sh NAME .Nm OPENSSL_load_builtin_modules , .Nm ASN1_add_oid_module , -.Nm ENGINE_add_conf_module .Nd add standard configuration modules .Sh SYNOPSIS .In openssl/conf.h @@ -62,8 +61,6 @@ .Fn OPENSSL_load_builtin_modules void .Ft void .Fn ASN1_add_oid_module void -.Ft void -.Fn ENGINE_add_conf_module void .Sh DESCRIPTION The function .Fn OPENSSL_load_builtin_modules @@ -74,9 +71,6 @@ They can then be used by the OpenSSL configuration code. .Fn ASN1_add_oid_module adds just the ASN.1 OBJECT module. .Pp -.Fn ENGINE_add_conf_module -adds just the ENGINE configuration module. -.Pp If the simple configuration function .Xr OPENSSL_config 3 is called then diff --git a/lib/libcrypto/man/OPENSSL_malloc.3 b/lib/libcrypto/man/OPENSSL_malloc.3 index 87f8d81ed..508867132 100644 --- a/lib/libcrypto/man/OPENSSL_malloc.3 +++ b/lib/libcrypto/man/OPENSSL_malloc.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_malloc.3,v 1.10 2022/11/06 18:31:15 tb Exp $ +.\" $OpenBSD: OPENSSL_malloc.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 6 2022 $ +.Dd $Mdocdate: November 16 2023 $ .Dt OPENSSL_MALLOC 3 .Os .Sh NAME @@ -83,6 +83,10 @@ standard and .Xr strdup 3 functions. +.Pp +The four +.Fn OPENSSL_* +functions are implemented as macros. .Sh RETURN VALUES These functions return the same type and value as the corresponding standard functions. diff --git a/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 0c4112087..4aeef4f08 100644 --- a/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.14 2023/09/10 14:39:58 schwarze Exp $ +.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.15 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 10 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt OPENSSL_ADD_ALL_ALGORITHMS 3 .Os .Sh NAME @@ -117,6 +117,11 @@ including any that are unrelated to the EVP library. .Fn SSLeay_add_all_algorithms is a deprecated alias for .Fn OpenSSL_add_all_algorithms . +.Pp +.Fn OpenSSL_add_all_algorithms +and +.Fn SSLeay_add_all_algorithms +are implemented as macros. .Sh SEE ALSO .Xr evp 3 , .Xr EVP_add_cipher 3 , diff --git a/lib/libcrypto/man/RSA_check_key.3 b/lib/libcrypto/man/RSA_check_key.3 index c1e6379ac..36b613b3a 100644 --- a/lib/libcrypto/man/RSA_check_key.3 +++ b/lib/libcrypto/man/RSA_check_key.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_check_key.3,v 1.9 2023/05/01 07:28:11 tb Exp $ +.\" $OpenBSD: RSA_check_key.3,v 1.10 2023/11/19 21:06:15 tb Exp $ .\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 .\" .\" This file was written by Ulf Moeller and @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 1 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt RSA_CHECK_KEY 3 .Os .Sh NAME @@ -92,27 +92,6 @@ key structure must contain all the private key data too. Therefore, it cannot be used with any arbitrary .Vt RSA key object, even if it is otherwise fit for regular RSA operation. -.Pp -Unlike most other RSA functions, this function does -.Sy not -work transparently with any underlying -.Vt ENGINE -implementation because it uses the key data in the -.Vt RSA -structure directly. -An -.Vt ENGINE -implementation can override the way key data is stored and handled, -and can even provide support for HSM keys - in which case the -.Vt RSA -structure may contain -.Sy no -key data at all! -If the -.Vt ENGINE -in question is only being used for acceleration or analysis purposes, -then in all likelihood the RSA key data is complete and untouched, -but this can't be assumed in the general case. .Sh RETURN VALUES .Fn RSA_check_key returns 1 if diff --git a/lib/libcrypto/man/RSA_get_ex_new_index.3 b/lib/libcrypto/man/RSA_get_ex_new_index.3 index 51a8f24cd..5f1fb4335 100644 --- a/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.12 2023/09/18 14:49:43 schwarze Exp $ +.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.13 2023/11/19 21:08:04 tb Exp $ .\" .\" Copyright (c) 2023 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 18 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt RSA_GET_EX_NEW_INDEX 3 .Os .Sh NAME @@ -47,7 +47,7 @@ The following parent objects can have application specific data called .Dq ex_data attached to them: -.Vt BIO , DH , DSA , EC_KEY , ENGINE , RSA , +.Vt BIO , DH , DSA , EC_KEY , RSA , .Vt SSL , SSL_CTX , SSL_SESSION , UI , X509 , X509_STORE , and .Vt X509_STORE_CTX . diff --git a/lib/libcrypto/man/RSA_new.3 b/lib/libcrypto/man/RSA_new.3 index b4c595ff2..f5c7929e7 100644 --- a/lib/libcrypto/man/RSA_new.3 +++ b/lib/libcrypto/man/RSA_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_new.3,v 1.17 2022/07/13 21:51:35 schwarze Exp $ +.\" $OpenBSD: RSA_new.3,v 1.18 2023/11/19 21:03:22 tb Exp $ .\" full merge up to: .\" OpenSSL doc/man3/RSA_new.pod e9b77246 Jan 20 19:58:49 2017 +0100 .\" OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400 (final) @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 13 2022 $ +.Dd $Mdocdate: November 19 2023 $ .Dt RSA_NEW 3 .Os .Sh NAME @@ -128,12 +128,8 @@ decrements the reference count by 1. If it reaches 0, it calls the optional .Fa finish function set up with -.Xr RSA_meth_set_finish 3 , -calls -.Xr ENGINE_finish 3 -if -.Fa rsa -uses an engine, and frees the +.Xr RSA_meth_set_finish 3 +and frees the .Vt RSA structure and its components. The key is erased before the memory is returned to the system. @@ -185,12 +181,8 @@ values are available. .Pp Note that RSA keys may use non-standard .Vt RSA_METHOD -implementations, either directly or by the use of -.Vt ENGINE -modules. -In some cases (e.g. an -.Vt ENGINE -providing support for hardware-embedded keys), these +implementations. +In some cases, these .Vt BIGNUM values will not be used by the implementation or may be used for alternative data storage. diff --git a/lib/libcrypto/man/RSA_set_method.3 b/lib/libcrypto/man/RSA_set_method.3 index 818b64823..ffe22c116 100644 --- a/lib/libcrypto/man/RSA_set_method.3 +++ b/lib/libcrypto/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_set_method.3,v 1.17 2023/05/14 09:33:19 tb Exp $ +.\" $OpenBSD: RSA_set_method.3,v 1.18 2023/11/19 10:34:26 tb Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Ulf Moeller @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 14 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt RSA_SET_METHOD 3 .Os .Sh NAME @@ -105,16 +105,9 @@ selects as the default method for all .Vt RSA structures created later. -If any -.Vt ENGINE -was registered with -.Xr ENGINE_register_RSA 3 -that can be successfully initialized, it overrides the default. .Pp .Fn RSA_get_default_method -returns a pointer to the current default method, -even if it is actually overridden by an -.Vt ENGINE . +returns a pointer to the current default method. .Pp .Fn RSA_set_method selects @@ -127,10 +120,7 @@ used by the RSA key, calling the .Fa finish function set up with .Xr RSA_meth_set_finish 3 -if any, and if the previous method was supplied by an -.Vt ENGINE , -.Xr ENGINE_finish 3 -is called on it. +if any. If .Fa meth contains an @@ -142,9 +132,7 @@ that function is called just before returning from .Pp It is possible to have RSA keys that only work with certain .Vt RSA_METHOD -implementations (e.g. from an -.Vt ENGINE -module that supports embedded hardware-protected keys), +implementations, and in such cases attempting to change the .Vt RSA_METHOD for the key can have unexpected results. @@ -154,12 +142,6 @@ returns a pointer to the .Vt RSA_METHOD being used by .Fa rsa . -This method may or may not be supplied by an -.Vt ENGINE -implementation but if it is, the return value can only be guaranteed -to be valid as long as the RSA key itself is valid and does not -have its implementation changed by -.Fn RSA_set_method . .Pp The misleadingly named function .Fn RSA_flags @@ -178,17 +160,10 @@ section for more details. .Fn RSA_new_method allocates and initializes an .Vt RSA -structure so that +structure. +The .Fa engine -is used for the RSA operations. -If -.Fa engine -is -.Dv NULL , -.Xr ENGINE_get_default_RSA 3 -is used. -If that returns -.Dv NULL , +argument is ignored and the default method controlled by .Fn RSA_set_default_method is used. @@ -224,9 +199,6 @@ and sets an error code that can be obtained by if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .Sh SEE ALSO -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default_RSA 3 , .Xr RSA_meth_new 3 , .Xr RSA_new 3 .Sh HISTORY diff --git a/lib/libcrypto/man/X509_STORE_get_by_subject.3 b/lib/libcrypto/man/X509_STORE_get_by_subject.3 index 3fb6c1c25..ee2ba07b1 100644 --- a/lib/libcrypto/man/X509_STORE_get_by_subject.3 +++ b/lib/libcrypto/man/X509_STORE_get_by_subject.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.4 2023/08/10 14:15:16 schwarze Exp $ +.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.5 2023/11/16 20:27:43 schwarze Exp $ .\" .\" Copyright (c) 2021, 2023 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 10 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt X509_STORE_GET_BY_SUBJECT 3 .Os .Sh NAME @@ -160,7 +160,7 @@ encourage checking of validity times, CAs with a valid time are preferred, but if no matching CA has a valid time, one with an invalid time is accepted anyway. .Pp -The following are deprecated aliases: +The following are deprecated aliases implemented as macros: .Bl -column X509_STORE_get_by_subject F X509_STORE_CTX_get_by_subject .It Fn X509_STORE_get_by_subject Ta for Ta Fn X509_STORE_CTX_get_by_subject .It Fn X509_STORE_get1_certs Ta for Ta Fn X509_STORE_CTX_get1_certs diff --git a/lib/libcrypto/man/X509_STORE_set1_param.3 b/lib/libcrypto/man/X509_STORE_set1_param.3 index 354d87385..538f22c75 100644 --- a/lib/libcrypto/man/X509_STORE_set1_param.3 +++ b/lib/libcrypto/man/X509_STORE_set1_param.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_set1_param.3,v 1.19 2021/10/18 18:20:39 schwarze Exp $ +.\" $OpenBSD: X509_STORE_set1_param.3,v 1.20 2023/11/16 20:27:43 schwarze Exp $ .\" content checked up to: .\" OpenSSL man3/X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 .\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400 @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 18 2021 $ +.Dd $Mdocdate: November 16 2023 $ .Dt X509_STORE_SET1_PARAM 3 .Os .Sh NAME @@ -145,6 +145,8 @@ Their usage is identical to that of .Xr RSA_set_ex_data 3 , and .Xr RSA_get_ex_data 3 . +.Fn X509_STORE_get_ex_new_index +is implemented as a macro. .Sh RETURN VALUES .Fn X509_STORE_set1_param , .Fn X509_STORE_set_purpose , diff --git a/lib/libcrypto/man/bn_dump.3 b/lib/libcrypto/man/bn_dump.3 index cfe707b77..b4272441e 100644 --- a/lib/libcrypto/man/bn_dump.3 +++ b/lib/libcrypto/man/bn_dump.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bn_dump.3,v 1.8 2023/01/20 12:16:46 jsing Exp $ +.\" $OpenBSD: bn_dump.3,v 1.9 2023/11/16 18:10:19 schwarze Exp $ .\" full merge up to: .\" OpenSSL crypto/bn/README.pod aebb9aac Jul 19 09:27:53 2016 -0400 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 20 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BN_DUMP 3 .Os .Sh NAME @@ -64,28 +64,12 @@ .Nm bn_mul_comba8 , .Nm bn_sqr_comba4 , .Nm bn_sqr_comba8 , -.Nm bn_cmp_words , .Nm bn_mul_normal , -.Nm bn_mul_recursive , -.Nm bn_mul_part_recursive , -.Nm bn_sqr_normal , -.Nm bn_sqr_recursive , .Nm bn_expand , -.Nm bn_wexpand , -.Nm bn_expand2 , -.Nm bn_fix_top , -.Nm bn_check_top , -.Nm bn_print , -.Nm bn_dump , -.Nm bn_set_max , -.Nm bn_set_high , -.Nm bn_set_low , -.Nm mul , -.Nm mul_add , -.Nm sqr +.Nm bn_wexpand .Nd BIGNUM library internal functions .Sh SYNOPSIS -.In openssl/bn.h +.Fd #include "bn_local.h" .Ft BN_ULONG .Fo bn_mul_words .Fa "BN_ULONG *rp" @@ -148,12 +132,6 @@ .Fa "BN_ULONG *r" .Fa "BN_ULONG *a" .Fc -.Ft int -.Fo bn_cmp_words -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n" -.Fc .Ft void .Fo bn_mul_normal .Fa "BN_ULONG *r" @@ -162,60 +140,6 @@ .Fa "BN_ULONG *b" .Fa "int nb" .Fc -.Ft void -.Fo bn_mul_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n2" -.Fa "int dna" -.Fa "int dnb" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_mul_part_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n" -.Fa "int tna" -.Fa "int tnb" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_sqr_normal -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "int n" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_sqr_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "int n2" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo mul -.Fa "BN_ULONG r" -.Fa "BN_ULONG a" -.Fa "BN_ULONG w" -.Fa "BN_ULONG c" -.Fc -.Ft void -.Fo mul_add -.Fa "BN_ULONG r" -.Fa "BN_ULONG a" -.Fa "BN_ULONG w" -.Fa "BN_ULONG c" -.Fc -.Ft void -.Fo sqr -.Fa "BN_ULONG r0" -.Fa "BN_ULONG r1" -.Fa "BN_ULONG a" -.Fc .Ft BIGNUM * .Fo bn_expand .Fa "BIGNUM *a" @@ -226,46 +150,8 @@ .Fa "BIGNUM *a" .Fa "int n" .Fc -.Ft BIGNUM * -.Fo bn_expand2 -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft void -.Fo bn_fix_top -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_check_top -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_print -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_dump -.Fa "BN_ULONG *d" -.Fa "int n" -.Fc -.Ft void -.Fo bn_set_max -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_set_high -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft void -.Fo bn_set_low -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "int n" -.Fc .Sh DESCRIPTION -This page documents the internal functions used by the OpenSSL +This page documents some internal functions used by the .Vt BIGNUM implementation. They are described here to facilitate debugging and extending the @@ -327,16 +213,12 @@ is a bit field of flags which are defined in .In openssl/bn.h . The flags begin with .Dv BN_FLG_ . -The macros -.Fn BN_set_flags b n +The functions +.Xr BN_set_flags 3 and -.Fn BN_get_flags b n -exist to enable or fetch flag(s) -.Fa n -from a -.Vt BIGNUM -structure -.Fa b . +.Xr BN_get_flags 3 +enable or inspect +.Fa flags . .Pp Various routines in this library require the use of temporary .Vt BIGNUM @@ -488,18 +370,6 @@ and the 16 word array .Pp The following functions are implemented in C: .Pp -.Fn bn_cmp_words a b n -operates on the -.Fa n -word arrays -.Fa a -and -.Fa b . -It returns 1, 0 and -1 if -.Fa a -is greater than, equal and less than -.Fa b . -.Pp .Fn bn_mul_normal r a na b nb operates on the .Fa na @@ -518,103 +388,15 @@ It computes and places the result in .Fa r . .Pp -.Fn bn_mul_recursive r a b n2 dna dnb t -operates on the word arrays -.Fa a -and -.Fa b -of length -.Fa n2 Ns + Ns Fa dna -and -.Fa n2 Ns + Ns Fa dnb -.Pf ( Fa dna -and -.Fa dnb -are currently allowed to be 0 or negative) and the -.Pf 2* Fa n2 -word arrays -.Fa r -and -.Sy t . -.Fa n2 -must be a power of 2. -It computes -.Fa a Ns * Ns Fa b -and places the result in -.Fa r . -.Pp -.Fn bn_mul_part_recursive r a b n tna tnb tmp -operates on the word arrays -.Fa a -and -.Fa b -of length -.Fa n Ns + Ns Fa tna -and -.Fa n Ns + Ns Fa tnb -and the -.Pf 4* Fa n -word arrays -.Fa r -and -.Fa tmp . -.Pp .Xr BN_mul 3 calls -.Fn bn_mul_normal , -or an optimized implementation if the factors have the same size: +.Fn bn_mul_comba4 +if both factors are 4 words long, .Fn bn_mul_comba8 -is used if they are 8 words long, -.Fn bn_mul_recursive -if they are larger than -.Dv BN_MULL_SIZE_NORMAL -and the size is an exact multiple of the word size, and -.Fn bn_mul_part_recursive -for others that are larger than -.Dv BN_MULL_SIZE_NORMAL . -.Pp -.Fn bn_sqr_normal r a n tmp -operates on the -.Fa n -word array -.Fa a -and the -.Pf 2* Fa n -word arrays -.Fa tmp -and -.Fa r . -.Pp -The implementations use the following macros which, depending on the -architecture, may use -.Vt long long -C operations or inline assembler. -They are defined in -.Pa bn_lcl.h . -.Pp -.Fn mul r a w c -computes -.Fa w Ns * Ns Fa a Ns + Ns Fa c -and places the low word of the result in -.Fa r -and the high word in -.Fa c . -.Pp -.Fn mul_add r a w c -computes -.Fa w Ns * Ns Fa a Ns + Ns Fa r Ns + Ns Fa c -and places the low word of the result in -.Fa r -and the high word in -.Fa c . -.Pp -.Fn sqr r0 r1 a -computes -.Fa a Ns * Ns Fa a -and places the low word of the result in -.Fa r0 -and the high word in -.Fa r1 . +if both factors are 8 words long, +or +.Fn bn_mul_normal +otherwise. .Ss Size changes .Fn bn_expand ensures that @@ -628,71 +410,6 @@ ensures that has enough space for an .Fa n word number. -If the number has to be expanded, both macros call -.Fn bn_expand2 , -which allocates a new -.Fa d -array and copies the data. -They return -.Dv NULL -on error, -.Fa b -otherwise. -.Pp -The -.Fn bn_fix_top -macro reduces -.Fa a Ns -> Ns Fa top -to point to the most significant non-zero word plus one when -.Fa a -has shrunk. -.Ss Debugging -.Fn bn_check_top -verifies that -.Ql ((a)-\(ratop \(ra= 0 && (a)-\(ratop \(la= (a)-\(radmax) . -A violation will cause the program to abort. -.Pp -.Fn bn_print -prints -.Fa a -to -.Dv stderr . -.Fn bn_dump -prints -.Fa n -words at -.Fa d -(in reverse order, i.e.\& -most significant word first) to -.Dv stderr . -.Pp -.Fn bn_set_max -makes -.Fa a -a static number with a -.Fa dmax -of its current size. -This is used by -.Fn bn_set_low -and -.Fn bn_set_high -to make -.Fa r -a read-only -.Vt BIGNUM -that contains the -.Fa n -low or high words of -.Fa a . -.Pp -If -.Dv BN_DEBUG -is not defined, -.Fn bn_check_top , -.Fn bn_print , -.Fn bn_dump -and -.Fn bn_set_max -are defined as empty macros. +They return 0 on error or 1 otherwise. .Sh SEE ALSO .Xr BN_new 3 diff --git a/lib/libcrypto/man/evp.3 b/lib/libcrypto/man/evp.3 index b29f76480..9ae301266 100644 --- a/lib/libcrypto/man/evp.3 +++ b/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: evp.3,v 1.24 2023/09/09 14:39:09 schwarze Exp $ +.\" $OpenBSD: evp.3,v 1.25 2023/11/19 10:25:28 tb Exp $ .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Ulf Moeller , @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 9 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt EVP 3 .Os .Sh NAME @@ -156,30 +156,6 @@ example, PBKDF2 from PCKS#5). The .Xr EVP_EncodeInit 3 family of functions provides base64 encoding and decoding. -.Pp -All the symmetric algorithms (ciphers), digests and asymmetric -algorithms (public key algorithms) can be replaced by -.Vt ENGINE -modules providing alternative implementations; see -.Xr ENGINE_register_RSA 3 -and the related manual pages for more information. -If -.Vt ENGINE -implementations of ciphers or digests are registered as defaults, -then the various EVP functions will automatically use those -implementations in preference to built in software implementations. -.Pp -Although low-level algorithm specific functions exist for many -algorithms, their use is discouraged. -They cannot be used with an -.Vt ENGINE , -and -.Vt ENGINE -versions of new algorithms cannot be accessed using the low-level -functions. -Using them also makes code harder to adapt to new algorithms, some -options are not cleanly supported at the low level, and some -operations are more efficient using the high-level interfaces. .Sh SEE ALSO .Xr ASN1_item_digest 3 , .Xr ASN1_item_sign 3 , @@ -191,8 +167,6 @@ operations are more efficient using the high-level interfaces. .Xr crypto 3 , .Xr d2i_PKCS8PrivateKey_bio 3 , .Xr d2i_PrivateKey 3 , -.Xr ENGINE_get_cipher 3 , -.Xr ENGINE_register_RSA 3 , .Xr EVP_add_cipher 3 , .Xr EVP_AEAD_CTX_init 3 , .Xr EVP_aes_128_cbc 3 , diff --git a/lib/libcrypto/man/openssl.cnf.5 b/lib/libcrypto/man/openssl.cnf.5 index eda4829ab..05295cbba 100644 --- a/lib/libcrypto/man/openssl.cnf.5 +++ b/lib/libcrypto/man/openssl.cnf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.cnf.5,v 1.9 2023/10/21 14:05:49 tb Exp $ +.\" $OpenBSD: openssl.cnf.5,v 1.10 2023/11/19 10:23:53 tb Exp $ .\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100 .\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 21 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt OPENSSL.CNF 5 .Os .Sh NAME @@ -192,13 +192,9 @@ openssl_conf = openssl_init [openssl_init] oid_section = new_oids -engines = engine_section [new_oids] \&... new oids here ... - -[engine_section] -\&... engine stuff here ... .Ed .Pp The features of each configuration module are described below. @@ -228,106 +224,6 @@ comma and the numerical OID form. For example: .Pp .Dl shortName = some object long name, 1.2.3.4 -.Ss Engine Configuration Module -This ENGINE configuration module has the name -.Ic engines . -The value of this variable points to a section containing further ENGINE -configuration information. -.Pp -The section pointed to by -.Ic engines -is a table of engine names (though see -.Ic engine_id -below) and further sections containing configuration information -specific to each ENGINE. -.Pp -Each ENGINE specific section is used to set default algorithms, load -dynamic ENGINEs, perform initialization and send ctrls. -The actual operation performed depends on the command -name which is the name of the name value pair. -The currently supported commands are listed below. -.Pp -For example: -.Bd -literal -offset indent -[engine_section] -# Configure ENGINE named "foo" -foo = foo_section -# Configure ENGINE named "bar" -bar = bar_section - -[foo_section] -\&... foo ENGINE specific commands ... - -[bar_section] -\&... "bar" ENGINE specific commands ... -.Ed -.Pp -The command -.Ic engine_id -is used to give the ENGINE name. -If used, this command must be first. -For example: -.Bd -literal -offset indent -[engine_section] -# This would normally handle an ENGINE named "foo" -foo = foo_section - -[foo_section] -# Override default name and use "myfoo" instead. -engine_id = myfoo -.Ed -.Pp -The command -.Ic dynamic_path -loads and adds an ENGINE from the given path. -It is equivalent to sending the ctrls -.Sy SO_PATH -with the path argument followed by -.Sy LIST_ADD -with value 2 and -.Sy LOAD -to the dynamic ENGINE. -If this is not the required behaviour then alternative ctrls can be sent -directly to the dynamic ENGINE using ctrl commands. -.Pp -The command -.Ic init -determines whether to initialize the ENGINE. -If the value is 0, the ENGINE will not be initialized. -If it is 1, an attempt is made to initialized the ENGINE immediately. -If the -.Ic init -command is not present, then an attempt will be made to initialize -the ENGINE after all commands in its section have been processed. -.Pp -The command -.Ic default_algorithms -sets the default algorithms an ENGINE will supply using the functions -.Xr ENGINE_set_default_string 3 . -.Pp -If the name matches none of the above command names, it is assumed -to be a ctrl command which is sent to the ENGINE. -The value of the command is the argument to the ctrl command. -If the value is the string -.Cm EMPTY , -then no value is sent to the command. -.Pp -For example: -.Bd -literal -offset indent -[engine_section] -# Configure ENGINE named "foo" -foo = foo_section - -[foo_section] -# Load engine from DSO -dynamic_path = /some/path/fooengine.so -# A foo specific ctrl. -some_ctrl = some_value -# Another ctrl that doesn't take a value. -other_ctrl = EMPTY -# Supply all default algorithms -default_algorithms = ALL -.Ed .Sh FILES .Bl -tag -width /etc/ssl/openssl.cnf -compact .It Pa /etc/ssl/openssl.cnf diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index 3f23a0131..db0e75518 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.53 2023/07/07 13:40:44 beck Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.54 2023/11/19 15:46:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,9 +74,6 @@ #ifndef OPENSSL_NO_DES #include #endif -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include "asn1_local.h" #include "evp_local.h" @@ -231,9 +228,6 @@ check_pem(const char *nm, const char *name) r = 1; else r = 0; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(e); -#endif return r; } } diff --git a/lib/libcrypto/pem/pem_pkey.c b/lib/libcrypto/pem/pem_pkey.c index 296195213..d7001c83c 100644 --- a/lib/libcrypto/pem/pem_pkey.c +++ b/lib/libcrypto/pem/pem_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_pkey.c,v 1.27 2023/07/07 13:40:44 beck Exp $ */ +/* $OpenBSD: pem_pkey.c,v 1.28 2023/11/19 15:46:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,10 +69,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "asn1_local.h" #include "evp_local.h" diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index bec789ec4..755badf41 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_doit.c,v 1.52 2023/03/09 18:20:10 tb Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.54 2023/11/15 00:55:43 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,10 +68,6 @@ #include "evp_local.h" #include "x509_local.h" -static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value); -static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); - static int PKCS7_type_is_other(PKCS7* p7) { @@ -407,7 +403,7 @@ err: BIO_free_all(btmp); out = NULL; } - return (out); + return out; } LCRYPTO_ALIAS(PKCS7_dataInit); @@ -636,7 +632,7 @@ err: BIO_free_all(etmp); out = NULL; } - return (out); + return out; } LCRYPTO_ALIAS(PKCS7_dataDecode); @@ -865,7 +861,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) ret = 1; err: EVP_MD_CTX_cleanup(&ctx_tmp); - return (ret); + return ret; } LCRYPTO_ALIAS(PKCS7_dataFinal); @@ -1093,7 +1089,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509) ret = 1; err: EVP_MD_CTX_cleanup(&mdc_tmp); - return (ret); + return ret; } LCRYPTO_ALIAS(PKCS7_signatureVerify); @@ -1114,26 +1110,12 @@ PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) return NULL; ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) - return (NULL); + return NULL; ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); - return (ri->issuer_and_serial); + return ri->issuer_and_serial; } LCRYPTO_ALIAS(PKCS7_get_issuer_and_serial); -ASN1_TYPE * -PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) -{ - return (get_attribute(si->auth_attr, nid)); -} -LCRYPTO_ALIAS(PKCS7_get_signed_attribute); - -ASN1_TYPE * -PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) -{ - return (get_attribute(si->unauth_attr, nid)); -} -LCRYPTO_ALIAS(PKCS7_get_attribute); - static ASN1_TYPE * get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) { @@ -1143,15 +1125,29 @@ get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) o = OBJ_nid2obj(nid); if (!o || !sk) - return (NULL); + return NULL; for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { xa = sk_X509_ATTRIBUTE_value(sk, i); if (OBJ_cmp(xa->object, o) == 0) - return (sk_ASN1_TYPE_value(xa->set, 0)); + return sk_ASN1_TYPE_value(xa->set, 0); } - return (NULL); + return NULL; } +ASN1_TYPE * +PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) +{ + return get_attribute(si->auth_attr, nid); +} +LCRYPTO_ALIAS(PKCS7_get_signed_attribute); + +ASN1_TYPE * +PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) +{ + return get_attribute(si->unauth_attr, nid); +} +LCRYPTO_ALIAS(PKCS7_get_attribute); + ASN1_OCTET_STRING * PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) { @@ -1181,9 +1177,9 @@ PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) - return (0); + return 0; } - return (1); + return 1; } LCRYPTO_ALIAS(PKCS7_set_signed_attributes); @@ -1202,27 +1198,12 @@ PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) - return (0); + return 0; } - return (1); + return 1; } LCRYPTO_ALIAS(PKCS7_set_attributes); -int -PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) -{ - return (add_attribute(&(p7si->auth_attr), nid, atrtype, value)); -} -LCRYPTO_ALIAS(PKCS7_add_signed_attribute); - -int -PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value) -{ - return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value)); -} -LCRYPTO_ALIAS(PKCS7_add_attribute); - static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value) { @@ -1260,5 +1241,20 @@ new_attrib: goto new_attrib; } end: - return (1); + return 1; } + +int +PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value) +{ + return add_attribute(&(p7si->auth_attr), nid, atrtype, value); +} +LCRYPTO_ALIAS(PKCS7_add_signed_attribute); + +int +PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value) +{ + return add_attribute(&(p7si->unauth_attr), nid, atrtype, value); +} +LCRYPTO_ALIAS(PKCS7_add_attribute); diff --git a/lib/libcrypto/rand/rand.h b/lib/libcrypto/rand/rand.h index a0e9b4796..d66d71579 100644 --- a/lib/libcrypto/rand/rand.h +++ b/lib/libcrypto/rand/rand.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rand.h,v 1.23 2022/07/12 14:42:50 kn Exp $ */ +/* $OpenBSD: rand.h,v 1.24 2023/11/19 15:46:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -83,9 +83,6 @@ struct rand_meth_st { int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); -#ifndef OPENSSL_NO_ENGINE -int RAND_set_rand_engine(ENGINE *engine); -#endif RAND_METHOD *RAND_SSLeay(void); #ifndef LIBRESSL_INTERNAL diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c index 5c5df98c9..b9ef0deeb 100644 --- a/lib/libcrypto/rand/rand_lib.c +++ b/lib/libcrypto/rand/rand_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rand_lib.c,v 1.22 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: rand_lib.c,v 1.23 2023/11/19 15:46:10 tb Exp $ */ /* * Copyright (c) 2014 Ted Unangst * @@ -45,15 +45,6 @@ RAND_SSLeay(void) } LCRYPTO_ALIAS(RAND_SSLeay); -#ifndef OPENSSL_NO_ENGINE -int -RAND_set_rand_engine(ENGINE *engine) -{ - return 1; -} -LCRYPTO_ALIAS(RAND_set_rand_engine); -#endif - void RAND_cleanup(void) { diff --git a/lib/libcrypto/rsa/rsa_lib.c b/lib/libcrypto/rsa/rsa_lib.c index fbd2c2274..b379cddc0 100644 --- a/lib/libcrypto/rsa/rsa_lib.c +++ b/lib/libcrypto/rsa/rsa_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_lib.c,v 1.48 2023/07/28 10:05:16 tb Exp $ */ +/* $OpenBSD: rsa_lib.c,v 1.49 2023/11/19 15:46:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,10 +71,6 @@ #include "evp_local.h" #include "rsa_local.h" -#ifndef OPENSSL_NO_ENGINE -#include -#endif - static const RSA_METHOD *default_RSA_meth = NULL; RSA * @@ -122,10 +118,6 @@ RSA_set_method(RSA *rsa, const RSA_METHOD *meth) mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(rsa->engine); - rsa->engine = NULL; -#endif rsa->meth = meth; if (meth->init) meth->init(rsa); @@ -145,25 +137,6 @@ RSA_new_method(ENGINE *engine) ret->meth = RSA_get_default_method(); -#ifndef OPENSSL_NO_ENGINE - if (engine != NULL) { - if (!ENGINE_init(engine)) { - RSAerror(ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else { - ret->engine = ENGINE_get_default_RSA(); - } - - if (ret->engine != NULL) { - if ((ret->meth = ENGINE_get_RSA(ret->engine)) == NULL) { - RSAerror(ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - ret->references = 1; ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; @@ -178,9 +151,6 @@ RSA_new_method(ENGINE *engine) return ret; err: -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ret->engine); -#endif free(ret); return NULL; @@ -201,9 +171,6 @@ RSA_free(RSA *r) if (r->meth->finish) r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); diff --git a/lib/libcrypto/ts/ts.h b/lib/libcrypto/ts/ts.h index 0d5de6223..5215fc058 100644 --- a/lib/libcrypto/ts/ts.h +++ b/lib/libcrypto/ts/ts.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.h,v 1.22 2023/07/28 09:53:55 tb Exp $ */ +/* $OpenBSD: ts.h,v 1.23 2023/11/19 15:46:10 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL * project 2002, 2003, 2004. */ @@ -542,11 +542,6 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, TS_RESP_CTX *ctx); -#ifndef OPENSSL_NO_ENGINE -int TS_CONF_set_crypto_device(CONF *conf, const char *section, - const char *device); -int TS_CONF_set_default_engine(const char *name); -#endif int TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, TS_RESP_CTX *ctx); int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, diff --git a/lib/libcrypto/ts/ts_conf.c b/lib/libcrypto/ts/ts_conf.c index 103d43027..5d27a8bbc 100644 --- a/lib/libcrypto/ts/ts_conf.c +++ b/lib/libcrypto/ts/ts_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_conf.c,v 1.12 2023/07/07 07:25:21 beck Exp $ */ +/* $OpenBSD: ts_conf.c,v 1.13 2023/11/19 15:46:10 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -65,10 +65,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - /* Macro definitions for the configuration file. */ #define BASE_SECTION "tsa" @@ -211,56 +207,6 @@ err: } LCRYPTO_ALIAS(TS_CONF_set_serial); -#ifndef OPENSSL_NO_ENGINE - -int -TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device) -{ - int ret = 0; - - if (!device) - device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); - - if (device && !TS_CONF_set_default_engine(device)) { - TS_CONF_invalid(section, ENV_CRYPTO_DEVICE); - goto err; - } - ret = 1; - -err: - return ret; -} -LCRYPTO_ALIAS(TS_CONF_set_crypto_device); - -int -TS_CONF_set_default_engine(const char *name) -{ - ENGINE *e = NULL; - int ret = 0; - - /* Leave the default if builtin specified. */ - if (strcmp(name, "builtin") == 0) - return 1; - - if (!(e = ENGINE_by_id(name))) - goto err; - /* All the operations are going to be carried out by the engine. */ - if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) - goto err; - ret = 1; - -err: - if (!ret) { - TSerror(TS_R_COULD_NOT_SET_ENGINE); - ERR_asprintf_error_data("engine:%s", name); - } - ENGINE_free(e); - return ret; -} -LCRYPTO_ALIAS(TS_CONF_set_default_engine); - -#endif - int TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, TS_RESP_CTX *ctx) diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index acde94c74..4ef6f6df7 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.230 2022/12/26 07:31:44 jmc Exp $ */ +/* $OpenBSD: ssl.h,v 1.231 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -610,9 +610,6 @@ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); -#ifndef OPENSSL_NO_ENGINE -int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); -#endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index b735cd7b3..38ebea162 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.136 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.137 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -145,10 +145,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "ssl_local.h" #define CIPHER_ADD 1 diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 441da643f..76ed10f80 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.161 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.162 2023/11/19 15:50:29 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -161,9 +161,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #ifndef OPENSSL_NO_GOST #include #endif @@ -2527,20 +2524,10 @@ ssl3_check_finished(SSL *s) static int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { - int i = 0; + if (s->ctx->client_cert_cb == NULL) + return 0; -#ifndef OPENSSL_NO_ENGINE - if (s->ctx->client_cert_engine) { - i = ENGINE_load_ssl_client_cert( - s->ctx->client_cert_engine, s, - SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL, NULL); - if (i != 0) - return (i); - } -#endif - if (s->ctx->client_cert_cb) - i = s->ctx->client_cert_cb(s, px509, ppkey); - return (i); + return s->ctx->client_cert_cb(s, px509, ppkey); } static int diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 0ac393f73..9e65095c6 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.314 2023/09/19 01:22:31 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.315 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -154,10 +154,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "bytestring.h" #include "dtls_local.h" #include "ssl_local.h" @@ -2164,26 +2160,6 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; -#ifndef OPENSSL_NO_ENGINE - ret->client_cert_engine = NULL; -#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO -#define eng_strx(x) #x -#define eng_str(x) eng_strx(x) - /* Use specific client engine automatically... ignore errors */ - { - ENGINE *eng; - eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - if (!eng) { - ERR_clear_error(); - ENGINE_load_builtin_engines(); - eng = ENGINE_by_id(eng_str( - OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - } - if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) - ERR_clear_error(); - } -#endif -#endif /* * Default is to connect to non-RI servers. When RI is more widely * deployed might change this. @@ -2241,10 +2217,6 @@ SSL_CTX_free(SSL_CTX *ctx) sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); #endif -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ctx->client_cert_engine); -#endif - free(ctx->tlsext_ecpointformatlist); free(ctx->tlsext_supportedgroups); diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h index 9666f3882..dd8895f01 100644 --- a/lib/libssl/ssl_local.h +++ b/lib/libssl/ssl_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_local.h,v 1.7 2023/07/06 07:56:32 beck Exp $ */ +/* $OpenBSD: ssl_local.h,v 1.8 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -865,12 +865,6 @@ struct ssl_ctx_st { */ unsigned int max_send_fragment; -#ifndef OPENSSL_NO_ENGINE - /* Engine to pass requests for client certs to - */ - ENGINE *client_cert_engine; -#endif - /* RFC 4507 session ticket keys */ unsigned char tlsext_tick_key_name[16]; unsigned char tlsext_tick_hmac_key[16]; diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index aa6b08eae..ae7532d1a 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.122 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.123 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -138,10 +138,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "ssl_local.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); @@ -1320,25 +1316,6 @@ int } LSSL_ALIAS(SSL_CTX_get_client_cert_cb); -#ifndef OPENSSL_NO_ENGINE -int -SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) -{ - if (!ENGINE_init(e)) { - SSLerrorx(ERR_R_ENGINE_LIB); - return 0; - } - if (!ENGINE_get_ssl_client_cert_function(e)) { - SSLerrorx(SSL_R_NO_CLIENT_CERT_METHOD); - ENGINE_finish(e); - return 0; - } - ctx->client_cert_engine = e; - return 1; -} -LSSL_ALIAS(SSL_CTX_set_client_cert_engine); -#endif - void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index a518e1ac9..a571549b6 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.156 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.157 2023/11/18 10:51:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2343,7 +2343,7 @@ ssl3_send_newsession_ticket(SSL *s) unsigned int hlen; EVP_CIPHER_CTX *ctx = NULL; HMAC_CTX *hctx = NULL; - int len; + int iv_len, len; /* * New Session Ticket - RFC 5077, section 3.3. @@ -2426,7 +2426,9 @@ ssl3_send_newsession_ticket(SSL *s) goto err; if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name))) goto err; - if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(ctx))) + if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0) + goto err; + if (!CBB_add_bytes(&ticket, iv, iv_len)) goto err; if (!CBB_add_bytes(&ticket, enc_session, enc_session_len)) goto err; diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 85d5eaa63..9680c8d21 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.197 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.198 2023/11/18 10:51:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -987,7 +987,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) HMAC_CTX *hctx = NULL; EVP_CIPHER_CTX *cctx = NULL; SSL_CTX *tctx = s->initial_ctx; - int slen, hlen; + int slen, hlen, iv_len; int alert_desc = SSL_AD_INTERNAL_ERROR; int ret = TLS1_TICKET_FATAL_ERROR; @@ -1027,12 +1027,13 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) s->tlsext_ticket_expected = 1; } + if ((iv_len = EVP_CIPHER_CTX_iv_length(cctx)) < 0) + goto err; /* * Now that the cipher context is initialised, we can extract * the IV since its length is known. */ - if (!CBS_get_bytes(ticket, &ticket_iv, - EVP_CIPHER_CTX_iv_length(cctx))) + if (!CBS_get_bytes(ticket, &ticket_iv, iv_len)) goto derr; } else { /* Check that the key name matches. */ @@ -1040,8 +1041,9 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) tctx->tlsext_tick_key_name, sizeof(tctx->tlsext_tick_key_name))) goto derr; - if (!CBS_get_bytes(ticket, &ticket_iv, - EVP_CIPHER_iv_length(EVP_aes_128_cbc()))) + if ((iv_len = EVP_CIPHER_iv_length(EVP_aes_128_cbc())) < 0) + goto err; + if (!CBS_get_bytes(ticket, &ticket_iv, iv_len)) goto derr; if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, CBS_data(&ticket_iv))) diff --git a/lib/libutil/imsg.c b/lib/libutil/imsg.c index 73a0cc27e..b6cc37ee1 100644 --- a/lib/libutil/imsg.c +++ b/lib/libutil/imsg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: imsg.c,v 1.19 2023/06/19 17:19:50 claudio Exp $ */ +/* $OpenBSD: imsg.c,v 1.22 2023/11/18 07:14:13 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -30,21 +30,21 @@ int imsg_fd_overhead = 0; -static int imsg_get_fd(struct imsgbuf *); +static int imsg_dequeue_fd(struct imsgbuf *); void -imsg_init(struct imsgbuf *ibuf, int fd) +imsg_init(struct imsgbuf *imsgbuf, int fd) { - msgbuf_init(&ibuf->w); - memset(&ibuf->r, 0, sizeof(ibuf->r)); - ibuf->fd = fd; - ibuf->w.fd = fd; - ibuf->pid = getpid(); - TAILQ_INIT(&ibuf->fds); + msgbuf_init(&imsgbuf->w); + memset(&imsgbuf->r, 0, sizeof(imsgbuf->r)); + imsgbuf->fd = fd; + imsgbuf->w.fd = fd; + imsgbuf->pid = getpid(); + TAILQ_INIT(&imsgbuf->fds); } ssize_t -imsg_read(struct imsgbuf *ibuf) +imsg_read(struct imsgbuf *imsgbuf) { struct msghdr msg; struct cmsghdr *cmsg; @@ -60,8 +60,8 @@ imsg_read(struct imsgbuf *ibuf) memset(&msg, 0, sizeof(msg)); memset(&cmsgbuf, 0, sizeof(cmsgbuf)); - iov.iov_base = ibuf->r.buf + ibuf->r.wpos; - iov.iov_len = sizeof(ibuf->r.buf) - ibuf->r.wpos; + iov.iov_base = imsgbuf->r.buf + imsgbuf->r.wpos; + iov.iov_len = sizeof(imsgbuf->r.buf) - imsgbuf->r.wpos; msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_control = &cmsgbuf.buf; @@ -79,13 +79,13 @@ again: return (-1); } - if ((n = recvmsg(ibuf->fd, &msg, 0)) == -1) { + if ((n = recvmsg(imsgbuf->fd, &msg, 0)) == -1) { if (errno == EINTR) goto again; goto fail; } - ibuf->r.wpos += n; + imsgbuf->r.wpos += n; for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; cmsg = CMSG_NXTHDR(&msg, cmsg)) { @@ -105,7 +105,7 @@ again: fd = ((int *)CMSG_DATA(cmsg))[i]; if (ifd != NULL) { ifd->fd = fd; - TAILQ_INSERT_TAIL(&ibuf->fds, ifd, + TAILQ_INSERT_TAIL(&imsgbuf->fds, ifd, entry); ifd = NULL; } else @@ -121,16 +121,16 @@ fail: } ssize_t -imsg_get(struct imsgbuf *ibuf, struct imsg *imsg) +imsg_get(struct imsgbuf *imsgbuf, struct imsg *imsg) { size_t av, left, datalen; - av = ibuf->r.wpos; + av = imsgbuf->r.wpos; if (IMSG_HEADER_SIZE > av) return (0); - memcpy(&imsg->hdr, ibuf->r.buf, sizeof(imsg->hdr)); + memcpy(&imsg->hdr, imsgbuf->r.buf, sizeof(imsg->hdr)); if (imsg->hdr.len < IMSG_HEADER_SIZE || imsg->hdr.len > MAX_IMSGSIZE) { errno = ERANGE; @@ -139,50 +139,50 @@ imsg_get(struct imsgbuf *ibuf, struct imsg *imsg) if (imsg->hdr.len > av) return (0); datalen = imsg->hdr.len - IMSG_HEADER_SIZE; - ibuf->r.rptr = ibuf->r.buf + IMSG_HEADER_SIZE; + imsgbuf->r.rptr = imsgbuf->r.buf + IMSG_HEADER_SIZE; if (datalen == 0) imsg->data = NULL; else if ((imsg->data = malloc(datalen)) == NULL) return (-1); if (imsg->hdr.flags & IMSGF_HASFD) - imsg->fd = imsg_get_fd(ibuf); + imsg->fd = imsg_dequeue_fd(imsgbuf); else imsg->fd = -1; if (datalen != 0) - memcpy(imsg->data, ibuf->r.rptr, datalen); + memcpy(imsg->data, imsgbuf->r.rptr, datalen); if (imsg->hdr.len < av) { left = av - imsg->hdr.len; - memmove(&ibuf->r.buf, ibuf->r.buf + imsg->hdr.len, left); - ibuf->r.wpos = left; + memmove(&imsgbuf->r.buf, imsgbuf->r.buf + imsg->hdr.len, left); + imsgbuf->r.wpos = left; } else - ibuf->r.wpos = 0; + imsgbuf->r.wpos = 0; return (datalen + IMSG_HEADER_SIZE); } int -imsg_compose(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid, pid_t pid, +imsg_compose(struct imsgbuf *imsgbuf, uint32_t type, uint32_t id, pid_t pid, int fd, const void *data, uint16_t datalen) { struct ibuf *wbuf; - if ((wbuf = imsg_create(ibuf, type, peerid, pid, datalen)) == NULL) + if ((wbuf = imsg_create(imsgbuf, type, id, pid, datalen)) == NULL) return (-1); if (imsg_add(wbuf, data, datalen) == -1) return (-1); ibuf_fd_set(wbuf, fd); - imsg_close(ibuf, wbuf); + imsg_close(imsgbuf, wbuf); return (1); } int -imsg_composev(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid, pid_t pid, +imsg_composev(struct imsgbuf *imsgbuf, uint32_t type, uint32_t id, pid_t pid, int fd, const struct iovec *iov, int iovcnt) { struct ibuf *wbuf; @@ -191,7 +191,7 @@ imsg_composev(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid, pid_t pid, for (i = 0; i < iovcnt; i++) datalen += iov[i].iov_len; - if ((wbuf = imsg_create(ibuf, type, peerid, pid, datalen)) == NULL) + if ((wbuf = imsg_create(imsgbuf, type, id, pid, datalen)) == NULL) return (-1); for (i = 0; i < iovcnt; i++) @@ -199,13 +199,13 @@ imsg_composev(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid, pid_t pid, return (-1); ibuf_fd_set(wbuf, fd); - imsg_close(ibuf, wbuf); + imsg_close(imsgbuf, wbuf); return (1); } int -imsg_compose_ibuf(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid, +imsg_compose_ibuf(struct imsgbuf *imsgbuf, uint32_t type, uint32_t id, pid_t pid, struct ibuf *buf) { struct ibuf *wbuf = NULL; @@ -220,17 +220,17 @@ imsg_compose_ibuf(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid, hdr.type = type; hdr.len = ibuf_size(buf) + IMSG_HEADER_SIZE; hdr.flags = 0; - hdr.peerid = peerid; + hdr.peerid = id; if ((hdr.pid = pid) == 0) - hdr.pid = ibuf->pid; + hdr.pid = imsgbuf->pid; if ((wbuf = ibuf_open(IMSG_HEADER_SIZE)) == NULL) goto fail; if (imsg_add(wbuf, &hdr, sizeof(hdr)) == -1) goto fail; - ibuf_close(&ibuf->w, wbuf); - ibuf_close(&ibuf->w, buf); + ibuf_close(&imsgbuf->w, wbuf); + ibuf_close(&imsgbuf->w, buf); return (1); fail: @@ -242,7 +242,7 @@ imsg_compose_ibuf(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid, } struct ibuf * -imsg_create(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid, pid_t pid, +imsg_create(struct imsgbuf *imsgbuf, uint32_t type, uint32_t id, pid_t pid, uint16_t datalen) { struct ibuf *wbuf; @@ -256,9 +256,9 @@ imsg_create(struct imsgbuf *ibuf, uint32_t type, uint32_t peerid, pid_t pid, hdr.type = type; hdr.flags = 0; - hdr.peerid = peerid; + hdr.peerid = id; if ((hdr.pid = pid) == 0) - hdr.pid = ibuf->pid; + hdr.pid = imsgbuf->pid; if ((wbuf = ibuf_dynamic(datalen, MAX_IMSGSIZE)) == NULL) { return (NULL); } @@ -280,7 +280,7 @@ imsg_add(struct ibuf *msg, const void *data, uint16_t datalen) } void -imsg_close(struct imsgbuf *ibuf, struct ibuf *msg) +imsg_close(struct imsgbuf *imsgbuf, struct ibuf *msg) { struct imsg_hdr *hdr; @@ -291,7 +291,7 @@ imsg_close(struct imsgbuf *ibuf, struct ibuf *msg) hdr->flags |= IMSGF_HASFD; hdr->len = ibuf_size(msg); - ibuf_close(&ibuf->w, msg); + ibuf_close(&imsgbuf->w, msg); } void @@ -301,36 +301,36 @@ imsg_free(struct imsg *imsg) } static int -imsg_get_fd(struct imsgbuf *ibuf) +imsg_dequeue_fd(struct imsgbuf *imsgbuf) { int fd; struct imsg_fd *ifd; - if ((ifd = TAILQ_FIRST(&ibuf->fds)) == NULL) + if ((ifd = TAILQ_FIRST(&imsgbuf->fds)) == NULL) return (-1); fd = ifd->fd; - TAILQ_REMOVE(&ibuf->fds, ifd, entry); + TAILQ_REMOVE(&imsgbuf->fds, ifd, entry); free(ifd); return (fd); } int -imsg_flush(struct imsgbuf *ibuf) +imsg_flush(struct imsgbuf *imsgbuf) { - while (ibuf->w.queued) - if (msgbuf_write(&ibuf->w) <= 0) + while (imsgbuf->w.queued) + if (msgbuf_write(&imsgbuf->w) <= 0) return (-1); return (0); } void -imsg_clear(struct imsgbuf *ibuf) +imsg_clear(struct imsgbuf *imsgbuf) { int fd; - msgbuf_clear(&ibuf->w); - while ((fd = imsg_get_fd(ibuf)) != -1) + msgbuf_clear(&imsgbuf->w); + while ((fd = imsg_dequeue_fd(imsgbuf)) != -1) close(fd); } diff --git a/lib/libz/ChangeLog b/lib/libz/ChangeLog index 58fa08a59..49de6135d 100644 --- a/lib/libz/ChangeLog +++ b/lib/libz/ChangeLog @@ -1,6 +1,9 @@ ChangeLog file for zlib +Changes in 1.3.0.1 (xx Aug 2023) +- + Changes in 1.3 (18 Aug 2023) - Remove K&R function definitions and zlib2ansi - Fix bug in deflateBound() for level 0 and memLevel 9 diff --git a/lib/libz/README b/lib/libz/README index e02fc5aa2..20f7064a5 100644 --- a/lib/libz/README +++ b/lib/libz/README @@ -1,6 +1,6 @@ ZLIB DATA COMPRESSION LIBRARY -zlib 1.3 is a general purpose data compression library. All the code is +zlib 1.3.0.1 is a general purpose data compression library. All the code is thread safe. The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and @@ -31,7 +31,7 @@ Mark Nelson wrote an article about zlib for the Jan. 1997 issue of Dr. Dobb's Journal; a copy of the article is available at https://marknelson.us/posts/1997/01/01/zlib-engine.html . -The changes made in version 1.3 are documented in the file ChangeLog. +The changes made in version 1.3.0.1 are documented in the file ChangeLog. Unsupported third party contributions are provided in directory contrib/ . diff --git a/lib/libz/deflate.c b/lib/libz/deflate.c index 0f8130a65..f878ebc99 100644 --- a/lib/libz/deflate.c +++ b/lib/libz/deflate.c @@ -489,7 +489,11 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method, * symbols from which it is being constructed. */ +#ifdef LIT_MEM + s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 5); +#else s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4); +#endif s->pending_buf_size = (ulg)s->lit_bufsize * 4; if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || @@ -499,8 +503,14 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method, deflateEnd (strm); return Z_MEM_ERROR; } +#ifdef LIT_MEM + s->d_buf = (ushf *)(s->pending_buf + (s->lit_bufsize << 1)); + s->l_buf = s->pending_buf + (s->lit_bufsize << 2); + s->sym_end = s->lit_bufsize - 1; +#else s->sym_buf = s->pending_buf + s->lit_bufsize; s->sym_end = (s->lit_bufsize - 1) * 3; +#endif /* We avoid equality with lit_bufsize*3 because of wraparound at 64K * on 16 bit machines and because stored blocks are restricted to * 64K-1 bytes. @@ -716,9 +726,15 @@ int ZEXPORT deflatePrime(z_streamp strm, int bits, int value) { if (deflateStateCheck(strm)) return Z_STREAM_ERROR; s = strm->state; +#ifdef LIT_MEM + if (bits < 0 || bits > 16 || + (uchf *)s->d_buf < s->pending_out + ((Buf_size + 7) >> 3)) + return Z_BUF_ERROR; +#else if (bits < 0 || bits > 16 || s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3)) return Z_BUF_ERROR; +#endif do { put = Buf_size - s->bi_valid; if (put > bits) @@ -1304,7 +1320,12 @@ int ZEXPORT deflateCopy(z_streamp dest, z_streamp source) { zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); +#ifdef LIT_MEM + ds->d_buf = (ushf *)(ds->pending_buf + (ds->lit_bufsize << 1)); + ds->l_buf = ds->pending_buf + (ds->lit_bufsize << 2); +#else ds->sym_buf = ds->pending_buf + ds->lit_bufsize; +#endif ds->l_desc.dyn_tree = ds->dyn_ltree; ds->d_desc.dyn_tree = ds->dyn_dtree; diff --git a/lib/libz/deflate.h b/lib/libz/deflate.h index fc66a6ffb..eb28c625a 100644 --- a/lib/libz/deflate.h +++ b/lib/libz/deflate.h @@ -21,6 +21,10 @@ # define GZIP #endif +/* define LIT_MEM to slightly increase the speed of deflate (order 1% to 2%) at + the cost of a larger memory footprint */ +/* #define LIT_MEM */ + /* =========================================================================== * Internal compression state. */ @@ -215,7 +219,12 @@ typedef struct internal_state { /* Depth of each subtree used as tie breaker for trees of equal frequency */ +#ifdef LIT_MEM + ushf *d_buf; /* buffer for distances */ + uchf *l_buf; /* buffer for literals/lengths */ +#else uchf *sym_buf; /* buffer for distances and literals/lengths */ +#endif uInt lit_bufsize; /* Size of match buffer for literals/lengths. There are 4 reasons for @@ -237,7 +246,7 @@ typedef struct internal_state { * - I can't count above 4 */ - uInt sym_next; /* running index in sym_buf */ + uInt sym_next; /* running index in symbol buffer */ uInt sym_end; /* symbol table full when sym_next reaches this */ ulg opt_len; /* bit length of current block with optimal trees */ @@ -316,6 +325,25 @@ void ZLIB_INTERNAL _tr_stored_block(deflate_state *s, charf *buf, extern const uch ZLIB_INTERNAL _dist_code[]; #endif +#ifdef LIT_MEM +# define _tr_tally_lit(s, c, flush) \ + { uch cc = (c); \ + s->d_buf[s->sym_next] = 0; \ + s->l_buf[s->sym_next++] = cc; \ + s->dyn_ltree[cc].Freq++; \ + flush = (s->sym_next == s->sym_end); \ + } +# define _tr_tally_dist(s, distance, length, flush) \ + { uch len = (uch)(length); \ + ush dist = (ush)(distance); \ + s->d_buf[s->sym_next] = dist; \ + s->l_buf[s->sym_next++] = len; \ + dist--; \ + s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ + s->dyn_dtree[d_code(dist)].Freq++; \ + flush = (s->sym_next == s->sym_end); \ + } +#else # define _tr_tally_lit(s, c, flush) \ { uch cc = (c); \ s->sym_buf[s->sym_next++] = 0; \ @@ -335,6 +363,7 @@ void ZLIB_INTERNAL _tr_stored_block(deflate_state *s, charf *buf, s->dyn_dtree[d_code(dist)].Freq++; \ flush = (s->sym_next == s->sym_end); \ } +#endif #else # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) # define _tr_tally_dist(s, distance, length, flush) \ diff --git a/lib/libz/inflate.c b/lib/libz/inflate.c index c73d8a27c..caac5d619 100644 --- a/lib/libz/inflate.c +++ b/lib/libz/inflate.c @@ -1473,7 +1473,7 @@ int ZEXPORT inflateSync(z_streamp strm) { /* if first time, start search in bit buffer */ if (state->mode != SYNC) { state->mode = SYNC; - state->hold <<= state->bits & 7; + state->hold >>= state->bits & 7; state->bits -= state->bits & 7; len = 0; while (state->bits >= 8) { diff --git a/lib/libz/inftrees.c b/lib/libz/inftrees.c index 9ff2067ee..719e20d52 100644 --- a/lib/libz/inftrees.c +++ b/lib/libz/inftrees.c @@ -55,7 +55,7 @@ int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; static const unsigned short lext[31] = { /* Length codes 257..285 extra */ 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 198, 203}; + 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 70, 200}; static const unsigned short dbase[32] = { /* Distance codes 0..29 base */ 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, diff --git a/lib/libz/inftrees.h b/lib/libz/inftrees.h index a10712d8c..396f74b5d 100644 --- a/lib/libz/inftrees.h +++ b/lib/libz/inftrees.h @@ -41,8 +41,8 @@ typedef struct { examples/enough.c found in the zlib distribution. The arguments to that program are the number of symbols, the initial root table size, and the maximum bit length of a code. "enough 286 9 15" for literal/length codes - returns returns 852, and "enough 30 6 15" for distance codes returns 592. - The initial root table size (9 or 6) is found in the fifth argument of the + returns 852, and "enough 30 6 15" for distance codes returns 592. The + initial root table size (9 or 6) is found in the fifth argument of the inflate_table() calls in inflate.c and infback.c. If the root table size is changed, then these maximum sizes would be need to be recalculated and updated. */ diff --git a/lib/libz/trees.c b/lib/libz/trees.c index 7d2ef3634..6bbbb21c3 100644 --- a/lib/libz/trees.c +++ b/lib/libz/trees.c @@ -897,14 +897,19 @@ local void compress_block(deflate_state *s, const ct_data *ltree, const ct_data *dtree) { unsigned dist; /* distance of matched string */ int lc; /* match length or unmatched char (if dist == 0) */ - unsigned sx = 0; /* running index in sym_buf */ + unsigned sx = 0; /* running index in symbol buffers */ unsigned code; /* the code to send */ int extra; /* number of extra bits to send */ if (s->sym_next != 0) do { +#ifdef LIT_MEM + dist = s->d_buf[sx]; + lc = s->l_buf[sx++]; +#else dist = s->sym_buf[sx++] & 0xff; dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8; lc = s->sym_buf[sx++]; +#endif if (dist == 0) { send_code(s, lc, ltree); /* send a literal byte */ Tracecv(isgraph(lc), (stderr," '%c' ", lc)); @@ -929,8 +934,12 @@ local void compress_block(deflate_state *s, const ct_data *ltree, } } /* literal or match pair ? */ - /* Check that the overlay between pending_buf and sym_buf is ok: */ + /* Check for no overlay of pending_buf on needed symbols */ +#ifdef LIT_MEM + Assert(s->pending < (s->lit_bufsize << 1) + sx, "pendingBuf overflow"); +#else Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); +#endif } while (sx < s->sym_next); @@ -1080,9 +1089,14 @@ void ZLIB_INTERNAL _tr_flush_block(deflate_state *s, charf *buf, * the current block must be flushed. */ int ZLIB_INTERNAL _tr_tally(deflate_state *s, unsigned dist, unsigned lc) { +#ifdef LIT_MEM + s->d_buf[s->sym_next] = (ush)dist; + s->l_buf[s->sym_next++] = (uch)lc; +#else s->sym_buf[s->sym_next++] = (uch)dist; s->sym_buf[s->sym_next++] = (uch)(dist >> 8); s->sym_buf[s->sym_next++] = (uch)lc; +#endif if (dist == 0) { /* lc is the unmatched char */ s->dyn_ltree[lc].Freq++; diff --git a/lib/libz/zlib.h b/lib/libz/zlib.h index 6b7244f99..b3e19fce8 100644 --- a/lib/libz/zlib.h +++ b/lib/libz/zlib.h @@ -1,5 +1,5 @@ /* zlib.h -- interface of the 'zlib' general purpose compression library - version 1.3, August 18th, 2023 + version 1.3.0.1, August xxth, 2023 Copyright (C) 1995-2023 Jean-loup Gailly and Mark Adler @@ -37,12 +37,12 @@ extern "C" { #endif -#define ZLIB_VERSION "1.3" -#define ZLIB_VERNUM 0x1300 +#define ZLIB_VERSION "1.3.0.1-motley" +#define ZLIB_VERNUM 0x1301 #define ZLIB_VER_MAJOR 1 #define ZLIB_VER_MINOR 3 #define ZLIB_VER_REVISION 0 -#define ZLIB_VER_SUBREVISION 0 +#define ZLIB_VER_SUBREVISION 1 /* The 'zlib' compression library provides in-memory compression and @@ -936,10 +936,10 @@ ZEXTERN int ZEXPORT inflateSync(z_streamp strm); inflateSync returns Z_OK if a possible full flush point has been found, Z_BUF_ERROR if no more input was provided, Z_DATA_ERROR if no flush point has been found, or Z_STREAM_ERROR if the stream structure was inconsistent. - In the success case, the application may save the current current value of - total_in which indicates where valid compressed data was found. In the - error case, the application may repeatedly call inflateSync, providing more - input each time, until success or end of the input data. + In the success case, the application may save the current value of total_in + which indicates where valid compressed data was found. In the error case, + the application may repeatedly call inflateSync, providing more input each + time, until success or end of the input data. */ ZEXTERN int ZEXPORT inflateCopy(z_streamp dest, diff --git a/libexec/ld.so/aarch64/archdep.h b/libexec/ld.so/aarch64/archdep.h index 8e6fa7d92..804114889 100644 --- a/libexec/ld.so/aarch64/archdep.h +++ b/libexec/ld.so/aarch64/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.8 2022/01/17 01:35:36 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.9 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -45,7 +45,7 @@ RELOC_DYN(Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE(r->r_info) == R_AARCH64_ABS64) { *p = v + s->st_value + r->r_addend; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/alpha/archdep.h b/libexec/ld.so/alpha/archdep.h index f952fea52..4590afc89 100644 --- a/libexec/ld.so/alpha/archdep.h +++ b/libexec/ld.so/alpha/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.25 2022/01/31 05:44:13 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.26 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -50,7 +50,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE(r->r_info) == RELOC_GLOB_DAT) { *p = v + s->st_value + r->r_addend; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/amd64/archdep.h b/libexec/ld.so/amd64/archdep.h index f717f9c7e..415056dea 100644 --- a/libexec/ld.so/amd64/archdep.h +++ b/libexec/ld.so/amd64/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.15 2022/01/17 01:35:36 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.16 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -45,7 +45,7 @@ RELOC_DYN(Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE(r->r_info) == R_X86_64_64) { *p = v + s->st_value + r->r_addend; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/arm/archdep.h b/libexec/ld.so/arm/archdep.h index c6adff41b..7d23f0a9b 100644 --- a/libexec/ld.so/arm/archdep.h +++ b/libexec/ld.so/arm/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.15 2022/01/17 01:35:36 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.16 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -45,7 +45,7 @@ RELOC_DYN(Elf_Rel *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE(r->r_info) == R_ARM_ABS32) { *p += v + s->st_value; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/hppa/archdep.h b/libexec/ld.so/hppa/archdep.h index 6aa05877c..52676803b 100644 --- a/libexec/ld.so/hppa/archdep.h +++ b/libexec/ld.so/hppa/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.18 2022/01/31 05:43:22 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.19 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 2004 Michael Shalayeff @@ -49,7 +49,7 @@ RELOC_JMPREL(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v, p[0] = v + s->st_value + r->r_addend; p[1] = pltgot; } else { - _dl_exit(5); + _csu_abort(); } } @@ -64,7 +64,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE(r->r_info) == RELOC_PLABEL32) { *p = v + s->st_value + r->r_addend; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/i386/archdep.h b/libexec/ld.so/i386/archdep.h index 65dcaab01..e5a9c772b 100644 --- a/libexec/ld.so/i386/archdep.h +++ b/libexec/ld.so/i386/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.23 2022/01/17 01:35:36 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.24 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -46,7 +46,7 @@ RELOC_DYN(const Elf_Rel *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE(r->r_info) == RELOC_32) { *p += v + s->st_value; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/m88k/archdep.h b/libexec/ld.so/m88k/archdep.h index fa1686211..c22bbd217 100644 --- a/libexec/ld.so/m88k/archdep.h +++ b/libexec/ld.so/m88k/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.10 2022/01/16 02:14:27 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.11 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -43,7 +43,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE(r->r_info) == RELOC_32) { *p = v + s->st_value + r->r_addend; } else if (ELF_R_TYPE(r->r_info) != RELOC_NONE) { - _dl_exit(ELF_R_TYPE(r->r_info) + 100); + _csu_abort(); } } diff --git a/libexec/ld.so/mips64/archdep.h b/libexec/ld.so/mips64/archdep.h index 386765ea4..957527b08 100644 --- a/libexec/ld.so/mips64/archdep.h +++ b/libexec/ld.so/mips64/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.17 2022/01/17 19:45:34 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.18 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998-2002 Opsycon AB, Sweden. @@ -45,7 +45,7 @@ do { \ else \ *adrp += val; \ } else if (ELF_R_TYPE(relp->r_info) != R_MIPS_NONE) { \ - _dl_exit(ELF_R_TYPE(relp->r_info)+100); \ + _csu_abort(); \ } \ } while (0) @@ -76,7 +76,7 @@ do { \ if (sp->st_shndx == SHN_UNDEF || \ sp->st_shndx == SHN_COMMON) { \ if (ELF_ST_BIND(sp->st_info) != STB_WEAK) \ - _dl_exit(7); \ + _csu_abort(); \ } else if (ELF_ST_TYPE(sp->st_info) == STT_FUNC) { \ *gotp += __loff; \ } else { \ diff --git a/libexec/ld.so/powerpc/archdep.h b/libexec/ld.so/powerpc/archdep.h index 678672bf0..5f26d7290 100644 --- a/libexec/ld.so/powerpc/archdep.h +++ b/libexec/ld.so/powerpc/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.25 2022/01/17 01:35:36 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.26 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -58,7 +58,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) if (((val & 0xfe000000) != 0) && ((val & 0xfe000000) != 0xfe000000)) { /* invalid offset */ - _dl_exit(20); + _csu_abort(); } val &= ~0xfc000000; val |= 0x48000000; @@ -67,7 +67,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE((r)->r_info) == RELOC_GLOB_DAT) { *p = v + s->st_value + r->r_addend; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/powerpc64/archdep.h b/libexec/ld.so/powerpc64/archdep.h index b27d9a74c..93cff9e49 100644 --- a/libexec/ld.so/powerpc64/archdep.h +++ b/libexec/ld.so/powerpc64/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.4 2022/01/16 02:16:40 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.5 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -59,7 +59,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) if (((val & 0xfe000000) != 0) && ((val & 0xfe000000) != 0xfe000000)) { /* invalid offset */ - _dl_exit(20); + _csu_abort(); } val &= ~0xfc000000; val |= 0x48000000; @@ -68,7 +68,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE((r)->r_info) == R_PPC64_GLOB_DAT) { *p = v + s->st_value + r->r_addend; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/powerpc64/ldasm.S b/libexec/ld.so/powerpc64/ldasm.S index abcea1644..f88031bc9 100644 --- a/libexec/ld.so/powerpc64/ldasm.S +++ b/libexec/ld.so/powerpc64/ldasm.S @@ -89,7 +89,7 @@ _dl_start: END(_dl_start) ENTRY(_dl_bind_start) - # r0 contains offset, do not overwrite + # r0 contains offset, do not overwrite # r2 ld.so toc is loaded on entry to this function. mflr %r12 std %r12,16(%r1) # save lr diff --git a/libexec/ld.so/riscv64/archdep.h b/libexec/ld.so/riscv64/archdep.h index 5e090c73a..8c85c83af 100644 --- a/libexec/ld.so/riscv64/archdep.h +++ b/libexec/ld.so/riscv64/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.4 2022/01/16 02:17:05 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.5 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 2021 Dale Rahn @@ -44,7 +44,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE(r->r_info) == R_RISCV_64) { *p = v + s->st_value + r->r_addend; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/sh/archdep.h b/libexec/ld.so/sh/archdep.h index d56c32bad..0a3c6c4f8 100644 --- a/libexec/ld.so/sh/archdep.h +++ b/libexec/ld.so/sh/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.14 2022/01/17 01:35:36 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.15 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -43,7 +43,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) } else if (ELF_R_TYPE(r->r_info) == R_SH_DIR32) { *p = s->st_value + v + r->r_addend; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/libexec/ld.so/sparc64/archdep.h b/libexec/ld.so/sparc64/archdep.h index 3a7b2d58d..e4c57b711 100644 --- a/libexec/ld.so/sparc64/archdep.h +++ b/libexec/ld.so/sparc64/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.28 2022/01/17 01:35:36 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.29 2023/11/18 16:26:17 deraadt Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -41,7 +41,7 @@ RELOC_DYN(const Elf_RelA *r, const Elf_Sym *s, Elf_Addr *p, unsigned long v) if (ELF_R_TYPE(r->r_info) == RELOC_RELATIVE) { *p = v + r->r_addend; } else { - _dl_exit(6); + _csu_abort(); } } diff --git a/regress/lib/libcrypto/dsa/dsatest.c b/regress/lib/libcrypto/dsa/dsatest.c index 62343455f..10ebc3a9f 100644 --- a/regress/lib/libcrypto/dsa/dsatest.c +++ b/regress/lib/libcrypto/dsa/dsatest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsatest.c,v 1.9 2023/08/20 22:22:55 tb Exp $ */ +/* $OpenBSD: dsatest.c,v 1.10 2023/11/19 13:11:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -137,12 +137,10 @@ main(int argc, char **argv) if ((dsa = DSA_new()) == NULL) goto end; -#ifdef OPENSSL_NO_ENGINE if (DSA_get0_engine(dsa) != NULL) { BIO_printf(bio_err, "ENGINE was not NULL\n"); goto end; } -#endif if (!DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, cb)) goto end; diff --git a/regress/lib/libcrypto/ec/ectest.c b/regress/lib/libcrypto/ec/ectest.c index f0b1028f4..b32b007b3 100644 --- a/regress/lib/libcrypto/ec/ectest.c +++ b/regress/lib/libcrypto/ec/ectest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ectest.c,v 1.21 2023/07/26 22:46:06 tb Exp $ */ +/* $OpenBSD: ectest.c,v 1.22 2023/11/19 13:11:05 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -75,9 +75,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include #include @@ -769,9 +766,6 @@ main(int argc, char *argv[]) /* test the internal curves */ internal_curve_test(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_thread_state(NULL); diff --git a/regress/lib/libcrypto/ecdsa/ecdsatest.c b/regress/lib/libcrypto/ecdsa/ecdsatest.c index b0b9bd006..ef724c74b 100644 --- a/regress/lib/libcrypto/ecdsa/ecdsatest.c +++ b/regress/lib/libcrypto/ecdsa/ecdsatest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsatest.c,v 1.17 2023/05/04 13:50:14 tb Exp $ */ +/* $OpenBSD: ecdsatest.c,v 1.18 2023/11/19 13:11:06 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -78,9 +78,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include int test_builtin(void); diff --git a/regress/lib/libcrypto/evp/evptest.c b/regress/lib/libcrypto/evp/evptest.c index 6f677dd95..0b9436a83 100644 --- a/regress/lib/libcrypto/evp/evptest.c +++ b/regress/lib/libcrypto/evp/evptest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evptest.c,v 1.12 2023/03/02 20:24:51 tb Exp $ */ +/* $OpenBSD: evptest.c,v 1.13 2023/11/19 13:11:06 tb Exp $ */ /* Written by Ben Laurie, 2001 */ /* * Copyright (c) 2001 The OpenSSL Project. All rights reserved. @@ -53,9 +53,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include @@ -350,23 +347,6 @@ main(int argc, char **argv) /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -#ifndef OPENSSL_NO_ENGINE - /* Load all compiled-in ENGINEs */ - ENGINE_load_builtin_engines(); -#endif -#if 0 - OPENSSL_config(); -#endif -#ifndef OPENSSL_NO_ENGINE - /* Register all available ENGINE implementations of ciphers and digests. - * This could perhaps be changed to "ENGINE_register_all_complete()"? */ - ENGINE_register_all_ciphers(); - ENGINE_register_all_digests(); - /* If we add command-line options, this statement should be switchable. - * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if - * they weren't already initialised. */ - /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ -#endif for (;;) { char line[8 * 1024]; @@ -457,9 +437,6 @@ main(int argc, char **argv) } fclose(f); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); diff --git a/regress/lib/libcrypto/free/freenull.awk b/regress/lib/libcrypto/free/freenull.awk index 618034cc7..3a10d99eb 100644 --- a/regress/lib/libcrypto/free/freenull.awk +++ b/regress/lib/libcrypto/free/freenull.awk @@ -1,4 +1,4 @@ -# $OpenBSD: freenull.awk,v 1.3 2023/07/28 18:29:26 tb Exp $ +# $OpenBSD: freenull.awk,v 1.4 2023/11/19 13:11:06 tb Exp $ # Copyright (c) 2018 Theo Buehler # # Permission to use, copy, modify, and distribute this software for any @@ -42,13 +42,6 @@ next } -/^ENGINE_free$/ { - printf("#ifndef OPENSSL_NO_ENGINE\n") - printf("\tENGINE_free(NULL);\n") - printf("#endif\n") - next -} - /_free$/ { printf("\t%s(NULL);\n", $0) } diff --git a/regress/lib/libcrypto/free/freenull.c.head b/regress/lib/libcrypto/free/freenull.c.head index dc1a7da52..43b87598e 100644 --- a/regress/lib/libcrypto/free/freenull.c.head +++ b/regress/lib/libcrypto/free/freenull.c.head @@ -1,4 +1,4 @@ -/* $OpenBSD: freenull.c.head,v 1.6 2023/07/28 17:13:56 tb Exp $ */ +/* $OpenBSD: freenull.c.head,v 1.7 2023/11/19 13:11:06 tb Exp $ */ #include #include @@ -6,9 +6,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include #include diff --git a/regress/lib/libcrypto/gost/gost2814789t.c b/regress/lib/libcrypto/gost/gost2814789t.c index 5e439a7e3..f4914997c 100644 --- a/regress/lib/libcrypto/gost/gost2814789t.c +++ b/regress/lib/libcrypto/gost/gost2814789t.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gost2814789t.c,v 1.9 2023/06/19 18:51:47 tb Exp $ */ +/* $OpenBSD: gost2814789t.c,v 1.10 2023/11/19 13:11:06 tb Exp $ */ /* vim: set fileencoding=ascii : Charset: ASCII */ /* test/gostr2814789t.c */ /* ==================================================================== @@ -24,9 +24,6 @@ int main(int argc, char *argv[]) #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include #include @@ -1289,9 +1286,6 @@ int main(int argc, char *argv[]) } ERR_load_crypto_strings(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_load_builtin_engines(); -#endif OPENSSL_load_builtin_modules(); OpenSSL_add_all_algorithms(); diff --git a/regress/lib/libcrypto/pbkdf2/pbkdf2.c b/regress/lib/libcrypto/pbkdf2/pbkdf2.c index 9cbc03182..33b683f0a 100644 --- a/regress/lib/libcrypto/pbkdf2/pbkdf2.c +++ b/regress/lib/libcrypto/pbkdf2/pbkdf2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pbkdf2.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */ +/* $OpenBSD: pbkdf2.c,v 1.3 2023/11/19 13:11:06 tb Exp $ */ /* Written by Christian Heimes, 2013 */ /* * Copyright (c) 2013 The OpenSSL Project. All rights reserved. @@ -56,9 +56,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include @@ -192,10 +189,6 @@ main(int argc,char **argv) const testdata *test = test_cases; OpenSSL_add_all_digests(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_load_builtin_engines(); - ENGINE_register_all_digests(); -#endif for (n = 0; test->pass != NULL; n++, test++) { test_p5_pbkdf2(n, "sha1", test, sha1_results[n]); @@ -203,9 +196,6 @@ main(int argc,char **argv) test_p5_pbkdf2(n, "sha512", test, sha512_results[n]); } -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c index f95ea44a9..23d7d48f3 100644 --- a/regress/lib/libssl/ssl/ssltest.c +++ b/regress/lib/libssl/ssl/ssltest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssltest.c,v 1.43 2023/08/15 11:20:57 tb Exp $ */ +/* $OpenBSD: ssltest.c,v 1.44 2023/11/19 13:12:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -167,9 +167,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include #include @@ -762,9 +759,6 @@ end: SSL_CTX_free(c_ctx); BIO_free(bio_stdout); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_thread_state(NULL); diff --git a/regress/lib/libz/example.c b/regress/lib/libz/example.c index eb36c8f9a..61b39aedc 100644 --- a/regress/lib/libz/example.c +++ b/regress/lib/libz/example.c @@ -3,7 +3,7 @@ * For conditions of distribution and use, see copyright notice in zlib.h */ -/* @(#) $Id: example.c,v 1.2 2022/05/08 14:11:12 tb Exp $ */ +/* @(#) $Id: example.c,v 1.3 2023/11/18 22:40:14 tb Exp $ */ #include "zlib.h" #include @@ -34,37 +34,14 @@ static z_const char hello[] = "hello, hello!"; static const char dictionary[] = "hello"; static uLong dictId; /* Adler32 value of the dictionary */ -void test_deflate OF((Byte *compr, uLong comprLen)); -void test_inflate OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_large_deflate OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_large_inflate OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_flush OF((Byte *compr, uLong *comprLen)); -void test_sync OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_dict_deflate OF((Byte *compr, uLong comprLen)); -void test_dict_inflate OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -int main OF((int argc, char *argv[])); - - #ifdef Z_SOLO -void *myalloc OF((void *, unsigned, unsigned)); -void myfree OF((void *, void *)); - -void *myalloc(q, n, m) - void *q; - unsigned n, m; -{ +static void *myalloc(void *q, unsigned n, unsigned m) { (void)q; return calloc(n, m); } -void myfree(void *q, void *p) -{ +static void myfree(void *q, void *p) { (void)q; free(p); } @@ -77,18 +54,11 @@ static free_func zfree = myfree; static alloc_func zalloc = (alloc_func)0; static free_func zfree = (free_func)0; -void test_compress OF((Byte *compr, uLong comprLen, - Byte *uncompr, uLong uncomprLen)); -void test_gzio OF((const char *fname, - Byte *uncompr, uLong uncomprLen)); - /* =========================================================================== * Test compress() and uncompress() */ -void test_compress(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ +static void test_compress(Byte *compr, uLong comprLen, Byte *uncompr, + uLong uncomprLen) { int err; uLong len = (uLong)strlen(hello)+1; @@ -111,11 +81,7 @@ void test_compress(compr, comprLen, uncompr, uncomprLen) /* =========================================================================== * Test read/write of .gz files */ -void test_gzio(fname, uncompr, uncomprLen) - const char *fname; /* compressed file name */ - Byte *uncompr; - uLong uncomprLen; -{ +static void test_gzio(const char *fname, Byte *uncompr, uLong uncomprLen) { #ifdef NO_GZCOMPRESS fprintf(stderr, "NO_GZCOMPRESS -- gz* functions cannot compress\n"); #else @@ -197,10 +163,7 @@ void test_gzio(fname, uncompr, uncomprLen) /* =========================================================================== * Test deflate() with small buffers */ -void test_deflate(compr, comprLen) - Byte *compr; - uLong comprLen; -{ +static void test_deflate(Byte *compr, uLong comprLen) { z_stream c_stream; /* compression stream */ int err; uLong len = (uLong)strlen(hello)+1; @@ -235,10 +198,8 @@ void test_deflate(compr, comprLen) /* =========================================================================== * Test inflate() with small buffers */ -void test_inflate(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ +static void test_inflate(Byte *compr, uLong comprLen, Byte *uncompr, + uLong uncomprLen) { int err; z_stream d_stream; /* decompression stream */ @@ -276,10 +237,8 @@ void test_inflate(compr, comprLen, uncompr, uncomprLen) /* =========================================================================== * Test deflate() with large buffers and dynamic change of compression level */ -void test_large_deflate(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ +static void test_large_deflate(Byte *compr, uLong comprLen, Byte *uncompr, + uLong uncomprLen) { z_stream c_stream; /* compression stream */ int err; @@ -308,7 +267,7 @@ void test_large_deflate(compr, comprLen, uncompr, uncomprLen) /* Feed in already compressed data and switch to no compression: */ deflateParams(&c_stream, Z_NO_COMPRESSION, Z_DEFAULT_STRATEGY); c_stream.next_in = compr; - c_stream.avail_in = (uInt)comprLen/2; + c_stream.avail_in = (uInt)uncomprLen/2; err = deflate(&c_stream, Z_NO_FLUSH); CHECK_ERR(err, "deflate"); @@ -331,10 +290,8 @@ void test_large_deflate(compr, comprLen, uncompr, uncomprLen) /* =========================================================================== * Test inflate() with large buffers */ -void test_large_inflate(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ +static void test_large_inflate(Byte *compr, uLong comprLen, Byte *uncompr, + uLong uncomprLen) { int err; z_stream d_stream; /* decompression stream */ @@ -361,7 +318,7 @@ void test_large_inflate(compr, comprLen, uncompr, uncomprLen) err = inflateEnd(&d_stream); CHECK_ERR(err, "inflateEnd"); - if (d_stream.total_out != 2*uncomprLen + comprLen/2) { + if (d_stream.total_out != 2*uncomprLen + uncomprLen/2) { fprintf(stderr, "bad large inflate: %ld\n", d_stream.total_out); exit(1); } else { @@ -372,10 +329,7 @@ void test_large_inflate(compr, comprLen, uncompr, uncomprLen) /* =========================================================================== * Test deflate() with full flush */ -void test_flush(compr, comprLen) - Byte *compr; - uLong *comprLen; -{ +static void test_flush(Byte *compr, uLong *comprLen) { z_stream c_stream; /* compression stream */ int err; uInt len = (uInt)strlen(hello)+1; @@ -410,10 +364,8 @@ void test_flush(compr, comprLen) /* =========================================================================== * Test inflateSync() */ -void test_sync(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ +static void test_sync(Byte *compr, uLong comprLen, Byte *uncompr, + uLong uncomprLen) { int err; z_stream d_stream; /* decompression stream */ @@ -453,10 +405,7 @@ void test_sync(compr, comprLen, uncompr, uncomprLen) /* =========================================================================== * Test deflate() with preset dictionary */ -void test_dict_deflate(compr, comprLen) - Byte *compr; - uLong comprLen; -{ +static void test_dict_deflate(Byte *compr, uLong comprLen) { z_stream c_stream; /* compression stream */ int err; @@ -490,10 +439,8 @@ void test_dict_deflate(compr, comprLen) /* =========================================================================== * Test inflate() with a preset dictionary */ -void test_dict_inflate(compr, comprLen, uncompr, uncomprLen) - Byte *compr, *uncompr; - uLong comprLen, uncomprLen; -{ +static void test_dict_inflate(Byte *compr, uLong comprLen, Byte *uncompr, + uLong uncomprLen) { int err; z_stream d_stream; /* decompression stream */ @@ -541,13 +488,10 @@ void test_dict_inflate(compr, comprLen, uncompr, uncomprLen) * Usage: example [output.gz [input.gz]] */ -int main(argc, argv) - int argc; - char *argv[]; -{ +int main(int argc, char *argv[]) { Byte *compr, *uncompr; - uLong comprLen = 10000*sizeof(int); /* don't overflow on MSDOS */ - uLong uncomprLen = comprLen; + uLong uncomprLen = 20000; + uLong comprLen = 3 * uncomprLen; static const char* myVersion = ZLIB_VERSION; if (zlibVersion()[0] != myVersion[0]) { @@ -555,7 +499,8 @@ int main(argc, argv) exit(1); } else if (strcmp(zlibVersion(), ZLIB_VERSION) != 0) { - fprintf(stderr, "warning: different zlib version\n"); + fprintf(stderr, "warning: different zlib version linked: %s\n", + zlibVersion()); } printf("zlib version %s = 0x%04x, compile flags = 0x%lx\n", @@ -589,7 +534,7 @@ int main(argc, argv) test_flush(compr, &comprLen); test_sync(compr, comprLen, uncompr, uncomprLen); - comprLen = uncomprLen; + comprLen = 3 * uncomprLen; test_dict_deflate(compr, comprLen); test_dict_inflate(compr, comprLen, uncompr, uncomprLen); diff --git a/regress/lib/libz/minigzip.c b/regress/lib/libz/minigzip.c index 5a6c292ea..a1fd037d0 100644 --- a/regress/lib/libz/minigzip.c +++ b/regress/lib/libz/minigzip.c @@ -13,7 +13,7 @@ * or in pipe mode. */ -/* @(#) $Id: minigzip.c,v 1.1.1.1 2022/03/24 19:41:06 bluhm Exp $ */ +/* @(#) $Id: minigzip.c,v 1.2 2023/11/18 22:40:14 tb Exp $ */ #include "zlib.h" #include @@ -59,7 +59,7 @@ #if !defined(Z_HAVE_UNISTD_H) && !defined(_LARGEFILE64_SOURCE) #ifndef WIN32 /* unlink already in stdio.h for WIN32 */ - extern int unlink OF((const char *)); + extern int unlink(const char *); #endif #endif @@ -149,20 +149,12 @@ static void pwinerror (s) # include /* for unlink() */ #endif -void *myalloc OF((void *, unsigned, unsigned)); -void myfree OF((void *, void *)); - -void *myalloc(q, n, m) - void *q; - unsigned n, m; -{ +static void *myalloc(void *q, unsigned n, unsigned m) { (void)q; return calloc(n, m); } -void myfree(q, p) - void *q, *p; -{ +static void myfree(void *q, void *p) { (void)q; free(p); } @@ -175,29 +167,7 @@ typedef struct gzFile_s { z_stream strm; } *gzFile; -gzFile gzopen OF((const char *, const char *)); -gzFile gzdopen OF((int, const char *)); -gzFile gz_open OF((const char *, int, const char *)); - -gzFile gzopen(path, mode) -const char *path; -const char *mode; -{ - return gz_open(path, -1, mode); -} - -gzFile gzdopen(fd, mode) -int fd; -const char *mode; -{ - return gz_open(NULL, fd, mode); -} - -gzFile gz_open(path, fd, mode) - const char *path; - int fd; - const char *mode; -{ +static gzFile gz_open(const char *path, int fd, const char *mode) { gzFile gz; int ret; @@ -231,13 +201,15 @@ gzFile gz_open(path, fd, mode) return gz; } -int gzwrite OF((gzFile, const void *, unsigned)); +static gzFile gzopen(const char *path, const char *mode) { + return gz_open(path, -1, mode); +} -int gzwrite(gz, buf, len) - gzFile gz; - const void *buf; - unsigned len; -{ +static gzFile gzdopen(int fd, const char *mode) { + return gz_open(NULL, fd, mode); +} + +static int gzwrite(gzFile gz, const void *buf, unsigned len) { z_stream *strm; unsigned char out[BUFLEN]; @@ -255,13 +227,7 @@ int gzwrite(gz, buf, len) return len; } -int gzread OF((gzFile, void *, unsigned)); - -int gzread(gz, buf, len) - gzFile gz; - void *buf; - unsigned len; -{ +static int gzread(gzFile gz, void *buf, unsigned len) { int ret; unsigned got; unsigned char in[1]; @@ -292,11 +258,7 @@ int gzread(gz, buf, len) return len - strm->avail_out; } -int gzclose OF((gzFile)); - -int gzclose(gz) - gzFile gz; -{ +static int gzclose(gzFile gz) { z_stream *strm; unsigned char out[BUFLEN]; @@ -321,12 +283,7 @@ int gzclose(gz) return Z_OK; } -const char *gzerror OF((gzFile, int *)); - -const char *gzerror(gz, err) - gzFile gz; - int *err; -{ +static const char *gzerror(gzFile gz, int *err) { *err = gz->err; return gz->msg; } @@ -335,67 +292,20 @@ const char *gzerror(gz, err) static char *prog; -void error OF((const char *msg)); -void gz_compress OF((FILE *in, gzFile out)); -#ifdef USE_MMAP -int gz_compress_mmap OF((FILE *in, gzFile out)); -#endif -void gz_uncompress OF((gzFile in, FILE *out)); -void file_compress OF((char *file, char *mode)); -void file_uncompress OF((char *file)); -int main OF((int argc, char *argv[])); - /* =========================================================================== * Display error message and exit */ -void error(msg) - const char *msg; -{ +static void error(const char *msg) { fprintf(stderr, "%s: %s\n", prog, msg); exit(1); } -/* =========================================================================== - * Compress input to output then close both files. - */ - -void gz_compress(in, out) - FILE *in; - gzFile out; -{ - local char buf[BUFLEN]; - int len; - int err; - -#ifdef USE_MMAP - /* Try first compressing with mmap. If mmap fails (minigzip used in a - * pipe), use the normal fread loop. - */ - if (gz_compress_mmap(in, out) == Z_OK) return; -#endif - for (;;) { - len = (int)fread(buf, 1, sizeof(buf), in); - if (ferror(in)) { - perror("fread"); - exit(1); - } - if (len == 0) break; - - if (gzwrite(out, buf, (unsigned)len) != len) error(gzerror(out, &err)); - } - fclose(in); - if (gzclose(out) != Z_OK) error("failed gzclose"); -} - #ifdef USE_MMAP /* MMAP version, Miguel Albrecht */ /* Try compressing the input file at once using mmap. Return Z_OK if * if success, Z_ERRNO otherwise. */ -int gz_compress_mmap(in, out) - FILE *in; - gzFile out; -{ +static int gz_compress_mmap(FILE *in, gzFile out) { int len; int err; int ifd = fileno(in); @@ -424,13 +334,39 @@ int gz_compress_mmap(in, out) } #endif /* USE_MMAP */ +/* =========================================================================== + * Compress input to output then close both files. + */ + +static void gz_compress(FILE *in, gzFile out) { + local char buf[BUFLEN]; + int len; + int err; + +#ifdef USE_MMAP + /* Try first compressing with mmap. If mmap fails (minigzip used in a + * pipe), use the normal fread loop. + */ + if (gz_compress_mmap(in, out) == Z_OK) return; +#endif + for (;;) { + len = (int)fread(buf, 1, sizeof(buf), in); + if (ferror(in)) { + perror("fread"); + exit(1); + } + if (len == 0) break; + + if (gzwrite(out, buf, (unsigned)len) != len) error(gzerror(out, &err)); + } + fclose(in); + if (gzclose(out) != Z_OK) error("failed gzclose"); +} + /* =========================================================================== * Uncompress input to output then close both files. */ -void gz_uncompress(in, out) - gzFile in; - FILE *out; -{ +static void gz_uncompress(gzFile in, FILE *out) { local char buf[BUFLEN]; int len; int err; @@ -454,10 +390,7 @@ void gz_uncompress(in, out) * Compress the given file: create a corresponding .gz file and remove the * original. */ -void file_compress(file, mode) - char *file; - char *mode; -{ +static void file_compress(char *file, char *mode) { local char outfile[MAX_NAME_LEN]; FILE *in; gzFile out; @@ -493,14 +426,12 @@ void file_compress(file, mode) /* =========================================================================== * Uncompress the given file and remove the original. */ -void file_uncompress(file) - char *file; -{ +static void file_uncompress(char *file) { local char buf[MAX_NAME_LEN]; char *infile, *outfile; FILE *out; gzFile in; - unsigned len = strlen(file); + z_size_t len = strlen(file); if (len + strlen(GZ_SUFFIX) >= sizeof(buf)) { fprintf(stderr, "%s: filename too long\n", prog); @@ -553,10 +484,7 @@ void file_uncompress(file) * -1 to -9 : compression level */ -int main(argc, argv) - int argc; - char *argv[]; -{ +int main(int argc, char *argv[]) { int copyout = 0; int uncompr = 0; gzFile file; diff --git a/regress/usr.bin/grep/Makefile b/regress/usr.bin/grep/Makefile index edb5a5248..8b227fff7 100644 --- a/regress/usr.bin/grep/Makefile +++ b/regress/usr.bin/grep/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.18 2021/12/29 19:31:01 sdk Exp $ +# $OpenBSD: Makefile,v 1.19 2023/11/15 00:52:42 millert Exp $ REGRESS_TARGETS=t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15 t16 t17 \ - t18 t19 t20 t21 t22 t23 t24 t25 t26 t27 + t18 t19 t20 t21 t22 t23 t24 t25 t26 t27 t28 t1: grep t.s ${.CURDIR}/in | diff - ${.CURDIR}/t1.out @@ -107,8 +107,27 @@ t27: grep -B1 'C' ${.CURDIR}/t27.in | diff - ${.CURDIR}/t27b.out grep -C1 'C' ${.CURDIR}/t27.in | diff - ${.CURDIR}/t27c.out +t28: + grep -m 0 -o x.y ${.CURDIR}/t28.in | diff - /dev/null + grep -m 1 -o x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_1.out + grep -m 2 -o x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_2.out + grep -m 3 -o x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_3.out + grep -m 4 -o x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_4.out + grep -m 5 -o x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_4.out + grep -m 6 -o x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_4.out + grep -m 7 -o x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_4.out + grep -m 8 -o x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_4.out + grep -m 0 x.y ${.CURDIR}/t28.in | diff - /dev/null + grep -m 1 x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_5.out + grep -m 2 x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_6.out + grep -m 3 x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_7.out + grep -m 4 x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_8.out + grep -m 5 x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_8.out + grep -m 6 x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_8.out + grep -m 7 x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_8.out + grep -m 8 x.y ${.CURDIR}/t28.in | diff - ${.CURDIR}/t28_8.out .PHONY: t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15 t16 t17 t18 t19 t20 -.PHONY: t21 t22 t23 t24 t25 t26 t27 +.PHONY: t21 t22 t23 t24 t25 t26 t27 t28 .include diff --git a/regress/usr.bin/grep/t28.in b/regress/usr.bin/grep/t28.in new file mode 100644 index 000000000..1a5a99153 --- /dev/null +++ b/regress/usr.bin/grep/t28.in @@ -0,0 +1,7 @@ +regression test pattern should match nothing on this line +x1y x2y x3y x4y - four matches here +match nothing on this line +x5y x6y x7y - three here +x8y x9y - two here +x0y - one here +none here diff --git a/regress/usr.bin/grep/t28_1.out b/regress/usr.bin/grep/t28_1.out new file mode 100644 index 000000000..6b74f114d --- /dev/null +++ b/regress/usr.bin/grep/t28_1.out @@ -0,0 +1,4 @@ +x1y +x2y +x3y +x4y diff --git a/regress/usr.bin/grep/t28_2.out b/regress/usr.bin/grep/t28_2.out new file mode 100644 index 000000000..f8bffdbed --- /dev/null +++ b/regress/usr.bin/grep/t28_2.out @@ -0,0 +1,7 @@ +x1y +x2y +x3y +x4y +x5y +x6y +x7y diff --git a/regress/usr.bin/grep/t28_3.out b/regress/usr.bin/grep/t28_3.out new file mode 100644 index 000000000..be40712c7 --- /dev/null +++ b/regress/usr.bin/grep/t28_3.out @@ -0,0 +1,9 @@ +x1y +x2y +x3y +x4y +x5y +x6y +x7y +x8y +x9y diff --git a/regress/usr.bin/grep/t28_4.out b/regress/usr.bin/grep/t28_4.out new file mode 100644 index 000000000..05ec5056b --- /dev/null +++ b/regress/usr.bin/grep/t28_4.out @@ -0,0 +1,10 @@ +x1y +x2y +x3y +x4y +x5y +x6y +x7y +x8y +x9y +x0y diff --git a/regress/usr.bin/grep/t28_5.out b/regress/usr.bin/grep/t28_5.out new file mode 100644 index 000000000..9c5ea7899 --- /dev/null +++ b/regress/usr.bin/grep/t28_5.out @@ -0,0 +1 @@ +x1y x2y x3y x4y - four matches here diff --git a/regress/usr.bin/grep/t28_6.out b/regress/usr.bin/grep/t28_6.out new file mode 100644 index 000000000..9f1a09b75 --- /dev/null +++ b/regress/usr.bin/grep/t28_6.out @@ -0,0 +1,2 @@ +x1y x2y x3y x4y - four matches here +x5y x6y x7y - three here diff --git a/regress/usr.bin/grep/t28_7.out b/regress/usr.bin/grep/t28_7.out new file mode 100644 index 000000000..d884d5a23 --- /dev/null +++ b/regress/usr.bin/grep/t28_7.out @@ -0,0 +1,3 @@ +x1y x2y x3y x4y - four matches here +x5y x6y x7y - three here +x8y x9y - two here diff --git a/regress/usr.bin/grep/t28_8.out b/regress/usr.bin/grep/t28_8.out new file mode 100644 index 000000000..6907e0458 --- /dev/null +++ b/regress/usr.bin/grep/t28_8.out @@ -0,0 +1,4 @@ +x1y x2y x3y x4y - four matches here +x5y x6y x7y - three here +x8y x9y - two here +x0y - one here diff --git a/regress/usr.sbin/snmpd/Makefile b/regress/usr.sbin/snmpd/Makefile index 21b8b4403..9f3403736 100644 --- a/regress/usr.sbin/snmpd/Makefile +++ b/regress/usr.sbin/snmpd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.10 2023/11/13 10:16:51 martijn Exp $ +# $OpenBSD: Makefile,v 1.11 2023/11/16 13:26:45 martijn Exp $ # Regress tests for snmpd PROG = snmpd_regress @@ -180,6 +180,9 @@ BACKEND_TARGETS+= backend_getbulk_nonrep_one_maxrep_one BACKEND_TARGETS+= backend_getbulk_nonrep_one_maxrep_two BACKEND_TARGETS+= backend_getbulk_nonrep_two_maxrep_two BACKEND_TARGETS+= backend_getbulk_nonrep_negative +BACKEND_TARGETS+= backend_getbulk_endofmibview +BACKEND_TARGETS+= backend_getbulk_endofmibview_second_rep +BACKEND_TARGETS+= backend_getbulk_endofmibview_two_varbinds BACKEND_TARGETS+= backend_error_get_toobig BACKEND_TARGETS+= backend_error_get_nosuchname BACKEND_TARGETS+= backend_error_get_badvalue diff --git a/regress/usr.sbin/snmpd/backend.c b/regress/usr.sbin/snmpd/backend.c index 830ad445b..86af8de4b 100644 --- a/regress/usr.sbin/snmpd/backend.c +++ b/regress/usr.sbin/snmpd/backend.c @@ -3173,6 +3173,172 @@ backend_getbulk_nonrep_negative(void) snmp_timeout(snmp_s, 1); } +/* Assume that everything is registered under 1.3.* */ +void +backend_getbulk_endofmibview(void) +{ + struct sockaddr_storage ss; + struct sockaddr *sa = (struct sockaddr *)&ss; + socklen_t salen; + int snmp_s, ax_s; + uint32_t sessionid; + struct varbind varbind = { + .type = TYPE_NULL, + .name = OID_STRUCT(2, 0), + }; + struct searchrange searchrange = { + .start = OID_STRUCT(2, 0), + .end = OID_STRUCT(2, 1) + }; + int32_t requestid; + char buf[1024]; + size_t n; + + ax_s = agentx_connect(axsocket); + sessionid = agentx_open(ax_s, 0, 0, + OID_ARG(MIB_SUBAGENT_BACKEND_GETBULK, 7), __func__); + agentx_register(ax_s, sessionid, 0, 0, 127, 0, + OID_ARG(2, 0), 0); + + salen = snmp_resolve(SOCK_DGRAM, hostname, servname, sa); + snmp_s = snmp_connect(SOCK_DGRAM, sa, salen); + requestid = snmpv2_getbulk(snmp_s, community, 0, 0, 2, &varbind, 1); + + varbind.name.subid[varbind.name.n_subid++] = 0; + varbind.type = TYPE_ENDOFMIBVIEW; + n = agentx_read(ax_s, buf, sizeof(buf), 1000); + agentx_getnext_handle(__func__, buf, n, 0, sessionid, &searchrange, + &varbind, 1); + varbind.name.n_subid--; + + agentx_response(ax_s, buf, NOERROR, 0, &varbind, 1); + + snmpv2_response_validate(snmp_s, 1000, community, requestid, NOERROR, 0, + &varbind, 1); +} + +void +backend_getbulk_endofmibview_second_rep(void) +{ + struct sockaddr_storage ss; + struct sockaddr *sa = (struct sockaddr *)&ss; + socklen_t salen; + int snmp_s, ax_s; + uint32_t sessionid; + struct varbind request[] = { + { + .type = TYPE_NULL, + .name = OID_STRUCT(2 ,0), + .data.int32 = 1 + }, + { + .type = TYPE_ENDOFMIBVIEW, + .name = OID_STRUCT(2, 0, 0), + } + }; + struct searchrange searchrange = { + .start = OID_STRUCT(2, 0), + .end = OID_STRUCT(2, 1) + }; + int32_t requestid; + char buf[1024]; + size_t n; + + ax_s = agentx_connect(axsocket); + sessionid = agentx_open(ax_s, 0, 0, + OID_ARG(MIB_SUBAGENT_BACKEND_GETBULK, 8), __func__); + agentx_register(ax_s, sessionid, 0, 0, 127, 0, + OID_ARG(2, 0), 0); + + salen = snmp_resolve(SOCK_DGRAM, hostname, servname, sa); + snmp_s = snmp_connect(SOCK_DGRAM, sa, salen); + requestid = snmpv2_getbulk(snmp_s, community, 0, 0, 2, request, 1); + + request[0].name.subid[request[0].name.n_subid++] = 0; + request[0].type = TYPE_INTEGER; + n = agentx_read(ax_s, buf, sizeof(buf), 1000); + agentx_getnext_handle(__func__, buf, n, 0, sessionid, &searchrange, + request, 1); + agentx_response(ax_s, buf, NOERROR, 0, request, 1); + + searchrange.start = request[0].name; + n = agentx_read(ax_s, buf, sizeof(buf), 1000); + agentx_getnext_handle(__func__, buf, n, 0, sessionid, &searchrange, + &request[1], 1); + agentx_response(ax_s, buf, NOERROR, 0, &request[1], 1); + + snmpv2_response_validate(snmp_s, 1000, community, requestid, NOERROR, 0, + request, 2); +} + +void +backend_getbulk_endofmibview_two_varbinds(void) +{ + struct sockaddr_storage ss; + struct sockaddr *sa = (struct sockaddr *)&ss; + socklen_t salen; + int snmp_s, ax_s; + uint32_t sessionid; + struct varbind request[] = { + { + .type = TYPE_NULL, + .name = OID_STRUCT(2 ,0), + .data.int32 = 1 + }, + { + .type = TYPE_NULL, + .name = OID_STRUCT(2, 0, 0), + }, + { + .type = TYPE_ENDOFMIBVIEW, + .name = OID_STRUCT(2, 0, 0), + }, + { + .type = TYPE_ENDOFMIBVIEW, + .name = OID_STRUCT(2, 0, 0), + } + }; + struct searchrange searchrange[] = { + { + .start = OID_STRUCT(2, 0), + .end = OID_STRUCT(2, 1) + }, + { + .start = OID_STRUCT(2, 0, 0), + .end = OID_STRUCT(2, 1) + }, + }; + int32_t requestid; + char buf[1024]; + size_t n; + + ax_s = agentx_connect(axsocket); + sessionid = agentx_open(ax_s, 0, 0, + OID_ARG(MIB_SUBAGENT_BACKEND_GETBULK, 9), __func__); + agentx_register(ax_s, sessionid, 0, 0, 127, 0, + OID_ARG(2, 0), 0); + + salen = snmp_resolve(SOCK_DGRAM, hostname, servname, sa); + snmp_s = snmp_connect(SOCK_DGRAM, sa, salen); + requestid = snmpv2_getbulk(snmp_s, community, 0, 0, 2, request, 2); + + request[0].name.subid[request[0].name.n_subid++] = 0; + request[0].type = TYPE_INTEGER; + request[1].type = TYPE_ENDOFMIBVIEW; + n = agentx_read(ax_s, buf, sizeof(buf), 1000); + agentx_getnext_handle(__func__, buf, n, 0, sessionid, searchrange, + request, 2); + agentx_response(ax_s, buf, NOERROR, 0, request, 2); + + n = agentx_read(ax_s, buf, sizeof(buf), 1000); + agentx_getnext_handle(__func__, buf, n, 0, sessionid, &searchrange[1], + &request[1], 1); + agentx_response(ax_s, buf, NOERROR, 0, &request[1], 1); + + snmpv2_response_validate(snmp_s, 1000, community, requestid, NOERROR, 0, + request, 4); +} + void backend_error_get_toobig(void) { diff --git a/regress/usr.sbin/snmpd/regress.h b/regress/usr.sbin/snmpd/regress.h index 3f5fb17eb..cd05eb51b 100644 --- a/regress/usr.sbin/snmpd/regress.h +++ b/regress/usr.sbin/snmpd/regress.h @@ -308,6 +308,9 @@ void backend_getbulk_nonrep_one_maxrep_one(void); void backend_getbulk_nonrep_one_maxrep_two(void); void backend_getbulk_nonrep_two_maxrep_two(void); void backend_getbulk_nonrep_negative(void); +void backend_getbulk_endofmibview(void); +void backend_getbulk_endofmibview_second_rep(void); +void backend_getbulk_endofmibview_two_varbinds(void); void backend_error_get_toobig(void); void backend_error_get_nosuchname(void); void backend_error_get_badvalue(void); diff --git a/regress/usr.sbin/snmpd/snmpd_regress.c b/regress/usr.sbin/snmpd/snmpd_regress.c index 29e759480..36714ce37 100644 --- a/regress/usr.sbin/snmpd/snmpd_regress.c +++ b/regress/usr.sbin/snmpd/snmpd_regress.c @@ -153,6 +153,9 @@ const struct { { "backend_getbulk_nonrep_one_maxrep_two", backend_getbulk_nonrep_one_maxrep_two }, { "backend_getbulk_nonrep_two_maxrep_two", backend_getbulk_nonrep_two_maxrep_two }, { "backend_getbulk_nonrep_negative", backend_getbulk_nonrep_negative }, + { "backend_getbulk_endofmibview", backend_getbulk_endofmibview }, + { "backend_getbulk_endofmibview_second_rep", backend_getbulk_endofmibview_second_rep }, + { "backend_getbulk_endofmibview_two_varbinds", backend_getbulk_endofmibview_two_varbinds }, { "backend_error_get_toobig", backend_error_get_toobig }, { "backend_error_get_nosuchname", backend_error_get_nosuchname }, { "backend_error_get_badvalue", backend_error_get_badvalue }, diff --git a/sbin/fdisk/cmd.c b/sbin/fdisk/cmd.c index fa0399ec7..c1765db47 100644 --- a/sbin/fdisk/cmd.c +++ b/sbin/fdisk/cmd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmd.c,v 1.178 2023/11/10 16:20:52 krw Exp $ */ +/* $OpenBSD: cmd.c,v 1.179 2023/11/18 15:42:09 krw Exp $ */ /* * Copyright (c) 1997 Tobias Weingartner @@ -181,6 +181,7 @@ parseflag(const char *flagstr, uint64_t *flagvalue) char *ep; uint64_t val; + flagstr += strspn(flagstr, WHITESPACE); if (flagstr[0] == '0' && (flagstr[1] == 'x' || flagstr[1] == 'X')) { errno = 0; val = strtoull(flagstr, &ep, 16); diff --git a/sbin/pflogd/pflogd.c b/sbin/pflogd/pflogd.c index 334f94261..96865607e 100644 --- a/sbin/pflogd/pflogd.c +++ b/sbin/pflogd/pflogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pflogd.c,v 1.65 2023/11/12 15:18:04 dlg Exp $ */ +/* $OpenBSD: pflogd.c,v 1.66 2023/11/17 12:10:23 claudio Exp $ */ /* * Copyright (c) 2001 Theo de Raadt @@ -725,7 +725,7 @@ main(int argc, char **argv) while (1) { np = pcap_dispatch(hpcap, PCAP_NUM_PKTS, phandler, (u_char *)dpcap); - if (np < 0) { + if (np == -1) { if (!if_exists(interface)) { logmsg(LOG_NOTICE, "interface %s went away", interface); diff --git a/share/zoneinfo/Makefile b/share/zoneinfo/Makefile index c18c2b089..515a3658e 100644 --- a/share/zoneinfo/Makefile +++ b/share/zoneinfo/Makefile @@ -1,32 +1,49 @@ -# $OpenBSD: Makefile,v 1.15 2020/10/07 22:33:31 millert Exp $ -# $NetBSD: Makefile,v 1.14 1995/04/22 12:10:17 cgd Exp $ +# $OpenBSD: Makefile,v 1.18 2023/11/18 07:18:07 anton Exp $ -# Change the line below for your time zone (after finding the zone you want in -# the time zone files, or adding it to a time zone file). -# Alternately, if you discover you've got the wrong time zone, you can just -# zic -l rightzone - -# This line has been moved to /usr/src/etc/Makefile -LOCALTIME= US/Pacific - -# If you want something other than Eastern United States time as a template -# for handling POSIX-style time zone environment variables, -# change the line below (after finding the zone you want in the -# time zone files, or adding it to a time zone file). -# Alternately, if you discover you've got the wrong time zone, you can just -# zic -p rightzone +# DATAFORM selects the data format. OpenBSD always uses "main" +# Available formats represent essentially the same data, albeit +# possibly with minor discrepancies that users are not likely to notice. +# To get new features and the best data right away, use: +# DATAFORM= vanguard +# To wait a while before using new features, to give downstream users +# time to upgrade zic (the default), use: +# DATAFORM= main +# To wait even longer for new features, use: +# DATAFORM= rearguard +# Rearguard users might also want "ZFLAGS = -b fat"; see below. +DATAFORM= main +# The POSIXRULES macro controls interpretation of POSIX-like TZ +# settings like TZ='EET-2EEST' that lack DST transition rules. +# If POSIXRULES is '-', no template is installed; this is the default. +# Any other value for POSIXRULES is obsolete and should not be relied on, as: +# * It does not work correctly in popular implementations such as GNU/Linux. +# * It does not work even in tzcode, except for historical timestamps +# that precede the last explicit transition in the POSIXRULES file. +# Hence it typically does not work for current and future timestamps. +# If, despite the above, you want a template for handling these settings, +# you can change the line below (after finding the timezone you want in the +# one of the $(TDATA) source files, or adding it to a source file). +# Alternatively, if you discover you've got the wrong timezone, you can just +# 'zic -p -' to remove it, or 'zic -p rightzone' to change it. +# Use the command +# make zonenames +# to get a list of the values you can use for POSIXRULES. POSIXRULES= US/Pacific -# Use an absolute path name for TZDIR unless you're just testing the software. - +# "Compiled" timezone information is placed in the "TZDIR" directory +# (and subdirectories). +# TZDIR_BASENAME should not contain "/" and should not be ".", ".." or empty. +TZDIR_BASENAME= zoneinfo TZDIR= ${DESTDIR}/usr/share/zoneinfo -# If you always want time values interpreted as "seconds since the epoch -# (not counting leap seconds)", use -# REDO= posix_only -# below. If you always want right time values interpreted as "seconds since -# the epoch" (counting leap seconds)", use +# What kind of TZif data files to generate. (TZif is the binary time +# zone data format that zic generates; see Internet RFC 8536.) +# If you want only POSIX time, with time values interpreted as +# seconds since the epoch (not counting leap seconds), use +# REDO= posix_only +# below. If you want only "right" time, with values interpreted +# as seconds since the epoch (counting leap seconds), use # REDO= right_only # below. If you want both sets of data available, with leap seconds not # counted normally, use @@ -34,20 +51,66 @@ TZDIR= ${DESTDIR}/usr/share/zoneinfo # below. If you want both sets of data available, with leap seconds counted # normally, use # REDO= right_posix -# below. - +# below. POSIX mandates that leap seconds not be counted; for compatibility +# with it, use "posix_only" or "posix_right". Use POSIX time on systems with +# leap smearing; this can work better than unsmeared "right" time with +# applications that are not leap second aware, and is closer to unsmeared +# "right" time than unsmeared POSIX time is (e.g., 0.5 vs 1.0 s max error). REDO= posix_only +# Whether to put an "Expires" line in the leapseconds file. +# Use EXPIRES_LINE=1 to put the line in, 0 to omit it. +# The EXPIRES_LINE value matters only if REDO's value contains "right". +# If you change EXPIRES_LINE, remove the leapseconds file before running "make". +# zic's support for the Expires line was introduced in tzdb 2020a, +# and was modified in tzdb 2021b to generate version 4 TZif files. +# EXPIRES_LINE defaults to 0 for now so that the leapseconds file +# can be given to pre-2020a zic implementations and so that TZif files +# built by newer zic implementations can be read by pre-2021b libraries. +EXPIRES_LINE= 0 + +# To install data in text form that has all the information of the TZif data, +# (optionally incorporating leap second information), use +# TZDATA_TEXT= tzdata.zi leapseconds +# To install text data without leap second information (e.g., because +# REDO='posix_only'), use +# TZDATA_TEXT= tzdata.zi +# To avoid installing text data, use +# TZDATA_TEXT= +TZDATA_TEXT= leapseconds tzdata.zi + TDATA= africa antarctica asia australasia \ europe northamerica southamerica etcetera factory \ backward -TABDATA= iso3166.tab zone.tab zone1970.tab -DATA= $(TDATA) $(TABDATA) leapseconds -USNO= usno1988 usno1989 usno1989a usno1995 usno1997 +TABDATA= iso3166.tab zone.tab zone1970.tab $(TZDATA_TEXT) +DATA= $(TDATA) $(TABDATA) +DSTDATA_ZI_DEPS= ziguard.awk $(TDATA) ZIC= zic -all: +all: leapseconds tzdata.zi + +$(DATAFORM).zi: $(DSTDATA_ZI_DEPS) + (cd ${.CURDIR}/datfiles && \ + awk -v DATAFORM=`expr $@ : '\(.*\).zi'` -f ../ziguard.awk \ + $(TDATA) >${.OBJDIR}/$@.out) + mv -f ${.OBJDIR}/$@.out ${.OBJDIR}/$@ + +tzdata.zi: $(DATAFORM).zi version zishrink.awk + (cd ${.CURDIR}/datfiles && version=`sed 1q ../version` && \ + LC_ALL=C awk \ + -v dataform='$(DATAFORM)' \ + -v deps='$(DSTDATA_ZI_DEPS) zishrink.awk' \ + -v redo='$(REDO)' \ + -v version="$$version" \ + -f ../zishrink.awk \ + ${.OBJDIR}/$(DATAFORM).zi >${.OBJDIR}/$@.out) + mv -f ${.OBJDIR}/$@.out ${.OBJDIR}/$@ + +leapseconds: leapseconds.awk datfiles/leap-seconds.list + awk -v EXPIRES_LINE=$(EXPIRES_LINE) -f ${.CURDIR}/leapseconds.awk \ + ${.CURDIR}/datfiles/leap-seconds.list >${.OBJDIR}/$@.out + mv -f ${.OBJDIR}/$@.out ${.OBJDIR}/$@ posix_only: ${TDATA} (cd ${.CURDIR}/datfiles; \ @@ -61,7 +124,7 @@ other_two: leapseconds ${TDATA} (cd ${.CURDIR}/datfiles; \ ${ZIC} -d ${TZDIR}/posix -L /dev/null ${TDATA}) (cd ${.CURDIR}/datfiles; \ - ${ZIC} -d ${TZDIR}/right -L leapseconds ${TDATA}) + ${ZIC} -d ${TZDIR}/right -L ${.OBJDIR}/leapseconds ${TDATA}) posix_right: posix_only other_two @@ -76,11 +139,19 @@ realinstall: ${DATA} ${REDO} -type d -exec chmod a=rx,u+w {} + ${INSTALL} -c -o root -g bin -m 644 ${.CURDIR}/datfiles/iso3166.tab \ ${DESTDIR}/usr/share/misc + ${INSTALL} -c -o root -g bin -m 644 leapseconds \ + ${DESTDIR}/usr/share/zoneinfo + ${INSTALL} -c -o root -g bin -m 644 ${.CURDIR}/datfiles/leap-seconds.list \ + ${DESTDIR}/usr/share/zoneinfo + ${INSTALL} -c -o root -g bin -m 644 tzdata.zi \ + ${DESTDIR}/usr/share/zoneinfo ${INSTALL} -c -o root -g bin -m 644 ${.CURDIR}/datfiles/zone.tab \ ${DESTDIR}/usr/share/zoneinfo ${INSTALL} -c -o root -g bin -m 644 ${.CURDIR}/datfiles/zone1970.tab \ ${DESTDIR}/usr/share/zoneinfo +clean: + rm -f leapseconds *.zi .PATH: ${.CURDIR}/datfiles .include diff --git a/share/zoneinfo/datfiles/leap-seconds.list b/share/zoneinfo/datfiles/leap-seconds.list new file mode 100644 index 000000000..c25034655 --- /dev/null +++ b/share/zoneinfo/datfiles/leap-seconds.list @@ -0,0 +1,256 @@ +# $OpenBSD: leap-seconds.list,v 1.1 2023/11/17 21:51:37 millert Exp $ +# +# In the following text, the symbol '#' introduces +# a comment, which continues from that symbol until +# the end of the line. A plain comment line has a +# whitespace character following the comment indicator. +# There are also special comment lines defined below. +# A special comment will always have a non-whitespace +# character in column 2. +# +# A blank line should be ignored. +# +# The following table shows the corrections that must +# be applied to compute International Atomic Time (TAI) +# from the Coordinated Universal Time (UTC) values that +# are transmitted by almost all time services. +# +# The first column shows an epoch as a number of seconds +# since 1 January 1900, 00:00:00 (1900.0 is also used to +# indicate the same epoch.) Both of these time stamp formats +# ignore the complexities of the time scales that were +# used before the current definition of UTC at the start +# of 1972. (See note 3 below.) +# The second column shows the number of seconds that +# must be added to UTC to compute TAI for any timestamp +# at or after that epoch. The value on each line is +# valid from the indicated initial instant until the +# epoch given on the next one or indefinitely into the +# future if there is no next line. +# (The comment on each line shows the representation of +# the corresponding initial epoch in the usual +# day-month-year format. The epoch always begins at +# 00:00:00 UTC on the indicated day. See Note 5 below.) +# +# Important notes: +# +# 1. Coordinated Universal Time (UTC) is often referred to +# as Greenwich Mean Time (GMT). The GMT time scale is no +# longer used, and the use of GMT to designate UTC is +# discouraged. +# +# 2. The UTC time scale is realized by many national +# laboratories and timing centers. Each laboratory +# identifies its realization with its name: Thus +# UTC(NIST), UTC(USNO), etc. The differences among +# these different realizations are typically on the +# order of a few nanoseconds (i.e., 0.000 000 00x s) +# and can be ignored for many purposes. These differences +# are tabulated in Circular T, which is published monthly +# by the International Bureau of Weights and Measures +# (BIPM). See www.bipm.org for more information. +# +# 3. The current definition of the relationship between UTC +# and TAI dates from 1 January 1972. A number of different +# time scales were in use before that epoch, and it can be +# quite difficult to compute precise timestamps and time +# intervals in those "prehistoric" days. For more information, +# consult: +# +# The Explanatory Supplement to the Astronomical +# Ephemeris. +# or +# Terry Quinn, "The BIPM and the Accurate Measurement +# of Time," Proc. of the IEEE, Vol. 79, pp. 894-905, +# July, 1991. +# reprinted in: +# Christine Hackman and Donald B Sullivan (eds.) +# Time and Frequency Measurement +# American Association of Physics Teachers (1996) +# , pp. 75-86 +# +# 4. The decision to insert a leap second into UTC is currently +# the responsibility of the International Earth Rotation and +# Reference Systems Service. (The name was changed from the +# International Earth Rotation Service, but the acronym IERS +# is still used.) +# +# Leap seconds are announced by the IERS in its Bulletin C. +# +# See www.iers.org for more details. +# +# Every national laboratory and timing center uses the +# data from the BIPM and the IERS to construct UTC(lab), +# their local realization of UTC. +# +# Although the definition also includes the possibility +# of dropping seconds ("negative" leap seconds), this has +# never been done and is unlikely to be necessary in the +# foreseeable future. +# +# 5. If your system keeps time as the number of seconds since +# some epoch (e.g., NTP timestamps), then the algorithm for +# assigning a UTC time stamp to an event that happens during a positive +# leap second is not well defined. The official name of that leap +# second is 23:59:60, but there is no way of representing that time +# in these systems. +# Many systems of this type effectively stop the system clock for +# one second during the leap second and use a time that is equivalent +# to 23:59:59 UTC twice. For these systems, the corresponding TAI +# timestamp would be obtained by advancing to the next entry in the +# following table when the time equivalent to 23:59:59 UTC +# is used for the second time. Thus the leap second which +# occurred on 30 June 1972 at 23:59:59 UTC would have TAI +# timestamps computed as follows: +# +# ... +# 30 June 1972 23:59:59 (2287785599, first time): TAI= UTC + 10 seconds +# 30 June 1972 23:59:60 (2287785599,second time): TAI= UTC + 11 seconds +# 1 July 1972 00:00:00 (2287785600) TAI= UTC + 11 seconds +# ... +# +# If your system realizes the leap second by repeating 00:00:00 UTC twice +# (this is possible but not usual), then the advance to the next entry +# in the table must occur the second time that a time equivalent to +# 00:00:00 UTC is used. Thus, using the same example as above: +# +# ... +# 30 June 1972 23:59:59 (2287785599): TAI= UTC + 10 seconds +# 30 June 1972 23:59:60 (2287785600, first time): TAI= UTC + 10 seconds +# 1 July 1972 00:00:00 (2287785600,second time): TAI= UTC + 11 seconds +# ... +# +# in both cases the use of timestamps based on TAI produces a smooth +# time scale with no discontinuity in the time interval. However, +# although the long-term behavior of the time scale is correct in both +# methods, the second method is technically not correct because it adds +# the extra second to the wrong day. +# +# This complexity would not be needed for negative leap seconds (if they +# are ever used). The UTC time would skip 23:59:59 and advance from +# 23:59:58 to 00:00:00 in that case. The TAI offset would decrease by +# 1 second at the same instant. This is a much easier situation to deal +# with, since the difficulty of unambiguously representing the epoch +# during the leap second does not arise. +# +# Some systems implement leap seconds by amortizing the leap second +# over the last few minutes of the day. The frequency of the local +# clock is decreased (or increased) to realize the positive (or +# negative) leap second. This method removes the time step described +# above. Although the long-term behavior of the time scale is correct +# in this case, this method introduces an error during the adjustment +# period both in time and in frequency with respect to the official +# definition of UTC. +# +# Questions or comments to: +# Judah Levine +# Time and Frequency Division +# NIST +# Boulder, Colorado +# Judah.Levine@nist.gov +# +# Last Update of leap second values: 8 July 2016 +# +# The following line shows this last update date in NTP timestamp +# format. This is the date on which the most recent change to +# the leap second data was added to the file. This line can +# be identified by the unique pair of characters in the first two +# columns as shown below. +# +#$ 3676924800 +# +# The NTP timestamps are in units of seconds since the NTP epoch, +# which is 1 January 1900, 00:00:00. The Modified Julian Day number +# corresponding to the NTP time stamp, X, can be computed as +# +# X/86400 + 15020 +# +# where the first term converts seconds to days and the second +# term adds the MJD corresponding to the time origin defined above. +# The integer portion of the result is the integer MJD for that +# day, and any remainder is the time of day, expressed as the +# fraction of the day since 0 hours UTC. The conversion from day +# fraction to seconds or to hours, minutes, and seconds may involve +# rounding or truncation, depending on the method used in the +# computation. +# +# The data in this file will be updated periodically as new leap +# seconds are announced. In addition to being entered on the line +# above, the update time (in NTP format) will be added to the basic +# file name leap-seconds to form the name leap-seconds.. +# In addition, the generic name leap-seconds.list will always point to +# the most recent version of the file. +# +# This update procedure will be performed only when a new leap second +# is announced. +# +# The following entry specifies the expiration date of the data +# in this file in units of seconds since the origin at the instant +# 1 January 1900, 00:00:00. This expiration date will be changed +# at least twice per year whether or not a new leap second is +# announced. These semi-annual changes will be made no later +# than 1 June and 1 December of each year to indicate what +# action (if any) is to be taken on 30 June and 31 December, +# respectively. (These are the customary effective dates for new +# leap seconds.) This expiration date will be identified by a +# unique pair of characters in columns 1 and 2 as shown below. +# In the unlikely event that a leap second is announced with an +# effective date other than 30 June or 31 December, then this +# file will be edited to include that leap second as soon as it is +# announced or at least one month before the effective date +# (whichever is later). +# If an announcement by the IERS specifies that no leap second is +# scheduled, then only the expiration date of the file will +# be advanced to show that the information in the file is still +# current -- the update time stamp, the data and the name of the file +# will not change. +# +# Updated through IERS Bulletin C65 +# File expires on: 28 December 2023 +# +#@ 3912710400 +# +2272060800 10 # 1 Jan 1972 +2287785600 11 # 1 Jul 1972 +2303683200 12 # 1 Jan 1973 +2335219200 13 # 1 Jan 1974 +2366755200 14 # 1 Jan 1975 +2398291200 15 # 1 Jan 1976 +2429913600 16 # 1 Jan 1977 +2461449600 17 # 1 Jan 1978 +2492985600 18 # 1 Jan 1979 +2524521600 19 # 1 Jan 1980 +2571782400 20 # 1 Jul 1981 +2603318400 21 # 1 Jul 1982 +2634854400 22 # 1 Jul 1983 +2698012800 23 # 1 Jul 1985 +2776982400 24 # 1 Jan 1988 +2840140800 25 # 1 Jan 1990 +2871676800 26 # 1 Jan 1991 +2918937600 27 # 1 Jul 1992 +2950473600 28 # 1 Jul 1993 +2982009600 29 # 1 Jul 1994 +3029443200 30 # 1 Jan 1996 +3076704000 31 # 1 Jul 1997 +3124137600 32 # 1 Jan 1999 +3345062400 33 # 1 Jan 2006 +3439756800 34 # 1 Jan 2009 +3550089600 35 # 1 Jul 2012 +3644697600 36 # 1 Jul 2015 +3692217600 37 # 1 Jan 2017 +# +# the following special comment contains the +# hash value of the data in this file computed +# use the secure hash algorithm as specified +# by FIPS 180-1. See the files in ~/pub/sha for +# the details of how this hash value is +# computed. Note that the hash computation +# ignores comments and whitespace characters +# in data lines. It includes the NTP values +# of both the last modification time and the +# expiration time of the file, but not the +# white space on those lines. +# the hash line is also ignored in the +# computation. +# +#h e76a99dc 65f15cc7 e613e040 f5078b5e b23834fe diff --git a/share/zoneinfo/datfiles/leapseconds b/share/zoneinfo/datfiles/leapseconds deleted file mode 100644 index 168720c16..000000000 --- a/share/zoneinfo/datfiles/leapseconds +++ /dev/null @@ -1,83 +0,0 @@ -# $OpenBSD: leapseconds,v 1.48 2023/03/23 16:12:11 millert Exp $ -# Allowance for leap seconds added to each time zone file. - -# This file is in the public domain. - -# This file is generated automatically from the data in the public-domain -# NIST format leap-seconds.list file, which can be copied from -# -# or . -# The NIST file is used instead of its IERS upstream counterpart -# -# because under US law the NIST file is public domain -# whereas the IERS file's copyright and license status is unclear. -# For more about leap-seconds.list, please see -# The NTP Timescale and Leap Seconds -# . - -# The rules for leap seconds are specified in Annex 1 (Time scales) of: -# Standard-frequency and time-signal emissions. -# International Telecommunication Union - Radiocommunication Sector -# (ITU-R) Recommendation TF.460-6 (02/2002) -# . -# The International Earth Rotation and Reference Systems Service (IERS) -# periodically uses leap seconds to keep UTC to within 0.9 s of UT1 -# (a proxy for Earth's angle in space as measured by astronomers) -# and publishes leap second data in a copyrighted file -# . -# See: Levine J. Coordinated Universal Time and the leap second. -# URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995 -# . - -# There were no leap seconds before 1972, as no official mechanism -# accounted for the discrepancy between atomic time (TAI) and the earth's -# rotation. The first ("1 Jan 1972") data line in leap-seconds.list -# does not denote a leap second; it denotes the start of the current definition -# of UTC. - -# All leap-seconds are Stationary (S) at the given UTC time. -# The correction (+ or -) is made at the given time, so in the unlikely -# event of a negative leap second, a line would look like this: -# Leap YEAR MON DAY 23:59:59 - S -# Typical lines look like this: -# Leap YEAR MON DAY 23:59:60 + S -Leap 1972 Jun 30 23:59:60 + S -Leap 1972 Dec 31 23:59:60 + S -Leap 1973 Dec 31 23:59:60 + S -Leap 1974 Dec 31 23:59:60 + S -Leap 1975 Dec 31 23:59:60 + S -Leap 1976 Dec 31 23:59:60 + S -Leap 1977 Dec 31 23:59:60 + S -Leap 1978 Dec 31 23:59:60 + S -Leap 1979 Dec 31 23:59:60 + S -Leap 1981 Jun 30 23:59:60 + S -Leap 1982 Jun 30 23:59:60 + S -Leap 1983 Jun 30 23:59:60 + S -Leap 1985 Jun 30 23:59:60 + S -Leap 1987 Dec 31 23:59:60 + S -Leap 1989 Dec 31 23:59:60 + S -Leap 1990 Dec 31 23:59:60 + S -Leap 1992 Jun 30 23:59:60 + S -Leap 1993 Jun 30 23:59:60 + S -Leap 1994 Jun 30 23:59:60 + S -Leap 1995 Dec 31 23:59:60 + S -Leap 1997 Jun 30 23:59:60 + S -Leap 1998 Dec 31 23:59:60 + S -Leap 2005 Dec 31 23:59:60 + S -Leap 2008 Dec 31 23:59:60 + S -Leap 2012 Jun 30 23:59:60 + S -Leap 2015 Jun 30 23:59:60 + S -Leap 2016 Dec 31 23:59:60 + S - -# UTC timestamp when this leap second list expires. -# Any additional leap seconds will come after this. -# This Expires line is commented out for now, -# so that pre-2020a zic implementations do not reject this file. -#Expires 2023 Dec 28 00:00:00 - -# POSIX timestamps for the data in this file: -#updated 1467936000 (2016-07-08 00:00:00 UTC) -#expires 1703721600 (2023-12-28 00:00:00 UTC) - -# Updated through IERS Bulletin C65 -# File expires on: 28 December 2023 diff --git a/share/zoneinfo/leapseconds.awk b/share/zoneinfo/leapseconds.awk new file mode 100755 index 000000000..7d2556bf1 --- /dev/null +++ b/share/zoneinfo/leapseconds.awk @@ -0,0 +1,252 @@ +# Generate zic format 'leapseconds' from NIST format 'leap-seconds.list'. + +# This file is in the public domain. + +# This program uses awk arithmetic. POSIX requires awk to support +# exact integer arithmetic only through 10**10, which means for NTP +# timestamps this program works only to the year 2216, which is the +# year 1900 plus 10**10 seconds. However, in practice +# POSIX-conforming awk implementations invariably use IEEE-754 double +# and so support exact integers through 2**53. By the year 2216, +# POSIX will almost surely require at least 2**53 for awk, so for NTP +# timestamps this program should be good until the year 285,428,681 +# (the year 1900 plus 2**53 seconds). By then leap seconds will be +# long obsolete, as the Earth will likely slow down so much that +# there will be more than 25 hours per day and so some other scheme +# will be needed. + +BEGIN { + print "# Allowance for leap seconds added to each time zone file." + print "" + print "# This file is in the public domain." + print "" + print "# This file is generated automatically from the data in the public-domain" + print "# NIST format leap-seconds.list file, which can be copied from" + print "# " + print "# or ." + print "# The NIST file is used instead of its IERS upstream counterpart" + print "# " + print "# because under US law the NIST file is public domain" + print "# whereas the IERS file's copyright and license status is unclear." + print "# For more about leap-seconds.list, please see" + print "# The NTP Timescale and Leap Seconds" + print "# ." + print "" + print "# The rules for leap seconds are specified in Annex 1 (Time scales) of:" + print "# Standard-frequency and time-signal emissions." + print "# International Telecommunication Union - Radiocommunication Sector" + print "# (ITU-R) Recommendation TF.460-6 (02/2002)" + print "# ." + print "# The International Earth Rotation and Reference Systems Service (IERS)" + print "# periodically uses leap seconds to keep UTC to within 0.9 s of UT1" + print "# (a proxy for Earth's angle in space as measured by astronomers)" + print "# and publishes leap second data in a copyrighted file" + print "# ." + print "# See: Levine J. Coordinated Universal Time and the leap second." + print "# URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995" + print "# ." + print "" + print "# There were no leap seconds before 1972, as no official mechanism" + print "# accounted for the discrepancy between atomic time (TAI) and the earth's" + print "# rotation. The first (\"1 Jan 1972\") data line in leap-seconds.list" + print "# does not denote a leap second; it denotes the start of the current definition" + print "# of UTC." + print "" + print "# All leap-seconds are Stationary (S) at the given UTC time." + print "# The correction (+ or -) is made at the given time, so in the unlikely" + print "# event of a negative leap second, a line would look like this:" + print "# Leap YEAR MON DAY 23:59:59 - S" + print "# Typical lines look like this:" + print "# Leap YEAR MON DAY 23:59:60 + S" + + monthabbr[ 1] = "Jan" + monthabbr[ 2] = "Feb" + monthabbr[ 3] = "Mar" + monthabbr[ 4] = "Apr" + monthabbr[ 5] = "May" + monthabbr[ 6] = "Jun" + monthabbr[ 7] = "Jul" + monthabbr[ 8] = "Aug" + monthabbr[ 9] = "Sep" + monthabbr[10] = "Oct" + monthabbr[11] = "Nov" + monthabbr[12] = "Dec" + + sstamp_init() +} + +# In case the input has CRLF form a la NIST. +{ sub(/\r$/, "") } + +/^#[ \t]*[Uu]pdated through/ || /^#[ \t]*[Ff]ile expires on/ { + last_lines = last_lines $0 "\n" +} + +/^#[$][ \t]/ { updated = $2 } +/^#[@][ \t]/ { expires = $2 } + +/^[ \t]*#/ { next } + +{ + NTP_timestamp = $1 + TAI_minus_UTC = $2 + if (old_TAI_minus_UTC) { + if (old_TAI_minus_UTC < TAI_minus_UTC) { + sign = "23:59:60\t+" + } else { + sign = "23:59:59\t-" + } + sstamp_to_ymdhMs(NTP_timestamp - 1, ss_NTP) + printf "Leap\t%d\t%s\t%d\t%s\tS\n", \ + ss_year, monthabbr[ss_month], ss_mday, sign + } + old_TAI_minus_UTC = TAI_minus_UTC +} + +END { + print "" + + if (expires) { + sstamp_to_ymdhMs(expires, ss_NTP) + + print "# UTC timestamp when this leap second list expires." + print "# Any additional leap seconds will come after this." + if (! EXPIRES_LINE) { + print "# This Expires line is commented out for now," + print "# so that pre-2020a zic implementations do not reject this file." + } + printf "%sExpires %.4d\t%s\t%.2d\t%.2d:%.2d:%.2d\n", \ + EXPIRES_LINE ? "" : "#", \ + ss_year, monthabbr[ss_month], ss_mday, ss_hour, ss_min, ss_sec + } else { + print "# (No Expires line, since the expires time is unknown.)" + } + + # The difference between the NTP and POSIX epochs is 70 years + # (including 17 leap days), each 24 hours of 60 minutes of 60 + # seconds each. + epoch_minus_NTP = ((1970 - 1900) * 365 + 17) * 24 * 60 * 60 + + print "" + print "# POSIX timestamps for the data in this file:" + if (updated) { + sstamp_to_ymdhMs(updated, ss_NTP) + printf "#updated %d (%.4d-%.2d-%.2d %.2d:%.2d:%.2d UTC)\n", \ + updated - epoch_minus_NTP, \ + ss_year, ss_month, ss_mday, ss_hour, ss_min, ss_sec + } else { + print "#(updated time unknown)" + } + if (expires) { + sstamp_to_ymdhMs(expires, ss_NTP) + printf "#expires %d (%.4d-%.2d-%.2d %.2d:%.2d:%.2d UTC)\n", \ + expires - epoch_minus_NTP, \ + ss_year, ss_month, ss_mday, ss_hour, ss_min, ss_sec + } else { + print "#(expires time unknown)" + } + printf "\n%s", last_lines +} + +# sstamp_to_ymdhMs - convert seconds timestamp to date and time +# +# Call as: +# +# sstamp_to_ymdhMs(sstamp, epoch_days) +# +# where: +# +# sstamp - is the seconds timestamp. +# epoch_days - is the timestamp epoch in Gregorian days since 1600-03-01. +# ss_NTP is appropriate for an NTP sstamp. +# +# Both arguments should be nonnegative integers. +# On return, the following variables are set based on sstamp: +# +# ss_year - Gregorian calendar year +# ss_month - month of the year (1-January to 12-December) +# ss_mday - day of the month (1-31) +# ss_hour - hour (0-23) +# ss_min - minute (0-59) +# ss_sec - second (0-59) +# ss_wday - day of week (0-Sunday to 6-Saturday) +# +# The function sstamp_init should be called prior to using sstamp_to_ymdhMs. + +function sstamp_init() +{ + # Days in month N, where March is month 0 and January month 10. + ss_mon_days[ 0] = 31 + ss_mon_days[ 1] = 30 + ss_mon_days[ 2] = 31 + ss_mon_days[ 3] = 30 + ss_mon_days[ 4] = 31 + ss_mon_days[ 5] = 31 + ss_mon_days[ 6] = 30 + ss_mon_days[ 7] = 31 + ss_mon_days[ 8] = 30 + ss_mon_days[ 9] = 31 + ss_mon_days[10] = 31 + + # Counts of days in a Gregorian year, quad-year, century, and quad-century. + ss_year_days = 365 + ss_quadyear_days = ss_year_days * 4 + 1 + ss_century_days = ss_quadyear_days * 25 - 1 + ss_quadcentury_days = ss_century_days * 4 + 1 + + # Standard day epochs, suitable for epoch_days. + # ss_MJD = 94493 + # ss_POSIX = 135080 + ss_NTP = 109513 +} + +function sstamp_to_ymdhMs(sstamp, epoch_days, \ + quadcentury, century, quadyear, year, month, day) +{ + ss_hour = int(sstamp / 3600) % 24 + ss_min = int(sstamp / 60) % 60 + ss_sec = sstamp % 60 + + # Start with a count of days since 1600-03-01 Gregorian. + day = epoch_days + int(sstamp / (24 * 60 * 60)) + + # Compute a year-month-day date with days of the month numbered + # 0-30, months (March-February) numbered 0-11, and years that start + # start March 1 and end after the last day of February. A quad-year + # starts on March 1 of a year evenly divisible by 4 and ends after + # the last day of February 4 years later. A century starts on and + # ends before March 1 in years evenly divisible by 100. + # A quad-century starts on and ends before March 1 in years divisible + # by 400. While the number of days in a quad-century is a constant, + # the number of days in each other time period can vary by 1. + # Any variation is in the last day of the time period (there might + # or might not be a February 29) where it is easy to deal with. + + quadcentury = int(day / ss_quadcentury_days) + day -= quadcentury * ss_quadcentury_days + ss_wday = (day + 3) % 7 + century = int(day / ss_century_days) + century -= century == 4 + day -= century * ss_century_days + quadyear = int(day / ss_quadyear_days) + day -= quadyear * ss_quadyear_days + year = int(day / ss_year_days) + year -= year == 4 + day -= year * ss_year_days + for (month = 0; month < 11; month++) { + if (day < ss_mon_days[month]) + break + day -= ss_mon_days[month] + } + + # Convert the date to a conventional day of month (1-31), + # month (1-12, January-December) and Gregorian year. + ss_mday = day + 1 + if (month <= 9) { + ss_month = month + 3 + } else { + ss_month = month - 9 + year++ + } + ss_year = 1600 + quadcentury * 400 + century * 100 + quadyear * 4 + year +} diff --git a/share/zoneinfo/version b/share/zoneinfo/version new file mode 100644 index 000000000..49f35c76f --- /dev/null +++ b/share/zoneinfo/version @@ -0,0 +1 @@ +2023cgtz diff --git a/share/zoneinfo/ziguard.awk b/share/zoneinfo/ziguard.awk new file mode 100644 index 000000000..7a3404fa4 --- /dev/null +++ b/share/zoneinfo/ziguard.awk @@ -0,0 +1,386 @@ +# Convert tzdata source into vanguard or rearguard form. + +# Contributed by Paul Eggert. This file is in the public domain. + +# This is not a general-purpose converter; it is designed for current tzdata. +# It just converts from current source to main, vanguard, and rearguard forms. +# Although it might be nice for it to be idempotent, or to be useful +# for converting back and forth between vanguard and rearguard formats, +# it does not do these nonessential tasks now. +# +# Although main and vanguard forms are currently equivalent, +# this need not always be the case. When the two forms differ, +# this script can convert either from main to vanguard form (needed then), +# or from vanguard to main form (this conversion would be needed later, +# after main became rearguard and vanguard became main). +# There is no need to convert rearguard to other forms. +# +# When converting to vanguard form, the output can use the line +# "Zone GMT 0 - GMT" which TZUpdater 2.3.2 mistakenly rejects. +# +# When converting to vanguard form, the output can use negative SAVE +# values. +# +# When converting to rearguard form, the output uses only nonnegative +# SAVE values. The idea is for the output data to simulate the behavior +# of the input data as best it can within the constraints of the +# rearguard format. + +# Given a FIELD like "-0:30", return a minute count like -30. +function get_minutes(field, \ + sign, hours, minutes) +{ + sign = field ~ /^-/ ? -1 : 1 + hours = +field + if (field ~ /:/) { + minutes = field + sub(/[^:]*:/, "", minutes) + } + return 60 * hours + sign * minutes +} + +# Given an OFFSET, which is a minute count like 300 or 330, +# return a %z-style abbreviation like "+05" or "+0530". +function offset_abbr(offset, \ + hours, minutes, sign) +{ + hours = int(offset / 60) + minutes = offset % 60 + if (minutes) { + return sprintf("%+.4d", hours * 100 + minutes); + } else { + return sprintf("%+.2d", hours) + } +} + +# Round TIMESTAMP (a +-hh:mm:ss.dddd string) to the nearest second. +function round_to_second(timestamp, \ + hh, mm, ss, seconds, dot_dddd, subseconds) +{ + dot_dddd = timestamp + if (!sub(/^[+-]?[0-9]+:[0-9]+:[0-9]+\./, ".", dot_dddd)) + return timestamp + hh = mm = ss = timestamp + sub(/^[-+]?[0-9]+:[0-9]+:/, "", ss) + sub(/^[-+]?[0-9]+:/, "", mm) + sub(/^[-+]?/, "", hh) + seconds = 3600 * hh + 60 * mm + ss + subseconds = +dot_dddd + seconds += 0.5 < subseconds || ((subseconds == 0.5) && (seconds % 2)); + return sprintf("%s%d:%.2d:%.2d", timestamp ~ /^-/ ? "-" : "", \ + seconds / 3600, seconds / 60 % 60, seconds % 60) +} + +BEGIN { + dataform_type["vanguard"] = 1 + dataform_type["main"] = 1 + dataform_type["rearguard"] = 1 + + if (PACKRATLIST) { + while (getline =8 25:00" + # to "Sun>=9 1:00", to cater to zic before 2007 and to older Java. + if ($0 ~ /^Rule/ && $2 == "Japan") { + if (DATAFORM == "rearguard") { + if ($7 == "Sat>=8" && $8 == "25:00") { + sub(/Sat>=8/, "Sun>=9") + sub(/25:00/, " 1:00") + } + } else { + if ($7 == "Sun>=9" && $8 == "1:00") { + sub(/Sun>=9/, "Sat>=8") + sub(/ 1:00/, "25:00") + } + } + } + + # In rearguard form, change the Morocco lines with negative SAVE values + # to use positive SAVE values. + if ($2 == "Morocco") { + if ($0 ~ /^Rule/) { + if ($4 ~ /^201[78]$/ && $6 == "Oct") { + if (DATAFORM == "rearguard") { + sub(/\t2018\t/, "\t2017\t") + } else { + sub(/\t2017\t/, "\t2018\t") + } + } + + if (2019 <= $3) { + if ($8 == "2:00") { + if (DATAFORM == "rearguard") { + sub(/\t0\t/, "\t1:00\t") + } else { + sub(/\t1:00\t/, "\t0\t") + } + } else { + if (DATAFORM == "rearguard") { + sub(/\t-1:00\t/, "\t0\t") + } else { + sub(/\t0\t/, "\t-1:00\t") + } + } + } + } + if ($1 ~ /^[+0-9-]/ && NF == 3) { + if (DATAFORM == "rearguard") { + sub(/1:00\tMorocco/, "0:00\tMorocco") + sub(/\t\+01\/\+00$/, "\t+00/+01") + } else { + sub(/0:00\tMorocco/, "1:00\tMorocco") + sub(/\t\+00\/+01$/, "\t+01/+00") + } + } + } +} + +/^Zone/ { + packrat_ignored = FILENAME == PACKRATDATA && PACKRATLIST && !packratlist[$2]; +} +{ + if (packrat_ignored && $0 !~ /^Rule/) { + sub(/^/, "#") + } +} + +# Return a link line resulting by changing OLDLINE to link to TARGET +# from LINKNAME, instead of linking to OLDTARGET from LINKNAME. +# Align data columns the same as they were in OLDLINE. +# Also, replace any existing white space followed by comment with COMMENT. +function make_linkline(oldline, target, linkname, oldtarget, comment, \ + oldprefix, oldprefixlen, oldtargettabs, \ + replsuffix, targettabs) +{ + oldprefix = "Link\t" oldtarget "\t" + oldprefixlen = length(oldprefix) + if (substr(oldline, 1, oldprefixlen) == oldprefix) { + # Use tab stops to preserve LINKNAME's column. + replsuffix = substr(oldline, oldprefixlen + 1) + sub(/[\t ]*#.*/, "", replsuffix) + oldtargettabs = int(length(oldtarget) / 8) + 1 + targettabs = int(length(target) / 8) + 1 + for (; targettabs < oldtargettabs; targettabs++) { + replsuffix = "\t" replsuffix + } + for (; oldtargettabs < targettabs && replsuffix ~ /^\t/; targettabs--) { + replsuffix = substr(replsuffix, 2) + } + } else { + # Odd format line; don't bother lining up its replacement nicely. + replsuffix = linkname + } + return "Link\t" target "\t" replsuffix comment +} + +/^Link/ && $4 == "#=" && DATAFORM == "vanguard" { + $0 = make_linkline($0, $5, $3, $2) +} + +# If a Link line is followed by a Link or Zone line for the same data, comment +# out the Link line. This can happen if backzone overrides a Link +# with a Zone or a different Link. +/^Zone/ { + sub(/^Link/, "#Link", line[linkline[$2]]) +} +/^Link/ { + sub(/^Link/, "#Link", line[linkline[$3]]) + linkline[$3] = NR + linktarget[$3] = $2 +} + +{ line[NR] = $0 } + +function cut_link_chains_short( \ + l, linkname, t, target) +{ + for (linkname in linktarget) { + target = linktarget[linkname] + t = linktarget[target] + if (t) { + # TARGET is itself a link name. Replace the line "Link TARGET LINKNAME" + # with "Link T LINKNAME #= TARGET", where T is at the end of the chain + # of links that LINKNAME points to. + while ((u = linktarget[t])) { + t = u + } + l = linkline[linkname] + line[l] = make_linkline(line[l], t, linkname, target, "\t#= " target) + } + } +} + +END { + if (DATAFORM != "vanguard") { + cut_link_chains_short() + } + for (i = 1; i <= NR; i++) + print line[i] +} diff --git a/share/zoneinfo/zishrink.awk b/share/zoneinfo/zishrink.awk new file mode 100644 index 000000000..66968e864 --- /dev/null +++ b/share/zoneinfo/zishrink.awk @@ -0,0 +1,356 @@ +# Convert tzdata source into a smaller version of itself. + +# Contributed by Paul Eggert. This file is in the public domain. + +# This is not a general-purpose converter; it is designed for current tzdata. +# 'zic' should treat this script's output as if it were identical to +# this script's input. + +# Record a hash N for the new name NAME, checking for collisions. + +function record_hash(n, name) +{ + if (used_hashes[n]) { + printf "# ! collision: %s %s\n", used_hashes[n], name + exit 1 + } + used_hashes[n] = name +} + +# Return a shortened rule name representing NAME, +# and record this relationship to the hash table. + +function gen_rule_name(name, \ + n) +{ + # Use a simple mnemonic: the first two letters. + n = substr(name, 1, 2) + record_hash(n, name) + # printf "# %s = %s\n", n, name + return n +} + +function prehash_rule_names( \ + name) +{ + # Rule names are not part of the tzdb API, so substitute shorter + # ones. Shortening them consistently from one release to the next + # simplifies comparison of the output. That being said, the + # 1-letter names below are not standardized in any way, and can + # change arbitrarily from one release to the next, as the main goal + # here is compression not comparison. + + # Abbreviating these rules names to one letter saved the most space + # circa 2018e. + rule["Arg"] = "A" + rule["Brazil"] = "B" + rule["Canada"] = "C" + rule["Denmark"] = "D" + rule["EU"] = "E" + rule["France"] = "F" + rule["GB-Eire"] = "G" + rule["Halifax"] = "H" + rule["Italy"] = "I" + rule["Jordan"] = "J" + rule["Egypt"] = "K" # "Kemet" in ancient Egyptian + rule["Libya"] = "L" + rule["Morocco"] = "M" + rule["Neth"] = "N" + rule["Poland"] = "O" # arbitrary + rule["Palestine"] = "P" + rule["Cuba"] = "Q" # Its start sounds like "Q". + rule["Russia"] = "R" + rule["Syria"] = "S" + rule["Turkey"] = "T" + rule["Uruguay"] = "U" + rule["Vincennes"] = "V" + rule["Winn"] = "W" + rule["Mongol"] = "X" # arbitrary + rule["NT_YK"] = "Y" + rule["Zion"] = "Z" + rule["Austria"] = "a" + rule["Belgium"] = "b" + rule["C-Eur"] = "c" + rule["Algeria"] = "d" # country code DZ + rule["E-Eur"] = "e" + rule["Taiwan"] = "f" # Formosa + rule["Greece"] = "g" + rule["Hungary"] = "h" + rule["Iran"] = "i" + rule["StJohns"] = "j" + rule["Chatham"] = "k" # arbitrary + rule["Lebanon"] = "l" + rule["Mexico"] = "m" + rule["Tunisia"] = "n" # country code TN + rule["Moncton"] = "o" # arbitrary + rule["Port"] = "p" + rule["Albania"] = "q" # arbitrary + rule["Regina"] = "r" + rule["Spain"] = "s" + rule["Toronto"] = "t" + rule["US"] = "u" + rule["Louisville"] = "v" # ville + rule["Iceland"] = "w" # arbitrary + rule["Chile"] = "x" # arbitrary + rule["Para"] = "y" # country code PY + rule["Romania"] = "z" # arbitrary + rule["Macau"] = "_" # arbitrary + + # Use ISO 3166 alpha-2 country codes for remaining names that are countries. + # This is more systematic, and avoids collisions (e.g., Malta and Moldova). + rule["Armenia"] = "AM" + rule["Aus"] = "AU" + rule["Azer"] = "AZ" + rule["Barb"] = "BB" + rule["Dhaka"] = "BD" + rule["Bulg"] = "BG" + rule["Bahamas"] = "BS" + rule["Belize"] = "BZ" + rule["Swiss"] = "CH" + rule["Cook"] = "CK" + rule["PRC"] = "CN" + rule["Cyprus"] = "CY" + rule["Czech"] = "CZ" + rule["Germany"] = "DE" + rule["DR"] = "DO" + rule["Ecuador"] = "EC" + rule["Finland"] = "FI" + rule["Fiji"] = "FJ" + rule["Falk"] = "FK" + rule["Ghana"] = "GH" + rule["Guat"] = "GT" + rule["Hond"] = "HN" + rule["Haiti"] = "HT" + rule["Eire"] = "IE" + rule["Iraq"] = "IQ" + rule["Japan"] = "JP" + rule["Kyrgyz"] = "KG" + rule["ROK"] = "KR" + rule["Latvia"] = "LV" + rule["Lux"] = "LX" + rule["Moldova"] = "MD" + rule["Malta"] = "MT" + rule["Mauritius"] = "MU" + rule["Namibia"] = "NA" + rule["Nic"] = "NI" + rule["Norway"] = "NO" + rule["Peru"] = "PE" + rule["Phil"] = "PH" + rule["Pakistan"] = "PK" + rule["Sudan"] = "SD" + rule["Salv"] = "SV" + rule["Tonga"] = "TO" + rule["Vanuatu"] = "VU" + + # Avoid collisions. + rule["Detroit"] = "Dt" # De = Denver + + for (name in rule) { + record_hash(rule[name], name) + } +} + +function make_line(n, field, \ + f, r) +{ + r = field[1] + for (f = 2; f <= n; f++) + r = r " " field[f] + return r +} + +# Process the input line LINE and save it for later output. + +function process_input_line(line, \ + f, field, end, i, n, r, startdef, \ + linkline, ruleline, zoneline) +{ + # Remove comments, normalize spaces, and append a space to each line. + sub(/#.*/, "", line) + line = line " " + gsub(/[\t ]+/, " ", line) + + # Abbreviate keywords and determine line type. + linkline = sub(/^Link /, "L ", line) + ruleline = sub(/^Rule /, "R ", line) + zoneline = sub(/^Zone /, "Z ", line) + + # Replace FooAsia rules with the same rules without "Asia", as they + # are duplicates. + if (match(line, /[^ ]Asia /)) { + if (ruleline) return + line = substr(line, 1, RSTART) substr(line, RSTART + 5) + } + + # Abbreviate times. + while (match(line, /[: ]0+[0-9]/)) + line = substr(line, 1, RSTART) substr(line, RSTART + RLENGTH - 1) + while (match(line, /:0[^:]/)) + line = substr(line, 1, RSTART - 1) substr(line, RSTART + 2) + + # Abbreviate weekday names. + while (match(line, / (last)?(Mon|Wed|Fri)[ <>]/)) { + end = RSTART + RLENGTH + line = substr(line, 1, end - 4) substr(line, end - 1) + } + while (match(line, / (last)?(Sun|Tue|Thu|Sat)[ <>]/)) { + end = RSTART + RLENGTH + line = substr(line, 1, end - 3) substr(line, end - 1) + } + + # Abbreviate "max", "min", "only" and month names. + gsub(/ max /, " ma ", line) + gsub(/ min /, " mi ", line) + gsub(/ only /, " o ", line) + gsub(/ Jan /, " Ja ", line) + gsub(/ Feb /, " F ", line) + gsub(/ Apr /, " Ap ", line) + gsub(/ Aug /, " Au ", line) + gsub(/ Sep /, " S ", line) + gsub(/ Oct /, " O ", line) + gsub(/ Nov /, " N ", line) + gsub(/ Dec /, " D ", line) + + # Strip leading and trailing space. + sub(/^ /, "", line) + sub(/ $/, "", line) + + # Remove unnecessary trailing zero fields. + sub(/ 0+$/, "", line) + + # Remove unnecessary trailing days-of-month "1". + if (match(line, /[A-Za-z] 1$/)) + line = substr(line, 1, RSTART) + + # Remove unnecessary trailing " Ja" (for January). + sub(/ Ja$/, "", line) + + n = split(line, field) + + # Record which rule names are used, and generate their abbreviations. + f = zoneline ? 4 : linkline || ruleline ? 0 : 2 + r = field[f] + if (r ~ /^[^-+0-9]/) { + rule_used[r] = 1 + } + + # If this zone supersedes an earlier one, delete the earlier one + # from the saved output lines. + startdef = "" + if (zoneline) + zonename = startdef = field[2] + else if (linkline) + zonename = startdef = field[3] + else if (ruleline) + zonename = "" + if (startdef) { + i = zonedef[startdef] + if (i) { + do + output_line[i - 1] = "" + while (output_line[i++] ~ /^[-+0-9]/); + } + } + zonedef[zonename] = nout + 1 + + # Save the line for later output. + output_line[nout++] = make_line(n, field) +} + +function omit_unused_rules( \ + i, field) +{ + for (i = 0; i < nout; i++) { + split(output_line[i], field) + if (field[1] == "R" && !rule_used[field[2]]) { + output_line[i] = "" + } + } +} + +function abbreviate_rule_names( \ + abbr, f, field, i, n, r) +{ + for (i = 0; i < nout; i++) { + n = split(output_line[i], field) + if (n) { + f = field[1] == "Z" ? 4 : field[1] == "L" ? 0 : 2 + r = field[f] + if (r ~ /^[^-+0-9]/) { + abbr = rule[r] + if (!abbr) { + rule[r] = abbr = gen_rule_name(r) + } + field[f] = abbr + output_line[i] = make_line(n, field) + } + } + } +} + +function output_saved_lines( \ + i) +{ + for (i = 0; i < nout; i++) + if (output_line[i]) + print output_line[i] +} + +BEGIN { + # Files that the output normally depends on. + default_dep["africa"] = 1 + default_dep["antarctica"] = 1 + default_dep["asia"] = 1 + default_dep["australasia"] = 1 + default_dep["backward"] = 1 + default_dep["etcetera"] = 1 + default_dep["europe"] = 1 + default_dep["factory"] = 1 + default_dep["northamerica"] = 1 + default_dep["southamerica"] = 1 + default_dep["ziguard.awk"] = 1 + default_dep["zishrink.awk"] = 1 + + # Output a version string from 'version' and related configuration variables + # supported by tzdb's Makefile. If you change the makefile or any other files + # that affect the output of this script, you should append '-SOMETHING' + # to the contents of 'version', where SOMETHING identifies what was changed. + + ndeps = split(deps, dep) + ddeps = "" + for (i = 1; i <= ndeps; i++) { + if (default_dep[dep[i]]) { + default_dep[dep[i]]++ + } else { + ddeps = ddeps " " dep[i] + } + } + for (d in default_dep) { + if (default_dep[d] == 1) { + ddeps = ddeps " !" d + } + } + print "# version", version + if (dataform != "main") { + print "# dataform", dataform + } + if (redo != "posix_right") { + print "# redo " redo + } + if (ddeps) { + print "# ddeps" ddeps + } + print "# This zic input file is in the public domain." + + prehash_rule_names() +} + +/^[\t ]*[^#\t ]/ { + process_input_line($0) +} + +END { + omit_unused_rules() + abbreviate_rule_names() + output_saved_lines() +} diff --git a/sys/dev/bio.c b/sys/dev/bio.c index dba3ad42c..9f9c4f812 100644 --- a/sys/dev/bio.c +++ b/sys/dev/bio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio.c,v 1.18 2023/11/09 14:07:18 dlg Exp $ */ +/* $OpenBSD: bio.c,v 1.19 2023/11/15 23:57:45 dlg Exp $ */ /* * Copyright (c) 2002 Niklas Hallqvist. All rights reserved. @@ -31,18 +31,33 @@ #include #include #include -#include +#include #include #include struct bio_mapping { - LIST_ENTRY(bio_mapping) bm_link; + RBT_ENTRY(bio_mapping) bm_link; + uintptr_t bm_cookie; struct device *bm_dev; int (*bm_ioctl)(struct device *, u_long, caddr_t); }; -LIST_HEAD(, bio_mapping) bios = LIST_HEAD_INITIALIZER(bios); +RBT_HEAD(bio_mappings, bio_mapping); + +static inline int +bio_cookie_cmp(const struct bio_mapping *a, const struct bio_mapping *b) +{ + if (a->bm_cookie < b->bm_cookie) + return (1); + if (a->bm_cookie > b->bm_cookie) + return (-1); + return (0); +} + +RBT_PROTOTYPE(bio_mappings, bio_mapping, bm_link, bio_cookie_cmp); + +struct bio_mappings bios = RBT_INITIALIZER(); void bioattach(int); int bioclose(dev_t, int, int, struct proc *); @@ -51,7 +66,7 @@ int bioopen(dev_t, int, int, struct proc *); int bio_delegate_ioctl(struct bio_mapping *, u_long, caddr_t); struct bio_mapping *bio_lookup(char *); -int bio_validate(void *); +struct bio_mapping *bio_validate(void *); void bioattach(int nunits) @@ -73,6 +88,7 @@ bioclose(dev_t dev, int flags, int mode, struct proc *p) int bioioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct proc *p) { + struct bio_mapping *bm; struct bio_locate *locate; struct bio *bio; char name[16]; @@ -84,18 +100,19 @@ bioioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct proc *p) error = copyinstr(locate->bl_name, name, sizeof name, NULL); if (error != 0) return (error); - locate->bl_bio.bio_cookie = bio_lookup(name); - if (locate->bl_bio.bio_cookie == NULL) + bm = bio_lookup(name); + if (bm == NULL) return (ENOENT); + locate->bl_bio.bio_cookie = (void *)bm->bm_cookie; break; default: bio = (struct bio *)addr; - if (!bio_validate(bio->bio_cookie)) + bm = bio_validate(bio->bio_cookie); + if (bm == NULL) return (ENOENT); - error = bio_delegate_ioctl( - (struct bio_mapping *)bio->bio_cookie, cmd, addr); + error = bio_delegate_ioctl(bm, cmd, addr); break; } @@ -112,7 +129,10 @@ bio_register(struct device *dev, int (*ioctl)(struct device *, u_long, caddr_t)) return (ENOMEM); bm->bm_dev = dev; bm->bm_ioctl = ioctl; - LIST_INSERT_HEAD(&bios, bm, bm_link); + do { + bm->bm_cookie = arc4random(); + /* lets hope we don't have 4 billion bio_registers */ + } while (RBT_INSERT(bio_mappings, &bios, bm) != NULL); return (0); } @@ -121,11 +141,9 @@ bio_unregister(struct device *dev) { struct bio_mapping *bm, *next; - for (bm = LIST_FIRST(&bios); bm != NULL; bm = next) { - next = LIST_NEXT(bm, bm_link); - + RBT_FOREACH_SAFE(bm, bio_mappings, &bios, next) { if (dev == bm->bm_dev) { - LIST_REMOVE(bm, bm_link); + RBT_REMOVE(bio_mappings, &bios, bm); free(bm, M_DEVBUF, sizeof(*bm)); } } @@ -136,21 +154,20 @@ bio_lookup(char *name) { struct bio_mapping *bm; - LIST_FOREACH(bm, &bios, bm_link) + RBT_FOREACH(bm, bio_mappings, &bios) { if (strcmp(name, bm->bm_dev->dv_xname) == 0) return (bm); + } + return (NULL); } -int +struct bio_mapping * bio_validate(void *cookie) { - struct bio_mapping *bm; + struct bio_mapping key = { .bm_cookie = (uintptr_t)cookie }; - LIST_FOREACH(bm, &bios, bm_link) - if (bm == cookie) - return (1); - return (0); + return (RBT_FIND(bio_mappings, &bios, &key)); } int @@ -218,3 +235,5 @@ bio_status(struct bio_status *bs, int print, int msg_type, const char *fmt, if (print) printf("%s: %s\n", bs->bs_controller, bs->bs_msgs[idx].bm_msg); } + +RBT_GENERATE(bio_mappings, bio_mapping, bm_link, bio_cookie_cmp); diff --git a/sys/kern/subr_disk.c b/sys/kern/subr_disk.c index f90d41d14..bf169beff 100644 --- a/sys/kern/subr_disk.c +++ b/sys/kern/subr_disk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_disk.c,v 1.271 2023/02/10 07:00:12 miod Exp $ */ +/* $OpenBSD: subr_disk.c,v 1.272 2023/11/15 20:23:19 kn Exp $ */ /* $NetBSD: subr_disk.c,v 1.17 1996/03/16 23:17:08 christos Exp $ */ /* @@ -1754,7 +1754,7 @@ done: } int -disk_map(char *path, char *mappath, int size, int flags) +disk_map(const char *path, char *mappath, int size, int flags) { struct disk *dk, *mdk; u_char uid[8]; diff --git a/sys/lib/libz/deflate.c b/sys/lib/libz/deflate.c index 43e55b790..4e1decbfd 100644 --- a/sys/lib/libz/deflate.c +++ b/sys/lib/libz/deflate.c @@ -489,7 +489,11 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method, * symbols from which it is being constructed. */ +#ifdef LIT_MEM + s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 5); +#else s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4); +#endif s->pending_buf_size = (ulg)s->lit_bufsize * 4; if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || @@ -499,8 +503,14 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method, deflateEnd (strm); return Z_MEM_ERROR; } +#ifdef LIT_MEM + s->d_buf = (ushf *)(s->pending_buf + (s->lit_bufsize << 1)); + s->l_buf = s->pending_buf + (s->lit_bufsize << 2); + s->sym_end = s->lit_bufsize - 1; +#else s->sym_buf = s->pending_buf + s->lit_bufsize; s->sym_end = (s->lit_bufsize - 1) * 3; +#endif /* We avoid equality with lit_bufsize*3 because of wraparound at 64K * on 16 bit machines and because stored blocks are restricted to * 64K-1 bytes. @@ -716,9 +726,15 @@ int ZEXPORT deflatePrime(z_streamp strm, int bits, int value) { if (deflateStateCheck(strm)) return Z_STREAM_ERROR; s = strm->state; +#ifdef LIT_MEM + if (bits < 0 || bits > 16 || + (uchf *)s->d_buf < s->pending_out + ((Buf_size + 7) >> 3)) + return Z_BUF_ERROR; +#else if (bits < 0 || bits > 16 || s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3)) return Z_BUF_ERROR; +#endif do { put = Buf_size - s->bi_valid; if (put > bits) @@ -1304,7 +1320,12 @@ int ZEXPORT deflateCopy(z_streamp dest, z_streamp source) { zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); +#ifdef LIT_MEM + ds->d_buf = (ushf *)(ds->pending_buf + (ds->lit_bufsize << 1)); + ds->l_buf = ds->pending_buf + (ds->lit_bufsize << 2); +#else ds->sym_buf = ds->pending_buf + ds->lit_bufsize; +#endif ds->l_desc.dyn_tree = ds->dyn_ltree; ds->d_desc.dyn_tree = ds->dyn_dtree; diff --git a/sys/lib/libz/deflate.h b/sys/lib/libz/deflate.h index fc66a6ffb..eb28c625a 100644 --- a/sys/lib/libz/deflate.h +++ b/sys/lib/libz/deflate.h @@ -21,6 +21,10 @@ # define GZIP #endif +/* define LIT_MEM to slightly increase the speed of deflate (order 1% to 2%) at + the cost of a larger memory footprint */ +/* #define LIT_MEM */ + /* =========================================================================== * Internal compression state. */ @@ -215,7 +219,12 @@ typedef struct internal_state { /* Depth of each subtree used as tie breaker for trees of equal frequency */ +#ifdef LIT_MEM + ushf *d_buf; /* buffer for distances */ + uchf *l_buf; /* buffer for literals/lengths */ +#else uchf *sym_buf; /* buffer for distances and literals/lengths */ +#endif uInt lit_bufsize; /* Size of match buffer for literals/lengths. There are 4 reasons for @@ -237,7 +246,7 @@ typedef struct internal_state { * - I can't count above 4 */ - uInt sym_next; /* running index in sym_buf */ + uInt sym_next; /* running index in symbol buffer */ uInt sym_end; /* symbol table full when sym_next reaches this */ ulg opt_len; /* bit length of current block with optimal trees */ @@ -316,6 +325,25 @@ void ZLIB_INTERNAL _tr_stored_block(deflate_state *s, charf *buf, extern const uch ZLIB_INTERNAL _dist_code[]; #endif +#ifdef LIT_MEM +# define _tr_tally_lit(s, c, flush) \ + { uch cc = (c); \ + s->d_buf[s->sym_next] = 0; \ + s->l_buf[s->sym_next++] = cc; \ + s->dyn_ltree[cc].Freq++; \ + flush = (s->sym_next == s->sym_end); \ + } +# define _tr_tally_dist(s, distance, length, flush) \ + { uch len = (uch)(length); \ + ush dist = (ush)(distance); \ + s->d_buf[s->sym_next] = dist; \ + s->l_buf[s->sym_next++] = len; \ + dist--; \ + s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ + s->dyn_dtree[d_code(dist)].Freq++; \ + flush = (s->sym_next == s->sym_end); \ + } +#else # define _tr_tally_lit(s, c, flush) \ { uch cc = (c); \ s->sym_buf[s->sym_next++] = 0; \ @@ -335,6 +363,7 @@ void ZLIB_INTERNAL _tr_stored_block(deflate_state *s, charf *buf, s->dyn_dtree[d_code(dist)].Freq++; \ flush = (s->sym_next == s->sym_end); \ } +#endif #else # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) # define _tr_tally_dist(s, distance, length, flush) \ diff --git a/sys/lib/libz/inflate.c b/sys/lib/libz/inflate.c index 5ed2f8984..869deb702 100644 --- a/sys/lib/libz/inflate.c +++ b/sys/lib/libz/inflate.c @@ -1473,7 +1473,7 @@ int ZEXPORT inflateSync(z_streamp strm) { /* if first time, start search in bit buffer */ if (state->mode != SYNC) { state->mode = SYNC; - state->hold <<= state->bits & 7; + state->hold >>= state->bits & 7; state->bits -= state->bits & 7; len = 0; while (state->bits >= 8) { diff --git a/sys/lib/libz/inftrees.c b/sys/lib/libz/inftrees.c index 9ff2067ee..719e20d52 100644 --- a/sys/lib/libz/inftrees.c +++ b/sys/lib/libz/inftrees.c @@ -55,7 +55,7 @@ int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; static const unsigned short lext[31] = { /* Length codes 257..285 extra */ 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 198, 203}; + 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 70, 200}; static const unsigned short dbase[32] = { /* Distance codes 0..29 base */ 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, diff --git a/sys/lib/libz/inftrees.h b/sys/lib/libz/inftrees.h index a10712d8c..396f74b5d 100644 --- a/sys/lib/libz/inftrees.h +++ b/sys/lib/libz/inftrees.h @@ -41,8 +41,8 @@ typedef struct { examples/enough.c found in the zlib distribution. The arguments to that program are the number of symbols, the initial root table size, and the maximum bit length of a code. "enough 286 9 15" for literal/length codes - returns returns 852, and "enough 30 6 15" for distance codes returns 592. - The initial root table size (9 or 6) is found in the fifth argument of the + returns 852, and "enough 30 6 15" for distance codes returns 592. The + initial root table size (9 or 6) is found in the fifth argument of the inflate_table() calls in inflate.c and infback.c. If the root table size is changed, then these maximum sizes would be need to be recalculated and updated. */ diff --git a/sys/lib/libz/trees.c b/sys/lib/libz/trees.c index 7d2ef3634..6bbbb21c3 100644 --- a/sys/lib/libz/trees.c +++ b/sys/lib/libz/trees.c @@ -897,14 +897,19 @@ local void compress_block(deflate_state *s, const ct_data *ltree, const ct_data *dtree) { unsigned dist; /* distance of matched string */ int lc; /* match length or unmatched char (if dist == 0) */ - unsigned sx = 0; /* running index in sym_buf */ + unsigned sx = 0; /* running index in symbol buffers */ unsigned code; /* the code to send */ int extra; /* number of extra bits to send */ if (s->sym_next != 0) do { +#ifdef LIT_MEM + dist = s->d_buf[sx]; + lc = s->l_buf[sx++]; +#else dist = s->sym_buf[sx++] & 0xff; dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8; lc = s->sym_buf[sx++]; +#endif if (dist == 0) { send_code(s, lc, ltree); /* send a literal byte */ Tracecv(isgraph(lc), (stderr," '%c' ", lc)); @@ -929,8 +934,12 @@ local void compress_block(deflate_state *s, const ct_data *ltree, } } /* literal or match pair ? */ - /* Check that the overlay between pending_buf and sym_buf is ok: */ + /* Check for no overlay of pending_buf on needed symbols */ +#ifdef LIT_MEM + Assert(s->pending < (s->lit_bufsize << 1) + sx, "pendingBuf overflow"); +#else Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); +#endif } while (sx < s->sym_next); @@ -1080,9 +1089,14 @@ void ZLIB_INTERNAL _tr_flush_block(deflate_state *s, charf *buf, * the current block must be flushed. */ int ZLIB_INTERNAL _tr_tally(deflate_state *s, unsigned dist, unsigned lc) { +#ifdef LIT_MEM + s->d_buf[s->sym_next] = (ush)dist; + s->l_buf[s->sym_next++] = (uch)lc; +#else s->sym_buf[s->sym_next++] = (uch)dist; s->sym_buf[s->sym_next++] = (uch)(dist >> 8); s->sym_buf[s->sym_next++] = (uch)lc; +#endif if (dist == 0) { /* lc is the unmatched char */ s->dyn_ltree[lc].Freq++; diff --git a/sys/lib/libz/zlib.h b/sys/lib/libz/zlib.h index bc230a717..4d077ae20 100644 --- a/sys/lib/libz/zlib.h +++ b/sys/lib/libz/zlib.h @@ -1,5 +1,5 @@ /* zlib.h -- interface of the 'zlib' general purpose compression library - version 1.3, August 18th, 2023 + version 1.3.0.1, August xxth, 2023 Copyright (C) 1995-2023 Jean-loup Gailly and Mark Adler @@ -37,12 +37,12 @@ extern "C" { #endif -#define ZLIB_VERSION "1.3" -#define ZLIB_VERNUM 0x1300 +#define ZLIB_VERSION "1.3.0.1-motley" +#define ZLIB_VERNUM 0x1301 #define ZLIB_VER_MAJOR 1 #define ZLIB_VER_MINOR 3 #define ZLIB_VER_REVISION 0 -#define ZLIB_VER_SUBREVISION 0 +#define ZLIB_VER_SUBREVISION 1 /* The 'zlib' compression library provides in-memory compression and @@ -936,10 +936,10 @@ ZEXTERN int ZEXPORT inflateSync(z_streamp strm); inflateSync returns Z_OK if a possible full flush point has been found, Z_BUF_ERROR if no more input was provided, Z_DATA_ERROR if no flush point has been found, or Z_STREAM_ERROR if the stream structure was inconsistent. - In the success case, the application may save the current current value of - total_in which indicates where valid compressed data was found. In the - error case, the application may repeatedly call inflateSync, providing more - input each time, until success or end of the input data. + In the success case, the application may save the current value of total_in + which indicates where valid compressed data was found. In the error case, + the application may repeatedly call inflateSync, providing more input each + time, until success or end of the input data. */ ZEXTERN int ZEXPORT inflateCopy(z_streamp dest, diff --git a/sys/net/if_vxlan.c b/sys/net/if_vxlan.c index 156d1cba5..42d2347a8 100644 --- a/sys/net/if_vxlan.c +++ b/sys/net/if_vxlan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vxlan.c,v 1.94 2023/10/27 20:56:48 jan Exp $ */ +/* $OpenBSD: if_vxlan.c,v 1.95 2023/11/18 00:23:38 dlg Exp $ */ /* * Copyright (c) 2021 David Gwynne @@ -1346,6 +1346,9 @@ vxlan_set_tunnel(struct vxlan_softc *sc, const struct if_laddrreq *req) if (in_nullhost(dst4->sin_addr)) return (EINVAL); + if (dst4->sin_port != htons(0)) + return (EINVAL); + /* all good */ mode = IN_MULTICAST(dst4->sin_addr.s_addr) ? VXLAN_TMODE_LEARNING : VXLAN_TMODE_P2P; @@ -1376,6 +1379,9 @@ vxlan_set_tunnel(struct vxlan_softc *sc, const struct if_laddrreq *req) if (src6->sin6_scope_id != dst6->sin6_scope_id) return (EINVAL); + if (dst6->sin6_port != htons(0)) + return (EINVAL); + /* all good */ mode = IN6_IS_ADDR_MULTICAST(&dst6->sin6_addr) ? VXLAN_TMODE_LEARNING : VXLAN_TMODE_P2P; diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 1cf7c8755..19b6a1820 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.391 2023/09/03 21:37:17 bluhm Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.392 2023/11/16 18:27:48 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -3084,15 +3084,24 @@ tcp_mss_adv(struct mbuf *m, int af) * state for SYN_RECEIVED. */ +/* + * Locks used to protect global data and struct members: + * N net lock + * S syn_cache_mtx tcp syn cache global mutex + */ + /* syn hash parameters */ -int tcp_syn_hash_size = TCP_SYN_HASH_SIZE; -int tcp_syn_cache_limit = TCP_SYN_HASH_SIZE*TCP_SYN_BUCKET_SIZE; -int tcp_syn_bucket_limit = 3*TCP_SYN_BUCKET_SIZE; -int tcp_syn_use_limit = 100000; +int tcp_syn_hash_size = TCP_SYN_HASH_SIZE; /* [N] size of hash table */ +int tcp_syn_cache_limit = /* [N] global entry limit */ + TCP_SYN_HASH_SIZE * TCP_SYN_BUCKET_SIZE; +int tcp_syn_bucket_limit = /* [N] per bucket limit */ + 3 * TCP_SYN_BUCKET_SIZE; +int tcp_syn_use_limit = 100000; /* [N] reseed after uses */ struct pool syn_cache_pool; struct syn_cache_set tcp_syn_cache[2]; int tcp_syn_cache_active; +struct mutex syn_cache_mtx = MUTEX_INITIALIZER(IPL_SOFTNET); #define SYN_HASH(sa, sp, dp, rand) \ (((sa)->s_addr ^ (rand)[0]) * \ @@ -3134,7 +3143,10 @@ do { \ void syn_cache_rm(struct syn_cache *sc) { - sc->sc_flags |= SCF_DEAD; + MUTEX_ASSERT_LOCKED(&syn_cache_mtx); + + KASSERT(!ISSET(sc->sc_dynflags, SCF_DEAD)); + SET(sc->sc_dynflags, SCF_DEAD); TAILQ_REMOVE(&sc->sc_buckethead->sch_bucket, sc, sc_bucketq); sc->sc_tp = NULL; LIST_REMOVE(sc, sc_tpq); @@ -3151,11 +3163,10 @@ syn_cache_put(struct syn_cache *sc) if (refcnt_rele(&sc->sc_refcnt) == 0) return; + /* Dealing with last reference, no lock needed. */ m_free(sc->sc_ipopts); - if (sc->sc_route4.ro_rt != NULL) { - rtfree(sc->sc_route4.ro_rt); - sc->sc_route4.ro_rt = NULL; - } + rtfree(sc->sc_route4.ro_rt); + pool_put(&syn_cache_pool, sc); } @@ -3190,6 +3201,7 @@ syn_cache_insert(struct syn_cache *sc, struct tcpcb *tp) int i; NET_ASSERT_LOCKED(); + MUTEX_ASSERT_LOCKED(&syn_cache_mtx); /* * If there are no entries in the hash table, reinitialize @@ -3333,12 +3345,10 @@ syn_cache_timer(void *arg) uint64_t now; int lastref; - NET_LOCK(); - if (sc->sc_flags & SCF_DEAD) + mtx_enter(&syn_cache_mtx); + if (ISSET(sc->sc_dynflags, SCF_DEAD)) goto freeit; - now = tcp_now(); - if (__predict_false(sc->sc_rxtshift == TCP_MAXRXTSHIFT)) { /* Drop it -- too many retransmissions. */ goto dropit; @@ -3353,18 +3363,22 @@ syn_cache_timer(void *arg) if (sc->sc_rxttot >= tcptv_keep_init) goto dropit; - tcpstat_inc(tcps_sc_retransmitted); - (void) syn_cache_respond(sc, NULL, now); - /* Advance the timer back-off. */ sc->sc_rxtshift++; TCPT_RANGESET(sc->sc_rxtcur, TCPTV_SRTTDFLT * tcp_backoff[sc->sc_rxtshift], TCPTV_MIN, TCPTV_REXMTMAX); - if (!timeout_add_msec(&sc->sc_timer, sc->sc_rxtcur)) - syn_cache_put(sc); + if (timeout_add_msec(&sc->sc_timer, sc->sc_rxtcur)) + refcnt_take(&sc->sc_refcnt); + mtx_leave(&syn_cache_mtx); + NET_LOCK(); + now = tcp_now(); + (void) syn_cache_respond(sc, NULL, now); + tcpstat_inc(tcps_sc_retransmitted); NET_UNLOCK(); + + syn_cache_put(sc); return; dropit: @@ -3375,8 +3389,8 @@ syn_cache_timer(void *arg) KASSERT(lastref == 0); (void)lastref; freeit: + mtx_leave(&syn_cache_mtx); syn_cache_put(sc); - NET_UNLOCK(); } /* @@ -3391,6 +3405,7 @@ syn_cache_cleanup(struct tcpcb *tp) NET_ASSERT_LOCKED(); + mtx_enter(&syn_cache_mtx); LIST_FOREACH_SAFE(sc, &tp->t_sc, sc_tpq, nsc) { #ifdef DIAGNOSTIC if (sc->sc_tp != tp) @@ -3399,8 +3414,9 @@ syn_cache_cleanup(struct tcpcb *tp) syn_cache_rm(sc); syn_cache_put(sc); } - /* just for safety */ - LIST_INIT(&tp->t_sc); + mtx_leave(&syn_cache_mtx); + + KASSERT(LIST_EMPTY(&tp->t_sc)); } /* @@ -3417,6 +3433,7 @@ syn_cache_lookup(struct sockaddr *src, struct sockaddr *dst, int i; NET_ASSERT_LOCKED(); + MUTEX_ASSERT_LOCKED(&syn_cache_mtx); /* Check the active cache first, the passive cache is likely empty. */ sets[0] = &tcp_syn_cache[tcp_syn_cache_active]; @@ -3475,9 +3492,12 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, NET_ASSERT_LOCKED(); + mtx_enter(&syn_cache_mtx); sc = syn_cache_lookup(src, dst, &scp, sotoinpcb(so)->inp_rtableid); - if (sc == NULL) + if (sc == NULL) { + mtx_leave(&syn_cache_mtx); return (NULL); + } /* * Verify the sequence and ack numbers. Try getting the correct @@ -3486,12 +3506,16 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, if ((th->th_ack != sc->sc_iss + 1) || SEQ_LEQ(th->th_seq, sc->sc_irs) || SEQ_GT(th->th_seq, sc->sc_irs + 1 + sc->sc_win)) { + refcnt_take(&sc->sc_refcnt); + mtx_leave(&syn_cache_mtx); (void) syn_cache_respond(sc, m, now); + syn_cache_put(sc); return ((struct socket *)(-1)); } /* Remove this cache entry */ syn_cache_rm(sc); + mtx_leave(&syn_cache_mtx); /* * Ok, create the full blown connection, and set things up @@ -3590,7 +3614,7 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, tp->request_r_scale = sc->sc_request_r_scale; tp->t_flags |= TF_REQ_SCALE|TF_RCVD_SCALE; } - if (sc->sc_flags & SCF_TIMESTAMP) + if (ISSET(sc->sc_fixflags, SCF_TIMESTAMP)) tp->t_flags |= TF_REQ_TSTMP|TF_RCVD_TSTMP; tp->t_template = tcp_template(tp); @@ -3599,7 +3623,7 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, so = NULL; goto abort; } - tp->sack_enable = sc->sc_flags & SCF_SACK_PERMIT; + tp->sack_enable = ISSET(sc->sc_fixflags, SCF_SACK_PERMIT); tp->ts_modulate = sc->sc_modulate; tp->ts_recent = sc->sc_timestamp; tp->iss = sc->sc_iss; @@ -3607,15 +3631,15 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, tcp_sendseqinit(tp); tp->snd_last = tp->snd_una; #ifdef TCP_ECN - if (sc->sc_flags & SCF_ECN_PERMIT) { + if (ISSET(sc->sc_fixflags, SCF_ECN_PERMIT)) { tp->t_flags |= TF_ECN_PERMIT; tcpstat_inc(tcps_ecn_accepts); } #endif - if (sc->sc_flags & SCF_SACK_PERMIT) + if (ISSET(sc->sc_fixflags, SCF_SACK_PERMIT)) tp->t_flags |= TF_SACK_PERMIT; #ifdef TCP_SIGNATURE - if (sc->sc_flags & SCF_SIGNATURE) + if (ISSET(sc->sc_fixflags, SCF_SIGNATURE)) tp->t_flags |= TF_SIGNATURE; #endif tcp_rcvseqinit(tp); @@ -3631,7 +3655,7 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, if (sc->sc_peermaxseg) tcp_mss_update(tp); /* Reset initial window to 1 segment for retransmit */ - if (sc->sc_rxtshift > 0) + if (READ_ONCE(sc->sc_rxtshift) > 0) tp->snd_cwnd = tp->t_maxseg; tp->snd_wl1 = sc->sc_irs; tp->rcv_up = sc->sc_irs + 1; @@ -3678,12 +3702,19 @@ syn_cache_reset(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, NET_ASSERT_LOCKED(); - if ((sc = syn_cache_lookup(src, dst, &scp, rtableid)) == NULL) + mtx_enter(&syn_cache_mtx); + sc = syn_cache_lookup(src, dst, &scp, rtableid); + if (sc == NULL) { + mtx_leave(&syn_cache_mtx); return; + } if (SEQ_LT(th->th_seq, sc->sc_irs) || - SEQ_GT(th->th_seq, sc->sc_irs + 1)) + SEQ_GT(th->th_seq, sc->sc_irs + 1)) { + mtx_leave(&syn_cache_mtx); return; + } syn_cache_rm(sc); + mtx_leave(&syn_cache_mtx); tcpstat_inc(tcps_sc_reset); syn_cache_put(sc); } @@ -3697,10 +3728,15 @@ syn_cache_unreach(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, NET_ASSERT_LOCKED(); - if ((sc = syn_cache_lookup(src, dst, &scp, rtableid)) == NULL) + mtx_enter(&syn_cache_mtx); + sc = syn_cache_lookup(src, dst, &scp, rtableid); + if (sc == NULL) { + mtx_leave(&syn_cache_mtx); return; + } /* If the sequence number != sc_iss, then it's a bogus ICMP msg */ if (ntohl (th->th_seq) != sc->sc_iss) { + mtx_leave(&syn_cache_mtx); return; } @@ -3712,12 +3748,14 @@ syn_cache_unreach(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, * * See tcp_notify(). */ - if ((sc->sc_flags & SCF_UNREACH) == 0 || sc->sc_rxtshift < 3) { - sc->sc_flags |= SCF_UNREACH; + if (!ISSET(sc->sc_dynflags, SCF_UNREACH) || sc->sc_rxtshift < 3) { + SET(sc->sc_dynflags, SCF_UNREACH); + mtx_leave(&syn_cache_mtx); return; } syn_cache_rm(sc); + mtx_leave(&syn_cache_mtx); tcpstat_inc(tcps_sc_unreach); syn_cache_put(sc); } @@ -3747,6 +3785,8 @@ syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, struct syn_cache_head *scp; struct mbuf *ipopts; + NET_ASSERT_LOCKED(); + tp = sototcpcb(so); /* @@ -3797,8 +3837,11 @@ syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, * If we do, resend the SYN,ACK. We do not count this * as a retransmission (XXX though maybe we should). */ + mtx_enter(&syn_cache_mtx); sc = syn_cache_lookup(src, dst, &scp, sotoinpcb(so)->inp_rtableid); if (sc != NULL) { + refcnt_take(&sc->sc_refcnt); + mtx_leave(&syn_cache_mtx); tcpstat_inc(tcps_sc_dupesyn); if (ipopts) { /* @@ -3813,8 +3856,10 @@ syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, tcpstat_inc(tcps_sndacks); tcpstat_inc(tcps_sndtotal); } + syn_cache_put(sc); return (0); } + mtx_leave(&syn_cache_mtx); sc = pool_get(&syn_cache_pool, PR_NOWAIT|PR_ZERO); if (sc == NULL) { @@ -3831,7 +3876,6 @@ syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, memcpy(&sc->sc_src, src, src->sa_len); memcpy(&sc->sc_dst, dst, dst->sa_len); sc->sc_rtableid = sotoinpcb(so)->inp_rtableid; - sc->sc_flags = 0; sc->sc_ipopts = ipopts; sc->sc_irs = th->th_seq; @@ -3842,7 +3886,7 @@ syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, sc->sc_timestamp = tb.ts_recent; if ((tb.t_flags & (TF_REQ_TSTMP|TF_RCVD_TSTMP)) == (TF_REQ_TSTMP|TF_RCVD_TSTMP)) { - sc->sc_flags |= SCF_TIMESTAMP; + SET(sc->sc_fixflags, SCF_TIMESTAMP); sc->sc_modulate = arc4random(); } if ((tb.t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) == @@ -3882,21 +3926,28 @@ syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, */ if (tcp_do_ecn && (th->th_flags & (TH_ECE|TH_CWR)) == (TH_ECE|TH_CWR)) - sc->sc_flags |= SCF_ECN_PERMIT; + SET(sc->sc_fixflags, SCF_ECN_PERMIT); #endif /* * Set SCF_SACK_PERMIT if peer did send a SACK_PERMITTED option * (i.e., if tcp_dooptions() did set TF_SACK_PERMIT). */ if (tb.sack_enable && (tb.t_flags & TF_SACK_PERMIT)) - sc->sc_flags |= SCF_SACK_PERMIT; + SET(sc->sc_fixflags, SCF_SACK_PERMIT); #ifdef TCP_SIGNATURE if (tb.t_flags & TF_SIGNATURE) - sc->sc_flags |= SCF_SIGNATURE; + SET(sc->sc_fixflags, SCF_SIGNATURE); #endif sc->sc_tp = tp; if (syn_cache_respond(sc, m, now) == 0) { + mtx_enter(&syn_cache_mtx); + /* + * XXXSMP Currently exclusive netlock prevents another insert + * after our syn_cache_lookup() and before syn_cache_insert(). + * Double insert should be handled and not rely on netlock. + */ syn_cache_insert(sc, tp); + mtx_leave(&syn_cache_mtx); tcpstat_inc(tcps_sndacks); tcpstat_inc(tcps_sndtotal); } else { @@ -3921,6 +3972,8 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) u_int hlen; struct inpcb *inp; + NET_ASSERT_LOCKED(); + switch (sc->sc_src.sa.sa_family) { case AF_INET: hlen = sizeof(struct ip); @@ -3937,11 +3990,11 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) /* Compute the size of the TCP options. */ optlen = 4 + (sc->sc_request_r_scale != 15 ? 4 : 0) + - ((sc->sc_flags & SCF_SACK_PERMIT) ? 4 : 0) + + (ISSET(sc->sc_fixflags, SCF_SACK_PERMIT) ? 4 : 0) + #ifdef TCP_SIGNATURE - ((sc->sc_flags & SCF_SIGNATURE) ? TCPOLEN_SIGLEN : 0) + + (ISSET(sc->sc_fixflags, SCF_SIGNATURE) ? TCPOLEN_SIGLEN : 0) + #endif - ((sc->sc_flags & SCF_TIMESTAMP) ? TCPOLEN_TSTAMP_APPA : 0); + (ISSET(sc->sc_fixflags, SCF_TIMESTAMP) ? TCPOLEN_TSTAMP_APPA : 0); tlen = hlen + sizeof(struct tcphdr) + optlen; @@ -4000,7 +4053,7 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) th->th_flags = TH_SYN|TH_ACK; #ifdef TCP_ECN /* Set ECE for SYN-ACK if peer supports ECN. */ - if (tcp_do_ecn && (sc->sc_flags & SCF_ECN_PERMIT)) + if (tcp_do_ecn && ISSET(sc->sc_fixflags, SCF_ECN_PERMIT)) th->th_flags |= TH_ECE; #endif th->th_win = htons(sc->sc_win); @@ -4015,7 +4068,7 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) *optp++ = sc->sc_ourmaxseg & 0xff; /* Include SACK_PERMIT_HDR option if peer has already done so. */ - if (sc->sc_flags & SCF_SACK_PERMIT) { + if (ISSET(sc->sc_fixflags, SCF_SACK_PERMIT)) { *((u_int32_t *)optp) = htonl(TCPOPT_SACK_PERMIT_HDR); optp += 4; } @@ -4027,7 +4080,7 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) optp += 4; } - if (sc->sc_flags & SCF_TIMESTAMP) { + if (ISSET(sc->sc_fixflags, SCF_TIMESTAMP)) { u_int32_t *lp = (u_int32_t *)(optp); /* Form timestamp option as shown in appendix A of RFC 1323. */ *lp++ = htonl(TCPOPT_TSTAMP_HDR); @@ -4037,7 +4090,7 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) } #ifdef TCP_SIGNATURE - if (sc->sc_flags & SCF_SIGNATURE) { + if (ISSET(sc->sc_fixflags, SCF_SIGNATURE)) { union sockaddr_union src, dst; struct tdb *tdb; @@ -4093,7 +4146,9 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) SET(m->m_pkthdr.csum_flags, M_TCP_CSUM_OUT); /* use IPsec policy and ttl from listening socket, on SYN ACK */ + mtx_enter(&syn_cache_mtx); inp = sc->sc_tp ? sc->sc_tp->t_inpcb : NULL; + mtx_leave(&syn_cache_mtx); /* * Fill in some straggling IP bits. Note the stack expects diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 20d5f6173..16840fc12 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_usrreq.c,v 1.222 2023/09/16 09:33:27 mpi Exp $ */ +/* $OpenBSD: tcp_usrreq.c,v 1.223 2023/11/16 18:27:48 bluhm Exp $ */ /* $NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $ */ /* @@ -1347,6 +1347,7 @@ tcp_sysctl_tcpstat(void *oldp, size_t *oldlenp, void *newp) #undef ASSIGN + mtx_enter(&syn_cache_mtx); set = &tcp_syn_cache[tcp_syn_cache_active]; tcpstat.tcps_sc_hash_size = set->scs_size; tcpstat.tcps_sc_entry_count = set->scs_count; @@ -1360,6 +1361,7 @@ tcp_sysctl_tcpstat(void *oldp, size_t *oldlenp, void *newp) } tcpstat.tcps_sc_bucket_limit = tcp_syn_bucket_limit; tcpstat.tcps_sc_uses_left = set->scs_use; + mtx_leave(&syn_cache_mtx); return (sysctl_rdstruct(oldp, oldlenp, newp, &tcpstat, sizeof(tcpstat))); @@ -1473,10 +1475,12 @@ tcp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, * Global tcp_syn_use_limit is used when reseeding a * new cache. Also update the value in active cache. */ + mtx_enter(&syn_cache_mtx); if (tcp_syn_cache[0].scs_use > tcp_syn_use_limit) tcp_syn_cache[0].scs_use = tcp_syn_use_limit; if (tcp_syn_cache[1].scs_use > tcp_syn_use_limit) tcp_syn_cache[1].scs_use = tcp_syn_use_limit; + mtx_leave(&syn_cache_mtx); } NET_UNLOCK(); return (error); @@ -1492,11 +1496,13 @@ tcp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, * switch sets as soon as possible. Then * the actual hash array will be reallocated. */ + mtx_enter(&syn_cache_mtx); if (tcp_syn_cache[0].scs_size != nval) tcp_syn_cache[0].scs_use = 0; if (tcp_syn_cache[1].scs_size != nval) tcp_syn_cache[1].scs_use = 0; tcp_syn_hash_size = nval; + mtx_leave(&syn_cache_mtx); } NET_UNLOCK(); return (error); diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 912381b5e..f5c885116 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_var.h,v 1.171 2023/09/04 23:00:36 bluhm Exp $ */ +/* $OpenBSD: tcp_var.h,v 1.172 2023/11/16 18:27:48 bluhm Exp $ */ /* $NetBSD: tcp_var.h,v 1.17 1996/02/13 23:44:24 christos Exp $ */ /* @@ -225,6 +225,15 @@ struct tcp_opt_info { * Data for the TCP compressed state engine. */ +/* + * Locks used to protect global data and struct members: + * I immutable after creation + * N net lock + * S syn_cache_mtx tcp syn cache global mutex + */ + +extern struct mutex syn_cache_mtx; + #define TCP_SYN_HASH_SIZE 293 #define TCP_SYN_BUCKET_SIZE 35 @@ -235,7 +244,7 @@ union syn_cache_sa { }; struct syn_cache { - TAILQ_ENTRY(syn_cache) sc_bucketq; /* link on bucket list */ + TAILQ_ENTRY(syn_cache) sc_bucketq; /* [S] link on bucket list */ struct refcnt sc_refcnt; /* ref count list and timer */ struct timeout sc_timer; /* rexmt timer */ union { /* cached route */ @@ -244,54 +253,55 @@ struct syn_cache { struct route_in6 route6; #endif } sc_route_u; -#define sc_route4 sc_route_u.route4 +#define sc_route4 sc_route_u.route4 /* [N] */ #ifdef INET6 -#define sc_route6 sc_route_u.route6 +#define sc_route6 sc_route_u.route6 /* [N] */ #endif - long sc_win; /* advertised window */ - struct syn_cache_head *sc_buckethead; /* our bucket index */ - struct syn_cache_set *sc_set; /* our syn cache set */ - u_int64_t sc_timestamp; /* timestamp from SYN */ - u_int32_t sc_hash; - u_int32_t sc_modulate; /* our timestamp modulator */ - union syn_cache_sa sc_src; - union syn_cache_sa sc_dst; - tcp_seq sc_irs; - tcp_seq sc_iss; - u_int sc_rtableid; - u_int sc_rxtcur; /* current rxt timeout */ - u_int sc_rxttot; /* total time spend on queues */ - u_short sc_rxtshift; /* for computing backoff */ - u_short sc_flags; + long sc_win; /* [I] advertised window */ + struct syn_cache_head *sc_buckethead; /* [S] our bucket index */ + struct syn_cache_set *sc_set; /* [S] our syn cache set */ + u_int64_t sc_timestamp; /* [N] timestamp from SYN */ + u_int32_t sc_hash; /* [S] */ + u_int32_t sc_modulate; /* [I] our timestamp modulator */ + union syn_cache_sa sc_src; /* [I] */ + union syn_cache_sa sc_dst; /* [I] */ + tcp_seq sc_irs; /* [I] */ + tcp_seq sc_iss; /* [I] */ + u_int sc_rtableid; /* [I] */ + u_int sc_rxtcur; /* [S] current rxt timeout */ + u_int sc_rxttot; /* [S] total time spend on queues */ + u_int sc_rxtshift; /* [S] for computing backoff */ + u_int sc_dynflags; /* [S] flags accessed with mutex */ +#define SCF_UNREACH 0x0001U /* we've had an unreach error */ +#define SCF_DEAD 0x0002U /* this entry to be released */ -#define SCF_UNREACH 0x0001 /* we've had an unreach error */ -#define SCF_TIMESTAMP 0x0002 /* peer will do timestamps */ -#define SCF_DEAD 0x0004 /* this entry to be released */ -#define SCF_SACK_PERMIT 0x0008 /* permit sack */ -#define SCF_ECN_PERMIT 0x0010 /* permit ecn */ -#define SCF_SIGNATURE 0x0020 /* enforce tcp signatures */ + u_short sc_fixflags; /* [I] set during initialization */ +#define SCF_TIMESTAMP 0x0010U /* peer will do timestamps */ +#define SCF_SACK_PERMIT 0x0020U /* permit sack */ +#define SCF_ECN_PERMIT 0x0040U /* permit ecn */ +#define SCF_SIGNATURE 0x0080U /* enforce tcp signatures */ - struct mbuf *sc_ipopts; /* IP options */ - u_int16_t sc_peermaxseg; - u_int16_t sc_ourmaxseg; - u_int sc_request_r_scale : 4, - sc_requested_s_scale : 4; + struct mbuf *sc_ipopts; /* [N] IP options */ + u_int16_t sc_peermaxseg; /* [I] */ + u_int16_t sc_ourmaxseg; /* [I] */ + u_int sc_request_r_scale : 4, /* [I] */ + sc_requested_s_scale : 4; /* [I] */ - struct tcpcb *sc_tp; /* tcb for listening socket */ - LIST_ENTRY(syn_cache) sc_tpq; /* list of entries by same tp */ + struct tcpcb *sc_tp; /* [S] tcb for listening socket */ + LIST_ENTRY(syn_cache) sc_tpq; /* [S] list of entries by same tp */ }; struct syn_cache_head { - TAILQ_HEAD(, syn_cache) sch_bucket; /* bucket entries */ - u_short sch_length; /* # entries in bucket */ + TAILQ_HEAD(, syn_cache) sch_bucket; /* [S] bucket entries */ + u_short sch_length; /* [S] # entries in bucket */ }; struct syn_cache_set { - struct syn_cache_head *scs_buckethead; - long scs_use; - int scs_size; - int scs_count; - u_int32_t scs_random[5]; + struct syn_cache_head *scs_buckethead; /* [S] */ + long scs_use; /* [S] */ + int scs_size; /* [S] current size of hash table */ + int scs_count; /* [S] */ + u_int32_t scs_random[5]; /* [S] */ }; #endif /* _KERNEL */ diff --git a/sys/sys/disk.h b/sys/sys/disk.h index a024bb1c4..2219f974e 100644 --- a/sys/sys/disk.h +++ b/sys/sys/disk.h @@ -1,4 +1,4 @@ -/* $OpenBSD: disk.h,v 1.37 2022/09/11 19:34:40 miod Exp $ */ +/* $OpenBSD: disk.h,v 1.38 2023/11/15 20:23:19 kn Exp $ */ /* $NetBSD: disk.h,v 1.11 1996/04/28 20:22:50 thorpej Exp $ */ /* @@ -152,7 +152,7 @@ struct device *disk_lookup(struct cfdriver *, int); char *disk_readlabel(struct disklabel *, dev_t, char *, size_t); -int disk_map(char *, char *, int, int); +int disk_map(const char *, char *, int, int); int duid_iszero(u_char *); const char *duid_format(u_char *); diff --git a/sys/sys/kstat.h b/sys/sys/kstat.h index 5bba6f6e4..10837f634 100644 --- a/sys/sys/kstat.h +++ b/sys/sys/kstat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kstat.h,v 1.3 2022/04/22 00:27:55 dlg Exp $ */ +/* $OpenBSD: kstat.h,v 1.4 2023/11/16 02:45:20 dlg Exp $ */ /* * Copyright (c) 2020 David Gwynne @@ -82,6 +82,9 @@ enum kstat_kv_type { KSTAT_KV_T_COUNTER16, KSTAT_KV_T_UINT16, KSTAT_KV_T_INT16, + KSTAT_KV_T_FREQ, /* frequency (Hz) */ + KSTAT_KV_T_VOLTS_DC, /* voltage (uV DC) */ + KSTAT_KV_T_VOLTS_AC, /* voltage (uV AC) */ }; /* units only apply to integer types */ @@ -119,6 +122,8 @@ struct kstat_kv { #define kstat_kv_s16(_kv) (_kv)->kv_v.v_s16 #define kstat_kv_len(_kv) (_kv)->kv_v.v_len #define kstat_kv_temp(_kv) (_kv)->kv_v.v_u64 +#define kstat_kv_freq(_kv) (_kv)->kv_v.v_u64 +#define kstat_kv_volts(_kv) (_kv)->kv_v.v_u64 #ifdef _KERNEL diff --git a/usr.bin/awk/b.c b/usr.bin/awk/b.c index 6ab51bae1..543fbf798 100644 --- a/usr.bin/awk/b.c +++ b/usr.bin/awk/b.c @@ -1,4 +1,4 @@ -/* $OpenBSD: b.c,v 1.45 2023/10/30 17:52:54 millert Exp $ */ +/* $OpenBSD: b.c,v 1.47 2023/11/15 18:56:53 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -861,13 +861,15 @@ bool fnematch(fa *pfa, FILE *f, char **pbuf, int *pbufsize, int quantum) j = i++; do { r = getrune(f); - if ((++j + r.len) >= k) { - if (k >= bufsize) - if (!adjbuf(&buf, &bufsize, bufsize+1, quantum, 0, "fnematch")) - FATAL("stream '%.30s...' too long", buf); + if (r.len == 0) { + r.len = 1; // store NUL byte for EOF + } + j += r.len; + if (j >= bufsize) { + if (!adjbuf(&buf, &bufsize, j+1, quantum, 0, "fnematch")) + FATAL("stream '%.30s...' too long", buf); } memcpy(buf + k, r.bytes, r.len); - j += r.len - 1; // incremented next time around the loop k += r.len; if ((ns = get_gototab(pfa, s, r.rune)) != 0) @@ -903,13 +905,10 @@ bool fnematch(fa *pfa, FILE *f, char **pbuf, int *pbufsize, int quantum) * (except for EOF's nullbyte, if present) and null * terminate the buffer. */ - do { - int ii; - for (ii = r.len; ii > 0; ii--) - if (buf[--k] && ungetc(buf[k], f) == EOF) - FATAL("unable to ungetc '%c'", buf[k]); - } while (k > i + patlen); - buf[k] = '\0'; + for (; r.len > 0; r.len--) + if (buf[--k] && ungetc(buf[k], f) == EOF) + FATAL("unable to ungetc '%c'", buf[k]); + buf[k-patlen] = '\0'; return true; } else diff --git a/usr.bin/grep/grep.1 b/usr.bin/grep/grep.1 index 7b5d15b57..3fe35fb7e 100644 --- a/usr.bin/grep/grep.1 +++ b/usr.bin/grep/grep.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: grep.1,v 1.52 2023/01/04 07:33:00 jmc Exp $ +.\" $OpenBSD: grep.1,v 1.53 2023/11/15 00:50:43 millert Exp $ .\" Copyright (c) 1980, 1990, 1993 .\" The Regents of the University of California. All rights reserved. .\" @@ -28,7 +28,7 @@ .\" .\" @(#)grep.1 8.3 (Berkeley) 4/18/94 .\" -.Dd $Mdocdate: January 4 2023 $ +.Dd $Mdocdate: November 15 2023 $ .Dt GREP 1 .Os .Sh NAME @@ -222,9 +222,9 @@ If the standard input is searched, the string .Dq (standard input) is written. .It Fl m Ar num -Stop after +Stop after finding at least one match on .Ar num -matches. +different lines. .It Fl n Each output line is preceded by its relative line number in the file, starting at line 1. diff --git a/usr.bin/grep/util.c b/usr.bin/grep/util.c index c79e3066c..8b423c776 100644 --- a/usr.bin/grep/util.c +++ b/usr.bin/grep/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.67 2022/07/12 18:09:31 op Exp $ */ +/* $OpenBSD: util.c,v 1.68 2023/11/15 00:50:43 millert Exp $ */ /*- * Copyright (c) 1999 James Howard and Dag-Erling Coïdan Smørgrav @@ -197,7 +197,7 @@ static int procline(str_t *l, int nottext) { regmatch_t pmatch = { 0 }; - int c, i, r; + int c, i, r, counted; regoff_t offset; /* size_t will be converted to regoff_t. ssize_t is guaranteed to fit @@ -208,6 +208,7 @@ procline(str_t *l, int nottext) c = 0; i = 0; + counted = 0; if (matchall) { c = 1; goto print; @@ -251,9 +252,11 @@ print: if (vflag) c = !c; - /* Count the matches if we have a match limit */ - if (mflag) + /* Count the matches if there is a match limit (but only once). */ + if (mflag && !counted) { mcount -= c; + counted = 1; + } if (c && binbehave == BIN_FILE_BIN && nottext) return c; /* Binary file */ diff --git a/usr.bin/kstat/kstat.c b/usr.bin/kstat/kstat.c index 0c78b373f..e396e0861 100644 --- a/usr.bin/kstat/kstat.c +++ b/usr.bin/kstat/kstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kstat.c,v 1.11 2022/07/10 19:51:37 kn Exp $ */ +/* $OpenBSD: kstat.c,v 1.13 2023/11/16 03:17:34 dlg Exp $ */ /* * Copyright (c) 2020 David Gwynne @@ -52,6 +52,29 @@ #define SET(_i, _m) ((_i) |= (_m)) #endif +struct fmt_result { + uint64_t val; + unsigned int frac; + unsigned int exp; +}; + +static void +fmt_thing(struct fmt_result *fr, uint64_t val, uint64_t chunk) +{ + unsigned int exp = 0; + uint64_t rem = 0; + + while (val > chunk) { + rem = val % chunk; + val /= chunk; + exp++; + } + + fr->val = val; + fr->exp = exp; + fr->frac = (rem * 1000) / chunk; +} + #define str_is_empty(_str) (*(_str) == '\0') #define DEV_KSTAT "/dev/kstat" @@ -170,6 +193,7 @@ main(int argc, char *argv[]) err(1, "kstat version"); kstat_list(&kt, fd, version, &kfs); + kstat_read(&kt, fd); kstat_print(&kt); if (wait == 0) @@ -351,6 +375,11 @@ strdumpnl(const void *s, size_t len) printf("\n"); } +static const char *si_prefixes[] = { "", "k", "M", "G", "T", "P", "E" }; +#ifdef notyet +static const char *iec_prefixes[] = { "", "Ki", "Mi", "Gi", "Ti", "Pi", "Ei" }; +#endif + static void kstat_kv(const void *d, ssize_t len) { @@ -359,6 +388,7 @@ kstat_kv(const void *d, ssize_t len) ssize_t blen; void (*trailer)(const void *, size_t); double f; + struct fmt_result fr; if (len < (ssize_t)sizeof(*kv)) { warn("short kv (len %zu < size %zu)", len, sizeof(*kv)); @@ -425,6 +455,24 @@ kstat_kv(const void *d, ssize_t len) printf("%.2f degC", (f - 273150000.0) / 1000000.0); break; + case KSTAT_KV_T_FREQ: + fmt_thing(&fr, kstat_kv_freq(kv), 1000); + printf("%llu", fr.val); + if (fr.frac > 10) + printf(".%02u", fr.frac / 10); + printf(" %sHz", si_prefixes[fr.exp]); + break; + + case KSTAT_KV_T_VOLTS_DC: /* uV */ + f = kstat_kv_volts(kv); + printf("%.2f VDC", f / 1000000.0); + break; + + case KSTAT_KV_T_VOLTS_AC: /* uV */ + f = kstat_kv_volts(kv); + printf("%.2f VAC", f / 1000000.0); + break; + default: printf("unknown type %u, stopping\n", kv->kv_type); return; @@ -469,7 +517,6 @@ kstat_list(struct kstat_tree *kt, int fd, unsigned int version, { struct kstat_entry *kse; struct kstat_req *ksreq; - size_t len; uint64_t id = 0; for (;;) { @@ -482,19 +529,12 @@ kstat_list(struct kstat_tree *kt, int fd, unsigned int version, ksreq->ks_version = version; ksreq->ks_id = ++id; - ksreq->ks_datalen = len = 64; /* magic */ - ksreq->ks_data = malloc(len); - if (ksreq->ks_data == NULL) - err(1, "data alloc"); - if (ioctl(fd, KSTATIOC_NFIND_ID, ksreq) == -1) { if (errno == ENOENT) { free(ksreq->ks_data); free(kse); break; } - - kse->serrno = errno; } else id = ksreq->ks_id; @@ -507,18 +547,9 @@ kstat_list(struct kstat_tree *kt, int fd, unsigned int version, if (RBT_INSERT(kstat_tree, kt, kse) != NULL) errx(1, "duplicate kstat entry"); - if (kse->serrno != 0) - continue; - - while (ksreq->ks_datalen > len) { - len = ksreq->ks_datalen; - ksreq->ks_data = realloc(ksreq->ks_data, len); - if (ksreq->ks_data == NULL) - err(1, "data resize (%zu)", len); - - if (ioctl(fd, KSTATIOC_FIND_ID, ksreq) == -1) - err(1, "find id %llu", ksreq->ks_id); - } + ksreq->ks_data = malloc(ksreq->ks_datalen); + if (ksreq->ks_data == NULL) + err(1, "kstat data alloc"); } } @@ -534,7 +565,8 @@ kstat_print(struct kstat_tree *kt) ksreq->ks_provider, ksreq->ks_instance, ksreq->ks_name, ksreq->ks_unit); if (kse->serrno != 0) { - printf("\t%s\n", strerror(kse->serrno)); + printf("\tkstat read error: %s\n", + strerror(kse->serrno)); continue; } switch (ksreq->ks_type) { @@ -560,9 +592,10 @@ kstat_read(struct kstat_tree *kt, int fd) struct kstat_req *ksreq; RBT_FOREACH(kse, kstat_tree, kt) { + kse->serrno = 0; ksreq = &kse->kstat; if (ioctl(fd, KSTATIOC_FIND_ID, ksreq) == -1) - err(1, "update id %llu", ksreq->ks_id); + kse->serrno = errno; } } diff --git a/usr.bin/openssl/pkcs12.c b/usr.bin/openssl/pkcs12.c index aedae640e..c6f0476fc 100644 --- a/usr.bin/openssl/pkcs12.c +++ b/usr.bin/openssl/pkcs12.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */ +/* $OpenBSD: pkcs12.c,v 1.26 2023/11/19 09:29:11 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -1010,15 +1010,18 @@ get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **out_chain) static int alg_print(BIO *x, const X509_ALGOR *alg) { - PBEPARAM *pbe; - const unsigned char *p; + PBEPARAM *pbe = NULL; + const ASN1_OBJECT *aobj; + int param_type; + const void *param; - p = alg->parameter->value.sequence->data; - pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); + X509_ALGOR_get0(&aobj, ¶m_type, ¶m, alg); + if (param_type == V_ASN1_SEQUENCE) + pbe = ASN1_item_unpack(param, &PBEPARAM_it); if (pbe == NULL) return 1; BIO_printf(bio_err, "%s, Iteration %ld\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), + OBJ_nid2ln(OBJ_obj2nid(aobj)), ASN1_INTEGER_get(pbe->iter)); PBEPARAM_free(pbe); return 1; diff --git a/usr.bin/openssl/ts.c b/usr.bin/openssl/ts.c index 84008183e..c62f1dd6b 100644 --- a/usr.bin/openssl/ts.c +++ b/usr.bin/openssl/ts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.c,v 1.26 2023/03/06 14:32:06 tb Exp $ */ +/* $OpenBSD: ts.c,v 1.27 2023/11/19 09:19:54 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -599,7 +599,7 @@ create_query(BIO *data_bio, char *digest, const EVP_MD *md, const char *policy, TS_MSG_IMPRINT *msg_imprint = NULL; X509_ALGOR *algo = NULL; unsigned char *data = NULL; - ASN1_OBJECT *policy_obj = NULL; + ASN1_OBJECT *md_obj = NULL, *policy_obj = NULL; ASN1_INTEGER *nonce_asn1 = NULL; /* Setting default message digest. */ @@ -621,11 +621,14 @@ create_query(BIO *data_bio, char *digest, const EVP_MD *md, const char *policy, /* Adding algorithm. */ if ((algo = X509_ALGOR_new()) == NULL) goto err; - if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL) + if ((md_obj = OBJ_nid2obj(EVP_MD_type(md))) == NULL) goto err; - if ((algo->parameter = ASN1_TYPE_new()) == NULL) + /* + * This does not use X509_ALGOR_set_md() for historical reasons. + * See the comment in PKCS7_SIGNER_INFO_set() for details. + */ + if (!X509_ALGOR_set0(algo, md_obj, V_ASN1_NULL, NULL)) goto err; - algo->parameter->type = V_ASN1_NULL; if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) goto err; diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 1b310e3c6..7c611bc37 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.433 2023/09/04 00:01:46 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.434 2023/11/15 22:51:49 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -886,6 +886,23 @@ channel_still_open(struct ssh *ssh) return 0; } +/* Returns true if a channel with a TTY is open. */ +int +channel_tty_open(struct ssh *ssh) +{ + u_int i; + Channel *c; + + for (i = 0; i < ssh->chanctxt->channels_alloc; i++) { + c = ssh->chanctxt->channels[i]; + if (c == NULL || c->type != SSH_CHANNEL_OPEN) + continue; + if (c->client_tty) + return 1; + } + return 0; +} + /* Returns the id of an open channel suitable for keepaliving */ int channel_find_open(struct ssh *ssh) diff --git a/usr.bin/ssh/channels.h b/usr.bin/ssh/channels.h index 7cfba92a8..b8c888358 100644 --- a/usr.bin/ssh/channels.h +++ b/usr.bin/ssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.152 2023/09/04 00:01:46 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.153 2023/11/15 22:51:49 djm Exp $ */ /* * Author: Tatu Ylonen @@ -337,6 +337,7 @@ int channel_output_poll(struct ssh *); int channel_not_very_much_buffered_data(struct ssh *); void channel_close_all(struct ssh *); int channel_still_open(struct ssh *); +int channel_tty_open(struct ssh *); const char *channel_format_extended_usage(const Channel *); char *channel_open_message(struct ssh *); int channel_find_open(struct ssh *); diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index deebbbac0..ffa0facaf 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.400 2023/10/12 02:12:53 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.401 2023/11/15 22:51:49 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -580,7 +580,7 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout, if (options.obscure_keystroke_timing_interval <= 0) return 1; /* disabled in config */ - if (!channel_still_open(ssh) || quit_pending) { + if (!channel_tty_open(ssh) || quit_pending) { /* Stop if no channels left of we're waiting for one to close */ stop_reason = "no active channels"; } else if (ssh_packet_is_rekeying(ssh)) { diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index a0ff05518..a47c8f76b 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.363 2023/03/10 07:17:08 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.364 2023/11/15 23:03:38 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -459,6 +459,14 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, errno = oerrno; continue; } + if (options.address_family != AF_UNSPEC && + ai->ai_family != options.address_family) { + debug2_f("skipping address [%s]:%s: " + "wrong address family", ntop, strport); + errno = 0; + continue; + } + debug("Connecting to %.200s [%.100s] port %s.", host, ntop, strport); diff --git a/usr.bin/tmux/arguments.c b/usr.bin/tmux/arguments.c index a13965bad..04b859fa1 100644 --- a/usr.bin/tmux/arguments.c +++ b/usr.bin/tmux/arguments.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arguments.c,v 1.61 2023/11/14 15:59:49 nicm Exp $ */ +/* $OpenBSD: arguments.c,v 1.62 2023/11/14 20:01:11 nicm Exp $ */ /* * Copyright (c) 2010 Nicholas Marriott @@ -789,7 +789,8 @@ args_make_commands_prepare(struct cmd *self, struct cmdq_item *item, u_int idx, if (wait) state->pi.item = item; cmd_get_source(self, &file, &state->pi.line); - state->pi.file = xstrdup(file); + if (file != NULL) + state->pi.file = xstrdup(file); state->pi.c = tc; if (state->pi.c != NULL) state->pi.c->references++; diff --git a/usr.sbin/fw_update/fw_update.sh b/usr.sbin/fw_update/fw_update.sh index 10b4d34ea..ce4929c70 100644 --- a/usr.sbin/fw_update/fw_update.sh +++ b/usr.sbin/fw_update/fw_update.sh @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: fw_update.sh,v 1.51 2023/10/14 18:10:47 afresh1 Exp $ +# $OpenBSD: fw_update.sh,v 1.55 2023/11/15 02:07:43 afresh1 Exp $ # # Copyright (c) 2021,2023 Andrew Hewus Fresh # @@ -60,7 +60,8 @@ cleanup() { if [ -d "$FD_DIR" ]; then echo "" >&"$STATUS_FD" - exec 4>&- + ((STATUS_FD == 3)) && exec 3>&- + ((WARN_FD == 4)) && exec 4>&- [ -s "$FD_DIR/status" ] && cat "$FD_DIR/status" [ -s "$FD_DIR/warn" ] && cat "$FD_DIR/warn" >&2 @@ -107,21 +108,24 @@ spin() { fetch() { local _src="${FWURL}/${1##*/}" _dst=$1 _user=_file _exit _error='' + local _ftp_errors="$FD_DIR/ftp_errors" + rm -f "$_ftp_errors" # The installer uses a limited doas(1) as a tiny su(1) set -o monitor # make sure ftp gets its own process group ( _flags=-vm case "$VERBOSE" in - 0|1) _flags=-VM ;; + 0|1) _flags=-VM ; exec 2>"$_ftp_errors" ;; 2) _flags=-Vm ;; esac + if [ -x /usr/bin/su ]; then exec /usr/bin/su -s /bin/ksh "$_user" -c \ - "/usr/bin/ftp -N '${0##/}' -D 'Get/Verify' $_flags -o- '$_src'" > "$_dst" + "/usr/bin/ftp -N error -D 'Get/Verify' $_flags -o- '$_src'" > "$_dst" else exec /usr/bin/doas -u "$_user" \ - /usr/bin/ftp -N "${0##/}" -D 'Get/Verify' $_flags -o- "$_src" > "$_dst" + /usr/bin/ftp -N error -D 'Get/Verify' $_flags -o- "$_src" > "$_dst" fi ) & FTPPID=$! set +o monitor @@ -151,13 +155,34 @@ fetch() { unset FTPPID - if [ "$_exit" -ne 0 ]; then + if ((_exit != 0)); then rm -f "$_dst" + + # ftp doesn't provide useful exit codes + # so we have to grep its STDERR. + # _exit=2 means don't keep trying + _exit=2 + + # If it was 404, we might succeed at another file + if [ -s "$_ftp_errors" ] && \ + grep -q "404 Not Found" "$_ftp_errors"; then + _exit=1 + _error=" (404 Not Found)" + rm -f "$_ftp_errors" + fi + warn "Cannot fetch $_src$_error" - return 1 fi - return 0 + # If we have ftp errors, print them out, + # removing any cntrl characters (like 0x0d), + # and any leading blank lines. + if [ -s "$_ftp_errors" ]; then + sed -e 's/[[:cntrl:]]//g' \ + -e '/./,$!d' "$_ftp_errors" >&"$WARN_FD" + fi + + return "$_exit" } # If we fail to fetch the CFILE, we don't want to try again @@ -165,12 +190,12 @@ fetch() { # a blank file indicating failure. check_cfile() { if [ -e "$CFILE" ]; then - [ -s "$CFILE" ] || return 1 + [ -s "$CFILE" ] || return 2 return 0 fi if ! fetch_cfile; then echo -n > "$CFILE" - return 1 + return 2 fi return 0 } @@ -180,9 +205,12 @@ fetch_cfile() { set +o noclobber # we want to get the latest CFILE fetch "$CFILE" || return 1 set -o noclobber - ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m /dev/null && - warn "Signature check of SHA256.sig failed" && - rm -f "$CFILE" && return 1 + signify -qVep "$FWPUB_KEY" -x "$CFILE" -m /dev/null \ + 2>&"$WARN_FD" || { + warn "Signature check of SHA256.sig failed" + rm -f "$CFILE" + return 1 + } elif [ ! -e "$CFILE" ]; then warn "${0##*/}: $CFILE: No such file or directory" return 1 @@ -192,7 +220,7 @@ fetch_cfile() { } verify() { - check_cfile || return 1 + check_cfile || return $? # The installer sha256 lacks -C, do it by hand if ! grep -Fqx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )" "$CFILE" then @@ -207,7 +235,7 @@ verify() { # if VERBOSE is 0, don't show the checksum failure of an existing file. verify_existing() { local _v=$VERBOSE - check_cfile || return 1 + check_cfile || return $? ((_v == 0)) && "$DOWNLOAD" && _v=1 ( VERBOSE=$_v verify "$@" ) @@ -242,7 +270,7 @@ firmware_in_dmesg() { } firmware_filename() { - check_cfile || return 1 + check_cfile || return $? sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d' } @@ -253,6 +281,7 @@ firmware_devicename() { } lock_db() { + local _waited [ "${LOCKPID:-}" ] && return 0 # The installer doesn't have perl, so we can't lock there @@ -267,9 +296,22 @@ lock_db() { $|=1; $0 = "fw_update: lock_db"; - lock_db(0); + my $waited = 0; + package OpenBSD::FwUpdateState { + use parent 'OpenBSD::BaseState'; + sub errprint ($self, @p) { + if ($p[0] && $p[0] =~ /already locked/) { + $waited++; + $p[0] = " " . $p[0] + if !$ENV{VERBOSE}; + } + $self->SUPER::errprint(@p); + } - say $$; + } + lock_db(0, 'OpenBSD::FwUpdateState'); + + say "$$ $waited"; # Wait for STDOUT to be readable, which won't happen # but if our parent exits unexpectedly it will close. @@ -279,7 +321,11 @@ lock_db() { EOL set +o monitor - read -rp LOCKPID + read -rp LOCKPID _waited + + if ((_waited)); then + ! ((VERBOSE)) && status "${0##*/}:" + fi return 0 } @@ -334,8 +380,11 @@ add_firmware () { -s ",^firmware,${DESTDIR}/etc/firmware," \ -C / -zxphf - "+*" "firmware/*" - _pkg="$( sed -n '/^@name /{s///p;q;}' "${FWPKGTMP}/+CONTENTS" )" - if [ ! "$_pkg" ]; then + + [ -s "${FWPKGTMP}/+CONTENTS" ] && + _pkg="$( sed -n '/^@name /{s///p;q;}' "${FWPKGTMP}/+CONTENTS" )" + + if [ ! "${_pkg:-}" ]; then warn "Failed to extract name from $1, partial install" rm -rf "$FWPKGTMP" unset FWPKGTMP @@ -500,23 +549,17 @@ fi set -sA devices -- "$@" -# In the normal case, we output the status line piecemeal -# so we save warnings to output at the end to not disrupt -# the single line status. -# Actual errors from things like ftp will stil interrupt, -# but it's impossible to know if it's a message people need -# to see now or something that can wait. -# In the verbose case, we instead print out single lines -# or progress bars for each thing we are doing, -# so instead we save up the final status line for the end. FD_DIR="$( tmpdir "${DESTDIR}/tmp/${0##*/}-fd" )" +# When being verbose, save the status line for the end. if ((VERBOSE)); then - exec 4>"${FD_DIR}/status" - STATUS_FD=4 -else - exec 4>"${FD_DIR}/warn" - WARN_FD=4 + exec 3>"${FD_DIR}/status" + STATUS_FD=3 fi +# Control "warning" messages to avoid the middle of a line. +# Things that we don't expect to send to STDERR +# still go there so the output, while it may be ugly, isn't lost +exec 4>"${FD_DIR}/warn" +WARN_FD=4 status "${0##*/}:" @@ -560,7 +603,10 @@ if "$DELETE"; then if "$DRYRUN"; then ((VERBOSE)) && echo "Delete $fw" else - delete_firmware "$fw" || continue + delete_firmware "$fw" || { + status " ($fw failed)" + continue + } fi done fi @@ -599,7 +645,18 @@ if [ "${devices[*]:-}" ]; then verify_existing=true if [ "$f" = "$d" ]; then - f=$( firmware_filename "$d" ) || continue + f=$( firmware_filename "$d" ) || { + # Fetching the CFILE here is often the + # first attempt to talk to FWURL + # If it fails, no point in continuing. + if (($? > 1)); then + status " failed." + exit 1 + fi + + # otherwise we can try the next firmware + continue + } if [ ! "$f" ]; then if "$INSTALL" && unregister_firmware "$d"; then unregister="$unregister,$d" @@ -717,11 +774,20 @@ for f in "${add[@]}" _update_ "${update[@]}"; do fi fetch "$f" && verify "$f" || { - if "$pending_status"; then - echo " failed." - elif ! ((VERBOSE)); then - status " failed (${f##*/})" + integer e=$? + + "$pending_status" && echo " failed." + status " failed (${f##*/})" + + if ((VERBOSE)) && [ -s "$FD_DIR/warn" ]; then + cat "$FD_DIR/warn" >&2 + rm -f "$FD_DIR/warn" fi + + # Fetch or verify exited > 1 + # which means we don't keep trying. + ((e > 1)) && exit 1 + continue } fi @@ -740,22 +806,19 @@ for f in "${add[@]}" _update_ "${update[@]}"; do for i in $( installed_firmware '' "$d-firmware-" '*' ) do delete_firmware "$i" || { - if "$pending_status"; then - echo " failed." - elif ! ((VERBOSE)); then - status " failed ($i)" - fi + "$pending_status" && + echo -n " (remove $i failed)" + status " (remove $i failed)" + continue } + #status " (removed $i)" done fi add_firmware "$f" "$action" || { - if "$pending_status"; then - echo " failed." - elif ! ((VERBOSE)); then - status " failed (${f##*/})" - fi + "$pending_status" && echo " failed." + status " failed (${f##*/})" continue } fi diff --git a/usr.sbin/ikectl/ikeca.cnf b/usr.sbin/ikectl/ikeca.cnf index 47207ac7d..86ae67add 100644 --- a/usr.sbin/ikectl/ikeca.cnf +++ b/usr.sbin/ikectl/ikeca.cnf @@ -1,4 +1,4 @@ -# $OpenBSD: ikeca.cnf,v 1.9 2017/01/31 21:35:07 sthen Exp $ +# $OpenBSD: ikeca.cnf,v 1.10 2023/11/17 14:43:36 tobhe Exp $ CERT_C = DE CERT_ST = Lower Saxony @@ -104,6 +104,6 @@ serial = $ENV::CASERIAL default_md = sha256 default_days = 365 default_crl_days = 365 -unique_subject = yes +unique_subject = no email_in_dn = yes policy = CA_sign_policy diff --git a/usr.sbin/ntpd/ntp.h b/usr.sbin/ntpd/ntp.h index fd35bf937..20d67f31d 100644 --- a/usr.sbin/ntpd/ntp.h +++ b/usr.sbin/ntpd/ntp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ntp.h,v 1.14 2020/01/30 15:55:41 otto Exp $ */ +/* $OpenBSD: ntp.h,v 1.15 2023/11/15 15:52:09 otto Exp $ */ /* * Copyright (c) 2004 Henning Brauer @@ -43,11 +43,13 @@ struct l_fixedpt { u_int32_t int_partl; u_int32_t fractionl; }; +#define L_DENOMINATOR (UINT32_MAX + 1ULL) struct s_fixedpt { u_int16_t int_parts; u_int16_t fractions; }; +#define S_DENOMINATOR (UINT16_MAX + 1) /* RFC Section 4 * diff --git a/usr.sbin/ntpd/util.c b/usr.sbin/ntpd/util.c index bbac1c55a..ae4a9a6c2 100644 --- a/usr.sbin/ntpd/util.c +++ b/usr.sbin/ntpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.25 2020/01/30 15:55:41 otto Exp $ */ +/* $OpenBSD: util.c,v 1.27 2023/11/19 10:41:25 claudio Exp $ */ /* * Copyright (c) 2004 Alexander Guy @@ -18,6 +18,7 @@ #include #include +#include #include #include #include @@ -96,7 +97,7 @@ lfp_to_d(struct l_fixedpt lfp) if (lfp.int_partl <= INT32_MAX) base++; ret = base * SECS_IN_ERA; - ret += (double)(lfp.int_partl) + ((double)lfp.fractionl / UINT_MAX); + ret += (double)(lfp.int_partl) + ((double)lfp.fractionl / L_DENOMINATOR); return (ret); } @@ -109,7 +110,7 @@ d_to_lfp(double d) while (d > SECS_IN_ERA) d -= SECS_IN_ERA; lfp.int_partl = htonl((u_int32_t)d); - lfp.fractionl = htonl((u_int32_t)((d - (u_int32_t)d) * UINT_MAX)); + lfp.fractionl = htonl((u_int32_t)((d - (u_int32_t)d) * L_DENOMINATOR)); return (lfp); } @@ -122,7 +123,7 @@ sfp_to_d(struct s_fixedpt sfp) sfp.int_parts = ntohs(sfp.int_parts); sfp.fractions = ntohs(sfp.fractions); - ret = (double)(sfp.int_parts) + ((double)sfp.fractions / USHRT_MAX); + ret = (double)(sfp.int_parts) + ((double)sfp.fractions / S_DENOMINATOR); return (ret); } @@ -133,7 +134,7 @@ d_to_sfp(double d) struct s_fixedpt sfp; sfp.int_parts = htons((u_int16_t)d); - sfp.fractions = htons((u_int16_t)((d - (u_int16_t)d) * USHRT_MAX)); + sfp.fractions = htons((u_int16_t)((d - (u_int16_t)d) * S_DENOMINATOR)); return (sfp); } diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c index d4d3fe4c4..9ada6c8ee 100644 --- a/usr.sbin/rpki-client/crl.c +++ b/usr.sbin/rpki-client/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.28 2023/10/19 17:05:54 job Exp $ */ +/* $OpenBSD: crl.c,v 1.29 2023/11/16 11:17:52 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -32,7 +32,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len) const X509_ALGOR *palg; const ASN1_OBJECT *cobj; const ASN1_TIME *at; - int nid, rc = 0; + int count, nid, rc = 0; /* just fail for empty buffers, the warning was printed elsewhere */ if (der == NULL) @@ -73,8 +73,21 @@ crl_parse(const char *fn, const unsigned char *der, size_t len) goto out; } + /* + * RFC 6487, section 5: AKI and crlNumber MUST be present, no other + * CRL extensions are allowed. + */ if ((crl->aki = x509_crl_get_aki(crl->x509_crl, fn)) == NULL) { - warnx("x509_crl_get_aki failed"); + warnx("%s: x509_crl_get_aki failed", fn); + goto out; + } + if ((crl->number = x509_crl_get_number(crl->x509_crl, fn)) == NULL) { + warnx("%s: x509_crl_get_number failed", fn); + goto out; + } + if ((count = X509_CRL_get_ext_count(crl->x509_crl)) != 2) { + warnx("%s: RFC 6487 section 5: unexpected number of extensions " + "%d != 2", fn, count); goto out; } @@ -141,6 +154,7 @@ crl_free(struct crl *crl) if (crl == NULL) return; free(crl->aki); + free(crl->number); X509_CRL_free(crl->x509_crl); free(crl); } diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 52df7f8e0..e33c0e101 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.193 2023/10/13 12:06:49 job Exp $ */ +/* $OpenBSD: extern.h,v 1.194 2023/11/16 11:10:59 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -432,6 +432,7 @@ RB_PROTOTYPE(brk_tree, brk, entry, brkcmp); struct crl { RB_ENTRY(crl) entry; char *aki; + char *number; X509_CRL *x509_crl; time_t lastupdate; /* do not use before */ time_t nextupdate; /* do not use after */ @@ -847,6 +848,7 @@ int x509_get_notbefore(X509 *, const char *, time_t *); int x509_get_notafter(X509 *, const char *, time_t *); int x509_get_crl(X509 *, const char *, char **); char *x509_crl_get_aki(X509_CRL *, const char *); +char *x509_crl_get_number(X509_CRL *, const char *); char *x509_get_pubkey(X509 *, const char *); enum cert_purpose x509_get_purpose(X509 *, const char *); int x509_get_time(const ASN1_TIME *, time_t *); diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c index cfa5c77a8..bcd688f67 100644 --- a/usr.sbin/rpki-client/print.c +++ b/usr.sbin/rpki-client/print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print.c,v 1.43 2023/07/19 21:49:30 job Exp $ */ +/* $OpenBSD: print.c,v 1.44 2023/11/16 11:18:47 tb Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -327,7 +327,6 @@ crl_print(const struct crl *p) { STACK_OF(X509_REVOKED) *revlist; X509_REVOKED *rev; - ASN1_INTEGER *crlnum; X509_NAME *xissuer; int i; char *issuer, *serial; @@ -341,20 +340,16 @@ crl_print(const struct crl *p) xissuer = X509_CRL_get_issuer(p->x509_crl); issuer = X509_NAME_oneline(xissuer, NULL, 0); - crlnum = X509_CRL_get_ext_d2i(p->x509_crl, NID_crl_number, NULL, NULL); - serial = x509_convert_seqnum(__func__, crlnum); - if (issuer != NULL && serial != NULL) { + if (issuer != NULL && p->number != NULL) { if (outformats & FORMAT_JSON) { json_do_string("crl_issuer", issuer); - json_do_string("crl_serial", serial); + json_do_string("crl_serial", p->number); } else { printf("CRL issuer: %s\n", issuer); - printf("CRL serial number: %s\n", serial); + printf("CRL serial number: %s\n", p->number); } } free(issuer); - free(serial); - ASN1_INTEGER_free(crlnum); if (outformats & FORMAT_JSON) { json_do_int("valid_since", p->lastupdate); diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c index 9a3b637a0..5a06568f2 100644 --- a/usr.sbin/rpki-client/x509.c +++ b/usr.sbin/rpki-client/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.74 2023/09/12 09:33:30 job Exp $ */ +/* $OpenBSD: x509.c,v 1.75 2023/11/16 11:10:59 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Claudio Jeker @@ -805,6 +805,36 @@ out: return res; } +/* + * Retrieve CRL Number extension. Returns a printable hexadecimal representation + * of the number which has to be freed after use. + */ +char * +x509_crl_get_number(X509_CRL *crl, const char *fn) +{ + ASN1_INTEGER *aint; + int crit; + char *res = NULL; + + aint = X509_CRL_get_ext_d2i(crl, NID_crl_number, &crit, NULL); + if (aint == NULL) { + warnx("%s: RFC 6487 section 5: CRL Number missing", fn); + return NULL; + } + if (crit != 0) { + warnx("%s: RFC 5280, section 5.2.3: " + "CRL Number not non-critical", fn); + goto out; + } + + /* This checks that the number is non-negative and <= 20 bytes. */ + res = x509_convert_seqnum(fn, aint); + + out: + ASN1_INTEGER_free(aint); + return res; +} + /* * Convert passed ASN1_TIME to time_t *t. * Returns 1 on success and 0 on failure. diff --git a/usr.sbin/smtpd/dns.c b/usr.sbin/smtpd/dns.c index dc7987aa2..b1b49ea75 100644 --- a/usr.sbin/smtpd/dns.c +++ b/usr.sbin/smtpd/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.91 2023/11/08 08:46:34 op Exp $ */ +/* $OpenBSD: dns.c,v 1.92 2023/11/16 10:23:21 op Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -263,7 +263,8 @@ dns_dispatch_mx(struct asr_result *ar, void *arg) print_dname(rr.rr.mx.exchange, buf, sizeof(buf)); buf[strlen(buf) - 1] = '\0'; - if (rr.rr.mx.preference == 0 && !strcmp(buf, "")) { + if ((rr.rr.mx.preference == 0 && !strcmp(buf, "")) || + !strcmp(buf, "localhost")) { nullmx = 1; continue; } diff --git a/usr.sbin/snmpd/application.c b/usr.sbin/snmpd/application.c index b25a3ec9c..912336fe3 100644 --- a/usr.sbin/snmpd/application.c +++ b/usr.sbin/snmpd/application.c @@ -1,4 +1,4 @@ -/* $OpenBSD: application.c,v 1.37 2023/11/13 10:14:29 martijn Exp $ */ +/* $OpenBSD: application.c,v 1.40 2023/11/16 14:35:25 martijn Exp $ */ /* * Copyright (c) 2021 Martijn van Duren @@ -257,7 +257,7 @@ appl_addagentcaps(const char *ctxname, struct ber_oid *oid, const char *descr, return APPL_ERROR_UNSUPPORTEDCONTEXT; } - if ((cap = malloc(sizeof(*ctx))) == NULL) { + if ((cap = malloc(sizeof(*cap))) == NULL) { log_warn("%s: Can't add agent capabilities %s", backend->ab_name, oidbuf); return APPL_ERROR_PROCESSINGERROR; @@ -919,15 +919,11 @@ appl_processpdu(struct snmp_message *statereference, const char *ctxname, &(ureq->aru_vblist[i].avi_varbind.av_oid)); ureq->aru_vblist[i].avi_origid = ureq->aru_vblist[i].avi_varbind.av_oid; - if (i + 1 < ureq->aru_varbindlen) { - ureq->aru_vblist[i].avi_next = - &(ureq->aru_vblist[i + 1]); + if (i + 1 < varbindlen) ureq->aru_vblist[i].avi_varbind.av_next = &(ureq->aru_vblist[i + 1].avi_varbind); - } else { - ureq->aru_vblist[i].avi_next = NULL; + else ureq->aru_vblist[i].avi_varbind.av_next = NULL; - } varbind = varbind->be_next; } @@ -1368,6 +1364,8 @@ appl_response(struct appl_backend *backend, int32_t requestid, origvb->avi_state == APPL_VBSTATE_DONE) { origvb->avi_sub->avi_varbind.av_oid = origvb->avi_varbind.av_oid; + origvb->avi_sub->avi_origid = + origvb->avi_varbind.av_oid; origvb->avi_sub->avi_state = APPL_VBSTATE_NEW; } origvb = origvb->avi_next; @@ -1663,9 +1661,11 @@ appl_varbind_backend(struct appl_varbind_internal *ivb) ivb->avi_state = APPL_VBSTATE_DONE; if (ivb->avi_varbind.av_value == NULL) return -1; - if (ivb->avi_sub != NULL) + if (ivb->avi_sub != NULL) { ivb->avi_sub->avi_varbind.av_oid = ivb->avi_varbind.av_oid; + ivb->avi_sub->avi_origid = ivb->avi_origid; + } ivb = ivb->avi_sub; } while (ivb != NULL);