OpenSSL 3.1.2 integration

CHANGES.md

@@ -1,3 +1,15 @@
+## AmiSSL 5.10 (1.8.2023)
+
+- Updated OpenSSL backend to full compatibility with the latest
+  OpenSSL 3.1.2 (1.8.2023) version, which includes improvements and
+  fixes for three low severity identified vulnerabilities:
+  + Fix excessive time spent checking DH q parameter value.
+    (CVE-2023-3817)
+  + Fix DH_check() excessive time with over sized modulus.
+    (CVE-2023-3446)
+  + Do not ignore empty associated data entries with AES-SIV.
+    (CVE-2023-2975)
+
 ## AmiSSL 5.9 (30.5.2023)
 
 - Updated OpenSSL backend to full compatibility with the latest

Makefile

@@ -152,7 +152,7 @@ endif
 # none - because we want to compile with -Wall all the time
 
 VERSION=5
-REVISION=9
+REVISION=10
 
 include openssl/VERSION.dat
 VERSIONNAME=$(MAJOR)$(MINOR)$(PATCH)

include/libraries/amisslmaster.h

@@ -56,6 +56,7 @@ enum AmiSSLVersion
   AMISSL_V308,      /* AmiSSL v5.7 */
   AMISSL_V310,      /* AmiSSL v5.8 */
   AMISSL_V311,      /* AmiSSL v5.9 */
+  AMISSL_V312,      /* AmiSSL v5.10 */
 
   /* ADD NEW VERSIONS ABOVE THIS LINE */
   AMISSL_VMAX

include/openssl/configuration.h

@@ -67,9 +67,6 @@ extern "C" {
 # ifndef OPENSSL_NO_DEVCRYPTOENG
 #  define OPENSSL_NO_DEVCRYPTOENG
 # endif
-# ifndef OPENSSL_NO_DSO
-#  define OPENSSL_NO_DSO
-# endif
 # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 #  define OPENSSL_NO_EC_NISTP_64_GCC_128
 # endif

include/openssl/dh.h

@@ -5,7 +5,7 @@
  *
  * This file has been modified for use with AmiSSL for AmigaOS-based systems.
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -104,7 +104,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
 #  include <openssl/dherr.h>
 
 #  ifndef OPENSSL_DH_MAX_MODULUS_BITS
-#   define OPENSSL_DH_MAX_MODULUS_BITS    10000
+#   define OPENSSL_DH_MAX_MODULUS_BITS        10000
+#  endif
+
+#  ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
+#   define OPENSSL_DH_CHECK_MAX_MODULUS_BITS  32768
 #  endif
 
 #  define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024

include/openssl/opensslv.h

@@ -41,7 +41,7 @@ extern "C" {
  */
 # define OPENSSL_VERSION_MAJOR  3
 # define OPENSSL_VERSION_MINOR  1
-# define OPENSSL_VERSION_PATCH  1
+# define OPENSSL_VERSION_PATCH  2
 
 /*
  * Additional version information
@@ -86,21 +86,21 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.1.1"
-# define OPENSSL_FULL_VERSION_STR "3.1.1"
+# define OPENSSL_VERSION_STR "3.1.2"
+# define OPENSSL_FULL_VERSION_STR "3.1.2"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
  *
  * These strings are defined separately to allow them to be parsable.
  */
-# define OPENSSL_RELEASE_DATE "30 May 2023"
+# define OPENSSL_RELEASE_DATE "1 Aug 2023"
 
 /*
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.1 30 May 2023"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.2 1 Aug 2023"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE

include/openssl/x509err.h

@@ -6,7 +6,7 @@
  *
  * This file has been modified for use with AmiSSL for AmigaOS-based systems.
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,6 +42,7 @@
 # define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
 # define X509_R_CRL_ALREADY_DELTA                         127
 # define X509_R_CRL_VERIFY_FAILURE                        131
+# define X509_R_DUPLICATE_ATTRIBUTE                       140
 # define X509_R_ERROR_GETTING_MD_BY_NID                   141
 # define X509_R_ERROR_USING_SIGINF_SET                    142
 # define X509_R_IDP_MISMATCH                              128

src/amisslmaster_library.c

@@ -249,7 +249,8 @@ LIBPROTO(OpenAmiSSL, struct Library *, REG(a6, UNUSED __BASE_OR_IFACE))
     // (https://wiki.openssl.org/index.php/OpenSSL_3.0#Versioning_Scheme) but we must
     // take care to prevent applications requiring newer API functions from loading
     // older libraries that do not contain those required entries
-    if(LibAPIVersion <= AMISSL_V311 && OpenLib(&AmiSSLBase,"311") == NULL)
+    if(LibAPIVersion <= AMISSL_V312 && OpenLib(&AmiSSLBase,"312") == NULL
+                                    && OpenLib(&AmiSSLBase,"311") == NULL)
       if(LibAPIVersion <= AMISSL_V310 && OpenLib(&AmiSSLBase,"310") == NULL)
         if(LibAPIVersion <= AMISSL_V308 && OpenLib(&AmiSSLBase,"308") == NULL)
           if(LibAPIVersion <= AMISSL_V307 && OpenLib(&AmiSSLBase,"307") == NULL