Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
2022-2097
Update expired certificates used in the testsuite
Fix CVE-2022-1292: openssl: c_rehash script allows command injection
Fix CVE-2022-2068: the c_rehash script allows command injection

Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Resolves: rhbz#2067145

Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
Resolves: rhbz#2005402

Fixes bugs in s390x AES code.
Uses the first detected address family if IPv6 is not available
Reverts the changes in https://github.com/openssl/openssl/pull/13305
https://trac.nginx.org/nginx/ticket/2071#comment:1
879939938, nginx
Resolves: rhbz#1978214
Related: rhbz#1934534

Cleansup the peer point formats on renegotiation
Resolves rhbz#1965362

Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085
Using safe primes for FIPS DH self-test

Update to version 1.1.1k

Use AI_ADDRCONFIG only when explicit host name is given
Allow only curves defined in RFC 8446 in TLS 1.3

Remove 2-key 3DES test from FIPS_selftest

Fix CVE-2021-3450 openssl: CA certificate check bypass with
Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing

Fix CVE-2020-1971 ediparty null pointer dereference

Implemented new FIPS requirements in regards to KDF and DH selftests
Disallow certificates with explicit EC parameters

Further changes for SP 800-56A rev3 requirements

Rewire FIPS_drbg API to use the RAND_DRBG
Use the well known DH groups in TLS even for 2048 and 1024 bit parameters

Disallow dropping Extended Master Secret extension
Return alert from s_server if ALPN protocol does not match
SHA1 is allowed in @SECLEVEL=2 only if allowed by

Add FIPS selftest for PBKDF2 and KBKDF