[deps] Update dependency openssl/openssl to v4#18
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.6.2→4.0.0Release Notes
openssl/openssl (openssl/openssl)
v4.0.0Compare Source
Added
-expected-rpksoption to theopenssl s_clientand
openssl s_servercommands. This makes it possible to specifyone or more public keys expected from the remote peer that are then used
to authenticate the connection.
Viktor Dukhovni
Added
-hmac-envand-hmac-stdinoptions toopenssl dgstcommand.Igor Ustinov
Added LMS support for signature verification to
openssl pkeyutlcommand.To enable this, LMS
SubjectPublicKeyInfoencoder and decoders wereadded, and the LMS keymanager and signature code were updated.
Shane Lontis
Added new
SSL_get0_sigalg()andSSL_get0_shared_sigalg()functionsto report the TLS signature algorithm name and codepoint for the peer
advertised and shared algorithms respectively. These supersede the existing
SSL_get_sigalgs()andSSL_get_shared_sigalgs()functions, which are onlya good fit for TLS 1.2. The names reported are the IANA names,
and are expected to consistently match the names expected
in
SignatureAlgorithmsconfiguration settings, seeSSL_CONF_cmd(3)for details. Previously reported names were not always directly usable
for configurations, and were mostly OpenSSL-specific aliases that rarely
matched the official IANA codepoint names.
There is an associated change in how signature algorithms are reported by the
openssl s_clientandopenssl s_servercommands. They now usethe new functions and report the IANA registered names of each signature
scheme. Example new output:
Viktor Dukhovni
Implemented client-side predicted keyshare floating. When a tuple loses
the last element that was tagged for transmission of a predicted client
keyshare (by default
*X25519MLKEM768and*X25519in their respectivetuples), either because the group is not enabled at compile-time, or
because it is removed by configuration (e.g.
DEFAULT:-<groupname>), ifthe tuple remains non-empty, the keyshare is inherited by the first (i.e.
most preferred) remaining element of the tuple.
Viktor Dukhovni
Added support for [RFC 8998], signature algorithm
sm2sig_sm3, key exchangegroup
curveSM2, and [tls-hybrid-sm2-mlkem] post-quantum groupcurveSM2MLKEM768.Verification of SM2-signed certificates required changing the default
distinguishing identifier from empty to the constant ASCII string
"1234567812345678". An explicit empty distinguishing identifier value may
need to be used to verify or create signatures that are compatible with
versions of OpenSSL prior to 4.0. With the command-line tools an empty
value can be specified with the use of either the -pkeyopt
(
openssl-pkeyutl(1)) or -sigopt (openssl-dgst(1)) option with avalue of "distid:".
Viktor Dukhovni
Added support for TLS 1.3 SM cipher suites
TLS_SM4_GCM_SM3and
TLS_SM4_CCM_SM3from [RFC 8998].Milan Brož
Added cSHAKE function support as per [SP 800-185].
Shane Lontis
Added "ML-DSA-MU" digest algorithm support.
Shane Lontis
Added SNMP KDF (
EVP_KDF_SNMPKDF) toEVP_KDF.Barry Fussell and Helen Zhang
Added SRTP KDF (
EVP_KDF_SRTPKDF) toEVP_KDFBarry Fussell and Helen Zhang
Implemented [RFC 7919], adding support for negotiated FFDHE key exchange
in TLS 1.2.
Joachim Vandersmissen (with additional support from Viktor Dukhovni)
Added AKID verification checks when
X509_V_FLAG_X509_STRICTis set.Raise
X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIERwhen AKID is not present.Raise
X509_V_ERR_EMPTY_AUTHORITY_KEY_IDENTIFIERwhen AKID has no attributes.Raise
X509_V_ERR_AKID_ISSUER_SERIAL_NOT_PAIREDwhenauthorityCertIssuerand
authorityCertSerialNumberfields are not paired.Daniel Kubec
Implemented [RFC 9849], adding support for Encrypted Client Hello (ECH).
See
doc/design/ech-api.mdfor details.Stephen Farrell (with much support from Matt Caswell and Tomáš Mráz)
Added the
OSSL_ESS_check_signing_certs_ex()call.This API call is an extension to
OSSL_ESS_check_signing_certs()that addsthe ability to specify a library context and property query when fetching
algorithms to validate a given certificate.
Neil Horman
Added
OPENSSL_sk_set_cmp_thunks()API to allow for proper typecastingduring comparison of elements in a
STACK_OFstructure.Neil Horman
Added
ASN1_BIT_STRING_set1()function to set a bit string to a value,including the length in bytes and the number of unused bits. Internally,
ASN1_BIT_STRING_set_bit()has also been modified to keep the numberof unused bits correct when changing an
ASN1_BIT_STRING.Bob Beck
Added
SSL_add1_dnsname(),SSL_set1_dnsname(),SSL_add1_ipaddr(),and
SSL_set1_ipaddr()functions as a replacement forSSL_add1_host()and
SSL_set1_host()that are deprecated now. The new replacement APIfunctions was added to support checking multiple names against a certificate
with
X509_VERIFY_PARAM. SeeX509_VERIFY_PARAM_set_flags(3)for fulldetails.
Bob Beck
Added
SSL_CTX_get0_alpn_protos()andSSL_get0_alpn_protos()functions.Daniel Kubec
Added
SSL_CTX_is_server().Igor Ustinov
Added
EVP_MD_CTX_serialize()/EVP_MD_CTX_deserialize()functions.These functions allow to export the internal state of a Digest and re-import
it later to continue a computation from a specific checkpoint. Only SHA-2
and the SHA-3 family (Keccak, SHAKE, SHA-3) of functions currently support
this functionality.
Simo Sorce
Added
BIO_set_send_flags()function that allows setting flags passed tosend(),sendto(), andsendmsg(). The main intention is to allowsetting the
MSG_NOSIGNALflag to avoid a crash on receiving theSIGPIPEsignal.
Igor Ustinov
FIPS self tests can now be deferred and run as needed when installing
the FIPS module with the
-defer_testsoption of theopenssl fipsinstallcommand.
Simo Sorce
Lower bounds checks are now enforced when using
PKCS5_PBKDF2_HMACAPIwith FIPS provider.
When using the FIPS provider via the
PKCS5_PBKDF2_HMACAPI,password protected encrypted files will now have lower bounds
checks (minimum iteration count, minimum password length, salt
size and derived key lengths) enforced by default. Prior to
upgrading to this version, users may want to check if their
password protected key–stores are encrypted using short passwords,
salts, low iteration counts for PBKDF or weaker ciphers. To
upgrade to the new defaults one can decrypt the keys with a
previous OpenSSL version or the default provider, and then
re-encrypt them with the newer OpenSSL (using the FIPS provider),
thus upgrading to longer password, salt length and AES-256 CBC.
Dimitri John Ledkov
Added support for using either static or dynamic VC runtime linkage
on Windows. Using the
enable-static-vcruntimeconfiguration option,OpenSSL can now be configured to use the static or dynamic
vcruntime.dlllinkage. The multithreaded or single threaded static VC runtime is selected
based on the
enable-threadsoption.Neil Horman
Added configure options to disable KDF algorithms for
hmac-drbg-kdf,kbkdf,krb5kdf,pvkkdf,snmpkdf,sskdf,sshkdf,x942kdf,and
x963kdf.Shane Lontis
Removed configure options can now only be disabled. You may continue
to use
disable-<feature>syntax, which will remain supported. Usingenable-<feature>for a removed feature is no longer permitted.Andrew Dinh
Added restrictions on the maximum number of TLS
key_shares (16)that a server will pay attention to, as well as the maximum number
of supported
groups (128) andsig_algs (128). Any sent beyondthese limits are ignored, in order to avoid clients sending excessively
long lists in these extensions.
Matt Caswell
Removed specialised built-in logic for adding the SKID and AKID extensions
from
openssl x509,openssl req, andopenssl cacommands,these extensions are handled through configuration files and command-line
options just like any other extension. See their documentation and also
x509v3_config(5)for additional details.Updated the syntax of the
subjectKeyIdentifier(SKID) andauthorityKeyIdentifier(AKID) extensions, introducing thenonssqualifierfor the
keyidandissuerkeywords.The x509 "mini-CA" now attempts to find extension settings in the default
configuration file even if neither the
-extfilenor the-extensionsoption is explicitly specified. Failure to open the default configuration
is silently ignored.
The settings in the stock OpenSSL 4.0 configuration file arrange for
addition of the requisite SKID and AKID extensions. Other configuration
files may need to be adjusted if desired.
Viktor Dukhovni
Enabled Server verification by default in
s_serverwhen the
-verify_return_erroroption is enabled.Ryan Hooper
Removed extra leading '00:' when printing key data such as an RSA modulus
in hexadecimal format where the first (most significant) byte is >= 0x80.
This had been added artificially to resemble ASN.1 DER encoding internals.
Fixing this also makes sure that key output always has the expected length.
David von Oheimb
Standardized the width of hexadecimal dumps to 24 bytes for signatures
(to stay within the 80 characters limit) and 16 bytes for everything else.
Beat Bolli
Updated the default group list to append
SecP256r1MKEM768andcurveSM2MLKEM768to the first tuple in that order after*X25519MLKEM768.Also inserted a penultimate tuple with
curveSM2(just before theFFDHEgroups).
Viktor Dukhovni
Consolidated processing of SM2 and EdDSA signatures with essentially
identical code for ECDSA in the
openssl speedcommand. The output formathas changed slightly to report the EC curve name rather than its bit size.
Viktor Dukhovni
CRLs with a malformed Issuing Distribution Point extensions are now rejected.
Daniel Kubec
CRLs with malformed
CRL NumberorDelta CRL Indicatorextensionsare now rejected.
Daniel Kubec
Fixed CRLs with invalid
ASN1_TIMEininvalidityDateextensions,where verification incorrectly succeeded. Enforced proper handling
of
ASN1_TIMEvalidation results so that any CRL containing invalidtime fields is rejected immediately, preventing the error from propagating
to verification.
Daniel Kubec
CRLs with a
Certificate Issuerextension in a certificate revocation entryare now rejected, unless the
Indirectflag is set toTRUEin the
Issuing Distribution Pointextension of the CRL.Daniel Kubec
SSL_get_error()no longer depends on the state of the error stack,so it is no longer necessary to empty the error queue before the
TLS/SSL I/O operations.
Igor Ustinov
ASN1_STRINGhas been made opaque.Access to values from
ASN1_STRINGand related types should be done with theappropriate accessor functions. The various
ASN1_STRING_FLAGvalues havebeen made private.
Bob Beck
OPENSSL_cleanup()now runs in a global destructor, or not at all by default.OpenSSL_cleanup()will no longer by default free global objects when run froman application. Instead it sets a flag for a global destructor to do this after
the process exits, and after subordinate libraries using OpenSSL have run their
destructors. If destructor support is not available,
OpenSSL_cleanup()will donothing, leaving the global objects to be cleaned up by the Operating System.
Bob Beck
X509_ALGOR_set_md()function now returns a value indicating successor failure.
David von Oheimb
Added documentation for
X509_cmp_time(),X509_cmp_current_time(),and
X509_cmp_timeframe(), and deprecated them.Added a new function,
X509_check_certificate_times(), as well asthe
<openssl/posix_time.h>interface from BoringSSL/LibreSSL.For details of these functions and non-deprecated replacement
strategies, see
X509_check_certificate_times(3).Bob Beck
Const-corrected
time_targuments forX509_cmp_time(),X509_time_adj(),and
X509_time_adj_ex().Frederik Wedel-Heinen
Made
X509_ATTRIBUTEaccessor functions const-correct. The functionsX509_ATTRIBUTE_get0_object(),X509_ATTRIBUTE_get0_type(), andX509_ATTRIBUTE_get0_data()now acceptconst X509_ATTRIBUTE *andreturn const pointers. Related PKCS12 functions
PKCS12_get_attr_gen(),PKCS12_get_attr(), andPKCS8_get_attr()have also been updated toreturn
const ASN1_TYPE *.kovan
Constified various function return values, particularly in X509 and related
areas, and when functions were returning non-const objects owned by a const
parameter.
Bob Beck
Many functions accepting
X509 *arguments, or returning valuesfrom a const
X509 *have been changed to take/return constarguments. The most visible changes are places where pointer values
are returned from a const
X509 *object. In many places wherethese were non const values being returned from a const object,
these pointer values have now been made const. The goal of this
change is to enable future improvements in X.509 certificate
handling. For full details see the relevant section in
ossl-migration-guide(7).
Bob Beck
Constified various function parameters, in particular for X509-related
functions.
David von Oheimb
Constified various X509-related functions:
X509_get_pathlen(),X509_check_ca(),X509_check_purpose(),X509_get_proxy_pathlen(),X509_get_extension_flags(),X509_get_key_usage(),X509_get_extended_key_usage(),X509_get0_subject_key_id(),X509_get0_authority_key_id(),X509_get0_authority_issuer(),X509_get0_authority_serial(),X509_get0_distinguishing_id().Bob Beck
Removed needless
constqualifiers from scalar type arguments in the publicAPIs, mostly for AES and Camellia.
David von Oheimb
Fixed a bug that allowed TLS 1.2 ciphers to be added to the TLS 1.3
ciphersuiteslist, and for that list to contain duplicates.Cipher configuration strings for both TLS 1.2 and 1.3 are now
case-insensitive.
Viktor Dukhovni
Deprecated
ASN1_OBJECT_new()function.Refer to
ossl-migration-guide(7)for more info.Frederik Wedel-Heinen
Deprecated
X509_NAME_get_text_by_NID()andX509_NAME_get_text_by_OBJ()functions, and documented them as such.
Bob Beck
Removed the
SSL_TXT_FIPSoption. This was a remnant of the old FIPScanister and wasn't used anymore.
Dr Paul Dale
Removed
OPENSSL_atexit()function.Bob Beck
Critical extension enforcement for
EXFLAG_BCONS_CRITICAL,EXFLAG_AKID_CRITICAL,EXFLAG_SKID_CRITICAL, andEXFLAG_SAN_CRITICALisincorrect. These checks were intended as CA requirements to prevent
misinterpretation by verifiers that don't support certain extensions
However, since we do support these extensions, there is no requirement for
them to be marked as critical. Enforcing that on
X509_V_FLAG_X509_STRICTwas a mistake.Daniel Kubec
Support of deprecated elliptic curves in TLS according to [RFC 8422] was
disabled at compile-time by default. To enable it, use the
enable-tls-deprecated-ecconfiguration option.Dmitry Belyavskiy
Removed support for an SSLv2 Client Hello. When a client wanted to support
both SSLv2 and higher versions like SSLv3 or even TLSv1, it needed to
send an SSLv2 Client Hello. SSLv2 support itself was removed
in OpenSSL 1.1.0, but there was still compatibility code for clients sending
an SSLv2 Client Hello. Since we no longer support SSLv2 Client Hello,
SSL_client_hello_isv2()is now deprecated and always returns 0.Kurt Roeckx
Removed support for SSLv3. SSLv3 has been deprecated since 2015, and OpenSSL
had it disabled by default since version 1.1.0 (2016).
Kurt Roeckx
Support of explicit EC curves was disabled by default, an error will occur
if an explicit EC curve doesn't match any known one. A new configuration
option,
enable-ec_explicit_curves, is added.Dmitry Belyavskiy
Removed
c_rehashscript tool. Useopenssl rehashinstead.Norbert Pócs
libcryptono longer cleans up globally allocated data viaatexit().This data is cleaned up automatically by the OS. Some memory leak detectors
may report spurious allocated and reachable memory at application exit.
To avoid such spurious leak detection reports the application may call
OPENSSL_cleanup()before the process exits.Alexandr Nedvedicky
Removed the
crypto-mdebug-backtraceconfiguration option entirely.The option has been a no-op since OpenSSL 1.0.2.
Neil Horman
Removed the deprecated function
ASN1_STRING_data().Bob Beck
Removed the
ASN1_STRING_FLAG_X509_TIMEdefine.Bob Beck
Dropped
darwin-i386{,-cc}anddarwin-ppc{,64}{,-cc}targetsfrom Configurations.
Daniel Kubec and Eugene Syromiatnikov
Removed support for engines. The
no-enginebuild optionand the
OPENSSL_NO_ENGINEmacro are always present. Applications that useENGINE_functions withoutOPENSSL_NO_ENGINEguards can be builtby defining a macro
OPENSSL_ENGINE_STUBS; however, all these functionswill return error when called. Provider API should be used to replace
engine functionality.
Milan Brož, Neil Horman, Norbert Pócs
Removed
BIO_f_reliable()implementation without replacement.It was broken since 3.0 release without any complaints.
Tomáš Mráz
Removed deprecated functions
ERR_get_state(),ERR_remove_state()and
ERR_remove_thread_state(). TheERR_STATEobject is now always opaque.Tomáš Mráz
Removed the deprecated
msie-hackoption from theopenssl cacommand.Bob Beck
Configuration
📅 Schedule: (in timezone Europe/Paris)
* 0-4,22-23 * * 1-5)* * * * 0,6)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.