OpenSSL 3.2.1 integration

CHANGES.md

@@ -1,3 +1,17 @@
+## AmiSSL 5.14 (30.1.2024)
+
+- Updated OpenSSL backend to full compatibility with the latest
+  OpenSSL 3.2.1 (30.1.2024) version which includes fixes for these
+  low severity vulnerabilities:
+  + Fixed PKCS12 decoding crashes.
+    (CVE-2024-0727)
+  + Fixed excessive time spent checking invalid RSA public keys.
+    (CVE-2023-6237)
+  + Fixed excessive time spent in DH check / generation with large Q
+    parameter value.
+    (CVE-2023-5678)
+- Removed redundant POWER8 VSX Poly1305 and ChaCha20 code.
+
 ## AmiSSL 5.13 (22.12.2023)
 
 - Switched to OpenSSL 3.2, with full compatibility with the latest

Makefile

@@ -152,7 +152,7 @@ endif
 # none - because we want to compile with -Wall all the time
 
 VERSION=5
-REVISION=13
+REVISION=14
 
 include openssl/VERSION.dat
 VERSIONNAME=$(MAJOR)$(MINOR)$(PATCH)

dist/AmiSSL.readme

@@ -119,11 +119,11 @@ Legal information
 -----------------
 AmiSSL v1    Copyright (c) 1999-2006 Andrija Antonijevic.
 AmiSSL v2/v3 Copyright (c) 2002-2006 Andrija Antonijevic, Stefan Burstroem.
-AmiSSL v4/v5 Copyright (c) 2014-2023 AmiSSL Open Source Team.
+AmiSSL v4/v5 Copyright (c) 2014-2024 AmiSSL Open Source Team.
 All Rights Reserved.
 
 OpenSSL Cryptography and SSL/TLS Toolkit
-Copyright (c) 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright (c) 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 
 AmiSSL uses a modified version of OpenSSL. Both AmiSSL and OpenSSL
 are licensed under the Apache License, Version 2.0 (the "License");

include/libraries/amisslmaster.h

@@ -5,7 +5,7 @@
 
  AmiSSL - OpenSSL wrapper for AmigaOS-based systems
  Copyright (c) 1999-2006 Andrija Antonijevic, Stefan Burstroem.
- Copyright (c) 2006-2023 AmiSSL Open Source Team.
+ Copyright (c) 2006-2024 AmiSSL Open Source Team.
  All Rights Reserved.
 
  Licensed under the Apache License, Version 2.0 (the "License");
@@ -60,7 +60,8 @@ enum AmiSSLVersion
   AMISSL_V313,      /* AmiSSL v5.11 */
   AMISSL_V314,      /* AmiSSL v5.12 */
   AMISSL_V320,      /* AmiSSL v5.13 */
-
+  AMISSL_V321,      /* AmiSSL v5.14 */
+
   /* ADD NEW VERSIONS ABOVE THIS LINE */
   AMISSL_VMAX
 };

include/openssl/conferr.h

@@ -6,7 +6,7 @@
  *
  * This file has been modified for use with AmiSSL for AmigaOS-based systems.
  *
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -50,6 +50,7 @@
 # define CONF_R_NUMBER_TOO_LARGE                          121
 # define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION   124
 # define CONF_R_RECURSIVE_DIRECTORY_INCLUDE               111
+# define CONF_R_RECURSIVE_SECTION_REFERENCE               126
 # define CONF_R_RELATIVE_PATH                             125
 # define CONF_R_SSL_COMMAND_SECTION_EMPTY                 117
 # define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND             118

include/openssl/e_ostime.h

@@ -35,6 +35,15 @@
 
 # if defined(OPENSSL_SYS_WINDOWS)
 #  include <winsock2.h>
+#  if !defined(_WINSOCKAPI_)
+    /*
+     * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define
+     * _WINSOCKAPI_. Both of these provide struct timeval. Don't include
+     * winsock2.h if either header has been included to avoid breakage with
+     * applications that prefer to use <winsock.h> over <winsock2.h>.
+     */
+#   include <winsock2.h>
+#  endif
 # elif defined(OPENSSL_SYS_AMIGA) && !defined(AMISSL_COMPILE) && \
      ((defined(__amigaos4__) && defined(__USE_OLD_TIMEVAL__)) || \
      (!defined(__amigaos4__) && !defined(__USE_NEW_TIMEVAL__)))

include/openssl/opensslv.h

@@ -41,7 +41,7 @@ extern "C" {
  */
 # define OPENSSL_VERSION_MAJOR  3
 # define OPENSSL_VERSION_MINOR  2
-# define OPENSSL_VERSION_PATCH  0
+# define OPENSSL_VERSION_PATCH  1
 
 /*
  * Additional version information
@@ -86,21 +86,21 @@ extern "C" {
  * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
  * OPENSSL_VERSION_BUILD_METADATA_STR appended.
  */
-# define OPENSSL_VERSION_STR "3.2.0"
-# define OPENSSL_FULL_VERSION_STR "3.2.0"
+# define OPENSSL_VERSION_STR "3.2.1"
+# define OPENSSL_FULL_VERSION_STR "3.2.1"
 
 /*
  * SECTION 3: ADDITIONAL METADATA
  *
  * These strings are defined separately to allow them to be parsable.
  */
-# define OPENSSL_RELEASE_DATE "23 Nov 2023"
+# define OPENSSL_RELEASE_DATE "30 Jan 2024"
 
 /*
  * SECTION 4: BACKWARD COMPATIBILITY
  */
 
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.0 23 Nov 2023"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024"
 
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 # ifdef OPENSSL_VERSION_PRE_RELEASE

src/amisslmaster_library.c

@@ -2,7 +2,7 @@
 
  AmiSSL - OpenSSL wrapper for AmigaOS-based systems
  Copyright (c) 1999-2006 Andrija Antonijevic, Stefan Burstroem.
- Copyright (c) 2006-2023 AmiSSL Open Source Team.
+ Copyright (c) 2006-2024 AmiSSL Open Source Team.
  All Rights Reserved.
 
  Licensed under the Apache License, Version 2.0 (the "License");
@@ -244,7 +244,8 @@ LIBPROTO(OpenAmiSSL, struct Library *, REG(a6, UNUSED __BASE_OR_IFACE))
     // (https://wiki.openssl.org/index.php/OpenSSL_3.0#Versioning_Scheme) but we must
     // take care to prevent applications requiring newer API functions from loading
     // older libraries that do not contain those required entries
-    if(LibAPIVersion <= AMISSL_V320 && OpenLib(&AmiSSLBase,"320") == NULL)
+    if(LibAPIVersion <= AMISSL_V321 && OpenLib(&AmiSSLBase,"321") == NULL
+                                    && OpenLib(&AmiSSLBase,"320") == NULL)
       if(LibAPIVersion <= AMISSL_V314 && OpenLib(&AmiSSLBase,"314") == NULL
                                       && OpenLib(&AmiSSLBase,"313") == NULL
                                       && OpenLib(&AmiSSLBase,"312") == NULL