### Changes between 3.5.2 and 3.5.3 [xx XXX xxxx]
+ * Avoided a potential race condition introduced in 3.5.1, where
+ `OSSL_STORE_CTX` kept open during lookup while potentially being used
+ by multiple threads simultaneously, that could lead to potential crashes
+ when multiple concurrent TLS connections are served.
+
+ *Matt Caswell*
+
+ * The FIPS provider no longer performs a PCT on key import for RSA, DH,
+ and EC keys (that was introduced in 3.5.2), following the latest update
+ on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.
+
+ *Dr Paul Dale*
+
+ * Secure memory allocation calls are no longer used for HMAC keys.
+
+ *Dr Paul Dale*
+
+ * `openssl req` no longer generates certificates with an empty extension list
+ when SKID/AKID are set to `none` during generation.
+
+ *David Benjamin*
+
+ * The man page date is now derived from the release date provided
+ in `VERSION.dat` and not the current date for the released builds.
+
+ *Enji Cooper*
+
* Hardened the provider implementation of the RSA public key "encrypt"
operation to add a missing check that the caller-indicated output buffer
size is at least as large as the byte count of the RSA modulus. The issue
*Viktor Dukhovni*
- * Added PCT for key import for SLH-DSA when in FIPS mode.
-
- *Dr Paul Dale*
-
* Added FIPS 140-3 PCT on DH key generation.
*Nikola Pajkovsky*
### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [under development]
- * Added PCT for key import for SLH-DSA when in FIPS mode.
-
- *Dr Paul Dale*
-
* Added FIPS 140-3 PCT on DH key generation.
*Nikola Pajkovsky*
projects / thirdparty / openssl.git / commitdiff
