openssl-3.5.4

[Bruce Dubbs]

New point version.

[Bruce Dubbs]

Changes between 3.5.2 and 3.5.3 [16 Sep 2025]

• Avoided a potential race condition introduced in 3.5.1, where OSSL_STORE_CTX kept open during lookup while potentially being used by multiple threads simultaneously, that could lead to potential crashes when multiple concurrent TLS connections are served.

• The FIPS provider no longer performs a PCT on key import for RSA, DH, and EC keys (that was introduced in 3.5.2), following the latest update on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.

• Secure memory allocation calls are no longer used for HMAC keys.

• openssl req no longer generates certificates with an empty extension list when SKID/AKID are set to none during generation.

• The man page date is now derived from the release date provided in VERSION.dat and not the current date for the released builds.

• Hardened the provider implementation of the RSA public key "encrypt" operation to add a missing check that the caller-indicated output buffer size is at least as large as the byte count of the RSA modulus. The issue was reported by Arash Ale Ebrahim from SYSPWN.

This operation is typically invoked via EVP_PKEY_encrypt(3). Callers that in fact provide a sufficiently large buffer, but fail to correctly indicate its size may now encounter unexpected errors. In applications that attempt RSA public encryption into a buffer that is too small, an out-of-bounds write is now avoided and an error is reported instead.

• Added FIPS 140-3 PCT on DH key generation.

• Fixed the synthesised OPENSSL_VERSION_NUMBER.

[Xi Ruoyao]

Note that if upgrading from 3.5.2 (and maybe other versions) to 3.5.3, openssh would need a rebuild because OPENSSL_VERSION_NUMBER was incorrect before 3.5.2, so openssh would believe it was built with an openssl pre-release but now running with a formal release, and error out.

[Bruce Dubbs]

Fixed at commit 9e2fa9a05d3

Update to vim-9.1.1806.
Update to iana-etc-20250926.
Update to coreutils-9.8.
Update to expat-2.7.3 (Security release).
Update to linux-6.16.9.
Update to markupsafe-3.0.3.
Update to meson-1.9.1.
Update to openssl-3.5.3.
Update to util-linux-2.41.2.

[Douglas R. Reno]

Changes and CVEs fixed in 3.5.4:

    CVE-2025-9230 - Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
    CVE-2025-9231 - Fix Timing side-channel in SM2 algorithm on 64-bit ARM.
    CVE-2025-9232 - Fix Out-of-bounds read in HTTP client no_proxy handling.
    Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release builds, as it 
broke some existing applications that relied on the previous 3.x semantics, as 
documented in OpenSSL_version(3).

[Xi Ruoyao]

Replying to Xi Ruoyao:

Note that if upgrading from 3.5.2 (and maybe other versions) to 3.5.3, openssh would need a rebuild because OPENSSL_VERSION_NUMBER was incorrect before 3.5.2, so openssh would believe it was built with an openssl pre-release but now running with a formal release, and error out.

Not needed for 3.5.4 as they introduced back the bug for "bug compatibility." But if you already updated to 3.5.3 you need to rebuild OpenSSH again :(.

[Douglas R. Reno]

Good catch! I'll go adjust my staged security advisory to remove the section about needing to rebuild it :(

[Douglas R. Reno]

Fixed at 5abea1ab6da05a25f5c62a64c7c9c69b6e2b540f

SA-12.4-012 issued