public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: Regenerated patches from src-git
Date: Tue, 09 Jun 2026 12:45:17 GMT [thread overview]
Message-ID: <178100911715.1.1041977368640779769.rpms-openssl-b85bfec02173@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : b85bfec02173b16d9187f4ccf9bb47b662494c2b
Author : Dmitry Belyavskiy <dbelyavs@redhat.com>
Date : 2024-03-08T13:46:42+01:00
Stats : +2137/-1668 in 20 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/b85bfec02173b16d9187f4ccf9bb47b662494c2b?branch=rebase_40beta
Log:
Regenerated patches from src-git
---
diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
index 425c158..3b3a772 100644
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@@ -1,30 +1,29 @@
-From 66b728801f141c9db8e647ab02421c83694ade79 Mon Sep 17 00:00:00 2001
+From 8be4ef77c64fcada41041c00e02c34b07658ba66 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:27 +0200
-Subject: [PATCH 07/35]
+Date: Wed, 6 Mar 2024 19:17:14 +0100
+Subject: [PATCH 07/49]
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
Patch-id: 7
Patch-status: |
- # Add support for PROFILE=SYSTEM system default cipherlist
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+ # # Add support for PROFILE=SYSTEM system default cipherlist
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
Configurations/unix-Makefile.tmpl | 5 ++
Configure | 11 +++-
doc/man1/openssl-ciphers.pod.in | 9 ++++
include/openssl/ssl.h.in | 5 ++
- ssl/ssl_ciph.c | 87 +++++++++++++++++++++++++++----
+ ssl/ssl_ciph.c | 86 +++++++++++++++++++++++++++----
ssl/ssl_lib.c | 4 +-
test/cipherlist_test.c | 2 +
- util/libcrypto.num | 1 +
- 8 files changed, 110 insertions(+), 14 deletions(-)
+ 7 files changed, 109 insertions(+), 13 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index f29cdc7f38..c0df026de3 100644
+index 5d61ce9550..e9fba957f1 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
-@@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man
+@@ -324,6 +324,10 @@ MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html
@@ -35,7 +34,7 @@ index f29cdc7f38..c0df026de3 100644
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
-@@ -338,6 +342,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
+@@ -347,6 +351,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
@@ -44,7 +43,7 @@ index f29cdc7f38..c0df026de3 100644
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
diff --git a/Configure b/Configure
-index 456995240b..93be83be94 100755
+index cca1ac8d16..2ae1cd0bc2 100755
--- a/Configure
+++ b/Configure
@@ -27,7 +27,7 @@ use OpenSSL::config;
@@ -67,7 +66,7 @@ index 456995240b..93be83be94 100755
# --banner=".." Output specified text instead of default completion banner
#
# -w Don't wait after showing a Configure warning
-@@ -387,6 +391,7 @@ $config{prefix}="";
+@@ -394,6 +398,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
@@ -75,7 +74,7 @@ index 456995240b..93be83be94 100755
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
-@@ -989,6 +994,10 @@ while (@argvcopy)
+@@ -1047,6 +1052,10 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
@@ -87,10 +86,10 @@ index 456995240b..93be83be94 100755
{
$banner = $1 . "\n";
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
-index 658730ec53..04e66bcebe 100644
+index d4df30686f..cec4835268 100644
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
-@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
+@@ -190,6 +190,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
@@ -107,10 +106,10 @@ index 658730ec53..04e66bcebe 100644
"High" encryption cipher suites. This currently means those with key lengths
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index f03f52fbd8..0b6de603e2 100644
+index 9f91039f8a..fc34d4ca61 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
-@@ -208,6 +208,11 @@ extern "C" {
+@@ -209,6 +209,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
*/
@@ -123,10 +122,10 @@ index f03f52fbd8..0b6de603e2 100644
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 93de9cf8fd..a5e60e8839 100644
+index 8360991ce4..33c23efb0d 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
-@@ -1443,6 +1443,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
+@@ -1455,6 +1455,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
return ret;
}
@@ -180,7 +179,7 @@ index 93de9cf8fd..a5e60e8839 100644
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
-@@ -1457,15 +1504,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1469,15 +1516,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
const SSL_METHOD *ssl_method = ctx->method;
@@ -208,7 +207,16 @@ index 93de9cf8fd..a5e60e8839 100644
/*
* To reduce the work to do we only want to process the compiled
-@@ -1553,8 +1610,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1499,7 +1556,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ if (num_of_ciphers > 0) {
+ co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
+ if (co_list == NULL)
+- return NULL; /* Failure */
++ goto err;
+ }
+
+ ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
+@@ -1565,8 +1622,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* in force within each class
*/
if (!ssl_cipher_strength_sort(&head, &tail)) {
@@ -218,7 +226,16 @@ index 93de9cf8fd..a5e60e8839 100644
}
/*
-@@ -1626,8 +1681,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1611,7 +1667,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
+ if (ca_list == NULL) {
+ OPENSSL_free(co_list);
+- return NULL; /* Failure */
++ goto err;
+ }
+ ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+ disabled_mkey, disabled_auth, disabled_enc,
+@@ -1637,8 +1693,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
@@ -228,7 +245,7 @@ index 93de9cf8fd..a5e60e8839 100644
}
/*
-@@ -1635,10 +1689,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1646,10 +1701,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@@ -244,7 +261,7 @@ index 93de9cf8fd..a5e60e8839 100644
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
-@@ -1690,6 +1747,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1701,6 +1759,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
*cipher_list = cipherstack;
return cipherstack;
@@ -260,10 +277,10 @@ index 93de9cf8fd..a5e60e8839 100644
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index f12ad6d034..a059bcd83b 100644
+index cf59d2dfa5..1329841aaf 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
-@@ -661,7 +661,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+@@ -700,7 +700,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
&(ctx->cipher_list_by_id),
@@ -272,7 +289,7 @@ index f12ad6d034..a059bcd83b 100644
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
-@@ -3286,7 +3286,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
+@@ -3966,7 +3966,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
if (!ssl_create_cipher_list(ret,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
@@ -282,10 +299,10 @@ index f12ad6d034..a059bcd83b 100644
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err;
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
-index 2d166e2b46..4ff2aa12d6 100644
+index c46e431b00..19d05e860b 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
-@@ -246,7 +246,9 @@ end:
+@@ -261,7 +261,9 @@ end:
int setup_tests(void)
{
@@ -296,26 +313,5 @@ index 2d166e2b46..4ff2aa12d6 100644
ADD_TEST(test_default_cipherlist_clear);
ADD_TEST(test_stdname_cipherlist);
--
-2.41.0
+2.44.0
-diff -up openssl-3.2.0/ssl/ssl_ciph.c.7patch openssl-3.2.0/ssl/ssl_ciph.c
---- openssl-3.2.0/ssl/ssl_ciph.c.7patch 2023-11-30 13:43:03.510620566 +0100
-+++ openssl-3.2.0/ssl/ssl_ciph.c 2023-11-30 13:44:21.275313230 +0100
-@@ -1556,7 +1556,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- if (num_of_ciphers > 0) {
- co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
- if (co_list == NULL)
-- return NULL; /* Failure */
-+ goto err;
- }
-
- ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-@@ -1667,7 +1667,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
- if (ca_list == NULL) {
- OPENSSL_free(co_list);
-- return NULL; /* Failure */
-+ goto err;
- }
- ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
- disabled_mkey, disabled_auth, disabled_enc,
diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch
index b5ebe99..6738304 100644
--- a/0033-FIPS-embed-hmac.patch
+++ b/0033-FIPS-embed-hmac.patch
@@ -1,30 +1,32 @@
-From e364a858262c8f563954544cc81e66f1b3b8db8c Mon Sep 17 00:00:00 2001
+From 831d0025257fd3746ab3fe30c05dbbfc0043f78e Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
-Date: Thu, 19 Oct 2023 13:12:40 +0200
-Subject: [PATCH 16/46] 0033-FIPS-embed-hmac.patch
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 16/49] 0033-FIPS-embed-hmac.patch
Patch-name: 0033-FIPS-embed-hmac.patch
Patch-id: 33
Patch-status: |
# # Embed HMAC into the fips.so
-From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
+ # Modify fips self test as per
+ # https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
- providers/fips/self_test.c | 70 ++++++++++++++++++++++++---
- test/fipsmodule.cnf | 2 +
- test/recipes/00-prep_fipsmodule_cnf.t | 2 +-
- test/recipes/01-test_fipsmodule_cnf.t | 2 +-
- test/recipes/03-test_fipsinstall.t | 2 +-
- test/recipes/30-test_defltfips.t | 2 +-
- test/recipes/80-test_ssl_new.t | 2 +-
- test/recipes/90-test_sslapi.t | 2 +-
- 8 files changed, 71 insertions(+), 13 deletions(-)
+ providers/fips/self_test.c | 204 ++++++++++++++++++++++++--
+ test/fipsmodule.cnf | 2 +
+ test/recipes/00-prep_fipsmodule_cnf.t | 2 +-
+ test/recipes/01-test_fipsmodule_cnf.t | 2 +-
+ test/recipes/03-test_fipsinstall.t | 2 +-
+ test/recipes/30-test_defltfips.t | 2 +-
+ test/recipes/80-test_ssl_new.t | 2 +-
+ test/recipes/90-test_sslapi.t | 2 +-
+ 8 files changed, 200 insertions(+), 18 deletions(-)
create mode 100644 test/fipsmodule.cnf
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index b8dc9817b2..e3a629018a 100644
+index b8dc9817b2..28f536d13c 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
-@@ -230,11 +230,27 @@ err:
+@@ -230,11 +230,133 @@ err:
return ok;
}
@@ -40,6 +42,7 @@ index b8dc9817b2..e3a629018a 100644
* the result matches the expected value.
* Return 1 if verified, or 0 if it fails.
*/
++
+#ifndef __USE_GNU
+#define __USE_GNU
+#include <dlfcn.h>
@@ -49,10 +52,115 @@ index b8dc9817b2..e3a629018a 100644
+#endif
+#include <link.h>
+
++static int verify_integrity_rodata(OSSL_CORE_BIO *bio,
++ OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
++ unsigned char *expected, size_t expected_len,
++ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
++ const char *event_type)
++{
++ int ret = 0, status;
++ unsigned char out[MAX_MD_SIZE];
++ unsigned char buf[INTEGRITY_BUF_SIZE];
++ size_t bytes_read = 0, out_len = 0;
++ EVP_MAC *mac = NULL;
++ EVP_MAC_CTX *ctx = NULL;
++ OSSL_PARAM params[2], *p = params;
++ Dl_info info;
++ void *extra_info = NULL;
++ struct link_map *lm = NULL;
++ unsigned long paddr;
++ unsigned long off = 0;
++
++ if (expected_len != HMAC_LEN)
++ goto err;
++
++ if (!integrity_self_test(ev, libctx))
++ goto err;
++
++ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
++
++ if (!dladdr1 ((const void *)fips_hmac_container,
++ &info, &extra_info, RTLD_DL_LINKMAP))
++ goto err;
++ lm = extra_info;
++ paddr = (unsigned long)fips_hmac_container - lm->l_addr;
++
++ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
++ if (mac == NULL)
++ goto err;
++ ctx = EVP_MAC_CTX_new(mac);
++ if (ctx == NULL)
++ goto err;
++
++ *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0);
++ *p = OSSL_PARAM_construct_end();
++
++ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
++ goto err;
++
++ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
++ if (status != 1)
++ break;
++ if (!EVP_MAC_update(ctx, buf, bytes_read))
++ goto err;
++ off += bytes_read;
++ }
++
++ if (off < paddr) {
++ int delta = paddr - off;
++ status = read_ex_cb(bio, buf, delta, &bytes_read);
++ if (status != 1)
++ goto err;
++ if (!EVP_MAC_update(ctx, buf, bytes_read))
++ goto err;
++ off += bytes_read;
++ }
++
++ /* read away the buffer */
++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
++ if (status != 1)
++ goto err;
++
++ /* check that it is the expect bytes, no point in continuing otherwise */
++ if (memcmp(expected, buf, HMAC_LEN) != 0)
++ goto err;
++
++ /* replace in-file HMAC buffer with the original zeros */
++ memset(buf, 0, HMAC_LEN);
++ if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
++ goto err;
++ off += HMAC_LEN;
++
++ while (bytes_read > 0) {
++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
++ if (status != 1)
++ break;
++ if (!EVP_MAC_update(ctx, buf, bytes_read))
++ goto err;
++ off += bytes_read;
++ }
++
++ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
++ goto err;
++
++ OSSL_SELF_TEST_oncorrupt_byte(ev, out);
++ if (expected_len != out_len
++ || memcmp(expected, out, out_len) != 0)
++ goto err;
++ ret = 1;
++err:
++ OPENSSL_cleanse(out, MAX_MD_SIZE);
++ OSSL_SELF_TEST_onend(ev, ret);
++ EVP_MAC_CTX_free(ctx);
++ EVP_MAC_free(mac);
++ return ret;
++}
++
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
unsigned char *expected, size_t expected_len,
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-@@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -247,12 +369,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
EVP_MAC *mac = NULL;
EVP_MAC_CTX *ctx = NULL;
OSSL_PARAM params[2], *p = params;
@@ -76,7 +184,7 @@ index b8dc9817b2..e3a629018a 100644
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
if (mac == NULL)
goto err;
-@@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -266,13 +399,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
goto err;
@@ -84,12 +192,12 @@ index b8dc9817b2..e3a629018a 100644
- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
-+ if (status != 1)
-+ break;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
+ if (status != 1)
+ break;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ off += bytes_read;
-+ }
+ }
+
+ if (off + INTEGRITY_BUF_SIZE > paddr) {
+ int delta = paddr - off;
@@ -111,17 +219,17 @@ index b8dc9817b2..e3a629018a 100644
+
+ while (bytes_read > 0) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
- if (status != 1)
- break;
- if (!EVP_MAC_update(ctx, buf, bytes_read))
- goto err;
++ if (status != 1)
++ break;
++ if (!EVP_MAC_update(ctx, buf, bytes_read))
++ goto err;
+ off += bytes_read;
- }
++ }
+
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
goto err;
-@@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -282,6 +444,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
goto err;
ret = 1;
err:
@@ -129,7 +237,7 @@ index b8dc9817b2..e3a629018a 100644
OSSL_SELF_TEST_onend(ev, ret);
EVP_MAC_CTX_free(ctx);
EVP_MAC_free(mac);
-@@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -335,8 +498,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
return 0;
}
@@ -139,19 +247,57 @@ index b8dc9817b2..e3a629018a 100644
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
goto end;
}
-@@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -345,8 +507,14 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (ev == NULL)
goto end;
- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
- &checksum_len);
-+ module_checksum = fips_hmac_container;
-+ checksum_len = sizeof(fips_hmac_container);
++ if (st->module_checksum_data == NULL) {
++ module_checksum = fips_hmac_container;
++ checksum_len = sizeof(fips_hmac_container);
++ } else {
++ module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
++ &checksum_len);
++ }
+
if (module_checksum == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
goto end;
-@@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -354,14 +522,27 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+ bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb");
+
+ /* Always check the integrity of the fips module */
+- if (bio_module == NULL
+- || !verify_integrity(bio_module, st->bio_read_ex_cb,
+- module_checksum, checksum_len, st->libctx,
+- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
++ if (bio_module == NULL) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
+ goto end;
+ }
+-
++ if (st->module_checksum_data == NULL) {
++ if (!verify_integrity_rodata(bio_module, st->bio_read_ex_cb,
++ module_checksum, checksum_len,
++ st->libctx, ev,
++ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
++ goto end;
++ }
++ } else {
++ if (!verify_integrity(bio_module, st->bio_read_ex_cb,
++ module_checksum, checksum_len,
++ st->libctx, ev,
++ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
++ goto end;
++ }
++ }
+ /* This will be NULL during installation - so the self test KATS will run */
+ if (st->indicator_data != NULL) {
+ /*
+@@ -420,7 +601,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
end:
EVP_RAND_free(testrand);
OSSL_SELF_TEST_free(ev);
@@ -220,7 +366,7 @@ index c8f145405b..56a2ec5dc4 100644
plan tests =>
($no_fips ? 1 : 5);
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
-index 0c6d6402d9..e45f9cb560 100644
+index 195b85ea8c..92d48dbf7d 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -27,7 +27,7 @@ setup("test_ssl_new");
@@ -233,7 +379,7 @@ index 0c6d6402d9..e45f9cb560 100644
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
-index 9e9e32b51e..1a1a7159b5 100644
+index 18d9f3d204..71780d8caa 100644
--- a/test/recipes/90-test_sslapi.t
+++ b/test/recipes/90-test_sslapi.t
@@ -17,7 +17,7 @@ setup("test_sslapi");
@@ -246,183 +392,5 @@ index 9e9e32b51e..1a1a7159b5 100644
my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename);
--
-2.41.0
+2.44.0
-diff -up openssl-3.2.0/providers/fips/self_test.c.fix-self-test openssl-3.2.0/providers/fips/self_test.c
---- openssl-3.2.0/providers/fips/self_test.c.fix-self-test 2024-02-01 17:36:27.970983419 +0100
-+++ openssl-3.2.0/providers/fips/self_test.c 2024-02-01 17:39:19.788685051 +0100
-@@ -242,6 +242,7 @@ static const unsigned char __attribute__
- * the result matches the expected value.
- * Return 1 if verified, or 0 if it fails.
- */
-+
- #ifndef __USE_GNU
- #define __USE_GNU
- #include <dlfcn.h>
-@@ -251,6 +252,111 @@ static const unsigned char __attribute__
- #endif
- #include <link.h>
-
-+static int verify_integrity_rodata(OSSL_CORE_BIO *bio,
-+ OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
-+ unsigned char *expected, size_t expected_len,
-+ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-+ const char *event_type)
-+{
-+ int ret = 0, status;
-+ unsigned char out[MAX_MD_SIZE];
-+ unsigned char buf[INTEGRITY_BUF_SIZE];
-+ size_t bytes_read = 0, out_len = 0;
-+ EVP_MAC *mac = NULL;
-+ EVP_MAC_CTX *ctx = NULL;
-+ OSSL_PARAM params[2], *p = params;
-+ Dl_info info;
-+ void *extra_info = NULL;
-+ struct link_map *lm = NULL;
-+ unsigned long paddr;
-+ unsigned long off = 0;
-+
-+ if (expected_len != HMAC_LEN)
-+ goto err;
-+
-+ if (!integrity_self_test(ev, libctx))
-+ goto err;
-+
-+ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
-+
-+ if (!dladdr1 ((const void *)fips_hmac_container,
-+ &info, &extra_info, RTLD_DL_LINKMAP))
-+ goto err;
-+ lm = extra_info;
-+ paddr = (unsigned long)fips_hmac_container - lm->l_addr;
-+
-+ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
-+ if (mac == NULL)
-+ goto err;
-+ ctx = EVP_MAC_CTX_new(mac);
-+ if (ctx == NULL)
-+ goto err;
-+
-+ *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0);
-+ *p = OSSL_PARAM_construct_end();
-+
-+ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
-+ goto err;
-+
-+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
-+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
-+ if (status != 1)
-+ break;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
-+ off += bytes_read;
-+ }
-+
-+ if (off < paddr) {
-+ int delta = paddr - off;
-+ status = read_ex_cb(bio, buf, delta, &bytes_read);
-+ if (status != 1)
-+ goto err;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
-+ off += bytes_read;
-+ }
-+
-+ /* read away the buffer */
-+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
-+ if (status != 1)
-+ goto err;
-+
-+ /* check that it is the expect bytes, no point in continuing otherwise */
-+ if (memcmp(expected, buf, HMAC_LEN) != 0)
-+ goto err;
-+
-+ /* replace in-file HMAC buffer with the original zeros */
-+ memset(buf, 0, HMAC_LEN);
-+ if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
-+ goto err;
-+ off += HMAC_LEN;
-+
-+ while (bytes_read > 0) {
-+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
-+ if (status != 1)
-+ break;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
-+ off += bytes_read;
-+ }
-+
-+ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
-+ goto err;
-+
-+ OSSL_SELF_TEST_oncorrupt_byte(ev, out);
-+ if (expected_len != out_len
-+ || memcmp(expected, out, out_len) != 0)
-+ goto err;
-+ ret = 1;
-+err:
-+ OPENSSL_cleanse(out, MAX_MD_SIZE);
-+ OSSL_SELF_TEST_onend(ev, ret);
-+ EVP_MAC_CTX_free(ctx);
-+ EVP_MAC_free(mac);
-+ return ret;
-+}
-+
- static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
- unsigned char *expected, size_t expected_len,
- OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-diff -up openssl-3.2.0/providers/fips/self_test.c.fix-self-test openssl-3.2.0/providers/fips/self_test.c
---- openssl-3.2.0/providers/fips/self_test.c.fix-self-test 2024-02-01 17:40:54.926627242 +0100
-+++ openssl-3.2.0/providers/fips/self_test.c 2024-02-01 17:45:58.939636676 +0100
-@@ -527,14 +527,27 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
- bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb");
-
- /* Always check the integrity of the fips module */
-- if (bio_module == NULL
-- || !verify_integrity(bio_module, st->bio_read_ex_cb,
-- module_checksum, checksum_len, st->libctx,
-- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
-+ if (bio_module == NULL) {
- ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
- goto end;
- }
--
-+ if (st->module_checksum_data == NULL) {
-+ if (!verify_integrity_rodata(bio_module, st->bio_read_ex_cb,
-+ module_checksum, checksum_len,
-+ st->libctx, ev,
-+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
-+ goto end;
-+ }
-+ } else {
-+ if (!verify_integrity(bio_module, st->bio_read_ex_cb,
-+ module_checksum, checksum_len,
-+ st->libctx, ev,
-+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
-+ goto end;
-+ }
-+ }
- /* This will be NULL during installation - so the self test KATS will run */
- if (st->indicator_data != NULL) {
- /*
-diff -up openssl-3.2.0/providers/fips/self_test.c.fips-self openssl-3.2.0/providers/fips/self_test.c
---- openssl-3.2.0/providers/fips/self_test.c.fips-self 2024-02-06 12:20:56.963719115 +0100
-+++ openssl-3.2.0/providers/fips/self_test.c 2024-02-06 12:22:23.705604045 +0100
-@@ -517,8 +517,13 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
- if (ev == NULL)
- goto end;
-
-- module_checksum = fips_hmac_container;
-- checksum_len = sizeof(fips_hmac_container);
-+ if (st->module_checksum_data == NULL) {
-+ module_checksum = fips_hmac_container;
-+ checksum_len = sizeof(fips_hmac_container);
-+ } else {
-+ module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
-+ &checksum_len);
-+ }
-
- if (module_checksum == NULL) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch
index befa23b..117e6b2 100644
--- a/0045-FIPS-services-minimize.patch
+++ b/0045-FIPS-services-minimize.patch
@@ -1,12 +1,13 @@
-From a9dc983f82cabe29d6b48f3af3e30e26074ce5cf Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 12:55:57 +0200
-Subject: [PATCH 21/48] 0045-FIPS-services-minimize.patch
+From e25b25227043a2b2cf156527c31d7686a4265bf3 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 20/49] 0045-FIPS-services-minimize.patch
Patch-name: 0045-FIPS-services-minimize.patch
Patch-id: 45
Patch-status: |
- # Minimize fips services
+ # # Minimize fips services
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
apps/ecparam.c | 7 +++
apps/req.c | 2 +-
@@ -20,14 +21,14 @@ Patch-status: |
test/evp_libctx_test.c | 9 +++-
test/recipes/15-test_gendsa.t | 2 +-
test/recipes/20-test_cli_fips.t | 3 +-
- test/recipes/30-test_evp.t | 16 +++----
+ test/recipes/30-test_evp.t | 20 ++++-----
.../30-test_evp_data/evpmac_common.txt | 22 ++++++++++
test/recipes/80-test_cms.t | 22 +++++-----
test/recipes/80-test_ssl_old.t | 2 +-
- 16 files changed, 128 insertions(+), 47 deletions(-)
+ 16 files changed, 128 insertions(+), 51 deletions(-)
diff --git a/apps/ecparam.c b/apps/ecparam.c
-index 9e9ad13683..9c66cf2434 100644
+index 71f93c4ca5..347bf62d5c 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out)
@@ -45,10 +46,10 @@ index 9e9ad13683..9c66cf2434 100644
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
diff --git a/apps/req.c b/apps/req.c
-index 23757044ab..5916914978 100644
+index 8995453dca..cb38e6aa64 100644
--- a/apps/req.c
+++ b/apps/req.c
-@@ -266,7 +266,7 @@ int req_main(int argc, char **argv)
+@@ -268,7 +268,7 @@ int req_main(int argc, char **argv)
unsigned long chtype = MBSTRING_ASC, reqflag = 0;
#ifndef OPENSSL_NO_DES
@@ -58,10 +59,10 @@ index 23757044ab..5916914978 100644
opt_set_unknown_name("digest");
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
-index ed37e76969..eb836dfa6a 100644
+index f7234615e4..0d4c0e3388 100644
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
-@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list[][10] = {
+@@ -189,9 +189,9 @@ static const OSSL_PARAM param_group_list[][10] = {
TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25),
TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26),
TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27),
@@ -73,7 +74,7 @@ index ed37e76969..eb836dfa6a 100644
TLS_GROUP_ENTRY("brainpoolP256r1tls13", "brainpoolP256r1", "EC", 30),
TLS_GROUP_ENTRY("brainpoolP384r1tls13", "brainpoolP384r1", "EC", 31),
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index 518226dfc6..29438faea8 100644
+index 7ec409710b..ec5bdd5a69 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
@@ -131,7 +132,7 @@ index 518226dfc6..29438faea8 100644
{ NULL, NULL, NULL }
};
-@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
+@@ -410,8 +413,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
#ifndef OPENSSL_NO_EC
{ PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
# ifndef OPENSSL_NO_ECX
@@ -143,7 +144,27 @@ index 518226dfc6..29438faea8 100644
# endif
#endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
-@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
+@@ -422,14 +426,16 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
+
+ static const OSSL_ALGORITHM fips_signature[] = {
+ #ifndef OPENSSL_NO_DSA
+- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
++ /* We don't certify DSA in our FIPS provider */
++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },*/
+ #endif
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
+ #ifndef OPENSSL_NO_EC
+ # ifndef OPENSSL_NO_ECX
+- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
++ /* We don't certify Edwards curves in our FIPS provider */
++ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
+ ossl_ed25519_signature_functions },
+- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
++ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },*/
+ # endif
+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
+ #endif
+@@ -460,8 +466,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
PROV_DESCS_DHX },
#endif
#ifndef OPENSSL_NO_DSA
@@ -155,7 +176,7 @@ index 518226dfc6..29438faea8 100644
#endif
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
PROV_DESCS_RSA },
-@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
+@@ -471,14 +478,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
PROV_DESCS_EC },
# ifndef OPENSSL_NO_ECX
@@ -230,10 +251,10 @@ index 2057378d3d..4b80bb70b9 100644
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index d4261e8f7d..2a5504d104 100644
+index 22d93ead53..c1405f47ea 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
-@@ -689,6 +689,19 @@ static int rsa_verify_recover(void *vprsactx,
+@@ -686,6 +686,19 @@ static int rsa_verify_recover(void *vprsactx,
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
int ret;
@@ -253,7 +274,7 @@ index d4261e8f7d..2a5504d104 100644
if (!ossl_prov_is_running())
return 0;
-@@ -777,6 +790,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
+@@ -774,6 +787,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
size_t rslen;
@@ -274,7 +295,7 @@ index d4261e8f7d..2a5504d104 100644
if (!ossl_prov_is_running())
return 0;
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index a5e60e8839..f9af07d12b 100644
+index 33c23efb0d..113c204716 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
@@ -288,10 +309,10 @@ index a5e60e8839..f9af07d12b 100644
* We ignore any errors from the fetches below. They are expected to fail
* if these algorithms are not available.
diff --git a/test/acvp_test.c b/test/acvp_test.c
-index fee880d441..13d7a0ea8b 100644
+index 45509095af..4a67519bb4 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
-@@ -1476,6 +1476,7 @@ int setup_tests(void)
+@@ -1478,6 +1478,7 @@ int setup_tests(void)
OSSL_NELEM(dh_safe_prime_keyver_data));
#endif /* OPENSSL_NO_DH */
@@ -299,7 +320,7 @@ index fee880d441..13d7a0ea8b 100644
#ifndef OPENSSL_NO_DSA
ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
-@@ -1483,6 +1484,7 @@ int setup_tests(void)
+@@ -1485,6 +1486,7 @@ int setup_tests(void)
ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
#endif /* OPENSSL_NO_DSA */
@@ -308,10 +329,10 @@ index fee880d441..13d7a0ea8b 100644
#ifndef OPENSSL_NO_EC
ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
diff --git a/test/endecode_test.c b/test/endecode_test.c
-index 9a437d8c64..53385028fc 100644
+index b53b7b715b..885e49a47c 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
-@@ -1407,6 +1407,7 @@ int setup_tests(void)
+@@ -1419,6 +1419,7 @@ int setup_tests(void)
* so no legacy tests.
*/
#endif
@@ -319,7 +340,7 @@ index 9a437d8c64..53385028fc 100644
#ifndef OPENSSL_NO_DSA
ADD_TEST_SUITE(DSA);
ADD_TEST_SUITE_PARAMS(DSA);
-@@ -1417,6 +1418,7 @@ int setup_tests(void)
+@@ -1429,6 +1430,7 @@ int setup_tests(void)
ADD_TEST_SUITE_PROTECTED_PVK(DSA);
# endif
#endif
@@ -327,7 +348,7 @@ index 9a437d8c64..53385028fc 100644
#ifndef OPENSSL_NO_EC
ADD_TEST_SUITE(EC);
ADD_TEST_SUITE_PARAMS(EC);
-@@ -1431,10 +1433,12 @@ int setup_tests(void)
+@@ -1443,10 +1445,12 @@ int setup_tests(void)
ADD_TEST_SUITE(ECExplicitTri2G);
ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
# endif
@@ -375,7 +396,7 @@ index 2448c35a14..a7913cda4c 100644
return 1;
}
diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t
-index b495b08bda..69bd299521 100644
+index 4bc460784b..93052eb3e7 100644
--- a/test/recipes/15-test_gendsa.t
+++ b/test/recipes/15-test_gendsa.t
@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
@@ -388,10 +409,10 @@ index b495b08bda..69bd299521 100644
plan tests =>
($no_fips ? 0 : 2) # FIPS related tests
diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t
-index 6d3c5ba1bb..2ba47b5fca 100644
+index d4b4d4ca51..031814e8ff 100644
--- a/test/recipes/20-test_cli_fips.t
+++ b/test/recipes/20-test_cli_fips.t
-@@ -273,8 +273,7 @@ SKIP: {
+@@ -278,8 +278,7 @@ SKIP: {
}
SKIP : {
@@ -402,10 +423,10 @@ index 6d3c5ba1bb..2ba47b5fca 100644
subtest DSA => sub {
my $testtext_prefix = 'DSA';
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
-index 9d7040ced2..f8beb538d4 100644
+index eddca5c58e..36a192d041 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
-@@ -42,10 +42,8 @@ my @files = qw(
+@@ -46,10 +46,8 @@ my @files = qw(
evpciph_aes_cts.txt
evpciph_aes_wrap.txt
evpciph_aes_stitched.txt
@@ -416,7 +437,23 @@ index 9d7040ced2..f8beb538d4 100644
evpkdf_pbkdf1.txt
evpkdf_pbkdf2.txt
evpkdf_ss.txt
-@@ -91,6 +83,7 @@ my @defltfiles = qw(
+@@ -69,15 +67,6 @@ push @files, qw(
+ evppkey_ffdhe.txt
+ evppkey_dh.txt
+ ) unless $no_dh;
+-push @files, qw(
+- evpkdf_x942_des.txt
+- evpmac_cmac_des.txt
+- ) unless $no_des;
+-push @files, qw(evppkey_dsa.txt) unless $no_dsa;
+-push @files, qw(
+- evppkey_ecx.txt
+- evppkey_mismatch_ecx.txt
+- ) unless $no_ecx;
+ push @files, qw(
+ evppkey_ecc.txt
+ evppkey_ecdh.txt
+@@ -97,6 +86,7 @@ my @defltfiles = qw(
evpciph_cast5.txt
evpciph_chacha.txt
evpciph_des.txt
@@ -424,7 +461,7 @@ index 9d7040ced2..f8beb538d4 100644
evpciph_idea.txt
evpciph_rc2.txt
evpciph_rc4.txt
-@@ -114,10 +107,17 @@ my @defltfiles = qw(
+@@ -121,13 +111,19 @@ my @defltfiles = qw(
evpmd_whirlpool.txt
evppbe_scrypt.txt
evppbe_pkcs12.txt
@@ -441,12 +478,15 @@ index 9d7040ced2..f8beb538d4 100644
+ ) unless $no_des;
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
- push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
+-push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
+ push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
+ push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
+ push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
-index 93195df97c..315413cd9b 100644
+index e47023aae6..96a8febeef 100644
--- a/test/recipes/30-test_evp_data/evpmac_common.txt
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
-@@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C
+@@ -363,6 +363,7 @@ IV = 7AE8E2CA4EC500012E58495C
Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
Result = MAC_INIT_ERROR
@@ -454,7 +494,7 @@ index 93195df97c..315413cd9b 100644
Title = KMAC Tests (From NIST)
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
-@@ -350,12 +351,14 @@ Ctrl = xof:0
+@@ -373,12 +374,14 @@ Ctrl = xof:0
OutputSize = 32
BlockSize = 168
@@ -469,7 +509,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -363,6 +366,7 @@ Custom = "My Tagged Application"
+@@ -386,6 +389,7 @@ Custom = "My Tagged Application"
Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230
Ctrl = size:32
@@ -477,7 +517,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
-@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC
+@@ -394,12 +398,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC
OutputSize = 64
BlockSize = 136
@@ -492,7 +532,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -386,12 +392,14 @@ Ctrl = size:64
+@@ -409,12 +415,14 @@ Ctrl = size:64
Title = KMAC XOF Tests (From NIST)
@@ -507,7 +547,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
-@@ -399,6 +407,7 @@ Custom = "My Tagged Application"
+@@ -422,6 +430,7 @@ Custom = "My Tagged Application"
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
XOF = 1
@@ -515,7 +555,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
+@@ -430,6 +439,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
XOF = 1
Ctrl = size:32
@@ -523,7 +563,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
-@@ -414,6 +424,7 @@ Custom = "My Tagged Application"
+@@ -437,6 +447,7 @@ Custom = "My Tagged Application"
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
XOF = 1
@@ -531,7 +571,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -421,6 +432,7 @@ Custom = ""
+@@ -444,6 +455,7 @@ Custom = ""
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
XOF = 1
@@ -539,7 +579,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -431,6 +443,7 @@ XOF = 1
+@@ -454,6 +466,7 @@ XOF = 1
Title = KMAC long customisation string (from NIST ACVP)
@@ -547,7 +587,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
-@@ -441,12 +454,14 @@ XOF = 1
+@@ -464,12 +477,14 @@ XOF = 1
Title = KMAC XOF Tests via ctrl (From NIST)
@@ -562,7 +602,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
-@@ -454,6 +469,7 @@ Custom = "My Tagged Application"
+@@ -477,6 +492,7 @@ Custom = "My Tagged Application"
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
Ctrl = xof:1
@@ -570,7 +610,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
+@@ -485,6 +501,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
Ctrl = xof:1
Ctrl = size:32
@@ -578,7 +618,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
-@@ -469,6 +486,7 @@ Custom = "My Tagged Application"
+@@ -492,6 +509,7 @@ Custom = "My Tagged Application"
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
Ctrl = xof:1
@@ -586,7 +626,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -476,6 +494,7 @@ Custom = ""
+@@ -499,6 +517,7 @@ Custom = ""
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
Ctrl = xof:1
@@ -594,7 +634,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -486,6 +505,7 @@ Ctrl = xof:1
+@@ -509,6 +528,7 @@ Ctrl = xof:1
Title = KMAC long customisation string via ctrl (from NIST ACVP)
@@ -602,7 +642,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC256
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
-@@ -496,6 +516,7 @@ Ctrl = xof:1
+@@ -519,6 +539,7 @@ Ctrl = xof:1
Title = KMAC long customisation string negative test
@@ -610,7 +650,7 @@ index 93195df97c..315413cd9b 100644
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -504,6 +525,7 @@ Result = MAC_INIT_ERROR
+@@ -527,6 +548,7 @@ Result = MAC_INIT_ERROR
Title = KMAC output is too large
@@ -619,7 +659,7 @@ index 93195df97c..315413cd9b 100644
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 40dd585c18..cbec426137 100644
+index 6a9792128b..4e368c730b 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = (
@@ -694,7 +734,7 @@ index 40dd585c18..cbec426137 100644
[ "{cmd1}", @prov, "-sign", "-in", $smcont,
"-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
-@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = (
+@@ -250,7 +250,7 @@ my @smime_pkcs7_tests = (
my @smime_cms_tests = (
@@ -703,7 +743,7 @@ index 40dd585c18..cbec426137 100644
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-nodetach", "-keyid",
"-signer", $smrsa1,
-@@ -261,7 +261,7 @@ my @smime_cms_tests = (
+@@ -263,7 +263,7 @@ my @smime_cms_tests = (
\&final_compare
],
@@ -712,7 +752,7 @@ index 40dd585c18..cbec426137 100644
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
"-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
-@@ -371,7 +371,7 @@ my @smime_cms_tests = (
+@@ -373,7 +373,7 @@ my @smime_cms_tests = (
\&final_compare
],
@@ -735,58 +775,5 @@ index 50b74a1e29..e2dcb68fb5 100644
}
--
-2.41.0
+2.44.0
-diff -up openssl-3.2.0/test/recipes/30-test_evp.t.patch openssl-3.2.0/test/recipes/30-test_evp.t
---- openssl-3.2.0/test/recipes/30-test_evp.t.patch 2023-12-06 15:33:27.843751147 +0100
-+++ openssl-3.2.0/test/recipes/30-test_evp.t 2023-12-06 15:34:27.585351920 +0100
-@@ -70,15 +70,6 @@ push @files, qw(
- evppkey_dh.txt
- ) unless $no_dh;
- push @files, qw(
-- evpkdf_x942_des.txt
-- evpmac_cmac_des.txt
-- ) unless $no_des;
--push @files, qw(evppkey_dsa.txt) unless $no_dsa;
--push @files, qw(
-- evppkey_ecx.txt
-- evppkey_mismatch_ecx.txt
-- ) unless $no_ecx;
--push @files, qw(
- evppkey_ecc.txt
- evppkey_ecdh.txt
- evppkey_ecdsa.txt
-diff -up openssl-3.2.0/providers/fips/fipsprov.c.patch-fips openssl-3.2.0/providers/fips/fipsprov.c
---- openssl-3.2.0/providers/fips/fipsprov.c.patch-fips 2023-12-06 15:49:08.711198219 +0100
-+++ openssl-3.2.0/providers/fips/fipsprov.c 2023-12-06 15:55:42.362078721 +0100
-@@ -426,14 +426,16 @@ static const OSSL_ALGORITHM fips_keyexch
-
- static const OSSL_ALGORITHM fips_signature[] = {
- #ifndef OPENSSL_NO_DSA
-- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
-+ /* We don't certify DSA in our FIPS provider */
-+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },*/
- #endif
- { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
- #ifndef OPENSSL_NO_EC
- # ifndef OPENSSL_NO_ECX
-- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
-+ /* We don't certify Edwards curves in our FIPS provider */
-+ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
- ossl_ed25519_signature_functions },
-- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
-+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },*/
- # endif
- { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
- #endif
-diff -up openssl-3.2.0/test/recipes/30-test_evp.t.fips-min openssl-3.2.0/test/recipes/30-test_evp.t
---- openssl-3.2.0/test/recipes/30-test_evp.t.fips-min 2024-02-01 11:00:56.823687618 +0100
-+++ openssl-3.2.0/test/recipes/30-test_evp.t 2024-02-01 11:01:20.131934678 +0100
-@@ -124,7 +124,6 @@ push @defltfiles, qw(
- ) unless $no_des;
- push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
- push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
--push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
- push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
- push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
- push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch
index 7aa410e..655691b 100644
--- a/0049-Allow-disabling-of-SHA1-signatures.patch
+++ b/0049-Allow-disabling-of-SHA1-signatures.patch
@@ -1,13 +1,13 @@
-From 2e8388e06eafb703aeb315498915bf079561bdb5 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 13:07:07 +0200
-Subject: [PATCH 23/48] 0049-Allow-disabling-of-SHA1-signatures.patch
+From 4f9167db05cade673f98f1a00efd57136e97b460 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 22/49] 0049-Allow-disabling-of-SHA1-signatures.patch
Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch
Patch-id: 49
Patch-status: |
- # Selectively disallow SHA1 signatures rhbz#2070977
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+ # # Selectively disallow SHA1 signatures rhbz#2070977
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/context.c | 14 ++++
crypto/evp/evp_cnf.c | 13 +++
@@ -27,10 +27,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
15 files changed, 209 insertions(+), 9 deletions(-)
diff --git a/crypto/context.c b/crypto/context.c
-index 51002ba79a..e697974c9d 100644
+index fb4816d89b..c04920fe14 100644
--- a/crypto/context.c
+++ b/crypto/context.c
-@@ -78,6 +78,8 @@ struct ossl_lib_ctx_st {
+@@ -83,6 +83,8 @@ struct ossl_lib_ctx_st {
void *fips_prov;
#endif
@@ -39,7 +39,7 @@ index 51002ba79a..e697974c9d 100644
unsigned int ischild:1;
};
-@@ -206,6 +208,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
+@@ -223,6 +225,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
goto err;
#endif
@@ -50,7 +50,7 @@ index 51002ba79a..e697974c9d 100644
/* Low priority. */
#ifndef FIPS_MODULE
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
-@@ -334,6 +340,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
+@@ -366,6 +372,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
}
#endif
@@ -62,7 +62,7 @@ index 51002ba79a..e697974c9d 100644
/* Low priority. */
#ifndef FIPS_MODULE
if (ctx->child_provider != NULL) {
-@@ -625,6 +636,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
+@@ -663,6 +674,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
return ctx->fips_prov;
#endif
@@ -104,7 +104,7 @@ index 0e7fe64cf9..b9d3b6d226 100644
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index 630d339c35..6e4e9f5ae7 100644
+index 3a979f4bd4..fd3a4b79df 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -15,6 +15,73 @@
@@ -181,7 +181,7 @@ index 630d339c35..6e4e9f5ae7 100644
#ifndef FIPS_MODULE
-@@ -251,6 +318,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -253,6 +320,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
}
@@ -201,7 +201,7 @@ index 630d339c35..6e4e9f5ae7 100644
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index ce6e1a1ccb..003926247b 100644
+index 268b1617e3..248f655d0f 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
@@ -212,7 +212,7 @@ index ce6e1a1ccb..003926247b 100644
#include "evp_local.h"
#ifndef FIPS_MODULE
-@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
+@@ -951,6 +952,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
return -2;
}
@@ -258,10 +258,10 @@ index bd05736220..ed34ff4b9c 100644
The value is a boolean that can be B<yes> or B<no>. If the value is
diff --git a/include/crypto/context.h b/include/crypto/context.h
-index cc06c71be8..e9f74a414d 100644
+index 7369a730fb..55b74238c8 100644
--- a/include/crypto/context.h
+++ b/include/crypto/context.h
-@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *);
+@@ -46,3 +46,6 @@ void ossl_release_default_drbg_ctx(void);
#if defined(OPENSSL_THREADS)
void ossl_threads_ctx_free(void *);
#endif
@@ -269,10 +269,10 @@ index cc06c71be8..e9f74a414d 100644
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
+void ossl_ctx_legacy_digest_signatures_free(void *);
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
-index ac50eb3bbd..3b115cc7df 100644
+index 64851fd8ed..8e01a77ddc 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
-@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
+@@ -117,7 +117,8 @@ typedef struct ossl_ex_data_global_st {
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
# define OSSL_LIB_CTX_THREAD_INDEX 19
# define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20
@@ -296,7 +296,7 @@ index fd7f7e3331..05464b0655 100644
+ int loadconfig);
#endif
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
-index 699ada7c52..e534ad0a5f 100644
+index 0d3acdbe56..fe694c4e96 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -19,6 +19,7 @@
@@ -307,7 +307,7 @@ index 699ada7c52..e534ad0a5f 100644
/*
* FIPS requires a minimum security strength of 112 bits (for encryption or
-@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+@@ -243,6 +244,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
mdnid = -1; /* disallowed by security checks */
}
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
@@ -323,7 +323,7 @@ index 699ada7c52..e534ad0a5f 100644
return mdnid;
}
-@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
+@@ -252,5 +262,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
if (ossl_securitycheck_enabled(ctx))
return ossl_digest_get_approved_nid(md) != NID_undef;
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
@@ -377,10 +377,10 @@ index 246323493e..2ca7a59f39 100644
return mdnid;
}
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
-index 70d0ea5d24..3c482e0181 100644
+index b89a0f6836..e0c26a13e4 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
-@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
+@@ -125,12 +125,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
mdprops = ctx->propq;
if (mdname != NULL) {
@@ -402,10 +402,10 @@ index 70d0ea5d24..3c482e0181 100644
if (md == NULL || md_nid < 0) {
if (md == NULL)
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
-index ebeb30e002..c874f87bd5 100644
+index f158105e71..62355b89fe 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
-@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
+@@ -247,7 +247,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
"%s could not be fetched", mdname);
return 0;
}
@@ -418,7 +418,7 @@ index ebeb30e002..c874f87bd5 100644
sha1_allowed);
if (md_nid < 0) {
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 2a5504d104..5f3a029566 100644
+index c1405f47ea..aeda1a7758 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -25,6 +25,7 @@
@@ -437,7 +437,7 @@ index 2a5504d104..5f3a029566 100644
OSSL_FUNC_signature_newctx_fn rsa_newctx;
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
-@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
+@@ -301,10 +303,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
if (mdname != NULL) {
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
@@ -455,7 +455,7 @@ index 2a5504d104..5f3a029566 100644
if (md == NULL
|| md_nid <= 0
-@@ -1396,8 +1403,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+@@ -1392,8 +1399,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->pad_mode = pad_mode;
if (prsactx->md == NULL && pmdname == NULL
@@ -472,22 +472,10 @@ index 2a5504d104..5f3a029566 100644
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
-diff --git a/util/libcrypto.num b/util/libcrypto.num
-index 9cb8a4dda2..feb660d030 100644
---- a/util/libcrypto.num
-+++ b/util/libcrypto.num
-@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION:
- OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION:
- BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK
-+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
-+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
---
-2.41.0
-
-diff -up openssl-3.2.0/ssl/t1_lib.c.patch-sha1 openssl-3.2.0/ssl/t1_lib.c
---- openssl-3.2.0/ssl/t1_lib.c.patch-sha1 2023-12-08 13:01:44.752501257 +0100
-+++ openssl-3.2.0/ssl/t1_lib.c 2023-12-08 13:04:18.969899853 +0100
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 631e1fdef9..05dd7c5595 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
@@ -524,3 +512,16 @@ diff -up openssl-3.2.0/ssl/t1_lib.c.patch-sha1 openssl-3.2.0/ssl/t1_lib.c
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].enabled = 0;
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index ef97803327..8046454025 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5536,3 +5536,5 @@ X509_STORE_CTX_set_get_crl 5663 3_2_0 EXIST::FUNCTION:
+ X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION:
+ OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION:
+ BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK
++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
+--
+2.44.0
+
diff --git a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
index a147d8e..33f79ce 100644
--- a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
+++ b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
@@ -1,30 +1,14 @@
-From f470b130139919f32926b3f5a75ba4d161cbcf88 Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Tue, 1 Mar 2022 15:44:18 +0100
-Subject: [PATCH 2/2] Allow SHA1 in seclevel 1 if rh-allow-sha1-signatures =
- yes
+From 1fba75a6203d3ea2037d2fc2e1846f1b514c3d1d Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 23/49]
+ 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
-NOTE: This patch is ported from CentOS 9 / RHEL 9, where it allows SHA1
-in seclevel 2 if rh-allow-sha1-signatures = yes. This was chosen because
-on CentOS 9 and RHEL 9, the LEGACY crypto policy sets the security level
-to 2.
-
-On Fedora 35 (with OpenSSL 1.1) the legacy crypto policy uses security
-level 1. Because Fedora 36 supports both OpenSSL 1.1 and OpenSSL 3, and
-we want the legacy crypto policy to allow SHA-1 in TLS, the only option
-to make this happen consistently in both OpenSSL 1.1 and OpenSSL 3 is
-SECLEVEL=1 (which will allow SHA-1 in OpenSSL 1.1) and this change to
-allow SHA-1 in SECLEVEL=1 with rh-allow-sha1-signatures = yes (which
-will allow SHA-1 in OpenSSL 3).
-
-The change from CentOS 9 / RHEL 9 cannot be applied unmodified, because
-rh-allow-sha1-signatures will default to yes in Fedora (according to our
-current plans including until F38), and the security level in the
-DEFAULT crypto policy is 2, i.e., the unmodified change would weaken the
-default configuration.
-
-Related: rhbz#2055796
-Related: rhbz#2070977
+Patch-name: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
+Patch-id: 52
+Patch-status: |
+ # # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/x509/x509_vfy.c | 20 ++++++++++-
doc/man5/config.pod | 7 ++++
@@ -33,7 +17,7 @@ Related: rhbz#2070977
4 files changed, 82 insertions(+), 16 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 2f175ca517..bf0c608839 100644
+index 1794c14e99..1dfbe58a4a 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -25,6 +25,7 @@
@@ -44,7 +28,7 @@ index 2f175ca517..bf0c608839 100644
#include "crypto/x509.h"
#include "x509_local.h"
-@@ -3441,14 +3442,31 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
+@@ -3668,14 +3669,31 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
{
int secbits = -1;
int level = ctx->param->auth_level;
@@ -78,10 +62,10 @@ index 2f175ca517..bf0c608839 100644
return secbits >= minbits_table[level - 1];
}
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
-index 0c9110d28a..e0516d20b8 100644
+index ed34ff4b9c..8ab5456c99 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
-@@ -309,6 +309,13 @@ this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
+@@ -317,6 +317,13 @@ this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
pseudorandom function (PRF) to derive key material, disabling
B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
@@ -96,7 +80,7 @@ index 0c9110d28a..e0516d20b8 100644
The value is a boolean that can be B<yes> or B<no>. If the value is
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index dcd487ec2e..0b50266b69 100644
+index 05dd7c5595..056aae3863 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
@@ -107,7 +91,7 @@ index dcd487ec2e..0b50266b69 100644
#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
-@@ -1561,19 +1562,28 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
+@@ -1977,19 +1978,28 @@ int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t sig, EVP_PKEY *pkey)
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0;
}
@@ -149,7 +133,7 @@ index dcd487ec2e..0b50266b69 100644
}
/* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu;
-@@ -2106,6 +2116,15 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
+@@ -2563,6 +2573,15 @@ static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op,
}
}
@@ -165,16 +149,16 @@ index dcd487ec2e..0b50266b69 100644
/* Finally see if security callback allows it */
secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
-@@ -2977,6 +2996,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x,
+@@ -3467,6 +3486,8 @@ static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
{
/* Lookup signature algorithm digest */
int secbits, nid, pknid;
+ OSSL_LIB_CTX *libctx = NULL;
+
-
+
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
-@@ -2985,6 +3006,26 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x,
+@@ -3476,6 +3497,26 @@ static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
/* If digest NID not defined use signature NID */
if (nid == NID_undef)
nid = pknid;
@@ -202,10 +186,10 @@ index dcd487ec2e..0b50266b69 100644
return ssl_security(s, op, secbits, nid, x);
else
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index 700bbd849c..280477bc9d 100644
+index 1c8fce86fd..a584629062 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
-@@ -387,8 +387,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
+@@ -481,8 +481,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");
@@ -217,5 +201,5 @@ index 700bbd849c..280477bc9d 100644
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"PSS signature using SHA256 and auth level 2");
--
-2.35.1
+2.44.0
diff --git a/0058-FIPS-limit-rsa-encrypt.patch b/0058-FIPS-limit-rsa-encrypt.patch
index 5d3ef9c..c4f952b 100644
--- a/0058-FIPS-limit-rsa-encrypt.patch
+++ b/0058-FIPS-limit-rsa-encrypt.patch
@@ -1,23 +1,23 @@
-From 56511d480823bedafce604374fa3b15d3b3ffd6b Mon Sep 17 00:00:00 2001
+From 012e319b3d5b936a9208b1c75c13d9c4a2d0cc04 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
-Subject: [PATCH 26/48] 0058-FIPS-limit-rsa-encrypt.patch
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 24/49] 0058-FIPS-limit-rsa-encrypt.patch
Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
Patch-id: 58
Patch-status: |
- # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+ # # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
- providers/common/securitycheck.c | 1 +
- .../implementations/asymciphers/rsa_enc.c | 35 +++++++++++
- .../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++-
- test/recipes/80-test_cms.t | 5 +-
- test/recipes/80-test_ssl_old.t | 27 +++++++--
- 5 files changed, 118 insertions(+), 8 deletions(-)
+ providers/common/securitycheck.c | 1 +
+ .../implementations/asymciphers/rsa_enc.c | 35 +++++
+ .../30-test_evp_data/evppkey_rsa_common.txt | 140 +++++++++++++-----
+ test/recipes/80-test_cms.t | 5 +-
+ test/recipes/80-test_ssl_old.t | 27 +++-
+ 5 files changed, 168 insertions(+), 40 deletions(-)
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
-index e534ad0a5f..c017c658e5 100644
+index fe694c4e96..f635b5aec8 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -27,6 +27,7 @@
@@ -29,10 +29,10 @@ index e534ad0a5f..c017c658e5 100644
{
int protect = 0;
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
-index d865968058..872967bcb3 100644
+index 71bfa344d4..d548560f1f 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
-@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa,
+@@ -135,6 +135,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa,
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
}
@@ -50,7 +50,7 @@ index d865968058..872967bcb3 100644
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
size_t outsize, const unsigned char *in, size_t inlen)
{
-@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+@@ -144,6 +155,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
if (!ossl_prov_is_running())
return 0;
@@ -69,7 +69,7 @@ index d865968058..872967bcb3 100644
if (out == NULL) {
size_t len = RSA_size(prsactx->rsa);
-@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+@@ -206,6 +229,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
if (!ossl_prov_is_running())
return 0;
@@ -89,877 +89,861 @@ index d865968058..872967bcb3 100644
if (out == NULL) {
*outlen = SSL_MAX_MASTER_KEY_LENGTH;
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
-index 8680797b90..95d5d51102 100644
+index 76ddc1ec60..62d55308b0 100644
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
-@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2
- h90qjKHS9PvY4Q==
- -----END PRIVATE KEY-----
+@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377
+ Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+ # RSA decrypt
+-
+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a
- Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
+ Decrypt = RSA-2048
+ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
+ Output = "Hello World"
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44
- Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
+ # Note: disable the Bleichenbacher workaround to see if it passes
+ Decrypt = RSA-2048
+ Ctrl = rsa_pkcs1_implicit_rejection:0
+@@ -262,7 +262,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70
+ Output = "Hello World"
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb
- Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
+ # Corrupted ciphertext
+ # Note: output is generated synthethically by the Bleichenbacher workaround
+ Decrypt = RSA-2048
+@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70
+ Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755
- Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
+ # Corrupted ciphertext
+ # Note: disable the Bleichenbacher workaround to see if it fails
+ Decrypt = RSA-2048
+@@ -345,82 +345,90 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC
+ # RSA decrypt
+ # a random positive test case
+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439
- Output=8da89fd9e5f974a29feffb462b49180f6cf9e802
+ Decrypt = RSA-2048-2
+ Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066
+ Output = "lorem ipsum dolor sit amet"
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8
- eG2e4XlBcKjI6A==
- -----END PRIVATE KEY-----
+ # a random negative test case decrypting to empty
+ Decrypt = RSA-2048-2
+ Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7
+ Output =
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e
- Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7
+ # invalid decrypting to max length message
+ Decrypt = RSA-2048-2
+ Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303
+ Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+ # invalid decrypting to message with length specified by second to last value from PRF
+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245
- Output=2d
+ Decrypt = RSA-2048-2
+ Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354
+ Output = 0f9b
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053
- Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e
+ # invalid decrypting to message with length specified by third to last value from PRF
+ Decrypt = RSA-2048-2
+ Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081
+ Output = 4f02
+ # positive test with 11 byte long value
+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641
- Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a
+ Decrypt = RSA-2048-2
+ Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592
+ Output = "lorem ipsum"
+ # positive test with 11 byte long value and zero padded ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec
- Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c
+ Decrypt = RSA-2048-2
+ Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
+ Output = "lorem ipsum"
+ # positive test with 11 byte long value and zero truncated ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z
- Ya4qnqZe1onjY5o=
- -----END PRIVATE KEY-----
+ Decrypt = RSA-2048-2
+ Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
+ Output = "lorem ipsum"
+ # positive test with 11 byte long value and double zero padded ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80
- Output=087820b569e8fa8d
+ Decrypt = RSA-2048-2
+ Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
+ Output = "lorem ipsum"
+ # positive test with 11 byte long value and double zero truncated ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5
- Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04
+ Decrypt = RSA-2048-2
+ Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
+ Output = "lorem ipsum"
+ # positive that generates a 0 byte long synthetic message internally
+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a
- Output=d94cd0e08fa404ed89
+ Decrypt = RSA-2048-2
+ Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0
+ Output = "lorem ipsum"
+ # positive that generates a 245 byte long synthetic message internally
+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0
- Output=6cc641b6b61e6f963974dad23a9013284ef1
+ Decrypt = RSA-2048-2
+ Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50
+ Output = "lorem ipsum"
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60
- Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223
+ # a random negative test that generates an 11 byte long message
+ Decrypt = RSA-2048-2
+ Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2
+ Output = af9ac70191c92413cb9f2d
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq
- aD0x7TDrmEvkEro=
- -----END PRIVATE KEY-----
+ # an otherwise correct plaintext, but with wrong first byte
+ # (0x01 instead of 0x00), generates a random 11 byte long plaintext
+ Decrypt = RSA-2048-2
+@@ -428,7 +436,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc
+ Output = a1f8c9255c35cfba403ccc
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8
- Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2
+ # an otherwise correct plaintext, but with wrong second byte
+ # (0x01 instead of 0x02), generates a random 11 byte long plaintext
+ Decrypt = RSA-2048-2
+@@ -436,7 +444,7 @@ Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d
+ Output = e6d700309ca0ed62452254
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e
- Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8
+ # an invalid ciphertext, with a zero byte in first byte of
+ # ciphertext, decrypts to a random 11 byte long synthetic
+ # plaintext
+@@ -445,7 +453,7 @@ Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2a
+ Output = ba27b1842e7c21c0e7ef6a
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065
- Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99
+ # an invalid ciphertext, with a zero byte removed from first byte of
+ # ciphertext, decrypts to a random 11 byte long synthetic
+ # plaintext
+@@ -454,7 +462,7 @@ Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3
+ Output = ba27b1842e7c21c0e7ef6a
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4
- Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e
+ # an invalid ciphertext, with two zero bytes in first bytes of
+ # ciphertext, decrypts to a random 11 byte long synthetic
+ # plaintext
+@@ -463,7 +471,7 @@ Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f
+ Output = d5cf555b1d6151029a429a
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2
- Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284
+ # an invalid ciphertext, with two zero bytes removed from first bytes of
+ # ciphertext, decrypts to a random 11 byte long synthetic
+ # plaintext
+@@ -472,7 +480,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c
+ Output = d5cf555b1d6151029a429a
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B
- MSwGUGLx60i3nRyDyw==
- -----END PRIVATE KEY-----
+ # and invalid ciphertext, otherwise valid but starting with 000002, decrypts
+ # to random 11 byte long synthetic plaintext
+ Decrypt = RSA-2048-2
+@@ -480,7 +488,7 @@ Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802
+ Output = 3d4a054d9358209e9cbbb9
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5
- Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8
+ # negative test with otherwise valid padding but a zero byte in first byte
+ # of padding
+ Decrypt = RSA-2048-2
+@@ -488,7 +496,7 @@ Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a94
+ Output = 1f037dd717b07d3e7f7359
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad
- Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399
+ # negative test with otherwise valid padding but a zero byte at the eighth
+ # byte of padding
+ Decrypt = RSA-2048-2
+@@ -496,7 +504,7 @@ Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a9646
+ Output = 63cb0bf65fc8255dd29e17
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967
- Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7
+ # negative test with an otherwise valid plaintext but with missing separator
+ # byte
+ Decrypt = RSA-2048-2
+@@ -551,53 +559,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC
+ # RSA decrypt
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf
- Output=15c5b9ee1185
+ # malformed that generates length specified by 3rd last value from PRF
+ Decrypt = RSA-2049
+ Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894
+ Output = 42
+ # simple positive test case
+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723
- Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a
+ Decrypt = RSA-2049
+ Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967
+ Output = "lorem ipsum"
+ # positive test case with null padded ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC
- Yejn5Ly8mU2q+jBcRQ==
- -----END PRIVATE KEY-----
+ Decrypt = RSA-2049
+ Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
+ Output = "lorem ipsum"
+ # positive test case with null truncated ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3
- Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4
+ Decrypt = RSA-2049
+ Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
+ Output = "lorem ipsum"
+ # positive test case with double null padded ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f
- Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7
+ Decrypt = RSA-2049
+ Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
+ Output = "lorem ipsum"
+ # positive test case with double null truncated ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65
- Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c
+ Decrypt = RSA-2049
+ Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
+ Output = "lorem ipsum"
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8
- Output=684e3038c5c041f7
+ # a random negative test case that generates an 11 byte long message
+ Decrypt = RSA-2049
+ Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca
+ Output = 1189b6f5498fd6df532b00
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab
- Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693
+ # otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00)
+ Decrypt = RSA-2049
+ Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff
+ Output = f6d0f5b78082fe61c04674
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS
- FMlxv0gq65dqc3DC
- -----END PRIVATE KEY-----
+ # otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02)
+ Decrypt = RSA-2049
+ Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3
+@@ -661,14 +674,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE=
+ PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1
- Output=47aae909
+ # a random invalid ciphertext that generates an empty synthetic one
+ Decrypt = RSA-3072
+ Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59
+ Output =
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6
- Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7
+ # a random invalid that has PRF output with a length one byte too long
+ # in the last value
+ Decrypt = RSA-3072
+@@ -676,46 +689,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa
+ Output = 56a3bea054e01338be9b7d7957539c
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b
- Output=d976fc
+ # a random invalid that generates a synthetic of maximum size
+ Decrypt = RSA-3072
+ Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6
+ Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04
+ # a positive test case that decrypts to 9 byte long value
+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac
- Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb
+ Decrypt = RSA-3072
+ Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde
+ Output = "forty two"
+ # a positive test case with null padded ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478
- Output=bb47231ca5ea1d3ad46c99345d9a8a61
+ Decrypt = RSA-3072
+ Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
+ Output = "forty two"
+ # a positive test case with null truncated ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM
- 2MiPa249Z+lh3Luj0A==
- -----END PRIVATE KEY-----
+ Decrypt = RSA-3072
+ Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
+ Output = "forty two"
+ # a positive test case with double null padded ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61
- Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967
+ Decrypt = RSA-3072
+ Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
+ Output = "forty two"
+ # a positive test case with double null truncated ciphertext
+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d
- Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc
+ Decrypt = RSA-3072
+ Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
+ Output = "forty two"
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f
- Output=8604ac56328c1ab5ad917861
+ # a random negative test case that generates a 9 byte long message
+ Decrypt = RSA-3072
+ Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56
+ Output = 257906ca6de8307728
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0
- Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc
+ # a random negative test case that generates a 9 byte long message based on
+ # second to last value from PRF
+ Decrypt = RSA-3072
+@@ -723,7 +741,7 @@ Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a0
+ Output = 043383c929060374ed
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2
- Output=4a5f4914bee25de3c69341de07
+ # a random negative test that generates message based on 3rd last value from
+ # PRF
+ Decrypt = RSA-3072
+@@ -731,35 +749,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf48
+ Output = 70263fa6050534b9e0
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo
- tKo5Eb69iFQvBb4=
- -----END PRIVATE KEY-----
+ # an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00)
+ Decrypt = RSA-3072
+ Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62
+ Output = 6d8d3a094ff3afff4c
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-9
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72
- Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6
+ # an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02)
+ Decrypt = RSA-3072
+ Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936
+ Output = c6ae80ffa80bc184b0
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-9
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8
- Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659
+ # an otherwise valid plaintext, but with zero byte in first byte of padding
+ Decrypt = RSA-3072
+ Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0
+ Output = a8a9301daa01bb25c7
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+Availablein = default
- Decrypt=RSA-OAEP-9
+ # an otherwise valid plaintext, but with zero byte in eight byte of padding
+ Decrypt = RSA-3072
+ Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571
+ Output = 6c716fe01d44398018
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an otherwise valid plaintext, but with null separator missing
+ Decrypt = RSA-3072
+ Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4
+@@ -1106,36 +1124,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2
+ h90qjKHS9PvY4Q==
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
- Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3
- Output=fd326429df9b890e09b54b18b8f34f1e24
+ Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a
+ Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
+Availablein = default
- Decrypt=RSA-OAEP-9
+ Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
- Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858
- Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e
+ Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44
+ Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
+Availablein = default
- Decrypt=RSA-OAEP-9
+ Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
- Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e
- Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d
+ Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb
+ Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
+Availablein = default
- Decrypt=RSA-OAEP-9
+ Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
-diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index cbec426137..9ba7fbeed2 100644
---- a/test/recipes/80-test_cms.t
-+++ b/test/recipes/80-test_cms.t
-@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = (
- \&final_compare
- ],
-
-- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
-+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
- "-aes256", "-stream", "-out", "{output}.cms",
- $smrsa1,
-@@ -1022,6 +1022,9 @@ sub check_availability {
- return "$tnam: skipped, DSA disabled\n"
- if ($no_dsa && $tnam =~ / DSA/);
-
-+ return "$tnam: skipped, Red Hat FIPS\n"
-+ if ($tnam =~ /no Red Hat FIPS/);
-+
- return "";
- }
-
-diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
-index e2dcb68fb5..0775112b40 100644
---- a/test/recipes/80-test_ssl_old.t
-+++ b/test/recipes/80-test_ssl_old.t
-@@ -493,6 +493,18 @@ sub testssl {
- # the default choice if TLSv1.3 enabled
- my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
- my $ciphersuites = "";
-+ my %redhat_skip_cipher = map {$_ => 1} qw(
-+AES256-GCM-SHA384:@SECLEVEL=0
-+AES256-CCM8:@SECLEVEL=0
-+AES256-CCM:@SECLEVEL=0
-+AES128-GCM-SHA256:@SECLEVEL=0
-+AES128-CCM8:@SECLEVEL=0
-+AES128-CCM:@SECLEVEL=0
-+AES256-SHA256:@SECLEVEL=0
-+AES128-SHA256:@SECLEVEL=0
-+AES256-SHA:@SECLEVEL=0
-+AES128-SHA:@SECLEVEL=0
-+ );
- foreach my $cipher (@{$ciphersuites{$protocol}}) {
- if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
- note "*****SKIPPING $protocol $cipher";
-@@ -504,11 +516,16 @@ sub testssl {
- } else {
- $cipher = $cipher.':@SECLEVEL=0';
- }
-- ok(run(test([@ssltest, @exkeys, "-cipher",
-- $cipher,
-- "-ciphersuites", $ciphersuites,
-- $flag || ()])),
-- "Testing $cipher");
-+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
-+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
-+ ok(1);
-+ } else {
-+ ok(run(test([@ssltest, @exkeys, "-cipher",
-+ $cipher,
-+ "-ciphersuites", $ciphersuites,
-+ $flag || ()])),
-+ "Testing $cipher");
-+ }
- }
- }
- next if $protocol eq "-tls1_3";
---
-2.41.0
-
-diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patch-58 openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
---- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patch-58 2023-12-11 19:15:32.167790754 +0100
-+++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-12-11 21:16:08.390089120 +0100
-@@ -248,7 +248,7 @@ Input = 64b0e9f9892371110c40ba5739dc0974
- Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+ Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755
+ Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
- # RSA decrypt
--
+Availablein = default
- Decrypt = RSA-2048
- Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
- Output = "Hello World"
-@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235
- Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff
+ Decrypt=RSA-OAEP-1
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439
+ Output=8da89fd9e5f974a29feffb462b49180f6cf9e802
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # Corrupted ciphertext
- # Note: disable the Bleichenbacher workaround to see if it fails
- Decrypt = RSA-2048
-diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
---- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default 2024-02-01 15:09:31.498568631 +0100
-+++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2024-02-01 15:14:45.858384004 +0100
-@@ -365,28 +365,28 @@ Input = 8bfe264e85d3bdeaa6b8851b8e3b956e
- Output = "lorem ipsum dolor sit amet"
+ Decrypt=RSA-OAEP-1
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1160,36 +1184,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8
+ eG2e4XlBcKjI6A==
+ -----END PRIVATE KEY-----
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # a random negative test case decrypting to empty
- Decrypt = RSA-2048-2
- Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7
- Output =
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e
+ Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # invalid decrypting to max length message
- Decrypt = RSA-2048-2
- Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303
- Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245
+ Output=2d
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
- # invalid decrypting to message with length specified by second to last value from PRF
+Availablein = default
- Decrypt = RSA-2048-2
- Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354
- Output = 0f9b
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053
+ Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # invalid decrypting to message with length specified by third to last value from PRF
- Decrypt = RSA-2048-2
- Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081
-@@ -428,14 +428,14 @@ Input = 1ea0b50ca65203d0a09280d39704b24f
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641
+ Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # a random negative test that generates an 11 byte long message
- Decrypt = RSA-2048-2
- Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2
- Output = af9ac70191c92413cb9f2d
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec
+ Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # an otherwise correct plaintext, but with wrong first byte
- # (0x01 instead of 0x00), generates a random 11 byte long plaintext
- Decrypt = RSA-2048-2
-@@ -443,7 +443,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be5
- Output = a1f8c9255c35cfba403ccc
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1214,36 +1244,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z
+ Ya4qnqZe1onjY5o=
+ -----END PRIVATE KEY-----
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # an otherwise correct plaintext, but with wrong second byte
- # (0x01 instead of 0x02), generates a random 11 byte long plaintext
- Decrypt = RSA-2048-2
-@@ -451,7 +451,7 @@ Input = 782c2b59a21a511243820acedd567c13
- Output = e6d700309ca0ed62452254
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80
+ Output=087820b569e8fa8d
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # an invalid ciphertext, with a zero byte in first byte of
- # ciphertext, decrypts to a random 11 byte long synthetic
- # plaintext
-@@ -460,7 +460,7 @@ Input = 0096136621faf36d5290b16bd26295de
- Output = ba27b1842e7c21c0e7ef6a
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5
+ Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # an invalid ciphertext, with a zero byte removed from first byte of
- # ciphertext, decrypts to a random 11 byte long synthetic
- # plaintext
-@@ -469,7 +469,7 @@ Input = 96136621faf36d5290b16bd26295de27
- Output = ba27b1842e7c21c0e7ef6a
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a
+ Output=d94cd0e08fa404ed89
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # an invalid ciphertext, with two zero bytes in first bytes of
- # ciphertext, decrypts to a random 11 byte long synthetic
- # plaintext
-@@ -478,7 +478,7 @@ Input = 0000587cccc6b264bdfe0dc2149a9880
- Output = d5cf555b1d6151029a429a
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0
+ Output=6cc641b6b61e6f963974dad23a9013284ef1
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # an invalid ciphertext, with two zero bytes removed from first bytes of
- # ciphertext, decrypts to a random 11 byte long synthetic
- # plaintext
-@@ -487,7 +487,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa
- Output = d5cf555b1d6151029a429a
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60
+ Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # and invalid ciphertext, otherwise valid but starting with 000002, decrypts
- # to random 11 byte long synthetic plaintext
- Decrypt = RSA-2048-2
-@@ -495,7 +495,7 @@ Input = 1786550ce8d8433052e01ecba8b76d30
- Output = 3d4a054d9358209e9cbbb9
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1268,36 +1304,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq
+ aD0x7TDrmEvkEro=
+ -----END PRIVATE KEY-----
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # negative test with otherwise valid padding but a zero byte in first byte
- # of padding
- Decrypt = RSA-2048-2
-@@ -503,7 +503,7 @@ Input = 179598823812d2c58a7eb50521150a48
- Output = 1f037dd717b07d3e7f7359
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8
+ Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # negative test with otherwise valid padding but a zero byte at the eighth
- # byte of padding
- Decrypt = RSA-2048-2
-@@ -511,7 +511,7 @@ Input = a7a340675a82c30e22219a55bc07cdf3
- Output = 63cb0bf65fc8255dd29e17
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e
+ Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # negative test with an otherwise valid plaintext but with missing separator
- # byte
- Decrypt = RSA-2048-2
-@@ -566,53 +566,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLI
- # RSA decrypt
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065
+ Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # malformed that generates length specified by 3rd last value from PRF
- Decrypt = RSA-2049
- Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894
- Output = 42
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4
+ Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e
- # simple positive test case
+Availablein = default
- Decrypt = RSA-2049
- Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2
+ Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284
- # positive test case with null padded ciphertext
+Availablein = default
- Decrypt = RSA-2049
- Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1322,36 +1364,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B
+ MSwGUGLx60i3nRyDyw==
+ -----END PRIVATE KEY-----
- # positive test case with null truncated ciphertext
+Availablein = default
- Decrypt = RSA-2049
- Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5
+ Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8
- # positive test case with double null padded ciphertext
+Availablein = default
- Decrypt = RSA-2049
- Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad
+ Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399
- # positive test case with double null truncated ciphertext
+Availablein = default
- Decrypt = RSA-2049
- Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967
+ Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # a random negative test case that generates an 11 byte long message
- Decrypt = RSA-2049
- Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca
- Output = 1189b6f5498fd6df532b00
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf
+ Output=15c5b9ee1185
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00)
- Decrypt = RSA-2049
- Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff
- Output = f6d0f5b78082fe61c04674
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723
+ Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02)
- Decrypt = RSA-2049
- Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3
-diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
---- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default 2024-02-01 15:22:09.981463726 +0100
-+++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2024-02-01 15:28:41.789966051 +0100
-@@ -269,7 +269,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235
- Output = "Hello World"
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1376,36 +1424,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC
+ Yejn5Ly8mU2q+jBcRQ==
+ -----END PRIVATE KEY-----
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # Note: disable the Bleichenbacher workaround to see if it passes
- Decrypt = RSA-2048
- Ctrl = rsa_pkcs1_implicit_rejection:0
-@@ -277,7 +277,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235
- Output = "Hello World"
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3
+ Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # Corrupted ciphertext
- # Note: output is generated synthethically by the Bleichenbacher workaround
- Decrypt = RSA-2048
-@@ -360,6 +360,7 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-P
- # RSA decrypt
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f
+ Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7
- # a random positive test case
+Availablein = default
- Decrypt = RSA-2048-2
- Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066
- Output = "lorem ipsum dolor sit amet"
-@@ -393,36 +394,43 @@ Input = 1690ebcceece2ce024f382e467cf8510
- Output = 4f02
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65
+ Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c
- # positive test with 11 byte long value
+Availablein = default
- Decrypt = RSA-2048-2
- Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8
+ Output=684e3038c5c041f7
- # positive test with 11 byte long value and zero padded ciphertext
+Availablein = default
- Decrypt = RSA-2048-2
- Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab
+ Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693
- # positive test with 11 byte long value and zero truncated ciphertext
+Availablein = default
- Decrypt = RSA-2048-2
- Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1430,36 +1484,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS
+ FMlxv0gq65dqc3DC
+ -----END PRIVATE KEY-----
- # positive test with 11 byte long value and double zero padded ciphertext
+Availablein = default
- Decrypt = RSA-2048-2
- Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1
+ Output=47aae909
- # positive test with 11 byte long value and double zero truncated ciphertext
+Availablein = default
- Decrypt = RSA-2048-2
- Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6
+ Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7
- # positive that generates a 0 byte long synthetic message internally
+Availablein = default
- Decrypt = RSA-2048-2
- Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0
- Output = "lorem ipsum"
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b
+ Output=d976fc
- # positive that generates a 245 byte long synthetic message internally
+Availablein = default
- Decrypt = RSA-2048-2
- Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50
- Output = "lorem ipsum"
-@@ -681,14 +690,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKu
- PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac
+ Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # a random invalid ciphertext that generates an empty synthetic one
- Decrypt = RSA-3072
- Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59
- Output =
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478
+ Output=bb47231ca5ea1d3ad46c99345d9a8a61
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # a random invalid that has PRF output with a length one byte too long
- # in the last value
- Decrypt = RSA-3072
-@@ -696,46 +705,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d8
- Output = 56a3bea054e01338be9b7d7957539c
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1484,36 +1544,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM
+ 2MiPa249Z+lh3Luj0A==
+ -----END PRIVATE KEY-----
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # a random invalid that generates a synthetic of maximum size
- Decrypt = RSA-3072
- Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6
- Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61
+ Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967
- # a positive test case that decrypts to 9 byte long value
+Availablein = default
- Decrypt = RSA-3072
- Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde
- Output = "forty two"
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d
+ Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc
- # a positive test case with null padded ciphertext
+Availablein = default
- Decrypt = RSA-3072
- Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
- Output = "forty two"
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f
+ Output=8604ac56328c1ab5ad917861
- # a positive test case with null truncated ciphertext
+Availablein = default
- Decrypt = RSA-3072
- Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
- Output = "forty two"
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0
+ Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc
- # a positive test case with double null padded ciphertext
+Availablein = default
- Decrypt = RSA-3072
- Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
- Output = "forty two"
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2
+ Output=4a5f4914bee25de3c69341de07
- # a positive test case with double null truncated ciphertext
+Availablein = default
- Decrypt = RSA-3072
- Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
- Output = "forty two"
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1544,36 +1610,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo
+ tKo5Eb69iFQvBb4=
+ -----END PRIVATE KEY-----
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # a random negative test case that generates a 9 byte long message
- Decrypt = RSA-3072
- Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56
- Output = 257906ca6de8307728
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72
+ Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # a random negative test case that generates a 9 byte long message based on
- # second to last value from PRF
- Decrypt = RSA-3072
-@@ -743,7 +757,7 @@ Input = 758c215aa6acd61248062b88284bf43c
- Output = 043383c929060374ed
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8
+ Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # a random negative test that generates message based on 3rd last value from
- # PRF
- Decrypt = RSA-3072
-@@ -751,35 +765,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4
- Output = 70263fa6050534b9e0
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3
+ Output=fd326429df9b890e09b54b18b8f34f1e24
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00)
- Decrypt = RSA-3072
- Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62
- Output = 6d8d3a094ff3afff4c
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858
+ Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02)
- Decrypt = RSA-3072
- Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936
- Output = c6ae80ffa80bc184b0
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e
+ Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
+Availablein = default
- # an otherwise valid plaintext, but with zero byte in first byte of padding
- Decrypt = RSA-3072
- Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0
- Output = a8a9301daa01bb25c7
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index 4e368c730b..879d5d76eb 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -235,7 +235,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an otherwise valid plaintext, but with zero byte in eight byte of padding
- Decrypt = RSA-3072
- Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571
- Output = 6c716fe01d44398018
+- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
++ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
+ "-aes256", "-stream", "-out", "{output}.cms",
+ $smrsa1,
+@@ -1118,6 +1118,9 @@ sub check_availability {
+ return "$tnam: skipped, DSA disabled\n"
+ if ($no_dsa && $tnam =~ / DSA/);
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an otherwise valid plaintext, but with null separator missing
- Decrypt = RSA-3072
- Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4
++ return "$tnam: skipped, Red Hat FIPS\n"
++ if ($tnam =~ /no Red Hat FIPS/);
++
+ return "";
+ }
+
+diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
+index e2dcb68fb5..0775112b40 100644
+--- a/test/recipes/80-test_ssl_old.t
++++ b/test/recipes/80-test_ssl_old.t
+@@ -493,6 +493,18 @@ sub testssl {
+ # the default choice if TLSv1.3 enabled
+ my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
+ my $ciphersuites = "";
++ my %redhat_skip_cipher = map {$_ => 1} qw(
++AES256-GCM-SHA384:@SECLEVEL=0
++AES256-CCM8:@SECLEVEL=0
++AES256-CCM:@SECLEVEL=0
++AES128-GCM-SHA256:@SECLEVEL=0
++AES128-CCM8:@SECLEVEL=0
++AES128-CCM:@SECLEVEL=0
++AES256-SHA256:@SECLEVEL=0
++AES128-SHA256:@SECLEVEL=0
++AES256-SHA:@SECLEVEL=0
++AES128-SHA:@SECLEVEL=0
++ );
+ foreach my $cipher (@{$ciphersuites{$protocol}}) {
+ if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
+ note "*****SKIPPING $protocol $cipher";
+@@ -504,11 +516,16 @@ sub testssl {
+ } else {
+ $cipher = $cipher.':@SECLEVEL=0';
+ }
+- ok(run(test([@ssltest, @exkeys, "-cipher",
+- $cipher,
+- "-ciphersuites", $ciphersuites,
+- $flag || ()])),
+- "Testing $cipher");
++ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
++ note "*****SKIPPING $cipher in Red Hat FIPS mode";
++ ok(1);
++ } else {
++ ok(run(test([@ssltest, @exkeys, "-cipher",
++ $cipher,
++ "-ciphersuites", $ciphersuites,
++ $flag || ()])),
++ "Testing $cipher");
++ }
+ }
+ }
+ next if $protocol eq "-tls1_3";
+--
+2.44.0
+
diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
index 6f5fef2..fe4ca7c 100644
--- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
+++ b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
@@ -1,22 +1,22 @@
-From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001
+From 62721a92ebec8746888d94bea0082c8d8763219e Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
-Subject: [PATCH 29/35]
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 27/49]
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Patch-id: 73
Patch-status: |
- # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+ # # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/rsa/rsa_local.h | 8 ++
crypto/rsa/rsa_oaep.c | 34 ++++++--
- include/openssl/core_names.h | 3 +
providers/fips/self_test_data.inc | 79 ++++++++++---------
providers/fips/self_test_kats.c | 7 ++
.../implementations/asymciphers/rsa_enc.c | 41 +++++++++-
- 6 files changed, 128 insertions(+), 44 deletions(-)
+ util/perl/OpenSSL/paramnames.pm | 1 +
+ 6 files changed, 126 insertions(+), 44 deletions(-)
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index ea70da05ad..dde57a1a0e 100644
@@ -36,7 +36,7 @@ index ea70da05ad..dde57a1a0e 100644
+
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
-index d9be1a4f98..b2f7f7dc4b 100644
+index b9030440c4..3d665c3860 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -82,7 +82,7 @@ index d9be1a4f98..b2f7f7dc4b 100644
if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
goto err;
-@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
+@@ -136,6 +146,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
return rv;
}
@@ -102,7 +102,7 @@ index d9be1a4f98..b2f7f7dc4b 100644
const unsigned char *from, int flen,
const unsigned char *param, int plen,
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
-index e0fdc0daa4..aa2012c04a 100644
+index 4b80bb70b9..c33ecd0791 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
@@ -208,10 +208,10 @@ index e0fdc0daa4..aa2012c04a 100644
#ifndef OPENSSL_NO_EC
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
-index 74ee25dcb6..a9bc8be7fa 100644
+index f13c41abd6..4ea10670c0 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
-@@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
+@@ -642,14 +642,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
return ret;
}
@@ -234,7 +234,7 @@ index 74ee25dcb6..a9bc8be7fa 100644
}
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
-index 9cd8904131..40de5ce8fa 100644
+index d548560f1f..f3443b0c66 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -30,6 +30,9 @@
@@ -257,7 +257,7 @@ index 9cd8904131..40de5ce8fa 100644
/* PKCS#1 v1.5 decryption mode */
unsigned int implicit_rejection;
} PROV_RSA_CTX;
-@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+@@ -193,12 +199,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
}
}
ret =
@@ -281,7 +281,7 @@ index 9cd8904131..40de5ce8fa 100644
if (!ret) {
OPENSSL_free(tbuf);
-@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx)
+@@ -332,6 +347,9 @@ static void rsa_freectx(void *vprsactx)
EVP_MD_free(prsactx->oaep_md);
EVP_MD_free(prsactx->mgf1_md);
OPENSSL_free(prsactx->oaep_label);
@@ -291,7 +291,7 @@ index 9cd8904131..40de5ce8fa 100644
OPENSSL_free(prsactx);
}
-@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
+@@ -455,6 +473,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
NULL, 0),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
@@ -301,7 +301,7 @@ index 9cd8904131..40de5ce8fa 100644
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
OSSL_PARAM_END
};
-@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
+@@ -465,6 +486,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
return known_gettable_ctx_params;
}
@@ -312,7 +312,7 @@ index 9cd8904131..40de5ce8fa 100644
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
-@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+@@ -576,6 +601,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->oaep_labellen = tmp_labellen;
}
@@ -331,12 +331,10 @@ index 9cd8904131..40de5ce8fa 100644
p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
if (p != NULL) {
unsigned int client_version;
---
-2.41.0
-
-diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config openssl-3.2.0/util/perl/OpenSSL/paramnames.pm
---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config 2023-12-14 13:48:23.398025507 +0100
-+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2023-12-14 14:24:49.519488385 +0100
+diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
+index c37ed7815f..70f7c50fe4 100644
+--- a/util/perl/OpenSSL/paramnames.pm
++++ b/util/perl/OpenSSL/paramnames.pm
@@ -401,6 +401,7 @@ my %params = (
'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version",
'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version",
@@ -345,3 +343,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config openssl-3.2.
# Encoder / decoder parameters
+--
+2.44.0
+
diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
index e41fadd..7751f05 100644
--- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
+++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
@@ -1,32 +1,25 @@
-From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Fri, 15 Jul 2022 17:45:40 +0200
-Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
+From dc41625dc4a793f0e21188165711181ca085339b Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:16 +0100
+Subject: [PATCH 28/49]
+ 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
-In review for FIPS 140-3, the lack of a self-test for the digest_sign
-and digest_verify provider functions was highlighted as a problem. NIST
-no longer provides ACVP tests for the RSA SigVer primitive (see
-https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
-recommends the use of functions that compute the digest and signature
-within the module, we have been advised in our module review that the
-self tests should also use the combined digest and signature APIs, i.e.
-the digest_sign and digest_verify provider functions.
-
-Modify the signature self-test to use these instead by switching to
-EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
-crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
-
-Signed-off-by: Clemens Lang <cllang@redhat.com>
+Patch-name: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
+Patch-id: 74
+Patch-status: |
+ # [PATCH 29/46]
+ # 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
- crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
- providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
- 2 files changed, 56 insertions(+), 24 deletions(-)
+ crypto/evp/m_sigver.c | 54 ++++++++++++++++++++++++++++-----
+ providers/fips/self_test_kats.c | 43 +++++++++++++++-----------
+ 2 files changed, 73 insertions(+), 24 deletions(-)
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index db1a1d7bc3..c94c3c53bd 100644
+index fd3a4b79df..3e9f33c26c 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
-@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
+@@ -90,6 +90,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
return 0;
}
@@ -34,7 +27,7 @@ index db1a1d7bc3..c94c3c53bd 100644
/*
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
-@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -125,8 +126,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
reinit = 0;
if (e == NULL)
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
@@ -45,7 +38,7 @@ index db1a1d7bc3..c94c3c53bd 100644
}
if (ctx->pctx == NULL)
return 0;
-@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -136,8 +139,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
locpctx = ctx->pctx;
ERR_set_mark();
@@ -56,7 +49,7 @@ index db1a1d7bc3..c94c3c53bd 100644
/* do not reinitialize if pkey is set or operation is different */
if (reinit
-@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -222,8 +227,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
signature =
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
supported_sig, locpctx->propquery);
@@ -67,7 +60,7 @@ index db1a1d7bc3..c94c3c53bd 100644
break;
}
if (signature == NULL)
-@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -307,6 +314,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
if (ctx->fetched_digest != NULL) {
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
@@ -75,7 +68,7 @@ index db1a1d7bc3..c94c3c53bd 100644
} else {
/* legacy engine support : remove the mark when this is deleted */
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
-@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -315,11 +323,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
@@ -89,7 +82,7 @@ index db1a1d7bc3..c94c3c53bd 100644
if (ctx->reqdigest != NULL
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
-@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -331,6 +341,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
goto err;
}
}
@@ -97,7 +90,7 @@ index db1a1d7bc3..c94c3c53bd 100644
if (ver) {
if (signature->digest_verify_init == NULL) {
-@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -363,6 +374,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
EVP_KEYMGMT_free(tmp_keymgmt);
return 0;
@@ -105,7 +98,7 @@ index db1a1d7bc3..c94c3c53bd 100644
legacy:
/*
* If we don't have the full support we need with provided methods,
-@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -434,6 +446,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ctx->pctx->flag_call_digest_custom = 1;
ret = 1;
@@ -113,7 +106,7 @@ index db1a1d7bc3..c94c3c53bd 100644
end:
#ifndef FIPS_MODULE
-@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -476,7 +489,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
NULL);
}
@@ -121,7 +114,57 @@ index db1a1d7bc3..c94c3c53bd 100644
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
-@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+@@ -548,24 +560,31 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
+ return EVP_DigestUpdate(ctx, data, dsize);
+ }
+
+-#ifndef FIPS_MODULE
+ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+ size_t *siglen)
+ {
+- int sctx = 0, r = 0;
+- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
++ int r = 0;
++#ifndef FIPS_MODULE
++ int sctx = 0;
++ EVP_PKEY_CTX *dctx = NULL;
++#endif /* !defined(FIPS_MODULE) */
++ EVP_PKEY_CTX *pctx = ctx->pctx;
++
+
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
++#ifndef FIPS_MODULE
+ if (pctx == NULL
+ || pctx->operation != EVP_PKEY_OP_SIGNCTX
+ || pctx->op.sig.algctx == NULL
+ || pctx->op.sig.signature == NULL)
+ goto legacy;
++#endif /* !defined(FIPS_MODULE) */
+
++#ifndef FIPS_MODULE
+ if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
+ /* try dup */
+ dctx = EVP_PKEY_CTX_dup(pctx);
+@@ -580,7 +599,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+ else
+ EVP_PKEY_CTX_free(dctx);
+ return r;
++#else
++ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
++ sigret, siglen,
++ sigret == NULL ? 0 : *siglen);
++ return r;
++#endif /* !defined(FIPS_MODULE) */
+
++#ifndef FIPS_MODULE
+ legacy:
+ if (pctx == NULL || pctx->pmeth == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+@@ -653,6 +679,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
}
}
return 1;
@@ -129,7 +172,54 @@ index db1a1d7bc3..c94c3c53bd 100644
}
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
-@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+@@ -691,23 +718,30 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+ size_t siglen)
+ {
+- unsigned char md[EVP_MAX_MD_SIZE];
+ int r = 0;
++#ifndef FIPS_MODULE
++ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdlen = 0;
+ int vctx = 0;
+- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
++ EVP_PKEY_CTX *dctx = NULL;
++#endif /* !defined(FIPS_MODULE) */
++ EVP_PKEY_CTX *pctx = ctx->pctx;
++
+
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
++#ifndef FIPS_MODULE
+ if (pctx == NULL
+ || pctx->operation != EVP_PKEY_OP_VERIFYCTX
+ || pctx->op.sig.algctx == NULL
+ || pctx->op.sig.signature == NULL)
+ goto legacy;
++#endif /* !defined(FIPS_MODULE) */
+
++#ifndef FIPS_MODULE
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
+ /* try dup */
+ dctx = EVP_PKEY_CTX_dup(pctx);
+@@ -721,7 +755,13 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+ else
+ EVP_PKEY_CTX_free(dctx);
+ return r;
++#else
++ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
++ sig, siglen);
++ return r;
++#endif /* !defined(FIPS_MODULE) */
+
++#ifndef FIPS_MODULE
+ legacy:
+ if (pctx == NULL || pctx->pmeth == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+@@ -762,6 +802,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
if (vctx || !r)
return r;
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
@@ -137,16 +227,16 @@ index db1a1d7bc3..c94c3c53bd 100644
}
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
-@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+@@ -794,4 +835,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
return -1;
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
}
-#endif /* FIPS_MODULE */
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
-index b6d5e8e134..77eec075e6 100644
+index 4ea10670c0..5eb27c8ed2 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
-@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t,
+@@ -450,10 +450,13 @@ static int self_test_sign(const ST_KAT_SIGN *t,
int ret = 0;
OSSL_PARAM *params = NULL, *params_sig = NULL;
OSSL_PARAM_BLD *bld = NULL;
@@ -161,7 +251,7 @@ index b6d5e8e134..77eec075e6 100644
size_t siglen = sizeof(sig);
static const unsigned char dgst[] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
-@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
+@@ -487,23 +490,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
goto err;
@@ -202,7 +292,7 @@ index b6d5e8e134..77eec075e6 100644
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
goto err;
-@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
+@@ -513,14 +519,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
@@ -223,186 +313,5 @@ index b6d5e8e134..77eec075e6 100644
OSSL_PARAM_free(params_sig);
OSSL_PARAM_BLD_free(bld);
--
-2.37.1
+2.44.0
-diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c
---- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 11:44:18.761559765 +0100
-+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 11:51:18.297195401 +0100
-@@ -560,26 +560,33 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c
- return EVP_DigestUpdate(ctx, data, dsize);
- }
-
--#ifndef FIPS_MODULE
- int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
- size_t *siglen)
- {
-- int sctx = 0, r = 0;
-- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
-+ int r = 0;
-+#ifndef FIPS_MODULE
-+ int sctx = 0;
-+ EVP_PKEY_CTX *dctx = NULL;
-+#endif /* !defined(FIPS_MODULE) */
-+ EVP_PKEY_CTX *pctx = ctx->pctx;
-+
-
- if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
- ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
- return 0;
- }
-
-+#ifndef FIPS_MODULE
- if (pctx == NULL
- || pctx->operation != EVP_PKEY_OP_SIGNCTX
- || pctx->op.sig.algctx == NULL
- || pctx->op.sig.signature == NULL)
- goto legacy;
-+#endif /* !defined(FIPS_MODULE) */
-
- if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
- /* try dup */
-+#ifndef FIPS_MODULE
- dctx = EVP_PKEY_CTX_dup(pctx);
- if (dctx != NULL)
- pctx = dctx;
-@@ -591,8 +598,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
- ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
- else
- EVP_PKEY_CTX_free(dctx);
-+#endif /* !defined(FIPS_MODULE) */
- return r;
-
-+#ifndef FIPS_MODULE
- legacy:
- if (pctx == NULL || pctx->pmeth == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
-@@ -704,25 +713,32 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi
- int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
- size_t siglen)
- {
-- unsigned char md[EVP_MAX_MD_SIZE];
- int r = 0;
-+#ifndef FIPS_MODULE
-+ unsigned char md[EVP_MAX_MD_SIZE];
- unsigned int mdlen = 0;
- int vctx = 0;
-- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
-+ EVP_PKEY_CTX *dctx = NULL;
-+#endif /* !defined(FIPS_MODULE) */
-+ EVP_PKEY_CTX *pctx = ctx->pctx;
-+
-
- if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
- ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
- return 0;
- }
-
-+#ifndef FIPS_MODULE
- if (pctx == NULL
- || pctx->operation != EVP_PKEY_OP_VERIFYCTX
- || pctx->op.sig.algctx == NULL
- || pctx->op.sig.signature == NULL)
- goto legacy;
-+#endif /* !defined(FIPS_MODULE) */
-
- if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
- /* try dup */
-+#ifndef FIPS_MODULE
- dctx = EVP_PKEY_CTX_dup(pctx);
- if (dctx != NULL)
- pctx = dctx;
-@@ -733,8 +749,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
- ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
- else
- EVP_PKEY_CTX_free(dctx);
-+#endif /* !defined(FIPS_MODULE) */
- return r;
-
-+#ifndef FIPS_MODULE
- legacy:
- if (pctx == NULL || pctx->pmeth == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
-diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c
---- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 12:39:26.858137284 +0100
-+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 12:40:28.201680446 +0100
-@@ -736,9 +736,9 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
- goto legacy;
- #endif /* !defined(FIPS_MODULE) */
-
-+#ifndef FIPS_MODULE
- if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
- /* try dup */
--#ifndef FIPS_MODULE
- dctx = EVP_PKEY_CTX_dup(pctx);
- if (dctx != NULL)
- pctx = dctx;
-diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c
---- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 12:55:41.172653897 +0100
-+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 12:56:23.562017396 +0100
-@@ -584,9 +584,9 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
- goto legacy;
- #endif /* !defined(FIPS_MODULE) */
-
-+#ifndef FIPS_MODULE
- if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
- /* try dup */
--#ifndef FIPS_MODULE
- dctx = EVP_PKEY_CTX_dup(pctx);
- if (dctx != NULL)
- pctx = dctx;
-diff -up openssl-3.2.0/crypto/evp/m_sigver.c.fips-new openssl-3.2.0/crypto/evp/m_sigver.c
---- openssl-3.2.0/crypto/evp/m_sigver.c.fips-new 2024-01-30 23:50:10.115710238 +0100
-+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-31 00:04:31.448164500 +0100
-@@ -598,7 +598,11 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
- ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
- else
- EVP_PKEY_CTX_free(dctx);
-+ return r;
- #endif /* !defined(FIPS_MODULE) */
-+ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
-+ sigret, siglen,
-+ sigret == NULL ? 0 : *siglen);
- return r;
-
- #ifndef FIPS_MODULE
-@@ -749,7 +753,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
- ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
- else
- EVP_PKEY_CTX_free(dctx);
-+ return r;
- #endif /* !defined(FIPS_MODULE) */
-+ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
-+ sig, siglen);
- return r;
-
- #ifndef FIPS_MODULE
-diff -up openssl-3.2.0/crypto/evp/m_sigver.c.fix-ifdef openssl-3.2.0/crypto/evp/m_sigver.c
---- openssl-3.2.0/crypto/evp/m_sigver.c.fix-ifdef 2024-02-01 09:23:07.877696442 +0100
-+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-02-01 09:25:30.857169997 +0100
-@@ -599,11 +599,12 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
- else
- EVP_PKEY_CTX_free(dctx);
- return r;
--#endif /* !defined(FIPS_MODULE) */
-+#else
- r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
- sigret, siglen,
- sigret == NULL ? 0 : *siglen);
- return r;
-+#endif /* !defined(FIPS_MODULE) */
-
- #ifndef FIPS_MODULE
- legacy:
-@@ -754,10 +755,11 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
- else
- EVP_PKEY_CTX_free(dctx);
- return r;
--#endif /* !defined(FIPS_MODULE) */
-+#else
- r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
- sig, siglen);
- return r;
-+#endif /* !defined(FIPS_MODULE) */
-
- #ifndef FIPS_MODULE
- legacy:
diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch
index 42899c3..92495f8 100644
--- a/0076-FIPS-140-3-DRBG.patch
+++ b/0076-FIPS-140-3-DRBG.patch
@@ -1,27 +1,27 @@
-From 89c00cc67b9b34bc94f9dc3a9fce9374bbaade03 Mon Sep 17 00:00:00 2001
+From 0329eb6523363705946887d4f145dd77c741ae4a Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:29 +0200
-Subject: [PATCH 32/48] 0076-FIPS-140-3-DRBG.patch
+Date: Wed, 6 Mar 2024 19:17:16 +0100
+Subject: [PATCH 30/49] 0076-FIPS-140-3-DRBG.patch
Patch-name: 0076-FIPS-140-3-DRBG.patch
Patch-id: 76
Patch-status: |
- # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
- # https://bugzilla.redhat.com/show_bug.cgi?id=2102541
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+ # # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
+ # # https://bugzilla.redhat.com/show_bug.cgi?id=2102541
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/rand/prov_seed.c | 9 ++-
providers/implementations/rands/crngt.c | 6 +-
- providers/implementations/rands/drbg.c | 11 +++-
+ providers/implementations/rands/drbg.c | 11 ++-
providers/implementations/rands/drbg_local.h | 2 +-
- .../implementations/rands/seeding/rand_unix.c | 64 ++-----------------
- 5 files changed, 28 insertions(+), 64 deletions(-)
+ .../implementations/rands/seeding/rand_unix.c | 68 ++-----------------
+ 5 files changed, 28 insertions(+), 68 deletions(-)
diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
-index 96c499c957..61c4cd8779 100644
+index 2985c7f2d8..3202a28226 100644
--- a/crypto/rand/prov_seed.c
+++ b/crypto/rand/prov_seed.c
-@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle,
+@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_LIB_CTX *ctx,
size_t entropy_available;
RAND_POOL *pool;
@@ -55,10 +55,10 @@ index fa4a2db14a..1f13fc759e 100644
bytes_needed = min_len;
if (bytes_needed > max_len)
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
-index ea55363bf8..1b2410b3db 100644
+index 1586288692..e6de65a23d 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
-@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance,
+@@ -564,6 +564,9 @@ static int ossl_prov_drbg_reseed_unlocked(PROV_DRBG *drbg,
#endif
}
@@ -68,7 +68,7 @@ index ea55363bf8..1b2410b3db 100644
/* Reseed using our sources in addition */
entropylen = get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen, drbg->max_entropylen,
-@@ -662,8 +665,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
+@@ -685,8 +688,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
reseed_required = 1;
}
if (drbg->parent != NULL
@@ -85,7 +85,7 @@ index ea55363bf8..1b2410b3db 100644
if (reseed_required || prediction_resistance) {
if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL,
diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h
-index 3b5417b43b..d27c50950b 100644
+index 50f98a0b61..53d99c8c84 100644
--- a/providers/implementations/rands/drbg_local.h
+++ b/providers/implementations/rands/drbg_local.h
@@ -38,7 +38,7 @@
@@ -98,7 +98,7 @@ index 3b5417b43b..d27c50950b 100644
/*
* Maximum input size for the DRBG (entropy, nonce, personalization string)
diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
-index cd02a0236d..98c917b6d8 100644
+index 9a936d800d..61d720efa9 100644
--- a/providers/implementations/rands/seeding/rand_unix.c
+++ b/providers/implementations/rands/seeding/rand_unix.c
@@ -48,6 +48,8 @@
@@ -110,10 +110,7 @@ index cd02a0236d..98c917b6d8 100644
static uint64_t get_time_stamp(void);
-diff -up openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c.rand-patch openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c
---- openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c.rand-patch 2024-01-02 11:52:21.837712036 +0100
-+++ openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c 2024-01-02 11:54:40.576083169 +0100
-@@ -339,70 +339,8 @@ static ssize_t syscall_random(void *buf,
+@@ -339,70 +341,8 @@ static ssize_t syscall_random(void *buf, size_t buflen)
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check.
*/
@@ -186,3 +183,6 @@ diff -up openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c.rand-
}
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
+--
+2.44.0
+
diff --git a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
index f2bb087..3867e06 100644
--- a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
+++ b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
@@ -1,13 +1,13 @@
-From 2000eaead63732669283e6b54c8ef02e268eaeb8 Mon Sep 17 00:00:00 2001
+From c503fa302490f76f191af6259e4199572280298a Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:29 +0200
-Subject: [PATCH 34/48] 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
+Date: Wed, 6 Mar 2024 19:17:16 +0100
+Subject: [PATCH 32/49] 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
Patch-name: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
Patch-id: 78
Patch-status: |
- # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+ # # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
include/crypto/evp.h | 7 ++
include/openssl/kdf.h | 4 +
@@ -17,13 +17,14 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
providers/implementations/kdfs/sskdf.c | 100 +++++++++++++++++++++-
providers/implementations/kdfs/tls1_prf.c | 74 +++++++++++++++-
providers/implementations/kdfs/x942kdf.c | 66 +++++++++++++-
+ util/perl/OpenSSL/paramnames.pm | 1 +
9 files changed, 487 insertions(+), 22 deletions(-)
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
-index dbbdcccbda..aa07153441 100644
+index 34cea2f9f4..1e4895959b 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
-@@ -219,6 +219,13 @@ struct evp_mac_st {
+@@ -228,6 +228,13 @@ struct evp_mac_st {
OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
};
@@ -53,10 +54,10 @@ index 0983230a48..86171635ea 100644
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
-index 5304baa6c9..f9c77f4236 100644
+index 78425fbb42..0ff3433074 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
-@@ -43,6 +43,7 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params;
+@@ -44,6 +44,7 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params;
static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params;
static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params;
@@ -64,7 +65,7 @@ index 5304baa6c9..f9c77f4236 100644
static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive;
static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params;
-@@ -86,6 +87,10 @@ typedef struct {
+@@ -87,6 +88,10 @@ typedef struct {
size_t data_len;
unsigned char *info;
size_t info_len;
@@ -75,7 +76,7 @@ index 5304baa6c9..f9c77f4236 100644
} KDF_HKDF;
static void *kdf_hkdf_new(void *provctx)
-@@ -201,6 +206,11 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen,
+@@ -200,6 +205,11 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen,
return 0;
}
@@ -87,7 +88,7 @@ index 5304baa6c9..f9c77f4236 100644
switch (ctx->mode) {
case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
default:
-@@ -363,15 +373,78 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
+@@ -308,15 +318,78 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
KDF_HKDF *ctx = (KDF_HKDF *)vctx;
OSSL_PARAM *p;
@@ -100,10 +101,8 @@ index 5304baa6c9..f9c77f4236 100644
+ any_valid = 1;
+
+ if (sz == 0 || !OSSL_PARAM_set_size_t(p, sz))
- return 0;
-- return OSSL_PARAM_set_size_t(p, sz);
- }
-- return -2;
++ return 0;
++ }
+
+#ifdef FIPS_MODULE
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR))
@@ -158,8 +157,10 @@ index 5304baa6c9..f9c77f4236 100644
+ }
+ }
+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+ }
+ return 0;
+- return OSSL_PARAM_set_size_t(p, sz);
+ }
+- return -2;
+#endif /* defined(FIPS_MODULE) */
+
+ if (!any_valid)
@@ -169,7 +170,7 @@ index 5304baa6c9..f9c77f4236 100644
}
static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
-@@ -379,6 +452,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
+@@ -324,6 +397,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
@@ -179,7 +180,7 @@ index 5304baa6c9..f9c77f4236 100644
OSSL_PARAM_END
};
return known_gettable_ctx_params;
-@@ -709,6 +785,17 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx,
+@@ -654,6 +730,17 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx,
return ret;
}
@@ -197,7 +198,7 @@ index 5304baa6c9..f9c77f4236 100644
static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
{
-@@ -724,6 +811,11 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
+@@ -669,6 +756,11 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
return 0;
}
@@ -209,7 +210,7 @@ index 5304baa6c9..f9c77f4236 100644
switch (ctx->mode) {
default:
return 0;
-@@ -801,7 +893,7 @@ static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx,
+@@ -746,7 +838,7 @@ static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx,
}
const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = {
@@ -219,10 +220,10 @@ index 5304baa6c9..f9c77f4236 100644
{ OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free },
{ OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset },
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
-index aa3df15bc7..3f82710061 100644
+index e6855d5732..ebd9d648a6 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
-@@ -59,6 +59,9 @@ typedef struct {
+@@ -60,6 +60,9 @@ typedef struct {
kbkdf_mode mode;
EVP_MAC_CTX *ctx_init;
@@ -232,7 +233,7 @@ index aa3df15bc7..3f82710061 100644
/* Names are lowercased versions of those found in SP800-108. */
int r;
unsigned char *ki;
-@@ -72,6 +75,9 @@ typedef struct {
+@@ -73,6 +76,9 @@ typedef struct {
int use_l;
int is_kmac;
int use_separator;
@@ -242,7 +243,7 @@ index aa3df15bc7..3f82710061 100644
} KBKDF;
/* Definitions needed for typechecking. */
-@@ -143,6 +149,7 @@ static void kbkdf_reset(void *vctx)
+@@ -142,6 +148,7 @@ static void kbkdf_reset(void *vctx)
void *provctx = ctx->provctx;
EVP_MAC_CTX_free(ctx->ctx_init);
@@ -250,7 +251,7 @@ index aa3df15bc7..3f82710061 100644
OPENSSL_clear_free(ctx->context, ctx->context_len);
OPENSSL_clear_free(ctx->label, ctx->label_len);
OPENSSL_clear_free(ctx->ki, ctx->ki_len);
-@@ -308,6 +315,11 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
+@@ -307,6 +314,11 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
goto done;
}
@@ -262,7 +263,7 @@ index aa3df15bc7..3f82710061 100644
h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init);
if (h == 0)
goto done;
-@@ -381,6 +393,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+@@ -369,6 +381,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
}
}
@@ -272,7 +273,7 @@ index aa3df15bc7..3f82710061 100644
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE);
if (p != NULL
&& OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) {
-@@ -461,20 +476,77 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx,
+@@ -450,20 +465,77 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx,
static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
OSSL_PARAM *p;
@@ -356,7 +357,7 @@ index aa3df15bc7..3f82710061 100644
}
diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c
-index 1afac4e477..389b82b714 100644
+index 90986bc762..27cd7f8bdf 100644
--- a/providers/implementations/kdfs/sshkdf.c
+++ b/providers/implementations/kdfs/sshkdf.c
@@ -49,6 +49,9 @@ typedef struct {
@@ -369,7 +370,7 @@ index 1afac4e477..389b82b714 100644
} KDF_SSHKDF;
static void *kdf_sshkdf_new(void *provctx)
-@@ -151,6 +154,12 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen,
+@@ -149,6 +152,12 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen,
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE);
return 0;
}
@@ -382,7 +383,7 @@ index 1afac4e477..389b82b714 100644
return SSHKDF(md, ctx->key, ctx->key_len,
ctx->xcghash, ctx->xcghash_len,
ctx->session_id, ctx->session_id_len,
-@@ -219,10 +228,67 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx,
+@@ -217,10 +226,67 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx,
static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
OSSL_PARAM *p;
@@ -453,7 +454,7 @@ index 1afac4e477..389b82b714 100644
}
static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
-@@ -230,6 +296,9 @@ static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
+@@ -228,6 +294,9 @@ static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
@@ -464,10 +465,10 @@ index 1afac4e477..389b82b714 100644
};
return known_gettable_ctx_params;
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
-index ecb98de6fd..98fcc583d8 100644
+index db750a4f23..175fd30327 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
-@@ -63,6 +63,10 @@ typedef struct {
+@@ -64,6 +64,10 @@ typedef struct {
size_t salt_len;
size_t out_len; /* optional KMAC parameter */
int is_kmac;
@@ -478,7 +479,7 @@ index ecb98de6fd..98fcc583d8 100644
} KDF_SSKDF;
#define SSKDF_MAX_INLEN (1<<30)
-@@ -73,6 +77,7 @@ typedef struct {
+@@ -74,6 +78,7 @@ typedef struct {
static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 };
static OSSL_FUNC_kdf_newctx_fn sskdf_new;
@@ -503,7 +504,7 @@ index ecb98de6fd..98fcc583d8 100644
static void sskdf_reset(void *vctx)
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
-@@ -392,6 +407,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen,
+@@ -382,6 +397,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen,
}
md = ossl_prov_digest_md(&ctx->digest);
@@ -515,7 +516,7 @@ index ecb98de6fd..98fcc583d8 100644
if (ctx->macctx != NULL) {
/* H(x) = KMAC or H(x) = HMAC */
int ret;
-@@ -473,6 +493,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen,
+@@ -461,6 +481,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen,
return 0;
}
@@ -527,7 +528,7 @@ index ecb98de6fd..98fcc583d8 100644
return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
ctx->info, ctx->info_len, 1, key, keylen);
}
-@@ -545,10 +570,74 @@ static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
+@@ -537,10 +562,74 @@ static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
OSSL_PARAM *p;
@@ -605,7 +606,7 @@ index ecb98de6fd..98fcc583d8 100644
}
static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
-@@ -556,6 +645,9 @@ static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
+@@ -548,6 +637,9 @@ static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
@@ -615,7 +616,7 @@ index ecb98de6fd..98fcc583d8 100644
OSSL_PARAM_END
};
return known_gettable_ctx_params;
-@@ -577,7 +669,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = {
+@@ -569,7 +661,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = {
};
const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = {
@@ -625,7 +626,7 @@ index ecb98de6fd..98fcc583d8 100644
{ OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free },
{ OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset },
diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
-index 54124ad4cb..25a6c79a2e 100644
+index ff305579c3..e6f41020a4 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -104,6 +104,13 @@ typedef struct {
@@ -642,7 +643,7 @@ index 54124ad4cb..25a6c79a2e 100644
} TLS1_PRF;
static void *kdf_tls1_prf_new(void *provctx)
-@@ -140,6 +147,7 @@ static void kdf_tls1_prf_reset(void *vctx)
+@@ -137,6 +144,7 @@ static void kdf_tls1_prf_reset(void *vctx)
EVP_MAC_CTX_free(ctx->P_sha1);
OPENSSL_clear_free(ctx->sec, ctx->seclen);
OPENSSL_cleanse(ctx->seed, ctx->seedlen);
@@ -650,7 +651,7 @@ index 54124ad4cb..25a6c79a2e 100644
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
}
-@@ -194,6 +202,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
+@@ -191,6 +199,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
@@ -661,7 +662,7 @@ index 54124ad4cb..25a6c79a2e 100644
/*
* The seed buffer is prepended with a label.
-@@ -243,6 +255,9 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+@@ -240,6 +252,9 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
}
}
@@ -671,7 +672,7 @@ index 54124ad4cb..25a6c79a2e 100644
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) {
OPENSSL_clear_free(ctx->sec, ctx->seclen);
ctx->sec = NULL;
-@@ -284,10 +299,60 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params(
+@@ -281,10 +296,60 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params(
static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
OSSL_PARAM *p;
@@ -735,7 +736,7 @@ index 54124ad4cb..25a6c79a2e 100644
}
static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
-@@ -295,6 +360,9 @@ static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
+@@ -292,6 +357,9 @@ static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
@@ -746,7 +747,7 @@ index 54124ad4cb..25a6c79a2e 100644
};
return known_gettable_ctx_params;
diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c
-index 4c274fe27a..5ce23c8eb9 100644
+index 19b54493ef..77a6210184 100644
--- a/providers/implementations/kdfs/x942kdf.c
+++ b/providers/implementations/kdfs/x942kdf.c
@@ -13,11 +13,13 @@
@@ -773,7 +774,7 @@ index 4c274fe27a..5ce23c8eb9 100644
} KDF_X942;
/*
-@@ -497,6 +502,10 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen,
+@@ -495,6 +500,10 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen,
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING);
return 0;
}
@@ -784,7 +785,7 @@ index 4c274fe27a..5ce23c8eb9 100644
ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len,
der, der_len, ctr, key, keylen);
OPENSSL_free(der);
-@@ -600,10 +609,58 @@ static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
+@@ -598,10 +607,58 @@ static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
KDF_X942 *ctx = (KDF_X942 *)vctx;
OSSL_PARAM *p;
@@ -846,7 +847,7 @@ index 4c274fe27a..5ce23c8eb9 100644
}
static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
-@@ -611,6 +668,9 @@ static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
+@@ -609,6 +666,9 @@ static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
@@ -856,12 +857,10 @@ index 4c274fe27a..5ce23c8eb9 100644
OSSL_PARAM_END
};
return known_gettable_ctx_params;
---
-2.41.0
-
-diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.fips-indicators-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm
---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.fips-indicators-patch 2024-01-02 12:11:36.633033731 +0100
-+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:12:54.022901822 +0100
+diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
+index 70f7c50fe4..6618122417 100644
+--- a/util/perl/OpenSSL/paramnames.pm
++++ b/util/perl/OpenSSL/paramnames.pm
@@ -183,6 +183,7 @@ my %params = (
'KDF_PARAM_X942_SUPP_PUBINFO' => "supp-pubinfo",
'KDF_PARAM_X942_SUPP_PRIVINFO' => "supp-privinfo",
@@ -870,3 +869,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.fips-indicators-patch ope
'KDF_PARAM_HMACDRBG_ENTROPY' => "entropy",
'KDF_PARAM_HMACDRBG_NONCE' => "nonce",
'KDF_PARAM_THREADS' => "threads", # uint32_t
+--
+2.44.0
+
diff --git a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
index 68953fb..1a5ddb7 100644
--- a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
+++ b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
@@ -1,22 +1,27 @@
-From 8e388e194e665286a8996d7d5926bab5c1a6b4f9 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 15:46:40 +0200
-Subject: [PATCH 38/48]
+From a061dba4f6bb52b647aa8f411d32f0c8898a9cb2 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 35/49]
0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
Patch-name: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
Patch-id: 83
+Patch-status: |
+ # [PATCH 37/46]
+ # 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
include/crypto/evp.h | 7 +++++++
include/openssl/evp.h | 3 +++
providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
- 4 files changed, 28 insertions(+)
+ util/perl/OpenSSL/paramnames.pm | 13 +++++++------
+ 4 files changed, 34 insertions(+), 6 deletions(-)
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
-index aa07153441..a13127bd59 100644
+index 1e4895959b..5a2b324762 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
-@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
+@@ -206,6 +206,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
@@ -31,10 +36,10 @@ index aa07153441..a13127bd59 100644
OSSL_PROVIDER *prov;
int name_id;
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index 86f4e22c70..615857caf5 100644
+index ea7620d631..48d5886d1e 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
-@@ -1194,6 +1194,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
+@@ -1199,6 +1199,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
void *arg);
/* MAC stuff */
@@ -45,7 +50,7 @@ index 86f4e22c70..615857caf5 100644
EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
const char *properties);
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
-index 52ebb08b8f..cf5c3ecbe7 100644
+index a1f3c2db84..f65215f532 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -21,6 +21,8 @@
@@ -55,9 +60,9 @@ index 52ebb08b8f..cf5c3ecbe7 100644
+#include "crypto/evp.h"
+
#include "internal/ssl3_cbc.h"
-
+
#include "prov/implementations.h"
-@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
+@@ -235,6 +237,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
@@ -67,7 +72,7 @@ index 52ebb08b8f..cf5c3ecbe7 100644
OSSL_PARAM_END
};
static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
-@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
+@@ -256,6 +261,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
&& !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
return 0;
@@ -86,12 +91,10 @@ index 52ebb08b8f..cf5c3ecbe7 100644
return 1;
}
---
-2.41.0
-
-diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm
---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch 2024-01-02 12:18:16.909596613 +0100
-+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:20:18.465886160 +0100
+diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
+index 6618122417..8b2d430f17 100644
+--- a/util/perl/OpenSSL/paramnames.pm
++++ b/util/perl/OpenSSL/paramnames.pm
@@ -137,12 +137,13 @@ my %params = (
# If "engine",or "properties",are specified, they should always be paired
# with "cipher",or "digest".
@@ -112,3 +115,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch openssl-3.2.0/
# KDF / PRF parameters
'KDF_PARAM_SECRET' => "secret", # octet string
+--
+2.44.0
+
diff --git a/0088-signature-Add-indicator-for-PSS-salt-length.patch b/0088-signature-Add-indicator-for-PSS-salt-length.patch
index 9cef315..63dc019 100644
--- a/0088-signature-Add-indicator-for-PSS-salt-length.patch
+++ b/0088-signature-Add-indicator-for-PSS-salt-length.patch
@@ -1,20 +1,24 @@
-From 98ee6faef3da1439c04f11cd2796132d27d1e607 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 15:58:07 +0200
-Subject: [PATCH 41/48] 0088-signature-Add-indicator-for-PSS-salt-length.patch
+From 9134fadd6544be82f96e3d5ce9c1f489de6a1745 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 38/49] 0088-signature-Add-indicator-for-PSS-salt-length.patch
Patch-name: 0088-signature-Add-indicator-for-PSS-salt-length.patch
Patch-id: 88
+Patch-status: |
+ # 0088-signature-Add-indicator-for-PSS-salt-length.patch
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
include/openssl/evp.h | 4 ++++
- providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++++
- 3 files changed, 26 insertions(+)
+ providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++
+ util/perl/OpenSSL/paramnames.pm | 23 ++++++++++---------
+ 3 files changed, 37 insertions(+), 11 deletions(-)
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index 615857caf5..05f2d0f75a 100644
+index 48d5886d1e..e3fa4a8043 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
-@@ -799,6 +799,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+@@ -804,6 +804,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
@@ -26,10 +30,10 @@ index 615857caf5..05f2d0f75a 100644
EVP_PKEY *pkey);
__owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index cfaa4841cb..851671cfb1 100644
+index b0f32f0b57..1e56d673ee 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
-@@ -1173,6 +1173,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
+@@ -1169,6 +1169,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
}
}
@@ -54,7 +58,7 @@ index cfaa4841cb..851671cfb1 100644
return 1;
}
-@@ -1182,6 +1200,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
+@@ -1178,6 +1196,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
@@ -64,12 +68,10 @@ index cfaa4841cb..851671cfb1 100644
OSSL_PARAM_END
};
---
-2.41.0
-
-diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm
---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch 2024-01-02 12:23:57.106998142 +0100
-+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:26:29.687472015 +0100
+diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
+index 8b2d430f17..a109e44521 100644
+--- a/util/perl/OpenSSL/paramnames.pm
++++ b/util/perl/OpenSSL/paramnames.pm
@@ -377,17 +377,18 @@ my %params = (
'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm",
@@ -100,3 +102,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch openssl-3.2.0/
# Asym cipher parameters
'ASYM_CIPHER_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST',
+--
+2.44.0
+
diff --git a/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch b/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
index fcd53e6..9a65e22 100644
--- a/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
+++ b/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
@@ -1,22 +1,27 @@
-From 5db03a4d024f1e396ff54d38ac70d9890b034074 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 16:10:11 +0200
-Subject: [PATCH 45/48]
+From bfe2412d6d41c8d2299bf40e24f23d4abcfb68e9 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 41/49]
0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
Patch-name: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
Patch-id: 110
+Patch-status: |
+ # [PATCH 43/46]
+ # 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
include/openssl/evp.h | 4 +++
.../implementations/ciphers/ciphercommon.c | 4 +++
.../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++
- 4 files changed, 34 insertions(+)
+ util/perl/OpenSSL/paramnames.pm | 5 ++--
+ 4 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index 05f2d0f75a..f1a33ff6f2 100644
+index e3fa4a8043..dc42140932 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
-@@ -748,6 +748,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
+@@ -753,6 +753,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
@@ -28,10 +33,10 @@ index 05f2d0f75a..f1a33ff6f2 100644
const unsigned char *key, const unsigned char *iv);
__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
-index fa383165d8..716add7339 100644
+index db81af5401..ae66521827 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
-@@ -149,6 +149,10 @@ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
+@@ -152,6 +152,10 @@ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
@@ -43,10 +48,10 @@ index fa383165d8..716add7339 100644
};
const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
-index ed95c97ff4..db7910eb0e 100644
+index fe24b450a5..b39d8d562c 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
-@@ -224,6 +224,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
+@@ -238,6 +238,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
break;
}
}
@@ -78,12 +83,10 @@ index ed95c97ff4..db7910eb0e 100644
return 1;
}
---
-2.41.0
-
-diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm
---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch 2024-01-02 12:29:45.119433637 +0100
-+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:33:09.146723045 +0100
+diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
+index a109e44521..64e9809387 100644
+--- a/util/perl/OpenSSL/paramnames.pm
++++ b/util/perl/OpenSSL/paramnames.pm
@@ -101,8 +101,9 @@ my %params = (
'CIPHER_PARAM_SPEED' => "speed", # uint
'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string
@@ -96,3 +99,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch openssl-3.2.0
'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint
'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE' => "tls1multi_maxbufsz", # size_t
+--
+2.44.0
+
diff --git a/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch b/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
index 7a2e1f3..fd073bd 100644
--- a/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
+++ b/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
@@ -1,22 +1,25 @@
-From 136988155862ce2b45683ef8045e7a8cdd11e215 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 16:13:46 +0200
-Subject: [PATCH 47/48] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
+From 72a137b3f51ef8aeb2747bbc102ea5c98b6daa05 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 43/49] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
Patch-name: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
Patch-id: 113
+Patch-status: |
+ # 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
- include/openssl/core_names.h | 2 ++
include/openssl/evp.h | 4 +++
.../implementations/asymciphers/rsa_enc.c | 22 ++++++++++++++
providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++-
- 4 files changed, 57 insertions(+), 1 deletion(-)
+ util/perl/OpenSSL/paramnames.pm | 6 ++--
+ 4 files changed, 59 insertions(+), 3 deletions(-)
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index f1a33ff6f2..dadbf46a5a 100644
+index dc42140932..3a6345d71e 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
-@@ -1767,6 +1767,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
+@@ -1772,6 +1772,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
# endif
@@ -28,10 +31,10 @@ index f1a33ff6f2..dadbf46a5a 100644
const char *properties);
int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
-index d169bfd396..bd4dcb4e27 100644
+index f3443b0c66..b2c239c03b 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
-@@ -466,6 +466,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
+@@ -462,6 +462,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection))
return 0;
@@ -59,7 +62,7 @@ index d169bfd396..bd4dcb4e27 100644
return 1;
}
-@@ -480,6 +501,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
+@@ -475,6 +496,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
#ifdef FIPS_MODULE
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
@@ -68,7 +71,7 @@ index d169bfd396..bd4dcb4e27 100644
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
OSSL_PARAM_END
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
-index 8a6f585d0b..f4b7415074 100644
+index 0824c6bdd6..2e637bdf30 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -152,11 +152,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa,
@@ -112,12 +115,10 @@ index 8a6f585d0b..f4b7415074 100644
OSSL_PARAM_END
};
---
-2.41.0
-
-diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm
---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch 2024-01-02 12:49:04.598756268 +0100
-+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:53:16.466464414 +0100
+diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
+index 64e9809387..45ab0c8dc4 100644
+--- a/util/perl/OpenSSL/paramnames.pm
++++ b/util/perl/OpenSSL/paramnames.pm
@@ -406,6 +406,7 @@ my %params = (
'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version",
'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection",
@@ -138,3 +139,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch openssl-3.2.0/u
# Capabilities
+--
+2.44.0
+
diff --git a/0115-skip-quic-pairwise.patch b/0115-skip-quic-pairwise.patch
index 9a35acd..0d96f4d 100644
--- a/0115-skip-quic-pairwise.patch
+++ b/0115-skip-quic-pairwise.patch
@@ -1,50 +1,86 @@
-diff -up openssl-3.2.0/test/recipes/30-test_pairwise_fail.t.skip-test openssl-3.2.0/test/recipes/30-test_pairwise_fail.t
---- openssl-3.2.0/test/recipes/30-test_pairwise_fail.t.skip-test 2024-02-01 16:09:31.250757364 +0100
-+++ openssl-3.2.0/test/recipes/30-test_pairwise_fail.t 2024-02-01 16:09:43.243887179 +0100
-@@ -22,7 +22,7 @@ use lib bldtop_dir('.');
- plan skip_all => "These tests are unsupported in a non fips build"
- if disabled("fips");
+From ec8e4e25cc5e5c67313c5fd6af94fa248685c3d1 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <dbelyavs@redhat.com>
+Date: Thu, 7 Mar 2024 17:37:09 +0100
+Subject: [PATCH 45/49] 0115-skip-quic-pairwise.patch
+
+Patch-name: 0115-skip-quic-pairwise.patch
+Patch-id: 115
+Patch-status: |
+ # skip quic and pairwise tests temporarily
+---
+ test/quicapitest.c | 4 +++-
+ test/recipes/01-test_symbol_presence.t | 1 +
+ test/recipes/30-test_pairwise_fail.t | 10 ++++++++--
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/test/quicapitest.c b/test/quicapitest.c
+index 41cf0fc7a8..0fb7492700 100644
+--- a/test/quicapitest.c
++++ b/test/quicapitest.c
+@@ -2139,7 +2139,9 @@ int setup_tests(void)
+ ADD_TEST(test_cipher_find);
+ ADD_TEST(test_version);
+ #if defined(DO_SSL_TRACE_TEST)
+- ADD_TEST(test_ssl_trace);
++ if (is_fips == 0) {
++ ADD_TEST(test_ssl_trace);
++ }
+ #endif
+ ADD_TEST(test_quic_forbidden_apis_ctx);
+ ADD_TEST(test_quic_forbidden_apis);
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+index 222b1886ae..7e2f65cccb 100644
+--- a/test/recipes/01-test_symbol_presence.t
++++ b/test/recipes/01-test_symbol_presence.t
+@@ -185,6 +185,7 @@ foreach (sort keys %stlibname) {
+ }
+ }
+ my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;
++@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates;
+ if (@duplicates) {
+ note "Duplicates:";
+ note join('\n', @duplicates);
+diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t
+index c837d48fb4..6291c08c49 100644
+--- a/test/recipes/30-test_pairwise_fail.t
++++ b/test/recipes/30-test_pairwise_fail.t
+@@ -9,7 +9,7 @@
+ use strict;
+ use warnings;
--plan tests => 5;
-+plan skip_all => 5;
- my $provconf = srctop_file("test", "fips-and-base.cnf");
+-use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file);
++use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file with);
+ use OpenSSL::Test::Utils;
- run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]),
-diff -up openssl-3.2.0/test/recipes/75-test_quicapi.t.skip-test-quic openssl-3.2.0/test/recipes/75-test_quicapi.t
---- openssl-3.2.0/test/recipes/75-test_quicapi.t.skip-test-quic 2024-02-01 16:13:37.974733154 +0100
-+++ openssl-3.2.0/test/recipes/75-test_quicapi.t 2024-02-01 16:14:13.450183541 +0100
-@@ -25,7 +25,7 @@ plan skip_all => "QUIC protocol is not s
- plan skip_all => "These tests are not supported in a fuzz build"
- if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|enable-fuzz-afl/;
+ BEGIN {
+@@ -39,20 +39,26 @@ SKIP: {
+ SKIP: {
+ skip "Skip EC test because of no ec in this build", 2
+ if disabled("ec");
++ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
++ sub {
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "ec"])),
+ "fips provider ec keygen pairwise failure test");
++ });
--plan tests =>
-+plan skip_all =>
- ($no_fips ? 0 : 1) # quicapitest with fips
- + 1; # quicapitest with default provider
+ skip "FIPS provider version is too old", 1
+ if !$fips_exit;
++ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
++ sub {
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "eckat"])),
+ "fips provider ec keygen kat failure test");
++ });
+ }
-diff -up openssl-3.2.0/test/recipes/70-test_quic_record.t.disable-quic-record openssl-3.2.0/test/recipes/70-test_quic_record.t
---- openssl-3.2.0/test/recipes/70-test_quic_record.t.disable-quic-record 2024-02-06 13:25:09.081772272 +0100
-+++ openssl-3.2.0/test/recipes/70-test_quic_record.t 2024-02-06 13:25:47.469243950 +0100
-@@ -17,6 +17,6 @@ plan skip_all => "QUIC protocol is not s
- plan skip_all => "These tests are not supported in a fuzz build"
- if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|enable-fuzz-afl/;
-
--plan tests => 1;
-+plan skip_all => 1;
-
- ok(run(test(["quic_record_test"])));
-diff -up openssl-3.2.0/test/recipes/01-test_symbol_presence.t.skip-fail-686 openssl-3.2.0/test/recipes/01-test_symbol_presence.t
---- openssl-3.2.0/test/recipes/01-test_symbol_presence.t.skip-fail-686 2024-02-06 13:55:48.981028882 +0100
-+++ openssl-3.2.0/test/recipes/01-test_symbol_presence.t 2024-02-06 13:56:56.896819560 +0100
-@@ -53,8 +53,9 @@ my $testcount
- $testcount
- += (scalar keys %shlibpath) # Check for missing symbols in shared lib
- unless disabled('shared');
--
--plan tests => $testcount;
-+#Fix later, skipping this test as it fails in i686 due to duplicate
-+#symbol OPENSSL_ia32cap_P
-+plan skip_all => $testcount;
-
- ######################################################################
- # Collect symbols
+ SKIP: {
+ skip "Skip DSA tests because of no dsa in this build", 2
+- if disabled("dsa");
++ if 1; #if disabled("dsa");
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])),
+ "fips provider dsa keygen pairwise failure test");
+--
+2.44.0
+
diff --git a/0116-version-aliasing.patch b/0116-version-aliasing.patch
index 401252b..67d632d 100644
--- a/0116-version-aliasing.patch
+++ b/0116-version-aliasing.patch
@@ -1,37 +1,62 @@
-diff -up openssl-3.2.1/crypto/evp/digest.c.dup-patch openssl-3.2.1/crypto/evp/digest.c
---- openssl-3.2.1/crypto/evp/digest.c.dup-patch 2024-02-09 20:41:56.277567514 +0100
-+++ openssl-3.2.1/crypto/evp/digest.c 2024-02-09 20:42:59.317767764 +0100
-@@ -553,7 +554,10 @@ legacy:
+From a2673b5e2e95bcf54a1746bfd409cca688275e75 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 46/49] 0116-version-aliasing.patch
+
+Patch-name: 0116-version-aliasing.patch
+Patch-id: 116
+Patch-status: |
+ # Add version aliasing due to
+ # https://github.com/openssl/openssl/issues/23534
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/evp/digest.c | 7 ++++++-
+ crypto/evp/evp_enc.c | 7 ++++++-
+ test/recipes/01-test_symbol_presence.t | 1 +
+ util/libcrypto.num | 2 ++
+ 4 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
+index 42331703da..3a280acc0e 100644
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -553,7 +553,12 @@ legacy:
return ret;
}
-EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in)
+EVP_MD_CTX
++#if !defined(FIPS_MODULE)
+__attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"),
+ symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
++#endif
+*EVP_MD_CTX_dup(const EVP_MD_CTX *in)
{
EVP_MD_CTX *out = EVP_MD_CTX_new();
-diff -up openssl-3.2.1/crypto/evp/evp_enc.c.dup-patch openssl-3.2.1/crypto/evp/evp_enc.c
---- openssl-3.2.1/crypto/evp/evp_enc.c.dup-patch 2024-02-09 18:47:04.054258303 +0100
-+++ openssl-3.2.1/crypto/evp/evp_enc.c 2024-02-09 20:43:00.926772711 +0100
-@@ -1444,7 +1445,10 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_C
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index e9faf31057..5a29b8dbb7 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -1444,7 +1444,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
#endif /* FIPS_MODULE */
}
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
+EVP_CIPHER_CTX
++#if !defined(FIPS_MODULE)
+__attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"),
+ symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
++#endif
+*EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
{
EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new();
-diff -up openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch openssl-3.2.1/test/recipes/01-test_symbol_presence.t
---- openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch 2024-02-09 20:44:10.860756724 +0100
-+++ openssl-3.2.1/test/recipes/01-test_symbol_presence.t 2024-02-09 20:45:14.981136289 +0100
-@@ -132,6 +132,7 @@ foreach (sort keys %stlibname) {
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+index 7e2f65cccb..cc947d4821 100644
+--- a/test/recipes/01-test_symbol_presence.t
++++ b/test/recipes/01-test_symbol_presence.t
+@@ -131,6 +131,7 @@ foreach (sort keys %stlibname) {
s| .*||;
# Drop OpenSSL dynamic version information if there is any
s|\@\@.+$||;
@@ -39,10 +64,11 @@ diff -up openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch openssl-
# Return the result
$_
}
-diff -up openssl-3.2.1/util/libcrypto.num.dup-patch openssl-3.2.1/util/libcrypto.num
---- openssl-3.2.1/util/libcrypto.num.dup-patch 2024-02-09 18:16:43.006553105 +0100
-+++ openssl-3.2.1/util/libcrypto.num 2024-02-09 18:19:17.554159687 +0100
-@@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index 8046454025..068e9904e2 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key 5562 3_2_0 EXIST::FUNCTION:
OSSL_STACK_OF_X509_free 5563 3_2_0 EXIST::FUNCTION:
OSSL_trace_string 5564 3_2_0 EXIST::FUNCTION:
EVP_MD_CTX_dup 5565 3_2_0 EXIST::FUNCTION:
@@ -52,31 +78,6 @@ diff -up openssl-3.2.1/util/libcrypto.num.dup-patch openssl-3.2.1/util/libcrypto
BN_signed_bin2bn 5567 3_2_0 EXIST::FUNCTION:
BN_signed_bn2bin 5568 3_2_0 EXIST::FUNCTION:
BN_signed_lebin2bn 5569 3_2_0 EXIST::FUNCTION:
-diff -up openssl-3.2.1/crypto/evp/evp_enc.c.fips-dup openssl-3.2.1/crypto/evp/evp_enc.c
---- openssl-3.2.1/crypto/evp/evp_enc.c.fips-dup 2024-02-09 21:03:46.662261648 +0100
-+++ openssl-3.2.1/crypto/evp/evp_enc.c 2024-02-09 21:04:33.427691451 +0100
-@@ -1445,8 +1445,10 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_C
- }
-
- EVP_CIPHER_CTX
-+#if !defined(FIPS_MODULE)
- __attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"),
- symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
-+#endif
- *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
- {
- EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new();
-diff -up openssl-3.2.1/crypto/evp/digest.c.new-fips-dup openssl-3.2.1/crypto/evp/digest.c
---- openssl-3.2.1/crypto/evp/digest.c.new-fips-dup 2024-02-09 21:08:11.605474971 +0100
-+++ openssl-3.2.1/crypto/evp/digest.c 2024-02-09 21:08:47.095723742 +0100
-@@ -554,8 +554,10 @@ legacy:
- }
-
- EVP_MD_CTX
-+#if !defined(FIPS_MODULE)
- __attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"),
- symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
-+#endif
- *EVP_MD_CTX_dup(const EVP_MD_CTX *in)
- {
- EVP_MD_CTX *out = EVP_MD_CTX_new();
+--
+2.44.0
+
diff --git a/0117-ignore-unknown-sigalgorithms-groups.patch b/0117-ignore-unknown-sigalgorithms-groups.patch
new file mode 100644
index 0000000..3c52277
--- /dev/null
+++ b/0117-ignore-unknown-sigalgorithms-groups.patch
@@ -0,0 +1,318 @@
+From 242c746690dd1d0e500fa554c60536877d77776d Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Thu, 14 Dec 2023 17:08:56 +0100
+Subject: [PATCH 47/49] 0117-ignore-unknown-sigalgorithms-groups.patch
+
+Patch-name: 0117-ignore-unknown-sigalgorithms-groups.patch
+Patch-id: 117
+Patch-status: |
+ # https://github.com/openssl/openssl/issues/23050
+---
+ CHANGES.md | 13 +++++++
+ doc/man3/SSL_CTX_set1_curves.pod | 6 ++-
+ doc/man3/SSL_CTX_set1_sigalgs.pod | 11 +++++-
+ ssl/t1_lib.c | 56 +++++++++++++++++++++-------
+ test/sslapitest.c | 61 +++++++++++++++++++++++++++++++
+ 5 files changed, 132 insertions(+), 15 deletions(-)
+
+diff --git a/CHANGES.md b/CHANGES.md
+index ca29762ac2..4e21d0ddf9 100644
+--- a/CHANGES.md
++++ b/CHANGES.md
+@@ -27,6 +27,19 @@ OpenSSL 3.2
+
+ ### Changes between 3.2.0 and 3.2.1 [30 Jan 2024]
+
++ * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
++ config options and the respective calls to SSL[_CTX]_set1_sigalgs() and
++ SSL[_CTX]_set1_client_sigalgs() that start with `?` character are
++ ignored and the configuration will still be used.
++
++ Similarly unknown entries that start with `?` character in a TLS
++ Groups config option or set with SSL[_CTX]_set1_groups_list() are ignored
++ and the configuration will still be used.
++
++ In both cases if the resulting list is empty, an error is returned.
++
++ *Tomáš Mráz*
++
+ * A file in PKCS12 format can contain certificates and keys and may come from
+ an untrusted source. The PKCS12 specification allows certain fields to be
+ NULL, but OpenSSL did not correctly check for this case. A fix has been
+diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod
+index c26ef00306..f0566e148e 100644
+--- a/doc/man3/SSL_CTX_set1_curves.pod
++++ b/doc/man3/SSL_CTX_set1_curves.pod
+@@ -58,7 +58,8 @@ string B<list>. The string is a colon separated list of group names, for example
+ are B<P-256>, B<P-384>, B<P-521>, B<X25519>, B<X448>, B<brainpoolP256r1tls13>,
+ B<brainpoolP384r1tls13>, B<brainpoolP512r1tls13>, B<ffdhe2048>, B<ffdhe3072>,
+ B<ffdhe4096>, B<ffdhe6144> and B<ffdhe8192>. Support for other groups may be
+-added by external providers.
++added by external providers. If a group name is preceded with the C<?>
++character, it will be ignored if an implementation is missing.
+
+ SSL_set1_groups() and SSL_set1_groups_list() are similar except they set
+ supported groups for the SSL structure B<ssl>.
+@@ -142,6 +143,9 @@ The curve functions were added in OpenSSL 1.0.2. The equivalent group
+ functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group() function
+ was added in OpenSSL 3.0.0.
+
++Support for ignoring unknown groups in SSL_CTX_set1_groups_list() and
++SSL_set1_groups_list() was added in OpenSSL 3.3.
++
+ =head1 COPYRIGHT
+
+ Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
+diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod
+index eb31006346..5b7de7d956 100644
+--- a/doc/man3/SSL_CTX_set1_sigalgs.pod
++++ b/doc/man3/SSL_CTX_set1_sigalgs.pod
+@@ -33,7 +33,9 @@ signature algorithms for B<ctx> or B<ssl>. The B<str> parameter
+ must be a null terminated string consisting of a colon separated list of
+ elements, where each element is either a combination of a public key
+ algorithm and a digest separated by B<+>, or a TLS 1.3-style named
+-SignatureScheme such as rsa_pss_pss_sha256.
++SignatureScheme such as rsa_pss_pss_sha256. If a list entry is preceded
++with the C<?> character, it will be ignored if an implementation is missing.
++
+
+ SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(),
+ SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set
+@@ -106,6 +108,13 @@ using a string:
+ L<ssl(7)>, L<SSL_get_shared_sigalgs(3)>,
+ L<SSL_CONF_CTX_new(3)>
+
++=head1 HISTORY
++
++Support for ignoring unknown signature algorithms in
++SSL_CTX_set1_sigalgs_list(), SSL_set1_sigalgs_list(),
++SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list()
++was added in OpenSSL 3.3.
++
+ =head1 COPYRIGHT
+
+ Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 056aae3863..fe680449c5 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -1052,9 +1052,15 @@ static int gid_cb(const char *elem, int len, void *arg)
+ size_t i;
+ uint16_t gid = 0;
+ char etmp[GROUP_NAME_BUFFER_LENGTH];
++ int ignore_unknown = 0;
+
+ if (elem == NULL)
+ return 0;
++ if (elem[0] == '?') {
++ ignore_unknown = 1;
++ ++elem;
++ --len;
++ }
+ if (garg->gidcnt == garg->gidmax) {
+ uint16_t *tmp =
+ OPENSSL_realloc(garg->gid_arr, garg->gidmax + GROUPLIST_INCREMENT);
+@@ -1070,13 +1076,14 @@ static int gid_cb(const char *elem, int len, void *arg)
+
+ gid = tls1_group_name2id(garg->ctx, etmp);
+ if (gid == 0) {
+- ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
+- "group '%s' cannot be set", etmp);
+- return 0;
++ /* Unknown group - ignore, if ignore_unknown */
++ return ignore_unknown;
+ }
+ for (i = 0; i < garg->gidcnt; i++)
+- if (garg->gid_arr[i] == gid)
+- return 0;
++ if (garg->gid_arr[i] == gid) {
++ /* Duplicate group - ignore */
++ return 1;
++ }
+ garg->gid_arr[garg->gidcnt++] = gid;
+ return 1;
+ }
+@@ -1097,6 +1104,11 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
+ gcb.ctx = ctx;
+ if (!CONF_parse_list(str, ':', 1, gid_cb, &gcb))
+ goto end;
++ if (gcb.gidcnt == 0) {
++ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
++ "No valid groups in '%s'", str);
++ goto end;
++ }
+ if (pext == NULL) {
+ ret = 1;
+ goto end;
+@@ -2905,8 +2917,15 @@ static int sig_cb(const char *elem, int len, void *arg)
+ const SIGALG_LOOKUP *s;
+ char etmp[TLS_MAX_SIGSTRING_LEN], *p;
+ int sig_alg = NID_undef, hash_alg = NID_undef;
++ int ignore_unknown = 0;
++
+ if (elem == NULL)
+ return 0;
++ if (elem[0] == '?') {
++ ignore_unknown = 1;
++ ++elem;
++ --len;
++ }
+ if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT)
+ return 0;
+ if (len > (int)(sizeof(etmp) - 1))
+@@ -2931,8 +2950,10 @@ static int sig_cb(const char *elem, int len, void *arg)
+ break;
+ }
+ }
+- if (i == OSSL_NELEM(sigalg_lookup_tbl))
+- return 0;
++ if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
++ /* Ignore unknown algorithms if ignore_unknown */
++ return ignore_unknown;
++ }
+ } else {
+ *p = 0;
+ p++;
+@@ -2940,8 +2961,10 @@ static int sig_cb(const char *elem, int len, void *arg)
+ return 0;
+ get_sigorhash(&sig_alg, &hash_alg, etmp);
+ get_sigorhash(&sig_alg, &hash_alg, p);
+- if (sig_alg == NID_undef || hash_alg == NID_undef)
+- return 0;
++ if (sig_alg == NID_undef || hash_alg == NID_undef) {
++ /* Ignore unknown algorithms if ignore_unknown */
++ return ignore_unknown;
++ }
+ for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+ i++, s++) {
+ if (s->hash == hash_alg && s->sig == sig_alg) {
+@@ -2949,15 +2972,17 @@ static int sig_cb(const char *elem, int len, void *arg)
+ break;
+ }
+ }
+- if (i == OSSL_NELEM(sigalg_lookup_tbl))
+- return 0;
++ if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
++ /* Ignore unknown algorithms if ignore_unknown */
++ return ignore_unknown;
++ }
+ }
+
+- /* Reject duplicates */
++ /* Ignore duplicates */
+ for (i = 0; i < sarg->sigalgcnt - 1; i++) {
+ if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) {
+ sarg->sigalgcnt--;
+- return 0;
++ return 1;
+ }
+ }
+ return 1;
+@@ -2973,6 +2998,11 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
+ sig.sigalgcnt = 0;
+ if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
+ return 0;
++ if (sig.sigalgcnt == 0) {
++ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
++ "No valid signature algorithms in '%s'", str);
++ return 0;
++ }
+ if (c == NULL)
+ return 1;
+ return tls1_set_raw_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index 1c14f93ed1..184a0f1055 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -39,6 +39,7 @@
+ #include "testutil.h"
+ #include "testutil/output.h"
+ #include "internal/nelem.h"
++#include "internal/tlsgroups.h"
+ #include "internal/ktls.h"
+ #include "../ssl/ssl_local.h"
+ #include "../ssl/record/methods/recmethod_local.h"
+@@ -3147,6 +3148,7 @@ static const sigalgs_list testsigalgs[] = {
+ {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
+ # endif
+ {NULL, 0, "RSA+SHA256", 1, 1},
++ {NULL, 0, "RSA+SHA256:?Invalid", 1, 1},
+ # ifndef OPENSSL_NO_EC
+ {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
+ {NULL, 0, "ECDSA+SHA512", 1, 0},
+@@ -9276,6 +9278,64 @@ static int test_servername(int tst)
+ return testresult;
+ }
+
++static int test_unknown_sigalgs_groups(void)
++{
++ int ret = 0;
++ SSL_CTX *ctx = NULL;
++
++ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
++ goto end;
++
++ if (!TEST_int_gt(SSL_CTX_set1_sigalgs_list(ctx,
++ "RSA+SHA256:?nonexistent:?RSA+SHA512"),
++ 0))
++ goto end;
++ if (!TEST_size_t_eq(ctx->cert->conf_sigalgslen, 2)
++ || !TEST_int_eq(ctx->cert->conf_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256)
++ || !TEST_int_eq(ctx->cert->conf_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512))
++ goto end;
++
++ if (!TEST_int_gt(SSL_CTX_set1_client_sigalgs_list(ctx,
++ "RSA+SHA256:?nonexistent:?RSA+SHA512"),
++ 0))
++ goto end;
++ if (!TEST_size_t_eq(ctx->cert->client_sigalgslen, 2)
++ || !TEST_int_eq(ctx->cert->client_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256)
++ || !TEST_int_eq(ctx->cert->client_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512))
++ goto end;
++
++ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
++ "nonexistent"),
++ 0))
++ goto end;
++
++ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
++ "?nonexistent1:?nonexistent2:?nonexistent3"),
++ 0))
++ goto end;
++
++#ifndef OPENSSL_NO_EC
++ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
++ "P-256:nonexistent"),
++ 0))
++ goto end;
++
++ if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx,
++ "P-384:?nonexistent:?P-521"),
++ 0))
++ goto end;
++ if (!TEST_size_t_eq(ctx->ext.supportedgroups_len, 2)
++ || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp384r1)
++ || !TEST_int_eq(ctx->ext.supportedgroups[1], OSSL_TLS_GROUP_ID_secp521r1))
++ goto end;
++#endif
++
++ ret = 1;
++ end:
++ SSL_CTX_free(ctx);
++ return ret;
++}
++
+ #if !defined(OPENSSL_NO_EC) \
+ && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
+ /*
+@@ -11519,6 +11579,7 @@ int setup_tests(void)
+ ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
+ #endif
+ ADD_ALL_TESTS(test_servername, 10);
++ ADD_TEST(test_unknown_sigalgs_groups);
+ #if !defined(OPENSSL_NO_EC) \
+ && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
+ ADD_ALL_TESTS(test_sigalgs_available, 6);
+--
+2.44.0
+
diff --git a/0118-no-crl-memleak.patch b/0118-no-crl-memleak.patch
new file mode 100644
index 0000000..ee7e745
--- /dev/null
+++ b/0118-no-crl-memleak.patch
@@ -0,0 +1,80 @@
+From 105217c7d58c726f4e646177e0aaefb6115aad3e Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Tue, 27 Feb 2024 15:22:58 +0100
+Subject: [PATCH 48/49] 0118-no-crl-memleak.patch
+
+Patch-name: 0118-no-crl-memleak.patch
+Patch-id: 118
+Patch-status: |
+ # https://github.com/openssl/openssl/issues/23770
+---
+ crypto/x509/by_file.c | 2 ++
+ test/recipes/60-test_x509_load_cert_file.t | 3 ++-
+ test/x509_load_cert_file_test.c | 8 +++++++-
+ 3 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
+index 5073c137a2..85923804ac 100644
+--- a/crypto/x509/by_file.c
++++ b/crypto/x509/by_file.c
+@@ -198,6 +198,8 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+ goto err;
+ }
+ count++;
++ X509_CRL_free(x);
++ x = NULL;
+ }
+ } else if (type == X509_FILETYPE_ASN1) {
+ x = d2i_X509_CRL_bio(in, NULL);
+diff --git a/test/recipes/60-test_x509_load_cert_file.t b/test/recipes/60-test_x509_load_cert_file.t
+index 75aeac362c..e329d7675c 100644
+--- a/test/recipes/60-test_x509_load_cert_file.t
++++ b/test/recipes/60-test_x509_load_cert_file.t
+@@ -12,4 +12,5 @@ setup("test_load_cert_file");
+
+ plan tests => 1;
+
+-ok(run(test(["x509_load_cert_file_test", srctop_file("test", "certs", "leaf-chain.pem")])));
++ok(run(test(["x509_load_cert_file_test", srctop_file("test", "certs", "leaf-chain.pem"),
++ srctop_file("test", "certs", "cyrillic_crl.pem")])));
+diff --git a/test/x509_load_cert_file_test.c b/test/x509_load_cert_file_test.c
+index 4a736071ae..c07d329915 100644
+--- a/test/x509_load_cert_file_test.c
++++ b/test/x509_load_cert_file_test.c
+@@ -12,6 +12,7 @@
+ #include "testutil.h"
+
+ static const char *chain;
++static const char *crl;
+
+ static int test_load_cert_file(void)
+ {
+@@ -27,12 +28,15 @@ static int test_load_cert_file(void)
+ && TEST_int_eq(sk_X509_num(certs), 4))
+ ret = 1;
+
++ if (crl != NULL && !TEST_true(X509_load_crl_file(lookup, crl, X509_FILETYPE_PEM)))
++ ret = 0;
++
+ OSSL_STACK_OF_X509_free(certs);
+ X509_STORE_free(store);
+ return ret;
+ }
+
+-OPT_TEST_DECLARE_USAGE("cert.pem...\n")
++OPT_TEST_DECLARE_USAGE("cert.pem [crl.pem]\n")
+
+ int setup_tests(void)
+ {
+@@ -45,6 +49,8 @@ int setup_tests(void)
+ if (chain == NULL)
+ return 0;
+
++ crl = test_get_argument(1);
++
+ ADD_TEST(test_load_cert_file);
+ return 1;
+ }
+--
+2.44.0
+
diff --git a/0119-provider-sigalgs-in-signaturealgorithms-conf.patch b/0119-provider-sigalgs-in-signaturealgorithms-conf.patch
new file mode 100644
index 0000000..c363223
--- /dev/null
+++ b/0119-provider-sigalgs-in-signaturealgorithms-conf.patch
@@ -0,0 +1,170 @@
+From f5b48604779362c91a22080b6905413fbba28b74 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <dbelyavs@redhat.com>
+Date: Fri, 8 Mar 2024 11:18:12 +0100
+Subject: [PATCH 49/49] 0119-provider-sigalgs-in-signaturealgorithms-conf.patch
+
+Patch-name: 0119-provider-sigalgs-in-signaturealgorithms-conf.patch
+Patch-id: 119
+Patch-status: |
+ # https://github.com/openssl/openssl/issues/22779
+---
+ ssl/s3_lib.c | 8 ++++----
+ ssl/ssl_lib.c | 2 +-
+ ssl/ssl_local.h | 2 +-
+ ssl/t1_lib.c | 45 ++++++++++++++++++++++++++++++++++-----------
+ 4 files changed, 40 insertions(+), 17 deletions(-)
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index e8ec98c221..48a1aa0e61 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -3685,13 +3685,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+ return tls1_set_sigalgs(sc->cert, parg, larg, 0);
+
+ case SSL_CTRL_SET_SIGALGS_LIST:
+- return tls1_set_sigalgs_list(sc->cert, parg, 0);
++ return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
+
+ case SSL_CTRL_SET_CLIENT_SIGALGS:
+ return tls1_set_sigalgs(sc->cert, parg, larg, 1);
+
+ case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+- return tls1_set_sigalgs_list(sc->cert, parg, 1);
++ return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
+
+ case SSL_CTRL_GET_CLIENT_CERT_TYPES:
+ {
+@@ -3968,13 +3968,13 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+ return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
+
+ case SSL_CTRL_SET_SIGALGS_LIST:
+- return tls1_set_sigalgs_list(ctx->cert, parg, 0);
++ return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
+
+ case SSL_CTRL_SET_CLIENT_SIGALGS:
+ return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
+
+ case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+- return tls1_set_sigalgs_list(ctx->cert, parg, 1);
++ return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
+
+ case SSL_CTRL_SET_CLIENT_CERT_TYPES:
+ return ssl3_set_req_cert_type(ctx->cert, parg, larg);
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 1329841aaf..4d95ab71cd 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -3078,7 +3078,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+ return tls1_set_groups_list(ctx, NULL, NULL, parg);
+ case SSL_CTRL_SET_SIGALGS_LIST:
+ case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+- return tls1_set_sigalgs_list(NULL, parg, 0);
++ return tls1_set_sigalgs_list(ctx, NULL, parg, 0);
+ default:
+ return 0;
+ }
+diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
+index 0d3acfbe66..a73b2c4770 100644
+--- a/ssl/ssl_local.h
++++ b/ssl/ssl_local.h
+@@ -2796,7 +2796,7 @@ __owur int tls_use_ticket(SSL_CONNECTION *s);
+
+ void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op);
+
+-__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
++__owur int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client);
+ __owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
+ int client);
+ __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index fe680449c5..87f2ae7000 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -716,6 +716,7 @@ int ssl_load_sigalgs(SSL_CTX *ctx)
+
+ /* now populate ctx->ssl_cert_info */
+ if (ctx->sigalg_list_len > 0) {
++ OPENSSL_free(ctx->ssl_cert_info);
+ ctx->ssl_cert_info = OPENSSL_zalloc(sizeof(lu) * ctx->sigalg_list_len);
+ if (ctx->ssl_cert_info == NULL)
+ return 0;
+@@ -2889,6 +2890,7 @@ typedef struct {
+ size_t sigalgcnt;
+ /* TLSEXT_SIGALG_XXX values */
+ uint16_t sigalgs[TLS_MAX_SIGALGCNT];
++ SSL_CTX *ctx;
+ } sig_cb_st;
+
+ static void get_sigorhash(int *psig, int *phash, const char *str)
+@@ -2913,7 +2915,8 @@ static void get_sigorhash(int *psig, int *phash, const char *str)
+ static int sig_cb(const char *elem, int len, void *arg)
+ {
+ sig_cb_st *sarg = arg;
+- size_t i;
++ size_t i = 0;
++ int load_success = 0;
+ const SIGALG_LOOKUP *s;
+ char etmp[TLS_MAX_SIGSTRING_LEN], *p;
+ int sig_alg = NID_undef, hash_alg = NID_undef;
+@@ -2943,17 +2946,36 @@ static int sig_cb(const char *elem, int len, void *arg)
+ * in the table.
+ */
+ if (p == NULL) {
+- for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+- i++, s++) {
+- if (s->name != NULL && strcmp(etmp, s->name) == 0) {
+- sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
+- break;
+- }
++ /* Load provider sigalgs */
++ if (sarg->ctx) {
++ load_success = ssl_load_sigalgs(sarg->ctx);
+ }
+- if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
+- /* Ignore unknown algorithms if ignore_unknown */
+- return ignore_unknown;
++ if (load_success) {
++ /* Check if a provider supports the sigalg */
++ for (i = 0; i < sarg->ctx->sigalg_list_len; i++) {
++ if (sarg->ctx->sigalg_list[i].sigalg_name != NULL
++ && strcmp(etmp,
++ sarg->ctx->sigalg_list[i].sigalg_name) == 0) {
++ sarg->sigalgs[sarg->sigalgcnt++] =
++ sarg->ctx->sigalg_list[i].code_point;
++ break;
++ }
++ }
+ }
++ /* Check the built-in sigalgs */
++ if (!sarg->ctx || !load_success || i == sarg->ctx->sigalg_list_len) {
++ for (i = 0, s = sigalg_lookup_tbl;
++ i < OSSL_NELEM(sigalg_lookup_tbl); i++, s++) {
++ if (s->name != NULL && strcmp(etmp, s->name) == 0) {
++ sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
++ break;
++ }
++ }
++ if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
++ /* Ignore unknown algorithms if ignore_unknown */
++ return ignore_unknown;
++ }
++ }
+ } else {
+ *p = 0;
+ p++;
+@@ -2992,10 +3014,11 @@ static int sig_cb(const char *elem, int len, void *arg)
+ * Set supported signature algorithms based on a colon separated list of the
+ * form sig+hash e.g. RSA+SHA512:DSA+SHA512
+ */
+-int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
++int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client)
+ {
+ sig_cb_st sig;
+ sig.sigalgcnt = 0;
++ sig.ctx = ctx;
+ if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
+ return 0;
+ if (sig.sigalgcnt == 0) {
+--
+2.44.0
+
diff --git a/openssl.spec b/openssl.spec
index a70fa4b..69c44ed 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 3.2.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
Source: openssl-%{version}.tar.gz
Source2: Makefile.certificate
@@ -40,88 +40,88 @@ Source7: renew-dummy-cert
Source9: configuration-switch.h
Source10: configuration-prefix.h
Source14: 0025-for-tests.patch
-# # Patches exported from source git
-# # Aarch64 and ppc64le use lib64
+# Patches exported from source git
+# Aarch64 and ppc64le use lib64
Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
-# # Use more general default values in openssl.cnf
+# Use more general default values in openssl.cnf
Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch
-# # Do not install html docs
+# Do not install html docs
Patch3: 0003-Do-not-install-html-docs.patch
-# # Override default paths for the CA directory tree
+# Override default paths for the CA directory tree
Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch
-# # apps/ca: fix md option help text
+# apps/ca: fix md option help text
Patch5: 0005-apps-ca-fix-md-option-help-text.patch
-# # Disable signature verification with totally unsafe hash algorithms
+# Disable signature verification with totally unsafe hash algorithms
Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
-# # Add support for PROFILE=SYSTEM system default cipherlist
+# Add support for PROFILE=SYSTEM system default cipherlist
Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
-# # Add FIPS_mode() compatibility macro
+# Add FIPS_mode() compatibility macro
Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
-# # Add check to see if fips flag is enabled in kernel
+# Add check to see if fips flag is enabled in kernel
Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
-# # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
-# # that new modifications made to these files by upstream are not lost.
+# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
+# that new modifications made to these files by upstream are not lost.
Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch
-# # remove unsupported EC curves
+# remove unsupported EC curves
Patch11: 0011-Remove-EC-curves.patch
-# # Disable explicit EC curves
-# # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
+# Disable explicit EC curves
+# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
Patch12: 0012-Disable-explicit-ec.patch
-# # Skipped tests from former 0011-Remove-EC-curves.patch
+# Skipped tests from former 0011-Remove-EC-curves.patch
Patch13: 0013-skipped-tests-EC-curves.patch
-# # Instructions to load legacy provider in openssl.cnf
+# Instructions to load legacy provider in openssl.cnf
Patch24: 0024-load-legacy-prov.patch
-# # We load FIPS provider and set FIPS properties implicitly
+# We load FIPS provider and set FIPS properties implicitly
Patch32: 0032-Force-fips.patch
-# # Embed HMAC into the fips.so
+# Embed HMAC into the fips.so
# Modify fips self test as per
# https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a
Patch33: 0033-FIPS-embed-hmac.patch
-# # Comment out fipsinstall command-line utility
+# Comment out fipsinstall command-line utility
Patch34: 0034.fipsinstall_disable.patch
-# # Skip unavailable algorithms running `openssl speed`
+# Skip unavailable algorithms running `openssl speed`
Patch35: 0035-speed-skip-unavailable-dgst.patch
-# # Extra public/private key checks required by FIPS-140-3
+# Extra public/private key checks required by FIPS-140-3
Patch44: 0044-FIPS-140-3-keychecks.patch
-# # Minimize fips services
+# Minimize fips services
Patch45: 0045-FIPS-services-minimize.patch
-# # Execute KATS before HMAC verification
+# Execute KATS before HMAC verification
Patch47: 0047-FIPS-early-KATS.patch
-# # Selectively disallow SHA1 signatures rhbz#2070977
+# Selectively disallow SHA1 signatures rhbz#2070977
Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
-# # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
+# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
-# # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
+# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
-# # https://bugzilla.redhat.com/show_bug.cgi?id=2087147
+# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
# 0062-fips-Expose-a-FIPS-indicator.patch
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
-# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
+# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
-# [PATCH 29/46]
-# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
+# [PATCH 29/46]
+# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
-# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
+# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch
-# # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
-# # https://bugzilla.redhat.com/show_bug.cgi?id=2102541
+# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
+# https://bugzilla.redhat.com/show_bug.cgi?id=2102541
Patch76: 0076-FIPS-140-3-DRBG.patch
-# # https://bugzilla.redhat.com/show_bug.cgi?id=2102542
+# https://bugzilla.redhat.com/show_bug.cgi?id=2102542
Patch77: 0077-FIPS-140-3-zeroization.patch
-# # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
+# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
-# # We believe that some changes present in CentOS are not necessary
-# # because ustream has a check for FIPS version
+# We believe that some changes present in CentOS are not necessary
+# because ustream has a check for FIPS version
Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
-# [PATCH 36/46]
-# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
+# [PATCH 36/46]
+# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
-# [PATCH 37/46]
-# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
+# [PATCH 37/46]
+# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
-# [PATCH 38/46]
-# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
+# [PATCH 38/46]
+# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
# 0085-FIPS-RSA-disable-shake.patch
Patch85: 0085-FIPS-RSA-disable-shake.patch
@@ -129,25 +129,31 @@ Patch85: 0085-FIPS-RSA-disable-shake.patch
Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
# 0091-FIPS-RSA-encapsulate.patch
Patch91: 0091-FIPS-RSA-encapsulate.patch
-# [PATCH 42/46]
-# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
+# [PATCH 42/46]
+# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
Patch93: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
-# [PATCH 43/46]
-# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
+# [PATCH 43/46]
+# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
-# [PATCH 44/46]
-# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
+# [PATCH 44/46]
+# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
# 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
-# # We believe that some changes present in CentOS are not necessary
-# # because ustream has a check for FIPS version
+# We believe that some changes present in CentOS are not necessary
+# because ustream has a check for FIPS version
Patch114: 0114-FIPS-enforce-EMS-support.patch
# skip quic and pairwise tests temporarily
Patch115: 0115-skip-quic-pairwise.patch
# Add version aliasing due to
# https://github.com/openssl/openssl/issues/23534
Patch116: 0116-version-aliasing.patch
+# https://github.com/openssl/openssl/issues/23050
+Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch
+# https://github.com/openssl/openssl/issues/23770
+Patch118: 0118-no-crl-memleak.patch
+# https://github.com/openssl/openssl/issues/22779
+Patch119: 0119-provider-sigalgs-in-signaturealgorithms-conf.patch
License: Apache-2.0
URL: http://www.openssl.org/
@@ -483,6 +489,11 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs
%changelog
+* Thu Mar 07 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-3
+- Minimize skipping tests
+- Allow ignoring unknown signature algorithms and groups (upstream #23050)
+- Allow specifying provider algorithms in SignatureAlgorithms (upstream #22779)
+
* Fri Feb 09 2024 Sahana Prasad <sahana@redhat.com> - 1:3.2.1-2
- Fix version aliasing issue
- https://github.com/openssl/openssl/issues/23534
reply other threads:[~2026-06-09 12:45 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100911715.1.1041977368640779769.rpms-openssl-b85bfec02173@fedoraproject.org \
--to=dbelyavs@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox