diff --git a/distrib/sets/lists/base/mi b/distrib/sets/lists/base/mi index bb8896454..9f05dc96c 100644 --- a/distrib/sets/lists/base/mi +++ b/distrib/sets/lists/base/mi @@ -729,7 +729,7 @@ ./usr/lib/libagentx.so.1.1 ./usr/lib/libc.so.100.3 ./usr/lib/libcbor.so.2.0 -./usr/lib/libcrypto.so.54.0 +./usr/lib/libcrypto.so.55.0 ./usr/lib/libcurses.so.15.0 ./usr/lib/libedit.so.6.0 ./usr/lib/libelf.so.3.0 @@ -758,10 +758,10 @@ ./usr/lib/librpcsvc.so.3.0 ./usr/lib/libskey.so.6.0 ./usr/lib/libsndio.so.7.3 -./usr/lib/libssl.so.57.1 +./usr/lib/libssl.so.58.0 ./usr/lib/libtermcap.so.15.0 ./usr/lib/libtermlib.so.15.0 -./usr/lib/libtls.so.30.1 +./usr/lib/libtls.so.31.0 ./usr/lib/libusbhid.so.7.1 ./usr/lib/libutil.so.18.0 ./usr/lib/libz.so.7.1 @@ -2978,7 +2978,7 @@ ./usr/share/relink/usr/bin/ssh-agent/ssh-agent.tar ./usr/share/relink/usr/lib ./usr/share/relink/usr/lib/libc.so.100.3.a -./usr/share/relink/usr/lib/libcrypto.so.54.0.a +./usr/share/relink/usr/lib/libcrypto.so.55.0.a ./usr/share/relink/usr/libexec ./usr/share/relink/usr/libexec/ld.so.a ./usr/share/relink/usr/libexec/sshd-session diff --git a/distrib/sets/lists/comp/mi b/distrib/sets/lists/comp/mi index b828952e2..21760bc17 100644 --- a/distrib/sets/lists/comp/mi +++ b/distrib/sets/lists/comp/mi @@ -1117,7 +1117,6 @@ ./usr/include/openssl/cms.h ./usr/include/openssl/comp.h ./usr/include/openssl/conf.h -./usr/include/openssl/conf_api.h ./usr/include/openssl/crypto.h ./usr/include/openssl/ct.h ./usr/include/openssl/curve25519.h @@ -1168,7 +1167,6 @@ ./usr/include/openssl/ts.h ./usr/include/openssl/txt_db.h ./usr/include/openssl/ui.h -./usr/include/openssl/whrlpool.h ./usr/include/openssl/x509.h ./usr/include/openssl/x509_vfy.h ./usr/include/openssl/x509v3.h diff --git a/distrib/sets/lists/man/mi b/distrib/sets/lists/man/mi index 4405187cd..a039d1d4c 100644 --- a/distrib/sets/lists/man/mi +++ b/distrib/sets/lists/man/mi @@ -1919,6 +1919,7 @@ ./usr/share/man/man4/rl.4 ./usr/share/man/man4/rlphy.4 ./usr/share/man/man4/route.4 +./usr/share/man/man4/rport.4 ./usr/share/man/man4/rsu.4 ./usr/share/man/man4/rtsx.4 ./usr/share/man/man4/rtw.4 diff --git a/etc/skel/dot.version b/etc/skel/dot.version index d9cd194dc..3b4598f6b 100644 --- a/etc/skel/dot.version +++ b/etc/skel/dot.version @@ -1 +1 @@ -# SecBSD 1.6-1361d16: Wed Aug 21 00:00:00 UTC 2024 (Yatagarasu) +# SecBSD 1.6-dcc2b9c: Sun Sep 1 00:00:00 UTC 2024 (Yatagarasu) diff --git a/games/fortune/strfile/strfile.8 b/games/fortune/strfile/strfile.8 index 990bb7650..b87e79551 100644 --- a/games/fortune/strfile/strfile.8 +++ b/games/fortune/strfile/strfile.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: strfile.8,v 1.17 2022/08/04 06:20:24 jsg Exp $ +.\" $OpenBSD: strfile.8,v 1.18 2024/08/31 13:41:13 jmc Exp $ .\" $NetBSD: strfile.8,v 1.3 1995/03/23 08:28:45 cgd Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 @@ -34,7 +34,7 @@ .\" .\" @(#)strfile.8 8.1 (Berkeley) 6/9/93 .\" -.Dd $Mdocdate: August 4 2022 $ +.Dd $Mdocdate: August 31 2024 $ .Dt STRFILE 8 .Os .Sh NAME @@ -100,17 +100,17 @@ field to be set. .Pp The format of the header is: .Bd -literal -offset indent -#define VERSION 2 -u_int32_t str_version; /* version number */ -u_int32_t str_numstr; /* # of strings in the file */ -u_int32_t str_longlen; /* length of longest string */ -u_int32_t str_shortlen; /* length of shortest string */ -#define STR_RANDOM 0x1 /* randomized pointers */ -#define STR_ORDERED 0x2 /* ordered pointers */ -#define STR_ROTATED 0x4 /* rot-13'd text */ -u_int32_t str_flags; /* bit field for flags */ -u_int8_t str_delim; /* delimiting character */ -u_int8_t str_pad[3]; /* padding */ +#define VERSION 2 + u_int32_t str_version; /* version number */ + u_int32_t str_numstr; /* # of strings in the file */ + u_int32_t str_longlen; /* length of longest string */ + u_int32_t str_shortlen; /* length of shortest string */ +#define STR_RANDOM 0x1 /* randomized pointers */ +#define STR_ORDERED 0x2 /* ordered pointers */ +#define STR_ROTATED 0x4 /* rot-13'd text */ + u_int32_t str_flags; /* bit field for flags */ + u_int8_t stuff[4]; /* long aligned space */ +#define str_delim stuff[0] /* delimiting character */ .Ed .Pp All fields are written in network byte order. diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index b4407d566..dfbb38b84 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.203 2024/08/28 07:15:04 tb Exp $ +# $OpenBSD: Makefile,v 1.211 2024/08/31 15:56:09 jsing Exp $ LIB= crypto LIBREBUILD=y @@ -31,6 +31,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/bio CFLAGS+= -I${LCRYPTO_SRC}/bn CFLAGS+= -I${LCRYPTO_SRC}/bn/arch/${MACHINE_CPU} CFLAGS+= -I${LCRYPTO_SRC}/bytestring +CFLAGS+= -I${LCRYPTO_SRC}/conf CFLAGS+= -I${LCRYPTO_SRC}/curve25519 CFLAGS+= -I${LCRYPTO_SRC}/dh CFLAGS+= -I${LCRYPTO_SRC}/dsa @@ -54,10 +55,6 @@ CFLAGS+= -I${LCRYPTO_SRC}/x509 VERSION_SCRIPT= Symbols.map SYMBOL_LIST= ${.CURDIR}/Symbols.list -.if (${MACHINE_CPU} == "amd64") || (${MACHINE_CPU} == "i386") -SYMBOL_LIST+= ${.CURDIR}/arch/${MACHINE_CPU}/Symbols.list -.endif - # crypto/ SRCS+= cpt_err.c SRCS+= cryptlib.c @@ -254,26 +251,11 @@ SRCS+= curve25519-generic.c SRCS+= curve25519.c # des/ -SRCS+= cbc_cksm.c -SRCS+= cbc_enc.c -SRCS+= cfb64ede.c -SRCS+= cfb64enc.c -SRCS+= cfb_enc.c +SRCS+= des.c +SRCS+= des_cksum.c SRCS+= des_enc.c -SRCS+= ecb3_enc.c -SRCS+= ecb_enc.c -SRCS+= ede_cbcm_enc.c -SRCS+= enc_read.c -SRCS+= fcrypt.c -SRCS+= fcrypt_b.c -SRCS+= ofb64ede.c -SRCS+= ofb64enc.c -SRCS+= ofb_enc.c -SRCS+= pcbc_enc.c -SRCS+= qud_cksm.c -SRCS+= set_key.c -SRCS+= str2key.c -SRCS+= xcbc_enc.c +SRCS+= des_fcrypt.c +SRCS+= des_key.c # dh/ SRCS+= dh_ameth.c @@ -367,7 +349,6 @@ SRCS+= m_sha1.c SRCS+= m_sha3.c SRCS+= m_sigver.c SRCS+= m_sm3.c -SRCS+= m_wp.c SRCS+= p_legacy.c SRCS+= p_lib.c SRCS+= p_sign.c @@ -543,10 +524,6 @@ SRCS+= ui_err.c SRCS+= ui_lib.c SRCS+= ui_null.c SRCS+= ui_openssl.c -SRCS+= ui_util.c - -# whrlpool/ -SRCS+= whirlpool.c # x509/ SRCS+= by_dir.c @@ -662,7 +639,6 @@ SRCS+= x_all.c ${LCRYPTO_SRC}/ts \ ${LCRYPTO_SRC}/txt_db \ ${LCRYPTO_SRC}/ui \ - ${LCRYPTO_SRC}/whrlpool \ ${LCRYPTO_SRC}/x509 HDRS=\ @@ -681,7 +657,6 @@ HDRS=\ ${LCRYPTO_SRC}/cms/cms.h \ ${LCRYPTO_SRC}/comp/comp.h \ ${LCRYPTO_SRC}/conf/conf.h \ - ${LCRYPTO_SRC}/conf/conf_api.h \ ${LCRYPTO_SRC}/crypto.h \ ${LCRYPTO_SRC}/ct/ct.h \ ${LCRYPTO_SRC}/curve25519/curve25519.h \ @@ -724,7 +699,6 @@ HDRS=\ ${LCRYPTO_SRC}/ts/ts.h \ ${LCRYPTO_SRC}/txt_db/txt_db.h \ ${LCRYPTO_SRC}/ui/ui.h \ - ${LCRYPTO_SRC}/whrlpool/whrlpool.h \ ${LCRYPTO_SRC}/x509/x509.h \ ${LCRYPTO_SRC}/x509/x509_vfy.h \ ${LCRYPTO_SRC}/x509/x509v3.h diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index dfe7ce492..8459316be 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -589,34 +589,12 @@ CMS_unsigned_get_attr_by_OBJ CMS_unsigned_get_attr_count CMS_verify CMS_verify_receipt -CONF_dump_bio -CONF_dump_fp -CONF_free CONF_get1_default_config_file -CONF_get_number -CONF_get_section -CONF_get_string -CONF_imodule_get_flags -CONF_imodule_get_module -CONF_imodule_get_name -CONF_imodule_get_usr_data -CONF_imodule_get_value -CONF_imodule_set_flags -CONF_imodule_set_usr_data -CONF_load -CONF_load_bio -CONF_load_fp -CONF_module_add -CONF_module_get_usr_data -CONF_module_set_usr_data CONF_modules_finish CONF_modules_free CONF_modules_load CONF_modules_load_file CONF_modules_unload -CONF_parse_list -CONF_set_default_method -CONF_set_nconf CRL_DIST_POINTS_free CRL_DIST_POINTS_it CRL_DIST_POINTS_new @@ -742,8 +720,6 @@ DES_ede3_cbcm_encrypt DES_ede3_cfb64_encrypt DES_ede3_cfb_encrypt DES_ede3_ofb64_encrypt -DES_enc_read -DES_enc_write DES_encrypt1 DES_encrypt2 DES_encrypt3 @@ -756,7 +732,6 @@ DES_ofb_encrypt DES_pcbc_encrypt DES_quad_cksum DES_random_key -DES_rw_mode DES_set_key DES_set_key_checked DES_set_key_unchecked @@ -1028,8 +1003,6 @@ ENGINE_new ENGINE_register_all_complete ENGINE_set_default ENGINE_set_default_RSA -ERR_add_error_data -ERR_add_error_vdata ERR_asprintf_error_data ERR_clear_error ERR_error_string @@ -1233,10 +1206,6 @@ EVP_PKEY_CTX_set0_keygen_info EVP_PKEY_CTX_set_app_data EVP_PKEY_CTX_set_cb EVP_PKEY_CTX_set_data -EVP_PKEY_add1_attr -EVP_PKEY_add1_attr_by_NID -EVP_PKEY_add1_attr_by_OBJ -EVP_PKEY_add1_attr_by_txt EVP_PKEY_asn1_find EVP_PKEY_asn1_find_str EVP_PKEY_asn1_get0 @@ -1245,14 +1214,12 @@ EVP_PKEY_asn1_get_count EVP_PKEY_assign EVP_PKEY_base_id EVP_PKEY_bits -EVP_PKEY_check EVP_PKEY_cmp EVP_PKEY_cmp_parameters EVP_PKEY_copy_parameters EVP_PKEY_decrypt EVP_PKEY_decrypt_init EVP_PKEY_decrypt_old -EVP_PKEY_delete_attr EVP_PKEY_derive EVP_PKEY_derive_init EVP_PKEY_derive_set_peer @@ -1271,10 +1238,6 @@ EVP_PKEY_get1_DH EVP_PKEY_get1_DSA EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_RSA -EVP_PKEY_get_attr -EVP_PKEY_get_attr_by_NID -EVP_PKEY_get_attr_by_OBJ -EVP_PKEY_get_attr_count EVP_PKEY_get_default_digest_nid EVP_PKEY_get_raw_private_key EVP_PKEY_get_raw_public_key @@ -1287,13 +1250,11 @@ EVP_PKEY_new_CMAC_key EVP_PKEY_new_mac_key EVP_PKEY_new_raw_private_key EVP_PKEY_new_raw_public_key -EVP_PKEY_param_check EVP_PKEY_paramgen EVP_PKEY_paramgen_init EVP_PKEY_print_params EVP_PKEY_print_private EVP_PKEY_print_public -EVP_PKEY_public_check EVP_PKEY_save_parameters EVP_PKEY_security_bits EVP_PKEY_set1_DH @@ -1440,7 +1401,6 @@ EVP_sm4_cfb128 EVP_sm4_ctr EVP_sm4_ecb EVP_sm4_ofb -EVP_whirlpool EXTENDED_KEY_USAGE_free EXTENDED_KEY_USAGE_it EXTENDED_KEY_USAGE_new @@ -1473,7 +1433,6 @@ HMAC_CTX_new HMAC_CTX_reset HMAC_CTX_set_flags HMAC_Final -HMAC_Init HMAC_Init_ex HMAC_Update IPAddressChoice_free @@ -1506,18 +1465,12 @@ NAME_CONSTRAINTS_check NAME_CONSTRAINTS_free NAME_CONSTRAINTS_it NAME_CONSTRAINTS_new -NCONF_WIN32 -NCONF_default -NCONF_dump_bio -NCONF_dump_fp NCONF_free -NCONF_free_data NCONF_get_number_e NCONF_get_section NCONF_get_string NCONF_load NCONF_load_bio -NCONF_load_fp NCONF_new NETSCAPE_SPKAC_free NETSCAPE_SPKAC_it @@ -1700,11 +1653,9 @@ OPENSSL_cleanse OPENSSL_cleanup OPENSSL_config OPENSSL_cpu_caps -OPENSSL_cpuid_setup OPENSSL_gmtime OPENSSL_init OPENSSL_init_crypto -OPENSSL_load_builtin_modules OPENSSL_no_config OPENSSL_posix_to_tm OPENSSL_timegm @@ -2322,8 +2273,6 @@ TXT_DB_insert TXT_DB_read TXT_DB_write UI_OpenSSL -UI_UTIL_read_pw -UI_UTIL_read_pw_string UI_add_error_string UI_add_info_string UI_add_input_boolean @@ -2377,18 +2326,10 @@ UI_set_result USERNOTICE_free USERNOTICE_it USERNOTICE_new -WHIRLPOOL -WHIRLPOOL_BitUpdate -WHIRLPOOL_Final -WHIRLPOOL_Init -WHIRLPOOL_Update X25519 X25519_keypair -X509V3_EXT_CRL_add_conf X509V3_EXT_CRL_add_nconf -X509V3_EXT_REQ_add_conf X509V3_EXT_REQ_add_nconf -X509V3_EXT_add_conf X509V3_EXT_add_nconf X509V3_EXT_add_nconf_sk X509V3_EXT_conf @@ -2405,24 +2346,12 @@ X509V3_EXT_val_prn X509V3_NAME_from_section X509V3_add1_i2d X509V3_add_standard_extensions -X509V3_add_value -X509V3_add_value_bool -X509V3_add_value_bool_nf -X509V3_add_value_int -X509V3_add_value_uchar X509V3_conf_free X509V3_extensions_print X509V3_get_d2i -X509V3_get_section -X509V3_get_string -X509V3_get_value_bool -X509V3_get_value_int X509V3_parse_list -X509V3_section_free -X509V3_set_conf_lhash X509V3_set_ctx X509V3_set_nconf -X509V3_string_free X509_ALGORS_it X509_ALGOR_cmp X509_ALGOR_dup @@ -2598,7 +2527,6 @@ X509_REQ_get_attr X509_REQ_get_attr_by_NID X509_REQ_get_attr_by_OBJ X509_REQ_get_attr_count -X509_REQ_get_extension_nids X509_REQ_get_extensions X509_REQ_get_pubkey X509_REQ_get_signature_nid @@ -2609,7 +2537,6 @@ X509_REQ_new X509_REQ_print X509_REQ_print_ex X509_REQ_print_fp -X509_REQ_set_extension_nids X509_REQ_set_pubkey X509_REQ_set_subject_name X509_REQ_set_version @@ -2763,7 +2690,6 @@ X509_check_ip_asc X509_check_issued X509_check_private_key X509_check_purpose -X509_check_trust X509_cmp X509_cmp_current_time X509_cmp_time @@ -2807,6 +2733,7 @@ X509_get_key_usage X509_get_pubkey X509_get_pubkey_parameters X509_get_serialNumber +X509_get_signature_info X509_get_signature_nid X509_get_signature_type X509_get_subject_name @@ -2859,16 +2786,6 @@ X509_up_ref X509_verify X509_verify_cert X509_verify_cert_error_string -X509at_add1_attr -X509at_add1_attr_by_NID -X509at_add1_attr_by_OBJ -X509at_add1_attr_by_txt -X509at_delete_attr -X509at_get0_data_by_OBJ -X509at_get_attr -X509at_get_attr_by_NID -X509at_get_attr_by_OBJ -X509at_get_attr_count X509v3_add_ext X509v3_addr_add_inherit X509v3_addr_add_prefix @@ -2896,13 +2813,6 @@ X509v3_get_ext_by_OBJ X509v3_get_ext_by_critical X509v3_get_ext_count ZLONG_it -_CONF_add_string -_CONF_free_data -_CONF_get_section -_CONF_get_section_values -_CONF_get_string -_CONF_new_data -_CONF_new_section a2d_ASN1_OBJECT a2i_ASN1_ENUMERATED a2i_ASN1_INTEGER diff --git a/lib/libcrypto/arch/amd64/Symbols.list b/lib/libcrypto/arch/amd64/Symbols.list deleted file mode 100644 index 4a0badae4..000000000 --- a/lib/libcrypto/arch/amd64/Symbols.list +++ /dev/null @@ -1 +0,0 @@ -OPENSSL_ia32cap_P diff --git a/lib/libcrypto/arch/i386/Symbols.list b/lib/libcrypto/arch/i386/Symbols.list deleted file mode 100644 index 4a0badae4..000000000 --- a/lib/libcrypto/arch/i386/Symbols.list +++ /dev/null @@ -1 +0,0 @@ -OPENSSL_ia32cap_P diff --git a/lib/libcrypto/asn1/asn1_gen.c b/lib/libcrypto/asn1/asn1_gen.c index c7eafd726..0b4cfe00a 100644 --- a/lib/libcrypto/asn1/asn1_gen.c +++ b/lib/libcrypto/asn1/asn1_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_gen.c,v 1.22 2024/05/17 02:57:26 tb Exp $ */ +/* $OpenBSD: asn1_gen.c,v 1.24 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2002. */ @@ -63,6 +63,8 @@ #include #include "asn1_local.h" +#include "conf_local.h" +#include "x509_local.h" #define ASN1_GEN_FLAG 0x10000 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) diff --git a/lib/libcrypto/asn1/asn_moid.c b/lib/libcrypto/asn1/asn_moid.c index 687498046..e3c7d0944 100644 --- a/lib/libcrypto/asn1/asn_moid.c +++ b/lib/libcrypto/asn1/asn_moid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn_moid.c,v 1.17 2024/03/02 09:02:04 tb Exp $ */ +/* $OpenBSD: asn_moid.c,v 1.18 2024/08/31 09:26:18 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -66,6 +66,7 @@ #include #include "asn1_local.h" +#include "conf_local.h" /* Simple ASN1 OID module: add all objects in a given section */ diff --git a/lib/libcrypto/asn1/x_val.c b/lib/libcrypto/asn1/x_val.c index 486304e42..08501f17e 100644 --- a/lib/libcrypto/asn1/x_val.c +++ b/lib/libcrypto/asn1/x_val.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_val.c,v 1.15 2024/07/08 14:48:49 beck Exp $ */ +/* $OpenBSD: x_val.c,v 1.16 2024/08/31 10:14:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,8 @@ #include #include +#include "x509_local.h" + static const ASN1_TEMPLATE X509_VAL_seq_tt[] = { { .offset = offsetof(X509_VAL, notBefore), diff --git a/lib/libcrypto/conf/conf.h b/lib/libcrypto/conf/conf.h index 5d10163bf..e8873f6f7 100644 --- a/lib/libcrypto/conf/conf.h +++ b/lib/libcrypto/conf/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.16 2022/07/12 14:42:48 kn Exp $ */ +/* $OpenBSD: conf.h,v 1.27 2024/08/31 09:54:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -85,19 +85,6 @@ struct conf_st; struct conf_method_st; typedef struct conf_method_st CONF_METHOD; -struct conf_method_st { - const char *name; - CONF *(*create)(CONF_METHOD *meth); - int (*init)(CONF *conf); - int (*destroy)(CONF *conf); - int (*destroy_data)(CONF *conf); - int (*load_bio)(CONF *conf, BIO *bp, long *eline); - int (*dump)(const CONF *conf, BIO *bp); - int (*is_number)(const CONF *conf, char c); - int (*to_int)(const CONF *conf, char c); - int (*load)(CONF *conf, const char *name, long *eline); -}; - /* Module definitions */ typedef struct conf_imodule_st CONF_IMODULE; @@ -117,23 +104,6 @@ typedef void conf_finish_func(CONF_IMODULE *md); #define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 #define CONF_MFLAGS_DEFAULT_SECTION 0x20 -int CONF_set_default_method(CONF_METHOD *meth); -void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); -LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, - long *eline); -LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, - long *eline); -LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, long *eline); -STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, - const char *section); -char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name); -long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name); -void CONF_free(LHASH_OF(CONF_VALUE) *conf); -int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); -int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); - void OPENSSL_config(const char *config_name); void OPENSSL_no_config(void); @@ -141,26 +111,19 @@ void OPENSSL_no_config(void); If that wasn't the case, the above functions would have been replaced */ struct conf_st { - CONF_METHOD *meth; - void *meth_data; + const CONF_METHOD *meth; LHASH_OF(CONF_VALUE) *data; }; -CONF *NCONF_new(CONF_METHOD *meth); -CONF_METHOD *NCONF_default(void); -CONF_METHOD *NCONF_WIN32(void); +CONF *NCONF_new(const CONF_METHOD *meth); void NCONF_free(CONF *conf); -void NCONF_free_data(CONF *conf); int NCONF_load(CONF *conf, const char *file, long *eline); -int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section); char *NCONF_get_string(const CONF *conf, const char *group, const char *name); int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, long *result); -int NCONF_dump_fp(const CONF *conf, FILE *out); -int NCONF_dump_bio(const CONF *conf, BIO *out); #define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) @@ -173,26 +136,9 @@ int CONF_modules_load_file(const char *filename, const char *appname, void CONF_modules_unload(int all); void CONF_modules_finish(void); void CONF_modules_free(void); -int CONF_module_add(const char *name, conf_init_func *ifunc, - conf_finish_func *ffunc); - -const char *CONF_imodule_get_name(const CONF_IMODULE *md); -const char *CONF_imodule_get_value(const CONF_IMODULE *md); -void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); -void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); -CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); -unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); -void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); -void *CONF_module_get_usr_data(CONF_MODULE *pmod); -void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); char *CONF_get1_default_config_file(void); -int CONF_parse_list(const char *list, int sep, int nospc, - int (*list_cb)(const char *elem, int len, void *usr), void *arg); - -void OPENSSL_load_builtin_modules(void); - void ERR_load_CONF_strings(void); /* Error codes for the CONF functions. */ diff --git a/lib/libcrypto/conf/conf_api.c b/lib/libcrypto/conf/conf_api.c index a94e8c8be..d00c69814 100644 --- a/lib/libcrypto/conf/conf_api.c +++ b/lib/libcrypto/conf/conf_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_api.c,v 1.19 2024/07/14 14:32:45 jsing Exp $ */ +/* $OpenBSD: conf_api.c,v 1.21 2024/08/31 09:29:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,7 +67,8 @@ #include #include #include -#include + +#include "conf_local.h" static void value_free_hash_doall_arg(CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf); @@ -89,7 +90,6 @@ _CONF_get_section(const CONF *conf, const char *section) v = lh_CONF_VALUE_retrieve(conf->data, &vv); return (v); } -LCRYPTO_ALIAS(_CONF_get_section); /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ STACK_OF(CONF_VALUE) * @@ -103,7 +103,6 @@ _CONF_get_section_values(const CONF *conf, const char *section) else return (NULL); } -LCRYPTO_ALIAS(_CONF_get_section_values); int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) @@ -127,7 +126,6 @@ _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) } return 1; } -LCRYPTO_ALIAS(_CONF_add_string); char * _CONF_get_string(const CONF *conf, const char *section, const char *name) @@ -154,7 +152,6 @@ _CONF_get_string(const CONF *conf, const char *section, const char *name) } else return (NULL); } -LCRYPTO_ALIAS(_CONF_get_string); static unsigned long conf_value_hash(const CONF_VALUE *v) @@ -197,7 +194,6 @@ _CONF_new_data(CONF *conf) } return 1; } -LCRYPTO_ALIAS(_CONF_new_data); void _CONF_free_data(CONF *conf) @@ -215,7 +211,6 @@ _CONF_free_data(CONF *conf) lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack)); lh_CONF_VALUE_free(conf->data); } -LCRYPTO_ALIAS(_CONF_free_data); static void value_free_hash_doall_arg(CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf) @@ -280,4 +275,3 @@ err: } return (v); } -LCRYPTO_ALIAS(_CONF_new_section); diff --git a/lib/libcrypto/conf/conf_def.c b/lib/libcrypto/conf/conf_def.c index 07f6eceaf..0173a7117 100644 --- a/lib/libcrypto/conf/conf_def.c +++ b/lib/libcrypto/conf/conf_def.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_def.c,v 1.37 2024/08/28 15:48:33 tb Exp $ */ +/* $OpenBSD: conf_def.c,v 1.44 2024/08/31 09:46:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,12 +63,12 @@ #include #include -#include #include #include #include #include "conf_def.h" +#include "conf_local.h" #define MAX_CONF_VALUE_LENGTH 65536 @@ -81,7 +81,7 @@ static char *scan_dquote(CONF *conf, char *p); #define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) static CONF * -def_create(CONF_METHOD *meth) +def_create(const CONF_METHOD *meth) { CONF *ret; @@ -101,20 +101,6 @@ def_init_default(CONF *conf) return 0; conf->meth = NCONF_default(); - conf->meth_data = CONF_type_default; - conf->data = NULL; - - return 1; -} - -static int -def_init_WIN32(CONF *conf) -{ - if (conf == NULL) - return 0; - - conf->meth = NCONF_WIN32(); - conf->meth_data = (void *)CONF_type_win32; conf->data = NULL; return 1; @@ -333,7 +319,10 @@ err: *line = eline; ERR_asprintf_error_data("line %ld", eline); if ((h != conf->data) && (conf->data != NULL)) { - CONF_free(conf->data); + CONF ctmp; + + CONF_set_nconf(&ctmp, conf->data); + ctmp.meth->destroy_data(&ctmp); conf->data = NULL; } if (v != NULL) { @@ -648,7 +637,7 @@ def_to_int(const CONF *conf, char c) return c - '0'; } -static CONF_METHOD default_method = { +static const CONF_METHOD default_method = { .name = "OpenSSL default", .create = def_create, .init = def_init_default, @@ -661,29 +650,8 @@ static CONF_METHOD default_method = { .load = def_load, }; -static CONF_METHOD WIN32_method = { - "WIN32", - def_create, - def_init_WIN32, - def_destroy, - def_destroy_data, - def_load_bio, - def_dump, - def_is_number, - def_to_int, - def_load, -}; - -CONF_METHOD * +const CONF_METHOD * NCONF_default(void) { return &default_method; } -LCRYPTO_ALIAS(NCONF_default); - -CONF_METHOD * -NCONF_WIN32(void) -{ - return &WIN32_method; -} -LCRYPTO_ALIAS(NCONF_WIN32); diff --git a/lib/libcrypto/conf/conf_def.h b/lib/libcrypto/conf/conf_def.h index 956e44337..36a8aac4d 100644 --- a/lib/libcrypto/conf/conf_def.h +++ b/lib/libcrypto/conf/conf_def.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_def.h,v 1.6 2016/12/21 15:49:29 jsing Exp $ */ +/* $OpenBSD: conf_def.h,v 1.8 2024/08/31 09:36:38 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -79,7 +79,9 @@ __BEGIN_HIDDEN_DECLS #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \ CONF_PUNCTUATION) -#define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) +static const unsigned short CONF_type_default[256]; + +#define KEYTYPES(c) (CONF_type_default) #define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) #define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) #define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) @@ -93,7 +95,7 @@ __BEGIN_HIDDEN_DECLS #define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) #define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) -static unsigned short CONF_type_default[256] = { +static const unsigned short CONF_type_default[256] = { 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, @@ -128,39 +130,4 @@ static unsigned short CONF_type_default[256] = { 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, }; -static unsigned short CONF_type_win32[256] = { - 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, - 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0010, 0x0200, 0x0400, 0x0000, 0x0000, 0x0200, 0x0200, 0x0000, - 0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, - 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, - 0x0001, 0x0001, 0x0000, 0x0A00, 0x0000, 0x0000, 0x0000, 0x0200, - 0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, - 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, - 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, - 0x0002, 0x0002, 0x0002, 0x0000, 0x0000, 0x0000, 0x0200, 0x0100, - 0x0000, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, - 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, - 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, - 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, -}; - __END_HIDDEN_DECLS diff --git a/lib/libcrypto/conf/conf_lib.c b/lib/libcrypto/conf/conf_lib.c index d1c85dc09..7d426d56b 100644 --- a/lib/libcrypto/conf/conf_lib.c +++ b/lib/libcrypto/conf/conf_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_lib.c,v 1.17 2024/04/09 13:56:30 beck Exp $ */ +/* $OpenBSD: conf_lib.c,v 1.24 2024/08/31 09:50:52 tb Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2000. */ @@ -60,10 +60,11 @@ #include #include #include -#include #include -static CONF_METHOD *default_CONF_method = NULL; +#include "conf_local.h" + +static const CONF_METHOD *default_CONF_method = NULL; /* Init a 'CONF' structure from an old LHASH */ @@ -75,163 +76,9 @@ CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash) default_CONF_method->init(conf); conf->data = hash; } -LCRYPTO_ALIAS(CONF_set_nconf); - -/* The following section contains the "CONF classic" functions, - rewritten in terms of the new CONF interface. */ - -int -CONF_set_default_method(CONF_METHOD *meth) -{ - default_CONF_method = meth; - return 1; -} -LCRYPTO_ALIAS(CONF_set_default_method); - -LHASH_OF(CONF_VALUE) * -CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, long *eline) -{ - LHASH_OF(CONF_VALUE) *ltmp; - BIO *in = NULL; - - in = BIO_new_file(file, "rb"); - if (in == NULL) { - CONFerror(ERR_R_SYS_LIB); - return NULL; - } - - ltmp = CONF_load_bio(conf, in, eline); - BIO_free(in); - - return ltmp; -} -LCRYPTO_ALIAS(CONF_load); - -LHASH_OF(CONF_VALUE) * -CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, long *eline) -{ - BIO *btmp; - LHASH_OF(CONF_VALUE) *ltmp; - - if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { - CONFerror(ERR_R_BUF_LIB); - return NULL; - } - ltmp = CONF_load_bio(conf, btmp, eline); - BIO_free(btmp); - return ltmp; -} -LCRYPTO_ALIAS(CONF_load_fp); - -LHASH_OF(CONF_VALUE) * -CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, long *eline) -{ - CONF ctmp; - int ret; - - CONF_set_nconf(&ctmp, conf); - - ret = NCONF_load_bio(&ctmp, bp, eline); - if (ret) - return ctmp.data; - return NULL; -} -LCRYPTO_ALIAS(CONF_load_bio); - -STACK_OF(CONF_VALUE) * -CONF_get_section(LHASH_OF(CONF_VALUE) *conf, const char *section) -{ - if (conf == NULL) { - return NULL; - } else { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - return NCONF_get_section(&ctmp, section); - } -} -LCRYPTO_ALIAS(CONF_get_section); - -char * -CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name) -{ - if (conf == NULL) { - return NCONF_get_string(NULL, group, name); - } else { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - return NCONF_get_string(&ctmp, group, name); - } -} -LCRYPTO_ALIAS(CONF_get_string); - -long -CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name) -{ - int status; - long result = 0; - - if (conf == NULL) { - status = NCONF_get_number_e(NULL, group, name, &result); - } else { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - status = NCONF_get_number_e(&ctmp, group, name, &result); - } - - if (status == 0) { - /* This function does not believe in errors... */ - ERR_clear_error(); - } - return result; -} -LCRYPTO_ALIAS(CONF_get_number); - -void -CONF_free(LHASH_OF(CONF_VALUE) *conf) -{ - CONF ctmp; - - CONF_set_nconf(&ctmp, conf); - NCONF_free_data(&ctmp); -} -LCRYPTO_ALIAS(CONF_free); - -int -CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) -{ - BIO *btmp; - int ret; - - if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { - CONFerror(ERR_R_BUF_LIB); - return 0; - } - ret = CONF_dump_bio(conf, btmp); - BIO_free(btmp); - return ret; -} -LCRYPTO_ALIAS(CONF_dump_fp); - -int -CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out) -{ - CONF ctmp; - - CONF_set_nconf(&ctmp, conf); - return NCONF_dump_bio(&ctmp, out); -} -LCRYPTO_ALIAS(CONF_dump_bio); - -/* The following section contains the "New CONF" functions. They are - completely centralised around a new CONF structure that may contain - basically anything, but at least a method pointer and a table of data. - These functions are also written in terms of the bridge functions used - by the "CONF classic" functions, for consistency. */ CONF * -NCONF_new(CONF_METHOD *meth) +NCONF_new(const CONF_METHOD *meth) { CONF *ret; @@ -257,15 +104,6 @@ NCONF_free(CONF *conf) } LCRYPTO_ALIAS(NCONF_free); -void -NCONF_free_data(CONF *conf) -{ - if (conf == NULL) - return; - conf->meth->destroy_data(conf); -} -LCRYPTO_ALIAS(NCONF_free_data); - int NCONF_load(CONF *conf, const char *file, long *eline) { @@ -278,22 +116,6 @@ NCONF_load(CONF *conf, const char *file, long *eline) } LCRYPTO_ALIAS(NCONF_load); -int -NCONF_load_fp(CONF *conf, FILE *fp, long *eline) -{ - BIO *btmp; - int ret; - - if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { - CONFerror(ERR_R_BUF_LIB); - return 0; - } - ret = NCONF_load_bio(conf, btmp, eline); - BIO_free(btmp); - return ret; -} -LCRYPTO_ALIAS(NCONF_load_fp); - int NCONF_load_bio(CONF *conf, BIO *bp, long *eline) { @@ -368,30 +190,3 @@ NCONF_get_number_e(const CONF *conf, const char *group, const char *name, return 1; } LCRYPTO_ALIAS(NCONF_get_number_e); - -int -NCONF_dump_fp(const CONF *conf, FILE *out) -{ - BIO *btmp; - int ret; - if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { - CONFerror(ERR_R_BUF_LIB); - return 0; - } - ret = NCONF_dump_bio(conf, btmp); - BIO_free(btmp); - return ret; -} -LCRYPTO_ALIAS(NCONF_dump_fp); - -int -NCONF_dump_bio(const CONF *conf, BIO *out) -{ - if (conf == NULL) { - CONFerror(CONF_R_NO_CONF); - return 0; - } - - return conf->meth->dump(conf, out); -} -LCRYPTO_ALIAS(NCONF_dump_bio); diff --git a/lib/libcrypto/conf/conf_api.h b/lib/libcrypto/conf/conf_local.h similarity index 70% rename from lib/libcrypto/conf/conf_api.h rename to lib/libcrypto/conf/conf_local.h index 2793e8413..d7255e1a0 100644 --- a/lib/libcrypto/conf/conf_api.h +++ b/lib/libcrypto/conf/conf_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_api.h,v 1.5 2024/05/19 07:12:50 jsg Exp $ */ +/* $OpenBSD: conf_local.h,v 1.7 2024/08/31 09:54:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,21 +56,46 @@ * [including the GNU Public Licence.] */ -#ifndef HEADER_CONF_API_H -#define HEADER_CONF_API_H +#ifndef HEADER_CONF_LOCAL_H +#define HEADER_CONF_LOCAL_H -#include -#include +__BEGIN_HIDDEN_DECLS -#ifdef __cplusplus -extern "C" { -#endif +const CONF_METHOD *NCONF_default(void); + +struct conf_method_st { + const char *name; + CONF *(*create)(const CONF_METHOD *meth); + int (*init)(CONF *conf); + int (*destroy)(CONF *conf); + int (*destroy_data)(CONF *conf); + int (*load_bio)(CONF *conf, BIO *bp, long *eline); + int (*dump)(const CONF *conf, BIO *bp); + int (*is_number)(const CONF *conf, char c); + int (*to_int)(const CONF *conf, char c); + int (*load)(CONF *conf, const char *name, long *eline); +}; + +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb)(const char *elem, int len, void *usr), void *arg); + +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); -/* Up until OpenSSL 0.9.5a, this was new_section */ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); -/* Up until OpenSSL 0.9.5a, this was get_section */ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); -/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, const char *section); @@ -81,7 +106,8 @@ char *_CONF_get_string(const CONF *conf, const char *section, int _CONF_new_data(CONF *conf); void _CONF_free_data(CONF *conf); -#ifdef __cplusplus -} -#endif -#endif +void OPENSSL_load_builtin_modules(void); + +__END_HIDDEN_DECLS + +#endif /* HEADER_CONF_LOCAL_H */ diff --git a/lib/libcrypto/conf/conf_mall.c b/lib/libcrypto/conf/conf_mall.c index 6a3d180f9..dd1bb6797 100644 --- a/lib/libcrypto/conf/conf_mall.c +++ b/lib/libcrypto/conf/conf_mall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_mall.c,v 1.12 2024/04/09 13:56:30 beck Exp $ */ +/* $OpenBSD: conf_mall.c,v 1.13 2024/08/31 09:54:31 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -67,4 +67,3 @@ OPENSSL_load_builtin_modules(void) /* Add builtin modules here */ ASN1_add_oid_module(); } -LCRYPTO_ALIAS(OPENSSL_load_builtin_modules); diff --git a/lib/libcrypto/conf/conf_mod.c b/lib/libcrypto/conf/conf_mod.c index 4bde9eb37..3477bc71b 100644 --- a/lib/libcrypto/conf/conf_mod.c +++ b/lib/libcrypto/conf/conf_mod.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_mod.c,v 1.38 2024/04/09 13:56:30 beck Exp $ */ +/* $OpenBSD: conf_mod.c,v 1.39 2024/08/31 09:26:18 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -413,7 +413,6 @@ CONF_module_add(const char *name, conf_init_func *ifunc, conf_finish_func *ffunc { return module_add(name, ifunc, ffunc); } -LCRYPTO_ALIAS(CONF_module_add); void CONF_modules_free(void) @@ -430,63 +429,54 @@ CONF_imodule_get_name(const CONF_IMODULE *imod) { return imod->name; } -LCRYPTO_ALIAS(CONF_imodule_get_name); const char * CONF_imodule_get_value(const CONF_IMODULE *imod) { return imod->value; } -LCRYPTO_ALIAS(CONF_imodule_get_value); void * CONF_imodule_get_usr_data(const CONF_IMODULE *imod) { return imod->usr_data; } -LCRYPTO_ALIAS(CONF_imodule_get_usr_data); void CONF_imodule_set_usr_data(CONF_IMODULE *imod, void *usr_data) { imod->usr_data = usr_data; } -LCRYPTO_ALIAS(CONF_imodule_set_usr_data); CONF_MODULE * CONF_imodule_get_module(const CONF_IMODULE *imod) { return imod->mod; } -LCRYPTO_ALIAS(CONF_imodule_get_module); unsigned long CONF_imodule_get_flags(const CONF_IMODULE *imod) { return imod->flags; } -LCRYPTO_ALIAS(CONF_imodule_get_flags); void CONF_imodule_set_flags(CONF_IMODULE *imod, unsigned long flags) { imod->flags = flags; } -LCRYPTO_ALIAS(CONF_imodule_set_flags); void * CONF_module_get_usr_data(CONF_MODULE *mod) { return mod->usr_data; } -LCRYPTO_ALIAS(CONF_module_get_usr_data); void CONF_module_set_usr_data(CONF_MODULE *mod, void *usr_data) { mod->usr_data = usr_data; } -LCRYPTO_ALIAS(CONF_module_set_usr_data); /* Return default config file name */ @@ -547,4 +537,3 @@ CONF_parse_list(const char *list_, int sep, int nospc, lstart = p + 1; } } -LCRYPTO_ALIAS(CONF_parse_list); diff --git a/lib/libcrypto/conf/conf_sap.c b/lib/libcrypto/conf/conf_sap.c index 3a0bf96df..59c90dab4 100644 --- a/lib/libcrypto/conf/conf_sap.c +++ b/lib/libcrypto/conf/conf_sap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_sap.c,v 1.16 2024/04/09 13:56:30 beck Exp $ */ +/* $OpenBSD: conf_sap.c,v 1.17 2024/08/31 09:54:31 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -67,6 +67,8 @@ #include #include +#include "conf_local.h" + /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, * unless this is overridden by calling OPENSSL_no_config() diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c index b9ea39285..d929b0daa 100644 --- a/lib/libcrypto/cryptlib.c +++ b/lib/libcrypto/cryptlib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptlib.c,v 1.52 2024/07/09 07:16:44 beck Exp $ */ +/* $OpenBSD: cryptlib.c,v 1.53 2024/08/31 12:43:58 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -125,6 +125,10 @@ #include #include "crypto_local.h" +#include "x86_arch.h" + +/* Machine independent capabilities. */ +uint64_t crypto_cpu_caps; static void (*locking_callback)(int mode, int type, const char *file, int line) = NULL; @@ -330,13 +334,6 @@ CRYPTO_THREADID_hash(const CRYPTO_THREADID *id) uint64_t OPENSSL_ia32cap_P; -uint64_t -OPENSSL_cpu_caps(void) -{ - return OPENSSL_ia32cap_P; -} -LCRYPTO_ALIAS(OPENSSL_cpu_caps); - #if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) #define OPENSSL_CPUID_SETUP void @@ -349,16 +346,12 @@ OPENSSL_cpuid_setup(void) return; trigger = 1; OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid(); + + if ((OPENSSL_ia32cap_P & CPUCAP_MASK_AESNI) != 0) + crypto_cpu_caps |= CRYPTO_CPU_CAPS_ACCELERATED_AES; } #endif -#else -uint64_t -OPENSSL_cpu_caps(void) -{ - return 0; -} -LCRYPTO_ALIAS(OPENSSL_cpu_caps); #endif #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) @@ -368,6 +361,13 @@ OPENSSL_cpuid_setup(void) } #endif +uint64_t +OPENSSL_cpu_caps(void) +{ + return crypto_cpu_caps; +} +LCRYPTO_ALIAS(OPENSSL_cpu_caps); + static void OPENSSL_showfatal(const char *fmta, ...) { diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h index 40d3a43f4..bcca5a0ac 100644 --- a/lib/libcrypto/crypto.h +++ b/lib/libcrypto/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.74 2024/04/10 15:13:23 beck Exp $ */ +/* $OpenBSD: crypto.h,v 1.75 2024/08/31 12:43:58 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -373,8 +373,6 @@ __attribute__((__noreturn__)) void OpenSSLDie(const char *file, int line, const char *assertion); #define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) -uint64_t OPENSSL_cpu_caps(void); - int FIPS_mode(void); int FIPS_mode_set(int r); @@ -422,6 +420,13 @@ int CRYPTO_memcmp(const void *a, const void *b, size_t len); int OPENSSL_init_crypto(uint64_t opts, const void *settings); void OPENSSL_cleanup(void); +/* + * CPU capabilities. + */ +#define CRYPTO_CPU_CAPS_ACCELERATED_AES 0x00000001ULL + +uint64_t OPENSSL_cpu_caps(void); + /* * OpenSSL helpfully put OPENSSL_gmtime() here because all other time related * functions are in asn1.h. diff --git a/lib/libcrypto/ct/ct_log.c b/lib/libcrypto/ct/ct_log.c index eb503a381..514246ff4 100644 --- a/lib/libcrypto/ct/ct_log.c +++ b/lib/libcrypto/ct/ct_log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ct_log.c,v 1.6 2023/07/08 07:22:58 beck Exp $ */ +/* $OpenBSD: ct_log.c,v 1.7 2024/08/31 09:26:18 tb Exp $ */ /* Author: Adam Eijdenberg . */ /* ==================================================================== * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. @@ -67,6 +67,8 @@ #include #include +#include "conf_local.h" + #include "cryptlib.h" diff --git a/lib/libcrypto/des/COPYRIGHT b/lib/libcrypto/des/COPYRIGHT deleted file mode 100644 index 5469e1e46..000000000 --- a/lib/libcrypto/des/COPYRIGHT +++ /dev/null @@ -1,50 +0,0 @@ -Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -All rights reserved. - -This package is an DES implementation written by Eric Young (eay@cryptsoft.com). -The implementation was written so as to conform with MIT's libdes. - -This library is free for commercial and non-commercial use as long as -the following conditions are aheared to. The following conditions -apply to all code found in this distribution. - -Copyright remains Eric Young's, and as such any Copyright notices in -the code are not to be removed. -If this package is used in a product, Eric Young should be given attribution -as the author of that the SSL library. This can be in the form of a textual -message at program startup or in documentation (online or textual) provided -with the package. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by Eric Young (eay@cryptsoft.com) - -THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The license and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied and put under another distrubution license -[including the GNU Public License.] - -The reason behind this being stated in this direct manner is past -experience in code simply being copied and the attribution removed -from it and then being distributed as part of other packages. This -implementation was a non-trivial and unpaid effort. diff --git a/lib/libcrypto/des/cbc_cksm.c b/lib/libcrypto/des/cbc_cksm.c deleted file mode 100644 index acb0bac11..000000000 --- a/lib/libcrypto/des/cbc_cksm.c +++ /dev/null @@ -1,106 +0,0 @@ -/* $OpenBSD: cbc_cksm.c,v 1.11 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -DES_LONG -DES_cbc_cksum(const unsigned char *in, DES_cblock *output, - long length, DES_key_schedule *schedule, - const_DES_cblock *ivec) -{ - DES_LONG tout0, tout1, tin0, tin1; - long l = length; - DES_LONG tin[2]; - unsigned char *out = &(*output)[0]; - const unsigned char *iv = &(*ivec)[0]; - - c2l(iv, tout0); - c2l(iv, tout1); - for (; l > 0; l -= 8) { - if (l >= 8) { - c2l(in, tin0); - c2l(in, tin1); - } else - c2ln(in, tin0, tin1, l); - - tin0 ^= tout0; - tin[0] = tin0; - tin1 ^= tout1; - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); - /* fix 15/10/91 eay - thanks to keithr@sco.COM */ - tout0 = tin[0]; - tout1 = tin[1]; - } - if (out != NULL) { - l2c(tout0, out); - l2c(tout1, out); - } - tout0 = tin0 = tin1 = tin[0] = tin[1] = 0; - /* - Transform the data in tout1 so that it will - match the return value that the MIT Kerberos - mit_des_cbc_cksum API returns. - */ - tout1 = ((tout1 >> 24L) & 0x000000FF) | - ((tout1 >> 8L) & 0x0000FF00) | - ((tout1 << 8L) & 0x00FF0000) | - ((tout1 << 24L) & 0xFF000000); - return (tout1); -} -LCRYPTO_ALIAS(DES_cbc_cksum); diff --git a/lib/libcrypto/des/cbc_enc.c b/lib/libcrypto/des/cbc_enc.c deleted file mode 100644 index 6c1ec7117..000000000 --- a/lib/libcrypto/des/cbc_enc.c +++ /dev/null @@ -1,61 +0,0 @@ -/* $OpenBSD: cbc_enc.c,v 1.4 2023/07/08 07:11:07 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#define CBC_ENC_C__DONT_UPDATE_IV - -#include "ncbc_enc.c" /* des_cbc_encrypt */ diff --git a/lib/libcrypto/des/cfb64ede.c b/lib/libcrypto/des/cfb64ede.c deleted file mode 100644 index 69a6c2540..000000000 --- a/lib/libcrypto/des/cfb64ede.c +++ /dev/null @@ -1,242 +0,0 @@ -/* $OpenBSD: cfb64ede.c,v 1.13 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -/* The input and output encrypted as though 64bit cfb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ - -void -DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int *num, int enc) -{ - DES_LONG v0, v1; - long l = length; - int n = *num; - DES_LONG ti[2]; - unsigned char *iv, c, cc; - - iv = &(*ivec)[0]; - if (enc) { - while (l--) { - if (n == 0) { - c2l(iv, v0); - c2l(iv, v1); - - ti[0] = v0; - ti[1] = v1; - DES_encrypt3(ti, ks1, ks2, ks3); - v0 = ti[0]; - v1 = ti[1]; - - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - iv = &(*ivec)[0]; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - c2l(iv, v0); - c2l(iv, v1); - - ti[0] = v0; - ti[1] = v1; - DES_encrypt3(ti, ks1, ks2, ks3); - v0 = ti[0]; - v1 = ti[1]; - - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - iv = &(*ivec)[0]; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = c = cc = 0; - *num = n; -} -LCRYPTO_ALIAS(DES_ede3_cfb64_encrypt); - -/* This is compatible with the single key CFB-r for DES, even thought that's - * not what EVP needs. - */ - -void -DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, - int numbits, long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int enc) -{ - DES_LONG d0, d1, v0, v1; - unsigned long l = length, n = ((unsigned int)numbits + 7)/8; - int num = numbits, i; - DES_LONG ti[2]; - unsigned char *iv; - unsigned char ovec[16]; - - if (num > 64) - return; - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - if (enc) { - while (l >= n) { - l -= n; - ti[0] = v0; - ti[1] = v1; - DES_encrypt3(ti, ks1, ks2, ks3); - c2ln(in, d0, d1, n); - in += n; - d0 ^= ti[0]; - d1 ^= ti[1]; - l2cn(d0, d1, out, n); - out += n; - /* 30-08-94 - eay - changed because l>>32 and - * l<<32 are bad under gcc :-( */ - if (num == 32) { - v0 = v1; - v1 = d0; - } else if (num == 64) { - v0 = d0; - v1 = d1; - } else { - iv = &ovec[0]; - l2c(v0, iv); - l2c(v1, iv); - l2c(d0, iv); - l2c(d1, iv); - /* shift ovec left most of the bits... */ - memmove(ovec, ovec + num/8, - 8 + (num % 8 ? 1 : 0)); - /* now the remaining bits */ - if (num % 8 != 0) { - for (i = 0; i < 8; ++i) { - ovec[i] <<= num % 8; - ovec[i] |= ovec[i + 1] >> - (8 - num % 8); - } - } - iv = &ovec[0]; - c2l(iv, v0); - c2l(iv, v1); - } - } - } else { - while (l >= n) { - l -= n; - ti[0] = v0; - ti[1] = v1; - DES_encrypt3(ti, ks1, ks2, ks3); - c2ln(in, d0, d1, n); - in += n; - /* 30-08-94 - eay - changed because l>>32 and - * l<<32 are bad under gcc :-( */ - if (num == 32) { - v0 = v1; - v1 = d0; - } else if (num == 64) { - v0 = d0; - v1 = d1; - } else { - iv = &ovec[0]; - l2c(v0, iv); - l2c(v1, iv); - l2c(d0, iv); - l2c(d1, iv); - /* shift ovec left most of the bits... */ - memmove(ovec, ovec + num/8, - 8 + (num % 8 ? 1 : 0)); - /* now the remaining bits */ - if (num % 8 != 0) { - for (i = 0; i < 8; ++i) { - ovec[i] <<= num % 8; - ovec[i] |= ovec[i + 1] >> - (8 - num % 8); - } - } - iv = &ovec[0]; - c2l(iv, v0); - c2l(iv, v1); - } - d0 ^= ti[0]; - d1 ^= ti[1]; - l2cn(d0, d1, out, n); - out += n; - } - } - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; -} -LCRYPTO_ALIAS(DES_ede3_cfb_encrypt); diff --git a/lib/libcrypto/des/cfb64enc.c b/lib/libcrypto/des/cfb64enc.c deleted file mode 100644 index d2d0dadf1..000000000 --- a/lib/libcrypto/des/cfb64enc.c +++ /dev/null @@ -1,123 +0,0 @@ -/* $OpenBSD: cfb64enc.c,v 1.9 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -/* The input and output encrypted as though 64bit cfb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ - -void -DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int *num, int enc) -{ - DES_LONG v0, v1; - long l = length; - int n = *num; - DES_LONG ti[2]; - unsigned char *iv, c, cc; - - iv = &(*ivec)[0]; - if (enc) { - while (l--) { - if (n == 0) { - c2l(iv, v0); - ti[0] = v0; - c2l(iv, v1); - ti[1] = v1; - DES_encrypt1(ti, schedule, DES_ENCRYPT); - iv = &(*ivec)[0]; - v0 = ti[0]; - l2c(v0, iv); - v0 = ti[1]; - l2c(v0, iv); - iv = &(*ivec)[0]; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - c2l(iv, v0); - ti[0] = v0; - c2l(iv, v1); - ti[1] = v1; - DES_encrypt1(ti, schedule, DES_ENCRYPT); - iv = &(*ivec)[0]; - v0 = ti[0]; - l2c(v0, iv); - v0 = ti[1]; - l2c(v0, iv); - iv = &(*ivec)[0]; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = c = cc = 0; - *num = n; -} -LCRYPTO_ALIAS(DES_cfb64_encrypt); diff --git a/lib/libcrypto/des/cfb_enc.c b/lib/libcrypto/des/cfb_enc.c deleted file mode 100644 index ae41c9d07..000000000 --- a/lib/libcrypto/des/cfb_enc.c +++ /dev/null @@ -1,190 +0,0 @@ -/* $OpenBSD: cfb_enc.c,v 1.17 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" -#include - -/* The input and output are loaded in multiples of 8 bits. - * What this means is that if you hame numbits=12 and length=2 - * the first 12 bits will be retrieved from the first byte and half - * the second. The second 12 bits will come from the 3rd and half the 4th - * byte. - */ -/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it - * will not be compatible with any encryption prior to that date. Ben. */ -void -DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, DES_cblock *ivec, - int enc) -{ - DES_LONG d0, d1, v0, v1; - unsigned long l = length; - int num = numbits/8, n = (numbits + 7)/8, i, rem = numbits % 8; - DES_LONG ti[2]; - unsigned char *iv; -#if BYTE_ORDER != LITTLE_ENDIAN - unsigned char ovec[16]; -#else - unsigned int sh[4]; - unsigned char *ovec = (unsigned char *)sh; -#endif - - if (numbits <= 0 || numbits > 64) - return; - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - if (enc) { - while (l >= (unsigned long)n) { - l -= n; - ti[0] = v0; - ti[1] = v1; - DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); - c2ln(in, d0, d1, n); - in += n; - d0 ^= ti[0]; - d1 ^= ti[1]; - l2cn(d0, d1, out, n); - out += n; - /* 30-08-94 - eay - changed because l>>32 and - * l<<32 are bad under gcc :-( */ - if (numbits == 32) { - v0 = v1; - v1 = d0; - } else if (numbits == 64) { - v0 = d0; - v1 = d1; - } else { -#if BYTE_ORDER != LITTLE_ENDIAN - iv = &ovec[0]; - l2c(v0, iv); - l2c(v1, iv); - l2c(d0, iv); - l2c(d1, iv); -#else - sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; -#endif - if (rem == 0) - memmove(ovec, ovec + num, 8); - else - for (i = 0; i < 8; ++i) - ovec[i] = ovec[i + num] << rem | - ovec[i + num + 1] >> (8 - - rem); -#if BYTE_ORDER == LITTLE_ENDIAN - v0 = sh[0], v1 = sh[1]; -#else - iv = &ovec[0]; - c2l(iv, v0); - c2l(iv, v1); -#endif - } - } - } else { - while (l >= (unsigned long)n) { - l -= n; - ti[0] = v0; - ti[1] = v1; - DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); - c2ln(in, d0, d1, n); - in += n; - /* 30-08-94 - eay - changed because l>>32 and - * l<<32 are bad under gcc :-( */ - if (numbits == 32) { - v0 = v1; - v1 = d0; - } else if (numbits == 64) { - v0 = d0; - v1 = d1; - } else { -#if BYTE_ORDER != LITTLE_ENDIAN - iv = &ovec[0]; - l2c(v0, iv); - l2c(v1, iv); - l2c(d0, iv); - l2c(d1, iv); -#else - sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; -#endif - if (rem == 0) - memmove(ovec, ovec + num, 8); - else - for (i = 0; i < 8; ++i) - ovec[i] = ovec[i + num] << rem | - ovec[i + num + 1] >> (8 - - rem); -#if BYTE_ORDER == LITTLE_ENDIAN - v0 = sh[0], v1 = sh[1]; -#else - iv = &ovec[0]; - c2l(iv, v0); - c2l(iv, v1); -#endif - } - d0 ^= ti[0]; - d1 ^= ti[1]; - l2cn(d0, d1, out, n); - out += n; - } - } - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; -} -LCRYPTO_ALIAS(DES_cfb_encrypt); diff --git a/lib/libcrypto/des/des.c b/lib/libcrypto/des/des.c new file mode 100644 index 000000000..113fc4b9f --- /dev/null +++ b/lib/libcrypto/des/des.c @@ -0,0 +1,1022 @@ +/* $OpenBSD: des.c,v 1.9 2024/08/31 15:56:09 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include + +#include "des_local.h" + +void +DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + DES_key_schedule *_schedule, DES_cblock *ivec, int enc) +{ + DES_LONG tin0, tin1; + DES_LONG tout0, tout1, xor0, xor1; + long l = length; + DES_LONG tin[2]; + unsigned char *iv; + + iv = &(*ivec)[0]; + + if (enc) { + c2l(iv, tout0); + c2l(iv, tout1); + for (l -= 8; l >= 0; l -= 8) { + c2l(in, tin0); + c2l(in, tin1); + tin0 ^= tout0; + tin[0] = tin0; + tin1 ^= tout1; + tin[1] = tin1; + DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); + tout0 = tin[0]; + l2c(tout0, out); + tout1 = tin[1]; + l2c(tout1, out); + } + if (l != -8) { + c2ln(in, tin0, tin1, l + 8); + tin0 ^= tout0; + tin[0] = tin0; + tin1 ^= tout1; + tin[1] = tin1; + DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); + tout0 = tin[0]; + l2c(tout0, out); + tout1 = tin[1]; + l2c(tout1, out); + } + } else { + c2l(iv, xor0); + c2l(iv, xor1); + for (l -= 8; l >= 0; l -= 8) { + c2l(in, tin0); + tin[0] = tin0; + c2l(in, tin1); + tin[1] = tin1; + DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2c(tout0, out); + l2c(tout1, out); + xor0 = tin0; + xor1 = tin1; + } + if (l != -8) { + c2l(in, tin0); + tin[0] = tin0; + c2l(in, tin1); + tin[1] = tin1; + DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2cn(tout0, tout1, out, l + 8); + } + } + tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; + tin[0] = tin[1] = 0; +} +LCRYPTO_ALIAS(DES_cbc_encrypt); + +/* The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void +DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc) +{ + DES_LONG v0, v1; + long l = length; + int n = *num; + DES_LONG ti[2]; + unsigned char *iv, c, cc; + + iv = &(*ivec)[0]; + if (enc) { + while (l--) { + if (n == 0) { + c2l(iv, v0); + c2l(iv, v1); + + ti[0] = v0; + ti[1] = v1; + DES_encrypt3(ti, ks1, ks2, ks3); + v0 = ti[0]; + v1 = ti[1]; + + iv = &(*ivec)[0]; + l2c(v0, iv); + l2c(v1, iv); + iv = &(*ivec)[0]; + } + c = *(in++) ^ iv[n]; + *(out++) = c; + iv[n] = c; + n = (n + 1) & 0x07; + } + } else { + while (l--) { + if (n == 0) { + c2l(iv, v0); + c2l(iv, v1); + + ti[0] = v0; + ti[1] = v1; + DES_encrypt3(ti, ks1, ks2, ks3); + v0 = ti[0]; + v1 = ti[1]; + + iv = &(*ivec)[0]; + l2c(v0, iv); + l2c(v1, iv); + iv = &(*ivec)[0]; + } + cc = *(in++); + c = iv[n]; + iv[n] = cc; + *(out++) = c ^ cc; + n = (n + 1) & 0x07; + } + } + v0 = v1 = ti[0] = ti[1] = c = cc = 0; + *num = n; +} +LCRYPTO_ALIAS(DES_ede3_cfb64_encrypt); + +/* This is compatible with the single key CFB-r for DES, even thought that's + * not what EVP needs. + */ + +void +DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc) +{ + DES_LONG d0, d1, v0, v1; + unsigned long l = length, n = ((unsigned int)numbits + 7)/8; + int num = numbits, i; + DES_LONG ti[2]; + unsigned char *iv; + unsigned char ovec[16]; + + if (num > 64) + return; + iv = &(*ivec)[0]; + c2l(iv, v0); + c2l(iv, v1); + if (enc) { + while (l >= n) { + l -= n; + ti[0] = v0; + ti[1] = v1; + DES_encrypt3(ti, ks1, ks2, ks3); + c2ln(in, d0, d1, n); + in += n; + d0 ^= ti[0]; + d1 ^= ti[1]; + l2cn(d0, d1, out, n); + out += n; + /* 30-08-94 - eay - changed because l>>32 and + * l<<32 are bad under gcc :-( */ + if (num == 32) { + v0 = v1; + v1 = d0; + } else if (num == 64) { + v0 = d0; + v1 = d1; + } else { + iv = &ovec[0]; + l2c(v0, iv); + l2c(v1, iv); + l2c(d0, iv); + l2c(d1, iv); + /* shift ovec left most of the bits... */ + memmove(ovec, ovec + num/8, + 8 + (num % 8 ? 1 : 0)); + /* now the remaining bits */ + if (num % 8 != 0) { + for (i = 0; i < 8; ++i) { + ovec[i] <<= num % 8; + ovec[i] |= ovec[i + 1] >> + (8 - num % 8); + } + } + iv = &ovec[0]; + c2l(iv, v0); + c2l(iv, v1); + } + } + } else { + while (l >= n) { + l -= n; + ti[0] = v0; + ti[1] = v1; + DES_encrypt3(ti, ks1, ks2, ks3); + c2ln(in, d0, d1, n); + in += n; + /* 30-08-94 - eay - changed because l>>32 and + * l<<32 are bad under gcc :-( */ + if (num == 32) { + v0 = v1; + v1 = d0; + } else if (num == 64) { + v0 = d0; + v1 = d1; + } else { + iv = &ovec[0]; + l2c(v0, iv); + l2c(v1, iv); + l2c(d0, iv); + l2c(d1, iv); + /* shift ovec left most of the bits... */ + memmove(ovec, ovec + num/8, + 8 + (num % 8 ? 1 : 0)); + /* now the remaining bits */ + if (num % 8 != 0) { + for (i = 0; i < 8; ++i) { + ovec[i] <<= num % 8; + ovec[i] |= ovec[i + 1] >> + (8 - num % 8); + } + } + iv = &ovec[0]; + c2l(iv, v0); + c2l(iv, v1); + } + d0 ^= ti[0]; + d1 ^= ti[1]; + l2cn(d0, d1, out, n); + out += n; + } + } + iv = &(*ivec)[0]; + l2c(v0, iv); + l2c(v1, iv); + v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; +} +LCRYPTO_ALIAS(DES_ede3_cfb_encrypt); + +/* The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void +DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc) +{ + DES_LONG v0, v1; + long l = length; + int n = *num; + DES_LONG ti[2]; + unsigned char *iv, c, cc; + + iv = &(*ivec)[0]; + if (enc) { + while (l--) { + if (n == 0) { + c2l(iv, v0); + ti[0] = v0; + c2l(iv, v1); + ti[1] = v1; + DES_encrypt1(ti, schedule, DES_ENCRYPT); + iv = &(*ivec)[0]; + v0 = ti[0]; + l2c(v0, iv); + v0 = ti[1]; + l2c(v0, iv); + iv = &(*ivec)[0]; + } + c = *(in++) ^ iv[n]; + *(out++) = c; + iv[n] = c; + n = (n + 1) & 0x07; + } + } else { + while (l--) { + if (n == 0) { + c2l(iv, v0); + ti[0] = v0; + c2l(iv, v1); + ti[1] = v1; + DES_encrypt1(ti, schedule, DES_ENCRYPT); + iv = &(*ivec)[0]; + v0 = ti[0]; + l2c(v0, iv); + v0 = ti[1]; + l2c(v0, iv); + iv = &(*ivec)[0]; + } + cc = *(in++); + c = iv[n]; + iv[n] = cc; + *(out++) = c ^ cc; + n = (n + 1) & 0x07; + } + } + v0 = v1 = ti[0] = ti[1] = c = cc = 0; + *num = n; +} +LCRYPTO_ALIAS(DES_cfb64_encrypt); + +/* The input and output are loaded in multiples of 8 bits. + * What this means is that if you hame numbits=12 and length=2 + * the first 12 bits will be retrieved from the first byte and half + * the second. The second 12 bits will come from the 3rd and half the 4th + * byte. + */ +/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it + * will not be compatible with any encryption prior to that date. Ben. */ +void +DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc) +{ + DES_LONG d0, d1, v0, v1; + unsigned long l = length; + int num = numbits/8, n = (numbits + 7)/8, i, rem = numbits % 8; + DES_LONG ti[2]; + unsigned char *iv; +#if BYTE_ORDER != LITTLE_ENDIAN + unsigned char ovec[16]; +#else + unsigned int sh[4]; + unsigned char *ovec = (unsigned char *)sh; +#endif + + if (numbits <= 0 || numbits > 64) + return; + iv = &(*ivec)[0]; + c2l(iv, v0); + c2l(iv, v1); + if (enc) { + while (l >= (unsigned long)n) { + l -= n; + ti[0] = v0; + ti[1] = v1; + DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); + c2ln(in, d0, d1, n); + in += n; + d0 ^= ti[0]; + d1 ^= ti[1]; + l2cn(d0, d1, out, n); + out += n; + /* 30-08-94 - eay - changed because l>>32 and + * l<<32 are bad under gcc :-( */ + if (numbits == 32) { + v0 = v1; + v1 = d0; + } else if (numbits == 64) { + v0 = d0; + v1 = d1; + } else { +#if BYTE_ORDER != LITTLE_ENDIAN + iv = &ovec[0]; + l2c(v0, iv); + l2c(v1, iv); + l2c(d0, iv); + l2c(d1, iv); +#else + sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; +#endif + if (rem == 0) + memmove(ovec, ovec + num, 8); + else + for (i = 0; i < 8; ++i) + ovec[i] = ovec[i + num] << rem | + ovec[i + num + 1] >> (8 - + rem); +#if BYTE_ORDER == LITTLE_ENDIAN + v0 = sh[0], v1 = sh[1]; +#else + iv = &ovec[0]; + c2l(iv, v0); + c2l(iv, v1); +#endif + } + } + } else { + while (l >= (unsigned long)n) { + l -= n; + ti[0] = v0; + ti[1] = v1; + DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); + c2ln(in, d0, d1, n); + in += n; + /* 30-08-94 - eay - changed because l>>32 and + * l<<32 are bad under gcc :-( */ + if (numbits == 32) { + v0 = v1; + v1 = d0; + } else if (numbits == 64) { + v0 = d0; + v1 = d1; + } else { +#if BYTE_ORDER != LITTLE_ENDIAN + iv = &ovec[0]; + l2c(v0, iv); + l2c(v1, iv); + l2c(d0, iv); + l2c(d1, iv); +#else + sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; +#endif + if (rem == 0) + memmove(ovec, ovec + num, 8); + else + for (i = 0; i < 8; ++i) + ovec[i] = ovec[i + num] << rem | + ovec[i + num + 1] >> (8 - + rem); +#if BYTE_ORDER == LITTLE_ENDIAN + v0 = sh[0], v1 = sh[1]; +#else + iv = &ovec[0]; + c2l(iv, v0); + c2l(iv, v1); +#endif + } + d0 ^= ti[0]; + d1 ^= ti[1]; + l2cn(d0, d1, out, n); + out += n; + } + } + iv = &(*ivec)[0]; + l2c(v0, iv); + l2c(v1, iv); + v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; +} +LCRYPTO_ALIAS(DES_cfb_encrypt); + +void +DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, + int enc) +{ + DES_LONG l0, l1; + DES_LONG ll[2]; + const unsigned char *in = &(*input)[0]; + unsigned char *out = &(*output)[0]; + + c2l(in, l0); + c2l(in, l1); + ll[0] = l0; + ll[1] = l1; + if (enc) + DES_encrypt3(ll, ks1, ks2, ks3); + else + DES_decrypt3(ll, ks1, ks2, ks3); + l0 = ll[0]; + l1 = ll[1]; + l2c(l0, out); + l2c(l1, out); +} +LCRYPTO_ALIAS(DES_ecb3_encrypt); + +void +DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc) +{ + DES_LONG l; + DES_LONG ll[2]; + const unsigned char *in = &(*input)[0]; + unsigned char *out = &(*output)[0]; + + c2l(in, l); + ll[0] = l; + c2l(in, l); + ll[1] = l; + DES_encrypt1(ll, ks, enc); + l = ll[0]; + l2c(l, out); + l = ll[1]; + l2c(l, out); + l = ll[0] = ll[1] = 0; +} +LCRYPTO_ALIAS(DES_ecb_encrypt); + +/* + +This is an implementation of Triple DES Cipher Block Chaining with Output +Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). + +Note that there is a known attack on this by Biham and Knudsen but it takes +a lot of work: + +http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz + +*/ + +#ifndef OPENSSL_NO_DESCBCM +void +DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, + int enc) +{ + DES_LONG tin0, tin1; + DES_LONG tout0, tout1, xor0, xor1, m0, m1; + long l = length; + DES_LONG tin[2]; + unsigned char *iv1, *iv2; + + iv1 = &(*ivec1)[0]; + iv2 = &(*ivec2)[0]; + + if (enc) { + c2l(iv1, m0); + c2l(iv1, m1); + c2l(iv2, tout0); + c2l(iv2, tout1); + for (l -= 8; l >= -7; l -= 8) { + tin[0] = m0; + tin[1] = m1; + DES_encrypt1(tin, ks3, 1); + m0 = tin[0]; + m1 = tin[1]; + + if (l < 0) { + c2ln(in, tin0, tin1, l + 8); + } else { + c2l(in, tin0); + c2l(in, tin1); + } + tin0 ^= tout0; + tin1 ^= tout1; + + tin[0] = tin0; + tin[1] = tin1; + DES_encrypt1(tin, ks1, 1); + tin[0] ^= m0; + tin[1] ^= m1; + DES_encrypt1(tin, ks2, 0); + tin[0] ^= m0; + tin[1] ^= m1; + DES_encrypt1(tin, ks1, 1); + tout0 = tin[0]; + tout1 = tin[1]; + + l2c(tout0, out); + l2c(tout1, out); + } + iv1 = &(*ivec1)[0]; + l2c(m0, iv1); + l2c(m1, iv1); + + iv2 = &(*ivec2)[0]; + l2c(tout0, iv2); + l2c(tout1, iv2); + } else { + DES_LONG t0, t1; + + c2l(iv1, m0); + c2l(iv1, m1); + c2l(iv2, xor0); + c2l(iv2, xor1); + for (l -= 8; l >= -7; l -= 8) { + tin[0] = m0; + tin[1] = m1; + DES_encrypt1(tin, ks3, 1); + m0 = tin[0]; + m1 = tin[1]; + + c2l(in, tin0); + c2l(in, tin1); + + t0 = tin0; + t1 = tin1; + + tin[0] = tin0; + tin[1] = tin1; + DES_encrypt1(tin, ks1, 0); + tin[0] ^= m0; + tin[1] ^= m1; + DES_encrypt1(tin, ks2, 1); + tin[0] ^= m0; + tin[1] ^= m1; + DES_encrypt1(tin, ks1, 0); + tout0 = tin[0]; + tout1 = tin[1]; + + tout0 ^= xor0; + tout1 ^= xor1; + if (l < 0) { + l2cn(tout0, tout1, out, l + 8); + } else { + l2c(tout0, out); + l2c(tout1, out); + } + xor0 = t0; + xor1 = t1; + } + + iv1 = &(*ivec1)[0]; + l2c(m0, iv1); + l2c(m1, iv1); + + iv2 = &(*ivec2)[0]; + l2c(xor0, iv2); + l2c(xor1, iv2); + } + tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; + tin[0] = tin[1] = 0; +} +LCRYPTO_ALIAS(DES_ede3_cbcm_encrypt); +#endif + +/* The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void +DES_ede3_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *k1, DES_key_schedule *k2, + DES_key_schedule *k3, DES_cblock *ivec, + int *num) +{ + DES_LONG v0, v1; + int n = *num; + long l = length; + DES_cblock d; + char *dp; + DES_LONG ti[2]; + unsigned char *iv; + int save = 0; + + iv = &(*ivec)[0]; + c2l(iv, v0); + c2l(iv, v1); + ti[0] = v0; + ti[1] = v1; + dp = (char *)d; + l2c(v0, dp); + l2c(v1, dp); + while (l--) { + if (n == 0) { + /* ti[0]=v0; */ + /* ti[1]=v1; */ + DES_encrypt3(ti, k1, k2, k3); + v0 = ti[0]; + v1 = ti[1]; + + dp = (char *)d; + l2c(v0, dp); + l2c(v1, dp); + save++; + } + *(out++) = *(in++) ^ d[n]; + n = (n + 1) & 0x07; + } + if (save) { + iv = &(*ivec)[0]; + l2c(v0, iv); + l2c(v1, iv); + } + v0 = v1 = ti[0] = ti[1] = 0; + *num = n; +} +LCRYPTO_ALIAS(DES_ede3_ofb64_encrypt); + +/* The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void +DES_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *schedule, DES_cblock *ivec, int *num) +{ + DES_LONG v0, v1, t; + int n = *num; + long l = length; + DES_cblock d; + unsigned char *dp; + DES_LONG ti[2]; + unsigned char *iv; + int save = 0; + + iv = &(*ivec)[0]; + c2l(iv, v0); + c2l(iv, v1); + ti[0] = v0; + ti[1] = v1; + dp = d; + l2c(v0, dp); + l2c(v1, dp); + while (l--) { + if (n == 0) { + DES_encrypt1(ti, schedule, DES_ENCRYPT); + dp = d; + t = ti[0]; + l2c(t, dp); + t = ti[1]; + l2c(t, dp); + save++; + } + *(out++) = *(in++) ^ d[n]; + n = (n + 1) & 0x07; + } + if (save) { + v0 = ti[0]; + v1 = ti[1]; + iv = &(*ivec)[0]; + l2c(v0, iv); + l2c(v1, iv); + } + t = v0 = v1 = ti[0] = ti[1] = 0; + *num = n; +} +LCRYPTO_ALIAS(DES_ofb64_encrypt); + +/* The input and output are loaded in multiples of 8 bits. + * What this means is that if you hame numbits=12 and length=2 + * the first 12 bits will be retrieved from the first byte and half + * the second. The second 12 bits will come from the 3rd and half the 4th + * byte. + */ +void +DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec) +{ + DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7)/8; + DES_LONG mask0, mask1; + long l = length; + int num = numbits; + DES_LONG ti[2]; + unsigned char *iv; + + if (num > 64) + return; + if (num > 32) { + mask0 = 0xffffffffL; + if (num >= 64) + mask1 = mask0; + else + mask1 = (1L << (num - 32)) - 1; + } else { + if (num == 32) + mask0 = 0xffffffffL; + else + mask0 = (1L << num) - 1; + mask1 = 0x00000000L; + } + + iv = &(*ivec)[0]; + c2l(iv, v0); + c2l(iv, v1); + ti[0] = v0; + ti[1] = v1; + while (l-- > 0) { + ti[0] = v0; + ti[1] = v1; + DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); + vv0 = ti[0]; + vv1 = ti[1]; + c2ln(in, d0, d1, n); + in += n; + d0 = (d0 ^ vv0) & mask0; + d1 = (d1 ^ vv1) & mask1; + l2cn(d0, d1, out, n); + out += n; + + if (num == 32) { + v0 = v1; + v1 = vv0; + } else if (num == 64) { + v0 = vv0; + v1 = vv1; + } else if (num > 32) { /* && num != 64 */ + v0 = ((v1 >> (num - 32))|(vv0 << (64 - num))) & + 0xffffffffL; + v1 = ((vv0 >> (num - 32))|(vv1 << (64 - num))) & + 0xffffffffL; + } else /* num < 32 */ { + v0 = ((v0 >> num)|(v1 << (32 - num))) & 0xffffffffL; + v1 = ((v1 >> num)|(vv0 << (32 - num))) & 0xffffffffL; + } + } + iv = &(*ivec)[0]; + l2c(v0, iv); + l2c(v1, iv); + v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0; +} +LCRYPTO_ALIAS(DES_ofb_encrypt); + +void +DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc) +{ + DES_LONG sin0, sin1, xor0, xor1, tout0, tout1; + DES_LONG tin[2]; + const unsigned char *in; + unsigned char *out, *iv; + + in = input; + out = output; + iv = &(*ivec)[0]; + + if (enc) { + c2l(iv, xor0); + c2l(iv, xor1); + for (; length > 0; length -= 8) { + if (length >= 8) { + c2l(in, sin0); + c2l(in, sin1); + } else + c2ln(in, sin0, sin1, length); + tin[0] = sin0 ^ xor0; + tin[1] = sin1 ^ xor1; + DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); + tout0 = tin[0]; + tout1 = tin[1]; + xor0 = sin0 ^ tout0; + xor1 = sin1 ^ tout1; + l2c(tout0, out); + l2c(tout1, out); + } + } else { + c2l(iv, xor0); + c2l(iv, xor1); + for (; length > 0; length -= 8) { + c2l(in, sin0); + c2l(in, sin1); + tin[0] = sin0; + tin[1] = sin1; + DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + if (length >= 8) { + l2c(tout0, out); + l2c(tout1, out); + } else + l2cn(tout0, tout1, out, length); + xor0 = tout0 ^ sin0; + xor1 = tout1 ^ sin1; + } + } + tin[0] = tin[1] = 0; + sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0; +} +LCRYPTO_ALIAS(DES_pcbc_encrypt); + +/* RSA's DESX */ + +void +DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc) +{ + DES_LONG tin0, tin1; + DES_LONG tout0, tout1, xor0, xor1; + DES_LONG inW0, inW1, outW0, outW1; + const unsigned char *in2; + long l = length; + DES_LONG tin[2]; + unsigned char *iv; + + in2 = &(*inw)[0]; + c2l(in2, inW0); + c2l(in2, inW1); + in2 = &(*outw)[0]; + c2l(in2, outW0); + c2l(in2, outW1); + + iv = &(*ivec)[0]; + + if (enc) { + c2l(iv, tout0); + c2l(iv, tout1); + for (l -= 8; l >= 0; l -= 8) { + c2l(in, tin0); + c2l(in, tin1); + tin0 ^= tout0 ^ inW0; + tin[0] = tin0; + tin1 ^= tout1 ^ inW1; + tin[1] = tin1; + DES_encrypt1(tin, schedule, DES_ENCRYPT); + tout0 = tin[0] ^ outW0; + l2c(tout0, out); + tout1 = tin[1] ^ outW1; + l2c(tout1, out); + } + if (l != -8) { + c2ln(in, tin0, tin1, l + 8); + tin0 ^= tout0 ^ inW0; + tin[0] = tin0; + tin1 ^= tout1 ^ inW1; + tin[1] = tin1; + DES_encrypt1(tin, schedule, DES_ENCRYPT); + tout0 = tin[0] ^ outW0; + l2c(tout0, out); + tout1 = tin[1] ^ outW1; + l2c(tout1, out); + } + iv = &(*ivec)[0]; + l2c(tout0, iv); + l2c(tout1, iv); + } else { + c2l(iv, xor0); + c2l(iv, xor1); + for (l -= 8; l > 0; l -= 8) { + c2l(in, tin0); + tin[0] = tin0 ^ outW0; + c2l(in, tin1); + tin[1] = tin1 ^ outW1; + DES_encrypt1(tin, schedule, DES_DECRYPT); + tout0 = tin[0] ^ xor0 ^ inW0; + tout1 = tin[1] ^ xor1 ^ inW1; + l2c(tout0, out); + l2c(tout1, out); + xor0 = tin0; + xor1 = tin1; + } + if (l != -8) { + c2l(in, tin0); + tin[0] = tin0 ^ outW0; + c2l(in, tin1); + tin[1] = tin1 ^ outW1; + DES_encrypt1(tin, schedule, DES_DECRYPT); + tout0 = tin[0] ^ xor0 ^ inW0; + tout1 = tin[1] ^ xor1 ^ inW1; + l2cn(tout0, tout1, out, l + 8); + xor0 = tin0; + xor1 = tin1; + } + + iv = &(*ivec)[0]; + l2c(xor0, iv); + l2c(xor1, iv); + } + tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; + inW0 = inW1 = outW0 = outW1 = 0; + tin[0] = tin[1] = 0; +} +LCRYPTO_ALIAS(DES_xcbc_encrypt); diff --git a/lib/libcrypto/des/des.h b/lib/libcrypto/des/des.h index bc5d35f37..5891fcefe 100644 --- a/lib/libcrypto/des/des.h +++ b/lib/libcrypto/des/des.h @@ -1,4 +1,4 @@ -/* $OpenBSD: des.h,v 1.21 2023/07/31 05:04:06 tb Exp $ */ +/* $OpenBSD: des.h,v 1.22 2024/08/31 10:30:16 tb Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -105,7 +105,6 @@ typedef struct DES_ks { DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) extern int DES_check_key; /* defaults to false */ -extern int DES_rw_mode; /* defaults to DES_PCBC_MODE */ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, @@ -174,10 +173,6 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int *num); -int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, - DES_cblock *iv); -int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, - DES_cblock *iv); char *DES_fcrypt(const char *buf, const char *salt, char *ret); char *DES_crypt(const char *buf, const char *salt); void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, diff --git a/lib/libcrypto/des/qud_cksm.c b/lib/libcrypto/des/des_cksum.c similarity index 81% rename from lib/libcrypto/des/qud_cksm.c rename to lib/libcrypto/des/des_cksum.c index 4ded2a05b..6dfb8a034 100644 --- a/lib/libcrypto/des/qud_cksm.c +++ b/lib/libcrypto/des/des_cksum.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qud_cksm.c,v 1.11 2024/03/29 01:47:29 joshua Exp $ */ +/* $OpenBSD: des_cksum.c,v 1.1 2024/08/31 15:56:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -73,6 +73,53 @@ /* Got the value MIT uses via brute force :-) 2/10/90 eay */ #define NOISE ((DES_LONG)83653421L) +DES_LONG +DES_cbc_cksum(const unsigned char *in, DES_cblock *output, + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec) +{ + DES_LONG tout0, tout1, tin0, tin1; + long l = length; + DES_LONG tin[2]; + unsigned char *out = &(*output)[0]; + const unsigned char *iv = &(*ivec)[0]; + + c2l(iv, tout0); + c2l(iv, tout1); + for (; l > 0; l -= 8) { + if (l >= 8) { + c2l(in, tin0); + c2l(in, tin1); + } else + c2ln(in, tin0, tin1, l); + + tin0 ^= tout0; + tin[0] = tin0; + tin1 ^= tout1; + tin[1] = tin1; + DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); + /* fix 15/10/91 eay - thanks to keithr@sco.COM */ + tout0 = tin[0]; + tout1 = tin[1]; + } + if (out != NULL) { + l2c(tout0, out); + l2c(tout1, out); + } + tout0 = tin0 = tin1 = tin[0] = tin[1] = 0; + /* + Transform the data in tout1 so that it will + match the return value that the MIT Kerberos + mit_des_cbc_cksum API returns. + */ + tout1 = ((tout1 >> 24L) & 0x000000FF) | + ((tout1 >> 8L) & 0x0000FF00) | + ((tout1 << 8L) & 0x00FF0000) | + ((tout1 << 24L) & 0xFF000000); + return (tout1); +} +LCRYPTO_ALIAS(DES_cbc_cksum); + DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], long length, int out_count, DES_cblock *seed) diff --git a/lib/libcrypto/des/des_enc.c b/lib/libcrypto/des/des_enc.c index f332b9a43..deec50bff 100644 --- a/lib/libcrypto/des/des_enc.c +++ b/lib/libcrypto/des/des_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: des_enc.c,v 1.16 2024/03/29 01:47:29 joshua Exp $ */ +/* $OpenBSD: des_enc.c,v 1.20 2024/08/31 16:17:13 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,17 +57,159 @@ */ #include "des_local.h" -#include "spr.h" -#ifndef OPENBSD_DES_ASM +const DES_LONG DES_SPtrans[8][64] = { + { +/* nibble 0 */ + 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, + 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, + 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, + 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, + 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, + 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, + 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, + 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, + 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, + 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, + 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, + 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, + 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, + 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, + 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, + 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, + }, { +/* nibble 1 */ + 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, + 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, + 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, + 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, + 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, + 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, + 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, + 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, + 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, + 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, + 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, + 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, + 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, + 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, + 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, + 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, + }, { +/* nibble 2 */ + 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, + 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, + 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, + 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, + 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, + 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, + 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, + 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, + 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, + 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, + 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, + 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, + 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, + 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, + }, { +/* nibble 3 */ + 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, + 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, + 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, + 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, + 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, + 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, + 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, + 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, + 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, + 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, + 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, + 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, + 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, + 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, + 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, + 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, + }, { +/* nibble 4 */ + 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, + 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, + 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, + 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, + 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, + 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, + 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, + 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, + 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, + 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, + 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, + 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, + 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, + 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, + }, { +/* nibble 5 */ + 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, + 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, + 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, + 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, + 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, + 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, + 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, + 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, + 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, + 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, + 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, + 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, + 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, + 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, + 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, + 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, + }, { +/* nibble 6 */ + 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, + 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, + 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, + 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, + 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, + 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, + 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, + 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, + 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, + 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, + 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, + 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, + 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, + 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, + 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, + 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, + }, { +/* nibble 7 */ + 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, + 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, + 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, + 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, + 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, + 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, + 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, + 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, + 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, + 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, + 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, + 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, + 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, + 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, + }, +}; void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { DES_LONG l, r, t, u; -#ifdef DES_PTR - const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; -#endif #ifndef DES_UNROLL int i; #endif @@ -156,9 +298,6 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) { DES_LONG l, r, t, u; -#ifdef DES_PTR - const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; -#endif #ifndef DES_UNROLL int i; #endif @@ -236,8 +375,6 @@ DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) } LCRYPTO_ALIAS(DES_encrypt2); -#endif /* OPENBSD_DES_ASM */ - void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3) @@ -284,8 +421,85 @@ LCRYPTO_ALIAS(DES_decrypt3); #ifndef DES_DEFAULT_OPTIONS -#undef CBC_ENC_C__DONT_UPDATE_IV -#include "ncbc_enc.c" /* DES_ncbc_encrypt */ +void +DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length, + DES_key_schedule *_schedule, DES_cblock *ivec, int enc) +{ + DES_LONG tin0, tin1; + DES_LONG tout0, tout1, xor0, xor1; + long l = length; + DES_LONG tin[2]; + unsigned char *iv; + + iv = &(*ivec)[0]; + + if (enc) { + c2l(iv, tout0); + c2l(iv, tout1); + for (l -= 8; l >= 0; l -= 8) { + c2l(in, tin0); + c2l(in, tin1); + tin0 ^= tout0; + tin[0] = tin0; + tin1 ^= tout1; + tin[1] = tin1; + DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); + tout0 = tin[0]; + l2c(tout0, out); + tout1 = tin[1]; + l2c(tout1, out); + } + if (l != -8) { + c2ln(in, tin0, tin1, l + 8); + tin0 ^= tout0; + tin[0] = tin0; + tin1 ^= tout1; + tin[1] = tin1; + DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); + tout0 = tin[0]; + l2c(tout0, out); + tout1 = tin[1]; + l2c(tout1, out); + } + iv = &(*ivec)[0]; + l2c(tout0, iv); + l2c(tout1, iv); + } else { + c2l(iv, xor0); + c2l(iv, xor1); + for (l -= 8; l >= 0; l -= 8) { + c2l(in, tin0); + tin[0] = tin0; + c2l(in, tin1); + tin[1] = tin1; + DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2c(tout0, out); + l2c(tout1, out); + xor0 = tin0; + xor1 = tin1; + } + if (l != -8) { + c2l(in, tin0); + tin[0] = tin0; + c2l(in, tin1); + tin[1] = tin1; + DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2cn(tout0, tout1, out, l + 8); + xor0 = tin0; + xor1 = tin1; + } + iv = &(*ivec)[0]; + l2c(xor0, iv); + l2c(xor1, iv); + } + tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; + tin[0] = tin[1] = 0; +} +LCRYPTO_ALIAS(DES_ncbc_encrypt); void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, diff --git a/lib/libcrypto/des/fcrypt_b.c b/lib/libcrypto/des/des_fcrypt.c similarity index 58% rename from lib/libcrypto/des/fcrypt_b.c rename to lib/libcrypto/des/des_fcrypt.c index 58c9bc34c..b33b1240c 100644 --- a/lib/libcrypto/des/fcrypt_b.c +++ b/lib/libcrypto/des/des_fcrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fcrypt_b.c,v 1.12 2023/07/08 07:34:34 jsing Exp $ */ +/* $OpenBSD: des_fcrypt.c,v 1.4 2024/08/31 16:22:18 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,16 +60,21 @@ /* This version of crypt has been developed from my MIT compatible * DES library. - * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au * Eric Young (eay@cryptsoft.com) */ +/* Modification by Jens Kupferschmidt (Cu) + * I have included directive PARA for shared memory computers. + * I have included a directive LONGCRYPT to using this routine to cipher + * passwords with more than 8 bytes like HP-UX 10.x it used. The MAXPLEN + * definition is the maximum of length of password and can changed. I have + * defined 24. + */ + #define DES_FCRYPT #include "des_local.h" #undef DES_FCRYPT -#ifndef OPENBSD_DES_ASM - #undef PERM_OP #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)), \ (b)^=(t), \ @@ -79,14 +84,11 @@ #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)), \ (a)=(a)^(t)^(t>>(16-(n)))) \ -void +static void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, DES_LONG Eswap1) { DES_LONG l, r, t, u; -#ifdef DES_PTR - const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; -#endif DES_LONG *s; int j; DES_LONG E0, E1; @@ -142,4 +144,111 @@ fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, out[1] = l; } -#endif /* OPENBSD_DES_ASM */ +/* Added more values to handle illegal salt values the way normal + * crypt() implementations do. The patch was sent by + * Bjorn Gronvall + */ +static unsigned const char con_salt[128] = { + 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, + 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, + 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, + 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, + 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, + 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, + 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, + 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, + 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, + 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, + 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, +}; + +static unsigned const char cov_2char[64] = { + 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, + 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, + 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, + 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, + 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, + 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A +}; + +char * +DES_crypt(const char *buf, const char *salt) +{ + static char buff[14]; + + return (DES_fcrypt(buf, salt, buff)); +} +LCRYPTO_ALIAS(DES_crypt); + +char * +DES_fcrypt(const char *buf, const char *salt, char *ret) +{ + unsigned int i, j, x, y; + DES_LONG Eswap0, Eswap1; + DES_LONG out[2], ll; + DES_cblock key; + DES_key_schedule ks; + unsigned char bb[9]; + unsigned char *b = bb; + unsigned char c, u; + + /* eay 25/08/92 + * If you call crypt("pwd","*") as often happens when you + * have * as the pwd field in /etc/passwd, the function + * returns *\0xxxxxxxxx + * The \0 makes the string look like * so the pwd "*" would + * crypt to "*". This was found when replacing the crypt in + * our shared libraries. People found that the disabled + * accounts effectively had no passwd :-(. */ + x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]); + Eswap0 = con_salt[x] << 2; + x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]); + Eswap1 = con_salt[x] << 6; +/* EAY +r=strlen(buf); +r=(r+7)/8; +*/ + for (i = 0; i < 8; i++) { + c = *(buf++); + if (!c) + break; + key[i] = (c << 1); + } + for (; i < 8; i++) + key[i] = 0; + + DES_set_key_unchecked(&key, &ks); + fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1); + + ll = out[0]; + l2c(ll, b); + ll = out[1]; + l2c(ll, b); + y = 0; + u = 0x80; + bb[8] = 0; + for (i = 2; i < 13; i++) { + c = 0; + for (j = 0; j < 6; j++) { + c <<= 1; + if (bb[y] & u) + c |= 1; + u >>= 1; + if (!u) { + y++; + u = 0x80; + } + } + ret[i] = cov_2char[c]; + } + ret[13] = '\0'; + return (ret); +} +LCRYPTO_ALIAS(DES_fcrypt); diff --git a/lib/libcrypto/des/set_key.c b/lib/libcrypto/des/des_key.c similarity index 86% rename from lib/libcrypto/des/set_key.c rename to lib/libcrypto/des/des_key.c index 9a9dcf7c5..eee8a7e12 100644 --- a/lib/libcrypto/des/set_key.c +++ b/lib/libcrypto/des/des_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: set_key.c,v 1.28 2024/07/09 07:16:13 beck Exp $ */ +/* $OpenBSD: des_key.c,v 1.1 2024/08/31 15:56:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -413,3 +413,111 @@ DES_random_key(DES_cblock *ret) return (1); } LCRYPTO_ALIAS(DES_random_key); + +void +DES_string_to_key(const char *str, DES_cblock *key) +{ + DES_key_schedule ks; + int i, length; + unsigned char j; + + memset(key, 0, 8); + length = strlen(str); +#ifdef OLD_STR_TO_KEY + for (i = 0; i < length; i++) + (*key)[i % 8] ^= (str[i] << 1); +#else /* MIT COMPATIBLE */ + for (i = 0; i < length; i++) { + j = str[i]; + if ((i % 16) < 8) + (*key)[i % 8] ^= (j << 1); + else { + /* Reverse the bit order 05/05/92 eay */ + j = ((j << 4) & 0xf0)|((j >> 4) & 0x0f); + j = ((j << 2) & 0xcc)|((j >> 2) & 0x33); + j = ((j << 1) & 0xaa)|((j >> 1) & 0x55); + (*key)[7 - (i % 8)] ^= j; + } + } +#endif + DES_set_odd_parity(key); +#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY + if (DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; + DES_set_key(key, &ks); +#else + DES_set_key_unchecked(key, &ks); +#endif + DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); + explicit_bzero(&ks, sizeof(ks)); + DES_set_odd_parity(key); +} +LCRYPTO_ALIAS(DES_string_to_key); + +void +DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) +{ + DES_key_schedule ks; + int i, length; + unsigned char j; + + memset(key1, 0, 8); + memset(key2, 0, 8); + length = strlen(str); +#ifdef OLD_STR_TO_KEY + if (length <= 8) { + for (i = 0; i < length; i++) { + (*key2)[i] = (*key1)[i] = (str[i] << 1); + } + } else { + for (i = 0; i < length; i++) { + if ((i/8) & 1) + (*key2)[i % 8] ^= (str[i] << 1); + else + (*key1)[i % 8] ^= (str[i] << 1); + } + } +#else /* MIT COMPATIBLE */ + for (i = 0; i < length; i++) { + j = str[i]; + if ((i % 32) < 16) { + if ((i % 16) < 8) + (*key1)[i % 8] ^= (j << 1); + else + (*key2)[i % 8] ^= (j << 1); + } else { + j = ((j << 4) & 0xf0)|((j >> 4) & 0x0f); + j = ((j << 2) & 0xcc)|((j >> 2) & 0x33); + j = ((j << 1) & 0xaa)|((j >> 1) & 0x55); + if ((i % 16) < 8) + (*key1)[7 - (i % 8)] ^= j; + else + (*key2)[7 - (i % 8)] ^= j; + } + } + if (length <= 8) + memcpy(key2, key1, 8); +#endif + DES_set_odd_parity(key1); + DES_set_odd_parity(key2); +#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY + if (DES_is_weak_key(key1)) + (*key1)[7] ^= 0xF0; + DES_set_key(key1, &ks); +#else + DES_set_key_unchecked(key1, &ks); +#endif + DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1); +#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY + if (DES_is_weak_key(key2)) + (*key2)[7] ^= 0xF0; + DES_set_key(key2, &ks); +#else + DES_set_key_unchecked(key2, &ks); +#endif + DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2); + explicit_bzero(&ks, sizeof(ks)); + DES_set_odd_parity(key1); + DES_set_odd_parity(key2); +} +LCRYPTO_ALIAS(DES_string_to_2keys); diff --git a/lib/libcrypto/des/des_local.h b/lib/libcrypto/des/des_local.h index c37128473..61bfde752 100644 --- a/lib/libcrypto/des/des_local.h +++ b/lib/libcrypto/des/des_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: des_local.h,v 1.3 2024/05/24 19:21:58 tb Exp $ */ +/* $OpenBSD: des_local.h,v 1.5 2024/08/31 16:22:18 jsing Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -141,154 +141,6 @@ ROTATE(uint32_t a, uint32_t n) t=R^s[S+1] #endif -/* The changes to this macro may help or hinder, depending on the - * compiler and the architecture. gcc2 always seems to do well :-). - * Inspired by Dana How - * DO NOT use the alternative version on machines with 8 byte longs. - * It does not seem to work on the Alpha, even when DES_LONG is 4 - * bytes, probably an issue of accessing non-word aligned objects :-( */ -#ifdef DES_PTR - -/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there - * is no reason to not xor all the sub items together. This potentially - * saves a register since things can be xored directly into L */ - -#if defined(DES_RISC1) || defined(DES_RISC2) -#ifdef DES_RISC1 -#define D_ENCRYPT(LL,R,S) { \ - unsigned int u1,u2,u3; \ - LOAD_DATA(R,S,u,t,E0,E1,u1); \ - u2=(int)u>>8L; \ - u1=(int)u&0xfc; \ - u2&=0xfc; \ - t=ROTATE(t,4); \ - u>>=16L; \ - LL^= *(const DES_LONG *)(des_SP +u1); \ - LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ - u3=(int)(u>>8L); \ - u1=(int)u&0xfc; \ - u3&=0xfc; \ - LL^= *(const DES_LONG *)(des_SP+0x400+u1); \ - LL^= *(const DES_LONG *)(des_SP+0x600+u3); \ - u2=(int)t>>8L; \ - u1=(int)t&0xfc; \ - u2&=0xfc; \ - t>>=16L; \ - LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ - LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ - u3=(int)t>>8L; \ - u1=(int)t&0xfc; \ - u3&=0xfc; \ - LL^= *(const DES_LONG *)(des_SP+0x500+u1); \ - LL^= *(const DES_LONG *)(des_SP+0x700+u3); } -#endif -#ifdef DES_RISC2 -#define D_ENCRYPT(LL,R,S) { \ - unsigned int u1,u2,s1,s2; \ - LOAD_DATA(R,S,u,t,E0,E1,u1); \ - u2=(int)u>>8L; \ - u1=(int)u&0xfc; \ - u2&=0xfc; \ - t=ROTATE(t,4); \ - LL^= *(const DES_LONG *)(des_SP +u1); \ - LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ - s1=(int)(u>>16L); \ - s2=(int)(u>>24L); \ - s1&=0xfc; \ - s2&=0xfc; \ - LL^= *(const DES_LONG *)(des_SP+0x400+s1); \ - LL^= *(const DES_LONG *)(des_SP+0x600+s2); \ - u2=(int)t>>8L; \ - u1=(int)t&0xfc; \ - u2&=0xfc; \ - LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ - LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ - s1=(int)(t>>16L); \ - s2=(int)(t>>24L); \ - s1&=0xfc; \ - s2&=0xfc; \ - LL^= *(const DES_LONG *)(des_SP+0x500+s1); \ - LL^= *(const DES_LONG *)(des_SP+0x700+s2); } -#endif -#else -#define D_ENCRYPT(LL,R,S) { \ - LOAD_DATA_tmp(R,S,u,t,E0,E1); \ - t=ROTATE(t,4); \ - LL^= \ - *(const DES_LONG *)(des_SP +((u )&0xfc))^ \ - *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \ - *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \ - *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \ - *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \ - *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \ - *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \ - *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); } -#endif - -#else /* original version */ - -#if defined(DES_RISC1) || defined(DES_RISC2) -#ifdef DES_RISC1 -#define D_ENCRYPT(LL,R,S) { \ - unsigned int u1,u2,u3; \ - LOAD_DATA(R,S,u,t,E0,E1,u1); \ - u>>=2L; \ - t=ROTATE(t,6); \ - u2=(int)u>>8L; \ - u1=(int)u&0x3f; \ - u2&=0x3f; \ - u>>=16L; \ - LL^=DES_SPtrans[0][u1]; \ - LL^=DES_SPtrans[2][u2]; \ - u3=(int)u>>8L; \ - u1=(int)u&0x3f; \ - u3&=0x3f; \ - LL^=DES_SPtrans[4][u1]; \ - LL^=DES_SPtrans[6][u3]; \ - u2=(int)t>>8L; \ - u1=(int)t&0x3f; \ - u2&=0x3f; \ - t>>=16L; \ - LL^=DES_SPtrans[1][u1]; \ - LL^=DES_SPtrans[3][u2]; \ - u3=(int)t>>8L; \ - u1=(int)t&0x3f; \ - u3&=0x3f; \ - LL^=DES_SPtrans[5][u1]; \ - LL^=DES_SPtrans[7][u3]; } -#endif -#ifdef DES_RISC2 -#define D_ENCRYPT(LL,R,S) { \ - unsigned int u1,u2,s1,s2; \ - LOAD_DATA(R,S,u,t,E0,E1,u1); \ - u>>=2L; \ - t=ROTATE(t,6); \ - u2=(int)u>>8L; \ - u1=(int)u&0x3f; \ - u2&=0x3f; \ - LL^=DES_SPtrans[0][u1]; \ - LL^=DES_SPtrans[2][u2]; \ - s1=(int)u>>16L; \ - s2=(int)u>>24L; \ - s1&=0x3f; \ - s2&=0x3f; \ - LL^=DES_SPtrans[4][s1]; \ - LL^=DES_SPtrans[6][s2]; \ - u2=(int)t>>8L; \ - u1=(int)t&0x3f; \ - u2&=0x3f; \ - LL^=DES_SPtrans[1][u1]; \ - LL^=DES_SPtrans[3][u2]; \ - s1=(int)t>>16; \ - s2=(int)t>>24L; \ - s1&=0x3f; \ - s2&=0x3f; \ - LL^=DES_SPtrans[5][s1]; \ - LL^=DES_SPtrans[7][s2]; } -#endif - -#else - #define D_ENCRYPT(LL,R,S) { \ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ t=ROTATE(t,4); \ @@ -301,8 +153,6 @@ ROTATE(uint32_t a, uint32_t n) DES_SPtrans[3][(t>>10L)&0x3f]^ \ DES_SPtrans[5][(t>>18L)&0x3f]^ \ DES_SPtrans[7][(t>>26L)&0x3f]; } -#endif -#endif /* IP and FP * The problem is more of a geometric problem that random bit fiddling. @@ -367,9 +217,6 @@ ROTATE(uint32_t a, uint32_t n) extern const DES_LONG DES_SPtrans[8][64]; -void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, - DES_LONG Eswap0, DES_LONG Eswap1); - #ifdef OPENSSL_SMALL_FOOTPRINT #undef DES_UNROLL #endif diff --git a/lib/libcrypto/des/ecb3_enc.c b/lib/libcrypto/des/ecb3_enc.c deleted file mode 100644 index 2aa63726e..000000000 --- a/lib/libcrypto/des/ecb3_enc.c +++ /dev/null @@ -1,85 +0,0 @@ -/* $OpenBSD: ecb3_enc.c,v 1.10 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -void -DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, - int enc) -{ - DES_LONG l0, l1; - DES_LONG ll[2]; - const unsigned char *in = &(*input)[0]; - unsigned char *out = &(*output)[0]; - - c2l(in, l0); - c2l(in, l1); - ll[0] = l0; - ll[1] = l1; - if (enc) - DES_encrypt3(ll, ks1, ks2, ks3); - else - DES_decrypt3(ll, ks1, ks2, ks3); - l0 = ll[0]; - l1 = ll[1]; - l2c(l0, out); - l2c(l1, out); -} -LCRYPTO_ALIAS(DES_ecb3_encrypt); diff --git a/lib/libcrypto/des/ecb_enc.c b/lib/libcrypto/des/ecb_enc.c deleted file mode 100644 index 2491c4318..000000000 --- a/lib/libcrypto/des/ecb_enc.c +++ /dev/null @@ -1,83 +0,0 @@ -/* $OpenBSD: ecb_enc.c,v 1.20 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" -#include -#include - -void -DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks, int enc) -{ - DES_LONG l; - DES_LONG ll[2]; - const unsigned char *in = &(*input)[0]; - unsigned char *out = &(*output)[0]; - - c2l(in, l); - ll[0] = l; - c2l(in, l); - ll[1] = l; - DES_encrypt1(ll, ks, enc); - l = ll[0]; - l2c(l, out); - l = ll[1]; - l2c(l, out); - l = ll[0] = ll[1] = 0; -} -LCRYPTO_ALIAS(DES_ecb_encrypt); diff --git a/lib/libcrypto/des/ede_cbcm_enc.c b/lib/libcrypto/des/ede_cbcm_enc.c deleted file mode 100644 index 979600e54..000000000 --- a/lib/libcrypto/des/ede_cbcm_enc.c +++ /dev/null @@ -1,190 +0,0 @@ -/* $OpenBSD: ede_cbcm_enc.c,v 1.10 2024/03/29 01:47:29 joshua Exp $ */ -/* Written by Ben Laurie for the OpenSSL - * project 13 Feb 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - -This is an implementation of Triple DES Cipher Block Chaining with Output -Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). - -Note that there is a known attack on this by Biham and Knudsen but it takes -a lot of work: - -http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz - -*/ - -#include /* To see if OPENSSL_NO_DESCBCM is defined */ - -#ifndef OPENSSL_NO_DESCBCM -#include "des_local.h" - -void -DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, - int enc) -{ - DES_LONG tin0, tin1; - DES_LONG tout0, tout1, xor0, xor1, m0, m1; - long l = length; - DES_LONG tin[2]; - unsigned char *iv1, *iv2; - - iv1 = &(*ivec1)[0]; - iv2 = &(*ivec2)[0]; - - if (enc) { - c2l(iv1, m0); - c2l(iv1, m1); - c2l(iv2, tout0); - c2l(iv2, tout1); - for (l -= 8; l >= -7; l -= 8) { - tin[0] = m0; - tin[1] = m1; - DES_encrypt1(tin, ks3, 1); - m0 = tin[0]; - m1 = tin[1]; - - if (l < 0) { - c2ln(in, tin0, tin1, l + 8); - } else { - c2l(in, tin0); - c2l(in, tin1); - } - tin0 ^= tout0; - tin1 ^= tout1; - - tin[0] = tin0; - tin[1] = tin1; - DES_encrypt1(tin, ks1, 1); - tin[0] ^= m0; - tin[1] ^= m1; - DES_encrypt1(tin, ks2, 0); - tin[0] ^= m0; - tin[1] ^= m1; - DES_encrypt1(tin, ks1, 1); - tout0 = tin[0]; - tout1 = tin[1]; - - l2c(tout0, out); - l2c(tout1, out); - } - iv1 = &(*ivec1)[0]; - l2c(m0, iv1); - l2c(m1, iv1); - - iv2 = &(*ivec2)[0]; - l2c(tout0, iv2); - l2c(tout1, iv2); - } else { - DES_LONG t0, t1; - - c2l(iv1, m0); - c2l(iv1, m1); - c2l(iv2, xor0); - c2l(iv2, xor1); - for (l -= 8; l >= -7; l -= 8) { - tin[0] = m0; - tin[1] = m1; - DES_encrypt1(tin, ks3, 1); - m0 = tin[0]; - m1 = tin[1]; - - c2l(in, tin0); - c2l(in, tin1); - - t0 = tin0; - t1 = tin1; - - tin[0] = tin0; - tin[1] = tin1; - DES_encrypt1(tin, ks1, 0); - tin[0] ^= m0; - tin[1] ^= m1; - DES_encrypt1(tin, ks2, 1); - tin[0] ^= m0; - tin[1] ^= m1; - DES_encrypt1(tin, ks1, 0); - tout0 = tin[0]; - tout1 = tin[1]; - - tout0 ^= xor0; - tout1 ^= xor1; - if (l < 0) { - l2cn(tout0, tout1, out, l + 8); - } else { - l2c(tout0, out); - l2c(tout1, out); - } - xor0 = t0; - xor1 = t1; - } - - iv1 = &(*ivec1)[0]; - l2c(m0, iv1); - l2c(m1, iv1); - - iv2 = &(*ivec2)[0]; - l2c(xor0, iv2); - l2c(xor1, iv2); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} -LCRYPTO_ALIAS(DES_ede3_cbcm_encrypt); -#endif diff --git a/lib/libcrypto/des/enc_read.c b/lib/libcrypto/des/enc_read.c deleted file mode 100644 index 32f7547a3..000000000 --- a/lib/libcrypto/des/enc_read.c +++ /dev/null @@ -1,86 +0,0 @@ -/* $OpenBSD: enc_read.c,v 1.20 2024/07/09 07:16:13 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include "des_local.h" - -/* - * XXX - remove this file in the next major bump - */ - -int DES_rw_mode = DES_PCBC_MODE; -LCRYPTO_ALIAS(DES_rw_mode); - -int -DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, - DES_cblock *iv) -{ - return -1; -} -LCRYPTO_ALIAS(DES_enc_read); - -int -DES_enc_write(int fd, const void *_buf, int len, - DES_key_schedule *sched, DES_cblock *iv) -{ - return -1; -} -LCRYPTO_ALIAS(DES_enc_write); diff --git a/lib/libcrypto/des/fcrypt.c b/lib/libcrypto/des/fcrypt.c deleted file mode 100644 index 5bdf09b7e..000000000 --- a/lib/libcrypto/des/fcrypt.c +++ /dev/null @@ -1,127 +0,0 @@ -/* $OpenBSD: fcrypt.c,v 1.16 2024/03/29 01:47:29 joshua Exp $ */ - -#include - -/* This version of crypt has been developed from my MIT compatible - * DES library. - * Eric Young (eay@cryptsoft.com) - */ - -/* Modification by Jens Kupferschmidt (Cu) - * I have included directive PARA for shared memory computers. - * I have included a directive LONGCRYPT to using this routine to cipher - * passwords with more than 8 bytes like HP-UX 10.x it used. The MAXPLEN - * definition is the maximum of length of password and can changed. I have - * defined 24. - */ - -#include "des_local.h" - -/* Added more values to handle illegal salt values the way normal - * crypt() implementations do. The patch was sent by - * Bjorn Gronvall - */ -static unsigned const char con_salt[128] = { - 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, - 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, - 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, - 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, - 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, - 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, - 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, - 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, - 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, - 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, - 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, - 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, -}; - -static unsigned const char cov_2char[64] = { - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, - 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, - 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, - 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, - 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, - 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, - 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, - 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A -}; - -char * -DES_crypt(const char *buf, const char *salt) -{ - static char buff[14]; - - return (DES_fcrypt(buf, salt, buff)); -} -LCRYPTO_ALIAS(DES_crypt); - -char * -DES_fcrypt(const char *buf, const char *salt, char *ret) -{ - unsigned int i, j, x, y; - DES_LONG Eswap0, Eswap1; - DES_LONG out[2], ll; - DES_cblock key; - DES_key_schedule ks; - unsigned char bb[9]; - unsigned char *b = bb; - unsigned char c, u; - - /* eay 25/08/92 - * If you call crypt("pwd","*") as often happens when you - * have * as the pwd field in /etc/passwd, the function - * returns *\0xxxxxxxxx - * The \0 makes the string look like * so the pwd "*" would - * crypt to "*". This was found when replacing the crypt in - * our shared libraries. People found that the disabled - * accounts effectively had no passwd :-(. */ - x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]); - Eswap0 = con_salt[x] << 2; - x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]); - Eswap1 = con_salt[x] << 6; -/* EAY -r=strlen(buf); -r=(r+7)/8; -*/ - for (i = 0; i < 8; i++) { - c = *(buf++); - if (!c) - break; - key[i] = (c << 1); - } - for (; i < 8; i++) - key[i] = 0; - - DES_set_key_unchecked(&key, &ks); - fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1); - - ll = out[0]; - l2c(ll, b); - ll = out[1]; - l2c(ll, b); - y = 0; - u = 0x80; - bb[8] = 0; - for (i = 2; i < 13; i++) { - c = 0; - for (j = 0; j < 6; j++) { - c <<= 1; - if (bb[y] & u) - c |= 1; - u >>= 1; - if (!u) { - y++; - u = 0x80; - } - } - ret[i] = cov_2char[c]; - } - ret[13] = '\0'; - return (ret); -} -LCRYPTO_ALIAS(DES_fcrypt); diff --git a/lib/libcrypto/des/ncbc_enc.c b/lib/libcrypto/des/ncbc_enc.c deleted file mode 100644 index 1a49126b6..000000000 --- a/lib/libcrypto/des/ncbc_enc.c +++ /dev/null @@ -1,160 +0,0 @@ -/* $OpenBSD: ncbc_enc.c,v 1.11 2024/03/29 01:47:29 joshua Exp $ */ -/* - * #included by: - * cbc_enc.c (DES_cbc_encrypt) - * des_enc.c (DES_ncbc_encrypt) - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -#ifdef CBC_ENC_C__DONT_UPDATE_IV -void -DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - DES_key_schedule *_schedule, DES_cblock *ivec, int enc) -#else -void -DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length, - DES_key_schedule *_schedule, DES_cblock *ivec, int enc) -#endif -{ - DES_LONG tin0, tin1; - DES_LONG tout0, tout1, xor0, xor1; - long l = length; - DES_LONG tin[2]; - unsigned char *iv; - - iv = &(*ivec)[0]; - - if (enc) { - c2l(iv, tout0); - c2l(iv, tout1); - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - c2l(in, tin1); - tin0 ^= tout0; - tin[0] = tin0; - tin1 ^= tout1; - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); - tout0 = tin[0]; - l2c(tout0, out); - tout1 = tin[1]; - l2c(tout1, out); - } - if (l != -8) { - c2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin[0] = tin0; - tin1 ^= tout1; - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); - tout0 = tin[0]; - l2c(tout0, out); - tout1 = tin[1]; - l2c(tout1, out); - } -#ifndef CBC_ENC_C__DONT_UPDATE_IV - iv = &(*ivec)[0]; - l2c(tout0, iv); - l2c(tout1, iv); -#endif - } else { - c2l(iv, xor0); - c2l(iv, xor1); - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - tin[0] = tin0; - c2l(in, tin1); - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2c(tout0, out); - l2c(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - c2l(in, tin0); - tin[0] = tin0; - c2l(in, tin1); - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2cn(tout0, tout1, out, l + 8); -#ifndef CBC_ENC_C__DONT_UPDATE_IV - xor0 = tin0; - xor1 = tin1; -#endif - } -#ifndef CBC_ENC_C__DONT_UPDATE_IV - iv = &(*ivec)[0]; - l2c(xor0, iv); - l2c(xor1, iv); -#endif - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} -#ifdef CBC_ENC_C__DONT_UPDATE_IV -LCRYPTO_ALIAS(DES_cbc_encrypt); -#else -LCRYPTO_ALIAS(DES_ncbc_encrypt); -#endif diff --git a/lib/libcrypto/des/ofb64ede.c b/lib/libcrypto/des/ofb64ede.c deleted file mode 100644 index 949b22047..000000000 --- a/lib/libcrypto/des/ofb64ede.c +++ /dev/null @@ -1,113 +0,0 @@ -/* $OpenBSD: ofb64ede.c,v 1.9 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -/* The input and output encrypted as though 64bit ofb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ -void -DES_ede3_ofb64_encrypt(const unsigned char *in, - unsigned char *out, long length, - DES_key_schedule *k1, DES_key_schedule *k2, - DES_key_schedule *k3, DES_cblock *ivec, - int *num) -{ - DES_LONG v0, v1; - int n = *num; - long l = length; - DES_cblock d; - char *dp; - DES_LONG ti[2]; - unsigned char *iv; - int save = 0; - - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2c(v0, dp); - l2c(v1, dp); - while (l--) { - if (n == 0) { - /* ti[0]=v0; */ - /* ti[1]=v1; */ - DES_encrypt3(ti, k1, k2, k3); - v0 = ti[0]; - v1 = ti[1]; - - dp = (char *)d; - l2c(v0, dp); - l2c(v1, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - } - v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} -LCRYPTO_ALIAS(DES_ede3_ofb64_encrypt); diff --git a/lib/libcrypto/des/ofb64enc.c b/lib/libcrypto/des/ofb64enc.c deleted file mode 100644 index 5e524dd9e..000000000 --- a/lib/libcrypto/des/ofb64enc.c +++ /dev/null @@ -1,110 +0,0 @@ -/* $OpenBSD: ofb64enc.c,v 1.9 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -/* The input and output encrypted as though 64bit ofb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ -void -DES_ofb64_encrypt(const unsigned char *in, - unsigned char *out, long length, - DES_key_schedule *schedule, DES_cblock *ivec, int *num) -{ - DES_LONG v0, v1, t; - int n = *num; - long l = length; - DES_cblock d; - unsigned char *dp; - DES_LONG ti[2]; - unsigned char *iv; - int save = 0; - - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = d; - l2c(v0, dp); - l2c(v1, dp); - while (l--) { - if (n == 0) { - DES_encrypt1(ti, schedule, DES_ENCRYPT); - dp = d; - t = ti[0]; - l2c(t, dp); - t = ti[1]; - l2c(t, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} -LCRYPTO_ALIAS(DES_ofb64_encrypt); diff --git a/lib/libcrypto/des/ofb_enc.c b/lib/libcrypto/des/ofb_enc.c deleted file mode 100644 index 96dc25ee2..000000000 --- a/lib/libcrypto/des/ofb_enc.c +++ /dev/null @@ -1,134 +0,0 @@ -/* $OpenBSD: ofb_enc.c,v 1.9 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -/* The input and output are loaded in multiples of 8 bits. - * What this means is that if you hame numbits=12 and length=2 - * the first 12 bits will be retrieved from the first byte and half - * the second. The second 12 bits will come from the 3rd and half the 4th - * byte. - */ -void -DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, - DES_cblock *ivec) -{ - DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7)/8; - DES_LONG mask0, mask1; - long l = length; - int num = numbits; - DES_LONG ti[2]; - unsigned char *iv; - - if (num > 64) - return; - if (num > 32) { - mask0 = 0xffffffffL; - if (num >= 64) - mask1 = mask0; - else - mask1 = (1L << (num - 32)) - 1; - } else { - if (num == 32) - mask0 = 0xffffffffL; - else - mask0 = (1L << num) - 1; - mask1 = 0x00000000L; - } - - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - while (l-- > 0) { - ti[0] = v0; - ti[1] = v1; - DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); - vv0 = ti[0]; - vv1 = ti[1]; - c2ln(in, d0, d1, n); - in += n; - d0 = (d0 ^ vv0) & mask0; - d1 = (d1 ^ vv1) & mask1; - l2cn(d0, d1, out, n); - out += n; - - if (num == 32) { - v0 = v1; - v1 = vv0; - } else if (num == 64) { - v0 = vv0; - v1 = vv1; - } else if (num > 32) { /* && num != 64 */ - v0 = ((v1 >> (num - 32))|(vv0 << (64 - num))) & - 0xffffffffL; - v1 = ((vv0 >> (num - 32))|(vv1 << (64 - num))) & - 0xffffffffL; - } else /* num < 32 */ { - v0 = ((v0 >> num)|(v1 << (32 - num))) & 0xffffffffL; - v1 = ((v1 >> num)|(vv0 << (32 - num))) & 0xffffffffL; - } - } - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0; -} -LCRYPTO_ALIAS(DES_ofb_encrypt); diff --git a/lib/libcrypto/des/pcbc_enc.c b/lib/libcrypto/des/pcbc_enc.c deleted file mode 100644 index defd628d4..000000000 --- a/lib/libcrypto/des/pcbc_enc.c +++ /dev/null @@ -1,117 +0,0 @@ -/* $OpenBSD: pcbc_enc.c,v 1.10 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -void -DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int enc) -{ - DES_LONG sin0, sin1, xor0, xor1, tout0, tout1; - DES_LONG tin[2]; - const unsigned char *in; - unsigned char *out, *iv; - - in = input; - out = output; - iv = &(*ivec)[0]; - - if (enc) { - c2l(iv, xor0); - c2l(iv, xor1); - for (; length > 0; length -= 8) { - if (length >= 8) { - c2l(in, sin0); - c2l(in, sin1); - } else - c2ln(in, sin0, sin1, length); - tin[0] = sin0 ^ xor0; - tin[1] = sin1 ^ xor1; - DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); - tout0 = tin[0]; - tout1 = tin[1]; - xor0 = sin0 ^ tout0; - xor1 = sin1 ^ tout1; - l2c(tout0, out); - l2c(tout1, out); - } - } else { - c2l(iv, xor0); - c2l(iv, xor1); - for (; length > 0; length -= 8) { - c2l(in, sin0); - c2l(in, sin1); - tin[0] = sin0; - tin[1] = sin1; - DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - if (length >= 8) { - l2c(tout0, out); - l2c(tout1, out); - } else - l2cn(tout0, tout1, out, length); - xor0 = tout0 ^ sin0; - xor1 = tout1 ^ sin1; - } - } - tin[0] = tin[1] = 0; - sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0; -} -LCRYPTO_ALIAS(DES_pcbc_encrypt); diff --git a/lib/libcrypto/des/spr.h b/lib/libcrypto/des/spr.h deleted file mode 100644 index e0f413e46..000000000 --- a/lib/libcrypto/des/spr.h +++ /dev/null @@ -1,209 +0,0 @@ -/* $OpenBSD: spr.h,v 1.8 2023/07/08 07:34:34 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -__BEGIN_HIDDEN_DECLS - -const DES_LONG DES_SPtrans[8][64] = { - { -/* nibble 0 */ - 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, - 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, - 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, - 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, - 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, - 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, - 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, - 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, - 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, - 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, - 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, - 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, - 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, - 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, - 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, - 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, - }, { -/* nibble 1 */ - 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, - 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, - 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, - 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, - 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, - 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, - 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, - 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, - 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, - 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, - 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, - 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, - 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, - 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, - 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, - 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, - }, { -/* nibble 2 */ - 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, - 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, - 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, - 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, - 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, - 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, - 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, - 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, - 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, - 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, - 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, - 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, - 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, - 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, - }, { -/* nibble 3 */ - 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, - 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, - 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, - 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, - 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, - 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, - 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, - 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, - 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, - 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, - 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, - 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, - 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, - 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, - 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, - 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, - }, { -/* nibble 4 */ - 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, - 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, - 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, - 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, - 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, - 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, - 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, - 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, - 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, - 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, - 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, - 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, - 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, - 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, - }, { -/* nibble 5 */ - 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, - 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, - 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, - 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, - 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, - 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, - 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, - 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, - 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, - 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, - 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, - 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, - 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, - 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, - 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, - 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, - }, { -/* nibble 6 */ - 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, - 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, - 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, - 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, - 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, - 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, - 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, - 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, - 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, - 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, - 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, - 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, - 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, - 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, - 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, - 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, - }, { -/* nibble 7 */ - 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, - 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, - 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, - 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, - 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, - 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, - 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, - 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, - 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, - 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, - 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, - 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, - 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, - 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, - 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, - 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, - }, -}; - -__END_HIDDEN_DECLS diff --git a/lib/libcrypto/des/str2key.c b/lib/libcrypto/des/str2key.c deleted file mode 100644 index cc5bc91b4..000000000 --- a/lib/libcrypto/des/str2key.c +++ /dev/null @@ -1,168 +0,0 @@ -/* $OpenBSD: str2key.c,v 1.14 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "des_local.h" - -void -DES_string_to_key(const char *str, DES_cblock *key) -{ - DES_key_schedule ks; - int i, length; - unsigned char j; - - memset(key, 0, 8); - length = strlen(str); -#ifdef OLD_STR_TO_KEY - for (i = 0; i < length; i++) - (*key)[i % 8] ^= (str[i] << 1); -#else /* MIT COMPATIBLE */ - for (i = 0; i < length; i++) { - j = str[i]; - if ((i % 16) < 8) - (*key)[i % 8] ^= (j << 1); - else { - /* Reverse the bit order 05/05/92 eay */ - j = ((j << 4) & 0xf0)|((j >> 4) & 0x0f); - j = ((j << 2) & 0xcc)|((j >> 2) & 0x33); - j = ((j << 1) & 0xaa)|((j >> 1) & 0x55); - (*key)[7 - (i % 8)] ^= j; - } - } -#endif - DES_set_odd_parity(key); -#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY - if (DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; - DES_set_key(key, &ks); -#else - DES_set_key_unchecked(key, &ks); -#endif - DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); - explicit_bzero(&ks, sizeof(ks)); - DES_set_odd_parity(key); -} -LCRYPTO_ALIAS(DES_string_to_key); - -void -DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) -{ - DES_key_schedule ks; - int i, length; - unsigned char j; - - memset(key1, 0, 8); - memset(key2, 0, 8); - length = strlen(str); -#ifdef OLD_STR_TO_KEY - if (length <= 8) { - for (i = 0; i < length; i++) { - (*key2)[i] = (*key1)[i] = (str[i] << 1); - } - } else { - for (i = 0; i < length; i++) { - if ((i/8) & 1) - (*key2)[i % 8] ^= (str[i] << 1); - else - (*key1)[i % 8] ^= (str[i] << 1); - } - } -#else /* MIT COMPATIBLE */ - for (i = 0; i < length; i++) { - j = str[i]; - if ((i % 32) < 16) { - if ((i % 16) < 8) - (*key1)[i % 8] ^= (j << 1); - else - (*key2)[i % 8] ^= (j << 1); - } else { - j = ((j << 4) & 0xf0)|((j >> 4) & 0x0f); - j = ((j << 2) & 0xcc)|((j >> 2) & 0x33); - j = ((j << 1) & 0xaa)|((j >> 1) & 0x55); - if ((i % 16) < 8) - (*key1)[7 - (i % 8)] ^= j; - else - (*key2)[7 - (i % 8)] ^= j; - } - } - if (length <= 8) - memcpy(key2, key1, 8); -#endif - DES_set_odd_parity(key1); - DES_set_odd_parity(key2); -#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY - if (DES_is_weak_key(key1)) - (*key1)[7] ^= 0xF0; - DES_set_key(key1, &ks); -#else - DES_set_key_unchecked(key1, &ks); -#endif - DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1); -#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY - if (DES_is_weak_key(key2)) - (*key2)[7] ^= 0xF0; - DES_set_key(key2, &ks); -#else - DES_set_key_unchecked(key2, &ks); -#endif - DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2); - explicit_bzero(&ks, sizeof(ks)); - DES_set_odd_parity(key1); - DES_set_odd_parity(key2); -} -LCRYPTO_ALIAS(DES_string_to_2keys); diff --git a/lib/libcrypto/des/xcbc_enc.c b/lib/libcrypto/des/xcbc_enc.c deleted file mode 100644 index 90607cad3..000000000 --- a/lib/libcrypto/des/xcbc_enc.c +++ /dev/null @@ -1,154 +0,0 @@ -/* $OpenBSD: xcbc_enc.c,v 1.13 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_local.h" - -/* RSA's DESX */ - -void -DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, const_DES_cblock *inw, - const_DES_cblock *outw, int enc) -{ - DES_LONG tin0, tin1; - DES_LONG tout0, tout1, xor0, xor1; - DES_LONG inW0, inW1, outW0, outW1; - const unsigned char *in2; - long l = length; - DES_LONG tin[2]; - unsigned char *iv; - - in2 = &(*inw)[0]; - c2l(in2, inW0); - c2l(in2, inW1); - in2 = &(*outw)[0]; - c2l(in2, outW0); - c2l(in2, outW1); - - iv = &(*ivec)[0]; - - if (enc) { - c2l(iv, tout0); - c2l(iv, tout1); - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - c2l(in, tin1); - tin0 ^= tout0 ^ inW0; - tin[0] = tin0; - tin1 ^= tout1 ^ inW1; - tin[1] = tin1; - DES_encrypt1(tin, schedule, DES_ENCRYPT); - tout0 = tin[0] ^ outW0; - l2c(tout0, out); - tout1 = tin[1] ^ outW1; - l2c(tout1, out); - } - if (l != -8) { - c2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0 ^ inW0; - tin[0] = tin0; - tin1 ^= tout1 ^ inW1; - tin[1] = tin1; - DES_encrypt1(tin, schedule, DES_ENCRYPT); - tout0 = tin[0] ^ outW0; - l2c(tout0, out); - tout1 = tin[1] ^ outW1; - l2c(tout1, out); - } - iv = &(*ivec)[0]; - l2c(tout0, iv); - l2c(tout1, iv); - } else { - c2l(iv, xor0); - c2l(iv, xor1); - for (l -= 8; l > 0; l -= 8) { - c2l(in, tin0); - tin[0] = tin0 ^ outW0; - c2l(in, tin1); - tin[1] = tin1 ^ outW1; - DES_encrypt1(tin, schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0 ^ inW0; - tout1 = tin[1] ^ xor1 ^ inW1; - l2c(tout0, out); - l2c(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - c2l(in, tin0); - tin[0] = tin0 ^ outW0; - c2l(in, tin1); - tin[1] = tin1 ^ outW1; - DES_encrypt1(tin, schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0 ^ inW0; - tout1 = tin[1] ^ xor1 ^ inW1; - l2cn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - - iv = &(*ivec)[0]; - l2c(xor0, iv); - l2c(xor1, iv); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - inW0 = inW1 = outW0 = outW1 = 0; - tin[0] = tin[1] = 0; -} -LCRYPTO_ALIAS(DES_xcbc_encrypt); diff --git a/lib/libcrypto/err/err.c b/lib/libcrypto/err/err.c index e40b52f5e..d8ad4f8ba 100644 --- a/lib/libcrypto/err/err.c +++ b/lib/libcrypto/err/err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err.c,v 1.62 2024/07/09 07:17:13 beck Exp $ */ +/* $OpenBSD: err.c,v 1.63 2024/08/31 10:09:15 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1130,37 +1130,6 @@ ERR_asprintf_error_data(char * format, ...) } LCRYPTO_ALIAS(ERR_asprintf_error_data); -void -ERR_add_error_vdata(int num, va_list args) -{ - char format[129]; - char *errbuf; - int i; - - format[0] = '\0'; - for (i = 0; i < num; i++) { - if (strlcat(format, "%s", sizeof(format)) >= sizeof(format)) { - ERR_set_error_data("too many errors", ERR_TXT_STRING); - return; - } - } - if (vasprintf(&errbuf, format, args) == -1) - ERR_set_error_data("malloc failed", ERR_TXT_STRING); - else - ERR_set_error_data(errbuf, ERR_TXT_MALLOCED|ERR_TXT_STRING); -} -LCRYPTO_ALIAS(ERR_add_error_vdata); - -void -ERR_add_error_data(int num, ...) -{ - va_list args; - va_start(args, num); - ERR_add_error_vdata(num, args); - va_end(args); -} -LCRYPTO_ALIAS(ERR_add_error_data); - int ERR_set_mark(void) { diff --git a/lib/libcrypto/err/err.h b/lib/libcrypto/err/err.h index 9f64dd279..66bd54dee 100644 --- a/lib/libcrypto/err/err.h +++ b/lib/libcrypto/err/err.h @@ -1,4 +1,4 @@ -/* $OpenBSD: err.h,v 1.34 2024/07/09 07:17:13 beck Exp $ */ +/* $OpenBSD: err.h,v 1.35 2024/08/31 10:09:15 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -374,8 +374,6 @@ void ERR_print_errors_fp(FILE *fp); void ERR_print_errors(BIO *bp); #endif void ERR_asprintf_error_data(char * format, ...); -void ERR_add_error_data(int num, ...); -void ERR_add_error_vdata(int num, va_list args); void ERR_load_strings(int lib, ERR_STRING_DATA *str); void ERR_unload_strings(int lib, ERR_STRING_DATA *str); void ERR_load_ERR_strings(void); diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index 2db8acfa0..c2b81d057 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.135 2024/07/09 16:15:37 tb Exp $ */ +/* $OpenBSD: evp.h,v 1.137 2024/08/31 10:38:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -595,9 +595,6 @@ const EVP_MD *EVP_sm3(void); #ifndef OPENSSL_NO_RIPEMD const EVP_MD *EVP_ripemd160(void); #endif -#ifndef OPENSSL_NO_WHIRLPOOL -const EVP_MD *EVP_whirlpool(void); -#endif const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ #ifndef OPENSSL_NO_DES const EVP_CIPHER *EVP_des_ecb(void); @@ -985,9 +982,6 @@ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); -int EVP_PKEY_check(EVP_PKEY_CTX *ctx); -int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); -int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); diff --git a/lib/libcrypto/evp/evp_names.c b/lib/libcrypto/evp/evp_names.c index af3fd17c1..817d33602 100644 --- a/lib/libcrypto/evp/evp_names.c +++ b/lib/libcrypto/evp/evp_names.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_names.c,v 1.17 2024/07/29 06:05:31 tb Exp $ */ +/* $OpenBSD: evp_names.c,v 1.18 2024/08/31 10:38:49 tb Exp $ */ /* * Copyright (c) 2023 Theo Buehler * @@ -1464,11 +1464,6 @@ static const struct digest_name digest_names[] = { .digest = EVP_sha1, .alias = SN_sha1, }, - - { - .name = SN_whirlpool, - .digest = EVP_whirlpool, - }, }; #define N_DIGEST_NAMES (sizeof(digest_names) / sizeof(digest_names[0])) diff --git a/lib/libcrypto/evp/evp_pkey.c b/lib/libcrypto/evp/evp_pkey.c index dcbd51f08..5bec81106 100644 --- a/lib/libcrypto/evp/evp_pkey.c +++ b/lib/libcrypto/evp/evp_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_pkey.c,v 1.31 2024/08/22 12:21:07 tb Exp $ */ +/* $OpenBSD: evp_pkey.c,v 1.32 2024/08/31 10:25:38 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -140,83 +140,3 @@ error: return NULL; } LCRYPTO_ALIAS(EVP_PKEY2PKCS8); - -/* - * XXX - delete all the garbage below in the next bump. - */ - -int -EVP_PKEY_add1_attr_by_NID(EVP_PKEY *pkey, int nid, int type, - const unsigned char *bytes, int len) -{ - EVPerror(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(EVP_PKEY_add1_attr_by_NID); - -int -EVP_PKEY_get_attr_count(const EVP_PKEY *key) -{ - EVPerror(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(EVP_PKEY_get_attr_count); - -int -EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) -{ - EVPerror(ERR_R_DISABLED); - return -1; -} -LCRYPTO_ALIAS(EVP_PKEY_get_attr_by_NID); - -int -EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, - int lastpos) -{ - EVPerror(ERR_R_DISABLED); - return -1; -} -LCRYPTO_ALIAS(EVP_PKEY_get_attr_by_OBJ); - -X509_ATTRIBUTE * -EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) -{ - EVPerror(ERR_R_DISABLED); - return NULL; -} -LCRYPTO_ALIAS(EVP_PKEY_get_attr); - -X509_ATTRIBUTE * -EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) -{ - EVPerror(ERR_R_DISABLED); - return NULL; -} -LCRYPTO_ALIAS(EVP_PKEY_delete_attr); - -int -EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) -{ - EVPerror(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(EVP_PKEY_add1_attr); - -int -EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) -{ - EVPerror(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(EVP_PKEY_add1_attr_by_OBJ); - -int -EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, const char *attrname, int type, - const unsigned char *bytes, int len) -{ - EVPerror(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(EVP_PKEY_add1_attr_by_txt); diff --git a/lib/libcrypto/evp/m_wp.c b/lib/libcrypto/evp/m_wp.c deleted file mode 100644 index 6755d56e4..000000000 --- a/lib/libcrypto/evp/m_wp.c +++ /dev/null @@ -1,54 +0,0 @@ -/* $OpenBSD: m_wp.c,v 1.14 2024/04/09 13:52:41 beck Exp $ */ - -#include - -#include - -#ifndef OPENSSL_NO_WHIRLPOOL - -#include -#include -#include -#include - -#include "evp_local.h" - -static int -init(EVP_MD_CTX *ctx) -{ - return WHIRLPOOL_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return WHIRLPOOL_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return WHIRLPOOL_Final(md, ctx->md_data); -} - -static const EVP_MD whirlpool_md = { - .type = NID_whirlpool, - .pkey_type = 0, - .md_size = WHIRLPOOL_DIGEST_LENGTH, - .flags = 0, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, - .block_size = WHIRLPOOL_BBLOCK / 8, - .ctx_size = sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), -}; - -const EVP_MD * -EVP_whirlpool(void) -{ - return (&whirlpool_md); -} -LCRYPTO_ALIAS(EVP_whirlpool); -#endif diff --git a/lib/libcrypto/evp/pmeth_gn.c b/lib/libcrypto/evp/pmeth_gn.c index 415690cd0..bc1c5bd7d 100644 --- a/lib/libcrypto/evp/pmeth_gn.c +++ b/lib/libcrypto/evp/pmeth_gn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_gn.c,v 1.20 2024/08/29 16:58:19 tb Exp $ */ +/* $OpenBSD: pmeth_gn.c,v 1.21 2024/08/31 09:14:21 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -225,31 +225,3 @@ merr: return mac_key; } LCRYPTO_ALIAS(EVP_PKEY_new_mac_key); - -/* - * XXX - remove the API below in the next bump. - */ - -int -EVP_PKEY_check(EVP_PKEY_CTX *ctx) -{ - EVPerror(ERR_R_DISABLED); - return -2; -} -LCRYPTO_ALIAS(EVP_PKEY_check); - -int -EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) -{ - EVPerror(ERR_R_DISABLED); - return -2; -} -LCRYPTO_ALIAS(EVP_PKEY_public_check); - -int -EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) -{ - EVPerror(ERR_R_DISABLED); - return -2; -} -LCRYPTO_ALIAS(EVP_PKEY_param_check); diff --git a/lib/libcrypto/hidden/openssl/conf.h b/lib/libcrypto/hidden/openssl/conf.h index 9408a543e..f3780985b 100644 --- a/lib/libcrypto/hidden/openssl/conf.h +++ b/lib/libcrypto/hidden/openssl/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.1 2024/04/09 14:57:28 tb Exp $ */ +/* $OpenBSD: conf.h,v 1.9 2024/08/31 09:54:31 tb Exp $ */ /* * Copyright (c) 2024 Bob Beck * @@ -25,50 +25,21 @@ #endif #include "crypto_namespace.h" -LCRYPTO_USED(CONF_set_default_method); -LCRYPTO_USED(CONF_set_nconf); -LCRYPTO_USED(CONF_load); -LCRYPTO_USED(CONF_load_fp); -LCRYPTO_USED(CONF_load_bio); -LCRYPTO_USED(CONF_get_section); -LCRYPTO_USED(CONF_get_string); -LCRYPTO_USED(CONF_get_number); -LCRYPTO_USED(CONF_free); -LCRYPTO_USED(CONF_dump_fp); -LCRYPTO_USED(CONF_dump_bio); LCRYPTO_USED(OPENSSL_config); LCRYPTO_USED(OPENSSL_no_config); LCRYPTO_USED(NCONF_new); -LCRYPTO_USED(NCONF_default); -LCRYPTO_USED(NCONF_WIN32); LCRYPTO_USED(NCONF_free); -LCRYPTO_USED(NCONF_free_data); LCRYPTO_USED(NCONF_load); -LCRYPTO_USED(NCONF_load_fp); LCRYPTO_USED(NCONF_load_bio); LCRYPTO_USED(NCONF_get_section); LCRYPTO_USED(NCONF_get_string); LCRYPTO_USED(NCONF_get_number_e); -LCRYPTO_USED(NCONF_dump_fp); -LCRYPTO_USED(NCONF_dump_bio); LCRYPTO_USED(CONF_modules_load); LCRYPTO_USED(CONF_modules_load_file); LCRYPTO_USED(CONF_modules_unload); LCRYPTO_USED(CONF_modules_finish); LCRYPTO_USED(CONF_modules_free); -LCRYPTO_USED(CONF_module_add); -LCRYPTO_USED(CONF_imodule_get_name); -LCRYPTO_USED(CONF_imodule_get_value); -LCRYPTO_USED(CONF_imodule_get_usr_data); -LCRYPTO_USED(CONF_imodule_set_usr_data); -LCRYPTO_USED(CONF_imodule_get_module); -LCRYPTO_USED(CONF_imodule_get_flags); -LCRYPTO_USED(CONF_imodule_set_flags); -LCRYPTO_USED(CONF_module_get_usr_data); -LCRYPTO_USED(CONF_module_set_usr_data); LCRYPTO_USED(CONF_get1_default_config_file); -LCRYPTO_USED(CONF_parse_list); -LCRYPTO_USED(OPENSSL_load_builtin_modules); LCRYPTO_USED(ERR_load_CONF_strings); #endif /* _LIBCRYPTO_CONF_H */ diff --git a/lib/libcrypto/hidden/openssl/conf_api.h b/lib/libcrypto/hidden/openssl/conf_api.h deleted file mode 100644 index 5ff895661..000000000 --- a/lib/libcrypto/hidden/openssl/conf_api.h +++ /dev/null @@ -1,36 +0,0 @@ -/* $OpenBSD: conf_api.h,v 1.1 2023/07/08 08:26:26 beck Exp $ */ -/* - * Copyright (c) 2023 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _LIBCRYPTO_CONF_API_H -#define _LIBCRYPTO_CONF_API_H - -#ifndef _MSC_VER -#include_next -#else -#include "../include/openssl/conf_api.h" -#endif -#include "crypto_namespace.h" - -LCRYPTO_USED(_CONF_new_section); -LCRYPTO_USED(_CONF_get_section); -LCRYPTO_USED(_CONF_get_section_values); -LCRYPTO_USED(_CONF_add_string); -LCRYPTO_USED(_CONF_get_string); -LCRYPTO_USED(_CONF_new_data); -LCRYPTO_USED(_CONF_free_data); - -#endif /* _LIBCRYPTO_CONF_API_H */ diff --git a/lib/libcrypto/hidden/openssl/des.h b/lib/libcrypto/hidden/openssl/des.h index e632de4b1..645181199 100644 --- a/lib/libcrypto/hidden/openssl/des.h +++ b/lib/libcrypto/hidden/openssl/des.h @@ -1,4 +1,4 @@ -/* $OpenBSD: des.h,v 1.2 2024/07/09 07:16:13 beck Exp $ */ +/* $OpenBSD: des.h,v 1.3 2024/08/31 10:30:16 tb Exp $ */ /* * Copyright (c) 2024 Joshua Sing * @@ -41,8 +41,6 @@ LCRYPTO_USED(DES_ede3_cbcm_encrypt); LCRYPTO_USED(DES_ede3_cfb64_encrypt); LCRYPTO_USED(DES_ede3_cfb_encrypt); LCRYPTO_USED(DES_ede3_ofb64_encrypt); -LCRYPTO_USED(DES_enc_read); -LCRYPTO_USED(DES_enc_write); LCRYPTO_USED(DES_fcrypt); LCRYPTO_USED(DES_crypt); LCRYPTO_USED(DES_ofb_encrypt); @@ -62,7 +60,6 @@ LCRYPTO_USED(DES_cfb64_encrypt); LCRYPTO_USED(DES_ofb64_encrypt); #if defined(LIBRESSL_NAMESPACE) extern LCRYPTO_USED(DES_check_key); -extern LCRYPTO_USED(DES_rw_mode); #endif #endif /* _LIBCRYPTO_DES_H */ diff --git a/lib/libcrypto/hidden/openssl/err.h b/lib/libcrypto/hidden/openssl/err.h index 5a5893f81..026c18a54 100644 --- a/lib/libcrypto/hidden/openssl/err.h +++ b/lib/libcrypto/hidden/openssl/err.h @@ -1,4 +1,4 @@ -/* $OpenBSD: err.h,v 1.6 2024/07/09 07:17:13 beck Exp $ */ +/* $OpenBSD: err.h,v 1.7 2024/08/31 10:09:15 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -56,7 +56,5 @@ LCRYPTO_USED(ERR_remove_state); LCRYPTO_USED(ERR_get_next_error_library); LCRYPTO_USED(ERR_set_mark); LCRYPTO_USED(ERR_pop_to_mark); -LCRYPTO_UNUSED(ERR_add_error_data); -LCRYPTO_UNUSED(ERR_add_error_vdata); #endif /* _LIBCRYPTO_ERR_H */ diff --git a/lib/libcrypto/hidden/openssl/evp.h b/lib/libcrypto/hidden/openssl/evp.h index 7721a2f41..644ba683a 100644 --- a/lib/libcrypto/hidden/openssl/evp.h +++ b/lib/libcrypto/hidden/openssl/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.4 2024/04/10 15:00:38 beck Exp $ */ +/* $OpenBSD: evp.h,v 1.6 2024/08/31 10:38:49 tb Exp $ */ /* * Copyright (c) 2024 Bob Beck * @@ -160,7 +160,6 @@ LCRYPTO_USED(EVP_sha3_384); LCRYPTO_USED(EVP_sha3_512); LCRYPTO_USED(EVP_sm3); LCRYPTO_USED(EVP_ripemd160); -LCRYPTO_USED(EVP_whirlpool); LCRYPTO_USED(EVP_enc_null); LCRYPTO_USED(EVP_des_ecb); LCRYPTO_USED(EVP_des_ede); @@ -353,9 +352,6 @@ LCRYPTO_USED(EVP_PKEY_paramgen_init); LCRYPTO_USED(EVP_PKEY_paramgen); LCRYPTO_USED(EVP_PKEY_keygen_init); LCRYPTO_USED(EVP_PKEY_keygen); -LCRYPTO_USED(EVP_PKEY_check); -LCRYPTO_USED(EVP_PKEY_public_check); -LCRYPTO_USED(EVP_PKEY_param_check); LCRYPTO_USED(EVP_PKEY_CTX_set_cb); LCRYPTO_USED(EVP_PKEY_CTX_get_cb); LCRYPTO_USED(EVP_PKEY_CTX_get_keygen_info); diff --git a/lib/libcrypto/hidden/openssl/hmac.h b/lib/libcrypto/hidden/openssl/hmac.h index ecf8aa999..ef8d2187b 100644 --- a/lib/libcrypto/hidden/openssl/hmac.h +++ b/lib/libcrypto/hidden/openssl/hmac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.h,v 1.2 2023/07/05 21:14:54 bcook Exp $ */ +/* $OpenBSD: hmac.h,v 1.3 2024/08/31 10:42:21 tb Exp $ */ /* * Copyright (c) 2016 Philip Guenther * @@ -28,7 +28,6 @@ LCRYPTO_USED(HMAC_CTX_new); LCRYPTO_USED(HMAC_CTX_free); LCRYPTO_UNUSED(HMAC_CTX_reset); -LCRYPTO_UNUSED(HMAC_Init); LCRYPTO_USED(HMAC_Init_ex); LCRYPTO_USED(HMAC_Update); LCRYPTO_USED(HMAC_Final); diff --git a/lib/libcrypto/hidden/openssl/ui.h b/lib/libcrypto/hidden/openssl/ui.h index bf5fb6924..7bf849d4c 100644 --- a/lib/libcrypto/hidden/openssl/ui.h +++ b/lib/libcrypto/hidden/openssl/ui.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ui.h,v 1.4 2024/08/24 07:51:19 tb Exp $ */ +/* $OpenBSD: ui.h,v 1.5 2024/08/31 10:28:03 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -75,8 +75,6 @@ LCRYPTO_USED(UI_get0_test_string); LCRYPTO_USED(UI_get_result_minsize); LCRYPTO_USED(UI_get_result_maxsize); LCRYPTO_USED(UI_set_result); -LCRYPTO_UNUSED(UI_UTIL_read_pw_string); -LCRYPTO_UNUSED(UI_UTIL_read_pw); LCRYPTO_USED(ERR_load_UI_strings); LCRYPTO_USED(UI_method_get_prompt_constructor); diff --git a/lib/libcrypto/hidden/openssl/whrlpool.h b/lib/libcrypto/hidden/openssl/whrlpool.h deleted file mode 100644 index c3e4a51d3..000000000 --- a/lib/libcrypto/hidden/openssl/whrlpool.h +++ /dev/null @@ -1,34 +0,0 @@ -/* $OpenBSD: whrlpool.h,v 1.1 2024/03/30 03:45:47 joshua Exp $ */ -/* - * Copyright (c) 2024 Joshua Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _LIBCRYPTO_WHRLPOOL_H -#define _LIBCRYPTO_WHRLPOOL_H - -#ifndef _MSC_VER -#include_next -#else -#include "../include/openssl/whrlpool.h" -#endif -#include "crypto_namespace.h" - -LCRYPTO_USED(WHIRLPOOL_Init); -LCRYPTO_USED(WHIRLPOOL_Update); -LCRYPTO_USED(WHIRLPOOL_BitUpdate); -LCRYPTO_USED(WHIRLPOOL_Final); -LCRYPTO_USED(WHIRLPOOL); - -#endif /* _LIBCRYPTO_WHRLPOOL_H */ diff --git a/lib/libcrypto/hidden/openssl/x509.h b/lib/libcrypto/hidden/openssl/x509.h index d0ebe1679..ac990a631 100644 --- a/lib/libcrypto/hidden/openssl/x509.h +++ b/lib/libcrypto/hidden/openssl/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.10 2024/08/28 08:41:18 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.14 2024/08/31 10:46:40 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -140,8 +140,6 @@ LCRYPTO_USED(X509_REQ_get_pubkey); LCRYPTO_USED(i2d_re_X509_REQ_tbs); LCRYPTO_USED(X509_REQ_get0_pubkey); LCRYPTO_USED(X509_REQ_extension_nid); -LCRYPTO_USED(X509_REQ_get_extension_nids); -LCRYPTO_USED(X509_REQ_set_extension_nids); LCRYPTO_USED(X509_REQ_get_extensions); LCRYPTO_USED(X509_REQ_add_extensions_nid); LCRYPTO_USED(X509_REQ_add_extensions); @@ -243,16 +241,6 @@ LCRYPTO_USED(X509_EXTENSION_set_data); LCRYPTO_USED(X509_EXTENSION_get_object); LCRYPTO_USED(X509_EXTENSION_get_data); LCRYPTO_USED(X509_EXTENSION_get_critical); -LCRYPTO_UNUSED(X509at_get_attr_count); -LCRYPTO_USED(X509at_get_attr_by_NID); -LCRYPTO_USED(X509at_get_attr_by_OBJ); -LCRYPTO_UNUSED(X509at_get_attr); -LCRYPTO_UNUSED(X509at_delete_attr); -LCRYPTO_USED(X509at_add1_attr); -LCRYPTO_USED(X509at_add1_attr_by_OBJ); -LCRYPTO_USED(X509at_add1_attr_by_NID); -LCRYPTO_USED(X509at_add1_attr_by_txt); -LCRYPTO_USED(X509at_get0_data_by_OBJ); LCRYPTO_USED(X509_ATTRIBUTE_create_by_NID); LCRYPTO_USED(X509_ATTRIBUTE_create_by_OBJ); LCRYPTO_USED(X509_ATTRIBUTE_create_by_txt); @@ -265,7 +253,6 @@ LCRYPTO_USED(X509_ATTRIBUTE_get0_type); LCRYPTO_USED(X509_verify_cert); LCRYPTO_USED(X509_find_by_issuer_and_serial); LCRYPTO_USED(X509_find_by_subject); -LCRYPTO_USED(X509_check_trust); LCRYPTO_USED(X509_up_ref); LCRYPTO_USED(X509_chain_up_ref); LCRYPTO_USED(ERR_load_X509_strings); @@ -443,15 +430,6 @@ LCRYPTO_USED(X509_ocspid_print); LCRYPTO_USED(X509_CRL_print); LCRYPTO_USED(X509_REQ_print_ex); LCRYPTO_USED(X509_REQ_print); -LCRYPTO_UNUSED(EVP_PKEY_get_attr_count); -LCRYPTO_UNUSED(EVP_PKEY_get_attr_by_NID); -LCRYPTO_UNUSED(EVP_PKEY_get_attr_by_OBJ); -LCRYPTO_UNUSED(EVP_PKEY_get_attr); -LCRYPTO_UNUSED(EVP_PKEY_delete_attr); -LCRYPTO_UNUSED(EVP_PKEY_add1_attr); -LCRYPTO_UNUSED(EVP_PKEY_add1_attr_by_OBJ); -LCRYPTO_UNUSED(EVP_PKEY_add1_attr_by_NID); -LCRYPTO_UNUSED(EVP_PKEY_add1_attr_by_txt); LCRYPTO_USED(PKCS8_PRIV_KEY_INFO_new); LCRYPTO_USED(PKCS8_PRIV_KEY_INFO_free); LCRYPTO_USED(d2i_PKCS8_PRIV_KEY_INFO); diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h index d0d4e97ec..9f5a1ffdb 100644 --- a/lib/libcrypto/hidden/openssl/x509v3.h +++ b/lib/libcrypto/hidden/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.12 2024/08/28 08:59:03 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.15 2024/08/31 10:03:03 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -139,23 +139,8 @@ LCRYPTO_USED(X509V3_EXT_REQ_add_nconf); LCRYPTO_USED(X509V3_EXT_CRL_add_nconf); LCRYPTO_USED(X509V3_EXT_conf_nid); LCRYPTO_USED(X509V3_EXT_conf); -LCRYPTO_UNUSED(X509V3_EXT_add_conf); -LCRYPTO_UNUSED(X509V3_EXT_REQ_add_conf); -LCRYPTO_UNUSED(X509V3_EXT_CRL_add_conf); -LCRYPTO_USED(X509V3_add_value_bool_nf); -LCRYPTO_USED(X509V3_get_value_bool); -LCRYPTO_USED(X509V3_get_value_int); LCRYPTO_USED(X509V3_set_nconf); -LCRYPTO_UNUSED(X509V3_set_conf_lhash); -LCRYPTO_UNUSED(X509V3_get_string); -LCRYPTO_USED(X509V3_get_section); -LCRYPTO_UNUSED(X509V3_string_free); -LCRYPTO_USED(X509V3_section_free); LCRYPTO_USED(X509V3_set_ctx); -LCRYPTO_USED(X509V3_add_value); -LCRYPTO_USED(X509V3_add_value_uchar); -LCRYPTO_USED(X509V3_add_value_bool); -LCRYPTO_USED(X509V3_add_value_int); LCRYPTO_USED(i2s_ASN1_INTEGER); LCRYPTO_USED(s2i_ASN1_INTEGER); LCRYPTO_USED(i2s_ASN1_ENUMERATED); diff --git a/lib/libcrypto/hmac/hmac.c b/lib/libcrypto/hmac/hmac.c index 1315b1a0d..dc1614d3c 100644 --- a/lib/libcrypto/hmac/hmac.c +++ b/lib/libcrypto/hmac/hmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.c,v 1.35 2024/06/01 07:36:16 tb Exp $ */ +/* $OpenBSD: hmac.c,v 1.36 2024/08/31 10:42:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -136,15 +136,6 @@ err: } LCRYPTO_ALIAS(HMAC_Init_ex); -int -HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) -{ - if (key && md) - HMAC_CTX_init(ctx); - return HMAC_Init_ex(ctx, key, len, md, NULL); -} -LCRYPTO_ALIAS(HMAC_Init); - int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) { diff --git a/lib/libcrypto/hmac/hmac.h b/lib/libcrypto/hmac/hmac.h index 0f39009c9..6f29972aa 100644 --- a/lib/libcrypto/hmac/hmac.h +++ b/lib/libcrypto/hmac/hmac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.h,v 1.19 2024/07/09 07:57:57 tb Exp $ */ +/* $OpenBSD: hmac.h,v 1.20 2024/08/31 10:42:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -82,8 +82,6 @@ HMAC_CTX *HMAC_CTX_new(void); void HMAC_CTX_free(HMAC_CTX *ctx); int HMAC_CTX_reset(HMAC_CTX *ctx); -int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) - __attribute__ ((__bounded__(__buffer__, 2, 3))); int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) __attribute__ ((__bounded__(__buffer__, 2, 3))); diff --git a/lib/libcrypto/opensslfeatures.h b/lib/libcrypto/opensslfeatures.h index aecc872d4..f5d451621 100644 --- a/lib/libcrypto/opensslfeatures.h +++ b/lib/libcrypto/opensslfeatures.h @@ -1,4 +1,4 @@ -/* $OpenBSD: opensslfeatures.h,v 1.43 2024/03/02 11:25:46 tb Exp $ */ +/* $OpenBSD: opensslfeatures.h,v 1.44 2024/08/31 10:38:49 tb Exp $ */ /* * Feature flags for LibreSSL... so you can actually tell when things * are enabled, rather than not being able to tell when things are @@ -140,7 +140,7 @@ /* #define OPENSSL_NO_UNIT_TEST */ /* #define OPENSSL_NO_UNIX_SOCK */ /* #define OPENSSL_NO_WEAK_SSL_CIPHERS */ -/* #define OPENSSL_NO_WHIRLPOOL */ +#define OPENSSL_NO_WHIRLPOOL /* #define OPENSSL_NO_WINSTORE */ #define OPENSSL_NO_ZLIB /* #define OPENSSL_NO_ZSTD */ diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h index c6603655e..82d8bbb1f 100644 --- a/lib/libcrypto/opensslv.h +++ b/lib/libcrypto/opensslv.h @@ -1,11 +1,11 @@ -/* $OpenBSD: opensslv.h,v 1.78 2024/03/02 11:53:30 tb Exp $ */ +/* $OpenBSD: opensslv.h,v 1.79 2024/08/31 10:52:43 tb Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ -#define LIBRESSL_VERSION_NUMBER 0x3090000fL +#define LIBRESSL_VERSION_NUMBER 0x4000000fL /* ^ Patch starts here */ -#define LIBRESSL_VERSION_TEXT "LibreSSL 3.9.0" +#define LIBRESSL_VERSION_TEXT "LibreSSL 4.0.0" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L diff --git a/lib/libcrypto/shlib_version b/lib/libcrypto/shlib_version index 78e23ebf8..6a5cf94b4 100644 --- a/lib/libcrypto/shlib_version +++ b/lib/libcrypto/shlib_version @@ -1,3 +1,3 @@ # Don't forget to give libssl and libtls the same type of bump! -major=54 +major=55 minor=0 diff --git a/lib/libcrypto/ui/ui.h b/lib/libcrypto/ui/ui.h index c68843139..e297e9fba 100644 --- a/lib/libcrypto/ui/ui.h +++ b/lib/libcrypto/ui/ui.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ui.h,v 1.18 2023/04/18 08:33:43 tb Exp $ */ +/* $OpenBSD: ui.h,v 1.19 2024/08/31 10:28:03 tb Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -364,12 +364,6 @@ int UI_get_result_maxsize(UI_STRING *uis); /* Set the result of a UI_STRING. */ int UI_set_result(UI *ui, UI_STRING *uis, const char *result); -/* A couple of popular utility functions */ -int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, - int verify); -int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify); - void ERR_load_UI_strings(void); /* Error codes for the UI functions. */ diff --git a/lib/libcrypto/ui/ui_util.c b/lib/libcrypto/ui/ui_util.c deleted file mode 100644 index ad7adc5fc..000000000 --- a/lib/libcrypto/ui/ui_util.c +++ /dev/null @@ -1,75 +0,0 @@ -/* $OpenBSD: ui_util.c,v 1.16 2024/08/24 07:50:23 tb Exp $ */ -/* ==================================================================== - * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include - -/* XXX - remove in next bump. */ - -int -UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) -{ - return -1; -} -LCRYPTO_ALIAS(UI_UTIL_read_pw_string); - -int -UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, int verify) -{ - return -1; -} -LCRYPTO_ALIAS(UI_UTIL_read_pw); diff --git a/lib/libcrypto/whrlpool/whirlpool.c b/lib/libcrypto/whrlpool/whirlpool.c deleted file mode 100644 index 80e147c3b..000000000 --- a/lib/libcrypto/whrlpool/whirlpool.c +++ /dev/null @@ -1,855 +0,0 @@ -/* $OpenBSD: whirlpool.c,v 1.3 2024/06/01 07:36:17 tb Exp $ */ -/** - * The Whirlpool hashing function. - * - *

- * References - * - *

- * The Whirlpool algorithm was developed by - * Paulo S. L. M. Barreto and - * Vincent Rijmen. - * - * See - * P.S.L.M. Barreto, V. Rijmen, - * ``The Whirlpool hashing function,'' - * NESSIE submission, 2000 (tweaked version, 2001), - * - * - * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and - * Vincent Rijmen. Lookup "reference implementations" on - * - * - * ============================================================================= - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/* - * OpenSSL-specific implementation notes. - * - * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect - * number of *bytes* as input length argument. Bit-oriented routine - * as specified by authors is called WHIRLPOOL_BitUpdate[!] and - * does not have one-stroke counterpart. - * - * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially - * to serve WHIRLPOOL_Update. This is done for performance. - * - * Unlike authors' reference implementation, block processing - * routine whirlpool_block is designed to operate on multi-block - * input. This is done for performance. - */ - -#include -#include - -#include -#include - -typedef unsigned char u8; -#if defined(_LP64) -typedef unsigned long u64; -#else -typedef unsigned long long u64; -#endif - -#define ROUNDS 10 - -#undef SMALL_REGISTER_BANK -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define SMALL_REGISTER_BANK -# if defined(WHIRLPOOL_ASM) -# ifndef OPENSSL_SMALL_FOOTPRINT -# define OPENSSL_SMALL_FOOTPRINT /* it appears that for elder non-MMX - CPUs this is actually faster! */ -# endif -#include "x86_arch.h" -# define GO_FOR_MMX(ctx,inp,num) \ -do { \ - void whirlpool_block_mmx(void *,const void *,size_t); \ - if ((OPENSSL_cpu_caps() & CPUCAP_MASK_MMX) == 0) \ - break; \ - whirlpool_block_mmx(ctx->H.c,inp,num); \ - return; \ -} while (0) -# endif -#elif defined(__arm__) -# define SMALL_REGISTER_BANK -#endif - -#undef ROTATE -#if defined(__GNUC__) && __GNUC__>=2 -# if defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ u64 ret; asm ("rolq %1,%0" \ - : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) -# endif -#endif - -#if defined(OPENSSL_SMALL_FOOTPRINT) -# if !defined(ROTATE) -# if BYTE_ORDER == LITTLE_ENDIAN /* little-endians have to rotate left */ -# define ROTATE(i,n) ((i)<<(n) ^ (i)>>(64-n)) -# else /* big-endians have to rotate right */ -# define ROTATE(i,n) ((i)>>(n) ^ (i)<<(64-n)) -# endif -# endif -# if defined(ROTATE) && !defined(__STRICT_ALIGNMENT) -# define __STRICT_ALIGNMENT /* ensure smallest table size */ -# endif -#endif - -/* - * Table size depends on __STRICT_ALIGNMENT and whether or not endian- - * specific ROTATE macro is defined. If __STRICT_ALIGNMENT is not - * defined, which is normally the case on x86[_64] CPUs, the table is - * 4KB large unconditionally. Otherwise if ROTATE is defined, the - * table is 2KB large, and otherwise - 16KB. 2KB table requires a - * whole bunch of additional rotations, but I'm willing to "trade," - * because 16KB table certainly trashes L1 cache. I wish all CPUs - * could handle unaligned load as 4KB table doesn't trash the cache, - * nor does it require additional rotations. - */ -/* - * Note that every Cn macro expands as two loads: one byte load and - * one quadword load. One can argue that that many single-byte loads - * is too excessive, as one could load a quadword and "milk" it for - * eight 8-bit values instead. Well, yes, but in order to do so *and* - * avoid excessive loads you have to accommodate a handful of 64-bit - * values in the register bank and issue a bunch of shifts and mask. - * It's a tradeoff: loads vs. shift and mask in big register bank[!]. - * On most CPUs eight single-byte loads are faster and I let other - * ones to depend on smart compiler to fold byte loads if beneficial. - * Hand-coded assembler would be another alternative:-) - */ -#ifdef __STRICT_ALIGNMENT -# if defined(ROTATE) -# define N 1 -# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7 -# define C0(K,i) (Cx.q[K.c[(i)*8+0]]) -# define C1(K,i) ROTATE(Cx.q[K.c[(i)*8+1]],8) -# define C2(K,i) ROTATE(Cx.q[K.c[(i)*8+2]],16) -# define C3(K,i) ROTATE(Cx.q[K.c[(i)*8+3]],24) -# define C4(K,i) ROTATE(Cx.q[K.c[(i)*8+4]],32) -# define C5(K,i) ROTATE(Cx.q[K.c[(i)*8+5]],40) -# define C6(K,i) ROTATE(Cx.q[K.c[(i)*8+6]],48) -# define C7(K,i) ROTATE(Cx.q[K.c[(i)*8+7]],56) -# else -# define N 8 -# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ - c7,c0,c1,c2,c3,c4,c5,c6, \ - c6,c7,c0,c1,c2,c3,c4,c5, \ - c5,c6,c7,c0,c1,c2,c3,c4, \ - c4,c5,c6,c7,c0,c1,c2,c3, \ - c3,c4,c5,c6,c7,c0,c1,c2, \ - c2,c3,c4,c5,c6,c7,c0,c1, \ - c1,c2,c3,c4,c5,c6,c7,c0 -# define C0(K,i) (Cx.q[0+8*K.c[(i)*8+0]]) -# define C1(K,i) (Cx.q[1+8*K.c[(i)*8+1]]) -# define C2(K,i) (Cx.q[2+8*K.c[(i)*8+2]]) -# define C3(K,i) (Cx.q[3+8*K.c[(i)*8+3]]) -# define C4(K,i) (Cx.q[4+8*K.c[(i)*8+4]]) -# define C5(K,i) (Cx.q[5+8*K.c[(i)*8+5]]) -# define C6(K,i) (Cx.q[6+8*K.c[(i)*8+6]]) -# define C7(K,i) (Cx.q[7+8*K.c[(i)*8+7]]) -# endif -#else -# define N 2 -# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ - c0,c1,c2,c3,c4,c5,c6,c7 -# define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) -# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) -# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) -# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) -# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) -# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) -# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) -# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) -#endif - -static const -union { - u8 c[(256*N+ROUNDS)*sizeof(u64)]; - u64 q[(256*N+ROUNDS)]; - } Cx = { { - /* Note endian-neutral representation:-) */ - LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8), - LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26), - LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8), - LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb), - LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb), - LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11), - LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09), - LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d), - LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b), - LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff), - LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c), - LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e), - LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96), - LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30), - LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d), - LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8), - LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47), - LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35), - LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37), - LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a), - LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2), - LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c), - LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84), - LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80), - LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5), - LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3), - LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21), - LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c), - LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43), - LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29), - LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d), - LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5), - LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd), - LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8), - LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92), - LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e), - LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13), - LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23), - LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20), - LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44), - LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2), - LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf), - LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c), - LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a), - LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50), - LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9), - LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14), - LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9), - LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c), - LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f), - LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90), - LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07), - LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd), - LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3), - LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d), - LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78), - LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97), - LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02), - LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73), - LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7), - LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6), - LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2), - LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49), - LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56), - LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70), - LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd), - LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb), - LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71), - LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b), - LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf), - LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45), - LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a), - LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4), - LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58), - LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e), - LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f), - LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac), - LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0), - LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef), - LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6), - LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c), - LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12), - LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93), - LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde), - LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6), - LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1), - LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b), - LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f), - LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31), - LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8), - LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9), - LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc), - LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e), - LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b), - LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf), - LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59), - LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2), - LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77), - LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33), - LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4), - LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27), - LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb), - LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89), - LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32), - LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54), - LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d), - LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64), - LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d), - LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d), - LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f), - LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca), - LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7), - LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d), - LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce), - LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f), - LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f), - LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63), - LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a), - LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc), - LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82), - LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a), - LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48), - LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95), - LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf), - LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d), - LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0), - LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91), - LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8), - LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b), - LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00), - LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9), - LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e), - LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1), - LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6), - LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28), - LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3), - LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74), - LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe), - LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d), - LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea), - LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57), - LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38), - LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad), - LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4), - LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda), - LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7), - LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb), - LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9), - LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a), - LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03), - LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a), - LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e), - LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60), - LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc), - LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46), - LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f), - LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76), - LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa), - LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36), - LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae), - LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b), - LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85), - LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e), - LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7), - LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55), - LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a), - LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81), - LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52), - LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62), - LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3), - LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10), - LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab), - LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0), - LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5), - LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec), - LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16), - LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94), - LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f), - LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5), - LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98), - LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17), - LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4), - LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1), - LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e), - LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42), - LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34), - LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08), - LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee), - LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61), - LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1), - LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f), - LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24), - LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3), - LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25), - LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22), - LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65), - LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79), - LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69), - LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9), - LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19), - LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe), - LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a), - LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0), - LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99), - LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83), - LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04), - LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66), - LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0), - LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1), - LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd), - LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40), - LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c), - LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18), - LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b), - LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51), - LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05), - LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c), - LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39), - LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa), - LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b), - LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc), - LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e), - LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0), - LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88), - LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67), - LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a), - LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87), - LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1), - LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72), - LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53), - LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01), - LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b), - LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4), - LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3), - LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15), - LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c), - LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5), - LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5), - LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4), - LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba), - LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6), - LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7), - LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06), - LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41), - LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7), - LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f), - LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e), - LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6), - LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2), - LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68), - LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c), - LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed), - LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75), - LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86), - LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b), - LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2), -#define RC (&(Cx.q[256*N])) - 0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f, /* rc[ROUNDS] */ - 0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52, - 0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35, - 0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57, - 0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda, - 0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85, - 0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67, - 0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8, - 0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e, - 0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33 - } -}; - -void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n) - { - int r; - const u8 *p=inp; - union { u64 q[8]; u8 c[64]; } S,K,*H=(void *)ctx->H.q; - -#ifdef GO_FOR_MMX - GO_FOR_MMX(ctx,inp,n); -#endif - do { -#ifdef OPENSSL_SMALL_FOOTPRINT - u64 L[8]; - int i; - - for (i=0;i<64;i++) S.c[i] = (K.c[i] = H->c[i]) ^ p[i]; - for (r=0;rc[i] ^= S.c[i] ^ p[i]; -#else - u64 L0,L1,L2,L3,L4,L5,L6,L7; - -#ifdef __STRICT_ALIGNMENT - if ((size_t)p & 7) - { - memcpy (S.c,p,64); - S.q[0] ^= (K.q[0] = H->q[0]); - S.q[1] ^= (K.q[1] = H->q[1]); - S.q[2] ^= (K.q[2] = H->q[2]); - S.q[3] ^= (K.q[3] = H->q[3]); - S.q[4] ^= (K.q[4] = H->q[4]); - S.q[5] ^= (K.q[5] = H->q[5]); - S.q[6] ^= (K.q[6] = H->q[6]); - S.q[7] ^= (K.q[7] = H->q[7]); - } - else -#endif - { - const u64 *pa = (const u64*)p; - S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; - S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; - S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; - S.q[3] = (K.q[3] = H->q[3]) ^ pa[3]; - S.q[4] = (K.q[4] = H->q[4]) ^ pa[4]; - S.q[5] = (K.q[5] = H->q[5]) ^ pa[5]; - S.q[6] = (K.q[6] = H->q[6]) ^ pa[6]; - S.q[7] = (K.q[7] = H->q[7]) ^ pa[7]; - } - - for(r=0;rc[i] ^= S.c[i] ^ p[i]; - } - else -#endif - { - const u64 *pa=(const u64 *)p; - H->q[0] ^= S.q[0] ^ pa[0]; - H->q[1] ^= S.q[1] ^ pa[1]; - H->q[2] ^= S.q[2] ^ pa[2]; - H->q[3] ^= S.q[3] ^ pa[3]; - H->q[4] ^= S.q[4] ^ pa[4]; - H->q[5] ^= S.q[5] ^ pa[5]; - H->q[6] ^= S.q[6] ^ pa[6]; - H->q[7] ^= S.q[7] ^ pa[7]; - } -#endif - p += 64; - } while(--n); - } - -int -WHIRLPOOL_Init(WHIRLPOOL_CTX *c) -{ - memset (c, 0, sizeof(*c)); - return (1); -} -LCRYPTO_ALIAS(WHIRLPOOL_Init); - -int -WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes) -{ - /* Well, largest suitable chunk size actually is - * (1<<(sizeof(size_t)*8-3))-64, but below number - * is large enough for not to care about excessive - * calls to WHIRLPOOL_BitUpdate... */ - size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4); - const unsigned char *inp = _inp; - - while (bytes >= chunk) { - WHIRLPOOL_BitUpdate(c, inp, chunk*8); - bytes -= chunk; - inp += chunk; - } - if (bytes) - WHIRLPOOL_BitUpdate(c, inp, bytes*8); - - return (1); -} -LCRYPTO_ALIAS(WHIRLPOOL_Update); - -void -WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) -{ - size_t n; - unsigned int bitoff = c->bitoff, - bitrem = bitoff % 8, - inpgap = (8 - (unsigned int)bits % 8)&7; - const unsigned char *inp = _inp; - - /* This 256-bit increment procedure relies on the size_t - * being natural size of CPU register, so that we don't - * have to mask the value in order to detect overflows. */ - c->bitlen[0] += bits; - if (c->bitlen[0] < bits) /* overflow */ - { - n = 1; - do { - c->bitlen[n]++; - } while (c->bitlen[n]==0 && - ++n < (WHIRLPOOL_COUNTER/sizeof(size_t))); - } - -#ifndef OPENSSL_SMALL_FOOTPRINT -reconsider: - if (inpgap==0 && bitrem==0) /* byte-oriented loop */ - { - while (bits) { - if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) { - whirlpool_block(c, inp, n); - inp += n*WHIRLPOOL_BBLOCK/8; - bits %= WHIRLPOOL_BBLOCK; - } else { - unsigned int byteoff = bitoff/8; - - bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */ - if (bits >= bitrem) { - bits -= bitrem; - bitrem /= 8; - memcpy(c->data + byteoff, inp, bitrem); - inp += bitrem; - whirlpool_block(c, c->data, 1); - bitoff = 0; - } else { - memcpy(c->data + byteoff, inp, bits/8); - bitoff += (unsigned int)bits; - bits = 0; - } - c->bitoff = bitoff; - } - } - } - else /* bit-oriented loop */ -#endif - { - /* - inp - | - +-------+-------+------- - ||||||||||||||||||||| - +-------+-------+------- - +-------+-------+-------+-------+------- - |||||||||||||| c->data - +-------+-------+-------+-------+------- - | - c->bitoff/8 - */ - while (bits) { - unsigned int byteoff = bitoff/8; - unsigned char b; - -#ifndef OPENSSL_SMALL_FOOTPRINT - if (bitrem == inpgap) { - c->data[byteoff++] |= inp[0] & (0xff >> inpgap); - inpgap = 8 - inpgap; - bitoff += inpgap; bitrem = 0; /* bitoff%8 */ - bits -= inpgap; inpgap = 0; /* bits%8 */ - inp++; - if (bitoff == WHIRLPOOL_BBLOCK) { - whirlpool_block(c, c->data, 1); - bitoff = 0; - } - c->bitoff = bitoff; - goto reconsider; - } else -#endif - if (bits >= 8) { - b = ((inp[0]<>(8 - inpgap))); - b &= 0xff; - if (bitrem) - c->data[byteoff++] |= b >> bitrem; - else - c->data[byteoff++] = b; - bitoff += 8; - bits -= 8; - inp++; - if (bitoff >= WHIRLPOOL_BBLOCK) { - whirlpool_block(c, c->data, 1); - byteoff = 0; - bitoff %= WHIRLPOOL_BBLOCK; - } - if (bitrem) - c->data[byteoff] = b << (8 - bitrem); - } - else /* remaining less than 8 bits */ - { - b = (inp[0]<data[byteoff++] |= b >> bitrem; - else - c->data[byteoff++] = b; - bitoff += (unsigned int)bits; - if (bitoff == WHIRLPOOL_BBLOCK) { - whirlpool_block(c, c->data, 1); - byteoff = 0; - bitoff %= WHIRLPOOL_BBLOCK; - } - if (bitrem) - c->data[byteoff] = b << (8 - bitrem); - bits = 0; - } - c->bitoff = bitoff; - } - } -} -LCRYPTO_ALIAS(WHIRLPOOL_BitUpdate); - -int -WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c) -{ - unsigned int bitoff = c->bitoff, - byteoff = bitoff/8; - size_t i, j, v; - unsigned char *p; - - bitoff %= 8; - if (bitoff) - c->data[byteoff] |= 0x80 >> bitoff; - else - c->data[byteoff] = 0x80; - byteoff++; - - /* pad with zeros */ - if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) { - if (byteoff < WHIRLPOOL_BBLOCK/8) - memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff); - whirlpool_block(c, c->data, 1); - byteoff = 0; - } - if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) - memset(&c->data[byteoff], 0, - (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff); - /* smash 256-bit c->bitlen in big-endian order */ - p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */ - for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++) - for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8) - *p-- = (unsigned char)(v&0xff); - - whirlpool_block(c, c->data, 1); - - if (md) { - memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH); - memset(c, 0, sizeof(*c)); - return (1); - } - return (0); -} -LCRYPTO_ALIAS(WHIRLPOOL_Final); - -unsigned char * -WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md) -{ - WHIRLPOOL_CTX ctx; - - WHIRLPOOL_Init(&ctx); - WHIRLPOOL_Update(&ctx, inp, bytes); - WHIRLPOOL_Final(md, &ctx); - return (md); -} -LCRYPTO_ALIAS(WHIRLPOOL); diff --git a/lib/libcrypto/whrlpool/whrlpool.h b/lib/libcrypto/whrlpool/whrlpool.h deleted file mode 100644 index d8e7eef14..000000000 --- a/lib/libcrypto/whrlpool/whrlpool.h +++ /dev/null @@ -1,48 +0,0 @@ -/* $OpenBSD: whrlpool.h,v 1.8 2024/06/01 17:56:44 tb Exp $ */ - -#include - -#ifndef HEADER_WHRLPOOL_H -#define HEADER_WHRLPOOL_H - -#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) -#define __bounded__(x, y, z) -#endif - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define WHIRLPOOL_DIGEST_LENGTH (512/8) -#define WHIRLPOOL_BBLOCK 512 -#define WHIRLPOOL_COUNTER (256/8) - -typedef struct { - union { - unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; - /* double q is here to ensure 64-bit alignment */ - double q[WHIRLPOOL_DIGEST_LENGTH/sizeof(double)]; - } H; - unsigned char data[WHIRLPOOL_BBLOCK/8]; - unsigned int bitoff; - size_t bitlen[WHIRLPOOL_COUNTER/sizeof(size_t)]; - } WHIRLPOOL_CTX; - -#ifndef OPENSSL_NO_WHIRLPOOL -int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); -int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes) - __attribute__ ((__bounded__(__buffer__, 2, 3))); -void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); -int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c); -unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md) - __attribute__ ((__bounded__(__buffer__, 1, 2))) - __attribute__ ((__nonnull__(3))); -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/libcrypto/x509/by_dir.c b/lib/libcrypto/x509/by_dir.c index bb14e7280..2b2733a04 100644 --- a/lib/libcrypto/x509/by_dir.c +++ b/lib/libcrypto/x509/by_dir.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_dir.c,v 1.47 2024/03/25 00:05:49 beck Exp $ */ +/* $OpenBSD: by_dir.c,v 1.48 2024/08/31 10:19:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -96,7 +96,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, X509_OBJECT *ret); -static X509_LOOKUP_METHOD x509_dir_lookup = { +static const X509_LOOKUP_METHOD x509_dir_lookup = { .name = "Load certs from files in a directory", .new_item = new_dir, .free = free_dir, @@ -104,7 +104,7 @@ static X509_LOOKUP_METHOD x509_dir_lookup = { .get_by_subject = get_cert_by_subject, }; -X509_LOOKUP_METHOD * +const X509_LOOKUP_METHOD * X509_LOOKUP_hash_dir(void) { return &x509_dir_lookup; diff --git a/lib/libcrypto/x509/by_file.c b/lib/libcrypto/x509/by_file.c index bfab3761d..9b0fd2542 100644 --- a/lib/libcrypto/x509/by_file.c +++ b/lib/libcrypto/x509/by_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_file.c,v 1.30 2023/12/25 22:14:23 tb Exp $ */ +/* $OpenBSD: by_file.c,v 1.31 2024/08/31 10:19:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,7 +71,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); -static X509_LOOKUP_METHOD x509_file_lookup = { +static const X509_LOOKUP_METHOD x509_file_lookup = { .name = "Load file into cache", .new_item = NULL, .free = NULL, @@ -79,7 +79,7 @@ static X509_LOOKUP_METHOD x509_file_lookup = { .get_by_subject = NULL, }; -X509_LOOKUP_METHOD * +const X509_LOOKUP_METHOD * X509_LOOKUP_file(void) { return &x509_file_lookup; diff --git a/lib/libcrypto/x509/by_mem.c b/lib/libcrypto/x509/by_mem.c index ac3a24dea..71afefa8a 100644 --- a/lib/libcrypto/x509/by_mem.c +++ b/lib/libcrypto/x509/by_mem.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_mem.c,v 1.9 2023/12/25 22:14:23 tb Exp $ */ +/* $OpenBSD: by_mem.c,v 1.10 2024/08/31 10:19:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,7 +72,7 @@ static int by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **); -static X509_LOOKUP_METHOD x509_mem_lookup = { +static const X509_LOOKUP_METHOD x509_mem_lookup = { .name = "Load cert from memory", .new_item = NULL, .free = NULL, @@ -80,7 +80,7 @@ static X509_LOOKUP_METHOD x509_mem_lookup = { .get_by_subject = NULL, }; -X509_LOOKUP_METHOD * +const X509_LOOKUP_METHOD * X509_LOOKUP_mem(void) { return (&x509_mem_lookup); diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index f3709feb3..81e8b0b09 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.113 2024/08/28 07:15:04 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.119 2024/08/31 10:49:35 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -122,10 +122,7 @@ struct X509_algor_st { typedef STACK_OF(X509_ALGOR) X509_ALGORS; -typedef struct X509_val_st { - ASN1_TIME *notBefore; - ASN1_TIME *notAfter; -} X509_VAL; +typedef struct X509_val_st X509_VAL; typedef struct X509_sig_st X509_SIG; @@ -153,11 +150,6 @@ typedef struct x509_cinf_st X509_CINF; DECLARE_STACK_OF(X509) -/* standard trust ids */ - -/* OpenSSL changed this to 0 */ -#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ - #define X509_TRUST_COMPAT 1 #define X509_TRUST_SSL_CLIENT 2 #define X509_TRUST_SSL_SERVER 3 @@ -171,17 +163,6 @@ DECLARE_STACK_OF(X509) #define X509_TRUST_MIN 1 #define X509_TRUST_MAX 8 - -/* trust_flags values */ -#define X509_TRUST_DYNAMIC 1 -#define X509_TRUST_DYNAMIC_NAME 2 - -/* check_trust return codes */ - -#define X509_TRUST_TRUSTED 1 -#define X509_TRUST_REJECTED 2 -#define X509_TRUST_UNTRUSTED 3 - /* Flags for X509_print_ex() */ #define X509_FLAG_COMPAT 0 @@ -622,13 +603,11 @@ X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); int i2d_re_X509_tbs(X509 *x, unsigned char **pp); -#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API) /* Flags returned by X509_get_signature_info(): valid and suitable for TLS. */ #define X509_SIG_INFO_VALID 1 #define X509_SIG_INFO_TLS 2 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, uint32_t *flags); -#endif void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); @@ -740,8 +719,6 @@ EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); EVP_PKEY * X509_REQ_get0_pubkey(X509_REQ *req); int X509_REQ_extension_nid(int nid); -int * X509_REQ_get_extension_nids(void); -void X509_REQ_set_extension_nids(int *nids); STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, int nid); @@ -927,26 +904,6 @@ ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); -int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); -int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos); -int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, - const ASN1_OBJECT *obj, int lastpos); -X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); -X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr); -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len); -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, - int nid, int type, - const unsigned char *bytes, int len); -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, - const char *attrname, int type, - const unsigned char *bytes, int len); -void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, - const ASN1_OBJECT *obj, int lastpos, int type); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, int len); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, @@ -961,24 +918,6 @@ int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); -int EVP_PKEY_get_attr_count(const EVP_PKEY *key); -int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, - int lastpos); -int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, - int lastpos); -X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); -X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); -int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); -int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len); -int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, - int nid, int type, - const unsigned char *bytes, int len); -int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, - const char *attrname, int type, - const unsigned char *bytes, int len); - int X509_verify_cert(X509_STORE_CTX *ctx); /* lookup a cert from a X509 STACK */ @@ -1013,8 +952,6 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub); -int X509_check_trust(X509 *x, int id, int flags); - int X509_up_ref(X509 *x); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); diff --git a/lib/libcrypto/x509/x509_akey.c b/lib/libcrypto/x509/x509_akey.c index b052d9598..926508c4c 100644 --- a/lib/libcrypto/x509/x509_akey.c +++ b/lib/libcrypto/x509/x509_akey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_akey.c,v 1.2 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_akey.c,v 1.3 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -65,6 +65,8 @@ #include #include +#include "x509_local.h" + static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, diff --git a/lib/libcrypto/x509/x509_att.c b/lib/libcrypto/x509/x509_att.c index 21b47ce96..4931cbbc1 100644 --- a/lib/libcrypto/x509/x509_att.c +++ b/lib/libcrypto/x509/x509_att.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_att.c,v 1.24 2024/07/26 13:33:39 tb Exp $ */ +/* $OpenBSD: x509_att.c,v 1.25 2024/08/31 10:46:40 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,14 +68,6 @@ #include "x509_local.h" -int -X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) -{ - X509error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509at_get_attr_count); - int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, int lastpos) { @@ -86,7 +78,6 @@ X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, int lastpos) return (-2); return (X509at_get_attr_by_OBJ(x, obj, lastpos)); } -LCRYPTO_ALIAS(X509at_get_attr_by_NID); int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, @@ -108,23 +99,6 @@ X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, } return (-1); } -LCRYPTO_ALIAS(X509at_get_attr_by_OBJ); - -X509_ATTRIBUTE * -X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) -{ - X509error(ERR_R_DISABLED); - return NULL; -} -LCRYPTO_ALIAS(X509at_get_attr); - -X509_ATTRIBUTE * -X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) -{ - X509error(ERR_R_DISABLED); - return NULL; -} -LCRYPTO_ALIAS(X509at_delete_attr); STACK_OF(X509_ATTRIBUTE) * X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr) @@ -160,7 +134,6 @@ err2: sk_X509_ATTRIBUTE_free(sk); return (NULL); } -LCRYPTO_ALIAS(X509at_add1_attr); STACK_OF(X509_ATTRIBUTE) * X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, @@ -176,7 +149,6 @@ X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, X509_ATTRIBUTE_free(attr); return ret; } -LCRYPTO_ALIAS(X509at_add1_attr_by_OBJ); STACK_OF(X509_ATTRIBUTE) * X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, int nid, int type, @@ -192,7 +164,6 @@ X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, int nid, int type, X509_ATTRIBUTE_free(attr); return ret; } -LCRYPTO_ALIAS(X509at_add1_attr_by_NID); STACK_OF(X509_ATTRIBUTE) * X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, @@ -208,7 +179,6 @@ X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, X509_ATTRIBUTE_free(attr); return ret; } -LCRYPTO_ALIAS(X509at_add1_attr_by_txt); void * X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, const ASN1_OBJECT *obj, @@ -227,7 +197,6 @@ X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, const ASN1_OBJECT *obj, return NULL; return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); } -LCRYPTO_ALIAS(X509at_get0_data_by_OBJ); X509_ATTRIBUTE * X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, diff --git a/lib/libcrypto/x509/x509_bcons.c b/lib/libcrypto/x509/x509_bcons.c index e44ff4d1c..99cb5afe9 100644 --- a/lib/libcrypto/x509/x509_bcons.c +++ b/lib/libcrypto/x509/x509_bcons.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_bcons.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_bcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -65,6 +65,8 @@ #include #include +#include "x509_local.h" + static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, diff --git a/lib/libcrypto/x509/x509_bitst.c b/lib/libcrypto/x509/x509_bitst.c index 0328310f0..2bc4f9911 100644 --- a/lib/libcrypto/x509/x509_bitst.c +++ b/lib/libcrypto/x509/x509_bitst.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_bitst.c,v 1.6 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_bitst.c,v 1.8 2024/08/31 10:23:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,7 +63,9 @@ #include #include -static BIT_STRING_BITNAME ns_cert_type_table[] = { +#include "x509_local.h" + +static const BIT_STRING_BITNAME ns_cert_type_table[] = { {0, "SSL Client", "client"}, {1, "SSL Server", "server"}, {2, "S/MIME", "email"}, @@ -75,7 +77,7 @@ static BIT_STRING_BITNAME ns_cert_type_table[] = { {-1, NULL, NULL} }; -static BIT_STRING_BITNAME key_usage_type_table[] = { +static const BIT_STRING_BITNAME key_usage_type_table[] = { {0, "Digital Signature", "digitalSignature"}, {1, "Non Repudiation", "nonRepudiation"}, {2, "Key Encipherment", "keyEncipherment"}, @@ -88,7 +90,7 @@ static BIT_STRING_BITNAME key_usage_type_table[] = { {-1, NULL, NULL} }; -static BIT_STRING_BITNAME crl_reasons[] = { +static const BIT_STRING_BITNAME crl_reasons[] = { {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"}, {CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"}, diff --git a/lib/libcrypto/x509/x509_conf.c b/lib/libcrypto/x509/x509_conf.c index 25f0ad0b2..51f92d43e 100644 --- a/lib/libcrypto/x509/x509_conf.c +++ b/lib/libcrypto/x509/x509_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_conf.c,v 1.22 2024/08/28 08:59:03 tb Exp $ */ +/* $OpenBSD: x509_conf.c,v 1.27 2024/08/31 10:04:50 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -66,6 +66,7 @@ #include #include +#include "conf_local.h" #include "x509_local.h" static int v3_check_critical(const char **value); @@ -403,15 +404,6 @@ X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, } LCRYPTO_ALIAS(X509V3_EXT_REQ_add_nconf); -/* XXX - remove in next bump. */ -char * -X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) -{ - X509V3error(ERR_R_DISABLED); - return NULL; -} -LCRYPTO_ALIAS(X509V3_get_string); - STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, const char *section) { @@ -421,22 +413,12 @@ X509V3_get_section(X509V3_CTX *ctx, const char *section) } return NCONF_get_section(ctx->db, section); } -LCRYPTO_ALIAS(X509V3_get_section); - -/* XXX - remove in next bump. */ -void -X509V3_string_free(X509V3_CTX *ctx, char *str) -{ - return; -} -LCRYPTO_ALIAS(X509V3_string_free); void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) { return; } -LCRYPTO_ALIAS(X509V3_section_free); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) @@ -478,40 +460,3 @@ X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int nid, return X509V3_EXT_nconf_nid(&ctmp, ctx, nid, value); } LCRYPTO_ALIAS(X509V3_EXT_conf_nid); - -/* - * XXX - remove everything below in the next bump. - */ - -void -X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) -{ -} -LCRYPTO_ALIAS(X509V3_set_conf_lhash); - -int -X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert) -{ - X509V3error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509V3_EXT_add_conf); - -int -X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl) -{ - X509V3error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509V3_EXT_CRL_add_conf); - -int -X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req) -{ - X509V3error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509V3_EXT_REQ_add_conf); diff --git a/lib/libcrypto/x509/x509_extku.c b/lib/libcrypto/x509/x509_extku.c index 6a69adabc..da5036a09 100644 --- a/lib/libcrypto/x509/x509_extku.c +++ b/lib/libcrypto/x509/x509_extku.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_extku.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_extku.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,6 +63,8 @@ #include #include +#include "x509_local.h" + static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE( diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h index 81a237d86..bb64729b3 100644 --- a/lib/libcrypto/x509/x509_local.h +++ b/lib/libcrypto/x509/x509_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_local.h,v 1.26 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_local.h,v 1.32 2024/08/31 10:46:40 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2013. */ @@ -71,14 +71,20 @@ __BEGIN_HIDDEN_DECLS #define X509_CRL_HASH_EVP EVP_sha512() #define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH -/* - * Used internally instead of the confusing X509_TRUST_DEFAULT, - * which is not the default for X509_check_trust. - * XXX Make X509_check_trust internal, and move the other - * X509_TRUST values here to clean up this mess. - */ #define X509_TRUST_ACCEPT_ALL -1 +/* check_trust return codes */ +#define X509_TRUST_TRUSTED 1 +#define X509_TRUST_REJECTED 2 +#define X509_TRUST_UNTRUSTED 3 + +int X509_check_trust(X509 *x, int id, int flags); + +struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} /* X509_VAL */; + struct X509_pubkey_st { X509_ALGOR *algor; ASN1_BIT_STRING *public_key; @@ -312,7 +318,7 @@ struct x509_store_st { /* This is the functions plus an instance of the local variables. */ struct x509_lookup_st { - X509_LOOKUP_METHOD *method; /* the functions */ + const X509_LOOKUP_METHOD *method; /* the functions */ void *method_data; /* method data */ X509_STORE *store_ctx; /* who owns us */ @@ -418,6 +424,36 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, + const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, + int nid, int type, const unsigned char *bytes, int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, + const char *attrname, int type, const unsigned char *bytes, int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); + +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); + +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); + const X509V3_EXT_METHOD *x509v3_ext_method_authority_key_identifier(void); const X509V3_EXT_METHOD *x509v3_ext_method_basic_constraints(void); const X509V3_EXT_METHOD *x509v3_ext_method_certificate_issuer(void); diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c index 0edcfca7d..8ea1d158b 100644 --- a/lib/libcrypto/x509/x509_lu.c +++ b/lib/libcrypto/x509/x509_lu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lu.c,v 1.65 2024/03/22 06:24:54 tb Exp $ */ +/* $OpenBSD: x509_lu.c,v 1.66 2024/08/31 10:19:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,7 +67,7 @@ #include "x509_local.h" static X509_LOOKUP * -X509_LOOKUP_new(X509_LOOKUP_METHOD *method) +X509_LOOKUP_new(const X509_LOOKUP_METHOD *method) { X509_LOOKUP *lu; @@ -245,7 +245,7 @@ X509_STORE_up_ref(X509_STORE *store) LCRYPTO_ALIAS(X509_STORE_up_ref); X509_LOOKUP * -X509_STORE_add_lookup(X509_STORE *store, X509_LOOKUP_METHOD *method) +X509_STORE_add_lookup(X509_STORE *store, const X509_LOOKUP_METHOD *method) { STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; diff --git a/lib/libcrypto/x509/x509_pcons.c b/lib/libcrypto/x509/x509_pcons.c index d6ee9d7e2..66dc57abf 100644 --- a/lib/libcrypto/x509/x509_pcons.c +++ b/lib/libcrypto/x509/x509_pcons.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_pcons.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_pcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -65,6 +65,8 @@ #include #include +#include "x509_local.h" + static STACK_OF(CONF_VALUE) * i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, STACK_OF(CONF_VALUE) *extlist); diff --git a/lib/libcrypto/x509/x509_pmaps.c b/lib/libcrypto/x509/x509_pmaps.c index 7a91917f6..5039f65f2 100644 --- a/lib/libcrypto/x509/x509_pmaps.c +++ b/lib/libcrypto/x509/x509_pmaps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_pmaps.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_pmaps.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -64,6 +64,8 @@ #include #include +#include "x509_local.h" + static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS( diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c index 256501497..704acbd89 100644 --- a/lib/libcrypto/x509/x509_req.c +++ b/lib/libcrypto/x509/x509_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_req.c,v 1.42 2024/07/26 13:24:39 tb Exp $ */ +/* $OpenBSD: x509_req.c,v 1.43 2024/08/31 10:16:52 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -318,22 +318,3 @@ i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) return i2d_X509_REQ_INFO(req->req_info, pp); } LCRYPTO_ALIAS(i2d_re_X509_REQ_tbs); - -/* - * XXX - remove the API below in the next major bump - */ - -int * -X509_REQ_get_extension_nids(void) -{ - X509error(ERR_R_DISABLED); - return NULL; -} -LCRYPTO_ALIAS(X509_REQ_get_extension_nids); - -void -X509_REQ_set_extension_nids(int *nids) -{ - X509error(ERR_R_DISABLED); -} -LCRYPTO_ALIAS(X509_REQ_set_extension_nids); diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index 9ba8194ee..e7e42a83c 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.57 2024/07/12 18:15:10 beck Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.58 2024/08/31 10:12:23 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -147,10 +147,6 @@ X509_check_trust(X509 *x, int trust_id, int flags) if (!x509v3_cache_extensions(x)) return X509_TRUST_UNTRUSTED; - /* - * XXX make X509_TRUST_ACCEPT_ALL a real boy once it does not - * need to have the same -1 value as X509_TRUST_DEFAULT - */ if (trust_id == X509_TRUST_ACCEPT_ALL) return 1; @@ -175,4 +171,3 @@ X509_check_trust(X509 *x, int trust_id, int flags) return trust_if_self_signed(x); } } -LCRYPTO_ALIAS(X509_check_trust); diff --git a/lib/libcrypto/x509/x509_utl.c b/lib/libcrypto/x509/x509_utl.c index 422e89989..f327e9fca 100644 --- a/lib/libcrypto/x509/x509_utl.c +++ b/lib/libcrypto/x509/x509_utl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_utl.c,v 1.19 2024/07/08 06:57:37 jca Exp $ */ +/* $OpenBSD: x509_utl.c,v 1.22 2024/08/31 18:38:46 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -67,6 +67,8 @@ #include #include +#include "conf_local.h" + #include "bytestring.h" static char *bn_to_string(const BIGNUM *bn); @@ -85,42 +87,54 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); /* Add a CONF_VALUE name-value pair to stack. */ int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) + STACK_OF(CONF_VALUE) **out_extlist) { - CONF_VALUE *vtmp = NULL; - STACK_OF(CONF_VALUE) *free_exts = NULL; + STACK_OF(CONF_VALUE) *extlist = NULL; + CONF_VALUE *conf_value = NULL; + int ret = 0; - if ((vtmp = calloc(1, sizeof(CONF_VALUE))) == NULL) + if ((conf_value = calloc(1, sizeof(*conf_value))) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; + } if (name != NULL) { - if ((vtmp->name = strdup(name)) == NULL) + if ((conf_value->name = strdup(name)) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; + } } if (value != NULL) { - if ((vtmp->value = strdup(value)) == NULL) + if ((conf_value->value = strdup(value)) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; + } } - if (*extlist == NULL) { - if ((free_exts = *extlist = sk_CONF_VALUE_new_null()) == NULL) - goto err; - } - - if (!sk_CONF_VALUE_push(*extlist, vtmp)) + if ((extlist = *out_extlist) == NULL) + extlist = sk_CONF_VALUE_new_null(); + if (extlist == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; + } - return 1; + if (!sk_CONF_VALUE_push(extlist, conf_value)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + conf_value = NULL; + + *out_extlist = extlist; + extlist = NULL; + + ret = 1; err: - X509V3error(ERR_R_MALLOC_FAILURE); - X509V3_conf_free(vtmp); - if (free_exts != NULL) { - sk_CONF_VALUE_free(*extlist); - *extlist = NULL; - } - return 0; + if (extlist != *out_extlist) + sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); + X509V3_conf_free(conf_value); + + return ret; } -LCRYPTO_ALIAS(X509V3_add_value); int X509V3_add_value_uchar(const char *name, const unsigned char *value, @@ -128,7 +142,6 @@ X509V3_add_value_uchar(const char *name, const unsigned char *value, { return X509V3_add_value(name, (const char *)value, extlist); } -LCRYPTO_ALIAS(X509V3_add_value_uchar); /* Free function for STACK_OF(CONF_VALUE) */ @@ -152,17 +165,6 @@ X509V3_add_value_bool(const char *name, int asn1_bool, return X509V3_add_value(name, "TRUE", extlist); return X509V3_add_value(name, "FALSE", extlist); } -LCRYPTO_ALIAS(X509V3_add_value_bool); - -int -X509V3_add_value_bool_nf(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) -{ - if (asn1_bool) - return X509V3_add_value(name, "TRUE", extlist); - return 1; -} -LCRYPTO_ALIAS(X509V3_add_value_bool_nf); static char * bn_to_string(const BIGNUM *bn) @@ -305,7 +307,6 @@ X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, free(strtmp); return ret; } -LCRYPTO_ALIAS(X509V3_add_value_int); int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) @@ -331,7 +332,6 @@ X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) X509V3_conf_err(value); return 0; } -LCRYPTO_ALIAS(X509V3_get_value_bool); int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) @@ -345,7 +345,6 @@ X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) *aint = itmp; return 1; } -LCRYPTO_ALIAS(X509V3_get_value_int); #define HDR_NAME 1 #define HDR_VALUE 2 diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h index 755a06435..43b94021b 100644 --- a/lib/libcrypto/x509/x509_vfy.h +++ b/lib/libcrypto/x509/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.68 2024/03/02 10:57:03 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.69 2024/08/31 10:19:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -341,11 +341,11 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, const X509_LOOKUP_METHOD *m); -X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); -X509_LOOKUP_METHOD *X509_LOOKUP_file(void); -X509_LOOKUP_METHOD *X509_LOOKUP_mem(void); +const X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +const X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +const X509_LOOKUP_METHOD *X509_LOOKUP_mem(void); int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h index b38e17595..166ac66a2 100644 --- a/lib/libcrypto/x509/x509v3.h +++ b/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.30 2024/08/28 08:22:57 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.35 2024/08/31 10:23:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -117,17 +117,9 @@ struct v3_ext_method { X509V3_EXT_I2R i2r; X509V3_EXT_R2I r2i; - void *usr_data; /* Any extension specific data */ + const void *usr_data; /* Any extension specific data */ }; -/* XXX - remove in next bump. */ -typedef struct X509V3_CONF_METHOD_st { - char *(*get_string)(void *db, const char *section, const char *value); - STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section); - void (*free_string)(void *db, char *string); - void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); -} X509V3_CONF_METHOD; - struct v3_ext_ctx { #define CTX_TEST 0x1 int flags; @@ -135,7 +127,6 @@ struct v3_ext_ctx { X509 *subject_cert; X509_REQ *subject_req; X509_CRL *crl; - X509V3_CONF_METHOD *db_meth; /* XXX - remove in next bump. */ void *db; }; @@ -647,37 +638,13 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, const char *value); X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name, const char *value); -int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert); -int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req); -int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl); -int X509V3_add_value_bool_nf(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); -int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); #endif -char *X509V3_get_string(X509V3_CTX *ctx, const char *name, - const char *section); -STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); -void X509V3_string_free(X509V3_CTX *ctx, char *str); -void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, X509_REQ *req, X509_CRL *crl, int flags); -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); @@ -692,7 +659,6 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext); void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); - X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list index 4577566fb..65cd3e7f8 100644 --- a/lib/libssl/Symbols.list +++ b/lib/libssl/Symbols.list @@ -32,7 +32,6 @@ SSL_CIPHER_get_name SSL_CIPHER_get_value SSL_CIPHER_get_version SSL_CIPHER_is_aead -SSL_COMP_add_compression_method SSL_COMP_get_compression_methods SSL_COMP_get_name SSL_CTX_add0_chain_cert diff --git a/lib/libssl/hidden/openssl/ssl.h b/lib/libssl/hidden/openssl/ssl.h index 6cf8d0c79..b854dd7b7 100644 --- a/lib/libssl/hidden/openssl/ssl.h +++ b/lib/libssl/hidden/openssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.8 2024/08/03 04:50:27 tb Exp $ */ +/* $OpenBSD: ssl.h,v 1.9 2024/08/31 10:51:48 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -355,7 +355,6 @@ LSSL_USED(SSL_get_current_expansion); LSSL_USED(SSL_get_peer_certificate); LSSL_USED(SSL_COMP_get_name); LSSL_USED(SSL_COMP_get_compression_methods); -LSSL_USED(SSL_COMP_add_compression_method); LSSL_USED(SSL_set_session_ticket_ext); LSSL_USED(SSL_set_session_ticket_ext_cb); LSSL_USED(SSL_set_session_secret_cb); diff --git a/lib/libssl/man/SSL_COMP_add_compression_method.3 b/lib/libssl/man/SSL_COMP_add_compression_method.3 index a18c9cd2b..f9e25358d 100644 --- a/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_COMP_add_compression_method.3,v 1.6 2024/05/23 06:49:55 tb Exp $ +.\" $OpenBSD: SSL_COMP_add_compression_method.3,v 1.7 2024/08/31 10:51:48 tb Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,45 +14,29 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 23 2024 $ +.Dd $Mdocdate: August 31 2024 $ .Dt SSL_COMP_ADD_COMPRESSION_METHOD 3 .Os .Sh NAME -.Nm SSL_COMP_add_compression_method , .Nm SSL_COMP_get_compression_methods .Nd handle SSL/TLS integrated compression methods .Sh SYNOPSIS .In openssl/ssl.h -.Ft int -.Fn SSL_COMP_add_compression_method "int id" "void *cm" .Ft STACK_OF(SSL_COMP) * .Fn SSL_COMP_get_compression_methods void .Sh DESCRIPTION -These functions are deprecated and have no effect. -They are provided purely for compatibility with legacy application code. -.Pp -.Fn SSL_COMP_add_compression_method -used to add the compression method -.Fa cm -with the identifier -.Fa id -to the list of available compression methods. +This function is deprecated and has no effect. +It is provided purely for compatibility with legacy application code. .Pp .Fn SSL_COMP_get_compression_methods used to return a stack of available compression methods. .Sh RETURN VALUES -.Fn SSL_COMP_add_compression_method -always returns 1. .Fn SSL_COMP_get_compression_methods always returns .Dv NULL . .Sh SEE ALSO .Xr ssl 3 .Sh HISTORY -.Fn SSL_COMP_add_compression_method -first appeared in OpenSSL 0.9.2b and has been available since -.Ox 2.6 . -.Pp .Fn SSL_COMP_get_compression_methods first appeared in OpenSSL 0.9.8 and has been available since .Ox 4.5 . diff --git a/lib/libssl/man/ssl.3 b/lib/libssl/man/ssl.3 index 5bceba724..314a1b0a9 100644 --- a/lib/libssl/man/ssl.3 +++ b/lib/libssl/man/ssl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssl.3,v 1.25 2024/07/13 18:33:18 tb Exp $ +.\" $OpenBSD: ssl.3,v 1.26 2024/08/31 10:51:48 tb Exp $ .\" full merge up to: OpenSSL e330f55d Nov 11 00:51:04 2016 +0100 .\" selective merge up to: OpenSSL 322755cc Sep 1 08:40:51 2018 +0800 .\" @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 13 2024 $ +.Dd $Mdocdate: August 31 2024 $ .Dt SSL 3 .Os .Sh NAME @@ -339,7 +339,7 @@ To inspect the state during ongoing communication: .Xr SSL_load_client_CA_file 3 .Ss Obsolete functions .Xr OPENSSL_init_ssl 3 , -.Xr SSL_COMP_add_compression_method 3 , +.Xr SSL_COMP_get_compression_methods 3 , .Xr SSL_CTX_set_tmp_rsa_callback 3 , .Xr SSL_library_init 3 , .Xr SSL_set_tmp_ecdh 3 diff --git a/lib/libssl/shlib_version b/lib/libssl/shlib_version index 2a95b4d81..b4e325a8e 100644 --- a/lib/libssl/shlib_version +++ b/lib/libssl/shlib_version @@ -1,3 +1,3 @@ # Don't forget to give libtls the same type of bump! -major=57 -minor=1 +major=58 +minor=0 diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 1a0fca167..789a52b16 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.241 2024/08/12 21:01:00 tb Exp $ */ +/* $OpenBSD: ssl.h,v 1.242 2024/08/31 10:51:48 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1479,7 +1479,6 @@ const void *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const void *comp); void *SSL_COMP_get_compression_methods(void); -int SSL_COMP_add_compression_method(int id, void *cm); /* TLS extensions functions */ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 2478d70ea..8f7345f06 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.147 2024/07/23 14:40:53 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.149 2024/08/31 12:46:55 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1112,11 +1112,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, static inline int ssl_aes_is_accelerated(void) { -#if defined(__i386__) || defined(__x86_64__) - return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0); -#else - return (0); -#endif + return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0; } STACK_OF(SSL_CIPHER) * @@ -1640,13 +1636,6 @@ SSL_COMP_get_compression_methods(void) } LSSL_ALIAS(SSL_COMP_get_compression_methods); -int -SSL_COMP_add_compression_method(int id, void *cm) -{ - return 1; -} -LSSL_ALIAS(SSL_COMP_add_compression_method); - const char * SSL_COMP_get_name(const void *comp) { diff --git a/lib/libtls/shlib_version b/lib/libtls/shlib_version index 10f084cda..07d08b6f1 100644 --- a/lib/libtls/shlib_version +++ b/lib/libtls/shlib_version @@ -1,2 +1,2 @@ -major=30 -minor=1 +major=31 +minor=0 diff --git a/regress/lib/libssl/ciphers/cipherstest.c b/regress/lib/libssl/ciphers/cipherstest.c index 649eaf720..1df335f9f 100644 --- a/regress/lib/libssl/ciphers/cipherstest.c +++ b/regress/lib/libssl/ciphers/cipherstest.c @@ -30,11 +30,7 @@ int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str); static inline int ssl_aes_is_accelerated(void) { -#if defined(__i386__) || defined(__x86_64__) - return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0); -#else - return (0); -#endif + return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0; } static int diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c index 0c526f38f..7e96944fc 100644 --- a/regress/lib/libssl/client/clienttest.c +++ b/regress/lib/libssl/client/clienttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clienttest.c,v 1.44 2024/07/20 18:37:38 tb Exp $ */ +/* $OpenBSD: clienttest.c,v 1.45 2024/08/31 12:47:24 jsing Exp $ */ /* * Copyright (c) 2015 Joel Sing * @@ -515,11 +515,7 @@ hexdump(const uint8_t *buf, size_t len, const uint8_t *compare) static inline int ssl_aes_is_accelerated(void) { -#if defined(__i386__) || defined(__x86_64__) - return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0); -#else - return (0); -#endif + return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0; } static int diff --git a/regress/lib/libssl/openssl-ruby/Makefile b/regress/lib/libssl/openssl-ruby/Makefile index 4e6d2a3dd..af8083f66 100644 --- a/regress/lib/libssl/openssl-ruby/Makefile +++ b/regress/lib/libssl/openssl-ruby/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.13 2024/08/29 17:16:40 tb Exp $ +# $OpenBSD: Makefile,v 1.14 2024/08/31 11:14:58 tb Exp $ OPENSSL_RUBY_TESTS = /usr/local/share/openssl-ruby-tests .if exists(/usr/local/bin/ruby32) @@ -37,8 +37,7 @@ ${_BUILD_COOKIE}: ${_BUILDDIR_COOKIE} make; touch $@ -# XXX - remove [^c] after bump -OPENSSL_RUBY_TESTSRC = ${OPENSSL_RUBY_TESTS}/test/openssl/test_*[^c].rb +OPENSSL_RUBY_TESTSRC = ${OPENSSL_RUBY_TESTS}/test/openssl/test_*.rb ${_TEST_COOKIE}: ${_BUILD_COOKIE} ${_BUILDDIR_COOKIE} cd ${BUILDDIR} && \ env SKIP_EXPECTED_FAILURES=true ${RUBY} -I. \ diff --git a/regress/lib/libssl/unit/ssl_get_shared_ciphers.c b/regress/lib/libssl/unit/ssl_get_shared_ciphers.c index ff966900a..e26f614e5 100644 --- a/regress/lib/libssl/unit/ssl_get_shared_ciphers.c +++ b/regress/lib/libssl/unit/ssl_get_shared_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.12 2024/03/20 10:38:05 jsing Exp $ */ +/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.13 2024/08/31 12:47:24 jsing Exp $ */ /* * Copyright (c) 2021 Theo Buehler * @@ -379,11 +379,7 @@ shutdown_peers(SSL *client_ssl, SSL *server_ssl, const char *description) static inline int ssl_aes_is_accelerated(void) { -#if defined(__i386__) || defined(__x86_64__) - return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0); -#else - return (0); -#endif + return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0; } static int diff --git a/regress/sys/kern/unveil/Makefile b/regress/sys/kern/unveil/Makefile index 3bf6dc748..7eee884d1 100644 --- a/regress/sys/kern/unveil/Makefile +++ b/regress/sys/kern/unveil/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.5 2022/09/17 12:51:23 benno Exp $ +# $OpenBSD: Makefile,v 1.6 2024/08/31 20:03:03 jeremy Exp $ WARNINGS= yes @@ -10,5 +10,6 @@ run-regress-syscalls: ${SUDO} ./syscalls PROGS+= socket +PROGS+= access .include diff --git a/regress/sys/kern/unveil/access-expected b/regress/sys/kern/unveil/access-expected new file mode 100644 index 000000000..1be1994ba --- /dev/null +++ b/regress/sys/kern/unveil/access-expected @@ -0,0 +1,17 @@ +unveil:access +: +r:RF +w: +x: +c: +rw:RWF +rx:RXF +rc:RF +wx: +wc: +xc: +rwx:RWXF +rwc:RWF +rxc:RXF +wxc: +rwxc:RWXF diff --git a/regress/sys/kern/unveil/access.c b/regress/sys/kern/unveil/access.c new file mode 100644 index 000000000..24dbfaa6c --- /dev/null +++ b/regress/sys/kern/unveil/access.c @@ -0,0 +1,63 @@ +#include +#include +#include +#include +#include +#include +#include + +#define UV_SHOULD_SUCCEED(A, B) do { \ + if (A) { \ + err(1, "%s:%d - %s", __FILE__, __LINE__, B); \ + } \ +} while (0) + +#define NUM_PERMS 16 +static char uv_dir[] = "/tmp/uvdir.XXXXXX"; /* test directory */ +static char uv_file[] = "/tmp/uvfile.XXXXXX"; /* log file */ + +const char* perms[] = {"", "r", "w", "x", "c", "rw", "rx", "rc", + "wx", "wc","xc", "rwx", "rwc", "rxc", "wxc", "rwxc"}; +const char* filenames[] = {"f", "fr", "fw", "fx", "fc", "frw", "frx", "frc", + "fwx", "fwc", "fxc", "frwx", + "frwc", "frxc", "fwxc", "frwxc"}; +const char* header = "unveil:access\n"; + +int main(int argc, char** argv) { + int i; + int log_fd; + FILE *log; + char expected[PATH_MAX]; + char *exp; + + UV_SHOULD_SUCCEED(((exp = realpath("access-expected", expected)) == NULL), "realpath"); + UV_SHOULD_SUCCEED(((log_fd = mkstemp(uv_file)) == -1), "mkstemp"); + UV_SHOULD_SUCCEED(((log = fdopen(log_fd, "w")) == NULL), "fdopen"); + UV_SHOULD_SUCCEED((mkdtemp(uv_dir) == NULL), "mkdtmp"); + UV_SHOULD_SUCCEED((unveil("/", "rwxc") == -1), "unveil"); + UV_SHOULD_SUCCEED((chdir(uv_dir) == -1), "chdir"); + + fwrite(header, strlen(header), 1, log); + for (i = 0; i < NUM_PERMS; i++) { + const char *perm = perms[i]; + const char *filename = filenames[i]; + int fd; + UV_SHOULD_SUCCEED(((fd = open(filename, O_WRONLY|O_CREAT, 0700)) == -1), "open"); + UV_SHOULD_SUCCEED((close(fd) == -1), "close"); + UV_SHOULD_SUCCEED((unveil(filename, perm) == -1), "unveil"); + UV_SHOULD_SUCCEED((fwrite(perm, 1, strlen(perm), log) != strlen(perm)), "fwrite"); + UV_SHOULD_SUCCEED((fwrite(":", 1, 1, log) != 1), "fwrite"); + if (access(filename, R_OK) == 0) + UV_SHOULD_SUCCEED((fwrite("R", 1, 1, log) != 1), "fwrite"); + if (access(filename, W_OK) == 0) + UV_SHOULD_SUCCEED((fwrite("W", 1, 1, log) != 1), "fwrite"); + if (access(filename, X_OK) == 0) + UV_SHOULD_SUCCEED((fwrite("X", 1, 1, log) != 1), "fwrite"); + if (access(filename, F_OK) == 0) + UV_SHOULD_SUCCEED((fwrite("F", 1, 1, log) != 1), "fwrite"); + UV_SHOULD_SUCCEED((fwrite("\n", 1, 1, log) != 1), "fwrite"); + } + UV_SHOULD_SUCCEED((fclose(log) == -1), "fclose"); + + return execl("/usr/bin/diff", "diff", "-u", uv_file, expected, NULL); +} diff --git a/share/man/man4/rport.4 b/share/man/man4/rport.4 index 92b8f6ff9..11c9e5587 100644 --- a/share/man/man4/rport.4 +++ b/share/man/man4/rport.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rport.4,v 1.1 2024/08/31 04:21:45 dlg Exp $ +.\" $OpenBSD: rport.4,v 1.2 2024/08/31 13:39:36 jmc Exp $ .\" .\" Copyright (c) 2024 David Gwynne .\" @@ -31,7 +31,7 @@ between instances. .Pp Layer 3 connectivity between a pair of rdomains can be established -by creating a +by creating an .Nm interface in each rdomain, and connecting them together by configuring one of these interfaces as the parent of the other. @@ -50,8 +50,8 @@ see its manual page for more information. Create two .Nm interfaces in separate -.Xr rdomain 4 Ns s -and connect them together: +.Xr rdomain 4 +instances and connect them together: .Bd -literal -offset indent # ifconfig rport0 create rdomain 0 up # ifconfig rport1 create rdomain 1 parent rport0 up diff --git a/sys/dev/acpi/acpi_x86.c b/sys/dev/acpi/acpi_x86.c index 76cc5a0e9..7ccc46c3b 100644 --- a/sys/dev/acpi/acpi_x86.c +++ b/sys/dev/acpi/acpi_x86.c @@ -1,4 +1,4 @@ -/* $OpenBSD: acpi_x86.c,v 1.30 2024/08/13 22:31:16 deraadt Exp $ */ +/* $OpenBSD: acpi_x86.c,v 1.31 2024/08/31 15:53:44 deraadt Exp $ */ /* * Copyright (c) 2005 Thorsten Lockert * Copyright (c) 2005 Jordan Hargrave @@ -37,6 +37,8 @@ sleep_showstate(void *v, int sleepmode) case SLEEP_SUSPEND: sc->sc_state = ACPI_STATE_S3; #ifdef __amd64__ + if (sc->sc_fadt->flags & FADT_POWER_S0_IDLE_CAPABLE) + sc->sc_state = ACPI_STATE_S0; fallback_state = ACPI_STATE_S0; /* No S3, use S0 */ #endif break; diff --git a/sys/dev/ic/dc.c b/sys/dev/ic/dc.c index 5ba861e94..924943f0a 100644 --- a/sys/dev/ic/dc.c +++ b/sys/dev/ic/dc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dc.c,v 1.157 2024/05/13 01:15:50 jsg Exp $ */ +/* $OpenBSD: dc.c,v 1.158 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 1997, 1998, 1999 @@ -3061,23 +3061,18 @@ dc_activate(struct device *self, int act) { struct dc_softc *sc = (struct dc_softc *)self; struct ifnet *ifp = &sc->sc_arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) dc_stop(sc, 0); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) dc_init(sc); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } int diff --git a/sys/dev/ic/fxp.c b/sys/dev/ic/fxp.c index 6a616a770..23931649e 100644 --- a/sys/dev/ic/fxp.c +++ b/sys/dev/ic/fxp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fxp.c,v 1.134 2024/02/28 12:53:31 miod Exp $ */ +/* $OpenBSD: fxp.c,v 1.135 2024/08/31 16:23:09 deraadt Exp $ */ /* $NetBSD: if_fxp.c,v 1.2 1997/06/05 02:01:55 thorpej Exp $ */ /* @@ -284,23 +284,18 @@ fxp_activate(struct device *self, int act) { struct fxp_softc *sc = (struct fxp_softc *)self; struct ifnet *ifp = &sc->sc_arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) fxp_stop(sc, 1, 0); - rv = config_activate_children(self, act); break; case DVACT_WAKEUP: if (ifp->if_flags & IFF_UP) fxp_wakeup(sc); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } void diff --git a/sys/dev/ic/rtl81x9.c b/sys/dev/ic/rtl81x9.c index fa642d361..6beca05a8 100644 --- a/sys/dev/ic/rtl81x9.c +++ b/sys/dev/ic/rtl81x9.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtl81x9.c,v 1.98 2020/07/10 13:26:37 patrick Exp $ */ +/* $OpenBSD: rtl81x9.c,v 1.99 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 1997, 1998 @@ -1222,23 +1222,18 @@ rl_activate(struct device *self, int act) { struct rl_softc *sc = (struct rl_softc *)self; struct ifnet *ifp = &sc->sc_arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) rl_stop(sc); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) rl_init(sc); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } int diff --git a/sys/dev/ic/xl.c b/sys/dev/ic/xl.c index 4f40e08ea..00ba39b26 100644 --- a/sys/dev/ic/xl.c +++ b/sys/dev/ic/xl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xl.c,v 1.139 2023/11/10 15:51:20 bluhm Exp $ */ +/* $OpenBSD: xl.c,v 1.140 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 1997, 1998, 1999 @@ -188,29 +188,23 @@ xl_activate(struct device *self, int act) { struct xl_softc *sc = (struct xl_softc *)self; struct ifnet *ifp = &sc->sc_arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) xl_stop(sc); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) xl_init(sc); break; case DVACT_POWERDOWN: - rv = config_activate_children(self, act); #ifndef SMALL_KERNEL xl_wol_power(sc); #endif break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } /* diff --git a/sys/dev/pci/if_alc.c b/sys/dev/pci/if_alc.c index 6314de788..62df9379a 100644 --- a/sys/dev/pci/if_alc.c +++ b/sys/dev/pci/if_alc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_alc.c,v 1.58 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: if_alc.c,v 1.59 2024/08/31 16:23:09 deraadt Exp $ */ /*- * Copyright (c) 2009, Pyun YongHyeon * All rights reserved. @@ -1465,23 +1465,18 @@ alc_activate(struct device *self, int act) { struct alc_softc *sc = (struct alc_softc *)self; struct ifnet *ifp = &sc->sc_arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) alc_stop(sc); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) alc_init(ifp); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } int diff --git a/sys/dev/pci/if_ale.c b/sys/dev/pci/if_ale.c index ffec3722a..810226a2c 100644 --- a/sys/dev/pci/if_ale.c +++ b/sys/dev/pci/if_ale.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ale.c,v 1.51 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: if_ale.c,v 1.52 2024/08/31 16:23:09 deraadt Exp $ */ /*- * Copyright (c) 2008, Pyun YongHyeon * All rights reserved. @@ -583,23 +583,18 @@ ale_activate(struct device *self, int act) { struct ale_softc *sc = (struct ale_softc *)self; struct ifnet *ifp = &sc->sc_arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) ale_stop(sc); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) ale_init(ifp); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } int diff --git a/sys/dev/pci/if_bce.c b/sys/dev/pci/if_bce.c index 6f2ee17cb..7340d8a92 100644 --- a/sys/dev/pci/if_bce.c +++ b/sys/dev/pci/if_bce.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bce.c,v 1.56 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: if_bce.c,v 1.57 2024/08/31 16:23:09 deraadt Exp $ */ /* $NetBSD: if_bce.c,v 1.3 2003/09/29 01:53:02 mrg Exp $ */ /* @@ -445,7 +445,6 @@ bce_activate(struct device *self, int act) } break; } - return (0); } diff --git a/sys/dev/pci/if_bge.c b/sys/dev/pci/if_bge.c index ae14ce96c..abcc7bd83 100644 --- a/sys/dev/pci/if_bge.c +++ b/sys/dev/pci/if_bge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bge.c,v 1.405 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: if_bge.c,v 1.406 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 2001 Wind River Systems @@ -3251,11 +3251,9 @@ bge_activate(struct device *self, int act) { struct bge_softc *sc = (struct bge_softc *)self; struct ifnet *ifp = &sc->arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: - rv = config_activate_children(self, act); if (ifp->if_flags & IFF_RUNNING) bge_stop(sc, 0); break; @@ -3263,11 +3261,8 @@ bge_activate(struct device *self, int act) if (ifp->if_flags & IFF_UP) bge_init(sc); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } void diff --git a/sys/dev/pci/if_em.c b/sys/dev/pci/if_em.c index 11b26e465..ac77dcc76 100644 --- a/sys/dev/pci/if_em.c +++ b/sys/dev/pci/if_em.c @@ -31,7 +31,7 @@ POSSIBILITY OF SUCH DAMAGE. ***************************************************************************/ -/* $OpenBSD: if_em.c,v 1.377 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: if_em.c,v 1.378 2024/08/31 16:23:09 deraadt Exp $ */ /* $FreeBSD: if_em.c,v 1.46 2004/09/29 18:28:28 mlaier Exp $ */ #include @@ -2076,24 +2076,18 @@ em_activate(struct device *self, int act) { struct em_softc *sc = (struct em_softc *)self; struct ifnet *ifp = &sc->sc_ac.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) em_stop(sc, 0); - /* We have no children atm, but we will soon */ - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) em_init(sc); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } /********************************************************************* diff --git a/sys/dev/pci/if_ix.c b/sys/dev/pci/if_ix.c index 08d04a94c..b447547c3 100644 --- a/sys/dev/pci/if_ix.c +++ b/sys/dev/pci/if_ix.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ix.c,v 1.215 2024/05/21 11:19:39 bluhm Exp $ */ +/* $OpenBSD: if_ix.c,v 1.216 2024/08/31 16:23:09 deraadt Exp $ */ /****************************************************************************** @@ -401,7 +401,6 @@ ixgbe_activate(struct device *self, int act) struct ifnet *ifp = &sc->arpcom.ac_if; struct ixgbe_hw *hw = &sc->hw; uint32_t ctrl_ext; - int rv = 0; switch (act) { case DVACT_QUIESCE: @@ -430,10 +429,8 @@ ixgbe_activate(struct device *self, int act) if (ifp->if_flags & IFF_UP) ixgbe_init(sc); break; - default: - break; } - return (rv); + return (0); } /********************************************************************* diff --git a/sys/dev/pci/if_lii.c b/sys/dev/pci/if_lii.c index 96c980fb0..df05659a8 100644 --- a/sys/dev/pci/if_lii.c +++ b/sys/dev/pci/if_lii.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_lii.c,v 1.47 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: if_lii.c,v 1.48 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 2007 The NetBSD Foundation. @@ -282,23 +282,18 @@ lii_activate(struct device *self, int act) { struct lii_softc *sc = (struct lii_softc *)self; struct ifnet *ifp = &sc->sc_ac.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) lii_stop(ifp); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) lii_init(ifp); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } int diff --git a/sys/dev/pci/if_msk.c b/sys/dev/pci/if_msk.c index eb6b4b86e..ebab42a29 100644 --- a/sys/dev/pci/if_msk.c +++ b/sys/dev/pci/if_msk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_msk.c,v 1.144 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: if_msk.c,v 1.145 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 1997, 1998, 1999, 2000 @@ -1173,7 +1173,6 @@ msk_activate(struct device *self, int act) { struct sk_if_softc *sc_if = (void *)self; struct ifnet *ifp = &sc_if->arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_RESUME: @@ -1181,11 +1180,8 @@ msk_activate(struct device *self, int act) if (ifp->if_flags & IFF_RUNNING) msk_init(sc_if); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } int diff --git a/sys/dev/pci/if_nfe.c b/sys/dev/pci/if_nfe.c index 56d5b06b9..308c6b2f3 100644 --- a/sys/dev/pci/if_nfe.c +++ b/sys/dev/pci/if_nfe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_nfe.c,v 1.126 2024/05/24 06:02:56 jsg Exp $ */ +/* $OpenBSD: if_nfe.c,v 1.127 2024/08/31 16:23:09 deraadt Exp $ */ /*- * Copyright (c) 2006, 2007 Damien Bergamini @@ -162,23 +162,18 @@ nfe_activate(struct device *self, int act) { struct nfe_softc *sc = (struct nfe_softc *)self; struct ifnet *ifp = &sc->sc_arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) nfe_stop(ifp, 0); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) nfe_init(ifp); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } diff --git a/sys/dev/pci/if_re_pci.c b/sys/dev/pci/if_re_pci.c index 3f9d61d20..621301418 100644 --- a/sys/dev/pci/if_re_pci.c +++ b/sys/dev/pci/if_re_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_re_pci.c,v 1.58 2024/05/24 06:02:56 jsg Exp $ */ +/* $OpenBSD: if_re_pci.c,v 1.59 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 2005 Peter Valchev @@ -247,6 +247,5 @@ re_pci_activate(struct device *self, int act) re_init(ifp); break; } - return (0); } diff --git a/sys/dev/pci/if_rge.c b/sys/dev/pci/if_rge.c index c30c4c995..27b193590 100644 --- a/sys/dev/pci/if_rge.c +++ b/sys/dev/pci/if_rge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_rge.c,v 1.34 2024/08/21 01:22:31 dlg Exp $ */ +/* $OpenBSD: if_rge.c,v 1.35 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 2019, 2020, 2023, 2024 @@ -324,20 +324,15 @@ rge_activate(struct device *self, int act) #ifndef SMALL_KERNEL struct rge_softc *sc = (struct rge_softc *)self; #endif - int rv = 0; switch (act) { case DVACT_POWERDOWN: - rv = config_activate_children(self, act); #ifndef SMALL_KERNEL rge_wol_power(sc); #endif break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } int diff --git a/sys/dev/pci/if_se.c b/sys/dev/pci/if_se.c index 29b014890..4a5b40dc5 100644 --- a/sys/dev/pci/if_se.c +++ b/sys/dev/pci/if_se.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_se.c,v 1.25 2024/05/24 06:02:56 jsg Exp $ */ +/* $OpenBSD: if_se.c,v 1.26 2024/08/31 16:23:09 deraadt Exp $ */ /*- * Copyright (c) 2009, 2010 Christopher Zimmermann @@ -732,24 +732,18 @@ se_activate(struct device *self, int act) { struct se_softc *sc = (struct se_softc *)self; struct ifnet *ifp = &sc->sc_ac.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) se_stop(sc); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) (void)se_init(ifp); break; - default: - rv = config_activate_children(self, act); - break; } - - return (rv); + return (0); } /* diff --git a/sys/dev/pci/if_sis.c b/sys/dev/pci/if_sis.c index 7a0ca58df..00721192d 100644 --- a/sys/dev/pci/if_sis.c +++ b/sys/dev/pci/if_sis.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_sis.c,v 1.145 2024/05/24 06:02:56 jsg Exp $ */ +/* $OpenBSD: if_sis.c,v 1.146 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 1997, 1998, 1999 * Bill Paul . All rights reserved. @@ -1219,23 +1219,18 @@ sis_activate(struct device *self, int act) { struct sis_softc *sc = (struct sis_softc *)self; struct ifnet *ifp = &sc->arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) sis_stop(sc); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) sis_init(sc); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } /* diff --git a/sys/dev/pci/if_sk.c b/sys/dev/pci/if_sk.c index 880d2ab6f..021205c6b 100644 --- a/sys/dev/pci/if_sk.c +++ b/sys/dev/pci/if_sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_sk.c,v 1.197 2024/06/26 01:40:49 jsg Exp $ */ +/* $OpenBSD: if_sk.c,v 1.198 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 1997, 1998, 1999, 2000 @@ -1126,7 +1126,6 @@ sk_activate(struct device *self, int act) { struct sk_if_softc *sc_if = (void *)self; struct ifnet *ifp = &sc_if->arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_RESUME: @@ -1134,11 +1133,8 @@ sk_activate(struct device *self, int act) if (ifp->if_flags & IFF_RUNNING) sk_init(sc_if); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } int diff --git a/sys/dev/pci/if_vr.c b/sys/dev/pci/if_vr.c index 6cef3b7a9..8b24b45cd 100644 --- a/sys/dev/pci/if_vr.c +++ b/sys/dev/pci/if_vr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vr.c,v 1.161 2024/05/24 06:02:57 jsg Exp $ */ +/* $OpenBSD: if_vr.c,v 1.162 2024/08/31 16:23:09 deraadt Exp $ */ /* * Copyright (c) 1997, 1998 @@ -681,23 +681,18 @@ vr_activate(struct device *self, int act) { struct vr_softc *sc = (struct vr_softc *)self; struct ifnet *ifp = &sc->arpcom.ac_if; - int rv = 0; switch (act) { case DVACT_SUSPEND: if (ifp->if_flags & IFF_RUNNING) vr_stop(sc); - rv = config_activate_children(self, act); break; case DVACT_RESUME: if (ifp->if_flags & IFF_UP) vr_init(sc); break; - default: - rv = config_activate_children(self, act); - break; } - return (rv); + return (0); } /* diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index e131165b9..6e1eb2d0c 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.366 2024/07/10 09:12:11 krw Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.367 2024/08/31 15:52:09 deraadt Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -1971,7 +1971,7 @@ dofaccessat(struct proc *p, int fd, const char *path, int amode, int flag) struct vnode *vp; struct ucred *newcred, *oldcred; struct nameidata nd; - int error; + int vflags = 0, error; if (amode & ~(R_OK | W_OK | X_OK)) return (EINVAL); @@ -1996,21 +1996,22 @@ dofaccessat(struct proc *p, int fd, const char *path, int amode, int flag) NDINITAT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, fd, path, p); nd.ni_pledge = PLEDGE_RPATH; nd.ni_unveil = UNVEIL_READ; + if (amode & R_OK) + vflags |= VREAD; + if (amode & W_OK) { + vflags |= VWRITE; + nd.ni_unveil |= UNVEIL_WRITE; + } + if (amode & X_OK) { + vflags |= VEXEC; + nd.ni_unveil |= UNVEIL_EXEC; + } if ((error = namei(&nd)) != 0) goto out; vp = nd.ni_vp; /* Flags == 0 means only check for existence. */ if (amode) { - int vflags = 0; - - if (amode & R_OK) - vflags |= VREAD; - if (amode & W_OK) - vflags |= VWRITE; - if (amode & X_OK) - vflags |= VEXEC; - error = VOP_ACCESS(vp, vflags, p->p_ucred, p); if (!error && (vflags & VWRITE)) error = vn_writechk(vp); diff --git a/usr.bin/openssl/ocsp.c b/usr.bin/openssl/ocsp.c index ace843cce..d35940a7a 100644 --- a/usr.bin/openssl/ocsp.c +++ b/usr.bin/openssl/ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp.c,v 1.25 2024/08/30 17:26:44 tb Exp $ */ +/* $OpenBSD: ocsp.c,v 1.26 2024/08/31 18:39:25 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -187,40 +187,53 @@ ocsp_opt_cert_id_md(int argc, char **argv, int *argsused) static int x509v3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) + STACK_OF(CONF_VALUE) **out_extlist) { - CONF_VALUE *vtmp = NULL; - STACK_OF(CONF_VALUE) *free_exts = NULL; + STACK_OF(CONF_VALUE) *extlist = NULL; + CONF_VALUE *conf_value = NULL; + int ret = 0; - if ((vtmp = calloc(1, sizeof(CONF_VALUE))) == NULL) + if ((conf_value = calloc(1, sizeof(*conf_value))) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; + } if (name != NULL) { - if ((vtmp->name = strdup(name)) == NULL) + if ((conf_value->name = strdup(name)) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; + } } if (value != NULL) { - if ((vtmp->value = strdup(value)) == NULL) + if ((conf_value->value = strdup(value)) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; + } } - if (*extlist == NULL) { - if ((free_exts = *extlist = sk_CONF_VALUE_new_null()) == NULL) - goto err; - } - - if (!sk_CONF_VALUE_push(*extlist, vtmp)) + if ((extlist = *out_extlist) == NULL) + extlist = sk_CONF_VALUE_new_null(); + if (extlist == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; + } - return 1; + if (!sk_CONF_VALUE_push(extlist, conf_value)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + conf_value = NULL; + + *out_extlist = extlist; + extlist = NULL; + + ret = 1; err: - X509V3error(ERR_R_MALLOC_FAILURE); - X509V3_conf_free(vtmp); - if (free_exts != NULL) { - sk_CONF_VALUE_free(*extlist); - *extlist = NULL; - } - return 0; + if (extlist != *out_extlist) + sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); + X509V3_conf_free(conf_value); + + return ret; } static int