SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync code with last improvements from OpenBSD

Browse source
This commit is contained in:
purplerain 2023-08-17 07:36:55 +00:00
parent 454dab66ed
commit 27298272ec
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
237 changed files with 4666 additions and 2149 deletions
Download patch file Download diff file Expand all files Collapse all files

4
distrib/i386/ramdisk/list
View file

@ -1,4 +1,4 @@
# $OpenBSD: list,v 1.3 2021/07/18 15:18:48 deraadt Exp $
# $OpenBSD: list,v 1.4 2023/08/15 14:24:53 jsg Exp $
SRCDIRS distrib/special
@ -31,7 +31,6 @@ LINK instbin sbin/dmesg
LINK instbin sbin/fdisk
LINK instbin sbin/fsck
LINK instbin sbin/fsck_ffs
LINK instbin sbin/fsck_msdos
LINK instbin sbin/ifconfig
LINK instbin sbin/init
LINK instbin sbin/kbd
@ -39,7 +38,6 @@ LINK instbin sbin/mknod
LINK instbin sbin/mount
LINK instbin sbin/mount_cd9660
LINK instbin sbin/mount_ffs
LINK instbin sbin/mount_msdos
LINK instbin sbin/newfs
LINK instbin sbin/ping sbin/ping6
LINK instbin sbin/reboot sbin/halt

4
distrib/notes/amd64/xfer
View file

@ -1,9 +1,9 @@
dnl $OpenBSD: xfer,v 1.17 2023/03/16 18:04:07 miod Exp $
dnl $OpenBSD: xfer,v 1.18 2023/08/15 14:37:26 jsg Exp $
Installation is supported from several media types, including:
CD-ROM
FFS partitions
DOS (FAT) partitions
DOS (FAT) partitions (NOT supported if booting from floppy)
EXT2 partitions (NOT supported if booting from floppy)
Remote NFS partition (NOT supported if booting from floppy)
HTTP

4
distrib/notes/i386/xfer
View file

@ -1,9 +1,9 @@
dnl $OpenBSD: xfer,v 1.35 2019/08/01 19:42:52 jmc Exp $
dnl $OpenBSD: xfer,v 1.36 2023/08/15 14:27:27 miod Exp $
Installation is supported from several media types, including:
CD-ROM
FFS partitions
DOS (FAT) partitions
DOS (FAT) partitions (NOT supported if booting from floppy)
EXT2 partitions (NOT supported if booting from floppy)
dnl Remote NFS partition
HTTP

2
distrib/sets/lists/comp/mi
View file

@ -1952,8 +1952,10 @@
./usr/share/man/man3/EVP_VerifyInit.3
./usr/share/man/man3/EVP_aes_128_cbc.3
./usr/share/man/man3/EVP_camellia_128_cbc.3
./usr/share/man/man3/EVP_chacha20.3
./usr/share/man/man3/EVP_des_cbc.3
./usr/share/man/man3/EVP_rc4.3
./usr/share/man/man3/EVP_sha3_224.3
./usr/share/man/man3/EVP_sm3.3
./usr/share/man/man3/EVP_sm4_cbc.3
./usr/share/man/man3/EVP_whirlpool.3

4
distrib/special/bioctl/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:01 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:20 kn Exp $
PROG= bioctl
SRCS= bioctl.c
@ -15,7 +15,5 @@ CDIAGFLAGS+= -Wunused
CDIAGFLAGS+= -Wsign-compare
CDIAGFLAGS+= -Wshadow
MAN= bioctl.8
.PATH: ${.CURDIR}/../../../sbin/bioctl
.include <bsd.prog.mk>

3
distrib/special/chmod/Makefile
View file

@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:01 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:20 kn Exp $
PROG= chmod
CFLAGS+=-DSUPPORT_DOT
MAN= chmod.1 chgrp.1 chown.8 chflags.1
LINKS= ${BINDIR}/chmod ${BINDIR}/chgrp \
${BINDIR}/chmod /sbin/chown

4
distrib/special/dhcpleased/Makefile
View file

@ -1,12 +1,10 @@
# $OpenBSD: Makefile,v 1.2 2021/06/18 11:46:06 florian Exp $
# $OpenBSD: Makefile,v 1.3 2023/08/14 08:56:20 kn Exp $
PROG= dhcpleased
COPTS+= -DSMALL
.PATH: ${.CURDIR}/../../../sbin/dhcpleased
SRCS= bpf.c checksum.c dhcpleased.c engine.c frontend.c
MAN=
LDADD+= -levent -lutil
DPADD+= ${LIBEVENT} ${LIBUTIL}

3
distrib/special/disklabel/Makefile
View file

@ -1,10 +1,9 @@
# $OpenBSD: Makefile,v 1.13 2021/09/21 18:36:09 bluhm Exp $
# $OpenBSD: Makefile,v 1.14 2023/08/14 08:56:20 kn Exp $
PROG= disklabel
SRCS= disklabel.c dkcksum.c editor.c manual.c
DPADD= ${LIBUTIL}
LDADD= -lutil
MAN= disklabel.8 disklabel.5
CLEANFILES += disklabel.cat8 manual.c

4
distrib/special/fdisk/Makefile
View file

@ -1,5 +1,5 @@
#
# $OpenBSD: Makefile,v 1.6 2022/05/23 16:58:11 krw Exp $
# $OpenBSD: Makefile,v 1.7 2023/08/14 08:56:20 kn Exp $
#
# Copyright (c) 1997 Tobias Weingartner
#
@ -38,8 +38,6 @@ manual.c: fdisk.cat8
echo '};'; echo 'const int manpage_sz = sizeof(manpage);') > manual.c
.endif
MAN= fdisk.8
.if ${MACHINE} == "amd64" || ${MACHINE} == "i386" || ${MACHINE} == "landisk"
CFLAGS += -DHAS_MBR
.endif

3
distrib/special/fsck/Makefile
View file

@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:20 kn Exp $
PROG= fsck
SRCS= fsck.c fsutil.c preen.c
MAN= fsck.8
DPADD= ${LIBUTIL}
LDADD= -lutil

3
distrib/special/fsck_ext2fs/Makefile
View file

@ -1,7 +1,6 @@
# $OpenBSD: Makefile,v 1.2 2015/10/15 15:11:10 semarie Exp $
# $OpenBSD: Makefile,v 1.3 2023/08/14 08:56:20 kn Exp $
PROG= fsck_ext2fs
MAN= fsck_ext2fs.8
SRCS= dir.c inode.c main.c pass1.c pass1b.c pass2.c pass3.c pass4.c \
pass5.c fsutil.c setup.c utilities.c ext2fs_bswap.c
CFLAGS+= -I${.CURDIR}/../../../sbin/fsck -DSMALL

3
distrib/special/fsck_ffs/Makefile
View file

@ -1,7 +1,6 @@
# $OpenBSD: Makefile,v 1.3 2018/06/25 16:29:00 deraadt Exp $
# $OpenBSD: Makefile,v 1.4 2023/08/14 08:56:20 kn Exp $
PROG= fsck_ffs
MAN= fsck_ffs.8
SRCS= dir.c inode.c main.c pass1.c pass1b.c pass2.c pass3.c pass4.c \
pass5.c fsutil.c setup.c utilities.c ffs_subr.c ffs_tables.c
CFLAGS+= -I${.CURDIR}/../../../sbin/fsck -DSMALL

3
distrib/special/fsck_msdos/Makefile
View file

@ -1,7 +1,6 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:20 kn Exp $
PROG= fsck_msdos
MAN= fsck_msdos.8
SRCS= main.c check.c boot.c fat.c dir.c fsutil.c
.PATH: ${.CURDIR}/../../../sbin/fsck
CFLAGS+= -I${.CURDIR}/../../../sbin/fsck

3
distrib/special/ksh/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.7 2023/07/23 23:42:03 kn Exp $
# $OpenBSD: Makefile,v 1.8 2023/08/14 08:56:20 kn Exp $
PROG= ksh
SRCS= alloc.c c_ksh.c c_sh.c c_test.c c_ulimit.c edit.c emacs.c eval.c \
@ -8,7 +8,6 @@ SRCS= alloc.c c_ksh.c c_sh.c c_test.c c_ulimit.c edit.c emacs.c eval.c \
DEFS= -Wall -DEMACS -DSMALL
CFLAGS+=${DEFS} -I. -I${.CURDIR}/../../../bin/ksh -I${.CURDIR}/../../../lib/libc/gen
MAN= ksh.1 sh.1
LINKS= ${BINDIR}/ksh ${BINDIR}/rksh
LINKS+= ${BINDIR}/ksh ${BINDIR}/sh

3
distrib/special/ln/Makefile
View file

@ -1,7 +1,6 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:20 kn Exp $
PROG= ln
MAN= ln.1 symlink.7
.PATH: ${.CURDIR}/../../../bin/ln
.include <bsd.prog.mk>

3
distrib/special/mknod/Makefile
View file

@ -1,7 +1,6 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:20 kn Exp $
PROG= mknod
MAN= mknod.8 mkfifo.1
LINKS= ${BINDIR}/mknod ${BINDIR}/mkfifo
.PATH: ${.CURDIR}/../../../sbin/mknod

3
distrib/special/mount/Makefile
View file

@ -1,11 +1,10 @@
# $OpenBSD: Makefile,v 1.2 2023/07/23 23:21:19 kn Exp $
# $OpenBSD: Makefile,v 1.3 2023/08/14 08:56:21 kn Exp $
PROG= mount
SRCS= mount.c
COPTS+= -DSMALL
DPADD= ${LIBUTIL}
LDADD= -lutil
MAN= mount.8
.PATH: ${.CURDIR}/../../../sbin/mount
.include <bsd.prog.mk>

3
distrib/special/mount_cd9660/Makefile
View file

@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
PROG= mount_cd9660
SRCS= mount_cd9660.c getmntopts.c
MAN= mount_cd9660.8
MOUNT= ${.CURDIR}/../../../sbin/mount
CFLAGS+= -I${MOUNT}

3
distrib/special/mount_ext2fs/Makefile
View file

@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
PROG= mount_ext2fs
SRCS= mount_ext2fs.c getmntopts.c
MAN= mount_ext2fs.8
MOUNT= ${.CURDIR}/../../../sbin/mount
CFLAGS+= -I${MOUNT}

3
distrib/special/mount_ffs/Makefile
View file

@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
PROG= mount_ffs
SRCS= mount_ffs.c getmntopts.c
MAN= mount_ffs.8
MOUNT= ${.CURDIR}/../../../sbin/mount
CFLAGS+= -I${MOUNT}

3
distrib/special/mount_msdos/Makefile
View file

@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
PROG= mount_msdos
SRCS= mount_msdos.c getmntopts.c
MAN= mount_msdos.8
MOUNT= ${.CURDIR}/../../../sbin/mount
CFLAGS+= -I${MOUNT}

3
distrib/special/mount_nfs/Makefile
View file

@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
PROG= mount_nfs
SRCS= mount_nfs.c getmntopts.c
MAN= mount_nfs.8
MOUNT= ${.CURDIR}/../../../sbin/mount
CFLAGS+= -DNFS -I${MOUNT}

3
distrib/special/mount_udf/Makefile
View file

@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
PROG= mount_udf
SRCS= mount_udf.c getmntopts.c
MAN= mount_udf.8
MOUNT= ${.CURDIR}/../../../sbin/mount
CFLAGS+= -I${MOUNT}

3
distrib/special/newfs_ext2fs/Makefile
View file

@ -1,7 +1,6 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
PROG= newfs_ext2fs
SRCS= newfs_ext2fs.c mke2fs.c ext2fs_bswap.c
MAN= newfs_ext2fs.8
.PATH: ${.CURDIR}/../../../sys/ufs/ext2fs
DPADD+= ${LIBUTIL}

3
distrib/special/newfs_msdos/Makefile
View file

@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
# $FreeBSD: src/sbin/newfs_msdos/Makefile,v 1.2 1999/08/28 00:13:52 peter Exp $
PROG= newfs_msdos
MAN= newfs_msdos.8
DPADD= ${LIBUTIL}
LDADD= -lutil

5
distrib/special/pdisk/Makefile
View file

@ -1,4 +1,4 @@
# $Id: Makefile,v 1.10 2016/01/27 14:19:59 krw Exp $
# $Id: Makefile,v 1.11 2023/08/14 08:56:21 kn Exp $
.if ${MACHINE} == "macppc"
PROG= pdisk
@ -12,8 +12,5 @@ SRCS= dump.c file_media.c io.c partition_map.c pdisk.c
NOPROG=yes
.endif
MAN= pdisk.8
MANSUBDIR=macppc
.PATH: ${.CURDIR}/../../../sbin/pdisk
.include <bsd.prog.mk>

3
distrib/special/reboot/Makefile
View file

@ -1,9 +1,8 @@
# $OpenBSD: Makefile,v 1.2 2016/03/30 06:38:40 jmc Exp $
# $OpenBSD: Makefile,v 1.3 2023/08/14 08:56:21 kn Exp $
PROG= reboot
DPADD= ${LIBUTIL}
LDADD= -lutil
MAN= reboot.8
LINKS= ${BINDIR}/reboot ${BINDIR}/halt
.PATH: ${.CURDIR}/../../../sbin/reboot

4
distrib/special/resolvd/Makefile
View file

@ -1,10 +1,8 @@
# $OpenBSD: Makefile,v 1.3 2021/06/18 11:43:38 florian Exp $
# $OpenBSD: Makefile,v 1.4 2023/08/14 08:56:21 kn Exp $
PROG= resolvd
COPTS+= -DSMALL
.PATH: ${.CURDIR}/../../../sbin/resolvd
SRCS= resolvd.c
MAN=
.include <bsd.prog.mk>

3
distrib/special/route/Makefile
View file

@ -1,7 +1,6 @@
# $OpenBSD: Makefile,v 1.4 2017/10/17 19:31:56 naddy Exp $
# $OpenBSD: Makefile,v 1.5 2023/08/14 08:56:21 kn Exp $
PROG= route
MAN= route.8
SRCS= route.c show.c
CFLAGS+= -Wall -DSMALL

4
distrib/special/slaacd/Makefile
View file

@ -1,12 +1,10 @@
# $OpenBSD: Makefile,v 1.3 2021/03/20 16:36:52 kn Exp $
# $OpenBSD: Makefile,v 1.4 2023/08/14 08:56:21 kn Exp $
PROG= slaacd
COPTS+= -DSMALL
.PATH: ${.CURDIR}/../../../sbin/slaacd
SRCS= engine.c frontend.c slaacd.c
MAN=
YFLAGS=
LDADD+= -levent -lutil
DPADD+= ${LIBEVENT} ${LIBUTIL}

3
distrib/special/sync/Makefile
View file

@ -1,7 +1,6 @@
# $OpenBSD: Makefile,v 1.1 2014/12/23 17:16:03 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
PROG= sync
MAN= sync.8
.PATH: ${.CURDIR}/../../../bin/sync
.include <bsd.prog.mk>

3
distrib/special/umount/Makefile
View file

@ -1,7 +1,6 @@
# $OpenBSD: Makefile,v 1.1 2014/02/21 19:01:02 deraadt Exp $
# $OpenBSD: Makefile,v 1.2 2023/08/14 08:56:21 kn Exp $
PROG= umount
MAN= umount.8
CFLAGS+= -DNO_NFS
DPADD+= ${LIBUTIL}

4
lib/libc/arch/amd64/gen/Makefile.inc
View file

@ -1,6 +1,6 @@
# $OpenBSD: Makefile.inc,v 1.13 2020/07/06 13:33:05 pirofti Exp $
# $OpenBSD: Makefile.inc,v 1.14 2023/08/13 06:55:37 miod Exp $
SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.S nan.c setjmp.S \
SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.c nan.c setjmp.S \
sigsetjmp.S
SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c \
usertc.c

94
lib/libc/arch/amd64/gen/modf.S
View file

@ -1,94 +0,0 @@
/* $OpenBSD: modf.S,v 1.6 2018/07/03 23:14:05 mortimer Exp $ */
/* $NetBSD: modf.S,v 1.1 2001/06/19 00:25:03 fvdl Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
* All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Sean Eric Fagan.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* from: @(#)modf.s 5.5 (Berkeley) 3/18/91
*/
#include <machine/asm.h>
/*
* modf(value, iptr): return fractional part of value, and stores the
* integral part into iptr (a pointer to double).
*
* Written by Sean Eric Fagan (sef@kithrup.COM)
* Sun Mar 11 20:27:30 PST 1990
*/
/* With CHOP mode on, frndint behaves as TRUNC does. Useful. */
ENTRY(modf)
RETGUARD_SETUP(modf, r11)
/*
* Set chop mode.
*/
fnstcw -12(%rsp)
movw -12(%rsp),%dx
orw $3072,%dx
movw %dx,-16(%rsp)
fldcw -16(%rsp)
/*
* Get integral part.
*/
movsd %xmm0,-24(%rsp)
fldl -24(%rsp)
frndint
fstpl -8(%rsp)
/*
* Restore control word.
*/
fldcw -12(%rsp)
/*
* Store integral part.
*/
movsd -8(%rsp),%xmm0
movsd %xmm0,(%rdi)
/*
* Get fractional part and return it.
*/
fldl -24(%rsp)
fsubl -8(%rsp)
fstpl -8(%rsp)
movsd -8(%rsp),%xmm0
RETGUARD_CHECK(modf, r11)
ret
END(modf)

4
lib/libc/arch/i386/gen/Makefile.inc
View file

@ -1,7 +1,7 @@
# $OpenBSD: Makefile.inc,v 1.15 2020/07/06 13:33:05 pirofti Exp $
# $OpenBSD: Makefile.inc,v 1.16 2023/08/13 06:55:37 miod Exp $
SRCS+= _setjmp.S fabs.S infinity.c ldexp.c usertc.c \
modf.S nan.c setjmp.S sigsetjmp.S
modf.c nan.c setjmp.S sigsetjmp.S
SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c
SRCS+= flt_rounds.S fpgetmask.S fpgetround.S fpgetsticky.S fpsetmask.S \
fpsetround.S fpsetsticky.S

68
lib/libc/arch/i386/gen/modf.S
View file

@ -1,68 +0,0 @@
/* $OpenBSD: modf.S,v 1.7 2011/07/08 22:28:33 martynas Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
* All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Sean Eric Fagan.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <machine/asm.h>
/*
* modf(value, iptr): return fractional part of value, and stores the
* integral part into iptr (a pointer to double).
*
* Written by Sean Eric Fagan (sef@kithrup.COM)
* Sun Mar 11 20:27:30 PST 1990
*/
/* With CHOP mode on, frndint behaves as TRUNC does. Useful. */
ENTRY(modf)
pushl %ebp
movl %esp,%ebp
subl $16,%esp
fnstcw -12(%ebp)
movw -12(%ebp),%dx
orw $3072,%dx
movw %dx,-16(%ebp)
fldcw -16(%ebp)
fldl 8(%ebp)
frndint
fstpl -8(%ebp)
fldcw -12(%ebp)
movl 16(%ebp),%eax
movl -8(%ebp),%edx
movl -4(%ebp),%ecx
movl %edx,(%eax)
movl %ecx,4(%eax)
fldl 8(%ebp)
fsubl -8(%ebp)
jmp L1
L1:
leave
ret

4
lib/libc/arch/mips64/gen/Makefile.inc
View file

@ -1,6 +1,6 @@
# $OpenBSD: Makefile.inc,v 1.13 2020/07/06 13:33:05 pirofti Exp $
# $OpenBSD: Makefile.inc,v 1.14 2023/08/13 06:55:37 miod Exp $
SRCS+= _setjmp.S fabs.S infinity.c ldexp.S modf.S nan.c usertc.c
SRCS+= _setjmp.S fabs.S infinity.c ldexp.S modf.c nan.c usertc.c
SRCS+= flt_rounds.c fpgetmask.c fpgetround.c fpgetsticky.c fpsetmask.c \
fpsetround.c fpsetsticky.c
SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c

71
lib/libc/arch/mips64/gen/modf.S
View file

@ -1,71 +0,0 @@
/* $OpenBSD: modf.S,v 1.5 2011/07/08 22:28:33 martynas Exp $ */
/*-
* Copyright (c) 1991, 1993, 1995
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Ralph Campbell.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <machine/asm.h>
/*
* double modf(val, iptr)
* double val, *iptr;
* returns: xxx and n (in *iptr) where val == n.xxx
*/
LEAF(modf, 0)
.set reorder
cfc1 t0, $31 # get the control register
li.d $f2, 4503599627370496e0 # f2 <- 2^52
or t1, t0, 0x3 # set rounding mode to round to zero
xor t1, t1, 0x2 # (i.e., 01)
ctc1 t1, $31
mov.d $f0, $f12 # f0 <- f12
abs.d $f4, $f12 # f4 <- |f12|
c.olt.d $f4, $f2 # f4 ? < f2
bc1f 1f # leave f0 alone if Nan, infinity
# or >=2^52
c.eq.d $f12,$f4 # was f12 positive ?
add.d $f4,$f2,$f4 # round off to integer
bc1f 2f # No -> will have to negate result
sub.d $f0,$f4,$f2 # Remove fudge factor
j 1f # integer fraction got
2:
sub.d $f0,$f2,$f4 # Remove fudge factor and negate
1:
ctc1 t0, $31 # restore old rounding mode
#ifdef __mips64
s.d $f0, 0(a1) # save the integer part
#else
s.d $f0, 0(a2) # save the integer part
#endif
sub.d $f0, $f12, $f0 # subtract val - integer part
j ra
END(modf)

4
lib/libc/arch/sparc64/gen/Makefile.inc
View file

@ -1,9 +1,9 @@
# $OpenBSD: Makefile.inc,v 1.16 2020/07/08 09:20:28 kettenis Exp $
# $OpenBSD: Makefile.inc,v 1.17 2023/08/13 06:55:37 miod Exp $
SRCS+= _setjmp.S fabs.S fixunsdfsi.S flt_rounds.c fpclassifyl.c \
fpgetmask.c fpgetround.c fpgetsticky.c fpsetmask.c \
fpsetround.c fpsetsticky.c infinity.c isfinitel.c \
isinfl.c isnanl.c isnormall.c ldexp.c usertc.c modf.S \
isinfl.c isnanl.c isnormall.c ldexp.c usertc.c modf.c \
mul.S nan.c setjmp.S signbitl.c sigsetjmp.S umul.S
CFLAGS += -Wa,-Av9b

188
lib/libc/arch/sparc64/gen/modf.S
View file

@ -1,188 +0,0 @@
/* $OpenBSD: modf.S,v 1.7 2023/01/13 17:52:08 miod Exp $ */
/* $NetBSD: modf.S,v 1.3 2000/11/01 23:32:41 eeh Exp $ */
/*
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* This software was developed by the Computer Systems Engineering group
* at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and
* contributed to Berkeley.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <machine/asm.h>
#include <machine/fsr.h>
/*
* double modf(double val, double *iptr)
*
* Returns the fractional part of `val', storing the integer part of
* `val' in *iptr. Both *iptr and the return value have the same sign
* as `val'.
*
* Method:
*
* We use the fpu's normalization hardware to compute the integer portion
* of the double precision argument. Sun IEEE double precision numbers
* have 52 bits of mantissa, 11 bits of exponent, and one bit of sign,
* with the sign occupying bit 31 of word 0, and the exponent bits 30:20
* of word 0. Thus, values >= 2^52 are by definition integers.
*
* If we take a value that is in the range [+0..2^52) and add 2^52, all
* of the fractional bits fall out and all of the integer bits are summed
* with 2^52. If we then subtract 2^52, we get those integer bits back.
* This must be done with rounding set to `towards 0' or `towards -inf'.
* `Toward -inf' fails when the value is 0 (we get -0 back)....
*
* Note that this method will work anywhere, but is machine dependent in
* various aspects.
*
* Stack usage:
* 4@[%fp + BIAS - 4] saved %fsr
* 4@[%fp + BIAS - 8] new %fsr with rounding set to `towards 0'
* 8@[%fp + BIAS - 16] space for moving between %i and %f registers
* Register usage:
* %f0:f1 double val;
* %l0 scratch
* %l1 sign bit (0x80000000)
* %i1 double *iptr;
* %f2:f3 `magic number' 2^52, in fpu registers
* %f4:f5 double v, in fpu registers
* %f6:f7 double temp.
*/
.section .rodata
.align 8
Lmagic:
.word 0x43300000 ! sign = 0, exponent = 52 + 1023, mantissa = 0
.word 0 ! (i.e., .double 0r4503599627370496e+00)
L0:
.word 0 ! 0.0
.word 0
.text
ENTRY(modf)
save %sp, -CC64FSZ-16, %sp
#ifdef __PIC__
PIC_PROLOGUE(%o5, %o4)
#endif
/*
* First, compute v = abs(val)
*/
fabsd %f0, %f4 ! %f4:f5 = v
fcmped %fcc1, %f0, %f4 ! %fcc1 = (val == abs(val))
#ifdef __PIC__
set Lmagic, %o4
ldx [%o5 + %o4], %l0
ldd [%l0], %f2
#else
sethi %hi(Lmagic), %l0
ldd [%l0 + %lo(Lmagic)], %f2
#endif
/*
* Is %f4:f5 >= %f2:f3 ? If so, it is all integer bits.
* It is probably less, though.
*/
fcmped %f4, %f2
fbuge Lbig ! if >= (or unordered), go out
nop
/*
* v < 2^52, so add 2^52, then subtract 2^52, but do it all
* with rounding set towards zero. We leave any enabled
* traps enabled, but change the rounding mode. This might
* not be so good. Oh well....
*/
st %fsr, [%fp + BIAS - 4] ! %l5 = current FSR mode
set FSR_RD, %l3 ! %l3 = rounding direction mask
ld [%fp + BIAS - 4], %l5
set FSR_RD_RZ << FSR_RD_SHIFT, %l4
andn %l5, %l3, %l6
or %l6, %l4, %l6 ! round towards zero, please
and %l5, %l3, %l5 ! save original rounding mode
st %l6, [%fp + BIAS - 8]
ld [%fp + BIAS - 8], %fsr
faddd %f4, %f2, %f4 ! %f4:f5 += 2^52
fsubd %f4, %f2, %f4 ! %f4:f5 -= 2^52
/*
* Restore %fsr, but leave exceptions accrued.
*/
st %fsr, [%fp + BIAS - 4]
ld [%fp + BIAS - 4], %l6
andn %l6, %l3, %l6 ! %l6 = %fsr & ~FSR_RD;
or %l5, %l6, %l5 ! %l5 |= %l6;
st %l5, [%fp + BIAS - 4]
ld [%fp + BIAS - 4], %fsr ! restore %fsr, leaving accrued stuff
/*
* Now insert the original sign in %f4:f5.
* %fcc1 should still have the reults of (val == abs(val))
* from above, so we use a conditional move on %fcc1 to:
*
* %f4 = (val == abs(val)) ? %f4 : -%f4
*
*/
fnegd %f4, %f6
fmovdnz %fcc1, %f6, %f4
1:
/*
* The value in %f4:f5 is now the integer portion of the original
* argument. We need to store this in *ival (%i1), subtract it
* from the original value argument (%d0), and return the result.
*/
std %f4, [%i1] ! *ival = %f4:f5;
fsubd %f0, %f4, %f0 ! %f0:f1 -= %f4:f5;
ret
restore
Lbig:
/*
* We get here if the original comparison of %f4:f5 (v) to
* %f2:f3 (2^52) came out `greater or unordered'. In this
* case the integer part is the original value, and the
* fractional part is 0.
*/
#ifdef __PIC__
set L0, %o4
ldx [%o5 + %o4], %l0
std %f0, [%i1] ! *ival = val;
ldd [%l0], %f0 ! return 0.0;
#else
sethi %hi(L0), %l0
std %f0, [%i1] ! *ival = val;
ldd [%l0 + %lo(L0)], %f0 ! return 0.0;
#endif
ret
restore

10
lib/libc/gen/modf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: modf.c,v 1.6 2013/07/03 04:46:36 espie Exp $ */
/* $OpenBSD: modf.c,v 1.7 2023/08/13 06:55:37 miod Exp $ */
/* $NetBSD: modf.c,v 1.1 1995/02/10 17:50:25 cgd Exp $ */
/*
@ -51,11 +51,13 @@ modf(double val, double *iptr)
u_int64_t frac;
/*
* If input is Inf or NaN, return it and leave i alone.
* If input is +/-Inf or NaN, return +/-0 or NaN.
*/
u.v = val;
if (u.s.dbl_exp == DBL_EXP_INFNAN)
return (u.v);
if (u.s.dbl_exp == DBL_EXP_INFNAN) {
*iptr = u.v;
return (0.0 / u.v);
}
/*
* If input can't have a fractional part, return

69
lib/libc/sys/kqueue.2
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: kqueue.2,v 1.47 2022/10/22 06:27:46 jmc Exp $
.\" $OpenBSD: kqueue.2,v 1.49 2023/08/13 10:23:26 jmc Exp $
.\"
.\" Copyright (c) 2000 Jonathan Lemon
.\" All rights reserved.
@ -26,7 +26,7 @@
.\"
.\" $FreeBSD: src/lib/libc/sys/kqueue.2,v 1.18 2001/02/14 08:48:35 guido Exp $
.\"
.Dd $Mdocdate: October 22 2022 $
.Dd $Mdocdate: August 13 2023 $
.Dt KQUEUE 2
.Os
.Sh NAME
@ -457,17 +457,71 @@ Establishes an arbitrary timer identified by
.Fa ident .
When adding a timer,
.Fa data
specifies the timeout period in milliseconds.
The timer will be periodic unless
specifies the timeout period in units described below or, if
.Dv NOTE_ABSTIME
is set in
.Va fflags ,
the absolute time at which the timer should fire.
The timer will repeat unless
.Dv EV_ONESHOT
is specified.
is set in
.Va flags
or
.Dv NOTE_ABSTIME
is set in
.Va fflags .
On return,
.Fa data
contains the number of times the timeout has expired since the last call to
.Fn kevent .
This filter automatically sets the
This filter automatically sets
.Dv EV_CLEAR
flag internally.
in
.Va flags
for periodic timers.
Timers created with
.Dv NOTE_ABSTIME
remain activated on the kqueue once the absolute time has passed unless
.Dv EV_CLEAR
or
.Dv EV_ONESHOT
are also specified.
.Pp
The filter accepts the following flags in the
.Va fflags
argument:
.Bl -tag -width NOTE_MSECONDS
.It Dv NOTE_SECONDS
The timer value in
.Va data
is expressed in seconds.
.It Dv NOTE_MSECONDS
The timer value in
.Va data
is expressed in milliseconds.
.It Dv NOTE_USECONDS
The timer value in
.Va data
is expressed in microseconds.
.It Dv NOTE_NSECONDS
The timer value in
.Va data
is expressed in nanoseconds.
.It Dv NOTE_ABSTIME
The timer value is an absolute time with
.Dv CLOCK_REALTIME
as the reference clock.
.El
.Pp
Note that
.Dv NOTE_SECONDS ,
.Dv NOTE_MSECONDS ,
.Dv NOTE_USECONDS ,
and
.Dv NOTE_NSECONDS
are mutually exclusive; behavior is undefined if more than one are specified.
If a timer value unit is not specified, the default is
.Dv NOTE_MSECONDS .
.Pp
If an existing timer is re-added, the existing timer and related pending events
will be cancelled.
@ -558,6 +612,7 @@ No memory was available to register the event.
The specified process to attach to does not exist.
.El
.Sh SEE ALSO
.Xr clock_gettime 2 ,
.Xr poll 2 ,
.Xr read 2 ,
.Xr select 2 ,

6
lib/libc/sys/recv.2
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: recv.2,v 1.50 2022/09/09 16:48:25 jmc Exp $
.\" $OpenBSD: recv.2,v 1.51 2023/08/17 05:45:51 jmc Exp $
.\" $NetBSD: recv.2,v 1.6 1995/02/27 12:36:08 cgd Exp $
.\"
.\" Copyright (c) 1983, 1990, 1991, 1993
@ -30,7 +30,7 @@
.\"
.\" @(#)recv.2 8.3 (Berkeley) 2/21/94
.\"
.Dd $Mdocdate: September 9 2022 $
.Dd $Mdocdate: August 17 2023 $
.Dt RECV 2
.Os
.Sh NAME
@ -61,7 +61,7 @@ are used to receive messages from a socket,
is normally used only on a
.Em connected
socket (see
.Xr connect 2 ).
.Xr connect 2 ) .
.Fn recvfrom ,
.Fn recvmsg ,
and

12
lib/libcrypto/asn1/a_string.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: a_string.c,v 1.14 2023/07/05 21:23:36 beck Exp $ */
/* $OpenBSD: a_string.c,v 1.17 2023/08/15 18:05:15 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -119,10 +119,12 @@ ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
return -1;
if ((cmp = (a->length - b->length)) != 0)
return cmp;
if ((cmp = memcmp(a->data, b->data, a->length)) != 0)
return cmp;
if (a->length != 0) {
if ((cmp = memcmp(a->data, b->data, a->length)) != 0)
return cmp;
}
return (a->type - b->type);
return a->type - b->type;
}
LCRYPTO_ALIAS(ASN1_STRING_cmp);
@ -184,7 +186,7 @@ ASN1_STRING_set(ASN1_STRING *astr, const void *_data, int len)
if ((astr->data = calloc(1, len + 1)) == NULL) {
ASN1error(ERR_R_MALLOC_FAILURE);
return (0);
return 0;
}
astr->length = len;

33
lib/libcrypto/crypto_internal.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: crypto_internal.h,v 1.6 2023/05/27 09:18:17 jsing Exp $ */
/* $OpenBSD: crypto_internal.h,v 1.7 2023/08/15 08:39:27 jsing Exp $ */
/*
* Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
*
@ -87,6 +87,37 @@ crypto_store_htobe64(uint8_t *dst, uint64_t v)
}
#endif
/*
* crypto_load_le32toh() loads a 32 bit unsigned little endian value as a 32 bit
* unsigned host endian value, from the specified address in memory. The memory
* address may have any alignment.
*/
#ifndef HAVE_CRYPTO_LOAD_BE32TOH
static inline uint32_t
crypto_load_le32toh(const uint8_t *src)
{
uint32_t v;
memcpy(&v, src, sizeof(v));
return le32toh(v);
}
#endif
/*
* crypto_store_htole32() stores a 32 bit unsigned host endian value as a 32 bit
* unsigned little endian value, at the specified address in memory. The memory
* address may have any alignment.
*/
#ifndef HAVE_CRYPTO_STORE_HTOBE32
static inline void
crypto_store_htole32(uint8_t *dst, uint32_t v)
{
v = htole32(v);
memcpy(dst, &v, sizeof(v));
}
#endif
#ifndef HAVE_CRYPTO_ROL_U32
static inline uint32_t
crypto_rol_u32(uint32_t v, size_t shift)

234
lib/libcrypto/dh/dh_ameth.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dh_ameth.c,v 1.33 2023/08/10 16:57:15 tb Exp $ */
/* $OpenBSD: dh_ameth.c,v 1.39 2023/08/12 07:59:48 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@ -70,7 +70,7 @@
#include "evp_local.h"
static void
int_dh_free(EVP_PKEY *pkey)
dh_free(EVP_PKEY *pkey)
{
DH_free(pkey->pkey.dh);
}
@ -78,83 +78,86 @@ int_dh_free(EVP_PKEY *pkey)
static int
dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
const unsigned char *p, *pm;
int pklen, pmlen;
X509_ALGOR *algor;
int ptype;
const void *pval;
const ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *public_key = NULL;
const ASN1_STRING *astr;
const unsigned char *key, *params, *p;
int key_len, params_len;
ASN1_INTEGER *aint = NULL;
DH *dh = NULL;
int ret = 0;
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if (!X509_PUBKEY_get0_param(NULL, &key, &key_len, &algor, pubkey))
goto err;
X509_ALGOR_get0(NULL, &ptype, &pval, algor);
if (ptype != V_ASN1_SEQUENCE) {
DHerror(DH_R_PARAMETER_ENCODING_ERROR);
goto err;
}
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
astr = pval;
params = astr->data;
params_len = astr->length;
if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
p = params;
if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
DHerror(DH_R_DECODE_ERROR);
goto err;
}
if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
p = key;
if ((aint = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
DHerror(DH_R_DECODE_ERROR);
goto err;
}
/* We have parameters now set public key */
if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
BN_free(dh->pub_key);
if ((dh->pub_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
DHerror(DH_R_BN_DECODE_ERROR);
goto err;
}
ASN1_INTEGER_free(public_key);
EVP_PKEY_assign_DH(pkey, dh);
return 1;
if (!EVP_PKEY_assign_DH(pkey, dh))
goto err;
dh = NULL;
err:
if (public_key)
ASN1_INTEGER_free(public_key);
ret = 1;
err:
ASN1_INTEGER_free(aint);
DH_free(dh);
return 0;
return ret;
}
static int
dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
const DH *dh = pkey->pkey.dh;
ASN1_STRING *params = NULL;
ASN1_STRING *astr = NULL;
int ptype = V_ASN1_SEQUENCE;
ASN1_INTEGER *key = NULL;
ASN1_INTEGER *aint = NULL;
ASN1_OBJECT *aobj;
unsigned char *params_der = NULL, *key_der = NULL;
unsigned char *params = NULL, *key = NULL;
int params_len = 0, key_len = 0;
int ret = 0;
if ((params_len = i2d_DHparams(dh, &params_der)) <= 0) {
if ((params_len = i2d_DHparams(dh, &params)) <= 0) {
DHerror(ERR_R_MALLOC_FAILURE);
params_len = 0;
goto err;
}
if ((params = ASN1_STRING_new()) == NULL) {
if ((astr = ASN1_STRING_new()) == NULL) {
DHerror(ERR_R_MALLOC_FAILURE);
goto err;
}
ASN1_STRING_set0(params, params_der, params_len);
params_der = NULL;
ASN1_STRING_set0(astr, params, params_len);
params = NULL;
params_len = 0;
if ((key = BN_to_ASN1_INTEGER(dh->pub_key, NULL)) == NULL)
if ((aint = BN_to_ASN1_INTEGER(dh->pub_key, NULL)) == NULL)
goto err;
if ((key_len = i2d_ASN1_INTEGER(key, &key_der)) <= 0) {
if ((key_len = i2d_ASN1_INTEGER(aint, &key)) <= 0) {
DHerror(ERR_R_MALLOC_FAILURE);
key_len = 0;
goto err;
@ -162,19 +165,19 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
if ((aobj = OBJ_nid2obj(EVP_PKEY_DH)) == NULL)
goto err;
if (!X509_PUBKEY_set0_param(pk, aobj, ptype, params, key_der, key_len))
if (!X509_PUBKEY_set0_param(pk, aobj, ptype, astr, key, key_len))
goto err;
params = NULL;
key_der = NULL;
astr = NULL;
key = NULL;
key_len = 0;
ret = 1;
err:
ASN1_STRING_free(params);
ASN1_INTEGER_free(key);
freezero(params_der, params_len);
freezero(key_der, key_len);
ASN1_STRING_free(astr);
ASN1_INTEGER_free(aint);
freezero(params, params_len);
freezero(key, key_len);
return ret;
}
@ -188,84 +191,90 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
static int
dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p, *pm;
int pklen, pmlen;
const X509_ALGOR *algor;
int ptype;
const void *pval;
const ASN1_STRING *pstr;
const X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
const ASN1_STRING *astr;
const unsigned char *key, *params, *p;
int key_len, params_len;
ASN1_INTEGER *aint = NULL;
DH *dh = NULL;
int ret = 0;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
return 0;
if (!PKCS8_pkey_get0(NULL, &key, &key_len, &algor, p8))
goto err;
X509_ALGOR_get0(NULL, &ptype, &pval, algor);
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if (ptype != V_ASN1_SEQUENCE)
goto decerr;
if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
goto decerr;
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
goto decerr;
/* We have parameters now set private key */
if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
DHerror(DH_R_BN_ERROR);
goto dherr;
if (ptype != V_ASN1_SEQUENCE) {
DHerror(DH_R_PARAMETER_ENCODING_ERROR);
goto err;
}
astr = pval;
params = astr->data;
params_len = astr->length;
p = params;
if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
DHerror(DH_R_DECODE_ERROR);
goto err;
}
p = key;
if ((aint = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
DHerror(DH_R_DECODE_ERROR);
goto err;
}
BN_free(dh->priv_key);
if ((dh->priv_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
DHerror(DH_R_BN_DECODE_ERROR);
goto err;
}
/* Calculate public key */
if (!DH_generate_key(dh))
goto dherr;
goto err;
EVP_PKEY_assign_DH(pkey, dh);
if (!EVP_PKEY_assign_DH(pkey, dh))
goto err;
dh = NULL;
ASN1_INTEGER_free(privkey);
ret = 1;
return 1;
decerr:
DHerror(EVP_R_DECODE_ERROR);
dherr:
ASN1_INTEGER_free(privkey);
err:
ASN1_INTEGER_free(aint);
DH_free(dh);
return 0;
return ret;
}
static int
dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
const DH *dh = pkey->pkey.dh;
ASN1_STRING *params = NULL;
ASN1_STRING *astr = NULL;
int ptype = V_ASN1_SEQUENCE;
ASN1_INTEGER *key = NULL;
ASN1_INTEGER *aint = NULL;
ASN1_OBJECT *aobj;
unsigned char *params_der = NULL, *key_der = NULL;
unsigned char *params = NULL, *key = NULL;
int params_len = 0, key_len = 0;
int ret = 0;
if ((params_len = i2d_DHparams(dh, &params_der)) <= 0) {
if ((params_len = i2d_DHparams(dh, &params)) <= 0) {
DHerror(ERR_R_MALLOC_FAILURE);
params_len = 0;
goto err;
}
if ((params = ASN1_STRING_type_new(V_ASN1_SEQUENCE)) == NULL) {
if ((astr = ASN1_STRING_type_new(V_ASN1_SEQUENCE)) == NULL) {
DHerror(ERR_R_MALLOC_FAILURE);
goto err;
}
ASN1_STRING_set0(params, params_der, params_len);
params_der = NULL;
ASN1_STRING_set0(astr, params, params_len);
params = NULL;
params_len = 0;
if ((key = BN_to_ASN1_INTEGER(dh->priv_key, NULL)) == NULL) {
if ((aint = BN_to_ASN1_INTEGER(dh->priv_key, NULL)) == NULL) {
DHerror(DH_R_BN_ERROR);
goto err;
}
if ((key_len = i2d_ASN1_INTEGER(key, &key_der)) <= 0) {
if ((key_len = i2d_ASN1_INTEGER(aint, &key)) <= 0) {
DHerror(ERR_R_MALLOC_FAILURE);
key_len = 0;
goto err;
@ -273,40 +282,49 @@ dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
if ((aobj = OBJ_nid2obj(NID_dhKeyAgreement)) == NULL)
goto err;
if (!PKCS8_pkey_set0(p8, aobj, 0, ptype, params, key_der, key_len))
if (!PKCS8_pkey_set0(p8, aobj, 0, ptype, astr, key, key_len))
goto err;
params = NULL;
key_der = NULL;
astr = NULL;
key = NULL;
key_len = 0;
ret = 1;
err:
ASN1_STRING_free(params);
ASN1_INTEGER_free(key);
freezero(params_der, params_len);
freezero(key_der, key_len);
ASN1_STRING_free(astr);
ASN1_INTEGER_free(aint);
freezero(params, params_len);
freezero(key, key_len);
return ret;
}
static int
dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
dh_param_decode(EVP_PKEY *pkey, const unsigned char **params, int params_len)
{
DH *dh;
DH *dh = NULL;
int ret = 0;
if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
if ((dh = d2i_DHparams(NULL, params, params_len)) == NULL) {
DHerror(ERR_R_DH_LIB);
return 0;
goto err;
}
EVP_PKEY_assign_DH(pkey, dh);
return 1;
if (!EVP_PKEY_assign_DH(pkey, dh))
goto err;
dh = NULL;
ret = 1;
err:
DH_free(dh);
return ret;
}
static int
dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
dh_param_encode(const EVP_PKEY *pkey, unsigned char **params)
{
return i2d_DHparams(pkey->pkey.dh, pder);
return i2d_DHparams(pkey->pkey.dh, params);
}
static int
@ -370,7 +388,7 @@ do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype)
}
static int
int_dh_size(const EVP_PKEY *pkey)
dh_size(const EVP_PKEY *pkey)
{
return DH_size(pkey->pkey.dh);
}
@ -416,11 +434,11 @@ dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
}
static int
dh_missing_parameters(const EVP_PKEY *a)
dh_missing_parameters(const EVP_PKEY *pkey)
{
if (!a->pkey.dh->p || !a->pkey.dh->g)
return 1;
return 0;
const DH *dh = pkey->pkey.dh;
return dh->p == NULL || dh->g == NULL;
}
static int
@ -520,7 +538,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
.priv_encode = dh_priv_encode,
.priv_print = dh_private_print,
.pkey_size = int_dh_size,
.pkey_size = dh_size,
.pkey_bits = dh_bits,
.pkey_security_bits = dh_security_bits,
@ -531,7 +549,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
.param_cmp = dh_cmp_parameters,
.param_print = dh_param_print,
.pkey_free = int_dh_free,
.pkey_free = dh_free,
.pkey_check = NULL,
.pkey_public_check = dh_pkey_public_check,

95
lib/libcrypto/dh/dh_lib.c
View file

@ -1,25 +1,25 @@
/* $OpenBSD: dh_lib.c,v 1.39 2023/07/08 15:29:03 beck Exp $ */
/* $OpenBSD: dh_lib.c,v 1.41 2023/08/13 12:09:14 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@ -96,19 +96,19 @@ DH_set_method(DH *dh, const DH_METHOD *meth)
* NB: The caller is specifically setting a method, so it's not up to us
* to deal with which ENGINE it comes from.
*/
const DH_METHOD *mtmp;
const DH_METHOD *mtmp;
mtmp = dh->meth;
if (mtmp->finish)
mtmp = dh->meth;
if (mtmp->finish)
mtmp->finish(dh);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(dh->engine);
dh->engine = NULL;
#endif
dh->meth = meth;
if (meth->init)
dh->meth = meth;
if (meth->init)
meth->init(dh);
return 1;
return 1;
}
LCRYPTO_ALIAS(DH_set_method);
@ -122,61 +122,46 @@ LCRYPTO_ALIAS(DH_new);
DH *
DH_new_method(ENGINE *engine)
{
DH *ret;
DH *dh;
ret = malloc(sizeof(DH));
if (ret == NULL) {
if ((dh = calloc(1, sizeof(*dh))) == NULL) {
DHerror(ERR_R_MALLOC_FAILURE);
return NULL;
goto err;
}
ret->meth = DH_get_default_method();
dh->meth = DH_get_default_method();
dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
dh->references = 1;
#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (engine != NULL) {
if (!ENGINE_init(engine)) {
DHerror(ERR_R_ENGINE_LIB);
free(ret);
return NULL;
goto err;
}
ret->engine = engine;
dh->engine = engine;
} else
ret->engine = ENGINE_get_default_DH();
if(ret->engine) {
ret->meth = ENGINE_get_DH(ret->engine);
if (ret->meth == NULL) {
dh->engine = ENGINE_get_default_DH();
if (dh->engine != NULL) {
if ((dh->meth = ENGINE_get_DH(dh->engine)) == NULL) {
DHerror(ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
free(ret);
return NULL;
goto err;
}
dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
}
#endif
ret->pad = 0;
ret->version = 0;
ret->p = NULL;
ret->g = NULL;
ret->length = 0;
ret->pub_key = NULL;
ret->priv_key = NULL;
ret->q = NULL;
ret->j = NULL;
ret->seed = NULL;
ret->seedlen = 0;
ret->counter = NULL;
ret->method_mont_p=NULL;
ret->references = 1;
ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
if (ret->meth->init != NULL && !ret->meth->init(ret)) {
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ret->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
free(ret);
ret = NULL;
}
return ret;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data))
goto err;
if (dh->meth->init != NULL && !dh->meth->init(dh))
goto err;
return dh;
err:
DH_free(dh);
return NULL;
}
LCRYPTO_ALIAS(DH_new_method);
@ -191,7 +176,7 @@ DH_free(DH *r)
if (i > 0)
return;
if (r->meth->finish)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);

266
lib/libcrypto/dsa/dsa_ameth.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dsa_ameth.c,v 1.46 2023/08/10 16:57:15 tb Exp $ */
/* $OpenBSD: dsa_ameth.c,v 1.55 2023/08/12 07:59:48 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@ -75,31 +75,32 @@
static int
dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
const unsigned char *p, *pm;
int pklen, pmlen;
X509_ALGOR *algor;
int ptype;
const void *pval;
const ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *public_key = NULL;
const ASN1_STRING *astr;
const unsigned char *key, *params, *p;
int key_len, params_len;
ASN1_INTEGER *aint = NULL;
DSA *dsa = NULL;
int ret = 0;
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if (!X509_PUBKEY_get0_param(NULL, &key, &key_len, &algor, pubkey))
goto err;
X509_ALGOR_get0(NULL, &ptype, &pval, algor);
if (ptype == V_ASN1_SEQUENCE) {
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
astr = pval;
params = astr->data;
params_len = astr->length;
if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
p = params;
if ((dsa = d2i_DSAparams(NULL, &p, params_len)) == NULL) {
DSAerror(DSA_R_DECODE_ERROR);
goto err;
}
} else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) {
if (!(dsa = DSA_new())) {
if ((dsa = DSA_new()) == NULL) {
DSAerror(ERR_R_MALLOC_FAILURE);
goto err;
}
@ -108,12 +109,13 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
goto err;
}
if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) {
p = key;
if ((aint = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
DSAerror(DSA_R_DECODE_ERROR);
goto err;
}
if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
BN_free(dsa->pub_key);
if ((dsa->pub_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
DSAerror(DSA_R_BN_DECODE_ERROR);
goto err;
}
@ -124,50 +126,52 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
goto err;
}
ASN1_INTEGER_free(public_key);
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
if (!EVP_PKEY_assign_DSA(pkey, dsa))
goto err;
dsa = NULL;
err:
if (public_key)
ASN1_INTEGER_free(public_key);
ret = 1;
err:
ASN1_INTEGER_free(aint);
DSA_free(dsa);
return 0;
return ret;
}
static int
dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
const DSA *dsa = pkey->pkey.dsa;
ASN1_STRING *params = NULL;
ASN1_STRING *astr = NULL;
int ptype = V_ASN1_UNDEF;
ASN1_INTEGER *key = NULL;
ASN1_INTEGER *aint = NULL;
ASN1_OBJECT *aobj;
unsigned char *params_der = NULL, *key_der = NULL;
unsigned char *params = NULL, *key = NULL;
int params_len = 0, key_len = 0;
int ret = 0;
if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
if ((params_len = i2d_DSAparams(dsa, &params_der)) <= 0) {
if (pkey->save_parameters > 0 && !EVP_PKEY_missing_parameters(pkey)) {
if ((params_len = i2d_DSAparams(dsa, &params)) <= 0) {
DSAerror(ERR_R_MALLOC_FAILURE);
params_len = 0;
goto err;
}
if ((params = ASN1_STRING_new()) == NULL) {
if ((astr = ASN1_STRING_new()) == NULL) {
DSAerror(ERR_R_MALLOC_FAILURE);
goto err;
}
ASN1_STRING_set0(params, params_der, params_len);
params_der = NULL;
ASN1_STRING_set0(astr, params, params_len);
params = NULL;
params_len = 0;
ptype = V_ASN1_SEQUENCE;
}
if ((key = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) {
if ((aint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) {
DSAerror(ERR_R_MALLOC_FAILURE);
goto err;
}
if ((key_len = i2d_ASN1_INTEGER(key, &key_der)) <= 0) {
if ((key_len = i2d_ASN1_INTEGER(aint, &key)) <= 0) {
DSAerror(ERR_R_MALLOC_FAILURE);
key_len = 0;
goto err;
@ -175,98 +179,104 @@ dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
if ((aobj = OBJ_nid2obj(EVP_PKEY_DSA)) == NULL)
goto err;
if (!X509_PUBKEY_set0_param(pk, aobj, ptype, params, key_der, key_len))
if (!X509_PUBKEY_set0_param(pk, aobj, ptype, astr, key, key_len))
goto err;
params = NULL;
key_der = NULL;
astr = NULL;
key = NULL;
key_len = 0;
ret = 1;
err:
ASN1_STRING_free(params);
ASN1_INTEGER_free(key);
freezero(params_der, params_len);
freezero(key_der, key_len);
ASN1_STRING_free(astr);
ASN1_INTEGER_free(aint);
freezero(params, params_len);
freezero(key, key_len);
return ret;
}
/* In PKCS#8 DSA: you just get a private key integer and parameters in the
/*
* In PKCS#8 DSA: you just get a private key integer and parameters in the
* AlgorithmIdentifier the pubkey must be recalculated.
*/
static int
dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p, *pm;
int pklen, pmlen;
const X509_ALGOR *algor;
int ptype;
const void *pval;
const ASN1_STRING *pstr;
const X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
const ASN1_STRING *astr;
const unsigned char *key, *params, *p;
int key_len, params_len;
ASN1_INTEGER *aint = NULL;
BN_CTX *ctx = NULL;
DSA *dsa = NULL;
int ret = 0;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if (ptype != V_ASN1_SEQUENCE)
goto decerr;
if (!PKCS8_pkey_get0(NULL, &key, &key_len, &algor, p8))
goto err;
X509_ALGOR_get0(NULL, &ptype, &pval, algor);
if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
goto decerr;
if (privkey->type == V_ASN1_NEG_INTEGER)
goto decerr;
if (ptype != V_ASN1_SEQUENCE) {
DSAerror(DSA_R_PARAMETER_ENCODING_ERROR);
goto err;
}
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
goto decerr;
/* We have parameters now set private key */
if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
DSAerror(DSA_R_BN_ERROR);
goto dsaerr;
astr = pval;
params = astr->data;
params_len = astr->length;
p = params;
if ((dsa = d2i_DSAparams(NULL, &p, params_len)) == NULL) {
DSAerror(DSA_R_DECODE_ERROR);
goto err;
}
p = key;
if ((aint = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
DSAerror(DSA_R_DECODE_ERROR);
goto err;
}
BN_free(dsa->priv_key);
if ((dsa->priv_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
DSAerror(DSA_R_BN_DECODE_ERROR);
goto err;
}
/* Check the key for basic consistency before doing expensive things. */
if (!dsa_check_key(dsa))
goto dsaerr;
goto err;
/* Calculate public key */
if (!(dsa->pub_key = BN_new())) {
BN_free(dsa->pub_key);
if ((dsa->pub_key = BN_new()) == NULL) {
DSAerror(ERR_R_MALLOC_FAILURE);
goto dsaerr;
goto err;
}
if ((ctx = BN_CTX_new()) == NULL) {
DSAerror(ERR_R_MALLOC_FAILURE);
goto dsaerr;
goto err;
}
BN_CTX_start(ctx);
if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
DSAerror(DSA_R_BN_ERROR);
goto dsaerr;
goto err;
}
if (!EVP_PKEY_assign_DSA(pkey, dsa))
goto decerr;
goto err;
dsa = NULL;
ret = 1;
goto done;
decerr:
DSAerror(DSA_R_DECODE_ERROR);
dsaerr:
err:
DSA_free(dsa);
done:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
ASN1_INTEGER_free(privkey);
ASN1_INTEGER_free(aint);
return ret;
}
@ -275,32 +285,32 @@ static int
dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
const DSA *dsa = pkey->pkey.dsa;
ASN1_STRING *params = NULL;
ASN1_STRING *astr = NULL;
int ptype = V_ASN1_SEQUENCE;
ASN1_INTEGER *key = NULL;
ASN1_INTEGER *aint = NULL;
ASN1_OBJECT *aobj;
unsigned char *params_der = NULL, *key_der = NULL;
unsigned char *params = NULL, *key = NULL;
int params_len = 0, key_len = 0;
int ret = 0;
if ((params_len = i2d_DSAparams(dsa, &params_der)) <= 0) {
if ((params_len = i2d_DSAparams(dsa, &params)) <= 0) {
DSAerror(ERR_R_MALLOC_FAILURE);
params_len = 0;
goto err;
}
if ((params = ASN1_STRING_type_new(V_ASN1_SEQUENCE)) == NULL) {
if ((astr = ASN1_STRING_type_new(V_ASN1_SEQUENCE)) == NULL) {
DSAerror(ERR_R_MALLOC_FAILURE);
goto err;
}
ASN1_STRING_set0(params, params_der, params_len);
params_der = NULL;
ASN1_STRING_set0(astr, params, params_len);
params = NULL;
params_len = 0;
if ((key = BN_to_ASN1_INTEGER(dsa->priv_key, NULL)) == NULL) {
if ((aint = BN_to_ASN1_INTEGER(dsa->priv_key, NULL)) == NULL) {
DSAerror(DSA_R_BN_ERROR);
goto err;
}
if ((key_len = i2d_ASN1_INTEGER(key, &key_der)) <= 0) {
if ((key_len = i2d_ASN1_INTEGER(aint, &key)) <= 0) {
DSAerror(ERR_R_MALLOC_FAILURE);
key_len = 0;
goto err;
@ -308,25 +318,25 @@ dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
if ((aobj = OBJ_nid2obj(NID_dsa)) == NULL)
goto err;
if (!PKCS8_pkey_set0(p8, aobj, 0, ptype, params, key_der, key_len))
if (!PKCS8_pkey_set0(p8, aobj, 0, ptype, astr, key, key_len))
goto err;
params = NULL;
key_der = NULL;
astr = NULL;
key = NULL;
key_len = 0;
ret = 1;
err:
ASN1_STRING_free(params);
ASN1_INTEGER_free(key);
freezero(params_der, params_len);
freezero(key_der, key_len);
ASN1_STRING_free(astr);
ASN1_INTEGER_free(aint);
freezero(params, params_len);
freezero(key, key_len);
return ret;
}
static int
int_dsa_size(const EVP_PKEY *pkey)
dsa_size(const EVP_PKEY *pkey)
{
return DSA_size(pkey->pkey.dsa);
}
@ -346,12 +356,9 @@ dsa_security_bits(const EVP_PKEY *pkey)
static int
dsa_missing_parameters(const EVP_PKEY *pkey)
{
DSA *dsa;
const DSA *dsa = pkey->pkey.dsa;
dsa = pkey->pkey.dsa;
if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
return 1;
return 0;
return dsa->p == NULL || dsa->q == NULL || dsa->g == NULL;
}
static int
@ -397,7 +404,7 @@ dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
}
static void
int_dsa_free(EVP_PKEY *pkey)
dsa_free(EVP_PKEY *pkey)
{
DSA_free(pkey->pkey.dsa);
}
@ -452,26 +459,33 @@ do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
}
static int
dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
dsa_param_decode(EVP_PKEY *pkey, const unsigned char **params, int params_len)
{
DSA *dsa;
DSA *dsa = NULL;
int ret = 0;
if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
if ((dsa = d2i_DSAparams(NULL, params, params_len)) == NULL) {
DSAerror(ERR_R_DSA_LIB);
return 0;
goto err;
}
if (!dsa_check_key(dsa)) {
DSA_free(dsa);
return 0;
}
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
if (!dsa_check_key(dsa))
goto err;
if (!EVP_PKEY_assign_DSA(pkey, dsa))
goto err;
dsa = NULL;
ret = 1;
err:
DSA_free(dsa);
return ret;
}
static int
dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
dsa_param_encode(const EVP_PKEY *pkey, unsigned char **params)
{
return i2d_DSAparams(pkey->pkey.dsa, pder);
return i2d_DSAparams(pkey->pkey.dsa, params);
}
static int
@ -493,13 +507,14 @@ dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
}
static int
old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **key, int key_len)
{
DSA *dsa;
DSA *dsa = NULL;
BN_CTX *ctx = NULL;
BIGNUM *result;
int ret = 0;
if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
if ((dsa = d2i_DSAPrivateKey(NULL, key, key_len)) == NULL) {
DSAerror(ERR_R_DSA_LIB);
goto err;
}
@ -551,23 +566,24 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
goto err;
}
BN_CTX_end(ctx);
BN_CTX_free(ctx);
if (!EVP_PKEY_assign_DSA(pkey, dsa))
goto err;
dsa = NULL;
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
ret = 1;
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
DSA_free(dsa);
return 0;
return ret;
}
static int
old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **key)
{
return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
return i2d_DSAPrivateKey(pkey->pkey.dsa, key);
}
static int
@ -701,7 +717,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
.priv_encode = dsa_priv_encode,
.priv_print = dsa_priv_print,
.pkey_size = int_dsa_size,
.pkey_size = dsa_size,
.pkey_bits = dsa_bits,
.pkey_security_bits = dsa_security_bits,
@ -713,7 +729,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
.param_print = dsa_param_print,
.sig_print = dsa_sig_print,
.pkey_free = int_dsa_free,
.pkey_free = dsa_free,
.pkey_ctrl = dsa_pkey_ctrl,
.old_priv_decode = old_dsa_priv_decode,
.old_priv_encode = old_dsa_priv_encode

65
lib/libcrypto/dsa/dsa_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dsa_lib.c,v 1.43 2023/07/08 14:28:15 beck Exp $ */
/* $OpenBSD: dsa_lib.c,v 1.44 2023/08/12 06:14:36 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -127,61 +127,46 @@ LCRYPTO_ALIAS(DSA_set_method);
DSA *
DSA_new_method(ENGINE *engine)
{
DSA *ret;
DSA *dsa;
ret = malloc(sizeof(DSA));
if (ret == NULL) {
if ((dsa = calloc(1, sizeof(DSA))) == NULL) {
DSAerror(ERR_R_MALLOC_FAILURE);
return NULL;
goto err;
}
ret->meth = DSA_get_default_method();
dsa->meth = DSA_get_default_method();
dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
dsa->references = 1;
#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (!ENGINE_init(engine)) {
DSAerror(ERR_R_ENGINE_LIB);
free(ret);
return NULL;
goto err;
}
ret->engine = engine;
dsa->engine = engine;
} else
ret->engine = ENGINE_get_default_DSA();
if (ret->engine) {
ret->meth = ENGINE_get_DSA(ret->engine);
if (ret->meth == NULL) {
dsa->engine = ENGINE_get_default_DSA();
if (dsa->engine != NULL) {
if ((dsa->meth = ENGINE_get_DSA(dsa->engine)) == NULL) {
DSAerror(ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
free(ret);
return NULL;
goto err;
}
dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
}
#endif
ret->pad = 0;
ret->version = 0;
ret->p = NULL;
ret->q = NULL;
ret->g = NULL;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data))
goto err;
if (dsa->meth->init != NULL && !dsa->meth->init(dsa))
goto err;
ret->pub_key = NULL;
ret->priv_key = NULL;
return dsa;
ret->kinv = NULL;
ret->r = NULL;
ret->method_mont_p = NULL;
err:
DSA_free(dsa);
ret->references = 1;
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
if (ret->meth->init != NULL && !ret->meth->init(ret)) {
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ret->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
free(ret);
ret = NULL;
}
return ret;
return NULL;
}
LCRYPTO_ALIAS(DSA_new_method);
@ -197,7 +182,7 @@ DSA_free(DSA *r)
if (i > 0)
return;
if (r->meth->finish)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);

10
lib/libcrypto/ec/ec_ameth.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ec_ameth.c,v 1.41 2023/07/07 06:59:18 tb Exp $ */
/* $OpenBSD: ec_ameth.c,v 1.42 2023/08/12 08:07:35 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@ -359,7 +359,7 @@ eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
}
static int
int_ec_size(const EVP_PKEY *pkey)
ec_size(const EVP_PKEY *pkey)
{
return ECDSA_size(pkey->pkey.ec);
}
@ -419,7 +419,7 @@ ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
}
static void
int_ec_free(EVP_PKEY *pkey)
ec_free(EVP_PKEY *pkey)
{
EC_KEY_free(pkey->pkey.ec);
}
@ -994,7 +994,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
.priv_encode = eckey_priv_encode,
.priv_print = eckey_priv_print,
.pkey_size = int_ec_size,
.pkey_size = ec_size,
.pkey_bits = ec_bits,
.pkey_security_bits = ec_security_bits,
@ -1005,7 +1005,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
.param_cmp = ec_cmp_parameters,
.param_print = eckey_param_print,
.pkey_free = int_ec_free,
.pkey_free = ec_free,
.pkey_ctrl = ec_pkey_ctrl,
.old_priv_decode = old_ec_priv_decode,
.old_priv_encode = old_ec_priv_encode,

8
lib/libcrypto/man/DSA_dup_DH.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: DSA_dup_DH.3,v 1.8 2019/06/10 14:58:48 schwarze Exp $
.\" $OpenBSD: DSA_dup_DH.3,v 1.9 2023/08/12 08:26:38 tb Exp $
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 10 2019 $
.Dd $Mdocdate: August 12 2023 $
.Dt DSA_DUP_DH 3
.Os
.Sh NAME
@ -67,10 +67,6 @@ duplicates
parameters/keys as
.Vt DH
parameters/keys.
.Fa r->q
is lost during that conversion, but the resulting
.Vt DH
parameters contain its length.
.Sh RETURN VALUES
.Fn DSA_dup_DH
returns the new

241
lib/libcrypto/man/EVP_DigestInit.3
View file

@ -1,11 +1,11 @@
.\" $OpenBSD: EVP_DigestInit.3,v 1.25 2023/04/23 18:24:01 job Exp $
.\" $OpenBSD: EVP_DigestInit.3,v 1.28 2023/08/14 14:22:32 schwarze Exp $
.\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
.\" selective merge up to: OpenSSL a95d7574 Jul 2 12:16:38 2017 -0400
.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
.\" Copyright (c) 2019, 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -19,9 +19,11 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
.\" and Richard Levitte <levitte@openssl.org>.
.\" Copyright (c) 2000-2004, 2009, 2012-2016 The OpenSSL Project.
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>,
.\" Richard Levitte <levitte@openssl.org>,
.\" Paul Yang <yang.yang@baishancloud.com>, and
.\" Antoine Salon <asalon@vmware.com>.
.\" Copyright (c) 2000-2004, 2009, 2012-2016, 2018, 2019 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@ -68,7 +70,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 23 2023 $
.Dd $Mdocdate: August 14 2023 $
.Dt EVP_DIGESTINIT 3
.Os
.Sh NAME
@ -80,6 +82,9 @@
.Nm EVP_MD_CTX_cleanup ,
.Nm EVP_MD_CTX_destroy ,
.Nm EVP_MD_CTX_ctrl ,
.Nm EVP_MD_CTX_set_flags ,
.Nm EVP_MD_CTX_clear_flags ,
.Nm EVP_MD_CTX_test_flags ,
.Nm EVP_DigestInit_ex ,
.Nm EVP_DigestUpdate ,
.Nm EVP_DigestFinal_ex ,
@ -93,10 +98,14 @@
.Nm EVP_MD_pkey_type ,
.Nm EVP_MD_size ,
.Nm EVP_MD_block_size ,
.Nm EVP_MD_flags ,
.Nm EVP_MD_CTX_md ,
.Nm EVP_MD_CTX_size ,
.Nm EVP_MD_CTX_block_size ,
.Nm EVP_MD_CTX_type ,
.Nm EVP_MD_CTX_md_data ,
.Nm EVP_MD_CTX_pkey_ctx ,
.Nm EVP_MD_CTX_set_pkey_ctx ,
.Nm EVP_md_null ,
.Nm EVP_md5 ,
.Nm EVP_md5_sha1 ,
@ -141,10 +150,25 @@
.Ft int
.Fo EVP_MD_CTX_ctrl
.Fa "EVP_MD_CTX *ctx"
.Fa "int cmd"
.Fa "int command"
.Fa "int p1"
.Fa "void* p2"
.Fc
.Ft void
.Fo EVP_MD_CTX_set_flags
.Fa "EVP_MD_CTX *ctx"
.Fa "int flags"
.Fc
.Ft void
.Fo EVP_MD_CTX_clear_flags
.Fa "EVP_MD_CTX *ctx"
.Fa "int flags"
.Fc
.Ft int
.Fo EVP_MD_CTX_test_flags
.Fa "const EVP_MD_CTX *ctx"
.Fa "int flags"
.Fc
.Ft int
.Fo EVP_DigestInit_ex
.Fa "EVP_MD_CTX *ctx"
@ -210,21 +234,38 @@
.Fo EVP_MD_block_size
.Fa "const EVP_MD *md"
.Fc
.Ft unsigned long
.Fo EVP_MD_flags
.Fa "const EVP_MD *md"
.Fc
.Ft const EVP_MD *
.Fo EVP_MD_CTX_md
.Fa "const EVP_MD_CTX *ctx"
.Fc
.Ft int
.Fo EVP_MD_CTX_size
.Fa "const EVP_MD *ctx"
.Fa "const EVP_MD_CTX *ctx"
.Fc
.Ft int
.Fo EVP_MD_CTX_block_size
.Fa "const EVP_MD *ctx"
.Fa "const EVP_MD_CTX *ctx"
.Fc
.Ft int
.Fo EVP_MD_CTX_type
.Fa "const EVP_MD *ctx"
.Fa "const EVP_MD_CTX *ctx"
.Fc
.Ft void *
.Fo EVP_MD_CTX_md_data
.Fa "const EVP_MD_CTX *ctx"
.Fc
.Ft EVP_PKEY_CTX *
.Fo EVP_MD_CTX_pkey_ctx
.Fa "const EVP_MD_CTX *ctx"
.Fc
.Ft void
.Fo EVP_MD_CTX_set_pkey_ctx
.Fa "EVP_MD_CTX *ctx"
.Fa "EVP_PKEY_CTX *pctx"
.Fc
.Ft const EVP_MD *
.Fn EVP_md_null void
@ -261,7 +302,7 @@
.Fa "const ASN1_OBJECT *o"
.Fc
.Sh DESCRIPTION
The EVP digest routines are a high level interface to message digests
The EVP digest routines are a high-level interface to message digests
and should be used instead of the cipher-specific functions.
.Pp
.Fn EVP_MD_CTX_new
@ -298,8 +339,68 @@ and
respectively.
.Pp
.Fn EVP_MD_CTX_ctrl
performs digest-specific control actions on the context
performs the digest-specific control
.Fa command
with the command-specific arguments
.Fa p1
and
.Fa p2
on
.Fa ctx ,
which needs to already be set up with
.Fn EVP_DigestInit_ex
before calling this function.
Other restrictions may apply depending on the control
.Fa command
and digest implementation.
.Pp
If the
.Fa command
is
.Dv EVP_MD_CTRL_MICALG ,
.Fa p1
is ignored and
.Fa p2
is an output argument of the type
.Fa "char **p2" .
A string specifying the digest Message Integrity Check algorithm
is allocated and a pointer to this string is returned in
.Pf * Fa p2 .
It is the responsibility of the caller to
.Xr free 3
.Pf * Fa p2
when it is no longer needed.
This
.Fa command
is used by
.Xr SMIME_write_ASN1 3
when creating S/MIME multipart/signed messages as specified in RFC 3851.
.Pp
.Fn EVP_MD_CTX_set_flags
sets and
.Fn EVP_MD_CTX_clear_flags
clears all the flag bits in
.Fa ctx
that are set in the
.Fa flags
argument.
.Fn EVP_MD_CTX_test_flags
tests which of the flag bits that are set in the
.Fa flags
argument are also set in
.Fa ctx .
Possible flag bits are:
.Bl -tag -width Ds -offset 2n
.It Dv EVP_MD_CTX_FLAG_NO_INIT
Instruct
.Fn EVP_DigestInit_ex
and functions calling it not to initialise the internal data
that is specific to the digest method and its implementation.
.It Dv EVP_MD_CTX_FLAG_ONESHOT
Instruct the digest to optimize for one update only, if possible.
For digest algorithms built into the library, this flag usually
has no effect.
.El
.Pp
.Fn EVP_DigestInit_ex
sets up the digest context
@ -434,15 +535,29 @@ structure.
.Fn EVP_MD_type
and
.Fn EVP_MD_CTX_type
return the NID of the OBJECT IDENTIFIER representing the given message
digest when passed an
.Vt EVP_MD
structure.
return the NID of the OBJECT IDENTIFIER representing the message digest.
For example
.Fn EVP_MD_type EVP_sha1()
returns
.Dv NID_sha1 .
This function is normally used when setting ASN.1 OIDs.
These functions are normally used when setting ASN.1 OIDs.
.Pp
.Fn EVP_MD_CTX_md_data
returns the digest method private data of
.Fa ctx .
The space was allocated and its size set with
.Xr EVP_MD_meth_set_app_datasize 3 .
.Pp
.Fn EVP_MD_flags
returns the
.Fa md
flags.
These are different from the
.Vt EVP_MD_CTX
ones.
See
.Xr EVP_MD_meth_set_flags 3
for more information.
.Pp
.Fn EVP_MD_pkey_type
returns the NID of the public key signing algorithm associated with this
@ -454,6 +569,56 @@ is associated with RSA so this will return
Since digests and signature algorithms are no longer linked, this
function is only retained for compatibility reasons.
.Pp
.Fn EVP_MD_CTX_pkey_ctx
returns the
.Vt EVP_PKEY_CTX
assigned to
.Fa ctx .
The returned pointer should not be freed by the caller.
.Pp
.Fn EVP_MD_CTX_set_pkey_ctx
assigns
.Fa pctx
to
.Fa ctx .
This is normally used to provide a customized
.Vt EVP_PKEY_CTX
to
.Xr EVP_DigestSignInit 3
or
.Xr EVP_DigestVerifyInit 3 .
The caller retains ownership of the
.Fa pctx
passed to this function and is responsible for freeing it
when it is no longer needed.
.Pp
If the
.Fa ctx
already contains a
.Vt EVP_PKEY_CTX
when this function is called, that old
.Vt EVP_PKEY_CTX
is freed if it was created internally, but if it was also installed with
.Fn EVP_MD_CTX_set_pkey_ctx ,
the pointer to the old
.Vt EVP_PKEY_CTX
is merely replaced by the new pointer and ownership of the old
.Vt EVP_PKEY_CTX
remains with the previous caller.
.Pp
Passing a
.Dv NULL
pointer for the
.Fa pctx
argument is also allowed.
In that case, any
.Vt EVP_PKEY_CTX
already assigned to
.Fa ctx
is dissociated from it as described above, but no new
.Vt EVP_PKEY_CTX
is assigned.
.Pp
.Fn EVP_md5 ,
.Fn EVP_sha1 ,
.Fn EVP_sha224 ,
@ -502,7 +667,7 @@ and
are implemented as macros.
.Pp
The EVP interface to message digests should almost always be used
in preference to the low level interfaces.
in preference to the low-level interfaces.
This is because the code then becomes transparent to the digest used and
much more flexible.
.Pp
@ -559,6 +724,12 @@ and
.Fn EVP_MD_CTX_copy
return 1 for success or 0 for failure.
.Pp
.Fn EVP_MD_CTX_test_flags
returns the bitwise OR of the
.Fa flags
argument and the flags set in
.Fa ctx .
.Pp
.Fn EVP_MD_type ,
.Fn EVP_MD_pkey_type ,
and
@ -610,6 +781,7 @@ This example digests the data "Test Message\en" and "Hello World\en",
using the digest name passed on the command line.
.Bd -literal -offset indent
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
int
@ -620,7 +792,7 @@ main(int argc, char *argv[])
const char mess1[] = "Test Message\en";
const char mess2[] = "Hello World\en";
unsigned char md_value[EVP_MAX_MD_SIZE];
int md_len, i;
unsigned int md_len, i;
if (argc <= 1) {
printf("Usage: mdtest digestname\en");
@ -655,8 +827,10 @@ main(int argc, char *argv[])
.Xr EVP_BytesToKey 3 ,
.Xr EVP_DigestSignInit 3 ,
.Xr EVP_DigestVerifyInit 3 ,
.Xr EVP_MD_meth_new 3 ,
.Xr EVP_PKEY_CTX_set_signature_md 3 ,
.Xr EVP_PKEY_meth_set_signctx 3 ,
.Xr EVP_sha3_224 3 ,
.Xr EVP_SignInit 3 ,
.Xr EVP_sm3 3 ,
.Xr EVP_VerifyInit 3 ,
@ -715,6 +889,9 @@ first appeared in OpenSSL 0.9.5 and has been available since
.Fn EVP_MD_CTX_create ,
.Fn EVP_MD_CTX_cleanup ,
.Fn EVP_MD_CTX_destroy ,
.Fn EVP_MD_CTX_set_flags ,
.Fn EVP_MD_CTX_clear_flags ,
.Fn EVP_MD_CTX_test_flags ,
.Fn EVP_DigestInit_ex ,
.Fn EVP_DigestFinal_ex ,
.Fn EVP_Digest ,
@ -732,11 +909,10 @@ first appeared in OpenSSL 0.9.7h and 0.9.8a
and have been available since
.Ox 4.0 .
.Pp
.Fn EVP_sha512_224
and
.Fn EVP_sha512_256
first appeared in OpenSSL 1.1.1 and has been available since
.Ox 7.4 .
.Fn EVP_MD_flags
first appeared in OpenSSL 1.0.0
and has been available since
.Ox 4.9 .
.Pp
.Fn EVP_MD_CTX_ctrl
first appeared in OpenSSL 1.1.0 and has been available since
@ -750,6 +926,21 @@ and
first appeared in OpenSSL 1.1.0 and have been available since
.Ox 6.3 .
.Pp
.Fn EVP_MD_CTX_md_data
and
.Fn EVP_MD_CTX_pkey_ctx
first appeared in OpenSSL 1.1.0 and
.Fn EVP_MD_CTX_set_pkey_ctx
in OpenSSL 1.1.1.
These functions have been available since
.Ox 7.1 .
.Pp
.Fn EVP_sha512_224
and
.Fn EVP_sha512_256
first appeared in OpenSSL 1.1.1 and have been available since
.Ox 7.4 .
.Pp
The link between digests and signing algorithms was fixed in OpenSSL 1.0
and later, so now
.Fn EVP_sha1

24
lib/libcrypto/man/EVP_EncryptInit.3
View file

@ -1,9 +1,7 @@
.\" $OpenBSD: EVP_EncryptInit.3,v 1.44 2022/08/31 14:27:34 tb Exp $
.\" $OpenBSD: EVP_EncryptInit.3,v 1.46 2023/08/16 13:50:05 schwarze Exp $
.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
.\" 7c6d372a Nov 20 13:20:01 2018 +0000
.\" selective merge up to: OpenSSL 16cfc2c9 Mar 8 22:30:28 2018 +0100
.\" EVP_chacha20.pod 8fa4d95e Oct 21 11:59:09 2017 +0900
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
@ -71,7 +69,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 31 2022 $
.Dd $Mdocdate: August 16 2023 $
.Dt EVP_ENCRYPTINIT 3
.Os
.Sh NAME
@ -149,8 +147,7 @@
.Nm EVP_cast5_ecb ,
.Nm EVP_cast5_cfb64 ,
.Nm EVP_cast5_cfb ,
.Nm EVP_cast5_ofb ,
.Nm EVP_chacha20
.Nm EVP_cast5_ofb
.Nd EVP cipher routines
.Sh SYNOPSIS
.In openssl/evp.h
@ -906,6 +903,15 @@ return 1 for success or 0 for failure.
.Fn EVP_CIPHER_CTX_set_padding
always returns 1.
.Pp
.Fn EVP_CIPHER_CTX_ctrl
usually returns 1 for success, 0 for failure, or \-1 if the
.Fa type
is not supported by the
.Fa ctx ,
but there may be exceptions for some
.Fa type
arguments.
.Pp
.Fn EVP_get_cipherbyname ,
.Fn EVP_get_cipherbynid ,
and
@ -1020,11 +1026,6 @@ This is a variable key length cipher.
is an alias for
.Fn EVP_cast5_cfb64 ,
implemented as a macro.
.It Fn EVP_chacha20
The ChaCha20 stream cipher.
The key length is 256 bits.
The first 32 bits of the 128-bit IV are used as a counter,
and the remaining 96 bits as a nonce.
.El
.Pp
See also
@ -1241,6 +1242,7 @@ do_crypt(FILE *in, FILE *out, int do_encrypt)
.Xr EVP_AEAD_CTX_init 3 ,
.Xr EVP_aes_128_cbc 3 ,
.Xr EVP_camellia_128_cbc 3 ,
.Xr EVP_chacha20 3 ,
.Xr EVP_des_cbc 3 ,
.Xr EVP_OpenInit 3 ,
.Xr EVP_rc4 3 ,

20
lib/libcrypto/man/EVP_MD_meth_new.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_MD_meth_new.3,v 1.2 2023/07/09 06:47:51 tb Exp $
.\" $OpenBSD: EVP_MD_meth_new.3,v 1.3 2023/08/12 16:48:23 schwarze Exp $
.\" selective merge up to:
.\" OpenSSL man3/EVP_MD_meth_new 0388d212 Dec 14 12:47:07 2018 -0800
.\"
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 9 2023 $
.Dd $Mdocdate: August 12 2023 $
.Dt EVP_MD_METH_NEW 3
.Os
.Sh NAME
@ -130,7 +130,7 @@
.Ft int
.Fo EVP_MD_meth_set_ctrl
.Fa "EVP_MD *md"
.Fa "int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)"
.Fa "int (*control)(EVP_MD_CTX *ctx, int command, int p1, void *p2)"
.Fc
.Sh DESCRIPTION
The
@ -267,11 +267,21 @@ and
.Xr EVP_MD_CTX_free 3 .
.Pp
.Fn EVP_MD_meth_set_ctrl
sets the control function for
sets the
.Fa control
function for
.Fa md .
The
.Fa control
function supplied by the application program has to return 1 to indicate
success, 0 to indicate failure, or \-1 if the
.Fa command
is not supported for this digest method.
See
.Xr EVP_MD_CTX_ctrl 3
for the available controls.
for the available
.Fa command
arguments.
.Sh RETURN VALUES
.Fn EVP_MD_meth_new
and

259
lib/libcrypto/man/EVP_chacha20.3 Normal file
View file

@ -0,0 +1,259 @@
.\" $OpenBSD: EVP_chacha20.3,v 1.2 2023/08/16 13:47:18 schwarze Exp $
.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Ronald Tse <ronald.tse@ribose.com>.
.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For written permission, please contact
.\" openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\" nor may "OpenSSL" appear in their names without prior written
.\" permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 16 2023 $
.Dt EVP_CHACHA20 3
.Os
.Sh NAME
.Nm EVP_chacha20 ,
.Nm EVP_chacha20_poly1305
.Nd ChaCha20 stream cipher for EVP
.Sh SYNOPSIS
.In openssl/evp.h
.Ft const EVP_CIPHER *
.Fn EVP_chacha20 void
.Ft const EVP_CIPHER *
.Fn EVP_chacha20_poly1305 void
.Sh DESCRIPTION
.Fn EVP_chacha20
provides the ChaCha20 stream cipher in the EVP framework.
.Xr EVP_EncryptInit_ex 3 ,
.Xr EVP_DecryptInit_ex 3 ,
and
.Xr EVP_CipherInit_ex 3
take a
.Fa key
argument of 32 bytes = 256 bits and an
.Fa iv
argument of 16 bytes = 128 bits, internally using
.Xr ChaCha_set_key 3
and
.Xr ChaCha_set_iv 3 .
Due to the symmetry of the internal cipher state, interpreting the
.Fa iv
argument as a 4 byte counter followed by a 12 byte nonce
or interpreting it as an 8 byte counter followed by an 8 byte nonce
is functionally equivalent.
.Xr EVP_EncryptUpdate 3 ,
.Xr EVP_EncryptFinal_ex 3 ,
.Xr EVP_DecryptUpdate 3 ,
and
.Xr EVP_DecryptFinal_ex 3
internally use
.Xr ChaCha 3
to perform encryption and decryption.
.Xr EVP_CIPHER_CTX_ctrl 3
always fails for
.Fa ctx
objects created from
.Fn EVP_chacha20 .
.Pp
.Fn EVP_chacha20_poly1305
provides authenticated encryption with ChaCha20-Poly1305.
.Xr EVP_EncryptInit_ex 3 ,
.Xr EVP_DecryptInit_ex 3 ,
and
.Xr EVP_CipherInit_ex 3
take a
.Fa key
argument of 32 bytes = 256 bits and an
.Fa iv
argument of 12 bytes = 96 bits.
This supports additional authenticated data (AAD) and produces a 128-bit
authentication tag.
.Pp
The following
.Fa type
arguments are supported for
.Xr EVP_CIPHER_CTX_ctrl 3 :
.Bl -tag -width Ds
.It Dv EVP_CTRL_AEAD_GET_TAG
Copy the number of bytes indicated by the
.Fa arg
argument from the tag to the location indicated by the
.Fa ptr
argument;
to be called after
.Xr EVP_EncryptFinal_ex 3 .
This control operation fails if the
.Fa ctx
is not configured for encryption or if
.Fa arg
is less than 1 or greater than 16.
.It Dv EVP_CTRL_AEAD_SET_TAG
Copy the number of bytes indicated by the
.Fa arg
argument from the location indicated by the
.Fa ptr
argument and designate them as the expected tag length and tag,
causing subsequent
.Xr EVP_DecryptFinal_ex 3
to fail if the tag calculated during decryption does not match.
It is strongly recommended to specify
.Fa arg
as exactly 16.
Otherwise, only the initial part of the tag may be compared
and mismatches near the end of the tag may get silently irgnored.
This control operation fails if the
.Fa ctx
is configured for encryption or if
.Fa arg
is less than 1 or greater than 16.
If the
.Fa ptr
argument is a
.Dv NULL
pointer, this control operation succeeds without having any effect.
.It EVP_CTRL_AEAD_SET_IV_FIXED
Set the initialization vector by reading the 12 bytes pointed to by the
.Fa ptr
argument, independently of
.Xr EVP_EncryptInit_ex 3 ,
.Xr EVP_DecryptInit_ex 3 ,
and
.Xr EVP_CipherInit_ex 3 .
This control operation fails if the
.Fa arg
argument is not exactly 12.
.It Dv EVP_CTRL_AEAD_SET_IVLEN
Instruct subsequent
.Xr EVP_EncryptInit_ex 3 ,
.Xr EVP_DecryptInit_ex 3 ,
or
.Xr EVP_CipherInit_ex 3
to expect an
.Fa iv
argument shorter than the default of 12 bytes; the
.Fa arg
argument specifies the number of bytes to be used.
The initialization functions will only read
the specified smaller number of bytes from
.Fa iv
and internally zero-pad them on the left.
Using this is not recommended because it is likely more fragile
and less often tested than the equivalent method of simply providing
a full-sized
.Fa iv .
This control operation fails if
.Fa arg
is less than 1 or greater than 16.
.It Dv EVP_CTRL_INIT
Set the length of the initialization vector to the default value
of 12 bytes and clear the Poly1305 internal state.
The application program usually does not need to invoke this contol
operation manually because it is automatically called internally by
.Xr EVP_EncryptInit_ex 3 ,
.Xr EVP_DecryptInit_ex 3 ,
and
.Xr EVP_CipherInit_ex 3 .
.El
.Sh RETURN VALUES
.Fn EVP_chacha20
and
.Fn EVP_chacha20_poly1305
return pointers to static
.Vt EVP_CIPHER
objects that contain the implementations of the symmetric cipher.
.Pp
If
.Fa ctx
was created from
.Fn EVP_chacha20
or
.Fn EVP_chacha20_poly1305 ,
.Xr EVP_CIPHER_CTX_ctrl 3
returns 1 for success or 0 for failure.
.Sh SEE ALSO
.Xr ChaCha 3 ,
.Xr evp 3 ,
.Xr EVP_aead_chacha20_poly1305 3 ,
.Xr EVP_CIPHER_meth_new 3 ,
.Xr EVP_EncryptInit 3
.Sh STANDARDS
.Rs
.%A A. Langley
.%A W. Chang
.%D November 2013
.%R draft-agl-tls-chacha20poly1305-04
.%T ChaCha20 and Poly1305 based Cipher Suites for TLS
.Re
.Pp
.Rs
.%A Y. Nir
.%A A. Langley
.%D May 2015
.%R RFC 7539
.%T ChaCha20 and Poly1305 for IETF Protocols
.Re
.Sh HISTORY
.Fn EVP_chacha20
first appeared in
.Ox 5.6 .
.Pp
.Fn EVP_chacha20_poly1305
first appeared in OpenSSL 1.1.0 and has been available since
.Ox 7.2 .

92
lib/libcrypto/man/EVP_sha3_224.3 Normal file
View file

@ -0,0 +1,92 @@
.\" $OpenBSD: EVP_sha3_224.3,v 1.2 2023/08/15 11:54:38 schwarze Exp $
.\" selective merge up to: OpenSSL bbda8ce9 Oct 31 15:43:01 2017 +0800
.\"
.\" This file was written by Ronald Tse <ronald.tse@ribose.com>.
.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For written permission, please contact
.\" openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\" nor may "OpenSSL" appear in their names without prior written
.\" permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 15 2023 $
.Dt EVP_SHA3_224 3
.Os
.Sh NAME
.Nm EVP_sha3_224 ,
.Nm EVP_sha3_256 ,
.Nm EVP_sha3_384 ,
.Nm EVP_sha3_512
.Nd Secure Hash Algorithm 3 for EVP
.Sh SYNOPSIS
.In openssl/evp.h
.Ft const EVP_MD *
.Fn EVP_sha3_224 void
.Ft const EVP_MD *
.Fn EVP_sha3_256 void
.Ft const EVP_MD *
.Fn EVP_sha3_384 void
.Ft const EVP_MD *
.Fn EVP_sha3_512 void
.Sh DESCRIPTION
SHA-3 (Secure Hash Algorithm 3) is a family of cryptographic hash
functions standardized in NIST FIPS 202, first published in 2015.
It is based on the Keccak algorithm.
.Pp
.Fn EVP_sha3_224 ,
.Fn EVP_sha3_256 ,
.Fn EVP_sha3_384 ,
and
.Fn EVP_sha3_512
implement the SHA3-224, SHA3-256, SHA3-384, and SHA3-512 algorithms
and produce 224, 256, 384 and 512 bits of output from a given input,
respectively.
.Sh RETURN VALUES
These functions return pointers to static
.Vt EVP_MD
objects implementing the hash functions.
.Sh SEE ALSO
.Xr evp 3 ,
.Xr EVP_DigestInit 3 ,
.Xr EVP_MD_meth_new 3
.Sh STANDARDS
NIST FIPS 202

4
lib/libcrypto/man/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.259 2023/07/28 05:48:33 tb Exp $
# $OpenBSD: Makefile,v 1.261 2023/08/15 11:26:49 schwarze Exp $
.include <bsd.own.mk>
@ -200,8 +200,10 @@ MAN= \
EVP_VerifyInit.3 \
EVP_aes_128_cbc.3 \
EVP_camellia_128_cbc.3 \
EVP_chacha20.3 \
EVP_des_cbc.3 \
EVP_rc4.3 \
EVP_sha3_224.3 \
EVP_sm3.3 \
EVP_sm4_cbc.3 \
EVP_whirlpool.3 \

68
lib/libcrypto/man/evp.3
View file

@ -1,5 +1,5 @@
.\" $OpenBSD: evp.3,v 1.15 2023/07/09 06:49:25 tb Exp $
.\" OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100
.\" $OpenBSD: evp.3,v 1.17 2023/08/15 11:26:49 schwarze Exp $
.\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>,
.\" Matt Caswell <matt@openssl.org>, Geoff Thorpe <geoff@openssl.org>,
@ -51,16 +51,16 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 9 2023 $
.Dd $Mdocdate: August 15 2023 $
.Dt EVP 3
.Os
.Sh NAME
.Nm evp
.Nd high level cryptographic functions
.Nd high-level cryptographic functions
.Sh SYNOPSIS
.In openssl/evp.h
.Sh DESCRIPTION
The EVP library provides a high level interface to cryptographic
The EVP library provides a high-level interface to cryptographic
functions.
.Pp
.Xr EVP_SealInit 3
@ -95,7 +95,7 @@ functions.
.Pp
The
.Fn EVP_PKEY_*
functions provide a high level interface to asymmetric algorithms.
functions provide a high-level interface to asymmetric algorithms.
To create a new
.Vt EVP_PKEY ,
see
@ -127,7 +127,7 @@ and
.Xr EVP_PKEY_verify_recover 3 .
However, note that these functions do not perform a digest of the
data to be signed.
Therefore normally you would use the
Therefore, normally you would use the
.Xr EVP_DigestSignInit 3
functions for this purpose.
.It
@ -169,45 +169,91 @@ implementations of ciphers or digests are registered as defaults,
then the various EVP functions will automatically use those
implementations in preference to built in software implementations.
.Pp
Although low level algorithm specific functions exist for many
Although low-level algorithm specific functions exist for many
algorithms, their use is discouraged.
They cannot be used with an
.Vt ENGINE ,
and
.Vt ENGINE
versions of new algorithms cannot be accessed using the low level
versions of new algorithms cannot be accessed using the low-level
functions.
Using them also makes code harder to adapt to new algorithms, some
options are not cleanly supported at the low level, and some
operations are more efficient using the high level interfaces.
operations are more efficient using the high-level interfaces.
.Sh SEE ALSO
.Xr ASN1_item_digest 3 ,
.Xr ASN1_item_sign 3 ,
.Xr BIO_f_cipher 3 ,
.Xr BIO_f_md 3 ,
.Xr CMAC_Init 3 ,
.Xr CMS_encrypt 3 ,
.Xr CMS_sign 3 ,
.Xr crypto 3 ,
.Xr d2i_PKCS8PrivateKey_bio 3 ,
.Xr d2i_PrivateKey 3 ,
.Xr ENGINE_get_cipher 3 ,
.Xr ENGINE_register_RSA 3 ,
.Xr EVP_AEAD_CTX_init 3 ,
.Xr EVP_aes_128_cbc 3 ,
.Xr EVP_BytesToKey 3 ,
.Xr EVP_camellia_128_cbc 3 ,
.Xr EVP_chacha20 3 ,
.Xr EVP_CIPHER_meth_new 3 ,
.Xr EVP_des_cbc 3 ,
.Xr EVP_DigestInit 3 ,
.Xr EVP_DigestSignInit 3 ,
.Xr EVP_DigestVerifyInit 3 ,
.Xr EVP_EncodeInit 3 ,
.Xr EVP_EncryptInit 3 ,
.Xr EVP_MD_meth_new 3 ,
.Xr EVP_OpenInit 3 ,
.Xr EVP_PKCS82PKEY 3 ,
.Xr EVP_PKEY_add1_attr 3 ,
.Xr EVP_PKEY_asn1_get_count 3 ,
.Xr EVP_PKEY_asn1_new 3 ,
.Xr EVP_PKEY_check 3 ,
.Xr EVP_PKEY_cmp 3 ,
.Xr EVP_PKEY_CTX_ctrl 3 ,
.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_CTX_set_hkdf_md 3 ,
.Xr EVP_PKEY_decrypt 3 ,
.Xr EVP_PKEY_derive 3 ,
.Xr EVP_PKEY_encrypt 3 ,
.Xr EVP_PKEY_get_default_digest_nid 3 ,
.Xr EVP_PKEY_keygen 3 ,
.Xr EVP_PKEY_meth_get0_info 3 ,
.Xr EVP_PKEY_meth_new 3 ,
.Xr EVP_PKEY_new 3 ,
.Xr EVP_PKEY_print_private 3 ,
.Xr EVP_PKEY_set1_RSA 3 ,
.Xr EVP_PKEY_sign 3 ,
.Xr EVP_PKEY_size 3 ,
.Xr EVP_PKEY_verify 3 ,
.Xr EVP_PKEY_verify_recover 3 ,
.Xr EVP_rc4 3 ,
.Xr EVP_SealInit 3 ,
.Xr EVP_sha3_224 3 ,
.Xr EVP_SignInit 3 ,
.Xr EVP_sm3 3 ,
.Xr EVP_sm4_cbc 3 ,
.Xr EVP_VerifyInit 3 ,
.Xr EVP_whirlpool 3
.Xr EVP_whirlpool 3 ,
.Xr HMAC 3 ,
.Xr OCSP_basic_sign 3 ,
.Xr OCSP_request_sign 3 ,
.Xr PEM_get_EVP_CIPHER_INFO 3 ,
.Xr PEM_read_bio_PrivateKey 3 ,
.Xr PKCS12_create 3 ,
.Xr PKCS5_PBKDF2_HMAC 3 ,
.Xr PKCS7_encrypt 3 ,
.Xr PKCS7_sign 3 ,
.Xr RSA_pkey_ctx_ctrl 3 ,
.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 ,
.Xr X509_ALGOR_set_md 3 ,
.Xr X509_check_private_key 3 ,
.Xr X509_CRL_METHOD_new 3 ,
.Xr X509_digest 3 ,
.Xr X509_get_pubkey 3 ,
.Xr X509_PUBKEY_set 3 ,
.Xr X509_sign 3 ,
.Xr X509_to_X509_REQ 3

136
lib/libcrypto/md5/md5.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: md5.c,v 1.13 2023/08/10 14:04:54 jsing Exp $ */
/* $OpenBSD: md5.c,v 1.18 2023/08/15 08:39:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -64,21 +64,16 @@
#include <openssl/md5.h>
#include "crypto_internal.h"
/* Ensure that MD5_LONG and uint32_t are equivalent size. */
CTASSERT(sizeof(MD5_LONG) == sizeof(uint32_t));
#ifdef MD5_ASM
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
# define md5_block_data_order md5_block_asm_data_order
# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
# define md5_block_data_order md5_block_asm_data_order
# endif
void md5_block_asm_data_order(MD5_CTX *c, const void *p, size_t num);
#define md5_block_data_order md5_block_asm_data_order
#endif
__BEGIN_HIDDEN_DECLS
void md5_block_data_order (MD5_CTX *c, const void *p, size_t num);
__END_HIDDEN_DECLS
#define DATA_ORDER_IS_LITTLE_ENDIAN
#define HASH_LONG MD5_LONG
@ -129,16 +124,15 @@ __END_HIDDEN_DECLS
a=ROTATE(a,s); \
a+=b; };
/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
*/
/* Implemented from RFC1321 The MD5 Message-Digest Algorithm. */
#ifndef md5_block_data_order
void
md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
#ifndef MD5_ASM
static void
md5_block_data_order(MD5_CTX *c, const void *_in, size_t num)
{
const unsigned char *data = data_;
unsigned int A, B, C, D, l;
unsigned int X0, X1, X2, X3, X4, X5, X6, X7,
const uint8_t *in = _in;
MD5_LONG A, B, C, D;
MD5_LONG X0, X1, X2, X3, X4, X5, X6, X7,
X8, X9, X10, X11, X12, X13, X14, X15;
A = c->A;
@ -147,53 +141,39 @@ md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
D = c->D;
for (; num--; ) {
HOST_c2l(data, l);
X0 = l;
HOST_c2l(data, l);
X1 = l;
X0 = crypto_load_le32toh(&in[0 * 4]);
X1 = crypto_load_le32toh(&in[1 * 4]);
X2 = crypto_load_le32toh(&in[2 * 4]);
X3 = crypto_load_le32toh(&in[3 * 4]);
X4 = crypto_load_le32toh(&in[4 * 4]);
X5 = crypto_load_le32toh(&in[5 * 4]);
X6 = crypto_load_le32toh(&in[6 * 4]);
X7 = crypto_load_le32toh(&in[7 * 4]);
X8 = crypto_load_le32toh(&in[8 * 4]);
X9 = crypto_load_le32toh(&in[9 * 4]);
X10 = crypto_load_le32toh(&in[10 * 4]);
X11 = crypto_load_le32toh(&in[11 * 4]);
X12 = crypto_load_le32toh(&in[12 * 4]);
X13 = crypto_load_le32toh(&in[13 * 4]);
X14 = crypto_load_le32toh(&in[14 * 4]);
X15 = crypto_load_le32toh(&in[15 * 4]);
in += MD5_CBLOCK;
/* Round 0 */
R0(A, B, C, D, X0, 7, 0xd76aa478L);
HOST_c2l(data, l);
X2 = l;
R0(D, A, B, C, X1, 12, 0xe8c7b756L);
HOST_c2l(data, l);
X3 = l;
R0(C, D, A, B, X2, 17, 0x242070dbL);
HOST_c2l(data, l);
X4 = l;
R0(B, C, D, A, X3, 22, 0xc1bdceeeL);
HOST_c2l(data, l);
X5 = l;
R0(A, B, C, D, X4, 7, 0xf57c0fafL);
HOST_c2l(data, l);
X6 = l;
R0(D, A, B, C, X5, 12, 0x4787c62aL);
HOST_c2l(data, l);
X7 = l;
R0(C, D, A, B, X6, 17, 0xa8304613L);
HOST_c2l(data, l);
X8 = l;
R0(B, C, D, A, X7, 22, 0xfd469501L);
HOST_c2l(data, l);
X9 = l;
R0(A, B, C, D, X8, 7, 0x698098d8L);
HOST_c2l(data, l);
X10 = l;
R0(D, A, B, C, X9, 12, 0x8b44f7afL);
HOST_c2l(data, l);
X11 = l;
R0(C, D, A, B, X10, 17, 0xffff5bb1L);
HOST_c2l(data, l);
X12 = l;
R0(B, C, D, A, X11, 22, 0x895cd7beL);
HOST_c2l(data, l);
X13 = l;
R0(A, B, C, D, X12, 7, 0x6b901122L);
HOST_c2l(data, l);
X14 = l;
R0(D, A, B, C, X13, 12, 0xfd987193L);
HOST_c2l(data, l);
X15 = l;
R0(C, D, A, B, X14, 17, 0xa679438eL);
R0(B, C, D, A, X15, 22, 0x49b40821L);
/* Round 1 */
@ -256,19 +236,16 @@ md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
}
#endif
#define INIT_DATA_A (unsigned long)0x67452301L
#define INIT_DATA_B (unsigned long)0xefcdab89L
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
int
MD5_Init(MD5_CTX *c)
{
memset (c, 0, sizeof(*c));
c->A = INIT_DATA_A;
c->B = INIT_DATA_B;
c->C = INIT_DATA_C;
c->D = INIT_DATA_D;
memset(c, 0, sizeof(*c));
c->A = 0x67452301UL;
c->B = 0xefcdab89UL;
c->C = 0x98badcfeUL;
c->D = 0x10325476UL;
return 1;
}
LCRYPTO_ALIAS(MD5_Init);
@ -313,8 +290,8 @@ MD5_Update(MD5_CTX *c, const void *data_, size_t len)
n = len/MD5_CBLOCK;
if (n > 0) {
md5_block_data_order (c, data, n);
n *= MD5_CBLOCK;
md5_block_data_order(c, data, n);
n *= MD5_CBLOCK;
data += n;
len -= n;
}
@ -322,7 +299,7 @@ MD5_Update(MD5_CTX *c, const void *data_, size_t len)
if (len != 0) {
p = (unsigned char *)c->data;
c->num = (unsigned int)len;
memcpy (p, data, len);
memcpy(p, data, len);
}
return 1;
}
@ -339,7 +316,6 @@ int
MD5_Final(unsigned char *md, MD5_CTX *c)
{
unsigned char *p = (unsigned char *)c->data;
unsigned long ll;
size_t n = c->num;
p[n] = 0x80; /* there is always room for one */
@ -350,29 +326,19 @@ MD5_Final(unsigned char *md, MD5_CTX *c)
n = 0;
md5_block_data_order(c, p, 1);
}
memset(p + n, 0, MD5_CBLOCK - 8 - n);
p += MD5_CBLOCK - 8;
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
HOST_l2c(c->Nh, p);
HOST_l2c(c->Nl, p);
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
HOST_l2c(c->Nl, p);
HOST_l2c(c->Nh, p);
#endif
p -= MD5_CBLOCK;
memset(p + n, 0, MD5_CBLOCK - 8 - n);
c->data[MD5_LBLOCK - 2] = htole32(c->Nl);
c->data[MD5_LBLOCK - 1] = htole32(c->Nh);
md5_block_data_order(c, p, 1);
c->num = 0;
memset(p, 0, MD5_CBLOCK);
ll = c->A;
HOST_l2c(ll, md);
ll = c->B;
HOST_l2c(ll, md);
ll = c->C;
HOST_l2c(ll, md);
ll = c->D;
HOST_l2c(ll, md);
crypto_store_htole32(&md[0 * 4], c->A);
crypto_store_htole32(&md[1 * 4], c->B);
crypto_store_htole32(&md[2 * 4], c->C);
crypto_store_htole32(&md[3 * 4], c->D);
return 1;
}

14
lib/libcrypto/rsa/rsa_ameth.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rsa_ameth.c,v 1.32 2023/08/10 15:05:28 tb Exp $ */
/* $OpenBSD: rsa_ameth.c,v 1.33 2023/08/12 08:02:43 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@ -273,7 +273,7 @@ rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
}
static int
int_rsa_size(const EVP_PKEY *pkey)
rsa_size(const EVP_PKEY *pkey)
{
return RSA_size(pkey->pkey.rsa);
}
@ -291,7 +291,7 @@ rsa_security_bits(const EVP_PKEY *pkey)
}
static void
int_rsa_free(EVP_PKEY *pkey)
rsa_free(EVP_PKEY *pkey)
{
RSA_free(pkey->pkey.rsa);
}
@ -1088,13 +1088,13 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
.priv_encode = rsa_priv_encode,
.priv_print = rsa_priv_print,
.pkey_size = int_rsa_size,
.pkey_size = rsa_size,
.pkey_bits = rsa_bits,
.pkey_security_bits = rsa_security_bits,
.sig_print = rsa_sig_print,
.pkey_free = int_rsa_free,
.pkey_free = rsa_free,
.pkey_ctrl = rsa_pkey_ctrl,
.old_priv_decode = old_rsa_priv_decode,
.old_priv_encode = old_rsa_priv_encode,
@ -1130,13 +1130,13 @@ const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
.priv_encode = rsa_priv_encode,
.priv_print = rsa_priv_print,
.pkey_size = int_rsa_size,
.pkey_size = rsa_size,
.pkey_bits = rsa_bits,
.pkey_security_bits = rsa_security_bits,
.sig_print = rsa_sig_print,
.pkey_free = int_rsa_free,
.pkey_free = rsa_free,
.pkey_ctrl = rsa_pkey_ctrl,
.item_verify = rsa_item_verify,
.item_sign = rsa_item_sign

173
lib/libcrypto/sha/sha256.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sha256.c,v 1.28 2023/08/10 07:15:23 jsing Exp $ */
/* $OpenBSD: sha256.c,v 1.30 2023/08/11 15:27:28 jsing Exp $ */
/* ====================================================================
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
*
@ -68,24 +68,10 @@
/* Ensure that SHA_LONG and uint32_t are equivalent. */
CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t));
#define DATA_ORDER_IS_BIG_ENDIAN
#define HASH_LONG SHA_LONG
#define HASH_CTX SHA256_CTX
#define HASH_CBLOCK SHA_CBLOCK
#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
#ifdef SHA256_ASM
void sha256_block_data_order(SHA256_CTX *ctx, const void *_in, size_t num);
#endif
#define HASH_NO_UPDATE
#define HASH_NO_TRANSFORM
#define HASH_NO_FINAL
#include "md32_common.h"
#ifndef SHA256_ASM
static const SHA_LONG K256[64] = {
0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
@ -106,36 +92,77 @@ static const SHA_LONG K256[64] = {
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,
};
/*
* FIPS specification refers to right rotations, while our ROTATE macro
* is left one. This is why you might notice that rotation coefficients
* differ from those observed in FIPS document by 32-N...
*/
#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
static inline SHA_LONG
Sigma0(SHA_LONG x)
{
return crypto_ror_u32(x, 2) ^ crypto_ror_u32(x, 13) ^
crypto_ror_u32(x, 22);
}
#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
static inline SHA_LONG
Sigma1(SHA_LONG x)
{
return crypto_ror_u32(x, 6) ^ crypto_ror_u32(x, 11) ^
crypto_ror_u32(x, 25);
}
#define ROUND_00_15(x, i, a, b, c, d, e, f, g, h) do { \
T1 = x + h + Sigma1(e) + Ch(e, f, g) + K256[i]; \
h = Sigma0(a) + Maj(a, b, c); \
d += T1; h += T1; } while (0)
static inline SHA_LONG
sigma0(SHA_LONG x)
{
return crypto_ror_u32(x, 7) ^ crypto_ror_u32(x, 18) ^ (x >> 3);
}
#define ROUND_16_63(i, a, b, c, d, e, f, g, h, X) do { \
s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
ROUND_00_15(T1, i, a, b, c, d, e, f, g, h); } while (0)
static inline SHA_LONG
sigma1(SHA_LONG x)
{
return crypto_ror_u32(x, 17) ^ crypto_ror_u32(x, 19) ^ (x >> 10);
}
static inline SHA_LONG
Ch(SHA_LONG x, SHA_LONG y, SHA_LONG z)
{
return (x & y) ^ (~x & z);
}
static inline SHA_LONG
Maj(SHA_LONG x, SHA_LONG y, SHA_LONG z)
{
return (x & y) ^ (x & z) ^ (y & z);
}
static inline void
sha256_msg_schedule_update(SHA_LONG *W0, SHA_LONG W1,
SHA_LONG W9, SHA_LONG W14)
{
*W0 = sigma1(W14) + W9 + sigma0(W1) + *W0;
}
static inline void
sha256_round(SHA_LONG *a, SHA_LONG *b, SHA_LONG *c, SHA_LONG *d,
SHA_LONG *e, SHA_LONG *f, SHA_LONG *g, SHA_LONG *h,
SHA_LONG Kt, SHA_LONG Wt)
{
SHA_LONG T1, T2;
T1 = *h + Sigma1(*e) + Ch(*e, *f, *g) + Kt + Wt;
T2 = Sigma0(*a) + Maj(*a, *b, *c);
*h = *g;
*g = *f;
*f = *e;
*e = *d + T1;
*d = *c;
*c = *b;
*b = *a;
*a = T1 + T2;
}
static void
sha256_block_data_order(SHA256_CTX *ctx, const void *_in, size_t num)
{
const uint8_t *in = _in;
const SHA_LONG *in32;
unsigned int a, b, c, d, e, f, g, h, s0, s1, T1;
SHA_LONG a, b, c, d, e, f, g, h;
SHA_LONG X[16];
int i;
@ -189,33 +216,57 @@ sha256_block_data_order(SHA256_CTX *ctx, const void *_in, size_t num)
}
in += SHA256_CBLOCK;
ROUND_00_15(X[0], 0, a, b, c, d, e, f, g, h);
ROUND_00_15(X[1], 1, h, a, b, c, d, e, f, g);
ROUND_00_15(X[2], 2, g, h, a, b, c, d, e, f);
ROUND_00_15(X[3], 3, f, g, h, a, b, c, d, e);
ROUND_00_15(X[4], 4, e, f, g, h, a, b, c, d);
ROUND_00_15(X[5], 5, d, e, f, g, h, a, b, c);
ROUND_00_15(X[6], 6, c, d, e, f, g, h, a, b);
ROUND_00_15(X[7], 7, b, c, d, e, f, g, h, a);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[0], X[0]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[1], X[1]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[2], X[2]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[3], X[3]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[4], X[4]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[5], X[5]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[6], X[6]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[7], X[7]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[8], X[8]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[9], X[9]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[10], X[10]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[11], X[11]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[12], X[12]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[13], X[13]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[14], X[14]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[15], X[15]);
ROUND_00_15(X[8], 8, a, b, c, d, e, f, g, h);
ROUND_00_15(X[9], 9, h, a, b, c, d, e, f, g);
ROUND_00_15(X[10], 10, g, h, a, b, c, d, e, f);
ROUND_00_15(X[11], 11, f, g, h, a, b, c, d, e);
ROUND_00_15(X[12], 12, e, f, g, h, a, b, c, d);
ROUND_00_15(X[13], 13, d, e, f, g, h, a, b, c);
ROUND_00_15(X[14], 14, c, d, e, f, g, h, a, b);
ROUND_00_15(X[15], 15, b, c, d, e, f, g, h, a);
for (i = 16; i < 64; i += 16) {
sha256_msg_schedule_update(&X[0], X[1], X[9], X[14]);
sha256_msg_schedule_update(&X[1], X[2], X[10], X[15]);
sha256_msg_schedule_update(&X[2], X[3], X[11], X[0]);
sha256_msg_schedule_update(&X[3], X[4], X[12], X[1]);
sha256_msg_schedule_update(&X[4], X[5], X[13], X[2]);
sha256_msg_schedule_update(&X[5], X[6], X[14], X[3]);
sha256_msg_schedule_update(&X[6], X[7], X[15], X[4]);
sha256_msg_schedule_update(&X[7], X[8], X[0], X[5]);
sha256_msg_schedule_update(&X[8], X[9], X[1], X[6]);
sha256_msg_schedule_update(&X[9], X[10], X[2], X[7]);
sha256_msg_schedule_update(&X[10], X[11], X[3], X[8]);
sha256_msg_schedule_update(&X[11], X[12], X[4], X[9]);
sha256_msg_schedule_update(&X[12], X[13], X[5], X[10]);
sha256_msg_schedule_update(&X[13], X[14], X[6], X[11]);
sha256_msg_schedule_update(&X[14], X[15], X[7], X[12]);
sha256_msg_schedule_update(&X[15], X[0], X[8], X[13]);
for (i = 16; i < 64; i += 8) {
ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 0], X[0]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 1], X[1]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 2], X[2]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 3], X[3]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 4], X[4]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 5], X[5]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 6], X[6]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 7], X[7]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 8], X[8]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 9], X[9]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 10], X[10]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 11], X[11]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 12], X[12]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 13], X[13]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 14], X[14]);
sha256_round(&a, &b, &c, &d, &e, &f, &g, &h, K256[i + 15], X[15]);
}
ctx->h[0] += a;

2
lib/libm/src/s_modff.c
View file

@ -45,6 +45,8 @@ modff(float x, float *iptr)
} else { /* no fraction part */
u_int32_t ix;
*iptr = x*one;
if (jj0 == 0x80) /* +-inf or NaN */
return (0.0 / x); /* +-0 or NaN */
GET_FLOAT_WORD(ix,x);
SET_FLOAT_WORD(x,ix&0x80000000); /* return +-0 */
return x;

2
lib/libz/README
View file

@ -63,7 +63,7 @@ Notes for some targets:
- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 it works
when compiled with cc.
- On Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1 is
- On Digital Unix 4.0D (formerly OSF/1) on AlphaServer, the cc option -std1 is
necessary to get gzprintf working correctly. This is done by configure.
- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with

5
lib/libz/deflate.c
View file

@ -175,6 +175,11 @@ local const config configuration_table[10] = {
* bit values at the expense of memory usage). We slide even when level == 0 to
* keep the hash table consistent if we switch back to level > 0 later.
*/
#if defined(__has_feature)
# if __has_feature(memory_sanitizer)
__attribute__((no_sanitize("memory")))
# endif
#endif
local void slide_hash(deflate_state *s) {
unsigned n, m;
Posf *p;

4
lib/libz/gzlib.c
View file

@ -308,8 +308,8 @@ int ZEXPORT gzbuffer(gzFile file, unsigned size) {
/* check and set requested size */
if ((size << 1) < size)
return -1; /* need to be able to double it */
if (size < 2)
size = 2; /* need two bytes to check magic header */
if (size < 8)
size = 8; /* needed to behave well with flushing */
state->want = size;
return 0;
}

4
lib/libz/gzread.c
View file

@ -443,6 +443,10 @@ int ZEXPORT gzungetc(int c, gzFile file) {
return -1;
state = (gz_statep)file;
/* in case this was just opened, set up the input buffer */
if (state->mode == GZ_READ && state->how == LOOK && state->x.have == 0)
(void)gz_look(state);
/* check that we're reading and that there's no (serious) error */
if (state->mode != GZ_READ ||
(state->err != Z_OK && state->err != Z_BUF_ERROR))

22
libexec/ld.so/dlfcn.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dlfcn.c,v 1.114 2023/07/08 14:09:43 jasper Exp $ */
/* $OpenBSD: dlfcn.c,v 1.115 2023/08/15 06:26:34 guenther Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -39,7 +39,6 @@
#include "archdep.h"
int _dl_errno;
static int _dl_tracelib;
static int _dl_real_close(void *handle);
static lock_cb *_dl_thread_fnc = NULL;
@ -72,7 +71,6 @@ dlopen(const char *libname, int flags)
if ((flags & RTLD_TRACE) == RTLD_TRACE) {
_dl_traceld = 1;
_dl_tracelib = 1;
}
DL_DEB(("dlopen: loading: %s\n", libname));
@ -110,6 +108,11 @@ dlopen(const char *libname, int flags)
/* if opened but grpsym_vec has not been filled in */
if (object->grpsym_vec.len == 0)
_dl_cache_grpsym_list_setup(object);
if (_dl_traceld) {
_dl_show_objects(object);
_dl_unload_shlib(object);
_dl_exit(0);
}
goto loaded;
}
@ -126,7 +129,7 @@ dlopen(const char *libname, int flags)
int err;
DL_DEB(("tail %s\n", object->load_name ));
if (_dl_traceld) {
_dl_show_objects();
_dl_show_objects(object);
_dl_unload_shlib(object);
_dl_exit(0);
}
@ -250,7 +253,7 @@ dlctl(void *handle, int command, void *data)
break;
}
case 0x20:
_dl_show_objects();
_dl_show_objects(NULL);
retval = 0;
break;
case 0x21:
@ -486,7 +489,7 @@ _dl_tracefmt(int fd, elf_object_t *object, const char *fmt1, const char *fmt2,
}
void
_dl_show_objects(void)
_dl_show_objects(elf_object_t *trace)
{
elf_object_t *object;
char *objtypename;
@ -514,12 +517,15 @@ _dl_show_objects(void)
_dl_dprintf(outputfd, "\tStart %s End %s Type Open Ref GrpRef Name\n",
pad, pad);
if (_dl_tracelib) {
for (; object != NULL; object = object->next)
if (trace != NULL) {
for (; object != NULL; object = object->next) {
if (object == trace)
break;
if (object->obj_type == OBJTYPE_LDR) {
object = object->next;
break;
}
}
}
for (; object != NULL; object = object->next) {

21
libexec/ld.so/ldd/ldd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ldd.c,v 1.24 2023/07/24 01:02:47 deraadt Exp $ */
/* $OpenBSD: ldd.c,v 1.26 2023/08/15 13:50:53 deraadt Exp $ */
/*
* Copyright (c) 2001 Artur Grabowski <art@openbsd.org>
* All rights reserved.
@ -48,6 +48,9 @@ main(int argc, char **argv)
{
int c, xflag, ret;
if (pledge("stdio rpath proc exec prot_exec", NULL) == -1)
err(1, "pledge");
xflag = 0;
while ((c = getopt(argc, argv, "x")) != -1) {
switch (c) {
@ -96,7 +99,8 @@ doit(char *name)
{
Elf_Ehdr ehdr;
Elf_Phdr *phdr;
int fd, i, size, status, interp=0;
size_t size;
int fd, i, status, interp=0;
char buf[PATH_MAX];
struct stat st;
void * dlhandle;
@ -118,8 +122,8 @@ doit(char *name)
return 1;
}
if (read(fd, &ehdr, sizeof(ehdr)) < 0) {
warn("read(%s)", name);
if (read(fd, &ehdr, sizeof(ehdr)) != sizeof(ehdr)) {
warnx("%s: incomplete ELF header", name);
close(fd);
return 1;
}
@ -141,7 +145,7 @@ doit(char *name)
size = ehdr.e_phnum * sizeof(Elf_Phdr);
if (pread(fd, phdr, size, ehdr.e_phoff) != size) {
warn("read(%s)", name);
warnx("%s: incomplete program header", name);
close(fd);
free(phdr);
return 1;
@ -162,6 +166,8 @@ doit(char *name)
err(1, "fork");
case 0:
if (ehdr.e_type == ET_DYN && !interp) {
if (pledge("stdio rpath prot_exec", NULL) == -1)
err(1, "pledge");
if (realpath(name, buf) == NULL) {
printf("realpath(%s): %s", name,
strerror(errno));
@ -177,14 +183,13 @@ doit(char *name)
_exit(0);
}
if (pledge("stdio rpath exec", "stdio rpath") == -1)
err(1, "pledge");
if (i == ehdr.e_phnum) {
printf("not a dynamic executable\n");
fflush(stdout);
_exit(0);
}
if (pledge(NULL, "stdio rpath") == -1)
err(1, "pledge");
execl(name, name, (char *)NULL);
perror(name);
_exit(1);

4
libexec/ld.so/library.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: library.c,v 1.91 2023/07/12 19:49:06 jasper Exp $ */
/* $OpenBSD: library.c,v 1.92 2023/08/15 06:23:31 guenther Exp $ */
/*
* Copyright (c) 2002 Dale Rahn
@ -345,7 +345,7 @@ _dl_tryload_shlib(const char *libname, int type, int flags, int nodelete)
_dl_set_tls(object, ptls, libaddr, libname);
/* Request permission for system calls in libc.so's text segment */
if (soname != NULL &&
if (soname != NULL && !_dl_traceld &&
_dl_strncmp(soname, "libc.so.", 8) == 0) {
if (_dl_msyscall(exec_start, exec_size) == -1)
_dl_printf("msyscall %lx %lx error\n",

4
libexec/ld.so/library_mquery.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: library_mquery.c,v 1.71 2023/07/12 19:49:06 jasper Exp $ */
/* $OpenBSD: library_mquery.c,v 1.72 2023/08/15 06:23:31 guenther Exp $ */
/*
* Copyright (c) 2002 Dale Rahn
@ -354,7 +354,7 @@ retry:
libname);
/* Request permission for system calls in libc.so's text segment */
if (soname != NULL &&
if (soname != NULL && !_dl_traceld &&
_dl_strncmp(soname, "libc.so.", 8) == 0) {
if (_dl_msyscall(exec_start, exec_size) == -1)
_dl_printf("msyscall %lx %lx error\n",

4
libexec/ld.so/loader.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: loader.c,v 1.213 2023/07/08 14:09:43 jasper Exp $ */
/* $OpenBSD: loader.c,v 1.214 2023/08/15 06:26:34 guenther Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -701,7 +701,7 @@ _dl_boot(const char **argv, char **envp, const long dyn_loff, long *dl_data)
if (_dl_debug || _dl_traceld) {
if (_dl_traceld)
_dl_pledge("stdio rpath", NULL);
_dl_show_objects();
_dl_show_objects(NULL);
}
DL_DEB(("dynamic loading done, %s.\n",

5
libexec/ld.so/resolve.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: resolve.h,v 1.104 2023/01/29 20:30:56 gnezdo Exp $ */
/* $OpenBSD: resolve.h,v 1.105 2023/08/15 06:26:34 guenther Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -347,6 +347,9 @@ void _dl_trace_setup(char **) __boot;
void _dl_trace_object_setup(elf_object_t *);
int _dl_trace_plt(const elf_object_t *, const char *);
/* dlfcn.c */
void _dl_show_objects(elf_object_t *_object);
/* tib.c */
void _dl_allocate_tls_offsets(void) __boot;
void _dl_allocate_first_tib(void) __boot;

3
libexec/ld.so/util.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: util.h,v 1.38 2023/01/29 20:30:21 gnezdo Exp $ */
/* $OpenBSD: util.h,v 1.39 2023/08/15 06:26:34 guenther Exp $ */
/*
* Copyright (c) 1998 Todd C. Miller <millert@openbsd.org>
@ -59,7 +59,6 @@ size_t _dl_strlcat(char *dst, const char *src, size_t siz);
void _dl_printf(const char *fmt, ...);
void _dl_vprintf(const char *fmt, va_list ap);
void _dl_dprintf(int, const char *fmt, ...);
void _dl_show_objects(void);
void _dl_arc4randombuf(void *, size_t);
u_int32_t _dl_arc4random(void);
ssize_t _dl_write(int fd, const char* buf, size_t len);

70
regress/lib/libc/modf/modf_test.c
View file

@ -1,35 +1,67 @@
/* Public domain, 2014, Tobias Ulmer <tobiasu@tmux.org> */
/* $OpenBSD: modf_test.c,v 1.2 2023/08/13 06:57:04 miod Exp $ */
#include <assert.h>
#include <math.h>
/* Test for bug introduced in 4.4BSD modf() on sparc */
#include <math.h>
/* Public domain, 2014, Tobias Ulmer <tobiasu@tmux.org> */
#define BIGFLOAT (5e15) /* Number large enough to trigger the "big" case */
int
main(void)
void
modf_sparc(void)
{
double f, i;
f = modf(BIGFLOAT, &i);
if (i != BIGFLOAT)
return 1;
if (f != 0.0)
return 1;
assert(i == BIGFLOAT);
assert(f == 0.0);
/* Repeat, maybe we were lucky */
f = modf(BIGFLOAT, &i);
if (i != BIGFLOAT)
return 1;
if (f != 0.0)
return 1;
assert(i == BIGFLOAT);
assert(f == 0.0);
/* With negative number, for good measure */
f = modf(-BIGFLOAT, &i);
if (i != -BIGFLOAT)
return 1;
if (f != 0.0)
return 1;
return 0;
assert(i == -BIGFLOAT);
assert(f == 0.0);
}
/* Test for modf() behaviour on Inf and Nan */
/* Written by Willemijn Coene. Public domain */
void
modf_infnan(void)
{
double f, i;
f = modf(__builtin_inf(), &i);
assert(isinf(i));
assert(signbit(i) == 0);
assert(f == 0.0);
f = modf(-__builtin_inf(), &i);
assert(isinf(i));
assert(signbit(i) != 0);
assert(f == -0.0);
f = modf(NAN, &i);
assert(isnan(i));
assert(signbit(i) == 0);
assert(isnan(f));
assert(signbit(f) == 0);
f = modf(-NAN, &i);
assert(isnan(i));
assert(signbit(i) != 0);
assert(isnan(f));
assert(signbit(f) != 0);
}
int
main(void)
{
modf_sparc();
modf_infnan();
}

376
regress/lib/libcrypto/asn1/asn1basic.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: asn1basic.c,v 1.13 2022/11/26 16:08:56 tb Exp $ */
/* $OpenBSD: asn1basic.c,v 1.15 2023/08/15 21:05:44 tb Exp $ */
/*
* Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -750,6 +751,378 @@ asn1_integer_test(void)
return failed;
}
static const struct asn1_string_new_test {
const char *name;
ASN1_STRING *(*new)(void);
void (*free)(ASN1_STRING *);
int type;
long flags;
} asn1_string_new_tests[] = {
{
.name = "ASN1_STRING",
.new = ASN1_STRING_new,
.free = ASN1_STRING_free,
.type = V_ASN1_OCTET_STRING,
},
{
.name = "ASN1_OCTET_STRING",
.new = ASN1_OCTET_STRING_new,
.free = ASN1_OCTET_STRING_free,
.type = V_ASN1_OCTET_STRING,
},
{
.name = "ASN1_BIT_STRING",
.new = ASN1_BIT_STRING_new,
.free = ASN1_BIT_STRING_free,
.type = V_ASN1_BIT_STRING,
},
{
.name = "ASN1_INTEGER",
.new = ASN1_INTEGER_new,
.free = ASN1_INTEGER_free,
.type = V_ASN1_INTEGER,
},
{
.name = "ASN1_ENUMERATED",
.new = ASN1_ENUMERATED_new,
.free = ASN1_ENUMERATED_free,
.type = V_ASN1_ENUMERATED,
},
{
.name = "ASN1_UTF8STRING",
.new = ASN1_UTF8STRING_new,
.free = ASN1_UTF8STRING_free,
.type = V_ASN1_UTF8STRING,
},
{
.name = "ASN1_IA5STRING",
.new = ASN1_IA5STRING_new,
.free = ASN1_IA5STRING_free,
.type = V_ASN1_IA5STRING,
},
{
.name = "ASN1_UNIVERSALSTRING",
.new = ASN1_UNIVERSALSTRING_new,
.free = ASN1_UNIVERSALSTRING_free,
.type = V_ASN1_UNIVERSALSTRING,
},
{
.name = "ASN1_BMPSTRING",
.new = ASN1_BMPSTRING_new,
.free = ASN1_BMPSTRING_free,
.type = V_ASN1_BMPSTRING,
},
{
.name = "ASN1_GENERALSTRING",
.new = ASN1_GENERALSTRING_new,
.free = ASN1_GENERALSTRING_free,
.type = V_ASN1_GENERALSTRING,
},
{
.name = "ASN1_T61STRING",
.new = ASN1_T61STRING_new,
.free = ASN1_T61STRING_free,
.type = V_ASN1_T61STRING,
},
{
.name = "ASN1_VISIBLESTRING",
.new = ASN1_VISIBLESTRING_new,
.free = ASN1_VISIBLESTRING_free,
.type = V_ASN1_VISIBLESTRING,
},
{
.name = "ASN1_PRINTABLESTRING",
.new = ASN1_PRINTABLESTRING_new,
.free = ASN1_PRINTABLESTRING_free,
.type = V_ASN1_PRINTABLESTRING,
},
{
.name = "ASN1_PRINTABLE",
.new = ASN1_PRINTABLE_new,
.free = ASN1_PRINTABLE_free,
.type = V_ASN1_UNDEF,
.flags = ASN1_STRING_FLAG_MSTRING,
},
{
.name = "DIRECTORYSTRING",
.new = DIRECTORYSTRING_new,
.free = DIRECTORYSTRING_free,
.type = V_ASN1_UNDEF,
.flags = ASN1_STRING_FLAG_MSTRING,
},
{
.name = "DISPLAYTEXT",
.new = DISPLAYTEXT_new,
.free = DISPLAYTEXT_free,
.type = V_ASN1_UNDEF,
.flags = ASN1_STRING_FLAG_MSTRING,
},
{
.name = "ASN1_GENERALIZEDTIME",
.new = ASN1_GENERALIZEDTIME_new,
.free = ASN1_GENERALIZEDTIME_free,
.type = V_ASN1_GENERALIZEDTIME,
},
{
.name = "ASN1_UTCTIME",
.new = ASN1_UTCTIME_new,
.free = ASN1_UTCTIME_free,
.type = V_ASN1_UTCTIME,
},
{
.name = "ASN1_TIME",
.new = ASN1_TIME_new,
.free = ASN1_TIME_free,
.type = V_ASN1_UNDEF,
.flags = ASN1_STRING_FLAG_MSTRING,
},
};
#define N_ASN1_STRING_NEW_TESTS \
(sizeof(asn1_string_new_tests) / sizeof(asn1_string_new_tests[0]))
static int
asn1_string_new_test(void)
{
size_t i;
ASN1_STRING *astr = NULL;
int failed = 1;
for (i = 0; i < N_ASN1_STRING_NEW_TESTS; i++) {
const struct asn1_string_new_test *asnt = &asn1_string_new_tests[i];
if ((astr = asnt->new()) == NULL) {
fprintf(stderr, "%s_new() failed\n", asnt->name);
goto err;
}
if (ASN1_STRING_type(astr) != asnt->type) {
fprintf(stderr, "%s type: want %d, got %d\n",
asnt->name, asnt->type, ASN1_STRING_type(astr));
goto err;
}
if (ASN1_STRING_data(astr) != NULL) {
fprintf(stderr, "%s data != NULL\n", asnt->name);
goto err;
}
if (ASN1_STRING_get0_data(astr) != NULL) {
fprintf(stderr, "%s data != NULL\n", asnt->name);
goto err;
}
if (ASN1_STRING_length(astr) != 0) {
fprintf(stderr, "%s length %d != 0\n", asnt->name,
ASN1_STRING_length(astr));
goto err;
}
ASN1_STRING_length_set(astr, 20);
if (ASN1_STRING_length(astr) != 20) {
fprintf(stderr, "%s length %d != 20\n", asnt->name,
ASN1_STRING_length(astr));
goto err;
}
astr->flags |= ASN1_STRING_FLAG_NDEF;
if (astr->flags != (asnt->flags | ASN1_STRING_FLAG_NDEF)) {
fprintf(stderr, "%s flags: %lx\n", asnt->name,
astr->flags);
goto err;
}
/* ASN1_STRING_set0() clears ASN1_STRING_FLAG_NDEF. */
ASN1_STRING_set0(astr, NULL, 0);
if (astr->flags != asnt->flags) {
fprintf(stderr, "%s flags: %lx != %lx\n", asnt->name,
astr->flags, asnt->flags);
goto err;
}
asnt->free(astr);
astr = NULL;
if ((astr = ASN1_STRING_type_new(asnt->type)) == NULL) {
fprintf(stderr, "ASN1_STRING_type_new(%s) failed\n",
asnt->name);
goto err;
}
if (ASN1_STRING_type(astr) != asnt->type) {
fprintf(stderr, "%s type: want %d, got %d\n",
asnt->name, asnt->type, ASN1_STRING_type(astr));
goto err;
}
if (ASN1_STRING_data(astr) != NULL) {
fprintf(stderr, "%s data != NULL\n", asnt->name);
goto err;
}
/* ASN1_STRING_type_new() does not set flags. */
if (astr->flags != 0) {
fprintf(stderr, "%s flags %lx\n", asnt->name,
astr->flags);
goto err;
}
asnt->free(astr);
astr = NULL;
}
failed = 0;
err:
ASN1_STRING_free(astr);
return failed;
}
static char *comparison_str = "mystring";
static int
asn1_string_cmp_test(void)
{
ASN1_STRING *a = NULL, *b = NULL;
int got, want;
int failed = 1;
if ((got = ASN1_STRING_cmp(NULL, NULL)) != -1) {
fprintf(stderr, "ASN1_STRING_cmp(NULL, NULL): %d != -1\n", got);
goto err;
}
if ((a = ASN1_STRING_new()) == NULL) {
fprintf(stderr, "a = ASN1_STRING_new() failed\n");
goto err;
}
if ((b = ASN1_STRING_type_new(V_ASN1_UTF8STRING)) == NULL) {
fprintf(stderr, "b = ASN1_STRING_type_new() failed\n");
goto err;
}
if ((got = ASN1_STRING_cmp(a, NULL)) != -1) {
fprintf(stderr, "ASN1_STRING_cmp(a, NULL): %d != -1\n", got);
goto err;
}
if ((got = ASN1_STRING_cmp(NULL, a)) != -1) {
fprintf(stderr, "ASN1_STRING_cmp(NULL, a): %d != -1\n", got);
goto err;
}
if (ASN1_STRING_cmp(a, b) >= 0) {
fprintf(stderr, "V_ASN1_OCTET_STRING >= V_ASN1_UTF8STRING\n");
goto err;
}
want = V_ASN1_UTF8STRING - V_ASN1_OCTET_STRING;
if ((got = ASN1_STRING_cmp(b, a)) != want) {
fprintf(stderr, "comparison of octet with utf8 string:"
"want %d, got %d\n", want, got);
goto err;
}
ASN1_STRING_set0(a, comparison_str, strlen(comparison_str));
ASN1_STRING_set0(b, comparison_str, strlen(comparison_str));
/* Ensure any data set on a or b isn't freed/zeroed. */
a->flags |= ASN1_STRING_FLAG_NDEF;
b->flags |= ASN1_STRING_FLAG_NDEF;
if ((got = ASN1_STRING_cmp(b, a)) != want) {
fprintf(stderr, "comparison of octet with utf8 string:"
"want %d, got %d\n", want, got);
goto err;
}
b->type = V_ASN1_OCTET_STRING;
if ((got = ASN1_STRING_cmp(a, b)) != 0) {
fprintf(stderr, "same string on both. want 0, got %d\n", got);
goto err;
}
if (!ASN1_STRING_set(b, "myString", -1)) {
fprintf(stderr, "ASN1_STRING_set(b) failed\n");
goto err;
}
if ((got = ASN1_STRING_cmp(a, b)) <= 0) {
fprintf(stderr, "capitalized letter compares larger: got %d\n",
got);
goto err;
}
if ((got = ASN1_STRING_cmp(b, a)) >= 0) {
fprintf(stderr, "capitalized letter is larger 2: %d\n", got);
goto err;
}
ASN1_STRING_length_set(b, 2);
want = strlen(comparison_str) - 2;
if ((got = ASN1_STRING_cmp(a, b)) != want) {
fprintf(stderr, "comparison of a with truncated b: "
"want %d, got %d\n", want, got);
goto err;
}
want = -want;
if ((got = ASN1_STRING_cmp(b, a)) != want) {
fprintf(stderr, "comparison of truncated b with a: "
"want %d, got %d\n", want, got);
goto err;
}
ASN1_STRING_length_set(a, 2);
if ((got = ASN1_STRING_cmp(a, b)) != 0) {
fprintf(stderr, "both truncated compared to %d\n", got);
goto err;
}
ASN1_STRING_length_set(a, strlen(comparison_str));
ASN1_STRING_set0(b, NULL, 0);
want = strlen(comparison_str);
if ((got = ASN1_STRING_cmp(a, b)) != want) {
fprintf(stderr, "comparison of a with zeroed b: "
"want %d, got %d\n", want, got);
goto err;
}
ASN1_STRING_set0(b, "", 0);
b->flags |= ASN1_STRING_FLAG_NDEF;
if ((got = ASN1_STRING_cmp(a, b)) != want) {
fprintf(stderr, "comparison of a with zero-length b: "
"want %d, got %d\n", want, got);
goto err;
}
ASN1_STRING_set0(a, NULL, 0);
if ((got = ASN1_STRING_cmp(a, b)) != 0) {
fprintf(stderr, "comparison of zeroed a with zero-length b: "
"want 0, got %d\n", got);
goto err;
}
if ((got = ASN1_STRING_cmp(b, a)) != 0) {
fprintf(stderr, "comparison of zero-length b with zeroed a: "
"want 0, got %d\n", got);
goto err;
}
failed = 0;
err:
ASN1_STRING_free(a);
ASN1_STRING_free(b);
return failed;
}
static int
asn1_string_test(void)
{
int failed = 0;
failed |= asn1_string_new_test();
failed |= asn1_string_cmp_test();
return failed;
}
int
main(int argc, char **argv)
{
@ -758,6 +1131,7 @@ main(int argc, char **argv)
failed |= asn1_bit_string_test();
failed |= asn1_boolean_test();
failed |= asn1_integer_test();
failed |= asn1_string_test();
return (failed);
}

269
regress/lib/libcrypto/asn1/asn1x509.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: asn1x509.c,v 1.4 2023/02/13 09:50:47 tb Exp $ */
/* $OpenBSD: asn1x509.c,v 1.5 2023/08/11 22:50:44 tb Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -72,6 +73,20 @@ unsigned char dsa_test_asn1_pubkey[] = {
0x43, 0x86, 0x13, 0x9d, 0x22,
};
const unsigned char dsa_test_asn1_pubkey_noparams[] = {
0x30, 0x51, 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86,
0x48, 0xce, 0x38, 0x04, 0x01, 0x03, 0x44, 0x00,
0x02, 0x41, 0x00, 0x80, 0xd1, 0xb7, 0x4a, 0xd0,
0x18, 0x6a, 0xc5, 0x09, 0x12, 0x78, 0x3b, 0x7f,
0x48, 0xaa, 0x57, 0xf6, 0xef, 0x22, 0x0e, 0xe8,
0x6a, 0xb5, 0xa6, 0x96, 0xc4, 0x5a, 0xfb, 0x2f,
0xcf, 0x86, 0x12, 0x21, 0x9b, 0x06, 0xd3, 0x6b,
0xe5, 0x06, 0x5c, 0xd5, 0x22, 0x15, 0x0b, 0x7e,
0xd3, 0x67, 0x92, 0x93, 0x79, 0xf4, 0xc1, 0x6d,
0x22, 0x3c, 0x7c, 0x46, 0xc6, 0xc4, 0x43, 0x86,
0x13, 0x9d, 0x22,
};
const char *ec_test_key =
"-----BEGIN EC PRIVATE KEY-----\n"
"MHcCAQEEIEDkF84aPdBNu4vbPE+QV3EP9ULp4Enr1N0lz4vzuc2boAoGCCqGSM49\n"
@ -121,6 +136,94 @@ unsigned char rsa_test_asn1_pubkey[] = {
0x87, 0x02, 0x03, 0x01, 0x00, 0x01,
};
const char dh_test_key[] =
"-----BEGIN PRIVATE KEY-----\n"
"MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBAIXmHiRswMxVCnVzq4GuaErl\n"
"2fBPDquOzFaxd/YSN7tVxnz3wcMNfBsHZWqtAXxTBWeyt8ydHcrIWx4EB3XTSwSi\n"
"Jqh3CEcFhDfqKdo/u7vffxG+43lEsvZZIzZHYMcYsHIpcERRoAu0xnqjHUQTkvoi\n"
"w7ukbuWr28bJrncPaxFGC8zZvLhSnUst5yzdyAsIddQvHgYBdCn2UEbz6qBx8gvJ\n"
"lb3Jv1BiVJJ0odL94vpNXRGNZ57PPm5Xlj/n8l8LHpzzxbtjc52MVYbMPpVuWzmv\n"
"2nWV0eL14708S/XG6e2AWGKb8AX8hCitdtVQ28SbEsf8Yd1dyWNo++oedFvU49sC\n"
"AQIEggEEAoIBAGywTP/vBwEeuWIgTPnBf1/jWQgfFA5no3HdRIQsHVgo2EEZHErS\n"
"X82hALavaUTEu+pHu+/yv3BLPr/8Lau6O7LOiqeXMjYX4HtSNmLZIEjugd1aCyCp\n"
"n+jZjIHQCG0fvnwWFqkKTADe4n4DUz5qxuHYmlFY4NsdMj5yARAh9mn7hqwYX+Mf\n"
"WhHLhHIHngXKNs7vKdHH/guo638uL6dv6OuTS0wbBsjLMFvQvccVlVUWlUFkH6I8\n"
"GFt8kAFLdrzz8+oMq3hHsoWIrDSp0GYq6keSu3pBj4q2mTP7ugUU8ag/dZnga5sB\n"
"Mdt2hicktiw/mQZP578plm6z2Lg0gl5yLxk=\n"
"-----END PRIVATE KEY-----\n";
const unsigned char dh_test_asn1_pubkey[] = {
0x30, 0x82, 0x02, 0x24, 0x30, 0x82, 0x01, 0x17,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x03, 0x01, 0x30, 0x82, 0x01, 0x08, 0x02,
0x82, 0x01, 0x01, 0x00, 0x85, 0xe6, 0x1e, 0x24,
0x6c, 0xc0, 0xcc, 0x55, 0x0a, 0x75, 0x73, 0xab,
0x81, 0xae, 0x68, 0x4a, 0xe5, 0xd9, 0xf0, 0x4f,
0x0e, 0xab, 0x8e, 0xcc, 0x56, 0xb1, 0x77, 0xf6,
0x12, 0x37, 0xbb, 0x55, 0xc6, 0x7c, 0xf7, 0xc1,
0xc3, 0x0d, 0x7c, 0x1b, 0x07, 0x65, 0x6a, 0xad,
0x01, 0x7c, 0x53, 0x05, 0x67, 0xb2, 0xb7, 0xcc,
0x9d, 0x1d, 0xca, 0xc8, 0x5b, 0x1e, 0x04, 0x07,
0x75, 0xd3, 0x4b, 0x04, 0xa2, 0x26, 0xa8, 0x77,
0x08, 0x47, 0x05, 0x84, 0x37, 0xea, 0x29, 0xda,
0x3f, 0xbb, 0xbb, 0xdf, 0x7f, 0x11, 0xbe, 0xe3,
0x79, 0x44, 0xb2, 0xf6, 0x59, 0x23, 0x36, 0x47,
0x60, 0xc7, 0x18, 0xb0, 0x72, 0x29, 0x70, 0x44,
0x51, 0xa0, 0x0b, 0xb4, 0xc6, 0x7a, 0xa3, 0x1d,
0x44, 0x13, 0x92, 0xfa, 0x22, 0xc3, 0xbb, 0xa4,
0x6e, 0xe5, 0xab, 0xdb, 0xc6, 0xc9, 0xae, 0x77,
0x0f, 0x6b, 0x11, 0x46, 0x0b, 0xcc, 0xd9, 0xbc,
0xb8, 0x52, 0x9d, 0x4b, 0x2d, 0xe7, 0x2c, 0xdd,
0xc8, 0x0b, 0x08, 0x75, 0xd4, 0x2f, 0x1e, 0x06,
0x01, 0x74, 0x29, 0xf6, 0x50, 0x46, 0xf3, 0xea,
0xa0, 0x71, 0xf2, 0x0b, 0xc9, 0x95, 0xbd, 0xc9,
0xbf, 0x50, 0x62, 0x54, 0x92, 0x74, 0xa1, 0xd2,
0xfd, 0xe2, 0xfa, 0x4d, 0x5d, 0x11, 0x8d, 0x67,
0x9e, 0xcf, 0x3e, 0x6e, 0x57, 0x96, 0x3f, 0xe7,
0xf2, 0x5f, 0x0b, 0x1e, 0x9c, 0xf3, 0xc5, 0xbb,
0x63, 0x73, 0x9d, 0x8c, 0x55, 0x86, 0xcc, 0x3e,
0x95, 0x6e, 0x5b, 0x39, 0xaf, 0xda, 0x75, 0x95,
0xd1, 0xe2, 0xf5, 0xe3, 0xbd, 0x3c, 0x4b, 0xf5,
0xc6, 0xe9, 0xed, 0x80, 0x58, 0x62, 0x9b, 0xf0,
0x05, 0xfc, 0x84, 0x28, 0xad, 0x76, 0xd5, 0x50,
0xdb, 0xc4, 0x9b, 0x12, 0xc7, 0xfc, 0x61, 0xdd,
0x5d, 0xc9, 0x63, 0x68, 0xfb, 0xea, 0x1e, 0x74,
0x5b, 0xd4, 0xe3, 0xdb, 0x02, 0x01, 0x02, 0x03,
0x82, 0x01, 0x05, 0x00, 0x02, 0x82, 0x01, 0x00,
0x44, 0x30, 0x25, 0xe2, 0xeb, 0x8f, 0xd0, 0x81,
0x96, 0x3e, 0x7d, 0x1d, 0x9b, 0x82, 0x8a, 0x2d,
0x0f, 0xb3, 0x2d, 0x9c, 0x2b, 0xb2, 0x88, 0xda,
0xc6, 0xef, 0x6c, 0x9d, 0x1c, 0x80, 0xf1, 0xee,
0x9d, 0x6b, 0x31, 0xb7, 0xb1, 0x9f, 0x30, 0x0d,
0xb7, 0x92, 0xcf, 0x56, 0xeb, 0xfc, 0x91, 0x16,
0x35, 0x96, 0x0c, 0x7b, 0x95, 0xbc, 0x65, 0x66,
0x10, 0x81, 0x4b, 0x46, 0x04, 0xee, 0x95, 0xca,
0xc9, 0x0c, 0xea, 0xc1, 0xd7, 0x3b, 0x83, 0xfb,
0xce, 0x76, 0x17, 0xb4, 0x15, 0xad, 0x03, 0xd0,
0x00, 0xef, 0xb2, 0xee, 0x12, 0x3f, 0x75, 0xd1,
0xb8, 0x6c, 0xfd, 0x87, 0xb5, 0x07, 0xfa, 0x1e,
0x60, 0x9b, 0x49, 0x6f, 0x89, 0xc2, 0x75, 0x4d,
0x7d, 0x21, 0xdb, 0xb6, 0x85, 0x78, 0xa5, 0x77,
0xbe, 0xeb, 0x4d, 0x9e, 0x1c, 0x05, 0xbc, 0x51,
0x97, 0x0f, 0xe9, 0x68, 0x78, 0x5a, 0xc8, 0x4e,
0xef, 0x72, 0x8f, 0x53, 0x41, 0x0d, 0x57, 0xf2,
0xc5, 0x29, 0x33, 0x67, 0xdd, 0x35, 0x43, 0xfc,
0x13, 0x49, 0x92, 0x1d, 0x14, 0x92, 0x40, 0x14,
0x38, 0x32, 0xdb, 0x14, 0x95, 0x44, 0x2a, 0x03,
0xb7, 0x87, 0xa3, 0x5a, 0x5a, 0xe2, 0x3b, 0xc5,
0x44, 0xa4, 0x06, 0xf6, 0x14, 0xe6, 0x08, 0x9c,
0x51, 0x09, 0x2a, 0xc4, 0x2e, 0x72, 0xb3, 0x20,
0x46, 0x77, 0xe2, 0xda, 0x07, 0xd8, 0x10, 0x89,
0xcf, 0x2b, 0xef, 0x67, 0xa2, 0x48, 0xfd, 0xa3,
0x71, 0x59, 0xf0, 0x89, 0x3a, 0x35, 0x31, 0x87,
0xad, 0x45, 0x9e, 0x35, 0xbd, 0x64, 0xec, 0xd1,
0xd7, 0xea, 0x92, 0xed, 0x72, 0x9c, 0x81, 0x8e,
0x11, 0x4e, 0xa5, 0xe7, 0x12, 0xe3, 0x7c, 0x53,
0x2b, 0x31, 0xd4, 0x3d, 0xd5, 0xd9, 0xbd, 0x44,
0x27, 0xa3, 0x4a, 0x3f, 0x20, 0x87, 0xce, 0x73,
0x0e, 0xa8, 0x90, 0xcd, 0xfe, 0x32, 0x69, 0x9a,
};
static void
hexdump(const unsigned char *buf, size_t len)
{
@ -152,6 +255,93 @@ compare_data(const char *label, const unsigned char *d1, size_t d1_len,
return 0;
}
static int
dh_pubkey_test(void)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY *pkey_a = NULL, *pkey_b = NULL;
unsigned char *out = NULL, *data = NULL;
DH *dh_a = NULL, *dh_b = NULL;
const unsigned char *p;
BIO *bio_mem = NULL;
int failure = 1;
int len;
ERR_clear_error();
if ((bio_mem = BIO_new_mem_buf(dh_test_key, -1)) == NULL)
errx(1, "failed to create BIO");
if ((pkey = PEM_read_bio_PrivateKey(bio_mem, NULL, NULL, NULL)) == NULL) {
ERR_print_errors_fp(stderr);
errx(1, "failed to decode DH key from PEM");
}
/*
* Test PEM_write_bio_PrivateKey().
*/
BIO_free_all(bio_mem);
if ((bio_mem = BIO_new(BIO_s_mem())) == NULL)
errx(1, "BIO_new failed for BIO_s_mem");
if (!PEM_write_bio_PrivateKey(bio_mem, pkey, NULL, NULL, 0, 0, NULL)) {
fprintf(stderr, "FAIL: PEM_write_bio_PrivateKey failed\n");
goto done;
}
len = BIO_get_mem_data(bio_mem, &data);
if (compare_data("DH PrivateKey", data, len,
dh_test_key, sizeof(dh_test_key) - 1) == -1)
goto done;
/*
* Test i2d_PUBKEY/d2i_PUBKEY.
*/
if ((dh_a = EVP_PKEY_get1_DH(pkey)) == NULL) {
ERR_print_errors_fp(stderr);
errx(1, "failed to get1 DH key from PEM");
}
if ((pkey_a = EVP_PKEY_new()) == NULL)
errx(1, "failed to create EVP_PKEY");
if (!EVP_PKEY_set1_DH(pkey_a, dh_a))
errx(1, "failed to set DH on EVP_PKEY");
if ((len = i2d_PUBKEY(pkey_a, &out)) < 0) {
fprintf(stderr, "FAIL: i2d_PUBKEY failed\n");
goto done;
}
if (compare_data("DH PUBKEY", out, len, dh_test_asn1_pubkey,
sizeof(dh_test_asn1_pubkey)) == -1)
goto done;
p = out;
if ((pkey_b = d2i_PUBKEY(NULL, &p, len)) == NULL) {
fprintf(stderr, "FAIL: d2i_PUBKEY failed\n");
goto done;
}
if (BN_cmp(DH_get0_pub_key(EVP_PKEY_get0_DH(pkey_a)),
DH_get0_pub_key(EVP_PKEY_get0_DH(pkey_b))) != 0) {
fprintf(stderr, "FAIL: DH public keys mismatch\n");
goto done;
}
failure = 0;
done:
BIO_free_all(bio_mem);
EVP_PKEY_free(pkey);
DH_free(dh_a);
DH_free(dh_b);
EVP_PKEY_free(pkey_a);
EVP_PKEY_free(pkey_b);
free(out);
return failure;
}
static int
dsa_pubkey_test(void)
{
@ -161,7 +351,7 @@ dsa_pubkey_test(void)
const unsigned char *p;
BIO *bio_mem = NULL;
int failure = 1;
int len;
int len, ret;
ERR_clear_error();
@ -201,6 +391,80 @@ dsa_pubkey_test(void)
goto done;
}
if (EVP_PKEY_missing_parameters(pkey_b)) {
fprintf(stderr, "FAIL: DSA pkey_b has missing parameters\n");
goto done;
}
if (!EVP_PKEY_cmp_parameters(pkey_a, pkey_b)) {
fprintf(stderr, "FAIL: DSA parameters mismatch\n");
goto done;
}
/*
* Check save_parameters defaults - EVP_PKEY_save_parameters() returns
* the current save_parameters; mode -1 inspects without setting.
*/
if ((ret = EVP_PKEY_save_parameters(pkey_b, 0)) != 1) {
fprintf(stderr, "FAIL: DSA save_parameters want 1, got %d\n", ret);
goto done;
}
if ((ret = EVP_PKEY_save_parameters(pkey_b, -1)) != 0) {
fprintf(stderr, "FAIL: DSA save_parameters want 0, got %d\n", ret);
goto done;
}
free(out);
out = NULL;
if ((len = i2d_PUBKEY(pkey_b, &out)) < 0) {
fprintf(stderr, "FAIL: i2d_PUBKEY (no params) failed\n");
goto done;
}
if (compare_data("PUBKEY (no params)", dsa_test_asn1_pubkey_noparams,
sizeof(dsa_test_asn1_pubkey_noparams), out, len) == -1)
goto done;
EVP_PKEY_free(pkey_b);
p = out;
if ((pkey_b = d2i_PUBKEY(NULL, &p, len)) == NULL) {
fprintf(stderr, "FAIL: d2i_PUBKEY (no params) failed\n");
goto done;
}
if (!EVP_PKEY_missing_parameters(pkey_b)) {
fprintf(stderr, "FAIL: DSA pkey_b has no missing parameters\n");
goto done;
}
if (BN_cmp(DSA_get0_pub_key(EVP_PKEY_get0_DSA(pkey_a)),
DSA_get0_pub_key(EVP_PKEY_get0_DSA(pkey_b))) != 0) {
fprintf(stderr, "FAIL: DSA public keys mismatch\n");
goto done;
}
if (EVP_PKEY_cmp_parameters(pkey_a, pkey_b)) {
fprintf(stderr, "FAIL: DSA parameters match\n");
goto done;
}
if (EVP_PKEY_cmp(pkey_a, pkey_b)) {
fprintf(stderr, "FAIL: DSA keys should not match\n");
goto done;
}
if (!EVP_PKEY_copy_parameters(pkey_b, pkey_a)) {
fprintf(stderr, "FAIL: failed to copy DSA parameters\n");
goto done;
}
if (!EVP_PKEY_cmp(pkey_a, pkey_b)) {
fprintf(stderr, "FAIL: DSA keys should match\n");
goto done;
}
free(out);
out = NULL;
@ -569,6 +833,7 @@ main(int argc, char **argv)
ERR_load_crypto_strings();
failed |= dh_pubkey_test();
failed |= dsa_pubkey_test();
failed |= ec_pubkey_test();
failed |= rsa_pubkey_test();

55
regress/lib/libcrypto/dh/dhtest.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dhtest.c,v 1.8 2023/07/28 13:05:59 tb Exp $ */
/* $OpenBSD: dhtest.c,v 1.12 2023/08/12 06:30:43 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -96,62 +96,69 @@ int
main(int argc, char *argv[])
{
BN_GENCB *_cb;
DH *a = NULL;
unsigned char *abuf = NULL;
int i, alen, aout;
DH *dh = NULL;
unsigned char *buf = NULL;
int i, buf_len, secret_len;
int ret = 1;
if ((_cb = BN_GENCB_new()) == NULL)
err(1, "BN_GENCB_new");
BN_GENCB_set(_cb, &cb, NULL);
if ((a = DH_new()) == NULL)
if ((dh = DH_new()) == NULL)
goto err;
if (!DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb))
#ifdef OPENSSL_NO_ENGINE
if (DH_get0_engine(dh) != NULL) {
fprintf(stderr, "ENGINE was not NULL\n");
goto err;
}
#endif
if (!DH_generate_parameters_ex(dh, 64, DH_GENERATOR_5, _cb))
goto err;
if (!DH_check(a, &i))
if (!DH_check(dh, &i))
goto err;
if (i & DH_CHECK_P_NOT_PRIME)
puts("p value is not prime\n");
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
puts("p value is not a safe prime\n");
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
puts("unable to check the generator value\n");
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
puts("the g value is not a generator\n");
printf("the g value is not a generator\n");
printf("\np = ");
if (!BN_print_fp(stdout, DH_get0_p(a)))
if (!BN_print_fp(stdout, DH_get0_p(dh)))
goto err;
printf("\ng = ");
if (!BN_print_fp(stdout, DH_get0_g(a)))
if (!BN_print_fp(stdout, DH_get0_g(dh)))
goto err;
printf("\n");
if (!DH_generate_key(a))
if (!DH_generate_key(dh))
goto err;
printf("pri1 = ");
if (!BN_print_fp(stdout, DH_get0_priv_key(a)))
if (!BN_print_fp(stdout, DH_get0_priv_key(dh)))
goto err;
printf("\npub1 = ");
if (!BN_print_fp(stdout, DH_get0_pub_key(a)))
if (!BN_print_fp(stdout, DH_get0_pub_key(dh)))
goto err;
printf("\n");
alen = DH_size(a);
if ((abuf = malloc(alen)) == NULL)
buf_len = DH_size(dh);
if ((buf = malloc(buf_len)) == NULL)
err(1, "malloc");
aout = DH_compute_key(abuf, DH_get0_pub_key(a), a);
secret_len = DH_compute_key(buf, DH_get0_pub_key(dh), dh);
printf("key1 = ");
for (i = 0; i < aout; i++) {
printf("%02X", abuf[i]);
for (i = 0; i < secret_len; i++) {
printf("%02X", buf[i]);
}
printf("\n");
if (aout < 4) {
if (secret_len < 4) {
fprintf(stderr, "Error in DH routines\n");
goto err;
}
@ -160,8 +167,8 @@ main(int argc, char *argv[])
err:
ERR_print_errors_fp(stderr);
free(abuf);
DH_free(a);
free(buf);
DH_free(dh);
BN_GENCB_free(_cb);
return (ret);

9
regress/lib/libcrypto/dsa/dsatest.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dsatest.c,v 1.7 2022/01/12 08:59:56 tb Exp $ */
/* $OpenBSD: dsatest.c,v 1.8 2023/08/12 06:23:59 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -143,6 +143,13 @@ main(int argc, char **argv)
if ((dsa = DSA_new()) == NULL)
goto end;
#ifdef OPENSSL_NO_ENGINE
if (DSA_get0_engine(dsa) != NULL) {
BIO_printf(bio_err, "ENGINE was not NULL\n");
goto end;
}
#endif
if (!DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, cb))
goto end;

11
regress/lib/libcrypto/man/check_complete.pl
View file

@ -30,6 +30,10 @@ my %internal = (
BN_MASK2 BN_MASK2h BN_MASK2h1 BN_MASK2l
BN_TBIT BN_ULLONG
)],
evp => [qw(
EVP_MD_CTRL_ALG_CTRL
EVP_MD_CTX_FLAG_CLEANED EVP_MD_CTX_FLAG_REUSE
)],
objects => [qw(
OBJ_bsearch_ OBJ_bsearch_ex_
)],
@ -61,6 +65,11 @@ my %obsolete = (
bn => [qw(
BN_HEX_FMT1 BN_HEX_FMT2 BN_MASK
)],
evp => [qw(
EVP_MD_CTRL_DIGALGID
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW EVP_MD_CTX_FLAG_PAD_MASK
EVP_MD_CTX_FLAG_PAD_PKCS1 EVP_MD_CTX_FLAG_PAD_PSS
)],
);
my %postponed = (
@ -267,7 +276,7 @@ try_again:
print "D- $line\n" if $verbose;
next;
}
if ($id =~ /^(?:ASN1|BIO|BN|X509(?:V3)?)_[FR]_\w+$/) {
if ($id =~ /^(?:ASN1|BIO|BN|EVP|X509(?:V3)?)_[FR]_\w+$/) {
print "D- $line\n" if $verbose;
next;
}

4
regress/lib/libm/Makefile
View file

@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.15 2019/02/21 16:14:45 bluhm Exp $
# $OpenBSD: Makefile,v 1.16 2023/08/13 07:02:36 miod Exp $
SUBDIR+= exp fenv floor fpaccuracy lgamma nextafter msun rint round \
SUBDIR+= exp fenv floor fpaccuracy lgamma modf msun nextafter rint round \
tgamma toint trivial1
.if defined(REGRESS_FULL) || make(clean) || make(cleandir) || make(obj)

5
regress/lib/libm/modf/Makefile Normal file
View file

@ -0,0 +1,5 @@
PROG=modf_test
LDADD+= -lm
DPADD+= ${LIBM}
.include <bsd.regress.mk>

71
regress/lib/libm/modf/modf_test.c Normal file
View file

@ -0,0 +1,71 @@
/* $OpenBSD: modf_test.c,v 1.1 2023/08/13 07:02:36 miod Exp $ */
/*
* Written by Willemijn Coene. Public domain
*/
#include <assert.h>
#include <math.h>
void
modff_infnan(void)
{
float f, i;
f = modff(__builtin_inff(), &i);
assert(isinf(i));
assert(signbit(i) == 0);
assert(f == 0.0f);
f = modff(-__builtin_inff(), &i);
assert(isinf(i));
assert(signbit(i) != 0);
assert(f == -0.0f);
f = modff(NAN, &i);
assert(isnan(i));
assert(signbit(i) == 0);
assert(isnan(f));
assert(signbit(f) == 0);
f = modff(-NAN, &i);
assert(isnan(i));
assert(signbit(i) != 0);
assert(isnan(f));
assert(signbit(f) != 0);
}
void
modfl_infnan(void)
{
long double f, i;
f = modfl(__builtin_infl(), &i);
assert(isinf(i));
assert(signbit(i) == 0);
assert(f == 0.0L);
f = modfl(-__builtin_infl(), &i);
assert(isinf(i));
assert(signbit(i) != 0);
assert(f == -0.0L);
f = modfl(NAN, &i);
assert(isnan(i));
assert(signbit(i) == 0);
assert(isnan(f));
assert(signbit(f) == 0);
f = modfl(-NAN, &i);
assert(isnan(i));
assert(signbit(i) != 0);
assert(isnan(f));
assert(signbit(f) != 0);
}
int
main(void)
{
modff_infnan();
modfl_infnan();
}

12
regress/lib/libm/msun/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.12 2022/05/20 20:08:43 mbuhl Exp $
# $OpenBSD: Makefile,v 1.13 2023/08/14 09:26:37 anton Exp $
# Copyright (c) 2021 Moritz Buhl <mbuhl@openbsd.org>
#
@ -50,7 +50,7 @@ FAILING = run-cexp_test-{2,3,4} run-csqrt_test-{1,2,3} \
run-ctrig_test-{2,3,4,6} run-fma_test-7 \
run-invctrig_test-{1,2,3,4} run-invtrig_test-{1,2,3,5,6} \
run-logarithm_test-1 run-lround_test-1 run-nan_test-1 \
run-nearbyint_test-1 run-next_test-5 run-rem_test-3
run-next_test-5 run-rem_test-3
. if ${MACHINE} == amd64
FAILING+= run-cexp_test-{1,7}
@ -66,6 +66,7 @@ FAILING+= run-fma_test-{1,2,4,5,6,7}
FAILING+= run-invtrig_test-7
FAILING+= run-logarithm_test-5
FAILING+= run-lrint_test-1
FAILING+= run-nearbyint_test-1
FAILING+= run-next_test-{1,2,4}
FAILING+= run-rem_test-{1,2}
FAILING+= run-trig_test-1
@ -75,6 +76,7 @@ FAILING+= run-ctrig_test-{1,5}
FAILING+= run-exponential_test-1
FAILING+= run-invtrig_test-7
FAILING+= run-lrint_test-1
FAILING+= run-nearbyint_test-1
FAILING+= run-trig_test-1
. elif ${MACHINE} == i386
FAILING+= run-cexp_test-{1,7}
@ -83,12 +85,14 @@ FAILING+= run-fma_test-{1,6}
FAILING+= run-invtrig_test-4
FAILING+= run-logarithm_test-3
FAILING+= run-lrint_test-1
FAILING+= run-nearbyint_test-1
FAILING+= run-next_test-{1,2,4}
. elif ${MACHINE} == powerpc64
FAILING+= run-cexp_test-7
FAILING+= run-ctrig_test-{1,5}
FAILING+= run-exponential_test-1
FAILING+= run-invtrig_test-7
FAILING+= run-nearbyint_test-1
. elif ${MACHINE} == macppc
FAILING+= run-cexp_test-7
FAILING+= run-ctrig_test-{1,5}
@ -97,6 +101,7 @@ FAILING+= run-fenv_test-{7,8}
FAILING+= run-invtrig_test-7
FAILING+= run-logarithm_test-3
FAILING+= run-lrint_test-1
FAILING+= run-nearbyint_test-1
. elif ${MACHINE} == sparc64
FAILING+= run-ctrig_test-5
FAILING+= run-exponential_test-1
@ -104,6 +109,7 @@ FAILING+= run-fma_test-{1,2,4,5,6}
FAILING+= run-invtrig_test-{4,7}
FAILING+= run-logarithm_test-5
FAILING+= run-lrint_test-1
FAILING+= run-nearbyint_test-1
FAILING+= run-next_test-{1,2,4}
FAILING+= run-rem_test-{1,2}
FAILING+= run-trig_test-{1,2}
@ -115,6 +121,7 @@ FAILING+= run-fma_test-{1,2,3,4,5,6}
FAILING+= run-invtrig_test-{4,7}
FAILING+= run-logarithm_test-5
FAILING+= run-lrint_test-1
FAILING+= run-nearbyint_test-1
FAILING+= run-next_test-{1,2,3,4}
FAILING+= run-rem_test-{1,2}
FAILING+= run-trig_test-{1,2}
@ -127,6 +134,7 @@ FAILING+= run-ilogb_test-3
FAILING+= run-invtrig_test-{4,7}
FAILING+= run-logarithm_test-5
FAILING+= run-lrint_test-1
FAILING+= run-nearbyint_test-1
FAILING+= run-next_test-{1,2,4}
FAILING+= run-rem_test-{1,2}
FAILING+= run-trig_test-{1,2}

6
regress/lib/libssl/ssl/ssltest.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssltest.c,v 1.42 2023/07/27 07:08:09 tb Exp $ */
/* $OpenBSD: ssltest.c,v 1.43 2023/08/15 11:20:57 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -281,8 +281,8 @@ verify_alpn(SSL *client, SSL *server)
free(alpn_selected);
alpn_selected = NULL;
if (client_proto_len != server_proto_len ||
memcmp(client_proto, server_proto, client_proto_len) != 0) {
if (client_proto_len != server_proto_len || (client_proto_len > 0 &&
memcmp(client_proto, server_proto, client_proto_len) != 0)) {
BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
goto err;
}

16
regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
View file

@ -1,4 +1,4 @@
# $OpenBSD: tlsfuzzer.py,v 1.51 2023/08/03 20:13:12 tb Exp $
# $OpenBSD: tlsfuzzer.py,v 1.52 2023/08/14 18:10:42 tb Exp $
#
# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
#
@ -370,7 +370,6 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
Test("test-message-skipping.py"),
Test("test-no-heartbeat.py"),
Test("test-record-layer-fragmentation.py"),
Test("test-sessionID-resumption.py"),
Test("test-sslv2-connection.py"),
Test("test-truncating-of-finished.py"),
Test("test-truncating-of-kRSA-client-key-exchange.py"),
@ -388,7 +387,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
Test(
"test-ccs.py", [
"-x", "two bytes long CCS",
"-X", "does not match received \"decode_error\"",
"-X", substitute_alert("unexpected_message", "decode_error"),
]
),
Test(
@ -439,6 +438,11 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
"-e", "drop extended_master_secret in renegotiation",
]),
Test("test-sessionID-resumption.py", [
"-x", "Client Hello too long session ID",
"-X", substitute_alert("decode_error", "illegal_parameter"),
]),
# Without --sig-algs-drop-ok, two tests fail since we do not currently
# implement the signature_algorithms_cert extension (although we MUST).
Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
@ -558,6 +562,12 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
# 'resumption with cipher from old CH but not selected by server'
Test("test-resumption-with-wrong-ciphers.py"),
# 'session resumption with empty session_id'
# 'session resumption with random session_id'
# 'session resumption with renegotiation'
# AssertionError: Server did not send extension(s): session_ticket
Test("test-session-ticket-resumption.py"),
# 5 failures:
# 'empty sigalgs'
# 'only undefined sigalgs'

4
regress/libexec/ld.so/Makefile
View file

@ -1,10 +1,10 @@
# $OpenBSD: Makefile,v 1.19 2022/08/20 14:13:48 sthen Exp $
# $OpenBSD: Makefile,v 1.20 2023/08/12 13:43:22 gnezdo Exp $
SUBDIR+= elf hidden weak dlsym dlopen dlclose lazy
SUBDIR+= constructor
SUBDIR+= link-order edgecases initfirst
SUBDIR+= df_1_noopen randomdata subst dependencies
SUBDIR+= init-env nodelete noload
SUBDIR+= init-env nodelete noload ldd
install:

16
regress/libexec/ld.so/ldd/Makefile Normal file
View file

@ -0,0 +1,16 @@
# $OpenBSD: Makefile,v 1.2 2023/08/13 18:34:49 anton Exp $
REGRESS_TARGETS+= empty
REGRESS_TARGETS+= short
CLEANFILES+= *.in *.out
empty:
: >$@.in
ldd $@.in 2>&1 | tee $@.out | grep -q 'incomplete ELF header'
short:
dd if=/usr/bin/ldd of=$@.in count=128 bs=1 status=none
ldd $@.in 2>&1 | tee $@.out | grep -q 'incomplete program header'
.include <bsd.regress.mk>

161
regress/sys/kern/kqueue/kqueue-timer.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kqueue-timer.c,v 1.4 2021/06/12 13:30:14 visa Exp $ */
/* $OpenBSD: kqueue-timer.c,v 1.5 2023/08/13 08:29:28 visa Exp $ */
/*
* Copyright (c) 2015 Bret Stephen Lambert <blambert@openbsd.org>
*
@ -22,6 +22,7 @@
#include <err.h>
#include <errno.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
@ -31,9 +32,13 @@
int
do_timer(void)
{
int kq, n;
static const int units[] = {
NOTE_SECONDS, NOTE_MSECONDS, NOTE_USECONDS, NOTE_NSECONDS
};
struct kevent ev;
struct timespec ts;
struct timespec ts, start, end, now;
int64_t usecs;
int i, kq, n;
ASS((kq = kqueue()) >= 0,
warn("kqueue"));
@ -68,6 +73,125 @@ do_timer(void)
n = kevent(kq, NULL, 0, &ev, 1, &ts);
ASSX(n == 1);
/* Test with different time units */
for (i = 0; i < sizeof(units) / sizeof(units[0]); i++) {
memset(&ev, 0, sizeof(ev));
ev.filter = EVFILT_TIMER;
ev.flags = EV_ADD | EV_ENABLE;
ev.fflags = units[i];
ev.data = 1;
n = kevent(kq, &ev, 1, NULL, 0, NULL);
ASSX(n != -1);
ts.tv_sec = 2; /* wait 2s for kqueue timeout */
ts.tv_nsec = 0;
n = kevent(kq, NULL, 0, &ev, 1, &ts);
ASSX(n == 1);
/* Delete timer to clear EV_CLEAR */
memset(&ev, 0, sizeof(ev));
ev.filter = EVFILT_TIMER;
ev.flags = EV_DELETE;
n = kevent(kq, &ev, 1, NULL, 0, NULL);
ASSX(n != -1);
/* Test with NOTE_ABSTIME, deadline in the future */
clock_gettime(CLOCK_MONOTONIC, &start);
clock_gettime(CLOCK_REALTIME, &now);
memset(&ev, 0, sizeof(ev));
ev.filter = EVFILT_TIMER;
ev.flags = EV_ADD | EV_ENABLE;
ev.fflags = NOTE_ABSTIME | units[i];
switch (units[i]) {
case NOTE_SECONDS:
ev.data = now.tv_sec + 1;
break;
case NOTE_MSECONDS:
ev.data = now.tv_sec * 1000 + now.tv_nsec / 1000000
+ 100;
break;
case NOTE_USECONDS:
ev.data = now.tv_sec * 1000000 + now.tv_nsec / 1000
+ 100 * 1000;
break;
case NOTE_NSECONDS:
ev.data = now.tv_sec * 1000000000 + now.tv_nsec
+ 100 * 1000000;
break;
}
n = kevent(kq, &ev, 1, NULL, 0, NULL);
ASSX(n != -1);
ts.tv_sec = 2; /* wait 2s for kqueue timeout */
ts.tv_nsec = 0;
n = kevent(kq, NULL, 0, &ev, 1, &ts);
ASSX(n == 1);
clock_gettime(CLOCK_MONOTONIC, &end);
timespecsub(&end, &start, &ts);
usecs = ts.tv_sec * 1000000 + ts.tv_nsec / 1000;
ASSX(usecs > 0);
ASSX(usecs < 1500000); /* allow wide margin */
/* Test with NOTE_ABSTIME, deadline in the past. */
clock_gettime(CLOCK_MONOTONIC, &start);
memset(&ev, 0, sizeof(ev));
ev.filter = EVFILT_TIMER;
ev.flags = EV_ADD | EV_ENABLE;
ev.fflags = NOTE_ABSTIME | units[i];
clock_gettime(CLOCK_REALTIME, &now);
switch (units[i]) {
case NOTE_SECONDS:
ev.data = now.tv_sec - 1;
break;
case NOTE_MSECONDS:
ev.data = now.tv_sec * 1000 + now.tv_nsec / 1000000
- 100;
break;
case NOTE_USECONDS:
ev.data = now.tv_sec * 1000000 + now.tv_nsec / 1000
- 100 * 1000;
break;
case NOTE_NSECONDS:
ev.data = now.tv_sec * 1000000000 + now.tv_nsec
- 100 * 1000000;
break;
}
n = kevent(kq, &ev, 1, NULL, 0, NULL);
ASSX(n != -1);
n = kevent(kq, NULL, 0, &ev, 1, &ts);
ASSX(n == 1);
clock_gettime(CLOCK_MONOTONIC, &end);
timespecsub(&end, &start, &ts);
usecs = ts.tv_sec * 1000000 + ts.tv_nsec / 1000;
ASSX(usecs > 0);
ASSX(usecs < 100000); /* allow wide margin */
/* Test that the event remains active */
ts.tv_sec = 2; /* wait 2s for kqueue timeout */
ts.tv_nsec = 0;
n = kevent(kq, NULL, 0, &ev, 1, &ts);
ASSX(n == 1);
}
return (0);
}
@ -96,6 +220,37 @@ do_invalid_timer(void)
(long long)invalid_ts[i].tv_sec, invalid_ts[i].tv_nsec));
}
/* Test invalid fflags */
memset(&ev, 0, sizeof(ev));
ev.filter = EVFILT_TIMER;
ev.flags = EV_ADD | EV_ENABLE;
ev.fflags = ~NOTE_SECONDS;
ev.data = 1;
n = kevent(kq, &ev, 1, NULL, 0, NULL);
ASSX(n == -1 && errno == EINVAL);
memset(&ev, 0, sizeof(ev));
ev.filter = EVFILT_TIMER;
ev.flags = EV_ADD | EV_ENABLE;
ev.fflags = NOTE_MSECONDS;
ev.data = 500;
n = kevent(kq, &ev, 1, NULL, 0, NULL);
ASSX(n == 0);
/* Modify the existing timer */
memset(&ev, 0, sizeof(ev));
ev.filter = EVFILT_TIMER;
ev.flags = EV_ADD | EV_ENABLE;
ev.fflags = ~NOTE_SECONDS;
ev.data = 1;
n = kevent(kq, &ev, 1, NULL, 0, NULL);
ASSX(n == -1 && errno == EINVAL);
return (0);
}

4
regress/sys/kern/mount/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.8 2020/12/16 23:10:48 bluhm Exp $
# $OpenBSD: Makefile,v 1.9 2023/08/14 12:03:12 miod Exp $
# This regress test uses a vnd device to run mount and unmount.
# All tests have to be run as root.
@ -75,7 +75,7 @@ run-unmount-busy: mount
run-readonly-busy run-readonly-dangling:
# Remounting a file system read-only that has dangling vnodes fails
# currently. It is marked as clean but has unreferneced files.
# currently. It is marked as clean but has unreferenced files.
@echo DISABLED
# Create a 1 GB vnd partition and fill the ffs file system it with

4
regress/sys/net/pf_table/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.4 2023/08/10 16:44:04 sashan Exp $
# $OpenBSD: Makefile,v 1.5 2023/08/13 21:21:53 sashan Exp $
REGRESS_TARGETS= hit miss cleanup flags
CLEANFILES= stamp-* \
@ -13,7 +13,7 @@ CLEANFILES= stamp-* \
stamp-setup:
${SUDO} pfctl -a regress/ttest -Fa
${SUDO} pfctl -q -a regress/ttest -Fa || exit 0
${SUDO} pfctl -qt __regress_tbl -T add -f ${.CURDIR}/table.in
date >$@

2
regress/usr.sbin/bgpd/config/bgpd.conf.14.ok
View file

@ -12,7 +12,7 @@ aspa-set {
customer-as 1 provider-as { 2 3 4 5 6 }
customer-as 2 expires 1668181648 provider-as { 3 4 }
customer-as 3 provider-as { 5 }
customer-as 5 provider-as { 1 2 inet 7 inet6 }
customer-as 5 provider-as { 1 2 7 }
customer-as 17 provider-as { 12 }
customer-as 41 provider-as { 2 }
customer-as 42 expires 12345 provider-as { 3 4 }

239
regress/usr.sbin/bgpd/unittests/rde_aspa_test.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rde_aspa_test.c,v 1.4 2023/01/24 11:31:13 claudio Exp $ */
/* $OpenBSD: rde_aspa_test.c,v 1.5 2023/08/16 08:29:41 claudio Exp $ */
/*
* Copyright (c) 2022 Claudio Jeker <claudio@openbsd.org>
@ -32,7 +32,6 @@ struct aspa_test_set {
uint32_t customeras;
const uint32_t *providers;
uint32_t pascnt;
const uint32_t *afimasks;
};
struct cp_test {
@ -56,118 +55,115 @@ struct aspa_test {
struct aspa_test_set testset[] = {
/* test vectors from github.com/benmaddison/aspa-fuzz */
{ 1, (const uint32_t []){ 4, 5, 6 }, 3, NULL },
{ 2, (const uint32_t []){ 10, 11 }, 2, NULL },
{ 3, (const uint32_t []){ 1, 13, 14 }, 3, NULL },
{ 4, (const uint32_t []){ 16, 24 }, 2, NULL },
{ 5, (const uint32_t []){ 1, 17, 25 }, 3, NULL },
{ 8, (const uint32_t []){ 0 }, 1, NULL },
{ 9, (const uint32_t []){ 2 }, 1, NULL },
{ 10, (const uint32_t []){ 0 }, 1, NULL },
{ 11, (const uint32_t []){ 2 }, 1, NULL },
{ 12, (const uint32_t []){ 3 }, 1, NULL },
{ 13, (const uint32_t []){ 0 }, 1, NULL },
{ 14, (const uint32_t []){ 3, 25 }, 2, NULL },
{ 15, (const uint32_t []){ 4 }, 1, NULL },
{ 16, (const uint32_t []){ 4 }, 1, NULL },
{ 17, (const uint32_t []){ 5 }, 1, NULL },
{ 18, (const uint32_t []){ 6 }, 1, NULL },
{ 20, (const uint32_t []){ 19 }, 1, NULL },
{ 21, (const uint32_t []){ 0 }, 1, NULL },
{ 23, (const uint32_t []){ 22 }, 1, NULL },
{ 24, (const uint32_t []){ 0 }, 1, NULL },
{ 25, (const uint32_t []){ 0 }, 1, NULL },
{ 26, (const uint32_t []){ 5 }, 1, NULL },
{ 27, (const uint32_t []){ 14 }, 1, NULL },
{ 1, (const uint32_t []){ 4, 5, 6 }, 3 },
{ 2, (const uint32_t []){ 10, 11 }, 2 },
{ 3, (const uint32_t []){ 1, 13, 14 }, 3 },
{ 4, (const uint32_t []){ 16, 24 }, 2 },
{ 5, (const uint32_t []){ 1, 17, 25 }, 3 },
{ 8, (const uint32_t []){ 0 }, 1 },
{ 9, (const uint32_t []){ 2 }, 1 },
{ 10, (const uint32_t []){ 0 }, 1 },
{ 11, (const uint32_t []){ 2 }, 1 },
{ 12, (const uint32_t []){ 3 }, 1 },
{ 13, (const uint32_t []){ 0 }, 1 },
{ 14, (const uint32_t []){ 3, 25 }, 2 },
{ 15, (const uint32_t []){ 4 }, 1 },
{ 16, (const uint32_t []){ 4 }, 1 },
{ 17, (const uint32_t []){ 5 }, 1 },
{ 18, (const uint32_t []){ 6 }, 1 },
{ 20, (const uint32_t []){ 19 }, 1 },
{ 21, (const uint32_t []){ 0 }, 1 },
{ 23, (const uint32_t []){ 22 }, 1 },
{ 24, (const uint32_t []){ 0 }, 1 },
{ 25, (const uint32_t []){ 0 }, 1 },
{ 26, (const uint32_t []){ 5 }, 1 },
{ 27, (const uint32_t []){ 14 }, 1 },
/* tests to simulate slides-110-sidrops-sriram-aspa-alg-accuracy-01 */
{ 101, (const uint32_t []){ 102 }, 1, NULL },
{ 102, (const uint32_t []){ 103, 104, 105 }, 3, NULL },
{ 103, (const uint32_t []){ 111, 112, 203 }, 3, NULL },
{ 101, (const uint32_t []){ 102 }, 1 },
{ 102, (const uint32_t []){ 103, 104, 105 }, 3 },
{ 103, (const uint32_t []){ 111, 112, 203 }, 3 },
/* 104 no ASPA */
{ 105, (const uint32_t []){ 0 }, 1, NULL },
{ 105, (const uint32_t []){ 0 }, 1 },
/* 111 no ASPA */
{ 112, (const uint32_t []){ 0 }, 1, NULL },
{ 113, (const uint32_t []){ 104, 105, 204, 205 }, 4, NULL },
{ 112, (const uint32_t []){ 0 }, 1 },
{ 113, (const uint32_t []){ 104, 105, 204, 205 }, 4 },
{ 121, (const uint32_t []){ 131, 132, 133 }, 3, NULL },
{ 123, (const uint32_t []){ 0 }, 1, NULL },
{ 131, (const uint32_t []){ 121, 122, 123 }, 3, NULL },
{ 133, (const uint32_t []){ 0 }, 1, NULL },
{ 121, (const uint32_t []){ 131, 132, 133 }, 3 },
{ 123, (const uint32_t []){ 0 }, 1 },
{ 131, (const uint32_t []){ 121, 122, 123 }, 3 },
{ 133, (const uint32_t []){ 0 }, 1 },
{ 201, (const uint32_t []){ 202 }, 1, NULL },
{ 202, (const uint32_t []){ 203, 204, 205 }, 3, NULL },
{ 203, (const uint32_t []){ 103, 111, 112 }, 3, NULL },
{ 201, (const uint32_t []){ 202 }, 1 },
{ 202, (const uint32_t []){ 203, 204, 205 }, 3 },
{ 203, (const uint32_t []){ 103, 111, 112 }, 3 },
/* 204 no ASPA */
{ 205, (const uint32_t []){ 0 }, 1, NULL },
{ 205, (const uint32_t []){ 0 }, 1 },
/* extra test for big table test */
{ 65000, (const uint32_t []){
3, 5, 10, 15, 20, 21, 22, 23, 24, 25,
30, 35, 40, 45, 50, 51, 52, 53, 54, 55,
60, 65, 70, 75, 80, 81, 82, 83, 87, 90 }, 30, NULL },
/* extra test for AFI check */
{ 196618, (const uint32_t []){ 1, 2, 3, 4 }, 4,
(const uint32_t []){ 0xf9 }},
60, 65, 70, 75, 80, 81, 82, 83, 87, 90 }, 30 },
{ 196618, (const uint32_t []){ 1, 2, 3, 4 }, 4 },
};
struct cp_test cp_testset[] = {
{ 6, 1, CP(UNKNOWN, UNKNOWN) },
{ 42, 1, CP(UNKNOWN, UNKNOWN) },
{ 6, 1, UNKNOWN },
{ 42, 1, UNKNOWN },
{ 1, 2, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 1, 3, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 1, 7, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 5, 2, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 5, 16, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 5, 18, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 5, 24, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 5, 26, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 8, 2, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 9, 5, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 27, 13, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 27, 15, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 1, 2, NOT_PROVIDER },
{ 1, 3, NOT_PROVIDER },
{ 1, 7, NOT_PROVIDER },
{ 5, 2, NOT_PROVIDER },
{ 5, 16, NOT_PROVIDER },
{ 5, 18, NOT_PROVIDER },
{ 5, 24, NOT_PROVIDER },
{ 5, 26, NOT_PROVIDER },
{ 8, 2, NOT_PROVIDER },
{ 9, 5, NOT_PROVIDER },
{ 27, 13, NOT_PROVIDER },
{ 27, 15, NOT_PROVIDER },
{ 1, 4, CP(PROVIDER, PROVIDER) },
{ 1, 5, CP(PROVIDER, PROVIDER) },
{ 1, 6, CP(PROVIDER, PROVIDER) },
{ 2, 10, CP(PROVIDER, PROVIDER) },
{ 2, 11, CP(PROVIDER, PROVIDER) },
{ 9, 2, CP(PROVIDER, PROVIDER) },
{ 27, 14, CP(PROVIDER, PROVIDER) },
{ 1, 4, PROVIDER },
{ 1, 5, PROVIDER },
{ 1, 6, PROVIDER },
{ 2, 10, PROVIDER },
{ 2, 11, PROVIDER },
{ 9, 2, PROVIDER },
{ 27, 14, PROVIDER },
/* per AID tests */
{ 196618, 1, CP(PROVIDER, NOT_PROVIDER) },
{ 196618, 2, CP(NOT_PROVIDER, PROVIDER) },
{ 196618, 3, CP(PROVIDER, PROVIDER) },
{ 196618, 4, CP(PROVIDER, PROVIDER) },
{ 196618, 5, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 196618, 1, PROVIDER },
{ 196618, 2, PROVIDER },
{ 196618, 3, PROVIDER },
{ 196618, 4, PROVIDER },
{ 196618, 5, NOT_PROVIDER },
/* big provider set test */
{ 65000, 1, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 2, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 3, CP(PROVIDER, PROVIDER) },
{ 65000, 4, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 5, CP(PROVIDER, PROVIDER) },
{ 65000, 15, CP(PROVIDER, PROVIDER) },
{ 65000, 19, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 20, CP(PROVIDER, PROVIDER) },
{ 65000, 21, CP(PROVIDER, PROVIDER) },
{ 65000, 22, CP(PROVIDER, PROVIDER) },
{ 65000, 23, CP(PROVIDER, PROVIDER) },
{ 65000, 24, CP(PROVIDER, PROVIDER) },
{ 65000, 25, CP(PROVIDER, PROVIDER) },
{ 65000, 26, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 85, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 86, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 87, CP(PROVIDER, PROVIDER) },
{ 65000, 88, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 89, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 90, CP(PROVIDER, PROVIDER) },
{ 65000, 91, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 92, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 6666, CP(NOT_PROVIDER, NOT_PROVIDER) },
{ 65000, 1, NOT_PROVIDER },
{ 65000, 2, NOT_PROVIDER },
{ 65000, 3, PROVIDER },
{ 65000, 4, NOT_PROVIDER },
{ 65000, 5, PROVIDER },
{ 65000, 15, PROVIDER },
{ 65000, 19, NOT_PROVIDER },
{ 65000, 20, PROVIDER },
{ 65000, 21, PROVIDER },
{ 65000, 22, PROVIDER },
{ 65000, 23, PROVIDER },
{ 65000, 24, PROVIDER },
{ 65000, 25, PROVIDER },
{ 65000, 26, NOT_PROVIDER },
{ 65000, 85, NOT_PROVIDER },
{ 65000, 86, NOT_PROVIDER },
{ 65000, 87, PROVIDER },
{ 65000, 88, NOT_PROVIDER },
{ 65000, 89, NOT_PROVIDER },
{ 65000, 90, PROVIDER },
{ 65000, 91, NOT_PROVIDER },
{ 65000, 92, NOT_PROVIDER },
{ 65000, 6666, NOT_PROVIDER },
};
struct aspath_test aspath_testset[] = {
@ -379,19 +375,14 @@ load_test_set(struct aspa_test_set *testv, uint32_t numentries)
size_t data_size = 0;
uint32_t i;
for (i = 0; i < numentries; i++) {
for (i = 0; i < numentries; i++)
data_size += testv[i].pascnt * sizeof(uint32_t);
if (testv[i].afimasks)
data_size += (testv[i].pascnt * 2 + 31) / 8;
}
aspa = aspa_table_prep(numentries, data_size);
for (i = numentries; i > 0; i--) {
for (i = numentries; i > 0; i--)
aspa_add_set(aspa, testv[i - 1].customeras,
testv[i - 1].providers, testv[i - 1].pascnt,
testv[i - 1].afimasks);
}
testv[i - 1].providers, testv[i - 1].pascnt);
return aspa;
}
@ -399,16 +390,10 @@ load_test_set(struct aspa_test_set *testv, uint32_t numentries)
static uint8_t
vstate_for_role(struct rde_aspa_state *vstate, enum role role)
{
if (vstate->onlyup_v4 != vstate->onlyup_v6 ||
vstate->downup_v4 != vstate->downup_v6) {
printf("failed: vstate differ per AID ");
return 0xff;
}
if (role != ROLE_CUSTOMER) {
return (vstate->onlyup_v4);
return (vstate->onlyup);
} else {
return (vstate->downup_v4);
return (vstate->downup);
}
}
@ -451,13 +436,13 @@ main(int argc, char **argv)
printf("testing aspa_check_aspath: ");
for (i = 0; i < num_aspath; i++) {
struct aspa_state st[2], revst;
struct aspa_state st, revst;
struct aspath *a;
memset(st, 0, sizeof(st));
memset(&st, 0, sizeof(st));
a = build_aspath(aspath_testset[i].aspath,
aspath_testset[i].aspathcnt, 0);
if (aspa_check_aspath(aspa, a, st) == -1) {
if (aspa_check_aspath(aspa, a, &st) == -1) {
printf("failed: aspath_testset[%zu]: "
"aspath %s got -1\n", i,
print_aspath(aspath_testset[i].aspath,
@ -465,30 +450,21 @@ main(int argc, char **argv)
aspath_failed = 1;
}
if (memcmp(&aspath_testset[i].state, st, sizeof(*st))) {
if (memcmp(&aspath_testset[i].state, &st, sizeof(st))) {
printf("failed: aspath_testset[%zu]: aspath %s "
"bad state", i,
print_aspath(aspath_testset[i].aspath,
aspath_testset[i].aspathcnt));
print_state(&aspath_testset[i].state, st);
printf("\n");
aspath_failed = 1;
}
if (memcmp(&aspath_testset[i].state, st + 1, sizeof(*st))) {
printf("failed: aspath_testset[%zu]: aspath %s "
"bad state AID_INET6", i,
print_aspath(aspath_testset[i].aspath,
aspath_testset[i].aspathcnt));
print_state(&aspath_testset[i].state, st + 1);
print_state(&aspath_testset[i].state, &st);
printf("\n");
aspath_failed = 1;
}
free(a);
memset(st, 0, sizeof(st));
memset(&st, 0, sizeof(st));
a = build_aspath(aspath_testset[i].aspath,
aspath_testset[i].aspathcnt, 1);
if (aspa_check_aspath(aspa, a, st) == -1) {
if (aspa_check_aspath(aspa, a, &st) == -1) {
printf("failed: reverse aspath_testset[%zu]: "
"aspath %s got -1\n", i,
print_aspath(aspath_testset[i].aspath,
@ -497,21 +473,12 @@ main(int argc, char **argv)
}
reverse_state(&aspath_testset[i].state, &revst);
if (memcmp(&revst, st, sizeof(*st))) {
if (memcmp(&revst, &st, sizeof(st))) {
printf("failed: reverse aspath_testset[%zu]: aspath %s "
"bad state", i,
print_aspath(aspath_testset[i].aspath,
aspath_testset[i].aspathcnt));
print_state(&revst, st);
printf("\n");
aspath_failed = 1;
}
if (memcmp(&revst, st + 1, sizeof(*st))) {
printf("failed: reverse aspath_testset[%zu]: aspath %s "
"bad state AID_INET6", i,
print_aspath(aspath_testset[i].aspath,
aspath_testset[i].aspathcnt));
print_state(&revst, st + 1);
print_state(&revst, &st);
printf("\n");
aspath_failed = 1;
}

4
regress/usr.sbin/btrace/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.26 2022/11/12 14:19:08 mpi Exp $
# $OpenBSD: Makefile,v 1.27 2023/08/13 09:49:47 mpi Exp $
BTRACE?= /usr/sbin/btrace
ALLOWDT!= sysctl -n kern.allowdt 2>/dev/null
@ -14,7 +14,7 @@ BT_LANG_SCRIPTS= arithm beginend boolean comments delete exit \
BT_ARG_LANG_SCRIPTS= staticv str
# scripts that use kernel probes
BT_KERN_SCRIPTS= filters multiprobe
BT_KERN_SCRIPTS= filters mapoverwrite multiprobe
REGRESS_EXPECTED_FAILURES= run-maxoperand

23
regress/usr.sbin/btrace/mapoverwrite.bt Normal file
View file

@ -0,0 +1,23 @@
BEGIN
{
@counter = 0;
@map[0] = 1;
@map[1] = 2;
@map[3] = 3;
}
/*
* Overwrite map periodically to ensure there's no double-free.
*/
interval:hz:1
{
if (@counter >= 10)
exit();
@counter = @counter + 1;
@map[0] = 11;
@map[1] = 22;
@map[3] = 33;
}

0
regress/usr.sbin/btrace/mapoverwrite.ok Normal file
View file

3
regress/usr.sbin/rpki-client/openssl11/unistd.h
View file

@ -8,6 +8,9 @@
#include <openssl/stack.h>
#define CMS_get_version(cms, version) (*(version) = 3, 1)
#define CMS_SignerInfo_get_version(si, version) (*(version) = 3, 1)
#ifndef DECLARE_STACK_OF
#define DECLARE_STACK_OF DEFINE_STACK_OF
#endif

3
sbin/iked/iked.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: iked.h,v 1.223 2023/07/28 11:23:03 claudio Exp $ */
/* $OpenBSD: iked.h,v 1.224 2023/08/11 11:24:55 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@ -260,6 +260,7 @@ struct iked_policy {
#define IKED_POLICY_SKIP 0x10
#define IKED_POLICY_IPCOMP 0x20
#define IKED_POLICY_TRANSPORT 0x40
#define IKED_POLICY_ROUTING 0x80
int pol_refcnt;

106
sbin/iked/ikev2.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ikev2.c,v 1.377 2023/08/04 19:06:25 claudio Exp $ */
/* $OpenBSD: ikev2.c,v 1.378 2023/08/11 11:24:55 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@ -6532,63 +6532,65 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa)
peer_changed = (memcmp(&sa->sa_peer_loaded, &sa->sa_peer,
sizeof(sa->sa_peer_loaded)) != 0);
TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) {
/* re-load the flow if the peer for the flow has changed */
reload = 0;
if (flow->flow_loaded) {
if (!peer_changed) {
log_debug("%s: flow already loaded %p",
__func__, flow);
continue;
if (!(sa->sa_policy->pol_flags & IKED_POLICY_ROUTING)) {
TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) {
/* re-load the flow if the peer for the flow has changed */
reload = 0;
if (flow->flow_loaded) {
if (!peer_changed) {
log_debug("%s: flow already loaded %p",
__func__, flow);
continue;
}
RB_REMOVE(iked_flows, &env->sc_activeflows, flow);
(void)pfkey_flow_delete(env, flow);
flow->flow_loaded = 0; /* we did RB_REMOVE */
reload = 1;
}
RB_REMOVE(iked_flows, &env->sc_activeflows, flow);
(void)pfkey_flow_delete(env, flow);
flow->flow_loaded = 0; /* we did RB_REMOVE */
reload = 1;
}
if (pfkey_flow_add(env, flow) != 0) {
log_debug("%s: failed to load flow", __func__);
goto done;
}
if (pfkey_flow_add(env, flow) != 0) {
log_debug("%s: failed to load flow", __func__);
goto done;
}
if ((oflow = RB_FIND(iked_flows, &env->sc_activeflows, flow))
!= NULL) {
log_debug("%s: replaced old flow %p with %p",
__func__, oflow, flow);
oflow->flow_loaded = 0;
RB_REMOVE(iked_flows, &env->sc_activeflows, oflow);
}
if ((oflow = RB_FIND(iked_flows, &env->sc_activeflows, flow))
!= NULL) {
log_debug("%s: replaced old flow %p with %p",
__func__, oflow, flow);
oflow->flow_loaded = 0;
RB_REMOVE(iked_flows, &env->sc_activeflows, oflow);
}
RB_INSERT(iked_flows, &env->sc_activeflows, flow);
RB_INSERT(iked_flows, &env->sc_activeflows, flow);
log_debug("%s: %sloaded flow %p", __func__,
reload ? "re" : "", flow);
log_debug("%s: %sloaded flow %p", __func__,
reload ? "re" : "", flow);
/* append flow to log buffer */
if (flow->flow_dir == IPSP_DIRECTION_OUT &&
flow->flow_prenat.addr_af != 0)
snprintf(prenat_mask, sizeof(prenat_mask), "%d",
flow->flow_prenat.addr_mask);
else
prenat_mask[0] = '\0';
if (flow->flow_dir == IPSP_DIRECTION_OUT) {
if (ftello(flowf) > 0)
fputs(", ", flowf);
fprintf(flowf, "%s-%s/%d%s%s%s%s%s=%s/%d(%u)%s",
print_map(flow->flow_saproto, ikev2_saproto_map),
print_addr(&flow->flow_src.addr),
flow->flow_src.addr_mask,
flow->flow_prenat.addr_af != 0 ? "[": "",
flow->flow_prenat.addr_af != 0 ?
print_addr(&flow->flow_prenat.addr) : "",
flow->flow_prenat.addr_af != 0 ? "/" : "",
flow->flow_prenat.addr_af != 0 ? prenat_mask : "",
flow->flow_prenat.addr_af != 0 ? "]": "",
print_addr(&flow->flow_dst.addr),
flow->flow_dst.addr_mask,
flow->flow_ipproto,
reload ? "-R" : "");
/* append flow to log buffer */
if (flow->flow_dir == IPSP_DIRECTION_OUT &&
flow->flow_prenat.addr_af != 0)
snprintf(prenat_mask, sizeof(prenat_mask), "%d",
flow->flow_prenat.addr_mask);
else
prenat_mask[0] = '\0';
if (flow->flow_dir == IPSP_DIRECTION_OUT) {
if (ftello(flowf) > 0)
fputs(", ", flowf);
fprintf(flowf, "%s-%s/%d%s%s%s%s%s=%s/%d(%u)%s",
print_map(flow->flow_saproto, ikev2_saproto_map),
print_addr(&flow->flow_src.addr),
flow->flow_src.addr_mask,
flow->flow_prenat.addr_af != 0 ? "[": "",
flow->flow_prenat.addr_af != 0 ?
print_addr(&flow->flow_prenat.addr) : "",
flow->flow_prenat.addr_af != 0 ? "/" : "",
flow->flow_prenat.addr_af != 0 ? prenat_mask : "",
flow->flow_prenat.addr_af != 0 ? "]": "",
print_addr(&flow->flow_dst.addr),
flow->flow_dst.addr_mask,
flow->flow_ipproto,
reload ? "-R" : "");
}
}
}

6
sbin/iked/parse.y
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parse.y,v 1.143 2023/06/14 14:09:29 claudio Exp $ */
/* $OpenBSD: parse.y,v 1.144 2023/08/11 11:24:55 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@ -2519,6 +2519,10 @@ create_ike(char *name, int af, struct ipsec_addr_wrap *ipproto,
}
if (iface != NULL) {
/* sec(4) */
if (strncmp("sec", iface, strlen("sec")) == 0)
pol.pol_flags |= IKED_POLICY_ROUTING;
pol.pol_iface = if_nametoindex(iface);
if (pol.pol_iface == 0) {
yyerror("invalid iface");

35
sbin/iked/pfkey.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pfkey.c,v 1.82 2023/06/13 12:34:12 tb Exp $ */
/* $OpenBSD: pfkey.c,v 1.84 2023/08/14 12:02:02 tobhe Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@ -25,6 +25,7 @@
#include <netinet/in.h>
#include <netinet/ip_ipsp.h>
#include <net/if.h>
#include <net/pfkeyv2.h>
#include <err.h>
@ -40,7 +41,7 @@
#include "ikev2.h"
#define ROUNDUP(x) (((x) + (PFKEYV2_CHUNK - 1)) & ~(PFKEYV2_CHUNK - 1))
#define IOV_CNT 27
#define IOV_CNT 28
#define PFKEYV2_CHUNK sizeof(uint64_t)
#define PFKEY_REPLY_TIMEOUT 1000
@ -453,6 +454,7 @@ pfkey_flow(struct iked *env, uint8_t satype, uint8_t action, struct iked_flow *f
int
pfkey_sa(struct iked *env, uint8_t satype, uint8_t action, struct iked_childsa *sa)
{
char iface[IF_NAMESIZE];
struct sadb_msg smsg;
struct sadb_sa sadb;
struct sadb_address sa_src, sa_dst, sa_pxy;
@ -460,6 +462,7 @@ pfkey_sa(struct iked *env, uint8_t satype, uint8_t action, struct iked_childsa *
struct sadb_lifetime sa_ltime_hard, sa_ltime_soft;
struct sadb_x_udpencap udpencap;
struct sadb_x_tag sa_tag;
struct sadb_x_iface sa_iface;
char *tag = NULL;
struct sadb_x_tap sa_tap;
struct sadb_x_rdomain sa_rdomain;
@ -469,6 +472,8 @@ pfkey_sa(struct iked *env, uint8_t satype, uint8_t action, struct iked_childsa *
struct iked_policy *pol;
struct iked_addr *dst;
struct iovec iov[IOV_CNT];
const char *errstr = NULL;
uint32_t ifminor;
uint32_t jitter;
int iov_cnt;
int ret, dotap = 0;
@ -549,6 +554,7 @@ pfkey_sa(struct iked *env, uint8_t satype, uint8_t action, struct iked_childsa *
bzero(&udpencap, sizeof udpencap);
bzero(&sa_ltime_hard, sizeof(sa_ltime_hard));
bzero(&sa_ltime_soft, sizeof(sa_ltime_soft));
bzero(&sa_iface, sizeof(sa_iface));
if (pol->pol_rdomain >= 0) {
bzero(&sa_rdomain, sizeof(sa_rdomain));
@ -688,6 +694,24 @@ pfkey_sa(struct iked *env, uint8_t satype, uint8_t action, struct iked_childsa *
sa_tap.sadb_x_tap_unit = pol->pol_tap;
}
if (pol->pol_flags & IKED_POLICY_ROUTING) {
sa_iface.sadb_x_iface_exttype = SADB_X_EXT_IFACE;
sa_iface.sadb_x_iface_len = sizeof(sa_iface) / 8;
if (if_indextoname(pol->pol_iface, iface) == 0) {
log_warn("%s: unsupported interface %d",
__func__, pol->pol_iface);
return (-1);
}
ifminor = strtonum(iface + strlen("sec"), 0, UINT_MAX, &errstr);
if (errstr != NULL) {
log_warnx("%s: unsupported interface %s",
__func__, iface);
return (-1);
}
sa_iface.sadb_x_iface_unit = ifminor;
sa_iface.sadb_x_iface_direction = sa->csa_dir;
}
send:
#define PAD(len) \
@ -816,6 +840,13 @@ pfkey_sa(struct iked *env, uint8_t satype, uint8_t action, struct iked_childsa *
PAD(strlen(tag) + 1);
}
if (sa_iface.sadb_x_iface_len) {
iov[iov_cnt].iov_base = &sa_iface;
iov[iov_cnt].iov_len = sa_iface.sadb_x_iface_len * 8;
smsg.sadb_msg_len += sa_iface.sadb_x_iface_len;
iov_cnt++;
}
if (dotap != 0) {
/* enc(4) device tap unit */
iov[iov_cnt].iov_base = &sa_tap;

Some files were not shown because too many files have changed in this diff Show more