public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] f43: Rebase to OpenSSL 3.5.7
@ 2026-06-10 13:39 Dmitry Belyavskiy
0 siblings, 0 replies; only message in thread
From: Dmitry Belyavskiy @ 2026-06-10 13:39 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : f43
Commit : dc0a86d6e6389efd8e16e6ab49b9f615b6ac0c83
Author : Dmitry Belyavskiy <dbelyavs@redhat.com>
Date : 2026-06-10T15:39:07+02:00
Stats : +1339/-6152 in 84 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/dc0a86d6e6389efd8e16e6ab49b9f615b6ac0c83?branch=f43
Log:
Rebase to OpenSSL 3.5.7
Resolves: CVE-2026-45447
Resolves: CVE-2026-34182
Resolves: CVE-2026-34183
Resolves: CVE-2026-42764
Resolves: CVE-2026-45445
Resolves: CVE-2026-7383
Resolves: CVE-2026-9076
Resolves: CVE-2026-34180
Resolves: CVE-2026-34181
Resolves: CVE-2026-42766
Resolves: CVE-2026-42767
Resolves: CVE-2026-42768
Resolves: CVE-2026-42769
Resolves: CVE-2026-42770
Resolves: CVE-2026-45446
---
diff --git a/.gitignore b/.gitignore
index c813a35..7dccd1e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -68,3 +68,5 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-3.5.0.tar.gz
/openssl-3.5.1.tar.gz
/openssl-3.5.4.tar.gz
+/openssl-3.5.5.tar.gz
+/openssl-3.5.7.tar.gz
diff --git a/0001-RH-Aarch64-and-ppc64le-use-lib64.patch b/0001-RH-Aarch64-and-ppc64le-use-lib64.patch
index 8bba2ec..e7da73a 100644
--- a/0001-RH-Aarch64-and-ppc64le-use-lib64.patch
+++ b/0001-RH-Aarch64-and-ppc64le-use-lib64.patch
@@ -1,7 +1,7 @@
-From 0e03058e3d0a540a330bb42ee8f6dca5604841f9 Mon Sep 17 00:00:00 2001
+From ad6ba90718f814f1db71e86a4156098eb2bbeef5 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 01/59] RH: Aarch64 and ppc64le use lib64
+Subject: [PATCH 01/57] RH: Aarch64 and ppc64le use lib64
Patch-name: 0001-Aarch64-and-ppc64le-use-lib64.patch
Patch-id: 1
@@ -34,5 +34,5 @@ index cba57b4127..3e327017ef 100644
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32" ],
--
-2.51.0
+2.52.0
diff --git a/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
index d925b68..bcbc939 100644
--- a/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
+++ b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
@@ -1,7 +1,7 @@
-From 9d127bab38d30e2d3ebafc39c3dd874ae55c72de Mon Sep 17 00:00:00 2001
+From a10a60403c197128ea6d8076b5111c64594a5026 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 6 Mar 2025 08:40:29 -0500
-Subject: [PATCH 02/59] Add a separate config file to use for rpm installs
+Subject: [PATCH 02/57] Add a separate config file to use for rpm installs
In RHEL/Fedora systems we want to use a slightly different set
of defaults, but we do not want to change the standard config file
@@ -452,5 +452,5 @@ index 0000000000..fe2346eb2b
+cmd = rr
+oldcert = $insta::certout # insta.cert.pem
--
-2.51.0
+2.52.0
diff --git a/0003-RH-Do-not-install-html-docs.patch b/0003-RH-Do-not-install-html-docs.patch
index 72afe71..5f6117d 100644
--- a/0003-RH-Do-not-install-html-docs.patch
+++ b/0003-RH-Do-not-install-html-docs.patch
@@ -1,7 +1,7 @@
-From 2530f17f6a5fe3733beda49954c5c78f423569d5 Mon Sep 17 00:00:00 2001
+From 44f15e373a78a1fb01edf15e7530cea4c8a1b79b Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 03/59] RH: Do not install html docs
+Subject: [PATCH 03/57] RH: Do not install html docs
Patch-name: 0003-Do-not-install-html-docs.patch
Patch-id: 3
@@ -13,7 +13,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 81f49926ce..516f8d62dc 100644
+index 78be4a3199..962d1330bb 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -669,7 +669,7 @@ install_sw: install_dev install_engines install_modules install_runtime ## Insta
@@ -26,5 +26,5 @@ index 81f49926ce..516f8d62dc 100644
uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and HTML documentation
$(RM) -r "$(DESTDIR)$(DOCDIR)"
--
-2.51.0
+2.52.0
diff --git a/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch b/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch
index f33e200..951849d 100644
--- a/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch
+++ b/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch
@@ -1,7 +1,7 @@
-From f2fcdc5171f0b3b0b94fe8b78b6282be078a4e81 Mon Sep 17 00:00:00 2001
+From 3e60b46747eae0aec3171f13da6be706bcac6b48 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 04/59] RH: apps ca fix md option help text.patch - DROP?
+Subject: [PATCH 04/57] RH: apps ca fix md option help text.patch - DROP?
Patch-name: 0005-apps-ca-fix-md-option-help-text.patch
Patch-id: 5
@@ -13,18 +13,18 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/ca.c b/apps/ca.c
-index 6d1d1c0a6e..a7553ba609 100644
+index 02b00c7c03..7f77e069ab 100644
--- a/apps/ca.c
+++ b/apps/ca.c
-@@ -216,7 +216,7 @@ const OPTIONS ca_options[] = {
- {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
+@@ -261,7 +261,7 @@ const OPTIONS ca_options[] = {
+ { "noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN" },
OPT_SECTION("Signing"),
-- {"md", OPT_MD, 's', "Digest to use, such as sha256"},
-+ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"},
- {"keyfile", OPT_KEYFILE, 's', "The CA private key"},
- {"keyform", OPT_KEYFORM, 'f',
- "Private key file format (ENGINE, other values ignored)"},
+- { "md", OPT_MD, 's', "Digest to use, such as sha256" },
++ { "md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list" },
+ { "keyfile", OPT_KEYFILE, 's', "The CA private key" },
+ { "keyform", OPT_KEYFORM, 'f',
+ "Private key file format (ENGINE, other values ignored)" },
--
-2.51.0
+2.52.0
diff --git a/0005-RH-Disable-signature-verification-with-bad-digests-R.patch b/0005-RH-Disable-signature-verification-with-bad-digests-R.patch
index df06d23..d3d81a9 100644
--- a/0005-RH-Disable-signature-verification-with-bad-digests-R.patch
+++ b/0005-RH-Disable-signature-verification-with-bad-digests-R.patch
@@ -1,7 +1,7 @@
-From c9f17bc73a099735c6e80dd67c93f23175771cb4 Mon Sep 17 00:00:00 2001
+From 04f1fc282cd5f5e7a9fbf2d82a62a9810d2e4acc Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 05/59] RH: Disable signature verification with bad digests -
+Subject: [PATCH 05/57] RH: Disable signature verification with bad digests -
REVIEW
Patch-name: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
@@ -14,10 +14,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
1 file changed, 5 insertions(+)
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
-index f6cac80962..fbc6ce6e30 100644
+index 55f86ee83f..95483afc00 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
-@@ -151,6 +151,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
+@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
if (ret <= 1)
goto err;
@@ -30,5 +30,5 @@ index f6cac80962..fbc6ce6e30 100644
const EVP_MD *type = NULL;
--
-2.51.0
+2.52.0
diff --git a/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch b/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch
index cf3d6c0..8d7cae7 100644
--- a/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch
+++ b/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch
@@ -1,7 +1,7 @@
-From 61afaf0de1f2c4cd2773f61f3c665e84e1925460 Mon Sep 17 00:00:00 2001
+From ced223dc078708514c65b1903c783062ec568bb7 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 06/59] RH: Add support for PROFILE SYSTEM system default
+Subject: [PATCH 06/57] RH: Add support for PROFILE SYSTEM system default
cipher
Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@@ -14,13 +14,13 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
Configure | 11 +++-
doc/man1/openssl-ciphers.pod.in | 9 ++++
include/openssl/ssl.h.in | 5 ++
- ssl/ssl_ciph.c | 83 +++++++++++++++++++++++++++----
+ ssl/ssl_ciph.c | 85 ++++++++++++++++++++++++++-----
ssl/ssl_lib.c | 4 +-
test/cipherlist_test.c | 2 +
- 7 files changed, 105 insertions(+), 14 deletions(-)
+ 7 files changed, 106 insertions(+), 15 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 516f8d62dc..74139ec228 100644
+index 962d1330bb..1920d38655 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -355,6 +355,10 @@ MANDIR=$(INSTALLTOP)/share/man
@@ -106,10 +106,10 @@ index 69195bcdcb..a6e0ede570 100644
"High" encryption cipher suites. This currently means those with key lengths
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index 383c5bc411..d1b00e8454 100644
+index bdcc68529b..82410670f4 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
-@@ -209,6 +209,11 @@ extern "C" {
+@@ -211,6 +211,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
*/
@@ -120,9 +120,9 @@ index 383c5bc411..d1b00e8454 100644
+# endif
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
- # define SSL_SENT_SHUTDOWN 1
+ #define SSL_SENT_SHUTDOWN 1
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 6127cb7a4b..19420d6c6a 100644
+index 7dccec6260..15be7e8067 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -9,6 +9,7 @@
@@ -133,7 +133,7 @@ index 6127cb7a4b..19420d6c6a 100644
#include <stdio.h>
#include <ctype.h>
#include <openssl/objects.h>
-@@ -1421,6 +1422,49 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
+@@ -1404,6 +1405,49 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
return ret;
}
@@ -181,9 +181,9 @@ index 6127cb7a4b..19420d6c6a 100644
+#endif
+
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
- STACK_OF(SSL_CIPHER) **cipher_list,
-@@ -1435,15 +1479,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+ STACK_OF(SSL_CIPHER) **cipher_list,
+@@ -1418,15 +1462,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
const SSL_METHOD *ssl_method = ctx->method;
@@ -211,16 +211,16 @@ index 6127cb7a4b..19420d6c6a 100644
/*
* To reduce the work to do we only want to process the compiled
-@@ -1465,7 +1519,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1448,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
if (num_of_ciphers > 0) {
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL)
-- return NULL; /* Failure */
+- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-@@ -1531,8 +1585,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1514,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* in force within each class
*/
if (!ssl_cipher_strength_sort(&head, &tail)) {
@@ -230,27 +230,29 @@ index 6127cb7a4b..19420d6c6a 100644
}
/*
-@@ -1576,8 +1629,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1559,8 +1612,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
- OPENSSL_free(co_list);
-- return NULL; /* Failure */
+- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
- disabled_mkey, disabled_auth, disabled_enc,
-@@ -1603,8 +1655,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- OPENSSL_free(ca_list); /* Not needed anymore */
+ disabled_mkey, disabled_auth, disabled_enc,
+@@ -1585,9 +1637,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- if (!ok) { /* Rule processing failure */
+ OPENSSL_free(ca_list); /* Not needed anymore */
+
+- if (!ok) { /* Rule processing failure */
- OPENSSL_free(co_list);
- return NULL;
++ if (!ok) { /* Rule processing failure */
+ goto err;
}
/*
-@@ -1612,10 +1663,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1595,10 +1646,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@@ -266,7 +268,7 @@ index 6127cb7a4b..19420d6c6a 100644
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
-@@ -1667,6 +1721,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+@@ -1653,6 +1707,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
*cipher_list = cipherstack;
return cipherstack;
@@ -281,32 +283,32 @@ index 6127cb7a4b..19420d6c6a 100644
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 9696a4c55f..4bd3318407 100644
+index ac77faa677..677b05ba64 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
-@@ -686,7 +686,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
- ctx->tls13_ciphersuites,
- &(ctx->cipher_list),
- &(ctx->cipher_list_by_id),
-- OSSL_default_cipher_list(), ctx->cert);
-+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
+@@ -678,7 +678,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+ ctx->tls13_ciphersuites,
+ &(ctx->cipher_list),
+ &(ctx->cipher_list_by_id),
+- OSSL_default_cipher_list(), ctx->cert);
++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
-@@ -4136,7 +4136,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
+@@ -4102,7 +4102,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
if (!ssl_create_cipher_list(ret,
- ret->tls13_ciphersuites,
- &ret->cipher_list, &ret->cipher_list_by_id,
-- OSSL_default_cipher_list(), ret->cert)
-+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
+ ret->tls13_ciphersuites,
+ &ret->cipher_list, &ret->cipher_list_by_id,
+- OSSL_default_cipher_list(), ret->cert)
++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err;
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
-index c46e431b00..19d05e860b 100644
+index 9874e6bad6..76b6befbad 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
-@@ -261,7 +261,9 @@ end:
+@@ -260,7 +260,9 @@ end:
int setup_tests(void)
{
@@ -315,7 +317,7 @@ index c46e431b00..19d05e860b 100644
+#endif
ADD_TEST(test_default_cipherlist_explicit);
ADD_TEST(test_default_cipherlist_clear);
- ADD_TEST(test_stdname_cipherlist);
+ #ifndef OPENSSL_NO_TLS1_3
--
-2.51.0
+2.52.0
diff --git a/0007-RH-Add-FIPS_mode-compatibility-macro.patch b/0007-RH-Add-FIPS_mode-compatibility-macro.patch
index 105fc0d..e84a405 100644
--- a/0007-RH-Add-FIPS_mode-compatibility-macro.patch
+++ b/0007-RH-Add-FIPS_mode-compatibility-macro.patch
@@ -1,7 +1,7 @@
-From fb2c952f82064d747dbecb6ce66365ae4cc03513 Mon Sep 17 00:00:00 2001
+From 60f55f072544cb998c42da41ee33ced2b4428b9f Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 07/59] RH: Add FIPS_mode compatibility macro
+Subject: [PATCH 07/57] RH: Add FIPS_mode compatibility macro
Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
Patch-id: 8
@@ -47,10 +47,10 @@ index 0000000000..4162cbf88e
+# endif
+#endif
diff --git a/test/property_test.c b/test/property_test.c
-index e62ff247c4..37489e4694 100644
+index d470731e50..0b044ec853 100644
--- a/test/property_test.c
+++ b/test/property_test.c
-@@ -703,6 +703,19 @@ static int test_property_list_to_string_bounds(void)
+@@ -703,6 +703,19 @@ err:
return ret;
}
@@ -79,5 +79,5 @@ index e62ff247c4..37489e4694 100644
ADD_TEST(test_property_list_to_string_bounds);
return 1;
--
-2.51.0
+2.52.0
diff --git a/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch b/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
index cefd4f0..5a406c3 100644
--- a/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
+++ b/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
@@ -1,7 +1,7 @@
-From 8d7abff29035508b6208b4742bfaaed42f78ac43 Mon Sep 17 00:00:00 2001
+From 5aa108caf01f482d35aba7acae6b5a8fa1577410 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 08/59] RH: Add Kernel FIPS mode flag support - FIXSTYLE
+Subject: [PATCH 08/57] RH: Add Kernel FIPS mode flag support - FIXSTYLE
Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch
Patch-id: 9
@@ -10,11 +10,11 @@ Patch-status: |
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/context.c | 35 +++++++++++++++++++++++++++++++++++
- include/internal/provider.h | 3 +++
- 2 files changed, 38 insertions(+)
+ include/internal/provider.h | 5 ++++-
+ 2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/crypto/context.c b/crypto/context.c
-index f15bc3d755..614c8a2c88 100644
+index 1ae88e42aa..62e60f3620 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -7,6 +7,7 @@
@@ -64,7 +64,7 @@ index f15bc3d755..614c8a2c88 100644
struct ossl_lib_ctx_st {
CRYPTO_RWLOCK *lock;
OSSL_EX_DATA_GLOBAL global;
-@@ -393,6 +426,8 @@ static int default_context_inited = 0;
+@@ -391,6 +424,8 @@ static int default_context_inited = 0;
DEFINE_RUN_ONCE_STATIC(default_context_do_init)
{
@@ -74,19 +74,21 @@ index f15bc3d755..614c8a2c88 100644
goto err;
diff --git a/include/internal/provider.h b/include/internal/provider.h
-index 7d94346155..c0f1d00da9 100644
+index 1b4050a81f..eb7f409af0 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
-@@ -114,6 +114,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
- const OSSL_DISPATCH *in);
+@@ -114,7 +114,10 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
+ const OSSL_DISPATCH *in);
void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
+-#ifdef __cplusplus
+/* FIPS flag access */
+int ossl_get_kernel_fips_flag(void);
+
- # ifdef __cplusplus
++# ifdef __cplusplus
}
- # endif
+ #endif
+
--
-2.51.0
+2.52.0
diff --git a/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch b/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
index c28b18a..9e988c8 100644
--- a/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
+++ b/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
@@ -1,7 +1,7 @@
-From 5151c5a45d130075860256989b1f69694f840554 Mon Sep 17 00:00:00 2001
+From 8f48c77eb1c8f3e59d4d80041893a1dbf3e1a257 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 09/59] RH: Drop weak curve definitions - RENAMED/SQUASHED
+Subject: [PATCH 09/57] RH: Drop weak curve definitions - RENAMED/SQUASHED
Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch
Patch-id: 10
@@ -17,61 +17,61 @@ Patch-status: |
# # remove unsupported EC curves
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
- apps/speed.c | 8 +-
- crypto/ec/ec_curve.c | 844 ------------------
+ apps/speed.c | 8 -
+ crypto/ec/ec_curve.c | 769 ------------------
crypto/evp/ec_support.c | 87 --
test/acvp_test.inc | 9 -
test/ecdsatest.h | 17 -
- test/ectest.c | 174 +---
+ test/ectest.c | 175 +---
test/recipes/15-test_genec.t | 27 -
test/recipes/30-test_evp_data/evppkey_ecc.txt | 1 +
- 8 files changed, 10 insertions(+), 1157 deletions(-)
+ 8 files changed, 10 insertions(+), 1083 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
-index 6c1eb59e91..3307a9cb46 100644
+index a8d7cb14f5..13c8505ed9 100644
--- a/apps/speed.c
+++ b/apps/speed.c
-@@ -405,7 +405,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
+@@ -458,8 +458,6 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
#endif /* OPENSSL_NO_DH */
enum ec_curves_t {
-- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
-+ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
- #ifndef OPENSSL_NO_EC2M
- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
-@@ -415,8 +415,6 @@ enum ec_curves_t {
+- R_EC_P160,
+- R_EC_P192,
+ R_EC_P224,
+ R_EC_P256,
+ R_EC_P384,
+@@ -486,8 +484,6 @@ enum ec_curves_t {
};
/* list of ecdsa curves */
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
-- {"ecdsap160", R_EC_P160},
-- {"ecdsap192", R_EC_P192},
- {"ecdsap224", R_EC_P224},
- {"ecdsap256", R_EC_P256},
- {"ecdsap384", R_EC_P384},
-@@ -449,8 +447,6 @@ enum {
+- { "ecdsap160", R_EC_P160 },
+- { "ecdsap192", R_EC_P192 },
+ { "ecdsap224", R_EC_P224 },
+ { "ecdsap256", R_EC_P256 },
+ { "ecdsap384", R_EC_P384 },
+@@ -522,8 +518,6 @@ enum {
};
/* list of ecdh curves, extension of |ecdsa_choices| list above */
static const OPT_PAIR ecdh_choices[EC_NUM] = {
-- {"ecdhp160", R_EC_P160},
-- {"ecdhp192", R_EC_P192},
- {"ecdhp224", R_EC_P224},
- {"ecdhp256", R_EC_P256},
- {"ecdhp384", R_EC_P384},
-@@ -1966,8 +1962,6 @@ int speed_main(int argc, char **argv)
+- { "ecdhp160", R_EC_P160 },
+- { "ecdhp192", R_EC_P192 },
+ { "ecdhp224", R_EC_P224 },
+ { "ecdhp256", R_EC_P256 },
+ { "ecdhp384", R_EC_P384 },
+@@ -2042,8 +2036,6 @@ int speed_main(int argc, char **argv)
*/
static const EC_CURVE ec_curves[EC_NUM] = {
/* Prime Curves */
-- {"secp160r1", NID_secp160r1, 160},
-- {"nistp192", NID_X9_62_prime192v1, 192},
- {"nistp224", NID_secp224r1, 224},
- {"nistp256", NID_X9_62_prime256v1, 256},
- {"nistp384", NID_secp384r1, 384},
+- { "secp160r1", NID_secp160r1, 160 },
+- { "nistp192", NID_X9_62_prime192v1, 192 },
+ { "nistp224", NID_secp224r1, 224 },
+ { "nistp256", NID_X9_62_prime256v1, 256 },
+ { "nistp384", NID_secp384r1, 384 },
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
-index f46aac5d33..8c5ba5b839 100644
+index c17a7e5477..c6455ff691 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
-@@ -30,38 +30,6 @@ typedef struct {
+@@ -30,34 +30,6 @@ typedef struct {
} EC_CURVE_DATA;
/* the nist prime curves */
@@ -79,11 +79,8 @@ index f46aac5d33..8c5ba5b839 100644
- EC_CURVE_DATA h;
- unsigned char data[20 + 24 * 6];
-} _EC_NIST_PRIME_192 = {
-- {
-- NID_X9_62_prime_field, 20, 24, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 24, 1 },
+- { /* seed */
- 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28,
- 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5,
- /* p */
@@ -103,28 +100,24 @@ index f46aac5d33..8c5ba5b839 100644
- 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31
-- }
+- 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 }
-};
-
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 28 * 6];
-@@ -200,187 +168,6 @@ static const struct {
- }
+@@ -184,167 +156,6 @@ static const struct {
+ 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 }
};
--# ifndef FIPS_MODULE
+-#ifndef FIPS_MODULE
-/* the x9.62 prime curves (minus the nist prime curves) */
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 24 * 6];
-} _EC_X9_62_PRIME_192V2 = {
-- {
-- NID_X9_62_prime_field, 20, 24, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 24, 1 },
+- { /* seed */
- 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E,
- 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6,
- /* p */
@@ -144,19 +137,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
-- 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31
-- }
+- 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 24 * 6];
-} _EC_X9_62_PRIME_192V3 = {
-- {
-- NID_X9_62_prime_field, 20, 24, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 24, 1 },
+- { /* seed */
- 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9,
- 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E,
- /* p */
@@ -176,19 +165,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13
-- }
+- 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 30 * 6];
-} _EC_X9_62_PRIME_239V1 = {
-- {
-- NID_X9_62_prime_field, 20, 30, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 30, 1 },
+- { /* seed */
- 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79,
- 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D,
- /* p */
@@ -214,19 +199,15 @@ index f46aac5d33..8c5ba5b839 100644
- /* order */
- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1,
-- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B
-- }
+- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 30 * 6];
-} _EC_X9_62_PRIME_239V2 = {
-- {
-- NID_X9_62_prime_field, 20, 30, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 30, 1 },
+- { /* seed */
- 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99,
- 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16,
- /* p */
@@ -252,19 +233,15 @@ index f46aac5d33..8c5ba5b839 100644
- /* order */
- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0,
-- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63
-- }
+- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 30 * 6];
-} _EC_X9_62_PRIME_239V3 = {
-- {
-- NID_X9_62_prime_field, 20, 30, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 30, 1 },
+- { /* seed */
- 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76,
- 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF,
- /* p */
@@ -290,15 +267,14 @@ index f46aac5d33..8c5ba5b839 100644
- /* order */
- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C,
-- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51
-- }
+- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 }
-};
-#endif /* FIPS_MODULE */
-
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 32 * 8];
-@@ -429,294 +216,6 @@ static const struct {
+@@ -389,258 +200,6 @@ static const struct {
#ifndef FIPS_MODULE
/* the secg prime curves (minus the nist and x9.62 prime curves) */
@@ -306,11 +282,8 @@ index f46aac5d33..8c5ba5b839 100644
- EC_CURVE_DATA h;
- unsigned char data[20 + 14 * 6];
-} _EC_SECG_PRIME_112R1 = {
-- {
-- NID_X9_62_prime_field, 20, 14, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 14, 1 },
+- { /* seed */
- 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
- 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1,
- /* p */
@@ -330,19 +303,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x75, 0x00,
- /* order */
- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65,
-- 0x61, 0xC5
-- }
+- 0x61, 0xC5 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 14 * 6];
-} _EC_SECG_PRIME_112R2 = {
-- {
-- NID_X9_62_prime_field, 20, 14, 4
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 14, 4 },
+- { /* seed */
- 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
- 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4,
- /* p */
@@ -362,19 +331,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x6e, 0x97,
- /* order */
- 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20,
-- 0xD0, 0x4B
-- }
+- 0xD0, 0x4B }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 16 * 6];
-} _EC_SECG_PRIME_128R1 = {
-- {
-- NID_X9_62_prime_field, 20, 16, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 16, 1 },
+- { /* seed */
- 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
- 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79,
- /* p */
@@ -394,19 +359,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0xdd, 0xed, 0x7a, 0x83,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B,
-- 0x90, 0x38, 0xA1, 0x15
-- }
+- 0x90, 0x38, 0xA1, 0x15 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 16 * 6];
-} _EC_SECG_PRIME_128R2 = {
-- {
-- NID_X9_62_prime_field, 20, 16, 4
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 16, 4 },
+- { /* seed */
- 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8,
- 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4,
- /* p */
@@ -426,19 +387,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x5f, 0xc3, 0x4b, 0x44,
- /* order */
- 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72,
-- 0x06, 0x13, 0xB5, 0xA3
-- }
+- 0x06, 0x13, 0xB5, 0xA3 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 21 * 6];
-} _EC_SECG_PRIME_160K1 = {
-- {
-- NID_X9_62_prime_field, 0, 21, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 21, 1 },
+- { /* no seed */
- /* p */
- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
@@ -456,19 +413,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee,
- /* order */
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8,
-- 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3
-- }
+- 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 21 * 6];
-} _EC_SECG_PRIME_160R1 = {
-- {
-- NID_X9_62_prime_field, 20, 21, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 21, 1 },
+- { /* seed */
- 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
- 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45,
- /* p */
@@ -488,19 +441,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32,
- /* order */
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4,
-- 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57
-- }
+- 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 21 * 6];
-} _EC_SECG_PRIME_160R2 = {
-- {
-- NID_X9_62_prime_field, 20, 21, 1
-- },
-- {
-- /* seed */
+- { NID_X9_62_prime_field, 20, 21, 1 },
+- { /* seed */
- 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6,
- 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
- /* p */
@@ -520,19 +469,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e,
- /* order */
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35,
-- 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B
-- }
+- 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 24 * 6];
-} _EC_SECG_PRIME_192K1 = {
-- {
-- NID_X9_62_prime_field, 0, 24, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 24, 1 },
+- { /* no seed */
- /* p */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37,
@@ -550,19 +495,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
-- 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D
-- }
+- 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 29 * 6];
-} _EC_SECG_PRIME_224K1 = {
-- {
-- NID_X9_62_prime_field, 0, 29, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 29, 1 },
+- { /* no seed */
- /* p */
- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -586,15 +527,14 @@ index f46aac5d33..8c5ba5b839 100644
- /* order */
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9,
-- 0x71, 0x76, 0x9F, 0xB1, 0xF7
-- }
+- 0x71, 0x76, 0x9F, 0xB1, 0xF7 }
-};
-
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
-@@ -753,102 +252,6 @@ static const struct {
- }
+@@ -673,90 +232,6 @@ static const struct {
+ 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 }
};
-/* some wap/wtls curves */
@@ -602,11 +542,8 @@ index f46aac5d33..8c5ba5b839 100644
- EC_CURVE_DATA h;
- unsigned char data[0 + 15 * 6];
-} _EC_WTLS_8 = {
-- {
-- NID_X9_62_prime_field, 0, 15, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 15, 1 },
+- { /* no seed */
- /* p */
- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFD, 0xE7,
@@ -624,19 +561,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x00, 0x00, 0x02,
- /* order */
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A,
-- 0xD8, 0x37, 0xE9
-- }
+- 0xD8, 0x37, 0xE9 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 21 * 6];
-} _EC_WTLS_9 = {
-- {
-- NID_X9_62_prime_field, 0, 21, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 21, 1 },
+- { /* no seed */
- /* p */
- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F,
@@ -654,19 +587,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
- /* order */
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD,
-- 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33
-- }
+- 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 28 * 6];
-} _EC_WTLS_12 = {
-- {
-- NID_X9_62_prime_field, 0, 28, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 28, 1 },
+- { /* no seed */
- /* p */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -690,13 +619,12 @@ index f46aac5d33..8c5ba5b839 100644
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
-- 0x5C, 0x5C, 0x2A, 0x3D
-- }
+- 0x5C, 0x5C, 0x2A, 0x3D }
-};
#endif /* FIPS_MODULE */
#ifndef OPENSSL_NO_EC2M
-@@ -2244,198 +1647,6 @@ static const struct {
+@@ -2004,174 +1479,6 @@ static const struct {
*/
#ifndef FIPS_MODULE
@@ -704,11 +632,8 @@ index f46aac5d33..8c5ba5b839 100644
- EC_CURVE_DATA h;
- unsigned char data[0 + 20 * 6];
-} _EC_brainpoolP160r1 = {
-- {
-- NID_X9_62_prime_field, 0, 20, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 20, 1 },
+- { /* no seed */
- /* p */
- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
@@ -726,19 +651,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21,
- /* order */
- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
-- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
-- }
+- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 20 * 6];
-} _EC_brainpoolP160t1 = {
-- {
-- NID_X9_62_prime_field, 0, 20, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 20, 1 },
+- { /* no seed */
- /* p */
- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
@@ -756,19 +677,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD,
- /* order */
- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
-- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
-- }
+- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 24 * 6];
-} _EC_brainpoolP192r1 = {
-- {
-- NID_X9_62_prime_field, 0, 24, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 24, 1 },
+- { /* no seed */
- /* p */
- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
@@ -786,19 +703,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F,
- /* order */
- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
-- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
-- }
+- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 24 * 6];
-} _EC_brainpoolP192t1 = {
-- {
-- NID_X9_62_prime_field, 0, 24, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 24, 1 },
+- { /* no seed */
- /* p */
- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
@@ -816,19 +729,15 @@ index f46aac5d33..8c5ba5b839 100644
- 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9,
- /* order */
- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
-- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
-- }
+- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 28 * 6];
-} _EC_brainpoolP224r1 = {
-- {
-- NID_X9_62_prime_field, 0, 28, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 28, 1 },
+- { /* no seed */
- /* p */
- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
@@ -852,19 +761,15 @@ index f46aac5d33..8c5ba5b839 100644
- /* order */
- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
-- 0xA5, 0xA7, 0x93, 0x9F
-- }
+- 0xA5, 0xA7, 0x93, 0x9F }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 28 * 6];
-} _EC_brainpoolP224t1 = {
-- {
-- NID_X9_62_prime_field, 0, 28, 1
-- },
-- {
-- /* no seed */
+- { NID_X9_62_prime_field, 0, 28, 1 },
+- { /* no seed */
- /* p */
- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
@@ -888,209 +793,223 @@ index f46aac5d33..8c5ba5b839 100644
- /* order */
- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
-- 0xA5, 0xA7, 0x93, 0x9F
-- }
+- 0xA5, 0xA7, 0x93, 0x9F }
-};
-
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
-@@ -2864,8 +2075,6 @@ static const ec_list_element curve_list[] = {
- "NIST/SECG curve over a 521 bit prime field"},
+@@ -2740,8 +2047,6 @@ static const ec_list_element curve_list[] = {
+ "NIST/SECG curve over a 521 bit prime field" },
/* X9.62 curves */
-- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
-- "NIST/X9.62/SECG curve over a 192 bit prime field"},
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
- # if defined(ECP_NISTZ256_ASM)
- EC_GFp_nistz256_method,
-@@ -2909,25 +2118,6 @@ static const ec_list_element curve_list[] = {
+- { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
+- "NIST/X9.62/SECG curve over a 192 bit prime field" },
+ { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+ #if defined(ECP_NISTZ256_ASM)
+ EC_GFp_nistz256_method,
+@@ -2784,26 +2089,6 @@ static const ec_list_element curve_list[] = {
+
static const ec_list_element curve_list[] = {
/* prime field curves */
- /* secg curves */
-- {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0,
-- "SECG/WTLS curve over a 112 bit prime field"},
-- {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0,
-- "SECG curve over a 112 bit prime field"},
-- {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0,
-- "SECG curve over a 128 bit prime field"},
-- {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0,
-- "SECG curve over a 128 bit prime field"},
-- {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0,
-- "SECG curve over a 160 bit prime field"},
-- {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0,
-- "SECG curve over a 160 bit prime field"},
-- {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0,
-- "SECG/WTLS curve over a 160 bit prime field"},
+- /* secg curves */
+- { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0,
+- "SECG/WTLS curve over a 112 bit prime field" },
+- { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0,
+- "SECG curve over a 112 bit prime field" },
+- { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0,
+- "SECG curve over a 128 bit prime field" },
+- { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0,
+- "SECG curve over a 128 bit prime field" },
+- { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0,
+- "SECG curve over a 160 bit prime field" },
+- { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0,
+- "SECG curve over a 160 bit prime field" },
+- { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0,
+- "SECG/WTLS curve over a 160 bit prime field" },
- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
-- {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0,
-- "SECG curve over a 192 bit prime field"},
-- {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0,
-- "SECG curve over a 224 bit prime field"},
- # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
- "NIST/SECG curve over a 224 bit prime field"},
-@@ -2957,18 +2147,6 @@ static const ec_list_element curve_list[] = {
- # endif
- "NIST/SECG curve over a 521 bit prime field"},
+- { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0,
+- "SECG curve over a 192 bit prime field" },
+- { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0,
+- "SECG curve over a 224 bit prime field" },
+ #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+ { NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+ "NIST/SECG curve over a 224 bit prime field" },
+@@ -2833,18 +2118,6 @@ static const ec_list_element curve_list[] = {
+ #endif
+ "NIST/SECG curve over a 521 bit prime field" },
/* X9.62 curves */
-- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
-- "NIST/X9.62/SECG curve over a 192 bit prime field"},
-- {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
-- "X9.62 curve over a 192 bit prime field"},
-- {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0,
-- "X9.62 curve over a 192 bit prime field"},
-- {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0,
-- "X9.62 curve over a 239 bit prime field"},
-- {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0,
-- "X9.62 curve over a 239 bit prime field"},
-- {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0,
-- "X9.62 curve over a 239 bit prime field"},
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
- # if defined(ECP_NISTZ256_ASM)
- EC_GFp_nistz256_method,
-@@ -3065,22 +2243,12 @@ static const ec_list_element curve_list[] = {
- {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
- "X9.62 curve over a 163 bit binary field"},
- # endif
-- {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0,
-- "SECG/WTLS curve over a 112 bit prime field"},
-- {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0,
-- "SECG/WTLS curve over a 160 bit prime field"},
-- {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0,
-- "WTLS curve over a 112 bit prime field"},
-- {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0,
-- "WTLS curve over a 160 bit prime field"},
- # ifndef OPENSSL_NO_EC2M
- {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0,
- "NIST/SECG/WTLS curve over a 233 bit binary field"},
- {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0,
- "NIST/SECG/WTLS curve over a 233 bit binary field"},
- # endif
-- {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
-- "WTLS curve over a 224 bit prime field"},
- # ifndef OPENSSL_NO_EC2M
+- { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
+- "NIST/X9.62/SECG curve over a 192 bit prime field" },
+- { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
+- "X9.62 curve over a 192 bit prime field" },
+- { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0,
+- "X9.62 curve over a 192 bit prime field" },
+- { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0,
+- "X9.62 curve over a 239 bit prime field" },
+- { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0,
+- "X9.62 curve over a 239 bit prime field" },
+- { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0,
+- "X9.62 curve over a 239 bit prime field" },
+ { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+ #if defined(ECP_NISTZ256_ASM)
+ EC_GFp_nistz256_method,
+@@ -2928,36 +2201,6 @@ static const ec_list_element curve_list[] = {
+ "X9.62 curve over a 368 bit binary field" },
+ { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0,
+ "X9.62 curve over a 431 bit binary field" },
+- /*
+- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
+- * from X9.62]
+- */
+- { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0,
+- "WTLS curve over a 113 bit binary field" },
+- { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0,
+- "NIST/SECG/WTLS curve over a 163 bit binary field" },
+- { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0,
+- "SECG curve over a 113 bit binary field" },
+- { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
+- "X9.62 curve over a 163 bit binary field" },
+-#endif
+- { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0,
+- "SECG/WTLS curve over a 112 bit prime field" },
+- { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0,
+- "SECG/WTLS curve over a 160 bit prime field" },
+- { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0,
+- "WTLS curve over a 112 bit prime field" },
+- { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0,
+- "WTLS curve over a 160 bit prime field" },
+-#ifndef OPENSSL_NO_EC2M
+- { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0,
+- "NIST/SECG/WTLS curve over a 233 bit binary field" },
+- { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0,
+- "NIST/SECG/WTLS curve over a 233 bit binary field" },
+-#endif
+- { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
+- "WTLS curve over a 224 bit prime field" },
+-#ifndef OPENSSL_NO_EC2M
/* IPSec curves */
- {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
-@@ -3091,18 +2259,6 @@ static const ec_list_element curve_list[] = {
- "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
- # endif
+ { NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
+ "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
+@@ -2967,18 +2210,6 @@ static const ec_list_element curve_list[] = {
+ "\tNot suitable for ECDSA.\n\tQuestionable extension field!" },
+ #endif
/* brainpool curves */
-- {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0,
-- "RFC 5639 curve over a 160 bit prime field"},
-- {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0,
-- "RFC 5639 curve over a 160 bit prime field"},
-- {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0,
-- "RFC 5639 curve over a 192 bit prime field"},
-- {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0,
-- "RFC 5639 curve over a 192 bit prime field"},
-- {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0,
-- "RFC 5639 curve over a 224 bit prime field"},
-- {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0,
-- "RFC 5639 curve over a 224 bit prime field"},
- {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
- "RFC 5639 curve over a 256 bit prime field"},
- {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
+- { NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0,
+- "RFC 5639 curve over a 160 bit prime field" },
+- { NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0,
+- "RFC 5639 curve over a 160 bit prime field" },
+- { NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0,
+- "RFC 5639 curve over a 192 bit prime field" },
+- { NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0,
+- "RFC 5639 curve over a 192 bit prime field" },
+- { NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0,
+- "RFC 5639 curve over a 224 bit prime field" },
+- { NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0,
+- "RFC 5639 curve over a 224 bit prime field" },
+ { NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
+ "RFC 5639 curve over a 256 bit prime field" },
+ { NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
-index 1ec10143d2..82b95294b4 100644
+index 20883c48f1..9715c6280d 100644
--- a/crypto/evp/ec_support.c
+++ b/crypto/evp/ec_support.c
@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st {
static const EC_NAME2NID curve_list[] = {
/* prime field curves */
/* secg curves */
-- {"secp112r1", NID_secp112r1 },
-- {"secp112r2", NID_secp112r2 },
-- {"secp128r1", NID_secp128r1 },
-- {"secp128r2", NID_secp128r2 },
-- {"secp160k1", NID_secp160k1 },
-- {"secp160r1", NID_secp160r1 },
-- {"secp160r2", NID_secp160r2 },
-- {"secp192k1", NID_secp192k1 },
-- {"secp224k1", NID_secp224k1 },
- {"secp224r1", NID_secp224r1 },
- {"secp256k1", NID_secp256k1 },
- {"secp384r1", NID_secp384r1 },
- {"secp521r1", NID_secp521r1 },
+- { "secp112r1", NID_secp112r1 },
+- { "secp112r2", NID_secp112r2 },
+- { "secp128r1", NID_secp128r1 },
+- { "secp128r2", NID_secp128r2 },
+- { "secp160k1", NID_secp160k1 },
+- { "secp160r1", NID_secp160r1 },
+- { "secp160r2", NID_secp160r2 },
+- { "secp192k1", NID_secp192k1 },
+- { "secp224k1", NID_secp224k1 },
+ { "secp224r1", NID_secp224r1 },
+ { "secp256k1", NID_secp256k1 },
+ { "secp384r1", NID_secp384r1 },
+ { "secp521r1", NID_secp521r1 },
/* X9.62 curves */
-- {"prime192v1", NID_X9_62_prime192v1 },
-- {"prime192v2", NID_X9_62_prime192v2 },
-- {"prime192v3", NID_X9_62_prime192v3 },
-- {"prime239v1", NID_X9_62_prime239v1 },
-- {"prime239v2", NID_X9_62_prime239v2 },
-- {"prime239v3", NID_X9_62_prime239v3 },
- {"prime256v1", NID_X9_62_prime256v1 },
+- { "prime192v1", NID_X9_62_prime192v1 },
+- { "prime192v2", NID_X9_62_prime192v2 },
+- { "prime192v3", NID_X9_62_prime192v3 },
+- { "prime239v1", NID_X9_62_prime239v1 },
+- { "prime239v2", NID_X9_62_prime239v2 },
+- { "prime239v3", NID_X9_62_prime239v3 },
+ { "prime256v1", NID_X9_62_prime256v1 },
/* characteristic two field curves */
/* NIST/SECG curves */
-- {"sect113r1", NID_sect113r1 },
-- {"sect113r2", NID_sect113r2 },
-- {"sect131r1", NID_sect131r1 },
-- {"sect131r2", NID_sect131r2 },
-- {"sect163k1", NID_sect163k1 },
-- {"sect163r1", NID_sect163r1 },
-- {"sect163r2", NID_sect163r2 },
-- {"sect193r1", NID_sect193r1 },
-- {"sect193r2", NID_sect193r2 },
-- {"sect233k1", NID_sect233k1 },
-- {"sect233r1", NID_sect233r1 },
-- {"sect239k1", NID_sect239k1 },
-- {"sect283k1", NID_sect283k1 },
-- {"sect283r1", NID_sect283r1 },
-- {"sect409k1", NID_sect409k1 },
-- {"sect409r1", NID_sect409r1 },
-- {"sect571k1", NID_sect571k1 },
-- {"sect571r1", NID_sect571r1 },
+- { "sect113r1", NID_sect113r1 },
+- { "sect113r2", NID_sect113r2 },
+- { "sect131r1", NID_sect131r1 },
+- { "sect131r2", NID_sect131r2 },
+- { "sect163k1", NID_sect163k1 },
+- { "sect163r1", NID_sect163r1 },
+- { "sect163r2", NID_sect163r2 },
+- { "sect193r1", NID_sect193r1 },
+- { "sect193r2", NID_sect193r2 },
+- { "sect233k1", NID_sect233k1 },
+- { "sect233r1", NID_sect233r1 },
+- { "sect239k1", NID_sect239k1 },
+- { "sect283k1", NID_sect283k1 },
+- { "sect283r1", NID_sect283r1 },
+- { "sect409k1", NID_sect409k1 },
+- { "sect409r1", NID_sect409r1 },
+- { "sect571k1", NID_sect571k1 },
+- { "sect571r1", NID_sect571r1 },
- /* X9.62 curves */
-- {"c2pnb163v1", NID_X9_62_c2pnb163v1 },
-- {"c2pnb163v2", NID_X9_62_c2pnb163v2 },
-- {"c2pnb163v3", NID_X9_62_c2pnb163v3 },
-- {"c2pnb176v1", NID_X9_62_c2pnb176v1 },
-- {"c2tnb191v1", NID_X9_62_c2tnb191v1 },
-- {"c2tnb191v2", NID_X9_62_c2tnb191v2 },
-- {"c2tnb191v3", NID_X9_62_c2tnb191v3 },
-- {"c2pnb208w1", NID_X9_62_c2pnb208w1 },
-- {"c2tnb239v1", NID_X9_62_c2tnb239v1 },
-- {"c2tnb239v2", NID_X9_62_c2tnb239v2 },
-- {"c2tnb239v3", NID_X9_62_c2tnb239v3 },
-- {"c2pnb272w1", NID_X9_62_c2pnb272w1 },
-- {"c2pnb304w1", NID_X9_62_c2pnb304w1 },
-- {"c2tnb359v1", NID_X9_62_c2tnb359v1 },
-- {"c2pnb368w1", NID_X9_62_c2pnb368w1 },
-- {"c2tnb431r1", NID_X9_62_c2tnb431r1 },
+- { "c2pnb163v1", NID_X9_62_c2pnb163v1 },
+- { "c2pnb163v2", NID_X9_62_c2pnb163v2 },
+- { "c2pnb163v3", NID_X9_62_c2pnb163v3 },
+- { "c2pnb176v1", NID_X9_62_c2pnb176v1 },
+- { "c2tnb191v1", NID_X9_62_c2tnb191v1 },
+- { "c2tnb191v2", NID_X9_62_c2tnb191v2 },
+- { "c2tnb191v3", NID_X9_62_c2tnb191v3 },
+- { "c2pnb208w1", NID_X9_62_c2pnb208w1 },
+- { "c2tnb239v1", NID_X9_62_c2tnb239v1 },
+- { "c2tnb239v2", NID_X9_62_c2tnb239v2 },
+- { "c2tnb239v3", NID_X9_62_c2tnb239v3 },
+- { "c2pnb272w1", NID_X9_62_c2pnb272w1 },
+- { "c2pnb304w1", NID_X9_62_c2pnb304w1 },
+- { "c2tnb359v1", NID_X9_62_c2tnb359v1 },
+- { "c2pnb368w1", NID_X9_62_c2pnb368w1 },
+- { "c2tnb431r1", NID_X9_62_c2tnb431r1 },
- /*
- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
- * from X9.62]
- */
-- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
-- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
-- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
-- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
-- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
-- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
-- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
-- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
-- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
-- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
-- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
+- { "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
+- { "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
+- { "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
+- { "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
+- { "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
+- { "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
+- { "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
+- { "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
+- { "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
+- { "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
+- { "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
- /* IPSec curves */
-- {"Oakley-EC2N-3", NID_ipsec3 },
-- {"Oakley-EC2N-4", NID_ipsec4 },
+- { "Oakley-EC2N-3", NID_ipsec3 },
+- { "Oakley-EC2N-4", NID_ipsec4 },
/* brainpool curves */
-- {"brainpoolP160r1", NID_brainpoolP160r1 },
-- {"brainpoolP160t1", NID_brainpoolP160t1 },
-- {"brainpoolP192r1", NID_brainpoolP192r1 },
-- {"brainpoolP192t1", NID_brainpoolP192t1 },
-- {"brainpoolP224r1", NID_brainpoolP224r1 },
-- {"brainpoolP224t1", NID_brainpoolP224t1 },
- {"brainpoolP256r1", NID_brainpoolP256r1 },
- {"brainpoolP256t1", NID_brainpoolP256t1 },
- {"brainpoolP320r1", NID_brainpoolP320r1 },
+- { "brainpoolP160r1", NID_brainpoolP160r1 },
+- { "brainpoolP160t1", NID_brainpoolP160t1 },
+- { "brainpoolP192r1", NID_brainpoolP192r1 },
+- { "brainpoolP192t1", NID_brainpoolP192t1 },
+- { "brainpoolP224r1", NID_brainpoolP224r1 },
+- { "brainpoolP224t1", NID_brainpoolP224t1 },
+ { "brainpoolP256r1", NID_brainpoolP256r1 },
+ { "brainpoolP256t1", NID_brainpoolP256t1 },
+ { "brainpoolP320r1", NID_brainpoolP320r1 },
@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = {
- {"brainpoolP384t1", NID_brainpoolP384t1 },
- {"brainpoolP512r1", NID_brainpoolP512r1 },
- {"brainpoolP512t1", NID_brainpoolP512t1 },
+ { "brainpoolP384t1", NID_brainpoolP384t1 },
+ { "brainpoolP512r1", NID_brainpoolP512r1 },
+ { "brainpoolP512t1", NID_brainpoolP512t1 },
- /* SM2 curve */
-- {"SM2", NID_sm2 },
+- { "SM2", NID_sm2 },
};
const char *OSSL_EC_curve_nid2name(int nid)
@@ -1098,20 +1017,20 @@ index 1ec10143d2..82b95294b4 100644
/* Functions to translate between common NIST curve names and NIDs */
static const EC_NAME2NID nist_curves[] = {
-- {"B-163", NID_sect163r2},
-- {"B-233", NID_sect233r1},
-- {"B-283", NID_sect283r1},
-- {"B-409", NID_sect409r1},
-- {"B-571", NID_sect571r1},
-- {"K-163", NID_sect163k1},
-- {"K-233", NID_sect233k1},
-- {"K-283", NID_sect283k1},
-- {"K-409", NID_sect409k1},
-- {"K-571", NID_sect571k1},
-- {"P-192", NID_X9_62_prime192v1},
- {"P-224", NID_secp224r1},
- {"P-256", NID_X9_62_prime256v1},
- {"P-384", NID_secp384r1},
+- { "B-163", NID_sect163r2 },
+- { "B-233", NID_sect233r1 },
+- { "B-283", NID_sect283r1 },
+- { "B-409", NID_sect409r1 },
+- { "B-571", NID_sect571r1 },
+- { "K-163", NID_sect163k1 },
+- { "K-233", NID_sect233k1 },
+- { "K-283", NID_sect283k1 },
+- { "K-409", NID_sect409k1 },
+- { "K-571", NID_sect571k1 },
+- { "P-192", NID_X9_62_prime192v1 },
+ { "P-224", NID_secp224r1 },
+ { "P-256", NID_X9_62_prime256v1 },
+ { "P-384", NID_secp384r1 },
diff --git a/test/acvp_test.inc b/test/acvp_test.inc
index 67787f3740..97ec1ff3e5 100644
--- a/test/acvp_test.inc
@@ -1133,7 +1052,7 @@ index 67787f3740..97ec1ff3e5 100644
"SHA2-512",
"P-521",
diff --git a/test/ecdsatest.h b/test/ecdsatest.h
-index 63fe319025..06b5c0aac5 100644
+index 700d7b5253..6aa4faa461 100644
--- a/test/ecdsatest.h
+++ b/test/ecdsatest.h
@@ -32,23 +32,6 @@ typedef struct {
@@ -1141,30 +1060,30 @@ index 63fe319025..06b5c0aac5 100644
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
- /* prime KATs from X9.62 */
-- {NID_X9_62_prime192v1, NID_sha1,
-- "616263", /* "abc" */
-- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
-- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
-- "5ca5c0d69716dfcb3474373902",
-- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
-- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
-- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
-- {NID_X9_62_prime239v1, NID_sha1,
-- "616263", /* "abc" */
-- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
-- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
-- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
-- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
-- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
-- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
+- { NID_X9_62_prime192v1, NID_sha1,
+- "616263", /* "abc" */
+- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
+- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
+- "5ca5c0d69716dfcb3474373902",
+- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
+- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
+- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686" },
+- { NID_X9_62_prime239v1, NID_sha1,
+- "616263", /* "abc" */
+- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
+- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
+- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
+- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
+- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
+- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf" },
/* prime KATs from NIST CAVP */
- {NID_secp224r1, NID_sha224,
- "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
+ { NID_secp224r1, NID_sha224,
+ "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
diff --git a/test/ectest.c b/test/ectest.c
-index e1cb59d58d..b852381924 100644
+index 0233f870b6..f243f6fb3c 100644
--- a/test/ectest.c
+++ b/test/ectest.c
-@@ -175,184 +175,26 @@ static int prime_field_tests(void)
+@@ -174,183 +174,26 @@ static int prime_field_tests(void)
|| !TEST_ptr(p = BN_new())
|| !TEST_ptr(a = BN_new())
|| !TEST_ptr(b = BN_new())
@@ -1222,7 +1141,7 @@ index e1cb59d58d..b852381924 100644
- TEST_note(" point at infinity");
- } else {
- if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y,
-- ctx)))
+- ctx)))
- goto err;
-
- test_output_bignum("x", x);
@@ -1239,64 +1158,63 @@ index e1cb59d58d..b852381924 100644
- || !TEST_true(EC_POINT_is_at_infinity(group, P)))
- goto err;
-
-- len =
-- EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
-- sizeof(buf), ctx);
+- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
+- sizeof(buf), ctx);
- if (!TEST_size_t_ne(len, 0)
- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
- goto err;
- test_output_memory("Generator as octet string, compressed form:",
-- buf, len);
+- buf, len);
-
- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED,
-- buf, sizeof(buf), ctx);
+- buf, sizeof(buf), ctx);
- if (!TEST_size_t_ne(len, 0)
- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
- goto err;
- test_output_memory("Generator as octet string, uncompressed form:",
-- buf, len);
+- buf, len);
-
- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID,
-- buf, sizeof(buf), ctx);
+- buf, sizeof(buf), ctx);
- if (!TEST_size_t_ne(len, 0)
- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
- goto err;
- test_output_memory("Generator as octet string, hybrid form:",
-- buf, len);
+- buf, len);
-
- if (!TEST_true(EC_POINT_invert(group, P, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
-
-- /*
-- * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
-- * 2000) -- not a NIST curve, but commonly used
-- */
+- /*
+- * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
+- * 2000) -- not a NIST curve, but commonly used
+- */
-
-- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF"
+- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
-- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF"
+- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
-- || !TEST_true(BN_hex2bn(&b, "1C97BEFC"
+- || !TEST_true(BN_hex2bn(&b, "1C97BEFC"
- "54BD7A8B65ACF89F81D4D4ADC565FA45"))
- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
-- || !TEST_true(BN_hex2bn(&x, "4A96B568"
+- || !TEST_true(BN_hex2bn(&x, "4A96B568"
- "8EF573284664698968C38BB913CBFC82"))
-- || !TEST_true(BN_hex2bn(&y, "23a62855"
+- || !TEST_true(BN_hex2bn(&y, "23a62855"
- "3168947d59dcc912042351377ac5fb32"))
- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
-- /*
-- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-- * and therefore setting the coordinates should fail.
-- */
+- /*
+- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+- * and therefore setting the coordinates should fail.
+- */
- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
-- ctx))
+- ctx))
- || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
-- || !TEST_true(BN_hex2bn(&z, "0100000000"
+- || !TEST_true(BN_hex2bn(&z, "0100000000"
- "000000000001F4C8F927AED3CA752257"))
- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
@@ -1305,27 +1223,27 @@ index e1cb59d58d..b852381924 100644
- test_output_bignum("x", x);
- test_output_bignum("y", y);
- /* G_y value taken from the standard: */
-- if (!TEST_true(BN_hex2bn(&z, "23a62855"
+- if (!TEST_true(BN_hex2bn(&z, "23a62855"
- "3168947d59dcc912042351377ac5fb32"))
- || !TEST_BN_eq(y, z)
- || !TEST_int_eq(EC_GROUP_get_degree(group), 160)
- || !group_order_tests(group)
-
-- /* Curve P-192 (FIPS PUB 186-2, App. 6) */
+- /* Curve P-192 (FIPS PUB 186-2, App. 6) */
-
-- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF"
+- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
-- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF"
+- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
-- || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7"
+- || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7"
- "0FA7E9AB72243049FEB8DEECC146B9B1"))
- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
-- || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6"
+- || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6"
- "7CBF20EB43A18800F4FF0AFD82FF1012"))
- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
-- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF"
+- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF"
- "FFFFFFFF99DEF836146BC9B1B4D22831"))
- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
@@ -1336,27 +1254,28 @@ index e1cb59d58d..b852381924 100644
- test_output_bignum("x", x);
- test_output_bignum("y", y);
- /* G_y value taken from the standard: */
-- if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78"
+- if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78"
- "631011ED6B24CDD573F977A11E794811"))
- || !TEST_BN_eq(y, z)
- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
-- /*
-- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-- * and therefore setting the coordinates should fail.
-- */
+- /*
+- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+- * and therefore setting the coordinates should fail.
+- */
- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
-- ctx))
+- ctx))
- || !TEST_int_eq(EC_GROUP_get_degree(group), 192)
- || !group_order_tests(group)
-
- /* Curve P-224 (FIPS PUB 186-2, App. 6) */
+- /* Curve P-224 (FIPS PUB 186-2, App. 6) */
++ /* Curve P-224 (FIPS PUB 186-2, App. 6) */
-- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
-+ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
+- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
++ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFF000000000000000000000001"))
|| !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF"
-@@ -3130,7 +2972,7 @@ int setup_tests(void)
+ || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF"
+@@ -3522,7 +3365,7 @@ int setup_tests(void)
ADD_TEST(parameter_test);
ADD_TEST(ossl_parameter_test);
@@ -1425,5 +1344,5 @@ index e6a2c9eb59..861c01e177 100644
Ctrl = key-check:0
+Result = KEYGEN_GENERATE_ERROR
--
-2.51.0
+2.52.0
diff --git a/0010-RH-Disable-explicit-ec-curves.patch b/0010-RH-Disable-explicit-ec-curves.patch
index 21ce41f..29acf36 100644
--- a/0010-RH-Disable-explicit-ec-curves.patch
+++ b/0010-RH-Disable-explicit-ec-curves.patch
@@ -1,7 +1,7 @@
-From fdbbe15e433da8556076b84e7612ce5f53f3fa49 Mon Sep 17 00:00:00 2001
+From a925f827ebbd25236c7449e179cfcd716af60379 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 10/59] RH: Disable explicit ec curves
+Subject: [PATCH 10/57] RH: Disable explicit ec curves
Patch-name: 0012-Disable-explicit-ec.patch
Patch-id: 12
@@ -10,18 +10,18 @@ Patch-status: |
# # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
- crypto/ec/ec_asn1.c | 11 ++++++++++
- crypto/ec/ec_lib.c | 8 ++++++-
- test/ectest.c | 22 ++++++++++---------
- test/endecode_test.c | 20 ++++++++---------
- .../30-test_evp_data/evppkey_ecdsa.txt | 12 ----------
- 5 files changed, 40 insertions(+), 33 deletions(-)
+ crypto/ec/ec_asn1.c | 11 +++++++
+ crypto/ec/ec_lib.c | 8 ++++-
+ test/ectest.c | 22 +++++++-------
+ test/endecode_test.c | 30 +++++++++----------
+ .../30-test_evp_data/evppkey_ecdsa.txt | 12 --------
+ 5 files changed, 45 insertions(+), 38 deletions(-)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
-index 643d2d8d7b..5895606176 100644
+index bfd0242c6f..bb462121b5 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
-@@ -901,6 +901,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
+@@ -889,6 +889,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
group->decoded_from_explicit_params = 1;
@@ -34,7 +34,7 @@ index 643d2d8d7b..5895606176 100644
if (a) {
EC_GROUP_free(*a);
*a = group;
-@@ -960,6 +966,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+@@ -948,6 +954,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
goto err;
}
@@ -47,10 +47,10 @@ index 643d2d8d7b..5895606176 100644
if (priv_key->privateKey) {
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
-index b55677fb1f..1df40018ac 100644
+index 13dcd29b11..de21cb2f10 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
-@@ -1554,7 +1554,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
+@@ -1551,7 +1551,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
int is_prime_field = 1;
BN_CTX *bnctx = NULL;
const unsigned char *buf = NULL;
@@ -59,7 +59,7 @@ index b55677fb1f..1df40018ac 100644
#endif
/* This is the simple named group case */
-@@ -1728,6 +1728,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
+@@ -1726,6 +1726,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
goto err;
}
if (named_group == group) {
@@ -71,7 +71,7 @@ index b55677fb1f..1df40018ac 100644
/*
* If we did not find a named group then the encoding should be explicit
* if it was specified
-@@ -1743,6 +1748,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
+@@ -1741,6 +1746,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
goto err;
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
@@ -80,16 +80,17 @@ index b55677fb1f..1df40018ac 100644
EC_GROUP_free(group);
group = named_group;
diff --git a/test/ectest.c b/test/ectest.c
-index b852381924..6eac5de4fa 100644
+index f243f6fb3c..d8246524f3 100644
--- a/test/ectest.c
+++ b/test/ectest.c
-@@ -2413,10 +2413,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
+@@ -2791,11 +2791,12 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
|| !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
|| !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
+ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam,
- EVP_PKEY_KEY_PARAMETERS, params), 0))
+ EVP_PKEY_KEY_PARAMETERS, params),
+ 0))
goto err;
-
+/* As creating the key should fail, the rest of the test is pointless */
@@ -97,54 +98,54 @@ index b852381924..6eac5de4fa 100644
/*- Check that all the set values are retrievable -*/
/* There should be no match to a group name since the generator changed */
-@@ -2545,6 +2546,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
+@@ -2924,6 +2925,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
#endif
- )
+ )
goto err;
+#endif
ret = 1;
err:
BN_free(order_out);
-@@ -2826,21 +2828,21 @@ static int custom_params_test(int id)
+@@ -3217,21 +3219,21 @@ static int custom_params_test(int id)
/* Compute keyexchange in both directions */
if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
-- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
-- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
-+ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0)
-+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
- || !TEST_int_gt(bsize, sslen)
-- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
-+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/)
+- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
+- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
++ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0)
++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
+ || !TEST_int_gt(bsize, sslen)
+- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
++ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/)
goto err;
if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL))
-- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
-- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
-+ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1)
-+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
- || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
- || !TEST_int_gt(bsize, t)
- || !TEST_int_le(sslen, t)
-- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
-+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */)
+- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
+- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
++ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1)
++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
+ || !TEST_int_gt(bsize, t)
+ || !TEST_int_le(sslen, t)
+- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
++ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */)
goto err;
-
+#if 0
/* Both sides should expect the same shared secret */
if (!TEST_mem_eq(buf1, sslen, buf2, t))
goto err;
-@@ -2893,7 +2895,7 @@ static int custom_params_test(int id)
- /* compare with previous result */
- || !TEST_mem_eq(buf1, t, buf2, sslen))
+@@ -3286,7 +3288,7 @@ static int custom_params_test(int id)
+ /* compare with previous result */
+ || !TEST_mem_eq(buf1, t, buf2, sslen))
goto err;
-
+#endif
ret = 1;
- err:
+ err:
diff --git a/test/endecode_test.c b/test/endecode_test.c
-index 028deb4ed1..85c84f6592 100644
+index 3f8ed7f392..c3b55af3e7 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -63,7 +63,7 @@ static BN_CTX *bnctx = NULL;
@@ -154,51 +155,59 @@ index 028deb4ed1..85c84f6592 100644
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
- # ifndef OPENSSL_NO_EC2M
+ #ifndef OPENSSL_NO_EC2M
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
-@@ -1027,9 +1027,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
+@@ -1013,10 +1013,10 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
-DOMAIN_KEYS(ECExplicitPrime2G);
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
+-#ifndef OPENSSL_NO_EC2M
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
- # ifndef OPENSSL_NO_EC2M
++# ifndef OPENSSL_NO_EC2M
DOMAIN_KEYS(ECExplicitTriNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
-@@ -1445,7 +1445,7 @@ int setup_tests(void)
+ IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
+@@ -1458,8 +1458,8 @@ int setup_tests(void)
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|| !create_ec_explicit_prime_params(bld_prime)
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
-+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
- # ifndef OPENSSL_NO_EC2M
+-#ifndef OPENSSL_NO_EC2M
++/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
++# ifndef OPENSSL_NO_EC2M
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
-@@ -1473,7 +1473,7 @@ int setup_tests(void)
+ || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
+@@ -1486,8 +1486,8 @@ int setup_tests(void)
TEST_info("Generating EC keys...");
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
-+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
- # ifndef OPENSSL_NO_EC2M
+-#ifndef OPENSSL_NO_EC2M
++/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
++# ifndef OPENSSL_NO_EC2M
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
-@@ -1553,8 +1553,8 @@ int setup_tests(void)
+ #endif
+@@ -1566,9 +1566,9 @@ int setup_tests(void)
ADD_TEST_SUITE_LEGACY(EC);
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
- ADD_TEST_SUITE(ECExplicitPrime2G);
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
-+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
-+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
- # ifndef OPENSSL_NO_EC2M
+-#ifndef OPENSSL_NO_EC2M
++/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
++/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
++# ifndef OPENSSL_NO_EC2M
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
-@@ -1631,7 +1631,7 @@ void cleanup_tests(void)
+ ADD_TEST_SUITE(ECExplicitTri2G);
+@@ -1644,7 +1644,7 @@ void cleanup_tests(void)
{
#ifndef OPENSSL_NO_EC
OSSL_PARAM_free(ec_explicit_prime_params_nc);
@@ -206,16 +215,18 @@ index 028deb4ed1..85c84f6592 100644
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
OSSL_PARAM_BLD_free(bld_prime_nc);
OSSL_PARAM_BLD_free(bld_prime);
- # ifndef OPENSSL_NO_EC2M
-@@ -1653,7 +1653,7 @@ void cleanup_tests(void)
+ #ifndef OPENSSL_NO_EC2M
+@@ -1666,8 +1666,8 @@ void cleanup_tests(void)
#ifndef OPENSSL_NO_EC
FREE_DOMAIN_KEYS(EC);
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
-+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
- # ifndef OPENSSL_NO_EC2M
+-#ifndef OPENSSL_NO_EC2M
++/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
++# ifndef OPENSSL_NO_EC2M
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
FREE_DOMAIN_KEYS(ECExplicitTri2G);
+ #endif
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index 07dc4b4298..4c47fa68c2 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -240,5 +251,5 @@ index 07dc4b4298..4c47fa68c2 100644
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
--
-2.51.0
+2.52.0
diff --git a/0011-RH-skipped-tests-EC-curves.patch b/0011-RH-skipped-tests-EC-curves.patch
index b3547c8..5d2d1b5 100644
--- a/0011-RH-skipped-tests-EC-curves.patch
+++ b/0011-RH-skipped-tests-EC-curves.patch
@@ -1,7 +1,7 @@
-From 4a0a6c5cc9560438cab41e65948b6da9e63d1123 Mon Sep 17 00:00:00 2001
+From 2afc42b7faa263387234aa747d676efd140a7c8a Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 11/59] RH: skipped tests EC curves
+Subject: [PATCH 11/57] RH: skipped tests EC curves
Patch-name: 0013-skipped-tests-EC-curves.patch
Patch-id: 13
@@ -78,5 +78,5 @@ index f722800e27..26a01786bb 100644
my @basic_cmd = ("cmp_vfy_test",
data_file("server.crt"), data_file("client.crt"),
--
-2.51.0
+2.52.0
diff --git a/0012-RH-skip-quic-pairwise.patch b/0012-RH-skip-quic-pairwise.patch
index 84dd7ec..19fe4a2 100644
--- a/0012-RH-skip-quic-pairwise.patch
+++ b/0012-RH-skip-quic-pairwise.patch
@@ -1,7 +1,7 @@
-From 82c0d773649909ec1883d43e423f886d6424b9af Mon Sep 17 00:00:00 2001
+From 48b4a63db033730ef98eb9968e45ba66688598c9 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Thu, 7 Mar 2024 17:37:09 +0100
-Subject: [PATCH 12/59] RH: skip quic pairwise
+Subject: [PATCH 12/57] RH: skip quic pairwise
Patch-name: 0115-skip-quic-pairwise.patch
Patch-id: 115
@@ -14,10 +14,10 @@ Patch-status: |
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/test/quicapitest.c b/test/quicapitest.c
-index 4e887c13d1..37acf268cc 100644
+index 6b9ee8e69a..96cd735819 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
-@@ -2916,7 +2916,9 @@ int setup_tests(void)
+@@ -3015,7 +3015,9 @@ int setup_tests(void)
ADD_TEST(test_cipher_find);
ADD_TEST(test_version);
#if defined(DO_SSL_TRACE_TEST)
@@ -29,10 +29,10 @@ index 4e887c13d1..37acf268cc 100644
ADD_TEST(test_quic_forbidden_apis_ctx);
ADD_TEST(test_quic_forbidden_apis);
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
-index 222b1886ae..7e2f65cccb 100644
+index 6c8de64b0b..79a5584099 100644
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
-@@ -185,6 +185,7 @@ foreach (sort keys %stlibname) {
+@@ -187,6 +187,7 @@ foreach (sort keys %stlibname) {
}
}
my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;
@@ -82,5 +82,5 @@ index eaf0dbbb42..21864ad319 100644
"-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])),
"fips provider dsa keygen pairwise failure test");
--
-2.51.0
+2.52.0
diff --git a/0013-RH-version-aliasing.patch b/0013-RH-version-aliasing.patch
index 719de7f..6fcb250 100644
--- a/0013-RH-version-aliasing.patch
+++ b/0013-RH-version-aliasing.patch
@@ -1,7 +1,7 @@
-From 4fb5c4b21a8052f87e02c941c6e7a0e6f0d9384c Mon Sep 17 00:00:00 2001
+From 9a41889c1a026e203f936e0c3b511e6d4ddc4cf2 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 13/59] RH: version aliasing
+Subject: [PATCH 13/57] RH: version aliasing
Patch-name: 0116-version-aliasing.patch
Patch-id: 116
@@ -17,7 +17,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
4 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
-index 6fc201bcfe..3c80b9dfe1 100644
+index 4b1c95c4ab..8a6e87c11a 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -572,7 +572,12 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
@@ -35,10 +35,10 @@ index 6fc201bcfe..3c80b9dfe1 100644
EVP_MD_CTX *out = EVP_MD_CTX_new();
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
-index eee00a0780..7c51786515 100644
+index 5584e06d7e..d5ff34a4e2 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
-@@ -1762,7 +1762,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+@@ -1756,7 +1756,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
#endif /* FIPS_MODULE */
}
@@ -53,10 +53,10 @@ index eee00a0780..7c51786515 100644
EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new();
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
-index 7e2f65cccb..cc947d4821 100644
+index 79a5584099..a70ebef431 100644
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
-@@ -131,6 +131,7 @@ foreach (sort keys %stlibname) {
+@@ -133,6 +133,7 @@ foreach (sort keys %stlibname) {
s| .*||;
# Drop OpenSSL dynamic version information if there is any
s|\@\@.+$||;
@@ -79,5 +79,5 @@ index ceb4948839..eab3987a6b 100644
BN_signed_bn2bin 5568 3_2_0 EXIST::FUNCTION:
BN_signed_lebin2bn 5569 3_2_0 EXIST::FUNCTION:
--
-2.51.0
+2.52.0
diff --git a/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch b/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
index 14e686d..32f3c18 100644
--- a/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
+++ b/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
@@ -1,7 +1,7 @@
-From 104697d613232de6a96c2c8323eac721c19dbaa2 Mon Sep 17 00:00:00 2001
+From 51d485de6b9e2a714610daa886bde82b45016c0a Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 13 Feb 2025 16:09:09 -0500
-Subject: [PATCH 14/59] RH: Export two symbols for OPENSSL_str[n]casecmp
+Subject: [PATCH 14/57] RH: Export two symbols for OPENSSL_str[n]casecmp
We accidentally exported the symbols with the incorrect verison number
in an early version of RHEL-9 so we need to keep the wrong symbols for
@@ -17,7 +17,7 @@ with upstream.
mode change 100644 => 100755 test/recipes/01-test_symbol_presence.t
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
-index 3c80b9dfe1..8ee9db73dd 100644
+index 8a6e87c11a..638dac8844 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -573,7 +573,7 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
@@ -30,10 +30,10 @@ index 3c80b9dfe1..8ee9db73dd 100644
symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
#endif
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
-index 7c51786515..619cf4f385 100644
+index d5ff34a4e2..b4edd825cd 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
-@@ -1763,7 +1763,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+@@ -1757,7 +1757,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
}
EVP_CIPHER_CTX
@@ -43,10 +43,10 @@ index 7c51786515..619cf4f385 100644
symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
#endif
diff --git a/crypto/o_str.c b/crypto/o_str.c
-index 93af73561f..86442a939e 100644
+index 35540630be..fde43421ea 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
-@@ -403,7 +403,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+@@ -406,7 +406,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
#endif
}
@@ -60,7 +60,7 @@ index 93af73561f..86442a939e 100644
{
int t;
-@@ -413,7 +418,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2)
+@@ -416,7 +421,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2)
return t;
}
@@ -77,10 +77,10 @@ index 93af73561f..86442a939e 100644
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
old mode 100644
new mode 100755
-index cc947d4821..de2dcd90c2
+index a70ebef431..a095239652
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
-@@ -186,7 +186,7 @@ foreach (sort keys %stlibname) {
+@@ -188,7 +188,7 @@ foreach (sort keys %stlibname) {
}
}
my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;
@@ -104,5 +104,5 @@ index eab3987a6b..d377d542db 100644
RAND_set0_public 5559 3_1_0 EXIST::FUNCTION:
RAND_set0_private 5560 3_1_0 EXIST::FUNCTION:
--
-2.51.0
+2.52.0
diff --git a/0015-RH-TMP-KTLS-test-skip.patch b/0015-RH-TMP-KTLS-test-skip.patch
index 747eb81..ffaa92b 100644
--- a/0015-RH-TMP-KTLS-test-skip.patch
+++ b/0015-RH-TMP-KTLS-test-skip.patch
@@ -1,7 +1,7 @@
-From 10e7b2643772ca1c4ee069a625754bfeb971d965 Mon Sep 17 00:00:00 2001
+From a6d43e2d94ba1f8ff57dfb403d9d70d9f6f0f433 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 13 Feb 2025 18:11:19 -0500
-Subject: [PATCH 15/59] RH: TMP KTLS test skip
+Subject: [PATCH 15/57] RH: TMP KTLS test skip
From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9
---
@@ -9,10 +9,10 @@ From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/test/sslapitest.c b/test/sslapitest.c
-index fbe284b9ff..05c5ab256f 100644
+index 993d9e6018..a94061d974 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
-@@ -1033,9 +1033,10 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
+@@ -1029,9 +1029,10 @@ end:
/* sock must be connected */
static int ktls_chk_platform(int sock)
{
@@ -26,5 +26,5 @@ index fbe284b9ff..05c5ab256f 100644
static int ping_pong_query(SSL *clientssl, SSL *serverssl)
--
-2.51.0
+2.52.0
diff --git a/0016-RH-Allow-disabling-of-SHA1-signatures.patch b/0016-RH-Allow-disabling-of-SHA1-signatures.patch
index 6fa8bf7..08b87c3 100644
--- a/0016-RH-Allow-disabling-of-SHA1-signatures.patch
+++ b/0016-RH-Allow-disabling-of-SHA1-signatures.patch
@@ -1,7 +1,7 @@
-From 6d93803492f19eeeed8cafd4948badf85a7429c4 Mon Sep 17 00:00:00 2001
+From 1efe3493167934ee77a52eba9a6b2a492885a955 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 21 Aug 2023 13:07:07 +0200
-Subject: [PATCH 16/59] RH: Allow disabling of SHA1 signatures
+Subject: [PATCH 16/57] RH: Allow disabling of SHA1 signatures
Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch
Patch-id: 49
@@ -15,7 +15,7 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
crypto/evp/pmeth_lib.c | 15 ++++
doc/man5/config.pod | 13 ++++
include/crypto/context.h | 8 +++
- include/internal/cryptlib.h | 3 +-
+ include/internal/cryptlib.h | 33 ++++-----
include/internal/sslconf.h | 4 ++
providers/common/include/prov/securitycheck.h | 2 +
providers/common/securitycheck.c | 14 ++++
@@ -25,10 +25,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
providers/implementations/signature/rsa_sig.c | 14 +++-
ssl/t1_lib.c | 8 +++
util/libcrypto.num | 2 +
- 16 files changed, 183 insertions(+), 7 deletions(-)
+ 16 files changed, 198 insertions(+), 22 deletions(-)
diff --git a/crypto/context.c b/crypto/context.c
-index 614c8a2c88..323615e300 100644
+index 62e60f3620..4db9d24b78 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -85,6 +85,8 @@ struct ossl_lib_ctx_st {
@@ -74,7 +74,7 @@ index 614c8a2c88..323615e300 100644
/* Low priority. */
#ifndef FIPS_MODULE
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
-@@ -382,6 +404,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
+@@ -381,6 +403,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
}
#endif
@@ -86,7 +86,7 @@ index 614c8a2c88..323615e300 100644
/* Low priority. */
#ifndef FIPS_MODULE
if (ctx->child_provider != NULL) {
-@@ -660,6 +687,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
+@@ -658,6 +685,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
case OSSL_LIB_CTX_COMP_METHODS:
return (void *)&ctx->comp_methods;
@@ -96,7 +96,7 @@ index 614c8a2c88..323615e300 100644
default:
return NULL;
}
-@@ -714,3 +744,43 @@ void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *libctx, int value)
+@@ -712,3 +742,43 @@ void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *libctx, int value)
return;
libctx->conf_diagnostics = value;
}
@@ -141,7 +141,7 @@ index 614c8a2c88..323615e300 100644
+ return 1;
+}
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
-index 0e7fe64cf9..b9d3b6d226 100644
+index 184bab933c..2ae7ccea15 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -10,6 +10,7 @@
@@ -170,20 +170,20 @@ index 0e7fe64cf9..b9d3b6d226 100644
+ }
} else {
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
- "name=%s, value=%s", oval->name, oval->value);
+ "name=%s, value=%s", oval->name, oval->value);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index c27ed6dbe9..ea1f6cbed3 100644
+index 0a433adbe4..6c9f71569b 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -15,6 +15,7 @@
#include "internal/provider.h"
- #include "internal/numbers.h" /* includes SIZE_MAX */
+ #include "internal/numbers.h" /* includes SIZE_MAX */
#include "evp_local.h"
+#include "internal/sslconf.h"
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
{
-@@ -253,6 +254,19 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -251,6 +252,19 @@ reinitialize:
}
desc = signature->description != NULL ? signature->description : "";
@@ -204,7 +204,7 @@ index c27ed6dbe9..ea1f6cbed3 100644
if (signature->digest_verify_init == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index 08c0d6a7b2..b936ad4447 100644
+index 2a0fc3ef0b..20e80a447d 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
@@ -215,7 +215,7 @@ index 08c0d6a7b2..b936ad4447 100644
#include "evp_local.h"
#ifndef FIPS_MODULE
-@@ -963,6 +964,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
+@@ -952,6 +953,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
return -2;
}
@@ -277,26 +277,57 @@ index 1c181933e0..35bdfdb52d 100644
+#endif
+
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
-index da442f8a86..44a5e8a99a 100644
+index 50aec7e7f4..9678e150e0 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
-@@ -120,7 +120,8 @@ typedef struct ossl_ex_data_global_st {
- # define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20
- # define OSSL_LIB_CTX_COMP_METHODS 21
- # define OSSL_LIB_CTX_INDICATOR_CB_INDEX 22
--# define OSSL_LIB_CTX_MAX_INDEXES 22
-+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 23
-+# define OSSL_LIB_CTX_MAX_INDEXES 23
+@@ -102,23 +102,24 @@ typedef struct ossl_ex_data_global_st {
+ #define OSSL_LIB_CTX_DRBG_NONCE_INDEX 6
+ /* slot 7 unused, was CRNG test data and can be reused */
+ #ifdef FIPS_MODULE
+-#define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX 8
++#define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX 8
+ #endif
+-#define OSSL_LIB_CTX_FIPS_PROV_INDEX 9
+-#define OSSL_LIB_CTX_ENCODER_STORE_INDEX 10
+-#define OSSL_LIB_CTX_DECODER_STORE_INDEX 11
+-#define OSSL_LIB_CTX_SELF_TEST_CB_INDEX 12
+-#define OSSL_LIB_CTX_BIO_PROV_INDEX 13
+-#define OSSL_LIB_CTX_GLOBAL_PROPERTIES 14
+-#define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX 15
+-#define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
+-#define OSSL_LIB_CTX_BIO_CORE_INDEX 17
+-#define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
+-#define OSSL_LIB_CTX_THREAD_INDEX 19
+-#define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20
+-#define OSSL_LIB_CTX_COMP_METHODS 21
+-#define OSSL_LIB_CTX_INDICATOR_CB_INDEX 22
+-#define OSSL_LIB_CTX_MAX_INDEXES 22
++#define OSSL_LIB_CTX_FIPS_PROV_INDEX 9
++#define OSSL_LIB_CTX_ENCODER_STORE_INDEX 10
++#define OSSL_LIB_CTX_DECODER_STORE_INDEX 11
++#define OSSL_LIB_CTX_SELF_TEST_CB_INDEX 12
++#define OSSL_LIB_CTX_BIO_PROV_INDEX 13
++#define OSSL_LIB_CTX_GLOBAL_PROPERTIES 14
++#define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX 15
++#define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
++#define OSSL_LIB_CTX_BIO_CORE_INDEX 17
++#define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
++#define OSSL_LIB_CTX_THREAD_INDEX 19
++#define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20
++#define OSSL_LIB_CTX_COMP_METHODS 21
++#define OSSL_LIB_CTX_INDICATOR_CB_INDEX 22
++#define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 23
++#define OSSL_LIB_CTX_MAX_INDEXES 23
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
-index fd7f7e3331..05464b0655 100644
+index a7cec01bf6..076e139de4 100644
--- a/include/internal/sslconf.h
+++ b/include/internal/sslconf.h
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
- char **arg);
+ char **arg);
+/* Methods to support disabling all signatures with legacy digests */
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
@@ -314,7 +345,7 @@ index 29a2b7fbf8..a48cbb03d2 100644
+
+int rh_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int mdnid);
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
-index 8ef8dc2a81..79a9c48ce2 100644
+index e883ff4865..6985be0400 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -19,6 +19,7 @@
@@ -325,7 +356,7 @@ index 8ef8dc2a81..79a9c48ce2 100644
#define OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS 112
-@@ -219,3 +220,16 @@ int ossl_dh_check_key(const DH *dh)
+@@ -220,3 +221,16 @@ int ossl_dh_check_key(const DH *dh)
return (L == 2048 && (N == 224 || N == 256));
}
#endif /* OPENSSL_NO_DH */
@@ -343,7 +374,7 @@ index 8ef8dc2a81..79a9c48ce2 100644
+ return mdnid;
+}
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
-index dd71fd91eb..9019fd2a80 100644
+index 42823ffe14..4b80f14b40 100644
--- a/providers/common/securitycheck_default.c
+++ b/providers/common/securitycheck_default.c
@@ -15,6 +15,7 @@
@@ -355,7 +386,7 @@ index dd71fd91eb..9019fd2a80 100644
/* Disable the security checks in the default provider */
int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx)
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
-index 887f6cbb90..595aed7e07 100644
+index 51dcc3f230..31a89133a3 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -163,6 +163,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
@@ -367,7 +398,7 @@ index 887f6cbb90..595aed7e07 100644
if (md == NULL) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
-index 73bfbf4aa9..88d83275b1 100644
+index 0c04fc4ec6..2a4faf4a71 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -197,13 +197,15 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
@@ -381,7 +412,7 @@ index 73bfbf4aa9..88d83275b1 100644
+ /* KECCAK-256 is explicitly allowed for ECDSA despite it doesn't have a NID*/
+ if (md_nid <= 0 && !(EVP_MD_is_a(md, "KECCAK-256"))) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
- "digest=%s", mdname);
+ "digest=%s", mdname);
goto err;
}
-#endif
@@ -390,7 +421,7 @@ index 73bfbf4aa9..88d83275b1 100644
if (EVP_MD_xof(md)) {
ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index d8357cfe15..29be5f5028 100644
+index fcdfebbbff..bbdd037728 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -26,6 +26,7 @@
@@ -417,9 +448,9 @@ index d8357cfe15..29be5f5028 100644
+ md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid);
+ if (md_nid <= 0) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
- "digest=%s", mdname);
+ "digest=%s", mdname);
goto err;
-@@ -1765,8 +1768,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+@@ -1760,8 +1763,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->pad_mode = pad_mode;
if (prsactx->md == NULL && pmdname == NULL
@@ -436,7 +467,7 @@ index d8357cfe15..29be5f5028 100644
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 2f71f95438..bea5cab253 100644
+index cd471a636d..35d0a6f1bb 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -21,6 +21,7 @@
@@ -447,7 +478,7 @@ index 2f71f95438..bea5cab253 100644
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
-@@ -2178,6 +2179,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
+@@ -2175,6 +2176,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
EVP_PKEY *tmpkey = EVP_PKEY_new();
int istls;
int ret = 0;
@@ -455,15 +486,15 @@ index 2f71f95438..bea5cab253 100644
if (ctx == NULL)
goto err;
-@@ -2195,6 +2197,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
+@@ -2192,6 +2194,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
goto err;
ERR_set_mark();
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
/* First fill cache and tls12_sigalgs list from legacy algorithm list */
for (i = 0, lu = sigalg_lookup_tbl;
- i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
-@@ -2215,6 +2218,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
+ i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
+@@ -2212,6 +2215,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
cache[i].available = 0;
continue;
}
@@ -486,5 +517,5 @@ index d377d542db..c2c55129ae 100644
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
--
-2.51.0
+2.52.0
diff --git a/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch b/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch
index 62a4fca..7ca651f 100644
--- a/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch
+++ b/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch
@@ -1,7 +1,7 @@
-From 1797d7e47f7bd2a16f56b5f32e31700b871ece30 Mon Sep 17 00:00:00 2001
+From 074607f7c460cda25654f1ee990ddba98af6d6db Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 7 Mar 2025 18:12:33 -0500
-Subject: [PATCH 17/59] FIPS: Red Hat's FIPS module name and version
+Subject: [PATCH 17/57] FIPS: Red Hat's FIPS module name and version
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -9,11 +9,11 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index e260b5b665..e5d798fd54 100644
+index 419878719e..0f006301d7 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -201,13 +201,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
- OSSL_LIB_CTX_FIPS_PROV_INDEX);
+ OSSL_LIB_CTX_FIPS_PROV_INDEX);
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, FIPS_VENDOR))
@@ -30,5 +30,5 @@ index e260b5b665..e5d798fd54 100644
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
--
-2.51.0
+2.52.0
diff --git a/0018-FIPS-disable-fipsinstall.patch b/0018-FIPS-disable-fipsinstall.patch
index 68b00b9..15ff4ea 100644
--- a/0018-FIPS-disable-fipsinstall.patch
+++ b/0018-FIPS-disable-fipsinstall.patch
@@ -1,7 +1,7 @@
-From 08c4167790785c112357fa769b3e0f11654abd2b Mon Sep 17 00:00:00 2001
+From e43a23f06a9e23f1091f88c6dfa6c1bd4e065a7a Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 18/59] FIPS: disable fipsinstall
+Subject: [PATCH 18/57] FIPS: disable fipsinstall
Patch-name: 0034.fipsinstall_disable.patch
Patch-id: 34
@@ -24,10 +24,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
mode change 100644 => 100755 test/recipes/03-test_fipsinstall.t
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
-index 0daa55a1b8..b4e29ac301 100644
+index dcc09a5ed7..e3d5f6e86d 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
-@@ -590,6 +590,9 @@ int fipsinstall_main(int argc, char **argv)
+@@ -636,6 +636,9 @@ int fipsinstall_main(int argc, char **argv)
EVP_MAC *mac = NULL;
CONF *conf = NULL;
@@ -38,7 +38,7 @@ index 0daa55a1b8..b4e29ac301 100644
goto end;
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
-index d44b4a7dac..1c6b783413 100644
+index 2db5acd242..1c6b783413 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -8,484 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation
@@ -406,7 +406,7 @@ index d44b4a7dac..1c6b783413 100644
-
-=item B<-self_test_oninstall>
-
--The converse of B<-self_test_oninstall>. The two fields related to the
+-The converse of B<-self_test_onload>. The two fields related to the
-"test status indicator" and "MAC status indicator" are written to the
-output configuration file.
-This field is not relevant for an OpenSSL FIPS 140-3 provider, since this is no
@@ -530,7 +530,7 @@ index d44b4a7dac..1c6b783413 100644
=head1 COPYRIGHT
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
-index edef2ff598..0762a00d74 100644
+index 635b52aeb1..55bc6e44c6 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -139,10 +139,6 @@ Engine (loadable module) information and manipulation.
@@ -856,5 +856,5 @@ index 3dcbe67c6d..1a5a475d91
# Compatible options for pedantic FIPS compliance
--
-2.51.0
+2.52.0
diff --git a/0019-FIPS-Force-fips-provider-on.patch b/0019-FIPS-Force-fips-provider-on.patch
index 4ab1f7d..f8b7415 100644
--- a/0019-FIPS-Force-fips-provider-on.patch
+++ b/0019-FIPS-Force-fips-provider-on.patch
@@ -1,7 +1,7 @@
-From 91efb2e81287745f7a2817211d00ca5a41f4e8ba Mon Sep 17 00:00:00 2001
+From b8a5ce1fbad62e0f7b023aab827d2888413d5ced Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 19/59] FIPS: Force fips provider on
+Subject: [PATCH 19/57] FIPS: Force fips provider on
Patch-name: 0032-Force-fips.patch
Patch-id: 32
@@ -13,7 +13,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
-index 9649517dd2..1e5053cbce 100644
+index f2e76ac402..a2a8a9942c 100644
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -10,6 +10,8 @@
@@ -75,5 +75,5 @@ index 9649517dd2..1e5053cbce 100644
}
--
-2.51.0
+2.52.0
diff --git a/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch b/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
index f0bd30a..1172c04 100644
--- a/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
+++ b/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
@@ -1,7 +1,7 @@
-From f2fc8dd1549cd4662ad073d8d9689eaa0747385a Mon Sep 17 00:00:00 2001
+From 310346f65db4e3b6052cf165f890f13bfd645f5c Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 20/59] FIPS: INTEG-CHECK: Embed hmac in fips.so - NOTE
+Subject: [PATCH 20/57] FIPS: INTEG-CHECK: Embed hmac in fips.so - NOTE
Corrected by squashing in:
0052-Restore-the-correct-verify_integrity-function.patch
@@ -20,10 +20,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
create mode 100644 test/fipsmodule.cnf
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index 456efd139e..c89e91b587 100644
+index 008a4fac84..c72e2605c4 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
-@@ -235,13 +235,137 @@ err:
+@@ -237,13 +237,137 @@ err:
return ok;
}
@@ -157,12 +157,12 @@ index 456efd139e..c89e91b587 100644
+}
+
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
-- unsigned char *expected, size_t expected_len,
-+ const unsigned char *expected, size_t expected_len,
- OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
- const char *event_type)
+- unsigned char *expected, size_t expected_len,
++ const unsigned char *expected, size_t expected_len,
+ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
+ const char *event_type)
{
-@@ -253,6 +377,9 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -255,6 +379,9 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
EVP_MAC_CTX *ctx = NULL;
OSSL_PARAM params[2], *p = params;
@@ -172,7 +172,7 @@ index 456efd139e..c89e91b587 100644
if (!integrity_self_test(ev, libctx))
goto err;
-@@ -316,7 +443,8 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -318,7 +445,8 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
int ok = 0;
long checksum_len;
OSSL_CORE_BIO *bio_module = NULL;
@@ -182,22 +182,22 @@ index 456efd139e..c89e91b587 100644
OSSL_SELF_TEST *ev = NULL;
EVP_RAND *testrand = NULL;
EVP_RAND_CTX *rng;
-@@ -352,8 +480,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -354,8 +482,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
return 0;
}
- if (st == NULL
-- || st->module_checksum_data == NULL) {
+- || st->module_checksum_data == NULL) {
+ if (st == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
goto end;
}
-@@ -362,8 +489,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -364,8 +491,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (ev == NULL)
goto end;
- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
-- &checksum_len);
+- &checksum_len);
+ if (st->module_checksum_data == NULL) {
+ module_checksum = fips_hmac_container;
+ checksum_len = sizeof(fips_hmac_container);
@@ -210,14 +210,14 @@ index 456efd139e..c89e91b587 100644
if (module_checksum == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
goto end;
-@@ -371,14 +505,28 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -373,14 +507,28 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb");
/* Always check the integrity of the fips module */
- if (bio_module == NULL
-- || !verify_integrity(bio_module, st->bio_read_ex_cb,
-- module_checksum, checksum_len, st->libctx,
-- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
+- || !verify_integrity(bio_module, st->bio_read_ex_cb,
+- module_checksum, checksum_len, st->libctx,
+- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
+ if (bio_module == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
goto end;
@@ -243,7 +243,7 @@ index 456efd139e..c89e91b587 100644
if (!SELF_TEST_kats(ev, st->libctx)) {
ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
goto end;
-@@ -398,7 +546,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -401,7 +549,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
end:
EVP_RAND_free(testrand);
OSSL_SELF_TEST_free(ev);
@@ -261,5 +261,5 @@ index 0000000000..f05d0dedbe
+[fips_sect]
+activate = 1
--
-2.51.0
+2.52.0
diff --git a/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch b/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
index 21cd432..c67b18c 100644
--- a/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
+++ b/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
@@ -1,7 +1,7 @@
-From 11959719a0acee26ca505c79f89af7fc5aeca011 Mon Sep 17 00:00:00 2001
+From 7fb0257ff4158f41306b730e0b2851bcd6d22747 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 20 Feb 2025 15:30:32 -0500
-Subject: [PATCH 21/59] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so
+Subject: [PATCH 21/57] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so
This script rewrites the fips.so binary to embed the hmac result into it
so that after a build it can be called to make the fips.so as modified
@@ -28,5 +28,5 @@ index 0000000000..54ae60b07f
+objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
+mv providers/fips.so.mac providers/fips.so
--
-2.51.0
+2.52.0
diff --git a/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch b/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
index 8302ce5..33aa3ef 100644
--- a/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
+++ b/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
@@ -1,7 +1,7 @@
-From 2ec805ecc3c89c4db5dea64b2b1f9be756595347 Mon Sep 17 00:00:00 2001
+From a155bf631d4d923ed08f554344c44d07571d6e02 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 22/59] FIPS: INTEG-CHECK: Execute KATS before HMAC - REVIEW
+Subject: [PATCH 22/57] FIPS: INTEG-CHECK: Execute KATS before HMAC - REVIEW
Patch-name: 0047-FIPS-early-KATS.patch
Patch-id: 47
@@ -13,10 +13,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index c89e91b587..98bf6ad203 100644
+index c72e2605c4..470cf1fc28 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
-@@ -489,6 +489,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -491,6 +491,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (ev == NULL)
goto end;
@@ -32,7 +32,7 @@ index c89e91b587..98bf6ad203 100644
if (st->module_checksum_data == NULL) {
module_checksum = fips_hmac_container;
checksum_len = sizeof(fips_hmac_container);
-@@ -527,11 +536,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -529,11 +538,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
}
}
@@ -45,5 +45,5 @@ index c89e91b587..98bf6ad203 100644
rng = ossl_rand_get0_private_noncreating(st->libctx);
if (rng != NULL)
--
-2.51.0
+2.52.0
diff --git a/0023-FIPS-RSA-encrypt-limits-REVIEW.patch b/0023-FIPS-RSA-encrypt-limits-REVIEW.patch
index 5976d4c..0e42771 100644
--- a/0023-FIPS-RSA-encrypt-limits-REVIEW.patch
+++ b/0023-FIPS-RSA-encrypt-limits-REVIEW.patch
@@ -1,7 +1,7 @@
-From decf5f9abf903fc3609d1aaaf84b9d437afb4072 Mon Sep 17 00:00:00 2001
+From 97d32c648aa0ba85165f40a9b9fca194301420fa Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 23/59] FIPS: RSA: encrypt limits - REVIEW
+Subject: [PATCH 23/57] FIPS: RSA: encrypt limits - REVIEW
Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
Patch-id: 58
@@ -19,10 +19,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
mode change 100644 => 100755 test/recipes/80-test_ssl_old.t
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
-index 79a9c48ce2..0e517542bc 100644
+index 6985be0400..37000c8627 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
-@@ -65,6 +65,7 @@ int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect)
+@@ -66,6 +66,7 @@ int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect)
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
*/
@@ -44,7 +44,7 @@ index 78f9fc0655..6bd783eb0a 100644
OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 0)
OSSL_FIPS_PARAM(hkdf_key_check, HKDF_KEY_CHECK, 0)
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
-index e6b676d0f8..6d6650bd81 100644
+index 4995b00102..0b14fbc58d 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -174,6 +174,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
@@ -66,7 +66,7 @@ index e6b676d0f8..6d6650bd81 100644
if (out == NULL) {
*outlen = len;
return 1;
-@@ -235,6 +247,20 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+@@ -234,6 +246,20 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
if (!ossl_prov_is_running())
return 0;
@@ -911,7 +911,7 @@ index 18e11bdaa9..17ceb59148 100644
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 4031dbec77..92a48a09c6 100644
+index 279a498475..c278987186 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -267,7 +267,7 @@ my @smime_pkcs7_tests = (
@@ -981,5 +981,5 @@ index f7be2e1872..568a1ddba4
}
next if $protocol eq "-tls1_3";
--
-2.51.0
+2.52.0
diff --git a/0024-FIPS-RSA-PCTs.patch b/0024-FIPS-RSA-PCTs.patch
index 2c3eca1..59913f1 100644
--- a/0024-FIPS-RSA-PCTs.patch
+++ b/0024-FIPS-RSA-PCTs.patch
@@ -1,7 +1,7 @@
-From e19989c58ad6450428ee68fa4d81e022925872c1 Mon Sep 17 00:00:00 2001
+From 034d02d047e4a4d84d5c8ca2b54557b1679e8610 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 24 Mar 2025 10:50:37 -0400
-Subject: [PATCH 24/59] FIPS: RSA: PCTs
+Subject: [PATCH 24/57] FIPS: RSA: PCTs
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -10,10 +10,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
2 files changed, 61 insertions(+), 4 deletions(-)
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
-index cd74275d60..52087abff6 100644
+index 3582936d67..383c3071a9 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
-@@ -434,6 +434,7 @@ struct rsa_gen_ctx {
+@@ -428,6 +428,7 @@ struct rsa_gen_ctx {
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
/* ACVP test parameters */
OSSL_PARAM *acvp_test_params;
@@ -21,7 +21,7 @@ index cd74275d60..52087abff6 100644
#endif
};
-@@ -447,6 +448,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb)
+@@ -441,6 +442,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb)
return gctx->cb(params, gctx->cbarg);
}
@@ -32,9 +32,9 @@ index cd74275d60..52087abff6 100644
+#endif
+
static void *gen_init(void *provctx, int selection, int rsa_type,
- const OSSL_PARAM params[])
+ const OSSL_PARAM params[])
{
-@@ -474,6 +481,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type,
+@@ -468,6 +475,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type,
if (!rsa_gen_set_params(gctx, params))
goto err;
@@ -45,7 +45,7 @@ index cd74275d60..52087abff6 100644
return gctx;
err:
-@@ -630,6 +641,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+@@ -624,6 +635,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
rsa = rsa_tmp;
rsa_tmp = NULL;
@@ -54,10 +54,10 @@ index cd74275d60..52087abff6 100644
+ if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1)
+ abort();
+#endif
- err:
+ err:
BN_GENCB_free(gencb);
RSA_free(rsa_tmp);
-@@ -645,6 +661,8 @@ static void rsa_gen_cleanup(void *genctx)
+@@ -639,6 +655,8 @@ static void rsa_gen_cleanup(void *genctx)
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
gctx->acvp_test_params = NULL;
@@ -67,7 +67,7 @@ index cd74275d60..52087abff6 100644
BN_clear_free(gctx->pub_exp);
OPENSSL_free(gctx);
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 29be5f5028..670125464e 100644
+index bbdd037728..4e0744eeba 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -37,7 +37,7 @@
@@ -97,7 +97,7 @@ index 29be5f5028..670125464e 100644
{
PROV_RSA_CTX *prsactx = NULL;
char *propq_copy = NULL;
-@@ -1316,7 +1316,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
+@@ -1309,7 +1309,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
return ok;
}
@@ -106,7 +106,7 @@ index 29be5f5028..670125464e 100644
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
-@@ -1866,6 +1866,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx)
+@@ -1861,6 +1861,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx)
return EVP_MD_settable_ctx_params(prsactx->md);
}
@@ -153,5 +153,5 @@ index 29be5f5028..670125464e 100644
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
--
-2.51.0
+2.52.0
diff --git a/0025-FIPS-RSA-encapsulate-limits.patch b/0025-FIPS-RSA-encapsulate-limits.patch
index 7aa84db..6a78869 100644
--- a/0025-FIPS-RSA-encapsulate-limits.patch
+++ b/0025-FIPS-RSA-encapsulate-limits.patch
@@ -1,7 +1,7 @@
-From 178f344c1bad06adc0fe187fb24da2b036cc3628 Mon Sep 17 00:00:00 2001
+From ca999ba4305afdf6b8465708ecc1a472543bbad6 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 25/59] FIPS: RSA: encapsulate limits
+Subject: [PATCH 25/57] FIPS: RSA: encapsulate limits
Patch-name: 0091-FIPS-RSA-encapsulate.patch
Patch-id: 91
@@ -14,7 +14,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
2 files changed, 15 insertions(+)
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
-index 7494dcc010..5d6123e8cb 100644
+index f7bf368a0d..a05cf7c748 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -284,6 +284,13 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
@@ -31,7 +31,7 @@ index 7494dcc010..5d6123e8cb 100644
if (out == NULL) {
if (nlen == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
-@@ -360,6 +367,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
+@@ -359,6 +366,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
/* Step (1): get the byte length of n */
nlen = RSA_size(prsactx->rsa);
@@ -55,5 +55,5 @@ index ecab1454e7..8e5edd35fe 100644
Op = RSASVE
+Result = TEST_ENCAPSULATE_LEN_ERROR
--
-2.51.0
+2.52.0
diff --git a/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch b/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
index 9dd08fa..dafa253 100644
--- a/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
+++ b/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
@@ -1,7 +1,7 @@
-From 4d1abf9cc029a713b4bf433af06d3c6507ae2ebc Mon Sep 17 00:00:00 2001
+From 05d9c9154e199bb4a84e215f0b20bd06ac5081d8 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 26/59] FIPS: RSA: Disallow SHAKE in OAEP and PSS
+Subject: [PATCH 26/57] FIPS: RSA: Disallow SHAKE in OAEP and PSS
According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms
must not be used in higher-level algorithms (such as RSA-OAEP and
@@ -25,7 +25,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
2 files changed, 32 insertions(+)
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
-index 5a1c080fcd..11cd78618b 100644
+index 453205b56c..e45d4bc278 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -76,6 +76,14 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
@@ -59,7 +59,7 @@ index 5a1c080fcd..11cd78618b 100644
/* XOF are approved as standalone; Shake256 in Ed448; MGF */
if (EVP_MD_xof(md)) {
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
-index a2bc198a89..2833ca50f3 100644
+index 98d6e70346..7fe78b9055 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -61,6 +61,14 @@ int ossl_rsa_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
@@ -93,5 +93,5 @@ index a2bc198a89..2833ca50f3 100644
if (hLen <= 0)
goto err;
--
-2.51.0
+2.52.0
diff --git a/0027-FIPS-RSA-size-mode-restrictions.patch b/0027-FIPS-RSA-size-mode-restrictions.patch
index 654f678..cc2ca96 100644
--- a/0027-FIPS-RSA-size-mode-restrictions.patch
+++ b/0027-FIPS-RSA-size-mode-restrictions.patch
@@ -1,7 +1,7 @@
-From 564140b9980fba626d7b52c6072b1d9cb87150da Mon Sep 17 00:00:00 2001
+From 4191527585ab1e8923249885cbf87d2f91b8804f Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 7 Mar 2025 18:20:30 -0500
-Subject: [PATCH 27/59] FIPS: RSA: size/mode restrictions
+Subject: [PATCH 27/57] FIPS: RSA: size/mode restrictions
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -12,10 +12,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
4 files changed, 86 insertions(+), 4 deletions(-)
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 670125464e..664c59d2ef 100644
+index 4e0744eeba..f38431fd60 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
-@@ -939,6 +939,19 @@ static int rsa_verify_recover(void *vprsactx,
+@@ -935,6 +935,19 @@ static int rsa_verify_recover(void *vprsactx,
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
int ret;
@@ -35,8 +35,8 @@ index 670125464e..664c59d2ef 100644
if (!ossl_prov_is_running())
return 0;
-@@ -1033,6 +1046,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx,
- const unsigned char *tbs, size_t tbslen)
+@@ -1027,6 +1040,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx,
+ const unsigned char *tbs, size_t tbslen)
{
size_t rslen;
+# ifdef FIPS_MODULE
@@ -56,7 +56,7 @@ index 670125464e..664c59d2ef 100644
if (!ossl_prov_is_running())
return 0;
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 19420d6c6a..5ab1ccee93 100644
+index 15be7e8067..823ad48e02 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -350,6 +350,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
@@ -70,7 +70,7 @@ index 19420d6c6a..5ab1ccee93 100644
* We ignore any errors from the fetches below. They are expected to fail
* if these algorithms are not available.
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt
-index f1dc5dd2a2..6ae973eaac 100644
+index 42819f7c41..65a75469f9 100644
--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt
@@ -268,8 +268,19 @@ TwIDAQAB
@@ -437,5 +437,5 @@ index 17ceb59148..972e90f32f 100644
# Signing with SHA1 is not allowed in fips mode
Availablein = fips
--
-2.51.0
+2.52.0
diff --git a/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch b/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch
index cea491f..d472fd7 100644
--- a/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch
+++ b/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch
@@ -1,7 +1,7 @@
-From 84323511d9558acb40614ca7cd19436901b02629 Mon Sep 17 00:00:00 2001
+From d72621c7c9fd09b4d6a917b3a721f0fd114b950d Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 24 Mar 2025 11:03:45 -0400
-Subject: [PATCH 28/59] FIPS: RSA: Mark x931 as not approved by default
+Subject: [PATCH 28/57] FIPS: RSA: Mark x931 as not approved by default
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -22,5 +22,5 @@ index 6bd783eb0a..c1b029de86 100644
OSSL_FIPS_PARAM(kbkdf_key_check, KBKDF_KEY_CHECK, 0)
OSSL_FIPS_PARAM(tls13_kdf_key_check, TLS13_KDF_KEY_CHECK, 0)
--
-2.51.0
+2.52.0
diff --git a/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch b/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
index feda848..e8eded5 100644
--- a/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
+++ b/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
@@ -1,7 +1,7 @@
-From be283ef7233549606bd5f2222c94e2bed92c4a6d Mon Sep 17 00:00:00 2001
+From 3618981a35438119a4027d1bf3cb3902431adaa4 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:16 +0100
-Subject: [PATCH 29/59] FIPS: RSA: Remove X9.31 padding signatures tests
+Subject: [PATCH 29/57] FIPS: RSA: Remove X9.31 padding signatures tests
The current draft of FIPS 186-5 [1] no longer contains specifications
for X9.31 signature padding. Instead, it contains the following
@@ -278,5 +278,5 @@ index 97ec1ff3e5..31fa0eafc6 100644
"pss",
4096,
--
-2.51.0
+2.52.0
diff --git a/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch b/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
index 0727a78..60a1401 100644
--- a/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
+++ b/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
@@ -1,7 +1,7 @@
-From dcf7af9b6a78929682a539c30c388d6329460fde Mon Sep 17 00:00:00 2001
+From 83b5a2e3a74780873c8831fd8e3cc6bde0006820 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 12 Feb 2025 17:12:02 -0500
-Subject: [PATCH 30/59] FIPS: RSA: NEEDS-REWORK:
+Subject: [PATCH 30/57] FIPS: RSA: NEEDS-REWORK:
FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed
Signed-off-by: Simo Sorce <simo@redhat.com>
@@ -383,5 +383,5 @@ index 0000000000..2833a383c1
+--
+
--
-2.51.0
+2.52.0
diff --git a/0031-FIPS-Deny-SHA-1-signature-verification.patch b/0031-FIPS-Deny-SHA-1-signature-verification.patch
index 77dc5f3..df30692 100644
--- a/0031-FIPS-Deny-SHA-1-signature-verification.patch
+++ b/0031-FIPS-Deny-SHA-1-signature-verification.patch
@@ -1,7 +1,7 @@
-From 7e1051bf5a1fb9c3b10e1485550d663b2b1f3ba6 Mon Sep 17 00:00:00 2001
+From 7061b3b659e0386efa58d9dfb94a4f84832884d0 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 31/59] FIPS: Deny SHA-1 signature verification
+Subject: [PATCH 31/57] FIPS: Deny SHA-1 signature verification
For RHEL, we already disable SHA-1 signatures by default in the default
provider, so it is unexpected that the FIPS provider would have a more
@@ -31,62 +31,65 @@ Signed-off-by: Clemens Lang <cllang@redhat.com>
Bug Id: https://bugzilla.redhat.com/show_bug.cgi?id=2087147
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
- providers/implementations/signature/dsa_sig.c | 4 +-
- .../implementations/signature/ecdsa_sig.c | 4 +-
- providers/implementations/signature/rsa_sig.c | 8 ++-
+ providers/implementations/signature/dsa_sig.c | 5 +-
+ .../implementations/signature/ecdsa_sig.c | 5 +-
+ providers/implementations/signature/rsa_sig.c | 9 +--
.../30-test_evp_data/evppkey_ecdsa.txt | 11 +++-
.../30-test_evp_data/evppkey_ecdsa_sigalg.txt | 64 ++++++++++++++++---
.../30-test_evp_data/evppkey_rsa_common.txt | 58 +++++++++++++++--
test/recipes/80-test_cms.t | 4 +-
test/recipes/80-test_ssl_old.t | 4 ++
- 8 files changed, 130 insertions(+), 27 deletions(-)
+ 8 files changed, 130 insertions(+), 30 deletions(-)
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
-index 595aed7e07..42085e5ade 100644
+index 31a89133a3..0de750c247 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
-@@ -187,9 +187,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
+@@ -187,10 +187,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
}
#ifdef FIPS_MODULE
{
- int sha1_allowed
- = ((ctx->operation
-- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0);
+- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG))
+- == 0);
+ int sha1_allowed = 0;
if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
- OSSL_FIPS_IND_SETTABLE1,
+ OSSL_FIPS_IND_SETTABLE1,
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
-index 88d83275b1..01b3023891 100644
+index 2a4faf4a71..f5c101005f 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
-@@ -214,9 +214,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
+@@ -214,10 +214,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
#ifdef FIPS_MODULE
{
- int sha1_allowed
- = ((ctx->operation
-- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0);
+- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG))
+- == 0);
+ int sha1_allowed = 0;
if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
- OSSL_FIPS_IND_SETTABLE1,
+ OSSL_FIPS_IND_SETTABLE1,
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 664c59d2ef..1e2394eb7d 100644
+index f38431fd60..e90ce3c223 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
-@@ -407,9 +407,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
+@@ -407,10 +407,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
}
#ifdef FIPS_MODULE
{
- int sha1_allowed
- = ((ctx->operation
-- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0);
+- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG))
+- == 0);
+ int sha1_allowed = 0;
if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
- OSSL_FIPS_IND_SETTABLE1,
-@@ -1795,11 +1793,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+ OSSL_FIPS_IND_SETTABLE1,
+@@ -1790,11 +1787,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
if (prsactx->md == NULL && pmdname == NULL
&& pad_mode == RSA_PKCS1_PSS_PADDING) {
@@ -660,7 +663,7 @@ index 972e90f32f..61e2b4e3ac 100644
Availablein = fips
FIPSversion = >=3.4.0
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 92a48a09c6..cf4541449b 100644
+index c278987186..91283c5e74 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -183,7 +183,7 @@ my @smime_pkcs7_tests = (
@@ -704,5 +707,5 @@ index 568a1ddba4..6332aaec4b 100755
SKIP: {
skip "No IPv4 available on this machine", 4
--
-2.51.0
+2.52.0
diff --git a/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch b/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
index d4f500a..44d72df 100644
--- a/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
+++ b/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
@@ -1,7 +1,7 @@
-From 0e25cdf0be520bcca8e8673e015f938947217d28 Mon Sep 17 00:00:00 2001
+From 80a4d4da42db9711d06953f4dcd6e9f29c001292 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:16 +0100
-Subject: [PATCH 32/59] FIPS: RAND: FIPS-140-3 DRBG - NEEDS REVIEW
+Subject: [PATCH 32/57] FIPS: RAND: FIPS-140-3 DRBG - NEEDS REVIEW
providers/implementations/rands/crngt.c is gone
@@ -14,11 +14,11 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/rand/prov_seed.c | 9 ++-
providers/implementations/rands/drbg.c | 11 ++-
- .../implementations/rands/seeding/rand_unix.c | 68 ++-----------------
- 3 files changed, 22 insertions(+), 66 deletions(-)
+ .../implementations/rands/seeding/rand_unix.c | 70 ++-----------------
+ 3 files changed, 23 insertions(+), 67 deletions(-)
diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
-index 2985c7f2d8..3202a28226 100644
+index 8466ded8ab..24feab20e5 100644
--- a/crypto/rand/prov_seed.c
+++ b/crypto/rand/prov_seed.c
@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_LIB_CTX *ctx,
@@ -38,10 +38,10 @@ index 2985c7f2d8..3202a28226 100644
ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB);
return 0;
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
-index 4925a3b400..1cdb67b22c 100644
+index f9d90d5d43..6b23d55cf5 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
-@@ -559,6 +559,9 @@ static int ossl_prov_drbg_reseed_unlocked(PROV_DRBG *drbg,
+@@ -556,6 +556,9 @@ static int ossl_prov_drbg_reseed_unlocked(PROV_DRBG *drbg,
#endif
}
@@ -50,13 +50,13 @@ index 4925a3b400..1cdb67b22c 100644
+#endif
/* Reseed using our sources in addition */
entropylen = get_entropy(drbg, &entropy, drbg->strength,
- drbg->min_entropylen, drbg->max_entropylen,
-@@ -680,8 +683,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
+ drbg->min_entropylen, drbg->max_entropylen,
+@@ -677,8 +680,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
reseed_required = 1;
}
if (drbg->parent != NULL
-- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
-+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
+- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
++ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
+#ifdef FIPS_MODULE
+ /* Red Hat patches provide chain reseeding when necessary so just sync counters*/
+ drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
@@ -68,19 +68,26 @@ index 4925a3b400..1cdb67b22c 100644
if (reseed_required || prediction_resistance) {
if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL,
diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
-index c3a5d8b3bf..b7b34a9345 100644
+index 80ae817313..1e73a1ec28 100644
--- a/providers/implementations/rands/seeding/rand_unix.c
+++ b/providers/implementations/rands/seeding/rand_unix.c
-@@ -53,6 +53,8 @@
- # include <fcntl.h>
- # include <unistd.h>
- # include <sys/time.h>
-+# include <sys/random.h>
-+# include <openssl/evp.h>
+@@ -47,12 +47,14 @@
+ #endif
+
+ #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \
+- || defined(__DJGPP__)
++ || defined(__DJGPP__)
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <sys/time.h>
++#include <sys/random.h>
++#include <openssl/evp.h>
static uint64_t get_time_stamp(void);
-@@ -339,70 +341,8 @@ static ssize_t syscall_random(void *buf, size_t buflen)
+@@ -338,70 +340,8 @@ static ssize_t syscall_random(void *buf, size_t buflen)
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check.
*/
@@ -97,8 +104,8 @@ index c3a5d8b3bf..b7b34a9345 100644
- * Note: Sometimes getentropy() can be provided but not implemented
- * internally. So we need to check errno for ENOSYS
- */
--# if !defined(__DragonFly__) && !defined(__NetBSD__) && !defined(__FreeBSD__)
--# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
+-#if !defined(__DragonFly__) && !defined(__NetBSD__) && !defined(__FreeBSD__)
+-#if defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) && !defined(__hpux)
- extern int getentropy(void *buffer, size_t length) __attribute__((weak));
-
- if (getentropy != NULL) {
@@ -107,13 +114,13 @@ index c3a5d8b3bf..b7b34a9345 100644
- if (errno != ENOSYS)
- return -1;
- }
--# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
+-#elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
-
- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
-- return (ssize_t)buflen;
+- return (ssize_t)buflen;
-
- return -1;
--# else
+-#else
- union {
- void *p;
- int (*f)(void *buffer, size_t length);
@@ -128,31 +135,31 @@ index c3a5d8b3bf..b7b34a9345 100644
- ERR_pop_to_mark();
- if (p_getentropy.p != NULL)
- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
--# endif
--# endif /* !__DragonFly__ && !__NetBSD__ && !__FreeBSD__ */
+-#endif
+-#endif /* !__DragonFly__ && !__NetBSD__ && !__FreeBSD__ */
-
- /* Linux supports this since version 3.17 */
--# if defined(__linux) && defined(__NR_getrandom)
+-#if defined(__linux) && defined(__NR_getrandom)
- return syscall(__NR_getrandom, buf, buflen, 0);
--# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \
-- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) \
-- || (defined(__FreeBSD__) && __FreeBSD_version >= 1200061)
+-#elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \
+- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) \
+- || (defined(__FreeBSD__) && __FreeBSD_version >= 1200061)
- return getrandom(buf, buflen, 0);
--# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+-#elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
- return sysctl_random(buf, buflen);
--# elif defined(__wasi__)
+-#elif defined(__wasi__)
- if (getentropy(buf, buflen) == 0)
-- return (ssize_t)buflen;
+- return (ssize_t)buflen;
- return -1;
--# else
+-#else
- errno = ENOSYS;
- return -1;
--# endif
+-#endif
+ /* Red Hat uses downstream patch to always seed from getrandom() */
+ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0);
}
- # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
+ #endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
--
-2.51.0
+2.52.0
diff --git a/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch b/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
index d22e38b..853bd50 100644
--- a/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
+++ b/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
@@ -1,7 +1,7 @@
-From d0cef8f6f866d1fa37fd1d673e25adba210a3ad3 Mon Sep 17 00:00:00 2001
+From 2d385a2615dd7c6f33f824183ec6f65ef2c9327c Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:16 +0100
-Subject: [PATCH 33/59] FIPS: RAND: Forbid truncated hashes & SHA-3
+Subject: [PATCH 33/57] FIPS: RAND: Forbid truncated hashes & SHA-3
Section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs"
of the Implementation Guidance for FIPS 140-3 [1] notes that there is no
@@ -30,12 +30,12 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
3 files changed, 187 insertions(+), 34 deletions(-)
diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c
-index 8bb831ae35..cedf5c3894 100644
+index 92eb443c6e..a63b21eade 100644
--- a/providers/implementations/rands/drbg_hash.c
+++ b/providers/implementations/rands/drbg_hash.c
@@ -579,6 +579,18 @@ static int drbg_hash_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[]
if (!ossl_drbg_verify_digest(ctx, libctx, md))
- return 0; /* Error already raised for us */
+ return 0; /* Error already raised for us */
+#ifdef FIPS_MODULE
+ if (!EVP_MD_is_a(md, SN_sha1)
@@ -53,12 +53,12 @@ index 8bb831ae35..cedf5c3894 100644
md_size = EVP_MD_get_size(md);
if (md_size <= 0)
diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
-index 43b3f8766e..64b7610cd1 100644
+index ff8a6cd6f0..d041897bb8 100644
--- a/providers/implementations/rands/drbg_hmac.c
+++ b/providers/implementations/rands/drbg_hmac.c
-@@ -505,6 +505,18 @@ static int drbg_hmac_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[]
+@@ -522,6 +522,18 @@ static int drbg_hmac_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[]
if (md != NULL && !ossl_drbg_verify_digest(ctx, libctx, md))
- return 0; /* Error already raised for us */
+ return 0; /* Error already raised for us */
+#ifdef FIPS_MODULE
+ if (!EVP_MD_is_a(md, SN_sha1)
@@ -1191,5 +1191,5 @@ index 9756859c0e..9baecf6f31 100644
+#Nonce.0 = 15e32abbae6b7433
+#Output.0 = ee9f
--
-2.51.0
+2.52.0
diff --git a/0034-FIPS-PBKDF2-Set-minimum-password-length.patch b/0034-FIPS-PBKDF2-Set-minimum-password-length.patch
index 10999a6..36c7b19 100644
--- a/0034-FIPS-PBKDF2-Set-minimum-password-length.patch
+++ b/0034-FIPS-PBKDF2-Set-minimum-password-length.patch
@@ -1,7 +1,7 @@
-From c72f83a3c8f66e7d6848bf8b67b66fecb9aefe6f Mon Sep 17 00:00:00 2001
+From 0be17f1220667a7c7758e10dead4be80d521b3fc Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 34/59] FIPS: PBKDF2: Set minimum password length
+Subject: [PATCH 34/57] FIPS: PBKDF2: Set minimum password length
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@@ -30,13 +30,13 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
1 file changed, 33 insertions(+), 6 deletions(-)
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
-index b383314064..68f9355b7d 100644
+index 581c8f8799..cc15db4c73 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -36,6 +36,21 @@
#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
#define KDF_PBKDF2_MIN_ITERATIONS 1000
- #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
+ #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
+/* The Implementation Guidance for FIPS 140-3 says in section D.N
+ * "Password-Based Key Derivation for Storage Applications" that "the vendor
+ * shall document in the module’s Security Policy the length of
@@ -59,10 +59,10 @@ index b383314064..68f9355b7d 100644
}
static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter,
-- size_t keylen, int *error,
-- const char **desc)
-+ size_t keylen, size_t passlen,
-+ int *error, const char **desc)
+- size_t keylen, int *error,
+- const char **desc)
++ size_t keylen, size_t passlen,
++ int *error, const char **desc)
{
if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
*error = PROV_R_KEY_SIZE_TOO_SMALL;
@@ -84,9 +84,9 @@ index b383314064..68f9355b7d 100644
int error = 0;
const char *desc = NULL;
int approved = pbkdf2_lower_bound_check_passed(ctx->salt_len, ctx->iter,
-- keylen, &error, &desc);
-+ keylen, ctx->pass_len,
-+ &error, &desc);
+- keylen, &error, &desc);
++ keylen, ctx->pass_len,
++ &error, &desc);
if (!approved) {
if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, libctx,
@@ -111,11 +111,11 @@ index b383314064..68f9355b7d 100644
if (lower_bound_checks) {
int error = 0;
int passed = pbkdf2_lower_bound_check_passed(saltlen, iter, keylen,
-- &error, NULL);
-+ passlen, &error, NULL);
+- &error, NULL);
++ passlen, &error, NULL);
if (!passed) {
ERR_raise(ERR_LIB_PROV, error);
--
-2.51.0
+2.52.0
diff --git a/0035-FIPS-DH-PCT.patch b/0035-FIPS-DH-PCT.patch
index 52883a6..f8724b4 100644
--- a/0035-FIPS-DH-PCT.patch
+++ b/0035-FIPS-DH-PCT.patch
@@ -1,7 +1,7 @@
-From d982e6a817871b174732027eed8b750aa9f8ae4b Mon Sep 17 00:00:00 2001
+From a1ee967fae9cb6f4a06d4ffbcd62c6efd9ac05f0 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 24 Mar 2025 10:49:00 -0400
-Subject: [PATCH 35/59] FIPS: DH: PCT
+Subject: [PATCH 35/57] FIPS: DH: PCT
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -9,7 +9,7 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
1 file changed, 26 insertions(+)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index 052d4d29ed..ace02bb0db 100644
+index 2d9f7a8100..ae47dc2cd9 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
@@ -46,7 +46,7 @@ index 052d4d29ed..ace02bb0db 100644
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
-@@ -371,8 +384,21 @@ static int generate_key(DH *dh)
+@@ -370,8 +383,21 @@ static int generate_key(DH *dh)
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
goto err;
@@ -67,7 +67,7 @@ index 052d4d29ed..ace02bb0db 100644
+
dh->dirty_cnt++;
ok = 1;
- err:
+ err:
--
-2.51.0
+2.52.0
diff --git a/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch b/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch
index 8cc3a3d..a5d6f55 100644
--- a/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch
+++ b/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch
@@ -1,7 +1,7 @@
-From 3f8b36370630e57ad848be5d804df4169d6a35a2 Mon Sep 17 00:00:00 2001
+From a7ddcb6ceef64c92b5c21389900477bc3a38f46d Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 36/59] FIPS: DH: Disable FIPS 186-4 type parameters
+Subject: [PATCH 36/57] FIPS: DH: Disable FIPS 186-4 type parameters
For DH parameter and key pair generation/verification, the DSA
procedures specified in FIPS 186-4 are used. With the release of FIPS
@@ -29,17 +29,17 @@ NOTE: Dropped changes in test/recipes/80-test_cms.t
crypto/dh/dh_check.c | 12 ++--
crypto/dh/dh_gen.c | 12 +++-
crypto/dh/dh_key.c | 13 ++--
- crypto/dh/dh_pmeth.c | 10 +++-
+ crypto/dh/dh_pmeth.c | 16 +++--
providers/implementations/keymgmt/dh_kmgmt.c | 5 ++
test/endecode_test.c | 4 +-
test/evp_libctx_test.c | 2 +-
test/helpers/predefined_dhparams.c | 62 ++++++++++++++++++++
test/helpers/predefined_dhparams.h | 1 +
test/recipes/80-test_ssl_old.t | 3 +
- 11 files changed, 116 insertions(+), 18 deletions(-)
+ 11 files changed, 119 insertions(+), 21 deletions(-)
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
-index 1aaa88daca..aa3a491799 100644
+index f68429862c..00b229a295 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -47,6 +47,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
@@ -56,11 +56,11 @@ index 1aaa88daca..aa3a491799 100644
+ }
+#endif
+
- param_priv_len =
- OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
+ param_priv_len = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
if (param_priv_len != NULL
+ && (!OSSL_PARAM_get_long(param_priv_len, &priv_len)
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
-index 2d899dc96f..a4e6d1dd18 100644
+index 3002609b68..2aabdd2908 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -58,13 +58,15 @@ int DH_check_params(const DH *dh, int *ret)
@@ -75,7 +75,7 @@ index 2d899dc96f..a4e6d1dd18 100644
+ * FIPS 186-4 explicit domain parameters are no longer supported in FIPS mode.
*/
- return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params,
-- FFC_PARAM_TYPE_DH, ret, NULL);
+- FFC_PARAM_TYPE_DH, ret, NULL);
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
+ "FIPS 186-4 type domain parameters no longer allowed in"
+ " FIPS mode, since the required validation routines were"
@@ -85,12 +85,12 @@ index 2d899dc96f..a4e6d1dd18 100644
#else
int DH_check_params(const DH *dh, int *ret)
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
-index b73bfb7f3b..275ce2c1af 100644
+index 094b6e70c7..d0c1fc5367 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
- BN_GENCB *cb)
+ BN_GENCB *cb)
{
- int ret, res;
+ int ret = 0;
@@ -100,13 +100,13 @@ index b73bfb7f3b..275ce2c1af 100644
+
if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
- FFC_PARAM_TYPE_DH,
- pbits, qbits, &res, cb);
+ FFC_PARAM_TYPE_DH,
+ pbits, qbits, &res, cb);
else
-#endif
ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
- FFC_PARAM_TYPE_DH,
- pbits, qbits, &res, cb);
+ FFC_PARAM_TYPE_DH,
+ pbits, qbits, &res, cb);
+#else
+ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
@@ -118,10 +118,10 @@ index b73bfb7f3b..275ce2c1af 100644
dh->dirty_cnt++;
return ret;
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index ace02bb0db..f505f2fa87 100644
+index ae47dc2cd9..4ddc1b83c7 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
-@@ -336,8 +336,12 @@ static int generate_key(DH *dh)
+@@ -335,8 +335,12 @@ static int generate_key(DH *dh)
goto err;
} else {
#ifdef FIPS_MODULE
@@ -136,7 +136,7 @@ index ace02bb0db..f505f2fa87 100644
#else
if (dh->params.q == NULL) {
/* secret exponent length, must satisfy 2^l < (p-1)/2 */
-@@ -360,9 +364,7 @@ static int generate_key(DH *dh)
+@@ -359,9 +363,7 @@ static int generate_key(DH *dh)
if (!BN_clear_bit(priv_key, 0))
goto err;
}
@@ -146,9 +146,9 @@ index ace02bb0db..f505f2fa87 100644
+ } else {
/* Do a partial check for invalid p, q, g */
if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params,
- FFC_PARAM_TYPE_DH, NULL))
-@@ -378,6 +380,7 @@ static int generate_key(DH *dh)
- priv_key))
+ FFC_PARAM_TYPE_DH, NULL))
+@@ -377,6 +379,7 @@ static int generate_key(DH *dh)
+ priv_key))
goto err;
}
+#endif
@@ -156,35 +156,38 @@ index ace02bb0db..f505f2fa87 100644
}
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
-index 74bef9370d..c2c910b9c8 100644
+index dd36dce281..21ac48c1de 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
-@@ -303,13 +303,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx,
- prime_len, subprime_len, &res,
- pcb);
+@@ -301,13 +301,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx,
+ prime_len, subprime_len, &res,
+ pcb);
else
--# endif
-- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */
-- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2)
- rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params,
- FFC_PARAM_TYPE_DH,
- prime_len, subprime_len, &res,
- pcb);
-+# else
++ rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params,
++ FFC_PARAM_TYPE_DH,
++ prime_len, subprime_len, &res,
++ pcb);
++#else
+ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
+ "FIPS 186-4 type domain parameters no longer allowed in"
+ " FIPS mode, since the required generation routines were"
+ " removed from FIPS 186-5");
-+# endif
+ #endif
+- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */
+- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2)
+- rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params,
+- FFC_PARAM_TYPE_DH,
+- prime_len, subprime_len, &res,
+- pcb);
if (rv <= 0) {
DH_free(ret);
return NULL;
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
-index 0e9e837383..f1eabf071a 100644
+index 8a1afe7907..759ab77e1b 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
-@@ -422,6 +422,11 @@ static int dh_validate(const void *keydata, int selection, int checktype)
+@@ -420,6 +420,11 @@ static int dh_validate(const void *keydata, int selection, int checktype)
if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
return 1; /* nothing to validate */
@@ -197,7 +200,7 @@ index 0e9e837383..f1eabf071a 100644
/*
* Both of these functions check parameters. DH_check_params_ex()
diff --git a/test/endecode_test.c b/test/endecode_test.c
-index 85c84f6592..d2ff9e6eb6 100644
+index c3b55af3e7..b15bab217e 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -85,10 +85,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
@@ -210,11 +213,11 @@ index 85c84f6592..d2ff9e6eb6 100644
if (strcmp(type, "X9.42 DH") == 0)
- return get_dhx512(keyctx);
+ return get_dhx_ffdhe2048(keyctx);
- # endif
+ #endif
/*
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
-index 039fca9bb0..2838f343bd 100644
+index 3786c567a7..773210fadb 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
@@ -222,7 +222,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
@@ -227,11 +230,11 @@ index 039fca9bb0..2838f343bd 100644
if (expected) {
diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
-index 4bdadc4143..e5186e4b4a 100644
+index 28070efdb6..4baeb673f3 100644
--- a/test/helpers/predefined_dhparams.c
+++ b/test/helpers/predefined_dhparams.c
-@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx)
- dhx512_q, sizeof(dhx512_q));
+@@ -311,6 +311,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx)
+ dhx512_q, sizeof(dhx512_q));
}
+EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx)
@@ -326,5 +329,5 @@ index 6332aaec4b..4d8c900c00 100755
'test sslv2/sslv3 with 1024bit DHE via BIO pair');
}
--
-2.51.0
+2.52.0
diff --git a/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch b/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch
index 74486aa..15ec4f4 100644
--- a/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch
+++ b/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch
@@ -1,7 +1,7 @@
-From 9c9716b7a631ef8e3087a3ddec967b18d5c46a1f Mon Sep 17 00:00:00 2001
+From 0f4b67897d87b6cb1bd1f65ca2aafbce1c3c6872 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 37/59] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE
+Subject: [PATCH 37/57] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE
NOTE: Enforcement of EMS in non-FIPS mode has been dropped due to code
change the option to enforce it seem to be available only in FIPS build
@@ -19,16 +19,16 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
providers/fips/include/fips_indicator_params.inc | 2 +-
ssl/ssl_conf.c | 1 +
ssl/statem/extensions_srvr.c | 8 +++++++-
- ssl/t1_enc.c | 11 +++++++++--
+ ssl/t1_enc.c | 13 ++++++++++---
test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt | 10 ++++++++++
test/sslapitest.c | 2 +-
- 9 files changed, 46 insertions(+), 5 deletions(-)
+ 9 files changed, 47 insertions(+), 6 deletions(-)
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
-index 9338ffc01d..911ea21a68 100644
+index 3e2de6e66b..ad9a2dc8bf 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
-@@ -621,6 +621,9 @@ B<ExtendedMasterSecret>: use extended master secret extension, enabled by
+@@ -626,6 +626,9 @@ B<ExtendedMasterSecret>: use extended master secret extension, enabled by
default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
@@ -63,17 +63,17 @@ index 2505938c13..3887c54f0e 100644
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index d1b00e8454..b815f25dae 100644
+index 82410670f4..1026a9b7b0 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
-@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
- * interoperability with CryptoPro CSP 3.x
- */
- # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
-+# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
+@@ -432,6 +432,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
+ #define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34)
+
+ #define SSL_OP_PREFER_NO_DHE_KEX SSL_OP_BIT(35)
++#define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
+
/*
- * Disable RFC8879 certificate compression
- * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+ * Option "collections."
diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc
index c1b029de86..47d1cf2d01 100644
--- a/providers/fips/include/fips_indicator_params.inc
@@ -86,19 +86,19 @@ index c1b029de86..47d1cf2d01 100644
OSSL_FIPS_PARAM(hmac_key_check, HMAC_KEY_CHECK, 0)
OSSL_FIPS_PARAM(kmac_key_check, KMAC_KEY_CHECK, 0)
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
-index 946d20be52..b52c1675fd 100644
+index 0d93593880..4361edfa49 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
-@@ -394,6 +394,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
+@@ -392,6 +392,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
SSL_FLAG_TBL("ClientRenegotiation",
- SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
+ SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
+ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS),
SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
SSL_FLAG_TBL("PreferNoDHEKEX", SSL_OP_PREFER_NO_DHE_KEX),
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
-index 1a09913ad6..936be81819 100644
+index cdb914daed..1bcc0fd902 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -12,6 +12,7 @@
@@ -107,11 +107,11 @@ index 1a09913ad6..936be81819 100644
#include "internal/ssl_unwrap.h"
+#include <openssl/fips.h>
- #define COOKIE_STATE_FORMAT_VERSION 1
+ #define COOKIE_STATE_FORMAT_VERSION 1
-@@ -1886,8 +1887,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
- unsigned int context,
- X509 *x, size_t chainidx)
+@@ -1889,8 +1890,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
+ unsigned int context,
+ X509 *x, size_t chainidx)
{
- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
+ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
@@ -123,9 +123,9 @@ index 1a09913ad6..936be81819 100644
+ }
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
- || !WPACKET_put_bytes_u16(pkt, 0)) {
+ || !WPACKET_put_bytes_u16(pkt, 0)) {
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 474ea7bf5b..e0e595e989 100644
+index 8978e0c630..85d9df0da6 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -21,6 +21,7 @@
@@ -136,12 +136,14 @@ index 474ea7bf5b..e0e595e989 100644
/* seed1 through seed5 are concatenated */
static int tls1_PRF(SSL_CONNECTION *s,
-@@ -78,8 +79,14 @@ static int tls1_PRF(SSL_CONNECTION *s,
+@@ -77,9 +78,15 @@ static int tls1_PRF(SSL_CONNECTION *s,
+ return 1;
}
- err:
+-err:
- if (fatal)
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
++ err:
+ if (fatal) {
+ /* The calls to this function are local so it's safe to implement the check */
+ if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE
@@ -175,10 +177,10 @@ index 50944328cb..edb2e81273 100644
KDF = TLS1-PRF
Ctrl.digest = digest:SHA256
diff --git a/test/sslapitest.c b/test/sslapitest.c
-index 05c5ab256f..4373bc2865 100644
+index a94061d974..92a33f05db 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
-@@ -585,7 +585,7 @@ static int test_client_cert_verify_cb(void)
+@@ -582,7 +582,7 @@ static int test_client_cert_verify_cb(void)
STACK_OF(X509) *server_chain;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
@@ -186,7 +188,7 @@ index 05c5ab256f..4373bc2865 100644
+ int testresult = 0, status;
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
- TLS_client_method(), TLS1_VERSION, 0,
+ TLS_client_method(), TLS1_VERSION, 0,
--
-2.51.0
+2.52.0
diff --git a/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch b/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch
index 7c7f947..1153832 100644
--- a/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch
+++ b/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch
@@ -1,7 +1,7 @@
-From 12f5ab8b6d98cf8f2db35bebc48140b61a66fb35 Mon Sep 17 00:00:00 2001
+From c91c7412ab54f8db8cac437e7308a9042c7a4732 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 13 Feb 2025 18:08:34 -0500
-Subject: [PATCH 38/59] FIPS: CMS: Set default padding to OAEP
+Subject: [PATCH 38/57] FIPS: CMS: Set default padding to OAEP
From-dist-git-commit: d508cbed930481c1960d6a6bc1e1a9593252dbbe
---
@@ -10,7 +10,7 @@ From-dist-git-commit: d508cbed930481c1960d6a6bc1e1a9593252dbbe
2 files changed, 11 insertions(+)
diff --git a/apps/cms.c b/apps/cms.c
-index 6f19414880..4019d7373e 100644
+index 214eea5bcb..c1fc70ef12 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -20,6 +20,7 @@
@@ -22,7 +22,7 @@ index 6f19414880..4019d7373e 100644
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int cms_cb(int ok, X509_STORE_CTX *ctx);
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
-index 375239c78d..e09ad03ece 100644
+index 0828d157fa..e1200a37d4 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -14,6 +14,7 @@
@@ -33,7 +33,7 @@ index 375239c78d..e09ad03ece 100644
#include "internal/sizes.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
-@@ -375,6 +376,10 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
+@@ -372,6 +373,10 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
return 0;
if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
return 0;
@@ -44,7 +44,7 @@ index 375239c78d..e09ad03ece 100644
} else if (!ossl_cms_env_asn1_ctrl(ri, 0))
return 0;
return 1;
-@@ -540,6 +545,11 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
+@@ -535,6 +540,11 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
if (EVP_PKEY_encrypt_init(pctx) <= 0)
goto err;
@@ -57,5 +57,5 @@ index 375239c78d..e09ad03ece 100644
if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
--
-2.51.0
+2.52.0
diff --git a/0039-FIPS-PKCS12-PBMAC1-defaults.patch b/0039-FIPS-PKCS12-PBMAC1-defaults.patch
index c314b99..2609c2f 100644
--- a/0039-FIPS-PKCS12-PBMAC1-defaults.patch
+++ b/0039-FIPS-PKCS12-PBMAC1-defaults.patch
@@ -1,7 +1,7 @@
-From c791ad4131fb11dc96013abc8e247cbbec5ba8ee Mon Sep 17 00:00:00 2001
+From 51fc5ce32bfe0fbe018934fa88252efe9073c649 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 13 Feb 2025 18:16:29 -0500
-Subject: [PATCH 39/59] FIPS: PKCS12: PBMAC1 defaults
+Subject: [PATCH 39/57] FIPS: PKCS12: PBMAC1 defaults
From-dist-git-commit: 8fc2d4842385584094d57f6f66fcbc2a07865708
---
@@ -9,7 +9,7 @@ From-dist-git-commit: 8fc2d4842385584094d57f6f66fcbc2a07865708
1 file changed, 4 insertions(+)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
-index 9964faf21a..59439a8cc0 100644
+index 2c83e43845..20aad27c59 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -17,6 +17,7 @@
@@ -20,7 +20,7 @@ index 9964faf21a..59439a8cc0 100644
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/provider.h>
-@@ -709,6 +710,9 @@ int pkcs12_main(int argc, char **argv)
+@@ -746,6 +747,9 @@ int pkcs12_main(int argc, char **argv)
}
if (maciter != -1) {
@@ -29,7 +29,7 @@ index 9964faf21a..59439a8cc0 100644
+
if (pbmac1_pbkdf2 == 1) {
if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL,
- macsaltlen, maciter,
+ macsaltlen, maciter,
--
-2.51.0
+2.52.0
diff --git a/0040-FIPS-Fix-encoder-decoder-negative-test.patch b/0040-FIPS-Fix-encoder-decoder-negative-test.patch
index b78e101..2eb94f5 100644
--- a/0040-FIPS-Fix-encoder-decoder-negative-test.patch
+++ b/0040-FIPS-Fix-encoder-decoder-negative-test.patch
@@ -1,7 +1,7 @@
-From 4691661243060cc6ad88902f422f058c547264f6 Mon Sep 17 00:00:00 2001
+From 7b7ade7e1ee2f6b10b34bf7f9e7a0165474f5860 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 5 Mar 2025 13:22:03 -0500
-Subject: [PATCH 40/59] FIPS: Fix encoder/decoder negative test
+Subject: [PATCH 40/57] FIPS: Fix encoder/decoder negative test
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -31,5 +31,5 @@ index 2acc980e90..660d4e1115
my $conf2 = srctop_file("test", "default-and-fips.cnf");
ok(run(test(['decoder_propq_test', '-config', $conf2,
--
-2.51.0
+2.52.0
diff --git a/0041-FIPS-EC-DH-DSA-PCTs.patch b/0041-FIPS-EC-DH-DSA-PCTs.patch
index 3f59c44..84dec4d 100644
--- a/0041-FIPS-EC-DH-DSA-PCTs.patch
+++ b/0041-FIPS-EC-DH-DSA-PCTs.patch
@@ -1,7 +1,7 @@
-From 12871a0a0aaae3ce0dcae0b14a52283b3a4a4808 Mon Sep 17 00:00:00 2001
+From 17caabce423bbcfe0501ebaa11c2d4a8379aca92 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 24 Mar 2025 10:50:06 -0400
-Subject: [PATCH 41/59] FIPS: EC: DH/DSA PCTs
+Subject: [PATCH 41/57] FIPS: EC: DH/DSA PCTs
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -11,10 +11,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
3 files changed, 75 insertions(+), 5 deletions(-)
diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
-index 58fbc7bc09..98d4354f3e 100644
+index 43f3515878..0d35fc1590 100644
--- a/providers/implementations/exchange/ecdh_exch.c
+++ b/providers/implementations/exchange/ecdh_exch.c
-@@ -560,6 +560,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
+@@ -546,6 +546,25 @@ static ossl_inline int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
#endif
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
@@ -41,10 +41,10 @@ index 58fbc7bc09..98d4354f3e 100644
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
-index a1d04bc3fd..c9a5b19cfc 100644
+index 305dc3a6b8..04e604c453 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
-@@ -995,9 +995,18 @@ struct ec_gen_ctx {
+@@ -963,9 +963,18 @@ struct ec_gen_ctx {
EC_GROUP *gen_group;
unsigned char *dhkem_ikm;
size_t dhkem_ikmlen;
@@ -61,9 +61,9 @@ index a1d04bc3fd..c9a5b19cfc 100644
+#endif
+
static void *ec_gen_init(void *provctx, int selection,
- const OSSL_PARAM params[])
+ const OSSL_PARAM params[])
{
-@@ -1017,6 +1026,10 @@ static void *ec_gen_init(void *provctx, int selection,
+@@ -985,6 +994,10 @@ static void *ec_gen_init(void *provctx, int selection,
gctx = NULL;
}
}
@@ -74,7 +74,7 @@ index a1d04bc3fd..c9a5b19cfc 100644
return gctx;
}
-@@ -1328,6 +1341,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+@@ -1295,6 +1308,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
if (gctx->ecdh_mode != -1)
ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
@@ -86,8 +86,8 @@ index a1d04bc3fd..c9a5b19cfc 100644
+#endif
if (gctx->group_check != NULL)
- ret = ret && ossl_ec_set_check_group_type_from_name(ec,
-@@ -1413,7 +1432,10 @@ static void ec_gen_cleanup(void *genctx)
+ ret = ret && ossl_ec_set_check_group_type_from_name(ec, gctx->group_check);
+@@ -1379,7 +1398,10 @@ static void ec_gen_cleanup(void *genctx)
if (gctx == NULL)
return;
@@ -100,7 +100,7 @@ index a1d04bc3fd..c9a5b19cfc 100644
EC_GROUP_free(gctx->gen_group);
BN_free(gctx->p);
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
-index 01b3023891..ad595d531c 100644
+index f5c101005f..b1576977f7 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -33,7 +33,7 @@
@@ -130,7 +130,7 @@ index 01b3023891..ad595d531c 100644
{
PROV_ECDSA_CTX *ctx;
-@@ -612,7 +612,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
+@@ -610,7 +610,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
return ok;
}
@@ -139,7 +139,7 @@ index 01b3023891..ad595d531c 100644
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
-@@ -861,6 +861,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
+@@ -854,6 +854,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
return EVP_MD_settable_ctx_params(ctx->md);
}
@@ -176,5 +176,5 @@ index 01b3023891..ad595d531c 100644
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
--
-2.51.0
+2.52.0
diff --git a/0042-FIPS-EC-disable-weak-curves.patch b/0042-FIPS-EC-disable-weak-curves.patch
index 2592900..763df95 100644
--- a/0042-FIPS-EC-disable-weak-curves.patch
+++ b/0042-FIPS-EC-disable-weak-curves.patch
@@ -1,7 +1,7 @@
-From 134cd6169b6dcbc1e395a38d7e5af0f9691e772b Mon Sep 17 00:00:00 2001
+From 2cda3e9adf5534d6be689cff5eeb81459061f52b Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 7 Mar 2025 18:06:36 -0500
-Subject: [PATCH 42/59] FIPS: EC: disable weak curves
+Subject: [PATCH 42/57] FIPS: EC: disable weak curves
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -9,10 +9,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
1 file changed, 7 insertions(+)
diff --git a/apps/ecparam.c b/apps/ecparam.c
-index f0879dfb11..a6042e7d2a 100644
+index 017dc7568d..596c31a925 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
-@@ -77,6 +77,13 @@ static int list_builtin_curves(BIO *out)
+@@ -90,6 +90,13 @@ static int list_builtin_curves(BIO *out)
const char *comment = curves[n].comment;
const char *sname = OBJ_nid2sn(curves[n].nid);
@@ -27,5 +27,5 @@ index f0879dfb11..a6042e7d2a 100644
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
--
-2.51.0
+2.52.0
diff --git a/0043-FIPS-NO-DSA-Support.patch b/0043-FIPS-NO-DSA-Support.patch
index b71ea9c..a7a1ffa 100644
--- a/0043-FIPS-NO-DSA-Support.patch
+++ b/0043-FIPS-NO-DSA-Support.patch
@@ -1,7 +1,7 @@
-From 5679937e93d2f072cf4f56b27dc6bcce251f6def Mon Sep 17 00:00:00 2001
+From 9fca36a6c0712f3c11e6ba942e99039b17fc75b0 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 7 Mar 2025 18:10:52 -0500
-Subject: [PATCH 43/59] FIPS: NO DSA Support
+Subject: [PATCH 43/57] FIPS: NO DSA Support
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -18,10 +18,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
mode change 100644 => 100755 test/recipes/30-test_evp.t
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index e5d798fd54..a807c76fd8 100644
+index 0f006301d7..f8f2822300 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
-@@ -432,7 +432,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
+@@ -431,7 +431,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
};
static const OSSL_ALGORITHM fips_signature[] = {
@@ -31,18 +31,18 @@ index e5d798fd54..a807c76fd8 100644
{ PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
{ PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions },
{ PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions },
-@@ -562,8 +563,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
- PROV_DESCS_DHX },
+@@ -559,8 +560,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
+ PROV_DESCS_DHX },
#endif
#ifndef OPENSSL_NO_DSA
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
-- PROV_DESCS_DSA },
+- PROV_DESCS_DSA },
+ /* We don't certify DSA in our FIPS provider */
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
-+ PROV_DESCS_DSA }, */
++ PROV_DESCS_DSA }, */
#endif
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
- PROV_DESCS_RSA },
+ PROV_DESCS_RSA },
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 6abab0a7a1..a7d7684d96 100644
--- a/providers/fips/self_test_data.inc
@@ -83,18 +83,18 @@ index 6abab0a7a1..a7d7684d96 100644
#ifndef OPENSSL_NO_ML_DSA
{
diff --git a/test/acvp_test.c b/test/acvp_test.c
-index 2bcc886fd2..db0282d043 100644
+index 15c87c57a7..e3321874c2 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
-@@ -1735,6 +1735,7 @@ int setup_tests(void)
- OSSL_NELEM(dh_safe_prime_keyver_data));
+@@ -1749,6 +1749,7 @@ int setup_tests(void)
+ OSSL_NELEM(dh_safe_prime_keyver_data));
#endif /* OPENSSL_NO_DH */
+#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */
#ifndef OPENSSL_NO_DSA
dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
-@@ -1743,6 +1744,7 @@ int setup_tests(void)
+@@ -1757,6 +1758,7 @@ int setup_tests(void)
ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
#endif /* OPENSSL_NO_DSA */
@@ -103,10 +103,10 @@ index 2bcc886fd2..db0282d043 100644
#ifndef OPENSSL_NO_EC
ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0);
diff --git a/test/endecode_test.c b/test/endecode_test.c
-index d2ff9e6eb6..dfd5e92f7e 100644
+index b15bab217e..acfb5ef36d 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
-@@ -1536,6 +1536,7 @@ int setup_tests(void)
+@@ -1549,6 +1549,7 @@ int setup_tests(void)
* so no legacy tests.
*/
#endif
@@ -114,9 +114,9 @@ index d2ff9e6eb6..dfd5e92f7e 100644
#ifndef OPENSSL_NO_DSA
ADD_TEST_SUITE(DSA);
ADD_TEST_SUITE_PARAMS(DSA);
-@@ -1546,6 +1547,7 @@ int setup_tests(void)
+@@ -1559,6 +1560,7 @@ int setup_tests(void)
ADD_TEST_SUITE_PROTECTED_PVK(DSA);
- # endif
+ #endif
#endif
+ }
#ifndef OPENSSL_NO_EC
@@ -302,7 +302,7 @@ index 5e5315a5b9..660d1db149 100644
Key = DSA-2048-160
Input = "Hello"
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index cf4541449b..7350baa921 100644
+index 91283c5e74..beadb43cf4 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -116,7 +116,7 @@ my @smime_pkcs7_tests = (
@@ -396,5 +396,5 @@ index cf4541449b..7350baa921 100644
"-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
--
-2.51.0
+2.52.0
diff --git a/0044-FIPS-NO-DES-support.patch b/0044-FIPS-NO-DES-support.patch
index 5c22fcf..edebf7f 100644
--- a/0044-FIPS-NO-DES-support.patch
+++ b/0044-FIPS-NO-DES-support.patch
@@ -1,53 +1,38 @@
-From 7c75c6f52700efbee8d960601c0b1943295b6ae5 Mon Sep 17 00:00:00 2001
+From 62748c233ae3afb8b0797a7d1ce2f391721d2971 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 7 Mar 2025 18:15:13 -0500
-Subject: [PATCH 44/59] FIPS: NO DES support
+Subject: [PATCH 44/57] FIPS: NO DES support
Signed-off-by: Simo Sorce <simo@redhat.com>
---
- providers/fips/fipsprov.c | 3 ++-
- providers/fips/self_test_data.inc | 4 ++++
+ providers/fips/fipsprov.c | 4 ----
+ providers/fips/self_test_data.inc | 2 ++
test/evp_libctx_test.c | 4 +++-
.../30-test_evp_data/evpciph_des3_common.txt | 13 ++++---------
test/recipes/30-test_evp_data/evpmac_cmac_des.txt | 10 ----------
test/recipes/80-test_cms.t | 2 +-
- 6 files changed, 14 insertions(+), 22 deletions(-)
+ 6 files changed, 10 insertions(+), 25 deletions(-)
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index a807c76fd8..767073fce4 100644
+index f8f2822300..33e1a179cf 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
-@@ -356,7 +356,8 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
- ossl_cipher_capable_aes_cbc_hmac_sha256),
+@@ -355,10 +355,6 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
+ ossl_cipher_capable_aes_cbc_hmac_sha256),
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
- ossl_cipher_capable_aes_cbc_hmac_sha256),
+ ossl_cipher_capable_aes_cbc_hmac_sha256),
-#ifndef OPENSSL_NO_DES
-+/* We don't certify 3DES in our FIPS provider */
-+#if 0 /* ifndef OPENSSL_NO_DES */
- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
- #endif /* OPENSSL_NO_DES */
+- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
+- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
+-#endif /* OPENSSL_NO_DES */
+ { { NULL, NULL, NULL }, NULL }
+ };
+ static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
-index a7d7684d96..c9ce8f3340 100644
+index a7d7684d96..d8d23e6f90 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
-@@ -262,6 +262,7 @@ static const unsigned char aes_128_ecb_ct[] = {
- 0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65
- };
-
-+#if 0
- #ifndef OPENSSL_NO_DES
- /*
- * TDES-ECB test data from
-@@ -280,6 +281,7 @@ static const unsigned char tdes_pt[] = {
- 0x4B, 0xAB, 0x3B, 0xE1, 0x50, 0x2E, 0x3B, 0x36
- };
- #endif
-+#endif
-
- static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
- {
-@@ -305,6 +307,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
+@@ -305,6 +305,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
CIPHER_MODE_DECRYPT,
ITM(aes_128_ecb_key)
},
@@ -55,7 +40,7 @@ index a7d7684d96..c9ce8f3340 100644
#ifndef OPENSSL_NO_DES
{
{
-@@ -317,6 +320,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
+@@ -317,6 +318,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
ITM(tdes_key)
}
#endif
@@ -64,10 +49,10 @@ index a7d7684d96..c9ce8f3340 100644
static const char hkdf_digest[] = "SHA256";
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
-index 2838f343bd..19dd2c6c63 100644
+index 773210fadb..e0b4efe3f4 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
-@@ -831,7 +831,9 @@ int setup_tests(void)
+@@ -984,7 +984,9 @@ int setup_tests(void)
ADD_TEST(kem_invalid_keytype);
#endif
#ifndef OPENSSL_NO_DES
@@ -156,7 +141,7 @@ index a11e5ffe54..e4a7cbe75e 100644
-Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E
-Output = 8F49A1B7D6AA2258
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 7350baa921..740823c61e 100644
+index beadb43cf4..71ab4a3910 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -415,7 +415,7 @@ my @smime_cms_tests = (
@@ -169,5 +154,5 @@ index 7350baa921..740823c61e 100644
"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
"-stream", "-out", "{output}.cms" ],
--
-2.51.0
+2.52.0
diff --git a/0045-FIPS-NO-Kmac.patch b/0045-FIPS-NO-Kmac.patch
index a849a53..97c5cb7 100644
--- a/0045-FIPS-NO-Kmac.patch
+++ b/0045-FIPS-NO-Kmac.patch
@@ -1,38 +1,37 @@
-From 70094ad6af6b81c1e278b6918fc7a143fbad02a9 Mon Sep 17 00:00:00 2001
+From 7afd41a086ff9d3c39ff592e26d006c769e2a6d7 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 7 Mar 2025 18:22:07 -0500
-Subject: [PATCH 45/59] FIPS: NO Kmac
+Subject: [PATCH 45/57] FIPS: NO Kmac
Signed-off-by: Simo Sorce <simo@redhat.com>
---
- providers/fips/fipsprov.c | 10 +-
+ providers/fips/fipsprov.c | 9 +-
providers/fips/self_test_data.inc | 4 +
test/recipes/30-test_evp.t | 2 +-
test/recipes/30-test_evp_data/evpkdf_hkdf.txt | 2 +-
.../30-test_evp_data/evpkdf_kbkdf_counter.txt | 2 +-
test/recipes/30-test_evp_data/evpkdf_ss.txt | 6 +-
.../30-test_evp_data/evpmac_common.txt | 100 ++++--------------
- 7 files changed, 40 insertions(+), 86 deletions(-)
+ 7 files changed, 39 insertions(+), 86 deletions(-)
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index 767073fce4..3d6fe1f244 100644
+index 33e1a179cf..7930cf3241 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
-@@ -295,10 +295,11 @@ static const OSSL_ALGORITHM fips_digests[] = {
+@@ -294,10 +294,10 @@ static const OSSL_ALGORITHM fips_digests[] = {
* KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
* KMAC128 and KMAC256.
*/
- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
-+ /* We don't certify KECCAK in our FIPS provider */
+ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
- ossl_keccak_kmac_128_functions },
+ ossl_keccak_kmac_128_functions },
{ PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES,
-- ossl_keccak_kmac_256_functions },
-+ ossl_keccak_kmac_256_functions }, */
+- ossl_keccak_kmac_256_functions },
++ ossl_keccak_kmac_256_functions }, */
{ NULL, NULL, NULL }
};
-@@ -371,8 +372,9 @@ static const OSSL_ALGORITHM fips_macs[] = {
+@@ -365,8 +365,9 @@ static const OSSL_ALGORITHM fips_macs[] = {
#endif
{ PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
@@ -45,10 +44,10 @@ index 767073fce4..3d6fe1f244 100644
};
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
-index c9ce8f3340..3e32a5446a 100644
+index d8d23e6f90..43f7c89fd6 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
-@@ -535,6 +535,7 @@ static const ST_KAT_PARAM kbkdf_params[] = {
+@@ -533,6 +533,7 @@ static const ST_KAT_PARAM kbkdf_params[] = {
ST_KAT_PARAM_END()
};
@@ -56,7 +55,7 @@ index c9ce8f3340..3e32a5446a 100644
static const char kbkdf_kmac_mac[] = "KMAC128";
static unsigned char kbkdf_kmac_label[] = {
0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D,
-@@ -561,6 +562,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = {
+@@ -559,6 +560,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = {
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context),
ST_KAT_PARAM_END()
};
@@ -64,7 +63,7 @@ index c9ce8f3340..3e32a5446a 100644
static const char tls13_kdf_digest[] = "SHA256";
static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
-@@ -651,12 +653,14 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
+@@ -649,12 +651,14 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
kbkdf_params,
ITM(kbkdf_expected)
},
@@ -422,5 +421,5 @@ index 831eecbac9..af92ceea98 100644
-Custom = ""
-Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
--
-2.51.0
+2.52.0
diff --git a/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch b/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
index 94d5a60..5081a1e 100644
--- a/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
+++ b/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
@@ -1,7 +1,7 @@
-From 552dec327a579572ca17a560bb415d8f407ce990 Mon Sep 17 00:00:00 2001
+From d6a6afdc614ce0e6273554f50c18cd70000cff01 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 10 Mar 2025 13:52:50 -0400
-Subject: [PATCH 46/59] FIPS: Fix some tests due to our versioning change
+Subject: [PATCH 46/57] FIPS: Fix some tests due to our versioning change
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -102,5 +102,5 @@ index af47842fd8..21c75033e8 100644
my @tests_mldsa_tls_1_3 = (
--
-2.51.0
+2.52.0
diff --git a/0047-Current-Rebase-status.patch b/0047-Current-Rebase-status.patch
index d8d68d5..8dff33d 100644
--- a/0047-Current-Rebase-status.patch
+++ b/0047-Current-Rebase-status.patch
@@ -1,7 +1,7 @@
-From 3ce272be66d6e8285e0fa0fddc0ae4b3c8c9e6da Mon Sep 17 00:00:00 2001
+From 607a195b374a6072c87a500713cea78347b7d252 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 12 Feb 2025 17:25:47 -0500
-Subject: [PATCH 47/59] Current Rebase status
+Subject: [PATCH 47/57] Current Rebase status
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -102,5 +102,5 @@ index 2833a383c1..c8f6c992a8 100644
+./Configure --prefix=$HOME/tmp/openssl-rebase --openssldir=$HOME/tmp/openssl-rebase/etc/pki/tls enable-ec_nistp_64_gcc_128 --system-ciphers-file=$HOME/tmp/openssl-rebase/etc/crypto-policies/back-ends/opensslcnf.config zlib enable-camellia enable-seed enable-rfc3779 enable-sctp enable-cms enable-md2 enable-rc5 enable-ktls enable-fips no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++ shared linux-x86_64 $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DOPENSSL_PEDANTIC_ZEROIZATION -DREDHAT_FIPS_VENDOR="\"Red Hat Enterprise Linux OpenSSL FIPS Provider\"" -DREDHAT_FIPS_VERSION="\"3.5.0-4c714d97fd77d1a8\""' -Wl,--allow-multiple-definition
+
--
-2.51.0
+2.52.0
diff --git a/0048-FIPS-KDF-key-lenght-errors.patch b/0048-FIPS-KDF-key-lenght-errors.patch
index c59e5e0..a0e76bb 100644
--- a/0048-FIPS-KDF-key-lenght-errors.patch
+++ b/0048-FIPS-KDF-key-lenght-errors.patch
@@ -1,7 +1,7 @@
-From 284c64f2ad8f104b15983f7ff37e90486847c5b1 Mon Sep 17 00:00:00 2001
+From be07c8ed65b9657227d03b905b9a490bd14bd173 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 14 Apr 2025 15:25:40 -0400
-Subject: [PATCH 48/59] FIPS: KDF key lenght errors
+Subject: [PATCH 48/57] FIPS: KDF key lenght errors
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -171,5 +171,5 @@ index 1fb2472001..93c07ede7c 100644
# Test that the key whose length is shorter than 112 bits is reported as
--
-2.51.0
+2.52.0
diff --git a/0049-FIPS-fix-disallowed-digests-tests.patch b/0049-FIPS-fix-disallowed-digests-tests.patch
index cb4caec..0ddd1b7 100644
--- a/0049-FIPS-fix-disallowed-digests-tests.patch
+++ b/0049-FIPS-fix-disallowed-digests-tests.patch
@@ -1,7 +1,7 @@
-From 4373bb2644892e1d788ca2bdd37d7281221c0385 Mon Sep 17 00:00:00 2001
+From 53462749e29bd8f96e52f3f31cf1de2114e896c3 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 15 Apr 2025 13:41:42 -0400
-Subject: [PATCH 49/59] FIPS: fix disallowed digests tests
+Subject: [PATCH 49/57] FIPS: fix disallowed digests tests
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -47,5 +47,5 @@ index 6688c217aa..8347f773e6 100644
# Test that the key whose length is shorter than 112 bits is reported as
# unapproved
--
-2.51.0
+2.52.0
diff --git a/0050-Make-openssl-speed-run-in-FIPS-mode.patch b/0050-Make-openssl-speed-run-in-FIPS-mode.patch
index 674f2e8..7766996 100644
--- a/0050-Make-openssl-speed-run-in-FIPS-mode.patch
+++ b/0050-Make-openssl-speed-run-in-FIPS-mode.patch
@@ -1,18 +1,18 @@
-From 4efc206514085c482a0b2a74a98f3ca285c99db9 Mon Sep 17 00:00:00 2001
+From ed9fd546659e691f51df032d6e364cee45c3bf0b Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 9 May 2025 15:09:46 +0200
-Subject: [PATCH 50/59] Make `openssl speed` run in FIPS mode
+Subject: [PATCH 50/57] Make `openssl speed` run in FIPS mode
---
apps/speed.c | 44 ++++++++++++++++++++++----------------------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
-index 3307a9cb46..ae2f166d24 100644
+index 13c8505ed9..c31e30f235 100644
--- a/apps/speed.c
+++ b/apps/speed.c
-@@ -3172,18 +3172,18 @@ int speed_main(int argc, char **argv)
- (void *)key32, 16);
+@@ -3231,18 +3231,18 @@ int speed_main(int argc, char **argv)
+ (void *)key32, 16);
params[1] = OSSL_PARAM_construct_end();
- if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) < 1)
@@ -41,8 +41,8 @@ index 3307a9cb46..ae2f166d24 100644
}
if (doit[D_KMAC256]) {
-@@ -3193,18 +3193,18 @@ int speed_main(int argc, char **argv)
- (void *)key32, 32);
+@@ -3252,18 +3252,18 @@ int speed_main(int argc, char **argv)
+ (void *)key32, 32);
params[1] = OSSL_PARAM_construct_end();
- if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) < 1)
@@ -72,5 +72,5 @@ index 3307a9cb46..ae2f166d24 100644
for (i = 0; i < loopargs_len; i++)
--
-2.51.0
+2.52.0
diff --git a/0051-Backport-upstream-27483-for-PKCS11-needs.patch b/0051-Backport-upstream-27483-for-PKCS11-needs.patch
index 358c433..bfcd0bd 100644
--- a/0051-Backport-upstream-27483-for-PKCS11-needs.patch
+++ b/0051-Backport-upstream-27483-for-PKCS11-needs.patch
@@ -1,7 +1,7 @@
-From 5e135e7ceefd5b72cb54a93b13b478af05873318 Mon Sep 17 00:00:00 2001
+From b03deba991f7f0677127f6030fde0011ab30430b Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Mon, 12 May 2025 14:34:39 +0200
-Subject: [PATCH 51/59] Backport upstream #27483 for PKCS11 needs
+Subject: [PATCH 51/57] Backport upstream #27483 for PKCS11 needs
---
.../implementations/skeymgmt/aes_skmgmt.c | 2 +
@@ -11,7 +11,7 @@ Subject: [PATCH 51/59] Backport upstream #27483 for PKCS11 needs
4 files changed, 76 insertions(+)
diff --git a/providers/implementations/skeymgmt/aes_skmgmt.c b/providers/implementations/skeymgmt/aes_skmgmt.c
-index 6d3b5f377f..17be480131 100644
+index 02370b7fb7..48e3b64580 100644
--- a/providers/implementations/skeymgmt/aes_skmgmt.c
+++ b/providers/implementations/skeymgmt/aes_skmgmt.c
@@ -48,5 +48,7 @@ const OSSL_DISPATCH ossl_aes_skeymgmt_functions[] = {
@@ -23,7 +23,7 @@ index 6d3b5f377f..17be480131 100644
OSSL_DISPATCH_END
};
diff --git a/providers/implementations/skeymgmt/generic.c b/providers/implementations/skeymgmt/generic.c
-index b41bf8e12d..5fb3fad7e3 100644
+index 5b8c557f83..faec12374a 100644
--- a/providers/implementations/skeymgmt/generic.c
+++ b/providers/implementations/skeymgmt/generic.c
@@ -65,6 +65,16 @@ end:
@@ -41,7 +41,7 @@ index b41bf8e12d..5fb3fad7e3 100644
+}
+
int generic_export(void *keydata, int selection,
- OSSL_CALLBACK *param_callback, void *cbarg)
+ OSSL_CALLBACK *param_callback, void *cbarg)
{
@@ -89,5 +99,7 @@ const OSSL_DISPATCH ossl_generic_skeymgmt_functions[] = {
{ OSSL_FUNC_SKEYMGMT_FREE, (void (*)(void))generic_free },
@@ -52,7 +52,7 @@ index b41bf8e12d..5fb3fad7e3 100644
OSSL_DISPATCH_END
};
diff --git a/providers/implementations/skeymgmt/skeymgmt_lcl.h b/providers/implementations/skeymgmt/skeymgmt_lcl.h
-index c180c1d303..a7e7605050 100644
+index c75776cce4..7e35b2cc9e 100644
--- a/providers/implementations/skeymgmt/skeymgmt_lcl.h
+++ b/providers/implementations/skeymgmt/skeymgmt_lcl.h
@@ -15,5 +15,6 @@
@@ -63,10 +63,10 @@ index c180c1d303..a7e7605050 100644
#endif
diff --git a/test/evp_skey_test.c b/test/evp_skey_test.c
-index b81df9c8f8..e33bbbe003 100644
+index 7fd70ca732..dddf92f9da 100644
--- a/test/evp_skey_test.c
+++ b/test/evp_skey_test.c
-@@ -92,6 +92,66 @@ end:
+@@ -107,6 +107,66 @@ end:
return ret;
}
@@ -133,7 +133,7 @@ index b81df9c8f8..e33bbbe003 100644
#define IV_SIZE 16
#define DATA_SIZE 32
static int test_aes_raw_skey(void)
-@@ -252,6 +312,7 @@ int setup_tests(void)
+@@ -267,6 +327,7 @@ int setup_tests(void)
return 0;
ADD_TEST(test_skey_cipher);
@@ -142,5 +142,5 @@ index b81df9c8f8..e33bbbe003 100644
ADD_TEST(test_aes_raw_skey);
#ifndef OPENSSL_NO_DES
--
-2.51.0
+2.52.0
diff --git a/0052-Red-Hat-9-FIPS-indicator-defines.patch b/0052-Red-Hat-9-FIPS-indicator-defines.patch
index 0beebdb..b0095ea 100644
--- a/0052-Red-Hat-9-FIPS-indicator-defines.patch
+++ b/0052-Red-Hat-9-FIPS-indicator-defines.patch
@@ -1,7 +1,7 @@
-From e3884eb262fc465ef815d8dff460d38053a9486b Mon Sep 17 00:00:00 2001
+From 4a6768577382850dd3f3580f232a2a2ac7ed09c2 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Mon, 12 May 2025 16:21:23 +0200
-Subject: [PATCH 52/59] Red Hat 9 FIPS indicator defines
+Subject: [PATCH 52/57] Red Hat 9 FIPS indicator defines
---
include/openssl/evp.h | 15 +++++++++++++++
@@ -10,10 +10,10 @@ Subject: [PATCH 52/59] Red Hat 9 FIPS indicator defines
3 files changed, 26 insertions(+)
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index e5da1e6415..3849c1779e 100644
+index e83ad13183..afa8f7a542 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
-@@ -779,6 +779,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
+@@ -767,6 +767,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
@@ -22,21 +22,21 @@ index e5da1e6415..3849c1779e 100644
+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
+
__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv);
+ const unsigned char *key, const unsigned char *iv);
__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
-@@ -850,6 +854,10 @@ __owur int EVP_CipherPipelineFinal(EVP_CIPHER_CTX *ctx,
+@@ -838,6 +842,10 @@ __owur int EVP_CipherPipelineFinal(EVP_CIPHER_CTX *ctx,
__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
+ int *outl);
+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED 1
+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
+
__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
- EVP_PKEY *pkey);
+ EVP_PKEY *pkey);
__owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
-@@ -1249,6 +1257,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
- void *arg);
+@@ -1240,6 +1248,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
+ void *arg);
/* MAC stuff */
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
@@ -44,35 +44,35 @@ index e5da1e6415..3849c1779e 100644
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
- const char *properties);
-@@ -1826,6 +1837,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
+ const char *properties);
+@@ -1816,6 +1827,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
- # endif
+ #endif
+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED 1
+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
+
EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
- const char *properties);
+ const char *properties);
int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
-index 0983230a48..86171635ea 100644
+index d06ca6c69d..e061f0164f 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
- # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
- # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
+ #define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
+ #define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
+# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
+# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED 1
+# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
+
- #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
- #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
+ #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
+ #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
-index 059b489735..5a1864309d 100644
+index 262c184ca2..6009253440 100644
--- a/util/perl/OpenSSL/paramnames.pm
+++ b/util/perl/OpenSSL/paramnames.pm
@@ -143,6 +143,8 @@ my %params = (
@@ -125,5 +125,5 @@ index 059b489735..5a1864309d 100644
'KEM_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK',
'KEM_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
--
-2.51.0
+2.52.0
diff --git a/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch b/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch
index 4220f7c..6632b9f 100644
--- a/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch
+++ b/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch
@@ -1,21 +1,21 @@
-From 217d8f5853670ae2245ad8d31faee411a68c997a Mon Sep 17 00:00:00 2001
+From 1b1a5447386cf8a149c4cd603c893a691eb210b5 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 30 May 2025 16:17:37 +0200
-Subject: [PATCH 53/59] Allow hybrid MLKEM in FIPS mode
+Subject: [PATCH 53/57] Allow hybrid MLKEM in FIPS mode
---
crypto/ml_kem/ml_kem.c | 11 ++--
- include/crypto/ml_kem.h | 2 +
- providers/defltprov.c | 8 +--
+ include/crypto/ml_kem.h | 1 +
+ providers/defltprov.c | 14 ++---
providers/implementations/kem/mlx_kem.c | 33 +++++++++-
providers/implementations/keymgmt/mlx_kmgmt.c | 61 ++++++++++++++++++-
- 5 files changed, 103 insertions(+), 12 deletions(-)
+ 5 files changed, 105 insertions(+), 15 deletions(-)
diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c
-index 716c3bf427..6ae9c9c5b5 100644
+index dd8a39197a..833abf9f1d 100644
--- a/crypto/ml_kem/ml_kem.c
+++ b/crypto/ml_kem/ml_kem.c
-@@ -1613,6 +1613,7 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
+@@ -1924,6 +1924,7 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
{
const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(evp_type);
ML_KEM_KEY *key;
@@ -23,7 +23,7 @@ index 716c3bf427..6ae9c9c5b5 100644
if (vinfo == NULL) {
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
-@@ -1623,15 +1624,17 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
+@@ -1934,15 +1935,17 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
if ((key = OPENSSL_malloc(sizeof(*key))) == NULL)
return NULL;
@@ -46,45 +46,51 @@ index 716c3bf427..6ae9c9c5b5 100644
if (key->shake128_md != NULL
&& key->shake256_md != NULL
diff --git a/include/crypto/ml_kem.h b/include/crypto/ml_kem.h
-index 67d55697e9..ab1aaae8ac 100644
+index dbe9192364..35dcbbf32c 100644
--- a/include/crypto/ml_kem.h
+++ b/include/crypto/ml_kem.h
-@@ -278,4 +278,6 @@ int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen,
- __owur
- int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2);
+@@ -268,4 +268,5 @@ __owur int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen,
+ /* Compare the public key hashes of two keys */
+ __owur int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2);
+char *get_adjusted_propq(const char *propq);
-+
- #endif /* OPENSSL_HEADER_ML_KEM_H */
+ #endif /* OPENSSL_HEADER_ML_KEM_H */
diff --git a/providers/defltprov.c b/providers/defltprov.c
-index eee2178b41..0dba017f3f 100644
+index 90655395c1..f74b160d6f 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -517,8 +517,8 @@ static const OSSL_ALGORITHM deflt_asym_kem[] = {
{ "X448MLKEM1024", "provider=default", ossl_mlx_kem_asym_kem_functions },
- # endif
- # if !defined(OPENSSL_NO_EC)
+ #endif
+ #if !defined(OPENSSL_NO_EC)
- { "SecP256r1MLKEM768", "provider=default", ossl_mlx_kem_asym_kem_functions },
- { "SecP384r1MLKEM1024", "provider=default", ossl_mlx_kem_asym_kem_functions },
+ { "SecP256r1MLKEM768", "provider=default,fips=yes", ossl_mlx_kem_asym_kem_functions },
+ { "SecP384r1MLKEM1024", "provider=default,fips=yes", ossl_mlx_kem_asym_kem_functions },
- # endif
+ #endif
#endif
{ NULL, NULL, NULL }
-@@ -597,9 +597,9 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
- PROV_DESCS_X448MLKEM1024 },
- # endif
- # if !defined(OPENSSL_NO_EC)
+@@ -594,13 +594,13 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
+ { PROV_NAMES_X25519MLKEM768, "provider=default", ossl_mlx_x25519_kem_kmgmt_functions,
+ PROV_DESCS_X25519MLKEM768 },
+ { PROV_NAMES_X448MLKEM1024, "provider=default", ossl_mlx_x448_kem_kmgmt_functions,
+- PROV_DESCS_X448MLKEM1024 },
++ PROV_DESCS_X448MLKEM1024 },
+ #endif
+ #if !defined(OPENSSL_NO_EC)
- { PROV_NAMES_SecP256r1MLKEM768, "provider=default", ossl_mlx_p256_kem_kmgmt_functions,
-+ { PROV_NAMES_SecP256r1MLKEM768, "provider=default,fips=yes", ossl_mlx_p256_kem_kmgmt_functions,
- PROV_DESCS_SecP256r1MLKEM768 },
+- PROV_DESCS_SecP256r1MLKEM768 },
- { PROV_NAMES_SecP384r1MLKEM1024, "provider=default", ossl_mlx_p384_kem_kmgmt_functions,
-+ { PROV_NAMES_SecP384r1MLKEM1024, "provider=default,fips=yes", ossl_mlx_p384_kem_kmgmt_functions,
- PROV_DESCS_SecP384r1MLKEM1024 },
- # endif
+- PROV_DESCS_SecP384r1MLKEM1024 },
++ { PROV_NAMES_SecP256r1MLKEM768, "provider=default,fips=yes", ossl_mlx_p256_kem_kmgmt_functions,
++ PROV_DESCS_SecP256r1MLKEM768 },
++ { PROV_NAMES_SecP384r1MLKEM1024, "provider=default,fips=yes", ossl_mlx_p384_kem_kmgmt_functions,
++ PROV_DESCS_SecP384r1MLKEM1024 },
+ #endif
#endif
+ #ifndef OPENSSL_NO_SLH_DSA
diff --git a/providers/implementations/kem/mlx_kem.c b/providers/implementations/kem/mlx_kem.c
-index 197c345d85..08fbf99a76 100644
+index 376b3342dd..09fa003612 100644
--- a/providers/implementations/kem/mlx_kem.c
+++ b/providers/implementations/kem/mlx_kem.c
@@ -19,6 +19,7 @@
@@ -122,7 +128,7 @@ index 197c345d85..08fbf99a76 100644
+}
+
static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen,
- unsigned char *shsec, size_t *slen)
+ unsigned char *shsec, size_t *slen)
{
@@ -115,6 +138,7 @@ static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen,
uint8_t *sbuf;
@@ -142,15 +148,15 @@ index 197c345d85..08fbf99a76 100644
if (ctx == NULL
|| EVP_PKEY_encapsulate_init(ctx, NULL) <= 0
|| EVP_PKEY_encapsulate(ctx, cbuf, &encap_clen, sbuf, &encap_slen) <= 0)
-@@ -237,6 +262,7 @@ static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen,
- end:
+@@ -238,6 +263,7 @@ static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen,
+ end:
EVP_PKEY_free(xkey);
EVP_PKEY_CTX_free(ctx);
+ OPENSSL_free(adjusted_propq);
return ret;
}
-@@ -252,6 +278,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen,
+@@ -253,6 +279,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen,
size_t decap_clen = key->minfo->ctext_bytes + key->xinfo->pubkey_bytes;
int ml_kem_slot = key->xinfo->ml_kem_slot;
int ret = 0;
@@ -158,7 +164,7 @@ index 197c345d85..08fbf99a76 100644
if (!mlx_kem_have_prvkey(key)) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
-@@ -287,7 +314,8 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen,
+@@ -288,7 +315,8 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen,
decap_slen = ML_KEM_SHARED_SECRET_BYTES;
cbuf = ctext + ml_kem_slot * key->xinfo->pubkey_bytes;
sbuf = shsec + ml_kem_slot * key->xinfo->shsec_bytes;
@@ -168,8 +174,8 @@ index 197c345d85..08fbf99a76 100644
if (ctx == NULL
|| EVP_PKEY_decapsulate_init(ctx, NULL) <= 0
|| EVP_PKEY_decapsulate(ctx, sbuf, &decap_slen, cbuf, decap_clen) <= 0)
-@@ -325,6 +353,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen,
- end:
+@@ -326,6 +354,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen,
+ end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(xkey);
+ OPENSSL_free(adjusted_propq);
@@ -177,11 +183,11 @@ index 197c345d85..08fbf99a76 100644
}
diff --git a/providers/implementations/keymgmt/mlx_kmgmt.c b/providers/implementations/keymgmt/mlx_kmgmt.c
-index bea8783276..aeef0c8f84 100644
+index 46ed63039e..6ce9aa3c9a 100644
--- a/providers/implementations/keymgmt/mlx_kmgmt.c
+++ b/providers/implementations/keymgmt/mlx_kmgmt.c
-@@ -156,6 +156,52 @@ typedef struct export_cb_arg_st {
- size_t prvlen;
+@@ -155,6 +155,52 @@ typedef struct export_cb_arg_st {
+ size_t prvlen;
} EXPORT_CB_ARG;
+#ifndef FIPS_MODULE
@@ -233,7 +239,7 @@ index bea8783276..aeef0c8f84 100644
/* Copy any exported key material into its storage slot */
static int export_sub_cb(const OSSL_PARAM *params, void *varg)
{
-@@ -176,6 +222,10 @@ static int export_sub_cb(const OSSL_PARAM *params, void *varg)
+@@ -175,6 +221,10 @@ static int export_sub_cb(const OSSL_PARAM *params, void *varg)
if (OSSL_PARAM_get_octet_string(p, &pub, sub_arg->publen, &len) != 1)
return 0;
@@ -243,8 +249,8 @@ index bea8783276..aeef0c8f84 100644
+#endif
if (len != sub_arg->publen) {
ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR,
- "Unexpected %s public key length %lu != %lu",
-@@ -344,12 +394,14 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname,
+ "Unexpected %s public key length %lu != %lu",
+@@ -343,12 +393,14 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname,
void *val;
int ml_kem_slot = key->xinfo->ml_kem_slot;
int ret = 0;
@@ -258,8 +264,8 @@ index bea8783276..aeef0c8f84 100644
+ adjusted_propq = get_adjusted_propq(propq);
} else {
alg = key->xinfo->algorithm_name;
- group = (char *) key->xinfo->group_name;
-@@ -359,7 +411,8 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname,
+ group = (char *)key->xinfo->group_name;
+@@ -358,7 +410,8 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname,
}
val = (void *)(in + off);
@@ -269,34 +275,34 @@ index bea8783276..aeef0c8f84 100644
|| EVP_PKEY_fromdata_init(ctx) <= 0)
goto err;
parr[0] = OSSL_PARAM_construct_octet_string(pname, val, len);
-@@ -370,6 +423,7 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname,
+@@ -369,6 +422,7 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname,
ret = 1;
- err:
+ err:
+ OPENSSL_free(adjusted_propq);
EVP_PKEY_CTX_free(ctx);
return ret;
}
-@@ -688,6 +742,7 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg)
+@@ -685,6 +739,7 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg)
PROV_ML_KEM_GEN_CTX *gctx = vgctx;
MLX_KEY *key;
char *propq;
+ char *adjusted_propq = NULL;
if (gctx == NULL
- || (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) ==
-@@ -704,8 +759,10 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg)
+ || (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
+@@ -700,8 +755,10 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg)
return key;
/* For now, using the same "propq" for all components */
- key->mkey = EVP_PKEY_Q_keygen(key->libctx, key->propq,
+ adjusted_propq = get_adjusted_propq(propq);
+ key->mkey = EVP_PKEY_Q_keygen(key->libctx, adjusted_propq ? adjusted_propq : key->propq,
- key->minfo->algorithm_name);
+ key->minfo->algorithm_name);
+ OPENSSL_free(adjusted_propq);
key->xkey = EVP_PKEY_Q_keygen(key->libctx, key->propq,
- key->xinfo->algorithm_name,
- key->xinfo->group_name);
+ key->xinfo->algorithm_name,
+ key->xinfo->group_name);
--
-2.51.0
+2.52.0
diff --git a/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch b/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
index 4b8cd0b..658a8f0 100644
--- a/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
+++ b/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
@@ -1,7 +1,7 @@
-From b963982c4b8ede93212c15021d4d251435153aa2 Mon Sep 17 00:00:00 2001
+From 3f73722b8e546a3f8f4e8bc7d74527f4fe7c4413 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 15 Jul 2025 12:32:14 -0400
-Subject: [PATCH 54/59] Temporarily disable SLH-DSA FIPS self-tests
+Subject: [PATCH 54/57] Temporarily disable SLH-DSA FIPS self-tests
Signed-off-by: Simo Sorce <simo@redhat.com>
---
@@ -9,10 +9,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
1 file changed, 6 insertions(+)
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
-index 3e32a5446a..07518a9d7f 100644
+index 43f7c89fd6..7b03aad775 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
-@@ -2888,6 +2888,7 @@ static const ST_KAT_PARAM ml_dsa_sig_init[] = {
+@@ -2886,6 +2886,7 @@ static const ST_KAT_PARAM ml_dsa_sig_init[] = {
};
#endif /* OPENSSL_NO_ML_DSA */
@@ -20,7 +20,7 @@ index 3e32a5446a..07518a9d7f 100644
#ifndef OPENSSL_NO_SLH_DSA
/*
* Deterministic SLH_DSA key generation supplies the private key elements and
-@@ -2978,6 +2979,7 @@ static const unsigned char slh_dsa_shake_128f_sig_digest[] = {
+@@ -2976,6 +2977,7 @@ static const unsigned char slh_dsa_shake_128f_sig_digest[] = {
0x89, 0x77, 0x00, 0x72, 0x03, 0x92, 0xd1, 0xa6,
};
#endif /* OPENSSL_NO_SLH_DSA */
@@ -28,7 +28,7 @@ index 3e32a5446a..07518a9d7f 100644
/* Hash DRBG inputs for signature KATs */
static const unsigned char sig_kat_entropyin[] = {
-@@ -3077,6 +3079,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+@@ -3075,6 +3077,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
ml_dsa_sig_init
},
#endif /* OPENSSL_NO_ML_DSA */
@@ -36,7 +36,7 @@ index 3e32a5446a..07518a9d7f 100644
#ifndef OPENSSL_NO_SLH_DSA
/*
* FIPS 140-3 IG 10.3.A.16 Note 29 says:
-@@ -3107,6 +3110,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+@@ -3105,6 +3108,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
slh_dsa_sig_params, slh_dsa_sig_params
},
#endif /* OPENSSL_NO_SLH_DSA */
@@ -44,7 +44,7 @@ index 3e32a5446a..07518a9d7f 100644
};
#if !defined(OPENSSL_NO_ML_DSA)
-@@ -3511,6 +3515,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = {
+@@ -3509,6 +3513,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = {
ml_dsa_key
},
# endif
@@ -52,7 +52,7 @@ index 3e32a5446a..07518a9d7f 100644
# if !defined(OPENSSL_NO_SLH_DSA)
{
OSSL_SELF_TEST_DESC_KEYGEN_SLH_DSA,
-@@ -3519,6 +3524,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = {
+@@ -3517,6 +3522,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = {
slh_dsa_128f_keygen_expected_params
},
# endif
@@ -61,5 +61,5 @@ index 3e32a5446a..07518a9d7f 100644
#endif /* !OPENSSL_NO_ML_DSA || !OPENSSL_NO_SLH_DSA */
--
-2.51.0
+2.52.0
diff --git a/0055-Add-a-define-to-disable-symver-attributes.patch b/0055-Add-a-define-to-disable-symver-attributes.patch
index b7f3627..24e7d60 100644
--- a/0055-Add-a-define-to-disable-symver-attributes.patch
+++ b/0055-Add-a-define-to-disable-symver-attributes.patch
@@ -1,7 +1,7 @@
-From 8d2f2f11f3875b58f133729dcb907bb64620649f Mon Sep 17 00:00:00 2001
+From 24875d5f4486540cc7baf23c3f94234ee9800862 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 17 Jul 2025 09:40:34 -0400
-Subject: [PATCH 55/59] Add a define to disable symver attributes
+Subject: [PATCH 55/57] Add a define to disable symver attributes
Defininig RHEL_NO_SYMVER_ATTRIBUTES for a build now prevents adding
compatibility symver attributes.
@@ -14,7 +14,7 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
-index 8ee9db73dd..7ed4933934 100644
+index 638dac8844..5b1b54c195 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -573,7 +573,7 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
@@ -27,10 +27,10 @@ index 8ee9db73dd..7ed4933934 100644
symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
#endif
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
-index 619cf4f385..9192898d39 100644
+index b4edd825cd..e7b124a79b 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
-@@ -1763,7 +1763,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+@@ -1757,7 +1757,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
}
EVP_CIPHER_CTX
@@ -40,10 +40,10 @@ index 619cf4f385..9192898d39 100644
symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
#endif
diff --git a/crypto/o_str.c b/crypto/o_str.c
-index 86442a939e..8c33e4dd63 100644
+index fde43421ea..807e070827 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
-@@ -404,7 +404,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+@@ -407,7 +407,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
}
int
@@ -52,7 +52,7 @@ index 86442a939e..8c33e4dd63 100644
__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
#endif
-@@ -419,7 +419,7 @@ OPENSSL_strcasecmp(const char *s1, const char *s2)
+@@ -422,7 +422,7 @@ OPENSSL_strcasecmp(const char *s1, const char *s2)
}
int
@@ -62,5 +62,5 @@ index 86442a939e..8c33e4dd63 100644
symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
#endif
--
-2.51.0
+2.52.0
diff --git a/0056-Add-targets-to-skip-build-of-non-installable-program.patch b/0056-Add-targets-to-skip-build-of-non-installable-program.patch
new file mode 100644
index 0000000..af91d35
--- /dev/null
+++ b/0056-Add-targets-to-skip-build-of-non-installable-program.patch
@@ -0,0 +1,158 @@
+From 4b634bdcc4dedc8516529d39062adc1305c7bf9b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <zacik.pa@gmail.com>
+Date: Tue, 19 Aug 2025 14:26:07 +0200
+Subject: [PATCH 56/57] Add targets to skip build of non-installable programs
+
+These make it possible to split the build into two
+parts, e.g., when tests should be built with different
+compiler flags than installed software.
+
+Also use these as dependecies where appropriate.
+
+Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/28302)
+---
+ Configurations/descrip.mms.tmpl | 7 +++++--
+ Configurations/unix-Makefile.tmpl | 9 ++++++---
+ Configurations/windows-makefile.tmpl | 8 ++++++--
+ util/help.pl | 2 +-
+ 4 files changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
+index db6a1b1799..bc7fc36b46 100644
+--- a/Configurations/descrip.mms.tmpl
++++ b/Configurations/descrip.mms.tmpl
+@@ -491,6 +491,8 @@ NODEBUG=@
+ {- dependmagic('build_libs'); -} : build_libs_nodep
+ {- dependmagic('build_modules'); -} : build_modules_nodep
+ {- dependmagic('build_programs'); -} : build_programs_nodep
++{- dependmagic('build_inst_sw'); -} : build_libs_nodep, build_modules_nodep, build_inst_programs_nodep
++{- dependmagic('build_inst_programs'); -} : build_inst_programs_nodep
+
+ build_generated_pods : $(GENERATED_PODS)
+ build_docs : build_html_docs
+@@ -500,6 +502,7 @@ build_generated : $(GENERATED_MANDATORY)
+ build_libs_nodep : $(LIBS), $(SHLIBS)
+ build_modules_nodep : $(MODULES)
+ build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
++build_inst_programs_nodep : $(INSTALL_PROGRAMS), $(SCRIPTS)
+
+ # Kept around for backward compatibility
+ build_apps build_tests : build_programs
+@@ -606,7 +609,7 @@ install_docs : install_html_docs
+ uninstall_docs : uninstall_html_docs
+
+ {- output_off() if $disabled{fips}; "" -}
+-install_fips : build_sw $(INSTALL_FIPSMODULECONF)
++install_fips : build_inst_sw $(INSTALL_FIPSMODULECONF)
+ @ WRITE SYS$OUTPUT "*** Installing FIPS module"
+ - CREATE/DIR ossl_installroot:[MODULES{- $target{pointer_size} -}.'arch']
+ - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
+@@ -687,7 +690,7 @@ install_runtime_libs : check_INSTALLTOP build_libs
+ @install_shlibs) -}
+ @ {- output_on() if $disabled{shared}; "" -} !
+
+-install_programs : check_INSTALLTOP install_runtime_libs build_programs
++install_programs : check_INSTALLTOP install_runtime_libs build_inst_programs
+ @ {- output_off() if $disabled{apps}; "" -} !
+ @ ! Install the main program
+ - CREATE/DIR ossl_installroot:[EXE.'arch']
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 1920d38655..bfede44ce4 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -547,7 +547,9 @@ LANG=C
+ {- dependmagic('build_sw', 'Build all the software (default target)'); -}: build_libs_nodep build_modules_nodep build_programs_nodep link-utils
+ {- dependmagic('build_libs', 'Build the libraries libssl and libcrypto'); -}: build_libs_nodep
+ {- dependmagic('build_modules', 'Build the modules (i.e. providers and engines)'); -}: build_modules_nodep
+-{- dependmagic('build_programs', 'Build the openssl executables and scripts'); -}: build_programs_nodep
++{- dependmagic('build_programs', 'Build the openssl executables, scripts and all other programs as configured (e.g. tests or demos)'); -}: build_programs_nodep
++{- dependmagic('build_inst_sw', 'Build all the software to be installed'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep link-utils
++{- dependmagic('build_inst_programs', 'Build only the installable openssl executables and scripts'); -}: build_inst_programs_nodep
+
+ all: build_sw {- "build_docs" if !$disabled{docs}; -} ## Build software and documentation
+ debuginfo: $(SHLIBS)
+@@ -566,6 +568,7 @@ build_generated: $(GENERATED_MANDATORY)
+ build_libs_nodep: $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // platform->sharedlib($_) // () } @{$unified_info{libraries}}) -}
+ build_modules_nodep: $(MODULES)
+ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
++build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS)
+
+ # Kept around for backward compatibility
+ build_apps build_tests: build_programs
+@@ -680,7 +683,7 @@ uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and
+ $(RM) -r "$(DESTDIR)$(DOCDIR)"
+
+ {- output_off() if $disabled{fips}; "" -}
+-install_fips: build_sw $(INSTALL_FIPSMODULECONF)
++install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF)
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)"
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)"
+@@ -966,7 +969,7 @@ install_runtime_libs: build_libs
+ : {- output_on() if windowsdll(); "" -}; \
+ done
+
+-install_programs: install_runtime_libs build_programs
++install_programs: install_runtime_libs build_inst_programs
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(bindir)"
+ @$(ECHO) "*** Installing runtime programs"
+diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
+index 894834cfb7..b5872124de 100644
+--- a/Configurations/windows-makefile.tmpl
++++ b/Configurations/windows-makefile.tmpl
+@@ -418,6 +418,8 @@ PROCESSOR= {- $config{processor} -}
+ {- dependmagic('build_libs'); -}: build_libs_nodep
+ {- dependmagic('build_modules'); -}: build_modules_nodep
+ {- dependmagic('build_programs'); -}: build_programs_nodep
++{- dependmagic('build_inst_sw'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep copy-utils
++{- dependmagic('build_inst_programs'); -}: build_inst_programs_nodep
+
+ build_docs: build_html_docs
+ build_html_docs: $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7)
+@@ -430,6 +432,8 @@ build_modules_nodep: $(MODULES)
+ @
+ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
+ @
++build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS)
++ @
+
+ # Kept around for backward compatibility
+ build_apps build_tests: build_programs
+@@ -507,7 +511,7 @@ install_docs: install_html_docs
+ uninstall_docs: uninstall_html_docs
+
+ {- output_off() if $disabled{fips}; "" -}
+-install_fips: build_sw $(INSTALL_FIPSMODULECONF)
++install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF)
+ # @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)"
+@@ -607,7 +611,7 @@ install_runtime_libs: build_libs
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
+ "$(INSTALLTOP)\bin"
+
+-install_programs: install_runtime_libs build_programs
++install_programs: install_runtime_libs build_inst_programs
+ @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
+ @$(ECHO) "*** Installing runtime programs"
+ @if not "$(INSTALL_PROGRAMS)"=="" \
+diff --git a/util/help.pl b/util/help.pl
+index a1614fe8a9..e88ff4bae1 100755
+--- a/util/help.pl
++++ b/util/help.pl
+@@ -14,7 +14,7 @@ while (<>) {
+ chomp; # strip record separator
+ @Fld = split($FS, $_, -1);
+ if (/^[a-zA-Z0-9_\-]+:.*?##/) {
+- printf " \033[36m%-15s\033[0m %s\n", $Fld[0], $Fld[1]
++ printf " \033[36m%-19s\033[0m %s\n", $Fld[0], $Fld[1]
+ }
+ if (/^##@/) {
+ printf "\n\033[1m%s\033[0m\n", substr($Fld[$_], (5)-1);
+--
+2.52.0
+
diff --git a/0056-apps-speed.c-Disable-testing-of-composite-signature-.patch b/0056-apps-speed.c-Disable-testing-of-composite-signature-.patch
deleted file mode 100644
index 67f7286..0000000
--- a/0056-apps-speed.c-Disable-testing-of-composite-signature-.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From bd015ab1f56008f17404ac9511025812646e5e2d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <zacik.pa@gmail.com>
-Date: Mon, 11 Aug 2025 12:02:03 +0200
-Subject: [PATCH 56/59] apps/speed.c: Disable testing of composite signature
- algorithms
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Creating public key context from name would always fail
-for composite signature algorithms (such as RSA-SHA256)
-because the public key algorithm name (e.g., RSA) does
-not match the name of the composite algorithm.
-
-Relates to #27855.
-
-Signed-off-by: Pavol Žáčik <zacik.pa@gmail.com>
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-(Merged from https://github.com/openssl/openssl/pull/28224)
----
- apps/speed.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/apps/speed.c b/apps/speed.c
-index ae2f166d24..a51d6a57d4 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -2275,9 +2275,11 @@ int speed_main(int argc, char **argv)
- }
- #endif /* OPENSSL_NO_DSA */
- /* skipping these algs as tested elsewhere - and b/o setup is a pain */
-- else if (strcmp(sig_name, "ED25519") &&
-- strcmp(sig_name, "ED448") &&
-- strcmp(sig_name, "ECDSA") &&
-+ else if (strncmp(sig_name, "RSA", 3) &&
-+ strncmp(sig_name, "DSA", 3) &&
-+ strncmp(sig_name, "ED25519", 7) &&
-+ strncmp(sig_name, "ED448", 5) &&
-+ strncmp(sig_name, "ECDSA", 5) &&
- strcmp(sig_name, "HMAC") &&
- strcmp(sig_name, "SIPHASH") &&
- strcmp(sig_name, "POLY1305") &&
---
-2.51.0
-
diff --git a/0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch b/0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch
new file mode 100644
index 0000000..c02fb9f
--- /dev/null
+++ b/0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch
@@ -0,0 +1,27 @@
+From 3ffdc68f16d6b326ff0854053fc9206be3dabcc2 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Wed, 21 Jan 2026 18:13:43 +0100
+Subject: [PATCH 57/57] Disable RSA-PKCS1.5 FIPS POST, not relevant for RHEL
+
+---
+ providers/fips/self_test_kats.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
+index f453b2f2fb..5b37387d83 100644
+--- a/providers/fips/self_test_kats.c
++++ b/providers/fips/self_test_kats.c
+@@ -1190,8 +1190,8 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
+ ret = 0;
+ if (!self_test_kems(st, libctx))
+ ret = 0;
+- if (!self_test_asym_ciphers(st, libctx))
+- ret = 0;
++/* if (!self_test_asym_ciphers(st, libctx))
++ ret = 0; */
+
+ RAND_set0_private(libctx, saved_rand);
+ return ret;
+--
+2.52.0
+
diff --git a/0057-apps-speed.c-Support-more-signature-algorithms.patch b/0057-apps-speed.c-Support-more-signature-algorithms.patch
deleted file mode 100644
index ae49a34..0000000
--- a/0057-apps-speed.c-Support-more-signature-algorithms.patch
+++ /dev/null
@@ -1,142 +0,0 @@
-From eeb05d8b4b63fdda732fb49201c6769082922c11 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <zacik.pa@gmail.com>
-Date: Mon, 11 Aug 2025 12:19:59 +0200
-Subject: [PATCH 57/59] apps/speed.c: Support more signature algorithms
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some signature algorithms (e.g., ML-DSA-65) cannot be initialized
-via EVP_PKEY_sign_init, so try also EVP_PKEY_sign_message_init
-before reporting an error.
-
-Fixes #27108.
-
-Signed-off-by: Pavol Žáčik <zacik.pa@gmail.com>
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-(Merged from https://github.com/openssl/openssl/pull/28224)
----
- apps/speed.c | 69 ++++++++++++++++++++++++++++++++++++++++------------
- 1 file changed, 53 insertions(+), 16 deletions(-)
-
-diff --git a/apps/speed.c b/apps/speed.c
-index a51d6a57d4..4050f46bce 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -4248,6 +4248,7 @@ int speed_main(int argc, char **argv)
- EVP_PKEY_CTX *sig_gen_ctx = NULL;
- EVP_PKEY_CTX *sig_sign_ctx = NULL;
- EVP_PKEY_CTX *sig_verify_ctx = NULL;
-+ EVP_SIGNATURE *alg = NULL;
- unsigned char md[SHA256_DIGEST_LENGTH];
- unsigned char *sig;
- char sfx[MAX_ALGNAME_SUFFIX];
-@@ -4308,21 +4309,48 @@ int speed_main(int argc, char **argv)
- sig_name);
- goto sig_err_break;
- }
-+
-+ /*
-+ * Try explicitly fetching the signature algoritm implementation to
-+ * use in case the algorithm does not support EVP_PKEY_sign_init
-+ */
-+ ERR_set_mark();
-+ alg = EVP_SIGNATURE_fetch(app_get0_libctx(), sig_name, app_get0_propq());
-+ ERR_pop_to_mark();
-+
- /* Now prepare signature data structs */
- sig_sign_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
- pkey,
- app_get0_propq());
-- if (sig_sign_ctx == NULL
-- || EVP_PKEY_sign_init(sig_sign_ctx) <= 0
-- || (use_params == 1
-- && (EVP_PKEY_CTX_set_rsa_padding(sig_sign_ctx,
-- RSA_PKCS1_PADDING) <= 0))
-- || EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len,
-- md, md_len) <= 0) {
-- BIO_printf(bio_err,
-- "Error while initializing signing data structs for %s.\n",
-- sig_name);
-- goto sig_err_break;
-+ if (sig_sign_ctx == NULL) {
-+ BIO_printf(bio_err,
-+ "Error while initializing signing ctx for %s.\n",
-+ sig_name);
-+ goto sig_err_break;
-+ }
-+ ERR_set_mark();
-+ if (EVP_PKEY_sign_init(sig_sign_ctx) <= 0
-+ && (alg == NULL
-+ || EVP_PKEY_sign_message_init(sig_sign_ctx, alg, NULL) <= 0)) {
-+ ERR_clear_last_mark();
-+ BIO_printf(bio_err,
-+ "Error while initializing signing data structs for %s.\n",
-+ sig_name);
-+ goto sig_err_break;
-+ }
-+ ERR_pop_to_mark();
-+ if (use_params == 1 &&
-+ EVP_PKEY_CTX_set_rsa_padding(sig_sign_ctx, RSA_PKCS1_PADDING) <= 0) {
-+ BIO_printf(bio_err,
-+ "Error while initializing padding for %s.\n",
-+ sig_name);
-+ goto sig_err_break;
-+ }
-+ if (EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, md, md_len) <= 0) {
-+ BIO_printf(bio_err,
-+ "Error while obtaining signature bufffer length for %s.\n",
-+ sig_name);
-+ goto sig_err_break;
- }
- sig = app_malloc(sig_len = max_sig_len, "signature buffer");
- if (sig == NULL) {
-@@ -4338,16 +4366,23 @@ int speed_main(int argc, char **argv)
- sig_verify_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
- pkey,
- app_get0_propq());
-- if (sig_verify_ctx == NULL
-- || EVP_PKEY_verify_init(sig_verify_ctx) <= 0
-- || (use_params == 1
-- && (EVP_PKEY_CTX_set_rsa_padding(sig_verify_ctx,
-- RSA_PKCS1_PADDING) <= 0))) {
-+ if (sig_verify_ctx == NULL) {
-+ BIO_printf(bio_err,
-+ "Error while initializing verify ctx for %s.\n",
-+ sig_name);
-+ goto sig_err_break;
-+ }
-+ ERR_set_mark();
-+ if (EVP_PKEY_verify_init(sig_verify_ctx) <= 0
-+ && (alg == NULL
-+ || EVP_PKEY_verify_message_init(sig_verify_ctx, alg, NULL) <= 0)) {
-+ ERR_clear_last_mark();
- BIO_printf(bio_err,
- "Error while initializing verify data structs for %s.\n",
- sig_name);
- goto sig_err_break;
- }
-+ ERR_pop_to_mark();
- if (EVP_PKEY_verify(sig_verify_ctx, sig, sig_len, md, md_len) <= 0) {
- BIO_printf(bio_err, "Verify error for %s.\n", sig_name);
- goto sig_err_break;
-@@ -4363,12 +4398,14 @@ int speed_main(int argc, char **argv)
- loopargs[i].sig_act_sig_len[testnum] = sig_len;
- loopargs[i].sig_sig[testnum] = sig;
- EVP_PKEY_free(pkey);
-+ EVP_SIGNATURE_free(alg);
- pkey = NULL;
- continue;
-
- sig_err_break:
- dofail();
- EVP_PKEY_free(pkey);
-+ EVP_SIGNATURE_free(alg);
- op_count = 1;
- sig_checks = 0;
- break;
---
-2.51.0
-
diff --git a/0058-Add-targets-to-skip-build-of-non-installable-program.patch b/0058-Add-targets-to-skip-build-of-non-installable-program.patch
deleted file mode 100644
index c87c278..0000000
--- a/0058-Add-targets-to-skip-build-of-non-installable-program.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-From f320da46f706a8013de532ee1a34703bd814be06 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <zacik.pa@gmail.com>
-Date: Tue, 19 Aug 2025 14:26:07 +0200
-Subject: [PATCH 58/59] Add targets to skip build of non-installable programs
-
-These make it possible to split the build into two
-parts, e.g., when tests should be built with different
-compiler flags than installed software.
-
-Also use these as dependecies where appropriate.
-
-Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/28302)
----
- Configurations/descrip.mms.tmpl | 7 +++++--
- Configurations/unix-Makefile.tmpl | 9 ++++++---
- Configurations/windows-makefile.tmpl | 8 ++++++--
- util/help.pl | 2 +-
- 4 files changed, 18 insertions(+), 8 deletions(-)
-
-diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
-index db6a1b1799..bc7fc36b46 100644
---- a/Configurations/descrip.mms.tmpl
-+++ b/Configurations/descrip.mms.tmpl
-@@ -491,6 +491,8 @@ NODEBUG=@
- {- dependmagic('build_libs'); -} : build_libs_nodep
- {- dependmagic('build_modules'); -} : build_modules_nodep
- {- dependmagic('build_programs'); -} : build_programs_nodep
-+{- dependmagic('build_inst_sw'); -} : build_libs_nodep, build_modules_nodep, build_inst_programs_nodep
-+{- dependmagic('build_inst_programs'); -} : build_inst_programs_nodep
-
- build_generated_pods : $(GENERATED_PODS)
- build_docs : build_html_docs
-@@ -500,6 +502,7 @@ build_generated : $(GENERATED_MANDATORY)
- build_libs_nodep : $(LIBS), $(SHLIBS)
- build_modules_nodep : $(MODULES)
- build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
-+build_inst_programs_nodep : $(INSTALL_PROGRAMS), $(SCRIPTS)
-
- # Kept around for backward compatibility
- build_apps build_tests : build_programs
-@@ -606,7 +609,7 @@ install_docs : install_html_docs
- uninstall_docs : uninstall_html_docs
-
- {- output_off() if $disabled{fips}; "" -}
--install_fips : build_sw $(INSTALL_FIPSMODULECONF)
-+install_fips : build_inst_sw $(INSTALL_FIPSMODULECONF)
- @ WRITE SYS$OUTPUT "*** Installing FIPS module"
- - CREATE/DIR ossl_installroot:[MODULES{- $target{pointer_size} -}.'arch']
- - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
-@@ -687,7 +690,7 @@ install_runtime_libs : check_INSTALLTOP build_libs
- @install_shlibs) -}
- @ {- output_on() if $disabled{shared}; "" -} !
-
--install_programs : check_INSTALLTOP install_runtime_libs build_programs
-+install_programs : check_INSTALLTOP install_runtime_libs build_inst_programs
- @ {- output_off() if $disabled{apps}; "" -} !
- @ ! Install the main program
- - CREATE/DIR ossl_installroot:[EXE.'arch']
-diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 74139ec228..16aab9cd76 100644
---- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
-@@ -547,7 +547,9 @@ LANG=C
- {- dependmagic('build_sw', 'Build all the software (default target)'); -}: build_libs_nodep build_modules_nodep build_programs_nodep link-utils
- {- dependmagic('build_libs', 'Build the libraries libssl and libcrypto'); -}: build_libs_nodep
- {- dependmagic('build_modules', 'Build the modules (i.e. providers and engines)'); -}: build_modules_nodep
--{- dependmagic('build_programs', 'Build the openssl executables and scripts'); -}: build_programs_nodep
-+{- dependmagic('build_programs', 'Build the openssl executables, scripts and all other programs as configured (e.g. tests or demos)'); -}: build_programs_nodep
-+{- dependmagic('build_inst_sw', 'Build all the software to be installed'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep link-utils
-+{- dependmagic('build_inst_programs', 'Build only the installable openssl executables and scripts'); -}: build_inst_programs_nodep
-
- all: build_sw {- "build_docs" if !$disabled{docs}; -} ## Build software and documentation
- debuginfo: $(SHLIBS)
-@@ -566,6 +568,7 @@ build_generated: $(GENERATED_MANDATORY)
- build_libs_nodep: $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // platform->sharedlib($_) // () } @{$unified_info{libraries}}) -}
- build_modules_nodep: $(MODULES)
- build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
-+build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS)
-
- # Kept around for backward compatibility
- build_apps build_tests: build_programs
-@@ -680,7 +683,7 @@ uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and
- $(RM) -r "$(DESTDIR)$(DOCDIR)"
-
- {- output_off() if $disabled{fips}; "" -}
--install_fips: build_sw $(INSTALL_FIPSMODULECONF)
-+install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF)
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)"
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)"
-@@ -965,7 +968,7 @@ install_runtime_libs: build_libs
- : {- output_on() if windowsdll(); "" -}; \
- done
-
--install_programs: install_runtime_libs build_programs
-+install_programs: install_runtime_libs build_inst_programs
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(bindir)"
- @$(ECHO) "*** Installing runtime programs"
-diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
-index 894834cfb7..b5872124de 100644
---- a/Configurations/windows-makefile.tmpl
-+++ b/Configurations/windows-makefile.tmpl
-@@ -418,6 +418,8 @@ PROCESSOR= {- $config{processor} -}
- {- dependmagic('build_libs'); -}: build_libs_nodep
- {- dependmagic('build_modules'); -}: build_modules_nodep
- {- dependmagic('build_programs'); -}: build_programs_nodep
-+{- dependmagic('build_inst_sw'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep copy-utils
-+{- dependmagic('build_inst_programs'); -}: build_inst_programs_nodep
-
- build_docs: build_html_docs
- build_html_docs: $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7)
-@@ -430,6 +432,8 @@ build_modules_nodep: $(MODULES)
- @
- build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
- @
-+build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS)
-+ @
-
- # Kept around for backward compatibility
- build_apps build_tests: build_programs
-@@ -507,7 +511,7 @@ install_docs: install_html_docs
- uninstall_docs: uninstall_html_docs
-
- {- output_off() if $disabled{fips}; "" -}
--install_fips: build_sw $(INSTALL_FIPSMODULECONF)
-+install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF)
- # @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)"
- @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)"
-@@ -607,7 +611,7 @@ install_runtime_libs: build_libs
- "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
- "$(INSTALLTOP)\bin"
-
--install_programs: install_runtime_libs build_programs
-+install_programs: install_runtime_libs build_inst_programs
- @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
- @$(ECHO) "*** Installing runtime programs"
- @if not "$(INSTALL_PROGRAMS)"=="" \
-diff --git a/util/help.pl b/util/help.pl
-index a1614fe8a9..e88ff4bae1 100755
---- a/util/help.pl
-+++ b/util/help.pl
-@@ -14,7 +14,7 @@ while (<>) {
- chomp; # strip record separator
- @Fld = split($FS, $_, -1);
- if (/^[a-zA-Z0-9_\-]+:.*?##/) {
-- printf " \033[36m%-15s\033[0m %s\n", $Fld[0], $Fld[1]
-+ printf " \033[36m%-19s\033[0m %s\n", $Fld[0], $Fld[1]
- }
- if (/^##@/) {
- printf "\n\033[1m%s\033[0m\n", substr($Fld[$_], (5)-1);
---
-2.51.0
-
diff --git a/0059-RSA_encrypt-decrypt-with-padding-NONE-is-not-support.patch b/0059-RSA_encrypt-decrypt-with-padding-NONE-is-not-support.patch
deleted file mode 100644
index 5323d6a..0000000
--- a/0059-RSA_encrypt-decrypt-with-padding-NONE-is-not-support.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 4b91d0604643eff849a480f37b22f3bd7029d897 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Fri, 17 Oct 2025 17:45:48 +0200
-Subject: [PATCH 59/59] RSA_encrypt/decrypt with padding NONE is not supported
- in
-
-RHEL/CentOS/Fedora FIPS mode
----
- providers/fips/self_test_kats.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
-index acb0b85f73..c69c81bc9c 100644
---- a/providers/fips/self_test_kats.c
-+++ b/providers/fips/self_test_kats.c
-@@ -1190,8 +1190,8 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
- ret = 0;
- if (!self_test_kems(st, libctx))
- ret = 0;
-- if (!self_test_asym_ciphers(st, libctx))
-- ret = 0;
-+/* if (!self_test_asym_ciphers(st, libctx))
-+ ret = 0; */
-
- RAND_set0_private(libctx, saved_rand);
- return ret;
---
-2.51.0
-
diff --git a/0060-CVE-2025-15467.patch b/0060-CVE-2025-15467.patch
deleted file mode 100644
index 4e72b62..0000000
--- a/0060-CVE-2025-15467.patch
+++ /dev/null
@@ -1,207 +0,0 @@
-From 190ba58c0a1d995d4da8b017054d4b74d138291c Mon Sep 17 00:00:00 2001
-From: Igor Ustinov <igus68@gmail.com>
-Date: Mon, 12 Jan 2026 12:13:35 +0100
-Subject: [PATCH 1/3] Correct handling of AEAD-encrypted CMS with inadmissibly
- long IV
-
-Fixes CVE-2025-15467
----
- crypto/evp/evp_lib.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
-index 9eae1d421c2..58fa7ce43b4 100644
---- a/crypto/evp/evp_lib.c
-+++ b/crypto/evp/evp_lib.c
-@@ -228,10 +228,9 @@ int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
- if (type == NULL || asn1_params == NULL)
- return 0;
-
-- i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
-- if (i <= 0)
-+ i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH);
-+ if (i <= 0 || i > EVP_MAX_IV_LENGTH)
- return -1;
-- ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
-
- memcpy(asn1_params->iv, iv, i);
- asn1_params->iv_len = i;
-
-From 6fb47957bfb0aef2deaa7df7aebd4eb52ffe20ce Mon Sep 17 00:00:00 2001
-From: Igor Ustinov <igus68@gmail.com>
-Date: Mon, 12 Jan 2026 12:15:42 +0100
-Subject: [PATCH 2/3] Some comments to clarify functions usage
-
----
- crypto/asn1/evp_asn1.c | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
-index 382576364be..e73bda64e3d 100644
---- a/crypto/asn1/evp_asn1.c
-+++ b/crypto/asn1/evp_asn1.c
-@@ -60,6 +60,12 @@ static ossl_inline void asn1_type_init_oct(ASN1_OCTET_STRING *oct,
- oct->flags = 0;
- }
-
-+/*
-+ * This function copies 'anum' to 'num' and the data of 'oct' to 'data'.
-+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
-+ * bytes, but returns the full length of 'oct'; this allows distinguishing
-+ * whether all the data was copied.
-+ */
- static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum,
- long *num, unsigned char *data, int max_len)
- {
-@@ -106,6 +112,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
- return 0;
- }
-
-+/*
-+ * This function decodes an int-octet sequence and copies the integer to 'num'
-+ * and the data of octet to 'data'.
-+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
-+ * bytes, but returns the full length of 'oct'; this allows distinguishing
-+ * whether all the data was copied.
-+ */
- int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
- unsigned char *data, int max_len)
- {
-@@ -162,6 +175,13 @@ int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
- return 0;
- }
-
-+/*
-+ * This function decodes an octet-int sequence and copies the data of octet
-+ * to 'data' and the integer to 'num'.
-+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
-+ * bytes, but returns the full length of 'oct'; this allows distinguishing
-+ * whether all the data was copied.
-+ */
- int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
- unsigned char *data, int max_len)
- {
-
-From 1e8f5c7cd2c46b25a2877e8f3f4bbf954fbcdf77 Mon Sep 17 00:00:00 2001
-From: Igor Ustinov <igus68@gmail.com>
-Date: Sun, 11 Jan 2026 11:35:15 +0100
-Subject: [PATCH 3/3] Test for handling of AEAD-encrypted CMS with inadmissibly
- long IV
-
----
- test/cmsapitest.c | 39 ++++++++++++++++++-
- test/recipes/80-test_cmsapi.t | 3 +-
- .../encDataWithTooLongIV.pem | 11 ++++++
- 3 files changed, 50 insertions(+), 3 deletions(-)
- create mode 100644 test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
-
-diff --git a/test/cmsapitest.c b/test/cmsapitest.c
-index 88d519fd148..472d30c9e5d 100644
---- a/test/cmsapitest.c
-+++ b/test/cmsapitest.c
-@@ -9,10 +9,10 @@
-
- #include <string.h>
-
-+#include <openssl/pem.h>
- #include <openssl/cms.h>
- #include <openssl/bio.h>
- #include <openssl/x509.h>
--#include <openssl/pem.h>
- #include "../crypto/cms/cms_local.h" /* for d.signedData and d.envelopedData */
-
- #include "testutil.h"
-@@ -20,6 +20,7 @@
- static X509 *cert = NULL;
- static EVP_PKEY *privkey = NULL;
- static char *derin = NULL;
-+static char *too_long_iv_cms_in = NULL;
-
- static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
- {
-@@ -479,6 +480,38 @@ static int test_encrypted_data_aead(void)
- return ret;
- }
-
-+static int test_cms_aesgcm_iv_too_long(void)
-+{
-+ int ret = 0;
-+ BIO *cmsbio = NULL, *out = NULL;
-+ CMS_ContentInfo *cms = NULL;
-+ unsigned long err = 0;
-+
-+ if (!TEST_ptr(cmsbio = BIO_new_file(too_long_iv_cms_in, "r")))
-+ goto end;
-+
-+ if (!TEST_ptr(cms = PEM_read_bio_CMS(cmsbio, NULL, NULL, NULL)))
-+ goto end;
-+
-+ /* Must fail cleanly (no crash) */
-+ if (!TEST_false(CMS_decrypt(cms, privkey, cert, NULL, out, 0)))
-+ goto end;
-+ err = ERR_peek_last_error();
-+ if (!TEST_ulong_ne(err, 0))
-+ goto end;
-+ if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_CMS))
-+ goto end;
-+ if (!TEST_int_eq(ERR_GET_REASON(err), CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR))
-+ goto end;
-+
-+ ret = 1;
-+end:
-+ CMS_ContentInfo_free(cms);
-+ BIO_free(cmsbio);
-+ BIO_free(out);
-+ return ret;
-+}
-+
- OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")
-
- int setup_tests(void)
-@@ -493,7 +526,8 @@ int setup_tests(void)
-
- if (!TEST_ptr(certin = test_get_argument(0))
- || !TEST_ptr(privkeyin = test_get_argument(1))
-- || !TEST_ptr(derin = test_get_argument(2)))
-+ || !TEST_ptr(derin = test_get_argument(2))
-+ || !TEST_ptr(too_long_iv_cms_in = test_get_argument(3)))
- return 0;
-
- certbio = BIO_new_file(certin, "r");
-@@ -529,6 +563,7 @@ int setup_tests(void)
- ADD_TEST(test_CMS_add1_cert);
- ADD_TEST(test_d2i_CMS_bio_NULL);
- ADD_ALL_TESTS(test_d2i_CMS_decode, 2);
-+ ADD_TEST(test_cms_aesgcm_iv_too_long);
- return 1;
- }
-
-diff --git a/test/recipes/80-test_cmsapi.t b/test/recipes/80-test_cmsapi.t
-index af00355a9d6..182629e71a0 100644
---- a/test/recipes/80-test_cmsapi.t
-+++ b/test/recipes/80-test_cmsapi.t
-@@ -18,5 +18,6 @@ plan tests => 1;
-
- ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
- srctop_file("test", "certs", "serverkey.pem"),
-- srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
-+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der"),
-+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encDataWithTooLongIV.pem")])),
- "running cmsapitest");
-diff --git a/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem b/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
-new file mode 100644
-index 00000000000..4323cd2fb0c
---- /dev/null
-+++ b/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
-@@ -0,0 +1,11 @@
-+-----BEGIN CMS-----
-+MIIBmgYLKoZIhvcNAQkQARegggGJMIIBhQIBADGCATMwggEvAgEAMBcwEjEQMA4G
-+A1UEAwwHUm9vdCBDQQIBAjANBgkqhkiG9w0BAQEFAASCAQC8ZqP1OqbletcUre1V
-+b4XOobZzQr6wKMSsdjtGzVbZowUVv5DkOn9VOefrpg4HxMq/oi8IpzVYj8ZiKRMV
-+NTJ+/d8FwwBwUUNNP/IDnfEpX+rT1+pGS5zAa7NenLoZgGBNjPy5I2OHP23fPnEd
-+sm8YkFjzubkhAD1lod9pEOEqB3V2kTrTTiwzSNtMHggna1zPox6TkdZwFmMnp8d2
-+CVa6lIPGx26gFwCuIDSaavmQ2URJ615L8gAvpYUlpsDqjFsabWsbaOFbMz3bIGJu
-+GkrX2ezX7CpuC1wjix26ojlTySJHv+L0IrpcaIzLlC5lB1rqtuija8dGm3rBNm/P
-+AAUNMDcGCSqGSIb3DQEHATAjBglghkgBZQMEAQYwFgQRzxwoRQzOHVooVn3CpaWl
-+paUCARCABUNdolo6BBA55E9hYaYO2S8C/ZnD8dRO
-+-----END CMS-----
diff --git a/0061-CVE-2025-15468.patch b/0061-CVE-2025-15468.patch
deleted file mode 100644
index 0e0cf21..0000000
--- a/0061-CVE-2025-15468.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 7da6afe3dac7d65b30f87f2c5d305b6e699bc5dc Mon Sep 17 00:00:00 2001
-From: Daniel Kubec <kubec@openssl.org>
-Date: Fri, 9 Jan 2026 14:33:24 +0100
-Subject: [PATCH] ossl_quic_get_cipher_by_char(): Add a NULL guard before
- dereferencing SSL_CIPHER
-
-Fixes CVE-2025-15468
----
- ssl/quic/quic_impl.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
-index 87c1370a8d6..89c108a9734 100644
---- a/ssl/quic/quic_impl.c
-+++ b/ssl/quic/quic_impl.c
-@@ -5222,6 +5222,8 @@ const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
- {
- const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
-
-+ if (ciph == NULL)
-+ return NULL;
- if ((ciph->algorithm2 & SSL_QUIC) == 0)
- return NULL;
-
diff --git a/0062-CVE-2025-15469.patch b/0062-CVE-2025-15469.patch
deleted file mode 100644
index 37f113c..0000000
--- a/0062-CVE-2025-15469.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From ef48810aafdc3b8c6c4a85e52314caeec0cb596c Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <openssl-users@dukhovni.org>
-Date: Wed, 7 Jan 2026 01:21:58 +1100
-Subject: [PATCH] Report truncation in oneshot `openssl dgst -sign`
-
-Previously input was silently truncated at 16MB, now if the input is
-longer than limit, an error is reported.
-
-The bio_to_mem() apps helper function was changed to return 0 or 1,
-and return the size of the result via an output size_t pointer.
-
-Fixes CVE-2025-15469
----
- apps/dgst.c | 7 +++---
- apps/include/apps.h | 2 +-
- apps/lib/apps.c | 55 +++++++++++++++++++++++----------------------
- apps/pkeyutl.c | 36 ++++++++++++++---------------
- 4 files changed, 50 insertions(+), 50 deletions(-)
-
-diff --git a/apps/dgst.c b/apps/dgst.c
-index 94415128d7f..7168b5f8b84 100644
---- a/apps/dgst.c
-+++ b/apps/dgst.c
-@@ -721,12 +721,11 @@ static int do_fp_oneshot_sign(BIO *out, EVP_MD_CTX *ctx, BIO *in, int sep, int b
- {
- int res, ret = EXIT_FAILURE;
- size_t len = 0;
-- int buflen = 0;
-- int maxlen = 16 * 1024 * 1024;
-+ size_t buflen = 0;
-+ size_t maxlen = 16 * 1024 * 1024;
- uint8_t *buf = NULL, *sig = NULL;
-
-- buflen = bio_to_mem(&buf, maxlen, in);
-- if (buflen <= 0) {
-+ if (!bio_to_mem(&buf, &buflen, maxlen, in)) {
- BIO_printf(bio_err, "Read error in %s\n", file);
- return ret;
- }
-diff --git a/apps/include/apps.h b/apps/include/apps.h
-index 6a23dbbb131..c9471ddc4ed 100644
---- a/apps/include/apps.h
-+++ b/apps/include/apps.h
-@@ -253,7 +253,7 @@ int parse_yesno(const char *str, int def);
- X509_NAME *parse_name(const char *str, int chtype, int multirdn,
- const char *desc);
- void policies_print(X509_STORE_CTX *ctx);
--int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
-+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in);
- int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
- int x509_ctrl_string(X509 *x, const char *value);
- int x509_req_ctrl_string(X509_REQ *x, const char *value);
-diff --git a/apps/lib/apps.c b/apps/lib/apps.c
-index 0e436582030..76f3c1683b2 100644
---- a/apps/lib/apps.c
-+++ b/apps/lib/apps.c
-@@ -49,6 +49,7 @@
- #include "apps.h"
-
- #include "internal/sockets.h" /* for openssl_fdset() */
-+#include "internal/numbers.h" /* for LONG_MAX */
- #include "internal/e_os.h"
-
- #ifdef _WIN32
-@@ -2010,45 +2011,45 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
- }
-
- /*
-- * Read whole contents of a BIO into an allocated memory buffer and return
-- * it.
-+ * Read whole contents of a BIO into an allocated memory buffer.
-+ * The return value is one on success, zero on error.
-+ * If `maxlen` is non-zero, at most `maxlen` bytes are returned, or else, if
-+ * the input is longer than `maxlen`, an error is returned.
-+ * If `maxlen` is zero, the limit is effectively `SIZE_MAX`.
- */
--
--int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
-+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in)
- {
-+ unsigned char tbuf[4096];
- BIO *mem;
-- int len, ret;
-- unsigned char tbuf[1024];
-+ BUF_MEM *bufm;
-+ size_t sz = 0;
-+ int len;
-
- mem = BIO_new(BIO_s_mem());
- if (mem == NULL)
-- return -1;
-+ return 0;
- for (;;) {
-- if ((maxlen != -1) && maxlen < 1024)
-- len = maxlen;
-- else
-- len = 1024;
-- len = BIO_read(in, tbuf, len);
-- if (len < 0) {
-- BIO_free(mem);
-- return -1;
-- }
-- if (len == 0)
-+ if ((len = BIO_read(in, tbuf, 4096)) == 0)
- break;
-- if (BIO_write(mem, tbuf, len) != len) {
-+ if (len < 0
-+ || BIO_write(mem, tbuf, len) != len
-+ || sz > SIZE_MAX - len
-+ || ((sz += len) > maxlen && maxlen != 0)) {
- BIO_free(mem);
-- return -1;
-+ return 0;
- }
-- if (maxlen != -1)
-- maxlen -= len;
--
-- if (maxlen == 0)
-- break;
- }
-- ret = BIO_get_mem_data(mem, (char **)out);
-- BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
-+
-+ /* So BIO_free orphans BUF_MEM */
-+ (void)BIO_set_close(mem, BIO_NOCLOSE);
-+ BIO_get_mem_ptr(mem, &bufm);
- BIO_free(mem);
-- return ret;
-+ *out = (unsigned char *)bufm->data;
-+ *outlen = bufm->length;
-+ /* Tell BUF_MEM to orphan data */
-+ bufm->data = NULL;
-+ BUF_MEM_free(bufm);
-+ return 1;
- }
-
- int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
-diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
-index deecec6bcd7..2681114fba1 100644
---- a/apps/pkeyutl.c
-+++ b/apps/pkeyutl.c
-@@ -40,7 +40,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
-
- static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
- EVP_PKEY *pkey, BIO *in,
-- int filesize, unsigned char *sig, int siglen,
-+ int filesize, unsigned char *sig, size_t siglen,
- unsigned char **out, size_t *poutlen);
-
- static int only_nomd(EVP_PKEY *pkey)
-@@ -158,7 +158,7 @@ int pkeyutl_main(int argc, char **argv)
- char hexdump = 0, asn1parse = 0, rev = 0, *prog;
- unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL, *secret = NULL;
- OPTION_CHOICE o;
-- int buf_inlen = 0, siglen = -1;
-+ size_t buf_inlen = 0, siglen = 0;
- int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
- int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
- int engine_impl = 0;
-@@ -508,31 +508,31 @@ int pkeyutl_main(int argc, char **argv)
-
- if (sigfile != NULL) {
- BIO *sigbio = BIO_new_file(sigfile, "rb");
-+ size_t maxsiglen = 16 * 1024 * 1024;
-
- if (sigbio == NULL) {
- BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
- goto end;
- }
-- siglen = bio_to_mem(&sig, keysize * 10, sigbio);
-- BIO_free(sigbio);
-- if (siglen < 0) {
-+ if (!bio_to_mem(&sig, &siglen, maxsiglen, sigbio)) {
-+ BIO_free(sigbio);
- BIO_printf(bio_err, "Error reading signature data\n");
- goto end;
- }
-+ BIO_free(sigbio);
- }
-
- /* Raw input data is handled elsewhere */
- if (in != NULL && !rawin) {
- /* Read the input data */
-- buf_inlen = bio_to_mem(&buf_in, -1, in);
-- if (buf_inlen < 0) {
-+ if (!bio_to_mem(&buf_in, &buf_inlen, 0, in)) {
- BIO_printf(bio_err, "Error reading input Data\n");
- goto end;
- }
- if (rev) {
- size_t i;
- unsigned char ctmp;
-- size_t l = (size_t)buf_inlen;
-+ size_t l = buf_inlen;
-
- for (i = 0; i < l / 2; i++) {
- ctmp = buf_in[i];
-@@ -547,7 +547,8 @@ int pkeyutl_main(int argc, char **argv)
- && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY)) {
- if (buf_inlen > EVP_MAX_MD_SIZE) {
- BIO_printf(bio_err,
-- "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",
-+ "Error: The non-raw input data length %zd is too long - "
-+ "max supported hashed size is %d\n",
- buf_inlen, EVP_MAX_MD_SIZE);
- goto end;
- }
-@@ -558,8 +559,7 @@ int pkeyutl_main(int argc, char **argv)
- rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, sig, siglen,
- NULL, 0);
- } else {
-- rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
-- buf_in, (size_t)buf_inlen);
-+ rv = EVP_PKEY_verify(ctx, sig, siglen, buf_in, buf_inlen);
- }
- if (rv == 1) {
- BIO_puts(out, "Signature Verified Successfully\n");
-@@ -578,8 +578,8 @@ int pkeyutl_main(int argc, char **argv)
- buf_outlen = kdflen;
- rv = 1;
- } else {
-- rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
-- buf_in, (size_t)buf_inlen, NULL, (size_t *)&secretlen);
-+ rv = do_keyop(ctx, pkey_op, NULL, &buf_outlen,
-+ buf_in, buf_inlen, NULL, &secretlen);
- }
- if (rv > 0
- && (secretlen > 0 || (pkey_op != EVP_PKEY_OP_ENCAPSULATE
-@@ -589,8 +589,8 @@ int pkeyutl_main(int argc, char **argv)
- if (secretlen > 0)
- secret = app_malloc(secretlen, "secret output");
- rv = do_keyop(ctx, pkey_op,
-- buf_out, (size_t *)&buf_outlen,
-- buf_in, (size_t)buf_inlen, secret, (size_t *)&secretlen);
-+ buf_out, &buf_outlen,
-+ buf_in, buf_inlen, secret, &secretlen);
- }
- }
- if (rv <= 0) {
-@@ -857,7 +857,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
-
- static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
- EVP_PKEY *pkey, BIO *in,
-- int filesize, unsigned char *sig, int siglen,
-+ int filesize, unsigned char *sig, size_t siglen,
- unsigned char **out, size_t *poutlen)
- {
- int rv = 0;
-@@ -880,7 +880,7 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
- BIO_printf(bio_err, "Error reading raw input data\n");
- goto end;
- }
-- rv = EVP_DigestVerify(mctx, sig, (size_t)siglen, mbuf, buf_len);
-+ rv = EVP_DigestVerify(mctx, sig, siglen, mbuf, buf_len);
- break;
- case EVP_PKEY_OP_SIGN:
- buf_len = BIO_read(in, mbuf, filesize);
-@@ -914,7 +914,7 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
- goto end;
- }
- }
-- rv = EVP_DigestVerifyFinal(mctx, sig, (size_t)siglen);
-+ rv = EVP_DigestVerifyFinal(mctx, sig, siglen);
- break;
- case EVP_PKEY_OP_SIGN:
- for (;;) {
diff --git a/0063-CVE-2025-66199.patch b/0063-CVE-2025-66199.patch
deleted file mode 100644
index 0b9aa1f..0000000
--- a/0063-CVE-2025-66199.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 04a93ac145041e3ef0121a2688cf7c1b23780519 Mon Sep 17 00:00:00 2001
-From: Igor Ustinov <igus68@gmail.com>
-Date: Thu, 8 Jan 2026 14:02:54 +0100
-Subject: [PATCH] Check the received uncompressed certificate length to prevent
- excessive pre-decompression allocation.
-
-The patch was proposed by Tomas Dulka and Stanislav Fort (Aisle Research).
-
-Fixes: CVE-2025-66199
----
- ssl/statem/statem_lib.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index 9e0c853c0d2..f82d8dcdac1 100644
---- a/ssl/statem/statem_lib.c
-+++ b/ssl/statem/statem_lib.c
-@@ -2877,6 +2877,12 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc,
- goto err;
- }
-
-+ /* Prevent excessive pre-decompression allocation */
-+ if (expected_length > sc->max_cert_list) {
-+ SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-+ goto err;
-+ }
-+
- if (PACKET_remaining(pkt) != comp_length || comp_length == 0) {
- SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION);
- goto err;
diff --git a/0064-CVE-2025-68160.patch b/0064-CVE-2025-68160.patch
deleted file mode 100644
index cd57ed1..0000000
--- a/0064-CVE-2025-68160.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 701aa270db8ad424cece68702b9bb2e05290af9b Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@openssl.org>
-Date: Wed, 7 Jan 2026 11:52:09 -0500
-Subject: [PATCH] Fix heap buffer overflow in BIO_f_linebuffer
-
-When a FIO_f_linebuffer is part of a bio chain, and the next BIO
-preforms short writes, the remainder of the unwritten buffer is copied
-unconditionally to the internal buffer ctx->obuf, which may not be
-sufficiently sized to handle the remaining data, resulting in a buffer
-overflow.
-
-Fix it by only copying data when ctx->obuf has space, flushing to the
-next BIO to increase available storage if needed.
-
-Fixes CVE-2025-68160
----
- crypto/bio/bf_lbuf.c | 32 ++++++++++++++++++++++++++------
- 1 file changed, 26 insertions(+), 6 deletions(-)
-
-diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
-index 1dfcac8f2ea..e4af2a8c4ff 100644
---- a/crypto/bio/bf_lbuf.c
-+++ b/crypto/bio/bf_lbuf.c
-@@ -187,14 +187,34 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
- while (foundnl && inl > 0);
- /*
- * We've written as much as we can. The rest of the input buffer, if
-- * any, is text that doesn't and with a NL and therefore needs to be
-- * saved for the next trip.
-+ * any, is text that doesn't end with a NL and therefore we need to try
-+ * free up some space in our obuf so we can make forward progress.
- */
-- if (inl > 0) {
-- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
-- ctx->obuf_len += inl;
-- num += inl;
-+ while (inl > 0) {
-+ size_t avail = (size_t)ctx->obuf_size - (size_t)ctx->obuf_len;
-+ size_t to_copy;
-+
-+ if (avail == 0) {
-+ /* Flush buffered data to make room */
-+ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
-+ if (i <= 0) {
-+ BIO_copy_next_retry(b);
-+ return num > 0 ? num : i;
-+ }
-+ if (i < ctx->obuf_len)
-+ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
-+ ctx->obuf_len -= i;
-+ continue;
-+ }
-+
-+ to_copy = inl > (int)avail ? avail : (size_t)inl;
-+ memcpy(&(ctx->obuf[ctx->obuf_len]), in, to_copy);
-+ ctx->obuf_len += (int)to_copy;
-+ in += to_copy;
-+ inl -= (int)to_copy;
-+ num += (int)to_copy;
- }
-+
- return num;
- }
-
diff --git a/0065-CVE-2025-69418.patch b/0065-CVE-2025-69418.patch
deleted file mode 100644
index 733af4c..0000000
--- a/0065-CVE-2025-69418.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 1a556ff619473af9e179b202284a961590d5a2bd Mon Sep 17 00:00:00 2001
-From: Norbert Pocs <norbertp@openssl.org>
-Date: Thu, 8 Jan 2026 15:04:54 +0100
-Subject: [PATCH] Fix OCB AES-NI/HW stream path unauthenticated/unencrypted
- trailing bytes
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When ctx->stream (e.g., AES‑NI or ARMv8 CE) is available, the fast path
-encrypts/decrypts full blocks but does not advance in/out pointers. The
-tail-handling code then operates on the base pointers, effectively reprocessing
-the beginning of the buffer while leaving the actual trailing bytes
-unencrypted (encryption) or using the wrong plaintext (decryption). The
-authentication checksum excludes the true tail.
-
-CVE-2025-69418
-
-Fixes: https://github.com/openssl/srt/issues/58
-
-Signed-off-by: Norbert Pocs <norbertp@openssl.org>
----
- crypto/modes/ocb128.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c
-index ce72baf6da5..8a5d7c7db00 100644
---- a/crypto/modes/ocb128.c
-+++ b/crypto/modes/ocb128.c
-@@ -337,7 +337,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
-
- if (num_blocks && all_num_blocks == (size_t)all_num_blocks
- && ctx->stream != NULL) {
-- size_t max_idx = 0, top = (size_t)all_num_blocks;
-+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
-
- /*
- * See how many L_{i} entries we need to process data at hand
-@@ -351,6 +351,9 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
- ctx->stream(in, out, num_blocks, ctx->keyenc,
- (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
- (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
-+ processed_bytes = num_blocks * 16;
-+ in += processed_bytes;
-+ out += processed_bytes;
- } else {
- /* Loop through all full blocks to be encrypted */
- for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
-@@ -429,7 +432,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
-
- if (num_blocks && all_num_blocks == (size_t)all_num_blocks
- && ctx->stream != NULL) {
-- size_t max_idx = 0, top = (size_t)all_num_blocks;
-+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
-
- /*
- * See how many L_{i} entries we need to process data at hand
-@@ -443,6 +446,9 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
- ctx->stream(in, out, num_blocks, ctx->keydec,
- (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
- (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
-+ processed_bytes = num_blocks * 16;
-+ in += processed_bytes;
-+ out += processed_bytes;
- } else {
- OCB_BLOCK tmp;
-
diff --git a/0066-CVE-2025-69420.patch b/0066-CVE-2025-69420.patch
deleted file mode 100644
index bc4e420..0000000
--- a/0066-CVE-2025-69420.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 6453d278557c8719233793730ec500c84aea55d9 Mon Sep 17 00:00:00 2001
-From: Bob Beck <beck@openssl.org>
-Date: Wed, 7 Jan 2026 11:29:48 -0700
-Subject: [PATCH] Verify ASN1 object's types before attempting to access them
- as a particular type
-
-Issue was reported in ossl_ess_get_signing_cert but is also present in
-ossl_ess_get_signing_cert_v2.
-
-Fixes: https://github.com/openssl/srt/issues/61
-Fixes CVE-2025-69420
----
- crypto/ts/ts_rsp_verify.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
-index 3876e30f47b..40dab687d1c 100644
---- a/crypto/ts/ts_rsp_verify.c
-+++ b/crypto/ts/ts_rsp_verify.c
-@@ -209,7 +209,7 @@ static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si)
- const unsigned char *p;
-
- attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
-- if (attr == NULL)
-+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
- return NULL;
- p = attr->value.sequence->data;
- return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
-@@ -221,7 +221,7 @@ static ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO
- const unsigned char *p;
-
- attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
-- if (attr == NULL)
-+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
- return NULL;
- p = attr->value.sequence->data;
- return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
diff --git a/0067-CVE-2025-69421.patch b/0067-CVE-2025-69421.patch
deleted file mode 100644
index aead141..0000000
--- a/0067-CVE-2025-69421.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 0a2ecb95993b588d2156dd6527459cc3983aabd5 Mon Sep 17 00:00:00 2001
-From: Andrew Dinh <andrewd@openssl.org>
-Date: Thu, 8 Jan 2026 01:24:30 +0900
-Subject: [PATCH] Add NULL check to PKCS12_item_decrypt_d2i_ex
-
-Address CVE-2025-69421
-
-Add NULL check for oct parameter
----
- crypto/pkcs12/p12_decr.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
-index 606713b9ee9..1614da44042 100644
---- a/crypto/pkcs12/p12_decr.c
-+++ b/crypto/pkcs12/p12_decr.c
-@@ -146,6 +146,11 @@ void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it,
- void *ret;
- int outlen = 0;
-
-+ if (oct == NULL) {
-+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
- if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
- &out, &outlen, 0, libctx, propq))
- return NULL;
diff --git a/0068-CVE-2025-69419.patch b/0068-CVE-2025-69419.patch
deleted file mode 100644
index 367debc..0000000
--- a/0068-CVE-2025-69419.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
-index b7a5284fa59fa..7be233db5e0b2 100644
---- a/crypto/asn1/a_mbstr.c
-+++ b/crypto/asn1/a_mbstr.c
-@@ -123,7 +123,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
- return -1;
- }
-
-- /* Now work out output format and string type */
-+ /*
-+ * Now work out output format and string type.
-+ * These checks should be in sync with the checks in type_str.
-+ */
- outform = MBSTRING_ASC;
- if (mask & B_ASN1_NUMERICSTRING)
- str_type = V_ASN1_NUMERICSTRING;
-@@ -191,7 +194,11 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-
- case MBSTRING_UTF8:
- outlen = 0;
-- traverse_string(in, len, inform, out_utf8, &outlen);
-+ ret = traverse_string(in, len, inform, out_utf8, &outlen);
-+ if (ret < 0) {
-+ ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UTF8STRING);
-+ return -1;
-+ }
- cpyfunc = cpy_utf8;
- break;
- }
-@@ -286,9 +293,29 @@ static int out_utf8(unsigned long value, void *arg)
-
- static int type_str(unsigned long value, void *arg)
- {
-- unsigned long types = *((unsigned long *)arg);
-+ unsigned long usable_types = *((unsigned long *)arg);
-+ unsigned long types = usable_types;
- const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value);
-
-+ /*
-+ * Clear out all the types which are not checked later. If any of those
-+ * is present in the mask, then the UTF8 type will be added and checked
-+ * below.
-+ */
-+ types &= B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING
-+ | B_ASN1_IA5STRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING
-+ | B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING;
-+
-+ /*
-+ * If any other types were in the input mask, they're effectively treated
-+ * as UTF8
-+ */
-+ if (types != usable_types)
-+ types |= B_ASN1_UTF8STRING;
-+
-+ /*
-+ * These checks should be in sync with ASN1_mbstring_ncopy.
-+ */
- if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native)
- || native == ' '))
- types &= ~B_ASN1_NUMERICSTRING;
-@@ -356,6 +383,8 @@ static int cpy_utf8(unsigned long value, void *arg)
- p = arg;
- /* We already know there is enough room so pass 0xff as the length */
- ret = UTF8_putc(*p, 0xff, value);
-+ if (ret < 0)
-+ return ret;
- *p += ret;
- return 1;
- }
-diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
-index 17f7372026c3b..01e2269444cba 100644
---- a/crypto/asn1/a_strex.c
-+++ b/crypto/asn1/a_strex.c
-@@ -198,8 +198,10 @@ static int do_buf(unsigned char *buf, int buflen,
- orflags = CHARTYPE_LAST_ESC_2253;
- if (type & BUF_TYPE_CONVUTF8) {
- unsigned char utfbuf[6];
-- int utflen;
-- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
-+ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
-+
-+ if (utflen < 0)
-+ return -1; /* error happened with UTF8 */
- for (i = 0; i < utflen; i++) {
- /*
- * We don't need to worry about setting orflags correctly
-diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
-index 50adce6b26fd2..8b5f2909e8d96 100644
---- a/crypto/pkcs12/p12_utl.c
-+++ b/crypto/pkcs12/p12_utl.c
-@@ -213,6 +213,11 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
- /* re-run the loop emitting UTF-8 string */
- for (asclen = 0, i = 0; i < unilen; ) {
- j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
-+ /* when UTF8_putc fails */
-+ if (j < 0) {
-+ OPENSSL_free(asctmp);
-+ return NULL;
-+ }
- if (j == 4) i += 4;
- else i += 2;
- asclen += j;
-diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
-index e08e2a11be9b7..56af2b369b4dd 100644
---- a/test/asn1_internal_test.c
-+++ b/test/asn1_internal_test.c
-@@ -554,6 +554,22 @@ static int posix_time_test(void)
- return 1;
- }
-
-+static int test_mbstring_ncopy(void)
-+{
-+ ASN1_STRING *str = NULL;
-+ const unsigned char in[] = { 0xFF, 0xFE, 0xFF, 0xFE };
-+ int inlen = 4;
-+ int inform = MBSTRING_UNIV;
-+
-+ if (!TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALSTRING, 0, 0), -1)
-+ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VISIBLESTRING, 0, 0), -1)
-+ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VIDEOTEXSTRING, 0, 0), -1)
-+ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALIZEDTIME, 0, 0), -1))
-+ return 0;
-+
-+ return 1;
-+}
-+
- int setup_tests(void)
- {
- ADD_TEST(test_tbl_standard);
-@@ -565,5 +581,6 @@ int setup_tests(void)
- ADD_TEST(test_unicode_range);
- ADD_TEST(test_obj_create);
- ADD_TEST(test_obj_nid_undef);
-+ ADD_TEST(test_mbstring_ncopy);
- return 1;
- }
diff --git a/0069-CVE-2026-22795.patch b/0069-CVE-2026-22795.patch
deleted file mode 100644
index a0703aa..0000000
--- a/0069-CVE-2026-22795.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-diff --git a/apps/s_client.c b/apps/s_client.c
-index 7b2cabdc428a9..d0611433261dc 100644
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -2847,8 +2847,9 @@ int s_client_main(int argc, char **argv)
- goto end;
- }
- atyp = ASN1_generate_nconf(genstr, cnf);
-- if (atyp == NULL) {
-+ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) {
- NCONF_free(cnf);
-+ ASN1_TYPE_free(atyp);
- BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
- goto end;
- }
-diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
-index 10b581612dbb2..d0236e34fe9df 100644
---- a/crypto/pkcs12/p12_kiss.c
-+++ b/crypto/pkcs12/p12_kiss.c
-@@ -196,11 +196,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
- ASN1_BMPSTRING *fname = NULL;
- ASN1_OCTET_STRING *lkid = NULL;
-
-- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
-+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) {
-+ if (attrib->type != V_ASN1_BMPSTRING)
-+ return 0;
- fname = attrib->value.bmpstring;
-+ }
-
-- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
-+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) {
-+ if (attrib->type != V_ASN1_OCTET_STRING)
-+ return 0;
- lkid = attrib->value.octet_string;
-+ }
-
- switch (PKCS12_SAFEBAG_get_nid(bag)) {
- case NID_keyBag:
-diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
-index 02444d983c476..7798846b16ec1 100644
---- a/crypto/pkcs7/pk7_doit.c
-+++ b/crypto/pkcs7/pk7_doit.c
-@@ -1229,6 +1229,8 @@ ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
- ASN1_TYPE *astype;
- if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
- return NULL;
-+ if (astype->type != V_ASN1_OCTET_STRING)
-+ return NULL;
- return astype->value.octet_string;
- }
-
diff --git a/0070-CVE-2025-11187.patch b/0070-CVE-2025-11187.patch
deleted file mode 100644
index 66bf760..0000000
--- a/0070-CVE-2025-11187.patch
+++ /dev/null
@@ -1,485 +0,0 @@
-From a26d82c5b141c706bc97455cde511e710c2510a9 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Thu, 8 Jan 2026 14:31:19 +0100
-Subject: [PATCH 1/3] pkcs12: Validate salt and keylength in PBMAC1
-
-The keylength value must be present and we accept
-EVP_MAX_MD_SIZE at maximum.
-
-The salt ASN.1 type must be OCTET STRING.
-
-Fixes CVE-2025-11187
-
-Reported by Stanislav Fort (Aisle Research) and Petr Simecek (Aisle Research).
-Reported independently also by Hamza (Metadust).
----
- crypto/pkcs12/p12_mutl.c | 18 ++++++++++++++++--
- 1 file changed, 16 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
-index f8d0bbd109b..8bb4e30529d 100644
---- a/crypto/pkcs12/p12_mutl.c
-+++ b/crypto/pkcs12/p12_mutl.c
-@@ -123,8 +123,6 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
- ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED);
- goto err;
- }
-- keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
-- pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
-
- if (pbkdf2_param->prf == NULL) {
- kdf_hmac_nid = NID_hmacWithSHA1;
-@@ -139,6 +137,22 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
- goto err;
- }
-
-+ /* Validate salt is an OCTET STRING choice */
-+ if (pbkdf2_param->salt == NULL
-+ || pbkdf2_param->salt->type != V_ASN1_OCTET_STRING) {
-+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
-+ goto err;
-+ }
-+ pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
-+
-+ /* RFC 9579 specifies missing key length as invalid */
-+ if (pbkdf2_param->keylength != NULL)
-+ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
-+ if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) {
-+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
-+ goto err;
-+ }
-+
- if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length,
- ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) {
- ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
-
-From a749dcdb7c944c18af8bf1ce3bd2dbe38e5dcb68 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Thu, 8 Jan 2026 15:25:18 +0100
-Subject: [PATCH 2/3] Add testcase for PKCS12 with invalid PBMAC1 key length
-
----
- test/recipes/80-test_pkcs12.t | 10 +++++++---
- .../pbmac1_256_256.bad-len.p12 | Bin 0 -> 2702 bytes
- 2 files changed, 7 insertions(+), 3 deletions(-)
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12
-
-diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
-index 06fa85af0f3..ff720894c9b 100644
---- a/test/recipes/80-test_pkcs12.t
-+++ b/test/recipes/80-test_pkcs12.t
-@@ -56,7 +56,7 @@ $ENV{OPENSSL_WIN32_UTF8}=1;
-
- my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-
--plan tests => $no_fips ? 47 : 53;
-+plan tests => $no_fips ? 53 : 59;
-
- # Test different PKCS#12 formats
- ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
-@@ -235,8 +235,12 @@ unless ($no_fips) {
- }
- }
-
--# Test pbmac1 pkcs12 bad files, RFC 9579
--for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12", "pbmac1_256_256.no-len.p12")
-+# Test pbmac1 pkcs12 bad files, RFC 9579 and CVE-2025-11187
-+for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12",
-+ "pbmac1_256_256.no-len.p12", "pbmac1_256_256.bad-len.p12",
-+ "pbmac1_256_256.bad-salt-type.p12", "pbmac1_256_256.negative-len.p12",
-+ "pbmac1_256_256.no-salt.p12", "pbmac1_256_256.very-big-len.p12",
-+ "pbmac1_256_256.zero-len.p12")
- {
- my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file);
- with({ exit_checker => sub { return shift == 1; } },
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..7548d0f29edd967854aa1a7c9e3a02a09e856f6d
-GIT binary patch
-literal 2702
-zcmai$c{J3E8^+C;8AJBv7GZ2dCiJym#=eYw$r87k$i6e#qGSx&MQ--p#B?!e2-&G<
-zp(ytbWy`*f>?7g!TTY$d@1Og}d*1Ur&wI}M-{(94fh8FXVgv{*P#7~R-Z*}r4a5X0
-zB{1(n2+UgmftdynATB>6SSbNw``xkvgBZRq<DUr#aQGphY=9{s{Zq06f)KbSiEq=@
-zuO=7_hBE-HF!+DIftjHUfDnw?Io=rL&IkdaAe^;Z*UPNgWxZXY4F$u|ci!O%jMKbv
-zd)TTQUXF~FIe~IUfnL~tCys`6g@O$(y^Yd!JG#AvyAj7SobrxH(aw3j4Y*<mEpVN)
-zUuI%gw=XA=D5VjU0kva;PX~&ebGvUcsE=UIkzh(O|GS}F5$g_6mv7~9QAl<HkGD2$
-zccY^y&pT#|iCfA9`is_q3gv9>Xe=Ok_$P-58ZhTOj;RPgnc~Asj^9XnM>Zbjxjl1v
-zTWKuNs=~osbADcuy<wzs&A`5C=UjntFnJndgs3^x4=)${T=?m&W?W~dwppSlnZYl)
-zJ!>F~B4YfJ!@QNQ7C%(T8gn*2<tnJu2S~Zor%>OE7SD5(lUfA5d6HUYRDPNJ>XlkS
-zE5yBqF@qG8hu7%^5ia-{oQQ)0<4*IPPArQcpNH7!q-Tn(ie<QL_chg_OEP+nCZ@~z
-z(`oxWgBl?Psa?-cC^3;sw-`U?(pPv&W<o1{-oEsS!~419;N#m+T=ymE#OH&5sYMAq
-z8tvL_@q8hIzAc^j=6H!D6LFDX=;&;d8@&6FtLKv6EzlG<xI0SzylBy5q5x82Mu;<L
-zscC;(^9snFm{NW7TjH0krm8=6@-z0y3iA{%MZ!YlP6y{VQM;%%pZcDV0FYclKO%WQ
-zlr2UFVip>U3g|}4vOGkCZZs9K+`IQ2{Nn0S%KLUD)mZQ9j!kRiu(}Gx;=~>?WJBgK
-zf-0wOM=&W1cXFYP*Sf@flg_hXs><Bc5`6W%4pLP+<vf^nL0K4w!EN+|!*r-?H@<B8
-zn(!SRhJ%WsJq~-5^(p$0s#6_ZvP{`VOSTR*LM46Gyf_=5Kbp36oF&q%JltJJ)@rxa
-zecU*u%e!bZDj6-1yIWau8$F-N0OV7Dn<367T%*wxL(L#i>!y~szt+SIeCct0g$G>v
-zDes%5hnH)71wYo&#u#f?AE=-1+-X*+ma@Q&mxLTO=?|AJwqB_JJSEH?K3Rbi6bX$x
-zU}8;JU#DkH@>!T9`N^Z!5;sZ+rgaeJ1UtP`3(;!LbEncCg9G|LVC5#+G@c7_wyI-e
-z<J;`tWY@_+gImm0s%yQjp-NS<dhYfkZq_<gBBhSjk`xM@kq#OdONMT%y^GOmmS3%V
-zb#<sCAI?1MU+=za=v?Sapm-q9m+`Qdpwu$sUtw8lM&g^wHz#LB!yBGk%y$AE>uel5
-zPSk<>eMTwxrl^P|A*U5zPfXky`aLD3YeL>-mX*)F_v9BQKXR@?^CVz-i?qy^?vp?N
-z2)DLkiEI7VC-}s${yd(IrsQVr(I_yrVGdi*W8XybZx-%~Mje}3w8XX(bx+rw)I?g2
-z0R(8=4_^EWK+sSK0gC%>`+pyA*s1@riIoKe{vOJIH)a0`IJW&7T9*oZo&OOyb)Kdq
-zWpUq|jW00%*O$XaAOy(JfDD|bNykfU+|eSn%#lLi@8f(Ab0>)Fu6*wcke2yPfkU2?
-z2fMC%=IxyjTJNf@qTL4{tXh9>p{Y4vKU<eCXH9Ep?sRhB274MR!L60Wu7gYM3jgK@
-z2%Iv5SF@5nllk)T`J8LA+)wByDsvYrQVnLCwsfypv=!+0ofEdR>+Q{^a!+^A8)Nuk
-zC-PLo9j3JCZ_4KbX?*jM{D<HCnmCDT29B4*0%xp)5V_(K3ZM_R0U8npQD1MJ&Zb7}
-zL?_-<cRj{zdM;cLPSwO>Oxp(A!-F}COwBy4og}=>A-h5T_Kb{a;3Nk75EQI&>xPfb
-z-nIbucoba5n$*Ksy|T{K>yRd~nNZ!uWGng=!RncS*;z=7ob0SOzvMapjJ+>=?FfxM
-z3|Z~-8LgPeDW3DV6)xpX2oY&p4n7f<X}o3p=$RGax~Fk8^FH60dtLkkIRZwh!e@-G
-z$67QU8k!Nc;$nY+r<|J39&t`==uqD6nTzw_K3P3TSL@QFRme*XUcJ1@`7V~sskJrz
-z5SiaSwZ%*fI?Qemi|QU7FDKt`+-vjw_=_Y_@TuZ)Kuw=P?w#?Vd0s&kSM{hQQsDF-
-zF{1;YP2Z1{%ch#57mH1V=9-HrFLlBz3Zyr0Wz;k2gwVlqMSy+_=N}L|CllDXo)N*I
-zq_pEpt26zn7I_bi4=(XM>&$Nu6cge&Q9eQ*IhfBZ{T(N7N8C=iFB+C1&_*$h|GoZY
-zl_I$0t+Xp!omN>{Ta*0LU8Wg^RZ~A_+~(^b=lc5_>u!?%iMJ7=CBo1^FAixpNmT!t
-zWjUoJG6DqKFxuzmNuX3DoH-v6c7gf{fBlKjex4u^;W9{yv^!Yp1la`6R)))^OE9FT
-zKQg>Rd=;?BF&w*$HuS$dBII5)5pBD3w|J$!hF!y23twq-!x#mU+9HS_IfPx^QV{D^
-z3@%kv(baxnomrmfaT=-1jvmDgT$~rsI@nQV!w5L%WQZ6QFWrud-4_XfgB>+FKDq_J
-zc*?tqyVz`4eijaCo5U#=*4*`K$cfe{dG)aJ^;xD*Me8MEyYfrDhaSV+rrNI^ocYWH
-zZ8MDz*j`JO0_n4hVV|k}9R{Dxxm(vCV`HWJLIClq)iRdfpwTMA0;NGuZjYZJNlJj`
-z@GPQmj>w-KBCC~VwT@#N#3q}BqXeAV^z$5$a)QXc0&VnL<%cP3GFdsj-!MyvW|^tE
-zXK~`)6H(J&r4y$Qzv34by!;z!-&pE>jkpFljyS7s=B3uWcVEF}<#$STg|)p|SGd(M
-za1Pg|<1|h;#`ap^9D{5=?z|**sm=zTGV>q}C?s3;WQXHasmcB$Z&Uo>DYc?wp!ULL
-z^;L+rrWms;%zb%!kPFg)IPy3nHKG^FLwy21F3E^lo?1GUPr9C+eaKuROgk<lzpM3a
-zLPwXcsEY~5_4w4=U&dfFc4*K`2)*K?%U``V(>nFW^A4?ARQyUtXOh{bTTfqm#pguT
-ze>_#^ChZB^$Zw+w8i*@3a3GP8zZS~_ZN$*z$*wB<r0ie+BA=@2n%0ERx-6zmOz=qJ
-zXle<Q9PdXVsi&2z_X?=NWbEVEhoQwB*XtZKF}SOjN<Ch4k7NC8yQ1g>ds{QTp&of8
-zApQfe%zW~{KzMsxpRy-!*n2?7`5xr5Dv@;s(xiaffIndJ;}FUYXaF)lB`bh{zypmm
-zeyx|2|96oCgRK6q%l%KYgNQ^{_}^8df>pH9gK{m(hJ91zPrZW{dBbJJEOn!kU=t9y
-PrInqCy{(}E7zFwoSH0HC
-
-literal 0
-HcmV?d00001
-
-
-From ed778fcfb24d7623e7b2ce9beee4af9243767402 Mon Sep 17 00:00:00 2001
-From: Alicja Kario <hkario@redhat.com>
-Date: Thu, 8 Jan 2026 19:31:42 +0100
-Subject: [PATCH 3/3] Additional PKCS12 PBMAC1 malformed testcase files
-
----
- .../pbmac1_256_256.bad-len.p12 | Bin 2702 -> 2703 bytes
- .../pbmac1_256_256.bad-salt-type.p12 | Bin 0 -> 2702 bytes
- .../pbmac1_256_256.negative-len.p12 | Bin 0 -> 2703 bytes
- .../pbmac1_256_256.no-salt.p12 | Bin 0 -> 2692 bytes
- .../pbmac1_256_256.very-big-len.p12 | Bin 0 -> 2711 bytes
- .../pbmac1_256_256.zero-len.p12 | Bin 0 -> 2702 bytes
- 6 files changed, 0 insertions(+), 0 deletions(-)
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt-type.p12
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.negative-len.p12
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-salt.p12
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.very-big-len.p12
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.zero-len.p12
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12
-index 7548d0f29edd967854aa1a7c9e3a02a09e856f6d..a1acf2fc21b1cb17b40911f7dd126b48c91d50a7 100644
-GIT binary patch
-delta 69
-zcmeAZ?H6S+XyWSL$imBITx*bL;KjzN)#lOmotKf7&%o9|7s2H*P+;N6cek<Fpl4Xj
-Q#KghC#Kg!j*_q2508~8>eE<Le
-
-delta 68
-zcmeAd?Gt4&XyWSH$imBIRAZ29;K|0R)#lOmotKf7&%nk&2f^hrkZ0k@cek<Fpl4Xj
-P#KghC#OOcSh07ZNMgtGS
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt-type.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt-type.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..7f4e1e89ca5c24de74e601dea8f62f68d43c33f8
-GIT binary patch
-literal 2702
-zcmai$c{J3E8^+C;8AJBvTEdKFh|t&CW$ZEbB}?3DkbP%DN@NV#mE7#R30({tLdIUv
-zLLv7KWy>y%>?7Olx12h^-#_<{_q^wMp7)&hzt4F90!uO�U^rpfG0Hc;omzHV_l2
-zguuKDAuw+O1ZEmQfVlpQU?l{I?RU!x3}X1cjDIE|z~P60vH_-m%umS*2t(jnm3$j+
-z{xu<BFq{Ekg~9*x4a^K>07PKSF7d`74@L+`7Q$J(d9Bo%UEaqH+K@jKedj%%z&Ont
-zw~MX1?(N7}ksYL96y%NVbLMEcuav*erN3UXW=FTT@G#<7hLhhD$vW9@wg5K_p#`pc
-z`s+;W%GTwiN^;39a=-eq!KZy?&bghp>D0$Cmk2PqNbvn&4$`_E)ah4oTo{^_&*P&*
-z+gWcf%=L-cWa5@Kf&QYsuSPzdGa3s>9sJ3GL<8o0$1&yMCsTZQsqyPc?@7i(Jdrb(
-zw^YW0tjZnCwdUug*c(PFRt@Z%w$J1nhmfW*Mu?h&3*lwrp9?;{(~9fp&@oH&A~E<U
-zw`KNcl99$AIm}z>>hXgGtTCtKQ?7zae1ViZy-M{xXo*}$1?ff5+o!3eMrD_|uU@GY
-zwnE%%7&Azb_4MXnKytwaa7YIw#_i@i9at7&K2Pz{Nv{-nHOp}ME~oQ@m*n&vO-z^b
-zrqlL#1~fzSQ#)UrkYgg2ZZm$)p?~2io(Ze)efP>Y4)5=pjgP0uay^iu6JHGcr5+{p
-zc(ik)#p@*!9VwIe_IRmM?$$+up`(jUPRPz9uI@|zw?R|f;I1gevtor$h(ajI84=Fl
-zrKY_ttt%i8VoLSR!^E$fO;vyD=B4kEl;+9a%7lf8?RL&XF}o;=Z+&-YAV?vh50ShV
-z#ulRsF$;^84eUb6vphnBt~V93+`IPz{POBi%5a;?`B<Oo_6=*)kcJxB;=~>?XhY&K
-zf~ux&-C|M|?chQiuXc+2C7or#RF!(9CHU!k@28&cQ1E2h0cBzw2DZ=-5AH+Vy6~mb
-zPNH{o8TQKucRB1$)~4u#=bh{5Ql+Xk+VXX>Bh<=oS{G;I^G4G)k28_YszY6MB<(g^
-zy(f)Rdc2D^qf*gAIXe}_k?8ph1|X06+YE6w!HGsw4l{#5t(#ij{aO>#|FzrgH6C#7
-zBM&#r3@z9A34g4kjWO1)Jk;Rt*lt#<mbSo+7l$4-T^K4|Y&}>1c}kQ$e6k!Tj0}t0
-zXJSoQTcc-A@>!T9`76q<CaxC~OzR-b33mFY7NXUg=T4<P0SESez$#3#X}%EQY}LTV
-z##8LyX4T0-Lt4z#s%yQSWJ}aCyYKcPZq_<iprnshla%sZP!5_HONK71-HXxcmfx&<
-z^mM5s9|WHFt##csbSdy7kUddnOL^FfWz{p{Ut?KnM&g^wHYR7q!W&*#%y$6oYiu0b
-z&eZ+~y+$ecrl?y>BF<m@yfASB^m{5QP9i>~mK862b`=*UKXR@@b0uN9i?ocEu9H9i
-z2)DLkiEBOV6@F@1e-_V1Q*pQUY!sSWH;1j|vTvXSHwt#dqK?fhT4LLXdi-@KH4&C$
-z00A2JgBSk-5Ht)zfa1Q}0pG_5cIv-uVr2n=zlVz7P5FNUj%}Z&_N9D3mwyCKotJ5)
-zs)XOo#+R6YYs)uAAOy%@zZ{&VMaN67-_fpYnX3$i56Af(<V+CP-1vs`QI>g4L4#hC
-z`#Wy>=4~AiTF;8DvfT$?ta@KhfvGuPA6us%XH9EZ&UA9`I(wRIf_p2AT|1Zh6~T=U
-z5IA`TuWltHkn!rt*=#3y?x*w<wYiJssRpx6n|fC)DESw9&xqRD_4H&>xu@IdjWL3-
-z6Gf`wHd9*kq3YQn8sB_`;K8AP6DM)i!13~ppc(66M2>`{66k|%pr)ij)VJIGS=3wG
-z(TO)T+>S9DUJK_$Q?;-dQ_4VFcnD{qshO9xv!u5<WG6Vlo{=#PoWx)sDhq4eyzXnW
-zyCuXu9tD@PuIy&4{<6l@<B%q~kx<>qWGnU!!RnQO*<MJCnCz%GzvMOloV_<|^$3kU
-z2wmy*9W9^8E}HYa9WL!d2t`tsLrz5H8gCmver`p$=4BksyvH}@Q5XMEfq+pd_Z_3_
-zvldQ=g{4P*akW3kQ%1ede(Q|*;DMt1b61yvJ(5PSp7y23E09;3y!yG5^PMaiQ>&{N
-zLgjw<(h)Z?Xg9k~EUbHcyqx@?ahKxv@fRtg@H6G(z?xozoIB&e^Sr`pZW>WZl|j>g
-z#EkZTHXR-*lTS58FBX}I%rzI1U+IRI=gVx|POoRu4W)w>3V{nPoPR*<oK0Zk`bGqU
-z;*$2StuFLu+N51HKBU;|w2PoYa7?J<MA-;wWPd)R<aeB+9dRq=f!K|7Aqv?v{`dM<
-zRm$MvcQS5lb=sw+lqSVzJ4`bSE2jP~xQ#c#F7*%A*W9H75+e~}#iGz4Zw?uEDcL@O
-zWd)Ta5&{HUH`){ANg$Ue2%Noj;~e!9{@PQKy<A};!gZiB!ft=517s64TM@2sUy|Ye
-z{l|t^h_3?|Ifi1F(S`w+M?^ddC!%e)?-qS&t6|r)*2Y)ZTsM{lNpBJ)jvQ`W-Bc3q
-zQ4T3lR@2jYXq{1(=*f@LV@HqT`Y+B4Y42~JXTu1&WTzvIik2edV)u}NaIm8m$4B>&
-zm(O@ta2J~m%TB`~lu4X&LCsz7hU{p~;@6KV-kfIoRJc|wzN5I*bKp6|ZL0Ie!G+H}
-z$Tq`xpY4rw32=XQ@y2IrU%SC)bMDr)C)ik--cUfIYNeFrH)yn)s8C7p)5!4?RHX`_
-zH8hJTm?H{ih01HES*_ui2C&H{;j%)`lnc2IC<S5EZoUrso$8|$Ho45~o<qzMqFHWg
-z?s=R<*F@CxH<`rggKzkS1@C}H+96B5pAlC-#}Q}M&D_+QVUI7k%)Aci&Ks1sYf85p
-z`p@7fy3XTtV{DHF&N0~L<Myk{&hxWDr_4Mn`<0Tdy0gM@=c&m7BkxlD;VHFZW1zNz
-zWsMbxj+QvH8_Z*QdVmYkfH?9LkRH(w<DotU9~Y;`EKe<+%B#GVm36>eBT73iAib~k
-zYeGktebEpXjqCQUx4(?Rrf<`rmk|0zN0+~OZ=`kTkLMm(wW#?QkIp2sO}Fwpz2<YK
-zUU)K9=Pu&~ThF7=gbgHA8aPlW$X|<PK{n!O(qw0qeNxu1f00gAbxv!+XI&T5CMI~K
-za5VLVNsi%BNGiW-^=>{jgoJ$(`zWl4<651A76y0qQi<mq?s2TYZD$mnU~g-tKiI8^
-z0wjI_mYGlS7YJ{++cWm$b$d_fIN!q@Ruz(-P?|Il2?PKpKMtYnfF>aKQ?ddGFg(ae
-z^VfO>#eWw$FbMg7UG9IH9RwLs9&lHk3RcrW4=A*#8um_=J@W}(<PDb>x73SHf=xi+
-PmR5F1ds{;TFbMQFNfFkW
-
-literal 0
-HcmV?d00001
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.negative-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.negative-len.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..9a4fd459227c52b3c4a5618b874afd717de2afb7
-GIT binary patch
-literal 2703
-zcmai$XEfXi7skz)8AJ54N_2*(`RmK*W%Lq#C4=ali55gKL>FSCcY-WN8G`5}A%z67
-zJ0x24I-(DP&09`#-uKIXxaXeddG0y)+wVL8mMR4dA_uTkP#C3Xyk7h<4Tu6%ilsb)
-zU@7+iEF}@ZLY#g^uu?3<;=5%E29bSVdOs5oVDm#jX#fL2<fo(tI3aMAYL;DRpSnOW
-z7)}OI!{Gn<2Bw6P0bDRj$9O%ED>(!t3ZbvxyIp2RE8*!3Z7vv#y8j^>OFqvWcZ9CF
-z<6%o)mE$j|>+gXca-eHYmoC_0(A+8Awj@~@yXw-d!|@*~@M<}4_W@@VwjHj1_3J|H
-z=DuB0HNG?qKdgA6{rN<Oe(CUC2H`2pF&vC9X8$mn%WKvR>h-R=C<@9hVDeNW9`1A(
-z<$1>JQ7{VYLw`{{k;h-nos0#9&i<t1MFK`F7crHgmvb!9LeqDWKH&7mnC>mu?aNO2
-zn^xKwsVpxG(Kb(1ZE0Jz9$YKX3&hQ%bb0E|v_i}IzZ8CcuM*eOqh^@sjwAC)?#dd@
-z!t?5VqBH6sDaMZ$Qpa44Pq_su^#W4v4@x%<AO-SlC52Z(@1CWW>6Y6u-nv=OY0C4k
-zc}hD))Xjr+g_i-&hT*l5CO>Gq--D*&WO3u4oOMr;kT(gH=(ATCwHDX3)i+qrpHDkx
-z8c_}^NbP-jiH`|iiy;4!OWI&6SqQH3djHxhF51T_Cpx}Ul;M#Osp93xUy6|&PbYhK
-z+udLBBJYVLzPnhf77x3D)v<Ln&ka0$!q9K+69JlI1ouTsiSZRRRd65#7r5vH)>@DE
-zRc?Y@D^hCjeoOqi*IM(ZdVa<+PI?*dA%k5BKj^0a#%CGX>DAaD<Oh;W7~)Aj4yK7w
-zhZqLOiu&~-B&ePsL3dh<s2)Ci34V3!JY~E~Rw352wtLqMF{UJsH@>vu88yez=|bgF
-z_roaUxO*6odRx8x-brFqsG2g@v;=QWkCRk|9!WQfLr@mVW@I1v_$(dj+!tLoZ_j;S
-zo$RD?^oY(%e|wHJs^HK-5-O83SCwcGogh@7s@zzN&!0@&yU5~glN;-6z^QgwXf(CV
-zX)v#vPYOkG<Q`U)+(RyBk^%XI-xews6YPmZnP5W*)U37r{jYT~!(aQI-$VmWL-_GF
-zk+JnUZ_ZB*#3}On&BsctJqK;_wZg`j>5`!HR;{tJ)sE|pU*@=JLuV^7oV>wtClu5P
-z+uNk9Sr%jcBp)f!t;C%YtU&{WGQm>w%1V@C+tQV^Ca~Y&N3`TDjq*z_`VJ*@Y<#EH
-zyX*#WXkfdcd~Lmly=bX?R{w(`p1bu9RS4nptt9CJM}&<s%7m=X^yo&EqRFY*fQC9@
-z;v?IOq3ym0I*x_jSiBoTtc;1aL{u>|{tcR{ZX&+5e0O${FSPlk@p2E)y-h=R;6NCD
-zG^m>r-5MFT#^tc#?T(6LBR!Orwde9IGpTy%c_g(m`-y%FnkNX$TP0?;_g((^N2r-8
-zRb0onLC$A7jbhO>L|GRzw-%1M9V6Iw9_=oIeYfzCFY?0BxIMP3LW8y8vM$_Y3cy0+
-ze(>U70D=ZXuu#l*+xPo;!mj+6P1IB%@b^&ayD9Ncz_A!oR<$nhcKk=+G`Jg7%L#bj
-zZFz<Ay}ceX0l`8>hsEJU6;ia|&VAMD_ND3|_;{T6S?)~5wlm9k0m3A|)qm7|_T<o6
-z)2OQlLLAt%kg@#eg;pFIC^Rr)8KUX+rmyP=&Ye#l+@VbqO>pU;vg~G1yve@%5dz0A
-zL@Sz#uw}k(63eldV0=cplwZ10nX0|mx~Fl|xU)cO@EW(J<-kBTfpNZ@)DpuEyObj6
-z98jc1eUlUOC$cPuv!8wQX{E2&(zdk=@n0|t;K>yblm>mY@KYAljy#QE%_f8$L?zx;
-za=t+Ay02X4PE|pp3_3@;LIdfG3=G}P90Wa#Acq0IR^;Sq;3P7uAW>M$-W@OVqkRs>
-z=}5S^S#>{o?Z!66fK8g<ZbEG@g$3U!54C#&>R=@;e72|2$l87R1?^z=);SV=7PL9&
-zHCZ{6Q@rFB5i0D74dU%w54_|SZ;8-*`oa`@+g&e;@|b1HwITkoBo-xG=`}^tq%N8d
-z4$g?&aI(72R8B~z4ZFradM4%a!pU*u7^f7Vp=$kf6Y^S_Su<~TxtA()Zfi>`Nc?wq
-zHGX~VZo@kjMGa3c){`H#9Cdns`bDUM^SR80U)`W~?)~Y2WoAx!XQjxbYXA8^VkU>b
-z7>rMpOQaegSBv$zmfDK&uhl~<3q*D!G8!q=gGgY>B0#I1{tt+ygFb9pQx~gUQri8s
-z!;$n{6?cS;4lHrM>d3Ag5EEoOQ$B&4I9bjt{T(A^S+Sq;h%Y3AqZ4ls|9j)>8X0iO
-zdl6@v2Gz2%&Q_`ChZGBBn+86PnBBJlj*X9Ywq1mL6Yufxm2gA-J?KPSghYqf)+J?=
-za6BN`j_xr#Qv$v+flVwd<T~MV^zCO{$9bF;JWeCk;g%<BJs@-c#i~%rbV0K8^rt#E
-zE8h66(v8KgBXxZ3Cb(RSW}++(9u#kM)zK=OsYX|s-_a8V3GZPA&TT?&?Md?w$OM+k
-z$ZM!QHp?tebYn$m&>|->!#9>WR8I~RXiyxEIT^gV#cTKCVvl+K;9y%7x=${Fubwk+
-zVs5nQlwXBII%hF5g>?@+nscI*OWr)GdV7`PbJ2DQ|Dn{{z?s_^qk-C68%Gu+e~V1L
-z6PmZer9k@PYRDJDP`CCMBgT&HCUmUGU=Scsvsp&<8#GFuo1-+~*}dsYM71oSGPcN5
-zxKzQO9VDTeX1a}`7(plNhl+AIbZX_<AS5{vM+Iug_i|5CXvDK}2EL)zc-qA0mR`gO
-z^vy)hpNb^TpPfdpta$jg5Wi71dh0R_)1A}T+|5g^8+YBnWaak=_l9)7+m?=K9=?X@
-zRCkyr>7fUVF}4BbpAKGE_bM#<Uomv69+plv?avOyC=il;C*G&{z*Fk^ra)bV>q?st
-zH5GnJXPE2y{0IZ2ndjV%O?W~xn2GQVd{L4Svp%<WCBOQ1cJ>)%9XIi!5ci?pyA>H#
-zzM;g=9oO&GXk~{&XB-fr);yZU=XR$ayJ<a|(|Kp6?eab)lMBf-^Bt`AZ&(}%T1|5e
-zE+X!*o%~KBr?!A>GaUi}`D?Y@-<%(bo9(T!O3MEAFWi-y-gy=HqSI>H%nXwdhNze@
-zOE*3VNoAF*Jt`ms;?Pa8PlAi-Za3JdpfI<rOWocwPNRJ+dLv0#D+@!-(S9ieAn*gQ
-zlq^!eK$!cTpVKDqSh+!`Ssv$7%i=UR(u9FXzz;C^aR{XaQ~-&ek{aNJ!2NZVe{GbM
-z`gf57gUK%cugv{VwS(}6SNc9sB!K1BkRy`qayo-^<<C6>R+&R3_)RpTl3+6sxQVGH
-Mua$+4HW&o@8(GQMf&c&j
-
-literal 0
-HcmV?d00001
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-salt.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-salt.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..c43b4be04307a8c5d2c002d4a31cfdf0ac9217cd
-GIT binary patch
-literal 2692
-zcmai$c{J1u8^_I<8AJBvhA_4vLO*MlvB%h#EOD!e5@U@C3CS3;E4kTs6Vt_@A!O_o
-zEfjL^sBGEAjO=5--SfVu&inpz|9H-GzTfY2&hy{rd;tOn9t>gy2pmutyJEa~{5BVe
-z4OBv4-+~a>*8l=L10X=I{)}KH1c>8z%MJ`;`M%75CLqA&hk$YcmVm-f$q9%-;CdvX
-zRS*B_U@#cY0&v3M|M>=Hhq3_TFn0HNbC4%11f&Szty#NLYR|3g;{mPDAB?{99#3GM
-z6pY)#RNnA*Wv$2#R51(m#`L=J)ZbUjU*R)eDWN+toozhLcoyN5_e6?8_M3IU15Id#
-z8=m+!6}z;4A&EpO38(aFADVpLQRki6e49>t40DeFQ;J0159CPNw}CqRDh>-nvhoFd
-z3>cd$ZH2i$F>7r6@)pov^mnu<Cvrw&0lB?Dc_dMQwa{TqdDzi}5MFNdM$&t-`Jlk<
-zsSE2G9|P^mU99zHXXUu-hbxv%oEtYz=9>qTC(&kz>b<jJWzt^?KEKn8Yi~EOO2m>`
-z{F7TV`!Xq#=AU@1TbSDM0|lHhC*o5sfl7RVlsi3Yb=@eLTvrwOdC=RZsikIR7x*t-
-ztP!(A+^hd+lA`G4eSA)m4=#+8bWvm7Xu8vm;Sdw@k{%hyrYLLKhADSmJ~MD$$=KDx
-zaxrf*ZCjvUHzYr`<HZprCSoCy^-B)(t3dHoXoc^)SH5w0|Et;fc&Z}b134z~MgL#g
-zQKFAWI#!#pFC|g86%yYbE|8SM&k;;r-5qj*Hy`nJo%fFfP4I&|qf}2x6+R(~B4ww<
-zd4m=jx7YP9f;@>SRk!vNzpXV^{%M$(zD-t}rFg3o<{~!Qc=x58qNu)gT_M*&Dha)a
-z<n2(d7(<9vXsqJ(PNXu&BNXUHV<E@AdoRE*FCC-|wQ8J+^{HxGwMP!>Xi;pAoDl;K
-zWF9l9X6kx4o2EoNAIf~WL)tIt6bHJp)H5x?&)9n>^-Q~p7uzN%6YbK!j(WIvAL`MG
-zFP*$BamSElr+i?G$Jv5D!5lc_R?Czt)pXETu2meSk#_aYO~>brq^%uhN;YW@cGi;h
-zTOEy_G)x!?&O40AMT_QaRutbx&1SFwd9>fAh|>v|84UGMD+tuSvH9Jv)iHhFx;$Rv
-zfvdfgp(cgF#cDsXPqmDXtTjsyb&j`hG-*}I+u%lvLk=3x4wlZhoUZ#aA;BFsUXBx!
-z42|1i<4mB_nVI84HWo?#s*1~rE5!uMS_pfBlku^+Xziw%V`)#o*Lyx-RK~e<Ux@Rz
-z=wM>wsm^b+YL%eD%~o1fHQtvMOSCe(?)D;X)woq4<qwvV)bibtF1l!2mQK5^bJ5zi
-zyY}5ihP2@i!q0o@op(*$3;YNaFXX9G0q$Z&?Tq->7>?@U_{Or;@oA~B`WH5{?LZry
-zi)X`)*7u;tECt^f6}}+u_SFxIjuU3y)6lpq?o(=8@xo_Ib#D9<?=m!37M45D$Y}07
-z`ty%4dpnM}mi->Fr>1qM@LUXyYxZ6Zq7y6DFnTWcDpF*%U{fmU(8{Jcwv}jfy!NO%
-z!uBITfX4mc#XkUohC&EX+;=<R`}n|){g+Lg93b%bQ1!d1{BOW<?A6sjpYP}XufVCr
-zT9Pzn{BAY8L<d}1yg3XZKnD7h;0!$`UUub<KB;+z6apWL^V`cABho#DhVqfNd5wVs
-z*zuiB4`b`rb_k<;$x+?ugD*zAx4Xd7TBw(+!;iPRB{XL;xo3qtO)=qG3x`u1pY}zO
-z)ejIjWeTrtry!j1>dC3>%gX#unMYbP=gLz}rW@CcF4|D@&-R>@aB}MI&Z6;8wlN!G
-zL|{j%G}8^XwCH`!Q-KVj*$9!neg8&Y;<AbBg`0s>_Cbgo8Cf;Z2gmEWvL;cxk;k)W
-z;TzG3w{$!X(W}_G(-NtA7_=p|zcnnFx6slGYwsrOZ4KEB3UFp+O#>&fIEN_08rE+3
-zI&7_r@{dNrmF!7ftW{s>Y~3ztva1PI9c+$Ly9iEf0(xUEEn>XA&iXud_BnS?*75-g
-zvlp_|<2zD5mR&UC6&WV)LkN+iE(RY-C^bZyKYngUxPmp0X5SY2=vf>8P=$cjDEIxy
-zH0CUv3=K_>`g+y*v_Ki{K6m&@>481fYtOH`_ivMRf{gUfKVE{o(iJq$9iQ#s$e37O
-zJ{zL+JJvwj!lcdW2C=aA@!?|fgN7}t-=|;Xh+@yw53g7EnB?3U4Vo1c)AG=XN+JbL
-z{t+|M_r-E(xJ)_K5;b3BAwJVoNO@%#R-Ui08kt_lW*EW*s}urfn|c3$IJsHCMvct~
-zCdDOf-&)+6&-BS#D12}+_Jq5LNl;9P>sZ+^d3a|wqvUs-suOWN<$=`AbWtkBGXD3v
-zSC#7E;&%!jT($b8rPM~%XPazOEK8RD?zq)ALGE=AR_NE{0upZ{q>3e=f!;g{*W?s?
-zg%?#clE?@UY{hI_L?D4uo*;ZG{N`!eXZ)3?;@i1mM8ws8QiRjaLOaMIaJnK)<-RP-
-z{ritiFA`s0pXV8jT|}7%To@MjEF6n=+_+oxwY8dC*IplA;c&xT5hTAxkU4O<d1*~e
-zx?4TCL|x0s;Gum+S)$i*q!Bl21lM<NR#bmy;|v#C)IB?0(yVCVc3kYX<aIdMRgdS>
-zwcwY}1eb8<noP@1z#-IeoO(g^UGMtrXx-x1k1F1rVEbH1FP7d^UFhEP8sxV$c;n(O
-zWF6?3VZOulM!p2NKRti*3$3@!<cl?b3;hWuR-q>Zkf~fM<@gO6ttBB^67=-;=n;~n
-z0q6}*BMN4SB3U8I`e}A_99uso*&<9))Qx&J*9EB}hTO_GK)us^l)|NynccmQUO+S{
-zP0T!xlj$6bn%q@LoZQ>R&&_!UG%)r#>io?3`gjg_D{tkdRu6f8#bxHT%Xi$QzNM>0
-z*7u#nQ4QTjndX>o8=Py9!>5f`q>eMwfyb=8NPTL_c3oLvxHGimfZ=y3{_vC<sgI!6
-zf<>Jrh=HCoy9dm3ak8HeQja+B5|$q}4i%t11s@it$1F}P9LpnJ$;#Seua;mO7Lec9
-z_%))U%f9MJOT=~g);V85W70Pm(DMl6qJs;&-m7Wt#-q7=cFkJ;#UoS6T$3%wFTWOY
-zqn&*+QF~1R3tP#fGQ><|H0pVfNXTFFWq}UTDDrqmrE^l&uYZw`Rd!73!Kbgzr;UvX
-z$l(~;3FACNBaqbNnpIo*v|uvkN$jK0BAzR?E_!I(rSm0TZ}>+s{*E0{OoFqcmGMBA
-zDiV<S0a$h+)n6cjT^`T4lUJO*prb+$b2v4~Mxtr*zzx6yF!*r@<p$IM>7SAl5c-Fv
-zV36ehHMsxja}ddh@_@VAG_aNds$Zp9)3j%z?3qu{ykMBJw5?He5^M|tx3zPUbapf~
-I0fRt)19nW)od5s;
-
-literal 0
-HcmV?d00001
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.very-big-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.very-big-len.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..6920b89a6c7f1cb9294b399d50ac2d4d6202e25e
-GIT binary patch
-literal 2711
-zcmai$c{J2}AIHs@8AJBvhA_4v6Z+XNV>iaW6StZuG1i!DQ8I??B4yuAD4A#o*{Nuu
-zkb6gE%f626BjM?Jo_p#%&p-Ej&gXp3`~Ci$^ZD;}-T;a1E*QiNkl3IwR#cp6+%5-*
-z1yn*}-GPu;HvkeV9Uwt2{fb~EB#6Tg%LWW$`th0mN<e_~PXXls%mKMyk{u9%z;!AG
-z*4_Q8gTP=o6Tl9G|Mwc070LvN!dTtnOhF#Z5D*H&{dnVIsV%31w>z{he=zFidm@Q>
-zl0S9_S9R6Pg}EX-K+z<?3)kz)RhOomzs6&@R<i2IaI*3+;aY@K-;=3&*>5%hcPyz1
-zu7Bd|RLt_`*~Cg}NjSAn^APiSPlbDC`)xYy0n9A|Of3?6KaeAC+Xm|JtvD<U&dTTW
-z)}wE)wH4-iM{lt3%9=rc)7?|2p2!)A0c7_7<Pt{%mI8;-<zYt?0z{e7tBLO^rh|Mp
-zrp|7vehjcFced1-ot5FN8?IQvI5ljY%r_09OkzzC)%!+aWs+YCKEKn6ZEx4JNWfE=
-z{E}KT`!cEGrk}Vhn;DvM0|o5SC*qRNgGzjW<eNRpwcTi`To*;zdC=RZDWxW5XL-+`
-zdn{suxLx-VlZ^88IzA`P0~aKSJ1aA9HQsE;v55$HN{)=<lNHph!xTC%XbhZ@H*_&G
-zU(B0K-R0}o4$e>McyUCHj##+P{3VC6#8*5OQsMLNl}{|u?@~4~t_8(&M}|Ru(f^lb
-zr0|20j`b$|OL6oKxrDce3zhQWb|hmLH~XBR?fX1kXZ)^%CV0V}kxHi|3ZIaLk<wG5
-z+<^-XyPG=aKpy1eN7ue5eBEfM`cpqIeV3v<OZ8GA%|&draetR^jBN3#?FzmEQjG6K
-zB<+T9MC(H=LSj%?I*|%&_tBuM4TWsCZ@&P)Jb#cp)T*ix<Nc^@-4;2hrB1avazYH)
-zQ@Bi^YAKuHENWuyJZRIE4oTm{Q*79(QjgSlUqi3G6peO8PnK;^Cf2!s6Mb(#4eH)W
-zES<a{c2l2euY6#K%gJnYf-#`sTEmbjRkPPss6h?WD!=L2O~>Vpq;4E$iZ`kacGggI
-zTOACZ)K3`j&)bj4L<#3?R}|ks&t@<Id9**K$kXu`=ya733kcM<q3PZ4)zN)lyWC$B
-zflIyAp+>pE#cE%XPc`(9%#WAvX&rChYE*wDYeg6>4nAlw8Z4b}K3)4|LX0zPyqq8+
-z9um99!XCf6%E%lSurf>ZQ$npItQC{YYap!gj)uqPqBI+4j-@^UU+MXPQyk~eej&=;
-ztc8n-YjJv;RU;1#YO+v&^w{eHszg1r>sBw~+GE!Wr0l^;qH?|)(pej8&D3eLV;7}q
-z{mr)9K%X}JLGXF+YUeFuw*p@h)f0KDl#jC*rI``;8pl>W9M@2`K0YlGR`<ecwjF3&
-z<>1<KrS;wEF-ayiM20Vjx-R+Rv9W@T+p4M;M7>L`D_(f-D9w$3;$DH~O2cyJ=^0I(
-zM}IyHv$bK1ZT{XP^3=HY6p@3jdfC>qUU*{761JMlxsDWCFW8odJhZTCifJVq9IrX5
-zj<Eg+kf5<YdGT)mK|>%UDB*|g|6{yi$Npv$I~xf6BUJifD*O|09D22N&*b~M{UdN{
-z@aC0jQoh&fUt;|)E`|<6NRWX(c{p8%L6ly*sax4JQyB~&iuK*k86&T{3k>BWt@9cJ
-z2Jqv1+wO*zt?dwc_p*bE;|Cv{W^Z?axurlaM~5$Wb#qA0WKz!>XDTZGax<G_8;|BW
-zq4f_CICYAsX(K0?@#@K`><bFKPZ>w*Gj`=EnCXTMgL76b`9?h_#T*^GyR&G#lWmOp
-zXd&2<63uvvB{k~1+Nl7#z-)xj{&&9yZt@Do<!orclx-j)M@m{5^ughZwlpU4+x6pF
-zwD7H{glk&vhuC%e+-b2C9URuYrN1>Sh`Z3-0&nXo?PUqs4)k|oW=;hsGC2jKVD%eU
-zee8EOg?UFK;qtbXUCfV`R$028Q>EAAA9b)eNPI)E<KwYgbEy&I?X{L?@Uzc3d$Lvz
-z(765J<sP4r^0Dlq8PDrsvfiX%@s`D)BQg2<>!uH$+mJ5eO`}+M1wMMz#NAUQVO7h0
-zJ~9m13nxQD(j%8HIi2P!qor|%pOhTfSGxTCl3V{SMJv!i_soN3$SZAr!`$)N4z`Sm
-zl@+64`MY>MNi$5F#Z_`)&4a_mq&xLHExw<AlOc;dQ#rg+-Gj-wIT|?2FQV?Q6`5EW
-zF!?Zgr0<LQ&~TYTiaC0|$V_ymv5@*oKdd}oZvA?CEsK6I1FTpG7&UP}ggCmI!A1>D
-zNSNZ1wy(`@jAy!(9W*hh7=OY|2oo3`>@rq1Oc~yr%_zA`P;w-1Cf|_=O&4yVn#bL(
-zeO09bE`BHH&QYUVTH4Z}^lY1DifP&0&yBGDCeW?+&f4l_8UKVE2#I1bXn+@&++`V5
-zui&DhY9a*zf~}eC3h~8L%i{%4g@>M|eI{OfD!Q91LPlKbuZ(cqTWAN_2TWIlDW*v?
-zrKLSEK1Y6iWu9v=W)W@de|A{Zqi`(BVe3}WQfoD*wyiF)!v3l$3M9Khk~(k>J-?wW
-z*{u>(qM~k~ch5GXEWz_Q(tr~^Lg=%b71rI`(%`@fyJe?~n-neFh>h75zXAul=x}|y
-z9Q5)T|1!a@(YWjc9MUpQP${Us<yDs*rCt2`e#M&;ET0QkizT;}7P|L62YJo)-Z;An
-zSOz#`nC@}Bku3qzrsqSy(0bc2Uo3f>SD)Zw<a&YusjB5twm+az>SDqrflqIY9w94L
-z0iD5VM8OPMC@WY&H`Qj9z|xOPG7CcqyS5nRIwKWDkURN$=yz)OlR4xwv%9}z7Z8o|
-z6En|ar8>tVC%?%hOzwXp&dquG*VDhV)%u$7^l=?<S6$0ZsUGrJB4p;Z%XWmeyj@kk
-zUe|Y$(4y};$}q)sTM=9W?LTe3s_f914mf7vS=pzYWYd)uM$n)o`47KK_Jb!smiP#2
-zEm+iAhUn=?vbw`O7AO08Aa#fXPeIvX!w^2&Q}AJNdi3JN!m+%{i&<Iwtkq)l!vf0t
-z$G#2dsInz3NwL^2pIWE0SX}xR9eM^~Safjqo7Z}3yWwc=zD<+5U-8IP631lo@e8j7
-zTxmv6CTcFr;bCieEp!o#lxiIp5()WhzAV6A5=|NJsB%io`u#7;v8s+q9r*O6`P8v7
-zJ{baCGk%<FXatgST<y_LJ}roXdlGX$q=@Tcjk6AxaQ;k*=NsNpoS#ESB!lGSU|~4W
-zrGx~eegc+NK<PIKf0z3+&ZIRbPw1$?y&QH`ih*#dED#+FgaCFwH=&#W22lMa*#TJy
-zJitWz_gY1z|1>!;E9mI&_kX4Ce<~hCJfhtHmL?6Xu7~bdY*I7snJ9ba9XQV)rXXo;
-V5S0iUgTSqA9L1d+j4@yk=wB`Z-!=dM
-
-literal 0
-HcmV?d00001
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.zero-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.zero-len.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..0e63eb6077fd94da26ba86f1b6230daab5f5ea3d
-GIT binary patch
-literal 2702
-zcmai$XEfXi7skz)8AJ54LNMA8HGehB=w<X0eI<kForxAL7@`ZY(K|sFqYOcGl8{0|
-zVs}Wi=z<Y_^f&vy?@7*n+7I{K^E}Tz=YIR02f)!JgF%!4js^;&7LC`9KcoXufl6`I
-z2M`?f4uGR30XT@`&j?nEgP4D}Ou!(D?@RY*0s^dm2q+z(4~YDfv;Y?bu3XKw?c`k-
-z00zS;09qLQf8W5=Pzrz>M(q%<3v!`^fJ7mT^*guAOz9;&oS@AGV^R0sN8>2xSmO>b
-zHFw-?D64Y(Bz64UF+=tY&FRtwTTB{TrJELHOCuK@hBY|heFZ@^=gltQgvPbQ)vkP-
-zk6qujO{yl8h7yJq&b2-t$uKVNzs(>%fjNYM3B?@mM{{{iyFtBPRp&*4*##^fs-*p`
-z?xH-8m>nu+VLj+CDo65!E4dS~fY8aG47@17knKFCGUQ^GEm~;mPSSh4?ifqNyzQ>+
-zq@PKpwW0FTk`R6Kc-4lMW$WJ60^I=o99joaccK|m&i|$G^E>6Zo*q?$L^nKzcXC(O
-za2A1A_Y;F*2U#J0w2(IDN_@&KP^l-7a&J(&aR4QdXCo=R0($#2wM?hnmigArdM*>h
-zgXT%C6j4`q_GMls_+>1wwKU~k+r1tP4Hug$|HO=2iiEszh(w>=^-(Kv4I4fEwfwoX
-zLzWSxz=G7?7Z-$>u+?zNFS+EeEG6?nRi5u&dB#P1JLW{kcZxDS6e3r=82L*flJm(#
-z?{>S}OI}ojNaEY`)oSt38#rwn2eaIO{l`rGR^H*DS!Qrwq?8z6QBwscQgEJ|(SNn|
-za98;z$fY8s_U>uox1H9SKh^Rx4)M}U1a}$Sa@bxs<0+p-WT$6if1oc&GGPdjd>BL*
-zqXsbuiWT+kLrTy*MuG0M7STL-@B;ku)>+DjF4^m`9<|-urpPfxd4kb}C1TVJ&!7X9
-zOWh5nlH=)NLg{Yw@_QwT(V%O}T+$M}G~AC;ulGp0QtgAX(AFcns7EL1P^Z4=vN=1R
-zdukL%m7@m?mU^4B<k9Q)4P>D*IWrZB2GMb1^|A7eh4}o5w4L)T-Zr_hz6QKXm$`aV
-z%d9%<irIuv6ld;!RY?SDDU$-oC;m2Hv5;U#BFO|9K%l0r?eBiAiy8jb@ANtva2z6h
-zXcHM*tMlUe)Ige~tY3em$lkNpCSNOTgq<o0JZse)D_iNf*7#+XhdyMc63fLK6n8{L
-zo3Ob_&YEE}(o6D|65UALD#7VDK&TTeG%hViDYPwKN^1i94t~T)&d@2n;AZSl#KgvT
-zTE5M05Qhe|8_3tzyW5GD%4hZ8A41%%x35A9pKT;b7dRlTmC(i%eI^Gtq7;meO$XG~
-zh~pnGKOfrcyRYp~=!GM=BE`yB=u1QuGUH!kXzIq}Tg$g+7WhJ%Ul=X*0NtB(414y(
-z;fI4dDbcNwp{v~XU%lMWahJ&tWM%ERJ<5!$UU(cxEzf*n+<@i@!tz!~neBZSfBq3-
-zYC;p&aXQHLRJ&0unvNvvZ0g#=IlE;D+svciMsjQy?(;>S8yL06c2%geH(b<(8BYQ@
-zXxtB8{0$&z5CjLsez$$Tj|c41|Jg)K0|I{!rM{aI{{|fMAte>70xySu1x|yTezlx{
-z*WH$vXrJ3_!Q&7dWOP^@PEsaE3vS(0scv7a4upS*^E%0$uGn;9`%r*1&TsV_b(=Zb
-zchWHI>Vc33*3D%sK6+vlh6W1t4cUh1dc7FyI)ZZNk_Wfw(?k=TJ7_GrnG|kvY=4Bn
-z3G>kkCL)(JUp0y4*hw%yC11!d-l$B~T4>!-ziHH2pgDMz$HHP@Ae+cM*G+DT;ecI8
-z5w-WI(xOh~#QaEXOJN)*r{1lM6&qSMw!wb$rv8Xr0YPcdM{{2#L9NK+aQ19s=w4Lf
-zT}7vJ^tRjbHJ(&u3|hZ)q$?zVu}I&*&D37d-4L?x?_)_xnFdaxunZK1wd~ySG&|Vk
-zWS)wIi<?&WQ`Uanq#CeJ6WmUy?WHp3J4VpDC7}0~)52zY8V#-7mY&lOW^bIKFeicQ
-zgPs$W(>cY9uHhlV9=Jf>&b5FG9`TlN-6zjYaJSubqo@zrCS4lhA4%fSvX!2bWDVM)
-zxuBqo$ghr;*I3Gl>GYvj`A1KroS!>7j2z+>{nb^ho~%P&DY0tg%`ElOWX^7EXa<V^
-z?xxDGr`2t6r=qCg$@yCH!<K_iuTQ@SRd79%Irps_)XKd#<-f$rCGVsdnN;mJ_eadc
-z@E83L<K+^m`lyv+J?_P}BEl=Rkjes)?eL67Dz!i|Sh5JvY-jufVqvcbo6^w1X_b_A
-zf9r4{KU2XUprQjx+^#rqX!*wk+Dw;^<HwJdGE0BQN?BCwraa^e&fx4M=*R!w_^L(*
-zT=GuDiLODVtgN$D>e)WkJjJ@cw*z+jjlV<V!>vtcA)mwu1YZdc)X$wk#92sm=<=GR
-zY!V&;f^F#>a<C*2Dibb?g$7?EevZEVl>0D`s{-LTQXOV-wAuqQ^IND2kxUn)NKb#F
-zeY4`V?+U|M>>5hj$9A0CrD!_JeD8ko*RDExB~z8?DziJfq9EZNoWPlN@U0zb{sEbQ
-zQW<%5)kmh8<%zEBNOgMD1a|nw5~s@1-gP=Or$bH#uTJr5L|p74uP+>Iqs;KhIpF0p
-z)^+TSHtq5&a7gD2R;IA-zI$^{lv2s-$5n5xP<<}iEaBgmS{*oX9b?v4ePivwX6R?0
-zse45CMz|D6UswtLLLBPW`eMl3vDt))6&VZ!1ZvjHXnuo6$@6fQ`ag}Bx<FRT0?K0x
-zh{DARj_g1Ql{Ax0EY%1mSuaGC)4o$P&l)Mog*+%wMZJ@IoI)p_l{0XPUPZKt&n`ZX
-z6X=_coI4gtoI5#=US4+hX(64`G<xYU4KtiE*4)iYt^45e6`PgcBitL@`F2w}ym|O4
-zwo}c1imZznFv8mSn|<1QRo#1i!S9lRYxS^nvPpk-2=+QL*=PJ+iZ?u^o^KM=Rk)_O
-z4pCL+r*?w5tj&!uL7EX~u9t<!HG)`(Pr>IU88K_KtC#YtZ)azpP}lL0&I|GH>%Cf0
-zQRQD1`FY~{JsT};(U^=q64VNzQG8~5?7p4WqcN3tV$v?}T{1DBOgGoTZugqao~YS0
-z+u$tX2HVQ-Bynj8$Tl+|k&wSu%KgmvQTUnO8q1{YU;n~is_C6mhA%j-q)kt=2w_PI
-z2{Q~ICLpQoa<vBq!~i^|DfV$tF~jW!Yh^U{mQ|_i8|EpDw|Q?Q8E0v3pfTDng#-kC
-z0G66f>K6!Wztc1N<Sk2A=oH(dTv}PYI%k?N5CQlAdOr@K^nel|{!`Kd2ngIyN9or_
-zNvZ!9xxZ`RKfByN6ofad(&xSc5iGBY8j)<5(;l2Hf9B!8!WtsMZ>%1b1e=DyjZG|g
-MEzPyHz#!0n06<CBdjJ3c
-
-literal 0
-HcmV?d00001
-
diff --git a/0071-Do-not-make-key-share-choice-in-tls1_set_groups.patch b/0071-Do-not-make-key-share-choice-in-tls1_set_groups.patch
deleted file mode 100644
index bb21722..0000000
--- a/0071-Do-not-make-key-share-choice-in-tls1_set_groups.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 65c2f454e83f78d5ffdfc0a515d35c00fb1060ad Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Fri, 21 Nov 2025 16:00:08 +0100
-Subject: [PATCH] Do not make key share choice in tls1_set_groups()
-
-tls1_set_groups(), which is used by SSL_CTX_set1_groups() does not check
-whether the NIDs passed as argument actually have an implementation
-available in any of the currently loaded providers. It is not simple to
-add this check, either, because it would require access to the SSL_CTX,
-which this function does not receive. There are legacy callers that do
-not have an SSL_CTX pointer and are public API.
-
-This becomes a problem, when an application sets the first group to one
-that is not supported by the current configuration, and can trigger
-sending of an empty key share.
-
-Set the first entry of the key share list to 0 (and the key share list
-length to 1) to signal to tls1_construct_ctos_key_share that it should
-pick the first supported group and generate a key share for that. See
-also tls1_get_requested_keyshare_groups, which documents this special
-case.
-
-See: https://issues.redhat.com/browse/RHEL-128018
-Signed-off-by: Clemens Lang <cllang@redhat.com>
-
-Reviewed-by: Norbert Pocs <norbertp@openssl.org>
-Reviewed-by: Simo Sorce <simo@redhat.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/29192)
-
-(cherry picked from commit 5375e940e22de80ad8c6e865a08db13762242eee)
----
- ssl/t1_lib.c | 8 ++++++-
- test/sslapitest.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 60 insertions(+), 1 deletion(-)
-
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 2f71f95438..3a4ebdeeea 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -1119,7 +1119,13 @@ int tls1_set_groups(uint16_t **grpext, size_t *grpextlen,
- OPENSSL_free(*tplext);
- *grpext = glist;
- *grpextlen = ngroups;
-- kslist[0] = glist[0];
-+ /*
-+ * No * prefix was used, let tls_construct_ctos_key_share choose a key
-+ * share. This has the advantage that it will filter unsupported groups
-+ * before choosing one, which this function does not do. See also the
-+ * comment for tls1_get_requested_keyshare_groups.
-+ */
-+ kslist[0] = 0;
- *ksext = kslist;
- *ksextlen = 1;
- tpllist[0] = ngroups;
-diff --git a/test/sslapitest.c b/test/sslapitest.c
-index b83dd6c552..ab1d08cf8b 100644
---- a/test/sslapitest.c
-+++ b/test/sslapitest.c
-@@ -13269,6 +13269,58 @@ static int test_no_renegotiation(int idx)
- return testresult;
- }
-
-+/*
-+ * Test that SSL_CTX_set1_groups() when called with a list where the first
-+ * entry is unsupported, will send a key_share that uses the next usable entry.
-+ */
-+static int test_ssl_set_groups_unsupported_keyshare(void)
-+{
-+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-+ int testresult = 0;
-+ SSL_CTX *sctx = NULL, *cctx = NULL;
-+ SSL *serverssl = NULL, *clientssl = NULL;
-+ int client_groups[] = {
-+ NID_brainpoolP256r1tls13,
-+ NID_sect163k1,
-+ NID_secp384r1,
-+ NID_ffdhe2048,
-+ };
-+
-+ if (!TEST_true(create_ssl_ctx_pair(libctx,
-+ TLS_server_method(),
-+ TLS_client_method(),
-+ 0, 0,
-+ &sctx,
-+ &cctx,
-+ cert,
-+ privkey)))
-+ goto end;
-+
-+ if (!TEST_true(SSL_CTX_set1_groups(cctx,
-+ client_groups,
-+ OSSL_NELEM(client_groups))))
-+ goto end;
-+
-+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
-+ NULL)))
-+ goto end;
-+
-+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
-+ goto end;
-+
-+ testresult = 1;
-+ end:
-+ SSL_free(serverssl);
-+ SSL_free(clientssl);
-+ SSL_CTX_free(sctx);
-+ SSL_CTX_free(cctx);
-+
-+ return testresult;
-+#else /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
-+ return TEST_skip("No EC and DH support.");
-+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
-+}
-+
- #if defined(DO_SSL_TRACE_TEST)
- /*
- * Tests that the SSL_trace() msg_callback works as expected with a PQ Groups.
-@@ -13598,6 +13650,7 @@ int setup_tests(void)
- ADD_TEST(test_quic_tls_early_data);
- #endif
- ADD_ALL_TESTS(test_no_renegotiation, 2);
-+ ADD_TEST(test_ssl_set_groups_unsupported_keyshare);
- #if defined(DO_SSL_TRACE_TEST)
- if (datadir != NULL)
- ADD_TEST(test_ssl_trace);
---
-2.51.0
-
diff --git a/0072-Fix-PPC-register-processing.patch b/0072-Fix-PPC-register-processing.patch
deleted file mode 100644
index 10681c5..0000000
--- a/0072-Fix-PPC-register-processing.patch
+++ /dev/null
@@ -1,2258 +0,0 @@
-diff --git a/crypto/modes/asm/aes-gcm-ppc.pl b/crypto/modes/asm/aes-gcm-ppc.pl
-index e8a215027e..68918a9305 100644
---- a/crypto/modes/asm/aes-gcm-ppc.pl
-+++ b/crypto/modes/asm/aes-gcm-ppc.pl
-@@ -1,6 +1,6 @@
- #! /usr/bin/env perl
- # Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved.
--# Copyright 2021- IBM Inc. All rights reserved
-+# Copyright 2025- IBM Corp. All rights reserved
- #
- # Licensed under the Apache License 2.0 (the "License"). You may not use
- # this file except in compliance with the License. You can obtain a copy
-@@ -8,7 +8,9 @@
- # https://www.openssl.org/source/license.html
- #
- #===================================================================================
--# Written by Danny Tsen <dtsen@us.ibm.com> for OpenSSL Project,
-+# Accelerated AES-GCM stitched implementation for ppc64le.
-+#
-+# Written by Danny Tsen <dtsen@us.ibm.com>
- #
- # GHASH is based on the Karatsuba multiplication method.
- #
-@@ -32,420 +34,521 @@
- # v31 - counter 1
- #
- # AES used,
--# vs0 - vs14 for round keys
-+# vs0 - round key 0
- # v15, v16, v17, v18, v19, v20, v21, v22 for 8 blocks (encrypted)
- #
- # This implementation uses stitched AES-GCM approach to improve overall performance.
- # AES is implemented with 8x blocks and GHASH is using 2 4x blocks.
- #
--# Current large block (16384 bytes) performance per second with 128 bit key --
--#
--# Encrypt Decrypt
--# Power10[le] (3.5GHz) 5.32G 5.26G
--#
- # ===================================================================================
- #
-+use strict;
-+use warnings;
-+
- # $output is the last argument if it looks like a file (it has an extension)
- # $flavour is the first argument if it doesn't look like a file
--$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
--$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
--
--if ($flavour =~ /64/) {
-- $SIZE_T=8;
-- $LRSAVE=2*$SIZE_T;
-- $STU="stdu";
-- $POP="ld";
-- $PUSH="std";
-- $UCMP="cmpld";
-- $SHRI="srdi";
--} elsif ($flavour =~ /32/) {
-- $SIZE_T=4;
-- $LRSAVE=$SIZE_T;
-- $STU="stwu";
-- $POP="lwz";
-- $PUSH="stw";
-- $UCMP="cmplw";
-- $SHRI="srwi";
--} else { die "nonsense $flavour"; }
--
--$sp="r1";
--$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload
--
--$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
--( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
--( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
--die "can't locate ppc-xlate.pl";
--
--open STDOUT,"| $^X $xlate $flavour \"$output\""
-- or die "can't call $xlate: $!";
--
--$code=<<___;
--.machine "any"
--.text
--
--# 4x loops
--# v15 - v18 - input states
--# vs1 - vs9 - round keys
--#
--.macro Loop_aes_middle4x
-- xxlor 19+32, 1, 1
-- xxlor 20+32, 2, 2
-- xxlor 21+32, 3, 3
-- xxlor 22+32, 4, 4
--
-- vcipher 15, 15, 19
-- vcipher 16, 16, 19
-- vcipher 17, 17, 19
-- vcipher 18, 18, 19
-+my $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
-+my $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
-
-- vcipher 15, 15, 20
-- vcipher 16, 16, 20
-- vcipher 17, 17, 20
-- vcipher 18, 18, 20
--
-- vcipher 15, 15, 21
-- vcipher 16, 16, 21
-- vcipher 17, 17, 21
-- vcipher 18, 18, 21
-+$output and open STDOUT,">$output";
-
-- vcipher 15, 15, 22
-- vcipher 16, 16, 22
-- vcipher 17, 17, 22
-- vcipher 18, 18, 22
--
-- xxlor 19+32, 5, 5
-- xxlor 20+32, 6, 6
-- xxlor 21+32, 7, 7
-- xxlor 22+32, 8, 8
-+my $code.=<<___;
-+.machine "any"
-+.text
-
-- vcipher 15, 15, 19
-- vcipher 16, 16, 19
-- vcipher 17, 17, 19
-- vcipher 18, 18, 19
-+.macro SAVE_REGS
-+ mflr 0
-+ std 0, 16(1)
-+ stdu 1,-512(1)
-
-- vcipher 15, 15, 20
-- vcipher 16, 16, 20
-- vcipher 17, 17, 20
-- vcipher 18, 18, 20
-+ std 14, 112(1)
-+ std 15, 120(1)
-+ std 16, 128(1)
-+ std 17, 136(1)
-+ std 18, 144(1)
-+ std 19, 152(1)
-+ std 20, 160(1)
-+ std 21, 168(1)
-+ std 22, 176(1)
-+ std 23, 184(1)
-+ std 24, 192(1)
-+
-+ stxv 32+20, 256(1)
-+ stxv 32+21, 256+16(1)
-+ stxv 32+22, 256+32(1)
-+ stxv 32+23, 256+48(1)
-+ stxv 32+24, 256+64(1)
-+ stxv 32+25, 256+80(1)
-+ stxv 32+26, 256+96(1)
-+ stxv 32+27, 256+112(1)
-+ stxv 32+28, 256+128(1)
-+ stxv 32+29, 256+144(1)
-+ stxv 32+30, 256+160(1)
-+ stxv 32+31, 256+176(1)
-+.endm # SAVE_REGS
-+
-+.macro RESTORE_REGS
-+ lxv 32+20, 256(1)
-+ lxv 32+21, 256+16(1)
-+ lxv 32+22, 256+32(1)
-+ lxv 32+23, 256+48(1)
-+ lxv 32+24, 256+64(1)
-+ lxv 32+25, 256+80(1)
-+ lxv 32+26, 256+96(1)
-+ lxv 32+27, 256+112(1)
-+ lxv 32+28, 256+128(1)
-+ lxv 32+29, 256+144(1)
-+ lxv 32+30, 256+160(1)
-+ lxv 32+31, 256+176(1)
-+
-+ ld 14, 112(1)
-+ ld 15, 120(1)
-+ ld 16, 128(1)
-+ ld 17, 136(1)
-+ ld 18, 144(1)
-+ ld 19, 152(1)
-+ ld 20, 160(1)
-+ ld 21, 168(1)
-+ ld 22, 176(1)
-+ ld 23, 184(1)
-+ ld 24, 192(1)
-+
-+ addi 1, 1, 512
-+ ld 0, 16(1)
-+ mtlr 0
-+.endm # RESTORE_REGS
-
-- vcipher 15, 15, 21
-- vcipher 16, 16, 21
-- vcipher 17, 17, 21
-- vcipher 18, 18, 21
--
-- vcipher 15, 15, 22
-- vcipher 16, 16, 22
-- vcipher 17, 17, 22
-- vcipher 18, 18, 22
--
-- xxlor 23+32, 9, 9
-- vcipher 15, 15, 23
-- vcipher 16, 16, 23
-- vcipher 17, 17, 23
-- vcipher 18, 18, 23
-+# 4x loops
-+.macro AES_CIPHER_4x r
-+ vcipher 15, 15, \\r
-+ vcipher 16, 16, \\r
-+ vcipher 17, 17, \\r
-+ vcipher 18, 18, \\r
- .endm
-
- # 8x loops
--# v15 - v22 - input states
--# vs1 - vs9 - round keys
--#
--.macro Loop_aes_middle8x
-- xxlor 23+32, 1, 1
-- xxlor 24+32, 2, 2
-- xxlor 25+32, 3, 3
-- xxlor 26+32, 4, 4
--
-- vcipher 15, 15, 23
-- vcipher 16, 16, 23
-- vcipher 17, 17, 23
-- vcipher 18, 18, 23
-- vcipher 19, 19, 23
-- vcipher 20, 20, 23
-- vcipher 21, 21, 23
-- vcipher 22, 22, 23
--
-- vcipher 15, 15, 24
-- vcipher 16, 16, 24
-- vcipher 17, 17, 24
-- vcipher 18, 18, 24
-- vcipher 19, 19, 24
-- vcipher 20, 20, 24
-- vcipher 21, 21, 24
-- vcipher 22, 22, 24
--
-- vcipher 15, 15, 25
-- vcipher 16, 16, 25
-- vcipher 17, 17, 25
-- vcipher 18, 18, 25
-- vcipher 19, 19, 25
-- vcipher 20, 20, 25
-- vcipher 21, 21, 25
-- vcipher 22, 22, 25
--
-- vcipher 15, 15, 26
-- vcipher 16, 16, 26
-- vcipher 17, 17, 26
-- vcipher 18, 18, 26
-- vcipher 19, 19, 26
-- vcipher 20, 20, 26
-- vcipher 21, 21, 26
-- vcipher 22, 22, 26
--
-- xxlor 23+32, 5, 5
-- xxlor 24+32, 6, 6
-- xxlor 25+32, 7, 7
-- xxlor 26+32, 8, 8
--
-- vcipher 15, 15, 23
-- vcipher 16, 16, 23
-- vcipher 17, 17, 23
-- vcipher 18, 18, 23
-- vcipher 19, 19, 23
-- vcipher 20, 20, 23
-- vcipher 21, 21, 23
-- vcipher 22, 22, 23
--
-- vcipher 15, 15, 24
-- vcipher 16, 16, 24
-- vcipher 17, 17, 24
-- vcipher 18, 18, 24
-- vcipher 19, 19, 24
-- vcipher 20, 20, 24
-- vcipher 21, 21, 24
-- vcipher 22, 22, 24
--
-- vcipher 15, 15, 25
-- vcipher 16, 16, 25
-- vcipher 17, 17, 25
-- vcipher 18, 18, 25
-- vcipher 19, 19, 25
-- vcipher 20, 20, 25
-- vcipher 21, 21, 25
-- vcipher 22, 22, 25
--
-- vcipher 15, 15, 26
-- vcipher 16, 16, 26
-- vcipher 17, 17, 26
-- vcipher 18, 18, 26
-- vcipher 19, 19, 26
-- vcipher 20, 20, 26
-- vcipher 21, 21, 26
-- vcipher 22, 22, 26
--
-- xxlor 23+32, 9, 9
-- vcipher 15, 15, 23
-- vcipher 16, 16, 23
-- vcipher 17, 17, 23
-- vcipher 18, 18, 23
-- vcipher 19, 19, 23
-- vcipher 20, 20, 23
-- vcipher 21, 21, 23
-- vcipher 22, 22, 23
-+.macro AES_CIPHER_8x r
-+ vcipher 15, 15, \\r
-+ vcipher 16, 16, \\r
-+ vcipher 17, 17, \\r
-+ vcipher 18, 18, \\r
-+ vcipher 19, 19, \\r
-+ vcipher 20, 20, \\r
-+ vcipher 21, 21, \\r
-+ vcipher 22, 22, \\r
-+.endm
-+
-+.macro LOOP_8AES_STATE
-+ AES_CIPHER_8x 23
-+ AES_CIPHER_8x 24
-+ AES_CIPHER_8x 25
-+ AES_CIPHER_8x 26
-+ AES_CIPHER_8x 27
-+ AES_CIPHER_8x 28
-+ AES_CIPHER_8x 29
-+ AES_CIPHER_8x 1
- .endm
-
- #
--# Compute 4x hash values based on Karatsuba method.
-+# PPC_GFMUL128_8x: Compute hash values of 8 blocks based on Karatsuba method.
- #
--ppc_aes_gcm_ghash:
-- vxor 15, 15, 0
--
-- xxlxor 29, 29, 29
-+# S1 should xor with the previous digest
-+#
-+# Xi = v0
-+# H Poly = v2
-+# Hash keys = v3 - v14
-+# vs10: vpermxor vector
-+# Scratch: v23 - v29
-+#
-+.macro PPC_GFMUL128_8x
-
-- vpmsumd 23, 12, 15 # H4.L * X.L
-- vpmsumd 24, 9, 16
-- vpmsumd 25, 6, 17
-- vpmsumd 26, 3, 18
-+ vpmsumd 23, 12, 15 # H4.L * X.L
-+ vpmsumd 24, 9, 16
-+ vpmsumd 25, 6, 17
-+ vpmsumd 26, 3, 18
-
-- vxor 23, 23, 24
-- vxor 23, 23, 25
-- vxor 23, 23, 26 # L
-+ vxor 23, 23, 24
-+ vxor 23, 23, 25
-+ vxor 23, 23, 26 # L
-
-- vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L
-- vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L
-- vpmsumd 26, 7, 17
-- vpmsumd 27, 4, 18
-+ vpmsumd 27, 13, 15 # H4.L * X.H + H4.H * X.L
-+ vpmsumd 28, 10, 16 # H3.L * X1.H + H3.H * X1.L
-+ vpmsumd 25, 7, 17
-+ vpmsumd 26, 4, 18
-
-- vxor 24, 24, 25
-- vxor 24, 24, 26
-- vxor 24, 24, 27 # M
-+ vxor 24, 27, 28
-+ vxor 24, 24, 25
-+ vxor 24, 24, 26 # M
-
-- # sum hash and reduction with H Poly
-- vpmsumd 28, 23, 2 # reduction
-+ vpmsumd 26, 14, 15 # H4.H * X.H
-+ vpmsumd 27, 11, 16
-+ vpmsumd 28, 8, 17
-+ vpmsumd 29, 5, 18
-
-- xxlor 29+32, 29, 29
-- vsldoi 26, 24, 29, 8 # mL
-- vsldoi 29, 29, 24, 8 # mH
-- vxor 23, 23, 26 # mL + L
-+ vxor 26, 26, 27
-+ vxor 26, 26, 28
-+ vxor 26, 26, 29
-
-- vsldoi 23, 23, 23, 8 # swap
-- vxor 23, 23, 28
-+ # sum hash and reduction with H Poly
-+ vpmsumd 28, 23, 2 # reduction
-
-- vpmsumd 24, 14, 15 # H4.H * X.H
-- vpmsumd 25, 11, 16
-- vpmsumd 26, 8, 17
-- vpmsumd 27, 5, 18
-+ vxor 1, 1, 1
-+ vsldoi 25, 24, 1, 8 # mL
-+ vsldoi 1, 1, 24, 8 # mH
-+ vxor 23, 23, 25 # mL + L
-
-- vxor 24, 24, 25
-- vxor 24, 24, 26
-- vxor 24, 24, 27
-+ # This performs swap and xor like,
-+ # vsldoi 23, 23, 23, 8 # swap
-+ # vxor 23, 23, 28
-+ xxlor 32+29, 10, 10
-+ vpermxor 23, 23, 28, 29
-
-- vxor 24, 24, 29
-+ vxor 24, 26, 1 # H
-
- # sum hash and reduction with H Poly
-- vsldoi 27, 23, 23, 8 # swap
-- vpmsumd 23, 23, 2
-- vxor 27, 27, 24
-- vxor 23, 23, 27
--
-- xxlor 32, 23+32, 23+32 # update hash
-+ #
-+ # vsldoi 25, 23, 23, 8 # swap
-+ # vpmsumd 23, 23, 2
-+ # vxor 27, 25, 24
-+ #
-+ vpermxor 27, 23, 24, 29
-+ vpmsumd 23, 23, 2
-+ vxor 0, 23, 27 # Digest of 4 blocks
-
-- blr
-+ vxor 19, 19, 0
-
--#
--# Combine two 4x ghash
--# v15 - v22 - input blocks
--#
--.macro ppc_aes_gcm_ghash2_4x
-- # first 4x hash
-- vxor 15, 15, 0 # Xi + X
-+ # Compute digest for the next 4 blocks
-+ vpmsumd 24, 9, 20
-+ vpmsumd 25, 6, 21
-+ vpmsumd 26, 3, 22
-+ vpmsumd 23, 12, 19 # H4.L * X.L
-
-- xxlxor 29, 29, 29
-+ vxor 23, 23, 24
-+ vxor 23, 23, 25
-+ vxor 23, 23, 26 # L
-
-- vpmsumd 23, 12, 15 # H4.L * X.L
-- vpmsumd 24, 9, 16
-- vpmsumd 25, 6, 17
-- vpmsumd 26, 3, 18
-+ vpmsumd 27, 13, 19 # H4.L * X.H + H4.H * X.L
-+ vpmsumd 28, 10, 20 # H3.L * X1.H + H3.H * X1.L
-+ vpmsumd 25, 7, 21
-+ vpmsumd 26, 4, 22
-
-- vxor 23, 23, 24
-- vxor 23, 23, 25
-- vxor 23, 23, 26 # L
-+ vxor 24, 27, 28
-+ vxor 24, 24, 25
-+ vxor 24, 24, 26 # M
-
-- vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L
-- vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L
-- vpmsumd 26, 7, 17
-- vpmsumd 27, 4, 18
-+ vpmsumd 26, 14, 19 # H4.H * X.H
-+ vpmsumd 27, 11, 20
-+ vpmsumd 28, 8, 21
-+ vpmsumd 29, 5, 22
-
-- vxor 24, 24, 25
-- vxor 24, 24, 26
-+ vxor 26, 26, 27
-+ vxor 26, 26, 28
-+ vxor 26, 26, 29
-
- # sum hash and reduction with H Poly
-- vpmsumd 28, 23, 2 # reduction
-+ vpmsumd 28, 23, 2 # reduction
-
-- xxlor 29+32, 29, 29
-+ vxor 1, 1, 1
-+ vsldoi 25, 24, 1, 8 # mL
-+ vsldoi 1, 1, 24, 8 # mH
-+ vxor 23, 23, 25 # mL + L
-
-- vxor 24, 24, 27 # M
-- vsldoi 26, 24, 29, 8 # mL
-- vsldoi 29, 29, 24, 8 # mH
-- vxor 23, 23, 26 # mL + L
-+ # This performs swap and xor like,
-+ # vsldoi 23, 23, 23, 8 # swap
-+ # vxor 23, 23, 28
-+ xxlor 32+29, 10, 10
-+ vpermxor 23, 23, 28, 29
-
-- vsldoi 23, 23, 23, 8 # swap
-- vxor 23, 23, 28
-+ vxor 24, 26, 1 # H
-
-- vpmsumd 24, 14, 15 # H4.H * X.H
-- vpmsumd 25, 11, 16
-- vpmsumd 26, 8, 17
-- vpmsumd 27, 5, 18
-+ # sum hash and reduction with H Poly
-+ #
-+ # vsldoi 25, 23, 23, 8 # swap
-+ # vpmsumd 23, 23, 2
-+ # vxor 27, 25, 24
-+ #
-+ vpermxor 27, 23, 24, 29
-+ vpmsumd 23, 23, 2
-+ vxor 0, 23, 27 # Digest of 8 blocks
-+.endm
-
-- vxor 24, 24, 25
-- vxor 24, 24, 26
-- vxor 24, 24, 27 # H
-+#
-+# Compute update single ghash
-+# vs10: vpermxor vector
-+# scratch: v1, v22..v27
-+#
-+.macro PPC_GHASH1x H S1
-
-- vxor 24, 24, 29 # H + mH
-+ vxor 1, 1, 1
-
-- # sum hash and reduction with H Poly
-- vsldoi 27, 23, 23, 8 # swap
-- vpmsumd 23, 23, 2
-- vxor 27, 27, 24
-- vxor 27, 23, 27 # 1st Xi
--
-- # 2nd 4x hash
-- vpmsumd 24, 9, 20
-- vpmsumd 25, 6, 21
-- vpmsumd 26, 3, 22
-- vxor 19, 19, 27 # Xi + X
-- vpmsumd 23, 12, 19 # H4.L * X.L
--
-- vxor 23, 23, 24
-- vxor 23, 23, 25
-- vxor 23, 23, 26 # L
--
-- vpmsumd 24, 13, 19 # H4.L * X.H + H4.H * X.L
-- vpmsumd 25, 10, 20 # H3.L * X1.H + H3.H * X1.L
-- vpmsumd 26, 7, 21
-- vpmsumd 27, 4, 22
--
-- vxor 24, 24, 25
-- vxor 24, 24, 26
-+ vpmsumd 22, 3, \\S1 # L
-+ vpmsumd 23, 4, \\S1 # M
-+ vpmsumd 24, 5, \\S1 # H
-
-- # sum hash and reduction with H Poly
-- vpmsumd 28, 23, 2 # reduction
-+ vpmsumd 27, 22, 2 # reduction
-
-- xxlor 29+32, 29, 29
-+ vsldoi 25, 23, 1, 8 # mL
-+ vsldoi 26, 1, 23, 8 # mH
-+ vxor 22, 22, 25 # LL + LL
-+ vxor 24, 24, 26 # HH + HH
-
-- vxor 24, 24, 27 # M
-- vsldoi 26, 24, 29, 8 # mL
-- vsldoi 29, 29, 24, 8 # mH
-- vxor 23, 23, 26 # mL + L
-+ xxlor 32+25, 10, 10
-+ vpermxor 22, 22, 27, 25
-
-- vsldoi 23, 23, 23, 8 # swap
-- vxor 23, 23, 28
-+ # vsldoi 23, 22, 22, 8 # swap
-+ # vpmsumd 22, 22, 2 # reduction
-+ # vxor 23, 23, 24
-+ vpermxor 23, 22, 24, 25
-+ vpmsumd 22, 22, 2 # reduction
-
-- vpmsumd 24, 14, 19 # H4.H * X.H
-- vpmsumd 25, 11, 20
-- vpmsumd 26, 8, 21
-- vpmsumd 27, 5, 22
-+ vxor \\H, 22, 23
-+.endm
-
-- vxor 24, 24, 25
-- vxor 24, 24, 26
-- vxor 24, 24, 27 # H
-+#
-+# LOAD_HASH_TABLE
-+# Xi = v0
-+# H Poly = v2
-+# Hash keys = v3 - v14
-+#
-+.macro LOAD_HASH_TABLE
-+ # Load Xi
-+ lxvb16x 32, 0, 8 # load Xi
-
-- vxor 24, 24, 29 # H + mH
-+ vxor 1, 1, 1
-
-- # sum hash and reduction with H Poly
-- vsldoi 27, 23, 23, 8 # swap
-- vpmsumd 23, 23, 2
-- vxor 27, 27, 24
-- vxor 23, 23, 27
-+ li 10, 32
-+ lxvd2x 2+32, 10, 8 # H Poli
-+
-+ # load Hash - h^4, h^3, h^2, h
-+ li 10, 64
-+ lxvd2x 4+32, 10, 8 # H
-+ vsldoi 3, 1, 4, 8 # l
-+ vsldoi 5, 4, 1, 8 # h
-+ li 10, 112
-+ lxvd2x 7+32, 10, 8 # H^2
-+ vsldoi 6, 1, 7, 8 # l
-+ vsldoi 8, 7, 1, 8 # h
-+ li 10, 160
-+ lxvd2x 10+32, 10, 8 # H^3
-+ vsldoi 9, 1, 10, 8 # l
-+ vsldoi 11, 10, 1, 8 # h
-+ li 10, 208
-+ lxvd2x 13+32, 10, 8 # H^4
-+ vsldoi 12, 1, 13, 8 # l
-+ vsldoi 14, 13, 1, 8 # h
-+.endm
-
-- xxlor 32, 23+32, 23+32 # update hash
-+.macro PROCESS_8X_AES_STATES
-+ vcipherlast 15, 15, 1
-+ vcipherlast 16, 16, 1
-+ vcipherlast 17, 17, 1
-+ vcipherlast 18, 18, 1
-+ vcipherlast 19, 19, 1
-+ vcipherlast 20, 20, 1
-+ vcipherlast 21, 21, 1
-+ vcipherlast 22, 22, 1
-+
-+ lxvb16x 32+23, 0, 14 # load block
-+ lxvb16x 32+24, 15, 14 # load block
-+ lxvb16x 32+25, 16, 14 # load block
-+ lxvb16x 32+26, 17, 14 # load block
-+ lxvb16x 32+27, 18, 14 # load block
-+ lxvb16x 32+28, 19, 14 # load block
-+ lxvb16x 32+29, 20, 14 # load block
-+ lxvb16x 32+30, 21, 14 # load block
-+ addi 14, 14, 128
-+
-+ vxor 15, 15, 23
-+ vxor 16, 16, 24
-+ vxor 17, 17, 25
-+ vxor 18, 18, 26
-+ vxor 19, 19, 27
-+ vxor 20, 20, 28
-+ vxor 21, 21, 29
-+ vxor 22, 22, 30
-+
-+ stxvb16x 47, 0, 9 # store output
-+ stxvb16x 48, 15, 9 # store output
-+ stxvb16x 49, 16, 9 # store output
-+ stxvb16x 50, 17, 9 # store output
-+ stxvb16x 51, 18, 9 # store output
-+ stxvb16x 52, 19, 9 # store output
-+ stxvb16x 53, 20, 9 # store output
-+ stxvb16x 54, 21, 9 # store output
-+ addi 9, 9, 128
-+.endm
-
-+.macro COMPUTE_STATES
-+ xxlor 32+15, 9, 9 # last state
-+ vadduwm 15, 15, 31 # state + counter
-+ vadduwm 16, 15, 31
-+ vadduwm 17, 16, 31
-+ vadduwm 18, 17, 31
-+ vadduwm 19, 18, 31
-+ vadduwm 20, 19, 31
-+ vadduwm 21, 20, 31
-+ vadduwm 22, 21, 31
-+ xxlor 9, 32+22, 32+22 # save last state
-+
-+ xxlxor 32+15, 32+15, 0 # IV + round key - add round key 0
-+ xxlxor 32+16, 32+16, 0
-+ xxlxor 32+17, 32+17, 0
-+ xxlxor 32+18, 32+18, 0
-+ xxlxor 32+19, 32+19, 0
-+ xxlxor 32+20, 32+20, 0
-+ xxlxor 32+21, 32+21, 0
-+ xxlxor 32+22, 32+22, 0
- .endm
-
-+################################################################################
-+# Compute AES and ghash one block at a time.
-+# r23: AES rounds
-+# v30: current IV
-+# vs0: roundkey 0
- #
--# Compute update single hash
--#
--.macro ppc_update_hash_1x
-- vxor 28, 28, 0
-+################################################################################
-+.align 4
-+aes_gcm_crypt_1x:
-+.localentry aes_gcm_crypt_1x,0
-
-- vxor 19, 19, 19
-+ cmpdi 5, 16
-+ bge __More_1x
-+ blr
-+__More_1x:
-+ li 10, 16
-+ divdu 12, 5, 10
-
-- vpmsumd 22, 3, 28 # L
-- vpmsumd 23, 4, 28 # M
-- vpmsumd 24, 5, 28 # H
-+ xxlxor 32+15, 32+30, 0
-
-- vpmsumd 27, 22, 2 # reduction
-+ # Pre-load 8 AES rounds to scratch vectors.
-+ lxv 32+16, 16(6) # round key 1
-+ lxv 32+17, 32(6) # round key 2
-+ lxv 32+18, 48(6) # round key 3
-+ lxv 32+19, 64(6) # round key 4
-+ lxv 32+20, 80(6) # round key 5
-+ lxv 32+21, 96(6) # round key 6
-+ lxv 32+28, 112(6) # round key 7
-+ lxv 32+29, 128(6) # round key 8
-
-- vsldoi 25, 23, 19, 8 # mL
-- vsldoi 26, 19, 23, 8 # mH
-- vxor 22, 22, 25 # LL + LL
-- vxor 24, 24, 26 # HH + HH
-+ lwz 23, 240(6) # n rounds
-+ addi 22, 23, -9 # remaining AES rounds
-
-- vsldoi 22, 22, 22, 8 # swap
-- vxor 22, 22, 27
-+ cmpdi 12, 0
-+ bgt __Loop_1x
-+ blr
-+
-+__Loop_1x:
-+ mtctr 22
-+ addi 10, 6, 144
-+ vcipher 15, 15, 16
-+ vcipher 15, 15, 17
-+ vcipher 15, 15, 18
-+ vcipher 15, 15, 19
-+ vcipher 15, 15, 20
-+ vcipher 15, 15, 21
-+ vcipher 15, 15, 28
-+ vcipher 15, 15, 29
-
-- vsldoi 20, 22, 22, 8 # swap
-- vpmsumd 22, 22, 2 # reduction
-- vxor 20, 20, 24
-- vxor 22, 22, 20
-+__Loop_aes_1state:
-+ lxv 32+1, 0(10)
-+ vcipher 15, 15, 1
-+ addi 10, 10, 16
-+ bdnz __Loop_aes_1state
-+ lxv 32+1, 0(10) # last round key
-+ lxvb16x 11, 0, 14 # load input block
-+ vcipherlast 15, 15, 1
-
-- vmr 0, 22 # update hash
-+ xxlxor 32+15, 32+15, 11
-+ stxvb16x 32+15, 0, 9 # store output
-+ addi 14, 14, 16
-+ addi 9, 9, 16
-
--.endm
-+ cmpdi 24, 0 # decrypt?
-+ bne __Encrypt_1x
-+ xxlor 15+32, 11, 11
-+__Encrypt_1x:
-+ vxor 15, 15, 0
-+ PPC_GHASH1x 0, 15
-+
-+ addi 5, 5, -16
-+ addi 11, 11, 16
-
-+ vadduwm 30, 30, 31 # IV + counter
-+ xxlxor 32+15, 32+30, 0
-+ addi 12, 12, -1
-+ cmpdi 12, 0
-+ bgt __Loop_1x
-+
-+ stxvb16x 32+0, 0, 8 # update Xi
-+ blr
-+.size aes_gcm_crypt_1x,.-aes_gcm_crypt_1x
-+
-+################################################################################
-+# Process a normal partial block when we come here.
-+# Compute partial mask, Load and store partial block to stack.
-+# Compute AES state.
-+# Compute ghash.
- #
-+################################################################################
-+.align 4
-+__Process_partial:
-+.localentry __Process_partial,0
-+
-+ # create partial mask
-+ vspltisb 16, -1
-+ li 12, 16
-+ sub 12, 12, 5
-+ sldi 12, 12, 3
-+ mtvsrdd 32+17, 0, 12
-+ vslo 16, 16, 17 # partial block mask
-+
-+ lxvb16x 11, 0, 14 # load partial block
-+ xxland 11, 11, 32+16
-+
-+ # AES crypt partial
-+ xxlxor 32+15, 32+30, 0
-+ lwz 23, 240(6) # n rounds
-+ addi 22, 23, -1 # loop - 1
-+ mtctr 22
-+ addi 10, 6, 16
-+
-+__Loop_aes_pstate:
-+ lxv 32+1, 0(10)
-+ vcipher 15, 15, 1
-+ addi 10, 10, 16
-+ bdnz __Loop_aes_pstate
-+ lxv 32+1, 0(10) # last round key
-+ vcipherlast 15, 15, 1
-+
-+ xxlxor 32+15, 32+15, 11
-+ vand 15, 15, 16
-+
-+ # AES crypt output v15
-+ # Write partial
-+ li 10, 224
-+ stxvb16x 15+32, 10, 1 # write v15 to stack
-+ addi 10, 1, 223
-+ addi 12, 9, -1
-+ mtctr 5 # partial block len
-+__Write_partial:
-+ lbzu 22, 1(10)
-+ stbu 22, 1(12)
-+ bdnz __Write_partial
-+
-+ cmpdi 24, 0 # decrypt?
-+ bne __Encrypt_partial
-+ xxlor 32+15, 11, 11 # decrypt using the input block
-+__Encrypt_partial:
-+ vxor 15, 15, 0 # ^ previous hash
-+ PPC_GHASH1x 0, 15
-+ li 5, 0 # done last byte
-+ stxvb16x 32+0, 0, 8 # Update X1
-+ blr
-+.size __Process_partial,.-__Process_partial
-+
-+################################################################################
- # ppc_aes_gcm_encrypt (const void *inp, void *out, size_t len,
--# const AES_KEY *key, unsigned char iv[16],
--# void *Xip);
-+# const char *rk, unsigned char iv[16], void *Xip);
- #
- # r3 - inp
- # r4 - out
-@@ -454,159 +557,85 @@ ppc_aes_gcm_ghash:
- # r7 - iv
- # r8 - Xi, HPoli, hash keys
- #
-+# rounds is at offset 240 in rk
-+# Xi is at 0 in gcm_table (Xip).
-+#
-+################################################################################
- .global ppc_aes_gcm_encrypt
- .align 5
- ppc_aes_gcm_encrypt:
--_ppc_aes_gcm_encrypt:
-+.localentry ppc_aes_gcm_encrypt,0
-
-- stdu 1,-512(1)
-- mflr 0
--
-- std 14,112(1)
-- std 15,120(1)
-- std 16,128(1)
-- std 17,136(1)
-- std 18,144(1)
-- std 19,152(1)
-- std 20,160(1)
-- std 21,168(1)
-- li 9, 256
-- stvx 20, 9, 1
-- addi 9, 9, 16
-- stvx 21, 9, 1
-- addi 9, 9, 16
-- stvx 22, 9, 1
-- addi 9, 9, 16
-- stvx 23, 9, 1
-- addi 9, 9, 16
-- stvx 24, 9, 1
-- addi 9, 9, 16
-- stvx 25, 9, 1
-- addi 9, 9, 16
-- stvx 26, 9, 1
-- addi 9, 9, 16
-- stvx 27, 9, 1
-- addi 9, 9, 16
-- stvx 28, 9, 1
-- addi 9, 9, 16
-- stvx 29, 9, 1
-- addi 9, 9, 16
-- stvx 30, 9, 1
-- addi 9, 9, 16
-- stvx 31, 9, 1
-- std 0, 528(1)
--
-- # Load Xi
-- lxvb16x 32, 0, 8 # load Xi
--
-- # load Hash - h^4, h^3, h^2, h
-- li 10, 32
-- lxvd2x 2+32, 10, 8 # H Poli
-- li 10, 48
-- lxvd2x 3+32, 10, 8 # Hl
-- li 10, 64
-- lxvd2x 4+32, 10, 8 # H
-- li 10, 80
-- lxvd2x 5+32, 10, 8 # Hh
--
-- li 10, 96
-- lxvd2x 6+32, 10, 8 # H^2l
-- li 10, 112
-- lxvd2x 7+32, 10, 8 # H^2
-- li 10, 128
-- lxvd2x 8+32, 10, 8 # H^2h
--
-- li 10, 144
-- lxvd2x 9+32, 10, 8 # H^3l
-- li 10, 160
-- lxvd2x 10+32, 10, 8 # H^3
-- li 10, 176
-- lxvd2x 11+32, 10, 8 # H^3h
--
-- li 10, 192
-- lxvd2x 12+32, 10, 8 # H^4l
-- li 10, 208
-- lxvd2x 13+32, 10, 8 # H^4
-- li 10, 224
-- lxvd2x 14+32, 10, 8 # H^4h
-+ SAVE_REGS
-+ LOAD_HASH_TABLE
-
- # initialize ICB: GHASH( IV ), IV - r7
- lxvb16x 30+32, 0, 7 # load IV - v30
-
-- mr 12, 5 # length
-- li 11, 0 # block index
-+ mr 14, 3
-+ mr 9, 4
-
- # counter 1
- vxor 31, 31, 31
- vspltisb 22, 1
- vsldoi 31, 31, 22,1 # counter 1
-
-- # load round key to VSR
-- lxv 0, 0(6)
-- lxv 1, 0x10(6)
-- lxv 2, 0x20(6)
-- lxv 3, 0x30(6)
-- lxv 4, 0x40(6)
-- lxv 5, 0x50(6)
-- lxv 6, 0x60(6)
-- lxv 7, 0x70(6)
-- lxv 8, 0x80(6)
-- lxv 9, 0x90(6)
-- lxv 10, 0xa0(6)
-+ addis 11, 2, permx\@toc\@ha
-+ addi 11, 11, permx\@toc\@l
-+ lxv 10, 0(11) # vs10: vpermxor vector
-+ li 11, 0
-
-- # load rounds - 10 (128), 12 (192), 14 (256)
-- lwz 9,240(6)
-+ lxv 0, 0(6) # round key 0
-
- #
-- # vxor state, state, w # addroundkey
-- xxlor 32+29, 0, 0
-- vxor 15, 30, 29 # IV + round key - add round key 0
--
-- cmpdi 9, 10
-- beq Loop_aes_gcm_8x
--
-- # load 2 more round keys (v11, v12)
-- lxv 11, 0xb0(6)
-- lxv 12, 0xc0(6)
--
-- cmpdi 9, 12
-- beq Loop_aes_gcm_8x
--
-- # load 2 more round keys (v11, v12, v13, v14)
-- lxv 13, 0xd0(6)
-- lxv 14, 0xe0(6)
-- cmpdi 9, 14
-- beq Loop_aes_gcm_8x
--
-- b aes_gcm_out
-+ # Process different blocks
-+ #
-+ cmpdi 5, 128
-+ blt __Process_more_enc
-+
-+ # load 9 round keys
-+ lxv 32+23, 16(6) # round key 1
-+ lxv 32+24, 32(6) # round key 2
-+ lxv 32+25, 48(6) # round key 3
-+ lxv 32+26, 64(6) # round key 4
-+ lxv 32+27, 80(6) # round key 5
-+ lxv 32+28, 96(6) # round key 6
-+ lxv 32+29, 112(6) # round key 7
-+ lxv 32+1, 128(6) # round key 8
-
--.align 5
--Loop_aes_gcm_8x:
-- mr 14, 3
-- mr 9, 4
-+ # load rounds - 10 (128), 12 (192), 14 (256)
-+ lwz 23, 240(6) # n rounds
-
-- # n blocks
-+__Process_encrypt:
-+#
-+# Process 8x AES/GCM blocks
-+#
-+__Process_8x_enc:
-+ # 8x blocks
- li 10, 128
-- divdu 10, 5, 10 # n 128 bytes-blocks
-- cmpdi 10, 0
-- beq Loop_last_block
--
-- vaddudm 30, 30, 31 # IV + counter
-- vxor 16, 30, 29
-- vaddudm 30, 30, 31
-- vxor 17, 30, 29
-- vaddudm 30, 30, 31
-- vxor 18, 30, 29
-- vaddudm 30, 30, 31
-- vxor 19, 30, 29
-- vaddudm 30, 30, 31
-- vxor 20, 30, 29
-- vaddudm 30, 30, 31
-- vxor 21, 30, 29
-- vaddudm 30, 30, 31
-- vxor 22, 30, 29
--
-- mtctr 10
-+ divdu 12, 5, 10 # n 128 bytes-blocks
-+
-+ addi 12, 12, -1 # loop - 1
-+
-+ vmr 15, 30 # first state: IV
-+ vadduwm 16, 15, 31 # state + counter
-+ vadduwm 17, 16, 31
-+ vadduwm 18, 17, 31
-+ vadduwm 19, 18, 31
-+ vadduwm 20, 19, 31
-+ vadduwm 21, 20, 31
-+ vadduwm 22, 21, 31
-+ xxlor 9, 32+22, 32+22 # save last state
-+
-+ # vxor state, state, w # addroundkey
-+ xxlxor 32+15, 32+15, 0 # IV + round key - add round key 0
-+ xxlxor 32+16, 32+16, 0
-+ xxlxor 32+17, 32+17, 0
-+ xxlxor 32+18, 32+18, 0
-+ xxlxor 32+19, 32+19, 0
-+ xxlxor 32+20, 32+20, 0
-+ xxlxor 32+21, 32+21, 0
-+ xxlxor 32+22, 32+22, 0
-
- li 15, 16
- li 16, 32
-@@ -616,523 +645,185 @@ Loop_aes_gcm_8x:
- li 20, 96
- li 21, 112
-
-- lwz 10, 240(6)
--
--Loop_8x_block:
--
-- lxvb16x 15, 0, 14 # load block
-- lxvb16x 16, 15, 14 # load block
-- lxvb16x 17, 16, 14 # load block
-- lxvb16x 18, 17, 14 # load block
-- lxvb16x 19, 18, 14 # load block
-- lxvb16x 20, 19, 14 # load block
-- lxvb16x 21, 20, 14 # load block
-- lxvb16x 22, 21, 14 # load block
-- addi 14, 14, 128
--
-- Loop_aes_middle8x
--
-- xxlor 23+32, 10, 10
--
-- cmpdi 10, 10
-- beq Do_next_ghash
--
-- # 192 bits
-- xxlor 24+32, 11, 11
--
-- vcipher 15, 15, 23
-- vcipher 16, 16, 23
-- vcipher 17, 17, 23
-- vcipher 18, 18, 23
-- vcipher 19, 19, 23
-- vcipher 20, 20, 23
-- vcipher 21, 21, 23
-- vcipher 22, 22, 23
--
-- vcipher 15, 15, 24
-- vcipher 16, 16, 24
-- vcipher 17, 17, 24
-- vcipher 18, 18, 24
-- vcipher 19, 19, 24
-- vcipher 20, 20, 24
-- vcipher 21, 21, 24
-- vcipher 22, 22, 24
--
-- xxlor 23+32, 12, 12
--
-- cmpdi 10, 12
-- beq Do_next_ghash
--
-- # 256 bits
-- xxlor 24+32, 13, 13
--
-- vcipher 15, 15, 23
-- vcipher 16, 16, 23
-- vcipher 17, 17, 23
-- vcipher 18, 18, 23
-- vcipher 19, 19, 23
-- vcipher 20, 20, 23
-- vcipher 21, 21, 23
-- vcipher 22, 22, 23
--
-- vcipher 15, 15, 24
-- vcipher 16, 16, 24
-- vcipher 17, 17, 24
-- vcipher 18, 18, 24
-- vcipher 19, 19, 24
-- vcipher 20, 20, 24
-- vcipher 21, 21, 24
-- vcipher 22, 22, 24
--
-- xxlor 23+32, 14, 14
--
-- cmpdi 10, 14
-- beq Do_next_ghash
-- b aes_gcm_out
--
--Do_next_ghash:
--
- #
-- # last round
-- vcipherlast 15, 15, 23
-- vcipherlast 16, 16, 23
--
-- xxlxor 47, 47, 15
-- stxvb16x 47, 0, 9 # store output
-- xxlxor 48, 48, 16
-- stxvb16x 48, 15, 9 # store output
--
-- vcipherlast 17, 17, 23
-- vcipherlast 18, 18, 23
-+ # Pre-compute first 8 AES state and leave 1/3/5 more rounds
-+ # for the loop.
-+ #
-+ addi 22, 23, -9 # process 8 keys
-+ mtctr 22 # AES key loop
-+ addi 10, 6, 144
-
-- xxlxor 49, 49, 17
-- stxvb16x 49, 16, 9 # store output
-- xxlxor 50, 50, 18
-- stxvb16x 50, 17, 9 # store output
-+ LOOP_8AES_STATE # process 8 AES keys
-
-- vcipherlast 19, 19, 23
-- vcipherlast 20, 20, 23
-+__PreLoop_aes_state:
-+ lxv 32+1, 0(10) # round key
-+ AES_CIPHER_8x 1
-+ addi 10, 10, 16
-+ bdnz __PreLoop_aes_state
-+ lxv 32+1, 0(10) # last round key (v1)
-
-- xxlxor 51, 51, 19
-- stxvb16x 51, 18, 9 # store output
-- xxlxor 52, 52, 20
-- stxvb16x 52, 19, 9 # store output
-+ cmpdi 12, 0 # Only one loop (8 block)
-+ beq __Finish_ghash
-
-- vcipherlast 21, 21, 23
-- vcipherlast 22, 22, 23
-+#
-+# Loop 8x blocks and compute ghash
-+#
-+__Loop_8x_block_enc:
-+ PROCESS_8X_AES_STATES
-
-- xxlxor 53, 53, 21
-- stxvb16x 53, 20, 9 # store output
-- xxlxor 54, 54, 22
-- stxvb16x 54, 21, 9 # store output
-+ # Compute ghash here
-+ vxor 15, 15, 0
-+ PPC_GFMUL128_8x
-
-- addi 9, 9, 128
-+ COMPUTE_STATES
-
-- # ghash here
-- ppc_aes_gcm_ghash2_4x
--
-- xxlor 27+32, 0, 0
-- vaddudm 30, 30, 31 # IV + counter
-- vmr 29, 30
-- vxor 15, 30, 27 # add round key
-- vaddudm 30, 30, 31
-- vxor 16, 30, 27
-- vaddudm 30, 30, 31
-- vxor 17, 30, 27
-- vaddudm 30, 30, 31
-- vxor 18, 30, 27
-- vaddudm 30, 30, 31
-- vxor 19, 30, 27
-- vaddudm 30, 30, 31
-- vxor 20, 30, 27
-- vaddudm 30, 30, 31
-- vxor 21, 30, 27
-- vaddudm 30, 30, 31
-- vxor 22, 30, 27
--
-- addi 12, 12, -128
-+ addi 5, 5, -128
- addi 11, 11, 128
-
-- bdnz Loop_8x_block
--
-- vmr 30, 29
--
--Loop_last_block:
-- cmpdi 12, 0
-- beq aes_gcm_out
--
-- # loop last few blocks
-- li 10, 16
-- divdu 10, 12, 10
--
-- mtctr 10
--
-- lwz 10, 240(6)
--
-- cmpdi 12, 16
-- blt Final_block
--
--.macro Loop_aes_middle_1x
-- xxlor 19+32, 1, 1
-- xxlor 20+32, 2, 2
-- xxlor 21+32, 3, 3
-- xxlor 22+32, 4, 4
--
-- vcipher 15, 15, 19
-- vcipher 15, 15, 20
-- vcipher 15, 15, 21
-- vcipher 15, 15, 22
--
-- xxlor 19+32, 5, 5
-- xxlor 20+32, 6, 6
-- xxlor 21+32, 7, 7
-- xxlor 22+32, 8, 8
--
-- vcipher 15, 15, 19
-- vcipher 15, 15, 20
-- vcipher 15, 15, 21
-- vcipher 15, 15, 22
--
-- xxlor 19+32, 9, 9
-- vcipher 15, 15, 19
--.endm
--
--Next_rem_block:
-- lxvb16x 15, 0, 14 # load block
--
-- Loop_aes_middle_1x
--
-- xxlor 23+32, 10, 10
--
-- cmpdi 10, 10
-- beq Do_next_1x
--
-- # 192 bits
-- xxlor 24+32, 11, 11
--
-- vcipher 15, 15, 23
-- vcipher 15, 15, 24
--
-- xxlor 23+32, 12, 12
--
-- cmpdi 10, 12
-- beq Do_next_1x
--
-- # 256 bits
-- xxlor 24+32, 13, 13
--
-- vcipher 15, 15, 23
-- vcipher 15, 15, 24
--
-- xxlor 23+32, 14, 14
--
-- cmpdi 10, 14
-- beq Do_next_1x
--
--Do_next_1x:
-- vcipherlast 15, 15, 23
--
-- xxlxor 47, 47, 15
-- stxvb16x 47, 0, 9 # store output
-- addi 14, 14, 16
-- addi 9, 9, 16
--
-- vmr 28, 15
-- ppc_update_hash_1x
--
-- addi 12, 12, -16
-- addi 11, 11, 16
-- xxlor 19+32, 0, 0
-- vaddudm 30, 30, 31 # IV + counter
-- vxor 15, 30, 19 # add round key
-+ lxv 32+23, 16(6) # round key 1
-+ lxv 32+24, 32(6) # round key 2
-+ lxv 32+25, 48(6) # round key 3
-+ lxv 32+26, 64(6) # round key 4
-+ lxv 32+27, 80(6) # round key 5
-+ lxv 32+28, 96(6) # round key 6
-+ lxv 32+29, 112(6) # round key 7
-+ lxv 32+1, 128(6) # round key 8
-+
-+ # Compute first 8 AES state and leave 1/3/5 more rounds
-+ # for the loop.
-+ LOOP_8AES_STATE # process 8 AES keys
-+ mtctr 22 # AES key loop
-+ addi 10, 6, 144
-+
-+__LastLoop_aes_state:
-+ lxv 32+1, 0(10) # round key
-+ AES_CIPHER_8x 1
-+ addi 10, 10, 16
-+ bdnz __LastLoop_aes_state
-
-- bdnz Next_rem_block
-+ lxv 32+1, 0(10) # last round key (v1)
-
-+ addi 12, 12, -1
- cmpdi 12, 0
-- beq aes_gcm_out
--
--Final_block:
-- Loop_aes_middle_1x
--
-- xxlor 23+32, 10, 10
--
-- cmpdi 10, 10
-- beq Do_final_1x
--
-- # 192 bits
-- xxlor 24+32, 11, 11
--
-- vcipher 15, 15, 23
-- vcipher 15, 15, 24
-+ bne __Loop_8x_block_enc
-
-- xxlor 23+32, 12, 12
--
-- cmpdi 10, 12
-- beq Do_final_1x
--
-- # 256 bits
-- xxlor 24+32, 13, 13
--
-- vcipher 15, 15, 23
-- vcipher 15, 15, 24
--
-- xxlor 23+32, 14, 14
--
-- cmpdi 10, 14
-- beq Do_final_1x
--
--Do_final_1x:
-- vcipherlast 15, 15, 23
--
-- lxvb16x 15, 0, 14 # load last block
-- xxlxor 47, 47, 15
--
-- # create partial block mask
-- li 15, 16
-- sub 15, 15, 12 # index to the mask
--
-- vspltisb 16, -1 # first 16 bytes - 0xffff...ff
-- vspltisb 17, 0 # second 16 bytes - 0x0000...00
-- li 10, 192
-- stvx 16, 10, 1
-- addi 10, 10, 16
-- stvx 17, 10, 1
--
-- addi 10, 1, 192
-- lxvb16x 16, 15, 10 # load partial block mask
-- xxland 47, 47, 16
--
-- vmr 28, 15
-- ppc_update_hash_1x
-+ #
-+ # Remainng blocks
-+ #
-+__Finish_ghash:
-+ PROCESS_8X_AES_STATES
-
-- # * should store only the remaining bytes.
-- bl Write_partial_block
-+ # Compute ghash here
-+ vxor 15, 15, 0
-+ PPC_GFMUL128_8x
-
-- b aes_gcm_out
-+ # Update IV and Xi
-+ xxlor 30+32, 9, 9 # last ctr
-+ vadduwm 30, 30, 31 # increase ctr
-+ stxvb16x 32+0, 0, 8 # update Xi
-
--#
--# Write partial block
--# r9 - output
--# r12 - remaining bytes
--# v15 - partial input data
--#
--Write_partial_block:
-- li 10, 192
-- stxvb16x 15+32, 10, 1 # last block
-+ addi 5, 5, -128
-+ addi 11, 11, 128
-
-- #add 10, 9, 11 # Output
-- addi 10, 9, -1
-- addi 16, 1, 191
-+ #
-+ # Done 8x blocks
-+ #
-
-- mtctr 12 # remaining bytes
-- li 15, 0
-+ cmpdi 5, 0
-+ beq aes_gcm_out
-
--Write_last_byte:
-- lbzu 14, 1(16)
-- stbu 14, 1(10)
-- bdnz Write_last_byte
-- blr
-+__Process_more_enc:
-+ li 24, 1 # encrypt
-+ bl aes_gcm_crypt_1x
-+ cmpdi 5, 0
-+ beq aes_gcm_out
-
--aes_gcm_out:
-- # out = state
-- stxvb16x 32, 0, 8 # write out Xi
-- add 3, 11, 12 # return count
-+ bl __Process_partial
-+ b aes_gcm_out
-
-- li 9, 256
-- lvx 20, 9, 1
-- addi 9, 9, 16
-- lvx 21, 9, 1
-- addi 9, 9, 16
-- lvx 22, 9, 1
-- addi 9, 9, 16
-- lvx 23, 9, 1
-- addi 9, 9, 16
-- lvx 24, 9, 1
-- addi 9, 9, 16
-- lvx 25, 9, 1
-- addi 9, 9, 16
-- lvx 26, 9, 1
-- addi 9, 9, 16
-- lvx 27, 9, 1
-- addi 9, 9, 16
-- lvx 28, 9, 1
-- addi 9, 9, 16
-- lvx 29, 9, 1
-- addi 9, 9, 16
-- lvx 30, 9, 1
-- addi 9, 9, 16
-- lvx 31, 9, 1
--
-- ld 0, 528(1)
-- ld 14,112(1)
-- ld 15,120(1)
-- ld 16,128(1)
-- ld 17,136(1)
-- ld 18,144(1)
-- ld 19,152(1)
-- ld 20,160(1)
-- ld 21,168(1)
--
-- mtlr 0
-- addi 1, 1, 512
-- blr
-+.size ppc_aes_gcm_encrypt,.-ppc_aes_gcm_encrypt
-
--#
-+################################################################################
-+# ppc_aes_gcm_decrypt (const void *inp, void *out, size_t len,
-+# const char *rk, unsigned char iv[16], void *Xip);
- # 8x Decrypt
- #
-+################################################################################
- .global ppc_aes_gcm_decrypt
- .align 5
- ppc_aes_gcm_decrypt:
--_ppc_aes_gcm_decrypt:
--
-- stdu 1,-512(1)
-- mflr 0
--
-- std 14,112(1)
-- std 15,120(1)
-- std 16,128(1)
-- std 17,136(1)
-- std 18,144(1)
-- std 19,152(1)
-- std 20,160(1)
-- std 21,168(1)
-- li 9, 256
-- stvx 20, 9, 1
-- addi 9, 9, 16
-- stvx 21, 9, 1
-- addi 9, 9, 16
-- stvx 22, 9, 1
-- addi 9, 9, 16
-- stvx 23, 9, 1
-- addi 9, 9, 16
-- stvx 24, 9, 1
-- addi 9, 9, 16
-- stvx 25, 9, 1
-- addi 9, 9, 16
-- stvx 26, 9, 1
-- addi 9, 9, 16
-- stvx 27, 9, 1
-- addi 9, 9, 16
-- stvx 28, 9, 1
-- addi 9, 9, 16
-- stvx 29, 9, 1
-- addi 9, 9, 16
-- stvx 30, 9, 1
-- addi 9, 9, 16
-- stvx 31, 9, 1
-- std 0, 528(1)
--
-- # Load Xi
-- lxvb16x 32, 0, 8 # load Xi
--
-- # load Hash - h^4, h^3, h^2, h
-- li 10, 32
-- lxvd2x 2+32, 10, 8 # H Poli
-- li 10, 48
-- lxvd2x 3+32, 10, 8 # Hl
-- li 10, 64
-- lxvd2x 4+32, 10, 8 # H
-- li 10, 80
-- lxvd2x 5+32, 10, 8 # Hh
--
-- li 10, 96
-- lxvd2x 6+32, 10, 8 # H^2l
-- li 10, 112
-- lxvd2x 7+32, 10, 8 # H^2
-- li 10, 128
-- lxvd2x 8+32, 10, 8 # H^2h
-+.localentry ppc_aes_gcm_decrypt, 0
-
-- li 10, 144
-- lxvd2x 9+32, 10, 8 # H^3l
-- li 10, 160
-- lxvd2x 10+32, 10, 8 # H^3
-- li 10, 176
-- lxvd2x 11+32, 10, 8 # H^3h
--
-- li 10, 192
-- lxvd2x 12+32, 10, 8 # H^4l
-- li 10, 208
-- lxvd2x 13+32, 10, 8 # H^4
-- li 10, 224
-- lxvd2x 14+32, 10, 8 # H^4h
-+ SAVE_REGS
-+ LOAD_HASH_TABLE
-
- # initialize ICB: GHASH( IV ), IV - r7
- lxvb16x 30+32, 0, 7 # load IV - v30
-
-- mr 12, 5 # length
-- li 11, 0 # block index
-+ mr 14, 3
-+ mr 9, 4
-
- # counter 1
- vxor 31, 31, 31
- vspltisb 22, 1
- vsldoi 31, 31, 22,1 # counter 1
-
-- # load round key to VSR
-- lxv 0, 0(6)
-- lxv 1, 0x10(6)
-- lxv 2, 0x20(6)
-- lxv 3, 0x30(6)
-- lxv 4, 0x40(6)
-- lxv 5, 0x50(6)
-- lxv 6, 0x60(6)
-- lxv 7, 0x70(6)
-- lxv 8, 0x80(6)
-- lxv 9, 0x90(6)
-- lxv 10, 0xa0(6)
-+ addis 11, 2, permx\@toc\@ha
-+ addi 11, 11, permx\@toc\@l
-+ lxv 10, 0(11) # vs10: vpermxor vector
-+ li 11, 0
-
-- # load rounds - 10 (128), 12 (192), 14 (256)
-- lwz 9,240(6)
-+ lxv 0, 0(6) # round key 0
-
- #
-- # vxor state, state, w # addroundkey
-- xxlor 32+29, 0, 0
-- vxor 15, 30, 29 # IV + round key - add round key 0
--
-- cmpdi 9, 10
-- beq Loop_aes_gcm_8x_dec
--
-- # load 2 more round keys (v11, v12)
-- lxv 11, 0xb0(6)
-- lxv 12, 0xc0(6)
--
-- cmpdi 9, 12
-- beq Loop_aes_gcm_8x_dec
--
-- # load 2 more round keys (v11, v12, v13, v14)
-- lxv 13, 0xd0(6)
-- lxv 14, 0xe0(6)
-- cmpdi 9, 14
-- beq Loop_aes_gcm_8x_dec
--
-- b aes_gcm_out
-+ # Process different blocks
-+ #
-+ cmpdi 5, 128
-+ blt __Process_more_dec
-+
-+ # load 9 round keys
-+ lxv 32+23, 16(6) # round key 1
-+ lxv 32+24, 32(6) # round key 2
-+ lxv 32+25, 48(6) # round key 3
-+ lxv 32+26, 64(6) # round key 4
-+ lxv 32+27, 80(6) # round key 5
-+ lxv 32+28, 96(6) # round key 6
-+ lxv 32+29, 112(6) # round key 7
-+ lxv 32+1, 128(6) # round key 8
-
--.align 5
--Loop_aes_gcm_8x_dec:
-- mr 14, 3
-- mr 9, 4
-+ # load rounds - 10 (128), 12 (192), 14 (256)
-+ lwz 23, 240(6) # n rounds
-
-- # n blocks
-+__Process_decrypt:
-+#
-+# Process 8x AES/GCM blocks
-+#
-+__Process_8x_dec:
-+ # 8x blocks
- li 10, 128
-- divdu 10, 5, 10 # n 128 bytes-blocks
-- cmpdi 10, 0
-- beq Loop_last_block_dec
--
-- vaddudm 30, 30, 31 # IV + counter
-- vxor 16, 30, 29
-- vaddudm 30, 30, 31
-- vxor 17, 30, 29
-- vaddudm 30, 30, 31
-- vxor 18, 30, 29
-- vaddudm 30, 30, 31
-- vxor 19, 30, 29
-- vaddudm 30, 30, 31
-- vxor 20, 30, 29
-- vaddudm 30, 30, 31
-- vxor 21, 30, 29
-- vaddudm 30, 30, 31
-- vxor 22, 30, 29
--
-- mtctr 10
-+ divdu 12, 5, 10 # n 128 bytes-blocks
-+
-+ addi 12, 12, -1 # loop - 1
-+
-+ vmr 15, 30 # first state: IV
-+ vadduwm 16, 15, 31 # state + counter
-+ vadduwm 17, 16, 31
-+ vadduwm 18, 17, 31
-+ vadduwm 19, 18, 31
-+ vadduwm 20, 19, 31
-+ vadduwm 21, 20, 31
-+ vadduwm 22, 21, 31
-+ xxlor 9, 32+22, 32+22 # save last state
-+
-+ # vxor state, state, w # addroundkey
-+ xxlxor 32+15, 32+15, 0 # IV + round key - add round key 0
-+ xxlxor 32+16, 32+16, 0
-+ xxlxor 32+17, 32+17, 0
-+ xxlxor 32+18, 32+18, 0
-+ xxlxor 32+19, 32+19, 0
-+ xxlxor 32+20, 32+20, 0
-+ xxlxor 32+21, 32+21, 0
-+ xxlxor 32+22, 32+22, 0
-
- li 15, 16
- li 16, 32
-@@ -1142,297 +833,219 @@ Loop_aes_gcm_8x_dec:
- li 20, 96
- li 21, 112
-
-- lwz 10, 240(6)
--
--Loop_8x_block_dec:
--
-- lxvb16x 15, 0, 14 # load block
-- lxvb16x 16, 15, 14 # load block
-- lxvb16x 17, 16, 14 # load block
-- lxvb16x 18, 17, 14 # load block
-- lxvb16x 19, 18, 14 # load block
-- lxvb16x 20, 19, 14 # load block
-- lxvb16x 21, 20, 14 # load block
-- lxvb16x 22, 21, 14 # load block
-- addi 14, 14, 128
--
-- Loop_aes_middle8x
--
-- xxlor 23+32, 10, 10
--
-- cmpdi 10, 10
-- beq Do_last_aes_dec
--
-- # 192 bits
-- xxlor 24+32, 11, 11
--
-- vcipher 15, 15, 23
-- vcipher 16, 16, 23
-- vcipher 17, 17, 23
-- vcipher 18, 18, 23
-- vcipher 19, 19, 23
-- vcipher 20, 20, 23
-- vcipher 21, 21, 23
-- vcipher 22, 22, 23
--
-- vcipher 15, 15, 24
-- vcipher 16, 16, 24
-- vcipher 17, 17, 24
-- vcipher 18, 18, 24
-- vcipher 19, 19, 24
-- vcipher 20, 20, 24
-- vcipher 21, 21, 24
-- vcipher 22, 22, 24
--
-- xxlor 23+32, 12, 12
--
-- cmpdi 10, 12
-- beq Do_last_aes_dec
--
-- # 256 bits
-- xxlor 24+32, 13, 13
--
-- vcipher 15, 15, 23
-- vcipher 16, 16, 23
-- vcipher 17, 17, 23
-- vcipher 18, 18, 23
-- vcipher 19, 19, 23
-- vcipher 20, 20, 23
-- vcipher 21, 21, 23
-- vcipher 22, 22, 23
--
-- vcipher 15, 15, 24
-- vcipher 16, 16, 24
-- vcipher 17, 17, 24
-- vcipher 18, 18, 24
-- vcipher 19, 19, 24
-- vcipher 20, 20, 24
-- vcipher 21, 21, 24
-- vcipher 22, 22, 24
--
-- xxlor 23+32, 14, 14
--
-- cmpdi 10, 14
-- beq Do_last_aes_dec
-- b aes_gcm_out
--
--Do_last_aes_dec:
--
- #
-- # last round
-- vcipherlast 15, 15, 23
-- vcipherlast 16, 16, 23
--
-- xxlxor 47, 47, 15
-- stxvb16x 47, 0, 9 # store output
-- xxlxor 48, 48, 16
-- stxvb16x 48, 15, 9 # store output
--
-- vcipherlast 17, 17, 23
-- vcipherlast 18, 18, 23
--
-- xxlxor 49, 49, 17
-- stxvb16x 49, 16, 9 # store output
-- xxlxor 50, 50, 18
-- stxvb16x 50, 17, 9 # store output
--
-- vcipherlast 19, 19, 23
-- vcipherlast 20, 20, 23
--
-- xxlxor 51, 51, 19
-- stxvb16x 51, 18, 9 # store output
-- xxlxor 52, 52, 20
-- stxvb16x 52, 19, 9 # store output
--
-- vcipherlast 21, 21, 23
-- vcipherlast 22, 22, 23
--
-- xxlxor 53, 53, 21
-- stxvb16x 53, 20, 9 # store output
-- xxlxor 54, 54, 22
-- stxvb16x 54, 21, 9 # store output
--
-- addi 9, 9, 128
--
-- xxlor 15+32, 15, 15
-- xxlor 16+32, 16, 16
-- xxlor 17+32, 17, 17
-- xxlor 18+32, 18, 18
-- xxlor 19+32, 19, 19
-- xxlor 20+32, 20, 20
-- xxlor 21+32, 21, 21
-- xxlor 22+32, 22, 22
--
-- # ghash here
-- ppc_aes_gcm_ghash2_4x
--
-- xxlor 27+32, 0, 0
-- vaddudm 30, 30, 31 # IV + counter
-- vmr 29, 30
-- vxor 15, 30, 27 # add round key
-- vaddudm 30, 30, 31
-- vxor 16, 30, 27
-- vaddudm 30, 30, 31
-- vxor 17, 30, 27
-- vaddudm 30, 30, 31
-- vxor 18, 30, 27
-- vaddudm 30, 30, 31
-- vxor 19, 30, 27
-- vaddudm 30, 30, 31
-- vxor 20, 30, 27
-- vaddudm 30, 30, 31
-- vxor 21, 30, 27
-- vaddudm 30, 30, 31
-- vxor 22, 30, 27
-- addi 12, 12, -128
-- addi 11, 11, 128
--
-- bdnz Loop_8x_block_dec
--
-- vmr 30, 29
--
--Loop_last_block_dec:
-- cmpdi 12, 0
-- beq aes_gcm_out
--
-- # loop last few blocks
-- li 10, 16
-- divdu 10, 12, 10
--
-- mtctr 10
--
-- lwz 10,240(6)
--
-- cmpdi 12, 16
-- blt Final_block_dec
--
--Next_rem_block_dec:
-- lxvb16x 15, 0, 14 # load block
--
-- Loop_aes_middle_1x
--
-- xxlor 23+32, 10, 10
--
-- cmpdi 10, 10
-- beq Do_next_1x_dec
--
-- # 192 bits
-- xxlor 24+32, 11, 11
--
-- vcipher 15, 15, 23
-- vcipher 15, 15, 24
--
-- xxlor 23+32, 12, 12
--
-- cmpdi 10, 12
-- beq Do_next_1x_dec
--
-- # 256 bits
-- xxlor 24+32, 13, 13
--
-- vcipher 15, 15, 23
-- vcipher 15, 15, 24
-+ # Pre-compute first 8 AES state and leave 1/3/5 more rounds
-+ # for the loop.
-+ #
-+ addi 22, 23, -9 # process 8 keys
-+ mtctr 22 # AES key loop
-+ addi 10, 6, 144
-
-- xxlor 23+32, 14, 14
-+ LOOP_8AES_STATE # process 8 AES keys
-
-- cmpdi 10, 14
-- beq Do_next_1x_dec
-+__PreLoop_aes_state_dec:
-+ lxv 32+1, 0(10) # round key
-+ AES_CIPHER_8x 1
-+ addi 10, 10, 16
-+ bdnz __PreLoop_aes_state_dec
-+ lxv 32+1, 0(10) # last round key (v1)
-
--Do_next_1x_dec:
-- vcipherlast 15, 15, 23
-+ cmpdi 12, 0 # Only one loop (8 block)
-+ beq __Finish_ghash_dec
-
-- xxlxor 47, 47, 15
-- stxvb16x 47, 0, 9 # store output
-- addi 14, 14, 16
-- addi 9, 9, 16
--
-- xxlor 28+32, 15, 15
-- ppc_update_hash_1x
-+#
-+# Loop 8x blocks and compute ghash
-+#
-+__Loop_8x_block_dec:
-+ vcipherlast 15, 15, 1
-+ vcipherlast 16, 16, 1
-+ vcipherlast 17, 17, 1
-+ vcipherlast 18, 18, 1
-+ vcipherlast 19, 19, 1
-+ vcipherlast 20, 20, 1
-+ vcipherlast 21, 21, 1
-+ vcipherlast 22, 22, 1
-+
-+ lxvb16x 32+23, 0, 14 # load block
-+ lxvb16x 32+24, 15, 14 # load block
-+ lxvb16x 32+25, 16, 14 # load block
-+ lxvb16x 32+26, 17, 14 # load block
-+ lxvb16x 32+27, 18, 14 # load block
-+ lxvb16x 32+28, 19, 14 # load block
-+ lxvb16x 32+29, 20, 14 # load block
-+ lxvb16x 32+30, 21, 14 # load block
-+ addi 14, 14, 128
-+
-+ vxor 15, 15, 23
-+ vxor 16, 16, 24
-+ vxor 17, 17, 25
-+ vxor 18, 18, 26
-+ vxor 19, 19, 27
-+ vxor 20, 20, 28
-+ vxor 21, 21, 29
-+ vxor 22, 22, 30
-+
-+ stxvb16x 47, 0, 9 # store output
-+ stxvb16x 48, 15, 9 # store output
-+ stxvb16x 49, 16, 9 # store output
-+ stxvb16x 50, 17, 9 # store output
-+ stxvb16x 51, 18, 9 # store output
-+ stxvb16x 52, 19, 9 # store output
-+ stxvb16x 53, 20, 9 # store output
-+ stxvb16x 54, 21, 9 # store output
-+
-+ addi 9, 9, 128
-+
-+ vmr 15, 23
-+ vmr 16, 24
-+ vmr 17, 25
-+ vmr 18, 26
-+ vmr 19, 27
-+ vmr 20, 28
-+ vmr 21, 29
-+ vmr 22, 30
-
-- addi 12, 12, -16
-- addi 11, 11, 16
-- xxlor 19+32, 0, 0
-- vaddudm 30, 30, 31 # IV + counter
-- vxor 15, 30, 19 # add round key
-+ # ghash here
-+ vxor 15, 15, 0
-+ PPC_GFMUL128_8x
-+
-+ xxlor 32+15, 9, 9 # last state
-+ vadduwm 15, 15, 31 # state + counter
-+ vadduwm 16, 15, 31
-+ vadduwm 17, 16, 31
-+ vadduwm 18, 17, 31
-+ vadduwm 19, 18, 31
-+ vadduwm 20, 19, 31
-+ vadduwm 21, 20, 31
-+ vadduwm 22, 21, 31
-+ xxlor 9, 32+22, 32+22 # save last state
-+
-+ xxlor 32+27, 0, 0 # restore roundkey 0
-+ vxor 15, 15, 27 # IV + round key - add round key 0
-+ vxor 16, 16, 27
-+ vxor 17, 17, 27
-+ vxor 18, 18, 27
-+ vxor 19, 19, 27
-+ vxor 20, 20, 27
-+ vxor 21, 21, 27
-+ vxor 22, 22, 27
-+
-+ addi 5, 5, -128
-+ addi 11, 11, 128
-
-- bdnz Next_rem_block_dec
-+ lxv 32+23, 16(6) # round key 1
-+ lxv 32+24, 32(6) # round key 2
-+ lxv 32+25, 48(6) # round key 3
-+ lxv 32+26, 64(6) # round key 4
-+ lxv 32+27, 80(6) # round key 5
-+ lxv 32+28, 96(6) # round key 6
-+ lxv 32+29, 112(6) # round key 7
-+ lxv 32+1, 128(6) # round key 8
-+
-+ LOOP_8AES_STATE # process 8 AES keys
-+ mtctr 22 # AES key loop
-+ addi 10, 6, 144
-+__LastLoop_aes_state_dec:
-+ lxv 32+1, 0(10) # round key
-+ AES_CIPHER_8x 1
-+ addi 10, 10, 16
-+ bdnz __LastLoop_aes_state_dec
-+ lxv 32+1, 0(10) # last round key (v1)
-
-+ addi 12, 12, -1
- cmpdi 12, 0
-- beq aes_gcm_out
--
--Final_block_dec:
-- Loop_aes_middle_1x
--
-- xxlor 23+32, 10, 10
--
-- cmpdi 10, 10
-- beq Do_final_1x_dec
--
-- # 192 bits
-- xxlor 24+32, 11, 11
--
-- vcipher 15, 15, 23
-- vcipher 15, 15, 24
--
-- xxlor 23+32, 12, 12
--
-- cmpdi 10, 12
-- beq Do_final_1x_dec
--
-- # 256 bits
-- xxlor 24+32, 13, 13
--
-- vcipher 15, 15, 23
-- vcipher 15, 15, 24
--
-- xxlor 23+32, 14, 14
--
-- cmpdi 10, 14
-- beq Do_final_1x_dec
--
--Do_final_1x_dec:
-- vcipherlast 15, 15, 23
--
-- lxvb16x 15, 0, 14 # load block
-- xxlxor 47, 47, 15
-+ bne __Loop_8x_block_dec
-+
-+__Finish_ghash_dec:
-+ vcipherlast 15, 15, 1
-+ vcipherlast 16, 16, 1
-+ vcipherlast 17, 17, 1
-+ vcipherlast 18, 18, 1
-+ vcipherlast 19, 19, 1
-+ vcipherlast 20, 20, 1
-+ vcipherlast 21, 21, 1
-+ vcipherlast 22, 22, 1
-+
-+ lxvb16x 32+23, 0, 14 # load block
-+ lxvb16x 32+24, 15, 14 # load block
-+ lxvb16x 32+25, 16, 14 # load block
-+ lxvb16x 32+26, 17, 14 # load block
-+ lxvb16x 32+27, 18, 14 # load block
-+ lxvb16x 32+28, 19, 14 # load block
-+ lxvb16x 32+29, 20, 14 # load block
-+ lxvb16x 32+30, 21, 14 # load block
-+ addi 14, 14, 128
-+
-+ vxor 15, 15, 23
-+ vxor 16, 16, 24
-+ vxor 17, 17, 25
-+ vxor 18, 18, 26
-+ vxor 19, 19, 27
-+ vxor 20, 20, 28
-+ vxor 21, 21, 29
-+ vxor 22, 22, 30
-+
-+ stxvb16x 47, 0, 9 # store output
-+ stxvb16x 48, 15, 9 # store output
-+ stxvb16x 49, 16, 9 # store output
-+ stxvb16x 50, 17, 9 # store output
-+ stxvb16x 51, 18, 9 # store output
-+ stxvb16x 52, 19, 9 # store output
-+ stxvb16x 53, 20, 9 # store output
-+ stxvb16x 54, 21, 9 # store output
-+ addi 9, 9, 128
-+
-+ vxor 15, 23, 0
-+ vmr 16, 24
-+ vmr 17, 25
-+ vmr 18, 26
-+ vmr 19, 27
-+ vmr 20, 28
-+ vmr 21, 29
-+ vmr 22, 30
-+
-+ #vxor 15, 15, 0
-+ PPC_GFMUL128_8x
-+
-+ xxlor 30+32, 9, 9 # last ctr
-+ vadduwm 30, 30, 31 # increase ctr
-+ stxvb16x 32+0, 0, 8 # update Xi
-+
-+ addi 5, 5, -128
-+ addi 11, 11, 128
-
-- # create partial block mask
-- li 15, 16
-- sub 15, 15, 12 # index to the mask
-+ #
-+ # Done 8x blocks
-+ #
-
-- vspltisb 16, -1 # first 16 bytes - 0xffff...ff
-- vspltisb 17, 0 # second 16 bytes - 0x0000...00
-- li 10, 192
-- stvx 16, 10, 1
-- addi 10, 10, 16
-- stvx 17, 10, 1
-+ cmpdi 5, 0
-+ beq aes_gcm_out
-
-- addi 10, 1, 192
-- lxvb16x 16, 15, 10 # load block mask
-- xxland 47, 47, 16
-+__Process_more_dec:
-+ li 24, 0 # decrypt
-+ bl aes_gcm_crypt_1x
-+ cmpdi 5, 0
-+ beq aes_gcm_out
-
-- xxlor 28+32, 15, 15
-- ppc_update_hash_1x
-+ bl __Process_partial
-+ b aes_gcm_out
-+.size ppc_aes_gcm_decrypt,.-ppc_aes_gcm_decrypt
-
-- # * should store only the remaining bytes.
-- bl Write_partial_block
-+aes_gcm_out:
-+.localentry aes_gcm_out,0
-
-- b aes_gcm_out
-+ mr 3, 11 # return count
-
-+ RESTORE_REGS
-+ blr
-+.size aes_gcm_out,.-aes_gcm_out
-
-+.rodata
-+.align 4
-+# for vector permute and xor
-+permx:
-+.long 0x4c5d6e7f, 0x08192a3b, 0xc4d5e6f7, 0x8091a2b3
- ___
-
--foreach (split("\n",$code)) {
-- s/\`([^\`]*)\`/eval $1/geo;
--
-- if ($flavour =~ /le$/o) { # little-endian
-- s/le\?//o or
-- s/be\?/#be#/o;
-- } else {
-- s/le\?/#le#/o or
-- s/be\?//o;
-- }
-- print $_,"\n";
--}
--
--close STDOUT or die "error closing STDOUT: $!"; # enforce flush
-+print $code;
-+close STDOUT or die "error closing STDOUT: $!";
diff --git a/0073-CVE-2026-2673.patch b/0073-CVE-2026-2673.patch
deleted file mode 100644
index a5defe0..0000000
--- a/0073-CVE-2026-2673.patch
+++ /dev/null
@@ -1,423 +0,0 @@
-From 9c5f04d1a9cc067bb8a6a1181d3d42bfd0a62762 Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <openssl-users@dukhovni.org>
-Date: Tue, 17 Feb 2026 18:37:06 +1100
-Subject: [PATCH] Fix group tuple handling in DEFAULT expansion
-
-Also fine-tune docs and add tests.
-
-Fixes: #30109
-Fixes: CVE-2026-2673
-
-Reviewed-by: Matt Caswell <matt@openssl.foundation>
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-MergeDate: Fri Mar 13 12:44:06 2026
-(Merged from https://github.com/openssl/openssl/pull/30110)
----
- doc/man3/SSL_CTX_set1_curves.pod | 123 +++++++++++++++++++++----------
- ssl/t1_lib.c | 95 ++++++++++++++----------
- test/tls13groupselection_test.c | 36 +++++++--
- 3 files changed, 172 insertions(+), 82 deletions(-)
-
-diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod
-index 017eefd317..472d385831 100755
---- a/doc/man3/SSL_CTX_set1_curves.pod
-+++ b/doc/man3/SSL_CTX_set1_curves.pod
-@@ -40,13 +40,13 @@ SSL_get1_curves, SSL_get_shared_curve, SSL_CTX_get0_implemented_groups
-
- For all of the functions below that set the supported groups there must be at
- least one group in the list. A number of these functions identify groups via a
--unique integer NID value. However, support for some groups may be added by
--external providers. In this case there will be no NID assigned for the group.
-+unique integer B<NID> value. However, support for some groups may be added by
-+external providers. In this case there will be no B<NID> assigned for the group.
- When setting such groups applications should use the "list" form of these
- functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list()).
-
- SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen>
--groups in the array B<glist>. The array consist of all NIDs of supported groups.
-+groups in the array B<glist>. The array consist of all B<NIDs> of supported groups.
- The supported groups for B<TLSv1.3> include:
- B<NID_X9_62_prime256v1>,
- B<NID_secp384r1>,
-@@ -73,20 +73,27 @@ B<SSL_OP_CIPHER_SERVER_PREFERENCE> is set, the order of the elements in the
- array determines the selected group. Otherwise, the order is ignored and the
- client's order determines the selection.
-
--For a TLS 1.3 server, the groups determine the selected group, but
--selection is more complex. A TLS 1.3 client sends both a group list as well as a
--predicted subset of groups. Choosing a group outside the predicted subset incurs
--an extra roundtrip. However, in some situations, the most preferred group may
--not be predicted. OpenSSL considers all supported groups in I<clist> to be comparable
--in security and prioritizes avoiding roundtrips above either client or server
--preference order. If an application uses an external provider to extend OpenSSL
--with, e.g., a post-quantum algorithm, this behavior may allow a network attacker
--to downgrade connections to a weaker algorithm. It is therefore recommended
--to use SSL_CTX_set1_groups_list() with the ability to specify group tuples.
-+For a TLS 1.3 server, the groups determine the selected group, but selection is
-+more complex.
-+A TLS 1.3 client sends both a group list and predicted keyshares for a subset
-+of groups.
-+A server choosing a group outside the client's predicted subset incurs an extra
-+roundtrip.
-+However, in some situations, the most preferred group may not be predicted.
-+
-+When groups are specified via SSL_CTX_set1_groups() as a list of B<NID>
-+values, OpenSSL considers all supported groups in I<clist> to be comparable in
-+security and prioritises avoiding roundtrips above either client or server
-+preference order.
-+If an application uses an external provider to extend OpenSSL with, e.g., a
-+post-quantum algorithm, this behavior may allow a network attacker to downgrade
-+connections to a weaker algorithm.
-+It is therefore recommended to use SSL_CTX_set1_groups_list() instead, making
-+it possible to specify group tuples as described below.
-
- SSL_CTX_set1_groups_list() sets the supported groups for B<ctx> to
- string I<list>. In contrast to SSL_CTX_set1_groups(), the names of the
--groups, rather than their NIDs, are used.
-+groups, rather than their B<NIDs>, are used.
-
- The commands below list the available groups for TLS 1.2 and TLS 1.3,
- respectively:
-@@ -102,30 +109,72 @@ The preferred group names are those defined by
- L<IANA|https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>.
-
- The I<list> can be used to define several group tuples of comparable security
--levels, and can specify which key shares should be sent by a client.
--The specified list elements can optionally be ignored, if not implemented
-+levels, and can specify which predicted key shares should be sent by a client.
-+Group tuples are used by OpenSSL TLS servers to decide whether to request a
-+stronger keyshare than those predicted by sending a Hello Retry Request
-+(B<HRR>) even if some of the predicted groups are supported.
-+OpenSSL clients ignore tuple boundaries, and pay attenion only to the overall
-+order of I<list> elements and which groups are selected as predicted keyshares
-+as described below.
-+
-+The specified list elements can optionally be ignored if not implemented
- (listing unknown groups otherwise results in error).
--It is also possible to specify the built-in default set of groups, and to explicitly
--remove a group from that list.
--
--In its simplest form, the string I<list> is just a colon separated list
--of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". The first
--group listed will also be used for the B<key_share> sent by a client in a
--TLSv1.3 B<ClientHello>. For servers note the discussion above. The list should
--be in order of preference with the most preferred group first.
--
--Group tuples of comparable security are defined by separating them from each
--other by a tuple separator C</>. Keyshares to be sent by a client are specified
--by prepending a C<*> to the group name, while any C<*> will be ignored by a
--server. The following string I<list> for example defines three tuples when
--used on the server-side, and triggers the generation of three key shares
--when used on the client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048.
--
--If a group name is preceded with the C<?> character, it will be ignored if an
--implementation is missing. If a group name is preceded with the C<-> character, it
--will be removed from the list of groups if present (including not sending a
--key share for this group), ignored otherwise. The pseudo group name
--C<DEFAULT> can be used to select the OpenSSL built-in default list of groups.
-+It is also possible to specify the built-in default set of groups, and to
-+explicitly remove a group from that list.
-+
-+In its simplest legacy form, the string I<list> is just a colon separated list
-+of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048".
-+The first group listed will in this case be used as the sole predicted
-+B<key_share> sent by a client in a TLSv1.3 B<ClientHello>.
-+The list should be in order of preference with the most preferred group first.
-+
-+A more expressive syntax supports definition of group tuples of comparable
-+security by separating them from each other with C</> characters.
-+
-+The predicted keyshares to be sent by clients can be explicitly specified by
-+adding a C<*> prefix to the associated group name.
-+These C<*> prefixes are ignored by servers.
-+
-+If a group name is prefixed with the C<?> character, it will be ignored if an
-+implementation is missing.
-+Otherwise, listing an unknown group name will cause a failure to parse the
-+I<list>.
-+Note that whether a group is known or not may depend on the OpenSSL version,
-+how OpenSSL was compiled and/or which providers are loaded.
-+Make sure you have the correct spelling of the group name and when in doubt
-+prefix it with a C<?> to handle configurations in which it might nevertheless
-+be unknown.
-+
-+If a group name is prefixed with the C<-> character, it will be removed from
-+the list of groups specified up to that point.
-+It can be added again if specified later.
-+Removal of groups that have not been included earlier in the list is silently
-+ignored.
-+
-+The pseudo group name C<DEFAULT> can be used to select the OpenSSL built-in
-+default list of groups.
-+Prepending one or more groups to C<DEFAULT> using only C<:> separators prepends those
-+groups to the built-in default list's first tuple.
-+Additional tuples can be prepended by use of the C</> separator.
-+Appending a set of groups to C<DEFAULT> using only C<:> separators appends those
-+groups to the built-in default list's last tuple.
-+Additional tuples can be appended by use of the C</> separator.
-+
-+The B<DEFAULT> list selects B<X25519MLKEM768> as one of the predicted keyshares.
-+In rare cases this can lead to failures or timeouts because the resulting
-+larger TLS Client Hello message may no longer fit in a single TCP segment and
-+firewall software may erroneously disrupt the TLS handshake.
-+If this is an issue or concern, prepending C<?X25519MLKEM768:> without a C<*>
-+prefix leads to its occurrence in the default list to be ignored as a duplicate,
-+and along with that also the keyshare prediction.
-+The group will then only be selected by servers that specifically expect it,
-+after a Hello Retry Request (HRR).
-+Servers that specifically prefer B<X25519MLKEM768>, are much less likely to be
-+found behind problematic firewalls.
-+
-+The following string I<list> for example defines three tuples when used on the
-+server-side, and triggers the generation of three key shares when used on the
-+client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048.
-
- For a TLS 1.3 client, all the groups in the string I<list> are added to the
- supported groups extension of a C<ClientHello>, in the order in which they are listed,
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 2f71f95438..8a8c9ba9d1 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -211,7 +211,7 @@ static const uint16_t suiteb_curves[] = {
-
- /* Group list string of the built-in pseudo group DEFAULT_SUITE_B */
- #define SUITE_B_GROUP_NAME "DEFAULT_SUITE_B"
--#define SUITE_B_GROUP_LIST "secp256r1:secp384r1",
-+#define SUITE_B_GROUP_LIST "?secp256r1:?secp384r1",
-
- struct provider_ctx_data_st {
- SSL_CTX *ctx;
-@@ -1237,8 +1237,8 @@ typedef struct {
- size_t ksidcnt; /* Number of key shares */
- uint16_t *ksid_arr; /* The IDs of the key share groups (flat list) */
- /* Variable to keep state between execution of callback or helper functions */
-- size_t tuple_mode; /* Keeps track whether tuple_cb called from 'the top' or from gid_cb */
-- int ignore_unknown_default; /* Flag such that unknown groups for DEFAULT[_XYZ] are ignored */
-+ int inner; /* Are we expanding a DEFAULT list */
-+ int first; /* First tuple of possibly nested expansion? */
- } gid_cb_st;
-
- /* Forward declaration of tuple callback function */
-@@ -1313,16 +1313,16 @@ static int gid_cb(const char *elem, int len, void *arg)
- for (i = 0; i < OSSL_NELEM(default_group_strings); i++) {
- if ((size_t)len == (strlen(default_group_strings[i].list_name))
- && OPENSSL_strncasecmp(default_group_strings[i].list_name, elem, len) == 0) {
-+ int saved_first;
-+
- /*
- * We're asked to insert an entire list of groups from a
- * DEFAULT[_XYZ] 'pseudo group' which we do by
- * recursively calling this function (indirectly via
- * CONF_parse_list and tuple_cb); essentially, we treat a DEFAULT
- * group string like a tuple which is appended to the current tuple
-- * rather then starting a new tuple. Variable tuple_mode is the flag which
-- * controls append tuple vs start new tuple.
-+ * rather then starting a new tuple.
- */
--
- if (ignore_unknown || remove_group)
- return -1; /* removal or ignore not allowed here -> syntax error */
-
-@@ -1347,15 +1347,17 @@ static int gid_cb(const char *elem, int len, void *arg)
- strlen(default_group_strings[i].group_string));
- restored_default_group_string[strlen(default_group_strings[i].group_string) +
- restored_prefix_index] = '\0';
-- /* We execute the recursive call */
-- garg->ignore_unknown_default = 1; /* We ignore unknown groups for DEFAULT_XYZ */
-- /* we enforce group mode (= append tuple) for DEFAULT_XYZ group lists */
-- garg->tuple_mode = 0;
-- /* We use the tuple_cb callback to process the pseudo group tuple */
-+ /*
-+ * Append first tuple of result to current tuple, and don't
-+ * terminate the last tuple until we return to a top-level
-+ * tuple_cb.
-+ */
-+ saved_first = garg->first;
-+ garg->inner = garg->first = 1;
- retval = CONF_parse_list(restored_default_group_string,
-- TUPLE_DELIMITER_CHARACTER, 1, tuple_cb, garg);
-- garg->tuple_mode = 1; /* next call to tuple_cb will again start new tuple */
-- garg->ignore_unknown_default = 0; /* reset to original value */
-+ TUPLE_DELIMITER_CHARACTER, 1, tuple_cb, garg);
-+ garg->inner = 0;
-+ garg->first = saved_first;
- /* We don't need the \0-terminated string anymore */
- OPENSSL_free(restored_default_group_string);
-
-@@ -1375,9 +1377,6 @@ static int gid_cb(const char *elem, int len, void *arg)
- if (len == 0)
- return -1; /* Seems we have prefxes without a group name -> syntax error */
-
-- if (garg->ignore_unknown_default == 1) /* Always ignore unknown groups for DEFAULT[_XYZ] */
-- ignore_unknown = 1;
--
- /* Memory management in case more groups are present compared to initial allocation */
- if (garg->gidcnt == garg->gidmax) {
- uint16_t *tmp =
-@@ -1513,7 +1512,7 @@ static int gid_cb(const char *elem, int len, void *arg)
- /* and update the book keeping for the number of groups in current tuple */
- garg->tuplcnt_arr[garg->tplcnt]++;
-
-- /* We memorize if needed that we want to add a key share for the current group */
-+ /* We want to add a key share for the current group */
- if (add_keyshare)
- garg->ksid_arr[garg->ksidcnt++] = gid;
- }
-@@ -1522,6 +1521,39 @@ done:
- return retval;
- }
-
-+static int grow_tuples(gid_cb_st *garg)
-+{
-+ static size_t max_tplcnt = (~(size_t)0) / sizeof(size_t);
-+
-+ /* This uses OPENSSL_realloc_array() in newer releases */
-+ if (garg->tplcnt == garg->tplmax) {
-+ size_t newcnt = garg->tplmax + GROUPLIST_INCREMENT;
-+ size_t newsz = newcnt * sizeof(size_t);
-+ size_t *tmp;
-+
-+ if (newsz > max_tplcnt
-+ || (tmp = OPENSSL_realloc(garg->tuplcnt_arr, newsz)) == NULL)
-+ return 0;
-+
-+ garg->tplmax = newcnt;
-+ garg->tuplcnt_arr = tmp;
-+ }
-+ return 1;
-+}
-+
-+static int close_tuple(gid_cb_st *garg)
-+{
-+ size_t gidcnt = garg->tuplcnt_arr[garg->tplcnt];
-+
-+ if (gidcnt == 0)
-+ return 1;
-+ if (!grow_tuples(garg))
-+ return 0;
-+
-+ garg->tuplcnt_arr[++garg->tplcnt] = 0;
-+ return 1;
-+}
-+
- /* Extract and process a tuple of groups */
- static int tuple_cb(const char *tuple, int len, void *arg)
- {
-@@ -1535,17 +1567,9 @@ static int tuple_cb(const char *tuple, int len, void *arg)
- return 0;
- }
-
-- /* Memory management for tuples */
-- if (garg->tplcnt == garg->tplmax) {
-- size_t *tmp =
-- OPENSSL_realloc(garg->tuplcnt_arr,
-- (garg->tplmax + GROUPLIST_INCREMENT) * sizeof(*garg->tuplcnt_arr));
--
-- if (tmp == NULL)
-- return 0;
-- garg->tplmax += GROUPLIST_INCREMENT;
-- garg->tuplcnt_arr = tmp;
-- }
-+ if (garg->inner && !garg->first && !close_tuple(garg))
-+ return 0;
-+ garg->first = 0;
-
- /* Convert to \0-terminated string */
- restored_tuple_string = OPENSSL_malloc((len + 1 /* \0 */) * sizeof(char));
-@@ -1560,15 +1584,8 @@ static int tuple_cb(const char *tuple, int len, void *arg)
- /* We don't need the \o-terminated string anymore */
- OPENSSL_free(restored_tuple_string);
-
-- if (garg->tuplcnt_arr[garg->tplcnt] > 0) { /* Some valid groups are present in current tuple... */
-- if (garg->tuple_mode) {
-- /* We 'close' the tuple */
-- garg->tplcnt++;
-- garg->tuplcnt_arr[garg->tplcnt] = 0; /* Next tuple is initialized to be empty */
-- garg->tuple_mode = 1; /* next call will start a tuple (unless overridden in gid_cb) */
-- }
-- }
--
-+ if (!garg->inner && !close_tuple(garg))
-+ return 0;
- return retval;
- }
-
-@@ -1599,8 +1616,6 @@ int tls1_set_groups_list(SSL_CTX *ctx,
- }
-
- memset(&gcb, 0, sizeof(gcb));
-- gcb.tuple_mode = 1; /* We prepare to collect the first tuple */
-- gcb.ignore_unknown_default = 0;
- gcb.gidmax = GROUPLIST_INCREMENT;
- gcb.tplmax = GROUPLIST_INCREMENT;
- gcb.ksidmax = GROUPLIST_INCREMENT;
-diff --git a/test/tls13groupselection_test.c b/test/tls13groupselection_test.c
-index 351b3102c7..3c2814c54e 100644
---- a/test/tls13groupselection_test.c
-+++ b/test/tls13groupselection_test.c
-@@ -38,6 +38,12 @@ typedef enum SERVER_RESPONSE {
- SH = 2
- } SERVER_RESPONSE;
-
-+static const char *response_desc[] = {
-+ "HRR",
-+ "INIT",
-+ "SH",
-+};
-+
- static char *cert = NULL;
- static char *privkey = NULL;
-
-@@ -348,7 +354,26 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] =
- "X25519",
- SERVER_PREFERENCE,
- NEGOTIATION_FAILURE, INIT
-- }
-+ },
-+ /* DEFAULT retains tuple structure */
-+ { "*X25519:secp256r1",
-+ "secp256r1:DEFAULT", /* test 44 */
-+ SERVER_PREFERENCE,
-+ "secp256r1", HRR
-+ },
-+#ifndef OPENSSL_NO_DH
-+ { "*ffdhe2048:secp256r1",
-+ "DEFAULT:ffdhe4096", /* test 45 */
-+ CLIENT_PREFERENCE,
-+ "secp256r1", HRR
-+ },
-+ { "x25519:ffdhe2048:*ffdhe4096",
-+ "DEFAULT:ffdhe4096", /* test 46 */
-+ SERVER_PREFERENCE,
-+ "x25519",
-+ HRR
-+ },
-+#endif
- };
-
- static void server_response_check_cb(int write_p, int version,
-@@ -492,15 +517,16 @@ static int test_groupnegotiation(const struct tls13groupselection_test_st *curre
- group_name_client = SSL_group_to_name(clientssl, negotiated_group_client);
- if (!TEST_int_eq(negotiated_group_client, negotiated_group_server))
- goto end;
-- if (!TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response))
-+ if (!TEST_str_eq(response_desc[current_test_vector->expected_server_response],
-+ response_desc[server_response]))
- goto end;
- if (TEST_str_eq(group_name_client, current_test_vector->expected_group))
- ok = 1;
- } else {
- TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE));
-- if (test_type == TEST_NEGOTIATION_FAILURE &&
-- !TEST_int_eq((int)current_test_vector->expected_server_response,
-- (int)server_response))
-+ if (test_type == TEST_NEGOTIATION_FAILURE
-+ && !TEST_str_eq(response_desc[current_test_vector->expected_server_response],
-+ response_desc[server_response]))
- goto end;
- ok = 1;
- }
---
-2.53.0
-
diff --git a/0074-CVE-2026-28387.patch b/0074-CVE-2026-28387.patch
deleted file mode 100644
index bd70804..0000000
--- a/0074-CVE-2026-28387.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 444958deaf450aea819171f97ae69eaedede42c3 Mon Sep 17 00:00:00 2001
-From: Alexandr Nedvedicky <sashan@openssl.org>
-Date: Tue, 3 Mar 2026 13:23:46 +0100
-Subject: [PATCH] dane_match_cert() should X509_free() on ->mcert instead of
- OPENSSL_free()
-
-Fixes: 170b735820ac "DANE support for X509_verify_cert()"
-
-Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-MergeDate: Thu Mar 5 12:37:17 2026
-(Merged from https://github.com/openssl/openssl/pull/30250)
-
-(cherry picked from commit 8b5cd6a682f0f6e7b8bf55137137c567d1899c4a)
----
- crypto/x509/x509_vfy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 8f1b9f58cacdb..01ce14982d6e0 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -3016,7 +3016,7 @@ static int dane_match_cert(X509_STORE_CTX *ctx, X509 *cert, int depth)
- break;
- }
-
-- OPENSSL_free(dane->mcert);
-+ X509_free(dane->mcert);
- dane->mcert = cert;
- dane->mdpth = depth;
- dane->mtlsa = t;
diff --git a/0075-CVE-2026-28388.patch b/0075-CVE-2026-28388.patch
deleted file mode 100644
index ba92a70..0000000
--- a/0075-CVE-2026-28388.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From d3a901e8d9f021f3e67d6cfbc12e768129862726 Mon Sep 17 00:00:00 2001
-From: Daniel Kubec <kubec@openssl.org>
-Date: Tue, 17 Mar 2026 11:11:22 +0100
-Subject: [PATCH] Fix NULL Dereference When Delta CRL Lacks CRL Number
- Extension
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes CVE-2026-28388
-
-Co-authored-by: Igor Morgenstern <igor.morgenstern@aisle.com>
-
-Reviewed-by: Saša Nedvědický <sashan@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
-MergeDate: Mon Apr 6 19:27:16 2026
-(cherry picked from commit d6ad8595e86dc96ca8771f0a1714b31794befa75)
----
- crypto/x509/x509_vfy.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 01ce14982d6e0..d55141e014d84 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1308,6 +1308,8 @@ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
- if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
- return 0;
- /* Delta CRL number must exceed full CRL number */
-+ if (delta->crl_number == NULL)
-+ return 0;
- return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0;
- }
-
diff --git a/0076-CVE-2026-28389.patch b/0076-CVE-2026-28389.patch
deleted file mode 100644
index 26d13b4..0000000
--- a/0076-CVE-2026-28389.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From c30b9a4b6e3f3b6377c02964a936352f9e206a20 Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@openssl.org>
-Date: Mon, 16 Mar 2026 13:49:07 -0400
-Subject: [PATCH] Fix NULL deref in [ec]dh_cms_set_shared_info
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Multiple independent reports indicated a SIGSEGV was possible in CMS
-processing when a crafted CMS EnvelopedData message using A Key
-Agreement Recipient Info field. If the
-KeyEncryptionAlgorithmIdentifier omits the optional parameter field, the
-referenced functions above will attempt to dereference the
-alg->parameter data prior to checking if the parameter field is NULL.
-
-Confirmed to resolve the issues using the reproducers provided in the
-security reports.
-
-Co-authored-by: Tomas Mraz <tomas@openssl.foundation>
-
-Fixes CVE-2026-28389
-
-Reviewed-by: Saša Nedvědický <sashan@openssl.org>
-Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
-MergeDate: Mon Apr 6 19:07:41 2026
----
- crypto/cms/cms_dh.c | 13 +++++++++----
- crypto/cms/cms_ec.c | 14 ++++++++++----
- 2 files changed, 19 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
-index b49e5f7f53..9b19e675da 100644
---- a/crypto/cms/cms_dh.c
-+++ b/crypto/cms/cms_dh.c
-@@ -89,16 +89,21 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
- int keylen, plen;
- EVP_CIPHER *kekcipher = NULL;
- EVP_CIPHER_CTX *kekctx;
-+ const ASN1_OBJECT *aoid;
-+ const void *parameter = NULL;
-+ int ptype = 0;
- char name[OSSL_MAX_NAME_SIZE];
-
- if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
- goto err;
-
-+ X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg);
-+
- /*
- * For DH we only have one OID permissible. If ever any more get defined
- * we will need something cleverer.
- */
-- if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
-+ if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) {
- ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
- goto err;
- }
-@@ -107,11 +112,11 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
- || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
- goto err;
-
-- if (alg->parameter->type != V_ASN1_SEQUENCE)
-+ if (ptype != V_ASN1_SEQUENCE)
- goto err;
-
-- p = alg->parameter->value.sequence->data;
-- plen = alg->parameter->value.sequence->length;
-+ p = ASN1_STRING_get0_data(parameter);
-+ plen = ASN1_STRING_length(parameter);
- kekalg = d2i_X509_ALGOR(NULL, &p, plen);
- if (kekalg == NULL)
- goto err;
-diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
-index 6e9962ed6e..07456dcaa1 100644
---- a/crypto/cms/cms_ec.c
-+++ b/crypto/cms/cms_ec.c
-@@ -166,21 +166,27 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
- int plen, keylen;
- EVP_CIPHER *kekcipher = NULL;
- EVP_CIPHER_CTX *kekctx;
-+ const ASN1_OBJECT *aoid = NULL;
-+ int ptype = 0;
-+ const void *parameter = NULL;
-+
- char name[OSSL_MAX_NAME_SIZE];
-
- if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
- return 0;
-
-- if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
-+ X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg);
-+
-+ if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) {
- ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
- return 0;
- }
-
-- if (alg->parameter->type != V_ASN1_SEQUENCE)
-+ if (ptype != V_ASN1_SEQUENCE)
- return 0;
-
-- p = alg->parameter->value.sequence->data;
-- plen = alg->parameter->value.sequence->length;
-+ p = ASN1_STRING_get0_data(parameter);
-+ plen = ASN1_STRING_length(parameter);
- kekalg = d2i_X509_ALGOR(NULL, &p, plen);
- if (kekalg == NULL)
- goto err;
---
-2.53.0
-
diff --git a/0077-CVE-2026-28390.patch b/0077-CVE-2026-28390.patch
deleted file mode 100644
index ae72969..0000000
--- a/0077-CVE-2026-28390.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 6ee9a73e9f489faa546f09cfbf9c63c8f8798445 Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@openssl.org>
-Date: Wed, 1 Apr 2026 10:56:44 +0200
-Subject: [PATCH] Fix NULL deref in rsa_cms_decrypt
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Very simmilar to CVE-2026-28389, ensure that if we are missing
-parameters in RSA-OAEP SourceFunc in CMS KeyTransportRecipientInfo,
-we don't segfault when decrypting.
-
-Co-authored-by: Tomas Mraz <tomas@openssl.foundation>
-
-Fixes CVE-2026-28390
-
-Reviewed-by: Saša Nedvědický <sashan@openssl.org>
-Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
-MergeDate: Mon Apr 6 19:07:44 2026
----
- crypto/cms/cms_rsa.c | 31 +++++++++++++++++++------------
- 1 file changed, 19 insertions(+), 12 deletions(-)
-
-diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
-index f132df5c8a..a1e26d3c3d 100644
---- a/crypto/cms/cms_rsa.c
-+++ b/crypto/cms/cms_rsa.c
-@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
- X509_ALGOR *cmsalg;
- int nid;
- int rv = -1;
-- unsigned char *label = NULL;
-+ const unsigned char *label = NULL;
- int labellen = 0;
- const EVP_MD *mgf1md = NULL, *md = NULL;
- RSA_OAEP_PARAMS *oaep;
-+ const ASN1_OBJECT *aoid;
-+ const void *parameter = NULL;
-+ int ptype = 0;
-
- pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
- if (pkctx == NULL)
-@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
- goto err;
-
- if (oaep->pSourceFunc != NULL) {
-- X509_ALGOR *plab = oaep->pSourceFunc;
-+ X509_ALGOR_get0(&aoid, &ptype, ¶meter, oaep->pSourceFunc);
-
-- if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
-+ if (OBJ_obj2nid(aoid) != NID_pSpecified) {
- ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
- goto err;
- }
-- if (plab->parameter->type != V_ASN1_OCTET_STRING) {
-+ if (ptype != V_ASN1_OCTET_STRING) {
- ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
- goto err;
- }
-
-- label = plab->parameter->value.octet_string->data;
-- /* Stop label being freed when OAEP parameters are freed */
-- plab->parameter->value.octet_string->data = NULL;
-- labellen = plab->parameter->value.octet_string->length;
-+ label = ASN1_STRING_get0_data(parameter);
-+ labellen = ASN1_STRING_length(parameter);
- }
-
- if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
-@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
- goto err;
- if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
- goto err;
-- if (label != NULL
-- && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
-- OPENSSL_free(label);
-- goto err;
-+ if (label != NULL) {
-+ unsigned char *dup_label = OPENSSL_memdup(label, labellen);
-+
-+ if (dup_label == NULL)
-+ goto err;
-+
-+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
-+ OPENSSL_free(dup_label);
-+ goto err;
-+ }
- }
- /* Carry on */
- rv = 1;
---
-2.53.0
-
diff --git a/0078-CVE-2026-31789.patch b/0078-CVE-2026-31789.patch
deleted file mode 100644
index d24d846..0000000
--- a/0078-CVE-2026-31789.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 945b935ac66cc7f1a41f1b849c7c25adb5351f49 Mon Sep 17 00:00:00 2001
-From: Igor Ustinov <igus68@gmail.com>
-Date: Thu, 5 Mar 2026 15:47:34 +0100
-Subject: [PATCH] Avoid possible buffer overflow in buf2hex conversion
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes CVE-2026-31789
-
-Reviewed-by: Saša Nedvědický <sashan@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
-MergeDate: Mon Apr 6 19:39:23 2026
-(cherry picked from commit 3244aa4b9d6ea0220cc14fd97d951c67b5052837)
----
- crypto/o_str.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/o_str.c b/crypto/o_str.c
-index 35540630be25f..9b9e7751fdd9e 100644
---- a/crypto/o_str.c
-+++ b/crypto/o_str.c
-@@ -296,6 +296,11 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
- int has_sep = (sep != CH_ZERO);
- size_t i, len = has_sep ? buflen * 3 : 1 + buflen * 2;
-
-+ if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) {
-+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
-+ return 0;
-+ }
-+
- if (len == 0)
- ++len;
- if (strlength != NULL)
-@@ -339,7 +344,13 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
- if (buflen == 0)
- return OPENSSL_zalloc(1);
-
-- tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2;
-+ if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3)
-+ || (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) {
-+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
-+ return NULL;
-+ }
-+
-+ tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2;
- if ((tmp = OPENSSL_malloc(tmp_n)) == NULL)
- return NULL;
-
diff --git a/0079-CVE-2026-31790.patch b/0079-CVE-2026-31790.patch
deleted file mode 100644
index 5ce8aed..0000000
--- a/0079-CVE-2026-31790.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 001e01db3e996e13ffc72386fe79d03a6683b5ac Mon Sep 17 00:00:00 2001
-From: Nikola Pajkovsky <nikolap@openssl.org>
-Date: Thu, 19 Mar 2026 12:16:08 +0100
-Subject: [PATCH] rsa_kem: validate RSA_public_encrypt() result in RSASVE
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RSA_public_encrypt() returns the number of bytes written on success and
--1 on failure. With the existing `if (ret)` check, a provider-side RSA KEM
-encapsulation can incorrectly succeed when the underlying RSA public
-encrypt operation fails. In that case the code reports success, returns
-lengths as if encapsulation completed normally, and leaves the freshly
-generated secret available instead of discarding it.
-
-Tighten the success condition so RSASVE only succeeds when
-RSA_public_encrypt() returns a positive value equal to the modulus-sized
-output expected for RSA_NO_PADDING. Any other return value is treated as
-failure, and the generated secret is cleansed before returning.
-
-Fixes CVE-2026-31790
-Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
-
-Reviewed-by: Saša Nedvědický <sashan@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
-MergeDate: Mon Apr 6 19:51:30 2026
----
- providers/implementations/kem/rsa_kem.c | 20 +++++++++++---------
- 1 file changed, 11 insertions(+), 9 deletions(-)
-
-diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
-index f7bf368a0dfc7..74dfafddd9e06 100644
---- a/providers/implementations/kem/rsa_kem.c
-+++ b/providers/implementations/kem/rsa_kem.c
-@@ -316,17 +316,19 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
- return 0;
-
- /* Step(3): out = RSAEP((n,e), z) */
-- ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING);
-- if (ret) {
-- ret = 1;
-- if (outlen != NULL)
-- *outlen = nlen;
-- if (secretlen != NULL)
-- *secretlen = nlen;
-- } else {
-+ ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa,
-+ RSA_NO_PADDING);
-+ if (ret <= 0 || ret != (int)nlen) {
- OPENSSL_cleanse(secret, nlen);
-+ return 0;
- }
-- return ret;
-+
-+ if (outlen != NULL)
-+ *outlen = nlen;
-+ if (secretlen != NULL)
-+ *secretlen = nlen;
-+
-+ return 1;
- }
-
- /**
diff --git a/openssl.spec b/openssl.spec
index eb499bf..546343b 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -33,8 +33,8 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 3.5.4
-Release: 3%{?dist}
+Version: 3.5.7
+Release: 1%{?dist}
Epoch: 1
Source0: openssl-%{version}.tar.gz
Source1: fips-hmacify.sh
@@ -100,31 +100,8 @@ Patch0053: 0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch
%endif
Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
-Patch0056: 0056-apps-speed.c-Disable-testing-of-composite-signature-.patch
-Patch0057: 0057-apps-speed.c-Support-more-signature-algorithms.patch
-Patch0058: 0058-Add-targets-to-skip-build-of-non-installable-program.patch
-Patch0059: 0059-RSA_encrypt-decrypt-with-padding-NONE-is-not-support.patch
-Patch0060: 0060-CVE-2025-15467.patch
-Patch0061: 0061-CVE-2025-15468.patch
-Patch0062: 0062-CVE-2025-15469.patch
-Patch0063: 0063-CVE-2025-66199.patch
-Patch0064: 0064-CVE-2025-68160.patch
-Patch0065: 0065-CVE-2025-69418.patch
-Patch0066: 0066-CVE-2025-69420.patch
-Patch0067: 0067-CVE-2025-69421.patch
-Patch0068: 0068-CVE-2025-69419.patch
-Patch0069: 0069-CVE-2026-22795.patch
-Patch0070: 0070-CVE-2025-11187.patch
-Patch0071: 0071-Do-not-make-key-share-choice-in-tls1_set_groups.patch
-Patch0072: 0072-Fix-PPC-register-processing.patch
-Patch0073: 0073-CVE-2026-2673.patch
-Patch0074: 0074-CVE-2026-28387.patch
-Patch0075: 0075-CVE-2026-28388.patch
-Patch0076: 0076-CVE-2026-28389.patch
-Patch0077: 0077-CVE-2026-28390.patch
-Patch0078: 0078-CVE-2026-31789.patch
-Patch0079: 0079-CVE-2026-31790.patch
-
+Patch0056: 0056-Add-targets-to-skip-build-of-non-installable-program.patch
+Patch0057: 0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch
License: Apache-2.0
URL: http://www.openssl.org/
@@ -497,6 +474,24 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
%ldconfig_scriptlets libs
%changelog
+* Wed Jun 10 2026 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.7-1
+- Rebase to OpenSSL 3.5.7
+ Resolves: CVE-2026-45447
+ Resolves: CVE-2026-34182
+ Resolves: CVE-2026-34183
+ Resolves: CVE-2026-42764
+ Resolves: CVE-2026-45445
+ Resolves: CVE-2026-7383
+ Resolves: CVE-2026-9076
+ Resolves: CVE-2026-34180
+ Resolves: CVE-2026-34181
+ Resolves: CVE-2026-42766
+ Resolves: CVE-2026-42767
+ Resolves: CVE-2026-42768
+ Resolves: CVE-2026-42769
+ Resolves: CVE-2026-42770
+ Resolves: CVE-2026-45446
+
* Mon Apr 20 2026 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.4-3
- Backport security patches from OpenSSL 3.5.6
Resolves: CVE-2026-2673
diff --git a/sources b/sources
index 07e4fea..1fa392a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-3.5.4.tar.gz) = 365aca6f2e59b5c8261fba683425d177874cf6024b0d216ca309112b879c1f4e8da78617e23c3c95d0b4a26b83ecd0d8348038b999d30e597d19f466c4761227
+SHA512 (openssl-3.5.7.tar.gz) = de5351d2d532e1a3908a738f7d8aae448d32bc60bdb24808c556a24bc37a3f53daedf12b5d432eeb8c235e16939d842f908332ede8a447ca103ad1c493c820d7
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-10 13:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-10 13:39 [rpms/openssl] f43: Rebase to OpenSSL 3.5.7 Dmitry Belyavskiy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox