From nobody Wed Jun 10 15:33:05 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gb8tc2J7Vz6gfY4 for ; Wed, 10 Jun 2026 15:33:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gb8tb05gzz3cc4 for ; Wed, 10 Jun 2026 15:33:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781105591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bnbz12pcKDLzsKN1u9t3RoTfhlelU6vrRi1n+CGTvrE=; b=Sw7UOSKz1IEpElCRYsO2VzdScF+srQDNFw3hdcATvozfdrUalIJoSTLYXYbNGdL/7kJe7T 7a6U8GlISzcTDQoFDwP/7ClPbaz8TqTl4ZSR8I6ynX/zwm9AsIRChrUu1fRSz4vZaVou88 B8SCnjcsVilC2WMGL3s21HcNWBTFdB2CvpO8dhEzFMRR9FbveWnDoowU/SHHNKlwcFom2E +tk+MjOb9kMlwdeo7S2i0ce140wQ5LGLVCILP9v9c1gmcNwrIPBZ3nQHmjxnM+h+WPwP/z vWPsmHB0PwiYVlcj4QK7E/3iVxXU0BQa9DQ1AcAFSJ85oIUijmW11QwxxYKOeQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781105591; a=rsa-sha256; cv=none; b=qHFaRXV24itL9HyCOUITfmdPNhOFDmQW0E/cYL3MmwPNZwkIHcji/QrDjYPA/0vYlW+3fs AViYKuKNRQwCtpneGpSOlURjBC/biAAX384Scg9P3Ly44JzK0NdG/xOeUz7a3MFH37h7S5 s+jNiayDMtniE4ZME7kwJXoskhjynrxVZkyLE5LAbMNuiyQwK91bPogdGpp6TVuixzKUXx uW1OmrebtoOGSUoMrjaEVStpcDaEZy+MagjhgOQ9qf1SMgtDU/7ZmomBZBhFK0X+6HQd4c IzpF/jQUS1O7PwoPGq3N0Wn0bCmIo125PGpW0Lc/9lqoVhagL9olbMjjhKcgPg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781105591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bnbz12pcKDLzsKN1u9t3RoTfhlelU6vrRi1n+CGTvrE=; b=Il65CgfP6QmuxUCB9OBZkIqqr1g6tLrJ4U+BaoXEuV96XXReFBq2KlqGW4uRUh4LeurDQw g8MyWwWBUGeo27rlIQ+OpR9cKdMwKa4Fpa6prd/IQTVT0WaJK/FVcUfA+1lXdGFKtGTgrI tnf4t+7s9G4DQgp5LxSND23qvfLJ9K1Ddh9ErDp+W9fP1jt9n3o+vGcR0MAA2Kgr4yHlro VP/PWDVEADPuXDSxnxvocuJ/+osDMZy4omfL7kVyVucgO/GzwQ27ncB0yQ01NmRT4VOgur B9M9o6Abo/TnRxdFi+lYKO+4eJyF0KTPgJN/zVvTiv6s2E/TsJvM5UGhsHEp2A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gb8tZ6Fzhz1Q2q for ; Wed, 10 Jun 2026 15:33:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 312c6 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 10 Jun 2026 15:33:05 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Enji Cooper Subject: git: 1523ccfd9c8c - main - MFV: openssl 3.5.7 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ngie X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1523ccfd9c8c254f7928143d31c305384b05fd11 Auto-Submitted: auto-generated Date: Wed, 10 Jun 2026 15:33:05 +0000 Message-Id: <6a2983b1.312c6.27c0ff6b@gitrepo.freebsd.org> The branch main has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=1523ccfd9c8c254f7928143d31c305384b05fd11 commit 1523ccfd9c8c254f7928143d31c305384b05fd11 Merge: 4bdcff554368 3a71a35ad9da Author: Enji Cooper AuthorDate: 2026-06-10 15:25:28 +0000 Commit: Enji Cooper CommitDate: 2026-06-10 15:31:07 +0000 MFV: openssl 3.5.7 This change is a security release which resolves several issues with OpenSSL 3.5, the highest severity issue being ranked "High". Users are strongly encouraged to update to this release. More information about the release (from a high level) can be found in the release notes [1]. 1. https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md All conflicts were resolved with `--theirs`, taking the release diff over the local diff; the conflicts occurred due to preemptive security fixes applied by so@ in e508c343. MFC after: 3 days (the important security issues have been preemptively addressed) Merge commit '3a71a35ad9dad0e5d2cad8efecc8ba9d57c42d43' Conflicts: crypto/openssl/include/internal/quic_channel.h crypto/openssl/ssl/quic/quic_channel_local.h crypto/openssl/ssl/quic/quic_rx_depack.c crypto/openssl/test/cmsapitest.c crypto/openssl/test/evp_extra_test.c crypto/openssl/CHANGES.md | 316 + crypto/openssl/Configurations/README.md | 2 +- crypto/openssl/Configure | 25 +- crypto/openssl/NEWS.md | 72 +- crypto/openssl/VERSION.dat | 4 +- crypto/openssl/apps/enc.c | 4 +- crypto/openssl/apps/lib/apps.c | 15 +- crypto/openssl/apps/lib/cmp_mock_srv.c | 4 +- crypto/openssl/apps/list.c | 5 +- crypto/openssl/apps/s_client.c | 14 +- crypto/openssl/apps/skeyutl.c | 4 +- crypto/openssl/apps/speed.c | 7 +- crypto/openssl/apps/testdsa.h | 1476 +-- crypto/openssl/apps/testrsa.h | 4916 +--------- crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl | 17 +- crypto/openssl/crypto/asn1/a_d2i_fp.c | 66 +- crypto/openssl/crypto/asn1/a_mbstr.c | 2 +- crypto/openssl/crypto/asn1/asn1_lib.c | 4 +- crypto/openssl/crypto/asn1/asn_mime.c | 16 +- crypto/openssl/crypto/asn1/tasn_dec.c | 2 +- crypto/openssl/crypto/bio/bss_dgram.c | 4 +- crypto/openssl/crypto/bio/bss_dgram_pair.c | 3 +- crypto/openssl/crypto/bn/bn_const.c | 249 +- crypto/openssl/crypto/bn/bn_mod.c | 14 +- crypto/openssl/crypto/cast/cast_s.h | 2306 +---- crypto/openssl/crypto/chacha/asm/chachap10-ppc.pl | 50 +- crypto/openssl/crypto/cmp/cmp_genm.c | 13 +- crypto/openssl/crypto/cms/cms_enc.c | 2 +- crypto/openssl/crypto/cms/cms_env.c | 2 +- crypto/openssl/crypto/cms/cms_pwri.c | 2 +- crypto/openssl/crypto/crmf/crmf_lib.c | 2 +- crypto/openssl/crypto/des/fcrypt.c | 143 +- crypto/openssl/crypto/dso/dso_win32.c | 4 +- crypto/openssl/crypto/ec/curve448/scalar.c | 3 +- crypto/openssl/crypto/ec/curve448/word.h | 9 +- crypto/openssl/crypto/ec/ec_curve.c | 236 +- crypto/openssl/crypto/ec/ec_lib.c | 3 +- crypto/openssl/crypto/ec/ecp_s390x_nistp.c | 36 +- crypto/openssl/crypto/ec/ecp_sm2p256.c | 7 +- crypto/openssl/crypto/evp/asymcipher.c | 4 +- crypto/openssl/crypto/evp/e_aes.c | 2 +- crypto/openssl/crypto/evp/encode.c | 282 +- crypto/openssl/crypto/evp/evp_lib.c | 2 +- crypto/openssl/crypto/evp/kem.c | 2 + crypto/openssl/crypto/evp/m_sigver.c | 4 +- crypto/openssl/crypto/evp/signature.c | 2 + crypto/openssl/crypto/ffc/ffc_params.c | 10 +- crypto/openssl/crypto/hashtable/hashtable.c | 55 +- crypto/openssl/crypto/hpke/hpke_util.c | 7 +- crypto/openssl/crypto/http/http_client.c | 28 +- crypto/openssl/crypto/http/http_lib.c | 3 + crypto/openssl/crypto/initthread.c | 30 +- crypto/openssl/crypto/md2/md2_dgst.c | 284 +- crypto/openssl/crypto/ml_dsa/ml_dsa_key.c | 4 +- crypto/openssl/crypto/modes/wrap128.c | 15 +- crypto/openssl/crypto/objects/obj_dat.c | 6 +- crypto/openssl/crypto/objects/obj_lib.c | 4 +- crypto/openssl/crypto/param_build.c | 6 +- crypto/openssl/crypto/param_build_set.c | 7 +- crypto/openssl/crypto/pkcs12/p12_decr.c | 2 +- crypto/openssl/crypto/pkcs7/pk7_smime.c | 2 +- crypto/openssl/crypto/rc2/rc2_skey.c | 284 +- crypto/openssl/crypto/slh_dsa/slh_dsa_key.c | 5 +- crypto/openssl/crypto/sm2/sm2_crypt.c | 17 +- crypto/openssl/crypto/sm2/sm2_sign.c | 7 +- crypto/openssl/crypto/threads_none.c | 30 +- crypto/openssl/crypto/threads_pthread.c | 36 +- crypto/openssl/crypto/threads_win.c | 36 +- crypto/openssl/crypto/x509/v3_ist.c | 6 +- crypto/openssl/demos/cipher/aeskeywrap.c | 100 +- crypto/openssl/demos/cipher/ariacbc.c | 20 +- crypto/openssl/demos/digest/EVP_MD_demo.c | 73 +- crypto/openssl/demos/encrypt/rsa_encrypt.h | 1638 +--- crypto/openssl/demos/mac/cmac-aes256.c | 56 +- crypto/openssl/demos/mac/hmac-sha512.c | 144 +- .../demos/signature/EVP_EC_Signature_demo.h | 772 +- crypto/openssl/doc/fingerprints.txt | 3 + .../doc/internal/man3/ossl_rcu_lock_new.pod | 86 +- crypto/openssl/doc/man1/openssl-format-options.pod | 4 +- crypto/openssl/doc/man1/openssl-pkcs8.pod.in | 4 +- crypto/openssl/doc/man1/openssl-rehash.pod.in | 6 +- crypto/openssl/doc/man1/openssl-s_client.pod.in | 11 +- crypto/openssl/doc/man1/openssl-s_server.pod.in | 19 +- crypto/openssl/doc/man1/openssl-smime.pod.in | 7 +- crypto/openssl/doc/man3/BIO_s_bio.pod | 83 +- crypto/openssl/doc/man3/BN_add.pod | 8 +- crypto/openssl/doc/man3/CMS_decrypt.pod | 2 +- crypto/openssl/doc/man3/EVP_EncryptInit.pod | 3 +- crypto/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod | 6 +- crypto/openssl/doc/man3/OSSL_HTTP_parse_url.pod | 18 +- crypto/openssl/doc/man3/OSSL_HTTP_transfer.pod | 5 +- crypto/openssl/doc/man3/PKCS7_decrypt.pod | 5 +- .../doc/man3/SSL_CTX_set_session_cache_mode.pod | 6 +- .../doc/man3/SSL_CTX_set_session_id_context.pod | 28 +- .../SSL_CTX_set_tlsext_servername_callback.pod | 8 +- crypto/openssl/doc/man3/d2i_X509.pod | 40 +- crypto/openssl/doc/man7/EVP_CIPHER-AES.pod | 6 +- crypto/openssl/doc/man7/openssl-env.pod | 2 + crypto/openssl/doc/man7/provider-asym_cipher.pod | 6 +- crypto/openssl/doc/man7/provider-signature.pod | 3 +- crypto/openssl/fuzz/dtlsserver.c | 3407 +------ crypto/openssl/fuzz/server.c | 2213 +---- crypto/openssl/include/crypto/riscv_arch.h | 4 +- crypto/openssl/include/internal/cryptlib.h | 4 +- crypto/openssl/include/internal/quic_cfq.h | 2 +- crypto/openssl/include/internal/quic_channel.h | 8 +- crypto/openssl/include/internal/quic_fifd.h | 2 +- crypto/openssl/include/internal/quic_stream_map.h | 5 +- crypto/openssl/include/internal/rcu.h | 9 +- crypto/openssl/include/openssl/bn.h | 6 +- crypto/openssl/include/openssl/ssl.h.in | 4 +- crypto/openssl/include/openssl/x509_acert.h.in | 10 +- crypto/openssl/providers/defltprov.c | 10 +- crypto/openssl/providers/fips-sources.checksums | 66 +- crypto/openssl/providers/fips.checksum | 2 +- crypto/openssl/providers/fips.module.sources | 2 +- crypto/openssl/providers/fips/self_test_data.inc | 203 +- .../ciphers/cipher_aes_gcm_hw_rv64i.inc | 7 +- .../ciphers/cipher_aes_gcm_siv_hw.c | 2 +- .../implementations/ciphers/cipher_aes_siv.c | 2 +- .../implementations/encode_decode/ml_dsa_codecs.c | 308 +- .../implementations/encode_decode/ml_dsa_codecs.h | 12 +- .../implementations/encode_decode/ml_kem_codecs.h | 12 +- .../providers/implementations/exchange/dh_exch.c | 2 +- .../implementations/include/prov/implementations.h | 4 +- .../providers/implementations/keymgmt/ecx_kmgmt.c | 46 +- .../implementations/keymgmt/ml_kem_kmgmt.c | 8 +- .../providers/implementations/keymgmt/mlx_kmgmt.c | 13 +- .../providers/implementations/macs/poly1305_prov.c | 8 +- .../providers/implementations/signature/rsa_sig.c | 21 +- .../implementations/signature/slh_dsa_sig.c | 7 +- crypto/openssl/ssl/quic/quic_ackm.c | 4 +- crypto/openssl/ssl/quic/quic_cfq.c | 2 +- crypto/openssl/ssl/quic/quic_channel.c | 18 +- crypto/openssl/ssl/quic/quic_channel_local.h | 4 + crypto/openssl/ssl/quic/quic_fifd.c | 2 +- crypto/openssl/ssl/quic/quic_impl.c | 20 +- crypto/openssl/ssl/quic/quic_port.c | 36 +- crypto/openssl/ssl/quic/quic_record_rx.c | 10 +- crypto/openssl/ssl/quic/quic_record_shared.c | 103 +- crypto/openssl/ssl/quic/quic_record_tx.c | 62 +- crypto/openssl/ssl/quic/quic_rx_depack.c | 12 + crypto/openssl/ssl/quic/quic_stream_map.c | 7 + crypto/openssl/ssl/quic/quic_txp.c | 2 +- crypto/openssl/ssl/quic/uint_set.c | 1 + crypto/openssl/ssl/record/methods/ktls_meth.c | 22 +- crypto/openssl/ssl/record/methods/tls_common.c | 26 +- crypto/openssl/ssl/ssl_ciph.c | 6 +- crypto/openssl/ssl/ssl_rsa.c | 6 +- crypto/openssl/ssl/statem/extensions_cust.c | 5 +- crypto/openssl/ssl/statem/extensions_srvr.c | 17 +- crypto/openssl/ssl/statem/statem.c | 28 +- crypto/openssl/ssl/statem/statem_clnt.c | 8 +- crypto/openssl/ssl/statem/statem_lib.c | 40 +- crypto/openssl/ssl/statem/statem_srvr.c | 15 +- crypto/openssl/ssl/t1_lib.c | 35 +- crypto/openssl/ssl/t1_trce.c | 43 +- crypto/openssl/test/asn1_decode_test.c | 32 +- crypto/openssl/test/bad_dtls_test.c | 193 +- crypto/openssl/test/bio_tfo_test.c | 16 +- crypto/openssl/test/build.info | 7 + crypto/openssl/test/chacha_internal_test.c | 82 +- crypto/openssl/test/cipherlist_test.c | 57 +- .../openssl/test/cms-msg/make_missing_kdf_der.py | 137 + crypto/openssl/test/cms-msg/missing-kdf.der | Bin 0 -> 190 bytes crypto/openssl/test/cmsapitest.c | 188 + crypto/openssl/test/destest.c | 118 +- crypto/openssl/test/dsatest.c | 188 +- crypto/openssl/test/ectest.c | 511 +- crypto/openssl/test/endecode_test.c | 35 +- crypto/openssl/test/enginetest.c | 13 +- crypto/openssl/test/evp_extra_test.c | 451 +- crypto/openssl/test/evp_extra_test2.c | 2438 +---- crypto/openssl/test/evp_kdf_test.c | 420 +- crypto/openssl/test/evp_libctx_test.c | 180 +- crypto/openssl/test/evp_pkey_provided_test.c | 81 +- crypto/openssl/test/evp_skey_test.c | 20 +- crypto/openssl/test/helpers/predefined_dhparams.c | 525 +- crypto/openssl/test/hpke_test.c | 146 +- crypto/openssl/test/http_test.c | 62 + crypto/openssl/test/ideatest.c | 20 +- crypto/openssl/test/ml_kem_evp_extra_test.c | 77 +- crypto/openssl/test/param_build_test.c | 12 +- crypto/openssl/test/pbetest.c | 101 +- crypto/openssl/test/pkcs12_format_test.c | 3105 +----- crypto/openssl/test/quic_record_test.c | 9871 +++----------------- crypto/openssl/test/quic_txp_test.c | 20 +- crypto/openssl/test/quic_wire_test.c | 18 +- crypto/openssl/test/quicapitest.c | 150 + crypto/openssl/test/radix/quic_tests.c | 193 +- crypto/openssl/test/radix/terp.c | 4 +- crypto/openssl/test/recipes/70-test_tls13ticket.t | 26 + crypto/openssl/test/recipes/80-test_cms.t | 38 +- crypto/openssl/test/siphash_internal_test.c | 1922 +--- .../test/smime-eml/pkcs7-empty-digest-set.eml | 45 + crypto/openssl/test/sslapitest.c | 452 +- crypto/openssl/test/stack_test.c | 64 +- crypto/openssl/test/threadstest.c | 11 +- crypto/openssl/test/tls13tickettest.c | 157 + crypto/openssl/test/x509_test.c | 18 +- crypto/openssl/util/missingcrypto.txt | 4 - crypto/openssl/util/missingcrypto111.txt | 4 - 202 files changed, 7952 insertions(+), 35616 deletions(-) diff --cc crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl index 27233d03af7b,372778e424e7..372778e424e7 mode 100755,100644..100755 --- a/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl +++ b/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl diff --cc crypto/openssl/test/cms-msg/make_missing_kdf_der.py index 000000000000,5b3fc0f6eeda..5b3fc0f6eeda mode 000000,100755..100755 --- a/crypto/openssl/test/cms-msg/make_missing_kdf_der.py +++ b/crypto/openssl/test/cms-msg/make_missing_kdf_der.py diff --cc crypto/openssl/test/cms-msg/missing-kdf.der index 000000000000,3db602e47c23..3db602e47c23 mode 000000,100644..100644 Binary files differ diff --cc crypto/openssl/test/recipes/70-test_tls13ticket.t index 000000000000,0fb782bd0d84..0fb782bd0d84 mode 000000,100644..100644 --- a/crypto/openssl/test/recipes/70-test_tls13ticket.t +++ b/crypto/openssl/test/recipes/70-test_tls13ticket.t diff --cc crypto/openssl/test/smime-eml/pkcs7-empty-digest-set.eml index 000000000000,a6db2c38adfa..a6db2c38adfa mode 000000,100644..100644 --- a/crypto/openssl/test/smime-eml/pkcs7-empty-digest-set.eml +++ b/crypto/openssl/test/smime-eml/pkcs7-empty-digest-set.eml diff --cc crypto/openssl/test/tls13tickettest.c index 000000000000,9470f4169633..9470f4169633 mode 000000,100644..100644 --- a/crypto/openssl/test/tls13tickettest.c +++ b/crypto/openssl/test/tls13tickettest.c