Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)

Limited the number of nodes created in a policy tree (CVE-2023-0464).

Fixed two high vulnerability buffer overflows in punycode decoding functions, CVE-2022-3786 and CVE-2022-3602.

Added RIPEMD160 to the default provider.

Other minor bug fixes.

Fix BN_gcd to check return value when calling BN_one.

Add a check for the return of i2s_ASN1_INTEGER.

Fix X509v3_addr_add_range, X509v3_addr_canonize, and X509v3_addr_is_canonical to return the correct result.

Fix memory leak in EC_GROUP_new_from_ecparameters.

Add and improve various checks.

Minor bug fixes.

Add some constants and functions, mainly related to EVP_KEYEXCH… and X509v3_addr….

Fixed a bug in the function OCSP_basic_verify that verifies the signer certificate on an OCSP response. The bug caused the function in the case where the (non-default) flag OCSP_NOCHECKS is used to return a postivie response (meaning a successful verification) even in the case where the response signing certificate fails to verify.

Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key. This made the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check.

Fix a bug in the OPENSSL_LH_flush function that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time.

Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3.

Fixed PEM_write_bio_PKCS8PrivateKey to make it possible to use empty passphrase strings.

The negative return value handling of the certificate verification callback was reverted. The replacement is to set the verification retry state with the SSL_set_retry_verify function.

Fixed invalid handling of X509_verify_cert internal errors (CVE-2021-4044).

Fixed EVP_PKEY_eq to make it possible to use it with strictly private keys.

Fixed PVK encoder to properly query for the passphrase.

Multiple fixes in the OSSL_HTTP API functions.

Allow sign extension in OSSL_PARAM_allocate_from_text for the OSSL_PARAM_INTEGER_ data type and return error on negative numbers used with the OSSL_PARAM_UNSIGNED_INTEGER_ data type. Make OSSL_PARAM_BLD_push_BN and OSSL_PARAM_BLD_push_BN_pad return an error on negative numbers.

Allow copying uninitialized digest contexts with EVP_MD_CTX_copy_ex.

Multiple threading fixes.

Added NULL digest implementation to keep compatibility with 1.1.1 version.

Allow fetching an operation from the provider that owns an unexportable key as a fallback if that is still allowed by the property query.