sync with OpenBSD -current

This commit is contained in:
purplerain 2024-05-10 01:59:48 +00:00
parent 01ab08895c
commit 492219ffd1
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
35 changed files with 666 additions and 546 deletions

View file

@ -1,4 +1,4 @@
/* $OpenBSD: dh_key.c,v 1.40 2023/08/03 18:53:55 tb Exp $ */
/* $OpenBSD: dh_key.c,v 1.42 2024/05/09 20:43:36 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -65,43 +65,6 @@
#include "bn_local.h"
#include "dh_local.h"
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int dh_init(DH *dh);
static int dh_finish(DH *dh);
int
DH_generate_key(DH *dh)
{
return dh->meth->generate_key(dh);
}
LCRYPTO_ALIAS(DH_generate_key);
int
DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
return dh->meth->compute_key(key, pub_key, dh);
}
LCRYPTO_ALIAS(DH_compute_key);
static DH_METHOD dh_ossl = {
.name = "OpenSSL DH Method",
.generate_key = generate_key,
.compute_key = compute_key,
.bn_mod_exp = dh_bn_mod_exp,
.init = dh_init,
.finish = dh_finish,
};
const DH_METHOD *
DH_OpenSSL(void)
{
return &dh_ossl;
}
LCRYPTO_ALIAS(DH_OpenSSL);
static int
generate_key(DH *dh)
{
@ -245,3 +208,33 @@ dh_finish(DH *dh)
BN_MONT_CTX_free(dh->method_mont_p);
return 1;
}
int
DH_generate_key(DH *dh)
{
return dh->meth->generate_key(dh);
}
LCRYPTO_ALIAS(DH_generate_key);
int
DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
return dh->meth->compute_key(key, pub_key, dh);
}
LCRYPTO_ALIAS(DH_compute_key);
static const DH_METHOD dh_ossl = {
.name = "OpenSSL DH Method",
.generate_key = generate_key,
.compute_key = compute_key,
.bn_mod_exp = dh_bn_mod_exp,
.init = dh_init,
.finish = dh_finish,
};
const DH_METHOD *
DH_OpenSSL(void)
{
return &dh_ossl;
}
LCRYPTO_ALIAS(DH_OpenSSL);

View file

@ -1,4 +1,4 @@
/* $OpenBSD: dsa_ossl.c,v 1.53 2023/08/03 18:53:55 tb Exp $ */
/* $OpenBSD: dsa_ossl.c,v 1.55 2024/05/09 20:57:49 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -69,30 +69,6 @@
#include "bn_local.h"
#include "dsa_local.h"
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp);
static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa);
static int dsa_init(DSA *dsa);
static int dsa_finish(DSA *dsa);
static DSA_METHOD openssl_dsa_meth = {
.name = "OpenSSL DSA method",
.dsa_do_sign = dsa_do_sign,
.dsa_sign_setup = dsa_sign_setup,
.dsa_do_verify = dsa_do_verify,
.init = dsa_init,
.finish = dsa_finish,
};
const DSA_METHOD *
DSA_OpenSSL(void)
{
return &openssl_dsa_meth;
}
LCRYPTO_ALIAS(DSA_OpenSSL);
/*
* Since DSA parameters are entirely arbitrary and checking them to be
* consistent is very expensive, we cannot do so on every sign operation.
@ -436,6 +412,22 @@ dsa_finish(DSA *dsa)
return 1;
}
static const DSA_METHOD openssl_dsa_meth = {
.name = "OpenSSL DSA method",
.dsa_do_sign = dsa_do_sign,
.dsa_sign_setup = dsa_sign_setup,
.dsa_do_verify = dsa_do_verify,
.init = dsa_init,
.finish = dsa_finish,
};
const DSA_METHOD *
DSA_OpenSSL(void)
{
return &openssl_dsa_meth;
}
LCRYPTO_ALIAS(DSA_OpenSSL);
DSA_SIG *
DSA_SIG_new(void)
{

View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_req.c,v 1.36 2024/05/08 08:20:08 tb Exp $ */
/* $OpenBSD: x509_req.c,v 1.41 2024/05/09 14:29:08 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -70,54 +70,52 @@
#include <openssl/pem.h>
#include <openssl/x509.h>
#include "asn1_local.h"
#include "evp_local.h"
#include "x509_local.h"
X509_REQ *
X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
X509_to_X509_REQ(X509 *x509, EVP_PKEY *signing_key, const EVP_MD *signing_md)
{
X509_REQ *ret;
int i;
EVP_PKEY *pktmp;
X509_REQ *req;
X509_NAME *subject;
EVP_PKEY *public_key;
ret = X509_REQ_new();
if (ret == NULL) {
if ((req = X509_REQ_new()) == NULL) {
X509error(ERR_R_MALLOC_FAILURE);
goto err;
}
if (!X509_REQ_set_version(ret, 0))
if ((subject = X509_get_subject_name(x509)) == NULL)
goto err;
if (!X509_REQ_set_subject_name(req, subject))
goto err;
if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
if ((public_key = X509_get0_pubkey(x509)) == NULL)
goto err;
if (!X509_REQ_set_pubkey(req, public_key))
goto err;
if ((pktmp = X509_get_pubkey(x)) == NULL)
goto err;
i = X509_REQ_set_pubkey(ret, pktmp);
EVP_PKEY_free(pktmp);
if (!i)
goto err;
if (pkey != NULL) {
if (!X509_REQ_sign(ret, pkey, md))
if (signing_key != NULL) {
if (!X509_REQ_sign(req, signing_key, signing_md))
goto err;
}
return (ret);
err:
X509_REQ_free(ret);
return (NULL);
return req;
err:
X509_REQ_free(req);
return NULL;
}
LCRYPTO_ALIAS(X509_to_X509_REQ);
EVP_PKEY *
X509_REQ_get_pubkey(X509_REQ *req)
{
if ((req == NULL) || (req->req_info == NULL))
return (NULL);
return (X509_PUBKEY_get(req->req_info->pubkey));
if (req == NULL || req->req_info == NULL)
return NULL;
return X509_PUBKEY_get(req->req_info->pubkey);
}
LCRYPTO_ALIAS(X509_REQ_get_pubkey);
@ -131,42 +129,43 @@ X509_REQ_get0_pubkey(X509_REQ *req)
LCRYPTO_ALIAS(X509_REQ_get0_pubkey);
int
X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
X509_REQ_check_private_key(X509_REQ *req, EVP_PKEY *pkey)
{
EVP_PKEY *xk = NULL;
int ok = 0;
EVP_PKEY *req_pubkey = NULL;
int ret;
if ((xk = X509_REQ_get0_pubkey(x)) == NULL)
if ((req_pubkey = X509_REQ_get0_pubkey(req)) == NULL)
return 0;
switch (EVP_PKEY_cmp(xk, k)) {
case 1:
ok = 1;
break;
if ((ret = EVP_PKEY_cmp(req_pubkey, pkey)) == 1)
return 1;
switch (ret) {
case 0:
X509error(X509_R_KEY_VALUES_MISMATCH);
break;
return 0;
case -1:
X509error(X509_R_KEY_TYPE_MISMATCH);
break;
return 0;
case -2:
#ifndef OPENSSL_NO_EC
if (k->type == EVP_PKEY_EC) {
if (pkey->type == EVP_PKEY_EC) {
X509error(ERR_R_EC_LIB);
break;
return 0;
}
#endif
#ifndef OPENSSL_NO_DH
if (k->type == EVP_PKEY_DH) {
if (pkey->type == EVP_PKEY_DH) {
/* No idea */
X509error(X509_R_CANT_CHECK_DH_KEY);
break;
return 0;
}
#endif
X509error(X509_R_UNKNOWN_KEY_TYPE);
return 0;
}
return (ok);
return 0;
}
LCRYPTO_ALIAS(X509_REQ_check_private_key);
@ -183,7 +182,6 @@ X509_REQ_get_extensions(X509_REQ *req)
X509_ATTRIBUTE *attr;
ASN1_TYPE *ext = NULL;
int idx;
const unsigned char *p;
if (req == NULL || req->req_info == NULL)
return NULL;
@ -197,10 +195,8 @@ X509_REQ_get_extensions(X509_REQ *req)
return NULL;
if ((ext = X509_ATTRIBUTE_get0_type(attr, 0)) == NULL)
return NULL;
if (ext->type != V_ASN1_SEQUENCE)
return NULL;
p = ext->value.sequence->data;
return d2i_X509_EXTENSIONS(NULL, &p, ext->value.sequence->length);
return ASN1_TYPE_unpack_sequence(&X509_EXTENSIONS_it, ext);
}
LCRYPTO_ALIAS(X509_REQ_get_extensions);
@ -215,16 +211,15 @@ X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
{
unsigned char *ext = NULL;
int extlen;
int rv;
int ret;
extlen = i2d_X509_EXTENSIONS(exts, &ext);
if (extlen <= 0)
if ((extlen = i2d_X509_EXTENSIONS(exts, &ext)) <= 0)
return 0;
rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen);
ret = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen);
free(ext);
return rv;
return ret;
}
LCRYPTO_ALIAS(X509_REQ_add_extensions_nid);