sync with OpenBSD -current

lib/libcrypto/ec/ec_ameth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.63 2024/04/17 14:01:33 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.67 2024/04/18 11:56:53 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -820,35 +820,49 @@ static int
 ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
 {
 	X509_ALGOR *alg, *kekalg = NULL;
+	const ASN1_OBJECT *obj;
+	int nid;
+	const void *parameter;
+	int parameter_type;
 	ASN1_OCTET_STRING *ukm;
 	const unsigned char *p;
 	unsigned char *der = NULL;
 	int plen, keylen;
 	const EVP_CIPHER *kekcipher;
 	EVP_CIPHER_CTX *kekctx;
-	int rv = 0;
+	int ret = 0;
 
 	if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
-		return 0;
+		goto err;
 
-	if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
+	X509_ALGOR_get0(&obj, &parameter_type, &parameter, alg);
+
+	if ((nid = OBJ_obj2nid(obj)) == NID_undef)
+		goto err;
+	if (!ecdh_cms_set_kdf_param(pctx, nid)) {
 		ECerror(EC_R_KDF_PARAMETER_ERROR);
-		return 0;
+		goto err;
 	}
 
-	if (alg->parameter->type != V_ASN1_SEQUENCE)
-		return 0;
+	if (parameter_type != V_ASN1_SEQUENCE)
+		goto err;
+	if ((p = ASN1_STRING_get0_data(parameter)) == NULL)
+		goto err;
+	plen = ASN1_STRING_length(parameter);
+	if ((kekalg = d2i_X509_ALGOR(NULL, &p, plen)) == NULL)
+		goto err;
 
-	p = alg->parameter->value.sequence->data;
-	plen = alg->parameter->value.sequence->length;
-	kekalg = d2i_X509_ALGOR(NULL, &p, plen);
-	if (!kekalg)
+	/*
+	 * XXX - the reaching into kekalg below is ugly, but unfortunately the
+	 * now internal legacy EVP_CIPHER_asn1_to_param() API doesn't interact
+	 * nicely with the X509_ALGOR API.
+	 */
+
+	if ((kekctx = CMS_RecipientInfo_kari_get0_ctx(ri)) == NULL)
 		goto err;
-	kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
-	if (!kekctx)
+	if ((kekcipher = EVP_get_cipherbyobj(kekalg->algorithm)) == NULL)
 		goto err;
-	kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
-	if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+	if (EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
 		goto err;
 	if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
 		goto err;
@@ -859,19 +873,20 @@ ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
 	if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
 		goto err;
 
-	plen = CMS_SharedInfo_encode(&der, kekalg, ukm, keylen);
-	if (plen <= 0)
+	if ((plen = CMS_SharedInfo_encode(&der, kekalg, ukm, keylen)) <= 0)
 		goto err;
 
 	if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, der, plen) <= 0)
 		goto err;
 	der = NULL;
 
-	rv = 1;
+	ret = 1;
+
  err:
 	X509_ALGOR_free(kekalg);
 	free(der);
-	return rv;
+
+	return ret;
 }
 
 static int
@@ -990,7 +1005,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 	 * Package wrap algorithm in an AlgorithmIdentifier.
 	 *
 	 * Incompatibility of X509_ALGOR_set0() with EVP_CIPHER_param_to_asn1()
-	 * makes this really gross.
+	 * makes this really gross. See the XXX in ecdh_cms_set_shared_info().
 	 */
 
 	if ((wrap_alg = X509_ALGOR_new()) == NULL)

lib/libcrypto/man/CMS_add1_signer.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_add1_signer.3,v 1.9 2024/03/29 06:43:12 tb Exp $
+.\" $OpenBSD: CMS_add1_signer.3,v 1.10 2024/04/18 16:50:22 tb Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 29 2024 $
+.Dd $Mdocdate: April 18 2024 $
 .Dt CMS_ADD1_SIGNER 3
 .Os
 .Sh NAME
@@ -196,8 +196,8 @@ By default, issuer name and serial number are used instead.
 If present, the
 .Vt SMIMECapabilities
 attribute indicates support for the
-following algorithms in preference order: 256-bit AES, Gost R3411-94,
-Gost 28147-89, 192-bit AES, 128-bit AES, triple DES, 128-bit RC2, 64-bit
+following algorithms in preference order: 256-bit AES,
+192-bit AES, 128-bit AES, triple DES, 128-bit RC2, 64-bit
 RC2, DES and 40-bit RC2.
 If any of these algorithms is not available then it will not be
 included.

lib/libcrypto/man/CMS_sign.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_sign.3,v 1.10 2024/03/29 06:43:12 tb Exp $
+.\" $OpenBSD: CMS_sign.3,v 1.11 2024/04/18 16:50:22 tb Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 29 2024 $
+.Dd $Mdocdate: April 18 2024 $
 .Dt CMS_SIGN 3
 .Os
 .Sh NAME
@@ -127,8 +127,8 @@ attribute.
 Omit just the
 .Vt SMIMECapabilities .
 If present, the SMIMECapabilities attribute indicates support for the
-following algorithms in preference order: 256-bit AES, Gost R3411-94,
-Gost 28147-89, 192-bit AES, 128-bit AES, triple DES, 128-bit RC2, 64-bit
+following algorithms in preference order: 256-bit AES,
+192-bit AES, 128-bit AES, triple DES, 128-bit RC2, 64-bit
 RC2, DES and 40-bit RC2.
 If any of these algorithms is not available, then it will not be
 included.

lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.8 2024/03/05 19:21:31 tb Exp $
+.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.9 2024/04/18 16:33:33 tb Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 5 2024 $
+.Dd $Mdocdate: April 18 2024 $
 .Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3
 .Os
 .Sh NAME
@@ -98,7 +98,7 @@ is set to
 .Pp
 Support for the following public key algorithms is built into the library:
 .Pp
-.Bl -column -compact EVP_PKEY_base_id(3) NID_id_Gost28147_89_MAC mandatory
+.Bl -column -compact EVP_PKEY_base_id(3) NID_sha256 mandatory
 .It Xr EVP_PKEY_base_id 3 Ta Pf * Fa pnid               Ta return value
 .It Dv EVP_PKEY_DSA       Ta Dv NID_sha1                Ta mandatory
 .It Dv EVP_PKEY_EC        Ta Dv NID_sha1                Ta mandatory

lib/libcrypto/man/EVP_PKEY_set1_RSA.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.22 2024/03/05 19:21:31 tb Exp $
+.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.23 2024/04/18 16:32:22 tb Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 5 2024 $
+.Dd $Mdocdate: April 18 2024 $
 .Dt EVP_PKEY_SET1_RSA 3
 .Os
 .Sh NAME
@@ -293,7 +293,7 @@ returns the type of
 .Fa pkey
 according to the following table:
 .Pp
-.Bl -column -compact -offset 2n EVP_PKEY_GOSTR NID_X9_62_id_ecPublicKey
+.Bl -column -compact -offset 2n EVP_PKEY_RSA_PSS NID_X9_62_id_ecPublicKey
 .It Sy return value      Ta                               Ta Sy PEM type string
 .It Dv EVP_PKEY_CMAC     Ta = Dv NID_cmac                 Ta CMAC
 .It Dv EVP_PKEY_DH       Ta = Dv NID_dhKeyAgreement       Ta DH
@@ -310,7 +310,7 @@ returns the actual OID associated with
 Historically keys using the same algorithm could use different OIDs.
 The following deprecated aliases are still supported:
 .Pp
-.Bl -column -compact -offset 2n EVP_PKEY_GOSTR12_ NID_id_tc26_gost3410_2012_512
+.Bl -column -compact -offset 2n EVP_PKEY_DSA4 NID_dsaWithSHA1_2
 .It Sy return value         Ta                                  Ta Sy alias for
 .It Dv EVP_PKEY_DSA1        Ta = Dv NID_dsa_2                     Ta DSA
 .It Dv EVP_PKEY_DSA2        Ta = Dv NID_dsaWithSHA                Ta DSA