Skip to content

Commit

Permalink
OpenSSL 3.3.2 integration + 5.17 release preparation
Browse files Browse the repository at this point in the history
Futaura committed Sep 4, 2024
1 parent a32d8e7 commit e6639d9
Showing 8 changed files with 32 additions and 18 deletions.
9 changes: 9 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
## AmiSSL 5.17 (4.9.2024)

- Updated OpenSSL backend to full compatibility with the latest
OpenSSL 3.3.2 (3.9.2024) version which includes these moderate and
low severity bug fixes and mitigations:
+ Fixed possible denial of service in X.509 name checks.
(CVE-2024-6119)
+ Fixed possible buffer overread in SSL_select_next_proto().
(CVE-2024-5535)
- Updated root certificates to latest Mozilla-based bundle provided
by https://curl.se/docs/caextract.html dated 2.7.2024.
- Refactored the OpenSSL locking and mutex routines to remove the
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -152,7 +152,7 @@ endif
# none - because we want to compile with -Wall all the time

VERSION=5
REVISION=16
REVISION=17

include openssl/VERSION.dat
VERSIONNAME=$(MAJOR)$(MINOR)$(PATCH)
1 change: 1 addition & 0 deletions include/libraries/amisslmaster.h
Original file line number Diff line number Diff line change
@@ -63,6 +63,7 @@ enum AmiSSLVersion
AMISSL_V321, /* AmiSSL v5.14 */
AMISSL_V330, /* AmiSSL v5.15 */
AMISSL_V331, /* AmiSSL v5.16 */
AMISSL_V332, /* AmiSSL v5.17 */

/* ADD NEW VERSIONS ABOVE THIS LINE */
AMISSL_VMAX
10 changes: 5 additions & 5 deletions include/openssl/opensslv.h
Original file line number Diff line number Diff line change
@@ -41,7 +41,7 @@ extern "C" {
*/
# define OPENSSL_VERSION_MAJOR 3
# define OPENSSL_VERSION_MINOR 3
# define OPENSSL_VERSION_PATCH 1
# define OPENSSL_VERSION_PATCH 2

/*
* Additional version information
@@ -86,21 +86,21 @@ extern "C" {
* longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
* OPENSSL_VERSION_BUILD_METADATA_STR appended.
*/
# define OPENSSL_VERSION_STR "3.3.1"
# define OPENSSL_FULL_VERSION_STR "3.3.1"
# define OPENSSL_VERSION_STR "3.3.2"
# define OPENSSL_FULL_VERSION_STR "3.3.2"

/*
* SECTION 3: ADDITIONAL METADATA
*
* These strings are defined separately to allow them to be parsable.
*/
# define OPENSSL_RELEASE_DATE "4 Jun 2024"
# define OPENSSL_RELEASE_DATE "3 Sep 2024"

/*
* SECTION 4: BACKWARD COMPATIBILITY
*/

# define OPENSSL_VERSION_TEXT "OpenSSL 3.3.1 4 Jun 2024"
# define OPENSSL_VERSION_TEXT "OpenSSL 3.3.2 3 Sep 2024"

/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
# ifdef OPENSSL_VERSION_PRE_RELEASE
4 changes: 3 additions & 1 deletion include/openssl/tls1.h
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@
*
* This file has been modified for use with AmiSSL for AmigaOS-based systems.
*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -243,6 +243,8 @@ extern "C" {
# define TLSEXT_max_fragment_length_1024 2
# define TLSEXT_max_fragment_length_2048 3
# define TLSEXT_max_fragment_length_4096 4
/* OpenSSL value for unset maximum fragment length extension */
# define TLSEXT_max_fragment_length_UNSPECIFIED 255

/*
* TLS Certificate Type (for RFC7250)
4 changes: 3 additions & 1 deletion openssl/crypto/rcu_internal.h
Original file line number Diff line number Diff line change
@@ -9,7 +9,9 @@

#ifndef OPENSSL_RCU_INTERNAL_H
# define OPENSSL_RCU_INTERNAL_H
# pragma once
# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3))
# pragma once
# endif

struct rcu_qp;

17 changes: 8 additions & 9 deletions openssl/crypto/threads_amissl.c
Original file line number Diff line number Diff line change
@@ -45,17 +45,16 @@ struct rcu_lock_st {
struct rcu_cb_item *cb_items;
};

CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers)
CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
{
struct rcu_lock_st *lock;

if((lock = OPENSSL_zalloc(sizeof(*lock))))
struct rcu_lock_st *new;
if((new = OPENSSL_zalloc(sizeof(*new))))
{
if((lock->mutex = ossl_crypto_mutex_new()))
{
return lock;
}
OPENSSL_free(lock);
if((new->mutex = ossl_crypto_mutex_new()))
{
return new;
}
OPENSSL_free(new);
}

return NULL;
3 changes: 2 additions & 1 deletion src/amisslmaster_library.c
Original file line number Diff line number Diff line change
@@ -244,7 +244,8 @@ LIBPROTO(OpenAmiSSL, struct Library *, REG(a6, UNUSED __BASE_OR_IFACE))
// (https://wiki.openssl.org/index.php/OpenSSL_3.0#Versioning_Scheme) but we must
// take care to prevent applications requiring newer API functions from loading
// older libraries that do not contain those required entries
if(LibAPIVersion <= AMISSL_V331 && OpenLib(&AmiSSLBase,"331") == NULL
if(LibAPIVersion <= AMISSL_V332 && OpenLib(&AmiSSLBase,"332") == NULL
&& OpenLib(&AmiSSLBase,"331") == NULL
&& OpenLib(&AmiSSLBase,"330") == NULL)
if(LibAPIVersion <= AMISSL_V321 && OpenLib(&AmiSSLBase,"321") == NULL
&& OpenLib(&AmiSSLBase,"320") == NULL)

0 comments on commit e6639d9

Please sign in to comment.