From b85bfec02173b16d9187f4ccf9bb47b662494c2b Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mar 08 2024 12:46:42 +0000 Subject: Regenerated patches from src-git --- diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 425c158..3b3a772 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -1,30 +1,29 @@ -From 66b728801f141c9db8e647ab02421c83694ade79 Mon Sep 17 00:00:00 2001 +From 8be4ef77c64fcada41041c00e02c34b07658ba66 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:27 +0200 -Subject: [PATCH 07/35] +Date: Wed, 6 Mar 2024 19:17:14 +0100 +Subject: [PATCH 07/49] 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch Patch-id: 7 Patch-status: | - # Add support for PROFILE=SYSTEM system default cipherlist -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # Add support for PROFILE=SYSTEM system default cipherlist +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- Configurations/unix-Makefile.tmpl | 5 ++ Configure | 11 +++- doc/man1/openssl-ciphers.pod.in | 9 ++++ include/openssl/ssl.h.in | 5 ++ - ssl/ssl_ciph.c | 87 +++++++++++++++++++++++++++---- + ssl/ssl_ciph.c | 86 +++++++++++++++++++++++++++---- ssl/ssl_lib.c | 4 +- test/cipherlist_test.c | 2 + - util/libcrypto.num | 1 + - 8 files changed, 110 insertions(+), 14 deletions(-) + 7 files changed, 109 insertions(+), 13 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index f29cdc7f38..c0df026de3 100644 +index 5d61ce9550..e9fba957f1 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man +@@ -324,6 +324,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -35,7 +34,7 @@ index f29cdc7f38..c0df026de3 100644 # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -@@ -338,6 +342,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} +@@ -347,6 +351,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} CPPFLAGS={- our $cppflags1 = join(" ", (map { "-D".$_} @{$config{CPPDEFINES}}), @@ -44,7 +43,7 @@ index f29cdc7f38..c0df026de3 100644 @{$config{CPPFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -} diff --git a/Configure b/Configure -index 456995240b..93be83be94 100755 +index cca1ac8d16..2ae1cd0bc2 100755 --- a/Configure +++ b/Configure @@ -27,7 +27,7 @@ use OpenSSL::config; @@ -67,7 +66,7 @@ index 456995240b..93be83be94 100755 # --banner=".." Output specified text instead of default completion banner # # -w Don't wait after showing a Configure warning -@@ -387,6 +391,7 @@ $config{prefix}=""; +@@ -394,6 +398,7 @@ $config{prefix}=""; $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; @@ -75,7 +74,7 @@ index 456995240b..93be83be94 100755 my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; -@@ -989,6 +994,10 @@ while (@argvcopy) +@@ -1047,6 +1052,10 @@ while (@argvcopy) die "FIPS key too long (64 bytes max)\n" if length $1 > 64; } @@ -87,10 +86,10 @@ index 456995240b..93be83be94 100755 { $banner = $1 . "\n"; diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in -index 658730ec53..04e66bcebe 100644 +index d4df30686f..cec4835268 100644 --- a/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in -@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. +@@ -190,6 +190,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. The cipher suites not enabled by B, currently B. @@ -107,10 +106,10 @@ index 658730ec53..04e66bcebe 100644 "High" encryption cipher suites. This currently means those with key lengths diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index f03f52fbd8..0b6de603e2 100644 +index 9f91039f8a..fc34d4ca61 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in -@@ -208,6 +208,11 @@ extern "C" { +@@ -209,6 +209,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) */ @@ -123,10 +122,10 @@ index f03f52fbd8..0b6de603e2 100644 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 93de9cf8fd..a5e60e8839 100644 +index 8360991ce4..33c23efb0d 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c -@@ -1443,6 +1443,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) +@@ -1455,6 +1455,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) return ret; } @@ -180,7 +179,7 @@ index 93de9cf8fd..a5e60e8839 100644 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, -@@ -1457,15 +1504,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1469,15 +1516,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; const SSL_METHOD *ssl_method = ctx->method; @@ -208,7 +207,16 @@ index 93de9cf8fd..a5e60e8839 100644 /* * To reduce the work to do we only want to process the compiled -@@ -1553,8 +1610,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1499,7 +1556,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + if (num_of_ciphers > 0) { + co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); + if (co_list == NULL) +- return NULL; /* Failure */ ++ goto err; + } + + ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, +@@ -1565,8 +1622,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -218,7 +226,16 @@ index 93de9cf8fd..a5e60e8839 100644 } /* -@@ -1626,8 +1681,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1611,7 +1667,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); + if (ca_list == NULL) { + OPENSSL_free(co_list); +- return NULL; /* Failure */ ++ goto err; + } + ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, + disabled_mkey, disabled_auth, disabled_enc, +@@ -1637,8 +1693,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -228,7 +245,7 @@ index 93de9cf8fd..a5e60e8839 100644 } /* -@@ -1635,10 +1689,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1646,10 +1701,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -244,7 +261,7 @@ index 93de9cf8fd..a5e60e8839 100644 /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1690,6 +1747,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1701,6 +1759,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, *cipher_list = cipherstack; return cipherstack; @@ -260,10 +277,10 @@ index 93de9cf8fd..a5e60e8839 100644 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index f12ad6d034..a059bcd83b 100644 +index cf59d2dfa5..1329841aaf 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -661,7 +661,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) +@@ -700,7 +700,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->tls13_ciphersuites, &(ctx->cipher_list), &(ctx->cipher_list_by_id), @@ -272,7 +289,7 @@ index f12ad6d034..a059bcd83b 100644 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -3286,7 +3286,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, +@@ -3966,7 +3966,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, @@ -282,10 +299,10 @@ index f12ad6d034..a059bcd83b 100644 ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err; diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c -index 2d166e2b46..4ff2aa12d6 100644 +index c46e431b00..19d05e860b 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c -@@ -246,7 +246,9 @@ end: +@@ -261,7 +261,9 @@ end: int setup_tests(void) { @@ -296,26 +313,5 @@ index 2d166e2b46..4ff2aa12d6 100644 ADD_TEST(test_default_cipherlist_clear); ADD_TEST(test_stdname_cipherlist); -- -2.41.0 +2.44.0 -diff -up openssl-3.2.0/ssl/ssl_ciph.c.7patch openssl-3.2.0/ssl/ssl_ciph.c ---- openssl-3.2.0/ssl/ssl_ciph.c.7patch 2023-11-30 13:43:03.510620566 +0100 -+++ openssl-3.2.0/ssl/ssl_ciph.c 2023-11-30 13:44:21.275313230 +0100 -@@ -1556,7 +1556,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - if (num_of_ciphers > 0) { - co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); - if (co_list == NULL) -- return NULL; /* Failure */ -+ goto err; - } - - ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1667,7 +1667,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); - if (ca_list == NULL) { - OPENSSL_free(co_list); -- return NULL; /* Failure */ -+ goto err; - } - ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, - disabled_mkey, disabled_auth, disabled_enc, diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch index b5ebe99..6738304 100644 --- a/0033-FIPS-embed-hmac.patch +++ b/0033-FIPS-embed-hmac.patch @@ -1,30 +1,32 @@ -From e364a858262c8f563954544cc81e66f1b3b8db8c Mon Sep 17 00:00:00 2001 +From 831d0025257fd3746ab3fe30c05dbbfc0043f78e Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Thu, 19 Oct 2023 13:12:40 +0200 -Subject: [PATCH 16/46] 0033-FIPS-embed-hmac.patch +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 16/49] 0033-FIPS-embed-hmac.patch Patch-name: 0033-FIPS-embed-hmac.patch Patch-id: 33 Patch-status: | # # Embed HMAC into the fips.so -From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911 + # Modify fips self test as per + # https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - providers/fips/self_test.c | 70 ++++++++++++++++++++++++--- - test/fipsmodule.cnf | 2 + - test/recipes/00-prep_fipsmodule_cnf.t | 2 +- - test/recipes/01-test_fipsmodule_cnf.t | 2 +- - test/recipes/03-test_fipsinstall.t | 2 +- - test/recipes/30-test_defltfips.t | 2 +- - test/recipes/80-test_ssl_new.t | 2 +- - test/recipes/90-test_sslapi.t | 2 +- - 8 files changed, 71 insertions(+), 13 deletions(-) + providers/fips/self_test.c | 204 ++++++++++++++++++++++++-- + test/fipsmodule.cnf | 2 + + test/recipes/00-prep_fipsmodule_cnf.t | 2 +- + test/recipes/01-test_fipsmodule_cnf.t | 2 +- + test/recipes/03-test_fipsinstall.t | 2 +- + test/recipes/30-test_defltfips.t | 2 +- + test/recipes/80-test_ssl_new.t | 2 +- + test/recipes/90-test_sslapi.t | 2 +- + 8 files changed, 200 insertions(+), 18 deletions(-) create mode 100644 test/fipsmodule.cnf diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c -index b8dc9817b2..e3a629018a 100644 +index b8dc9817b2..28f536d13c 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c -@@ -230,11 +230,27 @@ err: +@@ -230,11 +230,133 @@ err: return ok; } @@ -40,6 +42,7 @@ index b8dc9817b2..e3a629018a 100644 * the result matches the expected value. * Return 1 if verified, or 0 if it fails. */ ++ +#ifndef __USE_GNU +#define __USE_GNU +#include @@ -49,10 +52,115 @@ index b8dc9817b2..e3a629018a 100644 +#endif +#include + ++static int verify_integrity_rodata(OSSL_CORE_BIO *bio, ++ OSSL_FUNC_BIO_read_ex_fn read_ex_cb, ++ unsigned char *expected, size_t expected_len, ++ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, ++ const char *event_type) ++{ ++ int ret = 0, status; ++ unsigned char out[MAX_MD_SIZE]; ++ unsigned char buf[INTEGRITY_BUF_SIZE]; ++ size_t bytes_read = 0, out_len = 0; ++ EVP_MAC *mac = NULL; ++ EVP_MAC_CTX *ctx = NULL; ++ OSSL_PARAM params[2], *p = params; ++ Dl_info info; ++ void *extra_info = NULL; ++ struct link_map *lm = NULL; ++ unsigned long paddr; ++ unsigned long off = 0; ++ ++ if (expected_len != HMAC_LEN) ++ goto err; ++ ++ if (!integrity_self_test(ev, libctx)) ++ goto err; ++ ++ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); ++ ++ if (!dladdr1 ((const void *)fips_hmac_container, ++ &info, &extra_info, RTLD_DL_LINKMAP)) ++ goto err; ++ lm = extra_info; ++ paddr = (unsigned long)fips_hmac_container - lm->l_addr; ++ ++ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); ++ if (mac == NULL) ++ goto err; ++ ctx = EVP_MAC_CTX_new(mac); ++ if (ctx == NULL) ++ goto err; ++ ++ *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0); ++ *p = OSSL_PARAM_construct_end(); ++ ++ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) ++ goto err; ++ ++ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { ++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ if (off < paddr) { ++ int delta = paddr - off; ++ status = read_ex_cb(bio, buf, delta, &bytes_read); ++ if (status != 1) ++ goto err; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ /* read away the buffer */ ++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); ++ if (status != 1) ++ goto err; ++ ++ /* check that it is the expect bytes, no point in continuing otherwise */ ++ if (memcmp(expected, buf, HMAC_LEN) != 0) ++ goto err; ++ ++ /* replace in-file HMAC buffer with the original zeros */ ++ memset(buf, 0, HMAC_LEN); ++ if (!EVP_MAC_update(ctx, buf, HMAC_LEN)) ++ goto err; ++ off += HMAC_LEN; ++ ++ while (bytes_read > 0) { ++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) ++ goto err; ++ ++ OSSL_SELF_TEST_oncorrupt_byte(ev, out); ++ if (expected_len != out_len ++ || memcmp(expected, out, out_len) != 0) ++ goto err; ++ ret = 1; ++err: ++ OPENSSL_cleanse(out, MAX_MD_SIZE); ++ OSSL_SELF_TEST_onend(ev, ret); ++ EVP_MAC_CTX_free(ctx); ++ EVP_MAC_free(mac); ++ return ret; ++} ++ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, unsigned char *expected, size_t expected_len, OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -@@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex +@@ -247,12 +369,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex EVP_MAC *mac = NULL; EVP_MAC_CTX *ctx = NULL; OSSL_PARAM params[2], *p = params; @@ -76,7 +184,7 @@ index b8dc9817b2..e3a629018a 100644 mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); if (mac == NULL) goto err; -@@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex +@@ -266,13 +399,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) goto err; @@ -84,12 +192,12 @@ index b8dc9817b2..e3a629018a 100644 - status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); + while ((off + INTEGRITY_BUF_SIZE) <= paddr) { + status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) -+ break; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; + if (status != 1) + break; + if (!EVP_MAC_update(ctx, buf, bytes_read)) + goto err; + off += bytes_read; -+ } + } + + if (off + INTEGRITY_BUF_SIZE > paddr) { + int delta = paddr - off; @@ -111,17 +219,17 @@ index b8dc9817b2..e3a629018a 100644 + + while (bytes_read > 0) { + status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); - if (status != 1) - break; - if (!EVP_MAC_update(ctx, buf, bytes_read)) - goto err; ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; + off += bytes_read; - } ++ } + if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) goto err; -@@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex +@@ -282,6 +444,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex goto err; ret = 1; err: @@ -129,7 +237,7 @@ index b8dc9817b2..e3a629018a 100644 OSSL_SELF_TEST_onend(ev, ret); EVP_MAC_CTX_free(ctx); EVP_MAC_free(mac); -@@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -335,8 +498,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) return 0; } @@ -139,19 +247,57 @@ index b8dc9817b2..e3a629018a 100644 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); goto end; } -@@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -345,8 +507,14 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) if (ev == NULL) goto end; - module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, - &checksum_len); -+ module_checksum = fips_hmac_container; -+ checksum_len = sizeof(fips_hmac_container); ++ if (st->module_checksum_data == NULL) { ++ module_checksum = fips_hmac_container; ++ checksum_len = sizeof(fips_hmac_container); ++ } else { ++ module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, ++ &checksum_len); ++ } + if (module_checksum == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; -@@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -354,14 +522,27 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb"); + + /* Always check the integrity of the fips module */ +- if (bio_module == NULL +- || !verify_integrity(bio_module, st->bio_read_ex_cb, +- module_checksum, checksum_len, st->libctx, +- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { ++ if (bio_module == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); + goto end; + } +- ++ if (st->module_checksum_data == NULL) { ++ if (!verify_integrity_rodata(bio_module, st->bio_read_ex_cb, ++ module_checksum, checksum_len, ++ st->libctx, ev, ++ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); ++ goto end; ++ } ++ } else { ++ if (!verify_integrity(bio_module, st->bio_read_ex_cb, ++ module_checksum, checksum_len, ++ st->libctx, ev, ++ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); ++ goto end; ++ } ++ } + /* This will be NULL during installation - so the self test KATS will run */ + if (st->indicator_data != NULL) { + /* +@@ -420,7 +601,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) end: EVP_RAND_free(testrand); OSSL_SELF_TEST_free(ev); @@ -220,7 +366,7 @@ index c8f145405b..56a2ec5dc4 100644 plan tests => ($no_fips ? 1 : 5); diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t -index 0c6d6402d9..e45f9cb560 100644 +index 195b85ea8c..92d48dbf7d 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -27,7 +27,7 @@ setup("test_ssl_new"); @@ -233,7 +379,7 @@ index 0c6d6402d9..e45f9cb560 100644 $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t -index 9e9e32b51e..1a1a7159b5 100644 +index 18d9f3d204..71780d8caa 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -17,7 +17,7 @@ setup("test_sslapi"); @@ -246,183 +392,5 @@ index 9e9e32b51e..1a1a7159b5 100644 my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); -- -2.41.0 +2.44.0 -diff -up openssl-3.2.0/providers/fips/self_test.c.fix-self-test openssl-3.2.0/providers/fips/self_test.c ---- openssl-3.2.0/providers/fips/self_test.c.fix-self-test 2024-02-01 17:36:27.970983419 +0100 -+++ openssl-3.2.0/providers/fips/self_test.c 2024-02-01 17:39:19.788685051 +0100 -@@ -242,6 +242,7 @@ static const unsigned char __attribute__ - * the result matches the expected value. - * Return 1 if verified, or 0 if it fails. - */ -+ - #ifndef __USE_GNU - #define __USE_GNU - #include -@@ -251,6 +252,111 @@ static const unsigned char __attribute__ - #endif - #include - -+static int verify_integrity_rodata(OSSL_CORE_BIO *bio, -+ OSSL_FUNC_BIO_read_ex_fn read_ex_cb, -+ unsigned char *expected, size_t expected_len, -+ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -+ const char *event_type) -+{ -+ int ret = 0, status; -+ unsigned char out[MAX_MD_SIZE]; -+ unsigned char buf[INTEGRITY_BUF_SIZE]; -+ size_t bytes_read = 0, out_len = 0; -+ EVP_MAC *mac = NULL; -+ EVP_MAC_CTX *ctx = NULL; -+ OSSL_PARAM params[2], *p = params; -+ Dl_info info; -+ void *extra_info = NULL; -+ struct link_map *lm = NULL; -+ unsigned long paddr; -+ unsigned long off = 0; -+ -+ if (expected_len != HMAC_LEN) -+ goto err; -+ -+ if (!integrity_self_test(ev, libctx)) -+ goto err; -+ -+ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); -+ -+ if (!dladdr1 ((const void *)fips_hmac_container, -+ &info, &extra_info, RTLD_DL_LINKMAP)) -+ goto err; -+ lm = extra_info; -+ paddr = (unsigned long)fips_hmac_container - lm->l_addr; -+ -+ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); -+ if (mac == NULL) -+ goto err; -+ ctx = EVP_MAC_CTX_new(mac); -+ if (ctx == NULL) -+ goto err; -+ -+ *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0); -+ *p = OSSL_PARAM_construct_end(); -+ -+ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) -+ goto err; -+ -+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { -+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) -+ break; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ -+ if (off < paddr) { -+ int delta = paddr - off; -+ status = read_ex_cb(bio, buf, delta, &bytes_read); -+ if (status != 1) -+ goto err; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ -+ /* read away the buffer */ -+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); -+ if (status != 1) -+ goto err; -+ -+ /* check that it is the expect bytes, no point in continuing otherwise */ -+ if (memcmp(expected, buf, HMAC_LEN) != 0) -+ goto err; -+ -+ /* replace in-file HMAC buffer with the original zeros */ -+ memset(buf, 0, HMAC_LEN); -+ if (!EVP_MAC_update(ctx, buf, HMAC_LEN)) -+ goto err; -+ off += HMAC_LEN; -+ -+ while (bytes_read > 0) { -+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) -+ break; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ -+ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) -+ goto err; -+ -+ OSSL_SELF_TEST_oncorrupt_byte(ev, out); -+ if (expected_len != out_len -+ || memcmp(expected, out, out_len) != 0) -+ goto err; -+ ret = 1; -+err: -+ OPENSSL_cleanse(out, MAX_MD_SIZE); -+ OSSL_SELF_TEST_onend(ev, ret); -+ EVP_MAC_CTX_free(ctx); -+ EVP_MAC_free(mac); -+ return ret; -+} -+ - static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, - unsigned char *expected, size_t expected_len, - OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -diff -up openssl-3.2.0/providers/fips/self_test.c.fix-self-test openssl-3.2.0/providers/fips/self_test.c ---- openssl-3.2.0/providers/fips/self_test.c.fix-self-test 2024-02-01 17:40:54.926627242 +0100 -+++ openssl-3.2.0/providers/fips/self_test.c 2024-02-01 17:45:58.939636676 +0100 -@@ -527,14 +527,27 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb"); - - /* Always check the integrity of the fips module */ -- if (bio_module == NULL -- || !verify_integrity(bio_module, st->bio_read_ex_cb, -- module_checksum, checksum_len, st->libctx, -- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { -+ if (bio_module == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); - goto end; - } -- -+ if (st->module_checksum_data == NULL) { -+ if (!verify_integrity_rodata(bio_module, st->bio_read_ex_cb, -+ module_checksum, checksum_len, -+ st->libctx, ev, -+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); -+ goto end; -+ } -+ } else { -+ if (!verify_integrity(bio_module, st->bio_read_ex_cb, -+ module_checksum, checksum_len, -+ st->libctx, ev, -+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); -+ goto end; -+ } -+ } - /* This will be NULL during installation - so the self test KATS will run */ - if (st->indicator_data != NULL) { - /* -diff -up openssl-3.2.0/providers/fips/self_test.c.fips-self openssl-3.2.0/providers/fips/self_test.c ---- openssl-3.2.0/providers/fips/self_test.c.fips-self 2024-02-06 12:20:56.963719115 +0100 -+++ openssl-3.2.0/providers/fips/self_test.c 2024-02-06 12:22:23.705604045 +0100 -@@ -517,8 +517,13 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - if (ev == NULL) - goto end; - -- module_checksum = fips_hmac_container; -- checksum_len = sizeof(fips_hmac_container); -+ if (st->module_checksum_data == NULL) { -+ module_checksum = fips_hmac_container; -+ checksum_len = sizeof(fips_hmac_container); -+ } else { -+ module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, -+ &checksum_len); -+ } - - if (module_checksum == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch index befa23b..117e6b2 100644 --- a/0045-FIPS-services-minimize.patch +++ b/0045-FIPS-services-minimize.patch @@ -1,12 +1,13 @@ -From a9dc983f82cabe29d6b48f3af3e30e26074ce5cf Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 12:55:57 +0200 -Subject: [PATCH 21/48] 0045-FIPS-services-minimize.patch +From e25b25227043a2b2cf156527c31d7686a4265bf3 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 20/49] 0045-FIPS-services-minimize.patch Patch-name: 0045-FIPS-services-minimize.patch Patch-id: 45 Patch-status: | - # Minimize fips services + # # Minimize fips services +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- apps/ecparam.c | 7 +++ apps/req.c | 2 +- @@ -20,14 +21,14 @@ Patch-status: | test/evp_libctx_test.c | 9 +++- test/recipes/15-test_gendsa.t | 2 +- test/recipes/20-test_cli_fips.t | 3 +- - test/recipes/30-test_evp.t | 16 +++---- + test/recipes/30-test_evp.t | 20 ++++----- .../30-test_evp_data/evpmac_common.txt | 22 ++++++++++ test/recipes/80-test_cms.t | 22 +++++----- test/recipes/80-test_ssl_old.t | 2 +- - 16 files changed, 128 insertions(+), 47 deletions(-) + 16 files changed, 128 insertions(+), 51 deletions(-) diff --git a/apps/ecparam.c b/apps/ecparam.c -index 9e9ad13683..9c66cf2434 100644 +index 71f93c4ca5..347bf62d5c 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out) @@ -45,10 +46,10 @@ index 9e9ad13683..9c66cf2434 100644 comment = "CURVE DESCRIPTION NOT AVAILABLE"; if (sname == NULL) diff --git a/apps/req.c b/apps/req.c -index 23757044ab..5916914978 100644 +index 8995453dca..cb38e6aa64 100644 --- a/apps/req.c +++ b/apps/req.c -@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) +@@ -268,7 +268,7 @@ int req_main(int argc, char **argv) unsigned long chtype = MBSTRING_ASC, reqflag = 0; #ifndef OPENSSL_NO_DES @@ -58,10 +59,10 @@ index 23757044ab..5916914978 100644 opt_set_unknown_name("digest"); diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c -index ed37e76969..eb836dfa6a 100644 +index f7234615e4..0d4c0e3388 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c -@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list[][10] = { +@@ -189,9 +189,9 @@ static const OSSL_PARAM param_group_list[][10] = { TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), @@ -73,7 +74,7 @@ index ed37e76969..eb836dfa6a 100644 TLS_GROUP_ENTRY("brainpoolP256r1tls13", "brainpoolP256r1", "EC", 30), TLS_GROUP_ENTRY("brainpoolP384r1tls13", "brainpoolP384r1", "EC", 31), diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index 518226dfc6..29438faea8 100644 +index 7ec409710b..ec5bdd5a69 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) @@ -131,7 +132,7 @@ index 518226dfc6..29438faea8 100644 { NULL, NULL, NULL } }; -@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { +@@ -410,8 +413,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { #ifndef OPENSSL_NO_EC { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, # ifndef OPENSSL_NO_ECX @@ -143,7 +144,27 @@ index 518226dfc6..29438faea8 100644 # endif #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, -@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { +@@ -422,14 +426,16 @@ static const OSSL_ALGORITHM fips_keyexch[] = { + + static const OSSL_ALGORITHM fips_signature[] = { + #ifndef OPENSSL_NO_DSA +- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, ++ /* We don't certify DSA in our FIPS provider */ ++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },*/ + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, + #ifndef OPENSSL_NO_EC + # ifndef OPENSSL_NO_ECX +- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, + ossl_ed25519_signature_functions }, +- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, ++ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },*/ + # endif + { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, + #endif +@@ -460,8 +466,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { PROV_DESCS_DHX }, #endif #ifndef OPENSSL_NO_DSA @@ -155,7 +176,7 @@ index 518226dfc6..29438faea8 100644 #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, PROV_DESCS_RSA }, -@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { +@@ -471,14 +478,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, PROV_DESCS_EC }, # ifndef OPENSSL_NO_ECX @@ -230,10 +251,10 @@ index 2057378d3d..4b80bb70b9 100644 static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index d4261e8f7d..2a5504d104 100644 +index 22d93ead53..c1405f47ea 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -689,6 +689,19 @@ static int rsa_verify_recover(void *vprsactx, +@@ -686,6 +686,19 @@ static int rsa_verify_recover(void *vprsactx, { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; int ret; @@ -253,7 +274,7 @@ index d4261e8f7d..2a5504d104 100644 if (!ossl_prov_is_running()) return 0; -@@ -777,6 +790,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, +@@ -774,6 +787,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; size_t rslen; @@ -274,7 +295,7 @@ index d4261e8f7d..2a5504d104 100644 if (!ossl_prov_is_running()) return 0; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index a5e60e8839..f9af07d12b 100644 +index 33c23efb0d..113c204716 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) @@ -288,10 +309,10 @@ index a5e60e8839..f9af07d12b 100644 * We ignore any errors from the fetches below. They are expected to fail * if these algorithms are not available. diff --git a/test/acvp_test.c b/test/acvp_test.c -index fee880d441..13d7a0ea8b 100644 +index 45509095af..4a67519bb4 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c -@@ -1476,6 +1476,7 @@ int setup_tests(void) +@@ -1478,6 +1478,7 @@ int setup_tests(void) OSSL_NELEM(dh_safe_prime_keyver_data)); #endif /* OPENSSL_NO_DH */ @@ -299,7 +320,7 @@ index fee880d441..13d7a0ea8b 100644 #ifndef OPENSSL_NO_DSA ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); -@@ -1483,6 +1484,7 @@ int setup_tests(void) +@@ -1485,6 +1486,7 @@ int setup_tests(void) ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); #endif /* OPENSSL_NO_DSA */ @@ -308,10 +329,10 @@ index fee880d441..13d7a0ea8b 100644 #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); diff --git a/test/endecode_test.c b/test/endecode_test.c -index 9a437d8c64..53385028fc 100644 +index b53b7b715b..885e49a47c 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c -@@ -1407,6 +1407,7 @@ int setup_tests(void) +@@ -1419,6 +1419,7 @@ int setup_tests(void) * so no legacy tests. */ #endif @@ -319,7 +340,7 @@ index 9a437d8c64..53385028fc 100644 #ifndef OPENSSL_NO_DSA ADD_TEST_SUITE(DSA); ADD_TEST_SUITE_PARAMS(DSA); -@@ -1417,6 +1418,7 @@ int setup_tests(void) +@@ -1429,6 +1430,7 @@ int setup_tests(void) ADD_TEST_SUITE_PROTECTED_PVK(DSA); # endif #endif @@ -327,7 +348,7 @@ index 9a437d8c64..53385028fc 100644 #ifndef OPENSSL_NO_EC ADD_TEST_SUITE(EC); ADD_TEST_SUITE_PARAMS(EC); -@@ -1431,10 +1433,12 @@ int setup_tests(void) +@@ -1443,10 +1445,12 @@ int setup_tests(void) ADD_TEST_SUITE(ECExplicitTri2G); ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); # endif @@ -375,7 +396,7 @@ index 2448c35a14..a7913cda4c 100644 return 1; } diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t -index b495b08bda..69bd299521 100644 +index 4bc460784b..93052eb3e7 100644 --- a/test/recipes/15-test_gendsa.t +++ b/test/recipes/15-test_gendsa.t @@ -24,7 +24,7 @@ use lib bldtop_dir('.'); @@ -388,10 +409,10 @@ index b495b08bda..69bd299521 100644 plan tests => ($no_fips ? 0 : 2) # FIPS related tests diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t -index 6d3c5ba1bb..2ba47b5fca 100644 +index d4b4d4ca51..031814e8ff 100644 --- a/test/recipes/20-test_cli_fips.t +++ b/test/recipes/20-test_cli_fips.t -@@ -273,8 +273,7 @@ SKIP: { +@@ -278,8 +278,7 @@ SKIP: { } SKIP : { @@ -402,10 +423,10 @@ index 6d3c5ba1bb..2ba47b5fca 100644 subtest DSA => sub { my $testtext_prefix = 'DSA'; diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t -index 9d7040ced2..f8beb538d4 100644 +index eddca5c58e..36a192d041 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t -@@ -42,10 +42,8 @@ my @files = qw( +@@ -46,10 +46,8 @@ my @files = qw( evpciph_aes_cts.txt evpciph_aes_wrap.txt evpciph_aes_stitched.txt @@ -416,7 +437,23 @@ index 9d7040ced2..f8beb538d4 100644 evpkdf_pbkdf1.txt evpkdf_pbkdf2.txt evpkdf_ss.txt -@@ -91,6 +83,7 @@ my @defltfiles = qw( +@@ -69,15 +67,6 @@ push @files, qw( + evppkey_ffdhe.txt + evppkey_dh.txt + ) unless $no_dh; +-push @files, qw( +- evpkdf_x942_des.txt +- evpmac_cmac_des.txt +- ) unless $no_des; +-push @files, qw(evppkey_dsa.txt) unless $no_dsa; +-push @files, qw( +- evppkey_ecx.txt +- evppkey_mismatch_ecx.txt +- ) unless $no_ecx; + push @files, qw( + evppkey_ecc.txt + evppkey_ecdh.txt +@@ -97,6 +86,7 @@ my @defltfiles = qw( evpciph_cast5.txt evpciph_chacha.txt evpciph_des.txt @@ -424,7 +461,7 @@ index 9d7040ced2..f8beb538d4 100644 evpciph_idea.txt evpciph_rc2.txt evpciph_rc4.txt -@@ -114,10 +107,17 @@ my @defltfiles = qw( +@@ -121,13 +111,19 @@ my @defltfiles = qw( evpmd_whirlpool.txt evppbe_scrypt.txt evppbe_pkcs12.txt @@ -441,12 +478,15 @@ index 9d7040ced2..f8beb538d4 100644 + ) unless $no_des; push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec; - push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; +-push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; + push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; + push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; + push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt -index 93195df97c..315413cd9b 100644 +index e47023aae6..96a8febeef 100644 --- a/test/recipes/30-test_evp_data/evpmac_common.txt +++ b/test/recipes/30-test_evp_data/evpmac_common.txt -@@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C +@@ -363,6 +363,7 @@ IV = 7AE8E2CA4EC500012E58495C Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 Result = MAC_INIT_ERROR @@ -454,7 +494,7 @@ index 93195df97c..315413cd9b 100644 Title = KMAC Tests (From NIST) MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F -@@ -350,12 +351,14 @@ Ctrl = xof:0 +@@ -373,12 +374,14 @@ Ctrl = xof:0 OutputSize = 32 BlockSize = 168 @@ -469,7 +509,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -363,6 +366,7 @@ Custom = "My Tagged Application" +@@ -386,6 +389,7 @@ Custom = "My Tagged Application" Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 Ctrl = size:32 @@ -477,7 +517,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC +@@ -394,12 +398,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC OutputSize = 64 BlockSize = 136 @@ -492,7 +532,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -386,12 +392,14 @@ Ctrl = size:64 +@@ -409,12 +415,14 @@ Ctrl = size:64 Title = KMAC XOF Tests (From NIST) @@ -507,7 +547,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -399,6 +407,7 @@ Custom = "My Tagged Application" +@@ -422,6 +430,7 @@ Custom = "My Tagged Application" Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C XOF = 1 @@ -515,7 +555,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F +@@ -430,6 +439,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F XOF = 1 Ctrl = size:32 @@ -523,7 +563,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -414,6 +424,7 @@ Custom = "My Tagged Application" +@@ -437,6 +447,7 @@ Custom = "My Tagged Application" Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B XOF = 1 @@ -531,7 +571,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -421,6 +432,7 @@ Custom = "" +@@ -444,6 +455,7 @@ Custom = "" Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B XOF = 1 @@ -539,7 +579,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -431,6 +443,7 @@ XOF = 1 +@@ -454,6 +466,7 @@ XOF = 1 Title = KMAC long customisation string (from NIST ACVP) @@ -547,7 +587,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -441,12 +454,14 @@ XOF = 1 +@@ -464,12 +477,14 @@ XOF = 1 Title = KMAC XOF Tests via ctrl (From NIST) @@ -562,7 +602,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -454,6 +469,7 @@ Custom = "My Tagged Application" +@@ -477,6 +492,7 @@ Custom = "My Tagged Application" Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C Ctrl = xof:1 @@ -570,7 +610,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F +@@ -485,6 +501,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F Ctrl = xof:1 Ctrl = size:32 @@ -578,7 +618,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -469,6 +486,7 @@ Custom = "My Tagged Application" +@@ -492,6 +509,7 @@ Custom = "My Tagged Application" Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B Ctrl = xof:1 @@ -586,7 +626,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -476,6 +494,7 @@ Custom = "" +@@ -499,6 +517,7 @@ Custom = "" Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B Ctrl = xof:1 @@ -594,7 +634,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -486,6 +505,7 @@ Ctrl = xof:1 +@@ -509,6 +528,7 @@ Ctrl = xof:1 Title = KMAC long customisation string via ctrl (from NIST ACVP) @@ -602,7 +642,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -496,6 +516,7 @@ Ctrl = xof:1 +@@ -519,6 +539,7 @@ Ctrl = xof:1 Title = KMAC long customisation string negative test @@ -610,7 +650,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -504,6 +525,7 @@ Result = MAC_INIT_ERROR +@@ -527,6 +548,7 @@ Result = MAC_INIT_ERROR Title = KMAC output is too large @@ -619,7 +659,7 @@ index 93195df97c..315413cd9b 100644 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 40dd585c18..cbec426137 100644 +index 6a9792128b..4e368c730b 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -96,7 +96,7 @@ my @smime_pkcs7_tests = ( @@ -694,7 +734,7 @@ index 40dd585c18..cbec426137 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), -@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = ( +@@ -250,7 +250,7 @@ my @smime_pkcs7_tests = ( my @smime_cms_tests = ( @@ -703,7 +743,7 @@ index 40dd585c18..cbec426137 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", "-signer", $smrsa1, -@@ -261,7 +261,7 @@ my @smime_cms_tests = ( +@@ -263,7 +263,7 @@ my @smime_cms_tests = ( \&final_compare ], @@ -712,7 +752,7 @@ index 40dd585c18..cbec426137 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), -@@ -371,7 +371,7 @@ my @smime_cms_tests = ( +@@ -373,7 +373,7 @@ my @smime_cms_tests = ( \&final_compare ], @@ -735,58 +775,5 @@ index 50b74a1e29..e2dcb68fb5 100644 } -- -2.41.0 +2.44.0 -diff -up openssl-3.2.0/test/recipes/30-test_evp.t.patch openssl-3.2.0/test/recipes/30-test_evp.t ---- openssl-3.2.0/test/recipes/30-test_evp.t.patch 2023-12-06 15:33:27.843751147 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp.t 2023-12-06 15:34:27.585351920 +0100 -@@ -70,15 +70,6 @@ push @files, qw( - evppkey_dh.txt - ) unless $no_dh; - push @files, qw( -- evpkdf_x942_des.txt -- evpmac_cmac_des.txt -- ) unless $no_des; --push @files, qw(evppkey_dsa.txt) unless $no_dsa; --push @files, qw( -- evppkey_ecx.txt -- evppkey_mismatch_ecx.txt -- ) unless $no_ecx; --push @files, qw( - evppkey_ecc.txt - evppkey_ecdh.txt - evppkey_ecdsa.txt -diff -up openssl-3.2.0/providers/fips/fipsprov.c.patch-fips openssl-3.2.0/providers/fips/fipsprov.c ---- openssl-3.2.0/providers/fips/fipsprov.c.patch-fips 2023-12-06 15:49:08.711198219 +0100 -+++ openssl-3.2.0/providers/fips/fipsprov.c 2023-12-06 15:55:42.362078721 +0100 -@@ -426,14 +426,16 @@ static const OSSL_ALGORITHM fips_keyexch - - static const OSSL_ALGORITHM fips_signature[] = { - #ifndef OPENSSL_NO_DSA -- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, -+ /* We don't certify DSA in our FIPS provider */ -+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },*/ - #endif - { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, - #ifndef OPENSSL_NO_EC - # ifndef OPENSSL_NO_ECX -- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, -+ /* We don't certify Edwards curves in our FIPS provider */ -+ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, - ossl_ed25519_signature_functions }, -- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, -+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },*/ - # endif - { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, - #endif -diff -up openssl-3.2.0/test/recipes/30-test_evp.t.fips-min openssl-3.2.0/test/recipes/30-test_evp.t ---- openssl-3.2.0/test/recipes/30-test_evp.t.fips-min 2024-02-01 11:00:56.823687618 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp.t 2024-02-01 11:01:20.131934678 +0100 -@@ -124,7 +124,6 @@ push @defltfiles, qw( - ) unless $no_des; - push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; - push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec; --push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; - push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; - push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; - push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch index 7aa410e..655691b 100644 --- a/0049-Allow-disabling-of-SHA1-signatures.patch +++ b/0049-Allow-disabling-of-SHA1-signatures.patch @@ -1,13 +1,13 @@ -From 2e8388e06eafb703aeb315498915bf079561bdb5 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 13:07:07 +0200 -Subject: [PATCH 23/48] 0049-Allow-disabling-of-SHA1-signatures.patch +From 4f9167db05cade673f98f1a00efd57136e97b460 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 22/49] 0049-Allow-disabling-of-SHA1-signatures.patch Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch Patch-id: 49 Patch-status: | - # Selectively disallow SHA1 signatures rhbz#2070977 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # Selectively disallow SHA1 signatures rhbz#2070977 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/context.c | 14 ++++ crypto/evp/evp_cnf.c | 13 +++ @@ -27,10 +27,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd 15 files changed, 209 insertions(+), 9 deletions(-) diff --git a/crypto/context.c b/crypto/context.c -index 51002ba79a..e697974c9d 100644 +index fb4816d89b..c04920fe14 100644 --- a/crypto/context.c +++ b/crypto/context.c -@@ -78,6 +78,8 @@ struct ossl_lib_ctx_st { +@@ -83,6 +83,8 @@ struct ossl_lib_ctx_st { void *fips_prov; #endif @@ -39,7 +39,7 @@ index 51002ba79a..e697974c9d 100644 unsigned int ischild:1; }; -@@ -206,6 +208,10 @@ static int context_init(OSSL_LIB_CTX *ctx) +@@ -223,6 +225,10 @@ static int context_init(OSSL_LIB_CTX *ctx) goto err; #endif @@ -50,7 +50,7 @@ index 51002ba79a..e697974c9d 100644 /* Low priority. */ #ifndef FIPS_MODULE ctx->child_provider = ossl_child_prov_ctx_new(ctx); -@@ -334,6 +340,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) +@@ -366,6 +372,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) } #endif @@ -62,7 +62,7 @@ index 51002ba79a..e697974c9d 100644 /* Low priority. */ #ifndef FIPS_MODULE if (ctx->child_provider != NULL) { -@@ -625,6 +636,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) +@@ -663,6 +674,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) return ctx->fips_prov; #endif @@ -104,7 +104,7 @@ index 0e7fe64cf9..b9d3b6d226 100644 ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, "name=%s, value=%s", oval->name, oval->value); diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index 630d339c35..6e4e9f5ae7 100644 +index 3a979f4bd4..fd3a4b79df 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -15,6 +15,73 @@ @@ -181,7 +181,7 @@ index 630d339c35..6e4e9f5ae7 100644 #ifndef FIPS_MODULE -@@ -251,6 +318,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -253,6 +320,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } } @@ -201,7 +201,7 @@ index 630d339c35..6e4e9f5ae7 100644 if (signature->digest_verify_init == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index ce6e1a1ccb..003926247b 100644 +index 268b1617e3..248f655d0f 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -33,6 +33,7 @@ @@ -212,7 +212,7 @@ index ce6e1a1ccb..003926247b 100644 #include "evp_local.h" #ifndef FIPS_MODULE -@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, +@@ -951,6 +952,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, return -2; } @@ -258,10 +258,10 @@ index bd05736220..ed34ff4b9c 100644 The value is a boolean that can be B or B. If the value is diff --git a/include/crypto/context.h b/include/crypto/context.h -index cc06c71be8..e9f74a414d 100644 +index 7369a730fb..55b74238c8 100644 --- a/include/crypto/context.h +++ b/include/crypto/context.h -@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *); +@@ -46,3 +46,6 @@ void ossl_release_default_drbg_ctx(void); #if defined(OPENSSL_THREADS) void ossl_threads_ctx_free(void *); #endif @@ -269,10 +269,10 @@ index cc06c71be8..e9f74a414d 100644 +void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *); +void ossl_ctx_legacy_digest_signatures_free(void *); diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h -index ac50eb3bbd..3b115cc7df 100644 +index 64851fd8ed..8e01a77ddc 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h -@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { +@@ -117,7 +117,8 @@ typedef struct ossl_ex_data_global_st { # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 # define OSSL_LIB_CTX_THREAD_INDEX 19 # define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 @@ -296,7 +296,7 @@ index fd7f7e3331..05464b0655 100644 + int loadconfig); #endif diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index 699ada7c52..e534ad0a5f 100644 +index 0d3acdbe56..fe694c4e96 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -19,6 +19,7 @@ @@ -307,7 +307,7 @@ index 699ada7c52..e534ad0a5f 100644 /* * FIPS requires a minimum security strength of 112 bits (for encryption or -@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, +@@ -243,6 +244,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, mdnid = -1; /* disallowed by security checks */ } # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ @@ -323,7 +323,7 @@ index 699ada7c52..e534ad0a5f 100644 return mdnid; } -@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) +@@ -252,5 +262,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) if (ossl_securitycheck_enabled(ctx)) return ossl_digest_get_approved_nid(md) != NID_undef; # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ @@ -377,10 +377,10 @@ index 246323493e..2ca7a59f39 100644 return mdnid; } diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c -index 70d0ea5d24..3c482e0181 100644 +index b89a0f6836..e0c26a13e4 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c -@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, +@@ -125,12 +125,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, mdprops = ctx->propq; if (mdname != NULL) { @@ -402,10 +402,10 @@ index 70d0ea5d24..3c482e0181 100644 if (md == NULL || md_nid < 0) { if (md == NULL) diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index ebeb30e002..c874f87bd5 100644 +index f158105e71..62355b89fe 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c -@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, +@@ -247,7 +247,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, "%s could not be fetched", mdname); return 0; } @@ -418,7 +418,7 @@ index ebeb30e002..c874f87bd5 100644 sha1_allowed); if (md_nid < 0) { diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 2a5504d104..5f3a029566 100644 +index c1405f47ea..aeda1a7758 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -25,6 +25,7 @@ @@ -437,7 +437,7 @@ index 2a5504d104..5f3a029566 100644 OSSL_FUNC_signature_newctx_fn rsa_newctx; static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; -@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, +@@ -301,10 +303,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, if (mdname != NULL) { EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); @@ -455,7 +455,7 @@ index 2a5504d104..5f3a029566 100644 if (md == NULL || md_nid <= 0 -@@ -1396,8 +1403,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -1392,8 +1399,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->pad_mode = pad_mode; if (prsactx->md == NULL && pmdname == NULL @@ -472,22 +472,10 @@ index 2a5504d104..5f3a029566 100644 if (pmgf1mdname != NULL && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 9cb8a4dda2..feb660d030 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: - X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION: - OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION: - BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK -+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: -+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: --- -2.41.0 - -diff -up openssl-3.2.0/ssl/t1_lib.c.patch-sha1 openssl-3.2.0/ssl/t1_lib.c ---- openssl-3.2.0/ssl/t1_lib.c.patch-sha1 2023-12-08 13:01:44.752501257 +0100 -+++ openssl-3.2.0/ssl/t1_lib.c 2023-12-08 13:04:18.969899853 +0100 +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 631e1fdef9..05dd7c5595 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c @@ -20,6 +20,7 @@ #include #include @@ -524,3 +512,16 @@ diff -up openssl-3.2.0/ssl/t1_lib.c.patch-sha1 openssl-3.2.0/ssl/t1_lib.c if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { cache[i].enabled = 0; +diff --git a/util/libcrypto.num b/util/libcrypto.num +index ef97803327..8046454025 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5536,3 +5536,5 @@ X509_STORE_CTX_set_get_crl 5663 3_2_0 EXIST::FUNCTION: + X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION: + OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION: + BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK ++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +-- +2.44.0 + diff --git a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch index a147d8e..33f79ce 100644 --- a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch +++ b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch @@ -1,30 +1,14 @@ -From f470b130139919f32926b3f5a75ba4d161cbcf88 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Tue, 1 Mar 2022 15:44:18 +0100 -Subject: [PATCH 2/2] Allow SHA1 in seclevel 1 if rh-allow-sha1-signatures = - yes +From 1fba75a6203d3ea2037d2fc2e1846f1b514c3d1d Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 23/49] + 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch -NOTE: This patch is ported from CentOS 9 / RHEL 9, where it allows SHA1 -in seclevel 2 if rh-allow-sha1-signatures = yes. This was chosen because -on CentOS 9 and RHEL 9, the LEGACY crypto policy sets the security level -to 2. - -On Fedora 35 (with OpenSSL 1.1) the legacy crypto policy uses security -level 1. Because Fedora 36 supports both OpenSSL 1.1 and OpenSSL 3, and -we want the legacy crypto policy to allow SHA-1 in TLS, the only option -to make this happen consistently in both OpenSSL 1.1 and OpenSSL 3 is -SECLEVEL=1 (which will allow SHA-1 in OpenSSL 1.1) and this change to -allow SHA-1 in SECLEVEL=1 with rh-allow-sha1-signatures = yes (which -will allow SHA-1 in OpenSSL 3). - -The change from CentOS 9 / RHEL 9 cannot be applied unmodified, because -rh-allow-sha1-signatures will default to yes in Fedora (according to our -current plans including until F38), and the security level in the -DEFAULT crypto policy is 2, i.e., the unmodified change would weaken the -default configuration. - -Related: rhbz#2055796 -Related: rhbz#2070977 +Patch-name: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch +Patch-id: 52 +Patch-status: | + # # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/x509/x509_vfy.c | 20 ++++++++++- doc/man5/config.pod | 7 ++++ @@ -33,7 +17,7 @@ Related: rhbz#2070977 4 files changed, 82 insertions(+), 16 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 2f175ca517..bf0c608839 100644 +index 1794c14e99..1dfbe58a4a 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -25,6 +25,7 @@ @@ -44,7 +28,7 @@ index 2f175ca517..bf0c608839 100644 #include "crypto/x509.h" #include "x509_local.h" -@@ -3441,14 +3442,31 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) +@@ -3668,14 +3669,31 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) { int secbits = -1; int level = ctx->param->auth_level; @@ -78,10 +62,10 @@ index 2f175ca517..bf0c608839 100644 return secbits >= minbits_table[level - 1]; } diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index 0c9110d28a..e0516d20b8 100644 +index ed34ff4b9c..8ab5456c99 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod -@@ -309,6 +309,13 @@ this option is set to B. Because TLS 1.1 or lower use MD5-SHA1 as +@@ -317,6 +317,13 @@ this option is set to B. Because TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key material, disabling B requires the use of TLS 1.2 or newer. @@ -96,7 +80,7 @@ index 0c9110d28a..e0516d20b8 100644 The value is a boolean that can be B or B. If the value is diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index dcd487ec2e..0b50266b69 100644 +index 05dd7c5595..056aae3863 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -20,6 +20,7 @@ @@ -107,7 +91,7 @@ index dcd487ec2e..0b50266b69 100644 #include "internal/sslconf.h" #include "internal/nelem.h" #include "internal/sizes.h" -@@ -1561,19 +1562,28 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) +@@ -1977,19 +1978,28 @@ int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t sig, EVP_PKEY *pkey) SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); return 0; } @@ -149,7 +133,7 @@ index dcd487ec2e..0b50266b69 100644 } /* Store the sigalg the peer uses */ s->s3.tmp.peer_sigalg = lu; -@@ -2106,6 +2116,15 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) +@@ -2563,6 +2573,15 @@ static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op, } } @@ -165,16 +149,16 @@ index dcd487ec2e..0b50266b69 100644 /* Finally see if security callback allows it */ secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu); sigalgstr[0] = (lu->sigalg >> 8) & 0xff; -@@ -2977,6 +2996,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, +@@ -3467,6 +3486,8 @@ static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, { /* Lookup signature algorithm digest */ int secbits, nid, pknid; + OSSL_LIB_CTX *libctx = NULL; + - + /* Don't check signature if self signed */ if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) -@@ -2985,6 +3006,26 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, +@@ -3476,6 +3497,26 @@ static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, /* If digest NID not defined use signature NID */ if (nid == NID_undef) nid = pknid; @@ -202,10 +186,10 @@ index dcd487ec2e..0b50266b69 100644 return ssl_security(s, op, secbits, nid, x); else diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index 700bbd849c..280477bc9d 100644 +index 1c8fce86fd..a584629062 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t -@@ -387,8 +387,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" +@@ -481,8 +481,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), "CA with PSS signature using SHA256"); @@ -217,5 +201,5 @@ index 700bbd849c..280477bc9d 100644 ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), "PSS signature using SHA256 and auth level 2"); -- -2.35.1 +2.44.0 diff --git a/0058-FIPS-limit-rsa-encrypt.patch b/0058-FIPS-limit-rsa-encrypt.patch index 5d3ef9c..c4f952b 100644 --- a/0058-FIPS-limit-rsa-encrypt.patch +++ b/0058-FIPS-limit-rsa-encrypt.patch @@ -1,23 +1,23 @@ -From 56511d480823bedafce604374fa3b15d3b3ffd6b Mon Sep 17 00:00:00 2001 +From 012e319b3d5b936a9208b1c75c13d9c4a2d0cc04 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:28 +0200 -Subject: [PATCH 26/48] 0058-FIPS-limit-rsa-encrypt.patch +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 24/49] 0058-FIPS-limit-rsa-encrypt.patch Patch-name: 0058-FIPS-limit-rsa-encrypt.patch Patch-id: 58 Patch-status: | - # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - providers/common/securitycheck.c | 1 + - .../implementations/asymciphers/rsa_enc.c | 35 +++++++++++ - .../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++- - test/recipes/80-test_cms.t | 5 +- - test/recipes/80-test_ssl_old.t | 27 +++++++-- - 5 files changed, 118 insertions(+), 8 deletions(-) + providers/common/securitycheck.c | 1 + + .../implementations/asymciphers/rsa_enc.c | 35 +++++ + .../30-test_evp_data/evppkey_rsa_common.txt | 140 +++++++++++++----- + test/recipes/80-test_cms.t | 5 +- + test/recipes/80-test_ssl_old.t | 27 +++- + 5 files changed, 168 insertions(+), 40 deletions(-) diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index e534ad0a5f..c017c658e5 100644 +index fe694c4e96..f635b5aec8 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -27,6 +27,7 @@ @@ -29,10 +29,10 @@ index e534ad0a5f..c017c658e5 100644 { int protect = 0; diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index d865968058..872967bcb3 100644 +index 71bfa344d4..d548560f1f 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c -@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa, +@@ -135,6 +135,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa, return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); } @@ -50,7 +50,7 @@ index d865968058..872967bcb3 100644 static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, size_t outsize, const unsigned char *in, size_t inlen) { -@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -144,6 +155,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, if (!ossl_prov_is_running()) return 0; @@ -69,7 +69,7 @@ index d865968058..872967bcb3 100644 if (out == NULL) { size_t len = RSA_size(prsactx->rsa); -@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -206,6 +229,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, if (!ossl_prov_is_running()) return 0; @@ -89,877 +89,861 @@ index d865968058..872967bcb3 100644 if (out == NULL) { *outlen = SSL_MAX_MASTER_KEY_LENGTH; diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -index 8680797b90..95d5d51102 100644 +index 76ddc1ec60..62d55308b0 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2 - h90qjKHS9PvY4Q== - -----END PRIVATE KEY----- +@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377 + Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef + # RSA decrypt +- +Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a - Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + Decrypt = RSA-2048 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 + Output = "Hello World" + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 - Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + # Note: disable the Bleichenbacher workaround to see if it passes + Decrypt = RSA-2048 + Ctrl = rsa_pkcs1_implicit_rejection:0 +@@ -262,7 +262,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70 + Output = "Hello World" + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb - Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + # Corrupted ciphertext + # Note: output is generated synthethically by the Bleichenbacher workaround + Decrypt = RSA-2048 +@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70 + Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 - Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + # Corrupted ciphertext + # Note: disable the Bleichenbacher workaround to see if it fails + Decrypt = RSA-2048 +@@ -345,82 +345,90 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC + # RSA decrypt + # a random positive test case +Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 - Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 + Decrypt = RSA-2048-2 + Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 + Output = "lorem ipsum dolor sit amet" + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8 - eG2e4XlBcKjI6A== - -----END PRIVATE KEY----- + # a random negative test case decrypting to empty + Decrypt = RSA-2048-2 + Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7 + Output = + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e - Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 + # invalid decrypting to max length message + Decrypt = RSA-2048-2 + Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303 + Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 + # invalid decrypting to message with length specified by second to last value from PRF +Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 - Output=2d + Decrypt = RSA-2048-2 + Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354 + Output = 0f9b + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 - Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e + # invalid decrypting to message with length specified by third to last value from PRF + Decrypt = RSA-2048-2 + Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081 + Output = 4f02 + # positive test with 11 byte long value +Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 - Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a + Decrypt = RSA-2048-2 + Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 + Output = "lorem ipsum" + # positive test with 11 byte long value and zero padded ciphertext +Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec - Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c + Decrypt = RSA-2048-2 + Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b + Output = "lorem ipsum" + # positive test with 11 byte long value and zero truncated ciphertext +Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z - Ya4qnqZe1onjY5o= - -----END PRIVATE KEY----- + Decrypt = RSA-2048-2 + Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b + Output = "lorem ipsum" + # positive test with 11 byte long value and double zero padded ciphertext +Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 - Output=087820b569e8fa8d + Decrypt = RSA-2048-2 + Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc + Output = "lorem ipsum" + # positive test with 11 byte long value and double zero truncated ciphertext +Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 - Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 + Decrypt = RSA-2048-2 + Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc + Output = "lorem ipsum" + # positive that generates a 0 byte long synthetic message internally +Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a - Output=d94cd0e08fa404ed89 + Decrypt = RSA-2048-2 + Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 + Output = "lorem ipsum" + # positive that generates a 245 byte long synthetic message internally +Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 - Output=6cc641b6b61e6f963974dad23a9013284ef1 + Decrypt = RSA-2048-2 + Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 + Output = "lorem ipsum" + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 - Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 + # a random negative test that generates an 11 byte long message + Decrypt = RSA-2048-2 + Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2 + Output = af9ac70191c92413cb9f2d + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq - aD0x7TDrmEvkEro= - -----END PRIVATE KEY----- + # an otherwise correct plaintext, but with wrong first byte + # (0x01 instead of 0x00), generates a random 11 byte long plaintext + Decrypt = RSA-2048-2 +@@ -428,7 +436,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc + Output = a1f8c9255c35cfba403ccc + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 - Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 + # an otherwise correct plaintext, but with wrong second byte + # (0x01 instead of 0x02), generates a random 11 byte long plaintext + Decrypt = RSA-2048-2 +@@ -436,7 +444,7 @@ Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d + Output = e6d700309ca0ed62452254 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e - Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 + # an invalid ciphertext, with a zero byte in first byte of + # ciphertext, decrypts to a random 11 byte long synthetic + # plaintext +@@ -445,7 +453,7 @@ Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2a + Output = ba27b1842e7c21c0e7ef6a + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 - Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 + # an invalid ciphertext, with a zero byte removed from first byte of + # ciphertext, decrypts to a random 11 byte long synthetic + # plaintext +@@ -454,7 +462,7 @@ Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3 + Output = ba27b1842e7c21c0e7ef6a + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 - Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e + # an invalid ciphertext, with two zero bytes in first bytes of + # ciphertext, decrypts to a random 11 byte long synthetic + # plaintext +@@ -463,7 +471,7 @@ Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f + Output = d5cf555b1d6151029a429a + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 - Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 + # an invalid ciphertext, with two zero bytes removed from first bytes of + # ciphertext, decrypts to a random 11 byte long synthetic + # plaintext +@@ -472,7 +480,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c + Output = d5cf555b1d6151029a429a + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B - MSwGUGLx60i3nRyDyw== - -----END PRIVATE KEY----- + # and invalid ciphertext, otherwise valid but starting with 000002, decrypts + # to random 11 byte long synthetic plaintext + Decrypt = RSA-2048-2 +@@ -480,7 +488,7 @@ Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802 + Output = 3d4a054d9358209e9cbbb9 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 - Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 + # negative test with otherwise valid padding but a zero byte in first byte + # of padding + Decrypt = RSA-2048-2 +@@ -488,7 +496,7 @@ Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a94 + Output = 1f037dd717b07d3e7f7359 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad - Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 + # negative test with otherwise valid padding but a zero byte at the eighth + # byte of padding + Decrypt = RSA-2048-2 +@@ -496,7 +504,7 @@ Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a9646 + Output = 63cb0bf65fc8255dd29e17 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 - Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 + # negative test with an otherwise valid plaintext but with missing separator + # byte + Decrypt = RSA-2048-2 +@@ -551,53 +559,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC + # RSA decrypt + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf - Output=15c5b9ee1185 + # malformed that generates length specified by 3rd last value from PRF + Decrypt = RSA-2049 + Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894 + Output = 42 + # simple positive test case +Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 - Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a + Decrypt = RSA-2049 + Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967 + Output = "lorem ipsum" + # positive test case with null padded ciphertext +Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC - Yejn5Ly8mU2q+jBcRQ== - -----END PRIVATE KEY----- + Decrypt = RSA-2049 + Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 + Output = "lorem ipsum" + # positive test case with null truncated ciphertext +Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 - Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 + Decrypt = RSA-2049 + Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 + Output = "lorem ipsum" + # positive test case with double null padded ciphertext +Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f - Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 + Decrypt = RSA-2049 + Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 + Output = "lorem ipsum" + # positive test case with double null truncated ciphertext +Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 - Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c + Decrypt = RSA-2049 + Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 + Output = "lorem ipsum" + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 - Output=684e3038c5c041f7 + # a random negative test case that generates an 11 byte long message + Decrypt = RSA-2049 + Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca + Output = 1189b6f5498fd6df532b00 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab - Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 + # otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00) + Decrypt = RSA-2049 + Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff + Output = f6d0f5b78082fe61c04674 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS - FMlxv0gq65dqc3DC - -----END PRIVATE KEY----- + # otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02) + Decrypt = RSA-2049 + Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3 +@@ -661,14 +674,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE= + PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 - Output=47aae909 + # a random invalid ciphertext that generates an empty synthetic one + Decrypt = RSA-3072 + Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59 + Output = + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 - Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 + # a random invalid that has PRF output with a length one byte too long + # in the last value + Decrypt = RSA-3072 +@@ -676,46 +689,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa + Output = 56a3bea054e01338be9b7d7957539c + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b - Output=d976fc + # a random invalid that generates a synthetic of maximum size + Decrypt = RSA-3072 + Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6 + Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04 + # a positive test case that decrypts to 9 byte long value +Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac - Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb + Decrypt = RSA-3072 + Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde + Output = "forty two" + # a positive test case with null padded ciphertext +Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 - Output=bb47231ca5ea1d3ad46c99345d9a8a61 + Decrypt = RSA-3072 + Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 + Output = "forty two" + # a positive test case with null truncated ciphertext +Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM - 2MiPa249Z+lh3Luj0A== - -----END PRIVATE KEY----- + Decrypt = RSA-3072 + Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 + Output = "forty two" + # a positive test case with double null padded ciphertext +Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 - Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 + Decrypt = RSA-3072 + Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 + Output = "forty two" + # a positive test case with double null truncated ciphertext +Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d - Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc + Decrypt = RSA-3072 + Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 + Output = "forty two" + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f - Output=8604ac56328c1ab5ad917861 + # a random negative test case that generates a 9 byte long message + Decrypt = RSA-3072 + Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56 + Output = 257906ca6de8307728 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 - Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc + # a random negative test case that generates a 9 byte long message based on + # second to last value from PRF + Decrypt = RSA-3072 +@@ -723,7 +741,7 @@ Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a0 + Output = 043383c929060374ed + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 - Output=4a5f4914bee25de3c69341de07 + # a random negative test that generates message based on 3rd last value from + # PRF + Decrypt = RSA-3072 +@@ -731,35 +749,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf48 + Output = 70263fa6050534b9e0 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo - tKo5Eb69iFQvBb4= - -----END PRIVATE KEY----- + # an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00) + Decrypt = RSA-3072 + Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62 + Output = 6d8d3a094ff3afff4c + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 - Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 + # an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02) + Decrypt = RSA-3072 + Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936 + Output = c6ae80ffa80bc184b0 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 - Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 + # an otherwise valid plaintext, but with zero byte in first byte of padding + Decrypt = RSA-3072 + Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0 + Output = a8a9301daa01bb25c7 + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 +Availablein = default - Decrypt=RSA-OAEP-9 + # an otherwise valid plaintext, but with zero byte in eight byte of padding + Decrypt = RSA-3072 + Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571 + Output = 6c716fe01d44398018 + + # The old FIPS provider doesn't include the workaround (#13817) +-FIPSversion = >=3.2.0 ++Availablein = default + # an otherwise valid plaintext, but with null separator missing + Decrypt = RSA-3072 + Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4 +@@ -1106,36 +1124,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2 + h90qjKHS9PvY4Q== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-1 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 - Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 - Output=fd326429df9b890e09b54b18b8f34f1e24 + Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a + Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 +Availablein = default - Decrypt=RSA-OAEP-9 + Decrypt=RSA-OAEP-1 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 - Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 - Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e + Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 + Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 +Availablein = default - Decrypt=RSA-OAEP-9 + Decrypt=RSA-OAEP-1 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 - Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e - Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d + Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb + Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 +Availablein = default - Decrypt=RSA-OAEP-9 + Decrypt=RSA-OAEP-1 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index cbec426137..9ba7fbeed2 100644 ---- a/test/recipes/80-test_cms.t -+++ b/test/recipes/80-test_cms.t -@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", -+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, - "-aes256", "-stream", "-out", "{output}.cms", - $smrsa1, -@@ -1022,6 +1022,9 @@ sub check_availability { - return "$tnam: skipped, DSA disabled\n" - if ($no_dsa && $tnam =~ / DSA/); - -+ return "$tnam: skipped, Red Hat FIPS\n" -+ if ($tnam =~ /no Red Hat FIPS/); -+ - return ""; - } - -diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t -index e2dcb68fb5..0775112b40 100644 ---- a/test/recipes/80-test_ssl_old.t -+++ b/test/recipes/80-test_ssl_old.t -@@ -493,6 +493,18 @@ sub testssl { - # the default choice if TLSv1.3 enabled - my $flag = $protocol eq "-tls1_3" ? "" : $protocol; - my $ciphersuites = ""; -+ my %redhat_skip_cipher = map {$_ => 1} qw( -+AES256-GCM-SHA384:@SECLEVEL=0 -+AES256-CCM8:@SECLEVEL=0 -+AES256-CCM:@SECLEVEL=0 -+AES128-GCM-SHA256:@SECLEVEL=0 -+AES128-CCM8:@SECLEVEL=0 -+AES128-CCM:@SECLEVEL=0 -+AES256-SHA256:@SECLEVEL=0 -+AES128-SHA256:@SECLEVEL=0 -+AES256-SHA:@SECLEVEL=0 -+AES128-SHA:@SECLEVEL=0 -+ ); - foreach my $cipher (@{$ciphersuites{$protocol}}) { - if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { - note "*****SKIPPING $protocol $cipher"; -@@ -504,11 +516,16 @@ sub testssl { - } else { - $cipher = $cipher.':@SECLEVEL=0'; - } -- ok(run(test([@ssltest, @exkeys, "-cipher", -- $cipher, -- "-ciphersuites", $ciphersuites, -- $flag || ()])), -- "Testing $cipher"); -+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { -+ note "*****SKIPPING $cipher in Red Hat FIPS mode"; -+ ok(1); -+ } else { -+ ok(run(test([@ssltest, @exkeys, "-cipher", -+ $cipher, -+ "-ciphersuites", $ciphersuites, -+ $flag || ()])), -+ "Testing $cipher"); -+ } - } - } - next if $protocol eq "-tls1_3"; --- -2.41.0 - -diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patch-58 openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.patch-58 2023-12-11 19:15:32.167790754 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-12-11 21:16:08.390089120 +0100 -@@ -248,7 +248,7 @@ Input = 64b0e9f9892371110c40ba5739dc0974 - Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef + Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 + Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 - # RSA decrypt -- +Availablein = default - Decrypt = RSA-2048 - Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 - Output = "Hello World" -@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235 - Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 + Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # Corrupted ciphertext - # Note: disable the Bleichenbacher workaround to see if it fails - Decrypt = RSA-2048 -diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default 2024-02-01 15:09:31.498568631 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2024-02-01 15:14:45.858384004 +0100 -@@ -365,28 +365,28 @@ Input = 8bfe264e85d3bdeaa6b8851b8e3b956e - Output = "lorem ipsum dolor sit amet" + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1160,36 +1184,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8 + eG2e4XlBcKjI6A== + -----END PRIVATE KEY----- - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # a random negative test case decrypting to empty - Decrypt = RSA-2048-2 - Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7 - Output = + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e + Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # invalid decrypting to max length message - Decrypt = RSA-2048-2 - Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303 - Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3 + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 + Output=2d - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 - # invalid decrypting to message with length specified by second to last value from PRF +Availablein = default - Decrypt = RSA-2048-2 - Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354 - Output = 0f9b + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 + Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # invalid decrypting to message with length specified by third to last value from PRF - Decrypt = RSA-2048-2 - Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081 -@@ -428,14 +428,14 @@ Input = 1ea0b50ca65203d0a09280d39704b24f - Output = "lorem ipsum" + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 + Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # a random negative test that generates an 11 byte long message - Decrypt = RSA-2048-2 - Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2 - Output = af9ac70191c92413cb9f2d + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec + Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # an otherwise correct plaintext, but with wrong first byte - # (0x01 instead of 0x00), generates a random 11 byte long plaintext - Decrypt = RSA-2048-2 -@@ -443,7 +443,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be5 - Output = a1f8c9255c35cfba403ccc + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1214,36 +1244,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z + Ya4qnqZe1onjY5o= + -----END PRIVATE KEY----- - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # an otherwise correct plaintext, but with wrong second byte - # (0x01 instead of 0x02), generates a random 11 byte long plaintext - Decrypt = RSA-2048-2 -@@ -451,7 +451,7 @@ Input = 782c2b59a21a511243820acedd567c13 - Output = e6d700309ca0ed62452254 + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 + Output=087820b569e8fa8d - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # an invalid ciphertext, with a zero byte in first byte of - # ciphertext, decrypts to a random 11 byte long synthetic - # plaintext -@@ -460,7 +460,7 @@ Input = 0096136621faf36d5290b16bd26295de - Output = ba27b1842e7c21c0e7ef6a + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 + Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # an invalid ciphertext, with a zero byte removed from first byte of - # ciphertext, decrypts to a random 11 byte long synthetic - # plaintext -@@ -469,7 +469,7 @@ Input = 96136621faf36d5290b16bd26295de27 - Output = ba27b1842e7c21c0e7ef6a + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a + Output=d94cd0e08fa404ed89 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # an invalid ciphertext, with two zero bytes in first bytes of - # ciphertext, decrypts to a random 11 byte long synthetic - # plaintext -@@ -478,7 +478,7 @@ Input = 0000587cccc6b264bdfe0dc2149a9880 - Output = d5cf555b1d6151029a429a + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 + Output=6cc641b6b61e6f963974dad23a9013284ef1 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # an invalid ciphertext, with two zero bytes removed from first bytes of - # ciphertext, decrypts to a random 11 byte long synthetic - # plaintext -@@ -487,7 +487,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa - Output = d5cf555b1d6151029a429a + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 + Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # and invalid ciphertext, otherwise valid but starting with 000002, decrypts - # to random 11 byte long synthetic plaintext - Decrypt = RSA-2048-2 -@@ -495,7 +495,7 @@ Input = 1786550ce8d8433052e01ecba8b76d30 - Output = 3d4a054d9358209e9cbbb9 + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1268,36 +1304,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq + aD0x7TDrmEvkEro= + -----END PRIVATE KEY----- - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # negative test with otherwise valid padding but a zero byte in first byte - # of padding - Decrypt = RSA-2048-2 -@@ -503,7 +503,7 @@ Input = 179598823812d2c58a7eb50521150a48 - Output = 1f037dd717b07d3e7f7359 + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 + Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # negative test with otherwise valid padding but a zero byte at the eighth - # byte of padding - Decrypt = RSA-2048-2 -@@ -511,7 +511,7 @@ Input = a7a340675a82c30e22219a55bc07cdf3 - Output = 63cb0bf65fc8255dd29e17 + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e + Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # negative test with an otherwise valid plaintext but with missing separator - # byte - Decrypt = RSA-2048-2 -@@ -566,53 +566,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLI - # RSA decrypt + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 + Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # malformed that generates length specified by 3rd last value from PRF - Decrypt = RSA-2049 - Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894 - Output = 42 + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 + Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e - # simple positive test case +Availablein = default - Decrypt = RSA-2049 - Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967 - Output = "lorem ipsum" + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 + Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 - # positive test case with null padded ciphertext +Availablein = default - Decrypt = RSA-2049 - Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 - Output = "lorem ipsum" + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1322,36 +1364,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B + MSwGUGLx60i3nRyDyw== + -----END PRIVATE KEY----- - # positive test case with null truncated ciphertext +Availablein = default - Decrypt = RSA-2049 - Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 - Output = "lorem ipsum" + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 + Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 - # positive test case with double null padded ciphertext +Availablein = default - Decrypt = RSA-2049 - Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 - Output = "lorem ipsum" + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad + Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 - # positive test case with double null truncated ciphertext +Availablein = default - Decrypt = RSA-2049 - Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 - Output = "lorem ipsum" + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 + Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # a random negative test case that generates an 11 byte long message - Decrypt = RSA-2049 - Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca - Output = 1189b6f5498fd6df532b00 + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf + Output=15c5b9ee1185 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00) - Decrypt = RSA-2049 - Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff - Output = f6d0f5b78082fe61c04674 + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 + Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02) - Decrypt = RSA-2049 - Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3 -diff -up openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.only-default 2024-02-01 15:22:09.981463726 +0100 -+++ openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2024-02-01 15:28:41.789966051 +0100 -@@ -269,7 +269,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235 - Output = "Hello World" + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1376,36 +1424,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC + Yejn5Ly8mU2q+jBcRQ== + -----END PRIVATE KEY----- - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # Note: disable the Bleichenbacher workaround to see if it passes - Decrypt = RSA-2048 - Ctrl = rsa_pkcs1_implicit_rejection:0 -@@ -277,7 +277,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235 - Output = "Hello World" + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 + Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # Corrupted ciphertext - # Note: output is generated synthethically by the Bleichenbacher workaround - Decrypt = RSA-2048 -@@ -360,6 +360,7 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-P - # RSA decrypt + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f + Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 - # a random positive test case +Availablein = default - Decrypt = RSA-2048-2 - Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 - Output = "lorem ipsum dolor sit amet" -@@ -393,36 +394,43 @@ Input = 1690ebcceece2ce024f382e467cf8510 - Output = 4f02 + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 + Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c - # positive test with 11 byte long value +Availablein = default - Decrypt = RSA-2048-2 - Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 - Output = "lorem ipsum" + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 + Output=684e3038c5c041f7 - # positive test with 11 byte long value and zero padded ciphertext +Availablein = default - Decrypt = RSA-2048-2 - Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b - Output = "lorem ipsum" + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab + Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 - # positive test with 11 byte long value and zero truncated ciphertext +Availablein = default - Decrypt = RSA-2048-2 - Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b - Output = "lorem ipsum" + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1430,36 +1484,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS + FMlxv0gq65dqc3DC + -----END PRIVATE KEY----- - # positive test with 11 byte long value and double zero padded ciphertext +Availablein = default - Decrypt = RSA-2048-2 - Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc - Output = "lorem ipsum" + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 + Output=47aae909 - # positive test with 11 byte long value and double zero truncated ciphertext +Availablein = default - Decrypt = RSA-2048-2 - Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc - Output = "lorem ipsum" + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 + Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 - # positive that generates a 0 byte long synthetic message internally +Availablein = default - Decrypt = RSA-2048-2 - Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 - Output = "lorem ipsum" + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b + Output=d976fc - # positive that generates a 245 byte long synthetic message internally +Availablein = default - Decrypt = RSA-2048-2 - Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 - Output = "lorem ipsum" -@@ -681,14 +690,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKu - PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac + Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # a random invalid ciphertext that generates an empty synthetic one - Decrypt = RSA-3072 - Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59 - Output = + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 + Output=bb47231ca5ea1d3ad46c99345d9a8a61 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # a random invalid that has PRF output with a length one byte too long - # in the last value - Decrypt = RSA-3072 -@@ -696,46 +705,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d8 - Output = 56a3bea054e01338be9b7d7957539c + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1484,36 +1544,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM + 2MiPa249Z+lh3Luj0A== + -----END PRIVATE KEY----- - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # a random invalid that generates a synthetic of maximum size - Decrypt = RSA-3072 - Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6 - Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04 + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 + Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 - # a positive test case that decrypts to 9 byte long value +Availablein = default - Decrypt = RSA-3072 - Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde - Output = "forty two" + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d + Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc - # a positive test case with null padded ciphertext +Availablein = default - Decrypt = RSA-3072 - Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 - Output = "forty two" + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f + Output=8604ac56328c1ab5ad917861 - # a positive test case with null truncated ciphertext +Availablein = default - Decrypt = RSA-3072 - Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 - Output = "forty two" + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 + Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc - # a positive test case with double null padded ciphertext +Availablein = default - Decrypt = RSA-3072 - Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 - Output = "forty two" + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 + Output=4a5f4914bee25de3c69341de07 - # a positive test case with double null truncated ciphertext +Availablein = default - Decrypt = RSA-3072 - Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 - Output = "forty two" + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1544,36 +1610,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo + tKo5Eb69iFQvBb4= + -----END PRIVATE KEY----- - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # a random negative test case that generates a 9 byte long message - Decrypt = RSA-3072 - Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56 - Output = 257906ca6de8307728 + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 + Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # a random negative test case that generates a 9 byte long message based on - # second to last value from PRF - Decrypt = RSA-3072 -@@ -743,7 +757,7 @@ Input = 758c215aa6acd61248062b88284bf43c - Output = 043383c929060374ed + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 + Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # a random negative test that generates message based on 3rd last value from - # PRF - Decrypt = RSA-3072 -@@ -751,35 +765,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4 - Output = 70263fa6050534b9e0 + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 + Output=fd326429df9b890e09b54b18b8f34f1e24 - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00) - Decrypt = RSA-3072 - Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62 - Output = 6d8d3a094ff3afff4c + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 + Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02) - Decrypt = RSA-3072 - Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936 - Output = c6ae80ffa80bc184b0 + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e + Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 +Availablein = default - # an otherwise valid plaintext, but with zero byte in first byte of padding - Decrypt = RSA-3072 - Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0 - Output = a8a9301daa01bb25c7 + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index 4e368c730b..879d5d76eb 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -235,7 +235,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 -+Availablein = default - # an otherwise valid plaintext, but with zero byte in eight byte of padding - Decrypt = RSA-3072 - Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571 - Output = 6c716fe01d44398018 +- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", ++ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + $smrsa1, +@@ -1118,6 +1118,9 @@ sub check_availability { + return "$tnam: skipped, DSA disabled\n" + if ($no_dsa && $tnam =~ / DSA/); - # The old FIPS provider doesn't include the workaround (#13817) --FIPSversion = >=3.2.0 -+Availablein = default - # an otherwise valid plaintext, but with null separator missing - Decrypt = RSA-3072 - Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4 ++ return "$tnam: skipped, Red Hat FIPS\n" ++ if ($tnam =~ /no Red Hat FIPS/); ++ + return ""; + } + +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +index e2dcb68fb5..0775112b40 100644 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -493,6 +493,18 @@ sub testssl { + # the default choice if TLSv1.3 enabled + my $flag = $protocol eq "-tls1_3" ? "" : $protocol; + my $ciphersuites = ""; ++ my %redhat_skip_cipher = map {$_ => 1} qw( ++AES256-GCM-SHA384:@SECLEVEL=0 ++AES256-CCM8:@SECLEVEL=0 ++AES256-CCM:@SECLEVEL=0 ++AES128-GCM-SHA256:@SECLEVEL=0 ++AES128-CCM8:@SECLEVEL=0 ++AES128-CCM:@SECLEVEL=0 ++AES256-SHA256:@SECLEVEL=0 ++AES128-SHA256:@SECLEVEL=0 ++AES256-SHA:@SECLEVEL=0 ++AES128-SHA:@SECLEVEL=0 ++ ); + foreach my $cipher (@{$ciphersuites{$protocol}}) { + if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { + note "*****SKIPPING $protocol $cipher"; +@@ -504,11 +516,16 @@ sub testssl { + } else { + $cipher = $cipher.':@SECLEVEL=0'; + } +- ok(run(test([@ssltest, @exkeys, "-cipher", +- $cipher, +- "-ciphersuites", $ciphersuites, +- $flag || ()])), +- "Testing $cipher"); ++ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { ++ note "*****SKIPPING $cipher in Red Hat FIPS mode"; ++ ok(1); ++ } else { ++ ok(run(test([@ssltest, @exkeys, "-cipher", ++ $cipher, ++ "-ciphersuites", $ciphersuites, ++ $flag || ()])), ++ "Testing $cipher"); ++ } + } + } + next if $protocol eq "-tls1_3"; +-- +2.44.0 + diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch index 6f5fef2..fe4ca7c 100644 --- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +++ b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch @@ -1,22 +1,22 @@ -From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001 +From 62721a92ebec8746888d94bea0082c8d8763219e Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:28 +0200 -Subject: [PATCH 29/35] +Date: Wed, 6 Mar 2024 19:17:15 +0100 +Subject: [PATCH 27/49] 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch Patch-id: 73 Patch-status: | - # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/rsa/rsa_local.h | 8 ++ crypto/rsa/rsa_oaep.c | 34 ++++++-- - include/openssl/core_names.h | 3 + providers/fips/self_test_data.inc | 79 ++++++++++--------- providers/fips/self_test_kats.c | 7 ++ .../implementations/asymciphers/rsa_enc.c | 41 +++++++++- - 6 files changed, 128 insertions(+), 44 deletions(-) + util/perl/OpenSSL/paramnames.pm | 1 + + 6 files changed, 126 insertions(+), 44 deletions(-) diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index ea70da05ad..dde57a1a0e 100644 @@ -36,7 +36,7 @@ index ea70da05ad..dde57a1a0e 100644 + #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c -index d9be1a4f98..b2f7f7dc4b 100644 +index b9030440c4..3d665c3860 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, @@ -82,7 +82,7 @@ index d9be1a4f98..b2f7f7dc4b 100644 if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) goto err; -@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, +@@ -136,6 +146,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, return rv; } @@ -102,7 +102,7 @@ index d9be1a4f98..b2f7f7dc4b 100644 const unsigned char *from, int flen, const unsigned char *param, int plen, diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index e0fdc0daa4..aa2012c04a 100644 +index 4b80bb70b9..c33ecd0791 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = { @@ -208,10 +208,10 @@ index e0fdc0daa4..aa2012c04a 100644 #ifndef OPENSSL_NO_EC diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c -index 74ee25dcb6..a9bc8be7fa 100644 +index f13c41abd6..4ea10670c0 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c -@@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) +@@ -642,14 +642,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) return ret; } @@ -234,7 +234,7 @@ index 74ee25dcb6..a9bc8be7fa 100644 } diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index 9cd8904131..40de5ce8fa 100644 +index d548560f1f..f3443b0c66 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -30,6 +30,9 @@ @@ -257,7 +257,7 @@ index 9cd8904131..40de5ce8fa 100644 /* PKCS#1 v1.5 decryption mode */ unsigned int implicit_rejection; } PROV_RSA_CTX; -@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -193,12 +199,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, } } ret = @@ -281,7 +281,7 @@ index 9cd8904131..40de5ce8fa 100644 if (!ret) { OPENSSL_free(tbuf); -@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx) +@@ -332,6 +347,9 @@ static void rsa_freectx(void *vprsactx) EVP_MD_free(prsactx->oaep_md); EVP_MD_free(prsactx->mgf1_md); OPENSSL_free(prsactx->oaep_label); @@ -291,7 +291,7 @@ index 9cd8904131..40de5ce8fa 100644 OPENSSL_free(prsactx); } -@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { +@@ -455,6 +473,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { NULL, 0), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), @@ -301,7 +301,7 @@ index 9cd8904131..40de5ce8fa 100644 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), OSSL_PARAM_END }; -@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, +@@ -465,6 +486,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, return known_gettable_ctx_params; } @@ -312,7 +312,7 @@ index 9cd8904131..40de5ce8fa 100644 static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; -@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -576,6 +601,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->oaep_labellen = tmp_labellen; } @@ -331,12 +331,10 @@ index 9cd8904131..40de5ce8fa 100644 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); if (p != NULL) { unsigned int client_version; --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config 2023-12-14 13:48:23.398025507 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2023-12-14 14:24:49.519488385 +0100 +diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm +index c37ed7815f..70f7c50fe4 100644 +--- a/util/perl/OpenSSL/paramnames.pm ++++ b/util/perl/OpenSSL/paramnames.pm @@ -401,6 +401,7 @@ my %params = ( 'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version", 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version", @@ -345,3 +343,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.patch-config openssl-3.2. # Encoder / decoder parameters +-- +2.44.0 + diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch index e41fadd..7751f05 100644 --- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch @@ -1,32 +1,25 @@ -From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 15 Jul 2022 17:45:40 +0200 -Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test +From dc41625dc4a793f0e21188165711181ca085339b Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:16 +0100 +Subject: [PATCH 28/49] + 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch -In review for FIPS 140-3, the lack of a self-test for the digest_sign -and digest_verify provider functions was highlighted as a problem. NIST -no longer provides ACVP tests for the RSA SigVer primitive (see -https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3 -recommends the use of functions that compute the digest and signature -within the module, we have been advised in our module review that the -self tests should also use the combined digest and signature APIs, i.e. -the digest_sign and digest_verify provider functions. - -Modify the signature self-test to use these instead by switching to -EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to -crypto/evp/m_sigver.c to make these functions usable in the FIPS module. - -Signed-off-by: Clemens Lang +Patch-name: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +Patch-id: 74 +Patch-status: | + # [PATCH 29/46] + # 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------ - providers/fips/self_test_kats.c | 37 +++++++++++++++------------- - 2 files changed, 56 insertions(+), 24 deletions(-) + crypto/evp/m_sigver.c | 54 ++++++++++++++++++++++++++++----- + providers/fips/self_test_kats.c | 43 +++++++++++++++----------- + 2 files changed, 73 insertions(+), 24 deletions(-) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index db1a1d7bc3..c94c3c53bd 100644 +index fd3a4b79df..3e9f33c26c 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c -@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) +@@ -90,6 +90,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); return 0; } @@ -34,7 +27,7 @@ index db1a1d7bc3..c94c3c53bd 100644 /* * If we get the "NULL" md then the name comes back as "UNDEF". We want to use -@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -125,8 +126,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, reinit = 0; if (e == NULL) ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); @@ -45,7 +38,7 @@ index db1a1d7bc3..c94c3c53bd 100644 } if (ctx->pctx == NULL) return 0; -@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -136,8 +139,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx = ctx->pctx; ERR_set_mark(); @@ -56,7 +49,7 @@ index db1a1d7bc3..c94c3c53bd 100644 /* do not reinitialize if pkey is set or operation is different */ if (reinit -@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -222,8 +227,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, signature = evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, supported_sig, locpctx->propquery); @@ -67,7 +60,7 @@ index db1a1d7bc3..c94c3c53bd 100644 break; } if (signature == NULL) -@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -307,6 +314,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); if (ctx->fetched_digest != NULL) { ctx->digest = ctx->reqdigest = ctx->fetched_digest; @@ -75,7 +68,7 @@ index db1a1d7bc3..c94c3c53bd 100644 } else { /* legacy engine support : remove the mark when this is deleted */ ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); -@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -315,11 +323,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } @@ -89,7 +82,7 @@ index db1a1d7bc3..c94c3c53bd 100644 if (ctx->reqdigest != NULL && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) -@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -331,6 +341,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, goto err; } } @@ -97,7 +90,7 @@ index db1a1d7bc3..c94c3c53bd 100644 if (ver) { if (signature->digest_verify_init == NULL) { -@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -363,6 +374,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, EVP_KEYMGMT_free(tmp_keymgmt); return 0; @@ -105,7 +98,7 @@ index db1a1d7bc3..c94c3c53bd 100644 legacy: /* * If we don't have the full support we need with provided methods, -@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -434,6 +446,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ctx->pctx->flag_call_digest_custom = 1; ret = 1; @@ -113,7 +106,7 @@ index db1a1d7bc3..c94c3c53bd 100644 end: #ifndef FIPS_MODULE -@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -476,7 +489,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, NULL); } @@ -121,7 +114,57 @@ index db1a1d7bc3..c94c3c53bd 100644 int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) { -@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, +@@ -548,24 +560,31 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) + return EVP_DigestUpdate(ctx, data, dsize); + } + +-#ifndef FIPS_MODULE + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen) + { +- int sctx = 0, r = 0; +- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; ++ int r = 0; ++#ifndef FIPS_MODULE ++ int sctx = 0; ++ EVP_PKEY_CTX *dctx = NULL; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; ++ + + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); + return 0; + } + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + ++#ifndef FIPS_MODULE + if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { + /* try dup */ + dctx = EVP_PKEY_CTX_dup(pctx); +@@ -580,7 +599,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + else + EVP_PKEY_CTX_free(dctx); + return r; ++#else ++ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, ++ sigret, siglen, ++ sigret == NULL ? 0 : *siglen); ++ return r; ++#endif /* !defined(FIPS_MODULE) */ + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -653,6 +679,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, } } return 1; @@ -129,7 +172,54 @@ index db1a1d7bc3..c94c3c53bd 100644 } int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, -@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, +@@ -691,23 +718,30 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen) + { +- unsigned char md[EVP_MAX_MD_SIZE]; + int r = 0; ++#ifndef FIPS_MODULE ++ unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen = 0; + int vctx = 0; +- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; ++ EVP_PKEY_CTX *dctx = NULL; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; ++ + + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); + return 0; + } + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + ++#ifndef FIPS_MODULE + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { + /* try dup */ + dctx = EVP_PKEY_CTX_dup(pctx); +@@ -721,7 +755,13 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + else + EVP_PKEY_CTX_free(dctx); + return r; ++#else ++ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, ++ sig, siglen); ++ return r; ++#endif /* !defined(FIPS_MODULE) */ + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -762,6 +802,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, if (vctx || !r) return r; return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); @@ -137,16 +227,16 @@ index db1a1d7bc3..c94c3c53bd 100644 } int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, -@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +@@ -794,4 +835,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, return -1; return EVP_DigestVerifyFinal(ctx, sigret, siglen); } -#endif /* FIPS_MODULE */ diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c -index b6d5e8e134..77eec075e6 100644 +index 4ea10670c0..5eb27c8ed2 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c -@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t, +@@ -450,10 +450,13 @@ static int self_test_sign(const ST_KAT_SIGN *t, int ret = 0; OSSL_PARAM *params = NULL, *params_sig = NULL; OSSL_PARAM_BLD *bld = NULL; @@ -161,7 +251,7 @@ index b6d5e8e134..77eec075e6 100644 size_t siglen = sizeof(sig); static const unsigned char dgst[] = { 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, -@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, +@@ -487,23 +490,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) goto err; @@ -202,7 +292,7 @@ index b6d5e8e134..77eec075e6 100644 || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) goto err; -@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, +@@ -513,14 +519,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, goto err; OSSL_SELF_TEST_oncorrupt_byte(st, sig); @@ -223,186 +313,5 @@ index b6d5e8e134..77eec075e6 100644 OSSL_PARAM_free(params_sig); OSSL_PARAM_BLD_free(bld); -- -2.37.1 +2.44.0 -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 11:44:18.761559765 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 11:51:18.297195401 +0100 -@@ -560,26 +560,33 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c - return EVP_DigestUpdate(ctx, data, dsize); - } - --#ifndef FIPS_MODULE - int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen) - { -- int sctx = 0, r = 0; -- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; -+ int r = 0; -+#ifndef FIPS_MODULE -+ int sctx = 0; -+ EVP_PKEY_CTX *dctx = NULL; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; -+ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx != NULL) - pctx = dctx; -@@ -591,8 +598,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; - else - EVP_PKEY_CTX_free(dctx); -+#endif /* !defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -704,25 +713,32 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen) - { -- unsigned char md[EVP_MAX_MD_SIZE]; - int r = 0; -+#ifndef FIPS_MODULE -+ unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen = 0; - int vctx = 0; -- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; -+ EVP_PKEY_CTX *dctx = NULL; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; -+ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx != NULL) - pctx = dctx; -@@ -733,8 +749,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; - else - EVP_PKEY_CTX_free(dctx); -+#endif /* !defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 12:39:26.858137284 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 12:40:28.201680446 +0100 -@@ -736,9 +736,9 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - goto legacy; - #endif /* !defined(FIPS_MODULE) */ - -+#ifndef FIPS_MODULE - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ --#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx != NULL) - pctx = dctx; -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.digest-sign-patch 2024-01-04 12:55:41.172653897 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-04 12:56:23.562017396 +0100 -@@ -584,9 +584,9 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - goto legacy; - #endif /* !defined(FIPS_MODULE) */ - -+#ifndef FIPS_MODULE - if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) { - /* try dup */ --#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx != NULL) - pctx = dctx; -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.fips-new openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.fips-new 2024-01-30 23:50:10.115710238 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-01-31 00:04:31.448164500 +0100 -@@ -598,7 +598,11 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; - else - EVP_PKEY_CTX_free(dctx); -+ return r; - #endif /* !defined(FIPS_MODULE) */ -+ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, -+ sigret, siglen, -+ sigret == NULL ? 0 : *siglen); - return r; - - #ifndef FIPS_MODULE -@@ -749,7 +753,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; - else - EVP_PKEY_CTX_free(dctx); -+ return r; - #endif /* !defined(FIPS_MODULE) */ -+ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, -+ sig, siglen); - return r; - - #ifndef FIPS_MODULE -diff -up openssl-3.2.0/crypto/evp/m_sigver.c.fix-ifdef openssl-3.2.0/crypto/evp/m_sigver.c ---- openssl-3.2.0/crypto/evp/m_sigver.c.fix-ifdef 2024-02-01 09:23:07.877696442 +0100 -+++ openssl-3.2.0/crypto/evp/m_sigver.c 2024-02-01 09:25:30.857169997 +0100 -@@ -599,11 +599,12 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - else - EVP_PKEY_CTX_free(dctx); - return r; --#endif /* !defined(FIPS_MODULE) */ -+#else - r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, - sigret, siglen, - sigret == NULL ? 0 : *siglen); - return r; -+#endif /* !defined(FIPS_MODULE) */ - - #ifndef FIPS_MODULE - legacy: -@@ -754,10 +755,11 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - else - EVP_PKEY_CTX_free(dctx); - return r; --#endif /* !defined(FIPS_MODULE) */ -+#else - r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, - sig, siglen); - return r; -+#endif /* !defined(FIPS_MODULE) */ - - #ifndef FIPS_MODULE - legacy: diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch index 42899c3..92495f8 100644 --- a/0076-FIPS-140-3-DRBG.patch +++ b/0076-FIPS-140-3-DRBG.patch @@ -1,27 +1,27 @@ -From 89c00cc67b9b34bc94f9dc3a9fce9374bbaade03 Mon Sep 17 00:00:00 2001 +From 0329eb6523363705946887d4f145dd77c741ae4a Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:29 +0200 -Subject: [PATCH 32/48] 0076-FIPS-140-3-DRBG.patch +Date: Wed, 6 Mar 2024 19:17:16 +0100 +Subject: [PATCH 30/49] 0076-FIPS-140-3-DRBG.patch Patch-name: 0076-FIPS-140-3-DRBG.patch Patch-id: 76 Patch-status: | - # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) - # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) + # # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/rand/prov_seed.c | 9 ++- providers/implementations/rands/crngt.c | 6 +- - providers/implementations/rands/drbg.c | 11 +++- + providers/implementations/rands/drbg.c | 11 ++- providers/implementations/rands/drbg_local.h | 2 +- - .../implementations/rands/seeding/rand_unix.c | 64 ++----------------- - 5 files changed, 28 insertions(+), 64 deletions(-) + .../implementations/rands/seeding/rand_unix.c | 68 ++----------------- + 5 files changed, 28 insertions(+), 68 deletions(-) diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c -index 96c499c957..61c4cd8779 100644 +index 2985c7f2d8..3202a28226 100644 --- a/crypto/rand/prov_seed.c +++ b/crypto/rand/prov_seed.c -@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, +@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_LIB_CTX *ctx, size_t entropy_available; RAND_POOL *pool; @@ -55,10 +55,10 @@ index fa4a2db14a..1f13fc759e 100644 bytes_needed = min_len; if (bytes_needed > max_len) diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c -index ea55363bf8..1b2410b3db 100644 +index 1586288692..e6de65a23d 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c -@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance, +@@ -564,6 +564,9 @@ static int ossl_prov_drbg_reseed_unlocked(PROV_DRBG *drbg, #endif } @@ -68,7 +68,7 @@ index ea55363bf8..1b2410b3db 100644 /* Reseed using our sources in addition */ entropylen = get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, drbg->max_entropylen, -@@ -662,8 +665,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, +@@ -685,8 +688,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, reseed_required = 1; } if (drbg->parent != NULL @@ -85,7 +85,7 @@ index ea55363bf8..1b2410b3db 100644 if (reseed_required || prediction_resistance) { if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL, diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h -index 3b5417b43b..d27c50950b 100644 +index 50f98a0b61..53d99c8c84 100644 --- a/providers/implementations/rands/drbg_local.h +++ b/providers/implementations/rands/drbg_local.h @@ -38,7 +38,7 @@ @@ -98,7 +98,7 @@ index 3b5417b43b..d27c50950b 100644 /* * Maximum input size for the DRBG (entropy, nonce, personalization string) diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c -index cd02a0236d..98c917b6d8 100644 +index 9a936d800d..61d720efa9 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -48,6 +48,8 @@ @@ -110,10 +110,7 @@ index cd02a0236d..98c917b6d8 100644 static uint64_t get_time_stamp(void); -diff -up openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c.rand-patch openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c ---- openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c.rand-patch 2024-01-02 11:52:21.837712036 +0100 -+++ openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c 2024-01-02 11:54:40.576083169 +0100 -@@ -339,70 +339,8 @@ static ssize_t syscall_random(void *buf, +@@ -339,70 +341,8 @@ static ssize_t syscall_random(void *buf, size_t buflen) * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion * between size_t and ssize_t is safe even without a range check. */ @@ -186,3 +183,6 @@ diff -up openssl-3.2.0/providers/implementations/rands/seeding/rand_unix.c.rand- } # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ +-- +2.44.0 + diff --git a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch index f2bb087..3867e06 100644 --- a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch +++ b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch @@ -1,13 +1,13 @@ -From 2000eaead63732669283e6b54c8ef02e268eaeb8 Mon Sep 17 00:00:00 2001 +From c503fa302490f76f191af6259e4199572280298a Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Mon, 31 Jul 2023 09:41:29 +0200 -Subject: [PATCH 34/48] 0078-Add-FIPS-indicator-parameter-to-HKDF.patch +Date: Wed, 6 Mar 2024 19:17:16 +0100 +Subject: [PATCH 32/49] 0078-Add-FIPS-indicator-parameter-to-HKDF.patch Patch-name: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch Patch-id: 78 Patch-status: | - # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 -From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd + # # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- include/crypto/evp.h | 7 ++ include/openssl/kdf.h | 4 + @@ -17,13 +17,14 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd providers/implementations/kdfs/sskdf.c | 100 +++++++++++++++++++++- providers/implementations/kdfs/tls1_prf.c | 74 +++++++++++++++- providers/implementations/kdfs/x942kdf.c | 66 +++++++++++++- + util/perl/OpenSSL/paramnames.pm | 1 + 9 files changed, 487 insertions(+), 22 deletions(-) diff --git a/include/crypto/evp.h b/include/crypto/evp.h -index dbbdcccbda..aa07153441 100644 +index 34cea2f9f4..1e4895959b 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h -@@ -219,6 +219,13 @@ struct evp_mac_st { +@@ -228,6 +228,13 @@ struct evp_mac_st { OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; }; @@ -53,10 +54,10 @@ index 0983230a48..86171635ea 100644 #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c -index 5304baa6c9..f9c77f4236 100644 +index 78425fbb42..0ff3433074 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c -@@ -43,6 +43,7 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; +@@ -44,6 +44,7 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params; static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params; @@ -64,7 +65,7 @@ index 5304baa6c9..f9c77f4236 100644 static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive; static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params; static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params; -@@ -86,6 +87,10 @@ typedef struct { +@@ -87,6 +88,10 @@ typedef struct { size_t data_len; unsigned char *info; size_t info_len; @@ -75,7 +76,7 @@ index 5304baa6c9..f9c77f4236 100644 } KDF_HKDF; static void *kdf_hkdf_new(void *provctx) -@@ -201,6 +206,11 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen, +@@ -200,6 +205,11 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen, return 0; } @@ -87,7 +88,7 @@ index 5304baa6c9..f9c77f4236 100644 switch (ctx->mode) { case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: default: -@@ -363,15 +373,78 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) +@@ -308,15 +318,78 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { KDF_HKDF *ctx = (KDF_HKDF *)vctx; OSSL_PARAM *p; @@ -100,10 +101,8 @@ index 5304baa6c9..f9c77f4236 100644 + any_valid = 1; + + if (sz == 0 || !OSSL_PARAM_set_size_t(p, sz)) - return 0; -- return OSSL_PARAM_set_size_t(p, sz); - } -- return -2; ++ return 0; ++ } + +#ifdef FIPS_MODULE + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR)) @@ -158,8 +157,10 @@ index 5304baa6c9..f9c77f4236 100644 + } + } + if (!OSSL_PARAM_set_int(p, fips_indicator)) -+ return 0; -+ } + return 0; +- return OSSL_PARAM_set_size_t(p, sz); + } +- return -2; +#endif /* defined(FIPS_MODULE) */ + + if (!any_valid) @@ -169,7 +170,7 @@ index 5304baa6c9..f9c77f4236 100644 } static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, -@@ -379,6 +452,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, +@@ -324,6 +397,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -179,7 +180,7 @@ index 5304baa6c9..f9c77f4236 100644 OSSL_PARAM_END }; return known_gettable_ctx_params; -@@ -709,6 +785,17 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, +@@ -654,6 +730,17 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, return ret; } @@ -197,7 +198,7 @@ index 5304baa6c9..f9c77f4236 100644 static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, const OSSL_PARAM params[]) { -@@ -724,6 +811,11 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, +@@ -669,6 +756,11 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, return 0; } @@ -209,7 +210,7 @@ index 5304baa6c9..f9c77f4236 100644 switch (ctx->mode) { default: return 0; -@@ -801,7 +893,7 @@ static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx, +@@ -746,7 +838,7 @@ static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx, } const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = { @@ -219,10 +220,10 @@ index 5304baa6c9..f9c77f4236 100644 { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free }, { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset }, diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c -index aa3df15bc7..3f82710061 100644 +index e6855d5732..ebd9d648a6 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c -@@ -59,6 +59,9 @@ typedef struct { +@@ -60,6 +60,9 @@ typedef struct { kbkdf_mode mode; EVP_MAC_CTX *ctx_init; @@ -232,7 +233,7 @@ index aa3df15bc7..3f82710061 100644 /* Names are lowercased versions of those found in SP800-108. */ int r; unsigned char *ki; -@@ -72,6 +75,9 @@ typedef struct { +@@ -73,6 +76,9 @@ typedef struct { int use_l; int is_kmac; int use_separator; @@ -242,7 +243,7 @@ index aa3df15bc7..3f82710061 100644 } KBKDF; /* Definitions needed for typechecking. */ -@@ -143,6 +149,7 @@ static void kbkdf_reset(void *vctx) +@@ -142,6 +148,7 @@ static void kbkdf_reset(void *vctx) void *provctx = ctx->provctx; EVP_MAC_CTX_free(ctx->ctx_init); @@ -250,7 +251,7 @@ index aa3df15bc7..3f82710061 100644 OPENSSL_clear_free(ctx->context, ctx->context_len); OPENSSL_clear_free(ctx->label, ctx->label_len); OPENSSL_clear_free(ctx->ki, ctx->ki_len); -@@ -308,6 +315,11 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, +@@ -307,6 +314,11 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, goto done; } @@ -262,7 +263,7 @@ index aa3df15bc7..3f82710061 100644 h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init); if (h == 0) goto done; -@@ -381,6 +393,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +@@ -369,6 +381,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } } @@ -272,7 +273,7 @@ index aa3df15bc7..3f82710061 100644 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE); if (p != NULL && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) { -@@ -461,20 +476,77 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx, +@@ -450,20 +465,77 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx, static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { OSSL_PARAM *p; @@ -356,7 +357,7 @@ index aa3df15bc7..3f82710061 100644 } diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c -index 1afac4e477..389b82b714 100644 +index 90986bc762..27cd7f8bdf 100644 --- a/providers/implementations/kdfs/sshkdf.c +++ b/providers/implementations/kdfs/sshkdf.c @@ -49,6 +49,9 @@ typedef struct { @@ -369,7 +370,7 @@ index 1afac4e477..389b82b714 100644 } KDF_SSHKDF; static void *kdf_sshkdf_new(void *provctx) -@@ -151,6 +154,12 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen, +@@ -149,6 +152,12 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen, ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE); return 0; } @@ -382,7 +383,7 @@ index 1afac4e477..389b82b714 100644 return SSHKDF(md, ctx->key, ctx->key_len, ctx->xcghash, ctx->xcghash_len, ctx->session_id, ctx->session_id_len, -@@ -219,10 +228,67 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx, +@@ -217,10 +226,67 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx, static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { OSSL_PARAM *p; @@ -453,7 +454,7 @@ index 1afac4e477..389b82b714 100644 } static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx, -@@ -230,6 +296,9 @@ static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx, +@@ -228,6 +294,9 @@ static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx, { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -464,10 +465,10 @@ index 1afac4e477..389b82b714 100644 }; return known_gettable_ctx_params; diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c -index ecb98de6fd..98fcc583d8 100644 +index db750a4f23..175fd30327 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c -@@ -63,6 +63,10 @@ typedef struct { +@@ -64,6 +64,10 @@ typedef struct { size_t salt_len; size_t out_len; /* optional KMAC parameter */ int is_kmac; @@ -478,7 +479,7 @@ index ecb98de6fd..98fcc583d8 100644 } KDF_SSKDF; #define SSKDF_MAX_INLEN (1<<30) -@@ -73,6 +77,7 @@ typedef struct { +@@ -74,6 +78,7 @@ typedef struct { static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 }; static OSSL_FUNC_kdf_newctx_fn sskdf_new; @@ -503,7 +504,7 @@ index ecb98de6fd..98fcc583d8 100644 static void sskdf_reset(void *vctx) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; -@@ -392,6 +407,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, +@@ -382,6 +397,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, } md = ossl_prov_digest_md(&ctx->digest); @@ -515,7 +516,7 @@ index ecb98de6fd..98fcc583d8 100644 if (ctx->macctx != NULL) { /* H(x) = KMAC or H(x) = HMAC */ int ret; -@@ -473,6 +493,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen, +@@ -461,6 +481,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen, return 0; } @@ -527,7 +528,7 @@ index ecb98de6fd..98fcc583d8 100644 return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, ctx->info, ctx->info_len, 1, key, keylen); } -@@ -545,10 +570,74 @@ static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) +@@ -537,10 +562,74 @@ static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; OSSL_PARAM *p; @@ -605,7 +606,7 @@ index ecb98de6fd..98fcc583d8 100644 } static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, -@@ -556,6 +645,9 @@ static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, +@@ -548,6 +637,9 @@ static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -615,7 +616,7 @@ index ecb98de6fd..98fcc583d8 100644 OSSL_PARAM_END }; return known_gettable_ctx_params; -@@ -577,7 +669,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = { +@@ -569,7 +661,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = { }; const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = { @@ -625,7 +626,7 @@ index ecb98de6fd..98fcc583d8 100644 { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free }, { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset }, diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c -index 54124ad4cb..25a6c79a2e 100644 +index ff305579c3..e6f41020a4 100644 --- a/providers/implementations/kdfs/tls1_prf.c +++ b/providers/implementations/kdfs/tls1_prf.c @@ -104,6 +104,13 @@ typedef struct { @@ -642,7 +643,7 @@ index 54124ad4cb..25a6c79a2e 100644 } TLS1_PRF; static void *kdf_tls1_prf_new(void *provctx) -@@ -140,6 +147,7 @@ static void kdf_tls1_prf_reset(void *vctx) +@@ -137,6 +144,7 @@ static void kdf_tls1_prf_reset(void *vctx) EVP_MAC_CTX_free(ctx->P_sha1); OPENSSL_clear_free(ctx->sec, ctx->seclen); OPENSSL_cleanse(ctx->seed, ctx->seedlen); @@ -650,7 +651,7 @@ index 54124ad4cb..25a6c79a2e 100644 memset(ctx, 0, sizeof(*ctx)); ctx->provctx = provctx; } -@@ -194,6 +202,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, +@@ -191,6 +199,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } @@ -661,7 +662,7 @@ index 54124ad4cb..25a6c79a2e 100644 /* * The seed buffer is prepended with a label. -@@ -243,6 +255,9 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +@@ -240,6 +252,9 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } } @@ -671,7 +672,7 @@ index 54124ad4cb..25a6c79a2e 100644 if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) { OPENSSL_clear_free(ctx->sec, ctx->seclen); ctx->sec = NULL; -@@ -284,10 +299,60 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params( +@@ -281,10 +296,60 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params( static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { OSSL_PARAM *p; @@ -735,7 +736,7 @@ index 54124ad4cb..25a6c79a2e 100644 } static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params( -@@ -295,6 +360,9 @@ static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params( +@@ -292,6 +357,9 @@ static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params( { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -746,7 +747,7 @@ index 54124ad4cb..25a6c79a2e 100644 }; return known_gettable_ctx_params; diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c -index 4c274fe27a..5ce23c8eb9 100644 +index 19b54493ef..77a6210184 100644 --- a/providers/implementations/kdfs/x942kdf.c +++ b/providers/implementations/kdfs/x942kdf.c @@ -13,11 +13,13 @@ @@ -773,7 +774,7 @@ index 4c274fe27a..5ce23c8eb9 100644 } KDF_X942; /* -@@ -497,6 +502,10 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen, +@@ -495,6 +500,10 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen, ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING); return 0; } @@ -784,7 +785,7 @@ index 4c274fe27a..5ce23c8eb9 100644 ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len, der, der_len, ctr, key, keylen); OPENSSL_free(der); -@@ -600,10 +609,58 @@ static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) +@@ -598,10 +607,58 @@ static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { KDF_X942 *ctx = (KDF_X942 *)vctx; OSSL_PARAM *p; @@ -846,7 +847,7 @@ index 4c274fe27a..5ce23c8eb9 100644 } static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx, -@@ -611,6 +668,9 @@ static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx, +@@ -609,6 +666,9 @@ static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx, { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -856,12 +857,10 @@ index 4c274fe27a..5ce23c8eb9 100644 OSSL_PARAM_END }; return known_gettable_ctx_params; --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.fips-indicators-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.fips-indicators-patch 2024-01-02 12:11:36.633033731 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:12:54.022901822 +0100 +diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm +index 70f7c50fe4..6618122417 100644 +--- a/util/perl/OpenSSL/paramnames.pm ++++ b/util/perl/OpenSSL/paramnames.pm @@ -183,6 +183,7 @@ my %params = ( 'KDF_PARAM_X942_SUPP_PUBINFO' => "supp-pubinfo", 'KDF_PARAM_X942_SUPP_PRIVINFO' => "supp-privinfo", @@ -870,3 +869,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.fips-indicators-patch ope 'KDF_PARAM_HMACDRBG_ENTROPY' => "entropy", 'KDF_PARAM_HMACDRBG_NONCE' => "nonce", 'KDF_PARAM_THREADS' => "threads", # uint32_t +-- +2.44.0 + diff --git a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch index 68953fb..1a5ddb7 100644 --- a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +++ b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch @@ -1,22 +1,27 @@ -From 8e388e194e665286a8996d7d5926bab5c1a6b4f9 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 15:46:40 +0200 -Subject: [PATCH 38/48] +From a061dba4f6bb52b647aa8f411d32f0c8898a9cb2 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 35/49] 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch Patch-name: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch Patch-id: 83 +Patch-status: | + # [PATCH 37/46] + # 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- include/crypto/evp.h | 7 +++++++ include/openssl/evp.h | 3 +++ providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++ - 4 files changed, 28 insertions(+) + util/perl/OpenSSL/paramnames.pm | 13 +++++++------ + 4 files changed, 34 insertions(+), 6 deletions(-) diff --git a/include/crypto/evp.h b/include/crypto/evp.h -index aa07153441..a13127bd59 100644 +index 1e4895959b..5a2b324762 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h -@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); +@@ -206,6 +206,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); @@ -31,10 +36,10 @@ index aa07153441..a13127bd59 100644 OSSL_PROVIDER *prov; int name_id; diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 86f4e22c70..615857caf5 100644 +index ea7620d631..48d5886d1e 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -1194,6 +1194,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, +@@ -1199,6 +1199,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, void *arg); /* MAC stuff */ @@ -45,7 +50,7 @@ index 86f4e22c70..615857caf5 100644 EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties); diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c -index 52ebb08b8f..cf5c3ecbe7 100644 +index a1f3c2db84..f65215f532 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -21,6 +21,8 @@ @@ -55,9 +60,9 @@ index 52ebb08b8f..cf5c3ecbe7 100644 +#include "crypto/evp.h" + #include "internal/ssl3_cbc.h" - + #include "prov/implementations.h" -@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, +@@ -235,6 +237,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL), @@ -67,7 +72,7 @@ index 52ebb08b8f..cf5c3ecbe7 100644 OSSL_PARAM_END }; static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx, -@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) +@@ -256,6 +261,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) && !OSSL_PARAM_set_int(p, hmac_block_size(macctx))) return 0; @@ -86,12 +91,10 @@ index 52ebb08b8f..cf5c3ecbe7 100644 return 1; } --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch 2024-01-02 12:18:16.909596613 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:20:18.465886160 +0100 +diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm +index 6618122417..8b2d430f17 100644 +--- a/util/perl/OpenSSL/paramnames.pm ++++ b/util/perl/OpenSSL/paramnames.pm @@ -137,12 +137,13 @@ my %params = ( # If "engine",or "properties",are specified, they should always be paired # with "cipher",or "digest". @@ -112,3 +115,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.hmac-patch openssl-3.2.0/ # KDF / PRF parameters 'KDF_PARAM_SECRET' => "secret", # octet string +-- +2.44.0 + diff --git a/0088-signature-Add-indicator-for-PSS-salt-length.patch b/0088-signature-Add-indicator-for-PSS-salt-length.patch index 9cef315..63dc019 100644 --- a/0088-signature-Add-indicator-for-PSS-salt-length.patch +++ b/0088-signature-Add-indicator-for-PSS-salt-length.patch @@ -1,20 +1,24 @@ -From 98ee6faef3da1439c04f11cd2796132d27d1e607 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 15:58:07 +0200 -Subject: [PATCH 41/48] 0088-signature-Add-indicator-for-PSS-salt-length.patch +From 9134fadd6544be82f96e3d5ce9c1f489de6a1745 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 38/49] 0088-signature-Add-indicator-for-PSS-salt-length.patch Patch-name: 0088-signature-Add-indicator-for-PSS-salt-length.patch Patch-id: 88 +Patch-status: | + # 0088-signature-Add-indicator-for-PSS-salt-length.patch +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- include/openssl/evp.h | 4 ++++ - providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++++ - 3 files changed, 26 insertions(+) + providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++ + util/perl/OpenSSL/paramnames.pm | 23 ++++++++++--------- + 3 files changed, 37 insertions(+), 11 deletions(-) diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 615857caf5..05f2d0f75a 100644 +index 48d5886d1e..e3fa4a8043 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -799,6 +799,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +@@ -804,6 +804,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); @@ -26,10 +30,10 @@ index 615857caf5..05f2d0f75a 100644 EVP_PKEY *pkey); __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index cfaa4841cb..851671cfb1 100644 +index b0f32f0b57..1e56d673ee 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -1173,6 +1173,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) +@@ -1169,6 +1169,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) } } @@ -54,7 +58,7 @@ index cfaa4841cb..851671cfb1 100644 return 1; } -@@ -1182,6 +1200,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { +@@ -1178,6 +1196,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), @@ -64,12 +68,10 @@ index cfaa4841cb..851671cfb1 100644 OSSL_PARAM_END }; --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch 2024-01-02 12:23:57.106998142 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:26:29.687472015 +0100 +diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm +index 8b2d430f17..a109e44521 100644 +--- a/util/perl/OpenSSL/paramnames.pm ++++ b/util/perl/OpenSSL/paramnames.pm @@ -377,17 +377,18 @@ my %params = ( 'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm", @@ -100,3 +102,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.salt-patch openssl-3.2.0/ # Asym cipher parameters 'ASYM_CIPHER_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST', +-- +2.44.0 + diff --git a/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch b/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch index fcd53e6..9a65e22 100644 --- a/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +++ b/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch @@ -1,22 +1,27 @@ -From 5db03a4d024f1e396ff54d38ac70d9890b034074 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 16:10:11 +0200 -Subject: [PATCH 45/48] +From bfe2412d6d41c8d2299bf40e24f23d4abcfb68e9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 41/49] 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch Patch-name: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch Patch-id: 110 +Patch-status: | + # [PATCH 43/46] + # 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- include/openssl/evp.h | 4 +++ .../implementations/ciphers/ciphercommon.c | 4 +++ .../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++ - 4 files changed, 34 insertions(+) + util/perl/OpenSSL/paramnames.pm | 5 ++-- + 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 05f2d0f75a..f1a33ff6f2 100644 +index e3fa4a8043..dc42140932 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -748,6 +748,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +@@ -753,6 +753,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); @@ -28,10 +33,10 @@ index 05f2d0f75a..f1a33ff6f2 100644 const unsigned char *key, const unsigned char *iv); __owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c -index fa383165d8..716add7339 100644 +index db81af5401..ae66521827 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c -@@ -149,6 +149,10 @@ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { +@@ -152,6 +152,10 @@ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0), @@ -43,10 +48,10 @@ index fa383165d8..716add7339 100644 }; const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params( diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c -index ed95c97ff4..db7910eb0e 100644 +index fe24b450a5..b39d8d562c 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c -@@ -224,6 +224,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) +@@ -238,6 +238,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) break; } } @@ -78,12 +83,10 @@ index ed95c97ff4..db7910eb0e 100644 return 1; } --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch 2024-01-02 12:29:45.119433637 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:33:09.146723045 +0100 +diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm +index a109e44521..64e9809387 100644 +--- a/util/perl/OpenSSL/paramnames.pm ++++ b/util/perl/OpenSSL/paramnames.pm @@ -101,8 +101,9 @@ my %params = ( 'CIPHER_PARAM_SPEED' => "speed", # uint 'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string @@ -96,3 +99,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.ivgen-patch openssl-3.2.0 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE' => "tls1multi_maxbufsz", # size_t +-- +2.44.0 + diff --git a/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch b/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch index 7a2e1f3..fd073bd 100644 --- a/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch +++ b/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch @@ -1,22 +1,25 @@ -From 136988155862ce2b45683ef8045e7a8cdd11e215 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Mon, 21 Aug 2023 16:13:46 +0200 -Subject: [PATCH 47/48] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch +From 72a137b3f51ef8aeb2747bbc102ea5c98b6daa05 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 43/49] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch Patch-name: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch Patch-id: 113 +Patch-status: | + # 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - include/openssl/core_names.h | 2 ++ include/openssl/evp.h | 4 +++ .../implementations/asymciphers/rsa_enc.c | 22 ++++++++++++++ providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++- - 4 files changed, 57 insertions(+), 1 deletion(-) + util/perl/OpenSSL/paramnames.pm | 6 ++-- + 4 files changed, 59 insertions(+), 3 deletions(-) diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index f1a33ff6f2..dadbf46a5a 100644 +index dc42140932..3a6345d71e 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -1767,6 +1767,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); +@@ -1772,6 +1772,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); # endif @@ -28,10 +31,10 @@ index f1a33ff6f2..dadbf46a5a 100644 const char *properties); int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index d169bfd396..bd4dcb4e27 100644 +index f3443b0c66..b2c239c03b 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c -@@ -466,6 +466,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) +@@ -462,6 +462,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) return 0; @@ -59,7 +62,7 @@ index d169bfd396..bd4dcb4e27 100644 return 1; } -@@ -480,6 +501,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { +@@ -475,6 +496,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), #ifdef FIPS_MODULE OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), @@ -68,7 +71,7 @@ index d169bfd396..bd4dcb4e27 100644 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), OSSL_PARAM_END diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c -index 8a6f585d0b..f4b7415074 100644 +index 0824c6bdd6..2e637bdf30 100644 --- a/providers/implementations/kem/rsa_kem.c +++ b/providers/implementations/kem/rsa_kem.c @@ -152,11 +152,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa, @@ -112,12 +115,10 @@ index 8a6f585d0b..f4b7415074 100644 OSSL_PARAM_END }; --- -2.41.0 - -diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch openssl-3.2.0/util/perl/OpenSSL/paramnames.pm ---- openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch 2024-01-02 12:49:04.598756268 +0100 -+++ openssl-3.2.0/util/perl/OpenSSL/paramnames.pm 2024-01-02 12:53:16.466464414 +0100 +diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm +index 64e9809387..45ab0c8dc4 100644 +--- a/util/perl/OpenSSL/paramnames.pm ++++ b/util/perl/OpenSSL/paramnames.pm @@ -406,6 +406,7 @@ my %params = ( 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version", 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", @@ -138,3 +139,6 @@ diff -up openssl-3.2.0/util/perl/OpenSSL/paramnames.pm.kem-patch openssl-3.2.0/u # Capabilities +-- +2.44.0 + diff --git a/0115-skip-quic-pairwise.patch b/0115-skip-quic-pairwise.patch index 9a35acd..0d96f4d 100644 --- a/0115-skip-quic-pairwise.patch +++ b/0115-skip-quic-pairwise.patch @@ -1,50 +1,86 @@ -diff -up openssl-3.2.0/test/recipes/30-test_pairwise_fail.t.skip-test openssl-3.2.0/test/recipes/30-test_pairwise_fail.t ---- openssl-3.2.0/test/recipes/30-test_pairwise_fail.t.skip-test 2024-02-01 16:09:31.250757364 +0100 -+++ openssl-3.2.0/test/recipes/30-test_pairwise_fail.t 2024-02-01 16:09:43.243887179 +0100 -@@ -22,7 +22,7 @@ use lib bldtop_dir('.'); - plan skip_all => "These tests are unsupported in a non fips build" - if disabled("fips"); +From ec8e4e25cc5e5c67313c5fd6af94fa248685c3d1 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Thu, 7 Mar 2024 17:37:09 +0100 +Subject: [PATCH 45/49] 0115-skip-quic-pairwise.patch + +Patch-name: 0115-skip-quic-pairwise.patch +Patch-id: 115 +Patch-status: | + # skip quic and pairwise tests temporarily +--- + test/quicapitest.c | 4 +++- + test/recipes/01-test_symbol_presence.t | 1 + + test/recipes/30-test_pairwise_fail.t | 10 ++++++++-- + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/test/quicapitest.c b/test/quicapitest.c +index 41cf0fc7a8..0fb7492700 100644 +--- a/test/quicapitest.c ++++ b/test/quicapitest.c +@@ -2139,7 +2139,9 @@ int setup_tests(void) + ADD_TEST(test_cipher_find); + ADD_TEST(test_version); + #if defined(DO_SSL_TRACE_TEST) +- ADD_TEST(test_ssl_trace); ++ if (is_fips == 0) { ++ ADD_TEST(test_ssl_trace); ++ } + #endif + ADD_TEST(test_quic_forbidden_apis_ctx); + ADD_TEST(test_quic_forbidden_apis); +diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t +index 222b1886ae..7e2f65cccb 100644 +--- a/test/recipes/01-test_symbol_presence.t ++++ b/test/recipes/01-test_symbol_presence.t +@@ -185,6 +185,7 @@ foreach (sort keys %stlibname) { + } + } + my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols; ++@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates; + if (@duplicates) { + note "Duplicates:"; + note join('\n', @duplicates); +diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t +index c837d48fb4..6291c08c49 100644 +--- a/test/recipes/30-test_pairwise_fail.t ++++ b/test/recipes/30-test_pairwise_fail.t +@@ -9,7 +9,7 @@ + use strict; + use warnings; --plan tests => 5; -+plan skip_all => 5; - my $provconf = srctop_file("test", "fips-and-base.cnf"); +-use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file); ++use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file with); + use OpenSSL::Test::Utils; - run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), -diff -up openssl-3.2.0/test/recipes/75-test_quicapi.t.skip-test-quic openssl-3.2.0/test/recipes/75-test_quicapi.t ---- openssl-3.2.0/test/recipes/75-test_quicapi.t.skip-test-quic 2024-02-01 16:13:37.974733154 +0100 -+++ openssl-3.2.0/test/recipes/75-test_quicapi.t 2024-02-01 16:14:13.450183541 +0100 -@@ -25,7 +25,7 @@ plan skip_all => "QUIC protocol is not s - plan skip_all => "These tests are not supported in a fuzz build" - if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|enable-fuzz-afl/; + BEGIN { +@@ -39,20 +39,26 @@ SKIP: { + SKIP: { + skip "Skip EC test because of no ec in this build", 2 + if disabled("ec"); ++ with({ exit_checker => sub {my $val = shift; return $val == 134; } }, ++ sub { + ok(run(test(["pairwise_fail_test", "-config", $provconf, + "-pairwise", "ec"])), + "fips provider ec keygen pairwise failure test"); ++ }); --plan tests => -+plan skip_all => - ($no_fips ? 0 : 1) # quicapitest with fips - + 1; # quicapitest with default provider + skip "FIPS provider version is too old", 1 + if !$fips_exit; ++ with({ exit_checker => sub {my $val = shift; return $val == 134; } }, ++ sub { + ok(run(test(["pairwise_fail_test", "-config", $provconf, + "-pairwise", "eckat"])), + "fips provider ec keygen kat failure test"); ++ }); + } -diff -up openssl-3.2.0/test/recipes/70-test_quic_record.t.disable-quic-record openssl-3.2.0/test/recipes/70-test_quic_record.t ---- openssl-3.2.0/test/recipes/70-test_quic_record.t.disable-quic-record 2024-02-06 13:25:09.081772272 +0100 -+++ openssl-3.2.0/test/recipes/70-test_quic_record.t 2024-02-06 13:25:47.469243950 +0100 -@@ -17,6 +17,6 @@ plan skip_all => "QUIC protocol is not s - plan skip_all => "These tests are not supported in a fuzz build" - if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|enable-fuzz-afl/; - --plan tests => 1; -+plan skip_all => 1; - - ok(run(test(["quic_record_test"]))); -diff -up openssl-3.2.0/test/recipes/01-test_symbol_presence.t.skip-fail-686 openssl-3.2.0/test/recipes/01-test_symbol_presence.t ---- openssl-3.2.0/test/recipes/01-test_symbol_presence.t.skip-fail-686 2024-02-06 13:55:48.981028882 +0100 -+++ openssl-3.2.0/test/recipes/01-test_symbol_presence.t 2024-02-06 13:56:56.896819560 +0100 -@@ -53,8 +53,9 @@ my $testcount - $testcount - += (scalar keys %shlibpath) # Check for missing symbols in shared lib - unless disabled('shared'); -- --plan tests => $testcount; -+#Fix later, skipping this test as it fails in i686 due to duplicate -+#symbol OPENSSL_ia32cap_P -+plan skip_all => $testcount; - - ###################################################################### - # Collect symbols + SKIP: { + skip "Skip DSA tests because of no dsa in this build", 2 +- if disabled("dsa"); ++ if 1; #if disabled("dsa"); + ok(run(test(["pairwise_fail_test", "-config", $provconf, + "-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])), + "fips provider dsa keygen pairwise failure test"); +-- +2.44.0 + diff --git a/0116-version-aliasing.patch b/0116-version-aliasing.patch index 401252b..67d632d 100644 --- a/0116-version-aliasing.patch +++ b/0116-version-aliasing.patch @@ -1,37 +1,62 @@ -diff -up openssl-3.2.1/crypto/evp/digest.c.dup-patch openssl-3.2.1/crypto/evp/digest.c ---- openssl-3.2.1/crypto/evp/digest.c.dup-patch 2024-02-09 20:41:56.277567514 +0100 -+++ openssl-3.2.1/crypto/evp/digest.c 2024-02-09 20:42:59.317767764 +0100 -@@ -553,7 +554,10 @@ legacy: +From a2673b5e2e95bcf54a1746bfd409cca688275e75 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 6 Mar 2024 19:17:17 +0100 +Subject: [PATCH 46/49] 0116-version-aliasing.patch + +Patch-name: 0116-version-aliasing.patch +Patch-id: 116 +Patch-status: | + # Add version aliasing due to + # https://github.com/openssl/openssl/issues/23534 +From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce +--- + crypto/evp/digest.c | 7 ++++++- + crypto/evp/evp_enc.c | 7 ++++++- + test/recipes/01-test_symbol_presence.t | 1 + + util/libcrypto.num | 2 ++ + 4 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c +index 42331703da..3a280acc0e 100644 +--- a/crypto/evp/digest.c ++++ b/crypto/evp/digest.c +@@ -553,7 +553,12 @@ legacy: return ret; } -EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in) +EVP_MD_CTX ++#if !defined(FIPS_MODULE) +__attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"), + symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0"))) ++#endif +*EVP_MD_CTX_dup(const EVP_MD_CTX *in) { EVP_MD_CTX *out = EVP_MD_CTX_new(); -diff -up openssl-3.2.1/crypto/evp/evp_enc.c.dup-patch openssl-3.2.1/crypto/evp/evp_enc.c ---- openssl-3.2.1/crypto/evp/evp_enc.c.dup-patch 2024-02-09 18:47:04.054258303 +0100 -+++ openssl-3.2.1/crypto/evp/evp_enc.c 2024-02-09 20:43:00.926772711 +0100 -@@ -1444,7 +1445,10 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_C +diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c +index e9faf31057..5a29b8dbb7 100644 +--- a/crypto/evp/evp_enc.c ++++ b/crypto/evp/evp_enc.c +@@ -1444,7 +1444,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) #endif /* FIPS_MODULE */ } -EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in) +EVP_CIPHER_CTX ++#if !defined(FIPS_MODULE) +__attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"), + symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0"))) ++#endif +*EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in) { EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new(); -diff -up openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch openssl-3.2.1/test/recipes/01-test_symbol_presence.t ---- openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch 2024-02-09 20:44:10.860756724 +0100 -+++ openssl-3.2.1/test/recipes/01-test_symbol_presence.t 2024-02-09 20:45:14.981136289 +0100 -@@ -132,6 +132,7 @@ foreach (sort keys %stlibname) { +diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t +index 7e2f65cccb..cc947d4821 100644 +--- a/test/recipes/01-test_symbol_presence.t ++++ b/test/recipes/01-test_symbol_presence.t +@@ -131,6 +131,7 @@ foreach (sort keys %stlibname) { s| .*||; # Drop OpenSSL dynamic version information if there is any s|\@\@.+$||; @@ -39,10 +64,11 @@ diff -up openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch openssl- # Return the result $_ } -diff -up openssl-3.2.1/util/libcrypto.num.dup-patch openssl-3.2.1/util/libcrypto.num ---- openssl-3.2.1/util/libcrypto.num.dup-patch 2024-02-09 18:16:43.006553105 +0100 -+++ openssl-3.2.1/util/libcrypto.num 2024-02-09 18:19:17.554159687 +0100 -@@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 8046454025..068e9904e2 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key 5562 3_2_0 EXIST::FUNCTION: OSSL_STACK_OF_X509_free 5563 3_2_0 EXIST::FUNCTION: OSSL_trace_string 5564 3_2_0 EXIST::FUNCTION: EVP_MD_CTX_dup 5565 3_2_0 EXIST::FUNCTION: @@ -52,31 +78,6 @@ diff -up openssl-3.2.1/util/libcrypto.num.dup-patch openssl-3.2.1/util/libcrypto BN_signed_bin2bn 5567 3_2_0 EXIST::FUNCTION: BN_signed_bn2bin 5568 3_2_0 EXIST::FUNCTION: BN_signed_lebin2bn 5569 3_2_0 EXIST::FUNCTION: -diff -up openssl-3.2.1/crypto/evp/evp_enc.c.fips-dup openssl-3.2.1/crypto/evp/evp_enc.c ---- openssl-3.2.1/crypto/evp/evp_enc.c.fips-dup 2024-02-09 21:03:46.662261648 +0100 -+++ openssl-3.2.1/crypto/evp/evp_enc.c 2024-02-09 21:04:33.427691451 +0100 -@@ -1445,8 +1445,10 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_C - } - - EVP_CIPHER_CTX -+#if !defined(FIPS_MODULE) - __attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"), - symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0"))) -+#endif - *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in) - { - EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new(); -diff -up openssl-3.2.1/crypto/evp/digest.c.new-fips-dup openssl-3.2.1/crypto/evp/digest.c ---- openssl-3.2.1/crypto/evp/digest.c.new-fips-dup 2024-02-09 21:08:11.605474971 +0100 -+++ openssl-3.2.1/crypto/evp/digest.c 2024-02-09 21:08:47.095723742 +0100 -@@ -554,8 +554,10 @@ legacy: - } - - EVP_MD_CTX -+#if !defined(FIPS_MODULE) - __attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"), - symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0"))) -+#endif - *EVP_MD_CTX_dup(const EVP_MD_CTX *in) - { - EVP_MD_CTX *out = EVP_MD_CTX_new(); +-- +2.44.0 + diff --git a/0117-ignore-unknown-sigalgorithms-groups.patch b/0117-ignore-unknown-sigalgorithms-groups.patch new file mode 100644 index 0000000..3c52277 --- /dev/null +++ b/0117-ignore-unknown-sigalgorithms-groups.patch @@ -0,0 +1,318 @@ +From 242c746690dd1d0e500fa554c60536877d77776d Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 14 Dec 2023 17:08:56 +0100 +Subject: [PATCH 47/49] 0117-ignore-unknown-sigalgorithms-groups.patch + +Patch-name: 0117-ignore-unknown-sigalgorithms-groups.patch +Patch-id: 117 +Patch-status: | + # https://github.com/openssl/openssl/issues/23050 +--- + CHANGES.md | 13 +++++++ + doc/man3/SSL_CTX_set1_curves.pod | 6 ++- + doc/man3/SSL_CTX_set1_sigalgs.pod | 11 +++++- + ssl/t1_lib.c | 56 +++++++++++++++++++++------- + test/sslapitest.c | 61 +++++++++++++++++++++++++++++++ + 5 files changed, 132 insertions(+), 15 deletions(-) + +diff --git a/CHANGES.md b/CHANGES.md +index ca29762ac2..4e21d0ddf9 100644 +--- a/CHANGES.md ++++ b/CHANGES.md +@@ -27,6 +27,19 @@ OpenSSL 3.2 + + ### Changes between 3.2.0 and 3.2.1 [30 Jan 2024] + ++ * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms ++ config options and the respective calls to SSL[_CTX]_set1_sigalgs() and ++ SSL[_CTX]_set1_client_sigalgs() that start with `?` character are ++ ignored and the configuration will still be used. ++ ++ Similarly unknown entries that start with `?` character in a TLS ++ Groups config option or set with SSL[_CTX]_set1_groups_list() are ignored ++ and the configuration will still be used. ++ ++ In both cases if the resulting list is empty, an error is returned. ++ ++ *Tomáš Mráz* ++ + * A file in PKCS12 format can contain certificates and keys and may come from + an untrusted source. The PKCS12 specification allows certain fields to be + NULL, but OpenSSL did not correctly check for this case. A fix has been +diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod +index c26ef00306..f0566e148e 100644 +--- a/doc/man3/SSL_CTX_set1_curves.pod ++++ b/doc/man3/SSL_CTX_set1_curves.pod +@@ -58,7 +58,8 @@ string B. The string is a colon separated list of group names, for example + are B, B, B, B, B, B, + B, B, B, B, + B, B and B. Support for other groups may be +-added by external providers. ++added by external providers. If a group name is preceded with the C ++character, it will be ignored if an implementation is missing. + + SSL_set1_groups() and SSL_set1_groups_list() are similar except they set + supported groups for the SSL structure B. +@@ -142,6 +143,9 @@ The curve functions were added in OpenSSL 1.0.2. The equivalent group + functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group() function + was added in OpenSSL 3.0.0. + ++Support for ignoring unknown groups in SSL_CTX_set1_groups_list() and ++SSL_set1_groups_list() was added in OpenSSL 3.3. ++ + =head1 COPYRIGHT + + Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. +diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod +index eb31006346..5b7de7d956 100644 +--- a/doc/man3/SSL_CTX_set1_sigalgs.pod ++++ b/doc/man3/SSL_CTX_set1_sigalgs.pod +@@ -33,7 +33,9 @@ signature algorithms for B or B. The B parameter + must be a null terminated string consisting of a colon separated list of + elements, where each element is either a combination of a public key + algorithm and a digest separated by B<+>, or a TLS 1.3-style named +-SignatureScheme such as rsa_pss_pss_sha256. ++SignatureScheme such as rsa_pss_pss_sha256. If a list entry is preceded ++with the C character, it will be ignored if an implementation is missing. ++ + + SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), + SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set +@@ -106,6 +108,13 @@ using a string: + L, L, + L + ++=head1 HISTORY ++ ++Support for ignoring unknown signature algorithms in ++SSL_CTX_set1_sigalgs_list(), SSL_set1_sigalgs_list(), ++SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() ++was added in OpenSSL 3.3. ++ + =head1 COPYRIGHT + + Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 056aae3863..fe680449c5 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -1052,9 +1052,15 @@ static int gid_cb(const char *elem, int len, void *arg) + size_t i; + uint16_t gid = 0; + char etmp[GROUP_NAME_BUFFER_LENGTH]; ++ int ignore_unknown = 0; + + if (elem == NULL) + return 0; ++ if (elem[0] == '?') { ++ ignore_unknown = 1; ++ ++elem; ++ --len; ++ } + if (garg->gidcnt == garg->gidmax) { + uint16_t *tmp = + OPENSSL_realloc(garg->gid_arr, garg->gidmax + GROUPLIST_INCREMENT); +@@ -1070,13 +1076,14 @@ static int gid_cb(const char *elem, int len, void *arg) + + gid = tls1_group_name2id(garg->ctx, etmp); + if (gid == 0) { +- ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, +- "group '%s' cannot be set", etmp); +- return 0; ++ /* Unknown group - ignore, if ignore_unknown */ ++ return ignore_unknown; + } + for (i = 0; i < garg->gidcnt; i++) +- if (garg->gid_arr[i] == gid) +- return 0; ++ if (garg->gid_arr[i] == gid) { ++ /* Duplicate group - ignore */ ++ return 1; ++ } + garg->gid_arr[garg->gidcnt++] = gid; + return 1; + } +@@ -1097,6 +1104,11 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, + gcb.ctx = ctx; + if (!CONF_parse_list(str, ':', 1, gid_cb, &gcb)) + goto end; ++ if (gcb.gidcnt == 0) { ++ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, ++ "No valid groups in '%s'", str); ++ goto end; ++ } + if (pext == NULL) { + ret = 1; + goto end; +@@ -2905,8 +2917,15 @@ static int sig_cb(const char *elem, int len, void *arg) + const SIGALG_LOOKUP *s; + char etmp[TLS_MAX_SIGSTRING_LEN], *p; + int sig_alg = NID_undef, hash_alg = NID_undef; ++ int ignore_unknown = 0; ++ + if (elem == NULL) + return 0; ++ if (elem[0] == '?') { ++ ignore_unknown = 1; ++ ++elem; ++ --len; ++ } + if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT) + return 0; + if (len > (int)(sizeof(etmp) - 1)) +@@ -2931,8 +2950,10 @@ static int sig_cb(const char *elem, int len, void *arg) + break; + } + } +- if (i == OSSL_NELEM(sigalg_lookup_tbl)) +- return 0; ++ if (i == OSSL_NELEM(sigalg_lookup_tbl)) { ++ /* Ignore unknown algorithms if ignore_unknown */ ++ return ignore_unknown; ++ } + } else { + *p = 0; + p++; +@@ -2940,8 +2961,10 @@ static int sig_cb(const char *elem, int len, void *arg) + return 0; + get_sigorhash(&sig_alg, &hash_alg, etmp); + get_sigorhash(&sig_alg, &hash_alg, p); +- if (sig_alg == NID_undef || hash_alg == NID_undef) +- return 0; ++ if (sig_alg == NID_undef || hash_alg == NID_undef) { ++ /* Ignore unknown algorithms if ignore_unknown */ ++ return ignore_unknown; ++ } + for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); + i++, s++) { + if (s->hash == hash_alg && s->sig == sig_alg) { +@@ -2949,15 +2972,17 @@ static int sig_cb(const char *elem, int len, void *arg) + break; + } + } +- if (i == OSSL_NELEM(sigalg_lookup_tbl)) +- return 0; ++ if (i == OSSL_NELEM(sigalg_lookup_tbl)) { ++ /* Ignore unknown algorithms if ignore_unknown */ ++ return ignore_unknown; ++ } + } + +- /* Reject duplicates */ ++ /* Ignore duplicates */ + for (i = 0; i < sarg->sigalgcnt - 1; i++) { + if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) { + sarg->sigalgcnt--; +- return 0; ++ return 1; + } + } + return 1; +@@ -2973,6 +2998,11 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client) + sig.sigalgcnt = 0; + if (!CONF_parse_list(str, ':', 1, sig_cb, &sig)) + return 0; ++ if (sig.sigalgcnt == 0) { ++ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, ++ "No valid signature algorithms in '%s'", str); ++ return 0; ++ } + if (c == NULL) + return 1; + return tls1_set_raw_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client); +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 1c14f93ed1..184a0f1055 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -39,6 +39,7 @@ + #include "testutil.h" + #include "testutil/output.h" + #include "internal/nelem.h" ++#include "internal/tlsgroups.h" + #include "internal/ktls.h" + #include "../ssl/ssl_local.h" + #include "../ssl/record/methods/recmethod_local.h" +@@ -3147,6 +3148,7 @@ static const sigalgs_list testsigalgs[] = { + {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, + # endif + {NULL, 0, "RSA+SHA256", 1, 1}, ++ {NULL, 0, "RSA+SHA256:?Invalid", 1, 1}, + # ifndef OPENSSL_NO_EC + {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, + {NULL, 0, "ECDSA+SHA512", 1, 0}, +@@ -9276,6 +9278,64 @@ static int test_servername(int tst) + return testresult; + } + ++static int test_unknown_sigalgs_groups(void) ++{ ++ int ret = 0; ++ SSL_CTX *ctx = NULL; ++ ++ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) ++ goto end; ++ ++ if (!TEST_int_gt(SSL_CTX_set1_sigalgs_list(ctx, ++ "RSA+SHA256:?nonexistent:?RSA+SHA512"), ++ 0)) ++ goto end; ++ if (!TEST_size_t_eq(ctx->cert->conf_sigalgslen, 2) ++ || !TEST_int_eq(ctx->cert->conf_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) ++ || !TEST_int_eq(ctx->cert->conf_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) ++ goto end; ++ ++ if (!TEST_int_gt(SSL_CTX_set1_client_sigalgs_list(ctx, ++ "RSA+SHA256:?nonexistent:?RSA+SHA512"), ++ 0)) ++ goto end; ++ if (!TEST_size_t_eq(ctx->cert->client_sigalgslen, 2) ++ || !TEST_int_eq(ctx->cert->client_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) ++ || !TEST_int_eq(ctx->cert->client_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) ++ goto end; ++ ++ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, ++ "nonexistent"), ++ 0)) ++ goto end; ++ ++ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, ++ "?nonexistent1:?nonexistent2:?nonexistent3"), ++ 0)) ++ goto end; ++ ++#ifndef OPENSSL_NO_EC ++ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, ++ "P-256:nonexistent"), ++ 0)) ++ goto end; ++ ++ if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx, ++ "P-384:?nonexistent:?P-521"), ++ 0)) ++ goto end; ++ if (!TEST_size_t_eq(ctx->ext.supportedgroups_len, 2) ++ || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp384r1) ++ || !TEST_int_eq(ctx->ext.supportedgroups[1], OSSL_TLS_GROUP_ID_secp521r1)) ++ goto end; ++#endif ++ ++ ret = 1; ++ end: ++ SSL_CTX_free(ctx); ++ return ret; ++} ++ + #if !defined(OPENSSL_NO_EC) \ + && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) + /* +@@ -11519,6 +11579,7 @@ int setup_tests(void) + ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data)); + #endif + ADD_ALL_TESTS(test_servername, 10); ++ ADD_TEST(test_unknown_sigalgs_groups); + #if !defined(OPENSSL_NO_EC) \ + && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) + ADD_ALL_TESTS(test_sigalgs_available, 6); +-- +2.44.0 + diff --git a/0118-no-crl-memleak.patch b/0118-no-crl-memleak.patch new file mode 100644 index 0000000..ee7e745 --- /dev/null +++ b/0118-no-crl-memleak.patch @@ -0,0 +1,80 @@ +From 105217c7d58c726f4e646177e0aaefb6115aad3e Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Tue, 27 Feb 2024 15:22:58 +0100 +Subject: [PATCH 48/49] 0118-no-crl-memleak.patch + +Patch-name: 0118-no-crl-memleak.patch +Patch-id: 118 +Patch-status: | + # https://github.com/openssl/openssl/issues/23770 +--- + crypto/x509/by_file.c | 2 ++ + test/recipes/60-test_x509_load_cert_file.t | 3 ++- + test/x509_load_cert_file_test.c | 8 +++++++- + 3 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c +index 5073c137a2..85923804ac 100644 +--- a/crypto/x509/by_file.c ++++ b/crypto/x509/by_file.c +@@ -198,6 +198,8 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) + goto err; + } + count++; ++ X509_CRL_free(x); ++ x = NULL; + } + } else if (type == X509_FILETYPE_ASN1) { + x = d2i_X509_CRL_bio(in, NULL); +diff --git a/test/recipes/60-test_x509_load_cert_file.t b/test/recipes/60-test_x509_load_cert_file.t +index 75aeac362c..e329d7675c 100644 +--- a/test/recipes/60-test_x509_load_cert_file.t ++++ b/test/recipes/60-test_x509_load_cert_file.t +@@ -12,4 +12,5 @@ setup("test_load_cert_file"); + + plan tests => 1; + +-ok(run(test(["x509_load_cert_file_test", srctop_file("test", "certs", "leaf-chain.pem")]))); ++ok(run(test(["x509_load_cert_file_test", srctop_file("test", "certs", "leaf-chain.pem"), ++ srctop_file("test", "certs", "cyrillic_crl.pem")]))); +diff --git a/test/x509_load_cert_file_test.c b/test/x509_load_cert_file_test.c +index 4a736071ae..c07d329915 100644 +--- a/test/x509_load_cert_file_test.c ++++ b/test/x509_load_cert_file_test.c +@@ -12,6 +12,7 @@ + #include "testutil.h" + + static const char *chain; ++static const char *crl; + + static int test_load_cert_file(void) + { +@@ -27,12 +28,15 @@ static int test_load_cert_file(void) + && TEST_int_eq(sk_X509_num(certs), 4)) + ret = 1; + ++ if (crl != NULL && !TEST_true(X509_load_crl_file(lookup, crl, X509_FILETYPE_PEM))) ++ ret = 0; ++ + OSSL_STACK_OF_X509_free(certs); + X509_STORE_free(store); + return ret; + } + +-OPT_TEST_DECLARE_USAGE("cert.pem...\n") ++OPT_TEST_DECLARE_USAGE("cert.pem [crl.pem]\n") + + int setup_tests(void) + { +@@ -45,6 +49,8 @@ int setup_tests(void) + if (chain == NULL) + return 0; + ++ crl = test_get_argument(1); ++ + ADD_TEST(test_load_cert_file); + return 1; + } +-- +2.44.0 + diff --git a/0119-provider-sigalgs-in-signaturealgorithms-conf.patch b/0119-provider-sigalgs-in-signaturealgorithms-conf.patch new file mode 100644 index 0000000..c363223 --- /dev/null +++ b/0119-provider-sigalgs-in-signaturealgorithms-conf.patch @@ -0,0 +1,170 @@ +From f5b48604779362c91a22080b6905413fbba28b74 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Fri, 8 Mar 2024 11:18:12 +0100 +Subject: [PATCH 49/49] 0119-provider-sigalgs-in-signaturealgorithms-conf.patch + +Patch-name: 0119-provider-sigalgs-in-signaturealgorithms-conf.patch +Patch-id: 119 +Patch-status: | + # https://github.com/openssl/openssl/issues/22779 +--- + ssl/s3_lib.c | 8 ++++---- + ssl/ssl_lib.c | 2 +- + ssl/ssl_local.h | 2 +- + ssl/t1_lib.c | 45 ++++++++++++++++++++++++++++++++++----------- + 4 files changed, 40 insertions(+), 17 deletions(-) + +diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c +index e8ec98c221..48a1aa0e61 100644 +--- a/ssl/s3_lib.c ++++ b/ssl/s3_lib.c +@@ -3685,13 +3685,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) + return tls1_set_sigalgs(sc->cert, parg, larg, 0); + + case SSL_CTRL_SET_SIGALGS_LIST: +- return tls1_set_sigalgs_list(sc->cert, parg, 0); ++ return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0); + + case SSL_CTRL_SET_CLIENT_SIGALGS: + return tls1_set_sigalgs(sc->cert, parg, larg, 1); + + case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: +- return tls1_set_sigalgs_list(sc->cert, parg, 1); ++ return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1); + + case SSL_CTRL_GET_CLIENT_CERT_TYPES: + { +@@ -3968,13 +3968,13 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) + return tls1_set_sigalgs(ctx->cert, parg, larg, 0); + + case SSL_CTRL_SET_SIGALGS_LIST: +- return tls1_set_sigalgs_list(ctx->cert, parg, 0); ++ return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0); + + case SSL_CTRL_SET_CLIENT_SIGALGS: + return tls1_set_sigalgs(ctx->cert, parg, larg, 1); + + case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: +- return tls1_set_sigalgs_list(ctx->cert, parg, 1); ++ return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1); + + case SSL_CTRL_SET_CLIENT_CERT_TYPES: + return ssl3_set_req_cert_type(ctx->cert, parg, larg); +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 1329841aaf..4d95ab71cd 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -3078,7 +3078,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) + return tls1_set_groups_list(ctx, NULL, NULL, parg); + case SSL_CTRL_SET_SIGALGS_LIST: + case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: +- return tls1_set_sigalgs_list(NULL, parg, 0); ++ return tls1_set_sigalgs_list(ctx, NULL, parg, 0); + default: + return 0; + } +diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h +index 0d3acfbe66..a73b2c4770 100644 +--- a/ssl/ssl_local.h ++++ b/ssl/ssl_local.h +@@ -2796,7 +2796,7 @@ __owur int tls_use_ticket(SSL_CONNECTION *s); + + void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op); + +-__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); ++__owur int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client); + __owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, + int client); + __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index fe680449c5..87f2ae7000 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -716,6 +716,7 @@ int ssl_load_sigalgs(SSL_CTX *ctx) + + /* now populate ctx->ssl_cert_info */ + if (ctx->sigalg_list_len > 0) { ++ OPENSSL_free(ctx->ssl_cert_info); + ctx->ssl_cert_info = OPENSSL_zalloc(sizeof(lu) * ctx->sigalg_list_len); + if (ctx->ssl_cert_info == NULL) + return 0; +@@ -2889,6 +2890,7 @@ typedef struct { + size_t sigalgcnt; + /* TLSEXT_SIGALG_XXX values */ + uint16_t sigalgs[TLS_MAX_SIGALGCNT]; ++ SSL_CTX *ctx; + } sig_cb_st; + + static void get_sigorhash(int *psig, int *phash, const char *str) +@@ -2913,7 +2915,8 @@ static void get_sigorhash(int *psig, int *phash, const char *str) + static int sig_cb(const char *elem, int len, void *arg) + { + sig_cb_st *sarg = arg; +- size_t i; ++ size_t i = 0; ++ int load_success = 0; + const SIGALG_LOOKUP *s; + char etmp[TLS_MAX_SIGSTRING_LEN], *p; + int sig_alg = NID_undef, hash_alg = NID_undef; +@@ -2943,17 +2946,36 @@ static int sig_cb(const char *elem, int len, void *arg) + * in the table. + */ + if (p == NULL) { +- for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); +- i++, s++) { +- if (s->name != NULL && strcmp(etmp, s->name) == 0) { +- sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; +- break; +- } ++ /* Load provider sigalgs */ ++ if (sarg->ctx) { ++ load_success = ssl_load_sigalgs(sarg->ctx); + } +- if (i == OSSL_NELEM(sigalg_lookup_tbl)) { +- /* Ignore unknown algorithms if ignore_unknown */ +- return ignore_unknown; ++ if (load_success) { ++ /* Check if a provider supports the sigalg */ ++ for (i = 0; i < sarg->ctx->sigalg_list_len; i++) { ++ if (sarg->ctx->sigalg_list[i].sigalg_name != NULL ++ && strcmp(etmp, ++ sarg->ctx->sigalg_list[i].sigalg_name) == 0) { ++ sarg->sigalgs[sarg->sigalgcnt++] = ++ sarg->ctx->sigalg_list[i].code_point; ++ break; ++ } ++ } + } ++ /* Check the built-in sigalgs */ ++ if (!sarg->ctx || !load_success || i == sarg->ctx->sigalg_list_len) { ++ for (i = 0, s = sigalg_lookup_tbl; ++ i < OSSL_NELEM(sigalg_lookup_tbl); i++, s++) { ++ if (s->name != NULL && strcmp(etmp, s->name) == 0) { ++ sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; ++ break; ++ } ++ } ++ if (i == OSSL_NELEM(sigalg_lookup_tbl)) { ++ /* Ignore unknown algorithms if ignore_unknown */ ++ return ignore_unknown; ++ } ++ } + } else { + *p = 0; + p++; +@@ -2992,10 +3014,11 @@ static int sig_cb(const char *elem, int len, void *arg) + * Set supported signature algorithms based on a colon separated list of the + * form sig+hash e.g. RSA+SHA512:DSA+SHA512 + */ +-int tls1_set_sigalgs_list(CERT *c, const char *str, int client) ++int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client) + { + sig_cb_st sig; + sig.sigalgcnt = 0; ++ sig.ctx = ctx; + if (!CONF_parse_list(str, ':', 1, sig_cb, &sig)) + return 0; + if (sig.sigalgcnt == 0) { +-- +2.44.0 + diff --git a/openssl.spec b/openssl.spec index a70fa4b..69c44ed 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.2.1 -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 Source: openssl-%{version}.tar.gz Source2: Makefile.certificate @@ -40,88 +40,88 @@ Source7: renew-dummy-cert Source9: configuration-switch.h Source10: configuration-prefix.h Source14: 0025-for-tests.patch -# # Patches exported from source git -# # Aarch64 and ppc64le use lib64 +# Patches exported from source git +# Aarch64 and ppc64le use lib64 Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch -# # Use more general default values in openssl.cnf +# Use more general default values in openssl.cnf Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch -# # Do not install html docs +# Do not install html docs Patch3: 0003-Do-not-install-html-docs.patch -# # Override default paths for the CA directory tree +# Override default paths for the CA directory tree Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch -# # apps/ca: fix md option help text +# apps/ca: fix md option help text Patch5: 0005-apps-ca-fix-md-option-help-text.patch -# # Disable signature verification with totally unsafe hash algorithms +# Disable signature verification with totally unsafe hash algorithms Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch -# # Add support for PROFILE=SYSTEM system default cipherlist +# Add support for PROFILE=SYSTEM system default cipherlist Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch -# # Add FIPS_mode() compatibility macro +# Add FIPS_mode() compatibility macro Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch -# # Add check to see if fips flag is enabled in kernel +# Add check to see if fips flag is enabled in kernel Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch -# # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so -# # that new modifications made to these files by upstream are not lost. +# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so +# that new modifications made to these files by upstream are not lost. Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch -# # remove unsupported EC curves +# remove unsupported EC curves Patch11: 0011-Remove-EC-curves.patch -# # Disable explicit EC curves -# # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 +# Disable explicit EC curves +# https://bugzilla.redhat.com/show_bug.cgi?id=2066412 Patch12: 0012-Disable-explicit-ec.patch -# # Skipped tests from former 0011-Remove-EC-curves.patch +# Skipped tests from former 0011-Remove-EC-curves.patch Patch13: 0013-skipped-tests-EC-curves.patch -# # Instructions to load legacy provider in openssl.cnf +# Instructions to load legacy provider in openssl.cnf Patch24: 0024-load-legacy-prov.patch -# # We load FIPS provider and set FIPS properties implicitly +# We load FIPS provider and set FIPS properties implicitly Patch32: 0032-Force-fips.patch -# # Embed HMAC into the fips.so +# Embed HMAC into the fips.so # Modify fips self test as per # https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a Patch33: 0033-FIPS-embed-hmac.patch -# # Comment out fipsinstall command-line utility +# Comment out fipsinstall command-line utility Patch34: 0034.fipsinstall_disable.patch -# # Skip unavailable algorithms running `openssl speed` +# Skip unavailable algorithms running `openssl speed` Patch35: 0035-speed-skip-unavailable-dgst.patch -# # Extra public/private key checks required by FIPS-140-3 +# Extra public/private key checks required by FIPS-140-3 Patch44: 0044-FIPS-140-3-keychecks.patch -# # Minimize fips services +# Minimize fips services Patch45: 0045-FIPS-services-minimize.patch -# # Execute KATS before HMAC verification +# Execute KATS before HMAC verification Patch47: 0047-FIPS-early-KATS.patch -# # Selectively disallow SHA1 signatures rhbz#2070977 +# Selectively disallow SHA1 signatures rhbz#2070977 Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch -# # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) +# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 Patch58: 0058-FIPS-limit-rsa-encrypt.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2087147 +# https://bugzilla.redhat.com/show_bug.cgi?id=2087147 Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch # 0062-fips-Expose-a-FIPS-indicator.patch Patch62: 0062-fips-Expose-a-FIPS-indicator.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch -# [PATCH 29/46] -# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +# [PATCH 29/46] +# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch -# # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) -# # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) +# https://bugzilla.redhat.com/show_bug.cgi?id=2102541 Patch76: 0076-FIPS-140-3-DRBG.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2102542 +# https://bugzilla.redhat.com/show_bug.cgi?id=2102542 Patch77: 0077-FIPS-140-3-zeroization.patch -# # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 +# https://bugzilla.redhat.com/show_bug.cgi?id=2114772 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch -# # We believe that some changes present in CentOS are not necessary -# # because ustream has a check for FIPS version +# We believe that some changes present in CentOS are not necessary +# because ustream has a check for FIPS version Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch -# [PATCH 36/46] -# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +# [PATCH 36/46] +# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch -# [PATCH 37/46] -# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +# [PATCH 37/46] +# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch -# [PATCH 38/46] -# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +# [PATCH 38/46] +# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch # 0085-FIPS-RSA-disable-shake.patch Patch85: 0085-FIPS-RSA-disable-shake.patch @@ -129,25 +129,31 @@ Patch85: 0085-FIPS-RSA-disable-shake.patch Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch # 0091-FIPS-RSA-encapsulate.patch Patch91: 0091-FIPS-RSA-encapsulate.patch -# [PATCH 42/46] -# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +# [PATCH 42/46] +# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch Patch93: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch -# [PATCH 43/46] -# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +# [PATCH 43/46] +# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch -# [PATCH 44/46] -# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch +# [PATCH 44/46] +# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch # 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch -# # We believe that some changes present in CentOS are not necessary -# # because ustream has a check for FIPS version +# We believe that some changes present in CentOS are not necessary +# because ustream has a check for FIPS version Patch114: 0114-FIPS-enforce-EMS-support.patch # skip quic and pairwise tests temporarily Patch115: 0115-skip-quic-pairwise.patch # Add version aliasing due to # https://github.com/openssl/openssl/issues/23534 Patch116: 0116-version-aliasing.patch +# https://github.com/openssl/openssl/issues/23050 +Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch +# https://github.com/openssl/openssl/issues/23770 +Patch118: 0118-no-crl-memleak.patch +# https://github.com/openssl/openssl/issues/22779 +Patch119: 0119-provider-sigalgs-in-signaturealgorithms-conf.patch License: Apache-2.0 URL: http://www.openssl.org/ @@ -483,6 +489,11 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Thu Mar 07 2024 Dmitry Belyavskiy - 1:3.2.1-3 +- Minimize skipping tests +- Allow ignoring unknown signature algorithms and groups (upstream #23050) +- Allow specifying provider algorithms in SignatureAlgorithms (upstream #22779) + * Fri Feb 09 2024 Sahana Prasad - 1:3.2.1-2 - Fix version aliasing issue - https://github.com/openssl/openssl/issues/23534