Skip to content

deps: update OpenSSL to 3.5.4 #60100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
nodejs-github-bot wants to merge 3 commits into from
Closed

deps: update OpenSSL to 3.5.4 #60100

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2b46373
deps: upgrade openssl sources to openssl-3.5.3
nodejs-github-bot Sep 16, 2025
ede3378
deps: update archs files for openssl-3.5.3
nodejs-github-bot Sep 16, 2025
3b17953
deps: upgrade openssl sources to openssl-3.5.4
nodejs-github-bot Oct 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
deps: upgrade openssl sources to openssl-3.5.4
  • Loading branch information
@nodejs-github-bot
nodejs-github-bot committed Oct 1, 2025
commit 3b17953e99e96c6cd2eb4b11c83feaa7cf8f4174
69 changes: 69 additions & 0 deletions deps/openssl/openssl/CHANGES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,72 @@ OpenSSL Releases
OpenSSL 3.5
-----------

### Changes between 3.5.3 and 3.5.4 [30 Sep 2025]

* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap

Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.

Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.

The issue was reported by Stanislav Fort (Aisle Research).

([CVE-2025-9230])

*Viktor Dukhovni*

* Fix Timing side-channel in SM2 algorithm on 64 bit ARM

Issue summary: A timing side-channel which could potentially allow remote
recovery of the private key exists in the SM2 algorithm implementation on
64 bit ARM platforms.

Impact summary: A timing side-channel in SM2 signature computations on
64 bit ARM platforms could allow recovering the private key by an attacker.

The issue was reported by Stanislav Fort (Aisle Research).

([CVE-2025-9231])

*Stanislav Fort and Tomáš Mráz*

* Fix Out-of-bounds read in HTTP client no_proxy handling

Issue summary: An application using the OpenSSL HTTP client API functions
may trigger an out-of-bounds read if the "no_proxy" environment variable is
set and the host portion of the authority component of the HTTP URL is an
IPv6 address.

Impact summary: An out-of-bounds read can trigger a crash which leads to
Denial of Service for an application.

The issue was reported by Stanislav Fort (Aisle Research).

([CVE-2025-9232])

*Stanislav Fort*

* The FIPS provider no longer performs a PCT on key import for ECX keys
(that was introduced in 3.5.2), following the latest update
on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.

*Eugene Syromiatnikov*

* Fixed the length of the ASN.1 sequence for the SM3 digests of RSA-encrypted
signatures.

*Xiao Lou Dong Feng*

* Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release
builds, as it broke some exiting applications that relied on the previous
3.x semantics, as documented in `OpenSSL_version(3)`.

*Richard Levitte*

### Changes between 3.5.2 and 3.5.3 [16 Sep 2025]

* Avoided a potential race condition introduced in 3.5.1, where
Expand Down Expand Up @@ -21284,6 +21350,9 @@ ndif

<!-- Links -->

[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Expand Down
40 changes: 35 additions & 5 deletions deps/openssl/openssl/NEWS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,19 +23,46 @@ OpenSSL Releases
OpenSSL 3.5
-----------

### Major changes between OpenSSL 3.5.3 and OpenSSL 3.5.4 [30 Sep 2025]

OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
([CVE-2025-9230])

* Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
([CVE-2025-9231])

* Fix Out-of-bounds read in HTTP client no_proxy handling.
([CVE-2025-9232])

* Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release
builds, as it broke some exiting applications that relied on the previous
3.x semantics, as documented in `OpenSSL_version(3)`.

### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025]

* Added FIPS 140-3 PCT on DH key generation.
OpenSSL 3.5.3 is a bug fix release.

This release incorporates the following bug fixes and mitigations:

*Nikola Pajkovsky*
* Added FIPS 140-3 PCT on DH key generation.

* Fixed the synthesised `OPENSSL_VERSION_NUMBER`.

*Richard Levitte*
* Removed PCT on key import in the FIPS provider as it is not required by
the standard.

### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025]

* none
OpenSSL 3.5.2 is a bug fix release.

This release incorporates the following bug fixes and mitigations:

* The FIPS provider now performs a PCT on key import for RSA, EC and ECX.

### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025]

Expand All @@ -45,7 +72,7 @@ release is Low.
This release incorporates the following bug fixes and mitigations:

* Fix x509 application adds trusted use instead of rejected use.
([CVE-2025-4575])
([CVE-2025-4575])

### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025]

Expand Down Expand Up @@ -1913,6 +1940,9 @@ OpenSSL 0.9.x
* Support for various new platforms

<!-- Links -->
[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/VERSION.dat
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=5
PATCH=3
PATCH=4
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="16 Sep 2025"
RELEASE_DATE="30 Sep 2025"
SHLIB_VERSION=3
16 changes: 12 additions & 4 deletions deps/openssl/openssl/apps/storeutl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -331,14 +331,22 @@ int storeutl_main(int argc, char *argv[])
static int indent_printf(int indent, BIO *bio, const char *format, ...)
{
va_list args;
int ret;
int ret, vret;

ret = BIO_printf(bio, "%*s", indent, "");
if (ret < 0)
return ret;

va_start(args, format);
vret = BIO_vprintf(bio, format, args);
va_end(args);

ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
if (vret < 0)
return vret;
if (vret > INT_MAX - ret)
return INT_MAX;

va_end(args);
return ret;
return ret + vret;
}

static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/crypto/bio/bss_file.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
if (fp == NULL) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling fopen(%s, %s)",
ptr, p);
(const char *)ptr, p);
ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB);
ret = 0;
break;
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/crypto/cms/cms_pwri.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
/* Check byte failure */
goto err;
}
if (inlen < (size_t)(tmp[0] - 4)) {
if (inlen < 4 + (size_t)tmp[0]) {
/* Invalid length value */
goto err;
}
Expand Down
103 changes: 4 additions & 99 deletions deps/openssl/openssl/crypto/ec/ecp_sm2p256.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -56,10 +56,6 @@ ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = {
0xffffffffffffffff, 0xffffffff00000000,
0xffffffffffffffff, 0xfffffffeffffffff
};
ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = {
0x53bbf40939d54123, 0x7203df6b21c6052b,
0xffffffffffffffff, 0xfffffffeffffffff
};

ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0};

Expand Down Expand Up @@ -177,13 +173,6 @@ static ossl_inline void ecp_sm2p256_mod_inverse(BN_ULONG* out,
BN_MOD_INV(out, in, ecp_sm2p256_div_by_2, ecp_sm2p256_sub, def_p);
}

/* Modular inverse mod order |out| = |in|^(-1) % |ord|. */
static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out,
const BN_ULONG* in) {
BN_MOD_INV(out, in, ecp_sm2p256_div_by_2_mod_ord, ecp_sm2p256_sub_mod_ord,
def_ord);
}

/* Point double: R <- P + P */
static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P)
{
Expand Down Expand Up @@ -454,52 +443,6 @@ static int ecp_sm2p256_is_affine_G(const EC_POINT *generator)
}
#endif

/*
* Convert Jacobian coordinate point into affine coordinate (x,y)
*/
static int ecp_sm2p256_get_affine(const EC_GROUP *group,
const EC_POINT *point,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0};
ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0};
ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0};
ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0};
ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0};
ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0};
ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0};

if (EC_POINT_is_at_infinity(group, point)) {
ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY);
return 0;
}

if (ecp_sm2p256_bignum_field_elem(point_x, point->X) <= 0
|| ecp_sm2p256_bignum_field_elem(point_y, point->Y) <= 0
|| ecp_sm2p256_bignum_field_elem(point_z, point->Z) <= 0) {
ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
return 0;
}

ecp_sm2p256_mod_inverse(z_inv3, point_z);
ecp_sm2p256_sqr(z_inv2, z_inv3);

if (x != NULL) {
ecp_sm2p256_mul(x_aff, point_x, z_inv2);
if (!bn_set_words(x, x_aff, P256_LIMBS))
return 0;
}

if (y != NULL) {
ecp_sm2p256_mul(z_inv3, z_inv3, z_inv2);
ecp_sm2p256_mul(y_aff, point_y, z_inv3);
if (!bn_set_words(y, y_aff, P256_LIMBS))
return 0;
}

return 1;
}

/* r = sum(scalar[i]*point[i]) */
static int ecp_sm2p256_windowed_mul(const EC_GROUP *group,
P256_POINT *r,
Expand Down Expand Up @@ -689,44 +632,6 @@ static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r,
return 1;
}

static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
const BIGNUM *x, BN_CTX *ctx)
{
int ret = 0;
ALIGN32 BN_ULONG t[P256_LIMBS] = {0};
ALIGN32 BN_ULONG out[P256_LIMBS] = {0};

if (bn_wexpand(r, P256_LIMBS) == NULL) {
ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}

if ((BN_num_bits(x) > 256) || BN_is_negative(x)) {
BIGNUM *tmp;

if ((tmp = BN_CTX_get(ctx)) == NULL
|| !BN_nnmod(tmp, x, group->order, ctx)) {
ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}
x = tmp;
}

if (!ecp_sm2p256_bignum_field_elem(t, x)) {
ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
goto err;
}

ecp_sm2p256_mod_ord_inverse(out, t);

if (!bn_set_words(r, out, P256_LIMBS))
goto err;

ret = 1;
err:
return ret;
}

const EC_METHOD *EC_GFp_sm2p256_method(void)
{
static const EC_METHOD ret = {
Expand All @@ -747,7 +652,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ec_GFp_simple_point_copy,
ossl_ec_GFp_simple_point_set_to_infinity,
ossl_ec_GFp_simple_point_set_affine_coordinates,
ecp_sm2p256_get_affine,
ossl_ec_GFp_simple_point_get_affine_coordinates,
0, 0, 0,
ossl_ec_GFp_simple_add,
ossl_ec_GFp_simple_dbl,
Expand All @@ -763,7 +668,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ecp_sm2p256_field_mul,
ecp_sm2p256_field_sqr,
0 /* field_div */,
0 /* field_inv */,
ossl_ec_GFp_simple_field_inv,
0 /* field_encode */,
0 /* field_decode */,
0 /* field_set_to_one */,
Expand All @@ -779,7 +684,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ecdsa_simple_sign_setup,
ossl_ecdsa_simple_sign_sig,
ossl_ecdsa_simple_verify_sig,
ecp_sm2p256_inv_mod_ord,
0, /* use constant‑time fallback for inverse mod order */
0, /* blind_coordinates */
0, /* ladder_pre */
0, /* ladder_step */
Expand Down
Loading