From fa20b4dfa4ab0a3be0d05f122de57148d055f92b Mon Sep 17 00:00:00 2001 From: purplerain Date: Sun, 24 Mar 2024 19:30:40 +0000 Subject: [PATCH] sync with OpenBSD -current --- lib/libcrypto/cryptlib.c | 6 +- lib/libcrypto/ec/ec_curve.c | 669 +-------------------------- lib/libcrypto/err/err_all.c | 5 +- lib/libcrypto/evp/evp_local.h | 5 +- lib/libcrypto/evp/evp_names.c | 217 +-------- lib/libcrypto/evp/evp_pbe.c | 11 +- lib/libcrypto/ocsp/ocsp_cl.c | 75 ++- lib/libcrypto/pkcs12/p12_attr.c | 8 +- lib/libcrypto/pkcs12/p12_crt.c | 6 +- lib/libcrypto/pkcs12/p12_init.c | 3 +- lib/libcrypto/pkcs12/p12_mutl.c | 3 +- lib/libcrypto/pkcs12/p12_sbag.c | 7 +- lib/libcrypto/ts/ts_rsp_sign.c | 4 +- lib/libcrypto/x509/by_dir.c | 29 +- lib/libcrypto/x509/x509_trs.c | 61 +-- lib/libtls/tls_conninfo.c | 26 +- lib/libtls/tls_ocsp.c | 5 +- regress/lib/libcrypto/evp/evp_test.c | 26 +- sys/arch/arm64/conf/GENERIC | 3 +- sys/arch/arm64/conf/RAMDISK | 3 +- sys/dev/fdt/if_cad.c | 19 +- sys/lib/libsa/softraid.c | 6 +- sys/uvm/uvm_pdaemon.c | 57 +-- sys/uvm/uvmexp.h | 62 +-- usr.bin/whois/whois.1 | 26 +- usr.bin/whois/whois.c | 18 +- usr.sbin/httpd/http.h | 9 +- usr.sbin/ocspcheck/ocspcheck.c | 5 +- usr.sbin/smtpd/smtpd.conf.5 | 6 +- 29 files changed, 243 insertions(+), 1137 deletions(-) diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c index abf115940..9eef0348e 100644 --- a/lib/libcrypto/cryptlib.c +++ b/lib/libcrypto/cryptlib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptlib.c,v 1.48 2024/03/02 11:37:13 tb Exp $ */ +/* $OpenBSD: cryptlib.c,v 1.49 2024/03/24 06:48:03 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -283,28 +283,24 @@ CRYPTO_THREADID_current(CRYPTO_THREADID *id) memset(id, 0, sizeof(*id)); id->val = (unsigned long)pthread_self(); } -LCRYPTO_ALIAS(CRYPTO_THREADID_current); int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) { return memcmp(a, b, sizeof(*a)); } -LCRYPTO_ALIAS(CRYPTO_THREADID_cmp); void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) { memcpy(dest, src, sizeof(*src)); } -LCRYPTO_ALIAS(CRYPTO_THREADID_cpy); unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id) { return id->val; } -LCRYPTO_ALIAS(CRYPTO_THREADID_hash); #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__INTEL__) || \ diff --git a/lib/libcrypto/ec/ec_curve.c b/lib/libcrypto/ec/ec_curve.c index 9d19628b3..dc7779358 100644 --- a/lib/libcrypto/ec/ec_curve.c +++ b/lib/libcrypto/ec/ec_curve.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_curve.c,v 1.42 2023/07/07 13:54:45 beck Exp $ */ +/* $OpenBSD: ec_curve.c,v 1.43 2024/03/24 06:05:41 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -1790,502 +1790,6 @@ static const struct { }, }; -#ifndef OPENSSL_NO_GOST -static const struct { - uint8_t p[32]; - uint8_t a[32]; - uint8_t b[32]; - uint8_t x[32]; - uint8_t y[32]; - uint8_t order[32]; -} _EC_GOST_2001_Test = { - .p = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x04, 0x31, - }, - .a = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x07, - }, - .b = { - 0x5f, 0xbf, 0xf4, 0x98, 0xaa, 0x93, 0x8c, 0xe7, 0x39, 0xb8, - 0xe0, 0x22, 0xfb, 0xaf, 0xef, 0x40, 0x56, 0x3f, 0x6e, 0x6a, - 0x34, 0x72, 0xfc, 0x2a, 0x51, 0x4c, 0x0c, 0xe9, 0xda, 0xe2, - 0x3b, 0x7e, - }, - .x = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x02, - }, - .y = { - 0x08, 0xe2, 0xa8, 0xa0, 0xe6, 0x51, 0x47, 0xd4, 0xbd, 0x63, - 0x16, 0x03, 0x0e, 0x16, 0xd1, 0x9c, 0x85, 0xc9, 0x7f, 0x0a, - 0x9c, 0xa2, 0x67, 0x12, 0x2b, 0x96, 0xab, 0xbc, 0xea, 0x7e, - 0x8f, 0xc8, - }, - .order = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x50, 0xfe, 0x8a, 0x18, - 0x92, 0x97, 0x61, 0x54, 0xc5, 0x9c, 0xfc, 0x19, 0x3a, 0xcc, - 0xf5, 0xb3, - }, -}; - -static const struct { - uint8_t p[32]; - uint8_t a[32]; - uint8_t b[32]; - uint8_t x[32]; - uint8_t y[32]; - uint8_t order[32]; -} _EC_GOST_2001_CryptoPro_A = { - .p = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xfd, 0x97, - }, - .a = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xfd, 0x94, - }, - .b = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0xa6, - }, - .x = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, - }, - .y = { - 0x8d, 0x91, 0xe4, 0x71, 0xe0, 0x98, 0x9c, 0xda, 0x27, 0xdf, - 0x50, 0x5a, 0x45, 0x3f, 0x2b, 0x76, 0x35, 0x29, 0x4f, 0x2d, - 0xdf, 0x23, 0xe3, 0xb1, 0x22, 0xac, 0xc9, 0x9c, 0x9e, 0x9f, - 0x1e, 0x14, - }, - .order = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x6c, 0x61, 0x10, 0x70, - 0x99, 0x5a, 0xd1, 0x00, 0x45, 0x84, 0x1b, 0x09, 0xb7, 0x61, - 0xb8, 0x93, - }, -}; - -static const struct { - uint8_t p[32]; - uint8_t a[32]; - uint8_t b[32]; - uint8_t x[32]; - uint8_t y[32]; - uint8_t order[32]; -} _EC_GOST_2001_CryptoPro_B = { - .p = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x0c, 0x99, - }, - .a = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x0c, 0x96, - }, - .b = { - 0x3e, 0x1a, 0xf4, 0x19, 0xa2, 0x69, 0xa5, 0xf8, 0x66, 0xa7, - 0xd3, 0xc2, 0x5c, 0x3d, 0xf8, 0x0a, 0xe9, 0x79, 0x25, 0x93, - 0x73, 0xff, 0x2b, 0x18, 0x2f, 0x49, 0xd4, 0xce, 0x7e, 0x1b, - 0xbc, 0x8b, - }, - .x = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, - }, - .y = { - 0x3f, 0xa8, 0x12, 0x43, 0x59, 0xf9, 0x66, 0x80, 0xb8, 0x3d, - 0x1c, 0x3e, 0xb2, 0xc0, 0x70, 0xe5, 0xc5, 0x45, 0xc9, 0x85, - 0x8d, 0x03, 0xec, 0xfb, 0x74, 0x4b, 0xf8, 0xd7, 0x17, 0x71, - 0x7e, 0xfc, - }, - .order = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x5f, 0x70, 0x0c, 0xff, - 0xf1, 0xa6, 0x24, 0xe5, 0xe4, 0x97, 0x16, 0x1b, 0xcc, 0x8a, - 0x19, 0x8f, - }, -}; - -static const struct { - uint8_t p[32]; - uint8_t a[32]; - uint8_t b[32]; - uint8_t x[32]; - uint8_t y[32]; - uint8_t order[32]; -} _EC_GOST_2001_CryptoPro_C = { - .p = { - 0x9b, 0x9f, 0x60, 0x5f, 0x5a, 0x85, 0x81, 0x07, 0xab, 0x1e, - 0xc8, 0x5e, 0x6b, 0x41, 0xc8, 0xaa, 0xcf, 0x84, 0x6e, 0x86, - 0x78, 0x90, 0x51, 0xd3, 0x79, 0x98, 0xf7, 0xb9, 0x02, 0x2d, - 0x75, 0x9b, - }, - .a = { - 0x9b, 0x9f, 0x60, 0x5f, 0x5a, 0x85, 0x81, 0x07, 0xab, 0x1e, - 0xc8, 0x5e, 0x6b, 0x41, 0xc8, 0xaa, 0xcf, 0x84, 0x6e, 0x86, - 0x78, 0x90, 0x51, 0xd3, 0x79, 0x98, 0xf7, 0xb9, 0x02, 0x2d, - 0x75, 0x98, - }, - .b = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x80, 0x5a, - }, - .x = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, - }, - .y = { - 0x41, 0xec, 0xe5, 0x57, 0x43, 0x71, 0x1a, 0x8c, 0x3c, 0xbf, - 0x37, 0x83, 0xcd, 0x08, 0xc0, 0xee, 0x4d, 0x4d, 0xc4, 0x40, - 0xd4, 0x64, 0x1a, 0x8f, 0x36, 0x6e, 0x55, 0x0d, 0xfd, 0xb3, - 0xbb, 0x67, - }, - .order = { - 0x9b, 0x9f, 0x60, 0x5f, 0x5a, 0x85, 0x81, 0x07, 0xab, 0x1e, - 0xc8, 0x5e, 0x6b, 0x41, 0xc8, 0xaa, 0x58, 0x2c, 0xa3, 0x51, - 0x1e, 0xdd, 0xfb, 0x74, 0xf0, 0x2f, 0x3a, 0x65, 0x98, 0x98, - 0x0b, 0xb9, - }, -}; - -/* - * This curve is defined in two birationally equal forms: canonical and Twisted - * Edwards. We do calculations in canonical (Weierstrass) form. - */ -static const struct { - uint8_t p[32]; - uint8_t a[32]; - uint8_t b[32]; - uint8_t x[32]; - uint8_t y[32]; - uint8_t order[32]; -} _EC_GOST_2012_256_TC26_A = { - .p = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xfd, 0x97, - }, - .a = { - 0xc2, 0x17, 0x3f, 0x15, 0x13, 0x98, 0x16, 0x73, 0xaf, 0x48, - 0x92, 0xc2, 0x30, 0x35, 0xa2, 0x7c, 0xe2, 0x5e, 0x20, 0x13, - 0xbf, 0x95, 0xaa, 0x33, 0xb2, 0x2c, 0x65, 0x6f, 0x27, 0x7e, - 0x73, 0x35, - }, - .b = { - 0x29, 0x5f, 0x9b, 0xae, 0x74, 0x28, 0xed, 0x9c, 0xcc, 0x20, - 0xe7, 0xc3, 0x59, 0xa9, 0xd4, 0x1a, 0x22, 0xfc, 0xcd, 0x91, - 0x08, 0xe1, 0x7b, 0xf7, 0xba, 0x93, 0x37, 0xa6, 0xf8, 0xae, - 0x95, 0x13, - }, - .x = { - 0x91, 0xe3, 0x84, 0x43, 0xa5, 0xe8, 0x2c, 0x0d, 0x88, 0x09, - 0x23, 0x42, 0x57, 0x12, 0xb2, 0xbb, 0x65, 0x8b, 0x91, 0x96, - 0x93, 0x2e, 0x02, 0xc7, 0x8b, 0x25, 0x82, 0xfe, 0x74, 0x2d, - 0xaa, 0x28, - }, - .y = { - 0x32, 0x87, 0x94, 0x23, 0xab, 0x1a, 0x03, 0x75, 0x89, 0x57, - 0x86, 0xc4, 0xbb, 0x46, 0xe9, 0x56, 0x5f, 0xde, 0x0b, 0x53, - 0x44, 0x76, 0x67, 0x40, 0xaf, 0x26, 0x8a, 0xdb, 0x32, 0x32, - 0x2e, 0x5c, - }, - .order = { - 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xd8, 0xcd, 0xdf, - 0xc8, 0x7b, 0x66, 0x35, 0xc1, 0x15, 0xaf, 0x55, 0x6c, 0x36, - 0x0c, 0x67, - }, -}; - -static const struct { - uint8_t p[64]; - uint8_t a[64]; - uint8_t b[64]; - uint8_t x[64]; - uint8_t y[64]; - uint8_t order[64]; -} _EC_GOST_2012_512_Test = { - .p = { - 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, - 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2, - 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2, - 0xd1, 0x5d, 0xf1, 0xd8, 0x52, 0x74, 0x1a, 0xf4, 0x70, 0x4a, - 0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8, - 0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5, - 0x28, 0xbe, 0x63, 0x73, - }, - .a = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x07, - }, - .b = { - 0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8, - 0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74, 0x8b, 0xc5, 0xf3, 0x77, - 0xe4, 0x94, 0x00, 0xfd, 0xd7, 0x88, 0xb6, 0x49, 0xec, 0xa1, - 0xac, 0x43, 0x61, 0x83, 0x40, 0x13, 0xb2, 0xad, 0x73, 0x22, - 0x48, 0x0a, 0x89, 0xca, 0x58, 0xe0, 0xcf, 0x74, 0xbc, 0x9e, - 0x54, 0x0c, 0x2a, 0xdd, 0x68, 0x97, 0xfa, 0xd0, 0xa3, 0x08, - 0x4f, 0x30, 0x2a, 0xdc, - }, - .x = { - 0x24, 0xd1, 0x9c, 0xc6, 0x45, 0x72, 0xee, 0x30, 0xf3, 0x96, - 0xbf, 0x6e, 0xbb, 0xfd, 0x7a, 0x6c, 0x52, 0x13, 0xb3, 0xb3, - 0xd7, 0x05, 0x7c, 0xc8, 0x25, 0xf9, 0x10, 0x93, 0xa6, 0x8c, - 0xd7, 0x62, 0xfd, 0x60, 0x61, 0x12, 0x62, 0xcd, 0x83, 0x8d, - 0xc6, 0xb6, 0x0a, 0xa7, 0xee, 0xe8, 0x04, 0xe2, 0x8b, 0xc8, - 0x49, 0x97, 0x7f, 0xac, 0x33, 0xb4, 0xb5, 0x30, 0xf1, 0xb1, - 0x20, 0x24, 0x8a, 0x9a, - }, - .y = { - 0x2b, 0xb3, 0x12, 0xa4, 0x3b, 0xd2, 0xce, 0x6e, 0x0d, 0x02, - 0x06, 0x13, 0xc8, 0x57, 0xac, 0xdd, 0xcf, 0xbf, 0x06, 0x1e, - 0x91, 0xe5, 0xf2, 0xc3, 0xf3, 0x24, 0x47, 0xc2, 0x59, 0xf3, - 0x9b, 0x2c, 0x83, 0xab, 0x15, 0x6d, 0x77, 0xf1, 0x49, 0x6b, - 0xf7, 0xeb, 0x33, 0x51, 0xe1, 0xee, 0x4e, 0x43, 0xdc, 0x1a, - 0x18, 0xb9, 0x1b, 0x24, 0x64, 0x0b, 0x6d, 0xbb, 0x92, 0xcb, - 0x1a, 0xdd, 0x37, 0x1e, - }, - .order = { - 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, - 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2, - 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2, - 0xd1, 0x5d, 0xa8, 0x2f, 0x2d, 0x7e, 0xcb, 0x1d, 0xba, 0xc7, - 0x19, 0x90, 0x5c, 0x5e, 0xec, 0xc4, 0x23, 0xf1, 0xd8, 0x6e, - 0x25, 0xed, 0xbe, 0x23, 0xc5, 0x95, 0xd6, 0x44, 0xaa, 0xf1, - 0x87, 0xe6, 0xe6, 0xdf, - }, -}; - -static const struct { - uint8_t p[64]; - uint8_t a[64]; - uint8_t b[64]; - uint8_t x[64]; - uint8_t y[64]; - uint8_t order[64]; -} _EC_GOST_2012_512_TC26_A = { - .p = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xfd, 0xc7, - }, - .a = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xfd, 0xc4, - }, - .b = { - 0xe8, 0xc2, 0x50, 0x5d, 0xed, 0xfc, 0x86, 0xdd, 0xc1, 0xbd, - 0x0b, 0x2b, 0x66, 0x67, 0xf1, 0xda, 0x34, 0xb8, 0x25, 0x74, - 0x76, 0x1c, 0xb0, 0xe8, 0x79, 0xbd, 0x08, 0x1c, 0xfd, 0x0b, - 0x62, 0x65, 0xee, 0x3c, 0xb0, 0x90, 0xf3, 0x0d, 0x27, 0x61, - 0x4c, 0xb4, 0x57, 0x40, 0x10, 0xda, 0x90, 0xdd, 0x86, 0x2e, - 0xf9, 0xd4, 0xeb, 0xee, 0x47, 0x61, 0x50, 0x31, 0x90, 0x78, - 0x5a, 0x71, 0xc7, 0x60, - }, - .x = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x03, - }, - .y = { - 0x75, 0x03, 0xcf, 0xe8, 0x7a, 0x83, 0x6a, 0xe3, 0xa6, 0x1b, - 0x88, 0x16, 0xe2, 0x54, 0x50, 0xe6, 0xce, 0x5e, 0x1c, 0x93, - 0xac, 0xf1, 0xab, 0xc1, 0x77, 0x80, 0x64, 0xfd, 0xcb, 0xef, - 0xa9, 0x21, 0xdf, 0x16, 0x26, 0xbe, 0x4f, 0xd0, 0x36, 0xe9, - 0x3d, 0x75, 0xe6, 0xa5, 0x0e, 0x3a, 0x41, 0xe9, 0x80, 0x28, - 0xfe, 0x5f, 0xc2, 0x35, 0xf5, 0xb8, 0x89, 0xa5, 0x89, 0xcb, - 0x52, 0x15, 0xf2, 0xa4, - }, - .order = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0x27, 0xe6, 0x95, 0x32, 0xf4, 0x8d, 0x89, 0x11, - 0x6f, 0xf2, 0x2b, 0x8d, 0x4e, 0x05, 0x60, 0x60, 0x9b, 0x4b, - 0x38, 0xab, 0xfa, 0xd2, 0xb8, 0x5d, 0xca, 0xcd, 0xb1, 0x41, - 0x1f, 0x10, 0xb2, 0x75, - }, -}; - -static const struct { - uint8_t p[64]; - uint8_t a[64]; - uint8_t b[64]; - uint8_t x[64]; - uint8_t y[64]; - uint8_t order[64]; -} _EC_GOST_2012_512_TC26_B = { - .p = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x6f, - }, - .a = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x6c, - }, - .b = { - 0x68, 0x7d, 0x1b, 0x45, 0x9d, 0xc8, 0x41, 0x45, 0x7e, 0x3e, - 0x06, 0xcf, 0x6f, 0x5e, 0x25, 0x17, 0xb9, 0x7c, 0x7d, 0x61, - 0x4a, 0xf1, 0x38, 0xbc, 0xbf, 0x85, 0xdc, 0x80, 0x6c, 0x4b, - 0x28, 0x9f, 0x3e, 0x96, 0x5d, 0x2d, 0xb1, 0x41, 0x6d, 0x21, - 0x7f, 0x8b, 0x27, 0x6f, 0xad, 0x1a, 0xb6, 0x9c, 0x50, 0xf7, - 0x8b, 0xee, 0x1f, 0xa3, 0x10, 0x6e, 0xfb, 0x8c, 0xcb, 0xc7, - 0xc5, 0x14, 0x01, 0x16, - }, - .x = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x02, - }, - .y = { - 0x1a, 0x8f, 0x7e, 0xda, 0x38, 0x9b, 0x09, 0x4c, 0x2c, 0x07, - 0x1e, 0x36, 0x47, 0xa8, 0x94, 0x0f, 0x3c, 0x12, 0x3b, 0x69, - 0x75, 0x78, 0xc2, 0x13, 0xbe, 0x6d, 0xd9, 0xe6, 0xc8, 0xec, - 0x73, 0x35, 0xdc, 0xb2, 0x28, 0xfd, 0x1e, 0xdf, 0x4a, 0x39, - 0x15, 0x2c, 0xbc, 0xaa, 0xf8, 0xc0, 0x39, 0x88, 0x28, 0x04, - 0x10, 0x55, 0xf9, 0x4c, 0xee, 0xec, 0x7e, 0x21, 0x34, 0x07, - 0x80, 0xfe, 0x41, 0xbd, - }, - .order = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, 0x49, 0xa1, 0xec, 0x14, 0x25, 0x65, 0xa5, 0x45, - 0xac, 0xfd, 0xb7, 0x7b, 0xd9, 0xd4, 0x0c, 0xfa, 0x8b, 0x99, - 0x67, 0x12, 0x10, 0x1b, 0xea, 0x0e, 0xc6, 0x34, 0x6c, 0x54, - 0x37, 0x4f, 0x25, 0xbd, - }, -}; - -/* - * This curve is defined in two birationally equal forms: canonical and Twisted - * Edwards. We do calculations in canonical (Weierstrass) form. - */ -static const struct { - uint8_t p[64]; - uint8_t a[64]; - uint8_t b[64]; - uint8_t x[64]; - uint8_t y[64]; - uint8_t order[64]; -} _EC_GOST_2012_512_TC26_C = { - .p = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xfd, 0xc7, - }, - .a = { - 0xdc, 0x92, 0x03, 0xe5, 0x14, 0xa7, 0x21, 0x87, 0x54, 0x85, - 0xa5, 0x29, 0xd2, 0xc7, 0x22, 0xfb, 0x18, 0x7b, 0xc8, 0x98, - 0x0e, 0xb8, 0x66, 0x64, 0x4d, 0xe4, 0x1c, 0x68, 0xe1, 0x43, - 0x06, 0x45, 0x46, 0xe8, 0x61, 0xc0, 0xe2, 0xc9, 0xed, 0xd9, - 0x2a, 0xde, 0x71, 0xf4, 0x6f, 0xcf, 0x50, 0xff, 0x2a, 0xd9, - 0x7f, 0x95, 0x1f, 0xda, 0x9f, 0x2a, 0x2e, 0xb6, 0x54, 0x6f, - 0x39, 0x68, 0x9b, 0xd3, - }, - .b = { - 0xb4, 0xc4, 0xee, 0x28, 0xce, 0xbc, 0x6c, 0x2c, 0x8a, 0xc1, - 0x29, 0x52, 0xcf, 0x37, 0xf1, 0x6a, 0xc7, 0xef, 0xb6, 0xa9, - 0xf6, 0x9f, 0x4b, 0x57, 0xff, 0xda, 0x2e, 0x4f, 0x0d, 0xe5, - 0xad, 0xe0, 0x38, 0xcb, 0xc2, 0xff, 0xf7, 0x19, 0xd2, 0xc1, - 0x8d, 0xe0, 0x28, 0x4b, 0x8b, 0xfe, 0xf3, 0xb5, 0x2b, 0x8c, - 0xc7, 0xa5, 0xf5, 0xbf, 0x0a, 0x3c, 0x8d, 0x23, 0x19, 0xa5, - 0x31, 0x25, 0x57, 0xe1, - }, - .x = { - 0xe2, 0xe3, 0x1e, 0xdf, 0xc2, 0x3d, 0xe7, 0xbd, 0xeb, 0xe2, - 0x41, 0xce, 0x59, 0x3e, 0xf5, 0xde, 0x22, 0x95, 0xb7, 0xa9, - 0xcb, 0xae, 0xf0, 0x21, 0xd3, 0x85, 0xf7, 0x07, 0x4c, 0xea, - 0x04, 0x3a, 0xa2, 0x72, 0x72, 0xa7, 0xae, 0x60, 0x2b, 0xf2, - 0xa7, 0xb9, 0x03, 0x3d, 0xb9, 0xed, 0x36, 0x10, 0xc6, 0xfb, - 0x85, 0x48, 0x7e, 0xae, 0x97, 0xaa, 0xc5, 0xbc, 0x79, 0x28, - 0xc1, 0x95, 0x01, 0x48, - }, - .y = { - 0xf5, 0xce, 0x40, 0xd9, 0x5b, 0x5e, 0xb8, 0x99, 0xab, 0xbc, - 0xcf, 0xf5, 0x91, 0x1c, 0xb8, 0x57, 0x79, 0x39, 0x80, 0x4d, - 0x65, 0x27, 0x37, 0x8b, 0x8c, 0x10, 0x8c, 0x3d, 0x20, 0x90, - 0xff, 0x9b, 0xe1, 0x8e, 0x2d, 0x33, 0xe3, 0x02, 0x1e, 0xd2, - 0xef, 0x32, 0xd8, 0x58, 0x22, 0x42, 0x3b, 0x63, 0x04, 0xf7, - 0x26, 0xaa, 0x85, 0x4b, 0xae, 0x07, 0xd0, 0x39, 0x6e, 0x9a, - 0x9a, 0xdd, 0xc4, 0x0f, - }, - .order = { - 0x3f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xc9, 0x8c, 0xdb, 0xa4, 0x65, 0x06, 0xab, 0x00, - 0x4c, 0x33, 0xa9, 0xff, 0x51, 0x47, 0x50, 0x2c, 0xc8, 0xed, - 0xa9, 0xe7, 0xa7, 0x69, 0xa1, 0x26, 0x94, 0x62, 0x3c, 0xef, - 0x47, 0xf0, 0x23, 0xed, - }, -}; -#endif - static const struct ec_list_element { const char *comment; int nid; @@ -2822,177 +2326,6 @@ static const struct ec_list_element { .order = _EC_FRP256v1.order, .cofactor = 1, }, -#ifndef OPENSSL_NO_GOST - /* GOST R 34.10-2001 */ - { - .comment = "GOST R 34.10-2001 Test Curve", - .nid = NID_id_GostR3410_2001_TestParamSet, - .param_len = sizeof(_EC_GOST_2001_Test.p), - .p = _EC_GOST_2001_Test.p, - .a = _EC_GOST_2001_Test.a, - .b = _EC_GOST_2001_Test.b, - .x = _EC_GOST_2001_Test.x, - .y = _EC_GOST_2001_Test.y, - .order = _EC_GOST_2001_Test.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2001 CryptoPro-A", - .nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet, - .param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p), - .p = _EC_GOST_2001_CryptoPro_A.p, - .a = _EC_GOST_2001_CryptoPro_A.a, - .b = _EC_GOST_2001_CryptoPro_A.b, - .x = _EC_GOST_2001_CryptoPro_A.x, - .y = _EC_GOST_2001_CryptoPro_A.y, - .order = _EC_GOST_2001_CryptoPro_A.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2001 CryptoPro-B", - .nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet, - .param_len = sizeof(_EC_GOST_2001_CryptoPro_B.p), - .p = _EC_GOST_2001_CryptoPro_B.p, - .a = _EC_GOST_2001_CryptoPro_B.a, - .b = _EC_GOST_2001_CryptoPro_B.b, - .x = _EC_GOST_2001_CryptoPro_B.x, - .y = _EC_GOST_2001_CryptoPro_B.y, - .order = _EC_GOST_2001_CryptoPro_B.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2001 CryptoPro-C", - .nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet, - .param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p), - .p = _EC_GOST_2001_CryptoPro_C.p, - .a = _EC_GOST_2001_CryptoPro_C.a, - .b = _EC_GOST_2001_CryptoPro_C.b, - .x = _EC_GOST_2001_CryptoPro_C.x, - .y = _EC_GOST_2001_CryptoPro_C.y, - .order = _EC_GOST_2001_CryptoPro_C.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2001 CryptoPro-XchA", - .nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, - .param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p), - .p = _EC_GOST_2001_CryptoPro_A.p, - .a = _EC_GOST_2001_CryptoPro_A.a, - .b = _EC_GOST_2001_CryptoPro_A.b, - .x = _EC_GOST_2001_CryptoPro_A.x, - .y = _EC_GOST_2001_CryptoPro_A.y, - .order = _EC_GOST_2001_CryptoPro_A.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2001 CryptoPro-XchB", - .nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, - .param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p), - .p = _EC_GOST_2001_CryptoPro_C.p, - .a = _EC_GOST_2001_CryptoPro_C.a, - .b = _EC_GOST_2001_CryptoPro_C.b, - .x = _EC_GOST_2001_CryptoPro_C.x, - .y = _EC_GOST_2001_CryptoPro_C.y, - .order = _EC_GOST_2001_CryptoPro_C.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2012 256 TC26-A", - .nid = NID_id_tc26_gost_3410_12_256_paramSetA, - .param_len = sizeof(_EC_GOST_2012_256_TC26_A.p), - .p = _EC_GOST_2012_256_TC26_A.p, - .a = _EC_GOST_2012_256_TC26_A.a, - .b = _EC_GOST_2012_256_TC26_A.b, - .x = _EC_GOST_2012_256_TC26_A.x, - .y = _EC_GOST_2012_256_TC26_A.y, - .order = _EC_GOST_2012_256_TC26_A.order, - .cofactor = 4, - }, - { - .comment = "GOST R 34.10-2012 256 TC26-B", - .nid = NID_id_tc26_gost_3410_12_256_paramSetB, - .param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p), - .p = _EC_GOST_2001_CryptoPro_A.p, - .a = _EC_GOST_2001_CryptoPro_A.a, - .b = _EC_GOST_2001_CryptoPro_A.b, - .x = _EC_GOST_2001_CryptoPro_A.x, - .y = _EC_GOST_2001_CryptoPro_A.y, - .order = _EC_GOST_2001_CryptoPro_A.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2012 256 TC26-C", - .nid = NID_id_tc26_gost_3410_12_256_paramSetC, - .param_len = sizeof(_EC_GOST_2001_CryptoPro_B.p), - .p = _EC_GOST_2001_CryptoPro_B.p, - .a = _EC_GOST_2001_CryptoPro_B.a, - .b = _EC_GOST_2001_CryptoPro_B.b, - .x = _EC_GOST_2001_CryptoPro_B.x, - .y = _EC_GOST_2001_CryptoPro_B.y, - .order = _EC_GOST_2001_CryptoPro_B.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2012 256 TC26-D", - .nid = NID_id_tc26_gost_3410_12_256_paramSetD, - .param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p), - .p = _EC_GOST_2001_CryptoPro_C.p, - .a = _EC_GOST_2001_CryptoPro_C.a, - .b = _EC_GOST_2001_CryptoPro_C.b, - .x = _EC_GOST_2001_CryptoPro_C.x, - .y = _EC_GOST_2001_CryptoPro_C.y, - .order = _EC_GOST_2001_CryptoPro_C.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2012 512 Test Curve", - .nid = NID_id_tc26_gost_3410_12_512_paramSetTest, - .param_len = sizeof(_EC_GOST_2012_512_Test.p), - .p = _EC_GOST_2012_512_Test.p, - .a = _EC_GOST_2012_512_Test.a, - .b = _EC_GOST_2012_512_Test.b, - .x = _EC_GOST_2012_512_Test.x, - .y = _EC_GOST_2012_512_Test.y, - .order = _EC_GOST_2012_512_Test.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2012 512 TC26-A", - .nid = NID_id_tc26_gost_3410_12_512_paramSetA, - .param_len = sizeof(_EC_GOST_2012_512_TC26_A.p), - .p = _EC_GOST_2012_512_TC26_A.p, - .a = _EC_GOST_2012_512_TC26_A.a, - .b = _EC_GOST_2012_512_TC26_A.b, - .x = _EC_GOST_2012_512_TC26_A.x, - .y = _EC_GOST_2012_512_TC26_A.y, - .order = _EC_GOST_2012_512_TC26_A.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2012 512 TC26-B", - .nid = NID_id_tc26_gost_3410_12_512_paramSetB, - .param_len = sizeof(_EC_GOST_2012_512_TC26_B.p), - .p = _EC_GOST_2012_512_TC26_B.p, - .a = _EC_GOST_2012_512_TC26_B.a, - .b = _EC_GOST_2012_512_TC26_B.b, - .x = _EC_GOST_2012_512_TC26_B.x, - .y = _EC_GOST_2012_512_TC26_B.y, - .order = _EC_GOST_2012_512_TC26_B.order, - .cofactor = 1, - }, - { - .comment = "GOST R 34.10-2012 512 TC26-C", - .nid = NID_id_tc26_gost_3410_12_512_paramSetC, - .param_len = sizeof(_EC_GOST_2012_512_TC26_C.p), - .p = _EC_GOST_2012_512_TC26_C.p, - .a = _EC_GOST_2012_512_TC26_C.a, - .b = _EC_GOST_2012_512_TC26_C.b, - .x = _EC_GOST_2012_512_TC26_C.x, - .y = _EC_GOST_2012_512_TC26_C.y, - .order = _EC_GOST_2012_512_TC26_C.order, - .cofactor = 4, - }, -#endif }; #define CURVE_LIST_LENGTH (sizeof(curve_list) / sizeof(curve_list[0])) diff --git a/lib/libcrypto/err/err_all.c b/lib/libcrypto/err/err_all.c index 56276abb0..ea6c0af40 100644 --- a/lib/libcrypto/err/err_all.c +++ b/lib/libcrypto/err/err_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err_all.c,v 1.34 2024/03/02 13:39:28 tb Exp $ */ +/* $OpenBSD: err_all.c,v 1.35 2024/03/24 06:05:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -125,9 +125,6 @@ ERR_load_crypto_strings_internal(void) ERR_load_EC_strings(); #endif ERR_load_EVP_strings(); -#ifndef OPENSSL_NO_GOST - ERR_load_GOST_strings(); -#endif ERR_load_KDF_strings(); ERR_load_OBJ_strings(); ERR_load_OCSP_strings(); diff --git a/lib/libcrypto/evp/evp_local.h b/lib/libcrypto/evp/evp_local.h index dad2cec81..d0335931e 100644 --- a/lib/libcrypto/evp/evp_local.h +++ b/lib/libcrypto/evp/evp_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_local.h,v 1.19 2024/03/02 10:20:27 tb Exp $ */ +/* $OpenBSD: evp_local.h,v 1.20 2024/03/24 06:05:41 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -172,9 +172,6 @@ struct evp_pkey_st { #ifndef OPENSSL_NO_EC struct ec_key_st *ec; /* ECC */ struct ecx_key_st *ecx; /* ECX */ -#endif -#ifndef OPENSSL_NO_GOST - struct gost_key_st *gost; /* GOST */ #endif } pkey; int save_parameters; diff --git a/lib/libcrypto/evp/evp_names.c b/lib/libcrypto/evp/evp_names.c index 2936c3662..d1e21d279 100644 --- a/lib/libcrypto/evp/evp_names.c +++ b/lib/libcrypto/evp/evp_names.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_names.c,v 1.12 2024/03/02 10:13:13 tb Exp $ */ +/* $OpenBSD: evp_names.c,v 1.15 2024/03/24 13:56:35 jca Exp $ */ /* * Copyright (c) 2023 Theo Buehler * @@ -46,7 +46,6 @@ struct digest_name { */ static const struct cipher_name cipher_names[] = { -#ifndef OPENSSL_NO_AES { .name = SN_aes_128_cbc, .cipher = EVP_aes_128_cbc, @@ -157,9 +156,7 @@ static const struct cipher_name cipher_names[] = { .cipher = EVP_aes_256_cbc, .alias = SN_aes_256_cbc, }, -#endif /* OPENSSL_NO_AES */ -#ifndef OPENSSL_NO_BF { .name = "BF", .cipher = EVP_bf_cbc, @@ -182,9 +179,7 @@ static const struct cipher_name cipher_names[] = { .name = SN_bf_ofb64, .cipher = EVP_bf_ofb, }, -#endif -#ifndef OPENSSL_NO_CAMELLIA { .name = SN_camellia_128_cbc, .cipher = EVP_camellia_128_cbc, @@ -275,9 +270,7 @@ static const struct cipher_name cipher_names[] = { .cipher = EVP_camellia_256_cbc, .alias = SN_camellia_256_cbc, }, -#endif /* OPENSSL_NO_CAMELLIA */ -#ifndef OPENSSL_NO_CAST { .name = "CAST", .cipher = EVP_cast5_cbc, @@ -305,9 +298,7 @@ static const struct cipher_name cipher_names[] = { .name = SN_cast5_ofb64, .cipher = EVP_cast5_ofb, }, -#endif -#ifndef OPENSSL_NO_CHACHA { .name = SN_chacha20, .cipher = EVP_chacha20, @@ -317,16 +308,12 @@ static const struct cipher_name cipher_names[] = { .cipher = EVP_chacha20, .alias = SN_chacha20, }, -#endif /* OPENSSL_NO_CHACHA */ -#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) { .name = SN_chacha20_poly1305, .cipher = EVP_chacha20_poly1305, }, -#endif /* OPENSSL_NO_CHACHA && OPENSSL_NO_POLY1305 */ -#ifndef OPENSSL_NO_DES { .name = "DES", .cipher = EVP_des_cbc, @@ -413,16 +400,7 @@ static const struct cipher_name cipher_names[] = { .name = SN_desx_cbc, .cipher = EVP_desx_cbc, }, -#endif /* OPENSSL_NO_DES */ -#ifndef OPENSSL_NO_GOST - { - .name = LN_id_Gost28147_89, - .cipher = EVP_gost2814789_cfb64, - }, -#endif /* OPENSSL_NO_GOST */ - -#ifndef OPENSSL_NO_IDEA { .name = "IDEA", .cipher = EVP_idea_cbc, @@ -445,9 +423,7 @@ static const struct cipher_name cipher_names[] = { .name = SN_idea_ofb64, .cipher = EVP_idea_ofb, }, -#endif /* OPENSSL_NO_IDEA */ -#ifndef OPENSSL_NO_RC2 { .name = "RC2", .cipher = EVP_rc2_cbc, @@ -478,9 +454,7 @@ static const struct cipher_name cipher_names[] = { .name = SN_rc2_ofb64, .cipher = EVP_rc2_ofb, }, -#endif /* OPENSSL_NO_RC2 */ -#ifndef OPENSSL_NO_RC4 { .name = SN_rc4, .cipher = EVP_rc4, @@ -489,9 +463,7 @@ static const struct cipher_name cipher_names[] = { .name = SN_rc4_40, .cipher = EVP_rc4_40, }, -#endif /* OPENSSL_NO_RC4 */ -#ifndef OPENSSL_NO_SM4 { .name = "SM4", .cipher = EVP_sm4_cbc, @@ -518,9 +490,7 @@ static const struct cipher_name cipher_names[] = { .name = SN_sm4_ofb128, .cipher = EVP_sm4_ofb, }, -#endif /* OPENSSL_NO_SM4 */ -#ifndef OPENSSL_NO_AES { .name = LN_aes_128_cbc, .cipher = EVP_aes_128_cbc, @@ -655,9 +625,7 @@ static const struct cipher_name cipher_names[] = { .cipher = EVP_aes_256_cbc, .alias = SN_aes_256_cbc, }, -#endif /* OPENSSL_NO_AES */ -#ifndef OPENSSL_NO_BF { .name = "bf", .cipher = EVP_bf_cbc, @@ -686,9 +654,7 @@ static const struct cipher_name cipher_names[] = { .cipher = EVP_bf_cbc, .alias = SN_bf_cbc, }, -#endif /* OPENSSL_NO_BF */ -#ifndef OPENSSL_NO_CAMELLIA { .name = LN_camellia_128_cbc, .cipher = EVP_camellia_128_cbc, @@ -779,9 +745,7 @@ static const struct cipher_name cipher_names[] = { .cipher = EVP_camellia_256_cbc, .alias = SN_camellia_256_cbc, }, -#endif /* OPENSSL_NO_CAMELLIA */ -#ifndef OPENSSL_NO_CAST { .name = "cast", .cipher = EVP_cast5_cbc, @@ -809,9 +773,7 @@ static const struct cipher_name cipher_names[] = { .name = LN_cast5_ofb64, .cipher = EVP_cast5_ofb, }, -#endif -#ifndef OPENSSL_NO_CHACHA { .name = LN_chacha20, .cipher = EVP_chacha20, @@ -826,9 +788,7 @@ static const struct cipher_name cipher_names[] = { .name = LN_chacha20_poly1305, .cipher = EVP_chacha20_poly1305, }, -#endif -#ifndef OPENSSL_NO_DES { .name = "des", .cipher = EVP_des_cbc, @@ -915,24 +875,7 @@ static const struct cipher_name cipher_names[] = { .name = LN_desx_cbc, .cipher = EVP_desx_cbc, }, -#endif /* OPENSSL_NO_DES */ -#ifndef OPENSSL_NO_GOST - { - .name = SN_id_Gost28147_89, - .cipher = EVP_gost2814789_cfb64, - }, - { - .name = SN_gost89_cnt, - .cipher = EVP_gost2814789_cnt, - }, - { - .name = SN_gost89_ecb, - .cipher = EVP_gost2814789_ecb, - }, -#endif /* OPENSSL_NO_GOST */ - -#ifndef OPENSSL_NO_AES { .name = SN_aes_128_ccm, .cipher = EVP_aes_128_ccm, @@ -971,9 +914,7 @@ static const struct cipher_name cipher_names[] = { .name = SN_id_aes256_wrap, .cipher = EVP_aes_256_wrap, }, -#endif /* OPENSSL_NO_AES */ -#ifndef OPENSSL_NO_IDEA { .name = "idea", .cipher = EVP_idea_cbc, @@ -996,9 +937,7 @@ static const struct cipher_name cipher_names[] = { .name = LN_idea_ofb64, .cipher = EVP_idea_ofb, }, -#endif /* OPENSSL_NO_IDEA */ -#ifndef OPENSSL_NO_RC2 { .name = "rc2", .cipher = EVP_rc2_cbc, @@ -1029,9 +968,7 @@ static const struct cipher_name cipher_names[] = { .name = LN_rc2_ofb64, .cipher = EVP_rc2_ofb, }, -#endif /* OPENSSL_NO_RC2 */ -#ifndef OPENSSL_NO_RC4 { .name = LN_rc4, .cipher = EVP_rc4, @@ -1040,9 +977,7 @@ static const struct cipher_name cipher_names[] = { .name = LN_rc4_40, .cipher = EVP_rc4_40, }, -#endif /* OPENSSL_NO_RC4 */ -#ifndef OPENSSL_NO_SM4 { .name = "sm4", .cipher = EVP_sm4_cbc, @@ -1069,7 +1004,6 @@ static const struct cipher_name cipher_names[] = { .name = LN_sm4_ofb128, .cipher = EVP_sm4_ofb, }, -#endif /* OPENSSL_NO_SM4 */ }; #define N_CIPHER_NAMES (sizeof(cipher_names) / sizeof(cipher_names[0])) @@ -1080,83 +1014,47 @@ static const struct cipher_name cipher_names[] = { */ static const struct digest_name digest_names[] = { -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA1) { .name = SN_dsaWithSHA1, .digest = EVP_sha1, .alias = SN_sha1, }, -#endif -#ifndef OPENSSL_NO_GOST - { - .name = LN_id_Gost28147_89_MAC, - .digest = EVP_gost2814789imit, - }, - { - .name = LN_id_tc26_gost3411_2012_512, - .digest = EVP_streebog512, - }, - { - .name = LN_id_tc26_gost3411_2012_256, - .digest = EVP_streebog256, - }, - { - .name = LN_id_GostR3411_94, - .digest = EVP_gostr341194, - }, -#endif /* OPENSSL_NO_GOST */ -#ifndef OPENSSL_NO_MD4 { .name = SN_md4, .digest = EVP_md4, }, -#endif /* OPENSSL_NO_MD4 */ -#ifndef OPENSSL_NO_MD5 { .name = SN_md5, .digest = EVP_md5, }, -#endif /* OPENSSL_NO_MD5 */ -#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_SHA1) { .name = SN_md5_sha1, .digest = EVP_md5_sha1, }, -#endif /* OPENSSL_NO_MD5 && OPENSSL_NO_SHA1 */ -#ifndef OPENSSL_NO_RIPEMD { .name = SN_ripemd160, .digest = EVP_ripemd160, }, -#endif /* OPENSSL_NO_RIPEMD */ -#ifndef OPENSSL_NO_RSA -#ifndef OPENSSL_NO_MD4 { .name = SN_md4WithRSAEncryption, .digest = EVP_md4, .alias = SN_md4, }, -#endif /* OPENSSL_NO_MD4 */ -#ifndef OPENSSL_NO_MD5 { .name = SN_md5WithRSAEncryption, .digest = EVP_md5, .alias = SN_md5, }, -#endif /* OPENSSL_NO_MD5 */ -#ifndef OPENSSL_NO_RIPEMD { .name = SN_ripemd160WithRSA, .digest = EVP_ripemd160, .alias = SN_ripemd160, }, -#endif /* OPENSSL_NO_RIPEMD */ -#ifndef OPENSSL_NO_SHA1 { .name = SN_sha1WithRSAEncryption, .digest = EVP_sha1, @@ -1167,8 +1065,6 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha1, .alias = SN_sha1, /* XXX - alias to SN_sha1WithRSAEncryption? */ }, -#endif /* OPENSSL_NO_SHA1 */ -#ifndef OPENSSL_NO_SHA256 { .name = SN_sha224WithRSAEncryption, .digest = EVP_sha224, @@ -1179,8 +1075,6 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha256, .alias = SN_sha256, }, -#endif /* OPENSSL_NO_SHA256 */ -#ifndef OPENSSL_NO_SHA3 { .name = LN_RSA_SHA3_224, .digest = EVP_sha3_224, @@ -1201,8 +1095,6 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha3_512, .alias = SN_sha3_512, }, -#endif /* OPENSSL_NO_SHA3 */ -#ifndef OPENSSL_NO_SHA512 { .name = SN_sha384WithRSAEncryption, .digest = EVP_sha384, @@ -1223,23 +1115,16 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha512_256, .alias = SN_sha512_256, }, -#endif /* OPENSSL_NO_SHA256 */ -#ifndef OPENSSL_NO_SM4 { .name = SN_sm3WithRSAEncryption, .digest = EVP_sm3, .alias = SN_sm3, }, -#endif -#endif /* OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_SHA1 { .name = SN_sha1, .digest = EVP_sha1, }, -#endif /* OPENSSL_NO_SHA1 */ -#ifndef OPENSSL_NO_SHA256 { .name = SN_sha224, .digest = EVP_sha224, @@ -1248,8 +1133,6 @@ static const struct digest_name digest_names[] = { .name = SN_sha256, .digest = EVP_sha256, }, -#endif /* OPENSSL_NO_SHA256 */ -#ifndef OPENSSL_NO_SHA3 { .name = SN_sha3_224, .digest = EVP_sha3_224, @@ -1266,9 +1149,7 @@ static const struct digest_name digest_names[] = { .name = SN_sha3_512, .digest = EVP_sha3_512, }, -#endif /* OPENSSL_NO_SHA3 */ -#ifndef OPENSSL_NO_SHA512 { .name = SN_sha384, .digest = EVP_sha384, @@ -1285,24 +1166,18 @@ static const struct digest_name digest_names[] = { .name = SN_sha512_256, .digest = EVP_sha512_256, }, -#endif /* OPENSSL_NO_SHA512 */ -#ifndef OPENSSL_NO_SM3 { .name = SN_sm3, .digest = EVP_sm3, }, -#endif /* OPENSSL_NO_SM3 */ -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA1) { .name = LN_dsaWithSHA1, .digest = EVP_sha1, .alias = SN_sha1, }, -#endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA256) { .name = LN_dsa_with_SHA224, .digest = EVP_sha224, @@ -1323,17 +1198,13 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha512, .alias = SN_sha512, }, -#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA256 */ -#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_EC) { .name = SN_ecdsa_with_SHA1, .digest = EVP_sha1, .alias = SN_sha1, }, -#endif -#if !defined(OPENSSL_NO_SHA256) && !defined(OPENSSL_NO_EC) { .name = SN_ecdsa_with_SHA224, .digest = EVP_sha224, @@ -1354,16 +1225,7 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha512, .alias = SN_sha512, }, -#endif /* OPENSSL_NO_SHA256 && OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_GOST - { - .name = SN_id_Gost28147_89_MAC, - .digest = EVP_gost2814789imit, - }, -#endif /* OPENSSL_NO_GOST */ - -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA256) { .name = SN_dsa_with_SHA224, .digest = EVP_sha224, @@ -1374,9 +1236,7 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha256, .alias = SN_sha256, }, -#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA256 */ -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA3) { .name = SN_dsa_with_SHA3_224, .digest = EVP_sha3_224, @@ -1397,9 +1257,7 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha3_512, .alias = SN_sha3_512, }, -#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA3 */ -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA256) { .name = SN_dsa_with_SHA384, .digest = EVP_sha384, @@ -1410,9 +1268,7 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha512, .alias = SN_sha512, }, -#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA256 */ -#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_SHA3) { .name = SN_ecdsa_with_SHA3_224, .digest = EVP_sha3_224, @@ -1433,9 +1289,7 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha3_512, .alias = SN_sha3_512, }, -#endif /* OPENSSL_NO_EC && OPENSSL_NO_SHA3 */ -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_SHA3) { .name = SN_RSA_SHA3_224, .digest = EVP_sha3_224, @@ -1456,50 +1310,31 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha3_512, .alias = SN_sha3_512, }, -#endif /* OPENSSL_NO_RSA && OPENSSL_NO_SHA3 */ -#ifndef OPENSSL_NO_MD4 { .name = LN_md4, .digest = EVP_md4, }, -#endif /* OPENSSL_NO_MD4 */ -#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_RSA) { .name = LN_md4WithRSAEncryption, .digest = EVP_md4, .alias = SN_md4, }, -#endif /* OPENSSL_NO_MD4 */ -#if !defined(OPENSSL_NO_MD5) { .name = LN_md5, .digest = EVP_md5, }, -#endif /* OPENSSL_NO_MD5 */ -#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_SHA1) { .name = LN_md5_sha1, .digest = EVP_md5_sha1, }, -#endif /* OPENSSL_NO_MD5 && OPENSSL_NO_SHA1 */ -#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_RSA) { .name = LN_md5WithRSAEncryption, .digest = EVP_md5, .alias = SN_md5, }, -#endif -#ifndef OPENSSL_NO_GOST - { - .name = SN_id_GostR3411_94, - .digest = EVP_gostr341194, - }, -#endif /* OPENSSL_NO_GOST */ - -#ifndef OPENSSL_NO_RIPEMD { .name = "ripemd", .digest = EVP_ripemd160, @@ -1509,60 +1344,46 @@ static const struct digest_name digest_names[] = { .name = LN_ripemd160, .digest = EVP_ripemd160, }, -#ifndef OPENSSL_NO_RSA { .name = LN_ripemd160WithRSA, .digest = EVP_ripemd160, .alias = SN_ripemd160, }, -#endif /* OPENSSL_NO_RSA */ { .name = "rmd160", .digest = EVP_ripemd160, .alias = SN_ripemd160, }, -#endif /* OPENSSL_NO_RIPEMD */ -#ifndef OPENSSL_NO_SHA1 { .name = LN_sha1, .digest = EVP_sha1, }, -#endif /* OPENSSL_NO_SHA1 */ -#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_RSA) { .name = LN_sha1WithRSAEncryption, .digest = EVP_sha1, .alias = SN_sha1, }, -#endif /* OPENSSL_NO_SHA1 && OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_SHA256 { .name = LN_sha224, .digest = EVP_sha224, }, -#ifndef OPENSSL_NO_RSA { .name = LN_sha224WithRSAEncryption, .digest = EVP_sha224, .alias = SN_sha224, }, -#endif /* OPENSSL_NO_RSA */ { .name = LN_sha256, .digest = EVP_sha256, }, -#ifndef OPENSSL_NO_RSA { .name = LN_sha256WithRSAEncryption, .digest = EVP_sha256, .alias = SN_sha256, }, -#endif /* OPENSSL_NO_RSA */ -#endif /* OPENSSL_NO_SHA256 */ -#ifndef OPENSSL_NO_SHA3 { .name = LN_sha3_224, .digest = EVP_sha3_224, @@ -1579,20 +1400,16 @@ static const struct digest_name digest_names[] = { .name = LN_sha3_512, .digest = EVP_sha3_512, }, -#endif /* OPENSSL_NO_SHA3 */ -#ifndef OPENSSL_NO_SHA512 { .name = LN_sha384, .digest = EVP_sha384, }, -#ifndef OPENSSL_NO_RSA { .name = LN_sha384WithRSAEncryption, .digest = EVP_sha384, .alias = SN_sha384, }, -#endif /* OPENSSL_NO_RSA */ { .name = LN_sha512, .digest = EVP_sha512, @@ -1601,18 +1418,15 @@ static const struct digest_name digest_names[] = { .name = LN_sha512_224, .digest = EVP_sha512_224, }, -#ifndef OPENSSL_NO_RSA { .name = LN_sha512_224WithRSAEncryption, .digest = EVP_sha512_224, .alias = SN_sha512_224, }, -#endif { .name = LN_sha512_256, .digest = EVP_sha512_256, }, -#ifndef OPENSSL_NO_RSA { .name = LN_sha512_256WithRSAEncryption, .digest = EVP_sha512_256, @@ -1623,24 +1437,17 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha512, .alias = SN_sha512, }, -#endif -#endif /* OPENSSL_NO_SHA512 */ -#ifndef OPENSSL_NO_SM3 { .name = LN_sm3, .digest = EVP_sm3, }, -#endif /* OPENSSL_NO_SM3 */ -#if !defined(OPENSSL_NO_SM3) && !defined(OPENSSL_NO_RSA) { .name = LN_sm3WithRSAEncryption, .digest = EVP_sm3, .alias = SN_sm3, }, -#endif /* OPENSSL_NO_SM3 && OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_MD5 { .name = "ssl2-md5", .digest = EVP_md5, @@ -1651,33 +1458,17 @@ static const struct digest_name digest_names[] = { .digest = EVP_md5, .alias = SN_md5, }, -#endif /* OPENSSL_NO_MD5 */ -#ifndef OPENSSL_NO_SHA1 { .name = "ssl3-sha1", .digest = EVP_sha1, .alias = SN_sha1, }, -#endif /* OPENSSL_NO_SHA1 */ -#ifndef OPENSSL_NO_GOST - { - .name = SN_id_tc26_gost3411_2012_256, - .digest = EVP_streebog256, - }, - { - .name = SN_id_tc26_gost3411_2012_512, - .digest = EVP_streebog512, - }, -#endif /* OPENSSL_NO_GOST */ - -#ifndef OPENSSL_NO_WHIRLPOOL { .name = SN_whirlpool, .digest = EVP_whirlpool, }, -#endif }; #define N_DIGEST_NAMES (sizeof(digest_names) / sizeof(digest_names[0])) @@ -1852,6 +1643,9 @@ EVP_get_cipherbyname(const char *name) if (!OPENSSL_init_crypto(0, NULL)) return NULL; + if (name == NULL) + return NULL; + if ((cipher = bsearch(name, cipher_names, N_CIPHER_NAMES, sizeof(*cipher), cipher_cmp)) == NULL) return NULL; @@ -1873,6 +1667,9 @@ EVP_get_digestbyname(const char *name) if (!OPENSSL_init_crypto(0, NULL)) return NULL; + if (name == NULL) + return NULL; + if ((digest = bsearch(name, digest_names, N_DIGEST_NAMES, sizeof(*digest), digest_cmp)) == NULL) return NULL; diff --git a/lib/libcrypto/evp/evp_pbe.c b/lib/libcrypto/evp/evp_pbe.c index 532c924a9..37282202b 100644 --- a/lib/libcrypto/evp/evp_pbe.c +++ b/lib/libcrypto/evp/evp_pbe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_pbe.c,v 1.46 2024/03/02 10:20:27 tb Exp $ */ +/* $OpenBSD: evp_pbe.c,v 1.48 2024/03/24 06:48:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -494,14 +494,6 @@ md_nid_from_prf_nid(int nid) return NID_sha3_384; case NID_hmac_sha3_512: return NID_sha3_512; -#ifndef OPENSSL_NO_GOST - case NID_id_HMACGostR3411_94: - return NID_id_GostR3411_94; - case NID_id_tc26_hmac_gost_3411_12_256: - return NID_id_tc26_gost3411_2012_256; - case NID_id_tc26_hmac_gost_3411_12_512: - return NID_id_tc26_gost3411_2012_512; -#endif default: return NID_undef; } @@ -650,4 +642,3 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, explicit_bzero(iv, EVP_MAX_IV_LENGTH); return ret; } -LCRYPTO_ALIAS(PKCS12_PBE_keyivgen); diff --git a/lib/libcrypto/ocsp/ocsp_cl.c b/lib/libcrypto/ocsp/ocsp_cl.c index 5ef222678..d8ee33c39 100644 --- a/lib/libcrypto/ocsp/ocsp_cl.c +++ b/lib/libcrypto/ocsp/ocsp_cl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_cl.c,v 1.24 2024/03/02 09:08:41 tb Exp $ */ +/* $OpenBSD: ocsp_cl.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -68,6 +68,7 @@ #include #include #include +#include #include #include @@ -394,69 +395,61 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) { - time_t t_now, t_tmp; - struct tm tm_this, tm_next, tm_tmp; + int64_t posix_next, posix_this, posix_now; + struct tm tm_this, tm_next; - time(&t_now); + /* Negative values of nsec make no sense */ + if (nsec < 0) + return 0; + + posix_now = time(NULL); /* * Times must explicitly be a GENERALIZEDTIME as per section * 4.2.2.1 of RFC 6960 - It is invalid to accept other times * (such as UTCTIME permitted/required by RFC 5280 for certificates) */ - - /* Check thisUpdate is valid and not more than nsec in the future */ + /* Check that thisUpdate is valid. */ if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this, V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) { OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD); return 0; - } else { - t_tmp = t_now + nsec; - if (gmtime_r(&t_tmp, &tm_tmp) == NULL) - return 0; - if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) { - OCSPerror(OCSP_R_STATUS_NOT_YET_VALID); - return 0; - } - - /* - * If maxsec specified check thisUpdate is not more than maxsec - * in the past - */ - if (maxsec >= 0) { - t_tmp = t_now - maxsec; - if (gmtime_r(&t_tmp, &tm_tmp) == NULL) - return 0; - if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) { - OCSPerror(OCSP_R_STATUS_TOO_OLD); - return 0; - } - } + } + if (!OPENSSL_tm_to_posix(&tm_this, &posix_this)) + return 0; + /* thisUpdate must not be more than nsec in the future. */ + if (posix_this - nsec > posix_now) { + OCSPerror(OCSP_R_STATUS_NOT_YET_VALID); + return 0; + } + /* thisUpdate must not be more than maxsec seconds in the past. */ + if (maxsec >= 0 && posix_this < posix_now - maxsec) { + OCSPerror(OCSP_R_STATUS_TOO_OLD); + return 0; } - if (!nextupd) + /* RFC 6960 section 4.2.2.1 allows for servers to not set nextUpdate */ + if (nextupd == NULL) return 1; - /* Check nextUpdate is valid and not more than nsec in the past */ + /* Check that nextUpdate is valid. */ if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next, V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) { OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); return 0; - } else { - t_tmp = t_now - nsec; - if (gmtime_r(&t_tmp, &tm_tmp) == NULL) - return 0; - if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) { - OCSPerror(OCSP_R_STATUS_EXPIRED); - return 0; - } } - - /* Also don't allow nextUpdate to precede thisUpdate */ - if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) { + if (!OPENSSL_tm_to_posix(&tm_next, &posix_next)) + return 0; + /* Don't allow nextUpdate to precede thisUpdate. */ + if (posix_next < posix_this) { OCSPerror(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); return 0; } + /* nextUpdate must not be more than nsec seconds in the past. */ + if (posix_next + nsec < posix_now) { + OCSPerror(OCSP_R_STATUS_EXPIRED); + return 0; + } return 1; } diff --git a/lib/libcrypto/pkcs12/p12_attr.c b/lib/libcrypto/pkcs12/p12_attr.c index d43b205a0..533be3b69 100644 --- a/lib/libcrypto/pkcs12/p12_attr.c +++ b/lib/libcrypto/pkcs12/p12_attr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_attr.c,v 1.20 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_attr.c,v 1.21 2024/03/24 06:48:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -74,7 +74,6 @@ PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) else return 0; } -LCRYPTO_ALIAS(PKCS12_add_localkeyid); /* Add key usage to PKCS#8 structure */ @@ -99,8 +98,6 @@ PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) else return 0; } -LCRYPTO_ALIAS(PKCS12_add_friendlyname_asc); - int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, @@ -112,7 +109,6 @@ PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, else return 0; } -LCRYPTO_ALIAS(PKCS12_add_friendlyname_uni); int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) @@ -123,7 +119,6 @@ PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) else return 0; } -LCRYPTO_ALIAS(PKCS12_add_CSPName_asc); ASN1_TYPE * PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) @@ -140,7 +135,6 @@ PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) } return NULL; } -LCRYPTO_ALIAS(PKCS12_get_attr_gen); char * PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) diff --git a/lib/libcrypto/pkcs12/p12_crt.c b/lib/libcrypto/pkcs12/p12_crt.c index 90a0cbe55..3d3ae733c 100644 --- a/lib/libcrypto/pkcs12/p12_crt.c +++ b/lib/libcrypto/pkcs12/p12_crt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_crt.c,v 1.23 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_crt.c,v 1.24 2024/03/24 06:48:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -222,7 +222,6 @@ err: return NULL; } -LCRYPTO_ALIAS(PKCS12_add_cert); PKCS12_SAFEBAG * PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage, @@ -263,7 +262,6 @@ err: return NULL; } -LCRYPTO_ALIAS(PKCS12_add_key); int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, @@ -307,7 +305,6 @@ err: return 0; } -LCRYPTO_ALIAS(PKCS12_add_safe); static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag) @@ -354,4 +351,3 @@ PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) return p12; } -LCRYPTO_ALIAS(PKCS12_add_safes); diff --git a/lib/libcrypto/pkcs12/p12_init.c b/lib/libcrypto/pkcs12/p12_init.c index 09ff0d559..cd9422d21 100644 --- a/lib/libcrypto/pkcs12/p12_init.c +++ b/lib/libcrypto/pkcs12/p12_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_init.c,v 1.16 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_init.c,v 1.17 2024/03/24 06:48:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -98,4 +98,3 @@ err: PKCS12_free(pkcs12); return NULL; } -LCRYPTO_ALIAS(PKCS12_init); diff --git a/lib/libcrypto/pkcs12/p12_mutl.c b/lib/libcrypto/pkcs12/p12_mutl.c index 2a728294a..206035818 100644 --- a/lib/libcrypto/pkcs12/p12_mutl.c +++ b/lib/libcrypto/pkcs12/p12_mutl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_mutl.c,v 1.37 2024/03/02 10:15:16 tb Exp $ */ +/* $OpenBSD: p12_mutl.c,v 1.38 2024/03/24 06:48:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -173,7 +173,6 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, return ret; } -LCRYPTO_ALIAS(PKCS12_gen_mac); /* Verify the mac */ int diff --git a/lib/libcrypto/pkcs12/p12_sbag.c b/lib/libcrypto/pkcs12/p12_sbag.c index b7772b67b..1664e9409 100644 --- a/lib/libcrypto/pkcs12/p12_sbag.c +++ b/lib/libcrypto/pkcs12/p12_sbag.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_sbag.c,v 1.8 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_sbag.c,v 1.9 2024/03/24 06:48:03 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project * 1999-2018. @@ -166,7 +166,6 @@ PKCS12_SAFEBAG_create_cert(X509 *x509) return PKCS12_item_pack_safebag(x509, &X509_it, NID_x509Certificate, NID_certBag); } -LCRYPTO_ALIAS(PKCS12_SAFEBAG_create_cert); PKCS12_SAFEBAG * PKCS12_SAFEBAG_create_crl(X509_CRL *crl) @@ -174,7 +173,6 @@ PKCS12_SAFEBAG_create_crl(X509_CRL *crl) return PKCS12_item_pack_safebag(crl, &X509_CRL_it, NID_x509Crl, NID_crlBag); } -LCRYPTO_ALIAS(PKCS12_SAFEBAG_create_crl); /* Turn PKCS8 object into a keybag */ @@ -193,7 +191,6 @@ PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8) return bag; } -LCRYPTO_ALIAS(PKCS12_SAFEBAG_create0_p8inf); /* Turn PKCS8 object into a shrouded keybag */ @@ -213,7 +210,6 @@ PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8) return bag; } -LCRYPTO_ALIAS(PKCS12_SAFEBAG_create0_pkcs8); PKCS12_SAFEBAG * PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen, @@ -237,4 +233,3 @@ PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen, return bag; } -LCRYPTO_ALIAS(PKCS12_SAFEBAG_create_pkcs8_encrypt); diff --git a/lib/libcrypto/ts/ts_rsp_sign.c b/lib/libcrypto/ts/ts_rsp_sign.c index 3013cffbc..8eb687aab 100644 --- a/lib/libcrypto/ts/ts_rsp_sign.c +++ b/lib/libcrypto/ts/ts_rsp_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_sign.c,v 1.32 2023/08/22 08:09:36 tb Exp $ */ +/* $OpenBSD: ts_rsp_sign.c,v 1.33 2024/03/24 11:30:12 beck Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -999,7 +999,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) goto err; - if (!(tm = gmtime(&sec))) + if (OPENSSL_gmtime(&sec, tm) == NULL) goto err; /* diff --git a/lib/libcrypto/x509/by_dir.c b/lib/libcrypto/x509/by_dir.c index 7e6949e21..bb14e7280 100644 --- a/lib/libcrypto/x509/by_dir.c +++ b/lib/libcrypto/x509/by_dir.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_dir.c,v 1.46 2023/12/29 05:33:32 tb Exp $ */ +/* $OpenBSD: by_dir.c,v 1.47 2024/03/25 00:05:49 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,9 +56,6 @@ * [including the GNU Public Licence.] */ -#include -#include - #include #include #include @@ -331,23 +328,27 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, for (;;) { (void) snprintf(b->data, b->max, "%s/%08lx.%s%d", ent->dir, h, postfix, k); - - { - struct stat st; - if (stat(b->data, &st) < 0) - break; - } - /* found one. */ + /* + * Found one. Attempt to load it. This could fail for + * any number of reasons from the file can't be opened, + * the file contains garbage, etc. Clear the error stack + * to avoid exposing the lower level error. These all + * boil down to "we could not find CA/CRL". + */ if (type == X509_LU_X509) { if ((X509_load_cert_file(xl, b->data, - ent->dir_type)) == 0) + ent->dir_type)) == 0) { + ERR_clear_error(); break; + } } else if (type == X509_LU_CRL) { if ((X509_load_crl_file(xl, b->data, - ent->dir_type)) == 0) + ent->dir_type)) == 0) { + ERR_clear_error(); break; + } } - /* else case will caught higher up */ + /* The lack of a CA or CRL will be caught higher up. */ k++; } diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index 3764f0200..72238761c 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.45 2024/03/24 00:35:45 tb Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.49 2024/03/25 00:46:57 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -65,12 +65,13 @@ #include #include "crypto_internal.h" +#include "x509_internal.h" #include "x509_local.h" typedef struct x509_trust_st { int trust; int (*check_trust)(struct x509_trust_st *, X509 *); - int arg1; + int nid; } X509_TRUST; static int @@ -78,34 +79,32 @@ obj_trust(int id, X509 *x) { ASN1_OBJECT *obj; int i, nid; - X509_CERT_AUX *ax; + X509_CERT_AUX *aux; - ax = x->aux; - if (!ax) + if ((aux = x->aux) == NULL) return X509_TRUST_UNTRUSTED; - if (ax->reject) { - for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { - obj = sk_ASN1_OBJECT_value(ax->reject, i); - nid = OBJ_obj2nid(obj); - if (nid == id || nid == NID_anyExtendedKeyUsage) - return X509_TRUST_REJECTED; - } + + for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { + obj = sk_ASN1_OBJECT_value(aux->reject, i); + nid = OBJ_obj2nid(obj); + if (nid == id || nid == NID_anyExtendedKeyUsage) + return X509_TRUST_REJECTED; } - if (ax->trust) { - for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { - obj = sk_ASN1_OBJECT_value(ax->trust, i); - nid = OBJ_obj2nid(obj); - if (nid == id || nid == NID_anyExtendedKeyUsage) - return X509_TRUST_TRUSTED; - } + + for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { + obj = sk_ASN1_OBJECT_value(aux->trust, i); + nid = OBJ_obj2nid(obj); + if (nid == id || nid == NID_anyExtendedKeyUsage) + return X509_TRUST_TRUSTED; } + return X509_TRUST_UNTRUSTED; } static int trust_compat(X509_TRUST *trust, X509 *x) { - X509_check_purpose(x, -1, 0); + /* Extensions already cached in X509_check_trust(). */ if (x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; else @@ -116,7 +115,7 @@ static int trust_1oidany(X509_TRUST *trust, X509 *x) { if (x->aux && (x->aux->trust || x->aux->reject)) - return obj_trust(trust->arg1, x); + return obj_trust(trust->nid, x); /* we don't have any trust settings: for compatibility * we return trusted if it is self signed */ @@ -127,7 +126,7 @@ static int trust_1oid(X509_TRUST *trust, X509 *x) { if (x->aux) - return obj_trust(trust->arg1, x); + return obj_trust(trust->nid, x); return X509_TRUST_UNTRUSTED; } @@ -144,37 +143,37 @@ static const X509_TRUST trstandard[] = { { .trust = X509_TRUST_SSL_CLIENT, .check_trust = trust_1oidany, - .arg1 = NID_client_auth, + .nid = NID_client_auth, }, { .trust = X509_TRUST_SSL_SERVER, .check_trust = trust_1oidany, - .arg1 = NID_server_auth, + .nid = NID_server_auth, }, { .trust = X509_TRUST_EMAIL, .check_trust = trust_1oidany, - .arg1 = NID_email_protect, + .nid = NID_email_protect, }, { .trust = X509_TRUST_OBJECT_SIGN, .check_trust = trust_1oidany, - .arg1 = NID_code_sign, + .nid = NID_code_sign, }, { .trust = X509_TRUST_OCSP_SIGN, .check_trust = trust_1oid, - .arg1 = NID_OCSP_sign, + .nid = NID_OCSP_sign, }, { .trust = X509_TRUST_OCSP_REQUEST, .check_trust = trust_1oid, - .arg1 = NID_ad_OCSP, + .nid = NID_ad_OCSP, }, { .trust = X509_TRUST_TSA, .check_trust = trust_1oidany, - .arg1 = NID_time_stamp, + .nid = NID_time_stamp, }, }; @@ -191,6 +190,10 @@ X509_check_trust(X509 *x, int trust_id, int flags) if (trust_id == -1) return 1; + /* Call early so the trust handlers don't need to modify the certs. */ + if (!x509v3_cache_extensions(x)) + return X509_TRUST_UNTRUSTED; + /* * XXX beck/jsing This enables self signed certs to be trusted for * an unspecified id/trust flag value (this is NOT the diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c index 90fdfacad..08f8714ec 100644 --- a/lib/libtls/tls_conninfo.c +++ b/lib/libtls/tls_conninfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */ +/* $OpenBSD: tls_conninfo.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */ /* * Copyright (c) 2015 Joel Sing * Copyright (c) 2015 Bob Beck @@ -19,12 +19,27 @@ #include #include +#include #include #include #include "tls_internal.h" -int ASN1_time_tm_clamp_notafter(struct tm *tm); +static int +tls_convert_notafter(struct tm *tm, time_t *out_time) +{ + int64_t posix_time; + + /* OPENSSL_timegm() fails if tm is not representable in a time_t */ + if (OPENSSL_timegm(tm, out_time)) + return 1; + if (!OPENSSL_tm_to_posix(tm, &posix_time)) + return 0; + if (posix_time < INT32_MIN) + return 0; + *out_time = (posix_time > INT32_MAX) ? INT32_MAX : posix_time; + return 1; +} int tls_hex_string(const unsigned char *in, size_t inlen, char **out, @@ -121,13 +136,10 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, goto err; if (!ASN1_TIME_to_tm(after, &after_tm)) goto err; - if (!ASN1_time_tm_clamp_notafter(&after_tm)) + if (!tls_convert_notafter(&after_tm, notafter)) goto err; - if ((*notbefore = timegm(&before_tm)) == -1) + if (!OPENSSL_timegm(&before_tm, notbefore)) goto err; - if ((*notafter = timegm(&after_tm)) == -1) - goto err; - return (0); err: diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c index c7eb3e598..f7d7ba919 100644 --- a/lib/libtls/tls_ocsp.c +++ b/lib/libtls/tls_ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */ +/* $OpenBSD: tls_ocsp.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */ /* * Copyright (c) 2015 Marko Kreen * Copyright (c) 2016 Bob Beck @@ -25,6 +25,7 @@ #include #include +#include #include #include @@ -68,7 +69,7 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t return -1; if (!ASN1_TIME_to_tm(gt, &tm)) return -1; - if ((*gt_time = timegm(&tm)) == -1) + if (!OPENSSL_timegm(&tm, gt_time)) return -1; return 0; } diff --git a/regress/lib/libcrypto/evp/evp_test.c b/regress/lib/libcrypto/evp/evp_test.c index e7ef804ed..eebbd50b0 100644 --- a/regress/lib/libcrypto/evp/evp_test.c +++ b/regress/lib/libcrypto/evp/evp_test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_test.c,v 1.17 2024/02/29 20:02:40 tb Exp $ */ +/* $OpenBSD: evp_test.c,v 1.18 2024/03/24 14:00:11 jca Exp $ */ /* * Copyright (c) 2022 Joel Sing * Copyright (c) 2023 Theo Buehler @@ -737,6 +737,28 @@ obj_name_do_all_test(void) return failure; } +static int +evp_get_cipherbyname_test(void) +{ + int failure = 0; + + /* Should handle NULL gracefully */ + failure |= EVP_get_cipherbyname(NULL) != NULL; + + return failure; +} + +static int +evp_get_digestbyname_test(void) +{ + int failure = 0; + + /* Should handle NULL gracefully */ + failure |= EVP_get_digestbyname(NULL) != NULL; + + return failure; +} + int main(int argc, char **argv) { @@ -748,6 +770,8 @@ main(int argc, char **argv) failed |= evp_do_all_test(); failed |= evp_aliases_test(); failed |= obj_name_do_all_test(); + failed |= evp_get_cipherbyname_test(); + failed |= evp_get_digestbyname_test(); OPENSSL_cleanup(); diff --git a/sys/arch/arm64/conf/GENERIC b/sys/arch/arm64/conf/GENERIC index 4b7b56e9d..9a6a48652 100644 --- a/sys/arch/arm64/conf/GENERIC +++ b/sys/arch/arm64/conf/GENERIC @@ -1,4 +1,4 @@ -# $OpenBSD: GENERIC,v 1.284 2024/03/02 19:53:17 kettenis Exp $ +# $OpenBSD: GENERIC,v 1.285 2024/03/24 22:34:48 patrick Exp $ # # GENERIC machine description file # @@ -375,6 +375,7 @@ iic* at sxitwi? # I2C bus dwxe* at fdt? # Xilinx Zynq UltraScale+ SoCs +cad* at fdt? # Ethernet controller cduart* at fdt? # PCI diff --git a/sys/arch/arm64/conf/RAMDISK b/sys/arch/arm64/conf/RAMDISK index 8ad74f255..b9bd81295 100644 --- a/sys/arch/arm64/conf/RAMDISK +++ b/sys/arch/arm64/conf/RAMDISK @@ -1,4 +1,4 @@ -# $OpenBSD: RAMDISK,v 1.214 2024/03/02 19:53:17 kettenis Exp $ +# $OpenBSD: RAMDISK,v 1.215 2024/03/24 22:34:48 patrick Exp $ machine arm64 maxusers 4 @@ -292,6 +292,7 @@ iic* at sxitwi? # I2C bus dwxe* at fdt? # Xilinx Zynq UltraScale+ SoCs +cad* at fdt? # Ethernet controller cduart* at fdt? # PCI diff --git a/sys/dev/fdt/if_cad.c b/sys/dev/fdt/if_cad.c index 7e20c9f3e..9baa28aa8 100644 --- a/sys/dev/fdt/if_cad.c +++ b/sys/dev/fdt/if_cad.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_cad.c,v 1.13 2023/08/15 08:27:30 miod Exp $ */ +/* $OpenBSD: if_cad.c,v 1.14 2024/03/24 22:34:06 patrick Exp $ */ /* * Copyright (c) 2021-2022 Visa Hankala @@ -54,6 +54,7 @@ #include #include #include +#include #define GEM_NETCTL 0x0000 #define GEM_NETCTL_DPRAM (1 << 18) @@ -388,6 +389,8 @@ cad_attach(struct device *parent, struct device *self, void *aux) struct fdt_attach_args *faa = aux; struct cad_softc *sc = (struct cad_softc *)self; struct ifnet *ifp = &sc->sc_ac.ac_if; + uint32_t phy_reset_gpio[3]; + uint32_t phy_reset_duration; uint32_t hi, lo; uint32_t rev, ver; uint32_t val; @@ -427,6 +430,20 @@ cad_attach(struct device *parent, struct device *self, void *aux) ether_fakeaddr(ifp); } + if (OF_getpropintarray(faa->fa_node, "phy-reset-gpios", phy_reset_gpio, + sizeof(phy_reset_gpio)) == sizeof(phy_reset_gpio)) { + phy_reset_duration = OF_getpropint(faa->fa_node, + "phy-reset-duration", 1); + if (phy_reset_duration > 1000) + phy_reset_duration = 1; + + gpio_controller_config_pin(phy_reset_gpio, GPIO_CONFIG_OUTPUT); + gpio_controller_set_pin(phy_reset_gpio, 1); + delay((phy_reset_duration + 1) * 1000); + gpio_controller_set_pin(phy_reset_gpio, 0); + delay(1000); + } + phy = OF_getpropint(faa->fa_node, "phy-handle", 0); node = OF_getnodebyphandle(phy); if (node != 0) diff --git a/sys/lib/libsa/softraid.c b/sys/lib/libsa/softraid.c index 76f1fece3..d31c167e0 100644 --- a/sys/lib/libsa/softraid.c +++ b/sys/lib/libsa/softraid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: softraid.c,v 1.5 2022/08/12 20:17:46 stsp Exp $ */ +/* $OpenBSD: softraid.c,v 1.6 2024/03/24 05:50:20 jsg Exp $ */ /* * Copyright (c) 2012 Joel Sing @@ -63,7 +63,7 @@ void sr_clear_keys(void) { struct sr_boot_volume *bv; - struct sr_boot_keydisk *kd; + struct sr_boot_keydisk *kd, *nkd; SLIST_FOREACH(bv, &sr_volumes, sbv_link) { if (bv->sbv_level != 'C' && bv->sbv_level != 0x1C) @@ -79,7 +79,7 @@ sr_clear_keys(void) bv->sbv_maskkey = NULL; } } - SLIST_FOREACH(kd, &sr_keydisks, kd_link) { + SLIST_FOREACH_SAFE(kd, &sr_keydisks, kd_link, nkd) { explicit_bzero(kd, sizeof(*kd)); free(kd, sizeof(*kd)); } diff --git a/sys/uvm/uvm_pdaemon.c b/sys/uvm/uvm_pdaemon.c index 3af7e31e0..0c28e62d7 100644 --- a/sys/uvm/uvm_pdaemon.c +++ b/sys/uvm/uvm_pdaemon.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_pdaemon.c,v 1.109 2023/10/27 19:18:53 mpi Exp $ */ +/* $OpenBSD: uvm_pdaemon.c,v 1.110 2024/03/24 10:29:35 mpi Exp $ */ /* $NetBSD: uvm_pdaemon.c,v 1.23 2000/08/20 10:24:14 bjh21 Exp $ */ /* @@ -165,33 +165,27 @@ uvm_wait(const char *wmsg) /* * uvmpd_tune: tune paging parameters - * - * => called whenever memory is added to (or removed from?) the system - * => caller must call with page queues locked */ - void uvmpd_tune(void) { + int val; - uvmexp.freemin = uvmexp.npages / 30; + val = uvmexp.npages / 30; - /* between 16k and 512k */ /* XXX: what are these values good for? */ - uvmexp.freemin = max(uvmexp.freemin, (16*1024) >> PAGE_SHIFT); -#if 0 - uvmexp.freemin = min(uvmexp.freemin, (512*1024) >> PAGE_SHIFT); -#endif + val = max(val, (16*1024) >> PAGE_SHIFT); /* Make sure there's always a user page free. */ - if (uvmexp.freemin < uvmexp.reserve_kernel + 1) - uvmexp.freemin = uvmexp.reserve_kernel + 1; + if (val < uvmexp.reserve_kernel + 1) + val = uvmexp.reserve_kernel + 1; + uvmexp.freemin = val; - uvmexp.freetarg = (uvmexp.freemin * 4) / 3; - if (uvmexp.freetarg <= uvmexp.freemin) - uvmexp.freetarg = uvmexp.freemin + 1; - - /* uvmexp.inactarg: computed in main daemon loop */ + /* Calculate free target. */ + val = (uvmexp.freemin * 4) / 3; + if (val <= uvmexp.freemin) + val = uvmexp.freemin + 1; + uvmexp.freetarg = val; uvmexp.wiredmax = uvmexp.npages / 3; } @@ -211,15 +205,12 @@ uvm_pageout(void *arg) { struct uvm_constraint_range constraint; struct uvm_pmalloc *pma; - int npages = 0; + int free; /* ensure correct priority and set paging parameters... */ uvm.pagedaemon_proc = curproc; (void) spl0(); - uvm_lock_pageq(); - npages = uvmexp.npages; uvmpd_tune(); - uvm_unlock_pageq(); for (;;) { long size; @@ -245,44 +236,38 @@ uvm_pageout(void *arg) } else constraint = no_constraint; } - + free = uvmexp.free - BUFPAGES_DEFICIT; uvm_unlock_fpageq(); /* * now lock page queues and recompute inactive count */ uvm_lock_pageq(); - if (npages != uvmexp.npages) { /* check for new pages? */ - npages = uvmexp.npages; - uvmpd_tune(); - } - uvmexp.inactarg = (uvmexp.active + uvmexp.inactive) / 3; if (uvmexp.inactarg <= uvmexp.freetarg) { uvmexp.inactarg = uvmexp.freetarg + 1; } + uvm_unlock_pageq(); /* Reclaim pages from the buffer cache if possible. */ size = 0; if (pma != NULL) size += pma->pm_size >> PAGE_SHIFT; - if (uvmexp.free - BUFPAGES_DEFICIT < uvmexp.freetarg) - size += uvmexp.freetarg - (uvmexp.free - - BUFPAGES_DEFICIT); + if (free < uvmexp.freetarg) + size += uvmexp.freetarg - free; if (size == 0) size = 16; /* XXX */ - uvm_unlock_pageq(); + (void) bufbackoff(&constraint, size * 2); #if NDRM > 0 drmbackoff(size * 2); #endif - uvm_lock_pageq(); - /* * scan if needed */ - if (pma != NULL || - ((uvmexp.free - BUFPAGES_DEFICIT) < uvmexp.freetarg) || + uvm_lock_pageq(); + free = uvmexp.free - BUFPAGES_DEFICIT; + if (pma != NULL || (free < uvmexp.freetarg) || ((uvmexp.inactive + BUFPAGES_INACT) < uvmexp.inactarg)) { uvmpd_scan(pma, &constraint); } diff --git a/sys/uvm/uvmexp.h b/sys/uvm/uvmexp.h index 7d0225786..5b8b18239 100644 --- a/sys/uvm/uvmexp.h +++ b/sys/uvm/uvmexp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uvmexp.h,v 1.11 2023/10/27 19:18:53 mpi Exp $ */ +/* $OpenBSD: uvmexp.h,v 1.12 2024/03/24 10:29:35 mpi Exp $ */ #ifndef _UVM_UVMEXP_ #define _UVM_UVMEXP_ @@ -45,7 +45,9 @@ * I immutable after creation * K kernel lock * F uvm_lock_fpageq + * L uvm_lock_pageq * S uvm_swap_data_lock + * p copy of per-CPU counters, used only by userland. */ struct uvmexp { /* vm_page constants */ @@ -56,8 +58,8 @@ struct uvmexp { /* vm_page counters */ int npages; /* [I] number of pages we manage */ int free; /* [F] number of free pages */ - int active; /* number of active pages */ - int inactive; /* number of pages that we free'd but may want back */ + int active; /* [L] # of active pages */ + int inactive; /* [L] # of pages that we free'd but may want back */ int paging; /* number of pages in the process of being paged out */ int wired; /* number of wired pages */ @@ -69,10 +71,10 @@ struct uvmexp { int vtextpages; /* XXX # of pages used by vtext vnodes */ /* pageout params */ - int freemin; /* min number of free pages */ - int freetarg; /* target number of free pages */ + int freemin; /* [I] min number of free pages */ + int freetarg; /* [I] target number of free pages */ int inactarg; /* target number of inactive pages */ - int wiredmax; /* max number of wired pages */ + int wiredmax; /* [I] max number of wired pages */ int anonmin; /* min threshold for anon pages */ int vtextmin; /* min threshold for vtext pages */ int vnodemin; /* min threshold for vnode pages */ @@ -91,16 +93,16 @@ struct uvmexp { int unused06; /* formerly nfreeanon */ /* stat counters */ - int faults; /* page fault count */ + int faults; /* [p] page fault count */ int traps; /* trap count */ int intrs; /* interrupt count */ int swtch; /* context switch count */ int softs; /* software interrupt count */ int syscalls; /* system calls */ - int pageins; /* pagein operation count */ + int pageins; /* [p] pagein operation count */ /* pageouts are in pdpageouts below */ - int unused07; /* formerly obsolete_swapins */ - int unused08; /* formerly obsolete_swapouts */ + int unused07; /* formerly obsolete_swapins */ + int unused08; /* formerly obsolete_swapouts */ int pgswapin; /* pages swapped in */ int pgswapout; /* pages swapped out */ int forks; /* forks */ @@ -113,28 +115,28 @@ struct uvmexp { int unused09; /* formerly zeroaborts */ /* fault subcounters */ - int fltnoram; /* number of times fault was out of ram */ - int fltnoanon; /* number of times fault was out of anons */ - int fltnoamap; /* number of times fault was out of amap chunks */ - int fltpgwait; /* number of times fault had to wait on a page */ - int fltpgrele; /* number of times fault found a released page */ - int fltrelck; /* number of times fault relock called */ - int fltrelckok; /* number of times fault relock is a success */ - int fltanget; /* number of times fault gets anon page */ - int fltanretry; /* number of times fault retrys an anon get */ - int fltamcopy; /* number of times fault clears "needs copy" */ - int fltnamap; /* number of times fault maps a neighbor anon page */ - int fltnomap; /* number of times fault maps a neighbor obj page */ - int fltlget; /* number of times fault does a locked pgo_get */ - int fltget; /* number of times fault does an unlocked get */ - int flt_anon; /* number of times fault anon (case 1a) */ - int flt_acow; /* number of times fault anon cow (case 1b) */ - int flt_obj; /* number of times fault is on object page (2a) */ - int flt_prcopy; /* number of times fault promotes with copy (2b) */ - int flt_przero; /* number of times fault promotes with zerofill (2b) */ + int fltnoram; /* [p] # of times fault was out of ram */ + int fltnoanon; /* [p] # of times fault was out of anons */ + int fltnoamap; /* [p] # of times fault was out of amap chunks */ + int fltpgwait; /* [p] # of times fault had to wait on a page */ + int fltpgrele; /* [p] # of times fault found a released page */ + int fltrelck; /* [p] # of times fault relock called */ + int fltrelckok; /* [p] # of times fault relock is a success */ + int fltanget; /* [p] # of times fault gets anon page */ + int fltanretry; /* [p] # of times fault retrys an anon get */ + int fltamcopy; /* [p] # of times fault clears "needs copy" */ + int fltnamap; /* [p] # of times fault maps a neighbor anon page */ + int fltnomap; /* [p] # of times fault maps a neighbor obj page */ + int fltlget; /* [p] # of times fault does a locked pgo_get */ + int fltget; /* [p] # of times fault does an unlocked get */ + int flt_anon; /* [p] # of times fault anon (case 1a) */ + int flt_acow; /* [p] # of times fault anon cow (case 1b) */ + int flt_obj; /* [p] # of times fault is on object page (2a) */ + int flt_prcopy; /* [p] # of times fault promotes with copy (2b) */ + int flt_przero; /* [p] # of times fault promotes with zerofill (2b) */ /* daemon counters */ - int pdwoke; /* number of times daemon woke up */ + int pdwoke; /* [F] # of times daemon woke up */ int pdrevs; /* number of times daemon rev'd clock hand */ int pdswout; /* number of times daemon called for swapout */ int pdfreed; /* number of pages daemon freed since boot */ diff --git a/usr.bin/whois/whois.1 b/usr.bin/whois/whois.1 index f5318951e..479ab9d29 100644 --- a/usr.bin/whois/whois.1 +++ b/usr.bin/whois/whois.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: whois.1,v 1.40 2024/03/16 02:00:31 millert Exp $ +.\" $OpenBSD: whois.1,v 1.41 2024/03/24 19:51:47 millert Exp $ .\" $NetBSD: whois.1,v 1.5 1995/08/31 21:51:32 jtc Exp $ .\" .\" Copyright (c) 1985, 1990, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)whois.1 8.2 (Berkeley) 6/20/94 .\" -.Dd $Mdocdate: March 16 2024 $ +.Dd $Mdocdate: March 24 2024 $ .Dt WHOIS 1 .Os .Sh NAME @@ -224,28 +224,6 @@ For more information as to what operands have special meaning, and how to guide the search, use the special name .Dq help . -.Ss Special cases -Queries beginning with an exclamation point -.Ql \&! -are assumed to be -.Tn NSI -contact handles. -Unless a host or domain is specified on the command line, -.Pq whois.networksolutions.com -will be used as the -.Nm -database. -.Pp -Similarly, queries beginning with -.Dq COCO- -are assumed to be -.Tn CORE -contact handles. -Unless a host or domain is specified on the command line, -.Pq whois.corenic.net -will be used as the -.Nm -database. .Sh EXAMPLES Most types of data, such as domain names and .Tn IP diff --git a/usr.bin/whois/whois.c b/usr.bin/whois/whois.c index f45d0861f..b554f0d84 100644 --- a/usr.bin/whois/whois.c +++ b/usr.bin/whois/whois.c @@ -1,4 +1,4 @@ -/* $OpenBSD: whois.c,v 1.61 2024/03/16 06:29:36 jmc Exp $ */ +/* $OpenBSD: whois.c,v 1.62 2024/03/24 19:51:47 millert Exp $ */ /* * Copyright (c) 1980, 1993 @@ -46,7 +46,6 @@ #define NICHOST "whois.crsnic.net" #define INICHOST "whois.internic.net" -#define CNICHOST "whois.corenic.net" #define DNICHOST "whois.nic.mil" #define GNICHOST "whois.nic.gov" #define ANICHOST "whois.arin.net" @@ -297,10 +296,9 @@ whois(const char *query, const char *server, const char *port, int flags) /* * If no country is specified determine the top level domain from the query. * If the TLD is a number, query ARIN, otherwise, use TLD.whois-server.net. - * If the domain does not contain '.', check to see if it is an NSI handle - * (starts with '!') or a CORE handle (COCO-[0-9]+ or COHO-[0-9]+) or an - * ASN (starts with AS) or IPv6 address (contains ':'). Fall back to - * NICHOST for the non-handle and non-IPv6 case. + * If the domain does not contain '.', check to see if it is an ASN (starts + * with AS) or IPv6 address (contains ':'). + * Fall back to NICHOST for the non-handle and non-IPv6 case. */ char * choose_server(const char *name, const char *country, char **tofree) @@ -318,13 +316,7 @@ choose_server(const char *name, const char *country, char **tofree) if (country != NULL) qhead = country; else if ((qhead = strrchr(name, '.')) == NULL) { - if (*name == '!') - return (INICHOST); - else if ((strncasecmp(name, "COCO-", 5) == 0 || - strncasecmp(name, "COHO-", 5) == 0) && - strtol(name + 5, &ep, 10) > 0 && *ep == '\0') - return (CNICHOST); - else if ((strncasecmp(name, "AS", 2) == 0) && + if ((strncasecmp(name, "AS", 2) == 0) && strtol(name + 2, &ep, 10) > 0 && *ep == '\0') return (MNICHOST); else if (strchr(name, ':') != NULL) /* IPv6 address */ diff --git a/usr.sbin/httpd/http.h b/usr.sbin/httpd/http.h index b9f21b859..7fc6f6f33 100644 --- a/usr.sbin/httpd/http.h +++ b/usr.sbin/httpd/http.h @@ -1,4 +1,4 @@ -/* $OpenBSD: http.h,v 1.16 2020/09/12 07:34:17 yasuoka Exp $ */ +/* $OpenBSD: http.h,v 1.17 2024/03/24 10:53:27 job Exp $ */ /* * Copyright (c) 2012 - 2015 Reyk Floeter @@ -131,7 +131,8 @@ struct http_error { { 100, "Continue" }, \ { 101, "Switching Protocols" }, \ { 102, "Processing" }, \ - /* 103-199 unassigned */ \ + { 103, "Early Hints" }, \ + /* 104-199 unassigned */ \ { 200, "OK" }, \ { 201, "Created" }, \ { 202, "Accepted" }, \ @@ -175,10 +176,10 @@ struct http_error { { 418, "I'm a teapot" }, \ /* 419-421 unassigned */ \ { 420, "Enhance Your Calm" }, \ - { 422, "Unprocessable Entity" }, \ + { 422, "Unprocessable Content" }, \ { 423, "Locked" }, \ { 424, "Failed Dependency" }, \ - /* 425 unassigned */ \ + { 425, "Too Early" }, \ { 426, "Upgrade Required" }, \ /* 427 unassigned */ \ { 428, "Precondition Required" }, \ diff --git a/usr.sbin/ocspcheck/ocspcheck.c b/usr.sbin/ocspcheck/ocspcheck.c index 234f3d22f..9739e398e 100644 --- a/usr.sbin/ocspcheck/ocspcheck.c +++ b/usr.sbin/ocspcheck/ocspcheck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocspcheck.c,v 1.32 2023/11/13 11:46:24 tb Exp $ */ +/* $OpenBSD: ocspcheck.c,v 1.33 2024/03/24 11:30:12 beck Exp $ */ /* * Copyright (c) 2017,2020 Bob Beck @@ -34,6 +34,7 @@ #include #include +#include #include #include "http.h" @@ -193,7 +194,7 @@ parse_ocsp_time(ASN1_GENERALIZEDTIME *gt) return -1; if (!ASN1_TIME_to_tm(gt, &tm)) return -1; - if ((rv = timegm(&tm)) == -1) + if (!OPENSSL_timegm(&tm, &rv)) return -1; return rv; } diff --git a/usr.sbin/smtpd/smtpd.conf.5 b/usr.sbin/smtpd/smtpd.conf.5 index 24fa6daba..03f094c01 100644 --- a/usr.sbin/smtpd/smtpd.conf.5 +++ b/usr.sbin/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.270 2024/03/18 08:48:50 op Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.271 2024/03/24 06:22:18 jsg Exp $ .\" .\" Copyright (c) 2008 Janne Johansson .\" Copyright (c) 2009 Jacek Masiulaniec @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" -.Dd $Mdocdate: March 18 2024 $ +.Dd $Mdocdate: March 24 2024 $ .Dt SMTPD.CONF 5 .Os .Sh NAME @@ -1130,7 +1130,7 @@ is a successful delivery; status 71 and 75 .Pq Dv EX_TEMPFAIL are temporary failures; and all other exit status are considered -permament failures. +permanent failures. .Pp The following environment variables are set: .Pp