From patchwork Tue May 21 14:56:21 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 7816
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4VkHZb3zwnz3wwq
	for <patchwork@web04.haj.ipfire.org>; Tue, 21 May 2024 14:56:39 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4VkHZX6MYmz4PW;
	Tue, 21 May 2024 14:56:36 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4VkHZX36Zfz337R;
	Tue, 21 May 2024 14:56:36 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4VkHZV10ybz32hB
	for <development@lists.ipfire.org>; Tue, 21 May 2024 14:56:34 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4VkHZT6d12z2GB;
	Tue, 21 May 2024 14:56:33 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1716303394;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=WRd0KZjqMXvn9FDkiXwZamkeDblnePPuLirj1ioqwqI=;
	b=ehNIbYBrs/hdWsidJ5YPvZ3dmQHJVQUlI8J8QaBt59w4DL7YIZPyv+ZkbzP3NMCaQ3rq7c
	fJSuNDEbIy1cbbAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1716303394;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=WRd0KZjqMXvn9FDkiXwZamkeDblnePPuLirj1ioqwqI=;
	b=qGvSC6zCo7JUkfCui9HPaKI52Nj0tv/pIOdw78MNjBE2q1oqKdtF375glLFcUmK3/v4xCZ
	X4kpayZ0GVzO6ujOpccxv+JfwtS18eetPWHWCleF/ZBWx88vlZd5mkGp+W5GX3Fs3SXIJS
	AFuoSTsgaCUWam/NxaUc5uTby6G8ojz6y/wB0wf/gB3bQdTLwkx1GGgPlefSzft8DrpU9S
	Ob+2E7PcWMSDfBfxCu33cK20BdL9f6yBxUtNm/IrzTiAtUB90KKwP44WwscwMhffx3ifef
	l0hG8hFb4Db1PFRmaitPbGxn8ZB721CnE7bwenQwTcM2BbiOJ1p2+IdNXMKSTg==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] openssl: Update to version 3.3.0
Date: Tue, 21 May 2024 16:56:21 +0200
Message-ID: <20240521145627.291028-3-adolf.belka@ipfire.org>
In-Reply-To: <20240521145627.291028-1-adolf.belka@ipfire.org>
References: <20240521145627.291028-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: S7GYLTTQDZS3IH6KRTL7ZHVFVSF2AHEU
X-Message-ID-Hash: S7GYLTTQDZS3IH6KRTL7ZHVFVSF2AHEU
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/S7GYLTTQDZS3IH6KRTL7ZHVFVSF2AHEU/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- Update from version 3.2.1 to 3.3.0
- Update of rootfile
- Changelog
    3.3
	This release adds the following new features:
	  * Support for qlog for tracing QUIC connections has been added
	  * Added APIs to allow configuring the negotiated idle timeout for QUIC
	    connections, and to allow determining the number of additional streams
	    that can currently be created for a QUIC connection.
	  * Added APIs to allow disabling implicit QUIC event processing for QUIC SSL
	    objects
	  * Added APIs to allow querying the size and utilisation of a QUIC stream's
	    write buffer
	  * New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN)
	    condition in an optimised way when using QUIC.
	  * Limited support for polling of QUIC connection and stream objects in a
	    non-blocking manner.
	  * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple
	    times with different output sizes.
	  * Added exporter for CMake on Unix and Windows, alongside the pkg-config
	    exporter.
	  * The BLAKE2s hash algorithm matches BLAKE2b's support for configurable
	    output length.
	  * The EVP_PKEY_fromdata function has been augmented to allow for the
	    derivation of CRT (Chinese Remainder Theorem) parameters when requested
	  * Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
	    using time_t which is Y2038 safe on 32 bit systems when 64 bit time
	    is enabled
	  * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
	    config options and the respective calls to SSL[_CTX]_set1_sigalgs() and
	    SSL[_CTX]_set1_client_sigalgs() that start with `?` character are
	    ignored and the configuration will still be used.
	  * Added `-set_issuer` and `-set_subject` options to `openssl x509` to
	    override the Issuer and Subject when creating a certificate. The `-subj`
	    option now is an alias for `-set_subject`.
	  * Added several new features of CMPv3 defined in RFC 9480 and RFC 9483
	  * New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3
	    server to prefer session resumption using PSK-only key exchange over PSK
	    with DHE, if both are available.
	  * New atexit configuration switch, which controls whether the OPENSSL_cleanup
	    is registered when libcrypto is unloaded.
	  * Added X509_STORE_get1_objects to avoid issues with the existing
	    X509_STORE_get0_objects API in multi-threaded applications.
	This release incorporates the following potentially significant or incompatible
	changes:
	  * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
	  * Optimized AES-CTR for ARM Neoverse V1 and V2
	  * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems
	    similar to M1/M2.
	  * Various optimizations for cryptographic routines using RISC-V vector crypto
	    extensions
	  * Added assembly implementation for md5 on loongarch64
	  * Accept longer context for TLS 1.2 exporters
	  * The activate and soft_load configuration settings for providers in
	    openssl.cnf have been updated to require a value of [1|yes|true|on]
	    (in lower or UPPER case) to enable the setting. Conversely a value
	    of [0|no|false|off] will disable the setting.
	  * In `openssl speed`, changed the default hash function used with `hmac` from
	    `md5` to `sha256`.
	  * The `-verify` option to the `openssl crl` and `openssl req` will make the
	    program exit with 1 on failure.
	  * The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and
	    related functions have been augmented to check for a minimum length of
	    the input string, in accordance with ITU-T X.690 section 11.7 and 11.8.
	  * OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1
	    if called with a NULL stack argument.
	  * New limit on HTTP response headers is introduced to HTTP client. The
	    default limit is set to 256 header lines.
	This release incorporates the following bug fixes and mitigations:
	  * The BIO_get_new_index() function can only be called 127 times before it
	    reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its
	    exhausted.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/openssl | 104 ++++++++++++++++++++++++++++++++
 lfs/openssl                     |   4 +-
 2 files changed, 106 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index a3664a521..c5cc40e1f 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -152,6 +152,10 @@ usr/bin/openssl
 #usr/include/openssl/x509err.h
 #usr/include/openssl/x509v3.h
 #usr/include/openssl/x509v3err.h
+#usr/lib/cmake
+usr/lib/cmake/OpenSSL
+usr/lib/cmake/OpenSSL/OpenSSLConfig.cmake
+usr/lib/cmake/OpenSSL/OpenSSLConfigVersion.cmake
 #usr/lib/engines-3
 usr/lib/engines-3/afalg.so
 usr/lib/engines-3/capi.so
@@ -769,6 +773,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html
 #usr/share/doc/openssl/html/man3/SSL_get_stream_id.html
 #usr/share/doc/openssl/html/man3/SSL_get_stream_read_state.html
+#usr/share/doc/openssl/html/man3/SSL_get_value_uint.html
 #usr/share/doc/openssl/html/man3/SSL_get_verify_result.html
 #usr/share/doc/openssl/html/man3/SSL_get_version.html
 #usr/share/doc/openssl/html/man3/SSL_group_to_name.html
@@ -781,6 +786,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man3/SSL_new.html
 #usr/share/doc/openssl/html/man3/SSL_new_stream.html
 #usr/share/doc/openssl/html/man3/SSL_pending.html
+#usr/share/doc/openssl/html/man3/SSL_poll.html
 #usr/share/doc/openssl/html/man3/SSL_read.html
 #usr/share/doc/openssl/html/man3/SSL_read_early_data.html
 #usr/share/doc/openssl/html/man3/SSL_rstate_string.html
@@ -992,6 +998,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man7/openssl-core_names.h.html
 #usr/share/doc/openssl/html/man7/openssl-env.html
 #usr/share/doc/openssl/html/man7/openssl-glossary.html
+#usr/share/doc/openssl/html/man7/openssl-qlog.html
 #usr/share/doc/openssl/html/man7/openssl-quic.html
 #usr/share/doc/openssl/html/man7/openssl-threads.html
 #usr/share/doc/openssl/html/man7/openssl_user_macros.html
@@ -2419,6 +2426,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/ERR_peek_last_error_func.3ossl
 #usr/share/man/man3/ERR_peek_last_error_line.3ossl
 #usr/share/man/man3/ERR_peek_last_error_line_data.3ossl
+#usr/share/man/man3/ERR_pop.3ossl
 #usr/share/man/man3/ERR_pop_to_mark.3ossl
 #usr/share/man/man3/ERR_print_errors.3ossl
 #usr/share/man/man3/ERR_print_errors_cb.3ossl
@@ -2587,6 +2595,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/EVP_DigestSignInit.3ossl
 #usr/share/man/man3/EVP_DigestSignInit_ex.3ossl
 #usr/share/man/man3/EVP_DigestSignUpdate.3ossl
+#usr/share/man/man3/EVP_DigestSqueeze.3ossl
 #usr/share/man/man3/EVP_DigestUpdate.3ossl
 #usr/share/man/man3/EVP_DigestVerify.3ossl
 #usr/share/man/man3/EVP_DigestVerifyFinal.3ossl
@@ -3588,6 +3597,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OPENSSL_LH_delete.3ossl
 #usr/share/man/man3/OPENSSL_LH_doall.3ossl
 #usr/share/man/man3/OPENSSL_LH_doall_arg.3ossl
+#usr/share/man/man3/OPENSSL_LH_doall_arg_thunk.3ossl
 #usr/share/man/man3/OPENSSL_LH_error.3ossl
 #usr/share/man/man3/OPENSSL_LH_flush.3ossl
 #usr/share/man/man3/OPENSSL_LH_free.3ossl
@@ -3601,6 +3611,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OPENSSL_LH_num_items.3ossl
 #usr/share/man/man3/OPENSSL_LH_retrieve.3ossl
 #usr/share/man/man3/OPENSSL_LH_set_down_load.3ossl
+#usr/share/man/man3/OPENSSL_LH_set_thunks.3ossl
 #usr/share/man/man3/OPENSSL_LH_stats.3ossl
 #usr/share/man/man3/OPENSSL_LH_stats_bio.3ossl
 #usr/share/man/man3/OPENSSL_LINE.3ossl
@@ -3699,6 +3710,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_CMP_CR.3ossl
 #usr/share/man/man3/OSSL_CMP_CTX_build_cert_chain.3ossl
 #usr/share/man/man3/OSSL_CMP_CTX_free.3ossl
+#usr/share/man/man3/OSSL_CMP_CTX_get0_geninfo_ITAVs.3ossl
 #usr/share/man/man3/OSSL_CMP_CTX_get0_libctx.3ossl
 #usr/share/man/man3/OSSL_CMP_CTX_get0_newCert.3ossl
 #usr/share/man/man3/OSSL_CMP_CTX_get0_newPkey.3ossl
@@ -3763,6 +3775,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_CMP_CTX_set_transfer_cb_arg.3ossl
 #usr/share/man/man3/OSSL_CMP_CTX_setup_CRM.3ossl
 #usr/share/man/man3/OSSL_CMP_CTX_snprint_PKIStatus.3ossl
+#usr/share/man/man3/OSSL_CMP_HDR_get0_geninfo_ITAVs.3ossl
 #usr/share/man/man3/OSSL_CMP_HDR_get0_recipNonce.3ossl
 #usr/share/man/man3/OSSL_CMP_HDR_get0_transactionID.3ossl
 #usr/share/man/man3/OSSL_CMP_IR.3ossl
@@ -3770,10 +3783,12 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_CMP_ITAV_dup.3ossl
 #usr/share/man/man3/OSSL_CMP_ITAV_free.3ossl
 #usr/share/man/man3/OSSL_CMP_ITAV_get0_caCerts.3ossl
+#usr/share/man/man3/OSSL_CMP_ITAV_get0_certProfile.3ossl
 #usr/share/man/man3/OSSL_CMP_ITAV_get0_rootCaCert.3ossl
 #usr/share/man/man3/OSSL_CMP_ITAV_get0_rootCaKeyUpdate.3ossl
 #usr/share/man/man3/OSSL_CMP_ITAV_get0_type.3ossl
 #usr/share/man/man3/OSSL_CMP_ITAV_get0_value.3ossl
+#usr/share/man/man3/OSSL_CMP_ITAV_new0_certProfile.3ossl
 #usr/share/man/man3/OSSL_CMP_ITAV_new_caCerts.3ossl
 #usr/share/man/man3/OSSL_CMP_ITAV_new_rootCaCert.3ossl
 #usr/share/man/man3/OSSL_CMP_ITAV_new_rootCaKeyUpdate.3ossl
@@ -3791,6 +3806,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_CMP_LOG_WARNING.3ossl
 #usr/share/man/man3/OSSL_CMP_MSG_dup.3ossl
 #usr/share/man/man3/OSSL_CMP_MSG_free.3ossl
+#usr/share/man/man3/OSSL_CMP_MSG_get0_certreq_publickey.3ossl
 #usr/share/man/man3/OSSL_CMP_MSG_get0_header.3ossl
 #usr/share/man/man3/OSSL_CMP_MSG_get_bodytype.3ossl
 #usr/share/man/man3/OSSL_CMP_MSG_http_perform.3ossl
@@ -3812,6 +3828,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_CMP_SRV_CTX_get0_cmp_ctx.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_CTX_get0_custom_ctx.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_CTX_init.3ossl
+#usr/share/man/man3/OSSL_CMP_SRV_CTX_init_trans.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_CTX_new.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_CTX_set_accept_raverified.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_CTX_set_accept_unprotected.3ossl
@@ -3819,6 +3836,8 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_CMP_SRV_CTX_set_send_unprotected_errors.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_certConf_cb_t.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_cert_request_cb_t.3ossl
+#usr/share/man/man3/OSSL_CMP_SRV_clean_transaction_cb_t.3ossl
+#usr/share/man/man3/OSSL_CMP_SRV_delayed_delivery_cb_t.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_error_cb_t.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_genm_cb_t.3ossl
 #usr/share/man/man3/OSSL_CMP_SRV_pollReq_cb_t.3ossl
@@ -4042,6 +4061,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_HTTP_REQ_CTX_new.3ossl
 #usr/share/man/man3/OSSL_HTTP_REQ_CTX_set1_req.3ossl
 #usr/share/man/man3/OSSL_HTTP_REQ_CTX_set_expected.3ossl
+#usr/share/man/man3/OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines.3ossl
 #usr/share/man/man3/OSSL_HTTP_REQ_CTX_set_max_response_length.3ossl
 #usr/share/man/man3/OSSL_HTTP_REQ_CTX_set_request_line.3ossl
 #usr/share/man/man3/OSSL_HTTP_adapt_proxy.3ossl
@@ -4185,6 +4205,27 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_PROVIDER_try_load_ex.3ossl
 #usr/share/man/man3/OSSL_PROVIDER_unload.3ossl
 #usr/share/man/man3/OSSL_PROVIDER_unquery_operation.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_AEAD_LIMIT_REACHED.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_APPLICATION_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_CONNECTION_REFUSED.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_CRYPTO_ERR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_CRYPTO_ERR_END.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_FINAL_SIZE_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_FLOW_CONTROL_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_FRAME_ENCODING_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_INTERNAL_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_INVALID_TOKEN.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_KEY_UPDATE_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_NO_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_NO_VIABLE_PATH.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_PROTOCOL_VIOLATION.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_STREAM_LIMIT_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_STREAM_STATE_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR.3ossl
+#usr/share/man/man3/OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT.3ossl
 #usr/share/man/man3/OSSL_QUIC_client_method.3ossl
 #usr/share/man/man3/OSSL_QUIC_client_thread_method.3ossl
 #usr/share/man/man3/OSSL_SELF_TEST_free.3ossl
@@ -5143,6 +5184,29 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_AUTO.3ossl
 #usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_REJECT.3ossl
 #usr/share/man/man3/SSL_OP_BIT.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_E.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_EC.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_ECD.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_ER.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_EW.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_F.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_I.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_IS.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_ISB.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_ISE.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_ISU.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_NONE.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_OS.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_OSB.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_OSE.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_OSU.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_R.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_RE.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_RW.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_RWE.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_W.3ossl
+#usr/share/man/man3/SSL_POLL_EVENT_WE.3ossl
+#usr/share/man/man3/SSL_POLL_FLAG_NO_HANDLE_EVENTS.3ossl
 #usr/share/man/man3/SSL_SESSION_dup.3ossl
 #usr/share/man/man3/SSL_SESSION_free.3ossl
 #usr/share/man/man3/SSL_SESSION_get0_alpn_selected.3ossl
@@ -5164,6 +5228,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_SESSION_get_protocol_version.3ossl
 #usr/share/man/man3/SSL_SESSION_get_ticket_lifetime_hint.3ossl
 #usr/share/man/man3/SSL_SESSION_get_time.3ossl
+#usr/share/man/man3/SSL_SESSION_get_time_ex.3ossl
 #usr/share/man/man3/SSL_SESSION_get_timeout.3ossl
 #usr/share/man/man3/SSL_SESSION_has_ticket.3ossl
 #usr/share/man/man3/SSL_SESSION_is_resumable.3ossl
@@ -5183,6 +5248,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_SESSION_set_max_early_data.3ossl
 #usr/share/man/man3/SSL_SESSION_set_protocol_version.3ossl
 #usr/share/man/man3/SSL_SESSION_set_time.3ossl
+#usr/share/man/man3/SSL_SESSION_set_time_ex.3ossl
 #usr/share/man/man3/SSL_SESSION_set_timeout.3ossl
 #usr/share/man/man3/SSL_SESSION_up_ref.3ossl
 #usr/share/man/man3/SSL_STREAM_FLAG_ADVANCE.3ossl
@@ -5199,6 +5265,23 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_STREAM_TYPE_NONE.3ossl
 #usr/share/man/man3/SSL_STREAM_TYPE_READ.3ossl
 #usr/share/man/man3/SSL_STREAM_TYPE_WRITE.3ossl
+#usr/share/man/man3/SSL_VALUE_CLASS_FEATURE_NEGOTIATED.3ossl
+#usr/share/man/man3/SSL_VALUE_CLASS_FEATURE_PEER_REQUEST.3ossl
+#usr/share/man/man3/SSL_VALUE_CLASS_FEATURE_REQUEST.3ossl
+#usr/share/man/man3/SSL_VALUE_CLASS_GENERIC.3ossl
+#usr/share/man/man3/SSL_VALUE_EVENT_HANDLING_MODE.3ossl
+#usr/share/man/man3/SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT.3ossl
+#usr/share/man/man3/SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT.3ossl
+#usr/share/man/man3/SSL_VALUE_EVENT_HANDLING_MODE_INHERIT.3ossl
+#usr/share/man/man3/SSL_VALUE_QUIC_IDLE_TIMEOUT.3ossl
+#usr/share/man/man3/SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL.3ossl
+#usr/share/man/man3/SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL.3ossl
+#usr/share/man/man3/SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL.3ossl
+#usr/share/man/man3/SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL.3ossl
+#usr/share/man/man3/SSL_VALUE_STREAM_WRITE_BUF_AVAIL.3ossl
+#usr/share/man/man3/SSL_VALUE_STREAM_WRITE_BUF_SIZE.3ossl
+#usr/share/man/man3/SSL_VALUE_STREAM_WRITE_BUF_USED.3ossl
+#usr/share/man/man3/SSL_WRITE_FLAG_CONCLUDE.3ossl
 #usr/share/man/man3/SSL_accept.3ossl
 #usr/share/man/man3/SSL_accept_stream.3ossl
 #usr/share/man/man3/SSL_add0_chain_cert.3ossl
@@ -5310,12 +5393,17 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_get_default_timeout.3ossl
 #usr/share/man/man3/SSL_get_early_data_status.3ossl
 #usr/share/man/man3/SSL_get_error.3ossl
+#usr/share/man/man3/SSL_get_event_handling_mode.3ossl
 #usr/share/man/man3/SSL_get_event_timeout.3ossl
 #usr/share/man/man3/SSL_get_ex_data.3ossl
 #usr/share/man/man3/SSL_get_ex_data_X509_STORE_CTX_idx.3ossl
 #usr/share/man/man3/SSL_get_ex_new_index.3ossl
 #usr/share/man/man3/SSL_get_extms_support.3ossl
 #usr/share/man/man3/SSL_get_fd.3ossl
+#usr/share/man/man3/SSL_get_feature_negotiated_uint.3ossl
+#usr/share/man/man3/SSL_get_feature_peer_request_uint.3ossl
+#usr/share/man/man3/SSL_get_feature_request_uint.3ossl
+#usr/share/man/man3/SSL_get_generic_value_uint.3ossl
 #usr/share/man/man3/SSL_get_handshake_rtt.3ossl
 #usr/share/man/man3/SSL_get_info_callback.3ossl
 #usr/share/man/man3/SSL_get_key_update_type.3ossl
@@ -5338,6 +5426,10 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_get_privatekey.3ossl
 #usr/share/man/man3/SSL_get_psk_identity.3ossl
 #usr/share/man/man3/SSL_get_psk_identity_hint.3ossl
+#usr/share/man/man3/SSL_get_quic_stream_bidi_local_avail.3ossl
+#usr/share/man/man3/SSL_get_quic_stream_bidi_remote_avail.3ossl
+#usr/share/man/man3/SSL_get_quic_stream_uni_local_avail.3ossl
+#usr/share/man/man3/SSL_get_quic_stream_uni_remote_avail.3ossl
 #usr/share/man/man3/SSL_get_quiet_shutdown.3ossl
 #usr/share/man/man3/SSL_get_rbio.3ossl
 #usr/share/man/man3/SSL_get_read_ahead.3ossl
@@ -5373,6 +5465,9 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_get_stream_read_error_code.3ossl
 #usr/share/man/man3/SSL_get_stream_read_state.3ossl
 #usr/share/man/man3/SSL_get_stream_type.3ossl
+#usr/share/man/man3/SSL_get_stream_write_buf_avail.3ossl
+#usr/share/man/man3/SSL_get_stream_write_buf_size.3ossl
+#usr/share/man/man3/SSL_get_stream_write_buf_used.3ossl
 #usr/share/man/man3/SSL_get_stream_write_error_code.3ossl
 #usr/share/man/man3/SSL_get_stream_write_state.3ossl
 #usr/share/man/man3/SSL_get_time.3ossl
@@ -5380,6 +5475,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_get_tlsext_status_ocsp_resp.3ossl
 #usr/share/man/man3/SSL_get_tlsext_status_type.3ossl
 #usr/share/man/man3/SSL_get_tmp_key.3ossl
+#usr/share/man/man3/SSL_get_value_uint.3ossl
 #usr/share/man/man3/SSL_get_verify_callback.3ossl
 #usr/share/man/man3/SSL_get_verify_depth.3ossl
 #usr/share/man/man3/SSL_get_verify_mode.3ossl
@@ -5417,6 +5513,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_peek.3ossl
 #usr/share/man/man3/SSL_peek_ex.3ossl
 #usr/share/man/man3/SSL_pending.3ossl
+#usr/share/man/man3/SSL_poll.3ossl
 #usr/share/man/man3/SSL_psk_client_cb_func.3ossl
 #usr/share/man/man3/SSL_psk_find_session_cb_func.3ossl
 #usr/share/man/man3/SSL_psk_server_cb_func.3ossl
@@ -5481,9 +5578,12 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_set_default_stream_mode.3ossl
 #usr/share/man/man3/SSL_set_dh_auto.3ossl
 #usr/share/man/man3/SSL_set_ecdh_auto.3ossl
+#usr/share/man/man3/SSL_set_event_handling_mode.3ossl
 #usr/share/man/man3/SSL_set_ex_data.3ossl
 #usr/share/man/man3/SSL_set_fd.3ossl
+#usr/share/man/man3/SSL_set_feature_request_uint.3ossl
 #usr/share/man/man3/SSL_set_generate_session_id.3ossl
+#usr/share/man/man3/SSL_set_generic_value_uint.3ossl
 #usr/share/man/man3/SSL_set_hostflags.3ossl
 #usr/share/man/man3/SSL_set_incoming_stream_policy.3ossl
 #usr/share/man/man3/SSL_set_info_callback.3ossl
@@ -5531,6 +5631,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_set_tmp_dh_callback.3ossl
 #usr/share/man/man3/SSL_set_tmp_ecdh.3ossl
 #usr/share/man/man3/SSL_set_trust.3ossl
+#usr/share/man/man3/SSL_set_value_uint.3ossl
 #usr/share/man/man3/SSL_set_verify.3ossl
 #usr/share/man/man3/SSL_set_verify_depth.3ossl
 #usr/share/man/man3/SSL_set_verify_result.3ossl
@@ -5572,6 +5673,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_write.3ossl
 #usr/share/man/man3/SSL_write_early_data.3ossl
 #usr/share/man/man3/SSL_write_ex.3ossl
+#usr/share/man/man3/SSL_write_ex2.3ossl
 #usr/share/man/man3/SSLv23_client_method.3ossl
 #usr/share/man/man3/SSLv23_method.3ossl
 #usr/share/man/man3/SSLv23_server_method.3ossl
@@ -6008,6 +6110,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/X509_STORE_get0_objects.3ossl
 #usr/share/man/man3/X509_STORE_get0_param.3ossl
 #usr/share/man/man3/X509_STORE_get1_all_certs.3ossl
+#usr/share/man/man3/X509_STORE_get1_objects.3ossl
 #usr/share/man/man3/X509_STORE_get_cert_crl.3ossl
 #usr/share/man/man3/X509_STORE_get_check_crl.3ossl
 #usr/share/man/man3/X509_STORE_get_check_issued.3ossl
@@ -6852,6 +6955,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man7/openssl-core_names.h.7ossl
 #usr/share/man/man7/openssl-env.7ossl
 #usr/share/man/man7/openssl-glossary.7ossl
+#usr/share/man/man7/openssl-qlog.7ossl
 #usr/share/man/man7/openssl-quic.7ossl
 #usr/share/man/man7/openssl-threads.7ossl
 #usr/share/man/man7/openssl_user_macros.7ossl
diff --git a/lfs/openssl b/lfs/openssl
index 695035742..a714d4dcd 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.2.1
+VER        = 3.3.0
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347
+$(DL_FILE)_BLAKE2 = c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501
 
 install : $(TARGET)