From nobody Wed Jun 10 15:33:05 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gb8tc0rfTz6gfNM for ; Wed, 10 Jun 2026 15:33:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gb8tZ6gpxz3cYx for ; Wed, 10 Jun 2026 15:33:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781105590; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bnbz12pcKDLzsKN1u9t3RoTfhlelU6vrRi1n+CGTvrE=; b=c3zpJRduVdvlSNJN/4vr7ZAwJA699bItWsYPzP9/V9hQFhH/M0yqTkw2Hnv5Gelt6KEShq dSEYxaEEdMeSj/PGFLOzV99O7lixoTlFMIE8G+Dd5QIkl7CSaUD5r4JNeFN6WZJt+HrspR /M2nxhZoELsLwA53m931PRP+oQKVu8onx3pU7M4NgyiSqD8tqigSGJfrHUHjqRWySinQQ+ rEoreWyfnaC2rutZDdYCMcT6AtkkPGwKf1rKQAEUn+B5I8PT3xl0PRfzoMMC3ods276Nnm sGNd2bO/rYCKvHI5+0QZ4dKi68Htmhg/FlJHO4pvCqnMVHpcQ9Nq5/NhhtwgXw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781105590; a=rsa-sha256; cv=none; b=xwo/E5pOW7Q0ua7/oOmN21lR7/U46QeMCTzm2u0FY2z3X3gfNA5nwjABOW0zKjP82dgU9B oVXfP1NXoi5G/fDH0a0dHUuODy5udOxUvV8VOpWLz1xeNuWBLEMsPEyV1BID/y9wUpAb/B x2LfyJdKz69FN6thNZLiExDkznkOqGid4jivrh4LQGVpccIqdgZxGd+Y6QmJxfdzrq5OpD dgp3DODHrNBsWrdggHjtbl1ce8zSWB3pyRHFas8jWmLeJLFEbsWqsWWVBUo9bKsIUZOqIc e45MdVy3hMVRce+IS0y/DJt1d5T3wF7mLkwuxFnjdUnzXnCebkIA0LRlOPfgyA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781105590; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bnbz12pcKDLzsKN1u9t3RoTfhlelU6vrRi1n+CGTvrE=; b=hdWqK9LCAgn75idnYqwXVGvDRyUdMxT6Zuub9Kb50hacrTNzgkb3r4hToo8+V/vuSLaOPM P6tqOHKxJrxzxnfYhGFkBYUX5yZY3oDRbH/71k0PmH+0BHRnc7t+b2UmFQz3JHO6WeX9uj YZ8gTH0eflZdhIdKCh6mabIHiU6E+PSS4cD0BLUkTNSsbVJSQPITWu6Xz6K1zKq15rtVSW QcucbzYcYAviQ/Um4JwRoWsugSzEkWC6ErQ5QcZ13iyB32Jd2x4HrQVB1/+miJ5qe1TIC/ HKdSTtRXuEb7k442dcoAw+RIs6Wvw+KLotzxT6FT1Qnc7yz9jnJEbrVldZ895Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gb8tZ6Fxxz1Pp0 for ; Wed, 10 Jun 2026 15:33:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 312c6 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 10 Jun 2026 15:33:05 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Enji Cooper Subject: git: 1523ccfd9c8c - main - MFV: openssl 3.5.7 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ngie X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1523ccfd9c8c254f7928143d31c305384b05fd11 Auto-Submitted: auto-generated Date: Wed, 10 Jun 2026 15:33:05 +0000 Message-Id: <6a2983b1.312c6.27c0ff6b@gitrepo.freebsd.org> The branch main has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=1523ccfd9c8c254f7928143d31c305384b05fd11 commit 1523ccfd9c8c254f7928143d31c305384b05fd11 Merge: 4bdcff554368 3a71a35ad9da Author: Enji Cooper AuthorDate: 2026-06-10 15:25:28 +0000 Commit: Enji Cooper CommitDate: 2026-06-10 15:31:07 +0000 MFV: openssl 3.5.7 This change is a security release which resolves several issues with OpenSSL 3.5, the highest severity issue being ranked "High". Users are strongly encouraged to update to this release. More information about the release (from a high level) can be found in the release notes [1]. 1. https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md All conflicts were resolved with `--theirs`, taking the release diff over the local diff; the conflicts occurred due to preemptive security fixes applied by so@ in e508c343. MFC after: 3 days (the important security issues have been preemptively addressed) Merge commit '3a71a35ad9dad0e5d2cad8efecc8ba9d57c42d43' Conflicts: crypto/openssl/include/internal/quic_channel.h crypto/openssl/ssl/quic/quic_channel_local.h crypto/openssl/ssl/quic/quic_rx_depack.c crypto/openssl/test/cmsapitest.c crypto/openssl/test/evp_extra_test.c crypto/openssl/CHANGES.md | 316 + crypto/openssl/Configurations/README.md | 2 +- crypto/openssl/Configure | 25 +- crypto/openssl/NEWS.md | 72 +- crypto/openssl/VERSION.dat | 4 +- crypto/openssl/apps/enc.c | 4 +- crypto/openssl/apps/lib/apps.c | 15 +- crypto/openssl/apps/lib/cmp_mock_srv.c | 4 +- crypto/openssl/apps/list.c | 5 +- crypto/openssl/apps/s_client.c | 14 +- crypto/openssl/apps/skeyutl.c | 4 +- crypto/openssl/apps/speed.c | 7 +- crypto/openssl/apps/testdsa.h | 1476 +-- crypto/openssl/apps/testrsa.h | 4916 +--------- crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl | 17 +- crypto/openssl/crypto/asn1/a_d2i_fp.c | 66 +- crypto/openssl/crypto/asn1/a_mbstr.c | 2 +- crypto/openssl/crypto/asn1/asn1_lib.c | 4 +- crypto/openssl/crypto/asn1/asn_mime.c | 16 +- crypto/openssl/crypto/asn1/tasn_dec.c | 2 +- crypto/openssl/crypto/bio/bss_dgram.c | 4 +- crypto/openssl/crypto/bio/bss_dgram_pair.c | 3 +- crypto/openssl/crypto/bn/bn_const.c | 249 +- crypto/openssl/crypto/bn/bn_mod.c | 14 +- crypto/openssl/crypto/cast/cast_s.h | 2306 +---- crypto/openssl/crypto/chacha/asm/chachap10-ppc.pl | 50 +- crypto/openssl/crypto/cmp/cmp_genm.c | 13 +- crypto/openssl/crypto/cms/cms_enc.c | 2 +- crypto/openssl/crypto/cms/cms_env.c | 2 +- crypto/openssl/crypto/cms/cms_pwri.c | 2 +- crypto/openssl/crypto/crmf/crmf_lib.c | 2 +- crypto/openssl/crypto/des/fcrypt.c | 143 +- crypto/openssl/crypto/dso/dso_win32.c | 4 +- crypto/openssl/crypto/ec/curve448/scalar.c | 3 +- crypto/openssl/crypto/ec/curve448/word.h | 9 +- crypto/openssl/crypto/ec/ec_curve.c | 236 +- crypto/openssl/crypto/ec/ec_lib.c | 3 +- crypto/openssl/crypto/ec/ecp_s390x_nistp.c | 36 +- crypto/openssl/crypto/ec/ecp_sm2p256.c | 7 +- crypto/openssl/crypto/evp/asymcipher.c | 4 +- crypto/openssl/crypto/evp/e_aes.c | 2 +- crypto/openssl/crypto/evp/encode.c | 282 +- crypto/openssl/crypto/evp/evp_lib.c | 2 +- crypto/openssl/crypto/evp/kem.c | 2 + crypto/openssl/crypto/evp/m_sigver.c | 4 +- crypto/openssl/crypto/evp/signature.c | 2 + crypto/openssl/crypto/ffc/ffc_params.c | 10 +- crypto/openssl/crypto/hashtable/hashtable.c | 55 +- crypto/openssl/crypto/hpke/hpke_util.c | 7 +- crypto/openssl/crypto/http/http_client.c | 28 +- crypto/openssl/crypto/http/http_lib.c | 3 + crypto/openssl/crypto/initthread.c | 30 +- crypto/openssl/crypto/md2/md2_dgst.c | 284 +- crypto/openssl/crypto/ml_dsa/ml_dsa_key.c | 4 +- crypto/openssl/crypto/modes/wrap128.c | 15 +- crypto/openssl/crypto/objects/obj_dat.c | 6 +- crypto/openssl/crypto/objects/obj_lib.c | 4 +- crypto/openssl/crypto/param_build.c | 6 +- crypto/openssl/crypto/param_build_set.c | 7 +- crypto/openssl/crypto/pkcs12/p12_decr.c | 2 +- crypto/openssl/crypto/pkcs7/pk7_smime.c | 2 +- crypto/openssl/crypto/rc2/rc2_skey.c | 284 +- crypto/openssl/crypto/slh_dsa/slh_dsa_key.c | 5 +- crypto/openssl/crypto/sm2/sm2_crypt.c | 17 +- crypto/openssl/crypto/sm2/sm2_sign.c | 7 +- crypto/openssl/crypto/threads_none.c | 30 +- crypto/openssl/crypto/threads_pthread.c | 36 +- crypto/openssl/crypto/threads_win.c | 36 +- crypto/openssl/crypto/x509/v3_ist.c | 6 +- crypto/openssl/demos/cipher/aeskeywrap.c | 100 +- crypto/openssl/demos/cipher/ariacbc.c | 20 +- crypto/openssl/demos/digest/EVP_MD_demo.c | 73 +- crypto/openssl/demos/encrypt/rsa_encrypt.h | 1638 +--- crypto/openssl/demos/mac/cmac-aes256.c | 56 +- crypto/openssl/demos/mac/hmac-sha512.c | 144 +- .../demos/signature/EVP_EC_Signature_demo.h | 772 +- crypto/openssl/doc/fingerprints.txt | 3 + .../doc/internal/man3/ossl_rcu_lock_new.pod | 86 +- crypto/openssl/doc/man1/openssl-format-options.pod | 4 +- crypto/openssl/doc/man1/openssl-pkcs8.pod.in | 4 +- crypto/openssl/doc/man1/openssl-rehash.pod.in | 6 +- crypto/openssl/doc/man1/openssl-s_client.pod.in | 11 +- crypto/openssl/doc/man1/openssl-s_server.pod.in | 19 +- crypto/openssl/doc/man1/openssl-smime.pod.in | 7 +- crypto/openssl/doc/man3/BIO_s_bio.pod | 83 +- crypto/openssl/doc/man3/BN_add.pod | 8 +- crypto/openssl/doc/man3/CMS_decrypt.pod | 2 +- crypto/openssl/doc/man3/EVP_EncryptInit.pod | 3 +- crypto/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod | 6 +- crypto/openssl/doc/man3/OSSL_HTTP_parse_url.pod | 18 +- crypto/openssl/doc/man3/OSSL_HTTP_transfer.pod | 5 +- crypto/openssl/doc/man3/PKCS7_decrypt.pod | 5 +- .../doc/man3/SSL_CTX_set_session_cache_mode.pod | 6 +- .../doc/man3/SSL_CTX_set_session_id_context.pod | 28 +- .../SSL_CTX_set_tlsext_servername_callback.pod | 8 +- crypto/openssl/doc/man3/d2i_X509.pod | 40 +- crypto/openssl/doc/man7/EVP_CIPHER-AES.pod | 6 +- crypto/openssl/doc/man7/openssl-env.pod | 2 + crypto/openssl/doc/man7/provider-asym_cipher.pod | 6 +- crypto/openssl/doc/man7/provider-signature.pod | 3 +- crypto/openssl/fuzz/dtlsserver.c | 3407 +------ crypto/openssl/fuzz/server.c | 2213 +---- crypto/openssl/include/crypto/riscv_arch.h | 4 +- crypto/openssl/include/internal/cryptlib.h | 4 +- crypto/openssl/include/internal/quic_cfq.h | 2 +- crypto/openssl/include/internal/quic_channel.h | 8 +- crypto/openssl/include/internal/quic_fifd.h | 2 +- crypto/openssl/include/internal/quic_stream_map.h | 5 +- crypto/openssl/include/internal/rcu.h | 9 +- crypto/openssl/include/openssl/bn.h | 6 +- crypto/openssl/include/openssl/ssl.h.in | 4 +- crypto/openssl/include/openssl/x509_acert.h.in | 10 +- crypto/openssl/providers/defltprov.c | 10 +- crypto/openssl/providers/fips-sources.checksums | 66 +- crypto/openssl/providers/fips.checksum | 2 +- crypto/openssl/providers/fips.module.sources | 2 +- crypto/openssl/providers/fips/self_test_data.inc | 203 +- .../ciphers/cipher_aes_gcm_hw_rv64i.inc | 7 +- .../ciphers/cipher_aes_gcm_siv_hw.c | 2 +- .../implementations/ciphers/cipher_aes_siv.c | 2 +- .../implementations/encode_decode/ml_dsa_codecs.c | 308 +- .../implementations/encode_decode/ml_dsa_codecs.h | 12 +- .../implementations/encode_decode/ml_kem_codecs.h | 12 +- .../providers/implementations/exchange/dh_exch.c | 2 +- .../implementations/include/prov/implementations.h | 4 +- .../providers/implementations/keymgmt/ecx_kmgmt.c | 46 +- .../implementations/keymgmt/ml_kem_kmgmt.c | 8 +- .../providers/implementations/keymgmt/mlx_kmgmt.c | 13 +- .../providers/implementations/macs/poly1305_prov.c | 8 +- .../providers/implementations/signature/rsa_sig.c | 21 +- .../implementations/signature/slh_dsa_sig.c | 7 +- crypto/openssl/ssl/quic/quic_ackm.c | 4 +- crypto/openssl/ssl/quic/quic_cfq.c | 2 +- crypto/openssl/ssl/quic/quic_channel.c | 18 +- crypto/openssl/ssl/quic/quic_channel_local.h | 4 + crypto/openssl/ssl/quic/quic_fifd.c | 2 +- crypto/openssl/ssl/quic/quic_impl.c | 20 +- crypto/openssl/ssl/quic/quic_port.c | 36 +- crypto/openssl/ssl/quic/quic_record_rx.c | 10 +- crypto/openssl/ssl/quic/quic_record_shared.c | 103 +- crypto/openssl/ssl/quic/quic_record_tx.c | 62 +- crypto/openssl/ssl/quic/quic_rx_depack.c | 12 + crypto/openssl/ssl/quic/quic_stream_map.c | 7 + crypto/openssl/ssl/quic/quic_txp.c | 2 +- crypto/openssl/ssl/quic/uint_set.c | 1 + crypto/openssl/ssl/record/methods/ktls_meth.c | 22 +- crypto/openssl/ssl/record/methods/tls_common.c | 26 +- crypto/openssl/ssl/ssl_ciph.c | 6 +- crypto/openssl/ssl/ssl_rsa.c | 6 +- crypto/openssl/ssl/statem/extensions_cust.c | 5 +- crypto/openssl/ssl/statem/extensions_srvr.c | 17 +- crypto/openssl/ssl/statem/statem.c | 28 +- crypto/openssl/ssl/statem/statem_clnt.c | 8 +- crypto/openssl/ssl/statem/statem_lib.c | 40 +- crypto/openssl/ssl/statem/statem_srvr.c | 15 +- crypto/openssl/ssl/t1_lib.c | 35 +- crypto/openssl/ssl/t1_trce.c | 43 +- crypto/openssl/test/asn1_decode_test.c | 32 +- crypto/openssl/test/bad_dtls_test.c | 193 +- crypto/openssl/test/bio_tfo_test.c | 16 +- crypto/openssl/test/build.info | 7 + crypto/openssl/test/chacha_internal_test.c | 82 +- crypto/openssl/test/cipherlist_test.c | 57 +- .../openssl/test/cms-msg/make_missing_kdf_der.py | 137 + crypto/openssl/test/cms-msg/missing-kdf.der | Bin 0 -> 190 bytes crypto/openssl/test/cmsapitest.c | 188 + crypto/openssl/test/destest.c | 118 +- crypto/openssl/test/dsatest.c | 188 +- crypto/openssl/test/ectest.c | 511 +- crypto/openssl/test/endecode_test.c | 35 +- crypto/openssl/test/enginetest.c | 13 +- crypto/openssl/test/evp_extra_test.c | 451 +- crypto/openssl/test/evp_extra_test2.c | 2438 +---- crypto/openssl/test/evp_kdf_test.c | 420 +- crypto/openssl/test/evp_libctx_test.c | 180 +- crypto/openssl/test/evp_pkey_provided_test.c | 81 +- crypto/openssl/test/evp_skey_test.c | 20 +- crypto/openssl/test/helpers/predefined_dhparams.c | 525 +- crypto/openssl/test/hpke_test.c | 146 +- crypto/openssl/test/http_test.c | 62 + crypto/openssl/test/ideatest.c | 20 +- crypto/openssl/test/ml_kem_evp_extra_test.c | 77 +- crypto/openssl/test/param_build_test.c | 12 +- crypto/openssl/test/pbetest.c | 101 +- crypto/openssl/test/pkcs12_format_test.c | 3105 +----- crypto/openssl/test/quic_record_test.c | 9871 +++----------------- crypto/openssl/test/quic_txp_test.c | 20 +- crypto/openssl/test/quic_wire_test.c | 18 +- crypto/openssl/test/quicapitest.c | 150 + crypto/openssl/test/radix/quic_tests.c | 193 +- crypto/openssl/test/radix/terp.c | 4 +- crypto/openssl/test/recipes/70-test_tls13ticket.t | 26 + crypto/openssl/test/recipes/80-test_cms.t | 38 +- crypto/openssl/test/siphash_internal_test.c | 1922 +--- .../test/smime-eml/pkcs7-empty-digest-set.eml | 45 + crypto/openssl/test/sslapitest.c | 452 +- crypto/openssl/test/stack_test.c | 64 +- crypto/openssl/test/threadstest.c | 11 +- crypto/openssl/test/tls13tickettest.c | 157 + crypto/openssl/test/x509_test.c | 18 +- crypto/openssl/util/missingcrypto.txt | 4 - crypto/openssl/util/missingcrypto111.txt | 4 - 202 files changed, 7952 insertions(+), 35616 deletions(-) diff --cc crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl index 27233d03af7b,372778e424e7..372778e424e7 mode 100755,100644..100755 --- a/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl +++ b/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl diff --cc crypto/openssl/test/cms-msg/make_missing_kdf_der.py index 000000000000,5b3fc0f6eeda..5b3fc0f6eeda mode 000000,100755..100755 --- a/crypto/openssl/test/cms-msg/make_missing_kdf_der.py +++ b/crypto/openssl/test/cms-msg/make_missing_kdf_der.py diff --cc crypto/openssl/test/cms-msg/missing-kdf.der index 000000000000,3db602e47c23..3db602e47c23 mode 000000,100644..100644 Binary files differ diff --cc crypto/openssl/test/recipes/70-test_tls13ticket.t index 000000000000,0fb782bd0d84..0fb782bd0d84 mode 000000,100644..100644 --- a/crypto/openssl/test/recipes/70-test_tls13ticket.t +++ b/crypto/openssl/test/recipes/70-test_tls13ticket.t diff --cc crypto/openssl/test/smime-eml/pkcs7-empty-digest-set.eml index 000000000000,a6db2c38adfa..a6db2c38adfa mode 000000,100644..100644 --- a/crypto/openssl/test/smime-eml/pkcs7-empty-digest-set.eml +++ b/crypto/openssl/test/smime-eml/pkcs7-empty-digest-set.eml diff --cc crypto/openssl/test/tls13tickettest.c index 000000000000,9470f4169633..9470f4169633 mode 000000,100644..100644 --- a/crypto/openssl/test/tls13tickettest.c +++ b/crypto/openssl/test/tls13tickettest.c