Rebasing to OpenSSL 3.5.1
97797
98723
99352

Compact patches for better maintainability
80854
Make hybrid MLKEM work with our FIPS provider (3.0.7)
95239

Fix regressions caused by rebase to OpenSSL 3.5
80854

OpenSSL ignores "rh-allow-sha1-signatures = yes" option on RHEL-9
88910
PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9
88912
Fix `openssl speed` running in FIPS mode
89860
pkeyutl ecdsa signature with sha1 shouldn't work by default
89861
Expose settable params for EVP_SKEY
89862
Restore RHEL9-style indicators defines
89859
Enable sslkeylog support
90854

Rebasing OpenSSL to 3.5
80854
50208
50210
50211
85954

RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
76756

rebuilt
55339

Fix CVE-2024-6119: Possible denial of service in X.509 name checks
55339

Fix CVE-2024-5535: SSL_select_next_proto buffer overread
45657

Replace HKDF backward compatibility patch with the official one
40823

Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
40823

Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741,
32148
36792
38514
39111

Update RNG changing for FIPS purpose
35380

Rebasing OpenSSL to 3.2.1
26271

Use certified FIPS module instead of freshly built one in Red Hat distribution
23474

Avoid implicit function declaration when building openssl
1780
In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
17104
Add a directory for OpenSSL providers configuration
17193
Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
19515
POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
21151
Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
21654
SSL ECDHE Kex fails when pkcs11 engine is set in config file
20249
Denial of service via null dereference in PKCS#12
22486
Use certified FIPS module instead of freshly built one in Red Hat distribution
23474