Rebase to upstream version 3.0.8

Resolves: CVE-2022-4203
Resolves: CVE-2022-4304
Resolves: CVE-2022-4450
Resolves: CVE-2023-0215
Resolves: CVE-2023-0216
Resolves: CVE-2023-0217
Resolves: CVE-2023-0286
Resolves: CVE-2023-0401

.gitignore

@@ -49,3 +49,11 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-1.1.1f-hobbled.tar.xz
 /openssl-1.1.1g-hobbled.tar.xz
 /openssl-1.1.1h-hobbled.tar.xz
+/openssl-1.1.1i-hobbled.tar.xz
+/openssl-1.1.1j-hobbled.tar.xz
+/openssl-1.1.1k-hobbled.tar.xz
+/openssl-3.0.0-hobbled.tar.xz
+/openssl-3.0.2-hobbled.tar.gz
+/openssl-3.0.3-hobbled.tar.gz
+/openssl-3.0.5-hobbled.tar.xz
+/openssl-3.0.8-hobbled.tar.gz

0001-Aarch64-and-ppc64le-use-lib64.patch

@@ -0,0 +1,33 @@
+From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:01:41 +0200
+Subject: Aarch64 and ppc64le use lib64
+
+(Was openssl-1.1.1-build.patch)
+---
+ Configurations/10-main.conf | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
+index d7580bf3e1..a7dbfd7f40 100644
+--- a/Configurations/10-main.conf
++++ b/Configurations/10-main.conf
+@@ -723,6 +723,7 @@ my %targets = (
+         lib_cppflags     => add("-DL_ENDIAN"),
+         asm_arch         => 'ppc64',
+         perlasm_scheme   => "linux64le",
++        multilib         => "64",
+     },
+ 
+     "linux-armv4" => {
+@@ -765,6 +766,7 @@ my %targets = (
+         inherit_from     => [ "linux-generic64" ],
+         asm_arch         => 'aarch64',
+         perlasm_scheme   => "linux64",
++        multilib         => "64",
+     },
+     "linux-arm64ilp32" => {  # https://wiki.linaro.org/Platform/arm64-ilp32
+         inherit_from     => [ "linux-generic32" ],
+-- 
+2.26.2
+

0002-Use-more-general-default-values-in-openssl.cnf.patch

@@ -1,7 +1,21 @@
-diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf
---- openssl-1.1.1a/apps/openssl.cnf.defaults	2018-11-20 14:35:37.000000000 +0100
-+++ openssl-1.1.1a/apps/openssl.cnf	2019-01-15 13:56:50.841719776 +0100
-@@ -74,7 +74,7 @@ cert_opt 	= ca_default		# Certificate fi
+From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:03:40 +0200
+Subject: Use more general default values in openssl.cnf
+
+Also set sha256 as default hash, although that should not be
+necessary anymore.
+
+(was openssl-1.1.1-defaults.patch)
+---
+ apps/openssl.cnf | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/apps/openssl.cnf b/apps/openssl.cnf
+index 97567a67be..eb25a0ac48 100644
+--- a/apps/openssl.cnf
++++ b/apps/openssl.cnf
+@@ -104,7 +104,7 @@ cert_opt 	= ca_default		# Certificate field options
  
  default_days	= 365			# how long to certify for
  default_crl_days= 30			# how long before next CRL
@@ -10,7 +24,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
  preserve	= no			# keep passed DN ordering
  
  # A few difference way of specifying how similar the request should look
-@@ -106,6 +106,7 @@ emailAddress		= optional
+@@ -136,6 +136,7 @@ emailAddress		= optional
  ####################################################################
  [ req ]
  default_bits		= 2048
@@ -18,7 +32,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
  default_keyfile 	= privkey.pem
  distinguished_name	= req_distinguished_name
  attributes		= req_attributes
-@@ -128,17 +129,18 @@ string_mask = utf8only
+@@ -158,17 +159,18 @@ string_mask = utf8only
  
  [ req_distinguished_name ]
  countryName			= Country Name (2 letter code)
@@ -40,7 +54,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
  
  # we can do this but it is not needed normally :-)
  #1.organizationName		= Second Organization Name (eg, company)
-@@ -147,7 +149,7 @@ localityName			= Locality Name (eg, city
+@@ -177,7 +179,7 @@ localityName			= Locality Name (eg, city)
  organizationalUnitName		= Organizational Unit Name (eg, section)
  #organizationalUnitName_default	=
  
@@ -49,3 +63,6 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
  commonName_max			= 64
  
  emailAddress			= Email Address
+-- 
+2.26.2
+

0003-Do-not-install-html-docs.patch

@@ -0,0 +1,26 @@
+From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:05:55 +0200
+Subject: Do not install html docs
+
+(was openssl-1.1.1-no-html.patch)
+---
+ Configurations/unix-Makefile.tmpl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 342e46d24d..9f369edf0e 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime
+ 
+ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
+ 
+-install_docs: install_man_docs install_html_docs
++install_docs: install_man_docs
+ 
+ uninstall_docs: uninstall_man_docs uninstall_html_docs
+ 	$(RM) -r $(DESTDIR)$(DOCDIR)
+-- 
+2.26.2
+

0004-Override-default-paths-for-the-CA-directory-tree.patch

@@ -0,0 +1,73 @@
+From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:17:26 +0200
+Subject: Override default paths for the CA directory tree
+
+Also add default section to load crypto-policies configuration
+for TLS.
+
+It needs to be reverted before running tests.
+
+(was openssl-1.1.1-conf-paths.patch)
+---
+ apps/CA.pl.in    |  2 +-
+ apps/openssl.cnf | 20 ++++++++++++++++++--
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/apps/CA.pl.in b/apps/CA.pl.in
+index c0afb96716..d6a5fabd16 100644
+--- a/apps/CA.pl.in
++++ b/apps/CA.pl.in
+@@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
+ my $PKCS12 = "$openssl pkcs12";
+ 
+ # Default values for various configuration settings.
+-my $CATOP = "./demoCA";
++my $CATOP = "/etc/pki/CA";
+ my $CAKEY = "cakey.pem";
+ my $CAREQ = "careq.pem";
+ my $CACERT = "cacert.pem";
+diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
+--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls	2021-07-06 13:41:39.204978272 +0200
++++ openssl-3.0.0-alpha16/apps/openssl.cnf	2021-07-06 13:49:50.362857683 +0200
+@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
+ 
+ [openssl_init]
+ providers = provider_sect
++# Load default TLS policy configuration
++ssl_conf = ssl_module
+ 
+ # List of providers to load
+ [provider_sect]
+@@ -64,6 +66,13 @@ default = default_sect
+ [default_sect]
+ # activate = 1
+ 
++[ ssl_module ]
++
++system_default = crypto_policy
++
++[ crypto_policy ]
++
++.include = /etc/crypto-policies/back-ends/opensslcnf.config
+ 
+ ####################################################################
+ [ ca ]
+@@ -72,7 +81,7 @@ default_ca	= CA_default		# The default c
+ ####################################################################
+ [ CA_default ]
+ 
+-dir		= ./demoCA		# Where everything is kept
++dir		= /etc/pki/CA		# Where everything is kept
+ certs		= $dir/certs		# Where the issued certs are kept
+ crl_dir		= $dir/crl		# Where the issued crl are kept
+ database	= $dir/index.txt	# database index file.
+@@ -304,7 +313,7 @@ default_tsa = tsa_config1	# the default
+ [ tsa_config1 ]
+ 
+ # These are used by the TSA reply generation only.
+-dir		= ./demoCA		# TSA root directory
++dir		= /etc/pki/CA		# TSA root directory
+ serial		= $dir/tsaserial	# The current serial number (mandatory)
+ crypto_device	= builtin		# OpenSSL engine to use for signing
+ signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate

0005-apps-ca-fix-md-option-help-text.patch

@@ -0,0 +1,28 @@
+From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:27:18 +0200
+Subject: apps/ca: fix md option help text
+
+upstreamable
+
+(was openssl-1.1.1-apps-dgst.patch)
+---
+ apps/ca.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/apps/ca.c b/apps/ca.c
+index 0f21b4fa1c..3d4b2c1673 100755
+--- a/apps/ca.c
++++ b/apps/ca.c
+@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = {
+     {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
+ 
+     OPT_SECTION("Signing"),
+-    {"md", OPT_MD, 's', "Digest to use, such as sha256"},
++    {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"},
+     {"keyfile", OPT_KEYFILE, 's', "The CA private key"},
+     {"keyform", OPT_KEYFORM, 'f',
+      "Private key file format (ENGINE, other values ignored)"},
+-- 
+2.26.2
+

0006-Disable-signature-verification-with-totally-unsafe-h.patch

@@ -0,0 +1,29 @@
+From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:51:34 +0200
+Subject: Disable signature verification with totally unsafe hash algorithms
+
+(was openssl-1.1.1-no-weak-verify.patch)
+---
+ crypto/asn1/a_verify.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
+index b7eed914b0..af62f0ef08 100644
+--- a/crypto/asn1/a_verify.c
++++ b/crypto/asn1/a_verify.c
+@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
+             ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
+         if (ret <= 1)
+             goto err;
++    } else if ((mdnid == NID_md5
++               && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
++               mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
++        ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
++        goto err;
+     } else {
+         const EVP_MD *type = NULL;
+ 
+-- 
+2.26.2
+

0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch

@@ -1,7 +1,25 @@
-diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist	2019-05-29 15:42:27.951329271 +0200
-+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl	2019-05-29 15:42:27.974328867 +0200
-@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
+From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 10:16:46 +0200
+Subject: Add support for PROFILE=SYSTEM system default cipherlist
+
+(was openssl-1.1.1-system-cipherlist.patch)
+---
+ Configurations/unix-Makefile.tmpl |  5 ++
+ Configure                         | 10 +++-
+ doc/man1/openssl-ciphers.pod.in   |  9 ++++
+ include/openssl/ssl.h.in          |  5 ++
+ ssl/ssl_ciph.c                    | 88 +++++++++++++++++++++++++++----
+ ssl/ssl_lib.c                     |  4 +-
+ test/cipherlist_test.c            |  2 +
+ util/libcrypto.num                |  1 +
+ 8 files changed, 110 insertions(+), 14 deletions(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 9f369edf0e..c52389f831 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man
  DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
  HTMLDIR=$(DOCDIR)/html
  
@@ -12,7 +30,7 @@ diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist open
  # MANSUFFIX is for the benefit of anyone who may want to have a suffix
  # appended after the manpage file section number.  "ssl" is popular,
  # resulting in files such as config.5ssl rather than config.5.
-@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
+@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
  CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
  CPPFLAGS={- our $cppflags1 = join(" ",
                                    (map { "-D".$_} @{$config{CPPDEFINES}}),
@@ -20,60 +38,11 @@ diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist open
                                    (map { "-I".$_} @{$config{CPPINCLUDES}}),
                                    @{$config{CPPFLAGS}}) -}
  CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
-diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure
---- openssl-1.1.1c/Configure.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/Configure	2019-05-29 15:45:10.465469533 +0200
-@@ -24,7 +24,7 @@ use OpenSSL::Glob;
- my $orig_death_handler = $SIG{__DIE__};
- $SIG{__DIE__} = \&death_handler;
- 
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
-+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
- 
- # Options:
- #
-@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no-<cipher>
- #               This becomes the value of OPENSSLDIR in Makefile and in C.
- #               (Default: PREFIX/ssl)
- #
-+# --system-ciphers-file  A file to read cipher string from when the PROFILE=SYSTEM
-+#		cipher is specified (default).
-+#
- # --cross-compile-prefix Add specified prefix to binutils components.
- #
- # --api         One of 0.9.8, 1.0.0 or 1.1.0.  Do not compile support for
-@@ -295,6 +298,7 @@ $config{prefix}="";
- $config{openssldir}="";
- $config{processor}="";
- $config{libdir}="";
-+$config{system_ciphers_file}="";
- my $auto_threads=1;    # enable threads automatically? true by default
- my $default_ranlib;
- 
-@@ -824,6 +828,10 @@ while (@argvcopy)
-                             push @seed_sources, $x;
-                             }
-                         }
-+		elsif (/^--system-ciphers-file=(.*)$/)
-+			{
-+			$config{system_ciphers_file}=$1;
-+			}
-                 elsif (/^--cross-compile-prefix=(.*)$/)
-                         {
-                         $user{CROSS_COMPILE}=$1;
-@@ -1016,6 +1024,8 @@ if ($target eq "HASH") {
-     exit 0;
- }
- 
-+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/;
-+
- print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
- print "for $target\n";
- 
-diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod
---- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/doc/man1/ciphers.pod	2019-05-29 15:42:27.975328849 +0200
-@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
+diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
+index b4ed3e51d5..2122e6bdfd 100644
+--- a/doc/man1/openssl-ciphers.pod.in
++++ b/doc/man1/openssl-ciphers.pod.in
+@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
  
  The cipher suites not enabled by B<ALL>, currently B<eNULL>.
  
@@ -89,34 +58,27 @@ diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/do
  =item B<HIGH>
  
  "High" encryption cipher suites. This currently means those with key lengths
-diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h
---- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/include/openssl/ssl.h	2019-05-29 15:42:27.975328849 +0200
-@@ -186,6 +186,11 @@ extern "C" {
+diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
+index f9a61609e4..c6f95fed3f 100644
+--- a/include/openssl/ssl.h.in
++++ b/include/openssl/ssl.h.in
+@@ -209,6 +209,11 @@ extern "C" {
   * throwing out anonymous and unencrypted ciphersuites! (The latter are not
   * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
   */
 +# ifdef SYSTEM_CIPHERS_FILE
 +#  define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
 +# else
-+#  define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
++#  define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
 +# endif
  
  /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
  # define SSL_SENT_SHUTDOWN       1
-diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c
---- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/ssl/ssl_ciph.c	2019-05-29 15:42:27.976328831 +0200
-@@ -9,6 +9,8 @@
-  * https://www.openssl.org/source/license.html
-  */
- 
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdio.h>
- #include <ctype.h>
- #include <openssl/objects.h>
-@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index b1d3f7919e..f7cc7fed48 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
      return ret;
  }
  
@@ -129,7 +91,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
 +    const char *ciphers_path;
 +    unsigned len, slen;
 +
-+    if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
++    if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
 +        ciphers_path = SYSTEM_CIPHERS_FILE;
 +    fp = fopen(ciphers_path, "r");
 +    if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
@@ -167,19 +129,19 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
 +}
 +#endif
 +
- STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
                                               STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
                                               STACK_OF(SSL_CIPHER) **cipher_list,
-@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
-     const char *rule_p;
+@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
      CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
      const SSL_CIPHER **ca_list = NULL;
+     const SSL_METHOD *ssl_method = ctx->method;
 +#ifdef SYSTEM_CIPHERS_FILE
 +    char *new_rules = NULL;
 +
 +    if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
 +        char *p = rule_str + 14;
-+    
++
 +        new_rules = load_system_str(p);
 +        rule_str = new_rules;
 +    }
@@ -191,23 +153,23 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
      if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
 -        return NULL;
 +        goto err;
- #ifndef OPENSSL_NO_EC
+
      if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
 -        return NULL;
 +        goto err;
- #endif
  
      /*
-@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+      * To reduce the work to do we only want to process the compiled
+@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
      co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
      if (co_list == NULL) {
-         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+         ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
 -        return NULL;          /* Failure */
 +        goto err;
      }
  
      ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
       * in force within each class
       */
      if (!ssl_cipher_strength_sort(&head, &tail)) {
@@ -217,18 +179,18 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
      }
  
      /*
-@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
      num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
      ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
      if (ca_list == NULL) {
 -        OPENSSL_free(co_list);
-         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+         ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
 -        return NULL;          /* Failure */
 +        goto err;
      }
      ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
                                 disabled_mkey, disabled_auth, disabled_enc,
-@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
      OPENSSL_free(ca_list);      /* Not needed anymore */
  
      if (!ok) {                  /* Rule processing failure */
@@ -238,7 +200,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
      }
  
      /*
-@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
       * if we cannot get one.
       */
      if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@@ -253,13 +215,8 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
 +
      /* Add TLSv1.3 ciphers first - we always prefer those if possible */
      for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
-         if (!sk_SSL_CIPHER_push(cipherstack,
-                                 sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
-+            OPENSSL_free(co_list);
-             sk_SSL_CIPHER_free(cipherstack);
-             return NULL;
-         }
-@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+         const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
+@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
      *cipher_list = cipherstack;
  
      return cipherstack;
@@ -274,31 +231,33 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
  }
  
  char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
-diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c
---- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist	2019-05-29 15:42:27.970328937 +0200
-+++ openssl-1.1.1c/ssl/ssl_lib.c	2019-05-29 15:42:27.977328814 +0200
-@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index d14d5819ba..48d491219a 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
                                  ctx->tls13_ciphersuites,
                                  &(ctx->cipher_list),
                                  &(ctx->cipher_list_by_id),
--                                SSL_DEFAULT_CIPHER_LIST, ctx->cert);
+-                                OSSL_default_cipher_list(), ctx->cert);
 +                                SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
      if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
-         SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+         ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
          return 0;
-@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
-     if (!ssl_create_cipher_list(ret->method,
+@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
+     if (!ssl_create_cipher_list(ret,
                                  ret->tls13_ciphersuites,
                                  &ret->cipher_list, &ret->cipher_list_by_id,
--                                SSL_DEFAULT_CIPHER_LIST, ret->cert)
+-                                OSSL_default_cipher_list(), ret->cert)
 +                                SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
          || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
-         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+         ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
          goto err2;
-diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c
---- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/test/cipherlist_test.c	2019-05-29 15:42:27.977328814 +0200
-@@ -251,7 +251,9 @@ end:
+diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
+index 380f0727fc..6922a87c30 100644
+--- a/test/cipherlist_test.c
++++ b/test/cipherlist_test.c
+@@ -244,7 +244,9 @@ end:
  
  int setup_tests(void)
  {
@@ -308,3 +267,57 @@ diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/
      ADD_TEST(test_default_cipherlist_explicit);
      ADD_TEST(test_default_cipherlist_clear);
      return 1;
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index 404a706fab..e81fa9ec3e 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure    ?	3_0_0	EXIST::FUNCTION:
+ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
+ OSSL_CMP_CTX_reset_geninfo_ITAVs        5558	3_0_8	EXIST::FUNCTION:CMP
++ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
+-- 
+2.26.2
+
+diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure
+--- openssl-3.0.0-beta1/Configure.sys-default	2021-06-29 11:47:58.978144386 +0200
++++ openssl-3.0.0-beta1/Configure	2021-06-29 11:52:01.631126260 +0200
+@@ -27,7 +27,7 @@ use OpenSSL::config;
+ my $orig_death_handler = $SIG{__DIE__};
+ $SIG{__DIE__} = \&death_handler;
+ 
+-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
++my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+ 
+ my $banner = <<"EOF";
+ 
+@@ -61,6 +61,10 @@ EOF
+ #               given with --prefix.
+ #               This becomes the value of OPENSSLDIR in Makefile and in C.
+ #               (Default: PREFIX/ssl)
++#
++# --system-ciphers-file  A file to read cipher string from when the PROFILE=SYSTEM
++#		cipher is specified (default).
++#
+ # --banner=".." Output specified text instead of default completion banner
+ #
+ # -w            Don't wait after showing a Configure warning
+@@ -385,6 +389,7 @@ $config{prefix}="";
+ $config{openssldir}="";
+ $config{processor}="";
+ $config{libdir}="";
++$config{system_ciphers_file}="";
+ my $auto_threads=1;    # enable threads automatically? true by default
+ my $default_ranlib;
+ 
+@@ -987,6 +992,10 @@ while (@argvcopy)
+                         die "FIPS key too long (64 bytes max)\n"
+                            if length $1 > 64;
+                         }
++		elsif (/^--system-ciphers-file=(.*)$/)
++			{
++			$config{system_ciphers_file}=$1;
++			}
+                 elsif (/^--banner=(.*)$/)
+                         {
+                         $banner = $1 . "\n";

0008-Add-FIPS_mode-compatibility-macro.patch

@@ -0,0 +1,87 @@
+From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 26 Nov 2020 14:00:16 +0100
+Subject: Add FIPS_mode() compatibility macro
+
+The macro calls EVP_default_properties_is_fips_enabled() on the
+default context.
+---
+ include/openssl/crypto.h.in |  1 +
+ include/openssl/fips.h      | 25 +++++++++++++++++++++++++
+ test/property_test.c        | 13 +++++++++++++
+ 3 files changed, 39 insertions(+)
+ create mode 100644 include/openssl/fips.h
+
+diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
+index 1036da9a2b..9d4896fcaf 100644
+--- a/include/openssl/crypto.h.in
++++ b/include/openssl/crypto.h.in
+@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
+ # include <openssl/opensslconf.h>
+ # include <openssl/cryptoerr.h>
+ # include <openssl/core.h>
++# include <openssl/fips.h>
+ 
+ # ifdef CHARSET_EBCDIC
+ #  include <openssl/ebcdic.h>
+diff --git a/include/openssl/fips.h b/include/openssl/fips.h
+new file mode 100644
+index 0000000000..c64f0f8e8f
+--- /dev/null
++++ b/include/openssl/fips.h
+@@ -0,0 +1,25 @@
++/*
++ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the Apache License 2.0 (the "License").  You may not use
++ * this file except in compliance with the License.  You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#ifndef OPENSSL_FIPS_H
++# define OPENSSL_FIPS_H
++# pragma once
++
++# include <openssl/macros.h>
++
++# ifdef __cplusplus
++extern "C" {
++# endif
++
++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
++
++# ifdef __cplusplus
++}
++# endif
++#endif
+diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
+--- openssl-3.0.0-beta1/test/property_test.c.fips-macro	2021-06-29 12:14:58.851557698 +0200
++++ openssl-3.0.0-beta1/test/property_test.c	2021-06-29 12:17:14.630143832 +0200
+@@ -488,6 +488,18 @@ static int test_property_list_to_string(
+     return ret;
+ }
+ 
++static int test_downstream_FIPS_mode(void)
++{
++    int ret = 0;
++
++    ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
++          && TEST_true(FIPS_mode())
++          && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
++          && TEST_false(FIPS_mode());
++
++    return ret;
++}
++
+ int setup_tests(void)
+ {
+     ADD_TEST(test_property_string);
+@@ -500,6 +512,7 @@ int setup_tests(void)
+     ADD_TEST(test_property);
+     ADD_TEST(test_query_cache_stochastic);
+     ADD_TEST(test_fips_mode);
++    ADD_TEST(test_downstream_FIPS_mode);
+     ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
+     return 1;
+ }

0009-Add-Kernel-FIPS-mode-flag-support.patch

@@ -0,0 +1,79 @@
+diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
+--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips	2021-03-16 00:09:55.814826432 +0100
++++ openssl-3.0.0-alpha13/crypto/context.c	2021-03-16 00:15:55.129043811 +0100
+@@ -12,11 +12,54 @@
+ #include "internal/bio.h"
+ #include "internal/provider.h"
+ 
++#ifndef FIPS_MODULE
++# include <sys/types.h>
++# include <sys/stat.h>
++# include <fcntl.h>
++# include <unistd.h>
++# include <openssl/evp.h>
++#endif
++
+ struct ossl_lib_ctx_onfree_list_st {
+     ossl_lib_ctx_onfree_fn *fn;
+     struct ossl_lib_ctx_onfree_list_st *next;
+ };
+ 
++# ifndef FIPS_MODULE
++# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
++
++static int kernel_fips_flag;
++
++static void read_kernel_fips_flag(void)
++{
++	char buf[2] = "0";
++	int fd;
++
++	if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
++		buf[0] = '1';
++	} else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
++		while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
++		close(fd);
++	}
++
++	if (buf[0] == '1') {
++		kernel_fips_flag = 1;
++	}
++
++		return;
++}
++
++static int apply_kernel_fips_flag(OSSL_LIB_CTX *ctx)
++{
++	if (kernel_fips_flag) {
++		return EVP_default_properties_enable_fips(ctx, 1);
++	}
++
++	return 1;
++}
++# endif
++
++
+ struct ossl_lib_ctx_st {
+     CRYPTO_RWLOCK *lock;
+     CRYPTO_EX_DATA data;
+@@ -74,6 +117,12 @@ static int context_init(OSSL_LIB_CTX *ct
+     if (!ossl_property_parse_init(ctx))
+         goto err;
+ 
++# ifndef FIPS_MODULE
++	/* Preset the fips=yes default property with kernel FIPS mode */
++	if (!apply_kernel_fips_flag(ctx))
++		goto err;
++# endif
++
+     return 1;
+  err:
+     if (exdata_done)
+@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
+ 
+ DEFINE_RUN_ONCE_STATIC(default_context_do_init)
+ {
++	 read_kernel_fips_flag();
+     return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
+         && context_init(&default_context_int);
+ }

0012-Disable-explicit-ec.patch

@@ -0,0 +1,80 @@
+diff -up openssl-3.0.1/crypto/ec/ec_lib.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_lib.c
+--- openssl-3.0.1/crypto/ec/ec_lib.c.disable_explicit_ec	2022-02-22 09:08:48.557823665 +0100
++++ openssl-3.0.1/crypto/ec/ec_lib.c	2022-02-22 09:09:26.634133847 +0100
+@@ -1458,7 +1458,7 @@ static EC_GROUP *ec_group_explicit_to_na
+                 goto err;
+         }
+     } else {
+-        ret_group = (EC_GROUP *)group;
++        goto err;
+     }
+     EC_GROUP_free(dup);
+     return ret_group;
+diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.disable_explicit_ec openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c
+--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.disable_explicit_ec	2022-02-22 13:04:16.850856612 +0100
++++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c	2022-02-22 14:16:19.848369641 +0100
+@@ -936,11 +936,8 @@ int ec_validate(const void *keydata, int
+     if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
+         int flags = EC_KEY_get_flags(eck);
+ 
+-        if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0)
+-            ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
+-                           (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx) > 0;
+-        else
+-            ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
++        ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
++                      (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx);
+     }
+ 
+     if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
+@@ -1217,6 +1214,10 @@ static int ec_gen_assign_group(EC_KEY *e
+         ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET);
+         return 0;
+     }
++    if (EC_GROUP_get_curve_name(group) == NID_undef) {
++        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
++        return 0;
++    }
+     return EC_KEY_set_group(ec, group) > 0;
+ }
+ 
+diff -up openssl-3.0.1/providers/common/securitycheck.c.disable_explicit_ec openssl-3.0.1/providers/common/securitycheck.c
+--- openssl-3.0.1/providers/common/securitycheck.c.disable_explicit_ec	2022-02-25 11:44:19.554673396 +0100
++++ openssl-3.0.1/providers/common/securitycheck.c	2022-02-25 12:16:38.168610089 +0100
+@@ -93,22 +93,22 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx
+ int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect)
+ {
+ # if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
+-    if (ossl_securitycheck_enabled(ctx)) {
+-        int nid, strength;
+-        const char *curve_name;
+-        const EC_GROUP *group = EC_KEY_get0_group(ec);
++    int nid, strength;
++    const char *curve_name;
++    const EC_GROUP *group = EC_KEY_get0_group(ec);
+ 
+-        if (group == NULL) {
+-            ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group");
+-            return 0;
+-        }
+-        nid = EC_GROUP_get_curve_name(group);
+-        if (nid == NID_undef) {
+-            ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
+-                           "Explicit curves are not allowed in fips mode");
+-            return 0;
+-        }
++    if (group == NULL) {
++        ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group");
++        return 0;
++    }
++    nid = EC_GROUP_get_curve_name(group);
++    if (nid == NID_undef) {
++        ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
++                       "Explicit curves are not allowed in this build");
++        return 0;
++    }
+ 
++    if (ossl_securitycheck_enabled(ctx)) {
+         curve_name = EC_curve_nid2nist(nid);
+         if (curve_name == NULL) {
+             ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,

0024-load-legacy-prov.patch

@@ -0,0 +1,75 @@
+diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
+--- openssl-3.0.0/apps/openssl.cnf.legacy-prov	2021-09-09 12:06:40.895793297 +0200
++++ openssl-3.0.0/apps/openssl.cnf	2021-09-09 12:12:33.947482500 +0200
+@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
+ tsa_policy2 = 1.2.3.4.5.6
+ tsa_policy3 = 1.2.3.4.5.7
+ 
+-# For FIPS
+-# Optionally include a file that is generated by the OpenSSL fipsinstall
+-# application. This file contains configuration data required by the OpenSSL
+-# fips provider. It contains a named section e.g. [fips_sect] which is
+-# referenced from the [provider_sect] below.
+-# Refer to the OpenSSL security policy for more information.
+-# .include fipsmodule.cnf
+-
+ [openssl_init]
+ providers = provider_sect
+ # Load default TLS policy configuration
+ ssl_conf = ssl_module
+ 
+-# List of providers to load
+-[provider_sect]
+-default = default_sect
+-# The fips section name should match the section name inside the
+-# included fipsmodule.cnf.
+-# fips = fips_sect
++# Uncomment the sections that start with ## below to enable the legacy provider.
++# Loading the legacy provider enables support for the following algorithms:
++# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
++# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
++# Key Derivation Function (KDF): PBKDF1
++# In general it is not recommended to use the above mentioned algorithms for
++# security critical operations, as they are cryptographically weak or vulnerable
++# to side-channel attacks and as such have been deprecated.
+ 
+-# If no providers are activated explicitly, the default one is activated implicitly.
+-# See man 7 OSSL_PROVIDER-default for more details.
+-#
+-# If you add a section explicitly activating any other provider(s), you most
+-# probably need to explicitly activate the default provider, otherwise it
+-# becomes unavailable in openssl.  As a consequence applications depending on
+-# OpenSSL may not work correctly which could lead to significant system
+-# problems including inability to remotely access the system.
+-[default_sect]
+-# activate = 1
++[provider_sect]
++##default = default_sect
++##legacy = legacy_sect
++##
++##[default_sect]
++##activate = 1
++##
++##[legacy_sect]
++##activate = 1
+ 
+ [ ssl_module ]
+ 
+diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod
+--- openssl-3.0.0/doc/man5/config.pod.legacy-prov	2021-09-09 12:09:38.079040853 +0200
++++ openssl-3.0.0/doc/man5/config.pod	2021-09-09 12:11:56.646224876 +0200
+@@ -273,6 +273,14 @@ significant.
+ All parameters in the section as well as sub-sections are made
+ available to the provider.
+ 
++=head3 Loading the legacy provider
++
++Uncomment the sections that start with ## in openssl.cnf
++to enable the legacy provider.
++Note: In general it is not recommended to use the above mentioned algorithms for
++security critical operations, as they are cryptographically weak or vulnerable
++to side-channel attacks and as such have been deprecated.
++
+ =head3 Default provider and its activation
+ 
+ If no providers are activated explicitly, the default one is activated implicitly.

0049-Allow-disabling-of-SHA1-signatures.patch

@@ -0,0 +1,503 @@
+From b4f8964ad1903e24cd2ee07f42ce97c3047f4af4 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Mon, 21 Feb 2022 17:24:44 +0100
+Subject: [PATCH] Allow disabling of SHA1 signatures
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+NOTE: This patch is ported from CentOS 9 / RHEL 9, where it defaults to
+denying SHA1 signatures. On Fedora, the default is – for now – to allow
+SHA1 signatures.
+
+In order to phase out SHA1 signatures, introduce a new configuration
+option in the alg_section named 'rh-allow-sha1-signatures'. This option
+defaults to true. If set to false, any signature creation or
+verification operations that involve SHA1 as digest will fail.
+
+This also affects TLS, where the signature_algorithms extension of any
+ClientHello message sent by OpenSSL will no longer include signatures
+with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
+that request a client certificate, the same also applies for
+CertificateRequest messages sent by them.
+
+For signatures created using the EVP_PKEY API, this is a best-effort
+check that will deny signatures in cases where the digest algorithm is
+known. This means, for example, that that following steps will still
+work:
+
+ $> openssl dgst -sha1 -binary -out sha1 infile
+ $> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig
+ $> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1
+
+whereas these will not:
+
+ $> openssl dgst -sha1 -binary -out sha1 infile
+ $> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1
+ $> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1
+
+This happens because in the first case, OpenSSL's signature
+implementation does not know that it is signing a SHA1 hash (it could be
+signing arbitrary data).
+---
+ crypto/evp/evp_cnf.c                          | 13 +++
+ crypto/evp/m_sigver.c                         | 85 +++++++++++++++++++
+ crypto/evp/pmeth_lib.c                        | 15 ++++
+ doc/man5/config.pod                           | 13 +++
+ include/internal/cryptlib.h                   |  3 +-
+ include/internal/sslconf.h                    |  4 +
+ providers/common/securitycheck.c              | 20 +++++
+ providers/common/securitycheck_default.c      |  9 +-
+ providers/implementations/signature/dsa_sig.c | 11 ++-
+ .../implementations/signature/ecdsa_sig.c     |  4 +
+ providers/implementations/signature/rsa_sig.c | 20 ++++-
+ ssl/t1_lib.c                                  |  8 ++
+ util/libcrypto.num                            |  2 +
+ 13 files changed, 198 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
+index 0e7fe64cf9..b9d3b6d226 100644
+--- a/crypto/evp/evp_cnf.c
++++ b/crypto/evp/evp_cnf.c
+@@ -10,6 +10,7 @@
+ #include <stdio.h>
+ #include <openssl/crypto.h>
+ #include "internal/cryptlib.h"
++#include "internal/sslconf.h"
+ #include <openssl/conf.h>
+ #include <openssl/x509.h>
+ #include <openssl/x509v3.h>
+@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
+                 ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
+                 return 0;
+             }
++        } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
++            int m;
++
++            /* Detailed error already reported. */
++            if (!X509V3_get_value_bool(oval, &m))
++                return 0;
++
++            if (!ossl_ctx_legacy_digest_signatures_allowed_set(
++                    NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
++                ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
++                return 0;
++            }
+         } else {
+             ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
+                            "name=%s, value=%s", oval->name, oval->value);
+diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
+index 76a6814b42..8da2183ce0 100644
+--- a/crypto/evp/m_sigver.c
++++ b/crypto/evp/m_sigver.c
+@@ -16,6 +16,79 @@
+ #include "internal/numbers.h"   /* includes SIZE_MAX */
+ #include "evp_local.h"
+ 
++typedef struct ossl_legacy_digest_signatures_st {
++    int allowed;
++} OSSL_LEGACY_DIGEST_SIGNATURES;
++
++static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
++{
++    OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
++
++    if (ldsigs != NULL) {
++        OPENSSL_free(ldsigs);
++    }
++}
++
++static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
++{
++    OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
++    /* Warning: This patch differs from the same patch in CentOS and RHEL here,
++     * because the default on Fedora is to allow SHA-1 and support disabling
++     * it, while CentOS/RHEL disable it by default and allow enabling it. */
++    ldsigs->allowed = 1;
++    return ldsigs;
++}
++
++static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = {
++    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
++    ossl_ctx_legacy_digest_signatures_new,
++    ossl_ctx_legacy_digest_signatures_free,
++};
++
++static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
++        OSSL_LIB_CTX *libctx, int loadconfig)
++{
++#ifndef FIPS_MODULE
++    if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
++        return NULL;
++#endif
++
++    return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES,
++                                 &ossl_ctx_legacy_digest_signatures_method);
++}
++
++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
++{
++    OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
++        = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
++
++#ifndef FIPS_MODULE
++    if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
++        /* used in tests */
++        return 1;
++#endif
++
++    /* Warning: This patch differs from the same patch in CentOS and RHEL here,
++     * because the default on Fedora is to allow SHA-1 and support disabling
++     * it, while CentOS/RHEL disable it by default and allow enabling it. */
++    return ldsigs != NULL ? ldsigs->allowed : 1;
++}
++
++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
++                                                  int loadconfig)
++{
++    OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
++        = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
++
++    if (ldsigs == NULL) {
++        ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
++        return 0;
++    }
++
++    ldsigs->allowed = allow;
++    return 1;
++}
++
+ #ifndef FIPS_MODULE
+ 
+ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
+@@ -258,6 +331,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+         }
+     }
+ 
++    if (ctx->reqdigest != NULL
++            && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
++            && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
++            && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
++        int mdnid = EVP_MD_nid(ctx->reqdigest);
++        if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
++                && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
++            goto err;
++        }
++    }
++
+     if (ver) {
+         if (signature->digest_verify_init == NULL) {
+             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
+index 2b9c6c2351..3c5a1e6f5d 100644
+--- a/crypto/evp/pmeth_lib.c
++++ b/crypto/evp/pmeth_lib.c
+@@ -33,6 +33,7 @@
+ #include "internal/ffc.h"
+ #include "internal/numbers.h"
+ #include "internal/provider.h"
++#include "internal/sslconf.h"
+ #include "evp_local.h"
+ 
+ #ifndef FIPS_MODULE
+@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
+         return -2;
+     }
+ 
++    if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
++            && md != NULL
++            && ctx->pkey != NULL
++            && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
++            && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
++            && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
++        int mdnid = EVP_MD_nid(md);
++        if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
++                && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
++            return -1;
++        }
++    }
++
+     if (fallback)
+         return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
+ 
+diff --git a/doc/man5/config.pod b/doc/man5/config.pod
+index 77a8055e81..0c9110d28a 100644
+--- a/doc/man5/config.pod
++++ b/doc/man5/config.pod
+@@ -296,6 +296,19 @@ Within the algorithm properties section, the following names have meaning:
+ The value may be anything that is acceptable as a property query
+ string for EVP_set_default_properties().
+ 
++=item B<rh-allow-sha1-signatures>
++
++The value is a boolean that can be B<yes> or B<no>.  If the value is not set,
++it behaves as if it was set to B<yes>.
++
++When set to B<no>, any attempt to create or verify a signature with a SHA1
++digest will fail.  To test whether your software will work with future versions
++of OpenSSL, set this option to B<no>.  This setting also affects TLS, where
++signature algorithms that use SHA1 as digest will no longer be supported if
++this option is set to B<no>.  Because TLS 1.1 or lower use MD5-SHA1 as
++pseudorandom function (PRF) to derive key material, disabling
++B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
++
+ =item B<fips_mode> (deprecated)
+ 
+ The value is a boolean that can be B<yes> or B<no>.  If the value is
+diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
+index 1291299b6e..e234341e6a 100644
+--- a/include/internal/cryptlib.h
++++ b/include/internal/cryptlib.h
+@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
+ # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX           16
+ # define OSSL_LIB_CTX_BIO_CORE_INDEX                17
+ # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX          18
+-# define OSSL_LIB_CTX_MAX_INDEXES                   19
++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES      19
++# define OSSL_LIB_CTX_MAX_INDEXES                   20
+ 
+ # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY          -1
+ # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY       0
+diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
+index fd7f7e3331..05464b0655 100644
+--- a/include/internal/sslconf.h
++++ b/include/internal/sslconf.h
+@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
+ void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
+                       char **arg);
+ 
++/* Methods to support disabling all signatures with legacy digests */
++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
++                                                  int loadconfig);
+ #endif
+diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
+index 699ada7c52..e534ad0a5f 100644
+--- a/providers/common/securitycheck.c
++++ b/providers/common/securitycheck.c
+@@ -19,6 +19,7 @@
+ #include <openssl/core_names.h>
+ #include <openssl/obj_mac.h>
+ #include "prov/securitycheck.h"
++#include "internal/sslconf.h"
+ 
+ /*
+  * FIPS requires a minimum security strength of 112 bits (for encryption or
+@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+             mdnid = -1; /* disallowed by security checks */
+     }
+ # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
++
++#ifndef FIPS_MODULE
++    if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
++        /* SHA1 is globally disabled, check whether we want to locally allow
++         * it. */
++        if (mdnid == NID_sha1 && !sha1_allowed)
++            mdnid = -1;
++#endif
++
+     return mdnid;
+ }
+ 
+@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
+     if (ossl_securitycheck_enabled(ctx))
+         return ossl_digest_get_approved_nid(md) != NID_undef;
+ # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
++
++#ifndef FIPS_MODULE
++    {
++        int mdnid = EVP_MD_nid(md);
++        if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
++                && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
++            return 0;
++    }
++#endif
++
+     return 1;
+ }
+diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
+index de7f0d3a0a..ce54a94fbc 100644
+--- a/providers/common/securitycheck_default.c
++++ b/providers/common/securitycheck_default.c
+@@ -15,6 +15,7 @@
+ #include <openssl/obj_mac.h>
+ #include "prov/securitycheck.h"
+ #include "internal/nelem.h"
++#include "internal/sslconf.h"
+ 
+ /* Disable the security checks in the default provider */
+ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
+@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
+ }
+ 
+ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+-                                    ossl_unused int sha1_allowed)
++                                    int sha1_allowed)
+ {
+     int mdnid;
++    int ldsigs_allowed;
+ 
+     static const OSSL_ITEM name_to_nid[] = {
+         { NID_md5,       OSSL_DIGEST_NAME_MD5       },
+@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+         { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
+     };
+ 
+-    mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
++    ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
++    mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
+     if (mdnid == NID_undef)
+         mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
++    if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
++        mdnid = -1;
+     return mdnid;
+ }
+diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
+index 28fd7c498e..fa3822f39f 100644
+--- a/providers/implementations/signature/dsa_sig.c
++++ b/providers/implementations/signature/dsa_sig.c
+@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
+         mdprops = ctx->propq;
+ 
+     if (mdname != NULL) {
+-        int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+         WPACKET pkt;
+         EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
+-        int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
+-                                                            sha1_allowed);
++        int md_nid;
+         size_t mdname_len = strlen(mdname);
++#ifdef FIPS_MODULE
++        int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
++#else
++        int sha1_allowed = 0;
++#endif
++        md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
++                                                            sha1_allowed);
+ 
+         if (md == NULL || md_nid < 0) {
+             if (md == NULL)
+diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
+index 865d49d100..99b228e82c 100644
+--- a/providers/implementations/signature/ecdsa_sig.c
++++ b/providers/implementations/signature/ecdsa_sig.c
+@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
+                        "%s could not be fetched", mdname);
+         return 0;
+     }
++#ifdef FIPS_MODULE
+     sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
++#else
++    sha1_allowed = 0;
++#endif
+     md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
+                                                     sha1_allowed);
+     if (md_nid < 0) {
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 325e855333..bea397f0c1 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -26,6 +26,7 @@
+ #include "internal/cryptlib.h"
+ #include "internal/nelem.h"
+ #include "internal/sizes.h"
++#include "internal/sslconf.h"
+ #include "crypto/rsa.h"
+ #include "prov/providercommon.h"
+ #include "prov/implementations.h"
+@@ -34,6 +35,7 @@
+ #include "prov/securitycheck.h"
+ 
+ #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
++#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
+ 
+ static OSSL_FUNC_signature_newctx_fn rsa_newctx;
+ static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
+@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
+ 
+     if (mdname != NULL) {
+         EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
++        int md_nid;
++        size_t mdname_len = strlen(mdname);
++#ifdef FIPS_MODULE
+         int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+-        int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
++#else
++        int sha1_allowed = 0;
++#endif
++        md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
+                                                      sha1_allowed);
+-        size_t mdname_len = strlen(mdname);
+ 
+         if (md == NULL
+             || md_nid <= 0
+@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+     prsactx->pad_mode = pad_mode;
+ 
+     if (prsactx->md == NULL && pmdname == NULL
+-        && pad_mode == RSA_PKCS1_PSS_PADDING)
++        && pad_mode == RSA_PKCS1_PSS_PADDING) {
+         pmdname = RSA_DEFAULT_DIGEST_NAME;
++#ifndef FIPS_MODULE
++        if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
++            pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
++        }
++#endif
++    }
++
+ 
+     if (pmgf1mdname != NULL
+         && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 41fddf22a7..dcd487ec2e 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -20,6 +20,7 @@
+ #include <openssl/bn.h>
+ #include <openssl/provider.h>
+ #include <openssl/param_build.h>
++#include "internal/sslconf.h"
+ #include "internal/nelem.h"
+ #include "internal/sizes.h"
+ #include "internal/tlsgroups.h"
+@@ -1145,11 +1146,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
+         = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
+     EVP_PKEY *tmpkey = EVP_PKEY_new();
+     int ret = 0;
++    int ldsigs_allowed;
+ 
+     if (cache == NULL || tmpkey == NULL)
+         goto err;
+ 
+     ERR_set_mark();
++    ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
+     for (i = 0, lu = sigalg_lookup_tbl;
+          i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
+         EVP_PKEY_CTX *pctx;
+@@ -1169,6 +1172,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
+             cache[i].enabled = 0;
+             continue;
+         }
++        if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
++                && !ldsigs_allowed) {
++            cache[i].enabled = 0;
++            continue;
++        }
+ 
+         if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
+             cache[i].enabled = 0;
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index 10b4e57d79..2d3c363bb0 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex                        5552	3_0_0	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
+ OSSL_CMP_CTX_reset_geninfo_ITAVs        5558	3_0_8	EXIST::FUNCTION:CMP
+ ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
++ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
++ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:
+-- 
+2.35.1
+

0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch

@@ -0,0 +1,221 @@
+From f470b130139919f32926b3f5a75ba4d161cbcf88 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Tue, 1 Mar 2022 15:44:18 +0100
+Subject: [PATCH 2/2] Allow SHA1 in seclevel 1 if rh-allow-sha1-signatures =
+ yes
+
+NOTE: This patch is ported from CentOS 9 / RHEL 9, where it allows SHA1
+in seclevel 2 if rh-allow-sha1-signatures = yes. This was chosen because
+on CentOS 9 and RHEL 9, the LEGACY crypto policy sets the security level
+to 2.
+
+On Fedora 35 (with OpenSSL 1.1) the legacy crypto policy uses security
+level 1. Because Fedora 36 supports both OpenSSL 1.1 and OpenSSL 3, and
+we want the legacy crypto policy to allow SHA-1 in TLS, the only option
+to make this happen consistently in both OpenSSL 1.1 and OpenSSL 3 is
+SECLEVEL=1 (which will allow SHA-1 in OpenSSL 1.1) and this change to
+allow SHA-1 in SECLEVEL=1 with rh-allow-sha1-signatures = yes (which
+will allow SHA-1 in OpenSSL 3).
+
+The change from CentOS 9 / RHEL 9 cannot be applied unmodified, because
+rh-allow-sha1-signatures will default to yes in Fedora (according to our
+current plans including until F38), and the security level in the
+DEFAULT crypto policy is 2, i.e., the unmodified change would weaken the
+default configuration.
+
+Related: rhbz#2055796
+Related: rhbz#2070977
+---
+ crypto/x509/x509_vfy.c        | 20 ++++++++++-
+ doc/man5/config.pod           |  7 ++++
+ ssl/t1_lib.c                  | 67 ++++++++++++++++++++++++++++-------
+ test/recipes/25-test_verify.t |  4 +--
+ 4 files changed, 82 insertions(+), 16 deletions(-)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 2f175ca517..bf0c608839 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -25,6 +25,7 @@
+ #include <openssl/objects.h>
+ #include <openssl/core_names.h>
+ #include "internal/dane.h"
++#include "internal/sslconf.h"
+ #include "crypto/x509.h"
+ #include "x509_local.h"
+ 
+@@ -3441,14 +3442,31 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
+ {
+     int secbits = -1;
+     int level = ctx->param->auth_level;
++    int nid;
++    OSSL_LIB_CTX *libctx = NULL;
+ 
+     if (level <= 0)
+         return 1;
+     if (level > NUM_AUTH_LEVELS)
+         level = NUM_AUTH_LEVELS;
+ 
+-    if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
++    if (ctx->libctx)
++        libctx = ctx->libctx;
++    else if (cert->libctx)
++        libctx = cert->libctx;
++    else
++        libctx = OSSL_LIB_CTX_get0_global_default();
++
++    if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
+         return 0;
+ 
++    if ((nid == NID_sha1 || nid == NID_md5_sha1)
++            && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
++            && ctx->param->auth_level < 2)
++        /* When rh-allow-sha1-signatures = yes and security level <= 1,
++         * explicitly allow SHA1 for backwards compatibility. Also allow
++         * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
++        return 1;
++
+     return secbits >= minbits_table[level - 1];
+ }
+diff --git a/doc/man5/config.pod b/doc/man5/config.pod
+index 0c9110d28a..e0516d20b8 100644
+--- a/doc/man5/config.pod
++++ b/doc/man5/config.pod
+@@ -309,6 +309,13 @@ this option is set to B<no>.  Because TLS 1.1 or lower use MD5-SHA1 as
+ pseudorandom function (PRF) to derive key material, disabling
+ B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
+ 
++Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
++algorithms that use SHA1 in security level 1, despite the definition of
++security level 1 of 80 bits of security, which SHA1 and MD5-SHA1 do not meet.
++This allows using SHA1 and MD5-SHA1 in TLS in the LEGACY crypto-policy on
++Fedora without requiring to set the security level to 0, which would include
++further insecure algorithms, and thus restores support for TLS 1.0 and 1.1.
++
+ =item B<fips_mode> (deprecated)
+ 
+ The value is a boolean that can be B<yes> or B<no>.  If the value is
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index dcd487ec2e..0b50266b69 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -20,6 +20,7 @@
+ #include <openssl/bn.h>
+ #include <openssl/provider.h>
+ #include <openssl/param_build.h>
++#include "crypto/x509.h"
+ #include "internal/sslconf.h"
+ #include "internal/nelem.h"
+ #include "internal/sizes.h"
+@@ -1561,19 +1562,28 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
+         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
+         return 0;
+     }
+-    /*
+-     * Make sure security callback allows algorithm. For historical
+-     * reasons we have to pass the sigalg as a two byte char array.
+-     */
+-    sigalgstr[0] = (sig >> 8) & 0xff;
+-    sigalgstr[1] = sig & 0xff;
+-    secbits = sigalg_security_bits(s->ctx, lu);
+-    if (secbits == 0 ||
+-        !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+-                      md != NULL ? EVP_MD_get_type(md) : NID_undef,
+-                      (void *)sigalgstr)) {
+-        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
+-        return 0;
++
++    if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
++            && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
++            && SSL_get_security_level(s) < 2) {
++        /* When rh-allow-sha1-signatures = yes and security level <= 1,
++         * explicitly allow SHA1 for backwards compatibility. Also allow
++         * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
++    } else {
++        /*
++         * Make sure security callback allows algorithm. For historical
++         * reasons we have to pass the sigalg as a two byte char array.
++         */
++        sigalgstr[0] = (sig >> 8) & 0xff;
++        sigalgstr[1] = sig & 0xff;
++        secbits = sigalg_security_bits(s->ctx, lu);
++        if (secbits == 0 ||
++            !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
++                          md != NULL ? EVP_MD_get_type(md) : NID_undef,
++                          (void *)sigalgstr)) {
++            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
++            return 0;
++        }
+     }
+     /* Store the sigalg the peer uses */
+     s->s3.tmp.peer_sigalg = lu;
+@@ -2106,6 +2116,15 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
+         }
+     }
+ 
++    if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
++            && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
++            && SSL_get_security_level(s) < 2) {
++        /* When rh-allow-sha1-signatures = yes and security level <= 1,
++         * explicitly allow SHA1 for backwards compatibility. Also allow
++         * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
++        return 1;
++    }
++
+     /* Finally see if security callback allows it */
+     secbits = sigalg_security_bits(s->ctx, lu);
+     sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
+@@ -2977,6 +2996,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+ {
+     /* Lookup signature algorithm digest */
+     int secbits, nid, pknid;
++    OSSL_LIB_CTX *libctx = NULL;
++
+     /* Don't check signature if self signed */
+     if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
+         return 1;
+@@ -2985,6 +3006,26 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+     /* If digest NID not defined use signature NID */
+     if (nid == NID_undef)
+         nid = pknid;
++
++    if (x && x->libctx)
++        libctx = x->libctx;
++    else if (ctx && ctx->libctx)
++        libctx = ctx->libctx;
++    else if (s && s->ctx && s->ctx->libctx)
++        libctx = s->ctx->libctx;
++    else
++        libctx = OSSL_LIB_CTX_get0_global_default();
++
++    if ((nid == NID_sha1 || nid == NID_md5_sha1)
++            && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
++            && ((s != NULL && SSL_get_security_level(s) < 2)
++                || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
++            ))
++        /* When rh-allow-sha1-signatures = yes and security level <= 1,
++         * explicitly allow SHA1 for backwards compatibility. Also allow
++         * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
++        return 1;
++
+     if (s)
+         return ssl_security(s, op, secbits, nid, x);
+     else
+diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
+index 700bbd849c..280477bc9d 100644
+--- a/test/recipes/25-test_verify.t
++++ b/test/recipes/25-test_verify.t
+@@ -387,8 +387,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
+ ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
+     "CA with PSS signature using SHA256");
+ 
+-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
+-    "Reject PSS signature using SHA1 and auth level 1");
++ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
++    "Reject PSS signature using SHA1 and auth level 2");
+ 
+ ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+     "PSS signature using SHA256 and auth level 2");
+-- 
+2.35.1
+

0053-Add-SHA1-probes.patch

@@ -0,0 +1,238 @@
+From 428369896db1656af748a67bb36fba039e7b39ad Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Mon, 25 Apr 2022 15:21:46 +0200
+Subject: [PATCH] Instrument SHA-1 signatures with USDT probes
+
+In order to discover remaining uses of SHA-1 in signatures without
+forcefully breaking the code paths, add USDT probes that can be queried
+with systemtap at runtime.
+
+This should allow identifying components that still use SHA-1 signatures
+in production so that they can be transitioned to more modern hash
+algorithms.
+---
+ crypto/evp/m_sigver.c                    | 13 +++++++++----
+ crypto/evp/pmeth_lib.c                   | 13 +++++++++----
+ crypto/x509/x509_vfy.c                   |  6 +++++-
+ providers/common/securitycheck.c         | 22 +++++++++++++++-------
+ providers/common/securitycheck_default.c | 13 +++++++++++--
+ ssl/t1_lib.c                             |  8 +++++++-
+ 6 files changed, 56 insertions(+), 19 deletions(-)
+
+diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
+index 8da2183ce0..c17cdfa5d5 100644
+--- a/crypto/evp/m_sigver.c
++++ b/crypto/evp/m_sigver.c
+@@ -16,6 +16,8 @@
+ #include "internal/numbers.h"   /* includes SIZE_MAX */
+ #include "evp_local.h"
+ 
++#include <sys/sdt.h>
++
+ typedef struct ossl_legacy_digest_signatures_st {
+     int allowed;
+ } OSSL_LEGACY_DIGEST_SIGNATURES;
+@@ -336,10 +338,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+             && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
+             && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
+         int mdnid = EVP_MD_nid(ctx->reqdigest);
+-        if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
+-                && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
+-            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
+-            goto err;
++        if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
++            if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)) {
++                ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
++                goto err;
++            } else {
++                DTRACE_PROBE1(libcrypto, fedora_do_sigver_init_1, mdnid);
++            }
+         }
+     }
+ 
+diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
+index b96f148c0d..54fcf24945 100644
+--- a/crypto/evp/pmeth_lib.c
++++ b/crypto/evp/pmeth_lib.c
+@@ -37,6 +37,8 @@
+ #include "internal/sslconf.h"
+ #include "evp_local.h"
+ 
++#include <sys/sdt.h>
++
+ #ifndef FIPS_MODULE
+ 
+ static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx,
+@@ -956,10 +958,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
+             && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
+             && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
+         int mdnid = EVP_MD_nid(md);
+-        if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
+-                && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
+-            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
+-            return -1;
++        if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
++            if (!ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
++                ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
++                return -1;
++            } else {
++                DTRACE_PROBE1(libcrypto, fedora_evp_pkey_ctx_set_md_1, mdnid);
++            }
+         }
+     }
+ 
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index bf0c608839..78638ce80e 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -29,6 +29,8 @@
+ #include "crypto/x509.h"
+ #include "x509_local.h"
+ 
++#include <sys/sdt.h>
++
+ /* CRL score values */
+ 
+ #define CRL_SCORE_NOCRITICAL    0x100 /* No unhandled critical extensions */
+@@ -3462,11 +3464,13 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
+ 
+     if ((nid == NID_sha1 || nid == NID_md5_sha1)
+             && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+-            && ctx->param->auth_level < 2)
++            && ctx->param->auth_level < 2) {
++        DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid);
+         /* When rh-allow-sha1-signatures = yes and security level <= 1,
+          * explicitly allow SHA1 for backwards compatibility. Also allow
+          * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+         return 1;
++    }
+ 
+     return secbits >= minbits_table[level - 1];
+ }
+diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
+index e534ad0a5f..bf496450cf 100644
+--- a/providers/common/securitycheck.c
++++ b/providers/common/securitycheck.c
+@@ -21,6 +21,8 @@
+ #include "prov/securitycheck.h"
+ #include "internal/sslconf.h"
+ 
++#include <sys/sdt.h>
++
+ /*
+  * FIPS requires a minimum security strength of 112 bits (for encryption or
+  * signing), and for legacy purposes 80 bits (for decryption or verifying).
+@@ -238,11 +240,14 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+ # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
+ 
+ #ifndef FIPS_MODULE
+-    if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
+-        /* SHA1 is globally disabled, check whether we want to locally allow
+-         * it. */
+-        if (mdnid == NID_sha1 && !sha1_allowed)
++    if (mdnid == NID_sha1 && !sha1_allowed) {
++        if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
++            /* SHA1 is globally disabled, check whether we want to locally allow
++             * it. */
+             mdnid = -1;
++        else
++            DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid);
++    }
+ #endif
+ 
+     return mdnid;
+@@ -258,9 +263,12 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
+ #ifndef FIPS_MODULE
+     {
+         int mdnid = EVP_MD_nid(md);
+-        if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
+-                && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
+-            return 0;
++        if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
++            if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
++                return 0;
++            else
++                DTRACE_PROBE1(libcrypto, fedora_ossl_digest_is_allowed_1, mdnid);
++        }
+     }
+ #endif
+ 
+diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
+index ce54a94fbc..2d21e4a7df 100644
+--- a/providers/common/securitycheck_default.c
++++ b/providers/common/securitycheck_default.c
+@@ -17,6 +17,8 @@
+ #include "internal/nelem.h"
+ #include "internal/sslconf.h"
+ 
++#include <sys/sdt.h>
++
+ /* Disable the security checks in the default provider */
+ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
+ {
+@@ -40,9 +42,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+ 
+     ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
+     mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
++    if (mdnid == NID_sha1)
++        /* This will only happen if SHA1 is allowed, otherwise mdnid is -1. */
++        DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_1, mdnid);
+     if (mdnid == NID_undef)
+         mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
+-    if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
+-        mdnid = -1;
++    if (mdnid == NID_md5_sha1) {
++        if (ldsigs_allowed)
++            DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_2, mdnid);
++        else
++            mdnid = -1;
++    }
+     return mdnid;
+ }
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 0b50266b69..d05e696a28 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -28,6 +28,8 @@
+ #include "ssl_local.h"
+ #include <openssl/ct.h>
+ 
++#include <sys/sdt.h>
++
+ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
+ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
+ 
+@@ -1569,6 +1571,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
+         /* When rh-allow-sha1-signatures = yes and security level <= 1,
+          * explicitly allow SHA1 for backwards compatibility. Also allow
+          * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
++        DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash);
+     } else {
+         /*
+          * Make sure security callback allows algorithm. For historical
+@@ -2122,6 +2125,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
+         /* When rh-allow-sha1-signatures = yes and security level <= 1,
+          * explicitly allow SHA1 for backwards compatibility. Also allow
+          * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
++        DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash);
+         return 1;
+     }
+ 
+@@ -3020,11 +3024,13 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+             && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+             && ((s != NULL && SSL_get_security_level(s) < 2)
+                 || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
+-            ))
++            )) {
+         /* When rh-allow-sha1-signatures = yes and security level <= 1,
+          * explicitly allow SHA1 for backwards compatibility. Also allow
+          * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
++        DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid);
+         return 1;
++    }
+ 
+     if (s)
+         return ssl_security(s, op, secbits, nid, x);
+-- 
+2.35.1
+

0056-strcasecmp.patch

@@ -0,0 +1,14 @@
+diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
+--- openssl-3.0.3/util/libcrypto.num.locale	2022-06-01 12:35:52.667498724 +0200
++++ openssl-3.0.3/util/libcrypto.num	2022-06-01 12:36:08.112633093 +0200
+@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex
+ ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
+-OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+-OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
++OPENSSL_strcasecmp                      5556	3_0_1	EXIST::FUNCTION:
++OPENSSL_strncasecmp                     5557	3_0_1	EXIST::FUNCTION:
+ OSSL_CMP_CTX_reset_geninfo_ITAVs        5558	3_0_8	EXIST::FUNCTION:CMP
+ ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
+ ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:

configuration-prefix.h

@@ -0,0 +1,7 @@
+/* Prepended at openssl package build-time.  Don't include this file directly,
+ * use <openssl/opensslconf.h> instead. */
+
+#ifndef openssl_conf_multilib_redirection_h
+#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
+#endif
+

configuration-switch.h

@@ -0,0 +1,47 @@
+/* This file is here to prevent a file conflict on multiarch systems.  A
+ * conflict will frequently occur because arch-specific build-time
+ * configuration options are stored (and used, so they can't just be stripped
+ * out) in configuration.h.  The original configuration.h has been renamed.
+ * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
+
+#ifdef openssl_conf_multilib_redirection_h
+#error "Do not define openssl_conf_multilib_redirection_h!"
+#endif
+#define openssl_conf_multilib_redirection_h
+
+#if defined(__i386__)
+#include "configuration-i386.h"
+#elif defined(__ia64__)
+#include "configuration-ia64.h"
+#elif defined(__mips64) && defined(__MIPSEL__)
+#include "configuration-mips64el.h"
+#elif defined(__mips64)
+#include "configuration-mips64.h"
+#elif defined(__mips) && defined(__MIPSEL__)
+#include "configuration-mipsel.h"
+#elif defined(__mips)
+#include "configuration-mips.h"
+#elif defined(__powerpc64__)
+#include <endian.h>
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+#include "configuration-ppc64.h"
+#else
+#include "configuration-ppc64le.h"
+#endif
+#elif defined(__powerpc__)
+#include "configuration-ppc.h"
+#elif defined(__s390x__)
+#include "configuration-s390x.h"
+#elif defined(__s390__)
+#include "configuration-s390.h"
+#elif defined(__sparc__) && defined(__arch64__)
+#include "configuration-sparc64.h"
+#elif defined(__sparc__)
+#include "configuration-sparc.h"
+#elif defined(__x86_64__)
+#include "configuration-x86_64.h"
+#else
+#error "The openssl-devel package does not work your architecture?"
+#endif
+
+#undef openssl_conf_multilib_redirection_h

ec_curve.c

@@ -1,17 +1,24 @@
 /*
- * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include "ec_local.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
+#include <openssl/objects.h>
 #include <openssl/opensslconf.h>
 #include "internal/nelem.h"
 
@@ -242,43 +249,115 @@ typedef struct _ec_list_element_st {
     const char *comment;
 } ec_list_element;
 
+#ifdef FIPS_MODULE
 static const ec_list_element curve_list[] = {
     /* prime field curves */
     /* secg curves */
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-    {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+    {NID_secp224r1, &_EC_NIST_PRIME_224.h,
+# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+     EC_GFp_nistp224_method,
+# else
+     0,
+# endif
      "NIST/SECG curve over a 224 bit prime field"},
-#else
-    {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
-     "NIST/SECG curve over a 224 bit prime field"},
-#endif
-    {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
-     "SECG curve over a 256 bit prime field"},
     /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
-    {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
+    {NID_secp384r1, &_EC_NIST_PRIME_384.h,
+# if defined(S390X_EC_ASM)
+     EC_GFp_s390x_nistp384_method,
+# else
+     0,
+# endif
      "NIST/SECG curve over a 384 bit prime field"},
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-    {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
+
+    {NID_secp521r1, &_EC_NIST_PRIME_521.h,
+# if defined(S390X_EC_ASM)
+     EC_GFp_s390x_nistp521_method,
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+     EC_GFp_nistp521_method,
+# else
+     0,
+# endif
      "NIST/SECG curve over a 521 bit prime field"},
-#else
-    {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
-     "NIST/SECG curve over a 521 bit prime field"},
-#endif
+
     /* X9.62 curves */
     {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
-#if defined(ECP_NISTZ256_ASM)
+# if defined(ECP_NISTZ256_ASM)
      EC_GFp_nistz256_method,
-#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+# elif defined(S390X_EC_ASM)
+     EC_GFp_s390x_nistp256_method,
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
      EC_GFp_nistp256_method,
-#else
+# else
      0,
-#endif
+# endif
      "X9.62/SECG curve over a 256 bit prime field"},
 };
 
+#else
+
+static const ec_list_element curve_list[] = {
+    /* prime field curves */
+    /* secg curves */
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+     "NIST/SECG curve over a 224 bit prime field"},
+# else
+    {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
+     "NIST/SECG curve over a 224 bit prime field"},
+# endif
+    {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
+     "SECG curve over a 256 bit prime field"},
+    /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+    {NID_secp384r1, &_EC_NIST_PRIME_384.h,
+# if defined(S390X_EC_ASM)
+     EC_GFp_s390x_nistp384_method,
+# else
+     0,
+# endif
+     "NIST/SECG curve over a 384 bit prime field"},
+    {NID_secp521r1, &_EC_NIST_PRIME_521.h,
+# if defined(S390X_EC_ASM)
+     EC_GFp_s390x_nistp521_method,
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+     EC_GFp_nistp521_method,
+# else
+     0,
+# endif
+     "NIST/SECG curve over a 521 bit prime field"},
+    /* X9.62 curves */
+    {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+# if defined(ECP_NISTZ256_ASM)
+     EC_GFp_nistz256_method,
+# elif defined(S390X_EC_ASM)
+     EC_GFp_s390x_nistp256_method,
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+     EC_GFp_nistp256_method,
+# else
+     0,
+# endif
+     "X9.62/SECG curve over a 256 bit prime field"},
+};
+#endif /* FIPS_MODULE */
+
 #define curve_list_length OSSL_NELEM(curve_list)
 
-static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
+static const ec_list_element *ec_curve_nid2curve(int nid)
+{
+    size_t i;
+
+    if (nid <= 0)
+        return NULL;
+
+    for (i = 0; i < curve_list_length; i++) {
+        if (curve_list[i].nid == nid)
+            return &curve_list[i];
+    }
+    return NULL;
+}
+
+static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
+                                        const char *propq,
+                                        const ec_list_element curve)
 {
     EC_GROUP *group = NULL;
     EC_POINT *P = NULL;
@@ -293,10 +372,11 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
 
     /* If no curve data curve method must handle everything */
     if (curve.data == NULL)
-        return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
+        return ossl_ec_group_new_ex(libctx, propq,
+                                    curve.meth != NULL ? curve.meth() : NULL);
 
-    if ((ctx = BN_CTX_new()) == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+    if ((ctx = BN_CTX_new_ex(libctx)) == NULL) {
+        ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
@@ -309,20 +389,20 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
     if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
         || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
         || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
         goto err;
     }
 
     if (curve.meth != 0) {
         meth = curve.meth();
-        if (((group = EC_GROUP_new(meth)) == NULL) ||
+        if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) ||
             (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
-            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
             goto err;
         }
     } else if (data->field_type == NID_X9_62_prime_field) {
         if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
-            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
             goto err;
         }
     }
@@ -331,7 +411,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
                                  * NID_X9_62_characteristic_two_field */
 
         if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
-            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
             goto err;
         }
     }
@@ -340,31 +420,31 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
     EC_GROUP_set_curve_name(group, curve.nid);
 
     if ((P = EC_POINT_new(group)) == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
         goto err;
     }
 
     if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
         || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
         goto err;
     }
     if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
         goto err;
     }
     if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
         || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
         goto err;
     }
     if (!EC_GROUP_set_generator(group, P, order, x)) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
         goto err;
     }
     if (seed_len) {
         if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
-            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
             goto err;
         }
     }
@@ -385,28 +465,33 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
     return group;
 }
 
-EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
+EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq,
+                                        int nid)
 {
-    size_t i;
     EC_GROUP *ret = NULL;
+    const ec_list_element *curve;
 
-    if (nid <= 0)
-        return NULL;
-
-    for (i = 0; i < curve_list_length; i++)
-        if (curve_list[i].nid == nid) {
-            ret = ec_group_new_from_data(curve_list[i]);
-            break;
-        }
-
-    if (ret == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+    if ((curve = ec_curve_nid2curve(nid)) == NULL
+        || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) {
+#ifndef FIPS_MODULE
+        ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP,
+                       "name=%s", OBJ_nid2sn(nid));
+#else
+        ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
+#endif
         return NULL;
     }
 
     return ret;
 }
 
+#ifndef FIPS_MODULE
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
+{
+    return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
+}
+#endif
+
 size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
 {
     size_t i, min;
@@ -424,49 +509,14 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
     return curve_list_length;
 }
 
-/* Functions to translate between common NIST curve names and NIDs */
-
-typedef struct {
-    const char *name;           /* NIST Name of curve */
-    int nid;                    /* Curve NID */
-} EC_NIST_NAME;
-
-static EC_NIST_NAME nist_curves[] = {
-    {"B-163", NID_sect163r2},
-    {"B-233", NID_sect233r1},
-    {"B-283", NID_sect283r1},
-    {"B-409", NID_sect409r1},
-    {"B-571", NID_sect571r1},
-    {"K-163", NID_sect163k1},
-    {"K-233", NID_sect233k1},
-    {"K-283", NID_sect283k1},
-    {"K-409", NID_sect409k1},
-    {"K-571", NID_sect571k1},
-    {"P-192", NID_X9_62_prime192v1},
-    {"P-224", NID_secp224r1},
-    {"P-256", NID_X9_62_prime256v1},
-    {"P-384", NID_secp384r1},
-    {"P-521", NID_secp521r1}
-};
-
 const char *EC_curve_nid2nist(int nid)
 {
-    size_t i;
-    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
-        if (nist_curves[i].nid == nid)
-            return nist_curves[i].name;
-    }
-    return NULL;
+    return ossl_ec_curve_nid2nist_int(nid);
 }
 
 int EC_curve_nist2nid(const char *name)
 {
-    size_t i;
-    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
-        if (strcmp(nist_curves[i].name, name) == 0)
-            return nist_curves[i].nid;
-    }
-    return NID_undef;
+    return ossl_ec_curve_nist2nid_int(name);
 }
 
 #define NUM_BN_FIELDS 6
@@ -478,7 +528,7 @@ int EC_curve_nist2nid(const char *name)
  * Returns: The nid associated with the found named curve, or NID_undef
  *          if not found. If there was an error it returns -1.
  */
-int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
+int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
 {
     int ret = -1, nid, len, field_type, param_len;
     size_t i, seed_len;
@@ -486,17 +536,13 @@ int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
     unsigned char *param_bytes = NULL;
     const EC_CURVE_DATA *data;
     const EC_POINT *generator = NULL;
-    const EC_METHOD *meth;
     const BIGNUM *cofactor = NULL;
     /* An array of BIGNUMs for (p, a, b, x, y, order) */
     BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
 
-    meth = EC_GROUP_method_of(group);
-    if (meth == NULL)
-        return -1;
     /* Use the optional named curve nid as a search field */
     nid = EC_GROUP_get_curve_name(group);
-    field_type = EC_METHOD_get_field_type(meth);
+    field_type = EC_GROUP_get_field_type(group);
     seed_len = EC_GROUP_get_seed_len(group);
     seed = EC_GROUP_get0_seed(group);
     cofactor = EC_GROUP_get0_cofactor(group);

genpatches

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if [ $# -ne 2 ] ; then
+    echo "Usage:"
+    echo "   $0 <git-dir> <base-tag>"
+    exit 1
+fi
+
+git_dir="$1"
+base_tag="$2"
+
+target_dir="$(pwd)"
+
+pushd "$git_dir" >/dev/null
+git format-patch -k -o "$target_dir" "$base_tag" >/dev/null
+popd >/dev/null
+
+echo "# Patches exported from source git"
+
+i=1
+for p in *.patch ; do
+    printf "# "
+    sed '/^Subject:/{s/^Subject: //;p};d' "$p"
+    printf "Patch%s: %s\n" $i "$p"
+    i=$(($i + 1))
+done

openssl-1.1.0-issuer-hash.patch

@@ -1,11 +0,0 @@
-diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
---- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash	2016-07-18 15:16:32.788881100 +0200
-+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c	2016-07-18 15:17:16.671871840 +0200
-@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
- 
-     if (ctx == NULL)
-         goto err;
-+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-     f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
-     if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
-         goto err;

openssl-1.1.1-alpn-cb.patch

@@ -1,27 +0,0 @@
-commit 9e885a707d604e9528b5491b78fb9c00f41193fc
-Author: Tomas Mraz <tmraz@fedoraproject.org>
-Date:   Thu Mar 26 15:59:00 2020 +0100
-
-    s_server: Properly indicate ALPN protocol mismatch
-    
-    Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
-    an alert is sent to the client on ALPN protocol mismatch.
-    
-    Fixes: #2708
-    
-    Reviewed-by: Matt Caswell <matt@openssl.org>
-    (Merged from https://github.com/openssl/openssl/pull/11415)
-
-diff --git a/apps/s_server.c b/apps/s_server.c
-index bcc83e562c..591c6c19c5 100644
---- a/apps/s_server.c
-+++ b/apps/s_server.c
-@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
-     if (SSL_select_next_proto
-         ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
-          inlen) != OPENSSL_NPN_NEGOTIATED) {
--        return SSL_TLSEXT_ERR_NOACK;
-+        return SSL_TLSEXT_ERR_ALERT_FATAL;
-     }
- 
-     if (!s_quiet) {

openssl-1.1.1-apps-dgst.patch

@@ -1,12 +0,0 @@
-diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
---- openssl-1.1.1b/apps/ca.c.dgst	2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/apps/ca.c	2019-03-15 15:53:46.622267688 +0100
-@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
-     {"enddate", OPT_ENDDATE, 's',
-      "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
-     {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
--    {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
-+    {"md", OPT_MD, 's', "md to use; see openssl help for list"},
-     {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
-     {"keyfile", OPT_KEYFILE, 's', "Private key"},
-     {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},

openssl-1.1.1-build.patch

@@ -1,40 +0,0 @@
-diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf
---- openssl-1.1.1f/Configurations/10-main.conf.build	2020-03-31 14:17:45.000000000 +0200
-+++ openssl-1.1.1f/Configurations/10-main.conf	2020-04-07 16:42:10.920546387 +0200
-@@ -678,6 +678,7 @@ my %targets = (
-         cxxflags         => add("-m64"),
-         lib_cppflags     => add("-DL_ENDIAN"),
-         perlasm_scheme   => "linux64le",
-+        multilib         => "64",
-     },
- 
-     "linux-armv4" => {
-@@ -718,6 +719,7 @@ my %targets = (
-     "linux-aarch64" => {
-         inherit_from     => [ "linux-generic64", asm("aarch64_asm") ],
-         perlasm_scheme   => "linux64",
-+        multilib         => "64",
-     },
-     "linux-arm64ilp32" => {  # https://wiki.linaro.org/Platform/arm64-ilp32
-         inherit_from     => [ "linux-generic32", asm("aarch64_asm") ],
-diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build	2020-04-07 16:42:10.920546387 +0200
-+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl	2020-04-07 16:44:23.539142108 +0200
-@@ -823,7 +823,7 @@ uninstall_runtime_libs:
- install_man_docs:
- 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- 	@$(ECHO) "*** Installing manpages"
--	$(PERL) $(SRCDIR)/util/process_docs.pl \
-+	TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
- 		"--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX)
- 
- uninstall_man_docs:
-@@ -835,7 +835,7 @@ uninstall_man_docs:
- install_html_docs:
- 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- 	@$(ECHO) "*** Installing HTML manpages"
--	$(PERL) $(SRCDIR)/util/process_docs.pl \
-+	TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
- 		"--destdir=$(DESTDIR)$(HTMLDIR)" --type=html
- 
- uninstall_html_docs:

openssl-1.1.1-conf-paths.patch

@@ -1,56 +0,0 @@
-diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in
---- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths	2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/apps/CA.pl.in	2018-07-25 17:26:58.388624296 +0200
-@@ -33,7 +33,7 @@ my $X509 = "$openssl x509";
- my $PKCS12 = "$openssl pkcs12";
- 
- # default openssl.cnf file has setup as per the following
--my $CATOP = "./demoCA";
-+my $CATOP = "/etc/pki/CA";
- my $CAKEY = "cakey.pem";
- my $CAREQ = "careq.pem";
- my $CACERT = "cacert.pem";
-diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf
---- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths	2018-07-25 17:26:58.378624057 +0200
-+++ openssl-1.1.1-pre8/apps/openssl.cnf	2018-07-27 13:20:08.198513471 +0200
-@@ -23,6 +23,22 @@ oid_section		= new_oids
- # (Alternatively, use a configuration file that has only
- # X.509v3 extensions in its main [= default] section.)
- 
-+# Load default TLS policy configuration
-+
-+openssl_conf = default_modules
-+
-+[ default_modules ]
-+
-+ssl_conf = ssl_module
-+
-+[ ssl_module ]
-+
-+system_default = crypto_policy
-+
-+[ crypto_policy ]
-+
-+.include = /etc/crypto-policies/back-ends/opensslcnf.config
-+
- [ new_oids ]
- 
- # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
-@@ -43,7 +59,7 @@ default_ca	= CA_default		# The default c
- ####################################################################
- [ CA_default ]
- 
--dir		= ./demoCA		# Where everything is kept
-+dir		= /etc/pki/CA		# Where everything is kept
- certs		= $dir/certs		# Where the issued certs are kept
- crl_dir		= $dir/crl		# Where the issued crl are kept
- database	= $dir/index.txt	# database index file.
-@@ -329,7 +345,7 @@ default_tsa = tsa_config1	# the default
- [ tsa_config1 ]
- 
- # These are used by the TSA reply generation only.
--dir		= ./demoCA		# TSA root directory
-+dir		= /etc/pki/CA		# TSA root directory
- serial		= $dir/tsaserial	# The current serial number (mandatory)
- crypto_device	= builtin		# OpenSSL engine to use for signing
- signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate

openssl-1.1.1-disable-ssl3.patch

@@ -1,91 +0,0 @@
-diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c
---- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3	2018-07-16 18:08:20.000487628 +0200
-+++ openssl-1.1.1-pre8/apps/s_client.c	2018-07-16 18:16:40.070186323 +0200
-@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv)
-     if (sdebug)
-         ssl_ctx_security_debug(ctx, sdebug);
- 
-+    if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
-+        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+
-     if (!config_ctx(cctx, ssl_args, ctx))
-         goto end;
- 
-diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c
---- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3	2018-07-16 18:08:20.000487628 +0200
-+++ openssl-1.1.1-pre8/apps/s_server.c	2018-07-16 18:17:17.300055551 +0200
-@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[]
-     if (sdebug)
-         ssl_ctx_security_debug(ctx, sdebug);
- 
-+    if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
-+        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+
-     if (!config_ctx(cctx, ssl_args, ctx))
-         goto end;
- 
-diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c
---- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3	2018-06-20 16:48:13.000000000 +0200
-+++ openssl-1.1.1-pre8/ssl/ssl_lib.c	2018-07-16 18:08:20.001487652 +0200
-@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
-      */
-     ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
- 
-+    if (meth->version != SSL3_VERSION) {
-+        /*
-+         * Disable SSLv3 by default.  Applications can
-+         * re-enable it by configuring
-+         * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+         * or by using the SSL_CONF API.
-+         */
-+        ret->options |= SSL_OP_NO_SSLv3;
-+    }
-+
-     ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
- 
-     /*
-diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c
---- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3	2018-06-20 16:48:15.000000000 +0200
-+++ openssl-1.1.1-pre8/test/ssl_test.c	2018-07-16 18:18:34.806865121 +0200
-@@ -443,6 +443,7 @@ static int test_handshake(int idx)
-             SSL_TEST_SERVERNAME_CB_NONE) {
-             if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
-                 goto err;
-+            SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
-             if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
-                                                          TLS_MAX_VERSION)))
-                 goto err;
-@@ -464,6 +465,8 @@ static int test_handshake(int idx)
-             if (!TEST_ptr(resume_server_ctx)
-                     || !TEST_ptr(resume_client_ctx))
-                 goto err;
-+            SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
-+            SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
-         }
-     }
- 
-@@ -477,6 +480,9 @@ static int test_handshake(int idx)
-             || !TEST_int_gt(CONF_modules_load(conf, test_app, 0),  0))
-         goto err;
- 
-+    SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
-+    SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
-+
-     if (!SSL_CTX_config(server_ctx, "server")
-         || !SSL_CTX_config(client_ctx, "client")) {
-         goto err;
-diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c
---- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3	2018-06-20 16:48:15.000000000 +0200
-+++ openssl-1.1.1-pre8/test/ssltest_old.c	2018-07-16 18:08:20.002487676 +0200
-@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[])
-         ERR_print_errors(bio_err);
-         goto end;
-     }
-+
-+    SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
-+    SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
-+    SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
-+
-     /*
-      * Since we will use low security ciphersuites and keys for testing set
-      * security level to zero by default. Tests can override this by adding

openssl-1.1.1-ec-curves.patch

@@ -1,266 +0,0 @@
-diff -up openssl-1.1.1h/apps/speed.c.curves openssl-1.1.1h/apps/speed.c
---- openssl-1.1.1h/apps/speed.c.curves	2020-09-22 14:55:07.000000000 +0200
-+++ openssl-1.1.1h/apps/speed.c	2020-11-06 13:27:15.659288431 +0100
-@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
- #endif /* OPENSSL_NO_RSA */
- 
- enum {
--    R_EC_P160,
--    R_EC_P192,
-     R_EC_P224,
-     R_EC_P256,
-     R_EC_P384,
-     R_EC_P521,
--#ifndef OPENSSL_NO_EC2M
--    R_EC_K163,
--    R_EC_K233,
--    R_EC_K283,
--    R_EC_K409,
--    R_EC_K571,
--    R_EC_B163,
--    R_EC_B233,
--    R_EC_B283,
--    R_EC_B409,
--    R_EC_B571,
--#endif
--    R_EC_BRP256R1,
--    R_EC_BRP256T1,
--    R_EC_BRP384R1,
--    R_EC_BRP384T1,
--    R_EC_BRP512R1,
--    R_EC_BRP512T1,
-     R_EC_X25519,
-     R_EC_X448
- };
- 
- #ifndef OPENSSL_NO_EC
- static OPT_PAIR ecdsa_choices[] = {
--    {"ecdsap160", R_EC_P160},
--    {"ecdsap192", R_EC_P192},
-     {"ecdsap224", R_EC_P224},
-     {"ecdsap256", R_EC_P256},
-     {"ecdsap384", R_EC_P384},
-     {"ecdsap521", R_EC_P521},
--# ifndef OPENSSL_NO_EC2M
--    {"ecdsak163", R_EC_K163},
--    {"ecdsak233", R_EC_K233},
--    {"ecdsak283", R_EC_K283},
--    {"ecdsak409", R_EC_K409},
--    {"ecdsak571", R_EC_K571},
--    {"ecdsab163", R_EC_B163},
--    {"ecdsab233", R_EC_B233},
--    {"ecdsab283", R_EC_B283},
--    {"ecdsab409", R_EC_B409},
--    {"ecdsab571", R_EC_B571},
--# endif
--    {"ecdsabrp256r1", R_EC_BRP256R1},
--    {"ecdsabrp256t1", R_EC_BRP256T1},
--    {"ecdsabrp384r1", R_EC_BRP384R1},
--    {"ecdsabrp384t1", R_EC_BRP384T1},
--    {"ecdsabrp512r1", R_EC_BRP512R1},
--    {"ecdsabrp512t1", R_EC_BRP512T1}
- };
- # define ECDSA_NUM       OSSL_NELEM(ecdsa_choices)
- 
- static double ecdsa_results[ECDSA_NUM][2];    /* 2 ops: sign then verify */
- 
- static const OPT_PAIR ecdh_choices[] = {
--    {"ecdhp160", R_EC_P160},
--    {"ecdhp192", R_EC_P192},
-     {"ecdhp224", R_EC_P224},
-     {"ecdhp256", R_EC_P256},
-     {"ecdhp384", R_EC_P384},
-     {"ecdhp521", R_EC_P521},
--# ifndef OPENSSL_NO_EC2M
--    {"ecdhk163", R_EC_K163},
--    {"ecdhk233", R_EC_K233},
--    {"ecdhk283", R_EC_K283},
--    {"ecdhk409", R_EC_K409},
--    {"ecdhk571", R_EC_K571},
--    {"ecdhb163", R_EC_B163},
--    {"ecdhb233", R_EC_B233},
--    {"ecdhb283", R_EC_B283},
--    {"ecdhb409", R_EC_B409},
--    {"ecdhb571", R_EC_B571},
--# endif
--    {"ecdhbrp256r1", R_EC_BRP256R1},
--    {"ecdhbrp256t1", R_EC_BRP256T1},
--    {"ecdhbrp384r1", R_EC_BRP384R1},
--    {"ecdhbrp384t1", R_EC_BRP384T1},
--    {"ecdhbrp512r1", R_EC_BRP512R1},
--    {"ecdhbrp512t1", R_EC_BRP512T1},
-     {"ecdhx25519", R_EC_X25519},
-     {"ecdhx448", R_EC_X448}
- };
-@@ -1502,31 +1442,10 @@ int speed_main(int argc, char **argv)
-         unsigned int bits;
-     } test_curves[] = {
-         /* Prime Curves */
--        {"secp160r1", NID_secp160r1, 160},
--        {"nistp192", NID_X9_62_prime192v1, 192},
-         {"nistp224", NID_secp224r1, 224},
-         {"nistp256", NID_X9_62_prime256v1, 256},
-         {"nistp384", NID_secp384r1, 384},
-         {"nistp521", NID_secp521r1, 521},
--# ifndef OPENSSL_NO_EC2M
--        /* Binary Curves */
--        {"nistk163", NID_sect163k1, 163},
--        {"nistk233", NID_sect233k1, 233},
--        {"nistk283", NID_sect283k1, 283},
--        {"nistk409", NID_sect409k1, 409},
--        {"nistk571", NID_sect571k1, 571},
--        {"nistb163", NID_sect163r2, 163},
--        {"nistb233", NID_sect233r1, 233},
--        {"nistb283", NID_sect283r1, 283},
--        {"nistb409", NID_sect409r1, 409},
--        {"nistb571", NID_sect571r1, 571},
--# endif
--        {"brainpoolP256r1", NID_brainpoolP256r1, 256},
--        {"brainpoolP256t1", NID_brainpoolP256t1, 256},
--        {"brainpoolP384r1", NID_brainpoolP384r1, 384},
--        {"brainpoolP384t1", NID_brainpoolP384t1, 384},
--        {"brainpoolP512r1", NID_brainpoolP512r1, 512},
--        {"brainpoolP512t1", NID_brainpoolP512t1, 512},
-         /* Other and ECDH only ones */
-         {"X25519", NID_X25519, 253},
-         {"X448", NID_X448, 448}
-@@ -2026,9 +1945,9 @@ int speed_main(int argc, char **argv)
- #  endif
- 
- #  ifndef OPENSSL_NO_EC
--    ecdsa_c[R_EC_P160][0] = count / 1000;
--    ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
--    for (i = R_EC_P192; i <= R_EC_P521; i++) {
-+    ecdsa_c[R_EC_P224][0] = count / 1000;
-+    ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
-+    for (i = R_EC_P256; i <= R_EC_P521; i++) {
-         ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
-         ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
-         if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
-@@ -2040,7 +1959,7 @@ int speed_main(int argc, char **argv)
-             }
-         }
-     }
--#   ifndef OPENSSL_NO_EC2M
-+#   if 0
-     ecdsa_c[R_EC_K163][0] = count / 1000;
-     ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
-     for (i = R_EC_K233; i <= R_EC_K571; i++) {
-@@ -2071,8 +1990,8 @@ int speed_main(int argc, char **argv)
-     }
- #   endif
- 
--    ecdh_c[R_EC_P160][0] = count / 1000;
--    for (i = R_EC_P192; i <= R_EC_P521; i++) {
-+    ecdh_c[R_EC_P224][0] = count / 1000;
-+    for (i = R_EC_P256; i <= R_EC_P521; i++) {
-         ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-         if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
-             ecdh_doit[i] = 0;
-@@ -2082,7 +2001,7 @@ int speed_main(int argc, char **argv)
-             }
-         }
-     }
--#   ifndef OPENSSL_NO_EC2M
-+#   if 0
-     ecdh_c[R_EC_K163][0] = count / 1000;
-     for (i = R_EC_K233; i <= R_EC_K571; i++) {
-         ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-diff -up openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves openssl-1.1.1h/crypto/ec/ecp_smpl.c
---- openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves	2020-09-22 14:55:07.000000000 +0200
-+++ openssl-1.1.1h/crypto/ec/ecp_smpl.c	2020-11-06 13:27:15.659288431 +0100
-@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
-         return 0;
-     }
- 
-+    if (BN_num_bits(p) < 224) {
-+        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+        return 0;
-+    }
-+
-     if (ctx == NULL) {
-         ctx = new_ctx = BN_CTX_new();
-         if (ctx == NULL)
-diff -up openssl-1.1.1h/test/ecdsatest.h.curves openssl-1.1.1h/test/ecdsatest.h
---- openssl-1.1.1h/test/ecdsatest.h.curves	2020-11-06 13:27:15.627288114 +0100
-+++ openssl-1.1.1h/test/ecdsatest.h	2020-11-06 13:27:15.660288441 +0100
-@@ -32,23 +32,6 @@ typedef struct {
- } ecdsa_cavs_kat_t;
- 
- static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
--    /* prime KATs from X9.62 */
--    {NID_X9_62_prime192v1, NID_sha1,
--     "616263",                  /* "abc" */
--     "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
--     "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
--     "5ca5c0d69716dfcb3474373902",
--     "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
--     "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
--     "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
--    {NID_X9_62_prime239v1, NID_sha1,
--     "616263",                  /* "abc" */
--     "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
--     "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
--     "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
--     "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
--     "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
--     "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
-     /* prime KATs from NIST CAVP */
-     {NID_secp224r1, NID_sha224,
-      "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
---- openssl-1.1.1h/test/recipes/15-test_genec.t.ec-curves	2020-11-06 13:58:36.402895540 +0100
-+++ openssl-1.1.1h/test/recipes/15-test_genec.t	2020-11-06 13:59:38.508484498 +0100
-@@ -20,45 +20,11 @@ plan skip_all => "This test is unsupport
-     if disabled("ec");
- 
- my @prime_curves = qw(
--    secp112r1
--    secp112r2
--    secp128r1
--    secp128r2
--    secp160k1
--    secp160r1
--    secp160r2
--    secp192k1
--    secp224k1
-     secp224r1
-     secp256k1
-     secp384r1
-     secp521r1
--    prime192v1
--    prime192v2
--    prime192v3
--    prime239v1
--    prime239v2
--    prime239v3
-     prime256v1
--    wap-wsg-idm-ecid-wtls6
--    wap-wsg-idm-ecid-wtls7
--    wap-wsg-idm-ecid-wtls8
--    wap-wsg-idm-ecid-wtls9
--    wap-wsg-idm-ecid-wtls12
--    brainpoolP160r1
--    brainpoolP160t1
--    brainpoolP192r1
--    brainpoolP192t1
--    brainpoolP224r1
--    brainpoolP224t1
--    brainpoolP256r1
--    brainpoolP256t1
--    brainpoolP320r1
--    brainpoolP320t1
--    brainpoolP384r1
--    brainpoolP384t1
--    brainpoolP512r1
--    brainpoolP512t1
- );
- 
- my @binary_curves = qw(
-@@ -115,7 +81,6 @@ push(@other_curves, 'SM2')
-     if !disabled("sm2");
- 
- my @curve_aliases = qw(
--    P-192
-     P-224
-     P-256
-     P-384

openssl-1.1.1-edk2-build.patch

@@ -1,57 +0,0 @@
-diff -up openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build openssl-1.1.1g/crypto/evp/pkey_kdf.c
---- openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build	2020-05-18 12:55:53.299548432 +0200
-+++ openssl-1.1.1g/crypto/evp/pkey_kdf.c	2020-05-18 12:55:53.340548788 +0200
-@@ -12,6 +12,7 @@
- #include <openssl/evp.h>
- #include <openssl/err.h>
- #include <openssl/kdf.h>
-+#include "internal/numbers.h"
- #include "crypto/evp.h"
- 
- static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
-diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build openssl-1.1.1g/crypto/kdf/hkdf.c
---- openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build	2020-05-18 12:55:53.340548788 +0200
-+++ openssl-1.1.1g/crypto/kdf/hkdf.c	2020-05-18 12:57:18.648288904 +0200
-@@ -13,6 +13,7 @@
- #include <openssl/hmac.h>
- #include <openssl/kdf.h>
- #include <openssl/evp.h>
-+#include "internal/numbers.h"
- #include "internal/cryptlib.h"
- #include "crypto/evp.h"
- #include "kdf_local.h"
-diff -up openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build openssl-1.1.1g/crypto/rand/rand_unix.c
---- openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build	2020-05-18 12:56:05.646655554 +0200
-+++ openssl-1.1.1g/crypto/rand/rand_unix.c	2020-05-18 12:58:51.088090896 +0200
-@@ -20,7 +20,7 @@
- #include "crypto/fips.h"
- #include <stdio.h>
- #include "internal/dso.h"
--#ifdef __linux
-+#if defined(__linux) && !defined(OPENSSL_SYS_UEFI)
- # include <sys/syscall.h>
- # include <sys/random.h>
- # ifdef DEVRANDOM_WAIT
-diff -up openssl-1.1.1g/include/crypto/fips.h.edk2-build openssl-1.1.1g/include/crypto/fips.h
---- openssl-1.1.1g/include/crypto/fips.h.edk2-build	2020-05-18 12:55:53.296548406 +0200
-+++ openssl-1.1.1g/include/crypto/fips.h	2020-05-18 12:55:53.340548788 +0200
-@@ -50,10 +50,6 @@
- #include <openssl/opensslconf.h>
- #include <openssl/evp.h>
- 
--#ifndef OPENSSL_FIPS
--# error FIPS is disabled.
--#endif
--
- #ifdef OPENSSL_FIPS
- 
- int FIPS_module_mode_set(int onoff);
-@@ -97,4 +93,8 @@ void fips_set_selftest_fail(void);
- 
- void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
- 
-+#else
-+
-+# define fips_in_post() 0
-+
- #endif

openssl-1.1.1-fips-crng-test.patch

@@ -1,408 +0,0 @@
-diff -up openssl-1.1.1g/crypto/rand/build.info.crng-test openssl-1.1.1g/crypto/rand/build.info
---- openssl-1.1.1g/crypto/rand/build.info.crng-test	2020-04-23 13:30:45.863389837 +0200
-+++ openssl-1.1.1g/crypto/rand/build.info	2020-04-23 13:31:55.847069892 +0200
-@@ -1,6 +1,6 @@
- LIBS=../../libcrypto
- SOURCE[../../libcrypto]=\
--        randfile.c rand_lib.c rand_err.c rand_egd.c \
-+        randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
-         rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
- 
- INCLUDE[drbg_ctr.o]=../modes
-diff -up openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1g/crypto/rand/drbg_lib.c
---- openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test	2020-04-23 13:30:45.818390686 +0200
-+++ openssl-1.1.1g/crypto/rand/drbg_lib.c	2020-04-23 13:30:45.864389819 +0200
-@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
- 
- 
- /* NIST SP 800-90A DRBG recommends the use of a personalization string. */
--static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
-+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
- 
- static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
- 
-@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu
-     drbg->parent = parent;
- 
-     if (parent == NULL) {
-+#ifdef OPENSSL_FIPS
-+        drbg->get_entropy = rand_crngt_get_entropy;
-+        drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
-+#else
-         drbg->get_entropy = rand_drbg_get_entropy;
-         drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
-+#endif
- #ifndef RAND_DRBG_GET_RANDOM_NONCE
-         drbg->get_nonce = rand_drbg_get_nonce;
-         drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
-diff -up openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1g/crypto/rand/rand_crng_test.c
---- openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test	2020-04-23 13:30:45.864389819 +0200
-+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c	2020-04-23 13:30:45.864389819 +0200
-@@ -0,0 +1,118 @@
-+/*
-+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
-+ */
-+
-+#include <string.h>
-+#include <openssl/evp.h>
-+#include "crypto/rand.h"
-+#include "internal/thread_once.h"
-+#include "rand_local.h"
-+
-+static RAND_POOL *crngt_pool;
-+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
-+
-+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *)
-+    = &rand_crngt_get_entropy_cb;
-+
-+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
-+                              unsigned int *md_size)
-+{
-+    int r;
-+    size_t n;
-+    unsigned char *p;
-+
-+    n = rand_pool_acquire_entropy(crngt_pool);
-+    if (n >= CRNGT_BUFSIZ) {
-+        p = rand_pool_detach(crngt_pool);
-+        r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
-+        if (r != 0)
-+            memcpy(buf, p, CRNGT_BUFSIZ);
-+        rand_pool_reattach(crngt_pool, p);
-+        return r;
-+    }
-+    return 0;
-+}
-+
-+void rand_crngt_cleanup(void)
-+{
-+    rand_pool_free(crngt_pool);
-+    crngt_pool = NULL;
-+}
-+
-+int rand_crngt_init(void)
-+{
-+    unsigned char buf[CRNGT_BUFSIZ];
-+
-+    if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
-+        return 0;
-+    if (crngt_get_entropy(buf, crngt_prev, NULL)) {
-+        OPENSSL_cleanse(buf, sizeof(buf));
-+        return 1;
-+    }
-+    rand_crngt_cleanup();
-+    return 0;
-+}
-+
-+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT;
-+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init)
-+{
-+    return OPENSSL_init_crypto(0, NULL)
-+        && rand_crngt_init()
-+        && OPENSSL_atexit(&rand_crngt_cleanup);
-+}
-+
-+int rand_crngt_single_init(void)
-+{
-+    return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init);
-+}
-+
-+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
-+                              unsigned char **pout,
-+                              int entropy, size_t min_len, size_t max_len,
-+                              int prediction_resistance)
-+{
-+    unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
-+    unsigned int sz;
-+    RAND_POOL *pool;
-+    size_t q, r = 0, s, t = 0;
-+    int attempts = 3;
-+
-+    if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
-+        return 0;
-+
-+    if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
-+        return 0;
-+
-+    while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
-+        s = q > sizeof(buf) ? sizeof(buf) : q;
-+        if (!crngt_get_entropy(buf, md, &sz)
-+            || memcmp(crngt_prev, md, sz) == 0
-+            || !rand_pool_add(pool, buf, s, s * 8))
-+            goto err;
-+        memcpy(crngt_prev, md, sz);
-+        t += s;
-+        attempts++;
-+    }
-+    r = t;
-+    *pout = rand_pool_detach(pool);
-+err:
-+    OPENSSL_cleanse(buf, sizeof(buf));
-+    rand_pool_free(pool);
-+    return r;
-+}
-+
-+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
-+                                unsigned char *out, size_t outlen)
-+{
-+    OPENSSL_secure_clear_free(out, outlen);
-+}
-diff -up openssl-1.1.1g/crypto/rand/rand_local.h.crng-test openssl-1.1.1g/crypto/rand/rand_local.h
---- openssl-1.1.1g/crypto/rand/rand_local.h.crng-test	2020-04-23 13:30:45.470397250 +0200
-+++ openssl-1.1.1g/crypto/rand/rand_local.h	2020-04-23 13:30:45.864389819 +0200
-@@ -33,7 +33,15 @@
- # define MASTER_RESEED_TIME_INTERVAL             (60*60)   /* 1 hour */
- # define SLAVE_RESEED_TIME_INTERVAL              (7*60)    /* 7 minutes */
- 
--
-+/*
-+ * The number of bytes that constitutes an atomic lump of entropy with respect
-+ * to the FIPS 140-2 section 4.9.2 Conditional Tests.  The size is somewhat
-+ * arbitrary, the smaller the value, the less entropy is consumed on first
-+ * read but the higher the probability of the test failing by accident.
-+ *
-+ * The value is in bytes.
-+ */
-+#define CRNGT_BUFSIZ    16
- 
- /*
-  * Maximum input size for the DRBG (entropy, nonce, personalization string)
-@@ -44,6 +52,8 @@
-  */
- # define DRBG_MAX_LENGTH                         INT32_MAX
- 
-+/* The default nonce */
-+# define DRBG_DEFAULT_PERS_STRING                "OpenSSL NIST SP 800-90A DRBG"
- 
- /*
-  * Maximum allocation size for RANDOM_POOL buffers
-@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
- /* initializes the AES-CTR DRBG implementation */
- int drbg_ctr_init(RAND_DRBG *drbg);
- 
-+/*
-+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
-+ * These need to be exposed for the unit tests.
-+ */
-+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
-+                              unsigned int *md_size);
-+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md,
-+                                unsigned int *md_size);
-+int rand_crngt_init(void);
-+void rand_crngt_cleanup(void);
-+
-+/*
-+ * Expose the run once initialisation function for the unit tests because.
-+ * they need to restart from scratch to validate the first block is skipped
-+ * properly.
-+ */
-+int rand_crngt_single_init(void);
-+
- #endif
-diff -up openssl-1.1.1g/include/crypto/rand.h.crng-test openssl-1.1.1g/include/crypto/rand.h
---- openssl-1.1.1g/include/crypto/rand.h.crng-test	2020-04-23 13:30:45.824390573 +0200
-+++ openssl-1.1.1g/include/crypto/rand.h	2020-04-23 13:30:45.864389819 +0200
-@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
- 
- void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
- 
-+/* CRNG test entropy filter callbacks. */
-+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
-+                              unsigned char **pout,
-+                              int entropy, size_t min_len, size_t max_len,
-+                              int prediction_resistance);
-+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
-+                                unsigned char *out, size_t outlen);
-+
- /*
-  * RAND_POOL functions
-  */
-diff -up openssl-1.1.1g/test/drbgtest.c.crng-test openssl-1.1.1g/test/drbgtest.c
---- openssl-1.1.1g/test/drbgtest.c.crng-test	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/test/drbgtest.c	2020-04-23 13:30:45.865389800 +0200
-@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
-     return t->noncelen;
- }
- 
-+ /*
-+ * Disable CRNG testing if it is enabled.
-+ * If the DRBG is ready or in an error state, this means an instantiate cycle
-+ * for which the default personalisation string is used.
-+ */
-+static int disable_crngt(RAND_DRBG *drbg)
-+{
-+    static const char pers[] = DRBG_DEFAULT_PERS_STRING;
-+    const int instantiate = drbg->state != DRBG_UNINITIALISED;
-+
-+    if (drbg->get_entropy != rand_crngt_get_entropy)
-+        return 1;
-+
-+     if ((instantiate && !RAND_DRBG_uninstantiate(drbg))
-+        || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy,
-+                                              &rand_drbg_cleanup_entropy,
-+                                              &rand_drbg_get_nonce,
-+                                              &rand_drbg_cleanup_nonce))
-+        || (instantiate
-+            && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers,
-+                                      sizeof(pers) - 1)))
-+        return 0;
-+    return 1;
-+}
-+
- static int uninstantiate(RAND_DRBG *drbg)
- {
-     int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
-@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA
-     if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
-         return 0;
-     if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
--                                           kat_nonce, NULL))) {
-+                                           kat_nonce, NULL))
-+        || !TEST_true(disable_crngt(drbg))) {
-         failures++;
-         goto err;
-     }
-@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT
-     unsigned int reseed_counter_tmp;
-     int ret = 0;
- 
--    if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
-+    if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))
-+	|| !TEST_true(disable_crngt(drbg)))
-         goto err;
- 
-     /*
-@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void)
-         || !TEST_ptr_eq(private->parent, master))
-         return 0;
- 
-+    /* Disable CRNG testing for the master DRBG */
-+    if (!TEST_true(disable_crngt(master)))
-+        return 0;
-+
-     /* uninstantiate the three global DRBGs */
-     RAND_DRBG_uninstantiate(private);
-     RAND_DRBG_uninstantiate(public);
-@@ -964,7 +995,8 @@ static int test_rand_seed(void)
-     size_t rand_buflen;
-     size_t required_seed_buflen = 0;
- 
--    if (!TEST_ptr(master = RAND_DRBG_get0_master()))
-+    if (!TEST_ptr(master = RAND_DRBG_get0_master())
-+        || !TEST_true(disable_crngt(master)))
-         return 0;
- 
- #ifdef OPENSSL_RAND_SEED_NONE
-@@ -1013,6 +1045,95 @@ static int test_rand_add(void)
-     return 1;
- }
- 
-+/*
-+ * A list of the FIPS DRGB types.
-+ */
-+static const struct s_drgb_types {
-+    int nid;
-+    int flags;
-+} drgb_types[] = {
-+    { NID_aes_128_ctr,  0                   },
-+    { NID_aes_192_ctr,  0                   },
-+    { NID_aes_256_ctr,  0                   },
-+};
-+
-+/* Six cases for each covers seed sizes up to 32 bytes */
-+static const size_t crngt_num_cases = 6;
-+
-+static size_t crngt_case, crngt_idx;
-+
-+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
-+                            unsigned int *md_size)
-+{
-+    size_t i, z;
-+
-+    if (!TEST_int_lt(crngt_idx, crngt_num_cases))
-+        return 0;
-+    /* Generate a block of unique data unless this is the duplication point */
-+    z = crngt_idx++;
-+    if (z > 0 && crngt_case == z)
-+        z--;
-+    for (i = 0; i < CRNGT_BUFSIZ; i++)
-+        buf[i] = (unsigned char)(i + 'A' + z);
-+    return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
-+}
-+
-+static int test_crngt(int n)
-+{
-+    const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned char buff[100];
-+    size_t ent;
-+    int res = 0;
-+    int expect;
-+
-+    if (!TEST_true(rand_crngt_single_init()))
-+        return 0;
-+    rand_crngt_cleanup();
-+
-+    if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
-+        return 0;
-+    ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
-+    crngt_case = n % crngt_num_cases;
-+    crngt_idx = 0;
-+    crngt_get_entropy = &crngt_entropy_cb;
-+    if (!TEST_true(rand_crngt_init()))
-+        goto err;
-+#ifndef OPENSSL_FIPS
-+    if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
-+                                           &rand_crngt_cleanup_entropy,
-+                                           &rand_drbg_get_nonce,
-+                                           &rand_drbg_cleanup_nonce)))
-+        goto err;
-+#endif
-+    expect = crngt_case == 0 || crngt_case > ent;
-+    if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
-+        goto err;
-+    if (!expect)
-+        goto fin;
-+    if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
-+        goto err;
-+
-+    expect = crngt_case == 0 || crngt_case > 2 * ent;
-+    if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
-+        goto err;
-+    if (!expect)
-+        goto fin;
-+    if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
-+        goto err;
-+
-+fin:
-+    res = 1;
-+err:
-+    if (!res)
-+        TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
-+                  crngt_case, crngt_idx);
-+    uninstantiate(drbg);
-+    RAND_DRBG_free(drbg);
-+    crngt_get_entropy = &rand_crngt_get_entropy_cb;
-+    return res;
-+}
-+
- int setup_tests(void)
- {
-     app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
-@@ -1025,5 +1146,6 @@ int setup_tests(void)
- #if defined(OPENSSL_THREADS)
-     ADD_TEST(test_multi_thread);
- #endif
-+    ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types));
-     return 1;
- }

openssl-1.1.1-fips-curves.patch

@@ -1,200 +0,0 @@
-diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1g/crypto/ec/ec_curve.c
---- openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves	2020-05-18 12:59:54.839643980 +0200
-+++ openssl-1.1.1g/crypto/ec/ec_curve.c	2020-05-18 12:59:54.852644093 +0200
-@@ -13,6 +13,7 @@
- #include <openssl/err.h>
- #include <openssl/obj_mac.h>
- #include <openssl/opensslconf.h>
-+#include <openssl/crypto.h>
- #include "internal/nelem.h"
- 
- typedef struct {
-@@ -237,6 +238,7 @@ static const struct {
- 
- typedef struct _ec_list_element_st {
-     int nid;
-+    int fips_allowed;
-     const EC_CURVE_DATA *data;
-     const EC_METHOD *(*meth) (void);
-     const char *comment;
-@@ -246,23 +248,23 @@ static const ec_list_element curve_list[
-     /* prime field curves */
-     /* secg curves */
- #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
--    {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
-+    {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
-      "NIST/SECG curve over a 224 bit prime field"},
- #else
--    {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
-+    {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, 0,
-      "NIST/SECG curve over a 224 bit prime field"},
- #endif
--    {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
-+    {NID_secp256k1, 0, &_EC_SECG_PRIME_256K1.h, 0,
-      "SECG curve over a 256 bit prime field"},
-     /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
--    {NID_secp384r1, &_EC_NIST_PRIME_384.h,
-+    {NID_secp384r1, 1, &_EC_NIST_PRIME_384.h,
- # if defined(S390X_EC_ASM)
-      EC_GFp_s390x_nistp384_method,
- # else
-      0,
- # endif
-      "NIST/SECG curve over a 384 bit prime field"},
--    {NID_secp521r1, &_EC_NIST_PRIME_521.h,
-+    {NID_secp521r1, 1, &_EC_NIST_PRIME_521.h,
- # if defined(S390X_EC_ASM)
-      EC_GFp_s390x_nistp521_method,
- # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
-@@ -272,7 +274,7 @@ static const ec_list_element curve_list[
- # endif
-      "NIST/SECG curve over a 521 bit prime field"},
-     /* X9.62 curves */
--    {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
-+    {NID_X9_62_prime256v1, 1, &_EC_X9_62_PRIME_256V1.h,
- #if defined(ECP_NISTZ256_ASM)
-      EC_GFp_nistz256_method,
- # elif defined(S390X_EC_ASM)
-@@ -404,6 +406,10 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
- 
-     for (i = 0; i < curve_list_length; i++)
-         if (curve_list[i].nid == nid) {
-+            if (!curve_list[i].fips_allowed && FIPS_mode()) {
-+                ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_NOT_A_NIST_PRIME);
-+                return NULL;
-+            }
-             ret = ec_group_new_from_data(curve_list[i]);
-             break;
-         }
-@@ -418,19 +424,31 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
- 
- size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
- {
--    size_t i, min;
-+    size_t i, j, num;
-+    int fips_mode = FIPS_mode();
- 
--    if (r == NULL || nitems == 0)
--        return curve_list_length;
-+    num = curve_list_length;
-+    if (fips_mode)
-+        for (i = 0; i < curve_list_length; i++) {
-+            if (!curve_list[i].fips_allowed)
-+                --num;
-+        }
- 
--    min = nitems < curve_list_length ? nitems : curve_list_length;
-+    if (r == NULL || nitems == 0) {
-+        return num;
-+    }
- 
--    for (i = 0; i < min; i++) {
--        r[i].nid = curve_list[i].nid;
--        r[i].comment = curve_list[i].comment;
-+    for (i = 0, j = 0; i < curve_list_length; i++) {
-+        if (j >= nitems)
-+            break;
-+        if (!fips_mode || curve_list[i].fips_allowed) {
-+            r[j].nid = curve_list[i].nid;
-+            r[j].comment = curve_list[i].comment;
-+            ++j;
-+        }
-     }
- 
--    return curve_list_length;
-+    return num;
- }
- 
- /* Functions to translate between common NIST curve names and NIDs */
-diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-curves openssl-1.1.1g/ssl/t1_lib.c
---- openssl-1.1.1g/ssl/t1_lib.c.fips-curves	2020-05-18 12:59:54.797643616 +0200
-+++ openssl-1.1.1g/ssl/t1_lib.c	2020-05-18 13:03:54.748725463 +0200
-@@ -678,6 +678,36 @@ static const uint16_t tls12_sigalgs[] =
- #endif
- };
- 
-+static const uint16_t tls12_fips_sigalgs[] = {
-+#ifndef OPENSSL_NO_EC
-+    TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
-+    TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
-+    TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
-+#endif
-+
-+    TLSEXT_SIGALG_rsa_pss_pss_sha256,
-+    TLSEXT_SIGALG_rsa_pss_pss_sha384,
-+    TLSEXT_SIGALG_rsa_pss_pss_sha512,
-+    TLSEXT_SIGALG_rsa_pss_rsae_sha256,
-+    TLSEXT_SIGALG_rsa_pss_rsae_sha384,
-+    TLSEXT_SIGALG_rsa_pss_rsae_sha512,
-+
-+    TLSEXT_SIGALG_rsa_pkcs1_sha256,
-+    TLSEXT_SIGALG_rsa_pkcs1_sha384,
-+    TLSEXT_SIGALG_rsa_pkcs1_sha512,
-+
-+#ifndef OPENSSL_NO_EC
-+    TLSEXT_SIGALG_ecdsa_sha224,
-+#endif
-+    TLSEXT_SIGALG_rsa_pkcs1_sha224,
-+#ifndef OPENSSL_NO_DSA
-+    TLSEXT_SIGALG_dsa_sha224,
-+    TLSEXT_SIGALG_dsa_sha256,
-+    TLSEXT_SIGALG_dsa_sha384,
-+    TLSEXT_SIGALG_dsa_sha512,
-+#endif
-+};
-+
- #ifndef OPENSSL_NO_EC
- static const uint16_t suiteb_sigalgs[] = {
-     TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
-@@ -894,6 +924,8 @@ static const SIGALG_LOOKUP *tls1_get_leg
-     }
-     if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
-         return NULL;
-+    if (FIPS_mode()) /* We do not allow legacy SHA1 signatures in FIPS mode */
-+        return NULL;
-     if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
-         const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
- 
-@@ -954,6 +986,9 @@ size_t tls12_get_psigalgs(SSL *s, int se
-     } else if (s->cert->conf_sigalgs) {
-         *psigs = s->cert->conf_sigalgs;
-         return s->cert->conf_sigalgslen;
-+    } else if (FIPS_mode()) {
-+        *psigs = tls12_fips_sigalgs;
-+        return OSSL_NELEM(tls12_fips_sigalgs);
-     } else {
-         *psigs = tls12_sigalgs;
-         return OSSL_NELEM(tls12_sigalgs);
-@@ -973,6 +1008,9 @@ int tls_check_sigalg_curve(const SSL *s,
-     if (s->cert->conf_sigalgs) {
-         sigs = s->cert->conf_sigalgs;
-         siglen = s->cert->conf_sigalgslen;
-+    } else if (FIPS_mode()) {
-+        sigs = tls12_fips_sigalgs;
-+        siglen = OSSL_NELEM(tls12_fips_sigalgs);
-     } else {
-         sigs = tls12_sigalgs;
-         siglen = OSSL_NELEM(tls12_sigalgs);
-@@ -1617,6 +1655,8 @@ static int tls12_sigalg_allowed(const SS
-     if (lu->sig == NID_id_GostR3410_2012_256
-             || lu->sig == NID_id_GostR3410_2012_512
-             || lu->sig == NID_id_GostR3410_2001) {
-+        if (FIPS_mode())
-+            return 0;
-         /* We never allow GOST sig algs on the server with TLSv1.3 */
-         if (s->server && SSL_IS_TLS13(s))
-             return 0;
-@@ -2842,6 +2882,13 @@ int tls_choose_sigalg(SSL *s, int fatale
-                 const uint16_t *sent_sigs;
-                 size_t sent_sigslen;
- 
-+                if (fatalerrs && FIPS_mode()) {
-+                    /* There are no suitable legacy algorithms in FIPS mode */
-+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
-+                             SSL_F_TLS_CHOOSE_SIGALG,
-+                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
-+                    return 0;
-+                }
-                 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
-                     if (!fatalerrs)
-                         return 1;

openssl-1.1.1-fips-drbg-selftest.patch

@@ -1,587 +0,0 @@
-diff -up openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1g/crypto/fips/fips_post.c
---- openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest	2020-04-23 13:33:12.500624151 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_post.c	2020-04-23 13:33:12.618621925 +0200
-@@ -67,12 +67,18 @@
- 
- # include <openssl/fips.h>
- # include "crypto/fips.h"
-+# include "crypto/rand.h"
- # include "fips_locl.h"
- 
- /* Run all selftests */
- int FIPS_selftest(void)
- {
-     int rv = 1;
-+    if (!rand_drbg_selftest()) {
-+        FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE);
-+        ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
-+        rv = 0;
-+    }
-     if (!FIPS_selftest_drbg())
-         rv = 0;
-     if (!FIPS_selftest_sha1())
-diff -up openssl-1.1.1g/crypto/rand/build.info.drbg-selftest openssl-1.1.1g/crypto/rand/build.info
---- openssl-1.1.1g/crypto/rand/build.info.drbg-selftest	2020-04-23 13:33:12.619621907 +0200
-+++ openssl-1.1.1g/crypto/rand/build.info	2020-04-23 13:34:10.857523497 +0200
-@@ -1,6 +1,6 @@
- LIBS=../../libcrypto
- SOURCE[../../libcrypto]=\
-         randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
--        rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
-+        rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
- 
- INCLUDE[drbg_ctr.o]=../modes
-diff -up openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1g/crypto/rand/drbg_selftest.c
---- openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest	2020-04-23 13:33:12.619621907 +0200
-+++ openssl-1.1.1g/crypto/rand/drbg_selftest.c	2020-04-23 13:33:12.619621907 +0200
-@@ -0,0 +1,537 @@
-+/*
-+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <string.h>
-+#include <stddef.h>
-+#include "internal/nelem.h"
-+#include <openssl/crypto.h>
-+#include <openssl/err.h>
-+#include <openssl/rand_drbg.h>
-+#include <openssl/obj_mac.h>
-+#include "internal/thread_once.h"
-+#include "crypto/rand.h"
-+
-+typedef struct test_ctx_st {
-+    const unsigned char *entropy;
-+    size_t entropylen;
-+    int entropycnt;
-+    const unsigned char *nonce;
-+    size_t noncelen;
-+    int noncecnt;
-+} TEST_CTX;
-+
-+static int app_data_index = -1;
-+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
-+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
-+{
-+    app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
-+
-+    return 1;
-+}
-+
-+enum drbg_kat_type {
-+    NO_RESEED,
-+    PR_FALSE,
-+    PR_TRUE
-+};
-+
-+enum drbg_df {
-+    USE_DF,
-+    NO_DF,
-+    NA
-+};
-+
-+struct drbg_kat_no_reseed {
-+    size_t count;
-+    const unsigned char *entropyin;
-+    const unsigned char *nonce;
-+    const unsigned char *persstr;
-+    const unsigned char *addin1;
-+    const unsigned char *addin2;
-+    const unsigned char *retbytes;
-+};
-+
-+struct drbg_kat_pr_false {
-+    size_t count;
-+    const unsigned char *entropyin;
-+    const unsigned char *nonce;
-+    const unsigned char *persstr;
-+    const unsigned char *entropyinreseed;
-+    const unsigned char *addinreseed;
-+    const unsigned char *addin1;
-+    const unsigned char *addin2;
-+    const unsigned char *retbytes;
-+};
-+
-+struct drbg_kat_pr_true {
-+    size_t count;
-+    const unsigned char *entropyin;
-+    const unsigned char *nonce;
-+    const unsigned char *persstr;
-+    const unsigned char *entropyinpr1;
-+    const unsigned char *addin1;
-+    const unsigned char *entropyinpr2;
-+    const unsigned char *addin2;
-+    const unsigned char *retbytes;
-+};
-+
-+struct drbg_kat {
-+    enum drbg_kat_type type;
-+    enum drbg_df df;
-+    int nid;
-+
-+    size_t entropyinlen;
-+    size_t noncelen;
-+    size_t persstrlen;
-+    size_t addinlen;
-+    size_t retbyteslen;
-+
-+    const void *t;
-+};
-+
-+/*
-+ * Excerpt from test/drbg_cavs_data.c
-+ * DRBG test vectors from:
-+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
-+ */
-+
-+static const unsigned char kat1308_entropyin[] = {
-+    0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
-+    0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
-+    0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
-+    0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
-+};
-+static const unsigned char kat1308_nonce[] = {0};
-+static const unsigned char kat1308_persstr[] = {
-+    0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
-+    0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
-+    0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
-+    0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
-+};
-+static const unsigned char kat1308_addin0[] = {
-+    0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
-+    0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
-+    0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
-+    0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
-+};
-+static const unsigned char kat1308_addin1[] = {
-+    0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
-+    0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
-+    0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
-+    0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
-+};
-+static const unsigned char kat1308_retbits[] = {
-+    0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
-+    0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
-+    0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
-+    0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
-+    0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
-+    0x26, 0x32, 0xd0, 0xb8,
-+};
-+static const struct drbg_kat_no_reseed kat1308_t = {
-+    2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
-+    kat1308_addin0, kat1308_addin1, kat1308_retbits
-+};
-+static const struct drbg_kat kat1308 = {
-+    NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
-+};
-+
-+static const unsigned char kat1465_entropyin[] = {
-+    0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
-+    0x87, 0xbe, 0xaa, 0xc0,
-+};
-+static const unsigned char kat1465_nonce[] = {
-+    0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
-+};
-+static const unsigned char kat1465_persstr[] = {0};
-+static const unsigned char kat1465_entropyinreseed[] = {
-+    0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
-+    0x1f, 0x4b, 0x7b, 0x51,
-+};
-+static const unsigned char kat1465_addinreseed[] = {
-+    0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
-+    0x61, 0x9f, 0x26, 0x5f,
-+};
-+static const unsigned char kat1465_addin0[] = {
-+    0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
-+    0x10, 0x5a, 0x73, 0x9c,
-+};
-+static const unsigned char kat1465_addin1[] = {
-+    0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
-+    0x47, 0x99, 0x1f, 0xeb,
-+};
-+static const unsigned char kat1465_retbits[] = {
-+    0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
-+    0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
-+    0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
-+    0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
-+    0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
-+    0x58, 0xdb, 0x27, 0xba,
-+};
-+static const struct drbg_kat_pr_false kat1465_t = {
-+    9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
-+    kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
-+    kat1465_addin1, kat1465_retbits
-+};
-+static const struct drbg_kat kat1465 = {
-+    PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
-+};
-+
-+static const unsigned char kat3146_entropyin[] = {
-+    0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
-+    0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
-+};
-+static const unsigned char kat3146_nonce[] = {
-+    0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
-+    0x50, 0x86, 0xca, 0xca,
-+};
-+static const unsigned char kat3146_persstr[] = {0};
-+static const unsigned char kat3146_entropyinpr1[] = {
-+    0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
-+    0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
-+};
-+static const unsigned char kat3146_addinpr1[] = {
-+    0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
-+    0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
-+    0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
-+};
-+static const unsigned char kat3146_entropyinpr2[] = {
-+    0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
-+    0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
-+};
-+static const unsigned char kat3146_addinpr2[] = {
-+    0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
-+    0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
-+    0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
-+};
-+static const unsigned char kat3146_retbits[] = {
-+    0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
-+    0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
-+    0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
-+    0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
-+    0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
-+    0xd4, 0x30, 0x73, 0xbb,
-+};
-+static const struct drbg_kat_pr_true kat3146_t = {
-+    10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
-+    kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
-+    kat3146_addinpr2, kat3146_retbits
-+};
-+static const struct drbg_kat kat3146 = {
-+    PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
-+};
-+
-+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
-+
-+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
-+
-+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
-+                          int entropy, size_t min_len, size_t max_len,
-+                          int prediction_resistance)
-+{
-+    TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
-+
-+    t->entropycnt++;
-+    *pout = (unsigned char *)t->entropy;
-+    return t->entropylen;
-+}
-+
-+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
-+                        int entropy, size_t min_len, size_t max_len)
-+{
-+    TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
-+
-+    t->noncecnt++;
-+    *pout = (unsigned char *)t->nonce;
-+    return t->noncelen;
-+}
-+
-+/*
-+ * Do a single NO_RESEED KAT:
-+ *
-+ * Instantiate
-+ * Generate Random Bits (pr=false)
-+ * Generate Random Bits (pr=false)
-+ * Uninstantiate
-+ *
-+ * Return 0 on failure.
-+ */
-+static int single_kat_no_reseed(const struct drbg_kat *td)
-+{
-+    struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned char *buff = NULL;
-+    unsigned int flags = 0;
-+    int failures = 0;
-+    TEST_CTX t;
-+
-+    if (td->df != USE_DF)
-+        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
-+
-+    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
-+        return 0;
-+
-+    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
-+                                 kat_nonce, NULL)) {
-+        failures++;
-+        goto err;
-+    }
-+    memset(&t, 0, sizeof(t));
-+    t.entropy = data->entropyin;
-+    t.entropylen = td->entropyinlen;
-+    t.nonce = data->nonce;
-+    t.noncelen = td->noncelen;
-+    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
-+
-+    buff = OPENSSL_malloc(td->retbyteslen);
-+    if (buff == NULL) {
-+        failures++;
-+        goto err;
-+    }
-+
-+    if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
-+        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
-+                               data->addin1, td->addinlen)
-+        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
-+                               data->addin2, td->addinlen)
-+        || memcmp(data->retbytes, buff,
-+                  td->retbyteslen) != 0)
-+        failures++;
-+
-+err:
-+    OPENSSL_free(buff);
-+    RAND_DRBG_uninstantiate(drbg);
-+    RAND_DRBG_free(drbg);
-+    return failures == 0;
-+}
-+
-+/*-
-+ * Do a single PR_FALSE KAT:
-+ *
-+ * Instantiate
-+ * Reseed
-+ * Generate Random Bits (pr=false)
-+ * Generate Random Bits (pr=false)
-+ * Uninstantiate
-+ *
-+ * Return 0 on failure.
-+ */
-+static int single_kat_pr_false(const struct drbg_kat *td)
-+{
-+    struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned char *buff = NULL;
-+    unsigned int flags = 0;
-+    int failures = 0;
-+    TEST_CTX t;
-+
-+    if (td->df != USE_DF)
-+        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
-+
-+    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
-+        return 0;
-+
-+    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
-+                                 kat_nonce, NULL)) {
-+        failures++;
-+        goto err;
-+    }
-+    memset(&t, 0, sizeof(t));
-+    t.entropy = data->entropyin;
-+    t.entropylen = td->entropyinlen;
-+    t.nonce = data->nonce;
-+    t.noncelen = td->noncelen;
-+    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
-+
-+    buff = OPENSSL_malloc(td->retbyteslen);
-+    if (buff == NULL) {
-+        failures++;
-+        goto err;
-+    }
-+
-+    if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
-+        failures++;
-+
-+    t.entropy = data->entropyinreseed;
-+    t.entropylen = td->entropyinlen;
-+
-+    if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
-+        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
-+                               data->addin1, td->addinlen)
-+        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
-+                               data->addin2, td->addinlen)
-+        || memcmp(data->retbytes, buff,
-+                  td->retbyteslen) != 0)
-+        failures++;
-+
-+err:
-+    OPENSSL_free(buff);
-+    RAND_DRBG_uninstantiate(drbg);
-+    RAND_DRBG_free(drbg);
-+    return failures == 0;
-+}
-+
-+/*-
-+ * Do a single PR_TRUE KAT:
-+ *
-+ * Instantiate
-+ * Generate Random Bits (pr=true)
-+ * Generate Random Bits (pr=true)
-+ * Uninstantiate
-+ *
-+ * Return 0 on failure.
-+ */
-+static int single_kat_pr_true(const struct drbg_kat *td)
-+{
-+    struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned char *buff = NULL;
-+    unsigned int flags = 0;
-+    int failures = 0;
-+    TEST_CTX t;
-+
-+    if (td->df != USE_DF)
-+        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
-+
-+    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
-+        return 0;
-+
-+    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
-+                                 kat_nonce, NULL)) {
-+        failures++;
-+        goto err;
-+    }
-+    memset(&t, 0, sizeof(t));
-+    t.nonce = data->nonce;
-+    t.noncelen = td->noncelen;
-+    t.entropy = data->entropyin;
-+    t.entropylen = td->entropyinlen;
-+    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
-+
-+    buff = OPENSSL_malloc(td->retbyteslen);
-+    if (buff == NULL) {
-+        failures++;
-+        goto err;
-+    }
-+
-+    if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
-+        failures++;
-+
-+    t.entropy = data->entropyinpr1;
-+    t.entropylen = td->entropyinlen;
-+
-+    if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
-+                            data->addin1, td->addinlen))
-+        failures++;
-+
-+    t.entropy = data->entropyinpr2;
-+    t.entropylen = td->entropyinlen;
-+
-+    if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
-+                            data->addin2, td->addinlen)
-+        || memcmp(data->retbytes, buff,
-+                  td->retbyteslen) != 0)
-+        failures++;
-+
-+err:
-+    OPENSSL_free(buff);
-+    RAND_DRBG_uninstantiate(drbg);
-+    RAND_DRBG_free(drbg);
-+    return failures == 0;
-+}
-+
-+static int test_kats(int i)
-+{
-+    const struct drbg_kat *td = drbg_test[i];
-+    int rv = 0;
-+
-+    switch (td->type) {
-+    case NO_RESEED:
-+        if (!single_kat_no_reseed(td))
-+            goto err;
-+        break;
-+    case PR_FALSE:
-+        if (!single_kat_pr_false(td))
-+            goto err;
-+        break;
-+    case PR_TRUE:
-+        if (!single_kat_pr_true(td))
-+            goto err;
-+        break;
-+    default:	/* cant happen */
-+        goto err;
-+    }
-+    rv = 1;
-+err:
-+    return rv;
-+}
-+
-+/*-
-+ * Do one expected-error test:
-+ *
-+ * Instantiate with no entropy supplied
-+ *
-+ * Return 0 on failure.
-+ */
-+static int test_drbg_sanity(const struct drbg_kat *td)
-+{
-+    struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned int flags = 0;
-+    int failures = 0;
-+    TEST_CTX t;
-+
-+    if (td->df != USE_DF)
-+        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
-+
-+    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
-+        return 0;
-+
-+    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
-+                                 kat_nonce, NULL)) {
-+        failures++;
-+        goto err;
-+    }
-+    memset(&t, 0, sizeof(t));
-+    t.entropy = data->entropyin;
-+    t.entropylen = 0;     /* No entropy */
-+    t.nonce = data->nonce;
-+    t.noncelen = td->noncelen;
-+    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
-+
-+    ERR_set_mark();
-+    /* This must fail. */
-+    if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
-+        failures++;
-+    RAND_DRBG_uninstantiate(drbg);
-+    ERR_pop_to_mark();
-+
-+err:
-+    RAND_DRBG_free(drbg);
-+    return failures == 0;
-+}
-+
-+
-+int rand_drbg_selftest(void)
-+{
-+    int i;
-+
-+    if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
-+        return 0;
-+
-+    for (i = 0; i < drbg_test_nelem; i++) {
-+        if (test_kats(i) <= 0)
-+            return 0;
-+    }
-+
-+    if (test_drbg_sanity(&kat1465) <= 0)
-+        return 0;
-+
-+    return 1;
-+}
-diff -up openssl-1.1.1g/include/crypto/rand.h.drbg-selftest openssl-1.1.1g/include/crypto/rand.h
---- openssl-1.1.1g/include/crypto/rand.h.drbg-selftest	2020-04-23 13:33:12.587622510 +0200
-+++ openssl-1.1.1g/include/crypto/rand.h	2020-04-23 13:33:12.619621907 +0200
-@@ -140,4 +140,9 @@ void rand_pool_cleanup(void);
-  */
- void rand_pool_keep_random_devices_open(int keep);
- 
-+/*
-+ * Perform the DRBG KAT selftests
-+ */
-+int rand_drbg_selftest(void);
-+
- #endif

openssl-1.1.1-fips-post-rand.patch

@@ -1,189 +0,0 @@
-diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
---- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand	2020-03-17 18:06:16.822418854 +0100
-+++ openssl-1.1.1e/crypto/fips/fips.c	2020-03-17 18:06:16.861418172 +0100
-@@ -68,6 +68,7 @@
- 
- # include <openssl/fips.h>
- # include "internal/thread_once.h"
-+# include "crypto/rand.h"
- 
- # ifndef PATH_MAX
- #  define PATH_MAX 1024
-@@ -76,6 +77,7 @@
- static int fips_selftest_fail = 0;
- static int fips_mode = 0;
- static int fips_started = 0;
-+static int fips_post = 0;
- 
- static int fips_is_owning_thread(void);
- static int fips_set_owning_thread(void);
-@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
-     fips_selftest_fail = 1;
- }
- 
-+int fips_in_post(void)
-+{
-+    return fips_post;
-+}
-+
- /* we implement what libfipscheck does ourselves */
- 
- static int
-@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
-         }
- # endif
- 
-+        fips_post = 1;
-+
-         if (!FIPS_selftest()) {
-             fips_selftest_fail = 1;
-             ret = 0;
-@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
-             goto end;
-         }
- 
-+        fips_post = 0;
-+
-         fips_set_mode(onoff);
-+        /* force RNG reseed with entropy from getrandom() on next call */
-+        rand_force_reseed();
-+
-         ret = 1;
-         goto end;
-     }
-diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
---- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/rand/drbg_lib.c	2020-03-17 18:07:35.305045521 +0100
-@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
-     return min_entropy > min_entropylen ? min_entropy : min_entropylen;
- }
- 
-+void rand_force_reseed(void)
-+{
-+    RAND_DRBG *drbg;
-+
-+    drbg = RAND_DRBG_get0_master();
-+    drbg->fork_id = 0;
-+
-+    drbg = RAND_DRBG_get0_private();
-+    drbg->fork_id = 0;
-+
-+    drbg = RAND_DRBG_get0_public();
-+    drbg->fork_id = 0;
-+}
-+
- /* Implements the default OpenSSL RAND_add() method */
- static int drbg_add(const void *buf, int num, double randomness)
- {
-diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
---- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/rand/rand_unix.c	2020-03-17 18:09:01.503537189 +0100
-@@ -17,10 +17,12 @@
- #include <openssl/crypto.h>
- #include "rand_local.h"
- #include "crypto/rand.h"
-+#include "crypto/fips.h"
- #include <stdio.h>
- #include "internal/dso.h"
- #ifdef __linux
- # include <sys/syscall.h>
-+# include <sys/random.h>
- # ifdef DEVRANDOM_WAIT
- #  include <sys/shm.h>
- #  include <sys/utsname.h>
-@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
-  * syscall_random(): Try to get random data using a system call
-  * returns the number of bytes returned in buf, or < 0 on error.
-  */
--static ssize_t syscall_random(void *buf, size_t buflen)
-+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
- {
-     /*
-      * Note: 'buflen' equals the size of the buffer which is used by the
-@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
-      * - Linux since 3.17 with glibc 2.25
-      * - FreeBSD since 12.0 (1200061)
-      */
-+#  if 0
- #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
-     extern int getentropy(void *buffer, size_t length) __attribute__((weak));
- 
-@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
-     if (p_getentropy.p != NULL)
-         return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
- #  endif
--
-+#  endif
-     /* Linux supports this since version 3.17 */
--#  if defined(__linux) && defined(__NR_getrandom)
--    return syscall(__NR_getrandom, buf, buflen, 0);
-+#  if defined(__linux) && defined(SYS_getrandom)
-+    return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
- #  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
-     return sysctl_random(buf, buflen);
- #  else
-@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
-     size_t entropy_available;
- 
- #   if defined(OPENSSL_RAND_SEED_GETRANDOM)
-+    int in_post;
-+
-+    for (in_post = fips_in_post(); in_post >= 0; --in_post) {
-     {
-         size_t bytes_needed;
-         unsigned char *buffer;
-@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
-         bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
-         while (bytes_needed != 0 && attempts-- > 0) {
-             buffer = rand_pool_add_begin(pool, bytes_needed);
--            bytes = syscall_random(buffer, bytes_needed);
-+            bytes = syscall_random(buffer, bytes_needed, in_post);
-             if (bytes > 0) {
-                 rand_pool_add_end(pool, bytes, 8 * bytes);
-                 bytes_needed -= bytes;
-@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
-             int attempts = 3;
-             const int fd = get_random_device(i);
- 
--            if (fd == -1)
-+            if (fd == -1) {
-+                OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
-                 continue;
-+            }
- 
-             while (bytes_needed != 0 && attempts-- > 0) {
-                 buffer = rand_pool_add_begin(pool, bytes_needed);
-@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
-             return entropy_available;
-     }
- #   endif
--
-+#   ifdef OPENSSL_RAND_SEED_GETRANDOM
-+    }
-+#   endif
-     return rand_pool_entropy_available(pool);
- #  endif
- }
-diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
---- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand	2020-03-17 18:06:16.831418696 +0100
-+++ openssl-1.1.1e/include/crypto/fips.h	2020-03-17 18:06:16.861418172 +0100
-@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
- int FIPS_selftest_drbg(void);
- int FIPS_selftest_cmac(void);
- 
-+int fips_in_post(void);
-+
- int fips_pkey_signature_test(EVP_PKEY *pkey,
-                                  const unsigned char *tbs, int tbslen,
-                                  const unsigned char *kat,
-diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
---- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/include/crypto/rand.h	2020-03-17 18:07:35.303045555 +0100
-@@ -24,6 +24,7 @@
- typedef struct rand_pool_st RAND_POOL;
- 
- void rand_cleanup_int(void);
-+void rand_force_reseed(void);
- void rand_drbg_cleanup_int(void);
- void drbg_delete_thread_state(void);
- 

openssl-1.1.1-intel-cet.patch

@@ -1,500 +0,0 @@
-diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl
---- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl	2020-03-19 17:07:02.626522694 +0100
-@@ -275,6 +275,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_encrypt:
- .cfi_startproc
-+	endbranch
- 	movups	($inp),$inout0		# load input
- 	mov	240($key),$rounds	# key->rounds
- ___
-@@ -293,6 +294,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_decrypt:
- .cfi_startproc
-+	endbranch
- 	movups	($inp),$inout0		# load input
- 	mov	240($key),$rounds	# key->rounds
- ___
-@@ -613,6 +615,7 @@ $code.=<<___;
- .align	16
- aesni_ecb_encrypt:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0x58(%rsp),%rsp
-@@ -985,6 +988,7 @@ $code.=<<___;
- .align	16
- aesni_ccm64_encrypt_blocks:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0x58(%rsp),%rsp
-@@ -1077,6 +1081,7 @@ $code.=<<___;
- .align	16
- aesni_ccm64_decrypt_blocks:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0x58(%rsp),%rsp
-@@ -1203,6 +1208,7 @@ $code.=<<___;
- .align	16
- aesni_ctr32_encrypt_blocks:
- .cfi_startproc
-+	endbranch
- 	cmp	\$1,$len
- 	jne	.Lctr32_bulk
- 
-@@ -1775,6 +1781,7 @@ $code.=<<___;
- .align	16
- aesni_xts_encrypt:
- .cfi_startproc
-+	endbranch
- 	lea	(%rsp),%r11			# frame pointer
- .cfi_def_cfa_register	%r11
- 	push	%rbp
-@@ -2258,6 +2265,7 @@ $code.=<<___;
- .align	16
- aesni_xts_decrypt:
- .cfi_startproc
-+	endbranch
- 	lea	(%rsp),%r11			# frame pointer
- .cfi_def_cfa_register	%r11
- 	push	%rbp
-@@ -2783,6 +2791,7 @@ $code.=<<___;
- .align	32
- aesni_ocb_encrypt:
- .cfi_startproc
-+	endbranch
- 	lea	(%rsp),%rax
- 	push	%rbx
- .cfi_push	%rbx
-@@ -3249,6 +3258,7 @@ __ocb_encrypt1:
- .align	32
- aesni_ocb_decrypt:
- .cfi_startproc
-+	endbranch
- 	lea	(%rsp),%rax
- 	push	%rbx
- .cfi_push	%rbx
-@@ -3737,6 +3747,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_cbc_encrypt:
- .cfi_startproc
-+	endbranch
- 	test	$len,$len		# check length
- 	jz	.Lcbc_ret
- 
-diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl
---- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl	2020-03-19 17:00:15.974621757 +0100
-@@ -696,6 +696,7 @@ _vpaes_schedule_mangle:
- .align	16
- ${PREFIX}_set_encrypt_key:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -746,6 +747,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_set_decrypt_key:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -801,6 +803,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_encrypt:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -846,6 +849,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_decrypt:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -897,6 +901,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_cbc_encrypt:
- .cfi_startproc
-+	endbranch
- 	xchg	$key,$len
- ___
- ($len,$key)=($key,$len);
-diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c
---- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/async/arch/async_posix.c	2020-03-19 17:00:15.974621757 +0100
-@@ -34,7 +34,9 @@ void async_local_cleanup(void)
- 
- int async_fibre_makecontext(async_fibre *fibre)
- {
-+#ifndef USE_SWAPCONTEXT
-     fibre->env_init = 0;
-+#endif
-     if (getcontext(&fibre->fibre) == 0) {
-         fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
-         if (fibre->fibre.uc_stack.ss_sp != NULL) {
-diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h
---- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet	2020-03-19 17:00:15.435631166 +0100
-+++ openssl-1.1.1e/crypto/async/arch/async_posix.h	2020-03-19 17:00:15.975621739 +0100
-@@ -25,17 +25,33 @@
- #  define ASYNC_POSIX
- #  define ASYNC_ARCH
- 
-+#  ifdef __CET__
-+/*
-+ * When Intel CET is enabled, makecontext will create a different
-+ * shadow stack for each context.  async_fibre_swapcontext cannot
-+ * use _longjmp.  It must call swapcontext to swap shadow stack as
-+ * well as normal stack.
-+ */
-+#   define USE_SWAPCONTEXT
-+#  endif
- #  include <ucontext.h>
--#  include <setjmp.h>
-+#  ifndef USE_SWAPCONTEXT
-+#   include <setjmp.h>
-+#  endif
- 
- typedef struct async_fibre_st {
-     ucontext_t fibre;
-+#  ifndef USE_SWAPCONTEXT
-     jmp_buf env;
-     int env_init;
-+#  endif
- } async_fibre;
- 
- static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
- {
-+#  ifdef USE_SWAPCONTEXT
-+    swapcontext(&o->fibre, &n->fibre);
-+#  else
-     o->env_init = 1;
- 
-     if (!r || !_setjmp(o->env)) {
-@@ -44,6 +60,7 @@ static ossl_inline int async_fibre_swapc
-         else
-             setcontext(&n->fibre);
-     }
-+#  endif
- 
-     return 1;
- }
-diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl
---- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl	2020-03-19 17:00:15.975621739 +0100
-@@ -685,6 +685,7 @@ $code.=<<___;
- .align	16
- Camellia_cbc_encrypt:
- .cfi_startproc
-+	endbranch
- 	cmp	\$0,%rdx
- 	je	.Lcbc_abort
- 	push	%rbx
-diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl
---- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl	2020-03-19 17:00:15.975621739 +0100
-@@ -239,6 +239,7 @@ $code=<<___;
- .align	16
- gcm_gmult_4bit:
- .cfi_startproc
-+	endbranch
- 	push	%rbx
- .cfi_push	%rbx
- 	push	%rbp		# %rbp and others are pushed exclusively in
-@@ -286,6 +287,7 @@ $code.=<<___;
- .align	16
- gcm_ghash_4bit:
- .cfi_startproc
-+	endbranch
- 	push	%rbx
- .cfi_push	%rbx
- 	push	%rbp
-@@ -612,6 +614,7 @@ $code.=<<___;
- .align	16
- gcm_gmult_clmul:
- .cfi_startproc
-+	endbranch
- .L_gmult_clmul:
- 	movdqu		($Xip),$Xi
- 	movdqa		.Lbswap_mask(%rip),$T3
-@@ -663,6 +666,7 @@ $code.=<<___;
- .align	32
- gcm_ghash_clmul:
- .cfi_startproc
-+	endbranch
- .L_ghash_clmul:
- ___
- $code.=<<___ if ($win64);
-@@ -1166,6 +1170,7 @@ $code.=<<___;
- .align	32
- gcm_gmult_avx:
- .cfi_startproc
-+	endbranch
- 	jmp	.L_gmult_clmul
- .cfi_endproc
- .size	gcm_gmult_avx,.-gcm_gmult_avx
-@@ -1177,6 +1182,7 @@ $code.=<<___;
- .align	32
- gcm_ghash_avx:
- .cfi_startproc
-+	endbranch
- ___
- if ($avx) {
- my ($Xip,$Htbl,$inp,$len)=@_4args;
-diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl
---- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/perlasm/cbc.pl	2020-03-19 17:00:15.976621722 +0100
-@@ -165,21 +165,28 @@ sub cbc
- 	&jmp_ptr($count);
- 
- &set_label("ej7");
-+	&endbranch()
- 	&movb(&HB("edx"),	&BP(6,$in,"",0));
- 	&shl("edx",8);
- &set_label("ej6");
-+	&endbranch()
- 	&movb(&HB("edx"),	&BP(5,$in,"",0));
- &set_label("ej5");
-+	&endbranch()
- 	&movb(&LB("edx"),	&BP(4,$in,"",0));
- &set_label("ej4");
-+	&endbranch()
- 	&mov("ecx",		&DWP(0,$in,"",0));
- 	&jmp(&label("ejend"));
- &set_label("ej3");
-+	&endbranch()
- 	&movb(&HB("ecx"),	&BP(2,$in,"",0));
- 	&shl("ecx",8);
- &set_label("ej2");
-+	&endbranch()
- 	&movb(&HB("ecx"),	&BP(1,$in,"",0));
- &set_label("ej1");
-+	&endbranch()
- 	&movb(&LB("ecx"),	&BP(0,$in,"",0));
- &set_label("ejend");
- 
-diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl
---- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl	2020-03-19 17:00:15.984621582 +0100
-@@ -101,6 +101,33 @@ elsif (!$gas)
-     $decor="\$L\$";
- }
- 
-+my $cet_property;
-+if ($flavour =~ /elf/) {
-+	# Always generate .note.gnu.property section for ELF outputs to
-+	# mark Intel CET support since all input files must be marked
-+	# with Intel CET support in order for linker to mark output with
-+	# Intel CET support.
-+	my $p2align=3; $p2align=2 if ($flavour eq "elf32");
-+	$cet_property = <<_____;
-+	.section ".note.gnu.property", "a"
-+	.p2align $p2align
-+	.long 1f - 0f
-+	.long 4f - 1f
-+	.long 5
-+0:
-+	.asciz "GNU"
-+1:
-+	.p2align $p2align
-+	.long 0xc0000002
-+	.long 3f - 2f
-+2:
-+	.long 3
-+3:
-+	.p2align $p2align
-+4:
-+_____
-+}
-+
- my $current_segment;
- my $current_function;
- my %globals;
-@@ -1213,6 +1240,7 @@ while(defined(my $line=<>)) {
-     print $line,"\n";
- }
- 
-+print "$cet_property"			if ($cet_property);
- print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
- print "END\n"				if ($masm);
- 
-diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl
---- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/perlasm/x86gas.pl	2020-03-19 17:00:15.985621565 +0100
-@@ -124,6 +124,7 @@ sub ::function_begin_B
-     push(@out,".align\t$align\n");
-     push(@out,"$func:\n");
-     push(@out,"$begin:\n")		if ($global);
-+    &::endbranch();
-     $::stack=4;
- }
- 
-@@ -172,6 +173,26 @@ sub ::file_end
- 	else		{ push (@out,"$tmp\n"); }
-     }
-     push(@out,$initseg) if ($initseg);
-+    if ($::elf) {
-+	push(@out,"
-+	.section \".note.gnu.property\", \"a\"
-+	.p2align 2
-+	.long 1f - 0f
-+	.long 4f - 1f
-+	.long 5
-+0:
-+	.asciz \"GNU\"
-+1:
-+	.p2align 2
-+	.long 0xc0000002
-+	.long 3f - 2f
-+2:
-+	.long 3
-+3:
-+	.p2align 2
-+4:
-+");
-+    }
- }
- 
- sub ::data_byte	{   push(@out,".byte\t".join(',',@_)."\n");   }
-diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl
---- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet	2020-03-19 17:00:38.185234015 +0100
-+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl	2020-03-19 17:05:46.575850341 +0100
-@@ -2806,6 +2806,7 @@ $code.=<<___;
- .align	32
- poly1305_blocks_vpmadd52:
- .cfi_startproc
-+	endbranch
- 	shr	\$4,$len
- 	jz	.Lno_data_vpmadd52		# too short
- 
-@@ -3739,6 +3740,7 @@ $code.=<<___;
- .align	32
- poly1305_emit_base2_44:
- .cfi_startproc
-+	endbranch
- 	mov	0($ctx),%r8	# load hash value
- 	mov	8($ctx),%r9
- 	mov	16($ctx),%r10
-diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl
---- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet	2020-03-19 17:00:38.190233928 +0100
-+++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl	2020-03-19 17:05:02.598618064 +0100
-@@ -140,6 +140,7 @@ $code=<<___;
- .align	16
- RC4:
- .cfi_startproc
-+	endbranch
- 	or	$len,$len
- 	jne	.Lentry
- 	ret
-@@ -455,6 +456,7 @@ $code.=<<___;
- .align	16
- RC4_set_key:
- .cfi_startproc
-+	endbranch
- 	lea	8($dat),$dat
- 	lea	($inp,$len),$inp
- 	neg	$len
-@@ -529,6 +531,7 @@ RC4_set_key:
- .align	16
- RC4_options:
- .cfi_startproc
-+	endbranch
- 	lea	.Lopts(%rip),%rax
- 	mov	OPENSSL_ia32cap_P(%rip),%edx
- 	bt	\$20,%edx
-diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl
---- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/x86_64cpuid.pl	2020-03-19 17:03:58.172742775 +0100
-@@ -40,6 +40,7 @@ print<<___;
- .align	16
- OPENSSL_atomic_add:
- .cfi_startproc
-+	endbranch
- 	movl	($arg1),%eax
- .Lspin:	leaq	($arg2,%rax),%r8
- 	.byte	0xf0		# lock
-@@ -56,6 +57,7 @@ OPENSSL_atomic_add:
- .align	16
- OPENSSL_rdtsc:
- .cfi_startproc
-+	endbranch
- 	rdtsc
- 	shl	\$32,%rdx
- 	or	%rdx,%rax
-@@ -68,6 +70,7 @@ OPENSSL_rdtsc:
- .align	16
- OPENSSL_ia32_cpuid:
- .cfi_startproc
-+	endbranch
- 	mov	%rbx,%r8		# save %rbx
- .cfi_register	%rbx,%r8
- 
-@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid:
- .align  16
- OPENSSL_cleanse:
- .cfi_startproc
-+	endbranch
- 	xor	%rax,%rax
- 	cmp	\$15,$arg2
- 	jae	.Lot
-@@ -274,6 +278,7 @@ OPENSSL_cleanse:
- .align  16
- CRYPTO_memcmp:
- .cfi_startproc
-+	endbranch
- 	xor	%rax,%rax
- 	xor	%r10,%r10
- 	cmp	\$0,$arg3
-@@ -312,6 +317,7 @@ print<<___ if (!$win64);
- .align	16
- OPENSSL_wipe_cpu:
- .cfi_startproc
-+	endbranch
- 	pxor	%xmm0,%xmm0
- 	pxor	%xmm1,%xmm1
- 	pxor	%xmm2,%xmm2
-@@ -346,6 +352,8 @@ print<<___ if ($win64);
- .type	OPENSSL_wipe_cpu,\@abi-omnipotent
- .align	16
- OPENSSL_wipe_cpu:
-+.cfi_startproc
-+	endbranch
- 	pxor	%xmm0,%xmm0
- 	pxor	%xmm1,%xmm1
- 	pxor	%xmm2,%xmm2
-@@ -376,6 +384,7 @@ print<<___;
- .align	16
- OPENSSL_instrument_bus:
- .cfi_startproc
-+	endbranch
- 	mov	$arg1,$out	# tribute to Win64
- 	mov	$arg2,$cnt
- 	mov	$arg2,$max
-@@ -410,6 +419,7 @@ OPENSSL_instrument_bus:
- .align	16
- OPENSSL_instrument_bus2:
- .cfi_startproc
-+	endbranch
- 	mov	$arg1,$out	# tribute to Win64
- 	mov	$arg2,$cnt
- 	mov	$arg3,$max
-@@ -465,6 +475,7 @@ print<<___;
- .align	16
- OPENSSL_ia32_${rdop}_bytes:
- .cfi_startproc
-+	endbranch
- 	xor	%rax, %rax	# return value
- 	cmp	\$0,$arg2
- 	je	.Ldone_${rdop}_bytes

openssl-1.1.1-kdf-selftest.patch

@@ -1,170 +0,0 @@
-diff -up openssl-1.1.1g/crypto/fips/build.info.kdf-selftest openssl-1.1.1g/crypto/fips/build.info
---- openssl-1.1.1g/crypto/fips/build.info.kdf-selftest	2020-06-03 16:08:36.274849058 +0200
-+++ openssl-1.1.1g/crypto/fips/build.info	2020-06-03 16:11:05.609079372 +0200
-@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
-         fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
-         fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
-         fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
--        fips_dh_selftest.c fips_ers.c
-+        fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
- 
- PROGRAMS_NO_INST=\
-           fips_standalone_hmac
-diff -up openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c
---- openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest	2020-06-03 16:08:36.337849577 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c	2020-06-03 16:08:36.337849577 +0200
-@@ -0,0 +1,117 @@
-+/*
-+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2018-2019, Oracle and/or its affiliates.  All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+#include "crypto/fips.h"
-+
-+#include <openssl/evp.h>
-+#include <openssl/kdf.h>
-+
-+#ifdef OPENSSL_FIPS
-+int FIPS_selftest_pbkdf2(void)
-+{
-+    int ret = 0;
-+    EVP_KDF_CTX *kctx;
-+    unsigned char out[32];
-+
-+    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
-+        goto err;
-+    }
-+
-+    {
-+        const unsigned char expected[sizeof(out)] = {
-+            0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
-+            0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
-+            0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
-+            0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
-+        };
-+        if (memcmp(out, expected, sizeof(expected))) {
-+            goto err;
-+        }
-+    }
-+    ret = 1;
-+
-+err:
-+    if (!ret)
-+        FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
-+    EVP_KDF_CTX_free(kctx);
-+    return ret;
-+}
-+
-+/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
-+ * 5) appendix A. */
-+int FIPS_selftest_kbkdf(void)
-+{
-+    int ret = 0;
-+    EVP_KDF_CTX *kctx;
-+    char *label = "prf", *prf_input = "test";
-+    static unsigned char input_key[] = {
-+        0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
-+        0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
-+    };
-+    static unsigned char output[] = {
-+        0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
-+        0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
-+        0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
-+        0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
-+    };
-+    unsigned char result[sizeof(output)] = { 0 };
-+
-+    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) {
-+        goto err;
-+    }
-+    ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0
-+        && memcmp(result, output, sizeof(output)) == 0;
-+err:
-+
-+    if (!ret)
-+        FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED);
-+    EVP_KDF_CTX_free(kctx);
-+    return ret;
-+}
-+
-+int FIPS_selftest_kdf(void)
-+{
-+    return FIPS_selftest_pbkdf2() && FIPS_selftest_kbkdf();
-+}
-+
-+#endif
-diff -up openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_post.c
---- openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest	2020-06-03 16:08:36.332849536 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_post.c	2020-06-03 16:08:36.338849585 +0200
-@@ -111,6 +111,8 @@ int FIPS_selftest(void)
-         rv = 0;
-     if (!FIPS_selftest_ecdh())
-         rv = 0;
-+    if (!FIPS_selftest_kdf())
-+        rv = 0;
-     return rv;
- }
- 
-diff -up openssl-1.1.1g/include/crypto/fips.h.kdf-selftest openssl-1.1.1g/include/crypto/fips.h
---- openssl-1.1.1g/include/crypto/fips.h.kdf-selftest	2020-06-03 16:08:36.330849519 +0200
-+++ openssl-1.1.1g/include/crypto/fips.h	2020-06-03 16:08:36.338849585 +0200
-@@ -72,6 +72,9 @@ void FIPS_drbg_stick(int onoff);
- int FIPS_selftest_hmac(void);
- int FIPS_selftest_drbg(void);
- int FIPS_selftest_cmac(void);
-+int FIPS_selftest_kbkdf(void);
-+int FIPS_selftest_pbkdf2(void);
-+int FIPS_selftest_kdf(void);
- 
- int fips_in_post(void);
- 
-diff -up openssl-1.1.1g/include/openssl/fips.h.kdf-selftest openssl-1.1.1g/include/openssl/fips.h
---- openssl-1.1.1g/include/openssl/fips.h.kdf-selftest	2020-06-03 16:08:36.282849124 +0200
-+++ openssl-1.1.1g/include/openssl/fips.h	2020-06-03 16:08:36.338849585 +0200
-@@ -123,6 +123,8 @@ extern "C" {
- # define FIPS_F_FIPS_SELFTEST_DSA                         112
- # define FIPS_F_FIPS_SELFTEST_ECDSA                       133
- # define FIPS_F_FIPS_SELFTEST_HMAC                        113
-+# define FIPS_F_FIPS_SELFTEST_KBKDF                       151
-+# define FIPS_F_FIPS_SELFTEST_PBKDF2                      152
- # define FIPS_F_FIPS_SELFTEST_SHA1                        115
- # define FIPS_F_FIPS_SELFTEST_SHA2                        105
- # define FIPS_F_OSSL_ECDSA_SIGN_SIG                       143

openssl-1.1.1-man-rename.patch

@@ -1,19 +0,0 @@
-diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod
---- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename	2018-08-21 14:14:13.000000000 +0200
-+++ openssl-1.1.1-pre9/doc/man1/openssl.pod	2018-08-22 12:13:04.092568064 +0200
-@@ -482,13 +482,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>
- L<ec(1)>, L<ecparam(1)>,
- L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
- L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
--L<passwd(1)>,
- L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
- L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
--L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
-+L<rehash(1)>, L<req(1)>, L<rsa(1)>,
- L<rsautl(1)>, L<s_client(1)>,
- L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
- L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
-+L<sslpasswd(1)>, L<sslrand(1)>,
- L<ts(1)>,
- L<verify(1)>, L<version(1)>, L<x509(1)>,
- L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>

openssl-1.1.1-no-brainpool.patch

@@ -1,112 +0,0 @@
-diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in
---- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool	2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in	2019-09-13 15:11:07.358687169 +0200
-@@ -147,22 +147,22 @@ our @tests = (
-     {
-         name => "ECDSA with brainpool",
-         server =>  {
--            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
--            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
--            "Groups" => "brainpoolP256r1",
-+            "Certificate" => test_pem("server-ecdsa-cert.pem"),
-+            "PrivateKey" => test_pem("server-ecdsa-key.pem"),
-+#            "Groups" => "brainpoolP256r1",
-         },
-         client => {
-             #We don't restrict this to TLSv1.2, although use of brainpool
-             #should force this anyway so that this should succeed
-             "CipherString" => "aECDSA",
-             "RequestCAFile" => test_pem("root-cert.pem"),
--            "Groups" => "brainpoolP256r1",
-+#            "Groups" => "brainpoolP256r1",
-         },
-         test   => {
--            "ExpectedServerCertType" =>, "brainpoolP256r1",
--            "ExpectedServerSignType" =>, "EC",
-+#            "ExpectedServerCertType" =>, "brainpoolP256r1",
-+#            "ExpectedServerSignType" =>, "EC",
-             # Note: certificate_authorities not sent for TLS < 1.3
--            "ExpectedServerCANames" =>, "empty",
-+#            "ExpectedServerCANames" =>, "empty",
-             "ExpectedResult" => "Success"
-         },
-     },
-@@ -853,18 +853,18 @@ my @tests_tls_1_3 = (
-     {
-         name => "TLS 1.3 ECDSA with brainpool",
-         server =>  {
--            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
--            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
--            "Groups" => "brainpoolP256r1",
-+            "Certificate" => test_pem("server-ecdsa-cert.pem"),
-+            "PrivateKey" => test_pem("server-ecdsa-key.pem"),
-+#            "Groups" => "brainpoolP256r1",
-         },
-         client => {
-             "RequestCAFile" => test_pem("root-cert.pem"),
--            "Groups" => "brainpoolP256r1",
-+#            "Groups" => "brainpoolP256r1",
-             "MinProtocol" => "TLSv1.3",
-             "MaxProtocol" => "TLSv1.3"
-         },
-         test   => {
--            "ExpectedResult" => "ServerFail"
-+            "ExpectedResult" => "Success"
-         },
-     },
- );
-diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf
---- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool	2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf	2019-09-13 15:12:27.380288469 +0200
-@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server
- client = 5-ECDSA with brainpool-client
- 
- [5-ECDSA with brainpool-server]
--Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
-+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
- CipherString = DEFAULT
--Groups = brainpoolP256r1
--PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
- 
- [5-ECDSA with brainpool-client]
- CipherString = aECDSA
--Groups = brainpoolP256r1
- RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
- 
- [test-5]
- ExpectedResult = Success
--ExpectedServerCANames = empty
--ExpectedServerCertType = brainpoolP256r1
--ExpectedServerSignType = EC
- 
- 
- # ===========================================================
-@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool
- client = 52-TLS 1.3 ECDSA with brainpool-client
- 
- [52-TLS 1.3 ECDSA with brainpool-server]
--Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
-+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
- CipherString = DEFAULT
--Groups = brainpoolP256r1
--PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
- 
- [52-TLS 1.3 ECDSA with brainpool-client]
- CipherString = DEFAULT
--Groups = brainpoolP256r1
- MaxProtocol = TLSv1.3
- MinProtocol = TLSv1.3
- RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
- VerifyMode = Peer
- 
- [test-52]
--ExpectedResult = ServerFail
-+ExpectedResult = Success
- 
- 
- # ===========================================================

openssl-1.1.1-no-html.patch

@@ -1,12 +0,0 @@
-diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1f/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html	2020-04-07 16:45:21.904083989 +0200
-+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl	2020-04-07 16:45:56.218461895 +0200
-@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
- 
- uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
- 
--install_docs: install_man_docs install_html_docs
-+install_docs: install_man_docs
- 
- uninstall_docs: uninstall_man_docs uninstall_html_docs
- 	$(RM) -r "$(DESTDIR)$(DOCDIR)"

openssl-1.1.1-no-weak-verify.patch

@@ -1,26 +0,0 @@
-diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
---- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify	2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/asn1/a_verify.c	2019-02-28 11:25:31.531862873 +0100
-@@ -7,6 +7,9 @@
-  * https://www.openssl.org/source/license.html
-  */
- 
-+/* for secure_getenv */
-+#define _GNU_SOURCE
-+
- #include <stdio.h>
- #include <time.h>
- #include <sys/types.h>
-@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
-         if (ret != 2)
-             goto err;
-         ret = -1;
-+    } else if ((mdnid == NID_md5
-+               && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
-+               mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
-+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
-+                ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-+        goto err;
-     } else {
-         const EVP_MD *type = EVP_get_digestbynid(mdnid);
- 

openssl-1.1.1-rewire-fips-drbg.patch

@@ -1,170 +0,0 @@
-diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c
---- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg	2020-06-22 13:32:47.611852927 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c	2020-06-22 13:32:47.675852917 +0200
-@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
- int FIPS_drbg_reseed(DRBG_CTX *dctx,
-                      const unsigned char *adin, size_t adinlen)
- {
-+    int len = (int)adinlen;
-+
-+    if (len < 0 || (size_t)len != adinlen) {
-+        FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
-+        return 0;
-+    }
-+    RAND_seed(adin, len);
-+    return 1;
-+}
-+
-+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
-+                     const unsigned char *adin, size_t adinlen)
-+{
-     return drbg_reseed(dctx, adin, adinlen, 1);
- }
- 
-@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
-                        int prediction_resistance,
-                        const unsigned char *adin, size_t adinlen)
- {
-+    int len = (int)outlen;
-+
-+    if (len < 0 || (size_t)len != outlen) {
-+        FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
-+        return 0;
-+    }
-+    return RAND_bytes(out, len);
-+}
-+
-+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
-+                       int prediction_resistance,
-+                       const unsigned char *adin, size_t adinlen)
-+{
-     int r = 0;
- 
-     if (FIPS_selftest_failed()) {
-diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c
---- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg	2020-06-22 13:32:47.611852927 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c	2020-06-22 13:32:47.675852917 +0200
-@@ -57,6 +57,8 @@
- #include <openssl/err.h>
- #include <openssl/rand.h>
- #include <openssl/fips.h>
-+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
-+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
- #include <openssl/fips_rand.h>
- #include "fips_rand_lcl.h"
- 
-diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
---- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg	2020-06-22 13:32:47.612852927 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c	2020-06-22 13:32:47.675852917 +0200
-@@ -55,6 +55,8 @@
- #include <openssl/crypto.h>
- #include <openssl/err.h>
- #include <openssl/fips.h>
-+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
-+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
- #include <openssl/fips_rand.h>
- #include "fips_rand_lcl.h"
- #include "fips_locl.h"
-diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c
---- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg	2020-06-22 13:32:47.672852918 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_post.c	2020-06-22 13:32:47.675852917 +0200
-@@ -79,8 +79,6 @@ int FIPS_selftest(void)
-         ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
-         rv = 0;
-     }
--    if (!FIPS_selftest_drbg())
--        rv = 0;
-     if (!FIPS_selftest_sha1())
-         rv = 0;
-     if (!FIPS_selftest_sha2())
-diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c
---- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg	2020-06-22 13:32:47.613852927 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c	2020-06-22 13:36:28.722817967 +0200
-@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
- 
- int FIPS_rand_seed(const void *buf, int num)
- {
-+#if 0
-     if (!fips_approved_rand_meth && FIPS_module_mode()) {
-         FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
-         return 0;
-@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
-     if (fips_rand_meth && fips_rand_meth->seed)
-         fips_rand_meth->seed(buf, num);
-     return 1;
-+#else
-+    RAND_seed(buf, num);
-+    return 1;
-+#endif
- }
- 
- int FIPS_rand_bytes(unsigned char *buf, int num)
- {
-+#if 0
-     if (!fips_approved_rand_meth && FIPS_module_mode()) {
-         FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
-         return 0;
-@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
-     if (fips_rand_meth && fips_rand_meth->bytes)
-         return fips_rand_meth->bytes(buf, num);
-     return 0;
-+#else
-+    return RAND_bytes(buf, num);
-+#endif
- }
- 
- int FIPS_rand_status(void)
- {
-+#if 0
-     if (!fips_approved_rand_meth && FIPS_module_mode()) {
-         FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
-         return 0;
-@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
-     if (fips_rand_meth && fips_rand_meth->status)
-         return fips_rand_meth->status();
-     return 0;
-+#else
-+    return RAND_status();
-+#endif
- }
- 
- /* Return instantiated strength of PRNG. For DRBG this is an internal
-diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h
---- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg	2020-06-22 13:32:47.672852918 +0200
-+++ openssl-1.1.1g/include/openssl/fips.h	2020-06-22 13:32:47.675852917 +0200
-@@ -64,6 +64,11 @@ extern "C" {
- 
-     int FIPS_selftest(void);
-     int FIPS_selftest_failed(void);
-+
-+    /*
-+     * This function is deprecated as it performs selftest of the old FIPS drbg
-+     * implementation that is not validated.
-+     */
-     int FIPS_selftest_drbg_all(void);
- 
-     int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
-diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h
---- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg	2020-06-22 13:32:47.617852926 +0200
-+++ openssl-1.1.1g/include/openssl/fips_rand.h	2020-06-22 13:32:47.675852917 +0200
-@@ -60,6 +60,20 @@
- #  ifdef  __cplusplus
- extern "C" {
- #  endif
-+
-+/*
-+ * IMPORTANT NOTE:
-+ * All functions in this header file are deprecated and should not be used
-+ * as they use the old FIPS_drbg implementation that is not FIPS validated
-+ * anymore.
-+ * To provide backwards compatibility for applications that need FIPS compliant
-+ * RNG number generation and use FIPS_drbg_generate, this function was
-+ * re-wired to call the FIPS validated DRBG instance instead through
-+ * the RAND_bytes() call.
-+ *
-+ * All these functions will be removed in future.
-+ */
-+
-     typedef struct drbg_ctx_st DRBG_CTX;
- /* DRBG external flags */
- /* Flag for CTR mode only: use derivation function ctr_df */

openssl-1.1.1-seclevel.patch

@@ -1,160 +0,0 @@
-diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c
---- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/x509/x509_vfy.c	2020-06-05 17:16:54.835536823 +0200
-@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c
- }
- 
- static const int minbits_table[] = { 80, 112, 128, 192, 256 };
-+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
- static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
- 
- /*
-@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT
- 
-     if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
-         return 0;
--
--    return secbits >= minbits_table[level - 1];
-+    /*
-+     * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic
-+     * disable SHA1 flag is not set.
-+     */
-+    if ((ctx->param->flags & 0x40000000) || FIPS_mode())
-+        return secbits >= minbits_table[level - 1];
-+    return secbits >= minbits_digest_table[level - 1];
- }
-diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod
---- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod	2020-06-04 15:48:01.608178833 +0200
-@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
- 
- =item B<Level 2>
- 
--Security level set to 112 bits of security. As a result RSA, DSA and DH keys
--shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
-+Security level set to 112 bits of security with the exception of SHA1 allowed
-+for signatures.
-+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
-+shorter than 224 bits are prohibited.
- In addition to the level 1 exclusions any cipher suite using RC4 is also
- prohibited. SSL version 3 is also not allowed. Compression is disabled.
- 
-diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c
---- openssl-1.1.1g/ssl/ssl_cert.c.seclevel	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/ssl/ssl_cert.c	2020-06-05 17:10:11.842198401 +0200
-@@ -27,6 +27,7 @@
- static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
-                                          int op, int bits, int nid, void *other,
-                                          void *ex);
-+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx);
- 
- static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
- static volatile int ssl_x509_store_ctx_idx = -1;
-@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_
-     X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
- 
-     /* Set suite B flags if needed */
--    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
-+    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL));
-     if (!X509_STORE_CTX_set_ex_data
-         (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
-         goto end;
-@@ -953,12 +954,33 @@ static int ssl_security_default_callback
-             return 0;
-         break;
-     default:
-+        /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
-+        if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx))
-+            break;
-         if (bits < minbits)
-             return 0;
-     }
-     return 1;
- }
- 
-+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx)
-+{
-+    unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */
-+    const CERT *c;
-+
-+    if (FIPS_mode())
-+        return ret;
-+
-+    if (ctx != NULL) {
-+       c = ctx->cert;
-+    } else {
-+       c = s->cert;
-+    }
-+    if (tls1_cert_sigalgs_have_sha1(c))
-+        return 0;
-+    return ret;
-+}
-+
- int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
- {
-     return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
-diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h
---- openssl-1.1.1g/ssl/ssl_local.h.seclevel	2020-06-04 15:48:01.602178783 +0200
-+++ openssl-1.1.1g/ssl/ssl_local.h	2020-06-05 17:02:22.666313410 +0200
-@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC
- __owur int tls1_process_sigalgs(SSL *s);
- __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
- __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
-+int tls1_cert_sigalgs_have_sha1(const CERT *c);
- __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
- #  ifndef OPENSSL_NO_EC
- __owur int tls_check_sigalg_curve(const SSL *s, int curve);
-diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c
---- openssl-1.1.1g/ssl/t1_lib.c.seclevel	2020-06-04 15:48:01.654179221 +0200
-+++ openssl-1.1.1g/ssl/t1_lib.c	2020-06-05 17:02:40.268459157 +0200
-@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int
-     return 0;
- }
- 
-+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen)
-+{
-+    size_t i;
-+
-+    for (i = 0; i < sigalgslen; i++, sigalgs++) {
-+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
-+
-+        if (lu == NULL)
-+            continue;
-+        if (lu->hash == NID_sha1)
-+            return 1;
-+    }
-+    return 0;
-+}
-+
-+
-+int tls1_cert_sigalgs_have_sha1(const CERT *c)
-+{
-+    if (c->client_sigalgs != NULL) {
-+        if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen))
-+            return 1;
-+    }
-+    if (c->conf_sigalgs != NULL) {
-+        if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen))
-+            return 1;
-+        return 0;
-+    }
-+    return 1;
-+}
-+
- static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
- {
-     int sig_nid, use_pc_sigalgs = 0;
-diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t
---- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/test/recipes/25-test_verify.t	2020-06-04 15:48:01.608178833 +0200
-@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
- ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
-     "CA with PSS signature using SHA256");
- 
--ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
--    "Reject PSS signature using SHA1 and auth level 2");
-+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
-+    "Reject PSS signature using SHA1 and auth level 3");
- 
- ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
-     "PSS signature using SHA256 and auth level 2");

openssl-1.1.1-ts-sha256-default.patch

@@ -1,70 +0,0 @@
-diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf
---- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default	2020-11-06 11:07:28.850100899 +0100
-+++ openssl-1.1.1h/apps/openssl.cnf	2020-11-06 11:11:28.042913791 +0100
-@@ -364,5 +348,5 @@ tsa_name		= yes	# Must the TSA name be i
- 				# (optional, default: no)
- ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
- 				# (optional, default: no)
--ess_cert_id_alg		= sha1	# algorithm to compute certificate
-+ess_cert_id_alg		= sha256	# algorithm to compute certificate
- 				# identifier (optional, default: sha1)
-diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c
---- openssl-1.1.1h/apps/ts.c.ts-sha256-default	2020-09-22 14:55:07.000000000 +0200
-+++ openssl-1.1.1h/apps/ts.c	2020-11-06 11:07:28.883101220 +0100
-@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi
-     ASN1_OBJECT *policy_obj = NULL;
-     ASN1_INTEGER *nonce_asn1 = NULL;
- 
--    if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
-+    if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
-         goto err;
-     if ((ts_req = TS_REQ_new()) == NULL)
-         goto err;
-diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c
---- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default	2020-11-06 12:03:51.226372867 +0100
-+++ openssl-1.1.1h/crypto/ts/ts_conf.c	2020-11-06 12:04:01.713488990 +0100
-@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF
-     const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
- 
-     if (md == NULL)
--        md = "sha1";
-+        md = "sha256";
- 
-     cert_md = EVP_get_digestbyname(md);
-     if (cert_md == NULL) {
-diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod
---- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default	2020-09-22 14:55:07.000000000 +0200
-+++ openssl-1.1.1h/doc/man1/ts.pod	2020-11-06 11:07:28.883101220 +0100
-@@ -518,7 +518,7 @@ included. Default is no. (Optional)
- =item B<ess_cert_id_alg>
- 
- This option specifies the hash function to be used to calculate the TSA's
--public key certificate identifier. Default is sha1. (Optional)
-+public key certificate identifier. Default is sha256. (Optional)
- 
- =back
- 
-@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do.
- 
- =head2 Time Stamp Request
- 
--To create a timestamp request for design1.txt with SHA-1
-+To create a timestamp request for design1.txt with SHA-256
- without nonce and policy and no certificate is required in the response:
- 
-   openssl ts -query -data design1.txt -no_nonce \
-@@ -546,12 +546,12 @@ To print the content of the previous req
- 
-   openssl ts -query -in design1.tsq -text
- 
--To create a timestamp request which includes the MD-5 digest
-+To create a timestamp request which includes the SHA-512 digest
- of design2.txt, requests the signer certificate and nonce,
- specifies a policy id (assuming the tsa_policy1 name is defined in the
- OID section of the config file):
- 
--  openssl ts -query -data design2.txt -md5 \
-+  openssl ts -query -data design2.txt -sha512 \
-         -tspolicy tsa_policy1 -cert -out design2.tsq
- 
- =head2 Time Stamp Response

openssl-1.1.1-version-add-engines.patch

@@ -1,38 +0,0 @@
-diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c
---- openssl-1.1.1-pre8/apps/version.c.version-add-engines	2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/apps/version.c	2018-07-16 18:00:40.608624346 +0200
-@@ -64,7 +64,7 @@ int version_main(int argc, char **argv)
- {
-     int ret = 1, dirty = 0, seed = 0;
-     int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
--    int engdir = 0;
-+    int engdir = 0, engines = 0;
-     char *prog;
-     OPTION_CHOICE o;
- 
-@@ -106,7 +106,7 @@ opthelp:
-             break;
-         case OPT_A:
-             seed = options = cflags = version = date = platform = dir = engdir
--                = 1;
-+                = engines = 1;
-             break;
-         }
-     }
-@@ -188,6 +188,16 @@ opthelp:
- #endif
-         printf("\n");
-     }
-+    if (engines) {
-+        ENGINE *e;
-+        printf("engines:  ");
-+        e = ENGINE_get_first();
-+        while (e) {
-+            printf("%s ", ENGINE_get_id(e));
-+            e = ENGINE_get_next(e);
-+        }
-+        printf("\n");
-+    }
-     ret = 0;
-  end:
-     return ret;

openssl-1.1.1-version-override.patch

@@ -1,12 +0,0 @@
-diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
---- openssl-1.1.1g/include/openssl/opensslv.h.version-override	2020-04-23 13:29:37.802673513 +0200
-+++ openssl-1.1.1g/include/openssl/opensslv.h	2020-04-23 13:30:13.064008458 +0200
-@@ -40,7 +40,7 @@ extern "C" {
-  *  major minor fix final patch/beta)
-  */
- # define OPENSSL_VERSION_NUMBER  0x1010108fL
--# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1h  22 Sep 2020"
-+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1h FIPS 22 Sep 2020"
- 
- /*-
-  * The macros below are to be used for shared library (.so, .dll, ...)

openssl-1.1.1-weak-ciphers.patch

@@ -1,57 +0,0 @@
-diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
---- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers	2018-09-11 14:48:23.000000000 +0200
-+++ openssl-1.1.1/ssl/s3_lib.c	2018-09-17 12:53:33.850637181 +0200
-@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      SSL_GOST89MAC,
-      TLS1_VERSION, TLS1_2_VERSION,
-      0, 0,
--     SSL_HIGH,
-+     SSL_MEDIUM,
-      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
-      256,
-      256,
-@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      SSL_GOST89MAC12,
-      TLS1_VERSION, TLS1_2_VERSION,
-      0, 0,
--     SSL_HIGH,
-+     SSL_MEDIUM,
-      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
-      256,
-      256,
-@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      },
- #endif                          /* OPENSSL_NO_SEED */
- 
--#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-+#if 0 /* No MD5 ciphersuites */
-     {
-      1,
-      SSL3_TXT_RSA_RC4_128_MD5,
-@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      128,
-      128,
-      },
-+#endif
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-     {
-      1,
-      SSL3_TXT_RSA_RC4_128_SHA,
-@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      128,
-      128,
-      },
-+#endif
-+#if 0
-     {
-      1,
-      SSL3_TXT_ADH_RC4_128_MD5,
-@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      128,
-      128,
-      },
-+#endif
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-     {
-      1,
-      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,

openssl.rpmlintrc

@@ -0,0 +1,9 @@
+# capi.so is a dummy only used on Windows, it doesn't need dependency information
+addFilter("E: shared-lib(rary)?-without-dependency-information /usr/lib64/engines-3/capi.so")
+
+# The sources are hobbled and thus not a valid URL. That's expected.
+addFilter("W: invalid-url Source0: openssl-[0-9\\.]+-hobbled.tar.gz")
+
+# Technically this warning is correct, but in the case of the openssl binary we
+# want to allow SSL_CTX_set_cipher_list
+addFilter("W: crypto-policy-non-compliance-openssl /usr/bin/openssl SSL_CTX_set_cipher_list")

sources

@@ -1 +1 @@
-SHA512 (openssl-1.1.1h-hobbled.tar.xz) = 75e1d3f34f93462b97db92aa6538fd4f2f091ad717438e51d147508738be720d7d0bf4a9b1fda3a1943a4c13aae2a39da3add05f7da833b3c6de40a97bc97908
+SHA512 (openssl-3.0.8-hobbled.tar.gz) = 42f2a59aa8c39c21b66b528329ace126b870f6d7c3a1da2f2ee18ab875923c5bcf3d9046f884201556799a8ab1d915112a1f124cfaf1ab77b2eac834d1f88c60

tests/simple-rsapss-test/Makefile

@@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/openssl/Sanity/simple-rsapss-test
-#   Description: Test if RSA-PSS signature scheme is supported
-#   Author: Hubert Kario <hkario@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/openssl/Sanity/simple-rsapss-test
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
--include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Hubert Kario <hkario@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Test if RSA-PSS signature scheme is supported" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        1m" >> $(METADATA)
-	@echo "RunFor:          openssl" >> $(METADATA)
-	@echo "Requires:        openssl man man-db" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-
-	rhts-lint $(METADATA)

tests/simple-rsapss-test/PURPOSE

@@ -1,3 +0,0 @@
-PURPOSE of /CoreOS/openssl/Sanity/simple-rsapss-test
-Description: Test if RSA-PSS signature scheme is supported
-Author: Hubert Kario <hkario@redhat.com>

tests/simple-rsapss-test/runtest.sh

@@ -1,74 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/openssl/Sanity/simple-rsapss-test
-#   Description: Test if RSA-PSS signature scheme is supported
-#   Author: Hubert Kario <hkario@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="openssl"
-
-PUB_KEY="rsa_pubkey.pem"
-PRIV_KEY="rsa_key.pem"
-FILE="text.txt"
-SIG="text.sig"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm $PACKAGE
-        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-        rlRun "pushd $TmpDir"
-        rlRun "openssl genrsa -out $PRIV_KEY 2048" 0 "Generate RSA key"
-        rlRun "openssl rsa -in $PRIV_KEY -out $PUB_KEY -pubout" 0 "Split the public key from private key"
-        rlRun "echo 'sign me!' > $FILE" 0 "Create file for signing"
-        rlAssertExists $FILE
-        rlAssertExists $PRIV_KEY
-        rlAssertExists $PUB_KEY
-    rlPhaseEnd
-
-    rlPhaseStartTest "Test RSA-PSS padding mode"
-        set -o pipefail
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -out $SIG -sign $PRIV_KEY $FILE" 0 "Sign the file"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file without specifying salt length"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file without specifying salt length"
-        set +o pipefail
-        rlRun "sed -i 's/sign/Sign/' $FILE" 0 "Modify signed file"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verification Failure'" 0 "Verify that the signature is no longer valid"
-    rlPhaseEnd
-
-    rlPhaseStartTest "Documentation check"
-        [ -e "$(rpm -ql openssl | grep dgst)"] && rlRun "man dgst | col -b | grep -- -sigopt" 0 "Check if -sigopt option is described in man page"
-        rlRun "openssl dgst -help 2>&1 | grep -- -sigopt" 0 "Check if -sigopt option is present in help message"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlRun "popd"
-        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd

tests/tests.yml

@@ -1,15 +0,0 @@
----
-# This first play always runs on the local staging system
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    - container
-    tests:
-    - simple-rsapss-test
-    required_packages:
-    - findutils         # beakerlib needs find command
-    - man               # needed by simple-rsapss-test
-    - man-db            # needed by simple-rsapss-test
-    - openssl           # needed by simple-rsapss-test

tests/tests_python.yml

@@ -1,18 +0,0 @@
----
-- hosts: localhost
-  roles:
-  - role: standard-test-basic
-    tags:
-    - classic
-    repositories:
-    - repo: "https://src.fedoraproject.org/tests/python.git"
-      dest: "python"
-    tests:
-    - python_selftest:
-        dir: python/selftest
-        run: X="test_ssl test_asyncio test_hashlib test_ftplib test_httplib test_imaplib test_logging test_nntplib test_poplib test_urllib2_localnet test_urllib test_xmlrpc" ./parallel.sh
-    required_packages:
-    - gcc  # for extension building in venv and selftest
-    - python3-tkinter  # for selftest
-    - python3-test  # for selftest
-    - python3-rpm-macros  # for dynamic python version