Skip to content

Update dependency openssl/openssl to v3.6.0

GitLab Dependency Botrequested to merge
gitlab-renovate-forks/omnibus-gitlab:renovate/openssl-openssl-3.x into master

This MR contains the following updates:

Package Update Change
openssl/openssl minor 3.4.1 -> 3.6.0

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

Release Notes

openssl/openssl (openssl/openssl)

v3.6.0

Compare Source

  • Added support for EVP_SKEY opaque symmetric key objects to the key derivation and key exchange provider methods. Added EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() functions.

    Dmitry Belyavskiy and Simo Sorce

  • Added PCT for key import for SLH-DSA when in FIPS mode.

    Dr Paul Dale

  • Added i2d_PKCS8PrivateKey(3) API to complement i2d_PrivateKey(3), the former always outputs PKCS#8.

    Viktor Dukhovni

  • Implemented interleaved AES-CBC+HMAC-SHA algorithm on AArch64.

    Fangming Fang

  • Added NIST security categories for PKEY objects.

    Dr Paul Dale

  • Added notification when all stream FINs are acknowledged in QUIC. Introduced ossl_quic_channel_notify_flush_done() so that once final FINs are ACKed, the channel transitions to terminating and SSL_poll() signals completion. This allows applications to progress shutdown reliably.

    Alexandr Nedvědický

  • Added array memory allocation routines and converted suitable memory allocation calls in the library to them.

    Eugene Syromiatnikov

  • Fixed behavior change of EC keygen by adding the generic error entry if the provider did not itself add an error entry onto the queue. That way, there always is an error on the error queue in case of a failure, but no behavior change in case the provider emitted the error entry itself.

    Ingo Franzki

  • Documented all the environment variables used across the project in openssl-env(7) and in specific man pages.

    Eugene Syromiatnikov

  • Added SHA-2 assembly implementation enhancing performance for LoongArch. Added optimized SM3, MD5, SHA-256, SHA-512 implementation using Zbb extension for RISC-V.

    Julian Zhu

  • Added options CRYPTO_MEM_SEC and CRYPTO_MEM_SEC_MINSIZE to openssl app to initialize secure memory at the beginning of openssl app.

    Norbert Pócs

  • Resolved compiler warnings on Win64 builds.

    Tomáš Mráz

  • Extended new CRYPTO_THREAD_[get|set]_local API to reduce the usage of OS thread-local variables.

    Neil Horman

  • Added make targets build_inst_sw and build_inst_programs which have the functionality to split the build into two parts, e.g. when tests should be built with different compiler flags than the installed software.

    Pavol Zacik

  • Refactored OSSL_PARAM name parsing so that automatically generated parsers are used instead of OSSL_PARAM_locate() calls. This should also ensure that the list of acceptable parameters better matches those which are actually processed. It should also provide a small performance improvement, because repeated iteration over passed parameter arrays is avoided.

    Dr Paul Dale

  • Introduced SSL_OP_SERVER_PREFERENCE, superseding misleadingly named SSL_OP_CIPHER_SERVER_PREFERENCE.

    Michael Baentsch

  • Added LMS signature verification support as per [SP 800-208]. This support is present in both the FIPS and default providers.

    Shane Lontis and Paul Dale

  • Introduced use of <stdbool.h> when handling JSON encoding in the OpenSSL codebase, replacing the previous use of int for these boolean values.

    Alexis Goodfellow

  • An ANSI-C toolchain is no longer sufficient for building OpenSSL. The code should be built using compilers supporting C-99 features.

    Alexandr Nedvědický

  • Support for the VxWorks platforms has been removed. These platforms were unadopted, unmaintained and reported to be non-functional.

    Anthony Ioppolo

  • Relaxed the path check in OpenSSL's file: scheme implementation for OSSL_STORE. Previously, when the file: scheme is an explicit part of the URI, our implementation required an absolute path, such as file:/path/to/file.pem. This requirement is now relaxed, allowing file:path/to/file.pem, as well as file:file.pem.

    Richard Levitte

  • Changed openssl-pkey(1) to match the documentation when private keys are output in DER format (-outform DER) by producing the PKCS#8 form by default. Previously, this would output the traditional form for those older key types (DSA, RSA, ECDSA) that had such a form. The -traditional flag has been extended to support explicit requests to output that format in DER format (it was previously PEM-only).

    Viktor Dukhovni

  • Added an openssl configutl utility for processing the OpenSSL configuration file and dumping the equal configuration file.

    Dmitry Belyavskiy based on Clemens Lang's code

  • Added support for setting a free function thunk to OPENSSL_sk stack types. Using a thunk allows the type specific free function to be called with the correct type information from generic functions like OPENSSL_sk_pop_free().

    Frederik Wedel-Heinen

  • Enabled x86-64 SM4 optimizations with SM4 ISA Extension available starting Lunar Lake and Arrow Lake S CPUs. The expected performance improvement is ~3.6x for sm4-cbc, ~2.9x for sm4-gcm, ~9.2x for sm4-xts, ~5.3x for sm4-ccm (on average, may vary depending on the data size) on Arrow Lake S.

    Alina Elizarova

  • Enabled x86-64 SM3 optimizations with SM3 ISA Extension available starting Lunar Lake and Arrow Lake S CPUs. The expected performance improvement is ~2.2—4.7x (depends on the data size) on Arrow Lake S.

    Alina Elizarova

  • Enabled x86-64 SHA-512 optimizations with SHA512 ISA Extension. Optimized digests: sha384, sha512, sha512-224, sha512-256. openssl speed shows speedups ranging from 1.6x to 4.5x on the P-cores of Intel Core Ultra 5 238V.

    Adrian Stanciu

  • Changed default EC point formats configuration to support only 'uncompressed' format, and added SSL_OP_LEGACY_EC_POINT_FORMATS flag and options to re-enable previous default, if required.

    Tim Perry

  • Increased PKCS#12 default macsaltlen from 8 to 16, as, per NIST [SP 800-132], this improves interoperability for newly generated PKCS#12 stores between FIPS and non-FIPS implementations.

    Dimitri John Ledkov

  • Added X509_CRL_get0_tbs_sigalg() accessor for the signature AlgorithmIdentifier inside CRL's TBSCertList.

    Theo Buehler

  • Added OIDS for HKDFs with SHA-256, SHA-384, and SHA-512. Added ability to load HKDF configured with these explicit digests by name or OID.

    Daniel Van Geest (CryptoNext Security)

  • Added Intel AVX-512 and VAES optimizations for AES-CFB128 algorithms. Encryption performance on large buffers improved by 1.5—1.7x, while decryption speed increased by 20—23x.

    Adrian Stanciu

  • Added support for TLS 1.3 OCSP multi-stapling for server certs.

    • new s_client options:
      • -ocsp_check_leaf: Checks the status of the leaf (server) certificate.
      • -ocsp_check_all: Checks the status of all certificates in the server chain.
    • new s_server option:
      • -status_all Provides OCSP status information for the entire server certificate chain (multi-stapling) for TLS 1.3 and later.
    • Improved -status_file option can now be given multiple times to provide multiple files containing OCSP responses.

    Michael Krueger, Martin Rauch

  • Added KEMRecipientInfo (RFC 9629) and ML-KEM (draft-ietf-lamps-cms-kyber) support to CMS.

    Daniel Van Geest (CryptoNext Security)

  • Added support for FIPS 186-5 deterministic ECDSA signature generation to the FIPS provider.

    Dimitri John Ledkov

v3.5.4

Compare Source

  • Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap

    Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.

    Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.

    The issue was reported by Stanislav Fort (Aisle Research).

    ([CVE-2025-9230])

    Viktor Dukhovni

  • Fix Timing side-channel in SM2 algorithm on 64 bit ARM

    Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms.

    Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.

    The issue was reported by Stanislav Fort (Aisle Research).

    ([CVE-2025-9231])

    Stanislav Fort and Tomáš Mráz

  • Fix Out-of-bounds read in HTTP client no_proxy handling

    Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the "no_proxy" environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address.

    Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application.

    The issue was reported by Stanislav Fort (Aisle Research).

    ([CVE-2025-9232])

    Stanislav Fort

  • The FIPS provider no longer performs a PCT on key import for ECX keys (that was introduced in 3.5.2), following the latest update on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.

    Eugene Syromiatnikov

  • Fixed the length of the ASN.1 sequence for the SM3 digests of RSA-encrypted signatures.

    Xiao Lou Dong Feng

  • Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release builds, as it broke some exiting applications that relied on the previous 3.x semantics, as documented in OpenSSL_version(3).

    Richard Levitte

v3.5.3

Compare Source

  • Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap

    Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.

    Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.

    The issue was reported by Stanislav Fort (Aisle Research).

    ([CVE-2025-9230])

    Viktor Dukhovni

  • Fix Timing side-channel in SM2 algorithm on 64 bit ARM

    Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms.

    Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.

    The issue was reported by Stanislav Fort (Aisle Research).

    ([CVE-2025-9231])

    Stanislav Fort and Tomáš Mráz

  • Fix Out-of-bounds read in HTTP client no_proxy handling

    Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the "no_proxy" environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address.

    Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application.

    The issue was reported by Stanislav Fort (Aisle Research).

    ([CVE-2025-9232])

    Stanislav Fort

  • The FIPS provider no longer performs a PCT on key import for ECX keys (that was introduced in 3.5.2), following the latest update on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.

    Eugene Syromiatnikov

  • Fixed the length of the ASN.1 sequence for the SM3 digests of RSA-encrypted signatures.

    Xiao Lou Dong Feng

  • Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release builds, as it broke some exiting applications that relied on the previous 3.x semantics, as documented in OpenSSL_version(3).

    Richard Levitte

v3.5.2

Compare Source

  • Avoided a potential race condition introduced in 3.5.1, where OSSL_STORE_CTX kept open during lookup while potentially being used by multiple threads simultaneously, that could lead to potential crashes when multiple concurrent TLS connections are served.

    Matt Caswell

  • The FIPS provider no longer performs a PCT on key import for RSA, DH, and EC keys (that was introduced in 3.5.2), following the latest update on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.

    Dr Paul Dale

  • Secure memory allocation calls are no longer used for HMAC keys.

    Dr Paul Dale

  • openssl req no longer generates certificates with an empty extension list when SKID/AKID are set to none during generation.

    David Benjamin

  • The man page date is now derived from the release date provided in VERSION.dat and not the current date for the released builds.

    Enji Cooper

  • Hardened the provider implementation of the RSA public key "encrypt" operation to add a missing check that the caller-indicated output buffer size is at least as large as the byte count of the RSA modulus. The issue was reported by Arash Ale Ebrahim from SYSPWN.

    This operation is typically invoked via EVP_PKEY_encrypt(3). Callers that in fact provide a sufficiently large buffer, but fail to correctly indicate its size may now encounter unexpected errors. In applications that attempt RSA public encryption into a buffer that is too small, an out-of-bounds write is now avoided and an error is reported instead.

    Viktor Dukhovni

  • Added FIPS 140-3 PCT on DH key generation.

    Nikola Pajkovsky

  • Fixed the synthesised OPENSSL_VERSION_NUMBER.

    Richard Levitte

v3.5.1

Compare Source

  • The FIPS provider now performs a PCT on key import for RSA, EC and ECX. This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.

    Dr Paul Dale

v3.5.0

Compare Source

  • Fix x509 application adds trusted use instead of rejected use.

    Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate.

    Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use.

    ([CVE-2025-4575])

    Tomas Mraz

  • Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation alert being received. Older versions of OpenSSL failed with DTLS if a no_renegotiation alert was received. All versions of OpenSSL do this for TLS. From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We have now restored the original behaviour and brought DTLS back into line with TLS.

    Matt Caswell

v3.4.3: OpenSSL 3.4.3

Compare Source

OpenSSL 3.4.3 is a security patch release. The most severe CVE fixed in this release is Moderate.

This release incorporates the following bug fixes and mitigations:

  • Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)

  • Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231)

  • Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)

v3.4.2

Compare Source

  • When displaying distinguished names in the openssl application escape control characters by default.

    Tomáš Mráz

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by GitLab Dependency Bot

Merge request reports