From 3b3892373596f544d297b45704654aeacc60d170 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Wed, 6 Dec 2023 16:29:50 -0500
Subject: [PATCH 1/9] fixes #2119 -- use ErrorStack abstraction in X.509 error
 handling

---
 openssl/src/x509/mod.rs | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 8458e7313d..328be5b25f 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -383,11 +383,6 @@ foreign_type_and_impl_send_sync! {
     pub struct X509Ref;
 }
 
-#[cfg(boringssl)]
-type X509LenTy = c_uint;
-#[cfg(not(boringssl))]
-type X509LenTy = c_int;
-
 impl X509Ref {
     /// Returns this certificate's subject name.
     #[corresponds(X509_get_subject_name)]
@@ -760,15 +755,16 @@ impl X509 {
                 let r =
                     ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut());
                 if r.is_null() {
-                    let err = ffi::ERR_peek_last_error();
-                    if ffi::ERR_GET_LIB(err) as X509LenTy == ffi::ERR_LIB_PEM
-                        && ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE
+                    let e = ErrorStack::get();
+                    let errors = e.errors();
+                    if !errors.is_empty()
+                        && errors[0].library_code() == ffi::ERR_LIB_PEM as libc::c_int
+                        && errors[0].reason_code() == ffi::PEM_R_NO_START_LINE as libc::c_int
                     {
-                        ffi::ERR_clear_error();
                         break;
                     }
 
-                    return Err(ErrorStack::get());
+                    return Err(e);
                 } else {
                     certs.push(X509(r));
                 }

From 6fb228bebb8b09942242c2741e255c408cdbd0ef Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Wed, 6 Dec 2023 19:26:47 -0500
Subject: [PATCH 2/9] Fix building with latest BoringSSL

---
 .github/workflows/ci.yml  | 2 +-
 openssl/src/lib.rs        | 9 +++++++++
 openssl/src/x509/mod.rs   | 6 +++---
 openssl/src/x509/store.rs | 9 +++------
 4 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 577cc7f0b4..d7f92aacd1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -154,7 +154,7 @@ jobs:
             - false
           library:
             - name: boringssl
-              version: f78fe19fc98e0e6f760e05c6b9d48725004700d0
+              version: e6489902b7fb692875341b8ab5e57f0515f47bc1
             - name: openssl
               version: vendored
             - name: openssl
diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs
index aadc76ec97..a73dbea4cb 100644
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@@ -208,6 +208,15 @@ fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
     }
 }
 
+#[inline]
+fn cvt_p_const<T>(r: *const T) -> Result<*const T, ErrorStack> {
+    if r.is_null() {
+        Err(ErrorStack::get())
+    } else {
+        Ok(r)
+    }
+}
+
 #[inline]
 fn cvt(r: c_int) -> Result<c_int, ErrorStack> {
     if r <= 0 {
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 328be5b25f..c918fed667 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -38,7 +38,7 @@ use crate::ssl::SslRef;
 use crate::stack::{Stack, StackRef, Stackable};
 use crate::string::OpensslString;
 use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
-use crate::{cvt, cvt_n, cvt_p};
+use crate::{cvt, cvt_n, cvt_p, cvt_p_const};
 use openssl_macros::corresponds;
 
 #[cfg(any(ossl102, libressl261))]
@@ -2548,8 +2548,8 @@ impl X509PurposeRef {
     #[corresponds(X509_PURPOSE_get0)]
     pub fn from_idx(idx: c_int) -> Result<&'static X509PurposeRef, ErrorStack> {
         unsafe {
-            let ptr = cvt_p(ffi::X509_PURPOSE_get0(idx))?;
-            Ok(X509PurposeRef::from_ptr(ptr))
+            let ptr = cvt_p_const(ffi::X509_PURPOSE_get0(idx))?;
+            Ok(X509PurposeRef::from_const_ptr(ptr))
         }
     }
 
diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs
index c6cd4f12d5..944a2803e6 100644
--- a/openssl/src/x509/store.rs
+++ b/openssl/src/x509/store.rs
@@ -51,6 +51,7 @@ use crate::ssl::SslFiletype;
 #[cfg(ossl300)]
 use crate::stack::Stack;
 use crate::stack::StackRef;
+use crate::util::ForeignTypeRefExt;
 #[cfg(any(ossl102, libressl261))]
 use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
 use crate::x509::{X509Object, X509PurposeId, X509};
@@ -165,9 +166,7 @@ impl X509Lookup<HashDir> {
     /// directory.
     #[corresponds(X509_LOOKUP_hash_dir)]
     pub fn hash_dir() -> &'static X509LookupMethodRef<HashDir> {
-        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
-        // ok because we only return an immutable reference.
-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir() as *mut _) }
+        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_hash_dir()) }
     }
 }
 
@@ -199,9 +198,7 @@ impl X509Lookup<File> {
     /// into memory at the time the file is added as a lookup source.
     #[corresponds(X509_LOOKUP_file)]
     pub fn file() -> &'static X509LookupMethodRef<File> {
-        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
-        // ok because we only return an immutable reference.
-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_file() as *mut _) }
+        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_file()) }
     }
 }
 

From b55dbb5baeffbfd109864aee1eb970e78d6d9f9e Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 8 Dec 2023 20:58:09 -0500
Subject: [PATCH 3/9] Fix tests on macOS

It seems that `OSSL_PROVIDER_try_load` can leave errors on the stack.
---
 openssl/src/cms.rs      | 14 +++++---------
 openssl/src/provider.rs |  4 ++++
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/openssl/src/cms.rs b/openssl/src/cms.rs
index d11443b5ce..a946230a5a 100644
--- a/openssl/src/cms.rs
+++ b/openssl/src/cms.rs
@@ -475,14 +475,10 @@ mod test {
         // check verification result - this is an invalid signature
         // defined in openssl crypto/cms/cms.h
         const CMS_R_CERTIFICATE_VERIFY_ERROR: i32 = 100;
-        match res {
-            Err(es) => {
-                let error_array = es.errors();
-                assert_eq!(1, error_array.len());
-                let code = error_array[0].code();
-                assert_eq!(ffi::ERR_GET_REASON(code), CMS_R_CERTIFICATE_VERIFY_ERROR);
-            }
-            _ => panic!("expected CMS verification error, got Ok()"),
-        }
+        let es = res.unwrap_err();
+        let error_array = es.errors();
+        assert_eq!(1, error_array.len());
+        let code = error_array[0].reason_code();
+        assert_eq!(code, CMS_R_CERTIFICATE_VERIFY_ERROR);
     }
 }
diff --git a/openssl/src/provider.rs b/openssl/src/provider.rs
index 147fadfdbc..01b5820af5 100644
--- a/openssl/src/provider.rs
+++ b/openssl/src/provider.rs
@@ -55,6 +55,10 @@ impl Provider {
                 retain_fallbacks as _,
             ))?;
 
+            // OSSL_PROVIDER_try_load seems to leave errors on the stack, even
+            // when it succeeds.
+            let _ = ErrorStack::get();
+
             Ok(Provider::from_ptr(p))
         }
     }

From 8a4db4b25154bf3b7fc7b123af4e7787ef9a13e2 Mon Sep 17 00:00:00 2001
From: Theo Buehler <tb@openbsd.org>
Date: Sat, 9 Dec 2023 19:24:59 +0100
Subject: [PATCH 4/9] X509_PURPOSE_get0() will return a const pointer

---
 openssl-sys/build/cfgs.rs           | 3 +++
 openssl-sys/src/handwritten/x509.rs | 4 +---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/openssl-sys/build/cfgs.rs b/openssl-sys/build/cfgs.rs
index 2454ef66a4..91cb734c34 100644
--- a/openssl-sys/build/cfgs.rs
+++ b/openssl-sys/build/cfgs.rs
@@ -62,6 +62,9 @@ pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&
         if libressl_version >= 0x3_08_02_00_0 {
             cfgs.push("libressl382");
         }
+        if libressl_version >= 0x3_09_00_00_0 {
+            cfgs.push("libressl390");
+        }
     } else {
         let openssl_version = openssl_version.unwrap();
 
diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs
index a93142cd2a..107e8182d1 100644
--- a/openssl-sys/src/handwritten/x509.rs
+++ b/openssl-sys/src/handwritten/x509.rs
@@ -703,11 +703,9 @@ const_ptr_api! {
     extern "C" {
         pub fn X509_PURPOSE_get_by_sname(sname: #[const_ptr_if(any(ossl110, libressl280))] c_char) -> c_int;
         pub fn X509_PURPOSE_get_id(purpose: #[const_ptr_if(any(ossl110, libressl280))] X509_PURPOSE) -> c_int;
+        pub fn X509_PURPOSE_get0(idx: c_int) -> #[const_ptr_if(libressl390)] X509_PURPOSE;
     }
 }
-extern "C" {
-    pub fn X509_PURPOSE_get0(idx: c_int) -> *mut X509_PURPOSE;
-}
 
 extern "C" {
     pub fn X509_ATTRIBUTE_new() -> *mut X509_ATTRIBUTE;

From 4d83202cb5a911c05e58aa1cc53d5556a3bd0c32 Mon Sep 17 00:00:00 2001
From: Theo Buehler <tb@openbsd.org>
Date: Sat, 9 Dec 2023 19:27:37 +0100
Subject: [PATCH 5/9] X509V3_EXT_add_alias() will be removed

---
 openssl-sys/src/handwritten/x509v3.rs | 1 +
 openssl/build.rs                      | 3 +++
 openssl/src/x509/mod.rs               | 1 +
 3 files changed, 5 insertions(+)

diff --git a/openssl-sys/src/handwritten/x509v3.rs b/openssl-sys/src/handwritten/x509v3.rs
index 2f59bf6663..1a548c0e25 100644
--- a/openssl-sys/src/handwritten/x509v3.rs
+++ b/openssl-sys/src/handwritten/x509v3.rs
@@ -84,6 +84,7 @@ const_ptr_api! {
 }
 
 extern "C" {
+    #[cfg(not(libressl390))]
     pub fn X509V3_EXT_add_alias(nid_to: c_int, nid_from: c_int) -> c_int;
     pub fn X509V3_EXT_d2i(ext: *mut X509_EXTENSION) -> *mut c_void;
     pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION;
diff --git a/openssl/build.rs b/openssl/build.rs
index 87a9fa06f5..7677abc086 100644
--- a/openssl/build.rs
+++ b/openssl/build.rs
@@ -72,6 +72,9 @@ fn main() {
         if version >= 0x3_08_02_00_0 {
             println!("cargo:rustc-cfg=libressl382");
         }
+        if version >= 0x3_09_00_00_0 {
+            println!("cargo:rustc-cfg=libressl390");
+        }
     }
 
     if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index c918fed667..115193ee05 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -1018,6 +1018,7 @@ impl X509Extension {
     /// # Safety
     ///
     /// This method modifies global state without locking and therefore is not thread safe
+    #[cfg(not(libressl390))]
     #[corresponds(X509V3_EXT_add_alias)]
     #[deprecated(
         note = "Use x509::extension types or new_from_der and then this is not necessary",

From ec8f096e94beb550d7cd34105fe997b037032eb3 Mon Sep 17 00:00:00 2001
From: Neil Shen <overvenus@gmail.com>
Date: Mon, 11 Dec 2023 17:53:23 +0800
Subject: [PATCH 6/9] Add `rand_priv_bytes`

`rand_priv_bytes` has the same semantics as `rand_bytes`, and it is
intended to be used for generating values that should remain private.

Signed-off-by: Neil Shen <overvenus@gmail.com>
---
 openssl-sys/src/handwritten/rand.rs |  3 +++
 openssl/src/rand.rs                 | 34 ++++++++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/openssl-sys/src/handwritten/rand.rs b/openssl-sys/src/handwritten/rand.rs
index 3bf9da5921..df553bd144 100644
--- a/openssl-sys/src/handwritten/rand.rs
+++ b/openssl-sys/src/handwritten/rand.rs
@@ -3,6 +3,9 @@ use libc::*;
 extern "C" {
     pub fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int;
 
+    #[cfg(ossl111)]
+    pub fn RAND_priv_bytes(buf: *mut u8, num: c_int) -> c_int;
+
     #[cfg(ossl111)]
     pub fn RAND_keep_random_devices_open(keep: c_int);
 
diff --git a/openssl/src/rand.rs b/openssl/src/rand.rs
index 8317951f81..b4c134b25e 100644
--- a/openssl/src/rand.rs
+++ b/openssl/src/rand.rs
@@ -37,6 +37,31 @@ pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
     }
 }
 
+/// Fill buffer with cryptographically strong pseudo-random bytes. It is
+/// intended to be used for generating values that should remain private.
+///
+/// # Examples
+///
+/// To generate a buffer with cryptographically strong random bytes:
+///
+/// ```
+/// use openssl::rand::rand_priv_bytes;
+///
+/// let mut buf = [0; 256];
+/// rand_priv_bytes(&mut buf).unwrap();
+/// ```
+///
+/// Requires OpenSSL 1.1.1 or newer.
+#[corresponds(RAND_priv_bytes)]
+#[cfg(ossl111)]
+pub fn rand_priv_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
+    unsafe {
+        ffi::init();
+        assert!(buf.len() <= c_int::max_value() as usize);
+        cvt(ffi::RAND_priv_bytes(buf.as_mut_ptr(), buf.len() as LenType)).map(|_| ())
+    }
+}
+
 /// Controls random device file descriptor behavior.
 ///
 /// Requires OpenSSL 1.1.1 or newer.
@@ -50,11 +75,18 @@ pub fn keep_random_devices_open(keep: bool) {
 
 #[cfg(test)]
 mod tests {
-    use super::rand_bytes;
+    use super::{rand_bytes, rand_priv_bytes};
 
     #[test]
     fn test_rand_bytes() {
         let mut buf = [0; 32];
         rand_bytes(&mut buf).unwrap();
     }
+
+    #[test]
+    #[cfg(ossl111)]
+    fn test_rand_priv_bytes() {
+        let mut buf = [0; 32];
+        rand_priv_bytes(&mut buf).unwrap();
+    }
 }

From 6d2fce23d11ac882af04686e5ef0015504547d5d Mon Sep 17 00:00:00 2001
From: Neil Shen <overvenus@gmail.com>
Date: Wed, 13 Dec 2023 12:44:02 +0800
Subject: [PATCH 7/9] Fix legacy OpenSSL build

Signed-off-by: Neil Shen <overvenus@gmail.com>
---
 openssl/src/rand.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/openssl/src/rand.rs b/openssl/src/rand.rs
index b4c134b25e..ef0f7685cc 100644
--- a/openssl/src/rand.rs
+++ b/openssl/src/rand.rs
@@ -75,18 +75,16 @@ pub fn keep_random_devices_open(keep: bool) {
 
 #[cfg(test)]
 mod tests {
-    use super::{rand_bytes, rand_priv_bytes};
-
     #[test]
     fn test_rand_bytes() {
         let mut buf = [0; 32];
-        rand_bytes(&mut buf).unwrap();
+        super::rand_bytes(&mut buf).unwrap();
     }
 
     #[test]
     #[cfg(ossl111)]
     fn test_rand_priv_bytes() {
         let mut buf = [0; 32];
-        rand_priv_bytes(&mut buf).unwrap();
+        super::rand_priv_bytes(&mut buf).unwrap();
     }
 }

From f6ed2c024e928844be7ff7c0fb34140a4f8d41cd Mon Sep 17 00:00:00 2001
From: Nicklas Warming Jacobsen <nicklas.jacobsen@ocrlabs.com>
Date: Tue, 19 Dec 2023 11:12:00 +0100
Subject: [PATCH 8/9] Add nid for curve brainpoolP320r1

---
 openssl-sys/src/obj_mac.rs | 2 ++
 openssl/src/nid.rs         | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/openssl-sys/src/obj_mac.rs b/openssl-sys/src/obj_mac.rs
index 2c4b6aaeb9..b207da79d0 100644
--- a/openssl-sys/src/obj_mac.rs
+++ b/openssl-sys/src/obj_mac.rs
@@ -97,6 +97,8 @@ pub const NID_sect571r1: c_int = 734;
 #[cfg(ossl110)]
 pub const NID_brainpoolP256r1: c_int = 927;
 #[cfg(ossl110)]
+pub const NID_brainpoolP320r1: c_int = 929;
+#[cfg(ossl110)]
 pub const NID_brainpoolP384r1: c_int = 931;
 #[cfg(ossl110)]
 pub const NID_brainpoolP512r1: c_int = 933;
diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs
index a5bd93ca42..a1f3b1e635 100644
--- a/openssl/src/nid.rs
+++ b/openssl/src/nid.rs
@@ -218,6 +218,8 @@ impl Nid {
     #[cfg(ossl110)]
     pub const BRAINPOOL_P256R1: Nid = Nid(ffi::NID_brainpoolP256r1);
     #[cfg(ossl110)]
+    pub const BRAINPOOL_P320R1: Nid = Nid(ffi::NID_brainpoolP320r1);
+    #[cfg(ossl110)]
     pub const BRAINPOOL_P384R1: Nid = Nid(ffi::NID_brainpoolP384r1);
     #[cfg(ossl110)]
     pub const BRAINPOOL_P512R1: Nid = Nid(ffi::NID_brainpoolP512r1);

From c2c52d81dabfd10d547fc8b0b9aab0b8bc5248bf Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 22 Dec 2023 08:02:16 -0500
Subject: [PATCH 9/9] Release openssl v0.10.62 and openssl-sys v0.9.98

---
 openssl-sys/CHANGELOG.md | 15 ++++++++++++++-
 openssl-sys/Cargo.toml   |  2 +-
 openssl/CHANGELOG.md     | 14 +++++++++++++-
 openssl/Cargo.toml       |  4 ++--
 4 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/openssl-sys/CHANGELOG.md b/openssl-sys/CHANGELOG.md
index e37cdc63da..636a9c1072 100644
--- a/openssl-sys/CHANGELOG.md
+++ b/openssl-sys/CHANGELOG.md
@@ -2,6 +2,18 @@
 
 ## [Unreleased]
 
+## [v0.9.98] - 2023-12-22
+
+### Added
+
+* Added `RAND_priv_bytes`.
+* Added `NID_brainpoolP320r1`.
+
+### Changed
+
+* `X509_PURPOSE_get0` now returns a `const` pointer on LibreSSL 3.9.0+.
+* `X509V3_EXT_add_alias` is removed on LibreSSL 3.9.0+.
+
 ## [v0.9.97] - 2023-12-04
 
 ### Changed
@@ -555,7 +567,8 @@ Fixed builds against OpenSSL built with `no-cast`.
 * Added `X509_verify` and `X509_REQ_verify`.
 * Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.
 
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.97..master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.98..master
+[v0.9.98]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.97...openssl-sys-v0.9.98
 [v0.9.97]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.96...openssl-sys-v0.9.97
 [v0.9.96]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.95...openssl-sys-v0.9.96
 [v0.9.95]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.94...openssl-sys-v0.9.95
diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml
index 4b3ce6c8d1..63c47fe4dd 100644
--- a/openssl-sys/Cargo.toml
+++ b/openssl-sys/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "openssl-sys"
-version = "0.9.97"
+version = "0.9.98"
 authors = [
     "Alex Crichton <alex@alexcrichton.com>",
     "Steven Fackler <sfackler@gmail.com>",
diff --git a/openssl/CHANGELOG.md b/openssl/CHANGELOG.md
index a37da48a9e..3d37e64de3 100644
--- a/openssl/CHANGELOG.md
+++ b/openssl/CHANGELOG.md
@@ -2,6 +2,17 @@
 
 ## [Unreleased]
 
+## [v0.10.62] - 2023-12-22
+
+### Added
+
+* Added `Nid::BRAINPOOL_P320R1`
+* Added `rand_priv_bytes`
+
+### Fixed
+
+* Fixed building on the latest version of BoringSSL
+
 ## [v0.10.61] - 2023-12-04
 
 ### Changed
@@ -858,7 +869,8 @@
 
 Look at the [release tags] for information about older releases.
 
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.62...master
+[v0.10.62]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62
 [v0.10.61]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.60...openssl-v0.10.61
 [v0.10.60]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60
 [v0.10.59]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59
diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml
index 61e3e83053..8846ca57d6 100644
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "openssl"
-version = "0.10.61"
+version = "0.10.62"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
 license = "Apache-2.0"
 description = "OpenSSL bindings"
@@ -30,7 +30,7 @@ libc = "0.2"
 once_cell = "1.5.2"
 
 openssl-macros = { version = "0.1.0", path = "../openssl-macros" }
-ffi = { package = "openssl-sys", version = "0.9.97", path = "../openssl-sys" }
+ffi = { package = "openssl-sys", version = "0.9.98", path = "../openssl-sys" }
 
 [dev-dependencies]
 hex = "0.3"

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>