SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sync code with last security fixes and improvements from OpenBSD

Browse source
This commit is contained in:
purplerain 2023-04-30 19:16:28 +00:00
parent 95114fbda2
commit f5f0d5c82b
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
106 changed files with 371 additions and 1162 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +0,0 @@
**/obj
**/tags

4
distrib/alpha/miniroot/Makefile
View file

@ -1,7 +1,7 @@
# $OpenBSD: Makefile,v 1.26 2023/04/28 12:26:43 krw Exp $
# $OpenBSD: Makefile,v 1.27 2023/04/30 22:44:18 krw Exp $
FS= miniroot${OSrev}.img
FSSIZE= 5760
FSSIZE= 6080
FSDISKTYPE= fakeramdisk
CDROM= cd${OSrev}.iso
MOUNT_POINT= /mnt

5
distrib/sets/lists/comp/mi
View file

@ -2019,7 +2019,6 @@
./usr/share/man/man3/PKCS8_pkey_set0.3
./usr/share/man/man3/PKEY_USAGE_PERIOD_new.3
./usr/share/man/man3/POLICYINFO_new.3
./usr/share/man/man3/PROXY_POLICY_new.3
./usr/share/man/man3/RAND_add.3
./usr/share/man/man3/RAND_bytes.3
./usr/share/man/man3/RAND_load_file.3
@ -2253,9 +2252,6 @@
./usr/share/man/man3/X509_load_cert_file.3
./usr/share/man/man3/X509_new.3
./usr/share/man/man3/X509_ocspid_print.3
./usr/share/man/man3/X509_policy_check.3
./usr/share/man/man3/X509_policy_tree_get0_policies.3
./usr/share/man/man3/X509_policy_tree_level_count.3
./usr/share/man/man3/X509_print_ex.3
./usr/share/man/man3/X509_sign.3
./usr/share/man/man3/X509_signature_dump.3
@ -2416,7 +2412,6 @@
./usr/share/man/man3/d2i_PKCS8_PRIV_KEY_INFO.3
./usr/share/man/man3/d2i_PKEY_USAGE_PERIOD.3
./usr/share/man/man3/d2i_POLICYINFO.3
./usr/share/man/man3/d2i_PROXY_POLICY.3
./usr/share/man/man3/d2i_PrivateKey.3
./usr/share/man/man3/d2i_RSAPublicKey.3
./usr/share/man/man3/d2i_SSL_SESSION.3

2
etc/skel/dot.version
View file

@ -1 +1 @@
# SecBSD 1.3-89f0212: Sun Apr 30 00:00:00 UTC 2023 (Quetzalcoatl)
# SecBSD 1.3-5179fdb: Mon May 1 00:00:00 UTC 2023 (Quetzalcoatl)

8
include/arpa/inet.h
View file

@ -5,7 +5,7 @@
* -
* Copyright (c) 1983, 1993
* The Regents of the University of California. All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -17,7 +17,7 @@
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -31,14 +31,14 @@
* SUCH DAMAGE.
* -
* Portions Copyright (c) 1993 by Digital Equipment Corporation.
*
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies, and that
* the name of Digital Equipment Corporation not be used in advertising or
* publicity pertaining to distribution of the document or software without
* specific, written prior permission.
*
*
* THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
* WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT

10
include/arpa/nameser.h
View file

@ -5,7 +5,7 @@
* -
* Copyright (c) 1983, 1989, 1993
* The Regents of the University of California. All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -17,7 +17,7 @@
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -31,14 +31,14 @@
* SUCH DAMAGE.
* -
* Portions Copyright (c) 1993 by Digital Equipment Corporation.
*
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies, and that
* the name of Digital Equipment Corporation not be used in advertising or
* publicity pertaining to distribution of the document or software without
* specific, written prior permission.
*
*
* THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
* WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
@ -231,7 +231,7 @@
#define KEYFLAG_RESERVED_BITMASK ( KEYFLAG_RESERVED3 | \
KEYFLAG_RESERVED4 | \
KEYFLAG_RESERVED10| KEYFLAG_RESERVED11)
KEYFLAG_RESERVED10| KEYFLAG_RESERVED11)
/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
#define ALGORITHM_MD5RSA 1 /* MD5 with RSA */

2
include/bsd_auth.h
View file

@ -80,7 +80,7 @@ void auth_setenv(auth_session_t *);
void auth_clrenv(auth_session_t *);
void auth_setstate(auth_session_t *, int);
int auth_call(auth_session_t *, char *, ...)
int auth_call(auth_session_t *, char *, ...)
__attribute__((__sentinel__));
int auth_setdata(auth_session_t *, void *, size_t);

6
include/complex.h
View file

@ -37,7 +37,7 @@
#define I _Complex_I
__BEGIN_DECLS
/*
/*
* Double versions of C99 functions
*/
double complex cacos(double complex);
@ -63,7 +63,7 @@ double complex conj(double complex);
double complex cproj(double complex);
double creal(double complex);
/*
/*
* Float versions of C99 functions
*/
float complex cacosf(float complex);
@ -89,7 +89,7 @@ float complex conjf(float complex);
float complex cprojf(float complex);
float crealf(float complex);
/*
/*
* Long double versions of C99 functions
*/
long double complex cacosl(long double complex);

2
include/cpio.h
View file

@ -53,7 +53,7 @@
#define C_ISCTG 0110000
#define C_ISLNK 0120000
#define C_ISSOCK 0140000
#define MAGIC "070707"
#endif /* _CPIO_H_ */

6
include/db.h
View file

@ -148,11 +148,11 @@ typedef struct {
unsigned int cachesize; /* bytes to cache */
unsigned int psize; /* page size */
int lorder; /* byte order */
size_t reclen; /* record length
size_t reclen; /* record length
(fixed-length records) */
unsigned char bval; /* delimiting byte
unsigned char bval; /* delimiting byte
(variable-length records) */
char *bfname; /* btree file name */
char *bfname; /* btree file name */
} RECNOINFO;
__BEGIN_DECLS

2
include/dirent.h
View file

@ -47,7 +47,7 @@
#endif
/*
* The kernel defines the format of directory entries returned by
* The kernel defines the format of directory entries returned by
* the getdents(2) system call.
*/
#include <sys/dirent.h>

2
include/getopt.h
View file

@ -72,5 +72,5 @@ extern int optopt;
extern int optreset;
#endif
__END_DECLS
#endif /* !_GETOPT_H_ */

2
include/glob.h
View file

@ -63,7 +63,7 @@ typedef struct {
* and lstat(2).
*/
void (*gl_closedir)(void *);
struct dirent *(*gl_readdir)(void *);
struct dirent *(*gl_readdir)(void *);
void *(*gl_opendir)(const char *);
int (*gl_lstat)(const char *, struct stat *);
int (*gl_stat)(const char *, struct stat *);

2
include/ieeefp.h
View file

@ -1,6 +1,6 @@
/* $OpenBSD: ieeefp.h,v 1.4 2009/09/27 21:23:55 martynas Exp $ */
/*
/*
* Written by J.T. Conklin, Apr 6, 1995
* Public domain.
*/

2
include/iso646.h
View file

@ -1,7 +1,7 @@
/* $OpenBSD: iso646.h,v 1.3 2001/10/11 00:05:21 espie Exp $ */
/* $NetBSD: iso646.h,v 1.1 1995/02/17 09:08:10 jtc Exp $ */
/*
/*
* Written by J.T. Conklin <jtc@wimsey.com> 02/16/95.
* Public domain.
*/

2
include/math.h
View file

@ -5,7 +5,7 @@
*
* Developed at SunPro, a Sun Microsystems, Inc. business.
* Permission to use, copy, modify, and distribute this
* software is freely granted, provided that this notice
* software is freely granted, provided that this notice
* is preserved.
* ====================================================
*/

2
include/netdb.h
View file

@ -210,7 +210,7 @@ struct addrinfo {
char *ai_canonname; /* canonical name for service location (iff req) */
struct addrinfo *ai_next; /* pointer to next in list */
};
#if __BSD_VISIBLE
/*
* Flags for getrrsetbyname()

2
include/poll.h
View file

@ -3,7 +3,7 @@
/*
* Written by Theo de Raadt, Public Domain
*
* Typical poll() implementations expect poll.h to be in /usr/include.
* Typical poll() implementations expect poll.h to be in /usr/include.
* However this is not a convenient place for the real definitions.
*/
#include <sys/poll.h>

4
include/protocols/talkd.h
View file

@ -83,11 +83,11 @@ typedef struct {
typedef struct {
unsigned char vers; /* protocol version */
unsigned char type; /* type of request message, see below */
unsigned char answer; /* response to request message,
unsigned char answer; /* response to request message,
see below */
unsigned char pad;
u_int32_t id_num; /* message id */
struct osockaddr addr; /* address for establishing
struct osockaddr addr; /* address for establishing
conversation */
} CTL_RESPONSE;

8
include/protocols/timed.h
View file

@ -58,14 +58,14 @@ struct tsp {
#define tsp_time tsp_u.tspu_time
#define tsp_hopcnt tsp_u.tspu_hopcnt
/*
* Command types.
*/
#define TSP_ANY 0 /* match any types */
#define TSP_ADJTIME 1 /* send adjtime */
#define TSP_ACK 2 /* generic acknowledgement */
#define TSP_MASTERREQ 3 /* ask for master's name */
#define TSP_MASTERREQ 3 /* ask for master's name */
#define TSP_MASTERACK 4 /* acknowledge master request */
#define TSP_SETTIME 5 /* send network time */
#define TSP_MASTERUP 6 /* inform slaves that master is up */
@ -92,8 +92,8 @@ struct tsp {
#ifdef TSPTYPES
char *tsptype[TSPTYPENUMBER] =
{ "ANY", "ADJTIME", "ACK", "MASTERREQ", "MASTERACK", "SETTIME", "MASTERUP",
"SLAVEUP", "ELECTION", "ACCEPT", "REFUSE", "CONFLICT", "RESOLVE", "QUIT",
{ "ANY", "ADJTIME", "ACK", "MASTERREQ", "MASTERACK", "SETTIME", "MASTERUP",
"SLAVEUP", "ELECTION", "ACCEPT", "REFUSE", "CONFLICT", "RESOLVE", "QUIT",
"DATE", "DATEREQ", "DATEACK", "TRACEON", "TRACEOFF", "MSITE", "MSITEREQ",
"TEST", "SETDATE", "SETDATEREQ", "LOOP" };
#endif

16
include/pthread.h
View file

@ -16,20 +16,20 @@
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Chris Provenzano.
* 4. The name of Chris Provenzano may not be used to endorse or promote
* 4. The name of Chris Provenzano may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY CHRIS PROVENZANO ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL CHRIS PROVENZANO BE LIABLE FOR ANY
* ARE DISCLAIMED. IN NO EVENT SHALL CHRIS PROVENZANO BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD: pthread.h,v 1.13 1999/07/31 08:36:07 rse Exp $
@ -71,7 +71,7 @@
* Flags for read/write lock attributes
*/
#define PTHREAD_PROCESS_PRIVATE 0
#define PTHREAD_PROCESS_SHARED 1
#define PTHREAD_PROCESS_SHARED 1
/*
* Flags for cancelling threads
@ -147,12 +147,12 @@ struct pthread_once {
#define PTHREAD_DONE_INIT 1
/*
* Static once initialization values.
* Static once initialization values.
*/
#define PTHREAD_ONCE_INIT { PTHREAD_NEEDS_INIT, PTHREAD_MUTEX_INITIALIZER }
/*
* Static initialization values.
* Static initialization values.
*/
#define PTHREAD_MUTEX_INITIALIZER NULL
#define PTHREAD_COND_INITIALIZER NULL

22
include/resolv.h
View file

@ -3,7 +3,7 @@
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -15,7 +15,7 @@
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -34,7 +34,7 @@
* -
* Copyright (c) 1983, 1987, 1989, 1993
* The Regents of the University of California. All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -46,7 +46,7 @@
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -60,14 +60,14 @@
* SUCH DAMAGE.
* -
* Portions Copyright (c) 1993 by Digital Equipment Corporation.
*
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies, and that
* the name of Digital Equipment Corporation not be used in advertising or
* publicity pertaining to distribution of the document or software without
* specific, written prior permission.
*
*
* THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
* WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
@ -282,7 +282,7 @@ int res_dnok(const char *);
const char * sym_ntos(const struct res_sym *, int, int *);
int b64_ntop(unsigned char const *, size_t, char *, size_t);
int b64_pton(char const *, unsigned char *, size_t);
int dn_skipname(const unsigned char *,
int dn_skipname(const unsigned char *,
const unsigned char *);
void putlong(u_int32_t, unsigned char *);
void putshort(u_int16_t, unsigned char *);
@ -290,7 +290,7 @@ const char * p_class(int);
const char * p_type(int);
int dn_comp(const char *, unsigned char *, int,
unsigned char **, unsigned char **);
int dn_expand(const unsigned char *, const unsigned char *,
int dn_expand(const unsigned char *, const unsigned char *,
const unsigned char *, char *, int);
int res_init(void);
unsigned int res_randomid(void);
@ -301,12 +301,12 @@ int res_search(const char *, int, int, unsigned char *, int)
int res_querydomain(const char *, const char *, int, int,
unsigned char *, int)
__attribute__((__bounded__(__string__,5,6)));
int res_mkquery(int, const char *, int, int,
const unsigned char *, int, const unsigned char *,
int res_mkquery(int, const char *, int, int,
const unsigned char *, int, const unsigned char *,
unsigned char *, int)
__attribute__((__bounded__(__string__,5,6)))
__attribute__((__bounded__(__string__,8,9)));
int res_send(const unsigned char *, int, unsigned char *,
int res_send(const unsigned char *, int, unsigned char *,
int)
__attribute__((__bounded__(__string__,3,4)));
__END_DECLS

2
include/search.h
View file

@ -49,7 +49,7 @@ void *tdelete(const void * __restrict, void ** __restrict,
int (*)(const void *, const void *));
void *tfind(const void *, void * const *,
int (*)(const void *, const void *));
void *tsearch(const void *, void **,
void *tsearch(const void *, void **,
int (*)(const void *, const void *));
void twalk(const void *, void (*)(const void *, VISIT, int));
__END_DECLS

4
include/sha2.h
View file

@ -3,7 +3,7 @@
/*
* FILE: sha2.h
* AUTHOR: Aaron D. Gifford <me@aarongifford.com>
*
*
* Copyright (c) 2000-2001, Aaron D. Gifford
* All rights reserved.
*
@ -18,7 +18,7 @@
* 3. Neither the name of the copyright holder nor the names of contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

2
include/stdbool.h
View file

@ -6,7 +6,7 @@
*/
#ifndef _STDBOOL_H_
#define _STDBOOL_H_
#define _STDBOOL_H_
#ifndef __cplusplus

2
include/stdio.h
View file

@ -384,7 +384,7 @@ int __swbuf(int, FILE *);
__END_DECLS
/*
* The __sfoo macros are here so that we can
* The __sfoo macros are here so that we can
* define function versions in the C library.
*/
#define __sgetc(p) (--(p)->_r < 0 ? __srget(p) : (int)(*(p)->_p++))

2
include/string.h
View file

@ -132,7 +132,7 @@ void strmode(int, char *);
char *strsep(char **, const char *);
int timingsafe_bcmp(const void *, const void *, size_t);
int timingsafe_memcmp(const void *, const void *, size_t);
#endif
#endif
__END_DECLS
#endif /* _STRING_H_ */

4
include/unistd.h
View file

@ -329,10 +329,10 @@ int chown(const char *, uid_t, gid_t);
int close(int);
int dup(int);
int dup2(int, int);
int execl(const char *, const char *, ...)
int execl(const char *, const char *, ...)
__attribute__((__sentinel__));
int execle(const char *, const char *, ...);
int execlp(const char *, const char *, ...)
int execlp(const char *, const char *, ...)
__attribute__((__sentinel__));
int execv(const char *, char *const *);
int execve(const char *, char *const *, char *const *);

4
lib/check_sym
View file

@ -233,7 +233,7 @@ fi
# relative paths), chdir into our work directory, whatever it is
cd $odir
jump_slots() {
jump_slots() {
case $cpu in
hppa) awk '/IPLT/ && $5 != ""{print $5}' r$1
;;
@ -260,7 +260,7 @@ dynamic_sym() {
{print $4, $5, $6, $8}' s$1 | sort -o d$1
}
static_sym() {
static_sym() {
awk '/^Symbol table ..symtab/{s=1}
/LOCAL/{next}
s&&/^ *[1-9]/{print $4, $5, $6, $8}' s$1 | sort -o S$1

2
lib/csu/Makefile
View file

@ -35,7 +35,7 @@ RCFLAGS=-DRCRT0
# amd64 can access the stack protector before relocation has occurred.
# Other archs aren't so lucky
.if ${MACHINE_ARCH} != "amd64"
RCFLAGS+=-fno-stack-protector
RCFLAGS+=-fno-stack-protector
.endif
# Prevent use of builtins in _dl_boot_bind().

2
lib/csu/aarch64/md_init.h
View file

@ -3,7 +3,7 @@
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:

2
lib/csu/alpha/md_init.h
View file

@ -2,7 +2,7 @@
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:

2
lib/csu/amd64/md_init.h
View file

@ -3,7 +3,7 @@
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:

2
lib/csu/arm/md_init.h
View file

@ -3,7 +3,7 @@
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:

2
lib/csu/crtbeginS.c
View file

@ -166,7 +166,7 @@ _do_fini(void)
__cxa_finalize(__dso_handle);
/*
* since the _init() function sets up the destructors to
* since the _init() function sets up the destructors to
* be called by atexit, do not call the destructors here.
*/
__dtors();

2
lib/csu/hppa/md_init.h
View file

@ -22,7 +22,7 @@
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
*/
/*
* hppa overrides these because it has different label syntax

2
lib/csu/i386/md_init.h
View file

@ -3,7 +3,7 @@
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:

2
lib/csu/mips64/md_init.h
View file

@ -4,7 +4,7 @@
* Copyright (c) 2001 Ross Harvey
* Copyright (c) 2001 Simon Burge
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:

2
lib/csu/powerpc/md_init.h
View file

@ -3,7 +3,7 @@
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:

2
lib/csu/sh/md_init.h
View file

@ -4,7 +4,7 @@
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:

2
lib/csu/sparc64/md_init.h
View file

@ -3,7 +3,7 @@
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:

11
lib/libcrypto/asn1/tasn_dec.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tasn_dec.c,v 1.85 2023/04/28 17:59:53 job Exp $ */
/* $OpenBSD: tasn_dec.c,v 1.86 2023/04/30 16:46:49 job Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@ -736,7 +736,7 @@ static int
asn1_item_d2i_sequence(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
int tag_number, int tag_class, int optional, int depth)
{
CBS cbs_seq, cbs_seq_content;
CBS cbs_seq, cbs_seq_content, cbs_object;
int constructed, indefinite, optional_field;
const ASN1_TEMPLATE *errat = NULL;
const ASN1_TEMPLATE *seqat, *at;
@ -878,9 +878,14 @@ asn1_item_d2i_sequence(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
ASN1_template_free(pseqval, seqat);
}
if (!CBS_skip(cbs, CBS_offset(&cbs_seq)))
if (!CBS_get_bytes(cbs, &cbs_object, CBS_offset(&cbs_seq)))
goto err;
if (!asn1_enc_save(&aseq, &cbs_object, it)) {
ASN1error(ERR_R_MALLOC_FAILURE);
goto err;
}
if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_POST, &aseq, it, NULL)) {
ASN1error(ASN1_R_AUX_ERROR);
goto err;

10
lib/libcrypto/asn1/tasn_enc.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tasn_enc.c,v 1.30 2023/04/28 17:59:53 job Exp $ */
/* $OpenBSD: tasn_enc.c,v 1.31 2023/04/30 16:46:49 job Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@ -210,6 +210,14 @@ ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
/* fall through */
case ASN1_ITYPE_SEQUENCE:
i = asn1_enc_restore(&seqcontlen, out, pval, it);
/* An error occurred */
if (i < 0)
return 0;
/* We have a valid cached encoding... */
if (i > 0)
return seqcontlen;
/* Otherwise carry on */
seqcontlen = 0;
/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
if (tag == -1) {

16
lib/libcrypto/bio/bio.h
View file

@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@ -139,7 +139,7 @@ extern "C" {
#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */
#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally
* connected socket to be
* passed in */
* passed in */
#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */
#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */
#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */
@ -232,7 +232,7 @@ void BIO_clear_flags(BIO *b, int flags);
/* The next three are used in conjunction with the
* BIO_should_io_special() condition. After this returns true,
* BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO
* BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO
* stack and return the 'reason' for the special and the offending BIO.
* Given a BIO, BIO_get_retry_reason(bio) will return the code. */
/* Returned from the SSL bio when the certificate retrieval code had an error */

12
lib/libcrypto/bio/bss_acpt.c
View file

@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence

8
lib/libcrypto/bn/bn_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: bn_lib.c,v 1.85 2023/04/25 19:57:59 tb Exp $ */
/* $OpenBSD: bn_lib.c,v 1.86 2023/04/30 19:15:48 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -601,12 +601,6 @@ BN_zero(BIGNUM *a)
a->top = 0;
}
void
BN_zero_ex(BIGNUM *a)
{
BN_zero(a);
}
int
BN_one(BIGNUM *a)
{

4
lib/libcrypto/bn/bn_mont.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: bn_mont.c,v 1.58 2023/04/25 17:20:24 tb Exp $ */
/* $OpenBSD: bn_mont.c,v 1.59 2023/04/30 05:21:20 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -351,7 +351,7 @@ bn_montgomery_multiply_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *b
/* Compute new t[0] * n0, as we need it inside the loop. */
w = (a0 * b + tp[0]) * n0;
for (j = 0; j < n_len; j++) {
bn_mulw_addw_addw(ap[j], b, tp[j], carry_a, &carry_a, &x);
bn_mulw_addw_addw(np[j], w, x, carry_n, &carry_n, &tp[j]);

4
lib/libcrypto/crypto.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: crypto.h,v 1.59 2023/04/28 21:40:14 tb Exp $ */
/* $OpenBSD: crypto.h,v 1.60 2023/04/30 17:07:46 tb Exp $ */
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
@ -488,7 +488,7 @@ typedef int *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
int CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
/* die if we have to */
__dead void OpenSSLDie(const char *file, int line, const char *assertion);
void OpenSSLDie(const char *file, int line, const char *assertion);
#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
uint64_t OPENSSL_cpu_caps(void);

10
lib/libcrypto/hidden/openssl/x509v3.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509v3.h,v 1.3 2023/04/26 20:43:32 tb Exp $ */
/* $OpenBSD: x509v3.h,v 1.4 2023/04/30 19:31:05 tb Exp $ */
/*
* Copyright (c) 2022 Bob Beck <beck@openbsd.org>
*
@ -21,14 +21,6 @@
#include_next <openssl/x509v3.h>
#include "crypto_namespace.h"
LCRYPTO_USED(PROXY_POLICY_new);
LCRYPTO_USED(PROXY_POLICY_free);
LCRYPTO_USED(d2i_PROXY_POLICY);
LCRYPTO_USED(i2d_PROXY_POLICY);
LCRYPTO_USED(PROXY_CERT_INFO_EXTENSION_new);
LCRYPTO_USED(PROXY_CERT_INFO_EXTENSION_free);
LCRYPTO_USED(d2i_PROXY_CERT_INFO_EXTENSION);
LCRYPTO_USED(i2d_PROXY_CERT_INFO_EXTENSION);
LCRYPTO_USED(BASIC_CONSTRAINTS_new);
LCRYPTO_USED(BASIC_CONSTRAINTS_free);
LCRYPTO_USED(d2i_BASIC_CONSTRAINTS);

9
lib/libcrypto/man/BIO_accept.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: BIO_accept.3,v 1.1 2022/12/22 21:05:48 schwarze Exp $
.\" $OpenBSD: BIO_accept.3,v 1.2 2023/04/30 13:38:48 schwarze Exp $
.\"
.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 22 2022 $
.Dd $Mdocdate: April 30 2023 $
.Dt BIO_ACCEPT 3
.Os
.Sh NAME
@ -32,6 +32,11 @@
.Nm BIO_set_tcp_ndelay
.\" deprecated in OpenSSL and unused anywhere, hence intentionally undocumented
.\" .Nm BIO_gethostbyname
.\" .Nm BIO_GHBN_CTRL_CACHE_SIZE
.\" .Nm BIO_GHBN_CTRL_FLUSH
.\" .Nm BIO_GHBN_CTRL_GET_ENTRY
.\" .Nm BIO_GHBN_CTRL_HITS
.\" .Nm BIO_GHBN_CTRL_MISSES
.\" .Nm BIO_socket_ioctl
.\" does almost nothing and used very rarely, hence intentionally undocumented
.\" .Nm BIO_sock_init

38
lib/libcrypto/man/BIO_s_connect.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: BIO_s_connect.3,v 1.18 2023/04/29 13:06:10 schwarze Exp $
.\" $OpenBSD: BIO_s_connect.3,v 1.19 2023/04/30 13:53:54 schwarze Exp $
.\" full merge up to: OpenSSL 0e474b8b Nov 1 15:45:49 2015 +0100
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 29 2023 $
.Dd $Mdocdate: April 30 2023 $
.Dt BIO_S_CONNECT 3
.Os
.Sh NAME
@ -212,6 +212,40 @@ Usually, \-1 is used to indicate failure and return values less than
or equal to zero abort the operation in question, whereas positive
values indicate success and allow the operation to proceed.
.Pp
The
.Fa state
constants passed to the callback are named according to
which operation needs to be performed next.
They are listed here in the order the states are passed through:
.Pp
.Bl -tag -width BIO_CONN_S_BLOCKED_CONNECT -offset 3n -compact
.It Dv BIO_CONN_S_BEFORE
The BIO is idle and no connection has been initiated yet.
.It Dv BIO_CONN_S_GET_IP
The hostname to connect to needs to be converted to an IP address.
.It Dv BIO_CONN_S_GET_PORT
The service name to connect to needs to be converted to a TCP port number.
.It Dv BIO_CONN_S_CREATE_SOCKET
The TCP socket needs to be created with the
.Xr socket 2
system call.
.It Dv BIO_CONN_S_NBIO
Socket options may need to be set using
.Xr fcntl 2
and
.Xr setsockopt 2 .
.It Dv BIO_CONN_S_CONNECT
The connection needs to be initiated with the
.Xr connect 2
system call.
.It Dv BIO_CONN_S_BLOCKED_CONNECT
The
.Xr connect 2
system call would have blocked and needs to be tried again.
.It Dv BIO_CONN_S_OK
The connection has been established and can now be used to transfer data.
.El
.Pp
.Fn BIO_set_conn_hostname
uses the string
.Fa name

13
lib/libcrypto/man/BIO_set_callback.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: BIO_set_callback.3,v 1.11 2023/04/07 14:47:37 schwarze Exp $
.\" $OpenBSD: BIO_set_callback.3,v 1.12 2023/04/30 13:57:29 schwarze Exp $
.\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 7 2023 $
.Dd $Mdocdate: April 30 2023 $
.Dt BIO_SET_CALLBACK 3
.Os
.Sh NAME
@ -190,7 +190,14 @@ The arguments of the callback functions are as follows:
.It Fa b
The BIO the callback is attached to.
.It Fa oper
The operation being performed.
The operation being performed, which is one of
.Dv BIO_CB_CTRL ,
.Dv BIO_CB_FREE ,
.Dv BIO_CB_GETS ,
.Dv BIO_CB_PUTS ,
.Dv BIO_CB_READ ,
or
.Dv BIO_CB_WRITE .
For some operations, the callback is called twice,
once before and once after the actual operation.
The latter case has

71
lib/libcrypto/man/BIO_should_retry.3
View file

@ -1,8 +1,25 @@
.\" $OpenBSD: BIO_should_retry.3,v 1.10 2022/11/27 19:11:11 schwarze Exp $
.\" $OpenBSD: BIO_should_retry.3,v 1.11 2023/04/30 14:03:47 schwarze Exp $
.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\" selective merge up to: OpenSSL 57fd5170 May 13 11:24:11 2018 +0200
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2010, 2016 The OpenSSL Project. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@ -49,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 27 2022 $
.Dd $Mdocdate: April 30 2023 $
.Dt BIO_SHOULD_RETRY 3
.Os
.Sh NAME
@ -140,18 +157,50 @@ Current BIO types only set one of the flags at a time.
.Pp
.Fn BIO_get_retry_BIO
determines the precise reason for the special condition.
It returns the BIO that caused this condition and if
It walks the BIO chain starting at
.Fa bio
and returns the BIO that caused this condition.
If there is no special condition,
.Fa bio
itself is returned.
If
.Fa reason
is not
is not a
.Dv NULL
it contains the reason code.
The meaning of the reason code and the action that should be taken
depends on the type of BIO that resulted in this condition.
pointer,
.Pf * Fa reason
is set to one of the following reason codes:
.Bl -tag -width 1n -offset 3n
.It 0
There is no special condition.
.It Dv BIO_RR_ACCEPT
.Xr accept 2
would have blocked.
This can occur for BIOs created from
.Xr BIO_s_accept 3
or
.Xr BIO_f_ssl 3 .
.It Dv BIO_RR_CONNECT
.Xr connect 2
would have blocked.
This can occur for BIOs created from
.Xr BIO_s_connect 3
or
.Xr BIO_f_ssl 3 .
.It Dv BIO_RR_SSL_X509_LOOKUP
An application callback set by
.Xr SSL_CTX_set_client_cert_cb 3
has asked to be called again.
This can occur for BIOs created from
.Xr BIO_f_ssl 3 .
.El
.Pp
.Fn BIO_get_retry_reason
returns the reason for a special condition
if passed the relevant BIO, for example as returned by
.Fn BIO_get_retry_BIO .
returns one of the above reason codes for a special condition that occurred in
.Fa bio .
It does not walk the chain and returns 0 if no special condition occurred in
.Fa bio
itself.
.Pp
.Fn BIO_set_retry_reason
sets the retry reason for a special condition for the given

91
lib/libcrypto/man/BN_generate_prime.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: BN_generate_prime.3,v 1.20 2022/11/24 19:06:38 schwarze Exp $
.\" $OpenBSD: BN_generate_prime.3,v 1.22 2023/04/30 20:17:59 tb Exp $
.\" full merge up to: OpenSSL f987a4dd Jun 27 10:12:08 2019 +0200
.\"
.\" This file is a derived work.
@ -67,7 +67,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 24 2022 $
.Dd $Mdocdate: April 30 2023 $
.Dt BN_GENERATE_PRIME 3
.Os
.Sh NAME
@ -79,10 +79,7 @@
.Nm BN_GENCB_free ,
.Nm BN_GENCB_set ,
.Nm BN_GENCB_get_arg ,
.Nm BN_GENCB_set_old ,
.Nm BN_generate_prime ,
.Nm BN_is_prime ,
.Nm BN_is_prime_fasttest
.Nm BN_GENCB_set_old
.\" Nm BN_prime_checks_for_size is intentionally undocumented
.\" because it is no longer used by LibreSSL.
.Nd generate primes and test for primality
@ -143,33 +140,6 @@ Deprecated:
.Fa "void (*cb_fp)(int, int, void *)"
.Fa "void *cb_arg"
.Fc
.Ft BIGNUM *
.Fo BN_generate_prime
.Fa "BIGNUM *ret"
.Fa "int num"
.Fa "int safe"
.Fa "BIGNUM *modulus"
.Fa "BIGNUM *remainder"
.Fa "void (*cb_fp)(int, int, void *)"
.Fa "void *cb_arg"
.Fc
.Ft int
.Fo BN_is_prime
.Fa "const BIGNUM *a"
.Fa "int checks"
.Fa "void (*cb_fp)(int, int, void *)"
.Fa "BN_CTX *ctx"
.Fa "void *cb_arg"
.Fc
.Ft int
.Fo BN_is_prime_fasttest
.Fa "const BIGNUM *a"
.Fa "int checks"
.Fa "void (*cb_fp)(int, int, void *)"
.Fa "BN_CTX *ctx"
.Fa "void *cb_arg"
.Fa "int do_trial_division"
.Fc
.Sh DESCRIPTION
.Fn BN_is_prime_ex
and
@ -325,36 +295,10 @@ to use the old-style callback function pointer
.Fa cb_fp
and the additional callback argument
.Fa cb_arg .
.Pp
.Fn BN_generate_prime
is a deprecated wrapper around
.Fn BN_GENCB_set_old
and
.Fn BN_generate_prime_ex .
In contrast to
.Fn BN_generate_prime_ex ,
if
.Dv NULL
is passed for the
.Fa ret
argument, a new
.Vt BIGNUM
object is allocated and returned.
.Pp
Similarly,
.Fn BN_is_prime
and
.Fn BN_is_prime_fasttest
are deprecated wrappers around
.Fn BN_GENCB_set_old
and
.Fn BN_is_prime_ex .
.Sh RETURN VALUES
.Fn BN_is_prime_ex ,
.Fn BN_is_prime_fasttest_ex ,
.Fn BN_is_prime ,
.Fn BN_is_prime_ex
and
.Fn BN_is_prime_fasttest
.Fn BN_is_prime_fasttest_ex
return 0 if the number is composite, 1 if it is prime with a very small
error probability, or \-1 on error.
.Pp
@ -390,11 +334,6 @@ using
or
.Fn BN_GENCB_set_old .
.Pp
.Fn BN_generate_prime
returns the prime number on success or
.Dv NULL
on failure.
.Pp
In some cases, error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
@ -403,26 +342,6 @@ In some cases, error codes can be obtained by
.Xr DSA_generate_parameters 3 ,
.Xr RSA_generate_key 3
.Sh HISTORY
.Fn BN_generate_prime
and
.Fn BN_is_prime
first appeared in SSLeay 0.5.1 and had their
.Fa cb_arg
argument added in SSLeay 0.9.0.
These two functions have been available since
.Ox 2.4 .
.Pp
The
.Fa ret
argument to
.Fn BN_generate_prime
was added in SSLeay 0.9.1 and
.Ox 2.6 .
.Pp
.Fn BN_is_prime_fasttest
first appeared in OpenSSL 0.9.5 and has been available since
.Ox 2.7 .
.Pp
.Fn BN_generate_prime_ex ,
.Fn BN_is_prime_ex ,
.Fn BN_is_prime_fasttest_ex ,

25
lib/libcrypto/man/BN_zero.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: BN_zero.3,v 1.12 2022/11/22 19:02:07 schwarze Exp $
.\" $OpenBSD: BN_zero.3,v 1.13 2023/04/30 19:23:54 tb Exp $
.\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
.\" selective merge up to: OpenSSL b713c4ff Jan 22 14:41:09 2018 -0500
.\"
@ -67,11 +67,10 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 22 2022 $
.Dd $Mdocdate: April 30 2023 $
.Dt BN_ZERO 3
.Os
.Sh NAME
.Nm BN_zero_ex ,
.Nm BN_zero ,
.Nm BN_one ,
.Nm BN_value_one ,
@ -80,10 +79,6 @@
.Nd BIGNUM assignment operations
.Sh SYNOPSIS
.In openssl/bn.h
.Ft void
.Fo BN_zero_ex
.Fa "BIGNUM *a"
.Fc
.Ft int
.Fo BN_zero
.Fa "BIGNUM *a"
@ -117,7 +112,7 @@ platforms and
.Vt unsigned int Pq = Vt uint32_t
elsewhere.
.Pp
.Fn BN_zero_ex ,
.Fn BN_zero ,
.Fn BN_one ,
and
.Fn BN_set_word
@ -126,16 +121,6 @@ set
to the values 0, 1 and
.Fa w
respectively.
.Fn BN_zero
is a deprecated version of
.Fn BN_zero_ex
that may attempt to allocate memory; consequently, and in contrast to
.Fn BN_zero_ex ,
it may fail.
.Fn BN_zero
and
.Fn BN_one
are macros.
.Pp
.Fn BN_value_one
returns a
@ -174,10 +159,6 @@ first appeared in SSLeay 0.5.1.
first appeared in SSLeay 0.6.0.
These functions have been available since
.Ox 2.4 .
.Pp
.Fn BN_zero_ex
first appeared in OpenSSL 0.9.8 and has been available since
.Ox 4.5 .
.Sh BUGS
Someone might change the constant.
.Pp

7
lib/libcrypto/man/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.248 2023/04/27 09:43:55 tb Exp $
# $OpenBSD: Makefile,v 1.250 2023/04/30 19:40:23 tb Exp $
.include <bsd.own.mk>
@ -265,7 +265,6 @@ MAN= \
PKCS8_pkey_set0.3 \
PKEY_USAGE_PERIOD_new.3 \
POLICYINFO_new.3 \
PROXY_POLICY_new.3 \
RAND_add.3 \
RAND_bytes.3 \
RAND_load_file.3 \
@ -377,9 +376,6 @@ MAN= \
X509_load_cert_file.3 \
X509_new.3 \
X509_ocspid_print.3 \
X509_policy_check.3 \
X509_policy_tree_get0_policies.3 \
X509_policy_tree_level_count.3 \
X509_print_ex.3 \
X509_sign.3 \
X509_signature_dump.3 \
@ -410,7 +406,6 @@ MAN= \
d2i_PKCS8_PRIV_KEY_INFO.3 \
d2i_PKEY_USAGE_PERIOD.3 \
d2i_POLICYINFO.3 \
d2i_PROXY_POLICY.3 \
d2i_PrivateKey.3 \
d2i_RSAPublicKey.3 \
d2i_TS_REQ.3 \

97
lib/libcrypto/man/PROXY_POLICY_new.3
View file

@ -1,97 +0,0 @@
.\" $OpenBSD: PROXY_POLICY_new.3,v 1.6 2021/10/27 11:24:47 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: October 27 2021 $
.Dt PROXY_POLICY_NEW 3
.Os
.Sh NAME
.Nm PROXY_POLICY_new ,
.Nm PROXY_POLICY_free ,
.Nm PROXY_CERT_INFO_EXTENSION_new ,
.Nm PROXY_CERT_INFO_EXTENSION_free
.Nd X.509 proxy certificate extension
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft PROXY_POLICY *
.Fn PROXY_POLICY_new void
.Ft void
.Fn PROXY_POLICY_free "PROXY_POLICY *pp"
.Ft PROXY_CERT_INFO_EXTENSION *
.Fn PROXY_CERT_INFO_EXTENSION_new void
.Ft void
.Fn PROXY_CERT_INFO_EXTENSION_free "PROXY_CERT_INFO_EXTENSION *pcie"
.Sh DESCRIPTION
If a given non-CA certificate grants any privileges, using that
certificate to issue a proxy certificate and handing that proxy
certificate over to another person, organization, or service allows
the bearer of the proxy certificate to exercise some or all of the
privileges on behalf of the subject of the original certificate.
.Pp
.Fn PROXY_POLICY_new
allocates and initializes an empty
.Vt PROXY_POLICY
object, representing an ASN.1
.Vt ProxyPolicy
structure defined in RFC 3820 section 3.8.
It defines which privileges are to be delegated.
.Fn PROXY_POLICY_free
frees
.Fa pp .
.Pp
.Fn PROXY_CERT_INFO_EXTENSION_new
allocates and initializes an empty
.Vt PROXY_CERT_INFO_EXTENSION
object, representing an ASN.1
.Vt ProxyCertInfo
structure defined in RFC 3820 section 3.8.
It can contain a
.Vt PROXY_POLICY
object, and it can additionally restrict the maximum depth of the
path of proxy certificates that can be signed by this proxy
certificate.
.Fn PROXY_CERT_INFO_EXTENSION_free
frees
.Fa pcie .
.Pp
If a non-CA certificate contains a
.Vt PROXY_CERT_INFO_EXTENSION ,
it is a proxy certificate; otherwise, it is an end entity certificate.
.Sh RETURN VALUES
.Fn PROXY_POLICY_new
and
.Fn PROXY_CERT_INFO_EXTENSION_new
return the new
.Vt PROXY_POLICY
or
.Vt PROXY_CERT_INFO_EXTENSION
object, respectively, or
.Dv NULL
if an error occurs.
.Sh SEE ALSO
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr d2i_PROXY_POLICY 3 ,
.Xr EXTENDED_KEY_USAGE_new 3 ,
.Xr POLICYINFO_new 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_get_extension_flags 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy
Certificate Profile
.Sh HISTORY
These functions first appeared in OpenSSL 0.9.7g
and have been available since
.Ox 3.8 .

5
lib/libcrypto/man/X509_EXTENSION_set_object.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.16 2023/04/25 18:48:32 tb Exp $
.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.17 2023/04/30 19:40:23 tb Exp $
.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 25 2023 $
.Dd $Mdocdate: April 30 2023 $
.Dt X509_EXTENSION_SET_OBJECT 3
.Os
.Sh NAME
@ -291,7 +291,6 @@ pointer.
.Xr OCSP_SERVICELOC_new 3 ,
.Xr PKEY_USAGE_PERIOD_new 3 ,
.Xr POLICYINFO_new 3 ,
.Xr PROXY_POLICY_new 3 ,
.Xr TS_REQ_new 3 ,
.Xr X509_check_ca 3 ,
.Xr X509_check_host 3 ,

40
lib/libcrypto/man/X509_STORE_CTX_get_error.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.26 2023/04/21 06:45:56 tb Exp $
.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.27 2023/04/30 14:49:47 tb Exp $
.\" full merge up to:
.\" OpenSSL man3/X509_STORE_CTX_get_error 24a535ea Sep 22 13:14:20 2020 +0100
.\" OpenSSL man3/X509_STORE_CTX_new 24a535ea Sep 22 13:14:20 2020 +0100
@ -68,7 +68,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 21 2023 $
.Dd $Mdocdate: April 30 2023 $
.Dt X509_STORE_CTX_GET_ERROR 3
.Os
.Sh NAME
@ -86,8 +86,6 @@
.Nm X509_STORE_CTX_get_chain ,
.Nm X509_STORE_CTX_get1_chain ,
.Nm X509_STORE_CTX_set0_verified_chain ,
.Nm X509_STORE_CTX_get0_policy_tree ,
.Nm X509_STORE_CTX_get_explicit_policy ,
.Nm X509_verify_cert_error_string
.Nd get or set certificate verification status information
.Sh SYNOPSIS
@ -152,14 +150,6 @@
.Fa "X509_STORE_CTX *ctx"
.Fa "STACK_OF(X509) *chain"
.Fc
.Ft X509_POLICY_TREE *
.Fo X509_STORE_CTX_get0_policy_tree
.Fa "X509_STORE_CTX *ctx"
.Fc
.Ft int
.Fo X509_STORE_CTX_get_explicit_policy
.Fa "X509_STORE_CTX *ctx"
.Fc
.In openssl/x509.h
.Ft const char *
.Fo X509_verify_cert_error_string
@ -337,24 +327,6 @@ return a pointer to a stack of certificates or
.Dv NULL
if an error occurs.
.Pp
.Fn X509_STORE_CTX_get0_policy_tree
returns an internal pointer to the
.Fa valid_policy_tree
created by
.Xr X509_policy_check 3
or
.Dv NULL
if validation failed or the resulting tree was empty.
.Pp
.Fn X509_STORE_CTX_get_explicit_policy
returns the
.Pf * Fa pexplicit_policy
output argument of
.Xr X509_policy_check 3 .
If validation succeeded, it is 1 if
.Dv X509_V_FLAG_EXPLICIT_POLICY
was requested or 0 otherwise.
.Pp
.Fn X509_verify_cert_error_string
returns a human readable error string for verification error
.Fa n .
@ -576,8 +548,6 @@ This will never be returned unless explicitly set by an application.
.\" No CA signature digest algorithm too weak
.El
.Sh SEE ALSO
.Xr X509_policy_check 3 ,
.Xr X509_policy_tree_level_count 3 ,
.Xr X509_STORE_CTX_new 3 ,
.Xr X509_STORE_CTX_set_verify 3 ,
.Xr X509_STORE_CTX_set_verify_cb 3 ,
@ -599,12 +569,6 @@ first appeared in SSLeay 0.8.0 and have been available since
first appeared in OpenSSL 0.9.5 and has been available since
.Ox 2.7 .
.Pp
.Fn X509_STORE_CTX_get0_policy_tree
and
.Fn X509_STORE_CTX_get_explicit_policy
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .
.Pp
.Fn X509_STORE_CTX_get0_current_issuer ,
.Fn X509_STORE_CTX_get0_current_crl ,
and

10
lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.27 2022/12/01 05:33:55 tb Exp $
.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.29 2023/04/30 19:40:23 tb Exp $
.\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\"
@ -68,7 +68,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 1 2022 $
.Dd $Mdocdate: April 30 2023 $
.Dt X509_VERIFY_PARAM_SET_FLAGS 3
.Os
.Sh NAME
@ -540,7 +540,9 @@ flag disables workarounds for some broken certificates and makes the
verification strictly apply X509 rules.
.Pp
.Dv X509_V_FLAG_ALLOW_PROXY_CERTS
enables proxy certificate verification.
deprecated flag that used to
enable proxy certificate verification.
In LibreSSL, this flag has no effect.
.Pp
.Dv X509_V_FLAG_POLICY_CHECK
enables certificate policy checking; by default no policy checking is
@ -566,8 +568,6 @@ If
.Dv X509_V_FLAG_NOTIFY_POLICY
is set and policy checking is successful, a special status code is
sent to the verification callback.
This permits it to examine the valid policy tree and perform additional
checks or simply log it for debugging purposes.
.Pp
By default some additional features such as indirect CRLs and CRLs
signed by different keys are disabled.

5
lib/libcrypto/man/X509_check_purpose.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_check_purpose.3,v 1.9 2022/12/17 12:48:53 tb Exp $
.\" $OpenBSD: X509_check_purpose.3,v 1.10 2023/04/30 14:49:47 tb Exp $
.\"
.\" Copyright (c) 2019, 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 17 2022 $
.Dd $Mdocdate: April 30 2023 $
.Dt X509_CHECK_PURPOSE 3
.Os
.Sh NAME
@ -412,7 +412,6 @@ can be used as a CA for the
.Xr EXTENDED_KEY_USAGE_new 3 ,
.Xr X509_check_trust 3 ,
.Xr X509_new 3 ,
.Xr X509_policy_check 3 ,
.Xr X509_PURPOSE_set 3 ,
.Xr X509V3_get_d2i 3 ,
.Xr x509v3.cnf 5

5
lib/libcrypto/man/X509_check_trust.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_check_trust.3,v 1.7 2022/12/26 07:18:52 jmc Exp $
.\" $OpenBSD: X509_check_trust.3,v 1.8 2023/04/30 14:49:47 tb Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 26 2022 $
.Dd $Mdocdate: April 30 2023 $
.Dt X509_CHECK_TRUST 3
.Os
.Sh NAME
@ -238,7 +238,6 @@ was never called before.
.Xr X509_CERT_AUX_new 3 ,
.Xr X509_check_purpose 3 ,
.Xr X509_new 3 ,
.Xr X509_policy_check 3 ,
.Xr X509_TRUST_set 3 ,
.Xr X509_VERIFY_PARAM_set_trust 3
.Sh HISTORY

6
lib/libcrypto/man/X509_get_extension_flags.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_get_extension_flags.3,v 1.3 2021/11/11 13:58:59 schwarze Exp $
.\" $OpenBSD: X509_get_extension_flags.3,v 1.4 2023/04/30 19:40:23 tb Exp $
.\" full merge up to: OpenSSL 361136f4 Sep 1 18:56:58 2015 +0100
.\" selective merge up to: OpenSSL 2b2e3106f Feb 16 15:04:45 2021 +0000
.\"
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 11 2021 $
.Dd $Mdocdate: April 30 2023 $
.Dt X509_GET_EXTENSION_FLAGS 3
.Os
.Sh NAME
@ -87,6 +87,7 @@ The certificate contains a basic constraints extension.
The certificate contains basic constraints and asserts the CA flag.
.It Dv EXFLAG_PROXY
The certificate is a valid proxy certificate.
In LibreSSL this flag is never set.
.It Dv EXFLAG_SI
The certificate is self issued (that is subject and issuer names match).
.It Dv EXFLAG_SS
@ -217,7 +218,6 @@ return sets of flags corresponding to the certificate extension values.
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr EXTENDED_KEY_USAGE_new 3 ,
.Xr POLICYINFO_new 3 ,
.Xr PROXY_CERT_INFO_EXTENSION_new 3 ,
.Xr X509_check_ca 3 ,
.Xr X509_check_purpose 3 ,
.Xr X509_EXTENSION_new 3 ,

6
lib/libcrypto/man/X509_new.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_new.3,v 1.36 2021/11/18 10:09:24 schwarze Exp $
.\" $OpenBSD: X509_new.3,v 1.37 2023/04/30 14:49:47 tb Exp $
.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file is a derived work.
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 18 2021 $
.Dd $Mdocdate: April 30 2023 $
.Dt X509_NEW 3
.Os
.Sh NAME
@ -229,8 +229,6 @@ if an error occurs.
.Xr X509_NAME_new 3 ,
.Xr X509_OBJECT_new 3 ,
.Xr X509_PKEY_new 3 ,
.Xr X509_policy_check 3 ,
.Xr X509_policy_tree_level_count 3 ,
.Xr X509_print_ex 3 ,
.Xr X509_PUBKEY_new 3 ,
.Xr X509_PURPOSE_set 3 ,

192
lib/libcrypto/man/X509_policy_check.3
View file

@ -1,192 +0,0 @@
.\" $OpenBSD: X509_policy_check.3,v 1.6 2021/11/11 12:06:25 schwarze Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 11 2021 $
.Dt X509_POLICY_CHECK 3
.Os
.Sh NAME
.Nm X509_policy_check ,
.Nm X509_policy_tree_free
.Nd construct X.509 valid policy tree
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft int
.Fo X509_policy_check
.Fa "X509_POLICY_TREE **ptree"
.Fa "int *pexplicit_policy"
.Fa "STACK_OF(X509) *certs"
.Fa "STACK_OF(ASN1_OBJECT) *policy_oids"
.Fa "unsigned int flags"
.Fc
.Ft void
.Fn X509_policy_tree_free "X509_POLICY_TREE *tree"
.Sh DESCRIPTION
.Fn X509_policy_check
performs those parts of Basic Certification Path Validation
described in RFC 5280 section 6.1 that are related to the
construction of the valid policy tree.
.Pp
The
.Fa certs
input argument contains the prospective certification path
according to RFC 5280 paragraph 6.1.1(a), starting with the
target certificate and ending with the trust anchor.
.Pp
The
.Fa policy_oids
input argument contains the
.Va user-initial-policy-set
according to RFC 5280 section 6.1.1(c).
It specifies a set of certificate policies acceptable to the certificate user.
.Pp
The
.Fa flags
argument can contain zero or more of the following constants, OR'ed together:
.Bl -tag -width Ds
.It Dv X509_V_FLAG_EXPLICIT_POLICY
Set
.Va initial-explicit-policy
as defined by RFC 5280 paragraph 6.1.1(f).
It requires the path to be valid for at least one of the
.Fa policy_oids .
.It Dv X509_V_FLAG_INHIBIT_ANY
Set
.Va initial-any-policy-inhibit
as defined by RFC 5280 paragraph 6.1.1(g).
It causes the
.Sy anyPolicy
OID to be skipped if it is encountered in a certificate.
.It Dv X509_V_FLAG_INHIBIT_MAP
Set
.Va initial-policy-mapping-inhibit
as defined by RFC 5280 paragraph 6.1.1(e).
It disables policy mapping in the certification path.
.El
.Pp
Upon success and in some cases of failure, the storage location pointed to by
.Fa pexplicit_policy
is set to 1 if
.Dv X509_V_FLAG_EXPLICIT_POLICY
was requested.
Otherwise, it is set to 0.
.Pp
In many cases of success and in a few cases of failure, a pointer to the
.Vt valid_policy_tree
output value mentioned in RFC 5280 section 6.1.6 is returned in
.Pf * Fa ptree .
It contains one level for each of the
.Fa certs ,
in reverse order: level 0 corresponds to the trust anchor,
the last level corresponds to the target certificate.
Level 0 is initialized to contain a single node with a
.Fa valid_policy
of
.Sy anyPolicy
and an empty
.Fa qualifier_set .
.Pp
If a policy tree is returned, the reference count of each of the
.Fa certs
is incremented by 1.
In that case, the caller is responsible for calling
.Fn X509_policy_tree_free
to release all memory used by the
.Fa tree
and to decrement the reference counts
of the certificates referenced from it by 1.
If
.Fa tree
is a
.Dv NULL
pointer,
.Fn X509_policy_tree_free
has no effect.
.Sh RETURN VALUES
.Fn X509_policy_check
returns these values:
.Bl -tag -width 2n
.It \-2
Validation failed because
.Dv X509_V_FLAG_EXPLICIT_POLICY
was requested but the resulting policy tree
or the resulting user policy set would have been empty.
In this case,
.Pf * Fa pexplicit_policy
is set to 1.
If the resulting tree is empty,
.Pf * Fa ptree
is set to
.Dv NULL ;
otherwise, it is set to the resulting tree.
.It \-1
At least one of the
.Fa certs
contains invalid or inconsistent extensions.
.Pf * Fa ptree
is set to
.Dv NULL
and
.Pf * Fa pexplicit_policy
to 0.
.It 0
Internal error.
For example, setting up the policy caches failed, or memory allocation
failed while constructing the tree.
.Pf * Fa ptree
is set to
.Dv NULL
and
.Pf * Fa pexplicit_policy
may or may not be set.
.It 1
Validation succeeded and
.Pf * Fa ptree
and
.Pf * Fa pexplicit_policy
have been set.
In the special cases that the
.Fa certs
argument contains exactly one certificate or that
.Dv X509_V_FLAG_EXPLICIT_POLICY
was not requested and at least one of the certificates contains no
certificate policies or the resulting policy tree would have been empty,
.Pf * Fa ptree
is set to
.Dv NULL
and
.Pf * Fa pexplicit_policy
to 0.
.El
.Sh SEE ALSO
.Xr ASN1_OBJECT_new 3 ,
.Xr OBJ_nid2obj 3 ,
.Xr STACK_OF 3 ,
.Xr X509_check_purpose 3 ,
.Xr X509_check_trust 3 ,
.Xr X509_new 3 ,
.Xr X509_policy_tree_get0_policies 3 ,
.Xr X509_policy_tree_level_count 3 ,
.Xr X509_verify_cert 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile,
section 6.1: Basic Path Validation
.Sh HISTORY
.Fn X509_policy_check
and
.Fn X509_policy_tree_free
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .

101
lib/libcrypto/man/X509_policy_tree_get0_policies.3
View file

@ -1,101 +0,0 @@
.\" $OpenBSD: X509_policy_tree_get0_policies.3,v 1.1 2021/11/11 12:06:25 schwarze Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 11 2021 $
.Dt X509_POLICY_TREE_GET0_POLICIES 3
.Os
.Sh NAME
.Nm X509_policy_tree_get0_policies ,
.Nm X509_policy_tree_get0_user_policies
.Nd retrieve arrays of policy tree nodes
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft STACK_OF(X509_POLICY_NODE) *
.Fn X509_policy_tree_get0_policies "const X509_POLICY_TREE *tree"
.Ft STACK_OF(X509_POLICY_NODE) *
.Fn X509_policy_tree_get0_user_policies "const X509_POLICY_TREE *tree"
.Sh DESCRIPTION
The
.Em authority set
and the
.Em user set
are arrays of nodes from a policy
.Fa tree .
.Pp
If the last level of a
.Fa tree ,
or equivalently, all levels of it, contain an
.Sy anyPolicy
node, the authority set contains
only this anyPolicy node from the last level.
Unless the array of
.Fa policy_oids
passed to
.Xr X509_policy_check 3
contained an anyPolicy object,
the user set contains one node for each of the
.Fa policy_oids ;
specifically, the first matching node that is a child of an anyPolicy node.
.Pp
If the last level of the
.Fa tree
does not contain an
.Sy anyPolicy
node, the authority set contains
all non-anyPolicy nodes that are children of anyPolicy nodes.
For each element of the
.Fa policy_oids ,
the user set contains the first node from the authority set
matching it, if any.
.Pp
These functions are intended to be called after
.Xr X509_policy_check 3
was called either directly or indirectly through
.Xr X509_verify_cert 3 .
.Sh RETURN VALUES
.Fn X509_policy_tree_get0_policies
returns an internal pointer to the authority set
or
.Dv NULL
if the
.Fa tree
argument is
.Dv NULL .
.Pp
.Fn X509_policy_tree_get0_user_policies
returns an internal pointer to the user set or
.Dv NULL
if the
.Fa tree
argument is
.Dv NULL
or if the array of
.Fa policy_oids
passed to
.Xr X509_policy_check 3
was empty or contained an anyPolicy object.
.Sh SEE ALSO
.Xr STACK_OF 3 ,
.Xr X509_policy_check 3 ,
.Xr X509_policy_level_get0_node 3 ,
.Xr X509_STORE_CTX_get0_policy_tree 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile,
section 6.1: Basic Path Validation
.Sh HISTORY
These function first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .

178
lib/libcrypto/man/X509_policy_tree_level_count.3
View file

@ -1,178 +0,0 @@
.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.5 2022/09/10 08:50:53 jsg Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: September 10 2022 $
.Dt X509_POLICY_TREE_LEVEL_COUNT 3
.Os
.Sh NAME
.Nm X509_policy_tree_level_count ,
.Nm X509_policy_tree_get0_level ,
.Nm X509_policy_level_node_count ,
.Nm X509_policy_level_get0_node ,
.Nm X509_policy_node_get0_policy ,
.Nm X509_policy_node_get0_qualifiers ,
.Nm X509_policy_node_get0_parent
.Nd inspect X.509 policy tree objects
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft int
.Fn X509_policy_tree_level_count "const X509_POLICY_TREE *tree"
.Ft X509_POLICY_LEVEL *
.Fn X509_policy_tree_get0_level "const X509_POLICY_TREE *tree" "int index"
.Ft int
.Fn X509_policy_level_node_count "X509_POLICY_LEVEL *level"
.Ft X509_POLICY_NODE *
.Fn X509_policy_level_get0_node "X509_POLICY_LEVEL *level" "int index"
.Ft const ASN1_OBJECT *
.Fn X509_policy_node_get0_policy "const X509_POLICY_NODE *node"
.Ft STACK_OF(POLICYQUALINFO) *
.Fn X509_policy_node_get0_qualifiers "const X509_POLICY_NODE *node"
.Ft const X509_POLICY_NODE *
.Fn X509_policy_node_get0_parent "const X509_POLICY_NODE *node"
.Sh DESCRIPTION
The
.Vt X509_POLICY_TREE
object represents a
.Vt valid_policy_tree
as described in RFC 5280 section 6.1.
.Pp
The
.Vt X509_POLICY_LEVEL
object represents one level of such a tree,
corresponding to one certificate.
.Pp
The
.Vt X509_POLICY_NODE
object represents one node in the tree.
.Sh RETURN VALUES
.Fn X509_policy_tree_level_count
returns the number of levels in the
.Fa tree
or 0 if the
.Fa tree
argument is
.Dv NULL .
If it is not 0, it equals the number of certificates in the
certification path the tree was created from, including both
the target certificate and the trust anchor.
.Pp
.Fn X509_policy_tree_get0_level
returns an internal pointer to the level of the
.Fa tree
with the given
.Fa index
or
.Dv NULL
if the
.Fa tree
argument is
.Dv NULL
or the
.Fa index
is less than 0 or greater than or equal to the number of levels in the
.Fa tree .
An
.Fa index
of 0 corresponds to the trust anchor
and the last level corresponds to the target certificate.
.Pp
.Fn X509_policy_level_node_count
returns the number of nodes on the
.Fa level ,
including an
.Sy anyPolicy
node if it is present, or 0 if the
.Fa level
argument is
.Dv NULL .
.Pp
.Fn X509_policy_level_get0_node
returns an internal pointer to the node on the
.Fa level
with the given
.Fa index
or
.Dv NULL
if the
.Fa level
argument is
.Dv NULL
or the
.Fa index
is less than 0 or greater than or equal to the number of nodes on the level.
If an
.Sy anyPolicy
node is present on the level, it can be retrieved by passing an
.Fa index
of 0.
.Pp
.Fn X509_policy_node_get0_policy
returns an internal pointer to the
.Fa valid_policy
child object of the node or
.Dv NULL
if the
.Fa node
argument is
.Dv NULL .
It represents a single policy that is valid for the path
from the trust anchor to the certificate corresponding
to the level containing the
.Fa node .
.Pp
.Fn X509_policy_node_get0_qualifiers
returns an internal pointer to the
.Fa qualifier_set
child object of the node or
.Dv NULL
if the
.Fa node
argument is
.Dv NULL .
It contains the policy qualifiers associated with the
.Fa valid_policy
of the
.Fa node
in the certificate corresponding to the level containing the
.Fa node .
.Pp
.Fn X509_policy_node_get0_parent
returns
.Dv NULL
if the
.Fa node
argument is
.Dv NULL
or located on level 0.
Otherwise, it returns an internal pointer to the parent node of the
.Fa node
argument.
The parent node is always located on the previous level.
.Sh SEE ALSO
.Xr ASN1_OBJECT_new 3 ,
.Xr OBJ_obj2txt 3 ,
.Xr POLICYQUALINFO_new 3 ,
.Xr STACK_OF 3 ,
.Xr X509_new 3 ,
.Xr X509_policy_check 3 ,
.Xr X509_policy_tree_get0_policies 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile,
section 6.1: Basic Path Validation
.Sh HISTORY
These function first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .

97
lib/libcrypto/man/d2i_PROXY_POLICY.3
View file

@ -1,97 +0,0 @@
.\" $OpenBSD: d2i_PROXY_POLICY.3,v 1.2 2018/03/22 22:07:12 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: March 22 2018 $
.Dt D2I_PROXY_POLICY 3
.Os
.Sh NAME
.Nm d2i_PROXY_POLICY ,
.Nm i2d_PROXY_POLICY ,
.Nm d2i_PROXY_CERT_INFO_EXTENSION ,
.Nm i2d_PROXY_CERT_INFO_EXTENSION
.Nd decode and encode X.509 proxy certificate extensions
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft PROXY_POLICY *
.Fo d2i_PROXY_POLICY
.Fa "PROXY_POLICY **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PROXY_POLICY
.Fa "PROXY_POLICY *val_in"
.Fa "unsigned char **der_out"
.Fc
.Ft PROXY_CERT_INFO_EXTENSION *
.Fo d2i_PROXY_CERT_INFO_EXTENSION
.Fa "PROXY_CERT_INFO_EXTENSION **val_out"
.Fa "const unsigned char **der_in"
.Fa "long length"
.Fc
.Ft int
.Fo i2d_PROXY_CERT_INFO_EXTENSION
.Fa "PROXY_CERT_INFO_EXTENSION *val_in"
.Fa "unsigned char **der_out"
.Fc
.Sh DESCRIPTION
These functions encode and decode X.509 extensions that decide
whether a certificate is a proxy certificate, and which policies
apply to it.
For details about the semantics, examples, caveats, and bugs, see
.Xr ASN1_item_d2i 3 .
.Pp
.Fn d2i_PROXY_POLICY
and
.Fn i2d_PROXY_POLICY
decode and encode an ASN.1
.Vt ProxyPolicy
structure defined in RFC 3820 section 3.8.
.Pp
.Fn d2i_PROXY_CERT_INFO_EXTENSION
and
.Fn i2d_PROXY_CERT_INFO_EXTENSION
decode and encode an ASN.1
.Vt ProxyCertInfo
structure defined in RFC 3820 section 3.8.
.Sh RETURN VALUES
.Fn d2i_PROXY_POLICY
and
.Fn d2i_PROXY_CERT_INFO_EXTENSION
return a
.Vt PROXY_POLICY
or
.Vt PROXY_CERT_INFO_EXTENSION
object, respectively, or
.Dv NULL
if an error occurs.
.Pp
.Fn i2d_PROXY_POLICY
and
.Fn i2d_PROXY_CERT_INFO_EXTENSION
return the number of bytes successfully encoded or a negative value
if an error occurs.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr PROXY_POLICY_new 3 ,
.Xr X509_EXTENSION_new 3
.Sh STANDARDS
RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy
Certificate Profile
.Sh HISTORY
These functions first appeared in OpenSSL 0.9.7g
and have been available since
.Ox 3.8 .

11
lib/libcrypto/x509/x509_vfy.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_vfy.c,v 1.118 2023/04/28 16:50:16 beck Exp $ */
/* $OpenBSD: x509_vfy.c,v 1.120 2023/04/30 14:59:52 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -156,14 +156,6 @@ null_callback(int ok, X509_STORE_CTX *e)
return ok;
}
#if 0
static int
x509_subject_cmp(X509 **a, X509 **b)
{
return X509_subject_name_cmp(*a, *b);
}
#endif
/* Return 1 if a certificate is self signed */
static int
cert_self_signed(X509 *x)
@ -1743,7 +1735,6 @@ cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
return 1;
}
int
x509_vfy_check_policy(X509_STORE_CTX *ctx)
{

12
lib/libm/Makefile
View file

@ -1,14 +1,14 @@
# $OpenBSD: Makefile,v 1.123 2022/01/21 03:12:55 gnezdo Exp $
# $NetBSD: Makefile,v 1.28 1995/11/20 22:06:19 jtc Exp $
#
# @(#)Makefile 5.1beta 93/09/24
#
# @(#)Makefile 5.1beta 93/09/24
#
# ====================================================
# Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved.
#
#
# Developed at SunPro, a Sun Microsystems, Inc. business.
# Permission to use, copy, modify, and distribute this
# software is freely granted, provided that this notice
# software is freely granted, provided that this notice
# is preserved.
# ====================================================
@ -130,7 +130,7 @@ PURE_SRCS = s_cabs.c s_cacos.c s_cacosh.c s_carg.c s_casin.c \
s_cimag.c s_cimagf.c s_clog.c s_conj.c s_conjf.c s_cpow.c \
s_creal.c s_crealf.c s_csin.c s_csinh.c s_csqrt.c s_ctan.c \
s_ctanh.c s_fdim.c s_fmax.c s_fmaxf.c s_fmin.c s_fminf.c \
s_cproj.c s_cprojf.c s_round.c s_roundf.c s_scalbln.c s_signgam.c
s_cproj.c s_cprojf.c s_round.c s_roundf.c s_scalbln.c s_signgam.c
SRCS= ${COMMON_SRCS} ${PURE_SRCS}
.if (${MACHINE_ARCH} == "amd64") || (${MACHINE_ARCH} == "i386")
@ -150,7 +150,7 @@ CPPFLAGS+=-I${.CURDIR}/hidden -include namespace.h \
VERSION_SCRIPT= ${.CURDIR}/Symbols.map
# Substitute common sources with any arch specific sources
# Substitute common sources with any arch specific sources
.for i in ${ARCH_SRCS}
SRCS:=${SRCS:S/${i:S/.S/.c/}/$i/}
.endfor

2
lib/libm/arch/amd64/abi.h
View file

@ -22,7 +22,7 @@
#define XMM_ONE_ARG_DOUBLE_PROLOGUE \
movsd %xmm0, ARG_DOUBLE_ONE
#define XMM_TWO_ARG_DOUBLE_PROLOGUE \
movsd %xmm0, ARG_DOUBLE_ONE ; \
movsd %xmm1, ARG_DOUBLE_TWO

2
lib/libm/arch/amd64/e_acos.S
View file

@ -15,7 +15,7 @@ ENTRY(acos)
fldl ARG_DOUBLE_ONE /* x */
fld %st(0)
fmul %st(0) /* x^2 */
fld1
fld1
fsubp /* 1 - x^2 */
fsqrt /* sqrt (1 - x^2) */
fxch %st(1)

2
lib/libm/arch/amd64/e_exp.S
View file

@ -74,7 +74,7 @@ ENTRY(exp)
frndint /* int(x * log2(e)) */
fst %st(2)
fsubrp /* fract(x * log2(e)) */
f2xm1 /* 2^(fract(x * log2(e))) - 1 */
f2xm1 /* 2^(fract(x * log2(e))) - 1 */
fld1
faddp /* 2^(fract(x * log2(e))) */
fscale /* e^x */

2
lib/libm/arch/amd64/s_cos.S
View file

@ -18,7 +18,7 @@ ENTRY(cos)
jnz 1f
XMM_DOUBLE_EPILOGUE
RETGUARD_CHECK(cos, r11)
ret
ret
1: fldpi
fadd %st(0)
fxch %st(1)

2
lib/libm/arch/amd64/s_cosf.S
View file

@ -16,5 +16,5 @@ ENTRY(cosf)
fcos
XMM_FLOAT_EPILOGUE
RETGUARD_CHECK(cosf, r11)
ret
ret
END_STD(cosf)

2
lib/libm/arch/amd64/s_floorf.S
View file

@ -13,7 +13,7 @@ ENTRY(floorf)
fstcw -8(%rsp)
movw -8(%rsp),%dx
orw $0x0400,%dx
andw $0xf7ff,%dx
andw $0xf7ff,%dx
movw %dx,-12(%rsp)
fldcw -12(%rsp)
flds -4(%rsp)

2
lib/libm/arch/amd64/s_log1p.S
View file

@ -36,7 +36,7 @@
* which can be done with just one conditional branch. If x is
* inside this range, we use fyl2xp1. Outside of this range,
* the use of fyl2x is accurate enough.
*
*
*/
ENTRY(log1p)

2
lib/libm/arch/amd64/s_log1pf.S
View file

@ -36,7 +36,7 @@
* which can be done with just one conditional branch. If x is
* inside this range, we use fyl2xp1. Outside of this range,
* the use of fyl2x is accurate enough.
*
*
*/
ENTRY(log1pf)

2
lib/libz/generate_pkgconfig.sh
View file

@ -64,7 +64,7 @@ includedir=\${prefix}/include
Name: zlib
Description: zlib compression library
Version: ${lib_version}
Requires:
Requires:
Libs: -L\${libdir} -lz
Cflags: -I\${includedir}
__EOF__

2
libexec/ld.so/aarch64/ldasm.S
View file

@ -106,7 +106,7 @@ ENTRY(_dl_bind_start)
ldp x2, x3, [sp], #16
ldp x0, x1, [sp], #16
// restore LR saved by PLT stub
// restore LR saved by PLT stub
ldp xzr, x30, [sp], #16
br x17
END(_dl_bind_start)

2
libexec/ld.so/dlfcn.c
View file

@ -101,7 +101,7 @@ dlopen(const char *libname, int flags)
object->obj_flags |= DF_1_NODELETE;
object->nodelete = 1;
}
_dl_link_dlopen(object);
if (OBJECT_REF_CNT(object) > 1) {

2
libexec/ld.so/loader.c
View file

@ -781,7 +781,7 @@ _dl_rtld(elf_object_t *object)
}
}
/*
/*
* TEXTREL binaries are loaded without immutable on un-writeable sections.
* After text relocations are finished, these regions can become
* immutable. OPENBSD_MUTABLE section always overlaps writeable LOADs,

2
libexec/ld.so/powerpc64/ldasm.S
View file

@ -89,7 +89,7 @@ _dl_start:
END(_dl_start)
ENTRY(_dl_bind_start)
# r0 contains offset, do not overwrite
# r0 contains offset, do not overwrite
# r2 ld.so toc is loaded on entry to this function.
mflr %r12
std %r12,16(%r1) # save lr

2
libexec/ld.so/resolve.c
View file

@ -612,7 +612,7 @@ _dl_find_symbol_obj(elf_object_t *obj, struct symlookup *sl)
if (((*hashval ^ hash) >> 1) == 0) {
const Elf_Sym *sym = symt +
(hashval - obj->chains_gnu);
int r = matched_symbol(obj, sym, sl);
if (r)
return r > 0;

2
libexec/security/Makefile
View file

@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.1 2011/03/23 21:13:27 schwarze Exp $
realinstall:
realinstall:
${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \
${.CURDIR}/security ${DESTDIR}${BINDIR}/security

2
libexec/security/security
View file

@ -282,7 +282,7 @@ sub check_ksh {
# is particularly important, so make sure we are really there.
chdir '/root';
# A good .kshrc will not have a umask or path,
# A good .kshrc will not have a umask or path,
# that being set in .profile; check anyway.
foreach my $filename (@list) {
next unless -s $filename;

7
regress/lib/libcrypto/man/check_complete.pl
View file

@ -27,8 +27,8 @@ my %internal = (
bn => [qw(
BN_BITS BN_BITS4 BN_BYTES
BN_DEC_CONV BN_DEC_FMT1 BN_DEC_FMT2 BN_DEC_NUM BN_LLONG BN_LONG
BN_MASK2 BN_MASK2h BN_MASK2h1 BN_MASK2l BN_MUL_COMBA
BN_RECURSION BN_SQR_COMBA BN_TBIT BN_ULLONG
BN_MASK2 BN_MASK2h BN_MASK2h1 BN_MASK2l
BN_TBIT BN_ULLONG
)],
objects => [qw(
OBJ_bsearch OBJ_bsearch_ OBJ_bsearch_ex OBJ_bsearch_ex_
@ -58,9 +58,8 @@ my %obsolete = (
BIO_set_proxy_cb BIO_set_proxy_header BIO_set_url
)],
bn => [qw(
BN_FLG_EXP_CONSTTIME BN_FLG_FREE BN_get_params
BN_HEX_FMT1 BN_HEX_FMT2 BN_MASK
BN_options BN_prime_checks BN_set_params
BN_options BN_prime_checks
)],
objects => [qw(
_DECLARE_OBJ_BSEARCH_CMP_FN

7
regress/lib/libcrypto/x509/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.19 2023/04/28 09:11:35 beck Exp $
# $OpenBSD: Makefile,v 1.21 2023/04/30 05:02:59 tb Exp $
PROGS = constraints verify x509attribute x509name x509req_ext callback
PROGS += expirecallback callbackfailures x509_asn1
@ -13,7 +13,7 @@ CFLAGS += -DLIBRESSL_INTERNAL -Wall -Werror
CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/x509
CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/bytestring
SUBDIR += bettertls rfc3779 policy
SUBDIR += bettertls policy rfc3779
CLEANFILES += x509name.result callback.out
@ -24,9 +24,6 @@ CLEANFILES += x509name.result callback.out
. endif
.endif
run-regress-x509_asn1: x509_asn1
./x509_asn1
run-regress-verify: verify
perl ${.CURDIR}/make-dir-roots.pl ${.CURDIR}/../certs .
./verify ${.CURDIR}/../certs

11
regress/lib/libcrypto/x509/policy/Makefile
View file

@ -1,22 +1,15 @@
# $OpenBSD: Makefile,v 1.3 2023/04/28 16:18:17 tb Exp $
# $OpenBSD: Makefile,v 1.4 2023/04/30 04:55:30 tb Exp $
PROGS = policy
LDADD = -lcrypto
LDADD = ${CRYPTO_INT}
DPADD = ${LIBCRYPTO}
LDADD_policy = ${CRYPTO_INT}
WARNINGS = Yes
CFLAGS += -DLIBRESSL_INTERNAL -Wall -Werror
CFLAGS += -I${.CURDIR}/../../../../../lib/libcrypto/x509
CFLAGS += -I${.CURDIR}/../../../../../lib/libcrypto/bytestring
CFLAGS += -DCERTSDIR=\"${.CURDIR}/../../../libcrypto/x509/policy\"
REGRESS_TARGETS = policy-test
policy-test: policy
./policy
.include "../../Makefile.inc"
.include <bsd.regress.mk>

10
regress/lib/libcrypto/x509/x509_asn1.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_asn1.c,v 1.14 2023/04/28 18:32:40 job Exp $ */
/* $OpenBSD: x509_asn1.c,v 1.15 2023/04/30 21:31:16 tb Exp $ */
/*
* Copyright (c) 2023 Job Snijders <job@openbsd.org>
*
@ -253,7 +253,7 @@ test_x509_setters(void)
x509_set_name(X509_set_issuer_name, &x, "NL");
x509_set_name(X509_set_subject_name, &x, "BE");
// one time creation of the original DER
/* one time creation of the original DER */
if (!X509_sign(x, pkey, EVP_sha256()))
errx(1, "X509_sign");
if ((dersz = i2d_X509(x, &der)) <= 0)
@ -339,7 +339,7 @@ test_x509_crl_setters(void)
x509_crl_set_time(X509_CRL_set_nextUpdate, &xc, 60);
x509_crl_set_name(X509_CRL_set_issuer_name, &xc, "NL");
// one time creation of the original DER
/* one time creation of the original DER */
if (!X509_CRL_sign(xc, pkey, EVP_sha256()))
errx(1, "X509_CRL_sign");
if ((dersz = i2d_X509_CRL(xc, &der)) <= 0)
@ -517,8 +517,8 @@ int main(void)
int failed = 0;
failed |= test_x509_setters();
failed |= test_x509_crl_setters();
failed |= test_x509_req_setters();
/* failed |= */ test_x509_crl_setters();
/* failed |= */ test_x509_req_setters();
OPENSSL_cleanup();

6
sbin/dumpfs/dumpfs.c
View file

@ -219,14 +219,14 @@ dumpfs(int fd, const char *name)
"maxbsize", afs.fs_maxbsize, afs.fs_maxbpg,
afs.fs_maxcontig, afs.fs_contigsumsize);
printf("nbfree\t%jd\tndir\t%jd\tnifree\t%jd\tnffree\t%jd\n",
(intmax_t)afs.fs_cstotal.cs_nbfree,
(intmax_t)afs.fs_cstotal.cs_nbfree,
(intmax_t)afs.fs_cstotal.cs_ndir,
(intmax_t)afs.fs_cstotal.cs_nifree,
(intmax_t)afs.fs_cstotal.cs_nifree,
(intmax_t)afs.fs_cstotal.cs_nffree);
printf("bpg\t%d\tfpg\t%d\tipg\t%u\n",
afs.fs_fpg / afs.fs_frag, afs.fs_fpg, afs.fs_ipg);
printf("nindir\t%d\tinopb\t%u\tmaxfilesize\t%ju\n",
afs.fs_nindir, afs.fs_inopb,
afs.fs_nindir, afs.fs_inopb,
(uintmax_t)afs.fs_maxfilesize);
printf("sbsize\t%d\tcgsize\t%d\tcsaddr\t%jd\tcssize\t%d\n",
afs.fs_sbsize, afs.fs_cgsize, (intmax_t)afs.fs_csaddr,

15
sbin/slaacd/engine.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: engine.c,v 1.84 2022/08/26 00:02:08 kn Exp $ */
/* $OpenBSD: engine.c,v 1.85 2023/04/30 13:08:40 phessler Exp $ */
/*
* Copyright (c) 2017 Florian Obser <florian@openbsd.org>
@ -1927,7 +1927,7 @@ update_iface_ra_prefix(struct slaacd_iface *iface, struct radv *ra,
struct radv_prefix *prefix)
{
struct address_proposal *addr_proposal;
uint32_t remaining_lifetime, pltime, vltime;
uint32_t pltime, vltime;
int found, found_temporary, duplicate_found;
found = found_temporary = duplicate_found = 0;
@ -1966,16 +1966,7 @@ update_iface_ra_prefix(struct slaacd_iface *iface, struct radv *ra,
continue;
}
remaining_lifetime = real_lifetime(&addr_proposal->uptime,
addr_proposal->vltime);
/* RFC 4862 5.5.3 two hours rule */
#define TWO_HOURS 2 * 3600
if (prefix->vltime > TWO_HOURS ||
prefix->vltime >= remaining_lifetime)
vltime = prefix->vltime;
else
vltime = TWO_HOURS;
vltime = prefix->vltime;
if (addr_proposal->temporary) {
struct timespec now;

3
sbin/unwind/frontend.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: frontend.c,v 1.77 2023/02/08 08:01:25 tb Exp $ */
/* $OpenBSD: frontend.c,v 1.78 2023/04/30 23:46:52 jsg Exp $ */
/*
* Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@ -1747,6 +1747,7 @@ tcp_response(int fd, short events, void *arg)
if (errno == EAGAIN || errno == EINTR)
return;
free_pending_query(pq);
return;
}
sldns_buffer_skip(pq->abuf, n);
if (sldns_buffer_remaining(pq->abuf) == 0)

87
sys/arch/amd64/amd64/efi_machdep.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: efi_machdep.c,v 1.5 2023/01/14 12:11:10 kettenis Exp $ */
/* $OpenBSD: efi_machdep.c,v 1.6 2023/04/30 17:24:24 kettenis Exp $ */
/*
* Copyright (c) 2022 Mark Kettenis <kettenis@openbsd.org>
@ -40,8 +40,6 @@ const struct cfattach efi_ca = {
};
void efi_map_runtime(struct efi_softc *);
int efi_gettime(struct todr_chip_handle *, struct timeval *);
int efi_settime(struct todr_chip_handle *, struct timeval *);
label_t efi_jmpbuf;
@ -67,8 +65,6 @@ efi_attach(struct device *parent, struct device *self, void *aux)
uint64_t system_table;
bus_space_handle_t memh;
EFI_SYSTEM_TABLE *st;
EFI_TIME time;
EFI_STATUS status;
uint16_t major, minor;
int i;
@ -121,25 +117,6 @@ efi_attach(struct device *parent, struct device *self, void *aux)
printf(" rev 0x%x\n", st->FirmwareRevision);
}
efi_leave(sc);
if (efi_enter_check(sc))
return;
status = sc->sc_rs->GetTime(&time, NULL);
efi_leave(sc);
if (status != EFI_SUCCESS)
return;
/*
* EDK II implementations provide an implementation of
* GetTime() that returns a fixed compiled-in time on hardware
* without a (supported) RTC. So only use this interface as a
* last resort.
*/
sc->sc_todr.cookie = sc;
sc->sc_todr.todr_gettime = efi_gettime;
sc->sc_todr.todr_settime = efi_settime;
sc->sc_todr.todr_quality = -1000;
todr_attach(&sc->sc_todr);
}
void
@ -243,65 +220,3 @@ efi_leave(struct efi_softc *sc)
lcr3(sc->sc_cr3);
intr_restore(sc->sc_psw);
}
int
efi_gettime(struct todr_chip_handle *handle, struct timeval *tv)
{
struct efi_softc *sc = handle->cookie;
struct clock_ymdhms dt;
EFI_TIME time;
EFI_STATUS status;
if (efi_enter_check(sc))
return EFAULT;
status = sc->sc_rs->GetTime(&time, NULL);
efi_leave(sc);
if (status != EFI_SUCCESS)
return EIO;
dt.dt_year = time.Year;
dt.dt_mon = time.Month;
dt.dt_day = time.Day;
dt.dt_hour = time.Hour;
dt.dt_min = time.Minute;
dt.dt_sec = time.Second;
if (dt.dt_sec > 59 || dt.dt_min > 59 || dt.dt_hour > 23 ||
dt.dt_day > 31 || dt.dt_day == 0 ||
dt.dt_mon > 12 || dt.dt_mon == 0 ||
dt.dt_year < POSIX_BASE_YEAR)
return EINVAL;
tv->tv_sec = clock_ymdhms_to_secs(&dt);
tv->tv_usec = 0;
return 0;
}
int
efi_settime(struct todr_chip_handle *handle, struct timeval *tv)
{
struct efi_softc *sc = handle->cookie;
struct clock_ymdhms dt;
EFI_TIME time;
EFI_STATUS status;
clock_secs_to_ymdhms(tv->tv_sec, &dt);
time.Year = dt.dt_year;
time.Month = dt.dt_mon;
time.Day = dt.dt_day;
time.Hour = dt.dt_hour;
time.Minute = dt.dt_min;
time.Second = dt.dt_sec;
time.Nanosecond = 0;
time.TimeZone = 0;
time.Daylight = 0;
if (efi_enter_check(sc))
return EFAULT;
status = sc->sc_rs->SetTime(&time);
efi_leave(sc);
if (status != EFI_SUCCESS)
return EIO;
return 0;
}

2
sys/arch/amd64/amd64/locore.S
View file

@ -994,7 +994,7 @@ END(intr_fast_exit)
* FPU/"extended CPU state" handling
* int xrstor_user(sfp, mask)
* load given state, returns 0/1 if okay/it trapped
* void fpusave(sfp)
* void fpusave(sfp)
* save current state, but retain it in the FPU
* void fpusavereset(sfp)
* save current state and reset FPU to initial/kernel state

2
sys/arch/arm/arm/fault.c
View file

@ -360,7 +360,7 @@ data_abort_handler(trapframe_t *tf)
p->p_ucred ? (int)p->p_ucred->cr_uid : -1);
sd.signo = SIGKILL;
sd.code = 0;
} else if (error == EACCES)
} else if (error == EACCES)
sd.code = SEGV_ACCERR;
else if (error == EIO) {
sd.signo = SIGBUS;

2
sys/arch/arm/arm/pmap7.c
View file

@ -711,7 +711,7 @@ pmap_free_l2_ptp(pt_entry_t *l2)
* bucket/page table in place.
*
* Note that if a new L2 bucket/page was allocated, the caller *must*
* increment the bucket occupancy counter appropriately *before*
* increment the bucket occupancy counter appropriately *before*
* releasing the pmap's lock to ensure no other thread or cpu deallocates
* the bucket/page in the meantime.
*/

2
sys/arch/arm64/dev/apldc.c
View file

@ -846,7 +846,7 @@ apldchidev_wait(struct apldchidev_softc *sc)
}
return;
}
while (sc->sc_busy) {
error = tsleep_nsec(sc, PZERO, "apldcwt", SEC_TO_NSEC(1));
if (error == EWOULDBLOCK)

4
sys/arch/octeon/stand/boot/Makefile
View file

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.11 2023/04/28 08:45:26 krw Exp $
# $OpenBSD: Makefile,v 1.12 2023/04/30 22:28:27 krw Exp $
NOMAN=
#MAN= boot.8
RDBOOT= ${.CURDIR}/../rdboot/obj/rdboot
MRDISKTYPE= rdroot
MRDISKTYPE= rdboot
MRMAKEFSARGS= -o disklabel=${MRDISKTYPE},minfree=0,density=1024
.if ${MACHINE} == "octeon"

3
sys/dev/pci/drm/amd/amdgpu/amdgpu_devlist.h
View file

@ -205,7 +205,8 @@ static const struct pci_matchid amdgpu_devices[] = {
/* GC 11.0.0, DCN 3.2.0, dGPU, Radeon RX 7900 XT/XTX "Navi 31" */
{0x1002, 0x744c },
/* GC 11.0.1, DCN 3.1.4, APU */
/* GC 11.0.1, DCN 3.1.4, APU, Ryzen 7040 "Phoenix" */
{0x1002, 0x15bf },
/* GC 11.0.2, DCN 3.2.1, dGPU, "Navi 33" */
{0x1002, 0x7480 },

Some files were not shown because too many files have changed in this diff Show more