sync code with last fixes and improvements from OpenBSD

bin/pax/ar_subs.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ar_subs.c,v 1.50 2021/10/24 21:24:21 deraadt Exp $	*/
+/*	$OpenBSD: ar_subs.c,v 1.51 2023/07/10 16:28:33 jeremy Exp $	*/
 /*	$NetBSD: ar_subs.c,v 1.5 1995/03/21 09:07:06 cgd Exp $	*/
 
 /*-
@@ -441,6 +441,23 @@ wr_archive(ARCHD *arcn, int is_app)
 		if (hlk && (chk_lnk(arcn) < 0))
 			break;
 
+		/*
+		 * Modify the name as requested by the user
+		 */
+		if ((res = mod_name(arcn)) < 0) {
+			/*
+			 * pax finished, purge link table entry and stop
+			 */
+			purg_lnk(arcn);
+			break;
+		} else if (res > 0) {
+			/*
+			 * skipping file, purge link table entry
+			 */
+			purg_lnk(arcn);
+			continue;
+		}
+
 		if (PAX_IS_REG(arcn->type) || (arcn->type == PAX_HRG)) {
 			/*
 			 * we will have to read this file. by opening it now we
@@ -456,20 +473,7 @@ wr_archive(ARCHD *arcn, int is_app)
 			}
 		}
 
-		/*
+		if (docrc && (set_crc(arcn, fd) < 0)) {
-		 * Now modify the name as requested by the user
-		 */
-		if ((res = mod_name(arcn)) < 0) {
-			/*
-			 * name modification says to skip this file, close the
-			 * file and purge link table entry
-			 */
-			rdfile_close(arcn, &fd);
-			purg_lnk(arcn);
-			break;
-		}
-
-		if ((res > 0) || (docrc && (set_crc(arcn, fd) < 0))) {
 			/*
 			 * unable to obtain the crc we need, close the file,
 			 * purge link table entry

distrib/sets/lists/comp/mi

@@ -1823,6 +1823,7 @@
 ./usr/share/man/man3/BN_cmp.3
 ./usr/share/man/man3/BN_copy.3
 ./usr/share/man/man3/BN_generate_prime.3
+./usr/share/man/man3/BN_get_rfc3526_prime_8192.3
 ./usr/share/man/man3/BN_kronecker.3
 ./usr/share/man/man3/BN_mod_inverse.3
 ./usr/share/man/man3/BN_mod_mul_montgomery.3
@@ -2595,7 +2596,6 @@
 ./usr/share/man/man3/gelf_newphdr.3
 ./usr/share/man/man3/gelf_update_ehdr.3
 ./usr/share/man/man3/gelf_xlatetof.3
-./usr/share/man/man3/get_rfc3526_prime_8192.3
 ./usr/share/man/man3/getaddrinfo.3
 ./usr/share/man/man3/getbsize.3
 ./usr/share/man/man3/getc.3
@@ -3051,6 +3051,8 @@
 ./usr/share/man/man3/wscanf.3
 ./usr/share/man/man3/xdr.3
 ./usr/share/man/man3/yp_bind.3
+./usr/share/man/man4/riscv64/stfpcie.4
+./usr/share/man/man4/riscv64/stfpciephy.4
 ./usr/share/man/man9/KASSERT.9
 ./usr/share/man/man9/RBT_INIT.9
 ./usr/share/man/man9/SMR_LIST_INIT.9

etc/root/root.mail

@@ -1,6 +1,6 @@
-From purplerain@secbsd.org Thu Jul  6 00:00:00 UTC 2023
+From purplerain@secbsd.org Thu Jul 20 00:00:00 UTC 2023
 Return-Path: root
-Date: Jul 6 00:00:00 UTC 2023
+Date: Jul 20 00:00:00 UTC 2023
 From: purplerain@secbsd.org (Purple Rain)
 To: root
 Subject: Welcome to SecBSD 1.3!

etc/skel/dot.version

@@ -1 +1 @@
-# SecBSD 1.3-3c7d048: Thu Jul 6 00:00:00 UTC 2023 (Quetzalcoatl)
+# SecBSD 1.3-3be5e12: Thu Jul 20 00:00:00 UTC 2023 (Tezcatlipoca)

gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp

@@ -1800,7 +1800,10 @@ void Clang::AddAArch64TargetArgs(const ArgList &Args,
         D.Diag(diag::err_invalid_branch_protection)
             << Scope << A->getAsString(Args);
       Key = "a_key";
-      IndirectBranches = false;
+      if (Triple.isOSOpenBSD())
+        IndirectBranches = true;
+      else
+        IndirectBranches = false;
     } else {
       StringRef Err;
       llvm::AArch64::ParsedBranchProtection PBP;

gnu/llvm/lldb/source/Plugins/ABI/AArch64/ABISysV_arm64.cpp

@@ -813,6 +813,31 @@ static lldb::addr_t ReadLinuxProcessAddressMask(lldb::ProcessSP process_sp,
   return address_mask;
 }
 
+// Reads code or data address mask for the current OpenBSD process.
+static lldb::addr_t ReadOpenBSDProcessAddressMask(lldb::ProcessSP process_sp,
+						  llvm::StringRef reg_name) {
+  // We set default value of mask such that no bits are masked out.
+  uint64_t address_mask = 0ULL;
+  // If Pointer Authentication feature is enabled then OpenBSD exposes
+  // PAC data and code mask register. Try reading relevant register
+  // below and merge it with default address mask calculated above.
+  lldb::ThreadSP thread_sp = process_sp->GetThreadList().GetSelectedThread();
+  if (thread_sp) {
+    lldb::RegisterContextSP reg_ctx_sp = thread_sp->GetRegisterContext();
+    if (reg_ctx_sp) {
+      const RegisterInfo *reg_info =
+          reg_ctx_sp->GetRegisterInfoByName(reg_name, 0);
+      if (reg_info) {
+        lldb::addr_t mask_reg_val = reg_ctx_sp->ReadRegisterAsUnsigned(
+            reg_info->kinds[eRegisterKindLLDB], LLDB_INVALID_ADDRESS);
+        if (mask_reg_val != LLDB_INVALID_ADDRESS)
+          address_mask |= mask_reg_val;
+      }
+    }
+  }
+  return address_mask;
+}
+
 lldb::addr_t ABISysV_arm64::FixCodeAddress(lldb::addr_t pc) {
   if (lldb::ProcessSP process_sp = GetProcessSP()) {
     if (process_sp->GetTarget().GetArchitecture().GetTriple().isOSLinux() &&
@@ -820,6 +845,11 @@ lldb::addr_t ABISysV_arm64::FixCodeAddress(lldb::addr_t pc) {
       process_sp->SetCodeAddressMask(
           ReadLinuxProcessAddressMask(process_sp, "code_mask"));
 
+    if (process_sp->GetTarget().GetArchitecture().GetTriple().isOSOpenBSD() &&
+        !process_sp->GetCodeAddressMask())
+      process_sp->SetCodeAddressMask(
+          ReadOpenBSDProcessAddressMask(process_sp, "code_mask"));
+
     return FixAddress(pc, process_sp->GetCodeAddressMask());
   }
   return pc;
@@ -832,6 +862,11 @@ lldb::addr_t ABISysV_arm64::FixDataAddress(lldb::addr_t pc) {
       process_sp->SetDataAddressMask(
           ReadLinuxProcessAddressMask(process_sp, "data_mask"));
 
+    if (process_sp->GetTarget().GetArchitecture().GetTriple().isOSOpenBSD() &&
+        !process_sp->GetDataAddressMask())
+      process_sp->SetDataAddressMask(
+          ReadOpenBSDProcessAddressMask(process_sp, "data_mask"));
+
     return FixAddress(pc, process_sp->GetDataAddressMask());
   }
   return pc;

gnu/llvm/lldb/source/Plugins/Process/OpenBSD/NativeRegisterContextOpenBSD_arm64.cpp

@@ -27,6 +27,7 @@
 
 // clang-format off
 #include <sys/types.h>
+#include <sys/ptrace.h>
 #include <sys/sysctl.h>
 #include <sys/time.h>
 #include <machine/cpu.h>
@@ -37,77 +38,6 @@ using namespace lldb_private::process_openbsd;
 
 #define REG_CONTEXT_SIZE (GetGPRSize() + GetFPRSize())
 
-// ARM64 general purpose registers.
-static const uint32_t g_gpr_regnums_arm64[] = {
-    gpr_x0_arm64,       gpr_x1_arm64,   gpr_x2_arm64,  gpr_x3_arm64,
-    gpr_x4_arm64,       gpr_x5_arm64,   gpr_x6_arm64,  gpr_x7_arm64,
-    gpr_x8_arm64,       gpr_x9_arm64,   gpr_x10_arm64, gpr_x11_arm64,
-    gpr_x12_arm64,      gpr_x13_arm64,  gpr_x14_arm64, gpr_x15_arm64,
-    gpr_x16_arm64,      gpr_x17_arm64,  gpr_x18_arm64, gpr_x19_arm64,
-    gpr_x20_arm64,      gpr_x21_arm64,  gpr_x22_arm64, gpr_x23_arm64,
-    gpr_x24_arm64,      gpr_x25_arm64,  gpr_x26_arm64, gpr_x27_arm64,
-    gpr_x28_arm64,      gpr_fp_arm64,   gpr_lr_arm64,  gpr_sp_arm64,
-    gpr_pc_arm64,       gpr_cpsr_arm64, gpr_w0_arm64,  gpr_w1_arm64,
-    gpr_w2_arm64,       gpr_w3_arm64,   gpr_w4_arm64,  gpr_w5_arm64,
-    gpr_w6_arm64,       gpr_w7_arm64,   gpr_w8_arm64,  gpr_w9_arm64,
-    gpr_w10_arm64,      gpr_w11_arm64,  gpr_w12_arm64, gpr_w13_arm64,
-    gpr_w14_arm64,      gpr_w15_arm64,  gpr_w16_arm64, gpr_w17_arm64,
-    gpr_w18_arm64,      gpr_w19_arm64,  gpr_w20_arm64, gpr_w21_arm64,
-    gpr_w22_arm64,      gpr_w23_arm64,  gpr_w24_arm64, gpr_w25_arm64,
-    gpr_w26_arm64,      gpr_w27_arm64,  gpr_w28_arm64,
-    LLDB_INVALID_REGNUM // register sets need to end with this flag
-};
-static_assert(((sizeof g_gpr_regnums_arm64 / sizeof g_gpr_regnums_arm64[0]) -
-               1) == k_num_gpr_registers_arm64,
-              "g_gpr_regnums_arm64 has wrong number of register infos");
-
-// ARM64 floating point registers.
-static const uint32_t g_fpu_regnums_arm64[] = {
-    fpu_v0_arm64,       fpu_v1_arm64,   fpu_v2_arm64,  fpu_v3_arm64,
-    fpu_v4_arm64,       fpu_v5_arm64,   fpu_v6_arm64,  fpu_v7_arm64,
-    fpu_v8_arm64,       fpu_v9_arm64,   fpu_v10_arm64, fpu_v11_arm64,
-    fpu_v12_arm64,      fpu_v13_arm64,  fpu_v14_arm64, fpu_v15_arm64,
-    fpu_v16_arm64,      fpu_v17_arm64,  fpu_v18_arm64, fpu_v19_arm64,
-    fpu_v20_arm64,      fpu_v21_arm64,  fpu_v22_arm64, fpu_v23_arm64,
-    fpu_v24_arm64,      fpu_v25_arm64,  fpu_v26_arm64, fpu_v27_arm64,
-    fpu_v28_arm64,      fpu_v29_arm64,  fpu_v30_arm64, fpu_v31_arm64,
-
-    fpu_s0_arm64,       fpu_s1_arm64,   fpu_s2_arm64,  fpu_s3_arm64,
-    fpu_s4_arm64,       fpu_s5_arm64,   fpu_s6_arm64,  fpu_s7_arm64,
-    fpu_s8_arm64,       fpu_s9_arm64,   fpu_s10_arm64, fpu_s11_arm64,
-    fpu_s12_arm64,      fpu_s13_arm64,  fpu_s14_arm64, fpu_s15_arm64,
-    fpu_s16_arm64,      fpu_s17_arm64,  fpu_s18_arm64, fpu_s19_arm64,
-    fpu_s20_arm64,      fpu_s21_arm64,  fpu_s22_arm64, fpu_s23_arm64,
-    fpu_s24_arm64,      fpu_s25_arm64,  fpu_s26_arm64, fpu_s27_arm64,
-    fpu_s28_arm64,      fpu_s29_arm64,  fpu_s30_arm64, fpu_s31_arm64,
-
-    fpu_d0_arm64,       fpu_d1_arm64,   fpu_d2_arm64,  fpu_d3_arm64,
-    fpu_d4_arm64,       fpu_d5_arm64,   fpu_d6_arm64,  fpu_d7_arm64,
-    fpu_d8_arm64,       fpu_d9_arm64,   fpu_d10_arm64, fpu_d11_arm64,
-    fpu_d12_arm64,      fpu_d13_arm64,  fpu_d14_arm64, fpu_d15_arm64,
-    fpu_d16_arm64,      fpu_d17_arm64,  fpu_d18_arm64, fpu_d19_arm64,
-    fpu_d20_arm64,      fpu_d21_arm64,  fpu_d22_arm64, fpu_d23_arm64,
-    fpu_d24_arm64,      fpu_d25_arm64,  fpu_d26_arm64, fpu_d27_arm64,
-    fpu_d28_arm64,      fpu_d29_arm64,  fpu_d30_arm64, fpu_d31_arm64,
-    fpu_fpsr_arm64,     fpu_fpcr_arm64,
-    LLDB_INVALID_REGNUM // register sets need to end with this flag
-};
-static_assert(((sizeof g_fpu_regnums_arm64 / sizeof g_fpu_regnums_arm64[0]) -
-               1) == k_num_fpr_registers_arm64,
-              "g_fpu_regnums_arm64 has wrong number of register infos");
-
-namespace {
-// Number of register sets provided by this context.
-enum { k_num_register_sets = 2 };
-}
-
-// Register sets for ARM64.
-static const RegisterSet g_reg_sets_arm64[k_num_register_sets] = {
-    {"General Purpose Registers", "gpr", k_num_gpr_registers_arm64,
-     g_gpr_regnums_arm64},
-    {"Floating Point Registers", "fpu", k_num_fpr_registers_arm64,
-     g_fpu_regnums_arm64}};
-
 std::unique_ptr<NativeRegisterContextOpenBSD>
 NativeRegisterContextOpenBSD::CreateHostNativeRegisterContextOpenBSD(
     const ArchSpec &target_arch, NativeThreadProtocol &native_thread) {
@@ -122,7 +52,9 @@ static RegisterInfoInterface *
 CreateRegisterInfoInterface(const ArchSpec &target_arch) {
   assert((HostInfo::GetArchitecture().GetAddressByteSize() == 8) &&
          "Register setting path assumes this is a 64-bit host");
-  return new RegisterInfoPOSIX_arm64(target_arch, 0);
+
+  Flags opt_regsets = RegisterInfoPOSIX_arm64::eRegsetMaskPAuth;
+  return new RegisterInfoPOSIX_arm64(target_arch, opt_regsets);
 }
 
 static llvm::APInt uint128ToAPInt(__uint128_t in) {
@@ -145,23 +77,25 @@ NativeRegisterContextOpenBSD_arm64::NativeRegisterContextOpenBSD_arm64(
                                   CreateRegisterInfoInterface(target_arch)),
       m_gpr(), m_fpr() {}
 
-uint32_t NativeRegisterContextOpenBSD_arm64::GetUserRegisterCount() const {
+RegisterInfoPOSIX_arm64 &
-  uint32_t count = 0;
+NativeRegisterContextOpenBSD_arm64::GetRegisterInfo() const {
-  for (uint32_t set_index = 0; set_index < k_num_register_sets; ++set_index)
+  return static_cast<RegisterInfoPOSIX_arm64 &>(*m_register_info_interface_up);
-    count += g_reg_sets_arm64[set_index].num_registers;
-  return count;
 }
 
 uint32_t NativeRegisterContextOpenBSD_arm64::GetRegisterSetCount() const {
-  return k_num_register_sets;
+  return GetRegisterInfo().GetRegisterSetCount();
 }
 
 const RegisterSet *
 NativeRegisterContextOpenBSD_arm64::GetRegisterSet(uint32_t set_index) const {
-	if (set_index < k_num_register_sets)
+  return GetRegisterInfo().GetRegisterSet(set_index);
-    return &g_reg_sets_arm64[set_index];
+}
 
-  return nullptr;
+uint32_t NativeRegisterContextOpenBSD_arm64::GetUserRegisterCount() const {
+  uint32_t count = 0;
+  for (uint32_t set_index = 0; set_index < GetRegisterSetCount(); ++set_index)
+    count += GetRegisterSet(set_index)->num_registers;
+  return count;
 }
 
 Status
@@ -202,6 +136,18 @@ NativeRegisterContextOpenBSD_arm64::ReadRegister(const RegisterInfo *reg_info,
     return error;
   }
 
+  if (GetRegisterInfo().IsPAuthReg(reg)) {
+    uint32_t offset;
+
+    offset = reg_info->byte_offset - GetRegisterInfo().GetPAuthOffset();
+    reg_value = (uint64_t)m_pacmask[offset > 0];
+    if (reg_value.GetByteSize() > reg_info->byte_size) {
+      reg_value.SetType(reg_info);
+    }
+
+    return error;
+  }
+
   switch (reg) {
   case gpr_x0_arm64:
   case gpr_x1_arm64:
@@ -527,6 +473,8 @@ int NativeRegisterContextOpenBSD_arm64::GetSetForNativeRegNum(
     return GPRegSet;
   else if (reg_num >= k_first_fpr_arm64 && reg_num <= k_last_fpr_arm64)
     return FPRegSet;
+  else if (GetRegisterInfo().IsPAuthReg(reg_num))
+    return PACMaskRegSet;
   else
     return -1;
 }
@@ -539,6 +487,9 @@ int NativeRegisterContextOpenBSD_arm64::ReadRegisterSet(uint32_t set) {
   case FPRegSet:
     ReadFPR();
     return 0;
+  case PACMaskRegSet:
+    ReadPACMask();
+    return 0;
   default:
     break;
   }
@@ -558,4 +509,16 @@ int NativeRegisterContextOpenBSD_arm64::WriteRegisterSet(uint32_t set) {
   }
   return -1;
 }
+
+Status NativeRegisterContextOpenBSD_arm64::ReadPACMask() {
+#ifdef PT_PACMASK
+  return NativeProcessOpenBSD::PtraceWrapper(PT_PACMASK, GetProcessPid(),
+					     &m_pacmask, sizeof(m_pacmask));
+#else
+  Status error;
+  ::memset(&m_pacmask, 0, sizeof(m_pacmask));
+  return error;
+#endif
+}
+
 #endif

gnu/llvm/lldb/source/Plugins/Process/OpenBSD/NativeRegisterContextOpenBSD_arm64.h

@@ -16,6 +16,7 @@
 // clang-format on
 
 #include "Plugins/Process/OpenBSD/NativeRegisterContextOpenBSD.h"
+#include "Plugins/Process/Utility/RegisterInfoPOSIX_arm64.h"
 #include "Plugins/Process/Utility/lldb-arm64-register-enums.h"
 
 namespace lldb_private {
@@ -65,16 +66,21 @@ protected:
 
 private:
   // Private member types.
-  enum { GPRegSet, FPRegSet };
+  enum { GPRegSet, FPRegSet, PACMaskRegSet };
 
   // Private member variables.
   struct reg m_gpr;
   struct fpreg m_fpr;
+  register_t m_pacmask[2];
 
   int GetSetForNativeRegNum(int reg_num) const;
 
   int ReadRegisterSet(uint32_t set);
   int WriteRegisterSet(uint32_t set);
+
+  RegisterInfoPOSIX_arm64 &GetRegisterInfo() const;
+
+  Status ReadPACMask();
 };
 
 } // namespace process_openbsd

gnu/llvm/lldb/source/Plugins/Process/elf-core/RegisterUtilities.h

@@ -67,6 +67,7 @@ enum {
   NT_AUXV = 11,
   NT_REGS = 20,
   NT_FPREGS = 21,
+  NT_PACMASK = 24,
 };
 }
 
@@ -121,6 +122,7 @@ constexpr RegsetDesc AARCH64_SVE_Desc[] = {
 
 constexpr RegsetDesc AARCH64_PAC_Desc[] = {
     {llvm::Triple::Linux, llvm::Triple::aarch64, llvm::ELF::NT_ARM_PAC_MASK},
+    {llvm::Triple::OpenBSD, llvm::Triple::aarch64, OPENBSD::NT_PACMASK},
 };
 
 constexpr RegsetDesc PPC_VMX_Desc[] = {

lib/libc/stdio/open_memstream.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: open_memstream.c,v 1.9 2023/06/21 13:11:49 claudio Exp $	*/
+/*	$OpenBSD: open_memstream.c,v 1.10 2023/07/11 12:14:16 claudio Exp $	*/
 
 /*
  * Copyright (c) 2011 Martin Pieuchot <mpi@openbsd.org>
@@ -135,7 +135,6 @@ open_memstream(char **pbuf, size_t *psize)
 		return (NULL);
 	}
 
-	*st->string = '\0';
 	st->pos = 0;
 	st->len = 0;
 	st->pbuf = pbuf;

lib/libc/stdio/open_wmemstream.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: open_wmemstream.c,v 1.9 2023/06/21 13:11:49 claudio Exp $	*/
+/*	$OpenBSD: open_wmemstream.c,v 1.10 2023/07/11 12:14:16 claudio Exp $	*/
 
 /*
  * Copyright (c) 2011 Martin Pieuchot <mpi@openbsd.org>
@@ -145,7 +145,6 @@ open_wmemstream(wchar_t **pbuf, size_t *psize)
 		return (NULL);
 	}
 
-	*st->string = L'\0';
 	st->pos = 0;
 	st->len = 0;
 	st->pbuf = pbuf;

lib/libc/sys/poll.2

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: poll.2,v 1.39 2022/01/21 15:23:36 millert Exp $
+.\"	$OpenBSD: poll.2,v 1.40 2023/07/18 04:17:17 asou Exp $
 .\"
 .\" Copyright (c) 1994 Jason R. Thorpe
 .\" All rights reserved.
@@ -28,7 +28,7 @@
 .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\"
-.Dd $Mdocdate: January 21 2022 $
+.Dd $Mdocdate: July 18 2023 $
 .Dt POLL 2
 .Os
 .Sh NAME
@@ -287,9 +287,9 @@ if (nready == -1)
 	err(1, "poll");
 if (nready == 0)
 	errx(1, "time out");
-if ((pfd[0].revents & (POLLERR|POLLNVAL)))
+if (pfd[0].revents & (POLLERR|POLLNVAL))
 	errx(1, "bad fd %d", pfd[0].fd);
-if ((pfd[0].revents & (POLLIN|POLLHUP))) {
+if (pfd[0].revents & (POLLIN|POLLHUP)) {
 	if (read(STDIN_FILENO, buf, sizeof(buf)) == -1)
 		err(1, "read");
 }

lib/libcrypto/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.137 2023/07/07 06:10:14 jsing Exp $
+# $OpenBSD: Makefile,v 1.138 2023/07/20 16:36:06 tb Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -386,8 +386,6 @@ SRCS+= tb_pkmeth.c
 SRCS+= tb_rand.c
 SRCS+= tb_rsa.c
 SRCS+= tb_store.c
-# XXX unnecessary? handled in EVP now...
-# SRCS+= eng_aesni.c # local addition
 
 # err/
 SRCS+= err.c

lib/libcrypto/asn1/asn1_item.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_item.c,v 1.16 2023/07/07 19:37:52 beck Exp $ */
+/* $OpenBSD: asn1_item.c,v 1.17 2023/07/13 20:59:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -230,73 +230,59 @@ ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 	return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
 }
 
-int
+static int
-ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+asn1_item_set_algorithm_identifiers(EVP_MD_CTX *ctx, X509_ALGOR *algor1,
-    ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
+    X509_ALGOR *algor2)
 {
-	const EVP_MD *type;
 	EVP_PKEY *pkey;
-	unsigned char *in = NULL, *out = NULL;
+	ASN1_OBJECT *aobj;
-	size_t out_len = 0;
+	const EVP_MD *md;
-	int in_len = 0;
+	int sign_id, sign_param;
-	int signid, paramtype;
-	int rv = 2;
-	int ret = 0;
 
 	if ((pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx)) == NULL) {
 		ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
 		return 0;
 	}
 
-	if (pkey->ameth == NULL) {
+	if ((md = EVP_MD_CTX_md(ctx)) == NULL) {
-		ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+		ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
 		return 0;
 	}
 
-	if (pkey->ameth->item_sign != NULL) {
+	if (!OBJ_find_sigid_by_algs(&sign_id, EVP_MD_nid(md),
-		rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
+	    pkey->ameth->pkey_id)) {
-		    signature);
+		ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
-		if (rv == 1) {
+		return 0;
-			out_len = signature->length;
+	}
-			goto done;
+	if ((aobj = OBJ_nid2obj(sign_id)) == NULL) {
-		}
+		ASN1error(ASN1_R_UNKNOWN_OBJECT_TYPE);
-		/* Return value meanings:
+		return 0;
-		 * <=0: error.
-		 *   1: method does everything.
-		 *   2: carry on as normal.
-		 *   3: ASN1 method sets algorithm identifiers: just sign.
-		 */
-		if (rv <= 0) {
-			ASN1error(ERR_R_EVP_LIB);
-			goto err;
-		}
 	}
 
-	if (rv == 2) {
+	sign_param = V_ASN1_UNDEF;
-		if ((type = EVP_MD_CTX_md(ctx)) == NULL) {
+	if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
-			ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
+		sign_param = V_ASN1_NULL;
+
+	if (algor1 != NULL) {
+		if (!X509_ALGOR_set0(algor1, aobj, sign_param, NULL))
 			return 0;
-		}
-
-		if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
-		    pkey->ameth->pkey_id)) {
-			ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
-			return 0;
-		}
-
-		if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
-			paramtype = V_ASN1_NULL;
-		else
-			paramtype = V_ASN1_UNDEF;
-
-		if (algor1)
-			X509_ALGOR_set0(algor1,
-			    OBJ_nid2obj(signid), paramtype, NULL);
-		if (algor2)
-			X509_ALGOR_set0(algor2,
-			    OBJ_nid2obj(signid), paramtype, NULL);
-
 	}
+	if (algor2 != NULL) {
+		if (!X509_ALGOR_set0(algor2, aobj, sign_param, NULL))
+			return 0;
+	}
+
+	return 1;
+}
+
+static int
+asn1_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+    ASN1_BIT_STRING *signature)
+{
+	unsigned char *in = NULL, *out = NULL;
+	size_t out_len = 0;
+	int in_len = 0;
+	int ret = 0;
 
 	if ((in_len = ASN1_item_i2d(asn, &in, it)) <= 0) {
 		in_len = 0;
@@ -325,20 +311,69 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 	out = NULL;
 
 	if (!asn1_abs_set_unused_bits(signature, 0)) {
+		ASN1_STRING_set0(signature, NULL, 0);
 		ASN1error(ERR_R_ASN1_LIB);
 		goto err;
 	}
 
- done:
+	ret = 1;
-	ret = out_len;
+
  err:
-	EVP_MD_CTX_cleanup(ctx);
 	freezero(in, in_len);
 	freezero(out, out_len);
 
 	return ret;
 }
 
+int
+ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+    ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
+{
+	EVP_PKEY *pkey;
+	int rv;
+	int ret = 0;
+
+	if ((pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx)) == NULL) {
+		ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
+		goto err;
+	}
+	if (pkey->ameth == NULL) {
+		ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+		goto err;
+	}
+
+	/*
+	 * API insanity ahead. If the item_sign() method is absent or if it
+	 * returns 2, this means: do all the work here. If it returns 3, only
+	 * sign. If it returns 1, then there's nothing to do but to return
+	 * the signature's length. Everything else is an error.
+	 */
+
+	rv = 2;
+	if (pkey->ameth->item_sign != NULL)
+		rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
+		    signature);
+	if (rv <= 0 || rv > 3)
+		goto err;
+	if (rv == 1)
+		goto done;
+	if (rv == 2) {
+		if (!asn1_item_set_algorithm_identifiers(ctx, algor1, algor2))
+			goto err;
+	}
+
+	if (!asn1_item_sign(ctx, it, asn, signature))
+		goto err;
+
+ done:
+	ret = signature->length;
+
+ err:
+	EVP_MD_CTX_cleanup(ctx);
+
+	return ret;
+}
+
 int
 ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)

lib/libcrypto/asn1/bio_ndef.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_ndef.c,v 1.22 2023/04/25 19:08:30 tb Exp $ */
+/* $OpenBSD: bio_ndef.c,v 1.23 2023/07/09 19:22:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -171,7 +171,7 @@ static int
 ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
 {
 	NDEF_SUPPORT *ndef_aux;
-	unsigned char *p;
+	unsigned char *p = NULL;
 	int derlen;
 
 	if (!parg)
@@ -179,13 +179,13 @@ ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
 
 	ndef_aux = *(NDEF_SUPPORT **)parg;
 
-	derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+	if ((derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it)) <= 0)
-	p = malloc(derlen);
+		return 0;
+
 	ndef_aux->derbuf = p;
 	*pbuf = p;
-	derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
 
-	if (!*ndef_aux->boundary)
+	if (*ndef_aux->boundary == NULL)
 		return 0;
 
 	*plen = *ndef_aux->boundary - *pbuf;
@@ -231,7 +231,7 @@ static int
 ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
 {
 	NDEF_SUPPORT *ndef_aux;
-	unsigned char *p;
+	unsigned char *p = NULL;
 	int derlen;
 	const ASN1_AUX *aux;
 	ASN1_STREAM_ARG sarg;
@@ -251,14 +251,15 @@ ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
 	    &ndef_aux->val, ndef_aux->it, &sarg) <= 0)
 		return 0;
 
-	derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+	if ((derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it)) <= 0)
-	p = malloc(derlen);
+		return 0;
+
 	ndef_aux->derbuf = p;
 	*pbuf = p;
-	derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
 
-	if (!*ndef_aux->boundary)
+	if (*ndef_aux->boundary == NULL)
 		return 0;
+
 	*pbuf = *ndef_aux->boundary;
 	*plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
 

lib/libcrypto/bio/bio_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_lib.c,v 1.46 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: bio_lib.c,v 1.47 2023/07/10 02:33:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -548,11 +548,10 @@ BIO_indent(BIO *b, int indent, int max)
 {
 	if (indent > max)
 		indent = max;
-	if (indent < 0)
+	if (indent <= 0)
-		indent = 0;
+		return 1;
-	while (indent--)
+	if (BIO_printf(b, "%*s", indent, "") <= 0)
-		if (BIO_puts(b, " ") != 1)
+		return 0;
-			return 0;
 	return 1;
 }
 LCRYPTO_ALIAS(BIO_indent);

lib/libcrypto/bn/bn_const.c

@@ -1,9 +1,10 @@
-/* $OpenBSD: bn_const.c,v 1.6 2023/07/08 12:21:58 beck Exp $ */
+/* $OpenBSD: bn_const.c,v 1.7 2023/07/10 03:26:30 tb Exp $ */
 /* Insert boilerplate */
 
 #include <openssl/bn.h>
 
-/* "First Oakley Default Group" from RFC2409, section 6.1.
+/*
+ * "First Oakley Default Group" from RFC2409, section 6.1.
  *
  * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
  *
@@ -11,19 +12,20 @@
  * RFC2412 specifies a generator of of 22.
  */
 
+static const unsigned char RFC2409_PRIME_768[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x3A, 0x36, 0x20, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 BIGNUM *
 get_rfc2409_prime_768(BIGNUM *bn)
 {
-	static const unsigned char RFC2409_PRIME_768[] = {
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-		0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-		0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-		0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-		0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-		0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-		0xA6, 0x3A, 0x36, 0x20, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-	};
 	return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
 }
 LCRYPTO_ALIAS(get_rfc2409_prime_768);
@@ -31,11 +33,12 @@ LCRYPTO_ALIAS(get_rfc2409_prime_768);
 BIGNUM *
 BN_get_rfc2409_prime_768(BIGNUM *bn)
 {
-	return get_rfc2409_prime_768(bn);
+	return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
 }
 LCRYPTO_ALIAS(BN_get_rfc2409_prime_768);
 
-/* "Second Oakley Default Group" from RFC2409, section 6.2.
+/*
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
  *
  * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
  *
@@ -43,22 +46,23 @@ LCRYPTO_ALIAS(BN_get_rfc2409_prime_768);
  * RFC2412 specifies a generator of 22.
  */
 
+static const unsigned char RFC2409_PRIME_1024[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 BIGNUM *
 get_rfc2409_prime_1024(BIGNUM *bn)
 {
-	static const unsigned char RFC2409_PRIME_1024[] = {
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-		0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-		0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-		0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-		0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-		0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-		0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-		0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-	};
 	return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
 }
 LCRYPTO_ALIAS(get_rfc2409_prime_1024);
@@ -66,11 +70,12 @@ LCRYPTO_ALIAS(get_rfc2409_prime_1024);
 BIGNUM *
 BN_get_rfc2409_prime_1024(BIGNUM *bn)
 {
-	return get_rfc2409_prime_1024(bn);
+	return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
 }
 LCRYPTO_ALIAS(BN_get_rfc2409_prime_1024);
 
-/* "1536-bit MODP Group" from RFC3526, Section 2.
+/*
+ * "1536-bit MODP Group" from RFC3526, Section 2.
  *
  * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
  *
@@ -78,27 +83,28 @@ LCRYPTO_ALIAS(BN_get_rfc2409_prime_1024);
  * RFC2312 specifies a generator of 22.
  */
 
+static const unsigned char RFC3526_PRIME_1536[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+	0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 BIGNUM *
 get_rfc3526_prime_1536(BIGNUM *bn)
 {
-	static const unsigned char RFC3526_PRIME_1536[] = {
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-		0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-		0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-		0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-		0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-		0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-		0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-		0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-		0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-		0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-		0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-		0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-		0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-		0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-	};
 	return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
 }
 LCRYPTO_ALIAS(get_rfc3526_prime_1536);
@@ -106,44 +112,46 @@ LCRYPTO_ALIAS(get_rfc3526_prime_1536);
 BIGNUM *
 BN_get_rfc3526_prime_1536(BIGNUM *bn)
 {
-	return get_rfc3526_prime_1536(bn);
+	return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
 }
 LCRYPTO_ALIAS(BN_get_rfc3526_prime_1536);
 
-/* "2048-bit MODP Group" from RFC3526, Section 3.
+/*
+ * "2048-bit MODP Group" from RFC3526, Section 3.
  *
  * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
  *
  * RFC3526 specifies a generator of 2.
  */
 
+static const unsigned char RFC3526_PRIME_2048[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 BIGNUM *
 get_rfc3526_prime_2048(BIGNUM *bn)
 {
-	static const unsigned char RFC3526_PRIME_2048[] = {
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-		0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-		0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-		0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-		0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-		0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-		0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-		0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-		0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-		0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-		0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-		0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-		0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-		0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-		0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
-		0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
-		0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
-		0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-		0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
-		0xFF, 0xFF, 0xFF, 0xFF,
-	};
 	return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
 }
 LCRYPTO_ALIAS(get_rfc3526_prime_2048);
@@ -151,54 +159,56 @@ LCRYPTO_ALIAS(get_rfc3526_prime_2048);
 BIGNUM *
 BN_get_rfc3526_prime_2048(BIGNUM *bn)
 {
-	return get_rfc3526_prime_2048(bn);
+	return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
 }
 LCRYPTO_ALIAS(BN_get_rfc3526_prime_2048);
 
-/* "3072-bit MODP Group" from RFC3526, Section 4.
+/*
+ * "3072-bit MODP Group" from RFC3526, Section 4.
  *
  * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
  *
  * RFC3526 specifies a generator of 2.
  */
 
+static const unsigned char RFC3526_PRIME_3072[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+	0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+	0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+	0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+	0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+	0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+	0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+	0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+	0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+	0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+	0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 BIGNUM *
 get_rfc3526_prime_3072(BIGNUM *bn)
 {
-	static const unsigned char RFC3526_PRIME_3072[] = {
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-		0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-		0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-		0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-		0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-		0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-		0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-		0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-		0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-		0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-		0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-		0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-		0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-		0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-		0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
-		0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
-		0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
-		0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-		0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
-		0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
-		0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
-		0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
-		0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
-		0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
-		0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
-		0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
-		0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
-		0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
-		0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
-		0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-	};
 	return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
 }
 LCRYPTO_ALIAS(get_rfc3526_prime_3072);
@@ -206,65 +216,67 @@ LCRYPTO_ALIAS(get_rfc3526_prime_3072);
 BIGNUM *
 BN_get_rfc3526_prime_3072(BIGNUM *bn)
 {
-	return get_rfc3526_prime_3072(bn);
+	return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
 }
 LCRYPTO_ALIAS(BN_get_rfc3526_prime_3072);
 
-/* "4096-bit MODP Group" from RFC3526, Section 5.
+/*
+ * "4096-bit MODP Group" from RFC3526, Section 5.
  *
  * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
  *
  * RFC3526 specifies a generator of 2.
  */
 
+static const unsigned char RFC3526_PRIME_4096[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+	0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+	0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+	0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+	0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+	0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+	0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+	0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+	0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+	0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+	0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+	0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+	0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+	0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+	0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+	0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+	0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+	0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+	0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+	0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+	0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 BIGNUM *
 get_rfc3526_prime_4096(BIGNUM *bn)
 {
-	static const unsigned char RFC3526_PRIME_4096[] = {
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-		0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-		0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-		0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-		0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-		0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-		0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-		0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-		0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-		0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-		0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-		0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-		0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-		0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-		0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
-		0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
-		0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
-		0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-		0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
-		0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
-		0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
-		0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
-		0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
-		0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
-		0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
-		0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
-		0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
-		0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
-		0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
-		0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
-		0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
-		0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
-		0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
-		0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
-		0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
-		0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
-		0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
-		0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
-		0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
-		0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-	};
 	return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
 }
 LCRYPTO_ALIAS(get_rfc3526_prime_4096);
@@ -272,86 +284,88 @@ LCRYPTO_ALIAS(get_rfc3526_prime_4096);
 BIGNUM *
 BN_get_rfc3526_prime_4096(BIGNUM *bn)
 {
-	return get_rfc3526_prime_4096(bn);
+	return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
 }
 LCRYPTO_ALIAS(BN_get_rfc3526_prime_4096);
 
-/* "6144-bit MODP Group" from RFC3526, Section 6.
+/*
+ * "6144-bit MODP Group" from RFC3526, Section 6.
  *
  * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
  *
  * RFC3526 specifies a generator of 2.
  */
 
+static const unsigned char RFC3526_PRIME_6144[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+	0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+	0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+	0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+	0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+	0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+	0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+	0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+	0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+	0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+	0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+	0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+	0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+	0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+	0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+	0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+	0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+	0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+	0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+	0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+	0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+	0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
+	0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+	0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
+	0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+	0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
+	0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+	0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
+	0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+	0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
+	0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+	0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
+	0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+	0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
+	0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+	0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
+	0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+	0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
+	0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+	0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
+	0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+	0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
+	0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 BIGNUM *
 get_rfc3526_prime_6144(BIGNUM *bn)
 {
-	static const unsigned char RFC3526_PRIME_6144[] = {
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-		0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-		0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-		0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-		0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-		0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-		0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-		0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-		0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-		0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-		0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-		0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-		0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-		0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-		0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
-		0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
-		0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
-		0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-		0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
-		0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
-		0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
-		0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
-		0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
-		0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
-		0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
-		0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
-		0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
-		0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
-		0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
-		0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
-		0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
-		0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
-		0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
-		0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
-		0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
-		0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
-		0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
-		0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
-		0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
-		0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
-		0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
-		0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
-		0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
-		0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
-		0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
-		0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
-		0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
-		0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
-		0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
-		0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
-		0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
-		0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
-		0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
-		0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
-		0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
-		0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
-		0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
-		0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
-		0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
-		0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
-		0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
-		0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-	};
 	return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
 }
 LCRYPTO_ALIAS(get_rfc3526_prime_6144);
@@ -359,108 +373,110 @@ LCRYPTO_ALIAS(get_rfc3526_prime_6144);
 BIGNUM *
 BN_get_rfc3526_prime_6144(BIGNUM *bn)
 {
-	return get_rfc3526_prime_6144(bn);
+	return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
 }
 LCRYPTO_ALIAS(BN_get_rfc3526_prime_6144);
 
-/* "8192-bit MODP Group" from RFC3526, Section 7.
+/*
+ * "8192-bit MODP Group" from RFC3526, Section 7.
  *
  * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
  *
  * RFC3526 specifies a generator of 2.
  */
 
+static const unsigned char RFC3526_PRIME_8192[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+	0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+	0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+	0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+	0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+	0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+	0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+	0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+	0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+	0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+	0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+	0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+	0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+	0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+	0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+	0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+	0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+	0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+	0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+	0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+	0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+	0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
+	0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+	0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
+	0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+	0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
+	0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+	0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
+	0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+	0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
+	0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+	0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
+	0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+	0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
+	0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+	0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
+	0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+	0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
+	0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+	0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
+	0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+	0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
+	0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
+	0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0,
+	0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
+	0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93,
+	0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
+	0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB,
+	0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
+	0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8,
+	0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
+	0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F,
+	0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
+	0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8,
+	0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
+	0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5,
+	0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
+	0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3,
+	0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
+	0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E,
+	0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
+	0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2,
+	0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
+	0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 BIGNUM *
 get_rfc3526_prime_8192(BIGNUM *bn)
 {
-	static const unsigned char RFC3526_PRIME_8192[] = {
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-		0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-		0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-		0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-		0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-		0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-		0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-		0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-		0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-		0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-		0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-		0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-		0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-		0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-		0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
-		0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
-		0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
-		0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-		0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
-		0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
-		0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
-		0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
-		0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
-		0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
-		0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
-		0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
-		0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
-		0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
-		0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
-		0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
-		0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
-		0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
-		0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
-		0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
-		0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
-		0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
-		0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
-		0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
-		0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
-		0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
-		0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
-		0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
-		0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
-		0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
-		0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
-		0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
-		0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
-		0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
-		0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
-		0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
-		0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
-		0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
-		0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
-		0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
-		0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
-		0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
-		0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
-		0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
-		0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
-		0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
-		0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
-		0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
-		0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0,
-		0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
-		0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93,
-		0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
-		0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB,
-		0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
-		0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8,
-		0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
-		0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F,
-		0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
-		0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8,
-		0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
-		0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5,
-		0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
-		0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3,
-		0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
-		0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E,
-		0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
-		0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2,
-		0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
-		0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF,
-		0xFF, 0xFF, 0xFF, 0xFF,
-	};
 	return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
 }
 LCRYPTO_ALIAS(get_rfc3526_prime_8192);
@@ -468,6 +484,6 @@ LCRYPTO_ALIAS(get_rfc3526_prime_8192);
 BIGNUM *
 BN_get_rfc3526_prime_8192(BIGNUM *bn)
 {
-	return get_rfc3526_prime_8192(bn);
+	return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
 }
 LCRYPTO_ALIAS(BN_get_rfc3526_prime_8192);

lib/libcrypto/bn/bn_convert.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_convert.c,v 1.13 2023/07/08 12:21:58 beck Exp $ */
+/* $OpenBSD: bn_convert.c,v 1.15 2023/07/09 18:37:58 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -497,20 +497,27 @@ BN_dec2bn(BIGNUM **bnp, const char *s)
 }
 LCRYPTO_ALIAS(BN_dec2bn);
 
-char *
+static int
-BN_bn2hex(const BIGNUM *bn)
+bn_bn2hex_internal(const BIGNUM *bn, int include_sign, int nibbles_only,
+    char **out, size_t *out_len)
 {
 	int started = 0;
 	uint8_t *s = NULL;
-	size_t s_len;
+	size_t s_len = 0;
 	BN_ULONG v, w;
 	int i, j;
 	CBB cbb;
+	CBS cbs;
+	uint8_t nul;
+	int ret = 0;
+
+	*out = NULL;
+	*out_len = 0;
 
 	if (!CBB_init(&cbb, 0))
 		goto err;
 
-	if (BN_is_negative(bn)) {
+	if (BN_is_negative(bn) && include_sign) {
 		if (!CBB_add_u8(&cbb, '-'))
 			goto err;
 	}
@@ -524,8 +531,10 @@ BN_bn2hex(const BIGNUM *bn)
 			v = (w >> j) & 0xff;
 			if (!started && v == 0)
 				continue;
-			if (!CBB_add_u8(&cbb, hex_digits[v >> 4]))
+			if (started || !nibbles_only || (v >> 4) != 0) {
-				goto err;
+				if (!CBB_add_u8(&cbb, hex_digits[v >> 4]))
+					goto err;
+			}
 			if (!CBB_add_u8(&cbb, hex_digits[v & 0xf]))
 				goto err;
 			started = 1;
@@ -536,8 +545,45 @@ BN_bn2hex(const BIGNUM *bn)
 	if (!CBB_finish(&cbb, &s, &s_len))
 		goto err;
 
+	/* The length of a C string does not include the terminating NUL. */
+	CBS_init(&cbs, s, s_len);
+	if (!CBS_get_last_u8(&cbs, &nul))
+		goto err;
+
+	*out = (char *)CBS_data(&cbs);
+	*out_len = CBS_len(&cbs);
+	s = NULL;
+	s_len = 0;
+
+	ret = 1;
+
  err:
 	CBB_cleanup(&cbb);
+	freezero(s, s_len);
+
+	return ret;
+}
+
+int
+bn_bn2hex_nosign(const BIGNUM *bn, char **out, size_t *out_len)
+{
+	return bn_bn2hex_internal(bn, 0, 0, out, out_len);
+}
+
+int
+bn_bn2hex_nibbles(const BIGNUM *bn, char **out, size_t *out_len)
+{
+	return bn_bn2hex_internal(bn, 1, 1, out, out_len);
+}
+
+char *
+BN_bn2hex(const BIGNUM *bn)
+{
+	char *s;
+	size_t s_len;
+
+	if (!bn_bn2hex_internal(bn, 1, 0, &s, &s_len))
+		return NULL;
 
 	return s;
 }
@@ -725,48 +771,3 @@ BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
 	return (a);
 }
 LCRYPTO_ALIAS(BN_mpi2bn);
-
-#ifndef OPENSSL_NO_BIO
-int
-BN_print_fp(FILE *fp, const BIGNUM *a)
-{
-	BIO *b;
-	int ret;
-
-	if ((b = BIO_new(BIO_s_file())) == NULL)
-		return (0);
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = BN_print(b, a);
-	BIO_free(b);
-	return (ret);
-}
-LCRYPTO_ALIAS(BN_print_fp);
-
-int
-BN_print(BIO *bp, const BIGNUM *a)
-{
-	int i, j, v, z = 0;
-	int ret = 0;
-
-	if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
-		goto end;
-	if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
-		goto end;
-	for (i = a->top - 1; i >= 0; i--) {
-		for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
-			/* strip leading zeros */
-			v = ((int)(a->d[i] >> (long)j)) & 0x0f;
-			if (z || (v != 0)) {
-				if (BIO_write(bp, &hex_digits[v], 1) != 1)
-					goto end;
-				z = 1;
-			}
-		}
-	}
-	ret = 1;
-
-end:
-	return (ret);
-}
-LCRYPTO_ALIAS(BN_print);
-#endif

lib/libcrypto/bn/bn_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.25 2023/07/06 14:37:39 tb Exp $ */
+/* $OpenBSD: bn_local.h,v 1.26 2023/07/09 18:27:22 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -327,5 +327,8 @@ int bn_printf(BIO *bio, const BIGNUM *bn, int indent, const char *fmt, ...)
     __attribute__((__format__ (printf, 4, 5)))
     __attribute__((__nonnull__ (4)));
 
+int bn_bn2hex_nosign(const BIGNUM *bn, char **out, size_t *out_len);
+int bn_bn2hex_nibbles(const BIGNUM *bn, char **out, size_t *out_len);
+
 __END_HIDDEN_DECLS
 #endif /* !HEADER_BN_LOCAL_H */

lib/libcrypto/bn/bn_prime.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_prime.c,v 1.33 2023/07/08 12:21:58 beck Exp $ */
+/* $OpenBSD: bn_prime.c,v 1.34 2023/07/20 06:26:27 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -240,6 +240,8 @@ BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
 }
 LCRYPTO_ALIAS(BN_is_prime_ex);
 
+#define BN_PRIME_MAXIMUM_BITS (32 * 1024)
+
 int
 BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
     int do_trial_division, BN_GENCB *cb)
@@ -249,6 +251,15 @@ BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
 	if (checks < 0)
 		return -1;
 
+	/*
+	 * Prime numbers this large do not appear in everyday cryptography
+	 * and checking such numbers for primality is very expensive.
+	 */
+	if (BN_num_bits(a) > BN_PRIME_MAXIMUM_BITS) {
+		BNerror(BN_R_BIGNUM_TOO_LONG);
+		return -1;
+	}
+
 	if (checks == BN_prime_checks)
 		checks = BN_prime_checks_for_size(BN_num_bits(a));
 

lib/libcrypto/bn/bn_print.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bn_print.c,v 1.42 2023/07/07 07:04:24 tb Exp $ */
+/*	$OpenBSD: bn_print.c,v 1.45 2023/07/10 02:29:28 tb Exp $ */
 
 /*
  * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -19,13 +19,14 @@
 #include <ctype.h>
 #include <limits.h>
 #include <stdarg.h>
+#include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
-#include <string.h>
 
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 
+#include "bn_local.h"
 #include "bytestring.h"
 
 static int
@@ -80,17 +81,14 @@ bn_print_bignum(BIO *bio, const BIGNUM *bn, int indent)
 	if (indent < 0)
 		indent = 0;
 
-	if ((hex = BN_bn2hex(bn)) == NULL)
+	if (!bn_bn2hex_nosign(bn, &hex, &hex_len))
 		goto err;
-	hex_len = strlen(hex);
 
 	CBS_init(&cbs, hex, hex_len);
 
 	if (BN_is_negative(bn)) {
 		if (BIO_printf(bio, " (Negative)") <= 0)
 			goto err;
-		if (!CBS_skip(&cbs, 1))
-			goto err;
 	}
 
 	while (CBS_len(&cbs) > 0) {
@@ -151,3 +149,45 @@ bn_printf(BIO *bio, const BIGNUM *bn, int indent, const char *fmt, ...)
 
 	return bn_print_bignum(bio, bn, indent);
 }
+
+int
+BN_print(BIO *bio, const BIGNUM *bn)
+{
+	char *hex = NULL;
+	size_t hex_len = 0;
+	int ret = 0;
+
+	if (!bn_bn2hex_nibbles(bn, &hex, &hex_len))
+		goto err;
+	if (BIO_printf(bio, "%s", hex) <= 0)
+		goto err;
+
+	ret = 1;
+
+ err:
+	freezero(hex, hex_len);
+
+	return ret;
+}
+LCRYPTO_ALIAS(BN_print);
+
+int
+BN_print_fp(FILE *fp, const BIGNUM *bn)
+{
+	char *hex = NULL;
+	size_t hex_len = 0;
+	int ret = 0;
+
+	if (!bn_bn2hex_nibbles(bn, &hex, &hex_len))
+		goto err;
+	if (fprintf(fp, "%s", hex) < 0)
+		goto err;
+
+	ret = 1;
+
+ err:
+	freezero(hex, hex_len);
+
+	return ret;
+}
+LCRYPTO_ALIAS(BN_print_fp);

lib/libcrypto/conf/conf_mod.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_mod.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: conf_mod.c,v 1.28 2023/07/20 15:05:30 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -63,21 +63,11 @@
 
 #include <openssl/conf.h>
 #include <openssl/crypto.h>
-#include <openssl/dso.h>
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
-#define DSO_mod_init_name "OPENSSL_init"
+/* This structure contains data about supported modules. */
-#define DSO_mod_finish_name "OPENSSL_finish"
-
-/* This structure contains a data about supported modules.
- * entries in this table correspond to either dynamic or
- * static modules.
- */
-
 struct conf_module_st {
-	/* DSO of this module or NULL if static */
-	DSO *dso;
 	/* Name of the module */
 	char *name;
 	/* Init function */
@@ -110,13 +100,11 @@ static void module_free(CONF_MODULE *md);
 static void module_finish(CONF_IMODULE *imod);
 static int module_run(const CONF *cnf, char *name, char *value,
     unsigned long flags);
-static CONF_MODULE *module_add(DSO *dso, const char *name,
+static CONF_MODULE *module_add(const char *name, conf_init_func *ifunc,
-    conf_init_func *ifunc, conf_finish_func *ffunc);
+    conf_finish_func *ffunc);
 static CONF_MODULE *module_find(char *name);
 static int module_init(CONF_MODULE *pmod, char *name, char *value,
     const CONF *cnf);
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-    unsigned long flags);
 
 /* Main function: load modules from a CONF structure */
 
@@ -203,13 +191,7 @@ module_run(const CONF *cnf, char *name, char *value, unsigned long flags)
 	CONF_MODULE *md;
 	int ret;
 
-	md = module_find(name);
+	if ((md = module_find(name)) == NULL) {
-
-	/* Module not found: try to load DSO */
-	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
-		md = module_load_dso(cnf, name, value, flags);
-
-	if (!md) {
 		if (!(flags & CONF_MFLAGS_SILENT)) {
 			CONFerror(CONF_R_UNKNOWN_MODULE_NAME);
 			ERR_asprintf_error_data("module=%s", name);
@@ -231,54 +213,9 @@ module_run(const CONF *cnf, char *name, char *value, unsigned long flags)
 	return ret;
 }
 
-/* Load a module from a DSO */
-static CONF_MODULE *
-module_load_dso(const CONF *cnf, char *name, char *value, unsigned long flags)
-{
-	DSO *dso = NULL;
-	conf_init_func *ifunc;
-	conf_finish_func *ffunc;
-	char *path = NULL;
-	int errcode = 0;
-	CONF_MODULE *md;
-
-	/* Look for alternative path in module section */
-	path = NCONF_get_string(cnf, value, "path");
-	if (!path) {
-		ERR_clear_error();
-		path = name;
-	}
-	dso = DSO_load(NULL, path, NULL, 0);
-	if (!dso) {
-		errcode = CONF_R_ERROR_LOADING_DSO;
-		goto err;
-	}
-	ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
-	if (!ifunc) {
-		errcode = CONF_R_MISSING_INIT_FUNCTION;
-		goto err;
-	}
-	ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
-	/* All OK, add module */
-	md = module_add(dso, name, ifunc, ffunc);
-
-	if (!md)
-		goto err;
-
-	return md;
-
-err:
-	if (dso)
-		DSO_free(dso);
-	CONFerror(errcode);
-	ERR_asprintf_error_data("module=%s, path=%s", name, path);
-	return NULL;
-}
-
 /* add module to list */
 static CONF_MODULE *
-module_add(DSO *dso, const char *name, conf_init_func *ifunc,
+module_add(const char *name, conf_init_func *ifunc, conf_finish_func *ffunc)
-    conf_finish_func *ffunc)
 {
 	CONF_MODULE *tmod = NULL;
 
@@ -292,7 +229,6 @@ module_add(DSO *dso, const char *name, conf_init_func *ifunc,
 	if (tmod == NULL)
 		return NULL;
 
-	tmod->dso = dso;
 	tmod->name = strdup(name);
 	tmod->init = ifunc;
 	tmod->finish = ffunc;
@@ -412,8 +348,7 @@ CONF_modules_unload(int all)
 	/* unload modules in reverse order */
 	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
 		md = sk_CONF_MODULE_value(supported_modules, i);
-		/* If static or in use and 'all' not set ignore it */
+		if (!all)
-		if (((md->links > 0) || !md->dso) && !all)
 			continue;
 		/* Since we're working in reverse this is OK */
 		(void)sk_CONF_MODULE_delete(supported_modules, i);
@@ -429,8 +364,6 @@ CONF_modules_unload(int all)
 static void
 module_free(CONF_MODULE *md)
 {
-	if (md->dso)
-		DSO_free(md->dso);
 	free(md->name);
 	free(md);
 }
@@ -466,13 +399,9 @@ module_finish(CONF_IMODULE *imod)
 /* Add a static module to OpenSSL */
 
 int
-CONF_module_add(const char *name, conf_init_func *ifunc,
+CONF_module_add(const char *name, conf_init_func *ifunc, conf_finish_func *ffunc)
-    conf_finish_func *ffunc)
 {
-	if (module_add(NULL, name, ifunc, ffunc))
+	return module_add(name, ifunc, ffunc) != NULL;
-		return 1;
-	else
-		return 0;
 }
 
 void

lib/libcrypto/ecdh/ecdh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdh.c,v 1.4 2023/07/07 13:54:45 beck Exp $ */
+/* $OpenBSD: ecdh.c,v 1.5 2023/07/12 08:54:18 tb Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -151,7 +151,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh
     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
 {
 	BN_CTX *ctx;
-	BIGNUM *cofactor, *x;
+	BIGNUM *x;
 	const BIGNUM *priv_key;
 	const EC_GROUP *group;
 	EC_POINT *point = NULL;
@@ -172,8 +172,6 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh
 
 	if ((x = BN_CTX_get(ctx)) == NULL)
 		goto err;
-	if ((cofactor = BN_CTX_get(ctx)) == NULL)
-		goto err;
 
 	if ((group = EC_KEY_get0_group(ecdh)) == NULL)
 		goto err;
@@ -191,18 +189,6 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh
 		goto err;
 	}
 
-	if ((EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) != 0) {
-		if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) {
-			ECerror(ERR_R_EC_LIB);
-			goto err;
-		}
-		if (!BN_mul(cofactor, cofactor, priv_key, ctx)) {
-			ECerror(ERR_R_BN_LIB);
-			goto err;
-		}
-		priv_key = cofactor;
-	}
-
 	if (!EC_POINT_mul(group, point, NULL, pub_key, priv_key, ctx)) {
 		ECerror(EC_R_POINT_ARITHMETIC_FAILURE);
 		goto err;

lib/libcrypto/ecdsa/ecdsa.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdsa.c,v 1.11 2023/07/07 13:54:45 beck Exp $ */
+/* $OpenBSD: ecdsa.c,v 1.12 2023/07/10 19:10:51 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -166,17 +166,17 @@ ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
 LCRYPTO_ALIAS(ECDSA_SIG_set0);
 
 int
-ECDSA_size(const EC_KEY *r)
+ECDSA_size(const EC_KEY *key)
 {
 	const EC_GROUP *group;
 	const BIGNUM *order = NULL;
 	ECDSA_SIG sig;
 	int ret = 0;
 
-	if (r == NULL)
+	if (key == NULL)
 		goto err;
 
-	if ((group = EC_KEY_get0_group(r)) == NULL)
+	if ((group = EC_KEY_get0_group(key)) == NULL)
 		goto err;
 
 	if ((order = EC_GROUP_get0_order(group)) == NULL)

lib/libcrypto/engine/eng_aesni.c

@@ -1,562 +0,0 @@
-/* $OpenBSD: eng_aesni.c,v 1.12 2022/12/26 07:18:51 jmc Exp $ */
-/*
- * Support for Intel AES-NI instruction set
- *   Author: Huang Ying <ying.huang@intel.com>
- *
- * Intel AES-NI is a new set of Single Instruction Multiple Data
- * (SIMD) instructions that are going to be introduced in the next
- * generation of Intel processor, as of 2009. These instructions
- * enable fast and secure data encryption and decryption, using the
- * Advanced Encryption Standard (AES), defined by FIPS Publication
- * number 197.  The architecture introduces six instructions that
- * offer full hardware support for AES. Four of them support high
- * performance data encryption and decryption, and the other two
- * instructions support the AES key expansion procedure.
- *
- * The white paper can be downloaded from:
- *   http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
- *
- * This file is based on engines/e_padlock.c
- */
-
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES)
-
-#include <openssl/aes.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-
-/* AES-NI is available *ONLY* on some x86 CPUs.  Not only that it
-   doesn't exist elsewhere, but it even can't be compiled on other
-   platforms! */
-#undef COMPILE_HW_AESNI
-#if (defined(__x86_64) || defined(__x86_64__) || \
-     defined(_M_AMD64) || defined(_M_X64) || \
-     defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM) && !defined(__i386__)
-#define COMPILE_HW_AESNI
-#include "x86_arch.h"
-#endif
-static ENGINE *ENGINE_aesni(void);
-
-void ENGINE_load_aesni(void)
-{
-/* On non-x86 CPUs it just returns. */
-#ifdef COMPILE_HW_AESNI
-	ENGINE *toadd = ENGINE_aesni();
-	if (toadd == NULL)
-		return;
-	ENGINE_add(toadd);
-	ENGINE_register_complete(toadd);
-	ENGINE_free(toadd);
-	ERR_clear_error();
-#endif
-}
-
-#ifdef COMPILE_HW_AESNI
-int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-
-void aesni_encrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-void aesni_decrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-
-void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, int enc);
-void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
-
-/* Function for ENGINE detection and control */
-static int aesni_init(ENGINE *e);
-
-/* Cipher Stuff */
-static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-    const int **nids, int nid);
-
-#define AESNI_MIN_ALIGN	16
-#define AESNI_ALIGN(x) \
-	((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
-
-/* Engine names */
-static const char   aesni_id[] = "aesni",
-    aesni_name[] = "Intel AES-NI engine",
-    no_aesni_name[] = "Intel AES-NI engine (no-aesni)";
-
-
-/* The input and output encrypted as though 128bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-static void
-aesni_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-    unsigned int len, const void *key, unsigned char ivec[16], int *num,
-    int enc)
-{
-	unsigned int n;
-	size_t l = 0;
-
-	n = *num;
-
-	if (enc) {
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-			if (16%sizeof(size_t) == 0) do {	/* always true actually */
-			while (n && len) {
-				*(out++) = ivec[n] ^= *(in++);
-				--len;
-				n = (n + 1) % 16;
-			}
-			while (len >= 16) {
-				aesni_encrypt(ivec, ivec, key);
-				for (n = 0; n < 16; n += sizeof(size_t)) {
-					*(size_t*)(out + n) =
-					    *(size_t*)(ivec + n) ^= *(size_t*)(in + n);
-				}
-				len -= 16;
-				out += 16;
-				in += 16;
-			}
-			n = 0;
-			if (len) {
-				aesni_encrypt(ivec, ivec, key);
-				while (len--) {
-					out[n] = ivec[n] ^= in[n];
-					++n;
-				}
-			}
-			*num = n;
-			return;
-		} while (0);
-		/* the rest would be commonly eliminated by x86* compiler */
-#endif
-		while (l < len) {
-			if (n == 0) {
-				aesni_encrypt(ivec, ivec, key);
-			}
-			out[l] = ivec[n] ^= in[l];
-			++l;
-			n = (n + 1) % 16;
-		}
-		*num = n;
-	} else {
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-			if (16%sizeof(size_t) == 0) do {	/* always true actually */
-			while (n && len) {
-				unsigned char c;
-				*(out++) = ivec[n] ^ (c = *(in++));
-				ivec[n] = c;
-				--len;
-				n = (n + 1) % 16;
-			}
-			while (len >= 16) {
-				aesni_encrypt(ivec, ivec, key);
-				for (n = 0; n < 16; n += sizeof(size_t)) {
-					size_t t = *(size_t*)(in + n);
-					*(size_t*)(out + n) = *(size_t*)(ivec + n) ^ t;
-					*(size_t*)(ivec + n) = t;
-				}
-				len -= 16;
-				out += 16;
-				in += 16;
-			}
-			n = 0;
-			if (len) {
-				aesni_encrypt(ivec, ivec, key);
-				while (len--) {
-					unsigned char c;
-					out[n] = ivec[n] ^ (c = in[n]);
-					ivec[n] = c;
-					++n;
-				}
-			}
-			*num = n;
-			return;
-		} while (0);
-		/* the rest would be commonly eliminated by x86* compiler */
-#endif
-		while (l < len) {
-			unsigned char c;
-			if (n == 0) {
-				aesni_encrypt(ivec, ivec, key);
-			}
-			out[l] = ivec[n] ^ (c = in[l]);
-			ivec[n] = c;
-			++l;
-			n = (n + 1) % 16;
-		}
-		*num = n;
-	}
-}
-
-/* The input and output encrypted as though 128bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-static void
-aesni_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-    unsigned int len, const void *key, unsigned char ivec[16], int *num)
-{
-	unsigned int n;
-	size_t l = 0;
-
-	n = *num;
-
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-		if (16%sizeof(size_t) == 0) do { /* always true actually */
-		while (n && len) {
-			*(out++) = *(in++) ^ ivec[n];
-			--len;
-			n = (n + 1) % 16;
-		}
-		while (len >= 16) {
-			aesni_encrypt(ivec, ivec, key);
-			for (n = 0; n < 16; n += sizeof(size_t))
-				*(size_t*)(out + n) =
-				    *(size_t*)(in + n) ^ *(size_t*)(ivec + n);
-			len -= 16;
-			out += 16;
-			in += 16;
-		}
-		n = 0;
-		if (len) {
-			aesni_encrypt(ivec, ivec, key);
-			while (len--) {
-				out[n] = in[n] ^ ivec[n];
-				++n;
-			}
-		}
-		*num = n;
-		return;
-	} while (0);
-	/* the rest would be commonly eliminated by x86* compiler */
-#endif
-	while (l < len) {
-		if (n == 0) {
-			aesni_encrypt(ivec, ivec, key);
-		}
-		out[l] = in[l] ^ ivec[n];
-		++l;
-		n = (n + 1) % 16;
-	}
-
-	*num = n;
-}
-/* ===== Engine "management" functions ===== */
-
-/* Prepare the ENGINE structure for registration */
-static int
-aesni_bind_helper(ENGINE *e)
-{
-	int engage;
-
-	engage = (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) != 0;
-
-	/* Register everything or return with an error */
-	if (!ENGINE_set_id(e, aesni_id) ||
-	    !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
-	    !ENGINE_set_init_function(e, aesni_init) ||
-	    (engage && !ENGINE_set_ciphers (e, aesni_ciphers)))
-		return 0;
-
-	/* Everything looks good */
-	return 1;
-}
-
-/* Constructor */
-static ENGINE *
-ENGINE_aesni(void)
-{
-	ENGINE *eng = ENGINE_new();
-
-	if (!eng) {
-		return NULL;
-	}
-
-	if (!aesni_bind_helper(eng)) {
-		ENGINE_free(eng);
-		return NULL;
-	}
-
-	return eng;
-}
-
-/* Check availability of the engine */
-static int
-aesni_init(ENGINE *e)
-{
-	return 1;
-}
-
-#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
-#define NID_aes_128_cfb	NID_aes_128_cfb128
-#endif
-
-#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
-#define NID_aes_128_ofb	NID_aes_128_ofb128
-#endif
-
-#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
-#define NID_aes_192_cfb	NID_aes_192_cfb128
-#endif
-
-#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
-#define NID_aes_192_ofb	NID_aes_192_ofb128
-#endif
-
-#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
-#define NID_aes_256_cfb	NID_aes_256_cfb128
-#endif
-
-#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
-#define NID_aes_256_ofb	NID_aes_256_ofb128
-#endif
-
-/* List of supported ciphers. */
-static int aesni_cipher_nids[] = {
-	NID_aes_128_ecb,
-	NID_aes_128_cbc,
-	NID_aes_128_cfb,
-	NID_aes_128_ofb,
-
-	NID_aes_192_ecb,
-	NID_aes_192_cbc,
-	NID_aes_192_cfb,
-	NID_aes_192_ofb,
-
-	NID_aes_256_ecb,
-	NID_aes_256_cbc,
-	NID_aes_256_cfb,
-	NID_aes_256_ofb,
-};
-static int aesni_cipher_nids_num =
-    (sizeof(aesni_cipher_nids) / sizeof(aesni_cipher_nids[0]));
-
-typedef struct {
-	AES_KEY ks;
-	unsigned int _pad1[3];
-} AESNI_KEY;
-
-static int
-aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
-    const unsigned char *iv, int enc)
-{
-	int ret;
-	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
-
-	if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE ||
-	    (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE ||
-	    enc)
-		ret = aesni_set_encrypt_key(user_key, ctx->key_len * 8, key);
-	else
-		ret = aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
-
-	if (ret < 0) {
-		EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
-		return 0;
-	}
-
-	return 1;
-}
-
-static int
-aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t inl)
-{
-	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
-
-	aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt);
-	return 1;
-}
-
-static int
-aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t inl)
-{
-	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
-
-	aesni_cbc_encrypt(in, out, inl, key, ctx->iv, ctx->encrypt);
-	return 1;
-}
-
-static int
-aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t inl)
-{
-	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
-
-	aesni_cfb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num,
-	    ctx->encrypt);
-	return 1;
-}
-
-static int
-aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t inl)
-{
-	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
-
-	aesni_ofb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num);
-	return 1;
-}
-
-#define AES_BLOCK_SIZE		16
-
-#define EVP_CIPHER_block_size_ECB	AES_BLOCK_SIZE
-#define EVP_CIPHER_block_size_CBC	AES_BLOCK_SIZE
-#define EVP_CIPHER_block_size_OFB	1
-#define EVP_CIPHER_block_size_CFB	1
-
-/* Declaring so many ciphers by hand would be a pain.
-   Instead introduce a bit of preprocessor magic :-) */
-#define	DECLARE_AES_EVP(ksize,lmode,umode)	\
-static const EVP_CIPHER aesni_##ksize##_##lmode = {	\
-	NID_aes_##ksize##_##lmode,			\
-	EVP_CIPHER_block_size_##umode,			\
-	ksize / 8,					\
-	AES_BLOCK_SIZE,					\
-	0 | EVP_CIPH_##umode##_MODE,			\
-	aesni_init_key,				\
-	aesni_cipher_##lmode,				\
-	NULL,						\
-	sizeof(AESNI_KEY),				\
-	EVP_CIPHER_set_asn1_iv,				\
-	EVP_CIPHER_get_asn1_iv,				\
-	NULL,						\
-	NULL						\
-}
-
-DECLARE_AES_EVP(128, ecb, ECB);
-DECLARE_AES_EVP(128, cbc, CBC);
-DECLARE_AES_EVP(128, cfb, CFB);
-DECLARE_AES_EVP(128, ofb, OFB);
-
-DECLARE_AES_EVP(192, ecb, ECB);
-DECLARE_AES_EVP(192, cbc, CBC);
-DECLARE_AES_EVP(192, cfb, CFB);
-DECLARE_AES_EVP(192, ofb, OFB);
-
-DECLARE_AES_EVP(256, ecb, ECB);
-DECLARE_AES_EVP(256, cbc, CBC);
-DECLARE_AES_EVP(256, cfb, CFB);
-DECLARE_AES_EVP(256, ofb, OFB);
-
-static int
-aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
-{
-	/* No specific cipher => return a list of supported nids ... */
-	if (!cipher) {
-		*nids = aesni_cipher_nids;
-		return aesni_cipher_nids_num;
-	}
-
-	/* ... or the requested "cipher" otherwise */
-	switch (nid) {
-	case NID_aes_128_ecb:
-		*cipher = &aesni_128_ecb;
-		break;
-	case NID_aes_128_cbc:
-		*cipher = &aesni_128_cbc;
-		break;
-	case NID_aes_128_cfb:
-		*cipher = &aesni_128_cfb;
-		break;
-	case NID_aes_128_ofb:
-		*cipher = &aesni_128_ofb;
-		break;
-
-	case NID_aes_192_ecb:
-		*cipher = &aesni_192_ecb;
-		break;
-	case NID_aes_192_cbc:
-		*cipher = &aesni_192_cbc;
-		break;
-	case NID_aes_192_cfb:
-		*cipher = &aesni_192_cfb;
-		break;
-	case NID_aes_192_ofb:
-		*cipher = &aesni_192_ofb;
-		break;
-
-	case NID_aes_256_ecb:
-		*cipher = &aesni_256_ecb;
-		break;
-	case NID_aes_256_cbc:
-		*cipher = &aesni_256_cbc;
-		break;
-	case NID_aes_256_cfb:
-		*cipher = &aesni_256_cfb;
-		break;
-	case NID_aes_256_ofb:
-		*cipher = &aesni_256_ofb;
-		break;
-
-	default:
-		/* Sorry, we don't support this NID */
-		*cipher = NULL;
-		return 0;
-	}
-	return 1;
-}
-
-#endif /* COMPILE_HW_AESNI */
-#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */

lib/libcrypto/engine/eng_openssl.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_openssl.c,v 1.16 2022/11/26 16:08:52 tb Exp $ */
+/* $OpenBSD: eng_openssl.c,v 1.17 2023/07/20 15:08:12 tb Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -67,7 +67,6 @@
 #include <openssl/opensslconf.h>
 
 #include <openssl/crypto.h>
-#include <openssl/dso.h>
 #include <openssl/engine.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>

lib/libcrypto/engine/eng_padlock.ec

@@ -1 +0,0 @@
-L PADLOCK	eng_padlock_err.h			eng_padlock_err.c

lib/libcrypto/man/BN_get_rfc3526_prime_8192.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: get_rfc3526_prime_8192.3,v 1.7 2023/04/02 23:33:42 tb Exp $
+.\" $OpenBSD: BN_get_rfc3526_prime_8192.3,v 1.1 2023/07/20 16:26:40 tb Exp $
 .\" checked up to: OpenSSL DH_get_1024_160 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
@@ -15,18 +15,10 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: April 2 2023 $
+.Dd $Mdocdate: July 20 2023 $
-.Dt GET_RFC3526_PRIME_8192 3
+.Dt BN_GET_RFC3526_PRIME_8192 3
 .Os
 .Sh NAME
-.Nm get_rfc2409_prime_768 ,
-.Nm get_rfc2409_prime_1024 ,
-.Nm get_rfc3526_prime_1536 ,
-.Nm get_rfc3526_prime_2048 ,
-.Nm get_rfc3526_prime_3072 ,
-.Nm get_rfc3526_prime_4096 ,
-.Nm get_rfc3526_prime_6144 ,
-.Nm get_rfc3526_prime_8192 ,
 .Nm BN_get_rfc2409_prime_768 ,
 .Nm BN_get_rfc2409_prime_1024 ,
 .Nm BN_get_rfc3526_prime_1536 ,
@@ -39,22 +31,6 @@
 .Sh SYNOPSIS
 .In openssl/bn.h
 .Ft BIGNUM *
-.Fn get_rfc2409_prime_768 "BIGNUM *bn"
-.Ft BIGNUM *
-.Fn get_rfc2409_prime_1024 "BIGNUM *bn"
-.Ft BIGNUM *
-.Fn get_rfc3526_prime_1536 "BIGNUM *bn"
-.Ft BIGNUM *
-.Fn get_rfc3526_prime_2048 "BIGNUM *bn"
-.Ft BIGNUM *
-.Fn get_rfc3526_prime_3072 "BIGNUM *bn"
-.Ft BIGNUM *
-.Fn get_rfc3526_prime_4096 "BIGNUM *bn"
-.Ft BIGNUM *
-.Fn get_rfc3526_prime_6144 "BIGNUM *bn"
-.Ft BIGNUM *
-.Fn get_rfc3526_prime_8192 "BIGNUM *bn"
-.Ft BIGNUM *
 .Fn BN_get_rfc2409_prime_768 "BIGNUM *bn"
 .Ft BIGNUM *
 .Fn BN_get_rfc2409_prime_1024 "BIGNUM *bn"
@@ -74,9 +50,6 @@
 Each of these functions returns one specific constant Sophie Germain
 prime number
 .Fa p .
-The names with the prefix
-.Sq BN_
-are aliases for the names without that prefix.
 .Pp
 If
 .Fa bn
@@ -153,22 +126,23 @@ information about these numbers.
 RFC 3526, "More Modular Exponential (MODP) Diffie-Hellman groups
 for Internet Key Exchange (IKE)", defines the other six numbers.
 .Sh HISTORY
-.Fn get_rfc2409_prime_768 ,
+.Fn BN_get_rfc2409_prime_768 ,
-.Fn get_rfc2409_prime_1024 ,
+.Fn BN_get_rfc2409_prime_1024 ,
-.Fn get_rfc3526_prime_1536 ,
+.Fn BN_get_rfc3526_prime_1536 ,
-.Fn get_rfc3526_prime_2048 ,
+.Fn BN_get_rfc3526_prime_2048 ,
-.Fn get_rfc3526_prime_3072 ,
+.Fn BN_get_rfc3526_prime_3072 ,
-.Fn get_rfc3526_prime_4096 ,
+.Fn BN_get_rfc3526_prime_4096 ,
-.Fn get_rfc3526_prime_6144 ,
+.Fn BN_get_rfc3526_prime_6144 ,
 and
-.Fn get_rfc3526_prime_8192
+.Fn BN_get_rfc3526_prime_8192
-first appeared in OpenSSL 0.9.8a and have been available since
+first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 4.5 .
-.Pp
-The
-.Sy BN_
-aliases first appeared in OpenSSL 1.1.0 and have been available since
 .Ox 6.3 .
+The same functions without
+.Sy BN_
+prefix first appeared in OpenSSL 0.9.8a and
+.Ox 4.5 ;
+they were removed in
+.Ox 7.4 .
 .Sh CAVEATS
 As all the memory needed for storing the numbers is dynamically
 allocated, the

lib/libcrypto/man/BN_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BN_new.3,v 1.28 2023/07/09 06:45:03 tb Exp $
+.\" $OpenBSD: BN_new.3,v 1.29 2023/07/20 09:38:45 tb Exp $
 .\" full merge up to: OpenSSL man3/BN_new 2457c19d Mar 6 08:43:36 2004 +0000
 .\" selective merge up to: man3/BN_new 681acb31 Sep 29 13:10:34 2017 +0200
 .\" full merge up to: OpenSSL man7/bn 05ea606a May 20 20:52:46 2016 -0400
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 9 2023 $
+.Dd $Mdocdate: July 20 2023 $
 .Dt BN_NEW 3
 .Os
 .Sh NAME
@@ -155,7 +155,7 @@ and sets an error code that can be obtained by
 .Xr BN_swap 3 ,
 .Xr BN_zero 3 ,
 .Xr crypto 3 ,
-.Xr get_rfc3526_prime_8192 3
+.Xr BN_get_rfc3526_prime_8192 3
 .Sh HISTORY
 .Fn BN_new ,
 .Fn BN_clear ,

lib/libcrypto/man/ECDSA_SIG_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ECDSA_SIG_new.3,v 1.17 2023/03/07 06:12:27 tb Exp $
+.\" $OpenBSD: ECDSA_SIG_new.3,v 1.18 2023/07/20 09:28:30 tb Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\" selective merge up to: OpenSSL da4ea0cf Aug 5 16:13:24 2019 +0100
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 7 2023 $
+.Dd $Mdocdate: July 20 2023 $
 .Dt ECDSA_SIG_NEW 3
 .Os
 .Sh NAME
@@ -63,12 +63,9 @@
 .Nm i2d_ECDSA_SIG ,
 .Nm d2i_ECDSA_SIG ,
 .Nm ECDSA_size ,
-.Nm ECDSA_sign_setup ,
 .Nm ECDSA_sign ,
-.Nm ECDSA_sign_ex ,
 .Nm ECDSA_verify ,
 .Nm ECDSA_do_sign ,
-.Nm ECDSA_do_sign_ex ,
 .Nm ECDSA_do_verify ,
 .Nm ECDSA_OpenSSL ,
 .Nm ECDSA_get_default_method ,
@@ -121,13 +118,6 @@
 .Fa "const EC_KEY *eckey"
 .Fc
 .Ft int
-.Fo ECDSA_sign_setup
-.Fa "EC_KEY *eckey"
-.Fa "BN_CTX *ctx"
-.Fa "BIGNUM **kinv"
-.Fa "BIGNUM **rp"
-.Fc
-.Ft int
 .Fo ECDSA_sign
 .Fa "int type"
 .Fa "const unsigned char *dgst"
@@ -137,17 +127,6 @@
 .Fa "EC_KEY *eckey"
 .Fc
 .Ft int
-.Fo ECDSA_sign_ex
-.Fa "int type"
-.Fa "const unsigned char *dgst"
-.Fa "int dgstlen"
-.Fa "unsigned char *sig"
-.Fa "unsigned int *siglen"
-.Fa "const BIGNUM *kinv"
-.Fa "const BIGNUM *rp"
-.Fa "EC_KEY *eckey"
-.Fc
-.Ft int
 .Fo ECDSA_verify
 .Fa "int type"
 .Fa "const unsigned char *dgst"
@@ -162,14 +141,6 @@
 .Fa "int dgst_len"
 .Fa "EC_KEY *eckey"
 .Fc
-.Ft ECDSA_SIG*
-.Fo ECDSA_do_sign_ex
-.Fa "const unsigned char *dgst"
-.Fa "int dgstlen"
-.Fa "const BIGNUM *kinv"
-.Fa "const BIGNUM *rp"
-.Fa "EC_KEY *eckey"
-.Fc
 .Ft int
 .Fo ECDSA_do_verify
 .Fa "const unsigned char *dgst"
@@ -284,45 +255,13 @@ returns the maximum length of a DER-encoded ECDSA signature created with
 the private EC key
 .Fa eckey .
 .Pp
-.Fn ECDSA_sign_setup
-may be used to precompute parts of the signing operation.
-.Fa eckey
-is the private EC key and
-.Fa ctx
-is a pointer to a
-.Vt BN_CTX
-structure (or
-.Dv NULL ) .
-The precomputed values are returned in
-.Fa kinv
-and
-.Fa rp
-and can be used in a later call to
-.Fa ECDSA_sign_ex
-or
-.Fa ECDSA_do_sign_ex .
-.Pp
 .Fn ECDSA_sign
-is a wrapper function for
-.Fa ECDSA_sign_ex
-with
-.Fa kinv
-and
-.Fa rp
-set to
-.Dv NULL .
-.Pp
-.Fn ECDSA_sign_ex
 computes a digital signature of the
 .Fa dgstlen
 bytes hash value
 .Fa dgst
 using the private EC key
-.Fa eckey
+.Fa eckey .
-and the optional pre-computed values
-.Fa kinv
-and
-.Fa rp .
 The DER-encoded signature is stored in
 .Fa sig
 and its length is returned in
@@ -352,26 +291,12 @@ The parameter
 is ignored.
 .Pp
 .Fn ECDSA_do_sign
-is a wrapper function for
-.Fn ECDSA_do_sign_ex
-with
-.Fa kinv
-and
-.Fa rp
-set to
-.Dv NULL .
-.Pp
-.Fn ECDSA_do_sign_ex
 computes a digital signature of the
 .Fa dgst_len
 bytes hash value
 .Fa dgst
 using the private key
-.Fa eckey
+.Fa eckey .
-and the optional pre-computed values
-.Fa kinv
-and
-.Fa rp .
 The signature is returned in a newly allocated
 .Vt ECDSA_SIG
 structure (or
@@ -418,17 +343,13 @@ object if it has been set or
 .Dv NULL
 otherwise.
 .Pp
-.Fn ECDSA_SIG_set0 ,
+.Fn ECDSA_SIG_set0
-.Fn ECDSA_sign ,
-.Fn ECDSA_sign_ex ,
 and
-.Fn ECDSA_sign_setup
+.Fn ECDSA_sign
 return 1 if successful or 0 on error.
 .Pp
 .Fn ECDSA_do_sign
-and
+returns a pointer to an allocated
-.Fn ECDSA_do_sign_ex
-return a pointer to an allocated
 .Vt ECDSA_SIG
 structure or
 .Dv NULL
@@ -516,12 +437,12 @@ if (ret == -1) {
 .Xr EC_GROUP_new 3 ,
 .Xr EC_KEY_METHOD_new 3 ,
 .Xr EC_KEY_new 3 ,
-.Xr ECDSA_set_ex_data 3 ,
+.Xr EC_KEY_set_ex_data 3 ,
 .Xr EVP_DigestSignInit 3 ,
 .Xr EVP_DigestVerifyInit 3 ,
 .Xr RSA_new 3
 .Sh STANDARDS
-ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
+ANSI X9.62, US Federal Information Processing Standard FIPS 186-5
 (Digital Signature Standard, DSS)
 .Sh HISTORY
 .Fn ECDSA_SIG_new ,
@@ -529,12 +450,9 @@ ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
 .Fn i2d_ECDSA_SIG ,
 .Fn d2i_ECDSA_SIG ,
 .Fn ECDSA_size ,
-.Fn ECDSA_sign_setup ,
 .Fn ECDSA_sign ,
-.Fn ECDSA_sign_ex ,
 .Fn ECDSA_verify ,
 .Fn ECDSA_do_sign ,
-.Fn ECDSA_do_sign_ex ,
 .Fn ECDSA_do_verify ,
 .Fn ECDSA_OpenSSL ,
 .Fn ECDSA_get_default_method ,

lib/libcrypto/man/EC_KEY_METHOD_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.1 2019/08/16 16:15:50 schwarze Exp $
+.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.2 2023/07/20 09:28:30 tb Exp $
 .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 16 2019 $
+.Dd $Mdocdate: July 20 2023 $
 .Dt EC_KEY_METHOD_NEW 3
 .Os
 .Sh NAME
@@ -225,10 +225,9 @@ to selectively retrieve callback function pointers.
 and
 .Fn EC_KEY_METHOD_get_sign
 set and retrieve the functions implementing
-.Xr ECDSA_sign_ex 3 ,
+.Xr ECDSA_sign 3
-.Xr ECDSA_sign_setup 3 ,
 and
-.Xr ECDSA_do_sign_ex 3 .
+.Xr ECDSA_do_sign 3 .
 .Pp
 .Fn EC_KEY_METHOD_set_verify
 and

lib/libcrypto/man/ENGINE_get_default_RSA.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $
+.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.3 2023/07/20 09:28:30 tb Exp $
 .\" content checked up to:
 .\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
 .\"
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: April 18 2018 $
+.Dd $Mdocdate: July 20 2023 $
 .Dt ENGINE_GET_DEFAULT_RSA 3
 .Os
 .Sh NAME
@@ -107,7 +107,7 @@ they are called automatically when needed, in particular from
 .Fn ECDH_set_method ,
 .Fn ECDH_compute_key ,
 .Xr ECDSA_set_method 3 ,
-.Xr ECDSA_do_sign_ex 3 ,
+.Xr ECDSA_do_sign 3 ,
 .Xr ECDSA_do_verify 3 ,
 .Xr DH_new 3 ,
 .Xr EVP_CipherInit_ex 3 ,

lib/libcrypto/man/ENGINE_set_RSA.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ENGINE_set_RSA.3,v 1.5 2019/06/06 17:41:43 schwarze Exp $
+.\" $OpenBSD: ENGINE_set_RSA.3,v 1.6 2023/07/20 09:28:30 tb Exp $
 .\" content checked up to:
 .\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
 .\"
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: July 20 2023 $
 .Dt ENGINE_SET_RSA 3
 .Os
 .Sh NAME
@@ -238,8 +238,8 @@ as shown in the following table:
 .It Fn ENGINE_get_RSA Ta Xr RSA_new_method 3 , Xr RSA_new 3
 .It Fn ENGINE_get_DSA Ta Xr DSA_new_method 3 , Xr DSA_new 3
 .It Fn ENGINE_get_ECDH Ta Fn ECDH_set_method , Fn ECDH_compute_key
-.It Fn ENGINE_get_ECDSA Ta Xr ECDSA_set_method 3 , Xr ECDSA_sign_setup 3 ,
+.It Fn ENGINE_get_ECDSA Ta Xr ECDSA_set_method 3 ,
-.Xr ECDSA_do_sign_ex 3 , Xr ECDSA_do_verify 3
+.Xr ECDSA_do_sign 3 , Xr ECDSA_do_verify 3
 .It Fn ENGINE_get_DH Ta Xr DH_new_method 3 , Xr DH_new 3
 .It Fn ENGINE_get_RAND Ta unused
 .It Fn ENGINE_get_STORE Ta unused

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.253 2023/07/09 06:45:03 tb Exp $
+# $OpenBSD: Makefile,v 1.254 2023/07/20 16:26:40 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -73,6 +73,7 @@ MAN=	\
 	BN_cmp.3 \
 	BN_copy.3 \
 	BN_generate_prime.3 \
+	BN_get_rfc3526_prime_8192.3 \
 	BN_kronecker.3 \
 	BN_mod_inverse.3 \
 	BN_mod_mul_montgomery.3 \
@@ -417,7 +418,6 @@ MAN=	\
 	d2i_X509_SIG.3 \
 	des_read_pw.3 \
 	evp.3 \
-	get_rfc3526_prime_8192.3 \
 	i2a_ASN1_STRING.3 \
 	i2d_CMS_bio_stream.3 \
 	i2d_PKCS7_bio_stream.3 \

lib/libcrypto/md4/md4_dgst.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: md4_dgst.c,v 1.20 2023/07/08 10:45:57 beck Exp $ */
+/* $OpenBSD: md4_dgst.c,v 1.21 2023/07/15 15:30:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -146,16 +146,9 @@ void
 md4_block_data_order(MD4_CTX *c, const void *data_, size_t num)
 {
 	const unsigned char *data = data_;
-	unsigned MD32_REG_T A, B,C, D, l;
+	unsigned MD32_REG_T A, B, C, D, l;
-#ifndef MD32_XARRAY
+	unsigned MD32_REG_T X0, X1, X2, X3, X4, X5, X6, X7,
-	/* See comment in crypto/sha/sha_locl.h for details. */
+	    X8, X9, X10, X11, X12, X13, X14, X15;
-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-	    XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
-# define X(i)	XX##i
-#else
-	MD4_LONG XX[MD4_LBLOCK];
-# define X(i)	XX[i]
-#endif
 
 	A = c->A;
 	B = c->B;
@@ -164,88 +157,88 @@ md4_block_data_order(MD4_CTX *c, const void *data_, size_t num)
 
 	for (; num--; ) {
 		HOST_c2l(data, l);
-		X( 0) = l;
+		X0 = l;
 		HOST_c2l(data, l);
-		X( 1) = l;
+		X1 = l;
 		/* Round 0 */
-		R0(A, B,C, D,X( 0), 3, 0);
+		R0(A, B, C, D, X0, 3, 0);
 		HOST_c2l(data, l);
-		X( 2) = l;
+		X2 = l;
-		R0(D, A,B, C,X( 1), 7, 0);
+		R0(D, A, B, C, X1, 7, 0);
 		HOST_c2l(data, l);
-		X( 3) = l;
+		X3 = l;
-		R0(C, D,A, B,X( 2), 11, 0);
+		R0(C, D, A, B, X2, 11, 0);
 		HOST_c2l(data, l);
-		X( 4) = l;
+		X4 = l;
-		R0(B, C,D, A,X( 3), 19, 0);
+		R0(B, C, D, A, X3, 19, 0);
 		HOST_c2l(data, l);
-		X( 5) = l;
+		X5 = l;
-		R0(A, B,C, D,X( 4), 3, 0);
+		R0(A, B, C, D, X4, 3, 0);
 		HOST_c2l(data, l);
-		X( 6) = l;
+		X6 = l;
-		R0(D, A,B, C,X( 5), 7, 0);
+		R0(D, A, B, C, X5, 7, 0);
 		HOST_c2l(data, l);
-		X( 7) = l;
+		X7 = l;
-		R0(C, D,A, B,X( 6), 11, 0);
+		R0(C, D, A, B, X6, 11, 0);
 		HOST_c2l(data, l);
-		X( 8) = l;
+		X8 = l;
-		R0(B, C,D, A,X( 7), 19, 0);
+		R0(B, C, D, A, X7, 19, 0);
 		HOST_c2l(data, l);
-		X( 9) = l;
+		X9 = l;
-		R0(A, B,C, D,X( 8), 3, 0);
+		R0(A, B, C, D, X8, 3, 0);
 		HOST_c2l(data, l);
-		X(10) = l;
+		X10 = l;
-		R0(D, A,B, C,X( 9), 7, 0);
+		R0(D, A,B, C,X9, 7, 0);
 		HOST_c2l(data, l);
-		X(11) = l;
+		X11 = l;
-		R0(C, D,A, B,X(10), 11, 0);
+		R0(C, D,A, B,X10, 11, 0);
 		HOST_c2l(data, l);
-		X(12) = l;
+		X12 = l;
-		R0(B, C,D, A,X(11), 19, 0);
+		R0(B, C,D, A,X11, 19, 0);
 		HOST_c2l(data, l);
-		X(13) = l;
+		X13 = l;
-		R0(A, B,C, D,X(12), 3, 0);
+		R0(A, B,C, D,X12, 3, 0);
 		HOST_c2l(data, l);
-		X(14) = l;
+		X14 = l;
-		R0(D, A,B, C,X(13), 7, 0);
+		R0(D, A,B, C,X13, 7, 0);
 		HOST_c2l(data, l);
-		X(15) = l;
+		X15 = l;
-		R0(C, D,A, B,X(14), 11, 0);
+		R0(C, D,A, B,X14, 11, 0);
-		R0(B, C,D, A,X(15), 19, 0);
+		R0(B, C,D, A,X15, 19, 0);
 		/* Round 1 */
-		R1(A, B,C, D,X( 0), 3, 0x5A827999L);
+		R1(A, B, C, D, X0, 3, 0x5A827999L);
-		R1(D, A,B, C,X( 4), 5, 0x5A827999L);
+		R1(D, A, B, C, X4, 5, 0x5A827999L);
-		R1(C, D,A, B,X( 8), 9, 0x5A827999L);
+		R1(C, D, A, B, X8, 9, 0x5A827999L);
-		R1(B, C,D, A,X(12), 13, 0x5A827999L);
+		R1(B, C, D, A, X12, 13, 0x5A827999L);
-		R1(A, B,C, D,X( 1), 3, 0x5A827999L);
+		R1(A, B, C, D, X1, 3, 0x5A827999L);
-		R1(D, A,B, C,X( 5), 5, 0x5A827999L);
+		R1(D, A, B, C, X5, 5, 0x5A827999L);
-		R1(C, D,A, B,X( 9), 9, 0x5A827999L);
+		R1(C, D, A, B, X9, 9, 0x5A827999L);
-		R1(B, C,D, A,X(13), 13, 0x5A827999L);
+		R1(B, C, D, A, X13, 13, 0x5A827999L);
-		R1(A, B,C, D,X( 2), 3, 0x5A827999L);
+		R1(A, B, C, D, X2, 3, 0x5A827999L);
-		R1(D, A,B, C,X( 6), 5, 0x5A827999L);
+		R1(D, A, B, C, X6, 5, 0x5A827999L);
-		R1(C, D,A, B,X(10), 9, 0x5A827999L);
+		R1(C, D, A, B, X10, 9, 0x5A827999L);
-		R1(B, C,D, A,X(14), 13, 0x5A827999L);
+		R1(B, C, D, A, X14, 13, 0x5A827999L);
-		R1(A, B,C, D,X( 3), 3, 0x5A827999L);
+		R1(A, B, C, D, X3, 3, 0x5A827999L);
-		R1(D, A,B, C,X( 7), 5, 0x5A827999L);
+		R1(D, A, B, C, X7, 5, 0x5A827999L);
-		R1(C, D,A, B,X(11), 9, 0x5A827999L);
+		R1(C, D, A, B, X11, 9, 0x5A827999L);
-		R1(B, C,D, A,X(15), 13, 0x5A827999L);
+		R1(B, C, D, A, X15, 13, 0x5A827999L);
 		/* Round 2 */
-		R2(A, B,C, D,X( 0), 3, 0x6ED9EBA1L);
+		R2(A, B, C, D, X0, 3, 0x6ED9EBA1L);
-		R2(D, A,B, C,X( 8), 9, 0x6ED9EBA1L);
+		R2(D, A, B, C, X8, 9, 0x6ED9EBA1L);
-		R2(C, D,A, B,X( 4), 11, 0x6ED9EBA1L);
+		R2(C, D, A, B, X4, 11, 0x6ED9EBA1L);
-		R2(B, C,D, A,X(12), 15, 0x6ED9EBA1L);
+		R2(B, C, D, A, X12, 15, 0x6ED9EBA1L);
-		R2(A, B,C, D,X( 2), 3, 0x6ED9EBA1L);
+		R2(A, B, C, D, X2, 3, 0x6ED9EBA1L);
-		R2(D, A,B, C,X(10), 9, 0x6ED9EBA1L);
+		R2(D, A, B, C, X10, 9, 0x6ED9EBA1L);
-		R2(C, D,A, B,X( 6), 11, 0x6ED9EBA1L);
+		R2(C, D, A, B, X6, 11, 0x6ED9EBA1L);
-		R2(B, C,D, A,X(14), 15, 0x6ED9EBA1L);
+		R2(B, C, D, A, X14, 15, 0x6ED9EBA1L);
-		R2(A, B,C, D,X( 1), 3, 0x6ED9EBA1L);
+		R2(A, B, C, D, X1, 3, 0x6ED9EBA1L);
-		R2(D, A,B, C,X( 9), 9, 0x6ED9EBA1L);
+		R2(D, A, B, C, X9, 9, 0x6ED9EBA1L);
-		R2(C, D,A, B,X( 5), 11, 0x6ED9EBA1L);
+		R2(C, D, A, B, X5, 11, 0x6ED9EBA1L);
-		R2(B, C,D, A,X(13), 15, 0x6ED9EBA1L);
+		R2(B, C, D, A, X13, 15, 0x6ED9EBA1L);
-		R2(A, B,C, D,X( 3), 3, 0x6ED9EBA1L);
+		R2(A, B, C, D, X3, 3, 0x6ED9EBA1L);
-		R2(D, A,B, C,X(11), 9, 0x6ED9EBA1L);
+		R2(D, A, B, C, X11, 9, 0x6ED9EBA1L);
-		R2(C, D,A, B,X( 7), 11, 0x6ED9EBA1L);
+		R2(C, D, A, B, X7, 11, 0x6ED9EBA1L);
-		R2(B, C,D, A,X(15), 15, 0x6ED9EBA1L);
+		R2(B, C, D, A, X15, 15, 0x6ED9EBA1L);
 
 		A = c->A += A;
 		B = c->B += B;

lib/libcrypto/md5/md5_dgst.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: md5_dgst.c,v 1.18 2023/07/08 10:45:57 beck Exp $ */
+/* $OpenBSD: md5_dgst.c,v 1.19 2023/07/15 15:37:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -166,16 +166,9 @@ void
 md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
 {
 	const unsigned char *data = data_;
-	unsigned MD32_REG_T A, B,C, D, l;
+	unsigned MD32_REG_T A, B, C, D, l;
-#ifndef MD32_XARRAY
+	unsigned MD32_REG_T X0, X1, X2, X3, X4, X5, X6, X7,
-	/* See comment in crypto/sha/sha_locl.h for details. */
+	    X8, X9, X10, X11, X12, X13, X14, X15;
-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-	    XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
-# define X(i)	XX##i
-#else
-	MD5_LONG XX[MD5_LBLOCK];
-# define X(i)	XX[i]
-#endif
 
 	A = c->A;
 	B = c->B;
@@ -184,105 +177,105 @@ md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
 
 	for (; num--; ) {
 		HOST_c2l(data, l);
-		X( 0) = l;
+		X0 = l;
 		HOST_c2l(data, l);
-		X( 1) = l;
+		X1 = l;
 		/* Round 0 */
-		R0(A, B,C, D,X( 0), 7, 0xd76aa478L);
+		R0(A, B, C, D, X0, 7, 0xd76aa478L);
 		HOST_c2l(data, l);
-		X( 2) = l;
+		X2 = l;
-		R0(D, A,B, C,X( 1), 12, 0xe8c7b756L);
+		R0(D, A, B, C, X1, 12, 0xe8c7b756L);
 		HOST_c2l(data, l);
-		X( 3) = l;
+		X3 = l;
-		R0(C, D,A, B,X( 2), 17, 0x242070dbL);
+		R0(C, D, A, B, X2, 17, 0x242070dbL);
 		HOST_c2l(data, l);
-		X( 4) = l;
+		X4 = l;
-		R0(B, C,D, A,X( 3), 22, 0xc1bdceeeL);
+		R0(B, C, D, A, X3, 22, 0xc1bdceeeL);
 		HOST_c2l(data, l);
-		X( 5) = l;
+		X5 = l;
-		R0(A, B,C, D,X( 4), 7, 0xf57c0fafL);
+		R0(A, B, C, D, X4, 7, 0xf57c0fafL);
 		HOST_c2l(data, l);
-		X( 6) = l;
+		X6 = l;
-		R0(D, A,B, C,X( 5), 12, 0x4787c62aL);
+		R0(D, A, B, C, X5, 12, 0x4787c62aL);
 		HOST_c2l(data, l);
-		X( 7) = l;
+		X7 = l;
-		R0(C, D,A, B,X( 6), 17, 0xa8304613L);
+		R0(C, D, A, B, X6, 17, 0xa8304613L);
 		HOST_c2l(data, l);
-		X( 8) = l;
+		X8 = l;
-		R0(B, C,D, A,X( 7), 22, 0xfd469501L);
+		R0(B, C, D, A, X7, 22, 0xfd469501L);
 		HOST_c2l(data, l);
-		X( 9) = l;
+		X9 = l;
-		R0(A, B,C, D,X( 8), 7, 0x698098d8L);
+		R0(A, B, C, D, X8, 7, 0x698098d8L);
 		HOST_c2l(data, l);
-		X(10) = l;
+		X10 = l;
-		R0(D, A,B, C,X( 9), 12, 0x8b44f7afL);
+		R0(D, A, B, C, X9, 12, 0x8b44f7afL);
 		HOST_c2l(data, l);
-		X(11) = l;
+		X11 = l;
-		R0(C, D,A, B,X(10), 17, 0xffff5bb1L);
+		R0(C, D, A, B, X10, 17, 0xffff5bb1L);
 		HOST_c2l(data, l);
-		X(12) = l;
+		X12 = l;
-		R0(B, C,D, A,X(11), 22, 0x895cd7beL);
+		R0(B, C, D, A, X11, 22, 0x895cd7beL);
 		HOST_c2l(data, l);
-		X(13) = l;
+		X13 = l;
-		R0(A, B,C, D,X(12), 7, 0x6b901122L);
+		R0(A, B, C, D, X12, 7, 0x6b901122L);
 		HOST_c2l(data, l);
-		X(14) = l;
+		X14 = l;
-		R0(D, A,B, C,X(13), 12, 0xfd987193L);
+		R0(D, A, B, C, X13, 12, 0xfd987193L);
 		HOST_c2l(data, l);
-		X(15) = l;
+		X15 = l;
-		R0(C, D,A, B,X(14), 17, 0xa679438eL);
+		R0(C, D, A, B, X14, 17, 0xa679438eL);
-		R0(B, C,D, A,X(15), 22, 0x49b40821L);
+		R0(B, C, D, A, X15, 22, 0x49b40821L);
 		/* Round 1 */
-		R1(A, B,C, D,X( 1), 5, 0xf61e2562L);
+		R1(A, B, C, D, X1, 5, 0xf61e2562L);
-		R1(D, A,B, C,X( 6), 9, 0xc040b340L);
+		R1(D, A, B, C, X6, 9, 0xc040b340L);
-		R1(C, D,A, B,X(11), 14, 0x265e5a51L);
+		R1(C, D, A, B, X11, 14, 0x265e5a51L);
-		R1(B, C,D, A,X( 0), 20, 0xe9b6c7aaL);
+		R1(B, C, D, A, X0, 20, 0xe9b6c7aaL);
-		R1(A, B,C, D,X( 5), 5, 0xd62f105dL);
+		R1(A, B, C, D, X5, 5, 0xd62f105dL);
-		R1(D, A,B, C,X(10), 9, 0x02441453L);
+		R1(D, A, B, C, X10, 9, 0x02441453L);
-		R1(C, D,A, B,X(15), 14, 0xd8a1e681L);
+		R1(C, D, A, B, X15, 14, 0xd8a1e681L);
-		R1(B, C,D, A,X( 4), 20, 0xe7d3fbc8L);
+		R1(B, C, D, A, X4, 20, 0xe7d3fbc8L);
-		R1(A, B,C, D,X( 9), 5, 0x21e1cde6L);
+		R1(A, B, C, D, X9, 5, 0x21e1cde6L);
-		R1(D, A,B, C,X(14), 9, 0xc33707d6L);
+		R1(D, A, B, C, X14, 9, 0xc33707d6L);
-		R1(C, D,A, B,X( 3), 14, 0xf4d50d87L);
+		R1(C, D, A, B, X3, 14, 0xf4d50d87L);
-		R1(B, C,D, A,X( 8), 20, 0x455a14edL);
+		R1(B, C, D, A, X8, 20, 0x455a14edL);
-		R1(A, B,C, D,X(13), 5, 0xa9e3e905L);
+		R1(A, B, C, D, X13, 5, 0xa9e3e905L);
-		R1(D, A,B, C,X( 2), 9, 0xfcefa3f8L);
+		R1(D, A, B, C, X2, 9, 0xfcefa3f8L);
-		R1(C, D,A, B,X( 7), 14, 0x676f02d9L);
+		R1(C, D, A, B, X7, 14, 0x676f02d9L);
-		R1(B, C,D, A,X(12), 20, 0x8d2a4c8aL);
+		R1(B, C, D, A, X12, 20, 0x8d2a4c8aL);
 		/* Round 2 */
-		R2(A, B,C, D,X( 5), 4, 0xfffa3942L);
+		R2(A, B, C, D, X5, 4, 0xfffa3942L);
-		R2(D, A,B, C,X( 8), 11, 0x8771f681L);
+		R2(D, A, B, C, X8, 11, 0x8771f681L);
-		R2(C, D,A, B,X(11), 16, 0x6d9d6122L);
+		R2(C, D, A, B, X11, 16, 0x6d9d6122L);
-		R2(B, C,D, A,X(14), 23, 0xfde5380cL);
+		R2(B, C, D, A, X14, 23, 0xfde5380cL);
-		R2(A, B,C, D,X( 1), 4, 0xa4beea44L);
+		R2(A, B, C, D, X1, 4, 0xa4beea44L);
-		R2(D, A,B, C,X( 4), 11, 0x4bdecfa9L);
+		R2(D, A, B, C, X4, 11, 0x4bdecfa9L);
-		R2(C, D,A, B,X( 7), 16, 0xf6bb4b60L);
+		R2(C, D, A, B, X7, 16, 0xf6bb4b60L);
-		R2(B, C,D, A,X(10), 23, 0xbebfbc70L);
+		R2(B, C, D, A, X10, 23, 0xbebfbc70L);
-		R2(A, B,C, D,X(13), 4, 0x289b7ec6L);
+		R2(A, B, C, D, X13, 4, 0x289b7ec6L);
-		R2(D, A,B, C,X( 0), 11, 0xeaa127faL);
+		R2(D, A, B, C, X0, 11, 0xeaa127faL);
-		R2(C, D,A, B,X( 3), 16, 0xd4ef3085L);
+		R2(C, D, A, B, X3, 16, 0xd4ef3085L);
-		R2(B, C,D, A,X( 6), 23, 0x04881d05L);
+		R2(B, C, D, A, X6, 23, 0x04881d05L);
-		R2(A, B,C, D,X( 9), 4, 0xd9d4d039L);
+		R2(A, B, C, D, X9, 4, 0xd9d4d039L);
-		R2(D, A,B, C,X(12), 11, 0xe6db99e5L);
+		R2(D, A, B, C, X12, 11, 0xe6db99e5L);
-		R2(C, D,A, B,X(15), 16, 0x1fa27cf8L);
+		R2(C, D, A, B, X15, 16, 0x1fa27cf8L);
-		R2(B, C,D, A,X( 2), 23, 0xc4ac5665L);
+		R2(B, C, D, A, X2, 23, 0xc4ac5665L);
 		/* Round 3 */
-		R3(A, B,C, D,X( 0), 6, 0xf4292244L);
+		R3(A, B, C, D, X0, 6, 0xf4292244L);
-		R3(D, A,B, C,X( 7), 10, 0x432aff97L);
+		R3(D, A, B, C, X7, 10, 0x432aff97L);
-		R3(C, D,A, B,X(14), 15, 0xab9423a7L);
+		R3(C, D, A, B, X14, 15, 0xab9423a7L);
-		R3(B, C,D, A,X( 5), 21, 0xfc93a039L);
+		R3(B, C, D, A, X5, 21, 0xfc93a039L);
-		R3(A, B,C, D,X(12), 6, 0x655b59c3L);
+		R3(A, B, C, D, X12, 6, 0x655b59c3L);
-		R3(D, A,B, C,X( 3), 10, 0x8f0ccc92L);
+		R3(D, A, B, C, X3, 10, 0x8f0ccc92L);
-		R3(C, D,A, B,X(10), 15, 0xffeff47dL);
+		R3(C, D, A, B, X10, 15, 0xffeff47dL);
-		R3(B, C,D, A,X( 1), 21, 0x85845dd1L);
+		R3(B, C, D, A, X1, 21, 0x85845dd1L);
-		R3(A, B,C, D,X( 8), 6, 0x6fa87e4fL);
+		R3(A, B, C, D, X8, 6, 0x6fa87e4fL);
-		R3(D, A,B, C,X(15), 10, 0xfe2ce6e0L);
+		R3(D, A, B, C, X15, 10, 0xfe2ce6e0L);
-		R3(C, D,A, B,X( 6), 15, 0xa3014314L);
+		R3(C, D, A, B, X6, 15, 0xa3014314L);
-		R3(B, C,D, A,X(13), 21, 0x4e0811a1L);
+		R3(B, C, D, A, X13, 21, 0x4e0811a1L);
-		R3(A, B,C, D,X( 4), 6, 0xf7537e82L);
+		R3(A, B, C, D, X4, 6, 0xf7537e82L);
-		R3(D, A,B, C,X(11), 10, 0xbd3af235L);
+		R3(D, A, B, C, X11, 10, 0xbd3af235L);
-		R3(C, D,A, B,X( 2), 15, 0x2ad7d2bbL);
+		R3(C, D, A, B, X2, 15, 0x2ad7d2bbL);
-		R3(B, C,D, A,X( 9), 21, 0xeb86d391L);
+		R3(B, C, D, A, X9, 21, 0xeb86d391L);
 
 		A = c->A += A;
 		B = c->B += B;

lib/libssl/bio_ssl.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_ssl.c,v 1.39 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: bio_ssl.c,v 1.40 2023/07/19 13:34:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -577,7 +577,7 @@ BIO_ssl_copy_session_id(BIO *t, BIO *f)
 		return (0);
 	return (1);
 }
-LSSL_ALIAS(BIO_new_ssl_connect);
+LSSL_ALIAS(BIO_ssl_copy_session_id);
 
 void
 BIO_ssl_shutdown(BIO *b)

lib/libssl/ssl_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.311 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.312 2023/07/19 13:34:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -3313,6 +3313,7 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
 {
 	return (ssl->info_callback);
 }
+LSSL_ALIAS(SSL_get_info_callback);
 
 int
 SSL_state(const SSL *ssl)

lib/libssl/ssl_pkt.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.65 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.66 2023/07/11 17:02:47 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -536,7 +536,6 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 	SSL_SESSION *sess = s->session;
 	int need_empty_fragment = 0;
 	size_t align, out_len;
-	uint16_t version;
 	CBB cbb;
 	int ret;
 
@@ -568,16 +567,6 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 	if (len == 0)
 		return 0;
 
-	/*
-	 * Some servers hang if initial client hello is larger than 256
-	 * bytes and record version number > TLS 1.0.
-	 */
-	version = s->version;
-	if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B &&
-	    !s->renegotiate &&
-	    s->s3->hs.our_max_tls_version > TLS1_VERSION)
-		version = TLS1_VERSION;
-
 	/*
 	 * Countermeasure against known-IV weakness in CBC ciphersuites
 	 * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
@@ -604,7 +593,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 	if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align))
 		goto err;
 
-	tls12_record_layer_set_version(s->rl, version);
+	tls12_record_layer_set_version(s->rl, s->version);
 
 	if (need_empty_fragment) {
 		if (!tls12_record_layer_seal_record(s->rl, type,

libexec/ld.so/ldd/ldd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ldd.c,v 1.22 2017/10/27 16:47:08 mpi Exp $	*/
+/*	$OpenBSD: ldd.c,v 1.23 2023/07/13 19:04:50 jasper Exp $	*/
 /*
  * Copyright (c) 2001 Artur Grabowski <art@openbsd.org>
  * All rights reserved.
@@ -117,19 +117,25 @@ doit(char *name)
 		close(fd);
 		return 1;
 	}
+
 	if (read(fd, &ehdr, sizeof(ehdr)) < 0) {
 		warn("read(%s)", name);
 		close(fd);
 		return 1;
 	}
 
-	if (memcmp(ehdr.e_ident, ELFMAG, SELFMAG) ||
+	if (!IS_ELF(ehdr) || ehdr.e_machine != ELF_TARG_MACH) {
-	    ehdr.e_machine != ELF_TARG_MACH) {
 		warnx("%s: not an ELF executable", name);
 		close(fd);
 		return 1;
 	}
 
+	if (ehdr.e_phnum == 0 || ehdr.e_phentsize == 0) {
+		warnx("%s: missing program header", name);
+		close(fd);
+		return 1;
+	}
+
 	if ((phdr = reallocarray(NULL, ehdr.e_phnum, sizeof(Elf_Phdr))) == NULL)
 		err(1, "reallocarray");
 	size = ehdr.e_phnum * sizeof(Elf_Phdr);

libexec/ld.so/library.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: library.c,v 1.90 2023/01/29 20:30:56 gnezdo Exp $ */
+/*	$OpenBSD: library.c,v 1.91 2023/07/12 19:49:06 jasper Exp $ */
 
 /*
  * Copyright (c) 2002 Dale Rahn
@@ -113,6 +113,7 @@ _dl_tryload_shlib(const char *libname, int type, int flags, int nodelete)
 	Elf_Phdr *ptls = NULL;
 	struct stat sb;
 
+#define powerof2(x) ((((x) - 1) & (x)) == 0)
 #define ROUND_PG(x) (((x) + align) & ~(align))
 #define TRUNC_PG(x) ((x) & ~(align))
 
@@ -160,6 +161,14 @@ _dl_tryload_shlib(const char *libname, int type, int flags, int nodelete)
 	 */
 	phdp = (Elf_Phdr *)(hbuf + ehdr->e_phoff);
 	for (i = 0; i < ehdr->e_phnum; i++, phdp++) {
+		if (phdp->p_align > 1 && !powerof2(phdp->p_align)) {
+			_dl_printf("%s: ld.so invalid ELF input %s.\n",
+			    __progname, libname);
+			_dl_close(libfile);
+			_dl_errno = DL_CANT_MMAP;
+			return(0);
+		}
+
 		switch (phdp->p_type) {
 		case PT_LOAD:
 			if (phdp->p_vaddr < minva)

libexec/ld.so/library_mquery.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: library_mquery.c,v 1.70 2023/01/29 20:30:56 gnezdo Exp $ */
+/*	$OpenBSD: library_mquery.c,v 1.71 2023/07/12 19:49:06 jasper Exp $ */
 
 /*
  * Copyright (c) 2002 Dale Rahn
@@ -118,6 +118,7 @@ _dl_tryload_shlib(const char *libname, int type, int flags, int nodelete)
 	char hbuf[4096], *exec_start;
 	size_t exec_size;
 
+#define powerof2(x) ((((x) - 1) & (x)) == 0)
 #define ROUND_PG(x) (((x) + align) & ~(align))
 #define TRUNC_PG(x) ((x) & ~(align))
 
@@ -171,6 +172,14 @@ _dl_tryload_shlib(const char *libname, int type, int flags, int nodelete)
 	 */
 	phdp = (Elf_Phdr *)(hbuf + ehdr->e_phoff);
 	for (i = 0; i < ehdr->e_phnum; i++, phdp++) {
+		if (phdp->p_align > 1 && !powerof2(phdp->p_align)) {
+			_dl_printf("%s: ld.so invalid ELF input %s.\n",
+			    __progname, libname);
+			_dl_close(libfile);
+			_dl_errno = DL_CANT_MMAP;
+			return(0);
+		}
+
 		switch (phdp->p_type) {
 		case PT_LOAD:
 			off = (phdp->p_vaddr & align);

regress/lib/libcrypto/bn/bn_print.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bn_print.c,v 1.3 2023/07/07 07:47:25 tb Exp $ */
+/*	$OpenBSD: bn_print.c,v 1.4 2023/07/10 20:21:37 tb Exp $ */
 
 /*
  * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -139,6 +139,11 @@ const struct print_test {
 		.want = "    mana mana\n"
 			"        00:80:00:00:00:00:00:00:00:00\n",
 	},
+	{
+		.desc = "high bit of first nibble is set for negative number",
+		.want = "    mana mana (Negative)\n"
+			"        00:80:00:00:00:00:00:00:00:00\n",
+	},
 };
 
 #define N_TESTCASES	(sizeof(bn_print_tests) / sizeof(bn_print_tests[0]))
@@ -281,6 +286,13 @@ main(void)
 	test = &bn_print_tests[testcase++];
 	failed |= bn_print_testcase(bn, test);
 
+	/* high bit of first nibble is set for negative number. */
+	BN_set_negative(bn, 1);
+	if (testcase >= N_TESTCASES)
+		errx(1, "Too many tests");
+	test = &bn_print_tests[testcase++];
+	failed |= bn_print_testcase(bn, test);
+
 	if (testcase != N_TESTCASES) {
 		warnx("Not all tests run");
 		failed |= 1;

regress/lib/libcrypto/ecdh/Makefile

@@ -1,6 +1,8 @@
-#	$OpenBSD: Makefile,v 1.5 2021/05/10 20:41:44 tb Exp $
+#	$OpenBSD: Makefile,v 1.6 2023/07/15 19:51:13 tb Exp $
+
+PROGS =		ecdhtest
+PROGS +=	ecc_cdh
 
-PROG=	ecdhtest
 LDADD=	-lcrypto
 DPADD=	${LIBCRYPTO}
 WARNINGS=	Yes

regress/lib/libcrypto/ecdh/ecdhtest.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ecdhtest.c,v 1.16 2023/05/20 16:00:22 tb Exp $	*/
+/*	$OpenBSD: ecdhtest.c,v 1.20 2023/07/16 07:34:07 tb Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -67,12 +67,11 @@
  *
  */
 
+#include <err.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/objects.h>
 #include <openssl/sha.h>
@@ -81,350 +80,339 @@
 #include <openssl/ec.h>
 #include <openssl/ecdh.h>
 
-static const int KDF1_SHA1_len = 20;
+static void
+hexdump(const unsigned char *buf, size_t len)
+{
+	size_t i;
+
+	for (i = 1; i <= len; i++)
+		fprintf(stdout, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
+
+	if (len % 8)
+		fprintf(stdout, "\n");
+}
+
 static void *
 KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 {
-#ifndef OPENSSL_NO_SHA
+#ifdef OPENSSL_NO_SHA
+	return NULL;
+#else
 	if (*outlen < SHA_DIGEST_LENGTH)
 		return NULL;
-	else
+	*outlen = SHA_DIGEST_LENGTH;
-		*outlen = SHA_DIGEST_LENGTH;
 	return SHA1(in, inlen, out);
-#else
-	return NULL;
 #endif
 }
 
-
 static int
-test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
+ecdh_keygen_test(int nid)
 {
-	BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL;
+	EC_KEY *keya = NULL, *keyb = NULL;
-	EC_KEY *a = NULL, *b = NULL;
+	const EC_POINT *puba, *pubb;
-	const EC_GROUP *group;
 	unsigned char *abuf = NULL, *bbuf = NULL;
-	int i, alen, blen, aout, bout, ret = 0;
+	int len = SHA_DIGEST_LENGTH;
-	char buf[12];
+	int failed = 1;
 
-	a = EC_KEY_new_by_curve_name(nid);
+	if ((keya = EC_KEY_new_by_curve_name(nid)) == NULL)
-	b = EC_KEY_new_by_curve_name(nid);
+		goto err;
-	if (a == NULL || b == NULL)
+	if (!EC_KEY_generate_key(keya))
+		goto err;
+	if ((puba = EC_KEY_get0_public_key(keya)) == NULL)
 		goto err;
 
-	group = EC_KEY_get0_group(a);
+	if ((keyb = EC_KEY_new_by_curve_name(nid)) == NULL)
-
-	if ((x_a = BN_new()) == NULL)
 		goto err;
-	if ((y_a = BN_new()) == NULL)
+	if (!EC_KEY_generate_key(keyb))
 		goto err;
-	if ((x_b = BN_new()) == NULL)
+	if ((pubb = EC_KEY_get0_public_key(keyb)) == NULL)
-		goto err;
-	if ((y_b = BN_new()) == NULL)
 		goto err;
 
-	BIO_puts(out, "Testing key generation with ");
+	if ((abuf = calloc(1, len)) == NULL)
-	BIO_puts(out, text);
+		goto err;
-	(void)BIO_flush(out);
+	if ((bbuf = calloc(1, len)) == NULL)
-
-	if (!EC_KEY_generate_key(a))
 		goto err;
 
-	if (!EC_POINT_get_affine_coordinates(group,
+	if (ECDH_compute_key(abuf, len, pubb, keya, KDF1_SHA1) != len)
-	    EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+		goto err;
-
+	if (ECDH_compute_key(bbuf, len, puba, keyb, KDF1_SHA1) != len)
-	BIO_printf(out, " .");
-	(void)BIO_flush(out);
-
-	if (!EC_KEY_generate_key(b))
 		goto err;
 
-	if (!EC_POINT_get_affine_coordinates(group,
+	if (memcmp(abuf, bbuf, len) != 0) {
-	    EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+		printf("key generation with %s failed\n", OBJ_nid2sn(nid));
 
-	BIO_printf(out, ".");
+		EC_KEY_print_fp(stdout, keya, 1);
-	(void)BIO_flush(out);
+		printf(" shared secret:\n");
+		hexdump(abuf, len);
 
-	alen = KDF1_SHA1_len;
+		EC_KEY_print_fp(stdout, keyb, 1);
-	if ((abuf = malloc(alen)) == NULL)
+		printf(" shared secret:\n");
-		goto err;
+		hexdump(bbuf, len);
-	aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b),
-	    a, KDF1_SHA1);
 
-	BIO_printf(out, ".");
-	(void)BIO_flush(out);
-
-	blen = KDF1_SHA1_len;
-	if ((bbuf = malloc(blen)) == NULL)
-		goto err;
-	bout = ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a),
-	    b, KDF1_SHA1);
-
-	BIO_printf(out, ".");
-	(void)BIO_flush(out);
-
-	if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
-		BIO_printf(out, " failed\n\n");
-		BIO_printf(out, "key a:\n");
-		BIO_printf(out, "private key: ");
-		BN_print(out, EC_KEY_get0_private_key(a));
-		BIO_printf(out, "\n");
-		BIO_printf(out, "public key (x,y): ");
-		BN_print(out, x_a);
-		BIO_printf(out, ",");
-		BN_print(out, y_a);
-		BIO_printf(out, "\nkey b:\n");
-		BIO_printf(out, "private key: ");
-		BN_print(out, EC_KEY_get0_private_key(b));
-		BIO_printf(out, "\n");
-		BIO_printf(out, "public key (x,y): ");
-		BN_print(out, x_b);
-		BIO_printf(out, ",");
-		BN_print(out, y_b);
-		BIO_printf(out, "\n");
-		BIO_printf(out, "generated key a: ");
-		for (i = 0; i < bout; i++) {
-			snprintf(buf, sizeof buf, "%02X", bbuf[i]);
-			BIO_puts(out, buf);
-		}
-		BIO_printf(out, "\n");
-		BIO_printf(out, "generated key b: ");
-		for (i = 0; i < aout; i++) {
-			snprintf(buf, sizeof buf, "%02X", abuf[i]);
-			BIO_puts(out, buf);
-		}
-		BIO_printf(out, "\n");
 		fprintf(stderr, "Error in ECDH routines\n");
-		ret = 0;
+
-	} else {
+		goto err;
-		BIO_printf(out, " ok\n");
-		ret = 1;
 	}
 
-err:
+	failed = 0;
+
+ err:
 	ERR_print_errors_fp(stderr);
 
-	free(abuf);
+	EC_KEY_free(keya);
-	free(bbuf);
+	EC_KEY_free(keyb);
-	BN_free(x_a);
+	freezero(abuf, len);
-	BN_free(y_a);
+	freezero(bbuf, len);
-	BN_free(x_b);
-	BN_free(y_b);
-	EC_KEY_free(b);
-	EC_KEY_free(a);
 
-	return (ret);
+	return failed;
 }
 
-/* Keys and shared secrets from RFC 7027 */
+static const struct ecdh_kat_test {
-
+    const int nid;
-static const unsigned char bp256_da[] = {
+    const char *keya;
-	0x81, 0xDB, 0x1E, 0xE1, 0x00, 0x15, 0x0F, 0xF2, 0xEA, 0x33, 0x8D, 0x70,
+    const char *keyb;
-	0x82, 0x71, 0xBE, 0x38, 0x30, 0x0C, 0xB5, 0x42, 0x41, 0xD7, 0x99, 0x50,
+    const char *want;
-	0xF7, 0x7B, 0x06, 0x30, 0x39, 0x80, 0x4F, 0x1D
+} ecdh_kat_tests[] = {
+	/* Keys and shared secrets from RFC 5114 */
+	{
+		.nid =	NID_X9_62_prime192v1,
+		.keya =	"323fa3169d8e9c6593f59476bc142000ab5be0e249c43426",
+		.keyb =	"631f95bb4a67632c9c476eee9ab695ab240a0499307fcf62",
+		.want =	"ad420182633f8526bfe954acda376f05e5ff4f837f54febe",
+	},
+	{
+		.nid =	NID_secp224r1,
+		.keya =	"b558eb6c288da707bbb4f8fbae2ab9e9cb62e3bc5c7573e2"
+			"2e26d37f",
+		.keyb =	"ac3b1add3d9770e6f6a708ee9f3b8e0ab3b480e9f27f85c8"
+			"8b5e6d18",
+		.want =	"52272f50f46f4edc9151569092f46df2d96ecc3b6dc1714a"
+			"4ea949fa",
+	},
+	{
+		.nid =	NID_X9_62_prime256v1,
+		.keya =	"814264145f2f56f2e96a8e337a1284993faf432a5abce59e"
+			"867b7291d507a3af",
+		.keyb =	"2ce1788ec197e096db95a200cc0ab26a19ce6bccad562b8e"
+			"ee1b593761cf7f41",
+		.want =	"dd0f5396219d1ea393310412d19a08f1f5811e9dc8ec8eea"
+			"7f80d21c820c2788",
+	},
+	{
+		.nid =	NID_secp384r1,
+		.keya =	"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48"
+			"d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1",
+		.keyb =	"52d1791fdb4b70f89c0f00d456c2f7023b6125262c36a7df"
+			"1f80231121cce3d39be52e00c194a4132c4a6c768bcd94d2",
+		.want =	"5ea1fc4af7256d2055981b110575e0a8cae53160137d904c"
+			"59d926eb1b8456e427aa8a4540884c37de159a58028abc0e",
+	},
+	{
+		.nid =	NID_secp521r1,
+		.keya =	"0113f82da825735e3d97276683b2b74277bad27335ea7166"
+			"4af2430cc4f33459b9669ee78b3ffb9b8683015d344dcbfe"
+			"f6fb9af4c6c470be254516cd3c1a1fb47362",
+		.keyb =	"00cee3480d8645a17d249f2776d28bae616952d1791fdb4b"
+			"70f7c3378732aa1b22928448bcd1dc2496d435b01048066e"
+			"be4f72903c361b1a9dc1193dc2c9d0891b96",
+		.want =	"00cdea89621cfa46b132f9e4cfe2261cde2d4368eb565663"
+			"4c7cc98c7a00cde54ed1866a0dd3e6126c9d2f845daff82c"
+			"eb1da08f5d87521bb0ebeca77911169c20cc",
+	},
+	/* Keys and shared secrets from RFC 5903 */
+	{
+		.nid =	NID_X9_62_prime256v1,
+		.keya =	"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049"
+			"c62a9c57862d1433",
+		.keyb =	"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0"
+			"b283ab46476bee53",
+		.want =	"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03"
+			"812464d04b9442de",
+	},
+	{
+		.nid =	NID_secp384r1,
+		.keya =	"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f16"
+			"0647b67414dce655e35b538041e649ee3faef896783ab194",
+		.keyb =	"41cb0779b4bdb85d47846725fbec3c9430fab46cc8dc5060"
+			"855cc9bda0aa2942e0308312916b8ed2960e4bd55a7448fc",
+		.want =	"11187331c279962d93d604243fd592cb9d0a926f422e4718"
+			"7521287e7156c5c4d603135569b9e9d09cf5d4a270f59746",
+	},
+	{
+		.nid =	NID_secp521r1,
+		.keya =	"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5"
+			"393dce47608172a095aa85a30fe1c2952c6771d937ba9777"
+			"f5957b2639bab072462f68c27a57382d"
+			"4a52",
+		.keyb =	"0145ba99a847af43793fdd0e872e7cdfa16be30fdc780f97"
+			"bccc3f078380201e9c677d600b343757a3bdbf2a3163e4c2"
+			"f869cca7458aa4a4effc311f5cb151685eb9",
+		.want =	"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f9"
+			"7894e5e6b2d79b04d1427e73ca4baa240a34786859810c06"
+			"b3c715a3a8cc3151f2bee417996d19f3ddea",
+	},
+	/* Keys and shared secrets from RFC 7027 */
+	{
+		.nid =	NID_brainpoolP256r1,
+		.keya =	"81db1ee100150ff2ea338d708271be38300cb54241d79950"
+			"f77b063039804f1d",
+		.keyb =	"55e40bc41e37e3e2ad25c3c6654511ffa8474a91a0032087"
+			"593852d3e7d76bd3",
+		.want =	"89afc39d41d3b327814b80940b042590f96556ec91e6ae79"
+			"39bce31f3a18bf2b",
+	},
+	{
+		.nid =	NID_brainpoolP384r1,
+		.keya =	"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d"
+			"57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042",
+		.keyb =	"032640bc6003c59260f7250c3db58ce647f98e1260acce4a"
+			"cda3dd869f74e01f8ba5e0324309db6a9831497abac96670",
+		.want =	"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc"
+			"51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42",
+	},
+	{
+		.nid =	NID_brainpoolP512r1,
+		.keya =	"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a"
+			"56850a38bd87bd59b09e80279609ff333eb9d4c061231fb2"
+			"6f92eeb04982a5f1d1764cad57665422",
+		.keyb =	"230e18e1bcc88a362fa54e4ea3902009292f7f8033624fd4"
+			"71b5d8ace49d12cfabbc19963dab8e2f1eba00bffb29e4d7"
+			"2d13f2224562f405cb80503666b25429",
+		.want =	"a7927098655f1f9976fa50a9d566865dc530331846381c87"
+			"256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d"
+			"24f11a9b5c0bef679fe1454b21c4cd1f",
+	},
 };
 
-static const unsigned char bp256_db[] = {
+#define N_KATS (sizeof(ecdh_kat_tests) / sizeof(ecdh_kat_tests[0]))
-	0x55, 0xE4, 0x0B, 0xC4, 0x1E, 0x37, 0xE3, 0xE2, 0xAD, 0x25, 0xC3, 0xC6,
-	0x65, 0x45, 0x11, 0xFF, 0xA8, 0x47, 0x4A, 0x91, 0xA0, 0x03, 0x20, 0x87,
-	0x59, 0x38, 0x52, 0xD3, 0xE7, 0xD7, 0x6B, 0xD3
-};
-
-static const unsigned char bp256_Z[] = {
-	0x89, 0xAF, 0xC3, 0x9D, 0x41, 0xD3, 0xB3, 0x27, 0x81, 0x4B, 0x80, 0x94,
-	0x0B, 0x04, 0x25, 0x90, 0xF9, 0x65, 0x56, 0xEC, 0x91, 0xE6, 0xAE, 0x79,
-	0x39, 0xBC, 0xE3, 0x1F, 0x3A, 0x18, 0xBF, 0x2B
-};
-
-static const unsigned char bp384_da[] = {
-	0x1E, 0x20, 0xF5, 0xE0, 0x48, 0xA5, 0x88, 0x6F, 0x1F, 0x15, 0x7C, 0x74,
-	0xE9, 0x1B, 0xDE, 0x2B, 0x98, 0xC8, 0xB5, 0x2D, 0x58, 0xE5, 0x00, 0x3D,
-	0x57, 0x05, 0x3F, 0xC4, 0xB0, 0xBD, 0x65, 0xD6, 0xF1, 0x5E, 0xB5, 0xD1,
-	0xEE, 0x16, 0x10, 0xDF, 0x87, 0x07, 0x95, 0x14, 0x36, 0x27, 0xD0, 0x42
-};
-
-static const unsigned char bp384_db[] = {
-	0x03, 0x26, 0x40, 0xBC, 0x60, 0x03, 0xC5, 0x92, 0x60, 0xF7, 0x25, 0x0C,
-	0x3D, 0xB5, 0x8C, 0xE6, 0x47, 0xF9, 0x8E, 0x12, 0x60, 0xAC, 0xCE, 0x4A,
-	0xCD, 0xA3, 0xDD, 0x86, 0x9F, 0x74, 0xE0, 0x1F, 0x8B, 0xA5, 0xE0, 0x32,
-	0x43, 0x09, 0xDB, 0x6A, 0x98, 0x31, 0x49, 0x7A, 0xBA, 0xC9, 0x66, 0x70
-};
-
-static const unsigned char bp384_Z[] = {
-	0x0B, 0xD9, 0xD3, 0xA7, 0xEA, 0x0B, 0x3D, 0x51, 0x9D, 0x09, 0xD8, 0xE4,
-	0x8D, 0x07, 0x85, 0xFB, 0x74, 0x4A, 0x6B, 0x35, 0x5E, 0x63, 0x04, 0xBC,
-	0x51, 0xC2, 0x29, 0xFB, 0xBC, 0xE2, 0x39, 0xBB, 0xAD, 0xF6, 0x40, 0x37,
-	0x15, 0xC3, 0x5D, 0x4F, 0xB2, 0xA5, 0x44, 0x4F, 0x57, 0x5D, 0x4F, 0x42
-};
-
-static const unsigned char bp512_da[] = {
-	0x16, 0x30, 0x2F, 0xF0, 0xDB, 0xBB, 0x5A, 0x8D, 0x73, 0x3D, 0xAB, 0x71,
-	0x41, 0xC1, 0xB4, 0x5A, 0xCB, 0xC8, 0x71, 0x59, 0x39, 0x67, 0x7F, 0x6A,
-	0x56, 0x85, 0x0A, 0x38, 0xBD, 0x87, 0xBD, 0x59, 0xB0, 0x9E, 0x80, 0x27,
-	0x96, 0x09, 0xFF, 0x33, 0x3E, 0xB9, 0xD4, 0xC0, 0x61, 0x23, 0x1F, 0xB2,
-	0x6F, 0x92, 0xEE, 0xB0, 0x49, 0x82, 0xA5, 0xF1, 0xD1, 0x76, 0x4C, 0xAD,
-	0x57, 0x66, 0x54, 0x22
-};
-
-static const unsigned char bp512_db[] = {
-	0x23, 0x0E, 0x18, 0xE1, 0xBC, 0xC8, 0x8A, 0x36, 0x2F, 0xA5, 0x4E, 0x4E,
-	0xA3, 0x90, 0x20, 0x09, 0x29, 0x2F, 0x7F, 0x80, 0x33, 0x62, 0x4F, 0xD4,
-	0x71, 0xB5, 0xD8, 0xAC, 0xE4, 0x9D, 0x12, 0xCF, 0xAB, 0xBC, 0x19, 0x96,
-	0x3D, 0xAB, 0x8E, 0x2F, 0x1E, 0xBA, 0x00, 0xBF, 0xFB, 0x29, 0xE4, 0xD7,
-	0x2D, 0x13, 0xF2, 0x22, 0x45, 0x62, 0xF4, 0x05, 0xCB, 0x80, 0x50, 0x36,
-	0x66, 0xB2, 0x54, 0x29
-};
-
-
-static const unsigned char bp512_Z[] = {
-	0xA7, 0x92, 0x70, 0x98, 0x65, 0x5F, 0x1F, 0x99, 0x76, 0xFA, 0x50, 0xA9,
-	0xD5, 0x66, 0x86, 0x5D, 0xC5, 0x30, 0x33, 0x18, 0x46, 0x38, 0x1C, 0x87,
-	0x25, 0x6B, 0xAF, 0x32, 0x26, 0x24, 0x4B, 0x76, 0xD3, 0x64, 0x03, 0xC0,
-	0x24, 0xD7, 0xBB, 0xF0, 0xAA, 0x08, 0x03, 0xEA, 0xFF, 0x40, 0x5D, 0x3D,
-	0x24, 0xF1, 0x1A, 0x9B, 0x5C, 0x0B, 0xEF, 0x67, 0x9F, 0xE1, 0x45, 0x4B,
-	0x21, 0xC4, 0xCD, 0x1F
-};
 
 /* Given private value and NID, create EC_KEY structure */
 
 static EC_KEY *
-mk_eckey(int nid, const unsigned char *p, size_t plen)
+mk_eckey(int nid, const char *priv_str)
 {
-	EC_KEY *k = NULL;
+	EC_KEY *key = NULL;
 	BIGNUM *priv = NULL;
 	EC_POINT *pub = NULL;
-	const EC_GROUP *grp;
+	const EC_GROUP *group;
-	int ok = 0;
+	EC_KEY *ret = NULL;
 
-	k = EC_KEY_new_by_curve_name(nid);
+	if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
-	if (!k)
 		goto err;
-	priv = BN_bin2bn(p, plen, NULL);
+	if (!BN_hex2bn(&priv, priv_str))
-	if (!priv)
 		goto err;
-	if (!EC_KEY_set_private_key(k, priv))
+	if (!EC_KEY_set_private_key(key, priv))
 		goto err;
-	grp = EC_KEY_get0_group(k);
+	if ((group = EC_KEY_get0_group(key)) == NULL)
-	pub = EC_POINT_new(grp);
-	if (!pub)
 		goto err;
-	if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL))
+	if ((pub = EC_POINT_new(group)) == NULL)
 		goto err;
-	if (!EC_KEY_set_public_key(k, pub))
+	if (!EC_POINT_mul(group, pub, priv, NULL, NULL, NULL))
 		goto err;
-	ok = 1;
+	if (!EC_KEY_set_public_key(key, pub))
-err:
+		goto err;
+
+	ret = key;
+	key = NULL;
+
+ err:
+	EC_KEY_free(key);
 	BN_free(priv);
 	EC_POINT_free(pub);
-	if (!ok) {
+
-		EC_KEY_free(k);
+	return ret;
-		k = NULL;
-	}
-	return (k);
 }
 
-/* Known answer test: compute shared secret and check it matches
+/*
- * expected value.
+ * Known answer test: compute shared secret and check it matches expected value.
  */
-
 static int
-ecdh_kat(BIO *out, const char *cname, int nid,
+ecdh_kat(const struct ecdh_kat_test *kat)
-    const unsigned char *k1, size_t k1_len,
-    const unsigned char *k2, size_t k2_len,
-    const unsigned char *Z, size_t Zlen)
 {
-	int rv = 0;
+	EC_KEY *keya = NULL, *keyb = NULL;
-	EC_KEY *key1 = NULL, *key2 = NULL;
+	const EC_POINT *puba, *pubb;
-	unsigned char *Ztmp = NULL;
+	BIGNUM *z = NULL;
-	size_t Ztmplen;
+	unsigned char *want = NULL, *got = NULL;
-	BIO_puts(out, "Testing ECDH shared secret with ");
+	int len = 0;
-	BIO_puts(out, cname);
+	int failed = 1;
-	key1 = mk_eckey(nid, k1, k1_len);
+
-	key2 = mk_eckey(nid, k2, k2_len);
+	if ((keya = mk_eckey(kat->nid, kat->keya)) == NULL)
-	if (!key1 || !key2)
+		goto err;
-		goto err;
+	if ((puba = EC_KEY_get0_public_key(keya)) == NULL)
-	Ztmplen = ECDH_size(key1);
+		goto err;
-	if (Ztmplen != Zlen)
+	if ((keyb = mk_eckey(kat->nid, kat->keyb)) == NULL)
-		goto err;
+		goto err;
-	if ((Ztmp = malloc(Ztmplen)) == NULL)
+	if ((pubb = EC_KEY_get0_public_key(keyb)) == NULL)
-		goto err;
+		goto err;
-	if (!ECDH_compute_key(Ztmp, Ztmplen,
+
-	    EC_KEY_get0_public_key(key2), key1, 0))
+	if ((len = ECDH_size(keya)) != ECDH_size(keyb))
-		goto err;
+		goto err;
-	if (memcmp(Ztmp, Z, Zlen))
+
-		goto err;
+	if ((want = calloc(1, len)) == NULL)
-	memset(Ztmp, 0, Zlen);
+		goto err;
-	if (!ECDH_compute_key(Ztmp, Ztmplen,
+	if ((got = calloc(1, len)) == NULL)
-	    EC_KEY_get0_public_key(key1), key2, 0))
+		goto err;
-		goto err;
+
-	if (memcmp(Ztmp, Z, Zlen))
+	if (!BN_hex2bn(&z, kat->want))
-		goto err;
+		goto err;
-	rv = 1;
+	if (BN_num_bytes(z) > len)
+		goto err;
+	if (BN_bn2binpad(z, want, len) != len)
+		goto err;
+
+	if (ECDH_compute_key(got, len, pubb, keya, NULL) != len)
+		goto err;
+	if (memcmp(got, want, len) != 0)
+		goto err;
+
+	memset(got, 0, len);
+
+	if (ECDH_compute_key(got, len, puba, keyb, NULL) != len)
+		goto err;
+	if (memcmp(got, want, len) != 0)
+		goto err;
+
+	failed = 0;
+
+ err:
+	if (failed) {
+		printf("shared secret with %s failed", OBJ_nid2sn(kat->nid));
 
-err:
-	if (rv)
-		BIO_puts(out, " ok\n");
-	else {
 		fprintf(stderr, "Error in ECDH routines\n");
 		ERR_print_errors_fp(stderr);
 	}
 
-	EC_KEY_free(key1);
+	EC_KEY_free(keya);
-	EC_KEY_free(key2);
+	EC_KEY_free(keyb);
-	free(Ztmp);
+	BN_free(z);
+	freezero(want, len);
+	freezero(got, len);
 
-	return rv;
+	return failed;
 }
 
-#define test_ecdh_kat(bio, curve, bits) \
-	ecdh_kat(bio, curve, NID_brainpoolP##bits##r1, \
-		bp##bits##_da, sizeof(bp##bits##_da), \
-		bp##bits##_db, sizeof(bp##bits##_db), \
-		bp##bits##_Z, sizeof(bp##bits##_Z))
-
 int
-main(int argc, char *argv[])
+main(void)
 {
-	BN_CTX *ctx = NULL;
+	EC_builtin_curve *curves = NULL;
-	int ret = 1;
+	size_t i, n_curves;
-	BIO *out;
+	int failed = 0;
 
-	out = BIO_new(BIO_s_file());
+	if ((n_curves = EC_get_builtin_curves(NULL, 0)) == 0)
-	if (out == NULL)
+		errx(1, "EC_get_builtin_curves failed");
-		exit(1);
+	if ((curves = calloc(n_curves, sizeof(*curves))) == NULL)
-	BIO_set_fp(out, stdout, BIO_NOCLOSE);
+		errx(1, NULL);
+	if (EC_get_builtin_curves(curves, n_curves) != n_curves)
+		errx(1, "EC_get_builtin_curves failed");
 
-	if ((ctx = BN_CTX_new()) == NULL)
+	for (i = 0; i < n_curves; i++)
-		goto err;
+		failed |= ecdh_keygen_test(curves[i].nid);
 
-	/* NIST PRIME CURVES TESTS */
+	for (i = 0; i < N_KATS; i++)
-	if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192",
+		failed |= ecdh_kat(&ecdh_kat_tests[i]);
-	    ctx, out))
-		goto err;
-	if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
-		goto err;
-	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256",
-	    ctx, out))
-		goto err;
-	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out))
-		goto err;
-	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out))
-		goto err;
-	if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
-		goto err;
-	if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
-		goto err;
-	if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
-		goto err;
 
-	ret = 0;
+	free(curves);
-
-err:
 	ERR_print_errors_fp(stderr);
-	BN_CTX_free(ctx);
+
-	BIO_free(out);
+	return failed;
-	CRYPTO_cleanup_all_ex_data();
-	ERR_remove_thread_state(NULL);
-	CRYPTO_mem_leaks_fp(stderr);
-	exit(ret);
 }

regress/lib/libcrypto/free/freenull.awk

@@ -1,4 +1,4 @@
-# $OpenBSD: freenull.awk,v 1.1 2018/07/10 20:53:30 tb Exp $
+# $OpenBSD: freenull.awk,v 1.2 2023/07/20 17:27:54 tb Exp $
 # Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -30,7 +30,6 @@
 /^OBJ_sigid_free$/				||
 /^X509V3_section_free$/				||
 /^X509V3_string_free$/				||
-/^asn1_enc_free$/				||
 /^sk_pop_free$/ {
 	next
 }
@@ -41,8 +40,6 @@
 /^EC_PRIVATEKEY_free$/				||
 /^ECPARAMETERS_free$/				||
 /^ECPKPARAMETERS_free$/				||
-/^NETSCAPE_ENCRYPTED_PKEY_free$/		||
-/^NETSCAPE_PKEY_free$/				||
 /^X9_62_CHARACTERISTIC_TWO_free$/		||
 /^X9_62_PENTANOMIAL_free$/ {
 	next

regress/lib/libcrypto/sha/sha_test.c

@@ -1,6 +1,6 @@
-/*	$OpenBSD: sha_test.c,v 1.4 2022/09/02 13:23:05 tb Exp $ */
+/*	$OpenBSD: sha_test.c,v 1.6 2023/07/19 15:11:42 joshua Exp $ */
 /*
- * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev>
+ * Copyright (c) 2022, 2023 Joshua Sing <joshua@hypera.dev>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -38,7 +38,7 @@ static const struct sha_test sha_tests[] = {
 			0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
 			0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
 			0x9c, 0xd0, 0xd8, 0x9d,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha1,
@@ -48,7 +48,7 @@ static const struct sha_test sha_tests[] = {
 			0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
 			0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
 			0xaf, 0xd8, 0x07, 0x09,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha1,
@@ -60,7 +60,7 @@ static const struct sha_test sha_tests[] = {
 			0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e,
 			0xba, 0xae, 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5,
 			0xe5, 0x46, 0x70, 0xf1,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha1,
@@ -73,7 +73,7 @@ static const struct sha_test sha_tests[] = {
 			0xa4, 0x9b, 0x24, 0x46, 0xa0, 0x2c, 0x64, 0x5b,
 			0xf4, 0x19, 0xf9, 0x95, 0xb6, 0x70, 0x91, 0x25,
 			0x3a, 0x04, 0xa2, 0x59,
-		}
+		},
 	},
 
 	/* SHA-224 */
@@ -86,7 +86,7 @@ static const struct sha_test sha_tests[] = {
 			0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3,
 			0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7,
 			0xe3, 0x6c, 0x9d, 0xa7,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha224,
@@ -97,7 +97,7 @@ static const struct sha_test sha_tests[] = {
 			0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
 			0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
 			0xc5, 0xb3, 0xe4, 0x2f,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha224,
@@ -110,7 +110,7 @@ static const struct sha_test sha_tests[] = {
 			0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50,
 			0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19,
 			0x52, 0x52, 0x25, 0x25,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha224,
@@ -124,7 +124,7 @@ static const struct sha_test sha_tests[] = {
 			0x7a, 0x04, 0xa9, 0x6d, 0xef, 0x6d, 0x99, 0xa9,
 			0xe0, 0xe0, 0xe2, 0xab, 0x14, 0xe6, 0xb8, 0xdf,
 			0x26, 0x5f, 0xc0, 0xb3,
-		}
+		},
 	},
 
 	/* SHA-256 */
@@ -137,7 +137,7 @@ static const struct sha_test sha_tests[] = {
 			0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
 			0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
 			0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha256,
@@ -148,7 +148,7 @@ static const struct sha_test sha_tests[] = {
 			0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
 			0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
 			0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha256,
@@ -161,7 +161,7 @@ static const struct sha_test sha_tests[] = {
 			0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
 			0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
 			0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha256,
@@ -175,7 +175,7 @@ static const struct sha_test sha_tests[] = {
 			0x03, 0x6c, 0xe5, 0x9e, 0x7b, 0x04, 0x92, 0x37,
 			0x0b, 0x24, 0x9b, 0x11, 0xe8, 0xf0, 0x7a, 0x51,
 			0xaf, 0xac, 0x45, 0x03, 0x7a, 0xfe, 0xe9, 0xd1,
-		}
+		},
 	},
 
 	/* SHA-384 */
@@ -190,7 +190,7 @@ static const struct sha_test sha_tests[] = {
 			0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
 			0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
 			0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha384,
@@ -203,7 +203,7 @@ static const struct sha_test sha_tests[] = {
 			0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,
 			0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb,
 			0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha384,
@@ -218,7 +218,7 @@ static const struct sha_test sha_tests[] = {
 			0xfe, 0x8f, 0x45, 0x0d, 0xe5, 0xf3, 0x6b, 0xc6,
 			0xb0, 0x45, 0x5a, 0x85, 0x20, 0xbc, 0x4e, 0x6f,
 			0x5f, 0xe9, 0x5b, 0x1f, 0xe3, 0xc8, 0x45, 0x2b,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha384,
@@ -234,7 +234,7 @@ static const struct sha_test sha_tests[] = {
 			0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
 			0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
 			0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39,
-		}
+		},
 	},
 
 	/* SHA-512 */
@@ -251,7 +251,7 @@ static const struct sha_test sha_tests[] = {
 			0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
 			0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
 			0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha512,
@@ -266,7 +266,7 @@ static const struct sha_test sha_tests[] = {
 			0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
 			0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
 			0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha512,
@@ -283,7 +283,7 @@ static const struct sha_test sha_tests[] = {
 			0xaa, 0x1d, 0x3b, 0xea, 0x57, 0x78, 0x9c, 0xa0,
 			0x31, 0xad, 0x85, 0xc7, 0xa7, 0x1d, 0xd7, 0x03,
 			0x54, 0xec, 0x63, 0x12, 0x38, 0xca, 0x34, 0x45,
-		}
+		},
 	},
 	{
 		.algorithm = NID_sha512,
@@ -301,7 +301,235 @@ static const struct sha_test sha_tests[] = {
 			0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
 			0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
 			0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09,
-		}
+		},
+	},
+
+	/* SHA3-224 */
+	{
+		.algorithm = NID_sha3_224,
+		.in = "abc",
+		.in_len = 3,
+		.out = {
+			0xe6, 0x42, 0x82, 0x4c, 0x3f, 0x8c, 0xf2, 0x4a,
+			0xd0, 0x92, 0x34, 0xee, 0x7d, 0x3c, 0x76, 0x6f,
+			0xc9, 0xa3, 0xa5, 0x16, 0x8d, 0x0c, 0x94, 0xad,
+			0x73, 0xb4, 0x6f, 0xdf,
+		},
+	},
+	{
+		.algorithm = NID_sha3_224,
+		.in = "",
+		.in_len = 0,
+		.out = {
+			0x6b, 0x4e, 0x03, 0x42, 0x36, 0x67, 0xdb, 0xb7,
+			0x3b, 0x6e, 0x15, 0x45, 0x4f, 0x0e, 0xb1, 0xab,
+			0xd4, 0x59, 0x7f, 0x9a, 0x1b, 0x07, 0x8e, 0x3f,
+			0x5b, 0x5a, 0x6b, 0xc7,
+		},
+	},
+	{
+		.algorithm = NID_sha3_224,
+		.in =
+		    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmno"
+		    "mnopnopq",
+		.in_len = 56,
+		.out = {
+			0x8a, 0x24, 0x10, 0x8b, 0x15, 0x4a, 0xda, 0x21,
+			0xc9, 0xfd, 0x55, 0x74, 0x49, 0x44, 0x79, 0xba,
+			0x5c, 0x7e, 0x7a, 0xb7, 0x6e, 0xf2, 0x64, 0xea,
+			0xd0, 0xfc, 0xce, 0x33,
+		},
+	},
+	{
+		.algorithm = NID_sha3_224,
+		.in =
+		    "abcdefghbcdefghicdefghijdefghijkefghijklfghijklm"
+		    "ghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs"
+		    "mnopqrstnopqrstu",
+		.in_len = 112,
+		.out = {
+			0x54, 0x3e, 0x68, 0x68, 0xe1, 0x66, 0x6c, 0x1a,
+			0x64, 0x36, 0x30, 0xdf, 0x77, 0x36, 0x7a, 0xe5,
+			0xa6, 0x2a, 0x85, 0x07, 0x0a, 0x51, 0xc1, 0x4c,
+			0xbf, 0x66, 0x5c, 0xbc,
+		},
+	},
+
+	/* SHA3-256 */
+	{
+		.algorithm = NID_sha3_256,
+		.in = "abc",
+		.in_len = 3,
+		.out = {
+			0x3a, 0x98, 0x5d, 0xa7, 0x4f, 0xe2, 0x25, 0xb2,
+			0x04, 0x5c, 0x17, 0x2d, 0x6b, 0xd3, 0x90, 0xbd,
+			0x85, 0x5f, 0x08, 0x6e, 0x3e, 0x9d, 0x52, 0x5b,
+			0x46, 0xbf, 0xe2, 0x45, 0x11, 0x43, 0x15, 0x32,
+		},
+	},
+	{
+		.algorithm = NID_sha3_256,
+		.in = "",
+		.in_len = 0,
+		.out = {
+			0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,
+			0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,
+			0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa,
+			0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a,
+		},
+	},
+	{
+		.algorithm = NID_sha3_256,
+		.in =
+		    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmno"
+		    "mnopnopq",
+		.in_len = 56,
+		.out = {
+			0x41, 0xc0, 0xdb, 0xa2, 0xa9, 0xd6, 0x24, 0x08,
+			0x49, 0x10, 0x03, 0x76, 0xa8, 0x23, 0x5e, 0x2c,
+			0x82, 0xe1, 0xb9, 0x99, 0x8a, 0x99, 0x9e, 0x21,
+			0xdb, 0x32, 0xdd, 0x97, 0x49, 0x6d, 0x33, 0x76,
+		},
+	},
+	{
+		.algorithm = NID_sha3_256,
+		.in =
+		    "abcdefghbcdefghicdefghijdefghijkefghijklfghijklm"
+		    "ghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs"
+		    "mnopqrstnopqrstu",
+		.in_len = 112,
+		.out = {
+			0x91, 0x6f, 0x60, 0x61, 0xfe, 0x87, 0x97, 0x41,
+			0xca, 0x64, 0x69, 0xb4, 0x39, 0x71, 0xdf, 0xdb,
+			0x28, 0xb1, 0xa3, 0x2d, 0xc3, 0x6c, 0xb3, 0x25,
+			0x4e, 0x81, 0x2b, 0xe2, 0x7a, 0xad, 0x1d, 0x18,
+		},
+	},
+
+	/* SHA3-384 */
+	{
+		.algorithm = NID_sha3_384,
+		.in = "abc",
+		.in_len = 3,
+		.out = {
+			0xec, 0x01, 0x49, 0x82, 0x88, 0x51, 0x6f, 0xc9,
+			0x26, 0x45, 0x9f, 0x58, 0xe2, 0xc6, 0xad, 0x8d,
+			0xf9, 0xb4, 0x73, 0xcb, 0x0f, 0xc0, 0x8c, 0x25,
+			0x96, 0xda, 0x7c, 0xf0, 0xe4, 0x9b, 0xe4, 0xb2,
+			0x98, 0xd8, 0x8c, 0xea, 0x92, 0x7a, 0xc7, 0xf5,
+			0x39, 0xf1, 0xed, 0xf2, 0x28, 0x37, 0x6d, 0x25,
+		},
+	},
+	{
+		.algorithm = NID_sha3_384,
+		.in = "",
+		.in_len = 0,
+		.out = {
+			0x0c, 0x63, 0xa7, 0x5b, 0x84, 0x5e, 0x4f, 0x7d,
+			0x01, 0x10, 0x7d, 0x85, 0x2e, 0x4c, 0x24, 0x85,
+			0xc5, 0x1a, 0x50, 0xaa, 0xaa, 0x94, 0xfc, 0x61,
+			0x99, 0x5e, 0x71, 0xbb, 0xee, 0x98, 0x3a, 0x2a,
+			0xc3, 0x71, 0x38, 0x31, 0x26, 0x4a, 0xdb, 0x47,
+			0xfb, 0x6b, 0xd1, 0xe0, 0x58, 0xd5, 0xf0, 0x04,
+		},
+	},
+	{
+		.algorithm = NID_sha3_384,
+		.in =
+		    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmno"
+		    "mnopnopq",
+		.in_len = 56,
+		.out = {
+			0x99, 0x1c, 0x66, 0x57, 0x55, 0xeb, 0x3a, 0x4b,
+			0x6b, 0xbd, 0xfb, 0x75, 0xc7, 0x8a, 0x49, 0x2e,
+			0x8c, 0x56, 0xa2, 0x2c, 0x5c, 0x4d, 0x7e, 0x42,
+			0x9b, 0xfd, 0xbc, 0x32, 0xb9, 0xd4, 0xad, 0x5a,
+			0xa0, 0x4a, 0x1f, 0x07, 0x6e, 0x62, 0xfe, 0xa1,
+			0x9e, 0xef, 0x51, 0xac, 0xd0, 0x65, 0x7c, 0x22,
+		},
+	},
+	{
+		.algorithm = NID_sha3_384,
+		.in =
+		    "abcdefghbcdefghicdefghijdefghijkefghijklfghijklm"
+		    "ghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs"
+		    "mnopqrstnopqrstu",
+		.in_len = 112,
+		.out = {
+			0x79, 0x40, 0x7d, 0x3b, 0x59, 0x16, 0xb5, 0x9c,
+			0x3e, 0x30, 0xb0, 0x98, 0x22, 0x97, 0x47, 0x91,
+			0xc3, 0x13, 0xfb, 0x9e, 0xcc, 0x84, 0x9e, 0x40,
+			0x6f, 0x23, 0x59, 0x2d, 0x04, 0xf6, 0x25, 0xdc,
+			0x8c, 0x70, 0x9b, 0x98, 0xb4, 0x3b, 0x38, 0x52,
+			0xb3, 0x37, 0x21, 0x61, 0x79, 0xaa, 0x7f, 0xc7,
+		},
+	},
+
+	/* SHA3-512 */
+	{
+		.algorithm = NID_sha3_512,
+		.in = "abc",
+		.in_len = 3,
+		.out = {
+			0xb7, 0x51, 0x85, 0x0b, 0x1a, 0x57, 0x16, 0x8a,
+			0x56, 0x93, 0xcd, 0x92, 0x4b, 0x6b, 0x09, 0x6e,
+			0x08, 0xf6, 0x21, 0x82, 0x74, 0x44, 0xf7, 0x0d,
+			0x88, 0x4f, 0x5d, 0x02, 0x40, 0xd2, 0x71, 0x2e,
+			0x10, 0xe1, 0x16, 0xe9, 0x19, 0x2a, 0xf3, 0xc9,
+			0x1a, 0x7e, 0xc5, 0x76, 0x47, 0xe3, 0x93, 0x40,
+			0x57, 0x34, 0x0b, 0x4c, 0xf4, 0x08, 0xd5, 0xa5,
+			0x65, 0x92, 0xf8, 0x27, 0x4e, 0xec, 0x53, 0xf0,
+		},
+	},
+	{
+		.algorithm = NID_sha3_512,
+		.in = "",
+		.in_len = 0,
+		.out = {
+			0xa6, 0x9f, 0x73, 0xcc, 0xa2, 0x3a, 0x9a, 0xc5,
+			0xc8, 0xb5, 0x67, 0xdc, 0x18, 0x5a, 0x75, 0x6e,
+			0x97, 0xc9, 0x82, 0x16, 0x4f, 0xe2, 0x58, 0x59,
+			0xe0, 0xd1, 0xdc, 0xc1, 0x47, 0x5c, 0x80, 0xa6,
+			0x15, 0xb2, 0x12, 0x3a, 0xf1, 0xf5, 0xf9, 0x4c,
+			0x11, 0xe3, 0xe9, 0x40, 0x2c, 0x3a, 0xc5, 0x58,
+			0xf5, 0x00, 0x19, 0x9d, 0x95, 0xb6, 0xd3, 0xe3,
+			0x01, 0x75, 0x85, 0x86, 0x28, 0x1d, 0xcd, 0x26,
+		},
+	},
+	{
+		.algorithm = NID_sha3_512,
+		.in =
+		    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmno"
+		    "mnopnopq",
+		.in_len = 56,
+		.out = {
+			0x04, 0xa3, 0x71, 0xe8, 0x4e, 0xcf, 0xb5, 0xb8,
+			0xb7, 0x7c, 0xb4, 0x86, 0x10, 0xfc, 0xa8, 0x18,
+			0x2d, 0xd4, 0x57, 0xce, 0x6f, 0x32, 0x6a, 0x0f,
+			0xd3, 0xd7, 0xec, 0x2f, 0x1e, 0x91, 0x63, 0x6d,
+			0xee, 0x69, 0x1f, 0xbe, 0x0c, 0x98, 0x53, 0x02,
+			0xba, 0x1b, 0x0d, 0x8d, 0xc7, 0x8c, 0x08, 0x63,
+			0x46, 0xb5, 0x33, 0xb4, 0x9c, 0x03, 0x0d, 0x99,
+			0xa2, 0x7d, 0xaf, 0x11, 0x39, 0xd6, 0xe7, 0x5e,
+		},
+	},
+	{
+		.algorithm = NID_sha3_512,
+		.in =
+		    "abcdefghbcdefghicdefghijdefghijkefghijklfghijklm"
+		    "ghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs"
+		    "mnopqrstnopqrstu",
+		.in_len = 112,
+		.out = {
+			0xaf, 0xeb, 0xb2, 0xef, 0x54, 0x2e, 0x65, 0x79,
+			0xc5, 0x0c, 0xad, 0x06, 0xd2, 0xe5, 0x78, 0xf9,
+			0xf8, 0xdd, 0x68, 0x81, 0xd7, 0xdc, 0x82, 0x4d,
+			0x26, 0x36, 0x0f, 0xee, 0xbf, 0x18, 0xa4, 0xfa,
+			0x73, 0xe3, 0x26, 0x11, 0x22, 0x94, 0x8e, 0xfc,
+			0xfd, 0x49, 0x2e, 0x74, 0xe8, 0x2e, 0x21, 0x89,
+			0xed, 0x0f, 0xb4, 0x40, 0xd1, 0x87, 0xf3, 0x82,
+			0x27, 0x0c, 0xb4, 0x55, 0xf2, 0x1d, 0xd1, 0x85,
+		},
 	},
 };
 
@@ -322,7 +550,7 @@ static const struct sha_repetition_test sha_repetition_tests[] = {
 			0x34, 0xaa, 0x97, 0x3c, 0xd4, 0xc4, 0xda, 0xa4,
 			0xf6, 0x1e, 0xeb, 0x2b, 0xdb, 0xad, 0x27, 0x31,
 			0x65, 0x34, 0x01, 0x6f,
-		}
+		},
 	},
 
 	/* SHA-224 */
@@ -335,7 +563,7 @@ static const struct sha_repetition_test sha_repetition_tests[] = {
 			0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b,
 			0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee,
 			0x4e, 0xe7, 0xad, 0x67,
-		}
+		},
 	},
 
 	/* SHA-256 */
@@ -348,7 +576,7 @@ static const struct sha_repetition_test sha_repetition_tests[] = {
 			0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67,
 			0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e,
 			0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0,
-		}
+		},
 	},
 
 	/* SHA-384 */
@@ -363,7 +591,7 @@ static const struct sha_repetition_test sha_repetition_tests[] = {
 			0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b,
 			0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb,
 			0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85,
-		}
+		},
 	},
 
 	/* SHA-512 */
@@ -380,7 +608,65 @@ static const struct sha_repetition_test sha_repetition_tests[] = {
 			0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b,
 			0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e,
 			0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b,
-		}
+		},
+	},
+
+	/* SHA3-224 */
+	{
+		.algorithm = NID_sha3_224,
+		.in = 'a',
+		.in_repetitions = 1000000,
+		.out = {
+			0xd6, 0x93, 0x35, 0xb9, 0x33, 0x25, 0x19, 0x2e,
+			0x51, 0x6a, 0x91, 0x2e, 0x6d, 0x19, 0xa1, 0x5c,
+			0xb5, 0x1c, 0x6e, 0xd5, 0xc1, 0x52, 0x43, 0xe7,
+			0xa7, 0xfd, 0x65, 0x3c,
+		},
+	},
+
+	/* SHA3-256 */
+	{
+		.algorithm = NID_sha3_256,
+		.in = 'a',
+		.in_repetitions = 1000000,
+		.out = {
+			0x5c, 0x88, 0x75, 0xae, 0x47, 0x4a, 0x36, 0x34,
+			0xba, 0x4f, 0xd5, 0x5e, 0xc8, 0x5b, 0xff, 0xd6,
+			0x61, 0xf3, 0x2a, 0xca, 0x75, 0xc6, 0xd6, 0x99,
+			0xd0, 0xcd, 0xcb, 0x6c, 0x11, 0x58, 0x91, 0xc1,
+		},
+	},
+
+	/* SHA3-384 */
+	{
+		.algorithm = NID_sha3_384,
+		.in = 'a',
+		.in_repetitions = 1000000,
+		.out = {
+			0xee, 0xe9, 0xe2, 0x4d, 0x78, 0xc1, 0x85, 0x53,
+			0x37, 0x98, 0x34, 0x51, 0xdf, 0x97, 0xc8, 0xad,
+			0x9e, 0xed, 0xf2, 0x56, 0xc6, 0x33, 0x4f, 0x8e,
+			0x94, 0x8d, 0x25, 0x2d, 0x5e, 0x0e, 0x76, 0x84,
+			0x7a, 0xa0, 0x77, 0x4d, 0xdb, 0x90, 0xa8, 0x42,
+			0x19, 0x0d, 0x2c, 0x55, 0x8b, 0x4b, 0x83, 0x40,
+		},
+	},
+
+	/* SHA3-512 */
+	{
+		.algorithm = NID_sha3_512,
+		.in = 'a',
+		.in_repetitions = 1000000,
+		.out = {
+			0x3c, 0x3a, 0x87, 0x6d, 0xa1, 0x40, 0x34, 0xab,
+			0x60, 0x62, 0x7c, 0x07, 0x7b, 0xb9, 0x8f, 0x7e,
+			0x12, 0x0a, 0x2a, 0x53, 0x70, 0x21, 0x2d, 0xff,
+			0xb3, 0x38, 0x5a, 0x18, 0xd4, 0xf3, 0x88, 0x59,
+			0xed, 0x31, 0x1d, 0x0a, 0x9d, 0x51, 0x41, 0xce,
+			0x9c, 0xc5, 0xc6, 0x6e, 0xe6, 0x89, 0xb2, 0x66,
+			0xa8, 0xaa, 0x18, 0xac, 0xe8, 0x28, 0x2a, 0x0e,
+			0x0d, 0xb5, 0x96, 0xc9, 0x0b, 0x0a, 0x7b, 0x87,
+		},
 	},
 };
 
@@ -430,6 +716,30 @@ sha_hash_from_algorithm(int algorithm, const char **out_label,
 		md = EVP_sha512();
 		len = SHA512_DIGEST_LENGTH;
 		break;
+	case NID_sha3_224:
+		label = SN_sha3_224;
+		sha_func = NULL;
+		md = EVP_sha3_224();
+		len = 224 / 8;
+		break;
+	case NID_sha3_256:
+		label = SN_sha3_256;
+		sha_func = NULL;
+		md = EVP_sha3_256();
+		len = 256 / 8;
+		break;
+	case NID_sha3_384:
+		label = SN_sha3_384;
+		sha_func = NULL;
+		md = EVP_sha3_384();
+		len = 384 / 8;
+		break;
+	case NID_sha3_512:
+		label = SN_sha3_512;
+		sha_func = NULL;
+		md = EVP_sha3_512();
+		len = 512 / 8;
+		break;
 	default:
 		fprintf(stderr, "FAIL: unknown algorithm (%d)\n",
 		    algorithm);
@@ -473,60 +783,66 @@ sha_test(void)
 			goto failed;
 
 		/* Digest */
-		memset(out, 0, sizeof(out));
+		if (sha_func != NULL) {
-		sha_func(st->in, st->in_len, out);
+			memset(out, 0, sizeof(out));
-		if (memcmp(st->out, out, out_len) != 0) {
+			sha_func(st->in, st->in_len, out);
-			fprintf(stderr, "FAIL (%s): mismatch\n", label);
+			if (memcmp(st->out, out, out_len) != 0) {
-			goto failed;
+				fprintf(stderr, "FAIL (%s:%zu): mismatch\n",
+				    label, i);
+				goto failed;
+			}
 		}
 
 		/* EVP single-shot digest */
 		memset(out, 0, sizeof(out));
 		if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) {
-			fprintf(stderr, "FAIL (%s): EVP_Digest failed\n",
+			fprintf(stderr, "FAIL (%s:%zu): EVP_Digest failed\n",
-			    label);
+			    label, i);
 			goto failed;
 		}
 
 		if (memcmp(st->out, out, out_len) != 0) {
-			fprintf(stderr, "FAIL (%s): EVP single-shot mismatch\n",
+			fprintf(stderr,
-			    label);
+			    "FAIL (%s:%zu): EVP single-shot mismatch\n",
+			    label, i);
 			goto failed;
 		}
 
 		/* EVP digest */
 		memset(out, 0, sizeof(out));
 		if (!EVP_DigestInit_ex(hash, md, NULL)) {
-			fprintf(stderr, "FAIL (%s): EVP_DigestInit_ex failed\n",
+			fprintf(stderr,
-			    label);
+			    "FAIL (%s:%zu): EVP_DigestInit_ex failed\n",
+			    label, i);
 			goto failed;
 		}
 
 		in_len = st->in_len / 2;
 		if (!EVP_DigestUpdate(hash, st->in, in_len)) {
 			fprintf(stderr,
-			    "FAIL (%s): EVP_DigestUpdate first half failed\n",
+			    "FAIL (%s:%zu): EVP_DigestUpdate first half "
-			    label);
+			    "failed\n", label, i);
 			goto failed;
 		}
 
 		if (!EVP_DigestUpdate(hash, st->in + in_len,
 		    st->in_len - in_len)) {
 			fprintf(stderr,
-			    "FAIL (%s): EVP_DigestUpdate second half failed\n",
+			    "FAIL (%s:%zu): EVP_DigestUpdate second half "
-			    label);
+			    "failed\n", label, i);
 			goto failed;
 		}
 
 		if (!EVP_DigestFinal_ex(hash, out, NULL)) {
 			fprintf(stderr,
-			    "FAIL (%s): EVP_DigestFinal_ex failed\n",
+			    "FAIL (%s:%zu): EVP_DigestFinal_ex failed\n",
-			    label);
+			    label, i);
 			goto failed;
 		}
 
 		if (memcmp(st->out, out, out_len) != 0) {
-			fprintf(stderr, "FAIL (%s): EVP mismatch\n", label);
+			fprintf(stderr, "FAIL (%s:%zu): EVP mismatch\n",
+			    label, i);
 			goto failed;
 		}
 	}
@@ -565,8 +881,8 @@ sha_repetition_test(void)
 		/* EVP digest */
 		if (!EVP_DigestInit_ex(hash, md, NULL)) {
 			fprintf(stderr,
-			    "FAIL (%s): EVP_DigestInit_ex failed\n",
+			    "FAIL (%s:%zu): EVP_DigestInit_ex failed\n",
-			    label);
+			    label, i);
 			goto failed;
 		}
 
@@ -579,8 +895,8 @@ sha_repetition_test(void)
 
 			if (!EVP_DigestUpdate(hash, buf, part_len)) {
 				fprintf(stderr,
-				    "FAIL (%s): EVP_DigestUpdate failed\n",
+				    "FAIL (%s:%zu): EVP_DigestUpdate failed\n",
-				    label);
+				    label, i);
 				goto failed;
 			}
 
@@ -589,13 +905,14 @@ sha_repetition_test(void)
 
 		if (!EVP_DigestFinal_ex(hash, out, NULL)) {
 			fprintf(stderr,
-			    "FAIL (%s): EVP_DigestFinal_ex failed\n",
+			    "FAIL (%s:%zu): EVP_DigestFinal_ex failed\n",
-			    label);
+			    label, i);
 			goto failed;
 		}
 
 		if (memcmp(st->out, out, out_len) != 0) {
-			fprintf(stderr, "FAIL (%s): EVP mismatch\n", label);
+			fprintf(stderr, "FAIL (%s:%zu): EVP mismatch\n",
+			    label, i);
 			goto failed;
 		}
 	}

regress/lib/libssl/Makefile

@@ -1,11 +1,11 @@
-#	$OpenBSD: Makefile,v 1.52 2023/07/02 17:21:32 beck Exp $
+#	$OpenBSD: Makefile,v 1.54 2023/07/15 19:32:54 tb Exp $
 
 SUBDIR += api
 SUBDIR += asn1
 SUBDIR += buffer
 SUBDIR += bytestring
 SUBDIR += ciphers
-#SUBDIR += client
+SUBDIR += client
 SUBDIR += dtls
 SUBDIR += exporter
 SUBDIR += handshake
@@ -13,8 +13,9 @@ SUBDIR += pqueue
 SUBDIR += quic
 SUBDIR += record
 SUBDIR += record_layer
-#SUBDIR += server
+SUBDIR += server
 SUBDIR += ssl
+SUBDIR += symbols
 SUBDIR += tls
 SUBDIR += tlsext
 SUBDIR += tlslegacy

regress/lib/libssl/client/clienttest.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: clienttest.c,v 1.40 2023/04/23 18:59:41 tb Exp $ */
+/*	$OpenBSD: clienttest.c,v 1.42 2023/07/11 17:03:44 tb Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  *
@@ -36,7 +36,7 @@
 #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
 #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
 #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
-#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 192)
+#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 188)
 #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98)
 
 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
@@ -213,7 +213,7 @@ static const uint8_t cipher_list_tls12_chacha[] = {
 };
 
 static const uint8_t client_hello_tls12[] = {
-	0x16, 0x03, 0x01, 0x00, 0xbb, 0x01, 0x00, 0x00,
+	0x16, 0x03, 0x03, 0x00, 0xbb, 0x01, 0x00, 0x00,
 	0xb7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -270,8 +270,8 @@ static const uint8_t cipher_list_tls13_chacha[] = {
 };
 
 static const uint8_t client_hello_tls13[] = {
-	0x16, 0x03, 0x01, 0x01, 0x18, 0x01, 0x00, 0x01,
+	0x16, 0x03, 0x03, 0x01, 0x14, 0x01, 0x00, 0x01,
-	0x14, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x10, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -292,20 +292,20 @@ static const uint8_t client_hello_tls13[] = {
 	0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
 	0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
 	0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00,
-	0x00, 0x6b, 0x00, 0x2b, 0x00, 0x09, 0x08, 0x03,
+	0x00, 0x67, 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03,
-	0x04, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01, 0x00,
+	0x04, 0x03, 0x03, 0x00, 0x33, 0x00, 0x26, 0x00,
-	0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00,
+	0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00,
-	0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00,
-	0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
+	0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
-	0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00,
+	0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
-	0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08,
+	0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
-	0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
+	0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06,
-	0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
+	0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08,
-	0x03, 0x02, 0x01, 0x02, 0x03,
+	0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02,
+	0x03,
 };
 
 static const uint8_t cipher_list_tls13_only_aes[] = {
@@ -351,6 +351,7 @@ struct client_hello_test {
 	const size_t key_share_start;
 	const SSL_METHOD *(*ssl_method)(void);
 	const long ssl_options;
+	int connect_fails;
 };
 
 static const struct client_hello_test client_hello_tests[] = {
@@ -359,6 +360,7 @@ static const struct client_hello_test client_hello_tests[] = {
 		.protocol = DTLS1_VERSION,
 		.random_start = DTLS_RANDOM_OFFSET,
 		.ssl_method = DTLSv1_client_method,
+		.connect_fails = 1,
 	},
 	{
 		.desc = "DTLSv1.2 client method",
@@ -378,6 +380,7 @@ static const struct client_hello_test client_hello_tests[] = {
 		.random_start = DTLS_RANDOM_OFFSET,
 		.ssl_method = DTLS_client_method,
 		.ssl_options = SSL_OP_NO_DTLSv1_2,
+		.connect_fails = 1,
 	},
 	{
 		.desc = "DTLS client method (no DTLSv1.0)",
@@ -391,12 +394,14 @@ static const struct client_hello_test client_hello_tests[] = {
 		.protocol = TLS1_VERSION,
 		.random_start = SSL3_RANDOM_OFFSET,
 		.ssl_method = TLSv1_client_method,
+		.connect_fails = 1,
 	},
 	{
 		.desc = "TLSv1_1 client method",
 		.protocol = TLS1_1_VERSION,
 		.random_start = SSL3_RANDOM_OFFSET,
 		.ssl_method = TLSv1_1_client_method,
+		.connect_fails = 1,
 	},
 	{
 		.desc = "TLSv1_2 client method",
@@ -422,15 +427,19 @@ static const struct client_hello_test client_hello_tests[] = {
 	},
 	{
 		.desc = "SSLv23 (no TLSv1.2)",
-		.protocol = TLS1_1_VERSION,
+		.protocol = TLS1_3_VERSION_ONLY,
-		.random_start = SSL3_RANDOM_OFFSET,
+		.random_start = TLS13_RANDOM_OFFSET,
+		.session_start = TLS13_SESSION_OFFSET,
+		.key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET,
 		.ssl_method = SSLv23_client_method,
 		.ssl_options = SSL_OP_NO_TLSv1_2,
 	},
 	{
 		.desc = "SSLv23 (no TLSv1.1)",
-		.protocol = TLS1_VERSION,
+		.protocol = TLS1_3_VERSION,
-		.random_start = SSL3_RANDOM_OFFSET,
+		.random_start = TLS13_RANDOM_OFFSET,
+		.session_start = TLS13_SESSION_OFFSET,
+		.key_share_start = TLS13_KEY_SHARE_OFFSET,
 		.ssl_method = SSLv23_client_method,
 		.ssl_options = SSL_OP_NO_TLSv1_1,
 	},
@@ -452,15 +461,19 @@ static const struct client_hello_test client_hello_tests[] = {
 	},
 	{
 		.desc = "TLS (no TLSv1.2)",
-		.protocol = TLS1_1_VERSION,
+		.protocol = TLS1_3_VERSION_ONLY,
-		.random_start = SSL3_RANDOM_OFFSET,
+		.random_start = TLS13_RANDOM_OFFSET,
+		.session_start = TLS13_SESSION_OFFSET,
+		.key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET,
 		.ssl_method = TLS_client_method,
 		.ssl_options = SSL_OP_NO_TLSv1_2,
 	},
 	{
 		.desc = "TLS (no TLSv1.1)",
-		.protocol = TLS1_VERSION,
+		.protocol = TLS1_3_VERSION,
-		.random_start = SSL3_RANDOM_OFFSET,
+		.random_start = TLS13_RANDOM_OFFSET,
+		.session_start = TLS13_SESSION_OFFSET,
+		.key_share_start = TLS13_KEY_SHARE_OFFSET,
 		.ssl_method = TLS_client_method,
 		.ssl_options = SSL_OP_NO_TLSv1_1,
 	},
@@ -661,6 +674,8 @@ client_hello_test(int testno, const struct client_hello_test *cht)
 	SSL_set_bio(ssl, rbio, wbio);
 
 	if (SSL_connect(ssl) != 0) {
+		if (cht->connect_fails)
+			goto done;
 		fprintf(stderr, "SSL_connect() returned non-zero\n");
 		goto failure;
 	}
@@ -709,6 +724,7 @@ client_hello_test(int testno, const struct client_hello_test *cht)
 		goto failure;
 	}
 
+ done:
 	ret = 0;
 
  failure:

regress/lib/libssl/server/servertest.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: servertest.c,v 1.7 2022/06/10 22:00:15 tb Exp $ */
+/* $OpenBSD: servertest.c,v 1.9 2023/07/11 11:52:35 tb Exp $ */
 /*
  * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -84,6 +84,7 @@ struct server_hello_test {
 	const SSL_METHOD *(*ssl_method)(void);
 	const long ssl_clear_options;
 	const long ssl_set_options;
+	int accept_fails;
 };
 
 static struct server_hello_test server_hello_tests[] = {
@@ -94,6 +95,7 @@ static struct server_hello_test server_hello_tests[] = {
 		.ssl_method = tls_legacy_method,
 		.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
 		.ssl_set_options = 0,
+		.accept_fails = 1,
 	},
 	{
 		.desc = "TLSv1.2 in SSLv2 record",
@@ -102,6 +104,7 @@ static struct server_hello_test server_hello_tests[] = {
 		.ssl_method = tls_legacy_method,
 		.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
 		.ssl_set_options = 0,
+		.accept_fails = 1,
 	},
 };
 
@@ -160,11 +163,14 @@ server_hello_test(int testno, struct server_hello_test *sht)
 	SSL_set_bio(ssl, rbio, wbio);
 
 	if (SSL_accept(ssl) != 0) {
+		if (sht->accept_fails)
+			goto done;
 		fprintf(stderr, "SSL_accept() returned non-zero\n");
 		ERR_print_errors_fp(stderr);
 		goto failure;
 	}
 
+ done:
 	ret = 0;
 
  failure:

regress/lib/libssl/symbols/Makefile

@@ -0,0 +1,22 @@
+#	$OpenBSD: Makefile,v 1.2 2023/07/15 23:40:46 tb Exp $
+
+PROG = symbols
+
+.include <bsd.own.mk>
+
+DPADD=		${LIBCRYPTO} ${LIBSSL}
+LDFLAGS+=	-lcrypto -lssl
+LDFLAGS+=	-Wl,--no-allow-shlib-undefined
+CFLAGS+=	-Wno-deprecated-declarations
+
+CLEANFILES+= symbols.c symbols.c.tmp
+
+symbols.c: symbols.awk ../../../../lib/libssl/Symbols.list
+	awk -f ${.CURDIR}/symbols.awk \
+		< ${BSDSRCDIR}/lib/libssl/Symbols.list > $@.tmp && \
+	mv -f $@.tmp $@
+
+run-regress-symbols: symbols
+	./symbols 2>/dev/null
+
+.include <bsd.regress.mk>

regress/lib/libssl/symbols/symbols.awk

@@ -0,0 +1,65 @@
+# $OpenBSD: symbols.awk,v 1.2 2023/07/19 21:01:29 tb Exp $
+
+# Copyright (c) 2018,2020,2023 Theo Buehler <tb@openbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+# usage: awk -f symbols.awk < Symbols.list > symbols.c
+
+BEGIN {
+	printf("#include <stdio.h>\n\n")
+
+	printf("#include <openssl/dtls1.h>\n")
+	printf("#include <openssl/ssl.h>\n")
+	printf("#include <openssl/ssl2.h>\n")
+	printf("#include <openssl/ssl23.h>\n")
+	printf("#include <openssl/ssl3.h>\n")
+	printf("#include <openssl/tls1.h>\n\n")
+
+	printf("#include <openssl/srtp.h>\n\n")		# depends on ssl.h
+}
+
+/^SSL_version_str$/ {
+	printf("extern const char *%s;\n", $0)
+}
+
+{
+	symbols[$0] = $0
+
+	# Undefine aliases, so we don't accidentally leave them in Symbols.list.
+	printf("#ifdef %s\n#undef %s\n#endif\n", $0, $0)
+}
+
+END {
+	printf("\nint\nmain(void)\n{\n")
+	printf("\tsize_t i;\n");
+
+	printf("\tstruct {\n")
+	printf("\t\tconst char *const name;\n")
+	printf("\t\tconst void *addr;\n")
+	printf("\t} symbols[] = {\n")
+
+	for (symbol in symbols) {
+		printf("\t\t{\n")
+		printf("\t\t\t.name = \"%s\",\n", symbol)
+		printf("\t\t\t.addr = &%s,\n", symbol)
+		printf("\t\t},\n")
+	}
+
+	printf("\t\};\n\n")
+
+	printf("\tfor (i = 0; i < sizeof(symbols) / sizeof(symbols[0]); i++)\n")
+	printf("\t\tfprintf(stderr, \"%%s: %%p\\n\", symbols[i].name, symbols[i].addr);\n")
+	printf("\n\tprintf(\"OK\\n\");\n")
+	printf("\n\treturn 0;\n}\n")
+}

regress/sys/net/pf_trans/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.1 2023/07/06 19:55:57 sashan Exp $
+#	$OpenBSD: Makefile,v 1.2 2023/07/10 17:46:03 anton Exp $
 
 PROGS+=	dev-limit
 PROGS+=	iocmd-limit
@@ -8,6 +8,7 @@ CFLAGS+=	-Wall
 REGRESS_ROOT_TARGETS=	run-regress-dev-limit \
 			run-regress-iocmd-limit
 
+TIMEOUT?=	10
 
 #
 # Create 2048 processes. Each child process will attempt
@@ -16,7 +17,7 @@ REGRESS_ROOT_TARGETS=	run-regress-dev-limit \
 # There should be 1023 children, which could open /dev/pf.
 #
 run-regress-dev-limit:
-	${SUDO} ./dev-limit -c 2048 -s 1023 -t 10
+	${SUDO} ./dev-limit -c 2048 -s 1023 -t ${TIMEOUT}
 
 #
 # Open 1024 tickets for DIOCGETRULES without closing them.

regress/sys/net/pf_trans/dev-limit.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dev-limit.c,v 1.1 2023/07/06 19:55:58 sashan Exp $ */
+/*	$OpenBSD: dev-limit.c,v 1.3 2023/07/12 18:21:39 anton Exp $ */
 
 /*
  * Copyright (c) 2023 Alexandr Nedvedicky <sashan@openbsd.org>
@@ -114,11 +114,17 @@ main(int argc, char *const argv[])
 	signal(SIGCHLD, handle_sigchild);
 	pids = (pid_t *)malloc(sizeof(pid_t) * chld_count);
 	if (pids == 0)
-		err(1, "%s malloc: ", argv[0]);
+		err(1, NULL);
 
 	i = 0;
 	while ((sigchild == 0) && (i < chld_count)) {
-		if ((pids[i++] = fork()) == 0)
+		pid_t pid;
+
+		pid = fork();
+		pids[i++] = pid;
+		if (pid == -1)
+			warn("fork");
+		else if (pid == 0)
 			execl(argv[0], argv[0], "-t", sleep_arg, NULL);
 	}
 	chld_count = i;

regress/sys/net/pf_trans/iocmd-limit.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: iocmd-limit.c,v 1.1 2023/07/06 19:55:58 sashan Exp $ */
+/*	$OpenBSD: iocmd-limit.c,v 1.2 2023/07/10 17:45:17 anton Exp $ */
 
 /*
  * Copyright (c) 2023 Alexandr Nedvedicky <sashan@openbsd.org>
@@ -65,7 +65,7 @@ do_DIOCGETRULES_test(int dev)
 		 * exit right away.
 		 */
 		if (errno != EBUSY)
-			err(1, "%s DIOCGETRULES: ", __func__);
+			err(1, "%s DIOCGETRULES", __func__);
 	}
 
 	return (rv);
@@ -100,9 +100,9 @@ do_DIOCXEND_test(int dev)
 	pr.rule.action = PF_PASS;
 
 	if ((rv = ioctl(dev, DIOCGETRULES, &pr)) == -1)
-		warn("%s DIOCGETRULES: ", __func__);
+		warn("%s DIOCGETRULES", __func__);
 	else if ((rv = ioctl(dev, DIOCXEND, &pr.ticket)) == -1)
-		warn("%s DIOCXEND: ", __func__);
+		warn("%s DIOCXEND", __func__);
 
 	return (rv);
 }
@@ -190,7 +190,7 @@ main(int argc, char *const argv[])
 
 	dev = open("/dev/pf", O_RDONLY);
 	if (dev < 0)
-		err(1, "open(\"dev/pf\"): ");
+		err(1, "open(\"dev/pf\")");
 
 	while (i < iterations) {
 		if (test_iocmd->iocmd_test(dev) != 0)

regress/sys/net/rdomains/lo.ok

@@ -1 +1 @@
-loRDO: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> rdomain RDO mtu 32768
+loRDO: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> rdomain RDO mtu 32768

regress/usr.bin/rsync/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.3 2023/04/29 00:20:46 bluhm Exp $
+# $OpenBSD: Makefile,v 1.4 2023/07/16 06:36:18 anton Exp $
 
 # evaluate once in main make invocation, then get list of test from environment
 .if ! (make(clean) || make(cleandir) || make(obj))
@@ -13,27 +13,18 @@ clean:
 	rm -rf dir* find*
 
 # some of these tests pass or fail unreliably
-REGRESS_EXPECTED_FAILURES =	run-openrsync-openrsync-test10_perms \
+REGRESS_EXPECTED_FAILURES =	run-openrsync-openrsync-test3_minusexclude \
-				run-openrsync-openrsync-test11_middlediff \
-				run-openrsync-openrsync-test11b_middlediff \
-				run-openrsync-openrsync-test3_minusexclude \
-				run-openrsync-openrsync-test3b_minusexclude \
-				run-openrsync-openrsync-test3c_minusexclude \
 				run-openrsync-openrsync-test6_perms \
 				run-openrsync-openrsync-test6b_perms \
 				run-openrsync-openrsync-test7_symlinks \
-				run-openrsync-openrsync-test7b_symlinks \
+				run-openrsync-openrsync-test10_perms \
-				run-openrsync-openrsync-test9_norecurse \
+				run-openrsync-openrsync-test13_perms \
-				run-openrsync-rsync-test10_perms \
-				run-openrsync-rsync-test11_middlediff \
-				run-openrsync-rsync-test11b_middlediff \
 				run-openrsync-rsync-test3_minusexclude \
 				run-openrsync-rsync-test6_perms \
 				run-openrsync-rsync-test6b_perms \
 				run-openrsync-rsync-test7_symlinks \
-				run-rsync-openrsync-test12_inex \
+				run-openrsync-rsync-test10_perms \
-				run-openrsync-rsync-test12c_inex \
+				run-openrsync-rsync-test13_perms
-				run-rsync-rsync-test3c_minusexclude
 
 .if ! exists(${RSYNC_PORT})
 .for t in ${RSYNC_TESTS}

regress/usr.bin/rsync/lib.sh

@@ -65,9 +65,14 @@ findme ()
     fi
     (
         cd "$1" ; shift
-        # Cut out the inode number and blocks used.
+        # Remove unstable fields:
-        # Maybe later also cut out size in bytes for directories.
+        #    1: inode
-        find "$@" -ls | sed 's/^ *[0-9]* *[0-9]* *//' | sort
+        #    2: size in blocks
+        # 8-10: last modification time
+        find "$@" -ls |
+        sed -e 's/^[[:space:]]*//' -e 's/[[:space:]][[:space:]]*/ /g' |
+        cut -d ' ' -f 3-7,11- |
+        sort
     )
 }
 

regress/usr.bin/rsync/test10_perms.test

@@ -10,6 +10,7 @@ mkdir dir1
 cd dir1
 generate_tree_1
 chmod 640 foo/bar/baz/one.txt
+touch -m -t 199901020405 foo/bar/baz/one.txt
 # make the tree we want to compare to
 mkdir ../dir2
 cd ../dir2

regress/usr.bin/rsync/test13_perms.test

@@ -0,0 +1,23 @@
+#! /bin/sh
+
+. ${tstdir-.}/lib.sh
+. ${tstdir-.}/conf.sh
+
+generate_tree() {
+	mkdirfile "${1}/one.txt"
+}
+
+rm -rf dir1 dir2 dir3
+# make the copy-from-here tree
+generate_tree dir1
+# make the tree we want to compare to
+generate_tree dir2
+
+# Also make the target tree and mess up some permissions in there.
+# We expect rsync to reset this to what dir1 has.
+generate_tree dir3
+chmod 070 dir3/one.txt
+touch -m -t 199901020405 dir3/one.txt
+
+$rsync -a dir1/ dir3
+compare_trees dir2 dir3

regress/usr.bin/rsync/test6_perms.test

@@ -19,7 +19,9 @@ mkdir ../dir3
 cd ../dir3
 generate_tree_1
 chmod 600 foo/bar/baz/one.txt
+touch -m -t 199901020405 foo/bar/baz/one.txt
 chmod 070 foo/bar/baz/one2.txt
+touch -m -t 199901020405 foo/bar/baz/one2.txt
 
 cd ..
 $rsync -a dir1/ dir3

regress/usr.bin/rsync/test6b_perms.test

@@ -18,13 +18,17 @@ mkdir ../dir2
 cd ../dir2
 generate_tree_1
 chmod 600 foo/bar/baz/one.txt
+touch -m -t 199901020405 foo/bar/baz/one.txt
 chmod 777 foo/bar/baz/one2.txt
+touch -m -t 199901020405 foo/bar/baz/one2.txt
 
 mkdir ../dir3
 cd ../dir3
 generate_tree_1
 chmod 600 foo/bar/baz/one.txt
+touch -m -t 199901020405 foo/bar/baz/one.txt
 chmod 777 foo/bar/baz/one2.txt
+touch -m -t 199901020405 foo/bar/baz/one2.txt
 
 cd ..
 # call -a without -p.

regress/usr.sbin/bgpd/integrationtests/Makefile

@@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.20 2022/11/09 14:31:31 claudio Exp $
+# $OpenBSD: Makefile,v 1.21 2023/07/12 15:34:59 claudio Exp $
 
 REGRESS_TARGETS	= 	network_statement md5 ovs mrt pftable \
 			maxprefix maxprefixout maxcomm \
-			as0 med eval_all policy l3vpn
+			as0 med eval_all policy l3vpn attr
 
 BGPD ?=			/usr/sbin/bgpd
 
@@ -53,6 +53,11 @@ med:
 eval_all:
 	# install exabgp from ports for additional tests
 	@echo SKIPPED
+
+attr:
+	# install exabgp from ports for additional tests
+	@echo SKIPPED
+
 .else
 
 .SUFFIXES: .conf .in
@@ -70,6 +75,9 @@ med: api-exabgp exabgp.med.conf
 eval_all: api-exabgp exabgp.eval_all.conf
 	${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
 
+attr: api-exabgp exabgp.attr.conf
+	${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
+
 .endif
 
 .include <bsd.regress.mk>

regress/usr.sbin/bgpd/integrationtests/attr.sh

@@ -0,0 +1,105 @@
+#!/bin/ksh
+#	$OpenBSD: attr.sh,v 1.1 2023/07/12 15:34:59 claudio Exp $
+
+set -e
+
+BGPD=$1
+BGPDCONFIGDIR=$2
+RDOMAIN1=$3
+RDOMAIN2=$4
+PAIR1=$5
+PAIR2=$6
+
+RDOMAINS="${RDOMAIN1} ${RDOMAIN2}"
+PAIRS="${PAIR1} ${PAIR2}"
+PAIR1IP=10.12.57.1
+PAIR2IP=10.12.57.2
+PAIR2IP2=10.12.57.3
+PAIR2IP3=10.12.57.4
+
+error_notify() {
+	echo cleanup
+	pkill -T ${RDOMAIN1} bgpd || true
+	pkill -T ${RDOMAIN2} -f exabgp || true
+	sleep 1
+	ifconfig ${PAIR2} destroy || true
+	ifconfig ${PAIR1} destroy || true
+	route -qn -T ${RDOMAIN1} flush || true
+	route -qn -T ${RDOMAIN2} flush || true
+	ifconfig lo${RDOMAIN1} destroy || true
+	ifconfig lo${RDOMAIN2} destroy || true
+	if [ $1 -ne 0 ]; then
+		echo FAILED
+		exit 1
+	else
+		echo SUCCESS
+	fi
+}
+
+run_exabgp() {
+	local _t=$1
+
+	shift
+	env	exabgp.log.destination=stdout \
+		exabgp.log.packets=true \
+		exabgp.log.parser=true \
+		exabgp.log.level=DEBUG \
+		exabgp.api.cli=false \
+		exabgp.daemon.user=build \
+	    route -T ${RDOMAIN2} exec exabgp -1 ${1+"$@"} > ./exabgp.$_t.log
+}
+
+if [ ! -x /usr/local/bin/exabgp ]; then 
+	echo install exabgp from ports for this test >&2
+	exit 1
+fi
+
+if [ "$(id -u)" -ne 0 ]; then 
+	echo need root privileges >&2
+	exit 1
+fi
+
+trap 'error_notify $?' EXIT
+
+echo check if rdomains are busy
+for n in ${RDOMAINS}; do
+	if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then
+		echo routing domain ${n} is already used >&2
+		exit 1
+	fi
+done
+
+echo check if interfaces are busy
+for n in ${PAIRS}; do
+	/sbin/ifconfig "${n}" >/dev/null 2>&1 && \
+	    ( echo interface ${n} is already used >&2; exit 1 )
+done
+
+set -x
+
+echo setup
+ifconfig ${PAIR1} rdomain ${RDOMAIN1} ${PAIR1IP}/29 up
+ifconfig ${PAIR2} rdomain ${RDOMAIN2} ${PAIR2IP}/29 up
+ifconfig ${PAIR2} alias ${PAIR2IP2}/32
+ifconfig ${PAIR2} alias ${PAIR2IP3}/32
+ifconfig ${PAIR1} patch ${PAIR2}
+ifconfig lo${RDOMAIN1} inet 127.0.0.1/8
+ifconfig lo${RDOMAIN2} inet 127.0.0.1/8
+[ -p attr.fifo ] || mkfifo attr.fifo
+
+echo run bgpd
+route -T ${RDOMAIN1} exec ${BGPD} \
+	-v -f ${BGPDCONFIGDIR}/bgpd.attr.conf
+
+sleep 1
+
+echo test2
+run_exabgp attr exabgp.attr.conf > exabgp.attr.out 2>&1 &
+
+sleep 3
+route -T ${RDOMAIN1} exec bgpctl sh rib in | tee attr.out
+sleep .2
+diff -u ${BGPDCONFIGDIR}/exabgp.attr.ok attr.out
+echo OK
+
+exit 0

regress/usr.sbin/bgpd/integrationtests/bgpd.attr.conf

@@ -0,0 +1,8 @@
+AS 64500
+router-id 10.12.57.1
+fib-update no
+
+neighbor 10.12.57.0/29
+
+allow from any
+allow to any

regress/usr.sbin/bgpd/integrationtests/exabgp.attr.in

@@ -0,0 +1,60 @@
+process reader {
+	run "##OBJDIR##/api-exabgp" -t 10 "##OBJDIR##/attr.fifo";
+	encoder text;
+}
+
+neighbor 10.12.57.1 {
+	router-id 10.12.57.2;
+	local-address 10.12.57.2;
+	local-as 64501;
+	peer-as 64500;
+	group-updates;
+	adj-rib-in false;
+	passive false;
+
+	family {
+		ipv4 unicast;
+	}
+
+	api {
+		processes [ reader ];
+		neighbor-changes;
+		receive {
+			parsed;
+			update;
+			notification;
+		}
+	}
+}
+
+neighbor 10.12.57.1 {
+	router-id 10.12.57.3;
+	local-address 10.12.57.3;
+	local-as 64502;
+	peer-as 64500;
+	group-updates;
+	adj-rib-in false;
+	passive false;
+
+	family {
+		ipv4 unicast;
+	}
+
+	static {
+		route 10.12.0.0/24 next-hop self;
+		# aggregator
+		route 10.12.1.0/24 next-hop self attribute [ 0x07 0xc0 0x02 ];
+		# communities
+		route 10.12.2.0/24 next-hop self attribute [ 0x08 0xc0 0x02 ];
+		# ext communities
+		route 10.12.3.0/24 next-hop self attribute [ 0x10 0xc0 0x02 ];
+		# as4-path
+		route 10.12.4.0/24 next-hop self attribute [ 0x11 0xc0 0x02 ];
+		# as4-aggregator
+		route 10.12.5.0/24 next-hop self attribute [ 0x12 0xc0 0x02 ];
+		# large communities
+		route 10.12.6.0/24 next-hop self attribute [ 0x20 0xc0 0x02 ];
+		# OTC
+		route 10.12.7.0/24 next-hop self attribute [ 0x23 0xc0 0x02 ];
+	}
+}

regress/usr.sbin/bgpd/integrationtests/exabgp.attr.ok

@@ -0,0 +1,15 @@
+flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
+       S = Stale, E = Error
+origin validation state: N = not-found, V = valid, ! = invalid
+aspa validation state: ? = unknown, V = valid, ! = invalid
+origin: i = IGP, e = EGP, ? = Incomplete
+
+flags  vs destination          gateway          lpref   med aspath origin
+      N-? 10.12.0.0/24         10.12.57.3        100     0 64502 i
+      N-? 10.12.1.0/24         10.12.57.3        100     0 64502 i
+E     N-? 10.12.2.0/24         10.12.57.3        100     0 64502 i
+E     N-? 10.12.3.0/24         10.12.57.3        100     0 64502 i
+      N-? 10.12.4.0/24         10.12.57.3        100     0 64502 i
+      N-? 10.12.5.0/24         10.12.57.3        100     0 64502 i
+E     N-? 10.12.6.0/24         10.12.57.3        100     0 64502 i
+E     N-? 10.12.7.0/24         10.12.57.3        100     0 64502 i

regress/usr.sbin/bgpd/unittests/rde_community_test.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde_community_test.c,v 1.7 2023/06/17 08:01:22 claudio Exp $ */
+/*	$OpenBSD: rde_community_test.c,v 1.8 2023/07/12 15:27:11 claudio Exp $ */
 
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
@@ -46,6 +46,7 @@ static int
 test_parsing(size_t num, uint8_t *in, size_t inlen)
 {
 	const char *func = "community";
+	struct ibuf *buf;
 	uint8_t flags, type, attr[256];
 	size_t skip = 2;
 	uint16_t attr_len;
@@ -80,26 +81,24 @@ test_parsing(size_t num, uint8_t *in, size_t inlen)
 		return -1;
 	}
 
-	switch (type) {
+	if ((buf = ibuf_dynamic(0, 4096)) == NULL) {
-	case ATTR_COMMUNITIES:
+		printf("Test %zu: ibuf_dynamic failed\n", num);
-		r = community_write(&comm, attr, sizeof(attr));
-		break;
-	case ATTR_EXT_COMMUNITIES:
-		r = community_ext_write(&comm, 0, attr, sizeof(attr));
-		break;
-	case ATTR_LARGE_COMMUNITIES:
-		r = community_large_write(&comm, attr, sizeof(attr));
-		break;
-	}
-
-	if (r != inlen) {
-		printf("Test %zu: %s_write return value %d != %zd\n",
-		    num, func, r, inlen);
 		return -1;
 	}
-	if (r != -1 && memcmp(attr, in, inlen) != 0) {
+
+	if (community_writebuf(&comm, type, 0, buf) == -1) {
+		printf("Test %zu: community_writebuf failed\n", num);
+		return -1;
+	}
+
+	if (ibuf_size(buf) != inlen) {
+		printf("Test %zu: %s_write return value %zd != %zd\n",
+		    num, func, ibuf_size(buf), inlen);
+		return -1;
+	}
+	if (memcmp(ibuf_data(buf), in, inlen) != 0) {
 		printf("Test %zu: %s_write unexpected encoding: ", num, func);
-		dump(attr, inlen);
+		dump(ibuf_data(buf), ibuf_size(buf));
 		printf("expected: ");
 		dump(in, inlen);
 		return -1;
@@ -225,45 +224,28 @@ log_warnx(const char *emsg, ...)
 	va_end(ap);
 }
 
-int
-attr_write(void *p, uint16_t p_len, uint8_t flags, uint8_t type,
-    void *data, uint16_t data_len)
-{
-	u_char		*b = p;
-	uint16_t	 tmp, tot_len = 2; /* attribute header (without len) */
-
-	flags &= ~ATTR_DEFMASK;
-	if (data_len > 255) {
-		tot_len += 2 + data_len;
-		flags |= ATTR_EXTLEN;
-	} else {
-		tot_len += 1 + data_len;
-	}
-
-	if (tot_len > p_len)
-		return (-1);
-
-	*b++ = flags;
-	*b++ = type;
-	if (data_len > 255) {
-		tmp = htons(data_len);
-		memcpy(b, &tmp, sizeof(tmp));
-		b += 2;
-	} else
-		*b++ = (u_char)data_len;
-
-	if (data == NULL)
-		return (tot_len - data_len);
-
-	if (data_len != 0)
-		memcpy(b, data, data_len);
-
-	return (tot_len);
-}
-
 int
 attr_writebuf(struct ibuf *buf, uint8_t flags, uint8_t type, void *data,
     uint16_t data_len)
 {
-	return (-1);
+	u_char  hdr[4];
+
+	flags &= ~ATTR_DEFMASK;
+	if (data_len > 255) {
+		flags |= ATTR_EXTLEN;
+		hdr[2] = (data_len >> 8) & 0xff;
+		hdr[3] = data_len & 0xff;
+	} else {
+		hdr[2] = data_len & 0xff;
+	}
+
+	hdr[0] = flags;
+	hdr[1] = type;
+
+	if (ibuf_add(buf, hdr, flags & ATTR_EXTLEN ? 4 : 3) == -1)
+		return (-1);
+	if (data != NULL && ibuf_add(buf, data, data_len) == -1)
+		return (-1);
+	return (0);
+
 }

sbin/ifconfig/ifconfig.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ifconfig.8,v 1.397 2023/06/07 18:42:40 bluhm Exp $
+.\"	$OpenBSD: ifconfig.8,v 1.398 2023/07/18 16:01:20 bluhm Exp $
 .\"	$NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
 .\"     $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\"     @(#)ifconfig.8	8.4 (Berkeley) 6/1/94
 .\"
-.Dd $Mdocdate: June 7 2023 $
+.Dd $Mdocdate: July 18 2023 $
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -519,7 +519,6 @@ or
 Changing this option will re-initialize the network interface.
 .It Cm -tcplro
 Disable LRO.
-LRO is disabled by default.
 .It Cm up
 Mark an interface
 .Dq up .

sbin/iked/eap.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: eap.c,v 1.24 2023/05/23 13:57:14 claudio Exp $	*/
+/*	$OpenBSD: eap.c,v 1.25 2023/07/18 15:07:41 claudio Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -112,7 +112,7 @@ eap_identity_request(struct iked *env, struct iked_sa *sa)
 	if ((pld = ikev2_add_payload(e)) == NULL)
 		goto done;
 	firstpayload = IKEV2_PAYLOAD_IDr;
-	if (ibuf_cat(e, id->id_buf) != 0)
+	if (ibuf_add_buf(e, id->id_buf) != 0)
 		goto done;
 	len = ibuf_size(id->id_buf);
 
@@ -127,7 +127,7 @@ eap_identity_request(struct iked *env, struct iked_sa *sa)
 		if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
 			goto done;
 		cert->cert_type = certid->id_type;
-		if (ibuf_cat(e, certid->id_buf) != 0)
+		if (ibuf_add_buf(e, certid->id_buf) != 0)
 			goto done;
 		len = ibuf_size(certid->id_buf) + sizeof(*cert);
 
@@ -142,7 +142,7 @@ eap_identity_request(struct iked *env, struct iked_sa *sa)
 			if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
 				goto done;
 			cert->cert_type = sa->sa_scert[i].id_type;
-			if (ibuf_cat(e, sa->sa_scert[i].id_buf) != 0)
+			if (ibuf_add_buf(e, sa->sa_scert[i].id_buf) != 0)
 				goto done;
 			len = ibuf_size(sa->sa_scert[i].id_buf) + sizeof(*cert);
 		}
@@ -157,7 +157,7 @@ eap_identity_request(struct iked *env, struct iked_sa *sa)
 	if ((auth = ibuf_reserve(e, sizeof(*auth))) == NULL)
 		goto done;
 	auth->auth_method = sa->sa_localauth.id_type;
-	if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0)
+	if (ibuf_add_buf(e, sa->sa_localauth.id_buf) != 0)
 		goto done;
 	len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth);
 

sbin/iked/iked.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.h,v 1.220 2023/06/28 14:10:24 tobhe Exp $	*/
+/*	$OpenBSD: iked.h,v 1.222 2023/07/18 15:07:41 claudio Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1268,12 +1268,10 @@ struct ibuf *
 	 ibuf_new(const void *, size_t);
 struct ibuf *
 	 ibuf_static(void);
-int	 ibuf_cat(struct ibuf *, struct ibuf *);
 size_t	 ibuf_length(struct ibuf *);
 int	 ibuf_setsize(struct ibuf *, size_t);
-void	*ibuf_getdata(struct ibuf *, size_t);
 struct ibuf *
-	 ibuf_get(struct ibuf *, size_t);
+	 ibuf_getdata(struct ibuf *, size_t);
 struct ibuf *
 	 ibuf_dup(struct ibuf *);
 struct ibuf *

sbin/iked/ikev2.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.372 2023/06/28 14:10:24 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.374 2023/07/18 15:07:41 claudio Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1609,7 +1609,7 @@ ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa)
 	if ((pld = ikev2_add_payload(e)) == NULL)
 		goto done;
 	firstpayload = IKEV2_PAYLOAD_IDi;
-	if (ibuf_cat(e, id->id_buf) != 0)
+	if (ibuf_add_buf(e, id->id_buf) != 0)
 		goto done;
 	len = ibuf_size(id->id_buf);
 
@@ -1623,7 +1623,7 @@ ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa)
 			goto done;
 		if ((pld = ikev2_add_payload(e)) == NULL)
 			goto done;
-		if (ibuf_cat(e, peerid.id_buf) != 0)
+		if (ibuf_add_buf(e, peerid.id_buf) != 0)
 			goto done;
 		len = ibuf_size(peerid.id_buf);
 	}
@@ -1639,7 +1639,7 @@ ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa)
 		if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
 			goto done;
 		cert->cert_type = certid->id_type;
-		if (ibuf_cat(e, certid->id_buf) != 0)
+		if (ibuf_add_buf(e, certid->id_buf) != 0)
 			goto done;
 		len = ibuf_size(certid->id_buf) + sizeof(*cert);
 
@@ -1654,7 +1654,7 @@ ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa)
 			if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
 				goto done;
 			cert->cert_type = sa->sa_scert[i].id_type;
-			if (ibuf_cat(e, sa->sa_scert[i].id_buf) != 0)
+			if (ibuf_add_buf(e, sa->sa_scert[i].id_buf) != 0)
 				goto done;
 			len = ibuf_size(sa->sa_scert[i].id_buf) + sizeof(*cert);
 		}
@@ -1679,7 +1679,7 @@ ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa)
 	if ((auth = ibuf_reserve(e, sizeof(*auth))) == NULL)
 		goto done;
 	auth->auth_method = sa->sa_localauth.id_type;
-	if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0)
+	if (ibuf_add_buf(e, sa->sa_localauth.id_buf) != 0)
 		goto done;
 	len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth);
 
@@ -2212,7 +2212,7 @@ ikev2_add_vendor_id(struct ibuf *e, struct ikev2_payload **pld,
 			return (-1);
 	if ((*pld = ikev2_add_payload(e)) == NULL)
 		return (-1);
-	if (ibuf_cat(e, id) == -1)
+	if (ibuf_add_buf(e, id) == -1)
 		return (-1);
 
 	return (ibuf_length(id));
@@ -3908,7 +3908,7 @@ ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa)
 		if ((pld = ikev2_add_payload(e)) == NULL)
 			goto done;
 		firstpayload = IKEV2_PAYLOAD_IDr;
-		if (ibuf_cat(e, id->id_buf) != 0)
+		if (ibuf_add_buf(e, id->id_buf) != 0)
 			goto done;
 		len = ibuf_size(id->id_buf);
 
@@ -3924,7 +3924,7 @@ ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa)
 			if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
 				goto done;
 			cert->cert_type = certid->id_type;
-			if (ibuf_cat(e, certid->id_buf) != 0)
+			if (ibuf_add_buf(e, certid->id_buf) != 0)
 				goto done;
 			len = ibuf_size(certid->id_buf) + sizeof(*cert);
 
@@ -3940,7 +3940,8 @@ ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa)
 				    sizeof(*cert))) == NULL)
 					goto done;
 				cert->cert_type = sa->sa_scert[i].id_type;
-				if (ibuf_cat(e, sa->sa_scert[i].id_buf) != 0)
+				if (ibuf_add_buf(e, sa->sa_scert[i].id_buf) !=
+				    0)
 					goto done;
 				len = ibuf_size(sa->sa_scert[i].id_buf)
 				    + sizeof(*cert);
@@ -3958,7 +3959,7 @@ ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa)
 	if ((auth = ibuf_reserve(e, sizeof(*auth))) == NULL)
 		goto done;
 	auth->auth_method = sa->sa_localauth.id_type;
-	if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0)
+	if (ibuf_add_buf(e, sa->sa_localauth.id_buf) != 0)
 		goto done;
 	len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth);
 
@@ -4036,7 +4037,7 @@ ikev2_send_ike_e(struct iked *env, struct iked_sa *sa, struct ibuf *buf,
 		goto done;
 
 	if (buf) {
-		if (ibuf_cat(e, buf) != 0)
+		if (ibuf_add_buf(e, buf) != 0)
 			goto done;
 
 		if (ikev2_next_payload(pld, ibuf_size(buf),
@@ -5320,7 +5321,7 @@ ikev2_send_informational(struct iked *env, struct iked_message *msg)
 			log_debug("%s: encryption failed", __func__);
 			goto done;
 		}
-		if (ibuf_cat(buf, e) != 0)
+		if (ibuf_add_buf(buf, e) != 0)
 			goto done;
 		if (ikev2_next_payload(pld, ibuf_size(e),
 		    IKEV2_PAYLOAD_NOTIFY) == -1)
@@ -5351,7 +5352,7 @@ ikev2_send_informational(struct iked *env, struct iked_message *msg)
 		    IKEV2_PAYLOAD_NOTIFY, IKEV2_EXCHANGE_INFORMATIONAL,
 		    0)) == NULL)
 			goto done;
-		if (ibuf_cat(buf, e) != 0)
+		if (ibuf_add_buf(buf, e) != 0)
 			goto done;
 		if (ikev2_set_header(hdr, ibuf_size(buf) - sizeof(*hdr)) == -1)
 			goto done;
@@ -5829,16 +5830,20 @@ ikev2_sa_keys(struct iked *env, struct iked_sa *sa, struct ibuf *key)
 		goto done;
 	}
 
-	/* ibuf_get() returns a new buffer from the next read offset */
+	/* ibuf_getdata() returns a new buffer from the next read offset */
-	if ((sa->sa_key_d = ibuf_get(t, hash_length(prf))) == NULL ||
+	if ((sa->sa_key_d = ibuf_getdata(t, hash_length(prf))) == NULL ||
 	    (!isaead &&
-	    (sa->sa_key_iauth = ibuf_get(t, hash_keylength(integr))) == NULL) ||
+	    (sa->sa_key_iauth = ibuf_getdata(t, hash_keylength(integr))) ==
+	    NULL) ||
 	    (!isaead &&
-	    (sa->sa_key_rauth = ibuf_get(t, hash_keylength(integr))) == NULL) ||
+	    (sa->sa_key_rauth = ibuf_getdata(t, hash_keylength(integr))) ==
-	    (sa->sa_key_iencr = ibuf_get(t, cipher_keylength(encr))) == NULL ||
+	    NULL) ||
-	    (sa->sa_key_rencr = ibuf_get(t, cipher_keylength(encr))) == NULL ||
+	    (sa->sa_key_iencr = ibuf_getdata(t, cipher_keylength(encr))) ==
-	    (sa->sa_key_iprf = ibuf_get(t, hash_length(prf))) == NULL ||
+	    NULL ||
-	    (sa->sa_key_rprf = ibuf_get(t, hash_length(prf))) == NULL) {
+	    (sa->sa_key_rencr = ibuf_getdata(t, cipher_keylength(encr))) ==
+	    NULL ||
+	    (sa->sa_key_iprf = ibuf_getdata(t, hash_length(prf))) == NULL ||
+	    (sa->sa_key_rprf = ibuf_getdata(t, hash_length(prf))) == NULL) {
 		log_debug("%s: failed to get SA keys", SPI_SA(sa, __func__));
 		goto done;
 	}
@@ -6188,13 +6193,13 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa,
 			    ibuf_length(kex->kex_dhpeer));
 			goto done;
 		}
-		if (ibuf_cat(seed, dhsecret) != 0) {
+		if (ibuf_add_buf(seed, dhsecret) != 0) {
 			log_debug("%s: failed to set dh secret", __func__);
 			goto done;
 		}
 	}
-	if (ibuf_cat(seed, kex->kex_inonce) != 0 ||
+	if (ibuf_add_buf(seed, kex->kex_inonce) != 0 ||
-	    ibuf_cat(seed, kex->kex_rnonce) != 0 ||
+	    ibuf_add_buf(seed, kex->kex_rnonce) != 0 ||
 	    (keymat = ikev2_prfplus(sa->sa_prf,
 	    sa->sa_key_d, seed, ilen)) == NULL) {
 		log_debug("%s: failed to get IKE SA key material", __func__);
@@ -6307,13 +6312,13 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa,
 			csa->csa_spi.spi_size = 4;
 		}
 
-		if (encrxf && (csa->csa_encrkey = ibuf_get(keymat,
+		if (encrxf && (csa->csa_encrkey = ibuf_getdata(keymat,
 		    encrxf->xform_keylength / 8)) == NULL) {
 			log_debug("%s: failed to get CHILD SA encryption key",
 			    __func__);
 			goto done;
 		}
-		if (integrxf && (csa->csa_integrkey = ibuf_get(keymat,
+		if (integrxf && (csa->csa_integrkey = ibuf_getdata(keymat,
 		    integrxf->xform_keylength / 8)) == NULL) {
 			log_debug("%s: failed to get CHILD SA integrity key",
 			    __func__);
@@ -6340,13 +6345,13 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa,
 		csb->csa_local = csa->csa_peer;
 		csb->csa_peer = csa->csa_local;
 
-		if (encrxf && (csb->csa_encrkey = ibuf_get(keymat,
+		if (encrxf && (csb->csa_encrkey = ibuf_getdata(keymat,
 		    encrxf->xform_keylength / 8)) == NULL) {
 			log_debug("%s: failed to get CHILD SA encryption key",
 			    __func__);
 			goto done;
 		}
-		if (integrxf && (csb->csa_integrkey = ibuf_get(keymat,
+		if (integrxf && (csb->csa_integrkey = ibuf_getdata(keymat,
 		    integrxf->xform_keylength / 8)) == NULL) {
 			log_debug("%s: failed to get CHILD SA integrity key",
 			    __func__);

sbin/iked/ikev2_msg.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_msg.c,v 1.96 2023/06/28 14:10:24 tobhe Exp $	*/
+/*	$OpenBSD: ikev2_msg.c,v 1.97 2023/07/18 15:07:41 claudio Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -300,7 +300,7 @@ ikev2_msg_send(struct iked *env, struct iked_message *msg)
 			log_debug("%s: failed to set NAT-T", __func__);
 			return (-1);
 		}
-		if (ibuf_cat(new, buf) == -1) {
+		if (ibuf_add_buf(new, buf) == -1) {
 			ibuf_free(new);
 			log_debug("%s: failed to set NAT-T", __func__);
 			return (-1);
@@ -779,7 +779,7 @@ ikev2_msg_send_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf **ep,
 		log_debug("%s: encryption failed", __func__);
 		goto done;
 	}
-	if (ibuf_cat(buf, e) != 0)
+	if (ibuf_add_buf(buf, e) != 0)
 		goto done;
 
 	/* Add integrity checksum (HMAC) */
@@ -887,7 +887,7 @@ ikev2_send_encrypted_fragments(struct iked *env, struct iked_sa *sa,
 			log_debug("%s: encryption failed", __func__);
 			goto done;
 		}
-		if (ibuf_cat(buf, e) != 0)
+		if (ibuf_add_buf(buf, e) != 0)
 			goto done;
 
 		/* Add integrity checksum (HMAC) */
@@ -961,7 +961,7 @@ ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response)
 
 	if ((authmsg = ibuf_dup(buf)) == NULL)
 		return (NULL);
-	if (ibuf_cat(authmsg, nonce) != 0)
+	if (ibuf_add_buf(authmsg, nonce) != 0)
 		goto fail;
 
 	if ((hash_setkey(sa->sa_prf, ibuf_data(prfkey),

sbin/iked/imsg_util.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: imsg_util.c,v 1.19 2023/06/19 17:19:50 claudio Exp $	*/
+/*	$OpenBSD: imsg_util.c,v 1.21 2023/07/18 15:07:41 claudio Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -36,12 +36,6 @@
  * Extending the imsg buffer API for internal use
  */
 
-int
-ibuf_cat(struct ibuf *dst, struct ibuf *src)
-{
-	return (ibuf_add(dst, src->buf, ibuf_size(src)));
-}
-
 struct ibuf *
 ibuf_new(const void *data, size_t len)
 {
@@ -55,7 +49,7 @@ ibuf_new(const void *data, size_t len)
 		return (buf);
 
 	if (data == NULL) {
-		if (ibuf_reserve(buf, len) == NULL) {
+		if (ibuf_add_zero(buf, len) != 0) {
 			ibuf_free(buf);
 			return (NULL);
 		}
@@ -78,12 +72,12 @@ ibuf_static(void)
 size_t
 ibuf_length(struct ibuf *buf)
 {
-	if (buf == NULL || buf->buf == NULL)
+	if (buf == NULL)
 		return (0);
 	return (ibuf_size(buf));
 }
 
-void *
+struct ibuf *
 ibuf_getdata(struct ibuf *buf, size_t len)
 {
 	void	*data;
@@ -92,17 +86,6 @@ ibuf_getdata(struct ibuf *buf, size_t len)
 		return (NULL);
 	buf->rpos += len;
 
-	return (data);
-}
-
-struct ibuf *
-ibuf_get(struct ibuf *buf, size_t len)
-{
-	void		*data;
-
-	if ((data = ibuf_getdata(buf, len)) == NULL)
-		return (NULL);
-
 	return (ibuf_new(data, len));
 }
 

share/man/man9/namei.9

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: namei.9,v 1.22 2019/09/30 19:57:44 kn Exp $
+.\"	$OpenBSD: namei.9,v 1.23 2023/07/15 23:01:25 kn Exp $
 .\"     $NetBSD: namei.9,v 1.9 2003/05/06 10:46:44 jmmv Exp $
 .\"
 .\" Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -28,7 +28,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 30 2019 $
+.Dd $Mdocdate: July 15 2023 $
 .Dt NAMEI 9
 .Os
 .Sh NAME
@@ -74,6 +74,8 @@ struct nameidata {
          */
         struct  vnode *ni_startdir;     /* starting directory */
         struct  vnode *ni_rootdir;      /* logical root directory */
+        uint64_t ni_pledge;             /* expected pledge for namei */
+        u_char ni_unveil;               /* required unveil flags for namei */
         /*
          * Results: returned from/manipulated by lookup
          */
@@ -83,8 +85,9 @@ struct nameidata {
          * Shared between namei and lookup/commit routines.
          */
         size_t  ni_pathlen;             /* remaining chars in path */
-        const char *ni_next;            /* next location in pathname */
+        char *ni_next;                  /* next location in pathname */
         u_long  ni_loopcnt;             /* count of symlinks encountered */
+        struct unveil *ni_unveil_match; /* last matching unveil component */
         /*
          * Lookup parameters
          */
@@ -147,6 +150,8 @@ add entry to the name cache
 this is last component of pathname
 .It ISSYMLINK
 symlink needs interpretation
+.It REALPATH
+save pathname buffer for realpath
 .It REQUIREDIR
 must be a directory
 .It STRIPSLASHES

share/man/man9/refcnt_init.9

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: refcnt_init.9,v 1.5 2023/07/06 20:53:53 kn Exp $
+.\"	$OpenBSD: refcnt_init.9,v 1.6 2023/07/12 18:14:13 jmc Exp $
 .\"
 .\" Copyright (c) 2015 David Gwynne <dlg@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 6 2023 $
+.Dd $Mdocdate: July 12 2023 $
 .Dt REFCNT_INIT 9
 .Os
 .Sh NAME
@@ -71,7 +71,7 @@ is used to release an existing reference.
 is used to release an existing reference and wakes up a process
 that is currently waiting in
 .Fn refcnt_finalize
-for all the references to released.
+for all the references to be released.
 .Pp
 .Fn refcnt_finalize
 releases the caller's reference and sleeps until all the other

sys/arch/amd64/amd64/cpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.169 2023/06/15 22:18:06 cheloha Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.170 2023/07/10 03:32:10 guenther Exp $	*/
 /* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */
 
 /*-
@@ -162,6 +162,7 @@ int cpu_perf_edx = 0;		/* cpuid(0xa).edx */
 int cpu_apmi_edx = 0;		/* cpuid(0x80000007).edx */
 int ecpu_ecxfeature = 0;	/* cpuid(0x80000001).ecx */
 int cpu_meltdown = 0;
+int cpu_use_xsaves = 0;
 
 void
 replacesmap(void)
@@ -699,10 +700,9 @@ cpu_attach(struct device *parent, struct device *self, void *aux)
 }
 
 static void
-replacexsave(void)
+replacexsave(int xsave_ext)
 {
-	extern long _xrstor, _xsave, _xsaveopt;
+	extern long _xrstor, _xrstors, _xsave, _xsaves, _xsaveopt;
-	u_int32_t eax, ebx, ecx, edx;
 	static int replacedone = 0;
 	int s;
 
@@ -710,12 +710,13 @@ replacexsave(void)
 		return;
 	replacedone = 1;
 
-	/* find out whether xsaveopt is supported */
-	CPUID_LEAF(0xd, 1, eax, ebx, ecx, edx);
 	s = splhigh();
+	codepatch_replace(CPTAG_XRSTORS,
+	    (xsave_ext & XSAVE_XSAVES) ? &_xrstors : &_xrstor, 4);
 	codepatch_replace(CPTAG_XRSTOR, &_xrstor, 4);
 	codepatch_replace(CPTAG_XSAVE,
-	    (eax & XSAVE_XSAVEOPT) ? &_xsaveopt : &_xsave, 4);
+	    (xsave_ext & XSAVE_XSAVES) ? &_xsaves :
+	    (xsave_ext & XSAVE_XSAVEOPT) ? &_xsaveopt : &_xsave, 4);
 	splx(s);
 }
 
@@ -764,20 +765,46 @@ cpu_init(struct cpu_info *ci)
 			KASSERT(ebx == fpu_save_len);
 		}
 
-		replacexsave();
+		/* check for xsaves, xsaveopt, and supervisor features */
+		CPUID_LEAF(0xd, 1, eax, ebx, ecx, edx);
+		/* Disable XSAVES on AMD family 17h due to Erratum 1386 */
+		if (!strcmp(cpu_vendor, "AuthenticAMD") &&
+		    ci->ci_family == 0x17) {
+			eax &= ~XSAVE_XSAVES;
+		}
+		if (eax & XSAVE_XSAVES) {
+#ifndef SMALL_KERNEL
+			if (ci->ci_feature_sefflags_edx & SEFF0EDX_IBT)
+				xsave_mask |= ecx & XFEATURE_CET_U;
+#endif
+			if (xsave_mask & XFEATURE_XSS_MASK) {
+				wrmsr(MSR_XSS, xsave_mask & XFEATURE_XSS_MASK);
+				CPUID_LEAF(0xd, 1, eax, ebx, ecx, edx);
+				KASSERT(ebx <= sizeof(struct savefpu));
+			}
+			if (CPU_IS_PRIMARY(ci))
+				cpu_use_xsaves = 1;
+		}
+
+		replacexsave(eax);
 	}
 
-	/* Give proc0 a clean FPU save area */
+	if (CPU_IS_PRIMARY(ci)) {
-	sfp = &proc0.p_addr->u_pcb.pcb_savefpu;
+		/* Clean our FPU save area */
-	memset(sfp, 0, fpu_save_len);
+		sfp = fpu_cleandata;
-	sfp->fp_fxsave.fx_fcw = __INITIAL_NPXCW__;
+		memset(sfp, 0, fpu_save_len);
-	sfp->fp_fxsave.fx_mxcsr = __INITIAL_MXCSR__;
+		sfp->fp_fxsave.fx_fcw = __INITIAL_NPXCW__;
-	fpureset();
+		sfp->fp_fxsave.fx_mxcsr = __INITIAL_MXCSR__;
-	if (xsave_mask) {
+		xrstor_user(sfp, xsave_mask);
-		/* must not use xsaveopt here */
+		if (cpu_use_xsaves || !xsave_mask)
-		xsave(sfp, xsave_mask);
+			fpusave(sfp);
-	} else
+		else {
-		fxsave(sfp);
+			/* must not use xsaveopt here */
+			xsave(sfp, xsave_mask);
+		}
+	} else {
+		fpureset();
+	}
 
 #if NVMM > 0
 	/* Re-enable VMM if needed */

sys/arch/amd64/amd64/locore.S

@@ -1,4 +1,4 @@
-/*	$OpenBSD: locore.S,v 1.135 2023/07/05 18:23:10 anton Exp $	*/
+/*	$OpenBSD: locore.S,v 1.136 2023/07/10 03:32:10 guenther Exp $	*/
 /*	$NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $	*/
 
 /*
@@ -342,7 +342,7 @@ switch_exited:
 #endif
 	CODEPATCH_START
 	fxrstor64	(%rdi)
-	CODEPATCH_END(CPTAG_XRSTOR)
+	CODEPATCH_END(CPTAG_XRSTORS)
 	andl	$~CPUPF_USERXSTATE,CPUVAR(PFLAGS)
 
 .Lxstate_reset:
@@ -680,7 +680,7 @@ KUTEXT_PAGE_END
 	/* untouched state so can't fault */
 	CODEPATCH_START
 	fxrstor64	(%rdi)
-	CODEPATCH_END(CPTAG_XRSTOR)
+	CODEPATCH_END(CPTAG_XRSTORS)
 #if PCB_SAVEFPU != 0
 	subq	$PCB_SAVEFPU,%rdi
 #endif
@@ -868,10 +868,14 @@ KTEXT_PAGE_END
 #if PCB_SAVEFPU != 0
 	addq	$PCB_SAVEFPU,%rdi
 #endif
-	movq	xsave_mask(%rip),%rsi
+	movq	xsave_mask(%rip),%rdx
-	call	xrstor_user
+	movl	%edx,%eax
-	testl	%eax,%eax
+	shrq	$32, %rdx
-	jnz	.Lintr_xrstor_faulted
+	CODEPATCH_START
+	fxrstor64	(%rdi)
+	CODEPATCH_END(CPTAG_XRSTORS)
+	//testl	%eax,%eax
+	//jnz	.Lintr_xrstor_faulted
 .Lintr_restore_fsbase:		/* CPU doesn't have curproc's FS.base */
 	orl	$CPUPF_USERSEGS,CPUVAR(PFLAGS)
 	movq	CPUVAR(CURPCB),%rdx
@@ -894,7 +898,7 @@ KTEXT_PAGE_END
 #endif
 	CODEPATCH_START
 	fxrstor64	(%rdi)
-	CODEPATCH_END(CPTAG_XRSTOR)
+	CODEPATCH_END(CPTAG_XRSTORS)
 	movq	$T_PROTFLT,TF_TRAPNO(%rsp)
 	jmp	recall_trap
 
@@ -945,7 +949,6 @@ NENTRY(intr_fast_exit)
 	testq	$PSL_I,%rdx
 	jnz	.Lintr_exit_not_blocked
 #endif /* DIAGNOSTIC */
-	call	pku_xonly	/* XXX guenther disapproves, but foo3 locks */
 	movq	TF_RDI(%rsp),%rdi
 	movq	TF_RSI(%rsp),%rsi
 	movq	TF_R8(%rsp),%r8
@@ -992,8 +995,14 @@ END(intr_fast_exit)
 
 /*
  * FPU/"extended CPU state" handling
+ *	void xrstor_kern(sfp, mask)
+ *		using first of xrstors/xrstor/fxrstor, load given state
+ *		which is assumed to be trusted: i.e., unaltered from
+ *		xsaves/xsaveopt/xsave/fxsave by kernel
  * 	int xrstor_user(sfp, mask)
- *		load given state, returns 0/1 if okay/it trapped
+ *		using first of xrstor/fxrstor, load given state which might
+ *		not be trustable: #GP faults will be caught; returns 0/1 if
+ *		okay/it trapped.
  *	void fpusave(sfp)
  *		save current state, but retain it in the FPU
  *	void fpusavereset(sfp)
@@ -1002,6 +1011,19 @@ END(intr_fast_exit)
  *		load specified %xcr# register, returns 0/1 if okay/it trapped
  */
 
+ENTRY(xrstor_kern)
+	RETGUARD_SETUP(xrstor_kern, r11)
+	movq	%rsi, %rdx
+	movl	%esi, %eax
+	shrq	$32, %rdx
+	CODEPATCH_START
+	fxrstor64	(%rdi)
+	CODEPATCH_END(CPTAG_XRSTORS)
+	RETGUARD_CHECK(xrstor_kern, r11)
+	ret
+	lfence
+END(xrstor_kern)
+
 ENTRY(xrstor_user)
 	RETGUARD_SETUP(xrstor_user, r11)
 	movq	%rsi, %rdx
@@ -1050,7 +1072,7 @@ ENTRY(fpusavereset)
 #endif
 	CODEPATCH_START
 	fxrstor64	(%rdi)
-	CODEPATCH_END(CPTAG_XRSTOR)
+	CODEPATCH_END(CPTAG_XRSTORS)
 	RETGUARD_CHECK(fpusavereset, r11)
 	ret
 	lfence
@@ -1081,9 +1103,17 @@ END(xsetbv_user)
 _xrstor:
 	xrstor64	(%rdi)
 
+	.globl	_xrstors
+_xrstors:
+	xrstors64	(%rdi)
+
 	.globl	_xsave
 _xsave:
-	xsave64	(%rdi)
+	xsave64		(%rdi)
+
+	.globl	_xsaves
+_xsaves:
+	xsaves64	(%rdi)
 
 	.globl	_xsaveopt
 _xsaveopt:

sys/arch/amd64/amd64/machdep.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: machdep.c,v 1.284 2022/11/29 21:41:39 guenther Exp $	*/
+/*	$OpenBSD: machdep.c,v 1.285 2023/07/10 03:32:10 guenther Exp $	*/
 /*	$NetBSD: machdep.c,v 1.3 2003/05/07 22:58:18 fvdl Exp $	*/
 
 /*-
@@ -564,6 +564,63 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 	/* NOTREACHED */
 }
 
+static inline void
+maybe_enable_user_cet(struct proc *p)
+{
+#ifndef SMALL_KERNEL
+	/* Enable indirect-branch tracking if present and not disabled */
+	if ((xsave_mask & XFEATURE_CET_U) &&
+	    (p->p_p->ps_flags & PS_NOBTCFI) == 0) {
+		uint64_t msr = rdmsr(MSR_U_CET);
+		wrmsr(MSR_U_CET, msr | MSR_CET_ENDBR_EN | MSR_CET_NO_TRACK_EN);
+	}
+#endif
+}
+
+static inline void
+initialize_thread_xstate(struct proc *p)
+{
+	if (cpu_use_xsaves) {
+		xrstors(fpu_cleandata, xsave_mask);
+		maybe_enable_user_cet(p);
+	} else {
+		/* Reset FPU state in PCB */
+		memcpy(&p->p_addr->u_pcb.pcb_savefpu, fpu_cleandata,
+		    fpu_save_len);
+
+		if (curcpu()->ci_pflags & CPUPF_USERXSTATE) {
+			/* state in CPU is obsolete; reset it */
+			fpureset();
+		}
+	}
+
+	/* The reset state _is_ the userspace state for this thread now */
+	curcpu()->ci_pflags |= CPUPF_USERXSTATE;
+}
+
+/*
+ * Copy out the FPU state, massaging it to be usable from userspace
+ * and acceptable to xrstor_user()
+ */
+static inline int
+copyoutfpu(struct savefpu *sfp, char *sp, size_t len)
+{
+	uint64_t bvs[2];
+
+	if (copyout(sfp, sp, len))
+		return 1;
+	if (len > offsetof(struct savefpu, fp_xstate.xstate_bv)) {
+		sp  += offsetof(struct savefpu, fp_xstate.xstate_bv);
+		len -= offsetof(struct savefpu, fp_xstate.xstate_bv);
+		bvs[0] = sfp->fp_xstate.xstate_bv & XFEATURE_XCR0_MASK;
+		bvs[1] = sfp->fp_xstate.xstate_xcomp_bv &
+		    (XFEATURE_XCR0_MASK | XFEATURE_COMPRESSED);
+		if (copyout(bvs, sp, min(len, sizeof bvs)))
+			return 1;
+	}
+	return 0;
+}
+
 /*
  * Send an interrupt to process.
  *
@@ -613,23 +670,22 @@ sendsig(sig_t catcher, int sig, sigset_t mask, const siginfo_t *ksip,
 	else
 		sp = tf->tf_rsp - 128;
 
-	sp &= ~15ULL;	/* just in case */
+	sp -= fpu_save_len;
-	sss = (sizeof(ksc) + 15) & ~15;
+	if (cpu_use_xsaves)
+		sp &= ~63ULL;	/* just in case */
+	else
+		sp &= ~15ULL;	/* just in case */
 
 	/* Save FPU state to PCB if necessary, then copy it out */
-	if (curcpu()->ci_pflags & CPUPF_USERXSTATE) {
+	if (curcpu()->ci_pflags & CPUPF_USERXSTATE)
-		curcpu()->ci_pflags &= ~CPUPF_USERXSTATE;
+		fpusave(&p->p_addr->u_pcb.pcb_savefpu);
-		fpusavereset(&p->p_addr->u_pcb.pcb_savefpu);
+	if (copyoutfpu(sfp, (void *)sp, fpu_save_len))
-	}
-	sp -= fpu_save_len;
-	ksc.sc_fpstate = (struct fxsave64 *)sp;
-	if (copyout(sfp, (void *)sp, fpu_save_len))
 		return 1;
 
-	/* Now reset the FPU state in PCB */
+	initialize_thread_xstate(p);
-	memcpy(&p->p_addr->u_pcb.pcb_savefpu,
-	    &proc0.p_addr->u_pcb.pcb_savefpu, fpu_save_len);
 
+	ksc.sc_fpstate = (struct fxsave64 *)sp;
+	sss = (sizeof(ksc) + 15) & ~15;
 	sip = 0;
 	if (info) {
 		sip = sp - ((sizeof(*ksip) + 15) & ~15);
@@ -658,9 +714,6 @@ sendsig(sig_t catcher, int sig, sigset_t mask, const siginfo_t *ksip,
 	tf->tf_rsp = scp;
 	tf->tf_ss = GSEL(GUDATA_SEL, SEL_UPL);
 
-	/* The reset state _is_ the userspace state for this thread now */
-	curcpu()->ci_pflags |= CPUPF_USERXSTATE;
-
 	return 0;
 }
 
@@ -682,6 +735,7 @@ sys_sigreturn(struct proc *p, void *v, register_t *retval)
 	} */ *uap = v;
 	struct sigcontext ksc, *scp = SCARG(uap, sigcntxp);
 	struct trapframe *tf = p->p_md.md_regs;
+	struct savefpu *sfp = &p->p_addr->u_pcb.pcb_savefpu;
 	int error;
 
 	if (PROC_PC(p) != p->p_p->ps_sigcoderet) {
@@ -706,7 +760,7 @@ sys_sigreturn(struct proc *p, void *v, register_t *retval)
 	    !USERMODE(ksc.sc_cs, ksc.sc_eflags))
 		return (EINVAL);
 
-	/* Current state is obsolete; toss it and force a reload */
+	/* Current FPU state is obsolete; toss it and force a reload */
 	if (curcpu()->ci_pflags & CPUPF_USERXSTATE) {
 		curcpu()->ci_pflags &= ~CPUPF_USERXSTATE;
 		fpureset();
@@ -714,15 +768,17 @@ sys_sigreturn(struct proc *p, void *v, register_t *retval)
 
 	/* Copy in the FPU state to restore */
 	if (__predict_true(ksc.sc_fpstate != NULL)) {
-		struct fxsave64 *fx = &p->p_addr->u_pcb.pcb_savefpu.fp_fxsave;
+		if ((error = copyin(ksc.sc_fpstate, sfp, fpu_save_len)))
-
+			return error;
-		if ((error = copyin(ksc.sc_fpstate, fx, fpu_save_len)))
+		if (xrstor_user(sfp, xsave_mask)) {
-			return (error);
+			memcpy(sfp, fpu_cleandata, fpu_save_len);
-		fx->fx_mxcsr &= fpu_mxcsr_mask;
+			return EINVAL;
+		}
+		maybe_enable_user_cet(p);
+		curcpu()->ci_pflags |= CPUPF_USERXSTATE;
 	} else {
 		/* shouldn't happen, but handle it */
-		memcpy(&p->p_addr->u_pcb.pcb_savefpu,
+		initialize_thread_xstate(p);
-		    &proc0.p_addr->u_pcb.pcb_savefpu, fpu_save_len);
 	}
 
 	tf->tf_rdi = ksc.sc_rdi;
@@ -1146,17 +1202,7 @@ setregs(struct proc *p, struct exec_package *pack, u_long stack,
 {
 	struct trapframe *tf;
 
-	/* Reset FPU state in PCB */
+	initialize_thread_xstate(p);
-	memcpy(&p->p_addr->u_pcb.pcb_savefpu,
-	    &proc0.p_addr->u_pcb.pcb_savefpu, fpu_save_len);
-
-	if (curcpu()->ci_pflags & CPUPF_USERXSTATE) {
-		/* state in CPU is obsolete; reset it */
-		fpureset();
-	} else {
-		/* the reset state _is_ the userspace state now */
-		curcpu()->ci_pflags |= CPUPF_USERXSTATE;
-	}
 
 	/* To reset all registers we have to return via iretq */
 	p->p_md.md_flags |= MDP_IRET;

sys/arch/amd64/amd64/vmm_machdep.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: vmm_machdep.c,v 1.3 2023/04/26 15:40:51 mlarkin Exp $ */
+/* $OpenBSD: vmm_machdep.c,v 1.4 2023/07/10 03:32:10 guenther Exp $ */
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -3733,13 +3733,8 @@ vmm_fpurestore(struct vcpu *vcpu)
 		fpusavereset(&curproc->p_addr->u_pcb.pcb_savefpu);
 	}
 
-	if (vcpu->vc_fpuinited) {
+	if (vcpu->vc_fpuinited)
-		if (xrstor_user(&vcpu->vc_g_fpu, xsave_mask)) {
+		xrstor_kern(&vcpu->vc_g_fpu, xsave_mask);
-			DPRINTF("%s: guest attempted to set invalid %s\n",
-			    __func__, "xsave/xrstor state");
-			return EINVAL;
-		}
-	}
 
 	if (xsave_mask) {
 		/* Restore guest %xcr0 */
@@ -3769,7 +3764,7 @@ vmm_fpusave(struct vcpu *vcpu)
 		vcpu->vc_gueststate.vg_xcr0 = xgetbv(0);
 
 		/* Restore host %xcr0 */
-		xsetbv(0, xsave_mask);
+		xsetbv(0, xsave_mask & XFEATURE_XCR0_MASK);
 	}
 
 	/*

sys/arch/amd64/conf/RAMDISK

@@ -1,4 +1,4 @@
-#	$OpenBSD: RAMDISK,v 1.85 2021/12/26 13:55:36 kettenis Exp $
+#	$OpenBSD: RAMDISK,v 1.86 2023/07/20 02:26:24 yasuoka Exp $
 
 machine		amd64
 maxusers	4
@@ -77,7 +77,7 @@ pckbd*		at pckbc?	# PC keyboard
 wskbd*		at pckbd? mux 1
 vga0		at isa?
 vga*		at pci?
-wsdisplay*	at vga?
+wsdisplay0	at vga? console 1
 
 com0		at isa? port 0x3f8 irq 4	# standard PC serial ports
 com1		at isa? port 0x2f8 irq 3

sys/arch/amd64/conf/RAMDISK_CD

@@ -1,4 +1,4 @@
-#	$OpenBSD: RAMDISK_CD,v 1.201 2023/04/02 03:40:54 kevlo Exp $
+#	$OpenBSD: RAMDISK_CD,v 1.202 2023/07/20 02:26:24 yasuoka Exp $
 
 machine		amd64
 maxusers	4
@@ -152,7 +152,7 @@ pckbd*		at pckbc?		# PC keyboard
 wskbd*		at pckbd? mux 1
 vga0		at isa?
 vga*		at pci?
-wsdisplay*	at vga?
+wsdisplay0	at vga? console 1
 
 efifb0		at mainbus?		# EFI Framebuffer
 wsdisplay0	at efifb? console 1

sys/arch/amd64/include/codepatch.h

@@ -1,4 +1,4 @@
-/*      $OpenBSD: codepatch.h,v 1.14 2020/03/11 07:27:08 guenther Exp $    */
+/*      $OpenBSD: codepatch.h,v 1.15 2023/07/10 03:32:10 guenther Exp $    */
 /*
  * Copyright (c) 2014-2015 Stefan Fritsch <sf@sfritsch.de>
  *
@@ -65,6 +65,7 @@ void codepatch_disable(void);
 #define CPTAG_MDS_VMM		10
 #define CPTAG_FENCE_SWAPGS_MIS_TAKEN	11
 #define CPTAG_FENCE_NO_SAFE_SMAP	12
+#define CPTAG_XRSTORS			13
 
 /*
  * stac/clac SMAP instructions have lfence like semantics.  Let's

sys/arch/amd64/include/fpu.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fpu.h,v 1.18 2023/05/22 00:39:57 guenther Exp $	*/
+/*	$OpenBSD: fpu.h,v 1.19 2023/07/10 03:32:10 guenther Exp $	*/
 /*	$NetBSD: fpu.h,v 1.1 2003/04/26 18:39:40 fvdl Exp $	*/
 
 #ifndef	_MACHINE_FPU_H_
@@ -40,6 +40,7 @@ struct savefpu {
 	struct fxsave64 fp_fxsave;	/* see above */
 	struct xstate_hdr fp_xstate;
 	u_int64_t fp_ymm[16][2];
+	u_int64_t fp_cet_u[2];
 };
 
 /*
@@ -60,6 +61,7 @@ struct cpu_info;
 extern size_t	fpu_save_len;
 extern uint32_t	fpu_mxcsr_mask;
 extern uint64_t	xsave_mask;
+extern int cpu_use_xsaves;
 
 void fpuinit(struct cpu_info *);
 int fputrap(int _type);
@@ -68,9 +70,13 @@ void fpusavereset(struct savefpu *);
 void fpu_kernel_enter(void);
 void fpu_kernel_exit(void);
 
+/* pointer to fxsave/xsave/xsaves data with everything reset */
+#define	fpu_cleandata	(&proc0.p_addr->u_pcb.pcb_savefpu)
+
 int	xrstor_user(struct savefpu *_addr, uint64_t _mask);
+void	xrstor_kern(struct savefpu *_addr, uint64_t _mask);
 #define	fpureset() \
-	xrstor_user(&proc0.p_addr->u_pcb.pcb_savefpu, xsave_mask)
+	xrstor_kern(fpu_cleandata, xsave_mask)
 int	xsetbv_user(uint32_t _reg, uint64_t _mask);
 
 #define fninit()		__asm("fninit")
@@ -87,9 +93,17 @@ xsave(struct savefpu *addr, uint64_t mask)
 
 	lo = mask;
 	hi = mask >> 32;
-	/* should be xsave64, but where we use this it doesn't matter */
+	__asm volatile("xsave64 %0" : "+m" (*addr) : "a" (lo), "d" (hi));
-	__asm volatile("xsave %0" : "=m" (*addr) : "a" (lo), "d" (hi) :
+}
-	    "memory");
+
+static inline void
+xrstors(const struct savefpu *addr, uint64_t mask)
+{
+	uint32_t lo, hi;
+
+	lo = mask;
+	hi = mask >> 32;
+	__asm volatile("xrstors64 %0" : : "m" (*addr), "a" (lo), "d" (hi));
 }
 
 #endif

sys/arch/amd64/include/specialreg.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: specialreg.h,v 1.102 2023/04/22 18:27:28 guenther Exp $	*/
+/*	$OpenBSD: specialreg.h,v 1.103 2023/07/10 03:32:10 guenther Exp $	*/
 /*	$NetBSD: specialreg.h,v 1.1 2003/04/26 18:39:48 fvdl Exp $	*/
 /*	$NetBSD: x86/specialreg.h,v 1.2 2003/04/25 21:54:30 fvdl Exp $	*/
 
@@ -118,6 +118,9 @@
 #define	XFEATURE_TILEDATA	0x00040000	/* AMX state */
 #define	XFEATURE_AMX		(XFEATURE_TILEDATA | XFEATURE_TILEDATA)
 
+/* valid only in xcomp_bv field: */
+#define XFEATURE_COMPRESSED	(1ULL << 63)	/* compressed format */
+
 /* which bits are for XCR0 and which for the XSS MSR? */
 #define XFEATURE_XCR0_MASK \
 	(XFEATURE_X87 | XFEATURE_SSE | XFEATURE_AVX | XFEATURE_MPX | \
@@ -525,6 +528,7 @@
 #define MSR_MC3_MISC		0x413
 #define MSR_U_CET		0x6a0
 #define MSR_CET_ENDBR_EN		(1 << 2)
+#define MSR_CET_NO_TRACK_EN		(1 << 4)
 #define MSR_S_CET		0x6a2
 #define MSR_PKRS		0x6e1
 #define MSR_XSS			0xda0

sys/arch/arm64/arm64/cpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.95 2023/06/15 22:18:07 cheloha Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.97 2023/07/16 16:13:46 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@@ -1010,6 +1010,8 @@ void cpu_boot_secondary(struct cpu_info *ci);
 void cpu_hatch_secondary(void);
 void cpu_hatch_secondary_spin(void);
 
+void cpu_suspend_cycle(void);
+
 void
 cpu_boot_secondary_processors(void)
 {
@@ -1224,7 +1226,7 @@ cpu_halt(void)
 				ci->ci_psci_suspend_param = 0;
 		} else
 #endif
-			__asm volatile("wfi");
+			cpu_suspend_cycle();
 		count++;
 	}
 
@@ -1236,8 +1238,6 @@ cpu_halt(void)
 	/* Unmask clock interrupts. */
 	WRITE_SPECIALREG(cntv_ctl_el0,
 	    READ_SPECIALREG(cntv_ctl_el0) & ~CNTV_CTL_IMASK);
-
-	printf("%s: %d wakeup events\n", ci->ci_dev->dv_xname, count);
 }
 
 void
@@ -1266,9 +1266,16 @@ cpu_unidle(struct cpu_info *ci)
 
 void cpu_hatch_primary(void);
 
+void (*cpu_suspend_cycle_fcn)(void) = cpu_wfi;
 label_t cpu_suspend_jmpbuf;
 int cpu_suspended;
 
+void
+cpu_suspend_cycle(void)
+{
+	cpu_suspend_cycle_fcn();
+}
+
 void
 cpu_init_primary(void)
 {
@@ -1342,7 +1349,7 @@ cpu_suspend_primary(void)
 				ci->ci_psci_suspend_param = 0;
 		} else
 #endif
-			__asm volatile("wfi");
+			cpu_suspend_cycle();
 		count++;
 	}
 
@@ -1353,8 +1360,6 @@ resume:
 	WRITE_SPECIALREG(cntv_ctl_el0,
 	    READ_SPECIALREG(cntv_ctl_el0) & ~CNTV_CTL_IMASK);
 
-	printf("%s: %d wakeup events\n", ci->ci_dev->dv_xname, count);
-
 	return 0;
 }
 

sys/arch/arm64/arm64/cpufunc_asm.S

@@ -1,4 +1,4 @@
-/* $OpenBSD: cpufunc_asm.S,v 1.7 2020/11/20 21:48:33 patrick Exp $ */
+/* $OpenBSD: cpufunc_asm.S,v 1.8 2023/07/13 08:33:36 kettenis Exp $ */
 /*-
  * Copyright (c) 2014 Robin Randhawa
  * Copyright (c) 2015 The FreeBSD Foundation
@@ -185,3 +185,52 @@ ENTRY(cpu_icache_sync_range)
 	RETGUARD_CHECK(cpu_icache_sync_range, x15)
 	ret
 END(cpu_icache_sync_range)
+
+ENTRY(cpu_wfi)
+	RETGUARD_SETUP(cpu_wfi, x15)
+	dsb	sy
+	wfi
+	RETGUARD_CHECK(cpu_wfi, x15)
+	ret
+END(cpu_wfi)
+
+ENTRY(aplcpu_deep_wfi)
+	RETGUARD_SETUP(aplcpu_deep_wfi, x15)
+
+	stp	x30, x15, [sp, #-16]!
+	stp	x28, x29, [sp, #-16]!
+	stp	x26, x27, [sp, #-16]!
+	stp	x24, x25, [sp, #-16]!
+	stp	x22, x23, [sp, #-16]!
+	stp	x20, x21, [sp, #-16]!
+	stp	x18, x19, [sp, #-16]!
+
+	mrs	x0, daif
+	str	x0, [sp, #-16]!
+	msr	daifset, #3
+
+	mrs	x0, s3_5_c15_c5_0
+	orr	x0, x0, #(3 << 24)
+	msr	s3_5_c15_c5_0, x0
+
+	dsb	sy
+	wfi
+
+	mrs	x0, s3_5_c15_c5_0
+	bic	x0, x0, #(1 << 24)
+	msr	s3_5_c15_c5_0, x0
+
+	ldr	x0, [sp], #16
+	msr	daif, x0
+
+	ldp	x18, x19, [sp], #16
+	ldp	x20, x21, [sp], #16
+	ldp	x22, x23, [sp], #16
+	ldp	x24, x25, [sp], #16
+	ldp	x26, x27, [sp], #16
+	ldp	x28, x29, [sp], #16
+	ldp	x30, x15, [sp], #16
+
+	RETGUARD_CHECK(aplcpu_deep_wfi, x15)
+	ret
+END(aplcpu_deep_wfi)

sys/arch/arm64/arm64/machdep.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: machdep.c,v 1.82 2023/06/10 19:30:48 kettenis Exp $ */
+/* $OpenBSD: machdep.c,v 1.83 2023/07/13 08:33:36 kettenis Exp $ */
 /*
  * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se>
  * Copyright (c) 2021 Mark Kettenis <kettenis@openbsd.org>
@@ -211,12 +211,13 @@ cpu_idle_enter(void)
 {
 }
 
+void (*cpu_idle_cycle_fcn)(void) = cpu_wfi;
+
 void
 cpu_idle_cycle(void)
 {
 	enable_irq_daif();
-	__asm volatile("dsb sy" ::: "memory");
+	cpu_idle_cycle_fcn();
-	__asm volatile("wfi");
 }
 
 void

sys/arch/arm64/conf/GENERIC

@@ -1,4 +1,4 @@
-# $OpenBSD: GENERIC,v 1.275 2023/07/01 16:34:29 drahn Exp $
+# $OpenBSD: GENERIC,v 1.276 2023/07/19 20:27:20 kettenis Exp $
 #
 # GENERIC machine description file
 #
@@ -177,7 +177,7 @@ nvme*		at aplns?
 aplpcie*	at fdt?
 pci*		at aplpcie?
 aplpinctrl*	at fdt? early 1
-aplpmgr*	at fdt? early 1
+aplpmgr*	at fdt? early 2
 aplpwm*		at fdt?
 aplrtk*		at fdt?
 aplsart*	at fdt?

sys/arch/arm64/conf/RAMDISK

@@ -1,4 +1,4 @@
-# $OpenBSD: RAMDISK,v 1.207 2023/06/27 22:38:46 patrick Exp $
+# $OpenBSD: RAMDISK,v 1.208 2023/07/19 20:27:20 kettenis Exp $
 
 machine		arm64
 maxusers	4
@@ -128,7 +128,7 @@ nvme*		at aplns?
 aplpcie*	at fdt?
 pci*		at aplpcie?
 aplpinctrl*	at fdt? early 1
-aplpmgr*	at fdt? early 1
+aplpmgr*	at fdt? early 2
 aplrtk*		at fdt?
 aplsart*	at fdt?
 aplsmc*		at fdt?

sys/arch/arm64/dev/aplcpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: aplcpu.c,v 1.7 2023/05/09 10:13:23 kettenis Exp $	*/
+/*	$OpenBSD: aplcpu.c,v 1.8 2023/07/13 08:33:36 kettenis Exp $	*/
 /*
  * Copyright (c) 2022 Mark Kettenis <kettenis@openbsd.org>
  *
@@ -42,6 +42,8 @@
 #define DVFS_T8112_STATUS_CUR_PS_MASK	(0x1f << 5)
 #define DVFS_T8112_STATUS_CUR_PS_SHIFT	5
 
+#define APLCPU_DEEP_WFI_LATENCY		10 /* microseconds */
+
 struct opp {
 	uint64_t opp_hz;
 	uint32_t opp_level;
@@ -97,6 +99,8 @@ uint32_t aplcpu_opp_level(struct aplcpu_softc *, int);
 int	aplcpu_clockspeed(int *);
 void	aplcpu_setperf(int level);
 void	aplcpu_refresh_sensors(void *);
+void	aplcpu_idle_cycle();
+void	aplcpu_deep_wfi(void);
 
 int
 aplcpu_match(struct device *parent, void *match, void *aux)
@@ -171,6 +175,8 @@ aplcpu_attach(struct device *parent, struct device *self, void *aux)
 	sensordev_install(&sc->sc_sensordev);
 	sensor_task_register(sc, aplcpu_refresh_sensors, 1);
 
+	cpu_idle_cycle_fcn = aplcpu_idle_cycle;
+	cpu_suspend_cycle_fcn = aplcpu_deep_wfi;
 	cpu_cpuspeed = aplcpu_clockspeed;
 	cpu_setperf = aplcpu_setperf;
 	return;
@@ -223,11 +229,8 @@ aplcpu_opp_init(struct aplcpu_softc *sc, int node)
 		return;
 
 	count = 0;
-	for (child = OF_child(node); child != 0; child = OF_peer(child)) {
+	for (child = OF_child(node); child != 0; child = OF_peer(child))
-		if (OF_getproplen(child, "turbo-mode") == 0)
-			continue;
 		count++;
-	}
 	if (count == 0)
 		return;
 
@@ -239,8 +242,6 @@ aplcpu_opp_init(struct aplcpu_softc *sc, int node)
 
 	count = 0;
 	for (child = OF_child(node); child != 0; child = OF_peer(child)) {
-		if (OF_getproplen(child, "turbo-mode") == 0)
-			continue;
 		opp_hz = OF_getpropint64(child, "opp-hz", 0);
 		opp_level = OF_getpropint(child, "opp-level", 0);
 
@@ -430,3 +431,27 @@ aplcpu_refresh_sensors(void *arg)
 		}
 	}
 }
+
+void
+aplcpu_idle_cycle(void)
+{
+	struct cpu_info *ci = curcpu();
+	struct timeval start, stop;
+	u_long itime;
+
+	microuptime(&start);
+
+	if (ci->ci_prev_sleep > 3 * APLCPU_DEEP_WFI_LATENCY)
+		aplcpu_deep_wfi();
+	else
+		cpu_wfi();
+
+	microuptime(&stop);
+	timersub(&stop, &start, &stop);
+	itime = stop.tv_sec * 1000000 + stop.tv_usec;
+
+	ci->ci_last_itime = itime;
+	itime >>= 1;
+	ci->ci_prev_sleep = (ci->ci_prev_sleep + (ci->ci_prev_sleep >> 1)
+	    + itime) >> 1;
+}

sys/arch/arm64/dev/aplpmgr.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: aplpmgr.c,v 1.3 2022/11/10 11:44:06 kettenis Exp $	*/
+/*	$OpenBSD: aplpmgr.c,v 1.5 2023/07/20 20:40:44 kettenis Exp $	*/
 /*
  * Copyright (c) 2021 Mark Kettenis <kettenis@openbsd.org>
  *
@@ -66,7 +66,6 @@ struct aplpmgr_softc {
 
 int	aplpmgr_match(struct device *, void *, void *);
 void	aplpmgr_attach(struct device *, struct device *, void *);
-int	aplpmgr_activate(struct device *, int act);
 
 const struct cfattach aplpmgr_ca = {
 	sizeof (struct aplpmgr_softc), aplpmgr_match, aplpmgr_attach

sys/arch/arm64/dev/aplsmc.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: aplsmc.c,v 1.24 2023/07/08 14:44:43 tobhe Exp $	*/
+/*	$OpenBSD: aplsmc.c,v 1.25 2023/07/16 16:11:11 kettenis Exp $	*/
 /*
  * Copyright (c) 2021 Mark Kettenis <kettenis@openbsd.org>
  *
@@ -138,6 +138,7 @@ struct aplsmc_softc {
 	struct ksensor		sc_sensors[APLSMC_MAX_SENSORS];
 	int			sc_nsensors;
 	struct ksensordev	sc_sensordev;
+	uint32_t		sc_suspend_pstr;
 };
 
 #define CH0I_DISCHARGE		(1 << 0)
@@ -175,9 +176,11 @@ struct aplsmc_sensor aplsmc_sensors[] = {
 
 int	aplsmc_match(struct device *, void *, void *);
 void	aplsmc_attach(struct device *, struct device *, void *);
+int	aplsmc_activate(struct device *, int);
 
 const struct cfattach aplsmc_ca = {
-	sizeof (struct aplsmc_softc), aplsmc_match, aplsmc_attach
+	sizeof (struct aplsmc_softc), aplsmc_match, aplsmc_attach,
+	NULL, aplsmc_activate
 };
 
 struct cfdriver aplsmc_cd = {
@@ -189,6 +192,7 @@ int	aplsmc_send_cmd(struct aplsmc_softc *, uint16_t, uint32_t, uint16_t);
 int	aplsmc_wait_cmd(struct aplsmc_softc *sc);
 int	aplsmc_read_key(struct aplsmc_softc *, uint32_t, void *, size_t);
 int	aplsmc_write_key(struct aplsmc_softc *, uint32_t, void *, size_t);
+int64_t aplsmc_convert_flt(uint32_t, int);
 void	aplsmc_refresh_sensors(void *);
 int	aplsmc_apminfo(struct apm_power_info *);
 void	aplsmc_set_pin(void *, uint32_t *, int);
@@ -357,7 +361,24 @@ aplsmc_attach(struct device *parent, struct device *self, void *aux)
 #ifdef SUSPEND
 	device_register_wakeup(&sc->sc_dev);
 #endif
+}
 
+int
+aplsmc_activate(struct device *self, int act)
+{
+#ifdef SUSPEND
+	struct aplsmc_softc *sc = (struct aplsmc_softc *)self;
+	int64_t value;
+
+	switch (act) {
+	case DVACT_WAKEUP:
+		value = aplsmc_convert_flt(sc->sc_suspend_pstr, 100);
+		printf("%s: system %lld.%02lld W\n", sc->sc_dev.dv_xname,
+		    value / 100, value % 100);
+	}
+#endif
+
+	return 0;
 }
 
 void
@@ -366,8 +387,12 @@ aplsmc_handle_notification(struct aplsmc_softc *sc, uint64_t data)
 	extern int allowpowerdown;
 #ifdef SUSPEND
 	extern int cpu_suspended;
+	uint32_t flt = 0;
 
 	if (cpu_suspended) {
+		aplsmc_read_key(sc, 'PSTR', &flt, sizeof(flt));
+		sc->sc_suspend_pstr = flt;
+
 		switch (SMC_EV_TYPE(data)) {
 		case SMC_EV_TYPE_BTN:
 			switch (SMC_EV_SUBTYPE(data)) {
@@ -542,6 +567,26 @@ aplsmc_write_key(struct aplsmc_softc *sc, uint32_t key, void *data, size_t len)
 
 #ifndef SMALL_KERNEL
 
+int64_t
+aplsmc_convert_flt(uint32_t flt, int scale)
+{
+	int64_t mant;
+	int sign, exp;
+
+	/*
+	 * Convert floating-point to integer, trying to keep as much
+	 * resolution as possible given the scaling factor.
+	 */
+	sign = (flt >> 31) ? -1 : 1;
+	exp = ((flt >> 23) & 0xff) - 127;
+	mant = (flt & 0x7fffff) | 0x800000;
+	mant *= scale;
+	if (exp < 23)
+		return sign * (mant >> (23 - exp));
+	else
+		return sign * (mant << (exp - 23));
+}
+
 void
 aplsmc_refresh_sensors(void *arg)
 {
@@ -570,26 +615,11 @@ aplsmc_refresh_sensors(void *arg)
 			value = (int64_t)ui16 * sensor->scale;
 		} else if (strcmp(sensor->key_type, "flt ") == 0) {
 			uint32_t flt;
-			int64_t mant;
-			int sign, exp;
 
 			error = aplsmc_read_key(sc, key, &flt, sizeof(flt));
 			if (sensor->flags & APLSMC_BE)
 				flt = betoh32(flt);
-
+			value = aplsmc_convert_flt(flt, sensor->scale);
-			/*
-			 * Convert floating-point to integer, trying
-			 * to keep as much resolution as possible
-			 * given the scaling factor for this sensor.
-			 */
-			sign = (flt >> 31) ? -1 : 1;
-			exp = ((flt >> 23) & 0xff) - 127;
-			mant = (flt & 0x7fffff) | 0x800000;
-			mant *= sensor->scale;
-			if (exp < 23)
-				value = sign * (mant >> (23 - exp));
-			else
-				value = sign * (mant << (exp - 23));
 		}
 
 		/* Apple reports temperatures in degC. */

sys/arch/arm64/dev/mainbus.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: mainbus.c,v 1.25 2023/05/19 21:15:16 patrick Exp $ */
+/* $OpenBSD: mainbus.c,v 1.27 2023/07/19 21:52:55 kettenis Exp $ */
 /*
  * Copyright (c) 2016 Patrick Wildt <patrick@blueri.se>
  * Copyright (c) 2017 Mark Kettenis <kettenis@openbsd.org>
@@ -154,13 +154,11 @@ mainbus_attach(struct device *parent, struct device *self, void *aux)
 	mainbus_attach_apm(self);
 
 	/* Scan the whole tree. */
-	sc->sc_early = 1;
+	for (sc->sc_early = 2; sc->sc_early >= 0; sc->sc_early--) {
-	for (node = OF_child(sc->sc_node); node != 0; node = OF_peer(node))
+		for (node = OF_child(sc->sc_node); node; node = OF_peer(node))
-		mainbus_attach_node(self, node, NULL);
+			mainbus_attach_node(self, node, NULL);
-
+	}
 	sc->sc_early = 0;
-	for (node = OF_child(sc->sc_node); node != 0; node = OF_peer(node))
-		mainbus_attach_node(self, node, NULL);
 
 	mainbus_attach_framebuffer(self);
 

sys/arch/arm64/dev/simplebus.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: simplebus.c,v 1.16 2022/11/06 12:01:52 patrick Exp $ */
+/* $OpenBSD: simplebus.c,v 1.17 2023/07/19 20:26:11 kettenis Exp $ */
 /*
  * Copyright (c) 2016 Patrick Wildt <patrick@blueri.se>
  *
@@ -140,13 +140,10 @@ simplebus_attach(struct device *parent, struct device *self, void *aux)
 	}
 
 	/* Scan the whole tree. */
-	sc->sc_early = 1;
+	for (sc->sc_early = 2; sc->sc_early >= 0; sc->sc_early--) {
-	for (node = OF_child(sc->sc_node); node; node = OF_peer(node))
+		for (node = OF_child(sc->sc_node); node; node = OF_peer(node))
-		simplebus_attach_node(self, node);
+			simplebus_attach_node(self, node);
-
+	}
-	sc->sc_early = 0;
-	for (node = OF_child(sc->sc_node); node; node = OF_peer(node))
-		simplebus_attach_node(self, node);
 }
 
 int

sys/arch/arm64/include/cpu.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: cpu.h,v 1.36 2023/06/10 19:30:48 kettenis Exp $ */
+/* $OpenBSD: cpu.h,v 1.37 2023/07/13 08:33:36 kettenis Exp $ */
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
  *
@@ -154,6 +154,9 @@ struct cpu_info {
 	volatile int		ci_opp_max;
 	uint32_t		ci_cpu_supply;
 
+	u_long			ci_prev_sleep;
+	u_long			ci_last_itime;
+
 #ifdef MULTIPROCESSOR
 	struct srp_hazard	ci_srp_hazards[SRP_HAZARD_NUM];
 	volatile int		ci_flags;
@@ -344,6 +347,11 @@ void	cpu_startclock(void);
 int	cpu_suspend_primary(void);
 void	cpu_resume_secondary(struct cpu_info *);
 
+extern void (*cpu_idle_cycle_fcn)(void);
+extern void (*cpu_suspend_cycle_fcn)(void);
+
+void	cpu_wfi(void);
+
 void	delay (unsigned);
 #define	DELAY(x)	delay(x)
 

sys/arch/i386/conf/RAMDISK

@@ -1,4 +1,4 @@
-#	$OpenBSD: RAMDISK,v 1.201 2021/02/16 00:03:54 deraadt Exp $
+#	$OpenBSD: RAMDISK,v 1.202 2023/07/20 02:26:24 yasuoka Exp $
 
 machine		i386
 maxusers	4
@@ -84,8 +84,8 @@ wskbd*		at pckbd? mux 1
 vga0		at isa?
 vga*		at pci?
 pcdisplay0	at isa?			# CGA, MDA, EGA, HGA
-wsdisplay*	at vga?
+wsdisplay0	at vga? console 1
-wsdisplay*	at pcdisplay?
+wsdisplay0	at pcdisplay? console 1
 
 com0		at isa? port 0x3f8 irq 4	# standard PC serial ports
 com1		at isa? port 0x2f8 irq 3