openssl speed: add benchmarking support for ML-KEM
Add support for benchmarking ML-KEM key encapsulation mechanisms to
openssl speed. The following operations are measured:
- key generation
- encapsulation
- decapsulation
Two parameter sets are supported:
mlkem768
mlkem1024
The benchmark can be invoked using the following options:
mlkem run all ML-KEM benchmarks
mlkem768 run ML-KEM-768 benchmarks
mlkem1024 run ML-KEM-1024 benchmarks
[6 lines not shown]
sync with Mozilla root CA store, ok tb@
- remove CommScope CA (they requested it themselves;
https://bugzilla.mozilla.org/show_bug.cgi?id=1994866)
- add new cert:
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno TLS Root CA 2023
the "@pkgpath textproc/libxml,-python" marker by itself isn't enough to merge
any (now removed) py3-libxml-* packages into libxml, so python 3.12 -> 3.13
updates (i.e. openbsd 7.8 -> -current) were still failing. Add an @conflict
as well to force the old package to be removed.
/dev/null is no longer implicitly permitted by some pledges, so explicitly
unveil it. fixes calendar -a. ok deraadt
calendar also needs to unveil cpp / sendmail, I forgot to make install
when I was testing :( from James J. Lippard
sendmail/cpp only need "x" no "rx" unveil; ok deraadt
from sthen@
this is errata/7.7/029_calendar.patch.sig
/dev/null is no longer implicitly permitted by some pledges, so explicitly
unveil it. fixes calendar -a. ok deraadt
calendar also needs to unveil cpp / sendmail, I forgot to make install
when I was testing :( from James J. Lippard
sendmail/cpp only need "x" no "rx" unveil; ok deraadt
from sthen@
this is errata/7.8/023_calendar.patch.sig
Update libexpat to version 2.7.5.
Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
other changes #1156 #1153. Library bump is not necessary.
CVE-2026-32776CVE-2026-32777CVE-2026-32778
tested and OK tb@