EVP_SKEY (Symmetric KEY) structure to represent symmetric keys as opaque objects. Unlike raw keys, which are represented by a byte array, the key structure in EVP_SKEY is abstracted and contains additional metadata. EVP_SKEY can be used in encryption, key exchange, and key derivation (KDF) functions. The functions EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() have been added to work with EVP_SKEY keys;
Added support for verifying digital signatures based on the LMS (Leighton-Micali Signatures) scheme, which uses hash functions and tree-based hashing in the form of a Merkle Tree (each branch verifies all underlying branches and nodes). LMS digital signatures are resistant to quantum computer attacks and are designed to ensure the integrity of firmware and applications;
Added support for NIST security categories for PKEY object parameters (public and private keys). The security category is set via the security-category setting. The EVP_PKEY_get_security_category() function has been added to check the security level. The security level reflects resistance to quantum computer attacks and can take integer values from 0 to 5:
0 - implementation not resistant to quantum computer attacks;
1/3/5 - implementation does not preclude a quantum computer search for a key in a block cipher with a 128/192/256-bit key;
2/4 - implementation does not preclude a quantum computer search for a collision in a 256/384-bit hash).
0 - implementation not resistant to quantum computer attacks;
1/3/5 - implementation does not preclude a quantum computer search for a key in a block cipher with a 128/192/256-bit key;
2/4 - implementation does not preclude a quantum computer search for a collision in a 256/384-bit hash).
Added the openssl configutl command to process configuration files. The utility allows generating a consolidated file with all settings from a multi-file configuration with include directives;
Added support for deterministic ECDSA digital signature generation to the FIPS crypto provider (the same signature is generated for the same input data), in accordance with the FIPS 186-5 standard requirements;
Increased build environment requirements. A toolchain with ANSI-C support is no longer sufficient to build OpenSSL; a C-99 compliant compiler is now required;
Support for the VxWorks platform has been discontinued.
The new version of the project fixes the following vulnerabilities:
CVE-2025-9230 — a vulnerability in the decryption code for CMS messages encrypted with a password (PWRI). The vulnerability can lead to an out-of-bounds write and read, allowing an attacker to cause a crash or memory corruption in an application that uses OpenSSL to process CMS messages. Exploitation for code execution is not ruled out, but the severity of the issue is reduced by the fact that password-based encryption of CMS messages is very rarely used in practice. In addition to OpenSSL 3.6.0, the vulnerability is fixed in OpenSSL releases 3.5.4, 3.4.3, 3.3.5, 3.2.6, and 3.0.18. The issue has also been fixed in updates to LibreSSL 4.0.1 and 4.1.1, developed by the OpenBSD project;
CVE-2025-9231 — the implementation of the SM2 algorithm is vulnerable to a side-channel attack that allows an attacker on systems with 64-bit ARM CPUs to reconstruct the private key by analyzing timing variations of specific computations. The attack could potentially be carried out remotely. The severity of the attack is reduced by the fact that OpenSSL does not directly support the use of certificates with SM2 keys in TLS;
CVE-2025-9232 — a vulnerability in the built-in HTTP client implementation that leads to an out-of-bounds read when processing a specially crafted URL in HTTP Client functions. The issue only manifests when the no_proxy environment variable is set and can lead to an application crash.