sync code with last improvements from OpenBSD

lib/libcrypto/ec/ec_ameth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.42 2023/08/12 08:07:35 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.43 2023/08/21 09:52:30 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -75,6 +75,17 @@ static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
 #endif
 
+static void
+eckey_param_free(int ptype, void *pval)
+{
+	if (pval == NULL)
+		return;
+	if (ptype == V_ASN1_OBJECT)
+		ASN1_OBJECT_free(pval);		/* XXX - really necessary? */
+	else
+		ASN1_STRING_free(pval);
+}
+
 static int
 eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
 {
@@ -110,36 +121,37 @@ eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
 static int
 eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 {
-	EC_KEY *ec_key = pkey->pkey.ec;
+	EC_KEY *eckey = pkey->pkey.ec;
+	int ptype = V_ASN1_UNDEF;
 	void *pval = NULL;
-	int ptype;
-	unsigned char *penc = NULL, *p;
-	int penclen;
+	ASN1_OBJECT *aobj;
+	unsigned char *key = NULL;
+	int key_len = 0;
+	int ret = 0;
 
-	if (!eckey_param2type(&ptype, &pval, ec_key)) {
+	if (!eckey_param2type(&ptype, &pval, eckey)) {
 		ECerror(ERR_R_EC_LIB);
-		return 0;
+		goto err;
 	}
-	penclen = i2o_ECPublicKey(ec_key, NULL);
-	if (penclen <= 0)
+	if ((key_len = i2o_ECPublicKey(eckey, &key)) <= 0) {
+		key_len = 0;
 		goto err;
-	penc = malloc(penclen);
-	if (!penc)
+	}
+	if ((aobj = OBJ_nid2obj(EVP_PKEY_EC)) == NULL)
 		goto err;
-	p = penc;
-	penclen = i2o_ECPublicKey(ec_key, &p);
-	if (penclen <= 0)
+	if (!X509_PUBKEY_set0_param(pk, aobj, ptype, pval, key, key_len))
 		goto err;
-	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC),
-		ptype, pval, penc, penclen))
-		return 1;
+	pval = NULL;
+	key = NULL;
+	key_len = 0;
+
+	ret = 1;
+
  err:
-	if (ptype == V_ASN1_OBJECT)
-		ASN1_OBJECT_free(pval);
-	else
-		ASN1_STRING_free(pval);
-	free(penc);
-	return 0;
+	eckey_param_free(ptype, pval);
+	freezero(key, key_len);
+
+	return ret;
 }
 
 static EC_KEY *
@@ -308,54 +320,47 @@ eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
 static int
 eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 {
-	EC_KEY *ec_key;
-	unsigned char *ep, *p;
-	int eplen, ptype;
-	void *pval;
-	unsigned int tmp_flags, old_flags;
+	EC_KEY *eckey = pkey->pkey.ec;
+	void *pval = NULL;
+	int ptype = V_ASN1_UNDEF;
+	ASN1_OBJECT *aobj;
+	unsigned char *key = NULL;
+	int key_len = 0;
+	unsigned int flags;
+	int ret = 0;
 
-	ec_key = pkey->pkey.ec;
+	flags = EC_KEY_get_enc_flags(eckey);
 
-	if (!eckey_param2type(&ptype, &pval, ec_key)) {
+	if (!eckey_param2type(&ptype, &pval, eckey)) {
 		ECerror(EC_R_DECODE_ERROR);
-		return 0;
+		goto err;
 	}
-	/* set the private key */
 
-	/*
-	 * do not include the parameters in the SEC1 private key see PKCS#11
-	 * 12.11
-	 */
-	old_flags = EC_KEY_get_enc_flags(ec_key);
-	tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
-	EC_KEY_set_enc_flags(ec_key, tmp_flags);
-	eplen = i2d_ECPrivateKey(ec_key, NULL);
-	if (!eplen) {
-		EC_KEY_set_enc_flags(ec_key, old_flags);
+	/* PKCS#11 12.11: don't include parameters in the SEC1 private key. */
+	EC_KEY_set_enc_flags(eckey, flags | EC_PKEY_NO_PARAMETERS);
+
+	if ((key_len = i2d_ECPrivateKey(eckey, &key)) <= 0) {
 		ECerror(ERR_R_EC_LIB);
-		return 0;
+		key_len = 0;
+		goto err;
 	}
-	ep = malloc(eplen);
-	if (!ep) {
-		EC_KEY_set_enc_flags(ec_key, old_flags);
-		ECerror(ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	p = ep;
-	if (!i2d_ECPrivateKey(ec_key, &p)) {
-		EC_KEY_set_enc_flags(ec_key, old_flags);
-		free(ep);
-		ECerror(ERR_R_EC_LIB);
-		return 0;
-	}
-	/* restore old encoding flags */
-	EC_KEY_set_enc_flags(ec_key, old_flags);
+	if ((aobj = OBJ_nid2obj(NID_X9_62_id_ecPublicKey)) == NULL)
+		goto err;
+	if (!PKCS8_pkey_set0(p8, aobj, 0, ptype, pval, key, key_len))
+		goto err;
+	pval = NULL;
+	key = NULL;
+	key_len = 0;
 
-	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
-		ptype, pval, ep, eplen))
-		return 0;
+	ret = 1;
 
-	return 1;
+ err:
+	eckey_param_free(ptype, pval);
+	freezero(key, key_len);
+
+	EC_KEY_set_enc_flags(eckey, flags);
+
+	return ret;
 }
 
 static int

lib/libcrypto/man/EVP_chacha20.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_chacha20.3,v 1.2 2023/08/16 13:47:18 schwarze Exp $
+.\" $OpenBSD: EVP_chacha20.3,v 1.3 2023/08/21 03:26:42 jsg Exp $
 .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 16 2023 $
+.Dd $Mdocdate: August 21 2023 $
 .Dt EVP_CHACHA20 3
 .Os
 .Sh NAME
@@ -157,7 +157,7 @@ It is strongly recommended to specify
 .Fa arg
 as exactly 16.
 Otherwise, only the initial part of the tag may be compared
-and mismatches near the end of the tag may get silently irgnored.
+and mismatches near the end of the tag may get silently ignored.
 This control operation fails if the
 .Fa ctx
 is configured for encryption or if
@@ -204,7 +204,7 @@ is less than 1 or greater than 16.
 .It Dv EVP_CTRL_INIT
 Set the length of the initialization vector to the default value
 of 12 bytes and clear the Poly1305 internal state.
-The application program usually does not need to invoke this contol
+The application program usually does not need to invoke this control
 operation manually because it is automatically called internally by
 .Xr EVP_EncryptInit_ex 3 ,
 .Xr EVP_DecryptInit_ex 3 ,