openssl 发行版 - Gitee.com

openssl-3.5.2

2025-09-03 11:19

## 更新内容
* Prepare for release of 3.5.2
* make update
* Copyright year updates
* Revert "Pairwise check for DH keys import as part of FIPS"
* dh: add extra argument to ossl_dh_check_pairwise
* dh: add FIPS 140-3 PCT on key import.
* fips: add DH PCT name
* changes: add note about PCT on key import to the FIPS provider
* rsa (fips): add PCT for key import
* ec (fips): add PCT for key import
* ecx (fips): add PCT for key import
* rsa: expose pairwise consistency test API
* apps/asn1parse.c: correct help text order for -genstr option
* fuzz/dtlsserver.c: Remove incorrect ifdef guard
* Only report generic error if provider did not put an error on the error queue
* Make ERR_count_to_mark() available to providers via 'in' dispatch array
* Pairwise check for DH keys import as part of FIPS
* Update dh_pub to be pairwise consistent with dh_priv
* test-ec: Skip SM2 key import test if SM2 is disabled
* Backport of the fix #27506 (empty IDP causes error) to the version 3.5.
* - adding a missing file
* - changes suggested by @t8m
* - fix RFC reference and indentation
* Update ssl/quic/quic_ackm.c
* Update ssl/quic/quic_ackm.c
* ACK manager must avoid infinite probe time when waiting handshake confirmation
* Add a test of 'openssl storeutl' with a BER-encoded PKCS#12 file
* Fix OSSL_STORE to consider cached info in the EOF check.
* sm2: sm2_sign.c: check EC_KEY_get0_private_key() for NULL in sm2_sig_gen()
* fix SM2 privatekey decode(PEM format, ECPrivateKey).
* openssl rand command should use the loaded library context
* Raise PROV_R_NULL_OUTPUT_BUFFER if shsec is NULL in ml_kem_encapsulate()
* Add CODEOWNERS file
* pin GitHub Actions revisions from untrusted vendors
* Update container images in OS Zoo CI workflow
* sec_mem: add note about the perf implications
* ci: enable lms only on master
* Add note about use of EVP_PKEY in different libctxs
* PEM_read_CMS.pod: Correct the deprecation notice
* test/quic-openssl-docker/hq-interop/quic-hq-interop.c: Move BIO_free()…
* QUIC receiver may accidentally ACK packet it fails to process
* Fixup non-optional use of IO::Socket::IP
* crypto/slh_dsa/slh_hash.c: Add check for EVP_MD_get_size()
* The check-ansi job is failing in the openssl-3.5 branch as a result of…
* Remove unused data from self test.
* Update FIPS provider doc to match the current code.
* demos/cms/cms_denc.c: Add check for BIO_new_file()
* demos/cms/cms_ddec.c: Replace "in" with "dcont" to correctly check the…
* Fix internal documentation of ossl_namemap_num2name()
* decoders: Fix prioritization of decoders via property query

**完整的更新日志**: https://gitee.com/Snowdreams01/openssl/compare/openssl-3.0.17...openssl-3.5.2

最后提交信息为： Prepare for release of 3.5.2

openssl-3.3.2

fb7fab9

2024-09-25 20:08

OpenSSL 3.3.2

## 更新内容
* Prepare for release of 3.3.2
* make update
* Copyright year updates
* Add CVE-2024-5535 to CHANGES and NEWS
* Updated CHANGES and NEWS for CVE-2024-6119 fix
* Avoid type errors in EAI-related name check logic.
* endecode_test.c: Fix !fips v3.0.0 check
* exporters for pkg-config: align with the changes for CMake
* endecode_test.c: Avoid running the SM2 tests with 3.0.0 FIPS provider
* Check for excess data in CertificateVerify
* doc: Document properties param for Argon2 KDF
* Fix decoder error on SM2 private key
* fix: for exporters to work for build config, there may be two include dirs
* fix: exporters/cmake/OpenSSLConfig.cmake.in to work for build config
* FIPS: Change fips tests to use SHA2 for corruption test.
* Fix error handling in OBJ_add_object
* apps: add missing entry to tls extension label list
* Fix '--strict-warnings' build breakage
* test/provider_test.c: Add OSSL_PROVIDER_unload() to avoid memory leak
* test/provider_fallback_test.c: Add OSSL_PROVIDER_unload() to avoid memory leak
* Link to the place where signature options are defined
* Explicitly include e_os.h for close()
* test: add a default greeting to avoid printing a null pointer.
* RAND_write_file(): Avoid potential file descriptor leak
* Fix unpredictible refcount handling of d2i functions
* Extend test case for reused PEM_ASN1_read_bio
* apps/cms.c, apps/smime.c: Fix -crlfeol help messages
* Fix SSL_CTX_set1_groups documentation on preference orders
* Update krb5 to latest master to pick up CVE fixes
* test: add FIPS provider version checks for 3.4 compatibility
* limit bignums to 128 bytes
* Update BN_add.pod documentation so it is consistent with header declarations
* rsa_pss_compute_saltlen(): Avoid integer overflows and check MD and RSA sizes
* do_print_ex(): Avoid possible integer overflow
* Fix typos found by codespell in openssl-3.3 doc
* Use parent directory instead of index.html
* Update links in CONTRIBUTING.md
* Fix some small typos
* Do not implicitly start connection with SSL_handle_events() or SSL_poll()
* Return infinity time from SSL_get_event_timeout when the connection is…
* Do not falsely start the connection through SSL_pending()/_has_pending()
* fix: util/mkinstallvars.pl mistreated LDLIBS on Unix (and Windows)
* Free fetched digest in show_digests
* evp_get_digest/cipherbyname_ex(): Try to fetch if not found
* Avoid leaking *ba_ret on reconnections
* Update X509V3_get_d2i.pod returned pointer needs to be freed
* i2d_name_canon(): Check overflow in len accumulation
* gitignore: add .DS_Store
* Allow short reads in asn1_d2i_read_bio()
* Improve clarity and readability of password input documentation

**完整的更新日志**: https://gitee.com/Snowdreams01/openssl/compare/openssl-3.0.14...openssl-3.3.2

最后提交信息为： Prepare for release of 3.3.2