sync with OpenBSD -current
This commit is contained in:
parent
3af7aba2fd
commit
222e583e28
GPG key ID:
F42C07F07E2E35B7
80 changed files with 1944 additions and 657 deletions
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: HMAC.3,v 1.20 2022/01/25 17:55:39 tb Exp $
|
||||
.\" $OpenBSD: HMAC.3,v 1.21 2024/05/26 09:54:16 tb Exp $
|
||||
.\" full merge up to: OpenSSL crypto/hmac a528d4f0 Oct 27 13:40:11 2015 -0400
|
||||
.\" selective merge up to: OpenSSL man3/HMAC b3696a55 Sep 2 09:35:50 2017 -0400
|
||||
.\"
|
||||
|
|
@ -52,7 +52,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: January 25 2022 $
|
||||
.Dd $Mdocdate: May 26 2024 $
|
||||
.Dt HMAC 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -160,11 +160,6 @@ which must have space for the output of the hash function, which is no
|
|||
more than
|
||||
.Dv EVP_MAX_MD_SIZE
|
||||
bytes.
|
||||
If
|
||||
.Fa md
|
||||
is
|
||||
.Dv NULL ,
|
||||
the digest is placed in a static array, which is not thread safe.
|
||||
The size of the output is placed in
|
||||
.Fa md_len ,
|
||||
unless it is
|
||||
|
|
@ -329,3 +324,11 @@ and
|
|||
.Fn HMAC_CTX_get_md
|
||||
first appeared in OpenSSL 1.1.0 and have been available since
|
||||
.Ox 6.3 .
|
||||
.Sh CAVEATS
|
||||
Other implementations allow
|
||||
.Fa md
|
||||
in
|
||||
.Fn HMAC
|
||||
to be
|
||||
.Dv NULL
|
||||
and return a static array, which is not thread safe.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: MD5.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $
|
||||
.\" $OpenBSD: MD5.3,v 1.9 2024/05/26 09:54:16 tb Exp $
|
||||
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
|
||||
.\"
|
||||
.\" This file was written by Ulf Moeller <ulf@openssl.org> and
|
||||
|
|
@ -49,7 +49,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: March 27 2018 $
|
||||
.Dd $Mdocdate: May 26 2024 $
|
||||
.Dt MD5 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -123,11 +123,6 @@ and place it in
|
|||
which must have space for
|
||||
.Dv MD4_DIGEST_LENGTH No == Dv MD5_DIGEST_LENGTH No == 16
|
||||
bytes of output.
|
||||
If
|
||||
.Fa md
|
||||
is
|
||||
.Dv NULL ,
|
||||
the digest is placed in a static array.
|
||||
.Pp
|
||||
The following functions may be used if the message is not completely
|
||||
stored in memory:
|
||||
|
|
@ -194,3 +189,13 @@ and
|
|||
.Fn MD4_Final
|
||||
first appeared in OpenSSL 0.9.6 and have been available since
|
||||
.Ox 2.9 .
|
||||
.Sh CAVEATS
|
||||
Other implementations allow
|
||||
.Fa md
|
||||
in
|
||||
.Fn MD4
|
||||
and
|
||||
.Fn MD5
|
||||
to be
|
||||
.Dv NULL
|
||||
and return a static array, which is not thread safe.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: RIPEMD160.3,v 1.7 2019/08/25 15:17:19 schwarze Exp $
|
||||
.\" $OpenBSD: RIPEMD160.3,v 1.8 2024/05/26 09:54:16 tb Exp $
|
||||
.\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000
|
||||
.\"
|
||||
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
|
||||
|
|
@ -48,7 +48,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: August 25 2019 $
|
||||
.Dd $Mdocdate: May 26 2024 $
|
||||
.Dt RIPEMD160 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -93,11 +93,6 @@ and places it in
|
|||
which must have space for
|
||||
.Dv RIPEMD160_DIGEST_LENGTH
|
||||
== 20 bytes of output.
|
||||
If
|
||||
.Fa md
|
||||
is
|
||||
.Dv NULL ,
|
||||
the digest is placed in a static array.
|
||||
.Pp
|
||||
The following functions may be used if the message is not completely
|
||||
stored in memory:
|
||||
|
|
@ -149,3 +144,11 @@ and
|
|||
.Fn RIPEMD160_Final
|
||||
first appeared in SSLeay 0.9.0 and have been available since
|
||||
.Ox 2.4 .
|
||||
.Sh CAVEATS
|
||||
Other implementations allow
|
||||
.Fa md
|
||||
in
|
||||
.Fn RIPEMD160
|
||||
to be
|
||||
.Dv NULL
|
||||
and return a static array, which is not thread safe.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: SHA1.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $
|
||||
.\" $OpenBSD: SHA1.3,v 1.8 2024/05/26 09:54:16 tb Exp $
|
||||
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
|
||||
.\"
|
||||
.\" This file was written by Ulf Moeller <ulf@openssl.org> and
|
||||
|
|
@ -49,7 +49,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: March 27 2018 $
|
||||
.Dd $Mdocdate: May 26 2024 $
|
||||
.Dt SHA1 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -195,11 +195,6 @@ and places it in
|
|||
which must have space for
|
||||
.Dv SHA_DIGEST_LENGTH
|
||||
== 20 bytes of output.
|
||||
If
|
||||
.Fa md
|
||||
is
|
||||
.Dv NULL ,
|
||||
the digest is placed in a static array, which is not thread safe.
|
||||
.Pp
|
||||
The following functions may be used if the message is not completely
|
||||
stored in memory:
|
||||
|
|
@ -274,3 +269,16 @@ first appeared in SSLeay 0.5.1 and have been available since
|
|||
The other functions first appeared in OpenSSL 0.9.8
|
||||
and have been available since
|
||||
.Ox 4.5 .
|
||||
.Sh CAVEATS
|
||||
Other implementations allow
|
||||
.Fa md
|
||||
in
|
||||
.Fn SHA1 ,
|
||||
.Fn SHA224 ,
|
||||
.Fn SHA256 ,
|
||||
.Fn SHA384 ,
|
||||
and
|
||||
.Fn SHA512
|
||||
to be
|
||||
.Dv NULL
|
||||
and return a static array, which is not thread safe.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ossl_typ.h,v 1.30 2023/08/11 05:10:35 tb Exp $ */
|
||||
/* $OpenBSD: ossl_typ.h,v 1.31 2024/05/27 09:12:32 jsg Exp $ */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
|
@ -94,9 +94,6 @@ typedef struct bn_gencb_st BN_GENCB;
|
|||
typedef struct bio_st BIO;
|
||||
typedef struct buf_mem_st BUF_MEM;
|
||||
|
||||
typedef struct comp_ctx_st COMP_CTX;
|
||||
typedef struct comp_method_st COMP_METHOD;
|
||||
|
||||
typedef struct evp_cipher_st EVP_CIPHER;
|
||||
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
|
||||
typedef struct evp_md_st EVP_MD;
|
||||
|
|
@ -130,7 +127,6 @@ typedef struct rand_meth_st RAND_METHOD;
|
|||
typedef struct x509_st X509;
|
||||
typedef struct X509_algor_st X509_ALGOR;
|
||||
typedef struct X509_crl_st X509_CRL;
|
||||
typedef struct x509_crl_method_st X509_CRL_METHOD;
|
||||
typedef struct x509_revoked_st X509_REVOKED;
|
||||
typedef struct X509_name_st X509_NAME;
|
||||
typedef struct X509_pubkey_st X509_PUBKEY;
|
||||
|
|
@ -147,9 +143,6 @@ typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
|
|||
typedef struct v3_ext_ctx X509V3_CTX;
|
||||
typedef struct conf_st CONF;
|
||||
|
||||
typedef struct store_st STORE;
|
||||
typedef struct store_method_st STORE_METHOD;
|
||||
|
||||
typedef struct ui_st UI;
|
||||
typedef struct ui_method_st UI_METHOD;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: x509_lib.c,v 1.20 2024/05/11 18:59:39 tb Exp $ */
|
||||
/* $OpenBSD: x509_lib.c,v 1.21 2024/05/28 15:40:38 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 1999.
|
||||
*/
|
||||
|
|
@ -244,85 +244,117 @@ X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
|
|||
}
|
||||
LCRYPTO_ALIAS(X509V3_get_d2i);
|
||||
|
||||
/* This function is a general extension append, replace and delete utility.
|
||||
* The precise operation is governed by the 'flags' value. The 'crit' and
|
||||
* 'value' arguments (if relevant) are the extensions internal structure.
|
||||
*/
|
||||
|
||||
int
|
||||
X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
|
||||
int crit, unsigned long flags)
|
||||
{
|
||||
int extidx = -1;
|
||||
int errcode;
|
||||
X509_EXTENSION *ext, *extmp;
|
||||
unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
|
||||
STACK_OF(X509_EXTENSION) *exts = *x;
|
||||
X509_EXTENSION *ext = NULL;
|
||||
X509_EXTENSION *existing;
|
||||
int extidx;
|
||||
int errcode = 0;
|
||||
int ret = 0;
|
||||
|
||||
/* If appending we don't care if it exists, otherwise
|
||||
* look for existing extension.
|
||||
*/
|
||||
if (ext_op != X509V3_ADD_APPEND)
|
||||
extidx = X509v3_get_ext_by_NID(*x, nid, -1);
|
||||
/* See if the extension already exists. */
|
||||
extidx = X509v3_get_ext_by_NID(*x, nid, -1);
|
||||
|
||||
/* See if extension exists */
|
||||
if (extidx >= 0) {
|
||||
/* If keep existing, nothing to do */
|
||||
if (ext_op == X509V3_ADD_KEEP_EXISTING)
|
||||
return 1;
|
||||
/* If default then its an error */
|
||||
if (ext_op == X509V3_ADD_DEFAULT) {
|
||||
switch (flags & X509V3_ADD_OP_MASK) {
|
||||
case X509V3_ADD_DEFAULT:
|
||||
/* If the extension exists, adding another one is an error. */
|
||||
if (extidx >= 0) {
|
||||
errcode = X509V3_R_EXTENSION_EXISTS;
|
||||
goto err;
|
||||
}
|
||||
/* If delete, just delete it */
|
||||
if (ext_op == X509V3_ADD_DELETE) {
|
||||
if ((extmp = sk_X509_EXTENSION_delete(*x, extidx)) == NULL)
|
||||
return -1;
|
||||
X509_EXTENSION_free(extmp);
|
||||
return 1;
|
||||
}
|
||||
} else {
|
||||
/* If replace existing or delete, error since
|
||||
* extension must exist
|
||||
break;
|
||||
case X509V3_ADD_APPEND:
|
||||
/*
|
||||
* XXX - Total misfeature. If the extension exists, appending
|
||||
* another one will invalidate the certificate. Unfortunately
|
||||
* things use this, in particular Viktor's DANE code.
|
||||
*/
|
||||
if ((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
|
||||
(ext_op == X509V3_ADD_DELETE)) {
|
||||
/* Pretend the extension didn't exist and append the new one. */
|
||||
extidx = -1;
|
||||
break;
|
||||
case X509V3_ADD_REPLACE:
|
||||
/* Replace existing extension, otherwise append the new one. */
|
||||
break;
|
||||
case X509V3_ADD_REPLACE_EXISTING:
|
||||
/* Can't replace a non-existent extension. */
|
||||
if (extidx < 0) {
|
||||
errcode = X509V3_R_EXTENSION_NOT_FOUND;
|
||||
goto err;
|
||||
}
|
||||
break;
|
||||
case X509V3_ADD_KEEP_EXISTING:
|
||||
/* If the extension exists, there's nothing to do. */
|
||||
if (extidx >= 0)
|
||||
goto done;
|
||||
break;
|
||||
case X509V3_ADD_DELETE:
|
||||
/* Can't delete a non-existent extension. */
|
||||
if (extidx < 0) {
|
||||
errcode = X509V3_R_EXTENSION_NOT_FOUND;
|
||||
goto err;
|
||||
}
|
||||
if ((existing = sk_X509_EXTENSION_delete(*x, extidx)) == NULL) {
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
X509_EXTENSION_free(existing);
|
||||
existing = NULL;
|
||||
goto done;
|
||||
default:
|
||||
errcode = X509V3_R_UNSUPPORTED_OPTION; /* XXX */
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* If we get this far then we have to create an extension:
|
||||
* could have some flags for alternative encoding schemes...
|
||||
*/
|
||||
|
||||
ext = X509V3_EXT_i2d(nid, crit, value);
|
||||
|
||||
if (!ext) {
|
||||
if ((ext = X509V3_EXT_i2d(nid, crit, value)) == NULL) {
|
||||
X509V3error(X509V3_R_ERROR_CREATING_EXTENSION);
|
||||
return 0;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* If extension exists replace it.. */
|
||||
/* From here, errors are fatal. */
|
||||
ret = -1;
|
||||
|
||||
/* If extension exists, replace it. */
|
||||
if (extidx >= 0) {
|
||||
extmp = sk_X509_EXTENSION_value(*x, extidx);
|
||||
X509_EXTENSION_free(extmp);
|
||||
if (!sk_X509_EXTENSION_set(*x, extidx, ext))
|
||||
return -1;
|
||||
return 1;
|
||||
existing = sk_X509_EXTENSION_value(*x, extidx);
|
||||
X509_EXTENSION_free(existing);
|
||||
existing = NULL;
|
||||
if (sk_X509_EXTENSION_set(*x, extidx, ext) == NULL) {
|
||||
/*
|
||||
* XXX - Can't happen. If it did happen, |existing| is
|
||||
* now a freed pointer. Nothing we can do here.
|
||||
*/
|
||||
goto err;
|
||||
}
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!*x && !(*x = sk_X509_EXTENSION_new_null()))
|
||||
return -1;
|
||||
if (!sk_X509_EXTENSION_push(*x, ext))
|
||||
return -1;
|
||||
if (exts == NULL)
|
||||
exts = sk_X509_EXTENSION_new_null();
|
||||
if (exts == NULL)
|
||||
goto err;
|
||||
|
||||
if (!sk_X509_EXTENSION_push(exts, ext))
|
||||
goto err;
|
||||
ext = NULL;
|
||||
|
||||
*x = exts;
|
||||
|
||||
done:
|
||||
return 1;
|
||||
|
||||
err:
|
||||
if (!(flags & X509V3_ADD_SILENT))
|
||||
err:
|
||||
if ((flags & X509V3_ADD_SILENT) == 0 && errcode != 0)
|
||||
X509V3error(errcode);
|
||||
return 0;
|
||||
|
||||
if (exts != *x)
|
||||
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
|
||||
X509_EXTENSION_free(ext);
|
||||
|
||||
return ret;
|
||||
}
|
||||
LCRYPTO_ALIAS(X509V3_add1_i2d);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue