From ef5bb361572f182ce82f59e73f95927bdbb46990 Mon Sep 17 00:00:00 2001
From: Raven <raven@sysadmins.ws>
Date: Sun, 25 Aug 2024 08:56:30 +0600
Subject: [PATCH] openssl3: 3.0.14

---
 ...1-Support-different-R_BITS-lengths-for-KBKDF.patch |  5 +++--
 base/openssl3/0060-FIPS-KAT-signature-tests.patch     | 11 ++++++-----
 .../0078-Add-FIPS-indicator-parameter-to-HKDF.patch   | 10 +++++-----
 base/openssl3/openssl3.spec                           |  5 ++++-
 4 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/base/openssl3/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/base/openssl3/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
index c240628..f914ae2 100644
--- a/base/openssl3/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
+++ b/base/openssl3/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
@@ -275,16 +275,17 @@ diff --git a/test/evp_test.c b/test/evp_test.c
 index 70996195f0cb..6ae862b04403 100644
 --- a/test/evp_test.c
 +++ b/test/evp_test.c
-@@ -2639,6 +2639,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
-         TEST_info("skipping, '%s' is disabled", p);
+@@ -2800,6 +2800,13 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
          t->skip = 1;
      }
+ 
 +    if (p != NULL
 +        && (strcmp(name, "mac") == 0)
 +        && is_mac_disabled(p)) {
 +        TEST_info("skipping, '%s' is disabled", p);
 +        t->skip = 1;
 +    }
++
      OPENSSL_free(name);
      return 1;
  }
diff --git a/base/openssl3/0060-FIPS-KAT-signature-tests.patch b/base/openssl3/0060-FIPS-KAT-signature-tests.patch
index c376fa3..639194a 100644
--- a/base/openssl3/0060-FIPS-KAT-signature-tests.patch
+++ b/base/openssl3/0060-FIPS-KAT-signature-tests.patch
@@ -56,7 +56,7 @@ diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/c
  #define MIN_ECDSA_SIGN_ORDERBITS 64
  /*
   * It is highly unlikely that a retry will happen,
-@@ -137,6 +141,12 @@
+@@ -142,6 +146,12 @@
          goto err;
  
      do {
@@ -69,16 +69,17 @@ diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/c
          /* get random k */
          do {
              if (dgst != NULL) {
-@@ -152,6 +162,9 @@
-                 }
+@@ -158,6 +168,10 @@
              }
-         } while (BN_is_zero(k));
+         } while (ossl_bn_is_word_fixed_top(k, 0));
+ 
 +#ifdef FIPS_MODULE
 +        }
 +#endif
- 
++
          /* compute r the x-coordinate of generator * k */
          if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
+             ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
 diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c
 --- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature	2022-04-04 13:48:52.231172299 +0200
 +++ openssl-3.0.1/crypto/ec/ec_key.c	2022-04-04 14:00:35.077368605 +0200
diff --git a/base/openssl3/0078-Add-FIPS-indicator-parameter-to-HKDF.patch b/base/openssl3/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
index 31e3c7d..7a80b13 100644
--- a/base/openssl3/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
+++ b/base/openssl3/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
@@ -47,9 +47,9 @@ diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/k
 index afdb7138e1..9d28d292d8 100644
 --- a/providers/implementations/kdfs/hkdf.c
 +++ b/providers/implementations/kdfs/hkdf.c
-@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
-             return 0;
-         return OSSL_PARAM_set_size_t(p, sz);
+@@ -347,6 +347,56 @@
+         }
+         return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len);
      }
 +
 +#ifdef FIPS_MODULE
@@ -104,10 +104,10 @@ index afdb7138e1..9d28d292d8 100644
      return -2;
  }
  
-@@ -306,6 +356,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
- {
+@@ -356,6 +406,9 @@
      static const OSSL_PARAM known_gettable_ctx_params[] = {
          OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
+         OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
 +#ifdef FIPS_MODULE
 +        OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL),
 +#endif /* defined(FIPS_MODULE) */
diff --git a/base/openssl3/openssl3.spec b/base/openssl3/openssl3.spec
index 8d5162b..885f221 100644
--- a/base/openssl3/openssl3.spec
+++ b/base/openssl3/openssl3.spec
@@ -20,7 +20,7 @@
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl3
-Version: 3.0.13
+Version: 3.0.14
 Release: 1%{?dist}
 Epoch: 1
 
@@ -541,6 +541,9 @@ rm -f %{buildroot}%{_bindir}/{make,renew}-dummy-cert
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri Jun  7 2024 Raven <raven@sysadmins.ws> - 1:3.0.14-1
+- update to 3.0.14
+
 * Tue Feb  6 2024 Raven <raven@sysadmins.ws> - 1:3.0.13-1
 - update to 3.0.13