Skip to content

Commit ac73f6b

Browse files
schwabeschwabe
committed
Import OpenSSL 3.0.0alpha1
1 parent d8bb4d9 commit ac73f6b

File tree

1,715 files changed

+162091
-34945
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,715 files changed

+162091
-34945
lines changed

.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
11
openssl-1.*.tar.gz
22
openssl-1.1.*
33
openssl-1.1.*
4+
openssl-3.0.*

Crypto-config-host.mk

+4-5
Original file line numberDiff line numberDiff line change
@@ -641,7 +641,8 @@ arm64_exclude_files := \
641641
x86_clang_asflags :=
642642

643643
x86_cflags := \
644-
-DAESNI_ASM \
644+
-DAES_ASM \
645+
-DDES_ASM \
645646
-DECP_NISTZ256_ASM \
646647
-DGHASH_ASM \
647648
-DMD5_ASM \
@@ -652,8 +653,6 @@ x86_cflags := \
652653
-DOPENSSL_IA32_SSE2 \
653654
-DOPENSSL_PIC \
654655
-DPOLY1305_ASM \
655-
-DRC4_ASM \
656-
-DRMD160_ASM \
657656
-DSHA1_ASM \
658657
-DSHA256_ASM \
659658
-DSHA512_ASM \
@@ -691,7 +690,8 @@ x86_exclude_files := \
691690
x86_64_clang_asflags :=
692691

693692
x86_64_cflags := \
694-
-DAESNI_ASM \
693+
-DAES_ASM \
694+
-DBSAES_ASM \
695695
-DECP_NISTZ256_ASM \
696696
-DGHASH_ASM \
697697
-DKECCAK1600_ASM \
@@ -703,7 +703,6 @@ x86_64_cflags := \
703703
-DOPENSSL_IA32_SSE2 \
704704
-DOPENSSL_PIC \
705705
-DPOLY1305_ASM \
706-
-DRC4_ASM \
707706
-DSHA1_ASM \
708707
-DSHA256_ASM \
709708
-DSHA512_ASM \

Crypto-config-target.mk

+4-5
Original file line numberDiff line numberDiff line change
@@ -641,7 +641,8 @@ arm64_exclude_files := \
641641
x86_clang_asflags :=
642642

643643
x86_cflags := \
644-
-DAESNI_ASM \
644+
-DAES_ASM \
645+
-DDES_ASM \
645646
-DECP_NISTZ256_ASM \
646647
-DGHASH_ASM \
647648
-DMD5_ASM \
@@ -652,8 +653,6 @@ x86_cflags := \
652653
-DOPENSSL_IA32_SSE2 \
653654
-DOPENSSL_PIC \
654655
-DPOLY1305_ASM \
655-
-DRC4_ASM \
656-
-DRMD160_ASM \
657656
-DSHA1_ASM \
658657
-DSHA256_ASM \
659658
-DSHA512_ASM \
@@ -691,7 +690,8 @@ x86_exclude_files := \
691690
x86_64_clang_asflags :=
692691

693692
x86_64_cflags := \
694-
-DAESNI_ASM \
693+
-DAES_ASM \
694+
-DBSAES_ASM \
695695
-DECP_NISTZ256_ASM \
696696
-DGHASH_ASM \
697697
-DKECCAK1600_ASM \
@@ -703,7 +703,6 @@ x86_64_cflags := \
703703
-DOPENSSL_IA32_SSE2 \
704704
-DOPENSSL_PIC \
705705
-DPOLY1305_ASM \
706-
-DRC4_ASM \
707706
-DSHA1_ASM \
708707
-DSHA256_ASM \
709708
-DSHA512_ASM \

NOTICE

+175-123
Large diffs are not rendered by default.

apps/CA.pl.in

+77-57
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
#!{- $config{HASHBANGPERL} -}
2-
# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
2+
# Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
33
#
4-
# Licensed under the OpenSSL license (the "License"). You may not use
4+
# Licensed under the Apache License 2.0 (the "License"). You may not use
55
# this file except in compliance with the License. You can obtain a copy
66
# in the file LICENSE in the source distribution or at
77
# https://www.openssl.org/source/license.html
@@ -14,57 +14,63 @@
1414
use strict;
1515
use warnings;
1616

17-
my $openssl = "openssl";
18-
if(defined $ENV{'OPENSSL'}) {
19-
$openssl = $ENV{'OPENSSL'};
20-
} else {
21-
$ENV{'OPENSSL'} = $openssl;
22-
}
23-
2417
my $verbose = 1;
18+
my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
2519

26-
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
27-
my $DAYS = "-days 365";
28-
my $CADAYS = "-days 1095"; # 3 years
20+
my $openssl = $ENV{'OPENSSL'} // "openssl";
21+
$ENV{'OPENSSL'} = $openssl;
22+
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // "";
23+
24+
# Command invocations.
2925
my $REQ = "$openssl req $OPENSSL_CONFIG";
3026
my $CA = "$openssl ca $OPENSSL_CONFIG";
3127
my $VERIFY = "$openssl verify";
3228
my $X509 = "$openssl x509";
3329
my $PKCS12 = "$openssl pkcs12";
3430

35-
# default openssl.cnf file has setup as per the following
31+
# Default values for various configuration settings.
3632
my $CATOP = "./demoCA";
3733
my $CAKEY = "cakey.pem";
3834
my $CAREQ = "careq.pem";
3935
my $CACERT = "cacert.pem";
4036
my $CACRL = "crl.pem";
41-
my $DIRMODE = 0777;
42-
37+
my $DAYS = "-days 365";
38+
my $CADAYS = "-days 1095"; # 3 years
4339
my $NEWKEY = "newkey.pem";
4440
my $NEWREQ = "newreq.pem";
4541
my $NEWCERT = "newcert.pem";
4642
my $NEWP12 = "newcert.p12";
47-
my $RET = 0;
43+
44+
# Commandline parsing
45+
my %EXTRA;
4846
my $WHAT = shift @ARGV || "";
49-
my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
50-
my %EXTRA = extra_args(\@ARGV, "-extra-");
51-
my $FILE;
52-
53-
sub extra_args {
54-
my ($args_ref, $arg_prefix) = @_;
55-
my %eargs = map {
56-
if ($_ < $#$args_ref) {
57-
my ($arg, $value) = splice(@$args_ref, $_, 2);
58-
$arg =~ s/$arg_prefix//;
59-
($arg, $value);
60-
} else {
61-
();
62-
}
63-
} reverse grep($$args_ref[$_] =~ /$arg_prefix/, 0..$#$args_ref);
64-
my %empty = map { ($_, "") } @OPENSSL_CMDS;
65-
return (%empty, %eargs);
47+
@ARGV = parse_extra(@ARGV);
48+
my $RET = 0;
49+
50+
# Split out "-extra-CMD value", and return new |@ARGV|. Fill in
51+
# |EXTRA{CMD}| with list of values.
52+
sub parse_extra
53+
{
54+
foreach ( @OPENSSL_CMDS ) {
55+
$EXTRA{$_} = '';
56+
}
57+
58+
my @result;
59+
while ( scalar(@_) > 0 ) {
60+
my $arg = shift;
61+
if ( $arg !~ m/-extra-([a-z0-9]+)/ ) {
62+
push @result, $arg;
63+
next;
64+
}
65+
$arg =~ s/-extra-//;
66+
die("Unknown \"-${arg}-extra\" option, exiting")
67+
unless scalar grep { $arg eq $_ } @OPENSSL_CMDS;
68+
$EXTRA{$arg} .= " " . shift;
69+
}
70+
return @result;
6671
}
6772

73+
6874
# See if reason for a CRL entry is valid; exit if not.
6975
sub crl_reason_ok
7076
{
@@ -113,83 +119,97 @@ sub run
113119

114120

115121
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
116-
print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
117-
print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
118-
print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n";
119-
print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
122+
print STDERR <<EOF;
123+
Usage:
124+
CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd parameter]
125+
CA.pl -pkcs12 [-extra-pkcs12 parameter] [certname]
126+
CA.pl -verify [-extra-verify parameter] certfile ...
127+
CA.pl -revoke [-extra-ca parameter] certfile [reason]
128+
EOF
120129
exit 0;
121130
}
131+
122132
if ($WHAT eq '-newcert' ) {
123133
# create a certificate
124-
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS $EXTRA{req}");
134+
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"
135+
. " $EXTRA{req}");
125136
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
126137
} elsif ($WHAT eq '-precert' ) {
127138
# create a pre-certificate
128-
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS");
139+
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"
140+
. " $EXTRA{req}");
129141
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
130142
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
131143
# create a certificate request
132144
$RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
133145
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
134146
} elsif ($WHAT eq '-newca' ) {
135147
# create the directory hierarchy
136-
mkdir ${CATOP}, $DIRMODE;
137-
mkdir "${CATOP}/certs", $DIRMODE;
138-
mkdir "${CATOP}/crl", $DIRMODE ;
139-
mkdir "${CATOP}/newcerts", $DIRMODE;
140-
mkdir "${CATOP}/private", $DIRMODE;
148+
my @dirs = ( "${CATOP}", "${CATOP}/certs", "${CATOP}/crl",
149+
"${CATOP}/newcerts", "${CATOP}/private" );
150+
die "${CATOP}/index.txt exists.\nRemove old sub-tree to proceed,"
151+
if -f "${CATOP}/index.txt";
152+
die "${CATOP}/serial exists.\nRemove old sub-tree to proceed,"
153+
if -f "${CATOP}/serial";
154+
foreach my $d ( @dirs ) {
155+
if ( -d $d ) {
156+
warn "Directory $d exists" if -d $d;
157+
} else {
158+
mkdir $d or die "Can't mkdir $d, $!";
159+
}
160+
}
161+
141162
open OUT, ">${CATOP}/index.txt";
142163
close OUT;
143164
open OUT, ">${CATOP}/crlnumber";
144165
print OUT "01\n";
145166
close OUT;
146167
# ask user for existing CA certificate
147168
print "CA certificate filename (or enter to create)\n";
169+
my $FILE;
148170
$FILE = "" unless defined($FILE = <STDIN>);
149171
$FILE =~ s{\R$}{};
150172
if ($FILE ne "") {
151173
copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
152174
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
153175
} else {
154176
print "Making CA certificate ...\n";
155-
$RET = run("$REQ -new -keyout"
156-
. " ${CATOP}/private/$CAKEY"
177+
$RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY"
157178
. " -out ${CATOP}/$CAREQ $EXTRA{req}");
158179
$RET = run("$CA -create_serial"
159180
. " -out ${CATOP}/$CACERT $CADAYS -batch"
160181
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
161-
. " -extensions v3_ca $EXTRA{ca}"
162-
. " -infiles ${CATOP}/$CAREQ") if $RET == 0;
182+
. " -extensions v3_ca"
183+
. " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
163184
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
164185
}
165186
} elsif ($WHAT eq '-pkcs12' ) {
166187
my $cname = $ARGV[0];
167188
$cname = "My Certificate" unless defined $cname;
168189
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
169-
. " -certfile ${CATOP}/$CACERT"
170-
. " -out $NEWP12"
190+
. " -certfile ${CATOP}/$CACERT -out $NEWP12"
171191
. " -export -name \"$cname\" $EXTRA{pkcs12}");
172192
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
173193
} elsif ($WHAT eq '-xsign' ) {
174-
$RET = run("$CA -policy policy_anything $EXTRA{ca} -infiles $NEWREQ");
194+
$RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}");
175195
} elsif ($WHAT eq '-sign' ) {
176-
$RET = run("$CA -policy policy_anything -out $NEWCERT $EXTRA{ca} -infiles $NEWREQ");
196+
$RET = run("$CA -policy policy_anything -out $NEWCERT"
197+
. " -infiles $NEWREQ $EXTRA{ca}");
177198
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
178199
} elsif ($WHAT eq '-signCA' ) {
179200
$RET = run("$CA -policy policy_anything -out $NEWCERT"
180-
. " -extensions v3_ca $EXTRA{ca} -infiles $NEWREQ");
201+
. " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}");
181202
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
182203
} elsif ($WHAT eq '-signcert' ) {
183204
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
184205
. " -out tmp.pem $EXTRA{x509}");
185206
$RET = run("$CA -policy policy_anything -out $NEWCERT"
186-
. "$EXTRA{ca} -infiles tmp.pem") if $RET == 0;
207+
. "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
187208
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
188209
} elsif ($WHAT eq '-verify' ) {
189210
my @files = @ARGV ? @ARGV : ( $NEWCERT );
190-
my $file;
191-
foreach $file (@files) {
192-
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
211+
foreach my $file (@files) {
212+
my $status = run("$VERIFY -CAfile ${CATOP}/$CACERT $file $EXTRA{verify}");
193213
$RET = $status if $status != 0;
194214
}
195215
} elsif ($WHAT eq '-crl' ) {

apps/asn1pars.c

+14-9
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/*
2-
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
33
*
4-
* Licensed under the OpenSSL license (the "License"). You may not use
4+
* Licensed under the Apache License 2.0 (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
66
* in the file LICENSE in the source distribution or at
77
* https://www.openssl.org/source/license.html
@@ -27,27 +27,32 @@ typedef enum OPTION_choice {
2727
} OPTION_CHOICE;
2828

2929
const OPTIONS asn1parse_options[] = {
30+
OPT_SECTION("General"),
3031
{"help", OPT_HELP, '-', "Display this summary"},
32+
{"oid", OPT_OID, '<', "file of extra oid definitions"},
33+
34+
OPT_SECTION("I/O"),
3135
{"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
3236
{"in", OPT_IN, '<', "input file"},
3337
{"out", OPT_OUT, '>', "output file (output format is always DER)"},
34-
{"i", OPT_INDENT, 0, "indents the output"},
3538
{"noout", OPT_NOOUT, 0, "do not produce any output"},
3639
{"offset", OPT_OFFSET, 'p', "offset into file"},
3740
{"length", OPT_LENGTH, 'p', "length of section in file"},
38-
{"oid", OPT_OID, '<', "file of extra oid definitions"},
39-
{"dump", OPT_DUMP, 0, "unknown data in hex form"},
40-
{"dlimit", OPT_DLIMIT, 'p',
41-
"dump the first arg bytes of unknown data in hex form"},
4241
{"strparse", OPT_STRPARSE, 'p',
4342
"offset; a series of these can be used to 'dig'"},
44-
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
4543
{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
44+
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
4645
{"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
47-
{OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
4846
{"strictpem", OPT_STRICTPEM, 0,
4947
"do not attempt base64 decode outside PEM markers"},
5048
{"item", OPT_ITEM, 's', "item to parse and print"},
49+
{OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
50+
51+
OPT_SECTION("Formatting"),
52+
{"i", OPT_INDENT, 0, "indents the output"},
53+
{"dump", OPT_DUMP, 0, "unknown data in hex form"},
54+
{"dlimit", OPT_DLIMIT, 'p',
55+
"dump the first arg bytes of unknown data in hex form"},
5156
{NULL}
5257
};
5358

0 commit comments

Comments
 (0)