deps: upgrade openssl sources to quictls/openssl-3.0.3

This updates all sources in deps/openssl/openssl by:
    $ git clone [email protected]:quictls/openssl.git
    $ cd openssl
    $ git checkout openssl-3.0.3+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../../../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: #43022
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-May/000223.html
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Beth Griggs <[email protected]>

deps/openssl/openssl/CHANGES.md

@@ -28,12 +28,120 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
 
-### Changes between 3.0.2 and 3.0.2+quic [15 Mar 2022]
+### Changes between 3.0.3 and 3.0.3+quic [3 May 2022]
 
  * Add QUIC API support from BoringSSL.
 
    *Todd Short*
 
+### Changes between 3.0.2 and 3.0.3 [3 May 2022]
+
+ * Fixed a bug in the c_rehash script which was not properly sanitising shell
+   metacharacters to prevent command injection.  This script is distributed by
+   some operating systems in a manner where it is automatically executed.  On
+   such operating systems, an attacker could execute arbitrary commands with the
+   privileges of the script.
+
+   Use of the c_rehash script is considered obsolete and should be replaced
+   by the OpenSSL rehash command line tool.
+   (CVE-2022-1292)
+
+   *Tomáš Mráz*
+
+ * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
+   certificate on an OCSP response. The bug caused the function in the case
+   where the (non-default) flag OCSP_NOCHECKS is used to return a postivie
+   response (meaning a successful verification) even in the case where the
+   response signing certificate fails to verify.
+
+   It is anticipated that most users of `OCSP_basic_verify` will not use the
+   OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return
+   a negative value (indicating a fatal error) in the case of a certificate
+   verification failure. The normal expected return value in this case would be
+   0.
+
+   This issue also impacts the command line OpenSSL "ocsp" application. When
+   verifying an ocsp response with the "-no_cert_checks" option the command line
+   application will report that the verification is successful even though it
+   has in fact failed. In this case the incorrect successful response will also
+   be accompanied by error messages showing the failure and contradicting the
+   apparently successful result.
+   ([CVE-2022-1343])
+
+   *Matt Caswell*
+
+ * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
+   AAD data as the MAC key. This made the MAC key trivially predictable.
+
+   An attacker could exploit this issue by performing a man-in-the-middle attack
+   to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such
+   that the modified data would still pass the MAC integrity check.
+
+   Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0
+   endpoint will always be rejected by the recipient and the connection will
+   fail at that point. Many application protocols require data to be sent from
+   the client to the server first. Therefore, in such a case, only an OpenSSL
+   3.0 server would be impacted when talking to a non-OpenSSL 3.0 client.
+
+   If both endpoints are OpenSSL 3.0 then the attacker could modify data being
+   sent in both directions. In this case both clients and servers could be
+   affected, regardless of the application protocol.
+
+   Note that in the absence of an attacker this bug means that an OpenSSL 3.0
+   endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete
+   the handshake when using this ciphersuite.
+
+   The confidentiality of data is not impacted by this issue, i.e. an attacker
+   cannot decrypt data that has been encrypted using this ciphersuite - they can
+   only modify it.
+
+   In order for this attack to work both endpoints must legitimately negotiate
+   the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in
+   OpenSSL 3.0, and is not available within the default provider or the default
+   ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been
+   negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the
+   following must have occurred:
+
+   1) OpenSSL must have been compiled with the (non-default) compile time option
+      enable-weak-ssl-ciphers
+
+   2) OpenSSL must have had the legacy provider explicitly loaded (either
+      through application code or via configuration)
+
+   3) The ciphersuite must have been explicitly added to the ciphersuite list
+
+   4) The libssl security level must have been set to 0 (default is 1)
+
+   5) A version of SSL/TLS below TLSv1.3 must have been negotiated
+
+   6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any
+      others that both endpoints have in common
+   (CVE-2022-1434)
+
+   *Matt Caswell*
+
+ * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
+   occuppied by the removed hash table entries.
+
+   This function is used when decoding certificates or keys. If a long lived
+   process periodically decodes certificates or keys its memory usage will
+   expand without bounds and the process might be terminated by the operating
+   system causing a denial of service. Also traversing the empty hash table
+   entries will take increasingly more time.
+
+   Typically such long lived processes might be TLS clients or TLS servers
+   configured to accept client certificate authentication.
+   (CVE-2022-1473)
+
+   *Hugo Landau, Aliaksei Levin*
+
+ * The functions `OPENSSL_LH_stats` and `OPENSSL_LH_stats_bio` now only report
+   the `num_items`, `num_nodes` and `num_alloc_nodes` statistics. All other
+   statistics are no longer supported. For compatibility, these statistics are
+   still listed in the output but are now always reported as zero.
+
+   *Hugo Landau*
+
 ### Changes between 3.0.1 and 3.0.2 [15 Mar 2022]
 
  * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever

deps/openssl/openssl/CONTRIBUTING.md

@@ -60,7 +60,7 @@ guidelines:
     GitHub Actions and AppVeyor are required, and they are started automatically
     whenever a PR is created or updated.
 
-    [coding style]: https://www.openssl.org/policies/codingstyle.html
+    [coding style]: https://www.openssl.org/policies/technical/coding-style.html
 
  5. When at all possible, patches should include tests. These can
     either be added to an existing test, or completely new.  Please see

deps/openssl/openssl/Configurations/platform/AIX.pm

@@ -25,5 +25,5 @@ sub staticname {
     return $in_libname
         if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
 
-    return platform::BASE->staticname($_[1]) . '_a';
+    return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
 }

deps/openssl/openssl/NEWS.md

@@ -18,6 +18,17 @@ OpenSSL Releases
 OpenSSL 3.0
 -----------
 
+### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022]
+
+  * Fixed a bug in the c_rehash script which was not properly sanitising shell
+    metacharacters to prevent command injection ([CVE-2022-1292])
+  * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
+    certificate on an OCSP response ([CVE-2022-1343])
+  * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
+    AAD data as the MAC key ([CVE-2022-1434])
+  * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
+    occuppied by the removed hash table entries ([CVE-2022-1473])
+
 ### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022]
 
   * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever

deps/openssl/openssl/NOTES-WINDOWS.md

@@ -28,12 +28,12 @@ For this option you can use Cygwin.
 Native builds using Visual C++
 ==============================
 
-The native builds using Visual C++ have a VC-* prefix.
+The native builds using Visual C++ have a `VC-*` prefix.
 
 Requirement details
 -------------------
 
-In addition to the requirements and instructions listed in INSTALL.md,
+In addition to the requirements and instructions listed in `INSTALL.md`,
 these are required as well:
 
 ### Perl
@@ -64,22 +64,26 @@ Quick start
 
  4. Use Visual Studio Developer Command Prompt with administrative privileges,
     choosing one of its variants depending on the intended architecture.
-    Or run "cmd" and execute "vcvarsall.bat" with one of the options x86,
-    x86_amd64, x86_arm, x86_arm64, amd64, amd64_x86, amd64_arm, or amd64_arm64.
-    This sets up the environment variables needed for nmake.exe, cl.exe, etc.
+    Or run `cmd` and execute `vcvarsall.bat` with one of the options `x86`,
+    `x86_amd64`, `x86_arm`, `x86_arm64`, `amd64`, `amd64_x86`, `amd64_arm`,
+    or `amd64_arm64`.
+    This sets up the environment variables needed for `nmake.exe`, `cl.exe`,
+    etc.
     See also
     <https://docs.microsoft.com/cpp/build/building-on-the-command-line>
 
  5. From the root of the OpenSSL source directory enter
-    perl Configure VC-WIN32    if you want 32-bit OpenSSL or
-    perl Configure VC-WIN64A   if you want 64-bit OpenSSL or
-    perl Configure             to let Configure figure out the platform
+    - `perl Configure VC-WIN32`     if you want 32-bit OpenSSL or
+    - `perl Configure VC-WIN64A`    if you want 64-bit OpenSSL or
+    - `perl Configure VC-WIN64-ARM` if you want Windows on Arm (win-arm64)
+       OpenSSL or
+    - `perl Configure`              to let Configure figure out the platform
 
- 6. nmake
+ 6. `nmake`
 
- 7. nmake test
+ 7. `nmake test`
 
- 8. nmake install
+ 8. `nmake install`
 
 For the full installation instructions, or if anything goes wrong at any stage,
 check the INSTALL.md file.
@@ -109,37 +113,37 @@ installation for examples), these fallbacks are used:
 ALSO NOTE that those directories are usually write protected, even if
 your account is in the Administrators group.  To work around that,
 start the command prompt by right-clicking on it and choosing "Run as
-Administrator" before running 'nmake install'.  The other solution
+Administrator" before running `nmake install`.  The other solution
 is, of course, to choose a different set of directories by using
---prefix and --openssldir when configuring.
+`--prefix` and `--openssldir` when configuring.
 
-Special notes for Universal Windows Platform builds, aka VC-*-UWP
---------------------------------------------------------------------
+Special notes for Universal Windows Platform builds, aka `VC-*-UWP`
+-------------------------------------------------------------------
 
  - UWP targets only support building the static and dynamic libraries.
 
- - You should define the platform type to "uwp" and the target arch via
-   "vcvarsall.bat" before you compile. For example, if you want to build
-   "arm64" builds, you should run "vcvarsall.bat x86_arm64 uwp".
+ - You should define the platform type to `uwp` and the target arch via
+   `vcvarsall.bat` before you compile. For example, if you want to build
+   `arm64` builds, you should run `vcvarsall.bat x86_arm64 uwp`.
 
 Native builds using Embarcadero C++Builder
 =========================================
 
 This toolchain (a descendant of Turbo/Borland C++) is an alternative to MSVC.
 OpenSSL currently includes an experimental 32-bit configuration targeting the
-Clang-based compiler (bcc32c.exe) in v10.3.3 Community Edition.
+Clang-based compiler (`bcc32c.exe`) in v10.3.3 Community Edition.
 <https://www.embarcadero.com/products/cbuilder/starter>
 
  1. Install Perl.
 
  2. Open the RAD Studio Command Prompt.
 
  3. Go to the root of the OpenSSL source directory and run:
-    perl Configure BC-32 --prefix=%CD%
+    `perl Configure BC-32 --prefix=%CD%`
 
- 4. make -N
+ 4. `make -N`
 
- 5. make -N test
+ 5. `make -N test`
 
  6. Build your program against this OpenSSL:
     * Set your include search path to the "include" subdirectory of OpenSSL.
@@ -166,32 +170,38 @@ MinGW offers an alternative way to build native OpenSSL, by cross compilation.
 
    - Perl, at least version 5.10.0, which usually comes pre-installed with MSYS2
 
-   - make, installed using "pacman -S make" into the MSYS2 environment
+   - make, installed using `pacman -S make` into the MSYS2 environment
 
-   - MinGW[64] compiler: mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc.
+   - MinGW[64] compiler: `mingw-w64-i686-gcc` and/or `mingw-w64-x86_64-gcc`.
      These compilers must be on your MSYS2 $PATH.
      A common error is to not have these on your $PATH.
      The MSYS2 version of gcc will not work correctly here.
 
    In the MSYS2 shell do the configuration depending on the target architecture:
 
        ./Configure mingw ...
+
    or
+
        ./Configure mingw64 ...
+
    or
+
        ./Configure ...
 
    for the default architecture.
 
-   Apart from that, follow the Unix / Linux instructions in INSTALL.md.
+   Apart from that, follow the Unix / Linux instructions in `INSTALL.md`.
 
  * It is also possible to build mingw[64] on Linux or Cygwin.
 
-   In this case configure with the corresponding --cross-compile-prefix= option.
-   For example
+   In this case configure with the corresponding `--cross-compile-prefix=`
+   option. For example
 
        ./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ...
+
    or
+
        ./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ...
 
    This requires that you've installed the necessary add-on packages for
@@ -203,18 +213,18 @@ Linking native applications
 This section applies to all native builds.
 
 If you link with static OpenSSL libraries then you're expected to
-additionally link your application with WS2_32.LIB, GDI32.LIB,
-ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
+additionally link your application with `WS2_32.LIB`, `GDI32.LIB`,
+`ADVAPI32.LIB`, `CRYPT32.LIB` and `USER32.LIB`. Those developing
 non-interactive service applications might feel concerned about
-linking with GDI32.LIB and USER32.LIB, as they are justly associated
+linking with `GDI32.LIB` and `USER32.LIB`, as they are justly associated
 with interactive desktop, which is not available to service
 processes. The toolkit is designed to detect in which context it's
 currently executed, GUI, console app or service, and act accordingly,
 namely whether or not to actually make GUI calls. Additionally those
-who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and
+who wish to `/DELAYLOAD:GDI32.DLL` and `/DELAYLOAD:USER32.DLL` and
 actually keep them off service process should consider implementing
-and exporting from .exe image in question own _OPENSSL_isservice not
-relying on USER32.DLL. E.g., on Windows Vista and later you could:
+and exporting from .exe image in question own `_OPENSSL_isservice` not
+relying on `USER32.DLL`. E.g., on Windows Vista and later you could:
 
        __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
        {
@@ -233,7 +243,7 @@ See also the OPENSSL_Applink manual page.
 Hosted builds using Cygwin
 ==========================
 
-Cygwin implements a POSIX/Unix runtime system (cygwin1.dll) on top of the
+Cygwin implements a POSIX/Unix runtime system (`cygwin1.dll`) on top of the
 Windows subsystem and provides a Bash shell and GNU tools environment.
 Consequently, a build of OpenSSL with Cygwin is virtually identical to the
 Unix procedure.
@@ -249,7 +259,7 @@ To build OpenSSL using Cygwin, you need to:
 
 Apart from that, follow the Unix / Linux instructions in INSTALL.md.
 
-NOTE: "make test" and normal file operations may fail in directories
-mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
+NOTE: `make test` and normal file operations may fail in directories
+mounted as text (i.e. `mount -t c:\somewhere /home`) due to Cygwin
 stripping of carriage returns. To avoid this ensure that a binary
-mount is used, e.g. mount -b c:\somewhere /home.
+mount is used, e.g. `mount -b c:\somewhere /home`.

deps/openssl/openssl/README.md

@@ -4,7 +4,7 @@ What This Is
 This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition
 to the website, the official source distribution is at
 <https://github.com/openssl/openssl>. The OpenSSL `README` can be found at
-[README-OpenSSL.md](https://github.com/quictls/openssl/blob/openssl-3.0.2%2Bquic/README-OpenSSL.md)
+[README-OpenSSL.md](https://github.com/quictls/openssl/blob/openssl-3.0.3%2Bquic/README-OpenSSL.md)
 
 This fork adds APIs that can be used by QUIC implementations for connection
 handshakes. Quoting the IETF Working group

deps/openssl/openssl/VERSION.dat

@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=0
-PATCH=2
+PATCH=3
 PRE_RELEASE_TAG=
 BUILD_METADATA=quic
-RELEASE_DATE="15 Mar 2022"
+RELEASE_DATE="3 May 2022"
 SHLIB_VERSION=81.3

deps/openssl/openssl/apps/ca.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2367,7 +2367,7 @@ static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg)
 
     case REV_CRL_REASON:
         for (i = 0; i < 8; i++) {
-            if (strcasecmp(rev_arg, crl_reasons[i]) == 0) {
+            if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) {
                 reason = crl_reasons[i];
                 break;
             }
@@ -2584,7 +2584,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
     }
     if (reason_str) {
         for (i = 0; i < NUM_REASONS; i++) {
-            if (strcasecmp(reason_str, crl_reasons[i]) == 0) {
+            if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) {
                 reason_code = i;
                 break;
             }

deps/openssl/openssl/apps/cmp.c

@@ -1745,7 +1745,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx)
     valptr[0] = '\0';
     valptr++;
 
-    if (strncasecmp(valptr, "int:", 4) != 0) {
+    if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) {
         CMP_err("missing 'int:' in -geninfo option");
         return 0;
     }