FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=vendor%2Fopenssl-3.5 2026-04-07T22:35:35Z 2026-04-07T22:35:35Z Enji Cooper ngie@FreeBSD.org 2026-04-07T22:35:35Z urn:sha1:ab5fc4ac933ff67bc800e774dffce15e2a541e90 This change adds OpenSSL 3.5.6 from upstream [1]. The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3]. This is a security release, but also contains several bugfixes. More information about the release (from a high level) can be found in the release notes [4]. 1. openssl-3.5.6.tar.gz 2. openssl-3.5.6.tar.gz.asc 3. openssl-3.5.6.tar.gz.sha256 4. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md 2026-01-29T01:27:53Z Enji Cooper ngie@FreeBSD.org 2026-01-29T01:27:53Z urn:sha1:808413da28df9fb93e1f304e6016b15e660f54c8 This change adds OpenSSL 3.5.5 from upstream [1]. The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3]. This is a security release, but also contains several bugfixes. More information about the release (from a high level) can be found in the release notes [4]. 1. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz 2. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.asc 3. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.sha256 4. https://github.com/openssl/openssl/blob/openssl-3.5.5/NEWS.md 2025-09-16T23:42:52Z Enji Cooper ngie@FreeBSD.org 2025-09-16T23:42:52Z urn:sha1:aed904c48f330dc76da942a8ee2d6eef9d11f572 This change adds OpenSSL 3.5.3 from upstream [1]. The 3.5.3 artifact was been verified via PGP key [2] and by SHA256 checksum [3]. This is a minor release with a single major bugfix to multithreading support with `OSSL_STORE_CTX`. More information about the release (from a high level) can be found in the release notes [4]. 1. https://github.com/openssl/openssl/releases/download/openssl-3.5.3/openssl-3.5.3.tar.gz 2. https://github.com/openssl/openssl/releases/download/openssl-3.5.3/openssl-3.5.3.tar.gz.asc 3. https://github.com/openssl/openssl/releases/download/openssl-3.5.3/openssl-3.5.3.tar.gz.sha256 4. https://github.com/openssl/openssl/blob/openssl-3.5.3/NEWS.md 2025-08-07T11:54:09Z Pierre Pronchery khorben@FreeBSD.org 2025-07-11T21:17:50Z urn:sha1:1095efe41feed8ea5a6fe5ca123c347ae0914801 This change adds OpenSSL 3.5.1 from upstream [1]. The 3.5.1 artifact was been verified via PGP key [2] and by SHA256 checksum [3]. More information about the release (from a high level) can be found in the release notes [4]. 1. https://github.com/openssl/openssl/releases/download/openssl-3.5.1/openssl-3.5.1.tar.gz 2. https://github.com/openssl/openssl/releases/download/openssl-3.5.1/openssl-3.5.1.tar.gz.asc 3. https://github.com/openssl/openssl/releases/download/openssl-3.5.1/openssl-3.5.1.tar.gz.sha256 4. https://github.com/openssl/openssl/blob/openssl-3.5.1/NEWS.md Reviewed by: ngie, philip Approved by: philip (mentor) Sponsored by: The FreeBSD Foundation 2025-08-07T11:53:44Z Pierre Pronchery khorben@FreeBSD.org 2025-06-27T21:41:09Z urn:sha1:09a25192275b21412a51e3a2d5d6ff0eb147425d This change completes the import of OpenSSL 3.5.0 from upstream. The source archive has been verified via PGP and SHA256: 1. https://github.com/openssl/openssl/releases/download/openssl-3.5.0/openssl-3.5.0.tar.gz 2. https://github.com/openssl/openssl/releases/download/openssl-3.5.0/openssl-3.5.0.tar.gz.asc 3. https://github.com/openssl/openssl/releases/download/openssl-3.5.0/openssl-3.5.0.tar.gz.sha256 4. https://github.com/openssl/openssl/blob/openssl-3.5.0/NEWS.md Reviewed by: ngie, philip Approved by: philip (mentor) Sponsored by: The FreeBSD Foundation 2025-05-07T22:37:22Z Enji Cooper ngie@FreeBSD.org 2025-05-07T21:18:24Z urn:sha1:29536654cc41bf41b92dc836c47496dc6fe0b00c This change adds OpenSSL 3.5.0 from upstream [1]. The 3.5.0 artifact was been verified via PGP key [2] and by SHA256 checksum [3]. More information about the release (from a high level) can be found in the release notes [4]. 1. https://github.com/openssl/openssl/releases/download/openssl-3.5.0/openssl-3.5.0.tar.gz 2. https://github.com/openssl/openssl/releases/download/openssl-3.5.0/openssl-3.5.0.tar.gz.asc 3. https://github.com/openssl/openssl/releases/download/openssl-3.5.0/openssl-3.5.0.tar.gz.sha256 4. https://github.com/openssl/openssl/blob/openssl-3.5.0/NEWS.md 2025-03-06T17:49:50Z Enji Cooper ngie@FreeBSD.org 2025-03-06T17:49:50Z urn:sha1:1c34280346af8284acdc0eae39496811d37df25d This release incorporates the following bug fixes and mitigations: - [CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 - [CVE-2024-9143](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html 2024-06-20T23:24:17Z Enji Cooper ngie@FreeBSD.org 2024-06-20T23:24:17Z urn:sha1:1070e7dca8223387baf5155524b28f62bfe7da3c This release resolves 3 upstream found CVEs: - Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741) - Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603) - Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511) 2024-02-02T09:48:38Z Cy Schubert cy@FreeBSD.org 2024-02-02T04:39:16Z urn:sha1:9dd13e84fa8eca8f3462bd55485aa3da8c37f54a * Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) * Fixed Excessive time spent checking invalid RSA public keys ([CVE-2023-6237]) * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129]) * Fix excessive time spent in DH check / generation with large Q parameter value ([CVE-2023-5678]) Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html. 2023-10-24T17:48:36Z Ed Maste emaste@FreeBSD.org 2023-10-24T17:45:46Z urn:sha1:825caf7e12445fa4818413cc37c8b45bebb6c3a9 * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length ([CVE-2023-5363]). Sponsored by: The FreeBSD Foundation