sync with OpenBSD -current

lib/libc/asr/getaddrinfo_async.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: getaddrinfo_async.c,v 1.60 2023/11/20 12:15:16 florian Exp $	*/
+/*	$OpenBSD: getaddrinfo_async.c,v 1.61 2023/11/21 15:26:56 florian Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -115,7 +115,7 @@ getaddrinfo_async_run(struct asr_query *as, struct asr_result *ar)
 	char		 fqdn[MAXDNAME];
 	const char	*str;
 	struct addrinfo	*ai;
-	int		 i, family, r, is_localhost;
+	int		 i, family, r, is_localhost = 0;
 	FILE		*f;
 	union {
 		struct sockaddr		sa;
@@ -228,7 +228,8 @@ getaddrinfo_async_run(struct asr_query *as, struct asr_result *ar)
 
 		ar->ar_gai_errno = 0;
 
-		is_localhost = _asr_is_localhost(as->as.ai.hostname);
+		if (!(ai->ai_flags & AI_NUMERICHOST))
+			is_localhost = _asr_is_localhost(as->as.ai.hostname);
 		/*
 		 * If hostname is NULL, "localhost" or falls within the
 		 * ".localhost." domain, use local address.

lib/libc/asr/gethostnamadr_async.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: gethostnamadr_async.c,v 1.48 2023/11/20 12:15:16 florian Exp $	*/
+/*	$OpenBSD: gethostnamadr_async.c,v 1.49 2023/11/22 13:19:31 florian Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -205,7 +205,8 @@ gethostnamadr_async_run(struct asr_query *as, struct asr_result *ar)
 			}
 
 			if (!hnok_lenient(as->as.hostnamadr.name)) {
-				ar->ar_gai_errno = EAI_FAIL;
+				ar->ar_h_errno = NETDB_INTERNAL;
+				ar->ar_errno = EINVAL;
 				async_set_state(as, ASR_STATE_HALT);
 				break;
 			}

lib/libcrypto/ec/ec_print.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_print.c,v 1.13 2023/07/07 13:54:45 beck Exp $ */
+/* $OpenBSD: ec_print.c,v 1.14 2023/11/21 22:17:15 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -63,8 +63,7 @@ EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *point,
 	size_t buf_len = 0;
 	unsigned char *buf;
 
-	buf_len = EC_POINT_point2oct(group, point, form,
-	    NULL, 0, ctx);
+	buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx);
 	if (buf_len == 0)
 		return NULL;
 

lib/libcrypto/ec/eck_prn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: eck_prn.c,v 1.28 2023/07/07 13:54:45 beck Exp $ */
+/* $OpenBSD: eck_prn.c,v 1.30 2023/11/21 22:05:33 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -160,10 +160,6 @@ ECParameters_print(BIO *bp, const EC_KEY *x)
 }
 LCRYPTO_ALIAS(ECParameters_print);
 
-static int
-print_bin(BIO *fp, const char *str, const unsigned char *num,
-    size_t len, int off);
-
 static int
 ecpk_print_asn1_parameters(BIO *bp, const EC_GROUP *group, int off)
 {
@@ -289,8 +285,33 @@ ecpk_print_explicit_parameters(BIO *bp, const EC_GROUP *group, int off)
 	if (!bn_printf(bp, cofactor, off, "Cofactor: "))
 		goto err;
 	if ((seed = EC_GROUP_get0_seed(group)) != NULL) {
+		size_t i;
+
 		seed_len = EC_GROUP_get_seed_len(group);
-		if (!print_bin(bp, "Seed:", seed, seed_len, off))
+
+		/* XXX - ecx_buf_print() has a CBS version of this - dedup. */
+		if (!BIO_indent(bp, off, 128))
+			goto err;
+		if (BIO_printf(bp, "Seed:") <= 0)
+			goto err;
+
+		for (i = 0; i < seed_len; i++) {
+			const char *sep = ":";
+
+			if (i % 15 == 0) {
+				if (BIO_printf(bp, "\n") <= 0)
+					goto err;
+				if (!BIO_indent(bp, off + 4, 128))
+					goto err;
+			}
+
+			if (i + 1 == seed_len)
+				sep = "";
+			if (BIO_printf(bp, "%02x%s", seed[i], sep) <= 0)
+				goto err;
+		}
+
+		if (BIO_printf(bp, "\n") <= 0)
 			goto err;
 	}
 
@@ -316,38 +337,3 @@ ECPKParameters_print(BIO *bp, const EC_GROUP *group, int off)
 	return ecpk_print_explicit_parameters(bp, group, off);
 }
 LCRYPTO_ALIAS(ECPKParameters_print);
-
-static int
-print_bin(BIO *fp, const char *name, const unsigned char *buf,
-    size_t len, int off)
-{
-	size_t i;
-	char str[128];
-
-	if (buf == NULL)
-		return 1;
-	if (off) {
-		if (off > 128)
-			off = 128;
-		memset(str, ' ', off);
-		if (BIO_write(fp, str, off) <= 0)
-			return 0;
-	}
-	if (BIO_printf(fp, "%s", name) <= 0)
-		return 0;
-
-	for (i = 0; i < len; i++) {
-		if ((i % 15) == 0) {
-			str[0] = '\n';
-			memset(&(str[1]), ' ', off + 4);
-			if (BIO_write(fp, str, off + 1 + 4) <= 0)
-				return 0;
-		}
-		if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <= 0)
-			return 0;
-	}
-	if (BIO_write(fp, "\n", 1) <= 0)
-		return 0;
-
-	return 1;
-}

lib/libssl/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.80 2023/07/06 07:56:32 beck Exp $
+# $OpenBSD: Makefile,v 1.81 2023/11/22 15:55:28 tb Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -44,7 +44,6 @@ SRCS= \
 	pqueue.c \
 	s3_cbc.c \
 	s3_lib.c \
-	ssl_algs.c \
 	ssl_asn1.c \
 	ssl_both.c \
 	ssl_cert.c \

lib/libssl/ssl.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.231 2023/11/19 15:51:49 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.232 2023/11/22 15:43:42 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1395,8 +1395,6 @@ void SSL_set_accept_state(SSL *s);
 
 long SSL_get_default_timeout(const SSL *s);
 
-int SSL_library_init(void );
-
 char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
 STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
 
@@ -2352,6 +2350,7 @@ void ERR_load_SSL_strings(void);
 #define OPENSSL_INIT_SSL_DEFAULT	_OPENSSL_INIT_FLAG_NOOP
 
 int OPENSSL_init_ssl(uint64_t opts, const void *settings);
+int SSL_library_init(void);
 
 #ifdef  __cplusplus
 }

lib/libssl/ssl_algs.c

@@ -1,125 +0,0 @@
-/* $OpenBSD: ssl_algs.c,v 1.32 2023/07/08 16:40:13 beck Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/opensslconf.h>
-
-#include "ssl_local.h"
-
-int
-SSL_library_init(void)
-{
-
-#ifndef OPENSSL_NO_DES
-	EVP_add_cipher(EVP_des_cbc());
-	EVP_add_cipher(EVP_des_ede3_cbc());
-#endif
-#ifndef OPENSSL_NO_RC4
-	EVP_add_cipher(EVP_rc4());
-#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
-	EVP_add_cipher(EVP_rc4_hmac_md5());
-#endif
-#endif
-#ifndef OPENSSL_NO_RC2
-	EVP_add_cipher(EVP_rc2_cbc());
-	/* Not actually used for SSL/TLS but this makes PKCS#12 work
-	 * if an application only calls SSL_library_init().
-	 */
-	EVP_add_cipher(EVP_rc2_40_cbc());
-#endif
-	EVP_add_cipher(EVP_aes_128_cbc());
-	EVP_add_cipher(EVP_aes_192_cbc());
-	EVP_add_cipher(EVP_aes_256_cbc());
-	EVP_add_cipher(EVP_aes_128_gcm());
-	EVP_add_cipher(EVP_aes_256_gcm());
-	EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
-	EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-#ifndef OPENSSL_NO_CAMELLIA
-	EVP_add_cipher(EVP_camellia_128_cbc());
-	EVP_add_cipher(EVP_camellia_256_cbc());
-#endif
-#ifndef OPENSSL_NO_GOST
-	EVP_add_cipher(EVP_gost2814789_cfb64());
-	EVP_add_cipher(EVP_gost2814789_cnt());
-#endif
-
-	EVP_add_digest(EVP_md5());
-	EVP_add_digest(EVP_md5_sha1());
-	EVP_add_digest_alias(SN_md5, "ssl2-md5");
-	EVP_add_digest_alias(SN_md5, "ssl3-md5");
-
-	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
-	EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
-	EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-	EVP_add_digest(EVP_sha224());
-	EVP_add_digest(EVP_sha256());
-	EVP_add_digest(EVP_sha384());
-	EVP_add_digest(EVP_sha512());
-#ifndef OPENSSL_NO_GOST
-	EVP_add_digest(EVP_gostr341194());
-	EVP_add_digest(EVP_gost2814789imit());
-	EVP_add_digest(EVP_streebog256());
-	EVP_add_digest(EVP_streebog512());
-#endif
-
-	return (1);
-}
-LSSL_ALIAS(SSL_library_init);

lib/libssl/ssl_init.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_init.c,v 1.4 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_init.c,v 1.6 2023/11/22 15:53:53 tb Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  *
@@ -26,12 +26,18 @@
 
 static pthread_t ssl_init_thread;
 
+int
+SSL_library_init(void)
+{
+	return OPENSSL_init_ssl(0, NULL);
+}
+LSSL_ALIAS(SSL_library_init);
+
 static void
 OPENSSL_init_ssl_internal(void)
 {
 	ssl_init_thread = pthread_self();
 	SSL_load_error_strings();
-	SSL_library_init();
 }
 
 int

lib/libtls/tls_verify.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_verify.c,v 1.28 2023/06/01 07:32:25 tb Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.29 2023/11/22 18:23:09 op Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  *
@@ -244,7 +244,7 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 		 * certificate as hostile.
 		 */
 		tls_set_errorx(ctx, "error verifying name '%s': "
-		    "Certificate subject contains mutiple Common Name fields, "
+		    "Certificate subject contains multiple Common Name fields, "
 		    "probably a malicious or malformed certificate", name);
 		goto err;
 	}