sync with OpenBSD -current

lib/libcrypto/bio/bio.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio.h,v 1.63 2024/03/02 09:22:41 tb Exp $ */
+/* $OpenBSD: bio.h,v 1.64 2024/05/19 07:12:50 jsg Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -364,10 +364,6 @@ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
 #define BIO_C_GET_WRITE_GUARANTEE		140
 #define BIO_C_GET_READ_REQUEST			141
 #define BIO_C_SHUTDOWN_WR			142
-#define BIO_C_NREAD0				143
-#define BIO_C_NREAD				144
-#define BIO_C_NWRITE0				145
-#define BIO_C_NWRITE				146
 #define BIO_C_RESET_READ_REQUEST		147
 #define BIO_C_SET_MD_CTX			148
 
@@ -566,11 +562,6 @@ int	BIO_get_retry_reason(BIO *bio);
 void	BIO_set_retry_reason(BIO *bio, int reason);
 BIO *	BIO_dup_chain(BIO *in);
 
-int BIO_nread0(BIO *bio, char **buf);
-int BIO_nread(BIO *bio, char **buf, int num);
-int BIO_nwrite0(BIO *bio, char **buf);
-int BIO_nwrite(BIO *bio, char **buf, int num);
-
 long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
     long argl, long ret);
 

lib/libcrypto/cmac/cmac.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cmac.c,v 1.23 2024/03/02 09:30:21 tb Exp $ */
+/* $OpenBSD: cmac.c,v 1.24 2024/05/20 14:53:37 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -182,7 +182,7 @@ int
 CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
     const EVP_CIPHER *cipher, ENGINE *impl)
 {
-	static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
+	static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
 	int block_size;
 
 	/* All zeros means restart */

lib/libcrypto/cms/cms_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_local.h,v 1.5 2023/08/24 04:56:36 tb Exp $ */
+/* $OpenBSD: cms_local.h,v 1.6 2024/05/19 07:12:50 jsg Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -394,8 +394,6 @@ extern const ASN1_ITEM CMS_Attributes_Sign_it;
 extern const ASN1_ITEM CMS_Attributes_Verify_it;
 extern const ASN1_ITEM CMS_RecipientInfo_it;
 extern const ASN1_ITEM CMS_PasswordRecipientInfo_it;
-CMS_IssuerAndSerialNumber *CMS_IssuerAndSerialNumber_new(void);
-void CMS_IssuerAndSerialNumber_free(CMS_IssuerAndSerialNumber *a);
 
 #define CMS_SIGNERINFO_ISSUER_SERIAL    0
 #define CMS_SIGNERINFO_KEYIDENTIFIER    1
@@ -423,9 +421,6 @@ int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
     ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
 
-CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
-BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
-
 BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
     X509_ALGOR *mdalg);

lib/libcrypto/conf/conf_api.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_api.h,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: conf_api.h,v 1.5 2024/05/19 07:12:50 jsg Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -77,7 +77,6 @@ STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
 int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
 char *_CONF_get_string(const CONF *conf, const char *section,
     const char *name);
-long _CONF_get_number(const CONF *conf, const char *section, const char *name);
 
 int _CONF_new_data(CONF *conf);
 void _CONF_free_data(CONF *conf);

lib/libcrypto/dh/dh_err.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_err.c,v 1.19 2023/07/08 15:29:03 beck Exp $ */
+/* $OpenBSD: dh_err.c,v 1.21 2024/05/19 08:22:40 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -65,50 +65,48 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
 
-static ERR_STRING_DATA DH_str_functs[]=	{
+static ERR_STRING_DATA DH_str_functs[] = {
 	{ERR_FUNC(0xfff), "CRYPTO_internal"},
 	{0, NULL}
 };
 
-static ERR_STRING_DATA DH_str_reasons[]=
-	{
-{ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
-{ERR_REASON(DH_R_BN_DECODE_ERROR)        ,"bn decode error"},
-{ERR_REASON(DH_R_BN_ERROR)               ,"bn error"},
-{ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},
-{ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
-{ERR_REASON(DH_R_KEYS_NOT_SET)           ,"keys not set"},
-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL)     ,"key size too small"},
-{ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
-{ERR_REASON(DH_R_NON_FIPS_METHOD)        ,"non fips method"},
-{ERR_REASON(DH_R_NO_PARAMETERS_SET)      ,"no parameters set"},
-{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
-{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
-{ERR_REASON(DH_R_CHECK_INVALID_J_VALUE)   ,"check invalid j value"},
-{ERR_REASON(DH_R_CHECK_INVALID_Q_VALUE)   ,"check invalid q value"},
-{ERR_REASON(DH_R_CHECK_PUBKEY_INVALID)    ,"check pubkey invalid"},
-{ERR_REASON(DH_R_CHECK_PUBKEY_TOO_LARGE)  ,"check pubkey too large"},
-{ERR_REASON(DH_R_CHECK_PUBKEY_TOO_SMALL)  ,"check pubkey too small"},
-{ERR_REASON(DH_R_CHECK_P_NOT_PRIME)       ,"check p not prime"},
-{ERR_REASON(DH_R_CHECK_P_NOT_SAFE_PRIME)  ,"check p not safe prime"},
-{ERR_REASON(DH_R_CHECK_Q_NOT_PRIME)       ,"check q not prime"},
-{ERR_REASON(DH_R_MISSING_PUBKEY)          ,"missing pubkey"},
-{ERR_REASON(DH_R_NOT_SUITABLE_GENERATOR)  ,"not suitable generator"},
-{ERR_REASON(DH_R_UNABLE_TO_CHECK_GENERATOR),"unable to check generator"},
-{0,NULL}
-	};
+static ERR_STRING_DATA DH_str_reasons[] = {
+	{ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
+	{ERR_REASON(DH_R_BN_DECODE_ERROR)        ,"bn decode error"},
+	{ERR_REASON(DH_R_BN_ERROR)               ,"bn error"},
+	{ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},
+	{ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
+	{ERR_REASON(DH_R_KEYS_NOT_SET)           ,"keys not set"},
+	{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL)     ,"key size too small"},
+	{ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
+	{ERR_REASON(DH_R_NON_FIPS_METHOD)        ,"non fips method"},
+	{ERR_REASON(DH_R_NO_PARAMETERS_SET)      ,"no parameters set"},
+	{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
+	{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
+	{ERR_REASON(DH_R_CHECK_INVALID_J_VALUE)   ,"check invalid j value"},
+	{ERR_REASON(DH_R_CHECK_INVALID_Q_VALUE)   ,"check invalid q value"},
+	{ERR_REASON(DH_R_CHECK_PUBKEY_INVALID)    ,"check pubkey invalid"},
+	{ERR_REASON(DH_R_CHECK_PUBKEY_TOO_LARGE)  ,"check pubkey too large"},
+	{ERR_REASON(DH_R_CHECK_PUBKEY_TOO_SMALL)  ,"check pubkey too small"},
+	{ERR_REASON(DH_R_CHECK_P_NOT_PRIME)       ,"check p not prime"},
+	{ERR_REASON(DH_R_CHECK_P_NOT_SAFE_PRIME)  ,"check p not safe prime"},
+	{ERR_REASON(DH_R_CHECK_Q_NOT_PRIME)       ,"check q not prime"},
+	{ERR_REASON(DH_R_MISSING_PUBKEY)          ,"missing pubkey"},
+	{ERR_REASON(DH_R_NOT_SUITABLE_GENERATOR)  ,"not suitable generator"},
+	{ERR_REASON(DH_R_UNABLE_TO_CHECK_GENERATOR),"unable to check generator"},
+	{0,NULL}
+};
 
 #endif
 
-void ERR_load_DH_strings(void)
-	{
+void
+ERR_load_DH_strings(void)
+{
 #ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,DH_str_functs);
-		ERR_load_strings(0,DH_str_reasons);
-		}
-#endif
+	if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
+		ERR_load_strings(0, DH_str_functs);
+		ERR_load_strings(0, DH_str_reasons);
 	}
+#endif
+}
 LCRYPTO_ALIAS(ERR_load_DH_strings);

lib/libcrypto/dsa/dsa_err.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_err.c,v 1.19 2023/07/08 14:28:15 beck Exp $ */
+/* $OpenBSD: dsa_err.c,v 1.21 2024/05/19 08:22:40 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -65,40 +65,38 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
 
-static ERR_STRING_DATA DSA_str_functs[]= {
+static ERR_STRING_DATA DSA_str_functs[] = {
 	{ERR_FUNC(0xfff), "CRYPTO_internal"},
 	{0, NULL}
 };
 
-static ERR_STRING_DATA DSA_str_reasons[]=
-	{
-{ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
-{ERR_REASON(DSA_R_BN_DECODE_ERROR)       ,"bn decode error"},
-{ERR_REASON(DSA_R_BN_ERROR)              ,"bn error"},
-{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(DSA_R_DECODE_ERROR)          ,"decode error"},
-{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE)   ,"invalid digest type"},
-{ERR_REASON(DSA_R_INVALID_PARAMETERS)    ,"invalid parameters"},
-{ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
-{ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
-{ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD)   ,"non fips dsa method"},
-{ERR_REASON(DSA_R_NO_PARAMETERS_SET)     ,"no parameters set"},
-{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
-{0,NULL}
-	};
+static ERR_STRING_DATA DSA_str_reasons[] = {
+	{ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
+	{ERR_REASON(DSA_R_BN_DECODE_ERROR)       ,"bn decode error"},
+	{ERR_REASON(DSA_R_BN_ERROR)              ,"bn error"},
+	{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+	{ERR_REASON(DSA_R_DECODE_ERROR)          ,"decode error"},
+	{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE)   ,"invalid digest type"},
+	{ERR_REASON(DSA_R_INVALID_PARAMETERS)    ,"invalid parameters"},
+	{ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
+	{ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
+	{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
+	{ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD)   ,"non fips dsa method"},
+	{ERR_REASON(DSA_R_NO_PARAMETERS_SET)     ,"no parameters set"},
+	{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
+	{0,NULL}
+};
 
 #endif
 
-void ERR_load_DSA_strings(void)
-	{
+void
+ERR_load_DSA_strings(void)
+{
 #ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,DSA_str_functs);
-		ERR_load_strings(0,DSA_str_reasons);
-		}
-#endif
+	if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) {
+		ERR_load_strings(0, DSA_str_functs);
+		ERR_load_strings(0, DSA_str_reasons);
 	}
+#endif
+}
 LCRYPTO_ALIAS(ERR_load_DSA_strings);

lib/libcrypto/ec/ec_err.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_err.c,v 1.18 2023/07/28 09:28:37 tb Exp $ */
+/* $OpenBSD: ec_err.c,v 1.19 2024/05/19 08:26:03 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -70,8 +70,7 @@ static ERR_STRING_DATA EC_str_functs[] = {
 	{0, NULL}
 };
 
-static ERR_STRING_DATA EC_str_reasons[] =
-{
+static ERR_STRING_DATA EC_str_reasons[] = {
 	{ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
 	{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},
 	{ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"},

lib/libcrypto/idea/idea.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: idea.h,v 1.11 2023/07/07 12:51:58 beck Exp $ */
+/* $OpenBSD: idea.h,v 1.12 2024/05/19 07:12:50 jsg Exp $ */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -79,7 +79,6 @@ typedef struct idea_key_st {
 	IDEA_INT data[9][6];
 } IDEA_KEY_SCHEDULE;
 
-const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
     IDEA_KEY_SCHEDULE *ks);
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);

lib/libcrypto/man/BIO_s_bio.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_s_bio.3,v 1.19 2023/04/29 12:01:53 schwarze Exp $
+.\" $OpenBSD: BIO_s_bio.3,v 1.20 2024/05/19 07:12:50 jsg Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by
@@ -53,7 +53,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 29 2023 $
+.Dd $Mdocdate: May 19 2024 $
 .Dt BIO_S_BIO 3
 .Os
 .Sh NAME
@@ -69,16 +69,6 @@
 .Nm BIO_get_read_request ,
 .Nm BIO_ctrl_get_read_request ,
 .Nm BIO_ctrl_reset_read_request
-.\" The following non-copying I/O functions are intentionally undocumented
-.\" because they seem fragile and unused by anything:
-.\" .Nm BIO_nread0
-.\" .Nm BIO_nread
-.\" .Nm BIO_nwrite0
-.\" .Nm BIO_nwrite
-.\" .Nm BIO_C_NREAD0
-.\" .Nm BIO_C_NREAD
-.\" .Nm BIO_C_NWRITE0
-.\" .Nm BIO_C_NWRITE
 .Nd BIO pair BIO
 .Sh SYNOPSIS
 .In openssl/bio.h

lib/libcrypto/rsa/rsa.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.h,v 1.65 2023/07/28 10:05:16 tb Exp $ */
+/* $OpenBSD: rsa.h,v 1.66 2024/05/19 07:12:50 jsg Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -274,8 +274,6 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
 const RSA_METHOD *RSA_PKCS1_SSLeay(void);
 
-const RSA_METHOD *RSA_null_method(void);
-
 int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
 
 RSA *d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len);

lib/libcrypto/x509/x509_internal.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.27 2023/11/13 10:33:00 tb Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.28 2024/05/19 07:12:50 jsg Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -134,7 +134,6 @@ int x509_constraints_check(struct x509_constraints_names *names,
     struct x509_constraints_names *excluded, int *error);
 int x509_constraints_chain(STACK_OF(X509) *chain, int *error,
     int *depth);
-int x509_verify_cert_info_populate(X509 *cert);
 int x509_vfy_check_security_level(X509_STORE_CTX *ctx);
 
 __END_HIDDEN_DECLS