Date: Wed, 10 Jun 2026 15:33:05 +0000 From: Enji Cooper <ngie@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 1523ccfd9c8c - main - MFV: openssl 3.5.7 Message-ID: <6a2983b1.312c6.27c0ff6b@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=1523ccfd9c8c254f7928143d31c305384b05fd11 commit 1523ccfd9c8c254f7928143d31c305384b05fd11 Merge: 4bdcff554368 3a71a35ad9da Author: Enji Cooper <ngie@FreeBSD.org> AuthorDate: 2026-06-10 15:25:28 +0000 Commit: Enji Cooper <ngie@FreeBSD.org> CommitDate: 2026-06-10 15:31:07 +0000 MFV: openssl 3.5.7 This change is a security release which resolves several issues with OpenSSL 3.5, the highest severity issue being ranked "High". Users are strongly encouraged to update to this release. More information about the release (from a high level) can be found in the release notes [1]. 1. https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md All conflicts were resolved with `--theirs`, taking the release diff over the local diff; the conflicts occurred due to preemptive security fixes applied by so@ in e508c343. MFC after: 3 days (the important security issues have been preemptively addressed) Merge commit '3a71a35ad9dad0e5d2cad8efecc8ba9d57c42d43' Conflicts: crypto/openssl/include/internal/quic_channel.h crypto/openssl/ssl/quic/quic_channel_local.h crypto/openssl/ssl/quic/quic_rx_depack.c crypto/openssl/test/cmsapitest.c crypto/openssl/test/evp_extra_test.c crypto/openssl/CHANGES.md | 316 + crypto/openssl/Configurations/README.md | 2 +- crypto/openssl/Configure | 25 +- crypto/openssl/NEWS.md | 72 +- crypto/openssl/VERSION.dat | 4 +- crypto/openssl/apps/enc.c | 4 +- crypto/openssl/apps/lib/apps.c | 15 +- crypto/openssl/apps/lib/cmp_mock_srv.c | 4 +- crypto/openssl/apps/list.c | 5 +- crypto/openssl/apps/s_client.c | 14 +- crypto/openssl/apps/skeyutl.c | 4 +- crypto/openssl/apps/speed.c | 7 +- crypto/openssl/apps/testdsa.h | 1476 +-- crypto/openssl/apps/testrsa.h | 4916 +--------- crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl | 17 +- crypto/openssl/crypto/asn1/a_d2i_fp.c | 66 +- crypto/openssl/crypto/asn1/a_mbstr.c | 2 +- crypto/openssl/crypto/asn1/asn1_lib.c | 4 +- crypto/openssl/crypto/asn1/asn_mime.c | 16 +- crypto/openssl/crypto/asn1/tasn_dec.c | 2 +- crypto/openssl/crypto/bio/bss_dgram.c | 4 +- crypto/openssl/crypto/bio/bss_dgram_pair.c | 3 +- crypto/openssl/crypto/bn/bn_const.c | 249 +- crypto/openssl/crypto/bn/bn_mod.c | 14 +- crypto/openssl/crypto/cast/cast_s.h | 2306 +---- crypto/openssl/crypto/chacha/asm/chachap10-ppc.pl | 50 +- crypto/openssl/crypto/cmp/cmp_genm.c | 13 +- crypto/openssl/crypto/cms/cms_enc.c | 2 +- crypto/openssl/crypto/cms/cms_env.c | 2 +- crypto/openssl/crypto/cms/cms_pwri.c | 2 +- crypto/openssl/crypto/crmf/crmf_lib.c | 2 +- crypto/openssl/crypto/des/fcrypt.c | 143 +- crypto/openssl/crypto/dso/dso_win32.c | 4 +- crypto/openssl/crypto/ec/curve448/scalar.c | 3 +- crypto/openssl/crypto/ec/curve448/word.h | 9 +- crypto/openssl/crypto/ec/ec_curve.c | 236 +- crypto/openssl/crypto/ec/ec_lib.c | 3 +- crypto/openssl/crypto/ec/ecp_s390x_nistp.c | 36 +- crypto/openssl/crypto/ec/ecp_sm2p256.c | 7 +- crypto/openssl/crypto/evp/asymcipher.c | 4 +- crypto/openssl/crypto/evp/e_aes.c | 2 +- crypto/openssl/crypto/evp/encode.c | 282 +- crypto/openssl/crypto/evp/evp_lib.c | 2 +- crypto/openssl/crypto/evp/kem.c | 2 + crypto/openssl/crypto/evp/m_sigver.c | 4 +- crypto/openssl/crypto/evp/signature.c | 2 + crypto/openssl/crypto/ffc/ffc_params.c | 10 +- crypto/openssl/crypto/hashtable/hashtable.c | 55 +- crypto/openssl/crypto/hpke/hpke_util.c | 7 +- crypto/openssl/crypto/http/http_client.c | 28 +- crypto/openssl/crypto/http/http_lib.c | 3 + crypto/openssl/crypto/initthread.c | 30 +- crypto/openssl/crypto/md2/md2_dgst.c | 284 +- crypto/openssl/crypto/ml_dsa/ml_dsa_key.c | 4 +- crypto/openssl/crypto/modes/wrap128.c | 15 +- crypto/openssl/crypto/objects/obj_dat.c | 6 +- crypto/openssl/crypto/objects/obj_lib.c | 4 +- crypto/openssl/crypto/param_build.c | 6 +- crypto/openssl/crypto/param_build_set.c | 7 +- crypto/openssl/crypto/pkcs12/p12_decr.c | 2 +- crypto/openssl/crypto/pkcs7/pk7_smime.c | 2 +- crypto/openssl/crypto/rc2/rc2_skey.c | 284 +- crypto/openssl/crypto/slh_dsa/slh_dsa_key.c | 5 +- crypto/openssl/crypto/sm2/sm2_crypt.c | 17 +- crypto/openssl/crypto/sm2/sm2_sign.c | 7 +- crypto/openssl/crypto/threads_none.c | 30 +- crypto/openssl/crypto/threads_pthread.c | 36 +- crypto/openssl/crypto/threads_win.c | 36 +- crypto/openssl/crypto/x509/v3_ist.c | 6 +- crypto/openssl/demos/cipher/aeskeywrap.c | 100 +- crypto/openssl/demos/cipher/ariacbc.c | 20 +- crypto/openssl/demos/digest/EVP_MD_demo.c | 73 +- crypto/openssl/demos/encrypt/rsa_encrypt.h | 1638 +--- crypto/openssl/demos/mac/cmac-aes256.c | 56 +- crypto/openssl/demos/mac/hmac-sha512.c | 144 +- .../demos/signature/EVP_EC_Signature_demo.h | 772 +- crypto/openssl/doc/fingerprints.txt | 3 + .../doc/internal/man3/ossl_rcu_lock_new.pod | 86 +- crypto/openssl/doc/man1/openssl-format-options.pod | 4 +- crypto/openssl/doc/man1/openssl-pkcs8.pod.in | 4 +- crypto/openssl/doc/man1/openssl-rehash.pod.in | 6 +- crypto/openssl/doc/man1/openssl-s_client.pod.in | 11 +- crypto/openssl/doc/man1/openssl-s_server.pod.in | 19 +- crypto/openssl/doc/man1/openssl-smime.pod.in | 7 +- crypto/openssl/doc/man3/BIO_s_bio.pod | 83 +- crypto/openssl/doc/man3/BN_add.pod | 8 +- crypto/openssl/doc/man3/CMS_decrypt.pod | 2 +- crypto/openssl/doc/man3/EVP_EncryptInit.pod | 3 +- crypto/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod | 6 +- crypto/openssl/doc/man3/OSSL_HTTP_parse_url.pod | 18 +- crypto/openssl/doc/man3/OSSL_HTTP_transfer.pod | 5 +- crypto/openssl/doc/man3/PKCS7_decrypt.pod | 5 +- .../doc/man3/SSL_CTX_set_session_cache_mode.pod | 6 +- .../doc/man3/SSL_CTX_set_session_id_context.pod | 28 +- .../SSL_CTX_set_tlsext_servername_callback.pod | 8 +- crypto/openssl/doc/man3/d2i_X509.pod | 40 +- crypto/openssl/doc/man7/EVP_CIPHER-AES.pod | 6 +- crypto/openssl/doc/man7/openssl-env.pod | 2 + crypto/openssl/doc/man7/provider-asym_cipher.pod | 6 +- crypto/openssl/doc/man7/provider-signature.pod | 3 +- crypto/openssl/fuzz/dtlsserver.c | 3407 +------ crypto/openssl/fuzz/server.c | 2213 +---- crypto/openssl/include/crypto/riscv_arch.h | 4 +- crypto/openssl/include/internal/cryptlib.h | 4 +- crypto/openssl/include/internal/quic_cfq.h | 2 +- crypto/openssl/include/internal/quic_channel.h | 8 +- crypto/openssl/include/internal/quic_fifd.h | 2 +- crypto/openssl/include/internal/quic_stream_map.h | 5 +- crypto/openssl/include/internal/rcu.h | 9 +- crypto/openssl/include/openssl/bn.h | 6 +- crypto/openssl/include/openssl/ssl.h.in | 4 +- crypto/openssl/include/openssl/x509_acert.h.in | 10 +- crypto/openssl/providers/defltprov.c | 10 +- crypto/openssl/providers/fips-sources.checksums | 66 +- crypto/openssl/providers/fips.checksum | 2 +- crypto/openssl/providers/fips.module.sources | 2 +- crypto/openssl/providers/fips/self_test_data.inc | 203 +- .../ciphers/cipher_aes_gcm_hw_rv64i.inc | 7 +- .../ciphers/cipher_aes_gcm_siv_hw.c | 2 +- .../implementations/ciphers/cipher_aes_siv.c | 2 +- .../implementations/encode_decode/ml_dsa_codecs.c | 308 +- .../implementations/encode_decode/ml_dsa_codecs.h | 12 +- .../implementations/encode_decode/ml_kem_codecs.h | 12 +- .../providers/implementations/exchange/dh_exch.c | 2 +- .../implementations/include/prov/implementations.h | 4 +- .../providers/implementations/keymgmt/ecx_kmgmt.c | 46 +- .../implementations/keymgmt/ml_kem_kmgmt.c | 8 +- .../providers/implementations/keymgmt/mlx_kmgmt.c | 13 +- .../providers/implementations/macs/poly1305_prov.c | 8 +- .../providers/implementations/signature/rsa_sig.c | 21 +- .../implementations/signature/slh_dsa_sig.c | 7 +- crypto/openssl/ssl/quic/quic_ackm.c | 4 +- crypto/openssl/ssl/quic/quic_cfq.c | 2 +- crypto/openssl/ssl/quic/quic_channel.c | 18 +- crypto/openssl/ssl/quic/quic_channel_local.h | 4 + crypto/openssl/ssl/quic/quic_fifd.c | 2 +- crypto/openssl/ssl/quic/quic_impl.c | 20 +- crypto/openssl/ssl/quic/quic_port.c | 36 +- crypto/openssl/ssl/quic/quic_record_rx.c | 10 +- crypto/openssl/ssl/quic/quic_record_shared.c | 103 +- crypto/openssl/ssl/quic/quic_record_tx.c | 62 +- crypto/openssl/ssl/quic/quic_rx_depack.c | 12 + crypto/openssl/ssl/quic/quic_stream_map.c | 7 + crypto/openssl/ssl/quic/quic_txp.c | 2 +- crypto/openssl/ssl/quic/uint_set.c | 1 + crypto/openssl/ssl/record/methods/ktls_meth.c | 22 +- crypto/openssl/ssl/record/methods/tls_common.c | 26 +- crypto/openssl/ssl/ssl_ciph.c | 6 +- crypto/openssl/ssl/ssl_rsa.c | 6 +- crypto/openssl/ssl/statem/extensions_cust.c | 5 +- crypto/openssl/ssl/statem/extensions_srvr.c | 17 +- crypto/openssl/ssl/statem/statem.c | 28 +- crypto/openssl/ssl/statem/statem_clnt.c | 8 +- crypto/openssl/ssl/statem/statem_lib.c | 40 +- crypto/openssl/ssl/statem/statem_srvr.c | 15 +- crypto/openssl/ssl/t1_lib.c | 35 +- crypto/openssl/ssl/t1_trce.c | 43 +- crypto/openssl/test/asn1_decode_test.c | 32 +- crypto/openssl/test/bad_dtls_test.c | 193 +- crypto/openssl/test/bio_tfo_test.c | 16 +- crypto/openssl/test/build.info | 7 + crypto/openssl/test/chacha_internal_test.c | 82 +- crypto/openssl/test/cipherlist_test.c | 57 +- .../openssl/test/cms-msg/make_missing_kdf_der.py | 137 + crypto/openssl/test/cms-msg/missing-kdf.der | Bin 0 -> 190 bytes crypto/openssl/test/cmsapitest.c | 188 + crypto/openssl/test/destest.c | 118 +- crypto/openssl/test/dsatest.c | 188 +- crypto/openssl/test/ectest.c | 511 +- crypto/openssl/test/endecode_test.c | 35 +- crypto/openssl/test/enginetest.c | 13 +- crypto/openssl/test/evp_extra_test.c | 451 +- crypto/openssl/test/evp_extra_test2.c | 2438 +---- crypto/openssl/test/evp_kdf_test.c | 420 +- crypto/openssl/test/evp_libctx_test.c | 180 +- crypto/openssl/test/evp_pkey_provided_test.c | 81 +- crypto/openssl/test/evp_skey_test.c | 20 +- crypto/openssl/test/helpers/predefined_dhparams.c | 525 +- crypto/openssl/test/hpke_test.c | 146 +- crypto/openssl/test/http_test.c | 62 + crypto/openssl/test/ideatest.c | 20 +- crypto/openssl/test/ml_kem_evp_extra_test.c | 77 +- crypto/openssl/test/param_build_test.c | 12 +- crypto/openssl/test/pbetest.c | 101 +- crypto/openssl/test/pkcs12_format_test.c | 3105 +----- crypto/openssl/test/quic_record_test.c | 9871 +++----------------- crypto/openssl/test/quic_txp_test.c | 20 +- crypto/openssl/test/quic_wire_test.c | 18 +- crypto/openssl/test/quicapitest.c | 150 + crypto/openssl/test/radix/quic_tests.c | 193 +- crypto/openssl/test/radix/terp.c | 4 +- crypto/openssl/test/recipes/70-test_tls13ticket.t | 26 + crypto/openssl/test/recipes/80-test_cms.t | 38 +- crypto/openssl/test/siphash_internal_test.c | 1922 +--- .../test/smime-eml/pkcs7-empty-digest-set.eml | 45 + crypto/openssl/test/sslapitest.c | 452 +- crypto/openssl/test/stack_test.c | 64 +- crypto/openssl/test/threadstest.c | 11 +- crypto/openssl/test/tls13tickettest.c | 157 + crypto/openssl/test/x509_test.c | 18 +- crypto/openssl/util/missingcrypto.txt | 4 - crypto/openssl/util/missingcrypto111.txt | 4 - 202 files changed, 7952 insertions(+), 35616 deletions(-) diff --cc crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl index 27233d03af7b,372778e424e7..372778e424e7 mode 100755,100644..100755 --- a/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl +++ b/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl diff --cc crypto/openssl/test/cms-msg/make_missing_kdf_der.py index 000000000000,5b3fc0f6eeda..5b3fc0f6eeda mode 000000,100755..100755 --- a/crypto/openssl/test/cms-msg/make_missing_kdf_der.py +++ b/crypto/openssl/test/cms-msg/make_missing_kdf_der.py diff --cc crypto/openssl/test/cms-msg/missing-kdf.der index 000000000000,3db602e47c23..3db602e47c23 mode 000000,100644..100644 Binary files differ diff --cc crypto/openssl/test/recipes/70-test_tls13ticket.t index 000000000000,0fb782bd0d84..0fb782bd0d84 mode 000000,100644..100644 --- a/crypto/openssl/test/recipes/70-test_tls13ticket.t +++ b/crypto/openssl/test/recipes/70-test_tls13ticket.t diff --cc crypto/openssl/test/smime-eml/pkcs7-empty-digest-set.eml index 000000000000,a6db2c38adfa..a6db2c38adfa mode 000000,100644..100644 --- a/crypto/openssl/test/smime-eml/pkcs7-empty-digest-set.eml +++ b/crypto/openssl/test/smime-eml/pkcs7-empty-digest-set.eml diff --cc crypto/openssl/test/tls13tickettest.c index 000000000000,9470f4169633..9470f4169633 mode 000000,100644..100644 --- a/crypto/openssl/test/tls13tickettest.c +++ b/crypto/openssl/test/tls13tickettest.chome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a2983b1.312c6.27c0ff6b>