git: ad991e4c142e - main - OpenSSL: update to 3.0.12

From: Ed Maste <emaste_at_FreeBSD.org>
Date: Tue, 24 Oct 2023 18:57:29 UTC
The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=ad991e4c142ebabad7aef488ad97b189ecabb270

commit ad991e4c142ebabad7aef488ad97b189ecabb270
Merge: 6869f90bf5bb 825caf7e1244
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-10-24 18:55:56 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-10-24 18:55:56 +0000

    OpenSSL: update to 3.0.12
    
    OpenSSL 3.0.12 addresses:
    
     * Fix incorrect key and IV resizing issues when calling
       EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
       with OSSL_PARAM parameters that alter the key or IV length
       ([CVE-2023-5363]).
    
    Relnotes:       Yes
    Sponsored by:   The FreeBSD Foundation

 crypto/openssl/CHANGES.md                          |  9 +++
 crypto/openssl/INSTALL.md                          |  4 +-
 crypto/openssl/NEWS.md                             |  6 ++
 crypto/openssl/VERSION.dat                         |  4 +-
 crypto/openssl/apps/dgst.c                         |  2 +
 crypto/openssl/apps/dhparam.c                      |  4 +-
 crypto/openssl/apps/dsaparam.c                     |  4 +-
 crypto/openssl/apps/enc.c                          |  5 +-
 crypto/openssl/apps/gendsa.c                       |  4 +-
 crypto/openssl/apps/genpkey.c                      |  4 +-
 crypto/openssl/apps/genrsa.c                       |  4 +-
 crypto/openssl/apps/lib/apps.c                     | 16 ++++--
 crypto/openssl/apps/req.c                          |  2 +
 crypto/openssl/apps/speed.c                        |  3 +-
 crypto/openssl/crypto/aes/asm/aesv8-armx.pl        |  3 +
 crypto/openssl/crypto/arm_arch.h                   |  7 +--
 crypto/openssl/crypto/bn/bn_gcd.c                  |  8 +--
 crypto/openssl/crypto/build.info                   |  2 -
 crypto/openssl/crypto/cms/cms_enc.c                |  5 +-
 crypto/openssl/crypto/cms/cms_err.c                |  4 +-
 crypto/openssl/crypto/cms/cms_sd.c                 | 14 ++++-
 crypto/openssl/crypto/dh/dh_check.c                |  3 +-
 crypto/openssl/crypto/dh/dh_key.c                  |  3 +-
 crypto/openssl/crypto/dh/dh_lib.c                  |  4 +-
 crypto/openssl/crypto/dsa/dsa_check.c              |  8 ++-
 crypto/openssl/crypto/dsa/dsa_lib.c                |  4 +-
 crypto/openssl/crypto/dsa/dsa_ossl.c               |  1 -
 crypto/openssl/crypto/engine/eng_pkey.c            | 44 ++++++++++++++-
 crypto/openssl/crypto/engine/eng_table.c           |  1 +
 crypto/openssl/crypto/err/openssl.txt              |  1 +
 crypto/openssl/crypto/evp/evp_enc.c                | 45 ++++++++++++++-
 crypto/openssl/crypto/evp/legacy_sha.c             |  8 ++-
 crypto/openssl/crypto/evp/p_lib.c                  |  2 +-
 crypto/openssl/crypto/evp/pmeth_lib.c              |  5 +-
 crypto/openssl/crypto/ex_data.c                    |  4 +-
 crypto/openssl/crypto/ffc/ffc_key_validate.c       | 16 ++----
 crypto/openssl/crypto/lhash/lhash.c                |  6 +-
 crypto/openssl/crypto/mem.c                        | 12 +++-
 crypto/openssl/crypto/modes/asm/ghashv8-armx.pl    |  5 +-
 crypto/openssl/crypto/objects/obj_dat.c            |  7 ++-
 crypto/openssl/crypto/param_build_set.c            | 13 +++--
 .../openssl/crypto/poly1305/asm/poly1305-armv8.pl  | 26 ++++-----
 crypto/openssl/crypto/property/property_parse.c    | 34 +++++++++--
 crypto/openssl/crypto/rsa/rsa_backend.c            | 14 +----
 crypto/openssl/crypto/rsa/rsa_lib.c                | 32 ++++++++---
 crypto/openssl/doc/man3/CMS_add1_signer.pod        |  8 ++-
 crypto/openssl/doc/man3/DH_generate_parameters.pod |  6 +-
 .../openssl/doc/man3/DSA_generate_parameters.pod   |  4 +-
 crypto/openssl/doc/man3/EVP_aes_128_gcm.pod        |  8 +--
 crypto/openssl/doc/man3/EVP_aria_128_gcm.pod       |  2 +-
 crypto/openssl/doc/man3/EVP_bf_cbc.pod             |  2 +-
 crypto/openssl/doc/man3/EVP_blake2b512.pod         |  2 +-
 crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod   |  2 +-
 crypto/openssl/doc/man3/EVP_cast5_cbc.pod          |  2 +-
 crypto/openssl/doc/man3/EVP_chacha20.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_des_cbc.pod            |  2 +-
 crypto/openssl/doc/man3/EVP_desx_cbc.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_idea_cbc.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_md2.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_md4.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_md5.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_mdc2.pod               |  2 +-
 crypto/openssl/doc/man3/EVP_rc2_cbc.pod            |  2 +-
 crypto/openssl/doc/man3/EVP_rc4.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod   |  2 +-
 crypto/openssl/doc/man3/EVP_ripemd160.pod          |  2 +-
 crypto/openssl/doc/man3/EVP_seed_cbc.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_sha1.pod               |  2 +-
 crypto/openssl/doc/man3/EVP_sha224.pod             |  2 +-
 crypto/openssl/doc/man3/EVP_sha3_224.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_sm3.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_sm4_cbc.pod            |  2 +-
 crypto/openssl/doc/man3/EVP_whirlpool.pod          |  2 +-
 crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod      |  5 +-
 .../openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod  | 10 +++-
 .../openssl/doc/man3/SSL_CTX_set_info_callback.pod | 16 ++++--
 .../openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod   |  4 +-
 crypto/openssl/doc/man3/d2i_X509.pod               | 26 +++++++--
 crypto/openssl/include/openssl/cmserr.h            |  3 +-
 crypto/openssl/include/openssl/evp.h               |  4 +-
 crypto/openssl/include/openssl/opensslv.h          | 10 ++--
 crypto/openssl/include/openssl/pkcs7.h.in          |  6 +-
 crypto/openssl/providers/fips-sources.checksums    | 40 ++++++-------
 crypto/openssl/providers/fips.checksum             |  2 +-
 .../encode_decode/encode_key2text.c                | 65 +++++++++-------------
 .../providers/implementations/keymgmt/dh_kmgmt.c   |  2 +-
 .../providers/implementations/macs/kmac_prov.c     |  6 +-
 secure/lib/libcrypto/Makefile.inc                  |  4 +-
 88 files changed, 442 insertions(+), 247 deletions(-)

diff --cc crypto/openssl/include/openssl/opensslv.h
index 0bf61ce6a9d7,000000000000..73590b76ca70
mode 100644,000000..100644
--- a/crypto/openssl/include/openssl/opensslv.h
+++ b/crypto/openssl/include/openssl/opensslv.h
@@@ -1,114 -1,0 +1,114 @@@
 +/*
 + * WARNING: do not edit!
 + * Generated by Makefile from include/openssl/opensslv.h.in
 + *
 + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
 + *
 + * Licensed under the Apache License 2.0 (the "License").  You may not use
 + * this file except in compliance with the License.  You can obtain a copy
 + * in the file LICENSE in the source distribution or at
 + * https://www.openssl.org/source/license.html
 + */
 +
 +#ifndef OPENSSL_OPENSSLV_H
 +# define OPENSSL_OPENSSLV_H
 +# pragma once
 +
 +# ifdef  __cplusplus
 +extern "C" {
 +# endif
 +
 +/*
 + * SECTION 1: VERSION DATA.  These will change for each release
 + */
 +
 +/*
 + * Base version macros
 + *
 + * These macros express version number MAJOR.MINOR.PATCH exactly
 + */
 +# define OPENSSL_VERSION_MAJOR  3
 +# define OPENSSL_VERSION_MINOR  0
- # define OPENSSL_VERSION_PATCH  11
++# define OPENSSL_VERSION_PATCH  12
 +
 +/*
 + * Additional version information
 + *
 + * These are also part of the new version scheme, but aren't part
 + * of the version number itself.
 + */
 +
 +/* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */
 +# define OPENSSL_VERSION_PRE_RELEASE ""
 +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */
 +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */
 +# define OPENSSL_VERSION_BUILD_METADATA ""
 +
 +/*
 + * Note: The OpenSSL Project will never define OPENSSL_VERSION_BUILD_METADATA
 + * to be anything but the empty string.  Its use is entirely reserved for
 + * others
 + */
 +
 +/*
 + * Shared library version
 + *
 + * This is strictly to express ABI version, which may or may not
 + * be related to the API version expressed with the macros above.
 + * This is defined in free form.
 + */
 +# define OPENSSL_SHLIB_VERSION 3
 +
 +/*
 + * SECTION 2: USEFUL MACROS
 + */
 +
 +/* For checking general API compatibility when preprocessing */
 +# define OPENSSL_VERSION_PREREQ(maj,min)                                \
 +    ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min))
 +
 +/*
 + * Macros to get the version in easily digested string form, both the short
 + * "MAJOR.MINOR.PATCH" variant (where MAJOR, MINOR and PATCH are replaced
 + * with the values from the corresponding OPENSSL_VERSION_ macros) and the
 + * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
 + * OPENSSL_VERSION_BUILD_METADATA_STR appended.
 + */
- # define OPENSSL_VERSION_STR "3.0.11"
- # define OPENSSL_FULL_VERSION_STR "3.0.11"
++# define OPENSSL_VERSION_STR "3.0.12"
++# define OPENSSL_FULL_VERSION_STR "3.0.12"
 +
 +/*
 + * SECTION 3: ADDITIONAL METADATA
 + *
 + * These strings are defined separately to allow them to be parsable.
 + */
- # define OPENSSL_RELEASE_DATE "19 Sep 2023"
++# define OPENSSL_RELEASE_DATE "24 Oct 2023"
 +
 +/*
 + * SECTION 4: BACKWARD COMPATIBILITY
 + */
 +
- # define OPENSSL_VERSION_TEXT "OpenSSL 3.0.11 19 Sep 2023"
++# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.12 24 Oct 2023"
 +
 +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
 +# ifdef OPENSSL_VERSION_PRE_RELEASE
 +#  define _OPENSSL_VERSION_PRE_RELEASE 0x0L
 +# else
 +#  define _OPENSSL_VERSION_PRE_RELEASE 0xfL
 +# endif
 +# define OPENSSL_VERSION_NUMBER          \
 +    ( (OPENSSL_VERSION_MAJOR<<28)        \
 +      |(OPENSSL_VERSION_MINOR<<20)       \
 +      |(OPENSSL_VERSION_PATCH<<4)        \
 +      |_OPENSSL_VERSION_PRE_RELEASE )
 +
 +# ifdef  __cplusplus
 +}
 +# endif
 +
 +# include <openssl/macros.h>
 +# ifndef OPENSSL_NO_DEPRECATED_3_0
 +#  define HEADER_OPENSSLV_H
 +# endif
 +
 +#endif                          /* OPENSSL_OPENSSLV_H */
diff --cc secure/lib/libcrypto/Makefile.inc
index 7b016d988a34,000000000000..65925f972ba7
mode 100644,000000..100644
--- a/secure/lib/libcrypto/Makefile.inc
+++ b/secure/lib/libcrypto/Makefile.inc
@@@ -1,22 -1,0 +1,22 @@@
 +
 +.include <bsd.own.mk>
 +
 +# OpenSSL version used for manual page generation
- OPENSSL_VER=	3.0.11
- OPENSSL_DATE=	2023-09-19
++OPENSSL_VER=	3.0.12
++OPENSSL_DATE=	2023-10-24
 +
 +LCRYPTO_SRC=	${SRCTOP}/crypto/openssl
 +LCRYPTO_DOC=	${LCRYPTO_SRC}/doc
 +
 +CFLAGS+=	-I${LCRYPTO_SRC}
 +CFLAGS+=	-I${LCRYPTO_SRC}/include
 +CFLAGS+=	-I${LCRYPTO_SRC}/providers/common/include
 +CFLAGS+=	-I${LCRYPTO_SRC}/providers/implementations/include
 +
 +.include "Makefile.common"
 +
 +.for pcfile in ${PCFILES}
 +${pcfile}:	${pcfile}.in
 +	sed -e 's,@openssl_ver@,${OPENSSL_VER},g' ${.ALLSRC} > ${.TARGET}
 +.endfor
 +CLEANFILES+=	${PCFILES}