sync with OpenBSD -current

lib/libcrypto/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.211 2024/08/31 15:56:09 jsing Exp $
+# $OpenBSD: Makefile,v 1.213 2024/10/18 11:12:10 tb Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -230,7 +230,6 @@ SRCS+= conf_api.c
 SRCS+= conf_def.c
 SRCS+= conf_err.c
 SRCS+= conf_lib.c
-SRCS+= conf_mall.c
 SRCS+= conf_mod.c
 SRCS+= conf_sap.c
 
@@ -284,7 +283,6 @@ SRCS+= ec_ameth.c
 SRCS+= ec_asn1.c
 SRCS+= ec_check.c
 SRCS+= ec_curve.c
-SRCS+= ec_cvt.c
 SRCS+= ec_err.c
 SRCS+= ec_key.c
 SRCS+= ec_kmeth.c

lib/libcrypto/arch/amd64/Makefile.inc

@@ -1,10 +1,12 @@
-# $OpenBSD: Makefile.inc,v 1.29 2024/08/11 13:02:39 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.30 2024/10/18 13:36:24 jsing Exp $
 
 # amd64-specific libcrypto build rules
 
 # all amd64 code generators use this
 EXTRA_PL =	${LCRYPTO_SRC}/perlasm/x86_64-xlate.pl
 
+SRCS += crypto_cpu_caps.c
+
 # aes
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-x86_64
@@ -69,12 +71,4 @@ ${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl ${EXTRA_PL}
 		/usr/bin/perl ./asm/${f}.pl openbsd) > ${.TARGET}
 .endfor
 
-CFLAGS+= -DOPENSSL_CPUID_OBJ
-SRCS+=	x86_64cpuid.S
-GENERATED+=x86_64cpuid.S
-
-x86_64cpuid.S: ${LCRYPTO_SRC}/x86_64cpuid.pl ${EXTRA_PL}
-	(cd ${LCRYPTO_SRC}/${dir} ; \
-		/usr/bin/perl ./x86_64cpuid.pl) > ${.TARGET}
-
 CFLAGS+=-fret-clean

lib/libcrypto/arch/amd64/crypto_arch.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_arch.h,v 1.1 2024/08/11 13:02:39 jsing Exp $ */
+/*	$OpenBSD: crypto_arch.h,v 1.2 2024/10/18 13:36:24 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -18,6 +18,8 @@
 #ifndef HEADER_CRYPTO_ARCH_H
 #define HEADER_CRYPTO_ARCH_H
 
+#define HAVE_CRYPTO_CPU_CAPS_INIT
+
 #ifndef OPENSSL_NO_ASM
 
 #define HAVE_AES_CBC_ENCRYPT_INTERNAL

lib/libcrypto/arch/amd64/crypto_cpu_caps.c

@@ -0,0 +1,114 @@
+/*	$OpenBSD: crypto_cpu_caps.c,v 1.1 2024/10/18 13:36:24 jsing Exp $ */
+/*
+ * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+
+#include <openssl/crypto.h>
+
+#include "x86_arch.h"
+
+/* Legacy architecture specific capabilities, used by perlasm. */
+extern uint64_t OPENSSL_ia32cap_P;
+
+/* Machine independent CPU capabilities. */
+extern uint64_t crypto_cpu_caps;
+
+static inline void
+cpuid(uint32_t eax, uint32_t *out_eax, uint32_t *out_ebx, uint32_t *out_ecx,
+    uint32_t *out_edx)
+{
+	uint32_t ebx = 0, ecx = 0, edx = 0;
+
+#ifndef OPENSSL_NO_ASM
+	__asm__ ("cpuid": "+a"(eax), "+b"(ebx), "+c"(ecx), "+d"(edx));
+#else
+	eax = 0;
+#endif
+
+	if (out_eax != NULL)
+		*out_eax = eax;
+	if (out_ebx != NULL)
+		*out_ebx = ebx;
+	if (out_ebx != NULL)
+		*out_ecx = ecx;
+	if (out_edx != NULL)
+		*out_edx = edx;
+}
+
+static inline void
+xgetbv(uint32_t ecx, uint32_t *out_eax, uint32_t *out_edx)
+{
+	uint32_t eax = 0, edx = 0;
+
+#ifndef OPENSSL_NO_ASM
+	__asm__ ("xgetbv": "+a"(eax), "+c"(ecx), "+d"(edx));
+#endif
+
+	if (out_eax != NULL)
+		*out_eax = eax;
+	if (out_edx != NULL)
+		*out_edx = edx;
+}
+
+void
+crypto_cpu_caps_init(void)
+{
+	uint32_t eax, ebx, ecx, edx;
+	uint64_t caps = 0;
+
+	cpuid(0, &eax, &ebx, &ecx, &edx);
+
+	/* "GenuineIntel" in little endian. */
+	if (ebx == 0x756e6547 && edx == 0x49656e69 && ecx == 0x6c65746e)
+		caps |= CPUCAP_MASK_INTEL;
+
+	if (eax < 1)
+		return;
+
+	cpuid(1, &eax, &ebx, &ecx, &edx);
+
+	if ((edx & IA32CAP_MASK0_FXSR) != 0)
+		caps |= CPUCAP_MASK_FXSR;
+	if ((edx & IA32CAP_MASK0_HT) != 0)
+		caps |= CPUCAP_MASK_HT;
+	if ((edx & IA32CAP_MASK0_MMX) != 0)
+		caps |= CPUCAP_MASK_MMX;
+	if ((edx & IA32CAP_MASK0_SSE) != 0)
+		caps |= CPUCAP_MASK_SSE;
+	if ((edx & IA32CAP_MASK0_SSE2) != 0)
+		caps |= CPUCAP_MASK_SSE2;
+
+	if ((ecx & IA32CAP_MASK1_AESNI) != 0)
+		caps |= CPUCAP_MASK_AESNI;
+	if ((ecx & IA32CAP_MASK1_PCLMUL) != 0)
+		caps |= CPUCAP_MASK_PCLMUL;
+	if ((ecx & IA32CAP_MASK1_SSSE3) != 0)
+		caps |= CPUCAP_MASK_SSSE3;
+
+	/* AVX requires OSXSAVE and XMM/YMM state to be enabled. */
+	if ((ecx & IA32CAP_MASK1_OSXSAVE) != 0) {
+		xgetbv(0, &eax, NULL);
+		if (((eax >> 1) & 3) == 3 && (ecx & IA32CAP_MASK1_AVX) != 0)
+			caps |= CPUCAP_MASK_AVX;
+	}
+
+	/* Set machine independent CPU capabilities. */
+	if ((caps & CPUCAP_MASK_AESNI) != 0)
+		crypto_cpu_caps |= CRYPTO_CPU_CAPS_ACCELERATED_AES;
+
+	OPENSSL_ia32cap_P = caps;
+}

lib/libcrypto/arch/i386/Makefile.inc

@@ -1,10 +1,12 @@
-# $OpenBSD: Makefile.inc,v 1.25 2024/08/11 13:02:39 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.26 2024/10/18 14:44:02 jsing Exp $
 
 # i386-specific libcrypto build rules
 
 # all i386 code generators use these
 EXTRA_PL =  ${LCRYPTO_SRC}/perlasm/x86gas.pl ${LCRYPTO_SRC}/perlasm/x86asm.pl
 
+SRCS += crypto_cpu_caps.c
+
 # aes
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-586
@@ -41,11 +43,3 @@ ${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl ${EXTRA_PL}
 		${LCRYPTO_SRC}/${dir}/asm/${f}.pl \
 		    openbsd-elf ${CFLAGS} 386 ${PICFLAG} > ${.TARGET}
 .endfor
-
-CFLAGS+= -DOPENSSL_CPUID_OBJ
-SRCS+=	x86cpuid.S
-GENERATED+=x86cpuid.S
-
-x86cpuid.S: ${LCRYPTO_SRC}/x86cpuid.pl ${EXTRA_PL}
-	/usr/bin/perl -I${LCRYPTO_SRC}/perlasm ${LCRYPTO_SRC}/x86cpuid.pl \
-		openbsd-elf ${CFLAGS} 386 ${PICFLAG} > ${.TARGET}

lib/libcrypto/arch/i386/crypto_arch.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_arch.h,v 1.1 2024/08/11 13:02:39 jsing Exp $ */
+/*	$OpenBSD: crypto_arch.h,v 1.2 2024/10/18 14:44:02 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -18,6 +18,8 @@
 #ifndef HEADER_CRYPTO_ARCH_H
 #define HEADER_CRYPTO_ARCH_H
 
+#define HAVE_CRYPTO_CPU_CAPS_INIT
+
 #ifndef OPENSSL_NO_ASM
 
 #define HAVE_AES_CBC_ENCRYPT_INTERNAL

lib/libcrypto/arch/i386/crypto_cpu_caps.c

@@ -0,0 +1,114 @@
+/*	$OpenBSD: crypto_cpu_caps.c,v 1.1 2024/10/18 14:44:02 jsing Exp $ */
+/*
+ * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+
+#include <openssl/crypto.h>
+
+#include "x86_arch.h"
+
+/* Legacy architecture specific capabilities, used by perlasm. */
+extern uint64_t OPENSSL_ia32cap_P;
+
+/* Machine independent CPU capabilities. */
+extern uint64_t crypto_cpu_caps;
+
+static inline void
+cpuid(uint32_t eax, uint32_t *out_eax, uint32_t *out_ebx, uint32_t *out_ecx,
+    uint32_t *out_edx)
+{
+	uint32_t ebx = 0, ecx = 0, edx = 0;
+
+#ifndef OPENSSL_NO_ASM
+	__asm__ ("cpuid": "+a"(eax), "+b"(ebx), "+c"(ecx), "+d"(edx));
+#else
+	eax = 0;
+#endif
+
+	if (out_eax != NULL)
+		*out_eax = eax;
+	if (out_ebx != NULL)
+		*out_ebx = ebx;
+	if (out_ebx != NULL)
+		*out_ecx = ecx;
+	if (out_edx != NULL)
+		*out_edx = edx;
+}
+
+static inline void
+xgetbv(uint32_t ecx, uint32_t *out_eax, uint32_t *out_edx)
+{
+	uint32_t eax = 0, edx = 0;
+
+#ifndef OPENSSL_NO_ASM
+	__asm__ ("xgetbv": "+a"(eax), "+c"(ecx), "+d"(edx));
+#endif
+
+	if (out_eax != NULL)
+		*out_eax = eax;
+	if (out_edx != NULL)
+		*out_edx = edx;
+}
+
+void
+crypto_cpu_caps_init(void)
+{
+	uint32_t eax, ebx, ecx, edx;
+	uint64_t caps = 0;
+
+	cpuid(0, &eax, &ebx, &ecx, &edx);
+
+	/* "GenuineIntel" in little endian. */
+	if (ebx == 0x756e6547 && edx == 0x49656e69 && ecx == 0x6c65746e)
+		caps |= CPUCAP_MASK_INTEL;
+
+	if (eax < 1)
+		return;
+
+	cpuid(1, &eax, &ebx, &ecx, &edx);
+
+	if ((edx & IA32CAP_MASK0_FXSR) != 0)
+		caps |= CPUCAP_MASK_FXSR;
+	if ((edx & IA32CAP_MASK0_HT) != 0)
+		caps |= CPUCAP_MASK_HT;
+	if ((edx & IA32CAP_MASK0_MMX) != 0)
+		caps |= CPUCAP_MASK_MMX;
+	if ((edx & IA32CAP_MASK0_SSE) != 0)
+		caps |= CPUCAP_MASK_SSE;
+	if ((edx & IA32CAP_MASK0_SSE2) != 0)
+		caps |= CPUCAP_MASK_SSE2;
+
+	if ((ecx & IA32CAP_MASK1_AESNI) != 0)
+		caps |= CPUCAP_MASK_AESNI;
+	if ((ecx & IA32CAP_MASK1_PCLMUL) != 0)
+		caps |= CPUCAP_MASK_PCLMUL;
+	if ((ecx & IA32CAP_MASK1_SSSE3) != 0)
+		caps |= CPUCAP_MASK_SSSE3;
+
+	/* AVX requires OSXSAVE and XMM/YMM state to be enabled. */
+	if ((ecx & IA32CAP_MASK1_OSXSAVE) != 0) {
+		xgetbv(0, &eax, NULL);
+		if (((eax >> 1) & 3) == 3 && (ecx & IA32CAP_MASK1_AVX) != 0)
+			caps |= CPUCAP_MASK_AVX;
+	}
+
+	/* Set machine independent CPU capabilities. */
+	if ((caps & CPUCAP_MASK_AESNI) != 0)
+		crypto_cpu_caps |= CRYPTO_CPU_CAPS_ACCELERATED_AES;
+
+	OPENSSL_ia32cap_P = caps;
+}

lib/libcrypto/conf/conf_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_local.h,v 1.8 2024/10/10 06:51:22 tb Exp $ */
+/* $OpenBSD: conf_local.h,v 1.9 2024/10/18 11:12:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -98,8 +98,6 @@ char *_CONF_get_string(const CONF *conf, const char *section,
 int _CONF_new_data(CONF *conf);
 void _CONF_free_data(CONF *conf);
 
-void OPENSSL_load_builtin_modules(void);
-
 __END_HIDDEN_DECLS
 
 #endif /* HEADER_CONF_LOCAL_H */

lib/libcrypto/conf/conf_mall.c

@@ -1,69 +0,0 @@
-/* $OpenBSD: conf_mall.c,v 1.13 2024/08/31 09:54:31 tb Exp $ */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/conf.h>
-
-/* Load all OpenSSL builtin modules */
-void ASN1_add_oid_module(void);
-
-void
-OPENSSL_load_builtin_modules(void)
-{
-	/* Add builtin modules here */
-	ASN1_add_oid_module();
-}

lib/libcrypto/conf/conf_sap.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_sap.c,v 1.17 2024/08/31 09:54:31 tb Exp $ */
+/* $OpenBSD: conf_sap.c,v 1.18 2024/10/18 11:12:10 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -78,11 +78,12 @@ static pthread_once_t openssl_configured = PTHREAD_ONCE_INIT;
 
 static const char *openssl_config_name;
 
+void ASN1_add_oid_module(void);
+
 static void
 OPENSSL_config_internal(void)
 {
-	OPENSSL_load_builtin_modules();
-	/* Add others here? */
+	ASN1_add_oid_module();
 
 	ERR_clear_error();
 	if (CONF_modules_load_file(NULL, openssl_config_name,

lib/libcrypto/cryptlib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptlib.c,v 1.54 2024/09/06 09:57:32 tb Exp $ */
+/* $OpenBSD: cryptlib.c,v 1.56 2024/10/17 14:27:57 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -124,6 +124,8 @@
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
 
+#include "cryptlib.h"
+#include "crypto_internal.h"
 #include "crypto_local.h"
 #include "x86_arch.h"
 
@@ -345,12 +347,8 @@ crypto_cpu_caps_ia32(void)
 void
 OPENSSL_cpuid_setup(void)
 {
-	static int trigger = 0;
 	uint64_t OPENSSL_ia32_cpuid(void);
 
-	if (trigger)
-		return;
-	trigger = 1;
 	OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid();
 
 	if ((OPENSSL_ia32cap_P & CPUCAP_MASK_AESNI) != 0)
@@ -373,6 +371,14 @@ OPENSSL_cpuid_setup(void)
 }
 #endif
 
+#ifndef HAVE_CRYPTO_CPU_CAPS_INIT
+void
+crypto_cpu_caps_init(void)
+{
+	OPENSSL_cpuid_setup();
+}
+#endif
+
 uint64_t
 OPENSSL_cpu_caps(void)
 {

lib/libcrypto/crypto_init.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_init.c,v 1.21 2024/04/10 14:51:02 beck Exp $ */
+/*	$OpenBSD: crypto_init.c,v 1.22 2024/10/17 14:27:57 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  *
@@ -27,7 +27,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
 
-#include "cryptlib.h"
+#include "crypto_internal.h"
 #include "x509_issuer_cache.h"
 
 int OpenSSL_config(const char *);
@@ -48,7 +48,8 @@ OPENSSL_init_crypto_internal(void)
 {
 	crypto_init_thread = pthread_self();
 
-	OPENSSL_cpuid_setup();
+	crypto_cpu_caps_init();
+
 	ERR_load_crypto_strings();
 }
 

lib/libcrypto/crypto_internal.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_internal.h,v 1.12 2024/09/06 09:57:32 tb Exp $ */
+/*	$OpenBSD: crypto_internal.h,v 1.13 2024/10/17 14:27:57 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -220,6 +220,8 @@ crypto_ror_u64(uint64_t v, size_t shift)
 }
 #endif
 
+void crypto_cpu_caps_init(void);
+
 uint64_t crypto_cpu_caps_ia32(void);
 
 #endif

lib/libcrypto/ec/ec_asn1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1.c,v 1.73 2024/10/15 06:35:59 tb Exp $ */
+/* $OpenBSD: ec_asn1.c,v 1.74 2024/10/17 14:34:06 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -818,99 +818,98 @@ ec_asn1_group2pkparameters(const EC_GROUP *group)
 	return NULL;
 }
 
-static EC_GROUP *
-ec_asn1_parameters2group(const ECPARAMETERS *params)
+static int
+ec_asn1_is_prime_field(const X9_62_FIELDID *fieldid)
 {
-	int ok = 0, tmp;
-	EC_GROUP *ret = NULL;
-	BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL;
-	EC_POINT *point = NULL;
-	int field_bits;
+	int nid;
 
-	if (!params->fieldID || !params->fieldID->fieldType ||
-	    !params->fieldID->p.ptr) {
+	if (fieldid == NULL) {
 		ECerror(EC_R_ASN1_ERROR);
-		goto err;
+		return 0;
 	}
-	/* now extract the curve parameters a and b */
-	if (!params->curve || !params->curve->a ||
-	    !params->curve->a->data || !params->curve->b ||
-	    !params->curve->b->data) {
-		ECerror(EC_R_ASN1_ERROR);
-		goto err;
+	if ((nid = OBJ_obj2nid(fieldid->fieldType)) == NID_undef) {
+		ECerror(EC_R_INVALID_FIELD);
+		return 0;
 	}
-	a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
-	if (a == NULL) {
-		ECerror(ERR_R_BN_LIB);
-		goto err;
-	}
-	b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
-	if (b == NULL) {
-		ECerror(ERR_R_BN_LIB);
-		goto err;
-	}
-	/* get the field parameters */
-	tmp = OBJ_obj2nid(params->fieldID->fieldType);
-	if (tmp == NID_X9_62_characteristic_two_field) {
+	if (nid == NID_X9_62_characteristic_two_field) {
 		ECerror(EC_R_GF2M_NOT_SUPPORTED);
+		return 0;
+	}
+	if (nid != NID_X9_62_prime_field) {
+		ECerror(EC_R_UNSUPPORTED_FIELD);
+		return 0;
+	}
+
+	/* We can't check that this is actually a prime due to DoS risk. */
+	if (fieldid->p.prime == NULL) {
+		ECerror(EC_R_INVALID_FIELD);
+		return 0;
+	}
+
+	return 1;
+}
+
+static int
+ec_asn1_parameters_curve2group(const X9_62_CURVE *curve,
+    const ASN1_INTEGER *prime, EC_GROUP **out_group)
+{
+	EC_GROUP *group = NULL;
+	BIGNUM *p = NULL, *a = NULL, *b = NULL;
+	int ret = 0;
+
+	if (*out_group != NULL)
 		goto err;
-	} else if (tmp == NID_X9_62_prime_field) {
-		/* we have a curve over a prime field */
-		/* extract the prime number */
-		if (!params->fieldID->p.prime) {
-			ECerror(EC_R_ASN1_ERROR);
-			goto err;
-		}
-		p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
-		if (p == NULL) {
-			ECerror(ERR_R_ASN1_LIB);
-			goto err;
-		}
-		if (BN_is_negative(p) || BN_is_zero(p)) {
-			ECerror(EC_R_INVALID_FIELD);
-			goto err;
-		}
-		field_bits = BN_num_bits(p);
-		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
-			ECerror(EC_R_FIELD_TOO_LARGE);
-			goto err;
-		}
-		/* create the EC_GROUP structure */
-		ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
-	} else {
+
+	if ((p = ASN1_INTEGER_to_BN(prime, NULL)) == NULL)
+		goto err;
+	if ((a = BN_bin2bn(curve->a->data, curve->a->length, NULL)) == NULL)
+		goto err;
+	if ((b = BN_bin2bn(curve->b->data, curve->b->length, NULL)) == NULL)
+		goto err;
+
+	/*
+	 * XXX - move these checks to ec_GFp_simple_group_set_curve()?
+	 * What about checking 0 <= a, b < p?
+	 */
+	if (BN_is_zero(p) || BN_is_negative(p)) {
 		ECerror(EC_R_INVALID_FIELD);
 		goto err;
 	}
-
-	if (ret == NULL) {
-		ECerror(ERR_R_EC_LIB);
+	if (BN_num_bits(p) > OPENSSL_ECC_MAX_FIELD_BITS) {
+		ECerror(EC_R_FIELD_TOO_LARGE);
 		goto err;
 	}
-	/* extract seed (optional) */
-	if (params->curve->seed != NULL) {
-		free(ret->seed);
-		if (!(ret->seed = malloc(params->curve->seed->length))) {
-			ECerror(ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		memcpy(ret->seed, params->curve->seed->data,
-		    params->curve->seed->length);
-		ret->seed_len = params->curve->seed->length;
-	}
-	if (!params->order || !params->base || !params->base->data) {
-		ECerror(EC_R_ASN1_ERROR);
-		goto err;
-	}
-	if ((point = EC_POINT_new(ret)) == NULL)
+
+	if ((group = EC_GROUP_new_curve_GFp(p, a, b, NULL)) == NULL)
 		goto err;
 
-	/* set the point conversion form */
-	EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
-	    (params->base->data[0] & ~0x01));
+	*out_group = group;
+	group = NULL;
 
-	/* extract the ec point */
-	if (!EC_POINT_oct2point(ret, point, params->base->data,
-		params->base->length, NULL)) {
+	ret = 1;
+
+ err:
+	BN_free(p);
+	BN_free(a);
+	BN_free(b);
+	EC_GROUP_free(group);
+
+	return ret;
+}
+
+static int
+ec_asn1_set_group_parameters(const ECPARAMETERS *params, EC_GROUP *group)
+{
+	EC_POINT *generator;
+	BIGNUM *order = NULL, *cofactor = NULL;
+	const ASN1_BIT_STRING *seed;
+	point_conversion_form_t form;
+	int ret = 0;
+
+	if ((generator = EC_POINT_new(group)) == NULL)
+		goto err;
+	if (!EC_POINT_oct2point(group, generator,
+	    params->base->data, params->base->length, NULL)) {
 		ECerror(ERR_R_EC_LIB);
 		goto err;
 	}
@@ -918,14 +917,6 @@ ec_asn1_parameters2group(const ECPARAMETERS *params)
 		ECerror(ERR_R_ASN1_LIB);
 		goto err;
 	}
-	if (BN_is_negative(order) || BN_is_zero(order)) {
-		ECerror(EC_R_INVALID_GROUP_ORDER);
-		goto err;
-	}
-	if (BN_num_bits(order) > field_bits + 1) {	/* Hasse bound */
-		ECerror(EC_R_INVALID_GROUP_ORDER);
-		goto err;
-	}
 	if (params->cofactor != NULL) {
 		if ((cofactor = ASN1_INTEGER_to_BN(params->cofactor,
 		    NULL)) == NULL) {
@@ -933,27 +924,84 @@ ec_asn1_parameters2group(const ECPARAMETERS *params)
 			goto err;
 		}
 	}
-	if (!EC_GROUP_set_generator(ret, point, order, cofactor)) {
+
+	/* Checks the Hasse bound and sets the cofactor if possible or fails. */
+	if (!EC_GROUP_set_generator(group, generator, order, cofactor)) {
 		ECerror(ERR_R_EC_LIB);
 		goto err;
 	}
-	ok = 1;
+
+	if ((seed = params->curve->seed) != NULL) {
+		if (EC_GROUP_set_seed(group, seed->data, seed->length) == 0) {
+			ECerror(ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+	}
+
+	/* oct2point has ensured that to be compressed, uncompressed, or hybrid. */
+	form = params->base->data[0] & ~1U;
+	EC_GROUP_set_point_conversion_form(group, form);
+
+	ret = 1;
 
  err:
-	if (!ok) {
-		EC_GROUP_free(ret);
-		ret = NULL;
-	}
-	BN_free(p);
-	BN_free(a);
-	BN_free(b);
+	EC_POINT_free(generator);
 	BN_free(order);
 	BN_free(cofactor);
-	EC_POINT_free(point);
 
 	return ret;
 }
 
+static int
+ec_asn1_parameters_extract_prime_group(const ECPARAMETERS *params,
+    EC_GROUP **out_group)
+{
+	EC_GROUP *group = NULL;
+	int ret = 0;
+
+	if (*out_group != NULL)
+		goto err;
+
+	if (!ec_asn1_is_prime_field(params->fieldID))
+		goto err;
+	if (!ec_asn1_parameters_curve2group(params->curve,
+	    params->fieldID->p.prime, &group))
+		goto err;
+	if (!ec_asn1_set_group_parameters(params, group))
+		goto err;
+
+	*out_group = group;
+	group = NULL;
+
+	ret = 1;
+
+ err:
+	EC_GROUP_free(group);
+
+	return ret;
+}
+
+static EC_GROUP *
+ec_asn1_parameters2group(const ECPARAMETERS *params)
+{
+	EC_GROUP *group = NULL;
+
+	if (params == NULL) {
+		ECerror(EC_R_ASN1_ERROR);
+		goto err;
+	}
+
+	if (!ec_asn1_parameters_extract_prime_group(params, &group))
+		goto err;
+
+	return group;
+
+ err:
+	EC_GROUP_free(group);
+
+	return NULL;
+}
+
 EC_GROUP *
 ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
 {

lib/libcrypto/ec/ec_cvt.c

@@ -1,103 +0,0 @@
-/* $OpenBSD: ec_cvt.c,v 1.12 2023/07/07 13:54:45 beck Exp $ */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/err.h>
-#include "ec_local.h"
-
-static EC_GROUP *
-ec_group_new_curve(const EC_METHOD *method, const BIGNUM *p, const BIGNUM *a,
-    const BIGNUM *b, BN_CTX *ctx)
-{
-	EC_GROUP *group;
-
-	if ((group = EC_GROUP_new(method)) == NULL)
-		goto err;
-
-	if (!EC_GROUP_set_curve(group, p, a, b, ctx))
-		goto err;
-
-	return group;
-
- err:
-	EC_GROUP_free(group);
-
-	return NULL;
-}
-
-EC_GROUP *
-EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
-    BN_CTX *ctx)
-{
-	return ec_group_new_curve(EC_GFp_mont_method(), p, a, b, ctx);
-}
-LCRYPTO_ALIAS(EC_GROUP_new_curve_GFp);

lib/libcrypto/ec/ec_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.69 2024/10/15 17:44:43 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.70 2024/10/18 10:57:26 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -544,6 +544,27 @@ EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
 }
 LCRYPTO_ALIAS(EC_GROUP_get_curve_GFp);
 
+EC_GROUP *
+EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
+    BN_CTX *ctx)
+{
+	EC_GROUP *group;
+
+	if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL)
+		goto err;
+
+	if (!EC_GROUP_set_curve(group, p, a, b, ctx))
+		goto err;
+
+	return group;
+
+ err:
+	EC_GROUP_free(group);
+
+	return NULL;
+}
+LCRYPTO_ALIAS(EC_GROUP_new_curve_GFp);
+
 int
 EC_GROUP_get_degree(const EC_GROUP *group)
 {

lib/libcrypto/x86_64cpuid.pl

@@ -1,147 +0,0 @@
-#!/usr/bin/env perl
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-($arg1,$arg2,$arg3,$arg4)=("%rdi","%rsi","%rdx","%rcx");	# Unix order
-
-print<<___;
-.text
-.globl	OPENSSL_ia32_cpuid
-.type	OPENSSL_ia32_cpuid,\@abi-omnipotent
-.align	16
-OPENSSL_ia32_cpuid:
-	_CET_ENDBR
-	mov	%rbx,%r8		# save %rbx
-
-	xor	%eax,%eax
-	cpuid
-	mov	%eax,%r11d		# max value for standard query level
-
-	xor	%eax,%eax
-	cmp	\$0x756e6547,%ebx	# "Genu"
-	setne	%al
-	mov	%eax,%r9d
-	cmp	\$0x49656e69,%edx	# "ineI"
-	setne	%al
-	or	%eax,%r9d
-	cmp	\$0x6c65746e,%ecx	# "ntel"
-	setne	%al
-	or	%eax,%r9d		# 0 indicates Intel CPU
-	jz	.Lintel
-
-	cmp	\$0x68747541,%ebx	# "Auth"
-	setne	%al
-	mov	%eax,%r10d
-	cmp	\$0x69746E65,%edx	# "enti"
-	setne	%al
-	or	%eax,%r10d
-	cmp	\$0x444D4163,%ecx	# "cAMD"
-	setne	%al
-	or	%eax,%r10d		# 0 indicates AMD CPU
-	jnz	.Lintel
-
-	# AMD specific
-	mov	\$0x80000000,%eax
-	cpuid
-	cmp	\$0x80000001,%eax
-	jb	.Lintel
-	mov	%eax,%r10d
-	mov	\$0x80000001,%eax
-	cpuid
-	or	%ecx,%r9d
-	and	\$IA32CAP_MASK1_AMD_XOP,%r9d	# isolate AMD XOP bit
-	or	\$1,%r9d			# make sure %r9d is not zero
-
-	cmp	\$0x80000008,%r10d
-	jb	.Lintel
-
-	mov	\$0x80000008,%eax
-	cpuid
-	movzb	%cl,%r10		# number of cores - 1
-	inc	%r10			# number of cores
-
-	mov	\$1,%eax
-	cpuid
-	bt	\$IA32CAP_BIT0_HT,%edx	# test hyper-threading bit
-	jnc	.Lgeneric
-	shr	\$16,%ebx		# number of logical processors
-	cmp	%r10b,%bl
-	ja	.Lgeneric
-	xor	\$IA32CAP_MASK0_HT,%edx
-	jmp	.Lgeneric
-
-.Lintel:
-	cmp	\$4,%r11d
-	mov	\$-1,%r10d
-	jb	.Lnocacheinfo
-
-	mov	\$4,%eax
-	mov	\$0,%ecx		# query L1D
-	cpuid
-	mov	%eax,%r10d
-	shr	\$14,%r10d
-	and	\$0xfff,%r10d		# number of cores -1 per L1D
-
-.Lnocacheinfo:
-	mov	\$1,%eax
-	cpuid
-	# force reserved bits to 0
-	and	\$(~(IA32CAP_MASK0_INTELP4 | IA32CAP_MASK0_INTEL)),%edx
-	cmp	\$0,%r9d
-	jne	.Lnotintel
-	# set reserved bit#30 on Intel CPUs
-	or	\$IA32CAP_MASK0_INTEL,%edx
-	and	\$15,%ah
-	cmp	\$15,%ah		# examine Family ID
-	jne	.Lnotintel
-	# set reserved bit#20 to engage RC4_CHAR
-	or	\$IA32CAP_MASK0_INTELP4,%edx
-.Lnotintel:
-	bt	\$IA32CAP_BIT0_HT,%edx	# test hyper-threading bit
-	jnc	.Lgeneric
-	xor	\$IA32CAP_MASK0_HT,%edx
-	cmp	\$0,%r10d
-	je	.Lgeneric
-
-	or	\$IA32CAP_MASK0_HT,%edx
-	shr	\$16,%ebx
-	cmp	\$1,%bl			# see if cache is shared
-	ja	.Lgeneric
-	xor	\$IA32CAP_MASK0_HT,%edx	# clear hyper-threading bit if not
-
-.Lgeneric:
-	and	\$IA32CAP_MASK1_AMD_XOP,%r9d	# isolate AMD XOP flag
-	and	\$(~IA32CAP_MASK1_AMD_XOP),%ecx
-	or	%ecx,%r9d		# merge AMD XOP flag
-
-	mov	%edx,%r10d		# %r9d:%r10d is copy of %ecx:%edx
-	bt	\$IA32CAP_BIT1_OSXSAVE,%r9d	# check OSXSAVE bit
-	jnc	.Lclear_avx
-	xor	%ecx,%ecx		# XCR0
-	.byte	0x0f,0x01,0xd0		# xgetbv
-	and	\$6,%eax		# isolate XMM and YMM state support
-	cmp	\$6,%eax
-	je	.Ldone
-.Lclear_avx:
-	mov	\$(~(IA32CAP_MASK1_AVX | IA32CAP_MASK1_FMA3 | IA32CAP_MASK1_AMD_XOP)),%eax
-	and	%eax,%r9d		# clear AVX, FMA and AMD XOP bits
-.Ldone:
-	shl	\$32,%r9
-	mov	%r10d,%eax
-	mov	%r8,%rbx		# restore %rbx
-	or	%r9,%rax
-	ret
-.size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
-___
-
-close STDOUT;	# flush

lib/libcrypto/x86_arch.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: x86_arch.h,v 1.1 2016/11/04 17:30:30 miod Exp $	*/
+/*	$OpenBSD: x86_arch.h,v 1.2 2024/10/18 13:36:24 jsing Exp $	*/
 /*
  * Copyright (c) 2016 Miodrag Vallat.
  *
@@ -76,15 +76,20 @@
 #define	IA32CAP_MASK1_SSSE3	(1 << IA32CAP_BIT1_SSSE3)
 #define	IA32CAP_MASK1_FMA3	(1 << IA32CAP_BIT1_FMA3)
 #define	IA32CAP_MASK1_AESNI	(1 << IA32CAP_BIT1_AESNI)
+#define	IA32CAP_MASK1_OSXSAVE	(1 << IA32CAP_BIT1_OSXSAVE)
 #define	IA32CAP_MASK1_AVX	(1 << IA32CAP_BIT1_AVX)
 
 #define	IA32CAP_MASK1_AMD_XOP	(1 << IA32CAP_BIT1_AMD_XOP)
 
 /* bit masks for OPENSSL_cpu_caps() */
+#define	CPUCAP_MASK_HT		IA32CAP_MASK0_HT
 #define	CPUCAP_MASK_MMX		IA32CAP_MASK0_MMX
 #define	CPUCAP_MASK_FXSR	IA32CAP_MASK0_FXSR
 #define	CPUCAP_MASK_SSE		IA32CAP_MASK0_SSE
+#define	CPUCAP_MASK_SSE2	IA32CAP_MASK0_SSE2
+#define	CPUCAP_MASK_INTEL	IA32CAP_MASK0_INTEL
 #define	CPUCAP_MASK_INTELP4	IA32CAP_MASK0_INTELP4
 #define	CPUCAP_MASK_PCLMUL	(1ULL << (32 + IA32CAP_BIT1_PCLMUL))
 #define	CPUCAP_MASK_SSSE3	(1ULL << (32 + IA32CAP_BIT1_SSSE3))
 #define	CPUCAP_MASK_AESNI	(1ULL << (32 + IA32CAP_BIT1_AESNI))
+#define	CPUCAP_MASK_AVX		(1ULL << (32 + IA32CAP_BIT1_AVX))