Revert "deps: delete OpenSSL demos, doc and test folders"

deps/openssl/.gitignore

@@ -1,6 +1,3 @@
-openssl/demos
-openssl/doc
 openssl/fuzz/corpora
 openssl/makefile.in
 openssl/Makefile.in
-openssl/test

deps/openssl/openssl/demos/README.txt

@@ -0,0 +1,50 @@
+OpenSSL Demonstration Applications
+
+This folder contains source code that demonstrates the proper use of the OpenSSL
+library API.
+
+bio:                   Demonstration of a simple TLS client and server
+
+certs:                 Demonstration of creating certs, using OCSP
+
+cipher:
+aesgcm.c               Demonstration of symmetric cipher GCM mode encrypt/decrypt
+aesccm.c               Demonstration of symmetric cipher CCM mode encrypt/decrypt
+ariacbc.c              Demonstration of symmetric cipher CBC mode encrypt/decrypt
+
+cms:
+
+digest:
+EVP_MD_demo.c          Compute a digest from multiple buffers
+EVP_MD_stdin.c         Compute a digest with data read from stdin
+EVP_MD_xof.c           Compute a digest using the SHAKE256 XOF
+EVP_f_md.c             Compute a digest using BIO and EVP_f_md
+
+kdf:
+hkdf.c                 Demonstration of HMAC based key derivation
+pbkdf2.c               Demonstration of PBKDF2 password based key derivation
+scrypt.c               Demonstration of SCRYPT password based key derivation
+
+mac:
+gmac.c                 Demonstration of GMAC message authentication
+poly1305.c             Demonstration of Poly1305-AES message authentication
+siphash.c              Demonstration of SIPHASH message authentication
+
+pkey:
+EVP_PKEY_EC_keygen.c           Generate an EC key.
+EVP_PKEY_RSA_keygen.c          Generate an RSA key.
+EVP_PKEY_DSA_keygen.c          Generate a DSA key.
+EVP_PKEY_DSA_paramgen.c        Generate a DSA param key.
+EVP_PKEY_DSA_paramvalidate.c   Validate a DSA param key.
+EVP_PKEY_DSA_paramfromdata.c   Load a DSA param key using raw data.
+
+smime:
+
+pkcs12:
+pkread.c               Print out a description of a PKCS12 file.
+pkwrite.c              Add a password to an existing PKCS12 file.
+
+signature:
+EVP_Signature_demo.c   Compute and verify a signature from multiple buffers
+rsa_pss_direct.c       Compute and verify an RSA-PSS signature from a hash
+rsa_pss_hash.c         Compute and verify an RSA-PSS signature over a buffer

deps/openssl/openssl/demos/bio/Makefile

@@ -0,0 +1,33 @@
+# Quick instruction:
+# To build against an OpenSSL built in the source tree, do this:
+#
+#    make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
+#
+# To run the demos when linked with a shared library (default):
+#
+#    LD_LIBRARY_PATH=../.. ./server-arg
+#    LD_LIBRARY_PATH=../.. ./server-cmod
+#    LD_LIBRARY_PATH=../.. ./server-conf
+#    LD_LIBRARY_PATH=../.. ./client-arg
+#    LD_LIBRARY_PATH=../.. ./client-conf
+#    LD_LIBRARY_PATH=../.. ./saccept
+#    LD_LIBRARY_PATH=../.. ./sconnect
+
+CFLAGS = $(OPENSSL_INCS_LOCATION)
+LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS)
+
+all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf
+
+client-arg: client-arg.o
+client-conf: client-conf.o
+saccept: saccept.o
+sconnect: sconnect.o
+server-arg: server-arg.o
+server-cmod: server-cmod.o
+server-conf: server-conf.o
+
+client-arg client-conf saccept sconnect server-arg server-cmod server-conf:
+	$(CC) $(CFLAGS) -o $@ $< $(LDFLAGS)
+
+clean:
+	$(RM) *.o client-arg client-conf saccept sconnect server-arg server-cmod server-conf

deps/openssl/openssl/demos/bio/README.txt

@@ -0,0 +1,6 @@
+This directory contains some simple examples of the use of BIO's
+to simplify socket programming.
+
+The client-conf, server-conf, client-arg and client-conf include examples
+of how to use the SSL_CONF API for configuration file or command line
+processing.

deps/openssl/openssl/demos/bio/accept.cnf

@@ -0,0 +1,23 @@
+# Example configuration file
+
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
+# Port to listen on
+Port = 4433
+
+# Disable TLS v1.2 for test.
+# Protocol = ALL, -TLSv1.2
+# Only support 3 curves
+Curves = P-521:P-384:P-256
+
+# Restricted signature algorithms
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
+Certificate=server.pem
+PrivateKey=server.pem
+ChainCAFile=root.pem
+VerifyCAFile=root.pem
+
+# Request certificate
+VerifyMode=Request
+ClientCAFile=root.pem

deps/openssl/openssl/demos/bio/client-arg.c

@@ -0,0 +1,108 @@
+/*
+ * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+int main(int argc, char **argv)
+{
+    BIO *sbio = NULL, *out = NULL;
+    int len;
+    char tmpbuf[1024];
+    SSL_CTX *ctx;
+    SSL_CONF_CTX *cctx;
+    SSL *ssl;
+    char **args = argv + 1;
+    const char *connect_str = "localhost:4433";
+    int nargs = argc - 1;
+
+    ctx = SSL_CTX_new(TLS_client_method());
+    cctx = SSL_CONF_CTX_new();
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
+    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    while (*args && **args == '-') {
+        int rv;
+        /* Parse standard arguments */
+        rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);
+        if (rv == -3) {
+            fprintf(stderr, "Missing argument for %s\n", *args);
+            goto end;
+        }
+        if (rv < 0) {
+            fprintf(stderr, "Error in command %s\n", *args);
+            ERR_print_errors_fp(stderr);
+            goto end;
+        }
+        /* If rv > 0 we processed something so proceed to next arg */
+        if (rv > 0)
+            continue;
+        /* Otherwise application specific argument processing */
+        if (strcmp(*args, "-connect") == 0) {
+            connect_str = args[1];
+            if (connect_str == NULL) {
+                fprintf(stderr, "Missing -connect argument\n");
+                goto end;
+            }
+            args += 2;
+            nargs -= 2;
+            continue;
+        } else {
+            fprintf(stderr, "Unknown argument %s\n", *args);
+            goto end;
+        }
+    }
+
+    if (!SSL_CONF_CTX_finish(cctx)) {
+        fprintf(stderr, "Finish error\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    /*
+     * We'd normally set some stuff like the verify paths and * mode here
+     * because as things stand this will connect to * any server whose
+     * certificate is signed by any CA.
+     */
+
+    sbio = BIO_new_ssl_connect(ctx);
+
+    BIO_get_ssl(sbio, &ssl);
+
+    if (!ssl) {
+        fprintf(stderr, "Can't locate SSL pointer\n");
+        goto end;
+    }
+
+    /* We might want to do other things with ssl here */
+
+    BIO_set_conn_hostname(sbio, connect_str);
+
+    out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    if (BIO_do_connect(sbio) <= 0) {
+        fprintf(stderr, "Error connecting to server\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    /* Could examine ssl here to get connection info */
+
+    BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+    for (;;) {
+        len = BIO_read(sbio, tmpbuf, 1024);
+        if (len <= 0)
+            break;
+        BIO_write(out, tmpbuf, len);
+    }
+ end:
+    SSL_CONF_CTX_free(cctx);
+    BIO_free_all(sbio);
+    BIO_free(out);
+    return 0;
+}

deps/openssl/openssl/demos/bio/client-conf.c

@@ -0,0 +1,117 @@
+/*
+ * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/conf.h>
+
+int main(int argc, char **argv)
+{
+    BIO *sbio = NULL, *out = NULL;
+    int i, len, rv;
+    char tmpbuf[1024];
+    SSL_CTX *ctx = NULL;
+    SSL_CONF_CTX *cctx = NULL;
+    SSL *ssl = NULL;
+    CONF *conf = NULL;
+    STACK_OF(CONF_VALUE) *sect = NULL;
+    CONF_VALUE *cnf;
+    const char *connect_str = "localhost:4433";
+    long errline = -1;
+
+    conf = NCONF_new(NULL);
+
+    if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
+        if (errline <= 0)
+            fprintf(stderr, "Error processing config file\n");
+        else
+            fprintf(stderr, "Error on line %ld\n", errline);
+        goto end;
+    }
+
+    sect = NCONF_get_section(conf, "default");
+
+    if (sect == NULL) {
+        fprintf(stderr, "Error retrieving default section\n");
+        goto end;
+    }
+
+    ctx = SSL_CTX_new(TLS_client_method());
+    cctx = SSL_CONF_CTX_new();
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
+    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
+        cnf = sk_CONF_VALUE_value(sect, i);
+        rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);
+        if (rv > 0)
+            continue;
+        if (rv != -2) {
+            fprintf(stderr, "Error processing %s = %s\n",
+                    cnf->name, cnf->value);
+            ERR_print_errors_fp(stderr);
+            goto end;
+        }
+        if (strcmp(cnf->name, "Connect") == 0) {
+            connect_str = cnf->value;
+        } else {
+            fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
+            goto end;
+        }
+    }
+
+    if (!SSL_CONF_CTX_finish(cctx)) {
+        fprintf(stderr, "Finish error\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    /*
+     * We'd normally set some stuff like the verify paths and * mode here
+     * because as things stand this will connect to * any server whose
+     * certificate is signed by any CA.
+     */
+
+    sbio = BIO_new_ssl_connect(ctx);
+
+    BIO_get_ssl(sbio, &ssl);
+
+    if (!ssl) {
+        fprintf(stderr, "Can't locate SSL pointer\n");
+        goto end;
+    }
+
+    /* We might want to do other things with ssl here */
+
+    BIO_set_conn_hostname(sbio, connect_str);
+
+    out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    if (BIO_do_connect(sbio) <= 0) {
+        fprintf(stderr, "Error connecting to server\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    /* Could examine ssl here to get connection info */
+
+    BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+    for (;;) {
+        len = BIO_read(sbio, tmpbuf, 1024);
+        if (len <= 0)
+            break;
+        BIO_write(out, tmpbuf, len);
+    }
+ end:
+    SSL_CONF_CTX_free(cctx);
+    BIO_free_all(sbio);
+    BIO_free(out);
+    NCONF_free(conf);
+    return 0;
+}

deps/openssl/openssl/demos/bio/cmod.cnf

@@ -0,0 +1,27 @@
+# Example config module configuration
+
+# Name supplied by application to CONF_modules_load_file
+# and section containing configuration
+testapp = test_sect
+
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
+[test_sect]
+# list of configuration modules
+
+# SSL configuration module
+ssl_conf = ssl_sect
+
+[ssl_sect]
+# list of SSL configurations
+server = server_sect
+
+[server_sect]
+# Only support 3 curves
+Curves = P-521:P-384:P-256
+# Restricted signature algorithms
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
+# Certificates and keys
+RSA.Certificate=server.pem
+ECDSA.Certificate=server-ec.pem

deps/openssl/openssl/demos/bio/connect.cnf

@@ -0,0 +1,15 @@
+# Example configuration file
+
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
+# Connects to the default port of s_server
+Connect = localhost:4433
+
+# Disable TLS v1.2 for test.
+# Protocol = ALL, -TLSv1.2
+# Only support 3 curves
+Curves = P-521:P-384:P-256
+
+# Restricted signature algorithms
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512