Import OpenSSL 3.2.0

schwabe · Nov 28, 2023 · 479b1b8 · 479b1b8
1 parent c8a42c1
commit 479b1b8
Show file tree

Hide file tree

Showing 1,070 changed files with 132,050 additions and 27,138 deletions.
diff --git a/Crypto-config-host.mk b/Crypto-config-host.mk
@@ -613,6 +613,7 @@ arm64_clang_asflags := \
 arm64_cflags := \
   -DBSAES_ASM \
   -DECP_NISTZ256_ASM \
+  -DECP_SM2P256_ASM \
   -DKECCAK1600_ASM \
   -DMD5_ASM \
   -DOPENSSL_BN_ASM_MONT \

diff --git a/Crypto-config-target.mk b/Crypto-config-target.mk
@@ -613,6 +613,7 @@ arm64_clang_asflags := \
 arm64_cflags := \
   -DBSAES_ASM \
   -DECP_NISTZ256_ASM \
+  -DECP_SM2P256_ASM \
   -DKECCAK1600_ASM \
   -DMD5_ASM \
   -DOPENSSL_BN_ASM_MONT \

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
@@ -36,6 +36,8 @@ my $CACERT = "cacert.pem";
 my $CACRL = "crl.pem";
 my $DAYS = "-days 365";
 my $CADAYS = "-days 1095";	# 3 years
+my $EXTENSIONS = "-extensions v3_ca";
+my $POLICY = "-policy policy_anything";
 my $NEWKEY = "newkey.pem";
 my $NEWREQ = "newreq.pem";
 my $NEWCERT = "newcert.pem";
@@ -179,7 +181,7 @@ if ($WHAT eq '-newcert' ) {
         $RET = run("$CA -create_serial"
                 . " -out ${CATOP}/$CACERT $CADAYS -batch"
                 . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
-                . " -extensions v3_ca"
+                . " $EXTENSIONS"
                 . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
         print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
     }
@@ -191,19 +193,19 @@ if ($WHAT eq '-newcert' ) {
             . " -export -name \"$cname\" $EXTRA{pkcs12}");
     print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
 } elsif ($WHAT eq '-xsign' ) {
-    $RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
 } elsif ($WHAT eq '-sign' ) {
-    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+    $RET = run("$CA $POLICY -out $NEWCERT"
             . " -infiles $NEWREQ $EXTRA{ca}");
     print "Signed certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-signCA' ) {
-    $RET = run("$CA -policy policy_anything -out $NEWCERT"
-            . " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run("$CA $POLICY -out $NEWCERT"
+            . " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
     print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-signcert' ) {
     $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
             . " -out tmp.pem $EXTRA{x509}");
-    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+    $RET = run("$CA $POLICY -out $NEWCERT"
             .  "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
     print "Signed certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-verify' ) {

diff --git a/apps/asn1parse.c b/apps/asn1parse.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ const OPTIONS asn1parse_options[] = {
     {"oid", OPT_OID, '<', "file of extra oid definitions"},
 
     OPT_SECTION("I/O"),
-    {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
+    {"inform", OPT_INFORM, 'A', "input format - one of DER PEM B64"},
     {"in", OPT_IN, '<', "input file"},
     {"out", OPT_OUT, '>', "output file (output format is always DER)"},
     {"noout", OPT_NOOUT, 0, "do not produce any output"},
@@ -44,7 +44,7 @@ const OPTIONS asn1parse_options[] = {
     {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
     {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
     {"strictpem", OPT_STRICTPEM, 0,
-     "do not attempt base64 decode outside PEM markers"},
+     "equivalent to '-inform pem' (obsolete)"},
     {"item", OPT_ITEM, 's', "item to parse and print"},
     {OPT_MORE_STR, 0, 0, "(-inform  will be ignored)"},
 
@@ -69,7 +69,7 @@ int asn1parse_main(int argc, char **argv)
     unsigned char *str = NULL;
     char *name = NULL, *header = NULL, *prog;
     const unsigned char *ctmpbuf;
-    int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
+    int indent = 0, noout = 0, dump = 0, informat = FORMAT_PEM;
     int offset = 0, ret = 1, i, j;
     long num, tmplen;
     unsigned char *tmpbuf;
@@ -96,7 +96,7 @@ int asn1parse_main(int argc, char **argv)
             ret = 0;
             goto end;
         case OPT_INFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+            if (!opt_format(opt_arg(), OPT_FMT_ASN1, &informat))
                 goto opthelp;
             break;
         case OPT_IN:
@@ -136,7 +136,7 @@ int asn1parse_main(int argc, char **argv)
             genconf = opt_arg();
             break;
         case OPT_STRICTPEM:
-            strictpem = 1;
+            /* accepted for backward compatibility */
             informat = FORMAT_PEM;
             break;
         case OPT_ITEM:
@@ -159,8 +159,7 @@ int asn1parse_main(int argc, char **argv)
     }
 
     /* No extra args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (oidfile != NULL) {
@@ -179,7 +178,7 @@ int asn1parse_main(int argc, char **argv)
 
     if ((buf = BUF_MEM_new()) == NULL)
         goto end;
-    if (strictpem) {
+    if (informat == FORMAT_PEM) {
         if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
             BIO_printf(bio_err, "Error reading PEM file\n");
             ERR_print_errors(bio_err);
@@ -199,7 +198,7 @@ int asn1parse_main(int argc, char **argv)
             }
         } else {
 
-            if (informat == FORMAT_PEM) {
+            if (informat == FORMAT_BASE64) {
                 BIO *tmp;
 
                 if ((b64 = BIO_new(BIO_f_base64())) == NULL)