SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

This commit is contained in:
purplerain 2024-03-24 19:30:40 +00:00
parent 2debf29dc6
commit fa20b4dfa4
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
29 changed files with 243 additions and 1137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/libcrypto/cryptlib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cryptlib.c,v 1.48 2024/03/02 11:37:13 tb Exp $ */
/* $OpenBSD: cryptlib.c,v 1.49 2024/03/24 06:48:03 tb Exp $ */
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
@ -283,28 +283,24 @@ CRYPTO_THREADID_current(CRYPTO_THREADID *id)
memset(id, 0, sizeof(*id));
id->val = (unsigned long)pthread_self();
}
LCRYPTO_ALIAS(CRYPTO_THREADID_current);
int
CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b)
{
return memcmp(a, b, sizeof(*a));
}
LCRYPTO_ALIAS(CRYPTO_THREADID_cmp);
void
CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src)
{
memcpy(dest, src, sizeof(*src));
}
LCRYPTO_ALIAS(CRYPTO_THREADID_cpy);
unsigned long
CRYPTO_THREADID_hash(const CRYPTO_THREADID *id)
{
return id->val;
}
LCRYPTO_ALIAS(CRYPTO_THREADID_hash);
#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
defined(__INTEL__) || \

669
lib/libcrypto/ec/ec_curve.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_curve.c,v 1.42 2023/07/07 13:54:45 beck Exp $ */
/* $OpenBSD: ec_curve.c,v 1.43 2024/03/24 06:05:41 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@ -1790,502 +1790,6 @@ static const struct {
},
};
#ifndef OPENSSL_NO_GOST
static const struct {
uint8_t p[32];
uint8_t a[32];
uint8_t b[32];
uint8_t x[32];
uint8_t y[32];
uint8_t order[32];
} _EC_GOST_2001_Test = {
.p = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x04, 0x31,
},
.a = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x07,
},
.b = {
0x5f, 0xbf, 0xf4, 0x98, 0xaa, 0x93, 0x8c, 0xe7, 0x39, 0xb8,
0xe0, 0x22, 0xfb, 0xaf, 0xef, 0x40, 0x56, 0x3f, 0x6e, 0x6a,
0x34, 0x72, 0xfc, 0x2a, 0x51, 0x4c, 0x0c, 0xe9, 0xda, 0xe2,
0x3b, 0x7e,
},
.x = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x02,
},
.y = {
0x08, 0xe2, 0xa8, 0xa0, 0xe6, 0x51, 0x47, 0xd4, 0xbd, 0x63,
0x16, 0x03, 0x0e, 0x16, 0xd1, 0x9c, 0x85, 0xc9, 0x7f, 0x0a,
0x9c, 0xa2, 0x67, 0x12, 0x2b, 0x96, 0xab, 0xbc, 0xea, 0x7e,
0x8f, 0xc8,
},
.order = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x50, 0xfe, 0x8a, 0x18,
0x92, 0x97, 0x61, 0x54, 0xc5, 0x9c, 0xfc, 0x19, 0x3a, 0xcc,
0xf5, 0xb3,
},
};
static const struct {
uint8_t p[32];
uint8_t a[32];
uint8_t b[32];
uint8_t x[32];
uint8_t y[32];
uint8_t order[32];
} _EC_GOST_2001_CryptoPro_A = {
.p = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xfd, 0x97,
},
.a = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xfd, 0x94,
},
.b = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0xa6,
},
.x = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x01,
},
.y = {
0x8d, 0x91, 0xe4, 0x71, 0xe0, 0x98, 0x9c, 0xda, 0x27, 0xdf,
0x50, 0x5a, 0x45, 0x3f, 0x2b, 0x76, 0x35, 0x29, 0x4f, 0x2d,
0xdf, 0x23, 0xe3, 0xb1, 0x22, 0xac, 0xc9, 0x9c, 0x9e, 0x9f,
0x1e, 0x14,
},
.order = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x6c, 0x61, 0x10, 0x70,
0x99, 0x5a, 0xd1, 0x00, 0x45, 0x84, 0x1b, 0x09, 0xb7, 0x61,
0xb8, 0x93,
},
};
static const struct {
uint8_t p[32];
uint8_t a[32];
uint8_t b[32];
uint8_t x[32];
uint8_t y[32];
uint8_t order[32];
} _EC_GOST_2001_CryptoPro_B = {
.p = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x0c, 0x99,
},
.a = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x0c, 0x96,
},
.b = {
0x3e, 0x1a, 0xf4, 0x19, 0xa2, 0x69, 0xa5, 0xf8, 0x66, 0xa7,
0xd3, 0xc2, 0x5c, 0x3d, 0xf8, 0x0a, 0xe9, 0x79, 0x25, 0x93,
0x73, 0xff, 0x2b, 0x18, 0x2f, 0x49, 0xd4, 0xce, 0x7e, 0x1b,
0xbc, 0x8b,
},
.x = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x01,
},
.y = {
0x3f, 0xa8, 0x12, 0x43, 0x59, 0xf9, 0x66, 0x80, 0xb8, 0x3d,
0x1c, 0x3e, 0xb2, 0xc0, 0x70, 0xe5, 0xc5, 0x45, 0xc9, 0x85,
0x8d, 0x03, 0xec, 0xfb, 0x74, 0x4b, 0xf8, 0xd7, 0x17, 0x71,
0x7e, 0xfc,
},
.order = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x5f, 0x70, 0x0c, 0xff,
0xf1, 0xa6, 0x24, 0xe5, 0xe4, 0x97, 0x16, 0x1b, 0xcc, 0x8a,
0x19, 0x8f,
},
};
static const struct {
uint8_t p[32];
uint8_t a[32];
uint8_t b[32];
uint8_t x[32];
uint8_t y[32];
uint8_t order[32];
} _EC_GOST_2001_CryptoPro_C = {
.p = {
0x9b, 0x9f, 0x60, 0x5f, 0x5a, 0x85, 0x81, 0x07, 0xab, 0x1e,
0xc8, 0x5e, 0x6b, 0x41, 0xc8, 0xaa, 0xcf, 0x84, 0x6e, 0x86,
0x78, 0x90, 0x51, 0xd3, 0x79, 0x98, 0xf7, 0xb9, 0x02, 0x2d,
0x75, 0x9b,
},
.a = {
0x9b, 0x9f, 0x60, 0x5f, 0x5a, 0x85, 0x81, 0x07, 0xab, 0x1e,
0xc8, 0x5e, 0x6b, 0x41, 0xc8, 0xaa, 0xcf, 0x84, 0x6e, 0x86,
0x78, 0x90, 0x51, 0xd3, 0x79, 0x98, 0xf7, 0xb9, 0x02, 0x2d,
0x75, 0x98,
},
.b = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x5a,
},
.x = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00,
},
.y = {
0x41, 0xec, 0xe5, 0x57, 0x43, 0x71, 0x1a, 0x8c, 0x3c, 0xbf,
0x37, 0x83, 0xcd, 0x08, 0xc0, 0xee, 0x4d, 0x4d, 0xc4, 0x40,
0xd4, 0x64, 0x1a, 0x8f, 0x36, 0x6e, 0x55, 0x0d, 0xfd, 0xb3,
0xbb, 0x67,
},
.order = {
0x9b, 0x9f, 0x60, 0x5f, 0x5a, 0x85, 0x81, 0x07, 0xab, 0x1e,
0xc8, 0x5e, 0x6b, 0x41, 0xc8, 0xaa, 0x58, 0x2c, 0xa3, 0x51,
0x1e, 0xdd, 0xfb, 0x74, 0xf0, 0x2f, 0x3a, 0x65, 0x98, 0x98,
0x0b, 0xb9,
},
};
/*
* This curve is defined in two birationally equal forms: canonical and Twisted
* Edwards. We do calculations in canonical (Weierstrass) form.
*/
static const struct {
uint8_t p[32];
uint8_t a[32];
uint8_t b[32];
uint8_t x[32];
uint8_t y[32];
uint8_t order[32];
} _EC_GOST_2012_256_TC26_A = {
.p = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xfd, 0x97,
},
.a = {
0xc2, 0x17, 0x3f, 0x15, 0x13, 0x98, 0x16, 0x73, 0xaf, 0x48,
0x92, 0xc2, 0x30, 0x35, 0xa2, 0x7c, 0xe2, 0x5e, 0x20, 0x13,
0xbf, 0x95, 0xaa, 0x33, 0xb2, 0x2c, 0x65, 0x6f, 0x27, 0x7e,
0x73, 0x35,
},
.b = {
0x29, 0x5f, 0x9b, 0xae, 0x74, 0x28, 0xed, 0x9c, 0xcc, 0x20,
0xe7, 0xc3, 0x59, 0xa9, 0xd4, 0x1a, 0x22, 0xfc, 0xcd, 0x91,
0x08, 0xe1, 0x7b, 0xf7, 0xba, 0x93, 0x37, 0xa6, 0xf8, 0xae,
0x95, 0x13,
},
.x = {
0x91, 0xe3, 0x84, 0x43, 0xa5, 0xe8, 0x2c, 0x0d, 0x88, 0x09,
0x23, 0x42, 0x57, 0x12, 0xb2, 0xbb, 0x65, 0x8b, 0x91, 0x96,
0x93, 0x2e, 0x02, 0xc7, 0x8b, 0x25, 0x82, 0xfe, 0x74, 0x2d,
0xaa, 0x28,
},
.y = {
0x32, 0x87, 0x94, 0x23, 0xab, 0x1a, 0x03, 0x75, 0x89, 0x57,
0x86, 0xc4, 0xbb, 0x46, 0xe9, 0x56, 0x5f, 0xde, 0x0b, 0x53,
0x44, 0x76, 0x67, 0x40, 0xaf, 0x26, 0x8a, 0xdb, 0x32, 0x32,
0x2e, 0x5c,
},
.order = {
0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xd8, 0xcd, 0xdf,
0xc8, 0x7b, 0x66, 0x35, 0xc1, 0x15, 0xaf, 0x55, 0x6c, 0x36,
0x0c, 0x67,
},
};
static const struct {
uint8_t p[64];
uint8_t a[64];
uint8_t b[64];
uint8_t x[64];
uint8_t y[64];
uint8_t order[64];
} _EC_GOST_2012_512_Test = {
.p = {
0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d,
0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2,
0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2,
0xd1, 0x5d, 0xf1, 0xd8, 0x52, 0x74, 0x1a, 0xf4, 0x70, 0x4a,
0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8,
0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5,
0x28, 0xbe, 0x63, 0x73,
},
.a = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x07,
},
.b = {
0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8,
0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74, 0x8b, 0xc5, 0xf3, 0x77,
0xe4, 0x94, 0x00, 0xfd, 0xd7, 0x88, 0xb6, 0x49, 0xec, 0xa1,
0xac, 0x43, 0x61, 0x83, 0x40, 0x13, 0xb2, 0xad, 0x73, 0x22,
0x48, 0x0a, 0x89, 0xca, 0x58, 0xe0, 0xcf, 0x74, 0xbc, 0x9e,
0x54, 0x0c, 0x2a, 0xdd, 0x68, 0x97, 0xfa, 0xd0, 0xa3, 0x08,
0x4f, 0x30, 0x2a, 0xdc,
},
.x = {
0x24, 0xd1, 0x9c, 0xc6, 0x45, 0x72, 0xee, 0x30, 0xf3, 0x96,
0xbf, 0x6e, 0xbb, 0xfd, 0x7a, 0x6c, 0x52, 0x13, 0xb3, 0xb3,
0xd7, 0x05, 0x7c, 0xc8, 0x25, 0xf9, 0x10, 0x93, 0xa6, 0x8c,
0xd7, 0x62, 0xfd, 0x60, 0x61, 0x12, 0x62, 0xcd, 0x83, 0x8d,
0xc6, 0xb6, 0x0a, 0xa7, 0xee, 0xe8, 0x04, 0xe2, 0x8b, 0xc8,
0x49, 0x97, 0x7f, 0xac, 0x33, 0xb4, 0xb5, 0x30, 0xf1, 0xb1,
0x20, 0x24, 0x8a, 0x9a,
},
.y = {
0x2b, 0xb3, 0x12, 0xa4, 0x3b, 0xd2, 0xce, 0x6e, 0x0d, 0x02,
0x06, 0x13, 0xc8, 0x57, 0xac, 0xdd, 0xcf, 0xbf, 0x06, 0x1e,
0x91, 0xe5, 0xf2, 0xc3, 0xf3, 0x24, 0x47, 0xc2, 0x59, 0xf3,
0x9b, 0x2c, 0x83, 0xab, 0x15, 0x6d, 0x77, 0xf1, 0x49, 0x6b,
0xf7, 0xeb, 0x33, 0x51, 0xe1, 0xee, 0x4e, 0x43, 0xdc, 0x1a,
0x18, 0xb9, 0x1b, 0x24, 0x64, 0x0b, 0x6d, 0xbb, 0x92, 0xcb,
0x1a, 0xdd, 0x37, 0x1e,
},
.order = {
0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d,
0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2,
0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2,
0xd1, 0x5d, 0xa8, 0x2f, 0x2d, 0x7e, 0xcb, 0x1d, 0xba, 0xc7,
0x19, 0x90, 0x5c, 0x5e, 0xec, 0xc4, 0x23, 0xf1, 0xd8, 0x6e,
0x25, 0xed, 0xbe, 0x23, 0xc5, 0x95, 0xd6, 0x44, 0xaa, 0xf1,
0x87, 0xe6, 0xe6, 0xdf,
},
};
static const struct {
uint8_t p[64];
uint8_t a[64];
uint8_t b[64];
uint8_t x[64];
uint8_t y[64];
uint8_t order[64];
} _EC_GOST_2012_512_TC26_A = {
.p = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xfd, 0xc7,
},
.a = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xfd, 0xc4,
},
.b = {
0xe8, 0xc2, 0x50, 0x5d, 0xed, 0xfc, 0x86, 0xdd, 0xc1, 0xbd,
0x0b, 0x2b, 0x66, 0x67, 0xf1, 0xda, 0x34, 0xb8, 0x25, 0x74,
0x76, 0x1c, 0xb0, 0xe8, 0x79, 0xbd, 0x08, 0x1c, 0xfd, 0x0b,
0x62, 0x65, 0xee, 0x3c, 0xb0, 0x90, 0xf3, 0x0d, 0x27, 0x61,
0x4c, 0xb4, 0x57, 0x40, 0x10, 0xda, 0x90, 0xdd, 0x86, 0x2e,
0xf9, 0xd4, 0xeb, 0xee, 0x47, 0x61, 0x50, 0x31, 0x90, 0x78,
0x5a, 0x71, 0xc7, 0x60,
},
.x = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x03,
},
.y = {
0x75, 0x03, 0xcf, 0xe8, 0x7a, 0x83, 0x6a, 0xe3, 0xa6, 0x1b,
0x88, 0x16, 0xe2, 0x54, 0x50, 0xe6, 0xce, 0x5e, 0x1c, 0x93,
0xac, 0xf1, 0xab, 0xc1, 0x77, 0x80, 0x64, 0xfd, 0xcb, 0xef,
0xa9, 0x21, 0xdf, 0x16, 0x26, 0xbe, 0x4f, 0xd0, 0x36, 0xe9,
0x3d, 0x75, 0xe6, 0xa5, 0x0e, 0x3a, 0x41, 0xe9, 0x80, 0x28,
0xfe, 0x5f, 0xc2, 0x35, 0xf5, 0xb8, 0x89, 0xa5, 0x89, 0xcb,
0x52, 0x15, 0xf2, 0xa4,
},
.order = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0x27, 0xe6, 0x95, 0x32, 0xf4, 0x8d, 0x89, 0x11,
0x6f, 0xf2, 0x2b, 0x8d, 0x4e, 0x05, 0x60, 0x60, 0x9b, 0x4b,
0x38, 0xab, 0xfa, 0xd2, 0xb8, 0x5d, 0xca, 0xcd, 0xb1, 0x41,
0x1f, 0x10, 0xb2, 0x75,
},
};
static const struct {
uint8_t p[64];
uint8_t a[64];
uint8_t b[64];
uint8_t x[64];
uint8_t y[64];
uint8_t order[64];
} _EC_GOST_2012_512_TC26_B = {
.p = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x6f,
},
.a = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x6c,
},
.b = {
0x68, 0x7d, 0x1b, 0x45, 0x9d, 0xc8, 0x41, 0x45, 0x7e, 0x3e,
0x06, 0xcf, 0x6f, 0x5e, 0x25, 0x17, 0xb9, 0x7c, 0x7d, 0x61,
0x4a, 0xf1, 0x38, 0xbc, 0xbf, 0x85, 0xdc, 0x80, 0x6c, 0x4b,
0x28, 0x9f, 0x3e, 0x96, 0x5d, 0x2d, 0xb1, 0x41, 0x6d, 0x21,
0x7f, 0x8b, 0x27, 0x6f, 0xad, 0x1a, 0xb6, 0x9c, 0x50, 0xf7,
0x8b, 0xee, 0x1f, 0xa3, 0x10, 0x6e, 0xfb, 0x8c, 0xcb, 0xc7,
0xc5, 0x14, 0x01, 0x16,
},
.x = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x02,
},
.y = {
0x1a, 0x8f, 0x7e, 0xda, 0x38, 0x9b, 0x09, 0x4c, 0x2c, 0x07,
0x1e, 0x36, 0x47, 0xa8, 0x94, 0x0f, 0x3c, 0x12, 0x3b, 0x69,
0x75, 0x78, 0xc2, 0x13, 0xbe, 0x6d, 0xd9, 0xe6, 0xc8, 0xec,
0x73, 0x35, 0xdc, 0xb2, 0x28, 0xfd, 0x1e, 0xdf, 0x4a, 0x39,
0x15, 0x2c, 0xbc, 0xaa, 0xf8, 0xc0, 0x39, 0x88, 0x28, 0x04,
0x10, 0x55, 0xf9, 0x4c, 0xee, 0xec, 0x7e, 0x21, 0x34, 0x07,
0x80, 0xfe, 0x41, 0xbd,
},
.order = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x01, 0x49, 0xa1, 0xec, 0x14, 0x25, 0x65, 0xa5, 0x45,
0xac, 0xfd, 0xb7, 0x7b, 0xd9, 0xd4, 0x0c, 0xfa, 0x8b, 0x99,
0x67, 0x12, 0x10, 0x1b, 0xea, 0x0e, 0xc6, 0x34, 0x6c, 0x54,
0x37, 0x4f, 0x25, 0xbd,
},
};
/*
* This curve is defined in two birationally equal forms: canonical and Twisted
* Edwards. We do calculations in canonical (Weierstrass) form.
*/
static const struct {
uint8_t p[64];
uint8_t a[64];
uint8_t b[64];
uint8_t x[64];
uint8_t y[64];
uint8_t order[64];
} _EC_GOST_2012_512_TC26_C = {
.p = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xfd, 0xc7,
},
.a = {
0xdc, 0x92, 0x03, 0xe5, 0x14, 0xa7, 0x21, 0x87, 0x54, 0x85,
0xa5, 0x29, 0xd2, 0xc7, 0x22, 0xfb, 0x18, 0x7b, 0xc8, 0x98,
0x0e, 0xb8, 0x66, 0x64, 0x4d, 0xe4, 0x1c, 0x68, 0xe1, 0x43,
0x06, 0x45, 0x46, 0xe8, 0x61, 0xc0, 0xe2, 0xc9, 0xed, 0xd9,
0x2a, 0xde, 0x71, 0xf4, 0x6f, 0xcf, 0x50, 0xff, 0x2a, 0xd9,
0x7f, 0x95, 0x1f, 0xda, 0x9f, 0x2a, 0x2e, 0xb6, 0x54, 0x6f,
0x39, 0x68, 0x9b, 0xd3,
},
.b = {
0xb4, 0xc4, 0xee, 0x28, 0xce, 0xbc, 0x6c, 0x2c, 0x8a, 0xc1,
0x29, 0x52, 0xcf, 0x37, 0xf1, 0x6a, 0xc7, 0xef, 0xb6, 0xa9,
0xf6, 0x9f, 0x4b, 0x57, 0xff, 0xda, 0x2e, 0x4f, 0x0d, 0xe5,
0xad, 0xe0, 0x38, 0xcb, 0xc2, 0xff, 0xf7, 0x19, 0xd2, 0xc1,
0x8d, 0xe0, 0x28, 0x4b, 0x8b, 0xfe, 0xf3, 0xb5, 0x2b, 0x8c,
0xc7, 0xa5, 0xf5, 0xbf, 0x0a, 0x3c, 0x8d, 0x23, 0x19, 0xa5,
0x31, 0x25, 0x57, 0xe1,
},
.x = {
0xe2, 0xe3, 0x1e, 0xdf, 0xc2, 0x3d, 0xe7, 0xbd, 0xeb, 0xe2,
0x41, 0xce, 0x59, 0x3e, 0xf5, 0xde, 0x22, 0x95, 0xb7, 0xa9,
0xcb, 0xae, 0xf0, 0x21, 0xd3, 0x85, 0xf7, 0x07, 0x4c, 0xea,
0x04, 0x3a, 0xa2, 0x72, 0x72, 0xa7, 0xae, 0x60, 0x2b, 0xf2,
0xa7, 0xb9, 0x03, 0x3d, 0xb9, 0xed, 0x36, 0x10, 0xc6, 0xfb,
0x85, 0x48, 0x7e, 0xae, 0x97, 0xaa, 0xc5, 0xbc, 0x79, 0x28,
0xc1, 0x95, 0x01, 0x48,
},
.y = {
0xf5, 0xce, 0x40, 0xd9, 0x5b, 0x5e, 0xb8, 0x99, 0xab, 0xbc,
0xcf, 0xf5, 0x91, 0x1c, 0xb8, 0x57, 0x79, 0x39, 0x80, 0x4d,
0x65, 0x27, 0x37, 0x8b, 0x8c, 0x10, 0x8c, 0x3d, 0x20, 0x90,
0xff, 0x9b, 0xe1, 0x8e, 0x2d, 0x33, 0xe3, 0x02, 0x1e, 0xd2,
0xef, 0x32, 0xd8, 0x58, 0x22, 0x42, 0x3b, 0x63, 0x04, 0xf7,
0x26, 0xaa, 0x85, 0x4b, 0xae, 0x07, 0xd0, 0x39, 0x6e, 0x9a,
0x9a, 0xdd, 0xc4, 0x0f,
},
.order = {
0x3f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xc9, 0x8c, 0xdb, 0xa4, 0x65, 0x06, 0xab, 0x00,
0x4c, 0x33, 0xa9, 0xff, 0x51, 0x47, 0x50, 0x2c, 0xc8, 0xed,
0xa9, 0xe7, 0xa7, 0x69, 0xa1, 0x26, 0x94, 0x62, 0x3c, 0xef,
0x47, 0xf0, 0x23, 0xed,
},
};
#endif
static const struct ec_list_element {
const char *comment;
int nid;
@ -2822,177 +2326,6 @@ static const struct ec_list_element {
.order = _EC_FRP256v1.order,
.cofactor = 1,
},
#ifndef OPENSSL_NO_GOST
/* GOST R 34.10-2001 */
{
.comment = "GOST R 34.10-2001 Test Curve",
.nid = NID_id_GostR3410_2001_TestParamSet,
.param_len = sizeof(_EC_GOST_2001_Test.p),
.p = _EC_GOST_2001_Test.p,
.a = _EC_GOST_2001_Test.a,
.b = _EC_GOST_2001_Test.b,
.x = _EC_GOST_2001_Test.x,
.y = _EC_GOST_2001_Test.y,
.order = _EC_GOST_2001_Test.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2001 CryptoPro-A",
.nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet,
.param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p),
.p = _EC_GOST_2001_CryptoPro_A.p,
.a = _EC_GOST_2001_CryptoPro_A.a,
.b = _EC_GOST_2001_CryptoPro_A.b,
.x = _EC_GOST_2001_CryptoPro_A.x,
.y = _EC_GOST_2001_CryptoPro_A.y,
.order = _EC_GOST_2001_CryptoPro_A.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2001 CryptoPro-B",
.nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet,
.param_len = sizeof(_EC_GOST_2001_CryptoPro_B.p),
.p = _EC_GOST_2001_CryptoPro_B.p,
.a = _EC_GOST_2001_CryptoPro_B.a,
.b = _EC_GOST_2001_CryptoPro_B.b,
.x = _EC_GOST_2001_CryptoPro_B.x,
.y = _EC_GOST_2001_CryptoPro_B.y,
.order = _EC_GOST_2001_CryptoPro_B.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2001 CryptoPro-C",
.nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet,
.param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p),
.p = _EC_GOST_2001_CryptoPro_C.p,
.a = _EC_GOST_2001_CryptoPro_C.a,
.b = _EC_GOST_2001_CryptoPro_C.b,
.x = _EC_GOST_2001_CryptoPro_C.x,
.y = _EC_GOST_2001_CryptoPro_C.y,
.order = _EC_GOST_2001_CryptoPro_C.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2001 CryptoPro-XchA",
.nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,
.param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p),
.p = _EC_GOST_2001_CryptoPro_A.p,
.a = _EC_GOST_2001_CryptoPro_A.a,
.b = _EC_GOST_2001_CryptoPro_A.b,
.x = _EC_GOST_2001_CryptoPro_A.x,
.y = _EC_GOST_2001_CryptoPro_A.y,
.order = _EC_GOST_2001_CryptoPro_A.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2001 CryptoPro-XchB",
.nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,
.param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p),
.p = _EC_GOST_2001_CryptoPro_C.p,
.a = _EC_GOST_2001_CryptoPro_C.a,
.b = _EC_GOST_2001_CryptoPro_C.b,
.x = _EC_GOST_2001_CryptoPro_C.x,
.y = _EC_GOST_2001_CryptoPro_C.y,
.order = _EC_GOST_2001_CryptoPro_C.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2012 256 TC26-A",
.nid = NID_id_tc26_gost_3410_12_256_paramSetA,
.param_len = sizeof(_EC_GOST_2012_256_TC26_A.p),
.p = _EC_GOST_2012_256_TC26_A.p,
.a = _EC_GOST_2012_256_TC26_A.a,
.b = _EC_GOST_2012_256_TC26_A.b,
.x = _EC_GOST_2012_256_TC26_A.x,
.y = _EC_GOST_2012_256_TC26_A.y,
.order = _EC_GOST_2012_256_TC26_A.order,
.cofactor = 4,
},
{
.comment = "GOST R 34.10-2012 256 TC26-B",
.nid = NID_id_tc26_gost_3410_12_256_paramSetB,
.param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p),
.p = _EC_GOST_2001_CryptoPro_A.p,
.a = _EC_GOST_2001_CryptoPro_A.a,
.b = _EC_GOST_2001_CryptoPro_A.b,
.x = _EC_GOST_2001_CryptoPro_A.x,
.y = _EC_GOST_2001_CryptoPro_A.y,
.order = _EC_GOST_2001_CryptoPro_A.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2012 256 TC26-C",
.nid = NID_id_tc26_gost_3410_12_256_paramSetC,
.param_len = sizeof(_EC_GOST_2001_CryptoPro_B.p),
.p = _EC_GOST_2001_CryptoPro_B.p,
.a = _EC_GOST_2001_CryptoPro_B.a,
.b = _EC_GOST_2001_CryptoPro_B.b,
.x = _EC_GOST_2001_CryptoPro_B.x,
.y = _EC_GOST_2001_CryptoPro_B.y,
.order = _EC_GOST_2001_CryptoPro_B.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2012 256 TC26-D",
.nid = NID_id_tc26_gost_3410_12_256_paramSetD,
.param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p),
.p = _EC_GOST_2001_CryptoPro_C.p,
.a = _EC_GOST_2001_CryptoPro_C.a,
.b = _EC_GOST_2001_CryptoPro_C.b,
.x = _EC_GOST_2001_CryptoPro_C.x,
.y = _EC_GOST_2001_CryptoPro_C.y,
.order = _EC_GOST_2001_CryptoPro_C.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2012 512 Test Curve",
.nid = NID_id_tc26_gost_3410_12_512_paramSetTest,
.param_len = sizeof(_EC_GOST_2012_512_Test.p),
.p = _EC_GOST_2012_512_Test.p,
.a = _EC_GOST_2012_512_Test.a,
.b = _EC_GOST_2012_512_Test.b,
.x = _EC_GOST_2012_512_Test.x,
.y = _EC_GOST_2012_512_Test.y,
.order = _EC_GOST_2012_512_Test.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2012 512 TC26-A",
.nid = NID_id_tc26_gost_3410_12_512_paramSetA,
.param_len = sizeof(_EC_GOST_2012_512_TC26_A.p),
.p = _EC_GOST_2012_512_TC26_A.p,
.a = _EC_GOST_2012_512_TC26_A.a,
.b = _EC_GOST_2012_512_TC26_A.b,
.x = _EC_GOST_2012_512_TC26_A.x,
.y = _EC_GOST_2012_512_TC26_A.y,
.order = _EC_GOST_2012_512_TC26_A.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2012 512 TC26-B",
.nid = NID_id_tc26_gost_3410_12_512_paramSetB,
.param_len = sizeof(_EC_GOST_2012_512_TC26_B.p),
.p = _EC_GOST_2012_512_TC26_B.p,
.a = _EC_GOST_2012_512_TC26_B.a,
.b = _EC_GOST_2012_512_TC26_B.b,
.x = _EC_GOST_2012_512_TC26_B.x,
.y = _EC_GOST_2012_512_TC26_B.y,
.order = _EC_GOST_2012_512_TC26_B.order,
.cofactor = 1,
},
{
.comment = "GOST R 34.10-2012 512 TC26-C",
.nid = NID_id_tc26_gost_3410_12_512_paramSetC,
.param_len = sizeof(_EC_GOST_2012_512_TC26_C.p),
.p = _EC_GOST_2012_512_TC26_C.p,
.a = _EC_GOST_2012_512_TC26_C.a,
.b = _EC_GOST_2012_512_TC26_C.b,
.x = _EC_GOST_2012_512_TC26_C.x,
.y = _EC_GOST_2012_512_TC26_C.y,
.order = _EC_GOST_2012_512_TC26_C.order,
.cofactor = 4,
},
#endif
};
#define CURVE_LIST_LENGTH (sizeof(curve_list) / sizeof(curve_list[0]))

5
lib/libcrypto/err/err_all.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: err_all.c,v 1.34 2024/03/02 13:39:28 tb Exp $ */
/* $OpenBSD: err_all.c,v 1.35 2024/03/24 06:05:41 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -125,9 +125,6 @@ ERR_load_crypto_strings_internal(void)
ERR_load_EC_strings();
#endif
ERR_load_EVP_strings();
#ifndef OPENSSL_NO_GOST
ERR_load_GOST_strings();
#endif
ERR_load_KDF_strings();
ERR_load_OBJ_strings();
ERR_load_OCSP_strings();

5
lib/libcrypto/evp/evp_local.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_local.h,v 1.19 2024/03/02 10:20:27 tb Exp $ */
/* $OpenBSD: evp_local.h,v 1.20 2024/03/24 06:05:41 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@ -172,9 +172,6 @@ struct evp_pkey_st {
#ifndef OPENSSL_NO_EC
struct ec_key_st *ec; /* ECC */
struct ecx_key_st *ecx; /* ECX */
#endif
#ifndef OPENSSL_NO_GOST
struct gost_key_st *gost; /* GOST */
#endif
} pkey;
int save_parameters;

217
lib/libcrypto/evp/evp_names.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_names.c,v 1.12 2024/03/02 10:13:13 tb Exp $ */
/* $OpenBSD: evp_names.c,v 1.15 2024/03/24 13:56:35 jca Exp $ */
/*
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
*
@ -46,7 +46,6 @@ struct digest_name {
*/
static const struct cipher_name cipher_names[] = {
#ifndef OPENSSL_NO_AES
{
.name = SN_aes_128_cbc,
.cipher = EVP_aes_128_cbc,
@ -157,9 +156,7 @@ static const struct cipher_name cipher_names[] = {
.cipher = EVP_aes_256_cbc,
.alias = SN_aes_256_cbc,
},
#endif /* OPENSSL_NO_AES */
#ifndef OPENSSL_NO_BF
{
.name = "BF",
.cipher = EVP_bf_cbc,
@ -182,9 +179,7 @@ static const struct cipher_name cipher_names[] = {
.name = SN_bf_ofb64,
.cipher = EVP_bf_ofb,
},
#endif
#ifndef OPENSSL_NO_CAMELLIA
{
.name = SN_camellia_128_cbc,
.cipher = EVP_camellia_128_cbc,
@ -275,9 +270,7 @@ static const struct cipher_name cipher_names[] = {
.cipher = EVP_camellia_256_cbc,
.alias = SN_camellia_256_cbc,
},
#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_CAST
{
.name = "CAST",
.cipher = EVP_cast5_cbc,
@ -305,9 +298,7 @@ static const struct cipher_name cipher_names[] = {
.name = SN_cast5_ofb64,
.cipher = EVP_cast5_ofb,
},
#endif
#ifndef OPENSSL_NO_CHACHA
{
.name = SN_chacha20,
.cipher = EVP_chacha20,
@ -317,16 +308,12 @@ static const struct cipher_name cipher_names[] = {
.cipher = EVP_chacha20,
.alias = SN_chacha20,
},
#endif /* OPENSSL_NO_CHACHA */
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
.name = SN_chacha20_poly1305,
.cipher = EVP_chacha20_poly1305,
},
#endif /* OPENSSL_NO_CHACHA && OPENSSL_NO_POLY1305 */
#ifndef OPENSSL_NO_DES
{
.name = "DES",
.cipher = EVP_des_cbc,
@ -413,16 +400,7 @@ static const struct cipher_name cipher_names[] = {
.name = SN_desx_cbc,
.cipher = EVP_desx_cbc,
},
#endif /* OPENSSL_NO_DES */
#ifndef OPENSSL_NO_GOST
{
.name = LN_id_Gost28147_89,
.cipher = EVP_gost2814789_cfb64,
},
#endif /* OPENSSL_NO_GOST */
#ifndef OPENSSL_NO_IDEA
{
.name = "IDEA",
.cipher = EVP_idea_cbc,
@ -445,9 +423,7 @@ static const struct cipher_name cipher_names[] = {
.name = SN_idea_ofb64,
.cipher = EVP_idea_ofb,
},
#endif /* OPENSSL_NO_IDEA */
#ifndef OPENSSL_NO_RC2
{
.name = "RC2",
.cipher = EVP_rc2_cbc,
@ -478,9 +454,7 @@ static const struct cipher_name cipher_names[] = {
.name = SN_rc2_ofb64,
.cipher = EVP_rc2_ofb,
},
#endif /* OPENSSL_NO_RC2 */
#ifndef OPENSSL_NO_RC4
{
.name = SN_rc4,
.cipher = EVP_rc4,
@ -489,9 +463,7 @@ static const struct cipher_name cipher_names[] = {
.name = SN_rc4_40,
.cipher = EVP_rc4_40,
},
#endif /* OPENSSL_NO_RC4 */
#ifndef OPENSSL_NO_SM4
{
.name = "SM4",
.cipher = EVP_sm4_cbc,
@ -518,9 +490,7 @@ static const struct cipher_name cipher_names[] = {
.name = SN_sm4_ofb128,
.cipher = EVP_sm4_ofb,
},
#endif /* OPENSSL_NO_SM4 */
#ifndef OPENSSL_NO_AES
{
.name = LN_aes_128_cbc,
.cipher = EVP_aes_128_cbc,
@ -655,9 +625,7 @@ static const struct cipher_name cipher_names[] = {
.cipher = EVP_aes_256_cbc,
.alias = SN_aes_256_cbc,
},
#endif /* OPENSSL_NO_AES */
#ifndef OPENSSL_NO_BF
{
.name = "bf",
.cipher = EVP_bf_cbc,
@ -686,9 +654,7 @@ static const struct cipher_name cipher_names[] = {
.cipher = EVP_bf_cbc,
.alias = SN_bf_cbc,
},
#endif /* OPENSSL_NO_BF */
#ifndef OPENSSL_NO_CAMELLIA
{
.name = LN_camellia_128_cbc,
.cipher = EVP_camellia_128_cbc,
@ -779,9 +745,7 @@ static const struct cipher_name cipher_names[] = {
.cipher = EVP_camellia_256_cbc,
.alias = SN_camellia_256_cbc,
},
#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_CAST
{
.name = "cast",
.cipher = EVP_cast5_cbc,
@ -809,9 +773,7 @@ static const struct cipher_name cipher_names[] = {
.name = LN_cast5_ofb64,
.cipher = EVP_cast5_ofb,
},
#endif
#ifndef OPENSSL_NO_CHACHA
{
.name = LN_chacha20,
.cipher = EVP_chacha20,
@ -826,9 +788,7 @@ static const struct cipher_name cipher_names[] = {
.name = LN_chacha20_poly1305,
.cipher = EVP_chacha20_poly1305,
},
#endif
#ifndef OPENSSL_NO_DES
{
.name = "des",
.cipher = EVP_des_cbc,
@ -915,24 +875,7 @@ static const struct cipher_name cipher_names[] = {
.name = LN_desx_cbc,
.cipher = EVP_desx_cbc,
},
#endif /* OPENSSL_NO_DES */
#ifndef OPENSSL_NO_GOST
{
.name = SN_id_Gost28147_89,
.cipher = EVP_gost2814789_cfb64,
},
{
.name = SN_gost89_cnt,
.cipher = EVP_gost2814789_cnt,
},
{
.name = SN_gost89_ecb,
.cipher = EVP_gost2814789_ecb,
},
#endif /* OPENSSL_NO_GOST */
#ifndef OPENSSL_NO_AES
{
.name = SN_aes_128_ccm,
.cipher = EVP_aes_128_ccm,
@ -971,9 +914,7 @@ static const struct cipher_name cipher_names[] = {
.name = SN_id_aes256_wrap,
.cipher = EVP_aes_256_wrap,
},
#endif /* OPENSSL_NO_AES */
#ifndef OPENSSL_NO_IDEA
{
.name = "idea",
.cipher = EVP_idea_cbc,
@ -996,9 +937,7 @@ static const struct cipher_name cipher_names[] = {
.name = LN_idea_ofb64,
.cipher = EVP_idea_ofb,
},
#endif /* OPENSSL_NO_IDEA */
#ifndef OPENSSL_NO_RC2
{
.name = "rc2",
.cipher = EVP_rc2_cbc,
@ -1029,9 +968,7 @@ static const struct cipher_name cipher_names[] = {
.name = LN_rc2_ofb64,
.cipher = EVP_rc2_ofb,
},
#endif /* OPENSSL_NO_RC2 */
#ifndef OPENSSL_NO_RC4
{
.name = LN_rc4,
.cipher = EVP_rc4,
@ -1040,9 +977,7 @@ static const struct cipher_name cipher_names[] = {
.name = LN_rc4_40,
.cipher = EVP_rc4_40,
},
#endif /* OPENSSL_NO_RC4 */
#ifndef OPENSSL_NO_SM4
{
.name = "sm4",
.cipher = EVP_sm4_cbc,
@ -1069,7 +1004,6 @@ static const struct cipher_name cipher_names[] = {
.name = LN_sm4_ofb128,
.cipher = EVP_sm4_ofb,
},
#endif /* OPENSSL_NO_SM4 */
};
#define N_CIPHER_NAMES (sizeof(cipher_names) / sizeof(cipher_names[0]))
@ -1080,83 +1014,47 @@ static const struct cipher_name cipher_names[] = {
*/
static const struct digest_name digest_names[] = {
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA1)
{
.name = SN_dsaWithSHA1,
.digest = EVP_sha1,
.alias = SN_sha1,
},
#endif
#ifndef OPENSSL_NO_GOST
{
.name = LN_id_Gost28147_89_MAC,
.digest = EVP_gost2814789imit,
},
{
.name = LN_id_tc26_gost3411_2012_512,
.digest = EVP_streebog512,
},
{
.name = LN_id_tc26_gost3411_2012_256,
.digest = EVP_streebog256,
},
{
.name = LN_id_GostR3411_94,
.digest = EVP_gostr341194,
},
#endif /* OPENSSL_NO_GOST */
#ifndef OPENSSL_NO_MD4
{
.name = SN_md4,
.digest = EVP_md4,
},
#endif /* OPENSSL_NO_MD4 */
#ifndef OPENSSL_NO_MD5
{
.name = SN_md5,
.digest = EVP_md5,
},
#endif /* OPENSSL_NO_MD5 */
#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_SHA1)
{
.name = SN_md5_sha1,
.digest = EVP_md5_sha1,
},
#endif /* OPENSSL_NO_MD5 && OPENSSL_NO_SHA1 */
#ifndef OPENSSL_NO_RIPEMD
{
.name = SN_ripemd160,
.digest = EVP_ripemd160,
},
#endif /* OPENSSL_NO_RIPEMD */
#ifndef OPENSSL_NO_RSA
#ifndef OPENSSL_NO_MD4
{
.name = SN_md4WithRSAEncryption,
.digest = EVP_md4,
.alias = SN_md4,
},
#endif /* OPENSSL_NO_MD4 */
#ifndef OPENSSL_NO_MD5
{
.name = SN_md5WithRSAEncryption,
.digest = EVP_md5,
.alias = SN_md5,
},
#endif /* OPENSSL_NO_MD5 */
#ifndef OPENSSL_NO_RIPEMD
{
.name = SN_ripemd160WithRSA,
.digest = EVP_ripemd160,
.alias = SN_ripemd160,
},
#endif /* OPENSSL_NO_RIPEMD */
#ifndef OPENSSL_NO_SHA1
{
.name = SN_sha1WithRSAEncryption,
.digest = EVP_sha1,
@ -1167,8 +1065,6 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha1,
.alias = SN_sha1, /* XXX - alias to SN_sha1WithRSAEncryption? */
},
#endif /* OPENSSL_NO_SHA1 */
#ifndef OPENSSL_NO_SHA256
{
.name = SN_sha224WithRSAEncryption,
.digest = EVP_sha224,
@ -1179,8 +1075,6 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha256,
.alias = SN_sha256,
},
#endif /* OPENSSL_NO_SHA256 */
#ifndef OPENSSL_NO_SHA3
{
.name = LN_RSA_SHA3_224,
.digest = EVP_sha3_224,
@ -1201,8 +1095,6 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha3_512,
.alias = SN_sha3_512,
},
#endif /* OPENSSL_NO_SHA3 */
#ifndef OPENSSL_NO_SHA512
{
.name = SN_sha384WithRSAEncryption,
.digest = EVP_sha384,
@ -1223,23 +1115,16 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha512_256,
.alias = SN_sha512_256,
},
#endif /* OPENSSL_NO_SHA256 */
#ifndef OPENSSL_NO_SM4
{
.name = SN_sm3WithRSAEncryption,
.digest = EVP_sm3,
.alias = SN_sm3,
},
#endif
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_SHA1
{
.name = SN_sha1,
.digest = EVP_sha1,
},
#endif /* OPENSSL_NO_SHA1 */
#ifndef OPENSSL_NO_SHA256
{
.name = SN_sha224,
.digest = EVP_sha224,
@ -1248,8 +1133,6 @@ static const struct digest_name digest_names[] = {
.name = SN_sha256,
.digest = EVP_sha256,
},
#endif /* OPENSSL_NO_SHA256 */
#ifndef OPENSSL_NO_SHA3
{
.name = SN_sha3_224,
.digest = EVP_sha3_224,
@ -1266,9 +1149,7 @@ static const struct digest_name digest_names[] = {
.name = SN_sha3_512,
.digest = EVP_sha3_512,
},
#endif /* OPENSSL_NO_SHA3 */
#ifndef OPENSSL_NO_SHA512
{
.name = SN_sha384,
.digest = EVP_sha384,
@ -1285,24 +1166,18 @@ static const struct digest_name digest_names[] = {
.name = SN_sha512_256,
.digest = EVP_sha512_256,
},
#endif /* OPENSSL_NO_SHA512 */
#ifndef OPENSSL_NO_SM3
{
.name = SN_sm3,
.digest = EVP_sm3,
},
#endif /* OPENSSL_NO_SM3 */
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA1)
{
.name = LN_dsaWithSHA1,
.digest = EVP_sha1,
.alias = SN_sha1,
},
#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA256)
{
.name = LN_dsa_with_SHA224,
.digest = EVP_sha224,
@ -1323,17 +1198,13 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha512,
.alias = SN_sha512,
},
#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA256 */
#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_EC)
{
.name = SN_ecdsa_with_SHA1,
.digest = EVP_sha1,
.alias = SN_sha1,
},
#endif
#if !defined(OPENSSL_NO_SHA256) && !defined(OPENSSL_NO_EC)
{
.name = SN_ecdsa_with_SHA224,
.digest = EVP_sha224,
@ -1354,16 +1225,7 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha512,
.alias = SN_sha512,
},
#endif /* OPENSSL_NO_SHA256 && OPENSSL_NO_EC */
#ifndef OPENSSL_NO_GOST
{
.name = SN_id_Gost28147_89_MAC,
.digest = EVP_gost2814789imit,
},
#endif /* OPENSSL_NO_GOST */
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA256)
{
.name = SN_dsa_with_SHA224,
.digest = EVP_sha224,
@ -1374,9 +1236,7 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha256,
.alias = SN_sha256,
},
#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA256 */
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA3)
{
.name = SN_dsa_with_SHA3_224,
.digest = EVP_sha3_224,
@ -1397,9 +1257,7 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha3_512,
.alias = SN_sha3_512,
},
#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA3 */
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA256)
{
.name = SN_dsa_with_SHA384,
.digest = EVP_sha384,
@ -1410,9 +1268,7 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha512,
.alias = SN_sha512,
},
#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA256 */
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_SHA3)
{
.name = SN_ecdsa_with_SHA3_224,
.digest = EVP_sha3_224,
@ -1433,9 +1289,7 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha3_512,
.alias = SN_sha3_512,
},
#endif /* OPENSSL_NO_EC && OPENSSL_NO_SHA3 */
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_SHA3)
{
.name = SN_RSA_SHA3_224,
.digest = EVP_sha3_224,
@ -1456,50 +1310,31 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha3_512,
.alias = SN_sha3_512,
},
#endif /* OPENSSL_NO_RSA && OPENSSL_NO_SHA3 */
#ifndef OPENSSL_NO_MD4
{
.name = LN_md4,
.digest = EVP_md4,
},
#endif /* OPENSSL_NO_MD4 */
#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_RSA)
{
.name = LN_md4WithRSAEncryption,
.digest = EVP_md4,
.alias = SN_md4,
},
#endif /* OPENSSL_NO_MD4 */
#if !defined(OPENSSL_NO_MD5)
{
.name = LN_md5,
.digest = EVP_md5,
},
#endif /* OPENSSL_NO_MD5 */
#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_SHA1)
{
.name = LN_md5_sha1,
.digest = EVP_md5_sha1,
},
#endif /* OPENSSL_NO_MD5 && OPENSSL_NO_SHA1 */
#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_RSA)
{
.name = LN_md5WithRSAEncryption,
.digest = EVP_md5,
.alias = SN_md5,
},
#endif
#ifndef OPENSSL_NO_GOST
{
.name = SN_id_GostR3411_94,
.digest = EVP_gostr341194,
},
#endif /* OPENSSL_NO_GOST */
#ifndef OPENSSL_NO_RIPEMD
{
.name = "ripemd",
.digest = EVP_ripemd160,
@ -1509,60 +1344,46 @@ static const struct digest_name digest_names[] = {
.name = LN_ripemd160,
.digest = EVP_ripemd160,
},
#ifndef OPENSSL_NO_RSA
{
.name = LN_ripemd160WithRSA,
.digest = EVP_ripemd160,
.alias = SN_ripemd160,
},
#endif /* OPENSSL_NO_RSA */
{
.name = "rmd160",
.digest = EVP_ripemd160,
.alias = SN_ripemd160,
},
#endif /* OPENSSL_NO_RIPEMD */
#ifndef OPENSSL_NO_SHA1
{
.name = LN_sha1,
.digest = EVP_sha1,
},
#endif /* OPENSSL_NO_SHA1 */
#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_RSA)
{
.name = LN_sha1WithRSAEncryption,
.digest = EVP_sha1,
.alias = SN_sha1,
},
#endif /* OPENSSL_NO_SHA1 && OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_SHA256
{
.name = LN_sha224,
.digest = EVP_sha224,
},
#ifndef OPENSSL_NO_RSA
{
.name = LN_sha224WithRSAEncryption,
.digest = EVP_sha224,
.alias = SN_sha224,
},
#endif /* OPENSSL_NO_RSA */
{
.name = LN_sha256,
.digest = EVP_sha256,
},
#ifndef OPENSSL_NO_RSA
{
.name = LN_sha256WithRSAEncryption,
.digest = EVP_sha256,
.alias = SN_sha256,
},
#endif /* OPENSSL_NO_RSA */
#endif /* OPENSSL_NO_SHA256 */
#ifndef OPENSSL_NO_SHA3
{
.name = LN_sha3_224,
.digest = EVP_sha3_224,
@ -1579,20 +1400,16 @@ static const struct digest_name digest_names[] = {
.name = LN_sha3_512,
.digest = EVP_sha3_512,
},
#endif /* OPENSSL_NO_SHA3 */
#ifndef OPENSSL_NO_SHA512
{
.name = LN_sha384,
.digest = EVP_sha384,
},
#ifndef OPENSSL_NO_RSA
{
.name = LN_sha384WithRSAEncryption,
.digest = EVP_sha384,
.alias = SN_sha384,
},
#endif /* OPENSSL_NO_RSA */
{
.name = LN_sha512,
.digest = EVP_sha512,
@ -1601,18 +1418,15 @@ static const struct digest_name digest_names[] = {
.name = LN_sha512_224,
.digest = EVP_sha512_224,
},
#ifndef OPENSSL_NO_RSA
{
.name = LN_sha512_224WithRSAEncryption,
.digest = EVP_sha512_224,
.alias = SN_sha512_224,
},
#endif
{
.name = LN_sha512_256,
.digest = EVP_sha512_256,
},
#ifndef OPENSSL_NO_RSA
{
.name = LN_sha512_256WithRSAEncryption,
.digest = EVP_sha512_256,
@ -1623,24 +1437,17 @@ static const struct digest_name digest_names[] = {
.digest = EVP_sha512,
.alias = SN_sha512,
},
#endif
#endif /* OPENSSL_NO_SHA512 */
#ifndef OPENSSL_NO_SM3
{
.name = LN_sm3,
.digest = EVP_sm3,
},
#endif /* OPENSSL_NO_SM3 */
#if !defined(OPENSSL_NO_SM3) && !defined(OPENSSL_NO_RSA)
{
.name = LN_sm3WithRSAEncryption,
.digest = EVP_sm3,
.alias = SN_sm3,
},
#endif /* OPENSSL_NO_SM3 && OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_MD5
{
.name = "ssl2-md5",
.digest = EVP_md5,
@ -1651,33 +1458,17 @@ static const struct digest_name digest_names[] = {
.digest = EVP_md5,
.alias = SN_md5,
},
#endif /* OPENSSL_NO_MD5 */
#ifndef OPENSSL_NO_SHA1
{
.name = "ssl3-sha1",
.digest = EVP_sha1,
.alias = SN_sha1,
},
#endif /* OPENSSL_NO_SHA1 */
#ifndef OPENSSL_NO_GOST
{
.name = SN_id_tc26_gost3411_2012_256,
.digest = EVP_streebog256,
},
{
.name = SN_id_tc26_gost3411_2012_512,
.digest = EVP_streebog512,
},
#endif /* OPENSSL_NO_GOST */
#ifndef OPENSSL_NO_WHIRLPOOL
{
.name = SN_whirlpool,
.digest = EVP_whirlpool,
},
#endif
};
#define N_DIGEST_NAMES (sizeof(digest_names) / sizeof(digest_names[0]))
@ -1852,6 +1643,9 @@ EVP_get_cipherbyname(const char *name)
if (!OPENSSL_init_crypto(0, NULL))
return NULL;
if (name == NULL)
return NULL;
if ((cipher = bsearch(name, cipher_names, N_CIPHER_NAMES,
sizeof(*cipher), cipher_cmp)) == NULL)
return NULL;
@ -1873,6 +1667,9 @@ EVP_get_digestbyname(const char *name)
if (!OPENSSL_init_crypto(0, NULL))
return NULL;
if (name == NULL)
return NULL;
if ((digest = bsearch(name, digest_names, N_DIGEST_NAMES,
sizeof(*digest), digest_cmp)) == NULL)
return NULL;

11
lib/libcrypto/evp/evp_pbe.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_pbe.c,v 1.46 2024/03/02 10:20:27 tb Exp $ */
/* $OpenBSD: evp_pbe.c,v 1.48 2024/03/24 06:48:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -494,14 +494,6 @@ md_nid_from_prf_nid(int nid)
return NID_sha3_384;
case NID_hmac_sha3_512:
return NID_sha3_512;
#ifndef OPENSSL_NO_GOST
case NID_id_HMACGostR3411_94:
return NID_id_GostR3411_94;
case NID_id_tc26_hmac_gost_3411_12_256:
return NID_id_tc26_gost3411_2012_256;
case NID_id_tc26_hmac_gost_3411_12_512:
return NID_id_tc26_gost3411_2012_512;
#endif
default:
return NID_undef;
}
@ -650,4 +642,3 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
explicit_bzero(iv, EVP_MAX_IV_LENGTH);
return ret;
}
LCRYPTO_ALIAS(PKCS12_PBE_keyivgen);

75
lib/libcrypto/ocsp/ocsp_cl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ocsp_cl.c,v 1.24 2024/03/02 09:08:41 tb Exp $ */
/* $OpenBSD: ocsp_cl.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
@ -68,6 +68,7 @@
#include <openssl/ocsp.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/posix_time.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
@ -394,69 +395,61 @@ int
OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
{
time_t t_now, t_tmp;
struct tm tm_this, tm_next, tm_tmp;
int64_t posix_next, posix_this, posix_now;
struct tm tm_this, tm_next;
time(&t_now);
/* Negative values of nsec make no sense */
if (nsec < 0)
return 0;
posix_now = time(NULL);
/*
* Times must explicitly be a GENERALIZEDTIME as per section
* 4.2.2.1 of RFC 6960 - It is invalid to accept other times
* (such as UTCTIME permitted/required by RFC 5280 for certificates)
*/
/* Check thisUpdate is valid and not more than nsec in the future */
/* Check that thisUpdate is valid. */
if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this,
V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD);
return 0;
} else {
t_tmp = t_now + nsec;
if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
return 0;
if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) {
OCSPerror(OCSP_R_STATUS_NOT_YET_VALID);
return 0;
}
/*
* If maxsec specified check thisUpdate is not more than maxsec
* in the past
*/
if (maxsec >= 0) {
t_tmp = t_now - maxsec;
if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
return 0;
if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) {
OCSPerror(OCSP_R_STATUS_TOO_OLD);
return 0;
}
}
}
if (!OPENSSL_tm_to_posix(&tm_this, &posix_this))
return 0;
/* thisUpdate must not be more than nsec in the future. */
if (posix_this - nsec > posix_now) {
OCSPerror(OCSP_R_STATUS_NOT_YET_VALID);
return 0;
}
/* thisUpdate must not be more than maxsec seconds in the past. */
if (maxsec >= 0 && posix_this < posix_now - maxsec) {
OCSPerror(OCSP_R_STATUS_TOO_OLD);
return 0;
}
if (!nextupd)
/* RFC 6960 section 4.2.2.1 allows for servers to not set nextUpdate */
if (nextupd == NULL)
return 1;
/* Check nextUpdate is valid and not more than nsec in the past */
/* Check that nextUpdate is valid. */
if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next,
V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
return 0;
} else {
t_tmp = t_now - nsec;
if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
return 0;
if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) {
OCSPerror(OCSP_R_STATUS_EXPIRED);
return 0;
}
}
/* Also don't allow nextUpdate to precede thisUpdate */
if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) {
if (!OPENSSL_tm_to_posix(&tm_next, &posix_next))
return 0;
/* Don't allow nextUpdate to precede thisUpdate. */
if (posix_next < posix_this) {
OCSPerror(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
return 0;
}
/* nextUpdate must not be more than nsec seconds in the past. */
if (posix_next + nsec < posix_now) {
OCSPerror(OCSP_R_STATUS_EXPIRED);
return 0;
}
return 1;
}

8
lib/libcrypto/pkcs12/p12_attr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_attr.c,v 1.20 2023/02/16 08:38:17 tb Exp $ */
/* $OpenBSD: p12_attr.c,v 1.21 2024/03/24 06:48:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -74,7 +74,6 @@ PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
else
return 0;
}
LCRYPTO_ALIAS(PKCS12_add_localkeyid);
/* Add key usage to PKCS#8 structure */
@ -99,8 +98,6 @@ PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
else
return 0;
}
LCRYPTO_ALIAS(PKCS12_add_friendlyname_asc);
int
PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
@ -112,7 +109,6 @@ PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
else
return 0;
}
LCRYPTO_ALIAS(PKCS12_add_friendlyname_uni);
int
PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
@ -123,7 +119,6 @@ PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
else
return 0;
}
LCRYPTO_ALIAS(PKCS12_add_CSPName_asc);
ASN1_TYPE *
PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
@ -140,7 +135,6 @@ PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
}
return NULL;
}
LCRYPTO_ALIAS(PKCS12_get_attr_gen);
char *
PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)

6
lib/libcrypto/pkcs12/p12_crt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_crt.c,v 1.23 2023/02/16 08:38:17 tb Exp $ */
/* $OpenBSD: p12_crt.c,v 1.24 2024/03/24 06:48:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@ -222,7 +222,6 @@ err:
return NULL;
}
LCRYPTO_ALIAS(PKCS12_add_cert);
PKCS12_SAFEBAG *
PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,
@ -263,7 +262,6 @@ err:
return NULL;
}
LCRYPTO_ALIAS(PKCS12_add_key);
int
PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
@ -307,7 +305,6 @@ err:
return 0;
}
LCRYPTO_ALIAS(PKCS12_add_safe);
static int
pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
@ -354,4 +351,3 @@ PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
return p12;
}
LCRYPTO_ALIAS(PKCS12_add_safes);

3
lib/libcrypto/pkcs12/p12_init.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_init.c,v 1.16 2023/02/16 08:38:17 tb Exp $ */
/* $OpenBSD: p12_init.c,v 1.17 2024/03/24 06:48:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -98,4 +98,3 @@ err:
PKCS12_free(pkcs12);
return NULL;
}
LCRYPTO_ALIAS(PKCS12_init);

3
lib/libcrypto/pkcs12/p12_mutl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_mutl.c,v 1.37 2024/03/02 10:15:16 tb Exp $ */
/* $OpenBSD: p12_mutl.c,v 1.38 2024/03/24 06:48:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -173,7 +173,6 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
return ret;
}
LCRYPTO_ALIAS(PKCS12_gen_mac);
/* Verify the mac */
int

7
lib/libcrypto/pkcs12/p12_sbag.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_sbag.c,v 1.8 2023/02/16 08:38:17 tb Exp $ */
/* $OpenBSD: p12_sbag.c,v 1.9 2024/03/24 06:48:03 tb Exp $ */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999-2018.
@ -166,7 +166,6 @@ PKCS12_SAFEBAG_create_cert(X509 *x509)
return PKCS12_item_pack_safebag(x509, &X509_it,
NID_x509Certificate, NID_certBag);
}
LCRYPTO_ALIAS(PKCS12_SAFEBAG_create_cert);
PKCS12_SAFEBAG *
PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
@ -174,7 +173,6 @@ PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
NID_x509Crl, NID_crlBag);
}
LCRYPTO_ALIAS(PKCS12_SAFEBAG_create_crl);
/* Turn PKCS8 object into a keybag */
@ -193,7 +191,6 @@ PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
return bag;
}
LCRYPTO_ALIAS(PKCS12_SAFEBAG_create0_p8inf);
/* Turn PKCS8 object into a shrouded keybag */
@ -213,7 +210,6 @@ PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
return bag;
}
LCRYPTO_ALIAS(PKCS12_SAFEBAG_create0_pkcs8);
PKCS12_SAFEBAG *
PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen,
@ -237,4 +233,3 @@ PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen,
return bag;
}
LCRYPTO_ALIAS(PKCS12_SAFEBAG_create_pkcs8_encrypt);

4
lib/libcrypto/ts/ts_rsp_sign.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ts_rsp_sign.c,v 1.32 2023/08/22 08:09:36 tb Exp $ */
/* $OpenBSD: ts_rsp_sign.c,v 1.33 2024/03/24 11:30:12 beck Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
* project 2002.
*/
@ -999,7 +999,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
goto err;
if (!(tm = gmtime(&sec)))
if (OPENSSL_gmtime(&sec, tm) == NULL)
goto err;
/*

29
lib/libcrypto/x509/by_dir.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: by_dir.c,v 1.46 2023/12/29 05:33:32 tb Exp $ */
/* $OpenBSD: by_dir.c,v 1.47 2024/03/25 00:05:49 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -56,9 +56,6 @@
* [including the GNU Public Licence.]
*/
#include <sys/stat.h>
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
@ -331,23 +328,27 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
for (;;) {
(void) snprintf(b->data, b->max, "%s/%08lx.%s%d",
ent->dir, h, postfix, k);
{
struct stat st;
if (stat(b->data, &st) < 0)
break;
}
/* found one. */
/*
* Found one. Attempt to load it. This could fail for
* any number of reasons from the file can't be opened,
* the file contains garbage, etc. Clear the error stack
* to avoid exposing the lower level error. These all
* boil down to "we could not find CA/CRL".
*/
if (type == X509_LU_X509) {
if ((X509_load_cert_file(xl, b->data,
ent->dir_type)) == 0)
ent->dir_type)) == 0) {
ERR_clear_error();
break;
}
} else if (type == X509_LU_CRL) {
if ((X509_load_crl_file(xl, b->data,
ent->dir_type)) == 0)
ent->dir_type)) == 0) {
ERR_clear_error();
break;
}
}
/* else case will caught higher up */
/* The lack of a CA or CRL will be caught higher up. */
k++;
}

61
lib/libcrypto/x509/x509_trs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_trs.c,v 1.45 2024/03/24 00:35:45 tb Exp $ */
/* $OpenBSD: x509_trs.c,v 1.49 2024/03/25 00:46:57 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -65,12 +65,13 @@
#include <openssl/x509v3.h>
#include "crypto_internal.h"
#include "x509_internal.h"
#include "x509_local.h"
typedef struct x509_trust_st {
int trust;
int (*check_trust)(struct x509_trust_st *, X509 *);
int arg1;
int nid;
} X509_TRUST;
static int
@ -78,34 +79,32 @@ obj_trust(int id, X509 *x)
{
ASN1_OBJECT *obj;
int i, nid;
X509_CERT_AUX *ax;
X509_CERT_AUX *aux;
ax = x->aux;
if (!ax)
if ((aux = x->aux) == NULL)
return X509_TRUST_UNTRUSTED;
if (ax->reject) {
for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
obj = sk_ASN1_OBJECT_value(ax->reject, i);
nid = OBJ_obj2nid(obj);
if (nid == id || nid == NID_anyExtendedKeyUsage)
return X509_TRUST_REJECTED;
}
for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
obj = sk_ASN1_OBJECT_value(aux->reject, i);
nid = OBJ_obj2nid(obj);
if (nid == id || nid == NID_anyExtendedKeyUsage)
return X509_TRUST_REJECTED;
}
if (ax->trust) {
for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
obj = sk_ASN1_OBJECT_value(ax->trust, i);
nid = OBJ_obj2nid(obj);
if (nid == id || nid == NID_anyExtendedKeyUsage)
return X509_TRUST_TRUSTED;
}
for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
obj = sk_ASN1_OBJECT_value(aux->trust, i);
nid = OBJ_obj2nid(obj);
if (nid == id || nid == NID_anyExtendedKeyUsage)
return X509_TRUST_TRUSTED;
}
return X509_TRUST_UNTRUSTED;
}
static int
trust_compat(X509_TRUST *trust, X509 *x)
{
X509_check_purpose(x, -1, 0);
/* Extensions already cached in X509_check_trust(). */
if (x->ex_flags & EXFLAG_SS)
return X509_TRUST_TRUSTED;
else
@ -116,7 +115,7 @@ static int
trust_1oidany(X509_TRUST *trust, X509 *x)
{
if (x->aux && (x->aux->trust || x->aux->reject))
return obj_trust(trust->arg1, x);
return obj_trust(trust->nid, x);
/* we don't have any trust settings: for compatibility
* we return trusted if it is self signed
*/
@ -127,7 +126,7 @@ static int
trust_1oid(X509_TRUST *trust, X509 *x)
{
if (x->aux)
return obj_trust(trust->arg1, x);
return obj_trust(trust->nid, x);
return X509_TRUST_UNTRUSTED;
}
@ -144,37 +143,37 @@ static const X509_TRUST trstandard[] = {
{
.trust = X509_TRUST_SSL_CLIENT,
.check_trust = trust_1oidany,
.arg1 = NID_client_auth,
.nid = NID_client_auth,
},
{
.trust = X509_TRUST_SSL_SERVER,
.check_trust = trust_1oidany,
.arg1 = NID_server_auth,
.nid = NID_server_auth,
},
{
.trust = X509_TRUST_EMAIL,
.check_trust = trust_1oidany,
.arg1 = NID_email_protect,
.nid = NID_email_protect,
},
{
.trust = X509_TRUST_OBJECT_SIGN,
.check_trust = trust_1oidany,
.arg1 = NID_code_sign,
.nid = NID_code_sign,
},
{
.trust = X509_TRUST_OCSP_SIGN,
.check_trust = trust_1oid,
.arg1 = NID_OCSP_sign,
.nid = NID_OCSP_sign,
},
{
.trust = X509_TRUST_OCSP_REQUEST,
.check_trust = trust_1oid,
.arg1 = NID_ad_OCSP,
.nid = NID_ad_OCSP,
},
{
.trust = X509_TRUST_TSA,
.check_trust = trust_1oidany,
.arg1 = NID_time_stamp,
.nid = NID_time_stamp,
},
};
@ -191,6 +190,10 @@ X509_check_trust(X509 *x, int trust_id, int flags)
if (trust_id == -1)
return 1;
/* Call early so the trust handlers don't need to modify the certs. */
if (!x509v3_cache_extensions(x))
return X509_TRUST_UNTRUSTED;
/*
* XXX beck/jsing This enables self signed certs to be trusted for
* an unspecified id/trust flag value (this is NOT the

26
lib/libtls/tls_conninfo.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */
/* $OpenBSD: tls_conninfo.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
/*
* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@ -19,12 +19,27 @@
#include <stdio.h>
#include <string.h>
#include <openssl/posix_time.h>
#include <openssl/x509.h>
#include <tls.h>
#include "tls_internal.h"
int ASN1_time_tm_clamp_notafter(struct tm *tm);
static int
tls_convert_notafter(struct tm *tm, time_t *out_time)
{
int64_t posix_time;
/* OPENSSL_timegm() fails if tm is not representable in a time_t */
if (OPENSSL_timegm(tm, out_time))
return 1;
if (!OPENSSL_tm_to_posix(tm, &posix_time))
return 0;
if (posix_time < INT32_MIN)
return 0;
*out_time = (posix_time > INT32_MAX) ? INT32_MAX : posix_time;
return 1;
}
int
tls_hex_string(const unsigned char *in, size_t inlen, char **out,
@ -121,13 +136,10 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
goto err;
if (!ASN1_TIME_to_tm(after, &after_tm))
goto err;
if (!ASN1_time_tm_clamp_notafter(&after_tm))
if (!tls_convert_notafter(&after_tm, notafter))
goto err;
if ((*notbefore = timegm(&before_tm)) == -1)
if (!OPENSSL_timegm(&before_tm, notbefore))
goto err;
if ((*notafter = timegm(&after_tm)) == -1)
goto err;
return (0);
err:

5
lib/libtls/tls_ocsp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */
/* $OpenBSD: tls_ocsp.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
/*
* Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
* Copyright (c) 2016 Bob Beck <beck@openbsd.org>
@ -25,6 +25,7 @@
#include <openssl/err.h>
#include <openssl/ocsp.h>
#include <openssl/posix_time.h>
#include <openssl/x509.h>
#include <tls.h>
@ -68,7 +69,7 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t
return -1;
if (!ASN1_TIME_to_tm(gt, &tm))
return -1;
if ((*gt_time = timegm(&tm)) == -1)
if (!OPENSSL_timegm(&tm, gt_time))
return -1;
return 0;
}

26
regress/lib/libcrypto/evp/evp_test.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_test.c,v 1.17 2024/02/29 20:02:40 tb Exp $ */
/* $OpenBSD: evp_test.c,v 1.18 2024/03/24 14:00:11 jca Exp $ */
/*
* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@ -737,6 +737,28 @@ obj_name_do_all_test(void)
return failure;
}
static int
evp_get_cipherbyname_test(void)
{
int failure = 0;
/* Should handle NULL gracefully */
failure |= EVP_get_cipherbyname(NULL) != NULL;
return failure;
}
static int
evp_get_digestbyname_test(void)
{
int failure = 0;
/* Should handle NULL gracefully */
failure |= EVP_get_digestbyname(NULL) != NULL;
return failure;
}
int
main(int argc, char **argv)
{
@ -748,6 +770,8 @@ main(int argc, char **argv)
failed |= evp_do_all_test();
failed |= evp_aliases_test();
failed |= obj_name_do_all_test();
failed |= evp_get_cipherbyname_test();
failed |= evp_get_digestbyname_test();
OPENSSL_cleanup();

3
sys/arch/arm64/conf/GENERIC
View File

@ -1,4 +1,4 @@
# $OpenBSD: GENERIC,v 1.284 2024/03/02 19:53:17 kettenis Exp $
# $OpenBSD: GENERIC,v 1.285 2024/03/24 22:34:48 patrick Exp $
#
# GENERIC machine description file
#
@ -375,6 +375,7 @@ iic* at sxitwi? # I2C bus
dwxe* at fdt?
# Xilinx Zynq UltraScale+ SoCs
cad* at fdt? # Ethernet controller
cduart* at fdt?
# PCI

3
sys/arch/arm64/conf/RAMDISK
View File

@ -1,4 +1,4 @@
# $OpenBSD: RAMDISK,v 1.214 2024/03/02 19:53:17 kettenis Exp $
# $OpenBSD: RAMDISK,v 1.215 2024/03/24 22:34:48 patrick Exp $
machine arm64
maxusers 4
@ -292,6 +292,7 @@ iic* at sxitwi? # I2C bus
dwxe* at fdt?
# Xilinx Zynq UltraScale+ SoCs
cad* at fdt? # Ethernet controller
cduart* at fdt?
# PCI

19
sys/dev/fdt/if_cad.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_cad.c,v 1.13 2023/08/15 08:27:30 miod Exp $ */
/* $OpenBSD: if_cad.c,v 1.14 2024/03/24 22:34:06 patrick Exp $ */
/*
* Copyright (c) 2021-2022 Visa Hankala
@ -54,6 +54,7 @@
#include <dev/ofw/fdt.h>
#include <dev/ofw/openfirm.h>
#include <dev/ofw/ofw_clock.h>
#include <dev/ofw/ofw_gpio.h>
#define GEM_NETCTL 0x0000
#define GEM_NETCTL_DPRAM (1 << 18)
@ -388,6 +389,8 @@ cad_attach(struct device *parent, struct device *self, void *aux)
struct fdt_attach_args *faa = aux;
struct cad_softc *sc = (struct cad_softc *)self;
struct ifnet *ifp = &sc->sc_ac.ac_if;
uint32_t phy_reset_gpio[3];
uint32_t phy_reset_duration;
uint32_t hi, lo;
uint32_t rev, ver;
uint32_t val;
@ -427,6 +430,20 @@ cad_attach(struct device *parent, struct device *self, void *aux)
ether_fakeaddr(ifp);
}
if (OF_getpropintarray(faa->fa_node, "phy-reset-gpios", phy_reset_gpio,
sizeof(phy_reset_gpio)) == sizeof(phy_reset_gpio)) {
phy_reset_duration = OF_getpropint(faa->fa_node,
"phy-reset-duration", 1);
if (phy_reset_duration > 1000)
phy_reset_duration = 1;
gpio_controller_config_pin(phy_reset_gpio, GPIO_CONFIG_OUTPUT);
gpio_controller_set_pin(phy_reset_gpio, 1);
delay((phy_reset_duration + 1) * 1000);
gpio_controller_set_pin(phy_reset_gpio, 0);
delay(1000);
}
phy = OF_getpropint(faa->fa_node, "phy-handle", 0);
node = OF_getnodebyphandle(phy);
if (node != 0)

6
sys/lib/libsa/softraid.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: softraid.c,v 1.5 2022/08/12 20:17:46 stsp Exp $ */
/* $OpenBSD: softraid.c,v 1.6 2024/03/24 05:50:20 jsg Exp $ */
/*
* Copyright (c) 2012 Joel Sing <jsing@openbsd.org>
@ -63,7 +63,7 @@ void
sr_clear_keys(void)
{
struct sr_boot_volume *bv;
struct sr_boot_keydisk *kd;
struct sr_boot_keydisk *kd, *nkd;
SLIST_FOREACH(bv, &sr_volumes, sbv_link) {
if (bv->sbv_level != 'C' && bv->sbv_level != 0x1C)
@ -79,7 +79,7 @@ sr_clear_keys(void)
bv->sbv_maskkey = NULL;
}
}
SLIST_FOREACH(kd, &sr_keydisks, kd_link) {
SLIST_FOREACH_SAFE(kd, &sr_keydisks, kd_link, nkd) {
explicit_bzero(kd, sizeof(*kd));
free(kd, sizeof(*kd));
}

57
sys/uvm/uvm_pdaemon.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uvm_pdaemon.c,v 1.109 2023/10/27 19:18:53 mpi Exp $ */
/* $OpenBSD: uvm_pdaemon.c,v 1.110 2024/03/24 10:29:35 mpi Exp $ */
/* $NetBSD: uvm_pdaemon.c,v 1.23 2000/08/20 10:24:14 bjh21 Exp $ */
/*
@ -165,33 +165,27 @@ uvm_wait(const char *wmsg)
/*
* uvmpd_tune: tune paging parameters
*
* => called whenever memory is added to (or removed from?) the system
* => caller must call with page queues locked
*/
void
uvmpd_tune(void)
{
int val;
uvmexp.freemin = uvmexp.npages / 30;
val = uvmexp.npages / 30;
/* between 16k and 512k */
/* XXX: what are these values good for? */
uvmexp.freemin = max(uvmexp.freemin, (16*1024) >> PAGE_SHIFT);
#if 0
uvmexp.freemin = min(uvmexp.freemin, (512*1024) >> PAGE_SHIFT);
#endif
val = max(val, (16*1024) >> PAGE_SHIFT);
/* Make sure there's always a user page free. */
if (uvmexp.freemin < uvmexp.reserve_kernel + 1)
uvmexp.freemin = uvmexp.reserve_kernel + 1;
if (val < uvmexp.reserve_kernel + 1)
val = uvmexp.reserve_kernel + 1;
uvmexp.freemin = val;
uvmexp.freetarg = (uvmexp.freemin * 4) / 3;
if (uvmexp.freetarg <= uvmexp.freemin)
uvmexp.freetarg = uvmexp.freemin + 1;
/* uvmexp.inactarg: computed in main daemon loop */
/* Calculate free target. */
val = (uvmexp.freemin * 4) / 3;
if (val <= uvmexp.freemin)
val = uvmexp.freemin + 1;
uvmexp.freetarg = val;
uvmexp.wiredmax = uvmexp.npages / 3;
}
@ -211,15 +205,12 @@ uvm_pageout(void *arg)
{
struct uvm_constraint_range constraint;
struct uvm_pmalloc *pma;
int npages = 0;
int free;
/* ensure correct priority and set paging parameters... */
uvm.pagedaemon_proc = curproc;
(void) spl0();
uvm_lock_pageq();
npages = uvmexp.npages;
uvmpd_tune();
uvm_unlock_pageq();
for (;;) {
long size;
@ -245,44 +236,38 @@ uvm_pageout(void *arg)
} else
constraint = no_constraint;
}
free = uvmexp.free - BUFPAGES_DEFICIT;
uvm_unlock_fpageq();
/*
* now lock page queues and recompute inactive count
*/
uvm_lock_pageq();
if (npages != uvmexp.npages) { /* check for new pages? */
npages = uvmexp.npages;
uvmpd_tune();
}
uvmexp.inactarg = (uvmexp.active + uvmexp.inactive) / 3;
if (uvmexp.inactarg <= uvmexp.freetarg) {
uvmexp.inactarg = uvmexp.freetarg + 1;
}
uvm_unlock_pageq();
/* Reclaim pages from the buffer cache if possible. */
size = 0;
if (pma != NULL)
size += pma->pm_size >> PAGE_SHIFT;
if (uvmexp.free - BUFPAGES_DEFICIT < uvmexp.freetarg)
size += uvmexp.freetarg - (uvmexp.free -
BUFPAGES_DEFICIT);
if (free < uvmexp.freetarg)
size += uvmexp.freetarg - free;
if (size == 0)
size = 16; /* XXX */
uvm_unlock_pageq();
(void) bufbackoff(&constraint, size * 2);
#if NDRM > 0
drmbackoff(size * 2);
#endif
uvm_lock_pageq();
/*
* scan if needed
*/
if (pma != NULL ||
((uvmexp.free - BUFPAGES_DEFICIT) < uvmexp.freetarg) ||
uvm_lock_pageq();
free = uvmexp.free - BUFPAGES_DEFICIT;
if (pma != NULL || (free < uvmexp.freetarg) ||
((uvmexp.inactive + BUFPAGES_INACT) < uvmexp.inactarg)) {
uvmpd_scan(pma, &constraint);
}

62
sys/uvm/uvmexp.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uvmexp.h,v 1.11 2023/10/27 19:18:53 mpi Exp $ */
/* $OpenBSD: uvmexp.h,v 1.12 2024/03/24 10:29:35 mpi Exp $ */
#ifndef _UVM_UVMEXP_
#define _UVM_UVMEXP_
@ -45,7 +45,9 @@
* I immutable after creation
* K kernel lock
* F uvm_lock_fpageq
* L uvm_lock_pageq
* S uvm_swap_data_lock
* p copy of per-CPU counters, used only by userland.
*/
struct uvmexp {
/* vm_page constants */
@ -56,8 +58,8 @@ struct uvmexp {
/* vm_page counters */
int npages; /* [I] number of pages we manage */
int free; /* [F] number of free pages */
int active; /* number of active pages */
int inactive; /* number of pages that we free'd but may want back */
int active; /* [L] # of active pages */
int inactive; /* [L] # of pages that we free'd but may want back */
int paging; /* number of pages in the process of being paged out */
int wired; /* number of wired pages */
@ -69,10 +71,10 @@ struct uvmexp {
int vtextpages; /* XXX # of pages used by vtext vnodes */
/* pageout params */
int freemin; /* min number of free pages */
int freetarg; /* target number of free pages */
int freemin; /* [I] min number of free pages */
int freetarg; /* [I] target number of free pages */
int inactarg; /* target number of inactive pages */
int wiredmax; /* max number of wired pages */
int wiredmax; /* [I] max number of wired pages */
int anonmin; /* min threshold for anon pages */
int vtextmin; /* min threshold for vtext pages */
int vnodemin; /* min threshold for vnode pages */
@ -91,16 +93,16 @@ struct uvmexp {
int unused06; /* formerly nfreeanon */
/* stat counters */
int faults; /* page fault count */
int faults; /* [p] page fault count */
int traps; /* trap count */
int intrs; /* interrupt count */
int swtch; /* context switch count */
int softs; /* software interrupt count */
int syscalls; /* system calls */
int pageins; /* pagein operation count */
int pageins; /* [p] pagein operation count */
/* pageouts are in pdpageouts below */
int unused07; /* formerly obsolete_swapins */
int unused08; /* formerly obsolete_swapouts */
int unused07; /* formerly obsolete_swapins */
int unused08; /* formerly obsolete_swapouts */
int pgswapin; /* pages swapped in */
int pgswapout; /* pages swapped out */
int forks; /* forks */
@ -113,28 +115,28 @@ struct uvmexp {
int unused09; /* formerly zeroaborts */
/* fault subcounters */
int fltnoram; /* number of times fault was out of ram */
int fltnoanon; /* number of times fault was out of anons */
int fltnoamap; /* number of times fault was out of amap chunks */
int fltpgwait; /* number of times fault had to wait on a page */
int fltpgrele; /* number of times fault found a released page */
int fltrelck; /* number of times fault relock called */
int fltrelckok; /* number of times fault relock is a success */
int fltanget; /* number of times fault gets anon page */
int fltanretry; /* number of times fault retrys an anon get */
int fltamcopy; /* number of times fault clears "needs copy" */
int fltnamap; /* number of times fault maps a neighbor anon page */
int fltnomap; /* number of times fault maps a neighbor obj page */
int fltlget; /* number of times fault does a locked pgo_get */
int fltget; /* number of times fault does an unlocked get */
int flt_anon; /* number of times fault anon (case 1a) */
int flt_acow; /* number of times fault anon cow (case 1b) */
int flt_obj; /* number of times fault is on object page (2a) */
int flt_prcopy; /* number of times fault promotes with copy (2b) */
int flt_przero; /* number of times fault promotes with zerofill (2b) */
int fltnoram; /* [p] # of times fault was out of ram */
int fltnoanon; /* [p] # of times fault was out of anons */
int fltnoamap; /* [p] # of times fault was out of amap chunks */
int fltpgwait; /* [p] # of times fault had to wait on a page */
int fltpgrele; /* [p] # of times fault found a released page */
int fltrelck; /* [p] # of times fault relock called */
int fltrelckok; /* [p] # of times fault relock is a success */
int fltanget; /* [p] # of times fault gets anon page */
int fltanretry; /* [p] # of times fault retrys an anon get */
int fltamcopy; /* [p] # of times fault clears "needs copy" */
int fltnamap; /* [p] # of times fault maps a neighbor anon page */
int fltnomap; /* [p] # of times fault maps a neighbor obj page */
int fltlget; /* [p] # of times fault does a locked pgo_get */
int fltget; /* [p] # of times fault does an unlocked get */
int flt_anon; /* [p] # of times fault anon (case 1a) */
int flt_acow; /* [p] # of times fault anon cow (case 1b) */
int flt_obj; /* [p] # of times fault is on object page (2a) */
int flt_prcopy; /* [p] # of times fault promotes with copy (2b) */
int flt_przero; /* [p] # of times fault promotes with zerofill (2b) */
/* daemon counters */
int pdwoke; /* number of times daemon woke up */
int pdwoke; /* [F] # of times daemon woke up */
int pdrevs; /* number of times daemon rev'd clock hand */
int pdswout; /* number of times daemon called for swapout */
int pdfreed; /* number of pages daemon freed since boot */

26
usr.bin/whois/whois.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: whois.1,v 1.40 2024/03/16 02:00:31 millert Exp $
.\" $OpenBSD: whois.1,v 1.41 2024/03/24 19:51:47 millert Exp $
.\" $NetBSD: whois.1,v 1.5 1995/08/31 21:51:32 jtc Exp $
.\"
.\" Copyright (c) 1985, 1990, 1993
@ -30,7 +30,7 @@
.\"
.\" @(#)whois.1 8.2 (Berkeley) 6/20/94
.\"
.Dd $Mdocdate: March 16 2024 $
.Dd $Mdocdate: March 24 2024 $
.Dt WHOIS 1
.Os
.Sh NAME
@ -224,28 +224,6 @@ For more information as to what
operands have special meaning, and how to guide the search, use
the special name
.Dq help .
.Ss Special cases
Queries beginning with an exclamation point
.Ql \&!
are assumed to be
.Tn NSI
contact handles.
Unless a host or domain is specified on the command line,
.Pq whois.networksolutions.com
will be used as the
.Nm
database.
.Pp
Similarly, queries beginning with
.Dq COCO-
are assumed to be
.Tn CORE
contact handles.
Unless a host or domain is specified on the command line,
.Pq whois.corenic.net
will be used as the
.Nm
database.
.Sh EXAMPLES
Most types of data, such as domain names and
.Tn IP

18
usr.bin/whois/whois.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: whois.c,v 1.61 2024/03/16 06:29:36 jmc Exp $ */
/* $OpenBSD: whois.c,v 1.62 2024/03/24 19:51:47 millert Exp $ */
/*
* Copyright (c) 1980, 1993
@ -46,7 +46,6 @@
#define NICHOST "whois.crsnic.net"
#define INICHOST "whois.internic.net"
#define CNICHOST "whois.corenic.net"
#define DNICHOST "whois.nic.mil"
#define GNICHOST "whois.nic.gov"
#define ANICHOST "whois.arin.net"
@ -297,10 +296,9 @@ whois(const char *query, const char *server, const char *port, int flags)
/*
* If no country is specified determine the top level domain from the query.
* If the TLD is a number, query ARIN, otherwise, use TLD.whois-server.net.
* If the domain does not contain '.', check to see if it is an NSI handle
* (starts with '!') or a CORE handle (COCO-[0-9]+ or COHO-[0-9]+) or an
* ASN (starts with AS) or IPv6 address (contains ':'). Fall back to
* NICHOST for the non-handle and non-IPv6 case.
* If the domain does not contain '.', check to see if it is an ASN (starts
* with AS) or IPv6 address (contains ':').
* Fall back to NICHOST for the non-handle and non-IPv6 case.
*/
char *
choose_server(const char *name, const char *country, char **tofree)
@ -318,13 +316,7 @@ choose_server(const char *name, const char *country, char **tofree)
if (country != NULL)
qhead = country;
else if ((qhead = strrchr(name, '.')) == NULL) {
if (*name == '!')
return (INICHOST);
else if ((strncasecmp(name, "COCO-", 5) == 0 ||
strncasecmp(name, "COHO-", 5) == 0) &&
strtol(name + 5, &ep, 10) > 0 && *ep == '\0')
return (CNICHOST);
else if ((strncasecmp(name, "AS", 2) == 0) &&
if ((strncasecmp(name, "AS", 2) == 0) &&
strtol(name + 2, &ep, 10) > 0 && *ep == '\0')
return (MNICHOST);
else if (strchr(name, ':') != NULL) /* IPv6 address */

9
usr.sbin/httpd/http.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: http.h,v 1.16 2020/09/12 07:34:17 yasuoka Exp $ */
/* $OpenBSD: http.h,v 1.17 2024/03/24 10:53:27 job Exp $ */
/*
* Copyright (c) 2012 - 2015 Reyk Floeter <reyk@openbsd.org>
@ -131,7 +131,8 @@ struct http_error {
{ 100, "Continue" }, \
{ 101, "Switching Protocols" }, \
{ 102, "Processing" }, \
/* 103-199 unassigned */ \
{ 103, "Early Hints" }, \
/* 104-199 unassigned */ \
{ 200, "OK" }, \
{ 201, "Created" }, \
{ 202, "Accepted" }, \
@ -175,10 +176,10 @@ struct http_error {
{ 418, "I'm a teapot" }, \
/* 419-421 unassigned */ \
{ 420, "Enhance Your Calm" }, \
{ 422, "Unprocessable Entity" }, \
{ 422, "Unprocessable Content" }, \
{ 423, "Locked" }, \
{ 424, "Failed Dependency" }, \
/* 425 unassigned */ \
{ 425, "Too Early" }, \
{ 426, "Upgrade Required" }, \
/* 427 unassigned */ \
{ 428, "Precondition Required" }, \

5
usr.sbin/ocspcheck/ocspcheck.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ocspcheck.c,v 1.32 2023/11/13 11:46:24 tb Exp $ */
/* $OpenBSD: ocspcheck.c,v 1.33 2024/03/24 11:30:12 beck Exp $ */
/*
* Copyright (c) 2017,2020 Bob Beck <beck@openbsd.org>
@ -34,6 +34,7 @@
#include <openssl/err.h>
#include <openssl/ocsp.h>
#include <openssl/posix_time.h>
#include <openssl/ssl.h>
#include "http.h"
@ -193,7 +194,7 @@ parse_ocsp_time(ASN1_GENERALIZEDTIME *gt)
return -1;
if (!ASN1_TIME_to_tm(gt, &tm))
return -1;
if ((rv = timegm(&tm)) == -1)
if (!OPENSSL_timegm(&tm, &rv))
return -1;
return rv;
}

6
usr.sbin/smtpd/smtpd.conf.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: smtpd.conf.5,v 1.270 2024/03/18 08:48:50 op Exp $
.\" $OpenBSD: smtpd.conf.5,v 1.271 2024/03/24 06:22:18 jsg Exp $
.\"
.\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org>
.\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net>
@ -17,7 +17,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\"
.Dd $Mdocdate: March 18 2024 $
.Dd $Mdocdate: March 24 2024 $
.Dt SMTPD.CONF 5
.Os
.Sh NAME
@ -1130,7 +1130,7 @@ is a successful delivery; status 71
and 75
.Pq Dv EX_TEMPFAIL
are temporary failures; and all other exit status are considered
permament failures.
permanent failures.
.Pp
The following environment variables are set:
.Pp