sync with OpenBSD -current

lib/libcrypto/crypto.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.75 2024/08/31 12:43:58 jsing Exp $ */
+/* $OpenBSD: crypto.h,v 1.76 2024/10/03 03:47:40 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -416,6 +416,7 @@ int CRYPTO_memcmp(const void *a, const void *b, size_t len);
 #define OPENSSL_INIT_reserved_internal		_OPENSSL_INIT_FLAG_NOOP
 #define OPENSSL_INIT_ATFORK			_OPENSSL_INIT_FLAG_NOOP
 #define OPENSSL_INIT_ENGINE_ALL_BUILTIN		_OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_NO_ATEXIT			_OPENSSL_INIT_FLAG_NOOP
 
 int OPENSSL_init_crypto(uint64_t opts, const void *settings);
 void OPENSSL_cleanup(void);

lib/libcrypto/ec/ec_asn1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1.c,v 1.53 2024/04/17 23:24:18 tb Exp $ */
+/* $OpenBSD: ec_asn1.c,v 1.57 2024/10/03 05:07:49 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -405,7 +405,7 @@ static const ASN1_TEMPLATE ECPARAMETERS_seq_tt[] = {
 	},
 };
 
-const ASN1_ITEM ECPARAMETERS_it = {
+static const ASN1_ITEM ECPARAMETERS_it = {
 	.itype = ASN1_ITYPE_SEQUENCE,
 	.utype = V_ASN1_SEQUENCE,
 	.templates = ECPARAMETERS_seq_tt,
@@ -451,7 +451,7 @@ static const ASN1_TEMPLATE ECPKPARAMETERS_ch_tt[] = {
 	},
 };
 
-const ASN1_ITEM ECPKPARAMETERS_it = {
+static const ASN1_ITEM ECPKPARAMETERS_it = {
 	.itype = ASN1_ITYPE_CHOICE,
 	.utype = offsetof(ECPKPARAMETERS, type),
 	.templates = ECPKPARAMETERS_ch_tt,
@@ -760,20 +760,19 @@ ec_asn1_group2parameters(const EC_GROUP *group, ECPARAMETERS *param)
 		ECerror(ERR_R_ASN1_LIB);
 		goto err;
 	}
-	/* set the order */
 	if (!EC_GROUP_get_order(group, tmp, NULL)) {
 		ECerror(ERR_R_EC_LIB);
 		goto err;
 	}
-	ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
-	if (ret->order == NULL) {
+	ASN1_INTEGER_free(ret->order);
+	if ((ret->order = BN_to_ASN1_INTEGER(tmp, NULL)) == NULL) {
 		ECerror(ERR_R_ASN1_LIB);
 		goto err;
 	}
-	/* set the cofactor (optional) */
+	ASN1_INTEGER_free(ret->cofactor);
+	ret->cofactor = NULL;
 	if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
-		ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
-		if (ret->cofactor == NULL) {
+		if ((ret->cofactor = BN_to_ASN1_INTEGER(tmp, NULL)) == NULL) {
 			ECerror(ERR_R_ASN1_LIB);
 			goto err;
 		}
@@ -842,9 +841,9 @@ ec_asn1_parameters2group(const ECPARAMETERS *params)
 {
 	int ok = 0, tmp;
 	EC_GROUP *ret = NULL;
-	BIGNUM *p = NULL, *a = NULL, *b = NULL;
+	BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL;
 	EC_POINT *point = NULL;
-	long field_bits;
+	int field_bits;
 
 	if (!params->fieldID || !params->fieldID->fieldType ||
 	    !params->fieldID->p.ptr) {
@@ -933,29 +932,26 @@ ec_asn1_parameters2group(const ECPARAMETERS *params)
 		ECerror(ERR_R_EC_LIB);
 		goto err;
 	}
-	/* extract the order */
-	if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
+	if ((order = ASN1_INTEGER_to_BN(params->order, NULL)) == NULL) {
 		ECerror(ERR_R_ASN1_LIB);
 		goto err;
 	}
-	if (BN_is_negative(a) || BN_is_zero(a)) {
+	if (BN_is_negative(order) || BN_is_zero(order)) {
 		ECerror(EC_R_INVALID_GROUP_ORDER);
 		goto err;
 	}
-	if (BN_num_bits(a) > (int) field_bits + 1) {	/* Hasse bound */
+	if (BN_num_bits(order) > field_bits + 1) {	/* Hasse bound */
 		ECerror(EC_R_INVALID_GROUP_ORDER);
 		goto err;
 	}
-	/* extract the cofactor (optional) */
-	if (params->cofactor == NULL) {
-		BN_free(b);
-		b = NULL;
-	} else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
-		ECerror(ERR_R_ASN1_LIB);
-		goto err;
+	if (params->cofactor != NULL) {
+		if ((cofactor = ASN1_INTEGER_to_BN(params->cofactor,
+		    NULL)) == NULL) {
+			ECerror(ERR_R_ASN1_LIB);
+			goto err;
+		}
 	}
-	/* set the generator, order and cofactor (if present) */
-	if (!EC_GROUP_set_generator(ret, point, a, b)) {
+	if (!EC_GROUP_set_generator(ret, point, order, cofactor)) {
 		ECerror(ERR_R_EC_LIB);
 		goto err;
 	}
@@ -969,8 +965,11 @@ ec_asn1_parameters2group(const ECPARAMETERS *params)
 	BN_free(p);
 	BN_free(a);
 	BN_free(b);
+	BN_free(order);
+	BN_free(cofactor);
 	EC_POINT_free(point);
-	return (ret);
+
+	return ret;
 }
 
 EC_GROUP *

lib/libcrypto/ec/ec_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_local.h,v 1.27 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: ec_local.h,v 1.28 2024/10/03 06:24:07 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -216,9 +216,6 @@ struct ec_group_st {
 	/* Montgomery context and values used by EC_GFp_mont_method. */
 	BN_MONT_CTX *mont_ctx;
 	BIGNUM *mont_one;
-
-	int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *,
-	    BN_CTX *);
 } /* EC_GROUP */;
 
 struct ec_key_st {

lib/libcrypto/man/X509V3_EXT_get_nid.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509V3_EXT_get_nid.3,v 1.4 2024/05/14 06:57:10 tb Exp $
+.\" $OpenBSD: X509V3_EXT_get_nid.3,v 1.5 2024/10/03 03:31:47 tb Exp $
 .\"
 .\" Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: May 14 2024 $
+.Dd $Mdocdate: October 3 2024 $
 .Dt X509V3_EXT_GET_NID 3
 .Os
 .Sh NAME
@@ -43,7 +43,7 @@ The library's
 .Vt X509V3_EXT_METHOD
 type,
 which is not yet documented in detail,
-contains a numeric identifier to represent the OID and various
+contains a numeric identifier (NID) to represent the OID and various
 handlers for encoding, decoding, printing, and configuring the
 extension's value.
 Criticality is handled separately, for example as an argument to