diff --git a/Changelog-NG.txt b/Changelog-NG.txt index 1b687eebddd..cafd2473d55 100644 --- a/Changelog-NG.txt +++ b/Changelog-NG.txt @@ -2,9 +2,27 @@ Asuswrt-Merlin 386/NG Changelog =============================== -386.07_0-gnuton0 (xx-xxx-xxxx) +386.07_2-gnuton0 (xx-xxx-xxxx) - NEW: Added support for TUF-AX3000 +386.7_2 (24-July-2022) + - UPDATED: openssl to 1.1.1q. + - UPDATED: RT-AX86U driver + SDK updated to latest upstream version + - UPDATED: RT-AX88U and GT-AX11000 radio firmware downgraded to the + previous version. + - FIXED: Some ISPs would fail to allocate a proper IPv6 prefix (tvlz) + - FIXED: Packet checksum errors logged when using DNSFilter in Router + mode. Router mode will no longer use DNAT, except for newer + HND 5.04 models like the GT-AX6000 or XT12, which work + properly. Non-Router mode on HND will still use + the new DNAT support added in 386.7. + - FIXED: Some SSH clients would end up with an incorrect PATH + value for the default search path. + - FIXED: OpenVPN clients wouldn't get updated routing tables + if an OpenVPN server was stopped/started while an + OpenVPN client was connected + + 386.7 (22-June-2022) - NEW: IPV6 support for DNSFilter for HND router models. Custom settings can also let you specify IPv6 servers. diff --git a/release/src-rt-5.02L.07p2axhnd/bcmdrivers/broadcom/net/wl/impl69/sys/src/dongle/bin/43684b0/rtecdc.bin b/release/src-rt-5.02L.07p2axhnd/bcmdrivers/broadcom/net/wl/impl69/sys/src/dongle/bin/43684b0/rtecdc.bin old mode 100644 new mode 100755 index e702c8833da..a0c91061503 Binary files a/release/src-rt-5.02L.07p2axhnd/bcmdrivers/broadcom/net/wl/impl69/sys/src/dongle/bin/43684b0/rtecdc.bin and b/release/src-rt-5.02L.07p2axhnd/bcmdrivers/broadcom/net/wl/impl69/sys/src/dongle/bin/43684b0/rtecdc.bin differ diff --git a/release/src-rt-5.02L.07p2axhnd/bcmdrivers/broadcom/net/wl/impl69/sys/src/dongle/sysdeps/RT-AX86U/43684b0/rtecdc.bin b/release/src-rt-5.02L.07p2axhnd/bcmdrivers/broadcom/net/wl/impl69/sys/src/dongle/sysdeps/RT-AX86U/43684b0/rtecdc.bin index ff51a57df0d..a0c91061503 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/bcmdrivers/broadcom/net/wl/impl69/sys/src/dongle/sysdeps/RT-AX86U/43684b0/rtecdc.bin and b/release/src-rt-5.02L.07p2axhnd/bcmdrivers/broadcom/net/wl/impl69/sys/src/dongle/sysdeps/RT-AX86U/43684b0/rtecdc.bin differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_flash.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_flash.o index 4604129c8df..0b82f3149c9 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_flash.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_flash.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_gpio.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_gpio.o index 1e93c824047..108521eea35 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_gpio.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_gpio.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_led.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_led.o index ca1bfe386cc..059a35bfb6a 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_led.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm63xx_led.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm_enet.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm_enet.o index b6c37fd0e11..791a7f87516 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm_enet.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm_enet.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm_misc_hw_init_impl6.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm_misc_hw_init_impl6.o index 574f9c2adf9..db50fe675e0 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm_misc_hw_init_impl6.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/bcm_misc_hw_init_impl6.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board.o index 933a8f5db49..aa52aac5bfa 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_button.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_button.o index be58465be46..8a147f6a1f0 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_button.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_button.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_dg.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_dg.o index e4ba3cf5dd2..cafa8ab59f2 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_dg.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_dg.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_image.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_image.o index 7dd1cdbfba9..1111e09123b 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_image.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_image.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_ioctl.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_ioctl.o index f72b7c86366..a708884eba8 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_ioctl.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_ioctl.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_proc.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_proc.o index 5e0d87da49d..f2ed788c598 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_proc.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_proc.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_util.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_util.o index 1a72b8635d3..0ad5106ace7 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_util.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_util.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_wd.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_wd.o index 5202c0b6c98..6faa5e55186 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_wd.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_wd.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_wl.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_wl.o index ead7b331eef..2dfa9ea70d4 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_wl.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/board_wl.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/chipinfo.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/chipinfo.o index ccf56607a13..335f64bf21e 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/chipinfo.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/chipinfo.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/compat_board.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/compat_board.o index a48a1948c00..cfd754f957f 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/compat_board.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/compat_board.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/otp.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/otp.o index 7d8b2e32a12..f4b6e51f18f 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/otp.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/otp.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/pmc_pcie.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/pmc_pcie.o index 2bb22722f09..f971ebb3f06 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/pmc_pcie.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/pmc_pcie.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/pushbutton.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/pushbutton.o index df342005199..bf0b9429c0a 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/pushbutton.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/pushbutton.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/spidevices.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/spidevices.o index 1f81c2236c0..a483c4f6bfd 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/spidevices.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/spidevices.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wfd.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wfd.o index 91fa1d3d6cf..535e0f155c9 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wfd.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wfd.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wl.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wl.o index e9be44b3b55..8e0e0f64bd6 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wl.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wl.o differ diff --git a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wlcsm.o b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wlcsm.o index 1538790af99..6839edb0094 100755 Binary files a/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wlcsm.o and b/release/src-rt-5.02L.07p2axhnd/router-sysdep.rt-ax86u/hnd_extra/prebuilt/wlcsm.o differ diff --git a/release/src-rt-5.02axhnd/bcmdrivers/broadcom/net/wl/impl51/sys/src/dongle/sysdeps/default/43684b0/rtecdc.bin b/release/src-rt-5.02axhnd/bcmdrivers/broadcom/net/wl/impl51/sys/src/dongle/sysdeps/default/43684b0/rtecdc.bin index 2813da39255..1b35e8f4b04 100755 Binary files a/release/src-rt-5.02axhnd/bcmdrivers/broadcom/net/wl/impl51/sys/src/dongle/sysdeps/default/43684b0/rtecdc.bin and b/release/src-rt-5.02axhnd/bcmdrivers/broadcom/net/wl/impl51/sys/src/dongle/sysdeps/default/43684b0/rtecdc.bin differ diff --git a/release/src-rt/version.conf b/release/src-rt/version.conf index a8385d2be21..9ba08d180cb 100644 --- a/release/src-rt/version.conf +++ b/release/src-rt/version.conf @@ -1,5 +1,5 @@ KERNEL_VER=3.0 FS_VER=0.4 SERIALNO=386.7 -EXTENDNO=0 +EXTENDNO=2 RCNO=0 diff --git a/release/src/router/libovpn/openvpn_control.c b/release/src/router/libovpn/openvpn_control.c index 35bc862a6e4..1884aec335b 100644 --- a/release/src/router/libovpn/openvpn_control.c +++ b/release/src/router/libovpn/openvpn_control.c @@ -908,6 +908,10 @@ void ovpn_start_server(int unit) { ovpn_setup_server_watchdog(sconf, unit); + // Update running ovpn client tables + if (sconf->if_type == OVPN_IF_TUN) + update_client_routes(sconf->if_name, 1); + free(sconf); } @@ -965,6 +969,13 @@ void ovpn_stop_server(int unit) { return; } + // Remove routes from running ovpn clients + snprintf(buffer, sizeof(buffer), "vpn_server%d_if", unit); + if (!strcmp(nvram_safe_get(buffer), "tun")) { + snprintf(buffer, sizeof(buffer), "tun%d", OVPN_SERVER_BASEIF + unit); + update_client_routes(buffer, 0); + } + // Remove watchdog sprintf(buffer, "CheckVPNServer%d", unit); eval("cru", "d", buffer); @@ -1061,3 +1072,66 @@ void stop_ovpn_serverall() { ovpn_stop_server(unit); } } + + +/* Remove/add server routes from client routing tables */ + +void update_client_routes(char *server_iface, int addroute) { + int unit; + char buffer[32]; + + for( unit = 1; unit <= OVPN_CLIENT_MAX; unit++ ) { + sprintf(buffer, "vpnclient%d", unit); + if ( pidof(buffer) >= 0 ) { + if (addroute) + _add_server_routes(server_iface, unit); + else + _del_server_routes(server_iface, unit); + } + } +} + + +/* Add / remove OpenVPN server routes from client tables */ +/* Server-agnostic, could eventually be reused for other servers like WG/IPSEC */ + +void _add_server_routes(char *server_iface, int client_unit) { + char buffer[128], routecmd[128], line[128]; + FILE *fp_route; + + snprintf(buffer, sizeof (buffer), "/usr/sbin/ip route list table main | grep %s > /tmp/vpnroute%d_tmp", server_iface, client_unit); + system(buffer); + + snprintf(buffer, sizeof (buffer), "/tmp/vpnroute%d_tmp", client_unit); + fp_route = fopen(buffer, "r"); + + if (fp_route) { + while (fgets(line, sizeof(line), fp_route) != NULL) { + snprintf(routecmd, sizeof (routecmd), "/usr/sbin/ip route add %s table ovpnc%d", trimNL(line), client_unit); + system(routecmd); + } + fclose(fp_route); + } + unlink(buffer); +} + + +void _del_server_routes(char *server_iface, int client_unit) { + char buffer[128], routecmd[128], line[128]; + FILE *fp_route; + + snprintf(buffer, sizeof (buffer), "/usr/sbin/ip route list table ovpnc%d | grep %s > /tmp/vpnroute%d_tmp", client_unit, server_iface, client_unit); + system(buffer); + + snprintf(buffer, sizeof (buffer), "/tmp/vpnroute%d_tmp", client_unit); + fp_route = fopen(buffer, "r"); + + if (fp_route) { + while (fgets(line, sizeof(line), fp_route) != NULL) { + snprintf(routecmd, sizeof (routecmd), "/usr/sbin/ip route del %s table ovpnc%d", trimNL(line), client_unit); + system(routecmd); + } + fclose(fp_route); + } + unlink(buffer); +} diff --git a/release/src/router/libovpn/openvpn_control.h b/release/src/router/libovpn/openvpn_control.h index 7e16c3bf9b2..7a4b215b6ac 100644 --- a/release/src/router/libovpn/openvpn_control.h +++ b/release/src/router/libovpn/openvpn_control.h @@ -36,5 +36,7 @@ extern void ovpn_update_exclusive_dns_rules(); extern void start_ovpn_serverall(); extern void stop_ovpn_serverall(); - +extern void update_client_routes(char *server_iface, int addroute); +void _add_server_routes(char *server_iface, int client_unit); +void _del_server_routes(char *server_iface, int client_unit); #endif diff --git a/release/src/router/libovpn/openvpn_setup.c b/release/src/router/libovpn/openvpn_setup.c index 1399c19128f..822dce05e2c 100644 --- a/release/src/router/libovpn/openvpn_setup.c +++ b/release/src/router/libovpn/openvpn_setup.c @@ -1127,7 +1127,7 @@ void ovpn_setup_server_watchdog(ovpn_sconf_t *sconf, int unit) { if ((fp = fopen(buffer, "w"))) { fprintf(fp, "#!/bin/sh\n" - "if [ -z $(pidof vpnserver%d) ]\n" + "if [ -z \"$(pidof vpnserver%d)\" ]\n" "then\n" " service restart_vpnserver%d\n" "fi\n", diff --git a/release/src/router/openssl-1.1/CHANGES b/release/src/router/openssl-1.1/CHANGES index a5522e5fa56..c18a1f51496 100644 --- a/release/src/router/openssl-1.1/CHANGES +++ b/release/src/router/openssl-1.1/CHANGES @@ -7,18 +7,57 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1p and 1.1.1q [5 Jul 2022] + + *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised + implementation would not encrypt the entirety of the data under some + circumstances. This could reveal sixteen bytes of data that was + preexisting in the memory that wasn't written. In the special case of + "in place" encryption, sixteen bytes of the plaintext would be revealed. + + Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, + they are both unaffected. + (CVE-2022-2097) + [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño] + + Changes between 1.1.1o and 1.1.1p [21 Jun 2022] + + *) In addition to the c_rehash shell command injection identified in + CVE-2022-1292, further bugs where the c_rehash script does not + properly sanitise shell metacharacters to prevent command injection have been + fixed. + + When the CVE-2022-1292 was fixed it was not discovered that there + are other places in the script where the file names of certificates + being hashed were possibly passed to a command executed through the shell. + + This script is distributed by some operating systems in a manner where + it is automatically executed. On such operating systems, an attacker + could execute arbitrary commands with the privileges of the script. + + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + (CVE-2022-2068) + [Daniel Fiala, Tomáš Mráz] + + *) When OpenSSL TLS client is connecting without any supported elliptic + curves and TLS-1.3 protocol is disabled the connection will no longer fail + if a ciphersuite that does not use a key exchange based on elliptic + curves can be negotiated. + [Tomáš Mráz] + Changes between 1.1.1n and 1.1.1o [3 May 2022] *) Fixed a bug in the c_rehash script which was not properly sanitising shell - metacharacters to prevent command injection. This script is distributed by - some operating systems in a manner where it is automatically executed. On - such operating systems, an attacker could execute arbitrary commands with the - privileges of the script. - - Use of the c_rehash script is considered obsolete and should be replaced - by the OpenSSL rehash command line tool. - (CVE-2022-1292) - [Tomáš Mráz] + metacharacters to prevent command injection. This script is distributed + by some operating systems in a manner where it is automatically executed. + On such operating systems, an attacker could execute arbitrary commands + with the privileges of the script. + + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + (CVE-2022-1292) + [Tomáš Mráz] Changes between 1.1.1m and 1.1.1n [15 Mar 2022] diff --git a/release/src/router/openssl-1.1/Configurations/10-main.conf b/release/src/router/openssl-1.1/Configurations/10-main.conf index 76df9ef8d05..12ba6172db0 100644 --- a/release/src/router/openssl-1.1/Configurations/10-main.conf +++ b/release/src/router/openssl-1.1/Configurations/10-main.conf @@ -1007,6 +1007,13 @@ my %targets = ( perlasm_scheme => "linux64", }, + "BSD-aarch64" => { + inherit_from => [ "BSD-generic64", asm("aarch64_asm") ], + lib_cppflags => add("-DL_ENDIAN"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "linux64", + }, + "bsdi-elf-gcc" => { inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], CC => "gcc", diff --git a/release/src/router/openssl-1.1/NEWS b/release/src/router/openssl-1.1/NEWS index d32cf5bb48d..75e9ba062df 100644 --- a/release/src/router/openssl-1.1/NEWS +++ b/release/src/router/openssl-1.1/NEWS @@ -5,6 +5,17 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022] + + o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms + (CVE-2022-2097) + + Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022] + + o Fixed additional bugs in the c_rehash script which was not properly + sanitising shell metacharacters to prevent command injection + (CVE-2022-2068) + Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022] o Fixed a bug in the c_rehash script which was not properly sanitising diff --git a/release/src/router/openssl-1.1/README b/release/src/router/openssl-1.1/README index a56311a4d18..79f9c611a93 100644 --- a/release/src/router/openssl-1.1/README +++ b/release/src/router/openssl-1.1/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1o 3 May 2022 + OpenSSL 1.1.1q 5 Jul 2022 Copyright (c) 1998-2022 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/release/src/router/openssl-1.1/apps/s_server.c b/release/src/router/openssl-1.1/apps/s_server.c index 64d53e68d0e..1a42bf89c7a 100644 --- a/release/src/router/openssl-1.1/apps/s_server.c +++ b/release/src/router/openssl-1.1/apps/s_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2236,6 +2236,30 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } +static long int count_reads_callback(BIO *bio, int cmd, const char *argp, + int argi, long int argl, long int ret) +{ + unsigned int *p_counter = (unsigned int *)BIO_get_callback_arg(bio); + + switch (cmd) { + case BIO_CB_READ: /* No break here */ + case BIO_CB_GETS: + if (p_counter != NULL) + ++*p_counter; + break; + default: + break; + } + + if (s_debug) { + BIO_set_callback_arg(bio, (char *)bio_s_out); + ret = bio_dump_callback(bio, cmd, argp, argi, argl, ret); + BIO_set_callback_arg(bio, (char *)p_counter); + } + + return ret; +} + static int sv_body(int s, int stype, int prot, unsigned char *context) { char *buf = NULL; @@ -2353,10 +2377,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) SSL_set_accept_state(con); /* SSL_set_fd(con,s); */ - if (s_debug) { - BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); - BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); - } + BIO_set_callback(SSL_get_rbio(con), count_reads_callback); if (s_msg) { #ifndef OPENSSL_NO_SSL_TRACE if (s_msg == 2) @@ -2648,7 +2669,25 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) */ if ((!async || !SSL_waiting_for_async(con)) && !SSL_is_init_finished(con)) { + /* + * Count number of reads during init_ssl_connection. + * It helps us to distinguish configuration errors from errors + * caused by a client. + */ + unsigned int read_counter = 0; + + BIO_set_callback_arg(SSL_get_rbio(con), (char *)&read_counter); i = init_ssl_connection(con); + BIO_set_callback_arg(SSL_get_rbio(con), NULL); + + /* + * If initialization fails without reads, then + * there was a fatal error in configuration. + */ + if (i <= 0 && read_counter == 0) { + ret = -1; + goto err; + } if (i < 0) { ret = 0; diff --git a/release/src/router/openssl-1.1/config b/release/src/router/openssl-1.1/config index 49422981ae8..c7b035a0c57 100755 --- a/release/src/router/openssl-1.1/config +++ b/release/src/router/openssl-1.1/config @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -709,6 +709,7 @@ case "$GUESSOS" in ia64-*-*bsd*) OUT="BSD-ia64" ;; x86_64-*-dragonfly*) OUT="BSD-x86_64" ;; amd64-*-*bsd*) OUT="BSD-x86_64" ;; + arm64-*-*bsd*) OUT="BSD-aarch64" ;; *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD libc=/usr/lib/libc.so diff --git a/release/src/router/openssl-1.1/crypto/aes/asm/aesni-x86.pl b/release/src/router/openssl-1.1/crypto/aes/asm/aesni-x86.pl index fe2b26542ab..3502940d523 100644 --- a/release/src/router/openssl-1.1/crypto/aes/asm/aesni-x86.pl +++ b/release/src/router/openssl-1.1/crypto/aes/asm/aesni-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2027,7 +2027,7 @@ sub aesni_generate6 &movdqu (&QWP(-16*2,$out,$inp),$inout4); &movdqu (&QWP(-16*1,$out,$inp),$inout5); &cmp ($inp,$len); # done yet? - &jb (&label("grandloop")); + &jbe (&label("grandloop")); &set_label("short"); &add ($len,16*6); @@ -2453,7 +2453,7 @@ sub aesni_generate6 &pxor ($rndkey1,$inout5); &movdqu (&QWP(-16*1,$out,$inp),$inout5); &cmp ($inp,$len); # done yet? - &jb (&label("grandloop")); + &jbe (&label("grandloop")); &set_label("short"); &add ($len,16*6); diff --git a/release/src/router/openssl-1.1/crypto/bn/asm/x86_64-mont5.pl b/release/src/router/openssl-1.1/crypto/bn/asm/x86_64-mont5.pl index 8c37d132e47..33cb769c36d 100755 --- a/release/src/router/openssl-1.1/crypto/bn/asm/x86_64-mont5.pl +++ b/release/src/router/openssl-1.1/crypto/bn/asm/x86_64-mont5.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2101,193 +2101,6 @@ .size __bn_post4x_internal,.-__bn_post4x_internal ___ } -{ -$code.=<<___; -.globl bn_from_montgomery -.type bn_from_montgomery,\@abi-omnipotent -.align 32 -bn_from_montgomery: -.cfi_startproc - testl \$7,`($win64?"48(%rsp)":"%r9d")` - jz bn_from_mont8x - xor %eax,%eax - ret -.cfi_endproc -.size bn_from_montgomery,.-bn_from_montgomery - -.type bn_from_mont8x,\@function,6 -.align 32 -bn_from_mont8x: -.cfi_startproc - .byte 0x67 - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lfrom_prologue: - - shl \$3,${num}d # convert $num to bytes - lea ($num,$num,2),%r10 # 3*$num in bytes - neg $num - mov ($n0),$n0 # *n0 - - ############################################################## - # Ensure that stack frame doesn't alias with $rptr+3*$num - # modulo 4096, which covers ret[num], am[num] and n[num] - # (see bn_exp.c). The stack is allocated to aligned with - # bn_power5's frame, and as bn_from_montgomery happens to be - # last operation, we use the opportunity to cleanse it. - # - lea -320(%rsp,$num,2),%r11 - mov %rsp,%rbp - sub $rptr,%r11 - and \$4095,%r11 - cmp %r11,%r10 - jb .Lfrom_sp_alt - sub %r11,%rbp # align with $aptr - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256) - jmp .Lfrom_sp_done - -.align 32 -.Lfrom_sp_alt: - lea 4096-320(,$num,2),%r10 - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256) - sub %r10,%r11 - mov \$0,%r10 - cmovc %r10,%r11 - sub %r11,%rbp -.Lfrom_sp_done: - and \$-64,%rbp - mov %rsp,%r11 - sub %rbp,%r11 - and \$-4096,%r11 - lea (%rbp,%r11),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lfrom_page_walk - jmp .Lfrom_page_walk_done - -.Lfrom_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lfrom_page_walk -.Lfrom_page_walk_done: - - mov $num,%r10 - neg $num - - ############################################################## - # Stack layout - # - # +0 saved $num, used in reduction section - # +8 &t[2*$num], used in reduction section - # +32 saved *n0 - # +40 saved %rsp - # +48 t[2*$num] - # - mov $n0, 32(%rsp) - mov %rax, 40(%rsp) # save original %rsp -.cfi_cfa_expression %rsp+40,deref,+8 -.Lfrom_body: - mov $num,%r11 - lea 48(%rsp),%rax - pxor %xmm0,%xmm0 - jmp .Lmul_by_1 - -.align 32 -.Lmul_by_1: - movdqu ($aptr),%xmm1 - movdqu 16($aptr),%xmm2 - movdqu 32($aptr),%xmm3 - movdqa %xmm0,(%rax,$num) - movdqu 48($aptr),%xmm4 - movdqa %xmm0,16(%rax,$num) - .byte 0x48,0x8d,0xb6,0x40,0x00,0x00,0x00 # lea 64($aptr),$aptr - movdqa %xmm1,(%rax) - movdqa %xmm0,32(%rax,$num) - movdqa %xmm2,16(%rax) - movdqa %xmm0,48(%rax,$num) - movdqa %xmm3,32(%rax) - movdqa %xmm4,48(%rax) - lea 64(%rax),%rax - sub \$64,%r11 - jnz .Lmul_by_1 - - movq $rptr,%xmm1 - movq $nptr,%xmm2 - .byte 0x67 - mov $nptr,%rbp - movq %r10, %xmm3 # -num -___ -$code.=<<___ if ($addx); - mov OPENSSL_ia32cap_P+8(%rip),%r11d - and \$0x80108,%r11d - cmp \$0x80108,%r11d # check for AD*X+BMI2+BMI1 - jne .Lfrom_mont_nox - - lea (%rax,$num),$rptr - call __bn_sqrx8x_reduction - call __bn_postx4x_internal - - pxor %xmm0,%xmm0 - lea 48(%rsp),%rax - jmp .Lfrom_mont_zero - -.align 32 -.Lfrom_mont_nox: -___ -$code.=<<___; - call __bn_sqr8x_reduction - call __bn_post4x_internal - - pxor %xmm0,%xmm0 - lea 48(%rsp),%rax - jmp .Lfrom_mont_zero - -.align 32 -.Lfrom_mont_zero: - mov 40(%rsp),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - movdqa %xmm0,16*0(%rax) - movdqa %xmm0,16*1(%rax) - movdqa %xmm0,16*2(%rax) - movdqa %xmm0,16*3(%rax) - lea 16*4(%rax),%rax - sub \$32,$num - jnz .Lfrom_mont_zero - - mov \$1,%rax - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lfrom_epilogue: - ret -.cfi_endproc -.size bn_from_mont8x,.-bn_from_mont8x -___ -} }}} if ($addx) {{{ @@ -3894,10 +3707,6 @@ .rva .LSEH_begin_bn_power5 .rva .LSEH_end_bn_power5 .rva .LSEH_info_bn_power5 - - .rva .LSEH_begin_bn_from_mont8x - .rva .LSEH_end_bn_from_mont8x - .rva .LSEH_info_bn_from_mont8x ___ $code.=<<___ if ($addx); .rva .LSEH_begin_bn_mulx4x_mont_gather5 @@ -3929,11 +3738,6 @@ .byte 9,0,0,0 .rva mul_handler .rva .Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue # HandlerData[] -.align 8 -.LSEH_info_bn_from_mont8x: - .byte 9,0,0,0 - .rva mul_handler - .rva .Lfrom_prologue,.Lfrom_body,.Lfrom_epilogue # HandlerData[] ___ $code.=<<___ if ($addx); .align 8 diff --git a/release/src/router/openssl-1.1/crypto/bn/bn_exp.c b/release/src/router/openssl-1.1/crypto/bn/bn_exp.c index 8c54ab005ca..e21dcff027c 100644 --- a/release/src/router/openssl-1.1/crypto/bn/bn_exp.c +++ b/release/src/router/openssl-1.1/crypto/bn/bn_exp.c @@ -900,14 +900,21 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, #if defined(OPENSSL_BN_ASM_MONT5) if (window == 5 && top > 1) { /* - * This optimization uses ideas from http://eprint.iacr.org/2011/239, - * specifically optimization of cache-timing attack countermeasures - * and pre-computation optimization. - */ - - /* - * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as - * 512-bit RSA is hardly relevant, we omit it to spare size... + * This optimization uses ideas from https://eprint.iacr.org/2011/239, + * specifically optimization of cache-timing attack countermeasures, + * pre-computation optimization, and Almost Montgomery Multiplication. + * + * The paper discusses a 4-bit window to optimize 512-bit modular + * exponentiation, used in RSA-1024 with CRT, but RSA-1024 is no longer + * important. + * + * |bn_mul_mont_gather5| and |bn_power5| implement the "almost" + * reduction variant, so the values here may not be fully reduced. + * They are bounded by R (i.e. they fit in |top| words), not |m|. + * Additionally, we pass these "almost" reduced inputs into + * |bn_mul_mont|, which implements the normal reduction variant. + * Given those inputs, |bn_mul_mont| may not give reduced + * output, but it will still produce "almost" reduced output. */ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, const void *table, const BN_ULONG *np, @@ -919,9 +926,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const void *table, const BN_ULONG *np, const BN_ULONG *n0, int num, int power); int bn_get_bits5(const BN_ULONG *ap, int off); - int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *not_used, const BN_ULONG *np, - const BN_ULONG *n0, int num); BN_ULONG *n0 = mont->n0, *np; @@ -1010,14 +1014,18 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } } - ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top); tmp.top = top; - bn_correct_top(&tmp); - if (ret) { - if (!BN_copy(rr, &tmp)) - ret = 0; - goto err; /* non-zero ret means it's not error */ - } + /* + * The result is now in |tmp| in Montgomery form, but it may not be + * fully reduced. This is within bounds for |BN_from_montgomery| + * (tmp < R <= m*R) so it will, when converting from Montgomery form, + * produce a fully reduced result. + * + * This differs from Figure 2 of the paper, which uses AMM(h, 1) to + * convert from Montgomery form with unreduced output, followed by an + * extra reduction step. In the paper's terminology, we replace + * steps 9 and 10 with MM(h, 1). + */ } else #endif { diff --git a/release/src/router/openssl-1.1/crypto/bn/bn_gcd.c b/release/src/router/openssl-1.1/crypto/bn/bn_gcd.c index 0941f7b97f3..6190bf1eddb 100644 --- a/release/src/router/openssl-1.1/crypto/bn/bn_gcd.c +++ b/release/src/router/openssl-1.1/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, if (R == NULL) goto err; - BN_one(X); + if (!BN_one(X)) + goto err; BN_zero(Y); if (BN_copy(B, a) == NULL) goto err; @@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, if (R == NULL) goto err; - BN_one(X); + if (!BN_one(X)) + goto err; BN_zero(Y); if (BN_copy(B, a) == NULL) goto err; diff --git a/release/src/router/openssl-1.1/crypto/bn/rsaz_exp.c b/release/src/router/openssl-1.1/crypto/bn/rsaz_exp.c index 22455b8a637..a2ab58bbeb4 100644 --- a/release/src/router/openssl-1.1/crypto/bn/rsaz_exp.c +++ b/release/src/router/openssl-1.1/crypto/bn/rsaz_exp.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2012, Intel Corporation. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -66,6 +66,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], unsigned char *R2 = table_s; /* borrow */ int index; int wvalue; + BN_ULONG tmp[16]; if ((((size_t)p_str & 4095) + 320) >> 12) { result = p_str; @@ -237,7 +238,10 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], rsaz_1024_red2norm_avx2(result_norm, result); + bn_reduce_once_in_place(result_norm, /*carry=*/0, m_norm, tmp, 16); + OPENSSL_cleanse(storage, sizeof(storage)); + OPENSSL_cleanse(tmp, sizeof(tmp)); } /* @@ -266,6 +270,7 @@ void RSAZ_512_mod_exp(BN_ULONG result[8], unsigned char *p_str = (unsigned char *)exponent; int index; unsigned int wvalue; + BN_ULONG tmp[8]; /* table[0] = 1_inv */ temp[0] = 0 - m[0]; @@ -309,7 +314,10 @@ void RSAZ_512_mod_exp(BN_ULONG result[8], /* from Montgomery */ rsaz_512_mul_by_one(result, temp, m, k0); + bn_reduce_once_in_place(result, /*carry=*/0, m, tmp, 8); + OPENSSL_cleanse(storage, sizeof(storage)); + OPENSSL_cleanse(tmp, sizeof(tmp)); } #endif diff --git a/release/src/router/openssl-1.1/crypto/bn/rsaz_exp.h b/release/src/router/openssl-1.1/crypto/bn/rsaz_exp.h index 88f65a4bae4..1532a7e0717 100644 --- a/release/src/router/openssl-1.1/crypto/bn/rsaz_exp.h +++ b/release/src/router/openssl-1.1/crypto/bn/rsaz_exp.h @@ -1,5 +1,5 @@ /* - * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2012, Intel Corporation. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -22,6 +22,8 @@ # define RSAZ_ENABLED # include +# include "internal/constant_time.h" +# include "bn_local.h" void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], const BN_ULONG base_norm[16], @@ -35,6 +37,27 @@ void RSAZ_512_mod_exp(BN_ULONG result[8], const BN_ULONG m_norm[8], BN_ULONG k0, const BN_ULONG RR[8]); +static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask, + const BN_ULONG *a, + const BN_ULONG *b, size_t num) +{ + size_t i; + + for (i = 0; i < num; i++) { + r[i] = constant_time_select_64(mask, a[i], b[i]); + } +} + +static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r, + BN_ULONG carry, + const BN_ULONG *m, + BN_ULONG *tmp, size_t num) +{ + carry -= bn_sub_words(tmp, r, m, num); + bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num); + return carry; +} + # endif #endif diff --git a/release/src/router/openssl-1.1/crypto/ec/ec_asn1.c b/release/src/router/openssl-1.1/crypto/ec/ec_asn1.c index 4335b3da1a5..1acbbde3d37 100644 --- a/release/src/router/openssl-1.1/crypto/ec/ec_asn1.c +++ b/release/src/router/openssl-1.1/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -751,6 +751,16 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) /* extract seed (optional) */ if (params->curve->seed != NULL) { + /* + * This happens for instance with + * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a + * and causes the OPENSSL_malloc below to choke on the + * zero length allocation request. + */ + if (params->curve->seed->length == 0) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); + goto err; + } OPENSSL_free(ret->seed); if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE); @@ -784,7 +794,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) } /* extract the order */ - if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { + if (ASN1_INTEGER_to_BN(params->order, a) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } @@ -801,7 +811,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) if (params->cofactor == NULL) { BN_free(b); b = NULL; - } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { + } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } diff --git a/release/src/router/openssl-1.1/crypto/ec/ec_key.c b/release/src/router/openssl-1.1/crypto/ec/ec_key.c index 23efbd015ca..3017f0936c0 100644 --- a/release/src/router/openssl-1.1/crypto/ec/ec_key.c +++ b/release/src/router/openssl-1.1/crypto/ec/ec_key.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -657,8 +657,7 @@ int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE); return 0; } - eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key); - if (eckey->priv_key == NULL) { + if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) { ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB); return 0; } diff --git a/release/src/router/openssl-1.1/crypto/x509/x509_cmp.c b/release/src/router/openssl-1.1/crypto/x509/x509_cmp.c index 1d8d2d7b28e..3724a118f34 100644 --- a/release/src/router/openssl-1.1/crypto/x509/x509_cmp.c +++ b/release/src/router/openssl-1.1/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,7 +34,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) unsigned long ret = 0; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char md[16]; - char *f; + char *f = NULL; if (ctx == NULL) goto err; @@ -45,7 +45,6 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) goto err; if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) goto err; - OPENSSL_free(f); if (!EVP_DigestUpdate (ctx, (unsigned char *)a->cert_info.serialNumber.data, (unsigned long)a->cert_info.serialNumber.length)) @@ -56,6 +55,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; err: + OPENSSL_free(f); EVP_MD_CTX_free(ctx); return ret; } diff --git a/release/src/router/openssl-1.1/crypto/x509/x_crl.c b/release/src/router/openssl-1.1/crypto/x509/x_crl.c index c9762f9e239..df0041c0108 100644 --- a/release/src/router/openssl-1.1/crypto/x509/x_crl.c +++ b/release/src/router/openssl-1.1/crypto/x509/x_crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -103,13 +103,17 @@ static int crl_set_issuers(X509_CRL *crl) if (gtmp) { gens = gtmp; - if (!crl->issuers) { + if (crl->issuers == NULL) { crl->issuers = sk_GENERAL_NAMES_new_null(); - if (!crl->issuers) + if (crl->issuers == NULL) { + GENERAL_NAMES_free(gtmp); return 0; + } } - if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) + if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) { + GENERAL_NAMES_free(gtmp); return 0; + } } rev->issuer = gens; @@ -255,7 +259,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_FREE_POST: - if (crl->meth->crl_free) { + if (crl->meth != NULL && crl->meth->crl_free != NULL) { if (!crl->meth->crl_free(crl)) return 0; } diff --git a/release/src/router/openssl-1.1/crypto/x509v3/v3_addr.c b/release/src/router/openssl-1.1/crypto/x509v3/v3_addr.c index 4258dbc40c0..ccce34ef2e4 100644 --- a/release/src/router/openssl-1.1/crypto/x509v3/v3_addr.c +++ b/release/src/router/openssl-1.1/crypto/x509v3/v3_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,8 @@ #include #include +#include +#include #include "internal/cryptlib.h" #include @@ -342,8 +344,13 @@ static int range_should_be_prefix(const unsigned char *min, unsigned char mask; int i, j; - if (memcmp(min, max, length) <= 0) - return -1; + /* + * It is the responsibility of the caller to confirm min <= max. We don't + * use ossl_assert() here since we have no way of signalling an error from + * this function - so we just use a plain assert instead. + */ + assert(memcmp(min, max, length) <= 0); + for (i = 0; i < length && min[i] == max[i]; i++) ; for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ; if (i < j) @@ -426,6 +433,9 @@ static int make_addressRange(IPAddressOrRange **result, IPAddressOrRange *aor; int i, prefixlen; + if (memcmp(min, max, length) > 0) + return 0; + if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) return make_addressPrefix(result, min, prefixlen); diff --git a/release/src/router/openssl-1.1/crypto/x509v3/v3_asid.c b/release/src/router/openssl-1.1/crypto/x509v3/v3_asid.c index ac685726729..8e9e919804d 100644 --- a/release/src/router/openssl-1.1/crypto/x509v3/v3_asid.c +++ b/release/src/router/openssl-1.1/crypto/x509v3/v3_asid.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -700,15 +700,28 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) */ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) { - return (a == NULL || - a == b || - (b != NULL && - !X509v3_asid_inherits(a) && - !X509v3_asid_inherits(b) && - asid_contains(b->asnum->u.asIdsOrRanges, - a->asnum->u.asIdsOrRanges) && - asid_contains(b->rdi->u.asIdsOrRanges, - a->rdi->u.asIdsOrRanges))); + int subset; + + if (a == NULL || a == b) + return 1; + + if (b == NULL) + return 0; + + if (X509v3_asid_inherits(a) || X509v3_asid_inherits(b)) + return 0; + + subset = a->asnum == NULL + || (b->asnum != NULL + && asid_contains(b->asnum->u.asIdsOrRanges, + a->asnum->u.asIdsOrRanges)); + if (!subset) + return 0; + + return a->rdi == NULL + || (b->rdi != NULL + && asid_contains(b->rdi->u.asIdsOrRanges, + a->rdi->u.asIdsOrRanges)); } /* diff --git a/release/src/router/openssl-1.1/crypto/x509v3/v3_sxnet.c b/release/src/router/openssl-1.1/crypto/x509v3/v3_sxnet.c index 89cda01be2a..3c5508f9416 100644 --- a/release/src/router/openssl-1.1/crypto/x509v3/v3_sxnet.c +++ b/release/src/router/openssl-1.1/crypto/x509v3/v3_sxnet.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,15 +57,29 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET) static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent) { - long v; + int64_t v; char *tmp; SXNETID *id; int i; - v = ASN1_INTEGER_get(sx->version); - BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); + + /* + * Since we add 1 to the version number to display it, we don't support + * LONG_MAX since that would cause on overflow. + */ + if (!ASN1_INTEGER_get_int64(&v, sx->version) + || v >= LONG_MAX + || v < LONG_MIN) { + BIO_printf(out, "%*sVersion: ", indent, ""); + } else { + long vl = (long)v; + + BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl); + } for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); tmp = i2s_ASN1_INTEGER(NULL, id->zone); + if (tmp == NULL) + return 0; BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); OPENSSL_free(tmp); ASN1_STRING_print(out, id->user); diff --git a/release/src/router/openssl-1.1/doc/man3/BIO_f_base64.pod b/release/src/router/openssl-1.1/doc/man3/BIO_f_base64.pod index c2c5309a601..55ca5d4de30 100644 --- a/release/src/router/openssl-1.1/doc/man3/BIO_f_base64.pod +++ b/release/src/router/openssl-1.1/doc/man3/BIO_f_base64.pod @@ -38,9 +38,8 @@ to flush the final block through the BIO. The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags(). For writing, it causes all data to be written on one line without newline at the end. -For reading, it forces the decoder to process the data regardless -of newlines. All newlines are ignored and the input does not need -to contain any newline at all. +For reading, it expects the data to be all on one line (with or +without a trailing newline). =head1 NOTES diff --git a/release/src/router/openssl-1.1/doc/man3/SSL_CTX_set1_verify_cert_store.pod b/release/src/router/openssl-1.1/doc/man3/SSL_CTX_set1_verify_cert_store.pod index b42f2a499f1..a7f2a53a80a 100644 --- a/release/src/router/openssl-1.1/doc/man3/SSL_CTX_set1_verify_cert_store.pod +++ b/release/src/router/openssl-1.1/doc/man3/SSL_CTX_set1_verify_cert_store.pod @@ -5,7 +5,9 @@ SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, -SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate +SSL_set0_chain_cert_store, SSL_set1_chain_cert_store, +SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, +SSL_get0_verify_cert_store, SSL_get0_chain_cert_store - set certificate verification or chain store =head1 SYNOPSIS @@ -16,11 +18,15 @@ verification or chain store int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); + int SSL_CTX_get0_verify_cert_store(SSL_CTX *ctx, X509_STORE **st); + int SSL_CTX_get0_chain_cert_store(SSL_CTX *ctx, X509_STORE **st); int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); + int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st); + int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st); =head1 DESCRIPTION @@ -34,6 +40,11 @@ SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar except they apply to SSL structure B. +SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(), +SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the +objects previously set via the above calls. A pointer to the object (or NULL if +no such object has been set) is written to B<*st>. + All these functions are implemented as macros. Those containing a B<1> increment the reference count of the supplied store so it must be freed at some point after the operation. Those containing a B<0> do @@ -90,7 +101,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/release/src/router/openssl-1.1/doc/man3/SSL_get_current_cipher.pod b/release/src/router/openssl-1.1/doc/man3/SSL_get_current_cipher.pod index 64ca819b0e1..4ed555aa497 100644 --- a/release/src/router/openssl-1.1/doc/man3/SSL_get_current_cipher.pod +++ b/release/src/router/openssl-1.1/doc/man3/SSL_get_current_cipher.pod @@ -10,8 +10,8 @@ SSL_get_pending_cipher - get SSL_CIPHER of a connection #include - SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); - SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); + const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); + const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); const char *SSL_get_cipher_name(const SSL *s); const char *SSL_get_cipher(const SSL *s); @@ -61,7 +61,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/release/src/router/openssl-1.1/include/openssl/opensslv.h b/release/src/router/openssl-1.1/include/openssl/opensslv.h index bd9dc920916..fec5f579623 100644 --- a/release/src/router/openssl-1.1/include/openssl/opensslv.h +++ b/release/src/router/openssl-1.1/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101010ffL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1o 3 May 2022" +# define OPENSSL_VERSION_NUMBER 0x1010111fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q 5 Jul 2022" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/release/src/router/openssl-1.1/include/openssl/ssl.h b/release/src/router/openssl-1.1/include/openssl/ssl.h index 59c07e58562..61b6538ed2a 100644 --- a/release/src/router/openssl-1.1/include/openssl/ssl.h +++ b/release/src/router/openssl-1.1/include/openssl/ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1311,6 +1311,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_MAX_PROTO_VERSION 131 # define SSL_CTRL_GET_SIGNATURE_NID 132 # define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CTRL_GET_VERIFY_CERT_STORE 137 +# define SSL_CTRL_GET_CHAIN_CERT_STORE 138 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1366,10 +1368,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_CTX_set1_verify_cert_store(ctx,st) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_CTX_set0_chain_cert_store(ctx,st) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_CTX_set1_chain_cert_store(ctx,st) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_set0_chain(s,sk) \ SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) # define SSL_set1_chain(s,sk) \ @@ -1392,10 +1398,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_set1_verify_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +#define SSL_get0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_set0_chain_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_set1_chain_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +#define SSL_get0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_get1_groups(s, glist) \ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ diff --git a/release/src/router/openssl-1.1/ssl/record/ssl3_record.c b/release/src/router/openssl-1.1/ssl/record/ssl3_record.c index f158544789b..47c7369ed54 100644 --- a/release/src/router/openssl-1.1/ssl/record/ssl3_record.c +++ b/release/src/router/openssl-1.1/ssl/record/ssl3_record.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1532,6 +1532,7 @@ int ssl3_cbc_copy_mac(unsigned char *out, #if defined(CBC_MAC_ROTATE_IN_PLACE) unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; unsigned char *rotated_mac; + char aux1, aux2, aux3, mask; #else unsigned char rotated_mac[EVP_MAX_MD_SIZE]; #endif @@ -1581,9 +1582,16 @@ int ssl3_cbc_copy_mac(unsigned char *out, #if defined(CBC_MAC_ROTATE_IN_PLACE) j = 0; for (i = 0; i < md_size; i++) { - /* in case cache-line is 32 bytes, touch second line */ - ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32]; - out[j++] = rotated_mac[rotate_offset++]; + /* + * in case cache-line is 32 bytes, + * load from both lines and select appropriately + */ + aux1 = rotated_mac[rotate_offset & ~32]; + aux2 = rotated_mac[rotate_offset | 32]; + mask = constant_time_eq_8(rotate_offset & ~32, rotate_offset); + aux3 = constant_time_select_8(mask, aux1, aux2); + out[j++] = aux3; + rotate_offset++; rotate_offset &= constant_time_lt_s(rotate_offset, md_size); } #else diff --git a/release/src/router/openssl-1.1/ssl/s3_lib.c b/release/src/router/openssl-1.1/ssl/s3_lib.c index e4cf007f82a..32f9b257106 100644 --- a/release/src/router/openssl-1.1/ssl/s3_lib.c +++ b/release/src/router/openssl-1.1/ssl/s3_lib.c @@ -3676,6 +3676,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_CHAIN_CERT_STORE: return ssl_cert_set_cert_store(s->cert, parg, 1, larg); + case SSL_CTRL_GET_VERIFY_CERT_STORE: + return ssl_cert_get_cert_store(s->cert, parg, 0); + + case SSL_CTRL_GET_CHAIN_CERT_STORE: + return ssl_cert_get_cert_store(s->cert, parg, 1); + case SSL_CTRL_GET_PEER_SIGNATURE_NID: if (s->s3->tmp.peer_sigalg == NULL) return 0; @@ -3949,6 +3955,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_CHAIN_CERT_STORE: return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg); + case SSL_CTRL_GET_VERIFY_CERT_STORE: + return ssl_cert_get_cert_store(ctx->cert, parg, 0); + + case SSL_CTRL_GET_CHAIN_CERT_STORE: + return ssl_cert_get_cert_store(ctx->cert, parg, 1); + /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: if (ctx->extra_certs == NULL) { diff --git a/release/src/router/openssl-1.1/ssl/ssl_cert.c b/release/src/router/openssl-1.1/ssl/ssl_cert.c index eba96b207ee..b615e7048da 100644 --- a/release/src/router/openssl-1.1/ssl/ssl_cert.c +++ b/release/src/router/openssl-1.1/ssl/ssl_cert.c @@ -876,6 +876,12 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref) return 1; } +int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain) +{ + *pstore = (chain ? c->chain_store : c->verify_store); + return 1; +} + int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp) { int level; diff --git a/release/src/router/openssl-1.1/ssl/ssl_local.h b/release/src/router/openssl-1.1/ssl/ssl_local.h index 9f346e30e8f..5c792154231 100644 --- a/release/src/router/openssl-1.1/ssl/ssl_local.h +++ b/release/src/router/openssl-1.1/ssl/ssl_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2301,6 +2301,7 @@ __owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); +__owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain); __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, diff --git a/release/src/router/openssl-1.1/ssl/statem/extensions_clnt.c b/release/src/router/openssl-1.1/ssl/statem/extensions_clnt.c index 9d38ac23b5f..b6f72d685c2 100644 --- a/release/src/router/openssl-1.1/ssl/statem/extensions_clnt.c +++ b/release/src/router/openssl-1.1/ssl/statem/extensions_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -118,6 +118,8 @@ static int use_ecc(SSL *s) int i, end, ret = 0; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = NULL; + const uint16_t *pgroups = NULL; + size_t num_groups, j; /* See if we support any ECC ciphersuites */ if (s->version == SSL3_VERSION) @@ -139,7 +141,19 @@ static int use_ecc(SSL *s) } sk_SSL_CIPHER_free(cipher_stack); - return ret; + if (!ret) + return 0; + + /* Check we have at least one EC supported group */ + tls1_get_supported_groups(s, &pgroups, &num_groups); + for (j = 0; j < num_groups; j++) { + uint16_t ctmp = pgroups[j]; + + if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + return 1; + } + + return 0; } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, diff --git a/release/src/router/openssl-1.1/ssl/t1_lib.c b/release/src/router/openssl-1.1/ssl/t1_lib.c index b1d3add1874..5f657f888e0 100644 --- a/release/src/router/openssl-1.1/ssl/t1_lib.c +++ b/release/src/router/openssl-1.1/ssl/t1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2369,22 +2369,20 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, ca_dn = s->s3->tmp.peer_ca_names; - if (!sk_X509_NAME_num(ca_dn)) + if (ca_dn == NULL + || sk_X509_NAME_num(ca_dn) == 0 + || ssl_check_ca_name(ca_dn, x)) rv |= CERT_PKEY_ISSUER_NAME; - - if (!(rv & CERT_PKEY_ISSUER_NAME)) { - if (ssl_check_ca_name(ca_dn, x)) - rv |= CERT_PKEY_ISSUER_NAME; - } - if (!(rv & CERT_PKEY_ISSUER_NAME)) { + else for (i = 0; i < sk_X509_num(chain); i++) { X509 *xtmp = sk_X509_value(chain, i); + if (ssl_check_ca_name(ca_dn, xtmp)) { rv |= CERT_PKEY_ISSUER_NAME; break; } } - } + if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME)) goto end; } else @@ -2555,6 +2553,8 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy) int rv, start_idx, i; if (x == NULL) { x = sk_X509_value(sk, 0); + if (x == NULL) + return ERR_R_INTERNAL_ERROR; start_idx = 1; } else start_idx = 0; diff --git a/release/src/router/openssl-1.1/test/certs/embeddedSCTs1-key.pem b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1-key.pem index e3e66d55c51..28dd206dbe8 100644 --- a/release/src/router/openssl-1.1/test/certs/embeddedSCTs1-key.pem +++ b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1-key.pem @@ -1,15 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k -WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X -EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB -AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g -PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf -flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU -X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ -pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA -b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt -9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR -83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs -n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ -1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ== +MIIEpQIBAAKCAQEAuIjpA4/iCpDA2mjywI5zG6IBX6bNcRQYDsB7Cv0VonNXtJBw +XxMENP4jVpvEmWpJ5iMBknGHV+XWBkngYapczIsY4LGn6aMU6ySABBVQpNOQSRfT +48xGGPR9mzOBG/yplmpFOVq1j+b65lskvAXKYaLFpFn3oY/pBSdcCNBP8LypVXAJ +b3IqEXsBL/ErgHG9bgIRP8VxBAaryCz77kLzAXkfHL2LfSGIfNONyEKB3xI94S4L +eouOSoWL1VkEfJs87vG4G5xoXw3KOHyiueQUUlMnu8p+Bx0xPVKPEsLje3R9k0rG +a5ca7dXAn9UypKKp25x4NXpnjGX5txVEYfNvqQIDAQABAoIBAE0zqhh9Z5n3+Vbm +tTht4CZdXqm/xQ9b0rzJNjDgtN5j1vuJuhlsgUQSVoJzZIqydvw7BPtZV8AkPagf +3Cm/9lb0kpHegVsziRrfCFes+zIZ+LE7sMAKxADIuIvnvkoRKHnvN8rI8lCj16/r +zbCD06mJSZp6sSj8ZgZr8wsU63zRGt1TeGM67uVW4agphfzuKGlXstPLsSMwknpF +nxFS2TYbitxa9oH76oCpEk5fywYsYgUP4TdzOzfVAgMzNSu0FobvWl0CECB+G3RQ +XQ5VWbYkFoj5XbE5kYz6sYHMQWL1NQpglUp+tAQ1T8Nca0CvbSpD77doRGm7UqYw +ziVQKokCgYEA6BtHwzyD1PHdAYtOcy7djrpnIMaiisSxEtMhctoxg8Vr2ePEvMpZ +S1ka8A1Pa9GzjaUk+VWKWsTf+VkmMHGtpB1sv8S7HjujlEmeQe7p8EltjstvLDmi +BhAA7ixvZpXXjQV4GCVdUVu0na6gFGGueZb2FHEXB8j1amVwleJj2lcCgYEAy4f3 +2wXqJfz15+YdJPpG9BbH9d/plKJm5ID3p2ojAGo5qvVuIJMNJA4elcfHDwzCWVmn +MtR/WwtxYVVmy1BAnmk6HPSYc3CStvv1800vqN3fyJWtZ1P+8WBVZWZzIQdjdiaU +JSRevPnjQGc+SAZQQIk1yVclbz5790yuXsdIxf8CgYEApqlABC5lsvfga4Vt1UMn +j57FAkHe4KmPRCcZ83A88ZNGd/QWhkD9kR7wOsIz7wVqWiDkxavoZnjLIi4jP9HA +jwEZ3zER8wl70bRy0IEOtZzj8A6fSzAu6Q+Au4RokU6yse3lZ+EcepjQvhBvnXLu +ZxxAojj6AnsHzVf9WYJvlI0CgYEAoATIw/TEgRV/KNHs/BOiEWqP0Co5dVix2Nnk +3EVAO6VIrbbE3OuAm2ZWeaBWSujXLHSmVfpoHubCP6prZVI1W9aTkAxmh+xsDV3P +o3h+DiBTP1seuGx7tr7spQqFXeR3OH9gXktYCO/W0d3aQ7pjAjpehWv0zJ+ty2MI +fQ/lkXUCgYEAgbP+P5UmY7Fqm/mi6TprEJ/eYktji4Ne11GDKGFQCfjF5RdKhdw1 +5+elGhZes+cpzu5Ak6zBDu4bviT+tRTWJu5lVLEzlHHv4nAU7Ks5Aj67ApH21AnP +RtlATdhWOt5Dkdq1WSpDfz5bvWgvyBx9D66dSmQdbKKe2dH327eQll4= -----END RSA PRIVATE KEY----- diff --git a/release/src/router/openssl-1.1/test/certs/embeddedSCTs1.pem b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1.pem index d1e85120a04..d2a111fb823 100644 --- a/release/src/router/openssl-1.1/test/certs/embeddedSCTs1.pem +++ b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1.pem @@ -1,20 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX -YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw -MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu -c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G -CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/ -BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk -EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw -FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q -Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD -VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w -DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK -BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L -vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw -KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG -SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE -oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr -5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMDAxMjUxMTUwMTNaGA8yMTIwMDEy +NjExNTAxM1owGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC4iOkDj+IKkMDaaPLAjnMbogFfps1xFBgOwHsK +/RWic1e0kHBfEwQ0/iNWm8SZaknmIwGScYdX5dYGSeBhqlzMixjgsafpoxTrJIAE +FVCk05BJF9PjzEYY9H2bM4Eb/KmWakU5WrWP5vrmWyS8BcphosWkWfehj+kFJ1wI +0E/wvKlVcAlvcioRewEv8SuAcb1uAhE/xXEEBqvILPvuQvMBeR8cvYt9IYh8043I +QoHfEj3hLgt6i45KhYvVWQR8mzzu8bgbnGhfDco4fKK55BRSUye7yn4HHTE9Uo8S +wuN7dH2TSsZrlxrt1cCf1TKkoqnbnHg1emeMZfm3FURh82+pAgMBAAGjggEMMIIB +CDAdBgNVHQ4EFgQUtMa8XD5ylrF9AqCdnPEhXa63H2owHwYDVR0jBBgwFoAUX52I +Dchz5lTU+A3Y5rDBJLRHw1UwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD +ATCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd3Fx5Wej3xtOI +/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgfDPo8RArm/vcSEZ608Q1u+XQ55QB +u67SZEuZxLpbUM0CIQDRsgcTud4PDy8Cgg+lHeAS7UxgSKBbWAznYOuorwNewzAZ +BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOBgQCWFKKR +RNkDRzB25NK07OLkbzebhnpKtbP4i3blRx1HAvTSamf/3uuHI7kfiPJorJymJpT1 +IuJvSVKyMu1qONWBimiBfiyGL7+le1izHEJIP5lVTbddfzSIBIvrlHHcWIOL3H+W +YT6yTEIzJuO07Xp61qnB1CE2TrinUWlyC46Zkw== -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/certs/embeddedSCTs1.sct b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1.sct index 59362dcee1f..35c9eb9e3be 100644 --- a/release/src/router/openssl-1.1/test/certs/embeddedSCTs1.sct +++ b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1.sct @@ -2,11 +2,11 @@ Signed Certificate Timestamp: Version : v1 (0x0) Log ID : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C: 79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64 - Timestamp : Apr 5 17:04:16.275 2013 GMT + Timestamp : Jan 1 00:00:00.000 2020 GMT Extensions: none Signature : ecdsa-with-SHA256 - 30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F: - D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3: - E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2: - F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1: - 05:51:9D:89:ED:BF:08 \ No newline at end of file + 30:45:02:20:7C:33:E8:F1:10:2B:9B:FB:DC:48:46:7A: + D3:C4:35:BB:E5:D0:E7:94:01:BB:AE:D2:64:4B:99:C4: + BA:5B:50:CD:02:21:00:D1:B2:07:13:B9:DE:0F:0F:2F: + 02:82:0F:A5:1D:E0:12:ED:4C:60:48:A0:5B:58:0C:E7: + 60:EB:A8:AF:03:5E:C3 \ No newline at end of file diff --git a/release/src/router/openssl-1.1/test/certs/embeddedSCTs1_issuer-key.pem b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1_issuer-key.pem new file mode 100644 index 00000000000..9326e38b1eb --- /dev/null +++ b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1_issuer-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7jHbrkVfT0PtLO1FuzsvR +yY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjPKDHM5nugSlojgZ88ujfm +JNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnLsvfP34b7arnRsQIDAQAB +AoGAJLR6xEJp+5IXRFlLn7WTkFvO0ddtxJ7bXhiIkTctyruyfqp7LF9Jv1G2m3PK +QPUtBc73w/GYkfnwIwdfJbOmPHL7XyEGHZYmEXgIgEtw6LXvAv0G5JpUnNwsSBfL +GfSQqI5Z5ytyzlJXkMcTGA2kTgNAYc73h4EnU+pwUnDPdAECQQD2aj+4LtYk1XPq +r3gjgI6MoGvgYJfPmAtZhxxVbhXQKciFUCAcBiwlQdHIdLWE9j65ctmZRWidKifr +4O4nz+TBAkEA3djNW/rTQq5fKZy+mCF1WYnIU/3yhJaptzRqLm7AHqe7+hdrGXJw ++mCtU8T3L/Ms8bH1yFBZhmkp1PbR8gl48QJAQo70YyWThiN5yfxXcQ96cZWrTdIJ +b3NcLXSHPLQdhDqlBQ1dfvRT3ERpC8IqfZ2d162kBPhwh3MpkVcSPQK0gQJAC/dY +xGBYKt2a9nSk9zG+0bCT5Kvq++ngh6hFHfINXNnxUsEWns3EeEzkrIMQTj7QqszN +lBt5aL2dawZRNrv6EQJBAOo4STF9KEwQG0HLC/ryh1FeB0OBA5yIepXze+eJVKei +T0cCECOQJKfWHEzYJYDJhyEFF/sYp9TXwKSDjOifrsU= +-----END RSA PRIVATE KEY----- diff --git a/release/src/router/openssl-1.1/test/certs/embeddedSCTs1_issuer.pem b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1_issuer.pem index 1fa449d5a09..6aa9455f09e 100644 --- a/release/src/router/openssl-1.1/test/certs/embeddedSCTs1_issuer.pem +++ b/release/src/router/openssl-1.1/test/certs/embeddedSCTs1_issuer.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX -YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw -MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu -c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 -jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP -KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL -svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk -tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG -A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO -MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB -/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt -OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy -f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP -OwqULg== +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw +ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy +YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG +0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4 +SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG +acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw +wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw +CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB +MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq ++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo +2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c +Doud4XrO -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/ct_test.c b/release/src/router/openssl-1.1/test/ct_test.c index 78d11ca98cf..84f6bedddc8 100644 --- a/release/src/router/openssl-1.1/test/ct_test.c +++ b/release/src/router/openssl-1.1/test/ct_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,7 +63,7 @@ static CT_TEST_FIXTURE *set_up(const char *const test_case_name) if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) goto end; fixture->test_case_name = test_case_name; - fixture->epoch_time_in_ms = 1473269626000ULL; /* Sep 7 17:33:46 2016 GMT */ + fixture->epoch_time_in_ms = 1580335307000ULL; /* Wed 29 Jan 2020 10:01:47 PM UTC */ if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new()) || !TEST_int_eq( CTLOG_STORE_load_default_file(fixture->ctlog_store), 1)) diff --git a/release/src/router/openssl-1.1/test/recipes/10-test_bn_data/bnmod.txt b/release/src/router/openssl-1.1/test/recipes/10-test_bn_data/bnmod.txt index 6c94a0f0252..edde03bd629 100644 --- a/release/src/router/openssl-1.1/test/recipes/10-test_bn_data/bnmod.txt +++ b/release/src/router/openssl-1.1/test/recipes/10-test_bn_data/bnmod.txt @@ -2474,6 +2474,71 @@ A = 9025e6183706105e948b1b0edf922f9011b9e11887d70adb00b26f272b9e76a38f3099084d9c E = d7e6df5d755284929b986cd9b61c9c2c8843f24c711fbdbae1a468edcae159400943725570726cdc92b3ea94f9f206729516fdda83e31d815b0c7720e7598a91d992273e3bd8ac413b441d8f1dfe5aa7c3bf3ef573adc38292676217467731e6cf440a59611b8110af88d3e62f60209b513b01fbb69a097458ad02096b5e38f0 M = e4e784aa1fa88625a43ba0185a153a929663920be7fe674a4d33c943d3b898cff051482e7050a070cede53be5e89f31515772c7aea637576f99f82708f89d9e244f6ad3a24a02cbe5c0ff7bcf2dad5491f53db7c3f2698a7c41b44f086652f17bb05fe4c5c0a92433c34086b49d7e1825b28bab6c5a9bd0bc95b53d659afa0d7 +# The following inputs trigger an edge case between Montgomery reduction and the +# "almost" reduction variant from https://eprint.iacr.org/2011/239 +ModExp = 00 +A = 19c7bc9b97c6083cd7b8d1cd001452c9b67983247169c6532047eb7fc8933014dbf69fee7a358769f1429802c8ea89d4f9ca6ba6f368fbdb1fa5717b4a00 +E = bbc7e09147408571050e8d0c634682c5863b7e8a573626648902cff12e590c74f5a23ecce39732266bc15b8afbd6c48a48c83fbdc33947515cc0b6e4fb98ae2cd730e58f951fec8be7e2e3c74f4506c7fd7e29bdb28675fe8a59789ab1148e931a2ebd2d36f78bc241682a3d8083d8ff538858cd240c5a693936e5a391dc9d77118062a3f868c058440a4192267faaaba91112f45eee5842060febbf9353a6d3e7f7996573209136a5506062ea23d74067f08c613f3ff74bade25f8c3368e6dba84eae672eac11be1137fc514924fcab8c82e46d092bd047dcbadaa48c67a096ec1a04f392a8511e6acbad9954949b703e71ff837337b594055ae6f3c0fc154447a687c9ac8a2cdfd64a2e680c6ff21254735af7f5eb6b43f0bce86bda55a04143a991711081435ed4f4a89b23fc3a588022b7a8543db4bf5c8ac93603367c750ff2191f59a716340fab49bb7544759c8d846465eec1438e76395f73e7b5e945f31f1b87fefa854a0d208846eaab5fa27144fd039911608bab0eaee80f1d3553dfa2d9ba95268479b97a059613660df5ad79796e0b272244aca90ccc13449ec15c206eeed7b60405a4c5cfdf5da5d136c27fa9385d810ad198dfe794ffce9955e10520efea1e2eb794e379401b9affd863b9566ce941c4726755574a1b1946acf0090bfb93f37dd55f524485bbba7fa84b53addfde01ae1de9c57fe50d4b708dd0fa45d02af398b3d05c6d17f84c11e9aacdbe0b146cad6ddbd877731e26a17f3ebed459560d12ed7a6abc2ea6fe922e69d2622ef11b6b245b9ba8f0940faaa671a4beb727be5393a94dafaeff7221b29183e7418f4c5bb95a6a586c93dbc8ce0236d9dbe26c40513611b4141fed66599adbfb20fc30e09a4815e4159f65a6708f34584a7a77b3843941cd61a6917dcc3d07a3dfb5a2cb108bacea7e782f2111b4d22ecaaeff469ecd0da371df1ac5e9bf6df6ccba2d3a9f393d597499eaca2c206bfb81c3426c5fe45bcf16e38aecd246a319a1f37041c638b75a4839517e43a6d01bee7d85eaeedbce13cd15699d3ee42c7414cfed576590e4fb6ddb6edd3e1957efaf039bfe8b9dc75869b1f93abff15cae8b234161070fa3542303c2ed35ca66083d0ac299b81182317a2a3985269602b1fa1e822fcbda48e686d80b273f06b0a702ca7f42cbbbd2fc2b3601422c8bff6302eda3c61b293049636002649b16f3c1f0be2b6599d66493a4497cd795b10a2ab8220fafad24fa90e1bfcf39ecce337e705695c7a224bf9f445a287d6aab221341659ca4be7861f6ac4c9d33dac811e6 +M = 519b6e57781d40d897ec0c1b648d195526726b295438c9a70928ac25979563d72db91c8c42298a33b572edecdf40904c68a23337aa5341b56e92b0da5041 + +# To fully exercise BN_mod_exp_mont_consttime codepaths, we generate inputs at +# different bitwidths. rsaz-avx2.pl only runs at 1024-bit moduli, and +# x86_64-mont5.pl unrolls 8 64-bit words at a time, so we want to capture both +# multiples of 512- and non-multiples. Also include moduli that are not quite a +# full word. +# 512-bit +ModExp = 00 +A = 8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e +E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +M = 8f42c9e9e351ba9b32ab0cf69da43f4acf7028d19cff6e5059ea0e3fcc97c97f36a31470044737d4c0c933ac441ecb29e32c81401523afdac7de9c3fd8493c97 + +# 1024-bit +ModExp = 00 +A = 800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f +E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +M = 9da8dc26fdf4d2e49833b240ee552beb7a6e251caa91bfb5d6cafaf8ed9461877fda8f6ac299036d35806bc1ae7872e54eaac1ec6bee6d02c6621a9cf8883b3abc33c49b3e601203e0e86ef8f0562412cc689ee2670704583909ca6d7774c9f9f9f4d77d37fedef9cb51d207cb629ec02fa03b526fd6594bfa8f2da71238a0b7 + +# 1025-bit +ModExp = 00 +A = 010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +M = 010223abfdda02e84e11cec8ee7fc784fa135733935f7b9054bb70f1f06d234d76dcf3beed55c7f39e955dc1fef2b65009240fd02f7a1b27a78fc2867144bf666efb929856db9f671c356c4c67a068a70fe83c52eebda03668872fd270d0794f0771d217fb6b93b12529a944f7f0496a9158757c55b8ee14f803f1d2d887e2f561 + +# 1088-bit +ModExp = 00 +A = 8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003d +E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +M = e91f6d748773cb212a23aa348125615123b1800c9ea222c9374c757702ae4140fa333790ed8f6bf60a1d7dda65c2767cc5f33e32e333d19fbfb5a2b85795757c9ca070268763a618e9d33873d28a89bf88acd209efbb15b80cd33b92a6b3a682e1c91782fc24fb86ddff4f809219c977b54b99359094bbcc51dfe17b992ab24b74a17950ad754281 + +# 1472-bit +ModExp = 00 +A = 8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d +E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +M = a8770362f4bfe4fc1ab0e52705c11a9b6ba235d5a5f22197c2d68e27ed18426ede3316af706aa79bcf943dbd51459eb15ae1f9386216b3f3a847f94440a65b97659bc5ba2adb67173714ecaa886c0b926d7a64ea45576f9d2171784ce7e801724d5b0abfd93357d538ea7ad3ad89a74f4660bdb66dfb5f684dcf00402e3cdf0ab58afd867c943c8f47b80268a789456aa7c50a619dd2f9f5e3f74b5d810f0f8dadbf4ad5b917cdcb156c4c132611c8b3b035118a9e03551f + +# 1536-bit +ModExp = 00 +A = 800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002 +E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +M = 878cd000778f927b2f1a4b8bac86efd282079a7ac0d25e09ffd2f72fbc282e65e233929d2457c7b1d63c56fb706cdfa04fb87e654c578c98d7cf59c2293dc5641086b68db4867105981daaf147a0ee91f6932ef064deae4142c19e58d50c0686f0eaf778be72450f89a98b4680bbc5ffab942195e44dd20616150fd1deca058068ca31ab2f861e99082588f17a2025bf5e536150142fca3187a259c791fc721430f24d7e338f8dc02e693a7e694d42775e80f7f7c03600b6ae86b4aba2b0e991 + +# 2048-bit +ModExp = 00 +A = 8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f +E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +M = 9f40a7535c561208ecb38e17c9336d9bc8484d335901b2cd42759cf03689227f6992f10cb6b586d767fbcdf30e9d82a0eda60d2694ccd0194fa96b50b56e0cdeec1951ea9e58b07e334a7f108841a0ab28256917fecea561388807ed124a17386a7a7b501f9cbf3404247a76948d0561e48137d3f9669e36f175731796aeaf78851f7d866917f661422186a4814aa35c066b5a90b9cfc918af769a9f0bb30c12581027df64ac328a0f07dbd20adb704479f6d0f233a131828c71bab19c3c34795ea4fb68aa632c6f688e5b3b84413c9031d8dc251003a590dec0dd09bfa6109ed4570701439b6f265b84ac2170c317357b5fbe5535e2bbdd93c1aacfdaa28c85 + +# 3072-bit +ModExp = 00 +A = 80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d +E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +M = c23dfd244a58a668d514498a705c8f8f548311b24f0f98b023d2d33632534c2ae948d6641d41fd7a29fbbd594bfc7fdd6e8162cbb3056af3075347b6fc8876458d33a9d0ffdbcdf482de0c73d1310fd8fa8f9f92dd0dbb0e2034e98a30f6c11b482f7476c5b593f673a322b1130daa4314e9074270dce1076436f0d56cf196afcbb235a9a7b3ac85b9062e85fc0e63a12c468c787019f6805f9faab64fc6a0babc80785d88740243f11366bffb40ccbe8b2bb7a99a2c8238a6f656bb0117d7b2602aa400f4d77de5f93c673f13264ca70de949454e3e3f261993c1aa427e8ef4f507af744f71f3b4aaf3c981d44cc1bfb1eb1151168762b242b740573df698e500d99612e17dc760f7b3bf7c235e39e81ad7edbe6c07dbb8b139745bb394d61cb799bcafec5de074932b0b2d74797e779ac8d81f63a2b2e9baa229dfaa7f90f34ffade1d2ad022a3407d35eb2d7477c6ae8ad100f6e95c05b4f947c1fabfb11a17add384e6b4cd3a02fd9b43f46805c6c74e366b74aa3b766be7a5fbbd67fa81 + +# 4096-bit +ModExp = 00 +A = 8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 +E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +M = 8030411ecbddcb0fe4e76fd6b5bf542e8b015d1610cf96130ded12ba2cda0641bd9692080f218ea8b0d751845b519d95b843542ec8d2a07f1f93afe3189b69a4f35c983011c7f7928c3df458cc3eae85c36e6934a4b1bc0a67c8a521de336642c49e10a7ffa8d0af911aacc19e3900449161940f139220e099a150dcaf0ff96ffff6e726c1ac139969103cf6a828ac3adf0301506aa02787b4f570d5dde53a34acab8fec6fa94760abf16ee99954371ad65a6e899daab87b95811d069404991de9abe064ebbddf886e970f10d260c899dda940191a82d4c8bd36651363aff5493f4f59e700007dcadf37ebea7fcfd7600d16617ffea0d9ae659446d851d93c564e50e558f734c894d735fa273770703dab62844d9f01badf632f3d14a00f739c022c9be95f54e9cea46ec6da7cb11f4602e06962951c48204726b7f120ddbd0eb3566dc8d1e6f195a9196e96db33322d088b43aecffe9b4df182dd016aca0bd14f1c56cd1a18b89165c027029862b09ffd78e92ab614349c4fd67f49cb12cd33d0728930d0538bda57acef1365a73cc8fbac7d463b9e3c3bae0bb6224b080cdb8b5cd47d546d53111fdc22b7ff679bcfe27192920ee163b2be337d8cccc93b4de7d2d31934b9c0e97af291dcc1135b4a473bd37114eec3ba75c411887b57799d3188e7353f33a4d31735ebfc9fcfc044985148dd96da3876a5ab7ea7a404b411 # These test vectors satisfy (ModSqrt * ModSqrt) mod P = A mod P with P a prime. # ModSqrt is in [0, (P-1)/2]. diff --git a/release/src/router/openssl-1.1/test/recipes/30-test_evp_data/evpciph.txt b/release/src/router/openssl-1.1/test/recipes/30-test_evp_data/evpciph.txt index 1c02ea1e9c2..8480ddee0b6 100644 --- a/release/src/router/openssl-1.1/test/recipes/30-test_evp_data/evpciph.txt +++ b/release/src/router/openssl-1.1/test/recipes/30-test_evp_data/evpciph.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1188,6 +1188,56 @@ Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B21 Operation = DECRYPT Result = CIPHERFINAL_ERROR +#Test vectors generated to validate aesni_ocb_encrypt on x86 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000000000001020304050607 +Tag = C14DFF7D62A13C4A3422456207453190 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000000000001020304050607 +Tag = D47D84F6FF912C79B6A4223AB9BE2DB8 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F +Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000000000001020304050607 +Tag = 41970D13737B7BD1B5FBF49ED4412CA5 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D +Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000000000001020304050607 +Tag = BE0228651ED4E48A11BDED68D953F3A0 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D +Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000000000001020304050607 +Tag = 17BC6E10B16E5FDC52836E7D589518C7 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D +Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000000000001020304050607 +Tag = E84AAC18666116990A3A37B3A5FC55BD +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D +Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000000000001020304050607 +Tag = 3E5EA7EE064FE83B313E28D411E91EAD +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D +Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C + Title = AES XTS test vectors from IEEE Std 1619-2007 # Using the same key twice for encryption is always banned. diff --git a/release/src/router/openssl-1.1/test/recipes/80-test_ssl_new.t b/release/src/router/openssl-1.1/test/recipes/80-test_ssl_new.t index 81d8f59a70b..3d281091d15 100644 --- a/release/src/router/openssl-1.1/test/recipes/80-test_ssl_new.t +++ b/release/src/router/openssl-1.1/test/recipes/80-test_ssl_new.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,7 @@ map { s/\^// } @conf_files if $^O eq "VMS"; # We hard-code the number of tests to double-check that the globbing above # finds all files as expected. -plan tests => 29; # = scalar @conf_srcs +plan tests => 30; # = scalar @conf_srcs # Some test results depend on the configuration of enabled protocols. We only # verify generated sources in the default configuration. @@ -70,6 +70,8 @@ my %conf_dependent_tests = ( "25-cipher.conf" => disabled("poly1305") || disabled("chacha"), "27-ticket-appdata.conf" => !$is_default_tls, "28-seclevel.conf" => disabled("tls1_2") || $no_ec, + "30-supported-groups.conf" => disabled("tls1_2") || disabled("tls1_3") + || $no_ec || $no_ec2m ); # Add your test here if it should be skipped for some compile-time diff --git a/release/src/router/openssl-1.1/test/smime-certs/mksmime-certs.sh b/release/src/router/openssl-1.1/test/smime-certs/mksmime-certs.sh index c98e164b187..e33fac97bc3 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/mksmime-certs.sh +++ b/release/src/router/openssl-1.1/test/smime-certs/mksmime-certs.sh @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,23 +15,23 @@ export OPENSSL_CONF # Root CA: create certificate directly CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \ - -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650 + -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501 # EE RSA certificates: create request first CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \ -keyout smrsa1.pem -out req.pem -newkey rsa:2048 # Sign request: end entity extensions -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \ -keyout smrsa2.pem -out req.pem -newkey rsa:2048 -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \ -keyout smrsa3.pem -out req.pem -newkey rsa:2048 -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem # Create DSA parameters @@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048 CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \ -keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \ -keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \ -keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem # Create EC parameters @@ -58,15 +58,15 @@ $OPENSSL ecparam -out ecp2.pem -name K-283 CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \ -keyout smec1.pem -out req.pem -newkey ec:ecp.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \ -keyout smec2.pem -out req.pem -newkey ec:ecp2.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -nodes \ -keyout smec3.pem -out req.pem -newkey ec:ecp.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem # Create X9.42 DH parameters. $OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_type:2 \ @@ -78,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -nodes \ -keyout smtmp.pem -out req.pem -newkey rsa:2048 # Sign request but force public key to DH -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -force_pubkey dhpub.pem \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem # Remove temp files. diff --git a/release/src/router/openssl-1.1/test/smime-certs/smdh.pem b/release/src/router/openssl-1.1/test/smime-certs/smdh.pem index f831b0713b9..273dfca5e05 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smdh.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smdh.pem @@ -1,33 +1,47 @@ -----BEGIN PRIVATE KEY----- -MIIBSgIBADCCASsGByqGSM4+AgEwggEeAoGBANQMSgwEcnEZ31kZxa9Ef8qOK/AJ -9dMlsXMWVYnf/QevGdN/0Aei/j9a8QHG+CvvTm0DOEKhN9QUtABKsYZag865CA7B -mSdHjQuFqILtzA25sDJ+3+jk9vbss+56ETRll/wasJVLGbmmHNkBMvc1fC1d/sGF -cEn4zJnQvvFaeMgDAoGAaQD9ZvL8FYsJuNxN6qp5VfnfRqYvyi2PWSqtRKPGGC+V -thYg49PRjwPOcXzvOsdEOQ7iH9jTiSvnUdwSSEwYTZkSBuQXAgOMJAWOpoXyaRvh -atziBDoBnWS+/kX5RBhxvS0+em9yfRqAQleuGG+R1mEDihyJc8dWQQPT+O1l4oUC -FQCJlKsQZ0VBrWPGcUCNa54ZW6TH9QQWAhRR2NMZrQSfWthXDO8Lj5WZ34zQrA== +MIICXAIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCB6AUA/1eXRh+iLWHXe+lUl6e+ ++460tAIIpsQ1jw1ZaTmlH9SlrWSBNVRVHwDuBW7vA+lKgBvDpCIjmhRbgrZIGwcZ +6ruCYy5KF/B3AW5MApC9QCDaVrG6Hb7NfpMgwuUIKvvvOMrrvn4r5Oxtsx9rORTE +bdS33MuZCOIbodjs5u+e/2hhssOwgUTMASDwXppJTyeMwAAZ+p78ByrSULP6yYdP +PTh8sK1begDG6YTSKE3VqYNg1yaE5tQvCQ0U2L4qZ8JqexAVHbR8LA8MNhtA1pma +Zj4q2WNAEevpprIIRXgJEZY278nPlvVeoKfOef9RBHgQ6ZTnZ1Et5iLMCwYHAoIB +AFVgJaHfnBVJYfaQh1NyoVZJ5xX6UvvL5xEKUwwEMgs8JSOzp2UI+KRDpy9KbNH7 +93Kwa2d8Q7ynciDiCmd1ygF4CJKb4ZOwjWjpZ4DedHr0XokGhyBCyjaBxOi3i4tP +EFO8YHs5B/yOZHzcpTfs2VxJqIm3KF8q0Ify9PWDAsgo+d21/+eye60FHjF9o2/D +l3NRlOhUhHNGykfqFgKEEEof3/3c6r5BS0oRXdsu6dx/y2/v8j9aJoHfyGHkswxr +ULSBxJENOBB89C+GET6yhbxV1e4SFwzHnXgG8bWXwk7bea6ZqXbHq0pT3kUiQeKe +assXKqRBAG9NLbQ3mmx8RFkCHQDIVBWPf6VwBa2s1CAcsIziVJ8qr/KAKx9DZ3h5 +BB4CHAF3VZBAC/TB85J4PzsLJ+VrOWr0c8kQlYUR9rw= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIID/zCCAuegAwIBAgIJANv1TSKgememMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA4MDIxNDQ5MjlaFw0yMzA2MTExNDQ5MjlaMEQx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU -ZXN0IFMvTUlNRSBFRSBESCAjMTCCAbYwggErBgcqhkjOPgIBMIIBHgKBgQDUDEoM -BHJxGd9ZGcWvRH/KjivwCfXTJbFzFlWJ3/0HrxnTf9AHov4/WvEBxvgr705tAzhC -oTfUFLQASrGGWoPOuQgOwZknR40LhaiC7cwNubAyft/o5Pb27LPuehE0ZZf8GrCV -Sxm5phzZATL3NXwtXf7BhXBJ+MyZ0L7xWnjIAwKBgGkA/Wby/BWLCbjcTeqqeVX5 -30amL8otj1kqrUSjxhgvlbYWIOPT0Y8DznF87zrHRDkO4h/Y04kr51HcEkhMGE2Z -EgbkFwIDjCQFjqaF8mkb4Wrc4gQ6AZ1kvv5F+UQYcb0tPnpvcn0agEJXrhhvkdZh -A4ociXPHVkED0/jtZeKFAhUAiZSrEGdFQa1jxnFAjWueGVukx/UDgYQAAoGAL1ve -cgI2awBeJH8ULBhSQpdL224VUDxFPiXzt8Vu5VLnxPv0pfA5En+8VByTuV7u6RSw -3/78NuTyr/sTyN8YlB1AuXHdTJynA1ICte1xgD4j2ijlq+dv8goOAFt9xkvXx7LD -umJ/cCignXETcNGfMi8+0s0bpMZyoHRdce8DQ26jYDBeMAwGA1UdEwEB/wQCMAAw -DgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQLWk1ffSXH8p3Bqrdjgi/6jzLnwDAf -BgNVHSMEGDAWgBTffl6IBSQzCN0igQKXzJq3sTMnMDANBgkqhkiG9w0BAQUFAAOC -AQEAWvJj79MW1/Wq3RIANgAhonsI1jufYqxTH+1M0RU0ZXHulgem77Le2Ls1bizi -0SbvfpTiiFGkbKonKtO2wvfqwwuptSg3omMI5IjAGxYbyv2KBzIpp1O1LTDk9RbD -48JMMF01gByi2+NLUQ1MYF+5RqyoRqcyp5x2+Om1GeIM4Q/GRuI4p4dybWy8iC+d -LeXQfR7HXfh+tAum+WzjfLJwbnWbHmPhTbKB01U4lBp6+r8BGHAtNdPjEHqap4/z -vVZVXti9ThZ20EhM+VFU3y2wyapeQjhQvw/A2YRES0Ik7BSj3hHfWH/CTbLVQnhu -Uj6tw18ExOYxqoEGixNLPA5qsQ== +MIIFmDCCBICgAwIBAgIUWlJkHZZ2eZgkGCHFtcMAjlLdDH8wDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgREggIzEwggNCMIICNQYHKoZIzj4C +ATCCAigCggEBAIHoBQD/V5dGH6ItYdd76VSXp777jrS0AgimxDWPDVlpOaUf1KWt +ZIE1VFUfAO4Fbu8D6UqAG8OkIiOaFFuCtkgbBxnqu4JjLkoX8HcBbkwCkL1AINpW +sbodvs1+kyDC5Qgq++84yuu+fivk7G2zH2s5FMRt1Lfcy5kI4huh2Ozm757/aGGy +w7CBRMwBIPBemklPJ4zAABn6nvwHKtJQs/rJh089OHywrVt6AMbphNIoTdWpg2DX +JoTm1C8JDRTYvipnwmp7EBUdtHwsDww2G0DWmZpmPirZY0AR6+mmsghFeAkRljbv +yc+W9V6gp855/1EEeBDplOdnUS3mIswLBgcCggEAVWAlod+cFUlh9pCHU3KhVknn +FfpS+8vnEQpTDAQyCzwlI7OnZQj4pEOnL0ps0fv3crBrZ3xDvKdyIOIKZ3XKAXgI +kpvhk7CNaOlngN50evReiQaHIELKNoHE6LeLi08QU7xgezkH/I5kfNylN+zZXEmo +ibcoXyrQh/L09YMCyCj53bX/57J7rQUeMX2jb8OXc1GU6FSEc0bKR+oWAoQQSh/f +/dzqvkFLShFd2y7p3H/Lb+/yP1omgd/IYeSzDGtQtIHEkQ04EHz0L4YRPrKFvFXV +7hIXDMedeAbxtZfCTtt5rpmpdserSlPeRSJB4p5qyxcqpEEAb00ttDeabHxEWQId +AMhUFY9/pXAFrazUIBywjOJUnyqv8oArH0NneHkDggEFAAKCAQBigH0Mp4jUMSfK +yOhKlEfyZ/hj/EImsUYW4+u8xjBN+ruOJUTJ06Mtgw3g2iLkhQoO9NROqvC9rdLj ++j3e+1QWm9EDNKQAa4nUp8/W+XZ5KkQWudmtaojEXD1+kd44ieNLtPGuVnPtDGO4 +zPf04IUq7tDGbMDMMn6YXvW6f28lR3gF5vvVIsnjsd/Lau6orzmNSrymXegsEsFR +Q7hT+/tPoAtro6Hx9rBrYb/0OCiRe4YuYrFKkC0aaJfUQepVyuVMSTxxKTzq8T06 +M8SBITlmkPFZJHyGzV/+a72hpJsAa0BaDnpxH3cFpEMzeYG1XQK461zexoIYN3ub +i3xNPUzPo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4E +FgQULayIqKcWHtUH4pFolI6dKxycIG8wHwYDVR0jBBgwFoAUFcETIWviVV+nah1X +INbP86lzZFkwDQYJKoZIhvcNAQELBQADggEBAKjKvvJ6Vc9HiQXACqqRZnekz2gO +ue71nsXXDr2+y4PPpgcDzgtO3vhQc7Akv6Uyca9LY7w/X+temP63yxdLpKXTV19w +Or0p4VEvTZ8AttMjFh4Hl8caVYk/J4TIudSXLIfKROP6sFu5GOw7W3xpBkL5Zio6 +3dqe6xAYK0woNQPDfj5yOAlqj1Ohth81JywW5h2g8GfLtNe62coAqwjMJT+ExHfU +EkF/beSqRGOvXwyhSxFpe7HVjUMgrgdfoZnNsoPmpH3eTiF4BjamGWI1+Z0o+RHa +oPwN+cCzbDsi9uTQJO1D5S697heX00zzzU/KSW7djNzKv55vm24znuFkXTM= -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/smime-certs/smdsa1.pem b/release/src/router/openssl-1.1/test/smime-certs/smdsa1.pem index b424f6704ed..0104e207cb2 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smdsa1.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smdsa1.pem @@ -1,47 +1,47 @@ -----BEGIN PRIVATE KEY----- -MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 -k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou -zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO -wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK -v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC -0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA -rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM -zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx -DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy -xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 -ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h -Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ -TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= +MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 +i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t +4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa +kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg +c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S +8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A +mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw +V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 +ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR +CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL +5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL +QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX +ygQeAhwE9yuqObvNXzUTN+PY2rg00PzdyJw3XJAUrmlY -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 -uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS -7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS -wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 -+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 -Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D -AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb -0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu -g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 -0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv -yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf -7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P -aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x -EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV -86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE -DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp -O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit -1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg -MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO -xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs -MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx -d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3 -MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z -Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt -17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf -0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO +MIIFmjCCBIKgAwIBAgIUUoOmJmXAY29/2rWY0wJphQ5/pzUwDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMxMIIDQzCCAjYGByqGSM44 +BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL +J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 +LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd +62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt +MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l +aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK +3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b +bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ +9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 +DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B +E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV +hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBACGS7hCpTL0g +lx9C1Bwz5xfVd0mwCqx9UGiH8Bf4lRsSagL0Irwvnjz++WH1vecZa2bWsYsPhQ+D +KDzaCo20CYln4IFEPgY0fSE+KTF1icFj/mD+MgxWgsgKoTI120ENPGHqHpKkv0Uv +OlwTImU4BxxkctZ5273XEv3VPQE8COGnXgqt7NBazU/O7vibFm0iaEsVjHFHYcoo ++sMcm3F2E/gvR9IJGaGPeCk0sMW8qloPzErWIugx/OGqM7fni2cIcZwGdju52O+l +cLV0tZdgC7eTbVDMLspyuiYME+zvEzRwCQF/GqcCDSn68zxJv/zSNZ9XxOgZaBfs +Na7e8YGATiujYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud +DgQWBBSFVrWPZrHzhHUg0MMEAAKwQIfsazAfBgNVHSMEGDAWgBQVwRMha+JVX6dq +HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAbm49FB+eyeX7OBUC/akhnkFw +cDXqw7Fl2OibRK+g/08zp4CruwJdb72j5+pTmG+9SF7tGyQBfHFf1+epa3ZiIc+0 +UzFf2xQBMyHjesL19cTe4i176dHz8pCxx9OEow0GlZVV85+Anev101NskKVNNVA7 +YnB2xKQWgf8HORh66XVCk54xMcd99ng8xQ8vhZC6KckVbheQgdPp7gUAcDgxH2Yo +JF8jHQlsWNcCGURDldP6FQ49TGWHj24IGjnjGapWxMUjvCz+kV6sGW/OIYu+MM9w +FMIOyEdUUtKowWT6eXwrITup3T6pspPTicbK61ZCPuxMvP2JBFGZsqat+F5g+w== -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/smime-certs/smdsa2.pem b/release/src/router/openssl-1.1/test/smime-certs/smdsa2.pem index 648447fc89a..7d5b969dc3b 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smdsa2.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smdsa2.pem @@ -1,47 +1,47 @@ -----BEGIN PRIVATE KEY----- -MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 -k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou -zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO -wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK -v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC -0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA -rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM -zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx -DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy -xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 -ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h -Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ -TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== +MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 +i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t +4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa +kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg +c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S +8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A +mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw +V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 +ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR +CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL +5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL +QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX +ygQeAhwmRauZi+nQ3kQ+GSKD7JCwv8XkD9NObMGlW018 -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 -uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS -7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS -wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 -+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 -Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D -AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb -0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu -g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 -0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv -yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf -7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P -aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E -h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt -tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa -LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn -3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0 -KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg -MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k -qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs -MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp -VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb -uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV -6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD -2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96 -GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I +MIIFmjCCBIKgAwIBAgIUHGKu2FMhT1wCiJTK3uAnklo55uowDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMyMIIDQzCCAjYGByqGSM44 +BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL +J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 +LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd +62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt +MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l +aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK +3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b +bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ +9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 +DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B +E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV +hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAE0+OYS0s8/o +HwuuiPsBZTlRynqdwF6FHdE0Ei2uVTxnJouPYB2HvaMioG2inbISzPtEcnLF9Pyx +4hsXz7D49yqyMFjE3G8ObBOs/Vdno6E9ZZshWiRDwPf8JmoYp551UuJDoVaOTnhx +pEs30nuidtqd54PMdWUQPfp58kTu6bXvcRxdUj5CK/PyjavJCnGfppq/6j8jtrji +mOjIIeLZIbWp7hTVS/ffmfqZ8Lx/ShOcUzDa0VS3lfO28XqXpeqbyHdojsYlG2oA +shKJL7/scq3ab8cI5QuHEIGSbxinKfjCX4OEQ04CNsgUwMY9emPSaNdYDZOPqq/K +3bGk2PLcRsyjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud +DgQWBBTQAQyUCqYWGo5RuwGCtHNgXgzEQzAfBgNVHSMEGDAWgBQVwRMha+JVX6dq +HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAc3rayE2FGgG1RhLXAHYAs1Ky +4fcVcrzaPaz5jjWbpBCStkx+gNcUiBf+aSxNrRvUoPOSwMDLpMhbNBj2cjJqQ0W1 +oq4RUQth11qH89uPtBqiOqRTdlWAGZJbUTtVfrlc58DsDxFCwdcktSDYZwlO2lGO +vMCOn9N7oqEEuwRa++xVnYc8ZbY8lGwJD3bGR6iC7NkYk+2LSqPS52m8e0GO8dpf +RUrndbhmtsYa925dj2LlI218F3XwVcAUPW67dbpeEVw5OG8OCHRHqrwBEJj2PMV3 +tHeNXDEhjTzI3wiFia4kDBAKIsrC/XQ4tEiFzq0V00BiVY0ykhy+v/qNPskTsg== -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/smime-certs/smdsa3.pem b/release/src/router/openssl-1.1/test/smime-certs/smdsa3.pem index 77acc5e46ff..6df4699450f 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smdsa3.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smdsa3.pem @@ -1,47 +1,47 @@ -----BEGIN PRIVATE KEY----- -MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 -k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou -zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO -wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK -v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC -0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA -rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM -zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx -DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy -xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 -ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h -Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ -TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= +MIICXgIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 +i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t +4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa +kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg +c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S +8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A +mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw +V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 +ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR +CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL +5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL +QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX +ygQfAh0AkfI6533W5nBIVrDPcp2DCXC8u2SIwBob6OoK5A== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 -uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS -7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS -wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 -+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 -Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D -AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb -0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu -g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 -0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv -yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf -7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P -aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9 -msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf -zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7 -cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp -N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS -2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg -MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE -FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs -MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask -pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK -YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM -khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i -Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv -4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660 +MIIFmjCCBIKgAwIBAgIUO2QHMd9V/S6KlrFDIPd7asRP4FAwDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMzMIIDQzCCAjYGByqGSM44 +BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL +J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 +LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd +62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt +MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l +aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK +3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b +bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ +9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 +DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B +E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV +hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAEj25Os9f57G +TaxsP8NzdCRBThCLqZWqLADh6S/aFOQQFpRRk3vGkvrOK/5La8KGKIDyzCEQo7Kg +sPwI1o4N5GKx15Cer2ekDWLtP4hA2CChs4tWJzEa8VxIDTg4EUnASFCbfDUY/Yt0 +5NM4nxtBhnr6PT7XmRehEFaTAgmsQFJ29jKx4tJkr+Gmj9J4i10CPd9DvIgIEnNt +rYMAlfbGovaZVCgKp5INVA4IkDfCcbzDeNiOGaACeV+4QuEbgIbUhMq9vbw3Vvqe +jwozPdrTYjd7oNxx/tY7gqxFRFxdDPXPno230afsAJsHmNF7lpj9Q4vBhy8w/EI1 +jGzuiXjei9qjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud +DgQWBBTwbCT+wSR9cvTg70jA2yIWgQSDZjAfBgNVHSMEGDAWgBQVwRMha+JVX6dq +HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAe5t9oi8K76y+wnV6I21vKgEh +M6DEe3+XTq10kAgYbcbMm+a6n86beaID7FANGET+3bsShxFeAX9g4Qsdw+Z3PF3P +wvqiBD8MaXczj28zP6j9TxsjGzpAsV3xo1n7aQ+hHzpopJUxAyx4hLBqSSwdj/xe +azELeVKoXY/nlokXnONWC5AvtfR7m7mKFPOmUghbeGCJH7+FXnC58eiF7BEpSbQl +SniAdQFis+Dne6/kwZnQQaSDg55ELfaZOLhaLcRtqqgU+kv24mXGGEBhs9bBKMz5 +ZNiKLafE3tCGRA5iMRwzdeSgrdnkQDHFiYXh3JHk5oKwGOdxusgt3DTHAFej1A== -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/smime-certs/smec1.pem b/release/src/router/openssl-1.1/test/smime-certs/smec1.pem index 75a862666b2..a94f65c6004 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smec1.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smec1.pem @@ -1,22 +1,22 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXzBRX9Z5Ib4LAVAS -DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV -3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdOomk0EB/oWMnTZB +Qm5XMjlKnZNF4PMpwgov0Tj3u8OhRANCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ +7hpSjs4bd95L+Lli+O91/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Ky -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIICoDCCAYigAwIBAgIJANk5lu6mSyBGMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU -ZXN0IFMvTUlNRSBFRSBFQyAjMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL5I -iPYVjYOi49G40On1ZWmyp5/ny1XeAjBXQQ5X/HJhPNmG59mL9oFxe6BZHXHvnzHi -ce6za4S4QWLcyvcrf7GjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg -MB0GA1UdDgQWBBR/ybxC2DI+Jydhx1FMgPbMTmLzRzAfBgNVHSMEGDAWgBTJkVMK -Y3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEAdk9si83JjtgHHHGy -WcgWDfM0jzlWBsgFNQ9DwAuB7gJd/LG+5Ocajg5XdA5FXAdKkfwI6be3PdcVs3Bt -7f/fdKfBxfr9/SvFHnK7PVAX2x1wwS4HglX1lfoyq1boSvsiJOnAX3jsqXJ9TJiV -FlgRVnhnrw6zz3Xs/9ZDMTENUrqDHPNsDkKEi+9SqIsqDXpMCrGHP4ic+S8Rov1y -S+0XioMxVyXDp6XcL4PQ/NgHbw5/+UcS0me0atZ6pW68C0vi6xeU5vxojyuZxMI1 -DXXwMhOXWaKff7KNhXDUN0g58iWlnyaCz4XQwFsbbFs88TQ1+e/aj3bbwTxUeyN7 -qtcHJA== +MIICrTCCAZWgAwIBAgIUdLT4B443vbxt0B8Mzy0sR4+6AyowDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzEwWTATBgcqhkjOPQIBBggq +hkjOPQMBBwNCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ7hpSjs4bd95L+Lli+O91 +/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Kyo2AwXjAMBgNVHRMBAf8EAjAAMA4G +A1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUOia9H7l0qw3ftsDgEEeSBrHwQrwwHwYD +VR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZIhvcNAQELBQADggEB +AC7h/QkMocYANPqMQAO2okygG+OaE4qpKnlzHPUFMYedJGCvAWrwxu4hWL9T+hZo +qilM7Fwaxw/P4Zaaa15SOOhXkIdn9Fu2ROmBQtEiklmWGMjiZ6F+9NCZPk0cTAXK +2WQZOy41YNuvts+20osD4X/8x3fiARlokufj/TVyE73wG8pSSDh4KxWDfKv5Pi1F +PC5IJh8XVELnFkeY3xjtoux5AYT+1xIQHO4eBua02Y1oPiWG7l/sK3grVlxrupd9 +pXowwFlezWZP9q12VlWkcqwNb9hF9PkZge9bpiOJipSYgyobtAnms/CRHu3e6izl +LJRua7p4Wt/8GQENDrVkHqU= -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/smime-certs/smec2.pem b/release/src/router/openssl-1.1/test/smime-certs/smec2.pem index 457297a760f..3fe14b3a119 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smec2.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smec2.pem @@ -1,23 +1,23 @@ -----BEGIN PRIVATE KEY----- -MIGPAgEAMBAGByqGSM49AgEGBSuBBAAQBHgwdgIBAQQjhHaq507MOBznelrLG/pl -brnnJi/iEJUUp+Pm3PEiteXqckmhTANKAAQF2zs6vobmoT+M+P2+9LZ7asvFBNi7 -uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8 -6bQ= +MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAEkuzLBwx5bIw3Q2PMNQ +HzaY8yL3QLjzaJ8tCHrI/JTb9Q7VoUwDSgAEAu8b2HvLzKd0qhPtIw65Lh3OgF3X +IN5874qHwt9zPSvokijSAH3v9tcBJPdRLD3Lweh2ZPn5hMwVwVorHqSgASk5vnjp +HqER -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIICpTCCAY2gAwIBAgIJANk5lu6mSyBHMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU -ZXN0IFMvTUlNRSBFRSBFQyAjMjBeMBAGByqGSM49AgEGBSuBBAAQA0oABAXbOzq+ -huahP4z4/b70tntqy8UE2Lu4LMtgX/yPVJyf+ylzOgL283NWE3D4uDt2eM0vgQMj -JhkuXsTS/r2W7Nu/L6rjj/zptKNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E -BAMCBeAwHQYDVR0OBBYEFGf+QSQlkN20PsNN7x+jmQIJBDcXMB8GA1UdIwQYMBaA -FMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBBQUAA4IBAQBaBBryl2Ez -ftBrGENXMKQP3bBEw4n9ely6HvYQi9IC7HyK0ktz7B2FcJ4z96q38JN3cLxV0DhK -xT/72pFmQwZVJngvRaol0k1B+bdmM03llxCw/uNNZejixDjHUI9gEfbigehd7QY0 -uYDu4k4O35/z/XPQ6O5Kzw+J2vdzU8GXlMBbWeZWAmEfLGbk3Ux0ouITnSz0ty5P -rkHTo0uprlFcZAsrsNY5v5iuomYT7ZXAR3sqGZL1zPOKBnyfXeNFUfnKsZW7Fnlq -IlYBQIjqR1HGxxgCSy66f1oplhxSch4PUpk5tqrs6LeOqc2+xROy1T5YrB3yjVs0 -4ZdCllHZkhop +MIICsjCCAZqgAwIBAgIUFMjrNKt+D8tzvn7jtjZ5HrLcUlswDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzIwXjAQBgcqhkjOPQIBBgUr +gQQAEANKAAQC7xvYe8vMp3SqE+0jDrkuHc6AXdcg3nzviofC33M9K+iSKNIAfe/2 +1wEk91EsPcvB6HZk+fmEzBXBWisepKABKTm+eOkeoRGjYDBeMAwGA1UdEwEB/wQC +MAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBSqWRYUy2syIUwfSR31e19LeNXK +9TAfBgNVHSMEGDAWgBQVwRMha+JVX6dqHVcg1s/zqXNkWTANBgkqhkiG9w0BAQsF +AAOCAQEASbh+sI03xUMMzPT8bRbWNF5gG3ab8IUzqm05rTa54NCPRSn+ZdMXcCFz +5fSU0T1dgEjeD+cCRVAZxskTZF7FWmRLc2weJMf7x+nPE5KaWyRAoD7FIKGP2m6m +IMCVOmiafuzmHASBYOz6RwjgWS0AWES48DJX6o0KpuT4bsknz+H7Xo+4+NYGCRao +enqIMZmWesGVXJ63pl32jUlXeAg59W6PpV2L9XRWLzDW1t1q2Uji7coCWtNjkojZ +rv0yRMc1czkT+mAJRAJ8D9MoTnRXm1dH4bOxte4BGUHNQ2P1HeV01vkd1RTL0g0R +lPyDAlBASvMn7RZ9nX8G3UOOL6gtVA== -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/smime-certs/smroot.pem b/release/src/router/openssl-1.1/test/smime-certs/smroot.pem index d1a253f4095..9af38d310b4 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smroot.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smroot.pem @@ -1,49 +1,49 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq -nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL -DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc -BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI -MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV -kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q -LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c -b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R -Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu -ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4 -Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF -ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp -PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx -mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw -nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z -8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw -fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu -PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T -5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP -aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq -qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr -yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK -NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53 -bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI -vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ -KfvPCYimQwBjVrEnSntLPR0= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZLSl8LdU54OUA +T8ctFuKLShJul2IMzaEDkFLoL4agccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7Ke +iSuFJOrQtvDt+HkU5c706YDmw15mBpDSHapkXr80G/ABFbstWafOfagVW45wv65K +H4cnpcqwrLhagmC8QG0KfWbf+Z2efOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+Ubzg +cY4Y/hJ7Fw1/IeEhgr/iVJhQIUAklp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR +0YZWyIKfKzbeJLBzDqY2hQzVL6kAvY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt ++UTEkuBdAgMBAAECggEAF3Eagz7nPyIZVdlGpIVN2r8aEjng6YTglmPjrxBCNdtS +F6AxvY9UKklIF2Gg4tXlhU0TlDWvedM4Koif2/VKK1Ez3FvvpePQXPs/YKlB7T1U +MHnnRII9nUBOva88zv5YcJ97nyKM03q9M18H1a29nShnlc1w56EEpBc5HX/yFYMv +kMYydvB5j0DQkJlkQNFn4yRag0wIIPeyXwwh5l98SMlr40hO10OYTOQPrrgP/ham +AOZ//DvGo5gF8hGJYoqG4vcYbxRfTqbc2lQ4XRknOT182l9gRum52ahkBY6LKb4r +IZXPStS6fCAR5S0lcdBb3uN/ap9SUfb9w/Dhj5DZAQKBgQDr06DcsBpoGV2dK9ib +YL5MxC5JL7G79IBPi3ThRiOSttKXv3oDAFB0AlJvFKwYmVz8SxXqQ2JUA4BfvMGF +TNrbhukzo0ou5boExnQW/RjLN3fWVq1JM7iLbNU9YYpPCIG5LXrt4ZDOwITeGe8f +bmZK9zxWxc6BBJtc3mTFS5tm4QKBgQDrwRyEn6oZ9TPbR69fPgWvDqQwKs+6TtYn +0otMG9UejbSMcyU4sI+bZouoca2CzoNi2qZVIvI9aOygUHQAP7Dyq1KhsvYtzJub +KEua379WnzBMMjJ56Q/e4aKTq229QvOk+ZEYl6aklZX7xnYetYNZQrp4QzUyOQTG +gfxgxKi0/QKBgQCy1esAUJ/F366JOS3rLqNBjehX4c5T7ae8KtJ433qskO4E29TI +H93jC7u9txyHDw5f2QUGgRE5Cuq4L2lGEDFMFvQUD7l69QVrB6ATqt25hhffuB1z +DMDfIqpXAPgk1Rui9SVq7gqlb4OS9nHLESqLoQ/l8d2XI4o6FACxSZPQoQKBgQCR +8AvwSUoqIXDFaB22jpVEJYMb0hSfFxhYtGvIZF5MOJowa0L6UcnD//mp/xzSoXYR +pppaj3R28VGxd7wnP0YRIl7XfAoKleMpbAtJRwKR458pO9WlQ9GwPeq/ENqw0xYx +5M+d8pqUvYiHv/X00pYJllYKBkiS21sKawLJAFQTHQKBgQCJCwVHxvxkdQ8G0sU2 +Vtv2W38hWOSg5+cxa+g1W6My2LhX34RkgKzuaUpYMlWGHzILpxIxhPrVLk1ZIjil +GIP969XJ1BjB/kFtLWdxXG8tH1If3JgzfSHUofPHF3CENoJYEZ1ugEfIPzWPZJDI +DL5zP8gmBL9ZAOO/J9YacxWYMQ== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU -ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT -JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+ -LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E -J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/ -MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe -untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb -i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G -A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB -AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb -Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl -zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt -9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C -7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt -Emsny2ah6fU2z7PztrUy/A80 +MIIDezCCAmOgAwIBAgIUBxh2L3ItsVPuBogDI0WfUX1lFnMwDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +NTEwMTUzMzEzWjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDZLSl8LdU54OUAT8ctFuKLShJul2IMzaEDkFLoL4ag +ccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7KeiSuFJOrQtvDt+HkU5c706YDmw15m +BpDSHapkXr80G/ABFbstWafOfagVW45wv65KH4cnpcqwrLhagmC8QG0KfWbf+Z2e +fOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+UbzgcY4Y/hJ7Fw1/IeEhgr/iVJhQIUAk +lp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR0YZWyIKfKzbeJLBzDqY2hQzVL6kA +vY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt+UTEkuBdAgMBAAGjYzBhMB0GA1Ud +DgQWBBQVwRMha+JVX6dqHVcg1s/zqXNkWTAfBgNVHSMEGDAWgBQVwRMha+JVX6dq +HVcg1s/zqXNkWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAvdAmpDPi1Wt7Hk30dXKF7Ug6MUKETi+uoO1Suo9JhNko +/cpvoi8fbo/dnWVDfHVoItEn644Svver5UJdKJY62DvhilpCtAywYfCpgxkpKoKE +dnpjnRBSMcbVDImsqvf1YjzFKiOiD7kcVvz4V0NZY91ZWwu3vgaSvcTJQkpWN0a+ +LWanpVKqigl8nskttnBeiHDHGebxj3hawlIdtVlkbQwLLwlVkX99x1F73uS33IzB +Y6+ZJ2is7mD839B8fOVd9pvPvBBgahIrw5tzJ/Q+gITuVQd9E6RVXh10/Aw+i/8S +7tHpEUgP3hBk1P+wRQBWDxbHB28lE+41jvh3JObQWQ== -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/smime-certs/smrsa1.pem b/release/src/router/openssl-1.1/test/smime-certs/smrsa1.pem index d0d0b9e66b0..d32d8890478 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smrsa1.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smrsa1.pem @@ -1,49 +1,49 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC -xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID -3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU -/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D -orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs -CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH -XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp -KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i -cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL -s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35 -27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak -cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT -8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze -j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG -ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da -ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk -LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+ -msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q -55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or -sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8 -d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR -355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG -hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu -iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST -1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn -zQpuMJliRlrq/5JkIbH6SA== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDax3T7alefZcbm +CcdN0kEoBLwV8H25vre43RYjuPo64TBjeKUy27ayC1TXydF1eYm3HPrFYfkS0fZ6 +YK0xvwyxiQnesvcfnVe2fpXFPsl5RQvu1JKM7rJAuLC+YTRLez07IHhQnHQ25ZkR ++B4SL5mIhuOSJ9yyFJYJQ3Kdw/aX/jtnWVR8p3FyghJptWIm90ufW4xWFY0yNSW1 +KmkZuOWF7VPh5RC1C7woB/RHhyD2gOP7tF+eDJ/QbX4iki4gPRFHuNrSV8ZpvDkI +qqyF5BW8tyJneDkoWW8IuEpmNIzfbOCHvI6y7roeAmRrwH4/o5WxaEIsnQ/3pNvj +n6+vA+nfAgMBAAECggEAFR5MHQQYCYjDXoDoI7YdgwA+AFIoGLjKYZu5yjX4tZv3 +gJ/si7sTaMlY5cGTU1HUPirxIVeCjv4Eha31BJ3KsGJ9jj6Gm0nOuzd/O+ctKeRv +2/HaDvpFlk4dsCrlkjmxteuS9u5l9hygniWYutcBwjY0cRnMScZcm0VO+DVVMDj0 +9yNrFzhlmqV+ckawjK/J91r0uvnCVIsGA6akhlc5K0gwvFb/CC1WuceEeGx/38k3 +4OuiHtLyJfIlgyGD8C3QfJlMOBHeQ/DCo6GMqrOAad/chtcO7JklcJ+k2qylP2gu +e25NJCQVh+L32b9WrH3quH6fbLIg8a8MmUWl6te3FQKBgQDddu0Dp8R8fe2WnAE5 +oXdASAf2BpthRNqUdYpkkO7gOV0MXCKIEiGZ+WuWEYmNlsXZCJRABprqLw9O/5Td +2q+rCbdG9mSW2x82t/Ia4zd3r0RSHZyKbtOLtgmWfQkwVHy+rED8Juie5bNzHbjS +1mYtFP2KDQ5yZA95yFg8ZtXOawKBgQD85VOPnfXGOJ783JHepAn4J2x1Edi+ZDQ+ +Ml9g2LwetI46dQ0bF6V8RtcyWp0+6+ydX5U4JKhERFDivolD7Z1KFmlNLPs0cqSX +5g5kzTD+R+zpr9FRragYKyLdHsLP0ur75Rh5FQkUl2DmeKCMvMKAkio0cduVpVXT +SvWUBtkHXQKBgBy4VoZZ1GZcolocwx/pK6DfdoDWXIIhvsLv91GRZhkX91QqAqRo +zYi9StF8Vr1Q5zl9HlSrRp3GGpMhG/olaRCiQu1l+KeDpSmgczo/aysPRKntgyaE +ttRweA/XCUEGQ+MqTYcluJcarMnp+dUFztxb04F6rfvxs/wUGjVDFMkfAoGBAK+F +wx9UtPZk6gP6Wsu58qlnQ2Flh5dtGM1qTMR86OQu0OBFyVjaaqL8z/NE7Qp02H7J +jlmvJ5JqD/Gv6Llau+Zl86P66kcWoqJCrA7OU4jJBueSfadA7gAIQGRUK0Xuz+UQ +tpGjRfAiuMB9TIEhqaVuzRglRhBw9kZ2KkgZEJyJAoGBANrEpEwOhCv8Vt1Yiw6o +co96wYj+0LARJXw6rIfEuLkthBRRoHqQMKqwIGMrwjHlHXPnQmajONzIJd+u+OS4 +psCGetAIGegd3xNVpK2uZv9QBWBpQbuofOh/c2Ctmm2phL2sVwCZ0qwIeXuBwJEc +NOlOojKDO+dELErpShJgFIaU -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK -2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt -+W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF -Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe -bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM -kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD -VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV -HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA -dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o -E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK -WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp -lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT -GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu -9Hjq6s316fk4Ne0EUF3PbA== +MIIDeTCCAmGgAwIBAgIUM6U1Peo3wzfAJIrzINejJJfmRzkwDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMxMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA2sd0+2pXn2XG5gnHTdJBKAS8FfB9ub63uN0WI7j6 +OuEwY3ilMtu2sgtU18nRdXmJtxz6xWH5EtH2emCtMb8MsYkJ3rL3H51Xtn6VxT7J +eUUL7tSSjO6yQLiwvmE0S3s9OyB4UJx0NuWZEfgeEi+ZiIbjkifcshSWCUNyncP2 +l/47Z1lUfKdxcoISabViJvdLn1uMVhWNMjUltSppGbjlhe1T4eUQtQu8KAf0R4cg +9oDj+7Rfngyf0G1+IpIuID0RR7ja0lfGabw5CKqsheQVvLciZ3g5KFlvCLhKZjSM +32zgh7yOsu66HgJka8B+P6OVsWhCLJ0P96Tb45+vrwPp3wIDAQABo2AwXjAMBgNV +HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUHw4Us7FXwgLtZ1JB +MOAHSkNYfEkwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI +hvcNAQELBQADggEBAAMAXEjTNo7evn6BvfEaG2q21q9xfFear/M0zxc5xcTj+WP+ +BKrlxXg5RlVFyvmzGhwZBERsDMJYa54aw8scDJsy/0zPdWST39dNev7xH13pP8nF +QF4MGPKIqBzX8iDCqhz70p1w2ndLjz1dvsAqn6z9/Sh3T2kj6DfZY3jA49pMEim1 +vYd4lWa5AezU3+cLtBbo2c2iyG2W7SFpnNTjLX823f9rbVPnUb93ZI/tDXDIf5hL +0hocZs+MWdC7Ly1Ru4PXa6+DeOM0z673me/Q27e24OBbG2eq5g7eW5euxJinGkpI +XGGKTKrBCPxSdTtwSNHU9HsggT8a0wXL2QocZ3w= -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/smime-certs/smrsa2.pem b/release/src/router/openssl-1.1/test/smime-certs/smrsa2.pem index 2f17cb2978f..a7a21fc80fa 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smrsa2.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smrsa2.pem @@ -1,49 +1,49 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2 -iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq -V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD -lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5 -U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3 -NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB -Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1 -J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI -dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW -3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz -XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK -3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK -Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa -P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI -LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN -bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX -q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8 -38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm -hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t -QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb -0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS -8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0 -KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e -y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR -hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n -yrLyf+8hjm6H6zkjqiOkHAl+ +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDkoMi4sqj2mN8j +SaFAibXEfeYYrzBHIdCm/uaXWit81fXOSFVw1rbeAppxz7bOcSEN50lpdP2UX3/b +FYFD3exHXjvch9NPNgQaNkCqTNTuYa2L9wrpltXnon7tH3W/zZfF+/qpUSu1f6rk +GyxjVXxLwjIawCX0rbLcdFCVVy+EyvQkvSxXjafrDMzshWzPDbtjUv3SH6avqrPn +4NX0fv3BdBwTfDLAw/m8nN+9B9Mg0V7UNM1IJY/Vo5pLhv+MrEf8SnAS+1Wt43rT +3PY9iMZMMWUswdgmPY0yCN95ggwNrSMGV60yvEDxINWuJoR8s0lybDdFa+AB5v4T +hqKpspFNAgMBAAECggEAZmWu0K5QJ7Y7Rlo9ayLicsFyk36vUESQZ6MF0ybzEEPi +BkR2ZAX+vDuNQckm1pprlAcRZbactl35bT3Z+fQE1cgaZoC8/x6xwq2m0796pNPB +v0zjqdBBOLAaSgjLm56wyd88GqZ8vZsTBnw3KrxIYcP13e5OcaJ0V/GOf/yfD0lg +Tq9i7V5Iq++Fpo2KvJA8FMgqcfhvhdo40rRykoBfzEZpBk4Ia/Yijsbx5sE15pFZ +DfmsMbD+vViuM8IavHo61mBNyYeydwlgIMqUgP/6xbYUov/XSUojrLG+IQuvDx9D +xzTHGM+IBJxQZMza/mDVcjUAcDEjWt/Mve8ibTQCbwKBgQDyaiGsURtlf/8xmmvT +RQQFFFsJ8SXHNYmnceNULIjfDxpLk1yC4kBNUD+liAJscoVlOcByHmXQRtnY1PHq +AwyrwplGd82773mtriDVFSjhD+GB7I0Hv2j+uiFZury0jR/6/AsWKCtTqd0opyuB +8rGZjguiwZIjeyxd8mL1dncUHwKBgQDxcNxHUvIeDBvAmtK65xWUuLcqtK9BblBH +YVA7p93RqX4E+w3J0OCvQRQ3r1GCMMzFEO0oOvNfMucU4rbQmx1pbzF8aQU+8iEW +kYpaWUbPUQ2hmBblhjGYHsigt/BrzaW0QveVIWcGiyVVX9wiCzJH5moJlCRK2oHR +B36hdlmNEwKBgQCSlWSpOx4y4RQiHXtn9Eq6+5UVTPGIJTKIwxAwnQFiyFIhMwl0 +x3UUixsBcF3uz80j6akaGJF+QOmH+TQTSibGUdS3TMhmBSfxwuJtlu7yMNUu6Chb +b/4AUfLKvGVRVCjrbq8Rhda1L3jhFTz0xhlofgFBOIWy2M96O5BlV24oBwKBgQDs +cf93ZfawkGEZVUXsPeQ3mlHe48YCCPtbfCSr13B3JErCq+5L52AyoUQgaHQlUI8o +qrPmQx0V7O662G/6iP3bxEYtNVgq1cqrpGpeorGi1BjKWPyLWMj21abbJmev21xc +1XxLMsQHd3tfSZp2SIq8OR09NjP4jla1k2Ziz1lRuwKBgQCUJXjhW4dPoOzC7DJK +u4PsxcKkJDwwtfNudVDaHcbvvaHELTAkE2639vawH0TRwP6TDwmlbTQJP4EW+/0q +13VcNXVAZSruA9dvxlh4vNUH3PzTDdFIJzGVbYbV9p5t++EQ7gRLuLZqs99BOzM9 +k6W9F60mEFz1Owh+lQv7WfSIVA== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF -AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp -cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS -0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1 -NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0 -EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD -VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV -HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA -I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47 -Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv -/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c -XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv -6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i -NzYzLAPBkHCMY0Is3KKIBw== +MIIDeTCCAmGgAwIBAgIUTMQXiTcI/rpzqO91NyFWpjLE3KkwDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA5KDIuLKo9pjfI0mhQIm1xH3mGK8wRyHQpv7ml1or +fNX1zkhVcNa23gKacc+2znEhDedJaXT9lF9/2xWBQ93sR1473IfTTzYEGjZAqkzU +7mGti/cK6ZbV56J+7R91v82Xxfv6qVErtX+q5BssY1V8S8IyGsAl9K2y3HRQlVcv +hMr0JL0sV42n6wzM7IVszw27Y1L90h+mr6qz5+DV9H79wXQcE3wywMP5vJzfvQfT +INFe1DTNSCWP1aOaS4b/jKxH/EpwEvtVreN609z2PYjGTDFlLMHYJj2NMgjfeYIM +Da0jBletMrxA8SDVriaEfLNJcmw3RWvgAeb+E4aiqbKRTQIDAQABo2AwXjAMBgNV +HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUSJ0v3SKahe6eKssR +rBvYLBprFTgwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI +hvcNAQELBQADggEBAKoyszyZ3DfCOIVzeJrnScXuMvRkVqO5aGmgZxtY9r6gPk8v +gXaEFXDKqRbGqEnuwEjpew+SVZO8nrVpdIP7fydpufy7Cu91Ev4YL1ui5Vc66+IK +7dXV7eZYcH/dDJBPZddHx9vGhcr0w8B1W9nldM3aQE/RQjOmMRDc7/Hnk0f0RzJp +LA0adW3ry27z2s4qeCwkV9DNSh1KoGfcLwydBiXmJ1XINMFH/scD4pk9UeJpUL+5 +zvTaDzUmzLsI1gH3j/rlzJuNJ7EMfggKlfQdit9Qn6+6Gjk6T5jkZfzcq3LszuEA +EFtkxWyBmmEgh4EmvZGAyrUvne1hIIksKe3iJ+E= -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/smime-certs/smrsa3.pem b/release/src/router/openssl-1.1/test/smime-certs/smrsa3.pem index 14c27f64aa9..980d3af3b4c 100644 --- a/release/src/router/openssl-1.1/test/smime-certs/smrsa3.pem +++ b/release/src/router/openssl-1.1/test/smime-certs/smrsa3.pem @@ -1,49 +1,49 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji -OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3 -Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX -63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H -XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l -vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6 -L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP -lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf -BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR -OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+ -i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se -snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9 -wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn -8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+ -ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm -oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX -LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E -yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7 -2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc -RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK -KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk -isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL -rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw -IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh -yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF -RvOAi5wVkYylDxV4238MAZIq +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD5A/t3norj/167 +toKG1Ygtg3G+pZ4Nwl5a9flnm8JdSMW5TEEP1TSvDVIEuAVi7xqoAn6heypoaMkB +GJ+AoSo9R7umdhhq2vnmWFNsdH6oDzynVXixyURo81YrN3sn9Xd55ivTiSpZXldi +ECr2T0BYvOw0h497bPs6gY9LqgrBHNYVF3lFhdOmYWv+2qSdti+1gV3t24pv1CrK +2AdX5Epdd5jR+eNnt+suZqoPC0hTcNjszJLcfDYFXHva9BcE0DfrgcYSmoSBU53M +jt63TClK6ZoVcPJ7vXjFRHncvs1/d+nc9BdL9FsGI1ezspSwcJHqex2wgo76yDrq +DE4s23rPAgMBAAECggEAEDi+VWD5VUpjD5zWOoPQiRDGBJBhtMAKkl6okxEmXvWb +Xz3STFnjHgA1JFHW3bRU9BHI9k8vSHmnlnkfKb3V/ZX5IHNcKCHb/x9NBak+QLVQ +0zLtfE9vxiTC0B/oac+MPaiD4hYFQ81pFwK6VS0Poi8ZCBJtOkRqfUvsyV8zZrgh +/6cs4mwOVyZPFRgF9eWXYv7PJz8pNRizhII0iv9H/r2I3DzsZLPCg7c29mP+I/SG +A7Pl82UXjtOc0KurGY2M5VheZjxJT/k/FLMkWY2GS5n6dfcyzsVSKb25HoeuvQsI +vs1mKs+Onbobdc17hCcKVJzbi3DwXs5XDhrEzfHccQKBgQD88uBxVCRV31PsCN6I +pKxQDGgz+1BqPqe7KMRiZI7HgDUK0eCM3/oG089/jsBtJcSxnScLSVNBjQ+xGiFi +YCD4icQoJSzpqJyR6gDq5lTHASAe+9LWRW771MrtyACQWNXowYEyu8AjekrZkCUS +wIKVpw57oWykzIoS7ixZsJ8gxwKBgQD8BPWqJEsLiQvOlS5E/g88eV1KTpxm9Xs+ +BbwsDXZ7m4Iw5lYaUu5CwBB/2jkGGRl8Q/EfAdUT7gXv3t6x5b1qMXaIczmRGYto +NuI3AH2MPxAa7lg5TgBgie1r7PKwyPMfG3CtDx6n8W5sexgJpbIy5u7E+U6d8s1o +c7EcsefduQKBgCkHJAx9v18GWFBip+W2ABUDzisQSlzRSNd8p03mTZpiWzgkDq4K +7j0JQhDIkMGjbKH6gYi9Hfn17WOmf1+7g92MSvrP/NbxeGPadsejEIEu14zu/6Wt +oXDLdRbYZ+8B2cBlEpWuCl42yck8Lic6fnPTou++oSah3otvglYR5d2lAoGACd8L +3FE1m0sP6lSPjmZBJIZAcDOqDqJY5HIHD9arKGZL8CxlfPx4lqa9PrTGfQWoqORk +YmmI9hHhq6aYJHGyPKGZWfjhbVyJyFg1/h+Hy2GA+P0S+ZOjkiR050BNtTz5wOMr +Q6wO8FcVkywzIdWaqEHBYne9a5RiFVBKxKv3QAkCgYBxmCBKajFkMVb4Uc55WqJs +Add0mctGgmZ1l5vq81eWe3wjM8wgfJgaD3Q3gwx2ABUX/R+OsVWSh4o5ZR86sYoz +TviknBHF8GeDLjpT49+04fEaz336J2JOptF9zIpz7ZK1nrOEjzaZGtumReVjUP7X +fNcb5iDYqZRzD8ixBbLxUw== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC -FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF -STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW -m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha -v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p -1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD -VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV -HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA -JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp -sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa -VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr -O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7 -tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY -CscFo2Z2pYROGtZDmYqhRw== +MIIDeTCCAmGgAwIBAgIUIDyc//j/LoNDesZTGbPBoVarv4EwDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMzMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA+QP7d56K4/9eu7aChtWILYNxvqWeDcJeWvX5Z5vC +XUjFuUxBD9U0rw1SBLgFYu8aqAJ+oXsqaGjJARifgKEqPUe7pnYYatr55lhTbHR+ +qA88p1V4sclEaPNWKzd7J/V3eeYr04kqWV5XYhAq9k9AWLzsNIePe2z7OoGPS6oK +wRzWFRd5RYXTpmFr/tqknbYvtYFd7duKb9QqytgHV+RKXXeY0fnjZ7frLmaqDwtI +U3DY7MyS3Hw2BVx72vQXBNA364HGEpqEgVOdzI7et0wpSumaFXDye714xUR53L7N +f3fp3PQXS/RbBiNXs7KUsHCR6nsdsIKO+sg66gxOLNt6zwIDAQABo2AwXjAMBgNV +HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUN9pGq/UFS3o50rTi +V+AYgAk+3R4wHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI +hvcNAQELBQADggEBAGcOh380/6aJqMpYBssuf2CB3DX/hGKdvEF7fF8iNSfl5HHq +112kHl3MhbL9Th/safJq9sLDJqjXRNdVCUJJbU4YI2P2gsi04paC0qxWxMLtzQLd +CE7ki2xH94Fuu/dThbpzZBABROO1RrdI24GDGt9t4Gf0WVkobmT/zNlwGppKTIB2 +iV/Ug30iKr/C49UzwUIa+XXXujkjPTmGSnrKwVQNxQh81rb+iTL7GEnNuqDsatHW +ZyLS2SaVdG5tMqDkITPMDGjehUzJcAbVc8Bv4m8Ukuov3uDj2Doc6MxlvrVkV0AE +BcSCb/bWQJJ/X4LQZlx9cMk4NINxV9UeFPZOefg= -----END CERTIFICATE----- diff --git a/release/src/router/openssl-1.1/test/ssl-tests/30-supported-groups.conf b/release/src/router/openssl-1.1/test/ssl-tests/30-supported-groups.conf new file mode 100644 index 00000000000..4280db7114d --- /dev/null +++ b/release/src/router/openssl-1.1/test/ssl-tests/30-supported-groups.conf @@ -0,0 +1,54 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 2 + +test-0 = 0-Just a sanity test case +test-1 = 1-Pass with empty groups with TLS1.2 +# =========================================================== + +[0-Just a sanity test case] +ssl_conf = 0-Just a sanity test case-ssl + +[0-Just a sanity test case-ssl] +server = 0-Just a sanity test case-server +client = 0-Just a sanity test case-client + +[0-Just a sanity test case-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-Just a sanity test case-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-Pass with empty groups with TLS1.2] +ssl_conf = 1-Pass with empty groups with TLS1.2-ssl + +[1-Pass with empty groups with TLS1.2-ssl] +server = 1-Pass with empty groups with TLS1.2-server +client = 1-Pass with empty groups with TLS1.2-client + +[1-Pass with empty groups with TLS1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-Pass with empty groups with TLS1.2-client] +CipherString = DEFAULT +Groups = sect163k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + diff --git a/release/src/router/openssl-1.1/test/ssl-tests/30-supported-groups.conf.in b/release/src/router/openssl-1.1/test/ssl-tests/30-supported-groups.conf.in new file mode 100644 index 00000000000..edffc0ffc92 --- /dev/null +++ b/release/src/router/openssl-1.1/test/ssl-tests/30-supported-groups.conf.in @@ -0,0 +1,45 @@ +# -*- mode: perl; -*- +# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "Just a sanity test case", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, +); + +our @tests_tls1_3 = ( + { + name => "Fail empty groups with TLS1.3", + server => { }, + client => { "Groups" => "sect163k1" }, + test => { "ExpectedResult" => "ClientFail" }, + }, +); + +our @tests_tls1_2 = ( + { + name => "Pass with empty groups with TLS1.2", + server => { }, + client => { "Groups" => "sect163k1", + "MaxProtocol" => "TLSv1.2" }, + test => { "ExpectedResult" => "Success" }, + }, +); + +push @tests, @tests_tls1_3 unless disabled("tls1_3") + || !disabled("ec2m") || disabled("ec"); +push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); diff --git a/release/src/router/openssl-1.1/test/sslapitest.c b/release/src/router/openssl-1.1/test/sslapitest.c index 6b5d9449a0e..7197e15cac4 100644 --- a/release/src/router/openssl-1.1/test/sslapitest.c +++ b/release/src/router/openssl-1.1/test/sslapitest.c @@ -6870,6 +6870,171 @@ static int test_set_alpn(void) return testresult; } +/* + * Test SSL_CTX_set1_verify/chain_cert_store and SSL_CTX_get_verify/chain_cert_store. + */ +static int test_set_verify_cert_store_ssl_ctx(void) +{ + SSL_CTX *ctx = NULL; + int testresult = 0; + X509_STORE *store = NULL, *new_store = NULL, + *cstore = NULL, *new_cstore = NULL; + + /* Create an initial SSL_CTX. */ + ctx = SSL_CTX_new(TLS_server_method()); + if (!TEST_ptr(ctx)) + goto end; + + /* Retrieve verify store pointer. */ + if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) + goto end; + + /* Retrieve chain store pointer. */ + if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) + goto end; + + /* We haven't set any yet, so this should be NULL. */ + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; + + /* Create stores. We use separate stores so pointers are different. */ + new_store = X509_STORE_new(); + if (!TEST_ptr(new_store)) + goto end; + + new_cstore = X509_STORE_new(); + if (!TEST_ptr(new_cstore)) + goto end; + + /* Set stores. */ + if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, new_store))) + goto end; + + if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, new_cstore))) + goto end; + + /* Should be able to retrieve the same pointer. */ + if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) + goto end; + + if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) + goto end; + + if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) + goto end; + + /* Should be able to unset again. */ + if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, NULL))) + goto end; + + if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, NULL))) + goto end; + + /* Should now be NULL. */ + if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) + goto end; + + if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) + goto end; + + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; + + testresult = 1; + +end: + X509_STORE_free(new_store); + X509_STORE_free(new_cstore); + SSL_CTX_free(ctx); + return testresult; +} + +/* + * Test SSL_set1_verify/chain_cert_store and SSL_get_verify/chain_cert_store. + */ +static int test_set_verify_cert_store_ssl(void) +{ + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + int testresult = 0; + X509_STORE *store = NULL, *new_store = NULL, + *cstore = NULL, *new_cstore = NULL; + + /* Create an initial SSL_CTX. */ + ctx = SSL_CTX_new(TLS_server_method()); + if (!TEST_ptr(ctx)) + goto end; + + /* Create an SSL object. */ + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl)) + goto end; + + /* Retrieve verify store pointer. */ + if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) + goto end; + + /* Retrieve chain store pointer. */ + if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) + goto end; + + /* We haven't set any yet, so this should be NULL. */ + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; + + /* Create stores. We use separate stores so pointers are different. */ + new_store = X509_STORE_new(); + if (!TEST_ptr(new_store)) + goto end; + + new_cstore = X509_STORE_new(); + if (!TEST_ptr(new_cstore)) + goto end; + + /* Set stores. */ + if (!TEST_true(SSL_set1_verify_cert_store(ssl, new_store))) + goto end; + + if (!TEST_true(SSL_set1_chain_cert_store(ssl, new_cstore))) + goto end; + + /* Should be able to retrieve the same pointer. */ + if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) + goto end; + + if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) + goto end; + + if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) + goto end; + + /* Should be able to unset again. */ + if (!TEST_true(SSL_set1_verify_cert_store(ssl, NULL))) + goto end; + + if (!TEST_true(SSL_set1_chain_cert_store(ssl, NULL))) + goto end; + + /* Should now be NULL. */ + if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) + goto end; + + if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) + goto end; + + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; + + testresult = 1; + +end: + X509_STORE_free(new_store); + X509_STORE_free(new_cstore); + SSL_free(ssl); + SSL_CTX_free(ctx); + return testresult; +} + static int test_inherit_verify_param(void) { int testresult = 0; @@ -7039,6 +7204,8 @@ int setup_tests(void) ADD_ALL_TESTS(test_ticket_lifetime, 2); #endif ADD_TEST(test_set_alpn); + ADD_TEST(test_set_verify_cert_store_ssl_ctx); + ADD_TEST(test_set_verify_cert_store_ssl); ADD_TEST(test_inherit_verify_param); return 1; } diff --git a/release/src/router/openssl-1.1/test/v3ext.c b/release/src/router/openssl-1.1/test/v3ext.c index 14ae49969d0..386135fed8a 100644 --- a/release/src/router/openssl-1.1/test/v3ext.c +++ b/release/src/router/openssl-1.1/test/v3ext.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include #include #include +#include "internal/nelem.h" #include "testutil.h" @@ -37,11 +38,203 @@ static int test_pathlen(void) return ret; } +#ifndef OPENSSL_NO_RFC3779 +static int test_asid(void) +{ + ASN1_INTEGER *val1 = NULL, *val2 = NULL; + ASIdentifiers *asid1 = ASIdentifiers_new(), *asid2 = ASIdentifiers_new(), + *asid3 = ASIdentifiers_new(), *asid4 = ASIdentifiers_new(); + int testresult = 0; + + if (!TEST_ptr(asid1) + || !TEST_ptr(asid2) + || !TEST_ptr(asid3)) + goto err; + + if (!TEST_ptr(val1 = ASN1_INTEGER_new()) + || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))) + goto err; + + if (!TEST_true(X509v3_asid_add_id_or_range(asid1, V3_ASID_ASNUM, val1, NULL))) + goto err; + + val1 = NULL; + if (!TEST_ptr(val2 = ASN1_INTEGER_new()) + || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) + goto err; + + if (!TEST_true(X509v3_asid_add_id_or_range(asid2, V3_ASID_ASNUM, val2, NULL))) + goto err; + + val2 = NULL; + if (!TEST_ptr(val1 = ASN1_INTEGER_new()) + || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)) + || !TEST_ptr(val2 = ASN1_INTEGER_new()) + || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) + goto err; + + /* + * Just tests V3_ASID_ASNUM for now. Could be extended at some point to also + * test V3_ASID_RDI if we think it is worth it. + */ + if (!TEST_true(X509v3_asid_add_id_or_range(asid3, V3_ASID_ASNUM, val1, val2))) + goto err; + val1 = val2 = NULL; + + /* Actual subsets */ + if (!TEST_true(X509v3_asid_subset(NULL, NULL)) + || !TEST_true(X509v3_asid_subset(NULL, asid1)) + || !TEST_true(X509v3_asid_subset(asid1, asid1)) + || !TEST_true(X509v3_asid_subset(asid2, asid2)) + || !TEST_true(X509v3_asid_subset(asid1, asid3)) + || !TEST_true(X509v3_asid_subset(asid2, asid3)) + || !TEST_true(X509v3_asid_subset(asid3, asid3)) + || !TEST_true(X509v3_asid_subset(asid4, asid1)) + || !TEST_true(X509v3_asid_subset(asid4, asid2)) + || !TEST_true(X509v3_asid_subset(asid4, asid3))) + goto err; + + /* Not subsets */ + if (!TEST_false(X509v3_asid_subset(asid1, NULL)) + || !TEST_false(X509v3_asid_subset(asid1, asid2)) + || !TEST_false(X509v3_asid_subset(asid2, asid1)) + || !TEST_false(X509v3_asid_subset(asid3, asid1)) + || !TEST_false(X509v3_asid_subset(asid3, asid2)) + || !TEST_false(X509v3_asid_subset(asid1, asid4)) + || !TEST_false(X509v3_asid_subset(asid2, asid4)) + || !TEST_false(X509v3_asid_subset(asid3, asid4))) + goto err; + + testresult = 1; + err: + ASN1_INTEGER_free(val1); + ASN1_INTEGER_free(val2); + ASIdentifiers_free(asid1); + ASIdentifiers_free(asid2); + ASIdentifiers_free(asid3); + ASIdentifiers_free(asid4); + return testresult; +} + +static struct ip_ranges_st { + const unsigned int afi; + const char *ip1; + const char *ip2; + int rorp; +} ranges[] = { + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.1", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.2", IPAddressOrRange_addressRange}, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.3", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.254", IPAddressOrRange_addressRange}, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.255", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV4, "192.168.0.1", "192.168.0.255", IPAddressOrRange_addressRange}, + { IANA_AFI_IPV4, "192.168.0.1", "192.168.0.1", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.255.255", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV4, "192.168.1.0", "192.168.255.255", IPAddressOrRange_addressRange}, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::1", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::2", IPAddressOrRange_addressRange}, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::3", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::fffe", IPAddressOrRange_addressRange}, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::ffff", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::ffff", IPAddressOrRange_addressRange}, + { IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::1", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV6, "2001:0db8::0:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressPrefix}, + { IANA_AFI_IPV6, "2001:0db8::1:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressRange} +}; + +static int check_addr(IPAddrBlocks *addr, int type) +{ + IPAddressFamily *fam; + IPAddressOrRange *aorr; + + if (!TEST_int_eq(sk_IPAddressFamily_num(addr), 1)) + return 0; + + fam = sk_IPAddressFamily_value(addr, 0); + if (!TEST_ptr(fam)) + return 0; + + if (!TEST_int_eq(fam->ipAddressChoice->type, IPAddressChoice_addressesOrRanges)) + return 0; + + if (!TEST_int_eq(sk_IPAddressOrRange_num(fam->ipAddressChoice->u.addressesOrRanges), 1)) + return 0; + + aorr = sk_IPAddressOrRange_value(fam->ipAddressChoice->u.addressesOrRanges, 0); + if (!TEST_ptr(aorr)) + return 0; + + if (!TEST_int_eq(aorr->type, type)) + return 0; + + return 1; +} + +static int test_addr_ranges(void) +{ + IPAddrBlocks *addr = NULL; + ASN1_OCTET_STRING *ip1 = NULL, *ip2 = NULL; + size_t i; + int testresult = 0; + + for (i = 0; i < OSSL_NELEM(ranges); i++) { + addr = sk_IPAddressFamily_new_null(); + if (!TEST_ptr(addr)) + goto end; + /* + * Has the side effect of installing the comparison function onto the + * stack. + */ + if (!TEST_true(X509v3_addr_canonize(addr))) + goto end; + + ip1 = a2i_IPADDRESS(ranges[i].ip1); + if (!TEST_ptr(ip1)) + goto end; + if (!TEST_true(ip1->length == 4 || ip1->length == 16)) + goto end; + ip2 = a2i_IPADDRESS(ranges[i].ip2); + if (!TEST_ptr(ip2)) + goto end; + if (!TEST_int_eq(ip2->length, ip1->length)) + goto end; + if (!TEST_true(memcmp(ip1->data, ip2->data, ip1->length) <= 0)) + goto end; + + if (!TEST_true(X509v3_addr_add_range(addr, ranges[i].afi, NULL, ip1->data, ip2->data))) + goto end; + + if (!TEST_true(X509v3_addr_is_canonical(addr))) + goto end; + + if (!check_addr(addr, ranges[i].rorp)) + goto end; + + sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); + addr = NULL; + ASN1_OCTET_STRING_free(ip1); + ASN1_OCTET_STRING_free(ip2); + ip1 = ip2 = NULL; + } + + testresult = 1; + end: + sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); + ASN1_OCTET_STRING_free(ip1); + ASN1_OCTET_STRING_free(ip2); + return testresult; +} +#endif /* OPENSSL_NO_RFC3779 */ + int setup_tests(void) { if (!TEST_ptr(infile = test_get_argument(0))) return 0; ADD_TEST(test_pathlen); +#ifndef OPENSSL_NO_RFC3779 + ADD_TEST(test_asid); + ADD_TEST(test_addr_ranges); +#endif /* OPENSSL_NO_RFC3779 */ return 1; } diff --git a/release/src/router/openssl-1.1/tools/c_rehash.in b/release/src/router/openssl-1.1/tools/c_rehash.in index cfd18f5da11..9d2a6f6db73 100644 --- a/release/src/router/openssl-1.1/tools/c_rehash.in +++ b/release/src/router/openssl-1.1/tools/c_rehash.in @@ -104,52 +104,78 @@ foreach (@dirlist) { } exit($errorcount); +sub copy_file { + my ($src_fname, $dst_fname) = @_; + + if (open(my $in, "<", $src_fname)) { + if (open(my $out, ">", $dst_fname)) { + print $out $_ while (<$in>); + close $out; + } else { + warn "Cannot open $dst_fname for write, $!"; + } + close $in; + } else { + warn "Cannot open $src_fname for read, $!"; + } +} + sub hash_dir { - my %hashlist; - print "Doing $_[0]\n"; - chdir $_[0]; - opendir(DIR, "."); - my @flist = sort readdir(DIR); - closedir DIR; - if ( $removelinks ) { - # Delete any existing symbolic links - foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { - if (-l $_) { - print "unlink $_" if $verbose; - unlink $_ || warn "Can't unlink $_, $!\n"; - } - } - } - FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { - # Check to see if certificates and/or CRLs present. - my ($cert, $crl) = check_file($fname); - if (!$cert && !$crl) { - print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; - next; - } - link_hash_cert($fname) if ($cert); - link_hash_crl($fname) if ($crl); - } + my $dir = shift; + my %hashlist; + + print "Doing $dir\n"; + + if (!chdir $dir) { + print STDERR "WARNING: Cannot chdir to '$dir', $!\n"; + return; + } + + opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n"; + my @flist = sort readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if (-l $_) { + print "unlink $_\n" if $verbose; + unlink $_ || warn "Can't unlink $_, $!\n"; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if (!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if ($cert); + link_hash_crl($fname) if ($crl); + } + + chdir $pwd; } sub check_file { - my ($is_cert, $is_crl) = (0,0); - my $fname = $_[0]; - open IN, $fname; - while() { - if (/^-----BEGIN (.*)-----/) { - my $hdr = $1; - if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { - $is_cert = 1; - last if ($is_crl); - } elsif ($hdr eq "X509 CRL") { - $is_crl = 1; - last if ($is_cert); - } - } - } - close IN; - return ($is_cert, $is_crl); + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + + open(my $in, "<", $fname); + while(<$in>) { + if (/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if ($is_crl); + } elsif ($hdr eq "X509 CRL") { + $is_crl = 1; + last if ($is_cert); + } + } + } + close $in; + return ($is_cert, $is_crl); } sub compute_hash { @@ -177,76 +203,48 @@ sub compute_hash { # certificate fingerprints sub link_hash_cert { - my $fname = $_[0]; - my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, - "-fingerprint", "-noout", - "-in", $fname); - chomp $hash; - chomp $fprint; - return if !$hash; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; - # Search for an unused hash filename - while(exists $hashlist{"$hash.$suffix"}) { - # Hash matches: if fingerprint matches its a duplicate cert - if ($hashlist{"$hash.$suffix"} eq $fprint) { - print STDERR "WARNING: Skipping duplicate certificate $fname\n"; - return; - } - $suffix++; - } - $hash .= ".$suffix"; - if ($symlink_exists) { - print "link $fname -> $hash\n" if $verbose; - symlink $fname, $hash || warn "Can't symlink, $!"; - } else { - print "copy $fname -> $hash\n" if $verbose; - if (open($in, "<", $fname)) { - if (open($out,">", $hash)) { - print $out $_ while (<$in>); - close $out; - } else { - warn "can't open $hash for write, $!"; - } - close $in; - } else { - warn "can't open $fname for read, $!"; - } - } - $hashlist{$hash} = $fprint; + link_hash($_[0], 'cert'); } # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { - my $fname = $_[0]; - my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, - "-fingerprint", "-noout", - "-in", $fname); - chomp $hash; - chomp $fprint; - return if !$hash; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; - # Search for an unused hash filename - while(exists $hashlist{"$hash.r$suffix"}) { - # Hash matches: if fingerprint matches its a duplicate cert - if ($hashlist{"$hash.r$suffix"} eq $fprint) { - print STDERR "WARNING: Skipping duplicate CRL $fname\n"; - return; - } - $suffix++; - } - $hash .= ".r$suffix"; - if ($symlink_exists) { - print "link $fname -> $hash\n" if $verbose; - symlink $fname, $hash || warn "Can't symlink, $!"; - } else { - print "cp $fname -> $hash\n" if $verbose; - system ("cp", $fname, $hash); - warn "Can't copy, $!" if ($? >> 8) != 0; - } - $hashlist{$hash} = $fprint; + link_hash($_[0], 'crl'); +} + +sub link_hash { + my ($fname, $type) = @_; + my $is_cert = $type eq 'cert'; + + my ($hash, $fprint) = compute_hash($openssl, + $is_cert ? "x509" : "crl", + $is_cert ? $x509hash : $crlhash, + "-fingerprint", "-noout", + "-in", $fname); + chomp $hash; + chomp $fprint; + return if !$hash; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + my $crlmark = $is_cert ? "" : "r"; + while(exists $hashlist{"$hash.$crlmark$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) { + my $what = $is_cert ? 'certificate' : 'CRL'; + print STDERR "WARNING: Skipping duplicate $what $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$crlmark$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "copy $fname -> $hash\n" if $verbose; + copy_file($fname, $hash); + } + $hashlist{$hash} = $fprint; } diff --git a/release/src/router/openssl-1.1/util/private.num b/release/src/router/openssl-1.1/util/private.num index bc7d967b5d1..27790ab8a7a 100644 --- a/release/src/router/openssl-1.1/util/private.num +++ b/release/src/router/openssl-1.1/util/private.num @@ -323,6 +323,8 @@ SSL_CTX_decrypt_session_ticket_fn define SSL_CTX_disable_ct define SSL_CTX_generate_session_ticket_fn define SSL_CTX_get0_chain_certs define +SSL_CTX_get0_chain_cert_store define +SSL_CTX_get0_verify_cert_store define SSL_CTX_get_default_read_ahead define SSL_CTX_get_max_cert_list define SSL_CTX_get_max_proto_version define @@ -388,6 +390,8 @@ SSL_clear_mode define SSL_disable_ct define SSL_get0_chain_certs define SSL_get0_session define +SSL_get0_chain_cert_store define +SSL_get0_verify_cert_store define SSL_get1_curves define SSL_get1_groups define SSL_get_cipher define diff --git a/release/src/router/rc/amas_wgn.c b/release/src/router/rc/amas_wgn.c index 5247477a6cd..b22ff723282 100644 --- a/release/src/router/rc/amas_wgn.c +++ b/release/src/router/rc/amas_wgn.c @@ -1102,8 +1102,10 @@ void wgn_filter_forward( fprintf(fp, "-A FORWARD -i %s -j WGNPControls\n", word); #if defined(RTCONFIG_IPV6) - if (fp_ipv6) + if (fp_ipv6) { fprintf(fp_ipv6, "-A FORWARD -i %s -j WGNPControls\n", word); + fprintf(fp_ipv6, "-A FORWARD -i %s -o %s -j ACCEPT\n", word, wan_if); + } #endif //iptables -A FORWARD -i brX -o eth0 -j ACCEPT fprintf(fp, "-A FORWARD -i %s -o %s -j ACCEPT\n", word, wan_if); diff --git a/release/src/router/rc/common.c b/release/src/router/rc/common.c index 005cd0a65cd..77691874493 100644 --- a/release/src/router/rc/common.c +++ b/release/src/router/rc/common.c @@ -1389,8 +1389,11 @@ void time_zone_x_mapping(void) nvram_set("time_zone_x", tmpstr); /* special mapping */ - if (nvram_match("time_zone", "JST")) - nvram_set("time_zone_x", "UCT-9"); + if (nvram_match("time_zone", "JST")) { + nvram_set("time_zone_x", "UTC-9"); + snprintf (tmpstr, sizeof(tmpstr), "%s", "JST-9"); + } + #if 0 else if (nvram_match("time_zone", "TST-10TDT")) nvram_set("time_zone_x", "UCT-10"); diff --git a/release/src/router/rc/dnsfilter.c b/release/src/router/rc/dnsfilter.c index 9dbdaa00c58..4193d322b26 100644 --- a/release/src/router/rc/dnsfilter.c +++ b/release/src/router/rc/dnsfilter.c @@ -85,10 +85,12 @@ int get_dns_filter(int proto, int mode, dnsf_srv_entry_t *dnsfsrv) strlcpy(dnsfsrv->server1, nvram_safe_get("dnsfilter_custom63"), 46); dnsfsrv->server2[0] = '\0'; break; +#if defined(BCM4912) // Causes kernel checksum errors on HND 5.02 case DNSF_SRV_ROUTER: strlcpy(dnsfsrv->server1, nvram_safe_get("ipv6_rtr_addr"), 46); dnsfsrv->server2[0] = '\0'; break; +#endif default: strlcpy(dnsfsrv->server1, server6_table[mode][0], 46); strlcpy(dnsfsrv->server2, server6_table[mode][1], 46); @@ -204,7 +206,7 @@ void dnsfilter_settings(FILE *fp) { #ifdef RTCONFIG_IPV6 #ifdef HND_ROUTER -void dnsfilter6_settings(FILE *fp) { +void dnsfilter6_settings_dnat(FILE *fp) { char *name, *mac, *mode; unsigned char ea[ETHER_ADDR_LEN]; char *nv, *nvp, *rule; @@ -228,9 +230,7 @@ void dnsfilter6_settings(FILE *fp) { continue; dnsmode = atoi(mode); if (dnsmode == DNSF_SRV_UNFILTERED) { - fprintf(fp, - "-A DNSFILTER -m mac --mac-source %s -j RETURN\n", - mac); + fprintf(fp, "-A DNSFILTER -m mac --mac-source %s -j RETURN\n", mac); } else if (get_dns_filter(AF_INET6, dnsmode, &dnsfsrv)) { fprintf(fp,"-A DNSFILTER -m mac --mac-source %s -j DNAT --to-destination [%s]\n", mac, dnsfsrv.server1); @@ -239,26 +239,25 @@ void dnsfilter6_settings(FILE *fp) { free(nv); - /* Send other queries to the default server */ + /* Default behaviour */ dnsmode = nvram_get_int("dnsfilter_mode"); - if ((dnsmode != DNSF_SRV_UNFILTERED) && get_dns_filter(AF_INET6, dnsmode, &dnsfsrv)) { + if (dnsmode == DNSF_SRV_UNFILTERED) { + return; + } else if (get_dns_filter(AF_INET6, dnsmode, &dnsfsrv)) { // Default server (if one exists) fprintf(fp, "-A DNSFILTER -j DNAT --to-destination [%s]\n", dnsfsrv.server1); } } } +#endif -#else // Non-HND, so block instead of redirecting - -void dnsfilter6_settings(FILE *fp) { +void dnsfilter6_settings_mangle(FILE *fp) { char *nv, *nvp, *rule; char *name, *mac, *mode; unsigned char ea[ETHER_ADDR_LEN]; int dnsmode, count; dnsf_srv_entry_t dnsfsrv; - fprintf(fp, "-A INPUT -i br+ -p udp -m udp --dport 53 -j DNSFILTERI\n" - "-A INPUT -i br+ -p tcp -m tcp --dport 53 -j DNSFILTERI\n" - "-A FORWARD -i br+ -p udp -m udp --dport 53 -j DNSFILTERF\n" + fprintf(fp, "-A FORWARD -i br+ -p udp -m udp --dport 53 -j DNSFILTERF\n" "-A FORWARD -i br+ -p tcp -m tcp --dport 53 -j DNSFILTERF\n"); #ifdef HND_ROUTER @@ -274,9 +273,7 @@ void dnsfilter6_settings(FILE *fp) { if (!*mac || !ether_atoe(mac, ea)) continue; if (dnsmode == DNSF_SRV_UNFILTERED) { - fprintf(fp, "-A DNSFILTERI -m mac --mac-source %s -j ACCEPT\n" - "-A DNSFILTERF -m mac --mac-source %s -j ACCEPT\n", - mac, mac); + fprintf(fp, "-A DNSFILTERF -m mac --mac-source %s -j ACCEPT\n", mac); } else { // Filtered count = get_dns_filter(AF_INET6, dnsmode, &dnsfsrv); if (count) { @@ -286,9 +283,7 @@ void dnsfilter6_settings(FILE *fp) { fprintf(fp, "-A DNSFILTERF -m mac --mac-source %s -d %s -j ACCEPT\n", mac, dnsfsrv.server2); } // Reject other dnsfsrv for that client - fprintf(fp, "-A DNSFILTERI -m mac --mac-source %s -j DROP\n" - "-A DNSFILTERF -m mac --mac-source %s -j DROP\n", - mac, mac); + fprintf(fp, "-A DNSFILTERF -m mac --mac-source %s -j DROP\n", mac); } } free(nv); @@ -298,18 +293,13 @@ void dnsfilter6_settings(FILE *fp) { /* Allow other queries to the default server, and drop the rest */ count = get_dns_filter(AF_INET6, dnsmode, &dnsfsrv); if (count) { - fprintf(fp, "-A DNSFILTERI -d %s -j ACCEPT\n" - "-A DNSFILTERF -d %s -j ACCEPT\n", - dnsfsrv.server1, dnsfsrv.server1); + fprintf(fp, "-A DNSFILTERF -d %s -j ACCEPT\n", dnsfsrv.server1); } if (count == 2) { - fprintf(fp, "-A DNSFILTERI -d %s -j ACCEPT\n" - "-A DNSFILTERF -d %s -j ACCEPT\n", - dnsfsrv.server2, dnsfsrv.server2); + fprintf(fp, "-A DNSFILTERF -d %s -j ACCEPT\n", dnsfsrv.server2); } - fprintf(fp, "-A DNSFILTERI -j %s\n" - "-A DNSFILTERF -j DROP\n", - (dnsmode == DNSF_SRV_ROUTER ? "ACCEPT" : "DROP")); + + fprintf(fp, "-A DNSFILTERF -j DROP\n"); } } @@ -366,7 +356,6 @@ void dnsfilter_setup_dnsmasq(FILE *fp) { } free(nv); } -#endif // HND_ROUTER // Block DOT if the configured server isn't known to support DOT, to prevent bypassing dnsfilter with DOT diff --git a/release/src/router/rc/firewall.c b/release/src/router/rc/firewall.c index d19ada2cf32..591474dc9e5 100644 --- a/release/src/router/rc/firewall.c +++ b/release/src/router/rc/firewall.c @@ -2011,7 +2011,7 @@ void nat_setting(char *wan_if, char *wan_ip, char *wanx_if, char *wanx_ip, char if (fp_ipv6 != NULL) { fprintf(fp_ipv6, "*nat\n" ":DNSFILTER - [0:0]\n"); - dnsfilter6_settings(fp_ipv6); + dnsfilter6_settings_dnat(fp_ipv6); fprintf(fp_ipv6, "COMMIT\n"); fclose(fp_ipv6); eval("ip6tables-restore", "/tmp/nat_rules_ipv6.dnsfilter"); @@ -2495,7 +2495,7 @@ void nat_setting2(char *lan_if, char *lan_ip, char *logaccept, char *logdrop) // if (fp_ipv6 != NULL) { fprintf(fp_ipv6, "*nat\n" ":DNSFILTER - [0:0]\n"); - dnsfilter6_settings(fp_ipv6); + dnsfilter6_settings_dnat(fp_ipv6); fprintf(fp_ipv6, "COMMIT\n"); fclose(fp_ipv6); eval("ip6tables-restore", "/tmp/nat_rules_ipv6.dnsfilter"); @@ -6280,18 +6280,17 @@ mangle_setting(char *wan_if, char *wan_ip, char *lan_if, char *lan_ip, char *log #ifdef RTCONFIG_DNSFILTER #ifdef RTCONFIG_IPV6 -#ifndef HND_ROUTER +#ifndef BCM4912 /* 5.04 has full dnat support */ if (nvram_get_int("dnsfilter_enable_x") && ipv6_enabled()) { FILE *fp; fp = fopen("/tmp/mangle_rules_ipv6.dnsfilter", "w"); if (fp != NULL) { fprintf(fp, "*mangle\n" - ":DNSFILTERI - [0:0]\n" ":DNSFILTERF - [0:0]\n" ":DNSFILTER_DOT - [0:0]\n"); - dnsfilter6_settings(fp); + dnsfilter6_settings_mangle(fp); fprintf(fp, "COMMIT\n"); fclose(fp); @@ -6299,7 +6298,7 @@ mangle_setting(char *wan_if, char *wan_ip, char *lan_if, char *lan_ip, char *log eval("ip6tables-restore", "/tmp/mangle_rules_ipv6.dnsfilter"); } } -#endif /* HND_ROUTER */ +#endif /* BCM4912 */ #endif /* RTCONFIG_IPV6 */ #endif /* RTCONFIG_DNSFILTER */ @@ -6490,18 +6489,17 @@ mangle_setting2(char *lan_if, char *lan_ip, char *logaccept, char *logdrop) #ifdef RTCONFIG_DNSFILTER #ifdef RTCONFIG_IPV6 -#ifndef HND_ROUTER +#ifndef BCM4912 /* 5.04 has full dnat support */ if (nvram_get_int("dnsfilter_enable_x") && ipv6_enabled()) { FILE *fp; fp = fopen("/tmp/mangle_rules_ipv6.dnsfilter", "w"); if (fp != NULL) { fprintf(fp, "*mangle\n" - ":DNSFILTERI - [0:0]\n" ":DNSFILTERF - [0:0]\n" ":DNSFILTER_DOT - [0:0]\n"); - dnsfilter6_settings(fp); + dnsfilter6_settings_mangle(fp); fprintf(fp, "COMMIT\n"); fclose(fp); @@ -6509,7 +6507,7 @@ mangle_setting2(char *lan_if, char *lan_ip, char *logaccept, char *logdrop) eval("ip6tables-restore", "/tmp/mangle_rules_ipv6.dnsfilter"); } } -#endif /* HND_ROUTER */ +#endif /* BCM4912 */ #endif /* RTCONFIG_IPV6 */ #endif /* RTCONFIG_DNSFILTER */ diff --git a/release/src/router/rc/rc.h b/release/src/router/rc/rc.h index 0ec0f0ae253..d1280648bec 100644 --- a/release/src/router/rc/rc.h +++ b/release/src/router/rc/rc.h @@ -2466,7 +2466,8 @@ int set_cable_media(const char *eth_inf, const char *media_type); // dnsfilter.c #ifdef RTCONFIG_DNSFILTER extern void dnsfilter_settings(FILE *fp); -extern void dnsfilter6_settings(FILE *fp); +extern void dnsfilter6_settings_dnat(FILE *fp); +extern void dnsfilter6_settings_mangle(FILE *fp); extern void dnsfilter_setup_dnsmasq(FILE *fp); extern void dnsfilter_dot_rules(FILE *fp); #ifdef HND_ROUTER diff --git a/release/src/router/rc/services.c b/release/src/router/rc/services.c index 2033674e79d..e01a1e66b64 100644 --- a/release/src/router/rc/services.c +++ b/release/src/router/rc/services.c @@ -1926,7 +1926,7 @@ void start_dnsmasq(void) } #endif /* RTCONFIG_YANDEXDNS */ -#if defined(RTCONFIG_DNSFILTER) && !defined(HND_ROUTER) +#ifdef RTCONFIG_DNSFILTER if (nvram_get_int("dnsfilter_enable_x")) dnsfilter_setup_dnsmasq(fp); #endif @@ -2051,8 +2051,10 @@ void start_dnsmasq(void) #ifdef RTCONFIG_DNSPRIVACY nvram_get_int("dnspriv_enable") || #endif - (nvram_get_int("dnsfilter_enable_x") && nvram_get_int("dnsfilter_mode")) ) // DNSFilter enabled in Global mode - ) +#ifdef RTCONFIG_DNSFILTER + (nvram_get_int("dnsfilter_enable_x") && nvram_get_int("dnsfilter_mode")) // DNSFilter enabled in Global mode +#endif + )) ) { fprintf(fp, "address=/use-application-dns.net/\n"); diff --git a/release/src/router/rc/udhcpc.c b/release/src/router/rc/udhcpc.c index c3eb33ff97a..67ae6e15136 100644 --- a/release/src/router/rc/udhcpc.c +++ b/release/src/router/rc/udhcpc.c @@ -2096,7 +2096,7 @@ start_dhcp6c(void) ((unsigned long)(duid.ea[3] & 0x0f) << 16) | ((unsigned long)(duid.ea[4]) << 8) | ((unsigned long)(duid.ea[5])) : 1; - i = (nvram_get_int(ipv6_nvname("ipv6_prefix_len_wan")) ? : 64); + i = (nvram_get_int(ipv6_nvname("ipv6_prefix_len_wan")) ? : 0); if ((i < 48) || (i > 64)) i = 0; snprintf(prefix_arg, sizeof(prefix_arg), "%d:%lx", i, iaid); diff --git a/release/src/router/rc/wan.c.orig b/release/src/router/rc/wan.c.orig deleted file mode 100644 index e576eb86bc8..00000000000 --- a/release/src/router/rc/wan.c.orig +++ /dev/null @@ -1,5224 +0,0 @@ -/* - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of - * the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, - * MA 02111-1307 USA - * - * Network services - * - * Copyright 2004, ASUSTeK Inc. - * All Rights Reserved. - * - * THIS SOFTWARE IS OFFERED "AS IS", AND BROADCOM GRANTS NO WARRANTIES OF ANY - * KIND, EXPRESS OR IMPLIED, BY STATUTE, COMMUNICATION OR OTHERWISE. BROADCOM - * SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A SPECIFIC PURPOSE OR NONINFRINGEMENT CONCERNING THIS SOFTWARE. - * - */ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#if !defined(__GLIBC__) && !defined(__UCLIBC__) /* musl */ -#include //have to in front of to avoid redefinition of 'struct ethhdr' -#endif -#include -#include -#include //PATH_MAX, LONG_MIN, LONG_MAX - -#ifdef RTCONFIG_USB -#include -#endif - -#ifdef RTCONFIG_RALINK -#include -#endif - -#ifdef RTCONFIG_QCA -#include -#endif - -#ifdef RTCONFIG_ALPINE -#include -#endif - -#ifdef RTCONFIG_LANTIQ -#include -#endif - -#ifdef RTCONFIG_BCM9 -#include -#include -#endif - -#ifdef RTCONFIG_BWDPI -#include -#endif - -#if defined(RTCONFIG_QCA_PLC_UTILS) || defined(RTCONFIG_QCA_PLC2) -#include -#endif - -#if defined(RTCONFIG_AMAS) -#include -#endif -#define MAX_MAC_NUM 16 -static int mac_num; -static char mac_clone[MAX_MAC_NUM][18]; - -void convert_wan_nvram(char *prefix, int unit); - -#if defined(DSL_N55U) || defined(DSL_N55U_B) -int classATargetTable[]={ - 1, - 14, - 27, - 36, - 39, - 42, - 49, - 58, - 59, - 60, - 61, - 101, - 103, - 106, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 175, - 180, - 182, - 183, - 202, - 203, - 210, - 211, - 218, - 219, - 220, - 221, - 222, - 223 -}; - -int isTargetArea() -{ - int i; - char *ip = get_wanip(); - int prefixA = inet_network(ip) >> 24; -_dprintf("==>%s ip: %s, prefix: %d\n", __func__, ip, prefixA); - for(i=0; i/dev/null", wan_multi_gate[unit], wan_multi_if[unit]); -if(debug) printf("test 12. cmd=%s.\n", cmd); - system(cmd); - } - } - -if(debug) printf("test 26. route flush cache.\n"); - system("ip route flush cache"); - - file_unlock(lock); - return 0; -} -#endif - -int -add_routes(char *prefix, char *var, char *ifname) -{ - char word[80], *next; - char *ipaddr, *netmask, *gateway, *metric; - char tmp[100], *buf; -#if defined(RTCONFIG_IPV6) && (defined(RTAX82_XD6) || defined(RTAX82_XD6S)) - if (!strncmp(nvram_safe_get("territory_code"), "CH", 2) && - ipv6_enabled() && - nvram_match(ipv6_nvname("ipv6_only"), "1")) - return 0; -#endif - buf = strdup(nvram_safe_get(strcat_r(prefix, var, tmp))); - if (buf == NULL) - return -1; - - foreach(word, buf, next) { - netmask = word; - ipaddr = strsep(&netmask, ":"); - if (!ipaddr || !netmask) - continue; - gateway = netmask; - netmask = strsep(&gateway, ":"); - if (!netmask || !gateway) - continue; - metric = gateway; - gateway = strsep(&metric, ":"); - if (!gateway || !metric) - continue; - - /* Incorrect, empty and 0.0.0.0 - * probably need to allow empty gateway to set on-link route */ - if (inet_addr_(gateway) == INADDR_ANY) - gateway = nvram_safe_get_r(strcat_r(prefix, "xgateway", tmp), tmp, sizeof(tmp)); - route_add(ifname, atoi(metric) + 1, ipaddr, gateway, netmask); - } - free(buf); - - return 0; -} - -static void -add_dhcp_routes(char *prefix, char *ifname, int metric) -{ - char *routes, *tmp; - char nvname[sizeof("wanXXXXXXXXXX_routesXXX")]; - char *ipaddr, *gateway; - char netmask[sizeof("255.255.255.255")]; - struct in_addr mask; - int netsize; - - if (nvram_get_int("dr_enable_x") == 0) - return; - - /* classful static routes */ - routes = strdup(nvram_safe_get(strcat_r(prefix, "routes", nvname))); - for (tmp = routes; tmp && *tmp; ) { - ipaddr = strsep(&tmp, "/"); - gateway = strsep(&tmp, " "); - if (gateway && inet_addr(ipaddr) != INADDR_ANY) - route_add(ifname, metric + 1, ipaddr, gateway, netmask); - } - free(routes); - - /* ms claseless static routes */ - routes = strdup(nvram_safe_get(strcat_r(prefix, "routes_ms", nvname))); - for (tmp = routes; tmp && *tmp; ) { - ipaddr = strsep(&tmp, "/"); - netsize = atoi(strsep(&tmp, " ")); - gateway = strsep(&tmp, " "); - if (gateway && netsize > 0 && netsize <= 32 && inet_addr(ipaddr) != INADDR_ANY) { - mask.s_addr = htonl(0xffffffff << (32 - netsize)); - strcpy(netmask, inet_ntoa(mask)); - route_add(ifname, metric + 1, ipaddr, gateway, netmask); - } - } - free(routes); - - /* rfc3442 classless static routes */ - routes = strdup(nvram_safe_get(strcat_r(prefix, "routes_rfc", nvname))); - for (tmp = routes; tmp && *tmp; ) { - ipaddr = strsep(&tmp, "/"); - netsize = atoi(strsep(&tmp, " ")); - gateway = strsep(&tmp, " "); - if (gateway && netsize > 0 && netsize <= 32 && inet_addr(ipaddr) != INADDR_ANY) { - mask.s_addr = htonl(0xffffffff << (32 - netsize)); - strcpy(netmask, inet_ntoa(mask)); - route_add(ifname, metric + 1, ipaddr, gateway, netmask); - } - } - free(routes); -} - -int -del_routes(char *prefix, char *var, char *ifname) -{ - char word[80], *next; - char *ipaddr, *netmask, *gateway, *metric; - char tmp[100], *buf; - - buf = strdup(nvram_safe_get(strcat_r(prefix, var, tmp))); - if (buf == NULL) - return -1; - - foreach(word, buf, next) { - _dprintf("%s: %s\n", __FUNCTION__, word); - - netmask = word; - ipaddr = strsep(&netmask, ":"); - if (!ipaddr || !netmask) - continue; - gateway = netmask; - netmask = strsep(&gateway, ":"); - if (!netmask || !gateway) - continue; - - metric = gateway; - gateway = strsep(&metric, ":"); - if (!gateway || !metric) - continue; - - if (inet_addr_(gateway) == INADDR_ANY) - gateway = nvram_safe_get_r(strcat_r(prefix, "xgateway", tmp), tmp, sizeof(tmp)); - - route_del(ifname, atoi(metric) + 1, ipaddr, gateway, netmask); - } - free(buf); - - return 0; -} - -#if 0 -#ifdef RTCONFIG_IPV6 -void -stop_ecmh(void) -{ - if (pids("ecmh")) - { - killall_tk("ecmh"); - sleep(1); - } -} - -void -start_ecmh(const char *wan_ifname) -{ - int service = get_ipv6_service(); - - stop_ecmh(); - - if (!wan_ifname || (strlen(wan_ifname) <= 0)) - return; - - if (!nvram_get_int("mr_enable_x")) - return; - - switch (service) { - case IPV6_NATIVE_DHCP: - case IPV6_MANUAL: -#ifdef RTCONFIG_6RELAYD - case IPV6_PASSTHROUGH: -#endif - eval("/bin/ecmh", "-u", nvram_safe_get("http_username"), "-i", (char*)wan_ifname); - break; - } -} -#endif -#endif - -#ifdef RTCONFIG_IMPROXY -static const char *improxy_name(int family) -{ - switch (family) { - case AF_INET: - return "improxy-igmp"; -#ifdef RTCONFIG_IPV6 - case AF_INET6: - return "improxy-mld"; -#endif - default: - return "improxy"; - } -} - -void -stop_improxy(int family) -{ - char pidfile[sizeof("/var/run/improxy-xxxx.pid")]; - - if (family != AF_UNSPEC) { - snprintf(pidfile, sizeof(pidfile), "/var/run/%s.pid", improxy_name(family)); - kill_pidfile_tk(pidfile); - } else - killall_tk("improxy"); -} - -int -start_improxy(int family, char *wan_ifname) -{ - char options[sizeof("/etc/improxy-xxxx.conf")]; - char pidfile[sizeof("/var/run/improxy-xxxx.pid")]; - char *improxy_argv[] = { "/usr/sbin/improxy", - "-c", options, - "-p", pidfile, - NULL - }; - const char *fname; - FILE *fp; - pid_t pid; - - fname = improxy_name(family); - snprintf(options, sizeof(options), "/etc/%s.conf", fname); - snprintf(pidfile, sizeof(pidfile), "/var/run/%s.pid", fname); - - if ((fp = fopen(options, "w")) == NULL) { - perror(options); - return -1; - } - - fprintf(fp, - "igmp %s version %d\n" /* default igmp version */ -#ifdef RTCONFIG_IPV6 - "mld %s version %d\n" /* default mld version */ -#endif - "upstream %s\n" /* upstream interface */ - "downstream %s\n" /* downstream interface */ - "quickleave %s\n", /* fast leave */ - (family == AF_UNSPEC || family == AF_INET) ? "enable" : "disable", - nvram_get_int("mr_igmp_ver") ? : 3, -#ifdef RTCONFIG_IPV6 - (family == AF_UNSPEC || family == AF_INET6) ? "enable" : "disable", - nvram_get_int("mr_mld_ver") ? : 2, -#endif - wan_ifname, - nvram_get("lan_ifname") ? : "br0", - nvram_get_int("mr_qleave_x") ? "enable" : "disable"); - - fclose(fp); - - return _eval(improxy_argv, NULL, 0, &pid); -} -#endif - -void -stop_igmpproxy() -{ - if (pids("udpxy")) { - _dprintf("stop udpxy [%s]\n"); - killall_tk("udpxy"); - } - - _dprintf("stop igmpproxy\n"); - -#ifdef RTCONFIG_IMPROXY - stop_improxy(AF_INET); -#elif defined(BLUECAVE) - stop_mcast_proxy(); -#elif defined(HND_ROUTER) || defined(MCPD_PROXY) - /* nothing yet */ -#else - if (pids("igmpproxy")) - killall_tk("igmpproxy"); -#endif -} - -void -start_igmpproxy(char *wan_ifname) -{ -#ifdef RTCONFIG_DSL -#ifdef RTCONFIG_DUALWAN -#if !defined(RTCONFIG_MULTISERVICE_WAN) - if ( nvram_match("wan0_ifname", wan_ifname) - && get_dualwan_primary() == WANS_DUALWAN_IF_DSL) { - if (nvram_get_int("dslx_config_num") > 1) - wan_ifname = STB_BR_IF; - } -#endif -#else - if (nvram_get_int("dslx_config_num") > 1) - wan_ifname = STB_BR_IF; -#endif -#endif -#ifdef RTCONFIG_MULTISERVICE_WAN - char iptv_ifname[16] = {0}; - nvram_safe_get_r("iptv_ifname", iptv_ifname, sizeof(iptv_ifname)); - if (strcmp(wan_ifname, STB_BR_IF)) - wan_ifname = iptv_ifname; -#endif - -#ifdef RTCONFIG_MULTICAST_IPTV - if (nvram_get_int("switch_stb_x") > 6 && - !nvram_match("iptv_ifname", wan_ifname)) - return; -#endif - - stop_igmpproxy(); - - if (nvram_get_int("udpxy_enable_x")) { - _dprintf("start udpxy [%s]\n", nvram_get_int("udpxy_if_alt") ? get_wanface() : wan_ifname); - eval("/usr/sbin/udpxy", - "-m", nvram_get_int("udpxy_if_alt") ? get_wanface() : wan_ifname, - "-p", nvram_safe_get("udpxy_enable_x"), - "-B", "65536", - "-c", nvram_safe_get("udpxy_clients"), - "-a", nvram_get("lan_ifname") ? : "br0"); - } - -#if !defined(HND_ROUTER) - if (!nvram_get_int("mr_enable_x")) - return; -#endif - - _dprintf("start igmpproxy [%s]\n", wan_ifname); - -#ifdef RTCONFIG_IMPROXY - start_improxy(AF_INET, wan_ifname); -#elif defined(BLUECAVE) - nvram_set("igmp_ifname", wan_ifname); - start_mcast_proxy(); -#elif defined(HND_ROUTER) || defined(MCPD_PROXY) - nvram_set("igmp_ifname", wan_ifname); - start_mcpd_proxy(); -#else - FILE *fp; - static char *igmpproxy_conf = "/tmp/igmpproxy.conf"; - char *altnet, buf[32]; - - if ((fp = fopen(igmpproxy_conf, "w")) == NULL) { - perror(igmpproxy_conf); - return; - } - - snprintf(buf, sizeof(buf), "%s", nvram_safe_get("mr_altnet_x")); - altnet = buf; - - if (nvram_get_int("mr_qleave_x")) - fprintf(fp, "quickleave\n"); - fprintf(fp, - "phyint %s upstream ratelimit 0 threshold 1 altnet %s\n" - "phyint %s downstream ratelimit 0 threshold 1\n", - wan_ifname, *altnet ? altnet : "0.0.0.0/0", - nvram_get("lan_ifname") ? : "br0"); - - append_custom_config("igmpproxy.conf", fp); - fclose(fp); - use_custom_config("igmpproxy.conf", igmpproxy_conf); - run_postconf("igmpproxy", igmpproxy_conf); - - eval("/usr/sbin/igmpproxy", igmpproxy_conf); -#endif -} - -#ifdef RTCONFIG_IPV6 -void -stop_mldproxy() -{ - _dprintf("stop mldproxy\n"); - -#ifdef RTCONFIG_IMPROXY - stop_improxy(AF_INET6); -#endif -} - -void -start_mldproxy(char *wan_ifname) -{ - stop_mldproxy(); - - if ((nvram_get_int("mr_enable_x") & 2) == 0) - return; - - _dprintf("start mldproxy [%s]\n", wan_ifname); - -#ifdef RTCONFIG_IMPROXY - start_improxy(AF_INET6, wan_ifname); -#endif -} -#endif - -int -wan_prefix(char *ifname, char *prefix) -{ - int unit; - - if ((unit = wan_ifunit(ifname)) < 0 && - (unit = wanx_ifunit(ifname)) < 0) { -#ifdef DEBUG - if(wan_ifunit(ifname) < 0) - logmessage("wan", "[%s] exit [%d], ifname:[%s]", __FUNCTION__, __LINE__, ifname); - if(wanx_ifunit(ifname) < 0) - logmessage("wan", "[%s] exit [%d], ifname:[%s]", __FUNCTION__, __LINE__, ifname); -#endif - return -1; - } - - sprintf(prefix, "wan%d_", unit); - - return unit; -} - -static int -add_wan_routes(char *wan_ifname) -{ - char prefix[] = "wanXXXXXXXXXX_"; - - /* Figure out nvram variable name prefix for this i/f */ - if (wan_prefix(wan_ifname, prefix) < 0) - return -1; - - return add_routes(prefix, "route", wan_ifname); -} - -static int -del_wan_routes(char *wan_ifname) -{ - char prefix[] = "wanXXXXXXXXXX_"; - - /* Figure out nvram variable name prefix for this i/f */ - if (wan_prefix(wan_ifname, prefix) < 0) -#if 0 - return -1; -#else - snprintf(prefix, sizeof(prefix), "wan%d_", WAN_UNIT_FIRST); -#endif - - return del_routes(prefix, "route", wan_ifname); -} - -/* - * (1) wan[x]_ipaddr_x/wan[x]_netmask_x/wan[x]_gateway_x/...: - * static ip or ip get from dhcp - * - * (2) wan[x]_xipaddr/wan[x]_xnetmaskwan[x]_xgateway/...: - * ip get from dhcp when proto = l2tp/pptp/pppoe - * - * (3) wan[x]_ipaddr/wan[x]_netmask/wan[x]_gateway/...: - * always keeps the latest updated ip/netmask/gateway in system - * static: it is the same as (1) - * dhcp: - * - before getting ip from dhcp server, it is 0.0.0.0 - * - after getting ip from dhcp server, it is updated - * l2tp/pptp/pppoe with static ip: - * - before getting ip from vpn server, it is the same as (1) - * - after getting ip from vpn server, it is the one from vpn server - * l2tp/pptp/pppoe with dhcp ip: - * - before getting ip from dhcp server, it is 0.0.0.0 - * - before getting ip from vpn server, it is the one from vpn server - */ - -void update_wan_state(char *prefix, int state, int reason) -{ - char tmp[100], tmp1[100], *ptr; - int wan_proto, unit = -1; - - _dprintf("%s(%s, %d, %d)\n", __FUNCTION__, prefix, state, reason); - - if (strncmp(prefix, "wan", 3) == 0) - unit = atoi(prefix + 3); - - nvram_set_int(strcat_r(prefix, "state_t", tmp), state); - if(state == WAN_STATE_CONNECTED) - nvram_set_int(strcat_r(prefix, "sbstate_t", tmp), WAN_STOPPED_REASON_NONE); - else - nvram_set_int(strcat_r(prefix, "sbstate_t", tmp), reason); - - // 20110610, reset auxstate each time state is changed - nvram_set_int(strcat_r(prefix, "auxstate_t", tmp), 0); - - if (state == WAN_STATE_INITIALIZING) - { - wan_proto = get_wan_proto(prefix); - nvram_set(strcat_r(prefix, "proto_t", tmp), nvram_safe_get(strcat_r(prefix, "proto", tmp1))); - - /* reset wanX_* variables */ - if (!nvram_get_int(strcat_r(prefix, "dhcpenable_x", tmp))) { - nvram_set(strcat_r(prefix, "ipaddr", tmp), nvram_safe_get(strcat_r(prefix, "ipaddr_x", tmp1))); - nvram_set(strcat_r(prefix, "netmask", tmp), nvram_safe_get(strcat_r(prefix, "netmask_x", tmp1))); - nvram_set(strcat_r(prefix, "gateway", tmp), nvram_safe_get(strcat_r(prefix, "gateway_x", tmp1))); - } - else { - nvram_set(strcat_r(prefix, "ipaddr", tmp), "0.0.0.0"); - nvram_set(strcat_r(prefix, "netmask", tmp), "0.0.0.0"); - nvram_set(strcat_r(prefix, "gateway", tmp), "0.0.0.0"); - } - nvram_unset(strcat_r(prefix, "domain", tmp)); - nvram_unset(strcat_r(prefix, "lease", tmp)); - nvram_unset(strcat_r(prefix, "expires", tmp)); - nvram_unset(strcat_r(prefix, "routes", tmp)); - nvram_unset(strcat_r(prefix, "routes_ms", tmp)); - nvram_unset(strcat_r(prefix, "routes_rfc", tmp)); - - /* reset wanX_x* VPN variables */ - if (wan_proto == WAN_PPPOE || wan_proto == WAN_PPTP || wan_proto == WAN_L2TP) { - nvram_set(strcat_r(prefix, "xipaddr", tmp), nvram_safe_get(strcat_r(prefix, "ipaddr", tmp1))); - nvram_set(strcat_r(prefix, "xnetmask", tmp), nvram_safe_get(strcat_r(prefix, "netmask", tmp1))); - nvram_set(strcat_r(prefix, "xgateway", tmp), nvram_safe_get(strcat_r(prefix, "gateway", tmp1))); - } else { - nvram_set(strcat_r(prefix, "xipaddr", tmp), "0.0.0.0"); - nvram_set(strcat_r(prefix, "xnetmask", tmp), "0.0.0.0"); - nvram_set(strcat_r(prefix, "xgateway", tmp), "0.0.0.0"); - } - nvram_unset(strcat_r(prefix, "xdomain", tmp)); - nvram_unset(strcat_r(prefix, "xlease", tmp)); - nvram_unset(strcat_r(prefix, "xexpires", tmp)); - nvram_unset(strcat_r(prefix, "xroutes", tmp)); - nvram_unset(strcat_r(prefix, "xroutes_ms", tmp)); - nvram_unset(strcat_r(prefix, "xroutes_rfc", tmp)); - - /* reset wanX_dns && wanX_xdns VPN */ - ptr = nvram_get_int(strcat_r(prefix, "dnsenable_x", tmp)) ? "" : - get_userdns_r(prefix, tmp1, sizeof(tmp1)); - nvram_set(strcat_r(prefix, "dns", tmp), ptr); - if (nvram_match(strcat_r(prefix, "proto", tmp), "pppoe") || - nvram_match(strcat_r(prefix, "proto", tmp), "pptp") || - nvram_match(strcat_r(prefix, "proto", tmp), "l2tp")) - nvram_set(strcat_r(prefix, "xdns", tmp), ptr); - else - nvram_unset(strcat_r(prefix, "xdns", tmp)); - -#ifdef RTCONFIG_IPV6 - nvram_set(strcat_r(prefix, "6rd_ip4size", tmp), ""); - nvram_set(strcat_r(prefix, "6rd_router", tmp), ""); - nvram_set(strcat_r(prefix, "6rd_prefix", tmp), ""); - nvram_set(strcat_r(prefix, "6rd_prefixlen", tmp), ""); -#endif -#ifdef RTCONFIG_TR069 -// nvram_unset(strcat_r(prefix, "tr_acs_url", tmp)); -// nvram_unset(strcat_r(prefix, "tr_pvgcode", tmp)); -#endif - } -#if 0 - else if (state == WAN_STATE_STOPPED) { - // Save Stopped Reason - // keep ip info if it is stopped from connected - nvram_set_int(strcat_r(prefix, "sbstate_t", tmp), reason); - } -#endif - else if(state == WAN_STATE_STOPPING) { - snprintf(tmp, sizeof(tmp), "/var/run/ppp-wan%d.status", unit); - unlink(tmp); - } - - sprintf(tmp,"%d", unit); - - switch (state) { - case WAN_STATE_INITIALIZING: - strcpy(tmp1, "init"); - break; - case WAN_STATE_CONNECTING: - strcpy(tmp1, "connecting"); - break; - case WAN_STATE_CONNECTED: - strcpy(tmp1, "connected"); - break; - case WAN_STATE_DISCONNECTED: - strcpy(tmp1, "disconnected"); - break; - case WAN_STATE_STOPPED: - strcpy(tmp1, "stopped"); - break; - case WAN_STATE_DISABLED: - strcpy(tmp1, "disabled"); - break; - case WAN_STATE_STOPPING: - strcpy(tmp1, "stopping"); - break; - default: - sprintf(tmp1, "state %d", state); - } - - run_custom_script("wan-event", 0, tmp, tmp1); - - /* For backward/legacy compatibility */ - if (state == WAN_STATE_CONNECTED) { - sprintf(tmp,"%c",prefix[3]); - run_custom_script("wan-start", 0, tmp, NULL); - } -} - -#ifdef RTCONFIG_IPV6 -// for one ipv6 in current stage -void update_wan6_state(char *prefix, int state, int reason) -{ - char tmp[100]; - - _dprintf("%s(%s, %d, %d)\n", __FUNCTION__, prefix, state, reason); - - nvram_set_int(strcat_r(prefix, "state_t", tmp), state); - nvram_set_int(strcat_r(prefix, "sbstate_t", tmp), 0); - - if (state == WAN_STATE_INITIALIZING) - { - } - else if (state == WAN_STATE_STOPPED) { - // Save Stopped Reason - // keep ip info if it is stopped from connected - nvram_set_int(strcat_r(prefix, "sbstate_t", tmp), reason); - } -} -#endif - -// IPOA test case -// 111.235.232.137 (gateway) -// 111.235.232.138 (ip) -// 255.255.255.252 (netmask) - -// cat /proc/net/arp -// arp -na - -#ifdef RTCONFIG_DSL_REMOTE -static int start_ipoa() -{ - char tc_mac[32]; - char ip_addr[32]; - char ip_mask[32]; - char ip_gateway[32]; - int try_cnt; - FILE* fp_dsl_mac; - FILE* fp_log; - - int NeighborIpNum; - int i; - int NeiBaseIpNum; - int LastIpNum; - int NetMaskLastIpNum; - char NeighborIpPrefix[32]; - int ip_addr_dot_cnt; - char CmdBuf[128]; - - // mac address is adsl mac - for (try_cnt = 0; try_cnt < 10; try_cnt++) - { - fp_dsl_mac = fopen("/tmp/adsl/tc_mac.txt","r"); - if (fp_dsl_mac != NULL) - { - fgets(tc_mac,sizeof(tc_mac),fp_dsl_mac); - fclose(fp_dsl_mac); - break; - } - usleep(1000*1000); - } - -#ifdef RTCONFIG_DUALWAN - if (get_dualwan_secondary()==WANS_DUALWAN_IF_DSL) - { - strcpy(ip_gateway, nvram_safe_get("wan1_gateway")); - strcpy(ip_addr, nvram_safe_get("wan1_ipaddr")); - strcpy(ip_mask, nvram_safe_get("wan1_netmask")); - } - else - { - strcpy(ip_gateway, nvram_safe_get("wan0_gateway")); - strcpy(ip_addr, nvram_safe_get("wan0_ipaddr")); - strcpy(ip_mask, nvram_safe_get("wan0_netmask")); - } -#else - strcpy(ip_gateway, nvram_safe_get("wan0_gateway")); - strcpy(ip_addr, nvram_safe_get("wan0_ipaddr")); - strcpy(ip_mask, nvram_safe_get("wan0_netmask")); -#endif - - // we only support maximum 256 neighbor host - if (strncmp("255.255.255",ip_mask,11) != 0) - { - fp_log = fopen("/tmp/adsl/ipoa_too_many_neighbors.txt","w"); - fputs("ErrorMsg",fp_log); - fclose(fp_log); - return -1; - } - -// -// do not send arp to neighborhood and gateway -// - - ip_addr_dot_cnt = 0; - for (i=0; i= 3) break; - } - NeighborIpPrefix[i]=ip_addr[i]; - } - NeighborIpPrefix[i] = 0; - - LastIpNum = atoi(&ip_addr[i+1]); - NetMaskLastIpNum = atoi(&ip_mask[12]); - NeighborIpNum = ((~NetMaskLastIpNum) + 1)&0xff; - NeiBaseIpNum = LastIpNum & NetMaskLastIpNum; - - // - // add gateway host - // -#ifdef RTCONFIG_DSL_TCLINUX - eval("arp","-i",nvram_safe_get("wan0_ifname"),"-a",ip_gateway,"-s",tc_mac); -#else - eval("arp","-i","br0","-a",ip_gateway,"-s",tc_mac); -#endif - - // add neighbor hosts - for (i=0; i= 3) break; - } - NeighborIpPrefix[i]=ip_addr[i]; - } - NeighborIpPrefix[i] = 0; - - LastIpNum = atoi(&ip_addr[i+1]); - NetMaskLastIpNum = atoi(&ip_mask[12]); - NeighborIpNum = ((~NetMaskLastIpNum) + 1)&0xff; - NeiBaseIpNum = LastIpNum & NetMaskLastIpNum; - - // - // delete gateway host - // - eval("arp","-d",ip_gateway); - - // delete neighbor hosts - for (i=0; i WAN_UNIT_NONE) - { //GENERIC WAN - int i = 1; - for(i = 1; i < WAN_MULTISRV_MAX; i++) { - config_mswan(get_ms_wan_unit(unit, i)); - start_wan_if(get_ms_wan_unit(unit, i)); - } - } - } -#endif - - TRACE_PT("unit=%d.\n", unit); - snprintf(prefix, sizeof(prefix), "wan%d_", unit); - - /* variable should exist? */ - if (nvram_match(strcat_r(prefix, "enable", tmp), "0")) { - update_wan_state(prefix, WAN_STATE_DISABLED, 0); -#ifdef RTCONFIG_WIFI_SON - nvram_set_int("link_internet", 0); -#endif - return; - } -#if defined(RTCONFIG_JFFS2) || defined(RTCONFIG_BRCM_NAND_JFFS2) || defined(RTCONFIG_UBIFS) - // had detected the DATA limit before. - else if(get_wan_sbstate(unit) == WAN_STOPPED_REASON_DATALIMIT){ - TRACE_PT("start_wan_if: Data limit was detected and skip the start_wan_if().\n"); - return; - } -#endif - - update_wan_state(prefix, WAN_STATE_INITIALIZING, 0); - -#if defined(BCM4912) - snprintf(wan_ifname, sizeof(wan_ifname), "%s", nvram_safe_get(strcat_r(prefix, "ifname", tmp))); - if(strlen(wan_ifname) && strstr(wan_ifname, "eth") != NULL) { -#ifdef RTCONFIG_DUALWAN - if(!nvram_contains_word("wans_dualwan", "none") && - WAN_STATE_CONNECTED == nvram_get_int(strcat_r(prefix, "state_t", tmp))) { - phy_pwr_skip = 1; - } -#endif - if(!phy_pwr_skip) { - nvram_set("freeze_duck", "5"); - doSystem("ethctl %s phy-power down", wan_ifname); - sleep(1); - doSystem("ethctl %s phy-power up", wan_ifname); - } - } -#endif - -#if defined(RTCONFIG_DUALWAN) || defined(RTCONFIG_USB_MODEM) - wan_type = get_dualwan_by_unit(unit); -#endif - -#ifdef RTCONFIG_DUALWAN - if (is_router_mode()) { - if (get_wans_dualwan()&WANSCAP_WAN && get_wans_dualwan()&WANSCAP_LAN) - check_wan_nvram(); - } -#endif - -#ifdef RTCONFIG_USB_MODEM - if (dualwan_unit__usbif(unit)) { - FILE *fp; - -#ifdef RTCONFIG_USB_MODEM - modem_unit = get_modemunit_by_type(get_dualwan_by_unit(unit)); - usb_modem_prefix(modem_unit, prefix2, sizeof(prefix2)); - snprintf(env_unit, sizeof(env_unit), "unit=%d", modem_unit); - - if(nvram_get_int(strcat_r(prefix2, "act_scanning", tmp2)) != 0){ -_dprintf("start_wan_if: USB modem is scanning...\n"); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_USBSCAN); - return; - } - else -#endif - if(is_usb_modem_ready(get_dualwan_by_unit(unit)) != 1){ - TRACE_PT("No USB Modem!\n"); - return; - } - - TRACE_PT("3g begin.\n"); - update_wan_state(prefix, WAN_STATE_CONNECTING, WAN_STOPPED_REASON_NONE); - - putenv(env_unit); - eval("/usr/sbin/find_modem_type.sh"); - unsetenv("unit"); - snprintf(modem_type, sizeof(modem_type), "%s", nvram_safe_get(strcat_r(prefix2, "act_type", tmp2))); - - if(nvram_match("g3err_pin", "1") - && strcmp(modem_type, "rndis")){ // Android phone's shared network don't need to check SIM - TRACE_PT("3g end: PIN error previously!\n"); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_PINCODE_ERR); - return; - } - - if(!strcmp(modem_type, "tty") || !strcmp(modem_type, "qmi") || !strcmp(modem_type, "mbim") || !strcmp(modem_type, "gobi")){ - if(strcmp(modem_type, "gobi") && !strcmp(nvram_safe_get(strcat_r(prefix2, "act_int", tmp2)), "")){ - if(!strcmp(modem_type, "qmi")){ // e.q. Huawei E398. - TRACE_PT("Sleep 3 seconds to wait modem nodes.\n"); - sleep(3); - } - } - - // find the modem node at every start_wan_if() to avoid the incorrct one sometimes. - putenv(env_unit); - eval("/usr/sbin/find_modem_node.sh"); - unsetenv("unit"); - } - - if(nvram_get_int(strcat_r(prefix2, "act_reset", tmp2)) == 1){ - // need to execute find_modem_xxx.sh again. - TRACE_PT("3g end: Reseting the modem...\n"); - return; - } - - /* Stop pppd */ - stop_pppd(unit); - - /* Stop dhcp client */ - stop_udhcpc(unit); - -#if defined(RTCONFIG_JFFS2) || defined(RTCONFIG_BRCM_NAND_JFFS2) || defined(RTCONFIG_UBIFS) - unsigned long long rx, tx; - unsigned long long total, limit; - - rx = strtoull(nvram_safe_get("modem_bytes_rx"), NULL, 10); - tx = strtoull(nvram_safe_get("modem_bytes_tx"), NULL, 10); - limit = strtoull(nvram_safe_get("modem_bytes_data_limit"), NULL, 10); - - total = rx+tx; - - if(limit > 0 && total >= limit){ - TRACE_PT("3g end: Data limit was set: limit %llu, now %llu.\n", limit, total); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_DATALIMIT); - return; - } -#endif - - if(nvram_get_int("stop_conn_3g") == 1){ - write_3g_ppp_conf(get_modemunit_by_type(wan_type)); - } - else if(strcmp(modem_type, "wimax")){ - putenv(env_unit); -#ifdef RT4GAC86U - system("/usr/sbin/modem_enable.sh >> /tmp/usb.log"); -#else - char *modem_argv[] = {"/usr/sbin/modem_enable.sh", NULL}; - _eval(modem_argv, ">>/tmp/usb.log", 0, NULL); -#endif - unsetenv("unit"); - - if(strcmp(modem_type, "rndis")){ // Android phone's shared network don't need to check SIM - if(nvram_match("g3err_pin", "1")){ - TRACE_PT("3g end: PIN error!\n"); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_PINCODE_ERR); - return; - } - - snprintf(tmp, sizeof(tmp), "%s", nvram_safe_get(strcat_r(prefix2, "act_sim", tmp2))); - if(strlen(tmp) > 0){ - int sim_state = atoi(tmp); - if(sim_state == 2 || sim_state == 3){ - TRACE_PT("3g end: Need to input PIN or PUK.\n"); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_PINCODE_ERR); - return; - } - else if(sim_state != 1){ - TRACE_PT("3g end: SIM isn't ready.\n"); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_NONE); - return; - } - } - } - } - - if((!strcmp(modem_type, "tty") || !strcmp(modem_type, "mbim")) - && write_3g_ppp_conf(get_modemunit_by_type(wan_type)) - && (fp = fopen(PPP_CONF_FOR_3G, "r")) != NULL){ - fclose(fp); - - // run as ppp proto. - nvram_set(strcat_r(prefix, "proto", tmp), "pppoe"); -#ifndef RTCONFIG_DUALWAN - nvram_set(strcat_r(prefix, "dhcpenable_x", tmp), "1"); - nvram_set(strcat_r(prefix, "vpndhcp", tmp), "0"); - nvram_set(strcat_r(prefix, "dnsenable_x", tmp), "1"); -#endif - - char *pppd_argv[] = { "/usr/sbin/pppd", "call", "3g", NULL}; - - if(nvram_get_int("stop_conn_3g") != 1) - _eval(pppd_argv, NULL, 0, NULL); - else - TRACE_PT("stop_conn_3g was set.\n"); - } - // RNDIS, QMI interface: usbX, Beceem interface: usbbcm -> ethX, gct(mad)wimax: wimaxX. - else{ - snprintf(wan_ifname, sizeof(wan_ifname), "%s", nvram_safe_get(strcat_r(prefix, "ifname", tmp))); -TRACE_PT("3g begin with %s.\n", wan_ifname); - - if(strlen(wan_ifname) <= 0){ -#ifdef RTCONFIG_USB_BECEEM - snprintf(usb_node, sizeof(usb_node), "%s", nvram_safe_get("usb_modem_act_path")); - if(strlen(usb_node) <= 0) - return; - - if(get_path_by_node(usb_node, port_path, 8) != NULL){ - snprintf(nvram_name, sizeof(nvram_name), "usb_path%s", port_path); - TRACE_PT("RNDIS/Beceem: start_wan_if.\n"); - - if(!strcmp(nvram_safe_get(nvram_name), "modem")){ - snprintf(nvram_name, sizeof(nvram_name), "usb_path%s_vid", port_path); - uvid = strtoul(nvram_safe_get(nvram_name), NULL, 16); - snprintf(nvram_name, sizeof(nvram_name), "usb_path%s_pid", port_path); - upid = strtoul(nvram_safe_get(nvram_name), NULL, 16); - - if(is_samsung_dongle(1, uvid, upid)){ - modprobe("tun"); - sleep(1); - - xstart("madwimax"); - } - else if(is_gct_dongle(1, uvid, upid)){ - modprobe("tun"); - sleep(1); - - write_gct_conf(); - - xstart("gctwimax", "-C", WIMAX_CONF); - } - } - } -#endif - - return; - } - -#define MAX_TRY_IFUP 3 - for (i = 0; i < MAX_TRY_IFUP; i++) { - if (_ifconfig_get(wan_ifname, &flags, NULL, NULL, NULL, &mtu) != 0) { - TRACE_PT("Couldn't read the flags of %s!\n", wan_ifname); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_SYSTEM_ERR); - return; - } - -#ifdef SET_USB_MODEM_MTU_ETH - modem_mtu = nvram_get_int("modem_mtu"); - mtu = (modem_mtu >= 576 && modem_mtu < mtu) ? modem_mtu : 0; - if ((flags & IFF_UP) && !mtu) - break; - else if(i == (MAX_TRY_IFUP-1)){ - TRACE_PT("Interface %s couldn't be up!\n", wan_ifname); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_SYSTEM_ERR); - return; - } - - _ifconfig(wan_ifname, flags | IFUP, NULL, NULL, NULL, mtu); -#else - if ((flags & IFF_UP)) - break; - else if(i == (MAX_TRY_IFUP-1)){ - TRACE_PT("Interface %s couldn't be up!\n", wan_ifname); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_SYSTEM_ERR); - return; - } - - ifconfig(wan_ifname, flags | IFUP, NULL, NULL); -#endif - if (strcmp(modem_type, "gobi") == 0) - continue; - - TRACE_PT("%s: wait %s(%s) be up, %d second...!\n", __FUNCTION__, modem_type, wan_ifname, i+1); - sleep(1); - } - - // run as dhcp proto. - nvram_set(strcat_r(prefix, "proto", tmp), "dhcp"); - nvram_set(strcat_r(prefix, "dhcpenable_x", tmp), "1"); - nvram_set(strcat_r(prefix, "dnsenable_x", tmp), "1"); - - // Android phone, RNDIS, QMI interface, Gobi. - if(!strncmp(wan_ifname, "usb", 3) || !strncmp(wan_ifname, "wwan", 4) - // RNDIS devices should always be named "lte%d" in LTQ platform - || !strncmp(wan_ifname, "lte", 3) - ){ - if(nvram_get_int("stop_conn_3g") != 1){ -#ifdef RTCONFIG_TCPDUMP - char *tcpdump_argv[] = { "/usr/sbin/tcpdump", "-i", wan_ifname, "-nnXw", "/tmp/udhcpc.pcap", NULL}; - - if(nvram_get_int("dhcp_dump")){ - _eval(tcpdump_argv, NULL, 0, &pid); - sleep(2); - } -#endif -#ifdef RTCONFIG_INTERNAL_GOBI - /* Skip dhcp for IPv6-only USB modem */ - if (nvram_get_int("modem_pdp") == 2) { - //wan_ifname = get_wan6face(); - ifconfig(wan_ifname, IFUP, "0.0.0.0", NULL); - wan_up(wan_ifname); - } else -#endif - { - dbG("start udhcpc(%d): %s.\n", unit, wan_ifname); - start_udhcpc(wan_ifname, unit, &pid); - } - } - else - TRACE_PT("stop_conn_3g was set.\n"); - } - // Beceem dongle, ASIX USB to RJ45 converter, Huawei E353. - else if(!strncmp(wan_ifname, "eth", 3)){ -#ifdef RTCONFIG_USB_BECEEM - write_beceem_conf(wan_ifname); -#endif - - if(nvram_get_int("stop_conn_3g") != 1){ - snprintf(usb_node, sizeof(usb_node), "%s", nvram_safe_get(strcat_r(prefix2, "act_path", tmp2))); - if(strlen(usb_node) <= 0) - return; - - if(get_path_by_node(usb_node, port_path, 8) == NULL) - return; - - snprintf(nvram_name, sizeof(nvram_name), "usb_path%s_act", port_path); - - if(!strcmp(nvram_safe_get(nvram_name), wan_ifname)) - start_udhcpc(wan_ifname, unit, &pid); - -#ifdef RTCONFIG_USB_BECEEM - if(strlen(nvram_safe_get(nvram_name)) <= 0){ - char buf[128]; - - snprintf(buf, sizeof(buf), "wimaxd -c %s", WIMAX_CONF); - TRACE_PT("%s: cmd=%s.\n", __FUNCTION__, buf); - system(buf); - sleep(3); - - TRACE_PT("%s: cmd=wimaxc search.\n", __FUNCTION__); - system("wimaxc search"); - TRACE_PT("%s: sleep 10 seconds.\n", __FUNCTION__); - sleep(10); - - TRACE_PT("%s: cmd=wimaxc connect.\n", __FUNCTION__); - system("wimaxc connect"); - } -#endif - } - else - TRACE_PT("stop_conn_3g was set.\n"); - } -#ifdef RTCONFIG_USB_BECEEM - else if(!strncmp(wan_ifname, "wimax", 5)){ - if(nvram_get_int("stop_conn_3g") != 1) - start_udhcpc(wan_ifname, unit, &pid); - else - TRACE_PT("stop_conn_3g was set.\n"); - } -#endif - } - - TRACE_PT("3g end.\n"); - return; - } - else -#endif - if (dualwan_unit__nonusbif(unit)) { - convert_wan_nvram(prefix, unit); - - /* make sure the connection exists and is enabled */ - snprintf(wan_ifname, sizeof(wan_ifname), "%s", nvram_safe_get(strcat_r(prefix, "ifname", tmp))); - if (*wan_ifname == '\0') - return; - - wan_proto = get_wan_proto(prefix); - if (wan_proto == WAN_DISABLED) { - update_wan_state(prefix, WAN_STATE_DISABLED, 0); - return; - } - - /* Set i/f hardware address before bringing it up */ - if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_SYSTEM_ERR); - return; - } - - strlcpy(ifr.ifr_name, wan_ifname, IFNAMSIZ); - - /* Since WAN interface may be already turned up (by vlan.c), - if WAN hardware address is specified (and different than the current one), - we need to make it down for synchronizing hwaddr. */ - if (ioctl(s, SIOCGIFHWADDR, &ifr)) { - close(s); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_SYSTEM_ERR); - return; - } -#if defined(TUFAX3000_V2) - if (!strcmp(wan_ifname, "eth1")) - doSystem("ethswctl -c wan -i %s -o %s", wan_ifname, "enable"); -#endif -#ifdef RTCONFIG_IPV6 -#if (defined(RTAX82_XD6) || defined(RTAX82_XD6S)) - if ((wan_proto == WAN_STATIC) && - !strncmp(nvram_safe_get("territory_code"), "CH", 2) && - ipv6_enabled() && - nvram_match(ipv6_nvname("ipv6_only"), "1")) - wan_proto = WAN_DHCP; -#endif - /* Enable wired IPv6 interface */ - int need_linklocal_addr = 0; - switch (get_ipv6_service_by_unit(unit)) { - case IPV6_NATIVE_DHCP: - case IPV6_MANUAL: -#ifdef RTCONFIG_6RELAYD - case IPV6_PASSTHROUGH: -#endif - if (!(wan_proto == WAN_PPPOE || wan_proto == WAN_PPTP || wan_proto == WAN_L2TP) || - !nvram_match(ipv6_nvname("ipv6_ifdev"), "ppp")) { - enable_ipv6(wan_ifname); - need_linklocal_addr = 1; - break; - } - /* fall through */ - default: - disable_ipv6(wan_ifname); - break; - } -#endif - - ether_atoe((const char *) nvram_safe_get(strcat_r(prefix, "hwaddr", tmp)), (unsigned char *) eabuf); - if ((bcmp(eabuf, ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN))) - { - /* current hardware address is different than user specified */ - ifconfig(wan_ifname, 0, NULL, NULL); - } - - /* Configure i/f only once, specially for wireless i/f shared by multiple connections */ - if (ioctl(s, SIOCGIFFLAGS, &ifr)) { - close(s); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_SYSTEM_ERR); - return; - } - - if (!(ifr.ifr_flags & IFF_UP)) { - /* Sync connection nvram address and i/f hardware address */ - memset(ifr.ifr_hwaddr.sa_data, 0, ETHER_ADDR_LEN); - - if (nvram_match(strcat_r(prefix, "hwaddr", tmp), "") || - !ether_atoe((const char *) nvram_safe_get(strcat_r(prefix, "hwaddr", tmp)), (unsigned char *) ifr.ifr_hwaddr.sa_data) || - !memcmp(ifr.ifr_hwaddr.sa_data, "\0\0\0\0\0\0", ETHER_ADDR_LEN)) { - if (ioctl(s, SIOCGIFHWADDR, &ifr)) { - fprintf(stderr, "ioctl fail. continue\n"); - close(s); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_SYSTEM_ERR); - return; - } - nvram_set(strcat_r(prefix, "hwaddr", tmp), ether_etoa((unsigned char *) ifr.ifr_hwaddr.sa_data, eabuf)); - } - else { -#if defined(RTCONFIG_DETWAN) - unsigned char lan[6], wan[6]; - - ether_atoe((const char *) get_lan_hwaddr(), lan); - ether_atoe((const char *) get_wan_hwaddr(), wan); - - if (nvram_match(strcat_r(prefix, "ifname", tmp), "eth0")) { - if(memcmp(ifr.ifr_hwaddr.sa_data, lan, 6) == 0) - memcpy(ifr.ifr_hwaddr.sa_data, wan, 6); //change to the original mac when same as lan in eth0 - } else if (nvram_match(strcat_r(prefix, "ifname", tmp), "eth1")) { - if(memcmp(ifr.ifr_hwaddr.sa_data, wan, 6) == 0) - memcpy(ifr.ifr_hwaddr.sa_data, lan, 6); //change to the original mac when same as wan in eth1 - } -#endif /* RTCONFIG_DETWAN */ -#if defined(RTCONFIG_BONDING_WAN) && defined(RTCONFIG_QCA) - if (!strncmp(ifr.ifr_name, "bond", 4)) { - ether_etoa((unsigned char *) ifr.ifr_hwaddr.sa_data, eabuf); - set_bonding_iface_hwaddr(ifr.ifr_name, eabuf); - } else { -#endif - ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER; - ioctl(s, SIOCSIFHWADDR, &ifr); -#if defined(RTCONFIG_BONDING_WAN) && defined(RTCONFIG_QCA) - } -#endif - } - - wan_mtu = nvram_get_int(strcat_r(prefix, "mtu", tmp)); - - /* Bring up i/f */ - _ifconfig(wan_ifname, IFUP, NULL, NULL, NULL, wan_mtu); - } - close(s); - -#ifdef RTCONFIG_IPV6 - /* Reset linklocal address if necessary after interface is up */ - if (need_linklocal_addr && !with_ipv6_linklocal_addr(wan_ifname)) { - reset_ipv6_linklocal_addr(wan_ifname, 0); - enable_ipv6(wan_ifname); - } -#endif - - /* Set initial QoS mode again now that WAN port is ready. */ -#ifdef CONFIG_BCMWL5 - set_et_qos_mode(); -#endif - -#ifdef RTCONFIG_DUMP4000 -#define WANCAP_FILE1 "/tmp/wan1.pcap" -#define WANCAP_FILE2 "/tmp/wan2.pcap" - if (!f_exists(WANCAP_FILE1)) { /* first time, detection period */ - char *tcpdump_argv[] = { "/usr/sbin/tcpdump", "-i", wan_ifname, "-c", "4000", "-nn", "-w", WANCAP_FILE1, NULL}; - _dprintf("[DDDDD] run tcpdump 1st on %s!!\n", wan_ifname); - _eval(tcpdump_argv, NULL, 0, &pid); - sleep(1); - } else if (!f_exists(WANCAP_FILE2)) { /* second time, QIS finished */ - char *tcpdump_argv[] = { "/usr/sbin/tcpdump", "-i", wan_ifname, "-c", "4000", "-nn", "-w", WANCAP_FILE2, NULL}; - killall("tcpdump", SIGTERM); // kill first one if still alive - sleep(1); - _dprintf("[DDDDD] run tcpdump 2nd on %s!!\n", wan_ifname); - _eval(tcpdump_argv, NULL, 0, &pid); - sleep(1); - } -#endif - -#ifdef RTCONFIG_DUALWAN - pppoerelay_unit = wan_primary_ifunit(); - if (nvram_match("wans_mode", "lb") && get_nr_wan_unit() > 1) - pppoerelay_unit = nvram_get_int("pppoerelay_unit"); - if (unit == pppoerelay_unit) - start_pppoe_relay(wan_ifname); -#else - if (unit == wan_primary_ifunit()) - start_pppoe_relay(wan_ifname); -#endif - - enable_ip_forward(); - - update_wan_state(prefix, WAN_STATE_CONNECTING, 0); - -#ifdef RTCONFIG_SOFTWIRE46 - if (wan_proto != WAN_V6PLUS) { - stop_s46map_rptd(); - nvram_set_int("s46_hgw_case", S46_CASE_INIT); - } -#endif - /* - * Configure PPPoE connection. The PPPoE client will run - * ip-up/ip-down scripts upon link's connect/disconnect. - */ - switch (wan_proto) { - case WAN_PPPOE: - case WAN_PPTP: - case WAN_L2TP: - { - char ipaddr[sizeof("255.255.255.255")], netmask[sizeof("255.255.255.255")]; - int dhcpenable = nvram_get_int(strcat_r(prefix, "dhcpenable_x", tmp)); - int demand = nvram_get_int(strcat_r(prefix, "pppoe_idletime", tmp)) && - (wan_proto != WAN_L2TP); /* L2TP does not support idling */ -#if defined(RTCONFIG_PORT_BASED_VLAN) || defined(RTCONFIG_TAGGED_BASED_VLAN) - char ip_mask[sizeof("192.168.100.200/255.255.255.255XXX")]; -#endif - - snprintf(ipaddr, sizeof(ipaddr), "%s", nvram_safe_get(strcat_r(prefix, "xipaddr", tmp))); - snprintf(netmask, sizeof(netmask), "%s", nvram_safe_get(strcat_r(prefix, "xnetmask", tmp))); - - /* update demand option */ - nvram_set_int(strcat_r(prefix, "pppoe_demand", tmp), demand); - - if (dhcpenable == 0 && - inet_equal(ipaddr, netmask, - nvram_safe_get("lan_ipaddr"), nvram_safe_get("lan_netmask"))) { - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_INVALID_IPADDR); - return; - } - -#if defined(RTCONFIG_PORT_BASED_VLAN) || defined(RTCONFIG_TAGGED_BASED_VLAN) - /* If return value of test_and_get_free_char_network() is 1 and - * we got different IP/netmask from it, the WAN IP/netmask conflicts with known networks. - */ - if (!dhcpenable) { - snprintf(ip_mask, sizeof(ip_mask), "%s/%s", ipaddr, netmask); - if (test_and_get_free_char_network(7, ip_mask, EXCLUDE_NET_ALL_EXCEPT_LAN_VLAN) == 1) { - logmessage("start_wan_if", "%d, %s conflicts with known networks", unit, ip_mask); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_INVALID_IPADDR); - return; - } - } -#endif -#if defined(RTCONFIG_COOVACHILLI) - if (!dhcpenable) { - restart_coovachilli_if_conflicts(ipaddr, netmask); - } -#endif - /* Bring up WAN interface */ - ifconfig(wan_ifname, IFUP, ipaddr, netmask); - - /* Increase WAN interface's MTU to allow pppoe MTU/MRU over 1492 (with 8 byte overhead) */ - if (wan_proto == WAN_PPPOE) { - /* Compute maximum required MTU by taking the maximum of the pppoe MRU and MTU values */ - int mru = nvram_get_int(strcat_r(prefix, "pppoe_mru", tmp)); - mtu = nvram_get_int(strcat_r(prefix, "pppoe_mtu", tmp)); - if (mru > mtu) - mtu = mru; - if (mtu > 1492) { - if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) >= 0) { - /* First set parent device if vlan was configured */ - strncpy(ifv.device1, wan_ifname, IFNAMSIZ); - ifv.cmd = GET_VLAN_REALDEV_NAME_CMD; - if (ioctl(s, SIOCGIFVLAN, &ifv) >= 0) { - strncpy(ifr.ifr_name, ifv.u.device2, IFNAMSIZ); - ifr.ifr_mtu = mtu + 8; - if (ioctl(s, SIOCSIFMTU, &ifr)) { - perror(wan_ifname); - logmessage("start_wan_if()", "Error setting MTU on %s to %d", ifv.u.device2, mtu); - } - } - - /* Set WAN device */ - strncpy(ifr.ifr_name, wan_ifname, IFNAMSIZ); - ifr.ifr_mtu = mtu + 8; - if (ioctl(s, SIOCSIFMTU, &ifr)) { - perror(wan_ifname); - logmessage("start_wan_if()", "Error setting MTU on %s to %d", wan_ifname, mtu); - } - close(s); - } - } - } - - /* launch dhcp client and wait for lease forawhile */ - if (dhcpenable) { - start_udhcpc(wan_ifname, unit, - (wan_proto == WAN_PPPOE) ? &pid : NULL); - } else { - char gateway[16]; - - snprintf(gateway, sizeof(gateway), "%s", nvram_safe_get(strcat_r(prefix, "xgateway", tmp))); - - /* start firewall */ -// TODO: handle different lan_ifname - start_firewall(unit, 0); - - /* setup static wan routes via physical device */ - add_routes(prefix, "mroute", wan_ifname); - - /* and set default route if specified with metric 1 */ - if (inet_addr_(gateway) != INADDR_ANY && - !nvram_match(strcat_r(prefix, "heartbeat_x", tmp), "")) { - in_addr_t mask = inet_addr(netmask); - - /* the gateway is out of the local network */ - if ((inet_addr(gateway) & mask) != (inet_addr(ipaddr) & mask)) - route_add(wan_ifname, 2, gateway, NULL, "255.255.255.255"); - - /* default route via default gateway */ - route_add(wan_ifname, 2, "0.0.0.0", gateway, "0.0.0.0"); - } - - /* update resolv.conf */ - update_resolvconf(); - - /* start multicast router on Static+VPN physical interface */ - if (unit == wan_primary_ifunit()) - start_igmpproxy(wan_ifname); - } - -#if defined(HND_ROUTER) || defined(RTAC1200V2) - if (wan_proto == WAN_PPTP && !module_loaded("pptp")) - modprobe("pptp"); -#endif - -#if defined(RTCONFIG_TCPDUMP) && defined(RTCONFIG_SOC_IPQ40XX) && defined(RTCONFIG_PSISTLOG) - { - char *tcpdump_argv[] = { "/usr/sbin/tcpdump", "-i", wan_ifname, "-nnXw", "/jffs/pppoe.pcap", NULL}; - _eval(tcpdump_argv, NULL, 0, &pid); - sleep(1); - } -#endif /* RTCONFIG_TCPDUMP && RTCONFIG_SOC_IPQ40XX && RTCONFIG_PSISTLOG */ - - /* launch pppoe client daemon */ - start_pppd(unit); - - /* ppp interface name is referenced from this point - * after pppd start before ip-pre-up it will be empty */ - snprintf(wan_ifname, sizeof(wan_ifname), "%s", nvram_safe_get(strcat_r(prefix, "pppoe_ifname", tmp))); - - /* Pretend that the WAN interface is up */ - if (demand) { - int timeout = 5; - - /* Wait for pppx to be created */ - while (timeout--) { - /* ppp interface name is re-referenced from this point */ - snprintf(wan_ifname, sizeof(wan_ifname), "%s", nvram_safe_get(strcat_r(prefix, "pppoe_ifname", tmp))); - - if(strlen(wan_ifname) > 0 && ifconfig(wan_ifname, IFUP, NULL, NULL) == 0) - break; - _dprintf("%s: wait interface %s up at %d seconds...\n", __FUNCTION__, wan_ifname, timeout); - sleep(1); - } - - if(strlen(wan_ifname) <= 0){ - _dprintf("%s: no interface of wan_unit %d.\n", __FUNCTION__, unit); - return; - } - - /* Retrieve IP info */ - if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_SYSTEM_ERR); - return; - } - strncpy(ifr.ifr_name, wan_ifname, IFNAMSIZ); - - /* Set temporary IP address */ - if (ioctl(s, SIOCGIFADDR, &ifr)) - perror(wan_ifname); - nvram_set(strcat_r(prefix, "ipaddr", tmp), inet_ntoa(sin_addr(&ifr.ifr_addr))); - nvram_set(strcat_r(prefix, "netmask", tmp), "255.255.255.255"); - - /* Set temporary P-t-P address */ - if (ioctl(s, SIOCGIFDSTADDR, &ifr)) - perror(wan_ifname); - nvram_set(strcat_r(prefix, "gateway", tmp), inet_ntoa(sin_addr(&ifr.ifr_dstaddr))); - - close(s); - - /* - * Preset routes so that traffic can be sent to proper pppx even before - * the link is brought up. - */ - preset_wan_routes(wan_ifname); - - /* Trigger it up to obtain PPP DNS early */ - start_demand_ppp(unit, 0); - } - break; - } - - /* - * Configure DHCP connection. The DHCP client will run - * 'udhcpc bound'/'udhcpc deconfig' upon finishing IP address - * renew and release. - */ - case WAN_DHCP: - { -#if defined(RTCONFIG_BCM_7114) && defined(RTCONFIG_AMAS) && defined(RTCONFIG_ETHOBD) - if (nvram_get_int("x_Setting") == 0) { - if(strcmp(wan_ifname, nvram_safe_get("eth_ifnames"))) { - dbG("ifup:%s\n", nvram_safe_get("eth_ifnames")); - ifconfig(nvram_safe_get("eth_ifnames"), IFUP, NULL, NULL); - } - } -#endif - /* Bring up WAN interface */ - dbG("ifup:%s\n", wan_ifname); - ifconfig(wan_ifname, IFUP, NULL, NULL); - - /* MTU */ - if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) >= 0) { - mtu = nvram_get_int(strcat_r(prefix, "mtu", tmp)); - if ((mtu < 576) || (mtu > 9000)) - mtu = 1500; // Set a sane default value - - ifr.ifr_mtu = mtu; - strncpy(ifr.ifr_name, wan_ifname, IFNAMSIZ); - if (ioctl(s, SIOCSIFMTU, &ifr)) { - perror(wan_ifname); - logmessage("start_wan_if()","Error setting MTU on %s to %d", wan_ifname, mtu); - } - close(s); - } - - /* Start pre-authenticator */ - dbG("start auth:%d\n", unit); - start_auth(unit, 0); - - /* Start dhcp daemon */ - dbG("start udhcpc:%s, %d\n", wan_ifname, unit); - start_udhcpc(wan_ifname, unit, &pid); - break; - } - - /* Configure static IP connection. */ - case WAN_STATIC: - { -#if defined(RTCONFIG_PORT_BASED_VLAN) || defined(RTCONFIG_TAGGED_BASED_VLAN) - char ip_mask[sizeof("192.168.100.200/255.255.255.255XXX")]; -#endif - - if (inet_equal(nvram_safe_get(strcat_r(prefix, "ipaddr", tmp)), nvram_safe_get(strcat_r(prefix, "netmask", tmp)), - nvram_safe_get("lan_ipaddr"), nvram_safe_get("lan_netmask"))) { - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_INVALID_IPADDR); - return; - } - -#if defined(RTCONFIG_PORT_BASED_VLAN) || defined(RTCONFIG_TAGGED_BASED_VLAN) - /* If return value of test_and_get_free_char_network() is 1 and - * we got different IP/netmask from it, the WAN IP/netmask conflicts with known networks. - */ - snprintf(ip_mask, sizeof(ip_mask), "%s/%s", - nvram_pf_safe_get(prefix, "ipaddr"), nvram_pf_safe_get(prefix, "netmask")); - if (test_and_get_free_char_network(7, ip_mask, EXCLUDE_NET_ALL_EXCEPT_LAN_VLAN) == 1) { - logmessage("start_wan_if", "%d, %s conflicts with known networks", unit, ip_mask); - update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_INVALID_IPADDR); - return; - } -#endif -#if defined(RTCONFIG_COOVACHILLI) - restart_coovachilli_if_conflicts(nvram_pf_get(prefix, "ipaddr"), nvram_pf_get(prefix, "netmask")); -#endif - - /* Assign static IP address to i/f */ - ifconfig(wan_ifname, IFUP, - nvram_safe_get(strcat_r(prefix, "ipaddr", tmp)), - nvram_safe_get(strcat_r(prefix, "netmask", tmp))); - - /* Start pre-authenticator */ - start_auth(unit, 0); - -#ifdef RTCONFIG_DSL_REMOTE - if (get_dsl_prefix_by_wan_unit(unit, dsl_prefix, sizeof(dsl_prefix)) == 0) - ( - if (nvram_pf_match(dsl_prefix, "proto", "ipoa")) - start_ipoa(); -#endif - - /* MTU */ - if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) >= 0) { - mtu = nvram_get_int(strcat_r(prefix, "mtu", tmp)); - if ((mtu < 576) || (mtu > 9000)) - mtu = 1500; // Set a sane default value - - ifr.ifr_mtu = mtu; - strncpy(ifr.ifr_name, wan_ifname, IFNAMSIZ); - if (ioctl(s, SIOCSIFMTU, &ifr)) { - perror(wan_ifname); - logmessage("start_wan_if()","Error setting MTU on %s to %d", wan_ifname, mtu); - } - close(s); - } - - /* We are done configuration */ - wan_up(wan_ifname); - break; - } - - case WAN_BRIDGE: - { -#ifdef RTCONFIG_DSL -#ifdef RTCONFIG_DSL_BCM - if (nvram_get_int("switch_stb_x")) { - config_wan_bridge(STB_BR_IF, wan_ifname, 1); - } - else { - char *br_itf = nvram_safe_get("lan_ifname"); - config_wan_bridge(br_itf, wan_ifname, 1); - start_dhcpfilter(wan_ifname); - eval("bcmmcastctl", "mode", "-i", br_itf, "-p", "1", "-m", "1"); - eval("bcmmcastctl", "mode", "-i", br_itf, "-p", "2", "-m", "1"); - } -#else - if (nvram_get_int("wan2lan")) { - config_wan_bridge(nvram_safe_get("lan_ifname"), wan_ifname, 1); - } - else { - config_wan_bridge(STB_BR_IF, wan_ifname, 1); - } -#endif -#else - eval("brctl", "addif", nvram_safe_get("lan_ifname"), wan_ifname); - start_dhcpfilter(wan_ifname); -#ifdef HND_ROUTER - eval("bcmmcastctl", "mode", "-i", nvram_safe_get("lan_ifname"), "-p", "1", "-m", "1"); - eval("bcmmcastctl", "mode", "-i", nvram_safe_get("lan_ifname"), "-p", "2", "-m", "1"); -#endif -#endif - wan_up(wan_ifname); - break; - } - -#ifdef RTCONFIG_SOFTWIRE46 - /* Configure Softwire46 connection */ - case WAN_LW4O6: - case WAN_MAPE: - { - char tun_dev[IFNAMSIZ]; - - /* Bring up WAN interface */ - dbG("ifup:%s\n", wan_ifname); - ifconfig(wan_ifname, IFUP, NULL, NULL); - - /* tunnel interface name is referenced from this point */ - snprintf(tun_dev, sizeof(tun_dev), "v4tun%d", unit); - nvram_set(strcat_r(prefix, "pppoe_ifname", tmp), tun_dev); - - start_firewall(unit, 0); - - /* Postpone configuration */ - wan6_up(wan_ifname); - - break; - } - case WAN_V6PLUS: - { - char v6tun_dev[IFNAMSIZ]; - - nvram_set_int("s46_hgw_case", S46_CASE_INIT); - restart_s46map_rptd(); - - /* Bring up WAN interface */ - dbG("ifup:%s\n", wan_ifname); - ifconfig(wan_ifname, IFUP, NULL, NULL); - - /* Start pre-authenticator */ - dbG("start auth:%d\n", unit); - start_auth(unit, 0); - -#ifdef RTCONFIG_DSL - nvram_set(strcat_r(prefix, "clientid_type", tmp), nvram_safe_get("dslx_dhcp_clientid_type")); - nvram_set(strcat_r(prefix, "clientid", tmp), nvram_safe_get("dslx_dhcp_clientid")); - nvram_set(strcat_r(prefix, "vendorid", tmp), nvram_safe_get("dslx_dhcp_vendorid")); - nvram_set(strcat_r(prefix, "hostname", tmp), nvram_safe_get("dslx_dhcp_hostname")); -#endif - /* Start dhcp daemon */ - dbG("start udhcpc:%s, %d\n", wan_ifname, unit); - start_udhcpc(wan_ifname, unit, &pid); - - /* tunnel interface name is referenced from this point */ - snprintf(v6tun_dev, sizeof(v6tun_dev), "v4tun%d", unit); - nvram_set(strcat_r(prefix, "pppoe_ifname", tmp), v6tun_dev); - - start_firewall(unit, 0); - break; - } -#endif - } - } else { -#ifdef RTCONFIG_DUALWAN - _dprintf("%s(): Cound't find the type(%d) of unit(%d)!!!\n", __FUNCTION__, wan_type, unit); -#else - _dprintf("%s(): Cound't find the wan(%d)!!!\n", __FUNCTION__, unit); -#endif - } - - _dprintf("%s(): End.\n", __FUNCTION__); - -#ifdef RTCONFIG_IPSEC - if (nvram_get_int("ipsec_server_enable") || nvram_get_int("ipsec_client_enable") -#ifdef RTCONFIG_INSTANT_GUARD - || nvram_get_int("ipsec_ig_enable") -#endif - ) { - rc_ipsec_config_init(); - start_dnsmasq(); - } -#endif -} - -void -stop_wan_if(int unit) -{ -#if defined(RTCONFIG_DSL_REMOTE) - char dsl_prefix[16] = {0}; -#endif - char wan_ifname[16]; - char tmp[100], prefix[32]; - char wan_proto[16], active_proto[16]; -#ifdef RTCONFIG_USB_BECEEM - int i; - unsigned int uvid, upid; -#endif -#ifdef RTCONFIG_INTERNAL_GOBI - int modem_unit; - char tmp2[100], prefix2[32]; - char env_unit[32]; -#endif - int end_wan_sbstate = WAN_STOPPED_REASON_NONE; - -#ifdef RTCONFIG_MULTISERVICE_WAN - if(unit < WAN_UNIT_MAX && unit > WAN_UNIT_NONE) { //GENERIC WAN - int i = 1; - for(i = 1; i < WAN_MULTISRV_MAX; i++) { - stop_wan_if(get_ms_wan_unit(unit, i)); - } - } -#endif - - snprintf(prefix, sizeof(prefix), "wan%d_", unit); - -#if defined(RTCONFIG_JFFS2) || defined(RTCONFIG_BRCM_NAND_JFFS2) || defined(RTCONFIG_UBIFS) - if(get_wan_sbstate(unit) == WAN_STOPPED_REASON_DATALIMIT) - end_wan_sbstate = WAN_STOPPED_REASON_DATALIMIT; -#endif - - update_wan_state(prefix, WAN_STATE_STOPPING, end_wan_sbstate); - - /* Backup active wan_proto for later restore, if it have been updated by ui */ - snprintf(active_proto, sizeof(active_proto), "%s", nvram_safe_get(strcat_r(prefix, "proto", tmp))); - - /* Set previous wan_proto as active */ - snprintf(wan_proto, sizeof(wan_proto), "%s", nvram_safe_get(strcat_r(prefix, "proto_t", tmp))); - if (*wan_proto && strcmp(active_proto, wan_proto) != 0) { - stop_iQos(); // clean all tc rules - _dprintf("%s %sproto_t=%s\n", __FUNCTION__, prefix, wan_proto); - nvram_set(strcat_r(prefix, "proto", tmp), wan_proto); - nvram_unset(strcat_r(prefix, "proto_t", tmp)); - } - - snprintf(wan_ifname, sizeof(wan_ifname), "%s", nvram_safe_get(strcat_r(prefix, "ifname", tmp))); - - // Handel for each interface - if(unit == wan_primary_ifunit()){ - killall_tk("stats"); -#ifndef RTCONFIG_NTPD - killall_tk("ntpclient"); -#endif - - /* Shutdown and kill all possible tasks */ -#if 0 - killall_tk("ip-up"); - killall_tk("ip-down"); - killall_tk("ip-pre-up"); -#ifdef RTCONFIG_IPV6 - killall_tk("ipv6-up"); - killall_tk("ipv6-down"); -#endif - killall_tk("auth-fail"); -#endif - -#ifdef RTCONFIG_MULTICAST_IPTV - if (nvram_get_int("switch_stb_x") > 6 && unit == WAN_UNIT_IPTV) -#endif - stop_igmpproxy(); - } - -#ifdef RTCONFIG_MULTISERVICE_WAN - if(unit < WAN_UNIT_MAX && unit > WAN_UNIT_NONE) //GENERIC WAN -#endif - { -#ifdef RTCONFIG_OPENVPN - stop_ovpn_eas(); -#endif - -#ifdef RTCONFIG_VPNC - /* Stop VPN client */ - stop_vpnc(); -#endif - } - - switch (get_wan_proto(prefix)) { - case WAN_L2TP: - kill_pidfile_tk("/var/run/l2tpd.pid"); - usleep(1000*1000); - break; -#ifdef RTCONFIG_SOFTWIRE46 - case WAN_LW4O6: - case WAN_MAPE: - case WAN_V6PLUS: - wan6_down(wan_ifname); - break; -#endif - } - - /* Stop pppd */ - stop_pppd(unit); - - /* Stop post-authenticator */ - stop_auth(unit, 1); - - /* Stop dhcp client */ - stop_udhcpc(unit); - - /* Stop pre-authenticator */ - stop_auth(unit, 0); - -#if 1 - /* Clean WAN interface */ - snprintf(wan_ifname, sizeof(wan_ifname), "%s", nvram_safe_get(strcat_r(prefix, "ifname", tmp))); - if (*wan_ifname && *wan_ifname != '/') { -#ifdef RTCONFIG_IPV6 - disable_ipv6(wan_ifname); -#endif - ifconfig(wan_ifname, IFUP, "0.0.0.0", NULL); - } -#else - /* Bring down WAN interfaces */ - // Does it have to? - snprintf(wan_ifname, sizeof(wan_ifname), "%s", nvram_safe_get(strcat_r(prefix, "ifname", tmp))); -#ifdef RTCONFIG_USB_MODEM - if(strncmp(wan_ifname, "/dev/tty", 8)) -#endif - { - if(strlen(wan_ifname) > 0){ -#ifdef RTCONFIG_SOC_IPQ40XX - if (strcmp(wan_ifname, "eth0") == 0) - ifconfig(wan_ifname, IFUP, "0.0.0.0", NULL); - else -#elif defined(RTCONFIG_SWITCH_QCA8075_QCA8337_PHY_AQR107_AR8035_QCA8033) - if (strcmp(wan_ifname, "eth5") == 0) - ifconfig(wan_ifname, IFUP, "0.0.0.0", NULL); - else -#endif - ifconfig(wan_ifname, 0, NULL, NULL); -#ifdef RTCONFIG_RALINK -#elif defined(RTCONFIG_QCA) -#else - if(!strncmp(wan_ifname, "eth", 3) || !strncmp(wan_ifname, "vlan", 4)) - ifconfig(wan_ifname, IFUP, "0.0.0.0", NULL); -#endif - } - } -#endif - -#ifdef RTCONFIG_DSL_REMOTE - if (get_dsl_prefix_by_wan_unit(unit, dsl_prefix, sizeof(dsl_prefix)) == 0) - { - if (nvram_pf_match(dsl_prefix, "proto", "ipoa")) - stop_ipoa(); - } -#endif - - if (!strcmp(wan_proto, "bridge")) { -#ifdef RTCONFIG_DSL -#ifdef RTCONFIG_DSL_BCM - if (nvram_get_int("switch_stb_x")) { - config_wan_bridge(STB_BR_IF, wan_ifname, 0); - } - else { - eval("brctl", "delif", nvram_safe_get("lan_ifname"), wan_ifname); - } - stop_dhcpfilter(wan_ifname); -#else - if (nvram_get_int("wan2lan")) { - config_wan_bridge(nvram_safe_get("lan_ifname"), wan_ifname, 0); - } - else { - config_wan_bridge(STB_BR_IF, wan_ifname, 0); - } -#endif -#else - stop_dhcpfilter(wan_ifname); - eval("brctl", "delif", nvram_safe_get("lan_ifname"), wan_ifname); -#endif - } - -#ifdef RTCONFIG_USB_MODEM - if (dualwan_unit__usbif(unit)) { -#ifdef RTCONFIG_USB_BECEEM - if(is_usb_modem_ready(get_dualwan_by_unit(unit)) == 1){ - if(pids("wimaxd")) - eval("wimaxc", "disconnect"); - } - - if(pids("wimaxd")){ - killall("wimaxd", SIGTERM); - killall("wimaxd", SIGUSR1); - } - - uvid = nvram_get_int("usb_modem_act_vid"); - upid = nvram_get_int("usb_modem_act_pid"); - - if(is_samsung_dongle(1, uvid, upid)){ - i = 0; - while(i < 3){ - if(pids("madwimax")){ - killall_tk("madwimax"); - sleep(1); - - ++i; - } - else - break; - } - - modprobe_r("tun"); - - nvram_set(strcat_r(prefix, "ifname", tmp), ""); - } - else if(is_gct_dongle(1, uvid, upid)){ - i = 0; - while(i < 3){ - if(pids("gctwimax")){ - killall_tk("gctwimax"); - sleep(1); - - ++i; - } - else - break; - } - unlink(WIMAX_CONF); - - modprobe_r("tun"); - - nvram_set(strcat_r(prefix, "ifname", tmp), ""); - } -#endif /* RTCONFIG_USB_BECEEM */ - -#ifdef RTCONFIG_INTERNAL_GOBI - modem_unit = get_modemunit_by_type(get_dualwan_by_unit(unit)); - usb_modem_prefix(modem_unit, prefix2, sizeof(prefix2)); - snprintf(env_unit, sizeof(env_unit), "unit=%d", modem_unit); - - if(!strcmp(nvram_safe_get(strcat_r(prefix2, "act_type", tmp2)), "gobi")){ - putenv(env_unit); -#ifdef RT4GAC86U - system("/usr/sbin/modem_stop.sh >> /tmp/usb.log"); -#else - char *const modem_argv[] = {"/usr/sbin/modem_stop.sh", NULL}; - _eval(modem_argv, ">>/tmp/usb.log", 0, NULL); -#endif - unsetenv("unit"); - } -#endif - } - -#ifdef RTCONFIG_GETREALIP -#ifdef RTCONFIG_DUALWAN - if(nvram_invmatch("wans_mode", "lb")) -#endif - { - nvram_set(strcat_r(prefix, "realip_state", tmp), "0"); - nvram_set(strcat_r(prefix, "realip_ip", tmp), ""); - } -#endif - - if(dualwan_unit__usbif(unit)) - update_wan_state(prefix, WAN_STATE_INITIALIZING, end_wan_sbstate); - else -#endif // RTCONFIG_USB_MODEM - update_wan_state(prefix, WAN_STATE_STOPPED, end_wan_sbstate); - - // wait for release finished ? -#ifdef RTCONFIG_MULTISERVICE_WAN - if(unit < WAN_UNIT_MAX && unit > WAN_UNIT_NONE) //GENERIC WAN -#endif - if (!g_reboot) - sleep(2); - - /* Restore active wan_proto value */ - _dprintf("%s %sproto=%s\n", __FUNCTION__, prefix, active_proto); - nvram_set(strcat_r(prefix, "proto", tmp), active_proto); -} - -int update_resolvconf(void) -{ - FILE *fp, *fp_servers; - char tmp[100], prefix[sizeof("wanXXXXXXXXXX_")]; - char *wan_dns, *wan_domain, *next; - char wan_dns_buf[INET6_ADDRSTRLEN*3 + 3], wan_domain_buf[256]; - char *wan_xdns, *wan_xdomain; - char wan_xdns_buf[sizeof("255.255.255.255 ")*2], wan_xdomain_buf[256]; - char domain[64], *next_domain; - int primary_unit = wan_primary_ifunit(); - int unit, lock; -#ifdef RTCONFIG_YANDEXDNS - int yadns_mode = nvram_get_int("yadns_enable_x") ? nvram_get_int("yadns_mode") : YADNS_DISABLED; -#endif -#ifdef RTCONFIG_DNSPRIVACY - int dnspriv_enable = nvram_get_int("dnspriv_enable"); -#endif - -#if defined(RTCONFIG_VPNC) || (RTCONFIG_VPN_FUSION) - if (is_vpnc_dns_active()) - return 0; -#endif - - lock = file_lock("resolv"); - - if (!(fp = fopen("/tmp/resolv.conf", "w+"))) { - perror("/tmp/resolv.conf"); - goto error; - } - if (!(fp_servers = fopen("/tmp/resolv.dnsmasq", "w+"))) { - perror("/tmp/resolv.dnsmasq"); - fclose(fp); - goto error; - } -#if defined(RTCONFIG_IPV6) && (defined(RTAX82_XD6) || defined(RTAX82_XD6S)) - if (!strncmp(nvram_safe_get("territory_code"), "CH", 2) && - ipv6_enabled() && - nvram_match(ipv6_nvname("ipv6_only"), "1")) - goto NOIP; -#endif - { - for (unit = WAN_UNIT_FIRST; unit < WAN_UNIT_MAX; unit++) { - snprintf(prefix, sizeof(prefix), "wan%d_", unit); - wan_dns = nvram_safe_get_r(strcat_r(prefix, "dns", tmp), wan_dns_buf, sizeof(wan_dns_buf)); - wan_xdns = nvram_safe_get_r(strcat_r(prefix, "xdns", tmp), wan_xdns_buf, sizeof(wan_xdns_buf)); - - if (!*wan_dns && !*wan_xdns) - continue; - -#ifdef RTCONFIG_DUALWAN - /* skip disconnected WANs in LB mode */ - if (nvram_match("wans_mode", "lb")) { - if (!is_phy_connect(unit)) - continue; - } else - /* skip non-primary WANs except not fully connected in FB mode */ - if (nvram_match("wans_mode", "fb")) { - if (unit != primary_unit && *wan_dns) - continue; - } else -#endif - /* skip non-primary WANs */ - if (unit != primary_unit) - continue; - - foreach(tmp, (*wan_dns ? wan_dns : wan_xdns), next) - fprintf(fp, "nameserver %s\n", tmp); - - do { -#ifdef RTCONFIG_YANDEXDNS - if (yadns_mode != YADNS_DISABLED) - break; -#endif -#ifdef RTCONFIG_DNSPRIVACY - if (dnspriv_enable) - break; -#endif -#if defined(RTCONFIG_WIREGUARD) && !defined(RTCONFIG_VPN_FUSION) - if (write_wgc_resolv_dnsmasq(fp_servers)) - break; -#endif -#ifdef RTCONFIG_DUALWAN - /* Skip not fully connected WANs in LB mode */ - if (nvram_match("wans_mode", "lb") && !*wan_dns) - break; -#endif -#ifdef RTCONFIG_OPENVPN - /* We have a client with DNS set to Exclusive and routing set to All */ - if (ovpn_skip_dnsmasq()) - break; -#endif - - foreach(tmp, (*wan_dns ? wan_dns : wan_xdns), next) - { - fprintf(fp_servers, "server=%s\n", tmp); - } - } while (0); - - wan_domain = nvram_safe_get_r(strcat_r(prefix, "domain", tmp), wan_domain_buf, sizeof(wan_domain_buf)); - foreach (tmp, wan_dns, next) { - foreach(domain, wan_domain, next_domain) - fprintf(fp_servers, "server=/%s/%s\n", domain, tmp); -#ifdef RTCONFIG_YANDEXDNS - if (yadns_mode != YADNS_DISABLED) - fprintf(fp_servers, "server=/%s/%s\n", "local", tmp); -#endif - } - - wan_xdomain = nvram_safe_get_r(strcat_r(prefix, "xdomain", tmp), wan_xdomain_buf, sizeof(wan_xdomain_buf)); - foreach (tmp, wan_xdns, next) { - int new = (find_word(wan_dns, tmp) == NULL); - foreach (domain, wan_xdomain, next_domain) { - if (new || find_word(wan_domain, domain) == NULL) - fprintf(fp_servers, "server=/%s/%s\n", domain, tmp); - } -#ifdef RTCONFIG_YANDEXDNS - if (yadns_mode != YADNS_DISABLED && new) - fprintf(fp_servers, "server=/%s/%s\n", "local", tmp); -#endif - } - } - -#ifdef RTCONFIG_MULTISERVICE_WAN - for (unit = 1; unit < WAN_MULTISRV_MAX; unit++) { - snprintf(prefix, sizeof(prefix), "wan%d_", get_ms_wan_unit(primary_unit, unit)); - wan_dns = nvram_safe_get_r(strcat_r(prefix, "dns", tmp), wan_dns_buf, sizeof(wan_dns_buf)); - wan_xdns = nvram_safe_get_r(strcat_r(prefix, "xdns", tmp), wan_xdns_buf, sizeof(wan_xdns_buf)); - - if (!*wan_dns && !*wan_xdns) - continue; - - foreach(tmp, (*wan_dns ? wan_dns : wan_xdns), next) { - fprintf(fp, "nameserver %s\n", tmp); - fprintf(fp_servers, "server=%s\n", tmp); -#ifdef RTCONFIG_YANDEXDNS - if (yadns_mode != YADNS_DISABLED) - fprintf(fp_servers, "server=/%s/%s\n", "local", tmp); -#endif - } - } -#endif - } - -/* Add DNS from VPN clients - add at the end since config is read backward by dnsmasq */ -#if defined(RTCONFIG_OPENVPN) && !defined(RTCONFIG_VPN_FUSION) - write_ovpn_resolv_dnsmasq(fp_servers); -#endif - -#ifdef RTCONFIG_YANDEXDNS - if (yadns_mode != YADNS_DISABLED) { - char *server[2]; - int count = get_yandex_dns(AF_INET, yadns_mode, server, sizeof(server)/sizeof(server[0])); - for (unit = 0; unit < count; unit++) { - fprintf(fp_servers, "server=%s\n", server[unit]); - fprintf(fp_servers, "server=%s#%u\n", server[unit], YADNS_DNSPORT); - } - } else -#endif -#ifdef RTCONFIG_DNSPRIVACY - if (dnspriv_enable) { - if (!nvram_get_int("dns_local_cache")) - fprintf(fp, "nameserver %s\n", "127.0.1.1"); - fprintf(fp_servers, "server=%s\n", "127.0.1.1"); - } else -#endif -#if (defined(RTAX82_XD6) || defined(RTAX82_XD6S)) -NOIP: -#endif -#ifdef RTCONFIG_IPV6 - if (ipv6_enabled() && is_routing_enabled()) { - struct in6_addr addr; - - /* TODO: Skip unconnected wan */ - - switch (get_ipv6_service()) { - case IPV6_NATIVE_DHCP: -#ifdef RTCONFIG_6RELAYD - case IPV6_PASSTHROUGH: -#endif - if (nvram_get_int(ipv6_nvname("ipv6_dnsenable"))) { - wan_dns = nvram_safe_get_r(ipv6_nvname("ipv6_get_dns"), wan_dns_buf, sizeof(wan_dns_buf)); - wan_domain = nvram_safe_get_r(ipv6_nvname("ipv6_get_domain"), wan_domain_buf, sizeof(wan_domain_buf)); -#if 0 - //FIXME: workaround, as odhcp6c cannot receive DNS info due to no IA_NA in 'Advertise' packets. - snprintf(prefix, sizeof(prefix), "wan%d_", wan_primary_ifunit()); - if (get_wan_proto(prefix) == WAN_V6PLUS && - nvram_get_int("s46_hgw_case") == S46_CASE_MAP_HGW_OFF && - !strcmp(wan_dns_buf, "")) { - wan_dns = strcpy(wan_dns_buf, "2404:1a8:7f01:b::3 2404:1a8:7f01:a::3"); - } -#endif - break; - } - /* fall through */ - default: - wan_dns = strcpy(wan_dns_buf, ""); - wan_domain = ""; - for (unit = 1; unit <= 3; unit++) { - snprintf(tmp, sizeof(tmp), "ipv6_dns%d", unit); - if (*wan_dns_buf) - strlcat(wan_dns_buf, " ", sizeof(wan_dns_buf)); - strlcat(wan_dns_buf, nvram_safe_get(ipv6_nvname(tmp)), sizeof(wan_dns_buf)); - } - } - - foreach(tmp, wan_dns, next) { - if (inet_pton(AF_INET6, tmp, &addr) <= 0) - continue; - foreach(domain, wan_domain, next_domain) - fprintf(fp_servers, "server=/%s/%s\n", domain, tmp); -#ifdef RTCONFIG_YANDEXDNS - if (yadns_mode != YADNS_DISABLED) { - fprintf(fp_servers, "server=/%s/%s\n", "local", tmp); - continue; - } -#endif -#ifdef RTCONFIG_DNSPRIVACY - if (dnspriv_enable) - continue; -#endif - fprintf(fp, "nameserver %s\n", tmp); - fprintf(fp_servers, "server=%s\n", tmp); - } - -#ifdef RTCONFIG_YANDEXDNS - if (yadns_mode != YADNS_DISABLED) { - char *server[2]; - int count = get_yandex_dns(AF_INET6, yadns_mode, server, sizeof(server)/sizeof(server[0])); - for (unit = 0; unit < count; unit++) { - fprintf(fp_servers, "server=%s\n", server[unit]); - fprintf(fp_servers, "server=%s#%u\n", server[unit], YADNS_DNSPORT); - } - } -#endif - } -#endif - - fclose(fp); - fclose(fp_servers); - file_unlock(lock); - -#ifdef RTCONFIG_OPENVPN - if (ovpn_need_dnsmasq_restart()) - start_dnsmasq(); // add strict-order - else -#endif - reload_dnsmasq(); - - return 0; - -error: - file_unlock(lock); - return -1; -} - -/* List of IP address blocks which are private / reserved and therefore not suitable for public external IP addresses */ -/* If interface has IP address from one of this block, then it is either behind NAT or port forwarding is impossible */ -#define IP(a, b, c, d) (((a) << 24) + ((b) << 16) + ((c) << 8) + (d)) -#define MSK(m) (32-(m)) -static const struct { uint32_t address; uint32_t rmask; } reserved[] = { - { IP( 0, 0, 0, 0), MSK( 8) }, /* RFC1122 "This host on this network" */ - { IP( 10, 0, 0, 0), MSK( 8) }, /* RFC1918 Private-Use */ - { IP(100, 64, 0, 0), MSK(10) }, /* RFC6598 Shared Address Space */ - { IP(127, 0, 0, 0), MSK( 8) }, /* RFC1122 Loopback */ - { IP(169, 254, 0, 0), MSK(16) }, /* RFC3927 Link-Local */ - { IP(172, 16, 0, 0), MSK(12) }, /* RFC1918 Private-Use */ - { IP(192, 0, 0, 0), MSK(24) }, /* RFC6890 IETF Protocol Assignments */ - { IP(192, 0, 2, 0), MSK(24) }, /* RFC5737 Documentation (TEST-NET-1) */ - { IP(192, 31, 196, 0), MSK(24) }, /* RFC7535 AS112-v4 */ - { IP(192, 52, 193, 0), MSK(24) }, /* RFC7450 AMT */ - { IP(192, 88, 99, 0), MSK(24) }, /* RFC7526 6to4 Relay Anycast */ - { IP(192, 168, 0, 0), MSK(16) }, /* RFC1918 Private-Use */ - { IP(192, 175, 48, 0), MSK(24) }, /* RFC7534 Direct Delegation AS112 Service */ - { IP(198, 18, 0, 0), MSK(15) }, /* RFC2544 Benchmarking */ - { IP(198, 51, 100, 0), MSK(24) }, /* RFC5737 Documentation (TEST-NET-2) */ - { IP(203, 0, 113, 0), MSK(24) }, /* RFC5737 Documentation (TEST-NET-3) */ - { IP(224, 0, 0, 0), MSK( 4) }, /* RFC1112 Multicast */ - { IP(240, 0, 0, 0), MSK( 4) }, /* RFC1112 Reserved for Future Use + RFC919 Limited Broadcast */ -}; -#undef IP -#undef MSK - -int -addr_is_reserved(struct in_addr * addr) -{ - uint32_t address = ntohl(addr->s_addr); - size_t i; - - for (i = 0; i < sizeof(reserved)/sizeof(reserved[0]); ++i) { - if ((address >> reserved[i].rmask) == (reserved[i].address >> reserved[i].rmask)) - return 1; - } - - return 0; -} - -#ifdef RTCONFIG_IPV6 -void wan6_up(const char *pwan_ifname) -{ - char addr6[INET6_ADDRSTRLEN + 4]; - struct in_addr addr4; - struct in6_addr addr; - char wan_ifname[16]; - char gateway[INET6_ADDRSTRLEN]; - int mtu, service, accept_defrtr; -#if defined(RTCONFIG_SOFTWIRE46) || (defined(RTAX82_XD6) || defined(RTAX82_XD6S)) - char prefix[sizeof("wanXXXXXXXXXX_")]; - int wan_unit; -#endif -#ifdef RTCONFIG_SOFTWIRE46 - char tmp[100]; -#endif - - if (!pwan_ifname || *pwan_ifname == '\0') - return; - - /* Value of pwan_ifname can be modfied after do_dns_detect */ - strlcpy(wan_ifname, pwan_ifname, sizeof(wan_ifname)); - - service = get_ipv6_service(); - switch (service) { - case IPV6_NATIVE_DHCP: -#ifdef RTCONFIG_6RELAYD - case IPV6_PASSTHROUGH: -#endif - accept_defrtr = service == IPV6_NATIVE_DHCP && /* limit to native by now */ - nvram_match(ipv6_nvname("ipv6_ifdev"), "ppp") ? - nvram_get_int(ipv6_nvname("ipv6_accept_defrtr")) : 1; - ipv6_sysconf(wan_ifname, "accept_ra", 1); - ipv6_sysconf(wan_ifname, "accept_ra_defrtr", accept_defrtr); - ipv6_sysconf(wan_ifname, "forwarding", 0); - break; - case IPV6_MANUAL: - ipv6_sysconf(wan_ifname, "accept_ra", 0); - ipv6_sysconf(wan_ifname, "forwarding", 1); - break; - case IPV6_6RD: - update_6rd_info(); - break; - case IPV6_DISABLED: - return; - } - - set_intf_ipv6_dad(wan_ifname, 0, 1); - - switch (service) { -#ifdef RTCONFIG_6RELAYD - case IPV6_PASSTHROUGH: - start_6relayd(); - /* fall through */ -#endif - case IPV6_NATIVE_DHCP: - start_rdisc6(); - start_dhcp6c(); - - if (nvram_match(ipv6_nvname("ipv6_ifdev"), "ppp")) { - strlcpy(gateway, nvram_safe_get(ipv6_nvname("ipv6_llremote")), sizeof(gateway)); - if (/* gateway && */ *gateway) - _ipv6_route_add(wan_ifname, 0, "::/0", gateway, RTF_DEFAULT | RTF_ADDRCONF); - } - - /* propagate ipv6 mtu */ - mtu = ipv6_getconf(wan_ifname, "mtu"); - if (mtu) - ipv6_sysconf(nvram_safe_get("lan_ifname"), "mtu", mtu); - break; - - case IPV6_MANUAL: - if (nvram_match(ipv6_nvname("ipv6_ipaddr"), (char*)ipv6_router_address(NULL))) { - dbG("WAN IPv6 address is the same as LAN IPv6 address!\n"); - break; - } - snprintf(addr6, sizeof(addr6), "%s/%d", nvram_safe_get(ipv6_nvname("ipv6_ipaddr")), nvram_get_int(ipv6_nvname("ipv6_prefix_len_wan"))); - eval("ip", "-6", "addr", "add", addr6, "dev", (char *)wan_ifname); - eval("ip", "-6", "route", "del", "::/0"); - - strlcpy(gateway, nvram_safe_get(ipv6_nvname("ipv6_gateway")), sizeof(gateway)); - if (/* gateway && */ *gateway) { - eval("ip", "-6", "route", "add", gateway, "dev", (char *)wan_ifname, "metric", "1"); - eval("ip", "-6", "route", "add", "::/0", "via", gateway, "dev", (char *)wan_ifname, "metric", "1"); - } else if (nvram_match(ipv6_nvname("ipv6_ifdev"), "ppp")) { - strlcpy(gateway, nvram_safe_get(ipv6_nvname("ipv6_llremote")), sizeof(gateway)); - if (/* gateway && */ *gateway) - _ipv6_route_add(wan_ifname, 0, "::/0", gateway, RTF_DEFAULT | RTF_ADDRCONF); - } - - /* propagate ipv6 mtu */ - mtu = ipv6_getconf(wan_ifname, "mtu"); - if (mtu) - ipv6_sysconf(nvram_safe_get("lan_ifname"), "mtu", mtu); - -#ifdef RTCONFIG_SOFTWIRE46 - int wan_proto = -1; - wan_unit = wan_primary_ifunit(); - snprintf(prefix, sizeof(prefix), "wan%d_", wan_unit); - switch (wan_proto = get_wan_proto(prefix)) { - char peerbuf[INET6_ADDRSTRLEN]; - char addr6buf[INET6_ADDRSTRLEN]; - char addr4buf[INET_ADDRSTRLEN + sizeof("/32")]; - char *rules, *type; - int prefix4len, ealen, offset, psidlen, psid, draft; - long rsp_code = 0; - case WAN_LW4O6: - if (nvram_get_int(strcat_r(prefix, "dhcpenble_x", tmp))) - break; - type = "lw4o6"; - prefix4len = 32; - ealen = -1; - draft = 0; - goto s46_maprules; - case WAN_MAPE: - if (nvram_get_int(strcat_r(prefix, "dhcpenble_x", tmp))) - break; - type = "map-e"; - prefix4len = nvram_get_int(strcat_r(prefix, "s46_prefix4len_x", tmp)); - ealen = nvram_get_int(strcat_r(prefix, "s46_ealen_x", tmp)); - draft = 0; - goto s46_maprules; - case WAN_V6PLUS: - draft = 1; - if (nvram_get_int(strcat_r(prefix, "dhcpenble_x", tmp))) { - rules = s46_jpne_maprules(NULL, NULL, 0, &rsp_code); - goto s46_mapcalc; - } - type = "map-e"; - prefix4len = nvram_get_int(strcat_r(prefix, "s46_prefix4len_x", tmp)); - ealen = nvram_get_int(strcat_r(prefix, "s46_ealen_x", tmp)); - s46_maprules: - if (asprintf(&rules, - "type=%s,ipv6prefix=%s,prefix6len=%d,ipv4prefix=%s,prefix4len=%d," - "ealen=%d,offset=%d,psidlen=%d,psid=%d,br=%s", - type, - nvram_safe_get(strcat_r(prefix, "s46_prefix6_x", tmp)), - nvram_get_int(strcat_r(prefix, "s46_prefix6len_x", tmp)), - nvram_safe_get(strcat_r(prefix, "s46_prefix4_x", tmp)), - prefix4len, ealen, - nvram_get_int(strcat_r(prefix, "s46_offset_x", tmp)), - nvram_get_int(strcat_r(prefix, "s46_psidlen_x", tmp)), - nvram_get_int(strcat_r(prefix, "s46_psid_x", tmp)), - nvram_safe_get(strcat_r(prefix, "s46_peer_x", tmp))) < 0) { - rules = NULL; - } - s46_mapcalc: - if (s46_mapcalc(wan_proto, rules, peerbuf, sizeof(peerbuf), addr6buf, sizeof(addr6buf), - addr4buf, sizeof(addr4buf), &offset, &psidlen, &psid, NULL, draft) <= 0) { - peerbuf[0] = addr6buf[0] = addr4buf[0] = '\0'; - offset = 0, psidlen = 0, psid = 0; - } - free(rules); - nvram_set(ipv6_nvname("ipv6_s46_peer"), peerbuf); - nvram_set(ipv6_nvname("ipv6_s46_addr6"), addr6buf); - nvram_set(ipv6_nvname("ipv6_s46_addr4"), addr4buf); - nvram_set(ipv6_nvname("ipv6_s46_fmrs"), ""); - nvram_set_int(ipv6_nvname("ipv6_s46_offset"), offset); - nvram_set_int(ipv6_nvname("ipv6_s46_psidlen"), psidlen); - nvram_set_int(ipv6_nvname("ipv6_s46_psid"), psid); - stop_s46_tunnel(wan_unit, 0); - start_s46_tunnel(wan_unit); - break; - } -#endif - - /* workaround to update ndp entry for now */ - char *ping6_argv[] = {"ping6", "-c", "2", "-I", (char *)wan_ifname, "ff02::1", NULL}; - char *ping6_argv2[] = {"ping6", "-c", "2", gateway, NULL}; - pid_t pid; - _eval(ping6_argv, NULL, 0, &pid); - _eval(ping6_argv2, NULL, 0, &pid); - break; - - case IPV6_6TO4: - case IPV6_6IN4: - case IPV6_6RD: - stop_ipv6_tunnel(); - if (service == IPV6_6TO4) { - int prefixlen = 16; - int mask4size = 0; - - /* prefix */ - addr4.s_addr = 0; - memset(&addr, 0, sizeof(addr)); - inet_aton(get_wanip(), &addr4); - if (addr_is_reserved(&addr4)) - return; - addr.s6_addr16[0] = htons(0x2002); - prefixlen = ipv6_mapaddr4(&addr, prefixlen, &addr4, mask4size); - //addr4.s_addr = htonl(0x00000001); - //prefixlen = ipv6_mapaddr4(&addr, prefixlen, &addr4, (32 - 16)); - inet_ntop(AF_INET6, &addr, addr6, sizeof(addr6)); - nvram_set(ipv6_nvname("ipv6_prefix"), addr6); - nvram_set_int(ipv6_nvname("ipv6_prefix_length"), prefixlen); - - /* address */ - addr.s6_addr16[7] |= htons(0x0001); - inet_ntop(AF_INET6, &addr, addr6, sizeof(addr6)); - nvram_set(ipv6_nvname("ipv6_rtr_addr"), addr6); - } - else if (service == IPV6_6RD) { - int prefixlen = nvram_get_int(ipv6_nvname("ipv6_6rd_prefixlen")); - int masklen = nvram_get_int(ipv6_nvname("ipv6_6rd_ip4size")); - - /* prefix */ - addr4.s_addr = 0; - memset(&addr, 0, sizeof(addr)); - inet_aton(get_wanip(), &addr4); - inet_pton(AF_INET6, nvram_safe_get(ipv6_nvname("ipv6_6rd_prefix")), &addr); - prefixlen = ipv6_mapaddr4(&addr, prefixlen, &addr4, masklen); - //addr4.s_addr = htonl(0x00000001); - //prefixlen = ipv6_mapaddr4(&addr, prefixlen, &addr4, (32 - 1)); - inet_ntop(AF_INET6, &addr, addr6, sizeof(addr6)); - nvram_set(ipv6_nvname("ipv6_prefix"), addr6); - nvram_set_int(ipv6_nvname("ipv6_prefix_length"), prefixlen); - - /* address */ - addr.s6_addr16[7] |= htons(0x0001); - inet_ntop(AF_INET6, &addr, addr6, sizeof(addr6)); - nvram_set(ipv6_nvname("ipv6_rtr_addr"), addr6); - } - start_ipv6_tunnel(); - - /* propagate ipv6 mtu */ - mtu = ipv6_getconf(wan_ifname, "mtu"); - if (mtu) - ipv6_sysconf(nvram_safe_get("lan_ifname"), "mtu", mtu); - // FIXME: give it a few seconds for DAD completion - sleep(2); - break; - } -#if (defined(RTAX82_XD6) || defined(RTAX82_XD6S)) - if ((wan_unit = wan_ifunit(wan_ifname)) != -1) { - if (!strncmp(nvram_safe_get("territory_code"), "CH", 2) && - ipv6_enabled() && - nvram_match(ipv6_nvname("ipv6_only"), "1")) { - snprintf(prefix, sizeof(prefix), "wan%d_", wan_unit); - update_wan_state(prefix, WAN_STATE_CONNECTED, 0); - } - } -#endif -#if 0 - start_ecmh(wan_ifname); -#endif - switch (service) { - case IPV6_NATIVE_DHCP: - case IPV6_MANUAL: -#ifdef RTCONFIG_6RELAYD - case IPV6_PASSTHROUGH: -#endif - start_mldproxy(wan_ifname); - break; - } - -#ifdef RTCONFIG_HTTPS - start_httpd_ipv6(); -#endif - -#ifdef RTCONFIG_OPENVPN - stop_ovpn_serverall(); - start_ovpn_serverall(); -#endif -} - -void wan6_down(const char *wan_ifname) -{ - set_intf_ipv6_dad(wan_ifname, 0, 0); - stop_rdisc6(); -#if 0 - stop_ecmh(); -#endif - stop_mldproxy(); -#ifdef RTCONFIG_6RELAYD - stop_6relayd(); -#endif - stop_dhcp6c(); - stop_ipv6_tunnel(); -#ifdef RTCONFIG_SOFTWIRE46 - stop_s46_tunnel(wan_primary_ifunit(), 1); -#endif - - update_resolvconf(); -} - -void start_wan6(void) -{ - char prefix[sizeof("wanXXXXXXXXXX_")]; - int wan_proto; - - switch (get_ipv6_service()) { - case IPV6_NATIVE_DHCP: - case IPV6_MANUAL: -#ifdef RTCONFIG_6RELAYD - case IPV6_PASSTHROUGH: -#endif - snprintf(prefix, sizeof(prefix), "wan%d_", wan_primary_ifunit_ipv6()); - wan_proto = get_wan_proto(prefix); - if ((wan_proto == WAN_PPPOE || wan_proto == WAN_PPTP || wan_proto == WAN_L2TP) && - nvram_match(ipv6_nvname("ipv6_ifdev"), "ppp")) - break; - /* fall through */ - default: - // call wan6_up directly - wan6_up(get_wan6face()); - break; - } -} - -void stop_wan6(void) -{ - // call wan6_down directly - wan6_down(get_wan6face()); -} - -#endif - -/** - * Append netdev to bled or remove netdev from bled. - * @action: append or move - * 0: remove - * otherwise: append - * @wan_unit: - * @wan_ifname: - */ -#ifdef RTCONFIG_BLINK_LED -static void adjust_netdev_if_of_wan_bled(int action, int wan_unit, char *wan_ifname) -{ - char *wan_gpio = "led_wan_gpio"; - int (*func)(const char *led_gpio, const char *ifname); - - if (wan_unit < 0 || wan_unit >= WAN_UNIT_MAX || !wan_ifname) - return; - - if (action) - func = append_netdev_bled_if; - else - func = remove_netdev_bled_if; -#if defined(RTCONFIG_WANLEDX2) - if (wan_unit == 1) - wan_gpio = "led_wan2_gpio"; -#endif - if (dualwan_unit__usbif(wan_unit)) { - func(wan_gpio, wan_ifname); - return; - } - - if (!(nvram_get_int("boardflags") & 0x100)) - return; - -#if defined(RTCONFIG_SWITCH_RTL8370M_PHY_QCA8033_X2) || \ - defined(RTCONFIG_SWITCH_RTL8370MB_PHY_QCA8033_X2) - /* Nothing to do. */ -#else - if (get_dualwan_by_unit(wan_unit) == WANS_DUALWAN_IF_LAN) { - func(wan_gpio, wan_ifname); - } -#endif -} -#endif - -void -wan_up(const char *pwan_ifname) -{ - char tmp[100], prefix[sizeof("wanXXXXXXXXXX_")]; - char prefix_x[sizeof("wanXXXXXXXXX_")]; - char wan_ifname[16]; - char gateway[16], dns[PATH_MAX]; - int wan_unit, wan_proto; -#if defined(RTCONFIG_USB_MODEM) && defined(RTCONFIG_INTERNAL_GOBI) - int modem_unit; - char tmp2[100], prefix2[32]; - char env_unit[32]; -#endif -#ifdef RTCONFIG_LANTIQ - char ppa_cmd[255] = {0}; -#endif - FILE *fp; - char word[100], *next; -#ifdef RTCONFIG_SOFTWIRE46 - int hgwret; - char cmd[2048], tmp1[100]; - char prc[16] = {0}; - - prctl(PR_GET_NAME, prc); - - strlcpy(wan_ifname, pwan_ifname, sizeof(wan_ifname)); - if ((wan_unit = wan_ifunit(wan_ifname)) < 0) - wan_unit = 0; - snprintf(prefix, sizeof(prefix), "wan%d_", wan_unit); - wan_proto = get_wan_proto(prefix); - - switch (wan_proto) { - case WAN_V6PLUS: - S46_DBG("Callby:[%s]\n", prc); - default: - break; - } -#endif - in_addr_t addr, mask; - int is_private_dns = 0; - int i=0; - int first_ntp_sync = 0; - - /* Value of pwan_ifname can be modfied after do_dns_detect */ - strlcpy(wan_ifname, pwan_ifname, sizeof(wan_ifname)); - - /* Figure out nvram variable name prefix for this i/f */ - if ((wan_unit = wan_ifunit(wan_ifname)) < 0 -#ifdef RTCONFIG_SOFTWIRE46 - || (nvram_get_int("s46_hgw_case") == S46_CASE_MAP_HGW_OFF && !strcmp(prc, "udhcpc")) -#endif - ) - { - /* called for dhcp+ppp */ - if ((wan_unit = wanx_ifunit(wan_ifname)) < 0) - return; - _dprintf("%s_x(%s)\n", __FUNCTION__, wan_ifname); - - snprintf(prefix, sizeof(prefix), "wan%d_", wan_unit); - snprintf(prefix_x, sizeof(prefix_x), "wan%d_x", wan_unit); - -#ifdef RTCONFIG_IPV6 - wan_proto = get_wan_proto(prefix); - if (wan_unit == wan_primary_ifunit_ipv6()) { - switch (get_ipv6_service()) { - case IPV6_NATIVE_DHCP: - case IPV6_MANUAL: -#ifdef RTCONFIG_6RELAYD - case IPV6_PASSTHROUGH: -#endif - if ((wan_proto == WAN_PPPOE || wan_proto == WAN_PPTP || wan_proto == WAN_L2TP) && - nvram_match(ipv6_nvname("ipv6_ifdev"), "ppp")) - break; -#ifdef RTCONFIG_SOFTWIRE46 - if (wan_proto == WAN_LW4O6 || wan_proto == WAN_MAPE || wan_proto == WAN_V6PLUS) - break; -#endif - /* fall through */ - - default: - wan6_up(get_wan6face()); - break; - } - } -#endif - - start_firewall(wan_unit, 0); -#if defined(RTCONFIG_IPV6) && (defined(RTAX82_XD6) || defined(RTAX82_XD6S)) - if (!strncmp(nvram_safe_get("territory_code"), "CH", 2) && - ipv6_enabled() && - nvram_match(ipv6_nvname("ipv6_only"), "1")) - return; -#endif - /* setup static wan routes via physical device */ - add_routes(prefix, "mroute", wan_ifname); - - /* and one supplied via DHCP */ - add_dhcp_routes(prefix_x, wan_ifname, 1); - - /* and default route with metric 1 */ - snprintf(gateway, sizeof(gateway), "%s", nvram_safe_get(strcat_r(prefix_x, "gateway", tmp))); - if (inet_addr_(gateway) != INADDR_ANY) { - addr = inet_addr(nvram_safe_get(strcat_r(prefix_x, "ipaddr", tmp))); - mask = inet_addr(nvram_safe_get(strcat_r(prefix_x, "netmask", tmp))); - - /* the gateway is out of the local network */ - if ((inet_addr(gateway) & mask) != (addr & mask)) - route_add(wan_ifname, 2, gateway, NULL, "255.255.255.255"); - - /* default route via default gateway */ - route_add(wan_ifname, 2, "0.0.0.0", gateway, "0.0.0.0"); - - /* ... and to dns servers as well for demand ppp to work */ - if (nvram_get_int(strcat_r(prefix, "dnsenable_x", tmp))) { - snprintf(dns, sizeof(dns), "%s", nvram_safe_get(strcat_r(prefix_x, "dns", tmp))); - foreach(word, dns, next) { - if ((inet_addr(word) != inet_addr(gateway)) && - (inet_addr(word) & mask) != (addr & mask)) - route_add(wan_ifname, 2, word, gateway, "255.255.255.255"); - } - } - } - - update_resolvconf(); - - /* start multicast router on DHCP+VPN physical interface */ - if (nvram_match("iptv_ifname", wan_ifname) -#if !defined(RTCONFIG_MULTISERVICE_WAN) - || wan_unit == wan_primary_ifunit() -#endif - ) - start_igmpproxy(wan_ifname); - -#ifdef RTCONFIG_LANTIQ - disable_ppa_wan(wan_ifname); -#endif - _dprintf("%s_x(%s): done.\n", __FUNCTION__, wan_ifname); - - return; - } - - _dprintf("%s(%s)\n", __FUNCTION__, wan_ifname); - - snprintf(prefix, sizeof(prefix), "wan%d_", wan_unit); - wan_proto = get_wan_proto(prefix); -#if defined(RTCONFIG_IPV6) && (defined(RTAX82_XD6) || defined(RTAX82_XD6S)) - if (!strncmp(nvram_safe_get("territory_code"), "CH", 2) && - ipv6_enabled() && - nvram_match(ipv6_nvname("ipv6_only"), "1")) - goto NOIP; -#endif - snprintf(gateway, sizeof(gateway), "%s", nvram_safe_get(strcat_r(prefix, "gateway", tmp))); - if (inet_addr_(gateway) == INADDR_ANY) - memset(gateway, 0, sizeof(gateway)); - - /* Set default route to gateway if specified */ - switch (wan_proto) { - case WAN_DHCP: - case WAN_STATIC: -#ifdef RTCONFIG_SOFTWIRE46 - case WAN_LW4O6: - case WAN_MAPE: - case WAN_V6PLUS: -#endif - /* the gateway is in the local network */ - if (*gateway && - inet_addr_(gateway) != inet_addr_(nvram_safe_get(strcat_r(prefix, "ipaddr", tmp)))) { -#ifdef RTCONFIG_MULTICAST_IPTV - /* Rawny: delete gateway route in IPTV(movistar) case to enable QUAGGA */ - if (nvram_get_int("switch_stb_x") > 6 && - !nvram_match("switch_wantag", "movistar")) -#endif - route_add(wan_ifname, 0, gateway, NULL, "255.255.255.255"); - } - /* replaced with add_multi_routes() - route_add(wan_ifname, 0, "0.0.0.0", gateway, "0.0.0.0"); */ - break; - - case WAN_PPTP: - case WAN_L2TP: - /* hack: avoid routing cycles, when both peer and server has the same IP */ - /* delete gateway route as it's no longer needed */ - if (*gateway) - route_del(wan_ifname, 0, gateway, "0.0.0.0", "255.255.255.255"); - } - - /* Install interface dependent static routes */ - add_wan_routes(wan_ifname); - - nvram_set(strcat_r(prefix, "gw_ifname", tmp), wan_ifname); - - /* setup static wan routes via physical device */ - switch (wan_proto) { - case WAN_DHCP: - case WAN_STATIC: -#ifdef RTCONFIG_SOFTWIRE46 - case WAN_LW4O6: - case WAN_MAPE: - case WAN_V6PLUS: -#endif - nvram_set(strcat_r(prefix, "xgateway", tmp), strlen(gateway) > 0 ? gateway : "0.0.0.0"); - add_routes(prefix, "mroute", wan_ifname); - break; - } - - /* and one supplied via DHCP */ - switch (wan_proto) { -#ifdef RTCONFIG_SOFTWIRE46 - case WAN_LW4O6: - if (!nvram_get_int(strcat_r(prefix, "dhcpenable_x", tmp))) - break; - /* fall through */ -#endif - case WAN_DHCP: - add_dhcp_routes(prefix, wan_ifname, 0); - break; - } - - /* add wan dns route via wan interface */ - addr = inet_addr(nvram_safe_get(strcat_r(prefix, "ipaddr", tmp))); - mask = inet_addr(nvram_safe_get(strcat_r(prefix, "netmask", tmp))); - nvram_safe_get_r(strcat_r(prefix, "dns", tmp), dns, sizeof(dns)); - _dprintf("%s, chk wan_dns\n", __func__); - foreach(word, dns, next) { - is_private_dns = is_private_subnet(word) && strcmp(word, nvram_safe_get("wan0_ipaddr")) && strcmp(word, nvram_safe_get("wan1_ipaddr")); - // skip if is 1. WAN gateway, 2. in WAN subnet 3. in LAN subnet - if ((inet_addr(word) != inet_addr(gateway)) && - (inet_addr(word) & mask) != (addr & mask) && - ((inet_addr(word) & inet_addr(nvram_safe_get("lan_netmask"))) - != (inet_addr(nvram_safe_get("lan_ipaddr")) & inet_addr(nvram_safe_get("lan_netmask")))) && - !chk_inlan(word) - ) - route_add(wan_ifname, is_private_dns?0:2, word, gateway, "255.255.255.255"); - } -#if (defined(RTAX82_XD6) || defined(RTAX82_XD6S)) -NOIP: -#endif -#ifdef RTCONFIG_IPV6 - if (wan_unit == wan_primary_ifunit_ipv6()) { - switch (get_ipv6_service()) { - case IPV6_NATIVE_DHCP: - case IPV6_MANUAL: -#ifdef RTCONFIG_6RELAYD - case IPV6_PASSTHROUGH: -#endif - if ((wan_proto == WAN_PPPOE || wan_proto == WAN_PPTP || wan_proto == WAN_L2TP) && - nvram_match(ipv6_nvname("ipv6_ifdev"), "ppp")) - break; -#ifdef RTCONFIG_SOFTWIRE46 - if (wan_proto == WAN_LW4O6 || wan_proto == WAN_MAPE || wan_proto == WAN_V6PLUS) - break; -#endif - /* fall through */ - default: - wan6_up(get_wan6face()); - break; - } - } -#endif - -#ifdef RTCONFIG_MULTICAST_IPTV - if (nvram_get_int("switch_stb_x") > 6 && - nvram_match("iptv_ifname", wan_ifname)) { - if (nvram_match("switch_wantag", "maxis_fiber_iptv")) - route_add(wan_ifname, 0, "172.17.90.1", NULL, "255.255.255.255"); - start_igmpproxy(wan_ifname); - } -#ifdef RTCONFIG_QUAGGA - if (wan_unit == WAN_UNIT_IPTV || wan_unit == WAN_UNIT_VOIP) { - stop_quagga(); - start_quagga(); - } -#endif -#endif - -#if defined(RTCONFIG_MULTISERVICE_WAN) - if (nvram_match("iptv_ifname", wan_ifname)) - { - if (wan_proto == WAN_BRIDGE && wan_unit != WAN_UNIT_FIRST && wan_unit != WAN_UNIT_SECOND) -#if defined(RTCONFIG_DSL_BCM) - if (nvram_get_int("switch_stb_x") == 0) - start_igmpproxy(wan_ifname); - else -#endif - start_igmpproxy(STB_BR_IF); - else - start_igmpproxy(wan_ifname); - } -#endif - -#if defined(DSL_N55U) || defined(DSL_N55U_B) - if(nvram_match("wl0_country_code", "GB")) { - if(isTargetArea()) { - system("ATE Set_RegulationDomain_2G SG"); - //system("ATE Set_RegulationDomain_5G SG"); - } - } -#endif - - /* Set connected state */ - update_wan_state(prefix, WAN_STATE_CONNECTED, 0); - -#if defined(RTCONFIG_QCA) || \ - (defined(RTCONFIG_RALINK) && !defined(RTCONFIG_DSL) && !defined(RTN13U)) - reinit_hwnat(wan_unit); -#endif - - ctrl_wan_gro(wan_unit, 0); - - // TODO: handle different lan_ifname? - start_firewall(wan_unit, 0); - //start_firewall(wan_ifname, nvram_safe_get(strcat_r(prefix, "ipaddr", tmp)), - // nvram_safe_get("lan_ifname"), nvram_safe_get("lan_ipaddr")); - - /* Start post-authenticator */ - start_auth(wan_unit, 1); - - /* Add dns servers to resolv.conf */ - update_resolvconf(); - -#ifdef RTCONFIG_SOFTWIRE46 - switch (wan_proto) { - case WAN_MAPE: - if (nvram_invmatch(ipv6_nvname("ipv6_ra_route"), "")) { - eval("ip", "-6", "route", "add", "::/0", "via", nvram_safe_get(ipv6_nvname("ipv6_ra_route")), "dev", wan_ifname); - S46_DBG("[CMD]:[ip -6 route add ::/0 via %s dev %s]\n", nvram_safe_get(ipv6_nvname("ipv6_ra_route")), wan_ifname); - } - break; - case WAN_V6PLUS: - if (!strcmp(prc, "udhcpc") && nvram_get_int("s46_hgw_case") == S46_CASE_INIT) { - if (inet_addr_(nvram_safe_get(strcat_r(prefix, "gateway", tmp))) != INADDR_ANY) { - snprintf(cmd, sizeof(cmd), "ip route replace %s dev %s proto kernel", nvram_safe_get(strcat_r(prefix, "gateway", tmp)), wan_ifname); - S46_DBG("[CMD]:[%s]\n", cmd); - system(cmd); - } - snprintf(cmd, sizeof(cmd), "ip route replace default via %s dev %s", nvram_safe_get(strcat_r(prefix, "gateway", tmp)), wan_ifname); - S46_DBG("[CMD][%s]\n", cmd); - system(cmd); - system("ip route flush cache"); - hgwret = s46_jpne_hgw(); - /* Debug only */ - if (nvram_get("s46_debug_hgwret")) { - S46_DBG("Using nvram s46_debug_hgwret val.\n"); - hgwret = nvram_get_int("s46_debug_hgwret"); - } - if (hgwret == 1) { - wan6_up(get_wan6face()); - nvram_set_int("s46_hgw_case", S46_CASE_MAP_HGW_ON); - } else { - if (hgwret < 0) - S46_DBG("HGW did not respond[%d].\n", hgwret); - snprintf(prefix_x, sizeof(prefix_x), "wan%d_x", wan_unit); - nvram_set(strcat_r(prefix_x, "ipaddr", tmp), nvram_safe_get(strcat_r(prefix, "ipaddr", tmp1))); - nvram_set(strcat_r(prefix_x, "gateway", tmp), nvram_safe_get(strcat_r(prefix, "gateway", tmp1))); - nvram_set(strcat_r(prefix_x, "dns", tmp), nvram_safe_get(strcat_r(prefix, "dns", tmp1))); - nvram_set(strcat_r(prefix_x, "netmask", tmp), nvram_safe_get(strcat_r(prefix, "netmask", tmp1))); - nvram_set(strcat_r(prefix, "gateway", tmp), "0.0.0.0"); - nvram_set(strcat_r(prefix, "dns", tmp), "0.0.0.0"); - nvram_set_int("s46_hgw_case", S46_CASE_MAP_HGW_OFF); - S46_DBG("[%s] done.\n", wan_ifname); - return; - } - } - } -#endif - - /* default route via default gateway */ - add_multi_routes(0, wan_unit); - - /* Kick syslog to re-resolve remote server */ - reload_syslogd(); - -#if defined(RTCONFIG_USB_MODEM) && defined(RTCONFIG_INTERNAL_GOBI) - if(dualwan_unit__usbif(wan_unit)){ - modem_unit = get_modemunit_by_type(get_dualwan_by_unit(wan_unit)); - usb_modem_prefix(modem_unit, prefix2, sizeof(prefix2)); - snprintf(env_unit, sizeof(env_unit), "unit=%d", modem_unit); - - putenv(env_unit); - if(nvram_match(strcat_r(prefix2, "act_type", tmp2), "gobi")){ - nvram_set("freeze_duck", "5"); - eval("/usr/sbin/modem_status.sh", "rate"); - eval("/usr/sbin/modem_status.sh", "band"); - eval("/usr/sbin/modem_status.sh", "operation"); - eval("/usr/sbin/modem_status.sh", "provider"); - } -#if defined(RTCONFIG_JFFS2) || defined(RTCONFIG_BRCM_NAND_JFFS2) || defined(RTCONFIG_UBIFS) - eval("/usr/sbin/modem_status.sh", "get_dataset"); - eval("/usr/sbin/modem_status.sh", "bytes"); -#endif - unsetenv("unit"); - - char start_sec[32], *str = file2str("/proc/uptime"); - unsigned int up = atoi(str); - - free(str); - snprintf(start_sec, sizeof(start_sec), "%u", up); - nvram_set(strcat_r(prefix2, "act_startsec", tmp2), start_sec); - } -#endif - -#ifdef RTCONFIG_OPENVPN - stop_ovpn_eas(); -#endif - - /* Sync time if not already set, or not running a daemon */ -#ifdef RTCONFIG_NTPD - if (!nvram_get_int("ntp_ready")) { - first_ntp_sync = 1; -#endif - refresh_ntpc(); - } - -#ifdef RTCONFIG_VPN_FUSION - vpnc_set_internet_policy(1); -#endif - -#if !defined(RTCONFIG_MULTIWAN_CFG) - if (wan_unit != wan_primary_ifunit() -#ifdef RTCONFIG_DUALWAN - || nvram_match("wans_mode", "lb") -#endif - ) - { - - /* ntp is set, but it didn't just get set, so ntp_synced didn't already did these */ - if (nvram_get_int("ntp_ready") && !first_ntp_sync) { -#ifdef RTCONFIG_OPENVPN - start_ovpn_eas(); -#endif - stop_ddns(); - start_ddns(NULL); - } -#ifdef RTCONFIG_TR069 - if(wan_unit == 0 ){ - if(!pids("tr069")){ - if(nvram_get_int("link_wan")){ - start_tr(); - } - } - } - else if(wan_unit == 1 ){ - if(!pids("tr069")){ - if(nvram_get_int("link_wan1")){ - start_tr(); - } - } - } -#endif - return; - } -#endif - -#if !defined(RTCONFIG_MULTISERVICE_WAN) - /* start multicast router when not VPN */ - if (wan_unit == wan_primary_ifunit() && - (wan_proto == WAN_DHCP || wan_proto == WAN_STATIC)) - start_igmpproxy(wan_ifname); -#endif - -#ifdef RTCONFIG_IPSEC - if (nvram_get_int("ipsec_server_enable") || nvram_get_int("ipsec_client_enable") -#ifdef RTCONFIG_INSTANT_GUARD - || nvram_get_int("ipsec_ig_enable") -#endif - ) { - rc_ipsec_config_init(); - start_dnsmasq(); - } -#endif - - /* ntp is set, but it didn't just get set, so ntp_synced didn't already did these */ - if (nvram_get_int("ntp_ready") && !first_ntp_sync) { - stop_ddns(); - start_ddns(NULL); - } - -#ifdef RTCONFIG_VPNC -#ifdef RTCONFIG_VPN_FUSION - start_vpnc(); -#else - if((nvram_match("vpnc_proto", "pptp") || nvram_match("vpnc_proto", "l2tp")) && nvram_match("vpnc_auto_conn", "1")) - start_vpnc(); -#endif -#endif - -#if defined(RTCONFIG_PPTPD) || defined(RTCONFIG_ACCEL_PPTPD) -/* TODO: still required? */ - if (nvram_get_int("pptpd_enable")) { - stop_pptpd(); - start_pptpd(); - } -#endif - -#ifdef RTCONFIG_WIREGUARD -#ifndef RTCONFIG_VPN_FUSION - stop_wgcall(); - start_wgcall(); -#endif - stop_wgsall(); - start_wgsall(); -#endif - -#ifdef RTCONFIG_BLINK_LED - adjust_netdev_if_of_wan_bled(1, wan_unit, wan_ifname); -#endif - -#if !defined(RTCONFIG_MULTIWAN_CFG) - /* FIXME: Protect below code from 2-nd WAN temporarilly. */ - if(wan_unit == wan_primary_ifunit()) -#endif - { -#ifdef RTCONFIG_TR069 - start_tr(); -#endif - -#ifdef RTCONFIG_GETREALIP - char *getip[] = {"getrealip.sh", NULL}; - pid_t pid; - - //_eval(getip, ">>/tmp/log.txt", 0, &pid); - _eval(getip, ">>/dev/null", 0, &pid); -#endif - -#ifdef RTCONFIG_TCPDUMP - eval("killall", "tcpdump"); -#endif - } - -/* Need to be done after getrealip */ - stop_upnp(); - start_upnp(); - -#ifdef RTCONFIG_LANTIQ - disable_ppa_wan(wan_ifname); - - if(ppa_support(wan_unit) == 1){ - sleep(1); - enable_ppa_wan(wan_ifname); - } -#endif - -#if 0 - snprintf(tmp, sizeof(tmp), "arping -w 1 -I %s %s", wan_ifname, gateway); - if((fp = popen(tmp, "r")) != NULL){ - char wan_mac[18], upper_mac[18]; - int i; - while(fgets(tmp, sizeof(tmp), fp) != NULL){ - memset(wan_mac, 0, sizeof(wan_mac)); - if(sscanf(tmp, "Unicast reply from %*s [%s] %*s", wan_mac) == 1){ - wan_mac[17] = 0; - memset(upper_mac, 0, sizeof(upper_mac)); - for(i = 0; wan_mac[i]; ++i) - upper_mac[i] = toupper(wan_mac[i]); - nvram_set(strcat_r(prefix, "gw_mac", tmp), upper_mac); - _dprintf("%s: wan_mac=%s.\n", __func__, upper_mac); - break; - } - } - pclose(fp); - } -#else - snprintf(tmp, sizeof(tmp), "ip neigh show %s dev %s 2>/dev/null", gateway, wan_ifname); - if ((fp = popen(tmp, "r")) != NULL) { - char lladdr[18], *ptr; - if (fscanf(fp, "%*s lladdr %17s", lladdr) == 1) { - for (ptr = lladdr; *ptr; ptr++) - *ptr = toupper(*ptr); - nvram_set(strcat_r(prefix, "gw_mac", tmp), lladdr); - _dprintf("%s: wan_mac=%s.\n", __func__, lladdr); - }else{ - nvram_unset(strcat_r(prefix, "gw_mac", tmp)); - _dprintf("%s: no wan_mac, remove\n", __func__); - } - pclose(fp); - } -#endif - -#ifdef RTCONFIG_OPENVPN - /* ntp is set, but it didn't just get set, so ntp_synced didn't already did these */ - if (nvram_get_int("ntp_ready") && !first_ntp_sync) { - start_ovpn_eas(); - } -#endif - -#ifdef RTCONFIG_BWDPI - int enabled = check_bwdpi_nvram_setting(); - int changed = tdts_check_wan_changed(); - - BWDPI_DBG("enabled = %d, changed = %d\n", enabled, changed); - - if(enabled){ - _dprintf("[%s] do dpi engine service ... \n", __FUNCTION__); - // if Adaptive QoS or AiProtection is enabled - int count = 0; - int val = 0; - while (count < 5) { - sleep(1); - val = found_default_route(0); - usleep(400*1000); - count++; - if ((val == 1) || (count == 5)) break; - } - - BWDPI_DBG("found_default_route result: %d\n", val); - - if (val) { - // if restart_wan_if, remove dpi engine related - if ((f_exists("/dev/detector") || f_exists("/dev/idpfw")) && changed == 0) - { - _dprintf("[%s] stop dpi engine service - %d\n", __FUNCTION__, changed); - stop_dpi_engine_service(0); - } - else if ((f_exists("/dev/detector") || f_exists("/dev/idpfw")) && changed == 1) - { - _dprintf("[%s] stop dpi engine service - %d\n", __FUNCTION__, changed); - stop_dpi_engine_service(1); - } - _dprintf("[%s] start dpi engine service\n", __FUNCTION__); - start_dpi_engine_service(); - start_firewall(wan_unit, 0); - } - - if(IS_NON_AQOS() || IS_ROG_QOS()){ - _dprintf("[wan up] tradtional qos or bandwidth limiter start\n"); - start_iQos(); - } - } - else{ - if(IS_NON_AQOS() || IS_ROG_QOS()){ - _dprintf("[wan up] tradtional qos or bandwidth limiter start\n"); - start_iQos(); - } - } -#else - start_iQos(); -#endif - -#ifdef RTCONFIG_AMAS - if (is_amaslib_enabled()) { - // force to trigger amaslib to do static scan - AMAS_EVENT_TRIGGER(NULL, NULL, 3); - } -#endif - -#ifdef RTCONFIG_AMAS_WGN - wgn_check_subnet_conflict(); - wgn_check_avalible_brif(); -#endif - -#ifdef RTCONFIG_FPROBE - start_fprobe(); -#endif - -#if defined(RTCONFIG_HND_ROUTER_AX) - if (wan_proto == WAN_PPTP) - eval("fc", "config", "--tcp-ack-mflows", "0"); - else - eval("fc", "config", "--tcp-ack-mflows", nvram_get_int("fc_tcp_ack_mflows_disable_force") ? "0" : "1"); -#endif - -#if defined(RTCONFIG_SAMBASRV) - if (nvram_match("enable_samba", "1")) - { - stop_samba(0); - start_samba(); - } -#endif - -_dprintf("%s(%s): done.\n", __FUNCTION__, wan_ifname); -} - -void -wan_down(char *wan_ifname) -{ - int wan_unit; - char tmp[100], prefix[] = "wanXXXXXXXXXX_"; - char *gateway; - int wan_proto, end_wan_sbstate = WAN_STOPPED_REASON_NONE; -#ifdef RTCONFIG_INTERNAL_GOBI - int modem_unit; - char tmp2[100], prefix2[32]; -#endif - - _dprintf("%s(%s)\n", __FUNCTION__, wan_ifname); - -#ifdef RTCONFIG_FPROBE - stop_fprobe(); -#endif - - /* Skip physical interface of VPN connections */ - if ((wan_unit = wan_ifunit(wan_ifname)) < 0) - return; - - /* Figure out nvram variable name prefix for this i/f */ - if(wan_prefix(wan_ifname, prefix) < 0) - return; - - _dprintf("%s(%s): %s.\n", __FUNCTION__, wan_ifname, nvram_safe_get(strcat_r(prefix, "dns", tmp))); - -#if defined(RTCONFIG_JFFS2) || defined(RTCONFIG_BRCM_NAND_JFFS2) || defined(RTCONFIG_UBIFS) - if(get_wan_sbstate(wan_unit) == WAN_STOPPED_REASON_DATALIMIT) - end_wan_sbstate = WAN_STOPPED_REASON_DATALIMIT; -#endif - -#ifdef RTCONFIG_INTERNAL_GOBI - if(dualwan_unit__usbif(wan_unit)){ - modem_unit = get_modemunit_by_type(get_dualwan_by_unit(wan_unit)); - usb_modem_prefix(modem_unit, prefix2, sizeof(prefix2)); - - nvram_unset(strcat_r(prefix2, "act_tx", tmp2)); - nvram_unset(strcat_r(prefix2, "act_rx", tmp2)); - nvram_unset(strcat_r(prefix2, "act_band", tmp2)); - nvram_unset(strcat_r(prefix2, "act_operation", tmp2)); - nvram_unset(strcat_r(prefix2, "act_provider", tmp2)); - nvram_unset(strcat_r(prefix2, "act_startsec", tmp2)); - } -#endif - -#ifdef RTCONFIG_BLINK_LED - adjust_netdev_if_of_wan_bled(0, wan_unit, wan_ifname); -#endif - - /* Stop post-authenticator */ - stop_auth(wan_unit, 1); - - wan_proto = get_wan_proto(prefix); - - if (wan_unit == wan_primary_ifunit()) { - /* Stop multicast router when not VPN */ - if (wan_proto == WAN_DHCP || wan_proto == WAN_STATIC) { -#ifdef RTCONFIG_MULTICAST_IPTV - if (nvram_get_int("switch_stb_x") > 6 && nvram_match("iptv_ifname", wan_ifname)) -#endif - stop_igmpproxy(); - } - - /* Remove default route to gateway if specified */ - gateway = nvram_safe_get_r(strcat_r(prefix, "gateway", tmp), tmp, sizeof(tmp)); - if (inet_addr_(gateway) == INADDR_ANY) - gateway = NULL; - route_del(wan_ifname, 0, "0.0.0.0", gateway, "0.0.0.0"); - } - - /* Remove interface dependent static routes */ - del_wan_routes(wan_ifname); - - switch (wan_proto) { - case WAN_STATIC: -#ifdef RTCONFIG_SOFTWIRE46 - case WAN_LW4O6: - case WAN_MAPE: - case WAN_V6PLUS: -#endif - ifconfig(wan_ifname, IFUP, NULL, NULL); - break; - } - - update_wan_state(prefix, WAN_STATE_DISCONNECTED, end_wan_sbstate); - - /* Update resolv.conf - * Leave as is if no dns servers left for demand to work */ - if (*nvram_safe_get(strcat_r(prefix, "xdns", tmp))) - nvram_unset(strcat_r(prefix, "dns", tmp)); - update_resolvconf(); - -#ifdef RTCONFIG_DUALWAN - if(nvram_match("wans_mode", "lb")) - add_multi_routes(1, -1); -#endif - -#ifdef RTCONFIG_GETREALIP -#ifdef RTCONFIG_DUALWAN - if(nvram_invmatch("wans_mode", "lb")) -#endif - { - nvram_set(strcat_r(prefix, "realip_state", tmp), "0"); - nvram_set(strcat_r(prefix, "realip_ip", tmp), ""); - } -#endif -#ifdef RTCONFIG_LANTIQ - disable_ppa_wan(wan_ifname); -#endif -#ifdef RTCONFIG_VPN_FUSION - vpnc_set_internet_policy(0); -#endif - -} - -int -wan_ifunit(char *wan_ifname) -{ - char tmp[100], prefix[sizeof("wanXXXXXXXXXX_")]; - int unit; - - if ((unit = ppp_ifunit(wan_ifname)) >= 0) - return unit; - - for (unit = WAN_UNIT_FIRST; unit < WAN_UNIT_MAX; unit++) { - snprintf(prefix, sizeof(prefix), "wan%d_", unit); - switch (get_wan_proto(prefix)) { - case WAN_DHCP: - case WAN_STATIC: -#ifdef RTCONFIG_SOFTWIRE46 - case WAN_MAPE: - case WAN_V6PLUS: -#endif - if (nvram_match(strcat_r(prefix, "ifname", tmp), wan_ifname)) - return unit; - break; - } - } -#ifdef RTCONFIG_MULTICAST_IPTV - if (nvram_get_int("switch_stb_x") > 6) { - for (unit = WAN_UNIT_IPTV; unit < WAN_UNIT_MULTICAST_IPTV_MAX; unit++) { - snprintf(prefix, sizeof(prefix), "wan%d_", unit); - switch (get_wan_proto(prefix)) { - case WAN_DHCP: - case WAN_STATIC: - case WAN_BRIDGE: - if (nvram_match(strcat_r(prefix, "ifname", tmp), wan_ifname)) - return unit; - break; - } - } - } -#endif -#ifdef RTCONFIG_MULTISERVICE_WAN - for (unit = WAN_UNIT_FIRST_MULTISRV_START; unit < WAN_UNIT_MULTISRV_MAX; unit++) { - snprintf(prefix, sizeof(prefix), "wan%d_", unit); - switch (get_wan_proto(prefix)) { - case WAN_DHCP: - case WAN_STATIC: - case WAN_BRIDGE: - if (nvram_match(strcat_r(prefix, "ifname", tmp), wan_ifname)) - return unit; - break; - } - } -#endif - return -1; -} - -int -wanx_ifunit(char *wan_ifname) -{ - char tmp[100], prefix[sizeof("wanXXXXXXXXXX_")]; - int unit; - - for (unit = WAN_UNIT_FIRST; unit < WAN_UNIT_MAX; unit++) { - snprintf(prefix, sizeof(prefix), "wan%d_", unit); - switch (get_wan_proto(prefix)) { - case WAN_PPPOE: - case WAN_PPTP: - case WAN_L2TP: -#ifdef RTCONFIG_SOFTWIRE46 - case WAN_MAPE: - case WAN_V6PLUS: -#endif - if (nvram_match(strcat_r(prefix, "ifname", tmp), wan_ifname)) - return unit; - break; - } - } -#ifdef RTCONFIG_MULTICAST_IPTV - if (nvram_get_int("switch_stb_x") > 6) { - for (unit = WAN_UNIT_IPTV; unit < WAN_UNIT_MULTICAST_IPTV_MAX; unit++) { - snprintf(prefix, sizeof(prefix), "wan%d_", unit); - switch (get_wan_proto(prefix)) { - case WAN_PPPOE: - case WAN_PPTP: - case WAN_L2TP: - if (nvram_match(strcat_r(prefix, "ifname", tmp), wan_ifname)) - return unit; - break; - } - } - } -#endif -#ifdef RTCONFIG_MULTISERVICE_WAN - for (unit = WAN_UNIT_FIRST_MULTISRV_START; unit < WAN_UNIT_MULTISRV_MAX; unit++) { - snprintf(prefix, sizeof(prefix), "wan%d_", unit); - if (nvram_match(strcat_r(prefix, "ifname", tmp), wan_ifname) && - (nvram_match(strcat_r(prefix, "proto", tmp), "pppoe") || - nvram_match(strcat_r(prefix, "proto", tmp), "pptp") || - nvram_match(strcat_r(prefix, "proto", tmp), "l2tp"))) - return unit; - } -#endif - return -1; -} - -int -preset_wan_routes(char *wan_ifname) -{ - int unit = -1; - - if((unit = wan_ifunit(wan_ifname)) < 0) - if((unit = wanx_ifunit(wan_ifname)) < 0) - return -1; - - /* Set default route to gateway if specified */ - if(unit == wan_primary_ifunit()) - route_add(wan_ifname, 0, "0.0.0.0", "0.0.0.0", "0.0.0.0"); - - /* Install interface dependent static routes */ - add_wan_routes(wan_ifname); - return 0; -} - -char * -get_lan_ipaddr() -{ - int s; - struct ifreq ifr; - struct sockaddr_in *inaddr; - struct in_addr ip_addr; - - /* Retrieve IP info */ - if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) -#if 0 - return strdup("0.0.0.0"); -#else - { - memset(&ip_addr, 0x0, sizeof(ip_addr)); - return inet_ntoa(ip_addr); - } -#endif - - strncpy(ifr.ifr_name, "br0", IFNAMSIZ); - inaddr = (struct sockaddr_in *)&ifr.ifr_addr; - inet_aton("0.0.0.0", &inaddr->sin_addr); - - /* Get IP address */ - ioctl(s, SIOCGIFADDR, &ifr); - close(s); - - ip_addr = ((struct sockaddr_in*)&ifr.ifr_addr)->sin_addr; -// fprintf(stderr, "current LAN IP address: %s\n", inet_ntoa(ip_addr)); - return inet_ntoa(ip_addr); -} - -int -ppp0_as_default_route() -{ - int i, n, found; - FILE *f; - unsigned int dest, mask; - char buf[256], device[256]; - - n = 0; - found = 0; - mask = 0; - device[0] = '\0'; - - if ((f = fopen("/proc/net/route", "r")) != NULL) - { - while (fgets(buf, sizeof(buf), f) != NULL) - { - if (++n == 1 && strncmp(buf, "Iface", 5) == 0) - continue; - - i = sscanf(buf, "%255s %x %*s %*s %*s %*s %*s %x", - device, &dest, &mask); - - if (i != 3) - break; - - if (device[0] != '\0' && dest == 0 && mask == 0) - { - found = 1; - break; - } - } - - fclose(f); - - if (found && !strcmp("ppp0", device)) - return 1; - else - return 0; - } - - return 0; -} - -int -found_default_route(int wan_unit) -{ - int i, n, found; - FILE *f; - unsigned int dest, mask; - char buf[256], device[256]; - char *wanif; - - if(wan_unit != wan_primary_ifunit()) - return 1; - - if(dualwan_unit__usbif(wan_unit) && nvram_get_int("modem_pdp") == 2) - return 1; - - n = 0; - found = 0; - mask = 0; - device[0] = '\0'; - - if ((f = fopen("/proc/net/route", "r")) != NULL) - { - while (fgets(buf, sizeof(buf), f) != NULL) - { - if (++n == 1 && strncmp(buf, "Iface", 5) == 0) - continue; - - i = sscanf(buf, "%255s %x %*s %*s %*s %*s %*s %x", - device, &dest, &mask); - - if (i != 3) - { - break; - } - - if (device[0] != '\0' && dest == 0 && mask == 0) - { - wanif = get_wan_ifname(wan_unit); - if (!strcmp(wanif, device)) - { - found = 1; - break; - } - } - } - - fclose(f); - - if (found) - { - return 1; - } - } - - _dprintf("\nNO default route!!!\n"); - - return 0; -} - -long print_num_of_connections() -{ - char buf[256]; - char entries[16], others[256]; - long num_of_entries; - - FILE *fp = fopen("/proc/net/stat/nf_conntrack", "r"); - if (!fp) { - fprintf(stderr, "no connection!\n"); - return 0; - } - - fgets(buf, 256, fp); - fgets(buf, 256, fp); - fclose(fp); - - memset(entries, 0x0, 16); - sscanf(buf, "%15s %s", entries, others); - num_of_entries = strtoul(entries, NULL, 16); - - fprintf(stderr, "connection count: %ld\n", num_of_entries); - return num_of_entries; -} - -#ifdef RTCONFIG_BCM9 -static int -ctf_entry_cleanup(void) -{ - ctf_cfg_request_t req; - ctf_tuple_t tuple, *tp = NULL; - struct sockaddr_nl src_addr, dest_addr; - struct nlmsghdr *nlh = NULL; - struct msghdr msg; - struct iovec iov; - int sock_fd, ret = SUCCESS; - - memset(&req, '\0', sizeof(req)); - req.command_id = CTFCFG_CMD_IPC_CLEANUP; - req.size = sizeof(ctf_tuple_t); - tp = (ctf_tuple_t *)req.arg; - /* CTFCFG_CMD_IPC_CLEANUP doesn't care about the content of tuple*/ - *tp = tuple; - - /* Create a netlink socket */ - sock_fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_CTF); - - if (sock_fd < 0) { - fprintf(stderr, "Netlink socket create failed\n"); - return FAILURE; - } - - /* Associate a local address with the opened socket */ - memset(&src_addr, 0, sizeof(struct sockaddr_nl)); - src_addr.nl_family = AF_NETLINK; - src_addr.nl_pid = getpid(); - src_addr.nl_groups = 0; - bind(sock_fd, (struct sockaddr *)&src_addr, sizeof(src_addr)); - - /* Fill the destination address, pid of 0 indicates kernel */ - memset(&dest_addr, 0, sizeof(struct sockaddr_nl)); - dest_addr.nl_family = AF_NETLINK; - dest_addr.nl_pid = 0; - dest_addr.nl_groups = 0; - - /* Allocate memory for sending configuration request */ - nlh = (struct nlmsghdr *)malloc(NLMSG_SPACE(CTFCFG_MAX_SIZE)); - - if (nlh == NULL) { - fprintf(stderr, "Out of memory allocating cfg buffer\n"); - ret = FAILURE; - goto out; - } - - /* Fill the netlink message header. The configuration request - * contains netlink header followed by data. - */ - nlh->nlmsg_len = NLMSG_SPACE(CTFCFG_MAX_SIZE); - nlh->nlmsg_pid = getpid(); - nlh->nlmsg_flags = 0; - - /* Fill the data part */ - memcpy(NLMSG_DATA(nlh), &req, sizeof(req)); - iov.iov_base = (void *)nlh; - iov.iov_len = nlh->nlmsg_len; - memset(&msg, 0, sizeof(struct msghdr)); - msg.msg_name = (void *)&dest_addr; - msg.msg_namelen = sizeof(dest_addr); - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - /* Send request to kernel module */ - ret = sendmsg(sock_fd, &msg, 0); - if (ret < 0) { - perror("sendmsg:"); - ret = FAILURE; - goto out; - } - - /* Wait for the response */ - memset(nlh, 0, NLMSG_SPACE(CTFCFG_MAX_SIZE)); - ret = recvmsg(sock_fd, &msg, 0); - if (ret < 0) { - perror("recvmsg:"); - ret = FAILURE; - goto out; - } - - /* Copy data to user buffer */ - memcpy(&req, NLMSG_DATA(nlh), sizeof(req)); - -out: - if (nlh) { - free(nlh); - } - - if (sock_fd >= 0) { - close(sock_fd); - } - - return ret; -} -#endif - -void -start_wan(void) -{ -#if defined(RTCONFIG_DUALWAN) || defined(RTCONFIG_MULTICAST_IPTV) - int unit; -#endif - -#ifdef RTCONFIG_DSL - dsl_wan_config(1); -#endif - - if (!is_routing_enabled()) - { -#ifdef HND_ROUTER - eval("iptables", "-t", "filter", "-F"); - /* drop access to envrams service from interfaces other than lo */ - eval("iptables", "-I", "INPUT", "!", "-i", "lo", "-p", "tcp", "--dport", "5152", "-j", "DROP"); -#endif - return; - } - -#ifdef RTCONFIG_WIFI_SON - if (nvram_match("wifison_ready", "1")) - nvram_set("start_wan", "1"); -#endif - - /* Create links */ - mkdir("/tmp/ppp", 0777); - mkdir("/tmp/ppp/peers", 0777); - symlink("/sbin/rc", "/tmp/ppp/ip-up"); - symlink("/sbin/rc", "/tmp/ppp/ip-down"); - symlink("/sbin/rc", "/tmp/ppp/ip-pre-up"); -#ifdef RTCONFIG_IPV6 - symlink("/sbin/rc", "/tmp/ppp/ipv6-up"); - symlink("/sbin/rc", "/tmp/ppp/ipv6-down"); - symlink("/sbin/rc", "/tmp/dhcp6c"); -#endif - symlink("/sbin/rc", "/tmp/ppp/auth-fail"); -#ifdef RTCONFIG_VPNC - symlink("/sbin/rc", "/tmp/ppp/vpnc-ip-up"); - symlink("/sbin/rc", "/tmp/ppp/vpnc-ip-down"); - symlink("/sbin/rc", "/tmp/ppp/vpnc-ip-pre-up"); - symlink("/sbin/rc", "/tmp/ppp/vpnc-auth-fail"); -#ifdef RTCONFIG_VPN_FUSION - if(!d_exists("/etc/openvpn")) { - mkdir("/etc/openvpn", 0700); - } - symlink("/sbin/rc", "/etc/openvpn/ovpnc-up"); - symlink("/sbin/rc", "/etc/openvpn/ovpnc-down"); - symlink("/sbin/rc", "/etc/openvpn/ovpnc-route-up"); - symlink("/sbin/rc", "/etc/openvpn/ovpnc-route-pre-down"); -#endif -#endif - symlink("/sbin/rc", "/tmp/udhcpc_wan"); - symlink("/sbin/rc", "/tmp/zcip"); -#ifdef RTCONFIG_EAPOL - symlink("/sbin/rc", "/tmp/wpa_cli"); -#endif -// symlink("/dev/null", "/tmp/ppp/connect-errors"); - -#if defined(RTCONFIG_QCA) || \ - (defined(RTCONFIG_RALINK) && !defined(RTCONFIG_DSL) && !defined(RTN13U)) - reinit_hwnat(-1); -#endif - -#ifdef HND_ROUTER - fc_init(); -#endif - -#if defined(RTCONFIG_USB_MODEM) && !defined(RTCONFIG_SOC_IPQ40XX) - if(sw_mode() == SW_MODE_ROUTER && (get_wans_dualwan()&WANSCAP_USB)){ -#if !defined(RTCONFIG_BT_CONN) - _dprintf("wan: Insert USB modules early.\n"); - add_usb_host_modules(); -#endif - add_usb_modem_modules(); - } -#endif - -#ifdef RTCONFIG_DUALWAN - char wans_mode[16]; - - snprintf(wans_mode, sizeof(wans_mode), "%s", nvram_safe_get("wans_mode")); - - /* Start each configured and enabled wan connection and its undelying i/f */ - for(unit = WAN_UNIT_FIRST; unit < WAN_UNIT_MAX; ++unit){ - if(dualwan_unit__nonusbif(unit)){ - if(((!strcmp(wans_mode, "fo") || !strcmp(wans_mode, "fb")) && unit == wan_primary_ifunit()) - || !strcmp(wans_mode, "lb") - ){ -#ifdef RTCONFIG_MULTISERVICE_WAN - config_mswan(unit); -#endif - _dprintf("%s: start_wan_if(%d)!\n", __FUNCTION__, unit); - start_wan_if(unit); - } -#ifdef RTCONFIG_HND_ROUTER - else if(!strcmp(wans_mode, "fo") || !strcmp(wans_mode, "fb")){ - _dprintf("%s: stop_wan_if(%d) for IFUP only!\n", __func__, unit); - stop_wan_if(unit); - } -#endif - } - } -#else // RTCONFIG_DUALWAN -#ifdef RTCONFIG_MULTISERVICE_WAN - config_mswan(WAN_UNIT_FIRST); -#endif - _dprintf("%s: start_wan_if(%d)!\n", __FUNCTION__, WAN_UNIT_FIRST); - start_wan_if(WAN_UNIT_FIRST); - -#ifdef RTCONFIG_USB_MODEM - if(is_usb_modem_ready(WANS_DUALWAN_IF_USB) == 1 && nvram_get_int("success_start_service") == 1){ - _dprintf("%s: start_wan_if(%d)!\n", __FUNCTION__, WAN_UNIT_SECOND); - start_wan_if(WAN_UNIT_SECOND); - } -#endif -#endif // RTCONFIG_DUALWAN - - nvram_set("wanduck_start_detect", "1"); - -#ifdef RTCONFIG_MULTICAST_IPTV - /* Start each configured and enabled wan connection and its undelying i/f */ - if (nvram_get_int("switch_stb_x") > 6) { - for (unit = WAN_UNIT_IPTV; unit < WAN_UNIT_MULTICAST_IPTV_MAX; ++unit) { - _dprintf("%s(IPTV): start_wan_if(%d)!\n", __FUNCTION__, unit); - start_wan_if(unit); - } - } -#endif - -#ifndef RT4GAC68U -#if LINUX_KERNEL_VERSION >= KERNEL_VERSION(2,6,36) - f_write_string("/proc/sys/net/bridge/bridge-nf-call-iptables", "0", 0, 0); - f_write_string("/proc/sys/net/bridge/bridge-nf-call-ip6tables", "0", 0, 0); -#endif -#endif - - /* Report stats */ - if (*nvram_safe_get("stats_server")) { - char *stats_argv[] = { "stats", nvram_safe_get("stats_server"), NULL }; - _eval(stats_argv, NULL, 5, NULL); - } -} - -void -stop_wan(void) -{ - int unit; - - if (nvram_match("wifison_ready", "1")) - { -#ifdef RTCONFIG_WIFI_SON - if (nvram_get("start_wan") == NULL) - return; - nvram_unset("start_wan"); -#else - _dprintf("no wifison feature\n"); -#endif - } - else - { - if (!is_routing_enabled()) - return; - } - -#ifdef RTCONFIG_RALINK - if (module_loaded("hw_nat")) - { -#if defined (RTCONFIG_WLMODULE_MT7615E_AP) - doSystem("iwpriv %s set hw_nat_register=%d", get_wifname(0), 0); -#ifdef RTCONFIG_HAS_5G - doSystem("iwpriv %s set hw_nat_register=%d", get_wifname(1), 0); -#endif -#endif - modprobe_r("hw_nat"); - if (!g_reboot) - sleep(1); - } -#endif - -#ifdef RTCONFIG_IPV6 - stop_wan6(); -#endif - - /* Start each configured and enabled wan connection and its undelying i/f */ - for(unit = WAN_UNIT_FIRST; unit < WAN_UNIT_MAX; ++unit) - stop_wan_if(unit); - -#ifdef HND_ROUTER - if (module_loaded("pptp")) - modprobe_r("pptp"); - - fc_fini(); -#endif - -#if defined(RTCONFIG_PPTPD) || defined(RTCONFIG_ACCEL_PPTPD) - if (nvram_get_int("pptpd_enable")) - stop_pptpd(); -#endif - - /* Remove dynamically created links */ -#ifdef RTCONFIG_EAPOL - unlink("/tmp/wpa_cli"); -#endif - unlink("/tmp/udhcpc"); - unlink("/tmp/zcip"); - unlink("/tmp/ppp/ip-up"); - unlink("/tmp/ppp/ip-down"); - unlink("/tmp/ppp/ip-pre-up"); -#ifdef RTCONFIG_IPV6 - unlink("/tmp/ppp/ipv6-up"); - unlink("/tmp/ppp/ipv6-down"); - unlink("/tmp/dhcp6c"); -#endif - unlink("/tmp/ppp/auth-fail"); -#ifdef RTCONFIG_VPNC - unlink("/tmp/ppp/vpnc-ip-up"); - unlink("/tmp/ppp/vpnc-ip-down"); - unlink("/tmp/ppp/vpnc-ip-pre-up"); - unlink("/tmp/ppp/vpnc-auth-fail"); -#endif - rmdir("/tmp/ppp"); - -#ifdef RTCONFIG_BCM9 - /* Clean up all ipct entry */ - if (!nvram_match("ctf_disable", "1") && !nvram_match("ctf_clean_disable", "1")) - ctf_entry_cleanup(); -#endif -} - -void convert_wan_nvram(char *prefix, int unit) -{ -#ifdef RTCONFIG_DUALWAN - int mac_clone = 0; -#endif - char tmp[100]; - char macbuf[32]; -#if defined(CONFIG_BCMWL5) && defined(RTCONFIG_RGMII_BRCM5301X) - char hwaddr_5g[18]; -#endif - - _dprintf("%s(%s)\n", __FUNCTION__, prefix); - - // setup hwaddr - strcpy(macbuf, nvram_safe_get(strcat_r(prefix, "hwaddr_x", tmp))); - if (strlen(macbuf)!=0 && strcasecmp(macbuf, "FF:FF:FF:FF:FF:FF")) { -#ifdef RTCONFIG_DUALWAN - mac_clone = 1; -#endif - nvram_set(strcat_r(prefix, "hwaddr", tmp), macbuf); - logmessage("wan", "mac clone: [%s] == [%s]\n", tmp, macbuf); - } -#ifdef CONFIG_BCMWL5 -#ifdef RTCONFIG_RGMII_BRCM5301X - else{ - /* QTN */ - if(strcmp(prefix, "wan1_") == 0) { - strcpy(hwaddr_5g, get_wan_hwaddr()); - inc_mac(hwaddr_5g, 7); - nvram_set(strcat_r(prefix, "hwaddr", tmp), hwaddr_5g); - logmessage("wan", "[%s] == [%s]\n", tmp, hwaddr_5g); - } else { - nvram_set(strcat_r(prefix, "hwaddr", tmp), nvram_safe_get("lan_hwaddr")); - logmessage("wan", "[%s] == [%s]\n", tmp, nvram_safe_get("lan_hwaddr")); - } - } -#else - else nvram_set(strcat_r(prefix, "hwaddr", tmp), nvram_safe_get("et0macaddr")); -#endif /* RTCONFIG_RGMII_BRCM5301X */ -#else - else nvram_set(strcat_r(prefix, "hwaddr", tmp), get_wan_hwaddr()); -#endif /* CONFIG_BCMWL5 */ - -#if defined(RTCONFIG_DUALWAN) - if (!mac_clone && unit > 0) { - unsigned char eabuf[ETHER_ADDR_LEN]; - char macaddr[32]; - - /* Don't use same MAC address on all WANx interfaces. */ - ether_atoe(nvram_safe_get(strcat_r(prefix, "hwaddr", tmp)), eabuf); - eabuf[ETHER_ADDR_LEN - 1] += unit; - ether_etoa(eabuf, macaddr); - nvram_set(strcat_r(prefix, "hwaddr", tmp), macaddr); - } -#endif - -#if defined(RTCONFIG_MULTISERVICE_WAN) && defined(RTCONFIG_DUALWAN) - if (!mac_clone) { - int base_unit = get_ms_base_unit(unit); - int ms_idx = get_ms_idx_by_wan_unit(unit); - unsigned char eabuf[ETHER_ADDR_LEN] = {0}; -#ifdef DSL_AX82U - if (is_ax5400_i1()) { - if (get_dualwan_by_unit(base_unit) == WANS_DUALWAN_IF_WAN) - ether_atoe(nvram_safe_get("wl1_hwaddr"), eabuf); - else - ether_atoe(nvram_safe_get("wl0_hwaddr"), eabuf); - } - else -#endif - { - if (base_unit) - ether_atoe(nvram_safe_get("wl1_hwaddr"), eabuf); - else - ether_atoe(nvram_safe_get("wl0_hwaddr"), eabuf); - } - ether_inc(eabuf, ms_idx); - ether_etoa(eabuf, macbuf); - nvram_set(strcat_r(prefix, "hwaddr", tmp), macbuf); - } -#endif - -#ifdef RTCONFIG_MULTICAST_IPTV - if (nvram_get_int("switch_stb_x") > 6 && - unit > 9) { - unsigned char ea[6]; - ether_atoe(get_wan_hwaddr(), ea); - ea[5] = (ea[5] & 0xf0) | ((ea[5] + unit - 9) & 0x0f); - ether_etoa(ea, macbuf); - nvram_set(strcat_r(prefix, "hwaddr", tmp), macbuf); - } -#endif - // sync proto - if (nvram_match(strcat_r(prefix, "proto", tmp), "static")) - nvram_set_int(strcat_r(prefix, "dhcpenable_x", tmp), 0); - // backlink unit for ppp - nvram_set_int(strcat_r(prefix, "unit", tmp), unit); -} - -void dumparptable() -{ - char buf[256]; - char ip_entry[32], hw_type[8], flags[8], hw_address[32], mask[32], device[8]; - char macbuf[32]; - - FILE *fp = fopen("/proc/net/arp", "r"); - if (!fp) { - fprintf(stderr, "no proc fs mounted!\n"); - return; - } - - mac_num = 0; - - while (fgets(buf, 256, fp) && (mac_num < MAX_MAC_NUM - 2)) { - sscanf(buf, "%s %s %s %s %s %s", ip_entry, hw_type, flags, hw_address, mask, device); - - if (!strcmp(device, "br0") && strlen(hw_address)!=0) - { - strcpy(mac_clone[mac_num++], hw_address); - } - } - fclose(fp); - - strcpy(macbuf, nvram_safe_get("wan0_hwaddr_x")); - - // try pre-set mac - if (strlen(macbuf)!=0 && strcasecmp(macbuf, "FF:FF:FF:FF:FF:FF")) - strcpy(mac_clone[mac_num++], macbuf); - - // try original mac - strcpy(mac_clone[mac_num++], get_lan_hwaddr()); - - if (mac_num) - { - fprintf(stderr, "num of mac: %d\n", mac_num); - int i; - for (i = 0; i < mac_num; i++) - fprintf(stderr, "mac to clone: %s\n", mac_clone[i]); - } -} - -#ifdef RTCONFIG_QCA_PLC_UTILS -int autodet_plc_main(int argc, char *argv[]){ - int cnt; - cnt = get_connected_plc(NULL); - nvram_set_int("autodet_plc_state" , cnt); - - return 0; -} -#endif - -int autodet_main(int argc, char *argv[]){ - int unit; - char wired_link_nvram[16]; - char prefix2[]="autodetXXXXXX_", tmp2[100]; - int status; -#ifdef RTCONFIG_ALPINE - int i; -#endif -#if 0 - char hwaddr_x[32]; -#endif - - if(nvram_get_int("autodet_proceeding")) - return 0; - - nvram_set("autodet_proceeding", "1");//Cherry Cho added for httpd checking in 2016/4/22. - - f_write_string("/tmp/detect_wrong.log", "", 0, 0); - - for(unit = WAN_UNIT_FIRST; unit < WAN_UNIT_MAX; ++unit){ - if(!eth_wantype(unit)) - continue; - - link_wan_nvname(unit, wired_link_nvram, sizeof(wired_link_nvram)); - if(unit == WAN_UNIT_FIRST) - snprintf(prefix2, sizeof(prefix2), "autodet_"); - else - snprintf(prefix2, sizeof(prefix2), "autodet%d_", unit); - - //if(!get_wanports_status(unit)) - if(!nvram_get_int(wired_link_nvram)) - { - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_NOLINK); - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_OK); - continue; - } - - if(nvram_get_int(strcat_r(prefix2, "state", tmp2)) == AUTODET_STATE_FINISHED_WITHPPPOE - || nvram_get_int(strcat_r(prefix2, "auxstate", tmp2)) == AUTODET_STATE_FINISHED_WITHPPPOE){ - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_OK); - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_WITHPPPOE); - continue; - } - - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_INITIALIZING); - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_INITIALIZING); - -#if 0 - // it shouldnot happen, because it is only called in default mode - if(!nvram_match(strcat_r(prefix, "proto", tmp), "dhcp")){ - status = discover_all(unit); - if(status == -1) - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_NOLINK); - else if(status == 2) - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_WITHPPPOE); - else - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_OK); - - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_NODHCP); - continue; - } - - if(get_wan_state(unit) == WAN_STATE_CONNECTED){ - i = nvram_get_int(strcat_r(prefix, "lease", tmp)); - - if(i < 60 && is_private_subnet(strcat_r(prefix, "ipaddr", tmp))){ - sleep(i); - } - //else{ - // nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_OK); - // continue; - //} - } -#endif - - status = discover_all(unit); - - if(get_wan_state(unit) == WAN_STATE_CONNECTED){ - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_OK); - if(status < 0) - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_FAIL); - else if(status == 2) - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_WITHPPPOE); - else - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_OK); - } - else if(status < 0){ - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_FAIL); - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_FAIL); - } - else if(status == 2){ - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_WITHPPPOE); - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_OK); - } -#if 0 - else if(is_ip_conflict(unit)){ - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_OK); - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_OK); - continue; - } -#endif - else{ - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_OK); - nvram_set_int(strcat_r(prefix2, "auxstate", tmp2), AUTODET_STATE_FINISHED_OK); - } - -// remove the Auto MAC clone from the decision on 2018/4/11. -#if 0 - dumparptable(); - - // backup hwaddr_x - strcpy(hwaddr_x, nvram_safe_get(strcat_r(prefix, "hwaddr_x", tmp))); - //nvram_set(strcat_r(prefix, "hwaddr_x", tmp), ""); - - int waitsec = nvram_get_int(strcat_r(prefix2, "waitsec", tmp2)); - -#define DEF_CLONE_WAITSEC 10 - if(waitsec <= 0) - waitsec = DEF_CLONE_WAITSEC; - - i = 0; - while(i < mac_num && (!is_wan_connect(unit) && !is_ip_conflict(unit))){ - if(!(nvram_match("wl0_country_code", "SG")) && - strncmp(nvram_safe_get("territory_code"), "SG", 2) != 0){ // Singpore do not auto clone - _dprintf("try clone %s\n", mac_clone[i]); - nvram_set(strcat_r(prefix, "hwaddr_x", tmp), mac_clone[i]); - } - char buf[32]; - snprintf(buf, sizeof(buf), "restart_wan_if %d", unit); - notify_rc_and_wait(buf); - _dprintf("%s: wait a IP during %d seconds...\n", __FUNCTION__, waitsec); - int count = 0; - while(count < waitsec && (!is_wan_connect(unit) && !is_ip_conflict(unit))){ - sleep(1); - - ++count; - } - ++i; - } - - if(i == mac_num){ - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_FAIL); - // restore hwaddr_x - nvram_set(strcat_r(prefix, "hwaddr_x", tmp), hwaddr_x); - } - else if(i == mac_num-1){ // OK in original mac - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_OK); - } - else{ // OK in cloned mac - nvram_set_int(strcat_r(prefix2, "state", tmp2), AUTODET_STATE_FINISHED_OK); - } - nvram_commit(); -#endif - } - -#ifdef RTCONFIG_ALPINE - // detect 10G - const char *intf_10g[] = {"eth0", "eth2", NULL}; - - for(i = 0; intf_10g[i] != NULL; ++i){ - snprintf(prefix, sizeof(prefix), "link_10G%d", i+1); - if(nvram_get_int(prefix) != 1){ - nvram_set_int(strcat_r(prefix, "_state", tmp), AUTODET_STATE_FINISHED_NOLINK); - continue; - } - - status = discover_interface(intf_10g[i], 0); - if(status == -1) - nvram_set_int(strcat_r(prefix, "_state", tmp), AUTODET_STATE_FINISHED_NOLINK); - else if(status == 2) - nvram_set_int(strcat_r(prefix, "_state", tmp), AUTODET_STATE_FINISHED_WITHPPPOE); - else - nvram_set_int(strcat_r(prefix, "_state", tmp), AUTODET_STATE_FINISHED_OK); - } -#endif - - nvram_set("autodet_proceeding", "0");//Cherry Cho added for httpd checking in 2016/4/22. - - return 0; -} - -#ifdef RTCONFIG_DETWAN -#define RETRY_COUNT 3 -#define MAX_DETWAN 4 - -int string_remove(char *string, const char *match) -{ - char *p; - int len; - if(string == NULL || match == NULL) - return 0; - if((p = strstr(string, match)) == NULL) - return 0; - - len = strlen(match); - while(isspace(*(p+len))) - len++; - memmove(p, p + len, strlen(p)+1 - len); //including '\0' - return 1; -} - -int string_add(char *string, const char *match, int at_head) -{ - char *p; - int len; - if(string == NULL || match == NULL) - return 0; - if(strstr(string, match) != NULL) - return 0; - - len = strlen(match); - if(at_head) { - memmove(string+len+1, string, strlen(string)+1); - memcpy(string, match, len); - string[len] = ' '; - } else { - p = string + strlen(string); - sprintf(p, " %s", match); - } - return 1; -} - -void detwan_set_net_block(int add) -{ - char *block_dhcp_argv[] = {"ebtables", "-A", "FORWARD", "-p", "IPV4", "--ip-protocol", "UDP", "--ip-dport", "67", "-j", "DROP", NULL}; - char *block_nonarp_argv[] = {"ebtables", "-A", "FORWARD", "-d", "Broadcast", "-p", "!", "ARP", "-i", "eth+", "-j", "DROP", NULL}; - - if(add == 0) - { - block_dhcp_argv[1] = "-D"; - block_nonarp_argv[1] = "-D"; - } - - _eval(block_dhcp_argv, NULL, 0, NULL); - _eval(block_nonarp_argv, NULL, 0, NULL); -} - -void detwan_apply_wan(const char *wan_ifname, unsigned int wan_mask, unsigned int lan_mask) -{ - char lan[128]; - int max_inf; - int modify = 0; - - max_inf = nvram_get_int("detwan_max"); - if(max_inf <= 0) - return; - - if(nvram_match("detwan_apply", "yes")) - { - int retry = 20; - while(retry-- > 0 && nvram_safe_get("rc_service")[0] != '\0') - { - sleep(1); - } - if(retry == 0) - { - logmessage(__func__, "1: SKIP"); - return; //skip this result - } - } - { - int idx; - char var_name[32]; - char ifname[32]; - - strcpy(lan, nvram_safe_get("lan_ifnames")); - for(idx = 0; idx < max_inf; idx++) { - snprintf(var_name, sizeof(var_name), "detwan_name_%d", idx); - snprintf(ifname, sizeof(ifname), "%s", nvram_safe_get(var_name)); - if(strlen(ifname) <= 0) - break; - - if(strcmp(ifname, wan_ifname) == 0) { - if(string_remove(lan, ifname)) { - modify++; - eval("brctl", "delif", "br0", ifname); - eval("ifconfig", ifname, "down"); - eval("ifconfig", ifname, "hw", "ether", get_wan_hwaddr()); - eval("ifconfig", ifname, "up"); - } - } else { - if(string_add(lan, ifname, 1)) { - modify++; - eval("ifconfig", ifname, "down"); - eval("ifconfig", ifname, "hw", "ether", get_lan_hwaddr()); - eval("ifconfig", ifname, "0.0.0.0"); - eval("brctl", "addif", "br0", ifname); - eval("ifconfig", ifname, "up"); - } - } - } - } - - logmessage(__func__, "2: wan(%s) lan(%s) modify(%d)\n", wan_ifname, lan, modify); - - if(modify == 0 && nvram_match("wan0_ifname", wan_ifname)) - return; // skip, when the same interface - - nvram_set_int("wanports_mask", wan_mask); - nvram_set_int("lanports_mask", lan_mask); - nvram_set_int("detwan_wan_mask", wan_mask); - nvram_set_int("detwan_lan_mask", lan_mask); - nvram_set("lan_ifnames", lan); - nvram_set("wan_ifnames", wan_ifname); - nvram_set("wan0_ifname", wan_ifname); - nvram_set("detwan_ifname", wan_ifname); - nvram_set("wan0_gw_ifname", wan_ifname); - nvram_commit(); - - if(nvram_match("detwan_apply", "yes")) - { - int retry = RETRY_COUNT; - char buf[32]; - snprintf(buf, sizeof(buf), "restart_wan_if %d", 0); - while(retry-- > 0 && notify_rc_and_wait(buf) != 0); - logmessage(__func__, "3: 'restart_wan_if 0' finish\n"); - } -} - -int detwan_allmask(void) -{ - char var_name[32]; - int allmask; - int idx, max_inf; - int value; - - max_inf = nvram_get_int("detwan_max"); - allmask = 0; - - for(idx = 0; idx < max_inf; idx++){ - snprintf(var_name, sizeof(var_name), "detwan_mask_%d", idx); - if((value = nvram_get_int(var_name)) != 0) - allmask |= value; - else - break; - } - - return allmask; -} - -int detwan_check(char *ifname, unsigned int *wan_mask) -{ - int idx; - int max_inf; - int state = -1; - char var_name[32]; - char var_value[PATH_MAX]; - char wan0_ifname[32]; - int value; - int phy; - int inf_count; - char inf_names_buf[MAX_DETWAN][32]; - char *inf_names[MAX_DETWAN]; - int inf_mask[MAX_DETWAN]; - int got_inf; - - if(ifname == NULL || wan_mask == NULL) - return -1; - - max_inf = nvram_get_int("detwan_max"); - strncpy(wan0_ifname, nvram_safe_get("wan0_ifname"), sizeof(wan0_ifname)-1); - wan0_ifname[sizeof(wan0_ifname)-1] = '\0'; - - logmessage(__func__, "0: max_inf(%d) wan0_ifname(%s)\n", max_inf, wan0_ifname); - inf_count = 0; - got_inf = -1; - for(idx = 0; idx < max_inf; idx++){ - snprintf(var_name, sizeof(var_name), "detwan_mask_%d", idx); - if((value = nvram_get_int(var_name)) != 0) { - phy = get_ports_status((unsigned int)value); - snprintf(var_name, sizeof(var_name), "detwan_name_%d", idx); - snprintf(var_value, sizeof(var_value), "%s", nvram_safe_get(var_name)); - -// if(wan0_ifname == NULL || wan0_ifname[0] == '\0') - { //No WAN - if(phy > 0 && inf_count < MAX_DETWAN && strlen(var_value) > 0) { - strncpy(inf_names_buf[inf_count], var_value, sizeof(inf_names_buf[0])-1); - inf_names_buf[inf_count][sizeof(inf_names_buf[0])-1] = '\0'; - inf_names[inf_count] = inf_names_buf[inf_count]; - inf_mask[inf_count] = value; - inf_count++; - } - } -#if 0 - else - { - if(strlen(var_value) > 0 && strcmp(wan0_ifname, var_value) == 0) - { //Is WAN - } - else if(strlen(var_value) > 0) - { //Not WAN - } - } -#endif - } - } - if(inf_count) { - time_t now; - extern int discover_interfaces(int num, const char **current_wan_ifnames, int dhcp_det, int *got_inf); - state = discover_interfaces(inf_count, (const char **) inf_names, nvram_match("wan0_proto", "dhcp"), &got_inf); - now = time(NULL); - logmessage(__func__, "1: wan0_ifname(%s) inf_count(%d) state(%d) got_inf(%d) %s", wan0_ifname, inf_count, state, got_inf, ctime(&now)); - - if(state <= 0 && inf_count == 1) //set to the only phy with cable - { - state = 0; - got_inf = 0; - } - nvram_set_int("detwan_proto", state); - if(got_inf < 0 || got_inf >= inf_count) { - nvram_unset("detwan_phy"); - ifname[0] = '\0'; - *wan_mask = 0; - } - else { - nvram_set("detwan_phy", inf_names[got_inf]); - strcpy(ifname, inf_names[got_inf]); - *wan_mask = inf_mask[got_inf]; - } - } - else { - time_t now = time(NULL); - logmessage(__func__, "2: NO phy is linked %s", ctime(&now)); - nvram_set_int("detwan_proto", -1); - nvram_unset("detwan_phy"); - ifname[0] = '\0'; - *wan_mask = 0; - } - return state; -} - -static void detwan_preinit(void) -{ - char lan[128]; - char defwan[32]; - - strcpy(defwan, nvram_safe_get("wan0_ifname")); - - nvram_unset("wan0_gw_ifname"); - nvram_unset("wan0_ifname"); - nvram_unset("detwan_phy"); - nvram_unset("detwan_ifname"); - nvram_unset("wan_ifnames"); - strcpy(lan, nvram_safe_get("lan_ifnames")); - if (string_add(lan, defwan, 1)) - nvram_set("lan_ifnames", lan); - - stop_wanduck(); - // Only MAP-AC2200 && MAC-AC1300 support DETWAN - // following configs are same in both products - nvram_set("detwan_proto", "-1"); - nvram_set("wanports_mask", "0"); - nvram_set("lanports_mask", "48"); - nvram_set("detwan_max", "2"); - nvram_set("detwan_name_0", "eth0"); - nvram_set("detwan_mask_0", "32"); - nvram_set("detwan_name_1", "eth1"); - nvram_set("detwan_mask_1", "16"); - - ifconfig(defwan, 0, NULL, NULL); - eval("ifconfig", defwan, "hw", "ether", get_lan_hwaddr()); - ifconfig(defwan, IFUP | IFF_ALLMULTI, "0.0.0.0", NULL); - eval("brctl", "addif", nvram_safe_get("lan_ifname"), defwan); - start_wanduck(); -} - -extern void set_defwan(char *wan, char *wanmask, char *lanmask); -static void detwan_reset(void) -{ - char lan[128]; - char *defwan; - -#if defined(MAPAC1300) - defwan = "eth1"; - set_defwan(defwan, "16", "32"); -#elif defined(MAPAC2200) - defwan = "eth0"; - set_defwan(defwan, "32", "16"); -#else -#error are you DETWAN product? -#endif - strcpy(lan, nvram_safe_get("lan_ifnames")); - if (string_remove(lan, defwan)) - nvram_set("lan_ifnames", lan); - - stop_wanduck(); - - nvram_unset("detwan_proto"); - nvram_unset("detwan_max"); - nvram_unset("detwan_name_0"); - nvram_unset("detwan_mask_0"); - nvram_unset("detwan_name_1"); - nvram_unset("detwan_mask_1"); - - ifconfig(defwan, 0, NULL, NULL); - eval("ifconfig", defwan, "hw", "ether", get_wan_hwaddr()); - ifconfig(defwan, IFUP | IFF_ALLMULTI, "0.0.0.0", NULL); - eval("brctl", "delif", nvram_safe_get("lan_ifname"), defwan); - eval("killall", "-SIGUSR2", "udhcpc"); - sleep(1); - eval("killall", "-SIGUSR1", "udhcpc"); - start_wanduck(); -} - -int detwan_main(int argc, char *argv[]){ - int max_inf; - unsigned int allmask; - int state = -1; - int sw_mode; - char ifname[32]; - unsigned int wan_mask; - - sw_mode = nvram_get_int("sw_mode"); - - if (sw_mode != SW_MODE_ROUTER) - return -1; - - if (argc >=2) { - if (strncmp(argv[1], "init", 4) == 0) - detwan_preinit(); - else if (strncmp(argv[1], "reset", 5) == 0) - detwan_reset(); - return 0; - } - - allmask = detwan_allmask(); - - logmessage(__func__, "0: sw_mode(%d) wan0_ifname(%s) allmask(%08x)", sw_mode, nvram_get("wan0_ifname"), allmask); - if (allmask == 0) - return -1; - - if(nvram_match("detwan_apply", "yes")) - { - int retry = 20; - while(retry-- > 0 && nvram_safe_get("rc_service")[0] != '\0') - { - sleep(1); - } - if(retry <= 0) - { - logmessage(__func__, "1: rc_service(%s) block !!", nvram_safe_get("rc_service")); - return -1; - } - } - - state = detwan_check(ifname, &wan_mask); - if(state >= 0 && ifname[0] != '\0') { - detwan_apply_wan(ifname, wan_mask, allmask & ~wan_mask); - } - - logmessage(__func__, "9: finish !!"); - return 0; -} -#endif /* RTCONFIG_DETWAN */ - diff --git a/release/src/router/www/Advanced_VPN_OpenVPN.asp b/release/src/router/www/Advanced_VPN_OpenVPN.asp index df4ba213044..27c9ff497a6 100644 --- a/release/src/router/www/Advanced_VPN_OpenVPN.asp +++ b/release/src/router/www/Advanced_VPN_OpenVPN.asp @@ -153,6 +153,7 @@ function initial(){ document.getElementById("divSwitchMenu").style.display = ""; } + showopenvpnd_clientlist(); formShowAndHide(vpn_server_enable, "openvpn"); /*Advanced Setting start */ @@ -318,11 +319,9 @@ function formShowAndHide(server_enable, server_type) { if(!email_support) document.getElementById('exportViaEmail').style.display = "none"; - showopenvpnd_clientlist(); update_vpn_client_state(); openvpnd_connected_status(); check_vpn_server_state(); - document.getElementById("divApply").style.display = ""; } else{ document.getElementById("trVPNServerMode").style.display = "none"; @@ -331,9 +330,6 @@ function formShowAndHide(server_enable, server_type) { $('*[data-group="cert_btn"]').hide(); document.getElementById("OpenVPN_setting").style.display = "none"; document.getElementById("divAdvanced").style.display = "none"; - //if(vpn_server_mode != "openvpn") { - // document.getElementById("divApply").style.display = "none"; - //} } } @@ -2007,7 +2003,7 @@ function handle_ipv6_submit_settings(){ -