From: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue, 14 Oct 2025 16:32:06 +0000 (+0200)
Subject: openssl: Update to version 3.6.0
X-Git-Tag: v2.29-core199~17^2~163
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39fd5ed1d733fb5b9880cdecd173fb334d248e33;p=ipfire-2.x.git

openssl: Update to version 3.6.0

- Update from version 3.5.4 to 3.6.0
- Update of rootfile
- The changelog mentions that some changes might be significant or incompatible in
   certain situations. I had a look through it and didn't believe that these would
   apply to IPFire but it would be good for someone else to confirm.
- What I did do was to install this version of openssl into my vm testbed and then
   tested out running openvpn rw & n2n. Everything worked fine.
- I then cleared the x509 root/host certificate set and then created a new one followed
   by new client certificates. All these were successfully created without any issues.
- Changelog
    3.6.0
	Feature release adding significant new functionality to OpenSSL.
	This release incorporates the following potentially significant or incompatible
	 changes:
	    Added NIST security categories for PKEY objects.
	    Added support for EVP_SKEY opaque symmetric key objects to the key
	     derivation and key exchange provider methods. Added EVP_KDF_CTX_set_SKEY(),
	     EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() functions.
	    Added LMS signature verification support as per [SP 800-208]..
	     This support is present in both the FIPS and default providers.
	    An ANSI-C toolchain is no longer sufficient for building OpenSSL.
	     The code should be built using compilers supporting C-99 features.
	    Support for the VxWorks platforms has been removed.
	    Added an openssl configutl utility for processing the OpenSSL
	     configuration file and dumping the equal configuration file.
	    Added support for FIPS 186-5 deterministic ECDSA signature
	     generation to the FIPS provider.
	    Deprecated EVP_PKEY_ASN1_METHOD-related functions.

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index 5374f5e65..2052f8284 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -185,6 +185,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man1/openssl-cmds.html
 #usr/share/doc/openssl/html/man1/openssl-cmp.html
 #usr/share/doc/openssl/html/man1/openssl-cms.html
+#usr/share/doc/openssl/html/man1/openssl-configutl.html
 #usr/share/doc/openssl/html/man1/openssl-crl.html
 #usr/share/doc/openssl/html/man1/openssl-crl2pkcs7.html
 #usr/share/doc/openssl/html/man1/openssl-dgst.html
@@ -985,6 +986,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man7/EVP_PKEY-EC.html
 #usr/share/doc/openssl/html/man7/EVP_PKEY-FFC.html
 #usr/share/doc/openssl/html/man7/EVP_PKEY-HMAC.html
+#usr/share/doc/openssl/html/man7/EVP_PKEY-LMS.html
 #usr/share/doc/openssl/html/man7/EVP_PKEY-ML-DSA.html
 #usr/share/doc/openssl/html/man7/EVP_PKEY-ML-KEM.html
 #usr/share/doc/openssl/html/man7/EVP_PKEY-RSA.html
@@ -1003,6 +1005,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-ECDSA.html
 #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-ED25519.html
 #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-HMAC.html
+#usr/share/doc/openssl/html/man7/EVP_SIGNATURE-LMS.html
 #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-ML-DSA.html
 #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-RSA.html
 #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-SLH-DSA.html
@@ -1113,6 +1116,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man1/openssl-cmds.1ossl
 #usr/share/man/man1/openssl-cmp.1ossl
 #usr/share/man/man1/openssl-cms.1ossl
+#usr/share/man/man1/openssl-configutl.1ossl
 #usr/share/man/man1/openssl-crl.1ossl
 #usr/share/man/man1/openssl-crl2pkcs7.1ossl
 #usr/share/man/man1/openssl-dgst.1ossl
@@ -1829,10 +1833,16 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/CMS_ReceiptRequest_new.3ossl
 #usr/share/man/man3/CMS_RecipientInfo_decrypt.3ossl
 #usr/share/man/man3/CMS_RecipientInfo_encrypt.3ossl
+#usr/share/man/man3/CMS_RecipientInfo_kari_get0_ctx.3ossl
 #usr/share/man/man3/CMS_RecipientInfo_kari_set0_pkey.3ossl
 #usr/share/man/man3/CMS_RecipientInfo_kari_set0_pkey_and_peer.3ossl
 #usr/share/man/man3/CMS_RecipientInfo_kekri_get0_id.3ossl
 #usr/share/man/man3/CMS_RecipientInfo_kekri_id_cmp.3ossl
+#usr/share/man/man3/CMS_RecipientInfo_kemri_cert_cmp.3ossl
+#usr/share/man/man3/CMS_RecipientInfo_kemri_get0_ctx.3ossl
+#usr/share/man/man3/CMS_RecipientInfo_kemri_get0_kdf_alg.3ossl
+#usr/share/man/man3/CMS_RecipientInfo_kemri_set0_pkey.3ossl
+#usr/share/man/man3/CMS_RecipientInfo_kemri_set_ukm.3ossl
 #usr/share/man/man3/CMS_RecipientInfo_ktri_cert_cmp.3ossl
 #usr/share/man/man3/CMS_RecipientInfo_ktri_get0_signer_id.3ossl
 #usr/share/man/man3/CMS_RecipientInfo_set0_key.3ossl
@@ -1937,6 +1947,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/CRYPTO_THREAD_unlock.3ossl
 #usr/share/man/man3/CRYPTO_THREAD_write_lock.3ossl
 #usr/share/man/man3/CRYPTO_aligned_alloc.3ossl
+#usr/share/man/man3/CRYPTO_aligned_alloc_array.3ossl
 #usr/share/man/man3/CRYPTO_alloc_ex_data.3ossl
 #usr/share/man/man3/CRYPTO_atomic_add.3ossl
 #usr/share/man/man3/CRYPTO_atomic_add64.3ossl
@@ -1945,8 +1956,10 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/CRYPTO_atomic_load_int.3ossl
 #usr/share/man/man3/CRYPTO_atomic_or.3ossl
 #usr/share/man/man3/CRYPTO_atomic_store.3ossl
+#usr/share/man/man3/CRYPTO_calloc.3ossl
 #usr/share/man/man3/CRYPTO_clear_free.3ossl
 #usr/share/man/man3/CRYPTO_clear_realloc.3ossl
+#usr/share/man/man3/CRYPTO_clear_realloc_array.3ossl
 #usr/share/man/man3/CRYPTO_free.3ossl
 #usr/share/man/man3/CRYPTO_free_ex_data.3ossl
 #usr/share/man/man3/CRYPTO_free_ex_index.3ossl
@@ -1956,6 +1969,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/CRYPTO_get_ex_new_index.3ossl
 #usr/share/man/man3/CRYPTO_get_mem_functions.3ossl
 #usr/share/man/man3/CRYPTO_malloc.3ossl
+#usr/share/man/man3/CRYPTO_malloc_array.3ossl
 #usr/share/man/man3/CRYPTO_malloc_fn.3ossl
 #usr/share/man/man3/CRYPTO_mem_ctrl.3ossl
 #usr/share/man/man3/CRYPTO_mem_debug_pop.3ossl
@@ -1966,11 +1980,14 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/CRYPTO_memcmp.3ossl
 #usr/share/man/man3/CRYPTO_new_ex_data.3ossl
 #usr/share/man/man3/CRYPTO_realloc.3ossl
+#usr/share/man/man3/CRYPTO_realloc_array.3ossl
 #usr/share/man/man3/CRYPTO_realloc_fn.3ossl
 #usr/share/man/man3/CRYPTO_secure_allocated.3ossl
+#usr/share/man/man3/CRYPTO_secure_calloc.3ossl
 #usr/share/man/man3/CRYPTO_secure_clear_free.3ossl
 #usr/share/man/man3/CRYPTO_secure_free.3ossl
 #usr/share/man/man3/CRYPTO_secure_malloc.3ossl
+#usr/share/man/man3/CRYPTO_secure_malloc_array.3ossl
 #usr/share/man/man3/CRYPTO_secure_malloc_done.3ossl
 #usr/share/man/man3/CRYPTO_secure_malloc_init.3ossl
 #usr/share/man/man3/CRYPTO_secure_malloc_initialized.3ossl
@@ -2699,9 +2716,11 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/EVP_KDF_CTX_kdf.3ossl
 #usr/share/man/man3/EVP_KDF_CTX_new.3ossl
 #usr/share/man/man3/EVP_KDF_CTX_reset.3ossl
+#usr/share/man/man3/EVP_KDF_CTX_set_SKEY.3ossl
 #usr/share/man/man3/EVP_KDF_CTX_set_params.3ossl
 #usr/share/man/man3/EVP_KDF_CTX_settable_params.3ossl
 #usr/share/man/man3/EVP_KDF_derive.3ossl
+#usr/share/man/man3/EVP_KDF_derive_SKEY.3ossl
 #usr/share/man/man3/EVP_KDF_do_all_provided.3ossl
 #usr/share/man/man3/EVP_KDF_fetch.3ossl
 #usr/share/man/man3/EVP_KDF_free.3ossl
@@ -3045,6 +3064,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/EVP_PKEY_decrypt_init_ex.3ossl
 #usr/share/man/man3/EVP_PKEY_delete_attr.3ossl
 #usr/share/man/man3/EVP_PKEY_derive.3ossl
+#usr/share/man/man3/EVP_PKEY_derive_SKEY.3ossl
 #usr/share/man/man3/EVP_PKEY_derive_init.3ossl
 #usr/share/man/man3/EVP_PKEY_derive_init_ex.3ossl
 #usr/share/man/man3/EVP_PKEY_derive_set_peer.3ossl
@@ -3104,6 +3124,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/EVP_PKEY_get_raw_private_key.3ossl
 #usr/share/man/man3/EVP_PKEY_get_raw_public_key.3ossl
 #usr/share/man/man3/EVP_PKEY_get_security_bits.3ossl
+#usr/share/man/man3/EVP_PKEY_get_security_category.3ossl
 #usr/share/man/man3/EVP_PKEY_get_size.3ossl
 #usr/share/man/man3/EVP_PKEY_get_size_t_param.3ossl
 #usr/share/man/man3/EVP_PKEY_get_utf8_string_param.3ossl
@@ -3297,6 +3318,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/EVP_SKEY_get0_raw_key.3ossl
 #usr/share/man/man3/EVP_SKEY_get0_skeymgmt_name.3ossl
 #usr/share/man/man3/EVP_SKEY_import.3ossl
+#usr/share/man/man3/EVP_SKEY_import_SKEYMGMT.3ossl
 #usr/share/man/man3/EVP_SKEY_import_raw_key.3ossl
 #usr/share/man/man3/EVP_SKEY_is_a.3ossl
 #usr/share/man/man3/EVP_SKEY_to_provider.3ossl
@@ -3734,6 +3756,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OPENSSL_LINE.3ossl
 #usr/share/man/man3/OPENSSL_MALLOC_FAILURES.3ossl
 #usr/share/man/man3/OPENSSL_MALLOC_FD.3ossl
+#usr/share/man/man3/OPENSSL_MALLOC_SEED.3ossl
 #usr/share/man/man3/OPENSSL_MSTR.3ossl
 #usr/share/man/man3/OPENSSL_MSTR_HELPER.3ossl
 #usr/share/man/man3/OPENSSL_VERSION_BUILD_METADATA.3ossl
@@ -3745,14 +3768,17 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OPENSSL_VERSION_PRE_RELEASE.3ossl
 #usr/share/man/man3/OPENSSL_VERSION_TEXT.3ossl
 #usr/share/man/man3/OPENSSL_aligned_alloc.3ossl
+#usr/share/man/man3/OPENSSL_aligned_alloc_array.3ossl
 #usr/share/man/man3/OPENSSL_atexit.3ossl
 #usr/share/man/man3/OPENSSL_buf2hexstr.3ossl
 #usr/share/man/man3/OPENSSL_buf2hexstr_ex.3ossl
+#usr/share/man/man3/OPENSSL_calloc.3ossl
 #usr/share/man/man3/OPENSSL_cipher_name.3ossl
 #usr/share/man/man3/OPENSSL_cleanse.3ossl
 #usr/share/man/man3/OPENSSL_cleanup.3ossl
 #usr/share/man/man3/OPENSSL_clear_free.3ossl
 #usr/share/man/man3/OPENSSL_clear_realloc.3ossl
+#usr/share/man/man3/OPENSSL_clear_realloc_array.3ossl
 #usr/share/man/man3/OPENSSL_config.3ossl
 #usr/share/man/man3/OPENSSL_fork_child.3ossl
 #usr/share/man/man3/OPENSSL_fork_parent.3ossl
@@ -3778,18 +3804,22 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OPENSSL_load_u64_be.3ossl
 #usr/share/man/man3/OPENSSL_load_u64_le.3ossl
 #usr/share/man/man3/OPENSSL_malloc.3ossl
+#usr/share/man/man3/OPENSSL_malloc_array.3ossl
 #usr/share/man/man3/OPENSSL_malloc_init.3ossl
 #usr/share/man/man3/OPENSSL_mem_debug_pop.3ossl
 #usr/share/man/man3/OPENSSL_mem_debug_push.3ossl
 #usr/share/man/man3/OPENSSL_memdup.3ossl
 #usr/share/man/man3/OPENSSL_no_config.3ossl
 #usr/share/man/man3/OPENSSL_realloc.3ossl
+#usr/share/man/man3/OPENSSL_realloc_array.3ossl
 #usr/share/man/man3/OPENSSL_riscvcap.3ossl
 #usr/share/man/man3/OPENSSL_s390xcap.3ossl
 #usr/share/man/man3/OPENSSL_secure_actual_size.3ossl
+#usr/share/man/man3/OPENSSL_secure_calloc.3ossl
 #usr/share/man/man3/OPENSSL_secure_clear_free.3ossl
 #usr/share/man/man3/OPENSSL_secure_free.3ossl
 #usr/share/man/man3/OPENSSL_secure_malloc.3ossl
+#usr/share/man/man3/OPENSSL_secure_malloc_array.3ossl
 #usr/share/man/man3/OPENSSL_secure_zalloc.3ossl
 #usr/share/man/man3/OPENSSL_sk_deep_copy.3ossl
 #usr/share/man/man3/OPENSSL_sk_delete.3ossl
@@ -3811,6 +3841,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OPENSSL_sk_reserve.3ossl
 #usr/share/man/man3/OPENSSL_sk_set.3ossl
 #usr/share/man/man3/OPENSSL_sk_set_cmp_func.3ossl
+#usr/share/man/man3/OPENSSL_sk_set_thunks.3ossl
 #usr/share/man/man3/OPENSSL_sk_shift.3ossl
 #usr/share/man/man3/OPENSSL_sk_sort.3ossl
 #usr/share/man/man3/OPENSSL_sk_unshift.3ossl
@@ -4433,6 +4464,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_PARAM_set_long.3ossl
 #usr/share/man/man3/OSSL_PARAM_set_octet_ptr.3ossl
 #usr/share/man/man3/OSSL_PARAM_set_octet_string.3ossl
+#usr/share/man/man3/OSSL_PARAM_set_octet_string_or_ptr.3ossl
 #usr/share/man/man3/OSSL_PARAM_set_size_t.3ossl
 #usr/share/man/man3/OSSL_PARAM_set_time_t.3ossl
 #usr/share/man/man3/OSSL_PARAM_set_uint.3ossl
@@ -4565,6 +4597,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OSSL_STORE_LOADER_set_load.3ossl
 #usr/share/man/man3/OSSL_STORE_LOADER_set_open.3ossl
 #usr/share/man/man3/OSSL_STORE_LOADER_set_open_ex.3ossl
+#usr/share/man/man3/OSSL_STORE_LOADER_settable_ctx_params.3ossl
 #usr/share/man/man3/OSSL_STORE_LOADER_up_ref.3ossl
 #usr/share/man/man3/OSSL_STORE_SEARCH.3ossl
 #usr/share/man/man3/OSSL_STORE_SEARCH_by_alias.3ossl
@@ -5241,7 +5274,9 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SRP_user_pwd_set1_ids.3ossl
 #usr/share/man/man3/SRP_user_pwd_set_gN.3ossl
 #usr/share/man/man3/SSL_ACCEPT_CONNECTION_NO_BLOCK.3ossl
+#usr/share/man/man3/SSL_ACCEPT_STREAM_BIDI.3ossl
 #usr/share/man/man3/SSL_ACCEPT_STREAM_NO_BLOCK.3ossl
+#usr/share/man/man3/SSL_ACCEPT_STREAM_UNI.3ossl
 #usr/share/man/man3/SSL_CIPHER_description.3ossl
 #usr/share/man/man3/SSL_CIPHER_find.3ossl
 #usr/share/man/man3/SSL_CIPHER_get_auth_nid.3ossl
@@ -5711,6 +5746,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_get0_server_cert_type.3ossl
 #usr/share/man/man3/SSL_get0_session.3ossl
 #usr/share/man/man3/SSL_get0_signature_name.3ossl
+#usr/share/man/man3/SSL_get0_tlsext_status_ocsp_resp_ex.3ossl
 #usr/share/man/man3/SSL_get0_verified_chain.3ossl
 #usr/share/man/man3/SSL_get0_verify_cert_store.3ossl
 #usr/share/man/man3/SSL_get1_builtin_sigalgs.3ossl
@@ -5895,6 +5931,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/SSL_set0_chain_cert_store.3ossl
 #usr/share/man/man3/SSL_set0_rbio.3ossl
 #usr/share/man/man3/SSL_set0_security_ex_data.3ossl
+#usr/share/man/man3/SSL_set0_tlsext_status_ocsp_resp_ex.3ossl
 #usr/share/man/man3/SSL_set0_tmp_dh_pkey.3ossl
 #usr/share/man/man3/SSL_set0_verify_cert_store.3ossl
 #usr/share/man/man3/SSL_set0_wbio.3ossl
@@ -6268,6 +6305,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/X509_CRL_get0_lastUpdate.3ossl
 #usr/share/man/man3/X509_CRL_get0_nextUpdate.3ossl
 #usr/share/man/man3/X509_CRL_get0_signature.3ossl
+#usr/share/man/man3/X509_CRL_get0_tbs_sigalg.3ossl
 #usr/share/man/man3/X509_CRL_get_REVOKED.3ossl
 #usr/share/man/man3/X509_CRL_get_ext.3ossl
 #usr/share/man/man3/X509_CRL_get_ext_by_NID.3ossl
@@ -6535,6 +6573,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/X509_STORE_CTX_set_error_depth.3ossl
 #usr/share/man/man3/X509_STORE_CTX_set_ex_data.3ossl
 #usr/share/man/man3/X509_STORE_CTX_set_get_crl.3ossl
+#usr/share/man/man3/X509_STORE_CTX_set_ocsp_resp.3ossl
 #usr/share/man/man3/X509_STORE_CTX_set_purpose.3ossl
 #usr/share/man/man3/X509_STORE_CTX_set_trust.3ossl
 #usr/share/man/man3/X509_STORE_CTX_set_verify.3ossl
@@ -7193,6 +7232,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/i2d_PKCS7_bio.3ossl
 #usr/share/man/man3/i2d_PKCS7_bio_stream.3ossl
 #usr/share/man/man3/i2d_PKCS7_fp.3ossl
+#usr/share/man/man3/i2d_PKCS8PrivateKey.3ossl
 #usr/share/man/man3/i2d_PKCS8PrivateKeyInfo_bio.3ossl
 #usr/share/man/man3/i2d_PKCS8PrivateKeyInfo_fp.3ossl
 #usr/share/man/man3/i2d_PKCS8PrivateKey_bio.3ossl
@@ -7392,6 +7432,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man7/EVP_KEYMGMT-ED25519.7ossl
 #usr/share/man/man7/EVP_KEYMGMT-ED448.7ossl
 #usr/share/man/man7/EVP_KEYMGMT-HMAC.7ossl
+#usr/share/man/man7/EVP_KEYMGMT-LMS.7ossl
 #usr/share/man/man7/EVP_KEYMGMT-ML-DSA.7ossl
 #usr/share/man/man7/EVP_KEYMGMT-ML-KEM-1024.7ossl
 #usr/share/man/man7/EVP_KEYMGMT-ML-KEM-512.7ossl
@@ -7441,6 +7482,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man7/EVP_PKEY-ED448.7ossl
 #usr/share/man/man7/EVP_PKEY-FFC.7ossl
 #usr/share/man/man7/EVP_PKEY-HMAC.7ossl
+#usr/share/man/man7/EVP_PKEY-LMS.7ossl
 #usr/share/man/man7/EVP_PKEY-ML-DSA-44.7ossl
 #usr/share/man/man7/EVP_PKEY-ML-DSA-65.7ossl
 #usr/share/man/man7/EVP_PKEY-ML-DSA-87.7ossl
@@ -7482,6 +7524,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man7/EVP_SIGNATURE-ED25519.7ossl
 #usr/share/man/man7/EVP_SIGNATURE-ED448.7ossl
 #usr/share/man/man7/EVP_SIGNATURE-HMAC.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-LMS.7ossl
 #usr/share/man/man7/EVP_SIGNATURE-ML-DSA-44.7ossl
 #usr/share/man/man7/EVP_SIGNATURE-ML-DSA-65.7ossl
 #usr/share/man/man7/EVP_SIGNATURE-ML-DSA-87.7ossl
@@ -7504,6 +7547,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man7/EVP_SIGNATURE-Siphash.7ossl
 #usr/share/man/man7/Ed25519.7ossl
 #usr/share/man/man7/Ed448.7ossl
+#usr/share/man/man7/LMS.7ossl
 #usr/share/man/man7/OPENSSL_API_COMPAT.7ossl
 #usr/share/man/man7/OPENSSL_NO_DEPRECATED.7ossl
 #usr/share/man/man7/OSSL_PROVIDER-FIPS.7ossl
diff --git a/lfs/openssl b/lfs/openssl
index dc3f733a0..88bc6d98f 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.5.4
+VER        = 3.6.0
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 07e02f88af05e189385eef28599b81bd16d242130975c79df46e565a0dd92f74e59807d4770a2b3316adf08f2ca6a0dd2bfc96ab2a88a8dfb5c0d19197fe8fbf
+$(DL_FILE)_BLAKE2 = 4a0150aa9a78581e74119b338848458249630c94a43589a5b311d41c669b817b043007ddd13b3fb81233da10af3ccd455f3fbf3b09cf45016c475a8e2044e965
 
 install : $(TARGET)