diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 06bb1ec6b..8c3d05bd4 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.174 2024/03/02 13:39:28 tb Exp $ +# $OpenBSD: Makefile,v 1.175 2024/03/19 19:27:33 tb Exp $ LIB= crypto LIBREBUILD=y @@ -69,7 +69,6 @@ SRCS+= malloc-wrapper.c SRCS+= mem_clr.c SRCS+= mem_dbg.c SRCS+= o_fips.c -SRCS+= o_init.c SRCS+= o_str.c # aes/ diff --git a/lib/libcrypto/crypto_init.c b/lib/libcrypto/crypto_init.c index 56f4460e6..ddd3ec19b 100644 --- a/lib/libcrypto/crypto_init.c +++ b/lib/libcrypto/crypto_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_init.c,v 1.18 2024/01/25 12:22:31 tb Exp $ */ +/* $OpenBSD: crypto_init.c,v 1.19 2024/03/19 19:27:33 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck * @@ -37,6 +37,11 @@ static pthread_once_t crypto_init_once = PTHREAD_ONCE_INIT; static pthread_t crypto_init_thread; static int crypto_init_cleaned_up; +void +OPENSSL_init(void) +{ +} + static void OPENSSL_init_crypto_internal(void) { diff --git a/lib/libcrypto/man/EVP_DigestInit.3 b/lib/libcrypto/man/EVP_DigestInit.3 index a578d99e1..bb7a847d4 100644 --- a/lib/libcrypto/man/EVP_DigestInit.3 +++ b/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_DigestInit.3,v 1.32 2024/03/05 17:21:40 tb Exp $ +.\" $OpenBSD: EVP_DigestInit.3,v 1.33 2024/03/19 17:34:05 tb Exp $ .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -70,7 +70,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 5 2024 $ +.Dd $Mdocdate: March 19 2024 $ .Dt EVP_DIGESTINIT 3 .Os .Sh NAME @@ -547,7 +547,7 @@ main(int argc, char *argv[]) .Xr OCSP_request_sign 3 , .Xr PKCS5_PBKDF2_HMAC 3 , .Xr PKCS7_sign_add_signer 3 , -.Xr X509_ALGOR_set_md 3 , +.Xr X509_ALGOR_set0 3 , .Xr X509_digest 3 , .Xr X509_sign 3 .Sh HISTORY diff --git a/lib/libcrypto/man/OPENSSL_malloc.3 b/lib/libcrypto/man/OPENSSL_malloc.3 index 508867132..7779a3ec0 100644 --- a/lib/libcrypto/man/OPENSSL_malloc.3 +++ b/lib/libcrypto/man/OPENSSL_malloc.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_malloc.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $ +.\" $OpenBSD: OPENSSL_malloc.3,v 1.12 2024/03/19 17:48:57 tb Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,16 +14,14 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 16 2023 $ +.Dd $Mdocdate: March 19 2024 $ .Dt OPENSSL_MALLOC 3 .Os .Sh NAME .Nm OPENSSL_malloc , -.Nm OPENSSL_realloc , .Nm OPENSSL_free , .Nm OPENSSL_strdup , .Nm CRYPTO_malloc , -.Nm CRYPTO_realloc , .Nm CRYPTO_free , .Nm CRYPTO_strdup .Nd legacy OpenSSL memory allocation wrappers @@ -33,11 +31,6 @@ .Fo OPENSSL_malloc .Fa "size_t num" .Fc -.Ft void * -.Fo OPENSSL_realloc -.Fa "void *addr" -.Fa "size_t num" -.Fc .Ft void .Fo OPENSSL_free .Fa "void *addr" @@ -52,13 +45,6 @@ .Fa "const char *file" .Fa "int line" .Fc -.Ft void * -.Fo CRYPTO_realloc -.Fa "void *p" -.Fa "size_t num" -.Fa "const char *file" -.Fa "int line" -.Fc .Ft void .Fo CRYPTO_free .Fa "void *str" @@ -78,7 +64,6 @@ They are provided purely for compatibility with legacy application code. All 8 of these functions are wrappers around the corresponding standard .Xr malloc 3 , -.Xr realloc 3 , .Xr free 3 , and .Xr strdup 3 @@ -93,15 +78,13 @@ standard functions. .Sh SEE ALSO .Xr crypto 3 .Sh HISTORY -.Fn CRYPTO_malloc , -.Fn CRYPTO_realloc , +.Fn CRYPTO_malloc and .Fn CRYPTO_free first appeared in SSLeay 0.6.4 and have been available since .Ox 2.4 . .Pp -.Fn OPENSSL_malloc , -.Fn OPENSSL_realloc , +.Fn OPENSSL_malloc and .Fn OPENSSL_free first appeared in OpenSSL 0.9.6 and have been available since diff --git a/lib/libcrypto/man/X509_ALGOR_dup.3 b/lib/libcrypto/man/X509_ALGOR_dup.3 index 29fd9a60f..ef7ca7586 100644 --- a/lib/libcrypto/man/X509_ALGOR_dup.3 +++ b/lib/libcrypto/man/X509_ALGOR_dup.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_ALGOR_dup.3,v 1.22 2023/10/13 05:49:34 tb Exp $ +.\" $OpenBSD: X509_ALGOR_dup.3,v 1.23 2024/03/19 17:34:05 tb Exp $ .\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400 .\" .\" This file is a derived work. @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 13 2023 $ +.Dd $Mdocdate: March 19 2024 $ .Dt X509_ALGOR_DUP 3 .Os .Sh NAME @@ -75,7 +75,6 @@ .Nm X509_ALGOR_dup , .Nm X509_ALGOR_set0 , .Nm X509_ALGOR_get0 , -.Nm X509_ALGOR_set_md , .Nm X509_ALGOR_cmp .Nd create, change, and inspect algorithm identifiers .Sh SYNOPSIS @@ -102,11 +101,6 @@ .Fa "const void **ppval" .Fa "const X509_ALGOR *alg" .Fc -.Ft void -.Fo X509_ALGOR_set_md -.Fa "X509_ALGOR *alg" -.Fa "const EVP_MD *md" -.Fc .Ft int .Fo X509_ALGOR_cmp .Fa "const X509_ALGOR *a" @@ -240,22 +234,6 @@ then .Pf * Fa ppval Ns 's value is undefined. .Pp -.Fn X509_ALGOR_set_md -sets -.Fa alg -to appropriate values for the message digest -.Fa md . -If the -.Dv EVP_MD_FLAG_DIGALGID_ABSENT -flag is not set on -.Fa md , -.Fn X509_ALGOR_set_md -can leave -.Fa alg -in a corrupted state due to memory allocation failure. -This problem can be avoided by preallocating with an error-checked call to -.Fn X509_ALGOR_set0 alg NULL 0 NULL . -.Pp .Fn X509_ALGOR_cmp compares .Fa a @@ -317,10 +295,3 @@ first appeared in OpenSSL 0.9.8h and have been available since first appeared in OpenSSL 0.9.8zd, 1.0.0p, and 1.0.1k and has been available since .Ox 4.9 . -.Pp -.Fn X509_ALGOR_set_md -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . -.Sh BUGS -.Fn X509_ALGOR_set_md -can fail but cannot communicate failure to the caller. diff --git a/lib/libcrypto/man/evp.3 b/lib/libcrypto/man/evp.3 index 0222dd66b..8a3133bd0 100644 --- a/lib/libcrypto/man/evp.3 +++ b/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: evp.3,v 1.29 2024/03/06 02:34:14 tb Exp $ +.\" $OpenBSD: evp.3,v 1.30 2024/03/19 17:34:05 tb Exp $ .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Ulf Moeller , @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 6 2024 $ +.Dd $Mdocdate: March 19 2024 $ .Dt EVP 3 .Os .Sh NAME @@ -232,7 +232,7 @@ family of functions provides base64 encoding and decoding. .Xr PKCS7_sign 3 , .Xr RSA_pkey_ctx_ctrl 3 , .Xr SSL_CTX_set_tlsext_ticket_key_cb 3 , -.Xr X509_ALGOR_set_md 3 , +.Xr X509_ALGOR_set0 3 , .Xr X509_check_private_key 3 , .Xr X509_digest 3 , .Xr X509_get_pubkey 3 , diff --git a/lib/libcrypto/o_init.c b/lib/libcrypto/o_init.c deleted file mode 100644 index 2f819eac9..000000000 --- a/lib/libcrypto/o_init.c +++ /dev/null @@ -1,10 +0,0 @@ -/* $OpenBSD: o_init.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */ -/* Ted Unangst places this file in the public domain. */ - -#include - -void -OPENSSL_init(void) -{ - -} diff --git a/sys/net/if_sec.c b/sys/net/if_sec.c index 7e4e5f57f..a5a38a06f 100644 --- a/sys/net/if_sec.c +++ b/sys/net/if_sec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_sec.c,v 1.10 2024/01/24 00:17:01 dlg Exp $ */ +/* $OpenBSD: if_sec.c,v 1.11 2024/03/19 03:49:11 dlg Exp $ */ /* * Copyright (c) 2022 The University of Queensland @@ -327,7 +327,7 @@ sec_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, error = if_enqueue(ifp, m); if (error != 0) - counters_inc(ifp->if_counters, ifc_oerrors); + counters_inc(ifp->if_counters, ifc_oqdrops); return (error); diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 3c71238a8..309ac438e 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.127 2024/02/16 14:48:47 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.128 2024/03/19 05:04:13 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Job Snijders @@ -1198,7 +1198,7 @@ auth_find(struct auth_tree *auths, const char *aki) } struct auth * -auth_insert(struct auth_tree *auths, struct cert *cert, struct auth *parent) +auth_insert(struct auth_tree *auths, struct cert *cert, struct auth *issuer) { struct auth *na; @@ -1206,7 +1206,7 @@ auth_insert(struct auth_tree *auths, struct cert *cert, struct auth *parent) if (na == NULL) err(1, NULL); - na->parent = parent; + na->issuer = issuer; na->cert = cert; na->any_inherits = x509_any_inherits(cert->x509); diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index cca436a1c..142c26e52 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.211 2024/03/17 01:44:59 tb Exp $ */ +/* $OpenBSD: extern.h,v 1.212 2024/03/19 05:04:13 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -26,7 +26,7 @@ enum cert_as_type { CERT_AS_ID, /* single identifier */ - CERT_AS_INHERIT, /* inherit from parent */ + CERT_AS_INHERIT, /* inherit from issuer */ CERT_AS_RANGE, /* range of identifiers */ }; @@ -376,7 +376,7 @@ struct gbr { * A single ASPA record */ struct aspa { - int valid; /* contained in parent auth */ + int valid; /* contained in issuer auth */ int talid; /* TAL the ASPA is chained up to */ char *aia; /* AIA */ char *aki; /* AKI */ @@ -491,7 +491,7 @@ RB_HEAD(crl_tree, crl); struct auth { RB_ENTRY(auth) entry; struct cert *cert; /* owner information */ - struct auth *parent; /* pointer to parent or NULL for TA cert */ + struct auth *issuer; /* pointer to issuer or NULL for TA cert */ int any_inherits; }; /* diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c index 5daf03b72..90f20bf74 100644 --- a/usr.sbin/rpki-client/filemode.c +++ b/usr.sbin/rpki-client/filemode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filemode.c,v 1.38 2024/02/22 12:49:42 job Exp $ */ +/* $OpenBSD: filemode.c,v 1.39 2024/03/19 05:04:13 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -268,13 +268,13 @@ print_signature_path(const char *crl, const char *aia, const struct auth *a) if (aia != NULL) printf(" %s\n", aia); - for (; a != NULL; a = a->parent) { + for (; a != NULL; a = a->issuer) { if (a->cert->crl != NULL) printf(" %s\n", a->cert->crl); - if (a->parent != NULL && a->parent->cert != NULL && - a->parent->cert->mft != NULL) + if (a->issuer != NULL && a->issuer->cert != NULL && + a->issuer->cert->mft != NULL) printf(" %s\n", - a->parent->cert->mft); + a->issuer->cert->mft); if (a->cert->aia != NULL) printf(" %s\n", a->cert->aia); } diff --git a/usr.sbin/rpki-client/ip.c b/usr.sbin/rpki-client/ip.c index 8cd936a75..3e021f08a 100644 --- a/usr.sbin/rpki-client/ip.c +++ b/usr.sbin/rpki-client/ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip.c,v 1.32 2023/12/27 07:15:55 tb Exp $ */ +/* $OpenBSD: ip.c,v 1.33 2024/03/19 05:04:13 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -72,7 +72,7 @@ ip_addr_afi_parse(const char *fn, const ASN1_OCTET_STRING *p, enum afi *afi) * specified in the "ips" array. * This means that the IP prefix must be strictly within the ranges or * singletons given in the array. - * Return 0 if we're inheriting from the parent, >0 if we're covered, + * Return 0 if we're inheriting from the issuer, >0 if we're covered, * or <0 if we're not covered. */ int diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 6bb52a6a7..a3f4e70fd 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.130 2024/03/01 08:10:09 tb Exp $ */ +/* $OpenBSD: parser.c,v 1.131 2024/03/19 05:04:13 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -670,7 +670,7 @@ proc_parser_tak(char *file, const unsigned char *der, size_t len, } /* TAK EE must be signed by self-signed CA */ - if (a->parent != NULL) + if (a->issuer != NULL) goto out; tak->talid = a->cert->talid; diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index 5d4656cb5..73cf42eb0 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.72 2024/02/22 12:49:42 job Exp $ */ +/* $OpenBSD: validate.c,v 1.73 2024/03/19 05:04:13 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -50,7 +50,7 @@ valid_as(struct auth *a, uint32_t min, uint32_t max) return 0; /* If it inherits, walk up the chain. */ - return valid_as(a->parent, min, max); + return valid_as(a->issuer, min, max); } /* @@ -76,13 +76,13 @@ valid_ip(struct auth *a, enum afi afi, return 0; /* If it inherits, walk up the chain. */ - return valid_ip(a->parent, afi, min, max); + return valid_ip(a->issuer, afi, min, max); } /* * Make sure the AKI is the same as the AKI listed on the Manifest, * and that the SKI doesn't already exist. - * Return the parent by its AKI, or NULL on failure. + * Return the issuer by its AKI, or NULL on failure. */ struct auth * valid_ski_aki(const char *fn, struct auth_tree *auths, @@ -357,7 +357,7 @@ build_chain(const struct auth *a, STACK_OF(X509) **intermediates, err(1, "sk_X509_new_null"); if ((*root = sk_X509_new_null()) == NULL) err(1, "sk_X509_new_null"); - for (; a != NULL; a = a->parent) { + for (; a != NULL; a = a->issuer) { assert(a->cert->x509 != NULL); if (!a->any_inherits) { if (!sk_X509_push(*root, a->cert->x509)) diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c index 5646eb715..86ba7689a 100644 --- a/usr.sbin/rpki-client/x509.c +++ b/usr.sbin/rpki-client/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.81 2024/02/22 12:49:42 job Exp $ */ +/* $OpenBSD: x509.c,v 1.82 2024/03/19 05:04:13 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Claudio Jeker @@ -1046,7 +1046,7 @@ x509_find_expires(time_t notafter, struct auth *a, struct crl_tree *crlt) expires = notafter; - for (; a != NULL; a = a->parent) { + for (; a != NULL; a = a->issuer) { if (expires > a->cert->notafter) expires = a->cert->notafter; crl = crl_get(crlt, a);