git: 389449887c64 - stable/13 - Merge commit 'd84e570b54961e8874bbd8de25635eb96be0977e'

From: Gordon Bergling <gbe_at_FreeBSD.org>
Date: Sun, 16 Apr 2023 09:28:58 UTC
The branch stable/13 has been updated by gbe:

URL: https://cgit.FreeBSD.org/src/commit/?id=389449887c6426def0510c5861e0af9973f1ed08

commit 389449887c6426def0510c5861e0af9973f1ed08
Author:     Simon J. Gerraty <sjg@FreeBSD.org>
AuthorDate: 2023-02-21 06:13:27 +0000
Commit:     Gordon Bergling <gbe@FreeBSD.org>
CommitDate: 2023-04-16 07:27:42 +0000

    Merge commit 'd84e570b54961e8874bbd8de25635eb96be0977e'
    
    This unbreaks the build for WITH_BEARSSL=1 on stable/13.
    
    (cherry picked from commit 9c474dc51b0b09ff81339caee6772e454dd470e4)
---
 contrib/bearssl/flist                       | 459 ----------------------------
 contrib/bearssl/inc/bearssl.h               |  13 +
 contrib/bearssl/src/rsa/rsa_i62_keygen.c    |   4 +-
 contrib/bearssl/src/rsa/rsa_pss_sig_unpad.c |   2 +-
 4 files changed, 16 insertions(+), 462 deletions(-)

diff --git a/contrib/bearssl/flist b/contrib/bearssl/flist
deleted file mode 100644
index 9751ad231065..000000000000
--- a/contrib/bearssl/flist
+++ /dev/null
@@ -1,459 +0,0 @@
-T0/BlobWriter.cs
-T0/CPU.cs
-T0/CodeElement.cs
-T0/CodeElementJump.cs
-T0/CodeElementUInt.cs
-T0/CodeElementUIntExpr.cs
-T0/CodeElementUIntInt.cs
-T0/CodeElementUIntUInt.cs
-T0/ConstData.cs
-T0/Opcode.cs
-T0/OpcodeCall.cs
-T0/OpcodeConst.cs
-T0/OpcodeGetLocal.cs
-T0/OpcodeJump.cs
-T0/OpcodeJumpIf.cs
-T0/OpcodeJumpIfNot.cs
-T0/OpcodeJumpUncond.cs
-T0/OpcodePutLocal.cs
-T0/OpcodeRet.cs
-T0/SType.cs
-T0/T0Comp.cs
-T0/TPointerBase.cs
-T0/TPointerBlob.cs
-T0/TPointerExpr.cs
-T0/TPointerNull.cs
-T0/TPointerXT.cs
-T0/TValue.cs
-T0/Word.cs
-T0/WordBuilder.cs
-T0/WordData.cs
-T0/WordInterpreted.cs
-T0/WordNative.cs
-T0/kern.t0
-conf/Unix.mk
-conf/Unix32.mk
-conf/UnixClang.mk
-conf/Win.mk
-conf/samd20.mk
-inc/bearssl.h
-inc/bearssl_aead.h
-inc/bearssl_block.h
-inc/bearssl_ec.h
-inc/bearssl_hash.h
-inc/bearssl_hmac.h
-inc/bearssl_kdf.h
-inc/bearssl_pem.h
-inc/bearssl_prf.h
-inc/bearssl_rand.h
-inc/bearssl_rsa.h
-inc/bearssl_ssl.h
-inc/bearssl_x509.h
-mk/Defaults.mk
-mk/NMake.mk
-mk/Rules.mk
-mk/SingleUnix.mk
-mk/mkT0.cmd
-mk/mkT0.sh
-mk/mkrules.sh
-samples/README.txt
-samples/cert-ee-ec+rsa.pem
-samples/cert-ee-ec.pem
-samples/cert-ee-rsa.pem
-samples/cert-ica-ec.pem
-samples/cert-ica-rsa.pem
-samples/cert-root-ec.pem
-samples/cert-root-rsa.pem
-samples/chain-ec+rsa.h
-samples/chain-ec.h
-samples/chain-rsa.h
-samples/client_basic.c
-samples/custom_profile.c
-samples/key-ec.h
-samples/key-ee-ec.pem
-samples/key-ee-rsa.pem
-samples/key-ica-ec.pem
-samples/key-ica-rsa.pem
-samples/key-root-ec.pem
-samples/key-root-rsa.pem
-samples/key-rsa.h
-samples/server_basic.c
-src/aead/ccm.c
-src/aead/eax.c
-src/aead/gcm.c
-src/codec/ccopy.c
-src/codec/dec16be.c
-src/codec/dec16le.c
-src/codec/dec32be.c
-src/codec/dec32le.c
-src/codec/dec64be.c
-src/codec/dec64le.c
-src/codec/enc16be.c
-src/codec/enc16le.c
-src/codec/enc32be.c
-src/codec/enc32le.c
-src/codec/enc64be.c
-src/codec/enc64le.c
-src/codec/pemdec.c
-src/codec/pemdec.t0
-src/codec/pemenc.c
-src/config.h
-src/ec/ec_all_m15.c
-src/ec/ec_all_m31.c
-src/ec/ec_c25519_i15.c
-src/ec/ec_c25519_i31.c
-src/ec/ec_c25519_m15.c
-src/ec/ec_c25519_m31.c
-src/ec/ec_c25519_m62.c
-src/ec/ec_c25519_m64.c
-src/ec/ec_curve25519.c
-src/ec/ec_default.c
-src/ec/ec_keygen.c
-src/ec/ec_p256_m15.c
-src/ec/ec_p256_m31.c
-src/ec/ec_p256_m62.c
-src/ec/ec_p256_m64.c
-src/ec/ec_prime_i15.c
-src/ec/ec_prime_i31.c
-src/ec/ec_pubkey.c
-src/ec/ec_secp256r1.c
-src/ec/ec_secp384r1.c
-src/ec/ec_secp521r1.c
-src/ec/ecdsa_atr.c
-src/ec/ecdsa_default_sign_asn1.c
-src/ec/ecdsa_default_sign_raw.c
-src/ec/ecdsa_default_vrfy_asn1.c
-src/ec/ecdsa_default_vrfy_raw.c
-src/ec/ecdsa_i15_bits.c
-src/ec/ecdsa_i15_sign_asn1.c
-src/ec/ecdsa_i15_sign_raw.c
-src/ec/ecdsa_i15_vrfy_asn1.c
-src/ec/ecdsa_i15_vrfy_raw.c
-src/ec/ecdsa_i31_bits.c
-src/ec/ecdsa_i31_sign_asn1.c
-src/ec/ecdsa_i31_sign_raw.c
-src/ec/ecdsa_i31_vrfy_asn1.c
-src/ec/ecdsa_i31_vrfy_raw.c
-src/ec/ecdsa_rta.c
-src/hash/dig_oid.c
-src/hash/dig_size.c
-src/hash/ghash_ctmul.c
-src/hash/ghash_ctmul32.c
-src/hash/ghash_ctmul64.c
-src/hash/ghash_pclmul.c
-src/hash/ghash_pwr8.c
-src/hash/md5.c
-src/hash/md5sha1.c
-src/hash/mgf1.c
-src/hash/multihash.c
-src/hash/sha1.c
-src/hash/sha2big.c
-src/hash/sha2small.c
-src/inner.h
-src/int/i15_add.c
-src/int/i15_bitlen.c
-src/int/i15_decmod.c
-src/int/i15_decode.c
-src/int/i15_decred.c
-src/int/i15_encode.c
-src/int/i15_fmont.c
-src/int/i15_iszero.c
-src/int/i15_moddiv.c
-src/int/i15_modpow.c
-src/int/i15_modpow2.c
-src/int/i15_montmul.c
-src/int/i15_mulacc.c
-src/int/i15_muladd.c
-src/int/i15_ninv15.c
-src/int/i15_reduce.c
-src/int/i15_rshift.c
-src/int/i15_sub.c
-src/int/i15_tmont.c
-src/int/i31_add.c
-src/int/i31_bitlen.c
-src/int/i31_decmod.c
-src/int/i31_decode.c
-src/int/i31_decred.c
-src/int/i31_encode.c
-src/int/i31_fmont.c
-src/int/i31_iszero.c
-src/int/i31_moddiv.c
-src/int/i31_modpow.c
-src/int/i31_modpow2.c
-src/int/i31_montmul.c
-src/int/i31_mulacc.c
-src/int/i31_muladd.c
-src/int/i31_ninv31.c
-src/int/i31_reduce.c
-src/int/i31_rshift.c
-src/int/i31_sub.c
-src/int/i31_tmont.c
-src/int/i32_add.c
-src/int/i32_bitlen.c
-src/int/i32_decmod.c
-src/int/i32_decode.c
-src/int/i32_decred.c
-src/int/i32_div32.c
-src/int/i32_encode.c
-src/int/i32_fmont.c
-src/int/i32_iszero.c
-src/int/i32_modpow.c
-src/int/i32_montmul.c
-src/int/i32_mulacc.c
-src/int/i32_muladd.c
-src/int/i32_ninv32.c
-src/int/i32_reduce.c
-src/int/i32_sub.c
-src/int/i32_tmont.c
-src/int/i62_modpow2.c
-src/kdf/hkdf.c
-src/kdf/shake.c
-src/mac/hmac.c
-src/mac/hmac_ct.c
-src/rand/aesctr_drbg.c
-src/rand/hmac_drbg.c
-src/rand/sysrng.c
-src/rsa/rsa_default_keygen.c
-src/rsa/rsa_default_modulus.c
-src/rsa/rsa_default_oaep_decrypt.c
-src/rsa/rsa_default_oaep_encrypt.c
-src/rsa/rsa_default_pkcs1_sign.c
-src/rsa/rsa_default_pkcs1_vrfy.c
-src/rsa/rsa_default_priv.c
-src/rsa/rsa_default_privexp.c
-src/rsa/rsa_default_pss_sign.c
-src/rsa/rsa_default_pss_vrfy.c
-src/rsa/rsa_default_pub.c
-src/rsa/rsa_default_pubexp.c
-src/rsa/rsa_i15_keygen.c
-src/rsa/rsa_i15_modulus.c
-src/rsa/rsa_i15_oaep_decrypt.c
-src/rsa/rsa_i15_oaep_encrypt.c
-src/rsa/rsa_i15_pkcs1_sign.c
-src/rsa/rsa_i15_pkcs1_vrfy.c
-src/rsa/rsa_i15_priv.c
-src/rsa/rsa_i15_privexp.c
-src/rsa/rsa_i15_pss_sign.c
-src/rsa/rsa_i15_pss_vrfy.c
-src/rsa/rsa_i15_pub.c
-src/rsa/rsa_i15_pubexp.c
-src/rsa/rsa_i31_keygen.c
-src/rsa/rsa_i31_keygen_inner.c
-src/rsa/rsa_i31_modulus.c
-src/rsa/rsa_i31_oaep_decrypt.c
-src/rsa/rsa_i31_oaep_encrypt.c
-src/rsa/rsa_i31_pkcs1_sign.c
-src/rsa/rsa_i31_pkcs1_vrfy.c
-src/rsa/rsa_i31_priv.c
-src/rsa/rsa_i31_privexp.c
-src/rsa/rsa_i31_pss_sign.c
-src/rsa/rsa_i31_pss_vrfy.c
-src/rsa/rsa_i31_pub.c
-src/rsa/rsa_i31_pubexp.c
-src/rsa/rsa_i32_oaep_decrypt.c
-src/rsa/rsa_i32_oaep_encrypt.c
-src/rsa/rsa_i32_pkcs1_sign.c
-src/rsa/rsa_i32_pkcs1_vrfy.c
-src/rsa/rsa_i32_priv.c
-src/rsa/rsa_i32_pss_sign.c
-src/rsa/rsa_i32_pss_vrfy.c
-src/rsa/rsa_i32_pub.c
-src/rsa/rsa_i62_keygen.c
-src/rsa/rsa_i62_oaep_decrypt.c
-src/rsa/rsa_i62_oaep_encrypt.c
-src/rsa/rsa_i62_pkcs1_sign.c
-src/rsa/rsa_i62_pkcs1_vrfy.c
-src/rsa/rsa_i62_priv.c
-src/rsa/rsa_i62_pss_sign.c
-src/rsa/rsa_i62_pss_vrfy.c
-src/rsa/rsa_i62_pub.c
-src/rsa/rsa_oaep_pad.c
-src/rsa/rsa_oaep_unpad.c
-src/rsa/rsa_pkcs1_sig_pad.c
-src/rsa/rsa_pkcs1_sig_unpad.c
-src/rsa/rsa_pss_sig_pad.c
-src/rsa/rsa_pss_sig_unpad.c
-src/rsa/rsa_ssl_decrypt.c
-src/settings.c
-src/ssl/prf.c
-src/ssl/prf_md5sha1.c
-src/ssl/prf_sha256.c
-src/ssl/prf_sha384.c
-src/ssl/ssl_ccert_single_ec.c
-src/ssl/ssl_ccert_single_rsa.c
-src/ssl/ssl_client.c
-src/ssl/ssl_client_default_rsapub.c
-src/ssl/ssl_client_full.c
-src/ssl/ssl_engine.c
-src/ssl/ssl_engine_default_aescbc.c
-src/ssl/ssl_engine_default_aesccm.c
-src/ssl/ssl_engine_default_aesgcm.c
-src/ssl/ssl_engine_default_chapol.c
-src/ssl/ssl_engine_default_descbc.c
-src/ssl/ssl_engine_default_ec.c
-src/ssl/ssl_engine_default_ecdsa.c
-src/ssl/ssl_engine_default_rsavrfy.c
-src/ssl/ssl_hashes.c
-src/ssl/ssl_hs_client.c
-src/ssl/ssl_hs_client.t0
-src/ssl/ssl_hs_common.t0
-src/ssl/ssl_hs_server.c
-src/ssl/ssl_hs_server.t0
-src/ssl/ssl_io.c
-src/ssl/ssl_keyexport.c
-src/ssl/ssl_lru.c
-src/ssl/ssl_rec_cbc.c
-src/ssl/ssl_rec_ccm.c
-src/ssl/ssl_rec_chapol.c
-src/ssl/ssl_rec_gcm.c
-src/ssl/ssl_scert_single_ec.c
-src/ssl/ssl_scert_single_rsa.c
-src/ssl/ssl_server.c
-src/ssl/ssl_server_full_ec.c
-src/ssl/ssl_server_full_rsa.c
-src/ssl/ssl_server_mine2c.c
-src/ssl/ssl_server_mine2g.c
-src/ssl/ssl_server_minf2c.c
-src/ssl/ssl_server_minf2g.c
-src/ssl/ssl_server_minr2g.c
-src/ssl/ssl_server_minu2g.c
-src/ssl/ssl_server_minv2g.c
-src/symcipher/aes_big_cbcdec.c
-src/symcipher/aes_big_cbcenc.c
-src/symcipher/aes_big_ctr.c
-src/symcipher/aes_big_ctrcbc.c
-src/symcipher/aes_big_dec.c
-src/symcipher/aes_big_enc.c
-src/symcipher/aes_common.c
-src/symcipher/aes_ct.c
-src/symcipher/aes_ct64.c
-src/symcipher/aes_ct64_cbcdec.c
-src/symcipher/aes_ct64_cbcenc.c
-src/symcipher/aes_ct64_ctr.c
-src/symcipher/aes_ct64_ctrcbc.c
-src/symcipher/aes_ct64_dec.c
-src/symcipher/aes_ct64_enc.c
-src/symcipher/aes_ct_cbcdec.c
-src/symcipher/aes_ct_cbcenc.c
-src/symcipher/aes_ct_ctr.c
-src/symcipher/aes_ct_ctrcbc.c
-src/symcipher/aes_ct_dec.c
-src/symcipher/aes_ct_enc.c
-src/symcipher/aes_pwr8.c
-src/symcipher/aes_pwr8_cbcdec.c
-src/symcipher/aes_pwr8_cbcenc.c
-src/symcipher/aes_pwr8_ctr.c
-src/symcipher/aes_pwr8_ctrcbc.c
-src/symcipher/aes_small_cbcdec.c
-src/symcipher/aes_small_cbcenc.c
-src/symcipher/aes_small_ctr.c
-src/symcipher/aes_small_ctrcbc.c
-src/symcipher/aes_small_dec.c
-src/symcipher/aes_small_enc.c
-src/symcipher/aes_x86ni.c
-src/symcipher/aes_x86ni_cbcdec.c
-src/symcipher/aes_x86ni_cbcenc.c
-src/symcipher/aes_x86ni_ctr.c
-src/symcipher/aes_x86ni_ctrcbc.c
-src/symcipher/chacha20_ct.c
-src/symcipher/chacha20_sse2.c
-src/symcipher/des_ct.c
-src/symcipher/des_ct_cbcdec.c
-src/symcipher/des_ct_cbcenc.c
-src/symcipher/des_support.c
-src/symcipher/des_tab.c
-src/symcipher/des_tab_cbcdec.c
-src/symcipher/des_tab_cbcenc.c
-src/symcipher/poly1305_ctmul.c
-src/symcipher/poly1305_ctmul32.c
-src/symcipher/poly1305_ctmulq.c
-src/symcipher/poly1305_i15.c
-src/x509/asn1.t0
-src/x509/asn1enc.c
-src/x509/encode_ec_pk8der.c
-src/x509/encode_ec_rawder.c
-src/x509/encode_rsa_pk8der.c
-src/x509/encode_rsa_rawder.c
-src/x509/skey_decoder.c
-src/x509/skey_decoder.t0
-src/x509/x509_decoder.c
-src/x509/x509_decoder.t0
-src/x509/x509_knownkey.c
-src/x509/x509_minimal.c
-src/x509/x509_minimal.t0
-src/x509/x509_minimal_full.c
-test/test_crypto.c
-test/test_math.c
-test/test_speed.c
-test/test_x509.c
-test/x509/alltests.txt
-test/x509/dn-ee.der
-test/x509/dn-ica1.der
-test/x509/dn-ica2.der
-test/x509/dn-root-new.der
-test/x509/dn-root.der
-test/x509/ee-badsig1.crt
-test/x509/ee-badsig2.crt
-test/x509/ee-cp1.crt
-test/x509/ee-cp2.crt
-test/x509/ee-cp3.crt
-test/x509/ee-cp4.crt
-test/x509/ee-dates.crt
-test/x509/ee-md5.crt
-test/x509/ee-names.crt
-test/x509/ee-names2.crt
-test/x509/ee-names3.crt
-test/x509/ee-names4.crt
-test/x509/ee-p256-sha1.crt
-test/x509/ee-p256-sha224.crt
-test/x509/ee-p256-sha256.crt
-test/x509/ee-p256-sha384.crt
-test/x509/ee-p256-sha512.crt
-test/x509/ee-p256.crt
-test/x509/ee-p384.crt
-test/x509/ee-p521.crt
-test/x509/ee-sha1.crt
-test/x509/ee-sha224.crt
-test/x509/ee-sha384.crt
-test/x509/ee-sha512.crt
-test/x509/ee-trailing.crt
-test/x509/ee.crt
-test/x509/ica1-1016.crt
-test/x509/ica1-1017.crt
-test/x509/ica1-4096.crt
-test/x509/ica1-p256.crt
-test/x509/ica1-p384.crt
-test/x509/ica1-p521.crt
-test/x509/ica1.crt
-test/x509/ica2-1016.crt
-test/x509/ica2-1017.crt
-test/x509/ica2-4096.crt
-test/x509/ica2-notCA.crt
-test/x509/ica2-p256.crt
-test/x509/ica2-p384.crt
-test/x509/ica2-p521.crt
-test/x509/ica2.crt
-test/x509/junk.crt
-test/x509/names.crt
-test/x509/root-p256.crt
-test/x509/root-p384.crt
-test/x509/root-p521.crt
-test/x509/root.crt
-tools/brssl.c
-tools/brssl.h
-tools/certs.c
-tools/chain.c
-tools/client.c
-tools/errors.c
-tools/files.c
-tools/impl.c
-tools/keys.c
-tools/names.c
-tools/server.c
-tools/skey.c
-tools/sslio.c
-tools/ta.c
-tools/twrch.c
-tools/vector.c
-tools/verify.c
-tools/xmem.c
diff --git a/contrib/bearssl/inc/bearssl.h b/contrib/bearssl/inc/bearssl.h
index 4f4797cf7937..310edb258d8d 100644
--- a/contrib/bearssl/inc/bearssl.h
+++ b/contrib/bearssl/inc/bearssl.h
@@ -137,6 +137,10 @@
 #include "bearssl_x509.h"
 #include "bearssl_pem.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /** \brief Type for a configuration option.
  *
  * A "configuration option" is a value that is selected when the BearSSL
@@ -167,4 +171,13 @@ typedef struct {
  */
 const br_config_option *br_get_config(void);
 
+/* ======================================================================= */
+
+/** \brief Version feature: support for time callback. */
+#define BR_FEATURE_X509_TIME_CALLBACK   1
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif
diff --git a/contrib/bearssl/src/rsa/rsa_i62_keygen.c b/contrib/bearssl/src/rsa/rsa_i62_keygen.c
index 8f55c3759082..992fe97e6ff1 100644
--- a/contrib/bearssl/src/rsa/rsa_i62_keygen.c
+++ b/contrib/bearssl/src/rsa/rsa_i62_keygen.c
@@ -40,7 +40,7 @@ br_rsa_i62_keygen(const br_prng_class **rng,
 
 /* see bearssl_rsa.h */
 br_rsa_keygen
-br_rsa_i62_keygen_get()
+br_rsa_i62_keygen_get(void)
 {
 	return &br_rsa_i62_keygen;
 }
@@ -49,7 +49,7 @@ br_rsa_i62_keygen_get()
 
 /* see bearssl_rsa.h */
 br_rsa_keygen
-br_rsa_i62_keygen_get()
+br_rsa_i62_keygen_get(void)
 {
 	return 0;
 }
diff --git a/contrib/bearssl/src/rsa/rsa_pss_sig_unpad.c b/contrib/bearssl/src/rsa/rsa_pss_sig_unpad.c
index a9f8ca3ac10f..0c6ae9990a09 100644
--- a/contrib/bearssl/src/rsa/rsa_pss_sig_unpad.c
+++ b/contrib/bearssl/src/rsa/rsa_pss_sig_unpad.c
@@ -114,7 +114,7 @@ br_rsa_pss_sig_unpad(const br_hash_class *hf_data,
 	 * in the string.
 	 */
 	for (u = 0; u < hash_len; u ++) {
-		r |= tmp[u] ^ x[(xlen - salt_len - 1) + u];
+		r |= tmp[u] ^ x[(xlen - hash_len - 1) + u];
 	}
 
 	return EQ0(r);