This commit is contained in:
purplerain 2023-06-29 10:53:26 +00:00
parent 905ea23f06
commit 91df569df5
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
32 changed files with 393 additions and 395 deletions

View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.132 2023/06/25 19:29:30 tb Exp $
# $OpenBSD: Makefile,v 1.133 2023/06/29 06:12:04 tb Exp $
LIB= crypto
LIBREBUILD=y
@ -18,7 +18,7 @@ CFLAGS+= -Wall -Wundef
.if ${COMPILER_VERSION:L} == "clang"
CFLAGS+= -Werror -Wshadow
.endif
CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL
CFLAGS+= -DLIBRESSL_INTERNAL
.ifdef NAMESPACE
CFLAGS+= -DLIBRESSL_NAMESPACE -DLIBRESSL_CRYPTO_NAMESPACE
.endif

View File

@ -1,4 +1,4 @@
/* $OpenBSD: names.c,v 1.16 2022/11/26 16:08:52 tb Exp $ */
/* $OpenBSD: names.c,v 1.17 2023/06/29 06:11:33 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -64,6 +64,9 @@
#include "evp_local.h"
extern int obj_cleanup_defer;
void check_defer(int nid);
int
EVP_add_cipher(const EVP_CIPHER *c)
{

View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EC_GROUP_copy.3,v 1.13 2022/07/02 17:09:09 jsing Exp $
.\" $OpenBSD: EC_GROUP_copy.3,v 1.14 2023/06/28 18:07:07 tb Exp $
.\" full merge up to: OpenSSL d900a015 Oct 8 14:40:42 2015 +0200
.\" selective merge up to: OpenSSL 24c23e1f Aug 22 10:51:25 2019 +0530
.\"
@ -51,7 +51,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 2 2022 $
.Dd $Mdocdate: June 28 2023 $
.Dt EC_GROUP_COPY 3
.Os
.Sh NAME
@ -76,9 +76,7 @@
.Nm EC_GROUP_check ,
.Nm EC_GROUP_check_discriminant ,
.Nm EC_GROUP_cmp ,
.Nm EC_GROUP_get_basis_type ,
.Nm EC_GROUP_get_trinomial_basis ,
.Nm EC_GROUP_get_pentanomial_basis
.Nm EC_GROUP_get_basis_type
.Nd manipulate EC_GROUP objects
.Sh SYNOPSIS
.In openssl/ec.h
@ -188,18 +186,6 @@
.Fo EC_GROUP_get_basis_type
.Fa "const EC_GROUP *"
.Fc
.Ft int
.Fo EC_GROUP_get_trinomial_basis
.Fa "const EC_GROUP *"
.Fa "unsigned int *k"
.Fc
.Ft int
.Fo EC_GROUP_get_pentanomial_basis
.Fa "const EC_GROUP *"
.Fa "unsigned int *k1"
.Fa "unsigned int *k2"
.Fa "unsigned int *k3"
.Fc
.Sh DESCRIPTION
These functions operate on
.Vt EC_GROUP
@ -398,48 +384,15 @@ and
.Fa b
to determine whether they represent the same curve or not.
.Pp
The functions
.Fn EC_GROUP_get_basis_type ,
.Fn EC_GROUP_get_trinomial_basis ,
and
.Fn EC_GROUP_get_pentanomial_basis
should only be called for curves defined over an F2^m field.
Addition and multiplication operations within an F2^m field are
performed using an irreducible polynomial function f(x).
This function is either a trinomial of the form:
.Pp
.Dl f(x) = x^m + x^k + 1 with m > k >= 1
.Pp
or a pentanomial of the form:
.Pp
.Dl f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1
.Pp
The function
.Fn EC_GROUP_get_basis_type
returns a NID identifying whether a trinomial or pentanomial is in
use for the field.
The function
.Fn EC_GROUP_get_trinomial_basis
must only be called where f(x) is of the trinomial form, and returns
the value of
.Fa k .
Similarly, the function
.Fn EC_GROUP_get_pentanomial_basis
must only be called where f(x) is of the pentanomial form, and
returns the values of
.Fa k1 ,
.Fa k2 ,
and
.Fa k3 .
always returns 0 and is only provided for compatibility.
.Sh RETURN VALUES
The following functions return 1 on success or 0 on error:
.Fn EC_GROUP_copy ,
.Fn EC_GROUP_set_generator ,
.Fn EC_GROUP_check ,
.Fn EC_GROUP_check_discriminant ,
.Fn EC_GROUP_get_trinomial_basis ,
and
.Fn EC_GROUP_get_pentanomial_basis .
.Fn EC_GROUP_check_discriminant .
.Pp
.Fn EC_GROUP_dup
returns a pointer to the duplicated curve or
@ -516,14 +469,7 @@ returns 0 if the curves are equal, 1 if they are not equal,
or -1 on error.
.Pp
.Fn EC_GROUP_get_basis_type
returns the values
.Dv NID_X9_62_tpBasis
or
.Dv NID_X9_62_ppBasis
as defined in
.In openssl/objects.h
for a trinomial or pentanomial, respectively.
Alternatively in the event of an error a 0 is returned.
always returns 0.
.Sh SEE ALSO
.Xr d2i_ECPKParameters 3 ,
.Xr EC_GFp_simple_method 3 ,
@ -556,11 +502,9 @@ first appeared in OpenSSL 0.9.7 and have been available since
.Fn EC_GROUP_check ,
.Fn EC_GROUP_check_discriminant ,
.Fn EC_GROUP_cmp ,
.Fn EC_GROUP_get_basis_type ,
.Fn EC_GROUP_get_trinomial_basis ,
and
.Fn EC_GROUP_get_pentanomial_basis
first appeared in OpenSSL 0.9.8 and has been available since
.Fn EC_GROUP_get_basis_type
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .
.Pp
.Fn EC_GROUP_order_bits

View File

@ -1,4 +1,4 @@
/* $OpenBSD: objects.h,v 1.21 2022/11/13 14:03:13 tb Exp $ */
/* $OpenBSD: objects.h,v 1.22 2023/06/29 06:11:33 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -142,11 +142,6 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
void OBJ_sigid_free(void);
#if defined(LIBRESSL_CRYPTO_INTERNAL)
extern int obj_cleanup_defer;
void check_defer(int nid);
#endif
void ERR_load_OBJ_strings(void);
/* Error codes for the OBJ functions. */

View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.33 2023/06/20 12:52:32 job Exp $
# $OpenBSD: Makefile.inc,v 1.34 2023/06/29 10:29:18 tb Exp $
.PATH: ${.CURDIR}/../../../../usr.sbin/rpki-client
@ -25,7 +25,7 @@ DPADD+= ${LIBCRYPTO} ${LIBUTIL}
CLEANFILES+= *.out *.err *.txt
SRCS_test-ip += test-ip.c ip.c io.c encoding.c print.c x509.c \
log.c validate.c as.c cert.c cms.c crl.c mft.c json.c
validate.c as.c cert.c cms.c crl.c mft.c json.c
run-regress-test-ip: test-ip
./test-ip
@ -34,55 +34,55 @@ TALARGS += ta/apnic-rpki-root-iana-origin.cer tal/apnic.tal
TALARGS += ta/ripe-ncc-ta.cer tal/ripe.tal
SRCS_test-cert+= test-cert.c cert.c cms.c crl.c x509.c ip.c as.c io.c \
log.c tal.c validate.c encoding.c print.c mft.c json.c
tal.c validate.c encoding.c print.c mft.c json.c
run-regress-test-cert: test-cert
./test-cert -v ${.CURDIR}/../cer/*.cer
./test-cert -vt ${TALARGS:S,,${.CURDIR}/../&,}
SRCS_test-mft+= test-mft.c mft.c crl.c cms.c x509.c ip.c io.c log.c validate.c \
SRCS_test-mft+= test-mft.c mft.c crl.c cms.c x509.c ip.c io.c validate.c \
encoding.c print.c json.c cert.c as.c
run-regress-test-mft: test-mft
./test-mft -v ${.CURDIR}/../mft/*.mft
SRCS_test-roa+= test-roa.c roa.c cms.c x509.c ip.c as.c io.c log.c json.c \
SRCS_test-roa+= test-roa.c roa.c cms.c x509.c ip.c as.c io.c json.c \
encoding.c print.c validate.c cert.c crl.c mft.c repo-dummy.c
run-regress-test-roa: test-roa
./test-roa -v ${.CURDIR}/../roa/*.roa
SRCS_test-rsc+= test-rsc.c rsc.c cms.c x509.c ip.c as.c io.c log.c \
SRCS_test-rsc+= test-rsc.c rsc.c cms.c x509.c ip.c as.c io.c \
encoding.c print.c validate.c cert.c crl.c mft.c json.c
run-regress-test-rsc: test-rsc
./test-rsc -v ${.CURDIR}/../rsc/*.sig
SRCS_test-gbr+= test-gbr.c gbr.c cms.c crl.c x509.c ip.c io.c log.c \
SRCS_test-gbr+= test-gbr.c gbr.c cms.c crl.c x509.c ip.c io.c \
encoding.c print.c validate.c as.c cert.c mft.c json.c
run-regress-test-gbr: test-gbr
./test-gbr -v ${.CURDIR}/../gbr/*.gbr
SRCS_test-geofeed+= test-geofeed.c geofeed.c cms.c x509.c ip.c io.c log.c \
SRCS_test-geofeed+= test-geofeed.c geofeed.c cms.c x509.c ip.c io.c \
encoding.c print.c validate.c as.c cert.c crl.c mft.c json.c
run-regress-test-geofeed: test-geofeed
./test-geofeed -v ${.CURDIR}/../geofeed/*.csv
SRCS_test-tal+= test-tal.c tal.c ip.c io.c log.c validate.c cms.c \
SRCS_test-tal+= test-tal.c tal.c ip.c io.c validate.c cms.c \
encoding.c print.c crl.c x509.c json.c cert.c as.c mft.c
run-regress-test-tal: test-tal
./test-tal -v ${.CURDIR}/../tal/*.tal
SRCS_test-aspa+= test-aspa.c aspa.c cms.c x509.c ip.c as.c io.c log.c \
SRCS_test-aspa+= test-aspa.c aspa.c cms.c x509.c ip.c as.c io.c \
encoding.c print.c validate.c cert.c crl.c mft.c repo-dummy.c \
json.c
run-regress-test-aspa: test-aspa
./test-aspa -v ${.CURDIR}/../aspa/*.asa
SRCS_test-tak+= test-tak.c tak.c cms.c x509.c ip.c as.c io.c log.c \
SRCS_test-tak+= test-tak.c tak.c cms.c x509.c ip.c as.c io.c \
encoding.c print.c validate.c cert.c crl.c mft.c json.c
run-regress-test-tak: test-tak
./test-tak -v ${.CURDIR}/../tak/*.tak
SRCS_test-rrdp+= test-rrdp.c rrdp_delta.c rrdp_notification.c cms.c \
rrdp_snapshot.c rrdp_util.c cert.c as.c mft.c io.c \
log.c encoding.c ip.c validate.c crl.c x509.c
encoding.c ip.c validate.c crl.c x509.c
LDADD_test-rrdp+= -lexpat ${LDADD}
DPADD_test-rrdp+= ${LIBEXPAT} ${DPADD}
run-regress-test-rrdp: test-rrdp

View File

@ -1,4 +1,4 @@
$OpenBSD: pcidevs,v 1.2040 2023/06/27 15:30:25 stsp Exp $
$OpenBSD: pcidevs,v 1.2041 2023/06/29 07:58:15 jsg Exp $
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
/*
@ -5611,7 +5611,9 @@ product INTEL ADL_HX_HB_2 0x463b Core 12G Host
product INTEL ADL_PCIE_1 0x463d Core 12G PCIE
product INTEL ADL_TBT_DMA0 0x463e Core 12G TBT
product INTEL ADL_TBT_PCIE1 0x463f Core 12G PCIE
product INTEL RPL_S_HB_1 0x4640 Core 13G Host
product INTEL ADL_HP_HB_1 0x4641 Core 12G Host
product INTEL RPL_HX_HB_1 0x4647 Core 13G Host
product INTEL ADL_S_HB_3 0x4648 Core 12G Host
product INTEL ADL_H_HB_1 0x4649 Core 12G Host
product INTEL ADL_S_PCIE_3 0x464d Core 12G PCIE
@ -5829,6 +5831,7 @@ product INTEL EP80579_LAN_5 0x5045 EP80579 LAN
product INTEL EP80579_LAN_3 0x5048 EP80579 LAN
product INTEL EP80579_LAN_6 0x5049 EP80579 LAN
product INTEL 600SERIES_LP_ESPI 0x5182 600 Series eSPI
product INTEL 700SERIES_LP_ESPI 0x519d 700 Series eSPI
product INTEL 600SERIES_LP_P2SB 0x51a0 600 Series P2SB
product INTEL 600SERIES_LP_PMC 0x51a1 600 Series PMC
product INTEL 600SERIES_LP_SMB 0x51a3 600 Series SMBus
@ -5854,6 +5857,7 @@ product INTEL 600SERIES_LP_I2C_0 0x51c5 600 Series I2C
product INTEL 600SERIES_LP_I2C_1 0x51c6 600 Series I2C
product INTEL 600SERIES_LP_UART_2 0x51c7 600 Series UART
product INTEL 600SERIES_LP_HDA 0x51c8 600 Series HD Audio
product INTEL 700SERIES_LP_HDA 0x51ca 700 Series HD Audio
product INTEL 600SERIES_LP_THC_0 0x51d0 600 Series THC
product INTEL 600SERIES_LP_THC_1 0x51d1 600 Series THC
product INTEL 600SERIES_LP_AHCI 0x51d3 600 Series AHCI
@ -6930,8 +6934,37 @@ product INTEL 400SERIES_V_PCIE_20 0xa3ea 400 Series PCIE
product INTEL 400SERIES_V_PCIE_21 0xa3eb 400 Series PCIE
product INTEL 400SERIES_V_PCIE_22 0xa3ec 400 Series PCIE
product INTEL 400SERIES_V_PCIE_23 0xa3ed 400 Series PCIE
product INTEL RPL_S_HB_2 0xa700 Core 13G Host
product INTEL RPL_HX_HB_2 0xa702 Core 13G Host
product INTEL RPL_S_HB_3 0xa703 Core 13G Host
product INTEL RPL_S_HB_4 0xa704 Core 13G Host
product INTEL RPL_S_HB_5 0xa705 Core 13G Host
product INTEL RPL_H_HB_1 0xa706 Core 13G Host
product INTEL RPL_H_HB_2 0xa707 Core 13G Host
product INTEL RPL_U_HB_1 0xa708 Core 13G Host
product INTEL RPL_PCIE_1 0xa70d Core 13G PCIE
product INTEL RPL_H_HB_3 0xa716 Core 13G Host
product INTEL RPL_HX_HB_3 0xa719 Core 13G Host
product INTEL RPL_U_HB_2 0xa71b Core 13G Host
product INTEL RPL_U_HB_3 0xa71c Core 13G Host
product INTEL RPL_DTT 0xa71d Core 13G DTT
product INTEL RPL_XHCI 0xa71e Core 13G xHCI
product INTEL RPL_P_GT_1 0xa720 Graphics
product INTEL RPL_P_GT_2 0xa721 Graphics
product INTEL RPL_HX_HB_4 0xa728 Core 13G Host
product INTEL RPL_HX_HB_5 0xa729 Core 13G Host
product INTEL RPL_HX_HB_6 0xa72a Core 13G Host
product INTEL RPL_PCIE_2 0xa72d Core 13G PCIE
product INTEL RPL_TBT_PCIE2 0xa72f Core 13G PCIE
product INTEL RPL_TBT_DMA0 0xa73e Core 13G TBT
product INTEL RPL_PCIE_3 0xa74d Core 13G PCIE
product INTEL RPL_GNA 0xa74f Core 13G GNA
product INTEL RPL_IPU 0xa75d Core 13G IPU
product INTEL RPL_TBT_DMA1 0xa76d Core 13G TBT
product INTEL RPL_TBT_PCIE0 0xa76e Core 13G PCIE
product INTEL RPL_TH 0xa76f Core 13G TH
product INTEL RPL_CL 0xa77d Core 13G CL
product INTEL RPL_VMD 0xa77f Core 13G VMD
product INTEL RPL_S_GT_1 0xa780 Graphics
product INTEL RPL_S_GT_2 0xa781 Graphics
product INTEL RPL_S_GT_3 0xa782 Graphics

View File

@ -2,7 +2,7 @@
* THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT.
*
* generated from:
* OpenBSD: pcidevs,v 1.2040 2023/06/27 15:30:25 stsp Exp
* OpenBSD: pcidevs,v 1.2041 2023/06/29 07:58:15 jsg Exp
*/
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
@ -5616,7 +5616,9 @@
#define PCI_PRODUCT_INTEL_ADL_PCIE_1 0x463d /* Core 12G PCIE */
#define PCI_PRODUCT_INTEL_ADL_TBT_DMA0 0x463e /* Core 12G TBT */
#define PCI_PRODUCT_INTEL_ADL_TBT_PCIE1 0x463f /* Core 12G PCIE */
#define PCI_PRODUCT_INTEL_RPL_S_HB_1 0x4640 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_ADL_HP_HB_1 0x4641 /* Core 12G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_1 0x4647 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_ADL_S_HB_3 0x4648 /* Core 12G Host */
#define PCI_PRODUCT_INTEL_ADL_H_HB_1 0x4649 /* Core 12G Host */
#define PCI_PRODUCT_INTEL_ADL_S_PCIE_3 0x464d /* Core 12G PCIE */
@ -5834,6 +5836,7 @@
#define PCI_PRODUCT_INTEL_EP80579_LAN_3 0x5048 /* EP80579 LAN */
#define PCI_PRODUCT_INTEL_EP80579_LAN_6 0x5049 /* EP80579 LAN */
#define PCI_PRODUCT_INTEL_600SERIES_LP_ESPI 0x5182 /* 600 Series eSPI */
#define PCI_PRODUCT_INTEL_700SERIES_LP_ESPI 0x519d /* 700 Series eSPI */
#define PCI_PRODUCT_INTEL_600SERIES_LP_P2SB 0x51a0 /* 600 Series P2SB */
#define PCI_PRODUCT_INTEL_600SERIES_LP_PMC 0x51a1 /* 600 Series PMC */
#define PCI_PRODUCT_INTEL_600SERIES_LP_SMB 0x51a3 /* 600 Series SMBus */
@ -5859,6 +5862,7 @@
#define PCI_PRODUCT_INTEL_600SERIES_LP_I2C_1 0x51c6 /* 600 Series I2C */
#define PCI_PRODUCT_INTEL_600SERIES_LP_UART_2 0x51c7 /* 600 Series UART */
#define PCI_PRODUCT_INTEL_600SERIES_LP_HDA 0x51c8 /* 600 Series HD Audio */
#define PCI_PRODUCT_INTEL_700SERIES_LP_HDA 0x51ca /* 700 Series HD Audio */
#define PCI_PRODUCT_INTEL_600SERIES_LP_THC_0 0x51d0 /* 600 Series THC */
#define PCI_PRODUCT_INTEL_600SERIES_LP_THC_1 0x51d1 /* 600 Series THC */
#define PCI_PRODUCT_INTEL_600SERIES_LP_AHCI 0x51d3 /* 600 Series AHCI */
@ -6935,8 +6939,37 @@
#define PCI_PRODUCT_INTEL_400SERIES_V_PCIE_21 0xa3eb /* 400 Series PCIE */
#define PCI_PRODUCT_INTEL_400SERIES_V_PCIE_22 0xa3ec /* 400 Series PCIE */
#define PCI_PRODUCT_INTEL_400SERIES_V_PCIE_23 0xa3ed /* 400 Series PCIE */
#define PCI_PRODUCT_INTEL_RPL_S_HB_2 0xa700 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_2 0xa702 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_S_HB_3 0xa703 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_S_HB_4 0xa704 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_S_HB_5 0xa705 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_H_HB_1 0xa706 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_H_HB_2 0xa707 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_U_HB_1 0xa708 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_PCIE_1 0xa70d /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_H_HB_3 0xa716 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_3 0xa719 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_U_HB_2 0xa71b /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_U_HB_3 0xa71c /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_DTT 0xa71d /* Core 13G DTT */
#define PCI_PRODUCT_INTEL_RPL_XHCI 0xa71e /* Core 13G xHCI */
#define PCI_PRODUCT_INTEL_RPL_P_GT_1 0xa720 /* Graphics */
#define PCI_PRODUCT_INTEL_RPL_P_GT_2 0xa721 /* Graphics */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_4 0xa728 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_5 0xa729 /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_HX_HB_6 0xa72a /* Core 13G Host */
#define PCI_PRODUCT_INTEL_RPL_PCIE_2 0xa72d /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_TBT_PCIE2 0xa72f /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_TBT_DMA0 0xa73e /* Core 13G TBT */
#define PCI_PRODUCT_INTEL_RPL_PCIE_3 0xa74d /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_GNA 0xa74f /* Core 13G GNA */
#define PCI_PRODUCT_INTEL_RPL_IPU 0xa75d /* Core 13G IPU */
#define PCI_PRODUCT_INTEL_RPL_TBT_DMA1 0xa76d /* Core 13G TBT */
#define PCI_PRODUCT_INTEL_RPL_TBT_PCIE0 0xa76e /* Core 13G PCIE */
#define PCI_PRODUCT_INTEL_RPL_TH 0xa76f /* Core 13G TH */
#define PCI_PRODUCT_INTEL_RPL_CL 0xa77d /* Core 13G CL */
#define PCI_PRODUCT_INTEL_RPL_VMD 0xa77f /* Core 13G VMD */
#define PCI_PRODUCT_INTEL_RPL_S_GT_1 0xa780 /* Graphics */
#define PCI_PRODUCT_INTEL_RPL_S_GT_2 0xa781 /* Graphics */
#define PCI_PRODUCT_INTEL_RPL_S_GT_3 0xa782 /* Graphics */

View File

@ -2,7 +2,7 @@
* THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT.
*
* generated from:
* OpenBSD: pcidevs,v 1.2040 2023/06/27 15:30:25 stsp Exp
* OpenBSD: pcidevs,v 1.2041 2023/06/29 07:58:15 jsg Exp
*/
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
@ -19819,10 +19819,18 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_ADL_TBT_PCIE1,
"Core 12G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_1,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_ADL_HP_HB_1,
"Core 12G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_1,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_ADL_S_HB_3,
"Core 12G Host",
@ -20691,6 +20699,10 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_ESPI,
"600 Series eSPI",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_700SERIES_LP_ESPI,
"700 Series eSPI",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_P2SB,
"600 Series P2SB",
@ -20791,6 +20803,10 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_HDA,
"600 Series HD Audio",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_700SERIES_LP_HDA,
"700 Series HD Audio",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_THC_0,
"600 Series THC",
@ -25095,6 +25111,66 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_400SERIES_V_PCIE_23,
"400 Series PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_2,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_2,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_3,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_4,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_HB_5,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_H_HB_1,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_H_HB_2,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_HB_1,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_PCIE_1,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_H_HB_3,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_3,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_HB_2,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_HB_3,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_DTT,
"Core 13G DTT",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_XHCI,
"Core 13G xHCI",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_1,
"Graphics",
@ -25103,6 +25179,62 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_2,
"Graphics",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_4,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_5,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_HX_HB_6,
"Core 13G Host",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_PCIE_2,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TBT_PCIE2,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TBT_DMA0,
"Core 13G TBT",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_PCIE_3,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_GNA,
"Core 13G GNA",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_IPU,
"Core 13G IPU",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TBT_DMA1,
"Core 13G TBT",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TBT_PCIE0,
"Core 13G PCIE",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_TH,
"Core 13G TH",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_CL,
"Core 13G CL",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_VMD,
"Core 13G VMD",
},
{
PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_GT_1,
"Graphics",

View File

@ -1,4 +1,4 @@
/* $OpenBSD: pf_ioctl.c,v 1.409 2023/06/28 15:36:08 kn Exp $ */
/* $OpenBSD: pf_ioctl.c,v 1.410 2023/06/28 21:33:35 sashan Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@ -1506,11 +1506,15 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
int i;
t = pf_find_trans(minor(dev), pr->ticket);
if (t == NULL)
return (ENXIO);
if (t == NULL) {
error = ENXIO;
goto fail;
}
KASSERT(t->pft_unit == minor(dev));
if (t->pft_type != PF_TRANS_GETRULE)
return (EINVAL);
if (t->pft_type != PF_TRANS_GETRULE) {
error = EINVAL;
goto fail;
}
NET_LOCK();
PF_LOCK();

View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.35 2021/02/16 16:27:34 naddy Exp $
# $OpenBSD: Makefile,v 1.37 2023/06/28 17:36:51 op Exp $
# Define SMALL to disable command line editing and some other features,
# NOSSL to disable https support.

View File

@ -1,4 +1,4 @@
/* $OpenBSD: fetch.c,v 1.215 2023/06/28 11:07:28 op Exp $ */
/* $OpenBSD: fetch.c,v 1.216 2023/06/28 17:35:06 op Exp $ */
/* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */
/*-
@ -891,7 +891,6 @@ noslash:
if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) {
cp += sizeof(CONTENTLEN) - 1;
cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
filesize = strtonum(cp, 0, LLONG_MAX, &errstr);
if (errstr != NULL)
goto improper;
@ -964,10 +963,8 @@ noslash:
#define RETRYAFTER "Retry-After:"
} else if (isunavail &&
strncasecmp(cp, RETRYAFTER, sizeof(RETRYAFTER) - 1) == 0) {
size_t s;
cp += sizeof(RETRYAFTER) - 1;
cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
retryafter = strtonum(cp, 0, 0, &errstr);
if (errstr != NULL)
retryafter = -1;
@ -976,7 +973,6 @@ noslash:
sizeof(TRANSFER_ENCODING) - 1) == 0) {
cp += sizeof(TRANSFER_ENCODING) - 1;
cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
if (strcasecmp(cp, "chunked") == 0)
chunked = 1;
#ifndef SMALL
@ -985,7 +981,6 @@ noslash:
sizeof(LAST_MODIFIED) - 1) == 0) {
cp += sizeof(LAST_MODIFIED) - 1;
cp += strspn(cp, " \t");
cp[strcspn(cp, "\t")] = '\0';
if (strptime(cp, "%a, %d %h %Y %T %Z", &lmt) == NULL)
server_timestamps = 0;
#endif /* !SMALL */

View File

@ -1,4 +1,4 @@
/* $OpenBSD: pfe_route.c,v 1.12 2017/05/28 10:39:15 benno Exp $ */
/* $OpenBSD: pfe_route.c,v 1.14 2023/06/29 16:24:53 claudio Exp $ */
/*
* Copyright (c) 2009 - 2011 Reyk Floeter <reyk@openbsd.org>
@ -19,12 +19,14 @@
#include <sys/types.h>
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/uio.h>
#include <netinet/in.h>
#include <net/route.h>
#include <arpa/inet.h>
#include <limits.h>
#include <stddef.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
@ -32,24 +34,6 @@
#include "relayd.h"
struct relay_rtmsg {
struct rt_msghdr rm_hdr;
union {
struct {
struct sockaddr_in rm_dst;
struct sockaddr_in rm_gateway;
struct sockaddr_in rm_netmask;
struct sockaddr_rtlabel rm_label;
} u4;
struct {
struct sockaddr_in6 rm_dst;
struct sockaddr_in6 rm_gateway;
struct sockaddr_in6 rm_netmask;
struct sockaddr_rtlabel rm_label;
} u6;
} rm_u;
};
void
init_routes(struct relayd *env)
{
@ -103,110 +87,97 @@ sync_routes(struct relayd *env, struct router *rt)
}
}
static void
pfe_apply_prefixlen(struct sockaddr_storage *ss, int af, int len)
{
int q, r, off;
uint8_t *b = (uint8_t *)ss;
q = len >> 3;
r = len & 7;
bzero(ss, sizeof(*ss));
ss->ss_family = af;
switch (af) {
case AF_INET:
ss->ss_len = sizeof(struct sockaddr_in);
off = offsetof(struct sockaddr_in, sin_addr);
break;
case AF_INET6:
ss->ss_len = sizeof(struct sockaddr_in6);
off = offsetof(struct sockaddr_in6, sin6_addr);
break;
default:
fatal("%s: invalid address family", __func__);
}
if (q > 0)
memset(b + off, 0xff, q);
if (r > 0)
b[off + q] = (0xff00 >> r) & 0xff;
}
#define ROUNDUP(a) \
((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
int
pfe_route(struct relayd *env, struct ctl_netroute *crt)
{
struct relay_rtmsg rm;
struct sockaddr_rtlabel sr;
struct sockaddr_storage *gw;
struct sockaddr_in *s4;
struct sockaddr_in6 *s6;
size_t len = 0;
struct iovec iov[5];
struct rt_msghdr hdr;
struct sockaddr_storage dst, gw, mask, label;
struct sockaddr_rtlabel *sr = (struct sockaddr_rtlabel *)&label;
int iovcnt = 0;
char *gwname;
int i = 0;
gw = &crt->host.ss;
bzero(&hdr, sizeof(hdr));
hdr.rtm_msglen = sizeof(hdr);
hdr.rtm_version = RTM_VERSION;
hdr.rtm_type = HOST_ISUP(crt->up) ? RTM_ADD : RTM_DELETE;
hdr.rtm_flags = RTF_STATIC | RTF_GATEWAY | RTF_MPATH;
hdr.rtm_seq = env->sc_rtseq++;
hdr.rtm_addrs = RTA_DST | RTA_GATEWAY | RTA_NETMASK;
hdr.rtm_tableid = crt->rt.rtable;
hdr.rtm_priority = crt->host.priority;
iov[iovcnt].iov_base = &hdr;
iov[iovcnt++].iov_len = sizeof(hdr);
dst = crt->nr.ss;
gw = crt->host.ss;
gwname = crt->host.name;
pfe_apply_prefixlen(&mask, dst.ss_family, crt->nr.prefixlen);
bzero(&rm, sizeof(rm));
bzero(&sr, sizeof(sr));
iov[iovcnt].iov_base = &dst;
iov[iovcnt++].iov_len = ROUNDUP(dst.ss_len);
hdr.rtm_msglen += ROUNDUP(dst.ss_len);
rm.rm_hdr.rtm_msglen = len;
rm.rm_hdr.rtm_version = RTM_VERSION;
rm.rm_hdr.rtm_type = HOST_ISUP(crt->up) ? RTM_ADD : RTM_DELETE;
rm.rm_hdr.rtm_flags = RTF_STATIC | RTF_GATEWAY | RTF_MPATH;
rm.rm_hdr.rtm_seq = env->sc_rtseq++;
rm.rm_hdr.rtm_addrs = RTA_DST | RTA_GATEWAY;
rm.rm_hdr.rtm_tableid = crt->rt.rtable;
rm.rm_hdr.rtm_priority = crt->host.priority;
iov[iovcnt].iov_base = &gw;
iov[iovcnt++].iov_len = ROUNDUP(gw.ss_len);
hdr.rtm_msglen += ROUNDUP(gw.ss_len);
iov[iovcnt].iov_base = &mask;
iov[iovcnt++].iov_len = ROUNDUP(mask.ss_len);
hdr.rtm_msglen += ROUNDUP(mask.ss_len);
if (strlen(crt->rt.label)) {
rm.rm_hdr.rtm_addrs |= RTA_LABEL;
sr.sr_len = sizeof(sr);
if (snprintf(sr.sr_label, sizeof(sr.sr_label),
"%s", crt->rt.label) == -1)
goto bad;
sr->sr_len = sizeof(*sr);
strlcpy(sr->sr_label, crt->rt.label, sizeof(sr->sr_label));
iov[iovcnt].iov_base = &label;
iov[iovcnt++].iov_len = ROUNDUP(label.ss_len);
hdr.rtm_msglen += ROUNDUP(label.ss_len);
hdr.rtm_addrs |= RTA_LABEL;
}
if (crt->nr.ss.ss_family == AF_INET) {
rm.rm_hdr.rtm_msglen = len =
sizeof(rm.rm_hdr) + sizeof(rm.rm_u.u4);
bcopy(&sr, &rm.rm_u.u4.rm_label, sizeof(sr));
s4 = &rm.rm_u.u4.rm_dst;
s4->sin_family = AF_INET;
s4->sin_len = sizeof(rm.rm_u.u4.rm_dst);
s4->sin_addr.s_addr =
((struct sockaddr_in *)&crt->nr.ss)->sin_addr.s_addr;
s4 = &rm.rm_u.u4.rm_gateway;
s4->sin_family = AF_INET;
s4->sin_len = sizeof(rm.rm_u.u4.rm_gateway);
s4->sin_addr.s_addr =
((struct sockaddr_in *)gw)->sin_addr.s_addr;
rm.rm_hdr.rtm_addrs |= RTA_NETMASK;
s4 = &rm.rm_u.u4.rm_netmask;
s4->sin_family = AF_INET;
s4->sin_len = sizeof(rm.rm_u.u4.rm_netmask);
if (crt->nr.prefixlen)
s4->sin_addr.s_addr =
htonl(0xffffffff << (32 - crt->nr.prefixlen));
else if (crt->nr.prefixlen < 0)
rm.rm_hdr.rtm_flags |= RTF_HOST;
} else if (crt->nr.ss.ss_family == AF_INET6) {
rm.rm_hdr.rtm_msglen = len =
sizeof(rm.rm_hdr) + sizeof(rm.rm_u.u6);
bcopy(&sr, &rm.rm_u.u6.rm_label, sizeof(sr));
s6 = &rm.rm_u.u6.rm_dst;
bcopy(((struct sockaddr_in6 *)&crt->nr.ss),
s6, sizeof(*s6));
s6->sin6_family = AF_INET6;
s6->sin6_len = sizeof(*s6);
s6 = &rm.rm_u.u6.rm_gateway;
bcopy(((struct sockaddr_in6 *)gw), s6, sizeof(*s6));
s6->sin6_family = AF_INET6;
s6->sin6_len = sizeof(*s6);
rm.rm_hdr.rtm_addrs |= RTA_NETMASK;
s6 = &rm.rm_u.u6.rm_netmask;
s6->sin6_family = AF_INET6;
s6->sin6_len = sizeof(*s6);
if (crt->nr.prefixlen) {
for (i = 0; i < crt->nr.prefixlen / 8; i++)
s6->sin6_addr.s6_addr[i] = 0xff;
i = crt->nr.prefixlen % 8;
if (i)
s6->sin6_addr.s6_addr[crt->nr.prefixlen
/ 8] = 0xff00 >> i;
} else if (crt->nr.prefixlen < 0)
rm.rm_hdr.rtm_flags |= RTF_HOST;
} else
fatal("%s: invalid address family", __func__);
retry:
if (write(env->sc_rtsock, &rm, len) == -1) {
if (writev(env->sc_rtsock, iov, iovcnt) == -1) {
switch (errno) {
case EEXIST:
case ESRCH:
if (rm.rm_hdr.rtm_type == RTM_ADD) {
rm.rm_hdr.rtm_type = RTM_CHANGE;
if (hdr.rtm_type == RTM_ADD) {
hdr.rtm_type = RTM_CHANGE;
goto retry;
} else if (rm.rm_hdr.rtm_type == RTM_DELETE) {
} else if (hdr.rtm_type == RTM_DELETE) {
/* Ignore */
break;
}

View File

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.31 2023/06/12 14:56:38 claudio Exp $
# $OpenBSD: Makefile,v 1.32 2023/06/29 10:28:25 tb Exp $
PROG= rpki-client
SRCS= as.c aspa.c cert.c cms.c crl.c encoding.c filemode.c gbr.c geofeed.c \
http.c io.c ip.c json.c log.c main.c mft.c mkdir.c ometric.c output.c \
http.c io.c ip.c json.c main.c mft.c mkdir.c ometric.c output.c \
output-bgpd.c output-bird.c output-csv.c output-json.c \
output-ometric.c parser.c print.c repo.c roa.c rrdp.c rrdp_delta.c \
rrdp_notification.c rrdp_snapshot.c rrdp_util.c rsc.c rsync.c tak.c \

View File

@ -1,4 +1,4 @@
/* $OpenBSD: aspa.c,v 1.20 2023/06/28 17:24:20 tb Exp $ */
/* $OpenBSD: aspa.c,v 1.21 2023/06/29 14:33:35 tb Exp $ */
/*
* Copyright (c) 2022 Job Snijders <job@fastly.com>
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@ -369,7 +369,7 @@ aspa_insert_vaps(struct vap_tree *tree, struct aspa *aspa, struct repo *rp)
aspa->providers[i] < v->providers[j]) {
/* merge provider from aspa into v */
repo_stat_inc(rp, v->talid, RTYPE_ASPA,
STYPE_BOTH + aspa->providers[i]);
STYPE_PROVIDERS);
insert_vap(v, j, &aspa->providers[i]);
i++;
} else if (aspa->providers[i] == v->providers[j])

View File

@ -1,4 +1,4 @@
/* $OpenBSD: cert.c,v 1.113 2023/06/24 04:15:14 tb Exp $ */
/* $OpenBSD: cert.c,v 1.114 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Job Snijders <job@openbsd.org>
@ -167,13 +167,13 @@ sbgp_assysnum(struct parse *p, X509_EXTENSION *ext)
int i, rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"extension not critical", p->fn);
goto out;
}
if ((asidentifiers = X509V3_EXT_d2i(ext)) == NULL) {
cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"failed extension parse", p->fn);
goto out;
}
@ -348,13 +348,13 @@ sbgp_ipaddrblk(struct parse *p, X509_EXTENSION *ext)
int i, j, rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"extension not critical", p->fn);
goto out;
}
if ((addrblk = X509V3_EXT_d2i(ext)) == NULL) {
cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"failed extension parse", p->fn);
goto out;
}
@ -453,8 +453,8 @@ sbgp_sia(struct parse *p, X509_EXTENSION *ext)
}
if ((sia = X509V3_EXT_d2i(ext)) == NULL) {
cryptowarnx("%s: RFC 6487 section 4.8.8: SIA: "
"failed extension parse", p->fn);
warnx("%s: RFC 6487 section 4.8.8: SIA: failed extension parse",
p->fn);
goto out;
}
@ -530,13 +530,13 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext)
int rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"extension not critical", p->fn);
goto out;
}
if ((policies = X509V3_EXT_d2i(ext)) == NULL) {
cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"failed extension parse", p->fn);
goto out;
}
@ -641,7 +641,7 @@ cert_parse_ee_cert(const char *fn, X509 *x)
}
if (!X509_up_ref(x)) {
cryptowarnx("%s: X509_up_ref failed", fn);
warnx("%s: X509_up_ref failed", fn);
goto out;
}
@ -688,7 +688,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
oder = der;
if ((x = d2i_X509(NULL, &der, len)) == NULL) {
cryptowarnx("%s: d2i_X509", p.fn);
warnx("%s: d2i_X509", p.fn);
goto out;
}
if (der != oder + len) {
@ -698,7 +698,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
/* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(x, -1, -1) <= 0) {
cryptowarnx("%s: could not cache X509v3 extensions", p.fn);
warnx("%s: could not cache X509v3 extensions", p.fn);
goto out;
}
@ -709,7 +709,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
X509_get0_signature(NULL, &palg, x);
if (palg == NULL) {
cryptowarnx("%s: X509_get0_signature", p.fn);
warnx("%s: X509_get0_signature", p.fn);
goto out;
}
X509_ALGOR_get0(&cobj, NULL, NULL, palg);
@ -730,7 +730,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
/* Look for X509v3 extensions. */
if ((extsz = X509_get_ext_count(x)) < 0)
cryptoerrx("X509_get_ext_count");
errx(1, "X509_get_ext_count");
for (i = 0; i < (size_t)extsz; i++) {
ext = X509_get_ext(x, i);
@ -941,15 +941,15 @@ ta_parse(const char *fn, struct cert *p, const unsigned char *pkey,
/* first check pubkey against the one from the TAL */
pk = d2i_PUBKEY(NULL, &pkey, pkeysz);
if (pk == NULL) {
cryptowarnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn);
warnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn);
goto badcert;
}
if ((opk = X509_get0_pubkey(p->x509)) == NULL) {
cryptowarnx("%s: RFC 6487 (trust anchor): missing pubkey", fn);
warnx("%s: RFC 6487 (trust anchor): missing pubkey", fn);
goto badcert;
}
if (EVP_PKEY_cmp(pk, opk) != 1) {
cryptowarnx("%s: RFC 6487 (trust anchor): "
warnx("%s: RFC 6487 (trust anchor): "
"pubkey does not match TAL pubkey", fn);
goto badcert;
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: cms.c,v 1.37 2023/06/20 02:46:18 job Exp $ */
/* $OpenBSD: cms.c,v 1.38 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -123,7 +123,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
oder = der;
if ((cms = d2i_CMS_ContentInfo(NULL, &der, len)) == NULL) {
cryptowarnx("%s: RFC 6488: failed CMS parse", fn);
warnx("%s: RFC 6488: failed CMS parse", fn);
goto out;
}
if (der != oder + len) {
@ -137,7 +137,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
*/
if (!CMS_verify(cms, NULL, NULL, bio, NULL,
CMS_NO_SIGNER_CERT_VERIFY)) {
cryptowarnx("%s: CMS verification error", fn);
warnx("%s: CMS verification error", fn);
goto out;
}
@ -156,14 +156,14 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
goto out;
}
if (sk_CMS_SignerInfo_num(sinfos) != 1) {
cryptowarnx("%s: RFC 6488: CMS has multiple signerInfos", fn);
warnx("%s: RFC 6488: CMS has multiple signerInfos", fn);
goto out;
}
si = sk_CMS_SignerInfo_value(sinfos, 0);
nattrs = CMS_signed_get_attr_count(si);
if (nattrs <= 0) {
cryptowarnx("%s: RFC 6488: error extracting signedAttrs", fn);
warnx("%s: RFC 6488: error extracting signedAttrs", fn);
goto out;
}
for (i = 0; i < nattrs; i++) {
@ -171,31 +171,31 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
attr = CMS_signed_get_attr(si, i);
if (attr == NULL || X509_ATTRIBUTE_count(attr) != 1) {
cryptowarnx("%s: RFC 6488: "
"bad signed attribute encoding", fn);
warnx("%s: RFC 6488: bad signed attribute encoding",
fn);
goto out;
}
obj = X509_ATTRIBUTE_get0_object(attr);
if (obj == NULL) {
cryptowarnx("%s: RFC 6488: bad signed attribute", fn);
warnx("%s: RFC 6488: bad signed attribute", fn);
goto out;
}
if (OBJ_cmp(obj, cnt_type_oid) == 0) {
if (has_ct++ != 0) {
cryptowarnx("%s: RFC 6488: duplicate "
warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
} else if (OBJ_cmp(obj, msg_dgst_oid) == 0) {
if (has_md++ != 0) {
cryptowarnx("%s: RFC 6488: duplicate "
warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
} else if (OBJ_cmp(obj, sign_time_oid) == 0) {
if (has_st++ != 0) {
cryptowarnx("%s: RFC 6488: duplicate "
warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
@ -203,13 +203,13 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
goto out;
} else if (OBJ_cmp(obj, bin_sign_time_oid) == 0) {
if (has_bst++ != 0) {
cryptowarnx("%s: RFC 6488: duplicate "
warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
} else {
OBJ_obj2txt(buf, sizeof(buf), obj, 1);
cryptowarnx("%s: RFC 6488: "
warnx("%s: RFC 6488: "
"CMS has unexpected signed attribute %s",
fn, buf);
goto out;
@ -217,7 +217,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
}
if (!has_ct || !has_md) {
cryptowarnx("%s: RFC 6488: CMS missing required "
warnx("%s: RFC 6488: CMS missing required "
"signed attribute", fn);
goto out;
}
@ -229,7 +229,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
warnx("%s: missing CMS signing-time attribute", fn);
if (CMS_unsigned_get_attr_count(si) != -1) {
cryptowarnx("%s: RFC 6488: CMS has unsignedAttrs", fn);
warnx("%s: RFC 6488: CMS has unsignedAttrs", fn);
goto out;
}
@ -288,7 +288,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
crls = CMS_get1_crls(cms);
if (crls != NULL) {
sk_X509_CRL_pop_free(crls, X509_CRL_free);
cryptowarnx("%s: RFC 6488: CMS has CRLs", fn);
warnx("%s: RFC 6488: CMS has CRLs", fn);
goto out;
}
@ -312,7 +312,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
/* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(*xp, -1, -1) <= 0) {
cryptowarnx("%s: could not cache X509v3 extensions", fn);
warnx("%s: could not cache X509v3 extensions", fn);
goto out;
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: crl.c,v 1.26 2023/06/20 12:48:32 job Exp $ */
/* $OpenBSD: crl.c,v 1.27 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -43,7 +43,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
oder = der;
if ((crl->x509_crl = d2i_X509_CRL(NULL, &der, len)) == NULL) {
cryptowarnx("%s: d2i_X509_CRL", fn);
warnx("%s: d2i_X509_CRL", fn);
goto out;
}
if (der != oder + len) {
@ -58,7 +58,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
X509_CRL_get0_signature(crl->x509_crl, NULL, &palg);
if (palg == NULL) {
cryptowarnx("%s: X509_CRL_get0_signature", fn);
warnx("%s: X509_CRL_get0_signature", fn);
goto out;
}
X509_ALGOR_get0(&cobj, NULL, NULL, palg);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.186 2023/06/26 18:39:53 job Exp $ */
/* $OpenBSD: extern.h,v 1.188 2023/06/29 14:33:35 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -530,9 +530,7 @@ enum stype {
STYPE_TOTAL,
STYPE_UNIQUE,
STYPE_DEC_UNIQUE,
STYPE_BOTH,
STYPE_ONLY_IPV4,
STYPE_ONLY_IPV6,
STYPE_PROVIDERS,
};
struct repo;
@ -562,8 +560,6 @@ struct repotalstats {
uint32_t vaps; /* total number of Validated ASPA Payloads */
uint32_t vaps_uniqs; /* total number of unique VAPs */
uint32_t vaps_pas; /* total number of providers */
uint32_t vaps_pas4; /* total number of IPv4 only providers */
uint32_t vaps_pas6; /* total number of IPv6 only providers */
uint32_t vrps; /* total number of Validated ROA Payloads */
uint32_t vrps_uniqs; /* number of unique vrps */
};
@ -799,14 +795,6 @@ void rrdp_fetch(unsigned int, const char *, const char *,
void rrdp_abort(unsigned int);
void rrdp_http_done(unsigned int, enum http_result, const char *);
/* Logging (though really used for OpenSSL errors). */
void cryptowarnx(const char *, ...)
__attribute__((format(printf, 1, 2)));
void cryptoerrx(const char *, ...)
__attribute__((format(printf, 1, 2)))
__attribute__((noreturn));
/* Encoding functions for hex and base64. */
unsigned char *load_file(const char *, size_t *);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: filemode.c,v 1.33 2023/05/30 16:02:28 job Exp $ */
/* $OpenBSD: filemode.c,v 1.34 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -650,7 +650,7 @@ proc_filemode(int fd)
x509_init_oid();
if ((ctx = X509_STORE_CTX_new()) == NULL)
cryptoerrx("X509_STORE_CTX_new");
err(1, "X509_STORE_CTX_new");
TAILQ_INIT(&q);
msgbuf_init(&msgq);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: http.c,v 1.77 2023/06/20 15:15:14 claudio Exp $ */
/* $OpenBSD: http.c,v 1.78 2023/06/28 17:36:09 op Exp $ */
/*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@ -1369,7 +1369,6 @@ http_parse_header(struct http_connection *conn, char *buf)
else if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) {
cp += sizeof(CONTENTLEN) - 1;
cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
conn->iosz = strtonum(cp, 0, MAX_CONTENTLEN, &errstr);
if (errstr != NULL) {
warnx("Content-Length of %s is %s",
@ -1422,14 +1421,12 @@ http_parse_header(struct http_connection *conn, char *buf)
sizeof(TRANSFER_ENCODING) - 1) == 0) {
cp += sizeof(TRANSFER_ENCODING) - 1;
cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
if (strcasecmp(cp, "chunked") == 0)
conn->chunked = 1;
} else if (strncasecmp(cp, CONTENT_ENCODING,
sizeof(CONTENT_ENCODING) - 1) == 0) {
cp += sizeof(CONTENT_ENCODING) - 1;
cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
if (strcasecmp(cp, "gzip") == 0 ||
strcasecmp(cp, "deflate") == 0) {
if (http_inflate_new(conn) == -1)
@ -1439,7 +1436,6 @@ http_parse_header(struct http_connection *conn, char *buf)
} else if (strncasecmp(cp, CONNECTION, sizeof(CONNECTION) - 1) == 0) {
cp += sizeof(CONNECTION) - 1;
cp += strspn(cp, " \t");
cp[strcspn(cp, " \t")] = '\0';
if (strcasecmp(cp, "close") == 0)
conn->keep_alive = 0;
else if (strcasecmp(cp, "keep-alive") == 0)

View File

@ -1,74 +0,0 @@
/* $OpenBSD: log.c,v 1.6 2020/09/12 15:46:48 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <err.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdint.h>
#include <openssl/err.h>
#include "extern.h"
/*
* Print the chain of openssl errors that led to the current one.
* This should only be invoked in the event that OpenSSL fails with
* something.
* It's followed by the (optional) given error message, then terminates.
*/
void
cryptoerrx(const char *fmt, ...)
{
unsigned long er;
char buf[BUFSIZ];
va_list ap;
while ((er = ERR_get_error()) > 0) {
ERR_error_string_n(er, buf, sizeof(buf));
warnx(" ...trace: %s", buf);
}
if (fmt != NULL) {
va_start(ap, fmt);
vwarnx(fmt, ap);
va_end(ap);
}
exit(1);
}
/*
* Like cryptoerrx(), but without exiting.
*/
void
cryptowarnx(const char *fmt, ...)
{
unsigned long er;
char buf[BUFSIZ];
va_list ap;
while ((er = ERR_get_error()) > 0) {
ERR_error_string_n(er, buf, sizeof(buf));
warnx(" ...trace: %s", buf);
}
if (fmt != NULL) {
va_start(ap, fmt);
vwarnx(fmt, ap);
va_end(ap);
}
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.243 2023/06/23 11:36:24 claudio Exp $ */
/* $OpenBSD: main.c,v 1.244 2023/06/29 14:33:35 tb Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -750,8 +750,6 @@ sum_stats(const struct repo *rp, const struct repotalstats *in, void *arg)
out->vaps += in->vaps;
out->vaps_uniqs += in->vaps_uniqs;
out->vaps_pas += in->vaps_pas;
out->vaps_pas4 += in->vaps_pas4;
out->vaps_pas6 += in->vaps_pas6;
}
static void

View File

@ -1,4 +1,4 @@
/* $OpenBSD: mft.c,v 1.95 2023/06/20 12:39:50 job Exp $ */
/* $OpenBSD: mft.c,v 1.96 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -281,7 +281,7 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
int i, rc = 0;
if ((mft = d2i_Manifest(NULL, &d, dsz)) == NULL) {
cryptowarnx("%s: RFC 6486 section 4: failed to parse Manifest",
warnx("%s: RFC 6486 section 4: failed to parse Manifest",
p->fn);
goto out;
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: output-ometric.c,v 1.4 2023/06/05 14:19:13 claudio Exp $ */
/* $OpenBSD: output-ometric.c,v 1.5 2023/06/29 14:33:35 tb Exp $ */
/*
* Copyright (c) 2022 Claudio Jeker <claudio@openbsd.org>
*
@ -83,11 +83,7 @@ set_common_stats(const struct repotalstats *in, struct ometric *metric,
ometric_set_int_with_labels(metric, in->vaps_uniqs,
OKV("type", "state"), OKV("vap", "unique"), ol);
ometric_set_int_with_labels(metric, in->vaps_pas,
OKV("type", "state"), OKV("vap providers", "both"), ol);
ometric_set_int_with_labels(metric, in->vaps_pas4,
OKV("type", "state"), OKV("vap providers", "IPv4 only"), ol);
ometric_set_int_with_labels(metric, in->vaps_pas6,
OKV("type", "state"), OKV("vap providers", "IPv6 only"), ol);
OKV("type", "state"), OKV("vap providers", "total"), ol);
}
static void

View File

@ -1,4 +1,4 @@
/* $OpenBSD: parser.c,v 1.96 2023/05/30 16:02:28 job Exp $ */
/* $OpenBSD: parser.c,v 1.97 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -815,7 +815,7 @@ proc_parser(int fd)
x509_init_oid();
if ((ctx = X509_STORE_CTX_new()) == NULL)
cryptoerrx("X509_STORE_CTX_new");
err(1, "X509_STORE_CTX_new");
TAILQ_INIT(&q);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: print.c,v 1.41 2023/06/26 18:39:53 job Exp $ */
/* $OpenBSD: print.c,v 1.42 2023/06/29 10:22:37 job Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -612,19 +612,6 @@ rsc_print(const X509 *x, const struct rsc *p)
json_do_end();
}
static void
aspa_provider(uint32_t as)
{
if (outformats & FORMAT_JSON) {
json_do_object("aspa", 1);
json_do_uint("asid", as);
json_do_end();
} else {
printf("AS: %u", as);
printf("\n");
}
}
void
aspa_print(const X509 *x, const struct aspa *p)
{
@ -662,9 +649,13 @@ aspa_print(const X509 *x, const struct aspa *p)
}
for (i = 0; i < p->providersz; i++) {
if ((outformats & FORMAT_JSON) == 0 && i > 0)
printf("%26s", "");
aspa_provider(p->providers[i]);
if (outformats & FORMAT_JSON)
json_do_uint("asid", p->providers[i]);
else {
if (i > 0)
printf("%26s", "");
printf("AS: %u\n", p->providers[i]);
}
}
if (outformats & FORMAT_JSON)

View File

@ -1,4 +1,4 @@
/* $OpenBSD: repo.c,v 1.48 2023/06/23 11:36:24 claudio Exp $ */
/* $OpenBSD: repo.c,v 1.50 2023/06/29 14:33:35 tb Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -727,7 +727,7 @@ rrdp_session_save(unsigned int id, struct rrdp_session *state)
if (fprintf(f, "-\n") < 0)
goto fail;
}
for (i = 0; state->deltas[i] != NULL; i++) {
for (i = 0; i < MAX_RRDP_DELTAS && state->deltas[i] != NULL; i++) {
if (fprintf(f, "%s\n", state->deltas[i]) < 0)
goto fail;
}
@ -1473,15 +1473,9 @@ repo_stat_inc(struct repo *rp, int talid, enum rtype type, enum stype subtype)
case STYPE_DEC_UNIQUE:
rp->stats[talid].vaps_uniqs--;
break;
case STYPE_BOTH:
case STYPE_PROVIDERS:
rp->stats[talid].vaps_pas++;
break;
case STYPE_ONLY_IPV4:
rp->stats[talid].vaps_pas4++;
break;
case STYPE_ONLY_IPV6:
rp->stats[talid].vaps_pas6++;
break;
default:
break;
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: roa.c,v 1.68 2023/06/07 10:46:34 job Exp $ */
/* $OpenBSD: roa.c,v 1.69 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -114,7 +114,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
int i, j, rc = 0;
if ((roa = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) {
cryptowarnx("%s: RFC 6482 section 3: failed to parse "
warnx("%s: RFC 6482 section 3: failed to parse "
"RouteOriginAttestation", p->fn);
goto out;
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: rsc.c,v 1.26 2023/06/07 10:46:34 job Exp $ */
/* $OpenBSD: rsc.c,v 1.27 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2022 Job Snijders <job@fastly.com>
@ -334,8 +334,7 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
*/
if ((rsc = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) {
cryptowarnx("%s: RSC: failed to parse RpkiSignedChecklist",
p->fn);
warnx("%s: RSC: failed to parse RpkiSignedChecklist", p->fn);
goto out;
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: tak.c,v 1.10 2023/06/20 12:39:50 job Exp $ */
/* $OpenBSD: tak.c,v 1.11 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Job Snijders <job@fastly.com>
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@ -191,7 +191,7 @@ tak_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
fn = p->fn;
if ((tak = d2i_TAK(NULL, &d, dsz)) == NULL) {
cryptowarnx("%s: failed to parse Trust Anchor Key", fn);
warnx("%s: failed to parse Trust Anchor Key", fn);
goto out;
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: tal.c,v 1.38 2022/11/30 09:02:58 job Exp $ */
/* $OpenBSD: tal.c,v 1.39 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -137,7 +137,7 @@ tal_parse_buffer(const char *fn, char *buf, size_t len)
/* Make sure it's a valid public key. */
pkey = d2i_PUBKEY(NULL, (const unsigned char **)&der, dersz);
if (pkey == NULL) {
cryptowarnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: "
warnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: "
"failed public key parse", fn);
goto out;
}

View File

@ -1,4 +1,4 @@
/* $OpenBSD: validate.c,v 1.65 2023/06/07 11:09:08 tb Exp $ */
/* $OpenBSD: validate.c,v 1.66 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -407,14 +407,14 @@ valid_x509(char *file, X509_STORE_CTX *store_ctx, X509 *x509, struct auth *a,
assert(store_ctx != NULL);
assert(x509 != NULL);
if (!X509_STORE_CTX_init(store_ctx, NULL, x509, NULL))
cryptoerrx("X509_STORE_CTX_init");
err(1, "X509_STORE_CTX_init");
if ((params = X509_STORE_CTX_get0_param(store_ctx)) == NULL)
cryptoerrx("X509_STORE_CTX_get0_param");
errx(1, "X509_STORE_CTX_get0_param");
if ((cp_oid = OBJ_dup(certpol_oid)) == NULL)
cryptoerrx("OBJ_dup");
err(1, "OBJ_dup");
if (!X509_VERIFY_PARAM_add0_policy(params, cp_oid))
cryptoerrx("X509_VERIFY_PARAM_add0_policy");
err(1, "X509_VERIFY_PARAM_add0_policy");
X509_VERIFY_PARAM_set_time(params, get_current_time());
flags = X509_V_FLAG_CRL_CHECK;