deps: upgrade openssl sources to openssl-3.5.4

PR-URL: #60101
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>

Author: nodejs-github-bot

deps/openssl/openssl/CHANGES.md

@@ -28,6 +28,72 @@ OpenSSL Releases
 OpenSSL 3.5
 -----------
 
+### Changes between 3.5.3 and 3.5.4 [30 Sep 2025]
+
+ * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap
+
+   Issue summary: An application trying to decrypt CMS messages encrypted using
+   password based encryption can trigger an out-of-bounds read and write.
+
+   Impact summary: This out-of-bounds read may trigger a crash which leads to
+   Denial of Service for an application. The out-of-bounds write can cause
+   a memory corruption which can have various consequences including
+   a Denial of Service or Execution of attacker-supplied code.
+
+   The issue was reported by Stanislav Fort (Aisle Research).
+
+   ([CVE-2025-9230])
+
+   *Viktor Dukhovni*
+
+ * Fix Timing side-channel in SM2 algorithm on 64 bit ARM
+
+   Issue summary: A timing side-channel which could potentially allow remote
+   recovery of the private key exists in the SM2 algorithm implementation on
+   64 bit ARM platforms.
+
+   Impact summary: A timing side-channel in SM2 signature computations on
+   64 bit ARM platforms could allow recovering the private key by an attacker.
+
+   The issue was reported by Stanislav Fort (Aisle Research).
+
+   ([CVE-2025-9231])
+
+   *Stanislav Fort and Tomáš Mráz*
+
+ * Fix Out-of-bounds read in HTTP client no_proxy handling
+
+   Issue summary: An application using the OpenSSL HTTP client API functions
+   may trigger an out-of-bounds read if the "no_proxy" environment variable is
+   set and the host portion of the authority component of the HTTP URL is an
+   IPv6 address.
+
+   Impact summary: An out-of-bounds read can trigger a crash which leads to
+   Denial of Service for an application.
+
+   The issue was reported by Stanislav Fort (Aisle Research).
+
+   ([CVE-2025-9232])
+
+   *Stanislav Fort*
+
+ * The FIPS provider no longer performs a PCT on key import for ECX keys
+   (that was introduced in 3.5.2), following the latest update
+   on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.
+
+   *Eugene Syromiatnikov*
+
+ * Fixed the length of the ASN.1 sequence for the SM3 digests of RSA-encrypted
+   signatures.
+
+   *Xiao Lou Dong Feng*
+
+ * Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release
+   builds, as it broke some exiting applications that relied on the previous
+   3.x semantics, as documented in `OpenSSL_version(3)`.
+
+   *Richard Levitte*
+
 ### Changes between 3.5.2 and 3.5.3 [16 Sep 2025]
 
  * Avoided a potential race condition introduced in 3.5.1, where
@@ -21284,6 +21350,9 @@ ndif
 
 <!-- Links -->
 
+[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
+[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
+[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
 [CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143

deps/openssl/openssl/NEWS.md

@@ -23,19 +23,46 @@ OpenSSL Releases
 OpenSSL 3.5
 -----------
 
+### Major changes between OpenSSL 3.5.3 and OpenSSL 3.5.4 [30 Sep 2025]
+
+OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this
+release is Moderate.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
+    ([CVE-2025-9230])
+
+  * Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
+    ([CVE-2025-9231])
+
+  * Fix Out-of-bounds read in HTTP client no_proxy handling.
+    ([CVE-2025-9232])
+
+  * Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release
+    builds, as it broke some exiting applications that relied on the previous
+    3.x semantics, as documented in `OpenSSL_version(3)`.
+
 ### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025]
 
-  * Added FIPS 140-3 PCT on DH key generation.
+OpenSSL 3.5.3 is a bug fix release.
+
+This release incorporates the following bug fixes and mitigations:
 
-    *Nikola Pajkovsky*
+  * Added FIPS 140-3 PCT on DH key generation.
 
   * Fixed the synthesised `OPENSSL_VERSION_NUMBER`.
 
-    *Richard Levitte*
+  * Removed PCT on key import in the FIPS provider as it is not required by
+    the standard.
 
 ### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025]
 
-  * none
+OpenSSL 3.5.2 is a bug fix release.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
 
 ### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025]
 
@@ -45,7 +72,7 @@ release is Low.
 This release incorporates the following bug fixes and mitigations:
 
   * Fix x509 application adds trusted use instead of rejected use.
-   ([CVE-2025-4575])
+    ([CVE-2025-4575])
 
 ### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025]
 
@@ -1913,6 +1940,9 @@ OpenSSL 0.9.x
   * Support for various new platforms
 
 <!-- Links -->
+[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
+[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
+[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
 [CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143

deps/openssl/openssl/VERSION.dat

@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=5
-PATCH=3
+PATCH=4
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="16 Sep 2025"
+RELEASE_DATE="30 Sep 2025"
 SHLIB_VERSION=3

deps/openssl/openssl/apps/storeutl.c

@@ -331,14 +331,22 @@ int storeutl_main(int argc, char *argv[])
 static int indent_printf(int indent, BIO *bio, const char *format, ...)
 {
     va_list args;
-    int ret;
+    int ret, vret;
+
+    ret = BIO_printf(bio, "%*s", indent, "");
+    if (ret < 0)
+        return ret;
 
     va_start(args, format);
+    vret = BIO_vprintf(bio, format, args);
+    va_end(args);
 
-    ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
+    if (vret < 0)
+        return vret;
+    if (vret > INT_MAX - ret)
+        return INT_MAX;
 
-    va_end(args);
-    return ret;
+    return ret + vret;
 }
 
 static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,

deps/openssl/openssl/crypto/bio/bss_file.c

@@ -287,7 +287,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
         if (fp == NULL) {
             ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
                            "calling fopen(%s, %s)",
-                           ptr, p);
+                           (const char *)ptr, p);
             ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB);
             ret = 0;
             break;

deps/openssl/openssl/crypto/cms/cms_pwri.c

@@ -242,7 +242,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
         /* Check byte failure */
         goto err;
     }
-    if (inlen < (size_t)(tmp[0] - 4)) {
+    if (inlen < 4 + (size_t)tmp[0]) {
         /* Invalid length value */
         goto err;
     }

deps/openssl/openssl/crypto/ec/ecp_sm2p256.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -56,10 +56,6 @@ ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = {
     0xffffffffffffffff, 0xffffffff00000000,
     0xffffffffffffffff, 0xfffffffeffffffff
 };
-ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = {
-    0x53bbf40939d54123, 0x7203df6b21c6052b,
-    0xffffffffffffffff, 0xfffffffeffffffff
-};
 
 ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0};
 
@@ -177,13 +173,6 @@ static ossl_inline void ecp_sm2p256_mod_inverse(BN_ULONG* out,
     BN_MOD_INV(out, in, ecp_sm2p256_div_by_2, ecp_sm2p256_sub, def_p);
 }
 
-/* Modular inverse mod order |out| = |in|^(-1) % |ord|. */
-static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out,
-                                                    const BN_ULONG* in) {
-    BN_MOD_INV(out, in, ecp_sm2p256_div_by_2_mod_ord, ecp_sm2p256_sub_mod_ord,
-               def_ord);
-}
-
 /* Point double: R <- P + P */
 static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P)
 {
@@ -454,52 +443,6 @@ static int ecp_sm2p256_is_affine_G(const EC_POINT *generator)
 }
 #endif
 
-/*
- * Convert Jacobian coordinate point into affine coordinate (x,y)
- */
-static int ecp_sm2p256_get_affine(const EC_GROUP *group,
-                                  const EC_POINT *point,
-                                  BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-{
-    ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0};
-
-    if (EC_POINT_is_at_infinity(group, point)) {
-        ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY);
-        return 0;
-    }
-
-    if (ecp_sm2p256_bignum_field_elem(point_x, point->X) <= 0
-        || ecp_sm2p256_bignum_field_elem(point_y, point->Y) <= 0
-        || ecp_sm2p256_bignum_field_elem(point_z, point->Z) <= 0) {
-        ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
-        return 0;
-    }
-
-    ecp_sm2p256_mod_inverse(z_inv3, point_z);
-    ecp_sm2p256_sqr(z_inv2, z_inv3);
-
-    if (x != NULL) {
-        ecp_sm2p256_mul(x_aff, point_x, z_inv2);
-        if (!bn_set_words(x, x_aff, P256_LIMBS))
-            return 0;
-    }
-
-    if (y != NULL) {
-        ecp_sm2p256_mul(z_inv3, z_inv3, z_inv2);
-        ecp_sm2p256_mul(y_aff, point_y, z_inv3);
-        if (!bn_set_words(y, y_aff, P256_LIMBS))
-            return 0;
-    }
-
-    return 1;
-}
-
 /* r = sum(scalar[i]*point[i]) */
 static int ecp_sm2p256_windowed_mul(const EC_GROUP *group,
                                     P256_POINT *r,
@@ -689,44 +632,6 @@ static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r,
     return 1;
 }
 
-static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
-                                             const BIGNUM *x, BN_CTX *ctx)
-{
-    int ret = 0;
-    ALIGN32 BN_ULONG t[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG out[P256_LIMBS] = {0};
-
-    if (bn_wexpand(r, P256_LIMBS) == NULL) {
-        ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
-        goto err;
-    }
-
-    if ((BN_num_bits(x) > 256) || BN_is_negative(x)) {
-        BIGNUM *tmp;
-
-        if ((tmp = BN_CTX_get(ctx)) == NULL
-            || !BN_nnmod(tmp, x, group->order, ctx)) {
-            ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
-            goto err;
-        }
-        x = tmp;
-    }
-
-    if (!ecp_sm2p256_bignum_field_elem(t, x)) {
-        ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
-        goto err;
-    }
-
-    ecp_sm2p256_mod_ord_inverse(out, t);
-
-    if (!bn_set_words(r, out, P256_LIMBS))
-        goto err;
-
-    ret = 1;
-err:
-    return ret;
-}
-
 const EC_METHOD *EC_GFp_sm2p256_method(void)
 {
     static const EC_METHOD ret = {
@@ -747,7 +652,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
         ossl_ec_GFp_simple_point_copy,
         ossl_ec_GFp_simple_point_set_to_infinity,
         ossl_ec_GFp_simple_point_set_affine_coordinates,
-        ecp_sm2p256_get_affine,
+        ossl_ec_GFp_simple_point_get_affine_coordinates,
         0, 0, 0,
         ossl_ec_GFp_simple_add,
         ossl_ec_GFp_simple_dbl,
@@ -763,7 +668,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
         ecp_sm2p256_field_mul,
         ecp_sm2p256_field_sqr,
         0 /* field_div */,
-        0 /* field_inv */,
+        ossl_ec_GFp_simple_field_inv,
         0 /* field_encode */,
         0 /* field_decode */,
         0 /* field_set_to_one */,
@@ -779,7 +684,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
         ossl_ecdsa_simple_sign_setup,
         ossl_ecdsa_simple_sign_sig,
         ossl_ecdsa_simple_verify_sig,
-        ecp_sm2p256_inv_mod_ord,
+        0, /* use constant‑time fallback for inverse mod order */
         0, /* blind_coordinates */
         0, /* ladder_pre */
         0, /* ladder_step */