Update dependency libressl/portable to v3.9.2 (master)

[openvpn-inc-ci]

This PR contains the following updates:

Package	Update	Change
libressl/portable	minor	v3.8.3 -> v3.9.2

---

Release Notes

libressl/portable (libressl/portable)

v3.9.2

Compare Source

Bugfixes

• OpenBSD 7.5 errata 003. A missing bounds check could lead to a crash due to dereferencing a zero-sized allocation.

Full changelog: https://github.com/libressl/portable/blob/master/ChangeLog

v3.9.1

Compare Source

Portable changes

• Updated tests with expiring certificates
• CET-related build fixes for Windows and macOS targets
• update libtls linker script to include libssl and libcrypto again

Full changelog: https://github.com/libressl/portable/blob/master/ChangeLog

v3.9.0

Compare Source

Portable changes

• libcrypto no longer exports compat symbols in cmake builds.
• Most compatibility symbols are prefixed with libressl_ to avoid
  symbol clashes in static links.
• Fixed various warnings on Windows.
• Removed assert pop-ups with Windows debug builds.
• Fixed crashes and hangs in Windows ARM64 builds.
• Improved control-flow enforcement (CET) support.

Internal improvements

• Converted uses of OBJ_bsearch_() to standard bsearch().
• Greatly simplified by_file_ctrl().
• Simplified and cleaned up the OBJ_ API.
• Cleaned up the EVP_Cipher{Init,Update,Final}() implementations.
• Removed unused function pointers from X.509 stores and contexts.
• A lot of cleanup and reorganization in EVP.
• Removed all remaining ENGINE tentacles.
• Simplified internals of X509_TRUST handling.
• Made deletion from a lhash doall callback safe.
• Rewrote BIO_dump*(3) internals to be less bad.

Documentation improvements

• ENGINE documentation was updated to reflect reality.
• Made EVP API documentation more accurate and less incoherent.
• Call out some shortcomings of the EC_KEY_set_* API explicitly.

Testing and proactive security

• Bug fixes and simplifications in the Wycheproof tests.

Compatibility changes

• Added ChaCha20 and chacha20 aliases for ChaCha.
• SSL_library_init() now has the same effect as OPENSSL_init_ssl().
• EVP_add_{cipher,digest}() were removed. From the OBJ_NAME API,
  only OBJ_NAME_do_all*() remain. In particular, it is no longer
  possible to add aliases for ciphers and digests.
• The thread unsafe global tables are no longer supported. It is no
  longer possible to add aliases for ciphers and digests, custom ASN.1
  strings table entries, ASN.1 methods, PKEY methods, digest methods,
  CRL methods, purpose and trust identifiers, or X.509 extensions.
• Removed the _cb() and _fp() versions of BIO_dump{,_indent}().
• BIO_set() was removed.
• BIO_{sn,v,vsn}printf() were removed.
• Turn the long dysfunctional openssl(1) s_client -pause into a noop.
• openssl(1) x509 now supports -new -force_pubkey, -multivalue-rdn,
  -set_issuer, -set_subject, and -utf8.
• Support ECDSA with SHA-3 signature algorithms.
• Support HMAC with truncated SHA-2 and SHA-3 as PBE PRF.
• GOST and STREEBOG support was removed.
• CRYPTO_THREADID, _LHASH, _STACK, X509_PURPOSE are now opaque,
  X509_CERT_AUX and X509_TRUST were removed from the public API.
• ASN1_STRING_TABLE_get() and X509_PURPOSE_get0*() now return const
  pointers.
• EVP_{CIPHER,MD}_CTX_init()'s signatures and semantics now match
  OpenSSL's behavior.
• sk_find_ex() and OBJ_bsearch_() were removed.
• CRYPTO_malloc() was fixed to use size_t argument. CRYPTO_malloc()
  and CRYPTO_free() now accept file and line arguments.
• A lot of decrepit CRYPTO memory API was removed.

Bug fixes

• Fixed aliasing issues in BN_mod_exp_simple() and BN_mod_exp_recp().
• Fixed numerous misuses of X509_ALGOR_set0() resulting in leaks and
  potentially incorrect encodings.
• Fixed potential double free in X509v3_asid_add_id_or_range().
• Stopped using ASN1_time_parse() outside of libcrypto.
• Prepared OPENSSL_gmtime() and OPENSSL_timegm() as public API
  wrappers of internal functions compatible with BoringSSL API.
• Removed print_bin() to avoid overwriting the stack with 5 bytes
  of ' ' when ECPK parameters are printed with large indentation.
• Avoid a NULL dereference after memory allocation failure during TLS
  version downgrade.
• Fixed various bugs in CMAC internals.
• Fixed 4-byte overreads in GHASH assembly on amd64 and i386.
• Fixed various NULL dereferences in PKCS #​12 code due to mishandling
  of OPTIONAL content in PKCS #​7 ContentInfo.
• Aligned SSL_shutdown() behavior in TLSv1.3 with the legacy stack.
• Fixed the new X.509 verifier to find trust anchors in the trusted
  stack.

Full changelog: https://github.com/libressl/portable/blob/master/ChangeLog

v3.8.4

Compare Source

Portable changes

• Updated tests with expiring certificates
• CET-related build fixes for Windows and macOS targets
• update libtls linker script to include libssl and libcrypto again

Full changelog: https://github.com/libressl/portable/blob/master/ChangeLog

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[Neustradamus]

There is 4.0.0 here:

• Update dependency libressl/portable to v4 (master) #625