Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openssl-3 for openSUSE:Factory checked in at 2025-09-18 21:07:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-3 (Old) and /work/SRC/openSUSE:Factory/.openssl-3.new.27445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-3" Thu Sep 18 21:07:54 2025 rev:46 rq:1305335 version:3.5.3 Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-3/openssl-3.changes 2025-08-09 19:57:13.887767481 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-3.new.27445/openssl-3.changes 2025-09-18 21:07:56.680564665 +0200 @@ -1,0 +2,11 @@ +Wed Sep 17 00:56:31 UTC 2025 - Lucas Mulling <[email protected]> + +- Update to 3.5.3: + * Added FIPS 140-3 PCT on DH key generation. + * Fixed the synthesised OPENSSL_VERSION_NUMBER. +- Rebase patches: + * openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch + * openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch + * openssl-FIPS-limit-rsa-encrypt.patch + +------------------------------------------------------------------- Old: ---- openssl-3.5.2.tar.gz openssl-3.5.2.tar.gz.asc New: ---- openssl-3.5.3.tar.gz openssl-3.5.3.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-3.spec ++++++ --- /var/tmp/diff_new_pack.y74TVL/_old 2025-09-18 21:07:58.460639085 +0200 +++ /var/tmp/diff_new_pack.y74TVL/_new 2025-09-18 21:07:58.460639085 +0200 @@ -38,7 +38,7 @@ %define livepatchable 1 Name: openssl-3 -Version: 3.5.2 +Version: 3.5.3 Release: 0 Summary: Secure Sockets and Transport Layer Security License: Apache-2.0 ++++++ openssl-3.5.2.tar.gz -> openssl-3.5.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/openssl-3/openssl-3.5.2.tar.gz /work/SRC/openSUSE:Factory/.openssl-3.new.27445/openssl-3.5.3.tar.gz differ: char 23, line 1 ++++++ openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch ++++++ --- /var/tmp/diff_new_pack.y74TVL/_old 2025-09-18 21:07:58.600644939 +0200 +++ /var/tmp/diff_new_pack.y74TVL/_new 2025-09-18 21:07:58.604645106 +0200 @@ -38,10 +38,10 @@ test/recipes/80-test_ssl_old.t | 3 + 11 files changed, 116 insertions(+), 18 deletions(-) -Index: openssl-3.5.0-beta1/crypto/dh/dh_backend.c +Index: openssl-3.5.3/crypto/dh/dh_backend.c =================================================================== ---- openssl-3.5.0-beta1.orig/crypto/dh/dh_backend.c -+++ openssl-3.5.0-beta1/crypto/dh/dh_backend.c +--- openssl-3.5.3.orig/crypto/dh/dh_backend.c ++++ openssl-3.5.3/crypto/dh/dh_backend.c @@ -47,6 +47,16 @@ int ossl_dh_params_fromdata(DH *dh, cons if (!dh_ffc_params_fromdata(dh, params)) return 0; @@ -59,11 +59,11 @@ param_priv_len = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); if (param_priv_len != NULL -Index: openssl-3.5.0-beta1/crypto/dh/dh_check.c +Index: openssl-3.5.3/crypto/dh/dh_check.c =================================================================== ---- openssl-3.5.0-beta1.orig/crypto/dh/dh_check.c -+++ openssl-3.5.0-beta1/crypto/dh/dh_check.c -@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *r +--- openssl-3.5.3.orig/crypto/dh/dh_check.c ++++ openssl-3.5.3/crypto/dh/dh_check.c +@@ -58,13 +58,15 @@ int DH_check_params(const DH *dh, int *r nid = DH_get_nid((DH *)dh); if (nid != NID_undef) return 1; @@ -84,10 +84,10 @@ } #else int DH_check_params(const DH *dh, int *ret) -Index: openssl-3.5.0-beta1/crypto/dh/dh_gen.c +Index: openssl-3.5.3/crypto/dh/dh_gen.c =================================================================== ---- openssl-3.5.0-beta1.orig/crypto/dh/dh_gen.c -+++ openssl-3.5.0-beta1/crypto/dh/dh_gen.c +--- openssl-3.5.3.orig/crypto/dh/dh_gen.c ++++ openssl-3.5.3/crypto/dh/dh_gen.c @@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, BN_GENCB *cb) @@ -117,10 +117,10 @@ if (ret > 0) dh->dirty_cnt++; return ret; -Index: openssl-3.5.0-beta1/crypto/dh/dh_key.c +Index: openssl-3.5.3/crypto/dh/dh_key.c =================================================================== ---- openssl-3.5.0-beta1.orig/crypto/dh/dh_key.c -+++ openssl-3.5.0-beta1/crypto/dh/dh_key.c +--- openssl-3.5.3.orig/crypto/dh/dh_key.c ++++ openssl-3.5.3/crypto/dh/dh_key.c @@ -336,8 +336,12 @@ static int generate_key(DH *dh) goto err; } else { @@ -135,8 +135,8 @@ + goto err; #else if (dh->params.q == NULL) { - /* secret exponent length, must satisfy 2^(l-1) <= p */ -@@ -358,9 +362,7 @@ static int generate_key(DH *dh) + /* secret exponent length, must satisfy 2^l < (p-1)/2 */ +@@ -360,9 +364,7 @@ static int generate_key(DH *dh) if (!BN_clear_bit(priv_key, 0)) goto err; } @@ -147,7 +147,7 @@ /* Do a partial check for invalid p, q, g */ if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params, FFC_PARAM_TYPE_DH, NULL)) -@@ -376,6 +378,7 @@ static int generate_key(DH *dh) +@@ -378,6 +380,7 @@ static int generate_key(DH *dh) priv_key)) goto err; } @@ -155,10 +155,10 @@ } } -Index: openssl-3.5.0-beta1/crypto/dh/dh_pmeth.c +Index: openssl-3.5.3/crypto/dh/dh_pmeth.c =================================================================== ---- openssl-3.5.0-beta1.orig/crypto/dh/dh_pmeth.c -+++ openssl-3.5.0-beta1/crypto/dh/dh_pmeth.c +--- openssl-3.5.3.orig/crypto/dh/dh_pmeth.c ++++ openssl-3.5.3/crypto/dh/dh_pmeth.c @@ -303,13 +303,17 @@ static DH *ffc_params_generate(OSSL_LIB_ prime_len, subprime_len, &res, pcb); @@ -180,11 +180,11 @@ if (rv <= 0) { DH_free(ret); return NULL; -Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/dh_kmgmt.c +Index: openssl-3.5.3/providers/implementations/keymgmt/dh_kmgmt.c =================================================================== ---- openssl-3.5.0-beta1.orig/providers/implementations/keymgmt/dh_kmgmt.c -+++ openssl-3.5.0-beta1/providers/implementations/keymgmt/dh_kmgmt.c -@@ -420,6 +420,11 @@ static int dh_validate(const void *keyda +--- openssl-3.5.3.orig/providers/implementations/keymgmt/dh_kmgmt.c ++++ openssl-3.5.3/providers/implementations/keymgmt/dh_kmgmt.c +@@ -422,6 +422,11 @@ static int dh_validate(const void *keyda if ((selection & DH_POSSIBLE_SELECTIONS) == 0) return 1; /* nothing to validate */ @@ -196,10 +196,10 @@ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { /* * Both of these functions check parameters. DH_check_params_ex() -Index: openssl-3.5.0-beta1/test/endecode_test.c +Index: openssl-3.5.3/test/endecode_test.c =================================================================== ---- openssl-3.5.0-beta1.orig/test/endecode_test.c -+++ openssl-3.5.0-beta1/test/endecode_test.c +--- openssl-3.5.3.orig/test/endecode_test.c ++++ openssl-3.5.3/test/endecode_test.c @@ -85,10 +85,10 @@ static EVP_PKEY *make_template(const cha * for testing only. Use a minimum key size of 2048 for security purposes. */ @@ -213,10 +213,10 @@ # endif /* -Index: openssl-3.5.0-beta1/test/evp_libctx_test.c +Index: openssl-3.5.3/test/evp_libctx_test.c =================================================================== ---- openssl-3.5.0-beta1.orig/test/evp_libctx_test.c -+++ openssl-3.5.0-beta1/test/evp_libctx_test.c +--- openssl-3.5.3.orig/test/evp_libctx_test.c ++++ openssl-3.5.3/test/evp_libctx_test.c @@ -222,7 +222,7 @@ static int do_dh_param_keygen(int tstid, if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) @@ -226,10 +226,10 @@ goto err; if (expected) { -Index: openssl-3.5.0-beta1/test/helpers/predefined_dhparams.c +Index: openssl-3.5.3/test/helpers/predefined_dhparams.c =================================================================== ---- openssl-3.5.0-beta1.orig/test/helpers/predefined_dhparams.c -+++ openssl-3.5.0-beta1/test/helpers/predefined_dhparams.c +--- openssl-3.5.3.orig/test/helpers/predefined_dhparams.c ++++ openssl-3.5.3/test/helpers/predefined_dhparams.c @@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libct dhx512_q, sizeof(dhx512_q)); } @@ -299,10 +299,10 @@ EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx) { static unsigned char dh1024_p[] = { -Index: openssl-3.5.0-beta1/test/helpers/predefined_dhparams.h +Index: openssl-3.5.3/test/helpers/predefined_dhparams.h =================================================================== ---- openssl-3.5.0-beta1.orig/test/helpers/predefined_dhparams.h -+++ openssl-3.5.0-beta1/test/helpers/predefined_dhparams.h +--- openssl-3.5.3.orig/test/helpers/predefined_dhparams.h ++++ openssl-3.5.3/test/helpers/predefined_dhparams.h @@ -12,6 +12,7 @@ #ifndef OPENSSL_NO_DH EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx); @@ -311,10 +311,10 @@ EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct); EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx); EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx); -Index: openssl-3.5.0-beta1/test/recipes/80-test_ssl_old.t +Index: openssl-3.5.3/test/recipes/80-test_ssl_old.t =================================================================== ---- openssl-3.5.0-beta1.orig/test/recipes/80-test_ssl_old.t -+++ openssl-3.5.0-beta1/test/recipes/80-test_ssl_old.t +--- openssl-3.5.3.orig/test/recipes/80-test_ssl_old.t ++++ openssl-3.5.3/test/recipes/80-test_ssl_old.t @@ -458,6 +458,9 @@ sub testssl { skip "skipping dhe1024dsa test", 1 if ($no_dh); ++++++ openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch ++++++ --- /var/tmp/diff_new_pack.y74TVL/_old 2025-09-18 21:07:58.628646109 +0200 +++ /var/tmp/diff_new_pack.y74TVL/_new 2025-09-18 21:07:58.632646277 +0200 @@ -1,7 +1,7 @@ -Index: openssl-3.5.0/providers/implementations/signature/dsa_sig.c +Index: openssl-3.5.3/providers/implementations/signature/dsa_sig.c =================================================================== ---- openssl-3.5.0.orig/providers/implementations/signature/dsa_sig.c -+++ openssl-3.5.0/providers/implementations/signature/dsa_sig.c +--- openssl-3.5.3.orig/providers/implementations/signature/dsa_sig.c ++++ openssl-3.5.3/providers/implementations/signature/dsa_sig.c @@ -187,9 +187,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct } #ifdef FIPS_MODULE @@ -13,10 +13,10 @@ if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, -Index: openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c +Index: openssl-3.5.3/providers/implementations/signature/ecdsa_sig.c =================================================================== ---- openssl-3.5.0.orig/providers/implementations/signature/ecdsa_sig.c -+++ openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c +--- openssl-3.5.3.orig/providers/implementations/signature/ecdsa_sig.c ++++ openssl-3.5.3/providers/implementations/signature/ecdsa_sig.c @@ -215,9 +215,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX #ifdef FIPS_MODULE @@ -28,10 +28,10 @@ if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, -Index: openssl-3.5.0/providers/implementations/signature/rsa_sig.c +Index: openssl-3.5.3/providers/implementations/signature/rsa_sig.c =================================================================== ---- openssl-3.5.0.orig/providers/implementations/signature/rsa_sig.c -+++ openssl-3.5.0/providers/implementations/signature/rsa_sig.c +--- openssl-3.5.3.orig/providers/implementations/signature/rsa_sig.c ++++ openssl-3.5.3/providers/implementations/signature/rsa_sig.c @@ -407,9 +407,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ct } #ifdef FIPS_MODULE @@ -59,10 +59,10 @@ } if (pmgf1mdname != NULL -Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_ecdsa.txt =================================================================== ---- openssl-3.5.0.orig/test/recipes/30-test_evp_data/evppkey_ecdsa.txt -+++ openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ++++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC Title = ECDSA tests @@ -133,12 +133,12 @@ -Result = KEYOP_MISMATCH +Result = PKEY_CTRL_ERROR - Title = XOF disallowed - -Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt + FIPSversion = >=3.6.0 + Sign = P-256 +Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt =================================================================== ---- openssl-3.5.0.orig/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt -+++ openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt +--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt ++++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt @@ -37,34 +37,34 @@ PrivPubKeyPair = P-256:P-256-PUBLIC Title = ECDSA tests @@ -260,10 +260,10 @@ Input = "0123456789ABCDEF1234" -Result = KEYOP_MISMATCH +Result = KEYOP_INIT_ERROR -Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt =================================================================== ---- openssl-3.5.0.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -+++ openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ++++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt @@ -96,6 +96,7 @@ NDL6WCBbets= Title = RSA tests @@ -616,10 +616,10 @@ Availablein = fips FIPSversion = >=3.4.0 -Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa.txt +Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa.txt =================================================================== ---- openssl-3.5.0.orig/test/recipes/30-test_evp_data/evppkey_rsa.txt -+++ openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa.txt +--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_rsa.txt ++++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa.txt @@ -268,8 +268,8 @@ TwIDAQAB PrivPubKeyPair = RSA-PSS:RSA-PSS-DEFAULT @@ -933,11 +933,11 @@ Verify=RSA-PSS-8 Ctrl = rsa_padding_mode:pss Ctrl = rsa_mgf1_md:sha1 -Index: openssl-3.5.0/test/recipes/80-test_cms.t +Index: openssl-3.5.3/test/recipes/80-test_cms.t =================================================================== ---- openssl-3.5.0.orig/test/recipes/80-test_cms.t -+++ openssl-3.5.0/test/recipes/80-test_cms.t -@@ -174,7 +174,7 @@ my @smime_pkcs7_tests = ( +--- openssl-3.5.3.orig/test/recipes/80-test_cms.t ++++ openssl-3.5.3/test/recipes/80-test_cms.t +@@ -183,7 +183,7 @@ my @smime_pkcs7_tests = ( [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1", "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -946,7 +946,7 @@ "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], -@@ -182,7 +182,7 @@ my @smime_pkcs7_tests = ( +@@ -191,7 +191,7 @@ my @smime_pkcs7_tests = ( [ "signed zero-length content S/MIME format, RSA key SHA1", [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1", "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -955,10 +955,10 @@ "-CAfile", $smroot, "-out", "{output}.txt" ], \&zero_compare ], -Index: openssl-3.5.0/test/recipes/80-test_ssl_old.t +Index: openssl-3.5.3/test/recipes/80-test_ssl_old.t =================================================================== ---- openssl-3.5.0.orig/test/recipes/80-test_ssl_old.t -+++ openssl-3.5.0/test/recipes/80-test_ssl_old.t +--- openssl-3.5.3.orig/test/recipes/80-test_ssl_old.t ++++ openssl-3.5.3/test/recipes/80-test_ssl_old.t @@ -465,6 +465,9 @@ sub testssl { 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); } @@ -977,10 +977,10 @@ SKIP: { skip "No IPv4 available on this machine", 4 -Index: openssl-3.5.0/apps/openssl.cnf +Index: openssl-3.5.3/apps/openssl.cnf =================================================================== ---- openssl-3.5.0.orig/apps/openssl.cnf -+++ openssl-3.5.0/apps/openssl.cnf +--- openssl-3.5.3.orig/apps/openssl.cnf ++++ openssl-3.5.3/apps/openssl.cnf @@ -119,7 +119,7 @@ cert_opt = ca_default # Certificate fi default_days = 365 # how long to certify for ++++++ openssl-FIPS-limit-rsa-encrypt.patch ++++++ --- /var/tmp/diff_new_pack.y74TVL/_old 2025-09-18 21:07:58.704649287 +0200 +++ /var/tmp/diff_new_pack.y74TVL/_new 2025-09-18 21:07:58.708649454 +0200 @@ -18,10 +18,10 @@ 6 files changed, 164 insertions(+), 43 deletions(-) mode change 100644 => 100755 test/recipes/80-test_ssl_old.t -Index: openssl-3.5.0-beta1/providers/common/securitycheck.c +Index: openssl-3.5.3/providers/common/securitycheck.c =================================================================== ---- openssl-3.5.0-beta1.orig/providers/common/securitycheck.c -+++ openssl-3.5.0-beta1/providers/common/securitycheck.c +--- openssl-3.5.3.orig/providers/common/securitycheck.c ++++ openssl-3.5.3/providers/common/securitycheck.c @@ -64,6 +64,7 @@ int ossl_rsa_key_op_get_protect(const RS * Set protect = 1 for encryption or signing operations, or 0 otherwise. See * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. @@ -30,10 +30,10 @@ int ossl_rsa_check_key_size(const RSA *rsa, int protect) { int sz = RSA_bits(rsa); -Index: openssl-3.5.0-beta1/providers/fips/include/fips_indicator_params.inc +Index: openssl-3.5.3/providers/fips/include/fips_indicator_params.inc =================================================================== ---- openssl-3.5.0-beta1.orig/providers/fips/include/fips_indicator_params.inc -+++ openssl-3.5.0-beta1/providers/fips/include/fips_indicator_params.inc +--- openssl-3.5.3.orig/providers/fips/include/fips_indicator_params.inc ++++ openssl-3.5.3/providers/fips/include/fips_indicator_params.inc @@ -13,7 +13,7 @@ OSSL_FIPS_PARAM(sskdf_digest_check, SSKD OSSL_FIPS_PARAM(x963kdf_digest_check, X963KDF_DIGEST_CHECK, 0) OSSL_FIPS_PARAM(dsa_sign_disallowed, DSA_SIGN_DISABLED, 0) @@ -43,13 +43,13 @@ OSSL_FIPS_PARAM(rsa_pss_saltlen_check, RSA_PSS_SALTLEN_CHECK, 0) OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 0) OSSL_FIPS_PARAM(hkdf_key_check, HKDF_KEY_CHECK, 0) -Index: openssl-3.5.0-beta1/providers/implementations/asymciphers/rsa_enc.c +Index: openssl-3.5.3/providers/implementations/asymciphers/rsa_enc.c =================================================================== ---- openssl-3.5.0-beta1.orig/providers/implementations/asymciphers/rsa_enc.c -+++ openssl-3.5.0-beta1/providers/implementations/asymciphers/rsa_enc.c -@@ -168,6 +168,18 @@ static int rsa_encrypt(void *vprsactx, u +--- openssl-3.5.3.orig/providers/implementations/asymciphers/rsa_enc.c ++++ openssl-3.5.3/providers/implementations/asymciphers/rsa_enc.c +@@ -174,6 +174,18 @@ static int rsa_encrypt(void *vprsactx, u + return 0; } - #endif +# ifdef FIPS_MODULE + if (prsactx->pad_mode == RSA_NO_PADDING) { @@ -64,9 +64,9 @@ +# endif + if (out == NULL) { - size_t len = RSA_size(prsactx->rsa); - -@@ -230,6 +242,20 @@ static int rsa_decrypt(void *vprsactx, u + *outlen = len; + return 1; +@@ -235,6 +247,20 @@ static int rsa_decrypt(void *vprsactx, u if (!ossl_prov_is_running()) return 0; @@ -87,10 +87,10 @@ if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { if (out == NULL) { *outlen = SSL_MAX_MASTER_KEY_LENGTH; -Index: openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt =================================================================== ---- openssl-3.5.0-beta1.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -+++ openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ++++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt @@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974 Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef @@ -910,11 +910,11 @@ Decrypt=RSA-OAEP-9 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 -Index: openssl-3.5.0-beta1/test/recipes/80-test_cms.t +Index: openssl-3.5.3/test/recipes/80-test_cms.t =================================================================== ---- openssl-3.5.0-beta1.orig/test/recipes/80-test_cms.t -+++ openssl-3.5.0-beta1/test/recipes/80-test_cms.t -@@ -250,7 +250,7 @@ my @smime_pkcs7_tests = ( +--- openssl-3.5.3.orig/test/recipes/80-test_cms.t ++++ openssl-3.5.3/test/recipes/80-test_cms.t +@@ -267,7 +267,7 @@ my @smime_pkcs7_tests = ( if ($no_fips || $old_fips) { push(@smime_pkcs7_tests, @@ -923,7 +923,7 @@ [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-aes256", "-stream", "-out", "{output}.cms", $smrsa1, -@@ -1267,6 +1267,9 @@ sub check_availability { +@@ -1284,6 +1284,9 @@ sub check_availability { return "$tnam: skipped, DSA disabled\n" if ($no_dsa && $tnam =~ / DSA/); @@ -933,10 +933,10 @@ return ""; } -Index: openssl-3.5.0-beta1/test/recipes/80-test_ssl_old.t +Index: openssl-3.5.3/test/recipes/80-test_ssl_old.t =================================================================== ---- openssl-3.5.0-beta1.orig/test/recipes/80-test_ssl_old.t -+++ openssl-3.5.0-beta1/test/recipes/80-test_ssl_old.t +--- openssl-3.5.3.orig/test/recipes/80-test_ssl_old.t ++++ openssl-3.5.3/test/recipes/80-test_ssl_old.t @@ -561,6 +561,18 @@ sub testssl { # the default choice if TLSv1.3 enabled my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
