OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS * openssl: OPENSSL_LH_flush breaks reuse of memory * openssl: the c_rehash script allows command injection * openssl: AES OCB fails to encrypt some bytes For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * openssl occasionally sends internal error to gnutls when using FFDHE * openssl req defaults to 3DES * OpenSSL accepts custom elliptic curve parameters when p is large [rhel-9] * OpenSSL mustn"t work with ECDSA with explicit curve parameters in FIPS mode * openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 * Converting FIPS power-on self test to KAT * Small RSA keys work for some operations in FIPS mode * FIPS provider doesn"t block RSA encryption for key transport * OpenSSL testsuite certificates expired * [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL * [FIPS lab review] self-test * [FIPS lab review] DH tuning * [FIPS lab review] EC tuning * [FIPS lab review] RSA tuning * [FIPS lab review] RAND tuning * [FIPS lab review] zeroization * [FIPS lab review] HKDF limitations