git: 885e3a84149d - stable/15 - MFV: openssl 3.5.7
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 12 Jun 2026 21:27:59 UTC
The branch stable/15 has been updated by ngie:
URL: https://cgit.FreeBSD.org/src/commit/?id=885e3a84149d945cec30fa07546702786d8b312e
commit 885e3a84149d945cec30fa07546702786d8b312e
Author: Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2026-06-10 15:25:28 +0000
Commit: Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2026-06-12 21:27:47 +0000
MFV: openssl 3.5.7
This change is a security release which resolves several issues with OpenSSL 3.5,
the highest severity issue being ranked "High". Users are strongly encouraged to
update to this release.
More information about the release (from a high level) can be found in
the release notes [1].
1. https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md
All conflicts were resolved with `--theirs`, taking the release diff
over the local diff; the conflicts occurred due to preemptive security
fixes applied by so@ in e508c343.
MFC after: 3 days (the important security issues have been
preemptively addressed)
Merge commit '3a71a35ad9dad0e5d2cad8efecc8ba9d57c42d43'
Conflicts:
crypto/openssl/include/internal/quic_channel.h
crypto/openssl/ssl/quic/quic_channel_local.h
crypto/openssl/ssl/quic/quic_rx_depack.c
crypto/openssl/test/cmsapitest.c
crypto/openssl/test/evp_extra_test.c
(cherry picked from commit 1523ccfd9c8c254f7928143d31c305384b05fd11)
---
crypto/openssl/CHANGES.md | 316 +
crypto/openssl/Configurations/README.md | 2 +-
crypto/openssl/Configure | 25 +-
crypto/openssl/NEWS.md | 72 +-
crypto/openssl/VERSION.dat | 4 +-
crypto/openssl/apps/enc.c | 4 +-
crypto/openssl/apps/lib/apps.c | 15 +-
crypto/openssl/apps/lib/cmp_mock_srv.c | 4 +-
crypto/openssl/apps/list.c | 5 +-
crypto/openssl/apps/s_client.c | 14 +-
crypto/openssl/apps/skeyutl.c | 4 +-
crypto/openssl/apps/speed.c | 7 +-
crypto/openssl/apps/testdsa.h | 1476 +--
crypto/openssl/apps/testrsa.h | 4916 +---------
crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl | 17 +-
crypto/openssl/crypto/asn1/a_d2i_fp.c | 66 +-
crypto/openssl/crypto/asn1/a_mbstr.c | 2 +-
crypto/openssl/crypto/asn1/asn1_lib.c | 4 +-
crypto/openssl/crypto/asn1/asn_mime.c | 16 +-
crypto/openssl/crypto/asn1/tasn_dec.c | 2 +-
crypto/openssl/crypto/bio/bss_dgram.c | 4 +-
crypto/openssl/crypto/bio/bss_dgram_pair.c | 3 +-
crypto/openssl/crypto/bn/bn_const.c | 249 +-
crypto/openssl/crypto/bn/bn_mod.c | 14 +-
crypto/openssl/crypto/cast/cast_s.h | 2306 +----
crypto/openssl/crypto/chacha/asm/chachap10-ppc.pl | 50 +-
crypto/openssl/crypto/cmp/cmp_genm.c | 13 +-
crypto/openssl/crypto/cms/cms_enc.c | 2 +-
crypto/openssl/crypto/cms/cms_env.c | 2 +-
crypto/openssl/crypto/cms/cms_pwri.c | 2 +-
crypto/openssl/crypto/crmf/crmf_lib.c | 2 +-
crypto/openssl/crypto/des/fcrypt.c | 143 +-
crypto/openssl/crypto/dso/dso_win32.c | 4 +-
crypto/openssl/crypto/ec/curve448/scalar.c | 3 +-
crypto/openssl/crypto/ec/curve448/word.h | 9 +-
crypto/openssl/crypto/ec/ec_curve.c | 236 +-
crypto/openssl/crypto/ec/ec_lib.c | 3 +-
crypto/openssl/crypto/ec/ecp_s390x_nistp.c | 36 +-
crypto/openssl/crypto/ec/ecp_sm2p256.c | 7 +-
crypto/openssl/crypto/evp/asymcipher.c | 4 +-
crypto/openssl/crypto/evp/e_aes.c | 2 +-
crypto/openssl/crypto/evp/encode.c | 282 +-
crypto/openssl/crypto/evp/evp_lib.c | 2 +-
crypto/openssl/crypto/evp/kem.c | 2 +
crypto/openssl/crypto/evp/m_sigver.c | 4 +-
crypto/openssl/crypto/evp/signature.c | 2 +
crypto/openssl/crypto/ffc/ffc_params.c | 10 +-
crypto/openssl/crypto/hashtable/hashtable.c | 55 +-
crypto/openssl/crypto/hpke/hpke_util.c | 7 +-
crypto/openssl/crypto/http/http_client.c | 28 +-
crypto/openssl/crypto/http/http_lib.c | 3 +
crypto/openssl/crypto/initthread.c | 30 +-
crypto/openssl/crypto/md2/md2_dgst.c | 284 +-
crypto/openssl/crypto/ml_dsa/ml_dsa_key.c | 4 +-
crypto/openssl/crypto/modes/wrap128.c | 15 +-
crypto/openssl/crypto/objects/obj_dat.c | 6 +-
crypto/openssl/crypto/objects/obj_lib.c | 4 +-
crypto/openssl/crypto/param_build.c | 6 +-
crypto/openssl/crypto/param_build_set.c | 7 +-
crypto/openssl/crypto/pkcs12/p12_decr.c | 2 +-
crypto/openssl/crypto/pkcs7/pk7_smime.c | 2 +-
crypto/openssl/crypto/rc2/rc2_skey.c | 284 +-
crypto/openssl/crypto/slh_dsa/slh_dsa_key.c | 5 +-
crypto/openssl/crypto/sm2/sm2_crypt.c | 17 +-
crypto/openssl/crypto/sm2/sm2_sign.c | 7 +-
crypto/openssl/crypto/threads_none.c | 30 +-
crypto/openssl/crypto/threads_pthread.c | 36 +-
crypto/openssl/crypto/threads_win.c | 36 +-
crypto/openssl/crypto/x509/v3_ist.c | 6 +-
crypto/openssl/demos/cipher/aeskeywrap.c | 100 +-
crypto/openssl/demos/cipher/ariacbc.c | 20 +-
crypto/openssl/demos/digest/EVP_MD_demo.c | 73 +-
crypto/openssl/demos/encrypt/rsa_encrypt.h | 1638 +---
crypto/openssl/demos/mac/cmac-aes256.c | 56 +-
crypto/openssl/demos/mac/hmac-sha512.c | 144 +-
.../demos/signature/EVP_EC_Signature_demo.h | 772 +-
crypto/openssl/doc/fingerprints.txt | 3 +
.../doc/internal/man3/ossl_rcu_lock_new.pod | 86 +-
crypto/openssl/doc/man1/openssl-format-options.pod | 4 +-
crypto/openssl/doc/man1/openssl-pkcs8.pod.in | 4 +-
crypto/openssl/doc/man1/openssl-rehash.pod.in | 6 +-
crypto/openssl/doc/man1/openssl-s_client.pod.in | 11 +-
crypto/openssl/doc/man1/openssl-s_server.pod.in | 19 +-
crypto/openssl/doc/man1/openssl-smime.pod.in | 7 +-
crypto/openssl/doc/man3/BIO_s_bio.pod | 83 +-
crypto/openssl/doc/man3/BN_add.pod | 8 +-
crypto/openssl/doc/man3/CMS_decrypt.pod | 2 +-
crypto/openssl/doc/man3/EVP_EncryptInit.pod | 3 +-
crypto/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod | 6 +-
crypto/openssl/doc/man3/OSSL_HTTP_parse_url.pod | 18 +-
crypto/openssl/doc/man3/OSSL_HTTP_transfer.pod | 5 +-
crypto/openssl/doc/man3/PKCS7_decrypt.pod | 5 +-
.../doc/man3/SSL_CTX_set_session_cache_mode.pod | 6 +-
.../doc/man3/SSL_CTX_set_session_id_context.pod | 28 +-
.../SSL_CTX_set_tlsext_servername_callback.pod | 8 +-
crypto/openssl/doc/man3/d2i_X509.pod | 40 +-
crypto/openssl/doc/man7/EVP_CIPHER-AES.pod | 6 +-
crypto/openssl/doc/man7/openssl-env.pod | 2 +
crypto/openssl/doc/man7/provider-asym_cipher.pod | 6 +-
crypto/openssl/doc/man7/provider-signature.pod | 3 +-
crypto/openssl/fuzz/dtlsserver.c | 3407 +------
crypto/openssl/fuzz/server.c | 2213 +----
crypto/openssl/include/crypto/riscv_arch.h | 4 +-
crypto/openssl/include/internal/cryptlib.h | 4 +-
crypto/openssl/include/internal/quic_cfq.h | 2 +-
crypto/openssl/include/internal/quic_channel.h | 8 +-
crypto/openssl/include/internal/quic_fifd.h | 2 +-
crypto/openssl/include/internal/quic_stream_map.h | 5 +-
crypto/openssl/include/internal/rcu.h | 9 +-
crypto/openssl/include/openssl/bn.h | 6 +-
crypto/openssl/include/openssl/ssl.h.in | 4 +-
crypto/openssl/include/openssl/x509_acert.h.in | 10 +-
crypto/openssl/providers/defltprov.c | 10 +-
crypto/openssl/providers/fips-sources.checksums | 66 +-
crypto/openssl/providers/fips.checksum | 2 +-
crypto/openssl/providers/fips.module.sources | 2 +-
crypto/openssl/providers/fips/self_test_data.inc | 203 +-
.../ciphers/cipher_aes_gcm_hw_rv64i.inc | 7 +-
.../ciphers/cipher_aes_gcm_siv_hw.c | 2 +-
.../implementations/ciphers/cipher_aes_siv.c | 2 +-
.../implementations/encode_decode/ml_dsa_codecs.c | 308 +-
.../implementations/encode_decode/ml_dsa_codecs.h | 12 +-
.../implementations/encode_decode/ml_kem_codecs.h | 12 +-
.../providers/implementations/exchange/dh_exch.c | 2 +-
.../implementations/include/prov/implementations.h | 4 +-
.../providers/implementations/keymgmt/ecx_kmgmt.c | 46 +-
.../implementations/keymgmt/ml_kem_kmgmt.c | 8 +-
.../providers/implementations/keymgmt/mlx_kmgmt.c | 13 +-
.../providers/implementations/macs/poly1305_prov.c | 8 +-
.../providers/implementations/signature/rsa_sig.c | 21 +-
.../implementations/signature/slh_dsa_sig.c | 7 +-
crypto/openssl/ssl/quic/quic_ackm.c | 4 +-
crypto/openssl/ssl/quic/quic_cfq.c | 2 +-
crypto/openssl/ssl/quic/quic_channel.c | 18 +-
crypto/openssl/ssl/quic/quic_channel_local.h | 4 +
crypto/openssl/ssl/quic/quic_fifd.c | 2 +-
crypto/openssl/ssl/quic/quic_impl.c | 20 +-
crypto/openssl/ssl/quic/quic_port.c | 36 +-
crypto/openssl/ssl/quic/quic_record_rx.c | 10 +-
crypto/openssl/ssl/quic/quic_record_shared.c | 103 +-
crypto/openssl/ssl/quic/quic_record_tx.c | 62 +-
crypto/openssl/ssl/quic/quic_rx_depack.c | 12 +
crypto/openssl/ssl/quic/quic_stream_map.c | 7 +
crypto/openssl/ssl/quic/quic_txp.c | 2 +-
crypto/openssl/ssl/quic/uint_set.c | 1 +
crypto/openssl/ssl/record/methods/ktls_meth.c | 22 +-
crypto/openssl/ssl/record/methods/tls_common.c | 26 +-
crypto/openssl/ssl/ssl_ciph.c | 6 +-
crypto/openssl/ssl/ssl_rsa.c | 6 +-
crypto/openssl/ssl/statem/extensions_cust.c | 5 +-
crypto/openssl/ssl/statem/extensions_srvr.c | 17 +-
crypto/openssl/ssl/statem/statem.c | 28 +-
crypto/openssl/ssl/statem/statem_clnt.c | 8 +-
crypto/openssl/ssl/statem/statem_lib.c | 40 +-
crypto/openssl/ssl/statem/statem_srvr.c | 15 +-
crypto/openssl/ssl/t1_lib.c | 35 +-
crypto/openssl/ssl/t1_trce.c | 43 +-
crypto/openssl/test/asn1_decode_test.c | 32 +-
crypto/openssl/test/bad_dtls_test.c | 193 +-
crypto/openssl/test/bio_tfo_test.c | 16 +-
crypto/openssl/test/build.info | 7 +
crypto/openssl/test/chacha_internal_test.c | 82 +-
crypto/openssl/test/cipherlist_test.c | 57 +-
.../openssl/test/cms-msg/make_missing_kdf_der.py | 137 +
crypto/openssl/test/cms-msg/missing-kdf.der | Bin 0 -> 190 bytes
crypto/openssl/test/cmsapitest.c | 188 +
crypto/openssl/test/destest.c | 118 +-
crypto/openssl/test/dsatest.c | 188 +-
crypto/openssl/test/ectest.c | 511 +-
crypto/openssl/test/endecode_test.c | 35 +-
crypto/openssl/test/enginetest.c | 13 +-
crypto/openssl/test/evp_extra_test.c | 451 +-
crypto/openssl/test/evp_extra_test2.c | 2438 +----
crypto/openssl/test/evp_kdf_test.c | 420 +-
crypto/openssl/test/evp_libctx_test.c | 180 +-
crypto/openssl/test/evp_pkey_provided_test.c | 81 +-
crypto/openssl/test/evp_skey_test.c | 20 +-
crypto/openssl/test/helpers/predefined_dhparams.c | 525 +-
crypto/openssl/test/hpke_test.c | 146 +-
crypto/openssl/test/http_test.c | 62 +
crypto/openssl/test/ideatest.c | 20 +-
crypto/openssl/test/ml_kem_evp_extra_test.c | 77 +-
crypto/openssl/test/param_build_test.c | 12 +-
crypto/openssl/test/pbetest.c | 101 +-
crypto/openssl/test/pkcs12_format_test.c | 3105 +-----
crypto/openssl/test/quic_record_test.c | 9871 +++-----------------
crypto/openssl/test/quic_txp_test.c | 20 +-
crypto/openssl/test/quic_wire_test.c | 18 +-
crypto/openssl/test/quicapitest.c | 150 +
crypto/openssl/test/radix/quic_tests.c | 193 +-
crypto/openssl/test/radix/terp.c | 4 +-
crypto/openssl/test/recipes/70-test_tls13ticket.t | 26 +
crypto/openssl/test/recipes/80-test_cms.t | 38 +-
crypto/openssl/test/siphash_internal_test.c | 1922 +---
.../test/smime-eml/pkcs7-empty-digest-set.eml | 45 +
crypto/openssl/test/sslapitest.c | 452 +-
crypto/openssl/test/stack_test.c | 64 +-
crypto/openssl/test/threadstest.c | 11 +-
crypto/openssl/test/tls13tickettest.c | 157 +
crypto/openssl/test/x509_test.c | 18 +-
crypto/openssl/util/missingcrypto.txt | 4 -
crypto/openssl/util/missingcrypto111.txt | 4 -
202 files changed, 7952 insertions(+), 35616 deletions(-)
diff --git a/crypto/openssl/CHANGES.md b/crypto/openssl/CHANGES.md
index 380840deb712..c1c29eb55f04 100644
--- a/crypto/openssl/CHANGES.md
+++ b/crypto/openssl/CHANGES.md
@@ -28,6 +28,303 @@ OpenSSL Releases
OpenSSL 3.5
-----------
+### Changes between 3.5.6 and 3.5.7 [9 Jun 2026]
+
+ * Fixed heap use-after-free in `PKCS7_verify()`.
+
+ Severity: High
+
+ Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
+ trigger a use-after-free during PKCS#7 signature verification.
+
+ Impact summary: A use-after-free may result in process crashes, heap
+ corruption, or, potentially, remote code execution.
+
+ Reported by: Thai Duong (Calif.io in collaboration with Claude
+ and Anthropic Research).
+
+ ([CVE-2026-45447])
+
+ *Igor Ustinov*
+
+ * Fixed CMS `AuthEnvelopedData` processing may accept forged messages.
+
+ Severity: Moderate
+
+ Issue Summary: Cryptographic Message Services (CMS) processing fails
+ to perform sufficient input validation on the cipher and tag length fields
+ of `AuthEnvelopedData` containers, leading to various potential compromises.
+
+ Impact Summary: Attackers making use of these vulnerabilities may achieve
+ key-equivalent functionality for a given CMS recipient and/or bypass
+ integrity validation for a given message.
+
+ Reported by: Asim Viladi Oglu Manizada, Alex Gaynor (Anthropic),
+ Ying Dong, and Haiyang Huang.
+
+ ([CVE-2026-34182])
+
+ *Neil Horman*
+
+ * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler.
+
+ Severity: Moderate
+
+ Issue summary: Remote peer may exhaust heap memory of the QUIC server
+ or client by flooding it with packets containing `PATH_CHALLENGE` frames.
+
+ Impact summary: A malicious remote peer can cause an unbounded memory
+ allocation which can lead to an abnormal termination of the application
+ acting as a QUIC client or server and a Denial of Service.
+
+ Reported by: Abhinav Agarwal.
+
+ ([CVE-2026-34183])
+
+ *Abhinav Agarwal and Alexandr Nedvedicky*
+
+ * Fixed NULL pointer dereference in QUIC server initial packet handling.
+
+ Severity: Moderate
+
+ Issue summary: Receiving a QUIC initial packet with an invalid token
+ may trigger a NULL pointer dereference in the OpenSSL QUIC server
+ with address validation disabled.
+
+ Impact summary: NULL pointer dereference typically causes abnormal
+ termination of the affected QUIC server process and a Denial of Service.
+
+ Reported by: Sunwoo Lee (KENTECH), Hyuk Lim (KENTECH),
+ and Seunghyun Yoon (KENTECH).
+
+ ([CVE-2026-42764])
+
+ *Sunwoo Lee (KENTECH), Hyuk Lim (KENTECH), and Seunghyun Yoon (KENTECH)*
+
+ * Fixed AES-OCB IV ignored on `EVP_Cipher()` path.
+
+ Severity: Moderate
+
+ Issue summary: When an application drives an AES-OCB context through
+ the public `EVP_Cipher()` one-shot interface, the application-supplied
+ initialisation vector (IV) is silently discarded.
+
+ Impact summary: Every message encrypted under the same key uses the same
+ effective nonce regardless of the IV supplied by the caller, resulting
+ in `(key, nonce)` reuse and loss of confidentiality. If the same code path
+ is used to compute the authentication tag, the tag depends only
+ on the `(key, IV)` pair and not on the plaintext or ciphertext, allowing
+ universal forgery of arbitrary ciphertext from a single captured message.
+
+ Reported by: Alex Gaynor (Anthropic).
+
+ ([CVE-2026-45445])
+
+ *Viktor Dukhovni*
+
+ * Fixed possible heap buffer overflow in ASN.1 multibyte string conversion.
+
+ Severity: Low
+
+ Issue summary: A signed integer overflow when sizing the destination
+ buffer for Unicode output in `ASN1_mbstring_ncopy()` can lead to a heap
+ buffer overflow.
+
+ Impact summary: A heap buffer overflow may lead to a crash or possibly
+ attacker controlled code execution or other undefined behaviour.
+
+ Reported by: Zehua Qiao and Jinwen He.
+
+ ([CVE-2026-7383])
+
+ *Viktor Dukhovni*
+
+ * Fixed out-of-bounds read in CMS password-based decryption.
+
+ Severity: Low
+
+ Issue summary: When CMS password-based decryption ([RFC 3211]/PWRI key
+ unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode
+ KEK cipher can trigger a heap out-of-bounds read in `kek_unwrap_key()`.
+
+ Impact summary: A heap buffer over-read may trigger a crash, which leads
+ to Denial of Service for an application if the input buffer ends at a memory
+ page boundary and the following page is unmapped. There is no information
+ disclosure, as the over-read bytes are not revealed to the attacker.
+
+ Reported by: Bhabani Sankar Das and Haruki Oyama (Waseda University).
+
+ ([CVE-2026-9076])
+
+ *Nikola Pajkovský*
+
+ * Fixed heap buffer over-read in ASN.1 content parsing.
+
+ Severity: Low
+
+ Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive
+ element whose content exceeds 2 gigabytes in length may cause a heap buffer
+ over-read on 64-bit Unix and Unix-like platforms.
+
+ Impact summary: The heap buffer over-read may crash the application (Denial
+ of Service) or to load into the decoded ASN.1 object contents of memory
+ beyond the end of the input buffer. More typically, such ASN.1 elements
+ would instead be truncated.
+
+ Reported by: Frank Buss.
+
+ ([CVE-2026-34180])
+
+ *Viktor Dukhovni*
+
+ * Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys.
+
+ Severity: Low
+
+ Issue Summary: The PKCS#12 file processing fails to perform sufficient input
+ validation for files that use Password-Based Message Authentication Code 1
+ (PBMAC1) integrity mechanism allowing a certificate and private key forgery.
+
+ Impact Summary: An attacker impersonating a user can cause a service reading
+ PKCS#12 files to accept forged certificates and private keys with a 1 in 256
+ probability.
+
+ Reported by: Pavol Žáčik (Red Hat) and Alex Gaynor (Anthropic).
+
+ ([CVE-2026-34181])
+
+ *Alicja Kario (Red Hat)*
+
+ * Fixed possible NULL dereference in password-dased CMS decryption.
+
+ Severity: Low
+
+ Issue summary: A specially crafted password-encrypted CMS message
+ could trigger a NULL pointer dereference during CMS decryption.
+
+ Impact summary: This NULL pointer dereference could lead to an application
+ crash and a Denial of Service.
+
+ Reported by: Mayank Jangid, Kushal Khemka, Hari Priandana,
+ Bhabani Sankar Das, and Qifan Zhang (Palo Alto Networks).
+
+ ([CVE-2026-42766])
+
+ *Igor Ustinov*
+
+ * Fixed NULL pointer dereference in CRMF `EncryptedValue` decryption.
+
+ Severity: Low
+
+ Issue summary: An attacker-controlled CMP (Certificate Management Protocol)
+ server could trigger a NULL pointer dereference in a CMP client application.
+
+ Impact summary: A NULL pointer dereference could cause a crash
+ of the application and a Denial of Service.
+
+ Reported by: Zhanpeng Liu (Tencent Xuanwu Lab),
+ Guannan Wang (Tencent Xuanwu Lab), and Guancheng Li (Tencent Xuanwu Lab).
+
+ ([CVE-2026-42767])
+
+ *Igor Ustinov*
+
+ * Fixed multi-`RecipientInfo` Bleichenbacher Oracle in `CMS_decrypt()`
+ and `PKCS7_decrypt()`.
+
+ Severity: Low
+
+ Issue summary: The `CMS_decrypt()` and `PKCS7_decrypt()` functions
+ are vulnerable to Bleichenbacher-style attack when an attacker is able
+ to provide CMS or S/MIME messages and observe the error code
+ and/or decryption output.
+
+ Impact summary: The Bleichenbacher-style attack allows an attacker to use
+ the victim's vulnerable application as a way to decrypt or sign messages
+ with the victim's private RSA key.
+
+ Reported by: Alex Gaynor (Anthropic).
+
+ ([CVE-2026-42768])
+
+ *Dmitry Belyavskiy (Red Hat) and Alicja Kario (Red Hat)*
+
+ * Fixed trust anchor substitution via `cert`/`issuer` typo in CMP
+ `rootCaKeyUpdate`.
+
+ Severity: Low
+
+ Issue Summary: An error in the callback used to verify the certificate
+ provided in a Root CA key update Certificate Management Protocol (CMP)
+ message response rendered the certificate validation ineffectual,
+ which could lead to escalation of credentials from the Registration
+ Authority (RA) level to the root Certification Authority (root CA) level.
+
+ Impact Summary: The Registration Authority could replace the root CA
+ certificate for the CMP clients with an arbitrary root CA certificate.
+
+ Reported by: Alex Gaynor (Anthropic).
+
+ ([CVE-2026-42769])
+
+ *Alex Gaynor (Anthropic) and Bob Beck*
+
+ * Fixed FFC-DH peer validation uses attacker-supplied `q`.
+
+ Severity: Low
+
+ Issue summary: When `EVP_PKEY_derive_set_peer()` is called with a DHX (X9.42)
+ peer key, the peer key is not properly checked for the subgroup membership.
+
+ Impact summary: A malicious peer which presents an X9.42 key carrying
+ the victim's `p` and `g` parameters, a forged `q = r` (a small prime factor
+ of the cofactor `(p − 1)/q_local`), and a public value `Y` of order `r` can
+ recover the victim's private key after a small number of key exchange
+ attempts.
+
+ Reported by: Alex Gaynor (Anthropic).
+
+ ([CVE-2026-42770])
+
+ *Alex Gaynor (Anthropic), Viktor Dukhovni, and Norbert Pócs*
+
+ * Fixed incorrect tag processing for empty messages in AES-GCM-SIV
+ and AES-SIV modes.
+
+ Severity: Low
+
+ Issue summary: The implementations of AES-SIV ([RFC 5297]) and AES-GCM-SIV
+ ([RFC 8452]) mishandle the authentication of AAD (Additional Authenticated
+ Data) with an empty ciphertext, allowing forgery of such messages.
+
+ Impact summary: An attacker can forge empty messages with arbitrary AAD
+ to the victim's application using these ciphers.
+
+ Reported by: Alex Gaynor (Anthropic).
+
+ ([CVE-2026-45446])
+
+ *Dmitry Belyavskiy (Red Hat)*
+
+ * Fixed TLS 1.3 server not sending `NewSessionTicket` message
+ after ciphersuite mismatch.
+ <!-- https://github.com/openssl/openssl/pull/30626 -->
+
+ *Daniel Kubec*
+
+ * Implemented validation of the minimal length of PSK identity
+ being of at least one byte long, as required per [RFC 8446].
+ <!-- https://github.com/openssl/openssl/pull/31058 -->
+
+ *Matt Caswell*
+
+ * Fixed usage of stale application buffer pointer by kTLS implementation
+ after incomplete writes when `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER` is set,
+ that led to invalid memory reads and sending of incorrect data.
+ <!-- https://github.com/openssl/openssl/pull/31146 -->
+
+ *Ilya Maximets*
+
### Changes between 3.5.5 and 3.5.6 [7 Apr 2026]
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
@@ -21961,6 +22258,8 @@ ndif
[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
+[CVE-2026-7383]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-7383
+[CVE-2026-9076]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-9076
[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
@@ -21969,5 +22268,22 @@ ndif
[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
+[CVE-2026-34180]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34180
+[CVE-2026-34181]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34181
+[CVE-2026-34182]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34182
+[CVE-2026-34183]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34183
+[CVE-2026-42764]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42764
+[CVE-2026-42766]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42766
+[CVE-2026-42767]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42767
+[CVE-2026-42768]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42768
+[CVE-2026-42769]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42769
+[CVE-2026-42770]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42770
+[CVE-2026-45445]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45445
+[CVE-2026-45446]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45446
+[CVE-2026-45447]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45447
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+[RFC 3211]: https://datatracker.ietf.org/doc/html/rfc3211
+[RFC 5297]: https://datatracker.ietf.org/doc/html/rfc5297
+[RFC 8446]: https://datatracker.ietf.org/doc/html/rfc8446
+[RFC 8452]: https://datatracker.ietf.org/doc/html/rfc8452
diff --git a/crypto/openssl/Configurations/README.md b/crypto/openssl/Configurations/README.md
index 83bcc960626b..b07e75829645 100644
--- a/crypto/openssl/Configurations/README.md
+++ b/crypto/openssl/Configurations/README.md
@@ -502,7 +502,7 @@ The build-file template is processed with the perl module
Text::Template, using `{-` and `-}` as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
-configdata.pem.
+configdata.pm.
The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with `{-` and `-}`.
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 499585438a16..1b020faadb01 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -221,16 +221,9 @@ our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
#
# API compatibility name to version number mapping.
#
-my $apitable = {
- # This table expresses when API additions or changes can occur.
- # The numbering used changes from 3.0 and on because we updated
- # (solidified) our version numbering scheme at that point.
-
- # From 3.0 and on, we internalise the given version number in decimal
- # as MAJOR * 10000 + MINOR * 100 + 0
- "3.0.0" => 30000,
- "3.0" => 30000,
+# This table expresses when API additions or changes can occur
+my $apitable = {
# Note that before 3.0, we didn't have the same version number scheme.
# Still, the numbering we use here covers what we need.
"1.1.1" => 10101,
@@ -241,6 +234,18 @@ my $apitable = {
"0.9.8" => 908,
};
+# From 3.0 and on, we internalise the given version number in decimal
+# as MAJOR * 10000 + MINOR * 100 + 0
+my @post30_versions = ([3, 0], [3, 1], [3, 2], [3, 3], [3, 4], [3, 5],
+ );
+
+# The numbering used changes from 3.0 and on because we updated
+# (solidified) our version numbering scheme at that point.
+foreach (@post30_versions) {
+ my ($x, $y) = @{$_};
+ $apitable->{"$x.$y.0"} = $apitable->{"$x.$y"} = $x * 10000 + $y * 100;
+}
+
# For OpenSSL::config::get_platform
my %guess_opts = ();
diff --git a/crypto/openssl/NEWS.md b/crypto/openssl/NEWS.md
index 07f78ae2af17..04d0bd72c7f5 100644
--- a/crypto/openssl/NEWS.md
+++ b/crypto/openssl/NEWS.md
@@ -23,10 +23,65 @@ OpenSSL Releases
OpenSSL 3.5
-----------
+### Major changes between OpenSSL 3.5.6 and OpenSSL 3.5.7 [9 Jun 2026]
+
+OpenSSL 3.5.7 is a security patch release. The most severe CVE fixed
+in this release is High.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fixed heap use-after-free in `PKCS7_verify()`.
+ ([CVE-2026-45447])
+
+ * Fixed CMS `AuthEnvelopedData` processing may accept forged messages.
+ ([CVE-2026-34182])
+
+ * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler.
+ ([CVE-2026-34183])
+
+ * Fixed NULL pointer dereference in QUIC server initial packet handling.
+ ([CVE-2026-42764])
+
+ * Fixed AES-OCB IV ignored on `EVP_Cipher()` path.
+ ([CVE-2026-45445])
+
+ * Fixed possible heap buffer overflow in ASN.1 multibyte string conversion.
+ ([CVE-2026-7383])
+
+ * Fixed out-of-bounds read in CMS password-based decryption.
+ ([CVE-2026-9076])
+
+ * Fixed heap buffer over-read in ASN.1 content parsing.
+ ([CVE-2026-34180])
+
+ * Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys.
+ ([CVE-2026-34181])
+
+ * Fixed possible NULL dereference in password-dased CMS decryption.
+ ([CVE-2026-42766])
+
+ * Fixed NULL pointer dereference in CRMF `EncryptedValue` decryption.
+ ([CVE-2026-42767])
+
+ * Fixed multi-`RecipientInfo` Bleichenbacher Oracle in `CMS_decrypt()`
+ and `PKCS7_decrypt()`.
+ ([CVE-2026-42768])
+
+ * Fixed trust anchor substitution via `cert`/`issuer` typo in CMP
+ `rootCaKeyUpdate`.
+ ([CVE-2026-42769])
+
+ * Fixed FFC-DH peer validation uses attacker-supplied `q`.
+ ([CVE-2026-42770])
+
+ * Fixed incorrect tag processing for empty messages in AES-GCM-SIV
+ and AES-SIV modes.
+ ([CVE-2026-45446])
+
### Major changes between OpenSSL 3.5.5 and OpenSSL 3.5.6 [7 Apr 2026]
OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this
-release is Medium.
+release is Moderate.
This release incorporates the following bug fixes and mitigations:
@@ -2210,6 +2265,8 @@ OpenSSL 0.9.x
[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
+[CVE-2026-7383]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-7383
+[CVE-2026-9076]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-9076
[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
@@ -2218,6 +2275,19 @@ OpenSSL 0.9.x
[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
+[CVE-2026-34180]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34180
+[CVE-2026-34181]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34181
+[CVE-2026-34182]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34182
+[CVE-2026-34183]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34183
+[CVE-2026-42764]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42764
+[CVE-2026-42766]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42766
+[CVE-2026-42767]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42767
+[CVE-2026-42768]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42768
+[CVE-2026-42769]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42769
+[CVE-2026-42770]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42770
+[CVE-2026-45445]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45445
+[CVE-2026-45446]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45446
+[CVE-2026-45447]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45447
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
[README-QUIC.md]: ./README-QUIC.md
diff --git a/crypto/openssl/VERSION.dat b/crypto/openssl/VERSION.dat
index d3c75677c466..a297eee91e17 100644
--- a/crypto/openssl/VERSION.dat
+++ b/crypto/openssl/VERSION.dat
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=5
-PATCH=6
+PATCH=7
PRE_RELEASE_TAG=
BUILD_METADATA=
-RELEASE_DATE="7 Apr 2026"
+RELEASE_DATE="9 Jun 2026"
SHLIB_VERSION=3
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index 2dd839358231..1b186cd245cd 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -716,7 +716,7 @@ int enc_main(int argc, char **argv)
skey = EVP_SKEY_import(app_get0_libctx(), EVP_SKEYMGMT_get0_name(mgmt),
app_get0_propq(), OSSL_SKEYMGMT_SELECT_ALL, params);
- OSSL_PARAM_free(params);
+ app_params_free(params);
if (skey == NULL) {
BIO_printf(bio_err, "Error creating opaque key object for skeymgmt %s\n",
skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher));
diff --git a/crypto/openssl/apps/lib/apps.c b/crypto/openssl/apps/lib/apps.c
index bc2e1c123a75..e5a2b162b4ef 100644
--- a/crypto/openssl/apps/lib/apps.c
+++ b/crypto/openssl/apps/lib/apps.c
@@ -1057,9 +1057,12 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
if (ok)
pcert = NULL;
} else if (pcerts != NULL) {
- ok = X509_add_cert(*pcerts,
- OSSL_STORE_INFO_get1_CERT(info),
- X509_ADD_FLAG_DEFAULT);
+ X509 *cert = OSSL_STORE_INFO_get1_CERT(info);
+
+ ok = cert != NULL
+ && X509_add_cert(*pcerts, cert, X509_ADD_FLAG_DEFAULT);
+ if (!ok)
+ X509_free(cert);
}
ncerts += ok;
break;
@@ -1069,7 +1072,11 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
if (ok)
pcrl = NULL;
} else if (pcrls != NULL) {
- ok = sk_X509_CRL_push(*pcrls, OSSL_STORE_INFO_get1_CRL(info));
+ X509_CRL *crl = OSSL_STORE_INFO_get1_CRL(info);
+
+ ok = crl != NULL && sk_X509_CRL_push(*pcrls, crl);
+ if (!ok)
+ X509_CRL_free(crl);
}
ncrls += ok;
break;
diff --git a/crypto/openssl/apps/lib/cmp_mock_srv.c b/crypto/openssl/apps/lib/cmp_mock_srv.c
index cf21e8277887..09b69ff4cf59 100644
--- a/crypto/openssl/apps/lib/cmp_mock_srv.c
+++ b/crypto/openssl/apps/lib/cmp_mock_srv.c
@@ -345,6 +345,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
STACK_OF(ASN1_UTF8STRING) *strs;
ASN1_UTF8STRING *str;
const char *data;
+ int len;
if (OBJ_obj2nid(obj) == NID_id_it_certProfile) {
if (!OSSL_CMP_ITAV_get0_certProfile(itav, &strs))
@@ -359,7 +360,8 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
return NULL;
}
- if (strcmp(data, "profile1") != 0) {
+ if (((len = ASN1_STRING_length(str)) != (int)sizeof("profile1") - 1)
+ || memcmp(data, "profile1", len) != 0) {
ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CERTPROFILE);
return NULL;
}
diff --git a/crypto/openssl/apps/list.c b/crypto/openssl/apps/list.c
index 757400b36215..faf92306052c 100644
--- a/crypto/openssl/apps/list.c
+++ b/crypto/openssl/apps/list.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1490,6 +1490,9 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_DSA
BIO_puts(bio_out, "DSA\n");
#endif
+#ifdef OPENSSL_NO_SIPHASH
+ BIO_puts(bio_out, "SIPHASH\n");
+#endif
#if defined(OPENSSL_NO_DTLS)
BIO_puts(bio_out, "DTLS\n");
#endif
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index d356359a97ef..9b88d6dfbc86 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -2549,7 +2549,7 @@ re_start:
"xmlns='jabber:%s' to='%s' version='1.0'>",
starttls_proto == PROTO_XMPP ? "client" : "server",
protohost ? protohost : host);
- seen = BIO_read(sbio, mbuf, BUFSIZZ);
+ seen = BIO_read(sbio, mbuf, BUFSIZZ - 1);
if (seen < 0) {
BIO_printf(bio_err, "BIO_read failed\n");
goto end;
@@ -2558,7 +2558,7 @@ re_start:
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")
&& !strstr(mbuf,
"<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"")) {
- seen = BIO_read(sbio, mbuf, BUFSIZZ);
+ seen = BIO_read(sbio, mbuf, BUFSIZZ - 1);
if (seen <= 0)
goto shut;
@@ -2567,7 +2567,7 @@ re_start:
}
BIO_printf(sbio,
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
- seen = BIO_read(sbio, sbuf, BUFSIZZ);
+ seen = BIO_read(sbio, sbuf, BUFSIZZ - 1);
if (seen < 0) {
BIO_printf(bio_err, "BIO_read failed\n");
goto shut;
@@ -2793,7 +2793,7 @@ re_start:
"Didn't find STARTTLS in server response,"
" trying anyway...\n");
BIO_printf(sbio, "STARTTLS\r\n");
- mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+ mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ - 1);
if (mbuf_len < 0) {
BIO_printf(bio_err, "BIO_read failed\n");
goto end;
@@ -2834,7 +2834,7 @@ re_start:
"Didn't find STARTTLS in server response,"
" trying anyway...\n");
BIO_printf(sbio, "STARTTLS\r\n");
- mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+ mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ - 1);
if (mbuf_len < 0) {
BIO_printf(bio_err, "BIO_read failed\n");
goto end;
@@ -3307,7 +3307,7 @@ re_start:
if (crlf) {
int j, lf_num;
- i = raw_read_stdin(cbuf, BUFSIZZ / 2);
+ i = raw_read_stdin(cbuf, (BUFSIZZ - 1) / 2);
lf_num = 0;
/* both loops are skipped when i <= 0 */
for (j = 0; j < i; j++)
@@ -3323,7 +3323,7 @@ re_start:
}
assert(lf_num == 0);
} else
- i = raw_read_stdin(cbuf, BUFSIZZ);
+ i = raw_read_stdin(cbuf, BUFSIZZ - 1);
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
if (i == 0)
at_eof = 1;
diff --git a/crypto/openssl/apps/skeyutl.c b/crypto/openssl/apps/skeyutl.c
index 2404a8e8aa28..8f81ea15fc14 100644
--- a/crypto/openssl/apps/skeyutl.c
+++ b/crypto/openssl/apps/skeyutl.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -106,7 +106,7 @@ int skeyutl_main(int argc, char **argv)
skey = EVP_SKEY_generate(app_get0_libctx(),
skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher),
app_get0_propq(), params);
- OSSL_PARAM_free(params);
+ app_params_free(params);
if (skey == NULL) {
BIO_printf(bio_err, "Error creating opaque key for skeymgmt %s\n",
skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher));
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index a8d7cb14f579..6cf9748902c2 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -3138,8 +3138,9 @@ int speed_main(int argc, char **argv)
exit(1);
}
- if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_AEAD_GET_TAG,
- TAG_LEN, &loopargs[k].tag)) {
+ if (EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_AEAD_GET_TAG,
+ TAG_LEN, &loopargs[k].tag)
+ <= 0) {
BIO_printf(bio_err, "\nFailed to get the tag\n");
dofail();
exit(1);
diff --git a/crypto/openssl/apps/testdsa.h b/crypto/openssl/apps/testdsa.h
index e8d04bb31e8a..31f8e74a9cfb 100644
--- a/crypto/openssl/apps/testdsa.h
+++ b/crypto/openssl/apps/testdsa.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,274 +13,48 @@
EVP_PKEY *get_dsa(int);
static unsigned char dsa512_priv[] = {
- 0x65,
- 0xe5,
- 0xc7,
- 0x38,
- 0x60,
- 0x24,
- 0xb5,
*** 48077 LINES SKIPPED ***