Fixed X.509 Name Constraints Read Buffer Overflow
2022-4203
Fixed Timing Oracle in RSA Decryption
2022-4304
Fixed Double free after calling PEM_read_bio_ex
2022-4450
Fixed Use-after-free following BIO_new_NDEF
2023-0215
Fixed Invalid pointer dereference in d2i_PKCS7 functions
2023-0216
Fixed NULL dereference validating DSA public key
2023-0217
Fixed X.400 address type confusion in X.509 GeneralName
2023-0286
Fixed NULL dereference during PKCS7 data verification
2023-0401

Disallow SHAKE in RSA-OAEP decryption in FIPS mode

Refactor OpenSSL fips module MAC verification

Various provider-related imrovements necessary for PKCS#11 provider correct operations
We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
Removed recommended package for openssl-libs
Adjusting include for the FIPS_mode macro
Backport of ppc64le Montgomery multiply enhancement
Fix explicit indicator for PSS salt length in FIPS mode when used with
Update change to default PSS salt length with patch state from upstream

Rebasing to OpenSSL 3.0.7

SHAKE-128/256 are not allowed with RSA in FIPS mode
Avoid memory leaks in TLS
FIPS RSA CRT tests must use correct parameters
FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
Remove support for X9.31 signature padding in FIPS mode
Add explicit indicator for SP 800-108 KDFs with short key lengths
Add explicit indicator for HMAC with short key lengths
Set minimum password length for PBKDF2 in FIPS mode
Add explicit indicator for PSS salt length in FIPS mode
Clamp default PSS salt length to digest size for FIPS 186-4 compliance
Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode

CVE-2022-3602: X.509 Email Address Buffer Overflow
CVE-2022-3786: X.509 Email Address Buffer Overflow
2022-3602

CVE-2022-3602: X.509 Email Address Buffer Overflow
2022-3602 (rhbz#2137723)

Zeroize public keys as required by FIPS 140-3
Add FIPS indicator for HKDF

Deal with DH keys in FIPS mode according FIPS-140-3 requirements
Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
Use signature for RSA pairwise test according FIPS-140-3 requirements
Reseed all the parent DRBGs in chain on reseeding a DRBG

Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test
Use Use digest_sign & digest_verify in FIPS signature self test
Use FFDHE2048 in Diffie-Hellman FIPS self-test

Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously
Improve AES-GCM performance on Power9 and Power10 ppc64le
Improve ChaCha20 performance on Power10 ppc64le

CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
2022-2097

Ciphersuites with RSAPSK KX should be filterd in FIPS mode
Related: rhbz#2085088
FIPS provider should block RSA encryption for key transport.
Other RSA encryption options should still be available if key length is enough
Related: rhbz#2053289
Improve diagnostics when passing unsupported groups in TLS
Related: rhbz#2070197
Fix PPC64 Montgomery multiplication bug
Related: rhbz#2098199
Strict certificates validation shouldn't allow explicit EC parameters
Related: rhbz#2058663
CVE-2022-2068: the c_rehash script allows command injection
Related: rhbz#2098277

Add explicit indicators for signatures in FIPS mode and mark signature

Some OpenSSL test certificates are expired, updating
Resolves: rhbz#2092456