From 1bc98b35388a6b831ff1dca5e436bfe2c5189d4d Mon Sep 17 00:00:00 2001 From: purplerain Date: Mon, 27 Nov 2023 15:39:41 +0000 Subject: [PATCH] sync with OpenBSD -current --- bin/pax/buf_subs.c | 9 +- bin/pax/extern.h | 14 +- bin/pax/file_subs.c | 17 +- bin/pax/options.c | 12 +- bin/pax/pax.c | 5 +- bin/pax/tables.c | 5 +- gnu/llvm/lld/ELF/Arch/AArch64.cpp | 3 +- gnu/llvm/lld/ELF/Symbols.cpp | 2 +- gnu/llvm/lld/ELF/Symbols.h | 3 + gnu/llvm/lld/ELF/Thunks.cpp | 4 +- gnu/usr.bin/perl/regcomp.c | 17 +- gnu/usr.bin/perl/t/re/pat_advanced.t | 8 + lib/libcrypto/cert.pem | 422 +++++++++++----------- lib/libcrypto/objects/obj_dat.c | 6 +- lib/libcrypto/x509/x509_vfy.c | 30 +- sys/arch/amd64/amd64/vmm_machdep.c | 6 +- sys/arch/arm64/dev/rtkit.c | 55 ++- sys/dev/acpi/pchgpio.c | 80 +++- sys/dev/fdt/rkclock.c | 14 +- sys/dev/fdt/rkclock_clocks.h | 2 + sys/dev/pci/drm/i915/i915_devlist.h | 10 +- sys/dev/pci/drm/include/drm/i915_pciids.h | 14 +- sys/dev/pci/pcidevs | 16 +- sys/dev/pci/pcidevs.h | 16 +- sys/dev/pci/pcidevs_data.h | 22 +- sys/netinet/in_pcb.h | 4 +- sys/netinet/ip_ipsp.h | 4 +- sys/netinet/ip_output.c | 19 +- sys/netinet/ip_spd.c | 59 ++- sys/netinet/ip_var.h | 4 +- sys/netinet/raw_ip.c | 4 +- sys/netinet/tcp_input.c | 6 +- sys/netinet/tcp_output.c | 10 +- sys/netinet/tcp_subr.c | 6 +- sys/netinet/udp_usrreq.c | 6 +- sys/netinet6/ip6_output.c | 18 +- sys/netinet6/ip6_var.h | 6 +- sys/netinet6/raw_ip6.c | 4 +- sys/netinet6/udp6_output.c | 4 +- usr.bin/awk/FIXES | 16 +- usr.bin/awk/awk.h | 13 +- usr.bin/awk/b.c | 132 +++++-- usr.bin/awk/lex.c | 16 +- usr.bin/awk/main.c | 4 +- usr.bin/awk/run.c | 5 +- usr.bin/rsync/extern.h | 3 +- usr.bin/rsync/fargs.c | 4 +- usr.bin/rsync/main.c | 16 +- usr.bin/rsync/receiver.c | 5 +- usr.bin/rsync/rsync.1 | 10 +- usr.bin/rsync/uploader.c | 5 +- usr.sbin/pkg_add/OpenBSD/PkgAdd.pm | 6 +- usr.sbin/slaacctl/slaacctl.8 | 14 +- usr.sbin/ypbind/ypbind.c | 5 +- 54 files changed, 733 insertions(+), 467 deletions(-) diff --git a/bin/pax/buf_subs.c b/bin/pax/buf_subs.c index e5e9c9343..d3c41a4d7 100644 --- a/bin/pax/buf_subs.c +++ b/bin/pax/buf_subs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buf_subs.c,v 1.31 2019/06/28 13:34:59 deraadt Exp $ */ +/* $OpenBSD: buf_subs.c,v 1.32 2023/11/26 16:04:17 espie Exp $ */ /* $NetBSD: buf_subs.c,v 1.5 1995/03/21 09:07:08 cgd Exp $ */ /*- @@ -48,6 +48,9 @@ * routines which implement archive and file buffering */ +static int buf_fill(void); +static int buf_flush(int); + #define MINFBSZ 512 /* default block size for hole detect */ #define MAXFLT 10 /* default media read error limit */ @@ -825,7 +828,7 @@ cp_file(ARCHD *arcn, int fd1, int fd2) * 0 when finished (user specified termination in ar_next()). */ -int +static int buf_fill(void) { int cnt; @@ -873,7 +876,7 @@ buf_fill(void) * 0 if all is ok, -1 when a write error occurs. */ -int +static int buf_flush(int bufcnt) { int cnt; diff --git a/bin/pax/extern.h b/bin/pax/extern.h index 67a21d866..3d7303c42 100644 --- a/bin/pax/extern.h +++ b/bin/pax/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.60 2020/03/23 20:04:19 espie Exp $ */ +/* $OpenBSD: extern.h,v 1.61 2023/11/26 16:04:17 espie Exp $ */ /* $NetBSD: extern.h,v 1.5 1996/03/26 23:54:16 mrg Exp $ */ /*- @@ -92,8 +92,6 @@ int wr_skip(off_t); int wr_rdfile(ARCHD *, int, off_t *); int rd_wrfile(ARCHD *, int, off_t *); void cp_file(ARCHD *, int, int); -int buf_fill(void); -int buf_flush(int); /* * cpio.c @@ -127,16 +125,10 @@ int lnk_creat(ARCHD *); int cross_lnk(ARCHD *); int chk_same(ARCHD *); int node_creat(ARCHD *); -int unlnk_exist(char *, int); -int chk_path(char *, uid_t, gid_t, int); void set_ftime(const char *, const struct timespec *, const struct timespec *, int); -void fset_ftime(const char *, int, const struct timespec *, - const struct timespec *, int); int set_ids(char *, uid_t, gid_t); -int fset_ids(char *, int, uid_t, gid_t); void set_pmode(char *, mode_t); -void fset_pmode(char *, int, mode_t); int set_attr(const struct file_times *, int _force_times, mode_t, int _do_mode, int _in_sig); int file_write(int, char *, int, int *, int *, int, char *); @@ -178,8 +170,6 @@ extern FSUB fsub[]; extern int ford[]; void options(int, char **); OPLIST * opt_next(void); -int opt_add(const char *); -int bad_opt(void); extern char *chdname; /* @@ -235,7 +225,6 @@ extern char *tempfile; extern char *tempbase; extern int havechd; -void sig_cleanup(int); /* * sel_subs.c @@ -279,7 +268,6 @@ int dir_start(void); void add_dir(char *, struct stat *, int); void delete_dir(dev_t, ino_t); void proc_dir(int _in_sig); -u_int st_hash(const char *, int, int); /* * tar.c diff --git a/bin/pax/file_subs.c b/bin/pax/file_subs.c index 8ca42259d..e71f5d4a3 100644 --- a/bin/pax/file_subs.c +++ b/bin/pax/file_subs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file_subs.c,v 1.55 2020/03/23 20:04:19 espie Exp $ */ +/* $OpenBSD: file_subs.c,v 1.56 2023/11/26 16:04:17 espie Exp $ */ /* $NetBSD: file_subs.c,v 1.4 1995/03/21 09:07:18 cgd Exp $ */ /*- @@ -46,8 +46,13 @@ #include "pax.h" #include "extern.h" -static int -mk_link(char *, struct stat *, char *, int); +static int fset_ids(char *, int, uid_t, gid_t); +static int unlnk_exist(char *, int); +static int chk_path(char *, uid_t, gid_t, int); +static int mk_link(char *, struct stat *, char *, int); +static void fset_ftime(const char *, int, const struct timespec *, + const struct timespec *, int); +static void fset_pmode(char *, int, mode_t); /* * routines that deal with file operations such as: creating, removing; @@ -537,7 +542,7 @@ badlink: * 1 we found a directory and we were going to create a directory. */ -int +static int unlnk_exist(char *name, int type) { struct stat sb; @@ -715,7 +720,7 @@ set_ftime(const char *fnm, const struct timespec *mtimp, fnm); } -void +static void fset_ftime(const char *fnm, int fd, const struct timespec *mtimp, const struct timespec *atimp, int frc) { @@ -797,7 +802,7 @@ set_pmode(char *fnm, mode_t mode) syswarn(1, errno, "Could not set permissions on %s", fnm); } -void +static void fset_pmode(char *fnm, int fd, mode_t mode) { mode &= ABITS; diff --git a/bin/pax/options.c b/bin/pax/options.c index 1ed9f98f5..835c38f00 100644 --- a/bin/pax/options.c +++ b/bin/pax/options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: options.c,v 1.105 2023/01/17 16:20:28 tb Exp $ */ +/* $OpenBSD: options.c,v 1.106 2023/11/26 16:04:17 espie Exp $ */ /* $NetBSD: options.c,v 1.6 1996/03/26 23:54:18 mrg Exp $ */ /*- @@ -49,6 +49,8 @@ #include "tar.h" #include "extern.h" +static int bad_opt(void); +static int opt_add(const char *); /* * argv[0] names. Used for tar and cpio emulation */ @@ -1104,9 +1106,9 @@ tar_options(int argc, char **argv) } } -int mkpath(char *); +static int mkpath(char *); -int +static int mkpath(char *path) { struct stat sb; @@ -1474,7 +1476,7 @@ opt_next(void) * when the format does not support options. */ -int +static int bad_opt(void) { OPLIST *opt; @@ -1500,7 +1502,7 @@ bad_opt(void) * 0 if format in name=value format, -1 if -o is passed junk */ -int +static int opt_add(const char *str) { OPLIST *opt; diff --git a/bin/pax/pax.c b/bin/pax/pax.c index 1bdb6160b..b961d0cea 100644 --- a/bin/pax/pax.c +++ b/bin/pax/pax.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pax.c,v 1.56 2023/11/09 18:54:15 kn Exp $ */ +/* $OpenBSD: pax.c,v 1.57 2023/11/26 16:04:17 espie Exp $ */ /* $NetBSD: pax.c,v 1.5 1996/03/26 23:54:20 mrg Exp $ */ /*- @@ -52,6 +52,7 @@ #include "pax.h" #include "extern.h" static int gen_init(void); +static void sig_cleanup(int); /* * PAX main routines, general globals and some simple start up routines @@ -337,7 +338,7 @@ main(int argc, char **argv) * never.... */ -void +static void sig_cleanup(int which_sig) { /* diff --git a/bin/pax/tables.c b/bin/pax/tables.c index f3021df95..99247266f 100644 --- a/bin/pax/tables.c +++ b/bin/pax/tables.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tables.c,v 1.54 2019/06/28 05:35:34 deraadt Exp $ */ +/* $OpenBSD: tables.c,v 1.55 2023/11/26 16:04:17 espie Exp $ */ /* $NetBSD: tables.c,v 1.4 1995/03/21 09:07:45 cgd Exp $ */ /*- @@ -47,6 +47,7 @@ #include "pax.h" #include "extern.h" +static u_int st_hash(const char *, int, int); /* * Routines for controlling the contents of all the different databases pax @@ -1723,7 +1724,7 @@ proc_dir(int in_sig) * the hash value of the string MOD (%) the table size. */ -u_int +static u_int st_hash(const char *name, int len, int tabsz) { const char *pt; diff --git a/gnu/llvm/lld/ELF/Arch/AArch64.cpp b/gnu/llvm/lld/ELF/Arch/AArch64.cpp index 1ed1227dc..dcea062c5 100644 --- a/gnu/llvm/lld/ELF/Arch/AArch64.cpp +++ b/gnu/llvm/lld/ELF/Arch/AArch64.cpp @@ -916,7 +916,8 @@ void AArch64BtiPac::writePlt(uint8_t *buf, const Symbol &sym, // escape to shared objects. isInIplt indicates a non-preemptible ifunc. Its // address may escape if referenced by a direct relocation. The condition is // conservative. - bool hasBti = btiHeader && (sym.hasFlag(NEEDS_COPY) || sym.isInIplt); + bool hasBti = btiHeader && + (sym.hasFlag(NEEDS_COPY) || sym.isInIplt || sym.thunkAccessed); if (hasBti) { memcpy(buf, btiData, sizeof(btiData)); buf += sizeof(btiData); diff --git a/gnu/llvm/lld/ELF/Symbols.cpp b/gnu/llvm/lld/ELF/Symbols.cpp index 96ae7a509..5addbaf3d 100644 --- a/gnu/llvm/lld/ELF/Symbols.cpp +++ b/gnu/llvm/lld/ELF/Symbols.cpp @@ -25,7 +25,7 @@ using namespace llvm::ELF; using namespace lld; using namespace lld::elf; -static_assert(sizeof(SymbolUnion) <= 64, "SymbolUnion too large"); +static_assert(sizeof(SymbolUnion) <= 72, "SymbolUnion too large"); template struct AssertSymbol { static_assert(std::is_trivially_destructible(), diff --git a/gnu/llvm/lld/ELF/Symbols.h b/gnu/llvm/lld/ELF/Symbols.h index 19ffc8fa7..865fba390 100644 --- a/gnu/llvm/lld/ELF/Symbols.h +++ b/gnu/llvm/lld/ELF/Symbols.h @@ -295,6 +295,9 @@ public: // True if defined in a DSO as protected visibility. uint8_t dsoProtected : 1; + // True if targeted by a range extension thunk. + uint8_t thunkAccessed : 1; + // Temporary flags used to communicate which symbol entries need PLT and GOT // entries during postScanRelocations(); std::atomic flags; diff --git a/gnu/llvm/lld/ELF/Thunks.cpp b/gnu/llvm/lld/ELF/Thunks.cpp index 5964196a1..bed059bf9 100644 --- a/gnu/llvm/lld/ELF/Thunks.cpp +++ b/gnu/llvm/lld/ELF/Thunks.cpp @@ -1217,7 +1217,9 @@ bool PPC64LongBranchThunk::isCompatibleWith(const InputSection &isec, return rel.type == R_PPC64_REL24 || rel.type == R_PPC64_REL14; } -Thunk::Thunk(Symbol &d, int64_t a) : destination(d), addend(a), offset(0) {} +Thunk::Thunk(Symbol &d, int64_t a) : destination(d), addend(a), offset(0) { + destination.thunkAccessed = true; +} Thunk::~Thunk() = default; diff --git a/gnu/usr.bin/perl/regcomp.c b/gnu/usr.bin/perl/regcomp.c index 881c26c6d..7442e6656 100644 --- a/gnu/usr.bin/perl/regcomp.c +++ b/gnu/usr.bin/perl/regcomp.c @@ -24250,7 +24250,7 @@ S_parse_uniprop_string(pTHX_ * compile perl to know about them) */ bool is_nv_type = FALSE; - unsigned int i, j = 0; + unsigned int i = 0, i_zero = 0, j = 0; int equals_pos = -1; /* Where the '=' is found, or negative if none */ int slash_pos = -1; /* Where the '/' is found, or negative if none */ int table_index = 0; /* The entry number for this property in the table @@ -24384,9 +24384,13 @@ S_parse_uniprop_string(pTHX_ * all of them are considered to be for that package. For the purposes of * parsing the rest of the property, strip it off */ if (non_pkg_begin == STRLENs("utf8::") && memBEGINPs(name, name_len, "utf8::")) { - lookup_name += STRLENs("utf8::"); - j -= STRLENs("utf8::"); - equals_pos -= STRLENs("utf8::"); + lookup_name += STRLENs("utf8::"); + j -= STRLENs("utf8::"); + equals_pos -= STRLENs("utf8::"); + i_zero = STRLENs("utf8::"); /* When resetting 'i' to reparse + from the beginning, it has to be + set past what we're stripping + off */ stripped_utf8_pkg = TRUE; } @@ -24800,7 +24804,8 @@ S_parse_uniprop_string(pTHX_ /* We set the inputs back to 0 and the code below will reparse, * using strict */ - i = j = 0; + i = i_zero; + j = 0; } } @@ -24821,7 +24826,7 @@ S_parse_uniprop_string(pTHX_ * separates two digits */ if (cur == '_') { if ( stricter - && ( i == 0 || (int) i == equals_pos || i == name_len- 1 + && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 || ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1]))) { lookup_name[j++] = '_'; diff --git a/gnu/usr.bin/perl/t/re/pat_advanced.t b/gnu/usr.bin/perl/t/re/pat_advanced.t index 2a2541142..088efedb3 100755 --- a/gnu/usr.bin/perl/t/re/pat_advanced.t +++ b/gnu/usr.bin/perl/t/re/pat_advanced.t @@ -2688,6 +2688,14 @@ EOF_DEBUG_OUT {}, "Related to Github Issue #19350, forward \\g{x} pattern segv under use re Debug => 'PARSE'"); } + { # perl-security#140, read/write past buffer end + fresh_perl_like('qr/\p{utf8::perl x}/', + qr/Illegal user-defined property name "utf8::perl x" in regex/, + {}, "perl-security#140"); + fresh_perl_is('qr/\p{utf8::_perl_surrogate}/', "", + {}, "perl-security#140"); + } + # !!! NOTE that tests that aren't at all likely to crash perl should go # a ways above, above these last ones. There's a comment there that, like diff --git a/lib/libcrypto/cert.pem b/lib/libcrypto/cert.pem index e5215f3cb..524fb490d 100644 --- a/lib/libcrypto/cert.pem +++ b/lib/libcrypto/cert.pem @@ -1,4 +1,4 @@ -# $OpenBSD: cert.pem,v 1.26 2023/05/06 17:55:38 tb Exp $ +# $OpenBSD: cert.pem,v 1.27 2023/11/27 19:27:21 tb Exp $ ### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 === /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 @@ -12,11 +12,11 @@ Certificate: Not After : May 5 15:22:07 2036 GMT Subject: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 65:CD:EB:AB:35:1E:00:3E:7E:D5:74:C0:1C:B4:73:47:0E:1A:64:2F X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.firmaprofesional.com/cps User Notice: @@ -75,31 +75,31 @@ Certificate: Not After : Dec 31 09:37:37 2030 GMT Subject: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES X509v3 extensions: - Authority Information Access: + Authority Information Access: CA Issuers - URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt OCSP - URI:http://ocsp.accv.es - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: X509v3 Any Policy User Notice: Explicit Text: CPS: http://www.accv.es/legislacion_c.htm - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Alternative Name: + X509v3 Subject Alternative Name: email:accv@accv.es SHA1 Fingerprint=93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17 SHA256 Fingerprint=9A:6E:C0:12:E1:A7:DA:9D:BE:34:19:4D:47:8A:D7:C0:DB:18:22:FB:07:1D:F1:29:81:49:6E:D1:04:38:41:13 @@ -161,11 +161,11 @@ Certificate: Not After : Sep 22 11:22:02 2030 GMT Subject: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 X509v3 Key Usage: critical @@ -219,7 +219,7 @@ Certificate: Not After : Dec 31 14:06:06 2030 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Commercial X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9D:93:C6:53:8B:5E:CA:AF:3F:9F:1E:0F:E5:99:95:BC:24:F6:94:8F X509v3 Basic Constraints: critical CA:TRUE @@ -258,7 +258,7 @@ Certificate: Not After : Dec 31 14:08:24 2030 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Networking X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 07:1F:D2:E7:9C:DA:C2:6E:A2:40:B4:B0:7A:50:10:50:74:C4:C8:BD X509v3 Basic Constraints: critical CA:TRUE @@ -297,7 +297,7 @@ Certificate: Not After : Dec 31 14:10:36 2040 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9D:C0:67:A6:0C:22:D9:26:F5:45:AB:A6:65:52:11:27:D8:45:AC:63 X509v3 Basic Constraints: critical CA:TRUE @@ -347,7 +347,7 @@ Certificate: Not After : Dec 31 14:20:24 2040 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9A:AF:29:7A:C0:11:35:35:26:51:30:00:C3:6A:FE:40:D5:AE:D6:3C X509v3 Basic Constraints: critical CA:TRUE @@ -383,11 +383,11 @@ Certificate: Not After : Apr 26 08:57:56 2044 GMT Subject: C=TN, O=Agence Nationale de Certification Electronique, CN=TunTrust Root CA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 06:9A:9B:1F:53:7D:F1:F5:A4:C8:D3:86:3E:A1:73:59:B4:F7:44:21 X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:06:9A:9B:1F:53:7D:F1:F5:A4:C8:D3:86:3E:A1:73:59:B4:F7:44:21 X509v3 Key Usage: critical @@ -446,7 +446,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 84:18:CC:85:34:EC:BC:0C:94:94:2E:08:59:9C:C7:B2:10:4E:0A:08 SHA1 Fingerprint=8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 SHA256 Fingerprint=8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E @@ -486,7 +486,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B0:0C:F0:4C:30:F4:05:58:02:48:FD:33:E5:52:AF:4B:84:E3:66:52 SHA1 Fingerprint=5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A SHA256 Fingerprint=1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 @@ -537,7 +537,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: AB:B6:DB:D7:06:9E:37:AC:30:86:07:91:70:C7:9C:C4:19:B1:78:C0 SHA1 Fingerprint=0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E SHA256 Fingerprint=18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 @@ -569,7 +569,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D3:EC:C7:3A:65:6E:CC:E1:DA:76:9A:56:FB:9C:F3:86:6D:57:E5:81 SHA1 Fingerprint=F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE SHA256 Fingerprint=E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 @@ -600,10 +600,10 @@ Certificate: Not After : Aug 30 10:00:38 2039 GMT Subject: serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA X509v3 extensions: - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:9C:5F:D0:6C:63:A3:5F:93:CA:93:98:08:AD:8C:87:A5:2C:5C:C1:37 - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9C:5F:D0:6C:63:A3:5F:93:CA:93:98:08:AD:8C:87:A5:2C:5C:C1:37 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -662,7 +662,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 8D:06:66:74:24:76:3A:F3:89:F7:BC:D6:BD:47:7D:2F:BC:10:5F:4B X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -697,7 +697,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 8C:FB:1C:75:BC:02:D3:9F:4E:2E:48:D9:F9:60:54:AA:C4:B3:4F:FA X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -750,14 +750,14 @@ Certificate: Not After : Dec 31 23:59:59 2030 GMT Subject: CN=Atos TrustedRoot 2011, O=Atos, C=DE X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: A7:A5:06:B1:2C:A6:09:60:EE:D1:97:E9:70:AE:BC:3B:19:6C:DB:21 X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:A7:A5:06:B1:2C:A6:09:60:EE:D1:97:E9:70:AE:BC:3B:19:6C:DB:21 - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6189.3.4.1.1 X509v3 Key Usage: critical @@ -799,7 +799,7 @@ Certificate: Not After : May 12 23:59:00 2025 GMT Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0 X509v3 Basic Constraints: critical CA:TRUE, pathlen:3 @@ -844,7 +844,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C9:80:77:E0:62:92:82:F5:46:9C:F3:BA:F7:4C:C3:DE:B8:A3:AD:39 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -894,7 +894,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 47:B8:CD:FF:E5:6F:EE:F8:B2:EC:2F:4E:0E:F9:25:B0:8E:3C:6B:C3 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -950,7 +950,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F3:28:18:CB:64:75:EE:29:2A:EB:ED:AE:23:58:38:85:EB:C8:22:07 SHA1 Fingerprint=F9:E1:6D:DC:01:89:CF:D5:82:45:63:3E:C5:37:7D:C2:EB:93:6F:2B SHA256 Fingerprint=B4:58:5F:22:E4:AC:75:6A:4E:86:12:A1:36:1C:5D:9D:03:1A:93:FD:84:FE:BB:77:8F:A3:06:8B:0F:C4:2D:C2 @@ -983,7 +983,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E0:AA:3F:25:8D:9F:44:5C:C1:3A:E8:2E:AE:77:4C:84:3E:67:0C:F4 SHA1 Fingerprint=A0:50:EE:0F:28:71:F4:27:B2:12:6D:6F:50:96:25:BA:CC:86:42:AF SHA256 Fingerprint=77:B8:2C:D8:64:4C:43:05:F7:AC:C5:CB:15:6B:45:67:50:04:03:3D:51:C6:0C:62:02:A8:E0:C3:34:67:D3:A0 @@ -1036,7 +1036,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E0:8C:9B:DB:25:49:B3:F1:7C:86:D6:B2:42:87:0B:D0:6B:A0:D9:E4 SHA1 Fingerprint=FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B SHA256 Fingerprint=EA:A9:62:C4:FA:4A:6B:AF:EB:E4:15:19:6D:35:1C:CD:88:8D:4F:53:F3:FA:8A:E6:D7:C4:66:A9:4E:60:42:BB @@ -1079,7 +1079,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 82:21:2D:66:C6:D7:A0:E0:15:EB:CE:4C:09:77:C4:60:9E:54:6E:03 SHA1 Fingerprint=26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32 SHA256 Fingerprint=65:7C:FE:2F:A7:3F:AA:38:46:25:71:F3:32:A2:36:3A:46:FC:E7:02:09:51:71:07:02:CD:FB:B6:EE:DA:33:05 @@ -1128,14 +1128,14 @@ Certificate: Not After : Dec 31 03:07:01 2029 GMT Subject: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT X509v3 extensions: - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:E3:FE:2D:FD:28:D0:0B:B5:BA:B6:A2:C4:BF:06:AA:05:8C:93:FB:2F X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E3:FE:2D:FD:28:D0:0B:B5:BA:B6:A2:C4:BF:06:AA:05:8C:93:FB:2F SHA1 Fingerprint=E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 SHA256 Fingerprint=5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD @@ -1188,7 +1188,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F2:77:17:FA:5E:A8:FE:F6:3D:71:D5:68:BA:C9:46:0C:38:D8:AF:B0 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -1237,11 +1237,11 @@ Certificate: Not After : Dec 20 02:31:27 2034 GMT Subject: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 1E:0C:F7:B6:67:F2:E1:92:26:09:45:C0:55:39:2E:77:3F:42:4A:A2 - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE - setCext-hashedRoot: + setCext-hashedRoot: 0/0-...0...+......0...g*.....E... V|.[x....S..... SHA1 Fingerprint=67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 @@ -1293,13 +1293,13 @@ Certificate: Not After : Dec 31 23:59:59 2028 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.comodoca.com/AAACertificateServices.crl @@ -1349,13 +1349,13 @@ Certificate: Not After : Dec 31 23:59:59 2029 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 0B:58:E5:8B:C6:4C:15:37:A4:40:A9:30:A9:21:BE:47:36:5A:56:FF X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.comodoca.com/COMODOCertificationAuthority.crl @@ -1399,7 +1399,7 @@ Certificate: Not After : Jan 18 23:59:59 2038 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 75:71:A7:19:48:19:BC:9D:9D:EA:41:47:DF:94:C4:48:77:99:D3:79 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -1435,7 +1435,7 @@ Certificate: Not After : Jan 18 23:59:59 2038 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -1494,11 +1494,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 73:91:10:AB:FF:55:B3:5A:7C:09:25:D5:B2:BA:08:A0:6B:AB:1F:6D X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.d-trust.net/crl/d-trust_br_root_ca_1_2020.crl @@ -1540,11 +1540,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 7F:10:01:16:37:3A:A4:28:E4:50:F8:A4:F7:EC:6B:32:B6:FE:E9:8B X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.d-trust.net/crl/d-trust_ev_root_ca_1_2020.crl @@ -1585,11 +1585,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: FD:DA:14:C4:9F:30:DE:21:BD:1E:42:39:FC:AB:63:23:49:E0:F1:84 X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist @@ -1637,11 +1637,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D3:94:8A:4C:62:13:2A:19:2E:CC:AF:72:8A:7D:36:D7:9A:1C:DC:67 X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%20EV%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist @@ -1693,16 +1693,16 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 DirName:/C=FR/O=Dhimyotis/CN=Certigna serial:FE:DC:E3:01:0F:C9:48:FF X509v3 Key Usage: critical Certificate Sign, CRL Sign - Netscape Cert Type: + Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA SHA1 Fingerprint=B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97 SHA256 Fingerprint=E3:B6:A2:DB:2E:D7:CE:48:84:2F:7A:C5:32:41:C7:B7:1D:54:14:4B:FB:40:C1:1F:3F:1D:0B:42:F5:EE:A1:2D @@ -1744,16 +1744,16 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 18:87:56:E0:6E:77:EE:24:35:3C:4E:73:9A:1F:D6:E1:E2:79:7E:2B - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:18:87:56:E0:6E:77:EE:24:35:3C:4E:73:9A:1F:D6:E1:E2:79:7E:2B - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: https://wwww.certigna.fr/autorites/ - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.certigna.fr/certignarootca.crl @@ -1818,9 +1818,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F SHA1 Fingerprint=05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43 @@ -1863,7 +1863,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: CE:C3:4A:B9:99:55:F2:B8:DB:60:BF:A9:7E:BD:56:B5:97:36:A7:D6 SHA1 Fingerprint=A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F SHA256 Fingerprint=7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85 @@ -1905,7 +1905,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: CB:D0:BD:A9:E1:98:05:51:A1:4D:37:A2:83:79:CE:8D:1D:2A:E4:84 SHA1 Fingerprint=F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89 SHA256 Fingerprint=7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2 @@ -1940,9 +1940,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 SHA1 Fingerprint=A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36 @@ -1985,7 +1985,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39 SHA1 Fingerprint=DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4 SHA256 Fingerprint=CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F @@ -2027,7 +2027,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6 SHA1 Fingerprint=7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E SHA256 Fingerprint=31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0 @@ -2062,9 +2062,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 SHA1 Fingerprint=5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25 @@ -2108,7 +2108,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F SHA1 Fingerprint=DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4 SHA256 Fingerprint=55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88 @@ -2159,7 +2159,7 @@ Certificate: Not After : Jan 14 23:59:59 2046 GMT Subject: C=US, O=DigiCert, Inc., CN=DigiCert TLS ECC P384 Root G5 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C1:51:45:50:59:AB:3E:E7:2C:5A:FA:20:22:12:07:80:88:7C:11:6A X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -2193,7 +2193,7 @@ Certificate: Not After : Jan 14 23:59:59 2046 GMT Subject: C=US, O=DigiCert, Inc., CN=DigiCert TLS RSA4096 Root G5 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 51:33:1C:ED:36:40:AF:17:D3:25:CD:69:68:F2:AF:4E:23:3E:B3:41 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -2251,7 +2251,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B5:99:F8:AF:B0:94:F5:E3:20:D6:0A:AD:CE:4E:56:A4:2E:6E:42:ED SHA1 Fingerprint=B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71 SHA256 Fingerprint=E2:3D:4A:03:6D:7B:70:E9:F5:95:B1:42:20:79:D2:B9:1E:DF:BB:1F:B6:51:A0:63:3E:AA:8A:9D:C5:F8:07:03 @@ -2305,9 +2305,9 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: DC:2E:1F:D1:61:37:79:E4:AB:D5:D5:B3:12:71:68:3D:6A:68:9C:22 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:DC:2E:1F:D1:61:37:79:E4:AB:D5:D5:B3:12:71:68:3D:6A:68:9C:22 SHA1 Fingerprint=D0:67:C1:13:51:01:0C:AA:D0:C7:6A:65:37:31:16:26:4F:53:71:A2 @@ -2361,10 +2361,10 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:FF:82:31:72:3E:F9:C4:66:6C:AD:38:9E:D1:B0:51:88:A5:90:CC:F5 - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: FF:82:31:72:3E:F9:C4:66:6C:AD:38:9E:D1:B0:51:88:A5:90:CC:F5 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2401,10 +2401,10 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:B2:B4:AE:E6:2D:F7:26:D5:AA:75:2D:76:4B:C0:1B:53:21:D0:48:EF - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B2:B4:AE:E6:2D:F7:26:D5:AA:75:2D:76:4B:C0:1B:53:21:D0:48:EF X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2459,7 +2459,7 @@ Certificate: Not After : Feb 18 18:30:00 2043 GMT Subject: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: FB:5A:48:D0:80:20:40:F2:A8:E9:00:07:69:19:77:A7:E6:C3:F4:CF X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2493,7 +2493,7 @@ Certificate: Not After : Feb 18 18:30:00 2043 GMT Subject: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: FE:A1:E0:70:1E:2A:03:39:52:5A:42:BE:5C:91:85:7A:18:AA:4D:B5 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2537,7 +2537,7 @@ Certificate: Not After : Feb 18 18:30:00 2043 GMT Subject: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 7C:5D:02:84:13:D4:CC:8A:9B:81:CE:17:1C:2E:29:1E:9C:48:63:42 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2572,7 +2572,7 @@ Certificate: Not After : Feb 18 18:30:00 2043 GMT Subject: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: FB:EF:0D:86:9E:B0:E3:DD:A9:B9:F1:21:17:7F:3E:FC:F0:77:2B:1A X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2620,7 +2620,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 6A:72:26:7A:D0:1E:EF:7D:E7:3B:69:51:D4:6C:8D:9F:90:12:66:AB SHA1 Fingerprint=8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4 SHA256 Fingerprint=43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 @@ -2665,7 +2665,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B7:63:E7:1A:DD:8D:E9:08:A6:55:83:A4:E0:6A:50:41:65:11:42:49 SHA1 Fingerprint=20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47 SHA256 Fingerprint=02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5 @@ -2703,7 +2703,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9F:38:C4:56:23:C3:39:E8:A0:71:6C:E8:54:4C:E4:E8:3A:B1:BF:67 SHA1 Fingerprint=14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 SHA256 Fingerprint=DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 @@ -2758,14 +2758,14 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Private Key Usage Period: + X509v3 Private Key Usage Period: Not Before: Nov 27 20:23:42 2006 GMT, Not After: Nov 27 20:53:42 2026 GMT - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D - 1.2.840.113533.7.65.0: + 1.2.840.113533.7.65.0: 0...V7.1:4.0.... SHA1 Fingerprint=B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9 SHA256 Fingerprint=73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C @@ -2814,7 +2814,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 SHA1 Fingerprint=50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31 SHA256 Fingerprint=6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77 @@ -2862,9 +2862,9 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F7:7D:C5:FD:C4:E8:9A:1B:77:64:A7:F5:1D:A0:CC:BF:87:60:9A:6D - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.cert.fnmt.es/dpcs/ @@ -2918,7 +2918,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 01:B9:2F:EF:BF:11:86:60:F2:4F:D0:41:6E:AB:73:1F:E7:D2:6E:49 SHA1 Fingerprint=62:FF:D9:9E:C0:65:0D:03:CE:75:93:D2:ED:3F:2D:32:C9:E3:E5:4A SHA256 Fingerprint=55:41:53:B1:3D:2C:F9:DD:B7:53:BF:BE:1A:4E:0A:E0:8D:0A:A4:18:70:58:FE:60:A2:B8:62:B2:E4:B8:7B:CB @@ -2957,7 +2957,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5 SHA1 Fingerprint=6B:A0:B0:98:E1:71:EF:5A:AD:FE:48:15:80:77:10:F4:BD:6F:0B:28 SHA256 Fingerprint=B0:85:D7:0B:96:4F:19:1A:73:E4:AF:0D:54:AE:7A:0E:07:AA:FD:AF:9B:71:DD:08:62:13:8A:B7:32:5A:24:A2 @@ -2989,7 +2989,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 3D:E6:29:48:9B:EA:07:CA:21:44:4A:26:DE:6E:DE:D2:83:D0:9F:59 SHA1 Fingerprint=1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA SHA256 Fingerprint=17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24 @@ -3023,7 +3023,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 8F:F0:4B:7F:A8:2E:45:24:AE:4D:50:FA:63:9A:8B:DE:E2:DD:1B:BC SHA1 Fingerprint=D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD SHA256 Fingerprint=CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B @@ -3064,9 +3064,9 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: AE:6C:05:A3:93:13:E2:A2:E7:E2:D7:1C:D6:C7:F0:7F:C8:67:53:A0 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:AE:6C:05:A3:93:13:E2:A2:E7:E2:D7:1C:D6:C7:F0:7F:C8:67:53:A0 SHA1 Fingerprint=80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 @@ -3122,7 +3122,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 31:0A:90:8F:B6:C6:9D:D2:44:4B:80:B5:A2:E6:1F:B1:12:4F:1B:95 SHA1 Fingerprint=39:B4:6C:D5:FE:80:06:EB:E2:2F:4A:BB:08:33:A0:AF:DB:B9:DD:84 SHA256 Fingerprint=CB:B9:C4:4D:84:B8:04:3E:10:50:EA:31:A6:9F:51:49:55:D7:BF:D2:E2:C6:B4:93:01:01:9A:D6:1D:9F:50:58 @@ -3155,7 +3155,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 03:5C:AB:73:81:87:A8:CC:B0:A6:D5:94:E2:36:96:49:FF:05:99:2C SHA1 Fingerprint=53:A2:B0:4B:CA:6B:D6:45:E6:39:8A:8E:C4:0D:D2:BF:77:C3:A2:90 SHA256 Fingerprint=4F:A3:12:6D:8D:3A:11:D1:C4:85:5A:4F:80:7C:BA:D6:CF:91:9D:3A:5A:88:B0:3B:EA:2C:63:72:D9:3C:40:C9 @@ -3206,7 +3206,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B SHA1 Fingerprint=B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C SHA256 Fingerprint=EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99 @@ -3249,7 +3249,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE SHA1 Fingerprint=47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B SHA256 Fingerprint=45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA @@ -3295,7 +3295,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E4:AF:2B:26:71:1A:2B:48:27:85:2F:52:66:2C:EF:F0:89:13:71:3E SHA1 Fingerprint=E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A SHA256 Fingerprint=D9:47:43:2A:BD:E7:B7:FA:90:FC:2E:6B:59:10:1B:12:80:E0:E1:C7:E4:E4:0F:A3:C6:88:7F:FF:57:A7:F4:CF @@ -3346,7 +3346,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: BB:FF:CA:8E:23:9F:4F:99:CA:DB:E2:68:A6:A5:15:27:17:1E:D9:0E SHA1 Fingerprint=9A:44:49:76:32:DB:DE:FA:D0:BC:FB:5A:7B:17:BD:9E:56:09:24:94 SHA256 Fingerprint=8D:25:CD:97:22:9D:BF:70:35:6B:DA:4E:B3:CC:73:40:31:E2:4C:F0:0F:AF:CF:D3:2D:C7:6E:B5:84:1C:7E:A8 @@ -3397,7 +3397,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C1:F1:26:BA:A0:2D:AE:85:81:CF:D3:F1:2A:12:BD:B8:0A:67:FD:BC SHA1 Fingerprint=ED:E5:71:80:2B:C8:92:B9:5B:83:3C:D2:32:68:3F:09:CD:A0:1E:46 SHA256 Fingerprint=34:D8:A7:3E:E2:08:D9:BC:DB:0D:95:65:20:93:4B:4E:40:E6:94:82:59:6E:8B:6F:73:C8:42:6B:01:0A:6F:48 @@ -3430,7 +3430,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 80:4C:D6:EB:74:FF:49:36:A3:D5:D8:FC:B5:3E:C5:6A:F0:94:1D:8C SHA1 Fingerprint=77:D3:03:67:B5:E0:0C:15:F6:0C:38:61:DF:7C:E1:3B:92:46:4D:47 SHA256 Fingerprint=34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D @@ -3461,7 +3461,7 @@ Certificate: Not After : Dec 31 15:59:59 2040 GMT Subject: C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E2:C9:40:9F:4D:CE:E8:9A:A1:7C:CF:0E:3F:65:C5:29:88:6A:19:51 X509v3 Basic Constraints: critical CA:TRUE @@ -3518,7 +3518,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C9:1B:53:81:12:FE:04:D5:16:D1:AA:BC:9A:6F:B7:A0:95:19:6E:CA X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -3553,7 +3553,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 0A:48:23:A6:60:A4:92:0A:33:EA:93:5B:C5:57:EA:25:4D:BD:12:EE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -3610,7 +3610,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B4:22:0B:82:99:24:01:0E:9C:BB:E4:0E:FD:BF:FB:97:20:93:99:2A SHA1 Fingerprint=9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 SHA256 Fingerprint=44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 @@ -3646,7 +3646,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 71:15:67:C8:C8:C9:BD:75:5D:72:D0:38:18:6A:9D:F3:71:24:54:0B SHA1 Fingerprint=01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 SHA256 Fingerprint=A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 @@ -3741,10 +3741,10 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:17:9D:CD:1E:8B:D6:39:2B:70:D3:5C:D4:A0:B8:1F:B0:00:FC:C5:61 - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 17:9D:CD:1E:8B:D6:39:2B:70:D3:5C:D4:A0:B8:1F:B0:00:FC:C5:61 SHA1 Fingerprint=58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 SHA256 Fingerprint=5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 @@ -3801,7 +3801,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: ED:44:19:C0:D3:F0:06:8B:EE:A4:7B:BE:42:E7:26:54:C8:8E:36:76 SHA1 Fingerprint=DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25 SHA256 Fingerprint=5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE @@ -3852,7 +3852,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E3:71:E0:9E:D8:A7:42:D9:DB:71:91:6B:94:93:EB:C3:A3:D1:14:A3 SHA1 Fingerprint=BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD SHA256 Fingerprint=30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F @@ -3906,7 +3906,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E SHA1 Fingerprint=CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 SHA256 Fingerprint=96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 @@ -3957,7 +3957,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 SHA1 Fingerprint=BD:B1:B9:3C:D5:97:8D:45:C6:26:14:55:F8:DB:95:C7:5A:D1:53:AF SHA256 Fingerprint=69:72:9B:8E:15:A8:6E:FC:17:7A:57:AF:B7:17:1D:FC:64:AD:D2:8C:2F:CA:8C:F1:50:7E:34:45:3C:CB:14:70 @@ -3990,7 +3990,7 @@ Certificate: Not After : Jul 31 07:26:44 2043 GMT Subject: C=CN, O=iTrusChina Co.,Ltd., CN=vTrus ECC Root CA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 98:39:CD:BE:D8:B2:8C:F7:B2:AB:E1:AD:24:AF:7B:7C:A1:DB:1F:CF X509v3 Basic Constraints: critical CA:TRUE @@ -4024,7 +4024,7 @@ Certificate: Not After : Jul 31 07:24:05 2043 GMT Subject: C=CN, O=iTrusChina Co.,Ltd., CN=vTrus Root CA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 54:62:70:63:F1:75:84:43:58:8E:D1:16:20:B1:C6:AC:1A:BC:F6:89 X509v3 Basic Constraints: critical CA:TRUE @@ -4078,13 +4078,13 @@ Certificate: Not After : Dec 13 08:27:25 2037 GMT Subject: C=ES, O=IZENPE S.A., CN=Izenpe.com X509v3 extensions: - X509v3 Subject Alternative Name: + X509v3 Subject Alternative Name: email:info@izenpe.com, DirName:/O=IZENPE S.A. - CIF A01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8/street=Avda del Mediterraneo Etorbidea 14 - 01010 Vitoria-Gasteiz X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 1D:1C:65:0E:A8:F2:25:7B:B4:91:CF:E4:B1:B1:E6:BD:55:74:6C:05 SHA1 Fingerprint=2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 SHA256 Fingerprint=25:30:CC:8E:98:32:15:02:BA:D9:6F:9B:1F:BA:1B:09:9E:2D:29:9E:0F:45:48:BB:91:4F:36:3B:C0:D4:53:1F @@ -4136,7 +4136,7 @@ Certificate: Not After : Apr 8 04:56:47 2029 GMT Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 5B:F8:4D:4F:B2:A5:86:D4:3A:D2:F1:63:9A:A0:BE:09:F6:57:B7:DE X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4184,7 +4184,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 2E:16:A9:4A:18:B5:CB:CC:F5:6F:50:F3:23:5F:F8:5D:E7:AC:F0:C8 SHA1 Fingerprint=E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE SHA256 Fingerprint=A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE @@ -4228,9 +4228,9 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 87:11:15:08:D1:AA:C1:78:0C:B1:AF:CE:C6:C9:90:EF:BF:30:04:C0 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:87:11:15:08:D1:AA:C1:78:0C:B1:AF:CE:C6:C9:90:EF:BF:30:04:C0 SHA1 Fingerprint=89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1 @@ -4266,12 +4266,12 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 - X509v3 Subject Alternative Name: + X509v3 Subject Alternative Name: email:info@e-szigno.hu SHA1 Fingerprint=89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E SHA256 Fingerprint=3C:5F:81:FE:A5:FA:B8:2C:64:BF:A2:EA:EC:AF:CD:E8:E0:77:FC:86:20:A7:CA:E5:37:16:3D:F3:6E:DB:F3:78 @@ -4318,9 +4318,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C8:CB:99:72:70:52:0C:F8:E6:BE:B2:04:57:29:2A:CF:42:10:ED:35 - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5 SHA256 Fingerprint=35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02 @@ -4355,9 +4355,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 09:CB:59:7F:86:B2:70:8F:1A:C3:39:E3:C0:D9:E9:BF:BB:4D:B2:23 - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74 SHA256 Fingerprint=C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0 @@ -4409,7 +4409,7 @@ Certificate: Not After : Aug 18 23:59:59 2037 GMT Subject: C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D2:9F:88:DF:A1:CD:2C:BD:EC:F5:3B:01:01:93:33:27:B2:EB:60:4B X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4468,7 +4468,7 @@ Certificate: CA:TRUE, pathlen:4 X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: CC:FA:67:93:F0:B6:B8:D0:A5:C0:1E:F3:53:FD:8C:53:DF:83:D7:96 SHA1 Fingerprint=06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 SHA256 Fingerprint=6C:61:DA:C3:A2:DE:F0:31:50:6B:E0:36:D2:A6:FE:40:19:94:FB:D1:3D:F9:C8:D4:66:59:92:74:C4:46:EC:98 @@ -4515,7 +4515,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: A3:97:D6:F3:5E:A2:10:E1:AB:45:9F:3C:17:64:3C:EE:01:70:9C:CC SHA1 Fingerprint=1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67 SHA256 Fingerprint=8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74 @@ -4563,11 +4563,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Key Usage: + X509v3 Key Usage: Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 serial:05:09 @@ -4623,7 +4623,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: ED:E7:6F:76:5A:BF:60:EC:49:5B:C6:A5:77:BB:72:16:71:9B:C4:3D SHA1 Fingerprint=09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36 SHA256 Fingerprint=8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40 @@ -4671,17 +4671,17 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.8024.0.3 User Notice: Explicit Text: Any use of this Certificate constitutes acceptance of the QuoVadis Root CA 3 Certificate Policy / Certification Practice Statement. CPS: http://www.quovadisglobal.com/cps - X509v3 Key Usage: + X509v3 Key Usage: Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 serial:05:C6 @@ -4742,7 +4742,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C6:17:D0:BC:A8:EA:02:43:F2:1B:06:99:5D:2B:90:20:B9:D7:9C:E4 SHA1 Fingerprint=48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D SHA256 Fingerprint=88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46 @@ -4792,7 +4792,7 @@ Certificate: Not After : Jan 18 05:15:28 2038 GMT Subject: C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication ECC RootCA1 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 86:1C:E7:FE:2D:A5:4A:8B:08:FE:28:11:FA:BE:A3:66:F8:60:59:2F X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4826,7 +4826,7 @@ Certificate: Not After : Jan 18 06:17:16 2038 GMT Subject: C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 64:14:7C:FC:58:72:16:A6:0A:29:34:15:6F:2A:CB:BC:FC:AF:A8:AB X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4877,7 +4877,7 @@ Certificate: Not After : May 29 05:00:39 2029 GMT Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 0A:85:A9:77:65:05:98:7C:40:81:F8:0F:97:2C:38:F1:0A:EC:3C:CF X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4920,9 +4920,9 @@ Certificate: Not After : Sep 30 04:20:49 2023 GMT Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: A0:73:49:99:68:DC:85:5B:65:E3:9B:28:2F:57:9F:BD:33:BC:07:48 - X509v3 Key Usage: + X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE @@ -4963,20 +4963,20 @@ Certificate: Not After : Dec 31 19:52:06 2029 GMT Subject: C=US, O=SecureTrust Corporation, CN=Secure Global CA X509v3 extensions: - 1.3.6.1.4.1.311.20.2: + 1.3.6.1.4.1.311.20.2: ...C.A - X509v3 Key Usage: + X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: AF:44:04:C2:41:7E:48:83:DB:4E:39:02:EC:EC:84:7A:E6:CE:C9:A4 - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.securetrust.com/SGCA.crl - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B SHA256 Fingerprint=42:00:F5:04:3A:C8:59:0E:BB:52:7D:20:9E:D1:50:30:29:FB:CB:D4:1C:A1:B5:06:EC:27:F1:5A:DE:7D:AC:69 @@ -5014,20 +5014,20 @@ Certificate: Not After : Dec 31 19:40:55 2029 GMT Subject: C=US, O=SecureTrust Corporation, CN=SecureTrust CA X509v3 extensions: - 1.3.6.1.4.1.311.20.2: + 1.3.6.1.4.1.311.20.2: ...C.A - X509v3 Key Usage: + X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 42:32:B6:16:FA:04:FD:FE:5D:4B:7A:C3:FD:F7:4C:40:1D:5A:43:AF - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.securetrust.com/STCA.crl - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11 SHA256 Fingerprint=F1:C1:B5:0A:E5:A2:0D:D8:03:0E:C9:F6:BC:24:82:3D:D3:67:B5:25:57:59:B4:E7:1B:61:FC:E9:F7:37:5D:73 @@ -5067,11 +5067,11 @@ Certificate: Not After : Feb 12 18:15:23 2041 GMT Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 5B:CA:5E:E5:DE:D2:81:AA:CD:A8:2D:64:51:B6:D9:72:9B:97:E6:4F X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:5B:CA:5E:E5:DE:D2:81:AA:CD:A8:2D:64:51:B6:D9:72:9B:97:E6:4F X509v3 Key Usage: critical @@ -5107,10 +5107,10 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:F9:60:BB:D4:E3:D5:34:F6:B8:F5:06:80:25:A7:73:DB:46:69:A8:9E - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F9:60:BB:D4:E3:D5:34:F6:B8:F5:06:80:25:A7:73:DB:46:69:A8:9E X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -5161,11 +5161,11 @@ Certificate: Not After : Feb 12 18:14:03 2041 GMT Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 82:D1:85:73:30:E7:35:04:D3:8E:02:92:FB:E5:A4:D1:C4:21:E8:CD X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:82:D1:85:73:30:E7:35:04:D3:8E:02:92:FB:E5:A4:D1:C4:21:E8:CD X509v3 Key Usage: critical @@ -5199,11 +5199,11 @@ Certificate: Not After : Feb 12 17:39:39 2041 GMT Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: DD:04:09:07:A2:F5:7A:7D:52:53:12:92:95:EE:38:80:25:0D:A6:59 X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:DD:04:09:07:A2:F5:7A:7D:52:53:12:92:95:EE:38:80:25:0D:A6:59 X509v3 Key Usage: critical @@ -5258,14 +5258,14 @@ Certificate: Not After : Jun 29 17:39:16 2034 GMT Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 DirName:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority serial:00 - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE SHA1 Fingerprint=AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A SHA256 Fingerprint=14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58 @@ -5308,7 +5308,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 7C:0C:32:1F:A7:D9:30:7F:C4:7D:68:A3:62:A8:A1:CE:AB:07:5B:27 SHA1 Fingerprint=B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E SHA256 Fingerprint=2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5 @@ -5350,7 +5350,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9C:5F:00:DF:AA:01:D7:30:2B:38:88:A2:B8:6D:4A:9C:F2:11:91:83 SHA1 Fingerprint=92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F SHA256 Fingerprint=56:8D:69:05:A2:C8:87:08:A4:B3:02:51:90:ED:CF:ED:B1:97:4A:60:6A:13:C6:E5:29:0F:CB:2A:E6:3E:DA:B5 @@ -5397,12 +5397,12 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: 2.16.756.1.89.1.2.1.1 CPS: http://repository.swisssign.com/ @@ -5456,12 +5456,12 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: 2.16.756.1.89.1.3.1.1 CPS: http://repository.swisssign.com/ @@ -5518,7 +5518,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: BF:59:20:36:00:79:A0:A0:22:6B:8C:D5:F2:61:D2:B8:2C:CB:82:4A SHA1 Fingerprint=59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 SHA256 Fingerprint=91:E2:F5:78:8D:58:10:EB:A7:BA:58:73:7D:E1:54:8A:8E:CA:CD:01:45:98:BC:0B:14:3E:04:1B:17:05:25:52 @@ -5560,7 +5560,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B5:03:F7:76:3B:61:82:6A:12:AA:18:53:EB:03:21:94:BF:FE:CE:CA SHA1 Fingerprint=55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 SHA256 Fingerprint=FD:73:DA:D3:1C:64:4F:F1:B4:3B:EF:0C:CD:DA:96:71:0B:9C:D9:87:5E:CA:7E:31:70:7A:F3:E9:6D:52:2B:BD @@ -5653,7 +5653,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 6A:38:5B:26:8D:DE:8B:5A:F2:4F:7A:54:83:19:18:E3:08:35:A6:BA SHA1 Fingerprint=CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48 SHA256 Fingerprint=BF:D8:8F:E1:10:1C:41:AE:3E:80:1B:F8:BE:56:35:0E:E9:BA:D1:A6:B9:BD:51:5E:DC:5C:6D:5B:87:11:AC:44 @@ -5693,10 +5693,10 @@ Certificate: Not After : Nov 29 11:55:54 2043 GMT Subject: C=FI, O=Telia Finland Oyj, CN=Telia Root CA v2 X509v3 extensions: - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:72:AC:E4:33:79:AA:45:87:F6:FD:AC:1D:9E:D6:C7:2F:86:D8:24:39 - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 72:AC:E4:33:79:AA:45:87:F6:FD:AC:1D:9E:D6:C7:2F:86:D8:24:39 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -5753,9 +5753,9 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Key Usage: + X509v3 Key Usage: Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F0:8F:59:38:00:B3:F5:8F:9A:96:0C:D5:EB:FA:7B:AA:17:E8:13:12 SHA1 Fingerprint=43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37 SHA256 Fingerprint=DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89 @@ -5803,14 +5803,14 @@ Certificate: Not After : Jun 29 17:06:20 2034 GMT Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority serial:00 - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE SHA1 Fingerprint=27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4 SHA256 Fingerprint=C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4 @@ -5853,7 +5853,7 @@ Certificate: Not After : Jan 18 23:59:59 2038 GMT Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 3A:E1:09:86:D4:CF:19:C2:96:76:74:49:76:DC:E0:35:C6:63:63:9A X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -5889,7 +5889,7 @@ Certificate: Not After : Jan 18 23:59:59 2038 GMT Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -5948,7 +5948,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 99:E0:19:67:0D:62:DB:76:B3:DA:3D:B8:5B:E8:FD:42:D2:31:0E:87 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -6004,7 +6004,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: A3:41:06:AC:90:6D:D1:4A:EB:75:A5:4A:10:99:B3:B1:A1:8B:4A:F7 SHA1 Fingerprint=B4:90:82:DD:45:0C:BE:8B:5B:B1:66:D3:E2:A4:08:26:CD:ED:42:CF SHA256 Fingerprint=94:5B:BC:82:5E:A5:54:F4:89:D1:FD:51:A7:3D:DF:2E:A6:24:AC:70:19:A0:52:05:22:5C:22:A7:8C:CF:A8:B4 @@ -6039,7 +6039,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 55:A9:84:89:D2:C1:32:BD:18:CB:6C:A6:07:4E:C8:E7:9D:BE:82:90 SHA1 Fingerprint=E7:F3:A3:C8:CF:6F:C3:04:2E:6D:0E:67:32:C5:9E:68:95:0D:5E:D2 SHA256 Fingerprint=55:90:38:59:C8:C0:C3:EB:B8:75:9E:CE:4E:25:57:22:5F:F5:75:8B:BD:38:EB:D4:82:76:60:1E:1B:D5:80:97 @@ -6074,7 +6074,7 @@ Certificate: Not After : Oct 25 08:25:55 2043 GMT Subject: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 65:3F:C7:8A:86:C6:3C:DD:3C:54:5C:35:F8:3A:ED:52:0C:47:57:C8 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -6123,7 +6123,7 @@ Certificate: Not After : Dec 31 00:00:00 2038 GMT Subject: C=CN, O=UniTrust, CN=UCA Extended Validation Root X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D9:74:3A:E4:30:3D:0D:F7:12:DC:7E:5A:05:9F:1E:34:9A:F7:E1:14 X509v3 Basic Constraints: critical CA:TRUE @@ -6178,7 +6178,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 81:C4:8C:CC:F5:E4:30:FF:A5:0C:08:5F:8C:15:67:21:74:01:DF:DF SHA1 Fingerprint=28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A SHA256 Fingerprint=9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C @@ -6229,7 +6229,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 08:76:CD:CB:07:FF:24:F6:C5:CD:ED:BB:90:BC:E2:84:37:46:75:F7 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -6272,13 +6272,13 @@ Certificate: Not After : Dec 1 15:10:31 2039 GMT Subject: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA X509v3 extensions: - X509v3 Key Usage: + X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 35:0F:C8:36:63:5E:E2:A3:EC:F9:3B:66:15:CE:51:52:E3:91:9A:3D - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED SHA256 Fingerprint=6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 @@ -6320,9 +6320,9 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 48:87:14:AC:E3:C3:9E:90:60:3A:D7:CA:89:EE:D3:AD:8C:B4:50:66 - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 SHA256 Fingerprint=85:60:F9:1C:36:24:DA:BA:95:70:B5:FE:A0:DB:E3:6F:F1:1A:83:23:BE:94:86:85:4F:B3:F3:4A:55:71:19:8D @@ -6356,20 +6356,20 @@ Certificate: Not After : Jan 1 05:37:19 2035 GMT Subject: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority X509v3 extensions: - 1.3.6.1.4.1.311.20.2: + 1.3.6.1.4.1.311.20.2: ...C.A - X509v3 Key Usage: + X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C6:4F:A2:3D:06:63:84:09:9C:CE:62:E4:04:AC:8D:5C:B5:E9:B6:1B - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.xrampsecurity.com/XGCA.crl - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6 SHA256 Fingerprint=CE:CD:DC:90:50:99:D8:DA:DF:C5:B1:D2:09:B7:37:CB:E2:C1:8C:FB:2C:10:C0:FF:0B:CF:0D:32:86:FC:1A:A2 diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c index 6cfbf8f77..f2a6515b2 100644 --- a/lib/libcrypto/objects/obj_dat.c +++ b/lib/libcrypto/objects/obj_dat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_dat.c,v 1.61 2023/09/05 14:59:00 tb Exp $ */ +/* $OpenBSD: obj_dat.c,v 1.62 2023/11/27 11:52:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -477,8 +477,8 @@ OBJ_txt2obj(const char *s, int no_name) int nid; if (!no_name) { - if (((nid = OBJ_sn2nid(s)) != NID_undef) || - ((nid = OBJ_ln2nid(s)) != NID_undef) ) + if ((nid = OBJ_sn2nid(s)) != NID_undef || + (nid = OBJ_ln2nid(s)) != NID_undef) return OBJ_nid2obj(nid); } diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index 6c0ad78ec..2d4061cfd 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.126 2023/11/13 10:33:00 tb Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.127 2023/11/27 00:51:12 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2200,20 +2200,6 @@ X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) } LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls); -int -X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) -{ - return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); -} -LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose); - -int -X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) -{ - return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); -} -LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); - /* This function is used to set the X509_STORE_CTX purpose and trust * values. This is intended to be used when another structure has its * own trust and purpose values which (if set) will be inherited by @@ -2270,6 +2256,20 @@ X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, } LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit); +int +X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) +{ + return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); +} +LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose); + +int +X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) +{ + return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); +} +LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); + X509_STORE_CTX * X509_STORE_CTX_new(void) { diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c index 5bdb9fc80..82decbd3f 100644 --- a/sys/arch/amd64/amd64/vmm_machdep.c +++ b/sys/arch/amd64/amd64/vmm_machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_machdep.c,v 1.10 2023/11/24 21:48:25 dv Exp $ */ +/* $OpenBSD: vmm_machdep.c,v 1.11 2023/11/26 13:02:44 dv Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -4155,7 +4155,7 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) if (vcpu->vc_vmx_vpid_enabled) { /* Invalidate old TLB mappings */ - vid.vid_vpid = vcpu->vc_parent->vm_id; + vid.vid_vpid = vcpu->vc_vpid; vid.vid_addr = 0; invvpid(IA32_VMX_INVVPID_SINGLE_CTX_GLB, &vid); } @@ -5447,7 +5447,7 @@ vmx_handle_cr0_write(struct vcpu *vcpu, uint64_t r) /* Paging was disabled (prev. enabled) - Flush TLB */ if (vmm_softc->mode == VMM_MODE_EPT && vcpu->vc_vmx_vpid_enabled) { - vid.vid_vpid = vcpu->vc_parent->vm_id; + vid.vid_vpid = vcpu->vc_vpid; vid.vid_addr = 0; invvpid(IA32_VMX_INVVPID_SINGLE_CTX_GLB, &vid); } diff --git a/sys/arch/arm64/dev/rtkit.c b/sys/arch/arm64/dev/rtkit.c index cc60c6018..be465ee50 100644 --- a/sys/arch/arm64/dev/rtkit.c +++ b/sys/arch/arm64/dev/rtkit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtkit.c,v 1.12 2023/04/07 09:31:59 jsg Exp $ */ +/* $OpenBSD: rtkit.c,v 1.13 2023/11/25 18:12:20 kettenis Exp $ */ /* * Copyright (c) 2021 Mark Kettenis * @@ -77,9 +77,14 @@ #define RTKIT_IOREPORT_UNKNOWN2 12 #define RTKIT_OSLOG_TYPE(x) (((x) >> 56) & 0xff) -#define RTKIT_OSLOG_TYPE_SHIFT 56 -#define RTKIT_OSLOG_INIT 1ULL -#define RTKIT_OSLOG_ACK 3ULL +#define RTKIT_OSLOG_TYPE_SHIFT (56 - RTKIT_MGMT_TYPE_SHIFT) +#define RTKIT_OSLOG_BUFFER_REQUEST 1 +#define RTKIT_OSLOG_BUFFER_ADDR(x) (((x) >> 0) & 0xfffffffff) +#define RTKIT_OSLOG_BUFFER_SIZE(x) (((x) >> 36) & 0xfffff) +#define RTKIT_OSLOG_BUFFER_SIZE_SHIFT 36 +#define RTKIT_OSLOG_UNKNOWN1 3 +#define RTKIT_OSLOG_UNKNOWN2 4 +#define RTKIT_OSLOG_UNKNOWN3 5 /* Versions we support. */ #define RTKIT_MINVER 11 @@ -253,7 +258,7 @@ rtkit_handle_mgmt(struct rtkit_state *state, struct aplmbox_msg *msg) default: printf("%s: unhandled management event 0x%016lld\n", __func__, msg->data0); - return EIO; + break; } return 0; @@ -289,7 +294,7 @@ rtkit_handle_crashlog(struct rtkit_state *state, struct aplmbox_msg *msg) default: printf("%s: unhandled crashlog event 0x%016llx\n", __func__, msg->data0); - return EIO; + break; } return 0; @@ -333,7 +338,7 @@ rtkit_handle_syslog(struct rtkit_state *state, struct aplmbox_msg *msg) default: printf("%s: unhandled syslog event 0x%016llx\n", __func__, msg->data0); - return EIO; + break; } return 0; @@ -377,7 +382,7 @@ rtkit_handle_ioreport(struct rtkit_state *state, struct aplmbox_msg *msg) default: printf("%s: unhandled ioreport event 0x%016llx\n", __func__, msg->data0); - return EIO; + break; } return 0; @@ -387,19 +392,39 @@ int rtkit_handle_oslog(struct rtkit_state *state, struct aplmbox_msg *msg) { struct mbox_channel *mc = state->mc; + struct rtkit *rk = state->rk; + bus_addr_t addr; + bus_size_t size; int error; switch (RTKIT_OSLOG_TYPE(msg->data0)) { - case RTKIT_OSLOG_INIT: + case RTKIT_OSLOG_BUFFER_REQUEST: + addr = RTKIT_OSLOG_BUFFER_ADDR(msg->data0) << PAGE_SHIFT; + size = RTKIT_OSLOG_BUFFER_SIZE(msg->data0); + if (addr) + break; + + if (rk) { + addr = rtkit_alloc(state, size); + if (addr == (bus_addr_t)-1) + return ENOMEM; + } + error = rtkit_send(mc, RTKIT_EP_OSLOG, - 0, RTKIT_OSLOG_ACK << RTKIT_OSLOG_TYPE_SHIFT); + (RTKIT_OSLOG_BUFFER_REQUEST << RTKIT_OSLOG_TYPE_SHIFT), + (size << RTKIT_OSLOG_BUFFER_SIZE_SHIFT) | + (addr >> PAGE_SHIFT)); if (error) return error; break; + case RTKIT_OSLOG_UNKNOWN1: + case RTKIT_OSLOG_UNKNOWN2: + case RTKIT_OSLOG_UNKNOWN3: + break; default: printf("%s: unhandled oslog event 0x%016llx\n", __func__, msg->data0); - return EIO; + break; } return 0; @@ -456,7 +481,7 @@ rtkit_poll(struct rtkit_state *state) } printf("%s: unhandled endpoint %d\n", __func__, msg.data1); - return EIO; + break; } return 0; @@ -549,8 +574,9 @@ rtkit_set_ap_pwrstate(struct rtkit_state *state, uint16_t pwrstate) delay(10); continue; } + if (error) + return error; - KASSERT(error == 0); if (state->ap_pwrstate == pwrstate) break; } @@ -578,8 +604,9 @@ rtkit_set_iop_pwrstate(struct rtkit_state *state, uint16_t pwrstate) delay(10); continue; } + if (error) + return error; - KASSERT(error == 0); if (state->iop_pwrstate == pwrstate) break; } diff --git a/sys/dev/acpi/pchgpio.c b/sys/dev/acpi/pchgpio.c index 5f203785e..61d1fde2f 100644 --- a/sys/dev/acpi/pchgpio.c +++ b/sys/dev/acpi/pchgpio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pchgpio.c,v 1.14 2022/10/20 20:40:57 kettenis Exp $ */ +/* $OpenBSD: pchgpio.c,v 1.15 2023/11/27 00:39:42 jsg Exp $ */ /* * Copyright (c) 2020 Mark Kettenis * Copyright (c) 2020 James Hastings @@ -115,6 +115,9 @@ const char *pchgpio_hids[] = { "INT34C5", "INT34C6", "INTC1055", + "INTC1056", + "INTC1057", + "INTC1085", NULL }; @@ -311,6 +314,78 @@ const struct pchgpio_device tgl_h_device = .npins = 480, }; +/* Alder Lake-S */ + +const struct pchgpio_group adl_s_groups[] = +{ + /* Community 0 */ + { 0, 0, 0, 24, 0 }, /* GPP_I */ + { 0, 1, 25, 47, 32 }, /* GPP_R */ + { 0, 2, 48, 59, 64 }, /* GPP_J */ + + /* Community 1 */ + { 1, 0, 95, 118, 160 }, /* GPP_B */ + { 1, 1, 119, 126, 192 }, /* GPP_G */ + { 1, 2, 127, 150, 224 }, /* GPP_H */ + + /* Community 3 */ + { 2, 1, 160, 175, 256 }, /* GPP_A */ + { 2, 2, 176, 199, 288 }, /* GPP_C */ + + /* Community 4 */ + { 3, 0, 200, 207, 320 }, /* GPP_S */ + { 3, 1, 208, 230, 352 }, /* GPP_E */ + { 3, 2, 231, 245, 384 }, /* GPP_K */ + { 3, 3, 246, 269, 416 }, /* GPP_F */ + + /* Community 5 */ + { 4, 0, 270, 294, 448 }, /* GPP_D */ +}; + +const struct pchgpio_device adl_s_device = +{ + .pad_size = 16, + .gpi_is = 0x200, + .gpi_ie = 0x220, + .groups = adl_s_groups, + .ngroups = nitems(adl_s_groups), + .npins = 480, +}; + +/* Alder Lake-N */ + +const struct pchgpio_group adl_n_groups[] = +{ + /* Community 0 */ + { 0, 0, 0, 25, 0 }, /* GPP_B */ + { 0, 1, 26, 41, 32 }, /* GPP_T */ + { 0, 2, 42, 66, 64 }, /* GPP_A */ + + /* Community 1 */ + { 1, 0, 67, 74, 96 }, /* GPP_S */ + { 1, 1, 75, 94, 128 }, /* GPP_I */ + { 1, 2, 95, 118, 160 }, /* GPP_H */ + { 1, 3, 119, 139, 192 }, /* GPP_D */ + + /* Community 4 */ + { 2, 0, 169, 192, 256 }, /* GPP_C */ + { 2, 1, 193, 217, 288 }, /* GPP_F */ + { 2, 3, 224, 248, 320 }, /* GPP_E */ + + /* Community 5 */ + { 3, 0, 249, 256, 352 }, /* GPP_R */ +}; + +const struct pchgpio_device adl_n_device = +{ + .pad_size = 16, + .gpi_is = 0x100, + .gpi_ie = 0x120, + .groups = adl_n_groups, + .ngroups = nitems(adl_n_groups), + .npins = 384, +}; + struct pchgpio_match pchgpio_devices[] = { { "INT344B", &spt_lp_device }, { "INT3450", &cnl_h_device }, @@ -320,6 +395,9 @@ struct pchgpio_match pchgpio_devices[] = { { "INT34C5", &tgl_lp_device }, { "INT34C6", &tgl_h_device }, { "INTC1055", &tgl_lp_device }, + { "INTC1056", &adl_s_device }, + { "INTC1057", &adl_n_device }, + { "INTC1085", &adl_s_device }, }; int pchgpio_read_pin(void *, int); diff --git a/sys/dev/fdt/rkclock.c b/sys/dev/fdt/rkclock.c index 98ad82579..110c555db 100644 --- a/sys/dev/fdt/rkclock.c +++ b/sys/dev/fdt/rkclock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rkclock.c,v 1.83 2023/09/29 15:51:48 kettenis Exp $ */ +/* $OpenBSD: rkclock.c,v 1.84 2023/11/26 13:47:45 kettenis Exp $ */ /* * Copyright (c) 2017, 2018 Mark Kettenis * @@ -4107,6 +4107,11 @@ const struct rkclock rk3588_clocks[] = { { RK3588_CLK_GPU_SRC }, SET_PARENT }, + { + RK3588_CCLK_SRC_SDIO, RK3588_CRU_CLKSEL_CON(172), + SEL(9, 8), DIV(7, 2), + { RK3588_PLL_GPLL, RK3588_PLL_CPLL, RK3588_XIN24M } + }, { RK3588_ACLK_VOP_ROOT, RK3588_CRU_CLKSEL_CON(110), SEL(7, 5), DIV(4, 0), @@ -4292,6 +4297,9 @@ rk3588_set_pll(struct rkclock_softc *sc, bus_size_t base, uint32_t freq) case 1188000000U: p = 2; m = 198; s = 1; k = 0; break; + case 1100000000U: + p = 3; m = 550; s = 2; k = 0; + break; case 850000000U: p = 3; m = 425; s = 2; k = 0; break; @@ -4476,6 +4484,10 @@ rk3588_reset(void *cookie, uint32_t *cells, int on) reg = RK3588_CRU_SOFTRST_CON(34); bit = 0; break; + case RK3588_SRST_A_USB3OTG2: + reg = RK3588_CRU_SOFTRST_CON(35); + bit = 7; + break; case RK3588_SRST_A_USB3OTG0: reg = RK3588_CRU_SOFTRST_CON(42); bit = 4; diff --git a/sys/dev/fdt/rkclock_clocks.h b/sys/dev/fdt/rkclock_clocks.h index d55078ec5..67f61e703 100644 --- a/sys/dev/fdt/rkclock_clocks.h +++ b/sys/dev/fdt/rkclock_clocks.h @@ -458,6 +458,7 @@ #define RK3588_ACLK_LOW_TOP_ROOT 258 #define RK3588_CLK_GPU_SRC 261 #define RK3588_CLK_GPU 262 +#define RK3588_CCLK_SRC_SDIO 395 #define RK3588_ACLK_VOP_ROOT 600 #define RK3588_ACLK_VOP 605 #define RK3588_ACLK_VOP_SUB_SRC 619 @@ -497,6 +498,7 @@ #define RK3588_SRST_P_PCIE2 301 #define RK3588_SRST_P_PCIE3 302 #define RK3588_SRST_P_PCIE4 303 +#define RK3588_SRST_A_USB3OTG2 308 #define RK3588_SRST_A_USB3OTG0 338 #define RK3588_SRST_A_USB3OTG1 339 #define RK3588_SRST_REF_PIPE_PHY0 572 diff --git a/sys/dev/pci/drm/i915/i915_devlist.h b/sys/dev/pci/drm/i915/i915_devlist.h index 0b0dfba5b..565048901 100644 --- a/sys/dev/pci/drm/i915/i915_devlist.h +++ b/sys/dev/pci/drm/i915/i915_devlist.h @@ -309,10 +309,14 @@ static const struct pci_matchid i915_devices[] = { { 0x8086, 0xa789 }, { 0x8086, 0xa78a }, { 0x8086, 0xa78b }, - { 0x8086, 0xa720 }, { 0x8086, 0xa721 }, - { 0x8086, 0xa7a0 }, { 0x8086, 0xa7a1 }, - { 0x8086, 0xa7a8 }, { 0x8086, 0xa7a9 }, + { 0x8086, 0xa7ac }, + { 0x8086, 0xa7ad }, + { 0x8086, 0xa720 }, + { 0x8086, 0xa7a0 }, + { 0x8086, 0xa7a8 }, + { 0x8086, 0xa7aa }, + { 0x8086, 0xa7ab }, }; diff --git a/sys/dev/pci/drm/include/drm/i915_pciids.h b/sys/dev/pci/drm/include/drm/i915_pciids.h index 9c325c6b8..21faa73db 100644 --- a/sys/dev/pci/drm/include/drm/i915_pciids.h +++ b/sys/dev/pci/drm/include/drm/i915_pciids.h @@ -685,14 +685,22 @@ INTEL_VGA_DEVICE(0xA78A, info), \ INTEL_VGA_DEVICE(0xA78B, info) +/* RPL-U */ +#define INTEL_RPLU_IDS(info) \ + INTEL_VGA_DEVICE(0xA721, info), \ + INTEL_VGA_DEVICE(0xA7A1, info), \ + INTEL_VGA_DEVICE(0xA7A9, info), \ + INTEL_VGA_DEVICE(0xA7AC, info), \ + INTEL_VGA_DEVICE(0xA7AD, info) + /* RPL-P */ #define INTEL_RPLP_IDS(info) \ + INTEL_RPLU_IDS(info), \ INTEL_VGA_DEVICE(0xA720, info), \ - INTEL_VGA_DEVICE(0xA721, info), \ INTEL_VGA_DEVICE(0xA7A0, info), \ - INTEL_VGA_DEVICE(0xA7A1, info), \ INTEL_VGA_DEVICE(0xA7A8, info), \ - INTEL_VGA_DEVICE(0xA7A9, info) + INTEL_VGA_DEVICE(0xA7AA, info), \ + INTEL_VGA_DEVICE(0xA7AB, info) /* DG2 */ #define INTEL_DG2_G10_IDS(info) \ diff --git a/sys/dev/pci/pcidevs b/sys/dev/pci/pcidevs index aaf7ce42c..f890aec4b 100644 --- a/sys/dev/pci/pcidevs +++ b/sys/dev/pci/pcidevs @@ -1,4 +1,4 @@ -$OpenBSD: pcidevs,v 1.2056 2023/11/24 04:34:09 jmatthew Exp $ +$OpenBSD: pcidevs,v 1.2057 2023/11/26 05:47:21 jsg Exp $ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* @@ -7026,7 +7026,7 @@ product INTEL RPL_DTT 0xa71d Core 13G DTT product INTEL RPL_XHCI 0xa71e Core 13G xHCI product INTEL RPL_TBT_PCIE3 0xa71f Core 13G PCIE product INTEL RPL_P_GT_1 0xa720 Graphics -product INTEL RPL_P_GT_2 0xa721 Graphics +product INTEL RPL_U_GT_1 0xa721 Graphics product INTEL RPL_HX_HB_4 0xa728 Core 13G Host product INTEL RPL_HX_HB_5 0xa729 Core 13G Host product INTEL RPL_HX_HB_6 0xa72a Core 13G Host @@ -7050,10 +7050,14 @@ product INTEL RPL_S_GT_5 0xa788 Graphics product INTEL RPL_S_GT_6 0xa789 Graphics product INTEL RPL_S_GT_7 0xa78a Graphics product INTEL RPL_S_GT_8 0xa78b Graphics -product INTEL RPL_P_GT_3 0xa7a0 Graphics -product INTEL RPL_P_GT_4 0xa7a1 Graphics -product INTEL RPL_P_GT_5 0xa7a8 Graphics -product INTEL RPL_P_GT_6 0xa7a9 Graphics +product INTEL RPL_P_GT_2 0xa7a0 Graphics +product INTEL RPL_U_GT_2 0xa7a1 Graphics +product INTEL RPL_P_GT_3 0xa7a8 Graphics +product INTEL RPL_U_GT_3 0xa7a9 Graphics +product INTEL RPL_P_GT_4 0xa7aa Graphics +product INTEL RPL_P_GT_5 0xa7ab Graphics +product INTEL RPL_U_GT_4 0xa7ac Graphics +product INTEL RPL_U_GT_5 0xa7ad Graphics product INTEL 21152 0xb152 S21152BB product INTEL 21154 0xb154 21154AE/BE product INTEL CORE_DMI_0 0xd130 Core DMI diff --git a/sys/dev/pci/pcidevs.h b/sys/dev/pci/pcidevs.h index a18b4e7a0..7b88eacb4 100644 --- a/sys/dev/pci/pcidevs.h +++ b/sys/dev/pci/pcidevs.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2056 2023/11/24 04:34:09 jmatthew Exp + * OpenBSD: pcidevs,v 1.2057 2023/11/26 05:47:21 jsg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -7031,7 +7031,7 @@ #define PCI_PRODUCT_INTEL_RPL_XHCI 0xa71e /* Core 13G xHCI */ #define PCI_PRODUCT_INTEL_RPL_TBT_PCIE3 0xa71f /* Core 13G PCIE */ #define PCI_PRODUCT_INTEL_RPL_P_GT_1 0xa720 /* Graphics */ -#define PCI_PRODUCT_INTEL_RPL_P_GT_2 0xa721 /* Graphics */ +#define PCI_PRODUCT_INTEL_RPL_U_GT_1 0xa721 /* Graphics */ #define PCI_PRODUCT_INTEL_RPL_HX_HB_4 0xa728 /* Core 13G Host */ #define PCI_PRODUCT_INTEL_RPL_HX_HB_5 0xa729 /* Core 13G Host */ #define PCI_PRODUCT_INTEL_RPL_HX_HB_6 0xa72a /* Core 13G Host */ @@ -7055,10 +7055,14 @@ #define PCI_PRODUCT_INTEL_RPL_S_GT_6 0xa789 /* Graphics */ #define PCI_PRODUCT_INTEL_RPL_S_GT_7 0xa78a /* Graphics */ #define PCI_PRODUCT_INTEL_RPL_S_GT_8 0xa78b /* Graphics */ -#define PCI_PRODUCT_INTEL_RPL_P_GT_3 0xa7a0 /* Graphics */ -#define PCI_PRODUCT_INTEL_RPL_P_GT_4 0xa7a1 /* Graphics */ -#define PCI_PRODUCT_INTEL_RPL_P_GT_5 0xa7a8 /* Graphics */ -#define PCI_PRODUCT_INTEL_RPL_P_GT_6 0xa7a9 /* Graphics */ +#define PCI_PRODUCT_INTEL_RPL_P_GT_2 0xa7a0 /* Graphics */ +#define PCI_PRODUCT_INTEL_RPL_U_GT_2 0xa7a1 /* Graphics */ +#define PCI_PRODUCT_INTEL_RPL_P_GT_3 0xa7a8 /* Graphics */ +#define PCI_PRODUCT_INTEL_RPL_U_GT_3 0xa7a9 /* Graphics */ +#define PCI_PRODUCT_INTEL_RPL_P_GT_4 0xa7aa /* Graphics */ +#define PCI_PRODUCT_INTEL_RPL_P_GT_5 0xa7ab /* Graphics */ +#define PCI_PRODUCT_INTEL_RPL_U_GT_4 0xa7ac /* Graphics */ +#define PCI_PRODUCT_INTEL_RPL_U_GT_5 0xa7ad /* Graphics */ #define PCI_PRODUCT_INTEL_21152 0xb152 /* S21152BB */ #define PCI_PRODUCT_INTEL_21154 0xb154 /* 21154AE/BE */ #define PCI_PRODUCT_INTEL_CORE_DMI_0 0xd130 /* Core DMI */ diff --git a/sys/dev/pci/pcidevs_data.h b/sys/dev/pci/pcidevs_data.h index 5fe33bb04..67b7b3967 100644 --- a/sys/dev/pci/pcidevs_data.h +++ b/sys/dev/pci/pcidevs_data.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2056 2023/11/24 04:34:09 jmatthew Exp + * OpenBSD: pcidevs,v 1.2057 2023/11/26 05:47:21 jsg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -25464,7 +25464,7 @@ static const struct pci_known_product pci_known_products[] = { "Graphics", }, { - PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_2, + PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_GT_1, "Graphics", }, { @@ -25559,10 +25559,22 @@ static const struct pci_known_product pci_known_products[] = { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_S_GT_8, "Graphics", }, + { + PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_2, + "Graphics", + }, + { + PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_GT_2, + "Graphics", + }, { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_3, "Graphics", }, + { + PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_GT_3, + "Graphics", + }, { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_4, "Graphics", @@ -25572,7 +25584,11 @@ static const struct pci_known_product pci_known_products[] = { "Graphics", }, { - PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_P_GT_6, + PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_GT_4, + "Graphics", + }, + { + PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_RPL_U_GT_5, "Graphics", }, { diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 797f4b289..7118488fd 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.137 2023/11/12 23:19:15 bluhm Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.138 2023/11/26 22:08:10 bluhm Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -141,7 +141,7 @@ struct inpcb { } inp_mou; #define inp_moptions inp_mou.mou_mo #define inp_moptions6 inp_mou.mou_mo6 - u_char inp_seclevel[4]; + u_char inp_seclevel[4]; /* [N] IPsec level of socket */ #define SL_AUTH 0 /* Authentication level */ #define SL_ESP_TRANS 1 /* ESP transport level */ #define SL_ESP_NETWORK 2 /* ESP network (encapsulation) level */ diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index 4bd5b2067..d6e9e4c8a 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.243 2023/10/11 22:13:16 tobhe Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.244 2023/11/26 22:08:10 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -671,7 +671,7 @@ int checkreplaywindow(struct tdb *, u_int64_t, u_int32_t, u_int32_t *, int); int ipsp_process_packet(struct mbuf *, struct tdb *, int, int); int ipsp_process_done(struct mbuf *, struct tdb *); int ipsp_spd_lookup(struct mbuf *, int, int, int, struct tdb *, - struct inpcb *, struct tdb **, struct ipsec_ids *); + const u_char[], struct tdb **, struct ipsec_ids *); int ipsp_is_unspecified(union sockaddr_union); int ipsp_aux_match(struct tdb *, struct ipsec_ids *, struct sockaddr_encap *, struct sockaddr_encap *); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 1094c495a..fb9cc84fd 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.390 2023/07/07 08:05:02 bluhm Exp $ */ +/* $OpenBSD: ip_output.c,v 1.391 2023/11/26 22:08:10 bluhm Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -84,7 +84,7 @@ void ip_mloopback(struct ifnet *, struct mbuf *, struct sockaddr_in *); static u_int16_t in_cksum_phdr(u_int32_t, u_int32_t, u_int32_t); void in_delayed_cksum(struct mbuf *); -int ip_output_ipsec_lookup(struct mbuf *m, int hlen, struct inpcb *inp, +int ip_output_ipsec_lookup(struct mbuf *m, int hlen, const u_char seclevel[], struct tdb **, int ipsecflowinfo); void ip_output_ipsec_pmtu_update(struct tdb *, struct route *, struct in_addr, int, int); @@ -98,7 +98,7 @@ int ip_output_ipsec_send(struct tdb *, struct mbuf *, struct route *, int); */ int ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, - struct ip_moptions *imo, struct inpcb *inp, u_int32_t ipsecflowinfo) + struct ip_moptions *imo, const u_char seclevel[], u_int32_t ipsecflowinfo) { struct ip *ip; struct ifnet *ifp = NULL; @@ -115,11 +115,6 @@ ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, NET_ASSERT_LOCKED(); -#ifdef IPSEC - if (inp && (inp->inp_flags & INP_IPV6) != 0) - panic("ip_output: IPv6 pcb is passed"); -#endif /* IPSEC */ - #ifdef DIAGNOSTIC if ((m->m_flags & M_PKTHDR) == 0) panic("ip_output no HDR"); @@ -240,9 +235,9 @@ reroute: } #ifdef IPSEC - if (ipsec_in_use || inp != NULL) { + if (ipsec_in_use || seclevel != NULL) { /* Do we have any pending SAs to apply ? */ - error = ip_output_ipsec_lookup(m, hlen, inp, &tdb, + error = ip_output_ipsec_lookup(m, hlen, seclevel, &tdb, ipsecflowinfo); if (error) { /* Should silently drop packet */ @@ -514,7 +509,7 @@ bad: #ifdef IPSEC int -ip_output_ipsec_lookup(struct mbuf *m, int hlen, struct inpcb *inp, +ip_output_ipsec_lookup(struct mbuf *m, int hlen, const u_char seclevel[], struct tdb **tdbout, int ipsecflowinfo) { struct m_tag *mtag; @@ -527,7 +522,7 @@ ip_output_ipsec_lookup(struct mbuf *m, int hlen, struct inpcb *inp, if (ipsecflowinfo) ids = ipsp_ids_lookup(ipsecflowinfo); error = ipsp_spd_lookup(m, AF_INET, hlen, IPSP_DIRECTION_OUT, - NULL, inp, &tdb, ids); + NULL, seclevel, &tdb, ids); ipsp_ids_free(ids); if (error || tdb == NULL) { *tdbout = NULL; diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index 1d40979bd..ed27d5a4e 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.118 2023/04/22 20:51:56 mvs Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.119 2023/11/26 22:08:10 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -39,7 +39,7 @@ #include #include -int ipsp_spd_inp(struct mbuf *, struct inpcb *, struct ipsec_policy *, +int ipsp_spd_inp(struct mbuf *, const u_char *, struct ipsec_policy *, struct tdb **); int ipsp_acquire_sa(struct ipsec_policy *, union sockaddr_union *, union sockaddr_union *, struct sockaddr_encap *, struct mbuf *); @@ -153,7 +153,7 @@ spd_table_walk(unsigned int rtableid, */ int ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, - struct tdb *tdbin, struct inpcb *inp, struct tdb **tdbout, + struct tdb *tdbin, const u_char seclevel[], struct tdb **tdbout, struct ipsec_ids *ipsecflowinfo_ids) { struct radix_node_head *rnh; @@ -172,15 +172,15 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, * continuing with the SPD lookup. */ if (!ipsec_in_use) - return ipsp_spd_inp(m, inp, NULL, tdbout); + return ipsp_spd_inp(m, seclevel, NULL, tdbout); /* * If an input packet is destined to a BYPASS socket, just accept it. */ - if ((inp != NULL) && (direction == IPSP_DIRECTION_IN) && - (inp->inp_seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS) && - (inp->inp_seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_BYPASS) && - (inp->inp_seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS)) { + if ((seclevel != NULL) && (direction == IPSP_DIRECTION_IN) && + (seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS) && + (seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_BYPASS) && + (seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS)) { if (tdbout != NULL) *tdbout = NULL; return 0; @@ -311,13 +311,13 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, * Return whatever the socket requirements are, there are no * system-wide policies. */ - return ipsp_spd_inp(m, inp, NULL, tdbout); + return ipsp_spd_inp(m, seclevel, NULL, tdbout); } ipo = (struct ipsec_policy *)rn; switch (ipo->ipo_type) { case IPSP_PERMIT: - return ipsp_spd_inp(m, inp, ipo, tdbout); + return ipsp_spd_inp(m, seclevel, ipo, tdbout); case IPSP_DENY: return EHOSTUNREACH; @@ -384,11 +384,10 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, * gateway/endhost, and the socket has the BYPASS * option set, skip IPsec processing. */ - if ((inp != NULL) && - (inp->inp_seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS) && - (inp->inp_seclevel[SL_ESP_NETWORK] == - IPSEC_LEVEL_BYPASS) && - (inp->inp_seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS)) { + if ((seclevel != NULL) && + (seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS) && + (seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_BYPASS) && + (seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS)) { /* Direct match. */ if (dignore || !memcmp(&sdst, &ipo->ipo_dst, sdst.sa.sa_len)) { @@ -414,7 +413,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, goto nomatchout; /* Cached entry is good. */ - error = ipsp_spd_inp(m, inp, ipo, tdbout); + error = ipsp_spd_inp(m, seclevel, ipo, tdbout); mtx_leave(&ipo_tdb_mtx); return error; @@ -475,7 +474,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, TAILQ_INSERT_TAIL( &ipo->ipo_tdb->tdb_policy_head, ipo, ipo_tdb_next); - error = ipsp_spd_inp(m, inp, ipo, tdbout); + error = ipsp_spd_inp(m, seclevel, ipo, tdbout); mtx_leave(&ipo_tdb_mtx); return error; } @@ -503,7 +502,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, /* FALLTHROUGH */ case IPSP_IPSEC_USE: - return ipsp_spd_inp(m, inp, ipo, tdbout); + return ipsp_spd_inp(m, seclevel, ipo, tdbout); } } else { /* IPSP_DIRECTION_IN */ if (tdbin != NULL) { @@ -528,7 +527,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, /* Direct match in the cache. */ mtx_enter(&ipo_tdb_mtx); if (ipo->ipo_tdb == tdbin) { - error = ipsp_spd_inp(m, inp, ipo, tdbout); + error = ipsp_spd_inp(m, seclevel, ipo, tdbout); mtx_leave(&ipo_tdb_mtx); return error; } @@ -556,7 +555,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, ipo->ipo_tdb = tdb_ref(tdbin); TAILQ_INSERT_TAIL(&tdbin->tdb_policy_head, ipo, ipo_tdb_next); - error = ipsp_spd_inp(m, inp, ipo, tdbout); + error = ipsp_spd_inp(m, seclevel, ipo, tdbout); mtx_leave(&ipo_tdb_mtx); return error; @@ -647,7 +646,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, case IPSP_IPSEC_ACQUIRE: /* If appropriate SA exists, don't acquire another. */ if (ipo->ipo_tdb != NULL) - return ipsp_spd_inp(m, inp, ipo, tdbout); + return ipsp_spd_inp(m, seclevel, ipo, tdbout); /* Acquire SA through key management. */ ipsp_acquire_sa(ipo, dignore ? &ssrc : &ipo->ipo_dst, @@ -655,7 +654,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int direction, /* FALLTHROUGH */ case IPSP_IPSEC_USE: - return ipsp_spd_inp(m, inp, ipo, tdbout); + return ipsp_spd_inp(m, seclevel, ipo, tdbout); } } @@ -905,23 +904,23 @@ ipsp_acquire_sa(struct ipsec_policy *ipo, union sockaddr_union *gw, * Deal with PCB security requirements. */ int -ipsp_spd_inp(struct mbuf *m, struct inpcb *inp, struct ipsec_policy *ipo, +ipsp_spd_inp(struct mbuf *m, const u_char seclevel[], struct ipsec_policy *ipo, struct tdb **tdbout) { /* Sanity check. */ - if (inp == NULL) + if (seclevel == NULL) goto justreturn; /* We only support IPSEC_LEVEL_BYPASS or IPSEC_LEVEL_AVAIL */ - if (inp->inp_seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS && - inp->inp_seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_BYPASS && - inp->inp_seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS) + if (seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS && + seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_BYPASS && + seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS) goto justreturn; - if (inp->inp_seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_AVAIL && - inp->inp_seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_AVAIL && - inp->inp_seclevel[SL_AUTH] == IPSEC_LEVEL_AVAIL) + if (seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_AVAIL && + seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_AVAIL && + seclevel[SL_AUTH] == IPSEC_LEVEL_AVAIL) goto justreturn; return -EINVAL; /* Silently drop packet. */ diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index b93b27ca3..789796633 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_var.h,v 1.109 2023/04/05 21:51:47 bluhm Exp $ */ +/* $OpenBSD: ip_var.h,v 1.110 2023/11/26 22:08:10 bluhm Exp $ */ /* $NetBSD: ip_var.h,v 1.16 1996/02/13 23:43:20 christos Exp $ */ /* @@ -236,7 +236,7 @@ struct mbuf* int ip_mforward(struct mbuf *, struct ifnet *); int ip_optcopy(struct ip *, struct ip *); int ip_output(struct mbuf *, struct mbuf *, struct route *, int, - struct ip_moptions *, struct inpcb *, u_int32_t); + struct ip_moptions *, const u_char[], u_int32_t); u_int16_t ip_randomid(void); void ip_send(struct mbuf *); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index e89b059ab..0dec3e000 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip.c,v 1.151 2023/01/22 12:05:44 mvs Exp $ */ +/* $OpenBSD: raw_ip.c,v 1.152 2023/11/26 22:08:10 bluhm Exp $ */ /* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */ /* @@ -326,7 +326,7 @@ rip_output(struct mbuf *m, struct socket *so, struct sockaddr *dstaddr, #endif error = ip_output(m, inp->inp_options, &inp->inp_route, flags, - inp->inp_moptions, inp, 0); + inp->inp_moptions, inp->inp_seclevel, 0); return (error); } diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 19b6a1820..0b36decfd 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.392 2023/11/16 18:27:48 bluhm Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.393 2023/11/26 22:08:10 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -586,7 +586,7 @@ findpcb: &tdbi->dst, tdbi->proto); } error = ipsp_spd_lookup(m, af, iphlen, IPSP_DIRECTION_IN, - tdb, inp, NULL, NULL); + tdb, inp->inp_seclevel, NULL, NULL); tdb_unref(tdb); if (error) { tcpstat_inc(tcps_rcvnosec); @@ -4162,7 +4162,7 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) ip->ip_tos = inp->inp_ip.ip_tos; error = ip_output(m, sc->sc_ipopts, &sc->sc_route4, - (ip_mtudisc ? IP_MTUDISC : 0), NULL, inp, 0); + (ip_mtudisc ? IP_MTUDISC : 0), NULL, inp->inp_seclevel, 0); break; #ifdef INET6 case AF_INET6: diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 8903d4200..80d195683 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_output.c,v 1.140 2023/07/06 09:15:24 bluhm Exp $ */ +/* $OpenBSD: tcp_output.c,v 1.141 2023/11/26 22:08:10 bluhm Exp $ */ /* $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $ */ /* @@ -1087,8 +1087,9 @@ send: SET(m->m_pkthdr.csum_flags, M_FLOWID); #endif error = ip_output(m, tp->t_inpcb->inp_options, - &tp->t_inpcb->inp_route, - (ip_mtudisc ? IP_MTUDISC : 0), NULL, tp->t_inpcb, 0); + &tp->t_inpcb->inp_route, + (ip_mtudisc ? IP_MTUDISC : 0), NULL, + tp->t_inpcb->inp_seclevel, 0); break; #ifdef INET6 case AF_INET6: @@ -1107,7 +1108,8 @@ send: #endif } error = ip6_output(m, tp->t_inpcb->inp_outputopts6, - &tp->t_inpcb->inp_route6, 0, NULL, tp->t_inpcb); + &tp->t_inpcb->inp_route6, 0, NULL, + tp->t_inpcb->inp_seclevel); break; #endif /* INET6 */ } diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 9bdf26614..74d7a340a 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_subr.c,v 1.192 2023/07/06 09:15:24 bluhm Exp $ */ +/* $OpenBSD: tcp_subr.c,v 1.193 2023/11/26 22:08:10 bluhm Exp $ */ /* $NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $ */ /* @@ -402,7 +402,7 @@ tcp_respond(struct tcpcb *tp, caddr_t template, struct tcphdr *th0, ip6_output(m, tp ? tp->t_inpcb->inp_outputopts6 : NULL, tp ? &tp->t_inpcb->inp_route6 : NULL, 0, NULL, - tp ? tp->t_inpcb : NULL); + tp ? tp->t_inpcb->inp_seclevel : NULL); break; #endif /* INET6 */ case AF_INET: @@ -412,7 +412,7 @@ tcp_respond(struct tcpcb *tp, caddr_t template, struct tcphdr *th0, ip_output(m, NULL, tp ? &tp->t_inpcb->inp_route : NULL, ip_mtudisc ? IP_MTUDISC : 0, NULL, - tp ? tp->t_inpcb : NULL, 0); + tp ? tp->t_inpcb->inp_seclevel : NULL, 0); break; } } diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 5daee4d8e..c9b4c51ea 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.306 2023/09/16 09:33:27 mpi Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.307 2023/11/26 22:08:10 bluhm Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -543,7 +543,7 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af) } else tdb = NULL; error = ipsp_spd_lookup(m, af, iphlen, IPSP_DIRECTION_IN, - tdb, inp, NULL, NULL); + tdb, inp->inp_seclevel, NULL, NULL); if (error) { udpstat_inc(udps_nosec); tdb_unref(tdb); @@ -1065,7 +1065,7 @@ udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr, error = ip_output(m, inp->inp_options, &inp->inp_route, (inp->inp_socket->so_options & SO_BROADCAST), inp->inp_moptions, - inp, ipsecflowinfo); + inp->inp_seclevel, ipsecflowinfo); bail: m_freem(control); diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 8057f26e8..df8fecdc9 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.279 2023/07/07 08:05:02 bluhm Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.280 2023/11/26 22:08:10 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -161,7 +161,7 @@ struct idgen32_ctx ip6_id_ctx; */ int ip6_output(struct mbuf *m, struct ip6_pktopts *opt, struct route_in6 *ro, - int flags, struct ip6_moptions *im6o, struct inpcb *inp) + int flags, struct ip6_moptions *im6o, const u_char seclevel[]) { struct ip6_hdr *ip6; struct ifnet *ifp = NULL; @@ -185,11 +185,6 @@ ip6_output(struct mbuf *m, struct ip6_pktopts *opt, struct route_in6 *ro, struct tdb *tdb = NULL; #endif /* IPSEC */ -#ifdef IPSEC - if (inp && (inp->inp_flags & INP_IPV6) == 0) - panic("%s: IPv4 pcb is passed", __func__); -#endif /* IPSEC */ - ip6 = mtod(m, struct ip6_hdr *); finaldst = ip6->ip6_dst; @@ -218,8 +213,8 @@ ip6_output(struct mbuf *m, struct ip6_pktopts *opt, struct route_in6 *ro, } #ifdef IPSEC - if (ipsec_in_use || inp != NULL) { - error = ip6_output_ipsec_lookup(m, inp, &tdb); + if (ipsec_in_use || seclevel != NULL) { + error = ip6_output_ipsec_lookup(m, seclevel, &tdb); if (error) { /* * -EINVAL is used to indicate that the packet should @@ -2751,7 +2746,8 @@ in6_proto_cksum_out(struct mbuf *m, struct ifnet *ifp) #ifdef IPSEC int -ip6_output_ipsec_lookup(struct mbuf *m, struct inpcb *inp, struct tdb **tdbout) +ip6_output_ipsec_lookup(struct mbuf *m, const u_char seclevel[], + struct tdb **tdbout) { struct tdb *tdb; struct m_tag *mtag; @@ -2765,7 +2761,7 @@ ip6_output_ipsec_lookup(struct mbuf *m, struct inpcb *inp, struct tdb **tdbout) /* Do we have any pending SAs to apply ? */ error = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr), - IPSP_DIRECTION_OUT, NULL, inp, &tdb, NULL); + IPSP_DIRECTION_OUT, NULL, seclevel, &tdb, NULL); if (error || tdb == NULL) { *tdbout = NULL; return error; diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index 9ded8f101..f5b8839b2 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.106 2022/11/12 02:49:34 kn Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.107 2023/11/26 22:08:10 bluhm Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -325,7 +325,7 @@ void ip6_forward(struct mbuf *, struct rtentry *, int); void ip6_mloopback(struct ifnet *, struct mbuf *, struct sockaddr_in6 *); int ip6_output(struct mbuf *, struct ip6_pktopts *, struct route_in6 *, int, - struct ip6_moptions *, struct inpcb *); + struct ip6_moptions *, const u_char[]); int ip6_fragment(struct mbuf *, struct mbuf_list *, int, u_char, u_long); int ip6_ctloutput(int, struct socket *, int, int, struct mbuf *); int ip6_raw_ctloutput(int, struct socket *, int, int, struct mbuf *); @@ -376,7 +376,7 @@ u_int32_t ip6_randomflowlabel(void); #ifdef IPSEC struct tdb; -int ip6_output_ipsec_lookup(struct mbuf *, struct inpcb *, struct tdb **); +int ip6_output_ipsec_lookup(struct mbuf *, const u_char[], struct tdb **); int ip6_output_ipsec_send(struct tdb *, struct mbuf *, struct route_in6 *, int, int); #endif /* IPSEC */ diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 05879b42f..e4ff18189 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip6.c,v 1.173 2023/09/16 09:33:27 mpi Exp $ */ +/* $OpenBSD: raw_ip6.c,v 1.174 2023/11/26 22:08:10 bluhm Exp $ */ /* $KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $ */ /* @@ -514,7 +514,7 @@ rip6_output(struct mbuf *m, struct socket *so, struct sockaddr *dstaddr, #endif error = ip6_output(m, optp, &in6p->inp_route6, flags, - in6p->inp_moptions6, in6p); + in6p->inp_moptions6, in6p->inp_seclevel); if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { icmp6stat_inc(icp6s_outhist + type); } else diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c index 092013386..15f7ad06a 100644 --- a/sys/netinet6/udp6_output.c +++ b/sys/netinet6/udp6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp6_output.c,v 1.59 2022/02/22 01:35:41 guenther Exp $ */ +/* $OpenBSD: udp6_output.c,v 1.60 2023/11/26 22:08:10 bluhm Exp $ */ /* $KAME: udp6_output.c,v 1.21 2001/02/07 11:51:54 itojun Exp $ */ /* @@ -232,7 +232,7 @@ udp6_output(struct inpcb *in6p, struct mbuf *m, struct mbuf *addr6, #endif error = ip6_output(m, optp, &in6p->inp_route6, - flags, in6p->inp_moptions6, in6p); + flags, in6p->inp_moptions6, in6p->inp_seclevel); goto releaseopt; release: diff --git a/usr.bin/awk/FIXES b/usr.bin/awk/FIXES index 5d2b45959..52f49e3ee 100644 --- a/usr.bin/awk/FIXES +++ b/usr.bin/awk/FIXES @@ -25,13 +25,24 @@ THIS SOFTWARE. This file lists all bug fixes, changes, etc., made since the second edition of the AWK book was published in September 2023. -Nov 20, 2023 +Nov 24, 2023: + Fix issue #199: gototab improvements to dynamically resize the + table, qsort and bsearch to improve the lookup speed as the + table gets larger for multibyte input. thanks to Arnold Robbins. + +Nov 23, 2023: + Fix Issue #169, related to escape sequences in strings. + Thanks to Github user rajeevvp. + Fix Issue #147, reported by Github user drawkula, and fixed + by Miguel Pineiro Jr. + +Nov 20, 2023: rewrite of fnematch to fix a number of issues, including extraneous output, out-of-bounds access, number of bytes to push back after a failed match etc. thanks to Miguel Pineiro Jr. -Nov 15, 2023 +Nov 15, 2023: Man page edit, regression test fixes. thanks to Arnold Robbins consolidation of sub and gsub into dosub, removing duplicate code. thanks to Miguel Pineiro Jr. @@ -44,7 +55,6 @@ Oct 30, 2023: systems. also fixed an out-of-bounds read for empty CCL. fixed a buffer overflow in substr with utf-8 strings. many thanks to Todd C Miller. - Sep 24, 2023: fnematch and getrune have been overhauled to solve issues around diff --git a/usr.bin/awk/awk.h b/usr.bin/awk/awk.h index a57e27eaf..3b5c67b60 100644 --- a/usr.bin/awk/awk.h +++ b/usr.bin/awk/awk.h @@ -1,4 +1,4 @@ -/* $OpenBSD: awk.h,v 1.30 2023/09/18 19:32:19 millert Exp $ */ +/* $OpenBSD: awk.h,v 1.31 2023/11/25 16:31:33 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -257,14 +257,19 @@ typedef struct rrow { int *lfollow; } rrow; -typedef struct gtt { /* gototab entry */ +typedef struct gtte { /* gototab entry */ unsigned int ch; unsigned int state; +} gtte; + +typedef struct gtt { /* gototab */ + size_t allocated; + size_t inuse; + gtte *entries; } gtt; typedef struct fa { - gtt **gototab; - int gototab_len; + gtt *gototab; uschar *out; uschar *restr; int **posns; diff --git a/usr.bin/awk/b.c b/usr.bin/awk/b.c index 09548d7e5..523e3ee19 100644 --- a/usr.bin/awk/b.c +++ b/usr.bin/awk/b.c @@ -1,4 +1,4 @@ -/* $OpenBSD: b.c,v 1.48 2023/11/22 01:01:21 millert Exp $ */ +/* $OpenBSD: b.c,v 1.49 2023/11/25 16:31:33 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -97,9 +97,8 @@ extern int u8_nextlen(const char *s); mechanism of the goto table used 8-bit byte indices into the gototab entries to compute the next state. Unicode is a lot bigger, so the gototab entries are now structs with a character - and a next state, and there is a linear search of the characters - to find the state. (Yes, this is slower, by a significant - amount. Tough.) + and a next state. These are sorted by code point and binary + searched. Throughout the RE mechanism in b.c, utf-8 characters are converted to their utf-32 value. This mostly shows up in @@ -114,9 +113,10 @@ extern int u8_nextlen(const char *s); */ +static int entry_cmp(const void *l, const void *r); static int get_gototab(fa*, int, int); static int set_gototab(fa*, int, int, int); -static void reset_gototab(fa*, int); +static void clear_gototab(fa*, int); extern int u8_rune(int *, const uschar *); static int * @@ -151,7 +151,7 @@ resizesetvec(const char *f) static void resize_state(fa *f, int state) { - gtt **p; + gtt *p; uschar *p2; int **p3; int i, new_count; @@ -161,7 +161,7 @@ resize_state(fa *f, int state) new_count = state + 10; /* needs to be tuned */ - p = (gtt **) reallocarray(f->gototab, new_count, sizeof(f->gototab[0])); + p = (gtt *) reallocarray(f->gototab, new_count, sizeof(gtt)); if (p == NULL) goto out; f->gototab = p; @@ -177,13 +177,14 @@ resize_state(fa *f, int state) f->posns = p3; for (i = f->state_count; i < new_count; ++i) { - f->gototab[i] = (gtt *) calloc(NCHARS, sizeof(**f->gototab)); - if (f->gototab[i] == NULL) + f->gototab[i].entries = (gtte *) calloc(NCHARS, sizeof(gtte)); + if (f->gototab[i].entries == NULL) goto out; - f->out[i] = 0; + f->gototab[i].allocated = NCHARS; + f->gototab[i].inuse = 0; + f->out[i] = 0; f->posns[i] = NULL; } - f->gototab_len = NCHARS; /* should be variable, growable */ f->state_count = new_count; return; out: @@ -277,7 +278,7 @@ int makeinit(fa *f, bool anchor) } if ((f->posns[2])[1] == f->accept) f->out[2] = 1; - reset_gototab(f, 2); + clear_gototab(f, 2); f->curstat = cgoto(f, 2, HAT); if (anchor) { *f->posns[2] = k-1; /* leave out position 0 */ @@ -601,37 +602,104 @@ int member(int c, int *sarg) /* is c in s? */ return(0); } -static int get_gototab(fa *f, int state, int ch) /* hide gototab inplementation */ +static void resize_gototab(fa *f, int state) { - int i; - for (i = 0; i < f->gototab_len; i++) { - if (f->gototab[state][i].ch == 0) - break; - if (f->gototab[state][i].ch == ch) - return f->gototab[state][i].state; - } - return 0; + size_t new_size = f->gototab[state].allocated * 2; + gtte *p = (gtte *) realloc(f->gototab[state].entries, new_size * sizeof(gtte)); + if (p == NULL) + overflo(__func__); + + // need to initialized the new memory to zero + size_t orig_size = f->gototab[state].allocated; // 2nd half of new mem is this size + memset(p + orig_size, 0, orig_size * sizeof(gtte)); // clean it out + + f->gototab[state].allocated = new_size; // update gotottab info + f->gototab[state].entries = p; } -static void reset_gototab(fa *f, int state) /* hide gototab inplementation */ +static int get_gototab(fa *f, int state, int ch) /* hide gototab inplementation */ { - memset(f->gototab[state], 0, f->gototab_len * sizeof(**f->gototab)); + gtte key; + gtte *item; + + key.ch = ch; + key.state = 0; /* irrelevant */ + item = bsearch(& key, f->gototab[state].entries, + f->gototab[state].inuse, sizeof(gtte), + entry_cmp); + + if (item == NULL) + return 0; + else + return item->state; +} + +static int entry_cmp(const void *l, const void *r) +{ + const gtte *left, *right; + + left = (const gtte *) l; + right = (const gtte *) r; + + return left->ch - right->ch; } static int set_gototab(fa *f, int state, int ch, int val) /* hide gototab inplementation */ { - int i; - for (i = 0; i < f->gototab_len; i++) { - if (f->gototab[state][i].ch == 0 || f->gototab[state][i].ch == ch) { - f->gototab[state][i].ch = ch; - f->gototab[state][i].state = val; - return val; + if (f->gototab[state].inuse == 0) { + f->gototab[state].entries[0].ch = ch; + f->gototab[state].entries[0].state = val; + f->gototab[state].inuse++; + return val; + } else if (ch > f->gototab[state].entries[f->gototab[state].inuse-1].ch) { + // not seen yet, insert and return + gtt *tab = & f->gototab[state]; + if (tab->inuse + 1 >= tab->allocated) + resize_gototab(f, state); + + f->gototab[state].entries[f->gototab[state].inuse-1].ch = ch; + f->gototab[state].entries[f->gototab[state].inuse-1].state = val; + f->gototab[state].inuse++; + return val; + } else { + // maybe we have it, maybe we don't + gtte key; + gtte *item; + + key.ch = ch; + key.state = 0; /* irrelevant */ + item = bsearch(& key, f->gototab[state].entries, + f->gototab[state].inuse, sizeof(gtte), + entry_cmp); + + if (item != NULL) { + // we have it, update state and return + item->state = val; + return item->state; } + // otherwise, fall through to insert and reallocate. } - overflo(__func__); + + gtt *tab = & f->gototab[state]; + if (tab->inuse + 1 >= tab->allocated) + resize_gototab(f, state); + ++tab->inuse; + f->gototab[state].entries[tab->inuse].ch = ch; + f->gototab[state].entries[tab->inuse].state = val; + + qsort(f->gototab[state].entries, + f->gototab[state].inuse, sizeof(gtte), entry_cmp); + return val; /* not used anywhere at the moment */ } +static void clear_gototab(fa *f, int state) +{ + memset(f->gototab[state].entries, 0, + f->gototab[state].allocated * sizeof(gtte)); + f->gototab[state].inuse = 0; +} + int match(fa *f, const char *p0) /* shortest match ? */ { int s, ns; @@ -1460,6 +1528,7 @@ int cgoto(fa *f, int s, int c) /* add tmpset to current set of states */ ++(f->curstat); resize_state(f, f->curstat); + clear_gototab(f, f->curstat); xfree(f->posns[f->curstat]); p = intalloc(setcnt + 1, __func__); @@ -1483,7 +1552,8 @@ void freefa(fa *f) /* free a finite automaton */ if (f == NULL) return; for (i = 0; i < f->state_count; i++) - xfree(f->gototab[i]) + xfree(f->gototab[i].entries); + xfree(f->gototab); for (i = 0; i <= f->curstat; i++) xfree(f->posns[i]); for (i = 0; i <= f->accept; i++) { diff --git a/usr.bin/awk/lex.c b/usr.bin/awk/lex.c index 2fbb57fb5..f1b57e38e 100644 --- a/usr.bin/awk/lex.c +++ b/usr.bin/awk/lex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lex.c,v 1.31 2023/09/17 14:49:44 millert Exp $ */ +/* $OpenBSD: lex.c,v 1.32 2023/11/25 16:31:33 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -432,8 +432,12 @@ int string(void) { int i; + if (!isxdigit(peek())) { + unput(c); + break; + } n = 0; - for (i = 1; i <= 2; i++) { + for (i = 0; i < 2; i++) { c = input(); if (c == 0) break; @@ -444,13 +448,13 @@ int string(void) n += (c - '0'); else n += 10 + (c - 'a'); - } else + } else { + unput(c); break; + } } - if (n) + if (i) *bp++ = n; - else - unput(c); break; } diff --git a/usr.bin/awk/main.c b/usr.bin/awk/main.c index ddec8e820..a2f536353 100644 --- a/usr.bin/awk/main.c +++ b/usr.bin/awk/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.65 2023/11/22 01:01:21 millert Exp $ */ +/* $OpenBSD: main.c,v 1.66 2023/11/25 16:31:33 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -23,7 +23,7 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ****************************************************************/ -const char *version = "version 20231120"; +const char *version = "version 20231124"; #define DEBUG #include diff --git a/usr.bin/awk/run.c b/usr.bin/awk/run.c index e240a9da9..79fa918fc 100644 --- a/usr.bin/awk/run.c +++ b/usr.bin/awk/run.c @@ -1,4 +1,4 @@ -/* $OpenBSD: run.c,v 1.81 2023/11/22 01:01:21 millert Exp $ */ +/* $OpenBSD: run.c,v 1.82 2023/11/25 16:31:33 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -1541,8 +1541,9 @@ Cell *assign(Node **a, int n) /* a[0] = a[1], a[0] += a[1], etc. */ if (x == y && !(x->tval & (FLD|REC)) && x != nfloc) ; /* self-assignment: leave alone unless it's a field or NF */ else if ((y->tval & (STR|NUM)) == (STR|NUM)) { + yf = getfval(y); setsval(x, getsval(y)); - x->fval = getfval(y); + x->fval = yf; x->tval |= NUM; } else if (isstr(y)) diff --git a/usr.bin/rsync/extern.h b/usr.bin/rsync/extern.h index abb599873..a36d93715 100644 --- a/usr.bin/rsync/extern.h +++ b/usr.bin/rsync/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.46 2023/11/23 11:59:53 job Exp $ */ +/* $OpenBSD: extern.h,v 1.47 2023/11/27 11:30:49 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -147,6 +147,7 @@ struct opts { int one_file_system; /* -x */ int ignore_times; /* -I */ int ignore_dir_times; /* -O */ + int ignore_link_times; /* -J */ int size_only; /* --size-only */ int alt_base_mode; off_t max_size; /* --max-size */ diff --git a/usr.bin/rsync/fargs.c b/usr.bin/rsync/fargs.c index bafa6c184..cbc8537f3 100644 --- a/usr.bin/rsync/fargs.c +++ b/usr.bin/rsync/fargs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fargs.c,v 1.25 2023/11/23 11:59:53 job Exp $ */ +/* $OpenBSD: fargs.c,v 1.26 2023/11/27 11:30:49 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -142,6 +142,8 @@ fargs_cmdline(struct sess *sess, const struct fargs *f, size_t *skip) if (f->mode == FARGS_SENDER) { if (sess->opts->ignore_dir_times) addargs(&args, "-O"); + if (sess->opts->ignore_link_times) + addargs(&args, "-J"); if (sess->opts->size_only) addargs(&args, "--size-only"); diff --git a/usr.bin/rsync/main.c b/usr.bin/rsync/main.c index f6c47eb71..15d936411 100644 --- a/usr.bin/rsync/main.c +++ b/usr.bin/rsync/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.69 2023/11/23 11:59:53 job Exp $ */ +/* $OpenBSD: main.c,v 1.71 2023/11/27 11:30:49 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -322,6 +322,11 @@ const struct option lopts[] = { { "no-motd", no_argument, &opts.no_motd, 1 }, { "numeric-ids", no_argument, &opts.numeric_ids, 1 }, { "omit-dir-times", no_argument, &opts.ignore_dir_times, 1 }, + { "no-O", no_argument, &opts.ignore_dir_times, 0 }, + { "no-omit-dir-times", no_argument, &opts.ignore_dir_times, 0 }, + { "omit-link-times", no_argument, &opts.ignore_link_times, 1 }, + { "no-J", no_argument, &opts.ignore_link_times, 0 }, + { "no-omit-link-times", no_argument, &opts.ignore_link_times, 0 }, { "owner", no_argument, &opts.preserve_uids, 1 }, { "no-owner", no_argument, &opts.preserve_uids, 0 }, { "perms", no_argument, &opts.preserve_perms, 1 }, @@ -364,8 +369,8 @@ main(int argc, char *argv[]) opts.max_size = opts.min_size = -1; - while ((c = getopt_long(argc, argv, "aDe:ghIlnOoprtVvxz", lopts, &lidx)) - != -1) { + while ((c = getopt_long(argc, argv, "aDe:ghIJlnOoprtVvxz", + lopts, &lidx)) != -1) { switch (c) { case 'D': opts.devices = 1; @@ -390,6 +395,9 @@ main(int argc, char *argv[]) case 'I': opts.ignore_times = 1; break; + case 'J': + opts.ignore_link_times = 1; + break; case 'l': opts.preserve_links = 1; break; @@ -641,7 +649,7 @@ basedir: exit(rc); usage: fprintf(stderr, "usage: %s" - " [-aDgIlnOoprtVvx] [-e program] [--address=sourceaddr]\n" + " [-aDgIJlnOoprtVvx] [-e program] [--address=sourceaddr]\n" "\t[--contimeout=seconds] [--compare-dest=dir] [--del] [--exclude]\n" "\t[--exclude-from=file] [--include] [--include-from=file]\n" "\t[--no-motd] [--numeric-ids] [--port=portnumber]\n" diff --git a/usr.bin/rsync/receiver.c b/usr.bin/rsync/receiver.c index 90f541894..2d055f38a 100644 --- a/usr.bin/rsync/receiver.c +++ b/usr.bin/rsync/receiver.c @@ -1,4 +1,4 @@ -/* $OpenBSD: receiver.c,v 1.31 2021/10/24 21:24:17 deraadt Exp $ */ +/* $OpenBSD: receiver.c,v 1.32 2023/11/27 11:30:49 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons @@ -114,7 +114,8 @@ rsync_set_metadata_at(struct sess *sess, int newfile, int rootfd, /* Conditionally adjust file modification time. */ - if (sess->opts->preserve_times) { + if (sess->opts->preserve_times && + !(S_ISLNK(f->st.mode) && sess->opts->ignore_link_times)) { ts[0].tv_nsec = UTIME_NOW; ts[1].tv_sec = f->st.mtime; ts[1].tv_nsec = 0; diff --git a/usr.bin/rsync/rsync.1 b/usr.bin/rsync/rsync.1 index e1b4a8f5d..831f9e87f 100644 --- a/usr.bin/rsync/rsync.1 +++ b/usr.bin/rsync/rsync.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rsync.1,v 1.34 2023/11/23 11:59:53 job Exp $ +.\" $OpenBSD: rsync.1,v 1.35 2023/11/27 11:32:34 claudio Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 23 2023 $ +.Dd $Mdocdate: November 27 2023 $ .Dt OPENRSYNC 1 .Os .Sh NAME @@ -22,7 +22,7 @@ .Nd synchronise local and remote files .Sh SYNOPSIS .Nm openrsync -.Op Fl aDgIlnOoprtVvx +.Op Fl aDgIJlnOoprtVvx .Op Fl e Ar program .Op Fl -address Ns = Ns Ar sourceaddr .Op Fl -compare-dest Ns = Ns Ar directory @@ -132,6 +132,8 @@ and .Em rules from .Em file . +.It Fl J , -omit-link-times +Don't set symlink modification times to match the source. .It Fl l , -links Also transfer symbolic links. The link is transferred as a standalone file: if the destination does @@ -167,8 +169,6 @@ or is also given. .It Fl O , -omit-dir-times Don't set directory modification times to match the source. -Takes precedence over -.Fl t . .It Fl o , -owner Set the user name to match the source, with similar matching logic as for .Fl g . diff --git a/usr.bin/rsync/uploader.c b/usr.bin/rsync/uploader.c index 25b3be6ee..6cb6d054d 100644 --- a/usr.bin/rsync/uploader.c +++ b/usr.bin/rsync/uploader.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uploader.c,v 1.35 2023/11/23 11:59:53 job Exp $ */ +/* $OpenBSD: uploader.c,v 1.36 2023/11/27 11:28:39 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * Copyright (c) 2019 Florian Obser @@ -1099,8 +1099,7 @@ rsync_uploader_tail(struct upload *u, struct sess *sess) { size_t i; - - if (!sess->opts->preserve_times && + if ((!sess->opts->preserve_times || sess->opts->ignore_dir_times) && !sess->opts->preserve_perms) return 1; diff --git a/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm b/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm index ece19eb44..bd2368051 100644 --- a/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm +++ b/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm @@ -1,7 +1,7 @@ #! /usr/bin/perl # ex:ts=8 sw=4: -# $OpenBSD: PkgAdd.pm,v 1.147 2023/11/25 10:58:45 espie Exp $ +# $OpenBSD: PkgAdd.pm,v 1.148 2023/11/25 17:43:39 espie Exp $ # # Copyright (c) 2003-2014 Marc Espie # @@ -359,7 +359,7 @@ sub find_kept_handle($set, $n, $state) } } $set->check_security($state, $plist, $o); - if ($set->{quirks}) { + if ($set->{quirks} || $plist->has('updatedb')) { # The installed package has inst: for a location, we want # the newer one (which is identical) $n->location->{repository}->setup_cache($state->{setlist}); @@ -843,7 +843,7 @@ sub really_add($set, $state) add_installed($pkgname); delete $handle->{partial}; OpenBSD::PkgCfl::register($handle, $state); - if ($set->{quirks}) { + if ($set->{quirks} || $plist->has('updatedb')) { $handle->location->{repository}->setup_cache($state->{setlist}); } } diff --git a/usr.sbin/slaacctl/slaacctl.8 b/usr.sbin/slaacctl/slaacctl.8 index a1f543d36..15a19bf4d 100644 --- a/usr.sbin/slaacctl/slaacctl.8 +++ b/usr.sbin/slaacctl/slaacctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: slaacctl.8,v 1.6 2023/03/02 17:09:53 jmc Exp $ +.\" $OpenBSD: slaacctl.8,v 1.7 2023/11/27 09:29:48 kn Exp $ .\" .\" Copyright (c) 2017 Florian Obser .\" Copyright (c) 2016 Kenneth R Westerback @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 2 2023 $ +.Dd $Mdocdate: November 27 2023 $ .Dt SLAACCTL 8 .Os .Sh NAME @@ -51,15 +51,15 @@ The following commands are available: Disable verbose debug logging. .It Cm log verbose Enable verbose debug logging. -.It Cm send solicitation Ar interfacename +.It Cm send solicitation Ar interface Send a router solicitation on interface -.Ar interfacename . -.It Cm show interface Op Ar interfacename +.Ar interface . +.It Cm show interface Op Ar interface Display status about network interfaces. If -.Ar interfacename +.Ar interface is specified, only information relative to -.Ar interfacename +.Ar interface is shown. Otherwise information on all interfaces is shown. .El diff --git a/usr.sbin/ypbind/ypbind.c b/usr.sbin/ypbind/ypbind.c index 6a1c5d91f..6193961f0 100644 --- a/usr.sbin/ypbind/ypbind.c +++ b/usr.sbin/ypbind/ypbind.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ypbind.c,v 1.78 2023/03/08 04:43:15 guenther Exp $ */ +/* $OpenBSD: ypbind.c,v 1.79 2023/11/27 18:37:53 tb Exp $ */ /* * Copyright (c) 1992, 1993, 1996, 1997, 1998 Theo de Raadt @@ -341,8 +341,7 @@ main(int argc, char *argv[]) DIR *dirp; struct dirent *dent; - yp_get_default_domain(&domain); - if (domain[0] == '\0') { + if (yp_get_default_domain(&domain) != 0 || domain[0] == '\0') { fprintf(stderr, "domainname not set. Aborting.\n"); exit(1); }