There are news since about a year.
There is a downloadable editable PDF to prepare the declaration.
Anyway, you normally do not declare all functionality of the openssl library if
you use it in a product.
It may be as simple as "to hash passwords we use the SHAnnn functions as
implemented by openssl".
I used to make such declarations about 15 years ago.
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users