sync with OpenBSD -current

lib/libcrypto/bn/bn_convert.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_convert.c,v 1.18 2024/04/16 13:14:46 jsing Exp $ */
+/* $OpenBSD: bn_convert.c,v 1.21 2024/04/17 21:55:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -154,7 +154,7 @@ BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
 LCRYPTO_ALIAS(BN_bn2binpad);
 
 static int
-bn_bin2bn_cbs(BIGNUM **bnp, CBS *cbs)
+bn_bin2bn_cbs(BIGNUM **bnp, CBS *cbs, int lebin)
 {
 	BIGNUM *bn = NULL;
 	BN_ULONG w;
@@ -173,8 +173,13 @@ bn_bin2bn_cbs(BIGNUM **bnp, CBS *cbs)
 	w = 0;
 
 	while (CBS_len(cbs) > 0) {
-		if (!CBS_get_last_u8(cbs, &v))
-			goto err;
+		if (lebin) {
+			if (!CBS_get_u8(cbs, &v))
+				goto err;
+		} else {
+			if (!CBS_get_last_u8(cbs, &v))
+				goto err;
+		}
 
 		w |= (BN_ULONG)v << b;
 		b += 8;
@@ -212,7 +217,7 @@ BN_bin2bn(const unsigned char *d, int len, BIGNUM *bn)
 
 	CBS_init(&cbs, d, len);
 
-	if (!bn_bin2bn_cbs(&bn, &cbs))
+	if (!bn_bin2bn_cbs(&bn, &cbs, 0))
 		return NULL;
 
 	return bn;
@@ -230,56 +235,19 @@ BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
 LCRYPTO_ALIAS(BN_bn2lebinpad);
 
 BIGNUM *
-BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
+BN_lebin2bn(const unsigned char *d, int len, BIGNUM *bn)
 {
-	unsigned int i, m, n;
-	BN_ULONG l;
-	BIGNUM *bn = NULL;
+	CBS cbs;
 
-	if (ret == NULL)
-		ret = bn = BN_new();
-	if (ret == NULL)
+	if (len < 0)
 		return NULL;
 
+	CBS_init(&cbs, d, len);
 
-	s += len;
-	/* Skip trailing zeroes. */
-	for (; len > 0 && s[-1] == 0; s--, len--)
-		continue;
-
-	n = len;
-	if (n == 0) {
-		ret->top = 0;
-		return ret;
-	}
-
-	i = ((n - 1) / BN_BYTES) + 1;
-	m = (n - 1) % BN_BYTES;
-	if (!bn_wexpand(ret, (int)i)) {
-		BN_free(bn);
+	if (!bn_bin2bn_cbs(&bn, &cbs, 1))
 		return NULL;
-	}
 
-	ret->top = i;
-	ret->neg = 0;
-	l = 0;
-	while (n-- > 0) {
-		s--;
-		l = (l << 8L) | *s;
-		if (m-- == 0) {
-			ret->d[--i] = l;
-			l = 0;
-			m = BN_BYTES - 1;
-		}
-	}
-
-	/*
-	 * need to call this due to clear byte at top if avoiding having the
-	 * top bit set (-ve number)
-	 */
-	bn_correct_top(ret);
-
-	return ret;
+	return bn;
 }
 LCRYPTO_ALIAS(BN_lebin2bn);
 
@@ -752,45 +720,41 @@ BN_bn2mpi(const BIGNUM *a, unsigned char *d)
 LCRYPTO_ALIAS(BN_bn2mpi);
 
 BIGNUM *
-BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
+BN_mpi2bn(const unsigned char *d, int n, BIGNUM *bn_in)
 {
-	BIGNUM *a = ain;
-	long len;
+	BIGNUM *bn = bn_in;
+	uint32_t mpi_len;
+	uint8_t v;
 	int neg = 0;
+	CBS cbs;
 
-	if (n < 4) {
+	if (n < 0)
+		return NULL;
+
+	CBS_init(&cbs, d, n);
+
+	if (!CBS_get_u32(&cbs, &mpi_len)) {
 		BNerror(BN_R_INVALID_LENGTH);
-		return (NULL);
+		return NULL;
 	}
-	len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) |
-	    (int)d[3];
-	if ((len + 4) != n) {
+	if (CBS_len(&cbs) != mpi_len) {
 		BNerror(BN_R_ENCODING_ERROR);
-		return (NULL);
+		return NULL;
+	}
+	if (CBS_len(&cbs) > 0) {
+		if (!CBS_peek_u8(&cbs, &v))
+			return NULL;
+		neg = (v >> 7) & 1;
 	}
 
-	if (a == NULL)
-		a = BN_new();
-	if (a == NULL)
-		return (NULL);
+	if (!bn_bin2bn_cbs(&bn, &cbs, 0))
+		return NULL;
 
-	if (len == 0) {
-		a->neg = 0;
-		a->top = 0;
-		return (a);
-	}
-	d += 4;
-	if ((*d) & 0x80)
-		neg = 1;
-	if (BN_bin2bn(d, (int)len, a) == NULL) {
-		if (ain == NULL)
-			BN_free(a);
-		return (NULL);
-	}
-	BN_set_negative(a, neg);
-	if (neg) {
-		BN_clear_bit(a, BN_num_bits(a) - 1);
-	}
-	return (a);
+	if (neg)
+		BN_clear_bit(bn, BN_num_bits(bn) - 1);
+
+	BN_set_negative(bn, neg);
+
+	return bn;
 }
 LCRYPTO_ALIAS(BN_mpi2bn);

lib/libcrypto/crypto_internal.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_internal.h,v 1.9 2024/03/28 08:36:13 jsing Exp $ */
+/*	$OpenBSD: crypto_internal.h,v 1.10 2024/04/17 14:43:37 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -26,6 +26,73 @@
 #define CTASSERT(x) \
     extern char _ctassert[(x) ? 1 : -1] __attribute__((__unused__))
 
+/*
+ * Constant time operations for uint8_t.
+ */
+#ifndef HAVE_CRYPTO_CT_NE_ZERO_U8
+static inline int
+crypto_ct_ne_zero_u8(uint8_t v)
+{
+	return (uint8_t)(v | ~(v - 1)) >> ((sizeof(v) * 8) - 1);
+}
+#endif
+
+#ifndef HAVE_CRYPTO_CT_NE_ZERO_MASK_U8
+static inline uint8_t
+crypto_ct_ne_zero_mask_u8(uint8_t v)
+{
+	return 0 - crypto_ct_ne_zero_u8(v);
+}
+#endif
+
+#ifndef HAVE_CRYPTO_CT_EQ_ZERO_U8
+static inline int
+crypto_ct_eq_zero_u8(uint8_t v)
+{
+	return 1 - crypto_ct_ne_zero_u8(v);
+}
+#endif
+
+#ifndef HAVE_CRYPTO_CT_EQ_ZERO_MASK_U8
+static inline uint8_t
+crypto_ct_eq_zero_mask_u8(uint8_t v)
+{
+	return 0 - crypto_ct_eq_zero_u8(v);
+}
+#endif
+
+#ifndef HAVE_CRYPTO_CT_NE_U8
+static inline int
+crypto_ct_ne_u8(uint8_t a, uint8_t b)
+{
+	return crypto_ct_ne_zero_u8(a - b);
+}
+#endif
+
+#ifndef HAVE_CRYPTO_CT_NE_MASK_U8
+static inline uint8_t
+crypto_ct_ne_mask_u8(uint8_t a, uint8_t b)
+{
+	return 0 - crypto_ct_ne_u8(a, b);
+}
+#endif
+
+#ifndef HAVE_CRYPTO_CT_EQ_U8
+static inline int
+crypto_ct_eq_u8(uint8_t a, uint8_t b)
+{
+	return crypto_ct_eq_zero_u8(a - b);
+}
+#endif
+
+#ifndef HAVE_CRYPTO_CT_EQ_MASK_U8
+static inline uint8_t
+crypto_ct_eq_mask_u8(uint8_t a, uint8_t b)
+{
+	return 0 - crypto_ct_eq_u8(a, b);
+}
+#endif
+
 /*
  * crypto_load_be32toh() loads a 32 bit unsigned big endian value as a 32 bit
  * unsigned host endian value, from the specified address in memory. The memory

lib/libcrypto/ec/ec_ameth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.53 2024/04/14 15:41:09 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.63 2024/04/17 14:01:33 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -912,77 +912,61 @@ static int
 ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 {
 	EVP_PKEY_CTX *pctx;
-	EVP_PKEY *pkey;
 	EVP_CIPHER_CTX *ctx;
 	int keylen;
 	X509_ALGOR *talg, *wrap_alg = NULL;
 	const ASN1_OBJECT *aoid;
 	ASN1_BIT_STRING *pubkey;
-	ASN1_STRING *wrap_str;
+	ASN1_STRING *wrap_str = NULL;
 	ASN1_OCTET_STRING *ukm;
 	unsigned char *penc = NULL;
 	int penclen;
-	int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
+	int ecdh_nid, kdf_nid, wrap_nid;
 	const EVP_MD *kdf_md;
-	int rv = 0;
+	int ret = 0;
 
-	pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-	if (!pctx)
-		return 0;
-	/* Get ephemeral key */
-	pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+	if ((pctx = CMS_RecipientInfo_get0_pkey_ctx(ri)) == NULL)
+		goto err;
 	if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
 	    NULL, NULL, NULL))
 		goto err;
+
 	X509_ALGOR_get0(&aoid, NULL, NULL, talg);
-
-	/* Is everything uninitialised? */
 	if (aoid == OBJ_nid2obj(NID_undef)) {
-		EC_KEY *eckey = pkey->pkey.ec;
-		unsigned char *p;
+		EVP_PKEY *pkey;
 
-		/* Set the key */
-		penclen = i2o_ECPublicKey(eckey, NULL);
-		if (penclen <= 0)
+		if ((pkey = EVP_PKEY_CTX_get0_pkey(pctx)) == NULL)
 			goto err;
-		penc = malloc(penclen);
-		if (penc == NULL)
-			goto err;
-		p = penc;
-		penclen = i2o_ECPublicKey(eckey, &p);
-		if (penclen <= 0)
+
+		penc = NULL;
+		if ((penclen = i2o_ECPublicKey(pkey->pkey.ec, &penc)) <= 0)
 			goto err;
+
 		ASN1_STRING_set0(pubkey, penc, penclen);
-		if (!asn1_abs_set_unused_bits(pubkey, 0))
-			goto err;
 		penc = NULL;
 
-		X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
-		    V_ASN1_UNDEF, NULL);
+		if (!asn1_abs_set_unused_bits(pubkey, 0))
+			goto err;
+
+		if (!X509_ALGOR_set0_by_nid(talg, NID_X9_62_id_ecPublicKey,
+		    V_ASN1_UNDEF, NULL))
+			goto err;
 	}
 
-	/* See if custom parameters set */
-	kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
-	if (kdf_type <= 0)
+	if (EVP_PKEY_CTX_get_ecdh_kdf_type(pctx) != EVP_PKEY_ECDH_KDF_NONE)
 		goto err;
-	if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
+	if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
 		goto err;
-	ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);
-	if (ecdh_nid < 0)
+
+	if ((ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx)) < 0)
 		goto err;
-	else if (ecdh_nid == 0)
+	if (ecdh_nid == 0)
 		ecdh_nid = NID_dh_std_kdf;
 	else if (ecdh_nid == 1)
 		ecdh_nid = NID_dh_cofactor_kdf;
 
-	if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
-		kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
-		if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
-			goto err;
-	} else {
-		/* Unknown KDF */
+	if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
 		goto err;
-	}
 	if (kdf_md == NULL) {
 		/* Fixme later for better MD */
 		kdf_md = EVP_sha1();
@@ -1002,53 +986,60 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 	wrap_nid = EVP_CIPHER_CTX_type(ctx);
 	keylen = EVP_CIPHER_CTX_key_length(ctx);
 
-	/* Package wrap algorithm in an AlgorithmIdentifier */
+	/*
+	 * Package wrap algorithm in an AlgorithmIdentifier.
+	 *
+	 * Incompatibility of X509_ALGOR_set0() with EVP_CIPHER_param_to_asn1()
+	 * makes this really gross.
+	 */
 
-	wrap_alg = X509_ALGOR_new();
-	if (wrap_alg == NULL)
+	if ((wrap_alg = X509_ALGOR_new()) == NULL)
 		goto err;
-	wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
-	wrap_alg->parameter = ASN1_TYPE_new();
-	if (wrap_alg->parameter == NULL)
+	if ((wrap_alg->algorithm = OBJ_nid2obj(wrap_nid)) == NULL)
+		goto err;
+	if ((wrap_alg->parameter = ASN1_TYPE_new()) == NULL)
 		goto err;
 	if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
 		goto err;
-	if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+	if (ASN1_TYPE_get(wrap_alg->parameter) == V_ASN1_UNDEF) {
 		ASN1_TYPE_free(wrap_alg->parameter);
 		wrap_alg->parameter = NULL;
 	}
 
+	if ((penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen)) <= 0)
+		goto err;
+
 	if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
 		goto err;
-
-	penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
-	if (penclen <= 0)
-		goto err;
-
 	if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
 		goto err;
 	penc = NULL;
 
 	/*
-	 * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
-	 * of another AlgorithmIdentifier.
+	 * Wrap encoded wrap AlgorithmIdentifier into parameter of another
+	 * AlgorithmIdentifier.
 	 */
-	penclen = i2d_X509_ALGOR(wrap_alg, &penc);
-	if (penclen <= 0)
+
+	if ((penclen = i2d_X509_ALGOR(wrap_alg, &penc)) <= 0)
 		goto err;
-	wrap_str = ASN1_STRING_new();
-	if (wrap_str == NULL)
+
+	if ((wrap_str = ASN1_STRING_new()) == NULL)
 		goto err;
 	ASN1_STRING_set0(wrap_str, penc, penclen);
 	penc = NULL;
-	X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str);
 
-	rv = 1;
+	if (!X509_ALGOR_set0_by_nid(talg, kdf_nid, V_ASN1_SEQUENCE, wrap_str))
+		goto err;
+	wrap_str = NULL;
+
+	ret = 1;
 
  err:
 	free(penc);
+	ASN1_STRING_free(wrap_str);
 	X509_ALGOR_free(wrap_alg);
-	return rv;
+
+	return ret;
 }
 
 #endif

lib/libcrypto/ec/ec_asn1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1.c,v 1.52 2024/04/15 15:46:29 tb Exp $ */
+/* $OpenBSD: ec_asn1.c,v 1.53 2024/04/17 23:24:18 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -74,7 +74,6 @@ EC_GROUP_get_basis_type(const EC_GROUP *group)
 }
 LCRYPTO_ALIAS(EC_GROUP_get_basis_type);
 
-/* some structures needed for the asn1 encoding */
 typedef struct x9_62_pentanomial_st {
 	long k1;
 	long k2;
@@ -134,7 +133,6 @@ typedef struct ecpk_parameters_st {
 	} value;
 } ECPKPARAMETERS;
 
-/* SEC1 ECPrivateKey */
 typedef struct ec_privatekey_st {
 	long version;
 	ASN1_OCTET_STRING *privateKey;
@@ -142,7 +140,6 @@ typedef struct ec_privatekey_st {
 	ASN1_BIT_STRING *publicKey;
 } EC_PRIVATEKEY;
 
-/* the OpenSSL ASN.1 definitions */
 static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt[] = {
 	{
 		.flags = 0,
@@ -418,9 +415,6 @@ const ASN1_ITEM ECPARAMETERS_it = {
 	.sname = "ECPARAMETERS",
 };
 
-static ECPARAMETERS *ECPARAMETERS_new(void);
-static void ECPARAMETERS_free(ECPARAMETERS *a);
-
 static ECPARAMETERS *
 ECPARAMETERS_new(void)
 {
@@ -467,11 +461,6 @@ const ASN1_ITEM ECPKPARAMETERS_it = {
 	.sname = "ECPKPARAMETERS",
 };
 
-static ECPKPARAMETERS *ECPKPARAMETERS_new(void);
-static void ECPKPARAMETERS_free(ECPKPARAMETERS *a);
-static ECPKPARAMETERS *d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len);
-static int i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out);
-
 static ECPKPARAMETERS *
 d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len)
 {
@@ -538,11 +527,6 @@ static const ASN1_ITEM EC_PRIVATEKEY_it = {
 	.sname = "EC_PRIVATEKEY",
 };
 
-static EC_PRIVATEKEY *EC_PRIVATEKEY_new(void);
-static void EC_PRIVATEKEY_free(EC_PRIVATEKEY *a);
-static EC_PRIVATEKEY *d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len);
-static int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out);
-
 static EC_PRIVATEKEY *
 d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len)
 {
@@ -568,28 +552,6 @@ EC_PRIVATEKEY_free(EC_PRIVATEKEY *a)
 	ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it);
 }
 
-/* some declarations of internal function */
-
-/* ec_asn1_group2fieldid() sets the values in a X9_62_FIELDID object */
-static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
-/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
-static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
-/* ec_asn1_parameters2group() creates a EC_GROUP object from a
- * ECPARAMETERS object */
-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
-/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a
- * EC_GROUP object */
-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *);
-/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
- * ECPKPARAMETERS object */
-static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
-/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
- * EC_GROUP object */
-static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
-    ECPKPARAMETERS *);
-
-/* the function definitions */
-
 static int
 ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
 {
@@ -1046,8 +1008,6 @@ ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
 	return ret;
 }
 
-/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
-
 EC_GROUP *
 d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
 {
@@ -1093,8 +1053,6 @@ i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
 }
 LCRYPTO_ALIAS(i2d_ECPKParameters);
 
-/* some EC_KEY functions */
-
 EC_KEY *
 d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
 {

lib/libcrypto/evp/pmeth_gn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.18 2024/04/12 09:41:39 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.19 2024/04/17 08:24:11 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -87,7 +87,7 @@ EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 {
 	int ret;
 
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
+	if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->paramgen == NULL) {
 		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 		return -2;
 	}
@@ -97,17 +97,19 @@ EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 		return -1;
 	}
 
-	if (!ppkey)
+	if (ppkey == NULL)
 		return -1;
 
-	if (!*ppkey)
+	if (*ppkey == NULL)
 		*ppkey = EVP_PKEY_new();
+	if (*ppkey == NULL)
+		return -1;
 
-	ret = ctx->pmeth->paramgen(ctx, *ppkey);
-	if (ret <= 0) {
+	if ((ret = ctx->pmeth->paramgen(ctx, *ppkey)) <= 0) {
 		EVP_PKEY_free(*ppkey);
 		*ppkey = NULL;
 	}
+
 	return ret;
 }
 LCRYPTO_ALIAS(EVP_PKEY_paramgen);

lib/libcrypto/o_fips.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: o_fips.c,v 1.8 2024/04/15 16:05:49 tb Exp $ */
+/* $OpenBSD: o_fips.c,v 1.9 2024/04/17 22:43:42 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2011.
  */
@@ -56,9 +56,8 @@
  *
  */
 
-#include <openssl/err.h>
-
 #include <openssl/crypto.h>
+#include <openssl/err.h>
 
 int
 FIPS_mode(void)