OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Possible DoS translating ASN.1 object identifiers * openssl: Denial of service by excessive resource usage in verifying X509 policy constraints * openssl: Invalid certificate policies in leaf certificates are silently ignored * openssl: Certificate policy check not enabled * openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * In FIPS mode, openssl KDFs should only allow selected hash algorithms * In FIPS mode, openssl should reject short KDF input or output keys or provide an indicator * In FIPS mode, openssl should provide an indicator for AES-GCM to query whether the IV was generated internally or provided externally * openssl FIPS mode self-test should zeroize `out` in `verify_integrity` in providers/fips/self_test.c * In FIPS mode, openssl should not support RSA encryption or decryption without padding or provide an indicator * In FIPS mode, openssl should reject EVP_PKEY_fromdata for short DHX keys, or provide an indicator * In FIPS mode, openssl should not use the legacy ECDSA_do_sign, RSA_public_encrypt, RSA_private_decrypt functions for pairwise consistency tests * In FIPS mode, openssl should enter error state when DH PCT fails * In FIPS mode, openssl should always run the PBKDF2 lower bounds checks or provide an indicator when the pkcs5 parameter is set to 1 * Support requiring EMS in TLS 1.2, default to it when in FIPS mode * OpenSSL rsa_verify_recover doesn"t use the same key checks as rsa_verify in FIPS mode * RHEL9.0 - sshd dumps core when ibmca engine is configured with default_algorithms = CIPHERS or ALL