- Update to 3.2.4:

* Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. [CVE-2024-12797] * Fixed timing side-channel in ECDSA signature computation. [CVE-2024-13176] * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. [CVE-2024-9143] - Remove patch openssl-CVE-2024-13176.patch - Rebase patches: * openssl-3-add_EVP_DigestSqueeze_api.patch * openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch * openssl-FIPS-RSA-encapsulate.patch * openssl-disable-fipsinstall.patch OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=132
2025-02-12 07:49:34 +00:00 · 2025-02-12 07:49:34 +00:00 · ef668cd7fa
commit ef668cd7fa
parent e5f6af2c44
11 changed files with 210 additions and 325 deletions
--- a/openssl-3-add_EVP_DigestSqueeze_api.patch
+++ b/openssl-3-add_EVP_DigestSqueeze_api.patch
@ -26,10 +26,10 @@ Date:   Fri Jul 21 15:05:38 2023 +1000
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/21511)
-Index: openssl-3.2.3/crypto/evp/digest.c
+Index: openssl-3.2.4/crypto/evp/digest.c
 ===================================================================
--- openssl-3.2.3.orig/crypto/evp/digest.c
+--- openssl-3.2.4.orig/crypto/evp/digest.c
-+++ openssl-3.2.3/crypto/evp/digest.c
+++ openssl-3.2.4/crypto/evp/digest.c
@@ -502,6 +502,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
     return ret;
 }
@ -105,10 +105,10 @@ Index: openssl-3.2.3/crypto/evp/digest.c
         || (fncnt == 0 && md->digest == NULL)) {
         /*
          * In order to be a consistent set of functions we either need the
-Index: openssl-3.2.3/crypto/evp/legacy_sha.c
+Index: openssl-3.2.4/crypto/evp/legacy_sha.c
 ===================================================================
--- openssl-3.2.3.orig/crypto/evp/legacy_sha.c
+--- openssl-3.2.4.orig/crypto/evp/legacy_sha.c
-+++ openssl-3.2.3/crypto/evp/legacy_sha.c
+++ openssl-3.2.4/crypto/evp/legacy_sha.c
@@ -37,7 +37,8 @@ static int nm##_update(EVP_MD_CTX *ctx,
 }                                                                              \
 static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md)                      \
@ -119,10 +119,10 @@ Index: openssl-3.2.3/crypto/evp/legacy_sha.c
 }
 #define IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE(nm, fn, tag)                        \
 static int nm##_init(EVP_MD_CTX *ctx)                                          \
-Index: openssl-3.2.3/crypto/sha/asm/keccak1600-armv4.pl
+Index: openssl-3.2.4/crypto/sha/asm/keccak1600-armv4.pl
 ===================================================================
--- openssl-3.2.3.orig/crypto/sha/asm/keccak1600-armv4.pl
+--- openssl-3.2.4.orig/crypto/sha/asm/keccak1600-armv4.pl
-+++ openssl-3.2.3/crypto/sha/asm/keccak1600-armv4.pl
+++ openssl-3.2.4/crypto/sha/asm/keccak1600-armv4.pl
@@ -966,6 +966,8 @@ SHA3_squeeze:
 	stmdb	sp!,{r6-r9}
@ -141,10 +141,10 @@ Index: openssl-3.2.3/crypto/sha/asm/keccak1600-armv4.pl
 	mov	r0,r14			@ original $A_flat
 	bl	KeccakF1600
-Index: openssl-3.2.3/crypto/sha/asm/keccak1600-armv8.pl
+Index: openssl-3.2.4/crypto/sha/asm/keccak1600-armv8.pl
 ===================================================================
--- openssl-3.2.3.orig/crypto/sha/asm/keccak1600-armv8.pl
+--- openssl-3.2.4.orig/crypto/sha/asm/keccak1600-armv8.pl
-+++ openssl-3.2.3/crypto/sha/asm/keccak1600-armv8.pl
+++ openssl-3.2.4/crypto/sha/asm/keccak1600-armv8.pl
@@ -483,6 +483,8 @@ SHA3_squeeze:
 	mov	$out,x1
 	mov	$len,x2
@ -163,10 +163,10 @@ Index: openssl-3.2.3/crypto/sha/asm/keccak1600-armv8.pl
 	mov	x0,$A_flat
 	bl	KeccakF1600
 	mov	x0,$A_flat
-Index: openssl-3.2.3/crypto/sha/asm/keccak1600-ppc64.pl
+Index: openssl-3.2.4/crypto/sha/asm/keccak1600-ppc64.pl
 ===================================================================
--- openssl-3.2.3.orig/crypto/sha/asm/keccak1600-ppc64.pl
+--- openssl-3.2.4.orig/crypto/sha/asm/keccak1600-ppc64.pl
-+++ openssl-3.2.3/crypto/sha/asm/keccak1600-ppc64.pl
+++ openssl-3.2.4/crypto/sha/asm/keccak1600-ppc64.pl
@@ -668,6 +668,8 @@ SHA3_squeeze:
 	subi	$out,r4,1		; prepare for stbu
 	mr	$len,r5
@ -184,10 +184,10 @@ Index: openssl-3.2.3/crypto/sha/asm/keccak1600-ppc64.pl
 	mr	r3,$A_flat
 	bl	KeccakF1600
 	subi	r3,$A_flat,8		; prepare for ldu
-Index: openssl-3.2.3/crypto/sha/asm/keccak1600-x86_64.pl
+Index: openssl-3.2.4/crypto/sha/asm/keccak1600-x86_64.pl
 ===================================================================
--- openssl-3.2.3.orig/crypto/sha/asm/keccak1600-x86_64.pl
+--- openssl-3.2.4.orig/crypto/sha/asm/keccak1600-x86_64.pl
-+++ openssl-3.2.3/crypto/sha/asm/keccak1600-x86_64.pl
+++ openssl-3.2.4/crypto/sha/asm/keccak1600-x86_64.pl
@@ -503,12 +503,12 @@ SHA3_absorb:
 .size	SHA3_absorb,.-SHA3_absorb
 ___
@ -246,10 +246,10 @@ Index: openssl-3.2.3/crypto/sha/asm/keccak1600-x86_64.pl
 	mov	$out,%rdi
 	mov	$len,%rcx
 	.byte	0xf3,0xa4		# rep	movsb
-Index: openssl-3.2.3/crypto/sha/keccak1600.c
+Index: openssl-3.2.4/crypto/sha/keccak1600.c
 ===================================================================
--- openssl-3.2.3.orig/crypto/sha/keccak1600.c
+--- openssl-3.2.4.orig/crypto/sha/keccak1600.c
-+++ openssl-3.2.3/crypto/sha/keccak1600.c
+++ openssl-3.2.4/crypto/sha/keccak1600.c
@@ -13,7 +13,7 @@
 size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
@ -298,10 +298,10 @@ Index: openssl-3.2.3/crypto/sha/keccak1600.c
     }
 }
 #endif
-Index: openssl-3.2.3/crypto/sha/sha3.c
+Index: openssl-3.2.4/crypto/sha/sha3.c
 ===================================================================
--- openssl-3.2.3.orig/crypto/sha/sha3.c
+--- openssl-3.2.4.orig/crypto/sha/sha3.c
-+++ openssl-3.2.3/crypto/sha/sha3.c
+++ openssl-3.2.4/crypto/sha/sha3.c
@@ -10,12 +10,13 @@
 #include <string.h>
 #include "internal/sha3.h"
@ -440,10 +440,10 @@ Index: openssl-3.2.3/crypto/sha/sha3.c
     return 1;
 }
-Index: openssl-3.2.3/doc/life-cycles/digest.dot
+Index: openssl-3.2.4/doc/life-cycles/digest.dot
 ===================================================================
--- openssl-3.2.3.orig/doc/life-cycles/digest.dot
+--- openssl-3.2.4.orig/doc/life-cycles/digest.dot
-+++ openssl-3.2.3/doc/life-cycles/digest.dot
+++ openssl-3.2.4/doc/life-cycles/digest.dot
@@ -6,28 +6,30 @@ digraph digest {
     initialised [label=initialised, fontcolor="#c94c4c"];
     updated [label=updated, fontcolor="#c94c4c"];
@ -486,10 +486,10 @@ Index: openssl-3.2.3/doc/life-cycles/digest.dot
 +                            color="#034f84", fontcolor="#034f84"];
 }
 -
-Index: openssl-3.2.3/doc/man3/EVP_DigestInit.pod
+Index: openssl-3.2.4/doc/man3/EVP_DigestInit.pod
 ===================================================================
--- openssl-3.2.3.orig/doc/man3/EVP_DigestInit.pod
+--- openssl-3.2.4.orig/doc/man3/EVP_DigestInit.pod
-+++ openssl-3.2.3/doc/man3/EVP_DigestInit.pod
+++ openssl-3.2.4/doc/man3/EVP_DigestInit.pod
@@ -12,6 +12,7 @@ EVP_MD_CTX_settable_params, EVP_MD_CTX_g
 EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
 EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit,
@ -548,10 +548,10 @@ Index: openssl-3.2.3/doc/man3/EVP_DigestInit.pod
 =head1 COPYRIGHT
-Index: openssl-3.2.3/doc/man7/EVP_MD-BLAKE2.pod
+Index: openssl-3.2.4/doc/man7/EVP_MD-BLAKE2.pod
 ===================================================================
--- openssl-3.2.3.orig/doc/man7/EVP_MD-BLAKE2.pod
+--- openssl-3.2.4.orig/doc/man7/EVP_MD-BLAKE2.pod
-+++ openssl-3.2.3/doc/man7/EVP_MD-BLAKE2.pod
+++ openssl-3.2.4/doc/man7/EVP_MD-BLAKE2.pod
@@ -25,6 +25,17 @@ Known names are "BLAKE2B-512" and "BLAKE
 =back
@ -570,10 +570,10 @@ Index: openssl-3.2.3/doc/man7/EVP_MD-BLAKE2.pod
 =head2 Gettable Parameters
 This implementation supports the common gettable parameters described
-Index: openssl-3.2.3/doc/man7/EVP_MD-SHAKE.pod
+Index: openssl-3.2.4/doc/man7/EVP_MD-SHAKE.pod
 ===================================================================
--- openssl-3.2.3.orig/doc/man7/EVP_MD-SHAKE.pod
+--- openssl-3.2.4.orig/doc/man7/EVP_MD-SHAKE.pod
-+++ openssl-3.2.3/doc/man7/EVP_MD-SHAKE.pod
+++ openssl-3.2.4/doc/man7/EVP_MD-SHAKE.pod
@@ -70,8 +70,21 @@ For backwards compatibility reasons the
 32 (bytes) which results in a security strength of only 128 bits. To ensure the
 maximum security strength of 256 bits, the xoflen should be set to at least 64.
@ -596,10 +596,10 @@ Index: openssl-3.2.3/doc/man7/EVP_MD-SHAKE.pod
 =head1 SEE ALSO
 L<EVP_MD_CTX_set_params(3)>, L<provider-digest(7)>, L<OSSL_PROVIDER-default(7)>
-Index: openssl-3.2.3/doc/man7/life_cycle-digest.pod
+Index: openssl-3.2.4/doc/man7/life_cycle-digest.pod
 ===================================================================
--- openssl-3.2.3.orig/doc/man7/life_cycle-digest.pod
+--- openssl-3.2.4.orig/doc/man7/life_cycle-digest.pod
-+++ openssl-3.2.3/doc/man7/life_cycle-digest.pod
+++ openssl-3.2.4/doc/man7/life_cycle-digest.pod
@@ -32,6 +32,14 @@ additional input or generating output.
 =item finaled
@ -852,10 +852,10 @@ Index: openssl-3.2.3/doc/man7/life_cycle-digest.pod
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
-Index: openssl-3.2.3/doc/man7/provider-digest.pod
+Index: openssl-3.2.4/doc/man7/provider-digest.pod
 ===================================================================
--- openssl-3.2.3.orig/doc/man7/provider-digest.pod
+--- openssl-3.2.4.orig/doc/man7/provider-digest.pod
-+++ openssl-3.2.3/doc/man7/provider-digest.pod
+++ openssl-3.2.4/doc/man7/provider-digest.pod
@@ -198,8 +198,7 @@ This digest method can only handle one b
 =item B<EVP_MD_FLAG_XOF>
@ -866,10 +866,10 @@ Index: openssl-3.2.3/doc/man7/provider-digest.pod
 =item B<EVP_MD_FLAG_DIGALGID_NULL>
-Index: openssl-3.2.3/include/crypto/evp.h
+Index: openssl-3.2.4/include/crypto/evp.h
 ===================================================================
--- openssl-3.2.3.orig/include/crypto/evp.h
+--- openssl-3.2.4.orig/include/crypto/evp.h
-+++ openssl-3.2.3/include/crypto/evp.h
+++ openssl-3.2.4/include/crypto/evp.h
@@ -296,6 +296,7 @@ struct evp_md_st {
     OSSL_FUNC_digest_init_fn *dinit;
     OSSL_FUNC_digest_update_fn *dupdate;
@ -878,10 +878,10 @@ Index: openssl-3.2.3/include/crypto/evp.h
     OSSL_FUNC_digest_digest_fn *digest;
     OSSL_FUNC_digest_freectx_fn *freectx;
     OSSL_FUNC_digest_dupctx_fn *dupctx;
-Index: openssl-3.2.3/include/internal/sha3.h
+Index: openssl-3.2.4/include/internal/sha3.h
 ===================================================================
--- openssl-3.2.3.orig/include/internal/sha3.h
+--- openssl-3.2.4.orig/include/internal/sha3.h
-+++ openssl-3.2.3/include/internal/sha3.h
+++ openssl-3.2.4/include/internal/sha3.h
@@ -22,23 +22,31 @@
 typedef struct keccak_st KECCAK1600_CTX;
@ -927,10 +927,10 @@ Index: openssl-3.2.3/include/internal/sha3.h
 size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
                    size_t r);
-Index: openssl-3.2.3/include/openssl/core_dispatch.h
+Index: openssl-3.2.4/include/openssl/core_dispatch.h
 ===================================================================
--- openssl-3.2.3.orig/include/openssl/core_dispatch.h
+--- openssl-3.2.4.orig/include/openssl/core_dispatch.h
-+++ openssl-3.2.3/include/openssl/core_dispatch.h
+++ openssl-3.2.4/include/openssl/core_dispatch.h
@@ -300,6 +300,7 @@ OSSL_CORE_MAKE_FUNC(int, provider_self_t
 # define OSSL_FUNC_DIGEST_GETTABLE_PARAMS           11
 # define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS       12
@ -949,10 +949,10 @@ Index: openssl-3.2.3/include/openssl/core_dispatch.h
 OSSL_CORE_MAKE_FUNC(int, digest_digest,
                     (void *provctx, const unsigned char *in, size_t inl,
                      unsigned char *out, size_t *outl, size_t outsz))
-Index: openssl-3.2.3/include/openssl/evp.h
+Index: openssl-3.2.4/include/openssl/evp.h
 ===================================================================
--- openssl-3.2.3.orig/include/openssl/evp.h
+--- openssl-3.2.4.orig/include/openssl/evp.h
-+++ openssl-3.2.3/include/openssl/evp.h
+++ openssl-3.2.4/include/openssl/evp.h
@@ -729,8 +729,10 @@ __owur int EVP_MD_CTX_copy(EVP_MD_CTX *o
 __owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 __owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
@ -966,10 +966,10 @@ Index: openssl-3.2.3/include/openssl/evp.h
 __owur EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
                             const char *properties);
-Index: openssl-3.2.3/providers/implementations/digests/sha3_prov.c
+Index: openssl-3.2.4/providers/implementations/digests/sha3_prov.c
 ===================================================================
--- openssl-3.2.3.orig/providers/implementations/digests/sha3_prov.c
+--- openssl-3.2.4.orig/providers/implementations/digests/sha3_prov.c
-+++ openssl-3.2.3/providers/implementations/digests/sha3_prov.c
+++ openssl-3.2.4/providers/implementations/digests/sha3_prov.c
@@ -33,10 +33,12 @@ static OSSL_FUNC_digest_update_fn keccak
 static OSSL_FUNC_digest_final_fn keccak_final;
 static OSSL_FUNC_digest_freectx_fn keccak_freectx;
@ -1229,16 +1229,16 @@ Index: openssl-3.2.3/providers/implementations/digests/sha3_prov.c
     PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen,                             \
                           SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen),         \
                           SHAKE_FLAGS)
-Index: openssl-3.2.3/test/build.info
+Index: openssl-3.2.4/test/build.info
 ===================================================================
--- openssl-3.2.3.orig/test/build.info
+--- openssl-3.2.4.orig/test/build.info
-+++ openssl-3.2.3/test/build.info
+++ openssl-3.2.4/test/build.info
@@ -63,7 +63,7 @@ IF[{- !$disabled{tests} -}]
           provfetchtest prov_config_test rand_test ca_internals_test \
           bio_tfo_test membio_test bio_dgram_test list_test fips_version_test \
           x509_test hpke_test pairwise_fail_test nodefltctxtest \
-          x509_load_cert_file_test
+-          x509_load_cert_file_test bio_pw_callback_test
-+          evp_xof_test x509_load_cert_file_test
+          evp_xof_test x509_load_cert_file_test bio_pw_callback_test
   IF[{- !$disabled{'rpk'} -}]
     PROGRAMS{noinst}=rpktest
@ -1253,10 +1253,10 @@ Index: openssl-3.2.3/test/build.info
   SOURCE[evp_pkey_dparams_test]=evp_pkey_dparams_test.c
   INCLUDE[evp_pkey_dparams_test]=../include ../apps/include
   DEPEND[evp_pkey_dparams_test]=../libcrypto libtestutil.a
-Index: openssl-3.2.3/test/evp_xof_test.c
+Index: openssl-3.2.4/test/evp_xof_test.c
 ===================================================================
 --- /dev/null
-+++ openssl-3.2.3/test/evp_xof_test.c
+++ openssl-3.2.4/test/evp_xof_test.c
@@ -0,0 +1,492 @@
 +/*
 + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
@ -1750,10 +1750,10 @@ Index: openssl-3.2.3/test/evp_xof_test.c
 +    ADD_ALL_TESTS(shake_squeeze_dup_test, OSSL_NELEM(dupoffset_tests));
 +    return 1;
 +}
-Index: openssl-3.2.3/test/recipes/30-test_evp_xof.t
+Index: openssl-3.2.4/test/recipes/30-test_evp_xof.t
 ===================================================================
 --- /dev/null
-+++ openssl-3.2.3/test/recipes/30-test_evp_xof.t
+++ openssl-3.2.4/test/recipes/30-test_evp_xof.t
@@ -0,0 +1,12 @@
 +#! /usr/bin/env perl
 +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
@ -1767,10 +1767,10 @@ Index: openssl-3.2.3/test/recipes/30-test_evp_xof.t
 +use OpenSSL::Test::Simple;
 +
 +simple_test("test_evp_xof", "evp_xof_test");
-Index: openssl-3.2.3/util/libcrypto.num
+Index: openssl-3.2.4/util/libcrypto.num
 ===================================================================
--- openssl-3.2.3.orig/util/libcrypto.num
+--- openssl-3.2.4.orig/util/libcrypto.num
-+++ openssl-3.2.3/util/libcrypto.num
+++ openssl-3.2.4/util/libcrypto.num
@@ -5536,6 +5536,7 @@ X509_STORE_CTX_set_get_crl
 X509_STORE_CTX_set_current_reasons      5664	3_2_0	EXIST::FUNCTION:
 OSSL_STORE_delete                       5665	3_2_0	EXIST::FUNCTION:
--- a/openssl-3.2.3.tar.gz
+++ b/openssl-3.2.3.tar.gz
--- a/openssl-3.2.3.tar.gz.asc
+++ b/openssl-3.2.3.tar.gz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmbXBpkACgkQIWCU39DL
 ge81Ww//d6tE9XznGxx/+xfBFADDTALPDaO8yogJtECMMxixXn1zuWYheH40z5zO
 MTmIeHVLowXlfBl4YO8I+SDGbZy4CKFix3j+r/dojvteiPXrBKd83e67e0mDotAD
 w3NYar1Gh8kXnq63zEV8JRBjRhLb2b7uJhi1UUtaCgOfK/wvRVWiBDWyVAkVjR0V
 NGCQg6FXCjxXY9G01wyqBlZt4T/h/SxN+iZUWRRPrekTxVNAQxFsMLYupuULpeaz
 uHvXXJ1Os/Mh4zD8a/SHrbdw3ncHb7JmCNZu4cPUkNVw0Dc0y64SP+Wviet1oOio
 /pTnfq6ptUTpzkSFiI9ZmTS1eiqQ24BLdwu3J/6ss9hZUlFZPUozsH6HTVpRxWhI
 edp5fa8rpQ5wX+ftGNxA1tRhWjCrR1VgFhdZX5T4rS5fU3OX5TXPwHKqaFyGlxQd
 GV467+BgxixgEU5xMirkJ/WbYrcSEFS1i9EbL6HwJ2vO02jHNfK7Biy+krOZKnx1
 Oniv4DoPR1s2De+OinDI30Zo9STizpiFiv27vw+l8Wj6+SnCFoyAZMVYcdYXSAws
 Im054SFCpw1cqhhHMBMOodqUv2CEMyBLuUyjjOF6oFteUp/VEe8JUrkQBA+LhDgX
 kPNzpSTnX9lB/ALvaedOUyIQf8sV3IEGn7zWGOTBp1QLu6hiId8=
 =1Xgs
 -----END PGP SIGNATURE-----
--- a/openssl-3.2.4.tar.gz
+++ b/openssl-3.2.4.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:b23ad7fd9f73e43ad1767e636040e88ba7c9e5775bfa5618436a0dd2c17c3716
 size 17782746
--- a/openssl-3.2.4.tar.gz.asc
+++ b/openssl-3.2.4.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmerYbgACgkQIWCU39DL
 ge+LMhAAmVXO6X5r3P5P8czf4kT8jFp9xRkp+jlzLZ7+Vt0GOc+8JZRJ/Fmi4fsD
 6nMScDzpJAv/KxOsRCC3l+Fz7eIRWvf+qeSTQggCYAlUF+3Y9qXbnOcCj+8/HPYa
 bAXq7S4hFi3T7NXFyOOx38KxUuhNpcC/tUvMEmYoR8HTm0n1Utf/h/IC9IVoc7at
 raUOo2qTZqwMNFue8fXC7lj6wL81MRD3TYOjePNZAKe2tuPCLoyR+sN8twVbNOLH
 9TDwMZLeCRaLebL9x14knhUOT4+/gsTGH84KS56Ry0YYSDGc2u+58HRaGFBbAEId
 hy4DYrYMCRlcSofPYlzMaFAZ3PSar+6ZPvvEl+OrOzY9DPoXzj0gXQ/NCWqJu9lg
 EQvE6/TnuhXEUxO25eWnIXGBWcmJtECut/rY1sV9OZwaOUPxDWZTxkDuv1dNDqug
 EmrfJHM7KdYVwy7JONReF0ODnNIVAa4HoAZ0EF3K3oySA5KmbA3YkkDGo5aqhpAD
 LZu4+fEmemq1fsEjAxdAk2Vmx4YUElcHEoQGQxSdPlIgl/z/KQ6ONuYoGIgXUXH8
 omXxceapMLP3DkHEpFxOYACCderAxDsZAjgFxM2Rlvp8afCq/C2wFYFDERU9XNIS
 SIc4N+NAoDAxSk6ScGSzORO78lFIGzBIX3pLSCCIezGCyfeHtYo=
 =HqP/
 -----END PGP SIGNATURE-----
--- a/openssl-3.changes
+++ b/openssl-3.changes
@ -1,3 +1,19 @@
 -------------------------------------------------------------------
 Tue Feb 11 18:21:12 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
 - Update to 3.2.4:
  * Fixed RFC7250 handshakes with unauthenticated servers don't abort as
    expected. [CVE-2024-12797]
  * Fixed timing side-channel in ECDSA signature computation. [CVE-2024-13176]
  * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
    curve parameters. [CVE-2024-9143]
 - Remove patch openssl-CVE-2024-13176.patch
 - Rebase patches:
  * openssl-3-add_EVP_DigestSqueeze_api.patch
  * openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
  * openssl-FIPS-RSA-encapsulate.patch
  * openssl-disable-fipsinstall.patch
 -------------------------------------------------------------------
 Wed Jan 22 13:15:51 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
--- a/openssl-3.spec
+++ b/openssl-3.spec
@ -25,7 +25,7 @@
 %define livepatchable 1
 Name:           openssl-3
-Version:        3.2.3
+Version:        3.2.4
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        Apache-2.0
@ -144,8 +144,6 @@ Patch64:        openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
 # PATCH-FIX-UPSTREAM: Fix failing tests on ppc64 jsc#PED-10280
 Patch65:        openssl-3-fix-sha3-squeeze-ppc64.patch
 Patch66:        openssl-3-fix-quic_multistream_test.patch
 # PATCH-FIX-UPSTREAM: bsc#1236136 CVE-2024-13176: Fix timing side-channel in ECDSA signature computation
 Patch67:        openssl-CVE-2024-13176.patch
 BuildRequires:  pkgconfig
--- a/openssl-CVE-2024-13176.patch
+++ b/openssl-CVE-2024-13176.patch
@ -1,122 +0,0 @@
 From 4b1cb94a734a7d4ec363ac0a215a25c181e11f65 Mon Sep 17 00:00:00 2001
 From: Tomas Mraz <tomas@openssl.org>
 Date: Wed, 15 Jan 2025 18:27:02 +0100
 Subject: [PATCH] Fix timing side-channel in ECDSA signature computation
 There is a timing signal of around 300 nanoseconds when the top word of
 the inverted ECDSA nonce value is zero. This can happen with significant
 probability only for some of the supported elliptic curves. In particular
 the NIST P-521 curve is affected. To be able to measure this leak, the
 attacker process must either be located in the same physical computer or
 must have a very fast network connection with low latency.
 Attacks on ECDSA nonce are also known as Minerva attack.
 Fixes CVE-2024-13176
 Reviewed-by: Tim Hudson <tjh@openssl.org>
 Reviewed-by: Neil Horman <nhorman@openssl.org>
 Reviewed-by: Paul Dale <ppzgs1@gmail.com>
 (Merged from https://github.com/openssl/openssl/pull/26429)
 (cherry picked from commit 63c40a66c5dc287485705d06122d3a6e74a6a203)
 (cherry picked from commit 392dcb336405a0c94486aa6655057f59fd3a0902)
 ---
 crypto/bn/bn_exp.c  | 21 +++++++++++++++------
 crypto/ec/ec_lib.c  |  7 ++++---
 include/crypto/bn.h |  3 +++
 3 files changed, 22 insertions(+), 9 deletions(-)
 diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
 index b876edbfac36e..af52e2ced6914 100644
 --- a/crypto/bn/bn_exp.c
 +++ b/crypto/bn/bn_exp.c
@@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
  * out by Colin Percival,
  * http://www.daemonology.net/hyperthreading-considered-harmful/)
  */
 -int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 +int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                               const BIGNUM *m, BN_CTX *ctx,
                               BN_MONT_CTX *in_mont)
 {
@@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     unsigned int t4 = 0;
 #endif
 -    bn_check_top(a);
 -    bn_check_top(p);
 -    bn_check_top(m);
 -
     if (!BN_is_odd(m)) {
         ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
         return 0;
@@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
             goto err;
     } else
 #endif
 -    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
 +    if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx))
         goto err;
     ret = 1;
  err:
@@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     return ret;
 }
 +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 +                              const BIGNUM *m, BN_CTX *ctx,
 +                              BN_MONT_CTX *in_mont)
 +{
 +    bn_check_top(a);
 +    bn_check_top(p);
 +    bn_check_top(m);
 +    if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont))
 +        return 0;
 +    bn_correct_top(rr);
 +    return 1;
 +}
 +
 int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 {
 diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
 index c92b4dcb0ac45..a79fbb98cf6fa 100644
 --- a/crypto/ec/ec_lib.c
 +++ b/crypto/ec/ec_lib.c
@@ -21,6 +21,7 @@
 #include <openssl/opensslv.h>
 #include <openssl/param_build.h>
 #include "crypto/ec.h"
 +#include "crypto/bn.h"
 #include "internal/nelem.h"
 #include "ec_local.h"
@@ -1261,10 +1262,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
     if (!BN_sub(e, group->order, e))
         goto err;
     /*-
 -     * Exponent e is public.
 -     * No need for scatter-gather or BN_FLG_CONSTTIME.
 +     * Although the exponent is public we want the result to be
 +     * fixed top.
      */
 -    if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
 +    if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data))
         goto err;
     ret = 1;
 diff --git a/include/crypto/bn.h b/include/crypto/bn.h
 index 302f031c2ff1d..499e1d10efab0 100644
 --- a/include/crypto/bn.h
 +++ b/include/crypto/bn.h
@@ -73,6 +73,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
  */
 int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                           BN_MONT_CTX *mont, BN_CTX *ctx);
 +int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 +                              const BIGNUM *m, BN_CTX *ctx,
 +                              BN_MONT_CTX *in_mont);
 int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
                          BN_CTX *ctx);
 int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
--- a/openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
+++ b/openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
@ -21,11 +21,11 @@ Patch-id: 93
 test/recipes/80-test_ssl_old.t               |  3 +
 12 files changed, 118 insertions(+), 20 deletions(-)
-diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
+Index: openssl-3.2.4/crypto/dh/dh_backend.c
-index 726843fd30..24c65ca84f 100644
+===================================================================
--- a/crypto/dh/dh_backend.c
+--- openssl-3.2.4.orig/crypto/dh/dh_backend.c
-+++ b/crypto/dh/dh_backend.c
+++ openssl-3.2.4/crypto/dh/dh_backend.c
-@@ -53,6 +53,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
+@@ -47,6 +47,16 @@ int ossl_dh_params_fromdata(DH *dh, cons
     if (!dh_ffc_params_fromdata(dh, params))
         return 0;
@ -42,11 +42,11 @@ index 726843fd30..24c65ca84f 100644
     param_priv_len =
         OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
     if (param_priv_len != NULL
-diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+Index: openssl-3.2.4/crypto/dh/dh_check.c
-index 0b391910d6..75581ca347 100644
+===================================================================
--- a/crypto/dh/dh_check.c
+--- openssl-3.2.4.orig/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
+++ openssl-3.2.4/crypto/dh/dh_check.c
-@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *ret)
+@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *r
     nid = DH_get_nid((DH *)dh);
     if (nid != NID_undef)
         return 1;
@ -67,11 +67,11 @@ index 0b391910d6..75581ca347 100644
 }
 #else
 int DH_check_params(const DH *dh, int *ret)
-diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
+Index: openssl-3.2.4/crypto/dh/dh_gen.c
-index 204662a81c..9961f21920 100644
+===================================================================
--- a/crypto/dh/dh_gen.c
+--- openssl-3.2.4.orig/crypto/dh/dh_gen.c
-+++ b/crypto/dh/dh_gen.c
+++ openssl-3.2.4/crypto/dh/dh_gen.c
-@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret,
 int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
                                     BN_GENCB *cb)
 {
@ -100,11 +100,11 @@ index 204662a81c..9961f21920 100644
     if (ret > 0)
         dh->dirty_cnt++;
     return ret;
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+Index: openssl-3.2.4/crypto/dh/dh_key.c
-index 83773cceea..7e988368d3 100644
+===================================================================
--- a/crypto/dh/dh_key.c
+--- openssl-3.2.4.orig/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
+++ openssl-3.2.4/crypto/dh/dh_key.c
-@@ -321,8 +321,12 @@ static int generate_key(DH *dh)
+@@ -336,8 +336,12 @@ static int generate_key(DH *dh)
                 goto err;
         } else {
 #ifdef FIPS_MODULE
@ -119,7 +119,7 @@ index 83773cceea..7e988368d3 100644
 #else
             if (dh->params.q == NULL) {
                 /* secret exponent length, must satisfy 2^(l-1) <= p */
-@@ -343,9 +347,7 @@ static int generate_key(DH *dh)
+@@ -358,9 +362,7 @@ static int generate_key(DH *dh)
                     if (!BN_clear_bit(priv_key, 0))
                         goto err;
                 }
@ -130,7 +130,7 @@ index 83773cceea..7e988368d3 100644
                 /* Do a partial check for invalid p, q, g */
                 if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params,
                                                      FFC_PARAM_TYPE_DH, NULL))
-@@ -361,6 +363,7 @@ static int generate_key(DH *dh)
+@@ -376,6 +378,7 @@ static int generate_key(DH *dh)
                                                    priv_key))
                     goto err;
             }
@ -138,11 +138,11 @@ index 83773cceea..7e988368d3 100644
         }
     }
-diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
+Index: openssl-3.2.4/crypto/dh/dh_pmeth.c
-index f201eede0d..30f90d15be 100644
+===================================================================
--- a/crypto/dh/dh_pmeth.c
+--- openssl-3.2.4.orig/crypto/dh/dh_pmeth.c
-+++ b/crypto/dh/dh_pmeth.c
+++ openssl-3.2.4/crypto/dh/dh_pmeth.c
-@@ -305,13 +305,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx,
+@@ -303,13 +303,17 @@ static DH *ffc_params_generate(OSSL_LIB_
                                                 prime_len, subprime_len, &res,
                                                 pcb);
     else
@ -163,11 +163,11 @@ index f201eede0d..30f90d15be 100644
     if (rv <= 0) {
         DH_free(ret);
         return NULL;
-diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
+Index: openssl-3.2.4/providers/implementations/keymgmt/dh_kmgmt.c
-index 9a7dde7c66..b3e7bca5ac 100644
+===================================================================
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+--- openssl-3.2.4.orig/providers/implementations/keymgmt/dh_kmgmt.c
-+++ b/providers/implementations/keymgmt/dh_kmgmt.c
+++ openssl-3.2.4/providers/implementations/keymgmt/dh_kmgmt.c
-@@ -414,6 +414,11 @@ static int dh_validate(const void *keydata, int selection, int checktype)
+@@ -417,6 +417,11 @@ static int dh_validate(const void *keyda
     if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
         return 1; /* nothing to validate */
@ -179,11 +179,11 @@ index 9a7dde7c66..b3e7bca5ac 100644
     if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
         /*
          * Both of these functions check parameters. DH_check_params_ex()
-diff --git a/test/endecode_test.c b/test/endecode_test.c
+Index: openssl-3.2.4/test/endecode_test.c
-index 53385028fc..169f3ccd73 100644
+===================================================================
--- a/test/endecode_test.c
+--- openssl-3.2.4.orig/test/endecode_test.c
-+++ b/test/endecode_test.c
+++ openssl-3.2.4/test/endecode_test.c
-@@ -84,10 +84,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
+@@ -84,10 +84,10 @@ static EVP_PKEY *make_template(const cha
      * for testing only. Use a minimum key size of 2048 for security purposes.
      */
     if (strcmp(type, "DH") == 0)
@ -196,11 +196,11 @@ index 53385028fc..169f3ccd73 100644
 # endif
     /*
-diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
+Index: openssl-3.2.4/test/evp_libctx_test.c
-index a7913cda4c..96a35ac1cc 100644
+===================================================================
--- a/test/evp_libctx_test.c
+--- openssl-3.2.4.orig/test/evp_libctx_test.c
-+++ b/test/evp_libctx_test.c
+++ openssl-3.2.4/test/evp_libctx_test.c
-@@ -189,7 +189,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
+@@ -189,7 +189,7 @@ static int do_dh_param_keygen(int tstid,
     if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
         || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
@ -209,11 +209,11 @@ index a7913cda4c..96a35ac1cc 100644
         goto err;
     if (expected) {
-diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
+Index: openssl-3.2.4/test/helpers/predefined_dhparams.c
-index 4bdadc4143..e5186e4b4a 100644
+===================================================================
--- a/test/helpers/predefined_dhparams.c
+--- openssl-3.2.4.orig/test/helpers/predefined_dhparams.c
-+++ b/test/helpers/predefined_dhparams.c
+++ openssl-3.2.4/test/helpers/predefined_dhparams.c
-@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx)
+@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libct
                           dhx512_q, sizeof(dhx512_q));
 }
@ -282,10 +282,10 @@ index 4bdadc4143..e5186e4b4a 100644
 EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
 {
     static unsigned char dh1024_p[] = {
-diff --git a/test/helpers/predefined_dhparams.h b/test/helpers/predefined_dhparams.h
+Index: openssl-3.2.4/test/helpers/predefined_dhparams.h
-index f0e8709062..2ff6d6e721 100644
+===================================================================
--- a/test/helpers/predefined_dhparams.h
+--- openssl-3.2.4.orig/test/helpers/predefined_dhparams.h
-+++ b/test/helpers/predefined_dhparams.h
+++ openssl-3.2.4/test/helpers/predefined_dhparams.h
@@ -12,6 +12,7 @@
 #ifndef OPENSSL_NO_DH
 EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
@ -294,27 +294,27 @@ index f0e8709062..2ff6d6e721 100644
 EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct);
 EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
 EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx);
-diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+Index: openssl-3.2.4/test/recipes/80-test_cms.t
-index 2a459856f0..afac836fa3 100644
+===================================================================
--- a/test/recipes/80-test_cms.t
+--- openssl-3.2.4.orig/test/recipes/80-test_cms.t
-+++ b/test/recipes/80-test_cms.t
+++ openssl-3.2.4/test/recipes/80-test_cms.t
-@@ -627,10 +627,10 @@ my @smime_cms_param_tests = (
+@@ -647,10 +647,10 @@ if ($no_fips || $old_fips) {
-     ],
+     # Only SHA1 supported in dh_cms_encrypt()
- 
+     push(@smime_cms_param_tests,
-     [ "enveloped content test streaming S/MIME format, X9.42 DH",
+          [ "enveloped content test streaming S/MIME format, X9.42 DH",
-      [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
+-           [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
-+      [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
+           [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
-         "-stream", "-out", "{output}.cms",
+              "-stream", "-out", "{output}.cms",
-         "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
+              "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
-      [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
+-           [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
-+      [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
+           [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
-         "-in", "{output}.cms", "-out", "{output}.txt" ],
+              "-in", "{output}.cms", "-out", "{output}.txt" ],
-       \&final_compare
+            \&final_compare
-     ]
+          ]
-diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
+Index: openssl-3.2.4/test/recipes/80-test_ssl_old.t
-index 527abcea6e..e1d38b1e62 100644
+===================================================================
--- a/test/recipes/80-test_ssl_old.t
+--- openssl-3.2.4.orig/test/recipes/80-test_ssl_old.t
-+++ b/test/recipes/80-test_ssl_old.t
+++ openssl-3.2.4/test/recipes/80-test_ssl_old.t
@@ -390,6 +390,9 @@ sub testssl {
             skip "skipping dhe1024dsa test", 1
                 if ($no_dh);
@ -325,6 +325,3 @@ index 527abcea6e..e1d38b1e62 100644
             ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
                'test sslv2/sslv3 with 1024bit DHE via BIO pair');
           }
 -- 
 2.41.0
--- a/openssl-FIPS-RSA-encapsulate.patch
+++ b/openssl-FIPS-RSA-encapsulate.patch
@ -9,15 +9,14 @@ Patch-id: 91
 providers/implementations/kem/rsa_kem.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
-diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
+Index: openssl-3.2.4/providers/implementations/kem/rsa_kem.c
-index 365ae3d7d6..8a6f585d0b 100644
+===================================================================
--- a/providers/implementations/kem/rsa_kem.c
+--- openssl-3.2.4.orig/providers/implementations/kem/rsa_kem.c
-+++ b/providers/implementations/kem/rsa_kem.c
+++ openssl-3.2.4/providers/implementations/kem/rsa_kem.c
-@@ -265,6 +265,14 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
+@@ -276,6 +276,13 @@ static int rsasve_generate(PROV_RSA_CTX
-             *secretlen = nlen;
+         return 0;
         return 1;
     }
-+
+ 
 +#ifdef FIPS_MODULE
 +    if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
 +        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
@ -28,7 +27,7 @@ index 365ae3d7d6..8a6f585d0b 100644
     /*
      * Step (2): Generate a random byte string z of nlen bytes where
      *            1 < z < n - 1
-@@ -308,6 +316,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
+@@ -337,6 +344,13 @@ static int rsasve_recover(PROV_RSA_CTX *
         return 1;
     }
@ -39,9 +38,6 @@ index 365ae3d7d6..8a6f585d0b 100644
 +    }
 +#endif
 +
-     /* Step (2): check the input ciphertext 'inlen' matches the nlen */
+     /*
-     if (inlen != nlen) {
+      * Step (2): check the input ciphertext 'inlen' matches the nlen
-         ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
+      * and that outlen is at least nlen bytes
 -- 
 2.41.0
--- a/openssl-disable-fipsinstall.patch
+++ b/openssl-disable-fipsinstall.patch
@ -17,11 +17,11 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
 doc/man7/OSSL_PROVIDER-FIPS.pod     |   1 -
 6 files changed, 10 insertions(+), 375 deletions(-)
-Index: openssl-3.1.4/apps/fipsinstall.c
+Index: openssl-3.2.4/apps/fipsinstall.c
 ===================================================================
--- openssl-3.1.4.orig/apps/fipsinstall.c
+--- openssl-3.2.4.orig/apps/fipsinstall.c
-+++ openssl-3.1.4/apps/fipsinstall.c
+++ openssl-3.2.4/apps/fipsinstall.c
-@@ -375,6 +375,9 @@ int fipsinstall_main(int argc, char **ar
+@@ -374,6 +374,9 @@ int fipsinstall_main(int argc, char **ar
     EVP_MAC *mac = NULL;
     CONF *conf = NULL;
@ -31,10 +31,10 @@ Index: openssl-3.1.4/apps/fipsinstall.c
     if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
         goto end;
-Index: openssl-3.1.4/doc/man1/openssl-fipsinstall.pod.in
+Index: openssl-3.2.4/doc/man1/openssl-fipsinstall.pod.in
 ===================================================================
--- openssl-3.1.4.orig/doc/man1/openssl-fipsinstall.pod.in
+--- openssl-3.2.4.orig/doc/man1/openssl-fipsinstall.pod.in
-+++ openssl-3.1.4/doc/man1/openssl-fipsinstall.pod.in
+++ openssl-3.2.4/doc/man1/openssl-fipsinstall.pod.in
@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS confi
 =head1 SYNOPSIS
@ -312,13 +312,13 @@ Index: openssl-3.1.4/doc/man1/openssl-fipsinstall.pod.in
 +Please consult the SUSE/openSUSE documentation to learn how to correctly
 +enable FIPS mode.
- =head1 COPYRIGHT
+ =head1 HISTORY
-Index: openssl-3.1.4/doc/man1/openssl.pod
+Index: openssl-3.2.4/doc/man1/openssl.pod
 ===================================================================
--- openssl-3.1.4.orig/doc/man1/openssl.pod
+--- openssl-3.2.4.orig/doc/man1/openssl.pod
-+++ openssl-3.1.4/doc/man1/openssl.pod
+++ openssl-3.2.4/doc/man1/openssl.pod
-@@ -135,10 +135,6 @@ Engine (loadable module) information and
+@@ -137,10 +137,6 @@ Engine (loadable module) information and
 Error Number to Error String Conversion.
@ -329,10 +329,10 @@ Index: openssl-3.1.4/doc/man1/openssl.pod
 =item B<gendsa>
 Generation of DSA Private Key from Parameters. Superseded by
-Index: openssl-3.1.4/doc/man5/config.pod
+Index: openssl-3.2.4/doc/man5/config.pod
 ===================================================================
--- openssl-3.1.4.orig/doc/man5/config.pod
+--- openssl-3.2.4.orig/doc/man5/config.pod
-+++ openssl-3.1.4/doc/man5/config.pod
+++ openssl-3.2.4/doc/man5/config.pod
@@ -565,7 +565,6 @@ configuration files using that syntax wi
 =head1 SEE ALSO
@ -341,10 +341,10 @@ Index: openssl-3.1.4/doc/man5/config.pod
 L<ASN1_generate_nconf(3)>,
 L<EVP_set_default_properties(3)>,
 L<CONF_modules_load(3)>,
-Index: openssl-3.1.4/doc/man5/fips_config.pod
+Index: openssl-3.2.4/doc/man5/fips_config.pod
 ===================================================================
--- openssl-3.1.4.orig/doc/man5/fips_config.pod
+--- openssl-3.2.4.orig/doc/man5/fips_config.pod
-+++ openssl-3.1.4/doc/man5/fips_config.pod
+++ openssl-3.2.4/doc/man5/fips_config.pod
@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration
 =head1 DESCRIPTION
@ -456,11 +456,11 @@ Index: openssl-3.1.4/doc/man5/fips_config.pod
 =head1 HISTORY
-Index: openssl-3.1.4/doc/man7/OSSL_PROVIDER-FIPS.pod
+Index: openssl-3.2.4/doc/man7/OSSL_PROVIDER-FIPS.pod
 ===================================================================
--- openssl-3.1.4.orig/doc/man7/OSSL_PROVIDER-FIPS.pod
+--- openssl-3.2.4.orig/doc/man7/OSSL_PROVIDER-FIPS.pod
-+++ openssl-3.1.4/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ openssl-3.2.4/doc/man7/OSSL_PROVIDER-FIPS.pod
-@@ -455,7 +455,6 @@ want to operate in a FIPS approved manne
+@@ -489,7 +489,6 @@ want to operate in a FIPS approved manne
 =head1 SEE ALSO