sync with OpenBSD -current

lib/libcrypto/evp/e_chacha20poly1305.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.35 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.36 2024/05/22 14:02:08 tb Exp $ */
 
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
@@ -493,6 +493,8 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 	/* Update with AD or plaintext/ciphertext. */
 	if (in != NULL) {
+		if (!ctx->encrypt || out == NULL)
+			CRYPTO_poly1305_update(&cpx->poly1305, in, len);
 		if (out == NULL) {
 			cpx->ad_len += len;
 			cpx->in_ad = 1;
@@ -502,8 +504,6 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		}
 		if (ctx->encrypt && out != NULL)
 			CRYPTO_poly1305_update(&cpx->poly1305, out, len);
-		else
-			CRYPTO_poly1305_update(&cpx->poly1305, in, len);
 
 		return len;
 	}

lib/libcrypto/man/X509v3_get_ext_by_NID.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_get_ext_by_NID.3,v 1.13 2021/07/12 14:54:00 schwarze Exp $
+.\" $OpenBSD: X509v3_get_ext_by_NID.3,v 1.15 2024/05/22 09:44:10 tb Exp $
 .\" full merge up to: OpenSSL fd38836b Jun 20 15:25:43 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 12 2021 $
+.Dd $Mdocdate: May 22 2024 $
 .Dt X509V3_GET_EXT_BY_NID 3
 .Os
 .Sh NAME
@@ -248,7 +248,7 @@ from
 The index
 .Fa loc
 can take any value from 0 to
-.Fn X509_get_ext_count x No - 1 .
+.Fn X509_get_ext_count x No \- 1 .
 The returned extension is an internal pointer which must not be
 freed up by the application.
 .Pp
@@ -265,9 +265,9 @@ The search starts from the extension after
 .Fa lastpos
 or from the beginning if
 .Fa lastpos
-is -1.
-If the extension is found, its index is returned; otherwise, -1 is
-returned.
+is \-1.
+If the extension is found, its index is returned; otherwise, a negative
+value is returned.
 .Pp
 .Fn X509v3_get_ext_by_critical
 is similar to
@@ -300,7 +300,7 @@ at position
 .Fa loc .
 If
 .Fa loc
-is -1, the new extension is added to the end.
+is \-1, the new extension is added to the end.
 If
 .Pf * Fa x
 is
@@ -358,7 +358,7 @@ These search functions start from the extension
 .Em after
 the
 .Fa lastpos
-parameter, so it should initially be set to -1.
+parameter, so it should initially be set to \-1.
 If it is set to 0, the initial extension will not be checked.
 .Sh RETURN VALUES
 .Fn X509v3_get_ext_count
@@ -378,7 +378,13 @@ if an error occurs.
 .Fn X509v3_get_ext_by_OBJ ,
 and
 .Fn X509v3_get_ext_by_critical
-return the extension index or -1 if an error occurs.
+return the extension index or \-1 if an error occurs.
+In addition,
+.Fn X509v3_get_ext_by_NID
+returns \-2 if
+.Xr OBJ_nid2obj 3
+fails on the requested
+.Fa nid .
 .Pp
 .Fn X509v3_add_ext
 returns a stack of extensions or
@@ -388,6 +394,7 @@ on error.
 .Fn X509_add_ext
 returns 1 on success or 0 on error.
 .Sh SEE ALSO
+.Xr OBJ_nid2obj 3 ,
 .Xr X509_CRL_new 3 ,
 .Xr X509_EXTENSION_new 3 ,
 .Xr X509_new 3 ,

lib/libcrypto/x509/x509_v3.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_v3.c,v 1.22 2024/05/16 13:19:09 tb Exp $ */
+/* $OpenBSD: x509_v3.c,v 1.30 2024/05/23 02:00:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -69,23 +69,24 @@
 #include "x509_local.h"
 
 int
-X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
+X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *sk)
 {
-	if (x == NULL)
+	if (sk == NULL)
 		return 0;
-	return sk_X509_EXTENSION_num(x);
+
+	return sk_X509_EXTENSION_num(sk);
 }
 LCRYPTO_ALIAS(X509v3_get_ext_count);
 
 int
-X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, int lastpos)
+X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *sk, int nid, int lastpos)
 {
-	ASN1_OBJECT *obj;
+	const ASN1_OBJECT *obj;
 
-	obj = OBJ_nid2obj(nid);
-	if (obj == NULL)
+	if ((obj = OBJ_nid2obj(nid)) == NULL)
 		return -2;
-	return X509v3_get_ext_by_OBJ(x, obj, lastpos);
+
+	return X509v3_get_ext_by_OBJ(sk, obj, lastpos);
 }
 LCRYPTO_ALIAS(X509v3_get_ext_by_NID);
 
@@ -94,7 +95,7 @@ X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
     const ASN1_OBJECT *obj, int lastpos)
 {
 	int n;
-	X509_EXTENSION *ex;
+	X509_EXTENSION *ext;
 
 	if (sk == NULL)
 		return -1;
@@ -103,8 +104,8 @@ X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
 		lastpos = 0;
 	n = sk_X509_EXTENSION_num(sk);
 	for (; lastpos < n; lastpos++) {
-		ex = sk_X509_EXTENSION_value(sk, lastpos);
-		if (OBJ_cmp(ex->object, obj) == 0)
+		ext = sk_X509_EXTENSION_value(sk, lastpos);
+		if (OBJ_cmp(ext->object, obj) == 0)
 			return lastpos;
 	}
 	return -1;
@@ -116,7 +117,7 @@ X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
     int lastpos)
 {
 	int n;
-	X509_EXTENSION *ex;
+	X509_EXTENSION *ext;
 
 	if (sk == NULL)
 		return -1;
@@ -125,9 +126,9 @@ X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
 		lastpos = 0;
 	n = sk_X509_EXTENSION_num(sk);
 	for (; lastpos < n; lastpos++) {
-		ex = sk_X509_EXTENSION_value(sk, lastpos);
-		if ((ex->critical > 0 && crit) ||
-		    (ex->critical <= 0 && !crit))
+		ext = sk_X509_EXTENSION_value(sk, lastpos);
+		if ((ext->critical > 0 && crit) ||
+		    (ext->critical <= 0 && !crit))
 			return lastpos;
 	}
 	return -1;
@@ -135,31 +136,29 @@ X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
 LCRYPTO_ALIAS(X509v3_get_ext_by_critical);
 
 X509_EXTENSION *
-X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
+X509v3_get_ext(const STACK_OF(X509_EXTENSION) *sk, int loc)
 {
-	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+	if (sk == NULL || sk_X509_EXTENSION_num(sk) <= loc || loc < 0)
 		return NULL;
-	else
-		return sk_X509_EXTENSION_value(x, loc);
+
+	return sk_X509_EXTENSION_value(sk, loc);
 }
 LCRYPTO_ALIAS(X509v3_get_ext);
 
 X509_EXTENSION *
-X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
+X509v3_delete_ext(STACK_OF(X509_EXTENSION) *sk, int loc)
 {
-	X509_EXTENSION *ret;
-
-	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+	if (sk == NULL || sk_X509_EXTENSION_num(sk) <= loc || loc < 0)
 		return NULL;
-	ret = sk_X509_EXTENSION_delete(x, loc);
-	return ret;
+
+	return sk_X509_EXTENSION_delete(sk, loc);
 }
 LCRYPTO_ALIAS(X509v3_delete_ext);
 
 STACK_OF(X509_EXTENSION) *
-X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc)
+X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ext, int loc)
 {
-	X509_EXTENSION *new_ex = NULL;
+	X509_EXTENSION *new_ext = NULL;
 	int n;
 	STACK_OF(X509_EXTENSION) *sk = NULL;
 
@@ -180,19 +179,19 @@ X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc)
 	else if (loc < 0)
 		loc = n;
 
-	if ((new_ex = X509_EXTENSION_dup(ex)) == NULL)
+	if ((new_ext = X509_EXTENSION_dup(ext)) == NULL)
 		goto err2;
-	if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
+	if (!sk_X509_EXTENSION_insert(sk, new_ext, loc))
 		goto err;
 	if (*x == NULL)
 		*x = sk;
 	return sk;
 
-err:
+ err:
 	X509error(ERR_R_MALLOC_FAILURE);
-err2:
-	if (new_ex != NULL)
-		X509_EXTENSION_free(new_ex);
+ err2:
+	if (new_ext != NULL)
+		X509_EXTENSION_free(new_ext);
 	if (sk != NULL && x != NULL && sk != *x)
 		sk_X509_EXTENSION_free(sk);
 	return NULL;
@@ -200,7 +199,7 @@ err2:
 LCRYPTO_ALIAS(X509v3_add_ext);
 
 X509_EXTENSION *
-X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit,
+X509_EXTENSION_create_by_NID(X509_EXTENSION **ext, int nid, int crit,
     ASN1_OCTET_STRING *data)
 {
 	ASN1_OBJECT *obj;
@@ -211,7 +210,7 @@ X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit,
 		X509error(X509_R_UNKNOWN_NID);
 		return NULL;
 	}
-	ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
+	ret = X509_EXTENSION_create_by_OBJ(ext, obj, crit, data);
 	if (ret == NULL)
 		ASN1_OBJECT_free(obj);
 	return ret;
@@ -219,18 +218,18 @@ X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit,
 LCRYPTO_ALIAS(X509_EXTENSION_create_by_NID);
 
 X509_EXTENSION *
-X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, const ASN1_OBJECT *obj,
+X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ext, const ASN1_OBJECT *obj,
     int crit, ASN1_OCTET_STRING *data)
 {
 	X509_EXTENSION *ret;
 
-	if (ex == NULL || *ex == NULL) {
+	if (ext == NULL || *ext == NULL) {
 		if ((ret = X509_EXTENSION_new()) == NULL) {
 			X509error(ERR_R_MALLOC_FAILURE);
 			return NULL;
 		}
 	} else
-		ret= *ex;
+		ret= *ext;
 
 	if (!X509_EXTENSION_set_object(ret, obj))
 		goto err;
@@ -239,76 +238,78 @@ X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, const ASN1_OBJECT *obj,
 	if (!X509_EXTENSION_set_data(ret, data))
 		goto err;
 
-	if (ex != NULL && *ex == NULL)
-		*ex = ret;
+	if (ext != NULL && *ext == NULL)
+		*ext = ret;
 	return ret;
 
-err:
-	if (ex == NULL || ret != *ex)
+ err:
+	if (ext == NULL || ret != *ext)
 		X509_EXTENSION_free(ret);
 	return NULL;
 }
 LCRYPTO_ALIAS(X509_EXTENSION_create_by_OBJ);
 
 int
-X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj)
+X509_EXTENSION_set_object(X509_EXTENSION *ext, const ASN1_OBJECT *obj)
 {
-	if (ex == NULL || obj == NULL)
+	if (ext == NULL || obj == NULL)
 		return 0;
-	ASN1_OBJECT_free(ex->object);
-	ex->object = OBJ_dup(obj);
-	return ex->object != NULL;
+
+	ASN1_OBJECT_free(ext->object);
+	ext->object = OBJ_dup(obj);
+
+	return ext->object != NULL;
 }
 LCRYPTO_ALIAS(X509_EXTENSION_set_object);
 
 int
-X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
+X509_EXTENSION_set_critical(X509_EXTENSION *ext, int crit)
 {
-	if (ex == NULL)
+	if (ext == NULL)
 		return 0;
-	ex->critical = crit ? 0xFF : -1;
+
+	ext->critical = crit ? 0xFF : -1;
+
 	return 1;
 }
 LCRYPTO_ALIAS(X509_EXTENSION_set_critical);
 
 int
-X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
+X509_EXTENSION_set_data(X509_EXTENSION *ext, ASN1_OCTET_STRING *data)
 {
-	int i;
+	if (ext == NULL)
+		return 0;
 
-	if (ex == NULL)
-		return 0;
-	i = ASN1_STRING_set(ex->value, data->data, data->length);
-	if (!i)
-		return 0;
-	return 1;
+	return ASN1_STRING_set(ext->value, data->data, data->length);
 }
 LCRYPTO_ALIAS(X509_EXTENSION_set_data);
 
 ASN1_OBJECT *
-X509_EXTENSION_get_object(X509_EXTENSION *ex)
+X509_EXTENSION_get_object(X509_EXTENSION *ext)
 {
-	if (ex == NULL)
+	if (ext == NULL)
 		return NULL;
-	return ex->object;
+
+	return ext->object;
 }
 LCRYPTO_ALIAS(X509_EXTENSION_get_object);
 
 ASN1_OCTET_STRING *
-X509_EXTENSION_get_data(X509_EXTENSION *ex)
+X509_EXTENSION_get_data(X509_EXTENSION *ext)
 {
-	if (ex == NULL)
+	if (ext == NULL)
 		return NULL;
-	return ex->value;
+
+	return ext->value;
 }
 LCRYPTO_ALIAS(X509_EXTENSION_get_data);
 
 int
-X509_EXTENSION_get_critical(const X509_EXTENSION *ex)
+X509_EXTENSION_get_critical(const X509_EXTENSION *ext)
 {
-	if (ex == NULL)
+	if (ext == NULL)
 		return 0;
-	if (ex->critical > 0)
+	if (ext->critical > 0)
 		return 1;
 	return 0;
 }