sync with OpenBSD -current

lib/libcrypto/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.196 2024/06/24 06:43:22 tb Exp $
+# $OpenBSD: Makefile,v 1.199 2024/07/09 16:41:44 tb Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -19,9 +19,9 @@ CFLAGS+= -Wall -Wundef
 CFLAGS+= -Werror -Wshadow
 .endif
 CFLAGS+= -DLIBRESSL_INTERNAL
-.ifdef NAMESPACE
+
 CFLAGS+= -DLIBRESSL_NAMESPACE -DLIBRESSL_CRYPTO_NAMESPACE
-.endif
+
 CFLAGS+= -DHAVE_FUNOPEN
 
 CFLAGS+= -I${LCRYPTO_SRC}
@@ -391,6 +391,7 @@ SRCS+= idea.c
 # kdf/
 SRCS+= hkdf_evp.c
 SRCS+= kdf_err.c
+SRCS+= tls1_prf.c
 
 # lhash/
 SRCS+= lhash.c
@@ -745,18 +746,11 @@ includes: prereq
 	    echo $$j; \
 	    eval "$$j"; \
 	done;
-.ifdef NAMESPACE
 ${VERSION_SCRIPT}: ${SYMBOL_LIST} ${SYMBOL_NAMESPACE}
 	{ printf '{\n\tglobal:\n'; \
 	  sed '/^[._a-zA-Z]/s/$$/;/; s/^/		/' ${SYMBOL_NAMESPACE}; \
 	  sed '/^[._a-zA-Z]/s/$$/;/; s/^/		/' ${SYMBOL_LIST}; \
 	  printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
-.else
-${VERSION_SCRIPT}: ${SYMBOL_LIST}
-	{ printf '{\n\tglobal:\n'; \
-	  sed '/^[._a-zA-Z]/s/$$/;/; s/^/		/' ${SYMBOL_LIST}; \
-	  printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
-.endif
 
 # generated
 CFLAGS+= -I${.OBJDIR}

lib/libcrypto/Symbols.namespace

@@ -1856,10 +1856,6 @@ _libre_idea_cbc_encrypt
 _libre_idea_cfb64_encrypt
 _libre_idea_ofb64_encrypt
 _libre_idea_encrypt
-_libre_OCSP_RESPID_new
-_libre_OCSP_RESPID_free
-_libre_d2i_OCSP_RESPID
-_libre_i2d_OCSP_RESPID
 _libre_OCSP_CERTID_dup
 _libre_OCSP_sendreq_bio
 _libre_OCSP_sendreq_new
@@ -3231,7 +3227,6 @@ _libre_POLICYQUALINFO_it
 _libre_USERNOTICE_it
 _libre_NOTICEREF_it
 _libre_CRL_DIST_POINTS_it
-_libre_DIST_POINT_it
 _libre_DIST_POINT_NAME_it
 _libre_DIST_POINT_it
 _libre_ISSUING_DIST_POINT_it
@@ -3294,7 +3289,6 @@ _libre_ASN1_GENERALSTRING_it
 _libre_ASN1_UTCTIME_it
 _libre_ASN1_GENERALIZEDTIME_it
 _libre_ASN1_TIME_it
-_libre_OCSP_RESPID_it
 _libre_OCSP_SINGLERESP_it
 _libre_OCSP_CERTSTATUS_it
 _libre_OCSP_REVOKEDINFO_it
@@ -3334,6 +3328,27 @@ _libre_RSA_OAEP_PARAMS_it
 _libre_DSAPublicKey_it
 _libre_DSAPrivateKey_it
 _libre_DSAparams_it
+_libre_CMS_ContentInfo_it
+_libre_CMS_ReceiptRequest_it
+_libre_PKCS12_it
+_libre_PKCS12_SAFEBAG_it
+_libre_BIO_get_ex_new_index
+_libre_BIO_new_bio_pair
+_libre_ASN1_UTCTIME_cmp_time_t
+_libre_ASN1_dup
+_libre_CMS_get0_content
+_libre_PKCS7_add_attribute
+_libre_UI_method_get_prompt_constructor
+_libre_UI_null
+_libre_X509_STORE_CTX_get_check_issued
+_libre_X509_STORE_get_check_issued
+_libre_X509_STORE_set_check_issued
+_libre_lh_error
+_libre_DES_check_key
+_libre_DES_rw_mode
+_libre_CRYPTO_get_dynlock_create_callback
+_libre_ERR_add_error_data
+_libre_ERR_add_error_vdata
 _libre_RSAPublicKey_it
 _libre_RSAPrivateKey_it
 _libre_RSA_PSS_PARAMS_it

lib/libcrypto/bio/bio_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_lib.c,v 1.53 2024/03/27 01:22:30 tb Exp $ */
+/* $OpenBSD: bio_lib.c,v 1.54 2024/07/09 06:14:59 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -851,6 +851,7 @@ BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
 	    new_func, dup_func, free_func);
 }
+LCRYPTO_ALIAS(BIO_get_ex_new_index);
 
 int
 BIO_set_ex_data(BIO *bio, int idx, void *data)

lib/libcrypto/bio/bss_bio.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_bio.c,v 1.28 2023/07/28 10:13:50 tb Exp $ */
+/* $OpenBSD: bss_bio.c,v 1.29 2024/07/09 06:14:59 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *
@@ -617,6 +617,7 @@ BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, BIO **bio2_p, size_t writebuf2)
 	*bio2_p = bio2;
 	return ret;
 }
+LCRYPTO_ALIAS(BIO_new_bio_pair);
 
 size_t
 BIO_ctrl_get_write_guarantee(BIO *bio)

lib/libcrypto/cms/cms_asn1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_asn1.c,v 1.23 2023/07/08 08:26:26 beck Exp $ */
+/* $OpenBSD: cms_asn1.c,v 1.24 2024/07/09 06:12:45 beck Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -1390,6 +1390,7 @@ const ASN1_ITEM CMS_ContentInfo_it = {
 	.size = sizeof(CMS_ContentInfo),
 	.sname = "CMS_ContentInfo",
 };
+LCRYPTO_ALIAS(CMS_ContentInfo_it);
 
 /* Specials for signed attributes */
 
@@ -1501,6 +1502,7 @@ const ASN1_ITEM CMS_ReceiptRequest_it = {
 	.size = sizeof(CMS_ReceiptRequest),
 	.sname = "CMS_ReceiptRequest",
 };
+LCRYPTO_ALIAS(CMS_ReceiptRequest_it);
 
 static const ASN1_TEMPLATE CMS_Receipt_seq_tt[] = {
 	{

lib/libcrypto/cryptlib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptlib.c,v 1.51 2024/04/21 13:41:14 tb Exp $ */
+/* $OpenBSD: cryptlib.c,v 1.52 2024/07/09 07:16:44 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -281,6 +281,7 @@ struct CRYPTO_dynlock_value *
 {
 	return NULL;
 }
+LCRYPTO_ALIAS(CRYPTO_get_dynlock_create_callback);
 
 void
 (*CRYPTO_get_dynlock_lock_callback(void))(int mode,

lib/libcrypto/des/enc_read.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: enc_read.c,v 1.19 2024/05/24 19:16:53 tb Exp $ */
+/* $OpenBSD: enc_read.c,v 1.20 2024/07/09 07:16:13 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -67,6 +67,7 @@
  */
 
 int DES_rw_mode = DES_PCBC_MODE;
+LCRYPTO_ALIAS(DES_rw_mode);
 
 int
 DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,

lib/libcrypto/des/set_key.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: set_key.c,v 1.27 2024/03/29 01:47:29 joshua Exp $ */
+/* $OpenBSD: set_key.c,v 1.28 2024/07/09 07:16:13 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -63,6 +63,7 @@
 #include "des_local.h"
 
 int DES_check_key = 0;	/* defaults to false */
+LCRYPTO_ALIAS(DES_check_key);
 
 static const unsigned char odd_parity[256] = {
 	1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,

lib/libcrypto/err/err.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: err.c,v 1.61 2024/06/24 06:43:22 tb Exp $ */
+/* $OpenBSD: err.c,v 1.62 2024/07/09 07:17:13 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1149,6 +1149,7 @@ ERR_add_error_vdata(int num, va_list args)
 	else
 		ERR_set_error_data(errbuf, ERR_TXT_MALLOCED|ERR_TXT_STRING);
 }
+LCRYPTO_ALIAS(ERR_add_error_vdata);
 
 void
 ERR_add_error_data(int num, ...)
@@ -1158,6 +1159,7 @@ ERR_add_error_data(int num, ...)
 	ERR_add_error_vdata(num, args);
 	va_end(args);
 }
+LCRYPTO_ALIAS(ERR_add_error_data);
 
 int
 ERR_set_mark(void)

lib/libcrypto/err/err.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: err.h,v 1.33 2024/03/02 10:32:26 tb Exp $ */
+/* $OpenBSD: err.h,v 1.34 2024/07/09 07:17:13 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -374,10 +374,8 @@ void ERR_print_errors_fp(FILE *fp);
 void ERR_print_errors(BIO *bp);
 #endif
 void ERR_asprintf_error_data(char * format, ...);
-#ifndef LIBRESSL_INTERNAL
 void ERR_add_error_data(int num, ...);
 void ERR_add_error_vdata(int num, va_list args);
-#endif
 void ERR_load_strings(int lib, ERR_STRING_DATA *str);
 void ERR_unload_strings(int lib, ERR_STRING_DATA *str);
 void ERR_load_ERR_strings(void);

lib/libcrypto/evp/evp.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.134 2024/04/14 14:14:14 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.135 2024/07/09 16:15:37 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -113,6 +113,7 @@
 #define EVP_PKEY_HMAC		NID_hmac
 #define EVP_PKEY_CMAC		NID_cmac
 #define EVP_PKEY_HKDF		NID_hkdf
+#define EVP_PKEY_TLS1_PRF	NID_tls1_prf
 #define EVP_PKEY_GOSTR12_256	NID_id_tc26_gost3410_2012_256
 #define EVP_PKEY_GOSTR12_512	NID_id_tc26_gost3410_2012_512
 #define EVP_PKEY_ED25519	NID_ED25519

lib/libcrypto/evp/pmeth_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.40 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.41 2024/07/09 17:02:29 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -80,6 +80,7 @@ extern const EVP_PKEY_METHOD hkdf_pkey_meth;
 extern const EVP_PKEY_METHOD hmac_pkey_meth;
 extern const EVP_PKEY_METHOD rsa_pkey_meth;
 extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
+extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
 extern const EVP_PKEY_METHOD x25519_pkey_meth;
 
 static const EVP_PKEY_METHOD *pkey_methods[] = {
@@ -92,6 +93,7 @@ static const EVP_PKEY_METHOD *pkey_methods[] = {
 	&hmac_pkey_meth,
 	&rsa_pkey_meth,
 	&rsa_pss_pkey_meth,
+	&tls1_prf_pkey_meth,
 	&x25519_pkey_meth,
 };
 

lib/libcrypto/hidden/openssl/bio.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio.h,v 1.7 2024/03/02 09:22:41 tb Exp $ */
+/* $OpenBSD: bio.h,v 1.8 2024/07/09 06:14:59 beck Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -136,5 +136,7 @@ LCRYPTO_USED(BIO_new_accept);
 LCRYPTO_USED(BIO_copy_next_retry);
 LCRYPTO_USED(BIO_printf);
 LCRYPTO_USED(ERR_load_BIO_strings);
+LCRYPTO_USED(BIO_get_ex_new_index);
+LCRYPTO_USED(BIO_new_bio_pair);
 
 #endif /* _LIBCRYPTO_BIO_H */

lib/libcrypto/hidden/openssl/cms.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms.h,v 1.3 2024/03/30 01:53:05 joshua Exp $ */
+/* $OpenBSD: cms.h,v 1.4 2024/07/09 06:12:45 beck Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -153,5 +153,9 @@ LCRYPTO_USED(CMS_RecipientInfo_kari_get0_ctx);
 LCRYPTO_USED(CMS_RecipientInfo_kari_decrypt);
 LCRYPTO_USED(CMS_SharedInfo_encode);
 LCRYPTO_USED(ERR_load_CMS_strings);
+#if defined(LIBRESSL_NAMESPACE)
+extern LCRYPTO_USED(CMS_ContentInfo_it);
+extern LCRYPTO_USED(CMS_ReceiptRequest_it);
+#endif
 
 #endif /* _LIBCRYPTO_CMS_H */

lib/libcrypto/hidden/openssl/crypto.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.7 2024/04/10 14:51:02 beck Exp $ */
+/* $OpenBSD: crypto.h,v 1.8 2024/07/09 07:16:44 beck Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -69,6 +69,7 @@ LCRYPTO_UNUSED(CRYPTO_set_dynlock_lock_callback);
 LCRYPTO_UNUSED(CRYPTO_set_dynlock_destroy_callback);
 LCRYPTO_UNUSED(CRYPTO_get_dynlock_lock_callback);
 LCRYPTO_UNUSED(CRYPTO_get_dynlock_destroy_callback);
+LCRYPTO_UNUSED(CRYPTO_get_dynlock_create_callback);
 LCRYPTO_UNUSED(CRYPTO_malloc);
 LCRYPTO_UNUSED(CRYPTO_strdup);
 LCRYPTO_UNUSED(CRYPTO_free);

lib/libcrypto/hidden/openssl/des.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: des.h,v 1.1 2024/03/29 01:47:29 joshua Exp $ */
+/* $OpenBSD: des.h,v 1.2 2024/07/09 07:16:13 beck Exp $ */
 /*
  * Copyright (c) 2024 Joshua Sing <joshua@joshuasing.dev>
  *
@@ -60,5 +60,9 @@ LCRYPTO_USED(DES_string_to_key);
 LCRYPTO_USED(DES_string_to_2keys);
 LCRYPTO_USED(DES_cfb64_encrypt);
 LCRYPTO_USED(DES_ofb64_encrypt);
+#if defined(LIBRESSL_NAMESPACE)
+extern LCRYPTO_USED(DES_check_key);
+extern LCRYPTO_USED(DES_rw_mode);
+#endif
 
 #endif /* _LIBCRYPTO_DES_H */

lib/libcrypto/hidden/openssl/err.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: err.h,v 1.5 2024/03/02 10:30:48 tb Exp $ */
+/* $OpenBSD: err.h,v 1.6 2024/07/09 07:17:13 beck Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -56,5 +56,7 @@ LCRYPTO_USED(ERR_remove_state);
 LCRYPTO_USED(ERR_get_next_error_library);
 LCRYPTO_USED(ERR_set_mark);
 LCRYPTO_USED(ERR_pop_to_mark);
+LCRYPTO_UNUSED(ERR_add_error_data);
+LCRYPTO_UNUSED(ERR_add_error_vdata);
 
 #endif /* _LIBCRYPTO_ERR_H */

lib/libcrypto/hidden/openssl/pkcs12.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.h,v 1.3 2024/03/02 10:15:16 tb Exp $ */
+/* $OpenBSD: pkcs12.h,v 1.4 2024/07/09 06:13:22 beck Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -67,5 +67,9 @@ LCRYPTO_USED(d2i_PKCS12_bio);
 LCRYPTO_USED(d2i_PKCS12_fp);
 LCRYPTO_USED(PKCS12_newpass);
 LCRYPTO_USED(ERR_load_PKCS12_strings);
+#if defined(LIBRESSL_NAMESPACE)
+extern LCRYPTO_USED(PKCS12_it);
+extern LCRYPTO_USED(PKCS12_SAFEBAG_it);
+#endif
 
 #endif /* _LIBCRYPTO_PKCS12_H */

lib/libcrypto/hmac/hmac.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.h,v 1.18 2024/06/01 07:36:16 tb Exp $ */
+/* $OpenBSD: hmac.h,v 1.19 2024/07/09 07:57:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -60,6 +60,10 @@
 
 #include <openssl/opensslconf.h>
 
+#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__)
+#define __bounded__(x, y, z)
+#endif
+
 #ifdef OPENSSL_NO_HMAC
 #error HMAC is disabled.
 #endif
@@ -78,14 +82,18 @@ HMAC_CTX *HMAC_CTX_new(void);
 void HMAC_CTX_free(HMAC_CTX *ctx);
 int HMAC_CTX_reset(HMAC_CTX *ctx);
 
-int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
-    const EVP_MD *md); /* deprecated */
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
+    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md,
-    ENGINE *impl);
-int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
+    ENGINE *impl)
+    __attribute__ ((__bounded__(__buffer__, 2, 3)));
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
     const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len)
+    __attribute__ ((__bounded__(__buffer__, 2, 3)))
+    __attribute__ ((__bounded__(__buffer__, 4, 5)))
     __attribute__((__nonnull__ (6)));
 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 

lib/libcrypto/kdf/kdf.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kdf.h,v 1.8 2022/07/12 14:42:49 kn Exp $ */
+/*	$OpenBSD: kdf.h,v 1.9 2024/07/09 16:20:17 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -59,6 +59,10 @@
 extern "C" {
 #endif
 
+# define EVP_PKEY_CTRL_TLS_MD                   (EVP_PKEY_ALG_CTRL + 0)
+# define EVP_PKEY_CTRL_TLS_SECRET               (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_TLS_SEED                 (EVP_PKEY_ALG_CTRL + 2)
+
 # define EVP_PKEY_CTRL_HKDF_MD                  (EVP_PKEY_ALG_CTRL + 3)
 # define EVP_PKEY_CTRL_HKDF_SALT                (EVP_PKEY_ALG_CTRL + 4)
 # define EVP_PKEY_CTRL_HKDF_KEY                 (EVP_PKEY_ALG_CTRL + 5)
@@ -69,6 +73,20 @@ extern "C" {
 # define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY       1
 # define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY        2
 
+
+# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec))
+
+# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed))
+
+
 # define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \
             EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
                               EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md))
@@ -97,13 +115,21 @@ int ERR_load_KDF_strings(void);
 # define KDF_F_PKEY_HKDF_CTRL_STR                         103
 # define KDF_F_PKEY_HKDF_DERIVE                           102
 # define KDF_F_PKEY_HKDF_INIT                             108
+# define KDF_F_PKEY_TLS1_PRF_CTRL_STR                     100
+# define KDF_F_PKEY_TLS1_PRF_DERIVE                       101
+# define KDF_F_PKEY_TLS1_PRF_INIT                         110
+# define KDF_F_TLS1_PRF_ALG                               111
 
 /*
  * KDF reason codes.
  */
+# define KDF_R_INVALID_DIGEST                             100
 # define KDF_R_MISSING_KEY                                104
 # define KDF_R_MISSING_MESSAGE_DIGEST                     105
+# define KDF_R_MISSING_SECRET                             107
+# define KDF_R_MISSING_SEED                               106
 # define KDF_R_UNKNOWN_PARAMETER_TYPE                     103
+# define KDF_R_VALUE_MISSING                              102
 
 # ifdef  __cplusplus
 }

lib/libcrypto/kdf/kdf_err.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kdf_err.c,v 1.10 2024/06/24 06:43:22 tb Exp $ */
+/*	$OpenBSD: kdf_err.c,v 1.11 2024/07/09 16:20:17 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
  *
@@ -64,15 +64,23 @@ static const ERR_STRING_DATA KDF_str_functs[] = {
 	{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"},
 	{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},
 	{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"},
+	{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0), "pkey_tls1_prf_ctrl_str"},
+	{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), "pkey_tls1_prf_derive"},
+	{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"},
+	{ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "pkey_tls1_prf_alg"},
 	{0, NULL},
 };
 
 static const ERR_STRING_DATA KDF_str_reasons[] = {
+	{ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"},
 	{ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"},
 	{ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST),
 	 "missing message digest"},
+	{ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"},
+	{ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},
 	{ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),
 	 "unknown parameter type"},
+	{ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},
 	{0, NULL},
 };
 

lib/libcrypto/kdf/tls1_prf.c

@@ -0,0 +1,348 @@
+/*	$OpenBSD: tls1_prf.c,v 1.39 2024/07/09 17:58:36 tb Exp $ */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2016.
+ */
+/* ====================================================================
+ * Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+#include "evp_local.h"
+
+#define TLS1_PRF_MAXBUF 1024
+
+struct tls1_prf_ctx {
+	const EVP_MD *md;
+	unsigned char *secret;
+	size_t secret_len;
+	unsigned char seed[TLS1_PRF_MAXBUF];
+	size_t seed_len;
+};
+
+static int
+pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
+{
+	struct tls1_prf_ctx *kctx;
+
+	if ((kctx = calloc(1, sizeof(*kctx))) == NULL) {
+		KDFerror(ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	ctx->data = kctx;
+
+	return 1;
+}
+
+static void
+pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
+{
+	struct tls1_prf_ctx *kctx = ctx->data;
+
+	freezero(kctx->secret, kctx->secret_len);
+	freezero(kctx, sizeof(*kctx));
+}
+
+static int
+pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+	struct tls1_prf_ctx *kctx = ctx->data;
+
+	switch (type) {
+	case EVP_PKEY_CTRL_TLS_MD:
+		kctx->md = p2;
+		return 1;
+
+	case EVP_PKEY_CTRL_TLS_SECRET:
+		if (p1 < 0)
+			return 0;
+
+		freezero(kctx->secret, kctx->secret_len);
+		kctx->secret = NULL;
+		kctx->secret_len = 0;
+
+		explicit_bzero(kctx->seed, kctx->seed_len);
+		kctx->seed_len = 0;
+
+		if (p1 == 0 || p2 == NULL)
+			return 0;
+
+		if ((kctx->secret = calloc(1, p1)) == NULL)
+			return 0;
+		memcpy(kctx->secret, p2, p1);
+		kctx->secret_len = p1;
+
+		return 1;
+
+	case EVP_PKEY_CTRL_TLS_SEED:
+		if (p1 == 0 || p2 == NULL)
+			return 1;
+		if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seed_len))
+			return 0;
+		memcpy(kctx->seed + kctx->seed_len, p2, p1);
+		kctx->seed_len += p1;
+		return 1;
+
+	default:
+		return -2;
+	}
+}
+
+static int
+pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
+    const char *type, const char *value)
+{
+	if (value == NULL) {
+		KDFerror(KDF_R_VALUE_MISSING);
+		return 0;
+	}
+	if (strcmp(type, "md") == 0) {
+		struct tls1_prf_ctx *kctx = ctx->data;
+
+		const EVP_MD *md = EVP_get_digestbyname(value);
+		if (md == NULL) {
+			KDFerror(KDF_R_INVALID_DIGEST);
+			return 0;
+		}
+		kctx->md = md;
+		return 1;
+	}
+	if (strcmp(type, "secret") == 0)
+		return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+	if (strcmp(type, "hexsecret") == 0)
+		return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+	if (strcmp(type, "seed") == 0)
+		return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+	if (strcmp(type, "hexseed") == 0)
+		return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+
+	KDFerror(KDF_R_UNKNOWN_PARAMETER_TYPE);
+	return -2;
+}
+
+static int
+tls1_prf_P_hash(const EVP_MD *md,
+    const unsigned char *secret, size_t secret_len,
+    const unsigned char *seed, size_t seed_len,
+    unsigned char *out, size_t out_len)
+{
+	int chunk;
+	EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
+	EVP_PKEY *mac_key = NULL;
+	unsigned char A1[EVP_MAX_MD_SIZE];
+	size_t A1_len;
+	int ret = 0;
+
+	if ((chunk = EVP_MD_size(md)) < 0)
+		goto err;
+
+	if ((ctx = EVP_MD_CTX_new()) == NULL)
+		goto err;
+	if ((ctx_tmp = EVP_MD_CTX_new()) == NULL)
+		goto err;
+	if ((ctx_init = EVP_MD_CTX_new()) == NULL)
+		goto err;
+
+	EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+
+	if ((mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+	    secret, secret_len)) == NULL)
+		goto err;
+
+	if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
+		goto err;
+	if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+		goto err;
+	if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+		goto err;
+	if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+		goto err;
+
+	for (;;) {
+		/* Reinit mac contexts */
+		if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+			goto err;
+		if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
+			goto err;
+		if (out_len > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
+			goto err;
+		if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+			goto err;
+
+		if (out_len > (size_t)chunk) {
+			size_t mac_len;
+			if (!EVP_DigestSignFinal(ctx, out, &mac_len))
+				goto err;
+			out += mac_len;
+			out_len -= mac_len;
+			if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
+				goto err;
+		} else {
+			if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+				goto err;
+			memcpy(out, A1, out_len);
+			break;
+		}
+	}
+
+	ret = 1;
+
+ err:
+	EVP_PKEY_free(mac_key);
+	EVP_MD_CTX_free(ctx);
+	EVP_MD_CTX_free(ctx_tmp);
+	EVP_MD_CTX_free(ctx_init);
+	explicit_bzero(A1, sizeof(A1));
+
+	return ret;
+}
+
+static int
+tls1_prf_alg(const EVP_MD *md, const unsigned char *secret, size_t secret_len,
+    const unsigned char *seed, size_t seed_len, unsigned char *out, size_t out_len)
+{
+	unsigned char *tmp = NULL;
+	size_t half_len;
+	size_t i;
+	int ret = 0;
+
+	if (EVP_MD_type(md) != NID_md5_sha1)
+		return tls1_prf_P_hash(md, secret, secret_len, seed, seed_len,
+		    out, out_len);
+
+	half_len = secret_len - secret_len / 2;
+	if (!tls1_prf_P_hash(EVP_md5(), secret, half_len, seed, seed_len,
+	    out, out_len))
+		goto err;
+
+	if ((tmp = calloc(1, out_len)) == NULL) {
+		KDFerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	secret += secret_len - half_len;
+	if (!tls1_prf_P_hash(EVP_sha1(), secret, half_len, seed, seed_len,
+	    tmp, out_len))
+		goto err;
+	for (i = 0; i < out_len; i++)
+		out[i] ^= tmp[i];
+
+	ret = 1;
+
+ err:
+	freezero(tmp, out_len);
+
+	return ret;
+}
+
+static int
+pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len)
+{
+	struct tls1_prf_ctx *kctx = ctx->data;
+
+	if (kctx->md == NULL) {
+		KDFerror(KDF_R_MISSING_MESSAGE_DIGEST);
+		return 0;
+	}
+	if (kctx->secret == NULL) {
+		KDFerror(KDF_R_MISSING_SECRET);
+		return 0;
+	}
+	if (kctx->seed_len == 0) {
+		KDFerror(KDF_R_MISSING_SEED);
+		return 0;
+	}
+
+	return tls1_prf_alg(kctx->md, kctx->secret, kctx->secret_len,
+	    kctx->seed, kctx->seed_len, key, *key_len);
+}
+
+const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
+	.pkey_id = EVP_PKEY_TLS1_PRF,
+	.flags = 0,
+
+	.init = pkey_tls1_prf_init,
+	.copy = NULL,
+	.cleanup = pkey_tls1_prf_cleanup,
+
+	.paramgen = NULL,
+
+	.keygen = NULL,
+
+	.sign_init = NULL,
+	.sign = NULL,
+
+	.verify_init = NULL,
+	.verify = NULL,
+
+	.verify_recover = NULL,
+
+	.signctx_init = NULL,
+	.signctx = NULL,
+
+	.encrypt = NULL,
+
+	.decrypt = NULL,
+
+	.derive_init = NULL,
+	.derive = pkey_tls1_prf_derive,
+
+	.ctrl = pkey_tls1_prf_ctrl,
+	.ctrl_str = pkey_tls1_prf_ctrl_str,
+};

lib/libcrypto/objects/obj_mac.num

@@ -1052,3 +1052,4 @@ RSA_SHA3_384	1051
 RSA_SHA3_512	1052
 acmeIdentifier	1053
 id_ct_rpkiSignedPrefixList	1054
+tls1_prf	1055

lib/libcrypto/objects/objects.txt

@@ -1404,6 +1404,8 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
 1 3 6 1 4 1 11129 2 4 4	: ct_precert_signer		: CT Precertificate Signer
 1 3 6 1 4 1 11129 2 4 5	: ct_cert_scts			: CT Certificate SCTs
 
+# NID for TLS1 PRF
+                            : TLS1-PRF          : tls1-prf
 # NID for HKDF
                             : HKDF              : hkdf
 

lib/libcrypto/pkcs12/p12_asn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_asn.c,v 1.15 2024/03/02 10:15:16 tb Exp $ */
+/* $OpenBSD: p12_asn.c,v 1.16 2024/07/09 06:13:22 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -98,6 +98,7 @@ const ASN1_ITEM PKCS12_it = {
 	.size = sizeof(PKCS12),
 	.sname = "PKCS12",
 };
+LCRYPTO_ALIAS(PKCS12_it);
 
 
 PKCS12 *
@@ -413,6 +414,7 @@ const ASN1_ITEM PKCS12_SAFEBAG_it = {
 	.size = sizeof(PKCS12_SAFEBAG),
 	.sname = "PKCS12_SAFEBAG",
 };
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_it);
 
 
 PKCS12_SAFEBAG *