diff --git a/0002-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch
similarity index 100%
rename from 0002-Do-not-install-html-docs.patch
rename to 0003-Do-not-install-html-docs.patch
diff --git a/0003-apps-ca-fix-md-option-help-text.patch-DROP.patch b/0004-apps-ca-fix-md-option-help-text.patch-DROP.patch
similarity index 93%
rename from 0003-apps-ca-fix-md-option-help-text.patch-DROP.patch
rename to 0004-apps-ca-fix-md-option-help-text.patch-DROP.patch
index 7bc56da1242850417a74f359cc7eba8224975d33..f33e200873b8ac232bc91551d75b2306bbcccc80 100644
--- a/0003-apps-ca-fix-md-option-help-text.patch-DROP.patch
+++ b/0004-apps-ca-fix-md-option-help-text.patch-DROP.patch
@@ -1,7 +1,7 @@
From f2fcdc5171f0b3b0b94fe8b78b6282be078a4e81 Mon Sep 17 00:00:00 2001
From: rpm-build
Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 04/59] : apps ca fix md option help text.patch - DROP?
+Subject: [PATCH 04/59] RH: apps ca fix md option help text.patch - DROP?
Patch-name: 0005-apps-ca-fix-md-option-help-text.patch
Patch-id: 5
@@ -28,4 +28,3 @@ index 6d1d1c0a6e..a7553ba609 100644
--
2.51.0
-
diff --git a/0004-Disable-signature-verification-with-bad-digests-R.patch b/0005-Disable-signature-verification-with-bad-digests-R.patch
similarity index 93%
rename from 0004-Disable-signature-verification-with-bad-digests-R.patch
rename to 0005-Disable-signature-verification-with-bad-digests-R.patch
index 822663470e5e1d995000832a4fbf2ebdf00ae27a..df06d238a6ee59897094fa0b276a172b8e54ce9d 100644
--- a/0004-Disable-signature-verification-with-bad-digests-R.patch
+++ b/0005-Disable-signature-verification-with-bad-digests-R.patch
@@ -1,7 +1,7 @@
From c9f17bc73a099735c6e80dd67c93f23175771cb4 Mon Sep 17 00:00:00 2001
From: rpm-build
Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 05/59] : Disable signature verification with bad digests -
+Subject: [PATCH 05/59] RH: Disable signature verification with bad digests -
REVIEW
Patch-name: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
@@ -32,4 +32,3 @@ index f6cac80962..fbc6ce6e30 100644
--
2.51.0
-
diff --git a/0005-Add-FIPS_mode-compatibility-macro.patch b/0007-Add-FIPS_mode-compatibility-macro.patch
similarity index 97%
rename from 0005-Add-FIPS_mode-compatibility-macro.patch
rename to 0007-Add-FIPS_mode-compatibility-macro.patch
index 1c742202736a453b941b1f9db132984c5818d898..105fc0d892a630b353a71f074a8617ab40ad05a1 100644
--- a/0005-Add-FIPS_mode-compatibility-macro.patch
+++ b/0007-Add-FIPS_mode-compatibility-macro.patch
@@ -1,7 +1,7 @@
From fb2c952f82064d747dbecb6ce66365ae4cc03513 Mon Sep 17 00:00:00 2001
From: rpm-build
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 07/59] : Add FIPS_mode compatibility macro
+Subject: [PATCH 07/59] RH: Add FIPS_mode compatibility macro
Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
Patch-id: 8
@@ -81,4 +81,3 @@ index e62ff247c4..37489e4694 100644
--
2.51.0
-
diff --git a/0007-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch b/0008-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
similarity index 97%
rename from 0007-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
rename to 0008-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
index 24977edc226f0761afb3ecc5744b5160f45dd113..cefd4f0c51205cb5dbe619ae583dfff5881f0dd1 100644
--- a/0007-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
+++ b/0008-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
@@ -1,7 +1,7 @@
From 8d7abff29035508b6208b4742bfaaed42f78ac43 Mon Sep 17 00:00:00 2001
From: rpm-build
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 08/59] : Add Kernel FIPS mode flag support - FIXSTYLE
+Subject: [PATCH 08/59] RH: Add Kernel FIPS mode flag support - FIXSTYLE
Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch
Patch-id: 9
@@ -90,4 +90,3 @@ index 7d94346155..c0f1d00da9 100644
--
2.51.0
-
diff --git a/0008-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch b/0009-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
similarity index 99%
rename from 0008-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
rename to 0009-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
index d35b9f40a7e126432b528e09d069f87e651951f4..c28b18a9aa44b410a3bf35a20d9adb371088c138 100644
--- a/0008-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
+++ b/0009-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
@@ -1,7 +1,7 @@
From 5151c5a45d130075860256989b1f69694f840554 Mon Sep 17 00:00:00 2001
From: rpm-build
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 09/59] : Drop weak curve definitions - RENAMED/SQUASHED
+Subject: [PATCH 09/59] RH: Drop weak curve definitions - RENAMED/SQUASHED
Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch
Patch-id: 10
@@ -1427,4 +1427,3 @@ index e6a2c9eb59..861c01e177 100644
--
2.51.0
-
diff --git a/0009-Disable-explicit-ec-curves.patch b/0010-Disable-explicit-ec-curves.patch
similarity index 99%
rename from 0009-Disable-explicit-ec-curves.patch
rename to 0010-Disable-explicit-ec-curves.patch
index 8edb018d023884a38becc2520ba80269d8e3a2fe..21ce41f8aad2788de6e57658f59e576d0d9733db 100644
--- a/0009-Disable-explicit-ec-curves.patch
+++ b/0010-Disable-explicit-ec-curves.patch
@@ -1,7 +1,7 @@
From fdbbe15e433da8556076b84e7612ce5f53f3fa49 Mon Sep 17 00:00:00 2001
From: rpm-build
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 10/59] : Disable explicit ec curves
+Subject: [PATCH 10/59] RH: Disable explicit ec curves
Patch-name: 0012-Disable-explicit-ec.patch
Patch-id: 12
@@ -242,4 +242,3 @@ index 07dc4b4298..4c47fa68c2 100644
--
2.51.0
-
diff --git a/0010-skipped-tests-EC-curves.patch b/0011-skipped-tests-EC-curves.patch
similarity index 98%
rename from 0010-skipped-tests-EC-curves.patch
rename to 0011-skipped-tests-EC-curves.patch
index efc74af39521fe705498062a5dd5b8f555dbd7eb..b3547c8b625bdc6a9971b94858750689c6477fae 100644
--- a/0010-skipped-tests-EC-curves.patch
+++ b/0011-skipped-tests-EC-curves.patch
@@ -1,7 +1,7 @@
From 4a0a6c5cc9560438cab41e65948b6da9e63d1123 Mon Sep 17 00:00:00 2001
From: rpm-build
Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 11/59] : skipped tests EC curves
+Subject: [PATCH 11/59] RH: skipped tests EC curves
Patch-name: 0013-skipped-tests-EC-curves.patch
Patch-id: 13
@@ -80,4 +80,3 @@ index f722800e27..26a01786bb 100644
--
2.51.0
-
diff --git a/0011-skip-quic-pairwise.patch b/0012-skip-quic-pairwise.patch
similarity index 98%
rename from 0011-skip-quic-pairwise.patch
rename to 0012-skip-quic-pairwise.patch
index c0079fb006fa6e9e31b7e9acc5d3df842f5e6caf..84dd7ec18b99559eb43bd4781322dd94182cd20c 100644
--- a/0011-skip-quic-pairwise.patch
+++ b/0012-skip-quic-pairwise.patch
@@ -1,7 +1,7 @@
From 82c0d773649909ec1883d43e423f886d6424b9af Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy
Date: Thu, 7 Mar 2024 17:37:09 +0100
-Subject: [PATCH 12/59] : skip quic pairwise
+Subject: [PATCH 12/59] RH: skip quic pairwise
Patch-name: 0115-skip-quic-pairwise.patch
Patch-id: 115
@@ -84,4 +84,3 @@ index eaf0dbbb42..21864ad319 100644
--
2.51.0
-
diff --git a/0012-version-aliasing.patch b/0013-version-aliasing.patch
similarity index 98%
rename from 0012-version-aliasing.patch
rename to 0013-version-aliasing.patch
index 44f16c3856b67232760689bbe1878080266add5d..719de7f15b9ec4c9cfc9c077726641bd94531d72 100644
--- a/0012-version-aliasing.patch
+++ b/0013-version-aliasing.patch
@@ -1,7 +1,7 @@
From 4fb5c4b21a8052f87e02c941c6e7a0e6f0d9384c Mon Sep 17 00:00:00 2001
From: rpm-build
Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 13/59] : version aliasing
+Subject: [PATCH 13/59] RH: version aliasing
Patch-name: 0116-version-aliasing.patch
Patch-id: 116
@@ -81,4 +81,3 @@ index ceb4948839..eab3987a6b 100644
--
2.51.0
-
diff --git a/0014-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch b/0014-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
new file mode 100644
index 0000000000000000000000000000000000000000..14e686d87a08f8f6bd0d4bedb282d8dfcb52e0cd
--- /dev/null
+++ b/0014-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
@@ -0,0 +1,108 @@
+From 104697d613232de6a96c2c8323eac721c19dbaa2 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Thu, 13 Feb 2025 16:09:09 -0500
+Subject: [PATCH 14/59] RH: Export two symbols for OPENSSL_str[n]casecmp
+
+We accidentally exported the symbols with the incorrect verison number
+in an early version of RHEL-9 so we need to keep the wrong symbols for
+ABI backwards compatibility and the correct symbols to be compatible
+with upstream.
+---
+ crypto/evp/digest.c | 2 +-
+ crypto/evp/evp_enc.c | 2 +-
+ crypto/o_str.c | 14 ++++++++++++--
+ test/recipes/01-test_symbol_presence.t | 2 +-
+ util/libcrypto.num | 2 ++
+ 5 files changed, 17 insertions(+), 5 deletions(-)
+ mode change 100644 => 100755 test/recipes/01-test_symbol_presence.t
+
+diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
+index 3c80b9dfe1..8ee9db73dd 100644
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -573,7 +573,7 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
+ }
+
+ EVP_MD_CTX
+-#if !defined(FIPS_MODULE)
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
+ __attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"),
+ symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
+ #endif
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index 7c51786515..619cf4f385 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -1763,7 +1763,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+ }
+
+ EVP_CIPHER_CTX
+-#if !defined(FIPS_MODULE)
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
+ __attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"),
+ symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
+ #endif
+diff --git a/crypto/o_str.c b/crypto/o_str.c
+index 93af73561f..86442a939e 100644
+--- a/crypto/o_str.c
++++ b/crypto/o_str.c
+@@ -403,7 +403,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+ #endif
+ }
+
+-int OPENSSL_strcasecmp(const char *s1, const char *s2)
++int
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
++ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strcasecmp(const char *s1, const char *s2)
+ {
+ int t;
+
+@@ -413,7 +418,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2)
+ return t;
+ }
+
+-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
++int
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
++ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
+ {
+ int t;
+ size_t i;
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+old mode 100644
+new mode 100755
+index cc947d4821..de2dcd90c2
+--- a/test/recipes/01-test_symbol_presence.t
++++ b/test/recipes/01-test_symbol_presence.t
+@@ -186,7 +186,7 @@ foreach (sort keys %stlibname) {
+ }
+ }
+ my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;
+-@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates;
++@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") && ($_ ne "OPENSSL_strcasecmp") && ($_ ne "OPENSSL_strncasecmp")} @duplicates;
+ if (@duplicates) {
+ note "Duplicates:";
+ note join('\n', @duplicates);
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index eab3987a6b..d377d542db 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5426,7 +5426,9 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
+ EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
+ EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
+ OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
+ OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
+ EVP_RAND_CTX_up_ref 5558 3_1_0 EXIST::FUNCTION:
+ RAND_set0_public 5559 3_1_0 EXIST::FUNCTION:
+ RAND_set0_private 5560 3_1_0 EXIST::FUNCTION:
+--
+2.51.0
+
diff --git a/0015-TMP-KTLS-test-skip.patch b/0015-TMP-KTLS-test-skip.patch
new file mode 100644
index 0000000000000000000000000000000000000000..747eb81a888390fda7dcea75d193d716fb823c90
--- /dev/null
+++ b/0015-TMP-KTLS-test-skip.patch
@@ -0,0 +1,30 @@
+From 10e7b2643772ca1c4ee069a625754bfeb971d965 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Thu, 13 Feb 2025 18:11:19 -0500
+Subject: [PATCH 15/59] RH: TMP KTLS test skip
+
+From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9
+---
+ test/sslapitest.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index fbe284b9ff..05c5ab256f 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -1033,9 +1033,10 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
+ /* sock must be connected */
+ static int ktls_chk_platform(int sock)
+ {
+- if (!ktls_enable(sock))
++/* if (!ktls_enable(sock))
+ return 0;
+- return 1;
++ return 1; */
++ return 0;
+ }
+
+ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
+--
+2.51.0
+
diff --git a/0013-Allow-disabling-of-SHA1-signatures.patch b/0016-Allow-disabling-of-SHA1-signatures.patch
similarity index 99%
rename from 0013-Allow-disabling-of-SHA1-signatures.patch
rename to 0016-Allow-disabling-of-SHA1-signatures.patch
index f3444795597ace814a3bd61aefb9dcc8a5ad0727..6fa8bf724d13a9c7856cb63f2bf2d87778988dc8 100644
--- a/0013-Allow-disabling-of-SHA1-signatures.patch
+++ b/0016-Allow-disabling-of-SHA1-signatures.patch
@@ -1,7 +1,7 @@
From 6d93803492f19eeeed8cafd4948badf85a7429c4 Mon Sep 17 00:00:00 2001
-From: rpm-build
+From: Dmitry Belyavskiy
Date: Mon, 21 Aug 2023 13:07:07 +0200
-Subject: [PATCH 16/59] : Allow disabling of SHA1 signatures
+Subject: [PATCH 16/59] RH: Allow disabling of SHA1 signatures
Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch
Patch-id: 49
@@ -488,4 +488,3 @@ index d377d542db..c2c55129ae 100644
--
2.51.0
-
diff --git a/0014-FIPS-disable-fipsinstall.patch b/0018-FIPS-disable-fipsinstall.patch
similarity index 99%
rename from 0014-FIPS-disable-fipsinstall.patch
rename to 0018-FIPS-disable-fipsinstall.patch
index 9f35fe3a3ca80fb420441eb9153d8e90d3293e9f..68b00b9399dd3382f3a9f0a3f6c549de735602ba 100644
--- a/0014-FIPS-disable-fipsinstall.patch
+++ b/0018-FIPS-disable-fipsinstall.patch
@@ -858,4 +858,3 @@ index 3dcbe67c6d..1a5a475d91
--
2.51.0
-
diff --git a/0019-FIPS-Force-fips-provider-on.patch b/0019-FIPS-Force-fips-provider-on.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4ab1f7d2e607273f18f6415a4fab9507a5963a66
--- /dev/null
+++ b/0019-FIPS-Force-fips-provider-on.patch
@@ -0,0 +1,79 @@
+From 91efb2e81287745f7a2817211d00ca5a41f4e8ba Mon Sep 17 00:00:00 2001
+From: rpm-build
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 19/59] FIPS: Force fips provider on
+
+Patch-name: 0032-Force-fips.patch
+Patch-id: 32
+Patch-status: |
+ # # We load FIPS provider and set FIPS properties implicitly
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/provider_conf.c | 30 +++++++++++++++++++++++++++++-
+ 1 file changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
+index 9649517dd2..1e5053cbce 100644
+--- a/crypto/provider_conf.c
++++ b/crypto/provider_conf.c
+@@ -10,6 +10,8 @@
+ #include
+ #include
+ #include
++#include
++#include
+ #include
+ #include
+ #include
+@@ -237,7 +239,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
+ if (path != NULL)
+ ossl_provider_set_module_path(prov, path);
+
+- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
++ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
+
+ if (ok == 1) {
+ if (!ossl_provider_activate(prov, 1, 0)) {
+@@ -266,6 +268,8 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
+
+ if (ok <= 0)
+ ossl_provider_free(prov);
++ } else {
++ ok = 1;
+ }
+ CRYPTO_THREAD_unlock(pcgbl->lock);
+
+@@ -420,6 +424,30 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
+ return 0;
+ }
+
++ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
++ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
++# define FIPS_LOCAL_CONF OPENSSLDIR "/fips_local.cnf"
++
++ if (access(FIPS_LOCAL_CONF, R_OK) == 0) {
++ CONF *fips_conf = NCONF_new_ex(libctx, NCONF_default());
++ if (NCONF_load(fips_conf, FIPS_LOCAL_CONF, NULL) <= 0)
++ return 0;
++
++ if (provider_conf_load(libctx, "fips", "fips_sect", fips_conf) != 1) {
++ NCONF_free(fips_conf);
++ return 0;
++ }
++ NCONF_free(fips_conf);
++ } else {
++ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
++ return 0;
++ }
++ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
++ return 0;
++ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
++ return 0;
++ }
++
+ return 1;
+ }
+
+--
+2.51.0
+
diff --git a/0015-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch b/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
similarity index 99%
rename from 0015-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
rename to 0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
index 64544d299df76ccb3db0529fad7817bfc9dcf2cf..f0bd30a52796bc493f8c1c93d0c13ae6652f80fe 100644
--- a/0015-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
+++ b/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
@@ -263,4 +263,3 @@ index 0000000000..f05d0dedbe
--
2.51.0
-
diff --git a/0016-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch b/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
similarity index 99%
rename from 0016-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
rename to 0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
index 091d73019c1596fe498642ff630623e91489c4a6..21cd432001a5be837c1e41e226b1eb4313a5cb1f 100644
--- a/0016-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
+++ b/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
@@ -30,4 +30,3 @@ index 0000000000..54ae60b07f
--
2.51.0
-
diff --git a/0017-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch b/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
similarity index 99%
rename from 0017-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
rename to 0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
index f4c36d67274225526f8b490b785e114ce8d67421..8302ce588bfcc8ff561033a82f26fad1dfc3b18b 100644
--- a/0017-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
+++ b/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
@@ -47,4 +47,3 @@ index c89e91b587..98bf6ad203 100644
--
2.51.0
-
diff --git a/0018-FIPS-RSA-encrypt-limits-REVIEW.patch b/0023-FIPS-RSA-encrypt-limits-REVIEW.patch
similarity index 99%
rename from 0018-FIPS-RSA-encrypt-limits-REVIEW.patch
rename to 0023-FIPS-RSA-encrypt-limits-REVIEW.patch
index 3b49f560be1dadc9147f4ce6c0865b41e2eafddf..5976d4c403f2f271d9f993b51623d38a6d598b32 100644
--- a/0018-FIPS-RSA-encrypt-limits-REVIEW.patch
+++ b/0023-FIPS-RSA-encrypt-limits-REVIEW.patch
@@ -983,4 +983,3 @@ index f7be2e1872..568a1ddba4
--
2.51.0
-
diff --git a/0024-FIPS-RSA-PCTs.patch b/0024-FIPS-RSA-PCTs.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2c3eca12dc05504dec0118d51c838b01e6bf7b62
--- /dev/null
+++ b/0024-FIPS-RSA-PCTs.patch
@@ -0,0 +1,157 @@
+From e19989c58ad6450428ee68fa4d81e022925872c1 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Mon, 24 Mar 2025 10:50:37 -0400
+Subject: [PATCH 24/59] FIPS: RSA: PCTs
+
+Signed-off-by: Simo Sorce
+---
+ providers/implementations/keymgmt/rsa_kmgmt.c | 18 +++++++
+ providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++--
+ 2 files changed, 61 insertions(+), 4 deletions(-)
+
+diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
+index cd74275d60..52087abff6 100644
+--- a/providers/implementations/keymgmt/rsa_kmgmt.c
++++ b/providers/implementations/keymgmt/rsa_kmgmt.c
+@@ -434,6 +434,7 @@ struct rsa_gen_ctx {
+ #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+ /* ACVP test parameters */
+ OSSL_PARAM *acvp_test_params;
++ void *prov_rsa_ctx;
+ #endif
+ };
+
+@@ -447,6 +448,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb)
+ return gctx->cb(params, gctx->cbarg);
+ }
+
++#ifdef FIPS_MODULE
++void *rsa_newctx(void *provctx, const char *propq);
++void rsa_freectx(void *vctx);
++int do_rsa_pct(void *, const char *, void *);
++#endif
++
+ static void *gen_init(void *provctx, int selection, int rsa_type,
+ const OSSL_PARAM params[])
+ {
+@@ -474,6 +481,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type,
+
+ if (!rsa_gen_set_params(gctx, params))
+ goto err;
++#ifdef FIPS_MODULE
++ if (gctx != NULL)
++ gctx->prov_rsa_ctx = rsa_newctx(provctx, NULL);
++#endif
+ return gctx;
+
+ err:
+@@ -630,6 +641,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+
+ rsa = rsa_tmp;
+ rsa_tmp = NULL;
++#ifdef FIPS_MODULE
++ /* Pairwise consistency test */
++ if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1)
++ abort();
++#endif
+ err:
+ BN_GENCB_free(gencb);
+ RSA_free(rsa_tmp);
+@@ -645,6 +661,8 @@ static void rsa_gen_cleanup(void *genctx)
+ #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+ ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
+ gctx->acvp_test_params = NULL;
++ rsa_freectx(gctx->prov_rsa_ctx);
++ gctx->prov_rsa_ctx = NULL;
+ #endif
+ BN_clear_free(gctx->pub_exp);
+ OPENSSL_free(gctx);
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 29be5f5028..670125464e 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -37,7 +37,7 @@
+ #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
+ #define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
+
+-static OSSL_FUNC_signature_newctx_fn rsa_newctx;
++OSSL_FUNC_signature_newctx_fn rsa_newctx;
+ static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
+ static OSSL_FUNC_signature_verify_init_fn rsa_verify_init;
+ static OSSL_FUNC_signature_verify_recover_init_fn rsa_verify_recover_init;
+@@ -54,7 +54,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn rsa_digest_sign_final;
+ static OSSL_FUNC_signature_digest_verify_init_fn rsa_digest_verify_init;
+ static OSSL_FUNC_signature_digest_verify_update_fn rsa_digest_verify_update;
+ static OSSL_FUNC_signature_digest_verify_final_fn rsa_digest_verify_final;
+-static OSSL_FUNC_signature_freectx_fn rsa_freectx;
++OSSL_FUNC_signature_freectx_fn rsa_freectx;
+ static OSSL_FUNC_signature_dupctx_fn rsa_dupctx;
+ static OSSL_FUNC_signature_query_key_types_fn rsa_sigalg_query_key_types;
+ static OSSL_FUNC_signature_get_ctx_params_fn rsa_get_ctx_params;
+@@ -226,7 +226,7 @@ static int rsa_check_parameters(PROV_RSA_CTX *prsactx, int min_saltlen)
+ return 1;
+ }
+
+-static void *rsa_newctx(void *provctx, const char *propq)
++void *rsa_newctx(void *provctx, const char *propq)
+ {
+ PROV_RSA_CTX *prsactx = NULL;
+ char *propq_copy = NULL;
+@@ -1316,7 +1316,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
+ return ok;
+ }
+
+-static void rsa_freectx(void *vprsactx)
++void rsa_freectx(void *vprsactx)
+ {
+ PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
+
+@@ -1866,6 +1866,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx)
+ return EVP_MD_settable_ctx_params(prsactx->md);
+ }
+
++#ifdef FIPS_MODULE
++int do_rsa_pct(void *vctx, const char *mdname, void *rsa)
++{
++ static const unsigned char data[32];
++ unsigned char *sigbuf = NULL;
++ size_t siglen = 0;
++ int ret = 0;
++
++ if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0)
++ return 0;
++
++ if (rsa_digest_sign_update(vctx, data, sizeof(data)) <= 0)
++ return 0;
++
++ if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0)
++ return 0;
++
++ if ((sigbuf = OPENSSL_malloc(siglen)) == NULL)
++ return 0;
++
++ if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0)
++ goto err;
++
++ if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0)
++ goto err;
++
++ if (rsa_digest_verify_update(vctx, data, sizeof(data)) <= 0)
++ goto err;
++
++ if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
++ goto err;
++ ret = 1;
++
++ err:
++ OPENSSL_free(sigbuf);
++ return ret;
++}
++#endif
++
+ const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
+ { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
+--
+2.51.0
+
diff --git a/0019-FIPS-RSA-encapsulate-limits.patch b/0025-FIPS-RSA-encapsulate-limits.patch
similarity index 99%
rename from 0019-FIPS-RSA-encapsulate-limits.patch
rename to 0025-FIPS-RSA-encapsulate-limits.patch
index 800027e27661604c537b1559e93b5e89edb844e0..7aa84dbe700ba9477eca95214ea1bfb7473a938b 100644
--- a/0019-FIPS-RSA-encapsulate-limits.patch
+++ b/0025-FIPS-RSA-encapsulate-limits.patch
@@ -57,4 +57,3 @@ index ecab1454e7..8e5edd35fe 100644
--
2.51.0
-
diff --git a/0020-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch b/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
similarity index 98%
rename from 0020-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
rename to 0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
index 53efb98ae97cca8c1c200c3cd65c2f216f1b6ebc..9dd08faf6f8f03b2cb6dc904a43a2685f9aaf052 100644
--- a/0020-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
+++ b/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
@@ -16,6 +16,8 @@ only be used as the standalone algorithms."
Add a check to prevent their use as message digest in PSS signatures and
as MGF1 hash function in both OAEP and PSS.
+Signed-off-by: Clemens Lang
+
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/rsa/rsa_oaep.c | 16 ++++++++++++++++
@@ -93,4 +95,3 @@ index a2bc198a89..2833ca50f3 100644
--
2.51.0
-
diff --git a/0027-FIPS-RSA-size-mode-restrictions.patch b/0027-FIPS-RSA-size-mode-restrictions.patch
new file mode 100644
index 0000000000000000000000000000000000000000..654f678c1799fabc7b1a99ce798afc215fa79e33
--- /dev/null
+++ b/0027-FIPS-RSA-size-mode-restrictions.patch
@@ -0,0 +1,441 @@
+From 564140b9980fba626d7b52c6072b1d9cb87150da Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Fri, 7 Mar 2025 18:20:30 -0500
+Subject: [PATCH 27/59] FIPS: RSA: size/mode restrictions
+
+Signed-off-by: Simo Sorce
+---
+ providers/implementations/signature/rsa_sig.c | 26 +++++++++
+ ssl/ssl_ciph.c | 3 ++
+ test/recipes/30-test_evp_data/evppkey_rsa.txt | 53 +++++++++++++++++++
+ .../30-test_evp_data/evppkey_rsa_common.txt | 8 +--
+ 4 files changed, 86 insertions(+), 4 deletions(-)
+
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 670125464e..664c59d2ef 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -939,6 +939,19 @@ static int rsa_verify_recover(void *vprsactx,
+ {
+ PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
+ int ret;
++# ifdef FIPS_MODULE
++ size_t rsabits = RSA_bits(prsactx->rsa);
++
++ if (rsabits < 2048) {
++ if (rsabits != 1024
++ && rsabits != 1280
++ && rsabits != 1536
++ && rsabits != 1792) {
++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
++ return 0;
++ }
++ }
++# endif
+
+ if (!ossl_prov_is_running())
+ return 0;
+@@ -1033,6 +1046,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx,
+ const unsigned char *tbs, size_t tbslen)
+ {
+ size_t rslen;
++# ifdef FIPS_MODULE
++ size_t rsabits = RSA_bits(prsactx->rsa);
++
++ if (rsabits < 2048) {
++ if (rsabits != 1024
++ && rsabits != 1280
++ && rsabits != 1536
++ && rsabits != 1792) {
++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
++ return 0;
++ }
++ }
++# endif
+
+ if (!ossl_prov_is_running())
+ return 0;
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 19420d6c6a..5ab1ccee93 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -350,6 +350,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
+ ctx->disabled_mkey_mask = 0;
+ ctx->disabled_auth_mask = 0;
+
++ if (EVP_default_properties_is_fips_enabled(ctx->libctx))
++ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
++
+ /*
+ * We ignore any errors from the fetches below. They are expected to fail
+ * if these algorithms are not available.
+diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt
+index f1dc5dd2a2..6ae973eaac 100644
+--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt
++++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt
+@@ -268,8 +268,19 @@ TwIDAQAB
+
+ PrivPubKeyPair = RSA-PSS:RSA-PSS-DEFAULT
+
++# Wrong MGF1 digest
++Availablein = default
++Verify = RSA-2048
++Ctrl = rsa_padding_mode:pss
++Ctrl = rsa_pss_saltlen:0
++Ctrl = digest:sha256
++Ctrl = rsa_mgf1_md:sha1
++Input="0123456789ABCDEF0123456789ABCDEF"
++Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
++Result = VERIFY_ERROR
+
+ # Wrong MGF1 digest
++Availablein = fips
+ Verify = RSA-2048
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_pss_saltlen:0
+@@ -280,6 +291,7 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD
+ Result = VERIFY_ERROR
+
+ # Verify using default parameters
++Availablein = default
+ Verify = RSA-PSS-DEFAULT
+ Input="0123456789ABCDEF0123"
+ Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
+@@ -303,36 +315,42 @@ fc6CnohE9iWxFeXpxKWc+PgRO2g0M2ov0mibRyy7Xlyr5nQ1DFm2wX4XaHT7Qvj8
+ PRdqAX7cYf0ybEszyQIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=5c81a3e2a658246628cd0ee8b00bb4c012bc9739
+ Output=014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=27f71611446aa6eabf037f7dedeede3203244991
+ Output=010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=03ecc2c33e93f05fc7224fcc0d461356cb897217
+ Output=007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=246c727b4b9494849dddb068d582e179ac20999c
+ Output=009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=e8617ca3ea66ce6a58ede2d11af8c3ba8a6ba912
+ Output=00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -348,36 +366,42 @@ nQ6tsIdYbKSJM9o8yVPZW9DtUN4Q3ctnNhB9bIMcf2Y+gzykwJfnAM4PuUX4j7hf
+ 6OWncxclZbkUpHGkQwIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=3552be69dd74bdc56d2cf8c38ef7bafe269040fe
+ Output=0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=609143ff7240e55c062aba8b9e4426a781919bc9
+ Output=02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0afd22f879a9cda7c584f4135f8f1c961db114c0
+ Output=0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=405dd56d395ef0f01b555c48f748cc32b210650b
+ Output=0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=a2c313b0440c8a0c47233b87f0a160c61af3eae7
+ Output=021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -393,36 +417,42 @@ MAz5u2xTrR3IoXi4FdtCNamp2gwG3k5hXqEnfOVZ6cEI3ljBSoGqd/Wm+NEzVJRJ
+ iEjIuVlAdAvnv3w3BQIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=f8b0abf70fec0bca74f0accbc24f75e6e90d3bfd
+ Output=0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=04a10944bfe11ab801e77889f3fd3d7f4ff0b629
+ Output=049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=ba01243db223eb97fb86d746c3148adaaa0ca344
+ Output=03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=934bb0d38d6836daec9de82a9648d4593da67cd2
+ Output=0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=ec35d81abd1cceac425a935758b683465c8bd879
+ Output=022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -438,18 +468,21 @@ pLDMjaMl7YqmdrDQ9ibgp38HaSFwrKyAgvQvqn3HzRI+cw4xqHmFIEyry+ZnDUOi
+ 3Sst3vXgU5L8ITvFBwIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=d98b7061943510bc3dd9162f7169aabdbdcd0222
+ Output=0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=7ae8e699f754988f4fd645e463302e49a2552072
+ Output=08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -463,12 +496,14 @@ Ctrl = rsa_mgf1_md:sha1
+ Input=ee3de96783fd0a157c8b20bf5566124124dcfe65
+ Output=0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1204df0b03c2724e2709c23fc71789a21b00ae4c
+ Output=0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -484,36 +519,42 @@ Kl8QsJwxGvjA/7W3opfy78Y7jWsFEJMfC5jki/X8bsTnuNsf+usIw44CrbjwOkgi
+ nJnpaUMfYcuMTcaY0QIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=ab464e8cb65ae5fdea47a53fa84b234d6bfd52f6
+ Output=04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=92d0bcae82b641f578f040f5151be8eda6d42299
+ Output=0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=3569bd8fd2e28f2443375efa94f186f6911ffc2b
+ Output=086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=7abbb7b42de335730a0b641f1e314b6950b84f98
+ Output=0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=55b7eb27be7a787a59eb7e5fac468db8917a7725
+ Output=02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -529,36 +570,42 @@ MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgTfJ2kpmyMQIuNon0MnXn4zLHq/B
+ 2LXF01SAItcGTqKaswIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=8be4afbdd76bd8d142c5f4f46dba771ee5d6d29d
+ Output=187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=402140dc605b2f5c5ec0d15bce9f9ba8857fe117
+ Output=10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=3e885205892ff2b6b37c2c4eb486c4bf2f9e7f20
+ Output=2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1fc2201d0c442a4736cd8b2cd00c959c47a3bf42
+ Output=32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=e4351b66819e5a31501f89acc7faf57030e9aac5
+ Output=07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -574,36 +621,42 @@ R1PbPO4O4Gx9+uix1TtZUyGPnM7qaVsIZo7eqtztlGOx15DV6/J+kRW0bK1NmiuO
+ +rBWGwgQNEc5raBzPwIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=a1dd230d8ead860199b6277c2ecfe3d95f6d9160
+ Output=0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=f6e68e53c602c5c65fa67b5aa6d786e5524b12ab
+ Output=2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=d6f9fcd3ae27f32bb2c7c93536782eba52af1f76
+ Output=2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=7ff2a53ce2e2d900d468e498f230a5f5dd0020de
+ Output=1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=4eb309f7022ba0b03bb78601b12931ec7c1be8d3
+ Output=33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+index 17ceb59148..972e90f32f 100644
+--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+@@ -285,7 +285,7 @@ FIPSversion = >=3.4.0
+ Decrypt = RSA-2048
+ Ctrl = rsa_padding_mode:none
+ Input = 0000000000000000000000000000000000000000
+-Result = KEYOP_ERROR
++Result = KEYOP_LENGTH_ERROR
+
+ # RSADP Ciphertext = 1 should fail
+ Availablein = fips
+@@ -293,7 +293,7 @@ FIPSversion = >=3.4.0
+ Decrypt = RSA-2048
+ Ctrl = rsa_padding_mode:none
+ Input = 0000000000000000000000000000000000000001
+-Result = KEYOP_ERROR
++Result = KEYOP_LENGTH_ERROR
+
+ # RSADP Ciphertext = 2 should pass
+ Availablein = default
+@@ -315,7 +315,7 @@ FIPSversion = >=3.4.0
+ Decrypt = RSA-2048
+ Ctrl = rsa_padding_mode:none
+ Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44e
+-Result = KEYOP_ERROR
++Result = KEYOP_LENGTH_ERROR
+
+ # RSADP Ciphertext = n should fail
+ Availablein = default
+@@ -2074,7 +2074,7 @@ Securitycheck = 1
+ Unapproved = 1
+ CtrlInit = key-check:0
+ Input = 550AF55A2904E7B9762352F8FB7FA235
+-Result = KEYOP_MISMATCH
++Result = KEYOP_LENGTH_ERROR
+
+ # Signing with SHA1 is not allowed in fips mode
+ Availablein = fips
+--
+2.51.0
+
diff --git a/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch b/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cea491ff96a34e46360c0ff825d7762a50f40373
--- /dev/null
+++ b/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch
@@ -0,0 +1,26 @@
+From 84323511d9558acb40614ca7cd19436901b02629 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Mon, 24 Mar 2025 11:03:45 -0400
+Subject: [PATCH 28/59] FIPS: RSA: Mark x931 as not approved by default
+
+Signed-off-by: Simo Sorce
+---
+ providers/fips/include/fips_indicator_params.inc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc
+index 6bd783eb0a..c1b029de86 100644
+--- a/providers/fips/include/fips_indicator_params.inc
++++ b/providers/fips/include/fips_indicator_params.inc
+@@ -15,7 +15,7 @@ OSSL_FIPS_PARAM(dsa_sign_disallowed, DSA_SIGN_DISABLED, 0)
+ OSSL_FIPS_PARAM(tdes_encrypt_disallowed, TDES_ENCRYPT_DISABLED, 0)
+ OSSL_FIPS_PARAM(rsa_pkcs15_padding_disabled, RSA_PKCS15_PAD_DISABLED, 1)
+ OSSL_FIPS_PARAM(rsa_pss_saltlen_check, RSA_PSS_SALTLEN_CHECK, 0)
+-OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 0)
++OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 1)
+ OSSL_FIPS_PARAM(hkdf_key_check, HKDF_KEY_CHECK, 0)
+ OSSL_FIPS_PARAM(kbkdf_key_check, KBKDF_KEY_CHECK, 0)
+ OSSL_FIPS_PARAM(tls13_kdf_key_check, TLS13_KDF_KEY_CHECK, 0)
+--
+2.51.0
+
diff --git a/0021-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch b/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
similarity index 99%
rename from 0021-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
rename to 0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
index 1fe8aceb1b7734b58eee8d55de6de3136912ef1e..feda848c7d102b218b8488df022790916a5d084e 100644
--- a/0021-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
+++ b/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
@@ -20,6 +20,8 @@ now.
[1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf
+Signed-off-by: Clemens Lang
+
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
test/acvp_test.inc | 225 ---------------------------------------------
@@ -278,4 +280,3 @@ index 97ec1ff3e5..31fa0eafc6 100644
--
2.51.0
-
diff --git a/0022-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch b/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
similarity index 99%
rename from 0022-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
rename to 0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
index a7712cb791f7a01f20d8d853fff41887fadf6238..0727a7819fdd680af72befdae611af05f5ad94c5 100644
--- a/0022-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
+++ b/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
@@ -1,9 +1,10 @@
From dcf7af9b6a78929682a539c30c388d6329460fde Mon Sep 17 00:00:00 2001
-From: rpm-build
+From: Simo Sorce
Date: Wed, 12 Feb 2025 17:12:02 -0500
Subject: [PATCH 30/59] FIPS: RSA: NEEDS-REWORK:
FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed
+Signed-off-by: Simo Sorce
---
...EP-in-KATs-support-fixed-OAEP-seed.p.patch | 348 ++++++++++++++++++
REBASE.txt | 10 +
@@ -384,4 +385,3 @@ index 0000000000..2833a383c1
--
2.51.0
-
diff --git a/0023-FIPS-Deny-SHA-1-signature-verification.patch b/0031-FIPS-Deny-SHA-1-signature-verification.patch
similarity index 99%
rename from 0023-FIPS-Deny-SHA-1-signature-verification.patch
rename to 0031-FIPS-Deny-SHA-1-signature-verification.patch
index 07362631797f9f39c6aa4ac639c4e7c9186e5993..77dc5f3b6a4ac15a43572e125732df6d281edb06 100644
--- a/0023-FIPS-Deny-SHA-1-signature-verification.patch
+++ b/0031-FIPS-Deny-SHA-1-signature-verification.patch
@@ -706,4 +706,3 @@ index 568a1ddba4..6332aaec4b 100755
--
2.51.0
-
diff --git a/0024-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch b/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
similarity index 99%
rename from 0024-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
rename to 0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
index c531b197381dd2270c430d2d58f0daa97eecd2c8..d4f500a299a8ab4204fc3c169a9ef14ebdb576c0 100644
--- a/0024-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
+++ b/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
@@ -156,4 +156,3 @@ index c3a5d8b3bf..b7b34a9345 100644
--
2.51.0
-
diff --git a/0025-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch b/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
similarity index 99%
rename from 0025-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
rename to 0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
index 6997f7a0d2a70cdfcb763662779db0bc167dab0a..d22e38b03613be2473e3f51ea0670423660cb64c 100644
--- a/0025-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
+++ b/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
@@ -1193,4 +1193,3 @@ index 9756859c0e..9baecf6f31 100644
--
2.51.0
-
diff --git a/0026-FIPS-PBKDF2-Set-minimum-password-length.patch b/0034-FIPS-PBKDF2-Set-minimum-password-length.patch
similarity index 99%
rename from 0026-FIPS-PBKDF2-Set-minimum-password-length.patch
rename to 0034-FIPS-PBKDF2-Set-minimum-password-length.patch
index 88be8ecc57328fbdc0664c71a68708d0dd229034..10999a6a32ad6480f852bd473dbe862842962c18 100644
--- a/0026-FIPS-PBKDF2-Set-minimum-password-length.patch
+++ b/0034-FIPS-PBKDF2-Set-minimum-password-length.patch
@@ -22,6 +22,8 @@ ACVP testing uses passwords as short as 8 bytes, and requiring longer
passwords combined with an implicit indicator (i.e., returning an error)
would cause the module to fail ACVP testing.
+Signed-off-by: Clemens Lang
+
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
providers/implementations/kdfs/pbkdf2.c | 39 +++++++++++++++++++++----
@@ -117,4 +119,3 @@ index b383314064..68f9355b7d 100644
--
2.51.0
-
diff --git a/0027-FIPS-DH-PCT.patch b/0035-FIPS-DH-PCT.patch
similarity index 96%
rename from 0027-FIPS-DH-PCT.patch
rename to 0035-FIPS-DH-PCT.patch
index f1a46bad4ecc8a7d9722a5bb372bec52ccc734d5..52883a602ce61b71ba109a3d5e83cda29ceaec7f 100644
--- a/0027-FIPS-DH-PCT.patch
+++ b/0035-FIPS-DH-PCT.patch
@@ -1,8 +1,9 @@
From d982e6a817871b174732027eed8b750aa9f8ae4b Mon Sep 17 00:00:00 2001
-From: rpm-build
+From: Simo Sorce
Date: Mon, 24 Mar 2025 10:49:00 -0400
Subject: [PATCH 35/59] FIPS: DH: PCT
+Signed-off-by: Simo Sorce
---
crypto/dh/dh_key.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
@@ -70,4 +71,3 @@ index 052d4d29ed..ace02bb0db 100644
--
2.51.0
-
diff --git a/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch b/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8cc3a3dea2960ba274a95fee50c0da6ec31ed7d7
--- /dev/null
+++ b/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch
@@ -0,0 +1,330 @@
+From 3f8b36370630e57ad848be5d804df4169d6a35a2 Mon Sep 17 00:00:00 2001
+From: rpm-build
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 36/59] FIPS: DH: Disable FIPS 186-4 type parameters
+
+For DH parameter and key pair generation/verification, the DSA
+procedures specified in FIPS 186-4 are used. With the release of FIPS
+186-5 and the removal of DSA, the approved status of these groups is in
+peril. Once the transition for DSA ends (this transition will be 1 year
+long and start once CMVP has published the guidance), no more
+submissions claiming DSA will be allowed. Hence, FIPS 186-type
+parameters will also be automatically non-approved.
+
+In the FIPS provider, disable validation of any DH parameters that are
+not well-known groups, and remove DH parameter generation completely.
+
+Adjust tests to use well-known groups or larger DH groups where this
+change would now cause failures, and skip tests that are expected to
+fail due to this change.
+
+Related: rhbz#2169757, rhbz#2169757
+Signed-off-by: Clemens Lang
+
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+
+NOTE: Dropped changes in test/recipes/80-test_cms.t
+---
+ crypto/dh/dh_backend.c | 10 ++++
+ crypto/dh/dh_check.c | 12 ++--
+ crypto/dh/dh_gen.c | 12 +++-
+ crypto/dh/dh_key.c | 13 ++--
+ crypto/dh/dh_pmeth.c | 10 +++-
+ providers/implementations/keymgmt/dh_kmgmt.c | 5 ++
+ test/endecode_test.c | 4 +-
+ test/evp_libctx_test.c | 2 +-
+ test/helpers/predefined_dhparams.c | 62 ++++++++++++++++++++
+ test/helpers/predefined_dhparams.h | 1 +
+ test/recipes/80-test_ssl_old.t | 3 +
+ 11 files changed, 116 insertions(+), 18 deletions(-)
+
+diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
+index 1aaa88daca..aa3a491799 100644
+--- a/crypto/dh/dh_backend.c
++++ b/crypto/dh/dh_backend.c
+@@ -47,6 +47,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
+ if (!dh_ffc_params_fromdata(dh, params))
+ return 0;
+
++#ifdef FIPS_MODULE
++ if (!ossl_dh_is_named_safe_prime_group(dh)) {
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer allowed in"
++ " FIPS mode, since the required validation routines"
++ " were removed from FIPS 186-5");
++ return 0;
++ }
++#endif
++
+ param_priv_len =
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
+ if (param_priv_len != NULL
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index 2d899dc96f..a4e6d1dd18 100644
+--- a/crypto/dh/dh_check.c
++++ b/crypto/dh/dh_check.c
+@@ -58,13 +58,15 @@ int DH_check_params(const DH *dh, int *ret)
+ nid = DH_get_nid((DH *)dh);
+ if (nid != NID_undef)
+ return 1;
++
+ /*
+- * OR
+- * (2b) FFC domain params conform to FIPS-186-4 explicit domain param
+- * validity tests.
++ * FIPS 186-4 explicit domain parameters are no longer supported in FIPS mode.
+ */
+- return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params,
+- FFC_PARAM_TYPE_DH, ret, NULL);
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer allowed in"
++ " FIPS mode, since the required validation routines were"
++ " removed from FIPS 186-5");
++ return 0;
+ }
+ #else
+ int DH_check_params(const DH *dh, int *ret)
+diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
+index b73bfb7f3b..275ce2c1af 100644
+--- a/crypto/dh/dh_gen.c
++++ b/crypto/dh/dh_gen.c
+@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
+ BN_GENCB *cb)
+ {
+- int ret, res;
++ int ret = 0;
+
+ #ifndef FIPS_MODULE
++ int res;
++
+ if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
+ ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
+ FFC_PARAM_TYPE_DH,
+ pbits, qbits, &res, cb);
+ else
+-#endif
+ ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
+ FFC_PARAM_TYPE_DH,
+ pbits, qbits, &res, cb);
++#else
++ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer allowed in"
++ " FIPS mode, since the required generation routines were"
++ " removed from FIPS 186-5");
++#endif
+ if (ret > 0)
+ dh->dirty_cnt++;
+ return ret;
+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+index ace02bb0db..f505f2fa87 100644
+--- a/crypto/dh/dh_key.c
++++ b/crypto/dh/dh_key.c
+@@ -336,8 +336,12 @@ static int generate_key(DH *dh)
+ goto err;
+ } else {
+ #ifdef FIPS_MODULE
+- if (dh->params.q == NULL)
+- goto err;
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer"
++ " allowed in FIPS mode, since the required"
++ " generation routines were removed from FIPS"
++ " 186-5");
++ goto err;
+ #else
+ if (dh->params.q == NULL) {
+ /* secret exponent length, must satisfy 2^l < (p-1)/2 */
+@@ -360,9 +364,7 @@ static int generate_key(DH *dh)
+ if (!BN_clear_bit(priv_key, 0))
+ goto err;
+ }
+- } else
+-#endif
+- {
++ } else {
+ /* Do a partial check for invalid p, q, g */
+ if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params,
+ FFC_PARAM_TYPE_DH, NULL))
+@@ -378,6 +380,7 @@ static int generate_key(DH *dh)
+ priv_key))
+ goto err;
+ }
++#endif
+ }
+ }
+
+diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
+index 74bef9370d..c2c910b9c8 100644
+--- a/crypto/dh/dh_pmeth.c
++++ b/crypto/dh/dh_pmeth.c
+@@ -303,13 +303,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx,
+ prime_len, subprime_len, &res,
+ pcb);
+ else
+-# endif
+- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */
+- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2)
+ rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params,
+ FFC_PARAM_TYPE_DH,
+ prime_len, subprime_len, &res,
+ pcb);
++# else
++ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer allowed in"
++ " FIPS mode, since the required generation routines were"
++ " removed from FIPS 186-5");
++# endif
+ if (rv <= 0) {
+ DH_free(ret);
+ return NULL;
+diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
+index 0e9e837383..f1eabf071a 100644
+--- a/providers/implementations/keymgmt/dh_kmgmt.c
++++ b/providers/implementations/keymgmt/dh_kmgmt.c
+@@ -422,6 +422,11 @@ static int dh_validate(const void *keydata, int selection, int checktype)
+ if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
+ return 1; /* nothing to validate */
+
++#ifdef FIPS_MODULE
++ /* In FIPS provider, always check the domain parameters to disallow
++ * operations on keys with FIPS 186-4 params. */
++ selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
++#endif
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
+ /*
+ * Both of these functions check parameters. DH_check_params_ex()
+diff --git a/test/endecode_test.c b/test/endecode_test.c
+index 85c84f6592..d2ff9e6eb6 100644
+--- a/test/endecode_test.c
++++ b/test/endecode_test.c
+@@ -85,10 +85,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
+ * for testing only. Use a minimum key size of 2048 for security purposes.
+ */
+ if (strcmp(type, "DH") == 0)
+- return get_dh512(keyctx);
++ return get_dh2048(keyctx);
+
+ if (strcmp(type, "X9.42 DH") == 0)
+- return get_dhx512(keyctx);
++ return get_dhx_ffdhe2048(keyctx);
+ # endif
+
+ /*
+diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
+index 039fca9bb0..2838f343bd 100644
+--- a/test/evp_libctx_test.c
++++ b/test/evp_libctx_test.c
+@@ -222,7 +222,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
+
+ if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
+ || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
+- || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
++ || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey) == 1, expected))
+ goto err;
+
+ if (expected) {
+diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
+index 4bdadc4143..e5186e4b4a 100644
+--- a/test/helpers/predefined_dhparams.c
++++ b/test/helpers/predefined_dhparams.c
+@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx)
+ dhx512_q, sizeof(dhx512_q));
+ }
+
++EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx)
++{
++ /* This is RFC 7919 ffdhe2048, since Red Hat removes support for
++ * non-well-known groups in FIPS mode. */
++ static unsigned char dhx_p[] = {
++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xad, 0xf8, 0x54, 0x58,
++ 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
++ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xfb, 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
++ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02,
++ 0xae, 0xc4, 0x61, 0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
++ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, 0x85, 0x63, 0x65, 0x55,
++ 0x3d, 0xed, 0x1a, 0xf3, 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
++ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, 0xda,
++ 0xf3, 0xef, 0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
++ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc, 0x0a, 0xb1, 0x82,
++ 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
++ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, 0x1d, 0x4f, 0x42, 0xa3,
++ 0xde, 0x39, 0x4d, 0xf4, 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
++ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1,
++ 0xcd, 0xf7, 0xe2, 0xec, 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
++ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, 0x8e, 0x4f, 0x12, 0x32,
++ 0xee, 0xf2, 0x81, 0x83, 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
++ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83,
++ 0x7d, 0x16, 0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
++ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, 0xff, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff
++ };
++ static unsigned char dhx_g[] = {
++ 0x02
++ };
++ static unsigned char dhx_q[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff
++ };
++
++ return get_dh_from_pg(libctx, "X9.42 DH",
++ dhx_p, sizeof(dhx_p),
++ dhx_g, sizeof(dhx_g),
++ dhx_q, sizeof(dhx_q));
++}
++
+ EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
+ {
+ static unsigned char dh1024_p[] = {
+diff --git a/test/helpers/predefined_dhparams.h b/test/helpers/predefined_dhparams.h
+index f0e8709062..2ff6d6e721 100644
+--- a/test/helpers/predefined_dhparams.h
++++ b/test/helpers/predefined_dhparams.h
+@@ -12,6 +12,7 @@
+ #ifndef OPENSSL_NO_DH
+ EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
+ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx);
++EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx);
+ EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct);
+ EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
+ EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx);
+diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
+index 6332aaec4b..4d8c900c00 100755
+--- a/test/recipes/80-test_ssl_old.t
++++ b/test/recipes/80-test_ssl_old.t
+@@ -458,6 +458,9 @@ sub testssl {
+ skip "skipping dhe1024dsa test", 1
+ if ($no_dh);
+
++ skip "FIPS 186-4 type DH groups are no longer supported by the FIPS provider", 1
++ if $provider eq "fips";
++
+ ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
+ 'test sslv2/sslv3 with 1024bit DHE via BIO pair');
+ }
+--
+2.51.0
+
diff --git a/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch b/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch
new file mode 100644
index 0000000000000000000000000000000000000000..74486aad165f5ddc802f5072e1dd557ff2d87e62
--- /dev/null
+++ b/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch
@@ -0,0 +1,192 @@
+From 9c9716b7a631ef8e3087a3ddec967b18d5c46a1f Mon Sep 17 00:00:00 2001
+From: rpm-build
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 37/59] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE
+
+NOTE: Enforcement of EMS in non-FIPS mode has been dropped due to code
+change the option to enforce it seem to be available only in FIPS build
+
+Patch-name: 0114-FIPS-enforce-EMS-support.patch
+Patch-id: 114
+Patch-status: |
+ # # We believe that some changes present in CentOS are not necessary
+ # # because ustream has a check for FIPS version
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ doc/man3/SSL_CONF_cmd.pod | 3 +++
+ doc/man5/fips_config.pod | 13 +++++++++++++
+ include/openssl/ssl.h.in | 1 +
+ providers/fips/include/fips_indicator_params.inc | 2 +-
+ ssl/ssl_conf.c | 1 +
+ ssl/statem/extensions_srvr.c | 8 +++++++-
+ ssl/t1_enc.c | 11 +++++++++--
+ test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt | 10 ++++++++++
+ test/sslapitest.c | 2 +-
+ 9 files changed, 46 insertions(+), 5 deletions(-)
+
+diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
+index 9338ffc01d..911ea21a68 100644
+--- a/doc/man3/SSL_CONF_cmd.pod
++++ b/doc/man3/SSL_CONF_cmd.pod
+@@ -621,6 +621,9 @@ B: use extended master secret extension, enabled by
+ default. Inverse of B: that is,
+ B<-ExtendedMasterSecret> is the same as setting B.
+
++B: allow establishing connections without EMS in FIPS mode.
++This is a RedHat-based OS specific option, and normally it should be set up via crypto policies.
++
+ B: use CA names extension, enabled by
+ default. Inverse of B: that is,
+ B<-CANames> is the same as setting B.
+diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
+index 2505938c13..3887c54f0e 100644
+--- a/doc/man5/fips_config.pod
++++ b/doc/man5/fips_config.pod
+@@ -11,6 +11,19 @@ automatically loaded when the system is booted in FIPS mode, or when the
+ environment variable B is set. See the documentation
+ for more information.
+
++Red Hat Enterprise Linux uses a supplementary config for FIPS module located in
++OpenSSL configuration directory and managed by crypto policies. If present, it
++should have format
++
++ [fips_sect]
++ tls1-prf-ems-check = 0
++ activate = 1
++
++The B option specifies whether FIPS module will require the
++presence of extended master secret or not.
++
++The B option enforces FIPS provider activation.
++
+ =head1 COPYRIGHT
+
+ Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
+index d1b00e8454..b815f25dae 100644
+--- a/include/openssl/ssl.h.in
++++ b/include/openssl/ssl.h.in
+@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
+ * interoperability with CryptoPro CSP 3.x
+ */
+ # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
++# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
+ /*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc
+index c1b029de86..47d1cf2d01 100644
+--- a/providers/fips/include/fips_indicator_params.inc
++++ b/providers/fips/include/fips_indicator_params.inc
+@@ -1,5 +1,5 @@
+ OSSL_FIPS_PARAM(security_checks, SECURITY_CHECKS, 1)
+-OSSL_FIPS_PARAM(tls1_prf_ems_check, TLS1_PRF_EMS_CHECK, 0)
++OSSL_FIPS_PARAM(tls1_prf_ems_check, TLS1_PRF_EMS_CHECK, 1)
+ OSSL_FIPS_PARAM(no_short_mac, NO_SHORT_MAC, 1)
+ OSSL_FIPS_PARAM(hmac_key_check, HMAC_KEY_CHECK, 0)
+ OSSL_FIPS_PARAM(kmac_key_check, KMAC_KEY_CHECK, 0)
+diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
+index 946d20be52..b52c1675fd 100644
+--- a/ssl/ssl_conf.c
++++ b/ssl/ssl_conf.c
+@@ -394,6 +394,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
+ SSL_FLAG_TBL("ClientRenegotiation",
+ SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
+ SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
++ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS),
+ SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
+ SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
+ SSL_FLAG_TBL("PreferNoDHEKEX", SSL_OP_PREFER_NO_DHE_KEX),
+diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
+index 1a09913ad6..936be81819 100644
+--- a/ssl/statem/extensions_srvr.c
++++ b/ssl/statem/extensions_srvr.c
+@@ -12,6 +12,7 @@
+ #include "statem_local.h"
+ #include "internal/cryptlib.h"
+ #include "internal/ssl_unwrap.h"
++#include
+
+ #define COOKIE_STATE_FORMAT_VERSION 1
+
+@@ -1886,8 +1887,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
+ unsigned int context,
+ X509 *x, size_t chainidx)
+ {
+- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
++ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
++ if (FIPS_mode() && !(SSL_get_options(SSL_CONNECTION_GET_SSL(s)) & SSL_OP_RH_PERMIT_NOEMS_FIPS) ) {
++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
++ return EXT_RETURN_FAIL;
++ }
+ return EXT_RETURN_NOT_SENT;
++ }
+
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
+ || !WPACKET_put_bytes_u16(pkt, 0)) {
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 474ea7bf5b..e0e595e989 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -21,6 +21,7 @@
+ #include
+ #include
+ #include
++#include
+
+ /* seed1 through seed5 are concatenated */
+ static int tls1_PRF(SSL_CONNECTION *s,
+@@ -78,8 +79,14 @@ static int tls1_PRF(SSL_CONNECTION *s,
+ }
+
+ err:
+- if (fatal)
+- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
++ if (fatal) {
++ /* The calls to this function are local so it's safe to implement the check */
++ if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE
++ && memcmp(seed1, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
++ else
++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
++ }
+ else
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ EVP_KDF_CTX_free(kctx);
+diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+index 50944328cb..edb2e81273 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c
+ Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+ Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
+
++Availablein = fips
++KDF = TLS1-PRF
++Ctrl.digest = digest:SHA256
++Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
++Ctrl.label = seed:master secret
++Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
++Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
++Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
++Result = KDF_DERIVE_ERROR
++
+ FIPSversion = <=3.1.0
+ KDF = TLS1-PRF
+ Ctrl.digest = digest:SHA256
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index 05c5ab256f..4373bc2865 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -585,7 +585,7 @@ static int test_client_cert_verify_cb(void)
+ STACK_OF(X509) *server_chain;
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+- int testresult = 0;
++ int testresult = 0, status;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
+--
+2.51.0
+
diff --git a/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch b/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7c7f9474682715132c0d32625a88ed33b523d3ff
--- /dev/null
+++ b/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch
@@ -0,0 +1,61 @@
+From 12f5ab8b6d98cf8f2db35bebc48140b61a66fb35 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Thu, 13 Feb 2025 18:08:34 -0500
+Subject: [PATCH 38/59] FIPS: CMS: Set default padding to OAEP
+
+From-dist-git-commit: d508cbed930481c1960d6a6bc1e1a9593252dbbe
+---
+ apps/cms.c | 1 +
+ crypto/cms/cms_env.c | 10 ++++++++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/apps/cms.c b/apps/cms.c
+index 6f19414880..4019d7373e 100644
+--- a/apps/cms.c
++++ b/apps/cms.c
+@@ -20,6 +20,7 @@
+ #include
+ #include
+ #include
++#include
+
+ static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+ static int cms_cb(int ok, X509_STORE_CTX *ctx);
+diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
+index 375239c78d..e09ad03ece 100644
+--- a/crypto/cms/cms_env.c
++++ b/crypto/cms/cms_env.c
+@@ -14,6 +14,7 @@
+ #include
+ #include
+ #include
++#include
+ #include "internal/sizes.h"
+ #include "crypto/asn1.h"
+ #include "crypto/evp.h"
+@@ -375,6 +376,10 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
+ return 0;
+ if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
+ return 0;
++ if (FIPS_mode()) {
++ if (EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_padding_mode", "oaep") <= 0)
++ return 0;
++ }
+ } else if (!ossl_cms_env_asn1_ctrl(ri, 0))
+ return 0;
+ return 1;
+@@ -540,6 +545,11 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
+
+ if (EVP_PKEY_encrypt_init(pctx) <= 0)
+ goto err;
++
++ if (FIPS_mode()) {
++ if (EVP_PKEY_CTX_ctrl_str(pctx, "rsa_padding_mode", "oaep") <= 0)
++ goto err;
++ }
+ }
+
+ if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
+--
+2.51.0
+
diff --git a/0039-FIPS-PKCS12-PBMAC1-defaults.patch b/0039-FIPS-PKCS12-PBMAC1-defaults.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c314b99b98351b9c836336d21a77c2a0c0e36bca
--- /dev/null
+++ b/0039-FIPS-PKCS12-PBMAC1-defaults.patch
@@ -0,0 +1,35 @@
+From c791ad4131fb11dc96013abc8e247cbbec5ba8ee Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Thu, 13 Feb 2025 18:16:29 -0500
+Subject: [PATCH 39/59] FIPS: PKCS12: PBMAC1 defaults
+
+From-dist-git-commit: 8fc2d4842385584094d57f6f66fcbc2a07865708
+---
+ apps/pkcs12.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/apps/pkcs12.c b/apps/pkcs12.c
+index 9964faf21a..59439a8cc0 100644
+--- a/apps/pkcs12.c
++++ b/apps/pkcs12.c
+@@ -17,6 +17,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -709,6 +710,9 @@ int pkcs12_main(int argc, char **argv)
+ }
+
+ if (maciter != -1) {
++ if (EVP_default_properties_is_fips_enabled(NULL))
++ pbmac1_pbkdf2 = 1;
++
+ if (pbmac1_pbkdf2 == 1) {
+ if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL,
+ macsaltlen, maciter,
+--
+2.51.0
+
diff --git a/0040-FIPS-Fix-encoder-decoder-negative-test.patch b/0040-FIPS-Fix-encoder-decoder-negative-test.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b78e10144397063d7177ca75fcc62fda596ee0c5
--- /dev/null
+++ b/0040-FIPS-Fix-encoder-decoder-negative-test.patch
@@ -0,0 +1,35 @@
+From 4691661243060cc6ad88902f422f058c547264f6 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Wed, 5 Mar 2025 13:22:03 -0500
+Subject: [PATCH 40/59] FIPS: Fix encoder/decoder negative test
+
+Signed-off-by: Simo Sorce
+---
+ test/recipes/04-test_encoder_decoder.t | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+ mode change 100644 => 100755 test/recipes/04-test_encoder_decoder.t
+
+diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/04-test_encoder_decoder.t
+old mode 100644
+new mode 100755
+index 2acc980e90..660d4e1115
+--- a/test/recipes/04-test_encoder_decoder.t
++++ b/test/recipes/04-test_encoder_decoder.t
+@@ -75,10 +75,10 @@ SKIP: {
+ }
+ my $no_des = disabled("des");
+ SKIP: {
+- skip "MD5 disabled", 2 if disabled("md5");
+- ok(run(app([ 'openssl', 'genrsa', '-aes128', '-out', 'epki.pem',
+- '-traditional', '-passout', 'pass:pass' ])),
+- "rsa encrypted using a non fips algorithm MD5 in pbe");
++ skip "DES disabled", 2 if disabled("des3");
++ ok(run(app([ 'openssl', 'genrsa', '-des3', '-out', 'epki.pem',
++ '-traditional', '-passout', 'pass:pass'])),
++ "rsa encrypted using a non fips algorithm DES3 in pbe");
+
+ my $conf2 = srctop_file("test", "default-and-fips.cnf");
+ ok(run(test(['decoder_propq_test', '-config', $conf2,
+--
+2.51.0
+
diff --git a/0041-FIPS-EC-DH-DSA-PCTs.patch b/0041-FIPS-EC-DH-DSA-PCTs.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3f59c44bc041ec06ec9330aa01f517b4804a9308
--- /dev/null
+++ b/0041-FIPS-EC-DH-DSA-PCTs.patch
@@ -0,0 +1,180 @@
+From 12871a0a0aaae3ce0dcae0b14a52283b3a4a4808 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Mon, 24 Mar 2025 10:50:06 -0400
+Subject: [PATCH 41/59] FIPS: EC: DH/DSA PCTs
+
+Signed-off-by: Simo Sorce
+---
+ .../implementations/exchange/ecdh_exch.c | 19 ++++++++++
+ providers/implementations/keymgmt/ec_kmgmt.c | 24 +++++++++++-
+ .../implementations/signature/ecdsa_sig.c | 37 +++++++++++++++++--
+ 3 files changed, 75 insertions(+), 5 deletions(-)
+
+diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
+index 58fbc7bc09..98d4354f3e 100644
+--- a/providers/implementations/exchange/ecdh_exch.c
++++ b/providers/implementations/exchange/ecdh_exch.c
+@@ -560,6 +560,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
+ #endif
+
+ ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
++#ifdef FIPS_MODULE
++ {
++ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
++ int check = 0;
++
++ if (bn_ctx == NULL) {
++ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
++ goto end;
++ }
++
++ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
++ BN_CTX_free(bn_ctx);
++
++ if (check <= 0) {
++ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
++ goto end;
++ }
++ }
++#endif
+
+ retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
+
+diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
+index a1d04bc3fd..c9a5b19cfc 100644
+--- a/providers/implementations/keymgmt/ec_kmgmt.c
++++ b/providers/implementations/keymgmt/ec_kmgmt.c
+@@ -995,9 +995,18 @@ struct ec_gen_ctx {
+ EC_GROUP *gen_group;
+ unsigned char *dhkem_ikm;
+ size_t dhkem_ikmlen;
++#ifdef FIPS_MODULE
++ void *ecdsa_sig_ctx;
++#endif
+ OSSL_FIPS_IND_DECLARE
+ };
+
++#ifdef FIPS_MODULE
++void *ecdsa_newctx(void *provctx, const char *propq);
++void ecdsa_freectx(void *vctx);
++int do_ec_pct(void *, const char *, void *);
++#endif
++
+ static void *ec_gen_init(void *provctx, int selection,
+ const OSSL_PARAM params[])
+ {
+@@ -1017,6 +1026,10 @@ static void *ec_gen_init(void *provctx, int selection,
+ gctx = NULL;
+ }
+ }
++#ifdef FIPS_MODULE
++ if (gctx != NULL)
++ gctx->ecdsa_sig_ctx = ecdsa_newctx(provctx, NULL);
++#endif
+ return gctx;
+ }
+
+@@ -1328,6 +1341,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+
+ if (gctx->ecdh_mode != -1)
+ ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
++#ifdef FIPS_MODULE
++ /* Pairwise consistency test */
++ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
++ && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1)
++ abort();
++#endif
+
+ if (gctx->group_check != NULL)
+ ret = ret && ossl_ec_set_check_group_type_from_name(ec,
+@@ -1413,7 +1432,10 @@ static void ec_gen_cleanup(void *genctx)
+
+ if (gctx == NULL)
+ return;
+-
++#ifdef FIPS_MODULE
++ ecdsa_freectx(gctx->ecdsa_sig_ctx);
++ gctx->ecdsa_sig_ctx = NULL;
++#endif
+ OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen);
+ EC_GROUP_free(gctx->gen_group);
+ BN_free(gctx->p);
+diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
+index 01b3023891..ad595d531c 100644
+--- a/providers/implementations/signature/ecdsa_sig.c
++++ b/providers/implementations/signature/ecdsa_sig.c
+@@ -33,7 +33,7 @@
+ #include "prov/der_ec.h"
+ #include "crypto/ec.h"
+
+-static OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
++OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
+ static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init;
+ static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init;
+ static OSSL_FUNC_signature_sign_fn ecdsa_sign;
+@@ -48,7 +48,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final;
+ static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init;
+ static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update;
+ static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final;
+-static OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
++OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
+ static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx;
+ static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types;
+ static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params;
+@@ -139,7 +139,7 @@ typedef struct {
+ OSSL_FIPS_IND_DECLARE
+ } PROV_ECDSA_CTX;
+
+-static void *ecdsa_newctx(void *provctx, const char *propq)
++void *ecdsa_newctx(void *provctx, const char *propq)
+ {
+ PROV_ECDSA_CTX *ctx;
+
+@@ -612,7 +612,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
+ return ok;
+ }
+
+-static void ecdsa_freectx(void *vctx)
++void ecdsa_freectx(void *vctx)
+ {
+ PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
+
+@@ -861,6 +861,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
+ return EVP_MD_settable_ctx_params(ctx->md);
+ }
+
++#ifdef FIPS_MODULE
++int do_ec_pct(void *vctx, const char *mdname, void *ec)
++{
++ static const unsigned char data[32];
++ unsigned char sigbuf[256];
++ size_t siglen = sizeof(sigbuf);
++
++ if (ecdsa_digest_sign_init(vctx, mdname, ec, NULL) <= 0)
++ return 0;
++
++ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
++ return 0;
++
++ if (ecdsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0)
++ return 0;
++
++ if (ecdsa_digest_verify_init(vctx, mdname, ec, NULL) <= 0)
++ return 0;
++
++ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
++ return 0;
++
++ if (ecdsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
++ return 0;
++
++ return 1;
++}
++#endif
++
+ const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = {
+ { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
+--
+2.51.0
+
diff --git a/0042-FIPS-EC-disable-weak-curves.patch b/0042-FIPS-EC-disable-weak-curves.patch
new file mode 100644
index 0000000000000000000000000000000000000000..25929000520b8ab4a0ca33dac538ba1f5b85ae04
--- /dev/null
+++ b/0042-FIPS-EC-disable-weak-curves.patch
@@ -0,0 +1,31 @@
+From 134cd6169b6dcbc1e395a38d7e5af0f9691e772b Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Fri, 7 Mar 2025 18:06:36 -0500
+Subject: [PATCH 42/59] FIPS: EC: disable weak curves
+
+Signed-off-by: Simo Sorce
+---
+ apps/ecparam.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/apps/ecparam.c b/apps/ecparam.c
+index f0879dfb11..a6042e7d2a 100644
+--- a/apps/ecparam.c
++++ b/apps/ecparam.c
+@@ -77,6 +77,13 @@ static int list_builtin_curves(BIO *out)
+ const char *comment = curves[n].comment;
+ const char *sname = OBJ_nid2sn(curves[n].nid);
+
++ if (((curves[n].nid == NID_secp256k1) || (curves[n].nid == NID_brainpoolP256r1)
++ || (curves[n].nid == NID_brainpoolP256t1) || (curves[n].nid == NID_brainpoolP320r1)
++ || (curves[n].nid == NID_brainpoolP320t1) || (curves[n].nid == NID_brainpoolP384r1)
++ || (curves[n].nid == NID_brainpoolP384t1) || (curves[n].nid == NID_brainpoolP512r1)
++ || (curves[n].nid == NID_brainpoolP512t1)) && EVP_default_properties_is_fips_enabled(NULL))
++ continue;
++
+ if (comment == NULL)
+ comment = "CURVE DESCRIPTION NOT AVAILABLE";
+ if (sname == NULL)
+--
+2.51.0
+
diff --git a/0043-FIPS-NO-DSA-Support.patch b/0043-FIPS-NO-DSA-Support.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b71ea9cf62473a443c87d6b4bedfaf35f5ffa9a2
--- /dev/null
+++ b/0043-FIPS-NO-DSA-Support.patch
@@ -0,0 +1,400 @@
+From 5679937e93d2f072cf4f56b27dc6bcce251f6def Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Fri, 7 Mar 2025 18:10:52 -0500
+Subject: [PATCH 43/59] FIPS: NO DSA Support
+
+Signed-off-by: Simo Sorce
+---
+ providers/fips/fipsprov.c | 8 +++++---
+ providers/fips/self_test_data.inc | 6 +++++-
+ test/acvp_test.c | 2 ++
+ test/endecode_test.c | 2 ++
+ test/recipes/15-test_gendsa.t | 2 +-
+ test/recipes/20-test_cli_fips.t | 3 +--
+ test/recipes/30-test_evp.t | 7 ++-----
+ test/recipes/30-test_evp_data/evppkey_dsa.txt | 18 ++++++++++++++++-
+ test/recipes/80-test_cms.t | 20 +++++++++----------
+ 9 files changed, 45 insertions(+), 23 deletions(-)
+ mode change 100644 => 100755 test/recipes/30-test_evp.t
+
+diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
+index e5d798fd54..a807c76fd8 100644
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -432,7 +432,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
+ };
+
+ static const OSSL_ALGORITHM fips_signature[] = {
+-#ifndef OPENSSL_NO_DSA
++/* We don't certify DSA in our FIPS provider */
++#if 0 /* #ifndef OPENSSL_NO_DSA */
+ { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
+ { PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions },
+ { PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions },
+@@ -562,8 +563,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
+ PROV_DESCS_DHX },
+ #endif
+ #ifndef OPENSSL_NO_DSA
+- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
+- PROV_DESCS_DSA },
++ /* We don't certify DSA in our FIPS provider */
++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
++ PROV_DESCS_DSA }, */
+ #endif
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
+ PROV_DESCS_RSA },
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index 6abab0a7a1..a7d7684d96 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -1547,8 +1547,9 @@ static const unsigned char ed448_expected_sig[] = {
+ # endif /* OPENSSL_NO_ECX */
+ #endif /* OPENSSL_NO_EC */
+
+-#ifndef OPENSSL_NO_DSA
+ /* dsa 2048 */
++#if 0
++#ifndef OPENSSL_NO_DSA
+ static const unsigned char dsa_p[] = {
+ 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
+ 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
+@@ -1676,6 +1677,7 @@ static const ST_KAT_PARAM dsa_key[] = {
+ ST_KAT_PARAM_END()
+ };
+ #endif /* OPENSSL_NO_DSA */
++#endif
+
+ #ifndef OPENSSL_NO_ML_DSA
+ static const unsigned char ml_dsa_65_pub_key[] = {
+@@ -3038,6 +3040,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ },
+ # endif /* OPENSSL_NO_ECX */
+ #endif /* OPENSSL_NO_EC */
++#if 0
+ #ifndef OPENSSL_NO_DSA
+ {
+ OSSL_SELF_TEST_DESC_SIGN_DSA,
+@@ -3050,6 +3053,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ ITM(dsa_expected_sig)
+ },
+ #endif /* OPENSSL_NO_DSA */
++#endif
+
+ #ifndef OPENSSL_NO_ML_DSA
+ {
+diff --git a/test/acvp_test.c b/test/acvp_test.c
+index 2bcc886fd2..db0282d043 100644
+--- a/test/acvp_test.c
++++ b/test/acvp_test.c
+@@ -1735,6 +1735,7 @@ int setup_tests(void)
+ OSSL_NELEM(dh_safe_prime_keyver_data));
+ #endif /* OPENSSL_NO_DH */
+
++#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */
+ #ifndef OPENSSL_NO_DSA
+ dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
+ ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
+@@ -1743,6 +1744,7 @@ int setup_tests(void)
+ ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
+ ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
+ #endif /* OPENSSL_NO_DSA */
++#endif
+
+ #ifndef OPENSSL_NO_EC
+ ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0);
+diff --git a/test/endecode_test.c b/test/endecode_test.c
+index d2ff9e6eb6..dfd5e92f7e 100644
+--- a/test/endecode_test.c
++++ b/test/endecode_test.c
+@@ -1536,6 +1536,7 @@ int setup_tests(void)
+ * so no legacy tests.
+ */
+ #endif
++ if (is_fips == 0) {
+ #ifndef OPENSSL_NO_DSA
+ ADD_TEST_SUITE(DSA);
+ ADD_TEST_SUITE_PARAMS(DSA);
+@@ -1546,6 +1547,7 @@ int setup_tests(void)
+ ADD_TEST_SUITE_PROTECTED_PVK(DSA);
+ # endif
+ #endif
++ }
+ #ifndef OPENSSL_NO_EC
+ ADD_TEST(ec_encode_to_data_multi);
+ ADD_TEST_SUITE(EC);
+diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t
+index cd331c4cfc..e21d6acda4 100644
+--- a/test/recipes/15-test_gendsa.t
++++ b/test/recipes/15-test_gendsa.t
+@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
+ plan skip_all => "This test is unsupported in a no-dsa build"
+ if disabled("dsa");
+
+-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
++my $no_fips = 1;
+
+ plan tests =>
+ ($no_fips ? 0 : 2) # FIPS related tests
+diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t
+index 2abc4d2434..9a6875b3ec 100644
+--- a/test/recipes/20-test_cli_fips.t
++++ b/test/recipes/20-test_cli_fips.t
+@@ -283,8 +283,7 @@ SKIP: {
+ }
+
+ SKIP : {
+- skip "FIPS DSA tests because of no dsa in this build", 1
+- if disabled("dsa") || $dsasignpass == '0';
++ skip "FIPS DSA tests because of no dsa in this build", 1;
+
+ subtest DSA => sub {
+ my $testtext_prefix = 'DSA';
+diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
+old mode 100644
+new mode 100755
+index a86456157b..05a61c8abe
+--- a/test/recipes/30-test_evp.t
++++ b/test/recipes/30-test_evp.t
+@@ -83,10 +83,6 @@ push @files, qw(
+ evppkey_slh_dsa_siggen.txt
+ evppkey_slh_dsa_sigver.txt
+ ) unless $no_slh_dsa;
+-push @files, qw(
+- evppkey_dsa.txt
+- evppkey_dsa_sigalg.txt
+- ) unless $no_dsa;
+ push @files, qw(
+ evppkey_ecx.txt
+ evppkey_ecx_sigalg.txt
+@@ -166,11 +162,12 @@ my @defltfiles = qw(
+ push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
+ push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
+ push @defltfiles, qw(evppkey_ecx_kem.txt) unless $no_ecx;
+-push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
+ push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
+ push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
+ push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
+ push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2;
++push @defltfiles, qw(evppkey_dsa.txt
++ evppkey_dsa_sigalg.txt) unless $no_dsa;
+
+ plan tests =>
+ + (scalar(@configs) * scalar(@files))
+diff --git a/test/recipes/30-test_evp_data/evppkey_dsa.txt b/test/recipes/30-test_evp_data/evppkey_dsa.txt
+index 5e5315a5b9..660d1db149 100644
+--- a/test/recipes/30-test_evp_data/evppkey_dsa.txt
++++ b/test/recipes/30-test_evp_data/evppkey_dsa.txt
+@@ -44,17 +44,22 @@ PrivPubKeyPair = DSA-1024:DSA-1024-PUBLIC
+
+ Title = DSA tests
+
++## Red Hat all SHA1 tests are unavailable
++
++Availablein = none
+ Verify = DSA-1024
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
+
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
+
+ # Modified signature
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+@@ -62,6 +67,7 @@ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239
+ Result = VERIFY_ERROR
+
+ # Digest too short
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF123"
+@@ -69,6 +75,7 @@ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239
+ Result = VERIFY_ERROR
+
+ # Digest too long
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF12345"
+@@ -76,12 +83,14 @@ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239
+ Result = VERIFY_ERROR
+
+ # Garbage after signature
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Input = "0123456789ABCDEF1234"
+ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d8700
+ Result = VERIFY_ERROR
+
+ # Invalid tag
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+@@ -89,6 +98,7 @@ Output = 312d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239
+ Result = VERIFY_ERROR
+
+ # BER signature
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+@@ -277,6 +287,7 @@ Output = 00
+ Result = DIGESTSIGNINIT_ERROR
+
+ # Test sign with a 2048 bit key with N == 224 is allowed in fips mode
++Availablein = none
+ FIPSversion = <3.4.0
+ DigestSign = SHA256
+ Key = DSA-2048-224
+@@ -285,6 +296,7 @@ Output = 00
+ Result = SIGNATURE_MISMATCH
+
+ # Test sign with a 2048 bit key with N == 256 is allowed in fips mode
++Availablein = none
+ FIPSversion = <3.4.0
+ DigestSign = SHA256
+ Key = DSA-2048-256
+@@ -292,6 +304,7 @@ Input = "Hello"
+ Result = SIGNATURE_MISMATCH
+
+ # Test sign with a 3072 bit key with N == 256 is allowed in fips mode
++Availablein = none
+ FIPSversion = <3.4.0
+ DigestSign = SHA256
+ Key = DSA-3072-256
+@@ -299,6 +312,7 @@ Input = "Hello"
+ Result = SIGNATURE_MISMATCH
+
+ # Test sign with a 2048 bit SHA3 is allowed in fips mode
++Availablein = none
+ FIPSversion = <3.4.0
+ DigestSign = SHA3-224
+ Key = DSA-2048-256
+@@ -306,19 +320,21 @@ Input = "Hello"
+ Result = SIGNATURE_MISMATCH
+
+ # Test verify with a 1024 bit key is allowed in fips mode
++Availablein = default
+ DigestVerify = SHA256
+ Key = DSA-1024
+ Input = "Hello "
+ Output = 302c02142e32c8a5b0bd19b2ba33fd9c78aad3729dcb1b9e02142c006f7726a9d6833d414865b95167ea5f4f7713
+
+ # Test verify with SHA1 is allowed in fips mode
++Availablein = none
+ DigestVerify = SHA1
+ Key = DSA-1024
+ Input = "Hello "
+ Output = 302c0214602d21ed37e46051bb3d06cc002adddeb4cdb3bd02144f39f75587b286588862d06366b2f29bddaf8cf6
+
+ # Test verify with a 2048/160 bit key is allowed in fips mode
+-FIPSversion = >3.1.1
++Availablein = default
+ DigestVerify = SHA256
+ Key = DSA-2048-160
+ Input = "Hello"
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index cf4541449b..7350baa921 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -116,7 +116,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content DER format, DSA key",
++ [ "signed content DER format, DSA key, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed detached content DER format, DSA key",
++ [ "signed detached content DER format, DSA key, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+@@ -133,7 +133,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed detached content DER format, add RSA signer (with DSA existing)",
++ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
+@@ -144,7 +144,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming BER format, DSA key",
++ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-nodetach", "-stream",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+@@ -153,7 +153,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-nodetach", "-stream",
+ "-signer", $smrsa1,
+@@ -166,7 +166,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-noattr", "-nodetach", "-stream",
+ "-signer", $smrsa1,
+@@ -196,7 +196,7 @@ my @smime_pkcs7_tests = (
+ \&zero_compare
+ ],
+
+- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
++ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
+ "-signer", $smrsa1,
+ "-signer", catfile($smdir, "smrsa2.pem"),
+@@ -208,7 +208,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
++ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont,
+ "-signer", $smrsa1,
+ "-signer", catfile($smdir, "smrsa2.pem"),
+@@ -282,7 +282,7 @@ if ($no_fips || $old_fips) {
+
+ my @smime_cms_tests = (
+
+- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-nodetach", "-keyid",
+ "-signer", $smrsa1,
+@@ -295,7 +295,7 @@ my @smime_cms_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
++ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", $smrsa1,
+ "-signer", catfile($smdir, "smrsa2.pem"),
+--
+2.51.0
+
diff --git a/0044-FIPS-NO-DES-support.patch b/0044-FIPS-NO-DES-support.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5c22fcfc7b20fa0802af293d370242c2949b8895
--- /dev/null
+++ b/0044-FIPS-NO-DES-support.patch
@@ -0,0 +1,173 @@
+From 7c75c6f52700efbee8d960601c0b1943295b6ae5 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Fri, 7 Mar 2025 18:15:13 -0500
+Subject: [PATCH 44/59] FIPS: NO DES support
+
+Signed-off-by: Simo Sorce
+---
+ providers/fips/fipsprov.c | 3 ++-
+ providers/fips/self_test_data.inc | 4 ++++
+ test/evp_libctx_test.c | 4 +++-
+ .../30-test_evp_data/evpciph_des3_common.txt | 13 ++++---------
+ test/recipes/30-test_evp_data/evpmac_cmac_des.txt | 10 ----------
+ test/recipes/80-test_cms.t | 2 +-
+ 6 files changed, 14 insertions(+), 22 deletions(-)
+
+diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
+index a807c76fd8..767073fce4 100644
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -356,7 +356,8 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
+ ossl_cipher_capable_aes_cbc_hmac_sha256),
+ ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
+ ossl_cipher_capable_aes_cbc_hmac_sha256),
+-#ifndef OPENSSL_NO_DES
++/* We don't certify 3DES in our FIPS provider */
++#if 0 /* ifndef OPENSSL_NO_DES */
+ ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
+ #endif /* OPENSSL_NO_DES */
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index a7d7684d96..c9ce8f3340 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -262,6 +262,7 @@ static const unsigned char aes_128_ecb_ct[] = {
+ 0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65
+ };
+
++#if 0
+ #ifndef OPENSSL_NO_DES
+ /*
+ * TDES-ECB test data from
+@@ -280,6 +281,7 @@ static const unsigned char tdes_pt[] = {
+ 0x4B, 0xAB, 0x3B, 0xE1, 0x50, 0x2E, 0x3B, 0x36
+ };
+ #endif
++#endif
+
+ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
+ {
+@@ -305,6 +307,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
+ CIPHER_MODE_DECRYPT,
+ ITM(aes_128_ecb_key)
+ },
++#if 0
+ #ifndef OPENSSL_NO_DES
+ {
+ {
+@@ -317,6 +320,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
+ ITM(tdes_key)
+ }
+ #endif
++#endif
+ };
+
+ static const char hkdf_digest[] = "SHA256";
+diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
+index 2838f343bd..19dd2c6c63 100644
+--- a/test/evp_libctx_test.c
++++ b/test/evp_libctx_test.c
+@@ -831,7 +831,9 @@ int setup_tests(void)
+ ADD_TEST(kem_invalid_keytype);
+ #endif
+ #ifndef OPENSSL_NO_DES
+- ADD_TEST(test_cipher_tdes_randkey);
++ if (strcmp(prov_name, "fips") != 0) {
++ ADD_TEST(test_cipher_tdes_randkey);
++ }
+ #endif
+ return 1;
+ }
+diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+index 6c74b65cef..8bcb78cd2d 100644
+--- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt
++++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+@@ -14,7 +14,7 @@
+ Title = DES3 Tests
+
+ # DES EDE3 CBC tests (from destest)
+-FIPSversion = <3.4.0
++Availablein = default
+ Cipher = DES-EDE3-CBC
+ Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+ IV = fedcba9876543210
+@@ -24,8 +24,7 @@ NextIV = 1c673812cfde9675
+
+ # DES EDE3 ECB test
+ # FIPS(3.0.0): has a bug in the IV length #17591
+-FIPSversion = >3.0.0
+-FIPSversion = <3.4.0
++Availablein = default
+ Cipher = DES-EDE3-ECB
+ Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+@@ -42,7 +41,6 @@ Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d
+
+ # Test that DES3 CBC mode encryption fails because it is not FIPS approved
+ Availablein = fips
+-FIPSversion = >=3.4.0
+ Cipher = DES-EDE3-CBC
+ Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+ IV = fedcba9876543210
+@@ -52,7 +50,6 @@ Result = CIPHERINIT_ERROR
+
+ # Test that DES3 EBC mode encryption fails because it is not FIPS approved
+ Availablein = fips
+-FIPSversion = >=3.4.0
+ Cipher = DES-EDE3-ECB
+ Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+@@ -62,8 +59,7 @@ Result = CIPHERINIT_ERROR
+ Title = DES3 FIPS Indicator Tests
+
+ # Test that DES3 CBC mode encryption is not FIPS approved
+-Availablein = fips
+-FIPSversion = >=3.4.0
++Availablein = none
+ Cipher = DES-EDE3-CBC
+ Unapproved = 1
+ CtrlInit = encrypt-check:0
+@@ -74,8 +70,7 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+ Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
+
+ # Test that DES3 ECB mode encryption is not FIPS approved
+-Availablein = fips
+-FIPSversion = >=3.4.0
++Availablein = none
+ Cipher = DES-EDE3-ECB
+ Operation = ENCRYPT
+ Unapproved = 1
+diff --git a/test/recipes/30-test_evp_data/evpmac_cmac_des.txt b/test/recipes/30-test_evp_data/evpmac_cmac_des.txt
+index a11e5ffe54..e4a7cbe75e 100644
+--- a/test/recipes/30-test_evp_data/evpmac_cmac_des.txt
++++ b/test/recipes/30-test_evp_data/evpmac_cmac_des.txt
+@@ -35,13 +35,3 @@ Algorithm = DES-EDE3-CBC
+ Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23
+ Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E
+ Result = MAC_INIT_ERROR
+-
+-Availablein = fips
+-FIPSversion = >=3.4.0
+-MAC = CMAC
+-Unapproved = 1
+-Ctrl = encrypt-check:0
+-Algorithm = DES-EDE3-CBC
+-Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23
+-Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E
+-Output = 8F49A1B7D6AA2258
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index 7350baa921..740823c61e 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -415,7 +415,7 @@ my @smime_cms_tests = (
+ \&final_compare
+ ],
+
+- [ "encrypted content test streaming PEM format, triple DES key",
++ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS",
+ [ "{cmd1}", @defaultprov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "-stream", "-out", "{output}.cms" ],
+--
+2.51.0
+
diff --git a/0045-FIPS-NO-Kmac.patch b/0045-FIPS-NO-Kmac.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a849a53c624e5815e419344701bfd241a8cb728c
--- /dev/null
+++ b/0045-FIPS-NO-Kmac.patch
@@ -0,0 +1,426 @@
+From 70094ad6af6b81c1e278b6918fc7a143fbad02a9 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Fri, 7 Mar 2025 18:22:07 -0500
+Subject: [PATCH 45/59] FIPS: NO Kmac
+
+Signed-off-by: Simo Sorce
+---
+ providers/fips/fipsprov.c | 10 +-
+ providers/fips/self_test_data.inc | 4 +
+ test/recipes/30-test_evp.t | 2 +-
+ test/recipes/30-test_evp_data/evpkdf_hkdf.txt | 2 +-
+ .../30-test_evp_data/evpkdf_kbkdf_counter.txt | 2 +-
+ test/recipes/30-test_evp_data/evpkdf_ss.txt | 6 +-
+ .../30-test_evp_data/evpmac_common.txt | 100 ++++--------------
+ 7 files changed, 40 insertions(+), 86 deletions(-)
+
+diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
+index 767073fce4..3d6fe1f244 100644
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -295,10 +295,11 @@ static const OSSL_ALGORITHM fips_digests[] = {
+ * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
+ * KMAC128 and KMAC256.
+ */
+- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
++ /* We don't certify KECCAK in our FIPS provider */
++ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
+ ossl_keccak_kmac_128_functions },
+ { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES,
+- ossl_keccak_kmac_256_functions },
++ ossl_keccak_kmac_256_functions }, */
+ { NULL, NULL, NULL }
+ };
+
+@@ -371,8 +372,9 @@ static const OSSL_ALGORITHM fips_macs[] = {
+ #endif
+ { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
+ { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
+- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
+- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions },
++ /* We don't certify KMAC in our FIPS provider */
++ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
++ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */
+ { NULL, NULL, NULL }
+ };
+
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index c9ce8f3340..3e32a5446a 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -535,6 +535,7 @@ static const ST_KAT_PARAM kbkdf_params[] = {
+ ST_KAT_PARAM_END()
+ };
+
++#if 0
+ static const char kbkdf_kmac_mac[] = "KMAC128";
+ static unsigned char kbkdf_kmac_label[] = {
+ 0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D,
+@@ -561,6 +562,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = {
+ ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context),
+ ST_KAT_PARAM_END()
+ };
++#endif
+
+ static const char tls13_kdf_digest[] = "SHA256";
+ static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
+@@ -651,12 +653,14 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
+ kbkdf_params,
+ ITM(kbkdf_expected)
+ },
++#if 0
+ {
+ OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC,
+ OSSL_KDF_NAME_KBKDF,
+ kbkdf_kmac_params,
+ ITM(kbkdf_kmac_expected)
+ },
++#endif
+ {
+ OSSL_SELF_TEST_DESC_KDF_HKDF,
+ OSSL_KDF_NAME_HKDF,
+diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
+index 05a61c8abe..4f2e8277b5 100755
+--- a/test/recipes/30-test_evp.t
++++ b/test/recipes/30-test_evp.t
+@@ -52,7 +52,6 @@ my @files = qw(
+ evpciph_des3_common.txt
+ evpkdf_hkdf.txt
+ evpkdf_kbkdf_counter.txt
+- evpkdf_kbkdf_kmac.txt
+ evpkdf_pbkdf1.txt
+ evpkdf_pbkdf2.txt
+ evpkdf_ss.txt
+@@ -144,6 +143,7 @@ my @defltfiles = qw(
+ evpkdf_scrypt.txt
+ evpkdf_tls11_prf.txt
+ evpkdf_hmac_drbg.txt
++ evpkdf_kbkdf_kmac.txt
+ evpmac_blake.txt
+ evpmac_poly1305.txt
+ evpmac_siphash.txt
+diff --git a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt
+index c617f2cc44..c5cbaf5840 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt
+@@ -244,7 +244,7 @@ Ctrl.digest = digest:SHA1
+ Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+ Ctrl.salt = hexsalt:000102030405060708090a0b0c
+ Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+-Result = KDF_CTRL_ERROR
++Result = KDF_DERIVE_ERROR
+ Reason = invalid key length
+
+ # Test that the key whose length is shorter than 112 bits is reported as
+diff --git a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
+index 67090f2112..bc87975449 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
+@@ -1869,7 +1869,7 @@ Ctrl.use-separator = use-separator:0
+ Ctrl.r = r:8
+ Ctrl.hexkey = hexkey:0ef9
+ Ctrl.hexinfo = hexinfo:56ec
+-Result = KDF_CTRL_ERROR
++Result = KDF_DERIVE_ERROR
+ Reason = invalid key length
+
+ Availablein = fips
+diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt
+index 07691ccf57..4503af711f 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_ss.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt
+@@ -1171,6 +1171,7 @@ Ctrl.hexsecret = hexsecret:40B6E03711EBEBA14011ACE96CB056DEBAEB6E5E706F99435257C
+ Ctrl.hexinfo = hexinfo:5D437C2F1035A4F1F751E59CF10650171EF5769FCFBE438DFBC5BD8EA724100076447AB804F91DFA680E592FE2621A45DAB4C6A77B678059FC29E572DE4424EB5459F53523002ED38AAB1D9DD96C3523D1907C5EFBAE93DFFE680F716498720110D2A3B9CE9B66DB2884C83E9BEB546754874C0CA1967AF000000400
+ Output = 428979EA52175DC833C04215AC6B4BA89BA4FCAA0E0FA3B4E2C0E264C5746F0A5C788F2907A2C2B90719E396B35A14C4B583C51B9911125D34100FADDC4D94C0D936263CC1EF0B0D526E3891FE1F67BCB94DEA2525B84A8E7949A4CA34F36AEEC55099BF0EC5DE24B86428F4E6E6E23FE9AA443E2BDCF25A77ECD22BF758D554
+
++Availablein = default
+ KDF = SSKDF
+ Ctrl.mac = mac:KMAC-128
+ Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390ADBA9DFB291EE8C1920CB13452FDF851E0A6DBBB862FD8811F8CB29CDEC13591D8C047065FCD2
+@@ -1209,7 +1210,7 @@ Ctrl.mac = mac:KMAC-128
+ Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390A
+ Ctrl.hexinfo = hexinfo:A2641090E75D5BDC0B23CCD49BB02DC63B41D3F38E0947D491DFDDC734A8582DF5C961EFE586378317AB7E5821DE3146EA26C823EE4FA48C22D7142E5BDEF50DE8BD9940E6E5AC58A6441DFCD9D5C8F6199D05BEBE1394C706F2354AC902EB5C4533EB00000400
+ Result = KDF_CTRL_ERROR
+-Reason = invalid key length
++Reason = unsupported
+
+ Title = Secret length < 112 is not approved in FIPS
+
+@@ -1246,6 +1247,8 @@ Ctrl.mac = mac:KMAC-128
+ Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390A
+ Ctrl.hexinfo = hexinfo:A2641090E75D5BDC0B23CCD49BB02DC63B41D3F38E0947D491DFDDC734A8582DF5C961EFE586378317AB7E5821DE3146EA26C823EE4FA48C22D7142E5BDEF50DE8BD9940E6E5AC58A6441DFCD9D5C8F6199D05BEBE1394C706F2354AC902EB5C4533EB00000400
+ Output = b160ca853957becf10f4edd06b24cff412b6ca85cff76490afb53ce2f81081ef
++Result = KDF_CTRL_ERROR
++Reason = unsupported
+
+ Title = Test Small salt is allowed
+
+@@ -1257,6 +1260,7 @@ Ctrl.hexsalt = hexsalt:00
+ Ctrl.hexinfo = hexinfo:861aa2886798231259bd0314
+ Output = 02cfca07797566285b38982b86762abd
+
++Availablein = default
+ KDF = SSKDF
+ Ctrl.mac = mac:KMAC-128
+ Ctrl.hexsalt = hexsalt:00000000
+diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
+index 831eecbac9..af92ceea98 100644
+--- a/test/recipes/30-test_evp_data/evpmac_common.txt
++++ b/test/recipes/30-test_evp_data/evpmac_common.txt
+@@ -399,6 +399,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C
+ Result = MAC_INIT_ERROR
+ Reason = invalid mode
+
++Availablein = default
+ Title = KMAC Tests (From NIST)
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+@@ -409,12 +410,14 @@ Ctrl = xof:0
+ OutputSize = 32
+ BlockSize = 168
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+ Custom = "My Tagged Application"
+ Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -422,6 +425,7 @@ Custom = "My Tagged Application"
+ Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230
+ Ctrl = size:32
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -430,12 +434,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC
+ OutputSize = 64
+ BlockSize = 136
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+ Custom = ""
+ Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -445,12 +451,14 @@ Ctrl = size:64
+
+ Title = KMAC XOF Tests (From NIST)
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+ Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
+ XOF = 1
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -458,6 +466,7 @@ Custom = "My Tagged Application"
+ Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
+ XOF = 1
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -466,6 +475,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
+ XOF = 1
+ Ctrl = size:32
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -473,6 +483,7 @@ Custom = "My Tagged Application"
+ Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
+ XOF = 1
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -480,6 +491,7 @@ Custom = ""
+ Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
+ XOF = 1
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -490,6 +502,7 @@ XOF = 1
+
+ Title = KMAC long customisation string (from NIST ACVP)
+
++Availablein = default
+ MAC = KMAC256
+ Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
+ Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
+@@ -500,12 +513,14 @@ XOF = 1
+
+ Title = KMAC XOF Tests via ctrl (From NIST)
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+ Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
+ Ctrl = xof:1
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -513,6 +528,7 @@ Custom = "My Tagged Application"
+ Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
+ Ctrl = xof:1
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -521,6 +537,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
+ Ctrl = xof:1
+ Ctrl = size:32
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -528,6 +545,7 @@ Custom = "My Tagged Application"
+ Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
+ Ctrl = xof:1
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -535,6 +553,7 @@ Custom = ""
+ Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
+ Ctrl = xof:1
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -545,6 +564,7 @@ Ctrl = xof:1
+
+ Title = KMAC long customisation string via ctrl (from NIST ACVP)
+
++Availablein = default
+ MAC = KMAC256
+ Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
+ Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
+@@ -555,6 +575,7 @@ Ctrl = xof:1
+
+ Title = KMAC long customisation string negative test
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -564,6 +585,7 @@ Reason = invalid custom length
+
+ Title = KMAC output is too large
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -572,81 +594,3 @@ Ctrl = size:2097152
+ Result = MAC_INIT_ERROR
+ Reason = invalid output length
+
+-Title = KMAC output is too small in FIPS
+-
+-Availablein = fips
+-FIPSversion = >=3.4.0
+-MAC = KMAC256
+-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+-Output = 28c815
+-Custom = "My Tagged Application"
+-Unapproved = 1
+-Ctrl = size:3
+-Ctrl = no-short-mac:0
+-
+-Availablein = fips
+-FIPSversion = >=3.4.0
+-MAC = KMAC256
+-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+-Output = 28c815
+-Custom = "My Tagged Application"
+-Ctrl = size:3
+-Result = MAC_INIT_ERROR
+-Reason = invalid output length
+-
+-Availablein = fips
+-FIPSversion = >=3.4.0
+-MAC = KMAC256
+-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+-Output = 28c815
+-Custom = "My Tagged Application"
+-Ctrl = size:3
+-Ctrl = no-short-mac:1
+-Result = MAC_INIT_ERROR
+-Reason = invalid output length
+-
+-# Old FIPS providers accept short output
+-FIPSversion = <3.4.0
+-MAC = KMAC256
+-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+-Output = 28c815
+-Custom = "My Tagged Application"
+-Ctrl = size:3
+-
+-# The default provider accepts short output
+-Availablein = default
+-MAC = KMAC256
+-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+-Output = 28c815
+-Custom = "My Tagged Application"
+-Ctrl = size:3
+-
+-Title = KMAC FIPS short key test
+-
+-# Test KMAC with key < 112 bits is not allowed
+-Availablein = fips
+-FIPSversion = >=3.4.0
+-MAC = KMAC256
+-Key = 404142434445464748494A4B4C
+-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+-Custom = ""
+-Result = MAC_INIT_ERROR
+-Reason = invalid key length
+-
+-Title = KMAC FIPS short key indicator test
+-
+-# Test KMAC with key < 112 bits is unapproved
+-Availablein = fips
+-FIPSversion = >=3.4.0
+-MAC = KMAC256
+-Unapproved = 1
+-Ctrl = key-check:0
+-Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+-Custom = ""
+-Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
+--
+2.51.0
+
diff --git a/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch b/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
new file mode 100644
index 0000000000000000000000000000000000000000..94d5a609ff9e024307b9c4db0b61d8054884e911
--- /dev/null
+++ b/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
@@ -0,0 +1,106 @@
+From 552dec327a579572ca17a560bb415d8f407ce990 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Mon, 10 Mar 2025 13:52:50 -0400
+Subject: [PATCH 46/59] FIPS: Fix some tests due to our versioning change
+
+Signed-off-by: Simo Sorce
+---
+ test/ssl-tests/13-fragmentation.cnf.in | 4 ++--
+ test/ssl-tests/17-renegotiate.cnf.in | 4 ++--
+ test/ssl-tests/18-dtls-renegotiate.cnf.in | 2 +-
+ test/ssl-tests/19-mac-then-encrypt.cnf.in | 2 +-
+ test/ssl-tests/20-cert-select.cnf.in | 6 +++---
+ 5 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/test/ssl-tests/13-fragmentation.cnf.in b/test/ssl-tests/13-fragmentation.cnf.in
+index 318fd65960..87ec08ee5b 100644
+--- a/test/ssl-tests/13-fragmentation.cnf.in
++++ b/test/ssl-tests/13-fragmentation.cnf.in
+@@ -14,7 +14,7 @@ use warnings;
+
+ package ssltests;
+
+-our $fips_3_4;
++our $fips_mode;
+
+ our @tests = (
+ # Default fragment size is 512.
+@@ -273,4 +273,4 @@ my @tests_rsa = (
+ );
+
+ push @tests, @tests_rsa
+- unless $fips_3_4;
++ unless $fips_mode;
+diff --git a/test/ssl-tests/17-renegotiate.cnf.in b/test/ssl-tests/17-renegotiate.cnf.in
+index 2812e4c38b..9cbd972eba 100644
+--- a/test/ssl-tests/17-renegotiate.cnf.in
++++ b/test/ssl-tests/17-renegotiate.cnf.in
+@@ -15,7 +15,7 @@ use warnings;
+ package ssltests;
+ use OpenSSL::Test::Utils;
+
+-our $fips_3_4;
++our $fips_mode;
+
+ our @tests = (
+ {
+@@ -318,5 +318,5 @@ our @tests_tls1_2 = (
+ }
+ );
+
+-push @tests, @tests_tls1_2_rsa unless disabled("tls1_2") or $fips_3_4;
++push @tests, @tests_tls1_2_rsa unless disabled("tls1_2") or $fips_mode;
+ push @tests, @tests_tls1_2 unless disabled("tls1_2");
+diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in
+index 8996849a2c..415dc2978d 100644
+--- a/test/ssl-tests/18-dtls-renegotiate.cnf.in
++++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in
+@@ -133,7 +133,7 @@ foreach my $sctp ("No", "Yes")
+ );
+ push @tests, @tests_basic;
+
+- next if disabled("dtls1_2") || $fips_3_4;
++ next if disabled("dtls1_2") || $fips_mode;
+ our @tests_dtls1_2 = (
+ {
+ name => "renegotiate-aead-to-non-aead".$suffix,
+diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf.in b/test/ssl-tests/19-mac-then-encrypt.cnf.in
+index 32bcec4be4..2f8a123c20 100644
+--- a/test/ssl-tests/19-mac-then-encrypt.cnf.in
++++ b/test/ssl-tests/19-mac-then-encrypt.cnf.in
+@@ -17,7 +17,7 @@ our $fips_mode;
+ our $fips_3_4;
+
+ # Nothing to test with newer fips providers
+-return if $fips_3_4;
++return if $fips_mode;
+
+ our @tests = (
+ {
+diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in
+index af47842fd8..21c75033e8 100644
+--- a/test/ssl-tests/20-cert-select.cnf.in
++++ b/test/ssl-tests/20-cert-select.cnf.in
+@@ -266,7 +266,7 @@ our @tests = (
+ },
+ test => {
+ "ExpectedServerCertType" =>, "RSA",
+- "ExpectedResult" => $fips_3_4 ? "ClientFail" : "Success"
++ "ExpectedResult" => $fips_mode ? "ClientFail" : "Success"
+ },
+ },
+ {
+@@ -1005,8 +1005,8 @@ my @tests_dsa_tls_1_3 = (
+ );
+
+ if (!disabled("dsa")) {
+- push @tests, @tests_dsa_tls_1_2 unless disabled("dh") || $fips_3_4;
+- push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
++ push @tests, @tests_dsa_tls_1_2 unless disabled("dh") || $fips_mode;
++ push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3") || $fips_mode;
+ }
+
+ my @tests_mldsa_tls_1_3 = (
+--
+2.51.0
+
diff --git a/0048-FIPS-KDF-key-lenght-errors.patch b/0048-FIPS-KDF-key-lenght-errors.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c59e5e01a2d776ba4bb7cb7d7ef824cd167356ff
--- /dev/null
+++ b/0048-FIPS-KDF-key-lenght-errors.patch
@@ -0,0 +1,175 @@
+From 284c64f2ad8f104b15983f7ff37e90486847c5b1 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Mon, 14 Apr 2025 15:25:40 -0400
+Subject: [PATCH 48/59] FIPS: KDF key lenght errors
+
+Signed-off-by: Simo Sorce
+---
+ test/recipes/30-test_evp_data/evpkdf_ss.txt | 8 ++++----
+ test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt | 6 +++---
+ test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt | 11 ++++++-----
+ test/recipes/30-test_evp_data/evpkdf_x942.txt | 3 +--
+ test/recipes/30-test_evp_data/evpkdf_x963.txt | 6 ++----
+ test/recipes/30-test_evp_data/evpmac_common.txt | 2 +-
+ test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt | 2 +-
+ 7 files changed, 18 insertions(+), 20 deletions(-)
+
+diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt
+index 4503af711f..7ef2894ae6 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_ss.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt
+@@ -1189,8 +1189,8 @@ KDF = SSKDF
+ Ctrl.digest = digest:SHA1
+ Ctrl.hexsecret = hexsecret:d7e6
+ Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff
+-Result = KDF_CTRL_ERROR
+-Reason = invalid key length
++Result = KDF_DERIVE_ERROR
++#Reason = invalid key length
+
+ Availablein = fips
+ FIPSversion = >=3.4.0
+@@ -1200,8 +1200,8 @@ Ctrl.digest = digest:SHA224
+ Ctrl.salt = hexsalt:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+ Ctrl.hexsecret = hexsecret:40B6E03711EBEBA14011ACE96C
+ Ctrl.hexinfo = hexinfo:5D437C2F1035A4F1F751E59CF10650171EF5769FCFBE438DFBC5BD8EA724100076447AB804F91DFA680E592FE2621A45DAB4C6A77B678059FC29E572DE4424EB5459F53523002ED38AAB1D9DD96C3523D1907C5EFBAE93DFFE680F716498720110D2A3B9CE9B66DB2884C83E9BEB546754874C0CA1967AF000000400
+-Result = KDF_CTRL_ERROR
+-Reason = invalid key length
++Result = KDF_DERIVE_ERROR
++#Reason = invalid key length
+
+ Availablein = fips
+ FIPSversion = >=3.4.0
+diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+index edb2e81273..d663e5e5a5 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+@@ -104,8 +104,8 @@ Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55
+ Ctrl.label = seed:extended master secret
+ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+ Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+-Result = KDF_CTRL_ERROR
+-Reason = digest not allowed
++Result = KDF_DERIVE_ERROR
++Reason = invalid key length
+
+ # Test that the operation with unapproved digest function is is reported as
+ # unapproved
+@@ -131,7 +131,7 @@ Ctrl.Secret = hexsecret:0102030405060708090a0b
+ Ctrl.label = seed:extended master secret
+ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+ Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+-Result = KDF_CTRL_ERROR
++Result = KDF_DERIVE_ERROR
+ Reason = invalid key length
+
+ # Test that the key whose length is shorter than 112 bits is reported as
+diff --git a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
+index f2ea9ac44a..0f2f6e3904 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
+@@ -4963,7 +4963,7 @@ KDF = TLS13-KDF
+ Ctrl.mode = mode:EXTRACT_ONLY
+ Ctrl.digest = digest:SHA512-256
+ Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
+-Result = KDF_CTRL_ERROR
++Result = KDF_DERIVE_ERROR
+
+ # Test that the operation with unapproved digest function is is reported as
+ # unapproved
+@@ -4985,20 +4985,21 @@ KDF = TLS13-KDF
+ Ctrl.mode = mode:EXTRACT_ONLY
+ Ctrl.digest = digest:SHA2-256
+ Ctrl.key = hexkey:0102030405060708090a0b
+-Result = KDF_CTRL_ERROR
+-Reason = invalid key length
++Result = KDF_DERIVE_ERROR
++Reason = wrong output buffer size
+
+ Availablein = fips
+ FIPSversion = >=3.4.0
+ KDF = TLS13-KDF
++Unapproved = 1
+ Ctrl.mode = mode:EXPAND_ONLY
+ Ctrl.digest = digest:SHA2-256
+ Ctrl.key = hexkey:0102030405060708090a0b
+ Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3
+ Ctrl.prefix = hexprefix:746c73313320
+ Ctrl.label = hexlabel:6320652074726166666963
+-Result = KDF_CTRL_ERROR
+-Reason = invalid key length
++Result = KDF_MISMATCH
++#Reason = invalid key length
+
+ # Test that the key whose length is shorter than 112 bits is reported as
+ # unapproved
+diff --git a/test/recipes/30-test_evp_data/evpkdf_x942.txt b/test/recipes/30-test_evp_data/evpkdf_x942.txt
+index b1774592e9..6869fd0f20 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_x942.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_x942.txt
+@@ -124,11 +124,10 @@ Reason = xof digests not allowed
+ Availablein = fips
+ FIPSversion = >=3.4.0
+ KDF = X942KDF-ASN1
++Unapproved = 1
+ Ctrl.digest = digest:SHA256
+ Ctrl.hexsecret = hexsecret:6B
+ Ctrl.use-keybits = use-keybits:0
+ Ctrl.cekalg = cekalg:id-aes128-wrap
+ Ctrl.hexacvp-info = hexacvp-info:a020299D468D60BC6A257E0B6523D691A3FC1602453B35F308C762FBBAC6069A88BCa12080D49BFE5BE01C7D56489AB017663C22B8CBB34C3174D1D71F00CB7505AC759Aa2203C21A5EA5988562C007986E0503D039E7231D9F152FE72A231A1FD98C59BCA6Aa320FD47477542989B51E4A0845DFABD6EEAA465F69B3D75349B2520051782C7F3FC
+ Output = C2E6A0978C24AF3932F478583ADBFB5F57D491822592EAD3C538875F46EB057A
+-Result = KDF_CTRL_ERROR
+-Reason = invalid key length
+diff --git a/test/recipes/30-test_evp_data/evpkdf_x963.txt b/test/recipes/30-test_evp_data/evpkdf_x963.txt
+index b8f3cff3d3..74524c4694 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_x963.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_x963.txt
+@@ -148,8 +148,7 @@ KDF = X963KDF
+ Ctrl.digest = digest:SHA1
+ Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
+ Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
+-Result = KDF_CTRL_ERROR
+-Reason = digest not allowed
++Result = KDF_DERIVE_ERROR
+
+ # Test that the operation with unapproved digest function is is reported as
+ # unapproved
+@@ -170,8 +169,7 @@ KDF = X963KDF
+ Ctrl.digest = digest:SHA224
+ Ctrl.hexsecret = hexsecret:0102030405060908090a0b
+ Ctrl.hexinfo = hexinfo:0102030405060708090a0b0c0d0e0f10
+-Result = KDF_CTRL_ERROR
+-Reason = invalid key length
++Result = KDF_DERIVE_ERROR
+
+ # Test that the key whose length is shorter than 112 bits is reported as
+ # unapproved
+diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
+index af92ceea98..a1541bf226 100644
+--- a/test/recipes/30-test_evp_data/evpmac_common.txt
++++ b/test/recipes/30-test_evp_data/evpmac_common.txt
+@@ -271,7 +271,7 @@ MAC = HMAC
+ Algorithm = SHA256
+ Input = "Test Input"
+ Key = 0001020304
+-Result = MAC_INIT_ERROR
++Output = db70da6176d87813b059879ccc27bc53e295c6eca74db8bdc4e77d7e951d894b
+
+ Title = HMAC FIPS short key indicator test
+
+diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
+index 1fb2472001..93c07ede7c 100644
+--- a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
++++ b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
+@@ -216,7 +216,7 @@ Ctrl.digest = digest:SHA1
+ Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+ Ctrl.salt = hexsalt:000102030405060708090a0b0c
+ Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+-Result = PKEY_CTRL_ERROR
++Result = KDF_DERIVE_ERROR
+ Reason = invalid key length
+
+ # Test that the key whose length is shorter than 112 bits is reported as
+--
+2.51.0
+
diff --git a/0049-FIPS-fix-disallowed-digests-tests.patch b/0049-FIPS-fix-disallowed-digests-tests.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cb4caec878c5881c07734e85262ca0a3c6f05db8
--- /dev/null
+++ b/0049-FIPS-fix-disallowed-digests-tests.patch
@@ -0,0 +1,51 @@
+From 4373bb2644892e1d788ca2bdd37d7281221c0385 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Tue, 15 Apr 2025 13:41:42 -0400
+Subject: [PATCH 49/59] FIPS: fix disallowed digests tests
+
+Signed-off-by: Simo Sorce
+---
+ test/recipes/30-test_evp_data/evpkdf_ssh.txt | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/test/recipes/30-test_evp_data/evpkdf_ssh.txt b/test/recipes/30-test_evp_data/evpkdf_ssh.txt
+index 6688c217aa..8347f773e6 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_ssh.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_ssh.txt
+@@ -4894,13 +4894,14 @@ Title = FIPS indicator tests
+ Availablein = fips
+ FIPSversion = >=3.4.0
+ KDF = SSHKDF
++Unapproved = 1
+ Ctrl.digest = digest:SHA512-256
+ Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
+ Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+ Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+ Ctrl.type = type:A
+-Result = KDF_CTRL_ERROR
+-Reason = digest not allowed
++Result = KDF_MISMATCH
++#Reason = digest not allowed
+
+ # Test that the operation with unapproved digest function is is reported as
+ # unapproved
+@@ -4920,13 +4921,14 @@ Output = d37ea221cbcc026d95e8c10b7d28a1b41e4ec1b497bae0e4cdbc1446e5bd59e2
+ Availablein = fips
+ FIPSversion = >=3.4.0
+ KDF = SSHKDF
++Unapproved = 1
+ Ctrl.digest = digest:SHA1
+ Ctrl.hexkey = hexkey:0102030405060708090a0b
+ Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+ Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+ Ctrl.type = type:A
+-Result = KDF_CTRL_ERROR
+-Reason = invalid key length
++Result = KDF_MISMATCH
++#Reason = invalid key length
+
+ # Test that the key whose length is shorter than 112 bits is reported as
+ # unapproved
+--
+2.51.0
+
diff --git a/0050-Make-openssl-speed-run-in-FIPS-mode.patch b/0050-Make-openssl-speed-run-in-FIPS-mode.patch
new file mode 100644
index 0000000000000000000000000000000000000000..674f2e84792b8f7de0ff6c148f2da2d32ef48f1d
--- /dev/null
+++ b/0050-Make-openssl-speed-run-in-FIPS-mode.patch
@@ -0,0 +1,76 @@
+From 4efc206514085c482a0b2a74a98f3ca285c99db9 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy
+Date: Fri, 9 May 2025 15:09:46 +0200
+Subject: [PATCH 50/59] Make `openssl speed` run in FIPS mode
+
+---
+ apps/speed.c | 44 ++++++++++++++++++++++----------------------
+ 1 file changed, 22 insertions(+), 22 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index 3307a9cb46..ae2f166d24 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -3172,18 +3172,18 @@ int speed_main(int argc, char **argv)
+ (void *)key32, 16);
+ params[1] = OSSL_PARAM_construct_end();
+
+- if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) < 1)
+- goto end;
+- for (testnum = 0; testnum < size_num; testnum++) {
+- print_message(names[D_KMAC128], lengths[testnum], seconds.sym);
+- Time_F(START);
+- count = run_benchmark(async_jobs, KMAC128_loop, loopargs);
+- d = Time_F(STOP);
+- print_result(D_KMAC128, testnum, count, d);
+- if (count < 0)
+- break;
++ if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) == 1) {
++ for (testnum = 0; testnum < size_num; testnum++) {
++ print_message(names[D_KMAC128], lengths[testnum], seconds.sym);
++ Time_F(START);
++ count = run_benchmark(async_jobs, KMAC128_loop, loopargs);
++ d = Time_F(STOP);
++ print_result(D_KMAC128, testnum, count, d);
++ if (count < 0)
++ break;
++ }
++ mac_teardown(&mac, loopargs, loopargs_len);
+ }
+- mac_teardown(&mac, loopargs, loopargs_len);
+ }
+
+ if (doit[D_KMAC256]) {
+@@ -3193,18 +3193,18 @@ int speed_main(int argc, char **argv)
+ (void *)key32, 32);
+ params[1] = OSSL_PARAM_construct_end();
+
+- if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) < 1)
+- goto end;
+- for (testnum = 0; testnum < size_num; testnum++) {
+- print_message(names[D_KMAC256], lengths[testnum], seconds.sym);
+- Time_F(START);
+- count = run_benchmark(async_jobs, KMAC256_loop, loopargs);
+- d = Time_F(STOP);
+- print_result(D_KMAC256, testnum, count, d);
+- if (count < 0)
+- break;
++ if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) == 1) {
++ for (testnum = 0; testnum < size_num; testnum++) {
++ print_message(names[D_KMAC256], lengths[testnum], seconds.sym);
++ Time_F(START);
++ count = run_benchmark(async_jobs, KMAC256_loop, loopargs);
++ d = Time_F(STOP);
++ print_result(D_KMAC256, testnum, count, d);
++ if (count < 0)
++ break;
++ }
++ mac_teardown(&mac, loopargs, loopargs_len);
+ }
+- mac_teardown(&mac, loopargs, loopargs_len);
+ }
+
+ for (i = 0; i < loopargs_len; i++)
+--
+2.51.0
+
diff --git a/0051-Backport-upstream-27483-for-PKCS11-needs.patch b/0051-Backport-upstream-27483-for-PKCS11-needs.patch
new file mode 100644
index 0000000000000000000000000000000000000000..358c4337effa1b1dafeaa9f7f1c90b02009521b9
--- /dev/null
+++ b/0051-Backport-upstream-27483-for-PKCS11-needs.patch
@@ -0,0 +1,146 @@
+From 5e135e7ceefd5b72cb54a93b13b478af05873318 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy
+Date: Mon, 12 May 2025 14:34:39 +0200
+Subject: [PATCH 51/59] Backport upstream #27483 for PKCS11 needs
+
+---
+ .../implementations/skeymgmt/aes_skmgmt.c | 2 +
+ providers/implementations/skeymgmt/generic.c | 12 ++++
+ .../implementations/skeymgmt/skeymgmt_lcl.h | 1 +
+ test/evp_skey_test.c | 61 +++++++++++++++++++
+ 4 files changed, 76 insertions(+)
+
+diff --git a/providers/implementations/skeymgmt/aes_skmgmt.c b/providers/implementations/skeymgmt/aes_skmgmt.c
+index 6d3b5f377f..17be480131 100644
+--- a/providers/implementations/skeymgmt/aes_skmgmt.c
++++ b/providers/implementations/skeymgmt/aes_skmgmt.c
+@@ -48,5 +48,7 @@ const OSSL_DISPATCH ossl_aes_skeymgmt_functions[] = {
+ { OSSL_FUNC_SKEYMGMT_FREE, (void (*)(void))generic_free },
+ { OSSL_FUNC_SKEYMGMT_IMPORT, (void (*)(void))aes_import },
+ { OSSL_FUNC_SKEYMGMT_EXPORT, (void (*)(void))aes_export },
++ { OSSL_FUNC_SKEYMGMT_IMP_SETTABLE_PARAMS,
++ (void (*)(void))generic_imp_settable_params },
+ OSSL_DISPATCH_END
+ };
+diff --git a/providers/implementations/skeymgmt/generic.c b/providers/implementations/skeymgmt/generic.c
+index b41bf8e12d..5fb3fad7e3 100644
+--- a/providers/implementations/skeymgmt/generic.c
++++ b/providers/implementations/skeymgmt/generic.c
+@@ -65,6 +65,16 @@ end:
+ return generic;
+ }
+
++static const OSSL_PARAM generic_import_params[] = {
++ OSSL_PARAM_octet_string(OSSL_SKEY_PARAM_RAW_BYTES, NULL, 0),
++ OSSL_PARAM_END
++};
++
++const OSSL_PARAM *generic_imp_settable_params(void *provctx)
++{
++ return generic_import_params;
++}
++
+ int generic_export(void *keydata, int selection,
+ OSSL_CALLBACK *param_callback, void *cbarg)
+ {
+@@ -89,5 +99,7 @@ const OSSL_DISPATCH ossl_generic_skeymgmt_functions[] = {
+ { OSSL_FUNC_SKEYMGMT_FREE, (void (*)(void))generic_free },
+ { OSSL_FUNC_SKEYMGMT_IMPORT, (void (*)(void))generic_import },
+ { OSSL_FUNC_SKEYMGMT_EXPORT, (void (*)(void))generic_export },
++ { OSSL_FUNC_SKEYMGMT_IMP_SETTABLE_PARAMS,
++ (void (*)(void))generic_imp_settable_params },
+ OSSL_DISPATCH_END
+ };
+diff --git a/providers/implementations/skeymgmt/skeymgmt_lcl.h b/providers/implementations/skeymgmt/skeymgmt_lcl.h
+index c180c1d303..a7e7605050 100644
+--- a/providers/implementations/skeymgmt/skeymgmt_lcl.h
++++ b/providers/implementations/skeymgmt/skeymgmt_lcl.h
+@@ -15,5 +15,6 @@
+ OSSL_FUNC_skeymgmt_import_fn generic_import;
+ OSSL_FUNC_skeymgmt_export_fn generic_export;
+ OSSL_FUNC_skeymgmt_free_fn generic_free;
++OSSL_FUNC_skeymgmt_imp_settable_params_fn generic_imp_settable_params;
+
+ #endif
+diff --git a/test/evp_skey_test.c b/test/evp_skey_test.c
+index b81df9c8f8..e33bbbe003 100644
+--- a/test/evp_skey_test.c
++++ b/test/evp_skey_test.c
+@@ -92,6 +92,66 @@ end:
+ return ret;
+ }
+
++static int test_skey_skeymgmt(void)
++{
++ int ret = 0;
++ EVP_SKEYMGMT *skeymgmt = NULL;
++ EVP_SKEY *key = NULL;
++ const unsigned char import_key[KEY_SIZE] = {
++ 0x53, 0x4B, 0x45, 0x59, 0x53, 0x4B, 0x45, 0x59,
++ 0x53, 0x4B, 0x45, 0x59, 0x53, 0x4B, 0x45, 0x59,
++ };
++ OSSL_PARAM params[2];
++ const OSSL_PARAM *imp_params;
++ const OSSL_PARAM *p;
++ OSSL_PARAM *exp_params = NULL;
++ const void *export_key = NULL;
++ size_t export_len;
++
++ deflprov = OSSL_PROVIDER_load(libctx, "default");
++ if (!TEST_ptr(deflprov))
++ return 0;
++
++ /* Fetch our SKYMGMT for Generic Secrets */
++ if (!TEST_ptr(skeymgmt = EVP_SKEYMGMT_fetch(libctx, OSSL_SKEY_TYPE_GENERIC,
++ NULL)))
++ goto end;
++
++ /* Check the parameter we need is available */
++ if (!TEST_ptr(imp_params = EVP_SKEYMGMT_get0_imp_settable_params(skeymgmt))
++ || !TEST_ptr(p = OSSL_PARAM_locate_const(imp_params,
++ OSSL_SKEY_PARAM_RAW_BYTES)))
++ goto end;
++
++ /* Import EVP_SKEY */
++ params[0] = OSSL_PARAM_construct_octet_string(OSSL_SKEY_PARAM_RAW_BYTES,
++ (void *)import_key, KEY_SIZE);
++ params[1] = OSSL_PARAM_construct_end();
++
++ if (!TEST_ptr(key = EVP_SKEY_import(libctx,
++ EVP_SKEYMGMT_get0_name(skeymgmt), NULL,
++ OSSL_SKEYMGMT_SELECT_ALL, params)))
++ goto end;
++
++ /* Export EVP_SKEY */
++ if (!TEST_int_gt(EVP_SKEY_export(key, OSSL_SKEYMGMT_SELECT_SECRET_KEY,
++ ossl_pkey_todata_cb, &exp_params), 0)
++ || !TEST_ptr(p = OSSL_PARAM_locate_const(exp_params,
++ OSSL_SKEY_PARAM_RAW_BYTES))
++ || !TEST_int_gt(OSSL_PARAM_get_octet_string_ptr(p, &export_key,
++ &export_len), 0)
++ || !TEST_mem_eq(import_key, KEY_SIZE, export_key, export_len))
++ goto end;
++
++ ret = 1;
++end:
++ OSSL_PARAM_free(exp_params);
++ EVP_SKEYMGMT_free(skeymgmt);
++ EVP_SKEY_free(key);
++
++ return ret;
++}
++
+ #define IV_SIZE 16
+ #define DATA_SIZE 32
+ static int test_aes_raw_skey(void)
+@@ -252,6 +312,7 @@ int setup_tests(void)
+ return 0;
+
+ ADD_TEST(test_skey_cipher);
++ ADD_TEST(test_skey_skeymgmt);
+
+ ADD_TEST(test_aes_raw_skey);
+ #ifndef OPENSSL_NO_DES
+--
+2.51.0
+
diff --git a/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch b/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4b8cd0b6f2f4e4da4effb0c3e0a9e7e17d2bef4c
--- /dev/null
+++ b/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
@@ -0,0 +1,65 @@
+From b963982c4b8ede93212c15021d4d251435153aa2 Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Tue, 15 Jul 2025 12:32:14 -0400
+Subject: [PATCH 54/59] Temporarily disable SLH-DSA FIPS self-tests
+
+Signed-off-by: Simo Sorce
+---
+ providers/fips/self_test_data.inc | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index 3e32a5446a..07518a9d7f 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -2888,6 +2888,7 @@ static const ST_KAT_PARAM ml_dsa_sig_init[] = {
+ };
+ #endif /* OPENSSL_NO_ML_DSA */
+
++#if 0 /* Temporarily disable SLH-DSA self tests due to performance issues */
+ #ifndef OPENSSL_NO_SLH_DSA
+ /*
+ * Deterministic SLH_DSA key generation supplies the private key elements and
+@@ -2978,6 +2979,7 @@ static const unsigned char slh_dsa_shake_128f_sig_digest[] = {
+ 0x89, 0x77, 0x00, 0x72, 0x03, 0x92, 0xd1, 0xa6,
+ };
+ #endif /* OPENSSL_NO_SLH_DSA */
++#endif /* Temporarily disable SLH-DSA self tests due to performance issues */
+
+ /* Hash DRBG inputs for signature KATs */
+ static const unsigned char sig_kat_entropyin[] = {
+@@ -3077,6 +3079,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ ml_dsa_sig_init
+ },
+ #endif /* OPENSSL_NO_ML_DSA */
++#if 0 /* Temporarily disable SLH-DSA self tests due to performance issues */
+ #ifndef OPENSSL_NO_SLH_DSA
+ /*
+ * FIPS 140-3 IG 10.3.A.16 Note 29 says:
+@@ -3107,6 +3110,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ slh_dsa_sig_params, slh_dsa_sig_params
+ },
+ #endif /* OPENSSL_NO_SLH_DSA */
++#endif /* Temporarily disable SLH-DSA self tests due to performance issues */
+ };
+
+ #if !defined(OPENSSL_NO_ML_DSA)
+@@ -3511,6 +3515,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = {
+ ml_dsa_key
+ },
+ # endif
++#if 0 /* Temporarily disable SLH-DSA self tests due to performance issues */
+ # if !defined(OPENSSL_NO_SLH_DSA)
+ {
+ OSSL_SELF_TEST_DESC_KEYGEN_SLH_DSA,
+@@ -3519,6 +3524,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = {
+ slh_dsa_128f_keygen_expected_params
+ },
+ # endif
++#endif /* Temporarily disable SLH-DSA self tests due to performance issues */
+ };
+ #endif /* !OPENSSL_NO_ML_DSA || !OPENSSL_NO_SLH_DSA */
+
+--
+2.51.0
+
diff --git a/0055-Add-a-define-to-disable-symver-attributes.patch b/0055-Add-a-define-to-disable-symver-attributes.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b7f3627d24534de27018d6e4c4cb6ee20fd1c7f5
--- /dev/null
+++ b/0055-Add-a-define-to-disable-symver-attributes.patch
@@ -0,0 +1,66 @@
+From 8d2f2f11f3875b58f133729dcb907bb64620649f Mon Sep 17 00:00:00 2001
+From: Simo Sorce
+Date: Thu, 17 Jul 2025 09:40:34 -0400
+Subject: [PATCH 55/59] Add a define to disable symver attributes
+
+Defininig RHEL_NO_SYMVER_ATTRIBUTES for a build now prevents adding
+compatibility symver attributes.
+
+Signed-off-by: Simo Sorce
+---
+ crypto/evp/digest.c | 2 +-
+ crypto/evp/evp_enc.c | 2 +-
+ crypto/o_str.c | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
+index 8ee9db73dd..7ed4933934 100644
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -573,7 +573,7 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
+ }
+
+ EVP_MD_CTX
+-#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) && !defined(RHEL_NO_SYMVER_ATTRIBUTES)
+ __attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"),
+ symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
+ #endif
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index 619cf4f385..9192898d39 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -1763,7 +1763,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+ }
+
+ EVP_CIPHER_CTX
+-#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) && !defined(RHEL_NO_SYMVER_ATTRIBUTES)
+ __attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"),
+ symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
+ #endif
+diff --git a/crypto/o_str.c b/crypto/o_str.c
+index 86442a939e..8c33e4dd63 100644
+--- a/crypto/o_str.c
++++ b/crypto/o_str.c
+@@ -404,7 +404,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+ }
+
+ int
+-#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) && !defined(RHEL_NO_SYMVER_ATTRIBUTES)
+ __attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
+ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
+ #endif
+@@ -419,7 +419,7 @@ OPENSSL_strcasecmp(const char *s1, const char *s2)
+ }
+
+ int
+-#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI) && !defined(RHEL_NO_SYMVER_ATTRIBUTES)
+ __attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
+ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
+ #endif
+--
+2.51.0
+
diff --git a/0056-apps-speed.c-Disable-testing-of-composite-signature-.patch b/0056-apps-speed.c-Disable-testing-of-composite-signature-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..67f7286f74cf6fc7e4b008c574aaf20cff630dbb
--- /dev/null
+++ b/0056-apps-speed.c-Disable-testing-of-composite-signature-.patch
@@ -0,0 +1,47 @@
+From bd015ab1f56008f17404ac9511025812646e5e2d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?=
+Date: Mon, 11 Aug 2025 12:02:03 +0200
+Subject: [PATCH 56/59] apps/speed.c: Disable testing of composite signature
+ algorithms
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Creating public key context from name would always fail
+for composite signature algorithms (such as RSA-SHA256)
+because the public key algorithm name (e.g., RSA) does
+not match the name of the composite algorithm.
+
+Relates to #27855.
+
+Signed-off-by: Pavol Žáčik
+
+Reviewed-by: Tomas Mraz
+Reviewed-by: Dmitry Belyavskiy
+(Merged from https://github.com/openssl/openssl/pull/28224)
+---
+ apps/speed.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index ae2f166d24..a51d6a57d4 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -2275,9 +2275,11 @@ int speed_main(int argc, char **argv)
+ }
+ #endif /* OPENSSL_NO_DSA */
+ /* skipping these algs as tested elsewhere - and b/o setup is a pain */
+- else if (strcmp(sig_name, "ED25519") &&
+- strcmp(sig_name, "ED448") &&
+- strcmp(sig_name, "ECDSA") &&
++ else if (strncmp(sig_name, "RSA", 3) &&
++ strncmp(sig_name, "DSA", 3) &&
++ strncmp(sig_name, "ED25519", 7) &&
++ strncmp(sig_name, "ED448", 5) &&
++ strncmp(sig_name, "ECDSA", 5) &&
+ strcmp(sig_name, "HMAC") &&
+ strcmp(sig_name, "SIPHASH") &&
+ strcmp(sig_name, "POLY1305") &&
+--
+2.51.0
+
diff --git a/0057-apps-speed.c-Support-more-signature-algorithms.patch b/0057-apps-speed.c-Support-more-signature-algorithms.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ae49a3489d4f1c6a7475544cc1fa34db35fa1621
--- /dev/null
+++ b/0057-apps-speed.c-Support-more-signature-algorithms.patch
@@ -0,0 +1,142 @@
+From eeb05d8b4b63fdda732fb49201c6769082922c11 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?=
+Date: Mon, 11 Aug 2025 12:19:59 +0200
+Subject: [PATCH 57/59] apps/speed.c: Support more signature algorithms
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some signature algorithms (e.g., ML-DSA-65) cannot be initialized
+via EVP_PKEY_sign_init, so try also EVP_PKEY_sign_message_init
+before reporting an error.
+
+Fixes #27108.
+
+Signed-off-by: Pavol Žáčik
+
+Reviewed-by: Tomas Mraz
+Reviewed-by: Dmitry Belyavskiy
+(Merged from https://github.com/openssl/openssl/pull/28224)
+---
+ apps/speed.c | 69 ++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 53 insertions(+), 16 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index a51d6a57d4..4050f46bce 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -4248,6 +4248,7 @@ int speed_main(int argc, char **argv)
+ EVP_PKEY_CTX *sig_gen_ctx = NULL;
+ EVP_PKEY_CTX *sig_sign_ctx = NULL;
+ EVP_PKEY_CTX *sig_verify_ctx = NULL;
++ EVP_SIGNATURE *alg = NULL;
+ unsigned char md[SHA256_DIGEST_LENGTH];
+ unsigned char *sig;
+ char sfx[MAX_ALGNAME_SUFFIX];
+@@ -4308,21 +4309,48 @@ int speed_main(int argc, char **argv)
+ sig_name);
+ goto sig_err_break;
+ }
++
++ /*
++ * Try explicitly fetching the signature algoritm implementation to
++ * use in case the algorithm does not support EVP_PKEY_sign_init
++ */
++ ERR_set_mark();
++ alg = EVP_SIGNATURE_fetch(app_get0_libctx(), sig_name, app_get0_propq());
++ ERR_pop_to_mark();
++
+ /* Now prepare signature data structs */
+ sig_sign_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
+ pkey,
+ app_get0_propq());
+- if (sig_sign_ctx == NULL
+- || EVP_PKEY_sign_init(sig_sign_ctx) <= 0
+- || (use_params == 1
+- && (EVP_PKEY_CTX_set_rsa_padding(sig_sign_ctx,
+- RSA_PKCS1_PADDING) <= 0))
+- || EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len,
+- md, md_len) <= 0) {
+- BIO_printf(bio_err,
+- "Error while initializing signing data structs for %s.\n",
+- sig_name);
+- goto sig_err_break;
++ if (sig_sign_ctx == NULL) {
++ BIO_printf(bio_err,
++ "Error while initializing signing ctx for %s.\n",
++ sig_name);
++ goto sig_err_break;
++ }
++ ERR_set_mark();
++ if (EVP_PKEY_sign_init(sig_sign_ctx) <= 0
++ && (alg == NULL
++ || EVP_PKEY_sign_message_init(sig_sign_ctx, alg, NULL) <= 0)) {
++ ERR_clear_last_mark();
++ BIO_printf(bio_err,
++ "Error while initializing signing data structs for %s.\n",
++ sig_name);
++ goto sig_err_break;
++ }
++ ERR_pop_to_mark();
++ if (use_params == 1 &&
++ EVP_PKEY_CTX_set_rsa_padding(sig_sign_ctx, RSA_PKCS1_PADDING) <= 0) {
++ BIO_printf(bio_err,
++ "Error while initializing padding for %s.\n",
++ sig_name);
++ goto sig_err_break;
++ }
++ if (EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, md, md_len) <= 0) {
++ BIO_printf(bio_err,
++ "Error while obtaining signature bufffer length for %s.\n",
++ sig_name);
++ goto sig_err_break;
+ }
+ sig = app_malloc(sig_len = max_sig_len, "signature buffer");
+ if (sig == NULL) {
+@@ -4338,16 +4366,23 @@ int speed_main(int argc, char **argv)
+ sig_verify_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
+ pkey,
+ app_get0_propq());
+- if (sig_verify_ctx == NULL
+- || EVP_PKEY_verify_init(sig_verify_ctx) <= 0
+- || (use_params == 1
+- && (EVP_PKEY_CTX_set_rsa_padding(sig_verify_ctx,
+- RSA_PKCS1_PADDING) <= 0))) {
++ if (sig_verify_ctx == NULL) {
++ BIO_printf(bio_err,
++ "Error while initializing verify ctx for %s.\n",
++ sig_name);
++ goto sig_err_break;
++ }
++ ERR_set_mark();
++ if (EVP_PKEY_verify_init(sig_verify_ctx) <= 0
++ && (alg == NULL
++ || EVP_PKEY_verify_message_init(sig_verify_ctx, alg, NULL) <= 0)) {
++ ERR_clear_last_mark();
+ BIO_printf(bio_err,
+ "Error while initializing verify data structs for %s.\n",
+ sig_name);
+ goto sig_err_break;
+ }
++ ERR_pop_to_mark();
+ if (EVP_PKEY_verify(sig_verify_ctx, sig, sig_len, md, md_len) <= 0) {
+ BIO_printf(bio_err, "Verify error for %s.\n", sig_name);
+ goto sig_err_break;
+@@ -4363,12 +4398,14 @@ int speed_main(int argc, char **argv)
+ loopargs[i].sig_act_sig_len[testnum] = sig_len;
+ loopargs[i].sig_sig[testnum] = sig;
+ EVP_PKEY_free(pkey);
++ EVP_SIGNATURE_free(alg);
+ pkey = NULL;
+ continue;
+
+ sig_err_break:
+ dofail();
+ EVP_PKEY_free(pkey);
++ EVP_SIGNATURE_free(alg);
+ op_count = 1;
+ sig_checks = 0;
+ break;
+--
+2.51.0
+
diff --git a/0058-Add-targets-to-skip-build-of-non-installable-program.patch b/0058-Add-targets-to-skip-build-of-non-installable-program.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c87c278881aa0b313a2c4fcf0ed7ab5d9a209a27
--- /dev/null
+++ b/0058-Add-targets-to-skip-build-of-non-installable-program.patch
@@ -0,0 +1,158 @@
+From f320da46f706a8013de532ee1a34703bd814be06 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?=
+Date: Tue, 19 Aug 2025 14:26:07 +0200
+Subject: [PATCH 58/59] Add targets to skip build of non-installable programs
+
+These make it possible to split the build into two
+parts, e.g., when tests should be built with different
+compiler flags than installed software.
+
+Also use these as dependecies where appropriate.
+
+Reviewed-by: Paul Yang
+Reviewed-by: Dmitry Belyavskiy
+Reviewed-by: Neil Horman
+(Merged from https://github.com/openssl/openssl/pull/28302)
+---
+ Configurations/descrip.mms.tmpl | 7 +++++--
+ Configurations/unix-Makefile.tmpl | 9 ++++++---
+ Configurations/windows-makefile.tmpl | 8 ++++++--
+ util/help.pl | 2 +-
+ 4 files changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
+index db6a1b1799..bc7fc36b46 100644
+--- a/Configurations/descrip.mms.tmpl
++++ b/Configurations/descrip.mms.tmpl
+@@ -491,6 +491,8 @@ NODEBUG=@
+ {- dependmagic('build_libs'); -} : build_libs_nodep
+ {- dependmagic('build_modules'); -} : build_modules_nodep
+ {- dependmagic('build_programs'); -} : build_programs_nodep
++{- dependmagic('build_inst_sw'); -} : build_libs_nodep, build_modules_nodep, build_inst_programs_nodep
++{- dependmagic('build_inst_programs'); -} : build_inst_programs_nodep
+
+ build_generated_pods : $(GENERATED_PODS)
+ build_docs : build_html_docs
+@@ -500,6 +502,7 @@ build_generated : $(GENERATED_MANDATORY)
+ build_libs_nodep : $(LIBS), $(SHLIBS)
+ build_modules_nodep : $(MODULES)
+ build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
++build_inst_programs_nodep : $(INSTALL_PROGRAMS), $(SCRIPTS)
+
+ # Kept around for backward compatibility
+ build_apps build_tests : build_programs
+@@ -606,7 +609,7 @@ install_docs : install_html_docs
+ uninstall_docs : uninstall_html_docs
+
+ {- output_off() if $disabled{fips}; "" -}
+-install_fips : build_sw $(INSTALL_FIPSMODULECONF)
++install_fips : build_inst_sw $(INSTALL_FIPSMODULECONF)
+ @ WRITE SYS$OUTPUT "*** Installing FIPS module"
+ - CREATE/DIR ossl_installroot:[MODULES{- $target{pointer_size} -}.'arch']
+ - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
+@@ -687,7 +690,7 @@ install_runtime_libs : check_INSTALLTOP build_libs
+ @install_shlibs) -}
+ @ {- output_on() if $disabled{shared}; "" -} !
+
+-install_programs : check_INSTALLTOP install_runtime_libs build_programs
++install_programs : check_INSTALLTOP install_runtime_libs build_inst_programs
+ @ {- output_off() if $disabled{apps}; "" -} !
+ @ ! Install the main program
+ - CREATE/DIR ossl_installroot:[EXE.'arch']
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 74139ec228..16aab9cd76 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -547,7 +547,9 @@ LANG=C
+ {- dependmagic('build_sw', 'Build all the software (default target)'); -}: build_libs_nodep build_modules_nodep build_programs_nodep link-utils
+ {- dependmagic('build_libs', 'Build the libraries libssl and libcrypto'); -}: build_libs_nodep
+ {- dependmagic('build_modules', 'Build the modules (i.e. providers and engines)'); -}: build_modules_nodep
+-{- dependmagic('build_programs', 'Build the openssl executables and scripts'); -}: build_programs_nodep
++{- dependmagic('build_programs', 'Build the openssl executables, scripts and all other programs as configured (e.g. tests or demos)'); -}: build_programs_nodep
++{- dependmagic('build_inst_sw', 'Build all the software to be installed'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep link-utils
++{- dependmagic('build_inst_programs', 'Build only the installable openssl executables and scripts'); -}: build_inst_programs_nodep
+
+ all: build_sw {- "build_docs" if !$disabled{docs}; -} ## Build software and documentation
+ debuginfo: $(SHLIBS)
+@@ -566,6 +568,7 @@ build_generated: $(GENERATED_MANDATORY)
+ build_libs_nodep: $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // platform->sharedlib($_) // () } @{$unified_info{libraries}}) -}
+ build_modules_nodep: $(MODULES)
+ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
++build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS)
+
+ # Kept around for backward compatibility
+ build_apps build_tests: build_programs
+@@ -680,7 +683,7 @@ uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and
+ $(RM) -r "$(DESTDIR)$(DOCDIR)"
+
+ {- output_off() if $disabled{fips}; "" -}
+-install_fips: build_sw $(INSTALL_FIPSMODULECONF)
++install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF)
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)"
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)"
+@@ -965,7 +968,7 @@ install_runtime_libs: build_libs
+ : {- output_on() if windowsdll(); "" -}; \
+ done
+
+-install_programs: install_runtime_libs build_programs
++install_programs: install_runtime_libs build_inst_programs
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(bindir)"
+ @$(ECHO) "*** Installing runtime programs"
+diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
+index 894834cfb7..b5872124de 100644
+--- a/Configurations/windows-makefile.tmpl
++++ b/Configurations/windows-makefile.tmpl
+@@ -418,6 +418,8 @@ PROCESSOR= {- $config{processor} -}
+ {- dependmagic('build_libs'); -}: build_libs_nodep
+ {- dependmagic('build_modules'); -}: build_modules_nodep
+ {- dependmagic('build_programs'); -}: build_programs_nodep
++{- dependmagic('build_inst_sw'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep copy-utils
++{- dependmagic('build_inst_programs'); -}: build_inst_programs_nodep
+
+ build_docs: build_html_docs
+ build_html_docs: $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7)
+@@ -430,6 +432,8 @@ build_modules_nodep: $(MODULES)
+ @
+ build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
+ @
++build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS)
++ @
+
+ # Kept around for backward compatibility
+ build_apps build_tests: build_programs
+@@ -507,7 +511,7 @@ install_docs: install_html_docs
+ uninstall_docs: uninstall_html_docs
+
+ {- output_off() if $disabled{fips}; "" -}
+-install_fips: build_sw $(INSTALL_FIPSMODULECONF)
++install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF)
+ # @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)"
+@@ -607,7 +611,7 @@ install_runtime_libs: build_libs
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
+ "$(INSTALLTOP)\bin"
+
+-install_programs: install_runtime_libs build_programs
++install_programs: install_runtime_libs build_inst_programs
+ @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
+ @$(ECHO) "*** Installing runtime programs"
+ @if not "$(INSTALL_PROGRAMS)"=="" \
+diff --git a/util/help.pl b/util/help.pl
+index a1614fe8a9..e88ff4bae1 100755
+--- a/util/help.pl
++++ b/util/help.pl
+@@ -14,7 +14,7 @@ while (<>) {
+ chomp; # strip record separator
+ @Fld = split($FS, $_, -1);
+ if (/^[a-zA-Z0-9_\-]+:.*?##/) {
+- printf " \033[36m%-15s\033[0m %s\n", $Fld[0], $Fld[1]
++ printf " \033[36m%-19s\033[0m %s\n", $Fld[0], $Fld[1]
+ }
+ if (/^##@/) {
+ printf "\n\033[1m%s\033[0m\n", substr($Fld[$_], (5)-1);
+--
+2.51.0
+
diff --git a/0059-RSA_encrypt-decrypt-with-padding-NONE-is-not-support.patch b/0059-RSA_encrypt-decrypt-with-padding-NONE-is-not-support.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5323d6abd3005e13c1cfb152a991517545b41f6b
--- /dev/null
+++ b/0059-RSA_encrypt-decrypt-with-padding-NONE-is-not-support.patch
@@ -0,0 +1,29 @@
+From 4b91d0604643eff849a480f37b22f3bd7029d897 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy
+Date: Fri, 17 Oct 2025 17:45:48 +0200
+Subject: [PATCH 59/59] RSA_encrypt/decrypt with padding NONE is not supported
+ in
+
+RHEL/CentOS/Fedora FIPS mode
+---
+ providers/fips/self_test_kats.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
+index acb0b85f73..c69c81bc9c 100644
+--- a/providers/fips/self_test_kats.c
++++ b/providers/fips/self_test_kats.c
+@@ -1190,8 +1190,8 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
+ ret = 0;
+ if (!self_test_kems(st, libctx))
+ ret = 0;
+- if (!self_test_asym_ciphers(st, libctx))
+- ret = 0;
++/* if (!self_test_asym_ciphers(st, libctx))
++ ret = 0; */
+
+ RAND_set0_private(libctx, saved_rand);
+ return ret;
+--
+2.51.0
+
diff --git a/openssl.spec b/openssl.spec
index ddf53d37d20e60e0c9d96d7e372864b24e8abff6..23dc8a73f98811197073558098c29cee608717b0 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 3
%global soversion 3
%define srpmhash() %{lua:
@@ -34,33 +34,61 @@ Source5: renew-dummy-cert
Source6: configuration-switch.h
Source7: configuration-prefix.h
-Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
-Patch2: 0002-Do-not-install-html-docs.patch
-Patch3: 0003-apps-ca-fix-md-option-help-text.patch-DROP.patch
-Patch4: 0004-Disable-signature-verification-with-bad-digests-R.patch
-Patch5: 0005-Add-FIPS_mode-compatibility-macro.patch
-Patch6: 0006-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
-Patch7: 0007-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
-Patch8: 0008-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
-Patch9: 0009-Disable-explicit-ec-curves.patch
-Patch10: 0010-skipped-tests-EC-curves.patch
-Patch11: 0011-skip-quic-pairwise.patch
-Patch12: 0012-version-aliasing.patch
-Patch13: 0013-Allow-disabling-of-SHA1-signatures.patch
-Patch14: 0014-FIPS-disable-fipsinstall.patch
-Patch15: 0015-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
-Patch16: 0016-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
-Patch17: 0017-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
-Patch18: 0018-FIPS-RSA-encrypt-limits-REVIEW.patch
-Patch19: 0019-FIPS-RSA-encapsulate-limits.patch
-Patch20: 0020-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
-Patch21: 0021-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
-Patch22: 0022-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
-Patch23: 0023-FIPS-Deny-SHA-1-signature-verification.patch
-Patch24: 0024-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
-Patch25: 0025-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
-Patch26: 0026-FIPS-PBKDF2-Set-minimum-password-length.patch
-Patch27: 0027-FIPS-DH-PCT.patch
+
+Patch: 0001-Aarch64-and-ppc64le-use-lib64.patch
+Patch: 0003-Do-not-install-html-docs.patch
+Patch: 0004-apps-ca-fix-md-option-help-text.patch-DROP.patch
+Patch: 0005-Disable-signature-verification-with-bad-digests-R.patch
+Patch: 0006-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+Patch: 0007-Add-FIPS_mode-compatibility-macro.patch
+Patch: 0008-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
+Patch: 0009-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
+Patch: 0010-Disable-explicit-ec-curves.patch
+Patch: 0011-skipped-tests-EC-curves.patch
+Patch: 0012-skip-quic-pairwise.patch
+Patch: 0013-version-aliasing.patch
+Patch: 0014-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
+Patch: 0015-TMP-KTLS-test-skip.patch
+Patch: 0016-Allow-disabling-of-SHA1-signatures.patch
+Patch: 0018-FIPS-disable-fipsinstall.patch
+Patch: 0019-FIPS-Force-fips-provider-on.patch
+Patch: 0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
+Patch: 0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
+Patch: 0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
+Patch: 0023-FIPS-RSA-encrypt-limits-REVIEW.patch
+Patch: 0024-FIPS-RSA-PCTs.patch
+Patch: 0025-FIPS-RSA-encapsulate-limits.patch
+Patch: 0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
+Patch: 0027-FIPS-RSA-size-mode-restrictions.patch
+Patch: 0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch
+Patch: 0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
+Patch: 0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
+Patch: 0031-FIPS-Deny-SHA-1-signature-verification.patch
+Patch: 0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
+Patch: 0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
+Patch: 0034-FIPS-PBKDF2-Set-minimum-password-length.patch
+Patch: 0035-FIPS-DH-PCT.patch
+Patch: 0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch
+Patch: 0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch
+Patch: 0038-FIPS-CMS-Set-default-padding-to-OAEP.patch
+Patch: 0039-FIPS-PKCS12-PBMAC1-defaults.patch
+Patch: 0040-FIPS-Fix-encoder-decoder-negative-test.patch
+Patch: 0041-FIPS-EC-DH-DSA-PCTs.patch
+Patch: 0042-FIPS-EC-disable-weak-curves.patch
+Patch: 0043-FIPS-NO-DSA-Support.patch
+Patch: 0044-FIPS-NO-DES-support.patch
+Patch: 0045-FIPS-NO-Kmac.patch
+Patch: 0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
+Patch: 0048-FIPS-KDF-key-lenght-errors.patch
+Patch: 0049-FIPS-fix-disallowed-digests-tests.patch
+Patch: 0050-Make-openssl-speed-run-in-FIPS-mode.patch
+Patch: 0051-Backport-upstream-27483-for-PKCS11-needs.patch
+Patch: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
+Patch: 0055-Add-a-define-to-disable-symver-attributes.patch
+Patch: 0056-apps-speed.c-Disable-testing-of-composite-signature-.patch
+Patch: 0057-apps-speed.c-Support-more-signature-algorithms.patch
+Patch: 0058-Add-targets-to-skip-build-of-non-installable-program.patch
+Patch: 0059-RSA_encrypt-decrypt-with-padding-NONE-is-not-support.patch
BuildRequires: gcc git coreutils perl-interpreter sed zlib-devel /usr/bin/cmp
BuildRequires: lksctp-tools-devel
@@ -73,6 +101,7 @@ BuildRequires: perl(Time::HiRes) perl(IPC::Cmd) perl(Pod::Html) perl(Digest::SH
BuildRequires: perl(FindBin) perl(lib) perl(File::Compare) perl(File::Copy) perl(bigint)
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(Time::Piece)
+BuildRequires: perl(IO::Socket::IP)
Requires: coreutils
Requires: %{name}-libs = %{EVR}
@@ -149,7 +178,7 @@ export HASHBANGPERL=/usr/bin/perl
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
- no-mdc2 no-ec2m enable-sm2 enable-sm4 enable-buildtest-c++\
+ no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++\
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
-Wl,--allow-multiple-definition
@@ -263,6 +292,9 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf.dist,ct_log_list.cnf.di
%doc NEWS.md README.md
%changelog
+* Fri Dec 05 2025 konglidong 1:3.5.4-3
+- fix some failed test case in check phase
+
* Wed Dec 03 2025 konglidong 1:3.5.4-2
- fix Startup failure for apps/openssl in check phase