From: Eugene Syromiatnikov Date: Tue, 30 Sep 2025 09:32:48 +0000 (+0200) Subject: CHANGES.md: update for 3.4.3 X-Git-Tag: openssl-3.4.3~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=124edf895154a704437cf51d8f1f4a1baf244f16;p=thirdparty%2Fopenssl.git CHANGES.md: update for 3.4.3 3.4.3 CHANGES.md includes the following: * https://github.com/openssl/openssl/pull/28198 * https://github.com/openssl/openssl/pull/28398 * https://github.com/openssl/openssl/pull/28411 * https://github.com/openssl/openssl/pull/28415 * https://github.com/openssl/openssl/pull/28449 Release: Yes Signed-off-by: Eugene Syromiatnikov Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz --- diff --git a/CHANGES.md b/CHANGES.md index 321ed67ac00..b67d0fb00de 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -76,6 +76,27 @@ OpenSSL 3.4 *Stanislav Fort* + * Avoided a potential race condition introduced in 3.4.2, where + `OSSL_STORE_CTX` kept open during lookup while potentially being used + by multiple threads simultaneously, that could lead to potential crashes + when multiple concurrent TLS connections are served. + + *Matt Caswell* + + * Secure memory allocation calls are no longer used for HMAC keys. + + *Dr Paul Dale* + + * `openssl req` no longer generates certificates with an empty extension list + when SKID/AKID are set to `none` during generation. + + *David Benjamin* + + * The man page date is now derived from the release date provided + in `VERSION.dat` and not the current date for the released builds. + + *Enji Cooper* + * Hardened the provider implementation of the RSA public key "encrypt" operation to add a missing check that the caller-indicated output buffer size is at least as large as the byte count of the RSA modulus. The issue @@ -89,6 +110,11 @@ OpenSSL 3.4 *Viktor Dukhovni* + * Fixed the length of the ASN.1 sequence for the SM3 digests of RSA-encrypted + signatures. + + *Xiao Lou Dong Feng* + ### Changes between 3.4.1 and 3.4.2 [1 Jul 2025] * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation