sync code with last improvements from OpenBSD

lib/libcrypto/man/BIO_f_base64.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: BIO_f_base64.3,v 1.13 2023/04/11 16:58:43 schwarze Exp $
+.\"	$OpenBSD: BIO_f_base64.3,v 1.14 2023/09/10 11:20:52 schwarze Exp $
 .\"	OpenSSL fc1d88f0 Wed Jul 2 22:42:40 2014 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,11 +49,15 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 11 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt BIO_F_BASE64 3
 .Os
 .Sh NAME
 .Nm BIO_f_base64
+.\" .Nm EVP_ENCODE_LENGTH and
+.\" .Nm EVP_DECODE_LENGTH are intentionally undocumented
+.\" because they are internal implemention details of BIO_f_base64(3)
+.\" and practically unused outside evp/bio_b64.c.
 .Nd base64 BIO filter
 .Sh SYNOPSIS
 .In openssl/bio.h

lib/libcrypto/man/EVP_CIPHER_meth_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.4 2023/09/05 14:37:00 schwarze Exp $
+.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.5 2023/09/10 05:22:46 jsg Exp $
 .\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 5 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt EVP_CIPHER_METH_NEW 3
 .Os
 .Sh NAME
@@ -393,7 +393,7 @@ All
 .Fn EVP_CIPHER_meth_set_*
 functions return 1.
 .Sh SEE ALSO
-.Xr evp 3 .
+.Xr evp 3 ,
 .Xr EVP_EncryptInit 3
 .Sh HISTORY
 These functions first appeared in OpenSSL 1.1.0 and have been available since

lib/libcrypto/man/EVP_PKEY_CTX_get_operation.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_CTX_get_operation.3,v 1.1 2023/09/09 14:39:09 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_get_operation.3,v 1.2 2023/09/10 04:05:26 jsg Exp $
 .\"
 .\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 9 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt EVP_PKEY_CTX_GET_OPERATION 3
 .Os
 .Sh NAME
@@ -53,7 +53,7 @@ if any:
 .It Dv EVP_PKEY_OP_VERIFYRECOVER Ta Xr EVP_PKEY_verify_recover_init 3 Ta RSA
 .El
 .Pp
-The rightmost column of the above table shows examples of algoritms
+The rightmost column of the above table shows examples of algorithms
 the return values can occur for.
 For example, if
 .Xr EVP_PKEY_base_id 3

lib/libcrypto/man/EVP_PKEY_keygen.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.12 2023/09/09 14:31:38 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.13 2023/09/10 04:05:26 jsg Exp $
 .\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 9 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt EVP_PKEY_KEYGEN 3
 .Os
 .Sh NAME
@@ -252,7 +252,7 @@ returns a function pointer to the currently installed callback function or
 if no callback function is installed.
 .Pp
 .Fn EVP_PKEY_CTX_get_keygen_info
-retuns the number of available parameters if
+returns the number of available parameters if
 .Fa idx
 is \-1, one of these parameters if
 .Fa idx

lib/libcrypto/man/OpenSSL_add_all_algorithms.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.13 2023/08/25 05:38:52 tb Exp $
+.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.14 2023/09/10 14:39:58 schwarze Exp $
 .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,14 +48,20 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 25 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt OPENSSL_ADD_ALL_ALGORITHMS 3
 .Os
 .Sh NAME
 .Nm OpenSSL_add_all_algorithms ,
 .Nm OpenSSL_add_all_ciphers ,
 .Nm OpenSSL_add_all_digests ,
-.Nm EVP_cleanup
+.Nm EVP_cleanup ,
+.Nm SSLeay_add_all_algorithms
+.\" .Nm OPENSSL_add_all_algorithms_conf ,
+.\" .Nm OPENSSL_add_all_algorithms_noconf ,
+.\" .Nm SSLeay_add_all_ciphers , and
+.\" .Nm SSLeay_add_all_digests are intentionally undocumented
+.\" because they are unused aliases.
 .Nd add algorithms to internal table
 .Sh SYNOPSIS
 .In openssl/evp.h
@@ -67,6 +73,8 @@
 .Fn OpenSSL_add_all_digests void
 .Ft void
 .Fn EVP_cleanup void
+.Ft void
+.Fn SSLeay_add_all_algorithms void
 .Sh DESCRIPTION
 These functions are deprecated.
 It is never useful for any application program
@@ -105,6 +113,10 @@ thus resetting the global associative array of names
 and all signature algorithm definitions to their default states,
 removing all application-defined types, key-value pairs, and aliases,
 including any that are unrelated to the EVP library.
+.Pp
+.Fn SSLeay_add_all_algorithms
+is a deprecated alias for
+.Fn OpenSSL_add_all_algorithms .
 .Sh SEE ALSO
 .Xr evp 3 ,
 .Xr EVP_add_cipher 3 ,
@@ -114,10 +126,10 @@ including any that are unrelated to the EVP library.
 .Xr OBJ_NAME_add 3 ,
 .Xr OPENSSL_config 3
 .Sh HISTORY
-.Fn EVP_cleanup
-and precursor functions
+.Fn EVP_cleanup ,
 .Fn SSLeay_add_all_algorithms ,
-.Fn SSLeay_add_all_ciphers ,
+and precursor functions
+.Fn SSLeay_add_all_ciphers
 and
 .Fn SSLeay_add_all_digests
 first appeared in SSLeay 0.8.0 and have been available since

lib/libcrypto/man/RSA_public_encrypt.3

@@ -1,7 +1,24 @@
-.\"	$OpenBSD: RSA_public_encrypt.3,v 1.12 2019/06/10 14:58:48 schwarze Exp $
+.\"	$OpenBSD: RSA_public_encrypt.3,v 1.13 2023/09/10 16:04:15 schwarze Exp $
 .\"	OpenSSL RSA_public_encrypt.pod 1e3f62a3 Jul 17 16:47:13 2017 +0200
 .\"
-.\" This file was written by Ulf Moeller <ulf@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Ulf Moeller <ulf@openssl.org>.
 .\" Copyright (c) 2000, 2004 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -48,12 +65,14 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt RSA_PUBLIC_ENCRYPT 3
 .Os
 .Sh NAME
 .Nm RSA_public_encrypt ,
-.Nm RSA_private_decrypt
+.Nm RSA_private_decrypt ,
+.Nm EVP_PKEY_encrypt_old ,
+.Nm EVP_PKEY_decrypt_old
 .Nd RSA public key cryptography
 .Sh SYNOPSIS
 .In openssl/rsa.h
@@ -73,6 +92,21 @@
 .Fa "RSA *rsa"
 .Fa "int padding"
 .Fc
+.In openssl/evp.h
+.Ft int
+.Fo EVP_PKEY_encrypt_old
+.Fa "unsigned char *to"
+.Fa "const unsigned char *from"
+.Fa "int flen"
+.Fa "EVP_PKEY *pkey"
+.Fc
+.Ft int
+.Fo EVP_PKEY_decrypt_old
+.Fa "unsigned char *to"
+.Fa "const unsigned char *from"
+.Fa "int flen"
+.Fa "EVP_PKEY *pkey"
+.Fc
 .Sh DESCRIPTION
 .Fn RSA_public_encrypt
 encrypts the
@@ -132,16 +166,50 @@ must point to a memory section large enough to hold the decrypted data
 .Fn RSA_size rsa ) .
 .Fa padding
 is the padding mode that was used to encrypt the data.
+.Pp
+.Fn EVP_PKEY_encrypt_old
+is a deprecated wrapper around
+.Fn RSA_public_encrypt
+that uses the
+.Vt RSA
+public key stored in
+.Fa pkey
+and
+.Dv RSA_PKCS1_PADDING .
+.Pp
+.Fn EVP_PKEY_decrypt_old
+is a deprecated wrapper around
+.Fn RSA_private_decrypt
+that uses the
+.Vt RSA
+private key stored in
+.Fa pkey
+and
+.Dv RSA_PKCS1_PADDING .
 .Sh RETURN VALUES
 .Fn RSA_public_encrypt
-returns the size of the encrypted data (i.e.\&
+and
+.Fn EVP_PKEY_encrypt_old
+return the size of the encrypted data (i.e.\&
 .Fn RSA_size rsa ) .
 .Fn RSA_private_decrypt
+and
+.Fn EVP_PKEY_decrypt_old
 returns the size of the recovered plaintext.
-.Pp
-On error, -1 is returned; the error codes can be obtained by
+On error, \-1 is returned; the error codes can be obtained by
 .Xr ERR_get_error 3 .
+.Pp
+In addition to the return values documented above,
+.Fn EVP_PKEY_encrypt_old
+may return 0 if the
+.Xr EVP_PKEY_id 3
+of
+.Fa pkey
+is not
+.Dv EVP_PKEY_RSA .
 .Sh SEE ALSO
+.Xr EVP_PKEY_decrypt 3 ,
+.Xr EVP_PKEY_encrypt 3 ,
 .Xr RSA_meth_set_priv_dec 3 ,
 .Xr RSA_new 3 ,
 .Xr RSA_size 3
@@ -154,6 +222,18 @@ and
 appeared in SSLeay 0.4 or earlier and have been available since
 .Ox 2.4 .
 .Pp
+.Fn EVP_PKEY_encrypt
+and
+.Fn EVP_PKEY_decrypt
+first appeared in SSLeay 0.9.0 and have been available since
+.Ox 2.4 .
+There were renamed to
+.Fn EVP_PKEY_encrypt_old
+and
+.Fn EVP_PKEY_decrypt_old
+in OpenSSL 1.0.0 and
+.Ox 4.9 .
+.Pp
 .Dv RSA_NO_PADDING
 is available since SSLeay 0.9.0.
 OAEP was added in OpenSSL 0.9.2b.

lib/libcrypto/man/des_read_pw.3

@@ -1,10 +1,26 @@
-.\"	$OpenBSD: des_read_pw.3,v 1.10 2020/06/19 17:17:13 schwarze Exp $
-.\"	OpenSSL doc/crypto/ui_compat.pod May 14 11:28:00 2006 +0000
-.\"	OpenSSL doc/crypto/des.pod 2a9aca32 Oct 25 08:44:10 2001 +0000
+.\" $OpenBSD: des_read_pw.3,v 1.11 2023/09/10 13:58:46 schwarze Exp $
+.\" full merge up to: OpenSSL doc/crypto/des.pod
+.\" 53934822 Jun 9 16:39:19 2016 -0400
 .\"
-.\" This file was written by Ulf Moeller <ulf@openssl.org> and
-.\" Richard Levitte <levitte@openssl.org>.
-.\" Copyright (c) 2000, 2001 The OpenSSL Project.  All rights reserved.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Ulf Moeller <ulf@openssl.org>.
+.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -50,32 +66,16 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 19 2020 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt DES_READ_PW 3
 .Os
 .Sh NAME
-.Nm des_read_pw ,
-.Nm des_read_pw_string ,
 .Nm EVP_read_pw_string ,
-.Nm EVP_read_pw_string_min
+.Nm EVP_read_pw_string_min ,
+.Nm EVP_set_pw_prompt ,
+.Nm EVP_get_pw_prompt
 .Nd compatibility user interface functions
 .Sh SYNOPSIS
-.In openssl/ui_compat.h
-.Ft int
-.Fo des_read_pw
-.Fa "char *buf"
-.Fa "char *buff"
-.Fa "int length"
-.Fa "const char *prompt"
-.Fa "int verify"
-.Fc
-.Ft int
-.Fo des_read_pw_string
-.Fa "char *buf"
-.Fa "int length"
-.Fa "const char *prompt"
-.Fa "int verify"
-.Fc
 .In openssl/evp.h
 .Ft int
 .Fo EVP_read_pw_string
@@ -92,73 +92,86 @@
 .Fa "const char *prompt"
 .Fa "int verify"
 .Fc
+.Ft void
+.Fo EVP_set_pw_prompt
+.Fa "const char *default_prompt"
+.Fc
+.Ft char *
+.Fn EVP_get_pw_prompt void
 .Sh DESCRIPTION
 These functions are deprecated.
 Use
 .Xr UI_UTIL_read_pw 3
 instead.
 .Pp
-The DES library contained a few routines to prompt for passwords.
-These aren't necessarily dependent on DES, and have therefore become
-part of the UI compatibility library.
-.Pp
-.Fn des_read_pw
-writes the string specified by
+.Fn EVP_read_pw_string
+writes the
 .Fa prompt
-to standard output, turns echo off, and reads an input string from the
-terminal.
+to
+.Pa /dev/tty ,
+or, if that could not be opened, to standard output, turns echo off,
+and reads an input string from
+.Pa /dev/tty ,
+or, if that could not be opened, from standard input.
 The string is returned in
 .Fa buf ,
 which must have space for at least
 .Fa length
 bytes.
+If the
+.Fa length
+argument exceeds
+.Dv BUFSIZ ,
+.Dv BUFSIZ
+is used instead.
 If
 .Fa verify
 is set, the user is asked for the password twice and unless the two
 copies match, an error is returned.
-The second password is stored in
-.Fa buff ,
-which must therefore also be at least
-.Fa length
-bytes.
 .Pp
-.Fn des_read_pw_string
-is a variant of
-.Fn des_read_pw
-that provides a buffer if
-.Fa verify
-is set.
-It is available in the MIT Kerberos library as well.
-If
-.Fa length
-exceeds
-.Dv BUFSIZ ,
-.Fn des_read_pw_string
-uses
-.Dv BUFSIZ .
-.Pp
-.Fn EVP_read_pw_string
-and
-.Fn EVP_read_pw_string_min
-are functionally similar to
-.Fn des_read_pw_string .
 .Fn EVP_read_pw_string_min
 additionally checks that the password is at least
 .Fa min_length
 bytes long.
-.Sh RETURN VALUES
-These functions return 0 on success and a negative value on failure.
 .Pp
-They return -1 if
+.Fn EVP_set_pw_prompt
+sets a default prompt to a copy of
+.Fa default_prompt ,
+or clears the default prompt if the
+.Fa default_prompt
+argument is
+.Dv NULL
+or an empty string.
+If the
+.Fa default_prompt
+argument is longer than 79 bytes,
+the copy is silently truncated to a string length of 79 bytes.
+.Pp
+As long as a default prompt is set,
+.Fn EVP_read_pw_string
+and
+.Fn EVP_read_pw_string_min
+can be called with a
+.Fa prompt
+argument of
+.Dv NULL ,
+in which case the default prompt is used instead.
+.Sh RETURN VALUES
+.Fn EVP_read_pw_string
+and
+.Fn EVP_read_pw_string_min
+return 0 on success or a negative value on failure.
+.Pp
+They return \-1 if
 .Fa length
 is less than or equal to zero or on memory allocation failure.
-They return -1 or -2 if the internal call to
+They return \-1 or \-2 if the internal call to
 .Xr UI_process 3
 fails.
 .Pp
 In addition,
 .Fa EVP_read_pw_string_min
-returns -1 if
+returns \-1 if
 .Fa min_length
 is negative, if
 .Fa length
@@ -166,16 +179,21 @@ is less than or equal to
 .Fa min_length ,
 or if the user entered a password shorter than
 .Fa min_length .
+.Pp
+.Fn EVP_get_pw_prompt
+returns an internal pointer to static memory containing the default prompt, or
+.Dv NULL
+if no default prompt is set.
 .Sh SEE ALSO
 .Xr UI_new 3 ,
 .Xr UI_UTIL_read_pw 3
 .Sh HISTORY
-.Fn des_read_pw_string
-appeared in SSLeay 0.4 or earlier.
 .Fn EVP_read_pw_string
-first appeared in SSLeay 0.5.1.
-.Fn des_read_pw
-first appeared in SSLeay 0.8.0.
+first appeared in SSLeay 0.5.1 and
+.Fn EVP_set_pw_prompt
+and
+.Fn EVP_get_pw_prompt
+in SSLeay 0.6.0.
 These functions have been available since
 .Ox 2.4 .
 .Pp
@@ -183,6 +201,3 @@ These functions have been available since
 first appeared in OpenSSL 1.0.0
 and has been available since
 .Ox 4.9 .
-.Sh AUTHORS
-.An Richard Levitte Aq Mt richard@levitte.org
-for the OpenSSL project.