From 388947454deffdb6c750bb58e790f6c7045b352a Mon Sep 17 00:00:00 2001 From: purplerain Date: Tue, 28 Nov 2023 11:53:04 +0000 Subject: [PATCH] sync with OpenBSD -current --- lib/libcrypto/cert.pem | 622 +++++++++++++++++---------- lib/libcrypto/ocsp/ocsp_ht.c | 4 +- lib/libssl/tls13_legacy.c | 10 +- regress/lib/libcrypto/evp/evp_test.c | 137 +++++- sys/arch/amd64/amd64/vmm_support.S | 20 +- sys/arch/amd64/include/vmmvar.h | 6 +- sys/dev/ic/cac.c | 4 +- sys/dev/ic/mfi.c | 4 +- sys/dev/usb/usbdevs | 6 +- sys/dev/usb/usbdevs.h | 8 +- sys/dev/usb/usbdevs_data.h | 12 +- sys/kern/uipc_usrreq.c | 4 +- sys/net/if_etherip.c | 6 +- sys/net/if_gif.c | 6 +- sys/net/if_gre.c | 10 +- sys/net/if_vxlan.c | 8 +- sys/net/pfkeyv2_convert.c | 8 +- sys/net/pipex.c | 5 +- sys/netinet/in_pcb.h | 10 +- sys/netinet/ip_ipip.c | 6 +- sys/netinet/tcp_input.c | 7 +- sys/netinet/tcp_usrreq.c | 6 +- sys/netinet/udp_usrreq.c | 12 +- sys/netinet6/icmp6.c | 8 +- sys/netinet6/in6.h | 7 +- sys/netinet6/in6_pcb.c | 10 +- sys/netinet6/in6_src.c | 32 +- sys/netinet6/ip6_output.c | 4 +- sys/netinet6/raw_ip6.c | 10 +- sys/netinet6/udp6_output.c | 5 +- 30 files changed, 670 insertions(+), 327 deletions(-) diff --git a/lib/libcrypto/cert.pem b/lib/libcrypto/cert.pem index 524fb490d..0dd54a2a2 100644 --- a/lib/libcrypto/cert.pem +++ b/lib/libcrypto/cert.pem @@ -1,4 +1,4 @@ -# $OpenBSD: cert.pem,v 1.27 2023/11/27 19:27:21 tb Exp $ +# $OpenBSD: cert.pem,v 1.28 2023/11/27 21:44:21 tb Exp $ ### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 === /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 @@ -785,6 +785,91 @@ maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed -----END CERTIFICATE----- +=== /CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3d:98:3b:a6:66:3d:90:63:f7:7e:26:57:38:04:ef:00 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Apr 22 09:26:23 2021 GMT + Not After : Apr 17 09:26:22 2041 GMT + Subject: CN=Atos TrustedRoot Root CA ECC TLS 2021, O=Atos, C=DE + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 76:28:25:D6:7D:E0:66:9A:7A:09:B2:6A:3B:8E:33:D7:36:D3:4F:A2 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=9E:BC:75:10:42:B3:02:F3:81:F4:F7:30:62:D4:8F:C3:A7:51:B2:DD +SHA256 Fingerprint=B2:FA:E5:3E:14:CC:D7:AB:92:12:06:47:01:AE:27:9C:1D:89:88:FA:CB:77:5F:A8:A0:08:91:4E:66:39:88:A8 +-----BEGIN CERTIFICATE----- +MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w +LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w +CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 +MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF +Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X +tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4 +AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2 +KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD +aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu +CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo +9H1/IISpQuQo +-----END CERTIFICATE----- +=== /CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 53:d5:cf:e6:19:93:0b:fb:2b:05:12:d8:c2:2a:a2:a4 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Apr 22 09:21:10 2021 GMT + Not After : Apr 17 09:21:09 2041 GMT + Subject: CN=Atos TrustedRoot Root CA RSA TLS 2021, O=Atos, C=DE + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 74:49:99:D1:FF:B4:7A:68:45:75:C3:7E:B4:DC:CC:CE:39:33:DA:08 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=18:52:3B:0D:06:37:E4:D6:3A:DF:23:E4:98:FB:5B:16:FB:86:74:48 +SHA256 Fingerprint=81:A9:08:8E:A5:9F:B3:64:C5:48:A6:F8:55:59:09:9B:6F:04:05:EF:BF:18:E5:32:4E:C9:F4:57:BA:00:11:2F +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM +MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx +MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 +MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD +QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z +4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv +Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ +kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs +GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln +nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh +3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD +0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy +geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8 +ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB +c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI +pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS +4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs +o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ +qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw +xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM +rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4 +AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR +0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY +o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5 +dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE +oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ== +-----END CERTIFICATE----- ### Baltimore @@ -829,6 +914,95 @@ ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp -----END CERTIFICATE----- +### BEIJING CERTIFICATE AUTHORITY + +=== /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 55:6f:65:e3:b4:d9:90:6a:1b:09:d1:6c:3e:c0:6c:20 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 19 03:16:17 2019 GMT + Not After : Dec 12 03:16:17 2044 GMT + Subject: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA1 + X509v3 extensions: + X509v3 Subject Key Identifier: + C5:EF:ED:CC:D8:8D:21:C6:48:E4:E3:D7:14:2E:A7:16:93:E5:98:01 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=D5:EC:8D:7B:4C:BA:79:F4:E7:E8:CB:9D:6B:AE:77:83:10:03:21:6A +SHA256 Fingerprint=F3:89:6F:88:FE:7C:0A:88:27:66:A7:FA:6A:D2:74:9F:B5:7A:7F:3E:98:FB:76:9C:1F:A7:B0:9C:2C:44:D5:AE +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU +MQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI +T1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz +MTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF +SUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh +bCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z +xRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ +spDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5 +58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR +at7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll +5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq +nMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK +V0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/ +pj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO +z2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn +jSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+ +WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF +7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4 +YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli +awLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u ++2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88 +X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN +SoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo +P2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI ++pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz +znfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9 +eVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2 +YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy +r/6zcCwupvI= +-----END CERTIFICATE----- +=== /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2c:17:08:7d:64:2a:c0:fe:85:18:59:06:cf:b4:4a:eb + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Dec 19 03:18:21 2019 GMT + Not After : Dec 12 03:18:21 2044 GMT + Subject: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA2 + X509v3 extensions: + X509v3 Subject Key Identifier: + D2:4A:B1:51:7F:06:F0:D1:82:1F:4E:6E:5F:AB:83:FC:48:D4:B0:91 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=F4:27:86:EB:6E:B8:6D:88:31:67:02:FB:BA:66:A4:53:00:AA:7A:A6 +SHA256 Fingerprint=57:4D:F6:93:1E:27:80:39:66:7B:72:0A:FD:C1:60:0F:C2:7E:B6:6D:D3:09:29:79:FB:73:85:64:87:21:28:82 +-----BEGIN CERTIFICATE----- +MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw +CQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ +VFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy +MVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ +TkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS +b290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B +IgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+ ++kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK +sVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA +94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B +43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w== +-----END CERTIFICATE----- + ### Buypass AS-983163327 === /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA @@ -1280,61 +1454,6 @@ W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- -### Comodo CA Limited - -=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Validity - Not Before: Jan 1 00:00:00 2004 GMT - Not After : Dec 31 23:59:59 2028 GMT - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services - X509v3 extensions: - X509v3 Subject Key Identifier: - A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.comodoca.com/AAACertificateServices.crl - - Full Name: - URI:http://crl.comodo.net/AAACertificateServices.crl - -SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 -SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4 ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- - ### COMODO CA Limited === /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority @@ -1478,6 +1597,61 @@ QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl NVOFBkpdn627G190 -----END CERTIFICATE----- +### Comodo CA Limited + +=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jan 1 00:00:00 2004 GMT + Not After : Dec 31 23:59:59 2028 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services + X509v3 extensions: + X509v3 Subject Key Identifier: + A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.comodoca.com/AAACertificateServices.crl + + Full Name: + URI:http://crl.comodo.net/AAACertificateServices.crl + +SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 +SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4 +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- + ### D-Trust GmbH === /C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020 @@ -2345,106 +2519,6 @@ aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== -----END CERTIFICATE----- -### E-Tugra EBG A.S. - -=== /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA ECC v3 -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 26:46:19:77:31:e1:4f:6f:28:36:de:39:51:86:e6:d4:97:88:22:c1 - Signature Algorithm: ecdsa-with-SHA384 - Validity - Not Before: Mar 18 09:46:58 2020 GMT - Not After : Mar 12 09:46:58 2045 GMT - Subject: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA ECC v3 - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Authority Key Identifier: - keyid:FF:82:31:72:3E:F9:C4:66:6C:AD:38:9E:D1:B0:51:88:A5:90:CC:F5 - - X509v3 Subject Key Identifier: - FF:82:31:72:3E:F9:C4:66:6C:AD:38:9E:D1:B0:51:88:A5:90:CC:F5 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign -SHA1 Fingerprint=8A:2F:AF:57:53:B1:B0:E6:A1:04:EC:5B:6A:69:71:6D:F6:1C:E2:84 -SHA256 Fingerprint=87:3F:46:85:FA:7F:56:36:25:25:2E:6D:36:BC:D7:F1:6F:C2:49:51:F2:64:E4:7E:1B:95:4F:49:08:CD:CA:13 ------BEGIN CERTIFICATE----- -MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMw -gYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVn -cmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYD -VQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIEVDQyB2MzAeFw0yMDAzMTgwOTQ2 -NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMGQW5r -YXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1Z3Jh -IFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBF -Q0MgdjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQ -KczLWYHMjLiSF4mDKpL2w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YK -fWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMB -Af8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQzPUwHQYDVR0OBBYEFP+C -MXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNp -ADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/6 -7W4WAie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFx -vmjkI6TZraE3 ------END CERTIFICATE----- -=== /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA RSA v3 -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0d:4d:c5:cd:16:22:95:96:08:7e:b8:0b:7f:15:06:34:fb:79:10:34 - Signature Algorithm: sha256WithRSAEncryption - Validity - Not Before: Mar 18 09:07:17 2020 GMT - Not After : Mar 12 09:07:17 2045 GMT - Subject: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA RSA v3 - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Authority Key Identifier: - keyid:B2:B4:AE:E6:2D:F7:26:D5:AA:75:2D:76:4B:C0:1B:53:21:D0:48:EF - - X509v3 Subject Key Identifier: - B2:B4:AE:E6:2D:F7:26:D5:AA:75:2D:76:4B:C0:1B:53:21:D0:48:EF - X509v3 Key Usage: critical - Certificate Sign, CRL Sign -SHA1 Fingerprint=E9:A8:5D:22:14:52:1C:5B:AA:0A:B4:BE:24:6A:23:8A:C9:BA:E2:A9 -SHA256 Fingerprint=EF:66:B0:B1:0A:3C:DB:9F:2E:36:48:C7:6B:D2:AF:18:EA:D2:BF:E6:F1:17:65:5E:28:C4:06:0D:A1:A3:F4:C2 ------BEGIN CERTIFICATE----- -MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQEL -BQAwgYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUt -VHVncmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYw -JAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIFJTQSB2MzAeFw0yMDAzMTgw -OTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMG -QW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1 -Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBD -QSBSU0EgdjMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J7 -7gnJY9LTQ91ew6aEOErxjYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscx -uj7X/iWpKo429NEvx7epXTPcMHD4QGxLsqYxYdE0PD0xesevxKenhOGXpOhL9hd8 -7jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF/YP9f4RtNGx/ardLAQO/ -rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8qQedmCeFL -l+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bG -wzrwbMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4 -znKS4iicvObpCdg604nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBO -M/J+JjKsBY04pOZ2PJ8QaQ5tndLBeSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK -5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiMbIedBi3x7+PmBvrFZhNb/FAH -nnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbgh3cXTJ2w2Amo -DVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD -AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSy -tK7mLfcm1ap1LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL -BQADggIBAImocn+M684uGMQQgC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ -6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN438o2Fi+CiJ+8EUdPdk3ILY7r3y18 -Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/qln0F7psTpURs+APQ -3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3sSdPk -vmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn9 -9t2HVhjYsCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQ -mhty3QUBjYZgv6Rn7rWlDdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YA -VSgU7NbHEqIbZULpkejLPoeJVF3Zr52XnGnnCv8PWniLYypMfUeUP95L6VPQMPHF -9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFHIK+WEj5jlB0E5y67hscM -moi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiXYY60MGo8 -bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZ ------END CERTIFICATE----- - ### eMudhra Inc === /C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign ECC Root CA - C3 @@ -3688,43 +3762,6 @@ vm9qp/UsQu0yrbYhnr68 ### Hongkong Post -=== /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1 -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1000 (0x3e8) - Signature Algorithm: sha1WithRSAEncryption - Validity - Not Before: May 15 05:13:14 2003 GMT - Not After : May 15 04:52:29 2023 GMT - Subject: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1 - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE, pathlen:3 - X509v3 Key Usage: critical - Digital Signature, Non Repudiation, Certificate Sign, CRL Sign -SHA1 Fingerprint=D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 -SHA256 Fingerprint=F9:E6:7D:33:6C:51:00:2A:C0:54:C6:32:02:2D:66:DD:A2:E7:E3:FF:F1:0A:D0:61:ED:31:D8:BB:B4:10:CF:B2 ------BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx -FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg -Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG -A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr -b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ -jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn -PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh -ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 -nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h -q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED -MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC -mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 -7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB -oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs -EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO -fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi -AmvZWg== ------END CERTIFICATE----- === /C=HK/ST=Hong Kong/L=Hong Kong/O=Hongkong Post/CN=Hongkong Post Root CA 3 Certificate: Data: @@ -4907,46 +4944,93 @@ t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 -----END CERTIFICATE----- -### SECOM Trust.net +### Sectigo Limited -=== /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1 +=== /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46 Certificate: Data: Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: + 42:f2:cc:da:1b:69:37:44:5f:15:fe:75:28:10:b8:f4 + Signature Algorithm: ecdsa-with-SHA384 Validity - Not Before: Sep 30 04:20:49 2003 GMT - Not After : Sep 30 04:20:49 2023 GMT - Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 + Not Before: Mar 22 00:00:00 2021 GMT + Not After : Mar 21 23:59:59 2046 GMT + Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root E46 X509v3 extensions: X509v3 Subject Key Identifier: - A0:73:49:99:68:DC:85:5B:65:E3:9B:28:2F:57:9F:BD:33:BC:07:48 - X509v3 Key Usage: - Certificate Sign, CRL Sign + D1:22:DA:4C:59:F1:4B:5F:26:38:AA:9D:D6:EE:EB:0D:C3:FB:A9:61 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE -SHA1 Fingerprint=36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 -SHA256 Fingerprint=E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C +SHA1 Fingerprint=EC:8A:39:6C:40:F0:2E:BC:42:75:D4:9F:AB:1C:1A:5B:67:BE:D2:9A +SHA256 Fingerprint=C9:0F:26:F0:FB:1B:40:18:B2:22:27:51:9B:5C:A2:B5:3E:2C:A5:B3:BE:5C:F1:8E:FE:1B:EF:47:38:0C:53:83 -----BEGIN CERTIFICATE----- -MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY -MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t -dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 -WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD -VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 -9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ -DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 -Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N -QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ -xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G -A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG -kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr -Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 -Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU -JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot -RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw +CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN +MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG +A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC +WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+ +6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B +Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa +qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q +4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw== +-----END CERTIFICATE----- +=== /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 75:8d:fd:8b:ae:7c:07:00:fa:a9:25:a7:e1:c7:ad:14 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Mar 22 00:00:00 2021 GMT + Not After : Mar 21 23:59:59 2046 GMT + Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46 + X509v3 extensions: + X509v3 Subject Key Identifier: + 56:73:58:64:95:F9:92:1A:B0:12:2A:04:62:79:A1:40:15:88:21:49 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=AD:98:F9:F3:E4:7D:75:3B:65:D4:82:B3:A4:52:17:BB:6E:F5:E4:38 +SHA256 Fingerprint=7B:B6:47:A6:2A:EE:AC:88:BF:25:7A:A5:22:D0:1F:FE:A3:95:E0:AB:45:C7:3F:93:F6:56:54:EC:38:F2:5A:06 +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD +Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw +HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY +MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp +YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa +ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz +SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf +iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X +ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3 +IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS +VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE +SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu ++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt +8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L +HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt +zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P +AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ +YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52 +gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA +Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB +JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX +DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui +TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5 +dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65 +LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp +0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY +QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL -----END CERTIFICATE----- ### SecureTrust Corporation @@ -5056,6 +5140,98 @@ CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR ### SSL Corporation +=== /C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 14:03:f5:ab:fb:37:8b:17:40:5b:e2:43:b2:a5:d1:c4 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Aug 25 16:33:48 2022 GMT + Not After : Aug 19 16:33:47 2046 GMT + Subject: C=US, O=SSL Corporation, CN=SSL.com TLS ECC Root CA 2022 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:89:8F:2F:A3:E8:2B:A0:14:54:7B:F3:56:B8:26:5F:67:38:0B:9C:D0 + + X509v3 Subject Key Identifier: + 89:8F:2F:A3:E8:2B:A0:14:54:7B:F3:56:B8:26:5F:67:38:0B:9C:D0 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=9F:5F:D9:1A:54:6D:F5:0C:71:F0:EE:7A:BD:17:49:98:84:73:E2:39 +SHA256 Fingerprint=C3:2F:FD:9F:46:F9:36:D1:6C:36:73:99:09:59:43:4B:9A:D6:0A:AF:BB:9E:7C:F3:36:54:F1:44:CC:1B:A1:43 +-----BEGIN CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT +U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 +MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh +dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm +acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN +SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME +GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW +uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp +15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN +b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== +-----END CERTIFICATE----- +=== /C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6f:be:da:ad:73:bd:08:40:e2:8b:4d:be:d4:f7:5b:91 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Aug 25 16:34:22 2022 GMT + Not After : Aug 19 16:34:21 2046 GMT + Subject: C=US, O=SSL Corporation, CN=SSL.com TLS RSA Root CA 2022 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:FB:2E:37:EE:E3:84:7A:27:2E:CD:19:35:B1:33:7C:FF:D4:44:42:B9 + + X509v3 Subject Key Identifier: + FB:2E:37:EE:E3:84:7A:27:2E:CD:19:35:B1:33:7C:FF:D4:44:42:B9 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=EC:2C:83:40:72:AF:26:95:10:FF:0E:F2:03:EE:31:70:F6:78:9D:CA +SHA256 Fingerprint=8F:AF:7D:2E:2C:B4:70:9B:B8:E0:B3:36:66:BF:75:A5:DD:45:B5:DE:48:0F:8E:A8:D4:BF:E6:BE:BC:17:F2:ED +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD +DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX +DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw +b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP +L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY +t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins +S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3 +PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO +L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3 +R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w +dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS ++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS +d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG +AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f +gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j +BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z +NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM +QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf +R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ +DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW +P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy +lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq +bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w +AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q +r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji +Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU +98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= +-----END CERTIFICATE----- === /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority ECC Certificate: Data: diff --git a/lib/libcrypto/ocsp/ocsp_ht.c b/lib/libcrypto/ocsp/ocsp_ht.c index bf735c72a..69723c215 100644 --- a/lib/libcrypto/ocsp/ocsp_ht.c +++ b/lib/libcrypto/ocsp/ocsp_ht.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_ht.c,v 1.26 2023/07/08 10:44:00 beck Exp $ */ +/* $OpenBSD: ocsp_ht.c,v 1.27 2023/11/28 09:29:20 jsg Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -371,7 +371,7 @@ next_line: rctx->state = OHS_ASN1_HEADER; } - /* FALLTRHOUGH */ + /* FALLTHROUGH */ case OHS_ASN1_HEADER: /* Now reading ASN1 header: can read at least 2 bytes which diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c index 1d6a5a129..e9aca070e 100644 --- a/lib/libssl/tls13_legacy.c +++ b/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.40 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.41 2023/11/28 13:19:04 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -322,8 +322,6 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) memset(&cbb, 0, sizeof(cbb)); - s->method = tls_legacy_method(); - if (!ssl3_setup_init_buffer(s)) goto err; if (!ssl3_setup_buffers(s)) @@ -370,6 +368,12 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; + /* + * Only switch the method after initialization is complete + * as we start part way into the legacy state machine. + */ + s->method = tls_legacy_method(); + return 1; err: diff --git a/regress/lib/libcrypto/evp/evp_test.c b/regress/lib/libcrypto/evp/evp_test.c index eff071fa5..9b6e18eec 100644 --- a/regress/lib/libcrypto/evp/evp_test.c +++ b/regress/lib/libcrypto/evp/evp_test.c @@ -1,6 +1,7 @@ -/* $OpenBSD: evp_test.c,v 1.7 2023/09/29 06:53:05 tb Exp $ */ +/* $OpenBSD: evp_test.c,v 1.9 2023/11/27 22:39:26 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing + * Copyright (c) 2023 Theo Buehler * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,12 +18,13 @@ #include #include +#include +#include #include +#include #include -#include "evp_local.h" - static int evp_asn1_method_test(void) { @@ -404,6 +406,133 @@ evp_pkey_iv_len_test(void) return failure; } +struct do_all_arg { + const char *previous; + int failure; +}; + +static void +evp_do_all_cb_common(const char *descr, const void *ptr, const char *from, + const char *to, struct do_all_arg *arg) +{ + const char *previous = arg->previous; + + assert(from != NULL); + arg->previous = from; + + if (ptr == NULL && to == NULL) { + arg->failure |= 1; + fprintf(stderr, "FAIL: %s %s: method and alias both NULL\n", + descr, from); + } + if (ptr != NULL && to != NULL) { + arg->failure |= 1; + fprintf(stderr, "FAIL: %s %s has method and alias \"%s\"\n", + descr, from, to); + } + + if (previous == NULL) + return; + + if (strcmp(previous, from) >= 0) { + arg->failure |= 1; + fprintf(stderr, "FAIL: %ss %s and %s out of order\n", descr, + previous, from); + } + arg->previous = from; +} + +static void +evp_cipher_do_all_cb(const EVP_CIPHER *cipher, const char *from, const char *to, + void *arg) +{ + evp_do_all_cb_common("cipher", cipher, from, to, arg); +} + +static void +evp_md_do_all_cb(const EVP_MD *md, const char *from, const char *to, void *arg) +{ + evp_do_all_cb_common("digest", md, from, to, arg); +} + +static int +evp_do_all_test(void) +{ + struct do_all_arg arg; + int failure = 0; + + memset(&arg, 0, sizeof(arg)); + /* XXX - replace with EVP_CIPHER_do_all() after next bump. */ + EVP_CIPHER_do_all_sorted(evp_cipher_do_all_cb, &arg); + failure |= arg.failure; + + memset(&arg, 0, sizeof(arg)); + /* XXX - replace with EVP_MD_do_all() after next bump. */ + EVP_MD_do_all_sorted(evp_md_do_all_cb, &arg); + failure |= arg.failure; + + return failure; +} + +static void +evp_cipher_aliases_cb(const EVP_CIPHER *cipher, const char *from, const char *to, + void *arg) +{ + struct do_all_arg *do_all = arg; + const EVP_CIPHER *from_cipher, *to_cipher; + + if (to == NULL) + return; + + from_cipher = EVP_get_cipherbyname(from); + to_cipher = EVP_get_cipherbyname(to); + + if (from_cipher != NULL && from_cipher == to_cipher) + return; + + fprintf(stderr, "FAIL: cipher mismatch from \"%s\" to \"%s\": " + "from: %p, to: %p\n", from, to, from_cipher, to_cipher); + do_all->failure |= 1; +} + +static void +evp_digest_aliases_cb(const EVP_MD *digest, const char *from, const char *to, + void *arg) +{ + struct do_all_arg *do_all = arg; + const EVP_MD *from_digest, *to_digest; + + if (to == NULL) + return; + + from_digest = EVP_get_digestbyname(from); + to_digest = EVP_get_digestbyname(to); + + if (from_digest != NULL && from_digest == to_digest) + return; + + fprintf(stderr, "FAIL: digest mismatch from \"%s\" to \"%s\": " + "from: %p, to: %p\n", from, to, from_digest, to_digest); + do_all->failure |= 1; +} + +static int +evp_aliases_test(void) +{ + struct do_all_arg arg; + int failure = 0; + + memset(&arg, 0, sizeof(arg)); + EVP_CIPHER_do_all(evp_cipher_aliases_cb, &arg); + failure |= arg.failure; + + memset(&arg, 0, sizeof(arg)); + EVP_MD_do_all(evp_digest_aliases_cb, &arg); + failure |= arg.failure; + + return failure; +} + int main(int argc, char **argv) { @@ -412,6 +541,8 @@ main(int argc, char **argv) failed |= evp_asn1_method_test(); failed |= evp_pkey_method_test(); failed |= evp_pkey_iv_len_test(); + failed |= evp_do_all_test(); + failed |= evp_aliases_test(); OPENSSL_cleanup(); diff --git a/sys/arch/amd64/amd64/vmm_support.S b/sys/arch/amd64/amd64/vmm_support.S index 8b4d44bf1..7b7d9f281 100644 --- a/sys/arch/amd64/amd64/vmm_support.S +++ b/sys/arch/amd64/amd64/vmm_support.S @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_support.S,v 1.23 2023/04/14 23:56:57 dv Exp $ */ +/* $OpenBSD: vmm_support.S,v 1.24 2023/11/28 00:17:48 dv Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -129,9 +129,19 @@ ENTRY(vmread) lfence END(vmread) +/* + * Intel SDM Vol 3C, 31.2 defines different "vmfail" types, but there's no + * need to distinguish between CF=1 and ZF=1 for invvpid or invept. + */ ENTRY(invvpid) RETGUARD_SETUP(invvpid, r11) invvpid (%rsi), %rdi + jbe invvpid_fail + xorq %rax, %rax + jmp invvpid_ret +invvpid_fail: + movq $1, %rax +invvpid_ret: RETGUARD_CHECK(invvpid, r11) ret lfence @@ -139,7 +149,13 @@ END(invvpid) ENTRY(invept) RETGUARD_SETUP(invept, r11) - invept (%rsi), %rdi + invept (%rsi), %rdi + jbe invept_fail + xorq %rax, %rax + jmp invept_ret +invept_fail: + movq $1, %rax +invept_ret: RETGUARD_CHECK(invept, r11) ret lfence diff --git a/sys/arch/amd64/include/vmmvar.h b/sys/arch/amd64/include/vmmvar.h index fe55eef96..00471432c 100644 --- a/sys/arch/amd64/include/vmmvar.h +++ b/sys/arch/amd64/include/vmmvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vmmvar.h,v 1.94 2023/09/06 03:35:57 dv Exp $ */ +/* $OpenBSD: vmmvar.h,v 1.95 2023/11/28 00:17:48 dv Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -919,8 +919,8 @@ int vmptrld(paddr_t *); int vmptrst(paddr_t *); int vmwrite(uint64_t, uint64_t); int vmread(uint64_t, uint64_t *); -void invvpid(uint64_t, struct vmx_invvpid_descriptor *); -void invept(uint64_t, struct vmx_invept_descriptor *); +int invvpid(uint64_t, struct vmx_invvpid_descriptor *); +int invept(uint64_t, struct vmx_invept_descriptor *); int vmx_enter_guest(paddr_t *, struct vcpu_gueststate *, int, uint8_t); int svm_enter_guest(uint64_t, struct vcpu_gueststate *, struct region_descriptor *); diff --git a/sys/dev/ic/cac.c b/sys/dev/ic/cac.c index b2f2e24b7..59b103965 100644 --- a/sys/dev/ic/cac.c +++ b/sys/dev/ic/cac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cac.c,v 1.76 2022/04/16 19:19:59 naddy Exp $ */ +/* $OpenBSD: cac.c,v 1.77 2023/11/28 09:29:20 jsg Exp $ */ /* $NetBSD: cac.c,v 1.15 2000/11/08 19:20:35 ad Exp $ */ /* @@ -959,7 +959,7 @@ cac_sensor_refresh(void *arg) break; case BIOC_SVINVALID: - /* FALLTRHOUGH */ + /* FALLTHROUGH */ default: sc->sc_sensors[i].value = 0; /* unknown */ sc->sc_sensors[i].status = SENSOR_S_UNKNOWN; diff --git a/sys/dev/ic/mfi.c b/sys/dev/ic/mfi.c index 8dd9c33a3..1e27a8cc8 100644 --- a/sys/dev/ic/mfi.c +++ b/sys/dev/ic/mfi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mfi.c,v 1.190 2023/07/06 10:17:43 visa Exp $ */ +/* $OpenBSD: mfi.c,v 1.191 2023/11/28 09:29:20 jsg Exp $ */ /* * Copyright (c) 2006 Marco Peereboom * @@ -2506,7 +2506,7 @@ mfi_refresh_sensors(void *arg) break; case BIOC_SVINVALID: - /* FALLTRHOUGH */ + /* FALLTHROUGH */ default: sc->sc_sensors[i].value = 0; /* unknown */ sc->sc_sensors[i].status = SENSOR_S_UNKNOWN; diff --git a/sys/dev/usb/usbdevs b/sys/dev/usb/usbdevs index cb387497e..188fba35a 100644 --- a/sys/dev/usb/usbdevs +++ b/sys/dev/usb/usbdevs @@ -1,4 +1,4 @@ -$OpenBSD: usbdevs,v 1.759 2023/09/09 14:23:37 kevlo Exp $ +$OpenBSD: usbdevs,v 1.760 2023/11/27 20:03:50 miod Exp $ /* $NetBSD: usbdevs,v 1.322 2003/05/10 17:47:14 hamajima Exp $ */ /* @@ -654,6 +654,7 @@ vendor DYNABOOK 0x30f3 Dynabook vendor LINKINSTRUMENTS 0x3195 Link Instruments vendor AEI 0x3334 AEI vendor PQI 0x3538 PQI +vendor RDING 0x3553 RDing TECH vendor DAISY 0x3579 Daisy Technology vendor NI 0x3923 National Instruments vendor MICRONET 0x3980 Micronet Communications @@ -3773,6 +3774,9 @@ product RALINK RT2573_2 0x9021 RT2573 product RATOC REXUSB60 0xb000 USB serial REX-USB60 product RATOC REXUSB60F 0xb020 REX-USB60F +/* RDing TECH products */ +product RDING TEMPER 0xa001 TEMPer sensor + /* Realtek products */ product REALTEK RTL8188ETV 0x0179 RTL8188ETV product REALTEK RTL8188CTV 0x018a RTL8188CTV diff --git a/sys/dev/usb/usbdevs.h b/sys/dev/usb/usbdevs.h index 45c49770b..9a7e68f21 100644 --- a/sys/dev/usb/usbdevs.h +++ b/sys/dev/usb/usbdevs.h @@ -1,10 +1,10 @@ -/* $OpenBSD: usbdevs.h,v 1.771 2023/09/09 14:24:06 kevlo Exp $ */ +/* $OpenBSD: usbdevs.h,v 1.772 2023/11/27 20:04:07 miod Exp $ */ /* * THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: usbdevs,v 1.759 2023/09/09 14:23:37 kevlo Exp + * OpenBSD: usbdevs,v 1.760 2023/11/27 20:03:50 miod Exp */ /* $NetBSD: usbdevs,v 1.322 2003/05/10 17:47:14 hamajima Exp $ */ @@ -661,6 +661,7 @@ #define USB_VENDOR_LINKINSTRUMENTS 0x3195 /* Link Instruments */ #define USB_VENDOR_AEI 0x3334 /* AEI */ #define USB_VENDOR_PQI 0x3538 /* PQI */ +#define USB_VENDOR_RDING 0x3553 /* RDing TECH */ #define USB_VENDOR_DAISY 0x3579 /* Daisy Technology */ #define USB_VENDOR_NI 0x3923 /* National Instruments */ #define USB_VENDOR_MICRONET 0x3980 /* Micronet Communications */ @@ -3780,6 +3781,9 @@ #define USB_PRODUCT_RATOC_REXUSB60 0xb000 /* USB serial REX-USB60 */ #define USB_PRODUCT_RATOC_REXUSB60F 0xb020 /* REX-USB60F */ +/* RDing TECH products */ +#define USB_PRODUCT_RDING_TEMPER 0xa001 /* TEMPer sensor */ + /* Realtek products */ #define USB_PRODUCT_REALTEK_RTL8188ETV 0x0179 /* RTL8188ETV */ #define USB_PRODUCT_REALTEK_RTL8188CTV 0x018a /* RTL8188CTV */ diff --git a/sys/dev/usb/usbdevs_data.h b/sys/dev/usb/usbdevs_data.h index 06674dfd9..3cf210c7e 100644 --- a/sys/dev/usb/usbdevs_data.h +++ b/sys/dev/usb/usbdevs_data.h @@ -1,10 +1,10 @@ -/* $OpenBSD: usbdevs_data.h,v 1.765 2023/09/09 14:24:06 kevlo Exp $ */ +/* $OpenBSD: usbdevs_data.h,v 1.766 2023/11/27 20:04:07 miod Exp $ */ /* * THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: usbdevs,v 1.759 2023/09/09 14:23:37 kevlo Exp + * OpenBSD: usbdevs,v 1.760 2023/11/27 20:03:50 miod Exp */ /* $NetBSD: usbdevs,v 1.322 2003/05/10 17:47:14 hamajima Exp $ */ @@ -9393,6 +9393,10 @@ const struct usb_known_product usb_known_products[] = { USB_VENDOR_RATOC, USB_PRODUCT_RATOC_REXUSB60F, "REX-USB60F", }, + { + USB_VENDOR_RDING, USB_PRODUCT_RDING_TEMPER, + "TEMPer sensor", + }, { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188ETV, "RTL8188ETV", @@ -14725,6 +14729,10 @@ const struct usb_known_vendor usb_known_vendors[] = { USB_VENDOR_PQI, "PQI", }, + { + USB_VENDOR_RDING, + "RDing TECH", + }, { USB_VENDOR_DAISY, "Daisy Technology", diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index bf6d8379e..0a93d28d8 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.199 2023/03/31 12:35:24 jsg Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.200 2023/11/28 09:29:20 jsg Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -718,7 +718,7 @@ uipc_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, name + 1, namelen - 1, oldp, oldlenp, newp, newlen); case NET_UNIX_INFLIGHT: valp = &unp_rights; - /* FALLTHOUGH */ + /* FALLTHROUGH */ case NET_UNIX_DEFERRED: if (namelen != 1) return (ENOTDIR); diff --git a/sys/net/if_etherip.c b/sys/net/if_etherip.c index 5edb5cfed..f0d30b41a 100644 --- a/sys/net/if_etherip.c +++ b/sys/net/if_etherip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_etherip.c,v 1.51 2023/09/16 09:33:27 mpi Exp $ */ +/* $OpenBSD: if_etherip.c,v 1.52 2023/11/28 13:23:20 bluhm Exp $ */ /* * Copyright (c) 2015 Kazuya GODA * @@ -422,11 +422,11 @@ etherip_set_tunnel(struct etherip_softc *sc, struct if_laddrreq *req) IN6_IS_ADDR_MULTICAST(&dst6->sin6_addr)) return (EINVAL); - error = in6_embedscope(&sc->sc_tunnel.t_src6, src6, NULL); + error = in6_embedscope(&sc->sc_tunnel.t_src6, src6, NULL, NULL); if (error != 0) return (error); - error = in6_embedscope(&sc->sc_tunnel.t_dst6, dst6, NULL); + error = in6_embedscope(&sc->sc_tunnel.t_dst6, dst6, NULL, NULL); if (error != 0) return (error); diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 516ee5312..250dbe65b 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gif.c,v 1.133 2021/05/16 15:10:20 deraadt Exp $ */ +/* $OpenBSD: if_gif.c,v 1.134 2023/11/28 13:23:20 bluhm Exp $ */ /* $KAME: if_gif.c,v 1.43 2001/02/20 08:51:07 itojun Exp $ */ /* @@ -687,11 +687,11 @@ gif_set_tunnel(struct gif_softc *sc, struct if_laddrreq *req) if (IN6_IS_ADDR_MULTICAST(&dst6->sin6_addr)) return (EINVAL); - error = in6_embedscope(&tunnel->t_src6, src6, NULL); + error = in6_embedscope(&tunnel->t_src6, src6, NULL, NULL); if (error != 0) return (error); - error = in6_embedscope(&tunnel->t_dst6, dst6, NULL); + error = in6_embedscope(&tunnel->t_dst6, dst6, NULL, NULL); if (error != 0) return (error); diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c index 6204ed40a..830e5c143 100644 --- a/sys/net/if_gre.c +++ b/sys/net/if_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gre.c,v 1.175 2023/10/27 20:56:47 jan Exp $ */ +/* $OpenBSD: if_gre.c,v 1.176 2023/11/28 13:23:20 bluhm Exp $ */ /* $NetBSD: if_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -2379,7 +2379,7 @@ mgre_set_tunnel(struct mgre_softc *sc, struct if_laddrreq *req) IN6_IS_ADDR_MULTICAST(&addr6->sin6_addr)) return (EINVAL); - error = in6_embedscope(&tunnel->t_src6, addr6, NULL); + error = in6_embedscope(&tunnel->t_src6, addr6, NULL, NULL); if (error != 0) return (error); @@ -3122,11 +3122,11 @@ gre_set_tunnel(struct gre_tunnel *tunnel, struct if_laddrreq *req, int ucast) if (src6->sin6_scope_id != dst6->sin6_scope_id) return (EINVAL); - error = in6_embedscope(&tunnel->t_src6, src6, NULL); + error = in6_embedscope(&tunnel->t_src6, src6, NULL, NULL); if (error != 0) return (error); - error = in6_embedscope(&tunnel->t_dst6, dst6, NULL); + error = in6_embedscope(&tunnel->t_dst6, dst6, NULL, NULL); if (error != 0) return (error); @@ -3609,7 +3609,7 @@ nvgre_add_addr(struct nvgre_softc *sc, const struct ifbareq *ifba) if (src6.sin6_scope_id != sin6->sin6_scope_id) return (EADDRNOTAVAIL); - error = in6_embedscope(&endpoint.in6, sin6, NULL); + error = in6_embedscope(&endpoint.in6, sin6, NULL, NULL); if (error != 0) return (error); diff --git a/sys/net/if_vxlan.c b/sys/net/if_vxlan.c index 42d2347a8..3a82ca336 100644 --- a/sys/net/if_vxlan.c +++ b/sys/net/if_vxlan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vxlan.c,v 1.95 2023/11/18 00:23:38 dlg Exp $ */ +/* $OpenBSD: if_vxlan.c,v 1.96 2023/11/28 13:23:20 bluhm Exp $ */ /* * Copyright (c) 2021 David Gwynne @@ -1385,12 +1385,12 @@ vxlan_set_tunnel(struct vxlan_softc *sc, const struct if_laddrreq *req) /* all good */ mode = IN6_IS_ADDR_MULTICAST(&dst6->sin6_addr) ? VXLAN_TMODE_LEARNING : VXLAN_TMODE_P2P; - error = in6_embedscope(&daddr.in6, dst6, NULL); + error = in6_embedscope(&daddr.in6, dst6, NULL, NULL); if (error != 0) return (error); } - error = in6_embedscope(&saddr.in6, src6, NULL); + error = in6_embedscope(&saddr.in6, src6, NULL, NULL); if (error != 0) return (error); @@ -1703,7 +1703,7 @@ vxlan_add_addr(struct vxlan_softc *sc, const struct ifbareq *ifba) if (sin6->sin6_port != htons(0)) return (EADDRNOTAVAIL); - error = in6_embedscope(&endpoint.in6, sin6, NULL); + error = in6_embedscope(&endpoint.in6, sin6, NULL, NULL); if (error != 0) return (error); diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c index 2a7e1d94c..47b9743ec 100644 --- a/sys/net/pfkeyv2_convert.c +++ b/sys/net/pfkeyv2_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_convert.c,v 1.82 2023/10/11 22:13:16 tobhe Exp $ */ +/* $OpenBSD: pfkeyv2_convert.c,v 1.83 2023/11/28 13:23:20 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@keromytis.org) * @@ -484,10 +484,8 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask, #ifdef INET6 case AF_INET6: - in6_embedscope(&src->sin6.sin6_addr, &src->sin6, - NULL); - in6_embedscope(&dst->sin6.sin6_addr, &dst->sin6, - NULL); + in6_embedscope(&src->sin6.sin6_addr, &src->sin6, NULL, NULL); + in6_embedscope(&dst->sin6.sin6_addr, &dst->sin6, NULL, NULL); /* netmask handling */ rt_maskedcopy(&src->sa, &src->sa, &srcmask->sa); diff --git a/sys/net/pipex.c b/sys/net/pipex.c index df2613b75..ea2d206f7 100644 --- a/sys/net/pipex.c +++ b/sys/net/pipex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pipex.c,v 1.149 2023/09/16 09:33:27 mpi Exp $ */ +/* $OpenBSD: pipex.c,v 1.150 2023/11/28 13:23:20 bluhm Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -1920,8 +1920,7 @@ pipex_l2tp_output(struct mbuf *m0, struct pipex_session *session) ip6->ip6_vfc |= IPV6_VERSION; ip6->ip6_nxt = IPPROTO_UDP; ip6->ip6_src = session->local.sin6.sin6_addr; - (void)in6_embedscope(&ip6->ip6_dst, - &session->peer.sin6, NULL); + in6_embedscope(&ip6->ip6_dst, &session->peer.sin6, NULL, NULL); /* ip6->ip6_plen will be filled in ip6_output. */ ip6_send(m0); diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 7118488fd..088d59c48 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.138 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.139 2023/11/28 13:23:20 bluhm Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -136,11 +136,11 @@ struct inpcb { struct ip6_pktopts *inp_outputopts6; /* IP6 options for outgoing packets */ int inp_hops; union { - struct ip_moptions *mou_mo; /* IPv4 multicast options */ - struct ip6_moptions *mou_mo6; /* IPv6 multicast options */ + struct ip_moptions *mou_mo; + struct ip6_moptions *mou_mo6; } inp_mou; -#define inp_moptions inp_mou.mou_mo -#define inp_moptions6 inp_mou.mou_mo6 +#define inp_moptions inp_mou.mou_mo /* [N] IPv4 multicast options */ +#define inp_moptions6 inp_mou.mou_mo6 /* [N] IPv6 multicast options */ u_char inp_seclevel[4]; /* [N] IPsec level of socket */ #define SL_AUTH 0 /* Authentication level */ #define SL_ESP_TRANS 1 /* ESP transport level */ diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index f56caca98..86e4c0d0c 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.99 2023/09/16 09:33:27 mpi Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.100 2023/11/28 13:23:20 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -481,8 +481,8 @@ ipip_output(struct mbuf **mp, struct tdb *tdb) ip6o->ip6_vfc |= IPV6_VERSION; ip6o->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6o)); ip6o->ip6_hlim = ip_defttl; - in6_embedscope(&ip6o->ip6_src, &tdb->tdb_src.sin6, NULL); - in6_embedscope(&ip6o->ip6_dst, &tdb->tdb_dst.sin6, NULL); + in6_embedscope(&ip6o->ip6_src, &tdb->tdb_src.sin6, NULL, NULL); + in6_embedscope(&ip6o->ip6_dst, &tdb->tdb_dst.sin6, NULL, NULL); if (tp == IPVERSION) { /* Save ECN notification */ diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 0b36decfd..2a4aec3e8 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.393 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.394 2023/11/27 20:37:15 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -586,7 +586,7 @@ findpcb: &tdbi->dst, tdbi->proto); } error = ipsp_spd_lookup(m, af, iphlen, IPSP_DIRECTION_IN, - tdb, inp->inp_seclevel, NULL, NULL); + tdb, inp ? inp->inp_seclevel : NULL, NULL, NULL); tdb_unref(tdb); if (error) { tcpstat_inc(tcps_rcvnosec); @@ -4162,7 +4162,8 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) ip->ip_tos = inp->inp_ip.ip_tos; error = ip_output(m, sc->sc_ipopts, &sc->sc_route4, - (ip_mtudisc ? IP_MTUDISC : 0), NULL, inp->inp_seclevel, 0); + (ip_mtudisc ? IP_MTUDISC : 0), NULL, + inp ? inp->inp_seclevel : NULL, 0); break; #ifdef INET6 case AF_INET6: diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 16840fc12..350a6134e 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_usrreq.c,v 1.223 2023/11/16 18:27:48 bluhm Exp $ */ +/* $OpenBSD: tcp_usrreq.c,v 1.224 2023/11/28 13:23:20 bluhm Exp $ */ /* $NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $ */ /* @@ -1154,11 +1154,11 @@ tcp_ident(void *oldp, size_t *oldlenp, void *newp, size_t newlen, int dodrop) #ifdef INET6 case AF_INET6: fin6 = (struct sockaddr_in6 *)&tir.faddr; - error = in6_embedscope(&f6, fin6, NULL); + error = in6_embedscope(&f6, fin6, NULL, NULL); if (error) return EINVAL; /*?*/ lin6 = (struct sockaddr_in6 *)&tir.laddr; - error = in6_embedscope(&l6, lin6, NULL); + error = in6_embedscope(&l6, lin6, NULL, NULL); if (error) return EINVAL; /*?*/ break; diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index c9b4c51ea..f4250a833 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.307 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.309 2023/11/28 13:23:20 bluhm Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -543,7 +543,7 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af) } else tdb = NULL; error = ipsp_spd_lookup(m, af, iphlen, IPSP_DIRECTION_IN, - tdb, inp->inp_seclevel, NULL, NULL); + tdb, inp ? inp->inp_seclevel : NULL, NULL, NULL); if (error) { udpstat_inc(udps_nosec); tdb_unref(tdb); @@ -751,7 +751,7 @@ udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) cmdarg = NULL; /* XXX: translate addresses into internal form */ sa6 = *satosin6(sa); - if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL)) { + if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { /* should be impossible */ return; } @@ -765,14 +765,14 @@ udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) /* XXX: assuming M is valid in this case */ sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, ip6cp->ip6c_finaldst); - if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL)) { + if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL, NULL)) { /* should be impossible */ return; } } else { /* XXX: translate addresses into internal form */ sa6 = *satosin6(sa); - if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL)) { + if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { /* should be impossible */ return; } @@ -798,7 +798,7 @@ udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) sa6_src.sin6_addr = ip6->ip6_src; sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, &ip6->ip6_src); - if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL)) { + if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL, NULL)) { /* should be impossible */ return; } diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 868f3f5d7..aece612d0 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.c,v 1.249 2023/09/16 09:33:27 mpi Exp $ */ +/* $OpenBSD: icmp6.c,v 1.250 2023/11/28 13:23:20 bluhm Exp $ */ /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ /* @@ -910,7 +910,8 @@ icmp6_notify_error(struct mbuf *m, int off, int icmp6len, int code) icmp6dst.sin6_addr = *finaldst; icmp6dst.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, &icmp6dst.sin6_addr); - if (in6_embedscope(&icmp6dst.sin6_addr, &icmp6dst, NULL)) { + if (in6_embedscope(&icmp6dst.sin6_addr, &icmp6dst, + NULL, NULL)) { /* should be impossible */ nd6log((LOG_DEBUG, "icmp6_notify_error: in6_embedscope failed\n")); @@ -927,7 +928,8 @@ icmp6_notify_error(struct mbuf *m, int off, int icmp6len, int code) icmp6src.sin6_addr = eip6->ip6_src; icmp6src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, &icmp6src.sin6_addr); - if (in6_embedscope(&icmp6src.sin6_addr, &icmp6src, NULL)) { + if (in6_embedscope(&icmp6src.sin6_addr, &icmp6src, + NULL, NULL)) { /* should be impossible */ nd6log((LOG_DEBUG, "icmp6_notify_error: in6_embedscope failed\n")); diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h index 1a022f4c2..936ef6c94 100644 --- a/sys/netinet6/in6.h +++ b/sys/netinet6/in6.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in6.h,v 1.110 2023/11/10 20:05:23 bluhm Exp $ */ +/* $OpenBSD: in6.h,v 1.111 2023/11/28 13:23:20 bluhm Exp $ */ /* $KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $ */ /* @@ -427,10 +427,11 @@ int in6_mask2len(struct in6_addr *, u_char *); int in6_nam2sin6(const struct mbuf *, struct sockaddr_in6 **); int in6_sa2sin6(struct sockaddr *, struct sockaddr_in6 **); -struct inpcb; +struct ip6_pktopts; +struct ip6_moptions; int in6_embedscope(struct in6_addr *, const struct sockaddr_in6 *, - struct inpcb *); + const struct ip6_pktopts *, const struct ip6_moptions *); void in6_recoverscope(struct sockaddr_in6 *, const struct in6_addr *); void in6_clearscope(struct in6_addr *); diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 5feb33c82..dc7e61448 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_pcb.c,v 1.124 2023/06/24 20:54:46 bluhm Exp $ */ +/* $OpenBSD: in6_pcb.c,v 1.125 2023/11/28 13:23:20 bluhm Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -157,7 +157,8 @@ in6_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild, wild |= INPLOOKUP_IPV6; /* KAME hack: embed scopeid */ - if (in6_embedscope(&sin6->sin6_addr, sin6, inp) != 0) + if (in6_embedscope(&sin6->sin6_addr, sin6, + inp->inp_outputopts6, inp->inp_moptions6) != 0) return (EINVAL); /* this must be cleared for ifa_ifwithaddr() */ sin6->sin6_scope_id = 0; @@ -265,8 +266,9 @@ in6_pcbconnect(struct inpcb *inp, struct mbuf *nam) sin6 = &tmp; /* KAME hack: embed scopeid */ - if (in6_embedscope(&sin6->sin6_addr, sin6, inp) != 0) - return EINVAL; + if (in6_embedscope(&sin6->sin6_addr, sin6, + inp->inp_outputopts6, inp->inp_moptions6) != 0) + return (EINVAL); /* this must be cleared for ifa_ifwithaddr() */ sin6->sin6_scope_id = 0; diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c index 3825e5e45..a3741c089 100644 --- a/sys/netinet6/in6_src.c +++ b/sys/netinet6/in6_src.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_src.c,v 1.86 2022/02/22 01:15:02 guenther Exp $ */ +/* $OpenBSD: in6_src.c,v 1.87 2023/11/28 13:23:20 bluhm Exp $ */ /* $KAME: in6_src.c,v 1.36 2001/02/06 04:08:17 itojun Exp $ */ /* @@ -447,13 +447,11 @@ in6_selecthlim(struct inpcb *in6p) */ int in6_embedscope(struct in6_addr *in6, const struct sockaddr_in6 *sin6, - struct inpcb *in6p) + const struct ip6_pktopts *outputopts6, const struct ip6_moptions *moptions6) { - struct ifnet *ifp = NULL; u_int32_t scopeid; *in6 = sin6->sin6_addr; - scopeid = sin6->sin6_scope_id; /* * don't try to read sin6->sin6_addr beyond here, since the caller may @@ -467,25 +465,25 @@ in6_embedscope(struct in6_addr *in6, const struct sockaddr_in6 *sin6, * KAME assumption: link id == interface id */ - if (in6p && in6p->inp_outputopts6 && - (pi = in6p->inp_outputopts6->ip6po_pktinfo) && - pi->ipi6_ifindex) { - ifp = if_get(pi->ipi6_ifindex); - if (ifp == NULL) - return ENXIO; /* XXX EINVAL? */ - in6->s6_addr16[1] = htons(pi->ipi6_ifindex); - } else if (in6p && IN6_IS_ADDR_MULTICAST(in6) && - in6p->inp_moptions6 && - (ifp = if_get(in6p->inp_moptions6->im6o_ifidx))) { - in6->s6_addr16[1] = htons(ifp->if_index); - } else if (scopeid) { + if (outputopts6 && (pi = outputopts6->ip6po_pktinfo) && + pi->ipi6_ifindex) + scopeid = pi->ipi6_ifindex; + else if (moptions6 && IN6_IS_ADDR_MULTICAST(in6) && + moptions6->im6o_ifidx) + scopeid = moptions6->im6o_ifidx; + else + scopeid = sin6->sin6_scope_id; + + if (scopeid) { + struct ifnet *ifp; + ifp = if_get(scopeid); if (ifp == NULL) return ENXIO; /* XXX EINVAL? */ /*XXX assignment to 16bit from 32bit variable */ in6->s6_addr16[1] = htons(scopeid & 0xffff); + if_put(ifp); } - if_put(ifp); } return 0; diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index df8fecdc9..96e0bea3b 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.280 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.281 2023/11/28 13:23:20 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -2808,7 +2808,7 @@ ip6_output_ipsec_pmtu_update(struct tdb *tdb, struct route_in6 *ro, sin6.sin6_len = sizeof(sin6); sin6.sin6_addr = *dst; sin6.sin6_scope_id = in6_addr2scopeid(ifidx, dst); - error = in6_embedscope(dst, &sin6, NULL); + error = in6_embedscope(dst, &sin6, NULL, NULL); if (error) { /* should be impossible */ return error; diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index e4ff18189..0a91302e4 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip6.c,v 1.174 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: raw_ip6.c,v 1.175 2023/11/28 13:23:20 bluhm Exp $ */ /* $KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $ */ /* @@ -384,7 +384,7 @@ rip6_output(struct mbuf *m, struct socket *so, struct sockaddr *dstaddr, struct inpcb *in6p; u_int plen = m->m_pkthdr.len; int error = 0; - struct ip6_pktopts opt, *optp = NULL, *origoptp; + struct ip6_pktopts opt, *optp = NULL; int type; /* for ICMPv6 output statistics only */ int priv = 0; int flags; @@ -441,13 +441,11 @@ rip6_output(struct mbuf *m, struct socket *so, struct sockaddr *dstaddr, ip6->ip6_dst = *dst; /* KAME hack: embed scopeid */ - origoptp = in6p->inp_outputopts6; - in6p->inp_outputopts6 = optp; - if (in6_embedscope(&ip6->ip6_dst, satosin6(dstaddr), in6p) != 0) { + if (in6_embedscope(&ip6->ip6_dst, satosin6(dstaddr), + optp, in6p->inp_moptions6) != 0) { error = EINVAL; goto bad; } - in6p->inp_outputopts6 = origoptp; /* * Source address selection. diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c index 15f7ad06a..876b9b753 100644 --- a/sys/netinet6/udp6_output.c +++ b/sys/netinet6/udp6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp6_output.c,v 1.60 2023/11/26 22:08:10 bluhm Exp $ */ +/* $OpenBSD: udp6_output.c,v 1.61 2023/11/28 13:23:20 bluhm Exp $ */ /* $KAME: udp6_output.c,v 1.21 2001/02/07 11:51:54 itojun Exp $ */ /* @@ -143,7 +143,8 @@ udp6_output(struct inpcb *in6p, struct mbuf *m, struct mbuf *addr6, fport = sin6->sin6_port; /* allow 0 port */ /* KAME hack: embed scopeid */ - if (in6_embedscope(&sin6->sin6_addr, sin6, in6p) != 0) { + if (in6_embedscope(&sin6->sin6_addr, sin6, + in6p->inp_outputopts6, in6p->inp_moptions6) != 0) { error = EINVAL; goto release; }