src/crypto/openssl/ssl/bio_ssl.c, branch main FreeBSD source tree openssl: import 3.5.5 2026-01-31T22:00:39+00:00 Enji Cooper ngie@FreeBSD.org 2026-01-31T22:00:39+00:00 f25b8c9fb4f58cf61adb47d7570abe7caa6d385d This change adds OpenSSL 3.5.5 from upstream [1]. The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3]. This is a security release, but also contains several bugfixes. All of the CVE-worthy issues have already been addressed on the target branch(es), so the net-result is that this is a bugfix release. More information about the release (from a high level) can be found in the release notes [4]. MFC after: 1 week 1. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz 2. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.asc 3. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.sha256 4. https://github.com/openssl/openssl/blob/openssl-3.5.5/NEWS.md Merge commit '808413da28df9fb93e1f304e6016b15e660f54c8' 
This change adds OpenSSL 3.5.5 from upstream [1].

The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

This is a security release, but also contains several bugfixes. All of
the CVE-worthy issues have already been addressed on the target
branch(es), so the net-result is that this is a bugfix release.

More information about the release (from a high level) can be found in
the release notes [4].

MFC after:	1 week

1. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz
2. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.asc
3. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.sha256
4. https://github.com/openssl/openssl/blob/openssl-3.5.5/NEWS.md

Merge commit '808413da28df9fb93e1f304e6016b15e660f54c8'
Merge commit '1095efe41feed8ea5a6fe5ca123c347ae0914801' 2025-08-07T13:50:32+00:00 Pierre Pronchery khorben@FreeBSD.org 2025-08-07T13:50:32+00:00 e7be843b4a162e68651d3911f0357ed464915629 Approved by: philip (mentor) Sponsored by: Alpha-Omega Beach Cleaning Project Sponsored by: The FreeBSD Foundation 
Approved by:	philip (mentor)
Sponsored by:	Alpha-Omega Beach Cleaning Project
Sponsored by:	The FreeBSD Foundation
openssl: Import OpenSSL 3.0.15. 2024-09-08T04:31:22+00:00 Enji Cooper ngie@FreeBSD.org 2024-09-08T04:30:17+00:00 a7148ab39c03abd4d1a84997c70bf96f15dd2a09 This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535]) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html Co-authored-by: gordon MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46602 Merge commit '108164cf95d9594884c2dcccba2691335e6f221b' 
This release incorporates the following bug fixes and mitigations:
- Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])
- Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])

Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html

Co-authored-by:	gordon
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D46602

Merge commit '108164cf95d9594884c2dcccba2691335e6f221b'
Merge OpenSSL 3.0.9 2023-06-23T22:53:36+00:00 Pierre Pronchery pierre@freebsdfoundation.org 2023-06-23T22:53:35+00:00 b077aed33b7b6aefca7b17ddb250cf521f938613 Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the version we were previously using) will be EOL as of 2023-09-11. Most of the base system has already been updated for a seamless switch to OpenSSL 3.0. For many components we've added `-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version, which avoids deprecation warnings from OpenSSL 3.0. Changes have also been made to avoid OpenSSL APIs that were already deprecated in OpenSSL 1.1.1. The process of updating to contemporary APIs can continue after this merge. Additional changes are still required for libarchive and Kerberos- related libraries or tools; workarounds will immediately follow this commit. Fixes are in progress in the upstream projects and will be incorporated when those are next updated. There are some performance regressions in benchmarks (certain tests in `openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy). Investigation will continue for these. Netflix's testing showed no functional regression and a rather small, albeit statistically significant, increase in CPU consumption with OpenSSL 3.0. Thanks to ngie@ and des@ for updating base system components, to antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to Netflix and everyone who tested prior to commit or contributed to this update in other ways. PR: 271615 PR: 271656 [exp-run] Relnotes: Yes Sponsored by: The FreeBSD Foundation 
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0.  OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.

Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0.  For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0.  Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1.  The process of updating to contemporary APIs can continue after
this merge.

Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit.  Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.

There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g.  haproxy).
Investigation will continue for these.

Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.

Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.

PR:		271615
PR:		271656 [exp-run]
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
OpenSSL: Merge OpenSSL 1.1.1m 2021-12-14T21:03:52+00:00 Jung-uk Kim jkim@FreeBSD.org 2021-12-14T19:04:30+00:00 b2bf0c7e5f4037d63458def91a026592468afd2f Merge commit '56eae1b760adf10835560a9ee595549a1f10410f' 
Merge commit '56eae1b760adf10835560a9ee595549a1f10410f'
Import OpenSSL 1.1.1l 2021-09-01T04:26:38+00:00 Jung-uk Kim jkim@FreeBSD.org 2021-09-01T04:26:38+00:00 9a3ae0cdef9ac9a4b8c5cc66305d9a516ce8d4a0 






Merge OpenSSL 1.1.1h.
2020-09-22T16:18:31+00:00

Jung-uk Kim
jkim@FreeBSD.org

2020-09-22T16:18:31+00:00

58f351825a371d1a3dd693d6f64a1245ea851a51












Merge OpenSSL 1.1.1e.
2020-03-18T02:13:12+00:00

Jung-uk Kim
jkim@FreeBSD.org

2020-03-18T02:13:12+00:00

17f01e9963948a18f55eb97173123702c5dae671












Update OpenSSL to 1.1.1.
2018-09-13T20:40:51+00:00

Jung-uk Kim
jkim@FreeBSD.org

2018-09-13T20:40:51+00:00

e71b70530d95c4f34d8bdbd78d1242df1ba4a945

Note it does not update build infrastructure.





Note it does not update build infrastructure.







Merge OpenSSL 1.0.2e.
2015-12-03T21:13:35+00:00

Jung-uk Kim
jkim@FreeBSD.org

2015-12-03T21:13:35+00:00

80815a778ec9d0fc06b0e000c4608da4b4f3a711