From 6c57fc8dcc318e90670fee4efe26454acc43a828 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Tue, 15 Nov 2022 15:51:36 +0100
Subject: [PATCH 01/28] SHAKE-128/256 are not allowed with RSA in FIPS mode

Resolves: rhbz#2144010
---
 0085-FIPS-RSA-disable-shake.patch | 59 +++++++++++++++++++++++++++++++
 openssl.spec                      |  8 ++++-
 2 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 0085-FIPS-RSA-disable-shake.patch

diff --git a/0085-FIPS-RSA-disable-shake.patch b/0085-FIPS-RSA-disable-shake.patch
new file mode 100644
index 0000000..4c4c5c5
--- /dev/null
+++ b/0085-FIPS-RSA-disable-shake.patch
@@ -0,0 +1,59 @@
+diff -up openssl-3.0.1/crypto/rsa/rsa_oaep.c.oaep openssl-3.0.1/crypto/rsa/rsa_oaep.c
+--- openssl-3.0.1/crypto/rsa/rsa_oaep.c.oaep	2022-11-14 13:45:05.970402064 +0100
++++ openssl-3.0.1/crypto/rsa/rsa_oaep.c	2022-11-14 13:51:20.725741198 +0100
+@@ -78,8 +78,22 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1
+         return 0;
+ #endif
+     }
++
++#ifdef FIPS_MODULE
++    if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
++        ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
++        return 0;
++    }
++#endif
+     if (mgf1md == NULL)
+         mgf1md = md;
++
++#ifdef FIPS_MODULE
++    if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
++        ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
++        return 0;
++    }
++#endif
+ 
+     mdlen = EVP_MD_get_size(md);
+     if (mdlen <= 0) {
+diff -up openssl-3.0.1/crypto/rsa/rsa_pss.c.oaep openssl-3.0.1/crypto/rsa/rsa_pss.c
+--- openssl-3.0.1/crypto/rsa/rsa_pss.c.oaep	2022-11-15 14:53:11.103467808 +0100
++++ openssl-3.0.1/crypto/rsa/rsa_pss.c	2022-11-15 15:00:07.233966865 +0100
+@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa,
+     if (mgf1Hash == NULL)
+         mgf1Hash = Hash;
+ 
++#ifdef FIPS_MODULE
++    if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
++        goto err;
++
++    if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
++        goto err;
++#endif
++
+     hLen = EVP_MD_get_size(Hash);
+     if (hLen < 0)
+         goto err;
+@@ -164,6 +172,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *
+     if (mgf1Hash == NULL)
+         mgf1Hash = Hash;
+ 
++#ifdef FIPS_MODULE
++    if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
++        goto err;
++
++    if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
++        goto err;
++#endif
++
+     hLen = EVP_MD_get_size(Hash);
+     if (hLen < 0)
+         goto err;
diff --git a/openssl.spec b/openssl.spec
index b6f3471..1920921 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.1
-Release: 43%{?dist}
+Release: 44%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -164,6 +164,8 @@ Patch77: 0077-FIPS-140-3-zeroization.patch
 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2137723
 Patch79: 0079-CVE-2022-3602.patch
+#https://bugzilla.redhat.com/show_bug.cgi?id=2142121
+Patch85: 0085-FIPS-RSA-disable-shake.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -494,6 +496,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44
+- SHAKE-128/256 are not allowed with RSA in FIPS mode
+  Resolves: rhbz#2144010
+
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow
 - CVE-2022-3786: X.509 Email Address Buffer Overflow

From 474a112b98615236ef2363cf34b32a4ad3808e56 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 16 Nov 2022 12:23:27 +0100
Subject: [PATCH 02/28] Avoid memory leaks in TLS

Resolves: rhbz#2144008
---
 0086-avoid-bio-memleak.patch | 48 ++++++++++++++++++++++++++++++++++++
 openssl.spec                 |  4 +++
 2 files changed, 52 insertions(+)
 create mode 100644 0086-avoid-bio-memleak.patch

diff --git a/0086-avoid-bio-memleak.patch b/0086-avoid-bio-memleak.patch
new file mode 100644
index 0000000..865cd98
--- /dev/null
+++ b/0086-avoid-bio-memleak.patch
@@ -0,0 +1,48 @@
+From 3d046c4d047a55123beeceffe9f8bae09159445e Mon Sep 17 00:00:00 2001
+From: yangyangtiantianlonglong <yangtianlong1224@163.com>
+Date: Wed, 19 Jan 2022 11:19:52 +0800
+Subject: [PATCH] Fix the same BIO_FLAGS macro definition
+
+Also add comment to the public header to avoid
+making another conflict in future.
+
+Fixes #17545
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17546)
+
+(cherry picked from commit e278f18563dd3dd67c00200ee30402f48023c6ef)
+---
+ include/internal/bio.h   | 2 +-
+ include/openssl/bio.h.in | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/internal/bio.h b/include/internal/bio.h
+index 2d36a7b980f2..02f7222ab4f1 100644
+--- a/include/internal/bio.h
++++ b/include/internal/bio.h
+@@ -48,9 +48,9 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
+  * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next.
+  * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving.
+  */
+-# define BIO_FLAGS_KTLS_TX          0x800
+ # define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000
+ # define BIO_FLAGS_KTLS_RX          0x2000
++# define BIO_FLAGS_KTLS_TX          0x4000
+ 
+ /* KTLS related controls and flags */
+ # define BIO_set_ktls_flag(b, is_tx) \
+diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in
+index 2c65b7e1a79b..686dad3099b7 100644
+--- a/include/openssl/bio.h.in
++++ b/include/openssl/bio.h.in
+@@ -209,6 +209,8 @@ extern "C" {
+ # define BIO_FLAGS_NONCLEAR_RST  0x400
+ # define BIO_FLAGS_IN_EOF        0x800
+ 
++/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
++
+ typedef union bio_addr_st BIO_ADDR;
+ typedef struct bio_addrinfo_st BIO_ADDRINFO;
+ 
diff --git a/openssl.spec b/openssl.spec
index 1920921..6a74150 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -166,6 +166,8 @@ Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
 Patch79: 0079-CVE-2022-3602.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
+#https://github.com/openssl/openssl/pull/17546
+Patch86: 0086-avoid-bio-memleak.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -499,6 +501,8 @@ install -m644 %{SOURCE9} \
 * Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44
 - SHAKE-128/256 are not allowed with RSA in FIPS mode
   Resolves: rhbz#2144010
+- Avoid memory leaks in TLS
+  Resolves: rhbz#2144008
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow

From fb8fee4b437074de21c3fc2101a456feed5bfbcc Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 16 Nov 2022 13:16:23 +0100
Subject: [PATCH 03/28] FIPS RSA CRT tests must use correct parameters

Resolves: rhbz#2144006
---
 0087-FIPS-RSA-selftest-params.patch | 41 +++++++++++++++++++++++++++++
 openssl.spec                        |  4 +++
 2 files changed, 45 insertions(+)
 create mode 100644 0087-FIPS-RSA-selftest-params.patch

diff --git a/0087-FIPS-RSA-selftest-params.patch b/0087-FIPS-RSA-selftest-params.patch
new file mode 100644
index 0000000..6d47742
--- /dev/null
+++ b/0087-FIPS-RSA-selftest-params.patch
@@ -0,0 +1,41 @@
+From 34e3cbf99f2113ca01b460cf37b56460262979af Mon Sep 17 00:00:00 2001
+From: slontis <shane.lontis@oracle.com>
+Date: Wed, 26 Oct 2022 11:10:50 +1000
+Subject: [PATCH] Use RSA CRT parameters in FIPS self tests.
+
+Fixes #19488
+
+Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
+The invalid names cause CRT parameters to be silently ignored.
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19501)
+
+(cherry picked from commit c7424fe68c65aa2187a8e4028d7dea742b95d81a)
+(cherry picked from commit 4215d649e92bc4c42997ec4a1e65beba1055bbe1)
+---
+ providers/fips/self_test_data.inc | 10 +++++-----
+
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index 5f057d5679f1..8ae8cd6f4a5a 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -1270,11 +1270,11 @@ static const ST_KAT_PARAM rsa_crt_key[] = {
+     ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
+     ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
+     ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
+-    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
++    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p),
++    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q),
++    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp),
++    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq),
++    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv),
+     ST_KAT_PARAM_END()
+ };
+ 
diff --git a/openssl.spec b/openssl.spec
index 6a74150..44e3cb2 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -168,6 +168,8 @@ Patch79: 0079-CVE-2022-3602.patch
 Patch85: 0085-FIPS-RSA-disable-shake.patch
 #https://github.com/openssl/openssl/pull/17546
 Patch86: 0086-avoid-bio-memleak.patch
+#https://github.com/openssl/openssl/pull/19501
+Patch87: 0087-FIPS-RSA-selftest-params.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -503,6 +505,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2144010
 - Avoid memory leaks in TLS
   Resolves: rhbz#2144008
+- FIPS RSA CRT tests must use correct parameters
+  Resolves: rhbz#2144006
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow

From 2bd2c7ac275a607d60456fa34fba09bfc2ef85a7 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 16 Nov 2022 15:55:08 +0100
Subject: [PATCH 04/28] FIPS-140-3 permits only SHA1, SHA256, and SHA512 for
 DRBG-HASH/DRBG-HMAC

Resolves: rhbz#2144017
---
 ...-truncated-hashes-SHA-3-in-FIPS-prov.patch | 3154 +++++++++++++++++
 openssl.spec                                  |    4 +
 2 files changed, 3158 insertions(+)
 create mode 100644 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch

diff --git a/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch b/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
new file mode 100644
index 0000000..a5633d3
--- /dev/null
+++ b/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
@@ -0,0 +1,3154 @@
+From 6aed6931cf50499e778a6d34502f9bf82f5a4c0d Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Wed, 16 Nov 2022 13:53:24 +0100
+Subject: [PATCH] rand: Forbid truncated hashes & SHA-3 in FIPS prov
+
+Section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs"
+of the Implementation Guidance for FIPS 140-3 [1] notes that there is no
+efficiency improvement when using truncated hash functions (i.e. SHA-224
+rather than SHA-256 or SHA-384, SHA-512/224, or SHA512/256 rather than
+SHA-512). Starting on 2023-05-16, all submissions to NIST's
+Cryptographic Module Validation Program shall only use SHA-1, SHA-256,
+or SHA-512.
+
+NIST further notes that the same will apply for the truncated versions
+of SHA-3, i.e. SHA3-224 and SHA3-384, and that SHA-3 should currently
+not be used.
+
+Adjust tests to only run Hash-DRBG and HMAC-DRBG tests with truncated
+algorithms in the default provider.
+
+[1]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ providers/implementations/rands/drbg_hash.c |  12 +
+ providers/implementations/rands/drbg_hmac.c |  12 +
+ test/recipes/30-test_evp_data/evprand.txt   | 384 ++++++++++++++++++++
+ 3 files changed, 408 insertions(+)
+
+diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c
+index 12faa993d0..5f9602cf84 100644
+--- a/providers/implementations/rands/drbg_hash.c
++++ b/providers/implementations/rands/drbg_hash.c
+@@ -471,6 +471,18 @@ static int drbg_hash_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+             return 0;
+         }
+ 
++#ifdef FIPS_MODULE
++    if (!EVP_MD_is_a(md, SN_sha1)
++            && !EVP_MD_is_a(md, SN_sha256)
++            && !EVP_MD_is_a(md, SN_sha512)) {
++        ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
++                       "%s is not an acceptable hash function for an SP 800-90A"
++                       " DRBG according to FIPS 140-3 IG, section D.R",
++                       EVP_MD_get0_name(md));
++        return 0;
++    }
++#endif /* defined(FIPS_MODULE) */
++
+         /* These are taken from SP 800-90 10.1 Table 2 */
+         hash->blocklen = EVP_MD_get_size(md);
+         /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
+diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
+index ffeb70f8c3..79ed96a15a 100644
+--- a/providers/implementations/rands/drbg_hmac.c
++++ b/providers/implementations/rands/drbg_hmac.c
+@@ -372,6 +372,18 @@ static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+         return 0;
+     }
+ 
++#ifdef FIPS_MODULE
++    if (!EVP_MD_is_a(md, SN_sha1)
++            && !EVP_MD_is_a(md, SN_sha256)
++            && !EVP_MD_is_a(md, SN_sha512)) {
++        ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
++                       "%s is not an acceptable hash function for an SP 800-90A"
++                       " DRBG according to FIPS 140-3 IG, section D.R",
++                       EVP_MD_get0_name(md));
++        return 0;
++    }
++#endif /* defined(FIPS_MODULE) */
++
+     if (!ossl_prov_macctx_load_from_params(&hmac->ctx, params,
+                                            NULL, NULL, NULL, libctx))
+         return 0;
+diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt
+index 8cb70247a0..8a0a2dea15 100644
+--- a/test/recipes/30-test_evp_data/evprand.txt
++++ b/test/recipes/30-test_evp_data/evprand.txt
+@@ -7483,6 +7483,7 @@ AdditionalInputA.14 = fc54b5339b37eb6889cfd7c185070bd0
+ AdditionalInputB.14 = f6a783d6d42e5ad5abb0a996bddfa04c
+ Output.14 = 683faa732c4551604c8865b5f777571c7d3cf1a60124c59b91283da0cda9b21761d1c17c81856958c6d590436c73594bb36f46c2f89237d8c7a7ddd2c58394c983f8f6c000d77566f2a1d89bac054bdb
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -7533,6 +7534,7 @@ Entropy.14 = 08a325accfe119fa807a95e8cc2cd8ff041ccad8e2c4cf49
+ Nonce.14 = c85baec1c2d1f3f189eecad5
+ Output.14 = 2567712d6fd3b52364b508bb2e4ae18e34b155dbe99fef9acbe21346715d36c538dc380a5e5900e0ebde76c779006fabe2b3f171fa63fa0f5ba264748278549c9beb26db701c8fab7adfdf48eb63e48ca6f3be8f17131c5e9145f5dadb00fe666a651d2b1b9e785fd444b05d4efa8ccc
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -7613,6 +7615,7 @@ AdditionalInputA.14 = ae701404440c584e27266a12318c1793b6a112d96e6a6749
+ AdditionalInputB.14 = 53861747c9627e9244679d58e2dc8cfd8a72d1bab611dfd1
+ Output.14 = 665481033912ca7d87caa56af2612338768b044953b02b9a50e0244bb805ca007648f71ccf923030e56baa13a88111fe211091a54744aa5d82abe97775878059dedc6272e7c7a5392d1fb443b770ee7f5dd05a3f2bba4cab1cf473d02648d4f8acce91ef167e3ac00c1c9324ca074486
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -7678,6 +7681,7 @@ Nonce.14 = e41f19a969494a2293ad0542
+ PersonalisationString.14 = f67bda6553b5e4b89e309cb48a336b78460aff498846c2e9
+ Output.14 = 44d544ac910b7668ba9c5524e388957520fdbf11383808a5a8008d119aff7e1e2bbe63b4cbff19455f20f3dc79ab0a83dcf0e403728f2a2b2a9f3b98930d9f285641da3b6b9a9467b2701ce1ecac82bad8214bb618c40999f5023dc2d97dc1a53a0296d44f6fc9d49db00959c89e9f5e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -7773,6 +7777,7 @@ AdditionalInputA.14 = 6a7418d4ffc40e11859f33189d5a8327042ec268b004ade8
+ AdditionalInputB.14 = 97beb8c47434a23efe536287d776edda7ed7cae84c0c7e35
+ Output.14 = 1fe94acb5f5cb7e4a8edf5be61673bdc066288538dbd0ac29ce2d43f7b890028e48131e6b3a7cfbb42772b63f2fac8c0472418653ee2ebcdfa5ec08683e7d4a9cb2c67cf7e22c2ddc779c6d9971b29347e6688113294c902a5d62c1fc35595e091cb10e5a895d7c3697056659ae457d1
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -7823,6 +7828,7 @@ Entropy.14 = a71c303bf17e128c8e0aa07fb61ccc1f40fdb487a955fd95
+ Nonce.14 = d3ca16fb12ae4709d411e5c5
+ Output.14 = 61a51fe1eca4cf947bbf2a77d643e7963ca2c587e0eacc8f7fab3b3f0e166197a4d15184cec4f0858de2773d8becb339bbb18ab2c10c8b246ca66dce48e2a0938fe1ab122b4930d603b937491ddd3d10abac731957f2e1e030eef33f7f311ed782b06697914145e266d0b967914d638a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -7903,6 +7909,7 @@ AdditionalInputA.14 = e098f0e076a3f40fd970f5d221944f0040ef4a18d88dbe6c
+ AdditionalInputB.14 = d7eb01dfd7c13fece92d35133c3be71efba145d7353c6d69
+ Output.14 = f03074a219ef31d395451ebc8534e4f2cd2dbfebbd9257507979ecec79a5f76359f2d6b4653b31704ae5a49f884db91ac335ddc6d11768cac7850734e76734b63b71ff12f3f8d42cd404009e7f4b66bc0a639a9354ebd754c17f3cc65704e698d9bc0640919c386e96760f3c36d8789e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -7968,6 +7975,7 @@ Nonce.14 = 838d1c69d8408cf0134f54e1
+ PersonalisationString.14 = f08a964b386eeadc4bbe57164d3b3a0c7c0068c49c9bc5ad
+ Output.14 = d8af077476875fca2ef9f04013976c3c278d30592361b923bab2f7e3c8af4affac5408c390b4989da254eeb97ccdabf32f5e246739d0e532a6ea317e7dda02bae5051ca97a445f5e0696a041e5f9f2c077b26e575d749cae344859864aa00f262c1c41b2964b78f72f9cb98abce103f9
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -8063,6 +8071,7 @@ AdditionalInputA.14 = fa0823db6808a3de1a7dcc081c01cca840f68b005d473bfe
+ AdditionalInputB.14 = d3054fa2bdec7c63dc009ecccf25c1116380ac25f82a9085
+ Output.14 = 556e90c95c1abcdde027fb2b88cf191f0686830ecf3fbf89de51c9bd735726131472a17f307263d57c03bd5ecd9ceba6cd5759b06594bf901418e2421fcef4b72678614079cdf4d25fa0b74985380552d2bbf478290445066e3f4a40a2e2b0792a685b769ffdb27721b1faa484e9c783
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -8113,6 +8122,7 @@ Entropy.14 = 2a55ddbf673f4e12538e61cd2bfda6f0316277661f553c38
+ Nonce.14 = a0c71049f5c75c23cc11c7ca
+ Output.14 = a88e6cc37617929bee1e14f74ee363d1e05fee618fc1eb1f8abaff42c571048032c84ef0ec7a6d8ad7e6c5a4a6e90d714d76643eca063287929032fe75a2b63fb1f83ab36a7fa12a12d7332459bba56b017654bc0fc29beae1897863a63276208f9d11a32780a627135b271efda4f4f0
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -8193,6 +8203,7 @@ AdditionalInputA.14 = 65e70309f7386d1a0aaa53da65263d5263bc5eaff0d5f3d8
+ AdditionalInputB.14 = abb8cd0ce0560309d2424d2f3fdce7af085e6c14699b4799
+ Output.14 = 8188a498ef9e0fd52a77c3a44f1c7edccf9248590aebc52cb9ba7b5cddffe867b26309f032a78c0ab751741fdd9bd77d4bd17be90dd045f6f8b45826c9900028f68138cf1ca8e18b253b8eb73ae04f2e156d51a792abdc6524e4f45e4ed0b06ab3b0c94bc5e1ed58f917c17f72161d31
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -8258,6 +8269,7 @@ Nonce.14 = 1ffb77244697c3d67a564d06
+ PersonalisationString.14 = 62865bf0f5af2146440d74e5ac8787cbedc544de16db24f1
+ Output.14 = 1a74f62cc6bb05ff956d1af526926b937a84352830a78c7ecd2ad9c39a796f29f640d188ded8bda0e66ba81c941fed5e82f3c78543d9fca14335459ad9d573362f6b5d69861cb94c0bb055723ba5416b1fe08e74f27f23cdec9db05b50b01a20f0337cafec896f5f7412e1dbe7307e0c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -8353,6 +8365,7 @@ AdditionalInputA.14 = 1a6853817be281e26796430dc90f014f6fde64cbef16e58d
+ AdditionalInputB.14 = bdfa703974a758cd4eb00661e0f4663f4e574cc7be6906e9
+ Output.14 = 23c9f591ec9abea9f9eb89ab8d705a1e570fd2888772db5d6fc6e418a34e32d78fe49be8d4d8288fa397b57afd49c07b715e276c68a2eb8f3e63f67de21d8ad23fbbdcfa03b201952fae49928ce4da66cb70638398bfdba4db7635c8c726a3cdac22c98ae776e881edd60b69f0b38e4c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -8403,6 +8416,7 @@ Entropy.14 = 7c8a961f01c1888456ae6042caf338c3ab8b5be28b34d15b
+ Nonce.14 = 61edc22b49e518eaa9e4e04d
+ Output.14 = 9d2eb0a41f7b03ccae8e4e3c61628e6710f5999f3991f04ba90fb3007275d07ff169d325ab26f3446e585c2d454ff8f6cd4a520190afbc06f30ec9b49668b09de45a116b171c210f5f888cf3c273c803044b17a16b06b44bc39344f2b2acb2f21f4b0a7abafec8c8d406d26477db9b7b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -8483,6 +8497,7 @@ AdditionalInputA.14 = 71b5b9e9b813b5f69e8fa9fa7f588217268581b7d135fd7b
+ AdditionalInputB.14 = e5b06d8f12539d36c665cf129c1c42e3b7e88edce1650870
+ Output.14 = 64595391a02ff750b46418274b8366bbca0e9c52c95bbdfa65882b76395887a018faa276f3fd6c8dbccdb964755e36508897cdac977037d0978f2752d1dc68bde3ba1edc94787c1c8cfe42c2347052da30ba7f1e06b44c10805196e7bb048cf572fda62b4a28fc189702b1e575b008ef
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -8548,6 +8563,7 @@ Nonce.14 = a16783ada78fa029ca3fe31b
+ PersonalisationString.14 = b20dae78f254b07fe3eeb7c793334f3f432930353fe7f221
+ Output.14 = 081803927779c7b2039681db542c965fe48dc3cfde712a361e77da9aaf9f21cf38e18b4e8e5ae5a365910ada327b05630abe87858163713fd8c2988975eca44ee3725370f1c68117e58c2164605524102f22f3ea55f21f7e8fccd9861c59973d71c0aaca574480be6ec8e1fb9a163680
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -9803,6 +9819,7 @@ AdditionalInputA.14 = 228522e58e65d50dfd176e8ff1749faa70fc2c82eda25b0748ddc5d41f
+ AdditionalInputB.14 = 7af60c47b4cd146a39887c9b812a1dd814d74c398609bbbfb57e73da9caff57a
+ Output.14 = 9528c88f0aea3fc03bb8a9061e159a06d78a2a654408808aa4d0e73ab1a51e5aa85e8bcae72d34784ff6f513193e183d556ddac5675314f2b5cfe392d1526056afe32d7c03e09ba2bdf3b10e228b0f600a61cccd9e7bf14dccf13b16a838e60909785307e6905d510d9888eaab169fa601558fc952aa8559d270ecd386d7fbd7
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -9853,6 +9870,7 @@ Entropy.14 = c0509068d88167921812103b67e734698d68718ecf42cd99e0f55836c162d450
+ Nonce.14 = 71a50d2db258ea35ba69b5716bf68a14
+ Output.14 = f66c05713ebe804b4273103997d260adbe8a7d0f6b2bb862b867ca59874ab9e0898102664af2a8db24a7ccb4637269ac67d5e834941303acab9076ebfa04cef64f73480afb6808f11e6ab1a9deae514f5db1c90c59ce988cc1d04012640a40173362de2689f88647268c665ca44f57534c9ad9b8316b9cd1d5a14942e94e90607acf6ad37a2398979e56e9c227c1803f90844d6140f10d0baf20dd789d808a647b4df54d2136d967461383dd4db9dc154dd89cd282a2766dd6086bf3825d095c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -9933,6 +9951,7 @@ AdditionalInputA.14 = 25d2ad9eecd3bb8bb60769942abd16edf0ba777f2541a4b0e80fdd70fc
+ AdditionalInputB.14 = 608c5789b5a2a6c11c7df095be8c81968c0bdbc6296026ab65195bdc5a297366
+ Output.14 = e1c600294a86393b7067b6e77ca83e68d28a6b76f6f81007183be65a50fd2f1adf6eec5a64cc753c5bd0ebc12387bde8c6ec10e6ec7e603f09d4ae624cc5423b5bd53da4f0af064e14a7d176369f1726fdcf6468ee15ffd7db3be48d196601506c71e2f443a768e03ebc35245d254bb87a392508ab07c95bce84ba81058ca1545289c9d8142aa0858c9cd5ba54ee2bb75cebb5b74e0d099ee458752d11ed70122aed1254609a715ddf2720798c9194ae4a7424e2c518ce7a8277ec79da86263a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -9998,6 +10017,7 @@ Nonce.14 = aadd62dbd7b34bf2021ea74a2788b17b
+ PersonalisationString.14 = cc3308e380672a955620fba59999ec4fcabf1b7f63089a124cc1f65d58b691e3
+ Output.14 = 6c39f49bb51765dbae1de8325e7a6f8f8aec031dbdd94b83d5c4e062848eb4e01e3912784f817ee16f9c2dd0129eacd3f7b8d5bb4cf9a4a2ef823b0505c2ac8e4a1ec30812e98564aebaec14ff710a77c1904ab1fa3fef3c3d09f2d55b047a8db860322fab6d939093385838ec6d11667ca843f69268ba1fb7edc462fcc285adc9b4b97f0f717c28ac1b6f371d90baa86e8728051dfe9b68f15dd31a6da35194253545a5d667df6a1322f6b73ba661c7407608fa42e1b894bd1b6e7641749977
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10093,6 +10113,7 @@ AdditionalInputA.14 = 0d81d8c5af9885d1b30d2174429bcc6979bdb2b82e6fd3ccdfe93f36fa
+ AdditionalInputB.14 = c63866629ed771e53d2fe2d5c21e98ebde295c3fc3896fb67279427c61a89eb7
+ Output.14 = b369b226dd535dbdab45ff8f13735214f9abe6d11463a44804b838d2932112ce6799341505b7b5bab423a3794c37f383b06be1fe21f5c7da97b333a41fb67908dbeeb2450a3581ef71870c964c976f039ee856fa507e9de948c4c097a64070b23cfa09ab7506a8ec4fc38a38ce21fbee3f3c1ef3ab598f5da202f35b90f422af31688402509c38ac25359409d2b61958390d28ca2d8b5dea99ae26c90978f01d7a482c12e134a81de0bf6c9f39e32a8b597ec7b7a05a805ebc7ce260c381f189
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10143,6 +10164,7 @@ Entropy.14 = 5b50064163ae6238f462461472ad2ac9acc300316e140abd9cd6edb87b8ffa09
+ Nonce.14 = 581d145675384210801d9c75d4d19624
+ Output.14 = de0ace4f4a728c681a0b326298142fe79cbff2ce5230e6c1ca3e2808692d02e4845867763cb9e93acb983aa54659be6f9baf210048baf7ea4f062bd7e3d9a6d5e7dccf427422b9dd93d392ffc810dfe185bbee253c3208e22a83c9804501321c6cc0357d22859487a3eaba53444f4027843699d5a78214c431ea741bba73bd29550925443cfa5f494372bd0e482e3ab4eace1b60187b6db588c0d252c8da3e0d6dd3e475040817ca2c85b1149d8447a52c111f05d7c14a0f6b7b6ea4f60aed3e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10223,6 +10245,7 @@ AdditionalInputA.14 = 80bb70930ef2015949b53d787630f5de93d93f98c577ca4632266e1bb1
+ AdditionalInputB.14 = b6afd2c00be2eaed5c1991909e89029db0b04598115fae5118cc215298e0528b
+ Output.14 = c20bd78d9c396fc8fb408361e1dd4827ed3231617a73cd8848e493927207ea23e6efecd4fae36aff74b5235067543c7eb44c290122f9167a0ec4c6a530ecb0936fd683fbd866b73afb712b2f20ccc981b3f70faec4f4fda62e956c7d04cf578b06259b0f3c044e6dc68baf91e6149efa70b2ad2b81c8e14d1a994887193e53bdb5986a23d0412e989c447689a71b283934e50c25e10bdef0b22ce7368840cf761e32aebc07d7b51da16dad4c332926a4cc9853ac8db36b4b01bb36746a28f527
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10288,6 +10311,7 @@ Nonce.14 = 3432a2e2263728e375ab973bb5842d40
+ PersonalisationString.14 = ccfee35071757d5141f55a481b7c44a584c5e537c636d4d0ba10dc3c88adf6a2
+ Output.14 = 72a77d1c5dea9d00c349d4e5a9e6dff63ef6cb80b7998ef62e7a1fdc2267057d07fafb993e8df868821c6cf76430f3b7ff24a527f7e41fda6d560a773d05bc003f7e1ed5085f6da3785dd999a4763894455febf7618750bad4e30d8f52f3a072af30d57df5afda08ae7cebdcb659e6cdeaff52b47d4dc571e28315ff0e38538baf436e02d157b64afc6d50e6a4c5842aff1e7573888c6ff9beaf4f91aed988f03032388940c4f54afda05bf55ef6fc8c673f01ab545838574f3bd4f22865cfd6
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10383,6 +10407,7 @@ AdditionalInputA.14 = 0facad642bc0004f946e3fdd149a4c0e52475c9e832c85b228bff6f2a4
+ AdditionalInputB.14 = 19d477a7dd45a0b733e6c301a4fd44ddf65d4fe0a0435b57e319e31de4797427
+ Output.14 = 2a48844f6919ed43a2b0b64a1d28707fd3265b418e0673190b49a606358062c1a54a6071c845adc6ad74193d746668f890423ebb971a63cedae3241005432c8f3fa3fe7f98d5912da34dabcfeb17c03ee8881de7b2ef04fa2147b78532eb0ce7d9244d717697138f116341c7b9e99f15728207f6a73c651b8940582f9f926253420a853ae18132093183a6073e3bc85633b75e1c6cec9323ed4142d0c8ca0dd5ab2ff2e6b304ab8cfe4aa98ac64951d836e074169d375ebeae8498f11bd02c05
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10433,6 +10458,7 @@ Entropy.14 = 3b6dde5f550d482d30eee2288bff802241ef20ec15696e614b7268f7c574eb1f
+ Nonce.14 = b8d8984703ca7f942951fca97129135a
+ Output.14 = 36d0cce70eb5aaccf9b172fccf68e01eb8ac8b1f2652cdd238f4b070c8f2d9a128418badb38d5d5fabe28b59d15cd432010716fa6a48071114b2168cd29028386171594291118e54fbf5b61ae3fbbf9a21ebe73a4aba482c7cdc5ea1a4f21a0f1b38812cefff9bae78c2b95f417dc0cda010079b637f825dcba059d154f5a53050db773250013a1f051de9f7882433d2054ef2adf9b7b57c67173c06ad16cac6bdf74a10bcc666f7d4a091a78131c5ed76fb733791278b6ee0f55302c4b122a4
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10513,6 +10539,7 @@ AdditionalInputA.14 = c6a3bc83220c7708eb7fff5787ecba27e48c894e15302e0ee7f4e5f09b
+ AdditionalInputB.14 = 39b854a1c487e24e1ed58916d8012277fafd6e7b6175c4be43927cfac9958404
+ Output.14 = f7d2f39a513f6c4eab993fa440b769ce09a15476e06ceda47969be05f53ec7f8409de284749cdcfac07fe7df66b1b6bd39389401909f3a84538d041e1c038a289869e51bce8bac13a0f786cb091628f0a3a7f7f9a2f620c98889688d46a2a037fbc1b2a4fff40800eaccf98a0bc1452ff1f53f040daa94e17dcd6acef97192c74075d064be5a97205ad97f693257d96c04e78654a694e90b80a5234a25d1c7ceef360d53e768067335097c4aa8f126a31882eff8e55cee05eba4b4325c203f4b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10578,6 +10605,7 @@ Nonce.14 = a684932ea2337296cc3d150174a47ce0
+ PersonalisationString.14 = b2c0af9038c2ef79ca8263a047bb9293a44ecdb457fb45945996157dcd199cec
+ Output.14 = 316fbc32ecc1dfa778b13921b1d624f9231c0ecca03e17fde750b1e31e76b1c330ea5bd62ca76150f231ac4aa96b06f845db2d03b65cdaba4c160b288a121eb144058f65a751e22151f91b90131e6756356e7f90d880ce754cf965f439189eb8bedf86c58e1fc2751e65637930c42552fdf81acfa1d4515ad49dc532b2a10b2b11209425ed1cf43c991b4a7c49bf6e701990fddc420608d74c3636829e4683c4e77a8151708d82ef8fb81b3655670fd4d242e357831bc091f30e6d139d5e5ba5
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10673,6 +10701,7 @@ AdditionalInputA.14 = fa32817ad83c85b594976eafab28fe25c45aa74d0ab4750b33dbfd8836
+ AdditionalInputB.14 = 2e5cb3c7c9503e019b3383eb6264d6000160c3c99ee5700e7a92433da1c01f56
+ Output.14 = a7571c1afd3d1dc1d3b28dbab54fe3514a0ec74ccf999376a963a3820474cdd67b190551ad5b24f4376633b4964490f79a94059a55b967f8dbe58eb20d70f1fdac91565bd8daf5223abfa13b132a140acd33e36f29fe1b107f62e6c45a679247b80c0aa050f1c2d3195629baef7422b72fb3cfbb82a2e4dd1966b1cc27b8e6df1907fbd6320f25594e1eff912cd9685755473b908e06fd30c4359258be0580e6bb2f986b0450d53fdbfefc3bf06c0d80648800234100af755acec4f809c39f3e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10723,6 +10752,7 @@ Entropy.14 = 1e1cde834393e00a2136b8924be5600c8bf59dc2d8a9eeae467ede71ee7b75af
+ Nonce.14 = b6035e96adcb7e8f2e17022e2e4f39ad
+ Output.14 = 9dde9f29034b6e784be24fe600c39b091568afb4c40c8e05b8b7dc36ca74a1bed38ab15643ca8c6da2f5aa4b7a6a5d5c9920cc31129c84e2fc9b865b3f30b698a143189a3f3b692b3e5641499c949e53e3619cb112f42046a18d5d12dfb3c6932a6a829d07deb17b799519b81e961ff293c0b2d24b629fe906166e330135e4ffd00609462f0f9b89a110084945243972486a0e1aedb2eceec02d402696c89abbc950dcaa72d7b0e00ed8e65c3e9eb1af7535de2da728f901650633242b3368c6
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10803,6 +10833,7 @@ AdditionalInputA.14 = 7112823304b16377182ff9aba920c97ec4d4f23cd472fa9954ded16495
+ AdditionalInputB.14 = ba183a035635d9617bd71b59fccd561f1c78a7589c7fb3fedf41dc2e6d5015c9
+ Output.14 = 94e577e5c4f66be345c6be7038b02fcfb4070d5bf74f8004b59c279cce961dcf5bfdce2f01e007790cf770587a68d0d24ef0fcd1a148fca6920e707289e58b81fa4a58b5a018a358d336a20daef30b2881844838e51c56f11533b25c77b9c6c6bb2c0657350f011b24db6c60a84232dbcd218a816563737585c1ca6152ff13304ca86dff20f9f9596aaa21448f2c6e620eee58f69338e3b675d29b478f34f0e60dfe7f12f02e6181d19185f7dc945210d86d31e85eae03161e947fec0f0fc91d
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -10868,6 +10899,7 @@ Nonce.14 = 67f50628067bc401648926d7567711cb
+ PersonalisationString.14 = 5f8cb19e3c86b179ffb8812db791e8bbe6b0caff958715dd9e3368a2d48f65d7
+ Output.14 = f178a20d27725759c839e7fabb63bd101c3352f582524ff088ccaf6f0546ecbd3d5165f1e3cacbb49ede115b8f6c8db3aa9720692efda124138d29eac17637b84977384fb88e81289ed5ec960e6e98fdc71d03ef0bbc05ac7682acdc62888b49fdbb442080687f902b5a313ac88d364b13871b20f684cf1acbfa229fa203607a0a37b4e1685d13a508da9f48dcd83f26751a2284044f93e18b2a206a1887d77c4b76e821952b376f19fcf53d83f704e3ec3b5c3cb4c390b213d57dbe4852914b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -12123,6 +12155,7 @@ AdditionalInputA.14 = 2cc9f137fcd8c2d526d70093fe11f90a0a36bc9764a4c5609072e181a2
+ AdditionalInputB.14 = e40361245b91880e308fb777c28bbfaea5982e45fecb7757bb1c9de2df9dc612
+ Output.14 = 66ad048b4d2d003223c64dd9827cc22ed3ec8fcb61209d199619177592e9b89226be30b1930bdd749f30ed09da52abaa2e599afaf91903e7a2b59ffb8fd470e6604485a27c200d375feff621118595a7a3057b7e31eadc0687b1008c3cb2c7435a5704b1a1a6a3487d60fd14793c31486af765ce2ce182de88112445dd5ff11b256cfda07018b95f97edbab4e4c39ca097c42f9dce80cd3f32677f3c224a86b315d02e377dca8f3785e9748ffdbe3fcaa3b0c6bf001b63b57426836358e9b315c6718e0b74fb82b9bf3df700a641ab9411d1b9fba42309a84bef67a14204f3160ed16a5497fe211aa1f5d3ae4b858b6d445f1d094543d0107ce04ef1d1ba33ab
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12173,6 +12206,7 @@ Entropy.14 = 42623115c0a43edeab391ee8ac84c2b3b1bebba8a6040cd1
+ Nonce.14 = b79f5c377be52381210c1c2c
+ Output.14 = a59dcfa9585b1080cee51ee493fabc22394ccd0949e3a4d4e5b8d60e1137288d20f65e7f1ddc1345869e1af62562d6c11044bb65d11dc0071a04a2cd0eab76718ec9a67d4482acbc82ac27685b98c50064b41e120a35e5ca57ed1bed6963fdd03e26865ddd3217d67cdddbc990c5833c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12253,6 +12287,7 @@ AdditionalInputA.14 = 450a2109e7d83a3ab2e628ab35af4dce8ce7205de7c5f365
+ AdditionalInputB.14 = 60d0ce5e11413c321535d849da56c3d9bf6222a3d2cf77e9
+ Output.14 = 27397574a1ad91ef6f332c954c0d5802cb9c90926ab05c116586995bd795a2f1b4706487da86282e33d0b44dcb7a58c8c4a2874ed4646a1e963b7d26b62e0a5e0a5bb60ec6e07ea6b7b7fe1194c3ca4371736e595707ca7fb56bc924089e66b137c47f9dde74b5de3687aebc2f5c2a39
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12318,6 +12353,7 @@ Nonce.14 = f2435f70e075f8044d4235cb
+ PersonalisationString.14 = 80fa0ec5a3a1b46cd639ae19c137239ba8113db33984c593
+ Output.14 = e547f6d8cd665204f8ebf6d64ecaa23fcc59c1682eab3190bc76ad4981d68810833f1212965def4868883529c0bae4a2345da6a0e6a7e766d16022c6f371db8ad089d9227e3a85168d080c3ff2bdd604e7f8404a16268bd66d70f5fb164cee60f1af97bdb6e1d72059d7028a13ec83f5
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12413,6 +12449,7 @@ AdditionalInputA.14 = 81356bf7d3122bd65b5d96d2ca68875e1d77b36edb8e92b3
+ AdditionalInputB.14 = 1f185d4aeca1d95ba4c8e7867df64296525e00db7da61e88
+ Output.14 = 8032e92efc35ace508d8a10f36a6e7110cd0b087cf853409e83dbc554633380e9793b7657a23a931e34347fe0ba34c2abdef6a8505e44da62fee97a9543b9e6dd6538726ec2cc6f6d19382562a4a438a2b0756fa66b48628af292e2f53e49edfae3ccc48a95f24c940a90d1abfdd6d0b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12463,6 +12500,7 @@ Entropy.14 = 3879ca720aaebb2a29c99c0aa21d63308b44677f2bbe6056
+ Nonce.14 = 2642dd7030605b3608f4513e
+ Output.14 = b7ddc2d0295a550e44103ffe7e6e1771cd488fa2ea32b091076085284edb870220e02ba6facdf27d8b34209048d0aa4cce4556c074fc7ec2c3691b95aac3f47c3b42bee3c2e35da17b040188d47b7effef8ac471a669f29e6c4b97ff6836cb9fd8954f57309a97e9a697e061010525a1
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12543,6 +12581,7 @@ AdditionalInputA.14 = 13998df6bfa51c2708775384f01cfe8f4755b6fe4b3c2fd8
+ AdditionalInputB.14 = 8d25383b6d04285fb699c644bfc9b7fc72de41c733f35b27
+ Output.14 = 3f408ca372917703ecb3449ea55de7a969a5ba184eee8f30fb19b99ae827c66b13f29d4d3a0236aefdaca63c28bb71595d3dc1fc20f1e7ba1b1c9bdb7c2122bd8e443b00b5339508c315ebbfc9bc3c7bebaaf83312325bae696a576b3c92931eef6b4eab6bd90c140295f47994ec6e34
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12608,6 +12647,7 @@ Nonce.14 = ddb5c0cd2b4b640898c2fd1a
+ PersonalisationString.14 = a096d62f947314691cfb647cc2f331af834cbcdd5918f099
+ Output.14 = dc9175fb05854708739c3da005592ada29d408ed6162dd278ee457bd3304e4f7011355da2302df1d0d190ef846cadaccfa5325d3f71c407ab2434d65d815dafa6ca15f7e701a104225a839f2fa9874ad49bbdbee576b1bc71ace28c825095510890861c851bb79e2e2e922c3ac22fcde
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12703,6 +12743,7 @@ AdditionalInputA.14 = 2bc060710fe3d92760adc274b878de0df82804e840cd098d
+ AdditionalInputB.14 = de879de9c03efe5a68a12da7a06003ffbbea0a9c53f5e0bb
+ Output.14 = 4968c67d2f830b591531d620b6c40de4e9a15dc97c70b8b059023033bea376953cc5fb415d823d55d5b02b17c2ac60a1c8ee7473d25e94888fae15c6a7770b75565fe505a117c734d0c7d0386cff907a893da3a83d45f51bec9d95670374524b4f59e45a04c88d1756ed854fa9f65693
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12753,6 +12794,7 @@ Entropy.14 = 7ce7dd98c93953a8b60d395a68f03b8919931031e8f68bb9
+ Nonce.14 = 1c217188f9c7980b8b03b41b
+ Output.14 = 58884a4316fe8104459bb339a4bac08d95461ad8e58f333eae5ceeecbf2d375e8fbb82eb1d29890ee0c56037bbbac8cd8e202d7ef05ed7126a15064699b9dfd4523782aabc6eaf21f1727d02c1311f5812c4b4294827a75f1cd6e6dcc73ba45ea8fc5f2647dff725f5fd9bc64d7b21ec
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12833,6 +12875,7 @@ AdditionalInputA.14 = e73890b772747a356ee1527501410eb5cddef015a8d6fbd7
+ AdditionalInputB.14 = 9145caf79d0b85bb7874c2dc82d52bcca68225a18de258cb
+ Output.14 = 4ce4c45336ed4bdf4004f326a049c195c26ff11aadde90d7d035ce277a5b158577a7e9971063ee9c0b5063ab1f20c90f619137c2f4713831d18f2237e1a3d522af9a585e5f43f07d911b8b977f6c644784c9c02238b9fcd0f663c8bc1913f783c200b388b4ecf30246c7120adf3db79b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12898,6 +12941,7 @@ Nonce.14 = 2b884a75ff571f92ba1eb965
+ PersonalisationString.14 = 273f3885354c0a8296b0862e19157fbad69578ec121cecbb
+ Output.14 = b60362ddfbb4fc41f4f5ef353fc0fd8f31e139876a3af0e69f9049aca46a5989ee3a1ebb6cf14f525c3d8a944f4e88e030e020ef6551289c93f5c6ca2f6bc495cdf49ac91bb86e4766ccbace5f7aba008390d2b6dfd416d63ebfe07f5d583b8f9916ebb54620953d0b73c136de06f520
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -12993,6 +13037,7 @@ AdditionalInputA.14 = 69720682d68b7043c331b889ce6d3d83aa3d33846e9ddc86
+ AdditionalInputB.14 = 350c63e7b01ecff4aa171f157c71f89a55637c2cac0253e8
+ Output.14 = 63fc9293971bc8dc151bcc2df20e4b5c7604138e4df49fed323c9f1cdeade3d5d1c8bc89e507e5da1f38c1f76d968ee45ba53a3da35e693e00afd683817ee7da5cd2b0a657ac6cf95913c859c6b4a15449fe9045a3af03cc198cf10b2deb67c5c3e9cf9a40b8251de19c6cf3114bfe22
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -13043,6 +13088,7 @@ Entropy.14 = e03af342db03da30e2b0e5b8ed76c2562194417fbf6be645
+ Nonce.14 = 6a9a5188dabd510894073f76
+ Output.14 = 7963276f1054db251369a0b91d854fabaa3dd5b2343ef4306cf897bf964fc8b885908c4ada163b929a19c948ac89c8480170eb59b9a8d7d2d30ddfd1248e2c1795c69da81fe72d6361d34754f88eeffca2c31859bc8940d6662abe2622fdfcc28a1764355aaf46a2e00e50606af2b6be
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -13123,6 +13169,7 @@ AdditionalInputA.14 = 9b6c491387a2394b94bfa8b077cd43bac49117e94afb9616
+ AdditionalInputB.14 = 7c04bea824d8aa7b19facfeb3a676eb51c31d7b92f0ca1ac
+ Output.14 = 332b884c8edcb260c535a218001d421e190d8b9c6b856fbc5a4ab45f92149487f8563138312a42487969370440675f5bc9b21a75d2a8386867fdf861c8650e26af47c5efd81d9fc39cbcd44ab0f4cb10325fed6f5b7ce5d8111ff71e5d78c7d1f53410e5ba492b9f68ca55325ea8b318
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -13188,6 +13235,7 @@ Nonce.14 = 9dcc6c4317ff492d0d7dec5b
+ PersonalisationString.14 = 7d30c5a4aa169c6dce156a8eaf000f9be0f8681e3282dbae
+ Output.14 = 550a9ad9e45ba359d463c1e084777bfb2ee25ff791070a87f01adc04cd1a7e9e6ef334e477fb5cadd82381e0add8a39ffc222150f17b8bb0d3b1cd80948c0a5ee09a84ccfff6c9ac33e6831d1a84182edac6bcc25fe357a708f78db9a88daf553914cdf0bc7a9b0527597f73707fec8e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -13283,6 +13331,7 @@ AdditionalInputA.14 = 1b8725447ec539ea4a13c47b323f1d6f435ba7e624dcf5af
+ AdditionalInputB.14 = 86d30af40a7a395764b8b69f2656954c7c3f1c30b2b703b0
+ Output.14 = 2fb2f24b2c38f217232dc22ecc7380b8240b05d2c7bc0e3dfdad268c8c10912a92595d70dd98e7ecdbdc6d7bce6c72cdebd7e121d75de8b6795b660be9096a1f24a97e9c5344c35f04451dbd8d9808c7a84c6fbafab6d060026490d492060f052fbf21a3bfa2a8e4a40db58672ca52ce
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13333,6 +13382,7 @@ Entropy.14 = 9021c403eada5eac222dc48e1437b6de48ca31b9e7e76fc5f60653a3d901308a
+ Nonce.14 = 503b4bbc0ca538983285857a573f6166
+ Output.14 = bca7456257568a178877bca602d331161828a4ed0758d1ec3febcc21717cc4142e5481dc9756c56099cb043130345689156cb96e1664ad007c461ef8b5b0fa7d18508541f528a43fe8c719f3a269ff2821ca655980579dfc2c794da673b8c9234d561b833855efc91b4747ea5135a1a05017543f5780f2cde8b472787173ec50
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13413,6 +13463,7 @@ AdditionalInputA.14 = 439ba9ee252edb11b09fd765266b220077ab641cd7ed42b7cedc96b399
+ AdditionalInputB.14 = 18e1dab1f2af82b8912be6791b003d7b0d66ce76a78cc17b753055b7b48cd2e9
+ Output.14 = 5af9e042af202c9584bb69cb54738c0352ef2c9b9483d6fc8efd525ca38e62f535f2ed5658770e8cc5d53d9f1964b8a55d871c78250851491441c924701a52175410f52b162ebfe3991a72472d8842248402a666d726ea71437fc4a521543a323d501a6942ec4b7fb77ce462face53a2ab9b1b9fcccfe2346adf36027c48293e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13478,6 +13529,7 @@ Nonce.14 = ef68efad369ca5fe791ad438cf9dbbd2
+ PersonalisationString.14 = 012ff5b08fe14fad65ebad5f15d74fd72d8577115e5e91262043e85a13a3043b
+ Output.14 = 1779c05411254dc5ff714eb56332cdf9a378a160bf0a20ca2da9e4c3b4e3c425d2f08dc969bd4924560c8caf9686b27720307af8246e6cef20fcbc00cb1f137b6efe9902f9944c1384bf917675a52b7b816795327afc4896182a78d4664b98196f89c466d5fe1e2a54122035863c8bd61461b2ef9e7b469492ff63364b013dfb
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13573,6 +13625,7 @@ AdditionalInputA.14 = 77d998ddfd7ab7577ca9f51d6cfbec955aaf9f88cbb3ae32db7f7c4609
+ AdditionalInputB.14 = 9ebaa09e7057ad7cfbf02e8f3143ef7b7c1dd6158f641815ecdf8e4a65c17f19
+ Output.14 = 161efdc30cdd124d4d6b3d43798dd79bac70f494c3ebaca111cfa3d9343bdb73ac0def00776486584f932cab74ee12a391cbf4890b10044f7de6c73f973e43837a43b7c47a1a9a36d7e62f9b7ce40064994a610b92d68c6d37aa5d9d92c3d858770ffb8fbd87324b49101bade3f2014bcae7deffc1e4f6a1a91ddfe7e6aa33cd
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13623,6 +13676,7 @@ Entropy.14 = 0653c409e957302f6eb62bbc4f42b30942ff7860e7c38dfb2fd26b164e83a713
+ Nonce.14 = 273f7eab3dc9bf11216d5216bd12478d
+ Output.14 = 51dfe9851da8d7d5add3dae413d8bab8bc7d1fcecea00795ffadce047d5243ae36f29f3611fb8cb66e98717a98735384aa6a310696356cb48f4672b2ddccf86eb44777c1616338792629b6cc6ec2b66dbacc1a6b66bd9364914f1f43277f6f43e13145fcdb73a4aca6b784f9084d22c967033651da610e9a85b1eb7513683dc9
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13703,6 +13757,7 @@ AdditionalInputA.14 = ca73cf447f2fc3984a9de0290fd9a984a8460ac715cddd9e8ed99aafd6
+ AdditionalInputB.14 = 21dd9cb8e146954a9745fabe039f6f52ba8200f575e9bbe19c703b8864f34e93
+ Output.14 = f1b153ae274a380c28668f1ee2c8c3a91f5380d41bd611d974e4e419a37debe664d0b706722184fd3e805f2ff05554bde7219023d1f62a52970aedf4d77e7b4604cac2a804e7b9353c087752f7f185991b10910724d0fd06dc6526d6102c8d0ee8c32f6692c2786d3b715bf3860539689e3f415855ddc37bbb6750972f3a45ca
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13768,6 +13823,7 @@ Nonce.14 = 10818cc50b58ccb660d65ff705041a37
+ PersonalisationString.14 = 2756a89e79266d6d86bbd865708321f529b023d0cb5ee5d9888c37db33dd5164
+ Output.14 = 7b3d778ee1623b08875305d5761ce2cf44ef1bab87c7d0f29c862c40d3da31240e7450d827909b6b131a9b0e9ad68d5c02caebf4f3b0b7d7ac1cc58e353ba68e7ac9eefc3de1310cf9bf5f4b854ef3fc36e940d4fc50072845a83c38a7d4372c191b900d11d11a907a50607c348951ccfeba4efc30377e4a965056e4e84eeb02
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13863,6 +13919,7 @@ AdditionalInputA.14 = 764b81871036cf65802c4e9659e25b8039be84bad1b121b536d2ffc269
+ AdditionalInputB.14 = 28d46df3c254e5cc199e14b45bb1e2f85a5da03f49dd76b5a16b76723d5b9855
+ Output.14 = 94e1fa76f879eb9840cd50853565f43cd7b0545705bd9a35494668bef7d7e7085b48a455b38fcf10f145f28a599c58e2f88c2855f2437a17d7333d243a1c25b76bebc6a94f7abc3fabe4c78041d9b3eaf675c11970b14cfc6ff20c8b23852b2733ef8d8416a920617a9b271beeabdb0462e5d23fd68b56f58e3554e81493c5a5
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13913,6 +13970,7 @@ Entropy.14 = 3bb1f6cabc56a02643eb767cc6e5bb3a5bd765555e4e27159ec905012f58de22
+ Nonce.14 = cc37cc9b20a2e4de0bdf8ccc3261eb90
+ Output.14 = 28f20b9a94340aaa6ca98174b5929ce3329d81bebd67faf5e30d12f775748c34c848bcda26cac8b4a9b34c7c92c9984a6f5a85269583358e985c2b372a887f9e3f0f3920dd512def27d818522ed1a49e96d00a5aeb41bafd152144a8b6f93426e73d6e8ef7a8a5381bc464b24061080af02aac51fdc52f404e1349b7d04daef8
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -13993,6 +14051,7 @@ AdditionalInputA.14 = 2be009fb81ff22c5c2e15c988cdac8f21a6f17a4277fb1df773bbbcc39
+ AdditionalInputB.14 = 0c869f061049dbaea48af93272c5b321977659a79f8bf0a5c6d68b982ef44b88
+ Output.14 = cd9e8213591ed7e30743ba0dbae5f08a4021845d961040c5188093d518c3135048ea8ff052fd66fa83bf98c06d39c6cb522dbc938b6824f51488197159666369e7a9444e04b7ce5832bd6db1b3cebf8c0f7bf865bfc3cf60d2a2c0ef06abf7737590fba097c29fed234369cf9f064b142ca30e3941093904945021372c20d90e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -14058,6 +14117,7 @@ Nonce.14 = 704e8e29c7aac1d8cbe97bd7305f8cb3
+ PersonalisationString.14 = 631c5d0240b8d9800211ee6c97a5ae77405a354ac25705f22d405e17a52109cb
+ Output.14 = 9ee855e661d4293fdd7353492c711b39625ead90849ae5808b1f67c55cabe17ae13f0f18c0954341d6a2d24b899785642c0b29bb1b81fe098a17f8701e8820cacf6c00a8dab2e96e7f8593e188aae48385ede7bb5ed5ffa3f19053663383d666d38eea377d121e0b55ee58ee8fbf1e49c42a4d3d48fb0c9247c6b94c6539f4cf
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -14153,6 +14213,7 @@ AdditionalInputA.14 = cf6884bb4cf7c08ea954cc2d2389eaaaaaa3bf9ab1dd74372c20bb3e12
+ AdditionalInputB.14 = 2b30cc597b280e704632ed1cd2bbbbba7a9953deaa809848eb937b6b1a44b91f
+ Output.14 = 4de8e3c529bda0753a9ba237633be4c844308c233d6e58995c339cc006c7d4789b5f1a6314637b9749621fae3982c5a748d58c080e12118d4442bb55732da53daeca71d3d033b10a2a807848babb822a346524b4a41e9d85941730b21c0e80a9871c9d9aab0e6d0269258b57fcbf7d703794bd2e5f3d7b3da9d3cf2dc2073653
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -14203,6 +14264,7 @@ Entropy.14 = 043872fa9f0c4d97e2c6824b778a4fb0debae214d3358a5aa01c0092c9dab6a1
+ Nonce.14 = 0fc8d529a37083c2efe84aba8c8abbc0
+ Output.14 = 22e8eb6b4d11657a66cba93f89b519bcce87a9bfa5ee22cd3cfef6180cb8ca842e8d408257b8140fabbf1dd65085ae62fb8b1d2a679dc0bb0a82ecd3b8bbc05782a20a6345554a1f5467e9811e0fce41a786c805ce2882f8b4d972b9a37eedbf828a381d34bab95efc47233846f8b5c701563033253323eda41effad5fe37d3a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -14283,6 +14345,7 @@ AdditionalInputA.14 = 585a4b6736338ba663522b438ab9255782c39b36e6b253186e821ae969
+ AdditionalInputB.14 = 2581ca0314c9a224b09c0c2e677e1df1c215cae0760d3ba03d1053156e9c3155
+ Output.14 = e244109b937e9a71caa70d627ec8280210c86676b4ea842c6a4569e5da0b25c1ab3794ade3344e2185641c77df4d3011962e8312aa7c2013e4373204d861e27e88ede82873d5d45ae5700ddf0ae7d523e96df236a249ffc6e009e231b77d64f07f395e57b19a4d2961a6046c910d0b8ac3d882129ec3e337be4cf2d9ef041a8f
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -14348,6 +14411,7 @@ Nonce.14 = b2328815495d926dc8ff075d5834bc20
+ PersonalisationString.14 = 4c539b94823c6c7883b071ac395203bfb5117b6f9d5db7cf4063132e6a2a3cb8
+ Output.14 = 4f6035946d4305290485c7aea10bbceb99b841770dbf5529e31ad51b0ce138344ac0b193a5074234adab8887a51d9448a2cc637a543372ed93885975b8de342c6a12a1ca8f3d053ced1dd2c7d6a3fabf6ea7860071c035f0fd54ee5775ae3a5d457d4af9e034ed337d79e9fd52c2ad051388dda50aa78d37403f33d52d30f6be
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -15605,6 +15669,7 @@ AdditionalInputA.14 = c9a1481cd25c537ba57750d594afd25f
+ AdditionalInputB.14 = 51e29804f9d079f3074ec398320b2a70
+ Output.14 = cb3cd4510de88f8081d8989c2679f76387b7d2cda286b75d659a3ab7c3b2ac77ea00366e7531c1c9f4f8e60c845c5d2a5e05fc999621d011deac3f28cb447a37c2ee815f7f5be3a571d153475d6497a3
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -15655,6 +15720,7 @@ Entropy.14 = 71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bc
+ Nonce.14 = f49cb642b3d915cf03b90e65
+ Output.14 = 144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -15735,6 +15801,7 @@ AdditionalInputA.14 = 03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1
+ AdditionalInputB.14 = 5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6
+ Output.14 = 72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -15800,6 +15867,7 @@ Nonce.14 = e8c5220ae48b0ca1412e9c74
+ PersonalisationString.14 = a0a1d6d3887f7ff9f13c85d6ae5af2c840fd85989b7e50b3
+ Output.14 = 14f629aee43f71b61d467ccc37de8eb6110ccdc65fff57ddd2e66707bb768e5de5df5467ccd55002815d306adc7b7d6b5d87c20d2922bf5fd3790282608457b69720be7d7affcdfecd173a741c7fc99f5f30f981b1bc102977a61f1515b923ba53cd87a37faaac12e0af613ba0972a0c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -15895,6 +15963,7 @@ AdditionalInputA.14 = 875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe
+ AdditionalInputB.14 = 4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595
+ Output.14 = 90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -15945,6 +16014,7 @@ Entropy.14 = 30efbec33ef98a928e9441af3caabb34cdad892669e88130
+ Nonce.14 = f77b7e0fcca6f8733e0bb0cc
+ Output.14 = 85f5368cb9f44474af6c4a159477c5cdd05eb0c0a37847bbb07e9a9c8f633ef2c3727d017f1bbfa89dba056062202f5824b3a493ab53a2a5fcf796d944577f1393d35f2a284453b2cbd8eaf35b9bae7b87c156cdf9cd0a2fc94ddb0d4842e3ab4b6c97089cac0e32bdeb32dd8233fd6e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16025,6 +16095,7 @@ AdditionalInputA.14 = 5c15fa9dc77d6fec5f7a4a3e4a315c05de2b5e46efe54934
+ AdditionalInputB.14 = fb65ede490ee01a1c100ad5e23a20f91b45adf1ddc15c590
+ Output.14 = 98cb3191831dc79334e8e37d5246600f822aaa40964b91f345b9df90929db1b7bdea96dae9aeb88d05fade5ae6c29aa8eeec7fdc96e654c5ea41ea01e3104ca4d287bb03005feab0bd1f85e556bb6bc46a2227b14fd94f9e6cfd0341cfce951851feb967968d6cc818f364345b715bbf
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16090,6 +16161,7 @@ Nonce.14 = 46f8ee037b927ec766de0aba
+ PersonalisationString.14 = e6299e0eb5826e498d873ac02892f01e02f6632101fcc090
+ Output.14 = d86bfd8f9d80eda3bd43850ea6edab2ba4f69ac8eea623fd6bbd5c0c920620f8cc136b0170f0310a156271981a9cf7629e1b8f0759de1e99e20a0930ce3bb7dd2d88bc9172a56108cdd736dc529a6b99862bed7d543bdceeebf450020762652d520105f5c5cc3c9a6ebb64af2a7e82b0
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16185,6 +16257,7 @@ AdditionalInputA.14 = 82f895626afb606f335f5f050f0fdf3b45275e0b451774f2
+ AdditionalInputB.14 = d423d43240cb6461402a7755f247573f24fab496e00b2e5d
+ Output.14 = b32c753900d4a0a0650d35d0fc918b3aa5f253d4381598ed475147f32c8b002bc08678e45bed1b9b519cb9729972886f85e581c75d3c2c9fd6ced929be29aa3befcd1d3fabefec590ca55612c1a0409446a01398d0e4775a548d118a32f29b0dc29530329d2a7656e5d3ef66db2b9726
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16235,6 +16308,7 @@ Entropy.14 = c617061099a17392c3092d27728b35e59eb45814e9df9fa5
+ Nonce.14 = e1634c0d96cf91c53b063450
+ Output.14 = f08234ed8621f1f551cf49ea60140313a71341f6886c484a06e74e64aba6f8ffc2cf1edd34cd93e836ab033fb0893e52e01da9b3104fe49584a45447c136222b1c1f1d3cf406a80ed9d782d2ae277790eefc5c06f954e654f7f283ddea79d2160cca1f63d0ad00eae9e882de34ba4083
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16315,6 +16389,7 @@ AdditionalInputA.14 = 857ce19dd6e8a45be185875f1a98911062045553e8d28ac2
+ AdditionalInputB.14 = b5f1998f0fa38145edb86ae4d569ef4dc2e0aac0a815d3b1
+ Output.14 = 8f0d978b24bae2a0665beaddfa61e8896ed7976432bc4f7c444699e30b8da1ecbab8990bab9d0d72ef6f6b0b27ede12dc171a43a14092d57e3999cee71b1356da5f29b17fec227ca2a4887bd990fa33e1e01c8a9f900ffbeb300cc5ce9d7d2e25a44fafc07e34acd61d425e0d36fb0f4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16380,6 +16455,7 @@ Nonce.14 = fc382061e29c4047c6f05dde
+ PersonalisationString.14 = 9b2eaa4c2a229cd2bc5de218aff95f6e5fbc7ef150bdb50a
+ Output.14 = ad49119d6b4f25ba34050920fc503d3d0d331ac2535d916a58d781317fcc2b1117618e9105ce192651ea9e19fa6756975d207c662f2b464416d849cb67b9af52abeb84f80863943af99c7916e78317a091ba90714ec8620f661b41d648c15c06e822329cd7f145446c5c3630a4243281
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16475,6 +16551,7 @@ AdditionalInputA.14 = c9aac7bd9f15385facc344dedcfa754bc9f4f30277a3555a
+ AdditionalInputB.14 = 42de701acf5622b30e7672bf7115043a9912c1758c1b316f
+ Output.14 = 972ccd5aa60966bac39aa9c891c7c513244efbfe3446fde6806cee991851f1e4b3d4a4a0c04b57242deb4f53d27040879562fc5b32621b46a642f3c84063c5195faf9b78ed92145821ae554d58325b03d60e11461adaa8ac87876559e1cbe47f7b5c33a8311294b0e54a44c97d4d2c9d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16525,6 +16602,7 @@ Entropy.14 = 47f141d1d0142d53c10628d2d1dd77aafc11ffe45f29b126
+ Nonce.14 = a1e958e036afd40059ce9639
+ Output.14 = 2096935329ffd975154c38a2c22e30ef12b7acbacd39868032d6eb31a596e617fc7e05026b3dae231f256ea94dd4ea4f05734eaa7916be6f846b0304ff0de389f3390e51641103e7dedee99e56d9455c80a7e10edfd2147a50b3864b05443a1646fccde2197af1d1d72ae3c2d4594218
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16605,6 +16683,7 @@ AdditionalInputA.14 = 49a758a4e0a8ce69aa2e5f9b7940c6fbcbfc4fdc91165e4d
+ AdditionalInputB.14 = 9c8ebc02c3d92d33112a15747b6367b8d6db3447cb9be2af
+ Output.14 = 70cf10825dab6c1abcc1532a1b2bccd96f0638d02eedb40a7ebf97093f5d0295b6bc74d9e48290ab39260d684effcb401427a4ca62b971e5a31f06c14a9f8e3851c3e79dfe129ecf8a8e185ee58667e2b692474a0d5f0a39f9d794adf1cd71c1266563dde24dc944661acbf849fe69fa
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -16670,6 +16749,7 @@ Nonce.14 = 82dfae196513724ae269204e
+ PersonalisationString.14 = 6e01d897ae919812b8408f82edffcfed8db6df2e2cbebd95
+ Output.14 = 6e9bebf2e54d8da4e8ede97ce463239245ff1b021acf4441312ddba96d1f3d750bf2b9583a8aee76e2ee36a56d8e2fd4e11377d15ba3ad0876fd467c375a744240de0a7b38974e0e7b27c3917ce4e22f2bc78861f6f8b1fb42edbb1b0cb869fe5169527064cf2f38c0154082af5457bd
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -17925,6 +18005,7 @@ AdditionalInputA.14 = 9ba9285889d50c27bdeb4a830a5b3120931a53980b30643557444718cb
+ AdditionalInputB.14 = 0f8716df331067b8ccf0e5b90ff79dd0f962acc69fc5f89c593bbb84e3501ae2
+ Output.14 = 9d2c0053a0fd3f9be1fe33db214f6f2d54aca573e0642bd269f1b1ca23c42a1e85c73449830673cca14feab4d2686814edbd90c325e0fbcd5a2d7ca75334dbb113a13a0bb4e838f6724c74dddfca8c2bfb903c362d3ea82acd60d01749f6dc01fcd6708009a58ee9cc57a0d089095efae66aaea68ac247cf6aa8808d1038a109
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -17975,6 +18056,7 @@ Entropy.14 = fd54cf77ed35022a3fd0dec88e58a207c8c069250066481388f12841d38ad985
+ Nonce.14 = 91f9c02a1d205cdbcdf4d93054fde5f5
+ Output.14 = f6d5bf594f44a1c7c9954ae498fe993f67f4e67ef4e349509719b7fd597311f2c123889203d90f147a242cfa863c691dc74cfe7027de25860c67d8ecd06bcd22dfec34f6b6c838e5aab34d89624378fb5598b9f30add2e10bdc439dcb1535878cec90a7cf7251675ccfb9ee37932b1a07cd9b523c07eff45a5e14d888be830c5ab06dcd5032278bf9627ff20dbec322e84038bac3b46229425e954283c4e061383ffe9b0558c59b1ece2a167a4ee27dd59afeeb16b38fbdb3c415f34b1c83a75
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18055,6 +18137,7 @@ AdditionalInputA.14 = 809639f48ebf6756a530e1b6aad2036082b07b13ed3c13e80dc2b6ea56
+ AdditionalInputB.14 = 3395902e0004e584123bb6926f89954a5d03cc13c3c3e3b70fd0cbe975c339a7
+ Output.14 = 4a5a29bf725c8240ae6558641a6b8f2e584db031ef158124c4d1041fe56988fdaee91ca13925fee6d5e5748b26cc0275d45ef35abb56ad12e65aa6fe1d28a198f5aa7938fca4794c1a35f9a60a37c7360baf860efd20398c72a36b3c4805c67a185e2f099f034b80d04008c54d6a6e7ec727b1cace12e0119c171a02515ab18ea3d0a3463622dd88027b40567be96e5c301469b47d83f5a2056d1dc9341e0de101d6d5f1b78c61cc4a6bfd6f9184ebde7a97ccf53d393f26fd2afcae5ebedb7e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18120,6 +18203,7 @@ Nonce.14 = afafaf2ad7e6449308e176be01edbc59
+ PersonalisationString.14 = ddb4ced192f52bdfa17aa82391f57142ac50e77f428fa191e298c23899611aad
+ Output.14 = b978826b890ce8a264bf1ad1c486aaf5a80aa407428c0201dd047fa1b26e9ea9ff25a9149215b04c2f32b65e007e0059a8efe11481926925061c748678835c0066f596352123f0b883e0c6ab027da2486244da5e6033953af9e41eec02f15bebdb4e1215d964905e67c9e3945ec8177b8c4869efc70a165719b8e1f153c41744d44d3c56a15822d522e69bd277c0c0435fa93e5e1bc49bc9d02aee058a01a04580a6cad821e9f85cf764fc70dfae494cbfa924eab0eff7842e3541bc29156f6b
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18215,6 +18299,7 @@ AdditionalInputA.14 = 9574ca51f21865c2fb0efc75cc9d90ec5e9c43104979cd64d00ea5544e
+ AdditionalInputB.14 = c0df840a18d7584b62c70b2f057bf824168edb673cb517cd9dac89a0fc80c9b4
+ Output.14 = b31e50202f883a8563cf129a0d5f8a33abad79d8ec8a97167ed7fca778e5892480617cdf50b5e51547f7ec1bede35020a311572c61e33e9c82968e8f69586daea3dc19063bea56503f8ca482918d229949acd6f1c52cccdc5f7f4cd43602a72a5375f3aabfd2834ee0494823beada2daeccbed8d46984d1756fe2207ca92186b506115f6de7d840c0b3b658e4d422dbf07210f620c71545f74cdf39ff82de2b0b6b53fbfa0cf58014038184d34fc9617b71ccd22031b27a8fc5c7b338eeaf0fc
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18265,6 +18350,7 @@ Entropy.14 = 5f28c73baaabbc09e8260df3b3577c21f2f02be057bf49d2e73098ed5ff67f89
+ Nonce.14 = 8c2f85b546903d8d4c10fe4549c3f673
+ Output.14 = 1563c678f1b072813888970996af33c2a6b70b8dfd2e146c46df0616509382062fc9c72d223ebd555f4d8892aafd7b3b61619559fe3d3e7b5e83c07f422eeac912ca7d8858a2d25b966a8b34348b8ebcf44a4651edb9cf5a886e383b01423322ab3002edc8c936aef869d7638f38ca6688c308d2a17fea0ded21901d8e9f1ff8508762cb1dc7e700970938a0ece74c1c2d1801230ea785165d62a7ab0d6d59caf36b30be8e2e1f691210373b7a2866e32ba4b49b6a2f9cc9b80aa1340ef5c76f
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18345,6 +18431,7 @@ AdditionalInputA.14 = b5d9cb4b3709adf297462f1aa8875c9f84bc39e323b8fe1c0df269344e
+ AdditionalInputB.14 = 5e47728cc468e0d2c6b6a90a20f83a9f0565716af54844552988f1d8c3a83eb7
+ Output.14 = 548c3496135ecfa1119098ea2d862d421af024a844c37a02142e2545e4ff1038f4b73c7f6b7d0fba8f92f292cf5ca8fd57dbe7ce129423e0ddeb1dffe89252dd6b50495c88f350bb77e08c8be409064f7e9cb751aeb779eae30b7c471dc41365f128d22474a7e90a9953e948642001f8e6ba8f91d250d8b4c6407892cd96b12e5d94e4d7608e6c11604357436c8d1cc07a21aeb58d396f413a31f72af1ac06864ba68c04e0c25971c1315f5a8c5c04fe252105fc822452d0cf66f86af13d613e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18410,6 +18497,7 @@ Nonce.14 = d28f752f6e466e3fd9595fd380fa14b6
+ PersonalisationString.14 = 232727310fdaac541b182497e5240dc2623a36b4efa7a912ab3ffaf9939c2336
+ Output.14 = 3bc26201261930bf3dc164d25287e41efb47c07c8c5c0adf3e86613435df202116331cfccd4e07c9ef008c62d4199d937221a17dc97be2043270ecc605d3d48c609cbce3aecba3557dddb304f440250b2c9fd78838483e2d5a2b22015b97869b891f9e42afe21df5fbb8dfc9061468c70c63a14b6dcad9ccdeced41d021dc0ff47821415e8793d34377258d9d6629b9e396b9d6b8bb7fc22e03ecfd4890d16912001cb7ed002e33a595052ddf7b991c5607ab93c220b2122783d51a8372a223d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18505,6 +18593,7 @@ AdditionalInputA.14 = 50ceb01860d60ed119f101d5c573b5db00402dbb03885a09e8d326156f
+ AdditionalInputB.14 = 01e09092bc892916c29f7b515823f244d147d4b16976cebd6a76a37ef6e62998
+ Output.14 = 6f1379c44d8131924c9a78286e80ebb34604ad78b531e795cc30c4f0aee422e4052f201ba226bc0c2aa3ec341fcbb5a87e24b91c36be7dda62addba6960df1289372e9677ce030555a9bd1691f559b8ff787dafa35cff5dfd66a2abd83f81552a82ba6ca7d21c438483e60fd77f93bc109f5be802035412c2af2873f5cb186b77dc055c0e0b27b16b1ef37de0b81fe63c4074a7cc8c3d27f71a992b5468351ef8b84a7b3e8f12458ff670d1381d879feeb1cd3b93436580c86bc2c33f27448d4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18555,6 +18644,7 @@ Entropy.14 = 57050c5fe58b2a2a0eba0d3b9c08a9b285e1180d2a297e0a9ad20740c6fa9f00
+ Nonce.14 = fc309209936c569a1367d45b212a9a50
+ Output.14 = 288668476b39814edbce5ed91951cec398ba2dc3bad76048df5fb1a2a680519c217ec4d57adc0251e1f8892a866b142e0953353bc2dd207aa2703f81814d26a60daedfe94d97de6043ed5f3bd957b7516681827f7a36d1b2a87b692c67aba050bc38b5e84f65f07d70cc34549f01aa390c5fc8dd01304fee7378e62549738e3f710ee6a4e32db3f472e1c2ef1e803e57a8ea992f389f0823c922bcea8b00ab844e071579170baae90839ffd5e00844ec343b02db090847cd323f8a68f0dce64e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18635,6 +18725,7 @@ AdditionalInputA.14 = a633f5f05ed8b09b70683a9f9a8e998ebf843b68a039dc3aa40cf30a5f
+ AdditionalInputB.14 = 9a57c6be8c1d992bcbd599952bd94a755d7ad686698991d189afd11cb88b9f53
+ Output.14 = ae0fd8a1bf6f2f53f9e81ecf6f40ff6a36fef58a3f157b6a435403e48da4e88cab7871bfe2233b92afd228bfe3117d7cff0798225a901663d51f0491109b9c631dd6d32c5bec2da321b8e64ebaced87a27f17f67082df944fa94acc6c557fa6816001642e38b7d776c631212b782f71aed6db760f90e0de8e81baaf4d419170362932e6c319dab948749b331aae41b4cb3267da37c9233c36d65d5482c8940387498453b226af485a37ea16bd9e4f938618f70aec97e8c1430a8d8b6aae396e9
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18700,6 +18791,7 @@ Nonce.14 = e1609138b91637917ec170fa3c3fb278
+ PersonalisationString.14 = 230db2e57b87e910cbab26fbac7fa93a65c07c1ec004c74637e346c2db63288f
+ Output.14 = fa58f2e96776b4aa079dbfb49d81d8abfcc30d459caeb45dec4f1766fdc3b234d52cdc5337ea770e71a28cc42c82cbefce896d1fecea5a5290300208aa79b5ff97d2091498d749b66a9e5b2da7b774567ae9f83b87a8417b1bd089935e575b16618ffe8ec04b91fc9315968dc395fa2bb8776133d3ede95aa89ae675881b26ca831fa5fe6cba800d2fed1d509353e8cba6f007cf3c5e0b9424cc034e1c817d5f7326764f5ed1d17ddf8900977a0172dfab50bf4819a67e4c1af4704f59eda3bc
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18795,6 +18887,7 @@ AdditionalInputA.14 = 32f618446311f03a0038dae07e85e19006a55b69501d764c241f683be5
+ AdditionalInputB.14 = d64a97650e2f25362fd711c7abb5635672e16a02a1dd5ed8a181762e86f4f5be
+ Output.14 = 54ee53e6d18e974913ec235a37a706868f217af33b25e8e5369d90071be1d01035ca331b8514f3d6186a9ec62b1e7808b7fa22859eea21e4b8113ef770772561eff7f8b6ac22125d002f6ba9f53b235f7d85dd5b601787201ee1423de5d971b2e758b3955a048b50f118c01122a8e657f69a63843bea00a46c4fc2ebbae36adaebfe3e6c9b1c82e498d3fe48d332ac1bf31ab4c80830086c8ee4b1ea190f8e269f74cd760f5a29d244064d09c1bc30832482d5205e35604a388250a7a196ec74
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18845,6 +18938,7 @@ Entropy.14 = 9168436a8600415b83062125de0ce6a998090216dea7374af08e6d3becba054b
+ Nonce.14 = 94206c91dcdf9c7c3f3571c703013419
+ Output.14 = ef12bd2b6dea20cd197ea9eabd98eec1a2943619cd2a96dd16a6c5485435e00c59570ff14d7d9fc09c99ade0e5ec12a84c0a8ccd5677fa9b92295eb2a620e8a0400bc9ad8a1ac1aa4969d8d04b77ad59b81d95cad75358698107dc8a2ff42adbd679ab29cc29cd6ea756f4c4e60c271c3134c48b5d5aedecf011e73c2663ad1cafe57120cc70137370760c350f4e9c0b8e9b01c9acaaeb56094434f4f87c67a5b5f674783204ab0d0598c06f0802a05ec97073c005f3c9f772fe0bb449c1cad0
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18925,6 +19019,7 @@ AdditionalInputA.14 = eb9e19bb6eb7b714dc4d56243897916364dae7bb3861a4697d7d3f2b14
+ AdditionalInputB.14 = 156d12c7a1d0af2cb9f2d0610cedd9ed3b982e77bf4a9dc1ef0f71284b751ca4
+ Output.14 = d3b0b0ac5150afdb3d9de12d2c8a7d45109436ed9c316aef1d1fc5bfba1cd37cd750841146dd08320539eb1678962e990f7b7662b44b918447e173672b873b8ab0348306cf6ae2bcc6756036870745436571763efde334dec5be7bb9920629a36cc5db66e8824695cabecb8bf092858e095a2a520eff140f483ec528131c850a8eaa48d8c997fbc810401ca378666d84020fd34af77fbe1152523e979560708fb15f3b7981e333ad4ee8c2fb6021a562f339616823cac5998cd919f82d43f41f
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -18990,6 +19085,7 @@ Nonce.14 = 733bf048e5b112426979a9879b6a0c10
+ PersonalisationString.14 = 58d91008875f51d541c6fbd626a49a798dc51d9cf2e8588808e74953392800e7
+ Output.14 = 1794335e21606d706dc89ace28c60a15c0c9f108f5ac882b103eb62e225de749285e5fb0be98a5bdc26e3c998ae418306380941d78acb7c81b91ef41cecab328332ac7404ace0ea858e7835534f778cab3e3e4eff043742e4f7d4d5725bcdca0b6be7ddbf79e57fcd1d5a4279f074a599abac2cd281ec6784e29d9399f5ffa8def3252acacc59844c0c24c20d029a89b4407e0b5cbe9a8d51241dd36bb82c400ec4571dd1baf831d58fed3dde4ac7f961be6ebc18af6bfa922a32b81ea11334a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -20245,6 +20341,7 @@ AdditionalInputA.14 = 06df99a38f4222b9e7e1e3f4a6f488c1dfeafe847129d54c93bccb1649
+ AdditionalInputB.14 = 3977a9671024bf0150752ba10c9f6432773bb71aaaa9d23d1ab72b90b7f0e088
+ Output.14 = cd4fa86fb559475f4cf4a60f111d3d0f71646d3d25111889332f2451eda96390c607a0178e1e79e8124c7626ecaa9822495e5341dc6f24818f97951bb29434c7c48d05838fcf3b43b8314827d3acc8fbe2c4ae2ab066626c25c32a760002cb1d980169f7691bee5e329ff1ff4938d3bdaae583f3561499563198a5eb69e73f6b963a5d072d23e07b0ce48cd04b31f9ea349c2cae355ba478e26a5fa33d8f03af84235fb1743d30910f5557194e3609494019bd705f8cdbf3d1b4dafaa09c9d8037d2e0ba0f96948d4302e981162c34c12c2fabe1a42da517b7e5a1f796980371420cb305d0a316bee56767ce1aca9260231839b92fa26fd75846d9304427da27
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20295,6 +20392,7 @@ Entropy.14 = 0cac1d970c06da6f224d49e5affec0fe338d0b375b66687b
+ Nonce.14 = 1fb1df257951ce8fc0cf12a5
+ Output.14 = 7d6e2be5aa574b0edff39ea938e94143ed92b287262891dd2a6c9193b0237e8fbe10056e15785bd818e548452792a31c728acc14ce2bce9295d3776885018a57c8580a8e7df9a34ea960e0b39af4510711320528fa7a0badc6e25a0eead8cb091c404f626343c63d40044055ee9f9e35
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20375,6 +20473,7 @@ AdditionalInputA.14 = 38ead8a466e462f5c0617822c23294cdba07a80fd51dc241
+ AdditionalInputB.14 = cacc9efb209c71b123498182d25081aab8f0159bed1fc0c6
+ Output.14 = c200766d5caf72e64a77a7fcae1ae3d14681e33767ba2ba7faca26209fdcb59c7202c381b18adba07ef0ceef443d9e1c5888366bfd953d614bb184370b45ea2b44a251e381fd2bdb80bf4bb8dfe011e1b143032bae9ce82c2869537e70d36622bf23476163a2dace9ba863a5f0e3d303
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20440,6 +20539,7 @@ Nonce.14 = 7e2f3e4427d00de41ae92bf6
+ PersonalisationString.14 = 2e8bc8edcdb3dfdd451542fbc68481b30964fdf8a6ca77cb
+ Output.14 = df949beb9b33d2c1522cf6fdb3206cb10b58411ba9e28a4096cda7662b69d23e0da2be9557b9a3b5a8d67db4d616ae9fda3a7e0a8516196568f7a81474c0264993b141f14066fbfc29da724e447f6e503385944e902510f0b3971f7bffc6a6a202ff88d8113bb222b104055f427fe770
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20535,6 +20635,7 @@ AdditionalInputA.14 = 23a781948449d82ee235d0495ca48d61aeb399d7e2ea68b8
+ AdditionalInputB.14 = b52421e5b0e5281920da6975ee18d74ceebdd5d5de05c018
+ Output.14 = c878a886e24e20a8b7e22e41ebb33a2b6e9a0168f4c72bebb78f0955c8449592e91c6a2f1ba5554c9459bf2702e67470c1df0b5125d651facc0a9339a2b7c921a51bc7203020f085c9231b3acd850ebfef0d0e13dc8bcfecf1f9853930ecd9b262cecaff0e2bed9e3b5b53343b733766
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20585,6 +20686,7 @@ Entropy.14 = 04c61e5cbd79804118267ee1c76db36b71b042bf60a1c891
+ Nonce.14 = b833be09092d4755ee6118f6
+ Output.14 = 0c4663313750b12daaeee80cb28f097cbe6f50df2022f9ff02a51fb373da42411c5856a136e9645e99e69aee273726d146e3ef4e546273eeca52b43c068887148b7197143f5b9a4c55d4b0544907ee9ad2f181d1b37742d1479d39e78e47505603550d2b28bc1d151a50bbac140988ec
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20665,6 +20767,7 @@ AdditionalInputA.14 = fa3bc697a6bd8ce341735365ad6e214d1e53e8d6d0a2c206
+ AdditionalInputB.14 = bea0650424d1f26e75a49ae2dc529f1fdc552e3a0aa50948
+ Output.14 = 4a718257296a3a99f199a5a24decf8f3e6209a4a7fb0b24913393c8309826ffcd6c47208ea6879921424ca55e63a7e5bc63a030cc48be7648da78fc9f314dacb2b8568635e5b14a94bb06a709a2f023a86a871dfd708204c911d94ef3690b3634e58de03fb20091d628bec834a760dd4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20730,6 +20833,7 @@ Nonce.14 = 4b729a67449bb5675a1f9d1f
+ PersonalisationString.14 = 9160b7c96fd367dd7d378e82be11ad1827c7661d76bc1fb4
+ Output.14 = 1d7ab4500d99a18b8be2ffb8177c869059e25f1ffbddb36694fa8561da1d71f86a38accb1926339f6dff71ea8ed104c3518e62b00e520c51a096c1c62469e56b139e6384e982588e748a8074dccc51d558d944868e2b8e1dbd68bd83c663447590430ebe15c64aba4669d1a4a784d8c5
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20825,6 +20929,7 @@ AdditionalInputA.14 = c375af43c11115e995f47212f81cf3cdca5801d184d82235
+ AdditionalInputB.14 = d2eea45f69c6d82dc3a7bb3be69d595c86c5ea5b4aee6001
+ Output.14 = 907452bdf42eb168195313eefd090a2fe1be8b668b8ec7153a4ed4c07e6979244282e976decef02ffd4fd92b0d7b90bfc453cfd81a823dc162dde29dfa926f20e395d7432e0aea61c72e05c1673180bee3b47fa171cfba98864fc2bf83878e37c7dc019d465788aa1500ab3db8997d3c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20875,6 +20980,7 @@ Entropy.14 = b37ca70fd13538ef74c5a3c7ef00a78705919446954ec43f
+ Nonce.14 = 3ecbdff8cf33b50788dba82f
+ Output.14 = 1bcbccc535fbdc8617575d46ea5a9cef2622995dee19aa4b998325dd8d0935957170f6b18219354cd2759ba53c9c1f380586070db0c89979a581ce1e00ce38855e123dc3a2dc9ce74bc3b6e27c9603fb87c09a1d90bb540d267d456f5457daf0920a13119a2b805f9b97b154f80f4bbf
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -20955,6 +21061,7 @@ AdditionalInputA.14 = 9fcab4a8d0d1036a6210d56a894f861fbfacd4b20c081f38
+ AdditionalInputB.14 = e279bf650f812b8931662e59a0da7ab799c193da1f6eef1d
+ Output.14 = b3ec81a3cc8dfa4e1ea17d33566a4444bae9969244e7a8970eab02afc8797b5fc85b6614ab009625b81fbe078bfa4db78ced2d8b3f1e3342b477a3fb42cec7d44546585621bb8310075808aaddef32ede3e668e626711fdfaf2569721bf645edeaf74a9826aadf0a9cea9893aab4fe3c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -21020,6 +21127,7 @@ Nonce.14 = 98ec3ae036755323042c08da
+ PersonalisationString.14 = e6f24d96c8d11cc68e72f56ee7e345c5a0083509821fdf17
+ Output.14 = f5a9d375a58d1b337d245d29b7a9e352cbb0fc950276e042d075a71f4bc43b65b063bff299c670adfc46db39c4303adbbfebcea1df964c27d33cbfe4d46567475abff4f357252ff7d05ed4ac34e6ed14c33c192909426654d604736f3bb0ba01aa5e0454d60dfe8aa5b2df3a52df22d4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -21115,6 +21223,7 @@ AdditionalInputA.14 = ec35738bedab1835d07ec7a6d9a5e6e0bf8a3283541b3216
+ AdditionalInputB.14 = 689957f9c2c58f1ff34899bd0c295bbfacdd149ab378428a
+ Output.14 = 6eebecbac4dd64b170cf6aa84788f643755ad5c6c731b63bbba3b2bdc2694f1fd42fb077b4309a0cb09b5ed1107fee2379272351ca9221069530762e4c8ac4c142c30167a32ac2b82b728d57bef95d620cd1b7a2ab5c1a6fac2cc90e0f6cd003ef526485c8bf0dbc9baa7c1f0d6f763c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -21165,6 +21274,7 @@ Entropy.14 = 2fe6d7ec78f76820cd88c41a5a958c399c7ad1619406caca
+ Nonce.14 = 1ed975755cad5e4c475c5945
+ Output.14 = e34b31db083e58516cd60ead2e5b0d39e4a2bb47c2436531c0e700e484c27d3d233d10d1ea6c58148149751f24155fcd258f384d61000da88106a0205d693e4ddfbb5c35f101ff15e531e9ac4a988c16302a962146a3aba9af5c505697cf9aeb7bdb8c49c281458acc33ad4010122aa5
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -21245,6 +21355,7 @@ AdditionalInputA.14 = 17c87a351e940e261e8806e2548da44a751c550ff5f0257a
+ AdditionalInputB.14 = 7e3bb28f266786ae38c24876087fe35c7e43222382270380
+ Output.14 = c943c9ff0cde86a62756465e6bf4fc9dc25447157537831c975782dad82f3e33e6e7790b41c158713b8978a6967bfadda9e15ef43922b3f93c8ccd0cfa834fbc6776f3c1b6369b4f25b1cd1189f8b8efc31be2dc151d3608eb2189a4f39c0f0a3deba00ffc97299c11c46885b424a7b2
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -21310,6 +21421,7 @@ Nonce.14 = 4fb71fac56d2aa35d7fa44d1
+ PersonalisationString.14 = ad66fd02b6f6e30ce521ae0d783236c75cd3699696475ac7
+ Output.14 = 4b2df98ad411407c1dff07b5c08e97ab501fc20ad191794dab73e9b4dce62470b3c70d75f07848f436f16a8c63ac31a75525bd928b5c76218099ec940e3ad193eecdbad834557e92602d7daa6e3eedcbccbc4d0829c8e1c7e59adb95ce928bb138870566eb27e4725191a9ebed50304c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -21405,6 +21517,7 @@ AdditionalInputA.14 = 30a66bba0f4d6c249e271de8927b6ba1e99fefbf3386934f
+ AdditionalInputB.14 = 1ebe06fd88f8f914ea8f590483994fbf227613e7f49ff18a
+ Output.14 = 38b4e2bf6aaf771df03b3bc37a959955dec83f07af4bcd995957a31991c5ee18b5bcb7754f3bf6293665dff2b4769d081d9be6393803e2c62a73ed8ce4adb17b36c1e0deb8ff6106308be9019cd179a92feeb184d93a9348d3b14a70bf13fd74d12cc427496803b7fc041f87c630756c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -21455,6 +21568,7 @@ Entropy.14 = 7f422e735bdf349e4f51787571ffe061ec7e9181fa0b6a342e36611da25c1a15
+ Nonce.14 = b09d8dc6997bcb567cfd788d0e06483c
+ Output.14 = b83bb6e99b0a5237242711e27779d05d2157402856f9653542f1ce52b1a7463e13d5c92309a06d8a78773ad70504b64ff070c2e6afa4ec3662f2729cb7552235b79c18e08354e334474f238ee74feb7e892d5701543f418cd7f2f5533437d9901dcc54687816f16eb7341b1707c6310a2085dbf387044a78fed850b42fe9d8b4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -21535,6 +21649,7 @@ AdditionalInputA.14 = 5722b092a5a0195f14b5f236885538cc7a514e997876c06f634926c695
+ AdditionalInputB.14 = 6e4f341a0524dd1085aad0b6c956057893f737704ca2fd8eaae6231e9691688f
+ Output.14 = a757af53227bd8555853ee2e643256074be9904d2fabb0ca86a645b0ed1905731cfbfdb7eefc83938fb576d7e5da8135300f8e934dca521637ed10e5e791e18e82c48085f511476452237ceb930e0307e228886d36aeb83d8e25ba23b38dce6dbc335de90b63db4021d6ebba5dfb6d8044a2bb7bb20aca679cde16406c8c4746
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -21600,6 +21715,7 @@ Nonce.14 = 06b7b75d18365f4957489a09204b2672
+ PersonalisationString.14 = 9e32f001033eba3bede220d4f351ce110e6ee2eb0b099ce54f9606a21d80b1ea
+ Output.14 = 508333114a0abd5fe10327daa0f1342c66569d912a64d8ae89227d0d8ed5b4052cf84f0c38927d88dc0d7c476e747965adc9579a4603a36566a1730f55ed7b100c1695f060674484781682ee629167f7adce89885ff04d722d960d0297d2abf79bd3338126c2d356a91bfa588f80db7ea365bf181fa5370c478a04d05a515b78
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -21695,6 +21811,7 @@ AdditionalInputA.14 = 5b2d2bf0653e3c075c469de5e2a093193e700abff9792a9f3bc0d143fb
+ AdditionalInputB.14 = 976c765df6b57f0eed8661587045826c329f4f1994020de30fdd835912f72fe0
+ Output.14 = d8275a104f1dad7412637d12fabf9dd1b06592850cd48a3f38304789911efe8f08970b8f90fa021b04039cd3d1ca573c1586e7ef586f4c623dfc559efc0f2c89e4136b59f0f5706a74679d1c95886a5ad05b9a850043cdb19d806d617b2f640f715351cff6920c47f96a42b872a512a7b2e99e4d0c2230861b16f3b38deb9b58
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -21745,6 +21862,7 @@ Entropy.14 = df6edf960abe3aef5f50741907c0171906c0837ba3bfaa3a1044fcc4f19ed21f
+ Nonce.14 = ff2558bec3e5377c12697c908d629952
+ Output.14 = 9d68c2674eac76f3ccabe1c6c0bad96d5fbdcb1629c939e397eefbcd2ec2f25803fbb9aa72db952f7fedcb290da99f34c0fdd637c37dde1446d475a61c38c3fc5c1ebf9541d136cb02a43b2646df7ee4bd0d9191157dac92a33f401f089ae15618624fc0baf707409aa2f80cd5d0676612c2667aa420acc6e016e6ba3f63c686
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -21825,6 +21943,7 @@ AdditionalInputA.14 = 4bf2c816e2c3e9721d192a670153d620aded035ffa214cb0d7638432c3
+ AdditionalInputB.14 = 06f515395ad7c3d025af7df781b49b62f068ec9398f6dab31ead6f917c663de0
+ Output.14 = 1e70791e6a8ce753f959ab75d1225b44452ce7aed0fb53b56208b3f26419f004983c452d724c483b4f9b70d2d84734ce8ec0258d8edfac639b355204e14b5b7bc1d3aee6ddd9f5da54c6cb086d16ce381c2d5cefbceae3afd56c13441d80c7e6081aa68ff57f21d460370de9ae713c17ab14a81f0895e9e492af7c437d7a5799
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -21890,6 +22009,7 @@ Nonce.14 = 2c4c4f3a953e551746f7e258821d24f6
+ PersonalisationString.14 = 676a9304a3f744c62c7f5048f2137982c89860577cfcaf0d855514436ff8eff2
+ Output.14 = 7bde8a5a34538655ab2ca26d0447eff3c6da298b3fa53ff0526eeeebaa4a876b60e47ca544ae30ccb00176ff84920bb4e4a4ebc3cf74b9cf8cd8ff9f7b11266a3c9bf918c458760bca6368ddfb3522edbc61ad14f2b638294e51d82e617d8c0c631aefbba50dbcd1a0a88963c3d63959909ce2cc669924d7163b01cac468c0d9
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -21985,6 +22105,7 @@ AdditionalInputA.14 = c168776136197bc3877c824461994a4cb020b61ad1630bd8f38d0db211
+ AdditionalInputB.14 = 4f54082a1b9e6cdc8599e1639865c00fd758f403adba5cb74a37e2b20f29b654
+ Output.14 = b48984588cb54f78610e05c8a7ce12c630934f5ed2e4cee21e523fc65a7b8412189ac51823ecdf493844a859aa87f3e84645f22f0914245043f7b86287a85db97697bcc84684b072162c2fa636569df83fe85f1ae25204786bfdcf5eb85006d09a4d97b162248daa8ccbff9eca28b7bce9fdbddcb8679ba50b6648cb3bfe9af1
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -22035,6 +22156,7 @@ Entropy.14 = abc502a99b7c3cf14262f6b036925a9904105b019592a2a6be26d71fc42c7444
+ Nonce.14 = 40a212f9e1a5aa54f2c7ed4ccf631c9a
+ Output.14 = 0e747d83e2104367beca697db9b6bb994061d82aae7b1564f6a0911a1f599084a7ca7c94e232908d41df93a6b416e76146a53b490afb552124fc0c2087cc45de96390565b58f913b5dddbc55dcdd2617ea27858ae7c7748b31d832fec0fafe84594ad7b693cf972daa9521ad4134867339536ed5cdf02a758e40d5d96802f4fa
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -22115,6 +22237,7 @@ AdditionalInputA.14 = 2a8cf10885a141125dae18c40f7bcb7e09c1b2726e22a7f776e4735279
+ AdditionalInputB.14 = 7c2db5278d2336764d274bf9624db7eecad2db11c6622831e47338ea3ef02ad7
+ Output.14 = 08ed2c3aa35812485ea8aa0b16149ee4f3207a0368be2035e202797939dd2a1c1db1ab244434edd783c7574bf48fc99f93827a1fee91cd1db1cad53512b6931d2d63018045b2a50a9b523a6ee212fbcb21ffa57ef998b4ce24e5f2f875a8ff3a45d8602cd56cfefd2f61f73d00dc33304a464f4fc1f7dd311b516a8da4e91151
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -22180,6 +22303,7 @@ Nonce.14 = d5aa1d24b7c7564f6836f626bcc6d32b
+ PersonalisationString.14 = 4ef1e00dcda9e893d066ce48cd291258a29e0a234796c30a6465079cbc3d3aa4
+ Output.14 = 43da46cb7b737ff7617715e3a8aa4c42d8cf1b62f32ea97d035514a10798f5bcaab550eab684cfbd5c8d3e1ce6d9fb026812e647ae6a50d3d8da8e9e2f1d5f7fe550e7e0b88e146925f2aa64690e1a5a5de152f6421837c15337efa80fdedb0a4754268bb83fcf0281b05b3885dc64b87f1da61b1ab219779ef44a1399b992ac
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -22275,6 +22399,7 @@ AdditionalInputA.14 = f8dbd6a405435595b2520bec5026075514955a666e4ca34b7d0339b0a0
+ AdditionalInputB.14 = d9536bdf1c3944d4d239b6dd13750c16a2780d943d4cb5fbbe418189a7d65432
+ Output.14 = b5e12e5082c09fbdda81d1a2229ef9bd46db84e62ecbcd1a2c4e88557f8ed3b5af740fac2bddaaf441b66084ce2239adfc9d02f001cd23470535f13ee6ed73256adf902b359930093ffb293a7c007074582a356529ea3ed9a5ac0a1a3f62df5fe09d27f5a7ac6abdf1fbd5f5e5da70da5e3037fb062d0817b077b56457238108
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -22325,6 +22450,7 @@ Entropy.14 = d233eed6e4a43436e4418ac071bf9ec00d463d0568cfaf7b4174f96c1f6b8564
+ Nonce.14 = ea8e646e88f7fd6c8e590155df15558d
+ Output.14 = 314dca793ee1eb0dbe48bedc324b557966ac7a17b900bc4167ab4b65fe6b34ae625c200c4e21428ed258fe28b99c31cc4e8f9eb93a793c3e33fb0b75a2595a3201d939dddfa27911ad6f731894e16692343f25de291da89570a257a95cccb42f7d9820afa9b35d16664f95a2099ac929683b7480a4d1e34291853047ced3302a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -22405,6 +22531,7 @@ AdditionalInputA.14 = 46cc09705223bd3c01fa037d9a19dd2465bc612f519e51d33fbc845742
+ AdditionalInputB.14 = a9f78f79d034d46086bbe5c8883dc2a34a1a17414aad2c767a3b3f23dfc9b637
+ Output.14 = 2674afd329d03ad3b1bb8157c3100a312e29bd72b55139c408afe7f2c9e6d53df2cb8b829b7351a80cca8f0b59d60f6454ba60b154f654a09aa82a63fb28ceab9435cb6022934a0599a4c3a005bccdaa8bdaf8246ca654692a6c038cc82fea477fabdf3d6a0975e952ce3feb7fe8c4510b8c5347b21da5431cfee69e9dd2d8c4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -22470,6 +22597,7 @@ Nonce.14 = 4788964160bb81d6f6c2675008b05410
+ PersonalisationString.14 = c56e284ac65798010eb7bd39ffdf49bc25fc2e663e90ff93f73c97e65ea82935
+ Output.14 = 683493fb3c6ba0ae0c42009beb39fc37a9d235fb3fa00648ce4d60b4d6bdecdbaa1e2ca0c0fc80c53f6f8ceab31c3c42764b8f23c4cda91743be33e0a77fe5a4297701bdec6b2a5712e76c64bb8b7e03a257c140cd8aafef046b049303679a7904f029444d92d673107bdbf769fc1130429ff64b527b0ce2420e2c70e8998ee8
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -32177,6 +32305,7 @@ AdditionalInputA.14 = fc54b5339b37eb6889cfd7c185070bd0
+ AdditionalInputB.14 = f6a783d6d42e5ad5abb0a996bddfa04c
+ Output.14 = 683faa732c4551604c8865b5f777571c7d3cf1a60124c59b91283da0cda9b21761d1c17c81856958c6d590436c73594bb36f46c2f89237d8c7a7ddd2c58394c983f8f6c000d77566f2a1d89bac054bdb
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32227,6 +32356,7 @@ Entropy.14 = 08a325accfe119fa807a95e8cc2cd8ff041ccad8e2c4cf49
+ Nonce.14 = c85baec1c2d1f3f189eecad5
+ Output.14 = 2567712d6fd3b52364b508bb2e4ae18e34b155dbe99fef9acbe21346715d36c538dc380a5e5900e0ebde76c779006fabe2b3f171fa63fa0f5ba264748278549c9beb26db701c8fab7adfdf48eb63e48ca6f3be8f17131c5e9145f5dadb00fe666a651d2b1b9e785fd444b05d4efa8ccc
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32307,6 +32437,7 @@ AdditionalInputA.14 = ae701404440c584e27266a12318c1793b6a112d96e6a6749
+ AdditionalInputB.14 = 53861747c9627e9244679d58e2dc8cfd8a72d1bab611dfd1
+ Output.14 = 665481033912ca7d87caa56af2612338768b044953b02b9a50e0244bb805ca007648f71ccf923030e56baa13a88111fe211091a54744aa5d82abe97775878059dedc6272e7c7a5392d1fb443b770ee7f5dd05a3f2bba4cab1cf473d02648d4f8acce91ef167e3ac00c1c9324ca074486
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32372,6 +32503,7 @@ Nonce.14 = e41f19a969494a2293ad0542
+ PersonalisationString.14 = f67bda6553b5e4b89e309cb48a336b78460aff498846c2e9
+ Output.14 = 44d544ac910b7668ba9c5524e388957520fdbf11383808a5a8008d119aff7e1e2bbe63b4cbff19455f20f3dc79ab0a83dcf0e403728f2a2b2a9f3b98930d9f285641da3b6b9a9467b2701ce1ecac82bad8214bb618c40999f5023dc2d97dc1a53a0296d44f6fc9d49db00959c89e9f5e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32467,6 +32599,7 @@ AdditionalInputA.14 = 6a7418d4ffc40e11859f33189d5a8327042ec268b004ade8
+ AdditionalInputB.14 = 97beb8c47434a23efe536287d776edda7ed7cae84c0c7e35
+ Output.14 = 1fe94acb5f5cb7e4a8edf5be61673bdc066288538dbd0ac29ce2d43f7b890028e48131e6b3a7cfbb42772b63f2fac8c0472418653ee2ebcdfa5ec08683e7d4a9cb2c67cf7e22c2ddc779c6d9971b29347e6688113294c902a5d62c1fc35595e091cb10e5a895d7c3697056659ae457d1
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32517,6 +32650,7 @@ Entropy.14 = a71c303bf17e128c8e0aa07fb61ccc1f40fdb487a955fd95
+ Nonce.14 = d3ca16fb12ae4709d411e5c5
+ Output.14 = 61a51fe1eca4cf947bbf2a77d643e7963ca2c587e0eacc8f7fab3b3f0e166197a4d15184cec4f0858de2773d8becb339bbb18ab2c10c8b246ca66dce48e2a0938fe1ab122b4930d603b937491ddd3d10abac731957f2e1e030eef33f7f311ed782b06697914145e266d0b967914d638a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32597,6 +32731,7 @@ AdditionalInputA.14 = e098f0e076a3f40fd970f5d221944f0040ef4a18d88dbe6c
+ AdditionalInputB.14 = d7eb01dfd7c13fece92d35133c3be71efba145d7353c6d69
+ Output.14 = f03074a219ef31d395451ebc8534e4f2cd2dbfebbd9257507979ecec79a5f76359f2d6b4653b31704ae5a49f884db91ac335ddc6d11768cac7850734e76734b63b71ff12f3f8d42cd404009e7f4b66bc0a639a9354ebd754c17f3cc65704e698d9bc0640919c386e96760f3c36d8789e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32662,6 +32797,7 @@ Nonce.14 = 838d1c69d8408cf0134f54e1
+ PersonalisationString.14 = f08a964b386eeadc4bbe57164d3b3a0c7c0068c49c9bc5ad
+ Output.14 = d8af077476875fca2ef9f04013976c3c278d30592361b923bab2f7e3c8af4affac5408c390b4989da254eeb97ccdabf32f5e246739d0e532a6ea317e7dda02bae5051ca97a445f5e0696a041e5f9f2c077b26e575d749cae344859864aa00f262c1c41b2964b78f72f9cb98abce103f9
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32757,6 +32893,7 @@ AdditionalInputA.14 = fa0823db6808a3de1a7dcc081c01cca840f68b005d473bfe
+ AdditionalInputB.14 = d3054fa2bdec7c63dc009ecccf25c1116380ac25f82a9085
+ Output.14 = 556e90c95c1abcdde027fb2b88cf191f0686830ecf3fbf89de51c9bd735726131472a17f307263d57c03bd5ecd9ceba6cd5759b06594bf901418e2421fcef4b72678614079cdf4d25fa0b74985380552d2bbf478290445066e3f4a40a2e2b0792a685b769ffdb27721b1faa484e9c783
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32807,6 +32944,7 @@ Entropy.14 = 2a55ddbf673f4e12538e61cd2bfda6f0316277661f553c38
+ Nonce.14 = a0c71049f5c75c23cc11c7ca
+ Output.14 = a88e6cc37617929bee1e14f74ee363d1e05fee618fc1eb1f8abaff42c571048032c84ef0ec7a6d8ad7e6c5a4a6e90d714d76643eca063287929032fe75a2b63fb1f83ab36a7fa12a12d7332459bba56b017654bc0fc29beae1897863a63276208f9d11a32780a627135b271efda4f4f0
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32887,6 +33025,7 @@ AdditionalInputA.14 = 65e70309f7386d1a0aaa53da65263d5263bc5eaff0d5f3d8
+ AdditionalInputB.14 = abb8cd0ce0560309d2424d2f3fdce7af085e6c14699b4799
+ Output.14 = 8188a498ef9e0fd52a77c3a44f1c7edccf9248590aebc52cb9ba7b5cddffe867b26309f032a78c0ab751741fdd9bd77d4bd17be90dd045f6f8b45826c9900028f68138cf1ca8e18b253b8eb73ae04f2e156d51a792abdc6524e4f45e4ed0b06ab3b0c94bc5e1ed58f917c17f72161d31
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -32952,6 +33091,7 @@ Nonce.14 = 1ffb77244697c3d67a564d06
+ PersonalisationString.14 = 62865bf0f5af2146440d74e5ac8787cbedc544de16db24f1
+ Output.14 = 1a74f62cc6bb05ff956d1af526926b937a84352830a78c7ecd2ad9c39a796f29f640d188ded8bda0e66ba81c941fed5e82f3c78543d9fca14335459ad9d573362f6b5d69861cb94c0bb055723ba5416b1fe08e74f27f23cdec9db05b50b01a20f0337cafec896f5f7412e1dbe7307e0c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -33047,6 +33187,7 @@ AdditionalInputA.14 = 1a6853817be281e26796430dc90f014f6fde64cbef16e58d
+ AdditionalInputB.14 = bdfa703974a758cd4eb00661e0f4663f4e574cc7be6906e9
+ Output.14 = 23c9f591ec9abea9f9eb89ab8d705a1e570fd2888772db5d6fc6e418a34e32d78fe49be8d4d8288fa397b57afd49c07b715e276c68a2eb8f3e63f67de21d8ad23fbbdcfa03b201952fae49928ce4da66cb70638398bfdba4db7635c8c726a3cdac22c98ae776e881edd60b69f0b38e4c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -33097,6 +33238,7 @@ Entropy.14 = 7c8a961f01c1888456ae6042caf338c3ab8b5be28b34d15b
+ Nonce.14 = 61edc22b49e518eaa9e4e04d
+ Output.14 = 9d2eb0a41f7b03ccae8e4e3c61628e6710f5999f3991f04ba90fb3007275d07ff169d325ab26f3446e585c2d454ff8f6cd4a520190afbc06f30ec9b49668b09de45a116b171c210f5f888cf3c273c803044b17a16b06b44bc39344f2b2acb2f21f4b0a7abafec8c8d406d26477db9b7b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -33177,6 +33319,7 @@ AdditionalInputA.14 = 71b5b9e9b813b5f69e8fa9fa7f588217268581b7d135fd7b
+ AdditionalInputB.14 = e5b06d8f12539d36c665cf129c1c42e3b7e88edce1650870
+ Output.14 = 64595391a02ff750b46418274b8366bbca0e9c52c95bbdfa65882b76395887a018faa276f3fd6c8dbccdb964755e36508897cdac977037d0978f2752d1dc68bde3ba1edc94787c1c8cfe42c2347052da30ba7f1e06b44c10805196e7bb048cf572fda62b4a28fc189702b1e575b008ef
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -33242,6 +33385,7 @@ Nonce.14 = a16783ada78fa029ca3fe31b
+ PersonalisationString.14 = b20dae78f254b07fe3eeb7c793334f3f432930353fe7f221
+ Output.14 = 081803927779c7b2039681db542c965fe48dc3cfde712a361e77da9aaf9f21cf38e18b4e8e5ae5a365910ada327b05630abe87858163713fd8c2988975eca44ee3725370f1c68117e58c2164605524102f22f3ea55f21f7e8fccd9861c59973d71c0aaca574480be6ec8e1fb9a163680
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -34497,6 +34641,7 @@ AdditionalInputA.14 = 228522e58e65d50dfd176e8ff1749faa70fc2c82eda25b0748ddc5d41f
+ AdditionalInputB.14 = 7af60c47b4cd146a39887c9b812a1dd814d74c398609bbbfb57e73da9caff57a
+ Output.14 = 9528c88f0aea3fc03bb8a9061e159a06d78a2a654408808aa4d0e73ab1a51e5aa85e8bcae72d34784ff6f513193e183d556ddac5675314f2b5cfe392d1526056afe32d7c03e09ba2bdf3b10e228b0f600a61cccd9e7bf14dccf13b16a838e60909785307e6905d510d9888eaab169fa601558fc952aa8559d270ecd386d7fbd7
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -34547,6 +34692,7 @@ Entropy.14 = c0509068d88167921812103b67e734698d68718ecf42cd99e0f55836c162d450
+ Nonce.14 = 71a50d2db258ea35ba69b5716bf68a14
+ Output.14 = f66c05713ebe804b4273103997d260adbe8a7d0f6b2bb862b867ca59874ab9e0898102664af2a8db24a7ccb4637269ac67d5e834941303acab9076ebfa04cef64f73480afb6808f11e6ab1a9deae514f5db1c90c59ce988cc1d04012640a40173362de2689f88647268c665ca44f57534c9ad9b8316b9cd1d5a14942e94e90607acf6ad37a2398979e56e9c227c1803f90844d6140f10d0baf20dd789d808a647b4df54d2136d967461383dd4db9dc154dd89cd282a2766dd6086bf3825d095c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -34627,6 +34773,7 @@ AdditionalInputA.14 = 25d2ad9eecd3bb8bb60769942abd16edf0ba777f2541a4b0e80fdd70fc
+ AdditionalInputB.14 = 608c5789b5a2a6c11c7df095be8c81968c0bdbc6296026ab65195bdc5a297366
+ Output.14 = e1c600294a86393b7067b6e77ca83e68d28a6b76f6f81007183be65a50fd2f1adf6eec5a64cc753c5bd0ebc12387bde8c6ec10e6ec7e603f09d4ae624cc5423b5bd53da4f0af064e14a7d176369f1726fdcf6468ee15ffd7db3be48d196601506c71e2f443a768e03ebc35245d254bb87a392508ab07c95bce84ba81058ca1545289c9d8142aa0858c9cd5ba54ee2bb75cebb5b74e0d099ee458752d11ed70122aed1254609a715ddf2720798c9194ae4a7424e2c518ce7a8277ec79da86263a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -34692,6 +34839,7 @@ Nonce.14 = aadd62dbd7b34bf2021ea74a2788b17b
+ PersonalisationString.14 = cc3308e380672a955620fba59999ec4fcabf1b7f63089a124cc1f65d58b691e3
+ Output.14 = 6c39f49bb51765dbae1de8325e7a6f8f8aec031dbdd94b83d5c4e062848eb4e01e3912784f817ee16f9c2dd0129eacd3f7b8d5bb4cf9a4a2ef823b0505c2ac8e4a1ec30812e98564aebaec14ff710a77c1904ab1fa3fef3c3d09f2d55b047a8db860322fab6d939093385838ec6d11667ca843f69268ba1fb7edc462fcc285adc9b4b97f0f717c28ac1b6f371d90baa86e8728051dfe9b68f15dd31a6da35194253545a5d667df6a1322f6b73ba661c7407608fa42e1b894bd1b6e7641749977
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -34787,6 +34935,7 @@ AdditionalInputA.14 = 0d81d8c5af9885d1b30d2174429bcc6979bdb2b82e6fd3ccdfe93f36fa
+ AdditionalInputB.14 = c63866629ed771e53d2fe2d5c21e98ebde295c3fc3896fb67279427c61a89eb7
+ Output.14 = b369b226dd535dbdab45ff8f13735214f9abe6d11463a44804b838d2932112ce6799341505b7b5bab423a3794c37f383b06be1fe21f5c7da97b333a41fb67908dbeeb2450a3581ef71870c964c976f039ee856fa507e9de948c4c097a64070b23cfa09ab7506a8ec4fc38a38ce21fbee3f3c1ef3ab598f5da202f35b90f422af31688402509c38ac25359409d2b61958390d28ca2d8b5dea99ae26c90978f01d7a482c12e134a81de0bf6c9f39e32a8b597ec7b7a05a805ebc7ce260c381f189
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -34837,6 +34986,7 @@ Entropy.14 = 5b50064163ae6238f462461472ad2ac9acc300316e140abd9cd6edb87b8ffa09
+ Nonce.14 = 581d145675384210801d9c75d4d19624
+ Output.14 = de0ace4f4a728c681a0b326298142fe79cbff2ce5230e6c1ca3e2808692d02e4845867763cb9e93acb983aa54659be6f9baf210048baf7ea4f062bd7e3d9a6d5e7dccf427422b9dd93d392ffc810dfe185bbee253c3208e22a83c9804501321c6cc0357d22859487a3eaba53444f4027843699d5a78214c431ea741bba73bd29550925443cfa5f494372bd0e482e3ab4eace1b60187b6db588c0d252c8da3e0d6dd3e475040817ca2c85b1149d8447a52c111f05d7c14a0f6b7b6ea4f60aed3e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -34917,6 +35067,7 @@ AdditionalInputA.14 = 80bb70930ef2015949b53d787630f5de93d93f98c577ca4632266e1bb1
+ AdditionalInputB.14 = b6afd2c00be2eaed5c1991909e89029db0b04598115fae5118cc215298e0528b
+ Output.14 = c20bd78d9c396fc8fb408361e1dd4827ed3231617a73cd8848e493927207ea23e6efecd4fae36aff74b5235067543c7eb44c290122f9167a0ec4c6a530ecb0936fd683fbd866b73afb712b2f20ccc981b3f70faec4f4fda62e956c7d04cf578b06259b0f3c044e6dc68baf91e6149efa70b2ad2b81c8e14d1a994887193e53bdb5986a23d0412e989c447689a71b283934e50c25e10bdef0b22ce7368840cf761e32aebc07d7b51da16dad4c332926a4cc9853ac8db36b4b01bb36746a28f527
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -34982,6 +35133,7 @@ Nonce.14 = 3432a2e2263728e375ab973bb5842d40
+ PersonalisationString.14 = ccfee35071757d5141f55a481b7c44a584c5e537c636d4d0ba10dc3c88adf6a2
+ Output.14 = 72a77d1c5dea9d00c349d4e5a9e6dff63ef6cb80b7998ef62e7a1fdc2267057d07fafb993e8df868821c6cf76430f3b7ff24a527f7e41fda6d560a773d05bc003f7e1ed5085f6da3785dd999a4763894455febf7618750bad4e30d8f52f3a072af30d57df5afda08ae7cebdcb659e6cdeaff52b47d4dc571e28315ff0e38538baf436e02d157b64afc6d50e6a4c5842aff1e7573888c6ff9beaf4f91aed988f03032388940c4f54afda05bf55ef6fc8c673f01ab545838574f3bd4f22865cfd6
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -35077,6 +35229,7 @@ AdditionalInputA.14 = 0facad642bc0004f946e3fdd149a4c0e52475c9e832c85b228bff6f2a4
+ AdditionalInputB.14 = 19d477a7dd45a0b733e6c301a4fd44ddf65d4fe0a0435b57e319e31de4797427
+ Output.14 = 2a48844f6919ed43a2b0b64a1d28707fd3265b418e0673190b49a606358062c1a54a6071c845adc6ad74193d746668f890423ebb971a63cedae3241005432c8f3fa3fe7f98d5912da34dabcfeb17c03ee8881de7b2ef04fa2147b78532eb0ce7d9244d717697138f116341c7b9e99f15728207f6a73c651b8940582f9f926253420a853ae18132093183a6073e3bc85633b75e1c6cec9323ed4142d0c8ca0dd5ab2ff2e6b304ab8cfe4aa98ac64951d836e074169d375ebeae8498f11bd02c05
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -35127,6 +35280,7 @@ Entropy.14 = 3b6dde5f550d482d30eee2288bff802241ef20ec15696e614b7268f7c574eb1f
+ Nonce.14 = b8d8984703ca7f942951fca97129135a
+ Output.14 = 36d0cce70eb5aaccf9b172fccf68e01eb8ac8b1f2652cdd238f4b070c8f2d9a128418badb38d5d5fabe28b59d15cd432010716fa6a48071114b2168cd29028386171594291118e54fbf5b61ae3fbbf9a21ebe73a4aba482c7cdc5ea1a4f21a0f1b38812cefff9bae78c2b95f417dc0cda010079b637f825dcba059d154f5a53050db773250013a1f051de9f7882433d2054ef2adf9b7b57c67173c06ad16cac6bdf74a10bcc666f7d4a091a78131c5ed76fb733791278b6ee0f55302c4b122a4
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -35207,6 +35361,7 @@ AdditionalInputA.14 = c6a3bc83220c7708eb7fff5787ecba27e48c894e15302e0ee7f4e5f09b
+ AdditionalInputB.14 = 39b854a1c487e24e1ed58916d8012277fafd6e7b6175c4be43927cfac9958404
+ Output.14 = f7d2f39a513f6c4eab993fa440b769ce09a15476e06ceda47969be05f53ec7f8409de284749cdcfac07fe7df66b1b6bd39389401909f3a84538d041e1c038a289869e51bce8bac13a0f786cb091628f0a3a7f7f9a2f620c98889688d46a2a037fbc1b2a4fff40800eaccf98a0bc1452ff1f53f040daa94e17dcd6acef97192c74075d064be5a97205ad97f693257d96c04e78654a694e90b80a5234a25d1c7ceef360d53e768067335097c4aa8f126a31882eff8e55cee05eba4b4325c203f4b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -35272,6 +35427,7 @@ Nonce.14 = a684932ea2337296cc3d150174a47ce0
+ PersonalisationString.14 = b2c0af9038c2ef79ca8263a047bb9293a44ecdb457fb45945996157dcd199cec
+ Output.14 = 316fbc32ecc1dfa778b13921b1d624f9231c0ecca03e17fde750b1e31e76b1c330ea5bd62ca76150f231ac4aa96b06f845db2d03b65cdaba4c160b288a121eb144058f65a751e22151f91b90131e6756356e7f90d880ce754cf965f439189eb8bedf86c58e1fc2751e65637930c42552fdf81acfa1d4515ad49dc532b2a10b2b11209425ed1cf43c991b4a7c49bf6e701990fddc420608d74c3636829e4683c4e77a8151708d82ef8fb81b3655670fd4d242e357831bc091f30e6d139d5e5ba5
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -35367,6 +35523,7 @@ AdditionalInputA.14 = fa32817ad83c85b594976eafab28fe25c45aa74d0ab4750b33dbfd8836
+ AdditionalInputB.14 = 2e5cb3c7c9503e019b3383eb6264d6000160c3c99ee5700e7a92433da1c01f56
+ Output.14 = a7571c1afd3d1dc1d3b28dbab54fe3514a0ec74ccf999376a963a3820474cdd67b190551ad5b24f4376633b4964490f79a94059a55b967f8dbe58eb20d70f1fdac91565bd8daf5223abfa13b132a140acd33e36f29fe1b107f62e6c45a679247b80c0aa050f1c2d3195629baef7422b72fb3cfbb82a2e4dd1966b1cc27b8e6df1907fbd6320f25594e1eff912cd9685755473b908e06fd30c4359258be0580e6bb2f986b0450d53fdbfefc3bf06c0d80648800234100af755acec4f809c39f3e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -35417,6 +35574,7 @@ Entropy.14 = 1e1cde834393e00a2136b8924be5600c8bf59dc2d8a9eeae467ede71ee7b75af
+ Nonce.14 = b6035e96adcb7e8f2e17022e2e4f39ad
+ Output.14 = 9dde9f29034b6e784be24fe600c39b091568afb4c40c8e05b8b7dc36ca74a1bed38ab15643ca8c6da2f5aa4b7a6a5d5c9920cc31129c84e2fc9b865b3f30b698a143189a3f3b692b3e5641499c949e53e3619cb112f42046a18d5d12dfb3c6932a6a829d07deb17b799519b81e961ff293c0b2d24b629fe906166e330135e4ffd00609462f0f9b89a110084945243972486a0e1aedb2eceec02d402696c89abbc950dcaa72d7b0e00ed8e65c3e9eb1af7535de2da728f901650633242b3368c6
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -35497,6 +35655,7 @@ AdditionalInputA.14 = 7112823304b16377182ff9aba920c97ec4d4f23cd472fa9954ded16495
+ AdditionalInputB.14 = ba183a035635d9617bd71b59fccd561f1c78a7589c7fb3fedf41dc2e6d5015c9
+ Output.14 = 94e577e5c4f66be345c6be7038b02fcfb4070d5bf74f8004b59c279cce961dcf5bfdce2f01e007790cf770587a68d0d24ef0fcd1a148fca6920e707289e58b81fa4a58b5a018a358d336a20daef30b2881844838e51c56f11533b25c77b9c6c6bb2c0657350f011b24db6c60a84232dbcd218a816563737585c1ca6152ff13304ca86dff20f9f9596aaa21448f2c6e620eee58f69338e3b675d29b478f34f0e60dfe7f12f02e6181d19185f7dc945210d86d31e85eae03161e947fec0f0fc91d
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -35562,6 +35721,7 @@ Nonce.14 = 67f50628067bc401648926d7567711cb
+ PersonalisationString.14 = 5f8cb19e3c86b179ffb8812db791e8bbe6b0caff958715dd9e3368a2d48f65d7
+ Output.14 = f178a20d27725759c839e7fabb63bd101c3352f582524ff088ccaf6f0546ecbd3d5165f1e3cacbb49ede115b8f6c8db3aa9720692efda124138d29eac17637b84977384fb88e81289ed5ec960e6e98fdc71d03ef0bbc05ac7682acdc62888b49fdbb442080687f902b5a313ac88d364b13871b20f684cf1acbfa229fa203607a0a37b4e1685d13a508da9f48dcd83f26751a2284044f93e18b2a206a1887d77c4b76e821952b376f19fcf53d83f704e3ec3b5c3cb4c390b213d57dbe4852914b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -36817,6 +36977,7 @@ AdditionalInputA.14 = 2cc9f137fcd8c2d526d70093fe11f90a0a36bc9764a4c5609072e181a2
+ AdditionalInputB.14 = e40361245b91880e308fb777c28bbfaea5982e45fecb7757bb1c9de2df9dc612
+ Output.14 = 66ad048b4d2d003223c64dd9827cc22ed3ec8fcb61209d199619177592e9b89226be30b1930bdd749f30ed09da52abaa2e599afaf91903e7a2b59ffb8fd470e6604485a27c200d375feff621118595a7a3057b7e31eadc0687b1008c3cb2c7435a5704b1a1a6a3487d60fd14793c31486af765ce2ce182de88112445dd5ff11b256cfda07018b95f97edbab4e4c39ca097c42f9dce80cd3f32677f3c224a86b315d02e377dca8f3785e9748ffdbe3fcaa3b0c6bf001b63b57426836358e9b315c6718e0b74fb82b9bf3df700a641ab9411d1b9fba42309a84bef67a14204f3160ed16a5497fe211aa1f5d3ae4b858b6d445f1d094543d0107ce04ef1d1ba33ab
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -36867,6 +37028,7 @@ Entropy.14 = 42623115c0a43edeab391ee8ac84c2b3b1bebba8a6040cd1
+ Nonce.14 = b79f5c377be52381210c1c2c
+ Output.14 = a59dcfa9585b1080cee51ee493fabc22394ccd0949e3a4d4e5b8d60e1137288d20f65e7f1ddc1345869e1af62562d6c11044bb65d11dc0071a04a2cd0eab76718ec9a67d4482acbc82ac27685b98c50064b41e120a35e5ca57ed1bed6963fdd03e26865ddd3217d67cdddbc990c5833c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -36947,6 +37109,7 @@ AdditionalInputA.14 = 450a2109e7d83a3ab2e628ab35af4dce8ce7205de7c5f365
+ AdditionalInputB.14 = 60d0ce5e11413c321535d849da56c3d9bf6222a3d2cf77e9
+ Output.14 = 27397574a1ad91ef6f332c954c0d5802cb9c90926ab05c116586995bd795a2f1b4706487da86282e33d0b44dcb7a58c8c4a2874ed4646a1e963b7d26b62e0a5e0a5bb60ec6e07ea6b7b7fe1194c3ca4371736e595707ca7fb56bc924089e66b137c47f9dde74b5de3687aebc2f5c2a39
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37012,6 +37175,7 @@ Nonce.14 = f2435f70e075f8044d4235cb
+ PersonalisationString.14 = 80fa0ec5a3a1b46cd639ae19c137239ba8113db33984c593
+ Output.14 = e547f6d8cd665204f8ebf6d64ecaa23fcc59c1682eab3190bc76ad4981d68810833f1212965def4868883529c0bae4a2345da6a0e6a7e766d16022c6f371db8ad089d9227e3a85168d080c3ff2bdd604e7f8404a16268bd66d70f5fb164cee60f1af97bdb6e1d72059d7028a13ec83f5
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37107,6 +37271,7 @@ AdditionalInputA.14 = 81356bf7d3122bd65b5d96d2ca68875e1d77b36edb8e92b3
+ AdditionalInputB.14 = 1f185d4aeca1d95ba4c8e7867df64296525e00db7da61e88
+ Output.14 = 8032e92efc35ace508d8a10f36a6e7110cd0b087cf853409e83dbc554633380e9793b7657a23a931e34347fe0ba34c2abdef6a8505e44da62fee97a9543b9e6dd6538726ec2cc6f6d19382562a4a438a2b0756fa66b48628af292e2f53e49edfae3ccc48a95f24c940a90d1abfdd6d0b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37157,6 +37322,7 @@ Entropy.14 = 3879ca720aaebb2a29c99c0aa21d63308b44677f2bbe6056
+ Nonce.14 = 2642dd7030605b3608f4513e
+ Output.14 = b7ddc2d0295a550e44103ffe7e6e1771cd488fa2ea32b091076085284edb870220e02ba6facdf27d8b34209048d0aa4cce4556c074fc7ec2c3691b95aac3f47c3b42bee3c2e35da17b040188d47b7effef8ac471a669f29e6c4b97ff6836cb9fd8954f57309a97e9a697e061010525a1
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37237,6 +37403,7 @@ AdditionalInputA.14 = 13998df6bfa51c2708775384f01cfe8f4755b6fe4b3c2fd8
+ AdditionalInputB.14 = 8d25383b6d04285fb699c644bfc9b7fc72de41c733f35b27
+ Output.14 = 3f408ca372917703ecb3449ea55de7a969a5ba184eee8f30fb19b99ae827c66b13f29d4d3a0236aefdaca63c28bb71595d3dc1fc20f1e7ba1b1c9bdb7c2122bd8e443b00b5339508c315ebbfc9bc3c7bebaaf83312325bae696a576b3c92931eef6b4eab6bd90c140295f47994ec6e34
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37302,6 +37469,7 @@ Nonce.14 = ddb5c0cd2b4b640898c2fd1a
+ PersonalisationString.14 = a096d62f947314691cfb647cc2f331af834cbcdd5918f099
+ Output.14 = dc9175fb05854708739c3da005592ada29d408ed6162dd278ee457bd3304e4f7011355da2302df1d0d190ef846cadaccfa5325d3f71c407ab2434d65d815dafa6ca15f7e701a104225a839f2fa9874ad49bbdbee576b1bc71ace28c825095510890861c851bb79e2e2e922c3ac22fcde
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37397,6 +37565,7 @@ AdditionalInputA.14 = 2bc060710fe3d92760adc274b878de0df82804e840cd098d
+ AdditionalInputB.14 = de879de9c03efe5a68a12da7a06003ffbbea0a9c53f5e0bb
+ Output.14 = 4968c67d2f830b591531d620b6c40de4e9a15dc97c70b8b059023033bea376953cc5fb415d823d55d5b02b17c2ac60a1c8ee7473d25e94888fae15c6a7770b75565fe505a117c734d0c7d0386cff907a893da3a83d45f51bec9d95670374524b4f59e45a04c88d1756ed854fa9f65693
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37447,6 +37616,7 @@ Entropy.14 = 7ce7dd98c93953a8b60d395a68f03b8919931031e8f68bb9
+ Nonce.14 = 1c217188f9c7980b8b03b41b
+ Output.14 = 58884a4316fe8104459bb339a4bac08d95461ad8e58f333eae5ceeecbf2d375e8fbb82eb1d29890ee0c56037bbbac8cd8e202d7ef05ed7126a15064699b9dfd4523782aabc6eaf21f1727d02c1311f5812c4b4294827a75f1cd6e6dcc73ba45ea8fc5f2647dff725f5fd9bc64d7b21ec
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37527,6 +37697,7 @@ AdditionalInputA.14 = e73890b772747a356ee1527501410eb5cddef015a8d6fbd7
+ AdditionalInputB.14 = 9145caf79d0b85bb7874c2dc82d52bcca68225a18de258cb
+ Output.14 = 4ce4c45336ed4bdf4004f326a049c195c26ff11aadde90d7d035ce277a5b158577a7e9971063ee9c0b5063ab1f20c90f619137c2f4713831d18f2237e1a3d522af9a585e5f43f07d911b8b977f6c644784c9c02238b9fcd0f663c8bc1913f783c200b388b4ecf30246c7120adf3db79b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37592,6 +37763,7 @@ Nonce.14 = 2b884a75ff571f92ba1eb965
+ PersonalisationString.14 = 273f3885354c0a8296b0862e19157fbad69578ec121cecbb
+ Output.14 = b60362ddfbb4fc41f4f5ef353fc0fd8f31e139876a3af0e69f9049aca46a5989ee3a1ebb6cf14f525c3d8a944f4e88e030e020ef6551289c93f5c6ca2f6bc495cdf49ac91bb86e4766ccbace5f7aba008390d2b6dfd416d63ebfe07f5d583b8f9916ebb54620953d0b73c136de06f520
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37687,6 +37859,7 @@ AdditionalInputA.14 = 69720682d68b7043c331b889ce6d3d83aa3d33846e9ddc86
+ AdditionalInputB.14 = 350c63e7b01ecff4aa171f157c71f89a55637c2cac0253e8
+ Output.14 = 63fc9293971bc8dc151bcc2df20e4b5c7604138e4df49fed323c9f1cdeade3d5d1c8bc89e507e5da1f38c1f76d968ee45ba53a3da35e693e00afd683817ee7da5cd2b0a657ac6cf95913c859c6b4a15449fe9045a3af03cc198cf10b2deb67c5c3e9cf9a40b8251de19c6cf3114bfe22
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37737,6 +37910,7 @@ Entropy.14 = e03af342db03da30e2b0e5b8ed76c2562194417fbf6be645
+ Nonce.14 = 6a9a5188dabd510894073f76
+ Output.14 = 7963276f1054db251369a0b91d854fabaa3dd5b2343ef4306cf897bf964fc8b885908c4ada163b929a19c948ac89c8480170eb59b9a8d7d2d30ddfd1248e2c1795c69da81fe72d6361d34754f88eeffca2c31859bc8940d6662abe2622fdfcc28a1764355aaf46a2e00e50606af2b6be
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37817,6 +37991,7 @@ AdditionalInputA.14 = 9b6c491387a2394b94bfa8b077cd43bac49117e94afb9616
+ AdditionalInputB.14 = 7c04bea824d8aa7b19facfeb3a676eb51c31d7b92f0ca1ac
+ Output.14 = 332b884c8edcb260c535a218001d421e190d8b9c6b856fbc5a4ab45f92149487f8563138312a42487969370440675f5bc9b21a75d2a8386867fdf861c8650e26af47c5efd81d9fc39cbcd44ab0f4cb10325fed6f5b7ce5d8111ff71e5d78c7d1f53410e5ba492b9f68ca55325ea8b318
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37882,6 +38057,7 @@ Nonce.14 = 9dcc6c4317ff492d0d7dec5b
+ PersonalisationString.14 = 7d30c5a4aa169c6dce156a8eaf000f9be0f8681e3282dbae
+ Output.14 = 550a9ad9e45ba359d463c1e084777bfb2ee25ff791070a87f01adc04cd1a7e9e6ef334e477fb5cadd82381e0add8a39ffc222150f17b8bb0d3b1cd80948c0a5ee09a84ccfff6c9ac33e6831d1a84182edac6bcc25fe357a708f78db9a88daf553914cdf0bc7a9b0527597f73707fec8e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -37977,6 +38153,7 @@ AdditionalInputA.14 = 1b8725447ec539ea4a13c47b323f1d6f435ba7e624dcf5af
+ AdditionalInputB.14 = 86d30af40a7a395764b8b69f2656954c7c3f1c30b2b703b0
+ Output.14 = 2fb2f24b2c38f217232dc22ecc7380b8240b05d2c7bc0e3dfdad268c8c10912a92595d70dd98e7ecdbdc6d7bce6c72cdebd7e121d75de8b6795b660be9096a1f24a97e9c5344c35f04451dbd8d9808c7a84c6fbafab6d060026490d492060f052fbf21a3bfa2a8e4a40db58672ca52ce
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38027,6 +38204,7 @@ Entropy.14 = 9021c403eada5eac222dc48e1437b6de48ca31b9e7e76fc5f60653a3d901308a
+ Nonce.14 = 503b4bbc0ca538983285857a573f6166
+ Output.14 = bca7456257568a178877bca602d331161828a4ed0758d1ec3febcc21717cc4142e5481dc9756c56099cb043130345689156cb96e1664ad007c461ef8b5b0fa7d18508541f528a43fe8c719f3a269ff2821ca655980579dfc2c794da673b8c9234d561b833855efc91b4747ea5135a1a05017543f5780f2cde8b472787173ec50
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38107,6 +38285,7 @@ AdditionalInputA.14 = 439ba9ee252edb11b09fd765266b220077ab641cd7ed42b7cedc96b399
+ AdditionalInputB.14 = 18e1dab1f2af82b8912be6791b003d7b0d66ce76a78cc17b753055b7b48cd2e9
+ Output.14 = 5af9e042af202c9584bb69cb54738c0352ef2c9b9483d6fc8efd525ca38e62f535f2ed5658770e8cc5d53d9f1964b8a55d871c78250851491441c924701a52175410f52b162ebfe3991a72472d8842248402a666d726ea71437fc4a521543a323d501a6942ec4b7fb77ce462face53a2ab9b1b9fcccfe2346adf36027c48293e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38172,6 +38351,7 @@ Nonce.14 = ef68efad369ca5fe791ad438cf9dbbd2
+ PersonalisationString.14 = 012ff5b08fe14fad65ebad5f15d74fd72d8577115e5e91262043e85a13a3043b
+ Output.14 = 1779c05411254dc5ff714eb56332cdf9a378a160bf0a20ca2da9e4c3b4e3c425d2f08dc969bd4924560c8caf9686b27720307af8246e6cef20fcbc00cb1f137b6efe9902f9944c1384bf917675a52b7b816795327afc4896182a78d4664b98196f89c466d5fe1e2a54122035863c8bd61461b2ef9e7b469492ff63364b013dfb
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38267,6 +38447,7 @@ AdditionalInputA.14 = 77d998ddfd7ab7577ca9f51d6cfbec955aaf9f88cbb3ae32db7f7c4609
+ AdditionalInputB.14 = 9ebaa09e7057ad7cfbf02e8f3143ef7b7c1dd6158f641815ecdf8e4a65c17f19
+ Output.14 = 161efdc30cdd124d4d6b3d43798dd79bac70f494c3ebaca111cfa3d9343bdb73ac0def00776486584f932cab74ee12a391cbf4890b10044f7de6c73f973e43837a43b7c47a1a9a36d7e62f9b7ce40064994a610b92d68c6d37aa5d9d92c3d858770ffb8fbd87324b49101bade3f2014bcae7deffc1e4f6a1a91ddfe7e6aa33cd
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38317,6 +38498,7 @@ Entropy.14 = 0653c409e957302f6eb62bbc4f42b30942ff7860e7c38dfb2fd26b164e83a713
+ Nonce.14 = 273f7eab3dc9bf11216d5216bd12478d
+ Output.14 = 51dfe9851da8d7d5add3dae413d8bab8bc7d1fcecea00795ffadce047d5243ae36f29f3611fb8cb66e98717a98735384aa6a310696356cb48f4672b2ddccf86eb44777c1616338792629b6cc6ec2b66dbacc1a6b66bd9364914f1f43277f6f43e13145fcdb73a4aca6b784f9084d22c967033651da610e9a85b1eb7513683dc9
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38397,6 +38579,7 @@ AdditionalInputA.14 = ca73cf447f2fc3984a9de0290fd9a984a8460ac715cddd9e8ed99aafd6
+ AdditionalInputB.14 = 21dd9cb8e146954a9745fabe039f6f52ba8200f575e9bbe19c703b8864f34e93
+ Output.14 = f1b153ae274a380c28668f1ee2c8c3a91f5380d41bd611d974e4e419a37debe664d0b706722184fd3e805f2ff05554bde7219023d1f62a52970aedf4d77e7b4604cac2a804e7b9353c087752f7f185991b10910724d0fd06dc6526d6102c8d0ee8c32f6692c2786d3b715bf3860539689e3f415855ddc37bbb6750972f3a45ca
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38462,6 +38645,7 @@ Nonce.14 = 10818cc50b58ccb660d65ff705041a37
+ PersonalisationString.14 = 2756a89e79266d6d86bbd865708321f529b023d0cb5ee5d9888c37db33dd5164
+ Output.14 = 7b3d778ee1623b08875305d5761ce2cf44ef1bab87c7d0f29c862c40d3da31240e7450d827909b6b131a9b0e9ad68d5c02caebf4f3b0b7d7ac1cc58e353ba68e7ac9eefc3de1310cf9bf5f4b854ef3fc36e940d4fc50072845a83c38a7d4372c191b900d11d11a907a50607c348951ccfeba4efc30377e4a965056e4e84eeb02
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38557,6 +38741,7 @@ AdditionalInputA.14 = 764b81871036cf65802c4e9659e25b8039be84bad1b121b536d2ffc269
+ AdditionalInputB.14 = 28d46df3c254e5cc199e14b45bb1e2f85a5da03f49dd76b5a16b76723d5b9855
+ Output.14 = 94e1fa76f879eb9840cd50853565f43cd7b0545705bd9a35494668bef7d7e7085b48a455b38fcf10f145f28a599c58e2f88c2855f2437a17d7333d243a1c25b76bebc6a94f7abc3fabe4c78041d9b3eaf675c11970b14cfc6ff20c8b23852b2733ef8d8416a920617a9b271beeabdb0462e5d23fd68b56f58e3554e81493c5a5
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38607,6 +38792,7 @@ Entropy.14 = 3bb1f6cabc56a02643eb767cc6e5bb3a5bd765555e4e27159ec905012f58de22
+ Nonce.14 = cc37cc9b20a2e4de0bdf8ccc3261eb90
+ Output.14 = 28f20b9a94340aaa6ca98174b5929ce3329d81bebd67faf5e30d12f775748c34c848bcda26cac8b4a9b34c7c92c9984a6f5a85269583358e985c2b372a887f9e3f0f3920dd512def27d818522ed1a49e96d00a5aeb41bafd152144a8b6f93426e73d6e8ef7a8a5381bc464b24061080af02aac51fdc52f404e1349b7d04daef8
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38687,6 +38873,7 @@ AdditionalInputA.14 = 2be009fb81ff22c5c2e15c988cdac8f21a6f17a4277fb1df773bbbcc39
+ AdditionalInputB.14 = 0c869f061049dbaea48af93272c5b321977659a79f8bf0a5c6d68b982ef44b88
+ Output.14 = cd9e8213591ed7e30743ba0dbae5f08a4021845d961040c5188093d518c3135048ea8ff052fd66fa83bf98c06d39c6cb522dbc938b6824f51488197159666369e7a9444e04b7ce5832bd6db1b3cebf8c0f7bf865bfc3cf60d2a2c0ef06abf7737590fba097c29fed234369cf9f064b142ca30e3941093904945021372c20d90e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38752,6 +38939,7 @@ Nonce.14 = 704e8e29c7aac1d8cbe97bd7305f8cb3
+ PersonalisationString.14 = 631c5d0240b8d9800211ee6c97a5ae77405a354ac25705f22d405e17a52109cb
+ Output.14 = 9ee855e661d4293fdd7353492c711b39625ead90849ae5808b1f67c55cabe17ae13f0f18c0954341d6a2d24b899785642c0b29bb1b81fe098a17f8701e8820cacf6c00a8dab2e96e7f8593e188aae48385ede7bb5ed5ffa3f19053663383d666d38eea377d121e0b55ee58ee8fbf1e49c42a4d3d48fb0c9247c6b94c6539f4cf
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38847,6 +39035,7 @@ AdditionalInputA.14 = cf6884bb4cf7c08ea954cc2d2389eaaaaaa3bf9ab1dd74372c20bb3e12
+ AdditionalInputB.14 = 2b30cc597b280e704632ed1cd2bbbbba7a9953deaa809848eb937b6b1a44b91f
+ Output.14 = 4de8e3c529bda0753a9ba237633be4c844308c233d6e58995c339cc006c7d4789b5f1a6314637b9749621fae3982c5a748d58c080e12118d4442bb55732da53daeca71d3d033b10a2a807848babb822a346524b4a41e9d85941730b21c0e80a9871c9d9aab0e6d0269258b57fcbf7d703794bd2e5f3d7b3da9d3cf2dc2073653
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38897,6 +39086,7 @@ Entropy.14 = 043872fa9f0c4d97e2c6824b778a4fb0debae214d3358a5aa01c0092c9dab6a1
+ Nonce.14 = 0fc8d529a37083c2efe84aba8c8abbc0
+ Output.14 = 22e8eb6b4d11657a66cba93f89b519bcce87a9bfa5ee22cd3cfef6180cb8ca842e8d408257b8140fabbf1dd65085ae62fb8b1d2a679dc0bb0a82ecd3b8bbc05782a20a6345554a1f5467e9811e0fce41a786c805ce2882f8b4d972b9a37eedbf828a381d34bab95efc47233846f8b5c701563033253323eda41effad5fe37d3a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -38977,6 +39167,7 @@ AdditionalInputA.14 = 585a4b6736338ba663522b438ab9255782c39b36e6b253186e821ae969
+ AdditionalInputB.14 = 2581ca0314c9a224b09c0c2e677e1df1c215cae0760d3ba03d1053156e9c3155
+ Output.14 = e244109b937e9a71caa70d627ec8280210c86676b4ea842c6a4569e5da0b25c1ab3794ade3344e2185641c77df4d3011962e8312aa7c2013e4373204d861e27e88ede82873d5d45ae5700ddf0ae7d523e96df236a249ffc6e009e231b77d64f07f395e57b19a4d2961a6046c910d0b8ac3d882129ec3e337be4cf2d9ef041a8f
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -39042,6 +39233,7 @@ Nonce.14 = b2328815495d926dc8ff075d5834bc20
+ PersonalisationString.14 = 4c539b94823c6c7883b071ac395203bfb5117b6f9d5db7cf4063132e6a2a3cb8
+ Output.14 = 4f6035946d4305290485c7aea10bbceb99b841770dbf5529e31ad51b0ce138344ac0b193a5074234adab8887a51d9448a2cc637a543372ed93885975b8de342c6a12a1ca8f3d053ced1dd2c7d6a3fabf6ea7860071c035f0fd54ee5775ae3a5d457d4af9e034ed337d79e9fd52c2ad051388dda50aa78d37403f33d52d30f6be
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -40299,6 +40491,7 @@ AdditionalInputA.14 = c9a1481cd25c537ba57750d594afd25f
+ AdditionalInputB.14 = 51e29804f9d079f3074ec398320b2a70
+ Output.14 = cb3cd4510de88f8081d8989c2679f76387b7d2cda286b75d659a3ab7c3b2ac77ea00366e7531c1c9f4f8e60c845c5d2a5e05fc999621d011deac3f28cb447a37c2ee815f7f5be3a571d153475d6497a3
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -40349,6 +40542,7 @@ Entropy.14 = 71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bc
+ Nonce.14 = f49cb642b3d915cf03b90e65
+ Output.14 = 144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -40429,6 +40623,7 @@ AdditionalInputA.14 = 03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1
+ AdditionalInputB.14 = 5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6
+ Output.14 = 72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -40494,6 +40689,7 @@ Nonce.14 = e8c5220ae48b0ca1412e9c74
+ PersonalisationString.14 = a0a1d6d3887f7ff9f13c85d6ae5af2c840fd85989b7e50b3
+ Output.14 = 14f629aee43f71b61d467ccc37de8eb6110ccdc65fff57ddd2e66707bb768e5de5df5467ccd55002815d306adc7b7d6b5d87c20d2922bf5fd3790282608457b69720be7d7affcdfecd173a741c7fc99f5f30f981b1bc102977a61f1515b923ba53cd87a37faaac12e0af613ba0972a0c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -40589,6 +40785,7 @@ AdditionalInputA.14 = 875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe
+ AdditionalInputB.14 = 4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595
+ Output.14 = 90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -40639,6 +40836,7 @@ Entropy.14 = 30efbec33ef98a928e9441af3caabb34cdad892669e88130
+ Nonce.14 = f77b7e0fcca6f8733e0bb0cc
+ Output.14 = 85f5368cb9f44474af6c4a159477c5cdd05eb0c0a37847bbb07e9a9c8f633ef2c3727d017f1bbfa89dba056062202f5824b3a493ab53a2a5fcf796d944577f1393d35f2a284453b2cbd8eaf35b9bae7b87c156cdf9cd0a2fc94ddb0d4842e3ab4b6c97089cac0e32bdeb32dd8233fd6e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -40719,6 +40917,7 @@ AdditionalInputA.14 = 5c15fa9dc77d6fec5f7a4a3e4a315c05de2b5e46efe54934
+ AdditionalInputB.14 = fb65ede490ee01a1c100ad5e23a20f91b45adf1ddc15c590
+ Output.14 = 98cb3191831dc79334e8e37d5246600f822aaa40964b91f345b9df90929db1b7bdea96dae9aeb88d05fade5ae6c29aa8eeec7fdc96e654c5ea41ea01e3104ca4d287bb03005feab0bd1f85e556bb6bc46a2227b14fd94f9e6cfd0341cfce951851feb967968d6cc818f364345b715bbf
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -40784,6 +40983,7 @@ Nonce.14 = 46f8ee037b927ec766de0aba
+ PersonalisationString.14 = e6299e0eb5826e498d873ac02892f01e02f6632101fcc090
+ Output.14 = d86bfd8f9d80eda3bd43850ea6edab2ba4f69ac8eea623fd6bbd5c0c920620f8cc136b0170f0310a156271981a9cf7629e1b8f0759de1e99e20a0930ce3bb7dd2d88bc9172a56108cdd736dc529a6b99862bed7d543bdceeebf450020762652d520105f5c5cc3c9a6ebb64af2a7e82b0
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -40879,6 +41079,7 @@ AdditionalInputA.14 = 82f895626afb606f335f5f050f0fdf3b45275e0b451774f2
+ AdditionalInputB.14 = d423d43240cb6461402a7755f247573f24fab496e00b2e5d
+ Output.14 = b32c753900d4a0a0650d35d0fc918b3aa5f253d4381598ed475147f32c8b002bc08678e45bed1b9b519cb9729972886f85e581c75d3c2c9fd6ced929be29aa3befcd1d3fabefec590ca55612c1a0409446a01398d0e4775a548d118a32f29b0dc29530329d2a7656e5d3ef66db2b9726
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -40929,6 +41130,7 @@ Entropy.14 = c617061099a17392c3092d27728b35e59eb45814e9df9fa5
+ Nonce.14 = e1634c0d96cf91c53b063450
+ Output.14 = f08234ed8621f1f551cf49ea60140313a71341f6886c484a06e74e64aba6f8ffc2cf1edd34cd93e836ab033fb0893e52e01da9b3104fe49584a45447c136222b1c1f1d3cf406a80ed9d782d2ae277790eefc5c06f954e654f7f283ddea79d2160cca1f63d0ad00eae9e882de34ba4083
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -41009,6 +41211,7 @@ AdditionalInputA.14 = 857ce19dd6e8a45be185875f1a98911062045553e8d28ac2
+ AdditionalInputB.14 = b5f1998f0fa38145edb86ae4d569ef4dc2e0aac0a815d3b1
+ Output.14 = 8f0d978b24bae2a0665beaddfa61e8896ed7976432bc4f7c444699e30b8da1ecbab8990bab9d0d72ef6f6b0b27ede12dc171a43a14092d57e3999cee71b1356da5f29b17fec227ca2a4887bd990fa33e1e01c8a9f900ffbeb300cc5ce9d7d2e25a44fafc07e34acd61d425e0d36fb0f4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -41074,6 +41277,7 @@ Nonce.14 = fc382061e29c4047c6f05dde
+ PersonalisationString.14 = 9b2eaa4c2a229cd2bc5de218aff95f6e5fbc7ef150bdb50a
+ Output.14 = ad49119d6b4f25ba34050920fc503d3d0d331ac2535d916a58d781317fcc2b1117618e9105ce192651ea9e19fa6756975d207c662f2b464416d849cb67b9af52abeb84f80863943af99c7916e78317a091ba90714ec8620f661b41d648c15c06e822329cd7f145446c5c3630a4243281
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -41169,6 +41373,7 @@ AdditionalInputA.14 = c9aac7bd9f15385facc344dedcfa754bc9f4f30277a3555a
+ AdditionalInputB.14 = 42de701acf5622b30e7672bf7115043a9912c1758c1b316f
+ Output.14 = 972ccd5aa60966bac39aa9c891c7c513244efbfe3446fde6806cee991851f1e4b3d4a4a0c04b57242deb4f53d27040879562fc5b32621b46a642f3c84063c5195faf9b78ed92145821ae554d58325b03d60e11461adaa8ac87876559e1cbe47f7b5c33a8311294b0e54a44c97d4d2c9d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -41219,6 +41424,7 @@ Entropy.14 = 47f141d1d0142d53c10628d2d1dd77aafc11ffe45f29b126
+ Nonce.14 = a1e958e036afd40059ce9639
+ Output.14 = 2096935329ffd975154c38a2c22e30ef12b7acbacd39868032d6eb31a596e617fc7e05026b3dae231f256ea94dd4ea4f05734eaa7916be6f846b0304ff0de389f3390e51641103e7dedee99e56d9455c80a7e10edfd2147a50b3864b05443a1646fccde2197af1d1d72ae3c2d4594218
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -41299,6 +41505,7 @@ AdditionalInputA.14 = 49a758a4e0a8ce69aa2e5f9b7940c6fbcbfc4fdc91165e4d
+ AdditionalInputB.14 = 9c8ebc02c3d92d33112a15747b6367b8d6db3447cb9be2af
+ Output.14 = 70cf10825dab6c1abcc1532a1b2bccd96f0638d02eedb40a7ebf97093f5d0295b6bc74d9e48290ab39260d684effcb401427a4ca62b971e5a31f06c14a9f8e3851c3e79dfe129ecf8a8e185ee58667e2b692474a0d5f0a39f9d794adf1cd71c1266563dde24dc944661acbf849fe69fa
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -41364,6 +41571,7 @@ Nonce.14 = 82dfae196513724ae269204e
+ PersonalisationString.14 = 6e01d897ae919812b8408f82edffcfed8db6df2e2cbebd95
+ Output.14 = 6e9bebf2e54d8da4e8ede97ce463239245ff1b021acf4441312ddba96d1f3d750bf2b9583a8aee76e2ee36a56d8e2fd4e11377d15ba3ad0876fd467c375a744240de0a7b38974e0e7b27c3917ce4e22f2bc78861f6f8b1fb42edbb1b0cb869fe5169527064cf2f38c0154082af5457bd
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 0
+@@ -42619,6 +42827,7 @@ AdditionalInputA.14 = 9ba9285889d50c27bdeb4a830a5b3120931a53980b30643557444718cb
+ AdditionalInputB.14 = 0f8716df331067b8ccf0e5b90ff79dd0f962acc69fc5f89c593bbb84e3501ae2
+ Output.14 = 9d2c0053a0fd3f9be1fe33db214f6f2d54aca573e0642bd269f1b1ca23c42a1e85c73449830673cca14feab4d2686814edbd90c325e0fbcd5a2d7ca75334dbb113a13a0bb4e838f6724c74dddfca8c2bfb903c362d3ea82acd60d01749f6dc01fcd6708009a58ee9cc57a0d089095efae66aaea68ac247cf6aa8808d1038a109
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -42669,6 +42878,7 @@ Entropy.14 = fd54cf77ed35022a3fd0dec88e58a207c8c069250066481388f12841d38ad985
+ Nonce.14 = 91f9c02a1d205cdbcdf4d93054fde5f5
+ Output.14 = f6d5bf594f44a1c7c9954ae498fe993f67f4e67ef4e349509719b7fd597311f2c123889203d90f147a242cfa863c691dc74cfe7027de25860c67d8ecd06bcd22dfec34f6b6c838e5aab34d89624378fb5598b9f30add2e10bdc439dcb1535878cec90a7cf7251675ccfb9ee37932b1a07cd9b523c07eff45a5e14d888be830c5ab06dcd5032278bf9627ff20dbec322e84038bac3b46229425e954283c4e061383ffe9b0558c59b1ece2a167a4ee27dd59afeeb16b38fbdb3c415f34b1c83a75
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -42749,6 +42959,7 @@ AdditionalInputA.14 = 809639f48ebf6756a530e1b6aad2036082b07b13ed3c13e80dc2b6ea56
+ AdditionalInputB.14 = 3395902e0004e584123bb6926f89954a5d03cc13c3c3e3b70fd0cbe975c339a7
+ Output.14 = 4a5a29bf725c8240ae6558641a6b8f2e584db031ef158124c4d1041fe56988fdaee91ca13925fee6d5e5748b26cc0275d45ef35abb56ad12e65aa6fe1d28a198f5aa7938fca4794c1a35f9a60a37c7360baf860efd20398c72a36b3c4805c67a185e2f099f034b80d04008c54d6a6e7ec727b1cace12e0119c171a02515ab18ea3d0a3463622dd88027b40567be96e5c301469b47d83f5a2056d1dc9341e0de101d6d5f1b78c61cc4a6bfd6f9184ebde7a97ccf53d393f26fd2afcae5ebedb7e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -42814,6 +43025,7 @@ Nonce.14 = afafaf2ad7e6449308e176be01edbc59
+ PersonalisationString.14 = ddb4ced192f52bdfa17aa82391f57142ac50e77f428fa191e298c23899611aad
+ Output.14 = b978826b890ce8a264bf1ad1c486aaf5a80aa407428c0201dd047fa1b26e9ea9ff25a9149215b04c2f32b65e007e0059a8efe11481926925061c748678835c0066f596352123f0b883e0c6ab027da2486244da5e6033953af9e41eec02f15bebdb4e1215d964905e67c9e3945ec8177b8c4869efc70a165719b8e1f153c41744d44d3c56a15822d522e69bd277c0c0435fa93e5e1bc49bc9d02aee058a01a04580a6cad821e9f85cf764fc70dfae494cbfa924eab0eff7842e3541bc29156f6b
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -42909,6 +43121,7 @@ AdditionalInputA.14 = 9574ca51f21865c2fb0efc75cc9d90ec5e9c43104979cd64d00ea5544e
+ AdditionalInputB.14 = c0df840a18d7584b62c70b2f057bf824168edb673cb517cd9dac89a0fc80c9b4
+ Output.14 = b31e50202f883a8563cf129a0d5f8a33abad79d8ec8a97167ed7fca778e5892480617cdf50b5e51547f7ec1bede35020a311572c61e33e9c82968e8f69586daea3dc19063bea56503f8ca482918d229949acd6f1c52cccdc5f7f4cd43602a72a5375f3aabfd2834ee0494823beada2daeccbed8d46984d1756fe2207ca92186b506115f6de7d840c0b3b658e4d422dbf07210f620c71545f74cdf39ff82de2b0b6b53fbfa0cf58014038184d34fc9617b71ccd22031b27a8fc5c7b338eeaf0fc
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -42959,6 +43172,7 @@ Entropy.14 = 5f28c73baaabbc09e8260df3b3577c21f2f02be057bf49d2e73098ed5ff67f89
+ Nonce.14 = 8c2f85b546903d8d4c10fe4549c3f673
+ Output.14 = 1563c678f1b072813888970996af33c2a6b70b8dfd2e146c46df0616509382062fc9c72d223ebd555f4d8892aafd7b3b61619559fe3d3e7b5e83c07f422eeac912ca7d8858a2d25b966a8b34348b8ebcf44a4651edb9cf5a886e383b01423322ab3002edc8c936aef869d7638f38ca6688c308d2a17fea0ded21901d8e9f1ff8508762cb1dc7e700970938a0ece74c1c2d1801230ea785165d62a7ab0d6d59caf36b30be8e2e1f691210373b7a2866e32ba4b49b6a2f9cc9b80aa1340ef5c76f
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43039,6 +43253,7 @@ AdditionalInputA.14 = b5d9cb4b3709adf297462f1aa8875c9f84bc39e323b8fe1c0df269344e
+ AdditionalInputB.14 = 5e47728cc468e0d2c6b6a90a20f83a9f0565716af54844552988f1d8c3a83eb7
+ Output.14 = 548c3496135ecfa1119098ea2d862d421af024a844c37a02142e2545e4ff1038f4b73c7f6b7d0fba8f92f292cf5ca8fd57dbe7ce129423e0ddeb1dffe89252dd6b50495c88f350bb77e08c8be409064f7e9cb751aeb779eae30b7c471dc41365f128d22474a7e90a9953e948642001f8e6ba8f91d250d8b4c6407892cd96b12e5d94e4d7608e6c11604357436c8d1cc07a21aeb58d396f413a31f72af1ac06864ba68c04e0c25971c1315f5a8c5c04fe252105fc822452d0cf66f86af13d613e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43104,6 +43319,7 @@ Nonce.14 = d28f752f6e466e3fd9595fd380fa14b6
+ PersonalisationString.14 = 232727310fdaac541b182497e5240dc2623a36b4efa7a912ab3ffaf9939c2336
+ Output.14 = 3bc26201261930bf3dc164d25287e41efb47c07c8c5c0adf3e86613435df202116331cfccd4e07c9ef008c62d4199d937221a17dc97be2043270ecc605d3d48c609cbce3aecba3557dddb304f440250b2c9fd78838483e2d5a2b22015b97869b891f9e42afe21df5fbb8dfc9061468c70c63a14b6dcad9ccdeced41d021dc0ff47821415e8793d34377258d9d6629b9e396b9d6b8bb7fc22e03ecfd4890d16912001cb7ed002e33a595052ddf7b991c5607ab93c220b2122783d51a8372a223d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43199,6 +43415,7 @@ AdditionalInputA.14 = 50ceb01860d60ed119f101d5c573b5db00402dbb03885a09e8d326156f
+ AdditionalInputB.14 = 01e09092bc892916c29f7b515823f244d147d4b16976cebd6a76a37ef6e62998
+ Output.14 = 6f1379c44d8131924c9a78286e80ebb34604ad78b531e795cc30c4f0aee422e4052f201ba226bc0c2aa3ec341fcbb5a87e24b91c36be7dda62addba6960df1289372e9677ce030555a9bd1691f559b8ff787dafa35cff5dfd66a2abd83f81552a82ba6ca7d21c438483e60fd77f93bc109f5be802035412c2af2873f5cb186b77dc055c0e0b27b16b1ef37de0b81fe63c4074a7cc8c3d27f71a992b5468351ef8b84a7b3e8f12458ff670d1381d879feeb1cd3b93436580c86bc2c33f27448d4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43249,6 +43466,7 @@ Entropy.14 = 57050c5fe58b2a2a0eba0d3b9c08a9b285e1180d2a297e0a9ad20740c6fa9f00
+ Nonce.14 = fc309209936c569a1367d45b212a9a50
+ Output.14 = 288668476b39814edbce5ed91951cec398ba2dc3bad76048df5fb1a2a680519c217ec4d57adc0251e1f8892a866b142e0953353bc2dd207aa2703f81814d26a60daedfe94d97de6043ed5f3bd957b7516681827f7a36d1b2a87b692c67aba050bc38b5e84f65f07d70cc34549f01aa390c5fc8dd01304fee7378e62549738e3f710ee6a4e32db3f472e1c2ef1e803e57a8ea992f389f0823c922bcea8b00ab844e071579170baae90839ffd5e00844ec343b02db090847cd323f8a68f0dce64e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43329,6 +43547,7 @@ AdditionalInputA.14 = a633f5f05ed8b09b70683a9f9a8e998ebf843b68a039dc3aa40cf30a5f
+ AdditionalInputB.14 = 9a57c6be8c1d992bcbd599952bd94a755d7ad686698991d189afd11cb88b9f53
+ Output.14 = ae0fd8a1bf6f2f53f9e81ecf6f40ff6a36fef58a3f157b6a435403e48da4e88cab7871bfe2233b92afd228bfe3117d7cff0798225a901663d51f0491109b9c631dd6d32c5bec2da321b8e64ebaced87a27f17f67082df944fa94acc6c557fa6816001642e38b7d776c631212b782f71aed6db760f90e0de8e81baaf4d419170362932e6c319dab948749b331aae41b4cb3267da37c9233c36d65d5482c8940387498453b226af485a37ea16bd9e4f938618f70aec97e8c1430a8d8b6aae396e9
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43394,6 +43613,7 @@ Nonce.14 = e1609138b91637917ec170fa3c3fb278
+ PersonalisationString.14 = 230db2e57b87e910cbab26fbac7fa93a65c07c1ec004c74637e346c2db63288f
+ Output.14 = fa58f2e96776b4aa079dbfb49d81d8abfcc30d459caeb45dec4f1766fdc3b234d52cdc5337ea770e71a28cc42c82cbefce896d1fecea5a5290300208aa79b5ff97d2091498d749b66a9e5b2da7b774567ae9f83b87a8417b1bd089935e575b16618ffe8ec04b91fc9315968dc395fa2bb8776133d3ede95aa89ae675881b26ca831fa5fe6cba800d2fed1d509353e8cba6f007cf3c5e0b9424cc034e1c817d5f7326764f5ed1d17ddf8900977a0172dfab50bf4819a67e4c1af4704f59eda3bc
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43489,6 +43709,7 @@ AdditionalInputA.14 = 32f618446311f03a0038dae07e85e19006a55b69501d764c241f683be5
+ AdditionalInputB.14 = d64a97650e2f25362fd711c7abb5635672e16a02a1dd5ed8a181762e86f4f5be
+ Output.14 = 54ee53e6d18e974913ec235a37a706868f217af33b25e8e5369d90071be1d01035ca331b8514f3d6186a9ec62b1e7808b7fa22859eea21e4b8113ef770772561eff7f8b6ac22125d002f6ba9f53b235f7d85dd5b601787201ee1423de5d971b2e758b3955a048b50f118c01122a8e657f69a63843bea00a46c4fc2ebbae36adaebfe3e6c9b1c82e498d3fe48d332ac1bf31ab4c80830086c8ee4b1ea190f8e269f74cd760f5a29d244064d09c1bc30832482d5205e35604a388250a7a196ec74
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43539,6 +43760,7 @@ Entropy.14 = 9168436a8600415b83062125de0ce6a998090216dea7374af08e6d3becba054b
+ Nonce.14 = 94206c91dcdf9c7c3f3571c703013419
+ Output.14 = ef12bd2b6dea20cd197ea9eabd98eec1a2943619cd2a96dd16a6c5485435e00c59570ff14d7d9fc09c99ade0e5ec12a84c0a8ccd5677fa9b92295eb2a620e8a0400bc9ad8a1ac1aa4969d8d04b77ad59b81d95cad75358698107dc8a2ff42adbd679ab29cc29cd6ea756f4c4e60c271c3134c48b5d5aedecf011e73c2663ad1cafe57120cc70137370760c350f4e9c0b8e9b01c9acaaeb56094434f4f87c67a5b5f674783204ab0d0598c06f0802a05ec97073c005f3c9f772fe0bb449c1cad0
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43619,6 +43841,7 @@ AdditionalInputA.14 = eb9e19bb6eb7b714dc4d56243897916364dae7bb3861a4697d7d3f2b14
+ AdditionalInputB.14 = 156d12c7a1d0af2cb9f2d0610cedd9ed3b982e77bf4a9dc1ef0f71284b751ca4
+ Output.14 = d3b0b0ac5150afdb3d9de12d2c8a7d45109436ed9c316aef1d1fc5bfba1cd37cd750841146dd08320539eb1678962e990f7b7662b44b918447e173672b873b8ab0348306cf6ae2bcc6756036870745436571763efde334dec5be7bb9920629a36cc5db66e8824695cabecb8bf092858e095a2a520eff140f483ec528131c850a8eaa48d8c997fbc810401ca378666d84020fd34af77fbe1152523e979560708fb15f3b7981e333ad4ee8c2fb6021a562f339616823cac5998cd919f82d43f41f
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -43684,6 +43907,7 @@ Nonce.14 = 733bf048e5b112426979a9879b6a0c10
+ PersonalisationString.14 = 58d91008875f51d541c6fbd626a49a798dc51d9cf2e8588808e74953392800e7
+ Output.14 = 1794335e21606d706dc89ace28c60a15c0c9f108f5ac882b103eb62e225de749285e5fb0be98a5bdc26e3c998ae418306380941d78acb7c81b91ef41cecab328332ac7404ace0ea858e7835534f778cab3e3e4eff043742e4f7d4d5725bcdca0b6be7ddbf79e57fcd1d5a4279f074a599abac2cd281ec6784e29d9399f5ffa8def3252acacc59844c0c24c20d029a89b4407e0b5cbe9a8d51241dd36bb82c400ec4571dd1baf831d58fed3dde4ac7f961be6ebc18af6bfa922a32b81ea11334a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 0
+@@ -44939,6 +45163,7 @@ AdditionalInputA.14 = 06df99a38f4222b9e7e1e3f4a6f488c1dfeafe847129d54c93bccb1649
+ AdditionalInputB.14 = 3977a9671024bf0150752ba10c9f6432773bb71aaaa9d23d1ab72b90b7f0e088
+ Output.14 = cd4fa86fb559475f4cf4a60f111d3d0f71646d3d25111889332f2451eda96390c607a0178e1e79e8124c7626ecaa9822495e5341dc6f24818f97951bb29434c7c48d05838fcf3b43b8314827d3acc8fbe2c4ae2ab066626c25c32a760002cb1d980169f7691bee5e329ff1ff4938d3bdaae583f3561499563198a5eb69e73f6b963a5d072d23e07b0ce48cd04b31f9ea349c2cae355ba478e26a5fa33d8f03af84235fb1743d30910f5557194e3609494019bd705f8cdbf3d1b4dafaa09c9d8037d2e0ba0f96948d4302e981162c34c12c2fabe1a42da517b7e5a1f796980371420cb305d0a316bee56767ce1aca9260231839b92fa26fd75846d9304427da27
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -44989,6 +45214,7 @@ Entropy.14 = 0cac1d970c06da6f224d49e5affec0fe338d0b375b66687b
+ Nonce.14 = 1fb1df257951ce8fc0cf12a5
+ Output.14 = 7d6e2be5aa574b0edff39ea938e94143ed92b287262891dd2a6c9193b0237e8fbe10056e15785bd818e548452792a31c728acc14ce2bce9295d3776885018a57c8580a8e7df9a34ea960e0b39af4510711320528fa7a0badc6e25a0eead8cb091c404f626343c63d40044055ee9f9e35
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45069,6 +45295,7 @@ AdditionalInputA.14 = 38ead8a466e462f5c0617822c23294cdba07a80fd51dc241
+ AdditionalInputB.14 = cacc9efb209c71b123498182d25081aab8f0159bed1fc0c6
+ Output.14 = c200766d5caf72e64a77a7fcae1ae3d14681e33767ba2ba7faca26209fdcb59c7202c381b18adba07ef0ceef443d9e1c5888366bfd953d614bb184370b45ea2b44a251e381fd2bdb80bf4bb8dfe011e1b143032bae9ce82c2869537e70d36622bf23476163a2dace9ba863a5f0e3d303
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45134,6 +45361,7 @@ Nonce.14 = 7e2f3e4427d00de41ae92bf6
+ PersonalisationString.14 = 2e8bc8edcdb3dfdd451542fbc68481b30964fdf8a6ca77cb
+ Output.14 = df949beb9b33d2c1522cf6fdb3206cb10b58411ba9e28a4096cda7662b69d23e0da2be9557b9a3b5a8d67db4d616ae9fda3a7e0a8516196568f7a81474c0264993b141f14066fbfc29da724e447f6e503385944e902510f0b3971f7bffc6a6a202ff88d8113bb222b104055f427fe770
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45229,6 +45457,7 @@ AdditionalInputA.14 = 23a781948449d82ee235d0495ca48d61aeb399d7e2ea68b8
+ AdditionalInputB.14 = b52421e5b0e5281920da6975ee18d74ceebdd5d5de05c018
+ Output.14 = c878a886e24e20a8b7e22e41ebb33a2b6e9a0168f4c72bebb78f0955c8449592e91c6a2f1ba5554c9459bf2702e67470c1df0b5125d651facc0a9339a2b7c921a51bc7203020f085c9231b3acd850ebfef0d0e13dc8bcfecf1f9853930ecd9b262cecaff0e2bed9e3b5b53343b733766
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45279,6 +45508,7 @@ Entropy.14 = 04c61e5cbd79804118267ee1c76db36b71b042bf60a1c891
+ Nonce.14 = b833be09092d4755ee6118f6
+ Output.14 = 0c4663313750b12daaeee80cb28f097cbe6f50df2022f9ff02a51fb373da42411c5856a136e9645e99e69aee273726d146e3ef4e546273eeca52b43c068887148b7197143f5b9a4c55d4b0544907ee9ad2f181d1b37742d1479d39e78e47505603550d2b28bc1d151a50bbac140988ec
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45359,6 +45589,7 @@ AdditionalInputA.14 = fa3bc697a6bd8ce341735365ad6e214d1e53e8d6d0a2c206
+ AdditionalInputB.14 = bea0650424d1f26e75a49ae2dc529f1fdc552e3a0aa50948
+ Output.14 = 4a718257296a3a99f199a5a24decf8f3e6209a4a7fb0b24913393c8309826ffcd6c47208ea6879921424ca55e63a7e5bc63a030cc48be7648da78fc9f314dacb2b8568635e5b14a94bb06a709a2f023a86a871dfd708204c911d94ef3690b3634e58de03fb20091d628bec834a760dd4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45424,6 +45655,7 @@ Nonce.14 = 4b729a67449bb5675a1f9d1f
+ PersonalisationString.14 = 9160b7c96fd367dd7d378e82be11ad1827c7661d76bc1fb4
+ Output.14 = 1d7ab4500d99a18b8be2ffb8177c869059e25f1ffbddb36694fa8561da1d71f86a38accb1926339f6dff71ea8ed104c3518e62b00e520c51a096c1c62469e56b139e6384e982588e748a8074dccc51d558d944868e2b8e1dbd68bd83c663447590430ebe15c64aba4669d1a4a784d8c5
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45519,6 +45751,7 @@ AdditionalInputA.14 = c375af43c11115e995f47212f81cf3cdca5801d184d82235
+ AdditionalInputB.14 = d2eea45f69c6d82dc3a7bb3be69d595c86c5ea5b4aee6001
+ Output.14 = 907452bdf42eb168195313eefd090a2fe1be8b668b8ec7153a4ed4c07e6979244282e976decef02ffd4fd92b0d7b90bfc453cfd81a823dc162dde29dfa926f20e395d7432e0aea61c72e05c1673180bee3b47fa171cfba98864fc2bf83878e37c7dc019d465788aa1500ab3db8997d3c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45569,6 +45802,7 @@ Entropy.14 = b37ca70fd13538ef74c5a3c7ef00a78705919446954ec43f
+ Nonce.14 = 3ecbdff8cf33b50788dba82f
+ Output.14 = 1bcbccc535fbdc8617575d46ea5a9cef2622995dee19aa4b998325dd8d0935957170f6b18219354cd2759ba53c9c1f380586070db0c89979a581ce1e00ce38855e123dc3a2dc9ce74bc3b6e27c9603fb87c09a1d90bb540d267d456f5457daf0920a13119a2b805f9b97b154f80f4bbf
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45649,6 +45883,7 @@ AdditionalInputA.14 = 9fcab4a8d0d1036a6210d56a894f861fbfacd4b20c081f38
+ AdditionalInputB.14 = e279bf650f812b8931662e59a0da7ab799c193da1f6eef1d
+ Output.14 = b3ec81a3cc8dfa4e1ea17d33566a4444bae9969244e7a8970eab02afc8797b5fc85b6614ab009625b81fbe078bfa4db78ced2d8b3f1e3342b477a3fb42cec7d44546585621bb8310075808aaddef32ede3e668e626711fdfaf2569721bf645edeaf74a9826aadf0a9cea9893aab4fe3c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45714,6 +45949,7 @@ Nonce.14 = 98ec3ae036755323042c08da
+ PersonalisationString.14 = e6f24d96c8d11cc68e72f56ee7e345c5a0083509821fdf17
+ Output.14 = f5a9d375a58d1b337d245d29b7a9e352cbb0fc950276e042d075a71f4bc43b65b063bff299c670adfc46db39c4303adbbfebcea1df964c27d33cbfe4d46567475abff4f357252ff7d05ed4ac34e6ed14c33c192909426654d604736f3bb0ba01aa5e0454d60dfe8aa5b2df3a52df22d4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45809,6 +46045,7 @@ AdditionalInputA.14 = ec35738bedab1835d07ec7a6d9a5e6e0bf8a3283541b3216
+ AdditionalInputB.14 = 689957f9c2c58f1ff34899bd0c295bbfacdd149ab378428a
+ Output.14 = 6eebecbac4dd64b170cf6aa84788f643755ad5c6c731b63bbba3b2bdc2694f1fd42fb077b4309a0cb09b5ed1107fee2379272351ca9221069530762e4c8ac4c142c30167a32ac2b82b728d57bef95d620cd1b7a2ab5c1a6fac2cc90e0f6cd003ef526485c8bf0dbc9baa7c1f0d6f763c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45859,6 +46096,7 @@ Entropy.14 = 2fe6d7ec78f76820cd88c41a5a958c399c7ad1619406caca
+ Nonce.14 = 1ed975755cad5e4c475c5945
+ Output.14 = e34b31db083e58516cd60ead2e5b0d39e4a2bb47c2436531c0e700e484c27d3d233d10d1ea6c58148149751f24155fcd258f384d61000da88106a0205d693e4ddfbb5c35f101ff15e531e9ac4a988c16302a962146a3aba9af5c505697cf9aeb7bdb8c49c281458acc33ad4010122aa5
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -45939,6 +46177,7 @@ AdditionalInputA.14 = 17c87a351e940e261e8806e2548da44a751c550ff5f0257a
+ AdditionalInputB.14 = 7e3bb28f266786ae38c24876087fe35c7e43222382270380
+ Output.14 = c943c9ff0cde86a62756465e6bf4fc9dc25447157537831c975782dad82f3e33e6e7790b41c158713b8978a6967bfadda9e15ef43922b3f93c8ccd0cfa834fbc6776f3c1b6369b4f25b1cd1189f8b8efc31be2dc151d3608eb2189a4f39c0f0a3deba00ffc97299c11c46885b424a7b2
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -46004,6 +46243,7 @@ Nonce.14 = 4fb71fac56d2aa35d7fa44d1
+ PersonalisationString.14 = ad66fd02b6f6e30ce521ae0d783236c75cd3699696475ac7
+ Output.14 = 4b2df98ad411407c1dff07b5c08e97ab501fc20ad191794dab73e9b4dce62470b3c70d75f07848f436f16a8c63ac31a75525bd928b5c76218099ec940e3ad193eecdbad834557e92602d7daa6e3eedcbccbc4d0829c8e1c7e59adb95ce928bb138870566eb27e4725191a9ebed50304c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 0
+@@ -46099,6 +46339,7 @@ AdditionalInputA.14 = 30a66bba0f4d6c249e271de8927b6ba1e99fefbf3386934f
+ AdditionalInputB.14 = 1ebe06fd88f8f914ea8f590483994fbf227613e7f49ff18a
+ Output.14 = 38b4e2bf6aaf771df03b3bc37a959955dec83f07af4bcd995957a31991c5ee18b5bcb7754f3bf6293665dff2b4769d081d9be6393803e2c62a73ed8ce4adb17b36c1e0deb8ff6106308be9019cd179a92feeb184d93a9348d3b14a70bf13fd74d12cc427496803b7fc041f87c630756c
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46149,6 +46390,7 @@ Entropy.14 = 7f422e735bdf349e4f51787571ffe061ec7e9181fa0b6a342e36611da25c1a15
+ Nonce.14 = b09d8dc6997bcb567cfd788d0e06483c
+ Output.14 = b83bb6e99b0a5237242711e27779d05d2157402856f9653542f1ce52b1a7463e13d5c92309a06d8a78773ad70504b64ff070c2e6afa4ec3662f2729cb7552235b79c18e08354e334474f238ee74feb7e892d5701543f418cd7f2f5533437d9901dcc54687816f16eb7341b1707c6310a2085dbf387044a78fed850b42fe9d8b4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46229,6 +46471,7 @@ AdditionalInputA.14 = 5722b092a5a0195f14b5f236885538cc7a514e997876c06f634926c695
+ AdditionalInputB.14 = 6e4f341a0524dd1085aad0b6c956057893f737704ca2fd8eaae6231e9691688f
+ Output.14 = a757af53227bd8555853ee2e643256074be9904d2fabb0ca86a645b0ed1905731cfbfdb7eefc83938fb576d7e5da8135300f8e934dca521637ed10e5e791e18e82c48085f511476452237ceb930e0307e228886d36aeb83d8e25ba23b38dce6dbc335de90b63db4021d6ebba5dfb6d8044a2bb7bb20aca679cde16406c8c4746
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46294,6 +46537,7 @@ Nonce.14 = 06b7b75d18365f4957489a09204b2672
+ PersonalisationString.14 = 9e32f001033eba3bede220d4f351ce110e6ee2eb0b099ce54f9606a21d80b1ea
+ Output.14 = 508333114a0abd5fe10327daa0f1342c66569d912a64d8ae89227d0d8ed5b4052cf84f0c38927d88dc0d7c476e747965adc9579a4603a36566a1730f55ed7b100c1695f060674484781682ee629167f7adce89885ff04d722d960d0297d2abf79bd3338126c2d356a91bfa588f80db7ea365bf181fa5370c478a04d05a515b78
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46389,6 +46633,7 @@ AdditionalInputA.14 = 5b2d2bf0653e3c075c469de5e2a093193e700abff9792a9f3bc0d143fb
+ AdditionalInputB.14 = 976c765df6b57f0eed8661587045826c329f4f1994020de30fdd835912f72fe0
+ Output.14 = d8275a104f1dad7412637d12fabf9dd1b06592850cd48a3f38304789911efe8f08970b8f90fa021b04039cd3d1ca573c1586e7ef586f4c623dfc559efc0f2c89e4136b59f0f5706a74679d1c95886a5ad05b9a850043cdb19d806d617b2f640f715351cff6920c47f96a42b872a512a7b2e99e4d0c2230861b16f3b38deb9b58
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46439,6 +46684,7 @@ Entropy.14 = df6edf960abe3aef5f50741907c0171906c0837ba3bfaa3a1044fcc4f19ed21f
+ Nonce.14 = ff2558bec3e5377c12697c908d629952
+ Output.14 = 9d68c2674eac76f3ccabe1c6c0bad96d5fbdcb1629c939e397eefbcd2ec2f25803fbb9aa72db952f7fedcb290da99f34c0fdd637c37dde1446d475a61c38c3fc5c1ebf9541d136cb02a43b2646df7ee4bd0d9191157dac92a33f401f089ae15618624fc0baf707409aa2f80cd5d0676612c2667aa420acc6e016e6ba3f63c686
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46519,6 +46765,7 @@ AdditionalInputA.14 = 4bf2c816e2c3e9721d192a670153d620aded035ffa214cb0d7638432c3
+ AdditionalInputB.14 = 06f515395ad7c3d025af7df781b49b62f068ec9398f6dab31ead6f917c663de0
+ Output.14 = 1e70791e6a8ce753f959ab75d1225b44452ce7aed0fb53b56208b3f26419f004983c452d724c483b4f9b70d2d84734ce8ec0258d8edfac639b355204e14b5b7bc1d3aee6ddd9f5da54c6cb086d16ce381c2d5cefbceae3afd56c13441d80c7e6081aa68ff57f21d460370de9ae713c17ab14a81f0895e9e492af7c437d7a5799
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46584,6 +46831,7 @@ Nonce.14 = 2c4c4f3a953e551746f7e258821d24f6
+ PersonalisationString.14 = 676a9304a3f744c62c7f5048f2137982c89860577cfcaf0d855514436ff8eff2
+ Output.14 = 7bde8a5a34538655ab2ca26d0447eff3c6da298b3fa53ff0526eeeebaa4a876b60e47ca544ae30ccb00176ff84920bb4e4a4ebc3cf74b9cf8cd8ff9f7b11266a3c9bf918c458760bca6368ddfb3522edbc61ad14f2b638294e51d82e617d8c0c631aefbba50dbcd1a0a88963c3d63959909ce2cc669924d7163b01cac468c0d9
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46679,6 +46927,7 @@ AdditionalInputA.14 = c168776136197bc3877c824461994a4cb020b61ad1630bd8f38d0db211
+ AdditionalInputB.14 = 4f54082a1b9e6cdc8599e1639865c00fd758f403adba5cb74a37e2b20f29b654
+ Output.14 = b48984588cb54f78610e05c8a7ce12c630934f5ed2e4cee21e523fc65a7b8412189ac51823ecdf493844a859aa87f3e84645f22f0914245043f7b86287a85db97697bcc84684b072162c2fa636569df83fe85f1ae25204786bfdcf5eb85006d09a4d97b162248daa8ccbff9eca28b7bce9fdbddcb8679ba50b6648cb3bfe9af1
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46729,6 +46978,7 @@ Entropy.14 = abc502a99b7c3cf14262f6b036925a9904105b019592a2a6be26d71fc42c7444
+ Nonce.14 = 40a212f9e1a5aa54f2c7ed4ccf631c9a
+ Output.14 = 0e747d83e2104367beca697db9b6bb994061d82aae7b1564f6a0911a1f599084a7ca7c94e232908d41df93a6b416e76146a53b490afb552124fc0c2087cc45de96390565b58f913b5dddbc55dcdd2617ea27858ae7c7748b31d832fec0fafe84594ad7b693cf972daa9521ad4134867339536ed5cdf02a758e40d5d96802f4fa
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46809,6 +47059,7 @@ AdditionalInputA.14 = 2a8cf10885a141125dae18c40f7bcb7e09c1b2726e22a7f776e4735279
+ AdditionalInputB.14 = 7c2db5278d2336764d274bf9624db7eecad2db11c6622831e47338ea3ef02ad7
+ Output.14 = 08ed2c3aa35812485ea8aa0b16149ee4f3207a0368be2035e202797939dd2a1c1db1ab244434edd783c7574bf48fc99f93827a1fee91cd1db1cad53512b6931d2d63018045b2a50a9b523a6ee212fbcb21ffa57ef998b4ce24e5f2f875a8ff3a45d8602cd56cfefd2f61f73d00dc33304a464f4fc1f7dd311b516a8da4e91151
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46874,6 +47125,7 @@ Nonce.14 = d5aa1d24b7c7564f6836f626bcc6d32b
+ PersonalisationString.14 = 4ef1e00dcda9e893d066ce48cd291258a29e0a234796c30a6465079cbc3d3aa4
+ Output.14 = 43da46cb7b737ff7617715e3a8aa4c42d8cf1b62f32ea97d035514a10798f5bcaab550eab684cfbd5c8d3e1ce6d9fb026812e647ae6a50d3d8da8e9e2f1d5f7fe550e7e0b88e146925f2aa64690e1a5a5de152f6421837c15337efa80fdedb0a4754268bb83fcf0281b05b3885dc64b87f1da61b1ab219779ef44a1399b992ac
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -46969,6 +47221,7 @@ AdditionalInputA.14 = f8dbd6a405435595b2520bec5026075514955a666e4ca34b7d0339b0a0
+ AdditionalInputB.14 = d9536bdf1c3944d4d239b6dd13750c16a2780d943d4cb5fbbe418189a7d65432
+ Output.14 = b5e12e5082c09fbdda81d1a2229ef9bd46db84e62ecbcd1a2c4e88557f8ed3b5af740fac2bddaaf441b66084ce2239adfc9d02f001cd23470535f13ee6ed73256adf902b359930093ffb293a7c007074582a356529ea3ed9a5ac0a1a3f62df5fe09d27f5a7ac6abdf1fbd5f5e5da70da5e3037fb062d0817b077b56457238108
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -47019,6 +47272,7 @@ Entropy.14 = d233eed6e4a43436e4418ac071bf9ec00d463d0568cfaf7b4174f96c1f6b8564
+ Nonce.14 = ea8e646e88f7fd6c8e590155df15558d
+ Output.14 = 314dca793ee1eb0dbe48bedc324b557966ac7a17b900bc4167ab4b65fe6b34ae625c200c4e21428ed258fe28b99c31cc4e8f9eb93a793c3e33fb0b75a2595a3201d939dddfa27911ad6f731894e16692343f25de291da89570a257a95cccb42f7d9820afa9b35d16664f95a2099ac929683b7480a4d1e34291853047ced3302a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -47099,6 +47353,7 @@ AdditionalInputA.14 = 46cc09705223bd3c01fa037d9a19dd2465bc612f519e51d33fbc845742
+ AdditionalInputB.14 = a9f78f79d034d46086bbe5c8883dc2a34a1a17414aad2c767a3b3f23dfc9b637
+ Output.14 = 2674afd329d03ad3b1bb8157c3100a312e29bd72b55139c408afe7f2c9e6d53df2cb8b829b7351a80cca8f0b59d60f6454ba60b154f654a09aa82a63fb28ceab9435cb6022934a0599a4c3a005bccdaa8bdaf8246ca654692a6c038cc82fea477fabdf3d6a0975e952ce3feb7fe8c4510b8c5347b21da5431cfee69e9dd2d8c4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -47164,6 +47419,7 @@ Nonce.14 = 4788964160bb81d6f6c2675008b05410
+ PersonalisationString.14 = c56e284ac65798010eb7bd39ffdf49bc25fc2e663e90ff93f73c97e65ea82935
+ Output.14 = 683493fb3c6ba0ae0c42009beb39fc37a9d235fb3fa00648ce4d60b4d6bdecdbaa1e2ca0c0fc80c53f6f8ceab31c3c42764b8f23c4cda91743be33e0a77fe5a4297701bdec6b2a5712e76c64bb8b7e03a257c140cd8aafef046b049303679a7904f029444d92d673107bdbf769fc1130429ff64b527b0ce2420e2c70e8998ee8
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 0
+@@ -58071,6 +58327,7 @@ AdditionalInputB.14 = b07198a49bc854cfc9d6d7466fe24948
+ EntropyPredictionResistanceB.14 = 7b558b48f3c891a77fed293881775118
+ Output.14 = 878d26fb57589d42497b869564a1dac5adf1b83615f9ab9fc30b5140f79e3b7f525f1eff2e68002801939aa0728432efad829b5b12491404fb50f2584a3bdea8785e79390501978704a667ec5d04da56
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -58151,6 +58408,7 @@ EntropyPredictionResistanceA.14 = e734a035d71399a60be221b8c383044fc83506429a7eaf
+ EntropyPredictionResistanceB.14 = 51325a5d10137cd3ef2c6cd2290593a73361b298b9fc0099
+ Output.14 = 12b008fd1ebb36ee67678a8b90ebd4ae333451aac2961d2ecf0d3fe2321fa520543452505e1e6216921ac380ddd88c51fc8b6b873b77b73b38558163845e2bf67661c05896da0efbd6c0faf0e363103abce11ab27da19c21564d8ec067802a0000e61fc33f43c12b854b85d6166a3a3a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -58261,6 +58519,7 @@ AdditionalInputB.14 = dc30a416e609cd52562109d22960e1295e3fc6eb66709704
+ EntropyPredictionResistanceB.14 = 849864c63ae33d51a3b2e282325729df0d01b4b6efe4d2b0
+ Output.14 = f2206a4e8008a5b32a3a3e271e9673031f536eda568fc2cf7013b4b342af76bf4ebdf867e7f2e2e89fbf2f63cb6e096671d360eb72223e96d9bacdc2195138770870557b88e770b7a439094e2eba6b529e54a25c75237c4b4fcbd06efa77f6174ba64071d2c3caf13fc1fad0c0cf005a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -58356,6 +58615,7 @@ EntropyPredictionResistanceA.14 = e0b1ad06619cc7e6b06fa369846d0718061e4ac707d1a7
+ EntropyPredictionResistanceB.14 = 2941e7b99738be35a340fbf29bb443547f3128e5435ae876
+ Output.14 = 07a627ee351cd794c19148459821ee504770bfdc07399fede63f1e22c3d76a57ae1da3c66403d789a8f2f4a0f071dec3fa102bcaf791222d2b0de7cc5b9d8f59b6b23d441b006eec851856c8abb152b84828a88f06e1f4cb257dbe00ce4d4868532782b06da28f923bf8e3f38d4ba50a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -58481,6 +58741,7 @@ AdditionalInputB.14 = ae204b086225c6659bd8c2487b1b91310c3d65c6a18a8081
+ EntropyPredictionResistanceB.14 = f69f38c433c8f892d4aa3d1c7b97903711b6e0f5445ca61b
+ Output.14 = e4b3c801cee482f2d70a92fa7d4d2b9b19a1827287ea50698de61f82a095246dbc3abf102510c3fd413d6a8a9b9c88b186a177c14e013672fe3056722ee69fc3a49679f9d1cc0707ebb29297472343884dd6637bf094af5dd40bd1be4a269cf4fa65c163347ecd0fb6935eda690402ac
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -58561,6 +58822,7 @@ EntropyPredictionResistanceA.14 = babb7e1e29089815ef8d794611a3164b54617f8edcae51
+ EntropyPredictionResistanceB.14 = 06ab40819ac75f8609d7759fdecd3274d231781c939516ba
+ Output.14 = 80abf3d122e8917731a3ad6c8cc0495aa302d521384a155707f1302fd2c14ff9b8d6a12027b05cfb050fc45baee976715aa9cc606b943c785001c0431175278ed18d3b4c99bb7380598db4e9462e472ed9ede95c2e357f37152d1a76a60fbef4f97751fd111d9b965645de5c823d64bb
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -58671,6 +58933,7 @@ AdditionalInputB.14 = 32460d6c3eb7912389edb486462038fe90505f7bd5d8e46d
+ EntropyPredictionResistanceB.14 = 31b1b8fd7753800a1d3c3849ccb22a7c28ea4cec21e71c91
+ Output.14 = 77e3b89a60d91cfbbdac8215a3fcc000ae61a86016cefd998de3561ff76e188eda8910c08e964fdac58e3bb30f4af464b92812e15178a97d3215699f21b9775d3d4b11fb16541eeda2956937e43bd4e928f3856bced91c2e9a3c741f89894912cdec7acdb0652542fd08acb6d6ce2c66
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -58766,6 +59029,7 @@ EntropyPredictionResistanceA.14 = 7a40b0bd455f5eed4ea7fef036c5b044425ef2138b18f1
+ EntropyPredictionResistanceB.14 = 33bd20a02d78688da2b43f2222894d508f63851fa8217b6e
+ Output.14 = 1d0bcbbddc32be27ad0408c93d49f328832dd15beafaf969fa8f991b18faf1cf4cd1ae7103cf94135c1fa9beaef66f75d825cd9c3a16697337d746069a94aa8881e9ca841fc61fadc3701fec3fe65f750240c7da05884828ac3cb87289567c4e491ddb3f1ca5cdc08b5fcd3d8f91136a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -58891,6 +59155,7 @@ AdditionalInputB.14 = 528bc69e8fc2c45ad8006dc7a865ca73c31a679adbcb0656
+ EntropyPredictionResistanceB.14 = 97bbf5c91c830c627a1dfb629a0f40943655d70ef97fe922
+ Output.14 = d9cafae3bfbcfe622c82f137700f959f79ea11d07631abc26beb2d846e375a2b21165db0c568e1ae54d03c26f0ecdfa2564bf5c3c6c902abba3b2ff994ce191caba7e89b129c303e5169f4ec2e415a90523efc792e6aa2caf5ef583d286285f7d4900d79fce6afdd184d9993f85cd6d6
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -58971,6 +59236,7 @@ EntropyPredictionResistanceA.14 = 58e89c98a93710a6856da202b373749dcf3f60c16fe067
+ EntropyPredictionResistanceB.14 = bebbc0ee84a187340613ff138c5abc0aab2e86f57f337712
+ Output.14 = 13949feb41c811c6894809f16ab5b34be3fe3753416a8fceb0c6de131167d0bf60409b753385307b71e2622a46a42f1561b4793c6f0394fda66115c95dce20753a9caec5aa5263f6581db8195bb7de7e4b13761fd43eff13741849b8556247f08a58c9b180269f213eba0476c7fd3394
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -59081,6 +59347,7 @@ AdditionalInputB.14 = 15f279e7677894af10821b9cc0ddc9238b318dc9020b05e5
+ EntropyPredictionResistanceB.14 = 878d41b7c5951930acb26a23c06501b88d1474796e536225
+ Output.14 = 8f96cd7a4e6363be72a9b45bdf8253fb47d0b50ddb3c5dfc8825f2c44366106b1094cc65d60d86542c25830a3d0f247326fbb941053df81a1d0789318563b870a81f9e554d8349b669f528d6889247d23896186c620b93b239c1d18861cfde3c123c80b4e9d5e338bd83bc2e97135ee2
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -59176,6 +59443,7 @@ EntropyPredictionResistanceA.14 = 62b1fbffc1d23ec871ec6c85c76f1bae9ec7b7cf85eeff
+ EntropyPredictionResistanceB.14 = ad80381072e85622e48978527ee673151fcc036c0096094e
+ Output.14 = c5d7cf9f1f83f497ef8c48eb81898ad1616c00cf2788a32c5878c3ea868eb3848cfc2961c8095f9c65052ba063707ea69f9d6ad9c4ac9858fb2470543dc4d2d2fb3eab11994e6ce387809c3e7595ede565ae549b25070f7ffdc630ee0ef8ac9835dbcc5cb5c9570143006ac691265a89
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -59301,6 +59569,7 @@ AdditionalInputB.14 = 6abc274f05fc74ffe1a0bac13cffb199eb87d66b385fb675
+ EntropyPredictionResistanceB.14 = b3a9b4f5f51dc337d12d34dddf231ca21dd98f0775a53ae7
+ Output.14 = 86732afa068efb5fdadf94ac34ec595eba831694cae1dc892e9c028ca78f950afbe78191457a115f3c444e5735bdbc40d787294de99043c96ce49176fd17d721f5b467943219437f3e1bea373fcad275e64bd35cd4aacd1f3c126bcb59b50d905bf40966dcbd474978abe1899bf0c4a7
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -59381,6 +59650,7 @@ EntropyPredictionResistanceA.14 = 058a109cc72dd766556a142a2d59acbc036cc86d476fb9
+ EntropyPredictionResistanceB.14 = 97f27faad6528c42dcd97c1313c0e9043a043e0ab0b58395
+ Output.14 = 3f5095a28e5674becd4b895d8918a36ba3cbf44f09c8c80b155f217e9b783b4ba99bf3ef183371bc3c5a654e3dc2346b605463abe63313cbf0919693965712366574e175d910e263f5086ee862672bd9c59a461f2d66a9b397570c86a09e2e4eab77aa139133789424482e94b9ba63d4
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -59491,6 +59761,7 @@ AdditionalInputB.14 = 3d9654ec477ddb9d1928cf286f599736d51eb35af1eb3738
+ EntropyPredictionResistanceB.14 = b8de4fffb86a4c7af05d85f7855aec4c8b463676b9b9eca4
+ Output.14 = 33f691da4b3f351aa15acebafdc181da1a57883f0ded8b7223ab9c1b80e913644f850e3511e901175c7be68c96dc2b6175f69ea91218bf09dfd8b91a79e7499c8386746c260f29a22c6a000659e8aeee4c83f1484d5c09677f15d3bc045a2ddbf0b72c179dfe260e5054a75fd11c6867
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -59586,6 +59857,7 @@ EntropyPredictionResistanceA.14 = 4afd7a280d8eb867f842e2e84f2c84d78749aa25c1201e
+ EntropyPredictionResistanceB.14 = 7d3e4a62634e7c6f74610ae4aacc62ca147fd1699c5b246e
+ Output.14 = 5c89bce4759878a3fe7b510c1b0c5ebfb2b085f89c3c4fa8cf6755cb51ba16dcc516402783d7870296f848bc285a5100a548e51cab01cd60638ecf2ecdf63f6d1c793aec14c4b179880687022acb9c90907e53fcede69d26f68a53815a6746c5bb80ecb22bc7d134da3412ba7c31477b
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -61351,6 +61623,7 @@ AdditionalInputB.14 = ced31f7e0dae5bb5c043e246b29473e2fd39512ead4569eee3e3803314
+ EntropyPredictionResistanceB.14 = c73832534681ede37e03846d3c841767297d246c689241d2e775be7ec996293d
+ Output.14 = 60c234cfafb468033bf195e578ce266e1465326a96a9e03f8b893670ef62754d5e80d553a1f84950208b9343079f2ef856e9c570618597b5dc82a2daeaa3fd9b2fd2a0d71bc62935ccb83da0679805a0e31efee4f0e513b08317faca935e382948d272db763e6df32510ff1b99fff8c60eb0dd292ebcbbc80a016ed3b00e4eab
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -61431,6 +61704,7 @@ EntropyPredictionResistanceA.14 = a835812aff799db76764365d3cfce7a70d168ca8a363e7
+ EntropyPredictionResistanceB.14 = 6cc406628d2fa0771f896079d052d057f60b334e620315f2cb3e658b1323e7ac
+ Output.14 = 36c2e433e06280c1219c2f2992985e74117d35aafbeefb6468d9576fc4a23f97f131874c0c4c18b9cc6028f881eb42f0e011f2c19bb60db5f5eb65114365c659790a3f423f986eb5ccec70118e48e7ecb40e40c31a6c4b8752e8fc841df65ee68c6343579bf95e10ff99486d9793eb6a92471622b3d60297d9b0faa9e7d925d3ec9cc05bc9853c18930a5f64a8aa9e139baa625665aacd443f1469d11a6c24a3e079b952cc8b5f75ddc9fb7d96b8b14cf255c2fe7619212f281364bcd8958bd2
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -61541,6 +61815,7 @@ AdditionalInputB.14 = d8e5e99dd1498f4cbf4224e4c7ac40aa7e077521ff5abfb836d8483d6a
+ EntropyPredictionResistanceB.14 = cc122d075bde2cb4ce5e48d72d5f6fb99529262118b01cca6639fff83adcb977
+ Output.14 = bbc4a9e2c9ee0e3f1e55e77cbb8d0ff902bf5d6853a5aed3fc0de3275da712b031a723ce201448e3d15360e5471f11bbd30029c6574db47d9d3275a8559294695b4ab832d656defecc9d6086a01895f74f67ad0643e77cccf92ff358440f3efdca3cb816687e940b7e30bf50795f111175a7a564333b21b32a0b9d26b093c396dcdcf3203e8ecd902c3de0ab0c82ac4c1d68f77da85383e60b3ac403b8ea339a97088539aa0004e3a7fb39a827aa0d27eb308d8ae29c07cb5b0495cedb839863
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -61636,6 +61911,7 @@ EntropyPredictionResistanceA.14 = 54ca39bb5d569901c657e36d0a8e103551e25f9a3a40a3
+ EntropyPredictionResistanceB.14 = 9c2962c0e03e96c94b9a616fdd52b1f04945597b372ed5c69469b29b3bfa71cc
+ Output.14 = 96cd0e64c1dfbf51e067b2eafd896d30580f46e29ecc1e51cc662e0acecad5529d2bb177d60c02e7cf415777a85feece50113942eed54a5b328cbc007a72a0db1500f17e5fa1cbd1231a8608dc25f64e1e078d7e0b4c49ba34e4659b9642f79acd108de0c92e52af86a4a82f23df12826f8f44a88cd99f576897896d17d7ab19ad02be4660b8a5840552cc73b5e24e76705485c70ca57b07eac35765ccc51d0795abc229aadc0101a056e047d7514c9d9294ef9458d5f7f5328673defb3c5aac
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -61761,6 +62037,7 @@ AdditionalInputB.14 = 9d015ac36aa25905ab1ad61c4c5ced15620306935c548b63f6274d0e69
+ EntropyPredictionResistanceB.14 = 462b911da3ed588f1e57e952379c76f4c32b1db3f85fce3315904d38bdd5ca9d
+ Output.14 = 1beaa2df060fcbb134e8af0f7e1c4e6073fa23deac0a774825978a42083b18c559de8ddd6652dc89abfd8006ba18d9bb9f579f611fe02984870f160e4f4516d6a708253e3c57896a0c9491b7c218e4131d29d31ff331c411c157ba071289a0004d3ee5fc6bc0e8aaf4bb934f48521c5c30aea79fc752720c3cdf67517abae2b936a75b669edd0f86d0d9d01bfb91033c431a4f8c2822f4f055c39a8451c3169dd63597ed1710915d5ed1fb8af25e2db01fe1cf60b8ed59ff0af91282db367afb
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -61841,6 +62118,7 @@ EntropyPredictionResistanceA.14 = 523aa2f18ed872566ae4fa9061a83dbe1e213fe141e84d
+ EntropyPredictionResistanceB.14 = 101ca246a89f650b9f6e3282a908d51742e4f2b9a0fa987e9c8f8be89f3d7ce7
+ Output.14 = 2a34c78d5ebc24dfb34250a1a2601f044e15969ea37e791110261f86d1c7e8c60b60cb4515649cb277526d4cca4bc6d31f14b42dc4da15044deb36cd9040a73e5f32806270cd503af2c7a6af85d2c9b91480df5677d9c2da368621dc7dbab8ca1ec634246fd55120058a7c0e16dc934e69fbe890a16a2b759b9d10c23fb57a188d906585c87c26a70cfa69aa7609c3a4226494b9498e6bafe0632ce06a82ee60b7bf275edc4ac862e3a2bc7683cd2258663d1cf2d0fa95ca75ee9dd85bcd42a0
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -61951,6 +62229,7 @@ AdditionalInputB.14 = af0921fd29ae0315837039a4ecd285de2d6e04f97bd6b18a480ff31c3e
+ EntropyPredictionResistanceB.14 = 028ae7d410cadffbb1a8dd1a26649c51abda3729d64ef24049157b8250c532fa
+ Output.14 = c4552eee3b4b58c5ac306a607e3047bedb0fc06f921f28f859324ffae46d95b5a235d32dbf68b6093498a02270ac6988c13467481553996e6ad080b5b7dee800807e9e8776d0f338fd2dcfa74716a9663c3984fff72167afdc5a5292a85663d1b243b96e7ea070021fce1f269de1f5ccb60c8f3755a7b7c9f36dd5fa5894ccb3838d568507a9bcc418a82eed820b6c35ee66c40ad9bc718ef73fd7f8c956cbcbc173b9ac0d7f3f40ff37da2d4572a8901d84c216e1ef2b90bd531aa9238af339
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -62046,6 +62325,7 @@ EntropyPredictionResistanceA.14 = 0ef1d45b978c565be7e64b9e455e02636ce9d2981bab7d
+ EntropyPredictionResistanceB.14 = cfe1c350d349c38b6f4568e2f1ca53493be77597271ecedc5ed578abf1f94096
+ Output.14 = 49c4c52a81741d2eb583eb6038c1c686b84ec9e8a882d1ef509777a5bb431eb9ae711412afd5ceaeea212c2dbbb17652881b20b2517f1b720eb528274f937b4c41c4991730bbc7979d305859fd1fed523af128347f9fb3e3df22afc4be9f43ab6c5529f720b766cb519700ac83e83668083199f02c5ec80d29621d6c41394a927839bcccd802fc00839923a482ab82061bc96798046c20a11429f266195820862b8e242b083b12567c17e0423d01a7f77f5d4d035eb75c797019d798b54148ec
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -62171,6 +62451,7 @@ AdditionalInputB.14 = 64d3689e23425f428b99b64736cc26c475f72fbc564f86f99ec4e22440
+ EntropyPredictionResistanceB.14 = 1dd8eded094fc0baea87df0317255fb06ca6e3470c9d1d52e5b238513ddf93ec
+ Output.14 = e52e2c91e99f31080afc7398ed67f4b7ca0b48e9db242815524b192c7bec24b4aa2aaa3449ed5c49053273b8f30773784c27355c238c7c3c8b8085a5b2917a46862fb0d7cb0b52d62e630f7fb55be54977a15d3e82ba09a7d26e270384ed5b0a381920ea2c9c6a2da7a123f811a066c81eb3b8b92d7bfd62007a19a13725566d35b0c811b4f4a951f3fa83cc7809c623c9af5317054ee1567109d3772965eb3cf6e2c399d89e5fd59c5aa1391d149a09d002ff7e6d1efbad2624c71d01ec184d
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -62251,6 +62532,7 @@ EntropyPredictionResistanceA.14 = 32822d7374b2a24cc00a9217ff5dd17c6962d40d9c739d
+ EntropyPredictionResistanceB.14 = 98f2d35e46d162b562842886552bb854212fb652431058cc02e9963c07128406
+ Output.14 = 73f40fdf6550d37fd7c9f64221e7d0447cdf6911e5aeb7b80ea6307a3f97b7d4d6e42eff11e8c53d18504a6b8c735d9d89c6e1f0fff47f2dc3ad823229cd0bb811c50aca7f3f8b7890df6da7ea279e3f0582a580ac18c3a42b10e5be088c90d3aced0418c6183b0ce11957052c9e48a8e30f12e1e5deaf68d29e4809e7fed178b541c80930b6b3b782121b99c41ccb98046147a6e08294e2f8a9a215ff77b4f6729a0585a554014c60b36ba29db8de4cb11f3e20b4bb2406d03f7f1d4601ea23
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -62361,6 +62643,7 @@ AdditionalInputB.14 = 4d60a3f6c5fad0b57ee38f5ccc9c83843344dcce4f5dc056d813eb9fca
+ EntropyPredictionResistanceB.14 = 50915e1d171a23bb7328650449a6845c181ad304b5415e05e4bb8f6820a7adc9
+ Output.14 = 08071e75400f6f225a1801359983a0fb4d6fdd1bc74f8a78d9f54b1027df0b4167acfbced55ad735a99ece966bd1e79a71ffb62c4526b8afe1a276976d9b3b765b9533f50e750651596ca53a24af1606a2cf6aab27ab3026437b7a03a0507c1913e6ae1718d6d69c7e09f808cf97c73a6195550a0f4cb426df27362b0f005226bd54e0df9c5e5038c75da6f8f77bd5fa35b9a3324b0aea322f5e48c203ee228483ac0f56a67dedcd1d706b8f0a69fa7946f1177a313241066b5324249faa7cf8
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -62456,6 +62739,7 @@ EntropyPredictionResistanceA.14 = fd31acdbc71e112a4db2ceff387d4b6db1e7c714e89390
+ EntropyPredictionResistanceB.14 = 754a7e0ea6eb9e18483e0ed7045ae6f7ccc6cc626ddc1cc2b317ee78782c6e19
+ Output.14 = 978543a7389db3122a01947a9a8ede689a4fba9c0d72b74e1aec38ec6fda8e7b519e5ce91eee5c532c9df49c8a36a64818230c5535d262061e96cbdb9e7bef5d7330a2989c3d3012727a18d2c96931b66f48bb0bf6cefcf783c65b0e094e44b0227e3e898215aa3afa2a71dfd832c6e11b3522940cea0482b5f24a90d12e5aea53bad0d028abaa4c45c54828272a9ce543e8cd7ad10a3daf15055e3999e94a62a7281ddf1dff41ad3e30c19ab8c50c759607203ed67c153a33f52130670d1f1a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -62581,6 +62865,7 @@ AdditionalInputB.14 = d56dffe6e68ff34c828ed6daa6957db8f8f1eb0683f6788ebc4d7ba42e
+ EntropyPredictionResistanceB.14 = caaee38a60aa69e7fbf710f0d03ac18ed70bf50590dc7854e2ba78edf2f6a826
+ Output.14 = bd2334cb3356a211a759fbad57708e815889f3961b4c6a0f5475792d1f0db772af058bc44ab716d02f11e37bbc74f59ef046d01f99056eb4366435b23bcd92f5c761d22551e66ce180defd47fc43afc361bb2ec8a3c92727bd63329f1397bd5ac689709b529fafb7a8a70437790384213a3f1b27c6086fee25cbc3c0a2874c8a85dfe7022a5ca7365e9a715bd0904dfc999eba168466766316fd196a1fa139e37cfa30be486b0fa1ca03602becbbe97869535913b1f9e00b12f4f2085794c0d2
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -62661,6 +62946,7 @@ EntropyPredictionResistanceA.14 = 957544da181d9451e52bad53ecc6e598e94e55434ba806
+ EntropyPredictionResistanceB.14 = c8c9ed877603789c92d8dbcccd10bf34e26fd34804178db31a6ec0486fdf44a8
+ Output.14 = 10e2ef2c3bf4836f072688eede8aad92da8ba7cc06bb2af2243fc2e7ccf9f9489a7ccfda36b2d91420df270ea9402b9716b95db186aa1859fa0e9a5cc389dbd7ad94490818fa34804a773d8dfe054cfa663267b8d21dd58cc199d7d3f7fa1abe54ef8d4cb2fb0f72a02537b0901c03b848c491784afd314d92b409b51a8ce88a3b7907e36170bcb1004a65c49785e9c14d6ad8871d6474d890b3f1599550d41c0b7a9b39c7e30a8932ce5a832137f77b97081088a8fce641e03875102e51b9da
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -62771,6 +63057,7 @@ AdditionalInputB.14 = cb7cd7e4239a550b8f65366cbb39c50c551d83976a01ce82aba7517530
+ EntropyPredictionResistanceB.14 = 2ff81fd74a033d6333f732f4cefbf021a90b42c9daa6830c2ab2899b64a05320
+ Output.14 = 932fac5d00f0026d0c439912ea5714fbca4385d25e8a3dd42440087bc3114ae946f32c7d7a22a0a699ce8b840b6edf5975d70961cb91f8aacc3dd826dc6e88bc780eaff13c80abcc8461d6fbd53122fe8574295ee67a624108d4aba3cf333c58316ce811194c9db18b2c1d897f385a3d7732a86d867a361b9f7f502421f12f53e97f0ebed34e03039bc903c104025e2b0bfd76f1bc70597946f97c0815fd1b7043e007a3542d0c2a8250935d0e705e8854d4f2b991bd8e11b446e0bcbaa4d695
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -62866,6 +63153,7 @@ EntropyPredictionResistanceA.14 = 44d6b1c7d7e951ce59f1cd023717a4a06eb3b55e78e64f
+ EntropyPredictionResistanceB.14 = 6ce1aaedda5818985583c96218d19d63c23aaf9ab6614556a5d3df0c3c5a3fcd
+ Output.14 = a2a7bcb7752b27516c35c2a42c912462205c267120c0ae06e6413ec13a93563443a81f7f68694d8212237adfd474e765dd00c73a350d793202e6899492a135876d06eb30630527b2064c310bf65fe2f8bb0ecb53367658603775caf3c8fa9afbe38d09e67bfb73eee11f216e4619f2008c739d1637ecb046b459d5ce49defd273d0c238d0468742a023a00a50aaeab976b66abddca704ce7ccff7ed754cd0380c963b0e044b7477acb6bce83c4567638ae740e329c062bdfdfe5386a1958da8e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -64631,6 +64919,7 @@ AdditionalInputB.14 = cf2040e9046a69dd9638de941f0090b7535c51cfa9f1c7bb2a56a33232
+ EntropyPredictionResistanceB.14 = b871611f8fcb8c860a72c4fd406d4939335a031e0de9f2d436d4736b6b060c2d
+ Output.14 = 2d990f0de43d3a4b2930542c27ad27458e8865ca6b8f27fd7a969cf4e2a0323e38fe6f505a2dba488ea6b04365209c6db786cbbf0a7c73b4fd56d24987719db0fdba1a3f07149521dcf5b7759c610da22d151057acefe70df1ccaeb67a975159b8996aca93d7a48096926db4381bbce481277d7ab27cbc0388f0b7cedbbfb8421cb1dc5f2a9c677f62acf96ab25e7e406ce82f5b96bcb471afbdf4b3f5a6fbcb8da45d2258e350e77d4633b0c1da691662dd869909dcfd7c8ed0f54ba7af0f9c038eb32d32b705e51b35bb3c2eeff010bb47ee326c2318b5bcda963c2dad419c5923e368d9b28f25b048a87bdba0a90d98c24c81b6dbde0f58054a41a8293a65
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -64711,6 +65000,7 @@ EntropyPredictionResistanceA.14 = c6e791bf03cb41dd67d8d0e6afc88cdb3243c6d8c99ec6
+ EntropyPredictionResistanceB.14 = 4b107f56ea9cf896bc58a6409dfab2fa65adf930488f634e
+ Output.14 = 9c25b3a34af68768dc47e8521b70dd52bd3243c8c4ca911fc32b6a191e4abb7a56c2ae535ee17899ddd7d3011386c60d4dd1c7a0f3bbc27224e1471e061675d28d726a6463d45612b6b1913136be596255ee2f1cac4f24400bc50ed41a30e4c4dc1a32524617e51ce2fe41a829d164c4
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -64821,6 +65111,7 @@ AdditionalInputB.14 = 67333be1a1d8ccfeaf0bb6836abc101f9be86f6584168b71
+ EntropyPredictionResistanceB.14 = bc9be23eb198d7a9c821bf848dc659b6c5c7b001b388078f
+ Output.14 = 9d45b149af6ddd8231aef5d6ac48dc80cea748f860edbb447c3e181be541c0cc384bd2b3d39a7dbda865cbae5da0e6e9e4230728a819e1dfb9b7ac9b6610ea5fc42554b357f4f4b2d48ece49fb86127d5669cb4d361be9fb22c658264a850bd927252ce83ad57e7373689acbb1b2c266
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -64916,6 +65207,7 @@ EntropyPredictionResistanceA.14 = 1faaa87f7d4767c15792faaeff52c850e7d1779819fbee
+ EntropyPredictionResistanceB.14 = 79cf8e36b1ea35077793e4dfe4e4cc736fc8071c72ec9ee3
+ Output.14 = 356c2bc25223d3f536b075f7052d29e1f36c3dcef8b09811f3bcc18fcd78fb10115b6779bec0dfedf1563eb9024fd38e9083c1a7b748b05d61c99c14b7a57ebb121b5ca9a83e6bfbd4be01a24185de86a9baca5c9e8b1f59424bf77b9457e3829de9c44ab10c5966dc59ba5884493980
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65041,6 +65333,7 @@ AdditionalInputB.14 = 74b7046dee3b978038195a4ede2e8a0ffd3b8c490c4ea36f
+ EntropyPredictionResistanceB.14 = 52f143079094332e20460b6bd1b5a5872348ddd626053d3a
+ Output.14 = 58d2c19cd4ad3ebd48e3520d23395b4566e65981aebf6f143f46733d4fdf23e2fe0243674778fe5c5ad1fa4e9389305d3e7c1b99d7f7e163c9ef87a35d34732629ca8d87b7b8878ec95662dd9ccb43b0d2ccee2f4f3c4037925f264fa03b534da0751f45b2df1cb653c379cac512ee5d
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65121,6 +65414,7 @@ EntropyPredictionResistanceA.14 = 2520f0af49912e6973e81e5d3ea1b140664209e1050784
+ EntropyPredictionResistanceB.14 = da19f29b28f43ff72e579a4a21d979dbf399f0123695227e
+ Output.14 = c79b9cb6955eaf7d0354ea81b1e54f3bb7855edea5040fa6ea2f18566210372f9f7b4d08208931c321ea09f44390dcb4939373e96fe3a417b2804b6af94aebc65fb31e7e9faa4113cb4bc1294fbfd19eb078eb300e599beb0a8afd05f10dcbbca84a27dc86a12a998a74d6f532f38e39
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65231,6 +65525,7 @@ AdditionalInputB.14 = 9b0214621496003a5e48ca25fb008bb7ac7cb9192ccabdd4
+ EntropyPredictionResistanceB.14 = 9764e49ef04c1c164bec335e2ecd98ff0f8b7959c4af9ef0
+ Output.14 = 8e4a6f42f812bcb71891f6abcb4c19f179f44d6d7ca0be8f84ea4de6227e31f60ba600c0dce0c0cdd6bba0deea6d860b3ee204be73421044cdeb59f3b42a5e4db94e2d06af91e1f2ccea73eeaea40262a5c74b7fe76979bf67510c86c4c5fc55569b6244fd15a49db2768c884102e106
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65326,6 +65621,7 @@ EntropyPredictionResistanceA.14 = 3e5b6735d467912273c38536f7a1be160b1edca1af6dc1
+ EntropyPredictionResistanceB.14 = 0dec0880ce8e6ef894b9396ef56fd678435ed5b6b39d4918
+ Output.14 = 5dbf5d3b2fe59054ab29bd747ac3dfc4026799f493b65a49a528bdd1dfe26ee50f7d8b4a69f96488095d09209f2657d98d2625adfb769188e5fcba1472d8364611e34dbce5160adb642bff5919b54e8ef3c6bf8de8fa0f651fed3878ecee371e312bf71688093a7a625239fb861cd8d8
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65451,6 +65747,7 @@ AdditionalInputB.14 = c7c8c48d9ab3014e6f94a3ce3e8df9768b3c60f478a5edbf
+ EntropyPredictionResistanceB.14 = 00b456fef04acd6dadb600fe9b2735a5d53dc58e9cd3f963
+ Output.14 = 6c1d21ef77388dae905c338b72894c8fa3a066d6255e7760eeb307d264948f979a343a25209a3a7d1b6944d013b05142c3fdc155d63ccdf626437298d0a9f0715d6dfd81acc7e45129b6a3b442e8c36527470466f74712b03d03ff1f4cadfa8e2c348639d82919cc9a3e288fc15751c9
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65531,6 +65828,7 @@ EntropyPredictionResistanceA.14 = f9902e3d878151db3849537f186a7b2fcbcd10576aab5e
+ EntropyPredictionResistanceB.14 = 9787f601b4a6244569468fe586a67e2e7733ec0f1e2405ed
+ Output.14 = 8338c7e93fc15595aa5828c90f064f37221439c1e6d9c51a0986fe9f3e9b719f0a05c9dda87f3f88543b2ec0005ec343b62a3929ef720fb269e8dd1cdec36a8a2b867876752b8aa23d6878d0e9f3a27b06a7782a58ce68fe80cbfe6b5795e7da0c34499dd153b202c5432e37e03638f8
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65641,6 +65939,7 @@ AdditionalInputB.14 = 69b3ec5d555f1c338f45a72c56ba8f714894c069e47d329e
+ EntropyPredictionResistanceB.14 = 9a0350c1885b5f69fdd13e8324b8730f27c92dd96c87916c
+ Output.14 = b4a922cfedb084156cc73d5bacf1a78090935fb1a5368e02d1bfcd22ff497defc9784e16b14e19777c50f0db895c3a61fde6f97988315e427b4323c9c0ddee5eefe49677b37bbea5a6c9d43cd7c3279c7502154e8b551538e10c8bdd0cf35ac9379931f0bd7acfa82291702648612815
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65736,6 +66035,7 @@ EntropyPredictionResistanceA.14 = 80b2cc6b2d460340d5915e109e434d05ab4861378d65ea
+ EntropyPredictionResistanceB.14 = 42a0f1f0e9a911d0e12948a235d1a125e9462d5bcb605b98
+ Output.14 = 38df6537e3bf2a8ce577da82336ccb234dcfa6fae8bec62c1ee38be0f9014f49695e4200389a55291a95b97ebd09ccb7c392320fda66797ab1979ed0ea56772456f36ee287bd683c190c438b1ee0c4c262ebc4b2e5d036b3f50f0630da695b271c3cf746162258a4920be29c25dcf201
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65861,6 +66161,7 @@ AdditionalInputB.14 = e201d55a78452ed3401d92c27247db4801b572b389b2fe61
+ EntropyPredictionResistanceB.14 = d50ec469c29891aff7289644413e0bae6954075854c1e475
+ Output.14 = 1bc3d11462d9e2ae029afa1b7db585d17c1de83fa1e7d7d9e9e7c015fd85a369edce029a3eb111dec4a2efda8e35bc5d412d31fe2d0d0a35f629609c2aaaaec7fba121a164f4ab20fd65b8bff2ca6f52f171ed2879f129b0bc2ba7dddb0c387a8748ddd2321681655cb2821523bb2510
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -65941,6 +66242,7 @@ EntropyPredictionResistanceA.14 = d6734f3b3b76bdd8715f1cbc24df30bc8062a0276d954d
+ EntropyPredictionResistanceB.14 = c6947a5c4932e357cd296aa8153614ceab7a6c479ba1cf30
+ Output.14 = 19f1b2ab68854e65d92318b4e09c74a379c76c096ee460355a977ca08788a8ac83bbe817a8ae4eaaa795a09a49f572fdb471d8f5d2de060016b1b0422905af24018457acc9ded76b66d204ed5d1bb66d77270bc23ae5528a6a05aadd3eb1a194bfd42c88273def6fc24ef677d326c586
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -66051,6 +66353,7 @@ AdditionalInputB.14 = add443f0f3064aa799c6fcbc729416a494ace56d2a29eebd
+ EntropyPredictionResistanceB.14 = 19b708e95dfcfe56f171ddcc411c63bc2e742cb45873a019
+ Output.14 = 29fcc98bb0b08c965dc5ec7de8dbf7a16d234eeaaa262f5ece8f2a1d843940bc663b4f892ca1481155573c4a6754f8b7b398fe12a81409ed7f6165bd16f2ac031d809e6535dcd3561586c038df4aa735c5efa36224b2235d05c12555151b1ddfc2121e806ddb484d19e9db631383e969
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -66146,6 +66449,7 @@ EntropyPredictionResistanceA.14 = d9b643ef8cb569c2eaeeacb3d8be9a0b2c93c60f8e1129
+ EntropyPredictionResistanceB.14 = 213994f4f3e9382b9b6c0247e74a930043a563d0dc67d05c
+ Output.14 = 991659b877318d688fb40a862e4a089f74e60948f853ccc57588ca14a51c8a8af65c7c1e0a5fa1393a2f96d23cf0e6f829141cdbc4229c5576b07a915a59bcae554cc50e6f38264757e29117273792cd9ec6e89a82713db07af8562c24aa80e64f2723e8885ddf3435d96581881ccf9c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -66271,6 +66575,7 @@ AdditionalInputB.14 = a00aa12c4a26030b79897e04d0171bbce1cd7257e0cce379
+ EntropyPredictionResistanceB.14 = aa9b3dba7376b0a21d34ee6ac8939a625dbfec172a108c4c
+ Output.14 = 54fb778fcfc5549e190271dc12389f42ea8128df55e6193e03073888b4be31e2d7a78845c47362c4e96b41fce503fb970f9176bdb9b5d664c386898a0e44ffe12f9480699b7d566d697a4f520268f62e460359a39d091f4c372ad33ef0eef58622f488c9348ab5fd693d4edece794b12
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -66351,6 +66656,7 @@ EntropyPredictionResistanceA.14 = bc9fa0d6596cd2b1e020a0f23fadcdbd5ed8730e9187c5
+ EntropyPredictionResistanceB.14 = 671405ac5614d316a8f289b50eeff5467be8960feccc46b7eda7d3038f09321a
+ Output.14 = c8784cdcf893010849f094a0de5d3325a69b425a8c7b788f96ed2d8209434f9731bec3c590e8982c22b46ab9f28d169933c1ca2c4e4b99a9bbbd74e2182097a7c0e29e84a63363eb3c0b7b9cd730cd0bde121006aa11542b968f4963e84830219c359771a3ab03298e5c0b8a207387668308e2158fd06add5309defc8cb2c0e8
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -66461,6 +66767,7 @@ AdditionalInputB.14 = 7a63a39a4db6161824113f32ca5c4588edaefccb08894b2ba52b6659e0
+ EntropyPredictionResistanceB.14 = c20c5ba1aea693d375097d19b3cfc2b06c9c876e980131387374899d4ab48385
+ Output.14 = 818ab1aeac3dd58e54ab686b04e3686a37a1202a19979a3620d1aea5e425472af381677a363ae190acfdbb0372c7ea2d5248cf27b18327e13b91507fc28b9d3e804ca0e618d867b3d892173a19c5918326e6fda277d5a3a34bba1425f4a6c9543f66dec79bc909b3d082c6067df73966d1b8f8a16d07005732e0cc00f9b212a8
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -66556,6 +66863,7 @@ EntropyPredictionResistanceA.14 = a21a3a1e4a6e4ff4c646ee1b19ae20f956cd174001cac1
+ EntropyPredictionResistanceB.14 = 5f673e1dba2a9c526ebf62d4383da60fd194bee81d405dd719f0cdfd0624a79d
+ Output.14 = 718c2bd08da84f897864d2c2a91cab5e6b66251ce71886969271b3b88885cce8f01e2e0bbddb0f5826c68445c8d56964c7f2b641b7f8498dbc293875a422b65bb7aec20b154064b336ebb06dc861fa7e69d683dba33d8a6f71c2b2c76e030db66fcacead182c0f316395c3dd4586a38d56157d8b4138f3039acfaa599df1a096
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -66681,6 +66989,7 @@ AdditionalInputB.14 = 4a5a23362f631c0b155fb802990f855d684a1d3f54073c7bef2515ee3c
+ EntropyPredictionResistanceB.14 = 73189d6afce0d5724c50cbe257a1494c7e78dd5b3d7509c5509d795d6abea851
+ Output.14 = 8c64782c4b34cb5e2ac304ad773adc7a76ff2fe1f43202b01e28aed52ff96b651765d642d5313146f322f3cb067cc274918babc2b35255f048ee74b4c87a4e1c465e3e1098b1053747343123ae5ecb652520d0fb20db17379388249a2d92cabcea7140162f2d9cc17daf718eaaeb8e8a69197689ab206f68fc468982c8f89e73
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -66761,6 +67070,7 @@ EntropyPredictionResistanceA.14 = e0975b46c5421742148647c5ea8ca534bf23b9cad38fdb
+ EntropyPredictionResistanceB.14 = 92632b542fbe20c00c8071037c15a2434cc23b3b6ba800dc9e419e105c1a4c4c
+ Output.14 = b457c370a8bd4451f4185f7c925b90365ecdf0cf1a4e809967ca9218fc7350447c32d25bb3ac36d8d0de69e2f8d6e7f0276cde6d9a615d5644654be11ccae2a556d331310494ecdb961468ed6283dfd9342be478f0e3d5bbcfcbfbfab86625a3fab5c43296bfe1fd9218ec5cac2da563adef29084fb7906a7284da44872a957a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -66871,6 +67181,7 @@ AdditionalInputB.14 = 0eb21b9dd429b7ccf6183587400ff57ccb84e13513a553c83bd18695eb
+ EntropyPredictionResistanceB.14 = e65beb2bb257e5b9770af1404e58743540ce7d6338089906464de3350c481f59
+ Output.14 = 30ad11bfc18d3fa9c7ca2adf01bca76f8f2513c2aab3e830b1ec8892cd6544ad9e25f2c8369a034a25962634fe86e833aa32baa24ea608c91818994601be78ab1fa772cd80b6eb3006c4c2d4b0b1268f7d8759b7e0193e15a69f7e13def2e4af35536d92c1b8dfe3b7ac72104543a8e99585bad53728899fc5cd4ffa509b4b79
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -66966,6 +67277,7 @@ EntropyPredictionResistanceA.14 = ca849cd2397ed598a1f4a5fe1ac34d9bd72ba79cf44b89
+ EntropyPredictionResistanceB.14 = bf75a707fe7d86993dfa00386ce07f94898f484a9f936d47e4923bd6bd8e2121
+ Output.14 = 63fd0934c1c510ed19955471552a645ebc7ffcb90ec904994fcbe89ad938ca0b6ac3c0bf958d453af8ef7b4cdfa1bf20a5e79a68d1801a91dbe63ca254d8088d7d508971d203fd9dd4fb4fdcd9e8f1f25e899912dee3f59ee1815efe0959c7e4ae06453ae9031a8cc94ae38d7d634fc46233ed8d11ea8e20e326841d3cb40680
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -67091,6 +67403,7 @@ AdditionalInputB.14 = ca63db9ef242fc5132d291600fbfe99b72649a2c51080bf46501286c27
+ EntropyPredictionResistanceB.14 = aa1d3e08e011aecbeb852bd054066d44b5f66a71682427d9a49deb6fd43ac6a3
+ Output.14 = c44e0709fe70b56c0d612f354f796e33f6008e8dd9346ce75894e3a09186fe54b4a7988060e48488a329387bf1bbde11de1525f14caa0af8d6e4d4b32b5dce06d71b368d5cf181535557accfbd9ae55d4b844479a8c959fd0ef0739f1fcccfa2d4e053194b90b8ab9fa4135db408018c3d4895c44cfefc05951d1cffb8da24e5
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -67171,6 +67484,7 @@ EntropyPredictionResistanceA.14 = 3b12c8af1e7f747f5307c4a0e7af0efa7a34039b4f2c5f
+ EntropyPredictionResistanceB.14 = 90e07e1b5ea4915b23d18d52dd1a5d79ed0feaaf4c3b9176ae92c85f28c5ef0a
+ Output.14 = 6c2ad7e3738c856374ab4b7a56ef4b3e1aea65f69fd6fffdc0fc06c585eeca2761fda70234b844b37ee8fdd43f8f58b5f73accc0943b8da2544f3a7ea7e7107786d9de4f457519fc80782d0ce64e5b33c82b6935f80d0e1e241ed1c119621d43ce1d18fc016b136ca1eb7907c6fdc14f77d807cd0ff1a1ffef73f6eab009b02c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -67281,6 +67595,7 @@ AdditionalInputB.14 = 5138951ad6b555496eb1005bc403f5937dae4e05f1254d7ae2406a3f81
+ EntropyPredictionResistanceB.14 = 9eaeba16579b23aa55adb7f2b33430e5f9006c6247944b16cca7f36ce6eb0cb2
+ Output.14 = 60cb8d3a0d921d6895033f75330a82de2121abcc7f0ca1391687a510ee79c7e99154483f20ceee8cd85c6be7dabf93ca5c535b42980dbca8b308375f44ea3c1682d0edb7391e468898eca762b39b2ca5beeba498881e116e45429b49ae3936e1d11baace14b11c64aaa17f4c830ed62df0d66ccf0093c73f705e32067904ce8a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -67376,6 +67691,7 @@ EntropyPredictionResistanceA.14 = 5dd6463be2b566208350dd70f0d7132cf2249ff1069c97
+ EntropyPredictionResistanceB.14 = b59a5c1e855d888a76aef8a2bdc0e6701eb7cf7d6d0da08c9e9764ac31311d3b
+ Output.14 = 69fd03a37b267d6f2a9f338ba844a69f700089f3348c7dce12497ed6637e294b9b958ab36f85d986b1f311400d2e58bf5251cfda4c6e173e0a0eb0c25b529057e458951e8a9ca233f578ede226fcbc16fc95b9421f4db1b939e77110d1e7ba0d486aad8d62f0e417ef3a5f39145d05423113d8901493b866c3dff2a213ab8dff
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -67501,6 +67817,7 @@ AdditionalInputB.14 = cba2a6a01cc09238e9a8e9fe56663a8eb4ebc186f4927042f7f19bc8e8
+ EntropyPredictionResistanceB.14 = 4c691865c160d187f5c3654e3fa2eca8e818b2f6ead070dc69b2585d5d4589cf
+ Output.14 = 004e5ce98e6f7a64a98ae577c3c702b8aa489148edb61e57cbb980c2383723918bc380e07944049631a8f88044a7954570086cb972c6653ebfa49a5c174f8fbb788005aeb7bbfba2039eb495cad2c23836f94bb6029f3ae3dc2dd8525aef77614d3bf5ad62c48ac56c1cf1155653243d4d10da4c4ad9e8fde33802d46026212a
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -67581,6 +67898,7 @@ EntropyPredictionResistanceA.14 = e67d0f28c142a83bab1572b0b44c83f0fd9ff3ccc2efbf
+ EntropyPredictionResistanceB.14 = 5b7ae1170e439d0f9b8d5279fb29da66fe280483e0dbfb6e289d63b80c0e9662
+ Output.14 = 4168445948f0108eee7c346820bde513375c403736ac22b6b51a0237ce84c9f6ec3f85be5e5af9f1a23123692794704825c4e1935ccf790413725fc44ff64c457a58a700265c04dfd9674ecf952af9105b0b62e9f2867aa15cc18077063f1be603a4fdb0060a272aae224bacd1f45d172c8fe03ae1b4dc4616bb47be9ca6fb3c
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -67691,6 +68009,7 @@ AdditionalInputB.14 = e5cbbe21f36bdb46d389a479bc23ed7162ccc9fd07e3c15b2af38da548
+ EntropyPredictionResistanceB.14 = 524506ce82bc8e9813b12258b87eef1021c3df39de0b377529c3614a88a5ef9b
+ Output.14 = 942432679f040520258501966ea68fb5044cb44c4d02b0eee3041d3e43e3c283e76d4bab79305d16888b42581ee087dde5e2b0e2c3bfc7d1122c2fc450729343a45331df3cbf7b9a4253a5f8550d37672a73a75b3cc8abd68f98803643b6eb69ec95cf55c2cfa037b69523afdd045c740708f1f7403621c8074d497e0efe689e
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -67786,6 +68105,7 @@ EntropyPredictionResistanceA.14 = 711415888490d7ff523e9883f6bf0226dc6d446901fb41
+ EntropyPredictionResistanceB.14 = e15d421f53c1c843c847b2abace780caad977a337d81469d973ddae6aecdd1a2
+ Output.14 = 79071920bd431dc5156b6f03932ae2aa4dfa06a61994bd07ed65cea1ec8c08416c7ee5c045f0fc63b4ca237e85d29d8987b65f3e9ad22a984aad16676a9a0b50af959f19b57863c43fd316516cc7d8516bd4705193be20d3ffa42f843905ad64a5288c875f55a8996ecb239700136b6a57a43f2c6dcb11af5e8fba3597fd8870
+ 
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -69553,6 +69873,7 @@ AdditionalInputB.14 = a0ee5a3a9a8c5eccb62b9e7ed45d04d8
+ EntropyPredictionResistanceB.14 = c588bc21bfe29ac749639bcce28f17fb
+ Output.14 = b519ee28f38bcc0305ac49eeaaf9f27eb6af797ac95e13431d1f5611e89930bb2c362a9abbf4fb8d89605e5db756fadaea2f36e953751006361b94f89c893e2505b77e41ba27eb9d56d9124111e7c12d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -69633,6 +69954,7 @@ EntropyPredictionResistanceA.14 = cdc10e50c630ccb235579a72b6eb4502fe146aabdab62a
+ EntropyPredictionResistanceB.14 = 5c820ea46bb9091054d75a892a83c3850da0a31c15e0d021
+ Output.14 = e32c0798b2040620fbc5d2a44ec7fa8038444c1910fd4a24312c8c8eadb57a78606449cf05ac51a3bc4d58ce78742c1be3a0fab6e3f5ebc92b82b5d5d64ce29e8c2787ace0f4e718a7f6cb669a0a43ba1aee0d9aef55cb7c6f5dff57c8acfe883ffd8a496d44afe06803e4c9ff62df04
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -69743,6 +70065,7 @@ AdditionalInputB.14 = 4505c0664e59bb4388020470838bb098c4ae1338c268adf2
+ EntropyPredictionResistanceB.14 = fc4ef2906cf36c6c8897b802200a83e60d16f7fb064abd2a
+ Output.14 = 4f9c3c60ee32042735cc539b9a23d04c2bc6bcd68db04a58240305f165bccebbb98e0f4796b283a0d78bdaccfcc8daf19f21a72945be07996bbb0b606643c7753f76ee6371292d3e681468b714e16bc32db14ad6d777677137ebd3731186ea72b840b8c4ae79ecb2c61352ea056d2d6a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -69838,6 +70161,7 @@ EntropyPredictionResistanceA.14 = 90e391a33dc21281372589e2a667cdbbe4267710d5244f
+ EntropyPredictionResistanceB.14 = 42c959b7272b39e5cdf67701d47665b61782541e94aa224f
+ Output.14 = 4402afee12048c1c6a44624d2df026798930ec732884899ffd20d17f1c8d7c221cf5edac8679a21ee11b177ecfd61927d4ccbb175ee6b49cc6f371450904c2666aaf2e6cb36cd55cae3af772beb80955cf67b4e8be1fce11250a39693ecb7f8ac05aa23b949ac74bc9a67060cd60cc77
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -69963,6 +70287,7 @@ AdditionalInputB.14 = 764705681b7781573af811fa7751dbc27d667af7a1e59dce
+ EntropyPredictionResistanceB.14 = 76a59ae38c88631a066fa85d24dfc9b2547caae598cd0fa7
+ Output.14 = ba4a0583d8d6c5b4216a0875cfad594485858dc7f9ef265d4ed0c0f0fbfcaaf5ae318df2d7fc530301813d9f49826030625f7ea02d0630b3573c486b1fa0ef4269cbfb6fb86675c11fb7c0570cf7ff4fc7affdb00625ac453c23c229a4ea5f540c66f031ab3462f7d12659eec990501f
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70043,6 +70368,7 @@ EntropyPredictionResistanceA.14 = 85ef26b185a0aa99aa8761981cf02a634b62f47baccf27
+ EntropyPredictionResistanceB.14 = 2e9d56a2fb6ca0bef9a286d23e7d38457790f97f2b7ea5fc
+ Output.14 = 5c7bb6bedc97cd38837beb0d963d76a953d4c53827e24ffeb278acce8350c43fa6e289672fe6452b769b921937ea8059cac8326332966d3490f57b8fa89aa86deeb3edcdc108d1899eaaa2d568d78e26b8ed674282ce16a0cc03f3c3b1da6d5c73afe8f392b32151e938d99c94bf8152
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70153,6 +70479,7 @@ AdditionalInputB.14 = a05a3af78f164652504f38cbb262a93f5fbe72c55e28aa55
+ EntropyPredictionResistanceB.14 = 0dedd1d3b74beb9c3ed9a6af24ba4a8fab11aed95d829a11
+ Output.14 = 4e6dc09aabcb0fdfded4f1d6ac2339add1b5d7528c3676203b09341a1cf70f0e838301f7a78dfe6960daa674517162f4819a37027845c260186325846604db350969ca2abbabf713159669260b80de6e42bc33a64c796280402da8b3c3bf6e8255a11b82b046f1b3800cad132c2c0cc6
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70248,6 +70575,7 @@ EntropyPredictionResistanceA.14 = e5f524fde813bd2478fee8dbbb6284f3863b43a8cdb2f8
+ EntropyPredictionResistanceB.14 = 178f885705e506129a137c64daab8870149344d82990e454
+ Output.14 = cc687b9fc638af68d71c2e12ff8727f2cb2eef42a888216af09167ee23f5b432ba896ccd508afae8670dac9fae348eff0f8db63c3fe86f6a1e2d97f9b11813a56ddc1d5c99cdf79afb5d281fd1682dfada3c608ac1cd8ed28e70e21d3ecf7c13c410e8e657d7d0714aabef78795e46d1
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70373,6 +70701,7 @@ AdditionalInputB.14 = 29729358e5e488ac8924536a8806d242952da8ade0d4e4ab
+ EntropyPredictionResistanceB.14 = 0a0148aa002eb800291d3bb5fedcc8a6b80897ce459710f5
+ Output.14 = c97f446cd3d9c96f63782925178e879b3fdf0d46a2e67d2489a39c55ded3330d70a7be34128f3e8ea442989ba7ad90ccf7f66bfe1f7c1b17585cfb5786d764a44e39bc021e06a193254ec26b7b93e33fb883408756e651176a098a4b75b3ca48ffc4b66f0f5519592d529500dfb30287
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70453,6 +70782,7 @@ EntropyPredictionResistanceA.14 = 3ef188e76f0d26d790b51c9eea46b0a9d15fd631f044dc
+ EntropyPredictionResistanceB.14 = b2d0c40fc7c3e6fa3fa030d54f4548cc664ad604eb9ebf7a
+ Output.14 = 966790327a7fd7dad98fbfc5c86d8d678d28dccab766dbe0a10bf917b59e85cfafc1a948b0abcd89fe6cbd30352e8c672a849b2b6b598b495719303d17b22f879361078e1dfc13052879e7fb8613a0d5fe764377e98e8c4d41faf8aac94ebd299caea002a93f5e56b6a78e6869190c33
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70563,6 +70893,7 @@ AdditionalInputB.14 = b4c6dec979f2875bd6ab575c884b9c82a7f87b0e8536fc63
+ EntropyPredictionResistanceB.14 = 812de24e2801b83b5938cf87ccd697d29e1e47dbb773e8ae
+ Output.14 = 42e656b2bd89c6b87eeeb4cbc88da7b7ea63f2d0e34ccfda69f1306982727b65248742030974bc2013af0fc0e04792ac57a6b33f7a0e1c106b4877abcc43649ea67c7706c2c6a32341ab03f35ef5429b634c546ad46e9f4ed65835246047ec510de96d544dcf5cfd5cf38b1191844699
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70658,6 +70989,7 @@ EntropyPredictionResistanceA.14 = f3519a57f18c23306e613cd6701a63b476750bc86a2c3e
+ EntropyPredictionResistanceB.14 = 970a0425e52d2ec2cfdaf196d46e132483021785e3be083d
+ Output.14 = 92e7614f08b0bd0356849559567fcc18f467f7ef0d31801c9d38d48adfb1a49d464abca4764e5a9da227d20dea34e9d05535de6daba95db7ae42ad94155f795c06ba3241e897ffdcdb1c0cb1ed2767bc8b1259359e70739b52f87c947fc0ed293990fc1a9d452c18afaf5586a7a4e828
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70783,6 +71115,7 @@ AdditionalInputB.14 = f7bd5c7a7e998407efc71f4bc2a6c811edf1687b019ceb9e
+ EntropyPredictionResistanceB.14 = 84f15292035fcbd61337c733fed157b3e7db3097c2a3bd9c
+ Output.14 = d59bde2388f07c18be829b8fd08376a93af24145700238175859ee3f89a7dba009c628d749c9ad72abfa3609dd0a5d38ef1abf261225b988db1d3d3183b5c5ffcc19303f4eea88df2df4b65df1ad28796e9ef1340731ad6c3bef33043c90880e3ed5b8b336d5d125b89df17028983f4d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70863,6 +71196,7 @@ EntropyPredictionResistanceA.14 = d16361e926630ea7eab852d3fbaacd4ed8bcd4437311da
+ EntropyPredictionResistanceB.14 = 15d2ef5b010ae9f49d738919580a99985fa6e749f4f25e4b
+ Output.14 = a34007c66a63071fd9b88fcac4e0438961458595c5fa9d39453af1a8260a5810461f55cc8bc9135b24713c82d9a8f7caa720ece42a7a94ba9142c7f25120f2cb57265a83e2a40129357234dff36f320935a2e88559a334e33044d6e6694a9485ffc243fde57a28958975d40342d17c0e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -70973,6 +71307,7 @@ AdditionalInputB.14 = 6a59ff9e4710c11794930434f5084196353fb44fd07b2e25
+ EntropyPredictionResistanceB.14 = 7b9f7f89a03e06aaf45b165d68c6275db97352d04c8fc977
+ Output.14 = 7f72c56664a786385db6206c39a8fcc6d2ad278abb7270961c79f17f3123b62ac1118a814fc8d22d2f2c0219cf12879bc688056f39d79849c6eb4f3bf2d48939372313d46c6f816205e71a162c8ac3373f39905c19b1003183a14f1a993851a2f9a961bcf3fdeb656d7190c7ed5348ba
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -71068,6 +71403,7 @@ EntropyPredictionResistanceA.14 = 40da9bf2a3adce3bed58d5ca64411ace999f0dd1be0849
+ EntropyPredictionResistanceB.14 = caa117803af0fe7ded86e010dd37e4945fb8b32256663cfa
+ Output.14 = e1468e54df5d693ae5094982e155a74033e4079dd1086d45a91ee213b3ab4486640dac0342e6aa82f76569ae9d395f5161d82d27a7c6a8573e3f42e7c57ae6bed8a45a177dd35a999e322a3538a9b8cec51df28eac49ca8a7022200963aa0d4d66868c1cb8dd90a1564cbbf8bf26778f
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-224
+ PredictionResistance = 1
+@@ -72833,6 +73169,7 @@ AdditionalInputB.14 = 666ab44b022bd295bb6b516390e14c1a7e746acb6437e33b203779116f
+ EntropyPredictionResistanceB.14 = fb25b91fb031adb53b1d175a68a9202abdd6b3da5d658b7d3d5e815e62d440a5
+ Output.14 = b02cd3e20a39877aa2b5288236990b77e0e9e21987583fbabd6ddd9ae2c5316fa51602d06ae57a55a784dcb163504014a21a1ac2290b6232e8e97d186e6f6a8508f7eb6958a0ffff454f91e1c0b2831a594d31445918c92268b380c017f9911e81c82ae23449976252add67ea901463848696eb31453189fa88d2c999b6d9d81
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -72913,6 +73250,7 @@ EntropyPredictionResistanceA.14 = c5650c33f68b5d33502b1f55e06fe2c1169fb34688a092
+ EntropyPredictionResistanceB.14 = 25be4cf15692e3e6ad0ab6ffb22cf3f77b00333517ecb2239c9b81e59a72d087
+ Output.14 = 41f335cf727ffec9ebfe7cb348d11cdb4e5e49a9a047d8342a6656e5d235219a5d80715166698cc1f16e34f743811b820e6ea55c2bdd0db1b97ea2269fbf60c739feed818282f447bfe2bd0b9a7c479144f0016703aff450abbd87a50e5e5af0d2d9469175542737bd116de2a73acbb74d9f0077a227704f271fe0696f071914dcb9c0f0191fee35eb66248eb17991b538649457d5d5f9d4bb9cd81c33a14d2becce003c143c9cfe39ccac51048ef169f6a22143eca721d04f6e147749a44a75
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73023,6 +73361,7 @@ AdditionalInputB.14 = 301f91c659f73b618cb46a4343772f1eee9fb4949ec6328109823749bd
+ EntropyPredictionResistanceB.14 = 24a71d39e627d5efaa1e8f3e5f70114bb03b71ce54e4f8d34e838106b2467cca
+ Output.14 = 34c532082926e6d530b3a58282eb4666ac7374e8befaa4999dfc9f409e40ff966652295d2940db97061800583bc7d47b053553ad29c89ee61803c1089d30592270d2927031353592d4aa71f59a4bf3f2147cb406322367544c38fa5a3c8ccb534bd884355b06145db62161260162091c795874a2e99e01292a2e39e107738818a211750f858edbe0c2ea4734ad14f1c45bcc9f733f027616926558587f7332be55044dfd6fcdb628ff7d7d581820a217bc64aa092e450722686e0cb291eca45b
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73118,6 +73457,7 @@ EntropyPredictionResistanceA.14 = fd947b0a21e580e6c2dbfbd44d01f5fb4a51dcd2199df9
+ EntropyPredictionResistanceB.14 = 815302e016aad33254d308c5457f368965c15b6204e191c2a252e4fe88dfb978
+ Output.14 = 34f550231d31c1b3a3db331d341ada3b987120d94e431831eea67e8d208f9cf1800549d445fc7befbdcc2488cc7f4340560d574fcd2396e9ecc9a232f1015cfb26db451623fe47ec8bacee1756573e74e519adc62b23ce86fc191ea5e13da9c7a14496426c6c53dfa7c7ccdb67d6164dbe88cbbe7f48d4971993003ab24f3eff18bd52c2661992e8f8da93bfdd28f01fc32edb439ad130352463084041e9871c431ba26c676ecd7812991833113cbbe687651e93aeb22a6a44cffc7a3fb214b2
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73243,6 +73583,7 @@ AdditionalInputB.14 = 5a7434648de82a3552e12aff800093776ca3e86565b29c0b3ad6c0bc31
+ EntropyPredictionResistanceB.14 = 2d6b77ff7e612c7c40cd5231eece4018c5b3c0d8181ab44703f7a04c0a1c7c5e
+ Output.14 = cfc79a89a0a55dc9c6c6eccdfab5a9935335e806b73bab7f5eff5f9fea6aa3f47bf31f06d987a94e2bc2a4a6144ebe94d6f5aa8fcaabbf86a37c8d412207864322d3057b89fef358740c5962cf9e7c37072847fcaa6db693a5238ef270e8414e2b29448bbcc37dceaa75479c2ac5fee2d6fe9ed68516f6dbd90135ddcae8a12d1c1595e0edc34ea2bf00bee7ae773c240c2bc1ed828b7ff91a676891173eec1dabeecb2184df9186c3bd833e349351481655bda91bc0f4e419fb78e426de6b39
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73323,6 +73664,7 @@ EntropyPredictionResistanceA.14 = 6cc5f9e579d80eb1e93876513892307c462383f1b5e591
+ EntropyPredictionResistanceB.14 = 2672d3be2c1b741a8a60662e24e2bd6a674def98b16994189c08d7972d275f6b
+ Output.14 = e7f7f113778234b68dbef00b74b656a52eed3cf3aadab8e5d96d1daa5c253f5ffdcbddbc8dac0acf43a7e2a18303a6ca389db0bd0c5118a869e7e06115df5315ab9962a782281c5c46823d1067a8a5cef28c7ab7aaa70c069841875f02f294e557158da3adfc6c11407d5dc3c783332b4d3e25001b5b1e48dbb45a5ec0c8fbc0343f8d73963b7928e501f5dae8716746a835e121ac748243c90d3d3ba22e11cffd76f53a6e372546e0fd333e46df1056197e5a44a8b69e5b923637212635e6d4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73433,6 +73775,7 @@ AdditionalInputB.14 = c81910a207597a0657cb06cb89897f9ca67aaa5e3289159fab1f36cb2f
+ EntropyPredictionResistanceB.14 = 0fe27d8d5ab415f1332cf42f7a6eb23033a9c5eed085b3646ac3fd288de95b63
+ Output.14 = 080c95ae4f89185591db9f06e68ec25774ebb1fe9e5cf9acb4a6190341d40c78c1b92dfcfc142bd8719da2d09d879875e5eae3a0f7e4030a61904e45dc5f059e550e85f4f2e081f2b7ff22c47eff29944d5f17396cd1712070a2e1c565253a032e15432489c093561ff61b2729ad785e7d3da276a860d40ffec5f766997260ca2f0bfac1a3d20da5602357d9b8c92c97f8830fc1c93ecc68ad2edf2a559a7f52325ee7c7f9c85205016af24e0833fbd54bac2f6bf42266d3b90c0431783b8a75
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73528,6 +73871,7 @@ EntropyPredictionResistanceA.14 = 0877707fdad56cc9c9de7e9fdb0c0314316ebd529920e9
+ EntropyPredictionResistanceB.14 = 208e73cb7f1d5cedab1c8b3b53e0e8677e3ef4664cab9a305fec6dc0246256bd
+ Output.14 = 97d899881e4f6bd01a6030d211643b3c4d27dd7df30956495497b8748998c7bfd74373293f1c992ca303f0d59e46ca98f97acb101113bf97682ff75de95fcbd9c511f798ff76d7a17ded50948aa2ffa15013e1d486de1368c5ff009a2c0ad062fb9045f89d8867aaf8799089bc9b7eebd5a9069690076538a589483c7af29c48b6726982ccecce027b87b1ded6875015195c60604d2e564ee3014d9114f5a2d900829d449a69ae4dc23e5df063c103260163509bfc38690f8d274c620b53feba
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73653,6 +73997,7 @@ AdditionalInputB.14 = 30dd5a23a1cc9acb87060b151274df28882f3d442d1b9ee6ca58dc118f
+ EntropyPredictionResistanceB.14 = d980c14049c6d9e9bfa9340c92ba188091416e7eab2849f347f72840d79f9f59
+ Output.14 = 97db825c1019bdd33f0f67b32adb6490a8f38e96fa34658f93edaf6d000ca806bbf7fe6af0b5b17c9e850a6dc41f8899355849f04e58ba0f75872021cfa7cc4410160324312fe8a7b6e9d8f42778a1b8496d9f0bb40eb336039ea3f762147fdef0d53603591b0fdb9f4d0b345c8f1cdbaecca96e5411a960933f52ba9b3457a0058ac464cb30118ce65f027e8a7584cf9eba11754ad3d26d3600a3af3bbaa9caff6ad4a28a8a76abff9c5d710530270cbd9972b90bc767ad7e76eca03dd13549
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73733,6 +74078,7 @@ EntropyPredictionResistanceA.14 = bd108a354d8b8448d8add8059b0c40ce026bbd85209c87
+ EntropyPredictionResistanceB.14 = baddefae7c08ddd069296022aaedf0eb70e44df7a1aa04a030bca6cf9ad89211
+ Output.14 = 8360787a7febcd2965a605f03a76a46bc3b842097936c0df13fb778feeeb3f7c12af610fc1d845ef71d5b4b834f1659004834c107e084de52e2303fd81930eec8aea7fa86893e58ae764f1894965b04bd8bb65a308e4f38d390ab11d93dc77c69e86650bdc20e7a3fc616a996f4a4bd5668d31c6155644867ad93e31f8d78f512a99b6b368350c53adc5de36fc13052e600dffeeaefd06b2a4b969782c046087ac07a4e02aa5302e499ac11e26116186f32d4169454eec4eb29f2e75e544a0e9
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73843,6 +74189,7 @@ AdditionalInputB.14 = 8316fb114ead33f4d6cf236cc711432f42a699c1c8207865428de36375
+ EntropyPredictionResistanceB.14 = e4e9129ee1cc84738d8eb8db7404da8c0f9f16a5dfe1b2cd99ed2b08bfe635ad
+ Output.14 = 18daf46771e8acd38c2cb82aa837a239a145c48c303dc26feef47d5cd74b01cd53546fe54e300bd3212e1c13c1bf3a9d17165c89399539c07e30816ab1c7bd1b598e1b07cfd4ad0785cf6f6a5b835d8f212c825a4ed2d7821bb29255428c468c84ec2e609cfe23f79468f60b236ed228b5252a95bd4c0bfef62f2b640c7823e32d72e5f1bddd56835e0b8428ceafada24efe0de582678545de63cbdeee77d6b3929d83d9b5db2134349444926c6fdf2422c786a67e017a8f98659b9c80ce95ef
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -73938,6 +74285,7 @@ EntropyPredictionResistanceA.14 = 7a7721ea04f0e15f08ac5bc6f52ba3cc2c9f62f0bd8adb
+ EntropyPredictionResistanceB.14 = b38c8a67366b0aa435d71cb0050039a98447b1a40a0eeec63b33eb6b37e2edda
+ Output.14 = f5fd860edbe302d1448ff77d56b368c4eb156490aaf07a640a87a7036201fb816bf24066b7caa9cdd709da7234882939e717298193f9dcd634c8975dd95ab56c38e8407db56dd8713b0c85842f85516640d3faa7b5e12a390ddf0d4d80c96a407b9a2a4767fdcf9c37d504134dfe0a90c8b10ec9bbcdbc56e54180022461c69379c7aed3f5732e1e56d03d078bd8b6e7c621f518a631f0eb493d5b747877a9cfcd06e61674a2f5295a91830b5dae43e30c1e72fc8c91528acd13566b723acd6d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -74063,6 +74411,7 @@ AdditionalInputB.14 = 9fd99df9cba9f0cd2445ad2d4b2c6d34c112d882b7c364b1d52f47d880
+ EntropyPredictionResistanceB.14 = 3c2b67fcb3929cbfe60ea272a0295c1a59c631ba2f9619c0c93337646731a8df
+ Output.14 = cb3c238037a3165f17d416dc04fa07a41eeb7041afb26f5d02de1ae45a9ddf37eef688c9c29ac05fa9dfc35947123cb3db0125f5bd5453f4e48a3b2cb027465ca74f9952456d3bb0efdbc047f96a201e78d813ee37e213240eac293479444723d63148333d93dd7cf81b2e19a7c6feb217c32b25a4cd184a8bf7c2aaac149744cc53134d38eb4a2bcdec0d69950171847fa97d0766a19c3f96e9076520d25b1741a9c4fa31bcfd6b3ad8e4aad6f0c33751d128b9bdf4975e0819985c3b00dcb0
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -74143,6 +74492,7 @@ EntropyPredictionResistanceA.14 = d5029f8d6b538542043669856f1f443d1b0cba26f5a075
+ EntropyPredictionResistanceB.14 = e184b0afcf6bc3bf9c121b0df5aeb8f8fb94eeab939de04b5deea470ab94de15
+ Output.14 = 86c8cd6a92b103b0d88e54be7d4c1a9f8e2ebfebeb66cd812298fcfef3a7eb84dd84d0683a12497716c4325e8105b39c9841dca2d60da1dc875b904839b18d1681805d058faa0ae897bdcea8528b8e99bc6899f96ce635f3176a645224d668afedaef3d65336b91c78cbb7f0a5090e95938e15f0e43d827bc22a4cc714aac95d69b90553b06a9f3a76cdc0e04d0f6e24a91ef5468bee2f77b631d5a5bd95d74eb91be516027c86a17240611746aa99c6c84003aad7b809c0ae72f221c564c8ca
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -74253,6 +74603,7 @@ AdditionalInputB.14 = 1161d440c1db4c8bbef4967dbb70d8054c1713dac5c1bf62866e1f0327
+ EntropyPredictionResistanceB.14 = 5cf03ac2109ac324991b13b84b25d44bf6edd86f634a2358c3eccc9e3f477ee9
+ Output.14 = e0793def2fb3674f7401517bc0645973b7f97091c3b96b3bdcebd96b882ed393ed38f7b7f5a6e381dad287f642c99e9cc6b6eb090092e468c96d743b20c7c71371a1c64637256d041211300213a9aa330c05e80db3456de1d55e6d7e3aa3d7a501450ec24c74da213b7184f4ee481c416f6b7e0877d947393921b72a6636d642c8d33b9e57a35efa2490d37f8fe584644e0c19a54941248fbbd2fa31310a4592926db7092f5e8b3ad1111454e04705f79e46f4f6e4d109f4c0fc67a253550bb4
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -74348,6 +74699,7 @@ EntropyPredictionResistanceA.14 = b35a6d3ba1b4b3d62389ff2dfe1a8a9ff527d4fd3b2cba
+ EntropyPredictionResistanceB.14 = 325043f919f312cac2102d97cdc26a58637120c01c09448be861dd97751e8672
+ Output.14 = 32ccfedd45cd80172e146ce0982f6046a96735237e6df0033eb5d61d134383efe454da37a8ff31689613a808ef649f5eada3214ea50ff21b673bd407662006c157f98a36418bfe72493134f6d8e2b5276610d6626977cb725d43a526ab523ddb97ce76e6802c60da568402ed854bb9e1af9cc74f123493b19b765aed7dca28bfed8bfaa58601c1f2d1e1b782b83337cd42c0c304e7415da0ddffc9078d42fe6b59e5454dfcd71d59cdd453303018c28015d88c914b62d8c3fcb94eaf5654b02d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-384
+ PredictionResistance = 1
+@@ -76113,6 +76465,7 @@ AdditionalInputB.14 = b969d2503e5dea21ce90fe8ce89cf9e6e9165313fbf44286ca91a689b4
+ EntropyPredictionResistanceB.14 = 0735d5d8322df6f7568e2bb29a8d63461d8b28ed9af5f7323ab96292c31cb59f
+ Output.14 = 7ecd4eef593d3c8c2ad90851d17501e666cf22ade15471b3739882cfbf0b03acdb6b83288f22f4a6246fccb608c98cb906a5e9a42fdfbefa52e968e903d175b90f51369d21bd8f408a723768d6de02606a15f37e9a16469146de7340d8c6e58d293a2fce0de7217f7a16e9bb7000f54f35b5b58ab24c0dea43508f52a718eeb46be9618461afcbfc2ea4ad3a38ccb180db88a0fcdfb2d883f82e27fc119a249e668ced1e33dd66ba23ddd0ecef668e91d17654ba13dccb5f8b858f44171f4629ad4a91459b6c257eb20cfeb814e289518947d94f9827514aaad7036bc19cb0b73857b1d9ca3ef069d2d20eb5ada8505fcf404052d9889138cf51e137e70468f1
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -76193,6 +76546,7 @@ EntropyPredictionResistanceA.14 = f80eee174bd5b1b8abdcbec30c62b3aa85ade4d9a43e2a
+ EntropyPredictionResistanceB.14 = a150d5528a5f79914074a783738af08eae5c95b49f407929
+ Output.14 = 88ff82264427067d717027de8edc886c01c782379ccb937cd6434703d4f0ab13acb4142149372fffc793813733ebdc9058c85d900f4e442a2369c16057e4dec1a75f5c5858d2fd1d69a48227b293a953b24fe38adda48f080a9cc5666e299ce301d2f230ad5581fb05aa78a00dd35a9d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -76303,6 +76657,7 @@ AdditionalInputB.14 = ee19a759562c231ecfc777c588087e790d5e170956b11c08
+ EntropyPredictionResistanceB.14 = 4a004a5c4a0ec328a0ff26ac0aca82ce35ee9064add86094
+ Output.14 = ae21ee878e4664c73f22e88ec4a646c0192b5c52a7bebb7b17a94a7c4630568b81da000983bf0d1a96e96432175a214ce7bc9332bb7e99f2a81e588ee4c1120c1eb22cc6b24a386ac5a11c4d63de4f20bfc8d9e4094613730f900ad7b54498954040a1fe7b53cd2a0989b3bf8946aa1e
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -76398,6 +76753,7 @@ EntropyPredictionResistanceA.14 = 4f0d9e7c269ab360dbdf47e9ea7d655c204dce80082451
+ EntropyPredictionResistanceB.14 = 8290ade448d2d83445b96ac682366659b228f952faa1f9a3
+ Output.14 = 0d6bd0196ae2b3af4a750e4ea529b353979b30ab1bd05e96bf3c6f0c40b527ad07d90db5a1f392fef1d33bac5cc2a47cf4d9f20b8388a922d869f073e65ce6340cf30d45645a03a951dadbe81cffdcd145a32519658d0efe9f28175871b45cd6ca16e4efbd37802a1b88682819e5800a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -76523,6 +76879,7 @@ AdditionalInputB.14 = 4e29e32346671af3b726d7030ccf470f72ca369687b489dc
+ EntropyPredictionResistanceB.14 = 21d5eebf3f54780f046fe2cffb2cc9b52eed850d1b44d675
+ Output.14 = abc8ffaebfda52cf3a9bc037b965f9e97ba7aafbe1575efe8fa7182229d58a2d1282776225af0ea87dd79de7b210f654388c718f8dfe22aedbb4cfe92a964664904b960f2577f43f6c48783a8423788de7aa693ed859c8269e3c8b8b59eca1659c0473aae8b0a444d4aaff23991709cb
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -76603,6 +76960,7 @@ EntropyPredictionResistanceA.14 = 02496883d50bc28e037a370890edab9be1a69e003e70a7
+ EntropyPredictionResistanceB.14 = db072d2518f7b6b73292f7e167bec9cf5fcbeb265c316ae5
+ Output.14 = cc01e951f15bdcfe94288a0de84ce187bad281683773f1b8341efecba656d62528ba91ca864c440b085be142dc565c1b7a326dfc9ac47a84623c2cff20b6c047d2f39e3db0b02fab4c1ac82e63bcc06b032c16f6e9ddd8c60f03f5b55cc40acb3b5e2de6ae3938f0e2fe21d72134346d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -76713,6 +77071,7 @@ AdditionalInputB.14 = cad366cc562a45f74fda0bf6fd3eafc0f3dd59c666b33881
+ EntropyPredictionResistanceB.14 = acbf8dcb97c61718c9cc8adeca8873e31b794086d7b84cc3
+ Output.14 = a6ddaf00876c5bf50d7a2f5b986a770685f64ef54e2273c51ec1e594378fcd08f16316d1589f1c5948f524b3fd57d40b4ad732ae06f3bfb5359e6282105bc70fdddc9d1920c5092cabcf0c8ec14642d50be19de439ffafdedf3ec9e0672eb7754814eeea09430d65ba181525c616c31d
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -76808,6 +77167,7 @@ EntropyPredictionResistanceA.14 = d1c3175c4853102ed4b306eea013cc448d325938c52940
+ EntropyPredictionResistanceB.14 = c0139e13d5d7c5bbf9c2394973d00487d49d4241ae7e90cc
+ Output.14 = df70ba5809a640b8fa1ab712d6ea7048f8609944d63bf4fa958556ae020d95a9011ddf0041a75b708a372a486e9ca8e0d2c361e4f75171710ab42d49ba3c0b6dfc4b3614b3577ddca5adbfb2d096acc4a72bdf1c6113cf6f0bfb5e8f1d69ef0a4a4edae75ccafd614ae1e718f60e3196
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -76933,6 +77293,7 @@ AdditionalInputB.14 = a3c2f11654592e478c8ac1a1fce2224627ca37bd0efb44ab
+ EntropyPredictionResistanceB.14 = f986d7f33aad227e98d9087fe30c34f1c18b42f85d56b72c
+ Output.14 = b1fad8f7950787c949b41dbc5581069f0920058614c3ea7bf1edf3812027a4c989d8b029e08c4ee77c76c4457aaa3d89dc775c6c60bb125dfb969729fe669152a173256b4d2181e84bbc63bcad8ae645f4371682a39ae65d00f004e344ddff5374b257d8881f63d4ab960017258815c1
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -77013,6 +77374,7 @@ EntropyPredictionResistanceA.14 = 42d19ff5c985c31c955a0aed5ed02581ffbf2a0ae62d78
+ EntropyPredictionResistanceB.14 = 7f9af6a606c9b315c04faf5ce3c0412092edb19f9463784c
+ Output.14 = 219072e8b6d939f75ab90edc91ade50b8e40f2c1fae68aa5fb5bb297506ebc5f18d20492b55fd73ec118e6d74e4796c1dd28d50f903dca70960ba66b33b0a6c3d06e2ba79eada96b613324914b19224f0c710af7793722687f9d464093fc651a5d613b03c6d71bcad9bf2c74a4844718
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -77123,6 +77485,7 @@ AdditionalInputB.14 = ecced4ace2d11cb2e02c253d81d15ecfaf555a51189d2051
+ EntropyPredictionResistanceB.14 = cff57ef512d7da05e7ea7d197c797962099c64ad89f52a24
+ Output.14 = 40f8480b22c24bde9c66f91761b1ecf25a6486024315b58028ddb8a88088f7deffc671a9465671c370f7877527e72c4259669890abc4efbdbb09550a84fa2f60a41d74c9d7960d5fa05e9f66ecd5ac344970aacc23ab1361d364eb697abfd6cd621773f4ea7ec2dc7795cc533abe664a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -77218,6 +77581,7 @@ EntropyPredictionResistanceA.14 = 4de293b3ea5c26925d39d5376ed5fd43b9b775b80c6cac
+ EntropyPredictionResistanceB.14 = 4e7f27a772fb8de77031b24cc514c06086de59989856694c
+ Output.14 = c1ec91ec7585ffc05d765d0a9e30f62bcdc115426af9947eab68b6c9a88e6a11890704b623eb7acaec77bc6988da9246e10aa3eaf65380f3083bbecd4a41ccb09879ed9c46669a78102b7822b157d0d2a3bf09b452300ccac217db03b455382d8990e3bdd9a2a6461b19dfdfbad5910a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -77343,6 +77707,7 @@ AdditionalInputB.14 = b87bf3d164ac955913ae4a780ac654d9a67c37c8df1f79c7
+ EntropyPredictionResistanceB.14 = e2b5224119118410592ae0b238dfd75ad576b3eaa1848313
+ Output.14 = cbf31760cbefcebf50289b9ad8e9443cde14fd6beee80c0bae83cdf77deb6e9c77ddcd0316667373b28b9431857e6e7cdccd8b6906927f66b362452325339a035b23baca8ce1697663e4879cc2084fceed28e9bbb2dbb91f868ba7626f6b7e5ea87eaa48ca50f9b76ac2c74b39bc9a86
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -77423,6 +77788,7 @@ EntropyPredictionResistanceA.14 = d931a0cbda3985a34b0a2eac42e9bc5ead10520de4e7d1
+ EntropyPredictionResistanceB.14 = 518e2480b742f9c30098a6d543d1669678084b3208b5375b
+ Output.14 = ef57d91db4d94aef743f1528e0c27b69654e3a854fb7479d25a8796b06c85884f328db9a09deb9be55cdeb9cca2a5a00ba56e28d2fa0057ef1ccb00b22a0a747bf15e7b303b990bf2fc3903f96cc55e69d8808c9da93231e5e859f7ec9edc9961dfc9b30b30ce0f43a3d65da93a82377
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -77533,6 +77899,7 @@ AdditionalInputB.14 = 51f6a64ad57705cbae6b92cdeb622a0701f5500e6ad7eb0a
+ EntropyPredictionResistanceB.14 = d5f8c2ba94bd849bd1434ff9d0b72517a7e6d381f13387a0
+ Output.14 = 15d882c8ec0a8ff1544813ba2a6cebe81281117628fc4e79371b7e84027d0d9322a76e42c733c73ba90c4b204bbe329a4ff344c3fd8204e0c220154ca9cd04c80457cebc33f9466c33358fe1c05d49bf83d174f8abf530b46b701c0ba24b081dda46ae38f58815a996fe878fa6884845
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -77628,6 +77995,7 @@ EntropyPredictionResistanceA.14 = 7ac8115615a29c535ce9b45d3e57d6f9ab0e6d4a021fe9
+ EntropyPredictionResistanceB.14 = f6ab8840edeb3c20d7bddf7fdaa5c980c58bfd116551d1ae
+ Output.14 = a85a3ede0e85ce593be2a2a2c650d49a740e9b8f07c24348d2bd968c917d442ed8de8a0d8ec8ff09ff86e6f279159001382cdb92f4625d12365443881df226c9a3833ba051a92f29fb55b788ab4b2d01958b9c067b43bb86c4e547b24e609e0d86aa3b75ea8d73e2c90092a50bcc6ce9
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/224
+ PredictionResistance = 1
+@@ -77753,6 +78121,7 @@ AdditionalInputB.14 = f0431c9d8925aaaf8f28d112773e5f5fed7feff633c9b056
+ EntropyPredictionResistanceB.14 = 5e27635c34a1b793b2b1f23c9a72eb3e58c6ad63ac752dda
+ Output.14 = 20a84f074794921d7c1ba7463c4cd5f165ef6ff003555a69a71d529ea8177b3b4845898f031428b320b9dc59b16260d80baab34e7cc6daba5463cb496e4a6588ca5f3547412e63d36d560d9549f87a3ca346968f4dfdda3d0cf9b82384b3e830a8368c659c5aea26b03c4bbb8bbd3878
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -77833,6 +78202,7 @@ EntropyPredictionResistanceA.14 = 33fd3300d120786b2f756459b222b72728c1b2c53d09aa
+ EntropyPredictionResistanceB.14 = 96aa233b407f0cb14d6ecf2a243efcd7c1b7ed3fede97dfeb269cf8331189412
+ Output.14 = 6a34b428c4ff416d3ae907318928663ac8683ef6328d37b19bd2c179aeb7e56a73c6ed096ebfeb85a263f2c868fb4a2d977d5d41fe12b135b1c9017555b36a9f6775a43c42be37a78eb067f520f091ccd94b38c62fa7d48c494b05b072fee34ba262a4fe1a70c98fea2fae40513723a52d6ea44f5fa168f4c03ae2c73d793ef0
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -77943,6 +78313,7 @@ AdditionalInputB.14 = 2563ad078ad8eda919ed40a81b634073064c22f2b21926bbd9cc1d7c2a
+ EntropyPredictionResistanceB.14 = 45ddc44189bbcd60713c40e811d6b2acdd1659c670f715703f5b80eb4152311f
+ Output.14 = c2554fc1931b72acd98e4949707802ab471c4f2eb62813f87f137e698cf89a13fa7366a97b49587d9a0c4d42a62eb0bce27e2ce0e67324739c49eb180216beb51fc82d45b7900fa1c2d3db3a0c781ef93ee57f6a186a61e0f0fd25a8d8d2d9170bd18714cfc1a6e7fb6dc992579cfb0306de5b67c01522b3ea3955d63a775cce
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78038,6 +78409,7 @@ EntropyPredictionResistanceA.14 = e43ba5b540971c4f02f0212bbc0ba521f3e64a627c1d0a
+ EntropyPredictionResistanceB.14 = 3ca4a33a72e7aed850e64984c28407327d94e6858a65d42b16f985d010b783bd
+ Output.14 = 2567b74d4d1eeceb6321817f5ada210954643e1212b766bf2eb84d2ce6231c58e346ed57824c409f3c73de40395608a7d3c52708f07ee7e721b7c42ccce5b0baae67364e1cffb7fb0e363eadf3415c99bdc7b730b8c66201da1f8a2290cbd6165912484def03a96b237b793b76b76043cf9fadcd5e66ea94e6110c4b2b025232
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78163,6 +78535,7 @@ AdditionalInputB.14 = 7978071c7a648cf7f02c9cdf544d6ff9dbe3c5636f73fe50deb7e89695
+ EntropyPredictionResistanceB.14 = aaf9320ee7c103d51512232305aab44b946a73ddb13270f42903a37f84c9da01
+ Output.14 = cf5ed4b6208a0db15373d472e240dee04a34e630000f9751cf8d3f15dd6a4fa3a4602ec539dbb1811978493f920e84b2e3ac78bcfd619b6c4e7e0072381a7bc150a91b31a0280dd843ca1c4332ba0757d6f6f0f2f830a623cb78011dec8c4d844f71427b09be4e9fdff4bc1cf3a72a773e06121cd8792232d387170a66ca384b
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78243,6 +78616,7 @@ EntropyPredictionResistanceA.14 = f124c88bad32cf4ff49ccc4271c7f4046f277c0b1fc73c
+ EntropyPredictionResistanceB.14 = c32b11359b7ed121c87b85716c2ce83aebdd46cd4c19168ad3930be351ea1ff9
+ Output.14 = 9f382e0382f2e6b3ba85ace2cec7301ea6f7d0d3b0895937033df9f710471e468b8162492d18ab45ca809e8aa2f37c15ec599d4b2774947b90c269bc2f8553e639f21e1c371f7a49edb4cb4e51bd1e9fd7d66e3b313ce227373dd2548870378206b4b5fd0d22c48ce03a72003be53ec378d9eab25bc432c7a8bd0eed89adf941
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78353,6 +78727,7 @@ AdditionalInputB.14 = df48314d76c0d698923dabd3d23024ac2aa5fd236ad3c6e3b4cf2244a8
+ EntropyPredictionResistanceB.14 = 3387fb65c8c1dd5e3d4f64bebb45da1a7e288a22e16f2fbb882dc2f9534717e5
+ Output.14 = 31998e0784579bc7aaf5130b747eb295a089a12c1844406aa18c06f19607a2e497adf5352e10c145b3cd2a2532389f771af3028042605f0abe705f8540561c4e376d405c6f2dc23b3d3fe0c14790beea99705e69fac2518154613680012c5a140d45fba7e381f55c61ec7f3850dc586bb1f3cf928685a9d60e06fd93eb1fd8cb
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78448,6 +78823,7 @@ EntropyPredictionResistanceA.14 = bf2e966737aaa8abbccaa45ac5371db4c4dd0bf2b3c9f1
+ EntropyPredictionResistanceB.14 = f316f2613b068f607c2fb5218e037c5ab1d80b7d75fda419a7e0caedcfd7ce1a
+ Output.14 = 36e385da783dd146364fead3dc2dc71bdaa6d30c6ab5f94e007b1ced51b2f45947c57652e305204a0cad2ba7b43056461aed10132d89aea8f9ec7ccf0e7487aa2d97fc40f65b399df732b03f8e6834903c60e2e5d6f5ab1b3a034b3eaaa73936770324ea02bd2830e6b26e00d7b49022ce0454afcecbfb912511cd13090d9693
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78573,6 +78949,7 @@ AdditionalInputB.14 = b395f988467a2a5f4f3ddef792f16f2461886caf9d6f12c4d643d20775
+ EntropyPredictionResistanceB.14 = 22f2693142e42848bf4c00f65337ec2405cd22bc06c6d035a5acec0a5b7d5d9a
+ Output.14 = 3edeba227da675e1b9e684317e54c4537691f9a412102a21e32e699ff0c6e95655d3342e94daf37dd08114d16b45328795e24d7381195711792226769975167ccdd10df89410e485c880865676a081ce6a61641fc805d6d06cb4aebbc731de0a7df69ed1107da07821d64e9f8bc124f094bb799fe50a001914a47221a45ca2c9
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78653,6 +79030,7 @@ EntropyPredictionResistanceA.14 = dac0795c36fd9cb6eff0cd7137190d573dde7148fc19c2
+ EntropyPredictionResistanceB.14 = 1a29a4fb16a73c2c187c6d1b5a1a1394b63b6878abcfffeb94aab5dcd593037b
+ Output.14 = 835efa36b1ff38ed845f3c2e8f5ec0f89a60f7def6d36f8577192625fb89cb634be535a791e28b1c27320e40f594b1705e712e43856a1a5aba0e98b987fd1b5e6ca78458c98b3f8de449f4f23d0dbfe374e8241a2f12b6cdaeaa896b9953c32d756fc2b70e1edcde45aaab0df6e816fe0d04b2cec88ea159dadbae9b1eed3125
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78763,6 +79141,7 @@ AdditionalInputB.14 = a908058d07b69a7e7f53869d81128e47303fffa4f0400b3bee7acc4e45
+ EntropyPredictionResistanceB.14 = 040c9859c26e54e9d5f92485888bb67acc5092ce679e6a54730ffebaa0fac226
+ Output.14 = 3caf4baa5fab5bed4d50b0b4ace9c2ec8c21a1e952d81ebcf23a6cfbd177f53168a876f7e5b7d2c63cd7bba4a1b61b3ef59e1cf87b353ff64c7f798fb0c5d6e375fc1e8653f8d22be965abcc87f178e4023d1ef85baa278faa1eb205e4c05219222f543c5b9ac6a86b00071e34a7b2b9c6983f8ab6f187295f5095b801466a76
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78858,6 +79237,7 @@ EntropyPredictionResistanceA.14 = c689be45ecddc94daaf823c6ddd6491b028ace5c25c407
+ EntropyPredictionResistanceB.14 = 2f81e665f02331531ca37635b8664ba5641b8a200031677aba00253f8f1fe035
+ Output.14 = 9bfdeef565b0979be0f88e3b9e283433bd1fa2333662445302aa84332aa601a61a5b3d449eb5fe33db385254571eedff49b8d2f49ade41c12133263d447e7edf49998f5c05582504775f5b18bc7a0c075c6bfa4596178d95a019402937712afe69f3ad534fd44259312c63f1970b3d8bd404e758c9e884b19330350020896b37
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -78983,6 +79363,7 @@ AdditionalInputB.14 = a63bd3ef8cfeca1e2552bc111786a992526802e51cd30f0e9e7b7a398a
+ EntropyPredictionResistanceB.14 = defd0a8320a31b94998e74e0e5e40422e80735b281b9901e9fd1c8ecc50ff2b3
+ Output.14 = ffc830d5029f42c1c9aa10d6d90d94abf3bc39269bf4fc4a4ed14435a985cb14da64d79ad4d8951e582b0b793836ef3380dff4d063682a4e8ac8796ca74e74d3933e5111bb92d219b72b28f4198b23446e422aaa7f33ade182801506aec4293fd69c3fc86cf39297867d16b98738740f1b7465043e0eaf7480d1c328ce2b4cfc
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -79063,6 +79444,7 @@ EntropyPredictionResistanceA.14 = 29fa15be2259b4b164b3d232809cd7eeb3c5c24aec81c7
+ EntropyPredictionResistanceB.14 = babf7813c6a24d4e68e09025a0d3b0242e9a98779ecdcaa64baf1ef82e8d4a77
+ Output.14 = e6528c03849f1535b6f443e30817d3deccc7ea4699fc88ec9d6f3e28e72cc4b199afa5db7ba2da1ffd1a1ce7aa1a15be4892d0d98e27332f6d45ed63a2636073d12b8a99089ac5b55c93aecdb5e584e32ec75e44390016421822158d3596daaca561245bf1b8740d1f3c885be5149505f9591b0679f9b88df45741b767f423ec
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -79173,6 +79555,7 @@ AdditionalInputB.14 = 711bf57411337724960392a9319e580c226abff909e28d4696fcf5f0e7
+ EntropyPredictionResistanceB.14 = 9fac27583fbf9335c2a8d7f1edfb99b18ee5f8e58e537749fb674bcb46ef537a
+ Output.14 = ab08f911c4c87135c3f9de33cda823f91a1a8cdfd10f59b81f77dd2158890634f7c5373bc40e158a7881f62a18b0b553d3f075fb96112a04e39ad6918fb2f139ae6fe11856e6a0f17a2e1c0cf88ac49563c08ba5c9c48ad6a7a99825148132ccf3a9a46b92597d0a971f33e43c5a3746c0d8564e19d1681173f24e22fa54521a
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+@@ -79268,6 +79651,7 @@ EntropyPredictionResistanceA.14 = ed3bd1e78d7f3cadcf45170dcbb605913140f68bdf4e36
+ EntropyPredictionResistanceB.14 = 214b7501096bf1d7605e9082a9238334ca15522cf2eed77bce6dd3872106dab3
+ Output.14 = bdd8721d12e9cafb73070a13d70db1020e95cac5f93037716ae10045007f5ecb8ea90c529e9aa8b0f312a2f81a5086713509e7909bd7081d0c25a33971904e3b90b486c71e185c752311dfa309b53c8cccd9cde63868bced00af0113eeaa77395c717792373ea708973a2f084dfa050cfdd0e73a8c51cc25651cdf8b6b8b3a02
+ 
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512/256
+ PredictionResistance = 1
+-- 
+2.38.1
+
diff --git a/openssl.spec b/openssl.spec
index 44e3cb2..158afd0 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -164,6 +164,8 @@ Patch77: 0077-FIPS-140-3-zeroization.patch
 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2137723
 Patch79: 0079-CVE-2022-3602.patch
+#https://bugzilla.redhat.com/show_bug.cgi?id=2141748
+Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
 #https://github.com/openssl/openssl/pull/17546
@@ -507,6 +509,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2144008
 - FIPS RSA CRT tests must use correct parameters
   Resolves: rhbz#2144006
+- FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
+  Resolves: rhbz#2144017
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow

From 066be87ccd37a8466184256fce8b85a18cb159b9 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 17 Nov 2022 14:04:50 +0100
Subject: [PATCH 05/28] Remove support for X9.31 signature padding in FIPS mode

The current draft of FIPS 186-5 [1] no longer contains specifications
for X9.31 signature padding. Instead, it contains the following
information in Appendix E:

> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from
> this standard.

Since this situation is unlikely to change in future revisions of the
draft, and future FIPS 140-3 validations of the provider will require
X9.31 to be disabled or marked as not approved with an explicit
indicator, disallow this padding mode now.

Remove the X9.31 tests from the acvp test, since they will always fail
now.

 [1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf

Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2144015
---
 ...-Remove-X9.31-padding-from-FIPS-prov.patch | 288 ++++++++++++++++++
 openssl.spec                                  |   4 +
 2 files changed, 292 insertions(+)
 create mode 100644 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch

diff --git a/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch b/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
new file mode 100644
index 0000000..83b5b0a
--- /dev/null
+++ b/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
@@ -0,0 +1,288 @@
+From 4de5fa26873297f5c2eeed53e5c988437f837f55 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Thu, 17 Nov 2022 13:53:31 +0100
+Subject: [PATCH] signature: Remove X9.31 padding from FIPS prov
+
+The current draft of FIPS 186-5 [1] no longer contains specifications
+for X9.31 signature padding. Instead, it contains the following
+information in Appendix E:
+
+> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from
+> this standard.
+
+Since this situation is unlikely to change in future revisions of the
+draft, and future FIPS 140-3 validations of the provider will require
+X9.31 to be disabled or marked as not approved with an explicit
+indicator, disallow this padding mode now.
+
+Remove the X9.31 tests from the acvp test, since they will always fail
+now.
+
+ [1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ providers/implementations/signature/rsa_sig.c |   6 +
+ test/acvp_test.inc                            | 214 ------------------
+ 2 files changed, 6 insertions(+), 214 deletions(-)
+
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 34f45175e8..49e7f9158a 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -1233,7 +1233,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+             err_extra_text = "No padding not allowed with RSA-PSS";
+             goto cont;
+         case RSA_X931_PADDING:
++#ifndef FIPS_MODULE
+             err_extra_text = "X.931 padding not allowed with RSA-PSS";
++#else /* !defined(FIPS_MODULE) */
++            err_extra_text = "X.931 padding no longer allowed in FIPS mode,"
++                             " since it was removed from FIPS 186-5";
++            goto bad_pad;
++#endif /* !defined(FIPS_MODULE) */
+         cont:
+             if (RSA_test_flags(prsactx->rsa,
+                                RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA)
+diff --git a/test/acvp_test.inc b/test/acvp_test.inc
+index 73b24bdb0c..96a72073f9 100644
+--- a/test/acvp_test.inc
++++ b/test/acvp_test.inc
+@@ -1204,13 +1204,6 @@ static const struct rsa_siggen_st rsa_siggen_data[] = {
+         ITM(rsa_siggen0_msg),
+         NO_PSS_SALT_LEN,
+     },
+-    {
+-        "x931",
+-        2048,
+-        "SHA384",
+-        ITM(rsa_siggen0_msg),
+-        NO_PSS_SALT_LEN,
+-    },
+     {
+         "pss",
+         2048,
+@@ -1622,202 +1615,6 @@ static const unsigned char rsa_sigverpss_1_sig[] = {
+     0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b,
+ };
+ 
+-static const unsigned char rsa_sigverx931_0_n[] = {
+-    0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad,
+-    0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83,
+-    0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87,
+-    0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6,
+-    0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c,
+-    0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73,
+-    0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10,
+-    0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6,
+-    0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79,
+-    0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7,
+-    0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b,
+-    0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02,
+-    0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41,
+-    0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f,
+-    0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf,
+-    0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d,
+-    0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54,
+-    0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e,
+-    0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04,
+-    0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79,
+-    0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16,
+-    0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e,
+-    0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b,
+-    0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8,
+-    0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89,
+-    0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b,
+-    0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62,
+-    0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73,
+-    0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b,
+-    0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f,
+-    0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77,
+-    0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33,
+-    0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66,
+-    0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4,
+-    0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c,
+-    0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28,
+-    0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8,
+-    0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4,
+-    0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0,
+-    0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07,
+-    0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60,
+-    0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a,
+-    0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e,
+-    0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e,
+-    0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81,
+-    0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a,
+-    0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45,
+-    0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7,
+-
+-};
+-static const unsigned char rsa_sigverx931_0_e[] = {
+-    0x01, 0x00, 0x01,
+-};
+-static const unsigned char rsa_sigverx931_0_msg[] = {
+-    0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47,
+-    0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd,
+-    0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9,
+-    0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52,
+-    0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41,
+-    0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54,
+-    0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c,
+-    0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf,
+-    0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47,
+-    0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01,
+-    0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f,
+-    0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67,
+-    0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41,
+-    0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd,
+-    0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca,
+-    0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00,
+-
+-};
+-static const unsigned char rsa_sigverx931_0_sig[] = {
+-    0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb,
+-    0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3,
+-    0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e,
+-    0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00,
+-    0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18,
+-    0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc,
+-    0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5,
+-    0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f,
+-    0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75,
+-    0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74,
+-    0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4,
+-    0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1,
+-    0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19,
+-    0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82,
+-    0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef,
+-    0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5,
+-    0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2,
+-    0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04,
+-    0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf,
+-    0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a,
+-    0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c,
+-    0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d,
+-    0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74,
+-    0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75,
+-    0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd,
+-    0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57,
+-    0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07,
+-    0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05,
+-    0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c,
+-    0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca,
+-    0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57,
+-    0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e,
+-    0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a,
+-    0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e,
+-    0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b,
+-    0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a,
+-    0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10,
+-    0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d,
+-    0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52,
+-    0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f,
+-    0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda,
+-    0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59,
+-    0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37,
+-    0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15,
+-    0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec,
+-    0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0,
+-    0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13,
+-    0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb,
+-};
+-
+-#define rsa_sigverx931_1_n rsa_sigverx931_0_n
+-#define rsa_sigverx931_1_e rsa_sigverx931_0_e
+-static const unsigned char rsa_sigverx931_1_msg[] = {
+-    0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8,
+-    0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d,
+-    0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9,
+-    0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3,
+-    0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26,
+-    0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f,
+-    0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2,
+-    0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5,
+-    0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42,
+-    0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59,
+-    0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd,
+-    0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72,
+-    0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45,
+-    0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44,
+-    0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42,
+-    0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55,
+-};
+-
+-static const unsigned char rsa_sigverx931_1_sig[] = {
+-    0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5,
+-    0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67,
+-    0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95,
+-    0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a,
+-    0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3,
+-    0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69,
+-    0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23,
+-    0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14,
+-    0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75,
+-    0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f,
+-    0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37,
+-    0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef,
+-    0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60,
+-    0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94,
+-    0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93,
+-    0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde,
+-    0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b,
+-    0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99,
+-    0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb,
+-    0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef,
+-    0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6,
+-    0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe,
+-    0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9,
+-    0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63,
+-    0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9,
+-    0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48,
+-    0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd,
+-    0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16,
+-    0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8,
+-    0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54,
+-    0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66,
+-    0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56,
+-    0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99,
+-    0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90,
+-    0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3,
+-    0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25,
+-    0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34,
+-    0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70,
+-    0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75,
+-    0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3,
+-    0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53,
+-    0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c,
+-    0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07,
+-    0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85,
+-    0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab,
+-    0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b,
+-    0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4,
+-    0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d,
+-};
+-
+ static const struct rsa_sigver_st rsa_sigver_data[] = {
+     {
+         "pkcs1", /* pkcs1v1.5 */
+@@ -1841,17 +1638,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = {
+         NO_PSS_SALT_LEN,
+         FAIL
+     },
+-    {
+-        "x931",
+-        3072,
+-        "SHA256",
+-        ITM(rsa_sigverx931_1_msg),
+-        ITM(rsa_sigverx931_1_n),
+-        ITM(rsa_sigverx931_1_e),
+-        ITM(rsa_sigverx931_1_sig),
+-        NO_PSS_SALT_LEN,
+-        FAIL
+-    },
+     {
+         "pss",
+         4096,
+-- 
+2.38.1
+
diff --git a/openssl.spec b/openssl.spec
index 158afd0..407d938 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -166,6 +166,8 @@ Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
 Patch79: 0079-CVE-2022-3602.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2141748
 Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2142131
+Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
 #https://github.com/openssl/openssl/pull/17546
@@ -511,6 +513,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2144006
 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
   Resolves: rhbz#2144017
+- Remove support for X9.31 signature padding in FIPS mode
+  Resolves: rhbz#2144015
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow

From 105cc32a208cb3063869a71486c09ddd5b63c222 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 17 Nov 2022 17:34:28 +0100
Subject: [PATCH 06/28] Add indicator for SP 800-108 KDFs w/short keys

NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from
a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he
length of the key-derivation key shall be at least 112 bits". It further
specifies that HMAC-based KDFs "with a key whose length is at least 112
bits" are acceptable.

Add an explicit indicator for SP 800-108 KDFs that will mark shorter key
lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX
object using EVP_KDF_CTX_get_params() with the
  OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR
parameter.

This also modifies the previously applied HKDF indicator patch to use
the same interface to query its FIPS indicator. This provides better
consistency across the various KDFs with explicit indicators.
Additionally, the new constants are clearly marked as being specific to
Red Hat.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2144019
---
 ...Add-FIPS-indicator-parameter-to-HKDF.patch | 63 ++++++++++------
 ...plicit-FIPS-indicator-for-key-length.patch | 74 +++++++++++++++++++
 openssl.spec                                  |  4 +
 3 files changed, 119 insertions(+), 22 deletions(-)
 create mode 100644 0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch

diff --git a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
index 31e3c7d..b54d0fa 100644
--- a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
+++ b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
@@ -1,50 +1,69 @@
-From c4b086fc4de06128695e1fe428f56d776d25e748 Mon Sep 17 00:00:00 2001
+From 0c4aaedf29a1ed1559762515bfeaa5923925e18f Mon Sep 17 00:00:00 2001
 From: Clemens Lang <cllang@redhat.com>
 Date: Thu, 11 Aug 2022 09:27:12 +0200
-Subject: [PATCH] Add FIPS indicator parameter to HKDF
+Subject: [PATCH 1/2] Add FIPS indicator parameter to HKDF
 
 NIST considers HKDF only acceptable when used as in TLS 1.3, and
 otherwise unapproved. Add an explicit indicator attached to the
 EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to
 determine whether the KDF operation was approved after performing it.
 
-Related: rhbz#2114772
 Signed-off-by: Clemens Lang <cllang@redhat.com>
+Related: rhbz#2114772
 ---
+ include/crypto/evp.h                  |  7 ++++
  include/openssl/core_names.h          |  1 +
  include/openssl/kdf.h                 |  4 ++
  providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++
- 3 files changed, 58 insertions(+)
+ 4 files changed, 65 insertions(+)
 
+diff --git a/include/crypto/evp.h b/include/crypto/evp.h
+index e70d8e9e84..76fb990de4 100644
+--- a/include/crypto/evp.h
++++ b/include/crypto/evp.h
+@@ -219,6 +219,13 @@ struct evp_mac_st {
+     OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
+ };
+ 
++#ifdef FIPS_MODULE
++/* According to NIST Special Publication 800-131Ar2, Section 8: Deriving
++ * Additional Keys from a Cryptographic Key, "[t]he length of the
++ * key-derivation key [i.e., the input key] shall be at least 112 bits". */
++# define EVP_KDF_FIPS_MIN_KEY_LEN (112 / 8)
++#endif
++
+ struct evp_kdf_st {
+     OSSL_PROVIDER *prov;
+     int name_id;
 diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
-index 21c94d0488..87786680d7 100644
+index 21c94d0488..c019afbbb0 100644
 --- a/include/openssl/core_names.h
 +++ b/include/openssl/core_names.h
 @@ -223,6 +223,7 @@ extern "C" {
  #define OSSL_KDF_PARAM_X942_SUPP_PUBINFO    "supp-pubinfo"
  #define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO   "supp-privinfo"
  #define OSSL_KDF_PARAM_X942_USE_KEYBITS     "use-keybits"
-+#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator"
++#define OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
  
  /* Known KDF names */
  #define OSSL_KDF_NAME_HKDF           "HKDF"
 diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
-index 0983230a48..869f23d8fb 100644
+index 0983230a48..86171635ea 100644
 --- a/include/openssl/kdf.h
 +++ b/include/openssl/kdf.h
 @@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
  # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY        1
  # define EVP_KDF_HKDF_MODE_EXPAND_ONLY         2
  
-+# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0
-+# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED     1
-+# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2
++# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
++# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED     1
++# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
 +
  #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV     65
  #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI     66
  #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
 diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
-index afdb7138e1..9d28d292d8 100644
+index afdb7138e1..6f06fa58fe 100644
 --- a/providers/implementations/kdfs/hkdf.c
 +++ b/providers/implementations/kdfs/hkdf.c
 @@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
@@ -53,13 +72,13 @@ index afdb7138e1..9d28d292d8 100644
      }
 +
 +#ifdef FIPS_MODULE
-+    if ((p = OSSL_PARAM_locate(params,
-+                OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) {
-+        int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED;
++    if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR))
++            != NULL) {
++        int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED;
 +        switch (ctx->mode) {
 +        case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
 +            /* TLS 1.3 never uses extract-and-expand */
-+            fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
++            fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
 +            break;
 +        case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
 +            {
@@ -74,10 +93,10 @@ index afdb7138e1..9d28d292d8 100644
 +                 * comes from, so all we can do is check the salt length.
 +                 */
 +                const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
-+                if (md != NULL && ctx->salt_len == EVP_MD_get_size(md))
-+                    fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
++                if (md != NULL && ctx->salt_len == (size_t) EVP_MD_get_size(md))
++                    fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
 +                else
-+                    fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
++                    fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
 +            }
 +            break;
 +        case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
@@ -92,9 +111,9 @@ index afdb7138e1..9d28d292d8 100644
 +                    && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */
 +                    && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 ||
 +                        strncmp("dtls", (const char *)ctx->label + 2, 4) == 0))
-+                fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
++                fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
 +            else
-+                fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
++                fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
 +            break;
 +        }
 +        return OSSL_PARAM_set_int(p, fips_indicator);
@@ -109,11 +128,11 @@ index afdb7138e1..9d28d292d8 100644
      static const OSSL_PARAM known_gettable_ctx_params[] = {
          OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
 +#ifdef FIPS_MODULE
-+        OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL),
++        OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
 +#endif /* defined(FIPS_MODULE) */
          OSSL_PARAM_END
      };
      return known_gettable_ctx_params;
 -- 
-2.37.1
+2.38.1
 
diff --git a/0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch b/0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch
new file mode 100644
index 0000000..8542af9
--- /dev/null
+++ b/0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch
@@ -0,0 +1,74 @@
+From 185fbbfea732588187c81d1b2cafb3e1fae9eb77 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Thu, 17 Nov 2022 16:38:45 +0100
+Subject: [PATCH 2/2] kbkdf: Add explicit FIPS indicator for key length
+
+NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from
+a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he
+length of the key-derivation key shall be at least 112 bits". It further
+specifies that HMAC-based KDFs "with a key whose length is at least 112
+bits" are acceptable.
+
+Add an explicit indicator for SP 800-108 KDFs that will mark shorter key
+lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX
+object using EVP_KDF_CTX_get_params() with the
+  OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR
+parameter.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ providers/implementations/kdfs/kbkdf.c | 32 +++++++++++++++++++++-----
+ 1 file changed, 26 insertions(+), 6 deletions(-)
+
+diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
+index a542f84dfa..93a8a10537 100644
+--- a/providers/implementations/kdfs/kbkdf.c
++++ b/providers/implementations/kdfs/kbkdf.c
+@@ -365,18 +365,38 @@ static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
+     OSSL_PARAM *p;
+ 
+     p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);
+-    if (p == NULL)
+-        return -2;
++    if (p != NULL)
++        /* KBKDF can produce results as large as you like. */
++        return OSSL_PARAM_set_size_t(p, SIZE_MAX);
++
++#ifdef FIPS_MODULE
++    p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
++    if (p != NULL) {
++        KBKDF *ctx = (KBKDF *)vctx;
++        int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
++        /* According to NIST Special Publication 800-131Ar2, Section 8:
++         * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
++         * the key-derivation key [i.e., the input key] shall be at least 112
++         * bits". */
++        if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)
++            fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
++        return OSSL_PARAM_set_int(p, fips_indicator);
++    }
++#endif
+ 
+-    /* KBKDF can produce results as large as you like. */
+-    return OSSL_PARAM_set_size_t(p, SIZE_MAX);
++    return -2;
+ }
+ 
+ static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx,
+                                                    ossl_unused void *provctx)
+ {
+-    static const OSSL_PARAM known_gettable_ctx_params[] =
+-        { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };
++    static const OSSL_PARAM known_gettable_ctx_params[] = {
++        OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
++#ifdef FIPS_MODULE
++        OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
++#endif /* defined(FIPS_MODULE) */
++        OSSL_PARAM_END
++    };
+     return known_gettable_ctx_params;
+ }
+ 
+-- 
+2.38.1
+
diff --git a/openssl.spec b/openssl.spec
index 407d938..4b2763e 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -168,6 +168,8 @@ Patch79: 0079-CVE-2022-3602.patch
 Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142131
 Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2141695
+Patch82: 0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
 #https://github.com/openssl/openssl/pull/17546
@@ -515,6 +517,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2144017
 - Remove support for X9.31 signature padding in FIPS mode
   Resolves: rhbz#2144015
+- Add explicit indicator for SP 800-108 KDFs with short key lengths
+  Resolves: rhbz#2144019
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow

From 438a2c64b779974ff715ee88432817bc37f2274e Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 17 Nov 2022 18:23:13 +0100
Subject: [PATCH 07/28] Add indicator for HMAC with short key lengths

NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
specifies key lengths < 112 bytes are disallowed for HMAC generation and
are legacy use for HMAC verification.

Add an explicit indicator that will mark shorter key lengths as
unsupported. The indicator can be queries from the EVP_MAC_CTX object
using EVP_MAC_CTX_get_params() with the
  OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
parameter.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2144000
---
 ...plicit-FIPS-indicator-for-key-length.patch | 112 ++++++++++++++++++
 openssl.spec                                  |   4 +
 2 files changed, 116 insertions(+)
 create mode 100644 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch

diff --git a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
new file mode 100644
index 0000000..81a6544
--- /dev/null
+++ b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
@@ -0,0 +1,112 @@
+From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Thu, 17 Nov 2022 18:08:24 +0100
+Subject: [PATCH] hmac: Add explicit FIPS indicator for key length
+
+NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
+specifies key lengths < 112 bytes are disallowed for HMAC generation and
+are legacy use for HMAC verification.
+
+Add an explicit indicator that will mark shorter key lengths as
+unsupported. The indicator can be queries from the EVP_MAC_CTX object
+using EVP_MAC_CTX_get_params() with the
+  OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
+parameter.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ include/crypto/evp.h                       |  7 +++++++
+ include/openssl/core_names.h               |  1 +
+ include/openssl/evp.h                      |  3 +++
+ providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
+ 4 files changed, 28 insertions(+)
+
+diff --git a/include/crypto/evp.h b/include/crypto/evp.h
+index 76fb990de4..1e2240516e 100644
+--- a/include/crypto/evp.h
++++ b/include/crypto/evp.h
+@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
+ const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
+ const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
+ 
++#ifdef FIPS_MODULE
++/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
++ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
++ * HMAC verification. */
++# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
++#endif
++
+ struct evp_mac_st {
+     OSSL_PROVIDER *prov;
+     int name_id;
+diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
+index c019afbbb0..94fab83193 100644
+--- a/include/openssl/core_names.h
++++ b/include/openssl/core_names.h
+@@ -173,6 +173,7 @@ extern "C" {
+ #define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
+ #define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
+ #define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
++#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
+ 
+ /* Known MAC names */
+ #define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+diff --git a/include/openssl/evp.h b/include/openssl/evp.h
+index 49e8e1df78..a5e78efd6e 100644
+--- a/include/openssl/evp.h
++++ b/include/openssl/evp.h
+@@ -1192,6 +1192,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
+                             void *arg);
+ 
+ /* MAC stuff */
++# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
++# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED     1
++# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
+ 
+ EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
+                        const char *properties);
+diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
+index 52ebb08b8f..cf5c3ecbe7 100644
+--- a/providers/implementations/macs/hmac_prov.c
++++ b/providers/implementations/macs/hmac_prov.c
+@@ -21,6 +21,8 @@
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
+ 
++#include "crypto/evp.h"
++
+ #include "prov/implementations.h"
+ #include "prov/provider_ctx.h"
+ #include "prov/provider_util.h"
+@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
+ static const OSSL_PARAM known_gettable_ctx_params[] = {
+     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
+     OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
++#ifdef FIPS_MODULE
++    OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL),
++#endif /* defined(FIPS_MODULE) */
+     OSSL_PARAM_END
+ };
+ static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
+@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
+             && !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
+         return 0;
+ 
++#ifdef FIPS_MODULE
++    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) {
++        int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED;
++        /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
++         * specifies key lengths < 112 bytes are disallowed for HMAC generation
++         * and legacy use for HMAC verification. */
++        if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
++            fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
++        return OSSL_PARAM_set_int(p, fips_indicator);
++    }
++#endif /* defined(FIPS_MODULE) */
++
+     return 1;
+ }
+ 
+-- 
+2.38.1
+
diff --git a/openssl.spec b/openssl.spec
index 4b2763e..043d28f 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -170,6 +170,8 @@ Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
 Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2141695
 Patch82: 0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2136250
+Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
 #https://github.com/openssl/openssl/pull/17546
@@ -519,6 +521,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2144015
 - Add explicit indicator for SP 800-108 KDFs with short key lengths
   Resolves: rhbz#2144019
+- Add explicit indicator for HMAC with short key lengths
+  Resolves: rhbz#2144000
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow

From fe096903081d0f80d1327689ff5453ef156ded97 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 17 Nov 2022 18:43:56 +0100
Subject: [PATCH 08/28] pbkdf2: Set minimum password length of 8 bytes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Implementation Guidance for FIPS 140-3 says in section D.N
"Password-Based Key Derivation for Storage Applications" that "the
vendor shall document in the module’s Security Policy the length of
a password/passphrase used in key derivation and establish an upper
bound for the probability of having this parameter guessed at random.
This probability shall take into account not only the length of the
password/passphrase, but also the difficulty of guessing it. The
decision on the minimum length of a password used for key derivation is
the vendor’s, but the vendor shall at a minimum informally justify the
decision."

We are choosing a minimum password length of 8 bytes, because NIST's
ACVP testing uses passwords as short as 8 bytes, and requiring longer
passwords combined with an implicit indicator (i.e., returning an error)
would cause the module to fail ACVP testing.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2144003
---
 ...t-minimum-password-length-of-8-bytes.patch | 86 +++++++++++++++++++
 openssl.spec                                  |  4 +
 2 files changed, 90 insertions(+)
 create mode 100644 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch

diff --git a/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch b/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
new file mode 100644
index 0000000..181fedd
--- /dev/null
+++ b/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
@@ -0,0 +1,86 @@
+From 754862899058cfb5f2341c81f9e04dd2f7b37056 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Thu, 17 Nov 2022 18:37:17 +0100
+Subject: [PATCH] pbkdf2: Set minimum password length of 8 bytes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The Implementation Guidance for FIPS 140-3 says in section D.N
+"Password-Based Key Derivation for Storage Applications" that "the
+vendor shall document in the module’s Security Policy the length of
+a password/passphrase used in key derivation and establish an upper
+bound for the probability of having this parameter guessed at random.
+This probability shall take into account not only the length of the
+password/passphrase, but also the difficulty of guessing it. The
+decision on the minimum length of a password used for key derivation is
+the vendor’s, but the vendor shall at a minimum informally justify the
+decision."
+
+We are choosing a minimum password length of 8 bytes, because NIST's
+ACVP testing uses passwords as short as 8 bytes, and requiring longer
+passwords combined with an implicit indicator (i.e., returning an error)
+would cause the module to fail ACVP testing.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++-
+ 1 file changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
+index 2a0ae63acc..aa0adce5e6 100644
+--- a/providers/implementations/kdfs/pbkdf2.c
++++ b/providers/implementations/kdfs/pbkdf2.c
+@@ -35,6 +35,21 @@
+ #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
+ #define KDF_PBKDF2_MIN_ITERATIONS 1000
+ #define KDF_PBKDF2_MIN_SALT_LEN   (128 / 8)
++/* The Implementation Guidance for FIPS 140-3 says in section D.N
++ * "Password-Based Key Derivation for Storage Applications" that "the vendor
++ * shall document in the module’s Security Policy the length of
++ * a password/passphrase used in key derivation and establish an upper bound
++ * for the probability of having this parameter guessed at random. This
++ * probability shall take into account not only the length of the
++ * password/passphrase, but also the difficulty of guessing it. The decision on
++ * the minimum length of a password used for key derivation is the vendor’s,
++ * but the vendor shall at a minimum informally justify the decision."
++ *
++ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP
++ * testing uses passwords as short as 8 bytes, and requiring longer passwords
++ * combined with an implicit indicator (i.e., returning an error) would cause
++ * the module to fail ACVP testing. */
++#define KDF_PBKDF2_MIN_PASSWORD_LEN (8)
+ 
+ static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new;
+ static OSSL_FUNC_kdf_freectx_fn kdf_pbkdf2_free;
+@@ -186,9 +201,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+         ctx->lower_bound_checks = pkcs5 == 0;
+     }
+ 
+-    if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL)
++    if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) {
++        if (ctx->lower_bound_checks != 0
++            && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) {
++            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p))
+             return 0;
++    }
+ 
+     if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
+         if (ctx->lower_bound_checks != 0
+@@ -297,6 +318,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen,
+     }
+ 
+     if (lower_bound_checks) {
++        if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) {
++            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
+             ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
+             return 0;
+-- 
+2.38.1
+
diff --git a/openssl.spec b/openssl.spec
index 043d28f..2ed1533 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -172,6 +172,8 @@ Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
 Patch82: 0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2136250
 Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2137557
+Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
 #https://github.com/openssl/openssl/pull/17546
@@ -523,6 +525,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2144019
 - Add explicit indicator for HMAC with short key lengths
   Resolves: rhbz#2144000
+- Set minimum password length for PBKDF2 in FIPS mode
+  Resolves: rhbz#2144003
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow

From 80de7ffd9c9d20559a149c0a32af8bed11375969 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 17 Nov 2022 19:50:30 +0100
Subject: [PATCH 09/28] Add explicit indicator & clamp default PSS salt len
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of
the hash function output block (in bytes)."

It is not exactly clear from this text whether hLen refers to the
message digest or the hash function used for the mask generation
function MGF1. PKCS#1 v2.1 suggests it is the former:

| Typical salt lengths in octets are hLen (the length of the output of
| the hash function Hash) and 0. In both cases the security of
| RSASSA-PSS can be closely related to the hardness of inverting RSAVP1.
| Bellare and Rogaway [4] give a tight lower bound for the security of
| the original RSA-PSS scheme, which corresponds roughly to the former
| case, while Coron [12] gives a lower bound for the related Full Domain
| Hashing scheme, which corresponds roughly to the latter case. In [13]
| Coron provides a general treatment with various salt lengths ranging
| from 0 to hLen; see [27] for discussion. See also [31], which adapts
| the security proofs in [4][13] to address the differences between the
| original and the present version of RSA-PSS as listed in Note 1 above.

Since OpenSSL defaults to creating signatures with the maximum salt
length, blocking the use of longer salts would probably lead to
significant problems in practice. Instead, introduce an explicit
indicator that can be obtained from the EVP_PKEY_CTX object using
EVP_PKEY_CTX_get_params() with the
  OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR
parameter.

Change the default automatic behavior when signing to use at most the
digest size as salt length.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2144012
---
 ...re-Add-indicator-for-PSS-salt-length.patch | 110 +++++++++++++
 ...gnature-Clamp-PSS-salt-len-to-MD-len.patch | 153 ++++++++++++++++++
 openssl.spec                                  |   8 +
 3 files changed, 271 insertions(+)
 create mode 100644 0088-signature-Add-indicator-for-PSS-salt-length.patch
 create mode 100644 0089-signature-Clamp-PSS-salt-len-to-MD-len.patch

diff --git a/0088-signature-Add-indicator-for-PSS-salt-length.patch b/0088-signature-Add-indicator-for-PSS-salt-length.patch
new file mode 100644
index 0000000..9f5a99e
--- /dev/null
+++ b/0088-signature-Add-indicator-for-PSS-salt-length.patch
@@ -0,0 +1,110 @@
+From 02612d36c664e03821ed80a205fdca80232afd64 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Thu, 17 Nov 2022 19:33:02 +0100
+Subject: [PATCH 1/2] signature: Add indicator for PSS salt length
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
+5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
+salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of
+the hash function output block (in bytes)."
+
+It is not exactly clear from this text whether hLen refers to the
+message digest or the hash function used for the mask generation
+function MGF1. PKCS#1 v2.1 suggests it is the former:
+
+| Typical salt lengths in octets are hLen (the length of the output of
+| the hash function Hash) and 0. In both cases the security of
+| RSASSA-PSS can be closely related to the hardness of inverting RSAVP1.
+| Bellare and Rogaway [4] give a tight lower bound for the security of
+| the original RSA-PSS scheme, which corresponds roughly to the former
+| case, while Coron [12] gives a lower bound for the related Full Domain
+| Hashing scheme, which corresponds roughly to the latter case. In [13]
+| Coron provides a general treatment with various salt lengths ranging
+| from 0 to hLen; see [27] for discussion. See also [31], which adapts
+| the security proofs in [4][13] to address the differences between the
+| original and the present version of RSA-PSS as listed in Note 1 above.
+
+Since OpenSSL defaults to creating signatures with the maximum salt
+length, blocking the use of longer salts would probably lead to
+significant problems in practice. Instead, introduce an explicit
+indicator that can be obtained from the EVP_PKEY_CTX object using
+EVP_PKEY_CTX_get_params() with the
+  OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR
+parameter.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ include/openssl/core_names.h                  |  1 +
+ include/openssl/evp.h                         |  4 ++++
+ providers/implementations/signature/rsa_sig.c | 18 ++++++++++++++++++
+ 3 files changed, 23 insertions(+)
+
+diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
+index 94fab83193..69c59f0b46 100644
+--- a/include/openssl/core_names.h
++++ b/include/openssl/core_names.h
+@@ -453,6 +453,7 @@ extern "C" {
+ #define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
+     OSSL_PKEY_PARAM_MGF1_PROPERTIES
+ #define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
++#define OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
+ 
+ /* Asym cipher parameters */
+ #define OSSL_ASYM_CIPHER_PARAM_DIGEST                   OSSL_PKEY_PARAM_DIGEST
+diff --git a/include/openssl/evp.h b/include/openssl/evp.h
+index a5e78efd6e..f239200465 100644
+--- a/include/openssl/evp.h
++++ b/include/openssl/evp.h
+@@ -797,6 +797,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+ __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                               int *outl);
+ 
++# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
++# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED     1
++# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
++
+ __owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+                          EVP_PKEY *pkey);
+ __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 49e7f9158a..f905fd6a04 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -1127,6 +1127,21 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
+         }
+     }
+ 
++#ifdef FIPS_MODULE
++    p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR);
++    if (p != NULL) {
++        int fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED;
++        if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) {
++            if (prsactx->md == NULL) {
++                fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED;
++            } else if (prsactx->saltlen > EVP_MD_get_size(prsactx->md)) {
++                fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
++            }
++        }
++        return OSSL_PARAM_set_int(p, fips_indicator);
++    }
++#endif
++
+     return 1;
+ }
+ 
+@@ -1136,6 +1151,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
+     OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
+     OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
+     OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
++#ifdef FIPS_MODULE
++    OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR, NULL),
++#endif
+     OSSL_PARAM_END
+ };
+ 
+-- 
+2.38.1
+
diff --git a/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch b/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
new file mode 100644
index 0000000..975b810
--- /dev/null
+++ b/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
@@ -0,0 +1,153 @@
+From 39a91c33e2b89a0fe42e3791d3dc304519a52182 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Fri, 18 Nov 2022 12:35:33 +0100
+Subject: [PATCH] signature: Clamp PSS salt len to MD len
+
+Since FIPS 186-4 subsection 5.5 limits the acceptable PSS salt length to
+the size of the message digest, change the default automatic behavior
+when signing to use at most the digest size as salt length. Shorter
+values are still possible when long hashes are used with short keys.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ crypto/rsa/rsa_ameth.c                        | 19 +++++++++++++++++--
+ crypto/rsa/rsa_pss.c                          | 11 +++++++++++
+ doc/man3/EVP_PKEY_CTX_ctrl.pod                |  4 +++-
+ providers/implementations/signature/rsa_sig.c | 18 ++++++++++++++++--
+ 4 files changed, 47 insertions(+), 5 deletions(-)
+
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
+index b1580ca..dc81627 100644
+--- a/crypto/rsa/rsa_ameth.c
++++ b/crypto/rsa/rsa_ameth.c
+@@ -449,6 +449,7 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
+     const EVP_MD *sigmd, *mgf1md;
+     EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
+     int saltlen;
++    int saltlenMax = -1;
+ 
+     if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
+         return NULL;
+@@ -456,14 +457,28 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
+         return NULL;
+     if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
+         return NULL;
+-    if (saltlen == -1) {
++    if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
+         saltlen = EVP_MD_get_size(sigmd);
+-    } else if (saltlen == -2 || saltlen == -3) {
++    } else if (saltlen == RSA_PSS_SALTLEN_AUTO) {
++        /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm",
++         * subsection 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in
++         * bytes) of the salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen
++         * is the length of the hash function output block (in bytes)."
++         *
++         * Switch the meaning of RSA_PSS_SALTLEN_AUTO to use at most the digest
++         * length in FIPS mode, so that the default does not violate FIPS
++         * 186-4. */
++        saltlen = RSA_PSS_SALTLEN_MAX;
++        saltlenMax = EVP_MD_get_size(sigmd);
++    }
++    if (saltlen == RSA_PSS_SALTLEN_MAX) {
+         saltlen = EVP_PKEY_get_size(pk) - EVP_MD_get_size(sigmd) - 2;
+         if ((EVP_PKEY_get_bits(pk) & 0x7) == 1)
+             saltlen--;
+         if (saltlen < 0)
+             return NULL;
++        if (saltlenMax >= 0 && saltlen > saltlenMax)
++            saltlen = saltlenMax;
+     }
+ 
+     return ossl_rsa_pss_params_create(sigmd, mgf1md, saltlen);
+diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
+index e8681b0..d8f9207 100644
+--- a/crypto/rsa/rsa_pss.c
++++ b/crypto/rsa/rsa_pss.c
+@@ -168,6 +168,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+     int hLen, maskedDBLen, MSBits, emLen;
+     unsigned char *H, *salt = NULL, *p;
+     EVP_MD_CTX *ctx = NULL;
++    int sLenMax = -1;
+ 
+     if (mgf1Hash == NULL)
+         mgf1Hash = Hash;
+@@ -190,10 +191,18 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+      *      -3      same as above (on signing)
+      *      -N      reserved
+      */
++    /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
++     * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
++     * salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of
++     * the hash function output block (in bytes)."
++     *
++     * Switch the meaning of RSA_PSS_SALTLEN_AUTO to use at most the digest
++     * length in FIPS mode, so that the default does not violate FIPS 186-4. */
+     if (sLen == RSA_PSS_SALTLEN_DIGEST) {
+         sLen = hLen;
+     } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) {
+         sLen = RSA_PSS_SALTLEN_MAX;
++        sLenMax = hLen;
+     } else if (sLen < RSA_PSS_SALTLEN_MAX) {
+         ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED);
+         goto err;
+@@ -211,6 +220,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+     }
+     if (sLen == RSA_PSS_SALTLEN_MAX) {
+         sLen = emLen - hLen - 2;
++        if (sLenMax >= 0 && sLen > sLenMax)
++            sLen = sLenMax;
+     } else if (sLen > emLen - hLen - 2) {
+         ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+         goto err;
+diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
+index 3075eaa..5463472 100644
+--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
++++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
+@@ -287,7 +287,9 @@ sets the salt length to the maximum permissible value.
+ 
+ causes the salt length to be automatically determined based on the
+ B<PSS> block structure when verifying.  When signing, it has the same
+-meaning as B<RSA_PSS_SALTLEN_MAX>.
++meaning as B<RSA_PSS_SALTLEN_MAX> up to a maximum of the digest length to
++comply with FIPS 186-4 section 5.5.  This maximum is specific to Red Hat,
++upstream also uses larger values.
+ 
+ =back
+ 
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 3ce5efd..519c6a2 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -200,13 +200,27 @@ static void *rsa_newctx(void *provctx, const char *propq)
+ static int rsa_pss_compute_saltlen(PROV_RSA_CTX *ctx)
+ {
+     int saltlen = ctx->saltlen;
+- 
++    int saltlenMax = -1;
++
++    /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
++     * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
++     * salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of
++     * the hash function output block (in bytes)."
++     *
++     * Switch the meaning of RSA_PSS_SALTLEN_AUTO to use at most the digest
++     * length in FIPS mode, so that the default does not violate FIPS 186-4. */
+     if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
+         saltlen = EVP_MD_get_size(ctx->md);
+-    } else if (saltlen == RSA_PSS_SALTLEN_AUTO || saltlen == RSA_PSS_SALTLEN_MAX) {
++    } else if (saltlen == RSA_PSS_SALTLEN_AUTO) {
++        saltlen = RSA_PSS_SALTLEN_MAX;
++        saltlenMax = EVP_MD_get_size(ctx->md);
++    }
++    if (saltlen == RSA_PSS_SALTLEN_MAX) {
+         saltlen = RSA_size(ctx->rsa) - EVP_MD_get_size(ctx->md) - 2;
+         if ((RSA_bits(ctx->rsa) & 0x7) == 1)
+             saltlen--;
++        if (saltlenMax >= 0 && saltlen > saltlenMax)
++            saltlen = saltlenMax;
+     }
+     if (saltlen < 0) {
+         ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+-- 
+2.38.1
+
diff --git a/openssl.spec b/openssl.spec
index 2ed1533..7975059 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -180,6 +180,10 @@ Patch85: 0085-FIPS-RSA-disable-shake.patch
 Patch86: 0086-avoid-bio-memleak.patch
 #https://github.com/openssl/openssl/pull/19501
 Patch87: 0087-FIPS-RSA-selftest-params.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2142087
+Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2142087
+Patch89: 0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -527,6 +531,10 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2144000
 - Set minimum password length for PBKDF2 in FIPS mode
   Resolves: rhbz#2144003
+- Add explicit indicator for PSS salt length in FIPS mode
+  Resolves: rhbz#2144012
+- Clamp default PSS salt length to digest size for FIPS 186-4 compliance
+  Related: rhbz#2144012
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow

From 5d738bdd7fe0e7e68f6b423b2c3d010eecbd88b8 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Tue, 22 Nov 2022 12:57:21 +0100
Subject: [PATCH 10/28] Forbid short RSA keys for key
 encapsulation/decapsulation in FIPS mode

Resolves: rhbz#2145170
---
 0090-FIPS-RSA-encapsulate.patch | 32 ++++++++++++++++++++++++++++++++
 openssl.spec                    |  4 ++++
 2 files changed, 36 insertions(+)
 create mode 100644 0090-FIPS-RSA-encapsulate.patch

diff --git a/0090-FIPS-RSA-encapsulate.patch b/0090-FIPS-RSA-encapsulate.patch
new file mode 100644
index 0000000..0e24cf8
--- /dev/null
+++ b/0090-FIPS-RSA-encapsulate.patch
@@ -0,0 +1,32 @@
+diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0.1/providers/implementations/kem/rsa_kem.c
+--- openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap	2022-11-22 12:27:30.994530801 +0100
++++ openssl-3.0.1/providers/implementations/kem/rsa_kem.c	2022-11-22 12:32:15.916875495 +0100
+@@ -264,6 +264,14 @@ static int rsasve_generate(PROV_RSA_CTX
+             *secretlen = nlen;
+         return 1;
+     }
++
++#ifdef FIPS_MODULE
++    if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
++        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
++        return 0;
++    }
++#endif
++
+     /*
+      * Step (2): Generate a random byte string z of nlen bytes where
+      *            1 < z < n - 1
+@@ -307,6 +315,13 @@ static int rsasve_recover(PROV_RSA_CTX *
+         return 1;
+     }
+ 
++#ifdef FIPS_MODULE
++    if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
++        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
++        return 0;
++    }
++#endif
++
+     /* Step (2): check the input ciphertext 'inlen' matches the nlen */
+     if (inlen != nlen) {
+         ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
diff --git a/openssl.spec b/openssl.spec
index 7975059..287a6f2 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -184,6 +184,8 @@ Patch87: 0087-FIPS-RSA-selftest-params.patch
 Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142087
 Patch89: 0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2144561
+Patch90: 0090-FIPS-RSA-encapsulate.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -535,6 +537,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2144012
 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance
   Related: rhbz#2144012
+- Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
+  Resolves: rhbz#2145170
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow

From 477d91adece6f348bc77888a646ecd590418af14 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 23 Nov 2022 13:01:22 +0100
Subject: [PATCH 11/28] Rebasing to OpenSSL 3.0.7

Resolves: rhbz#2129063
---
 .gitignore                                    |    1 +
 ...PROFILE-SYSTEM-system-default-cipher.patch |    4 +-
 0009-Add-Kernel-FIPS-mode-flag-support.patch  |    2 +-
 0011-Remove-EC-curves.patch                   |   12 +
 0012-Disable-explicit-ec.patch                |    8 +-
 0031-tmp-Fix-test-names.patch                 |    6 +-
 0035-speed-skip-unavailable-dgst.patch        |   13 -
 0045-FIPS-services-minimize.patch             |   32 -
 ...Selectively-disallow-SHA1-signatures.patch |    4 +-
 0056-strcasecmp.patch                         | 2287 +----------------
 ...nature-verification-in-FIPS-provider.patch |  552 +---
 0062-fips-Expose-a-FIPS-indicator.patch       |    2 +-
 ...erformance-optimizations-for-ppc64le.patch |    2 +-
 ...OAEP-in-KATs-support-fixed-OAEP-seed.patch |   12 +-
 ...gest_sign-digest_verify-in-self-test.patch |    4 +-
 ...gnature-Clamp-PSS-salt-len-to-MD-len.patch |    2 +-
 openssl.spec                                  |   50 +-
 sources                                       |    2 +-
 18 files changed, 79 insertions(+), 2916 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0a3d925..a8b9f6a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -53,3 +53,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-1.1.1k-hobbled.tar.xz
 /openssl-3.0.0-hobbled.tar.xz
 /openssl-3.0.1-hobbled.tar.xz
+/openssl-3.0.7-hobbled.tar.gz
diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
index 9917fcf..7a97dee 100644
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
 @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure    ?	3_0_0	EXIST::FUNCTION:
- ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
  EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
+ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
 +ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 -- 
 2.26.2
diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch
index 01bd840..30ff325 100644
--- a/0009-Add-Kernel-FIPS-mode-flag-support.patch
+++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch
@@ -2,8 +2,8 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
 --- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips	2021-03-16 00:09:55.814826432 +0100
 +++ openssl-3.0.0-alpha13/crypto/context.c	2021-03-16 00:15:55.129043811 +0100
 @@ -12,11 +12,46 @@
- #include "internal/bio.h"
  #include "internal/provider.h"
+ #include "crypto/ctype.h"
  
 +# include <sys/types.h>
 +# include <sys/stat.h>
diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch
index 51c9d23..10e200c 100644
--- a/0011-Remove-EC-curves.patch
+++ b/0011-Remove-EC-curves.patch
@@ -5011,3 +5011,15 @@ diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remov
  Title=prime256v1 curve tests
  
  PrivateKey=ALICE_cf_prime256v1
+diff -up openssl-3.0.7/test/recipes/15-test_ec.t.skipshort openssl-3.0.7/test/recipes/15-test_ec.t
+--- openssl-3.0.7/test/recipes/15-test_ec.t.skipshort	2022-11-23 12:40:55.324395782 +0100
++++ openssl-3.0.7/test/recipes/15-test_ec.t	2022-11-23 12:42:12.478094387 +0100
+@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key
+ 
+ subtest 'Check loading of fips and non-fips keys' => sub {
+     plan skip_all => "FIPS is disabled"
+-        if $no_fips;
++        if 1; #Red Hat specific, original value is $no_fips;
+ 
+     plan tests => 2;
+ 
diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch
index 9c3ef57..550cdf4 100644
--- a/0012-Disable-explicit-ec.patch
+++ b/0012-Disable-explicit-ec.patch
@@ -40,17 +40,17 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te
  static OSSL_PARAM_BLD *bld_tri_nc = NULL;
 @@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
  DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
- IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
+ IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
  IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
 -DOMAIN_KEYS(ECExplicitPrime2G);
--IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
+-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
 -IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
 +/*DOMAIN_KEYS(ECExplicitPrime2G);*/
-+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
++/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
 +/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
  # ifndef OPENSSL_NO_EC2M
  DOMAIN_KEYS(ECExplicitTriNamedCurve);
- IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
+ IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
 @@ -1318,7 +1318,7 @@ int setup_tests(void)
          || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
          || !create_ec_explicit_prime_params(bld_prime)
diff --git a/0031-tmp-Fix-test-names.patch b/0031-tmp-Fix-test-names.patch
index 5c22f24..42b3c0a 100644
--- a/0031-tmp-Fix-test-names.patch
+++ b/0031-tmp-Fix-test-names.patch
@@ -2,9 +2,9 @@ diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/
 --- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit	2021-09-22 11:56:49.452507975 +0200
 +++ openssl-3.0.0/test/recipes/90-test_sslapi.t	2021-09-22 11:57:19.371764742 +0200
 @@ -40,7 +40,7 @@ unless ($no_fips) {
-                  srctop_file("test", "recipes", "90-test_sslapi_data",
-                              "passwd.txt"), $tmpfilename, "fips",
-                  srctop_file("test", "fips-and-base.cnf")])),
+                              "recipes",
+                              "90-test_sslapi_data",
+                              "dhparams.pem")])),
 -                 "running sslapitest");
 +                 "running sslapitest - FIPS");
  }
diff --git a/0035-speed-skip-unavailable-dgst.patch b/0035-speed-skip-unavailable-dgst.patch
index 6d948dd..9256f7f 100644
--- a/0035-speed-skip-unavailable-dgst.patch
+++ b/0035-speed-skip-unavailable-dgst.patch
@@ -11,16 +11,3 @@ diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
          if (!EVP_MAC_init(mctx, NULL, 0, NULL)
              || !EVP_MAC_update(mctx, buf, lengths[testnum])
              || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
-@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv)
-             if (loopargs[i].mctx == NULL)
-                 goto end;
- 
--            if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
--                goto end;
-+            if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) {
-+                EVP_MAC_CTX_free(loopargs[i].mctx);
-+                loopargs[i].mctx = NULL;
-+            }
-         }
-         for (testnum = 0; testnum < size_num; testnum++) {
-             print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch
index 8308990..abb13e0 100644
--- a/0045-FIPS-services-minimize.patch
+++ b/0045-FIPS-services-minimize.patch
@@ -717,35 +717,3 @@ diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen
  
      if (!ossl_prov_is_running())
          return 0;
-diff -up openssl-3.0.1/ssl/t1_lib.c.groupnames openssl-3.0.1/ssl/t1_lib.c
---- openssl-3.0.1/ssl/t1_lib.c.groupnames	2022-06-17 09:42:50.866748854 +0200
-+++ openssl-3.0.1/ssl/t1_lib.c	2022-06-17 09:49:07.715973172 +0200
-@@ -345,6 +345,7 @@ static int add_provider_groups(const OSS
-      * it.
-      */
-     ret = 1;
-+    (void)ERR_set_mark();
-     keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq);
-     if (keymgmt != NULL) {
-         /*
-@@ -366,6 +367,7 @@ static int add_provider_groups(const OSS
-         }
-         EVP_KEYMGMT_free(keymgmt);
-     }
-+    (void)ERR_pop_to_mark();
-  err:
-     if (ginf != NULL) {
-         OPENSSL_free(ginf->tlsname);
-@@ -725,8 +727,11 @@ static int gid_cb(const char *elem, int
-     etmp[len] = 0;
- 
-     gid = tls1_group_name2id(garg->ctx, etmp);
--    if (gid == 0)
-+    if (gid == 0) {
-+        ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
-+                       "group '%s' cannot be set", etmp);
-         return 0;
-+    }
-     for (i = 0; i < garg->gidcnt; i++)
-         if (garg->gid_arr[i] == gid)
-             return 0;
diff --git a/0049-Selectively-disallow-SHA1-signatures.patch b/0049-Selectively-disallow-SHA1-signatures.patch
index 18b0183..f18e099 100644
--- a/0049-Selectively-disallow-SHA1-signatures.patch
+++ b/0049-Selectively-disallow-SHA1-signatures.patch
@@ -479,8 +479,8 @@ index 10b4e57d79..2d3c363bb0 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
 @@ -5426,3 +5426,5 @@ ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
+ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
  ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 +ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
 +ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:
diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch
index ed30b2e..5c33a76 100644
--- a/0056-strcasecmp.patch
+++ b/0056-strcasecmp.patch
@@ -1,2279 +1,14 @@
-diff --git a/apps/ca.c b/apps/ca.c
-index 24883615ed6b..8a2b31579549 100644
---- a/apps/ca.c
-+++ b/apps/ca.c
-@@ -2367,7 +2367,7 @@ static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg)
- 
-     case REV_CRL_REASON:
-         for (i = 0; i < 8; i++) {
--            if (strcasecmp(rev_arg, crl_reasons[i]) == 0) {
-+            if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) {
-                 reason = crl_reasons[i];
-                 break;
-             }
-@@ -2584,7 +2584,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
-     }
-     if (reason_str) {
-         for (i = 0; i < NUM_REASONS; i++) {
--            if (strcasecmp(reason_str, crl_reasons[i]) == 0) {
-+            if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) {
-                 reason_code = i;
-                 break;
-             }
-diff --git a/apps/cmp.c b/apps/cmp.c
-index 9ea5cee4124d..5c6bcdad0a64 100644
---- a/apps/cmp.c
-+++ b/apps/cmp.c
-@@ -1745,7 +1745,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx)
-     valptr[0] = '\0';
-     valptr++;
- 
--    if (strncasecmp(valptr, "int:", 4) != 0) {
-+    if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) {
-         CMP_err("missing 'int:' in -geninfo option");
-         return 0;
-     }
-diff --git a/apps/ecparam.c b/apps/ecparam.c
-index 12eed703de69..ecce36be71a2 100644
---- a/apps/ecparam.c
-+++ b/apps/ecparam.c
-@@ -229,7 +229,7 @@ int ecparam_main(int argc, char **argv)
-                        point_format, 0);
-         *p = OSSL_PARAM_construct_end();
- 
--        if (strcasecmp(curve_name, "SM2") == 0)
-+        if (OPENSSL_strcasecmp(curve_name, "SM2") == 0)
-             gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "sm2", NULL);
-         else
-             gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL);
-diff --git a/apps/lib/apps.c b/apps/lib/apps.c
-index 30da6e8a8cb8..227da4982d14 100644
---- a/apps/lib/apps.c
-+++ b/apps/lib/apps.c
-@@ -688,8 +688,8 @@ int load_cert_certs(const char *uri,
-     int ret = 0;
-     char *pass_string;
- 
--    if (exclude_http && (strncasecmp(uri, "http://", 7) == 0
--                         || strncasecmp(uri, "https://", 8) == 0)) {
-+    if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0
-+                         || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) {
-         BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc);
-         return ret;
-     }
-@@ -1182,20 +1182,20 @@ int set_name_ex(unsigned long *flags, const char *arg)
- 
- int set_dateopt(unsigned long *dateopt, const char *arg)
- {
--    if (strcasecmp(arg, "rfc_822") == 0)
-+    if (OPENSSL_strcasecmp(arg, "rfc_822") == 0)
-         *dateopt = ASN1_DTFLGS_RFC822;
--    else if (strcasecmp(arg, "iso_8601") == 0)
-+    else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0)
-         *dateopt = ASN1_DTFLGS_ISO8601;
-     return 0;
- }
- 
- int set_ext_copy(int *copy_type, const char *arg)
- {
--    if (strcasecmp(arg, "none") == 0)
-+    if (OPENSSL_strcasecmp(arg, "none") == 0)
-         *copy_type = EXT_COPY_NONE;
--    else if (strcasecmp(arg, "copy") == 0)
-+    else if (OPENSSL_strcasecmp(arg, "copy") == 0)
-         *copy_type = EXT_COPY_ADD;
--    else if (strcasecmp(arg, "copyall") == 0)
-+    else if (OPENSSL_strcasecmp(arg, "copyall") == 0)
-         *copy_type = EXT_COPY_ALL;
-     else
-         return 0;
-@@ -1275,7 +1275,7 @@ static int set_table_opts(unsigned long *flags, const char *arg,
-     }
- 
-     for (ptbl = in_tbl; ptbl->name; ptbl++) {
--        if (strcasecmp(arg, ptbl->name) == 0) {
-+        if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) {
-             *flags &= ~ptbl->mask;
-             if (c)
-                 *flags |= ptbl->flag;
-diff --git a/apps/lib/engine_loader.c b/apps/lib/engine_loader.c
-index c093f31e1b39..42775a89f361 100644
---- a/apps/lib/engine_loader.c
-+++ b/apps/lib/engine_loader.c
-@@ -71,7 +71,7 @@ static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader,
-     char *keyid = NULL;
-     OSSL_STORE_LOADER_CTX *ctx = NULL;
- 
--    if (strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1)
-+    if (OPENSSL_strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1)
-         != 0)
-         return NULL;
-     p += sizeof(ENGINE_SCHEME_COLON) - 1;
-diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
-index 03faac7707b7..df9575e2cd21 100644
---- a/apps/lib/http_server.c
-+++ b/apps/lib/http_server.c
-@@ -453,10 +453,11 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
-         }
-         *line_end = '\0';
-         /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
--        if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) {
--            if (strcasecmp(value, "keep-alive") == 0)
-+        if (found_keep_alive != NULL
-+            && OPENSSL_strcasecmp(key, "Connection") == 0) {
-+            if (OPENSSL_strcasecmp(value, "keep-alive") == 0)
-                 *found_keep_alive = 1;
--            else if (strcasecmp(value, "close") == 0)
-+            else if (OPENSSL_strcasecmp(value, "close") == 0)
-                 *found_keep_alive = 0;
-         }
-     }
-diff --git a/apps/lib/names.c b/apps/lib/names.c
-index 5e2e7e147c7f..462703c6462b 100644
---- a/apps/lib/names.c
-+++ b/apps/lib/names.c
-@@ -11,14 +11,11 @@
- #include <openssl/bio.h>
- #include <openssl/safestack.h>
- #include "names.h"
--
--#ifdef _WIN32
--# define strcasecmp _stricmp
--#endif
-+#include "openssl/crypto.h"
- 
- int name_cmp(const char * const *a, const char * const *b)
- {
--    return strcasecmp(*a, *b);
-+    return OPENSSL_strcasecmp(*a, *b);
- }
- 
- void collect_names(const char *name, void *vdata)
-diff --git a/apps/lib/vms_term_sock.c b/apps/lib/vms_term_sock.c
-index 1b27699b9d49..4d9a69b29e03 100644
---- a/apps/lib/vms_term_sock.c
-+++ b/apps/lib/vms_term_sock.c
-@@ -132,7 +132,7 @@ int main (int argc, char *argv[], char *envp[])
-         len;
- 
-     LogMessage ("Enter 'q' or 'Q' to quit ...");
--    while (strcasecmp (TermBuff, "Q")) {
-+    while (OPENSSL_strcasecmp (TermBuff, "Q")) {
-         /*
-         ** Create the terminal socket
-         */
-diff --git a/apps/list.c b/apps/list.c
-index 9732d6625a05..620ce0083134 100644
---- a/apps/list.c
-+++ b/apps/list.c
-@@ -71,7 +71,7 @@ static void legacy_cipher_fn(const EVP_CIPHER *c,
- {
-     if (select_name != NULL
-         && (c == NULL
--            || strcasecmp(select_name,  EVP_CIPHER_get0_name(c)) != 0))
-+            || OPENSSL_strcasecmp(select_name,  EVP_CIPHER_get0_name(c)) != 0))
-         return;
-     if (c != NULL) {
-         BIO_printf(arg, "  %s\n", EVP_CIPHER_get0_name(c));
-@@ -370,7 +370,7 @@ DEFINE_STACK_OF(EVP_RAND)
- 
- static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b)
- {
--    int ret = strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b));
-+    int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b));
- 
-     if (ret == 0)
-         ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)),
-@@ -404,7 +404,7 @@ static void list_random_generators(void)
-         const EVP_RAND *m = sk_EVP_RAND_value(rands, i);
- 
-         if (select_name != NULL
--            && strcasecmp(EVP_RAND_get0_name(m), select_name) != 0)
-+            && OPENSSL_strcasecmp(EVP_RAND_get0_name(m), select_name) != 0)
-             continue;
-         BIO_printf(bio_out, "  %s", EVP_RAND_get0_name(m));
-         BIO_printf(bio_out, " @ %s\n",
-@@ -463,7 +463,7 @@ static void display_random(const char *name, EVP_RAND_CTX *drbg)
-         if (gettables != NULL)
-             for (; gettables->key != NULL; gettables++) {
-                 /* State has been dealt with already, so ignore */
--                if (strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0)
-+                if (OPENSSL_strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0)
-                     continue;
-                 /* Outside of verbose mode, we skip non-string values */
-                 if (gettables->data_type != OSSL_PARAM_UTF8_STRING
-diff --git a/apps/rehash.c b/apps/rehash.c
-index fb6c08c420ca..e4a4e14fd497 100644
---- a/apps/rehash.c
-+++ b/apps/rehash.c
-@@ -214,7 +214,7 @@ static int handle_symlink(const char *filename, const char *fullpath)
-         return -1;
-     for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
-         const char *suffix = suffixes[type];
--        if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
-+        if (OPENSSL_strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
-             break;
-     }
-     i += strlen(suffixes[type]);
-@@ -249,7 +249,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
-     if ((ext = strrchr(filename, '.')) == NULL)
-         goto end;
-     for (i = 0; i < OSSL_NELEM(extensions); i++) {
--        if (strcasecmp(extensions[i], ext + 1) == 0)
-+        if (OPENSSL_strcasecmp(extensions[i], ext + 1) == 0)
-             break;
-     }
-     if (i >= OSSL_NELEM(extensions))
-diff --git a/apps/s_server.c b/apps/s_server.c
-index ccaec3124bf4..e93cfa1e2c7a 100644
---- a/apps/s_server.c
-+++ b/apps/s_server.c
-@@ -432,7 +432,7 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg)
-         return SSL_TLSEXT_ERR_NOACK;
- 
-     if (servername != NULL) {
--        if (strcasecmp(servername, p->servername))
-+        if (OPENSSL_strcasecmp(servername, p->servername))
-             return p->extension_error;
-         if (ctx2 != NULL) {
-             BIO_printf(p->biodebug, "Switching server context.\n");
-diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c
-index ddf68b576f88..fe9fc0dd43ba 100644
---- a/crypto/LPdir_unix.c
-+++ b/crypto/LPdir_unix.c
-@@ -141,7 +141,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
-             p--;
-         if (p > (*ctx)->entry_name && p[-1] == ';')
-             p[-1] = '\0';
--        if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0)
-+        if (OPENSSL_strcasecmp((*ctx)->entry_name,
-+                               (*ctx)->previous_entry_name) == 0)
-             goto again;
-     }
- #endif
-diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
-index 031a6c936ad1..0de5785c2745 100644
---- a/crypto/asn1/ameth_lib.c
-+++ b/crypto/asn1/ameth_lib.c
-@@ -10,7 +10,6 @@
- /* We need to use some engine deprecated APIs */
- #define OPENSSL_SUPPRESS_DEPRECATED
- 
--#include "e_os.h"               /* for strncasecmp */
- #include "internal/cryptlib.h"
- #include <stdio.h>
- #include <openssl/asn1t.h>
-@@ -134,7 +133,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
-         if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
-             continue;
-         if ((int)strlen(ameth->pem_str) == len
--            && strncasecmp(ameth->pem_str, str, len) == 0)
-+            && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0)
-             return ameth;
-     }
-     return NULL;
-diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
-index ecff2be02e1f..59d42daf4a1c 100644
---- a/crypto/asn1/asn1_gen.c
-+++ b/crypto/asn1/asn1_gen.c
-@@ -10,7 +10,6 @@
- #include "internal/cryptlib.h"
- #include <openssl/asn1.h>
- #include <openssl/x509v3.h>
--#include "e_os.h" /* strncasecmp() */
- 
- #define ASN1_GEN_FLAG           0x10000
- #define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)
-@@ -565,7 +564,8 @@ static int asn1_str2tag(const char *tagstr, int len)
- 
-     tntmp = tnst;
-     for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) {
--        if ((len == tntmp->len) && (strncasecmp(tntmp->strnam, tagstr, len) == 0))
-+        if ((len == tntmp->len)
-+            && (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0))
-             return tntmp->tag;
-     }
- 
-diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
-index c05c3c6b109d..6fe8427dc5e6 100644
---- a/crypto/conf/conf_def.c
-+++ b/crypto/conf/conf_def.c
-@@ -11,7 +11,7 @@
- 
- #include <stdio.h>
- #include <string.h>
--#include "e_os.h" /* strcasecmp and struct stat */
-+#include "e_os.h" /* struct stat */
- #ifdef __TANDEM
- # include <sys/types.h> /* needed for stat.h */
- # include <sys/stat.h> /* struct stat */
-@@ -192,11 +192,11 @@ static int def_load(CONF *conf, const char *name, long *line)
- /* Parse a boolean value and fill in *flag. Return 0 on error. */
- static int parsebool(const char *pval, int *flag)
- {
--    if (strcasecmp(pval, "on") == 0
--            || strcasecmp(pval, "true") == 0) {
-+    if (OPENSSL_strcasecmp(pval, "on") == 0
-+            || OPENSSL_strcasecmp(pval, "true") == 0) {
-         *flag = 1;
--    } else if (strcasecmp(pval, "off") == 0
--            || strcasecmp(pval, "false") == 0) {
-+    } else if (OPENSSL_strcasecmp(pval, "off") == 0
-+            || OPENSSL_strcasecmp(pval, "false") == 0) {
-         *flag = 0;
-     } else {
-         ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA);
-@@ -839,8 +839,10 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx)
-         namelen = strlen(filename);
- 
- 
--        if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0)
--            || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) {
-+        if ((namelen > 5
-+             && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0)
-+             || (namelen > 4
-+                 && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) {
-             size_t newlen;
-             char *newpath;
-             BIO *bio;
-diff --git a/crypto/context.c b/crypto/context.c
-index 3333af4c534e..4fef24cadd5a 100644
---- a/crypto/context.c
-+++ b/crypto/context.c
-@@ -14,6 +14,7 @@
- #include "internal/core.h"
- #include "internal/bio.h"
- #include "internal/provider.h"
-+#include "crypto/ctype.h"
- 
- # include <sys/types.h>
- # include <sys/stat.h>
-@@ -150,7 +151,8 @@ static CRYPTO_THREAD_LOCAL default_context_thread_local;
- {
- 	 read_kernel_fips_flag();
-     return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
--        && context_init(&default_context_int);
-+        && context_init(&default_context_int)
-+        && ossl_init_casecmp();
- }
- 
- void ossl_lib_ctx_default_deinit(void)
-diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
-index 55248affc663..7e11ab1c8845 100644
---- a/crypto/core_namemap.c
-+++ b/crypto/core_namemap.c
-@@ -7,7 +7,6 @@
-  * https://www.openssl.org/source/license.html
-  */
- 
--#include "e_os.h"                /* strcasecmp */
- #include "internal/namemap.h"
- #include <openssl/lhash.h>
- #include "crypto/lhash.h"      /* ossl_lh_strcasehash */
-@@ -49,7 +48,7 @@ static unsigned long namenum_hash(const NAMENUM_ENTRY *n)
- 
- static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b)
- {
--    return strcasecmp(a->name, b->name);
-+    return OPENSSL_strcasecmp(a->name, b->name);
- }
- 
- static void namenum_free(NAMENUM_ENTRY *n)
-diff --git a/crypto/ctype.c b/crypto/ctype.c
-index 83c24a546f53..321306eb5f50 100644
---- a/crypto/ctype.c
-+++ b/crypto/ctype.c
-@@ -12,6 +12,19 @@
- #include "crypto/ctype.h"
- #include <openssl/ebcdic.h>
- 
-+#include <openssl/crypto.h>
-+#include "internal/core.h"
-+#include "internal/thread_once.h"
-+
-+#ifndef OPENSSL_SYS_WINDOWS
-+#include <strings.h>
-+#endif
-+#include <locale.h>
-+
-+#ifdef OPENSSL_SYS_MACOSX
-+#include <xlocale.h>
-+#endif
-+
- /*
-  * Define the character classes for each character in the seven bit ASCII
-  * character set.  This is independent of the host's character set, characters
-@@ -278,3 +291,90 @@ int ossl_ascii_isdigit(const char inchar) {
-         return 1;
-     return 0;
- }
-+
-+/* str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly
-+ * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html */
-+
-+#if (defined OPENSSL_SYS_WINDOWS) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200809L)
-+
-+# if defined OPENSSL_SYS_WINDOWS
-+# define locale_t _locale_t
-+# define freelocale _free_locale
-+# define strcasecmp_l _stricmp_l
-+# define strncasecmp_l _strnicmp_l
-+# endif
-+
-+# ifndef FIPS_MODULE
-+static locale_t loc;
-+
-+static int locale_base_inited = 0;
-+static CRYPTO_ONCE locale_base = CRYPTO_ONCE_STATIC_INIT;
-+static CRYPTO_ONCE locale_base_deinit = CRYPTO_ONCE_STATIC_INIT;
-+
-+void *ossl_c_locale() {
-+    return (void *)loc;
-+}
-+
-+DEFINE_RUN_ONCE_STATIC(ossl_init_locale_base)
-+{
-+# ifdef OPENSSL_SYS_WINDOWS
-+    loc = _create_locale(LC_COLLATE, "C");
-+# else
-+    loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0);
-+# endif
-+    locale_base_inited = 1;
-+    return (loc == (locale_t) 0) ? 0 : 1;
-+}
-+
-+DEFINE_RUN_ONCE_STATIC(ossl_deinit_locale_base)
-+{
-+    if (locale_base_inited && loc) {
-+        freelocale(loc);
-+        loc = NULL;
-+    }
-+    return 1;
-+}
-+
-+int ossl_init_casecmp()
-+{
-+   return RUN_ONCE(&locale_base, ossl_init_locale_base);
-+}
-+
-+void ossl_deinit_casecmp() {
-+    (void)RUN_ONCE(&locale_base_deinit, ossl_deinit_locale_base);
-+}
-+# endif
-+
-+int OPENSSL_strcasecmp(const char *s1, const char *s2)
-+{
-+    return strcasecmp_l(s1, s2, (locale_t)ossl_c_locale());
-+}
-+
-+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
-+{
-+    return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale());
-+}
-+#else
-+# ifndef FIPS_MODULE
-+void *ossl_c_locale() {
-+    return NULL;
-+}
-+# endif
-+
-+int ossl_init_casecmp() {
-+    return 1;
-+}
-+
-+void ossl_deinit_casecmp() {
-+}
-+
-+int OPENSSL_strcasecmp(const char *s1, const char *s2)
-+{
-+    return strcasecmp(s1, s2);
-+}
-+
-+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
-+{
-+    return strncasecmp(s1, s2, n);
-+}
-+#endif
-diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
-index c71f4053da6c..7608cbae5a28 100644
---- a/crypto/dh/dh_group_params.c
-+++ b/crypto/dh/dh_group_params.c
-@@ -23,7 +23,6 @@
- #include <openssl/objects.h>
- #include "internal/nelem.h"
- #include "crypto/dh.h"
--#include "e_os.h" /* strcasecmp */
- 
- static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group)
- {
-diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
-index 381da71f33a8..0d84a3332296 100644
---- a/crypto/ec/ec_backend.c
-+++ b/crypto/ec/ec_backend.c
-@@ -54,7 +54,7 @@ int ossl_ec_encoding_name2id(const char *name)
-         return OPENSSL_EC_NAMED_CURVE;
- 
-     for (i = 0, sz = OSSL_NELEM(encoding_nameid_map); i < sz; i++) {
--        if (strcasecmp(name, encoding_nameid_map[i].ptr) == 0)
-+        if (OPENSSL_strcasecmp(name, encoding_nameid_map[i].ptr) == 0)
-             return encoding_nameid_map[i].id;
-     }
-     return -1;
-@@ -91,7 +91,7 @@ static int ec_check_group_type_name2id(const char *name)
-         return 0;
- 
-     for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) {
--        if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0)
-+        if (OPENSSL_strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0)
-             return check_group_type_nameid_map[i].id;
-     }
-     return -1;
-@@ -136,7 +136,7 @@ int ossl_ec_pt_format_name2id(const char *name)
-         return (int)POINT_CONVERSION_UNCOMPRESSED;
- 
-     for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) {
--        if (strcasecmp(name, format_nameid_map[i].ptr) == 0)
-+        if (OPENSSL_strcasecmp(name, format_nameid_map[i].ptr) == 0)
-             return format_nameid_map[i].id;
-     }
-     return -1;
-diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
-index 2ee8284eaff3..ecd53fee008a 100644
---- a/crypto/ec/ec_lib.c
-+++ b/crypto/ec/ec_lib.c
-@@ -22,7 +22,6 @@
- #include "crypto/ec.h"
- #include "internal/nelem.h"
- #include "ec_local.h"
--#include "e_os.h" /* strcasecmp */
- 
- /* functions for EC_GROUP objects */
- 
-@@ -1581,9 +1580,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
-         ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD);
-         goto err;
-     }
--    if (strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) {
-+    if (OPENSSL_strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) {
-         is_prime_field = 1;
--    } else if (strcasecmp(ptmp->data, SN_X9_62_characteristic_two_field) == 0) {
-+    } else if (OPENSSL_strcasecmp(ptmp->data,
-+                                  SN_X9_62_characteristic_two_field) == 0) {
-         is_prime_field = 0;
-     } else {
-         /* Invalid field */
-diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
-index 10a38b6f82a7..de6d3def3101 100644
---- a/crypto/encode_decode/decoder_lib.c
-+++ b/crypto/encode_decode/decoder_lib.c
-@@ -789,7 +789,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
-          */
-         trace_data_structure = data_structure;
-         if (data_type != NULL && data_structure != NULL
--            && strcasecmp(data_structure, "type-specific") == 0)
-+            && OPENSSL_strcasecmp(data_structure, "type-specific") == 0)
-             data_structure = NULL;
- 
-         OSSL_TRACE_BEGIN(DECODER) {
-@@ -850,7 +850,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
-          * that's the case, we do this extra check.
-          */
-         if (decoder == NULL && ctx->start_input_type != NULL
--            && strcasecmp(ctx->start_input_type, new_input_type) != 0) {
-+            && OPENSSL_strcasecmp(ctx->start_input_type, new_input_type) != 0) {
-             OSSL_TRACE_BEGIN(DECODER) {
-                 BIO_printf(trc_out,
-                            "(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n",
-@@ -896,7 +896,8 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
-          */
-         if (data_structure != NULL
-             && (new_input_structure == NULL
--                || strcasecmp(data_structure, new_input_structure) != 0)) {
-+                || OPENSSL_strcasecmp(data_structure,
-+                                      new_input_structure) != 0)) {
-             OSSL_TRACE_BEGIN(DECODER) {
-                 BIO_printf(trc_out,
-                            "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n",
-@@ -915,7 +916,8 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
-             && ctx->input_structure != NULL
-             && new_input_structure != NULL) {
-             data->flag_input_structure_checked = 1;
--            if (strcasecmp(new_input_structure, ctx->input_structure) != 0) {
-+            if (OPENSSL_strcasecmp(new_input_structure,
-+                                   ctx->input_structure) != 0) {
-                 OSSL_TRACE_BEGIN(DECODER) {
-                     BIO_printf(trc_out,
-                                "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n",
-diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
-index 475117a463af..833061d873ed 100644
---- a/crypto/encode_decode/decoder_pkey.c
-+++ b/crypto/encode_decode/decoder_pkey.c
-@@ -18,7 +18,6 @@
- #include "crypto/evp.h"
- #include "crypto/decoder.h"
- #include "encoder_local.h"
--#include "e_os.h"                /* strcasecmp on Windows */
- 
- int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx,
-                                     const unsigned char *kstr,
-diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c
-index cfd9275172f5..2a83af825c2d 100644
---- a/crypto/encode_decode/encoder_lib.c
-+++ b/crypto/encode_decode/encoder_lib.c
-@@ -7,7 +7,6 @@
-  * https://www.openssl.org/source/license.html
-  */
- 
--#include "e_os.h"                /* strcasecmp on Windows */
- #include <openssl/core_names.h>
- #include <openssl/bio.h>
- #include <openssl/encoder.h>
-@@ -453,8 +452,8 @@ static int encoder_process(struct encoder_process_data_st *data)
-          */
-         if (top) {
-             if (data->ctx->output_type != NULL
--                && strcasecmp(current_output_type,
--                              data->ctx->output_type) != 0) {
-+                && OPENSSL_strcasecmp(current_output_type,
-+                                      data->ctx->output_type) != 0) {
-                 OSSL_TRACE_BEGIN(ENCODER) {
-                     BIO_printf(trc_out,
-                                "[%d]    Skipping because current encoder output type (%s) != desired output type (%s)\n",
-@@ -482,8 +481,8 @@ static int encoder_process(struct encoder_process_data_st *data)
-          */
-         if (data->ctx->output_structure != NULL
-             && current_output_structure != NULL) {
--            if (strcasecmp(data->ctx->output_structure,
--                           current_output_structure) != 0) {
-+            if (OPENSSL_strcasecmp(data->ctx->output_structure,
-+                                   current_output_structure) != 0) {
-                 OSSL_TRACE_BEGIN(ENCODER) {
-                     BIO_printf(trc_out,
-                                "[%d]    Skipping because current encoder output structure (%s) != ctx output structure (%s)\n",
-diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c
-index c37edf966d7e..3a24317cf4d6 100644
---- a/crypto/encode_decode/encoder_pkey.c
-+++ b/crypto/encode_decode/encoder_pkey.c
-@@ -7,7 +7,6 @@
-  * https://www.openssl.org/source/license.html
-  */
- 
--#include "e_os.h"                /* strcasecmp on Windows */
- #include <openssl/err.h>
- #include <openssl/ui.h>
- #include <openssl/params.h>
-diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
-index e3a5c82e9957..09d0ed9d3aae 100644
---- a/crypto/engine/tb_asnmth.c
-+++ b/crypto/engine/tb_asnmth.c
-@@ -152,7 +152,7 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
-         e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
-         if (ameth != NULL
-             && ((int)strlen(ameth->pem_str) == len)
--            && strncasecmp(ameth->pem_str, str, len) == 0)
-+            && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0)
-             return ameth;
-     }
-     return NULL;
-@@ -177,7 +177,7 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
-         e->pkey_asn1_meths(e, &ameth, NULL, nid);
-         if (ameth != NULL
-                 && ((int)strlen(ameth->pem_str) == lk->len)
--                && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
-+                && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
-             lk->e = e;
-             lk->ameth = ameth;
-             return;
-diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
-index 961ca116b32f..0aa1c23beec7 100644
---- a/crypto/evp/ctrl_params_translate.c
-+++ b/crypto/evp/ctrl_params_translate.c
-@@ -37,8 +37,6 @@
- #include "crypto/dh.h"
- #include "crypto/ec.h"
- 
--#include "e_os.h"                /* strcasecmp() for Windows */
--
- struct translation_ctx_st;       /* Forwarding */
- struct translation_st;           /* Forwarding */
- 
-@@ -905,7 +903,7 @@ static int fix_kdf_type(enum state state,
- 
-         /* Convert KDF type strings to numbers */
-         for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++)
--            if (strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) {
-+            if (OPENSSL_strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) {
-                 ctx->p1 = kdf_type_map->kdf_type_num;
-                 ret = 1;
-                 break;
-@@ -2469,10 +2467,11 @@ lookup_translation(struct translation_st *tmpl,
-              * cmd name in the template.
-              */
-             if (item->ctrl_str != NULL
--                && strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0)
-+                && OPENSSL_strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0)
-                 ctrl_str = tmpl->ctrl_str;
-             else if (item->ctrl_hexstr != NULL
--                     && strcasecmp(tmpl->ctrl_hexstr, item->ctrl_hexstr) == 0)
-+                     && OPENSSL_strcasecmp(tmpl->ctrl_hexstr,
-+                                           item->ctrl_hexstr) == 0)
-                 ctrl_hexstr = tmpl->ctrl_hexstr;
-             else
-                 continue;
-@@ -2500,7 +2499,8 @@ lookup_translation(struct translation_st *tmpl,
-             if ((item->action_type != NONE
-                  && tmpl->action_type != item->action_type)
-                 || (item->param_key != NULL
--                    && strcasecmp(tmpl->param_key, item->param_key) != 0))
-+                    && OPENSSL_strcasecmp(tmpl->param_key,
-+                                          item->param_key) != 0))
-                 continue;
-         } else {
-             return NULL;
-diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
-index 8550be65e785..aa3c7fa4efc7 100644
---- a/crypto/evp/ec_support.c
-+++ b/crypto/evp/ec_support.c
-@@ -10,7 +10,7 @@
- #include <string.h>
- #include <openssl/ec.h>
- #include "crypto/ec.h"
--#include "e_os.h" /* strcasecmp required by windows */
-+#include "internal/nelem.h"
- 
- typedef struct ec_name2nid_st {
-     const char *name;
-@@ -139,7 +139,7 @@ int ossl_ec_curve_name2nid(const char *name)
-             return nid;
- 
-         for (i = 0; i < OSSL_NELEM(curve_list); i++) {
--            if (strcasecmp(curve_list[i].name, name) == 0)
-+            if (OPENSSL_strcasecmp(curve_list[i].name, name) == 0)
-                 return curve_list[i].nid;
-         }
-     }
-diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
-index 24092cfd5be0..da3ef28b3d18 100644
---- a/crypto/evp/evp_lib.c
-+++ b/crypto/evp/evp_lib.c
-@@ -15,7 +15,6 @@
- 
- #include <stdio.h>
- #include <string.h>
--#include "e_os.h" /* strcasecmp */
- #include "internal/cryptlib.h"
- #include <openssl/evp.h>
- #include <openssl/objects.h>
-@@ -1170,17 +1169,17 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
- 
-     va_start(args, type);
- 
--    if (strcasecmp(type, "RSA") == 0) {
-+    if (OPENSSL_strcasecmp(type, "RSA") == 0) {
-         bits = va_arg(args, size_t);
-         params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
--    } else if (strcasecmp(type, "EC") == 0) {
-+    } else if (OPENSSL_strcasecmp(type, "EC") == 0) {
-         name = va_arg(args, char *);
-         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
-                                                      name, 0);
--    } else if (strcasecmp(type, "ED25519") != 0
--               && strcasecmp(type, "X25519") != 0
--               && strcasecmp(type, "ED448") != 0
--               && strcasecmp(type, "X448") != 0) {
-+    } else if (OPENSSL_strcasecmp(type, "ED25519") != 0
-+               && OPENSSL_strcasecmp(type, "X25519") != 0
-+               && OPENSSL_strcasecmp(type, "ED448") != 0
-+               && OPENSSL_strcasecmp(type, "X448") != 0) {
-         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
-         goto end;
-     }
-diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
-index 27138af56421..668607a72360 100644
---- a/crypto/evp/p_lib.c
-+++ b/crypto/evp/p_lib.c
-@@ -50,8 +50,6 @@
- #include "internal/provider.h"
- #include "evp_local.h"
- 
--#include "e_os.h"                /* strcasecmp on Windows */
--
- static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
-                          int len, EVP_KEYMGMT *keymgmt);
- static void evp_pkey_free_it(EVP_PKEY *key);
-@@ -1018,7 +1016,7 @@ int evp_pkey_name2type(const char *name)
-     size_t i;
- 
-     for (i = 0; i < OSSL_NELEM(standard_name2type); i++) {
--        if (strcasecmp(name, standard_name2type[i].ptr) == 0)
-+        if (OPENSSL_strcasecmp(name, standard_name2type[i].ptr) == 0)
-             return (int)standard_name2type[i].id;
-     }
- 
-diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c
-index e9f597c46c00..266cb30bc245 100644
---- a/crypto/ffc/ffc_dh.c
-+++ b/crypto/ffc/ffc_dh.c
-@@ -10,7 +10,6 @@
- #include "internal/ffc.h"
- #include "internal/nelem.h"
- #include "crypto/bn_dh.h"
--#include "e_os.h" /* strcasecmp */
- 
- #ifndef OPENSSL_NO_DH
- 
-@@ -84,7 +83,7 @@ const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name)
-     size_t i;
- 
-     for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
--        if (strcasecmp(dh_named_groups[i].name, name) == 0)
-+        if (OPENSSL_strcasecmp(dh_named_groups[i].name, name) == 0)
-             return &dh_named_groups[i];
-     }
-     return NULL;
-diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
-index 6e025a06be6e..500189e49fc0 100644
---- a/crypto/ffc/ffc_params.c
-+++ b/crypto/ffc/ffc_params.c
-@@ -12,7 +12,6 @@
- #include "internal/ffc.h"
- #include "internal/param_build_set.h"
- #include "internal/nelem.h"
--#include "e_os.h" /* strcasecmp */
- 
- #ifndef FIPS_MODULE
- # include <openssl/asn1.h> /* ossl_ffc_params_print */
-diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
-index 33e7b82b9e8c..8133a04936c5 100644
---- a/crypto/http/http_client.c
-+++ b/crypto/http/http_client.c
-@@ -322,7 +322,7 @@ static int add1_headers(OSSL_HTTP_REQ_CTX *rctx,
- 
-     for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
-         hdr = sk_CONF_VALUE_value(headers, i);
--        if (add_host && strcasecmp("host", hdr->name) == 0)
-+        if (add_host && OPENSSL_strcasecmp("host", hdr->name) == 0)
-             add_host = 0;
-         if (!OSSL_HTTP_REQ_CTX_add1_header(rctx, hdr->name, hdr->value))
-             return 0;
-@@ -666,13 +666,13 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
-         }
-         if (value != NULL && line_end != NULL) {
-             if (rctx->state == OHS_REDIRECT
--                    && strcasecmp(key, "Location") == 0) {
-+                    && OPENSSL_strcasecmp(key, "Location") == 0) {
-                 rctx->redirection_url = value;
-                 return 0;
-             }
-             if (rctx->expected_ct != NULL
--                    && strcasecmp(key, "Content-Type") == 0) {
--                if (strcasecmp(rctx->expected_ct, value) != 0) {
-+                    && OPENSSL_strcasecmp(key, "Content-Type") == 0) {
-+                if (OPENSSL_strcasecmp(rctx->expected_ct, value) != 0) {
-                     ERR_raise_data(ERR_LIB_HTTP, HTTP_R_UNEXPECTED_CONTENT_TYPE,
-                                    "expected=%s, actual=%s",
-                                    rctx->expected_ct, value);
-@@ -682,12 +682,12 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
-             }
- 
-             /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
--            if (strcasecmp(key, "Connection") == 0) {
--                if (strcasecmp(value, "keep-alive") == 0)
-+            if (OPENSSL_strcasecmp(key, "Connection") == 0) {
-+                if (OPENSSL_strcasecmp(value, "keep-alive") == 0)
-                     found_keep_alive = 1;
--                else if (strcasecmp(value, "close") == 0)
-+                else if (OPENSSL_strcasecmp(value, "close") == 0)
-                     found_keep_alive = 0;
--            } else if (strcasecmp(key, "Content-Length") == 0) {
-+            } else if (OPENSSL_strcasecmp(key, "Content-Length") == 0) {
-                 resp_len = (size_t)strtoul(value, &line_end, 10);
-                 if (line_end == value || *line_end != '\0') {
-                     ERR_raise_data(ERR_LIB_HTTP,
-diff --git a/crypto/init.c b/crypto/init.c
-index 6a27d1a8e440..1569c35a6b96 100644
---- a/crypto/init.c
-+++ b/crypto/init.c
-@@ -32,6 +32,7 @@
- #include "crypto/store.h"
- #include <openssl/cmp_util.h> /* for OSSL_CMP_log_close() */
- #include <openssl/trace.h>
-+#include "crypto/ctype.h"
- 
- static int stopped = 0;
- static uint64_t optsdone = 0;
-@@ -447,6 +448,9 @@ void OPENSSL_cleanup(void)
-     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n");
-     ossl_trace_cleanup();
- 
-+    OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_deinit_casecmp()\n");
-+    ossl_deinit_casecmp();
-+
-     base_inited = 0;
- }
- 
-@@ -460,6 +464,9 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
-     uint64_t tmp;
-     int aloaddone = 0;
- 
-+    if (!ossl_init_casecmp())
-+        return 0;
-+
-    /* Applications depend on 0 being returned when cleanup was already done */
-     if (stopped) {
-         if (!(opts & OPENSSL_INIT_BASE_ONLY))
-diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
-index 92152eeb6674..7596d720e964 100644
---- a/crypto/objects/o_names.c
-+++ b/crypto/objects/o_names.c
-@@ -21,23 +21,6 @@
- #include "obj_local.h"
- #include "e_os.h"
- 
--/*
-- * We define this wrapper for two reasons. Firstly, later versions of
-- * DEC C add linkage information to certain functions, which makes it
-- * tricky to use them as values to regular function pointers.
-- * Secondly, in the EDK2 build environment, the strcasecmp function is
-- * actually an external function with the Microsoft ABI, so we can't
-- * transparently assign function pointers to it.
-- */
--#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI)
--static int obj_strcasecmp(const char *a, const char *b)
--{
--    return strcasecmp(a, b);
--}
--#else
--#define obj_strcasecmp strcasecmp
--#endif
--
- /*
-  * I use the ex_data stuff to manage the identifiers for the obj_name_types
-  * that applications may define.  I only really use the free function field.
-@@ -111,7 +94,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
-             goto out;
-         }
-         name_funcs->hash_func = ossl_lh_strcasehash;
--        name_funcs->cmp_func = obj_strcasecmp;
-+        name_funcs->cmp_func = OPENSSL_strcasecmp;
-         push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
- 
-         if (!push) {
-@@ -145,7 +128,7 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b)
-             ret = sk_NAME_FUNCS_value(name_funcs_stack,
-                                       a->type)->cmp_func(a->name, b->name);
-         } else
--            ret = strcasecmp(a->name, b->name);
-+            ret = OPENSSL_strcasecmp(a->name, b->name);
-     }
-     return ret;
- }
-diff --git a/crypto/params_dup.c b/crypto/params_dup.c
-index 6a58b52f65cb..d92176da46e5 100644
---- a/crypto/params_dup.c
-+++ b/crypto/params_dup.c
-@@ -11,7 +11,6 @@
- #include <openssl/params.h>
- #include <openssl/param_build.h>
- #include "internal/param_build_set.h"
--#include "e_os.h" /* strcasecmp */
- 
- #define OSSL_PARAM_ALLOCATED_END    127
- #define OSSL_PARAM_MERGE_LIST_MAX   128
-@@ -142,7 +141,7 @@ static int compare_params(const void *left, const void *right)
-     const OSSL_PARAM *l = *(const OSSL_PARAM **)left;
-     const OSSL_PARAM *r = *(const OSSL_PARAM **)right;
- 
--    return strcasecmp(l->key, r->key);
-+    return OPENSSL_strcasecmp(l->key, r->key);
- }
- 
- OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2)
-@@ -205,7 +204,7 @@ OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2)
-             break;
-         }
-         /* consume the list element with the smaller key */
--        diff = strcasecmp((*p1cur)->key, (*p2cur)->key);
-+        diff = OPENSSL_strcasecmp((*p1cur)->key, (*p2cur)->key);
-         if (diff == 0) {
-             /* If the keys are the same then throw away the list1 element */
-             *dst++ = **p2cur;
-diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c
-index 8954ec724617..c5691395c424 100644
---- a/crypto/property/property_parse.c
-+++ b/crypto/property/property_parse.c
-@@ -45,7 +45,7 @@ static int match(const char *t[], const char m[], size_t m_len)
- {
-     const char *s = *t;
- 
--    if (strncasecmp(s, m, m_len) == 0) {
-+    if (OPENSSL_strncasecmp(s, m, m_len) == 0) {
-         *t = skip_space(s + m_len);
-         return 1;
-     }
-diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
-index afe3521186ca..c453d3226133 100644
---- a/crypto/rand/rand_lib.c
-+++ b/crypto/rand/rand_lib.c
-@@ -768,22 +768,22 @@ static int random_conf_init(CONF_IMODULE *md, const CONF *cnf)
- 
-     for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
-         cval = sk_CONF_VALUE_value(elist, i);
--        if (strcasecmp(cval->name, "random") == 0) {
-+        if (OPENSSL_strcasecmp(cval->name, "random") == 0) {
-             if (!random_set_string(&dgbl->rng_name, cval->value))
-                 return 0;
--        } else if (strcasecmp(cval->name, "cipher") == 0) {
-+        } else if (OPENSSL_strcasecmp(cval->name, "cipher") == 0) {
-             if (!random_set_string(&dgbl->rng_cipher, cval->value))
-                 return 0;
--        } else if (strcasecmp(cval->name, "digest") == 0) {
-+        } else if (OPENSSL_strcasecmp(cval->name, "digest") == 0) {
-             if (!random_set_string(&dgbl->rng_digest, cval->value))
-                 return 0;
--        } else if (strcasecmp(cval->name, "properties") == 0) {
-+        } else if (OPENSSL_strcasecmp(cval->name, "properties") == 0) {
-             if (!random_set_string(&dgbl->rng_propq, cval->value))
-                 return 0;
--        } else if (strcasecmp(cval->name, "seed") == 0) {
-+        } else if (OPENSSL_strcasecmp(cval->name, "seed") == 0) {
-             if (!random_set_string(&dgbl->seed_name, cval->value))
-                 return 0;
--        } else if (strcasecmp(cval->name, "seed_properties") == 0) {
-+        } else if (OPENSSL_strcasecmp(cval->name, "seed_properties") == 0) {
-             if (!random_set_string(&dgbl->seed_propq, cval->value))
-                 return 0;
-         } else {
-diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
-index ad1623dd1444..254ebdb24287 100644
---- a/crypto/rsa/rsa_backend.c
-+++ b/crypto/rsa/rsa_backend.c
-@@ -27,8 +27,6 @@
- #include "crypto/rsa.h"
- #include "rsa_local.h"
- 
--#include "e_os.h"                /* strcasecmp for Windows() */
--
- /*
-  * The intention with the "backend" source file is to offer backend support
-  * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider
-@@ -275,8 +273,8 @@ int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
-         else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname))
-             return 0;
- 
--        if (strcasecmp(param_mgf->data,
--                       ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
-+        if (OPENSSL_strcasecmp(param_mgf->data,
-+                               ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
-             return 0;
-     }
- 
-diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
-index 7dcb939066f2..42bf9d555a36 100644
---- a/crypto/store/store_lib.c
-+++ b/crypto/store/store_lib.c
-@@ -93,7 +93,7 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
-     OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
-     if ((p = strchr(scheme_copy, ':')) != NULL) {
-         *p++ = '\0';
--        if (strcasecmp(scheme_copy, "file") != 0) {
-+        if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) {
-             if (strncmp(p, "//", 2) == 0)
-                 schemes_n--;         /* Invalidate the file scheme */
-             schemes[schemes_n++] = scheme_copy;
-diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
-index 1306b270bbaf..6f83da4beb02 100644
---- a/crypto/store/store_result.c
-+++ b/crypto/store/store_result.c
-@@ -457,7 +457,7 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
- 
-         /* If we have a data type, it should be a PEM name */
-         if (data->data_type != NULL
--            && (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0))
-+            && (OPENSSL_strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0))
-             ignore_trusted = 0;
- 
-         if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data,
-diff --git a/crypto/trace.c b/crypto/trace.c
-index 40941990e673..d790409a2d62 100644
---- a/crypto/trace.c
-+++ b/crypto/trace.c
-@@ -19,8 +19,6 @@
- #include "internal/refcount.h"
- #include "crypto/cryptlib.h"
- 
--#include "e_os.h"                /* strcasecmp for Windows */
--
- #ifndef OPENSSL_NO_TRACE
- 
- static CRYPTO_RWLOCK *trace_lock = NULL;
-@@ -158,7 +156,7 @@ int OSSL_trace_get_category_num(const char *name)
-     size_t i;
- 
-     for (i = 0; i < OSSL_NELEM(trace_categories); i++)
--        if (strcasecmp(name, trace_categories[i].name) == 0)
-+        if (OPENSSL_strcasecmp(name, trace_categories[i].name) == 0)
-             return trace_categories[i].num;
-     return -1; /* not found */
- }
-diff --git a/crypto/x509/v3_tlsf.c b/crypto/x509/v3_tlsf.c
-index 6a613d64e6aa..9927c083b115 100644
---- a/crypto/x509/v3_tlsf.c
-+++ b/crypto/x509/v3_tlsf.c
-@@ -108,7 +108,7 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
-             extval = val->name;
- 
-         for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
--            if (strcasecmp(extval, tls_feature_tbl[j].name) == 0)
-+            if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0)
-                 break;
-         if (j < OSSL_NELEM(tls_feature_tbl))
-             tlsextid = tls_feature_tbl[j].num;
-diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
-index ff049c897bae..6e4ef26ed608 100644
---- a/crypto/x509/v3_utl.c
-+++ b/crypto/x509/v3_utl.c
-@@ -715,7 +715,7 @@ static int wildcard_match(const unsigned char *prefix, size_t prefix_len,
-     }
-     /* IDNA labels cannot match partial wildcards */
-     if (!allow_idna &&
--        subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0)
-+        subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0)
-         return 0;
-     /* The wildcard may match a literal '*' */
-     if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
-@@ -775,7 +775,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len,
-                    || ('A' <= p[i] && p[i] <= 'Z')
-                    || ('0' <= p[i] && p[i] <= '9')) {
-             if ((state & LABEL_START) != 0
--                && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0)
-+                && len - i >= 4 && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0)
-                 state |= LABEL_IDNA;
-             state &= ~(LABEL_HYPHEN | LABEL_START);
-         } else if (p[i] == '.') {
-diff --git a/doc/build.info b/doc/build.info
-index c1d98a4ca669..7e86de588aed 100644
---- a/doc/build.info
-+++ b/doc/build.info
-@@ -1531,6 +1531,10 @@ DEPEND[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod
- GENERATE[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod
- DEPEND[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod
- GENERATE[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod
-+DEPEND[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod
-+GENERATE[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod
-+DEPEND[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod
-+GENERATE[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod
- DEPEND[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod
- GENERATE[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod
- DEPEND[man/man3/OSSL_CMP_CTX_new.3]=man3/OSSL_CMP_CTX_new.pod
-@@ -3110,6 +3114,7 @@ html/man3/OPENSSL_load_builtin_modules.html \
- html/man3/OPENSSL_malloc.html \
- html/man3/OPENSSL_s390xcap.html \
- html/man3/OPENSSL_secure_malloc.html \
-+html/man3/OPENSSL_strcasecmp.html \
- html/man3/OSSL_CMP_CTX_new.html \
- html/man3/OSSL_CMP_HDR_get0_transactionID.html \
- html/man3/OSSL_CMP_ITAV_set0.html \
-@@ -3704,6 +3709,7 @@ man/man3/OPENSSL_load_builtin_modules.3 \
- man/man3/OPENSSL_malloc.3 \
- man/man3/OPENSSL_s390xcap.3 \
- man/man3/OPENSSL_secure_malloc.3 \
-+man/man3/OPENSSL_strcasecmp.3 \
- man/man3/OSSL_CMP_CTX_new.3 \
- man/man3/OSSL_CMP_HDR_get0_transactionID.3 \
- man/man3/OSSL_CMP_ITAV_set0.3 \
-diff --git a/doc/man3/OPENSSL_strcasecmp.pod b/doc/man3/OPENSSL_strcasecmp.pod
-new file mode 100644
-index 000000000000..1bb8b18c5013
---- /dev/null
-+++ b/doc/man3/OPENSSL_strcasecmp.pod
-@@ -0,0 +1,47 @@
-+=pod
-+
-+=head1 NAME
-+
-+OPENSSL_strcasecmp, OPENSSL_strncasecmp - compare two strings ignoring case
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/crypto.h>
-+
-+ int OPENSSL_strcasecmp(const char *s1, const char *s2);
-+ int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n);
-+
-+=head1 DESCRIPTION
-+
-+The OPENSSL_strcasecmp function performs a byte-by-byte comparison of the strings
-+B<s1> and B<s2>, ignoring the case of the characters.
-+
-+The OPENSSL_strncasecmp function is similar, except that it compares no more than
-+B<n> bytes of B<s1> and B<s2>.
-+
-+In POSIX-compatible system and on Windows these functions use "C" locale for
-+case insensitive. Otherwise the comparison is done in current locale.
-+
-+=head1 RETURN VALUES
-+
-+Both functions return an integer less than, equal to, or greater than zero if
-+s1 is found, respectively, to be less than, to match, or be greater than s2.
-+
-+=head1 NOTES
-+
-+OpenSSL extensively uses case insensitive comparison of ASCII strings. Though
-+OpenSSL itself is locale-agnostic, the applications using OpenSSL libraries may
-+unpredictably suffer when they use localization (e.g. Turkish locale is
-+well-known with a specific I/i cases). These functions use C locale for string
-+comparison.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the Apache License 2.0 (the "License").  You may not use
-+this file except in compliance with the License.  You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-diff --git a/e_os.h b/e_os.h
-index e1608ae55d7d..5490a48fcd48 100644
---- a/e_os.h
-+++ b/e_os.h
-@@ -249,8 +249,6 @@ FILE *__iob_func();
- /***********************************************/
- 
- # if defined(OPENSSL_SYS_WINDOWS)
--#  define strcasecmp _stricmp
--#  define strncasecmp _strnicmp
- #  if (_MSC_VER >= 1310) && !defined(_WIN32_WCE)
- #   define open _open
- #   define fdopen _fdopen
-diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
-index fa01317db5eb..a9c10d375a58 100644
---- a/engines/e_devcrypto.c
-+++ b/engines/e_devcrypto.c
-@@ -1159,9 +1159,9 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-     case DEVCRYPTO_CMD_CIPHERS:
-         if (p == NULL)
-             return 1;
--        if (strcasecmp((const char *)p, "ALL") == 0) {
-+        if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) {
-             devcrypto_select_all_ciphers(selected_ciphers);
--        } else if (strcasecmp((const char*)p, "NONE") == 0) {
-+        } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) {
-             memset(selected_ciphers, 0, sizeof(selected_ciphers));
-         } else {
-             new_list=OPENSSL_zalloc(sizeof(selected_ciphers));
-@@ -1179,9 +1179,9 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-     case DEVCRYPTO_CMD_DIGESTS:
-         if (p == NULL)
-             return 1;
--        if (strcasecmp((const char *)p, "ALL") == 0) {
-+        if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) {
-             devcrypto_select_all_digests(selected_digests);
--        } else if (strcasecmp((const char*)p, "NONE") == 0) {
-+        } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) {
-             memset(selected_digests, 0, sizeof(selected_digests));
-         } else {
-             new_list=OPENSSL_zalloc(sizeof(selected_digests));
-diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
-index 391ed33d5e3a..f6de29c0c33a 100644
---- a/engines/e_loader_attic.c
-+++ b/engines/e_loader_attic.c
-@@ -14,7 +14,6 @@
- /* We need to use some engine deprecated APIs */
- #define OPENSSL_SUPPRESS_DEPRECATED
- 
--/* #include "e_os.h" */
- #include <string.h>
- #include <sys/stat.h>
- #include <ctype.h>
-@@ -44,7 +43,6 @@ DEFINE_STACK_OF(OSSL_STORE_INFO)
- 
- #ifdef _WIN32
- # define stat _stat
--# define strncasecmp _strnicmp
- #endif
- 
- #ifndef S_ISDIR
-@@ -971,12 +969,12 @@ static OSSL_STORE_LOADER_CTX *file_open_ex
-      * There's a special case if the URI also contains an authority, then
-      * the full URI shouldn't be used as a path anywhere.
-      */
--    if (strncasecmp(uri, "file:", 5) == 0) {
-+    if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) {
-         const char *p = &uri[5];
- 
-         if (strncmp(&uri[5], "//", 2) == 0) {
-             path_data_n--;           /* Invalidate using the full URI */
--            if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
-+            if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) {
-                 p = &uri[16];
-             } else if (uri[7] == '/') {
-                 p = &uri[7];
-@@ -1466,7 +1464,8 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
-     /*
-      * First, check the basename
-      */
--    if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.')
-+    if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0
-+        || name[len] != '.')
-         return 0;
-     p = &name[len + 1];
- 
-diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
-index 0506faa6285b..5d31b31c11f1 100644
---- a/engines/e_ossltest.c
-+++ b/engines/e_ossltest.c
-@@ -42,10 +42,6 @@
- 
- #include "e_ossltest_err.c"
- 
--#ifdef _WIN32
--# define strncasecmp _strnicmp
--#endif
--
- /* Engine Id and Name */
- static const char *engine_ossltest_id = "ossltest";
- static const char *engine_ossltest_name = "OpenSSL Test engine support";
-@@ -383,7 +379,7 @@ static EVP_PKEY *load_key(ENGINE *eng, const char *key_id, int pub,
-     BIO *in;
-     EVP_PKEY *key;
- 
--    if (strncasecmp(key_id, "ot:", 3) != 0)
-+    if (OPENSSL_strncasecmp(key_id, "ot:", 3) != 0)
-         return NULL;
-     key_id += 3;
- 
-diff --git a/include/crypto/ctype.h b/include/crypto/ctype.h
-index a35c137e8431..44fa9a8ae930 100644
---- a/include/crypto/ctype.h
-+++ b/include/crypto/ctype.h
-@@ -80,4 +80,6 @@ int ossl_ascii_isdigit(const char inchar);
- # define ossl_isbase64(c)       (ossl_ctype_check((c), CTYPE_MASK_base64))
- # define ossl_isasn1print(c)    (ossl_ctype_check((c), CTYPE_MASK_asn1print))
- 
-+int ossl_init_casecmp(void);
-+void ossl_deinit_casecmp(void);
- #endif
-diff --git a/include/internal/core.h b/include/internal/core.h
-index d9dc424164c9..b63af84787af 100644
---- a/include/internal/core.h
-+++ b/include/internal/core.h
-@@ -63,4 +63,6 @@ __owur int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx);
- int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx);
- int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx);
- 
-+void *ossl_c_locale(void);
-+
- #endif
-diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
-index c56885d2d6ff..7232f647e8a3 100644
---- a/include/openssl/crypto.h.in
-+++ b/include/openssl/crypto.h.in
-@@ -133,6 +133,8 @@ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen,
-                           const char *str, const char sep);
- unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen);
- int OPENSSL_hexchar2int(unsigned char c);
-+int OPENSSL_strcasecmp(const char *s1, const char *s2);
-+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n);
- 
- # define OPENSSL_MALLOC_MAX_NELEMS(type)  (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
- 
-diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
-index f6d95197f07c..e1e1961b2329 100644
---- a/providers/common/capabilities.c
-+++ b/providers/common/capabilities.c
-@@ -217,7 +217,7 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg)
- int ossl_prov_get_capabilities(void *provctx, const char *capability,
-                                OSSL_CALLBACK *cb, void *arg)
- {
--    if (strcasecmp(capability, "TLS-GROUP") == 0)
-+    if (OPENSSL_strcasecmp(capability, "TLS-GROUP") == 0)
-         return tls_group_capability(cb, arg);
- 
-     /* We don't support this capability */
-diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index f4605dcd6ce5..fc17a958ce26 100644
---- a/providers/fips/fipsprov.c
-+++ b/providers/fips/fipsprov.c
-@@ -22,6 +22,7 @@
- #include "prov/provider_util.h"
- #include "prov/seeding.h"
- #include "self_test.h"
-+#include "internal/core.h"
- 
- static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
- static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no";
-@@ -35,6 +36,22 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params;
- static OSSL_FUNC_provider_get_params_fn fips_get_params;
- static OSSL_FUNC_provider_query_operation_fn fips_query;
- 
-+/* Locale object accessor functions */
-+#ifdef OPENSSL_SYS_MACOSX
-+# include <xlocale.h>
-+#else
-+# include <locale.h>
-+#endif
-+
-+#if defined OPENSSL_SYS_WINDOWS
-+# define locale_t _locale_t
-+# define freelocale _free_locale
-+#endif
-+static locale_t loc;
-+
-+static int fips_init_casecmp(void);
-+static void fips_deinit_casecmp(void);
-+
- #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK }
- #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
- extern OSSL_FUNC_core_thread_start_fn *c_thread_start;
-@@ -486,6 +503,23 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id,
-     return NULL;
- }
- 
-+void *ossl_c_locale() {
-+    return (void *)loc;
-+}
-+
-+static int fips_init_casecmp(void) {
-+# ifdef OPENSSL_SYS_WINDOWS
-+    loc = _create_locale(LC_COLLATE, "C");
-+# else
-+    loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0);
-+# endif
-+    return (loc == (locale_t) 0) ? 0 : 1;
-+}
-+
-+static void fips_deinit_casecmp(void) {
-+    freelocale(loc);
-+}
-+
- static void fips_teardown(void *provctx)
- {
-     OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx));
-@@ -498,6 +532,7 @@ static void fips_intern_teardown(void *provctx)
-      * We know that the library context is the same as for the outer provider,
-      * so no need to destroy it here.
-      */
-+    fips_deinit_casecmp();
-     ossl_prov_ctx_free(provctx);
- }
- 
-@@ -547,6 +582,8 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
- 
-     memset(&selftest_params, 0, sizeof(selftest_params));
- 
-+    if (!fips_init_casecmp())
-+        return 0;
-     if (!ossl_prov_seeding_from_dispatch(in))
-         return 0;
-     for (; in->function_id != 0; in++) {
-diff --git a/providers/implementations/ciphers/cipher_cts.c b/providers/implementations/ciphers/cipher_cts.c
-index cb3372c646aa..5c48f37c9527 100644
---- a/providers/implementations/ciphers/cipher_cts.c
-+++ b/providers/implementations/ciphers/cipher_cts.c
-@@ -46,7 +46,6 @@
-  *      Otherwise it is the same as CS2.
-  */
- 
--#include "e_os.h" /* strcasecmp */
- #include <openssl/core_names.h>
- #include "prov/ciphercommon.h"
- #include "internal/nelem.h"
-@@ -92,7 +91,7 @@ int ossl_cipher_cbc_cts_mode_name2id(const char *name)
-     size_t i;
- 
-     for (i = 0; i < OSSL_NELEM(cts_modes); ++i) {
--        if (strcasecmp(name, cts_modes[i].name) == 0)
-+        if (OPENSSL_strcasecmp(name, cts_modes[i].name) == 0)
-             return (int)cts_modes[i].id;
-     }
-     return -1;
-diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
-index 667d5e9619ff..89f304b41816 100644
---- a/providers/implementations/kdfs/hkdf.c
-+++ b/providers/implementations/kdfs/hkdf.c
-@@ -199,11 +199,11 @@ static int hkdf_common_set_ctx_params(KDF_HKDF *ctx, const OSSL_PARAM params[])
- 
-     if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) {
-         if (p->data_type == OSSL_PARAM_UTF8_STRING) {
--            if (strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) {
-+            if (OPENSSL_strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) {
-                 ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND;
--            } else if (strcasecmp(p->data, "EXTRACT_ONLY") == 0) {
-+            } else if (OPENSSL_strcasecmp(p->data, "EXTRACT_ONLY") == 0) {
-                 ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
--            } else if (strcasecmp(p->data, "EXPAND_ONLY") == 0) {
-+            } else if (OPENSSL_strcasecmp(p->data, "EXPAND_ONLY") == 0) {
-                 ctx->mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY;
-             } else {
-                 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);
-diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
-index 5f30b037d94e..6be7f45fc58a 100644
---- a/providers/implementations/kdfs/kbkdf.c
-+++ b/providers/implementations/kdfs/kbkdf.c
-@@ -298,10 +298,11 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
-     }
- 
-     p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE);
--    if (p != NULL && strncasecmp("counter", p->data, p->data_size) == 0) {
-+    if (p != NULL
-+        && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) {
-         ctx->mode = COUNTER;
-     } else if (p != NULL
--               && strncasecmp("feedback", p->data, p->data_size) == 0) {
-+               && OPENSSL_strncasecmp("feedback", p->data, p->data_size) == 0) {
-         ctx->mode = FEEDBACK;
-     } else if (p != NULL) {
-         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);
-diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
-index 74a0f7e1f3e6..e0b5971a3b7a 100644
---- a/providers/implementations/kdfs/tls1_prf.c
-+++ b/providers/implementations/kdfs/tls1_prf.c
-@@ -172,7 +172,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
-         return 1;
- 
-     if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) {
--        if (strcasecmp(p->data, SN_md5_sha1) == 0) {
-+        if (OPENSSL_strcasecmp(p->data, SN_md5_sha1) == 0) {
-             if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params,
-                                                    OSSL_MAC_NAME_HMAC,
-                                                    NULL, SN_md5, libctx)
-diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
-index 313ab133b33a..bfc3da690875 100644
---- a/providers/implementations/kem/rsa_kem.c
-+++ b/providers/implementations/kem/rsa_kem.c
-@@ -12,8 +12,8 @@
-  * internal use.
-  */
- #include "internal/deprecated.h"
-+#include "internal/nelem.h"
- 
--#include "e_os.h"  /* strcasecmp */
- #include <openssl/crypto.h>
- #include <openssl/evp.h>
- #include <openssl/core_dispatch.h>
-@@ -69,7 +69,7 @@ static int name2id(const char *name, const OSSL_ITEM *map, size_t sz)
-         return -1;
- 
-     for (i = 0; i < sz; ++i) {
--        if (strcasecmp(map[i].ptr, name) == 0)
-+        if (OPENSSL_strcasecmp(map[i].ptr, name) == 0)
-             return map[i].id;
-     }
-     return -1;
-diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
-index 885bd62eeaae..2ab69f5f32f5 100644
---- a/providers/implementations/keymgmt/dsa_kmgmt.c
-+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
-@@ -13,7 +13,6 @@
-  */
- #include "internal/deprecated.h"
- 
--#include "e_os.h" /* strcasecmp */
- #include <openssl/core_dispatch.h>
- #include <openssl/core_names.h>
- #include <openssl/bn.h>
-@@ -90,7 +89,7 @@ static int dsa_gen_type_name2id(const char *name)
-     size_t i;
- 
-     for (i = 0; i < OSSL_NELEM(dsatype2id); ++i) {
--        if (strcasecmp(dsatype2id[i].name, name) == 0)
-+        if (OPENSSL_strcasecmp(dsatype2id[i].name, name) == 0)
-             return dsatype2id[i].id;
-     }
-     return -1;
-diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
-index f564a470ac04..68bb35e4cbe1 100644
---- a/providers/implementations/keymgmt/ec_kmgmt.c
-+++ b/providers/implementations/keymgmt/ec_kmgmt.c
-@@ -13,7 +13,6 @@
-  */
- #include "internal/deprecated.h"
- 
--#include "e_os.h" /* strcasecmp */
- #include <string.h>
- #include <openssl/core_dispatch.h>
- #include <openssl/core_names.h>
-diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
-index 99d685735e2f..2a7f867aa56b 100644
---- a/providers/implementations/keymgmt/ecx_kmgmt.c
-+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
-@@ -9,8 +9,6 @@
- 
- #include <assert.h>
- #include <string.h>
--/* For strcasecmp on Windows */
--#include "e_os.h"
- #include <openssl/core_dispatch.h>
- #include <openssl/core_names.h>
- #include <openssl/params.h>
-@@ -546,7 +544,7 @@ static int ecx_gen_set_params(void *genctx, const OSSL_PARAM params[])
-         }
-         if (p->data_type != OSSL_PARAM_UTF8_STRING
-                 || groupname == NULL
--                || strcasecmp(p->data, groupname) != 0) {
-+                || OPENSSL_strcasecmp(p->data, groupname) != 0) {
-             ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
-             return 0;
-         }
-diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
-index ec34a3ee7131..ecfd2eaaa5c0 100644
---- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
-+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
-@@ -26,7 +26,6 @@
- #include "prov/providercommon.h"
- #include "prov/provider_ctx.h"
- #include "prov/macsignature.h"
--#include "e_os.h" /* strcasecmp */
- 
- static OSSL_FUNC_keymgmt_new_fn mac_new;
- static OSSL_FUNC_keymgmt_free_fn mac_free;
-diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c
-index dbe57b0d2898..c51eb4b4e581 100644
---- a/providers/implementations/rands/drbg_ctr.c
-+++ b/providers/implementations/rands/drbg_ctr.c
-@@ -14,7 +14,6 @@
- #include <openssl/rand.h>
- #include <openssl/aes.h>
- #include <openssl/proverr.h>
--#include "e_os.h" /* strcasecmp */
- #include "crypto/modes.h"
- #include "internal/thread_once.h"
- #include "prov/implementations.h"
-@@ -690,7 +689,7 @@ static int drbg_ctr_set_ctx_params(void *vctx, const OSSL_PARAM params[])
-         if (p->data_type != OSSL_PARAM_UTF8_STRING
-                 || p->data_size < ctr_str_len)
-             return 0;
--        if (strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) {
-+        if (OPENSSL_strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) {
-             ERR_raise(ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER);
-             return 0;
-         }
-diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 325e855333e9..9460136bca0b 100644
---- a/providers/implementations/signature/rsa_sig.c
-+++ b/providers/implementations/signature/rsa_sig.c
-@@ -13,7 +13,6 @@
-  */
- #include "internal/deprecated.h"
- 
--#include "e_os.h" /* strcasecmp */
- #include <string.h>
- #include <openssl/crypto.h>
- #include <openssl/core_dispatch.h>
-@@ -854,7 +853,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
- 
-     if (mdname != NULL
-         /* was rsa_setup_md already called in rsa_signverify_init()? */
--        && (mdname[0] == '\0' || strcasecmp(prsactx->mdname, mdname) != 0)
-+        && (mdname[0] == '\0' || OPENSSL_strcasecmp(prsactx->mdname, mdname) != 0)
-         && !rsa_setup_md(prsactx, mdname, prsactx->propq))
-         return 0;
- 
-diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
-index fef2b1d2900f..fceef73b7c09 100644
---- a/providers/implementations/storemgmt/file_store.c
-+++ b/providers/implementations/storemgmt/file_store.c
-@@ -9,8 +9,6 @@
- 
- /* This file has quite some overlap with engines/e_loader_attic.c */
- 
--#include "e_os.h"                /* To get strncasecmp() on Windows */
--
- #include <string.h>
- #include <sys/stat.h>
- #include <ctype.h>  /* isdigit */
-@@ -220,12 +218,12 @@ static void *file_open(void *provctx, const char *uri)
-      * There's a special case if the URI also contains an authority, then
-      * the full URI shouldn't be used as a path anywhere.
-      */
--    if (strncasecmp(uri, "file:", 5) == 0) {
-+    if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) {
-         const char *p = &uri[5];
- 
-         if (strncmp(&uri[5], "//", 2) == 0) {
-             path_data_n--;           /* Invalidate using the full URI */
--            if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
-+            if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) {
-                 p = &uri[16];
-             } else if (uri[7] == '/') {
-                 p = &uri[7];
-@@ -592,7 +590,8 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name)
-     /*
-      * First, check the basename
-      */
--    if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.')
-+    if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0
-+        || name[len] != '.')
-         return 0;
-     p = &name[len + 1];
- 
-diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
-index deb0c9aaa650..ae97c38b1597 100644
---- a/ssl/ssl_conf.c
-+++ b/ssl/ssl_conf.c
-@@ -148,7 +148,8 @@ static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
-     if (namelen == -1) {
-         if (strcmp(tbl->name, name))
-             return 0;
--    } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen))
-+    } else if (tbl->namelen != namelen
-+               || OPENSSL_strncasecmp(tbl->name, name, namelen))
-         return 0;
-     ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff);
-     return 1;
-@@ -232,8 +233,8 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
- 
-     /* Ignore values supported by 1.0.2 for the automatic selection */
-     if ((cctx->flags & SSL_CONF_FLAG_FILE)
--            && (strcasecmp(value, "+automatic") == 0
--                || strcasecmp(value, "automatic") == 0))
-+            && (OPENSSL_strcasecmp(value, "+automatic") == 0
-+                || OPENSSL_strcasecmp(value, "automatic") == 0))
-         return 1;
-     if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
-         strcmp(value, "auto") == 0)
-@@ -812,7 +813,7 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
-             strncmp(*pcmd, cctx->prefix, cctx->prefixlen))
-             return 0;
-         if (cctx->flags & SSL_CONF_FLAG_FILE &&
--            strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen))
-+            OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen))
-             return 0;
-         *pcmd += cctx->prefixlen;
-     } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
-@@ -854,7 +855,7 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx,
-                     return t;
-             }
-             if (cctx->flags & SSL_CONF_FLAG_FILE) {
--                if (t->str_file && strcasecmp(t->str_file, cmd) == 0)
-+                if (t->str_file && OPENSSL_strcasecmp(t->str_file, cmd) == 0)
-                     return t;
-             }
-         }
-diff --git a/test/bntest.c b/test/bntest.c
-index 4c1ee0c13b6d..c5894c157b3c 100644
---- a/test/bntest.c
-+++ b/test/bntest.c
-@@ -10,9 +10,6 @@
- #include <errno.h>
- #include <stdio.h>
- #include <string.h>
--#ifdef __TANDEM
--# include <strings.h> /* strcasecmp */
--#endif
- #include <ctype.h>
- 
- #include <openssl/bn.h>
-@@ -23,10 +20,6 @@
- #include "internal/numbers.h"
- #include "testutil.h"
- 
--#ifdef OPENSSL_SYS_WINDOWS
--# define strcasecmp _stricmp
--#endif
--
- /*
-  * Things in boring, not in openssl.
-  */
-@@ -64,7 +57,7 @@ static const char *findattr(STANZA *s, const char *key)
-     PAIR *pp = s->pairs;
- 
-     for ( ; --i >= 0; pp++)
--        if (strcasecmp(pp->key, key) == 0)
-+        if (OPENSSL_strcasecmp(pp->key, key) == 0)
-             return pp->value;
-     return NULL;
- }
-diff --git a/test/build.info b/test/build.info
-index 0f379e11e222..14a84f00a258 100644
---- a/test/build.info
-+++ b/test/build.info
-@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
-           sanitytest rsa_complex exdatatest bntest \
-           ecstresstest gmdifftest pbelutest \
-           destest mdc2test sha_test \
--          exptest pbetest \
-+          exptest pbetest localetest \
-           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
-           evp_fetch_prov_test evp_libctx_test ossl_store_test \
-           v3nametest v3ext \
-@@ -135,6 +135,10 @@ IF[{- !$disabled{tests} -}]
-   INCLUDE[exptest]=../include ../apps/include
-   DEPEND[exptest]=../libcrypto libtestutil.a
- 
-+  SOURCE[localetest]=localetest.c
-+  INCLUDE[localetest]=../include ../apps/include
-+  DEPEND[localetest]=../libcrypto libtestutil.a
-+
-   SOURCE[pbetest]=pbetest.c
-   INCLUDE[pbetest]=../include ../apps/include
-   DEPEND[pbetest]=../libcrypto libtestutil.a
-diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
-index 826e558cc0cd..3b597617791a 100644
---- a/test/evp_extra_test.c
-+++ b/test/evp_extra_test.c
-@@ -35,7 +35,6 @@
- #include "internal/nelem.h"
- #include "internal/sizes.h"
- #include "crypto/evp.h"
--#include "../e_os.h" /* strcasecmp */
- 
- static OSSL_LIB_CTX *testctx = NULL;
- static char *testpropq = NULL;
-@@ -1739,7 +1738,7 @@ static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
-         return 0;
- 
-     for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
--        if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
-+        if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
-             *enc = ec_encodings[i].encoding;
-             break;
-         }
-diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
-index e2663dc02998..9b2f4a016893 100644
---- a/test/evp_libctx_test.c
-+++ b/test/evp_libctx_test.c
-@@ -33,7 +33,6 @@
- #include "testutil.h"
- #include "internal/nelem.h"
- #include "crypto/bn_dh.h"   /* _bignum_ffdhe2048_p */
--#include "../e_os.h"        /* strcasecmp */
- 
- static OSSL_LIB_CTX *libctx = NULL;
- static OSSL_PROVIDER *nullprov = NULL;
-@@ -478,7 +477,7 @@ static int test_cipher_reinit_partialupdate(int test_id)
- 
- static int name_cmp(const char * const *a, const char * const *b)
- {
--    return strcasecmp(*a, *b);
-+    return OPENSSL_strcasecmp(*a, *b);
- }
- 
- static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
-diff --git a/test/evp_test.c b/test/evp_test.c
-index 7a5b9345e0db..8a0758f857a5 100644
---- a/test/evp_test.c
-+++ b/test/evp_test.c
-@@ -12,7 +12,6 @@
- #include <string.h>
- #include <stdlib.h>
- #include <ctype.h>
--#include "../e_os.h" /* strcasecmp */
- #include <openssl/evp.h>
- #include <openssl/pem.h>
- #include <openssl/err.h>
-@@ -3886,9 +3885,9 @@ void cleanup_tests(void)
-     OSSL_LIB_CTX_free(libctx);
- }
- 
--#define STR_STARTS_WITH(str, pre) strncasecmp(pre, str, strlen(pre)) == 0
-+#define STR_STARTS_WITH(str, pre) OPENSSL_strncasecmp(pre, str, strlen(pre)) == 0
- #define STR_ENDS_WITH(str, pre)                                                \
--strlen(str) < strlen(pre) ? 0 : (strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0)
-+strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0)
- 
- static int is_digest_disabled(const char *name)
- {
-@@ -3897,31 +3896,31 @@ static int is_digest_disabled(const char *name)
-         return 1;
- #endif
- #ifdef OPENSSL_NO_MD2
--    if (strcasecmp(name, "MD2") == 0)
-+    if (OPENSSL_strcasecmp(name, "MD2") == 0)
-         return 1;
- #endif
- #ifdef OPENSSL_NO_MDC2
--    if (strcasecmp(name, "MDC2") == 0)
-+    if (OPENSSL_strcasecmp(name, "MDC2") == 0)
-         return 1;
- #endif
- #ifdef OPENSSL_NO_MD4
--    if (strcasecmp(name, "MD4") == 0)
-+    if (OPENSSL_strcasecmp(name, "MD4") == 0)
-         return 1;
- #endif
- #ifdef OPENSSL_NO_MD5
--    if (strcasecmp(name, "MD5") == 0)
-+    if (OPENSSL_strcasecmp(name, "MD5") == 0)
-         return 1;
- #endif
- #ifdef OPENSSL_NO_RMD160
--    if (strcasecmp(name, "RIPEMD160") == 0)
-+    if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0)
-         return 1;
- #endif
- #ifdef OPENSSL_NO_SM3
--    if (strcasecmp(name, "SM3") == 0)
-+    if (OPENSSL_strcasecmp(name, "SM3") == 0)
-         return 1;
- #endif
- #ifdef OPENSSL_NO_WHIRLPOOL
--    if (strcasecmp(name, "WHIRLPOOL") == 0)
-+    if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0)
-         return 1;
- #endif
-     return 0;
-diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c
-index 1374b04cf02f..7236ffd4a6ac 100644
---- a/test/helpers/ssl_test_ctx.c
-+++ b/test/helpers/ssl_test_ctx.c
-@@ -16,21 +16,17 @@
- #include "ssl_test_ctx.h"
- #include "../testutil.h"
- 
--#ifdef OPENSSL_SYS_WINDOWS
--# define strcasecmp _stricmp
--#endif
--
- static const int default_app_data_size = 256;
- /* Default set to be as small as possible to exercise fragmentation. */
- static const int default_max_fragment_size = 512;
- 
- static int parse_boolean(const char *value, int *result)
- {
--    if (strcasecmp(value, "Yes") == 0) {
-+    if (OPENSSL_strcasecmp(value, "Yes") == 0) {
-         *result = 1;
-         return 1;
-     }
--    else if (strcasecmp(value, "No") == 0) {
-+    else if (OPENSSL_strcasecmp(value, "No") == 0) {
-         *result = 0;
-         return 1;
-     }
-diff --git a/test/localetest.c b/test/localetest.c
-new file mode 100644
-index 000000000000..3db66b7a9e5f
---- /dev/null
-+++ b/test/localetest.c
-@@ -0,0 +1,122 @@
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <openssl/x509.h>
-+#include "testutil.h"
-+#include "testutil/output.h"
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <locale.h>
-+#ifdef OPENSSL_SYS_WINDOWS
-+# define strcasecmp _stricmp
-+#else
-+# include <strings.h>
-+#endif
-+
-+int setup_tests(void)
-+{
-+  const unsigned char der_bytes[] = {
-+  0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x01, 0xf1, 0xa0, 0x03, 0x02, 0x01,
-+  0x02, 0x02, 0x14, 0x08, 0xe0, 0x8c, 0xd3, 0xf3, 0xbf, 0x2c, 0xf2, 0x0d,
-+  0x0a, 0x75, 0xd1, 0xe8, 0xea, 0xbe, 0x70, 0x61, 0xd9, 0x67, 0xf9, 0x30,
-+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
-+  0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
-+  0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
-+  0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x34,
-+  0x31, 0x39, 0x35, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x31,
-+  0x31, 0x31, 0x34, 0x31, 0x39, 0x35, 0x37, 0x5a, 0x30, 0x14, 0x31, 0x12,
-+  0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63,
-+  0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
-+  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
-+  0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
-+  0x01, 0x01, 0x00, 0xc3, 0x1f, 0x5c, 0x56, 0x46, 0x8d, 0x69, 0xb6, 0x48,
-+  0x3c, 0xbf, 0xe2, 0x0f, 0xa7, 0x4a, 0x44, 0x72, 0x74, 0x36, 0xfe, 0xe8,
-+  0x2f, 0x10, 0x4a, 0xe9, 0x46, 0x45, 0x72, 0x5e, 0x48, 0xdd, 0x75, 0xab,
-+  0xd9, 0x63, 0x91, 0x37, 0x93, 0x46, 0x28, 0x7e, 0x45, 0x94, 0x4b, 0x8a,
-+  0xd5, 0x05, 0x2b, 0x9a, 0x01, 0x96, 0x30, 0xde, 0xcc, 0x14, 0x2d, 0x06,
-+  0x09, 0x1b, 0x7d, 0x50, 0x14, 0x99, 0x36, 0x6b, 0x97, 0x6e, 0xc9, 0xb1,
-+  0x69, 0x70, 0xcd, 0x9b, 0x74, 0x24, 0x9a, 0xe2, 0xd4, 0xc0, 0x1e, 0xbc,
-+  0xec, 0xf6, 0x7a, 0xbb, 0xa0, 0x53, 0x93, 0xf8, 0x68, 0x9a, 0x18, 0xa1,
-+  0xa1, 0x5c, 0x47, 0x93, 0xd1, 0x4c, 0x36, 0x8c, 0x00, 0xb3, 0x66, 0xda,
-+  0xf1, 0x05, 0xb2, 0x3a, 0xad, 0x7e, 0x4b, 0xf3, 0xd3, 0x93, 0xfa, 0x59,
-+  0x09, 0x9c, 0x60, 0x37, 0x69, 0x61, 0xe8, 0x5a, 0x33, 0xc6, 0xb2, 0x1a,
-+  0xba, 0x36, 0xe2, 0xb3, 0x58, 0xe9, 0x73, 0x01, 0x2d, 0x36, 0x48, 0x36,
-+  0x94, 0xe4, 0xb2, 0xa4, 0x5b, 0xdf, 0x3d, 0x5f, 0x62, 0x9f, 0xd9, 0xf3,
-+  0x24, 0x0c, 0xf0, 0x2f, 0x71, 0x44, 0x79, 0x13, 0x70, 0x95, 0xa7, 0xbe,
-+  0xea, 0x0a, 0x08, 0x0a, 0xa6, 0x4b, 0xe9, 0x58, 0x6b, 0xa4, 0xc2, 0xed,
-+  0x74, 0x1e, 0xb0, 0x3b, 0x59, 0xd5, 0xe6, 0xdb, 0x8f, 0x58, 0x6a, 0xa3,
-+  0x7d, 0x52, 0x40, 0xec, 0x72, 0xb7, 0xba, 0x7e, 0x30, 0x9d, 0x12, 0x57,
-+  0xf2, 0x48, 0xae, 0x80, 0x0d, 0x0a, 0xf4, 0xfd, 0x24, 0xed, 0xd8, 0x05,
-+  0xb2, 0x96, 0x44, 0x02, 0x3e, 0x6e, 0x25, 0xb0, 0xc4, 0x93, 0xda, 0xfe,
-+  0x78, 0xd9, 0xbb, 0xd2, 0x71, 0x69, 0x70, 0x7f, 0xba, 0xf7, 0xb0, 0x4f,
-+  0x14, 0xf7, 0x98, 0x71, 0x01, 0x6c, 0xec, 0x6f, 0x76, 0x03, 0x59, 0xff,
-+  0xe2, 0xba, 0x8d, 0xd9, 0x21, 0x08, 0xb3, 0x02, 0x03, 0x01, 0x00, 0x01,
-+  0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
-+  0x16, 0x04, 0x14, 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf,
-+  0x80, 0x87, 0x0f, 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30,
-+  0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
-+  0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, 0x80, 0x87, 0x0f,
-+  0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, 0x0f, 0x06, 0x03,
-+  0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
-+  0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
-+  0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x76, 0x9e,
-+  0x3c, 0xfc, 0x3f, 0x58, 0xe8, 0xf2, 0x1f, 0x2e, 0x11, 0xa2, 0x59, 0xfa,
-+  0x27, 0xb5, 0xec, 0x9d, 0x97, 0x05, 0x06, 0x2c, 0x95, 0xa5, 0x28, 0x88,
-+  0x86, 0xeb, 0x4e, 0x8a, 0x62, 0xe9, 0x87, 0x78, 0xd8, 0x18, 0x22, 0x4e,
-+  0xb1, 0x8d, 0x46, 0x4a, 0x4c, 0x6e, 0x7c, 0x53, 0x62, 0x2c, 0xf2, 0x7a,
-+  0x95, 0xa0, 0x1a, 0x30, 0x18, 0x6a, 0x31, 0x6f, 0x3f, 0x55, 0x25, 0x9f,
-+  0x67, 0x60, 0x68, 0x99, 0x0f, 0x41, 0x09, 0xc8, 0xe2, 0x04, 0x33, 0x22,
-+  0x1a, 0xe9, 0xf3, 0xae, 0xce, 0xb6, 0x83, 0x64, 0x78, 0x66, 0x14, 0xc9,
-+  0x54, 0xc8, 0x34, 0x70, 0x96, 0xaf, 0x16, 0xcd, 0xb8, 0xdf, 0x81, 0x7e,
-+  0xf0, 0xa6, 0x7d, 0xc1, 0x13, 0xb2, 0x76, 0x3a, 0xd5, 0x7e, 0x68, 0x8c,
-+  0xd5, 0x00, 0x70, 0x82, 0x23, 0x7e, 0x5e, 0xc9, 0x31, 0x2f, 0x33, 0x54,
-+  0xaa, 0xaf, 0xcd, 0xe9, 0x38, 0x9a, 0x23, 0x53, 0xad, 0x4e, 0x72, 0xa7,
-+  0x6f, 0x47, 0x60, 0xc9, 0xd3, 0x06, 0x9b, 0x7a, 0x21, 0xc6, 0xe9, 0xdb,
-+  0x3c, 0xaa, 0xc0, 0x21, 0x29, 0x5f, 0x44, 0x6a, 0x45, 0x90, 0x73, 0x5e,
-+  0x6d, 0x78, 0x82, 0xcb, 0x42, 0xe6, 0xba, 0x67, 0xb2, 0xe6, 0xa2, 0x15,
-+  0x04, 0xea, 0x69, 0xae, 0x3e, 0xc0, 0x0c, 0x10, 0x99, 0xec, 0xa9, 0xb0,
-+  0x7e, 0xe8, 0x94, 0xe2, 0xf3, 0xaf, 0xf7, 0x9f, 0x65, 0xe7, 0xd7, 0xe2,
-+  0x49, 0xfa, 0x52, 0x7d, 0xb5, 0xfd, 0xa0, 0xa5, 0xe0, 0x49, 0xa7, 0x3d,
-+  0x94, 0x20, 0x2d, 0xec, 0x8c, 0x22, 0xa5, 0xa4, 0x43, 0xfa, 0x7e, 0xd0,
-+  0x50, 0x21, 0xb8, 0x67, 0x18, 0x44, 0x69, 0x8f, 0xdd, 0x47, 0x41, 0xc6,
-+  0x35, 0xe0, 0xe9, 0x2e, 0x41, 0xa9, 0x6f, 0x41, 0xee, 0xb9, 0xbd, 0x45,
-+  0xf3, 0x88, 0xc1, 0x23, 0x35, 0x96, 0xba, 0xf8, 0xcd, 0x4b, 0x83, 0x73,
-+  0x5f
-+};
-+
-+    char str1[] = "SubjectPublicKeyInfo", str2[] = "subjectpublickeyinfo";
-+    int res;
-+    X509 *cert = NULL;
-+    X509_PUBKEY *cert_pubkey = NULL;
-+    const unsigned char *p = der_bytes;
-+
-+    TEST_ptr(setlocale(LC_ALL, ""));
-+
-+    res = strcasecmp(str1, str2);
-+    TEST_note("Case-insensitive comparison via strcasecmp in current locale %s\n", res ? "failed" : "succeeded");
-+
-+    TEST_false(OPENSSL_strcasecmp(str1, str2));
-+
-+    cert = d2i_X509(NULL, &p, sizeof(der_bytes));
-+    if (!TEST_ptr(cert))
-+        return 0;
-+
-+    cert_pubkey = X509_get_X509_PUBKEY(cert);
-+    if (!TEST_ptr(cert_pubkey)) {
-+        X509_free(cert);
-+        return 0;
-+    }
-+
-+    if (!TEST_ptr(X509_PUBKEY_get0(cert_pubkey))) {
-+        X509_free(cert);
-+        return 0;
-+    }
-+
-+    X509_free(cert);
-+    return 1;
-+}
-+
-+void cleanup_tests(void)
-+{
-+}
-diff --git a/test/params_conversion_test.c b/test/params_conversion_test.c
-index 9422ef14734a..710c2a9a2e9f 100644
---- a/test/params_conversion_test.c
-+++ b/test/params_conversion_test.c
-@@ -15,10 +15,6 @@
- /* On machines that dont support <inttypes.h> just disable the tests */
- #if !defined(OPENSSL_NO_INTTYPES_H)
- 
--# ifdef OPENSSL_SYS_WINDOWS
--#  define strcasecmp _stricmp
--# endif
--
- # ifdef OPENSSL_SYS_VMS
- #  define strtoumax strtoull
- #  define strtoimax strtoll
-@@ -62,7 +58,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s)
- 
-     for (i = 0; i < s->numpairs; i++, pp++) {
-         p = "";
--        if (strcasecmp(pp->key, "type") == 0) {
-+        if (OPENSSL_strcasecmp(pp->key, "type") == 0) {
-             if (type != NULL) {
-                 TEST_info("Line %d: multiple type lines", s->curr);
-                 return 0;
-@@ -72,48 +68,48 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s)
-                 TEST_info("Line %d: unknown type line", s->curr);
-                 return 0;
-             }
--        } else if (strcasecmp(pp->key, "int32") == 0) {
-+        } else if (OPENSSL_strcasecmp(pp->key, "int32") == 0) {
-             if (def_i32++) {
-                 TEST_info("Line %d: multiple int32 lines", s->curr);
-                 return 0;
-             }
--            if (strcasecmp(pp->value, "invalid") != 0) {
-+            if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
-                 pc->valid_i32 = 1;
-                 pc->i32 = (int32_t)strtoimax(pp->value, &p, 10);
-             }
--        } else if (strcasecmp(pp->key, "int64") == 0) {
-+        } else if (OPENSSL_strcasecmp(pp->key, "int64") == 0) {
-             if (def_i64++) {
-                 TEST_info("Line %d: multiple int64 lines", s->curr);
-                 return 0;
-             }
--            if (strcasecmp(pp->value, "invalid") != 0) {
-+            if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
-                 pc->valid_i64 = 1;
-                 pc->i64 = (int64_t)strtoimax(pp->value, &p, 10);
-             }
--        } else if (strcasecmp(pp->key, "uint32") == 0) {
-+        } else if (OPENSSL_strcasecmp(pp->key, "uint32") == 0) {
-             if (def_u32++) {
-                 TEST_info("Line %d: multiple uint32 lines", s->curr);
-                 return 0;
-             }
--            if (strcasecmp(pp->value, "invalid") != 0) {
-+            if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
-                 pc->valid_u32 = 1;
-                 pc->u32 = (uint32_t)strtoumax(pp->value, &p, 10);
-             }
--        } else if (strcasecmp(pp->key, "uint64") == 0) {
-+        } else if (OPENSSL_strcasecmp(pp->key, "uint64") == 0) {
-             if (def_u64++) {
-                 TEST_info("Line %d: multiple uint64 lines", s->curr);
-                 return 0;
-             }
--            if (strcasecmp(pp->value, "invalid") != 0) {
-+            if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
-                 pc->valid_u64 = 1;
-                 pc->u64 = (uint64_t)strtoumax(pp->value, &p, 10);
-             }
--        } else if (strcasecmp(pp->key, "double") == 0) {
-+        } else if (OPENSSL_strcasecmp(pp->key, "double") == 0) {
-             if (def_d++) {
-                 TEST_info("Line %d: multiple double lines", s->curr);
-                 return 0;
-             }
--            if (strcasecmp(pp->value, "invalid") != 0) {
-+            if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
-                 pc->valid_d = 1;
-                 pc->d = strtod(pp->value, &p);
-             }
-@@ -133,7 +129,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s)
-         return 0;
-     }
- 
--    if (strcasecmp(type, "int32") == 0) {
-+    if (OPENSSL_strcasecmp(type, "int32") == 0) {
-         if (!TEST_true(def_i32) || !TEST_true(pc->valid_i32)) {
-             TEST_note("errant int32 on line %d", s->curr);
-             return 0;
-@@ -142,7 +138,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s)
-         pc->datum = &datum_i32;
-         pc->ref = &ref_i32;
-         pc->size = sizeof(ref_i32);
--    } else if (strcasecmp(type, "int64") == 0) {
-+    } else if (OPENSSL_strcasecmp(type, "int64") == 0) {
-         if (!TEST_true(def_i64) || !TEST_true(pc->valid_i64)) {
-             TEST_note("errant int64 on line %d", s->curr);
-             return 0;
-@@ -151,7 +147,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s)
-         pc->datum = &datum_i64;
-         pc->ref = &ref_i64;
-         pc->size = sizeof(ref_i64);
--    } else if (strcasecmp(type, "uint32") == 0) {
-+    } else if (OPENSSL_strcasecmp(type, "uint32") == 0) {
-         if (!TEST_true(def_u32) || !TEST_true(pc->valid_u32)) {
-             TEST_note("errant uint32 on line %d", s->curr);
-             return 0;
-@@ -160,7 +156,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s)
-         pc->datum = &datum_u32;
-         pc->ref = &ref_u32;
-         pc->size = sizeof(ref_u32);
--    } else if (strcasecmp(type, "uint64") == 0) {
-+    } else if (OPENSSL_strcasecmp(type, "uint64") == 0) {
-         if (!TEST_true(def_u64) || !TEST_true(pc->valid_u64)) {
-             TEST_note("errant uint64 on line %d", s->curr);
-             return 0;
-@@ -169,7 +165,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s)
-         pc->datum = &datum_u64;
-         pc->ref = &ref_u64;
-         pc->size = sizeof(ref_u64);
--    } else if (strcasecmp(type, "double") == 0) {
-+    } else if (OPENSSL_strcasecmp(type, "double") == 0) {
-         if (!TEST_true(def_d) || !TEST_true(pc->valid_d)) {
-             TEST_note("errant double on line %d", s->curr);
-             return 0;
-diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t
-new file mode 100644
-index 000000000000..1bccd57d4c63
---- /dev/null
-+++ b/test/recipes/02-test_localetest.t
-@@ -0,0 +1,24 @@
-+#! /usr/bin/env perl
-+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-+# Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
-+#
-+# Licensed under the Apache License 2.0 (the "License").  You may not use
-+# this file except in compliance with the License.  You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+use OpenSSL::Test;
-+use OpenSSL::Test::Utils;
-+
-+setup("locale tests");
-+
-+plan skip_all => "Locale tests not available on Windows or VMS"
-+    if $^O =~ /^(VMS|MSWin32)$/;
-+
-+plan tests => 2;
-+
-+$ENV{LANG} = "C";
-+ok(run(test(["localetest"])), "running localetest");
-+
-+$ENV{LANG} = "tr_TR.UTF-8";
-+ok(run(test(["localetest"])), "running localetest with Turkish locale");
-diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c
-index b07b98062494..5fb54a3a2eb1 100644
---- a/test/ssl_old_test.c
-+++ b/test/ssl_old_test.c
-@@ -216,7 +216,7 @@ static int servername_cb(SSL *s, int *ad, void *arg)
- 
-     if (servername) {
-         if (s_ctx2 != NULL && sn_server2 != NULL &&
--            !strcasecmp(servername, sn_server2)) {
-+            !OPENSSL_strcasecmp(servername, sn_server2)) {
-             BIO_printf(bio_stdout, "Switching server context.\n");
-             SSL_set_SSL_CTX(s, s_ctx2);
-         }
-diff --git a/test/v3nametest.c b/test/v3nametest.c
-index 06d713b2feb1..ce1f4949fef2 100644
---- a/test/v3nametest.c
-+++ b/test/v3nametest.c
-@@ -15,10 +15,6 @@
- #include "internal/nelem.h"
- #include "testutil.h"
- 
--#ifdef OPENSSL_SYS_WINDOWS
--# define strcasecmp _stricmp
--#endif
--
- static const char *const names[] = {
-     "a", "b", ".", "*", "@",
-     ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..",
-@@ -287,7 +283,7 @@ static int run_cert(X509 *crt, const char *nameincert,
-     int failed = 0;
- 
-     for (; *pname != NULL; ++pname) {
--        int samename = strcasecmp(nameincert, *pname) == 0;
-+        int samename = OPENSSL_strcasecmp(nameincert, *pname) == 0;
-         size_t namelen = strlen(*pname);
-         char *name = OPENSSL_malloc(namelen + 1);
-         int match, ret;
-diff --git a/util/libcrypto.num b/util/libcrypto.num
-index 10b4e57d7969..1b9b23878e83 100644
---- a/util/libcrypto.num
-+++ b/util/libcrypto.num
-@@ -5425,3 +5425,5 @@ ASN1_item_d2i_ex                        5552	3_0_0	EXIST::FUNCTION:
+diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
+--- openssl-3.0.3/util/libcrypto.num.locale	2022-06-01 12:35:52.667498724 +0200
++++ openssl-3.0.3/util/libcrypto.num	2022-06-01 12:36:08.112633093 +0200
+@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex
+ ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
+-OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+-OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
++OPENSSL_strcasecmp                      5556	3_0_1	EXIST::FUNCTION:
++OPENSSL_strncasecmp                     5557	3_0_1	EXIST::FUNCTION:
  ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
  ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
  ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:
-+OPENSSL_strcasecmp                      ?	3_0_1	EXIST::FUNCTION:
-+OPENSSL_strncasecmp                     ?	3_0_1	EXIST::FUNCTION:
diff --git a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
index a4ea757..9991c5c 100644
--- a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
+++ b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
@@ -567,554 +567,4 @@ index 8c52b637fc..ff75c5b6ec 100644
 +         }
  
          SKIP: {
-             skip "No IPv4 available on this machine", 1
-diff --git a/test/smime-certs/smdh.pem b/test/smime-certs/smdh.pem
-index 7d66a6b421..894461f6da 100644
---- a/test/smime-certs/smdh.pem
-+++ b/test/smime-certs/smdh.pem
-@@ -14,10 +14,10 @@ ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv
- BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIFljCCBH6gAwIBAgIUYmx57362u3KsYCqtKby2mYi+pLMwDQYJKoZIhvcNAQEL
-+MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIxMDExNTEwMDk1MloXDTMwMTEy
--NDEwMDk1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz
-+MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
- HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw
- ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz
- VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH
-@@ -38,10 +38,10 @@ Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+
- xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h
- wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE
- FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI
--qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQA5r5k39ghJIgQKjOXSffhtAaBPT0Um
--WtLjijp/iBUAowFpncDRIp+Ng7n/feJHDdnh59H0ZHGljWqZ3rgG3HjjArvG+iUm
--6aaS4KdM6OwK60JTUXBQ/InISXzrZof2oZ5BjO6L6yV6cpaYOLlLo3QjU8HE54G9
--7UyR48NSvhwPw+vS1Abjib+K1En/ctnlm0CurHgP56LrJxguFZZP6+UjCnEy0wxm
--VRr+y4+IgWikdOumMelJ+x9O9R7EPVfwQ9TYBtpo5hZQiGhSJ3Di9LZO5i0h2xjj
--AhtR8zmzusFX2Ruh2dXQWeNx/dMEcYRJLU1P+IxUq2g1GUiCgq2Xc7ZY
-+qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y
-+TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb
-+L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC
-+KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ
-+EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2
-+/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem
-index b424f6704e..597d98f827 100644
---- a/test/smime-certs/smdsa1.pem
-+++ b/test/smime-certs/smdsa1.pem
-@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
- TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0=
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
--ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
--uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
--7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
--wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
--+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
--Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
--AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
--0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
--g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
--0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
--yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
--7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
--aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x
--EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV
--86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE
--DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp
--O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit
--1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg
--MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO
--xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
--MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx
--d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3
--MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z
--Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt
--17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf
--0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO
-+MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz
-+MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB
-+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
-+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
-+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
-+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
-+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
-+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
-+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
-+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
-+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
-+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
-+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
-+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E
-+hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P
-+faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH
-++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy
-+HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx
-+ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd
-+GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
-+HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL
-+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL
-+sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq
-+TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1
-+3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ
-+2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW
-+fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw=
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem
-index 648447fc89..a995f665bb 100644
---- a/test/smime-certs/smdsa2.pem
-+++ b/test/smime-certs/smdsa2.pem
-@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
- TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA==
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
--ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
--uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
--7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
--wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
--+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
--Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
--AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
--0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
--g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
--0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
--yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
--7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
--aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E
--h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt
--tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa
--LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn
--3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0
--KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg
--MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k
--qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
--MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp
--VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb
--uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV
--6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD
--2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96
--GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I
-+MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz
-+MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB
-+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
-+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
-+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
-+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
-+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
-+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
-+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
-+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
-+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
-+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
-+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
-+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s
-+zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO
-+b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR
-+7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA
-+DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r
-+z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm
-+MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
-+HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL
-+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat
-+MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx
-+53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW
-+Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU
-+q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r
-+us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA=
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem
-index 77acc5e46f..9f703e52f0 100644
---- a/test/smime-certs/smdsa3.pem
-+++ b/test/smime-certs/smdsa3.pem
-@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
- TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY=
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
--ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
--uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
--7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
--wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
--+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
--Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
--AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
--0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
--g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
--0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
--yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
--7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
--aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9
--msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf
--zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7
--cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp
--N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS
--2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg
--MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE
--FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
--MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask
--pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK
--YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM
--khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i
--Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv
--4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660
-+MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz
-+MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB
-+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
-+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
-+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
-+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
-+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
-+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
-+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
-+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
-+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
-+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
-+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
-+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h
-+nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY
-+rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA
-+LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl
-+pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof
-+nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc
-+W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
-+HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL
-+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR
-+egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5
-+OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw
-+f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J
-+deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87
-+2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs=
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smec1.pem b/test/smime-certs/smec1.pem
-index 75a862666b..05754f3963 100644
---- a/test/smime-certs/smec1.pem
-+++ b/test/smime-certs/smec1.pem
-@@ -4,19 +4,19 @@ DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV
- 3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIICoDCCAYigAwIBAgIJANk5lu6mSyBGMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
--ZXN0IFMvTUlNRSBFRSBFQyAjMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL5I
--iPYVjYOi49G40On1ZWmyp5/ny1XeAjBXQQ5X/HJhPNmG59mL9oFxe6BZHXHvnzHi
--ce6za4S4QWLcyvcrf7GjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg
--MB0GA1UdDgQWBBR/ybxC2DI+Jydhx1FMgPbMTmLzRzAfBgNVHSMEGDAWgBTJkVMK
--Y3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEAdk9si83JjtgHHHGy
--WcgWDfM0jzlWBsgFNQ9DwAuB7gJd/LG+5Ocajg5XdA5FXAdKkfwI6be3PdcVs3Bt
--7f/fdKfBxfr9/SvFHnK7PVAX2x1wwS4HglX1lfoyq1boSvsiJOnAX3jsqXJ9TJiV
--FlgRVnhnrw6zz3Xs/9ZDMTENUrqDHPNsDkKEi+9SqIsqDXpMCrGHP4ic+S8Rov1y
--S+0XioMxVyXDp6XcL4PQ/NgHbw5/+UcS0me0atZ6pW68C0vi6xeU5vxojyuZxMI1
--DXXwMhOXWaKff7KNhXDUN0g58iWlnyaCz4XQwFsbbFs88TQ1+e/aj3bbwTxUeyN7
--qtcHJA==
-+MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz
-+MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI
-+zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2
-+gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV
-+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud
-+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp
-+sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9
-+1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj
-+weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R
-+mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy
-+hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ
-+V5ASvNRiGWIJK5XF+zRY
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smec2.pem b/test/smime-certs/smec2.pem
-index 457297a760..7c502d8799 100644
---- a/test/smime-certs/smec2.pem
-+++ b/test/smime-certs/smec2.pem
-@@ -5,19 +5,19 @@ uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8
- 6bQ=
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIICpTCCAY2gAwIBAgIJANk5lu6mSyBHMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
--ZXN0IFMvTUlNRSBFRSBFQyAjMjBeMBAGByqGSM49AgEGBSuBBAAQA0oABAXbOzq+
--huahP4z4/b70tntqy8UE2Lu4LMtgX/yPVJyf+ylzOgL283NWE3D4uDt2eM0vgQMj
--JhkuXsTS/r2W7Nu/L6rjj/zptKNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E
--BAMCBeAwHQYDVR0OBBYEFGf+QSQlkN20PsNN7x+jmQIJBDcXMB8GA1UdIwQYMBaA
--FMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBBQUAA4IBAQBaBBryl2Ez
--ftBrGENXMKQP3bBEw4n9ely6HvYQi9IC7HyK0ktz7B2FcJ4z96q38JN3cLxV0DhK
--xT/72pFmQwZVJngvRaol0k1B+bdmM03llxCw/uNNZejixDjHUI9gEfbigehd7QY0
--uYDu4k4O35/z/XPQ6O5Kzw+J2vdzU8GXlMBbWeZWAmEfLGbk3Ux0ouITnSz0ty5P
--rkHTo0uprlFcZAsrsNY5v5iuomYT7ZXAR3sqGZL1zPOKBnyfXeNFUfnKsZW7Fnlq
--IlYBQIjqR1HGxxgCSy66f1oplhxSch4PUpk5tqrs6LeOqc2+xROy1T5YrB3yjVs0
--4ZdCllHZkhop
-+MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz
-+MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE
-+ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT
-+cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA
-+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw
-+HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD
-+ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ
-+Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5
-+7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd
-+oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60
-+cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ
-+/UfNk+5Y3g5Mm642MLvjBEUqurw=
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smec3.pem b/test/smime-certs/smec3.pem
-index 90eac867d0..5110e2984b 100644
---- a/test/smime-certs/smec3.pem
-+++ b/test/smime-certs/smec3.pem
-@@ -4,19 +4,19 @@ zSy+knGorGWZBGG5p//ke0WUSbqhRANCAARH8uHBHkuOfuyXgJj7V3lNqUEPiQNo
- xG8ntGjVmKRHfywdUoQJ1PgfbkCEsBk334rRFmja1r+MYyqn/A9ARiGB
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIICoDCCAYigAwIBAgIJAPaEOllWs/pjMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xNzA4MTAxNTQyMDhaFw0yNzA2MTkxNTQyMDhaMEQx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
--ZXN0IFMvTUlNRSBFRSBFQyAjMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEfy
--4cEeS45+7JeAmPtXeU2pQQ+JA2jEbye0aNWYpEd/LB1ShAnU+B9uQISwGTffitEW
--aNrWv4xjKqf8D0BGIYGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg
--MB0GA1UdDgQWBBQLR+H9CmAY/KDyXWdVUM9FP766WzAfBgNVHSMEGDAWgBT3YQTy
--KJTdSIrnOcPj3pm5oVNtazANBgkqhkiG9w0BAQsFAAOCAQEAmMRuf8Iz5fr9f0GA
--HaNiOM5S7AIfZ6W7zzdeF63EF1j9HqP1DJsUW4y5b9azWmpp62kKuNaM4CGPUVvm
--diLKJVlrDcc+6lW9oROpnBsskhjqFMTjTANPQSAKZeKiG2W3U8Q103VQpuYvE4Nj
--OU9JT+5e4RZS7wxYk/IsvnyF/DkoF1FTMHo9/3Wiw4V4KRhpJIPnqojWNcfipmhM
--UDpbw0Oyj5fE7x6wvaoOUr8GNJE5NudtV/5QDh9REkjyKUdVYsuUrWwKqn3NT8EI
--OLl8wx3RqA8htRg/W+SoESx87rvW1saPGvfypBp4cl18B1IzTlC+FMbHFJvZqQn8
--Ci1l4Q==
-+MIICqzCCAZOgAwIBAgIUSG5MT0bOz48OfBayRWfoQwUcA50wDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0Mjg1MloXDTMyMDMz
-+MTE0Mjg1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMzMFkwEwYHKoZIzj0CAQYIKoZI
-+zj0DAQcDQgAER/LhwR5Ljn7sl4CY+1d5TalBD4kDaMRvJ7Ro1ZikR38sHVKECdT4
-+H25AhLAZN9+K0RZo2ta/jGMqp/wPQEYhgaNgMF4wDAYDVR0TAQH/BAIwADAOBgNV
-+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFAtH4f0KYBj8oPJdZ1VQz0U/vrpbMB8GA1Ud
-+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQBY
-+xXTNWQz38q37bRjyl6FWMdIaVRkle1Qzjo0bAVHsrYNwY36PBnJpfZE8aJS6WwD2
-+PUHWVLc0zd50pXbAa41FlquOdP5FNa8wOc+jHIiyWaE8SEdt0jsxPRTJ9kElXuJ5
-+wFx7icmRde7DWLG32SWwR1pFi4R/aDOOxpTzUuYvKuawfAUVQtQyCz8sahbmI8EW
-+H0KDuiyuncq1YjvHfaUR7QKijMJ0eBRsjUls0HeMjkehBkTrz78u7TJBWKE/BCiB
-+HzuZeMqHpSXtK6ZCRtQXTLv0HyenFmbdVSDiOFSnvdL5lyLT3aFQ19DVtGFCAUwZ
-+HQdD3KNn4i073Z7Ia2Xa
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem
-index d1a253f409..f62a54e2a3 100644
---- a/test/smime-certs/smroot.pem
-+++ b/test/smime-certs/smroot.pem
-@@ -27,23 +27,23 @@ vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ
- KfvPCYimQwBjVrEnSntLPR0=
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
--ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
--ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT
--JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+
--LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E
--J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/
--MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe
--untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb
--i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G
--A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB
--AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb
--Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl
--zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt
--9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C
--7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt
--Emsny2ah6fU2z7PztrUy/A80
-+MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy
-+MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF
-+AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR
-+4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb
-+qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj
-+pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN
-+lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2
-+QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E
-+FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw
-+doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
-+hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN
-+r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z
-+tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx
-+kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo
-+bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2
-+b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8=
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem
-index d0d0b9e66b..7eb331e2c9 100644
---- a/test/smime-certs/smrsa1.pem
-+++ b/test/smime-certs/smrsa1.pem
-@@ -27,23 +27,23 @@ iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST
- zQpuMJliRlrq/5JkIbH6SA==
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
--ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
--AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK
--2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt
--+W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF
--Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe
--bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM
--kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
--VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV
--HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
--dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o
--E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK
--WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp
--lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT
--GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu
--9Hjq6s316fk4Ne0EUF3PbA==
-+MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz
-+MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB
-+BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw
-+D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy
-+5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS
-+9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH
-+yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT
-+0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T
-+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM
-+y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
-+DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm
-+CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq
-+oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ
-+kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0
-+EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY
-+7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem
-index 2f17cb2978..4262742176 100644
---- a/test/smime-certs/smrsa2.pem
-+++ b/test/smime-certs/smrsa2.pem
-@@ -27,23 +27,23 @@ hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n
- yrLyf+8hjm6H6zkjqiOkHAl+
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
--ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
--AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF
--AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp
--cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS
--0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1
--NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0
--EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
--VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV
--HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
--I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47
--Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv
--/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c
--XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv
--6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i
--NzYzLAPBkHCMY0Is3KKIBw==
-+MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz
-+MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB
-+BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6
-+RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7
-+snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk
-+HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM
-+ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2
-+Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T
-+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT
-+6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
-+DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD
-+QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa
-+9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv
-+i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR
-+pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM
-+1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem
-index 14c27f64aa..f7dca3a004 100644
---- a/test/smime-certs/smrsa3.pem
-+++ b/test/smime-certs/smrsa3.pem
-@@ -27,23 +27,23 @@ yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF
- RvOAi5wVkYylDxV4238MAZIq
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
--BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
--TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
--CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
--ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
--AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC
--FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF
--STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW
--m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha
--v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p
--1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
--VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV
--HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
--JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp
--sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa
--VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr
--O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7
--tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY
--CscFo2Z2pYROGtZDmYqhRw==
-+MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL
-+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz
-+MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB
-+BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x
-+b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM
-+sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5
-+FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO
-+Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj
-+If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T
-+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868
-+yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
-+DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c
-+P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs
-+s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn
-+Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7
-+xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu
-+r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf
- -----END CERTIFICATE-----
--- 
-2.35.3
-
+             skip "No IPv4 available on this machine", 4
diff --git a/0062-fips-Expose-a-FIPS-indicator.patch b/0062-fips-Expose-a-FIPS-indicator.patch
index 6d368d8..d2e9b0a 100644
--- a/0062-fips-Expose-a-FIPS-indicator.patch
+++ b/0062-fips-Expose-a-FIPS-indicator.patch
@@ -325,7 +325,7 @@ index de391ce067..1cfd71c5cf 100644
      { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions },
      { NULL, NULL, NULL }
 @@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) {
-     freelocale(loc);
+     return NULL;
  }
  
 +const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) {
diff --git a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch b/0072-ChaCha20-performance-optimizations-for-ppc64le.patch
index 527b901..e5e7f9b 100644
--- a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch
+++ b/0072-ChaCha20-performance-optimizations-for-ppc64le.patch
@@ -1311,7 +1311,7 @@ index c12cb9c..2a819b2 100644
  
    $CHACHAASM_c64xplus=chacha-c64xplus.s
 @@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM
- GENERATE[chacha-x86.s]=asm/chacha-x86.pl
+ GENERATE[chacha-x86.S]=asm/chacha-x86.pl
  GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl
  GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl
 +GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl
diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
index 27f86f5..eeafbfa 100644
--- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
+++ b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
@@ -136,10 +136,17 @@ diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.i
 index 4e30ec56dd..0103c87528 100644
 --- a/providers/fips/self_test_data.inc
 +++ b/providers/fips/self_test_data.inc
-@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
+@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
      ST_KAT_PARAM_END()
  };
  
+-/*-
+- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
+- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
+- * HP/UX PA-RISC compilers.
+- */
+-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
+-
 +/*-
 + * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
 + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
@@ -153,8 +160,7 @@ index 4e30ec56dd..0103c87528 100644
 +};
 +
  static const ST_KAT_PARAM rsa_enc_params[] = {
--    ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
--                            OSSL_PKEY_RSA_PAD_MODE_NONE),
+-    ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
 +    ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
 +    ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
 +                       oaep_fixed_seed),
diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
index c7e4731..0b6a9fb 100644
--- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
+++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
@@ -149,14 +149,14 @@ index db1a1d7bc3..c94c3c53bd 100644
      if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
          return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
                                                           sigret, siglen,
-                                                          (siglen == NULL) ? 0 : *siglen);
+                                                          sigret == NULL ? 0 : *siglen);
 +#ifndef FIPS_MODULE
      dctx = EVP_PKEY_CTX_dup(pctx);
      if (dctx == NULL)
          return 0;
 @@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                                    sigret, siglen,
-                                                   (siglen == NULL) ? 0 : *siglen);
+                                                   *siglen);
      EVP_PKEY_CTX_free(dctx);
 +#endif /* defined(FIPS_MODULE) */
      return r;
diff --git a/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch b/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
index 975b810..8e41bf4 100644
--- a/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
+++ b/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
@@ -30,7 +30,7 @@ index b1580ca..dc81627 100644
          return NULL;
 @@ -456,14 +457,28 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
          return NULL;
-     if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
+     if (EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen) <= 0)
          return NULL;
 -    if (saltlen == -1) {
 +    if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
diff --git a/openssl.spec b/openssl.spec
index 287a6f2..cc3f992 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -28,13 +28,13 @@ print(string.sub(hash, 0, 16))
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 3.0.1
-Release: 44%{?dist}
+Version: 3.0.7
+Release: 1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
 # The original openssl upstream tarball cannot be shipped in the .src.rpm.
-Source: openssl-%{version}-hobbled.tar.xz
+Source: openssl-%{version}-hobbled.tar.gz
 Source1: hobble-openssl
 Source2: Makefile.certificate
 Source3: genpatches
@@ -71,11 +71,11 @@ Patch11: 0011-Remove-EC-curves.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
 Patch12: 0012-Disable-explicit-ec.patch
 # https://github.com/openssl/openssl/pull/17981
-Patch13: 0013-FIPS-provider-explicit-ec.patch
+# Patch13: 0013-FIPS-provider-explicit-ec.patch
 # https://github.com/openssl/openssl/pull/17998
-Patch14: 0014-FIPS-disable-explicit-ec.patch
+# Patch14: 0014-FIPS-disable-explicit-ec.patch
 # https://github.com/openssl/openssl/pull/18609
-Patch15: 0015-FIPS-decoded-from-explicit.patch
+# Patch15: 0015-FIPS-decoded-from-explicit.patch
 # Instructions to load legacy provider in openssl.cnf
 Patch24: 0024-load-legacy-prov.patch
 # Tmp: test name change
@@ -93,11 +93,11 @@ Patch44: 0044-FIPS-140-3-keychecks.patch
 # Minimize fips services
 Patch45: 0045-FIPS-services-minimize.patch
 # Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486
-Patch46: 0046-FIPS-s390x-hardening.patch
+# Patch46: 0046-FIPS-s390x-hardening.patch
 # Execute KATS before HMAC verification
 Patch47: 0047-FIPS-early-KATS.patch
 # Backport of correctly handle 2^14 byte long records #17538
-Patch48: 0048-correctly-handle-records.patch
+# Patch48: 0048-correctly-handle-records.patch
 # Selectively disallow SHA1 signatures
 Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2049265
@@ -107,15 +107,15 @@ Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
 # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
 Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
 # CVE 2022-0778
-Patch53: 0053-CVE-2022-0778.patch
+# Patch53: 0053-CVE-2022-0778.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62
-Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
+# Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
 # https://github.com/openssl/openssl/pull/17324
-Patch55: 0055-nonlegacy-fetch-null-deref.patch
+# Patch55: 0055-nonlegacy-fetch-null-deref.patch
 # https://github.com/openssl/openssl/pull/18103
 Patch56: 0056-strcasecmp.patch
 # https://github.com/openssl/openssl/pull/18175
-Patch57: 0057-strcasecmp-fix.patch
+# Patch57: 0057-strcasecmp-fix.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
 Patch58: 0058-FIPS-limit-rsa-encrypt.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2069235
@@ -124,24 +124,24 @@ Patch60: 0060-FIPS-KAT-signature-tests.patch
 Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
 Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
 # https://github.com/openssl/openssl/pull/18141
-Patch63: 0063-CVE-2022-1473.patch
+# Patch63: 0063-CVE-2022-1473.patch
 # upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
-Patch64: 0064-CVE-2022-1343.diff
+# Patch64: 0064-CVE-2022-1343.diff
 # upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
-Patch65: 0065-CVE-2022-1292.patch
+# Patch65: 0065-CVE-2022-1292.patch
 # https://github.com/openssl/openssl/pull/18444
 # https://github.com/openssl/openssl/pull/18467
-Patch66: 0066-replace-expired-certs.patch
+# Patch66: 0066-replace-expired-certs.patch
 # https://github.com/openssl/openssl/pull/18512
-Patch67: 0067-fix-ppc64-montgomery.patch
+# Patch67: 0067-fix-ppc64-montgomery.patch
 #https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa
 #https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739
-Patch68: 0068-CVE-2022-2068.patch
+# Patch68: 0068-CVE-2022-2068.patch
 # https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93
 # https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8
-Patch69: 0069-CVE-2022-2097.patch
+# Patch69: 0069-CVE-2022-2097.patch
 # https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483
-Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
+# Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
 # https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c
 # https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd
 Patch71: 0071-AES-GCM-performance-optimization.patch
@@ -163,7 +163,7 @@ Patch77: 0077-FIPS-140-3-zeroization.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2137723
-Patch79: 0079-CVE-2022-3602.patch
+# Patch79: 0079-CVE-2022-3602.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2141748
 Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142131
@@ -177,9 +177,9 @@ Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
 #https://github.com/openssl/openssl/pull/17546
-Patch86: 0086-avoid-bio-memleak.patch
+# Patch86: 0086-avoid-bio-memleak.patch
 #https://github.com/openssl/openssl/pull/19501
-Patch87: 0087-FIPS-RSA-selftest-params.patch
+# Patch87: 0087-FIPS-RSA-selftest-params.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142087
 Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142087
@@ -516,6 +516,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
+- Rebasing to OpenSSL 3.0.7
+  Resolves: rhbz#2129063
+
 * Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44
 - SHAKE-128/256 are not allowed with RSA in FIPS mode
   Resolves: rhbz#2144010
diff --git a/sources b/sources
index adeef22..e2d9a77 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-3.0.1-hobbled.tar.xz) = 8819d02a6961c2398d0fb4003f25a322f752254b5c3440cd3e9456df5c56dadbc8a1aa6f821f176941293d67771304b3a565b3b8ce7a3ac0b7ad221da97c4dfe
+SHA512 (openssl-3.0.7-hobbled.tar.gz) = 1aea183b0b6650d9d5e7ba87b613bb1692c71720b0e75377b40db336b40bad780f7e8ae8dfb9f60841eeb4381f4b79c4c5043210c96e7cb51f90791b80c8285e

From 07892fe6460613afe7ccc2e1ccff184b9fc8da82 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 23 Nov 2022 17:20:05 +0100
Subject: [PATCH 12/28] Rebasing to OpenSSL 3.0.7 - removing redundant patches

Resolves: rhbz#2129063
---
 0013-FIPS-provider-explicit-ec.patch          |  77 --
 0014-FIPS-disable-explicit-ec.patch           | 421 -----------
 0015-FIPS-decoded-from-explicit.patch         | 140 ----
 0046-FIPS-s390x-hardening.patch               |  22 -
 0048-correctly-handle-records.patch           |  52 --
 0053-CVE-2022-0778.patch                      | 188 -----
 ...ck-with-more-meaningful-pubkey-check.patch |  53 --
 0055-nonlegacy-fetch-null-deref.patch         |  23 -
 0057-strcasecmp-fix.patch                     | 104 ---
 0063-CVE-2022-1473.patch                      |  13 -
 0064-CVE-2022-1343.diff                       | 263 -------
 0065-CVE-2022-1292.patch                      |  58 --
 0066-replace-expired-certs.patch              | 212 ------
 0067-fix-ppc64-montgomery.patch               | 662 ------------------
 0068-CVE-2022-2068.patch                      | 174 -----
 0069-CVE-2022-2097.patch                      | 151 ----
 ...n-Call-OPENSSL_init_crypto-to-init-s.patch |  56 --
 0079-CVE-2022-3602.patch                      | 399 -----------
 0086-avoid-bio-memleak.patch                  |  48 --
 0087-FIPS-RSA-selftest-params.patch           |  41 --
 openssl.spec                                  |  43 --
 21 files changed, 3200 deletions(-)
 delete mode 100644 0013-FIPS-provider-explicit-ec.patch
 delete mode 100644 0014-FIPS-disable-explicit-ec.patch
 delete mode 100644 0015-FIPS-decoded-from-explicit.patch
 delete mode 100644 0046-FIPS-s390x-hardening.patch
 delete mode 100644 0048-correctly-handle-records.patch
 delete mode 100644 0053-CVE-2022-0778.patch
 delete mode 100644 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
 delete mode 100644 0055-nonlegacy-fetch-null-deref.patch
 delete mode 100644 0057-strcasecmp-fix.patch
 delete mode 100644 0063-CVE-2022-1473.patch
 delete mode 100644 0064-CVE-2022-1343.diff
 delete mode 100644 0065-CVE-2022-1292.patch
 delete mode 100644 0066-replace-expired-certs.patch
 delete mode 100644 0067-fix-ppc64-montgomery.patch
 delete mode 100644 0068-CVE-2022-2068.patch
 delete mode 100644 0069-CVE-2022-2097.patch
 delete mode 100644 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
 delete mode 100644 0079-CVE-2022-3602.patch
 delete mode 100644 0086-avoid-bio-memleak.patch
 delete mode 100644 0087-FIPS-RSA-selftest-params.patch

diff --git a/0013-FIPS-provider-explicit-ec.patch b/0013-FIPS-provider-explicit-ec.patch
deleted file mode 100644
index 8cceeed..0000000
--- a/0013-FIPS-provider-explicit-ec.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
-index 78dc69082fab..8a86c9108d0d 100644
---- a/providers/implementations/keymgmt/ec_kmgmt.c
-+++ b/providers/implementations/keymgmt/ec_kmgmt.c
-@@ -470,9 +470,6 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
-     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
-             && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
-         return 0;
--    if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
--            && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
--        return 0;
- 
-     tmpl = OSSL_PARAM_BLD_new();
-     if (tmpl == NULL)
-diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t
-index 766524e8cfa9..80bac6741290 100644
---- a/test/recipes/15-test_ecparam.t
-+++ b/test/recipes/15-test_ecparam.t
-@@ -13,7 +13,7 @@ use warnings;
- use File::Spec;
- use File::Compare qw/compare_text/;
- use OpenSSL::Glob;
--use OpenSSL::Test qw/:DEFAULT data_file/;
-+use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
- use OpenSSL::Test::Utils;
- 
- setup("test_ecparam");
-@@ -25,7 +25,7 @@ my @valid = glob(data_file("valid", "*.pem"));
- my @noncanon = glob(data_file("noncanon", "*.pem"));
- my @invalid = glob(data_file("invalid", "*.pem"));
- 
--plan tests => 11;
-+plan tests => 12;
- 
- sub checkload {
-     my $files = shift; # List of files
-@@ -59,6 +59,8 @@ sub checkcompare {
-     }
- }
- 
-+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-+
- subtest "Check loading valid parameters by ecparam with -check" => sub {
-     plan tests => scalar(@valid);
-     checkload(\@valid, 1, "ecparam", "-check");
-@@ -113,3 +115,31 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub {
-     plan tests => 2 * scalar(@valid);
-     checkcompare(\@valid, "pkeyparam");
- };
-+
-+subtest "Check loading of fips and non-fips params" => sub {
-+    plan skip_all => "FIPS is disabled"
-+        if $no_fips;
-+    plan tests => 3;
-+
-+    my $fipsconf = srctop_file("test", "fips-and-base.cnf");
-+    my $defaultconf = srctop_file("test", "default.cnf");
-+
-+    $ENV{OPENSSL_CONF} = $fipsconf;
-+
-+    ok(run(app(['openssl', 'ecparam',
-+                '-in', data_file('valid', 'secp384r1-explicit.pem'),
-+                '-check'])),
-+       "Loading explicitly encoded valid curve");
-+
-+    ok(run(app(['openssl', 'ecparam',
-+                '-in', data_file('valid', 'secp384r1-named.pem'),
-+                '-check'])),
-+       "Loading named valid curve");
-+
-+    ok(!run(app(['openssl', 'ecparam',
-+                '-in', data_file('valid', 'secp112r1-named.pem'),
-+                '-check'])),
-+       "Fail loading named non-fips curve");
-+
-+    $ENV{OPENSSL_CONF} = $defaultconf;
-+};
diff --git a/0014-FIPS-disable-explicit-ec.patch b/0014-FIPS-disable-explicit-ec.patch
deleted file mode 100644
index 7de159e..0000000
--- a/0014-FIPS-disable-explicit-ec.patch
+++ /dev/null
@@ -1,421 +0,0 @@
-diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
-index 9dc143c2ac69..4d6f2a76ad20 100644
---- a/crypto/ec/ec_err.c
-+++ b/crypto/ec/ec_err.c
-@@ -1,6 +1,6 @@
- /*
-  * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
-  *
-  * Licensed under the Apache License 2.0 (the "License").  You may not use
-  * this file except in compliance with the License.  You can obtain a copy
-@@ -35,6 +35,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
-     "discriminant is zero"},
-     {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
-     "ec group new by name failure"},
-+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED),
-+    "explicit params not supported"},
-     {ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY),
-     "failed making public key"},
-     {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
-diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
-index 2aeab7e3b6b5..f686e45f899d 100644
---- a/crypto/ec/ec_lib.c
-+++ b/crypto/ec/ec_lib.c
-@@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
- }
- #endif
- 
-+#ifndef FIPS_MODULE
- /*
-  * Check if the explicit parameters group matches any built-in curves.
-  *
-@@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
-          * parameters with one created from a named group.
-          */
- 
--#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-         /*
-          * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
-          * the same curve, we prefer the SECP nid when matching explicit
-@@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
-          */
-         if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12)
-             curve_name_nid = NID_secp224r1;
--#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
-+# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
- 
-         ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid);
-         if (ret_group == NULL)
-@@ -1467,6 +1468,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
-     EC_GROUP_free(ret_group);
-     return NULL;
- }
-+#endif /* FIPS_MODULE */
- 
- static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
-                                      OSSL_LIB_CTX *libctx, const char *propq)
-@@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[])
- EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
-                                    OSSL_LIB_CTX *libctx, const char *propq)
- {
--    const OSSL_PARAM *ptmp, *pa, *pb;
-+    const OSSL_PARAM *ptmp;
-+    EC_GROUP *group = NULL;
-+
-+#ifndef FIPS_MODULE
-+    const OSSL_PARAM *pa, *pb;
-     int ok = 0;
--    EC_GROUP *group = NULL, *named_group = NULL;
-+    EC_GROUP *named_group = NULL;
-     BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL;
-     EC_POINT *point = NULL;
-     int field_bits = 0;
-@@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
-     BN_CTX *bnctx = NULL;
-     const unsigned char *buf = NULL;
-     int encoding_flag = -1;
-+#endif
- 
-     /* This is the simple named group case */
-     ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
-@@ -1559,6 +1566,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
-         }
-         return group;
-     }
-+#ifdef FIPS_MODULE
-+    ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED);
-+    return NULL;
-+#else
-     /* If it gets here then we are trying explicit parameters */
-     bnctx = BN_CTX_new_ex(libctx);
-     if (bnctx == NULL) {
-@@ -1623,10 +1634,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
-         /* create the EC_GROUP structure */
-         group = EC_GROUP_new_curve_GFp(p, a, b, bnctx);
-     } else {
--#ifdef OPENSSL_NO_EC2M
-+# ifdef OPENSSL_NO_EC2M
-         ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED);
-         goto err;
--#else
-+# else
-         /* create the EC_GROUP structure */
-         group = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
-         if (group != NULL) {
-@@ -1636,7 +1647,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
-                 goto err;
-             }
-         }
--#endif /* OPENSSL_NO_EC2M */
-+# endif /* OPENSSL_NO_EC2M */
-     }
- 
-     if (group == NULL) {
-@@ -1733,4 +1744,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
-     BN_CTX_free(bnctx);
- 
-     return group;
-+#endif /* FIPS_MODULE */
- }
-diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
-index c4a94f955905..41df7127403c 100644
---- a/crypto/err/openssl.txt
-+++ b/crypto/err/openssl.txt
-@@ -553,6 +553,7 @@ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
- EC_R_DECODE_ERROR:142:decode error
- EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
- EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
-+EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported
- EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key
- EC_R_FIELD_TOO_LARGE:143:field too large
- EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
-diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
-index 07b6c7aa62dd..4658ae8fb2cd 100644
---- a/include/crypto/ecerr.h
-+++ b/include/crypto/ecerr.h
-@@ -1,6 +1,6 @@
- /*
-  * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
-  *
-  * Licensed under the Apache License 2.0 (the "License").  You may not use
-  * this file except in compliance with the License.  You can obtain a copy
-diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h
-index 49088d208b2c..46405ac62d91 100644
---- a/include/openssl/ecerr.h
-+++ b/include/openssl/ecerr.h
-@@ -1,6 +1,6 @@
- /*
-  * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
-  *
-  * Licensed under the Apache License 2.0 (the "License").  You may not use
-  * this file except in compliance with the License.  You can obtain a copy
-@@ -35,6 +35,7 @@
- #  define EC_R_DECODE_ERROR                                142
- #  define EC_R_DISCRIMINANT_IS_ZERO                        118
- #  define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
-+#  define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED               127
- #  define EC_R_FAILED_MAKING_PUBLIC_KEY                    166
- #  define EC_R_FIELD_TOO_LARGE                             143
- #  define EC_R_GF2M_NOT_SUPPORTED                          147
-diff --git a/test/endecode_test.c b/test/endecode_test.c
-index 0c33dff0ee2b..3d78bea50ea3 100644
---- a/test/endecode_test.c
-+++ b/test/endecode_test.c
-@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line,
- typedef void (dumper)(const char *label, const void *data, size_t data_len);
- 
- #define FLAG_DECODE_WITH_TYPE   0x0001
-+#define FLAG_FAIL_IF_FIPS       0x0002
- 
- static int test_encode_decode(const char *file, const int line,
-                               const char *type, EVP_PKEY *pkey,
-@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line,
-      * dumping purposes.
-      */
-     if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
--                             output_type, output_structure, pass, pcipher))
--        || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
-+                             output_type, output_structure, pass, pcipher)))
-+        goto end;
-+
-+    if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
-+        if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
-+                                  encoded_len, output_type, output_structure,
-+                                  (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
-+                                  selection, pass)))
-+            ok = 1;
-+        goto end;
-+    }
-+
-+    if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
-         || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
-                                 output_type, output_structure,
-                                 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
-@@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line,
-     return ok;
- }
- 
--static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
-+static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
- {
-     return test_encode_decode(__FILE__, __LINE__, type, key,
-                               OSSL_KEYMGMT_SELECT_KEYPAIR
-@@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
-                               "DER", "PrivateKeyInfo", NULL, NULL,
-                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
-                               test_mem, check_unprotected_PKCS8_DER,
--                              dump_der, 0);
-+                              dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
- }
- 
- static int check_unprotected_PKCS8_PEM(const char *file, const int line,
-@@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line,
-                         sizeof(expected_pem_header) - 1);
- }
- 
--static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
-+static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
- {
-     return test_encode_decode(__FILE__, __LINE__, type, key,
-                               OSSL_KEYMGMT_SELECT_KEYPAIR
-@@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
-                               "PEM", "PrivateKeyInfo", NULL, NULL,
-                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
-                               test_text, check_unprotected_PKCS8_PEM,
--                              dump_pem, 0);
-+                              dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
- }
- 
- #ifndef OPENSSL_NO_KEYPARAMS
-@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line,
-     return ok;
- }
- 
--static int test_protected_via_DER(const char *type, EVP_PKEY *key)
-+static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
- {
-     return test_encode_decode(__FILE__, __LINE__, type, key,
-                               OSSL_KEYMGMT_SELECT_KEYPAIR
-@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key)
-                               pass, pass_cipher,
-                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
-                               test_mem, check_protected_PKCS8_DER,
--                              dump_der, 0);
-+                              dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
- }
- 
- static int check_protected_PKCS8_PEM(const char *file, const int line,
-@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line,
-                         sizeof(expected_pem_header) - 1);
- }
- 
--static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
-+static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
- {
-     return test_encode_decode(__FILE__, __LINE__, type, key,
-                               OSSL_KEYMGMT_SELECT_KEYPAIR
-@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
-                               pass, pass_cipher,
-                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
-                               test_text, check_protected_PKCS8_PEM,
--                              dump_pem, 0);
-+                              dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
- }
- 
- static int check_protected_legacy_PEM(const char *file, const int line,
-@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line,
-     return ok;
- }
- 
--static int test_public_via_DER(const char *type, EVP_PKEY *key)
-+static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
- {
-     return test_encode_decode(__FILE__, __LINE__, type, key,
-                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
-                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
-                               "DER", "SubjectPublicKeyInfo", NULL, NULL,
-                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
--                              test_mem, check_public_DER, dump_der, 0);
-+                              test_mem, check_public_DER, dump_der,
-+                              fips ? 0 : FLAG_FAIL_IF_FIPS);
- }
- 
- static int check_public_PEM(const char *file, const int line,
-@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line,
-                      sizeof(expected_pem_header) - 1);
- }
- 
--static int test_public_via_PEM(const char *type, EVP_PKEY *key)
-+static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
- {
-     return test_encode_decode(__FILE__, __LINE__, type, key,
-                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
-                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
-                               "PEM", "SubjectPublicKeyInfo", NULL, NULL,
-                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
--                              test_text, check_public_PEM, dump_pem, 0);
-+                              test_text, check_public_PEM, dump_pem,
-+                              fips ? 0 : FLAG_FAIL_IF_FIPS);
- }
- 
- static int check_public_MSBLOB(const char *file, const int line,
-@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
-     EVP_PKEY_free(template_##KEYTYPE);                                  \
-     EVP_PKEY_free(key_##KEYTYPE)
- 
--#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr)                       \
-+#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips)                 \
-     static int test_unprotected_##KEYTYPE##_via_DER(void)               \
-     {                                                                   \
--        return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
-+        return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
-     }                                                                   \
-     static int test_unprotected_##KEYTYPE##_via_PEM(void)               \
-     {                                                                   \
--        return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
-+        return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
-     }                                                                   \
-     static int test_protected_##KEYTYPE##_via_DER(void)                 \
-     {                                                                   \
--        return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE);       \
-+        return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
-     }                                                                   \
-     static int test_protected_##KEYTYPE##_via_PEM(void)                 \
-     {                                                                   \
--        return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE);       \
-+        return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
-     }                                                                   \
-     static int test_public_##KEYTYPE##_via_DER(void)                    \
-     {                                                                   \
--        return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE);          \
-+        return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips);    \
-     }                                                                   \
-     static int test_public_##KEYTYPE##_via_PEM(void)                    \
-     {                                                                   \
--        return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE);          \
-+        return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips);    \
-     }
- 
- #define ADD_TEST_SUITE(KEYTYPE)                                 \
-@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
- 
- #ifndef OPENSSL_NO_DH
- DOMAIN_KEYS(DH);
--IMPLEMENT_TEST_SUITE(DH, "DH")
-+IMPLEMENT_TEST_SUITE(DH, "DH", 1)
- IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
- DOMAIN_KEYS(DHX);
--IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
-+IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
- IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
- /*
-  * DH has no support for PEM_write_bio_PrivateKey_traditional(),
-@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
- #endif
- #ifndef OPENSSL_NO_DSA
- DOMAIN_KEYS(DSA);
--IMPLEMENT_TEST_SUITE(DSA, "DSA")
-+IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
- IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
- IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
- IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
-@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
- #endif
- #ifndef OPENSSL_NO_EC
- DOMAIN_KEYS(EC);
--IMPLEMENT_TEST_SUITE(EC, "EC")
-+IMPLEMENT_TEST_SUITE(EC, "EC", 1)
- IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
- IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
- DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
--IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
-+IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
- IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
- /*DOMAIN_KEYS(ECExplicitPrime2G);*/
--/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
-+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
- /*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
- # ifndef OPENSSL_NO_EC2M
- DOMAIN_KEYS(ECExplicitTriNamedCurve);
--IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
-+IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
- IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
- DOMAIN_KEYS(ECExplicitTri2G);
--IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
-+IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
- IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
- # endif
- KEYS(ED25519);
--IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
-+IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
- KEYS(ED448);
--IMPLEMENT_TEST_SUITE(ED448, "ED448")
-+IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
- KEYS(X25519);
--IMPLEMENT_TEST_SUITE(X25519, "X25519")
-+IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
- KEYS(X448);
--IMPLEMENT_TEST_SUITE(X448, "X448")
-+IMPLEMENT_TEST_SUITE(X448, "X448", 1)
- /*
-  * ED25519, ED448, X25519 and X448 have no support for
-  * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
-  */
- #endif
- KEYS(RSA);
--IMPLEMENT_TEST_SUITE(RSA, "RSA")
-+IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
- IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
- KEYS(RSA_PSS);
--IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
-+IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
- /*
-  * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
-  * so no legacy tests.
diff --git a/0015-FIPS-decoded-from-explicit.patch b/0015-FIPS-decoded-from-explicit.patch
deleted file mode 100644
index 19d19a3..0000000
--- a/0015-FIPS-decoded-from-explicit.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
-index bea01fb38f66..48721369ae8f 100644
---- a/crypto/ec/ec_backend.c
-+++ b/crypto/ec/ec_backend.c
-@@ -318,6 +318,11 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
-         return 0;
-     }
- 
-+    if (!ossl_param_build_set_int(tmpl, params,
-+                                  OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
-+                                  group->decoded_from_explicit_params))
-+        return 0;
-+
-     curve_nid = EC_GROUP_get_curve_name(group);
- 
-     /*
-diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
-index 6b0591c6c8c7..b1696d93bd6d 100644
---- a/crypto/ec/ec_lib.c
-+++ b/crypto/ec/ec_lib.c
-@@ -1556,13 +1556,23 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
-     /* This is the simple named group case */
-     ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
-     if (ptmp != NULL) {
--        group = group_new_from_name(ptmp, libctx, propq);
--        if (group != NULL) {
--            if (!ossl_ec_group_set_params(group, params)) {
--                EC_GROUP_free(group);
--                group = NULL;
--            }
-+        int decoded = 0;
-+
-+        if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL)
-+            return NULL;
-+        if (!ossl_ec_group_set_params(group, params)) {
-+            EC_GROUP_free(group);
-+            return NULL;
-+        }
-+
-+        ptmp = OSSL_PARAM_locate_const(params,
-+                                       OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS);
-+        if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) {
-+            ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS);
-+            EC_GROUP_free(group);
-+            return NULL;
-         }
-+        group->decoded_from_explicit_params = decoded > 0;
-         return group;
-     }
- #ifdef FIPS_MODULE
-@@ -1733,6 +1743,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
-         EC_GROUP_free(group);
-         group = named_group;
-     }
-+    /* We've imported the group from explicit parameters, set it so. */
-+    group->decoded_from_explicit_params = 1;
-     ok = 1;
-  err:
-     if (!ok) {
-diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
-index eed83237c3b2..ee66a074f889 100644
---- a/doc/man7/EVP_PKEY-EC.pod
-+++ b/doc/man7/EVP_PKEY-EC.pod
-@@ -70,8 +70,8 @@ I<order> multiplied by the I<cofactor> gives the number of points on the curve.
- 
- =item  "decoded-from-explicit" (B<OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS>) <integer>
- 
--Gets a flag indicating wether the key or parameters were decoded from explicit
--curve parameters. Set to 1 if so or 0 if a named curve was used.
-+Sets or gets a flag indicating whether the key or parameters were decoded from
-+explicit curve parameters. Set to 1 if so or 0 if a named curve was used.
- 
- =item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
- 
-diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
-index 9260d4bf3635..7aed057cac89 100644
---- a/providers/implementations/keymgmt/ec_kmgmt.c
-+++ b/providers/implementations/keymgmt/ec_kmgmt.c
-@@ -525,7 +525,8 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
-     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0),            \
-     OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0),                          \
-     OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0),                       \
--    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0)
-+    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0),                 \
-+    OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL)
- 
- # define EC_IMEXPORTABLE_PUBLIC_KEY                                            \
-     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
-diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index 700bbd849c95..ede14864d5ac 100644
---- a/test/recipes/25-test_verify.t
-+++ b/test/recipes/25-test_verify.t
-@@ -12,7 +12,7 @@ use warnings;
- 
- use File::Spec::Functions qw/canonpath/;
- use File::Copy;
--use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/;
-+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/;
- use OpenSSL::Test::Utils;
- 
- setup("test_verify");
-@@ -29,7 +29,7 @@ sub verify {
-     run(app([@args]));
- }
- 
--plan tests => 160;
-+plan tests => 163;
- 
- # Canonical success
- ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
-@@ -309,6 +309,29 @@ SKIP: {
-               ["ca-cert-ec-named"]),
-         "accept named curve leaf with named curve intermediate");
- }
-+# Same as above but with base provider used for decoding
-+SKIP: {
-+    my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-+    skip "EC is not supported or FIPS is disabled", 3
-+        if disabled("ec") || $no_fips;
-+
-+    my $provconf = srctop_file("test", "fips-and-base.cnf");
-+    my $provpath = bldtop_dir("providers");
-+    my @prov = ("-provider-path", $provpath);
-+    $ENV{OPENSSL_CONF} = $provconf;
-+
-+    ok(!verify("ee-cert-ec-explicit", "", ["root-cert"],
-+               ["ca-cert-ec-named"], @prov),
-+        "reject explicit curve leaf with named curve intermediate w/fips");
-+    ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"],
-+               ["ca-cert-ec-explicit"], @prov),
-+        "reject named curve leaf with explicit curve intermediate w/fips");
-+    ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
-+              ["ca-cert-ec-named"], @prov),
-+        "accept named curve leaf with named curve intermediate w/fips");
-+
-+    delete $ENV{OPENSSL_CONF};
-+}
- 
- # Depth tests, note the depth limit bounds the number of CA certificates
- # between the trust-anchor and the leaf, so, for example, with a root->ca->leaf
diff --git a/0046-FIPS-s390x-hardening.patch b/0046-FIPS-s390x-hardening.patch
deleted file mode 100644
index f79abf9..0000000
--- a/0046-FIPS-s390x-hardening.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
-index 5c70b2d67840..c5726c638bdd 100644
---- a/crypto/ec/ecp_s390x_nistp.c
-+++ b/crypto/ec/ecp_s390x_nistp.c
-@@ -116,7 +116,7 @@ static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
-     /* Otherwise use default. */
-     if (rc == -1)
-         rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
--    OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len);
-+    OPENSSL_cleanse(param, sizeof(param));
-     BN_CTX_end(ctx);
-     BN_CTX_free(new_ctx);
-     return rc;
-@@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
- 
-     ok = 1;
- ret:
--    OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len);
-+    OPENSSL_cleanse(param, sizeof(param));
-     if (ok != 1) {
-         ECDSA_SIG_free(sig);
-         sig = NULL;
diff --git a/0048-correctly-handle-records.patch b/0048-correctly-handle-records.patch
deleted file mode 100644
index ecbc09c..0000000
--- a/0048-correctly-handle-records.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c
---- openssl-3.0.1/apps/s_server.c.handle-records	2022-02-03 15:26:16.803434943 +0100
-+++ openssl-3.0.1/apps/s_server.c	2022-02-03 15:34:33.358298697 +0100
-@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in
-     /* Set width for a select call if needed */
-     width = s + 1;
- 
--    buf = app_malloc(bufsize, "server www buffer");
-+    /* as we use BIO_gets(), and it always null terminates data, we need
-+     * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
-+    buf = app_malloc(bufsize + 1, "server www buffer");
-     io = BIO_new(BIO_f_buffer());
-     ssl_bio = BIO_new(BIO_f_ssl());
-     if ((io == NULL) || (ssl_bio == NULL))
-@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in
-     }
- 
-     for (;;) {
--        i = BIO_gets(io, buf, bufsize - 1);
-+        i = BIO_gets(io, buf, bufsize + 1);
-         if (i < 0) {            /* error */
-             if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
-                 if (!s_quiet)
-@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in
-                  * we're expecting to come from the client. If they haven't
-                  * sent one there's not much we can do.
-                  */
--                BIO_gets(io, buf, bufsize - 1);
-+                BIO_gets(io, buf, bufsize + 1);
-             }
- 
-             BIO_puts(io,
-@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in
-     SSL *con;
-     BIO *io, *ssl_bio, *sbio;
- 
--    buf = app_malloc(bufsize, "server rev buffer");
-+    /* as we use BIO_gets(), and it always null terminates data, we need
-+     * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
-+    buf = app_malloc(bufsize + 1, "server rev buffer");
-     io = BIO_new(BIO_f_buffer());
-     ssl_bio = BIO_new(BIO_f_ssl());
-     if ((io == NULL) || (ssl_bio == NULL))
-@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in
-     print_ssl_summary(con);
- 
-     for (;;) {
--        i = BIO_gets(io, buf, bufsize - 1);
-+        i = BIO_gets(io, buf, bufsize + 1);
-         if (i < 0) {            /* error */
-             if (!BIO_should_retry(io)) {
-                 if (!s_quiet)
diff --git a/0053-CVE-2022-0778.patch b/0053-CVE-2022-0778.patch
deleted file mode 100644
index 4f4bcb5..0000000
--- a/0053-CVE-2022-0778.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-From 23f1773ddf92979006d0f438523f3c73320c384f Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Mon, 28 Feb 2022 18:26:30 +0100
-Subject: [PATCH] Add documentation of BN_mod_sqrt()
-
----
- doc/man3/BN_add.pod    | 15 +++++++++++++--
- util/missingcrypto.txt |  1 -
- 2 files changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
-index 62d3ee7205..cf6c49c0e3 100644
---- a/doc/man3/BN_add.pod
-+++ b/doc/man3/BN_add.pod
-@@ -3,7 +3,7 @@
- =head1 NAME
- 
- BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
--BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
-+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd -
- arithmetic operations on BIGNUMs
- 
- =head1 SYNOPSIS
-@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs
- 
-  int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- 
-+ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-+
-  int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
- 
-  int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-@@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>.
- BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
- result in I<r>.
- 
-+BN_mod_sqrt() returns the modular square root of I<a> such that
-+C<in^2 = a (mod p)>. The modulus I<p> must be a
-+prime, otherwise an error or an incorrect "result" will be returned.
-+The result is stored into I<in> which can be NULL. The result will be
-+newly allocated in that case.
-+
- BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
- (C<r=a^p>). This function is faster than repeated applications of
- BN_mul().
-@@ -108,7 +116,10 @@ the arguments.
- 
- =head1 RETURN VALUES
- 
--For all functions, 1 is returned for success, 0 on error. The return
-+The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is
-+not a prime), or NULL.
-+
-+For all remaining functions, 1 is returned for success, 0 on error. The return
- value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
- The error codes can be obtained by L<ERR_get_error(3)>.
- 
-diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
-index b61bdeb880..4d2fd7f6b7 100644
---- a/util/missingcrypto.txt
-+++ b/util/missingcrypto.txt
-@@ -264,7 +264,6 @@ BN_mod_lshift(3)
- BN_mod_lshift1(3)
- BN_mod_lshift1_quick(3)
- BN_mod_lshift_quick(3)
--BN_mod_sqrt(3)
- BN_mod_sub_quick(3)
- BN_nist_mod_192(3)
- BN_nist_mod_224(3)
-
-From 46673310c9a755b2a56f53d115854983d6ada11a Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Mon, 28 Feb 2022 18:26:35 +0100
-Subject: [PATCH] Add a negative testcase for BN_mod_sqrt
-
----
- test/bntest.c                          | 11 ++++++++++-
- test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++
- 2 files changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/test/bntest.c b/test/bntest.c
-index efdb3ef963..d49f87373a 100644
---- a/test/bntest.c
-+++ b/test/bntest.c
-@@ -1732,8 +1732,17 @@ static int file_modsqrt(STANZA *s)
-             || !TEST_ptr(ret2 = BN_new()))
-         goto err;
- 
-+    if (BN_is_negative(mod_sqrt)) {
-+        /* A negative testcase */
-+        if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx)))
-+            goto err;
-+
-+        st = 1;
-+        goto err;
-+    }
-+
-     /* There are two possible answers. */
--    if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx))
-+    if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx))
-             || !TEST_true(BN_sub(ret2, p, ret)))
-         goto err;
- 
-diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
-index e22d656091..bc8a434ea5 100644
---- a/test/recipes/10-test_bn_data/bnmod.txt
-+++ b/test/recipes/10-test_bn_data/bnmod.txt
-@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
- ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186
- A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81
- P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
-+
-+# Negative testcases for BN_mod_sqrt()
-+
-+# This one triggers an infinite loop with unfixed implementation
-+# It should just fail.
-+ModSqrt = -1
-+A = 20a7ee
-+P = 460201
-+
-+ModSqrt = -1
-+A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed
-+P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
-
-From cafcc62d7719dea73f334c9ef763d1e215fcd94d Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Mon, 28 Feb 2022 18:26:21 +0100
-Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt()
-
-The calculation in some cases does not finish for non-prime p.
-
-This fixes CVE-2022-0778.
-
-Based on patch by David Benjamin <davidben@google.com>.
----
- crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------
- 1 file changed, 18 insertions(+), 12 deletions(-)
-
-diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
-index b663ae5ec5..c5ea7ab194 100644
---- a/crypto/bn/bn_sqrt.c
-+++ b/crypto/bn/bn_sqrt.c
-@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- /*
-  * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
-  * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
-- * Theory", algorithm 1.5.1). 'p' must be prime!
-+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
-+ * an incorrect "result" will be returned.
-  */
- {
-     BIGNUM *ret = in;
-@@ -303,18 +304,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-             goto vrfy;
-         }
- 
--        /* find smallest  i  such that  b^(2^i) = 1 */
--        i = 1;
--        if (!BN_mod_sqr(t, b, p, ctx))
--            goto end;
--        while (!BN_is_one(t)) {
--            i++;
--            if (i == e) {
--                ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE);
--                goto end;
-+        /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
-+        for (i = 1; i < e; i++) {
-+            if (i == 1) {
-+                if (!BN_mod_sqr(t, b, p, ctx))
-+                    goto end;
-+
-+            } else {
-+                if (!BN_mod_mul(t, t, t, p, ctx))
-+                    goto end;
-             }
--            if (!BN_mod_mul(t, t, t, p, ctx))
--                goto end;
-+            if (BN_is_one(t))
-+                break;
-+        }
-+        /* If not found, a is not a square or p is not prime. */
-+        if (i >= e) {
-+            ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE);
-+            goto end;
-         }
- 
-         /* t := y^2^(e - i - 1) */
-
diff --git a/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch b/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
deleted file mode 100644
index a66968d..0000000
--- a/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Wed, 2 Feb 2022 17:47:26 +0100
-Subject: [PATCH] Replace size check with more meaningful pubkey check
-
-It does not make sense to check the size because this
-function can be used in other contexts than in TLS-1.3 and
-the value might not be padded to the size of p.
-
-However it makes sense to do the partial pubkey check because
-there is no valid reason having the pubkey value outside the
-1 < pubkey < p-1 bounds.
-
-Fixes #15465
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/17630)
----
- crypto/dh/dh_key.c | 11 ++++-------
- 1 file changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index 6b8cd550f2..c78ed618bf 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
-     int err_reason = DH_R_BN_ERROR;
-     BIGNUM *pubkey = NULL;
-     const BIGNUM *p;
--    size_t p_size;
-+    int ret;
- 
-     if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL)
-         goto err;
-     DH_get0_pqg(dh, &p, NULL, NULL);
--    if (p == NULL || (p_size = BN_num_bytes(p)) == 0) {
-+    if (p == NULL || BN_num_bytes(p) == 0) {
-         err_reason = DH_R_NO_PARAMETERS_SET;
-         goto err;
-     }
--    /*
--     * As per Section 4.2.8.1 of RFC 8446 fail if DHE's
--     * public key is of size not equal to size of p
--     */
--    if (BN_is_zero(pubkey) || p_size != len) {
-+    /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */
-+    if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) {
-         err_reason = DH_R_INVALID_PUBKEY;
-         goto err;
-     }
--- 
-2.35.1
-
diff --git a/0055-nonlegacy-fetch-null-deref.patch b/0055-nonlegacy-fetch-null-deref.patch
deleted file mode 100644
index c4ca4fe..0000000
--- a/0055-nonlegacy-fetch-null-deref.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
-index e1da724bd2f4..2bee5ef19447 100644
---- a/crypto/core_namemap.c
-+++ b/crypto/core_namemap.c
-@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
- {
-     const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
- 
--    get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
-+    if (cipher != NULL)
-+        get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
- }
- 
- static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
- {
-     const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
- 
--    get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
-+    if (md != NULL)
-+        get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
- }
- 
- static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
diff --git a/0057-strcasecmp-fix.patch b/0057-strcasecmp-fix.patch
deleted file mode 100644
index f5c59b5..0000000
--- a/0057-strcasecmp-fix.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Fri, 22 Apr 2022 18:16:56 +0200
-Subject: [PATCH 1/2] Ensure we initialized the locale before
- evp_pkey_name2type
-
-Fixes #18158
----
- crypto/evp/pmeth_lib.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index 2b9c6c2351da..92d25de44532 100644
---- a/crypto/evp/pmeth_lib.c
-+++ b/crypto/evp/pmeth_lib.c
-@@ -27,6 +27,7 @@
- #ifndef FIPS_MODULE
- # include "crypto/asn1.h"
- #endif
-+#include "crypto/ctype.h"
- #include "crypto/evp.h"
- #include "crypto/dh.h"
- #include "crypto/ec.h"
-@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
-             }
- #ifndef FIPS_MODULE
-             if (keytype != NULL) {
-+                ossl_init_casecmp();
-                 id = evp_pkey_name2type(keytype);
-                 if (id == NID_undef)
-                     id = -1;
-
-From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Fri, 22 Apr 2022 19:26:08 +0200
-Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without
- preliminary init
-
----
- test/build.info                   |  6 +++++-
- test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++
- test/recipes/02-test_localetest.t |  4 +++-
- 3 files changed, 22 insertions(+), 2 deletions(-)
- create mode 100644 test/evp_pkey_ctx_new_from_name.c
-
-diff --git a/test/build.info b/test/build.info
-index 14a84f00a258..ee059973d31a 100644
---- a/test/build.info
-+++ b/test/build.info
-@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
-           sanitytest rsa_complex exdatatest bntest \
-           ecstresstest gmdifftest pbelutest \
-           destest mdc2test sha_test \
--          exptest pbetest localetest \
-+          exptest pbetest localetest evp_pkey_ctx_new_from_name\
-           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
-           evp_fetch_prov_test evp_libctx_test ossl_store_test \
-           v3nametest v3ext \
-@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}]
-   INCLUDE[localetest]=../include ../apps/include
-   DEPEND[localetest]=../libcrypto libtestutil.a
- 
-+  SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c
-+  INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include
-+  DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto
-+
-   SOURCE[pbetest]=pbetest.c
-   INCLUDE[pbetest]=../include ../apps/include
-   DEPEND[pbetest]=../libcrypto libtestutil.a
-diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c
-new file mode 100644
-index 000000000000..24063ea05ea5
---- /dev/null
-+++ b/test/evp_pkey_ctx_new_from_name.c
-@@ -0,0 +1,14 @@
-+#include <stdio.h>
-+#include <openssl/ec.h>
-+#include <openssl/evp.h>
-+#include <openssl/err.h>
-+
-+int main(int argc, char *argv[])
-+{
-+    EVP_PKEY_CTX *pctx = NULL;
-+
-+    pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL);
-+    EVP_PKEY_CTX_free(pctx);
-+
-+    return 0;
-+}
-diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t
-index 1bccd57d4c63..77fba7d819ab 100644
---- a/test/recipes/02-test_localetest.t
-+++ b/test/recipes/02-test_localetest.t
-@@ -15,7 +15,9 @@ setup("locale tests");
- plan skip_all => "Locale tests not available on Windows or VMS"
-     if $^O =~ /^(VMS|MSWin32)$/;
- 
--plan tests => 2;
-+plan tests => 3;
-+
-+ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init");
- 
- $ENV{LANG} = "C";
- ok(run(test(["localetest"])), "running localetest");
diff --git a/0063-CVE-2022-1473.patch b/0063-CVE-2022-1473.patch
deleted file mode 100644
index b4b12dc..0000000
--- a/0063-CVE-2022-1473.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
-index 2a574fbfe6aa..16f482db68a9 100644
---- a/crypto/lhash/lhash.c
-+++ b/crypto/lhash/lhash.c
-@@ -100,6 +100,8 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh)
-         }
-         lh->b[i] = NULL;
-     }
-+
-+    lh->num_items = 0;
- }
- 
- void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
diff --git a/0064-CVE-2022-1343.diff b/0064-CVE-2022-1343.diff
deleted file mode 100644
index d473597..0000000
--- a/0064-CVE-2022-1343.diff
+++ /dev/null
@@ -1,263 +0,0 @@
-diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
-index 7a4a45d537..3c5f48ec0a 100644
---- a/crypto/ocsp/ocsp_vfy.c
-+++ b/crypto/ocsp/ocsp_vfy.c
-@@ -59,9 +59,10 @@ static int ocsp_verify_signer(X509 *signer, int response,
- 
-     ret = X509_verify_cert(ctx);
-     if (ret <= 0) {
--        ret = X509_STORE_CTX_get_error(ctx);
-+        int err = X509_STORE_CTX_get_error(ctx);
-+
-         ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR,
--                       "Verify error: %s", X509_verify_cert_error_string(ret));
-+                       "Verify error: %s", X509_verify_cert_error_string(err));
-         goto end;
-     }
-     if (chain != NULL)
-diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
-index d42030cb89..34fdfcbccc 100644
---- a/test/recipes/80-test_ocsp.t
-+++ b/test/recipes/80-test_ocsp.t
-@@ -35,6 +35,7 @@ sub test_ocsp {
-         $untrusted = $CAfile;
-     }
-     my $expected_exit = shift;
-+    my $nochecks = shift;
-     my $outputfile = basename($inputfile, '.ors') . '.dat';
- 
-     run(app(["openssl", "base64", "-d",
-@@ -45,7 +46,8 @@ sub test_ocsp {
-                            "-partial_chain", @check_time,
-                            "-CAfile", catfile($ocspdir, $CAfile),
-                            "-verify_other", catfile($ocspdir, $untrusted),
--                           "-no-CApath", "-no-CAstore"])),
-+                           "-no-CApath", "-no-CAstore",
-+                           $nochecks ? "-no_cert_checks" : ()])),
-                   $title); });
- }
- 
-@@ -55,143 +57,149 @@ subtest "=== VALID OCSP RESPONSES ===" => sub {
-     plan tests => 7;
- 
-     test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
--              "ND1.ors", "ND1_Issuer_ICA.pem", "", 0);
-+              "ND1.ors", "ND1_Issuer_ICA.pem", "", 0, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
--              "ND2.ors", "ND2_Issuer_Root.pem", "", 0);
-+              "ND2.ors", "ND2_Issuer_Root.pem", "", 0, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> EE",
--              "ND3.ors", "ND3_Issuer_Root.pem", "", 0);
-+              "ND3.ors", "ND3_Issuer_Root.pem", "", 0, 0);
-     test_ocsp("NON-DELEGATED; 3-level CA hierarchy",
--              "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0);
-+              "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0, 0);
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "D1.ors", "D1_Issuer_ICA.pem", "", 0);
-+              "D1.ors", "D1_Issuer_ICA.pem", "", 0, 0);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "D2.ors", "D2_Issuer_Root.pem", "", 0);
-+              "D2.ors", "D2_Issuer_Root.pem", "", 0, 0);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "D3.ors", "D3_Issuer_Root.pem", "", 0);
-+              "D3.ors", "D3_Issuer_Root.pem", "", 0, 0);
- };
- 
- subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub {
-     plan tests => 6;
- 
-     test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
--              "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
-+              "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
--              "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
-+              "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> EE",
--              "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
-+              "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1);
-+              "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1);
-+              "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1);
-+              "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
- };
- 
- subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub {
-     plan tests => 6;
- 
-     test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
--              "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
-+              "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
--              "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
-+              "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> EE",
--              "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
-+              "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1);
-+              "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1);
-+              "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1);
-+              "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
- };
- 
- subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub {
-     plan tests => 6;
- 
-     test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
--              "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
-+              "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
--              "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
-+              "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> EE",
--              "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
-+              "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
-+              "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1);
-+              "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1);
-+              "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
- };
- 
- subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub {
-     plan tests => 6;
- 
-     test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
--              "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
-+              "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
--              "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
-+              "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> EE",
--              "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
-+              "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
-+              "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1);
-+              "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1);
-+              "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
- };
- 
- subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
-     plan tests => 3;
- 
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
-+              "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
-+              "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
-+              "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
- };
- 
- subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
--    plan tests => 3;
-+    plan tests => 6;
- 
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
-+              "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
-+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
-+              "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
-+    test_ocsp("DELEGATED; Root CA -> EE",
-+              "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
-+    test_ocsp("DELEGATED; Intermediate CA -> EE",
-+              "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 1);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
-+              "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 1);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
-+              "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 1);
- };
- 
- subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub {
-     plan tests => 6;
- 
-     test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
--              "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1);
-+              "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
--              "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1);
-+              "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> EE",
--              "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1);
-+              "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1);
-+              "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1);
-+              "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1);
-+              "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1, 0);
- };
- 
- subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub {
-     plan tests => 6;
- 
-     test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
--              "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1);
-+              "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
--              "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1);
-+              "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> EE",
--              "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1);
-+              "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1);
-+              "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1);
-+              "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1, 0);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1);
-+              "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1, 0);
- };
- 
- subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {
-@@ -199,17 +207,17 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {
- 
-     # Expect success, because we're explicitly trusting the issuer certificate.
-     test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
--              "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0);
-+              "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
--              "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0);
-+              "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0, 0);
-     test_ocsp("NON-DELEGATED; Root CA -> EE",
--              "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0);
-+              "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0, 0);
-     test_ocsp("DELEGATED; Intermediate CA -> EE",
--              "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0);
-+              "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0, 0);
-     test_ocsp("DELEGATED; Root CA -> Intermediate CA",
--              "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0);
-+              "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0, 0);
-     test_ocsp("DELEGATED; Root CA -> EE",
--              "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0);
-+              "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0);
- };
- 
- subtest "=== OCSP API TESTS===" => sub {
diff --git a/0065-CVE-2022-1292.patch b/0065-CVE-2022-1292.patch
deleted file mode 100644
index 5531fb3..0000000
--- a/0065-CVE-2022-1292.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index d51d8856d7..a630773a02 100644
---- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
-@@ -152,6 +152,23 @@ sub check_file {
-     return ($is_cert, $is_crl);
- }
- 
-+sub compute_hash {
-+    my $fh;
-+    if ( $^O eq "VMS" ) {
-+        # VMS uses the open through shell
-+        # The file names are safe there and list form is unsupported
-+        if (!open($fh, "-|", join(' ', @_))) {
-+            print STDERR "Cannot compute hash on '$fname'\n";
-+            return;
-+        }
-+    } else {
-+        if (!open($fh, "-|", @_)) {
-+            print STDERR "Cannot compute hash on '$fname'\n";
-+            return;
-+        }
-+    }
-+    return (<$fh>, <$fh>);
-+}
- 
- # Link a certificate to its subject name hash value, each hash is of
- # the form <hash>.<n> where n is an integer. If the hash value already exists
-@@ -161,10 +178,12 @@ sub check_file {
- 
- sub link_hash_cert {
-     my $fname = $_[0];
--    $fname =~ s/\"/\\\"/g;
--    my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
-+    my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
-+                                       "-fingerprint", "-noout",
-+                                       "-in", $fname);
-     chomp $hash;
-     chomp $fprint;
-+    return if !$hash;
-     $fprint =~ s/^.*=//;
-     $fprint =~ tr/://d;
-     my $suffix = 0;
-@@ -202,10 +221,12 @@ sub link_hash_cert {
- 
- sub link_hash_crl {
-     my $fname = $_[0];
--    $fname =~ s/'/'\\''/g;
--    my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
-+    my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
-+                                       "-fingerprint", "-noout",
-+                                       "-in", $fname);
-     chomp $hash;
-     chomp $fprint;
-+    return if !$hash;
-     $fprint =~ s/^.*=//;
-     $fprint =~ tr/://d;
-     my $suffix = 0;
diff --git a/0066-replace-expired-certs.patch b/0066-replace-expired-certs.patch
deleted file mode 100644
index adc9460..0000000
--- a/0066-replace-expired-certs.patch
+++ /dev/null
@@ -1,212 +0,0 @@
-diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
-index 1fa449d5a098..6aa9455f09ed 100644
---- a/test/certs/embeddedSCTs1_issuer.pem
-+++ b/test/certs/embeddedSCTs1_issuer.pem
-@@ -1,18 +1,18 @@
- -----BEGIN CERTIFICATE-----
--MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
-+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
- MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
--YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
--MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
--c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
--MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
--jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
--KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
--svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
--tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
--A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
--MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
--/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
--OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
--f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
--OwqULg==
-+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
-+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
-+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
-+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
-+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
-+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
-+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
-+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
-+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
-+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
-+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
-++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
-+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
-+Doud4XrO
- -----END CERTIFICATE-----
-diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem
-index 5677ac6c9f6a..70ce71e43091 100644
---- a/test/certs/sm2-ca-cert.pem
-+++ b/test/certs/sm2-ca-cert.pem
-@@ -1,14 +1,14 @@
- -----BEGIN CERTIFICATE-----
--MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
-+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
- AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
--c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
--Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
--CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
--MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
--SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
--5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
--BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
--5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
--ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
--YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
-+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
-+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
-+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
-+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
-+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
-+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
-+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
-+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
-+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
-+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
- -----END CERTIFICATE-----
-diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt
-index 5677ac6c9f6a..70ce71e43091 100644
---- a/test/certs/sm2-root.crt
-+++ b/test/certs/sm2-root.crt
-@@ -1,14 +1,14 @@
- -----BEGIN CERTIFICATE-----
--MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
-+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
- AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
--c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
--Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
--CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
--MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
--SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
--5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
--BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
--5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
--ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
--YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
-+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
-+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
-+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
-+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
-+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
-+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
-+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
-+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
-+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
-+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
- -----END CERTIFICATE-----
-diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem
-index 189abb137625..daf12926aff9 100644
---- a/test/certs/sm2.pem
-+++ b/test/certs/sm2.pem
-@@ -1,13 +1,14 @@
- -----BEGIN CERTIFICATE-----
--MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
--AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
--c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
--Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw
--CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
--MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw
--WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE
--TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ
--BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT
--TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH
--OZOfmtx613VyzXwc
-+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw
-+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER
-+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl
-+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw
-+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD
-+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT
-+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt
-+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN
-+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl
-+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/
-+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9
-+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg==
- -----END CERTIFICATE-----
-diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
-index 12e8a7305402..109b9c4abc28 100644
---- a/test/smime-certs/mksmime-certs.sh
-+++ b/test/smime-certs/mksmime-certs.sh
-@@ -15,23 +15,23 @@ export OPENSSL_CONF
- 
- # Root CA: create certificate directly
- CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \
--	-keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650
-+	-keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501
- 
- # EE RSA certificates: create request first
- CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \
- 	-keyout smrsa1.pem -out req.pem -newkey rsa:2048
- # Sign request: end entity extensions
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
-+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
- 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
- 
- CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \
- 	-keyout smrsa2.pem -out req.pem -newkey rsa:2048
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
-+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
- 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
- 
- CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \
- 	-keyout smrsa3.pem -out req.pem -newkey rsa:2048
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
-+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
- 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
- 
- # Create DSA parameters
-@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048
- 
- CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \
- 	-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
-+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
- 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
- CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \
- 	-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
-+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
- 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
- CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \
- 	-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
-+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
- 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
- 
- # Create EC parameters
-@@ -58,16 +58,17 @@ $OPENSSL ecparam -out ecp2.pem -name K-283
- 
- CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \
- 	-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
-+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
- 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
- CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \
- 	-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
-+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
- 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
--CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
--	-keyout smec3.pem -out req.pem -newkey ec:ecp.pem
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
--	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
-+# Do not renew this cert as it is used for legacy data decrypt test
-+#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
-+#	-keyout smec3.pem -out req.pem -newkey ec:ecp.pem
-+#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-+#	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
- # Create X9.42 DH parameters.
- $OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem
- # Generate X9.42 DH key.
-@@ -77,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem
- CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \
- 	-keyout smtmp.pem -out req.pem -newkey rsa:2048
- # Sign request but force public key to DH
--$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
-+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
- 	-force_pubkey dhpub.pem \
- 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem
- # Remove temp files.
diff --git a/0067-fix-ppc64-montgomery.patch b/0067-fix-ppc64-montgomery.patch
deleted file mode 100644
index a572ef8..0000000
--- a/0067-fix-ppc64-montgomery.patch
+++ /dev/null
@@ -1,662 +0,0 @@
-diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl
-index 56df89dc27da..e69de29bb2d1 100755
---- a/crypto/bn/asm/ppc64-mont-fixed.pl
-+++ b/crypto/bn/asm/ppc64-mont-fixed.pl
-@@ -1,581 +0,0 @@
--#! /usr/bin/env perl
--# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
--#
--# Licensed under the Apache License 2.0 (the "License").  You may not use
--# this file except in compliance with the License.  You can obtain a copy
--# in the file LICENSE in the source distribution or at
--# https://www.openssl.org/source/license.html
--
--# ====================================================================
--# Written by Amitay Isaacs <amitay@ozlabs.org>, Martin Schwenke
--# <martin@meltin.net> & Alastair D'Silva <alastair@d-silva.org> for
--# the OpenSSL project.
--# ====================================================================
--
--#
--# Fixed length (n=6), unrolled PPC Montgomery Multiplication
--#
--
--# 2021
--#
--# Although this is a generic implementation for unrolling Montgomery
--# Multiplication for arbitrary values of n, this is currently only
--# used for n = 6 to improve the performance of ECC p384.
--#
--# Unrolling allows intermediate results to be stored in registers,
--# rather than on the stack, improving performance by ~7% compared to
--# the existing PPC assembly code.
--#
--# The ISA 3.0 implementation uses combination multiply/add
--# instructions (maddld, maddhdu) to improve performance by an
--# additional ~10% on Power 9.
--#
--# Finally, saving non-volatile registers into volatile vector
--# registers instead of onto the stack saves a little more.
--#
--# On a Power 9 machine we see an overall improvement of ~18%.
--#
--
--use strict;
--use warnings;
--
--my ($flavour, $output, $dir, $xlate);
--
--# $output is the last argument if it looks like a file (it has an extension)
--# $flavour is the first argument if it doesn't look like a file
--$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
--$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
--
--$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
--( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
--( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
--die "can't locate ppc-xlate.pl";
--
--open STDOUT,"| $^X $xlate $flavour \"$output\""
--    or die "can't call $xlate: $!";
--
--if ($flavour !~ /64/) {
--	die "bad flavour ($flavour) - only ppc64 permitted";
--}
--
--my $SIZE_T= 8;
--
--# Registers are global so the code is remotely readable
--
--# Parameters for Montgomery multiplication
--my $sp	= "r1";
--my $toc	= "r2";
--my $rp	= "r3";
--my $ap	= "r4";
--my $bp	= "r5";
--my $np	= "r6";
--my $n0	= "r7";
--my $num	= "r8";
--
--my $i	= "r9";
--my $c0	= "r10";
--my $bp0	= "r11";
--my $bpi	= "r11";
--my $bpj	= "r11";
--my $tj	= "r12";
--my $apj	= "r12";
--my $npj	= "r12";
--my $lo	= "r14";
--my $c1	= "r14";
--
--# Non-volatile registers used for tp[i]
--#
--# 12 registers are available but the limit on unrolling is 10,
--# since registers from $tp[0] to $tp[$n+1] are used.
--my @tp = ("r20" .. "r31");
--
--# volatile VSRs for saving non-volatile GPRs - faster than stack
--my @vsrs = ("v32" .. "v46");
--
--package Mont;
--
--sub new($$)
--{
--	my ($class, $n) = @_;
--
--	if ($n > 10) {
--		die "Can't unroll for BN length ${n} (maximum 10)"
--	}
--
--	my $self = {
--		code => "",
--		n => $n,
--	};
--	bless $self, $class;
--
--	return $self;
--}
--
--sub add_code($$)
--{
--	my ($self, $c) = @_;
--
--	$self->{code} .= $c;
--}
--
--sub get_code($)
--{
--	my ($self) = @_;
--
--	return $self->{code};
--}
--
--sub get_function_name($)
--{
--	my ($self) = @_;
--
--	return "bn_mul_mont_fixed_n" . $self->{n};
--}
--
--sub get_label($$)
--{
--	my ($self, $l) = @_;
--
--	return "L" . $l . "_" . $self->{n};
--}
--
--sub get_labels($@)
--{
--	my ($self, @labels) = @_;
--
--	my %out = ();
--
--	foreach my $l (@labels) {
--		$out{"$l"} = $self->get_label("$l");
--	}
--
--	return \%out;
--}
--
--sub nl($)
--{
--	my ($self) = @_;
--
--	$self->add_code("\n");
--}
--
--sub copy_result($)
--{
--	my ($self) = @_;
--
--	my ($n) = $self->{n};
--
--	for (my $j = 0; $j < $n; $j++) {
--		$self->add_code(<<___);
--	std		$tp[$j],`$j*$SIZE_T`($rp)
--___
--	}
--
--}
--
--sub mul_mont_fixed($)
--{
--	my ($self) = @_;
--
--	my ($n) = $self->{n};
--	my $fname = $self->get_function_name();
--	my $label = $self->get_labels("outer", "enter", "sub", "copy", "end");
--
--	$self->add_code(<<___);
--
--.globl	.${fname}
--.align	5
--.${fname}:
--
--___
--
--	$self->save_registers();
--
--	$self->add_code(<<___);
--	ld		$n0,0($n0)
--
--	ld		$bp0,0($bp)
--
--	ld		$apj,0($ap)
--___
--
--	$self->mul_c_0($tp[0], $apj, $bp0, $c0);
--
--	for (my $j = 1; $j < $n - 1; $j++) {
--		$self->add_code(<<___);
--	ld		$apj,`$j*$SIZE_T`($ap)
--___
--		$self->mul($tp[$j], $apj, $bp0, $c0);
--	}
--
--	$self->add_code(<<___);
--	ld		$apj,`($n-1)*$SIZE_T`($ap)
--___
--
--	$self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0);
--
--	$self->add_code(<<___);
--	li		$tp[$n+1],0
--
--___
--
--	$self->add_code(<<___);
--	li		$i,0
--	mtctr		$num
--	b		$label->{"enter"}
--
--.align	4
--$label->{"outer"}:
--	ldx		$bpi,$bp,$i
--
--	ld		$apj,0($ap)
--___
--
--	$self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0);
--
--	for (my $j = 1; $j < $n; $j++) {
--		$self->add_code(<<___);
--	ld		$apj,`$j*$SIZE_T`($ap)
--___
--		$self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0);
--	}
--
--	$self->add_code(<<___);
--	addc		$tp[$n],$tp[$n],$c0
--	addze		$tp[$n+1],$tp[$n+1]
--___
--
--	$self->add_code(<<___);
--.align	4
--$label->{"enter"}:
--	mulld		$bpi,$tp[0],$n0
--
--	ld		$npj,0($np)
--___
--
--	$self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0);
--
--	for (my $j = 1; $j < $n; $j++) {
--		$self->add_code(<<___);
--	ld		$npj,`$j*$SIZE_T`($np)
--___
--		$self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0);
--	}
--
--	$self->add_code(<<___);
--	addc		$tp[$n-1],$tp[$n],$c0
--	addze		$tp[$n],$tp[$n+1]
--
--	addi		$i,$i,$SIZE_T
--	bdnz		$label->{"outer"}
--
--	and.		$tp[$n],$tp[$n],$tp[$n]
--	bne		$label->{"sub"}
--
--	cmpld	$tp[$n-1],$npj
--	blt		$label->{"copy"}
--
--$label->{"sub"}:
--___
--
--	#
--	# Reduction
--	#
--
--		$self->add_code(<<___);
--	ld		$bpj,`0*$SIZE_T`($np)
--	subfc		$c1,$bpj,$tp[0]
--	std		$c1,`0*$SIZE_T`($rp)
--
--___
--	for (my $j = 1; $j < $n - 1; $j++) {
--		$self->add_code(<<___);
--	ld		$bpj,`$j*$SIZE_T`($np)
--	subfe		$c1,$bpj,$tp[$j]
--	std		$c1,`$j*$SIZE_T`($rp)
--
--___
--	}
--
--		$self->add_code(<<___);
--	subfe		$c1,$npj,$tp[$n-1]
--	std		$c1,`($n-1)*$SIZE_T`($rp)
--
--___
--
--	$self->add_code(<<___);
--	addme.		$tp[$n],$tp[$n]
--	beq		$label->{"end"}
--
--$label->{"copy"}:
--___
--
--	$self->copy_result();
--
--	$self->add_code(<<___);
--
--$label->{"end"}:
--___
--
--	$self->restore_registers();
--
--	$self->add_code(<<___);
--	li		r3,1
--	blr
--.size .${fname},.-.${fname}
--___
--
--}
--
--package Mont::GPR;
--
--our @ISA = ('Mont');
--
--sub new($$)
--{
--    my ($class, $n) = @_;
--
--    return $class->SUPER::new($n);
--}
--
--sub save_registers($)
--{
--	my ($self) = @_;
--
--	my $n = $self->{n};
--
--	$self->add_code(<<___);
--	std	$lo,-8($sp)
--___
--
--	for (my $j = 0; $j <= $n+1; $j++) {
--		$self->{code}.=<<___;
--	std	$tp[$j],-`($j+2)*8`($sp)
--___
--	}
--
--	$self->add_code(<<___);
--
--___
--}
--
--sub restore_registers($)
--{
--	my ($self) = @_;
--
--	my $n = $self->{n};
--
--	$self->add_code(<<___);
--	ld	$lo,-8($sp)
--___
--
--	for (my $j = 0; $j <= $n+1; $j++) {
--		$self->{code}.=<<___;
--	ld	$tp[$j],-`($j+2)*8`($sp)
--___
--	}
--
--	$self->{code} .=<<___;
--
--___
--}
--
--# Direct translation of C mul()
--sub mul($$$$$)
--{
--	my ($self, $r, $a, $w, $c) = @_;
--
--	$self->add_code(<<___);
--	mulld		$lo,$a,$w
--	addc		$r,$lo,$c
--	mulhdu		$c,$a,$w
--	addze		$c,$c
--
--___
--}
--
--# Like mul() but $c is ignored as an input - an optimisation to save a
--# preliminary instruction that would set input $c to 0
--sub mul_c_0($$$$$)
--{
--	my ($self, $r, $a, $w, $c) = @_;
--
--	$self->add_code(<<___);
--	mulld		$r,$a,$w
--	mulhdu		$c,$a,$w
--
--___
--}
--
--# Like mul() but does not to the final addition of CA into $c - an
--# optimisation to save an instruction
--sub mul_last($$$$$$)
--{
--	my ($self, $r1, $r2, $a, $w, $c) = @_;
--
--	$self->add_code(<<___);
--	mulld		$lo,$a,$w
--	addc		$r1,$lo,$c
--	mulhdu		$c,$a,$w
--
--	addze		$r2,$c
--___
--}
--
--# Like C mul_add() but allow $r_out and $r_in to be different
--sub mul_add($$$$$$)
--{
--	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
--
--	$self->add_code(<<___);
--	mulld		$lo,$a,$w
--	addc		$lo,$lo,$c
--	mulhdu		$c,$a,$w
--	addze		$c,$c
--	addc		$r_out,$r_in,$lo
--	addze		$c,$c
--
--___
--}
--
--# Like mul_add() but $c is ignored as an input - an optimisation to save a
--# preliminary instruction that would set input $c to 0
--sub mul_add_c_0($$$$$$)
--{
--	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
--
--	$self->add_code(<<___);
--	mulld		$lo,$a,$w
--	addc		$r_out,$r_in,$lo
--	mulhdu		$c,$a,$w
--	addze		$c,$c
--
--___
--}
--
--package Mont::GPR_300;
--
--our @ISA = ('Mont::GPR');
--
--sub new($$)
--{
--	my ($class, $n) = @_;
--
--	my $mont = $class->SUPER::new($n);
--
--	return $mont;
--}
--
--sub get_function_name($)
--{
--	my ($self) = @_;
--
--	return "bn_mul_mont_300_fixed_n" . $self->{n};
--}
--
--sub get_label($$)
--{
--	my ($self, $l) = @_;
--
--	return "L" . $l . "_300_" . $self->{n};
--}
--
--# Direct translation of C mul()
--sub mul($$$$$)
--{
--	my ($self, $r, $a, $w, $c, $last) = @_;
--
--	$self->add_code(<<___);
--	maddld		$r,$a,$w,$c
--	maddhdu		$c,$a,$w,$c
--
--___
--}
--
--# Save the last carry as the final entry
--sub mul_last($$$$$)
--{
--	my ($self, $r1, $r2, $a, $w, $c) = @_;
--
--	$self->add_code(<<___);
--	maddld		$r1,$a,$w,$c
--	maddhdu		$r2,$a,$w,$c
--
--___
--}
--
--# Like mul() but $c is ignored as an input - an optimisation to save a
--# preliminary instruction that would set input $c to 0
--sub mul_c_0($$$$$)
--{
--	my ($self, $r, $a, $w, $c) = @_;
--
--	$self->add_code(<<___);
--	mulld          $r,$a,$w
--	mulhdu          $c,$a,$w
--
--___
--}
--
--# Like C mul_add() but allow $r_out and $r_in to be different
--sub mul_add($$$$$$)
--{
--	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
--
--	$self->add_code(<<___);
--	maddld		$lo,$a,$w,$c
--	maddhdu		$c,$a,$w,$c
--	addc		$r_out,$r_in,$lo
--	addze		$c,$c
--
--___
--}
--
--# Like mul_add() but $c is ignored as an input - an optimisation to save a
--# preliminary instruction that would set input $c to 0
--sub mul_add_c_0($$$$$$)
--{
--	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
--
--	$self->add_code(<<___);
--	maddld		$lo,$a,$w,$r_in
--	maddhdu		$c,$a,$w,$r_in
--___
--
--	if ($r_out ne $lo) {
--		$self->add_code(<<___);
--	mr			$r_out,$lo
--___
--	}
--
--	$self->nl();
--}
--
--
--package main;
--
--my $code;
--
--$code.=<<___;
--.machine "any"
--.text
--___
--
--my $mont;
--
--$mont = new Mont::GPR(6);
--$mont->mul_mont_fixed();
--$code .= $mont->get_code();
--
--$mont = new Mont::GPR_300(6);
--$mont->mul_mont_fixed();
--$code .= $mont->get_code();
--
--$code =~ s/\`([^\`]*)\`/eval $1/gem;
--
--$code.=<<___;
--.asciz  "Montgomery Multiplication for PPC by <amitay\@ozlabs.org>, <alastair\@d-silva.org>"
--___
--
--print $code;
--close STDOUT or die "error closing STDOUT: $!";
-diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
-index 1e9421bee213..3ee76ea96574 100644
---- a/crypto/bn/bn_ppc.c
-+++ b/crypto/bn/bn_ppc.c
-@@ -19,12 +19,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                         const BN_ULONG *np, const BN_ULONG *n0, int num);
-     int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                           const BN_ULONG *np, const BN_ULONG *n0, int num);
--    int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
--                             const BN_ULONG *bp, const BN_ULONG *np,
--                             const BN_ULONG *n0, int num);
--    int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
--                                 const BN_ULONG *bp, const BN_ULONG *np,
--                                 const BN_ULONG *n0, int num);
- 
-     if (num < 4)
-         return 0;
-@@ -40,14 +34,5 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-      * no opportunity to figure it out...
-      */
- 
--#if defined(_ARCH_PPC64)
--    if (num == 6) {
--        if (OPENSSL_ppccap_P & PPC_MADD300)
--            return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
--        else
--            return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
--    }
--#endif
--
-     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
- }
-diff --git a/crypto/bn/build.info b/crypto/bn/build.info
-index 987a70ae263b..4f8d0689b5ea 100644
---- a/crypto/bn/build.info
-+++ b/crypto/bn/build.info
-@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}]
- 
-   $BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s
-   $BNDEF_ppc32=OPENSSL_BN_ASM_MONT
--  $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
-+  $BNASM_ppc64=$BNASM_ppc32
-   $BNDEF_ppc64=$BNDEF_ppc32
- 
-   $BNASM_c64xplus=asm/bn-c64xplus.asm
-@@ -173,7 +173,6 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl
- GENERATE[bn-ppc.s]=asm/ppc.pl
- GENERATE[ppc-mont.s]=asm/ppc-mont.pl
- GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl
--GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl
- 
- GENERATE[alpha-mont.S]=asm/alpha-mont.pl
- 
-diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-index f36982845db4..1543ed9f7534 100644
---- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-@@ -97,6 +97,18 @@ Key = P-256-PUBLIC
- Input = "Hello World"
- Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
- 
-+PublicKey=P-384-PUBLIC
-+-----BEGIN PUBLIC KEY-----
-+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd
-+nWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19
-+twD8guGxyFRaoMDTtW47/nifwYqRaIfC
-+-----END PUBLIC KEY-----
-+
-+DigestVerify = SHA384
-+Key = P-384-PUBLIC
-+Input = "123400"
-+Output = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970
-+
- # Oneshot tests
- OneShotDigestVerify = SHA256
- Key = P-256-PUBLIC
diff --git a/0068-CVE-2022-2068.patch b/0068-CVE-2022-2068.patch
deleted file mode 100644
index c4dd7f2..0000000
--- a/0068-CVE-2022-2068.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-diff -up openssl-3.0.1/tools/c_rehash.in.cve20222068 openssl-3.0.1/tools/c_rehash.in
---- openssl-3.0.1/tools/c_rehash.in.cve20222068	2022-06-22 13:15:57.347421765 +0200
-+++ openssl-3.0.1/tools/c_rehash.in	2022-06-22 13:16:14.797576250 +0200
-@@ -104,18 +104,41 @@ foreach (@dirlist) {
- }
- exit($errorcount);
- 
-+sub copy_file {
-+    my ($src_fname, $dst_fname) = @_;
-+
-+    if (open(my $in, "<", $src_fname)) {
-+        if (open(my $out, ">", $dst_fname)) {
-+            print $out $_ while (<$in>);
-+            close $out;
-+        } else {
-+            warn "Cannot open $dst_fname for write, $!";
-+        }
-+        close $in;
-+    } else {
-+        warn "Cannot open $src_fname for read, $!";
-+    }
-+}
-+
- sub hash_dir {
-+    my $dir = shift;
-     my %hashlist;
--    print "Doing $_[0]\n";
--    chdir $_[0];
--    opendir(DIR, ".");
-+
-+    print "Doing $dir\n";
-+
-+    if (!chdir $dir) {
-+        print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
-+        return;
-+    }
-+
-+    opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
-     my @flist = sort readdir(DIR);
-     closedir DIR;
-     if ( $removelinks ) {
-         # Delete any existing symbolic links
-         foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
-             if (-l $_) {
--                print "unlink $_" if $verbose;
-+                print "unlink $_\n" if $verbose;
-                 unlink $_ || warn "Can't unlink $_, $!\n";
-             }
-         }
-@@ -130,13 +153,16 @@ sub hash_dir {
-         link_hash_cert($fname) if ($cert);
-         link_hash_crl($fname) if ($crl);
-     }
-+
-+    chdir $pwd;
- }
- 
- sub check_file {
-     my ($is_cert, $is_crl) = (0,0);
-     my $fname = $_[0];
--    open IN, $fname;
--    while(<IN>) {
-+
-+    open(my $in, "<", $fname);
-+    while(<$in>) {
-         if (/^-----BEGIN (.*)-----/) {
-             my $hdr = $1;
-             if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
-@@ -148,7 +174,7 @@ sub check_file {
-             }
-         }
-     }
--    close IN;
-+    close $in;
-     return ($is_cert, $is_crl);
- }
- 
-@@ -177,76 +203,49 @@ sub compute_hash {
- # certificate fingerprints
- 
- sub link_hash_cert {
--    my $fname = $_[0];
--    my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
--                                       "-fingerprint", "-noout",
--                                       "-in", $fname);
--    chomp $hash;
--    chomp $fprint;
--    return if !$hash;
--    $fprint =~ s/^.*=//;
--    $fprint =~ tr/://d;
--    my $suffix = 0;
--    # Search for an unused hash filename
--    while(exists $hashlist{"$hash.$suffix"}) {
--        # Hash matches: if fingerprint matches its a duplicate cert
--        if ($hashlist{"$hash.$suffix"} eq $fprint) {
--            print STDERR "WARNING: Skipping duplicate certificate $fname\n";
--            return;
--        }
--        $suffix++;
--    }
--    $hash .= ".$suffix";
--    if ($symlink_exists) {
--        print "link $fname -> $hash\n" if $verbose;
--        symlink $fname, $hash || warn "Can't symlink, $!";
--    } else {
--        print "copy $fname -> $hash\n" if $verbose;
--        if (open($in, "<", $fname)) {
--            if (open($out,">", $hash)) {
--                print $out $_ while (<$in>);
--                close $out;
--            } else {
--                warn "can't open $hash for write, $!";
--            }
--            close $in;
--        } else {
--            warn "can't open $fname for read, $!";
--        }
--    }
--    $hashlist{$hash} = $fprint;
-+    link_hash($_[0], 'cert');
- }
- 
- # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
- 
- sub link_hash_crl {
--    my $fname = $_[0];
--    my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
-+    link_hash($_[0], 'crl');
-+}
-+
-+sub link_hash {
-+    my ($fname, $type) = @_;
-+    my $is_cert = $type eq 'cert';
-+
-+    my ($hash, $fprint) = compute_hash($openssl,
-+                                       $is_cert ? "x509" : "crl",
-+                                       $is_cert ? $x509hash : $crlhash,
-                                        "-fingerprint", "-noout",
-                                        "-in", $fname);
-     chomp $hash;
-+    $hash =~ s/^.*=// if !$is_cert;
-     chomp $fprint;
-     return if !$hash;
-     $fprint =~ s/^.*=//;
-     $fprint =~ tr/://d;
-     my $suffix = 0;
-     # Search for an unused hash filename
--    while(exists $hashlist{"$hash.r$suffix"}) {
-+    my $crlmark = $is_cert ? "" : "r";
-+    while(exists $hashlist{"$hash.$crlmark$suffix"}) {
-         # Hash matches: if fingerprint matches its a duplicate cert
--        if ($hashlist{"$hash.r$suffix"} eq $fprint) {
--            print STDERR "WARNING: Skipping duplicate CRL $fname\n";
-+        if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
-+            my $what = $is_cert ? 'certificate' : 'CRL';
-+            print STDERR "WARNING: Skipping duplicate $what $fname\n";
-             return;
-         }
-         $suffix++;
-     }
--    $hash .= ".r$suffix";
-+    $hash .= ".$crlmark$suffix";
-     if ($symlink_exists) {
-         print "link $fname -> $hash\n" if $verbose;
-         symlink $fname, $hash || warn "Can't symlink, $!";
-     } else {
--        print "cp $fname -> $hash\n" if $verbose;
--        system ("cp", $fname, $hash);
--        warn "Can't copy, $!" if ($? >> 8) != 0;
-+        print "copy $fname -> $hash\n" if $verbose;
-+        copy_file($fname, $hash);
-     }
-     $hashlist{$hash} = $fprint;
- }
diff --git a/0069-CVE-2022-2097.patch b/0069-CVE-2022-2097.patch
deleted file mode 100644
index 47fcaa5..0000000
--- a/0069-CVE-2022-2097.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From a98f339ddd7e8f487d6e0088d4a9a42324885a93 Mon Sep 17 00:00:00 2001
-From: Alex Chernyakhovsky <achernya@google.com>
-Date: Thu, 16 Jun 2022 12:00:22 +1000
-Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
-that performs operations on 6 16-byte blocks concurrently (the
-"grandloop") and then proceeds to handle the "short" tail (which can
-be anywhere from 0 to 5 blocks) that remain.
-
-As part of initialization, the assembly initializes $len to the true
-length, less 96 bytes and converts it to a pointer so that the $inp
-can be compared to it. Each iteration of "grandloop" checks to see if
-there's a full 96-byte chunk to process, and if so, continues. Once
-this has been exhausted, it falls through to "short", which handles
-the remaining zero to five blocks.
-
-Unfortunately, the jump at the end of "grandloop" had a fencepost
-error, doing a `jb` ("jump below") rather than `jbe` (jump below or
-equal). This should be `jbe`, as $inp is pointing to the *end* of the
-chunk currently being handled. If $inp == $len, that means that
-there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
-then there's 5 or fewer 16-byte blocks left to be handled, and the
-fall-through is intended.
-
-The net effect of `jb` instead of `jbe` is that the last 16-byte block
-of the last 96-byte chunk was completely omitted. The contents of
-`out` in this position were never written to. Additionally, since
-those bytes were never processed, the authentication tag generated is
-also incorrect.
-
-The same fencepost error, and identical logic, exists in both
-aesni_ocb_encrypt and aesni_ocb_decrypt.
-
-This addresses CVE-2022-2097.
-
-Co-authored-by: Alejandro Sedeño <asedeno@google.com>
-Co-authored-by: David Benjamin <davidben@google.com>
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(cherry picked from commit 6ebf6d51596f51d23ccbc17930778d104a57d99c)
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93]
----
- crypto/aes/asm/aesni-x86.pl | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
-index 4245fe34e17e..7cf838db170b 100644
---- a/crypto/aes/asm/aesni-x86.pl
-+++ b/crypto/aes/asm/aesni-x86.pl
-@@ -2025,7 +2025,7 @@ sub aesni_generate6
- 	&movdqu		(&QWP(-16*2,$out,$inp),$inout4);
- 	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
- 	&cmp		($inp,$len);			# done yet?
--	&jb		(&label("grandloop"));
-+	&jbe		(&label("grandloop"));
- 
- &set_label("short");
- 	&add		($len,16*6);
-@@ -2451,7 +2451,7 @@ sub aesni_generate6
- 	&pxor		($rndkey1,$inout5);
- 	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
- 	&cmp		($inp,$len);			# done yet?
--	&jb		(&label("grandloop"));
-+	&jbe		(&label("grandloop"));
- 
- &set_label("short");
- 	&add		($len,16*6);
-From 52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 Mon Sep 17 00:00:00 2001
-From: Alex Chernyakhovsky <achernya@google.com>
-Date: Thu, 16 Jun 2022 12:02:37 +1000
-Subject: [PATCH] AES OCB test vectors
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
-
-Co-authored-by: Alejandro Sedeño <asedeno@google.com>
-Co-authored-by: David Benjamin <davidben@google.com>
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(cherry picked from commit 2f19ab18a29cf9c82cdd68bc8c7e5be5061b19be)
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8]
----
- .../30-test_evp_data/evpciph_aes_ocb.txt      | 50 +++++++++++++++++++
- 1 file changed, 50 insertions(+)
-
-diff --git a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
-index e58ee34b6b3f..de098905230b 100644
---- a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
-+++ b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
-@@ -207,3 +207,53 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021
- Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
- Operation = DECRYPT
- Result = CIPHERFINAL_ERROR
-+
-+#Test vectors generated to validate aesni_ocb_encrypt on x86
-+Cipher = aes-128-ocb
-+Key = 000102030405060708090A0B0C0D0E0F
-+IV = 000000000001020304050607
-+Tag = C14DFF7D62A13C4A3422456207453190
-+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
-+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333
-+
-+Cipher = aes-128-ocb
-+Key = 000102030405060708090A0B0C0D0E0F
-+IV = 000000000001020304050607
-+Tag = D47D84F6FF912C79B6A4223AB9BE2DB8
-+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F
-+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204
-+
-+Cipher = aes-128-ocb
-+Key = 000102030405060708090A0B0C0D0E0F
-+IV = 000000000001020304050607
-+Tag = 41970D13737B7BD1B5FBF49ED4412CA5
-+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D
-+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91
-+
-+Cipher = aes-128-ocb
-+Key = 000102030405060708090A0B0C0D0E0F
-+IV = 000000000001020304050607
-+Tag = BE0228651ED4E48A11BDED68D953F3A0
-+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D
-+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F
-+
-+Cipher = aes-128-ocb
-+Key = 000102030405060708090A0B0C0D0E0F
-+IV = 000000000001020304050607
-+Tag = 17BC6E10B16E5FDC52836E7D589518C7
-+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D
-+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B
-+
-+Cipher = aes-128-ocb
-+Key = 000102030405060708090A0B0C0D0E0F
-+IV = 000000000001020304050607
-+Tag = E84AAC18666116990A3A37B3A5FC55BD
-+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D
-+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED
-+
-+Cipher = aes-128-ocb
-+Key = 000102030405060708090A0B0C0D0E0F
-+IV = 000000000001020304050607
-+Tag = 3E5EA7EE064FE83B313E28D411E91EAD
-+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D
-+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C
diff --git a/0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch b/0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
deleted file mode 100644
index 5a16ae7..0000000
--- a/0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From edceec7fe0c9a5534ae155c8398c63dd7dd95483 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Thu, 5 May 2022 08:11:24 +0200
-Subject: [PATCH] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init
- strcasecmp
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/18247)
-
-(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9)
-
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483]
----
- crypto/evp/evp_lib.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
-index 3fe4743761..d9b8c0af41 100644
---- a/crypto/evp/evp_lib.c
-+++ b/crypto/evp/evp_lib.c
-@@ -24,6 +24,7 @@
- #include <openssl/dh.h>
- #include <openssl/ec.h>
- #include "crypto/evp.h"
-+#include "crypto/cryptlib.h"
- #include "internal/provider.h"
- #include "evp_local.h"
- 
-@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
-     return (ctx->flags & flags);
- }
- 
-+#if !defined(FIPS_MODULE)
-+
- int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
- {
-     OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
-@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
- 
-     va_start(args, type);
- 
-+    OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL);
-+
-     if (OPENSSL_strcasecmp(type, "RSA") == 0) {
-         bits = va_arg(args, size_t);
-         params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
-@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
-     va_end(args);
-     return ret;
- }
-+
-+#endif /* !defined(FIPS_MODULE) */
--- 
-2.35.3
-
diff --git a/0079-CVE-2022-3602.patch b/0079-CVE-2022-3602.patch
deleted file mode 100644
index 4f935e4..0000000
--- a/0079-CVE-2022-3602.patch
+++ /dev/null
@@ -1,399 +0,0 @@
-diff --git a/crypto/punycode.c b/crypto/punycode.c
-index 385b4b1df4..b9b4e3d785 100644
---- a/crypto/punycode.c
-+++ b/crypto/punycode.c
-@@ -123,7 +123,6 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
-     unsigned int bias = initial_bias;
-     size_t processed_in = 0, written_out = 0;
-     unsigned int max_out = *pout_length;
--
-     unsigned int basic_count = 0;
-     unsigned int loop;
- 
-@@ -181,11 +180,11 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
-         n = n + i / (written_out + 1);
-         i %= (written_out + 1);
- 
--        if (written_out > max_out)
-+        if (written_out >= max_out)
-             return 0;
- 
-         memmove(pDecoded + i + 1, pDecoded + i,
--                (written_out - i) * sizeof *pDecoded);
-+                (written_out - i) * sizeof(*pDecoded));
-         pDecoded[i] = n;
-         i++;
-         written_out++;
-@@ -255,30 +254,35 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
-      */
-     char *outptr = out;
-     const char *inptr = in;
--    size_t size = 0;
-+    size_t size = 0, maxsize;
-     int result = 1;
--
-+    unsigned int i, j;
-     unsigned int buf[LABEL_BUF_SIZE];      /* It's a hostname */
--    if (out == NULL)
-+
-+    if (out == NULL) {
-         result = 0;
-+        maxsize = 0;
-+    } else {
-+        maxsize = *outlen;
-+    }
-+
-+#define PUSHC(c)                    \
-+    do                              \
-+        if (size++ < maxsize)       \
-+            *outptr++ = c;          \
-+        else                        \
-+            result = 0;             \
-+    while (0)
- 
-     while (1) {
-         char *tmpptr = strchr(inptr, '.');
--        size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr);
-+        size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
- 
-         if (strncmp(inptr, "xn--", 4) != 0) {
--            size += delta + 1;
--
--            if (size >= *outlen - 1)
--                result = 0;
--
--            if (result > 0) {
--                memcpy(outptr, inptr, delta + 1);
--                outptr += delta + 1;
--            }
-+            for (i = 0; i < delta + 1; i++)
-+                PUSHC(inptr[i]);
-         } else {
-             unsigned int bufsize = LABEL_BUF_SIZE;
--            unsigned int i;
- 
-             if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0)
-                 return -1;
-@@ -286,26 +290,15 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
-             for (i = 0; i < bufsize; i++) {
-                 unsigned char seed[6];
-                 size_t utfsize = codepoint2utf8(seed, buf[i]);
-+
-                 if (utfsize == 0)
-                     return -1;
- 
--                size += utfsize;
--                if (size >= *outlen - 1)
--                    result = 0;
--
--                if (result > 0) {
--                    memcpy(outptr, seed, utfsize);
--                    outptr += utfsize;
--                }
-+                for (j = 0; j < utfsize; j++)
-+                    PUSHC(seed[j]);
-             }
- 
--            if (tmpptr != NULL) {
--                *outptr = '.';
--                outptr++;
--                size++;
--                if (size >= *outlen - 1)
--                    result = 0;
--            }
-+            PUSHC(tmpptr != NULL ? '.' : '\0');
-         }
- 
-         if (tmpptr == NULL)
-@@ -313,7 +306,9 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
- 
-         inptr = tmpptr + 1;
-     }
-+#undef PUSHC
- 
-+    *outlen = size;
-     return result;
- }
- 
-@@ -327,12 +322,11 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
- 
- int ossl_a2ucompare(const char *a, const char *u)
- {
--    char a_ulabel[LABEL_BUF_SIZE];
-+    char a_ulabel[LABEL_BUF_SIZE + 1];
-     size_t a_size = sizeof(a_ulabel);
- 
--    if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) {
-+    if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0)
-         return -1;
--    }
- 
--    return (strcmp(a_ulabel, u) == 0) ? 0 : 1;
-+    return strcmp(a_ulabel, u) != 0;
- }
-diff --git a/test/build.info b/test/build.info
-index 9d2d41e417..638f215da6 100644
---- a/test/build.info
-+++ b/test/build.info
-@@ -40,7 +40,7 @@ IF[{- !$disabled{tests} -}]
-           exptest pbetest localetest evp_pkey_ctx_new_from_name\
-           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
-           evp_fetch_prov_test evp_libctx_test ossl_store_test \
--          v3nametest v3ext \
-+          v3nametest v3ext punycode_test \
-           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
-           evp_fetch_prov_test v3nametest v3ext \
-           crltest danetest bad_dtls_test lhash_test sparse_array_test \
-@@ -290,6 +290,10 @@ IF[{- !$disabled{tests} -}]
-   INCLUDE[pkcs7_test]=../include ../apps/include
-   DEPEND[pkcs7_test]=../libcrypto libtestutil.a
- 
-+  SOURCE[punycode_test]=punycode_test.c
-+  INCLUDE[punycode_test]=../include ../apps/include
-+  DEPEND[punycode_test]=../libcrypto.a libtestutil.a
-+
-   SOURCE[stack_test]=stack_test.c
-   INCLUDE[stack_test]=../include ../apps/include
-   DEPEND[stack_test]=../libcrypto libtestutil.a
-diff --git a/test/punycode_test.c b/test/punycode_test.c
-new file mode 100644
-index 0000000000..285ead6966
---- /dev/null
-+++ b/test/punycode_test.c
-@@ -0,0 +1,219 @@
-+/*
-+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <openssl/crypto.h>
-+
-+#include "crypto/punycode.h"
-+#include "internal/nelem.h"
-+#include "testutil.h"
-+
-+
-+static const struct puny_test {
-+    unsigned int raw[50];
-+    const char *encoded;
-+} puny_cases[] = {
-+    /* Test cases from RFC 3492 */
-+    {   /* Arabic (Egyptian) */
-+        { 0x0644, 0x064A, 0x0647, 0x0645, 0x0627, 0x0628, 0x062A, 0x0643, 0x0644,
-+          0x0645, 0x0648, 0x0634, 0x0639, 0x0631, 0x0628, 0x064A, 0x061F
-+        },
-+        "egbpdaj6bu4bxfgehfvwxn"
-+    },
-+    {   /* Chinese (simplified) */
-+        { 0x4ED6, 0x4EEC, 0x4E3A, 0x4EC0, 0x4E48, 0x4E0D, 0x8BF4, 0x4E2D, 0x6587
-+        },
-+        "ihqwcrb4cv8a8dqg056pqjye"
-+    },
-+    {   /* Chinese (traditional) */
-+        { 0x4ED6, 0x5011, 0x7232, 0x4EC0, 0x9EBD, 0x4E0D, 0x8AAA, 0x4E2D, 0x6587
-+        },
-+        "ihqwctvzc91f659drss3x8bo0yb"
-+    },
-+    {    /* Czech: Pro<ccaron>prost<ecaron>nemluv<iacute><ccaron>esky */
-+        { 0x0050, 0x0072, 0x006F, 0x010D, 0x0070, 0x0072, 0x006F, 0x0073, 0x0074,
-+          0x011B, 0x006E, 0x0065, 0x006D, 0x006C, 0x0075, 0x0076, 0x00ED, 0x010D,
-+          0x0065, 0x0073, 0x006B, 0x0079
-+       },
-+        "Proprostnemluvesky-uyb24dma41a"
-+    },
-+    {   /* Hebrew */
-+        { 0x05DC, 0x05DE, 0x05D4, 0x05D4, 0x05DD, 0x05E4, 0x05E9, 0x05D5, 0x05D8,
-+          0x05DC, 0x05D0, 0x05DE, 0x05D3, 0x05D1, 0x05E8, 0x05D9, 0x05DD, 0x05E2,
-+          0x05D1, 0x05E8, 0x05D9, 0x05EA
-+        },
-+        "4dbcagdahymbxekheh6e0a7fei0b"
-+    },
-+    {   /* Hindi (Devanagari) */
-+        { 0x092F, 0x0939, 0x0932, 0x094B, 0x0917, 0x0939, 0x093F, 0x0928, 0x094D,
-+          0x0926, 0x0940, 0x0915, 0x094D, 0x092F, 0x094B, 0x0902, 0x0928, 0x0939,
-+          0x0940, 0x0902, 0x092C, 0x094B, 0x0932, 0x0938, 0x0915, 0x0924, 0x0947,
-+          0x0939, 0x0948, 0x0902
-+        },
-+        "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd"
-+    },
-+    {   /* Japanese (kanji and hiragana) */
-+        { 0x306A, 0x305C, 0x307F, 0x3093, 0x306A, 0x65E5, 0x672C, 0x8A9E, 0x3092,
-+          0x8A71, 0x3057, 0x3066, 0x304F, 0x308C, 0x306A, 0x3044, 0x306E, 0x304B
-+        },
-+        "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa"
-+    },
-+    {   /* Korean (Hangul syllables) */
-+        { 0xC138, 0xACC4, 0xC758, 0xBAA8, 0xB4E0, 0xC0AC, 0xB78C, 0xB4E4, 0xC774,
-+          0xD55C, 0xAD6D, 0xC5B4, 0xB97C, 0xC774, 0xD574, 0xD55C, 0xB2E4, 0xBA74,
-+          0xC5BC, 0xB9C8, 0xB098, 0xC88B, 0xC744, 0xAE4C
-+        },
-+        "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c"
-+    },
-+    {   /* Russian (Cyrillic) */
-+        { 0x043F, 0x043E, 0x0447, 0x0435, 0x043C, 0x0443, 0x0436, 0x0435, 0x043E,
-+          0x043D, 0x0438, 0x043D, 0x0435, 0x0433, 0x043E, 0x0432, 0x043E, 0x0440,
-+          0x044F, 0x0442, 0x043F, 0x043E, 0x0440, 0x0443, 0x0441, 0x0441, 0x043A,
-+          0x0438
-+        },
-+        "b1abfaaepdrnnbgefbaDotcwatmq2g4l"
-+    },
-+    {   /* Spanish */
-+        { 0x0050, 0x006F, 0x0072, 0x0071, 0x0075, 0x00E9, 0x006E, 0x006F, 0x0070,
-+          0x0075, 0x0065, 0x0064, 0x0065, 0x006E, 0x0073, 0x0069, 0x006D, 0x0070,
-+          0x006C, 0x0065, 0x006D, 0x0065, 0x006E, 0x0074, 0x0065, 0x0068, 0x0061,
-+          0x0062, 0x006C, 0x0061, 0x0072, 0x0065, 0x006E, 0x0045, 0x0073, 0x0070,
-+          0x0061, 0x00F1, 0x006F, 0x006C
-+        },
-+        "PorqunopuedensimplementehablarenEspaol-fmd56a"
-+    },
-+    {   /* Vietnamese */
-+        { 0x0054, 0x1EA1, 0x0069, 0x0073, 0x0061, 0x006F, 0x0068, 0x1ECD, 0x006B,
-+          0x0068, 0x00F4, 0x006E, 0x0067, 0x0074, 0x0068, 0x1EC3, 0x0063, 0x0068,
-+          0x1EC9, 0x006E, 0x00F3, 0x0069, 0x0074, 0x0069, 0x1EBF, 0x006E, 0x0067,
-+          0x0056, 0x0069, 0x1EC7, 0x0074
-+        },
-+        "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g"
-+    },
-+    {   /* Japanese: 3<nen>B<gumi><kinpachi><sensei> */
-+        { 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F
-+        },
-+        "3B-ww4c5e180e575a65lsy2b"
-+    },
-+    {   /* Japanese: <amuro><namie>-with-SUPER-MONKEYS */
-+        { 0x5B89, 0x5BA4, 0x5948, 0x7F8E, 0x6075, 0x002D, 0x0077, 0x0069, 0x0074,
-+          0x0068, 0x002D, 0x0053, 0x0055, 0x0050, 0x0045, 0x0052, 0x002D, 0x004D,
-+          0x004F, 0x004E, 0x004B, 0x0045, 0x0059, 0x0053
-+        },
-+        "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n"
-+    },
-+    {   /* Japanese: Hello-Another-Way-<sorezore><no><basho> */
-+        { 0x0048, 0x0065, 0x006C, 0x006C, 0x006F, 0x002D, 0x0041, 0x006E, 0x006F,
-+          0x0074, 0x0068, 0x0065, 0x0072, 0x002D, 0x0057, 0x0061, 0x0079, 0x002D,
-+          0x305D, 0x308C, 0x305E, 0x308C, 0x306E, 0x5834, 0x6240
-+        },
-+        "Hello-Another-Way--fc4qua05auwb3674vfr0b"
-+    },
-+    {   /* Japanese: <hitotsu><yane><no><shita>2 */
-+        { 0x3072, 0x3068, 0x3064, 0x5C4B, 0x6839, 0x306E, 0x4E0B, 0x0032
-+        },
-+        "2-u9tlzr9756bt3uc0v"
-+    },
-+    {   /* Japanese: Maji<de>Koi<suru>5<byou><mae> */
-+        { 0x004D, 0x0061, 0x006A, 0x0069, 0x3067, 0x004B, 0x006F, 0x0069, 0x3059,
-+          0x308B, 0x0035, 0x79D2, 0x524D
-+        },
-+        "MajiKoi5-783gue6qz075azm5e"
-+    },
-+    {   /* Japanese: <pafii>de<runba> */
-+        { 0x30D1, 0x30D5, 0x30A3, 0x30FC, 0x0064, 0x0065, 0x30EB, 0x30F3, 0x30D0
-+        },
-+        "de-jg4avhby1noc0d"
-+    },
-+    {   /* Japanese: <sono><supiido><de> */
-+        { 0x305D, 0x306E, 0x30B9, 0x30D4, 0x30FC, 0x30C9, 0x3067
-+        },
-+        "d9juau41awczczp"
-+    },
-+    {   /* -> $1.00 <- */
-+        { 0x002D, 0x003E, 0x0020, 0x0024, 0x0031, 0x002E, 0x0030, 0x0030, 0x0020,
-+          0x003C, 0x002D
-+        },
-+        "-> $1.00 <--"
-+    }
-+};
-+
-+static int test_punycode(int n)
-+{
-+    const struct puny_test *tc = puny_cases + n;
-+    unsigned int buffer[50];
-+    unsigned int bsize = OSSL_NELEM(buffer);
-+    size_t i;
-+
-+    if (!TEST_true(ossl_punycode_decode(tc->encoded, strlen(tc->encoded),
-+                                        buffer, &bsize)))
-+        return 0;
-+    for (i = 0; i < sizeof(tc->raw); i++)
-+        if (tc->raw[i] == 0)
-+            break;
-+    if (!TEST_mem_eq(buffer, bsize * sizeof(*buffer),
-+                     tc->raw, i * sizeof(*tc->raw)))
-+        return 0;
-+    return 1;
-+}
-+
-+static int test_a2ulabel(void)
-+{
-+    char out[50];
-+    size_t outlen;
-+
-+    /*
-+     * Test that no buffer correctly returns the true length.
-+     * The punycode being passed in and parsed is malformed but we're not
-+     * verifying that behaviour here.
-+     */
-+    if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", NULL, &outlen), 0)
-+            || !TEST_size_t_eq(outlen, 7)
-+            || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1))
-+        return 0;
-+    /* Test that a short input length returns the true length */
-+    outlen = 1;
-+    if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0)
-+            || !TEST_size_t_eq(outlen, 7)
-+            || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)
-+            || !TEST_str_eq(out,"\xc2\x80.b.c"))
-+        return 0;
-+    /* Test for an off by one on the buffer size works */
-+    outlen = 6;
-+    if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0)
-+            || !TEST_size_t_eq(outlen, 7)
-+            || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)
-+            || !TEST_str_eq(out,"\xc2\x80.b.c"))
-+        return 0;
-+    return 1;
-+}
-+
-+static int test_puny_overrun(void)
-+{
-+    static const unsigned int out[] = {
-+        0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F
-+    };
-+    static const char *in = "3B-ww4c5e180e575a65lsy2b";
-+    unsigned int buf[OSSL_NELEM(out)];
-+    unsigned int bsize = OSSL_NELEM(buf) - 1;
-+
-+    if (!TEST_false(ossl_punycode_decode(in, strlen(in), buf, &bsize))) {
-+        if (TEST_mem_eq(buf, bsize * sizeof(*buf), out, sizeof(out)))
-+            TEST_error("CRITICAL: buffer overrun detected!");
-+        return 0;
-+    }
-+    return 1;
-+}
-+
-+int setup_tests(void)
-+{
-+    ADD_ALL_TESTS(test_punycode, OSSL_NELEM(puny_cases));
-+    ADD_TEST(test_a2ulabel);
-+    ADD_TEST(test_puny_overrun);
-+    return 1;
-+}
-diff --git a/test/recipes/04-test_punycode.t b/test/recipes/04-test_punycode.t
-new file mode 100644
-index 0000000000..de213c7e15
---- /dev/null
-+++ b/test/recipes/04-test_punycode.t
-@@ -0,0 +1,11 @@
-+#! /usr/bin/env perl
-+# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the Apache License 2.0 (the "License").  You may not use
-+# this file except in compliance with the License.  You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+use OpenSSL::Test::Simple;
-+
-+simple_test("test_punycode", "punycode_test");
diff --git a/0086-avoid-bio-memleak.patch b/0086-avoid-bio-memleak.patch
deleted file mode 100644
index 865cd98..0000000
--- a/0086-avoid-bio-memleak.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 3d046c4d047a55123beeceffe9f8bae09159445e Mon Sep 17 00:00:00 2001
-From: yangyangtiantianlonglong <yangtianlong1224@163.com>
-Date: Wed, 19 Jan 2022 11:19:52 +0800
-Subject: [PATCH] Fix the same BIO_FLAGS macro definition
-
-Also add comment to the public header to avoid
-making another conflict in future.
-
-Fixes #17545
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/17546)
-
-(cherry picked from commit e278f18563dd3dd67c00200ee30402f48023c6ef)
----
- include/internal/bio.h   | 2 +-
- include/openssl/bio.h.in | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/include/internal/bio.h b/include/internal/bio.h
-index 2d36a7b980f2..02f7222ab4f1 100644
---- a/include/internal/bio.h
-+++ b/include/internal/bio.h
-@@ -48,9 +48,9 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
-  * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next.
-  * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving.
-  */
--# define BIO_FLAGS_KTLS_TX          0x800
- # define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000
- # define BIO_FLAGS_KTLS_RX          0x2000
-+# define BIO_FLAGS_KTLS_TX          0x4000
- 
- /* KTLS related controls and flags */
- # define BIO_set_ktls_flag(b, is_tx) \
-diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in
-index 2c65b7e1a79b..686dad3099b7 100644
---- a/include/openssl/bio.h.in
-+++ b/include/openssl/bio.h.in
-@@ -209,6 +209,8 @@ extern "C" {
- # define BIO_FLAGS_NONCLEAR_RST  0x400
- # define BIO_FLAGS_IN_EOF        0x800
- 
-+/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
-+
- typedef union bio_addr_st BIO_ADDR;
- typedef struct bio_addrinfo_st BIO_ADDRINFO;
- 
diff --git a/0087-FIPS-RSA-selftest-params.patch b/0087-FIPS-RSA-selftest-params.patch
deleted file mode 100644
index 6d47742..0000000
--- a/0087-FIPS-RSA-selftest-params.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 34e3cbf99f2113ca01b460cf37b56460262979af Mon Sep 17 00:00:00 2001
-From: slontis <shane.lontis@oracle.com>
-Date: Wed, 26 Oct 2022 11:10:50 +1000
-Subject: [PATCH] Use RSA CRT parameters in FIPS self tests.
-
-Fixes #19488
-
-Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
-The invalid names cause CRT parameters to be silently ignored.
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/19501)
-
-(cherry picked from commit c7424fe68c65aa2187a8e4028d7dea742b95d81a)
-(cherry picked from commit 4215d649e92bc4c42997ec4a1e65beba1055bbe1)
----
- providers/fips/self_test_data.inc | 10 +++++-----
-
-diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
-index 5f057d5679f1..8ae8cd6f4a5a 100644
---- a/providers/fips/self_test_data.inc
-+++ b/providers/fips/self_test_data.inc
-@@ -1270,11 +1270,11 @@ static const ST_KAT_PARAM rsa_crt_key[] = {
-     ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
-     ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
-     ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
--    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
--    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
--    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
--    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
--    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
-+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p),
-+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q),
-+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp),
-+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq),
-+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv),
-     ST_KAT_PARAM_END()
- };
- 
diff --git a/openssl.spec b/openssl.spec
index cc3f992..d83f5ff 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -70,12 +70,6 @@ Patch11: 0011-Remove-EC-curves.patch
 # Disable explicit EC curves
 # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
 Patch12: 0012-Disable-explicit-ec.patch
-# https://github.com/openssl/openssl/pull/17981
-# Patch13: 0013-FIPS-provider-explicit-ec.patch
-# https://github.com/openssl/openssl/pull/17998
-# Patch14: 0014-FIPS-disable-explicit-ec.patch
-# https://github.com/openssl/openssl/pull/18609
-# Patch15: 0015-FIPS-decoded-from-explicit.patch
 # Instructions to load legacy provider in openssl.cnf
 Patch24: 0024-load-legacy-prov.patch
 # Tmp: test name change
@@ -92,12 +86,8 @@ Patch35: 0035-speed-skip-unavailable-dgst.patch
 Patch44: 0044-FIPS-140-3-keychecks.patch
 # Minimize fips services
 Patch45: 0045-FIPS-services-minimize.patch
-# Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486
-# Patch46: 0046-FIPS-s390x-hardening.patch
 # Execute KATS before HMAC verification
 Patch47: 0047-FIPS-early-KATS.patch
-# Backport of correctly handle 2^14 byte long records #17538
-# Patch48: 0048-correctly-handle-records.patch
 # Selectively disallow SHA1 signatures
 Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2049265
@@ -106,16 +96,8 @@ Patch50: 0050-FIPS-enable-pkcs12-mac.patch
 Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
 # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
 Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
-# CVE 2022-0778
-# Patch53: 0053-CVE-2022-0778.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62
-# Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
-# https://github.com/openssl/openssl/pull/17324
-# Patch55: 0055-nonlegacy-fetch-null-deref.patch
 # https://github.com/openssl/openssl/pull/18103
 Patch56: 0056-strcasecmp.patch
-# https://github.com/openssl/openssl/pull/18175
-# Patch57: 0057-strcasecmp-fix.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
 Patch58: 0058-FIPS-limit-rsa-encrypt.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2069235
@@ -123,25 +105,6 @@ Patch60: 0060-FIPS-KAT-signature-tests.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2087147
 Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
 Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
-# https://github.com/openssl/openssl/pull/18141
-# Patch63: 0063-CVE-2022-1473.patch
-# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
-# Patch64: 0064-CVE-2022-1343.diff
-# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
-# Patch65: 0065-CVE-2022-1292.patch
-# https://github.com/openssl/openssl/pull/18444
-# https://github.com/openssl/openssl/pull/18467
-# Patch66: 0066-replace-expired-certs.patch
-# https://github.com/openssl/openssl/pull/18512
-# Patch67: 0067-fix-ppc64-montgomery.patch
-#https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa
-#https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739
-# Patch68: 0068-CVE-2022-2068.patch
-# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93
-# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8
-# Patch69: 0069-CVE-2022-2097.patch
-# https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483
-# Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
 # https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c
 # https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd
 Patch71: 0071-AES-GCM-performance-optimization.patch
@@ -162,8 +125,6 @@ Patch76: 0076-FIPS-140-3-DRBG.patch
 Patch77: 0077-FIPS-140-3-zeroization.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
-#https://bugzilla.redhat.com/show_bug.cgi?id=2137723
-# Patch79: 0079-CVE-2022-3602.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2141748
 Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142131
@@ -176,10 +137,6 @@ Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
 Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
-#https://github.com/openssl/openssl/pull/17546
-# Patch86: 0086-avoid-bio-memleak.patch
-#https://github.com/openssl/openssl/pull/19501
-# Patch87: 0087-FIPS-RSA-selftest-params.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142087
 Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142087

From 0f139ead1a0644830363d4074f3a58aa0e78d522 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Fri, 25 Nov 2022 11:42:25 +0100
Subject: [PATCH 13/28] Various provider-related imrovements necessary for
 PKCS#11 provider correct operations

Resolves: rhbz#2142517
---
 0091-provider-improvements.patch | 705 +++++++++++++++++++++++++++++++
 openssl.spec                     |   8 +-
 2 files changed, 712 insertions(+), 1 deletion(-)
 create mode 100644 0091-provider-improvements.patch

diff --git a/0091-provider-improvements.patch b/0091-provider-improvements.patch
new file mode 100644
index 0000000..b850fc3
--- /dev/null
+++ b/0091-provider-improvements.patch
@@ -0,0 +1,705 @@
+From 98642df4ba886818900ab7e6b23703544e6addd4 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 10 Nov 2022 10:46:32 -0500
+Subject: [PATCH 1/3] Propagate selection all the way on key export
+
+EVP_PKEY_eq() is used to check, among other things, if a certificate
+public key corresponds to a private key. When the private key belongs to
+a provider that does not allow to export private keys this currently
+fails as the internal functions used to import/export keys ignored the
+selection given (which specifies that only the public key needs to be
+considered) and instead tries to export everything.
+
+This patch allows to propagate the selection all the way down including
+adding it in the cache so that a following operation actually looking
+for other selection parameters does not mistakenly pick up an export
+containing only partial information.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19648)
+
+diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
+index b06730dc7a..2d0238ee27 100644
+--- a/crypto/evp/keymgmt_lib.c
++++ b/crypto/evp/keymgmt_lib.c
+@@ -93,7 +93,8 @@ int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
+                               export_cb, export_cbarg);
+ }
+ 
+-void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
++void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
++                                          int selection)
+ {
+     struct evp_keymgmt_util_try_import_data_st import_data;
+     OP_CACHE_ELEM *op;
+@@ -127,7 +128,7 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
+      */
+     if (pk->dirty_cnt == pk->dirty_cnt_copy) {
+         /* If this key is already exported to |keymgmt|, no more to do */
+-        op = evp_keymgmt_util_find_operation_cache(pk, keymgmt);
++        op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection);
+         if (op != NULL && op->keymgmt != NULL) {
+             void *ret = op->keydata;
+ 
+@@ -157,13 +158,13 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
+     /* Setup for the export callback */
+     import_data.keydata = NULL;  /* evp_keymgmt_util_try_import will create it */
+     import_data.keymgmt = keymgmt;
+-    import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
++    import_data.selection = selection;
+ 
+     /*
+      * The export function calls the callback (evp_keymgmt_util_try_import),
+      * which does the import for us.  If successful, we're done.
+      */
+-    if (!evp_keymgmt_util_export(pk, OSSL_KEYMGMT_SELECT_ALL,
++    if (!evp_keymgmt_util_export(pk, selection,
+                                  &evp_keymgmt_util_try_import, &import_data))
+         /* If there was an error, bail out */
+         return NULL;
+@@ -173,7 +174,7 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
+         return NULL;
+     }
+     /* Check to make sure some other thread didn't get there first */
+-    op = evp_keymgmt_util_find_operation_cache(pk, keymgmt);
++    op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection);
+     if (op != NULL && op->keydata != NULL) {
+         void *ret = op->keydata;
+ 
+@@ -196,7 +197,8 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
+         evp_keymgmt_util_clear_operation_cache(pk, 0);
+ 
+     /* Add the new export to the operation cache */
+-    if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata)) {
++    if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata,
++                                        selection)) {
+         CRYPTO_THREAD_unlock(pk->lock);
+         evp_keymgmt_freedata(keymgmt, import_data.keydata);
+         return NULL;
+@@ -232,7 +234,8 @@ int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking)
+ }
+ 
+ OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
+-                                                     EVP_KEYMGMT *keymgmt)
++                                                     EVP_KEYMGMT *keymgmt,
++                                                     int selection)
+ {
+     int i, end = sk_OP_CACHE_ELEM_num(pk->operation_cache);
+     OP_CACHE_ELEM *p;
+@@ -243,14 +246,14 @@ OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
+      */
+     for (i = 0; i < end; i++) {
+         p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i);
+-        if (keymgmt == p->keymgmt)
++        if (keymgmt == p->keymgmt && (p->selection & selection) == selection)
+             return p;
+     }
+     return NULL;
+ }
+ 
+-int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
+-                                   EVP_KEYMGMT *keymgmt, void *keydata)
++int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
++                                   void *keydata, int selection)
+ {
+     OP_CACHE_ELEM *p = NULL;
+ 
+@@ -266,6 +269,7 @@ int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
+             return 0;
+         p->keydata = keydata;
+         p->keymgmt = keymgmt;
++        p->selection = selection;
+ 
+         if (!EVP_KEYMGMT_up_ref(keymgmt)) {
+             OPENSSL_free(p);
+@@ -391,7 +395,8 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection)
+             ok = 1;
+             if (keydata1 != NULL) {
+                 tmp_keydata =
+-                    evp_keymgmt_util_export_to_provider(pk1, keymgmt2);
++                    evp_keymgmt_util_export_to_provider(pk1, keymgmt2,
++                                                        selection);
+                 ok = (tmp_keydata != NULL);
+             }
+             if (ok) {
+@@ -411,7 +416,8 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection)
+             ok = 1;
+             if (keydata2 != NULL) {
+                 tmp_keydata =
+-                    evp_keymgmt_util_export_to_provider(pk2, keymgmt1);
++                    evp_keymgmt_util_export_to_provider(pk2, keymgmt1,
++                                                        selection);
+                 ok = (tmp_keydata != NULL);
+             }
+             if (ok) {
+diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
+index 70d17ec37e..905e9c9ce4 100644
+--- a/crypto/evp/p_lib.c
++++ b/crypto/evp/p_lib.c
+@@ -1822,6 +1822,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
+ {
+     EVP_KEYMGMT *allocated_keymgmt = NULL;
+     EVP_KEYMGMT *tmp_keymgmt = NULL;
++    int selection = OSSL_KEYMGMT_SELECT_ALL;
+     void *keydata = NULL;
+     int check;
+ 
+@@ -1883,7 +1884,8 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
+         if (pk->ameth->dirty_cnt(pk) == pk->dirty_cnt_copy) {
+             if (!CRYPTO_THREAD_read_lock(pk->lock))
+                 goto end;
+-            op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt);
++            op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt,
++                                                       selection);
+ 
+             /*
+              * If |tmp_keymgmt| is present in the operation cache, it means
+@@ -1938,7 +1940,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
+         EVP_KEYMGMT_free(tmp_keymgmt); /* refcnt-- */
+ 
+         /* Check to make sure some other thread didn't get there first */
+-        op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt);
++        op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt, selection);
+         if (op != NULL && op->keymgmt != NULL) {
+             void *tmp_keydata = op->keydata;
+ 
+@@ -1949,7 +1951,8 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
+         }
+ 
+         /* Add the new export to the operation cache */
+-        if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata)) {
++        if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata,
++                                            selection)) {
+             CRYPTO_THREAD_unlock(pk->lock);
+             evp_keymgmt_freedata(tmp_keymgmt, keydata);
+             keydata = NULL;
+@@ -1964,7 +1967,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
+     }
+ #endif  /* FIPS_MODULE */
+ 
+-    keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt);
++    keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt, selection);
+ 
+  end:
+     /*
+diff --git a/include/crypto/evp.h b/include/crypto/evp.h
+index f601b72807..dbbdcccbda 100644
+--- a/include/crypto/evp.h
++++ b/include/crypto/evp.h
+@@ -589,6 +589,7 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
+ typedef struct {
+     EVP_KEYMGMT *keymgmt;
+     void *keydata;
++    int selection;
+ } OP_CACHE_ELEM;
+ 
+ DEFINE_STACK_OF(OP_CACHE_ELEM)
+@@ -778,12 +779,14 @@ EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata);
+ 
+ int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
+                             OSSL_CALLBACK *export_cb, void *export_cbarg);
+-void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt);
++void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
++                                          int selection);
+ OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
+-                                                     EVP_KEYMGMT *keymgmt);
++                                                     EVP_KEYMGMT *keymgmt,
++                                                     int selection);
+ int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking);
+-int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
+-                                   EVP_KEYMGMT *keymgmt, void *keydata);
++int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
++                                   void *keydata, int selection);
+ void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk);
+ void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
+                                 int selection, const OSSL_PARAM params[]);
+-- 
+2.38.1
+
+From 504427eb5f32108dd64ff7858012863fe47b369b Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 10 Nov 2022 16:58:28 -0500
+Subject: [PATCH 2/3] Update documentation for keymgmt export utils
+
+Change function prototypes and explain how to use the selection
+argument.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19648)
+
+diff --git a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod b/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod
+index 1fee9f6ff9..7099e44964 100644
+--- a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod
++++ b/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod
+@@ -20,12 +20,14 @@ OP_CACHE_ELEM
+ 
+  int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
+                              OSSL_CALLBACK *export_cb, void *export_cbarg);
+- void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt);
++ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
++                                           int selection);
+  OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
+-                                                      EVP_KEYMGMT *keymgmt);
++                                                      EVP_KEYMGMT *keymgmt,
++                                                      int selection);
+  int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking);
+- int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
+-                                    EVP_KEYMGMT *keymgmt, void *keydata);
++ int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
++                                    void *keydata, int selection);
+  void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk);
+  void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
+                                  int selection, const OSSL_PARAM params[]);
+@@ -65,6 +67,11 @@ evp_keymgmt_util_fromdata() can be used to add key object data to a
+ given key I<target> via a B<EVP_KEYMGMT> interface.  This is used as a
+ helper for L<EVP_PKEY_fromdata(3)>.
+ 
++In all functions that take a I<selection> argument, the selection is used to
++constraint the information requested on export. It is also used in the cache
++so that key data is guaranteed to contain all the information requested in
++the selection.
++
+ =head1 RETURN VALUES
+ 
+ evp_keymgmt_export_to_provider() and evp_keymgmt_util_fromdata()
+-- 
+2.38.1
+
+From e5202fbd461cb6c067874987998e91c6093e5267 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 11 Nov 2022 12:18:26 -0500
+Subject: [PATCH 3/3] Add test for EVP_PKEY_eq
+
+This tests that the comparison work even if a provider can only return
+a public key.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19648)
+
+diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c
+index d556551bb6..5e92e72d4b 100644
+--- a/test/fake_rsaprov.c
++++ b/test/fake_rsaprov.c
+@@ -22,24 +22,34 @@ static OSSL_FUNC_keymgmt_has_fn fake_rsa_keymgmt_has;
+ static OSSL_FUNC_keymgmt_query_operation_name_fn fake_rsa_keymgmt_query;
+ static OSSL_FUNC_keymgmt_import_fn fake_rsa_keymgmt_import;
+ static OSSL_FUNC_keymgmt_import_types_fn fake_rsa_keymgmt_imptypes;
++static OSSL_FUNC_keymgmt_export_fn fake_rsa_keymgmt_export;
++static OSSL_FUNC_keymgmt_export_types_fn fake_rsa_keymgmt_exptypes;
+ static OSSL_FUNC_keymgmt_load_fn fake_rsa_keymgmt_load;
+ 
+ static int has_selection;
+ static int imptypes_selection;
++static int exptypes_selection;
+ static int query_id;
+ 
++struct fake_rsa_keydata {
++    int selection;
++    int status;
++};
++
+ static void *fake_rsa_keymgmt_new(void *provctx)
+ {
+-    unsigned char *keydata = OPENSSL_zalloc(1);
++    struct fake_rsa_keydata *key;
+ 
+-    TEST_ptr(keydata);
++    if (!TEST_ptr(key = OPENSSL_zalloc(sizeof(struct fake_rsa_keydata))))
++        return NULL;
+ 
+     /* clear test globals */
+     has_selection = 0;
+     imptypes_selection = 0;
++    exptypes_selection = 0;
+     query_id = 0;
+ 
+-    return keydata;
++    return key;
+ }
+ 
+ static void fake_rsa_keymgmt_free(void *keydata)
+@@ -67,14 +77,104 @@ static const char *fake_rsa_keymgmt_query(int id)
+ static int fake_rsa_keymgmt_import(void *keydata, int selection,
+                                    const OSSL_PARAM *p)
+ {
+-    unsigned char *fake_rsa_key = keydata;
++    struct fake_rsa_keydata *fake_rsa_key = keydata;
+ 
+     /* key was imported */
+-    *fake_rsa_key = 1;
++    fake_rsa_key->status = 1;
+ 
+     return 1;
+ }
+ 
++static unsigned char fake_rsa_n[] =
++   "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
++   "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
++   "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
++   "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
++   "\xF5";
++
++static unsigned char fake_rsa_e[] = "\x11";
++
++static unsigned char fake_rsa_d[] =
++    "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
++    "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
++    "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
++    "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
++
++static unsigned char fake_rsa_p[] =
++    "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
++    "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
++    "\x0D";
++
++static unsigned char fake_rsa_q[] =
++    "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
++    "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
++    "\x89";
++
++static unsigned char fake_rsa_dmp1[] =
++    "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
++    "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
++
++static unsigned char fake_rsa_dmq1[] =
++    "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
++    "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
++    "\x51";
++
++static unsigned char fake_rsa_iqmp[] =
++    "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
++    "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
++
++OSSL_PARAM *fake_rsa_key_params(int priv)
++{
++    if (priv) {
++        OSSL_PARAM params[] = {
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
++                          sizeof(fake_rsa_n) -1),
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
++                          sizeof(fake_rsa_e) -1),
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, fake_rsa_d,
++                          sizeof(fake_rsa_d) -1),
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, fake_rsa_p,
++                          sizeof(fake_rsa_p) -1),
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, fake_rsa_q,
++                          sizeof(fake_rsa_q) -1),
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, fake_rsa_dmp1,
++                          sizeof(fake_rsa_dmp1) -1),
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, fake_rsa_dmq1,
++                          sizeof(fake_rsa_dmq1) -1),
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, fake_rsa_iqmp,
++                          sizeof(fake_rsa_iqmp) -1),
++            OSSL_PARAM_END
++        };
++        return OSSL_PARAM_dup(params);
++    } else {
++        OSSL_PARAM params[] = {
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
++                          sizeof(fake_rsa_n) -1),
++            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
++                          sizeof(fake_rsa_e) -1),
++            OSSL_PARAM_END
++        };
++        return OSSL_PARAM_dup(params);
++    }
++}
++
++static int fake_rsa_keymgmt_export(void *keydata, int selection,
++                                   OSSL_CALLBACK *param_callback, void *cbarg)
++{
++    OSSL_PARAM *params = NULL;
++    int ret;
++
++    if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
++        return 0;
++
++    if (!TEST_ptr(params = fake_rsa_key_params(0)))
++        return 0;
++
++    ret = param_callback(params, cbarg);
++    OSSL_PARAM_free(params);
++    return ret;
++}
++
+ static const OSSL_PARAM fake_rsa_import_key_types[] = {
+     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
+     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
+@@ -95,19 +195,33 @@ static const OSSL_PARAM *fake_rsa_keymgmt_imptypes(int selection)
+     return fake_rsa_import_key_types;
+ }
+ 
++static const OSSL_PARAM fake_rsa_export_key_types[] = {
++    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
++    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
++    OSSL_PARAM_END
++};
++
++static const OSSL_PARAM *fake_rsa_keymgmt_exptypes(int selection)
++{
++    /* record global for checking */
++    exptypes_selection = selection;
++
++    return fake_rsa_export_key_types;
++}
++
+ static void *fake_rsa_keymgmt_load(const void *reference, size_t reference_sz)
+ {
+-    unsigned char *key = NULL;
++    struct fake_rsa_keydata *key = NULL;
+ 
+-    if (reference_sz != sizeof(key))
++    if (reference_sz != sizeof(*key))
+         return NULL;
+ 
+-    key = *(unsigned char **)reference;
+-    if (*key != 1)
++    key = *(struct fake_rsa_keydata **)reference;
++    if (key->status != 1)
+         return NULL;
+ 
+     /* detach the reference */
+-    *(unsigned char **)reference = NULL;
++    *(struct fake_rsa_keydata  **)reference = NULL;
+ 
+     return key;
+ }
+@@ -129,7 +243,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+ {
+     unsigned char *gctx = genctx;
+     static const unsigned char inited[] = { 1 };
+-    unsigned char *keydata;
++    struct fake_rsa_keydata *keydata;
+ 
+     if (!TEST_ptr(gctx)
+         || !TEST_mem_eq(gctx, sizeof(*gctx), inited, sizeof(inited)))
+@@ -138,7 +252,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+     if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL)))
+         return NULL;
+ 
+-    *keydata = 2;
++    keydata->status = 2;
+     return keydata;
+ }
+ 
+@@ -156,6 +270,9 @@ static const OSSL_DISPATCH fake_rsa_keymgmt_funcs[] = {
+     { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))fake_rsa_keymgmt_import },
+     { OSSL_FUNC_KEYMGMT_IMPORT_TYPES,
+         (void (*)(void))fake_rsa_keymgmt_imptypes },
++    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))fake_rsa_keymgmt_export },
++    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES,
++        (void (*)(void))fake_rsa_keymgmt_exptypes },
+     { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))fake_rsa_keymgmt_load },
+     { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))fake_rsa_gen_init },
+     { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))fake_rsa_gen },
+@@ -191,14 +308,14 @@ static int fake_rsa_sig_sign_init(void *ctx, void *provkey,
+                                   const OSSL_PARAM params[])
+ {
+     unsigned char *sigctx = ctx;
+-    unsigned char *keydata = provkey;
++    struct fake_rsa_keydata *keydata = provkey;
+ 
+     /* we must have a ctx */
+     if (!TEST_ptr(sigctx))
+         return 0;
+ 
+     /* we must have some initialized key */
+-    if (!TEST_ptr(keydata) || !TEST_int_gt(keydata[0], 0))
++    if (!TEST_ptr(keydata) || !TEST_int_gt(keydata->status, 0))
+         return 0;
+ 
+     /* record that sign init was called */
+@@ -289,7 +406,7 @@ static int fake_rsa_st_load(void *loaderctx,
+     unsigned char *storectx = loaderctx;
+     OSSL_PARAM params[4];
+     int object_type = OSSL_OBJECT_PKEY;
+-    void *key = NULL;
++    struct fake_rsa_keydata *key = NULL;
+     int rv = 0;
+ 
+     switch (*storectx) {
+@@ -307,7 +424,7 @@ static int fake_rsa_st_load(void *loaderctx,
+         /* The address of the key becomes the octet string */
+         params[2] =
+             OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
+-                                              &key, sizeof(key));
++                                              &key, sizeof(*key));
+         params[3] = OSSL_PARAM_construct_end();
+         rv = object_cb(params, object_cbarg);
+         *storectx = 1;
+diff --git a/test/fake_rsaprov.h b/test/fake_rsaprov.h
+index 57de1ecf8d..190c46a285 100644
+--- a/test/fake_rsaprov.h
++++ b/test/fake_rsaprov.h
+@@ -12,3 +12,4 @@
+ /* Fake RSA provider implementation */
+ OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx);
+ void fake_rsa_finish(OSSL_PROVIDER *p);
++OSSL_PARAM *fake_rsa_key_params(int priv);
+diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c
+index 5c398398f4..3b190baa5e 100644
+--- a/test/provider_pkey_test.c
++++ b/test/provider_pkey_test.c
+@@ -176,6 +176,67 @@ end:
+     return ret;
+ }
+ 
++static int test_pkey_eq(void)
++{
++    OSSL_PROVIDER *deflt = NULL;
++    OSSL_PROVIDER *fake_rsa = NULL;
++    EVP_PKEY *pkey_fake = NULL;
++    EVP_PKEY *pkey_dflt = NULL;
++    EVP_PKEY_CTX *ctx = NULL;
++    OSSL_PARAM *params = NULL;
++    int ret = 0;
++
++    if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
++        return 0;
++
++    if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default")))
++        goto end;
++
++    /* Construct a public key for fake-rsa */
++    if (!TEST_ptr(params = fake_rsa_key_params(0))
++        || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
++                                                      "provider=fake-rsa"))
++        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
++        || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY,
++                                        params))
++        || !TEST_ptr(pkey_fake))
++        goto end;
++
++    EVP_PKEY_CTX_free(ctx);
++    ctx = NULL;
++    OSSL_PARAM_free(params);
++    params = NULL;
++
++    /* Construct a public key for default */
++    if (!TEST_ptr(params = fake_rsa_key_params(0))
++        || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
++                                                      "provider=default"))
++        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
++        || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_dflt, EVP_PKEY_PUBLIC_KEY,
++                                        params))
++        || !TEST_ptr(pkey_dflt))
++        goto end;
++
++    EVP_PKEY_CTX_free(ctx);
++    ctx = NULL;
++    OSSL_PARAM_free(params);
++    params = NULL;
++
++    /* now test for equality */
++    if (!TEST_int_eq(EVP_PKEY_eq(pkey_fake, pkey_dflt), 1))
++        goto end;
++
++    ret = 1;
++end:
++    fake_rsa_finish(fake_rsa);
++    OSSL_PROVIDER_unload(deflt);
++    EVP_PKEY_CTX_free(ctx);
++    EVP_PKEY_free(pkey_fake);
++    EVP_PKEY_free(pkey_dflt);
++    OSSL_PARAM_free(params);
++    return ret;
++}
++
+ static int test_pkey_store(int idx)
+ {
+     OSSL_PROVIDER *deflt = NULL;
+@@ -235,6 +296,7 @@ int setup_tests(void)
+ 
+     ADD_TEST(test_pkey_sig);
+     ADD_TEST(test_alternative_keygen_init);
++    ADD_TEST(test_pkey_eq);
+     ADD_ALL_TESTS(test_pkey_store, 2);
+ 
+     return 1;
+-- 
+2.38.1
+
+From 2fea56832780248af2aba2e4433ece2d18428515 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Mon, 14 Nov 2022 10:25:15 -0500
+Subject: [PATCH] Drop explicit check for engines in opt_legacy_okay
+
+The providers indication should always indicate that this is not a
+legacy request.
+This makes a check for engines redundant as the default return is that
+legacy is ok if there are no explicit providers.
+
+Fixes #19662
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19671)
+---
+ apps/lib/apps.c                    |  8 --------
+ test/recipes/20-test_legacy_okay.t | 23 +++++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 8 deletions(-)
+ create mode 100755 test/recipes/20-test_legacy_okay.t
+
+diff --git a/apps/lib/apps.c b/apps/lib/apps.c
+index 3d52e030ab7e258f9cd983b2d9755d954cb3aee5..bbe0d009efb35fcf1a902c86cbddc61e657e57f1 100644
+--- a/apps/lib/apps.c
++++ b/apps/lib/apps.c
+@@ -3405,14 +3405,6 @@ int opt_legacy_okay(void)
+ {
+     int provider_options = opt_provider_option_given();
+     int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL;
+-#ifndef OPENSSL_NO_ENGINE
+-    ENGINE *e = ENGINE_get_first();
+-
+-    if (e != NULL) {
+-        ENGINE_free(e);
+-        return 1;
+-    }
+-#endif
+     /*
+      * Having a provider option specified or a custom library context or
+      * property query, is a sure sign we're not using legacy.
+diff --git a/test/recipes/20-test_legacy_okay.t b/test/recipes/20-test_legacy_okay.t
+new file mode 100755
+index 0000000000000000000000000000000000000000..183499f3fd93f97e8a4a30681a9f383d2f6e0c56
+--- /dev/null
++++ b/test/recipes/20-test_legacy_okay.t
+@@ -0,0 +1,23 @@
++#! /usr/bin/env perl
++# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the Apache License 2.0 (the "License").  You may not use
++# this file except in compliance with the License.  You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++use strict;
++use warnings;
++
++use OpenSSL::Test;
++
++setup("test_legacy");
++
++plan tests => 3;
++
++ok(run(app(['openssl', 'rand', '-out', 'rand.txt', '256'])), "Generate random file");
++
++ok(run(app(['openssl', 'dgst', '-sha256', 'rand.txt'])), "Generate a digest");
++
++ok(!run(app(['openssl', 'dgst', '-sha256', '-propquery', 'foo=1',
++             'rand.txt'])), "Fail to generate a digest");
+-- 
+2.38.1
+
diff --git a/openssl.spec b/openssl.spec
index d83f5ff..012261c 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -143,6 +143,8 @@ Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
 Patch89: 0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2144561
 Patch90: 0090-FIPS-RSA-encapsulate.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2142517
+Patch91: 0091-provider-improvements.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -473,6 +475,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
+- Various provider-related imrovements necessary for PKCS#11 provider correct operations
+  Resolves: rhbz#2142517
+
 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
 - Rebasing to OpenSSL 3.0.7
   Resolves: rhbz#2129063

From f2a49ef424f831aac988356fc8b2b910e443dc42 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Fri, 25 Nov 2022 18:09:17 +0100
Subject: [PATCH 14/28] We should export 2 versions of OPENSSL_str[n]casecmp to
 be compatible with upstream

Resolves: rhbz#2133809
---
 0056-strcasecmp.patch | 54 +++++++++++++++++++++++++++++++++++++------
 openssl.spec          | 11 +++++++--
 2 files changed, 56 insertions(+), 9 deletions(-)

diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch
index 5c33a76..8a005e6 100644
--- a/0056-strcasecmp.patch
+++ b/0056-strcasecmp.patch
@@ -1,14 +1,54 @@
 diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
 --- openssl-3.0.3/util/libcrypto.num.locale	2022-06-01 12:35:52.667498724 +0200
 +++ openssl-3.0.3/util/libcrypto.num	2022-06-01 12:36:08.112633093 +0200
-@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex
- ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
+@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex
  EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
--OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
--OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
-+OPENSSL_strcasecmp                      5556	3_0_1	EXIST::FUNCTION:
-+OPENSSL_strncasecmp                     5557	3_0_1	EXIST::FUNCTION:
+ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
++OPENSSL_strcasecmp                      ?	3_0_1	EXIST::FUNCTION:
++OPENSSL_strncasecmp                     ? 	3_0_1	EXIST::FUNCTION:
  ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
  ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
  ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:
+diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
+--- openssl-3.0.7/crypto/o_str.c.cmp	2022-11-25 12:50:22.449760653 +0100
++++ openssl-3.0.7/crypto/o_str.c	2022-11-25 12:51:19.416350584 +0100
+@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char
+ #endif
+ }
+ 
+-int OPENSSL_strcasecmp(const char *s1, const char *s2)
++int
++#ifndef FIPS_MODULE
++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
++                    symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strcasecmp(const char *s1, const char *s2)
+ {
+     int t;
+ 
+@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c
+     return t;
+ }
+ 
+-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
++int
++#ifndef FIPS_MODULE
++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
++                    symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
+ {
+     int t;
+     size_t i;
+diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t
+--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp	2022-11-25 18:19:05.669769076 +0100
++++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t	2022-11-25 18:31:20.993392678 +0100
+@@ -77,6 +80,7 @@ foreach my $libname (@libnames) {
+                 s| .*||;
+                 # Drop OpenSSL dynamic version information if there is any
+                 s|\@\@.+$||;
++                s|\@.+$||;
+                 # Return the result
+                 $_
+             }
diff --git a/openssl.spec b/openssl.spec
index 012261c..912c32c 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -96,7 +96,11 @@ Patch50: 0050-FIPS-enable-pkcs12-mac.patch
 Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
 # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
 Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
-# https://github.com/openssl/openssl/pull/18103
+# Originally from https://github.com/openssl/openssl/pull/18103
+# As we rebased to 3.0.7 and used the version of the function
+# not matching the upstream one, we have to use aliasing.
+# When we eliminate this patch, the `-Wl,--allow-multiple-definition`
+# should also be removed
 Patch56: 0056-strcasecmp.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
 Patch58: 0058-FIPS-limit-rsa-encrypt.patch
@@ -288,7 +292,8 @@ export HASHBANGPERL=/usr/bin/perl
 	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
 	enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
 	no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
-	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'
+	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
+	-Wl,--allow-multiple-definition
 
 # Do not run this in a production package the FIPS symbols must be patched-in
 #util/mkdef.pl crypto update
@@ -478,6 +483,8 @@ install -m644 %{SOURCE9} \
 * Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
 - Various provider-related imrovements necessary for PKCS#11 provider correct operations
   Resolves: rhbz#2142517
+- We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
+  Resolves: rhbz#2133809
 
 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
 - Rebasing to OpenSSL 3.0.7

From d60bf2b34362557596d3e5185246acb152579977 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 28 Nov 2022 13:00:03 +0100
Subject: [PATCH 15/28] Removed recommended package for openssl-libs

Resolves: rhbz#2093804
---
 openssl.spec | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openssl.spec b/openssl.spec
index 912c32c..038c372 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -176,7 +176,6 @@ protocols.
 Summary: A general purpose cryptography library with TLS implementation
 Requires: ca-certificates >= 2008-5
 Requires: crypto-policies >= 20180730
-Recommends: openssl-pkcs11%{?_isa}
 
 %description libs
 OpenSSL is a toolkit for supporting cryptography. The openssl-libs
@@ -485,6 +484,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2142517
 - We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
   Resolves: rhbz#2133809
+- Removed recommended package for openssl-libs
+  Resolves: rhbz#2093804
 
 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
 - Rebasing to OpenSSL 3.0.7

From c29e18389148a2f98be319cee0b97c95b71d09da Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 28 Nov 2022 16:49:42 +0100
Subject: [PATCH 16/28] Adjusting include for the FIPS_mode macro

Resolves: rhbz#2083879
---
 0008-Add-FIPS_mode-compatibility-macro.patch | 20 +++++---------------
 openssl.spec                                 |  2 ++
 2 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch
index 0fac4eb..2e72999 100644
--- a/0008-Add-FIPS_mode-compatibility-macro.patch
+++ b/0008-Add-FIPS_mode-compatibility-macro.patch
@@ -12,24 +12,12 @@ default context.
  3 files changed, 39 insertions(+)
  create mode 100644 include/openssl/fips.h
 
-diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
-index 1036da9a2b..9d4896fcaf 100644
---- a/include/openssl/crypto.h.in
-+++ b/include/openssl/crypto.h.in
-@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
- # include <openssl/opensslconf.h>
- # include <openssl/cryptoerr.h>
- # include <openssl/core.h>
-+# include <openssl/fips.h>
- 
- # ifdef CHARSET_EBCDIC
- #  include <openssl/ebcdic.h>
 diff --git a/include/openssl/fips.h b/include/openssl/fips.h
 new file mode 100644
 index 0000000000..c64f0f8e8f
 --- /dev/null
 +++ b/include/openssl/fips.h
-@@ -0,0 +1,25 @@
+@@ -0,0 +1,26 @@
 +/*
 + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 + *
@@ -43,6 +31,7 @@ index 0000000000..c64f0f8e8f
 +# define OPENSSL_FIPS_H
 +# pragma once
 +
++# include <openssl/evp.h>
 +# include <openssl/macros.h>
 +
 +# ifdef __cplusplus
@@ -58,10 +47,11 @@ index 0000000000..c64f0f8e8f
 diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
 --- openssl-3.0.0-beta1/test/property_test.c.fips-macro	2021-06-29 12:14:58.851557698 +0200
 +++ openssl-3.0.0-beta1/test/property_test.c	2021-06-29 12:17:14.630143832 +0200
-@@ -488,6 +488,18 @@ static int test_property_list_to_string(
+@@ -488,6 +488,19 @@ static int test_property_list_to_string(
      return ret;
  }
- 
+
++#include <openssl/fips.h>
 +static int test_downstream_FIPS_mode(void)
 +{
 +    int ret = 0;
diff --git a/openssl.spec b/openssl.spec
index 038c372..eeaf6b2 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -486,6 +486,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2133809
 - Removed recommended package for openssl-libs
   Resolves: rhbz#2093804
+- Adjusting include for the FIPS_mode macro
+  Resolves: rhbz#2083879
 
 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
 - Rebasing to OpenSSL 3.0.7

From 657265459d9e6061eb614869de8ee9ccf3fdae2c Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Tue, 29 Nov 2022 12:00:38 +0100
Subject: [PATCH 17/28] Backport of ppc64le Montgomery multiply enhancement

Resolves: rhbz#2130708
---
 0067-ppc64le-Montgomery-multiply.patch | 703 +++++++++++++++++++++++++
 openssl.spec                           |   5 +
 2 files changed, 708 insertions(+)
 create mode 100644 0067-ppc64le-Montgomery-multiply.patch

diff --git a/0067-ppc64le-Montgomery-multiply.patch b/0067-ppc64le-Montgomery-multiply.patch
new file mode 100644
index 0000000..36c0222
--- /dev/null
+++ b/0067-ppc64le-Montgomery-multiply.patch
@@ -0,0 +1,703 @@
+From 33ffd36afa7594aeb958a925f521cb287ca850c8 Mon Sep 17 00:00:00 2001
+From: Rohan McLure <rohanmclure@linux.ibm.com>
+Date: Mon, 27 Jun 2022 12:14:55 +1000
+Subject: [PATCH 1/2] Revert "Revert "bn: Add fixed length (n=6), unrolled PPC
+ Montgomery Multiplication""
+
+This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e.
+---
+ crypto/bn/asm/ppc64-mont-fixed.pl | 581 ++++++++++++++++++++++++++++++
+ crypto/bn/bn_ppc.c                |  15 +
+ crypto/bn/build.info              |   3 +-
+ 3 files changed, 598 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl
+index e69de29bb2d1..0fb397bc5f12 100755
+--- a/crypto/bn/asm/ppc64-mont-fixed.pl
++++ b/crypto/bn/asm/ppc64-mont-fixed.pl
+@@ -0,0 +1,581 @@
++#! /usr/bin/env perl
++# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the Apache License 2.0 (the "License").  You may not use
++# this file except in compliance with the License.  You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++# ====================================================================
++# Written by Amitay Isaacs <amitay@ozlabs.org>, Martin Schwenke
++# <martin@meltin.net> & Alastair D'Silva <alastair@d-silva.org> for
++# the OpenSSL project.
++# ====================================================================
++
++#
++# Fixed length (n=6), unrolled PPC Montgomery Multiplication
++#
++
++# 2021
++#
++# Although this is a generic implementation for unrolling Montgomery
++# Multiplication for arbitrary values of n, this is currently only
++# used for n = 6 to improve the performance of ECC p384.
++#
++# Unrolling allows intermediate results to be stored in registers,
++# rather than on the stack, improving performance by ~7% compared to
++# the existing PPC assembly code.
++#
++# The ISA 3.0 implementation uses combination multiply/add
++# instructions (maddld, maddhdu) to improve performance by an
++# additional ~10% on Power 9.
++#
++# Finally, saving non-volatile registers into volatile vector
++# registers instead of onto the stack saves a little more.
++#
++# On a Power 9 machine we see an overall improvement of ~18%.
++#
++
++use strict;
++use warnings;
++
++my ($flavour, $output, $dir, $xlate);
++
++# $output is the last argument if it looks like a file (it has an extension)
++# $flavour is the first argument if it doesn't look like a file
++$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
++$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
++
++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
++( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
++( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
++die "can't locate ppc-xlate.pl";
++
++open STDOUT,"| $^X $xlate $flavour \"$output\""
++    or die "can't call $xlate: $!";
++
++if ($flavour !~ /64/) {
++	die "bad flavour ($flavour) - only ppc64 permitted";
++}
++
++my $SIZE_T= 8;
++
++# Registers are global so the code is remotely readable
++
++# Parameters for Montgomery multiplication
++my $sp	= "r1";
++my $toc	= "r2";
++my $rp	= "r3";
++my $ap	= "r4";
++my $bp	= "r5";
++my $np	= "r6";
++my $n0	= "r7";
++my $num	= "r8";
++
++my $i	= "r9";
++my $c0	= "r10";
++my $bp0	= "r11";
++my $bpi	= "r11";
++my $bpj	= "r11";
++my $tj	= "r12";
++my $apj	= "r12";
++my $npj	= "r12";
++my $lo	= "r14";
++my $c1	= "r14";
++
++# Non-volatile registers used for tp[i]
++#
++# 12 registers are available but the limit on unrolling is 10,
++# since registers from $tp[0] to $tp[$n+1] are used.
++my @tp = ("r20" .. "r31");
++
++# volatile VSRs for saving non-volatile GPRs - faster than stack
++my @vsrs = ("v32" .. "v46");
++
++package Mont;
++
++sub new($$)
++{
++	my ($class, $n) = @_;
++
++	if ($n > 10) {
++		die "Can't unroll for BN length ${n} (maximum 10)"
++	}
++
++	my $self = {
++		code => "",
++		n => $n,
++	};
++	bless $self, $class;
++
++	return $self;
++}
++
++sub add_code($$)
++{
++	my ($self, $c) = @_;
++
++	$self->{code} .= $c;
++}
++
++sub get_code($)
++{
++	my ($self) = @_;
++
++	return $self->{code};
++}
++
++sub get_function_name($)
++{
++	my ($self) = @_;
++
++	return "bn_mul_mont_fixed_n" . $self->{n};
++}
++
++sub get_label($$)
++{
++	my ($self, $l) = @_;
++
++	return "L" . $l . "_" . $self->{n};
++}
++
++sub get_labels($@)
++{
++	my ($self, @labels) = @_;
++
++	my %out = ();
++
++	foreach my $l (@labels) {
++		$out{"$l"} = $self->get_label("$l");
++	}
++
++	return \%out;
++}
++
++sub nl($)
++{
++	my ($self) = @_;
++
++	$self->add_code("\n");
++}
++
++sub copy_result($)
++{
++	my ($self) = @_;
++
++	my ($n) = $self->{n};
++
++	for (my $j = 0; $j < $n; $j++) {
++		$self->add_code(<<___);
++	std		$tp[$j],`$j*$SIZE_T`($rp)
++___
++	}
++
++}
++
++sub mul_mont_fixed($)
++{
++	my ($self) = @_;
++
++	my ($n) = $self->{n};
++	my $fname = $self->get_function_name();
++	my $label = $self->get_labels("outer", "enter", "sub", "copy", "end");
++
++	$self->add_code(<<___);
++
++.globl	.${fname}
++.align	5
++.${fname}:
++
++___
++
++	$self->save_registers();
++
++	$self->add_code(<<___);
++	ld		$n0,0($n0)
++
++	ld		$bp0,0($bp)
++
++	ld		$apj,0($ap)
++___
++
++	$self->mul_c_0($tp[0], $apj, $bp0, $c0);
++
++	for (my $j = 1; $j < $n - 1; $j++) {
++		$self->add_code(<<___);
++	ld		$apj,`$j*$SIZE_T`($ap)
++___
++		$self->mul($tp[$j], $apj, $bp0, $c0);
++	}
++
++	$self->add_code(<<___);
++	ld		$apj,`($n-1)*$SIZE_T`($ap)
++___
++
++	$self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0);
++
++	$self->add_code(<<___);
++	li		$tp[$n+1],0
++
++___
++
++	$self->add_code(<<___);
++	li		$i,0
++	mtctr		$num
++	b		$label->{"enter"}
++
++.align	4
++$label->{"outer"}:
++	ldx		$bpi,$bp,$i
++
++	ld		$apj,0($ap)
++___
++
++	$self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0);
++
++	for (my $j = 1; $j < $n; $j++) {
++		$self->add_code(<<___);
++	ld		$apj,`$j*$SIZE_T`($ap)
++___
++		$self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0);
++	}
++
++	$self->add_code(<<___);
++	addc		$tp[$n],$tp[$n],$c0
++	addze		$tp[$n+1],$tp[$n+1]
++___
++
++	$self->add_code(<<___);
++.align	4
++$label->{"enter"}:
++	mulld		$bpi,$tp[0],$n0
++
++	ld		$npj,0($np)
++___
++
++	$self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0);
++
++	for (my $j = 1; $j < $n; $j++) {
++		$self->add_code(<<___);
++	ld		$npj,`$j*$SIZE_T`($np)
++___
++		$self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0);
++	}
++
++	$self->add_code(<<___);
++	addc		$tp[$n-1],$tp[$n],$c0
++	addze		$tp[$n],$tp[$n+1]
++
++	addi		$i,$i,$SIZE_T
++	bdnz		$label->{"outer"}
++
++	and.		$tp[$n],$tp[$n],$tp[$n]
++	bne		$label->{"sub"}
++
++	cmpld	$tp[$n-1],$npj
++	blt		$label->{"copy"}
++
++$label->{"sub"}:
++___
++
++	#
++	# Reduction
++	#
++
++		$self->add_code(<<___);
++	ld		$bpj,`0*$SIZE_T`($np)
++	subfc		$c1,$bpj,$tp[0]
++	std		$c1,`0*$SIZE_T`($rp)
++
++___
++	for (my $j = 1; $j < $n - 1; $j++) {
++		$self->add_code(<<___);
++	ld		$bpj,`$j*$SIZE_T`($np)
++	subfe		$c1,$bpj,$tp[$j]
++	std		$c1,`$j*$SIZE_T`($rp)
++
++___
++	}
++
++		$self->add_code(<<___);
++	subfe		$c1,$npj,$tp[$n-1]
++	std		$c1,`($n-1)*$SIZE_T`($rp)
++
++___
++
++	$self->add_code(<<___);
++	addme.		$tp[$n],$tp[$n]
++	beq		$label->{"end"}
++
++$label->{"copy"}:
++___
++
++	$self->copy_result();
++
++	$self->add_code(<<___);
++
++$label->{"end"}:
++___
++
++	$self->restore_registers();
++
++	$self->add_code(<<___);
++	li		r3,1
++	blr
++.size .${fname},.-.${fname}
++___
++
++}
++
++package Mont::GPR;
++
++our @ISA = ('Mont');
++
++sub new($$)
++{
++    my ($class, $n) = @_;
++
++    return $class->SUPER::new($n);
++}
++
++sub save_registers($)
++{
++	my ($self) = @_;
++
++	my $n = $self->{n};
++
++	$self->add_code(<<___);
++	std	$lo,-8($sp)
++___
++
++	for (my $j = 0; $j <= $n+1; $j++) {
++		$self->{code}.=<<___;
++	std	$tp[$j],-`($j+2)*8`($sp)
++___
++	}
++
++	$self->add_code(<<___);
++
++___
++}
++
++sub restore_registers($)
++{
++	my ($self) = @_;
++
++	my $n = $self->{n};
++
++	$self->add_code(<<___);
++	ld	$lo,-8($sp)
++___
++
++	for (my $j = 0; $j <= $n+1; $j++) {
++		$self->{code}.=<<___;
++	ld	$tp[$j],-`($j+2)*8`($sp)
++___
++	}
++
++	$self->{code} .=<<___;
++
++___
++}
++
++# Direct translation of C mul()
++sub mul($$$$$)
++{
++	my ($self, $r, $a, $w, $c) = @_;
++
++	$self->add_code(<<___);
++	mulld		$lo,$a,$w
++	addc		$r,$lo,$c
++	mulhdu		$c,$a,$w
++	addze		$c,$c
++
++___
++}
++
++# Like mul() but $c is ignored as an input - an optimisation to save a
++# preliminary instruction that would set input $c to 0
++sub mul_c_0($$$$$)
++{
++	my ($self, $r, $a, $w, $c) = @_;
++
++	$self->add_code(<<___);
++	mulld		$r,$a,$w
++	mulhdu		$c,$a,$w
++
++___
++}
++
++# Like mul() but does not to the final addition of CA into $c - an
++# optimisation to save an instruction
++sub mul_last($$$$$$)
++{
++	my ($self, $r1, $r2, $a, $w, $c) = @_;
++
++	$self->add_code(<<___);
++	mulld		$lo,$a,$w
++	addc		$r1,$lo,$c
++	mulhdu		$c,$a,$w
++
++	addze		$r2,$c
++___
++}
++
++# Like C mul_add() but allow $r_out and $r_in to be different
++sub mul_add($$$$$$)
++{
++	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
++
++	$self->add_code(<<___);
++	mulld		$lo,$a,$w
++	addc		$lo,$lo,$c
++	mulhdu		$c,$a,$w
++	addze		$c,$c
++	addc		$r_out,$r_in,$lo
++	addze		$c,$c
++
++___
++}
++
++# Like mul_add() but $c is ignored as an input - an optimisation to save a
++# preliminary instruction that would set input $c to 0
++sub mul_add_c_0($$$$$$)
++{
++	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
++
++	$self->add_code(<<___);
++	mulld		$lo,$a,$w
++	addc		$r_out,$r_in,$lo
++	mulhdu		$c,$a,$w
++	addze		$c,$c
++
++___
++}
++
++package Mont::GPR_300;
++
++our @ISA = ('Mont::GPR');
++
++sub new($$)
++{
++	my ($class, $n) = @_;
++
++	my $mont = $class->SUPER::new($n);
++
++	return $mont;
++}
++
++sub get_function_name($)
++{
++	my ($self) = @_;
++
++	return "bn_mul_mont_300_fixed_n" . $self->{n};
++}
++
++sub get_label($$)
++{
++	my ($self, $l) = @_;
++
++	return "L" . $l . "_300_" . $self->{n};
++}
++
++# Direct translation of C mul()
++sub mul($$$$$)
++{
++	my ($self, $r, $a, $w, $c, $last) = @_;
++
++	$self->add_code(<<___);
++	maddld		$r,$a,$w,$c
++	maddhdu		$c,$a,$w,$c
++
++___
++}
++
++# Save the last carry as the final entry
++sub mul_last($$$$$)
++{
++	my ($self, $r1, $r2, $a, $w, $c) = @_;
++
++	$self->add_code(<<___);
++	maddld		$r1,$a,$w,$c
++	maddhdu		$r2,$a,$w,$c
++
++___
++}
++
++# Like mul() but $c is ignored as an input - an optimisation to save a
++# preliminary instruction that would set input $c to 0
++sub mul_c_0($$$$$)
++{
++	my ($self, $r, $a, $w, $c) = @_;
++
++	$self->add_code(<<___);
++	mulld          $r,$a,$w
++	mulhdu          $c,$a,$w
++
++___
++}
++
++# Like C mul_add() but allow $r_out and $r_in to be different
++sub mul_add($$$$$$)
++{
++	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
++
++	$self->add_code(<<___);
++	maddld		$lo,$a,$w,$c
++	maddhdu		$c,$a,$w,$c
++	addc		$r_out,$r_in,$lo
++	addze		$c,$c
++
++___
++}
++
++# Like mul_add() but $c is ignored as an input - an optimisation to save a
++# preliminary instruction that would set input $c to 0
++sub mul_add_c_0($$$$$$)
++{
++	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
++
++	$self->add_code(<<___);
++	maddld		$lo,$a,$w,$r_in
++	maddhdu		$c,$a,$w,$r_in
++___
++
++	if ($r_out ne $lo) {
++		$self->add_code(<<___);
++	mr			$r_out,$lo
++___
++	}
++
++	$self->nl();
++}
++
++
++package main;
++
++my $code;
++
++$code.=<<___;
++.machine "any"
++.text
++___
++
++my $mont;
++
++$mont = new Mont::GPR(6);
++$mont->mul_mont_fixed();
++$code .= $mont->get_code();
++
++$mont = new Mont::GPR_300(6);
++$mont->mul_mont_fixed();
++$code .= $mont->get_code();
++
++$code =~ s/\`([^\`]*)\`/eval $1/gem;
++
++$code.=<<___;
++.asciz  "Montgomery Multiplication for PPC by <amitay\@ozlabs.org>, <alastair\@d-silva.org>"
++___
++
++print $code;
++close STDOUT or die "error closing STDOUT: $!";
+diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
+index 3ee76ea96574..1e9421bee213 100644
+--- a/crypto/bn/bn_ppc.c
++++ b/crypto/bn/bn_ppc.c
+@@ -19,6 +19,12 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                         const BN_ULONG *np, const BN_ULONG *n0, int num);
+     int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                           const BN_ULONG *np, const BN_ULONG *n0, int num);
++    int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
++                             const BN_ULONG *bp, const BN_ULONG *np,
++                             const BN_ULONG *n0, int num);
++    int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
++                                 const BN_ULONG *bp, const BN_ULONG *np,
++                                 const BN_ULONG *n0, int num);
+ 
+     if (num < 4)
+         return 0;
+@@ -34,5 +40,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+      * no opportunity to figure it out...
+      */
+ 
++#if defined(_ARCH_PPC64) && !defined(__ILP32__)
++    if (num == 6) {
++        if (OPENSSL_ppccap_P & PPC_MADD300)
++            return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
++        else
++            return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
++    }
++#endif
++
+     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
+ }
+diff --git a/crypto/bn/build.info b/crypto/bn/build.info
+index 4f8d0689b5ea..987a70ae263b 100644
+--- a/crypto/bn/build.info
++++ b/crypto/bn/build.info
+@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}]
+ 
+   $BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s
+   $BNDEF_ppc32=OPENSSL_BN_ASM_MONT
+-  $BNASM_ppc64=$BNASM_ppc32
++  $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
+   $BNDEF_ppc64=$BNDEF_ppc32
+ 
+   $BNASM_c64xplus=asm/bn-c64xplus.asm
+@@ -173,6 +173,7 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl
+ GENERATE[bn-ppc.s]=asm/ppc.pl
+ GENERATE[ppc-mont.s]=asm/ppc-mont.pl
+ GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl
++GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl
+ 
+ GENERATE[alpha-mont.S]=asm/alpha-mont.pl
+ 
+
+From 01ebad0d6e3a09bc9e32350b402901471610a3dc Mon Sep 17 00:00:00 2001
+From: Rohan McLure <rohanmclure@linux.ibm.com>
+Date: Thu, 30 Jun 2022 16:21:06 +1000
+Subject: [PATCH 2/2] Fix unrolled montgomery multiplication for POWER9
+
+In the reference C implementation in bn_asm.c, tp[num + 1] contains the
+carry bit for accumulations into tp[num]. tp[num + 1] is only ever
+assigned, never itself incremented.
+---
+ crypto/bn/asm/ppc64-mont-fixed.pl | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl
+index 0fb397bc5f12..e27d0ad93d85 100755
+--- a/crypto/bn/asm/ppc64-mont-fixed.pl
++++ b/crypto/bn/asm/ppc64-mont-fixed.pl
+@@ -63,6 +63,7 @@
+ # Registers are global so the code is remotely readable
+ 
+ # Parameters for Montgomery multiplication
++my $ze	= "r0";
+ my $sp	= "r1";
+ my $toc	= "r2";
+ my $rp	= "r3";
+@@ -192,6 +193,7 @@ ($)
+ 	$self->save_registers();
+ 
+ 	$self->add_code(<<___);
++	li		$ze,0
+ 	ld		$n0,0($n0)
+ 
+ 	ld		$bp0,0($bp)
+@@ -242,7 +244,7 @@ ($)
+ 
+ 	$self->add_code(<<___);
+ 	addc		$tp[$n],$tp[$n],$c0
+-	addze		$tp[$n+1],$tp[$n+1]
++	addze		$tp[$n+1],$ze
+ ___
+ 
+ 	$self->add_code(<<___);
+@@ -272,7 +274,7 @@ ($)
+ 	and.		$tp[$n],$tp[$n],$tp[$n]
+ 	bne		$label->{"sub"}
+ 
+-	cmpld	$tp[$n-1],$npj
++	cmpld		$tp[$n-1],$npj
+ 	blt		$label->{"copy"}
+ 
+ $label->{"sub"}:
diff --git a/openssl.spec b/openssl.spec
index eeaf6b2..1a2b7e5 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -109,6 +109,9 @@ Patch60: 0060-FIPS-KAT-signature-tests.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2087147
 Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
 Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2130708
+# https://github.com/openssl/openssl/pull/18883
+Patch67: 0067-ppc64le-Montgomery-multiply.patch
 # https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c
 # https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd
 Patch71: 0071-AES-GCM-performance-optimization.patch
@@ -488,6 +491,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2093804
 - Adjusting include for the FIPS_mode macro
   Resolves: rhbz#2083879
+- Backport of ppc64le Montgomery multiply enhancement
+  Resolves: rhbz#2130708
 
 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
 - Rebasing to OpenSSL 3.0.7

From c0667361a5cd06139e5eb1abd2acd84aa0d5b1b7 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Fri, 25 Nov 2022 15:32:03 +0100
Subject: [PATCH 18/28] Fix explicit indicator for PSS salt length

The previous state of the patch did not work correctly when used with
negative salt lengths, which OpenSSL uses a magic values. Setting the
saltlength to max would yield an approved state in the indicator, while
it is not approved.

Additionally, update the patch to change the default PSS salt length
with the current state of discussion upstream (see
https://github.com/openssl/openssl/pull/19724).

Resolves: rhbz#2142087
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
 ...re-Add-indicator-for-PSS-salt-length.patch |   8 +-
 0089-PSS-salt-length-from-provider.patch      | 114 ++++++
 ...gnature-Clamp-PSS-salt-len-to-MD-len.patch | 153 --------
 ...gnature-Clamp-PSS-salt-len-to-MD-len.patch | 338 ++++++++++++++++++
 ...e.patch => 0091-FIPS-RSA-encapsulate.patch |   0
 ....patch => 0092-provider-improvements.patch |   0
 openssl.spec                                  |  13 +-
 7 files changed, 466 insertions(+), 160 deletions(-)
 create mode 100644 0089-PSS-salt-length-from-provider.patch
 delete mode 100644 0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
 create mode 100644 0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
 rename 0090-FIPS-RSA-encapsulate.patch => 0091-FIPS-RSA-encapsulate.patch (100%)
 rename 0091-provider-improvements.patch => 0092-provider-improvements.patch (100%)

diff --git a/0088-signature-Add-indicator-for-PSS-salt-length.patch b/0088-signature-Add-indicator-for-PSS-salt-length.patch
index 9f5a99e..97a0679 100644
--- a/0088-signature-Add-indicator-for-PSS-salt-length.patch
+++ b/0088-signature-Add-indicator-for-PSS-salt-length.patch
@@ -1,7 +1,7 @@
-From 02612d36c664e03821ed80a205fdca80232afd64 Mon Sep 17 00:00:00 2001
+From a325a23bc83f4efd60130001c417ca5b96bdbff1 Mon Sep 17 00:00:00 2001
 From: Clemens Lang <cllang@redhat.com>
 Date: Thu, 17 Nov 2022 19:33:02 +0100
-Subject: [PATCH 1/2] signature: Add indicator for PSS salt length
+Subject: [PATCH 1/3] signature: Add indicator for PSS salt length
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -70,7 +70,7 @@ index a5e78efd6e..f239200465 100644
                           EVP_PKEY *pkey);
  __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
 diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 49e7f9158a..f905fd6a04 100644
+index 49e7f9158a..0c45008a00 100644
 --- a/providers/implementations/signature/rsa_sig.c
 +++ b/providers/implementations/signature/rsa_sig.c
 @@ -1127,6 +1127,21 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
@@ -84,7 +84,7 @@ index 49e7f9158a..f905fd6a04 100644
 +        if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) {
 +            if (prsactx->md == NULL) {
 +                fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED;
-+            } else if (prsactx->saltlen > EVP_MD_get_size(prsactx->md)) {
++            } else if (rsa_pss_compute_saltlen(prsactx) > EVP_MD_get_size(prsactx->md)) {
 +                fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
 +            }
 +        }
diff --git a/0089-PSS-salt-length-from-provider.patch b/0089-PSS-salt-length-from-provider.patch
new file mode 100644
index 0000000..8e61747
--- /dev/null
+++ b/0089-PSS-salt-length-from-provider.patch
@@ -0,0 +1,114 @@
+From 0879fac692cb1bff0ec4c196cb364d970ad3ecec Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Mon, 21 Nov 2022 14:33:57 +0100
+Subject: [PATCH 2/3] Obtain PSS salt length from provider
+
+Rather than computing the PSS salt length again in core using
+ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the
+salt length, obtain it from the provider using the
+OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the
+interpretation of the magic constants in the provider differs from that
+of OpenSSL core.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ crypto/cms/cms_rsa.c   | 19 +++++++++++++++----
+ crypto/rsa/rsa_ameth.c | 34 +++++++++++++++++++++-------------
+ 2 files changed, 36 insertions(+), 17 deletions(-)
+
+diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
+index 20ed816918..997567fdbf 100644
+--- a/crypto/cms/cms_rsa.c
++++ b/crypto/cms/cms_rsa.c
+@@ -10,6 +10,7 @@
+ #include <assert.h>
+ #include <openssl/cms.h>
+ #include <openssl/err.h>
++#include <openssl/core_names.h>
+ #include "crypto/asn1.h"
+ #include "crypto/rsa.h"
+ #include "cms_local.h"
+@@ -191,7 +192,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
+     int pad_mode = RSA_PKCS1_PADDING;
+     X509_ALGOR *alg;
+     EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
+-    ASN1_STRING *os = NULL;
++    unsigned char aid[128];
++    const unsigned char *pp = aid;
++    size_t aid_len = 0;
++    OSSL_PARAM params[2];
+ 
+     CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
+     if (pkctx != NULL) {
+@@ -205,10 +209,17 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
+     /* We don't support it */
+     if (pad_mode != RSA_PKCS1_PSS_PADDING)
+         return 0;
+-    os = ossl_rsa_ctx_to_pss_string(pkctx);
+-    if (os == NULL)
++
++    params[0] = OSSL_PARAM_construct_octet_string(
++        OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
++    params[1] = OSSL_PARAM_construct_end();
++
++    if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)
++        return 0;
++    if ((aid_len = params[0].return_size) == 0)
++        return 0;
++    if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL)
+         return 0;
+-    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
+     return 1;
+ }
+ 
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
+index c15554505b..61ec53d424 100644
+--- a/crypto/rsa/rsa_ameth.c
++++ b/crypto/rsa/rsa_ameth.c
+@@ -637,22 +637,30 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
+     if (pad_mode == RSA_PKCS1_PADDING)
+         return 2;
+     if (pad_mode == RSA_PKCS1_PSS_PADDING) {
+-        ASN1_STRING *os1 = NULL;
+-        os1 = ossl_rsa_ctx_to_pss_string(pkctx);
+-        if (!os1)
++        unsigned char aid[128];
++        size_t aid_len = 0;
++        OSSL_PARAM params[2];
++
++        params[0] = OSSL_PARAM_construct_octet_string(
++            OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
++        params[1] = OSSL_PARAM_construct_end();
++
++        if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)
+             return 0;
+-        /* Duplicate parameters if we have to */
+-        if (alg2) {
+-            ASN1_STRING *os2 = ASN1_STRING_dup(os1);
+-            if (!os2) {
+-                ASN1_STRING_free(os1);
++        if ((aid_len = params[0].return_size) == 0)
++            return 0;
++
++        if (alg1 != NULL) {
++            const unsigned char *pp = aid;
++            if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL)
++                return 0;
++        }
++        if (alg2 != NULL) {
++            const unsigned char *pp = aid;
++            if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL)
+                 return 0;
+-            }
+-            X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
+-                            V_ASN1_SEQUENCE, os2);
+         }
+-        X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
+-                        V_ASN1_SEQUENCE, os1);
++
+         return 3;
+     }
+     return 2;
+-- 
+2.38.1
+
diff --git a/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch b/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
deleted file mode 100644
index 8e41bf4..0000000
--- a/0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From 39a91c33e2b89a0fe42e3791d3dc304519a52182 Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Fri, 18 Nov 2022 12:35:33 +0100
-Subject: [PATCH] signature: Clamp PSS salt len to MD len
-
-Since FIPS 186-4 subsection 5.5 limits the acceptable PSS salt length to
-the size of the message digest, change the default automatic behavior
-when signing to use at most the digest size as salt length. Shorter
-values are still possible when long hashes are used with short keys.
-
-Signed-off-by: Clemens Lang <cllang@redhat.com>
----
- crypto/rsa/rsa_ameth.c                        | 19 +++++++++++++++++--
- crypto/rsa/rsa_pss.c                          | 11 +++++++++++
- doc/man3/EVP_PKEY_CTX_ctrl.pod                |  4 +++-
- providers/implementations/signature/rsa_sig.c | 18 ++++++++++++++++--
- 4 files changed, 47 insertions(+), 5 deletions(-)
-
-diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
-index b1580ca..dc81627 100644
---- a/crypto/rsa/rsa_ameth.c
-+++ b/crypto/rsa/rsa_ameth.c
-@@ -449,6 +449,7 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
-     const EVP_MD *sigmd, *mgf1md;
-     EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
-     int saltlen;
-+    int saltlenMax = -1;
- 
-     if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
-         return NULL;
-@@ -456,14 +457,28 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
-         return NULL;
-     if (EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen) <= 0)
-         return NULL;
--    if (saltlen == -1) {
-+    if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
-         saltlen = EVP_MD_get_size(sigmd);
--    } else if (saltlen == -2 || saltlen == -3) {
-+    } else if (saltlen == RSA_PSS_SALTLEN_AUTO) {
-+        /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm",
-+         * subsection 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in
-+         * bytes) of the salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen
-+         * is the length of the hash function output block (in bytes)."
-+         *
-+         * Switch the meaning of RSA_PSS_SALTLEN_AUTO to use at most the digest
-+         * length in FIPS mode, so that the default does not violate FIPS
-+         * 186-4. */
-+        saltlen = RSA_PSS_SALTLEN_MAX;
-+        saltlenMax = EVP_MD_get_size(sigmd);
-+    }
-+    if (saltlen == RSA_PSS_SALTLEN_MAX) {
-         saltlen = EVP_PKEY_get_size(pk) - EVP_MD_get_size(sigmd) - 2;
-         if ((EVP_PKEY_get_bits(pk) & 0x7) == 1)
-             saltlen--;
-         if (saltlen < 0)
-             return NULL;
-+        if (saltlenMax >= 0 && saltlen > saltlenMax)
-+            saltlen = saltlenMax;
-     }
- 
-     return ossl_rsa_pss_params_create(sigmd, mgf1md, saltlen);
-diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
-index e8681b0..d8f9207 100644
---- a/crypto/rsa/rsa_pss.c
-+++ b/crypto/rsa/rsa_pss.c
-@@ -168,6 +168,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
-     int hLen, maskedDBLen, MSBits, emLen;
-     unsigned char *H, *salt = NULL, *p;
-     EVP_MD_CTX *ctx = NULL;
-+    int sLenMax = -1;
- 
-     if (mgf1Hash == NULL)
-         mgf1Hash = Hash;
-@@ -190,10 +191,18 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
-      *      -3      same as above (on signing)
-      *      -N      reserved
-      */
-+    /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
-+     * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
-+     * salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of
-+     * the hash function output block (in bytes)."
-+     *
-+     * Switch the meaning of RSA_PSS_SALTLEN_AUTO to use at most the digest
-+     * length in FIPS mode, so that the default does not violate FIPS 186-4. */
-     if (sLen == RSA_PSS_SALTLEN_DIGEST) {
-         sLen = hLen;
-     } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) {
-         sLen = RSA_PSS_SALTLEN_MAX;
-+        sLenMax = hLen;
-     } else if (sLen < RSA_PSS_SALTLEN_MAX) {
-         ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED);
-         goto err;
-@@ -211,6 +220,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
-     }
-     if (sLen == RSA_PSS_SALTLEN_MAX) {
-         sLen = emLen - hLen - 2;
-+        if (sLenMax >= 0 && sLen > sLenMax)
-+            sLen = sLenMax;
-     } else if (sLen > emLen - hLen - 2) {
-         ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-         goto err;
-diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
-index 3075eaa..5463472 100644
---- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
-+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
-@@ -287,7 +287,9 @@ sets the salt length to the maximum permissible value.
- 
- causes the salt length to be automatically determined based on the
- B<PSS> block structure when verifying.  When signing, it has the same
--meaning as B<RSA_PSS_SALTLEN_MAX>.
-+meaning as B<RSA_PSS_SALTLEN_MAX> up to a maximum of the digest length to
-+comply with FIPS 186-4 section 5.5.  This maximum is specific to Red Hat,
-+upstream also uses larger values.
- 
- =back
- 
-diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 3ce5efd..519c6a2 100644
---- a/providers/implementations/signature/rsa_sig.c
-+++ b/providers/implementations/signature/rsa_sig.c
-@@ -200,13 +200,27 @@ static void *rsa_newctx(void *provctx, const char *propq)
- static int rsa_pss_compute_saltlen(PROV_RSA_CTX *ctx)
- {
-     int saltlen = ctx->saltlen;
-- 
-+    int saltlenMax = -1;
-+
-+    /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
-+     * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
-+     * salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of
-+     * the hash function output block (in bytes)."
-+     *
-+     * Switch the meaning of RSA_PSS_SALTLEN_AUTO to use at most the digest
-+     * length in FIPS mode, so that the default does not violate FIPS 186-4. */
-     if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
-         saltlen = EVP_MD_get_size(ctx->md);
--    } else if (saltlen == RSA_PSS_SALTLEN_AUTO || saltlen == RSA_PSS_SALTLEN_MAX) {
-+    } else if (saltlen == RSA_PSS_SALTLEN_AUTO) {
-+        saltlen = RSA_PSS_SALTLEN_MAX;
-+        saltlenMax = EVP_MD_get_size(ctx->md);
-+    }
-+    if (saltlen == RSA_PSS_SALTLEN_MAX) {
-         saltlen = RSA_size(ctx->rsa) - EVP_MD_get_size(ctx->md) - 2;
-         if ((RSA_bits(ctx->rsa) & 0x7) == 1)
-             saltlen--;
-+        if (saltlenMax >= 0 && saltlen > saltlenMax)
-+            saltlen = saltlenMax;
-     }
-     if (saltlen < 0) {
-         ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
--- 
-2.38.1
-
diff --git a/0090-signature-Clamp-PSS-salt-len-to-MD-len.patch b/0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
new file mode 100644
index 0000000..efe7751
--- /dev/null
+++ b/0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
@@ -0,0 +1,338 @@
+From 9cc914ff3e1fda124bdc76d72ebc9349ec19f8ae Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Fri, 18 Nov 2022 12:35:33 +0100
+Subject: [PATCH 3/3] signature: Clamp PSS salt len to MD len
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
+5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
+salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of
+the hash function output block (in bytes)."
+
+Introduce a new option RSA_PSS_SALTLEN_AUTO_DIGEST_MAX and make it the
+default. The new value will behave like RSA_PSS_SALTLEN_AUTO, but will
+not use more than the digest legth when signing, so that FIPS 186-4 is
+not violated. This value has two advantages when compared with
+RSA_PSS_SALTLEN_DIGEST: (1) It will continue to do auto-detection when
+verifying signatures for maximum compatibility, where
+RSA_PSS_SALTLEN_DIGEST would fail for other digest sizes. (2) It will
+work for combinations where the maximum salt length is smaller than the
+digest size, which typically happens with large digest sizes (e.g.,
+SHA-512) and small RSA keys.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ crypto/rsa/rsa_ameth.c                        | 18 ++++++++-
+ crypto/rsa/rsa_pss.c                          | 26 ++++++++++--
+ doc/man3/EVP_PKEY_CTX_ctrl.pod                | 11 ++++-
+ doc/man7/EVP_SIGNATURE-RSA.pod                |  5 +++
+ include/openssl/core_names.h                  |  1 +
+ include/openssl/rsa.h                         |  3 ++
+ providers/implementations/signature/rsa_sig.c | 40 ++++++++++++++-----
+ test/recipes/25-test_req.t                    |  2 +-
+ 8 files changed, 87 insertions(+), 19 deletions(-)
+
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
+index 61ec53d424..e69a98d116 100644
+--- a/crypto/rsa/rsa_ameth.c
++++ b/crypto/rsa/rsa_ameth.c
+@@ -450,6 +450,7 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
+     const EVP_MD *sigmd, *mgf1md;
+     EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
+     int saltlen;
++    int saltlenMax = -1;
+ 
+     if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
+         return NULL;
+@@ -457,14 +458,27 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
+         return NULL;
+     if (EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen) <= 0)
+         return NULL;
+-    if (saltlen == -1) {
++    if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
+         saltlen = EVP_MD_get_size(sigmd);
+-    } else if (saltlen == -2 || saltlen == -3) {
++    } else if (saltlen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
++        /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm",
++         * subsection 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in
++         * bytes) of the salt (sLen) shall satisfy 0 <= sLen <= hLen, where
++         * hLen is the length of the hash function output block (in bytes)."
++         *
++         * Provide a way to use at most the digest length, so that the default
++         * does not violate FIPS 186-4. */
++        saltlen = RSA_PSS_SALTLEN_MAX;
++        saltlenMax = EVP_MD_get_size(sigmd);
++    }
++    if (saltlen == RSA_PSS_SALTLEN_MAX || saltlen == RSA_PSS_SALTLEN_AUTO) {
+         saltlen = EVP_PKEY_get_size(pk) - EVP_MD_get_size(sigmd) - 2;
+         if ((EVP_PKEY_get_bits(pk) & 0x7) == 1)
+             saltlen--;
+         if (saltlen < 0)
+             return NULL;
++        if (saltlenMax >= 0 && saltlen > saltlenMax)
++            saltlen = saltlenMax;
+     }
+ 
+     return ossl_rsa_pss_params_create(sigmd, mgf1md, saltlen);
+diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
+index 33874bfef8..430c36eb2a 100644
+--- a/crypto/rsa/rsa_pss.c
++++ b/crypto/rsa/rsa_pss.c
+@@ -61,11 +61,12 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+      *      -1      sLen == hLen
+      *      -2      salt length is autorecovered from signature
+      *      -3      salt length is maximized
++     *      -4      salt length is autorecovered from signature
+      *      -N      reserved
+      */
+     if (sLen == RSA_PSS_SALTLEN_DIGEST) {
+         sLen = hLen;
+-    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
++    } else if (sLen < RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
+         ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED);
+         goto err;
+     }
+@@ -112,7 +113,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+         ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_RECOVERY_FAILED);
+         goto err;
+     }
+-    if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) {
++    if (sLen != RSA_PSS_SALTLEN_AUTO
++            && sLen != RSA_PSS_SALTLEN_AUTO_DIGEST_MAX
++            && (maskedDBLen - i) != sLen) {
+         ERR_raise_data(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED,
+                        "expected: %d retrieved: %d", sLen,
+                        maskedDBLen - i);
+@@ -160,6 +163,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+     int hLen, maskedDBLen, MSBits, emLen;
+     unsigned char *H, *salt = NULL, *p;
+     EVP_MD_CTX *ctx = NULL;
++    int sLenMax = -1;
+ 
+     if (mgf1Hash == NULL)
+         mgf1Hash = Hash;
+@@ -172,13 +176,25 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+      *      -1      sLen == hLen
+      *      -2      salt length is maximized
+      *      -3      same as above (on signing)
++     *      -4      salt length is min(hLen, maximum salt length)
+      *      -N      reserved
+      */
++    /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
++     * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
++     * salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of
++     * the hash function output block (in bytes)."
++     *
++     * Provide a way to use at most the digest length, so that the default does
++     * not violate FIPS 186-4. */
+     if (sLen == RSA_PSS_SALTLEN_DIGEST) {
+         sLen = hLen;
+-    } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) {
++    } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN
++            || sLen == RSA_PSS_SALTLEN_AUTO) {
+         sLen = RSA_PSS_SALTLEN_MAX;
+-    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
++    } else if (sLen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
++        sLen = RSA_PSS_SALTLEN_MAX;
++        sLenMax = hLen;
++    } else if (sLen < RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
+         ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED);
+         goto err;
+     }
+@@ -195,6 +211,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+     }
+     if (sLen == RSA_PSS_SALTLEN_MAX) {
+         sLen = emLen - hLen - 2;
++        if (sLenMax >= 0 && sLen > sLenMax)
++            sLen = sLenMax;
+     } else if (sLen > emLen - hLen - 2) {
+         ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+         goto err;
+diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
+index 3075eaafd6..9b96f42dbc 100644
+--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
++++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
+@@ -270,8 +270,8 @@ EVP_PKEY_CTX_get_rsa_padding() gets the RSA padding mode for I<ctx>.
+ 
+ EVP_PKEY_CTX_set_rsa_pss_saltlen() sets the RSA PSS salt length to I<saltlen>.
+ As its name implies it is only supported for PSS padding. If this function is
+-not called then the maximum salt length is used when signing and auto detection
+-when verifying. Three special values are supported:
++not called then the salt length is maximized up to the digest length when
++signing and auto detection when verifying. Four special values are supported:
+ 
+ =over 4
+ 
+@@ -289,6 +289,13 @@ causes the salt length to be automatically determined based on the
+ B<PSS> block structure when verifying.  When signing, it has the same
+ meaning as B<RSA_PSS_SALTLEN_MAX>.
+ 
++=item B<RSA_PSS_SALTLEN_AUTO_DIGEST_MAX>
++
++causes the salt length to be automatically determined based on the B<PSS> block
++structure when verifying, like B<RSA_PSS_SALTLEN_AUTO>.  When signing, the salt
++length is maximized up to a maximum of the digest length to comply with FIPS
++186-4 section 5.5.
++
+ =back
+ 
+ EVP_PKEY_CTX_get_rsa_pss_saltlen() gets the RSA PSS salt length for I<ctx>.
+diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod
+index 1ce32cc443..13d053e262 100644
+--- a/doc/man7/EVP_SIGNATURE-RSA.pod
++++ b/doc/man7/EVP_SIGNATURE-RSA.pod
+@@ -68,6 +68,11 @@ Use the maximum salt length.
+ 
+ Auto detect the salt length.
+ 
++=item "auto-digestmax" (B<OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX>)
++
++Auto detect the salt length when verifying.  Maximize the salt length up to the
++digest size when signing to comply with FIPS 186-4 section 5.5.
++
+ =back
+ 
+ =back
+diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
+index 69c59f0b46..5779f41427 100644
+--- a/include/openssl/core_names.h
++++ b/include/openssl/core_names.h
+@@ -399,6 +399,7 @@ extern "C" {
+ #define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+ #define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX    "max"
+ #define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO   "auto"
++#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
+ 
+ /* Key generation parameters */
+ #define OSSL_PKEY_PARAM_RSA_BITS             OSSL_PKEY_PARAM_BITS
+diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
+index a55c9727c6..daf55bc6d4 100644
+--- a/include/openssl/rsa.h
++++ b/include/openssl/rsa.h
+@@ -137,6 +137,9 @@ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+ # define RSA_PSS_SALTLEN_AUTO   -2
+ /* Set salt length to maximum possible */
+ # define RSA_PSS_SALTLEN_MAX    -3
++/* Auto-detect on verify, set salt length to min(maximum possible, digest
++ * length) on sign */
++# define RSA_PSS_SALTLEN_AUTO_DIGEST_MAX  -4
+ /* Old compatible max salt length for sign only */
+ # define RSA_PSS_SALTLEN_MAX_SIGN    -2
+ 
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 0c45008a00..1a787d77db 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -191,8 +191,8 @@ static void *rsa_newctx(void *provctx, const char *propq)
+     prsactx->libctx = PROV_LIBCTX_OF(provctx);
+     prsactx->flag_allow_md = 1;
+     prsactx->propq = propq_copy;
+-    /* Maximum for sign, auto for verify */
+-    prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
++    /* Maximum up to digest length for sign, auto for verify */
++    prsactx->saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX;
+     prsactx->min_saltlen = -1;
+     return prsactx;
+ }
+@@ -200,13 +200,27 @@ static void *rsa_newctx(void *provctx, const char *propq)
+ static int rsa_pss_compute_saltlen(PROV_RSA_CTX *ctx)
+ {
+     int saltlen = ctx->saltlen;
+- 
++    int saltlenMax = -1;
++
++    /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
++     * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
++     * salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of
++     * the hash function output block (in bytes)."
++     *
++     * Provide a way to use at most the digest length, so that the default does
++     * not violate FIPS 186-4. */
+     if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
+         saltlen = EVP_MD_get_size(ctx->md);
+-    } else if (saltlen == RSA_PSS_SALTLEN_AUTO || saltlen == RSA_PSS_SALTLEN_MAX) {
++    } else if (saltlen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
++        saltlen = RSA_PSS_SALTLEN_MAX;
++        saltlenMax = EVP_MD_get_size(ctx->md);
++    }
++    if (saltlen == RSA_PSS_SALTLEN_MAX || saltlen == RSA_PSS_SALTLEN_AUTO) {
+         saltlen = RSA_size(ctx->rsa) - EVP_MD_get_size(ctx->md) - 2;
+         if ((RSA_bits(ctx->rsa) & 0x7) == 1)
+             saltlen--;
++        if (saltlenMax >= 0 && saltlen > saltlenMax)
++            saltlen = saltlenMax;
+     }
+     if (saltlen < 0) {
+         ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+@@ -411,8 +425,8 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
+ 
+     prsactx->operation = operation;
+ 
+-    /* Maximum for sign, auto for verify */
+-    prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
++    /* Maximize up to digest length for sign, auto for verify */
++    prsactx->saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX;
+     prsactx->min_saltlen = -1;
+ 
+     switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) {
+@@ -1110,6 +1124,9 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
+             case RSA_PSS_SALTLEN_AUTO:
+                 value = OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO;
+                 break;
++            case RSA_PSS_SALTLEN_AUTO_DIGEST_MAX:
++                value = OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX;
++                break;
+             default:
+                 {
+                     int len = BIO_snprintf(p->data, p->data_size, "%d",
+@@ -1297,6 +1314,8 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+                 saltlen = RSA_PSS_SALTLEN_MAX;
+             else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO) == 0)
+                 saltlen = RSA_PSS_SALTLEN_AUTO;
++            else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX) == 0)
++                saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX;
+             else
+                 saltlen = atoi(p->data);
+             break;
+@@ -1305,11 +1324,11 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+         }
+ 
+         /*
+-         * RSA_PSS_SALTLEN_MAX seems curiously named in this check.
+-         * Contrary to what it's name suggests, it's the currently
+-         * lowest saltlen number possible.
++         * RSA_PSS_SALTLEN_AUTO_DIGEST_MAX seems curiously named in this check.
++         * Contrary to what it's name suggests, it's the currently lowest
++         * saltlen number possible.
+          */
+-        if (saltlen < RSA_PSS_SALTLEN_MAX) {
++        if (saltlen < RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
+             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH);
+             return 0;
+         }
+@@ -1317,6 +1336,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+         if (rsa_pss_restricted(prsactx)) {
+             switch (saltlen) {
+             case RSA_PSS_SALTLEN_AUTO:
++            case RSA_PSS_SALTLEN_AUTO_DIGEST_MAX:
+                 if (prsactx->operation == EVP_PKEY_OP_VERIFY) {
+                     ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH,
+                                    "Cannot use autodetected salt length");
+diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
+index e615f1b338..35541aed12 100644
+--- a/test/recipes/25-test_req.t
++++ b/test/recipes/25-test_req.t
+@@ -199,7 +199,7 @@ subtest "generating certificate requests with RSA-PSS" => sub {
+         ok(!run(app(["openssl", "req",
+                      "-config", srctop_file("test", "test.cnf"),
+                      "-new", "-out", "testreq-rsapss3.pem", "-utf8",
+-                     "-sigopt", "rsa_pss_saltlen:-4",
++                     "-sigopt", "rsa_pss_saltlen:-5",
+                      "-key", srctop_file("test", "testrsapss.pem")])),
+            "Generating request with expected failure");
+ 
+-- 
+2.38.1
+
diff --git a/0090-FIPS-RSA-encapsulate.patch b/0091-FIPS-RSA-encapsulate.patch
similarity index 100%
rename from 0090-FIPS-RSA-encapsulate.patch
rename to 0091-FIPS-RSA-encapsulate.patch
diff --git a/0091-provider-improvements.patch b/0092-provider-improvements.patch
similarity index 100%
rename from 0091-provider-improvements.patch
rename to 0092-provider-improvements.patch
diff --git a/openssl.spec b/openssl.spec
index 1a2b7e5..a196871 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -147,11 +147,13 @@ Patch85: 0085-FIPS-RSA-disable-shake.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142087
 Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142087
-Patch89: 0089-signature-Clamp-PSS-salt-len-to-MD-len.patch
+Patch89: 0089-PSS-salt-length-from-provider.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2142087
+Patch90: 0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2144561
-Patch90: 0090-FIPS-RSA-encapsulate.patch
+Patch91: 0091-FIPS-RSA-encapsulate.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142517
-Patch91: 0091-provider-improvements.patch
+Patch92: 0092-provider-improvements.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -493,6 +495,11 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2083879
 - Backport of ppc64le Montgomery multiply enhancement
   Resolves: rhbz#2130708
+- Fix explicit indicator for PSS salt length in FIPS mode when used with
+  negative magic values
+  Resolves: rhbz#2142087
+- Update change to default PSS salt length with patch state from upstream 
+  Related: rhbz#2142087
 
 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
 - Rebasing to OpenSSL 3.0.7

From b19d91aec3699d175146b9812e365e0d3e838c3c Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Thu, 5 Jan 2023 11:42:50 +0100
Subject: [PATCH 19/28] Refactor OpenSSL fips module MAC verification

Resolves: rhbz#2157965
---
 0033-FIPS-embed-hmac.patch | 107 +++++++++++++++----------------------
 openssl.spec               |   6 ++-
 2 files changed, 49 insertions(+), 64 deletions(-)

diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch
index c788072..484a75e 100644
--- a/0033-FIPS-embed-hmac.patch
+++ b/0033-FIPS-embed-hmac.patch
@@ -1,7 +1,7 @@
-diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/providers/fips/self_test.c
---- openssl-3.0.0/providers/fips/self_test.c.embed-hmac	2021-11-16 13:57:05.127171056 +0100
-+++ openssl-3.0.0/providers/fips/self_test.c	2021-11-16 14:07:21.963412455 +0100
-@@ -171,11 +171,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
+diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/providers/fips/self_test.c
+--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac	2023-01-05 10:03:44.864869710 +0100
++++ openssl-3.0.7/providers/fips/self_test.c	2023-01-05 10:15:17.041606472 +0100
+@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
  }
  #endif
  
@@ -29,13 +29,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
  static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
                              unsigned char *expected, size_t expected_len,
                              OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-@@ -183,14 +199,26 @@ static int verify_integrity(OSSL_CORE_BI
- {
-     int ret = 0, status;
-     unsigned char out[MAX_MD_SIZE];
--    unsigned char buf[INTEGRITY_BUF_SIZE];
-+    unsigned char buf[INTEGRITY_BUF_SIZE+HMAC_LEN];
-     size_t bytes_read = 0, out_len = 0;
+@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI
      EVP_MAC *mac = NULL;
      EVP_MAC_CTX *ctx = NULL;
      OSSL_PARAM params[2], *p = params;
@@ -44,7 +38,6 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
 +    struct link_map *lm = NULL;
 +    unsigned long paddr;
 +    unsigned long off = 0;
-+    int have_rest = 0;
  
      OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
  
@@ -57,64 +50,52 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
      mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
      if (mac == NULL)
          goto err;
-@@ -204,12 +233,53 @@ static int verify_integrity(OSSL_CORE_BI
+@@ -205,13 +233,42 @@ static int verify_integrity(OSSL_CORE_BI
      if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
          goto err;
  
-+    status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
-+    if (status != 1 || bytes_read != HMAC_LEN)
-+        goto err;
-+    off += HMAC_LEN;
-+
-     while (1) {
+-    while (1) {
 -        status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
--        if (status != 1)
-+        status = read_ex_cb(bio, buf+HMAC_LEN, INTEGRITY_BUF_SIZE, &bytes_read);
-+        if (status != 1) {
-+            have_rest = 1;
-+            break;
-+        }
-+
-+        if (bytes_read == INTEGRITY_BUF_SIZE) { /* Full block */
-+            /* Logic:
-+             * We have HMAC_LEN (read before) + INTEGRITY_BUF_SIZE (read now) in buffer
-+             * We calculate HMAC from first INTEGRITY_BUF_SIZE bytes
-+             * and move last HMAC_LEN bytes to the beginning of the buffer
-+             *
-+             * If we have read (a part of) buffer fips_hmac_container
-+             * we should replace it with zeros.
-+             * If it is inside our current buffer, we will update now.
-+             * If it intersects the upper bound, we will clean up on the next step.
-+             */
-+            if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
-+                memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
-+            off += bytes_read;
-+
-+            if (!EVP_MAC_update(ctx, buf, bytes_read))
-+                goto err;
-+            memcpy (buf, buf+INTEGRITY_BUF_SIZE, HMAC_LEN);
-+        } else { /* Final block */
-+            /* Logic is basically the same as in previous branch
-+             * but we calculate HMAC from HMAC_LEN (rest of previous step)
-+             * and bytes_read read on this step
-+             * */
-+            if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
-+                memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
-+            if (!EVP_MAC_update(ctx, buf, bytes_read+HMAC_LEN))
-+                goto err;
-+            off += bytes_read;
++    while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
++        status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
+         if (status != 1)
              break;
--        if (!EVP_MAC_update(ctx, buf, bytes_read))
-+        }
-+    }
-+    if (have_rest) {
-+        if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
+         if (!EVP_MAC_update(ctx, buf, bytes_read))
              goto err;
-+        off += HMAC_LEN;
++	off += bytes_read;
      }
++
++    if (off + INTEGRITY_BUF_SIZE > paddr) {
++        int delta = paddr - off;
++        status = read_ex_cb(bio, buf, delta, &bytes_read);
++        if (status != 1)
++            goto err;
++        if (!EVP_MAC_update(ctx, buf, bytes_read))
++            goto err;
++	off += bytes_read;
++
++        status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
++        memset(buf, 0, HMAC_LEN);
++        if (status != 1)
++            goto err;
++        if (!EVP_MAC_update(ctx, buf, bytes_read))
++            goto err;
++	off += bytes_read;
++    }
++
++    while (bytes_read > 0) {
++        status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
++        if (status != 1)
++            break;
++        if (!EVP_MAC_update(ctx, buf, bytes_read))
++            goto err;
++	off += bytes_read;
++    }
++
      if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
          goto err;
-@@ -284,8 +358,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+ 
+@@ -285,8 +342,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
          CRYPTO_THREAD_unlock(fips_state_lock);
      }
  
@@ -124,7 +105,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
          ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
          goto end;
      }
-@@ -294,8 +367,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+@@ -305,8 +361,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
      if (ev == NULL)
          goto end;
  
@@ -136,7 +117,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
      if (module_checksum == NULL) {
          ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
          goto end;
-@@ -357,7 +431,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
      ok = 1;
  end:
      OSSL_SELF_TEST_free(ev);
diff --git a/openssl.spec b/openssl.spec
index a196871..3f58b13 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -484,6 +484,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-3
+- Refactor OpenSSL fips module MAC verification
+  Resolves: rhbz#2157965
+
 * Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
 - Various provider-related imrovements necessary for PKCS#11 provider correct operations
   Resolves: rhbz#2142517

From 770dcce08bb1508e8bed0a6bf7b24420f5c8d528 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Wed, 11 Jan 2023 14:10:26 +0100
Subject: [PATCH 20/28] Disallow SHAKE in OAEP decryption in FIPS mode

This was already blocked for encryption and for both signature creation
and verification in RSASSA-PSS, but RSA-OAEP decryption was missing.

Resolves: rhbz#2142121
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
 0085-FIPS-RSA-disable-shake.patch | 76 ++++++++++++++++++++++++++-----
 openssl.spec                      |  6 ++-
 2 files changed, 70 insertions(+), 12 deletions(-)

diff --git a/0085-FIPS-RSA-disable-shake.patch b/0085-FIPS-RSA-disable-shake.patch
index 4c4c5c5..8aa3d45 100644
--- a/0085-FIPS-RSA-disable-shake.patch
+++ b/0085-FIPS-RSA-disable-shake.patch
@@ -1,7 +1,32 @@
-diff -up openssl-3.0.1/crypto/rsa/rsa_oaep.c.oaep openssl-3.0.1/crypto/rsa/rsa_oaep.c
---- openssl-3.0.1/crypto/rsa/rsa_oaep.c.oaep	2022-11-14 13:45:05.970402064 +0100
-+++ openssl-3.0.1/crypto/rsa/rsa_oaep.c	2022-11-14 13:51:20.725741198 +0100
-@@ -78,8 +78,22 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1
+From 52b347703ba2b98a0efee86c1a483c2f0f9f73d6 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Wed, 11 Jan 2023 12:52:59 +0100
+Subject: [PATCH] rsa: Disallow SHAKE in OAEP and PSS in FIPS prov
+
+According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms
+must not be used in higher-level algorithms (such as RSA-OAEP and
+RSASSA-PSS):
+
+"To be used in an approved mode of operation, the SHA-3 hash functions
+may be implemented either as part of an approved higher-level algorithm,
+for example, a digital signature algorithm, or as the standalone
+functions. The SHAKE128 and SHAKE256 extendable-output functions may
+only be used as the standalone algorithms."
+
+Add a check to prevent their use as message digest in PSS signatures and
+as MGF1 hash function in both OAEP and PSS.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++
+ crypto/rsa/rsa_pss.c  | 16 ++++++++++++++++
+ 2 files changed, 44 insertions(+)
+
+diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
+index d9be1a4f98..dfe9c9f0e8 100644
+--- a/crypto/rsa/rsa_oaep.c
++++ b/crypto/rsa/rsa_oaep.c
+@@ -73,9 +73,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
          return 0;
  #endif
      }
@@ -14,20 +39,46 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_oaep.c.oaep openssl-3.0.1/crypto/rsa/rsa_o
 +#endif
      if (mgf1md == NULL)
          mgf1md = md;
-+
+ 
 +#ifdef FIPS_MODULE
 +    if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
 +        ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
 +        return 0;
 +    }
 +#endif
- 
++
      mdlen = EVP_MD_get_size(md);
      if (mdlen <= 0) {
-diff -up openssl-3.0.1/crypto/rsa/rsa_pss.c.oaep openssl-3.0.1/crypto/rsa/rsa_pss.c
---- openssl-3.0.1/crypto/rsa/rsa_pss.c.oaep	2022-11-15 14:53:11.103467808 +0100
-+++ openssl-3.0.1/crypto/rsa/rsa_pss.c	2022-11-15 15:00:07.233966865 +0100
-@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa,
+         ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
+@@ -181,9 +195,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+ #endif
+     }
+ 
++#ifdef FIPS_MODULE
++    if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
++        ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
++        return -1;
++    }
++#endif
++
+     if (mgf1md == NULL)
+         mgf1md = md;
+ 
++#ifdef FIPS_MODULE
++    if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
++        ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
++        return -1;
++    }
++#endif
++
+     mdlen = EVP_MD_get_size(md);
+ 
+     if (tlen <= 0 || flen <= 0)
+diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
+index 33874bfef8..e8681b0351 100644
+--- a/crypto/rsa/rsa_pss.c
++++ b/crypto/rsa/rsa_pss.c
+@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
      if (mgf1Hash == NULL)
          mgf1Hash = Hash;
  
@@ -42,7 +93,7 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_pss.c.oaep openssl-3.0.1/crypto/rsa/rsa_ps
      hLen = EVP_MD_get_size(Hash);
      if (hLen < 0)
          goto err;
-@@ -164,6 +172,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *
+@@ -164,6 +172,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
      if (mgf1Hash == NULL)
          mgf1Hash = Hash;
  
@@ -57,3 +108,6 @@ diff -up openssl-3.0.1/crypto/rsa/rsa_pss.c.oaep openssl-3.0.1/crypto/rsa/rsa_ps
      hLen = EVP_MD_get_size(Hash);
      if (hLen < 0)
          goto err;
+-- 
+2.39.0
+
diff --git a/openssl.spec b/openssl.spec
index 3f58b13..f3e5414 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.7
-Release: 3%{?dist}
+Release: 4%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -484,6 +484,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
+- Disallow SHAKE in RSA-OAEP decryption in FIPS mode
+  Resolves: rhbz#2142121
+
 * Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-3
 - Refactor OpenSSL fips module MAC verification
   Resolves: rhbz#2157965

From 593a315f093fbe7db0a027a06957d5700e2db7cd Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 8 Feb 2023 11:37:11 +0100
Subject: [PATCH 21/28] Fixed X.509 Name Constraints Read Buffer Overflow

Resolves: CVE-2022-4203
---
 0101-CVE-2022-4203-nc-match.patch | 281 ++++++++++++++++++++++++++++++
 openssl.spec                      |   9 +-
 2 files changed, 289 insertions(+), 1 deletion(-)
 create mode 100644 0101-CVE-2022-4203-nc-match.patch

diff --git a/0101-CVE-2022-4203-nc-match.patch b/0101-CVE-2022-4203-nc-match.patch
new file mode 100644
index 0000000..860deac
--- /dev/null
+++ b/0101-CVE-2022-4203-nc-match.patch
@@ -0,0 +1,281 @@
+From c927a3492698c254637da836762f9b1f86cffabc Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <openssl-users@dukhovni.org>
+Date: Tue, 13 Dec 2022 08:49:13 +0100
+Subject: [PATCH 01/18] Fix type confusion in nc_match_single()
+
+This function assumes that if the "gen" is an OtherName, then the "base"
+is a rfc822Name constraint. This assumption is not true in all cases.
+If the end-entity certificate contains an OtherName SAN of any type besides
+SmtpUtf8Mailbox and the CA certificate contains a name constraint of
+OtherName (of any type), then "nc_email_eai" will be invoked, with the
+OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING.
+
+Reported by Corey Bonnell from Digicert.
+
+CVE-2022-4203
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/x509/v3_ncons.c | 45 +++++++++++++++++++++++++++++-------------
+ 1 file changed, 31 insertions(+), 14 deletions(-)
+
+diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
+index 70a7e8304e..5101598512 100644
+--- a/crypto/x509/v3_ncons.c
++++ b/crypto/x509/v3_ncons.c
+@@ -31,7 +31,8 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
+ 
+ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
+-static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
++static int nc_match_single(int effective_type, GENERAL_NAME *sub,
++                           GENERAL_NAME *gen);
+ static int nc_dn(const X509_NAME *sub, const X509_NAME *nm);
+ static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
+ static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
+@@ -472,14 +473,17 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+ {
+     GENERAL_SUBTREE *sub;
+     int i, r, match = 0;
++    int effective_type = gen->type;
++
+     /*
+      * We need to compare not gen->type field but an "effective" type because
+      * the otherName field may contain EAI email address treated specially
+      * according to RFC 8398, section 6
+      */
+-    int effective_type = ((gen->type == GEN_OTHERNAME) &&
+-                          (OBJ_obj2nid(gen->d.otherName->type_id) ==
+-                           NID_id_on_SmtpUTF8Mailbox)) ? GEN_EMAIL : gen->type;
++    if (effective_type == GEN_OTHERNAME &&
++        (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox)) {
++        effective_type = GEN_EMAIL;
++    }
+ 
+     /*
+      * Permitted subtrees: if any subtrees exist of matching the type at
+@@ -488,7 +492,10 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+ 
+     for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
+         sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
+-        if (effective_type != sub->base->type)
++        if (effective_type != sub->base->type
++            || (effective_type == GEN_OTHERNAME &&
++                OBJ_cmp(gen->d.otherName->type_id,
++                        sub->base->d.otherName->type_id) != 0))
+             continue;
+         if (!nc_minmax_valid(sub))
+             return X509_V_ERR_SUBTREE_MINMAX;
+@@ -497,7 +504,7 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+             continue;
+         if (match == 0)
+             match = 1;
+-        r = nc_match_single(gen, sub->base);
++        r = nc_match_single(effective_type, gen, sub->base);
+         if (r == X509_V_OK)
+             match = 2;
+         else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+@@ -511,12 +518,15 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+ 
+     for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
+         sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
+-        if (effective_type != sub->base->type)
++        if (effective_type != sub->base->type
++            || (effective_type == GEN_OTHERNAME &&
++                OBJ_cmp(gen->d.otherName->type_id,
++                        sub->base->d.otherName->type_id) != 0))
+             continue;
+         if (!nc_minmax_valid(sub))
+             return X509_V_ERR_SUBTREE_MINMAX;
+ 
+-        r = nc_match_single(gen, sub->base);
++        r = nc_match_single(effective_type, gen, sub->base);
+         if (r == X509_V_OK)
+             return X509_V_ERR_EXCLUDED_VIOLATION;
+         else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+@@ -528,15 +538,22 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+ 
+ }
+ 
+-static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
++static int nc_match_single(int effective_type, GENERAL_NAME *gen,
++                           GENERAL_NAME *base)
+ {
+     switch (gen->type) {
+     case GEN_OTHERNAME:
+-        /*
+-         * We are here only when we have SmtpUTF8 name,
+-         * so we match the value of othername with base->d.rfc822Name
+-         */
+-        return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name);
++        switch (effective_type) {
++        case GEN_EMAIL:
++            /*
++             * We are here only when we have SmtpUTF8 name,
++             * so we match the value of othername with base->d.rfc822Name
++             */
++            return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name);
++
++        default:
++            return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
++        }
+ 
+     case GEN_DIRNAME:
+         return nc_dn(gen->d.directoryName, base->d.directoryName);
+-- 
+2.39.1
+
+From fe6842f5a5dc2fb66da7fb24bf4343a3aeedd50a Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 13 Dec 2022 19:45:09 +0100
+Subject: [PATCH 02/18] Add testcase for nc_match_single type confusion
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+---
+ test/certs/bad-othername-cert.pem | 20 ++++++++++++++++++++
+ test/certs/nccaothername-cert.pem | 20 ++++++++++++++++++++
+ test/certs/nccaothername-key.pem  | 28 ++++++++++++++++++++++++++++
+ test/certs/setup.sh               | 11 +++++++++++
+ test/recipes/25-test_verify.t     |  5 ++++-
+ 5 files changed, 83 insertions(+), 1 deletion(-)
+ create mode 100644 test/certs/bad-othername-cert.pem
+ create mode 100644 test/certs/nccaothername-cert.pem
+ create mode 100644 test/certs/nccaothername-key.pem
+
+diff --git a/test/certs/bad-othername-cert.pem b/test/certs/bad-othername-cert.pem
+new file mode 100644
+index 0000000000..cf279de5ea
+--- /dev/null
++++ b/test/certs/bad-othername-cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDRDCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0
++IE5DIENBIG90aGVybmFtZTAgFw0yMjEyMTMxODMzMTZaGA8yMTIyMTIxNDE4MzMx
++NlowMTEvMC0GA1UECgwmTkMgZW1haWwgaW4gb3RoZXJuYW1lIFRlc3QgQ2VydGlm
++aWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgeoakqHk1zYt
++JZpEC0qkJPU/X0lfI+6GY2LHFY9KOSFqqmTXxrUtjQc3SdpQvBZhPuMZ8p82Jid2
++kkRHnWs0uqX9NtLO923yQalYvP6Mt3fokcYgw/C9b+I/q1PKUyN0kPB6McROguD5
++Jz2DcEufJBhbpyay1bFjEI2DAQJKDP/U7uH0EA7kH/27UMk0vfvL5uVjDvlo8i6S
++Ul8+u0cDV5ZFJW2VAJKLU3wp6IY4fZl9UqkHZuRQpMJGqAjAleWOIEpyyvfGGh0b
++75n3GJ+4YZ7CIBEgY7K0nIbKxtcDZPvmtbYg3g1tkPMTHcodFT7yEdqkBTJ5AGL7
++6U850OhjAgMBAAGjdzB1MB0GA1UdDgQWBBTBz0k+q6d4c3aM+s2IyOF/QP6zCTAf
++BgNVHSMEGDAWgBTwhghX7uNdMejZ3f4XorqOQoMqwTAJBgNVHRMEAjAAMCgGA1Ud
++EQQhMB+gHQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEB
++CwUAA4IBAQAhxbCEVH8pq0aUMaLWaodyXdCqA0AKTFG6Mz9Rpwn89OwC8FylTEru
++t+Bqx/ZuTo8YzON8h9m7DIrQIjZKDLW/g5YbvIsxIVV9gWhAGohdsIyMKRBepSmr
++NxJQkO74RLBTamfl0WUCVM4HqroflFjBBG67CTJaQ9cH9ug3TKxaXCK1L6iQAXtq
++enILGai98Byo0LCFH4MQOhmhV1BDT2boIG/iYb5VKCTSX25vhaF+PNBhUoysjW0O
++vhQX8vrw42QRr4Qi7VfUBXzrbRTzxjOc4yqki7h2DcEdpginqe+aGyaFY+H9m/ka
++1AR5KN8h5SYKltSXknjs0pp1w4k49aHl
++-----END CERTIFICATE-----
+diff --git a/test/certs/nccaothername-cert.pem b/test/certs/nccaothername-cert.pem
+new file mode 100644
+index 0000000000..f9b9b07b80
+--- /dev/null
++++ b/test/certs/nccaothername-cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDPjCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
++IENBMCAXDTIyMTIxMzE4MTgwM1oYDzIxMjIxMjE0MTgxODAzWjAfMR0wGwYDVQQD
++DBRUZXN0IE5DIENBIG90aGVybmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
++AQoCggEBAN0Dx+ei8CgtRKnDcYiLwX4vrA48at/o/zfX24X/WZZM1o9HUKo1FQBN
++vhESJu+gqPxuIePrk+/L25XdRqwCKk8wkWX0XIz18q5orOHUUFAWNK3g0FDj6N8H
++d8urNIbDJ44FCx+/0n8Ppiht/EYN3aVOW5enqbgZ+EEt+3AUG6ibieRdGri9g4oh
++IIx60MmVHLbuT/TcVZxaeWyTl6iWmsYosUyqlhTtu1uGtbVtkCAhBYloVvz4J5eA
++mVu/JuJbsNxbxVeO9Q8Kj6nb4jPPdGvZ3JPcabbWrz5LwaereBf5IPrXEVdQTlYB
++gI0pTz2CEDHSIrd7jzRUX/9EC2gMk6UCAwEAAaOBjzCBjDAPBgNVHRMBAf8EBTAD
++AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU8IYIV+7jXTHo2d3+F6K6jkKDKsEw
++HwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwLAYDVR0eBCUwI6EhMB+g
++HQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IB
++AQDPI5uZd8DhSNKMvYF5bxOshd6h6UJ7YzZS7K6fhiygltdqzkHQ/5+4yiuUkDe4
++hOZlH8MCfXQy5jVZDTk24yNchpdfie5Bswn4SmQVQh3QyzOLxizoh0rLCf2PHueu
++dNVNhfiiJNJ5kd8MIuVG7CPK68dP0QrVR+DihROuJgvGB3ClKttLrgle19t4PFRR
++2wW6hJT9aXEjzLNyN1QFZKoShuiGX4xwjZh7VyKkV64p8hjojhcLk6dQkel+Jw4y
++OP26XbVfM8/6KG8f6WAZ8P0qJwHlhmi0EvRTnEpAM8WuenOeZH6ERZ9uZbRGh6xx
++LKQu2Aw2+bOEZ2vUtz0dBhX8
++-----END CERTIFICATE-----
+diff --git a/test/certs/nccaothername-key.pem b/test/certs/nccaothername-key.pem
+new file mode 100644
+index 0000000000..d3e300ac2f
+--- /dev/null
++++ b/test/certs/nccaothername-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDdA8fnovAoLUSp
++w3GIi8F+L6wOPGrf6P8319uF/1mWTNaPR1CqNRUATb4REibvoKj8biHj65Pvy9uV
++3UasAipPMJFl9FyM9fKuaKzh1FBQFjSt4NBQ4+jfB3fLqzSGwyeOBQsfv9J/D6Yo
++bfxGDd2lTluXp6m4GfhBLftwFBuom4nkXRq4vYOKISCMetDJlRy27k/03FWcWnls
++k5eolprGKLFMqpYU7btbhrW1bZAgIQWJaFb8+CeXgJlbvybiW7DcW8VXjvUPCo+p
++2+Izz3Rr2dyT3Gm21q8+S8Gnq3gX+SD61xFXUE5WAYCNKU89ghAx0iK3e480VF//
++RAtoDJOlAgMBAAECggEAMFSJlCyEFlER3Qq9asXe9eRgXEuXdmfZ2aEVIuf8M/sR
++B0tpxxKtCUA24j5FL+0CzxKZTCFBnDRIzCyTbf1aOa9t+CzXyUZmP3/p4EdgmabF
++dcl93FZ+X7kfF/VUGu0Vmv+c12BH3Fu0cs5cVohlMecg7diu6zCYok43F+L5ymRy
++2mTcKkGc0ShWizj8Z9R3WJGssZOlxbxa/Zr4rZwRC24UVhfN8AfGWYx/StyQPQIw
++gtbbtOmwbyredQmY4jwNqgrnfZS9bkWwJbRuCmD5l7lxubBgcHQpoM+DQVeOLZIq
++uksFXeNfal9G5Bo747MMzpD7dJMCGmX+gbMY5oZF+QKBgQDs2MbY4nbxi+fV+KuV
++zUvis8m8Lpzf3T6NLkgSkUPRN9tGr95iLIrB/bRPJg5Ne02q/cT7d86B9rpE42w7
++eeIF9fANezX2AF8LUqNZhIR23J3tfB/eqGlJRZeMNia+lD09a7SWGwrS7sufY1I+
++JQGcHx77ntt+eQT1MUJ1skF06QKBgQDu4z+TW4QIA5ItxIReVdcfh5e3xLkzDEVP
++3KNo9tpXxvPwqapdeBh6c9z4Lqe3MKr5UPlDvVW+o40t6OjKxDCXczB8+JAM0OyX
++8V+K3zXXUxRgieSd3oMncTylSWIvouPP3aW37B67TKdRlRHgaBrpJT2wdk3kYR4t
++62J1eDdjXQKBgQDMsY0pZI/nskJrar7geM1c4IU5Xg+2aj/lRFqFsYYrC1s3fEd2
++EYjan6l1vi4eSLKXVTspGiIfsFzLrMGdpXjyLduJyzKXqTp7TrBebWkOUR0sYloo
++1OQprzuKskJJ81P6AVvRXw27vyW8Wtp5WwJJK5xbWq/YXj8qqagGkEiCAQKBgQCc
++RK3XAFurPmLGa7JHX5Hc/z8BKMAZo6JHrsZ6qFiGaRA0U1it0hz5JYfcFfECheSi
++ORUF+fn4PlbhPGXkFljPCbwjVBovOBA9CNl+J6u50pAW4r1ZhDB5gbqxSQLgtIaf
+++JcqbFxiG6+sT36lNJS+BO2I3KrxhZJPaZY7z8szxQKBgQDRy70XzwOk8jXayiF2
++ej2IN7Ow9cgSE4tLEwR/vCjxvOlWhA3jC3wxoggshGJkpbP3DqLkQtwQm0h1lM8J
++QNtFwKzjtpf//bTlfFq08/YxWimTPMqzcV2PgRacB8P3yf1r8T7M4fA5TORCDWpW
++5FtOCFEmwQHTR8lu4c63qfxkEQ==
++-----END PRIVATE KEY-----
+diff --git a/test/certs/setup.sh b/test/certs/setup.sh
+index b9766aab20..2240cd9df0 100755
+--- a/test/certs/setup.sh
++++ b/test/certs/setup.sh
+@@ -388,6 +388,17 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
+     "email.1 = good@good.org" "email.2 = any@good.com" \
+     "IP = 127.0.0.1" "IP = 192.168.0.1"
+ 
++# Certs for CVE-2022-4203 testcase
++
++NC="excluded;otherName:SRVName;UTF8STRING:foo@example.org" ./mkcert.sh genca \
++    "Test NC CA othername" nccaothername-key nccaothername-cert \
++    root-key root-cert
++
++./mkcert.sh req alt-email-key "O = NC email in othername Test Certificate" | \
++    ./mkcert.sh geneealt bad-othername-key bad-othername-cert \
++    nccaothername-key nccaothername-cert \
++    "otherName.1 = SRVName;UTF8STRING:foo@example.org"
++
+ # RSA-PSS signatures
+ # SHA1
+ ./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \
+diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
+index 4613489f57..e6a2bca731 100644
+--- a/test/recipes/25-test_verify.t
++++ b/test/recipes/25-test_verify.t
+@@ -29,7 +29,7 @@ sub verify {
+     run(app([@args]));
+ }
+ 
+-plan tests => 162;
++plan tests => 163;
+ 
+ # Canonical success
+ ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
+@@ -402,6 +402,9 @@ ok(!verify("badalt9-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
+ ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
+    "Name constraints nested DNS name excluded");
+ 
++ok(!verify("bad-othername-cert", "", ["root-cert"], ["nccaothername-cert"], ),
++   "CVE-2022-4203 type confusion test");
++
+ #Check that we get the expected failure return code
+ with({ exit_checker => sub { return shift == 2; } },
+      sub {
+-- 
+2.39.1
+
diff --git a/openssl.spec b/openssl.spec
index f3e5414..2cb0ba6 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.7
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -155,6 +155,9 @@ Patch91: 0091-FIPS-RSA-encapsulate.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142517
 Patch92: 0092-provider-improvements.patch
 
+# OpenSSL 3.0.8 CVEs
+Patch101: 0101-CVE-2022-4203-nc-match.patch
+
 License: ASL 2.0
 URL: http://www.openssl.org/
 BuildRequires: gcc g++
@@ -484,6 +487,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-5
+- Fixed X.509 Name Constraints Read Buffer Overflow
+  Resolves: CVE-2022-4203
+
 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode
   Resolves: rhbz#2142121

From c5b0dc92d340ad2b29d4bfd0327e4c0fb211acdc Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 8 Feb 2023 11:40:25 +0100
Subject: [PATCH 22/28] Fixed Timing Oracle in RSA Decryption

Resolves: CVE-2022-4304
---
 0102-CVE-2022-4304-RSA-time-oracle.patch | 750 +++++++++++++++++++++++
 openssl.spec                             |   3 +
 2 files changed, 753 insertions(+)
 create mode 100644 0102-CVE-2022-4304-RSA-time-oracle.patch

diff --git a/0102-CVE-2022-4304-RSA-time-oracle.patch b/0102-CVE-2022-4304-RSA-time-oracle.patch
new file mode 100644
index 0000000..a650715
--- /dev/null
+++ b/0102-CVE-2022-4304-RSA-time-oracle.patch
@@ -0,0 +1,750 @@
+From 8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Fri, 20 Jan 2023 15:03:40 +0000
+Subject: [PATCH 03/18] Fix Timing Oracle in RSA decryption
+
+A timing based side channel exists in the OpenSSL RSA Decryption
+implementation which could be sufficient to recover a plaintext across
+a network in a Bleichenbacher style attack. To achieve a successful
+decryption an attacker would have to be able to send a very large number
+of trial messages for decryption. The vulnerability affects all RSA
+padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
+
+Patch written by Dmitry Belyavsky and Hubert Kario
+
+CVE-2022-4304
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/bn/bn_blind.c    |  14 -
+ crypto/bn/bn_local.h    |  14 +
+ crypto/bn/build.info    |   2 +-
+ crypto/bn/rsa_sup_mul.c | 604 ++++++++++++++++++++++++++++++++++++++++
+ crypto/rsa/rsa_ossl.c   |  19 +-
+ include/crypto/bn.h     |   6 +
+ 6 files changed, 638 insertions(+), 21 deletions(-)
+ create mode 100644 crypto/bn/rsa_sup_mul.c
+
+diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
+index 72457b34cf..6061ebb4c0 100644
+--- a/crypto/bn/bn_blind.c
++++ b/crypto/bn/bn_blind.c
+@@ -13,20 +13,6 @@
+ 
+ #define BN_BLINDING_COUNTER     32
+ 
+-struct bn_blinding_st {
+-    BIGNUM *A;
+-    BIGNUM *Ai;
+-    BIGNUM *e;
+-    BIGNUM *mod;                /* just a reference */
+-    CRYPTO_THREAD_ID tid;
+-    int counter;
+-    unsigned long flags;
+-    BN_MONT_CTX *m_ctx;
+-    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+-                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+-    CRYPTO_RWLOCK *lock;
+-};
+-
+ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+ {
+     BN_BLINDING *ret = NULL;
+diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h
+index c9a7ecf298..8c428f919d 100644
+--- a/crypto/bn/bn_local.h
++++ b/crypto/bn/bn_local.h
+@@ -290,6 +290,20 @@ struct bn_gencb_st {
+     } cb;
+ };
+ 
++struct bn_blinding_st {
++    BIGNUM *A;
++    BIGNUM *Ai;
++    BIGNUM *e;
++    BIGNUM *mod;                /* just a reference */
++    CRYPTO_THREAD_ID tid;
++    int counter;
++    unsigned long flags;
++    BN_MONT_CTX *m_ctx;
++    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
++    CRYPTO_RWLOCK *lock;
++};
++
+ /*-
+  * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+  *
+diff --git a/crypto/bn/build.info b/crypto/bn/build.info
+index c4ba51b265..f4ff619239 100644
+--- a/crypto/bn/build.info
++++ b/crypto/bn/build.info
+@@ -105,7 +105,7 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
+         bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+         bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
+         bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
+-        bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c
++        bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c rsa_sup_mul.c
+ SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c
+ DEFINE[../../libcrypto]=$BNDEF
+ IF[{- !$disabled{'deprecated-0.9.8'} -}]
+diff --git a/crypto/bn/rsa_sup_mul.c b/crypto/bn/rsa_sup_mul.c
+new file mode 100644
+index 0000000000..0e0d02e194
+--- /dev/null
++++ b/crypto/bn/rsa_sup_mul.c
+@@ -0,0 +1,604 @@
++#include <openssl/e_os2.h>
++#include <stddef.h>
++#include <sys/types.h>
++#include <string.h>
++#include <openssl/bn.h>
++#include <openssl/err.h>
++#include <openssl/rsaerr.h>
++#include "internal/endian.h"
++#include "internal/numbers.h"
++#include "internal/constant_time.h"
++#include "bn_local.h"
++
++# if BN_BYTES == 8
++typedef uint64_t limb_t;
++#  if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16
++typedef uint128_t limb2_t;
++#   define HAVE_LIMB2_T
++#  endif
++#  define LIMB_BIT_SIZE 64
++#  define LIMB_BYTE_SIZE 8
++# elif BN_BYTES == 4
++typedef uint32_t limb_t;
++typedef uint64_t limb2_t;
++#  define LIMB_BIT_SIZE 32
++#  define LIMB_BYTE_SIZE 4
++#  define HAVE_LIMB2_T
++# else
++#  error "Not supported"
++# endif
++
++/*
++ * For multiplication we're using schoolbook multiplication,
++ * so if we have two numbers, each with 6 "digits" (words)
++ * the multiplication is calculated as follows:
++ *                        A B C D E F
++ *                     x  I J K L M N
++ *                     --------------
++ *                                N*F
++ *                              N*E
++ *                            N*D
++ *                          N*C
++ *                        N*B
++ *                      N*A
++ *                              M*F
++ *                            M*E
++ *                          M*D
++ *                        M*C
++ *                      M*B
++ *                    M*A
++ *                            L*F
++ *                          L*E
++ *                        L*D
++ *                      L*C
++ *                    L*B
++ *                  L*A
++ *                          K*F
++ *                        K*E
++ *                      K*D
++ *                    K*C
++ *                  K*B
++ *                K*A
++ *                        J*F
++ *                      J*E
++ *                    J*D
++ *                  J*C
++ *                J*B
++ *              J*A
++ *                      I*F
++ *                    I*E
++ *                  I*D
++ *                I*C
++ *              I*B
++ *         +  I*A
++ *         ==========================
++ *                        N*B N*D N*F
++ *                    + N*A N*C N*E
++ *                    + M*B M*D M*F
++ *                  + M*A M*C M*E
++ *                  + L*B L*D L*F
++ *                + L*A L*C L*E
++ *                + K*B K*D K*F
++ *              + K*A K*C K*E
++ *              + J*B J*D J*F
++ *            + J*A J*C J*E
++ *            + I*B I*D I*F
++ *          + I*A I*C I*E
++ *
++ *                1+1 1+3 1+5
++ *              1+0 1+2 1+4
++ *              0+1 0+3 0+5
++ *            0+0 0+2 0+4
++ *
++ *            0 1 2 3 4 5 6
++ * which requires n^2 multiplications and 2n full length additions
++ * as we can keep every other result of limb multiplication in two separate
++ * limbs
++ */
++
++#if defined HAVE_LIMB2_T
++static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
++{
++    limb2_t t;
++    /*
++     * this is idiomatic code to tell compiler to use the native mul
++     * those three lines will actually compile to single instruction
++     */
++
++    t = (limb2_t)a * b;
++    *hi = t >> LIMB_BIT_SIZE;
++    *lo = (limb_t)t;
++}
++#elif (BN_BYTES == 8) && (defined _MSC_VER)
++/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */
++#pragma intrinsic(_umul128)
++static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
++{
++    *lo = _umul128(a, b, hi);
++}
++#else
++/*
++ * if the compiler doesn't have either a 128bit data type nor a "return
++ * high 64 bits of multiplication"
++ */
++static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
++{
++    limb_t a_low = (limb_t)(uint32_t)a;
++    limb_t a_hi = a >> 32;
++    limb_t b_low = (limb_t)(uint32_t)b;
++    limb_t b_hi = b >> 32;
++
++    limb_t p0 = a_low * b_low;
++    limb_t p1 = a_low * b_hi;
++    limb_t p2 = a_hi * b_low;
++    limb_t p3 = a_hi * b_hi;
++
++    uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32);
++
++    *lo = p0 + (p1 << 32) + (p2 << 32);
++    *hi = p3 + (p1 >> 32) + (p2 >> 32) + cy;
++}
++#endif
++
++/* add two limbs with carry in, return carry out */
++static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry)
++{
++    limb_t carry1, carry2, t;
++    /*
++     * `c = a + b; if (c < a)` is idiomatic code that makes compilers
++     * use add with carry on assembly level
++     */
++
++    *ret = a + carry;
++    if (*ret < a)
++        carry1 = 1;
++    else
++        carry1 = 0;
++
++    t = *ret;
++    *ret = t + b;
++    if (*ret < t)
++        carry2 = 1;
++    else
++        carry2 = 0;
++
++    return carry1 + carry2;
++}
++
++/*
++ * add two numbers of the same size, return overflow
++ *
++ * add a to b, place result in ret; all arrays need to be n limbs long
++ * return overflow from addition (0 or 1)
++ */
++static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n)
++{
++    limb_t c = 0;
++    ossl_ssize_t i;
++
++    for(i = n - 1; i > -1; i--)
++        c = _add_limb(&ret[i], a[i], b[i], c);
++
++    return c;
++}
++
++/*
++ * return number of limbs necessary for temporary values
++ * when multiplying numbers n limbs large
++ */
++static ossl_inline size_t mul_limb_numb(size_t n)
++{
++    return  2 * n * 2;
++}
++
++/*
++ * multiply two numbers of the same size
++ *
++ * multiply a by b, place result in ret; a and b need to be n limbs long
++ * ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs
++ * long
++ */
++static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp)
++{
++    limb_t *r_odd, *r_even;
++    size_t i, j, k;
++
++    r_odd = tmp;
++    r_even = &tmp[2 * n];
++
++    memset(ret, 0, 2 * n * sizeof(limb_t));
++
++    for (i = 0; i < n; i++) {
++        for (k = 0; k < i + n + 1; k++) {
++            r_even[k] = 0;
++            r_odd[k] = 0;
++        }
++        for (j = 0; j < n; j++) {
++            /*
++             * place results from even and odd limbs in separate arrays so that
++             * we don't have to calculate overflow every time we get individual
++             * limb multiplication result
++             */
++            if (j % 2 == 0)
++                _mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]);
++            else
++                _mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]);
++        }
++        /*
++         * skip the least significant limbs when adding multiples of
++         * more significant limbs (they're zero anyway)
++         */
++        add(ret, ret, r_even, n + i + 1);
++        add(ret, ret, r_odd, n + i + 1);
++    }
++}
++
++/* modifies the value in place by performing a right shift by one bit */
++static ossl_inline void rshift1(limb_t *val, size_t n)
++{
++    limb_t shift_in = 0, shift_out = 0;
++    size_t i;
++
++    for (i = 0; i < n; i++) {
++        shift_out = val[i] & 1;
++        val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1);
++        shift_in = shift_out;
++    }
++}
++
++/* extend the LSB of flag to all bits of limb */
++static ossl_inline limb_t mk_mask(limb_t flag)
++{
++    flag |= flag << 1;
++    flag |= flag << 2;
++    flag |= flag << 4;
++    flag |= flag << 8;
++    flag |= flag << 16;
++#if (LIMB_BYTE_SIZE == 8)
++    flag |= flag << 32;
++#endif
++    return flag;
++}
++
++/*
++ * copy from either a or b to ret based on flag
++ * when flag == 0, then copies from b
++ * when flag == 1, then copies from a
++ */
++static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n)
++{
++    /*
++     * would be more efficient with non volatile mask, but then gcc
++     * generates code with jumps
++     */
++    volatile limb_t mask;
++    size_t i;
++
++    mask = mk_mask(flag);
++    for (i = 0; i < n; i++) {
++#if (LIMB_BYTE_SIZE == 8)
++        ret[i] = constant_time_select_64(mask, a[i], b[i]);
++#else
++        ret[i] = constant_time_select_32(mask, a[i], b[i]);
++#endif
++    }
++}
++
++static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow)
++{
++    limb_t borrow1, borrow2, t;
++    /*
++     * while it doesn't look constant-time, this is idiomatic code
++     * to tell compilers to use the carry bit from subtraction
++     */
++
++    *ret = a - borrow;
++    if (*ret > a)
++        borrow1 = 1;
++    else
++        borrow1 = 0;
++
++    t = *ret;
++    *ret = t - b;
++    if (*ret > t)
++        borrow2 = 1;
++    else
++        borrow2 = 0;
++
++    return borrow1 + borrow2;
++}
++
++/*
++ * place the result of a - b into ret, return the borrow bit.
++ * All arrays need to be n limbs long
++ */
++static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n)
++{
++    limb_t borrow = 0;
++    ossl_ssize_t i;
++
++    for (i = n - 1; i > -1; i--)
++        borrow = _sub_limb(&ret[i], a[i], b[i], borrow);
++
++    return borrow;
++}
++
++/* return the number of limbs necessary to allocate for the mod() tmp operand */
++static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum)
++{
++    return (anum + modnum) * 3;
++}
++
++/*
++ * calculate a % mod, place the result in ret
++ * size of a is defined by anum, size of ret and mod is modnum,
++ * size of tmp is returned by mod_limb_numb()
++ */
++static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
++               size_t modnum, limb_t *tmp)
++{
++    limb_t *atmp, *modtmp, *rettmp;
++    limb_t res;
++    size_t i;
++
++    memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE);
++
++    atmp = tmp;
++    modtmp = &tmp[anum + modnum];
++    rettmp = &tmp[(anum + modnum) * 2];
++
++    for (i = modnum; i <modnum + anum; i++)
++        atmp[i] = a[i-modnum];
++
++    for (i = 0; i < modnum; i++)
++        modtmp[i] = mod[i];
++
++    for (i = 0; i < anum * LIMB_BIT_SIZE; i++) {
++        rshift1(modtmp, anum + modnum);
++        res = sub(rettmp, atmp, modtmp, anum+modnum);
++        cselect(res, atmp, atmp, rettmp, anum+modnum);
++    }
++
++    memcpy(ret, &atmp[anum], sizeof(limb_t) * modnum);
++}
++
++/* necessary size of tmp for a _mul_add_limb() call with provided anum */
++static ossl_inline size_t _mul_add_limb_numb(size_t anum)
++{
++    return 2 * (anum + 1);
++}
++
++/* multiply a by m, add to ret, return carry */
++static limb_t _mul_add_limb(limb_t *ret, limb_t *a, size_t anum,
++                           limb_t m, limb_t *tmp)
++{
++    limb_t carry = 0;
++    limb_t *r_odd, *r_even;
++    size_t i;
++
++    memset(tmp, 0, sizeof(limb_t) * (anum + 1) * 2);
++
++    r_odd = tmp;
++    r_even = &tmp[anum + 1];
++
++    for (i = 0; i < anum; i++) {
++        /*
++         * place the results from even and odd limbs in separate arrays
++         * so that we have to worry about carry just once
++         */
++        if (i % 2 == 0)
++            _mul_limb(&r_even[i], &r_even[i + 1], a[i], m);
++        else
++            _mul_limb(&r_odd[i], &r_odd[i + 1], a[i], m);
++    }
++    /* assert: add() carry here will be equal zero */
++    add(r_even, r_even, r_odd, anum + 1);
++    /*
++     * while here it will not overflow as the max value from multiplication
++     * is -2 while max overflow from addition is 1, so the max value of
++     * carry is -1 (i.e. max int)
++     */
++    carry = add(ret, ret, &r_even[1], anum) + r_even[0];
++
++    return carry;
++}
++
++static ossl_inline size_t mod_montgomery_limb_numb(size_t modnum)
++{
++    return modnum * 2 + _mul_add_limb_numb(modnum);
++}
++
++/*
++ * calculate a % mod, place result in ret
++ * assumes that a is in Montgomery form with the R (Montgomery modulus) being
++ * smallest power of two big enough to fit mod and that's also a power
++ * of the count of number of bits in limb_t (B).
++ * For calculation, we also need n', such that mod * n' == -1 mod B.
++ * anum must be <= 2 * modnum
++ * ret needs to be modnum words long
++ * tmp needs to be mod_montgomery_limb_numb(modnum) limbs long
++ */
++static void mod_montgomery(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
++                          size_t modnum, limb_t ni0, limb_t *tmp)
++{
++    limb_t carry, v;
++    limb_t *res, *rp, *tmp2;
++    ossl_ssize_t i;
++
++    res = tmp;
++    /*
++     * for intermediate result we need an integer twice as long as modulus
++     * but keep the input in the least significant limbs
++     */
++    memset(res, 0, sizeof(limb_t) * (modnum * 2));
++    memcpy(&res[modnum * 2 - anum], a, sizeof(limb_t) * anum);
++    rp = &res[modnum];
++    tmp2 = &res[modnum * 2];
++
++    carry = 0;
++
++    /* add multiples of the modulus to the value until R divides it cleanly */
++    for (i = modnum; i > 0; i--, rp--) {
++        v = _mul_add_limb(rp, mod, modnum, rp[modnum-1] * ni0, tmp2);
++        v = v + carry + rp[-1];
++        carry |= (v != rp[-1]);
++        carry &= (v <= rp[-1]);
++        rp[-1] = v;
++    }
++
++    /* perform the final reduction by mod... */
++    carry -= sub(ret, rp, mod, modnum);
++
++    /* ...conditionally */
++    cselect(carry, ret, rp, ret, modnum);
++}
++
++/* allocated buffer should be freed afterwards */
++static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs)
++{
++    int i;
++    int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
++    limb_t *ptr = buf + (limbs - real_limbs);
++
++    for (i = 0; i < real_limbs; i++)
++         ptr[i] = bn->d[real_limbs - i - 1];
++}
++
++#if LIMB_BYTE_SIZE == 8
++static ossl_inline uint64_t be64(uint64_t host)
++{
++    uint64_t big = 0;
++    DECLARE_IS_ENDIAN;
++
++    if (!IS_LITTLE_ENDIAN)
++        return host;
++
++    big |= (host & 0xff00000000000000) >> 56;
++    big |= (host & 0x00ff000000000000) >> 40;
++    big |= (host & 0x0000ff0000000000) >> 24;
++    big |= (host & 0x000000ff00000000) >>  8;
++    big |= (host & 0x00000000ff000000) <<  8;
++    big |= (host & 0x0000000000ff0000) << 24;
++    big |= (host & 0x000000000000ff00) << 40;
++    big |= (host & 0x00000000000000ff) << 56;
++    return big;
++}
++
++#else
++/* Not all platforms have htobe32(). */
++static ossl_inline uint32_t be32(uint32_t host)
++{
++    uint32_t big = 0;
++    DECLARE_IS_ENDIAN;
++
++    if (!IS_LITTLE_ENDIAN)
++        return host;
++
++    big |= (host & 0xff000000) >> 24;
++    big |= (host & 0x00ff0000) >> 8;
++    big |= (host & 0x0000ff00) << 8;
++    big |= (host & 0x000000ff) << 24;
++    return big;
++}
++#endif
++
++/*
++ * We assume that intermediate, possible_arg2, blinding, and ctx are used
++ * similar to BN_BLINDING_invert_ex() arguments.
++ * to_mod is RSA modulus.
++ * buf and num is the serialization buffer and its length.
++ *
++ * Here we use classic/Montgomery multiplication and modulo. After the calculation finished
++ * we serialize the new structure instead of BIGNUMs taking endianness into account.
++ */
++int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
++                           const BN_BLINDING *blinding,
++                           const BIGNUM *possible_arg2,
++                           const BIGNUM *to_mod, BN_CTX *ctx,
++                           unsigned char *buf, int num)
++{
++    limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL;
++    limb_t *l_ret = NULL, *l_tmp = NULL, l_buf;
++    size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0;
++    size_t l_tmp_count = 0;
++    int ret = 0;
++    size_t i;
++    unsigned char *tmp;
++    const BIGNUM *arg1 = intermediate;
++    const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2;
++
++    l_im_count  = (BN_num_bytes(arg1)   + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
++    l_mul_count = (BN_num_bytes(arg2)   + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
++    l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
++
++    l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count;
++    l_im  = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
++    l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
++    l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE);
++
++    if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL))
++        goto err;
++
++    BN_to_limb(arg1,   l_im,  l_size);
++    BN_to_limb(arg2,   l_mul, l_size);
++    BN_to_limb(to_mod, l_mod, l_mod_count);
++
++    l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE);
++
++    if (blinding->m_ctx != NULL) {
++        l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ?
++                      mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count);
++        l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
++    } else {
++        l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ?
++                      mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count);
++        l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
++    }
++
++    if ((l_ret == NULL) || (l_tmp == NULL))
++        goto err;
++
++    if (blinding->m_ctx != NULL) {
++        limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
++        mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count,
++                       blinding->m_ctx->n0[0], l_tmp);
++    } else {
++        limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
++        mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp);
++    }
++
++    /* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */
++    if (num < BN_num_bytes(to_mod)) {
++        ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
++        goto err;
++    }
++
++    memset(buf, 0, num);
++    tmp = buf + num - BN_num_bytes(to_mod);
++    for (i = 0; i < l_mod_count; i++) {
++#if LIMB_BYTE_SIZE == 8
++        l_buf = be64(l_ret[i]);
++#else
++        l_buf = be32(l_ret[i]);
++#endif
++        if (i == 0) {
++            int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num);
++
++            memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta);
++            tmp += delta;
++        } else {
++            memcpy(tmp, &l_buf, LIMB_BYTE_SIZE);
++            tmp += LIMB_BYTE_SIZE;
++        }
++    }
++    ret = num;
++
++ err:
++    OPENSSL_free(l_im);
++    OPENSSL_free(l_mul);
++    OPENSSL_free(l_mod);
++    OPENSSL_free(l_tmp);
++    OPENSSL_free(l_ret);
++
++    return ret;
++}
+diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
+index 381c659352..7e8b791fba 100644
+--- a/crypto/rsa/rsa_ossl.c
++++ b/crypto/rsa/rsa_ossl.c
+@@ -469,13 +469,20 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+         BN_free(d);
+     }
+ 
+-    if (blinding)
+-        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
++    if (blinding) {
++        /*
++         * ossl_bn_rsa_do_unblind() combines blinding inversion and
++         * 0-padded BN BE serialization
++         */
++        j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx,
++                                   buf, num);
++        if (j == 0)
+             goto err;
+-
+-    j = BN_bn2binpad(ret, buf, num);
+-    if (j < 0)
+-        goto err;
++    } else {
++        j = BN_bn2binpad(ret, buf, num);
++        if (j < 0)
++            goto err;
++    }
+ 
+     switch (padding) {
+     case RSA_PKCS1_PADDING:
+diff --git a/include/crypto/bn.h b/include/crypto/bn.h
+index cf69bea848..cd45654210 100644
+--- a/include/crypto/bn.h
++++ b/include/crypto/bn.h
+@@ -114,4 +114,10 @@ OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx);
+ 
+ extern const BIGNUM ossl_bn_inv_sqrt_2;
+ 
++int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
++                           const BN_BLINDING *blinding,
++                           const BIGNUM *possible_arg2,
++                           const BIGNUM *to_mod, BN_CTX *ctx,
++                           unsigned char *buf, int num);
++
+ #endif
+-- 
+2.39.1
+
diff --git a/openssl.spec b/openssl.spec
index 2cb0ba6..4969850 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -157,6 +157,7 @@ Patch92: 0092-provider-improvements.patch
 
 # OpenSSL 3.0.8 CVEs
 Patch101: 0101-CVE-2022-4203-nc-match.patch
+Patch102: 0102-CVE-2022-4304-RSA-time-oracle.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -490,6 +491,8 @@ install -m644 %{SOURCE9} \
 * Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-5
 - Fixed X.509 Name Constraints Read Buffer Overflow
   Resolves: CVE-2022-4203
+- Fixed Timing Oracle in RSA Decryption
+  Resolves: CVE-2022-4304
 
 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode

From 529db6cf12adc44809f211c5319afff73395c111 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 8 Feb 2023 11:43:11 +0100
Subject: [PATCH 23/28] Fixed Double free after calling PEM_read_bio_ex

Resolves: CVE-2022-4450
---
 0103-CVE-2022-4450-pem-read-bio.patch | 106 ++++++++++++++++++++++++++
 openssl.spec                          |   3 +
 2 files changed, 109 insertions(+)
 create mode 100644 0103-CVE-2022-4450-pem-read-bio.patch

diff --git a/0103-CVE-2022-4450-pem-read-bio.patch b/0103-CVE-2022-4450-pem-read-bio.patch
new file mode 100644
index 0000000..7d86395
--- /dev/null
+++ b/0103-CVE-2022-4450-pem-read-bio.patch
@@ -0,0 +1,106 @@
+From 63bcf189be73a9cc1264059bed6f57974be74a83 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 13 Dec 2022 14:54:55 +0000
+Subject: [PATCH 04/18] Avoid dangling ptrs in header and data params for
+ PEM_read_bio_ex
+
+In the event of a failure in PEM_read_bio_ex() we free the buffers we
+allocated for the header and data buffers. However we were not clearing
+the ptrs stored in *header and *data. Since, on success, the caller is
+responsible for freeing these ptrs this can potentially lead to a double
+free if the caller frees them even on failure.
+
+Thanks to Dawei Wang for reporting this issue.
+
+Based on a proposed patch by Kurt Roeckx.
+
+CVE-2022-4450
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+---
+ crypto/pem/pem_lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
+index f9ff80162a..85c47fb627 100644
+--- a/crypto/pem/pem_lib.c
++++ b/crypto/pem/pem_lib.c
+@@ -989,7 +989,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+ 
+ out_free:
+     pem_free(*header, flags, 0);
++    *header = NULL;
+     pem_free(*data, flags, 0);
++    *data = NULL;
+ end:
+     EVP_ENCODE_CTX_free(ctx);
+     pem_free(name, flags, 0);
+-- 
+2.39.1
+
+From cbafa34b5a057794c5c08cd4657038e1f643c1ac Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 13 Dec 2022 15:02:26 +0000
+Subject: [PATCH 05/18] Add a test for CVE-2022-4450
+
+Call PEM_read_bio_ex() and expect a failure. There should be no dangling
+ptrs and therefore there should be no double free if we free the ptrs on
+error.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+---
+ test/pemtest.c | 30 ++++++++++++++++++++++++++++++
+ 1 file changed, 30 insertions(+)
+
+diff --git a/test/pemtest.c b/test/pemtest.c
+index a8d2d49bb5..a5d28cb256 100644
+--- a/test/pemtest.c
++++ b/test/pemtest.c
+@@ -96,6 +96,35 @@ static int test_cert_key_cert(void)
+     return 1;
+ }
+ 
++static int test_empty_payload(void)
++{
++    BIO *b;
++    static char *emptypay =
++        "-----BEGIN CERTIFICATE-----\n"
++        "-\n" /* Base64 EOF character */
++        "-----END CERTIFICATE-----";
++    char *name = NULL, *header = NULL;
++    unsigned char *data = NULL;
++    long len;
++    int ret = 0;
++
++    b = BIO_new_mem_buf(emptypay, strlen(emptypay));
++    if (!TEST_ptr(b))
++        return 0;
++
++    /* Expected to fail because the payload is empty */
++    if (!TEST_false(PEM_read_bio_ex(b, &name, &header, &data, &len, 0)))
++        goto err;
++
++    ret = 1;
++ err:
++    OPENSSL_free(name);
++    OPENSSL_free(header);
++    OPENSSL_free(data);
++    BIO_free(b);
++    return ret;
++}
++
+ int setup_tests(void)
+ {
+     if (!TEST_ptr(pemfile = test_get_argument(0)))
+@@ -103,5 +132,6 @@ int setup_tests(void)
+     ADD_ALL_TESTS(test_b64, OSSL_NELEM(b64_pem_data));
+     ADD_TEST(test_invalid);
+     ADD_TEST(test_cert_key_cert);
++    ADD_TEST(test_empty_payload);
+     return 1;
+ }
+-- 
+2.39.1
+
diff --git a/openssl.spec b/openssl.spec
index 4969850..0bf09f2 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -158,6 +158,7 @@ Patch92: 0092-provider-improvements.patch
 # OpenSSL 3.0.8 CVEs
 Patch101: 0101-CVE-2022-4203-nc-match.patch
 Patch102: 0102-CVE-2022-4304-RSA-time-oracle.patch
+Patch103: 0103-CVE-2022-4450-pem-read-bio.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -493,6 +494,8 @@ install -m644 %{SOURCE9} \
   Resolves: CVE-2022-4203
 - Fixed Timing Oracle in RSA Decryption
   Resolves: CVE-2022-4304
+- Fixed Double free after calling PEM_read_bio_ex
+  Resolves: CVE-2022-4450
 
 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode

From b88934109683d1d4982deb35483f06705389343e Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 8 Feb 2023 11:52:44 +0100
Subject: [PATCH 24/28] Fixed Use-after-free following BIO_new_NDEF

Resolves: CVE-2023-0215
---
 0104-CVE-2023-0215-UAF-bio.patch | 187 +++++++++++++++++++++++++++++++
 openssl.spec                     |   3 +
 2 files changed, 190 insertions(+)
 create mode 100644 0104-CVE-2023-0215-UAF-bio.patch

diff --git a/0104-CVE-2023-0215-UAF-bio.patch b/0104-CVE-2023-0215-UAF-bio.patch
new file mode 100644
index 0000000..4140219
--- /dev/null
+++ b/0104-CVE-2023-0215-UAF-bio.patch
@@ -0,0 +1,187 @@
+From 8818064ce3c3c0f1b740a5aaba2a987e75bfbafd Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 14 Dec 2022 16:18:14 +0000
+Subject: [PATCH 06/18] Fix a UAF resulting from a bug in BIO_new_NDEF
+
+If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
+be part of an invalid BIO chain. This causes a "use after free" when the
+BIO is eventually freed.
+
+Based on an original patch by Viktor Dukhovni and an idea from Theo
+Buehler.
+
+Thanks to Octavio Galland for reporting this issue.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/asn1/bio_ndef.c | 40 ++++++++++++++++++++++++++++++++--------
+ 1 file changed, 32 insertions(+), 8 deletions(-)
+
+diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
+index d94e3a3644..b9df3a7a47 100644
+--- a/crypto/asn1/bio_ndef.c
++++ b/crypto/asn1/bio_ndef.c
+@@ -49,13 +49,19 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+ static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
+                             void *parg);
+ 
+-/* unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() */
++/*
++ * On success, the returned BIO owns the input BIO as part of its BIO chain.
++ * On failure, NULL is returned and the input BIO is owned by the caller.
++ *
++ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
++ */
+ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+ {
+     NDEF_SUPPORT *ndef_aux = NULL;
+     BIO *asn_bio = NULL;
+     const ASN1_AUX *aux = it->funcs;
+     ASN1_STREAM_ARG sarg;
++    BIO *pop_bio = NULL;
+ 
+     if (!aux || !aux->asn1_cb) {
+         ERR_raise(ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED);
+@@ -70,21 +76,39 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+     out = BIO_push(asn_bio, out);
+     if (out == NULL)
+         goto err;
++    pop_bio = asn_bio;
+ 
+-    BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
+-    BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
++    if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0
++            || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0
++            || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
++        goto err;
+ 
+     /*
+-     * Now let callback prepends any digest, cipher etc BIOs ASN1 structure
+-     * needs.
++     * Now let the callback prepend any digest, cipher, etc., that the BIO's
++     * ASN1 structure needs.
+      */
+ 
+     sarg.out = out;
+     sarg.ndef_bio = NULL;
+     sarg.boundary = NULL;
+ 
+-    if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
++    /*
++     * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
++     * middle of some partially built, but not returned BIO chain.
++     */
++    if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) {
++        /*
++         * ndef_aux is now owned by asn_bio so we must not free it in the err
++         * clean up block
++         */
++        ndef_aux = NULL;
+         goto err;
++    }
++
++    /*
++     * We must not fail now because the callback has prepended additional
++     * BIOs to the chain
++     */
+ 
+     ndef_aux->val = val;
+     ndef_aux->it = it;
+@@ -92,11 +116,11 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+     ndef_aux->boundary = sarg.boundary;
+     ndef_aux->out = out;
+ 
+-    BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
+-
+     return sarg.ndef_bio;
+ 
+  err:
++    /* BIO_pop() is NULL safe */
++    (void)BIO_pop(pop_bio);
+     BIO_free(asn_bio);
+     OPENSSL_free(ndef_aux);
+     return NULL;
+-- 
+2.39.1
+
+From f596ec8a6f9f5fcfa8e46a73b60f78a609725294 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 14 Dec 2022 17:15:18 +0000
+Subject: [PATCH 07/18] Check CMS failure during BIO setup with -stream is
+ handled correctly
+
+Test for the issue fixed in the previous commit
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ test/recipes/80-test_cms.t  | 15 +++++++++++++--
+ test/smime-certs/badrsa.pem | 18 ++++++++++++++++++
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 test/smime-certs/badrsa.pem
+
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index 610f1cbc51..fd53683e6b 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -13,7 +13,7 @@ use warnings;
+ use POSIX;
+ use File::Spec::Functions qw/catfile/;
+ use File::Compare qw/compare_text compare/;
+-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/;
++use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with/;
+ 
+ use OpenSSL::Test::Utils;
+ 
+@@ -50,7 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
+ 
+ $no_rc2 = 1 if disabled("legacy");
+ 
+-plan tests => 12;
++plan tests => 13;
+ 
+ ok(run(test(["pkcs7_test"])), "test pkcs7");
+ 
+@@ -972,3 +972,14 @@ ok(!run(app(['openssl', 'cms', '-verify',
+ 
+     return "";
+ }
++
++# Check that we get the expected failure return code
++with({ exit_checker => sub { return shift == 6; } },
++    sub {
++        ok(run(app(['openssl', 'cms', '-encrypt',
++                    '-in', srctop_file("test", "smcont.txt"),
++                    '-stream', '-recip',
++                    srctop_file("test/smime-certs", "badrsa.pem"),
++                   ])),
++            "Check failure during BIO setup with -stream is handled correctly");
++    });
+diff --git a/test/smime-certs/badrsa.pem b/test/smime-certs/badrsa.pem
+new file mode 100644
+index 0000000000..f824fc2267
+--- /dev/null
++++ b/test/smime-certs/badrsa.pem
+@@ -0,0 +1,18 @@
++-----BEGIN CERTIFICATE-----
++MIIDbTCCAlWgAwIBAgIToTV4Z0iuK08vZP20oTh//hC8BDANBgkqhkiG9w0BAQ0FADAtMSswKQYD
++VfcDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY
++DzIwNTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
++AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw
++I2juwdRrjFBmXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A
++/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s
++yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0
++zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSxgCAwEAAaOBlzCB
++lDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
++CgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwfAADAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
++ZnMwHwYDVR0jBBgwFoAUeF8OWnjYa+RUcD2z3ez38fL6wEcwDQYJKoZIhvcNAQENBQADggEBABbW
++eonR6TMTckehDKNOabwaCIcekahAIL6l9tTzUX5ew6ufiAPlC6I/zQlmUaU0iSyFDG1NW14kNbFt
++5CAokyLhMtE4ASHBIHbiOp/ZSbUBTVYJZB61ot7w1/ol5QECSs08b8zrxIncf+t2DHGuVEy/Qq1d
++rBz8d4ay8zpqAE1tUyL5Da6ZiKUfWwZQXSI/JlbjQFzYQqTRDnzHWrg1xPeMTO1P2/cplFaseTiv
++yk4cYwOp/W9UAWymOZXF8WcJYCIUXkdcG/nEZxr057KlScrJmFXOoh7Y+8ON4iWYYcAfiNgpUFo/
++j8BAwrKKaFvdlZS9k1Ypb2+UQY75mKJE9Bg=
++-----END CERTIFICATE-----
+-- 
+2.39.1
+
diff --git a/openssl.spec b/openssl.spec
index 0bf09f2..ef22b31 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -159,6 +159,7 @@ Patch92: 0092-provider-improvements.patch
 Patch101: 0101-CVE-2022-4203-nc-match.patch
 Patch102: 0102-CVE-2022-4304-RSA-time-oracle.patch
 Patch103: 0103-CVE-2022-4450-pem-read-bio.patch
+Patch104: 0104-CVE-2023-0215-UAF-bio.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -496,6 +497,8 @@ install -m644 %{SOURCE9} \
   Resolves: CVE-2022-4304
 - Fixed Double free after calling PEM_read_bio_ex
   Resolves: CVE-2022-4450
+- Fixed Use-after-free following BIO_new_NDEF
+  Resolves: CVE-2023-0215
 
 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode

From 5e4feef220a0ff02085dadae7f36f1545286a2c3 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 8 Feb 2023 11:55:32 +0100
Subject: [PATCH 25/28] Fixed Invalid pointer dereference in d2i_PKCS7
 functions

Resolves: CVE-2023-0216
---
 0105-CVE-2023-0216-pkcs7-deref.patch | 110 +++++++++++++++++++++++++++
 openssl.spec                         |   3 +
 2 files changed, 113 insertions(+)
 create mode 100644 0105-CVE-2023-0216-pkcs7-deref.patch

diff --git a/0105-CVE-2023-0216-pkcs7-deref.patch b/0105-CVE-2023-0216-pkcs7-deref.patch
new file mode 100644
index 0000000..bbcd594
--- /dev/null
+++ b/0105-CVE-2023-0216-pkcs7-deref.patch
@@ -0,0 +1,110 @@
+From 934a04f0e775309cadbef0aa6b9692e1b12a76c6 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 16 Jan 2023 19:45:23 +0100
+Subject: [PATCH 08/18] Do not dereference PKCS7 object data if not set
+
+Fixes CVE-2023-0216
+
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+---
+ crypto/pkcs7/pk7_lib.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
+index 753f1276e6..936e50da54 100644
+--- a/crypto/pkcs7/pk7_lib.c
++++ b/crypto/pkcs7/pk7_lib.c
+@@ -414,6 +414,8 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+ 
+ static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7)
+ {
++    if (p7->d.ptr == NULL)
++        return NULL;
+     if (PKCS7_type_is_signed(p7))
+         return p7->d.sign->cert;
+     if (PKCS7_type_is_signedAndEnveloped(p7))
+@@ -423,6 +425,8 @@ static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7)
+ 
+ static STACK_OF(PKCS7_RECIP_INFO) *pkcs7_get_recipient_info(const PKCS7 *p7)
+ {
++    if (p7->d.ptr == NULL)
++        return NULL;
+     if (PKCS7_type_is_signedAndEnveloped(p7))
+         return p7->d.signed_and_enveloped->recipientinfo;
+     if (PKCS7_type_is_enveloped(p7))
+@@ -440,13 +444,17 @@ void ossl_pkcs7_resolve_libctx(PKCS7 *p7)
+     const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
+     OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx);
+     const char *propq = ossl_pkcs7_ctx_get0_propq(ctx);
+-    STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7);
+-    STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7);
+-    STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7);
++    STACK_OF(PKCS7_RECIP_INFO) *rinfos;
++    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
++    STACK_OF(X509) *certs;
+ 
+-    if (ctx == NULL)
++    if (ctx == NULL || p7->d.ptr == NULL)
+         return;
+ 
++    rinfos = pkcs7_get_recipient_info(p7);
++    sinfos = PKCS7_get_signer_info(p7);
++    certs = pkcs7_get_signer_certs(p7);
++
+     for (i = 0; i < sk_X509_num(certs); i++)
+         ossl_x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
+ 
+-- 
+2.39.1
+
+From 67813d8a4d110f4174bbd2fee8a2f15388e324b5 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 16 Jan 2023 19:56:20 +0100
+Subject: [PATCH 09/18] Add test for d2i_PKCS7 NULL dereference
+
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+---
+ test/recipes/25-test_pkcs7.t                    | 7 +++++--
+ test/recipes/25-test_pkcs7_data/malformed.pkcs7 | 3 +++
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+ create mode 100644 test/recipes/25-test_pkcs7_data/malformed.pkcs7
+
+diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t
+index 37cd43dc6b..d61cd6abad 100644
+--- a/test/recipes/25-test_pkcs7.t
++++ b/test/recipes/25-test_pkcs7.t
+@@ -11,11 +11,11 @@ use strict;
+ use warnings;
+ 
+ use File::Spec;
+-use OpenSSL::Test qw/:DEFAULT srctop_file/;
++use OpenSSL::Test qw/:DEFAULT srctop_file data_file/;
+ 
+ setup("test_pkcs7");
+ 
+-plan tests => 3;
++plan tests => 4;
+ 
+ require_ok(srctop_file('test','recipes','tconversion.pl'));
+ 
+@@ -27,3 +27,6 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub {
+     tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"),
+                  -args => ["pkcs7"] );
+ };
++
++my $malformed = data_file('malformed.pkcs7');
++ok(run(app(["openssl", "pkcs7", "-in", $malformed])));
+diff --git a/test/recipes/25-test_pkcs7_data/malformed.pkcs7 b/test/recipes/25-test_pkcs7_data/malformed.pkcs7
+new file mode 100644
+index 0000000000..e30d1b582c
+--- /dev/null
++++ b/test/recipes/25-test_pkcs7_data/malformed.pkcs7
+@@ -0,0 +1,3 @@
++-----BEGIN PKCS7-----
++MAsGCSqGSIb3DQEHAg==
++-----END PKCS7-----
+-- 
+2.39.1
+
diff --git a/openssl.spec b/openssl.spec
index ef22b31..f3c7b83 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -160,6 +160,7 @@ Patch101: 0101-CVE-2022-4203-nc-match.patch
 Patch102: 0102-CVE-2022-4304-RSA-time-oracle.patch
 Patch103: 0103-CVE-2022-4450-pem-read-bio.patch
 Patch104: 0104-CVE-2023-0215-UAF-bio.patch
+Patch105: 0105-CVE-2023-0216-pkcs7-deref.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -499,6 +500,8 @@ install -m644 %{SOURCE9} \
   Resolves: CVE-2022-4450
 - Fixed Use-after-free following BIO_new_NDEF
   Resolves: CVE-2023-0215
+- Fixed Invalid pointer dereference in d2i_PKCS7 functions
+  Resolves: CVE-2023-0216
 
 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode

From 0f4062ead5775ac7a4dca8e65a38739182d0054f Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 8 Feb 2023 11:58:07 +0100
Subject: [PATCH 26/28] Fixed NULL dereference validating DSA public key

Resolves: CVE-2023-0217
---
 0106-CVE-2023-0217-dsa.patch | 404 +++++++++++++++++++++++++++++++++++
 openssl.spec                 |   3 +
 2 files changed, 407 insertions(+)
 create mode 100644 0106-CVE-2023-0217-dsa.patch

diff --git a/0106-CVE-2023-0217-dsa.patch b/0106-CVE-2023-0217-dsa.patch
new file mode 100644
index 0000000..d2db996
--- /dev/null
+++ b/0106-CVE-2023-0217-dsa.patch
@@ -0,0 +1,404 @@
+From 23985bac83fd50c8e29431009302b5442f985096 Mon Sep 17 00:00:00 2001
+From: slontis <shane.lontis@oracle.com>
+Date: Wed, 11 Jan 2023 11:05:04 +1000
+Subject: [PATCH 10/18] Fix NULL deference when validating FFC public key.
+
+Fixes CVE-2023-0217
+
+When attempting to do a BN_Copy of params->p there was no NULL check.
+Since BN_copy does not check for NULL this is a NULL reference.
+
+As an aside BN_cmp() does do a NULL check, so there are other checks
+that fail because a NULL is passed. A more general check for NULL params
+has been added for both FFC public and private key validation instead.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/ffc/ffc_key_validate.c |  9 +++++++++
+ include/internal/ffc.h        |  1 +
+ test/ffc_internal_test.c      | 31 +++++++++++++++++++++++++++++++
+ 3 files changed, 41 insertions(+)
+
+diff --git a/crypto/ffc/ffc_key_validate.c b/crypto/ffc/ffc_key_validate.c
+index 9f6525a2c8..442303e4b3 100644
+--- a/crypto/ffc/ffc_key_validate.c
++++ b/crypto/ffc/ffc_key_validate.c
+@@ -24,6 +24,11 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
+     BN_CTX *ctx = NULL;
+ 
+     *ret = 0;
++    if (params == NULL || pub_key == NULL || params->p == NULL) {
++        *ret = FFC_ERROR_PASSED_NULL_PARAM;
++        return 0;
++    }
++
+     ctx = BN_CTX_new_ex(NULL);
+     if (ctx == NULL)
+         goto err;
+@@ -107,6 +112,10 @@ int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv,
+ 
+     *ret = 0;
+ 
++    if (priv == NULL || upper == NULL) {
++        *ret = FFC_ERROR_PASSED_NULL_PARAM;
++        goto err;
++    }
+     if (BN_cmp(priv, BN_value_one()) < 0) {
+         *ret |= FFC_ERROR_PRIVKEY_TOO_SMALL;
+         goto err;
+diff --git a/include/internal/ffc.h b/include/internal/ffc.h
+index 732514a6c2..b8b7140857 100644
+--- a/include/internal/ffc.h
++++ b/include/internal/ffc.h
+@@ -76,6 +76,7 @@
+ # define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08
+ # define FFC_ERROR_PRIVKEY_TOO_SMALL      0x10
+ # define FFC_ERROR_PRIVKEY_TOO_LARGE      0x20
++# define FFC_ERROR_PASSED_NULL_PARAM      0x40
+ 
+ /*
+  * Finite field cryptography (FFC) domain parameters are used by DH and DSA.
+diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c
+index 2c97293573..9f67bd29b9 100644
+--- a/test/ffc_internal_test.c
++++ b/test/ffc_internal_test.c
+@@ -510,6 +510,27 @@ static int ffc_public_validate_test(void)
+     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
+         goto err;
+ 
++    /* Fail if params is NULL */
++    if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res)))
++        goto err;
++    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
++        goto err;
++    res = -1;
++    /* Fail if pubkey is NULL */
++    if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res)))
++        goto err;
++    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
++        goto err;
++    res = -1;
++
++    BN_free(params->p);
++    params->p = NULL;
++    /* Fail if params->p is NULL */
++    if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
++        goto err;
++    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
++        goto err;
++
+     ret = 1;
+ err:
+     DH_free(dh);
+@@ -567,6 +588,16 @@ static int ffc_private_validate_test(void)
+     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
+         goto err;
+ 
++    if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res)))
++        goto err;
++    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
++        goto err;
++    res = -1;
++    if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res)))
++        goto err;
++    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
++        goto err;
++
+     ret = 1;
+ err:
+     DH_free(dh);
+-- 
+2.39.1
+
+From c1b4467a7cc129a74fc5205b80a5c47556b99416 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 13 Jan 2023 17:57:59 +0100
+Subject: [PATCH 11/18] Prevent creating DSA and DH keys without parameters
+ through import
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+---
+ providers/implementations/keymgmt/dh_kmgmt.c  | 4 ++--
+ providers/implementations/keymgmt/dsa_kmgmt.c | 5 +++--
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
+index 58a5fd009f..c2d87b4a7f 100644
+--- a/providers/implementations/keymgmt/dh_kmgmt.c
++++ b/providers/implementations/keymgmt/dh_kmgmt.c
+@@ -198,8 +198,8 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
+     if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
+         return 0;
+ 
+-    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+-        ok = ok && ossl_dh_params_fromdata(dh, params);
++    /* a key without parameters is meaningless */
++    ok = ok && ossl_dh_params_fromdata(dh, params);
+ 
+     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+         int include_private =
+diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
+index 100e917167..881680c085 100644
+--- a/providers/implementations/keymgmt/dsa_kmgmt.c
++++ b/providers/implementations/keymgmt/dsa_kmgmt.c
+@@ -199,8 +199,9 @@ static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
+     if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
+         return 0;
+ 
+-    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+-        ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params);
++    /* a key without parameters is meaningless */
++    ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params);
++
+     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+         int include_private =
+             selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
+-- 
+2.39.1
+
+From fab4973801bdc11c29c4c8ccf65cf39cbc63ce9b Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 13 Jan 2023 17:59:52 +0100
+Subject: [PATCH 12/18] Do not create DSA keys without parameters by decoder
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+---
+ crypto/x509/x_pubkey.c                        | 24 +++++++++++++++++++
+ include/crypto/x509.h                         |  3 +++
+ .../encode_decode/decode_der2key.c            |  2 +-
+ 3 files changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
+index bc90ddd89b..77790faa1f 100644
+--- a/crypto/x509/x_pubkey.c
++++ b/crypto/x509/x_pubkey.c
+@@ -745,6 +745,30 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
+     return key;
+ }
+ 
++/* Called from decoders; disallows provided DSA keys without parameters. */
++DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
++{
++    DSA *key = NULL;
++    const unsigned char *data;
++    const BIGNUM *p, *q, *g;
++
++    data = *pp;
++    key = d2i_DSA_PUBKEY(NULL, &data, length);
++    if (key == NULL)
++        return NULL;
++    DSA_get0_pqg(key, &p, &q, &g);
++    if (p == NULL || q == NULL || g == NULL) {
++        DSA_free(key);
++        return NULL;
++    }
++    *pp = data;
++    if (a != NULL) {
++        DSA_free(*a);
++        *a = key;
++    }
++    return key;
++}
++
+ int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp)
+ {
+     EVP_PKEY *pktmp;
+diff --git a/include/crypto/x509.h b/include/crypto/x509.h
+index 1f00178e89..0c42730ee9 100644
+--- a/include/crypto/x509.h
++++ b/include/crypto/x509.h
+@@ -339,6 +339,9 @@ void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub);
+ 
+ RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length);
+ int ossl_i2d_RSA_PSS_PUBKEY(const RSA *a, unsigned char **pp);
++# ifndef OPENSSL_NO_DSA
++DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
++# endif /* OPENSSL_NO_DSA */
+ # ifndef OPENSSL_NO_DH
+ DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length);
+ int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp);
+diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
+index ebc2d24833..d6ad738ef3 100644
+--- a/providers/implementations/encode_decode/decode_der2key.c
++++ b/providers/implementations/encode_decode/decode_der2key.c
+@@ -374,7 +374,7 @@ static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
+                              (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);
+ }
+ 
+-# define dsa_d2i_PUBKEY                 (d2i_of_void *)d2i_DSA_PUBKEY
++# define dsa_d2i_PUBKEY                 (d2i_of_void *)ossl_d2i_DSA_PUBKEY
+ # define dsa_free                       (free_key_fn *)DSA_free
+ # define dsa_check                      NULL
+ 
+-- 
+2.39.1
+
+From 7e37185582995b35f885fec9dcc3670af9ffcbef Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 13 Jan 2023 18:46:15 +0100
+Subject: [PATCH 13/18] Add test for DSA pubkey without param import and check
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+---
+ test/recipes/91-test_pkey_check.t             |  48 ++++++++++++++----
+ .../91-test_pkey_check_data/dsapub.pem        |  12 +++++
+ .../dsapub_noparam.der                        | Bin 0 -> 108 bytes
+ 3 files changed, 49 insertions(+), 11 deletions(-)
+ create mode 100644 test/recipes/91-test_pkey_check_data/dsapub.pem
+ create mode 100644 test/recipes/91-test_pkey_check_data/dsapub_noparam.der
+
+diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t
+index 612a3e3d6c..015d7805db 100644
+--- a/test/recipes/91-test_pkey_check.t
++++ b/test/recipes/91-test_pkey_check.t
+@@ -11,19 +11,24 @@ use strict;
+ use warnings;
+ 
+ use File::Spec;
+-use OpenSSL::Test qw/:DEFAULT data_file/;
++use OpenSSL::Test qw/:DEFAULT data_file with/;
+ use OpenSSL::Test::Utils;
+ 
+ sub pkey_check {
+     my $f = shift;
++    my $pubcheck = shift;
++    my @checkopt = ('-check');
+ 
+-    return run(app(['openssl', 'pkey', '-check', '-text',
++    @checkopt = ('-pubcheck', '-pubin') if $pubcheck;
++
++    return run(app(['openssl', 'pkey', @checkopt, '-text',
+                     '-in', $f]));
+ }
+ 
+ sub check_key {
+     my $f = shift;
+     my $should_fail = shift;
++    my $pubcheck = shift;
+     my $str;
+ 
+ 
+@@ -33,11 +38,10 @@ sub check_key {
+     $f = data_file($f);
+ 
+     if ( -s $f ) {
+-        if ($should_fail) {
+-            ok(!pkey_check($f), $str);
+-        } else {
+-            ok(pkey_check($f), $str);
+-        }
++        with({ exit_checker => sub { return shift == $should_fail; } },
++            sub {
++                ok(pkey_check($f, $pubcheck), $str);
++            });
+     } else {
+         fail("Missing file $f");
+     }
+@@ -66,15 +70,37 @@ push(@positive_tests, (
+     "dhpkey.pem"
+     )) unless disabled("dh");
+ 
++my @negative_pubtests = ();
++
++push(@negative_pubtests, (
++    "dsapub_noparam.der"
++    )) unless disabled("dsa");
++
++my @positive_pubtests = ();
++
++push(@positive_pubtests, (
++    "dsapub.pem"
++    )) unless disabled("dsa");
++
+ plan skip_all => "No tests within the current enabled feature set"
+-    unless @negative_tests && @positive_tests;
++    unless @negative_tests && @positive_tests
++           && @negative_pubtests && @positive_pubtests;
+ 
+-plan tests => scalar(@negative_tests) + scalar(@positive_tests);
++plan tests => scalar(@negative_tests) + scalar(@positive_tests)
++              + scalar(@negative_pubtests) + scalar(@positive_pubtests);
+ 
+ foreach my $t (@negative_tests) {
+-    check_key($t, 1);
++    check_key($t, 1, 0);
+ }
+ 
+ foreach my $t (@positive_tests) {
+-    check_key($t, 0);
++    check_key($t, 0, 0);
++}
++
++foreach my $t (@negative_pubtests) {
++    check_key($t, 1, 1);
++}
++
++foreach my $t (@positive_pubtests) {
++    check_key($t, 0, 1);
+ }
+diff --git a/test/recipes/91-test_pkey_check_data/dsapub.pem b/test/recipes/91-test_pkey_check_data/dsapub.pem
+new file mode 100644
+index 0000000000..0ff4bd83ed
+--- /dev/null
++++ b/test/recipes/91-test_pkey_check_data/dsapub.pem
+@@ -0,0 +1,12 @@
++-----BEGIN PUBLIC KEY-----
++MIIBvzCCATQGByqGSM44BAEwggEnAoGBAIjbXpOVVciVNuagg26annKkghIIZFI4
++4WdMomnV+I/oXyxHbZTBBBpW9xy/E1+yMjbp4GmX+VxyDj3WxUWxXllzL+miEkzD
++9Xz638VzIBhjFbMvk1/N4kS4bKVUd9yk7HfvYzAdnRphk0WI+RoDiDrBNPPxSoQD
++CEWgvwgsLIDhAh0A6dbz1IQpQwGF4+Ca28x6OO+UfJJv3ggeZ++fNwKBgQCA9XKV
++lRrTY8ALBxS0KbZjpaIXuUj5nr3i1lIDyP3ISksDF0ekyLtn6eK9VijX6Pm65Np+
++4ic9Nr5WKLKhPaUSpLNRx1gDqo3sd92hYgiEUifzEuhLYfK/CsgFED+l2hDXtJUq
++bISNSHVwI5lsyNXLu7HI1Fk8F5UO3LqsboFAngOBhAACgYATxFY89nEYcUhgHGgr
++YDHhXBQfMKnTKYdvon4DN7WQ9ip+t4VUsLpTD1ZE9zrM2R/B04+8C6KGoViwyeER
++kS4dxWOkX71x4X2DlNpYevcR53tNcTDqmMD7YKfDDmrb0lftMyfW8aESaiymVMys
++DRjhKHBjdo0rZeSM8DAk3ctrXA==
++-----END PUBLIC KEY-----
+diff --git a/test/recipes/91-test_pkey_check_data/dsapub_noparam.der b/test/recipes/91-test_pkey_check_data/dsapub_noparam.der
+new file mode 100644
+index 0000000000000000000000000000000000000000..b8135f1ca94da914b6829421e0c13f6daa731862
+GIT binary patch
+literal 108
+zcmXpIGT>xm*J|@PXTieE%*wz71<Xv0AT}3_&&0^YB*etj0OvEYF$n`XLd*y;pgagL
+U3o&W4F|x9<gY>|F5F-Nv0Bz9(=Kufz
+
+literal 0
+HcmV?d00001
+
+-- 
+2.39.1
+
+From 2ad9928170768653d19d81881deabc5f9c1665c0 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 3 Feb 2023 14:57:04 +0100
+Subject: [PATCH 18/18] Internaly declare the DSA type for no-deprecated builds
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(cherry picked from commit 7a21a1b5fa2dac438892cf3292d1f9c445d870d9)
+---
+ include/crypto/types.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/include/crypto/types.h b/include/crypto/types.h
+index 0d81404091..0a75f03a3f 100644
+--- a/include/crypto/types.h
++++ b/include/crypto/types.h
+@@ -20,6 +20,9 @@ typedef struct rsa_meth_st RSA_METHOD;
+ typedef struct ec_key_st EC_KEY;
+ typedef struct ec_key_method_st EC_KEY_METHOD;
+ #  endif
++#  ifndef OPENSSL_NO_DSA
++typedef struct dsa_st DSA;
++#  endif
+ # endif
+ 
+ # ifndef OPENSSL_NO_EC
+-- 
+2.39.1
+
diff --git a/openssl.spec b/openssl.spec
index f3c7b83..009b267 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -161,6 +161,7 @@ Patch102: 0102-CVE-2022-4304-RSA-time-oracle.patch
 Patch103: 0103-CVE-2022-4450-pem-read-bio.patch
 Patch104: 0104-CVE-2023-0215-UAF-bio.patch
 Patch105: 0105-CVE-2023-0216-pkcs7-deref.patch
+Patch106: 0106-CVE-2023-0217-dsa.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -502,6 +503,8 @@ install -m644 %{SOURCE9} \
   Resolves: CVE-2023-0215
 - Fixed Invalid pointer dereference in d2i_PKCS7 functions
   Resolves: CVE-2023-0216
+- Fixed NULL dereference validating DSA public key
+  Resolves: CVE-2023-0217
 
 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode

From 8673fb7c22f4c336e6a4c091352a53b71cc9b53f Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 8 Feb 2023 12:00:43 +0100
Subject: [PATCH 27/28] Fixed X.400 address type confusion in X.509 GeneralName

Resolves: 0107-CVE-2023-0286-X400.patch
---
 0107-CVE-2023-0286-X400.patch | 63 +++++++++++++++++++++++++++++++++++
 openssl.spec                  |  3 ++
 2 files changed, 66 insertions(+)
 create mode 100644 0107-CVE-2023-0286-X400.patch

diff --git a/0107-CVE-2023-0286-X400.patch b/0107-CVE-2023-0286-X400.patch
new file mode 100644
index 0000000..b3d7a15
--- /dev/null
+++ b/0107-CVE-2023-0286-X400.patch
@@ -0,0 +1,63 @@
+From 2f7530077e0ef79d98718138716bc51ca0cad658 Mon Sep 17 00:00:00 2001
+From: Hugo Landau <hlandau@openssl.org>
+Date: Tue, 17 Jan 2023 17:45:42 +0000
+Subject: [PATCH 14/18] CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address
+ (3.0)
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ CHANGES.md                  | 19 +++++++++++++++++++
+ crypto/x509/v3_genn.c       |  2 +-
+ include/openssl/x509v3.h.in |  2 +-
+ test/v3nametest.c           |  8 ++++++++
+ 4 files changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509/v3_genn.c b/crypto/x509/v3_genn.c
+index c0a7166cd0..1741c2d2f6 100644
+--- a/crypto/x509/v3_genn.c
++++ b/crypto/x509/v3_genn.c
+@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+         return -1;
+     switch (a->type) {
+     case GEN_X400:
+-        result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++        result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
+         break;
+ 
+     case GEN_EDIPARTY:
+diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
+index d00a66a343..c087e3cf92 100644
+--- a/include/openssl/x509v3.h.in
++++ b/include/openssl/x509v3.h.in
+@@ -154,7 +154,7 @@ typedef struct GENERAL_NAME_st {
+         OTHERNAME *otherName;   /* otherName */
+         ASN1_IA5STRING *rfc822Name;
+         ASN1_IA5STRING *dNSName;
+-        ASN1_TYPE *x400Address;
++        ASN1_STRING *x400Address;
+         X509_NAME *directoryName;
+         EDIPARTYNAME *ediPartyName;
+         ASN1_IA5STRING *uniformResourceIdentifier;
+diff --git a/test/v3nametest.c b/test/v3nametest.c
+index 6d2e2f8e27..0341995dde 100644
+--- a/test/v3nametest.c
++++ b/test/v3nametest.c
+@@ -644,6 +644,14 @@ static struct gennamedata {
+             0xb7, 0x09, 0x02, 0x02
+         },
+         15
++    }, {
++        /*
++         * Regression test for CVE-2023-0286.
++         */
++        {
++            0xa3, 0x00
++        },
++        2
+     }
+ };
+ 
+-- 
+2.39.1
+
diff --git a/openssl.spec b/openssl.spec
index 009b267..6b893a3 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -162,6 +162,7 @@ Patch103: 0103-CVE-2022-4450-pem-read-bio.patch
 Patch104: 0104-CVE-2023-0215-UAF-bio.patch
 Patch105: 0105-CVE-2023-0216-pkcs7-deref.patch
 Patch106: 0106-CVE-2023-0217-dsa.patch
+Patch107: 0107-CVE-2023-0286-X400.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -505,6 +506,8 @@ install -m644 %{SOURCE9} \
   Resolves: CVE-2023-0216
 - Fixed NULL dereference validating DSA public key
   Resolves: CVE-2023-0217
+- Fixed X.400 address type confusion in X.509 GeneralName
+  Resolves: CVE-2023-0286
 
 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode

From 9d8f6182089dd1cb32f8385c49fc810b76873f82 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Wed, 8 Feb 2023 12:07:16 +0100
Subject: [PATCH 28/28] Fixed NULL dereference during PKCS7 data verification

Resolves: CVE-2023-0401
---
 0108-CVE-2023-0401-pkcs7-md.patch | 150 ++++++++++++++++++++++++++++++
 openssl.spec                      |   3 +
 2 files changed, 153 insertions(+)
 create mode 100644 0108-CVE-2023-0401-pkcs7-md.patch

diff --git a/0108-CVE-2023-0401-pkcs7-md.patch b/0108-CVE-2023-0401-pkcs7-md.patch
new file mode 100644
index 0000000..7608f56
--- /dev/null
+++ b/0108-CVE-2023-0401-pkcs7-md.patch
@@ -0,0 +1,150 @@
+From d3b6dfd70db844c4499bec6ad6601623a565e674 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 18 Jan 2023 09:27:53 +0100
+Subject: [PATCH 15/18] pk7_doit.c: Check return of BIO_set_md() calls
+
+These calls invoke EVP_DigestInit() which can fail for digests
+with implicit fetches. Subsequent EVP_DigestUpdate() from BIO_write()
+or EVP_DigestFinal() from BIO_read() will segfault on NULL
+dereference. This can be triggered by an attacker providing
+PKCS7 data digested with MD4 for example if the legacy provider
+is not loaded.
+
+If BIO_set_md() fails the md BIO cannot be used.
+
+CVE-2023-0401
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+---
+ crypto/pkcs7/pk7_doit.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
+index bde9ac4787..5e562fbea5 100644
+--- a/crypto/pkcs7/pk7_doit.c
++++ b/crypto/pkcs7/pk7_doit.c
+@@ -84,7 +84,11 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
+     }
+     (void)ERR_pop_to_mark();
+ 
+-    BIO_set_md(btmp, md);
++    if (BIO_set_md(btmp, md) <= 0) {
++        ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
++        EVP_MD_free(fetched);
++        goto err;
++    }
+     EVP_MD_free(fetched);
+     if (*pbio == NULL)
+         *pbio = btmp;
+@@ -522,7 +526,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+             }
+             (void)ERR_pop_to_mark();
+ 
+-            BIO_set_md(btmp, md);
++            if (BIO_set_md(btmp, md) <= 0) {
++                EVP_MD_free(evp_md);
++                ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
++                goto err;
++            }
+             EVP_MD_free(evp_md);
+             if (out == NULL)
+                 out = btmp;
+-- 
+2.39.1
+
+From a0f2359613f50b5ca6b74b78bf4b54d7dc925fd2 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 18 Jan 2023 17:07:24 +0100
+Subject: [PATCH 16/18] Add testcase for missing return check of BIO_set_md()
+ calls
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+---
+ test/recipes/80-test_cms.t                  | 15 ++++++++--
+ test/recipes/80-test_cms_data/pkcs7-md4.pem | 32 +++++++++++++++++++++
+ 2 files changed, 45 insertions(+), 2 deletions(-)
+ create mode 100644 test/recipes/80-test_cms_data/pkcs7-md4.pem
+
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index fd53683e6b..d45789de70 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -13,7 +13,7 @@ use warnings;
+ use POSIX;
+ use File::Spec::Functions qw/catfile/;
+ use File::Compare qw/compare_text compare/;
+-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with/;
++use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with data_file/;
+ 
+ use OpenSSL::Test::Utils;
+ 
+@@ -50,7 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
+ 
+ $no_rc2 = 1 if disabled("legacy");
+ 
+-plan tests => 13;
++plan tests => 14;
+ 
+ ok(run(test(["pkcs7_test"])), "test pkcs7");
+ 
+@@ -941,6 +941,17 @@ subtest "CMS binary input tests\n" => sub {
+        "verify binary input with -binary missing -crlfeol");
+ };
+ 
++# Test case for missing MD algorithm (must not segfault)
++
++with({ exit_checker => sub { return shift == 4; } },
++    sub {
++        ok(run(app(['openssl', 'smime', '-verify', '-noverify',
++                    '-inform', 'PEM',
++                    '-in', data_file("pkcs7-md4.pem"),
++                   ])),
++            "Check failure of EVP_DigestInit is handled correctly");
++    });
++
+ sub check_availability {
+     my $tnam = shift;
+ 
+diff --git a/test/recipes/80-test_cms_data/pkcs7-md4.pem b/test/recipes/80-test_cms_data/pkcs7-md4.pem
+new file mode 100644
+index 0000000000..ecff611deb
+--- /dev/null
++++ b/test/recipes/80-test_cms_data/pkcs7-md4.pem
+@@ -0,0 +1,32 @@
++-----BEGIN PKCS7-----
++MIIFhAYJKoZIhvcNAQcCoIIFdTCCBXECAQExDjAMBggqhkiG9w0CBAUAMB0GCSqG
++SIb3DQEHAaAQBA5UZXN0IGNvbnRlbnQNCqCCAyQwggMgMIICCKADAgECAgECMA0G
++CSqGSIb3DQEBCwUAMA0xCzAJBgNVBAMMAkNBMCAXDTE2MDExNTA4MTk0OVoYDzIx
++MTYwMTE2MDgxOTQ5WjAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJ
++KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU
++fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC
++76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz
++BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl
++V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv
++0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaN9
++MHswHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOiMB8GA1UdIwQYMBaAFLQR
++M/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH
++AwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1wbGUwDQYJKoZIhvcNAQELBQADggEB
++AEG0PE9hQuXlvtUULv9TQ2BXy9MmTjOk+dQwxDhAXYBYMUB6TygsqvPXwpDwz8MS
++EPGCRqh5cQwtPoElQRU1i4URgcQMZquXScwNFcvE6AATF/PdN/+mOwtqFrlpYfs3
++IJIpYL6ViQg4n8pv+b/pCwMmhewQLwCGs9+omHNTOwKjEiVoNaprAfj5Lxt15fS2
+++zZW0mT9Y4kfEypetrqSAjh8CDK+vaQhkeKdDfJyBfjS4ALfxvCkT3mQnsWFJ9CU
++TVG3uw6ylSPT3wN3RE0Ofa4rI5PESogQsd/DgBc7dcDO3yoPKGjycR3/GJDqqCxC
++e9dr6FJEnDjaDf9zNWyTFHExggITMIICDwIBATASMA0xCzAJBgNVBAMMAkNBAgEC
++MAwGCCqGSIb3DQIEBQCggdQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
++hkiG9w0BCQUxDxcNMjMwMTE4MTU0NzExWjAfBgkqhkiG9w0BCQQxEgQQRXO4TKpp
++RgA4XHb8bD1pczB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgB
++ZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAN
++BggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
++AQEFAASCAQAe+xlm/TGg/s/7b0xBc3FFnmmUDEe7ljkehIx61OnBV9ZWA+LcBX/7
++kmMSMdaHjRq4w8FmwBMLzn0ttXVqf0QuPbBF/E6X5EqK9lpOdkUQhNiN2v+ZfY6c
++lrH4ADsSD9D+UHw0sxo5KEF+PPuneUfYCJZosFUJosBbuSEXK0C9yfJoDKVE8Syp
++0vdqh73ogLeNgZLAUGSSB66OmHDxwgAj4qPAv6FHFBy1Xs4uFZER5vniYrH9OrAk
++Z6XdvzDoYZC4XcGMDtcOpOM6D4owqy5svHPDw8wIlM4GVhrTw7CQmuBz5uRNnf6a
++ZK3jZIxG1hr/INaNWheHoPIhPblYaVc6
++-----END PKCS7-----
+-- 
+2.39.1
+
diff --git a/openssl.spec b/openssl.spec
index 6b893a3..f8d2451 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -163,6 +163,7 @@ Patch104: 0104-CVE-2023-0215-UAF-bio.patch
 Patch105: 0105-CVE-2023-0216-pkcs7-deref.patch
 Patch106: 0106-CVE-2023-0217-dsa.patch
 Patch107: 0107-CVE-2023-0286-X400.patch
+Patch108: 0108-CVE-2023-0401-pkcs7-md.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -508,6 +509,8 @@ install -m644 %{SOURCE9} \
   Resolves: CVE-2023-0217
 - Fixed X.400 address type confusion in X.509 GeneralName
   Resolves: CVE-2023-0286
+- Fixed NULL dereference during PKCS7 data verification
+  Resolves: CVE-2023-0401
 
 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode