import libgcrypt-1.10.0-8.el9_0

SOURCES/libgcrypt-1.10.0-allow-short-salt.patch

@@ -48,4 +48,30 @@ index c98247d8..aee5bffb 100644
  
 -- 
 2.37.1
+commit 02718ade6ab5eee38169c2102097166770a2456d
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Thu Oct 20 16:33:11 2022 +0200
 
+    visiblity: Check the HMAC key length in FIPS mode
+    
+    ---
+    * src/visibility.c (gcry_md_setkey): Check the HMAC key length in FIPS
+      mode also in the md_ API.
+    
+    Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+diff --git a/src/visibility.c b/src/visibility.c
+index 150b197d..73db3dea 100644
+--- a/src/visibility.c
++++ b/src/visibility.c
+@@ -1357,6 +1357,10 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
+ {
+   if (!fips_is_operational ())
+     return gpg_error (fips_not_operational ());
++
++  if (fips_mode () && keylen < 14)
++    return GPG_ERR_INV_VALUE;
++
+   return gpg_error (_gcry_md_setkey (hd, key, keylen));
+ }
+ 

SOURCES/libgcrypt-1.10.0-fips-disable-oaep.patch

@@ -1,151 +0,0 @@
-From 34d8fc576b3a06dd205f45327a971eb6771e808c Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 17 Aug 2022 09:01:44 +0200
-Subject: [PATCH 1/2] Disable RSA-OAEP padding in FIPS mode
-
-* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block OAEP padding
-  in FIPS mode for encryption
-* cipher/rsa.c (rsa_decrypt): Block OAEP padding in FIPS mode for
-  decryption
----
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- cipher/pubkey-util.c | 5 ++++-
- cipher/rsa.c         | 3 ++-
- 2 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
-index 4953caf3..244dd5d4 100644
---- a/cipher/pubkey-util.c
-+++ b/cipher/pubkey-util.c
-@@ -1092,7 +1092,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
-       const void * value;
-       size_t valuelen;
- 
--      if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
-+      /* The RSA OAEP encryption requires some more assurances in FIPS */
-+      if (fips_mode ())
-+        rc = GPG_ERR_INV_FLAG;
-+      else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
- 	rc = GPG_ERR_INV_OBJ;
-       else
- 	{
-diff --git a/cipher/rsa.c b/cipher/rsa.c
-index 96dba090..87f57b55 100644
---- a/cipher/rsa.c
-+++ b/cipher/rsa.c
-@@ -1457,7 +1457,8 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
-       rc = GPG_ERR_INV_DATA;
-       goto leave;
-     }
--  if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
-+  if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1 ||
-+                       ctx.encoding == PUBKEY_ENC_OAEP))
-     {
-       rc = GPG_ERR_INV_FLAG;
-       goto leave;
--- 
-2.37.1
-
-
-From c6d64e697c2748a49e875060aa753fc568c5f772 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 17 Aug 2022 10:31:19 +0200
-Subject: [PATCH 2/2] tests: Expect the OEAP tests to fail in FIPS mode
-
-* tests/basic.c (check_pubkey_crypt): Expect the OAEP padding encryption
-  to fail in FIPS mode
-* tests/pkcs1v2.c (check_oaep): Expect the OAEP tests to fail in FIPS
-  mode
----
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- tests/basic.c   | 14 +++++++++-----
- tests/pkcs1v2.c | 13 +++++++++++++
- 2 files changed, 22 insertions(+), 5 deletions(-)
-
-diff --git a/tests/basic.c b/tests/basic.c
-index 26980e15..b4102c9f 100644
---- a/tests/basic.c
-+++ b/tests/basic.c
-@@ -16892,21 +16892,24 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
- 	"(flags oaep)",
- 	1,
- 	0,
--	0 },
-+	0,
-+	FLAG_NOFIPS },
-       { GCRY_PK_RSA,
-         "(data\n (flags oaep)\n (hash-algo sha1)\n"
- 	" (value #11223344556677889900AA#))\n",
- 	"(flags oaep)(hash-algo sha1)",
- 	1,
- 	0,
--	0 },
-+	0,
-+	FLAG_NOFIPS },
-       { GCRY_PK_RSA,
-         "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n"
- 	" (value #11223344556677889900AA#))\n",
- 	"(flags oaep)(hash-algo sha1)(label \"test\")",
- 	1,
- 	0,
--	0 },
-+	0,
-+	FLAG_NOFIPS },
-       { GCRY_PK_RSA,
-         "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n"
- 	" (value #11223344556677889900AA#)\n"
-@@ -16914,7 +16917,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
- 	"(flags oaep)(hash-algo sha1)(label \"test\")",
- 	1,
- 	0,
--	0 },
-+	0,
-+	FLAG_NOFIPS },
-       {	0,
-         "(data\n (flags )\n" " (value #11223344556677889900AA#))\n",
- 	NULL,
-@@ -16960,7 +16964,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
- 	"(flags pkcs1)",
- 	1,
- 	0,
--	GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
-+	GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL | FLAG_NOFIPS },
-       {	0,
-         "(data\n (flags pss)\n"
- 	" (value #11223344556677889900AA#))\n",
-diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
-index 6c7f3d81..2fd495d5 100644
---- a/tests/pkcs1v2.c
-+++ b/tests/pkcs1v2.c
-@@ -186,11 +186,24 @@ check_oaep (void)
-           err = gcry_pk_encrypt (&ciph, plain, pub_key);
-           if (err)
-             {
-+              if (in_fips_mode)
-+                {
-+                  gcry_sexp_release (plain);
-+                  plain = NULL;
-+                  continue;
-+                }
-               show_sexp ("plain:\n", ciph);
-               fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err));
-             }
-           else
-             {
-+              if (in_fips_mode)
-+                {
-+                  fail ("The OAEP encryption unexpectedly worked in FIPS mode\n");
-+                  gcry_sexp_release (plain);
-+                  plain = NULL;
-+                  continue;
-+                }
-               if (extract_cmp_data (ciph, "a", tbl[tno].m[mno].encr,
-                                     tbl[tno].m[mno].desc))
-                 {
--- 
-2.37.1
-

SOURCES/libgcrypt-1.10.0-fips-disable-pkcs1.5.patch

@@ -1,219 +0,0 @@
-From c7709f7b23848abf4ba65cb99cb2a9e9c7ebdefc Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Fri, 1 Apr 2022 18:29:08 +0200
-Subject: [PATCH 1/3] Do not allow PKCS #1.5 padding for encryption in FIPS
-
-* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block PKCS #1.5
-  padding for encryption in FIPS mode
-* cipher/rsa.c (rsa_decrypt): Block PKCS #1.5 decryption in FIPS mode
---
-
-GnuPG-bug-id: 5918
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- cipher/pubkey-util.c | 5 ++++-
- cipher/rsa.c         | 5 +++++
- 2 files changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
-index 68defea6..4953caf3 100644
---- a/cipher/pubkey-util.c
-+++ b/cipher/pubkey-util.c
-@@ -957,7 +957,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
-       void *random_override = NULL;
-       size_t random_override_len = 0;
- 
--      if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
-+      /* The RSA PKCS#1.5 encryption is no longer supported by FIPS */
-+      if (fips_mode ())
-+        rc = GPG_ERR_INV_FLAG;
-+      else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
-         rc = GPG_ERR_INV_OBJ;
-       else
-         {
-diff --git a/cipher/rsa.c b/cipher/rsa.c
-index 771413b3..c6319b67 100644
---- a/cipher/rsa.c
-+++ b/cipher/rsa.c
-@@ -1391,6 +1391,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
-       rc = GPG_ERR_INV_DATA;
-       goto leave;
-     }
-+  if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
-+    {
-+      rc = GPG_ERR_INV_FLAG;
-+      goto leave;
-+    }
- 
-   /* Extract the key.  */
-   rc = sexp_extract_param (keyparms, NULL, "nedp?q?u?",
--- 
-2.34.1
-
-
-From 299e2f93415984919181e0ee651719bbf83bdd2f Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Fri, 1 Apr 2022 18:31:05 +0200
-Subject: [PATCH 2/3] tests: Replace custom bit with more generic flags
-
-* tests/basic.c (global): New flag FLAG_SPECIAL
-  (check_pubkey_crypt): Change to use bitfield flags
-
---
-
-GnuPG-bug-id: 5918
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- tests/basic.c | 19 ++++++++++---------
- 1 file changed, 10 insertions(+), 9 deletions(-)
-
-diff --git a/tests/basic.c b/tests/basic.c
-index a0ad33eb..1c6cb40b 100644
---- a/tests/basic.c
-+++ b/tests/basic.c
-@@ -55,11 +55,12 @@ typedef struct test_spec_pubkey
- }
- test_spec_pubkey_t;
- 
--#define FLAG_CRYPT  (1 << 0)
--#define FLAG_SIGN   (1 << 1)
--#define FLAG_GRIP   (1 << 2)
--#define FLAG_NOFIPS (1 << 3)
--#define FLAG_CFB8   (1 << 4)
-+#define FLAG_CRYPT   (1 << 0)
-+#define FLAG_SIGN    (1 << 1)
-+#define FLAG_GRIP    (1 << 2)
-+#define FLAG_NOFIPS  (1 << 3)
-+#define FLAG_CFB8    (1 << 4)
-+#define FLAG_SPECIAL (1 << 5)
- 
- static int in_fips_mode;
- 
-@@ -15558,7 +15559,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
-     int unpadded;
-     int encrypt_expected_rc;
-     int decrypt_expected_rc;
--    int special;
-+    int flags;
-   } datas[] =
-     {
-       {	GCRY_PK_RSA,
-@@ -15642,14 +15643,14 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
- 	"(flags oaep)",
- 	1,
- 	0,
--	GPG_ERR_ENCODING_PROBLEM, 1 },
-+	GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
-       { GCRY_PK_RSA,
-         "(data\n (flags oaep)\n"
- 	" (value #11223344556677889900AA#))\n",
- 	"(flags pkcs1)",
- 	1,
- 	0,
--	GPG_ERR_ENCODING_PROBLEM, 1 },
-+	GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
-       {	0,
-         "(data\n (flags pss)\n"
- 	" (value #11223344556677889900AA#))\n",
-@@ -15725,7 +15726,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
- 	      ciph = list;
- 	    }
- 	  rc = gcry_pk_decrypt (&plain, ciph, skey);
--          if (!rc && datas[dataidx].special == 1)
-+          if (!rc && (datas[dataidx].flags & FLAG_SPECIAL))
-             {
-               /* It may happen that OAEP formatted data which is
-                  decrypted as pkcs#1 data returns a valid pkcs#1
--- 
-2.34.1
-
-
-From f736f3c70182d9c948f9105eb769c47c5578df35 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Fri, 1 Apr 2022 18:34:42 +0200
-Subject: [PATCH 3/3] tests: Expect the RSA PKCS #1.5 encryption to fail in
- FIPS mode
-
-* tests/basic.c (check_pubkey_crypt): Expect RSA PKCS #1.5 encryption to
-  fail in FIPS mode. Expect failure when wrong padding is selected
-* tests/pkcs1v2.c (check_v15crypt): Expect RSA PKCS #1.5 encryption to
-  fail in FIPS mode
---
-
-GnuPG-bug-id: 5918
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- tests/basic.c   | 11 +++++++----
- tests/pkcs1v2.c | 14 +++++++++++++-
- 2 files changed, 20 insertions(+), 5 deletions(-)
-
-diff --git a/tests/basic.c b/tests/basic.c
-index 1c6cb40b..85764591 100644
---- a/tests/basic.c
-+++ b/tests/basic.c
-@@ -15568,14 +15568,16 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
- 	NULL,
- 	0,
- 	0,
--	0 },
-+	0,
-+	FLAG_NOFIPS },
-       {	GCRY_PK_RSA,
-         "(data\n (flags pkcs1)\n"
- 	" (value #11223344556677889900AA#))\n",
- 	"(flags pkcs1)",
- 	1,
- 	0,
--	0 },
-+	0,
-+	FLAG_NOFIPS },
-       { GCRY_PK_RSA,
-         "(data\n (flags oaep)\n"
- 	" (value #11223344556677889900AA#))\n",
-@@ -15677,7 +15679,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
- 	die ("converting data failed: %s\n", gpg_strerror (rc));
- 
-       rc = gcry_pk_encrypt (&ciph, data, pkey);
--      if (in_fips_mode && (flags & FLAG_NOFIPS))
-+      if (in_fips_mode && ((flags & FLAG_NOFIPS) ||
-+                           (datas[dataidx].flags & FLAG_NOFIPS)))
-         {
-           if (!rc)
-             fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n");
-@@ -15726,7 +15729,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
- 	      ciph = list;
- 	    }
- 	  rc = gcry_pk_decrypt (&plain, ciph, skey);
--          if (!rc && (datas[dataidx].flags & FLAG_SPECIAL))
-+          if ((!rc || in_fips_mode) && (datas[dataidx].flags & FLAG_SPECIAL))
-             {
-               /* It may happen that OAEP formatted data which is
-                  decrypted as pkcs#1 data returns a valid pkcs#1
-diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
-index f26e779b..6c7f3d81 100644
---- a/tests/pkcs1v2.c
-+++ b/tests/pkcs1v2.c
-@@ -454,7 +454,19 @@ check_v15crypt (void)
-           gcry_free (seed);
- 
-           err = gcry_pk_encrypt (&ciph, plain, pub_key);
--          if (err)
-+          if (in_fips_mode)
-+            {
-+              if (!err)
-+                {
-+                  fail ("gcry_pk_encrypt should have failed in FIPS mode:\n");
-+                }
-+              gcry_sexp_release (plain);
-+              plain = NULL;
-+              gcry_sexp_release (ciph);
-+              ciph = NULL;
-+              continue;
-+            }
-+          else if (err)
-             {
-               show_sexp ("plain:\n", ciph);
-               fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err));
--- 
-2.34.1
-

SOURCES/libgcrypt-1.10.0-fips-getrandom.patch

@@ -24,15 +24,24 @@ diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
 index 7580873e..db4b09ed 100644
 --- a/random/rndgetentropy.c
 +++ b/random/rndgetentropy.c
-@@ -82,7 +82,10 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
+@@ -82,9 +82,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
+        * never blocking once the kernel is seeded.  */
+       do
          {
-           nbytes = length < sizeof (buffer)? length : sizeof (buffer);
+-          nbytes = length < sizeof (buffer)? length : sizeof (buffer);
            _gcry_pre_syscall ();
 -          ret = getentropy (buffer, nbytes);
 +          if (fips_mode ())
-+            ret = getrandom (buffer, nbytes, GRND_RANDOM);
++            {
++              /* The getrandom API returns maximum 32 B of strong entropy */
++              nbytes = length < 32 ? length : 32;
++              ret = getrandom (buffer, nbytes, GRND_RANDOM);
++            }
 +          else
-+            ret = getentropy (buffer, nbytes);
++            {
++              nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
++              ret = getentropy (buffer, nbytes);
++            }
            _gcry_post_syscall ();
          }
        while (ret == -1 && errno == EINTR);

SOURCES/libgcrypt-1.10.0-fips-kdf.patch

@@ -0,0 +1,87 @@
+From 3c04b692de1e7b45b764ff8d66bf84609b012e3a Mon Sep 17 00:00:00 2001
+From: Tobias Heider <tobias.heider@canonical.com>
+Date: Tue, 27 Sep 2022 13:31:05 +0900
+Subject: [PATCH] kdf:pkdf2: Check minimum allowed key size when running in
+ FIPS mode.
+
+* cipher/kdf.c (_gcry_kdf_pkdf2): Add output length check.
+
+--
+
+GnuPG-bug-id: 6219
+---
+ cipher/kdf.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/cipher/kdf.c b/cipher/kdf.c
+index 81523320..67c60df8 100644
+--- a/cipher/kdf.c
++++ b/cipher/kdf.c
+@@ -160,6 +160,10 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
+     return GPG_ERR_INV_VALUE;
+ #endif
+ 
++  /* Check minimum key size */
++  if (fips_mode () && dklen < 14)
++    return GPG_ERR_INV_VALUE;
++
+ 
+   /* Step 2 */
+   l = ((dklen - 1)/ hlen) + 1;
+-- 
+2.37.3
+From e5a5e847b66eb6b80e60a2dffa347268f059aee3 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 4 Oct 2022 12:44:54 +0200
+Subject: [PATCH] tests: Reproducer for short dklen in FIPS mode
+
+* tests/t-kdf.c (check_pbkdf2): Add test vector with short dklen and
+  verify it fails in FIPS mode
+--
+
+GnuPG-bug-id: 6219
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ tests/t-kdf.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/tests/t-kdf.c b/tests/t-kdf.c
+index c0192d7b..716fb53e 100644
+--- a/tests/t-kdf.c
++++ b/tests/t-kdf.c
+@@ -909,6 +909,14 @@ check_pbkdf2 (void)
+       "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
+       "\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6"
+     },
++    {
++      "password", 8,
++      "salt", 4,
++      GCRY_MD_SHA1,
++      1,
++      10, /* too short dklen for FIPS */
++      "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
++    },
+     {
+       "password", 8,
+       "salt", 4,
+@@ -1109,7 +1117,7 @@ check_pbkdf2 (void)
+                              GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
+                              tv[tvidx].salt, tv[tvidx].saltlen,
+                              tv[tvidx].c, tv[tvidx].dklen, outbuf);
+-      if (in_fips_mode && tvidx > 6)
++      if (in_fips_mode && tvidx > 7)
+         {
+           if (!err)
+             fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
+@@ -1118,7 +1126,7 @@ check_pbkdf2 (void)
+         }
+       if (err)
+         {
+-          if (in_fips_mode && tv[tvidx].plen < 14)
++          if (in_fips_mode && (tv[tvidx].plen < 14 || tv[tvidx].dklen < 14))
+             {
+               if (verbose)
+                 fprintf (stderr,
+-- 
+2.37.3
+

SOURCES/libgcrypt-1.10.0-fips-keygen.patch

@@ -0,0 +1,55 @@
+From cd30ed3c0d715aa0c58a32a29cfb1476163a5b94 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 20 Apr 2022 15:09:41 +0900
+Subject: [PATCH] cipher: Change the bounds for RSA key generation round.
+
+* cipher/rsa.c (generate_fips): Use 10 for p, 20 for q.
+
+--
+
+Constants from FIPS 186-5-draft.
+
+GnuPG-bug-id: 5919
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ cipher/rsa.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/cipher/rsa.c b/cipher/rsa.c
+index 486a34f0..771413b3 100644
+--- a/cipher/rsa.c
++++ b/cipher/rsa.c
+@@ -476,7 +476,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+ 
+  retry:
+   /* generate p and q */
+-  for (i = 0; i < 5 * pbits; i++)
++  for (i = 0; i < 10 * pbits; i++)
+     {
+     ploop:
+       if (!testparms)
+@@ -506,10 +506,10 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+       else if (testparms)
+         goto err;
+     }
+-  if (i >= 5 * pbits)
++  if (i >= 10 * pbits)
+     goto err;
+ 
+-  for (i = 0; i < 5 * pbits; i++)
++  for (i = 0; i < 20 * pbits; i++)
+     {
+     qloop:
+       if (!testparms)
+@@ -555,7 +555,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+       else if (testparms)
+         goto err;
+     }
+-  if (i >= 5 * pbits)
++  if (i >= 20 * pbits)
+     goto err;
+ 
+   if (testparms)
+-- 
+2.37.3
+

SOURCES/libgcrypt-1.10.0-fips-selftest.patch

@@ -921,3 +921,279 @@ index 78c26f2f..9d14a474 100644
  
 -- 
 2.37.1
+
+--
+
+ACVP testing uses the test-parms option to specify p and q to be checked
+for primality. When test-parms is specified, generate_fips() always
+returns keys with p=q=0. These keys then fail the pairwise consistency
+test, because they cannot be used to successfully sign a message and
+verify the signature.
+
+Skip the PCT when test-parms is specified.
+
+Add a regression test to check that this functionality continues to work
+in the future.
+
+Signed-off-by: Clemens Lang <cllang at redhat.com>
+---
+ cipher/rsa.c           |   5 +-
+ tests/Makefile.am      |   2 +-
+ tests/t-rsa-testparm.c | 130 +++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 135 insertions(+), 2 deletions(-)
+ create mode 100644 tests/t-rsa-testparm.c
+
+diff --git a/cipher/rsa.c b/cipher/rsa.c
+index 87f57b55..1a935d80 100644
+--- a/cipher/rsa.c
++++ b/cipher/rsa.c
+@@ -1218,6 +1218,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
+   int flags = 0;
+   gcry_sexp_t l1;
+   gcry_sexp_t swap_info = NULL;
++  int testparms = 0;
+ 
+   memset (&sk, 0, sizeof sk);
+ 
+@@ -1274,6 +1275,8 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
+         }
+       deriveparms = (genparms? sexp_find_token (genparms, "test-parms", 0)
+                      /**/    : NULL);
++      if (deriveparms)
++        testparms = 1;
+ 
+       /* Generate.  */
+       if (deriveparms || fips_mode ())
+@@ -1311,7 +1314,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
+   mpi_free (sk.u);
+   sexp_release (swap_info);
+ 
+-  if (!ec && fips_mode () && test_keys_fips (*r_skey))
++  if (!ec && !testparms && fips_mode () && test_keys_fips (*r_skey))
+     {
+       sexp_release (*r_skey); *r_skey = NULL;
+       fips_signal_error ("self-test after key generation failed");
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index f65725bc..302d923b 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -28,7 +28,7 @@ tests_bin = \
+ 	t-mpi-bit t-mpi-point curves t-lock \
+ 	prime basic keygen pubkey hmac hashtest t-kdf keygrip \
+ 	fips186-dsa aeswrap pkcs1v2 random dsa-rfc6979 \
+-	t-dsa t-ecdsa t-rsa-pss t-rsa-15 \
++	t-dsa t-ecdsa t-rsa-pss t-rsa-15 t-rsa-testparm \
+ 	t-ed25519 t-cv25519 t-x448 t-ed448
+
+ tests_bin_last = benchmark bench-slope
+diff --git a/tests/t-rsa-testparm.c b/tests/t-rsa-testparm.c
+new file mode 100644
+index 00000000..65617855
+--- /dev/null
++++ b/tests/t-rsa-testparm.c
+@@ -0,0 +1,130 @@
++/* t-rsa-testparm.c - Check the RSA Key Generation test-parm parameter
++ * Copyright (C) 2022 g10 Code GmbH
++ *
++ * This file is part of Libgcrypt.
++ *
++ * Libgcrypt is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU Lesser General Public License as
++ * published by the Free Software Foundation; either version 2.1 of
++ * the License, or (at your option) any later version.
++ *
++ * Libgcrypt is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program; if not, see <https://www.gnu.org/licenses/>.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <gcrypt.h>
++
++#include "stopwatch.h"
++
++#define PGM "t-rsa-testparm"
++#include "t-common.h"
++
++
++static void
++check_rsa_testparm ()
++{
++  gpg_error_t err;
++  gcry_sexp_t keyspec = NULL;
++  gcry_sexp_t key = NULL;
++  const char *sexp = "(genkey (rsa (nbits \"2048\") (test-parms "
++    "(e \"65537\")"
++    "(p #00bbccabcee15d343944a47e492d4b1f4de79633e20cbb46f7d2d6813392a807ad048"
++        "cf77528edd19f77e7453f25173b9dcb70423afa2037aae147b81a33d541fc58f875ef"
++        "f1e852ab55e2e09a3debfbc151b3b0d17fef6f74d81fca14fbae531418e211ef81859"
++        "2af70de5cec3b92795cc3578572bf456099cd8727150e523261#)"
++    "(q #00ca87ecf2883f4ed00a9ec65abdeba81d28edbfcc34ecc563d587f166b52d42bfbe2"
++        "2bbc095b0b8426a2f8bbc55baaa8859b42cbc376ed3067db3ef7b135b63481322911e"
++        "bbd7014db83aa051e0ca2dbf302b75cd37f2ae8df90e134226e92f6353a284b28bb30"
++        "af0bbf925b345b955328379866ebac11d55bc80fe84f105d415#)"
++    ")))";
++
++  info ("Checking RSA KeyGen test-parm parameter.\n");
++
++  err = gcry_sexp_build (&keyspec, NULL, sexp);
++  if (err)
++    {
++      fail ("error building SEXP for test: %s", gpg_strerror (err));
++      goto leave;
++    }
++
++  err = gcry_pk_genkey (&key, keyspec);
++  if (err)
++    {
++      fail ("gcry_pk_genkey failed for test: %s", gpg_strerror (err));
++      goto leave;
++    }
++
++leave:
++  if (key)
++    gcry_sexp_release (key);
++  if (keyspec)
++    gcry_sexp_release (keyspec);
++}
++
++
++int
++main (int argc, char **argv)
++{
++  int last_argc = -1;
++
++  if (argc)
++    { argc--; argv++; }
++
++  while (argc && last_argc != argc )
++    {
++      last_argc = argc;
++      if (!strcmp (*argv, "--"))
++        {
++          argc--; argv++;
++          break;
++        }
++      else if (!strcmp (*argv, "--help"))
++        {
++          fputs ("usage: " PGM " [options]\n"
++                 "Options:\n"
++                 "  --verbose       print timings etc.\n"
++                 "  --debug         flyswatter\n",
++                 stdout);
++          exit (0);
++        }
++      else if (!strcmp (*argv, "--verbose"))
++        {
++          verbose++;
++          argc--; argv++;
++        }
++      else if (!strcmp (*argv, "--debug"))
++        {
++          verbose += 2;
++          debug++;
++          argc--; argv++;
++        }
++      else if (!strncmp (*argv, "--", 2))
++        die ("unknown option '%s'", *argv);
++
++    }
++
++  xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
++  if (!gcry_check_version (GCRYPT_VERSION))
++    die ("version mismatch\n");
++  if (debug)
++    xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 0xffffffff, 0));
++
++  start_timer ();
++  check_rsa_testparm ();
++  stop_timer ();
++
++  info ("All tests completed in %s.  Errors: %d\n",
++        elapsed_time (1), error_count);
++  return !!error_count;
++}
+-- 
+2.37.3
+From 149f6f8654fdeaf7aa1ff8ac3d00d7454c0e6eff Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 5 Oct 2022 16:50:08 +0200
+Subject: [PATCH] fips: Mark gcry_pk_encrypt/decrypt function non-approved
+
+* src/fips.c (_gcry_fips_indicator_function): Fix typo in sign/verify
+  function names and add gcry_pk_encrypt and gcry_pk_decrypt.
+--
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/fips.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/fips.c b/src/fips.c
+index 9a524ea4..6599121c 100644
+--- a/src/fips.c
++++ b/src/fips.c
+@@ -395,8 +395,10 @@ _gcry_fips_indicator_function (va_list arg_ptr)
+ {
+   const char *function = va_arg (arg_ptr, const char *);
+ 
+-  if (strcmp (function, "gcry_sign") == 0 ||
+-      strcmp (function, "gcry_verify") == 0)
++  if (strcmp (function, "gcry_pk_sign") == 0 ||
++      strcmp (function, "gcry_pk_verify") == 0 ||
++      strcmp (function, "gcry_pk_encrypt") == 0 ||
++      strcmp (function, "gcry_pk_decrypt") == 0)
+     return GPG_ERR_NOT_SUPPORTED;
+ 
+   return GPG_ERR_NO_ERROR;
+-- 
+2.37.3
+
+From f91a0ab12d242815f74bf26c6076e9cf7a790023 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 6 Oct 2022 09:30:24 +0200
+Subject: [PATCH] cipher: Do not run RSA encryption selftest by default
+
+* cipher/rsa.c (selftests_rsa): Skip encryption selftest as this
+  operation is not claimed as part of the certification.
+---
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ cipher/rsa.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/cipher/rsa.c b/cipher/rsa.c
+index 56dde3d1..df4af94b 100644
+--- a/cipher/rsa.c
++++ b/cipher/rsa.c
+@@ -2169,10 +2169,13 @@ selftests_rsa (selftest_report_func_t report, int extended)
+   if (errtxt)
+     goto failed;
+ 
+-  what = "encrypt";
+-  errtxt = selftest_encr_2048 (pkey, skey);
+-  if (errtxt)
+-    goto failed;
++  if (extended)
++    {
++      what = "encrypt";
++      errtxt = selftest_encr_2048 (pkey, skey);
++      if (errtxt)
++        goto failed;
++    }
+ 
+   sexp_release (pkey);
+   sexp_release (skey);
+-- 
+2.37.3
+

SOURCES/libgcrypt-1.10.0-sha3-large.patch

@@ -0,0 +1,621 @@
+From 2c1bb2f34f2812888f75c476037afae6d9e21798 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 23 Sep 2022 18:39:20 +0200
+Subject: [PATCH] keccak: Use size_t to avoid integer overflow
+
+Any input to the SHA3 functions > 4GB was giving wrong result when it
+was invoked in one-shot, while working correctly when it was fed by
+chunks. It turned out that the calculation in the `keccak_write`
+overflows the `unsigned int` type (`nlanes * 8` does not fit 32b when
+the `inlen` > 4GB).
+
+* cipher/keccak-armv7-neon.S: Fix function name in comment and change
+  parameter type to size_t
+* cipher/keccak.c (keccak_ops_t): Change absorb function signature to
+  use size_t
+  (keccak_absorb_lanes64_avx512): Change nlanes type to size_t
+  (_gcry_keccak_absorb_lanes64_armv7_neon): Ditto.
+  (keccak_absorb_lanes64_armv7_neon): Ditto.
+  (keccak_absorb_lanes32bi): Ditto.
+  (keccak_absorb_lanes32bi_bmi2): Ditto.
+  (keccak_write): Change nlanes variable to use size_t and avoid
+  overflow when calculating count.
+* cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): Change
+  nlanes argument to use size_t.
+
+---
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ cipher/keccak-armv7-neon.S | 10 +++++-----
+ cipher/keccak.c            | 20 ++++++++++----------
+ cipher/keccak_permute_64.h |  2 +-
+ 3 files changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/cipher/keccak-armv7-neon.S b/cipher/keccak-armv7-neon.S
+index 0bec8d50..28a284a1 100644
+--- a/cipher/keccak-armv7-neon.S
++++ b/cipher/keccak-armv7-neon.S
+@@ -467,11 +467,11 @@ _gcry_keccak_permute_armv7_neon:
+ .ltorg
+ .size _gcry_keccak_permute_armv7_neon,.-_gcry_keccak_permute_armv7_neon;
+ 
+-@//unsigned _gcry_keccak_permute_armv7_neon(u64 *state, @r4
+-@					    int pos,    @r1
+-@					    const byte *lanes,   @r2
+-@					    unsigned int nlanes, @r3
+-@					    int blocklanes) @ r5 callable from C
++@//unsigned _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, @r4
++@						int pos,    @r1
++@						const byte *lanes,   @r2
++@						size_t nlanes, @r3
++@						int blocklanes) @ r5 callable from C
+ .p2align 3
+ .global   _gcry_keccak_absorb_lanes64_armv7_neon
+ .type  _gcry_keccak_absorb_lanes64_armv7_neon,%function;
+diff --git a/cipher/keccak.c b/cipher/keccak.c
+index e7e42473..6c385f71 100644
+--- a/cipher/keccak.c
++++ b/cipher/keccak.c
+@@ -131,7 +131,7 @@ typedef struct
+ {
+   unsigned int (*permute)(KECCAK_STATE *hd);
+   unsigned int (*absorb)(KECCAK_STATE *hd, int pos, const byte *lanes,
+-			 unsigned int nlanes, int blocklanes);
++			 size_t nlanes, int blocklanes);
+   unsigned int (*extract) (KECCAK_STATE *hd, unsigned int pos, byte *outbuf,
+ 			   unsigned int outlen);
+ } keccak_ops_t;
+@@ -513,7 +513,7 @@ static const keccak_ops_t keccak_avx512_64_ops =
+ unsigned int _gcry_keccak_permute_armv7_neon(u64 *state);
+ unsigned int _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, int pos,
+ 						    const byte *lanes,
+-						    unsigned int nlanes,
++						    size_t nlanes,
+ 						    int blocklanes);
+ 
+ static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd)
+@@ -523,7 +523,7 @@ static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd)
+ 
+ static unsigned int
+ keccak_absorb_lanes64_armv7_neon(KECCAK_STATE *hd, int pos, const byte *lanes,
+-				 unsigned int nlanes, int blocklanes)
++				 size_t nlanes, int blocklanes)
+ {
+   if (blocklanes < 0)
+     {
+@@ -571,7 +571,7 @@ static const keccak_ops_t keccak_armv7_neon_64_ops =
+ 
+ static unsigned int
+ keccak_absorb_lanes32bi(KECCAK_STATE *hd, int pos, const byte *lanes,
+-		        unsigned int nlanes, int blocklanes)
++		        size_t nlanes, int blocklanes)
+ {
+   unsigned int burn = 0;
+ 
+@@ -653,7 +653,7 @@ keccak_absorb_lane32bi_bmi2(u32 *lane, u32 x0, u32 x1)
+ 
+ static unsigned int
+ keccak_absorb_lanes32bi_bmi2(KECCAK_STATE *hd, int pos, const byte *lanes,
+-		             unsigned int nlanes, int blocklanes)
++		             size_t nlanes, int blocklanes)
+ {
+   unsigned int burn = 0;
+ 
+@@ -873,7 +873,8 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen)
+   const byte *inbuf = inbuf_arg;
+   unsigned int nburn, burn = 0;
+   unsigned int count, i;
+-  unsigned int pos, nlanes;
++  unsigned int pos;
++  size_t nlanes;
+ 
+ #ifdef USE_S390X_CRYPTO
+   if (ctx->kimd_func)
+@@ -918,8 +919,7 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen)
+       burn = nburn > burn ? nburn : burn;
+       inlen -= nlanes * 8;
+       inbuf += nlanes * 8;
+-      count += nlanes * 8;
+-      count = count % bsize;
++      count = ((size_t) count + nlanes * 8) % bsize;
+     }
+ 
+   if (inlen)
+diff --git a/cipher/keccak_permute_64.h b/cipher/keccak_permute_64.h
+index b28c871e..45ef462f 100644
+--- a/cipher/keccak_permute_64.h
++++ b/cipher/keccak_permute_64.h
+@@ -292,7 +292,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd)
+ 
+ static unsigned int
+ KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes,
+-			      unsigned int nlanes, int blocklanes)
++			      size_t nlanes, int blocklanes)
+ {
+   unsigned int burn = 0;
+ 
+-- 
+GitLab
+
+
+
+From 910dcbcef36e1cd3de3dde192d829a1513273e14 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Sun, 25 Sep 2022 22:23:22 +0300
+Subject: [PATCH] tests/hashtest: add hugeblock & disable-hwf options and 6 gig
+ test vectors
+
+* .gitignore: Add 'tests/hashtest-6g'.
+* configure.ac: Add 'tests/hashtest-6g'.
+* tests/Makefile: Add 'hashtest-6g'.
+* tests/hashtest-6g.in: New.
+* tests/hashtest-256g.in: Add SHA3-512 to algos.
+* tests/hashtest.c (use_hugeblock): New.
+(testvectors): Add 256 GiB test vectors for BLAKE2S, BLAKE2B and
+whirlpool; Add 6 GiB test vectors for SHA1, SHA256, SHA512, SHA3, SM3,
+BLAKE2S, BLAKE2B, WHIRLPOOL, CRC32 and CRC24.
+(run_longtest); Use huge 5 GiB pattern block when requested.
+(main): Add '--hugeblock' and '--disable-hwf' options.
+* tests/testdrv.c: Add 'hashtest-6g'; Add SHA3 to 'hashtest-256g'.
+---
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+---
+ .gitignore             |   1 +
+ configure.ac           |   1 +
+ tests/Makefile.am      |   9 +-
+ tests/hashtest-256g.in |   2 +-
+ tests/hashtest-6g.in   |   7 ++
+ tests/hashtest.c       | 249 +++++++++++++++++++++++++++++++++++++++--
+ tests/testdrv.c        |   7 +-
+ 7 files changed, 261 insertions(+), 15 deletions(-)
+ create mode 100644 tests/hashtest-6g.in
+
+diff --git a/configure.ac b/configure.ac
+index c8f24dcc..c39257b5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3511,6 +3511,7 @@ src/libgcrypt.pc
+ src/versioninfo.rc
+ tests/Makefile
+ ])
++AC_CONFIG_FILES([tests/hashtest-6g], [chmod +x tests/hashtest-6g])
+ AC_CONFIG_FILES([tests/hashtest-256g], [chmod +x tests/hashtest-256g])
+ AC_CONFIG_FILES([tests/basic-disable-all-hwf], [chmod +x tests/basic-disable-all-hwf])
+ AC_OUTPUT
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 302d923b..75aa5cf7 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -44,13 +44,14 @@ tests_bin_last = benchmark bench-slope
+ 
+ tests_sh = basic-disable-all-hwf
+ 
+-tests_sh_last = hashtest-256g
++tests_sh_last = hashtest-6g hashtest-256g
+ 
+ TESTS = $(tests_bin) $(tests_sh) $(tests_bin_last) $(tests_sh_last)
+ 
+ # Force sequential run of some tests.
+ bench-slope.log:    benchmark.log
+-hashtest-256g.log:  bench-slope.log
++hashtest-6g.log:    bench-slope.log
++hashtest-256g.log:  hashtest-6g.log
+ 
+ 
+ TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1
+@@ -76,8 +77,8 @@ CLEANFILES = testdrv-build
+ EXTRA_DIST = README rsa-16k.key \
+ 	     pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \
+ 	     t-ed25519.inp t-ed448.inp t-dsa.inp t-ecdsa.inp t-rsa-15.inp \
+-	     t-rsa-pss.inp stopwatch.h hashtest-256g.in sha3-224.h \
+-	     sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \
++	     t-rsa-pss.inp stopwatch.h hashtest-6g.in hashtest-256g.in \
++	     sha3-224.h sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \
+ 	     basic-disable-all-hwf.in basic_all_hwfeature_combinations.sh
+ 
+ LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) @LDADD_FOR_TESTS_KLUDGE@
+diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in
+index a52b8692..44b69897 100755
+--- a/tests/hashtest-256g.in
++++ b/tests/hashtest-256g.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+ 
+-algos="SHA1 SHA256 SHA512 SM3"
++algos="SHA1 SHA256 SHA512 SHA3-512 SM3"
+ 
+ test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77
+ echo "      now running 256 GiB tests for $algos - this takes looong"
+diff --git a/tests/hashtest-6g.in b/tests/hashtest-6g.in
+new file mode 100644
+index 00000000..b3f3e2ff
+--- /dev/null
++++ b/tests/hashtest-6g.in
+@@ -0,0 +1,7 @@
++#!/bin/sh
++
++algos="SHA1 SHA256 SHA512 SHA3-512 SM3 BLAKE2S_256 BLAKE2B_512 CRC32 CRC24RFC2440"
++
++test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77
++echo "      now running 6 GiB tests for $algos - this can take long"
++exec ./hashtest@EXEEXT@ --hugeblock --gigs 6 $algos
+diff --git a/tests/hashtest.c b/tests/hashtest.c
+index 4c9704f3..9389e50c 100644
+--- a/tests/hashtest.c
++++ b/tests/hashtest.c
+@@ -34,6 +34,7 @@
+ #define PGM "hashtest"
+ #include "t-common.h"
+ 
++static int use_hugeblock;
+ static int missing_test_vectors;
+ 
+ static struct {
+@@ -113,6 +114,169 @@ static struct {
+   { GCRY_MD_SM3, 256, +64,
+     "ed34869dbadd62e3bec1f511004d7bbfc9cafa965477cc48843b248293bbe867" },
+ 
++  { GCRY_MD_BLAKE2S_256, 256, -64,
++    "8a3d4f712275e8e8da70c76501cce364c75f8dd09748be58cf63c9ce38d62627" },
++  { GCRY_MD_BLAKE2S_256, 256, -1,
++    "0c01c9ad1e60e27dc889f2c9034a949ca8b9a9dc90dd99be64963af306d47b92" },
++  { GCRY_MD_BLAKE2S_256, 256, +0,
++    "f8c43d5c4bad93aca702c8c466987c5ac5e640a29b37dd9904252ff27b2348a0" },
++  { GCRY_MD_BLAKE2S_256, 256, +1,
++    "24c34b167b4eea1a7eb7d572ff3cf669a9856ea91bb112e9ef2ccd4b1aceccb4" },
++  { GCRY_MD_BLAKE2S_256, 256, +64,
++    "2f8d754f98e2d4ed7744389f89d0bdb9b770c9fa215b8badd3129ea1364af867" },
++
++  { GCRY_MD_BLAKE2B_512, 256, -64,
++    "36d32ae4deeacab4119401c52e2aec5545675bd2dce4f67871ddc73671a05f94"
++    "e8332c2a31f32f5601878606a571aa7b43029dac3ae71cf9ef141d05651dc4bf" },
++  { GCRY_MD_BLAKE2B_512, 256, -1,
++    "b5dc439f51664a6c9cbc87e2de98ce608ac4064a779e5140909d75d2120c9b2a"
++    "a1d4ae7be9c1ba97025be91ddcfbe42c791c3231cffbfa4b5368ba18f9590e1b" },
++  { GCRY_MD_BLAKE2B_512, 256, +0,
++    "c413d011ba9abbf118dd96bfc827f5fd94493d8350df9f7aff834faace5adba2"
++    "0c3037069dfb2c81718ffc7b418ce1c1320d334b6fe8cddfb5d2dd19eb530853" },
++  { GCRY_MD_BLAKE2B_512, 256, +1,
++    "b6dfb821f1c8167fb33995c29485010da56abd539c3d04ab9c222844301b8bba"
++    "6f57a48e45a748e40847084b93f26706aae82212550671c736becffcc6fb1496" },
++  { GCRY_MD_BLAKE2B_512, 256, +64,
++    "8c21316a4a02044e302d503d0fe669d905c40d9d80ecd5aafc8e30f1df06736f"
++    "51fdaf6002160bb8fe4e868eaad9623fc5ecdd728bcbfee4a19b386503710f48" },
++
++  { GCRY_MD_WHIRLPOOL, 256, -64,
++    "aabf62344c1aa82d2dc7605f339b3571d540f1f320f97e6a8c0229645ee61f1f"
++    "da796acde2f96caa1c56eb2c2f9a6029a6242ad690479def66feac44334cc3af" },
++  { GCRY_MD_WHIRLPOOL, 256, -1,
++    "9a35ec14aa9cefd40e04295d45d39f3111a98c2d76d90c54a7d2b8f2f5b9302b"
++    "79663eab6b6674625c3ae3e4b5dbb3b0a2f5b2f49a7a59cd1723e2b16a3efea2" },
++  { GCRY_MD_WHIRLPOOL, 256, +0,
++    "818ad31a5110b6217cc6ffa099d554aaadc9566bf5291e104a5d58b21d51ae4d"
++    "c216c6de888d1359066c584e24e6606f530a3fce80ef78aed8564de4a28801c8" },
++  { GCRY_MD_WHIRLPOOL, 256, +1,
++    "298805f5fc68488712427c1bcb27581d91aa04337c1c6b4657489ed3d239bb8b"
++    "c70ef654065d380ac1f5596aca5cb59e6da8044b5a067e32ea4cd94ca606f9f3" },
++  { GCRY_MD_WHIRLPOOL, 256, +64,
++    "7bd35c3bee621bc0fb8907904b3b84d6cf4fae4c22cc64fbc744c8c5c8de806d"
++    "0f11a27892d531dc907426597737762c83e3ddcdc62f50d16d130aaefaeec436" },
++
++  { GCRY_MD_SHA1, 6, -64,
++    "eeee82d952403313bd63d6d7c8e342df0a1eea77" },
++  { GCRY_MD_SHA1, 6, -1,
++    "8217b9f987d67db5880bcfff1d6763a6514d629f" },
++  { GCRY_MD_SHA1, 6, +0,
++    "2b38aa63c05668217e5331320a4aee0adad7fc3b" },
++  { GCRY_MD_SHA1, 6, +1,
++    "f3222de4d0704554cff0a537bc95b30f15daa94f" },
++  { GCRY_MD_SHA1, 6, +64,
++    "b3bdd8065bb92d8208d55d28fad2281c6fbf2601" },
++
++  { GCRY_MD_SHA256, 6, -64,
++    "a2d5add5be904b70d6ef9bcd5feb9c6cfc2be0799732a122d9eccb576ff5a922" },
++  { GCRY_MD_SHA256, 6, -1,
++    "88293b7e0e5a47fdef1148c6e510f95272770db6b5296958380209ba57db7a5d" },
++  { GCRY_MD_SHA256, 6, +0,
++    "ccee8e8dfc366eba67471e49c45057b0041be0d2206c6de1aa765ce07ecfc434" },
++  { GCRY_MD_SHA256, 6, +1,
++    "f4a89e92b38e0e61ee17079dc31411de06cfe1f77c83095ae1a2e7aa0205d94b" },
++  { GCRY_MD_SHA256, 6, +64,
++    "338708608c2356ed2927a85b08fe745223c6140243fb3a87f309e12b31b946a8" },
++
++  { GCRY_MD_SHA512, 6, -64,
++    "658f52850932633c00b2f1d65b874c540ab84e2c0fe84a8a6c35f8e90e6f6a9c"
++    "2f7e0ccca5064783562a42ad8f47eab48687aaf6998b04ee94441e82c14e834d" },
++  { GCRY_MD_SHA512, 6, -1,
++    "9ead6d66b46a3a72d77c7990874cfebc1575e5bfda6026430d76b3db6cc62d52"
++    "4ca0dd2674b9c24208b2e780d75542572eee8df6724acadcc23a03eed8f82f0a" },
++  { GCRY_MD_SHA512, 6, +0,
++    "03e4549eb28bd0fb1606c321f1498503b5e889bec8d799cf0688567c7f8ac0d9"
++    "a7ec4e84d1d729d6a359797656e286617c3ef82abb51991bb576aaf05f7b6573" },
++  { GCRY_MD_SHA512, 6, +1,
++    "ffe52f6385ccde6fa7d45845787d8f9993fdcb5833fb58b13c424a84e39ea50f"
++    "52d40e254fe667cb0104ffe3837dc8d0eee3c81721cb8eac10d5851dfb1f91db" },
++  { GCRY_MD_SHA512, 6, +64,
++    "4a19da3d5eaaa79ac1eaff5e4062f23ee56573411f8d302f7bf3c6da8779bd00"
++    "a936e9ad7f535597a49162ed308b0cced7724667f97a1bb24540152fcfe3ec95" },
++
++  { GCRY_MD_SHA3_512, 6, -64,
++    "a99f2913d3beb9b45273402e30daa4d25c7a5e9eb8cf6039996eb2292a45c04c"
++    "b9e3a1a187f71920626f465ed6cf7dc34047ec5578e05516374bb9c56683903a" },
++  { GCRY_MD_SHA3_512, 6, -1,
++    "fca50bde79c55e5fc4c9d97e66eb5cfacef7032395848731e645ca42f07f8d38"
++    "be1d593727c2a82b9a9bc058ebc9744971f867fa920cfa902023448243ac017b" },
++  { GCRY_MD_SHA3_512, 6, +0,
++    "c61bb345c0a553edaa89fd38114ac9799b6d307ba8e3cde53552ad4c77cfe4b7"
++    "2671d82c1519c8e7b23153a9268e2939239564fc7c2060608aa42955e938840d" },
++  { GCRY_MD_SHA3_512, 6, +1,
++    "502a83d8d1b977312806382a45c1cc9c0e7db437ca962e37eb181754d59db686"
++    "14d91df286d510411adf69f7c9befc1027bdc0c33a48a5dd6ae0957b9061e7ca" },
++  { GCRY_MD_SHA3_512, 6, +64,
++    "207bfb83ae788ddd4531188567f0892bbddbbc88d69bc196b2357bee3e668706"
++    "c27f832ecb50e9ae5b63e9f384bdc37373958d4a14f3825146d2f6b1a65d8e51" },
++
++  { GCRY_MD_SM3, 6, -64,
++    "41d96d19cef4c942b0f5f4cdc3e1afe440dc62c0bc103a2c0e9eee9e1733a74a" },
++  { GCRY_MD_SM3, 6, -1,
++    "b7689cc4ef6c7dc795b9e5e6998e5cc3dc1daec02bc1181cdbef8d6812b4957a" },
++  { GCRY_MD_SM3, 6, +0,
++    "c6eae4a82052423cf98017bde4dee8769947c66120a1a2ff79f0f0dc945a3272" },
++  { GCRY_MD_SM3, 6, +1,
++    "f6590f161fee11529585c7a9dfc725f8b81951e49b616844097a3dbdc9ffdbec" },
++  { GCRY_MD_SM3, 6, +64,
++    "f3277fa90c47afe5e4fc52374aadf8e96bc29c2b5a7a4ebf5d704245ada837ea" },
++
++  { GCRY_MD_BLAKE2S_256, 6, -64,
++    "0f3c17610777c34d40a0d11a93d5e5ed444ce16edefebabd0bc8e30392d5c2db" },
++  { GCRY_MD_BLAKE2S_256, 6, -1,
++    "92cbcf142c45de9d64da9791c51dce4e32b58f74d9f3d201b1ea74deac765f51" },
++  { GCRY_MD_BLAKE2S_256, 6, +0,
++    "b20702cb5a0bee2ab104f38eb513429589310a7edde81dd1f40043be7d16d0de" },
++  { GCRY_MD_BLAKE2S_256, 6, +1,
++    "bfc17dc74930989841da05aac08402bf0dcb4a597b17c52402a516ea7e541cdf" },
++  { GCRY_MD_BLAKE2S_256, 6, +64,
++    "d85588cdf5a00bec1327da02f22f1a10b68dd9d6b730f30a3aa65af3a51c1722" },
++
++  { GCRY_MD_BLAKE2B_512, 6, -64,
++    "30b6015f94524861b04b83f0455be10a993460e0f8f0fd755fc3d0270b0c7d00"
++    "039a6e01684ce0689ce4ef70932bd19a676acf4b4ea521c30337d2f445fc2055" },
++  { GCRY_MD_BLAKE2B_512, 6, -1,
++    "49abef820ad7fc5e6ed9b63acddce639a69dcd749b0798b140216649bc3b927c"
++    "637dbe1cb39a41bbafe7f8b675401ccdcf69a7fba227ae4cda5cd28b9ff36776" },
++  { GCRY_MD_BLAKE2B_512, 6, +0,
++    "4182a7307a89391b78af9dbc3ba1e8d643708abbed5919086aa6e2bc65ae9597"
++    "e40229450c86ac5d3117b006427dd0131f5ae4c1a1d64c81420d2731536c81d8" },
++  { GCRY_MD_BLAKE2B_512, 6, +1,
++    "33c0d9e65b1b18e9556134a08c1e725c19155bbf6ed4349d7d6d678f1827fef3"
++    "74b6e3381471f3d3fff7ffbcb9474ce9038143b99e25cd5f8afbb336313d4648" },
++  { GCRY_MD_BLAKE2B_512, 6, +64,
++    "d2d7f388611af78a2ea40b06f99993cff156afd25cbc47695bdb567d4d35b992"
++    "0ff8c325c359a2bdeddf54ececc671ac7b981031e90a7d63d6e0415ec4484282" },
++
++  { GCRY_MD_WHIRLPOOL, 6, -64,
++    "247707d1f9cf31b90ee68527144b1c20ad5ce96293bdccd1a81c8f40bc9df10c"
++    "e7441ac3b3097162d6fbf4d4b67b8fa09de451e2d920f16aad78c47ab00cb833" },
++  { GCRY_MD_WHIRLPOOL, 6, -1,
++    "af49e4a553bdbec1fdafc41713029e0fb1666894753c0ab3ecb280fc5af6eff8"
++    "253120745a229d7a8b5831711e4fd16ed0741258504d8a47e2b42aa2f1886968" },
++  { GCRY_MD_WHIRLPOOL, 6, +0,
++    "f269ffa424bc2aad2da654f01783fc9b2b431219f2b05784d718da0935e78792"
++    "9207b000ebbfb63dfdcc8adf8e5bd321d9616c1b8357430b9be6cb4640df8609" },
++  { GCRY_MD_WHIRLPOOL, 6, +1,
++    "52b77eb13129151b69b63c09abb655dc9cb046cafd4cbf7d4a82ae04b61ef9e6"
++    "531dde04cae7c5ab400ed8ee8da2e3f490d177289b2b3aa29b12b292954b902c" },
++  { GCRY_MD_WHIRLPOOL, 6, +64,
++    "60a950c92f3f08abbc81c41c86ce0463679ffd5ab420e988e15b210615b454ae"
++    "69607d14a1806fa44aacf8c926fbdcee998af46f56e0c642d3fb4ee54c8fb917" },
++
++  { GCRY_MD_CRC32, 6, -64, "20739052" },
++  { GCRY_MD_CRC32, 6, -1,  "971a5a74" },
++  { GCRY_MD_CRC32, 6, +0,  "bf48113c" },
++  { GCRY_MD_CRC32, 6, +1,  "c7678ad5" },
++  { GCRY_MD_CRC32, 6, +64, "1efa7255" },
++
++  { GCRY_MD_CRC24_RFC2440, 6, -64, "747e81" },
++  { GCRY_MD_CRC24_RFC2440, 6, -1,  "deb97d" },
++  { GCRY_MD_CRC24_RFC2440, 6, +0,  "7d5bea" },
++  { GCRY_MD_CRC24_RFC2440, 6, +1,  "acc351" },
++  { GCRY_MD_CRC24_RFC2440, 6, +64, "9d9032" },
++
+   { 0 }
+ };
+ 
+@@ -251,12 +415,38 @@ run_longtest (int algo, int gigs)
+   gcry_md_hd_t hd_post = NULL;
+   gcry_md_hd_t hd_post2 = NULL;
+   char pattern[1024];
+-  int i, g;
++  char *hugepattern = NULL;
++  size_t hugesize;
++  size_t hugegigs;
++  int i, g, gppos, gptot;
+   const unsigned char *digest;
+   unsigned int digestlen;
+ 
+   memset (pattern, 'a', sizeof pattern);
+ 
++  if (use_hugeblock)
++    {
++      hugegigs = 5;
++      if (sizeof(size_t) >= 8)
++        {
++          hugesize = hugegigs*1024*1024*1024;
++          hugepattern = malloc(hugesize);
++          if (hugepattern != NULL)
++            memset(hugepattern, 'a', hugesize);
++          else
++            show_note ("failed to allocate %d GiB huge pattern block: %s",
++                       hugegigs, strerror(errno));
++        }
++      else
++        show_note ("cannot allocate %d GiB huge pattern block on 32-bit system",
++                   hugegigs);
++    }
++  if (hugepattern == NULL)
++    {
++      hugegigs = 0;
++      hugesize = 0;
++    }
++
+   err = gcry_md_open (&hd, algo, 0);
+   if (err)
+     {
+@@ -267,9 +457,17 @@ run_longtest (int algo, int gigs)
+ 
+   digestlen = gcry_md_get_algo_dlen (algo);
+ 
+-
+-  for (g=0; g < gigs; g++)
++  gppos = 0;
++  gptot = 0;
++  for (g=0; g < gigs; )
+     {
++      if (gppos >= 16)
++        {
++          gptot += 16;
++          gppos -= 16;
++          show_note ("%d GiB so far hashed with %s", gptot,
++                     gcry_md_algo_name (algo));
++        }
+       if (g == gigs - 1)
+         {
+           for (i = 0; i < 1024*1023; i++)
+@@ -283,16 +481,24 @@ run_longtest (int algo, int gigs)
+             die ("gcry_md_copy failed for %s (%d): %s",
+                  gcry_md_algo_name (algo), algo, gpg_strerror (err));
+           gcry_md_write (hd, pattern, sizeof pattern);
++          g++;
++          gppos++;
++        }
++      else if (hugepattern != NULL && gigs - g > hugegigs)
++        {
++          gcry_md_write (hd, hugepattern, hugesize);
++          g += hugegigs;
++          gppos += hugegigs;
+         }
+       else
+         {
+           for (i = 0; i < 1024*1024; i++)
+             gcry_md_write (hd, pattern, sizeof pattern);
++          g++;
++          gppos++;
+         }
+-      if (g && !(g % 16))
+-        show_note ("%d GiB so far hashed with %s", g, gcry_md_algo_name (algo));
+     }
+-  if (g >= 16)
++  if (g >= 16 && gppos)
+     show_note ("%d GiB hashed with %s", g, gcry_md_algo_name (algo));
+ 
+   err = gcry_md_copy (&hd_post, hd);
+@@ -335,6 +541,8 @@ run_longtest (int algo, int gigs)
+   gcry_md_close (hd_pre2);
+   gcry_md_close (hd_post);
+   gcry_md_close (hd_post2);
++
++  free(hugepattern);
+ }
+ 
+ 
+@@ -361,9 +569,12 @@ main (int argc, char **argv)
+         {
+           fputs ("usage: " PGM " [options] [algos]\n"
+                  "Options:\n"
+-                 "  --verbose       print timings etc.\n"
+-                 "  --debug         flyswatter\n"
+-                 "  --gigs N        Run a test on N GiB\n",
++                 "  --verbose                 print timings etc.\n"
++                 "  --debug                   flyswatter\n"
++                 "  --hugeblock               Use 5 GiB pattern block\n"
++                 "  --gigs N                  Run a test on N GiB\n"
++                 "  --disable-hwf <features>  Disable hardware acceleration feature(s)\n"
++                 "                            for benchmarking.\n",
+                  stdout);
+           exit (0);
+         }
+@@ -378,6 +589,11 @@ main (int argc, char **argv)
+           debug++;
+           argc--; argv++;
+         }
++      else if (!strcmp (*argv, "--hugeblock"))
++        {
++          use_hugeblock = 1;
++          argc--; argv++;
++        }
+       else if (!strcmp (*argv, "--gigs"))
+         {
+           argc--; argv++;
+@@ -387,6 +603,21 @@ main (int argc, char **argv)
+               argc--; argv++;
+             }
+         }
++      else if (!strcmp (*argv, "--disable-hwf"))
++        {
++          argc--;
++          argv++;
++          if (argc)
++            {
++              if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL))
++                fprintf (stderr,
++                        PGM
++                        ": unknown hardware feature `%s' - option ignored\n",
++                        *argv);
++              argc--;
++              argv++;
++            }
++        }
+       else if (!strncmp (*argv, "--", 2))
+         die ("unknown option '%s'", *argv);
+     }
+diff --git a/tests/testdrv.c b/tests/testdrv.c
+index 0ccde326..bfca4c23 100644
+--- a/tests/testdrv.c
++++ b/tests/testdrv.c
+@@ -78,7 +78,12 @@ static struct {
+    { "t-ed448"     },
+    { "benchmark"   },
+    { "bench-slope" },
+-   { "hashtest-256g",  "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SM3",
++   { "hashtest-6g", "hashtest", "--hugeblock --gigs 6 SHA1 SHA256 SHA512 "
++                                                     "SHA3-512 SM3 BLAKE2S_256 "
++                                                     "BLAKE2B_512 CRC32 "
++                                                     "CRC24RFC2440",
++     LONG_RUNNING },
++   { "hashtest-256g", "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SHA3-512 SM3",
+      LONG_RUNNING },
+    { NULL }
+   };
+--
+2.34.1
+
+From 567bc62e1c3046594088de7209fee7c545ece1e3 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 30 Sep 2022 14:54:14 +0200
+Subject: [PATCH] tests: Avoid memory leak
+
+* tests/hashtest.c (run_longtest): Avoid memory leak on error
+--
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ tests/hashtest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/hashtest.c b/tests/hashtest.c
+index 9389e50c..379f7c40 100644
+--- a/tests/hashtest.c
++++ b/tests/hashtest.c
+@@ -452,6 +452,7 @@ run_longtest (int algo, int gigs)
+     {
+       fail ("gcry_md_open failed for %s (%d): %s",
+             gcry_md_algo_name (algo), algo, gpg_strerror (err));
++      free(hugepattern);
+       return;
+     }
+ 
+-- 
+2.37.3
+

SPECS/libgcrypt.spec

@@ -16,19 +16,25 @@ print(string.sub(hash, 0, 16))
 
 Name: libgcrypt
 Version: 1.10.0
-Release: 5%{?dist}
+Release: 8%{?dist}
 URL: https://www.gnupg.org/
 Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
 Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
 Source2: wk@g10code.com
 Patch1: libgcrypt-1.10.0-disable-brainpool.patch
-Patch2: libgcrypt-1.10.0-fips-disable-pkcs1.5.patch
 Patch3: libgcrypt-1.10.0-ppc-hwf.patch
 Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
 Patch5: libgcrypt-1.10.0-allow-short-salt.patch
 Patch6: libgcrypt-1.10.0-fips-getrandom.patch
+# https://dev.gnupg.org/T6127
+# https://lists.gnupg.org/pipermail/gcrypt-devel/2022-September/005379.html
 Patch7: libgcrypt-1.10.0-fips-selftest.patch
-Patch8: libgcrypt-1.10.0-fips-disable-oaep.patch
+# https://dev.gnupg.org/T6217
+Patch9: libgcrypt-1.10.0-sha3-large.patch
+# https://dev.gnupg.org/T5919
+Patch10: libgcrypt-1.10.0-fips-keygen.patch
+# https://dev.gnupg.org/T6219
+Patch11: libgcrypt-1.10.0-fips-kdf.patch
 
 %global gcrylibdir %{_libdir}
 %global gcrysoname libgcrypt.so.20
@@ -65,13 +71,14 @@ applications using libgcrypt.
 %prep
 %setup -q
 %patch1 -p1
-%patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
-%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
 
 %build
 # This package has a configure test which uses ASMs, but does not link the
@@ -190,6 +197,22 @@ mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
 %license COPYING
 
 %changelog
+* Thu Oct 20 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-8
+- Fix unneeded PBKDF2 passphrase length limitation in FIPS mode
+- Enforce HMAC key lengths in MD API in FIPS mode
+
+* Thu Oct 06 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-7
+- Properly enforce KDF limits in FIPS mode (#2130275)
+- Fix memory leak in large digest test (#2129150)
+- Fix function name FIPS service indicator by disabling PK encryption and decryption (#2130275)
+- Skip RSA encryption/decryption selftest in FIPS mode (#2130275)
+
+* Tue Sep 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-6
+- Fix SHA3 digests with large inputs (#2129150)
+- Fix FIPS RSA PCT (#2128455)
+- Fix RSA FIPS Keygen that non-deterministically fails (#2130275)
+- Get max 32B from getrandom in FIPS mode (#2130275)
+
 * Wed Aug 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-5
 - Allow signature verification with smaller RSA keys (#2083846)
 - Allow short salt for KDF (#2114870)