ELN: fix SHA1 signature patch again

The util/libcrypto.num patch did not apply cleanly.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>

.gitignore

@@ -1,6 +1,5 @@
 .build*.log
 clog
-000*.patch
 *.src.rpm
 openssl-1.0.0a-usa.tar.bz2
 /openssl-1.0.0b-usa.tar.bz2
@@ -56,3 +55,5 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-3.0.2-hobbled.tar.gz
 /openssl-3.0.3-hobbled.tar.gz
 /openssl-3.0.5-hobbled.tar.xz
+/openssl-3.0.7-hobbled.tar.gz
+/openssl-3.0.8-hobbled.tar.gz

0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch

@@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
 @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure    ?	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
  OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
  OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
+ OSSL_CMP_CTX_reset_geninfo_ITAVs        5558	3_0_8	EXIST::FUNCTION:CMP
 +ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 -- 
 2.26.2

0008-Add-FIPS_mode-compatibility-macro.patch

@@ -12,24 +12,12 @@ default context.
  3 files changed, 39 insertions(+)
  create mode 100644 include/openssl/fips.h
 
-diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
-index 1036da9a2b..9d4896fcaf 100644
---- a/include/openssl/crypto.h.in
-+++ b/include/openssl/crypto.h.in
-@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
- # include <openssl/opensslconf.h>
- # include <openssl/cryptoerr.h>
- # include <openssl/core.h>
-+# include <openssl/fips.h>
- 
- # ifdef CHARSET_EBCDIC
- #  include <openssl/ebcdic.h>
 diff --git a/include/openssl/fips.h b/include/openssl/fips.h
 new file mode 100644
 index 0000000000..c64f0f8e8f
 --- /dev/null
 +++ b/include/openssl/fips.h
-@@ -0,0 +1,25 @@
+@@ -0,0 +1,26 @@
 +/*
 + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 + *
@@ -43,6 +31,7 @@ index 0000000000..c64f0f8e8f
 +# define OPENSSL_FIPS_H
 +# pragma once
 +
++# include <openssl/evp.h>
 +# include <openssl/macros.h>
 +
 +# ifdef __cplusplus
@@ -58,10 +47,11 @@ index 0000000000..c64f0f8e8f
 diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
 --- openssl-3.0.0-beta1/test/property_test.c.fips-macro	2021-06-29 12:14:58.851557698 +0200
 +++ openssl-3.0.0-beta1/test/property_test.c	2021-06-29 12:17:14.630143832 +0200
-@@ -488,6 +488,18 @@ static int test_property_list_to_string(
+@@ -488,6 +488,19 @@ static int test_property_list_to_string(
      return ret;
  }
- 
+
++#include <openssl/fips.h>
 +static int test_downstream_FIPS_mode(void)
 +{
 +    int ret = 0;

0009-Add-Kernel-FIPS-mode-flag-support.patch

@@ -2,8 +2,8 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
 --- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips	2021-03-16 00:09:55.814826432 +0100
 +++ openssl-3.0.0-alpha13/crypto/context.c	2021-03-16 00:15:55.129043811 +0100
 @@ -12,11 +12,46 @@
- #include "internal/provider.h"
  #include "crypto/ctype.h"
+ #include "crypto/rand.h"
  
 +# include <sys/types.h>
 +# include <sys/stat.h>

0011-Remove-EC-curves.patch

@@ -5011,3 +5011,15 @@ diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remov
  Title=prime256v1 curve tests
  
  PrivateKey=ALICE_cf_prime256v1
+diff -up openssl-3.0.7/test/recipes/15-test_ec.t.skipshort openssl-3.0.7/test/recipes/15-test_ec.t
+--- openssl-3.0.7/test/recipes/15-test_ec.t.skipshort	2022-11-23 12:40:55.324395782 +0100
++++ openssl-3.0.7/test/recipes/15-test_ec.t	2022-11-23 12:42:12.478094387 +0100
+@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key
+ 
+ subtest 'Check loading of fips and non-fips keys' => sub {
+     plan skip_all => "FIPS is disabled"
+-        if $no_fips;
++        if 1; #Red Hat specific, original value is $no_fips;
+ 
+     plan tests => 2;
+ 

0032-Force-fips.patch

@@ -7,6 +7,14 @@
 diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
 --- openssl-3.0.1/crypto/provider_conf.c.fipsact	2022-05-12 12:44:31.199034948 +0200
 +++ openssl-3.0.1/crypto/provider_conf.c	2022-05-12 12:49:17.468318373 +0200
+@@ -10,6 +10,7 @@
+ #include <string.h>
+ #include <openssl/trace.h>
+ #include <openssl/err.h>
++#include <openssl/evp.h>
+ #include <openssl/conf.h>
+ #include <openssl/safestack.h>
+ #include <openssl/provider.h>
 @@ -136,58 +136,18 @@ static int prov_already_activated(const
      return 0;
  }

0033-FIPS-embed-hmac.patch

@@ -1,7 +1,7 @@
-diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/providers/fips/self_test.c
---- openssl-3.0.0/providers/fips/self_test.c.embed-hmac	2021-11-16 13:57:05.127171056 +0100
-+++ openssl-3.0.0/providers/fips/self_test.c	2021-11-16 14:07:21.963412455 +0100
-@@ -171,11 +171,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
+diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/providers/fips/self_test.c
+--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac	2023-01-05 10:03:44.864869710 +0100
++++ openssl-3.0.7/providers/fips/self_test.c	2023-01-05 10:15:17.041606472 +0100
+@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
  }
  #endif
  
@@ -29,13 +29,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
  static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
                              unsigned char *expected, size_t expected_len,
                              OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-@@ -183,14 +199,26 @@ static int verify_integrity(OSSL_CORE_BI
- {
-     int ret = 0, status;
-     unsigned char out[MAX_MD_SIZE];
--    unsigned char buf[INTEGRITY_BUF_SIZE];
-+    unsigned char buf[INTEGRITY_BUF_SIZE+HMAC_LEN];
-     size_t bytes_read = 0, out_len = 0;
+@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI
      EVP_MAC *mac = NULL;
      EVP_MAC_CTX *ctx = NULL;
      OSSL_PARAM params[2], *p = params;
@@ -44,7 +38,6 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
 +    struct link_map *lm = NULL;
 +    unsigned long paddr;
 +    unsigned long off = 0;
-+    int have_rest = 0;
  
      OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
  
@@ -57,64 +50,52 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
      mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
      if (mac == NULL)
          goto err;
-@@ -204,12 +233,53 @@ static int verify_integrity(OSSL_CORE_BI
+@@ -205,13 +233,42 @@ static int verify_integrity(OSSL_CORE_BI
      if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
          goto err;
  
-+    status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
-+    if (status != 1 || bytes_read != HMAC_LEN)
-+        goto err;
-+    off += HMAC_LEN;
-+
-     while (1) {
+-    while (1) {
 -        status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
--        if (status != 1)
-+        status = read_ex_cb(bio, buf+HMAC_LEN, INTEGRITY_BUF_SIZE, &bytes_read);
-+        if (status != 1) {
-+            have_rest = 1;
-+            break;
-+        }
-+
-+        if (bytes_read == INTEGRITY_BUF_SIZE) { /* Full block */
-+            /* Logic:
-+             * We have HMAC_LEN (read before) + INTEGRITY_BUF_SIZE (read now) in buffer
-+             * We calculate HMAC from first INTEGRITY_BUF_SIZE bytes
-+             * and move last HMAC_LEN bytes to the beginning of the buffer
-+             *
-+             * If we have read (a part of) buffer fips_hmac_container
-+             * we should replace it with zeros.
-+             * If it is inside our current buffer, we will update now.
-+             * If it intersects the upper bound, we will clean up on the next step.
-+             */
-+            if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
-+                memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
-+            off += bytes_read;
-+
-+            if (!EVP_MAC_update(ctx, buf, bytes_read))
-+                goto err;
-+            memcpy (buf, buf+INTEGRITY_BUF_SIZE, HMAC_LEN);
-+        } else { /* Final block */
-+            /* Logic is basically the same as in previous branch
-+             * but we calculate HMAC from HMAC_LEN (rest of previous step)
-+             * and bytes_read read on this step
-+             * */
-+            if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
-+                memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
-+            if (!EVP_MAC_update(ctx, buf, bytes_read+HMAC_LEN))
-+                goto err;
-+            off += bytes_read;
++    while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
++        status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
+         if (status != 1)
              break;
--        if (!EVP_MAC_update(ctx, buf, bytes_read))
-+        }
-+    }
-+    if (have_rest) {
-+        if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
+         if (!EVP_MAC_update(ctx, buf, bytes_read))
              goto err;
-+        off += HMAC_LEN;
++	off += bytes_read;
      }
++
++    if (off + INTEGRITY_BUF_SIZE > paddr) {
++        int delta = paddr - off;
++        status = read_ex_cb(bio, buf, delta, &bytes_read);
++        if (status != 1)
++            goto err;
++        if (!EVP_MAC_update(ctx, buf, bytes_read))
++            goto err;
++	off += bytes_read;
++
++        status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
++        memset(buf, 0, HMAC_LEN);
++        if (status != 1)
++            goto err;
++        if (!EVP_MAC_update(ctx, buf, bytes_read))
++            goto err;
++	off += bytes_read;
++    }
++
++    while (bytes_read > 0) {
++        status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
++        if (status != 1)
++            break;
++        if (!EVP_MAC_update(ctx, buf, bytes_read))
++            goto err;
++	off += bytes_read;
++    }
++
      if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
          goto err;
-@@ -284,8 +358,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+ 
+@@ -285,8 +342,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
          CRYPTO_THREAD_unlock(fips_state_lock);
      }
  
@@ -124,7 +105,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
          ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
          goto end;
      }
-@@ -294,8 +367,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+@@ -305,8 +361,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
      if (ev == NULL)
          goto end;
  
@@ -136,7 +117,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
      if (module_checksum == NULL) {
          ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
          goto end;
-@@ -357,7 +431,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
      ok = 1;
  end:
      OSSL_SELF_TEST_free(ev);

0034.fipsinstall_disable.patch

@@ -148,7 +148,7 @@ diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_
 +environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
 +for more information.
  
- =head1 COPYRIGHT
+ =head1 HISTORY
  
 diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod
 --- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx	2021-11-22 13:18:13.850086386 +0100

0035-speed-skip-unavailable-dgst.patch

@@ -11,16 +11,3 @@ diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
          if (!EVP_MAC_init(mctx, NULL, 0, NULL)
              || !EVP_MAC_update(mctx, buf, lengths[testnum])
              || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
-@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv)
-             if (loopargs[i].mctx == NULL)
-                 goto end;
- 
--            if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
--                goto end;
-+            if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) {
-+                EVP_MAC_CTX_free(loopargs[i].mctx);
-+                loopargs[i].mctx = NULL;
-+            }
-         }
-         for (testnum = 0; testnum < size_num; testnum++) {
-             print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],

0049-Allow-disabling-of-SHA1-signatures.patch

@@ -493,8 +493,8 @@ index 10b4e57d79..2d3c363bb0 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
 @@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex                        5552	3_0_0	EXIST::FUNCTION:
- OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
  OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
+ OSSL_CMP_CTX_reset_geninfo_ITAVs        5558	3_0_8	EXIST::FUNCTION:CMP
  ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 +ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
 +ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:

0049-Selectively-disallow-SHA1-signatures.patch

@@ -1,4 +1,4 @@
-From f6a2f59574788aadd0ce323ad8ebe4d0c470672e Mon Sep 17 00:00:00 2001
+From e738d17c45869eda31cb94f2832e65ec7cf8afa9 Mon Sep 17 00:00:00 2001
 From: Clemens Lang <cllang@redhat.com>
 Date: Wed, 17 Aug 2022 12:56:29 -0400
 Subject: [PATCH] Selectively disallow SHA1 signatures
@@ -235,7 +235,7 @@ index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73
  
  The value is a boolean that can be B<yes> or B<no>.  If the value is
 diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
-index 1291299b6e50ea129ba77c85bb0b21b0997e4494..e234341e6afd15f7108c7af453d6f2190c086b04 100644
+index 934d4b089c209a16b01a364da0f528afd4d12475..45346d7d0b0c91eae4a9d4466ed314c0873cf6f6 100644
 --- a/include/internal/cryptlib.h
 +++ b/include/internal/cryptlib.h
 @@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
@@ -439,7 +439,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569
      if (pmgf1mdname != NULL
          && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 48a0b7f6e5908e62b433a306c49a3f2ff7e8df76..909e38c2fe88324884a939b583fd7f43d01f3920 100644
+index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b6c8e1a03 100644
 --- a/ssl/t1_lib.c
 +++ b/ssl/t1_lib.c
 @@ -20,6 +20,7 @@
@@ -477,15 +477,15 @@ index 48a0b7f6e5908e62b433a306c49a3f2ff7e8df76..909e38c2fe88324884a939b583fd7f43
          if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
              cache[i].enabled = 0;
 diff --git a/util/libcrypto.num b/util/libcrypto.num
-index d94f406606132690d4744e470d98eff377d87699..07ae9a21ec979028eb78feaee4cadb801b790caf 100644
+index 4e729be97d7b31b4caf0c3bab06dbce908dc2628..2ad515028ac6522e43cdb48794ba2cc96de56049 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
-@@ -5428,3 +5428,5 @@ EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
- OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+@@ -5429,3 +5429,5 @@ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
  OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
+ OSSL_CMP_CTX_reset_geninfo_ITAVs        5558	3_0_8	EXIST::FUNCTION:CMP
  ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 +ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
 +ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:
 -- 
-2.37.2
+2.39.1
 

0056-strcasecmp.patch

@@ -1,14 +1,54 @@
 diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
 --- openssl-3.0.3/util/libcrypto.num.locale	2022-06-01 12:35:52.667498724 +0200
 +++ openssl-3.0.3/util/libcrypto.num	2022-06-01 12:36:08.112633093 +0200
-@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex
- ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
--OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
--OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
-+OPENSSL_strcasecmp                      5556	3_0_1	EXIST::FUNCTION:
-+OPENSSL_strncasecmp                     5557	3_0_1	EXIST::FUNCTION:
+@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex
+ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
+ OSSL_CMP_CTX_reset_geninfo_ITAVs        5558	3_0_8	EXIST::FUNCTION:CMP
++OPENSSL_strcasecmp                      ?	3_0_1	EXIST::FUNCTION:
++OPENSSL_strncasecmp                     ? 	3_0_1	EXIST::FUNCTION:
  ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
  ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
  ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:
+diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
+--- openssl-3.0.7/crypto/o_str.c.cmp	2022-11-25 12:50:22.449760653 +0100
++++ openssl-3.0.7/crypto/o_str.c	2022-11-25 12:51:19.416350584 +0100
+@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char
+ #endif
+ }
+ 
+-int OPENSSL_strcasecmp(const char *s1, const char *s2)
++int
++#ifndef FIPS_MODULE
++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
++                    symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strcasecmp(const char *s1, const char *s2)
+ {
+     int t;
+ 
+@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c
+     return t;
+ }
+ 
+-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
++int
++#ifndef FIPS_MODULE
++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
++                    symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
+ {
+     int t;
+     size_t i;
+diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t
+--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp	2022-11-25 18:19:05.669769076 +0100
++++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t	2022-11-25 18:31:20.993392678 +0100
+@@ -77,6 +80,7 @@ foreach my $libname (@libnames) {
+                 s| .*||;
+                 # Drop OpenSSL dynamic version information if there is any
+                 s|\@\@.+$||;
++                s|\@.+$||;
+                 # Return the result
+                 $_
+             }

0058-FIPS-limit-rsa-encrypt.patch

@@ -136,7 +136,7 @@ diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/t
 diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
 --- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen	2022-06-16 14:26:19.383530498 +0200
 +++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt	2022-06-16 14:39:53.637777701 +0200
-@@ -263,12 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
+@@ -263,13 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
  Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
  
  # RSA decrypt
@@ -147,6 +147,7 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fips
  Output = "Hello World"
  
  # Corrupted ciphertext
+-FIPSversion = <3.2.0
 +Availablein = default
  Decrypt = RSA-2048
  Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79

0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch

@@ -0,0 +1,313 @@
+From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Fri, 15 Jul 2022 17:45:40 +0200
+Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
+
+In review for FIPS 140-3, the lack of a self-test for the digest_sign
+and digest_verify provider functions was highlighted as a problem. NIST
+no longer provides ACVP tests for the RSA SigVer primitive (see
+https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
+recommends the use of functions that compute the digest and signature
+within the module, we have been advised in our module review that the
+self tests should also use the combined digest and signature APIs, i.e.
+the digest_sign and digest_verify provider functions.
+
+Modify the signature self-test to use these instead by switching to
+EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
+crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ crypto/evp/m_sigver.c           | 43 +++++++++++++++++++++++++++------
+ providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
+ 2 files changed, 56 insertions(+), 24 deletions(-)
+
+diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
+index db1a1d7bc3..c94c3c53bd 100644
+--- a/crypto/evp/m_sigver.c
++++ b/crypto/evp/m_sigver.c
+@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
+     ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
+     return 0;
+ }
++#endif /* !defined(FIPS_MODULE) */
+ 
+ /*
+  * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
+@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+         reinit = 0;
+         if (e == NULL)
+             ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
++#ifndef FIPS_MODULE
+         else
+             ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
++#endif /* !defined(FIPS_MODULE) */
+     }
+     if (ctx->pctx == NULL)
+         return 0;
+@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+     locpctx = ctx->pctx;
+     ERR_set_mark();
+ 
++#ifndef FIPS_MODULE
+     if (evp_pkey_ctx_is_legacy(locpctx))
+         goto legacy;
++#endif /* !defined(FIPS_MODULE) */
+ 
+     /* do not reinitialize if pkey is set or operation is different */
+     if (reinit
+@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+             signature =
+                 evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
+                                               supported_sig, locpctx->propquery);
++#ifndef FIPS_MODULE
+             if (signature == NULL)
+                 goto legacy;
++#endif /* !defined(FIPS_MODULE) */
+             break;
+         }
+         if (signature == NULL)
+@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+             ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
+             if (ctx->fetched_digest != NULL) {
+                 ctx->digest = ctx->reqdigest = ctx->fetched_digest;
++#ifndef FIPS_MODULE
+             } else {
+                 /* legacy engine support : remove the mark when this is deleted */
+                 ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
+@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                     ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+                     goto err;
+                 }
++#endif /* !defined(FIPS_MODULE) */
+             }
+             (void)ERR_pop_to_mark();
+         }
+     }
+ 
++#ifndef FIPS_MODULE
+     if (ctx->reqdigest != NULL
+             && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
+             && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
+@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+             goto err;
+         }
+     }
++#endif /* !defined(FIPS_MODULE) */
+ 
+     if (ver) {
+         if (signature->digest_verify_init == NULL) {
+@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+     EVP_KEYMGMT_free(tmp_keymgmt);
+     return 0;
+ 
++#ifndef FIPS_MODULE
+  legacy:
+     /*
+      * If we don't have the full support we need with provided methods,
+@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+         ctx->pctx->flag_call_digest_custom = 1;
+ 
+     ret = 1;
++#endif /* !defined(FIPS_MODULE) */
+ 
+  end:
+ #ifndef FIPS_MODULE
+@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+     return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
+                           NULL);
+ }
+-#endif /* FIPS_MDOE */
+ 
+ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
+ {
+@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
+     return EVP_DigestUpdate(ctx, data, dsize);
+ }
+ 
+-#ifndef FIPS_MODULE
+ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                         size_t *siglen)
+ {
+-    int sctx = 0, r = 0;
+-    EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
++    int r = 0;
++#ifndef FIPS_MODULE
++    int sctx = 0;
++    EVP_PKEY_CTX *dctx;
++#endif /* !defined(FIPS_MODULE) */
++    EVP_PKEY_CTX *pctx = ctx->pctx;
+ 
++#ifndef FIPS_MODULE
+     if (pctx == NULL
+             || pctx->operation != EVP_PKEY_OP_SIGNCTX
+             || pctx->op.sig.algctx == NULL
+             || pctx->op.sig.signature == NULL)
+         goto legacy;
++#endif /* !defined(FIPS_MODULE) */
+ 
+     if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
+         return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
+                                                          sigret, siglen,
+                                                          sigret == NULL ? 0 : *siglen);
++#ifndef FIPS_MODULE
+     dctx = EVP_PKEY_CTX_dup(pctx);
+     if (dctx == NULL)
+         return 0;
+@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                                                   sigret, siglen,
+                                                   *siglen);
+     EVP_PKEY_CTX_free(dctx);
++#endif /* defined(FIPS_MODULE) */
+     return r;
+ 
++#ifndef FIPS_MODULE
+  legacy:
+     if (pctx == NULL || pctx->pmeth == NULL) {
+         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+         }
+     }
+     return 1;
++#endif /* !defined(FIPS_MODULE) */
+ }
+ 
+ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                           size_t siglen)
+ {
+-    unsigned char md[EVP_MAX_MD_SIZE];
+     int r = 0;
++#ifndef FIPS_MODULE
++    unsigned char md[EVP_MAX_MD_SIZE];
+     unsigned int mdlen = 0;
+     int vctx = 0;
+-    EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
++    EVP_PKEY_CTX *dctx;
++#endif /* !defined(FIPS_MODULE) */
++    EVP_PKEY_CTX *pctx = ctx->pctx;
+ 
++#ifndef FIPS_MODULE
+     if (pctx == NULL
+             || pctx->operation != EVP_PKEY_OP_VERIFYCTX
+             || pctx->op.sig.algctx == NULL
+             || pctx->op.sig.signature == NULL)
+         goto legacy;
++#endif /* !defined(FIPS_MODULE) */
+ 
+     if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
+         return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
+                                                            sig, siglen);
++#ifndef FIPS_MODULE
+     dctx = EVP_PKEY_CTX_dup(pctx);
+     if (dctx == NULL)
+         return 0;
+@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+     r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
+                                                     sig, siglen);
+     EVP_PKEY_CTX_free(dctx);
++#endif /* !defined(FIPS_MODULE) */
+     return r;
+ 
++#ifndef FIPS_MODULE
+  legacy:
+     if (pctx == NULL || pctx->pmeth == NULL) {
+         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+     if (vctx || !r)
+         return r;
+     return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
++#endif /* !defined(FIPS_MODULE) */
+ }
+ 
+ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+         return -1;
+     return EVP_DigestVerifyFinal(ctx, sigret, siglen);
+ }
+-#endif /* FIPS_MODULE */
+diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
+index b6d5e8e134..77eec075e6 100644
+--- a/providers/fips/self_test_kats.c
++++ b/providers/fips/self_test_kats.c
+@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
+     int ret = 0;
+     OSSL_PARAM *params = NULL, *params_sig = NULL;
+     OSSL_PARAM_BLD *bld = NULL;
++    EVP_MD *md = NULL;
++    EVP_MD_CTX *ctx = NULL;
+     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
+     EVP_PKEY *pkey = NULL;
+-    unsigned char sig[256];
+     BN_CTX *bnctx = NULL;
+     BIGNUM *K = NULL;
++    const char *msg = "Hello World!";
++    unsigned char sig[256];
+     size_t siglen = sizeof(sig);
+     static const unsigned char dgst[] = {
+         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
+@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
+         || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
+         goto err;
+ 
+-    /* Create a EVP_PKEY_CTX to use for the signing operation */
+-    sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
+-    if (sctx == NULL
+-        || EVP_PKEY_sign_init(sctx) <= 0)
+-        goto err;
+-
+-    /* set signature parameters */
+-    if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
+-                                         t->mdalgorithm,
+-                                         strlen(t->mdalgorithm) + 1))
+-        goto err;
++    /* Create a EVP_MD_CTX to use for the signature operation, assign signature
++     * parameters and sign */
+     params_sig = OSSL_PARAM_BLD_to_param(bld);
+-    if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
++    md = EVP_MD_fetch(libctx, "SHA256", NULL);
++    ctx = EVP_MD_CTX_new();
++    if (md == NULL || ctx == NULL)
++        goto err;
++    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
++    if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
++        || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
++        || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
++        || EVP_MD_CTX_reset(ctx) <= 0)
+         goto err;
+ 
+-    if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
+-        || EVP_PKEY_verify_init(sctx) <= 0
++    /* sctx is not freed automatically inside the FIPS module */
++    EVP_PKEY_CTX_free(sctx);
++    sctx = NULL;
++
++    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
++    if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
+         || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+         goto err;
+ 
+@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
+         goto err;
+ 
+     OSSL_SELF_TEST_oncorrupt_byte(st, sig);
+-    if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
++    if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
+         goto err;
+     ret = 1;
+ err:
+     BN_CTX_free(bnctx);
+     EVP_PKEY_free(pkey);
+-    EVP_PKEY_CTX_free(kctx);
++    EVP_MD_free(md);
++    EVP_MD_CTX_free(ctx);
++    /* sctx is not freed automatically inside the FIPS module */
+     EVP_PKEY_CTX_free(sctx);
++    EVP_PKEY_CTX_free(kctx);
+     OSSL_PARAM_free(params);
+     OSSL_PARAM_free(params_sig);
+     OSSL_PARAM_BLD_free(bld);
+-- 
+2.37.1
+

0079-Fix-AES-GCM-on-Power-8-CPUs.patch

@@ -0,0 +1,146 @@
+From 5dee3e41a5b3f8934277de17a2ae192f43601948 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 9 Sep 2022 14:46:24 +0200
+Subject: [PATCH] Fix AES-GCM on Power 8 CPUs
+
+Properly fallback to the default implementation on CPUs
+missing necessary instructions.
+
+Fixes #19163
+
+(cherry picked from commit 24344d387178d45b37a1fbc51519c390e9a4effe)
+---
+ include/crypto/aes_platform.h                 | 12 +---
+ .../ciphers/cipher_aes_gcm_hw_ppc.inc         | 72 ++++++++++++++-----
+ 2 files changed, 56 insertions(+), 28 deletions(-)
+
+diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
+index 0c281a366a..6830bad0e9 100644
+--- a/include/crypto/aes_platform.h
++++ b/include/crypto/aes_platform.h
+@@ -83,16 +83,8 @@ size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
+ size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const void *key, unsigned char ivec[16],
+                            u64 *Xi);
+-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out,
+-                                size_t len, const void *key,
+-                                unsigned char ivec[16], u64 *Xi);
+-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out,
+-                                size_t len, const void *key,
+-                                unsigned char ivec[16], u64 *Xi);
+-#   define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap
+-#   define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap
+-#   define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
+-                              (gctx)->gcm.ghash==gcm_ghash_p8)
++#   define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
++                                 (gctx)->gcm.ghash==gcm_ghash_p8)
+ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
+ #  endif /* PPC */
+ 
+diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
+index 4eed0f4ab0..03e3eddc41 100644
+--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
++++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
+@@ -23,12 +23,6 @@ static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+     return 1;
+ }
+ 
+-
+-extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
+-                                  const void *key, unsigned char ivec[16], u64 *Xi);
+-extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
+-                                  const void *key, unsigned char ivec[16], u64 *Xi);
+-
+ static inline u32 UTO32(unsigned char *buf)
+ {
+     return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]);
+@@ -47,7 +41,7 @@ static inline u32 add32TOU(unsigned char buf[4], u32 n)
+     return r;
+ }
+ 
+-static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
++static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
+                                 const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
+ {
+     int s = 0;
+@@ -90,24 +84,66 @@ static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, siz
+     return ndone;
+ }
+ 
+-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
+-                                const void *key, unsigned char ivec[16], u64 *Xi)
+-{
+-    return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1);
+-}
+-
+-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
+-                                const void *key, unsigned char ivec[16], u64 *Xi)
++static int ppc_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
++                                     size_t len, unsigned char *out)
+ {
+-    return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0);
++    if (ctx->enc) {
++        if (ctx->ctr != NULL) {
++            size_t bulk = 0;
++
++            if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM_PPC(ctx)) {
++                size_t res = (16 - ctx->gcm.mres) % 16;
++
++                if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
++                    return 0;
++
++                bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
++                                         ctx->gcm.key,
++                                         ctx->gcm.Yi.c, ctx->gcm.Xi.u, 1);
++
++                ctx->gcm.len.u[1] += bulk;
++                bulk += res;
++            }
++            if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
++                                            len - bulk, ctx->ctr))
++                return 0;
++        } else {
++            if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
++                return 0;
++        }
++    } else {
++        if (ctx->ctr != NULL) {
++            size_t bulk = 0;
++
++            if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM_PPC(ctx)) {
++                size_t res = (16 - ctx->gcm.mres) % 16;
++
++                if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
++                    return -1;
++
++                bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
++                                         ctx->gcm.key,
++                                         ctx->gcm.Yi.c, ctx->gcm.Xi.u, 0);
++
++                ctx->gcm.len.u[1] += bulk;
++                bulk += res;
++            }
++            if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
++                                            len - bulk, ctx->ctr))
++                return 0;
++        } else {
++            if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
++                return 0;
++        }
++    }
++    return 1;
+ }
+ 
+-
+ static const PROV_GCM_HW aes_ppc_gcm = {
+     aes_ppc_gcm_initkey,
+     ossl_gcm_setiv,
+     ossl_gcm_aad_update,
+-    generic_aes_gcm_cipher_update,
++    ppc_aes_gcm_cipher_update,
+     ossl_gcm_cipher_final,
+     ossl_gcm_one_shot
+ };
+-- 
+2.37.3
+

openssl.spec

@@ -28,13 +28,13 @@ print(string.sub(hash, 0, 16))
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 3.0.5
-Release: 3%{?dist}
+Version: 3.0.8
+Release: 1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
 # The original openssl upstream tarball cannot be shipped in the .src.rpm.
-Source: openssl-%{version}-hobbled.tar.xz
+Source: openssl-%{version}-hobbled.tar.gz
 Source1: hobble-openssl
 Source2: Makefile.certificate
 Source3: genpatches
@@ -71,12 +71,6 @@ Patch11: 0011-Remove-EC-curves.patch
 # Disable explicit EC curves
 # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
 Patch12: 0012-Disable-explicit-ec.patch
-# https://github.com/openssl/openssl/pull/17981
-# Patch13: 0013-FIPS-provider-explicit-ec.patch
-# https://github.com/openssl/openssl/pull/17998
-# Patch14: 0014-FIPS-disable-explicit-ec.patch
-# https://github.com/openssl/openssl/pull/18609
-# Patch15: 0015-FIPS-decoded-from-explicit.patch
 # Instructions to load legacy provider in openssl.cnf
 Patch24: 0024-load-legacy-prov.patch
 # Tmp: test name change
@@ -93,12 +87,8 @@ Patch35: 0035-speed-skip-unavailable-dgst.patch
 Patch44: 0044-FIPS-140-3-keychecks.patch
 # Minimize fips services
 Patch45: 0045-FIPS-services-minimize.patch
-# Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486
-# Patch46: 0046-FIPS-s390x-hardening.patch
 # Execute KATS before HMAC verification
 Patch47: 0047-FIPS-early-KATS.patch
-# Backport of correctly handle 2^14 byte long records #17538
-# Patch48: 0048-correctly-handle-records.patch
 %if 0%{?rhel}
 # Selectively disallow SHA1 signatures
 Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
@@ -121,10 +111,6 @@ Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
 # Instrument with USDT probes related to SHA-1 deprecation
 Patch53: 0053-Add-SHA1-probes.patch
 %endif
-# https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62
-# Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
-# https://github.com/openssl/openssl/pull/17324
-# Patch55: 0055-nonlegacy-fetch-null-deref.patch
 # https://github.com/openssl/openssl/pull/18103
 # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
 # so the patch should persist
@@ -138,27 +124,9 @@ Patch60: 0060-FIPS-KAT-signature-tests.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2087147
 Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
 Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
-# https://github.com/openssl/openssl/pull/18141
-# Patch63: 0063-CVE-2022-1473.patch
-# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
-# Patch64: 0064-CVE-2022-1343.diff
-# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
-# Patch65: 0065-CVE-2022-1292.patch
-# https://github.com/openssl/openssl/pull/18444
-# https://github.com/openssl/openssl/pull/18467
-# Patch66: 0066-replace-expired-certs.patch
-# https://github.com/openssl/openssl/pull/18512
-# Patch67: 0067-fix-ppc64-montgomery.patch
-#https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa
-#https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739
-# Patch68: 0068-CVE-2022-2068.patch
-# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93
-# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8
-# Patch69: 0069-CVE-2022-2097.patch
-# https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483
-# Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
 # https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c
 # https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd
+# Regression on Power8, see rhbz2124845, https://github.com/openssl/openssl/issues/19163; fix in 0079-Fix-AES-GCM-on-Power-8-CPUs.patch
 Patch71: 0071-AES-GCM-performance-optimization.patch
 # https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149
 # https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa
@@ -167,7 +135,11 @@ Patch72: 0072-ChaCha20-performance-optimizations-for-ppc64le.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
 Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
+%if 0%{?rhel}
+Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch
+%else
 Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
+%endif
 # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
 Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch
 # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
@@ -177,6 +149,10 @@ Patch76: 0076-FIPS-140-3-DRBG.patch
 Patch77: 0077-FIPS-140-3-zeroization.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2124845, https://github.com/openssl/openssl/pull/19182
+Patch79: 0079-Fix-AES-GCM-on-Power-8-CPUs.patch
+# https://github.com/openssl/openssl/pull/13817
+Patch100: 0100-RSA-PKCS15-implicit-rejection.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -325,7 +301,8 @@ export HASHBANGPERL=/usr/bin/perl
 	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
 	enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips\
 	no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
-	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'
+	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
+	-Wl,--allow-multiple-definition
 
 # Do not run this in a production package the FIPS symbols must be patched-in
 #util/mkdef.pl crypto update
@@ -514,10 +491,55 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu Feb 09 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.8-1
+- Rebase to upstream version 3.0.8
+  Resolves: CVE-2022-4203
+  Resolves: CVE-2022-4304
+  Resolves: CVE-2022-4450
+  Resolves: CVE-2023-0215
+  Resolves: CVE-2023-0216
+  Resolves: CVE-2023-0217
+  Resolves: CVE-2023-0286
+  Resolves: CVE-2023-0401
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.0.7-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-3
+- Backport implicit rejection for RSA PKCS#1 v1.5 encryption
+  Resolves: rhbz#2153470
+
+* Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
+- Refactor embedded mac verification in FIPS module
+  Resolves: rhbz#2156045
+
+* Fri Dec 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
+- Rebase to upstream version 3.0.7
+- C99 compatibility in downstream-only 0032-Force-fips.patch
+  Resolves: rhbz#2152504
+- Adjusting include for the FIPS_mode macro
+  Resolves: rhbz#2083876
+
+* Wed Nov 16 2022 Simo sorce <simo@redhat.com> - 1:3.0.5-7
+- Backport patches to fix external providers compatibility issues
+
+* Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.5-6
+- CVE-2022-3602: X.509 Email Address Buffer Overflow
+- CVE-2022-3786: X.509 Email Address Buffer Overflow
+  Resolves: CVE-2022-3602
+  Resolves: CVE-2022-3786
+
+* Mon Sep 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.5-5
+- Update patches to make ELN build happy
+  Resolves: rhbz#2123755
+
+* Fri Sep 09 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.5-4
+- Fix AES-GCM on Power 8 CPUs
+  Resolves: rhbz#2124845
+
 * Thu Sep 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.5-3
 - Sync patches with RHEL
   Related: rhbz#2123755
-
 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.0.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 

sources

@@ -1 +1 @@
-SHA512 (openssl-3.0.5-hobbled.tar.xz) = 2f5531d46a905af8d36bf81c18fa34ccc86f5bd66e6e4227bb17e2f926ef14f78057ab60cd9d55bb9d1bad3d5b56a71170e4a86708fd8352324db2e0747142cf
+SHA512 (openssl-3.0.8-hobbled.tar.gz) = 42f2a59aa8c39c21b66b528329ace126b870f6d7c3a1da2f2ee18ab875923c5bcf3d9046f884201556799a8ab1d915112a1f124cfaf1ab77b2eac834d1f88c60