SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-01-14 01:35:08 +00:00
parent a51405ccff
commit 4250ddb86f
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
16 changed files with 2065 additions and 1231 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/libcrypto/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.162 2023/12/29 06:56:38 tb Exp $
# $OpenBSD: Makefile,v 1.166 2024/01/13 12:18:52 tb Exp $
LIB= crypto
LIBREBUILD=y
@ -348,7 +348,6 @@ SRCS+= err_prn.c
SRCS+= bio_b64.c
SRCS+= bio_enc.c
SRCS+= bio_md.c
SRCS+= c_all.c
SRCS+= e_aes.c
SRCS+= e_aes_cbc_hmac_sha1.c
SRCS+= e_bf.c
@ -372,6 +371,7 @@ SRCS+= evp_digest.c
SRCS+= evp_encode.c
SRCS+= evp_err.c
SRCS+= evp_key.c
SRCS+= evp_names.c
SRCS+= evp_pbe.c
SRCS+= evp_pkey.c
SRCS+= m_gost2814789.c
@ -387,7 +387,6 @@ SRCS+= m_sigver.c
SRCS+= m_sm3.c
SRCS+= m_streebog.c
SRCS+= m_wp.c
SRCS+= names.c
SRCS+= p5_crpt.c
SRCS+= p5_crpt2.c
SRCS+= p_legacy.c
@ -453,7 +452,6 @@ SRCS+= ofb128.c
SRCS+= xts128.c
# objects/
SRCS+= o_names.c
SRCS+= obj_dat.c
SRCS+= obj_err.c
SRCS+= obj_lib.c

23
lib/libcrypto/asn1/asn1_item.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: asn1_item.c,v 1.18 2023/11/09 11:36:39 tb Exp $ */
/* $OpenBSD: asn1_item.c,v 1.19 2024/01/13 13:59:18 joshua Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -222,13 +222,20 @@ int
ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type)
{
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) {
EVP_MD_CTX_cleanup(&ctx);
return 0;
}
return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
EVP_MD_CTX *md_ctx = NULL;
int ret = 0;
if ((md_ctx = EVP_MD_CTX_new()) == NULL)
goto err;
if (!EVP_DigestSignInit(md_ctx, NULL, type, NULL, pkey))
goto err;
ret = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, md_ctx);
err:
EVP_MD_CTX_free(md_ctx);
return ret;
}
static int

25
lib/libcrypto/crypto_init.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: crypto_init.c,v 1.15 2024/01/07 19:59:32 tb Exp $ */
/* $OpenBSD: crypto_init.c,v 1.17 2024/01/13 17:04:29 tb Exp $ */
/*
* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
*
@ -44,8 +44,6 @@ OPENSSL_init_crypto_internal(void)
OPENSSL_cpuid_setup();
ERR_load_crypto_strings();
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
}
int
@ -91,3 +89,24 @@ OPENSSL_cleanup(void)
crypto_init_cleaned_up = 1;
}
LCRYPTO_ALIAS(OPENSSL_cleanup);
void
OpenSSL_add_all_ciphers(void)
{
}
void
OpenSSL_add_all_digests(void)
{
}
void
OPENSSL_add_all_algorithms_noconf(void)
{
}
void
OPENSSL_add_all_algorithms_conf(void)
{
OPENSSL_config(NULL);
}

331
lib/libcrypto/evp/c_all.c
View file

@ -1,331 +0,0 @@
/* $OpenBSD: c_all.c,v 1.33 2023/10/24 13:09:54 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <pthread.h>
#include <openssl/opensslconf.h>
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include "cryptlib.h"
static void
OpenSSL_add_all_ciphers_internal(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_cfb1());
EVP_add_cipher(EVP_des_cfb8());
EVP_add_cipher(EVP_des_ede_cfb());
EVP_add_cipher(EVP_des_ede3_cfb());
EVP_add_cipher(EVP_des_ede3_cfb1());
EVP_add_cipher(EVP_des_ede3_cfb8());
EVP_add_cipher(EVP_des_ofb());
EVP_add_cipher(EVP_des_ede_ofb());
EVP_add_cipher(EVP_des_ede3_ofb());
EVP_add_cipher(EVP_desx_cbc());
EVP_add_cipher_alias(SN_desx_cbc, "DESX");
EVP_add_cipher_alias(SN_desx_cbc, "desx");
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher_alias(SN_des_cbc, "DES");
EVP_add_cipher_alias(SN_des_cbc, "des");
EVP_add_cipher(EVP_des_ede_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
EVP_add_cipher(EVP_des_ecb());
EVP_add_cipher(EVP_des_ede());
EVP_add_cipher(EVP_des_ede3());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
EVP_add_cipher(EVP_rc4_40());
#ifndef OPENSSL_NO_MD5
EVP_add_cipher(EVP_rc4_hmac_md5());
#endif
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_ecb());
EVP_add_cipher(EVP_idea_cfb());
EVP_add_cipher(EVP_idea_ofb());
EVP_add_cipher(EVP_idea_cbc());
EVP_add_cipher_alias(SN_idea_cbc, "IDEA");
EVP_add_cipher_alias(SN_idea_cbc, "idea");
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_ecb());
EVP_add_cipher(EVP_rc2_cfb());
EVP_add_cipher(EVP_rc2_ofb());
EVP_add_cipher(EVP_rc2_cbc());
EVP_add_cipher(EVP_rc2_40_cbc());
EVP_add_cipher(EVP_rc2_64_cbc());
EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
#endif
#ifndef OPENSSL_NO_BF
EVP_add_cipher(EVP_bf_ecb());
EVP_add_cipher(EVP_bf_cfb());
EVP_add_cipher(EVP_bf_ofb());
EVP_add_cipher(EVP_bf_cbc());
EVP_add_cipher_alias(SN_bf_cbc, "BF");
EVP_add_cipher_alias(SN_bf_cbc, "bf");
EVP_add_cipher_alias(SN_bf_cbc, "blowfish");
#endif
#ifndef OPENSSL_NO_CAST
EVP_add_cipher(EVP_cast5_ecb());
EVP_add_cipher(EVP_cast5_cfb());
EVP_add_cipher(EVP_cast5_ofb());
EVP_add_cipher(EVP_cast5_cbc());
EVP_add_cipher_alias(SN_cast5_cbc, "CAST");
EVP_add_cipher_alias(SN_cast5_cbc, "cast");
EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc");
EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc");
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_ecb());
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_128_ccm());
EVP_add_cipher(EVP_aes_128_cfb());
EVP_add_cipher(EVP_aes_128_cfb1());
EVP_add_cipher(EVP_aes_128_cfb8());
EVP_add_cipher(EVP_aes_128_ofb());
EVP_add_cipher(EVP_aes_128_ctr());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_128_wrap());
EVP_add_cipher(EVP_aes_128_xts());
EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
EVP_add_cipher(EVP_aes_192_ecb());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_192_ccm());
EVP_add_cipher(EVP_aes_192_cfb());
EVP_add_cipher(EVP_aes_192_cfb1());
EVP_add_cipher(EVP_aes_192_cfb8());
EVP_add_cipher(EVP_aes_192_ofb());
EVP_add_cipher(EVP_aes_192_ctr());
EVP_add_cipher(EVP_aes_192_gcm());
EVP_add_cipher(EVP_aes_192_wrap());
EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
EVP_add_cipher(EVP_aes_256_ecb());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_256_ccm());
EVP_add_cipher(EVP_aes_256_cfb());
EVP_add_cipher(EVP_aes_256_cfb1());
EVP_add_cipher(EVP_aes_256_cfb8());
EVP_add_cipher(EVP_aes_256_ofb());
EVP_add_cipher(EVP_aes_256_ctr());
EVP_add_cipher(EVP_aes_256_gcm());
EVP_add_cipher(EVP_aes_256_wrap());
EVP_add_cipher(EVP_aes_256_xts());
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
#endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_ecb());
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_128_cfb());
EVP_add_cipher(EVP_camellia_128_cfb1());
EVP_add_cipher(EVP_camellia_128_cfb8());
EVP_add_cipher(EVP_camellia_128_ofb());
EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128");
EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128");
EVP_add_cipher(EVP_camellia_192_ecb());
EVP_add_cipher(EVP_camellia_192_cbc());
EVP_add_cipher(EVP_camellia_192_cfb());
EVP_add_cipher(EVP_camellia_192_cfb1());
EVP_add_cipher(EVP_camellia_192_cfb8());
EVP_add_cipher(EVP_camellia_192_ofb());
EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192");
EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192");
EVP_add_cipher(EVP_camellia_256_ecb());
EVP_add_cipher(EVP_camellia_256_cbc());
EVP_add_cipher(EVP_camellia_256_cfb());
EVP_add_cipher(EVP_camellia_256_cfb1());
EVP_add_cipher(EVP_camellia_256_cfb8());
EVP_add_cipher(EVP_camellia_256_ofb());
EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
#endif
#ifndef OPENSSL_NO_CHACHA
EVP_add_cipher(EVP_chacha20());
EVP_add_cipher_alias(SN_chacha20, "ChaCha20");
EVP_add_cipher_alias(LN_chacha20, "chacha20");
#endif
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
EVP_add_cipher(EVP_chacha20_poly1305());
#endif
#ifndef OPENSSL_NO_GOST
EVP_add_cipher(EVP_gost2814789_ecb());
EVP_add_cipher(EVP_gost2814789_cfb64());
EVP_add_cipher(EVP_gost2814789_cnt());
#endif
#ifndef OPENSSL_NO_SM4
EVP_add_cipher(EVP_sm4_ecb());
EVP_add_cipher(EVP_sm4_cbc());
EVP_add_cipher(EVP_sm4_cfb());
EVP_add_cipher(EVP_sm4_ofb());
EVP_add_cipher(EVP_sm4_ctr());
EVP_add_cipher_alias(SN_sm4_cbc, "SM4");
EVP_add_cipher_alias(SN_sm4_cbc, "sm4");
#endif
}
void
OpenSSL_add_all_ciphers(void)
{
static pthread_once_t add_all_ciphers_once = PTHREAD_ONCE_INIT;
(void) pthread_once(&add_all_ciphers_once, OpenSSL_add_all_ciphers_internal);
}
static void
OpenSSL_add_all_digests_internal(void)
{
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest(EVP_md5_sha1());
EVP_add_digest_alias(SN_md5, "ssl2-md5");
EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
#endif
#ifndef OPENSSL_NO_GOST
EVP_add_digest(EVP_gostr341194());
EVP_add_digest(EVP_gost2814789imit());
EVP_add_digest(EVP_streebog256());
EVP_add_digest(EVP_streebog512());
#endif
#ifndef OPENSSL_NO_RIPEMD
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160, "ripemd");
EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
EVP_add_digest(EVP_sha512_224());
EVP_add_digest(EVP_sha512_256());
#endif
#ifndef OPENSSL_NO_SHA3
EVP_add_digest(EVP_sha3_224());
EVP_add_digest(EVP_sha3_256());
EVP_add_digest(EVP_sha3_384());
EVP_add_digest(EVP_sha3_512());
#endif
#ifndef OPENSSL_NO_SM3
EVP_add_digest(EVP_sm3());
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
}
void
OpenSSL_add_all_digests(void)
{
static pthread_once_t add_all_digests_once = PTHREAD_ONCE_INIT;
(void) pthread_once(&add_all_digests_once, OpenSSL_add_all_digests_internal);
}
void
OPENSSL_add_all_algorithms_noconf(void)
{
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
}
void
OPENSSL_add_all_algorithms_conf(void)
{
OPENSSL_add_all_algorithms_noconf();
OPENSSL_config(NULL);
}

1838
lib/libcrypto/evp/evp_names.c Normal file
View file

File diff suppressed because it is too large Load diff

239
lib/libcrypto/evp/names.c
View file

@ -1,239 +0,0 @@
/* $OpenBSD: names.c,v 1.22 2023/12/15 14:22:10 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "evp_local.h"
extern int obj_cleanup_defer;
void check_defer(int nid);
int
EVP_add_cipher(const EVP_CIPHER *c)
{
int r;
if (c == NULL)
return 0;
r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
(const char *)c);
if (r == 0)
return (0);
check_defer(c->nid);
r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
(const char *)c);
return (r);
}
int
EVP_add_digest(const EVP_MD *md)
{
int r;
const char *name;
name = OBJ_nid2sn(md->type);
r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md);
if (r == 0)
return (0);
check_defer(md->type);
r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH,
(const char *)md);
if (r == 0)
return (0);
if (md->pkey_type && md->type != md->pkey_type) {
r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS, name);
if (r == 0)
return (0);
check_defer(md->pkey_type);
r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS, name);
}
return (r);
}
const EVP_CIPHER *
EVP_get_cipherbyname(const char *name)
{
if (!OPENSSL_init_crypto(0, NULL))
return NULL;
return (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
}
const EVP_MD *
EVP_get_digestbyname(const char *name)
{
if (!OPENSSL_init_crypto(0, NULL))
return NULL;
return (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
}
void
EVP_cleanup(void)
{
OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
/* The above calls will only clean out the contents of the name
hash table, but not the hash table itself. The following line
does that part. -- Richard Levitte */
OBJ_NAME_cleanup(-1);
if (obj_cleanup_defer == 2) {
obj_cleanup_defer = 0;
OBJ_cleanup();
}
}
struct doall_cipher {
void *arg;
void (*fn)(const EVP_CIPHER *ciph, const char *from, const char *to,
void *arg);
};
static void
do_all_cipher_fn(const OBJ_NAME *nm, void *arg)
{
struct doall_cipher *dc = arg;
if (nm->alias)
dc->fn(NULL, nm->name, nm->data, dc->arg);
else
dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg);
}
void
EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, const char *from,
const char *to, void *x), void *arg)
{
struct doall_cipher dc;
/* Prayer and clean living lets you ignore errors, OpenSSL style */
(void) OPENSSL_init_crypto(0, NULL);
dc.fn = fn;
dc.arg = arg;
OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
}
void
EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, const char *from,
const char *to, void *x), void *arg)
{
struct doall_cipher dc;
/* Prayer and clean living lets you ignore errors, OpenSSL style */
(void) OPENSSL_init_crypto(0, NULL);
dc.fn = fn;
dc.arg = arg;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
do_all_cipher_fn, &dc);
}
struct doall_md {
void *arg;
void (*fn)(const EVP_MD *ciph, const char *from, const char *to,
void *arg);
};
static void
do_all_md_fn(const OBJ_NAME *nm, void *arg)
{
struct doall_md *dc = arg;
if (nm->alias)
dc->fn(NULL, nm->name, nm->data, dc->arg);
else
dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg);
}
void
EVP_MD_do_all(void (*fn)(const EVP_MD *md, const char *from, const char *to,
void *x), void *arg)
{
struct doall_md dc;
/* Prayer and clean living lets you ignore errors, OpenSSL style */
(void) OPENSSL_init_crypto(0, NULL);
dc.fn = fn;
dc.arg = arg;
OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
}
void
EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md,
const char *from, const char *to, void *x), void *arg)
{
struct doall_md dc;
/* Prayer and clean living lets you ignore errors, OpenSSL style */
(void) OPENSSL_init_crypto(0, NULL);
dc.fn = fn;
dc.arg = arg;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
}

139
lib/libcrypto/evp/pmeth_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pmeth_lib.c,v 1.36 2024/01/04 20:15:01 tb Exp $ */
/* $OpenBSD: pmeth_lib.c,v 1.37 2024/01/13 12:46:59 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@ -101,14 +101,14 @@ static const EVP_PKEY_METHOD *pkey_methods[] = {
#define N_PKEY_METHODS (sizeof(pkey_methods) / sizeof(pkey_methods[0]))
const EVP_PKEY_METHOD *
EVP_PKEY_meth_find(int type)
static const EVP_PKEY_METHOD *
evp_pkey_method_find(int nid)
{
size_t i;
for (i = 0; i < N_PKEY_METHODS; i++) {
const EVP_PKEY_METHOD *pmeth = pkey_methods[i];
if (pmeth->pkey_id == type)
if (pmeth->pkey_id == nid)
return pmeth;
}
@ -116,18 +116,18 @@ EVP_PKEY_meth_find(int type)
}
static EVP_PKEY_CTX *
evp_pkey_ctx_new(EVP_PKEY *pkey, int id)
evp_pkey_ctx_new(EVP_PKEY *pkey, int nid)
{
EVP_PKEY_CTX *pkey_ctx = NULL;
const EVP_PKEY_METHOD *pmeth;
if (id == -1) {
if (nid == -1) {
if (pkey == NULL || pkey->ameth == NULL)
return NULL;
id = pkey->ameth->pkey_id;
nid = pkey->ameth->pkey_id;
}
if ((pmeth = EVP_PKEY_meth_find(id)) == NULL) {
if ((pmeth = evp_pkey_method_find(nid)) == NULL) {
EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
goto err;
}
@ -154,50 +154,6 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, int id)
return NULL;
}
EVP_PKEY_METHOD*
EVP_PKEY_meth_new(int id, int flags)
{
EVP_PKEY_METHOD *pmeth;
if ((pmeth = calloc(1, sizeof(EVP_PKEY_METHOD))) == NULL)
return NULL;
pmeth->pkey_id = id;
pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
return pmeth;
}
void
EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, const EVP_PKEY_METHOD *meth)
{
if (ppkey_id)
*ppkey_id = meth->pkey_id;
if (pflags)
*pflags = meth->flags;
}
void
EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
{
EVP_PKEY_METHOD preserve;
preserve.pkey_id = dst->pkey_id;
preserve.flags = dst->flags;
*dst = *src;
dst->pkey_id = preserve.pkey_id;
dst->flags = preserve.flags;
}
void
EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
{
if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))
free(pmeth);
}
EVP_PKEY_CTX *
EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *engine)
{
@ -205,9 +161,9 @@ EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *engine)
}
EVP_PKEY_CTX *
EVP_PKEY_CTX_new_id(int id, ENGINE *engine)
EVP_PKEY_CTX_new_id(int nid, ENGINE *engine)
{
return evp_pkey_ctx_new(NULL, id);
return evp_pkey_ctx_new(NULL, nid);
}
EVP_PKEY_CTX *
@ -241,13 +197,6 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
return NULL;
}
int
EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
{
EVPerror(ERR_R_DISABLED);
return 0;
}
void
EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
{
@ -399,25 +348,62 @@ EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
return ctx->app_data;
}
/*
* Remove all the functions below in the next major bump
*/
const EVP_PKEY_METHOD *
EVP_PKEY_meth_find(int type)
{
EVPerror(ERR_R_DISABLED);
return NULL;
}
EVP_PKEY_METHOD*
EVP_PKEY_meth_new(int id, int flags)
{
EVPerror(ERR_R_DISABLED);
return NULL;
}
void
EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, const EVP_PKEY_METHOD *meth)
{
}
void
EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
{
}
void
EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
{
}
int
EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
{
EVPerror(ERR_R_DISABLED);
return 0;
}
void
EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
int (*init)(EVP_PKEY_CTX *ctx))
{
pmeth->init = init;
}
void
EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src))
{
pmeth->copy = copy;
}
void
EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
void (*cleanup)(EVP_PKEY_CTX *ctx))
{
pmeth->cleanup = cleanup;
}
void
@ -425,8 +411,6 @@ EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
int (*paramgen_init)(EVP_PKEY_CTX *ctx),
int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
{
pmeth->paramgen_init = paramgen_init;
pmeth->paramgen = paramgen;
}
void
@ -434,8 +418,6 @@ EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
int (*keygen_init)(EVP_PKEY_CTX *ctx),
int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
{
pmeth->keygen_init = keygen_init;
pmeth->keygen = keygen;
}
void
@ -444,8 +426,6 @@ EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen))
{
pmeth->sign_init = sign_init;
pmeth->sign = sign;
}
void
@ -454,8 +434,6 @@ EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen))
{
pmeth->verify_init = verify_init;
pmeth->verify = verify;
}
void
@ -465,8 +443,6 @@ EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen))
{
pmeth->verify_recover_init = verify_recover_init;
pmeth->verify_recover = verify_recover;
}
void
@ -475,8 +451,6 @@ EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
EVP_MD_CTX *mctx))
{
pmeth->signctx_init = signctx_init;
pmeth->signctx = signctx;
}
void
@ -485,8 +459,6 @@ EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
EVP_MD_CTX *mctx))
{
pmeth->verifyctx_init = verifyctx_init;
pmeth->verifyctx = verifyctx;
}
void
@ -495,8 +467,6 @@ EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen))
{
pmeth->encrypt_init = encrypt_init;
pmeth->encrypt = encryptfn;
}
void
@ -505,8 +475,6 @@ EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen))
{
pmeth->decrypt_init = decrypt_init;
pmeth->decrypt = decrypt;
}
void
@ -514,8 +482,6 @@ EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
int (*derive_init)(EVP_PKEY_CTX *ctx),
int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen))
{
pmeth->derive_init = derive_init;
pmeth->derive = derive;
}
void
@ -523,26 +489,21 @@ EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value))
{
pmeth->ctrl = ctrl;
pmeth->ctrl_str = ctrl_str;
}
void
EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey))
{
pmeth->check = check;
}
void
EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
int (*public_check)(EVP_PKEY *pkey))
{
pmeth->public_check = public_check;
}
void
EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
int (*param_check)(EVP_PKEY *pkey))
{
pmeth->param_check = param_check;
}

69
lib/libcrypto/man/OBJ_create.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: OBJ_create.3,v 1.8 2023/09/06 12:26:59 schwarze Exp $
.\" $OpenBSD: OBJ_create.3,v 1.9 2024/01/13 19:06:20 tb Exp $
.\" full merge up to:
.\" OpenSSL OBJ_nid2obj.pod 9b86974e Aug 17 15:21:33 2015 -0400
.\" selective merge up to:
@ -69,7 +69,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 6 2023 $
.Dd $Mdocdate: January 13 2024 $
.Dt OBJ_CREATE 3
.Os
.Sh NAME
@ -78,9 +78,7 @@
.Nm OBJ_create ,
.\" OBJ_create_and_add_object is a deprecated, unused alias for OBJ_create(3).
.Nm OBJ_create_objects ,
.Nm obj_cleanup_defer ,
.Nm OBJ_cleanup ,
.Nm check_defer
.Nm OBJ_cleanup
.Nd modify the table of ASN.1 object identifiers
.Sh SYNOPSIS
.In openssl/objects.h
@ -96,11 +94,8 @@
.Fc
.Ft int
.Fn OBJ_create_objects "BIO *in_bio"
.Vt extern int obj_cleanup_defer ;
.Ft void
.Fn OBJ_cleanup void
.Ft void
.Fn check_defer "int nid"
.Sh DESCRIPTION
.Fn OBJ_new_nid
returns the smallest currently unassigned ASN.1 numeric
@ -154,16 +149,6 @@ or a similar function and then calling
.Xr ASN1_OBJECT_free 3
on the returned pointer will have no effect.
.Pp
The global variable
.Va obj_cleanup_defer
controls the behaviour of
.Fn OBJ_cleanup
and
.Xr EVP_cleanup 3 .
.Pp
If
.Va obj_cleanup_defer
has the default value of 0,
.Fn OBJ_cleanup
resets the internal object table to its default state,
removing and freeing all objects that were added with
@ -171,47 +156,6 @@ removing and freeing all objects that were added with
.Fn OBJ_create ,
or
.Fn OBJ_create_objects .
Otherwise,
.Fn OBJ_cleanup
only sets
.Va obj_cleanup_defer
to 2, which defers the cleanup of the internal object table
to the next call of
.Xr EVP_cleanup 3 .
.Pp
By default,
.Xr EVP_cleanup 3
has no effect on the internal object table.
Only if
.Va obj_cleanup_defer
is 2, it resets
.Va obj_cleanup_defer
to 0 and calls
.Fn OBJ_cleanup ,
which then resets the table to its default state.
.Pp
The function
.Fn check_defer
sets
.Va obj_cleanup_defer
to 1 unless
.Fa nid
is a built-in numeric identifier, but it has no effect if
.Va obj_cleanup_defer
already differs from 0.
This function is called internally by various functions
in the EVP library, in particular by subroutines of
.Xr OpenSSL_add_all_ciphers 3
and
.Xr OpenSSL_add_all_digests 3 .
.Pp
To reliably reset the internal object table no matter what the
current state may be, an application program needs to call both
.Fn OBJ_cleanup
and
.Xr EVP_cleanup 3 ,
in this order.
The opposite order will usually not work.
.Sh RETURN VALUES
.Fn OBJ_new_nid
returns the new NID.
@ -256,7 +200,6 @@ obj = OBJ_nid2obj(new_nid);
.Ed
.Sh SEE ALSO
.Xr ASN1_OBJECT_new 3 ,
.Xr EVP_cleanup 3 ,
.Xr OBJ_NAME_add 3 ,
.Xr OBJ_nid2obj 3
.Sh HISTORY
@ -269,12 +212,6 @@ first appeared in SSLeay 0.8.0 and
in SSLeay 0.9.0.
These functions have been available since
.Ox 2.4 .
.Pp
.Va obj_cleanup_defer
and
.Fn check_defer
first appeared in OpenSSL 1.0.0 and have been available since
.Ox 4.9 .
.Sh CAVEATS
.Fn OBJ_add_object
indicates success even after adding an incomplete object that was created with

363
lib/libcrypto/objects/o_names.c
View file

@ -1,363 +0,0 @@
/* $OpenBSD: o_names.c,v 1.24 2023/07/08 12:27:51 beck Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/objects.h>
#include <openssl/safestack.h>
/* I use the ex_data stuff to manage the identifiers for the obj_name_types
* that applications may define. I only really use the free function field.
*/
DECLARE_LHASH_OF(OBJ_NAME);
static LHASH_OF(OBJ_NAME) *names_lh = NULL;
static int names_type_num = OBJ_NAME_TYPE_NUM;
typedef struct name_funcs_st {
unsigned long (*hash_func)(const char *name);
int (*cmp_func)(const char *a, const char *b);
void (*free_func)(const char *, int, const char *);
} NAME_FUNCS;
DECLARE_STACK_OF(NAME_FUNCS)
static STACK_OF(NAME_FUNCS) *name_funcs_stack;
/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable
* casting in the functions. This prevents function pointer casting without the
* need for macro-generated wrapper functions. */
/* static unsigned long obj_name_hash(OBJ_NAME *a); */
static unsigned long obj_name_hash(const void *a_void);
/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
static int obj_name_cmp(const void *a_void, const void *b_void);
static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME)
static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME)
int
OBJ_NAME_init(void)
{
if (names_lh != NULL)
return (1);
names_lh = lh_OBJ_NAME_new();
return (names_lh != NULL);
}
LCRYPTO_ALIAS(OBJ_NAME_init);
int
OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
int (*cmp_func)(const char *, const char *),
void (*free_func)(const char *, int, const char *))
{
int ret;
int i;
NAME_FUNCS *name_funcs;
if (name_funcs_stack == NULL)
name_funcs_stack = sk_NAME_FUNCS_new_null();
if (name_funcs_stack == NULL)
return (0);
ret = names_type_num;
names_type_num++;
for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
name_funcs = malloc(sizeof(NAME_FUNCS));
if (!name_funcs) {
OBJerror(ERR_R_MALLOC_FAILURE);
return (0);
}
name_funcs->hash_func = lh_strhash;
name_funcs->cmp_func = strcmp;
name_funcs->free_func = NULL;
if (sk_NAME_FUNCS_push(name_funcs_stack, name_funcs) == 0) {
free(name_funcs);
OBJerror(ERR_R_MALLOC_FAILURE);
return (0);
}
}
name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
if (hash_func != NULL)
name_funcs->hash_func = hash_func;
if (cmp_func != NULL)
name_funcs->cmp_func = cmp_func;
if (free_func != NULL)
name_funcs->free_func = free_func;
return (ret);
}
LCRYPTO_ALIAS(OBJ_NAME_new_index);
/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
static int
obj_name_cmp(const void *a_void, const void *b_void)
{
int ret;
const OBJ_NAME *a = (const OBJ_NAME *)a_void;
const OBJ_NAME *b = (const OBJ_NAME *)b_void;
ret = a->type - b->type;
if (ret == 0) {
if ((name_funcs_stack != NULL) &&
(sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
ret = sk_NAME_FUNCS_value(name_funcs_stack,
a->type)->cmp_func(a->name, b->name);
} else
ret = strcmp(a->name, b->name);
}
return (ret);
}
/* static unsigned long obj_name_hash(OBJ_NAME *a) */
static unsigned long
obj_name_hash(const void *a_void)
{
unsigned long ret;
const OBJ_NAME *a = (const OBJ_NAME *)a_void;
if ((name_funcs_stack != NULL) &&
(sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
ret = sk_NAME_FUNCS_value(name_funcs_stack,
a->type)->hash_func(a->name);
} else {
ret = lh_strhash(a->name);
}
ret ^= a->type;
return (ret);
}
const char *
OBJ_NAME_get(const char *name, int type)
{
OBJ_NAME on, *ret;
int num = 0, alias;
if (name == NULL)
return (NULL);
if ((names_lh == NULL) && !OBJ_NAME_init())
return (NULL);
alias = type&OBJ_NAME_ALIAS;
type&= ~OBJ_NAME_ALIAS;
on.name = name;
on.type = type;
for (;;) {
ret = lh_OBJ_NAME_retrieve(names_lh, &on);
if (ret == NULL)
return (NULL);
if ((ret->alias) && !alias) {
if (++num > 10)
return (NULL);
on.name = ret->data;
} else {
return (ret->data);
}
}
}
LCRYPTO_ALIAS(OBJ_NAME_get);
int
OBJ_NAME_add(const char *name, int type, const char *data)
{
OBJ_NAME *onp, *ret;
int alias;
if ((names_lh == NULL) && !OBJ_NAME_init())
return (0);
alias = type & OBJ_NAME_ALIAS;
type &= ~OBJ_NAME_ALIAS;
onp = malloc(sizeof(OBJ_NAME));
if (onp == NULL) {
/* ERROR */
return (0);
}
onp->name = name;
onp->alias = alias;
onp->type = type;
onp->data = data;
ret = lh_OBJ_NAME_insert(names_lh, onp);
if (ret != NULL) {
/* free things */
if ((name_funcs_stack != NULL) &&
(sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
/* XXX: I'm not sure I understand why the free
* function should get three arguments...
* -- Richard Levitte
*/
sk_NAME_FUNCS_value(
name_funcs_stack, ret->type)->free_func(
ret->name, ret->type, ret->data);
}
free(ret);
} else {
if (lh_OBJ_NAME_error(names_lh)) {
free(onp);
/* ERROR */
return (0);
}
}
return (1);
}
LCRYPTO_ALIAS(OBJ_NAME_add);
int
OBJ_NAME_remove(const char *name, int type)
{
OBJ_NAME on, *ret;
if (names_lh == NULL)
return (0);
type &= ~OBJ_NAME_ALIAS;
on.name = name;
on.type = type;
ret = lh_OBJ_NAME_delete(names_lh, &on);
if (ret != NULL) {
/* free things */
if ((name_funcs_stack != NULL) &&
(sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
/* XXX: I'm not sure I understand why the free
* function should get three arguments...
* -- Richard Levitte
*/
sk_NAME_FUNCS_value(
name_funcs_stack, ret->type)->free_func(
ret->name, ret->type, ret->data);
}
free(ret);
return (1);
} else
return (0);
}
LCRYPTO_ALIAS(OBJ_NAME_remove);
struct doall {
int type;
void (*fn)(const OBJ_NAME *, void *arg);
void *arg;
};
static void
do_all_fn_doall_arg(const OBJ_NAME *name, struct doall *d)
{
if (name->type == d->type)
d->fn(name, d->arg);
}
static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall)
void
OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *arg), void *arg)
{
struct doall d;
d.type = type;
d.fn = fn;
d.arg = arg;
lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn),
struct doall, &d);
}
LCRYPTO_ALIAS(OBJ_NAME_do_all);
struct doall_sorted {
int type;
int n;
const OBJ_NAME **names;
};
static void
do_all_sorted_fn(const OBJ_NAME *name, void *d_)
{
struct doall_sorted *d = d_;
if (name->type != d->type)
return;
d->names[d->n++] = name;
}
static int
do_all_sorted_cmp(const void *n1_, const void *n2_)
{
const OBJ_NAME * const *n1 = n1_;
const OBJ_NAME * const *n2 = n2_;
return strcmp((*n1)->name, (*n2)->name);
}
void
OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *arg),
void *arg)
{
struct doall_sorted d;
int n;
d.type = type;
d.names = reallocarray(NULL, lh_OBJ_NAME_num_items(names_lh),
sizeof *d.names);
d.n = 0;
if (d.names != NULL) {
OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp);
for (n = 0; n < d.n; ++n)
fn(d.names[n], arg);
free(d.names);
}
}
LCRYPTO_ALIAS(OBJ_NAME_do_all_sorted);
static int free_type;
static void
names_lh_free_doall(OBJ_NAME *onp)
{
if (onp == NULL)
return;
if (free_type < 0 || free_type == onp->type)
OBJ_NAME_remove(onp->name, onp->type);
}
static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME)
static void
name_funcs_free(NAME_FUNCS *ptr)
{
free(ptr);
}
void
OBJ_NAME_cleanup(int type)
{
unsigned long down_load;
if (names_lh == NULL)
return;
free_type = type;
down_load = lh_OBJ_NAME_down_load(names_lh);
lh_OBJ_NAME_down_load(names_lh) = 0;
lh_OBJ_NAME_doall(names_lh, LHASH_DOALL_FN(names_lh_free));
if (type < 0) {
lh_OBJ_NAME_free(names_lh);
sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
names_lh = NULL;
name_funcs_stack = NULL;
} else
lh_OBJ_NAME_down_load(names_lh) = down_load;
}
LCRYPTO_ALIAS(OBJ_NAME_cleanup);

20
lib/libcrypto/objects/obj_dat.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: obj_dat.c,v 1.82 2023/12/15 01:51:23 tb Exp $ */
/* $OpenBSD: obj_dat.c,v 1.84 2024/01/13 11:57:51 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -183,27 +183,9 @@ static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ)
static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ)
static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ)
/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting
* to use freed up OIDs. If necessary the actual freeing up of OIDs is
* delayed.
*/
int obj_cleanup_defer = 0;
void
check_defer(int nid)
{
if (!obj_cleanup_defer && nid >= NUM_NID)
obj_cleanup_defer = 1;
}
void
OBJ_cleanup(void)
{
if (obj_cleanup_defer) {
obj_cleanup_defer = 2;
return;
}
if (added == NULL)
return;
lh_ADDED_OBJ_down_load(added) = 0;

5
lib/libcrypto/stack/stack.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: stack.c,v 1.23 2023/04/24 15:35:22 beck Exp $ */
/* $OpenBSD: stack.c,v 1.24 2024/01/13 16:32:53 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
#include <errno.h>
#include <stdio.h>
#include <string.h>
@ -65,8 +66,6 @@
#undef MIN_NODES
#define MIN_NODES 4
#include <errno.h>
int
(*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))(
const void *, const void *)

76
lib/libcrypto/x509/x509_trs.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_trs.c,v 1.39 2024/01/10 21:34:53 tb Exp $ */
/* $OpenBSD: x509_trs.c,v 1.40 2024/01/13 19:57:38 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -64,6 +64,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "crypto_internal.h"
#include "x509_local.h"
static int
@ -129,7 +130,7 @@ trust_1oid(X509_TRUST *trust, X509 *x, int flags)
* value to get an index into the table
*/
static X509_TRUST trstandard[] = {
static const X509_TRUST trstandard[] = {
{
.trust = X509_TRUST_COMPAT,
.check_trust = trust_compat,
@ -181,27 +182,17 @@ static X509_TRUST trstandard[] = {
#define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0]))
static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
CTASSERT(X509_TRUST_MIN == 1 && X509_TRUST_MAX == X509_TRUST_COUNT);
int
(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
X509_check_trust(X509 *x, int trust_id, int flags)
{
int (*oldtrust)(int , X509 *, int);
oldtrust = default_trust;
default_trust = trust;
return oldtrust;
}
LCRYPTO_ALIAS(X509_TRUST_set_default);
int
X509_check_trust(X509 *x, int id, int flags)
{
X509_TRUST *pt;
const X509_TRUST *trust;
int idx;
if (id == -1)
if (trust_id == -1)
return 1;
/*
* XXX beck/jsing This enables self signed certs to be trusted for
* an unspecified id/trust flag value (this is NOT the
@ -211,21 +202,36 @@ X509_check_trust(X509 *x, int id, int flags)
* This should be revisited, but changing the default "not default"
* may break things.
*/
if (id == 0) {
if (trust_id == 0) {
int rv;
rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
if (rv != X509_TRUST_UNTRUSTED)
return rv;
return trust_compat(NULL, x, 0);
}
idx = X509_TRUST_get_by_id(id);
if (idx == -1)
return default_trust(id, x, flags);
pt = X509_TRUST_get0(idx);
return pt->check_trust(pt, x, flags);
if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX)
return obj_trust(trust_id, x, flags);
idx = trust_id - X509_TRUST_MIN;
trust = &trstandard[idx];
return trust->check_trust((X509_TRUST *)trust, x, flags);
}
LCRYPTO_ALIAS(X509_check_trust);
/*
* Remove all the functions below in the next bump.
*/
int
(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
{
X509error(ERR_R_DISABLED);
return NULL;
}
LCRYPTO_ALIAS(X509_TRUST_set_default);
int
X509_TRUST_get_count(void)
{
@ -236,36 +242,24 @@ LCRYPTO_ALIAS(X509_TRUST_get_count);
X509_TRUST *
X509_TRUST_get0(int idx)
{
if (idx < 0 || (size_t)idx >= X509_TRUST_COUNT)
return NULL;
return &trstandard[idx];
X509error(ERR_R_DISABLED);
return NULL;
}
LCRYPTO_ALIAS(X509_TRUST_get0);
int
X509_TRUST_get_by_id(int id)
{
/*
* Ensure the trust identifier is between MIN and MAX inclusive.
* If so, translate it into an index into the trstandard[] table.
*/
if (id < X509_TRUST_MIN || id > X509_TRUST_MAX)
return -1;
return id - X509_TRUST_MIN;
X509error(ERR_R_DISABLED);
return -1;
}
LCRYPTO_ALIAS(X509_TRUST_get_by_id);
int
X509_TRUST_set(int *t, int trust)
{
if (X509_TRUST_get_by_id(trust) == -1) {
X509error(X509_R_INVALID_TRUST);
return 0;
}
*t = trust;
return 1;
X509error(ERR_R_DISABLED);
return 0;
}
LCRYPTO_ALIAS(X509_TRUST_set);