deps: upgrade openssl sources to quictls/openssl-3.0.7+quic

This updates all sources in deps/openssl/openssl by:
    $ git clone [email protected]:quictls/openssl.git
    $ cd openssl
    $ git checkout openssl-3.0.7+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../../../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

CVE-ID: CVE-2022-3602, CVE-2022-3786
PR-URL: #45286

Author: RafaelGSS

deps/openssl/openssl/CHANGES.md

@@ -28,12 +28,169 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
 
-### Changes between 3.0.5 and 3.0.5+quic [5 Jul 2022]
+### Changes between 3.0.7 and 3.0.7+quic [1 Nov 2022]
 
  * Add QUIC API support from BoringSSL.
 
    *Todd Short*
 
+### Changes between 3.0.6 and 3.0.7 [1 Nov 2022]
+
+ * Fixed two buffer overflows in punycode decoding functions.
+
+   A buffer overrun can be triggered in X.509 certificate verification,
+   specifically in name constraint checking. Note that this occurs after
+   certificate chain signature verification and requires either a CA to
+   have signed the malicious certificate or for the application to continue
+   certificate verification despite failure to construct a path to a trusted
+   issuer.
+
+   In a TLS client, this can be triggered by connecting to a malicious
+   server.  In a TLS server, this can be triggered if the server requests
+   client authentication and a malicious client connects.
+
+   An attacker can craft a malicious email address to overflow
+   an arbitrary number of bytes containing the `.`  character (decimal 46)
+   on the stack.  This buffer overflow could result in a crash (causing a
+   denial of service).
+   ([CVE-2022-3786])
+
+   An attacker can craft a malicious email address to overflow four
+   attacker-controlled bytes on the stack.  This buffer overflow could
+   result in a crash (causing a denial of service) or potentially remote code
+   execution depending on stack layout for any given platform/compiler.
+   ([CVE-2022-3602])
+
+   *Paul Dale*
+
+ * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
+   parameters in OpenSSL code.
+   Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
+   OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
+   Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
+   Using these invalid names may cause algorithms to use slower methods
+   that ignore the CRT parameters.
+
+   *Shane Lontis*
+
+ * Fixed a regression introduced in 3.0.6 version raising errors on some stack
+   operations.
+
+   *Tomáš Mráz*
+
+ * Fixed a regression introduced in 3.0.6 version not refreshing the certificate
+   data to be signed before signing the certificate.
+
+   *Gibeom Gwon*
+
+ * Added RIPEMD160 to the default provider.
+
+   *Paul Dale*
+
+ * Ensured that the key share group sent or accepted for the key exchange
+   is allowed for the protocol version.
+
+   *Matt Caswell*
+
+### Changes between 3.0.5 and 3.0.6 [11 Oct 2022]
+
+ * OpenSSL supports creating a custom cipher via the legacy
+   EVP_CIPHER_meth_new() function and associated function calls. This function
+   was deprecated in OpenSSL 3.0 and application authors are instead encouraged
+   to use the new provider mechanism in order to implement custom ciphers.
+
+   OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers
+   passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and
+   EVP_CipherInit_ex2() functions (as well as other similarly named encryption
+   and decryption initialisation functions). Instead of using the custom cipher
+   directly it incorrectly tries to fetch an equivalent cipher from the
+   available providers. An equivalent cipher is found based on the NID passed to
+   EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a
+   given cipher. However it is possible for an application to incorrectly pass
+   NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef
+   is used in this way the OpenSSL encryption/decryption initialisation function
+   will match the NULL cipher as being equivalent and will fetch this from the
+   available providers. This will succeed if the default provider has been
+   loaded (or if a third party provider has been loaded that offers this
+   cipher). Using the NULL cipher means that the plaintext is emitted as the
+   ciphertext.
+
+   Applications are only affected by this issue if they call
+   EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an
+   encryption/decryption initialisation function. Applications that only use
+   SSL/TLS are not impacted by this issue.
+   ([CVE-2022-3358])
+
+   *Matt Caswell*
+
+ * Fix LLVM vs Apple LLVM version numbering confusion that caused build failures
+   on MacOS 10.11
+
+   *Richard Levitte*
+
+ * Fixed the linux-mips64 Configure target which was missing the
+   SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
+   platform.
+
+   *Adam Joseph*
+
+ * Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a
+   ticket
+
+   *Matt Caswell*
+
+ * Correctly handle a retransmitted ClientHello in DTLS
+
+   *Matt Caswell*
+
+ * Fixed detection of ktls support in cross-compile environment on Linux
+
+   *Tomas Mraz*
+
+ * Fixed some regressions and test failures when running the 3.0.0 FIPS provider
+   against 3.0.x
+
+   *Paul Dale*
+
+ * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
+   report correct results in some cases
+
+   *Matt Caswell*
+
+ * Fix UWP builds by defining VirtualLock
+
+   *Charles Milette*
+
+ * For known safe primes use the minimum key length according to RFC 7919.
+   Longer private key sizes unnecessarily raise the cycles needed to compute the
+   shared secret without any increase of the real security. This fixes a
+   regression from 1.1.1 where these shorter keys were generated for the known
+   safe primes.
+
+   *Tomas Mraz*
+
+ * Added the loongarch64 target
+
+   *Shi Pujin*
+
+ * Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were
+   only passed to the FIPS provider and not to the default or legacy provider.
+
+   *Juergen Christ*
+
+ * Fixed reported performance degradation on aarch64. Restored the
+   implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
+   32-bit lane assignment in CTR mode") for 64bit targets only, since it is
+   reportedly 2-17% slower and the silicon errata only affects 32bit targets.
+   The new algorithm is still used for 32 bit targets.
+
+   *Bernd Edlinger*
+
+ * Added a missing header for memcmp that caused compilation failure on some
+   platforms
+
+   *Gregor Jasny*
+
 ### Changes between 3.0.4 and 3.0.5 [5 Jul 2022]
 
  * The OpenSSL 3.0.4 release introduced a serious bug in the RSA

deps/openssl/openssl/Configurations/10-main.conf

@@ -797,7 +797,7 @@ my %targets = (
         inherit_from     => [ "linux-latomic" ],
         cflags           => add("-mabi=n32"),
         cxxflags         => add("-mabi=n32"),
-        bn_ops           => "RC4_CHAR",
+        bn_ops           => "RC4_CHAR SIXTY_FOUR_BIT",
         asm_arch         => 'mips64',
         perlasm_scheme   => "n32",
         multilib         => "32",
@@ -818,6 +818,13 @@ my %targets = (
         perlasm_scheme   => "linux64",
     },
 
+    # loongarch64 below refers to contemporary LoongArch Architecture
+    # specifications,
+    "linux64-loongarch64" => {
+        inherit_from     => [ "linux-generic64"],
+        perlasm_scheme   => "linux64",
+    },
+
     #### IA-32 targets...
     #### These two targets are a bit aged and are to be used on older Linux
     #### machines where gcc doesn't understand -m32 and -m64
@@ -1302,7 +1309,7 @@ my %targets = (
         inherit_from     => [ "BASE_Windows" ],
         template         => 1,
         CC               => "cl",
-        CPP              => '"$(CC)" /EP /C',
+        CPP              => '$(CC) /EP /C',
         CFLAGS           => "/W3 /wd4090 /nologo",
         coutflag         => "/Fo",
         LD               => "link",
@@ -1311,7 +1318,7 @@ my %targets = (
         ldpostoutflag    => "",
         ld_resp_delim    => "\n",
         bin_lflags       => "setargv.obj",
-        makedepcmd       => '"$(CC)" /Zs /showIncludes',
+        makedepcmd       => '$(CC) /Zs /showIncludes',
         makedep_scheme   => 'VC',
         AR               => "lib",
         ARFLAGS          => "/nologo",

deps/openssl/openssl/Configurations/50-djgpp.conf

@@ -4,6 +4,7 @@
 
 my %targets = (
     "DJGPP" => {
+        inherit_from     => [ "BASE_unix" ],
         CC               => "gcc",
         CFLAGS           => "-fomit-frame-pointer -O2 -Wall",
         cflags           => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",

deps/openssl/openssl/Configurations/windows-makefile.tmpl

@@ -500,8 +500,8 @@ uninstall_docs: uninstall_html_docs
 {- output_off() if $disabled{fips}; "" -}
 install_fips: build_sw $(INSTALL_FIPSMODULECONF)
 #	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
-	@$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR)
-	@$(PERL) $(SRCDIR)\util\mkdir-p.pl $(OPENSSLDIR)
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)"
 	@$(ECHO) "*** Installing FIPS module"
 	@$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)"
 	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULE)" "$(MODULESDIR)"
@@ -742,7 +742,7 @@ EOF
                               rel2abs($config{builddir}));
           my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION_NUMBER)' : '';
           my $ord_name =
-              $args{generator}->[1] || platform->dsoname($args{product});
+              $args{generator}->[1] || basename(platform->dsoname($args{product}));
           return <<"EOF";
 $target: $gen0 $deps $mkdef
 	"\$(PERL)" "$mkdef"$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS windows > $target

deps/openssl/openssl/Configure

@@ -17,7 +17,6 @@ use lib "$FindBin::Bin/util/perl";
 use File::Basename;
 use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs splitdir/;
 use File::Path qw/mkpath/;
-use File::Compare qw(compare_text);
 use OpenSSL::fallback "$FindBin::Bin/external/perl/MODULES.txt";
 use OpenSSL::Glob;
 use OpenSSL::Template;
@@ -1506,9 +1505,7 @@ unless ($disabled{asan} || defined $detected_sanitizers{asan}) {
 }
 
 unless ($disabled{ubsan} || defined $detected_sanitizers{ubsan}) {
-    # -DPEDANTIC or -fnosanitize=alignment may also be required on some
-    # platforms.
-    push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all";
+    push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all", "-DPEDANTIC";
 }
 
 unless ($disabled{msan} || defined $detected_sanitizers{msan}) {
@@ -1720,20 +1717,13 @@ unless ($disabled{devcryptoeng}) {
 
 unless ($disabled{ktls}) {
     $config{ktls}="";
+    my $cc = $config{CROSS_COMPILE}.$config{CC};
     if ($target =~ m/^linux/) {
-        my $usr = "/usr/$config{cross_compile_prefix}";
-        chop($usr);
-        if ($config{cross_compile_prefix} eq "") {
-            $usr = "/usr";
-        }
-        my $minver = (4 << 16) + (13 << 8) + 0;
-        my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
-
-        if ($verstr[2] < $minver) {
+        system("printf '#include <sys/types.h>\n#include <linux/tls.h>' | $cc -E - >/dev/null 2>&1");
+        if ($? != 0) {
             disable('too-old-kernel', 'ktls');
         }
     } elsif ($target =~ m/^BSD/) {
-        my $cc = $config{CROSS_COMPILE}.$config{CC};
         system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
         if ($? != 0) {
             disable('too-old-freebsd', 'ktls');
@@ -2852,59 +2842,20 @@ $configdata_tmpl->fill_in(
 ) or die $Text::Template::ERROR;
 close CONFIGDATA;
 
-# When using stat() on Windows, we can get it to perform better by avoid some
-# data.  This doesn't affect the mtime field, so we're not losing anything...
-${^WIN32_SLOPPY_STAT} = 1;
-
-my $update_configdata = 0;
-my $run_configdata = 0;
-if (-f $configdata_outname) {
-    my $Configure_mtime = (stat($0))[9];
-    my $configdata_mtime = (stat($configdata_outname))[9];
-
-    # If this script was updated after the last configdata.pm, or if
-    # configdata.pm.new differs from configdata.pm, we update configdata.pm
-    if ($configdata_mtime < $Configure_mtime
-        || compare_text("$configdata_outname.new", $configdata_outname) != 0) {
-        $update_configdata = 1;
-    } else {
-        # If nothing has changed, let's just drop the new one and pretend
-        # like nothing happened
-        unlink "$configdata_outname.new";
-
-        # We still run configdata.pm if one of the build file (Makefile) or
-        # the configuration header file are missing
-        $run_configdata =
-            !( -f $target{build_file} )
-            || !( -f catfile('include', 'openssl', 'configuration.h') );
-    }
-} else {
-    $update_configdata = 1;
-}
-
-if ($update_configdata) {
-    # If something did change, or there was no previous configdata.pm, we
-    # rename the new one, set permissions as needed, and run it.
-    rename "$configdata_outname.new", $configdata_outname;
-    if ($builder_platform eq 'unix') {
-        my $mode = (0755 & ~umask);
-        chmod $mode, 'configdata.pm'
-            or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!);
-    }
-    $run_configdata = 1;
-    print "Created $configdata_outname\n";
+rename "$configdata_outname.new", $configdata_outname;
+if ($builder_platform eq 'unix') {
+    my $mode = (0755 & ~umask);
+    chmod $mode, 'configdata.pm'
+        or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!);
 }
+print "Created $configdata_outname\n";
 
-if ($run_configdata) {
-    print "Running $configdata_outname\n";
-    my $perlcmd = (quotify("maybeshell", $config{PERL}))[0];
-    my $cmd = "$perlcmd $configdata_outname";
-    #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
-    system($cmd);
-    exit 1 if $? != 0;
-} else {
-    print "No changes in $configdata_outname, no need to run it\n";
-}
+print "Running $configdata_outname\n";
+my $perlcmd = (quotify("maybeshell", $config{PERL}))[0];
+my $cmd = "$perlcmd $configdata_outname";
+#print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
+system($cmd);
+exit 1 if $? != 0;
 
 $SIG{__DIE__} = $orig_death_handler;
 

deps/openssl/openssl/INSTALL.md

@@ -978,7 +978,7 @@ the individual protocol versions.
 
 ### no-{protocol}-method
 
-    no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}-method
+    no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method
 
 Analogous to `no-{protocol}` but in addition do not build the methods for
 applications to explicitly select individual protocol versions.  Note that there

deps/openssl/openssl/NEWS.md

@@ -18,14 +18,25 @@ OpenSSL Releases
 OpenSSL 3.0
 -----------
 
+### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022]
+
+  * Added RIPEMD160 to the default provider.
+  * Fixed regressions introduced in 3.0.6 version.
+  * Fixed two buffer overflows in punycode decoding functions.
+    ([CVE-2022-3786]) and ([CVE-2022-3602])
+
+### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022]
+
+  * Fix for custom ciphers to prevent accidental use of NULL encryption
+    ([CVE-2022-3358])
+
 ### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022]
 
   * Fixed heap memory corruption with RSA private key operation
     ([CVE-2022-2274])
   * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
     ([CVE-2022-2097])
 
-
 ### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022]
 
   * Fixed additional bugs in the c_rehash script which was not properly

deps/openssl/openssl/README-ENGINES.md

@@ -314,4 +314,3 @@ It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
 A quick test done right before the release showed that trying "openssl speed
 -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
 to write at memory address 0x00000002.
-