sync with OpenBSD -current

lib/libcrypto/man/CRYPTO_lock.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: CRYPTO_lock.3,v 1.1 2019/03/10 15:00:34 schwarze Exp $
+.\"	$OpenBSD: CRYPTO_lock.3,v 1.2 2024/03/04 09:30:43 tb Exp $
 .\"	OpenSSL doc/crypto/threads.pod fb552ac6 Sep 30 23:43:01 2009 +0000
 .\"
 .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
@@ -15,14 +15,10 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 10 2019 $
+.Dd $Mdocdate: March 4 2024 $
 .Dt CRYPTO_LOCK 3
 .Os
 .Sh NAME
-.Nm CRYPTO_THREADID_current ,
-.Nm CRYPTO_THREADID_cmp ,
-.Nm CRYPTO_THREADID_cpy ,
-.Nm CRYPTO_THREADID_hash ,
 .Nm CRYPTO_lock ,
 .Nm CRYPTO_w_lock ,
 .Nm CRYPTO_w_unlock ,
@@ -33,24 +29,6 @@
 .Sh SYNOPSIS
 .In openssl/crypto.h
 .Ft void
-.Fo CRYPTO_THREADID_current
-.Fa "CRYPTO_THREADID *id"
-.Fc
-.Ft int
-.Fo CRYPTO_THREADID_cmp
-.Fa "const CRYPTO_THREADID *a"
-.Fa "const CRYPTO_THREADID *b"
-.Fc
-.Ft void
-.Fo CRYPTO_THREADID_cpy
-.Fa "CRYPTO_THREADID *dest"
-.Fa "const CRYPTO_THREADID *src"
-.Fc
-.Ft unsigned long
-.Fo CRYPTO_THREADID_hash
-.Fa "const CRYPTO_THREADID *id"
-.Fc
-.Ft void
 .Fo CRYPTO_lock
 .Fa "int mode"
 .Fa "int type"
@@ -75,18 +53,6 @@
 .Ed
 .Sh DESCRIPTION
 These functions are obsolete.
-.Pp
-.Fn CRYPTO_THREADID_current
-stores a unique identifier of the currently executing thread
-into the opaque object
-.Fa id .
-.Pp
-.Fn CRYPTO_THREADID_cpy
-copies the contents of
-.Fa src
-to
-.Fa dest .
-.Pp
 .Fn CRYPTO_lock
 locks or unlocks a mutex lock.
 .Pp
@@ -135,20 +101,6 @@ and unlocks the lock number
 .Fa type
 again.
 .Sh RETURN VALUES
-.Fn CRYPTO_THREADID_cmp
-returns 0 if
-.Fa a
-and
-.Fa b
-refer to the same thread or a non-zero value otherwise.
-.Pp
-.Fn CRYPTO_THREADID_hash
-returns a numeric value usable as a hash-table key.
-In the LibreSSL implementation, it is the value returned from
-.Xr pthread_self 3
-for the thread
-.Fa id .
-.Pp
 .Fn CRYPTO_add
 returns the new value of
 .Pf * Fa p .
@@ -166,11 +118,3 @@ first appeared in SSLeay 0.6.0.
 first appeared in SSLeay 0.6.2.
 These functions have been available since
 .Ox 2.4 .
-.Pp
-.Fn CRYPTO_THREADID_current ,
-.Fn CRYPTO_THREADID_cmp ,
-.Fn CRYPTO_THREADID_cpy ,
-and
-.Fn CRYPTO_THREADID_hash
-first appeared in OpenSSL 1.0.0 and have been available since
-.Ox 4.9 .

lib/libcrypto/man/EVP_CIPHER_meth_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.5 2023/09/10 05:22:46 jsg Exp $
+.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.6 2024/03/04 09:49:07 tb Exp $
 .\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 10 2023 $
+.Dd $Mdocdate: March 4 2024 $
 .Dt EVP_CIPHER_METH_NEW 3
 .Os
 .Sh NAME
@@ -233,18 +233,6 @@ function with a command
 of
 .Dv EVP_CTRL_INIT
 early during the setup.
-.It Dv EVP_CIPH_CUSTOM_KEY_LENGTH
-Instruct
-.Xr EVP_CIPHER_CTX_set_key_length 3
-to not check and set the key length itself,
-but to leave that to the implementation by instead calling its
-.Fa ctrl
-function with a command
-.Fa type
-of
-.Dv EVP_CTRL_SET_KEY_LENGTH
-and the key length in
-.Fa arg .
 .It Dv EVP_CIPH_NO_PADDING
 Instruct
 .Xr EVP_CipherFinal_ex 3

lib/libcrypto/man/EVP_add_cipher.3

@@ -1,190 +0,0 @@
-.\" $OpenBSD: EVP_add_cipher.3,v 1.6 2023/08/25 18:39:04 schwarze Exp $
-.\"
-.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: August 25 2023 $
-.Dt EVP_ADD_CIPHER 3
-.Os
-.Sh NAME
-.Nm EVP_add_cipher ,
-.Nm EVP_add_cipher_alias ,
-.Nm EVP_delete_cipher_alias ,
-.Nm EVP_add_digest ,
-.Nm EVP_add_digest_alias ,
-.Nm EVP_delete_digest_alias
-.Nd maintain lookup tables for cipher and digest names
-.Sh SYNOPSIS
-.In openssl/evp.h
-.Ft int
-.Fo EVP_add_cipher
-.Fa "const EVP_CIPHER *cipher"
-.Fc
-.Ft int
-.Fo EVP_add_cipher_alias
-.Fa "const char *name"
-.Fa "const char *alias"
-.Fc
-.Ft int
-.Fo EVP_delete_cipher_alias
-.Fa "const char *alias"
-.Fc
-.Ft int
-.Fo EVP_add_digest
-.Fa "const EVP_MD *md"
-.Fc
-.Ft int
-.Fo EVP_add_digest_alias
-.Fa "const char *name"
-.Fa "const char *alias"
-.Fc
-.Ft int
-.Fo EVP_delete_digest_alias
-.Fa "const char *alias"
-.Fc
-.Sh DESCRIPTION
-.Fn EVP_add_cipher
-adds
-.Fa cipher
-to a global lookup table so that it can be retrieved with
-.Xr EVP_get_cipherbyname 3
-using both its long and short names,
-as determined by the
-.Fa cipher Ns 's
-NID via
-.Xr OBJ_nid2ln 3
-and
-.Xr OBJ_nid2sn 3 .
-It is the caller's responsibility to ensure that the long
-and short names are not
-.Dv NULL .
-Internally, the lookup table is the global associative array and
-.Xr OBJ_NAME_add 3
-is used to add two key-value pairs with value pointer
-.Fa cipher
-and the keys consisting of the names and
-the type
-.Dv OBJ_NAME_TYPE_CIPHER_METH .
-.Pp
-.Fn EVP_add_cipher_alias
-and
-.Fn EVP_delete_cipher_alias
-add and remove the
-.Fa alias
-for the cipher
-.Fa name .
-They are implemented as macros wrapping
-.Xr OBJ_NAME_add 3
-and
-.Xr OBJ_NAME_remove 3
-with
-.Fa type
-set to the bitwise or of
-.Dv OBJ_NAME_TYPE_CIPHER_METH
-and
-.Dv OBJ_NAME_ALIAS .
-.Pp
-.Fn EVP_add_digest
-adds
-.Fa md
-to a global lookup table so that it can be retrieved with
-.Xr EVP_get_digestbyname 3
-using both its long and short names,
-as determined by the
-.Fa md Ns 's
-NID via
-.Xr OBJ_nid2ln 3
-and
-.Xr OBJ_nid2sn 3 .
-If the
-.Fa md
-has an associated public key signing algorithm (see
-.Xr EVP_MD_pkey_type 3 )
-distinct from the
-.Fa md ,
-the signing algorithm's short and long names are added as aliases for
-the short name of
-.Fa md .
-It is the caller's responsibility to ensure that all long
-and short names are not
-.Dv NULL .
-Internally, the lookup table is the global associative array and
-.Xr OBJ_NAME_add 3
-is used to add two key-value pairs with value pointer
-.Fa md
-and the keys consisting of the names and
-the type
-.Dv OBJ_NAME_TYPE_MD_METH .
-The aliases are added with
-.Fn EVP_add_digest_alias .
-.Pp
-.Fn EVP_add_digest_alias
-and
-.Fn EVP_delete_digest_alias
-add and remove the
-.Fa alias
-for the digest
-.Fa name .
-They are implemented as macros wrapping
-.Xr OBJ_NAME_add 3
-and
-.Xr OBJ_NAME_remove 3
-with
-.Fa type
-set to the bitwise or of
-.Dv OBJ_NAME_TYPE_MD_METH
-and
-.Dv OBJ_NAME_ALIAS .
-.Sh RETURN VALUES
-.Fn EVP_add_cipher ,
-.Fn EVP_add_cipher_alias ,
-.Fn EVP_add_digest ,
-and
-.Fn EVP_add_digest_alias
-return 1 on success or 0 if memory allocation fails.
-.Pp
-.Fn EVP_delete_cipher_alias
-and
-.Fn EVP_delete_digest_alias
-return 1 if one alias was removed or 0 otherwise.
-.Sh SEE ALSO
-.Xr evp 3 ,
-.Xr EVP_CIPHER_meth_new 3 ,
-.Xr EVP_get_cipherbyname 3 ,
-.Xr EVP_get_digestbyname 3 ,
-.Xr EVP_MD_meth_new 3 ,
-.Xr OBJ_create 3 ,
-.Xr OBJ_NAME_add 3 ,
-.Xr OpenSSL_add_all_algorithms 3
-.Sh HISTORY
-.Fn EVP_add_cipher
-and
-.Fn EVP_add_digest
-first appeared in OpenSSL 0.9.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn EVP_add_cipher_alias ,
-.Fn EVP_delete_cipher_alias ,
-.Fn EVP_add_digest_alias ,
-and
-.Fn EVP_delete_digest_alias
-first appeared in OpenSSL 0.9.4 and have been available since
-.Ox 2.6 .
-.Sh BUGS
-Key-value pairs already added before an error occurred
-remain in the global associative array,
-leaving it in an unknown state.
-.Pp
-While aliases can be added and removed, there is no dedicated API
-to remove added ciphers or digests.

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.282 2024/03/02 11:04:51 tb Exp $
+# $OpenBSD: Makefile,v 1.283 2024/03/04 19:04:47 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -200,7 +200,6 @@ MAN=	\
 	EVP_SealInit.3 \
 	EVP_SignInit.3 \
 	EVP_VerifyInit.3 \
-	EVP_add_cipher.3 \
 	EVP_aes_128_cbc.3 \
 	EVP_camellia_128_cbc.3 \
 	EVP_chacha20.3 \

lib/libcrypto/man/OPENSSL_sk_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OPENSSL_sk_new.3,v 1.12 2021/03/12 05:18:00 jsg Exp $
+.\" $OpenBSD: OPENSSL_sk_new.3,v 1.13 2024/03/04 09:47:34 tb Exp $
 .\"
 .\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 12 2021 $
+.Dd $Mdocdate: March 4 2024 $
 .Dt OPENSSL_SK_NEW 3
 .Os
 .Sh NAME
@@ -27,7 +27,6 @@
 .Nm sk_num ,
 .Nm sk_value ,
 .Nm sk_find ,
-.Nm sk_find_ex ,
 .Nm sk_sort ,
 .Nm sk_is_sorted ,
 .Nm sk_push ,
@@ -80,11 +79,6 @@
 .Fa "_STACK *stack"
 .Fa "void *wanted"
 .Fc
-.Ft int
-.Fo sk_find_ex
-.Fa "_STACK *stack"
-.Fa "void *wanted"
-.Fc
 .Ft void
 .Fo sk_sort
 .Fa "_STACK *stack"
@@ -245,16 +239,6 @@ first sorted with
 and instead of comparing pointers, two pointers are considered to match
 if the comparison function returns 0.
 .Pp
-.Fn sk_find_ex
-is identical to
-.Fn sk_find
-except that if the
-.Fa stack
-is not empty but no match is found,
-the index of some pointer considered closest to
-.Fa wanted
-is returned.
-.Pp
 .Fn sk_sort
 sorts the
 .Fa stack
@@ -285,9 +269,8 @@ or
 or changing the comparison function sets the state to unsorted.
 If a comparison function is installed, calling
 .Fn sk_sort ,
-.Fn sk_find ,
 or
-.Fn sk_find_ex
+.Fn sk_find
 sets the state to sorted.
 .Pp
 .Fn sk_push
@@ -456,13 +439,6 @@ is a
 .Dv NULL
 pointer or if no match is found.
 .Pp
-.Fn sk_find_ex
-returns some index or \-1 if
-.Fa stack
-is a
-.Dv NULL
-pointer or empty.
-.Pp
 .Fn sk_is_sorted
 returns 1 if the
 .Fa stack
@@ -562,10 +538,6 @@ Both functions have been available since
 .Fn sk_is_sorted
 first appeared in OpenSSL 0.9.7e and has been available since
 .Ox 3.8 .
-.Pp
-.Fn sk_find_ex
-first appeared in OpenSSL 0.9.8 and has been available since
-.Ox 4.5 .
 .Sh BUGS
 Even if a comparison function is installed, empty stacks and
 stacks containing a single pointer are sometimes considered
@@ -575,23 +547,7 @@ If a comparison function is installed, the concept of
 .Dq first match
 in
 .Fn sk_find
-and
-.Fn sk_find_ex
 is ill-defined because
 .Xr qsort 3
 is not a stable sorting function.
 It is probably best to only assume that they return an arbitrary match.
-.Pp
-The concept of
-.Dq closest
-for
-.Fn sk_find_ex
-is even less clearly defined.
-The match may sometimes be smaller and sometimes larger than
-.Fa wanted ,
-even if both smaller and larger pointers exist in the
-.Fa stack .
-Besides, it is again ill-defined
-which of several pointers that compare equal is selected.
-It is probably best to not assume anything about the selection
-for cases where there is no match.

lib/libcrypto/man/OpenSSL_add_all_algorithms.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.15 2023/11/16 20:27:43 schwarze Exp $
+.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.16 2024/03/04 19:04:47 tb Exp $
 .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 16 2023 $
+.Dd $Mdocdate: March 4 2024 $
 .Dt OPENSSL_ADD_ALL_ALGORITHMS 3
 .Os
 .Sh NAME
@@ -124,7 +124,6 @@ and
 are implemented as macros.
 .Sh SEE ALSO
 .Xr evp 3 ,
-.Xr EVP_add_cipher 3 ,
 .Xr EVP_DigestInit 3 ,
 .Xr EVP_EncryptInit 3 ,
 .Xr OBJ_cleanup 3 ,

lib/libcrypto/man/X509_STORE_set1_param.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_set1_param.3,v 1.20 2023/11/16 20:27:43 schwarze Exp $
+.\" $OpenBSD: X509_STORE_set1_param.3,v 1.21 2024/03/04 09:24:07 tb Exp $
 .\" content checked up to:
 .\" OpenSSL man3/X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000
 .\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400
@@ -17,7 +17,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 16 2023 $
+.Dd $Mdocdate: March 4 2024 $
 .Dt X509_STORE_SET1_PARAM 3
 .Os
 .Sh NAME
@@ -29,6 +29,7 @@
 .Nm X509_STORE_add_cert ,
 .Nm X509_STORE_add_crl ,
 .Nm X509_STORE_get0_param ,
+.Nm X509_STORE_get1_objects ,
 .Nm X509_STORE_get0_objects ,
 .Nm X509_STORE_get_ex_new_index ,
 .Nm X509_STORE_set_ex_data ,
@@ -76,6 +77,10 @@
 .Fa "X509_STORE *store"
 .Fc
 .Ft STACK_OF(X509_OBJECT) *
+.Fo X509_STORE_get1_objects
+.Fa "X509_STORE *store"
+.Fc
+.Ft STACK_OF(X509_OBJECT) *
 .Fo X509_STORE_get0_objects
 .Fa "X509_STORE *store"
 .Fc
@@ -181,10 +186,35 @@ or if memory allocation fails.
 .Fn X509_STORE_get0_param
 returns an internal pointer to the verification parameter object
 contained in the
+.Fa store .
+The returned pointer must not be freed by the calling application.
+.Pp
+.Fn X509_STORE_get1_objects
+returns a newly allocated stack containing
+the certificates, revocation lists, and private keys in
 .Fa store ,
+as well as cached objects added by
+.Xr X509_LOOKUP_hash_dir 3 .
+The caller must release the result with
+.Xr sk_pop_free 3
+and
+.Xr X509_OBJECT_free 3
+when done.
+.Pp
 .Fn X509_STORE_get0_objects
-to the stack of certificates, revocation lists, and private keys.
-The returned pointers must not be freed by the calling application.
+is a deprecated function returning an internal pointer to
+the stack of certificates, revocation lists, and private keys contained in
+.Fa store .
+The returned pointer must not be modified or freed by the calling application.
+This function is not thread-safe.
+If
+.Fa store
+is shared across multiple threads, callers cannot safely inspect the result of
+this function, because another thread may have concurrently added to it.
+In particular,
+.Xr X509_LOOKUP_hash_dir 3
+treats this list as a cache and may add to it in the course of certificate
+verification.
 .Pp
 .Fn X509_STORE_get_ex_new_index
 returns a new index or \-1 on failure.
@@ -232,3 +262,7 @@ and
 .Fn X509_STORE_get_ex_data
 first appeared in OpenSSL 1.1.0 and have been available since
 .Ox 6.3 .
+.Pp
+X509_STORE_get1_objects
+first appeared in BoringSSL and has been available since
+.Ox 7.5 .

lib/libcrypto/man/evp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.26 2023/12/01 10:40:21 schwarze Exp $
+.\" $OpenBSD: evp.3,v 1.27 2024/03/04 19:04:47 tb Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 1 2023 $
+.Dd $Mdocdate: March 4 2024 $
 .Dt EVP 3
 .Os
 .Sh NAME
@@ -167,7 +167,6 @@ family of functions provides base64 encoding and decoding.
 .Xr crypto 3 ,
 .Xr d2i_PKCS8PrivateKey_bio 3 ,
 .Xr d2i_PrivateKey 3 ,
-.Xr EVP_add_cipher 3 ,
 .Xr EVP_AEAD_CTX_init 3 ,
 .Xr EVP_aes_128_cbc 3 ,
 .Xr EVP_BytesToKey 3 ,

lib/libcrypto/man/lh_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: lh_new.3,v 1.11 2024/03/02 11:04:51 tb Exp $
+.\" $OpenBSD: lh_new.3,v 1.12 2024/03/04 19:03:31 tb Exp $
 .\" full merge up to:
 .\" OpenSSL doc/crypto/lhash.pod 1bc74519 May 20 08:11:46 2016 -0400
 .\" selective merge up to:
@@ -118,7 +118,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: March 2 2024 $
+.Dd $Mdocdate: March 4 2024 $
 .Dt LH_NEW 3
 .Os
 .Sh NAME
@@ -519,7 +519,7 @@ routine would not normally be passed to
 rather it would be used in the function passed to
 .Fn lh_<type>_new .
 .Sh SEE ALSO
-.Xr crypto 3 ,
+.Xr crypto 3
 .Sh HISTORY
 .Fn lh_new ,
 .Fn lh_free ,