src/crypto/openssl/providers, branch main FreeBSD source tree MFV: crypto/openssl: update to 3.5.6 2026-04-09T01:44:24+00:00 Enji Cooper ngie@FreeBSD.org 2026-04-09T01:44:24+00:00 10a428653ee7216475f1ddce3fb4cbf1200319f8 This change brings in version 3.5.6 of OpenSSL, which features several security fixes (the highest of which is a MEDIUM severity issue), as well as some miscellaneous feature updates. Please see the release notes [1] for more details. PS Apologies for the confusing merge commits -- I was testing out a new automated update process and failed to catch the commit message issues until after I pushed the change. 1. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md MFC after: 1 day (the security issues warrant a quick backport). Merge commit 'ab5fc4ac933ff67bc800e774dffce15e2a541e90' 
This change brings in version 3.5.6 of OpenSSL, which features
several security fixes (the highest of which is a MEDIUM severity
issue), as well as some miscellaneous feature updates.

Please see the release notes [1] for more details.

PS Apologies for the confusing merge commits -- I was testing out a
new automated update process and failed to catch the commit message
issues until after I pushed the change.

1. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md

MFC after:	1 day (the security issues warrant a quick backport).
Merge commit 'ab5fc4ac933ff67bc800e774dffce15e2a541e90'
OpenSSL: update vendor sources to match 3.5.5 content 2026-01-31T22:07:17+00:00 Enji Cooper ngie@FreeBSD.org 2026-01-31T22:06:28+00:00 1731fc70f7344af08db49b06c63c963fa12ee354 MFC with: f25b8c9fb4f58cf61adb47d7570abe7caa6d385d MFC after: 1 week 
MFC with:	f25b8c9fb4f58cf61adb47d7570abe7caa6d385d
MFC after:	1 week
openssl: import 3.5.5 2026-01-31T22:00:39+00:00 Enji Cooper ngie@FreeBSD.org 2026-01-31T22:00:39+00:00 f25b8c9fb4f58cf61adb47d7570abe7caa6d385d This change adds OpenSSL 3.5.5 from upstream [1]. The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3]. This is a security release, but also contains several bugfixes. All of the CVE-worthy issues have already been addressed on the target branch(es), so the net-result is that this is a bugfix release. More information about the release (from a high level) can be found in the release notes [4]. MFC after: 1 week 1. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz 2. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.asc 3. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.sha256 4. https://github.com/openssl/openssl/blob/openssl-3.5.5/NEWS.md Merge commit '808413da28df9fb93e1f304e6016b15e660f54c8' 
This change adds OpenSSL 3.5.5 from upstream [1].

The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

This is a security release, but also contains several bugfixes. All of
the CVE-worthy issues have already been addressed on the target
branch(es), so the net-result is that this is a bugfix release.

More information about the release (from a high level) can be found in
the release notes [4].

MFC after:	1 week

1. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz
2. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.asc
3. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.sha256
4. https://github.com/openssl/openssl/blob/openssl-3.5.5/NEWS.md

Merge commit '808413da28df9fb93e1f304e6016b15e660f54c8'
crypto/openssl: update to 3.5.4 2025-10-04T03:26:18+00:00 Enji Cooper ngie@FreeBSD.org 2025-10-04T03:26:18+00:00 046c625e9382e17da953767b881aaa782fa73af8 This change includes all necessary changes required to update to OpenSSL 3.5.4. More information about the 3.5.4 release can be found in the relevant release notes (see 8e12a5c4eb3507846b5 for more details). Merge commit '8e12a5c4eb3507846b507d0afe87d115af41df40' 
This change includes all necessary changes required to update to OpenSSL
3.5.4.

More information about the 3.5.4 release can be found in the relevant
release notes (see 8e12a5c4eb3507846b5 for more details).

Merge commit '8e12a5c4eb3507846b507d0afe87d115af41df40'
crypto/openssl: update component to 3.5.3 2025-09-22T22:31:10+00:00 Enji Cooper ngie@FreeBSD.org 2025-09-22T22:31:10+00:00 88b8b7f0c4e9948667a2279e78e975a784049cba This change updates the sources for crypto/openssl. The subsequent commit will update the build artifacts to match the 3.5.3 release. More details about the update can be found in the related vendor branch commits. MFC after: 1 week Merge commit 'aed904c48f330dc76da942a8ee2d6eef9d11f572' 
This change updates the sources for crypto/openssl. The subsequent
commit will update the build artifacts to match the 3.5.3 release.

More details about the update can be found in the related vendor branch
commits.

MFC after:	1 week
Merge commit 'aed904c48f330dc76da942a8ee2d6eef9d11f572'
openssl: Import version 3.5.1 2025-08-07T13:54:34+00:00 Pierre Pronchery khorben@FreeBSD.org 2025-07-11T21:57:10+00:00 4757b351ea9d59d71d4a38b82506d2d16fcd560d Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will be EOL after 2026-09-07. Approved by: philip (mentor) Sponsored by: Alpha-Omega Beach Cleaning Project Sponsored by: The FreeBSD Foundation Differential revision: https://reviews.freebsd.org/D51613 
Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will be
EOL after 2026-09-07.

Approved by:	philip (mentor)
Sponsored by:	Alpha-Omega Beach Cleaning Project
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D51613
Merge commit '1095efe41feed8ea5a6fe5ca123c347ae0914801' 2025-08-07T13:50:32+00:00 Pierre Pronchery khorben@FreeBSD.org 2025-08-07T13:50:32+00:00 e7be843b4a162e68651d3911f0357ed464915629 Approved by: philip (mentor) Sponsored by: Alpha-Omega Beach Cleaning Project Sponsored by: The FreeBSD Foundation 
Approved by:	philip (mentor)
Sponsored by:	Alpha-Omega Beach Cleaning Project
Sponsored by:	The FreeBSD Foundation
openssl: Import OpenSSL 3.0.16 2025-03-14T06:40:59+00:00 Enji Cooper ngie@FreeBSD.org 2025-03-14T06:40:59+00:00 0d0c8621fd181e507f0fb50ffcca606faf66a8c2 This release incorporates the following bug fixes and mitigations: - [CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 - [CVE-2024-9143](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D49296 
This release incorporates the following bug fixes and mitigations:
- [CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
- [CVE-2024-9143](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143)

Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html

MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D49296
openssl: Import OpenSSL 3.0.15. 2024-09-08T04:31:22+00:00 Enji Cooper ngie@FreeBSD.org 2024-09-08T04:30:17+00:00 a7148ab39c03abd4d1a84997c70bf96f15dd2a09 This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535]) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html Co-authored-by: gordon MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46602 Merge commit '108164cf95d9594884c2dcccba2691335e6f221b' 
This release incorporates the following bug fixes and mitigations:
- Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])
- Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])

Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html

Co-authored-by:	gordon
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D46602

Merge commit '108164cf95d9594884c2dcccba2691335e6f221b'
openssl: Add <sys/random.h> include for getrandom() 2024-07-29T20:38:49+00:00 John Baldwin jhb@FreeBSD.org 2024-07-29T20:38:49+00:00 0244e0a177a68fc8ff7e8a58fa7a9553956232ec GCC 14 (but not earlier versions) warns about a missing prototype for getrandom(). Include <sys/random.h> explicitly to bring in the prototype rather than depending on a nested include. While here, stop defining sysctl_random() since it is no longer used. Reviewed by: brooks Fixes: 838b6caababb openssl: use getrandom(2) instead of probing for getentropy(2) Differential Revision: https://reviews.freebsd.org/D45995 
GCC 14 (but not earlier versions) warns about a missing prototype
for getrandom().  Include <sys/random.h> explicitly to bring in the
prototype rather than depending on a nested include.  While here,
stop defining sysctl_random() since it is no longer used.

Reviewed by:	brooks
Fixes:		838b6caababb openssl: use getrandom(2) instead of probing for getentropy(2)
Differential Revision:	https://reviews.freebsd.org/D45995