sync with OpenBSD -current

This commit is contained in:
purplerain 2023-12-15 04:25:16 +00:00
parent 8801582927
commit 30cf31d90d
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
55 changed files with 633 additions and 516 deletions

View file

@ -1,4 +1,4 @@
/* $OpenBSD: cryptlib.c,v 1.46 2023/07/08 08:28:23 beck Exp $ */
/* $OpenBSD: cryptlib.c,v 1.47 2023/12/14 15:31:22 tb Exp $ */
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
@ -355,7 +355,7 @@ OPENSSL_showfatal(const char *fmta, ...)
va_list ap;
va_start(ap, fmta);
vsyslog_r(LOG_INFO|LOG_LOCAL2, &sdata, fmta, ap);
vsyslog_r(LOG_CONS|LOG_LOCAL2, &sdata, fmta, ap);
va_end(ap);
}

View file

@ -1,4 +1,4 @@
/* $OpenBSD: obj_dat.c,v 1.65 2023/12/13 23:34:45 tb Exp $ */
/* $OpenBSD: obj_dat.c,v 1.82 2023/12/15 01:51:23 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -279,89 +279,58 @@ OBJ_add_object(const ASN1_OBJECT *obj)
LCRYPTO_ALIAS(OBJ_add_object);
ASN1_OBJECT *
OBJ_nid2obj(int n)
OBJ_nid2obj(int nid)
{
ADDED_OBJ ad, *adp;
ASN1_OBJECT ob;
if (nid >= 0 && nid < NUM_NID) {
if (nid == NID_undef || nid_objs[nid].nid != NID_undef)
return (ASN1_OBJECT *)&nid_objs[nid];
if ((n >= 0) && (n < NUM_NID)) {
if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
OBJerror(OBJ_R_UNKNOWN_NID);
return (NULL);
}
return ((ASN1_OBJECT *)&(nid_objs[n]));
} else if (added == NULL)
return (NULL);
else {
ad.type = ADDED_NID;
ad.obj = &ob;
ob.nid = n;
adp = lh_ADDED_OBJ_retrieve(added, &ad);
if (adp != NULL)
return (adp->obj);
else {
OBJerror(OBJ_R_UNKNOWN_NID);
return (NULL);
}
goto unknown;
}
/* XXX - locking. */
if (added != NULL) {
ASN1_OBJECT aobj = {
.nid = nid,
};
ADDED_OBJ needle = {
.type = ADDED_NID,
.obj = &aobj,
};
ADDED_OBJ *found;
if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL)
return found->obj;
}
unknown:
OBJerror(OBJ_R_UNKNOWN_NID);
return NULL;
}
LCRYPTO_ALIAS(OBJ_nid2obj);
const char *
OBJ_nid2sn(int n)
OBJ_nid2sn(int nid)
{
ADDED_OBJ ad, *adp;
ASN1_OBJECT ob;
ASN1_OBJECT *aobj;
if ((n >= 0) && (n < NUM_NID)) {
if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
OBJerror(OBJ_R_UNKNOWN_NID);
return (NULL);
}
return (nid_objs[n].sn);
} else if (added == NULL)
return (NULL);
else {
ad.type = ADDED_NID;
ad.obj = &ob;
ob.nid = n;
adp = lh_ADDED_OBJ_retrieve(added, &ad);
if (adp != NULL)
return (adp->obj->sn);
else {
OBJerror(OBJ_R_UNKNOWN_NID);
return (NULL);
}
}
if ((aobj = OBJ_nid2obj(nid)) == NULL)
return NULL;
return aobj->sn;
}
LCRYPTO_ALIAS(OBJ_nid2sn);
const char *
OBJ_nid2ln(int n)
OBJ_nid2ln(int nid)
{
ADDED_OBJ ad, *adp;
ASN1_OBJECT ob;
ASN1_OBJECT *aobj;
if ((n >= 0) && (n < NUM_NID)) {
if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
OBJerror(OBJ_R_UNKNOWN_NID);
return (NULL);
}
return (nid_objs[n].ln);
} else if (added == NULL)
return (NULL);
else {
ad.type = ADDED_NID;
ad.obj = &ob;
ob.nid = n;
adp = lh_ADDED_OBJ_retrieve(added, &ad);
if (adp != NULL)
return (adp->obj->ln);
else {
OBJerror(OBJ_R_UNKNOWN_NID);
return (NULL);
}
}
if ((aobj = OBJ_nid2obj(nid)) == NULL)
return NULL;
return aobj->ln;
}
LCRYPTO_ALIAS(OBJ_nid2ln);
@ -370,6 +339,8 @@ obj_objs_cmp(const void *aobj, const void *b)
{
const unsigned int *nid = b;
OPENSSL_assert(*nid < NUM_NID);
return OBJ_cmp(aobj, &nid_objs[*nid]);
}
@ -405,89 +376,13 @@ OBJ_obj2nid(const ASN1_OBJECT *aobj)
}
LCRYPTO_ALIAS(OBJ_obj2nid);
/* Convert an object name into an ASN1_OBJECT
* if "noname" is not set then search for short and long names first.
* This will convert the "dotted" form into an object: unlike OBJ_txt2nid
* it can be used with any objects, not just registered ones.
*/
ASN1_OBJECT *
OBJ_txt2obj(const char *s, int no_name)
{
int nid;
if (!no_name) {
if ((nid = OBJ_sn2nid(s)) != NID_undef ||
(nid = OBJ_ln2nid(s)) != NID_undef)
return OBJ_nid2obj(nid);
}
return t2i_ASN1_OBJECT_internal(s);
}
LCRYPTO_ALIAS(OBJ_txt2obj);
int
OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *aobj, int no_name)
{
return i2t_ASN1_OBJECT_internal(aobj, buf, buf_len, no_name);
}
LCRYPTO_ALIAS(OBJ_obj2txt);
int
OBJ_txt2nid(const char *s)
{
ASN1_OBJECT *obj;
int nid;
obj = OBJ_txt2obj(s, 0);
nid = OBJ_obj2nid(obj);
ASN1_OBJECT_free(obj);
return nid;
}
LCRYPTO_ALIAS(OBJ_txt2nid);
static int
ln_objs_cmp(const void *ln, const void *b)
{
const unsigned int *nid = b;
return strcmp(ln, nid_objs[*nid].ln);
}
int
OBJ_ln2nid(const char *ln)
{
const unsigned int *nid;
/* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */
if (added != NULL) {
ASN1_OBJECT aobj = {
.ln = ln,
};
ADDED_OBJ needle = {
.type = ADDED_LNAME,
.obj = &aobj,
};
ADDED_OBJ *found;
if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL)
return found->obj->nid;
}
/* ln_objs holds NIDs in ascending alphabetical order of LN. */
nid = bsearch(ln, ln_objs, NUM_LN, sizeof(unsigned int), ln_objs_cmp);
if (nid != NULL)
return *nid;
return NID_undef;
}
LCRYPTO_ALIAS(OBJ_ln2nid);
static int
sn_objs_cmp(const void *sn, const void *b)
{
const unsigned int *nid = b;
OPENSSL_assert(*nid < NUM_NID);
return strcmp(sn, nid_objs[*nid].sn);
}
@ -520,6 +415,45 @@ OBJ_sn2nid(const char *sn)
}
LCRYPTO_ALIAS(OBJ_sn2nid);
static int
ln_objs_cmp(const void *ln, const void *b)
{
const unsigned int *nid = b;
OPENSSL_assert(*nid < NUM_NID);
return strcmp(ln, nid_objs[*nid].ln);
}
int
OBJ_ln2nid(const char *ln)
{
const unsigned int *nid;
/* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */
if (added != NULL) {
ASN1_OBJECT aobj = {
.ln = ln,
};
ADDED_OBJ needle = {
.type = ADDED_LNAME,
.obj = &aobj,
};
ADDED_OBJ *found;
if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL)
return found->obj->nid;
}
/* ln_objs holds NIDs in ascending alphabetical order of LN. */
nid = bsearch(ln, ln_objs, NUM_LN, sizeof(unsigned int), ln_objs_cmp);
if (nid != NULL)
return *nid;
return NID_undef;
}
LCRYPTO_ALIAS(OBJ_ln2nid);
const void *
OBJ_bsearch_(const void *key, const void *base, int num, int size,
int (*cmp)(const void *, const void *))
@ -561,6 +495,47 @@ OBJ_bsearch_ex_(const void *key, const void *base_, int num, int size,
return (p);
}
/* Convert an object name into an ASN1_OBJECT
* if "noname" is not set then search for short and long names first.
* This will convert the "dotted" form into an object: unlike OBJ_txt2nid
* it can be used with any objects, not just registered ones.
*/
ASN1_OBJECT *
OBJ_txt2obj(const char *s, int no_name)
{
int nid;
if (!no_name) {
if ((nid = OBJ_sn2nid(s)) != NID_undef ||
(nid = OBJ_ln2nid(s)) != NID_undef)
return OBJ_nid2obj(nid);
}
return t2i_ASN1_OBJECT_internal(s);
}
LCRYPTO_ALIAS(OBJ_txt2obj);
int
OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *aobj, int no_name)
{
return i2t_ASN1_OBJECT_internal(aobj, buf, buf_len, no_name);
}
LCRYPTO_ALIAS(OBJ_obj2txt);
int
OBJ_txt2nid(const char *s)
{
ASN1_OBJECT *obj;
int nid;
obj = OBJ_txt2obj(s, 0);
nid = OBJ_obj2nid(obj);
ASN1_OBJECT_free(obj);
return nid;
}
LCRYPTO_ALIAS(OBJ_txt2nid);
int
OBJ_create_objects(BIO *in)
{
@ -614,31 +589,33 @@ LCRYPTO_ALIAS(OBJ_create_objects);
int
OBJ_create(const char *oid, const char *sn, const char *ln)
{
int ok = 0;
ASN1_OBJECT *op = NULL;
unsigned char *buf;
int i;
ASN1_OBJECT *aobj = NULL;
unsigned char *buf = NULL;
int len, nid;
int ret = 0;
i = a2d_ASN1_OBJECT(NULL, 0, oid, -1);
if (i <= 0)
return (0);
if ((len = a2d_ASN1_OBJECT(NULL, 0, oid, -1)) <= 0)
goto err;
if ((buf = malloc(i)) == NULL) {
if ((buf = calloc(1, len)) == NULL) {
OBJerror(ERR_R_MALLOC_FAILURE);
return (0);
goto err;
}
i = a2d_ASN1_OBJECT(buf, i, oid, -1);
if (i == 0)
if ((len = a2d_ASN1_OBJECT(buf, len, oid, -1)) == 0)
goto err;
op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
if (op == NULL)
nid = OBJ_new_nid(1);
if ((aobj = ASN1_OBJECT_create(nid, buf, len, sn, ln)) == NULL)
goto err;
ok = OBJ_add_object(op);
ret = OBJ_add_object(aobj);
err:
ASN1_OBJECT_free(op);
ASN1_OBJECT_free(aobj);
free(buf);
return (ok);
return ret;
}
LCRYPTO_ALIAS(OBJ_create);

View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_vpm.c,v 1.40 2023/05/28 05:25:24 tb Exp $ */
/* $OpenBSD: x509_vpm.c,v 1.41 2023/12/14 12:02:10 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
@ -84,41 +84,31 @@ str_free(char *s)
free(s);
}
/*
* Post 1.0.1 sk function "deep_copy". For the moment we simply make
* these take void * and use them directly without a glorious blob of
* obfuscating macros of dubious value in front of them. All this in
* preparation for a rototilling of safestack.h (likely inspired by
* this).
*/
static void *
sk_deep_copy(void *sk_void, void *copy_func_void, void *free_func_void)
static STACK_OF(OPENSSL_STRING) *
sk_OPENSSL_STRING_deep_copy(const STACK_OF(OPENSSL_STRING) *sk)
{
_STACK *sk = sk_void;
void *(*copy_func)(void *) = copy_func_void;
void (*free_func)(void *) = free_func_void;
_STACK *ret = sk_dup(sk);
size_t i;
STACK_OF(OPENSSL_STRING) *new;
char *copy = NULL;
int i;
if (ret == NULL)
return NULL;
if ((new = sk_OPENSSL_STRING_new_null()) == NULL)
goto err;
for (i = 0; i < ret->num; i++) {
if (ret->data[i] == NULL)
continue;
ret->data[i] = copy_func(ret->data[i]);
if (ret->data[i] == NULL) {
size_t j;
for (j = 0; j < i; j++) {
if (ret->data[j] != NULL)
free_func(ret->data[j]);
}
sk_free(ret);
return NULL;
}
for (i = 0; i < sk_OPENSSL_STRING_num(sk); i++) {
if ((copy = strdup(sk_OPENSSL_STRING_value(sk, i))) == NULL)
goto err;
if (sk_OPENSSL_STRING_push(new, copy) <= 0)
goto err;
copy = NULL;
}
return ret;
return new;
err:
sk_OPENSSL_STRING_pop_free(new, str_free);
free(copy);
return NULL;
}
static int
@ -313,7 +303,7 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src)
dest->hosts = NULL;
}
if (src->hosts) {
dest->hosts = sk_deep_copy(src->hosts, strdup, str_free);
dest->hosts = sk_OPENSSL_STRING_deep_copy(src->hosts);
if (dest->hosts == NULL)
return 0;
}