Redefine sslarch for x86_64_v2 arch

2025-07-02 02:37:33 +00:00 · 2025-07-02 02:37:33 +00:00 · ed94729646
commit ed94729646
parent c1b604447f 98cf25a4c0
61 changed files with 241 additions and 512 deletions
--- a/.gitignore
+++ b/.gitignore
@ -63,3 +63,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-3.2.1.tar.gz
 /openssl-3.2.2.tar.gz
 /openssl-3.5.0.tar.gz
 /openssl-3.5.1.tar.gz
--- a/0001-RH-Aarch64-and-ppc64le-use-lib64.patch
+++ b/0001-RH-Aarch64-and-ppc64le-use-lib64.patch
@ -1,7 +1,7 @@
-From fb792883f3ccc55997fdc21a9c1052f778dea1ac Mon Sep 17 00:00:00 2001
+From bc8c037733c26d4c4a2a3dfd1e383be9855449b3 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 01/58] RH: Aarch64 and ppc64le use lib64
+Subject: [PATCH 01/53] RH: Aarch64 and ppc64le use lib64
 Patch-name: 0001-Aarch64-and-ppc64le-use-lib64.patch
 Patch-id: 1
@ -34,5 +34,5 @@ index cba57b4127..3e327017ef 100644
     "linux-arm64ilp32" => {  # https://wiki.linaro.org/Platform/arm64-ilp32
         inherit_from     => [ "linux-generic32" ],
 -- 
-2.49.0
+2.50.0
--- a/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
+++ b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
@ -1,7 +1,7 @@
-From 193d88dfd8d131d2057fc69b4e2abb66f51924d0 Mon Sep 17 00:00:00 2001
+From 99e084a168125827163da87f3f1de3f05db99be1 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Thu, 6 Mar 2025 08:40:29 -0500
-Subject: [PATCH 02/58] Add a separate config file to use for rpm installs
+Subject: [PATCH 02/53] Add a separate config file to use for rpm installs
 In RHEL/Fedora systems we want to use a slightly different set
 of defaults, but we do not want to change the standard config file
@ -44,7 +44,7 @@ index e24ea0c595..39fa468320 100644
 If no providers are activated explicitly, the default one is activated implicitly.
 diff --git a/rh-openssl.cnf b/rh-openssl.cnf
 new file mode 100644
-index 0000000000..20f5962541
+index 0000000000..fe2346eb2b
 --- /dev/null
 +++ b/rh-openssl.cnf
@@ -0,0 +1,403 @@
@ -66,7 +66,7 @@ index 0000000000..20f5962541
 +# Use this in order to automatically load providers.
 +openssl_conf = openssl_init
 +
-+# Comment out the next line to ignore configuration errors
+# Ignore configuration errors
 +config_diagnostics = 0
 +
 +# Extra OBJECT IDENTIFIER info:
@ -452,5 +452,5 @@ index 0000000000..20f5962541
 +cmd = rr
 +oldcert = $insta::certout # insta.cert.pem
 -- 
-2.49.0
+2.50.0
--- a/0003-RH-Do-not-install-html-docs.patch
+++ b/0003-RH-Do-not-install-html-docs.patch
@ -1,7 +1,7 @@
-From 786b3456ad2d3d37e9729b83d0ddce8794060fb1 Mon Sep 17 00:00:00 2001
+From 371ef9d39cb5a54d7f22ef1abd6340dbadf88fcd Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 03/58] RH: Do not install html docs
+Subject: [PATCH 03/53] RH: Do not install html docs
 Patch-name: 0003-Do-not-install-html-docs.patch
 Patch-id: 3
@ -13,7 +13,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index e85763ccf8..8a829be037 100644
+index a6f666957e..b1d8b00755 100644
 --- a/Configurations/unix-Makefile.tmpl
 +++ b/Configurations/unix-Makefile.tmpl
@@ -658,7 +658,7 @@ install_sw: install_dev install_engines install_modules install_runtime ## Insta
@ -26,5 +26,5 @@ index e85763ccf8..8a829be037 100644
 uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and HTML documentation
 	$(RM) -r "$(DESTDIR)$(DOCDIR)"
 -- 
-2.49.0
+2.50.0
--- a/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch
+++ b/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch
@ -1,7 +1,7 @@
-From 9e410805cbd962214f0c0db785320f5fd594ea75 Mon Sep 17 00:00:00 2001
+From 79787a5bb85fed3c6998bfe3aebcdff9ffa56edf Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 04/58] RH: apps ca fix md option help text.patch - DROP?
+Subject: [PATCH 04/53] RH: apps ca fix md option help text.patch - DROP?
 Patch-name: 0005-apps-ca-fix-md-option-help-text.patch
 Patch-id: 5
@ -26,5 +26,5 @@ index 6d1d1c0a6e..a7553ba609 100644
     {"keyform", OPT_KEYFORM, 'f',
      "Private key file format (ENGINE, other values ignored)"},
 -- 
-2.49.0
+2.50.0
--- a/0005-RH-Disable-signature-verification-with-bad-digests-R.patch
+++ b/0005-RH-Disable-signature-verification-with-bad-digests-R.patch
@ -1,7 +1,7 @@
-From fc8b2977d0b92f5a2e62131e398857ee431bff6e Mon Sep 17 00:00:00 2001
+From c99e322d8f8ea6835f2d8aff4ca33d36410c4233 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 05/58] RH: Disable signature verification with bad digests -
+Subject: [PATCH 05/53] RH: Disable signature verification with bad digests -
 REVIEW
 Patch-name: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
@ -30,5 +30,5 @@ index f6cac80962..fbc6ce6e30 100644
         const EVP_MD *type = NULL;
 -- 
-2.49.0
+2.50.0
--- a/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch
+++ b/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch
@ -1,7 +1,7 @@
-From e4f78101181c2a16343c0f281d218fde34b84637 Mon Sep 17 00:00:00 2001
+From f54b7469e2525ea5f03113fad7169bd23fbcab50 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 06/58] RH: Add support for PROFILE SYSTEM system default
+Subject: [PATCH 06/53] RH: Add support for PROFILE SYSTEM system default
 cipher
 Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@ -20,7 +20,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
 7 files changed, 105 insertions(+), 14 deletions(-)
 diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 8a829be037..ba1266659a 100644
+index b1d8b00755..91fd703afa 100644
 --- a/Configurations/unix-Makefile.tmpl
 +++ b/Configurations/unix-Makefile.tmpl
@@ -344,6 +344,10 @@ MANDIR=$(INSTALLTOP)/share/man
@ -43,7 +43,7 @@ index 8a829be037..ba1266659a 100644
                                   @{$config{CPPFLAGS}}) -}
 CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
 diff --git a/Configure b/Configure
-index 15054f9403..7945d6b750 100755
+index 499585438a..e1b908fe13 100755
 --- a/Configure
 +++ b/Configure
@@ -27,7 +27,7 @@ use OpenSSL::config;
@ -66,7 +66,7 @@ index 15054f9403..7945d6b750 100755
 # --banner=".." Output specified text instead of default completion banner
 #
 # -w            Don't wait after showing a Configure warning
-@@ -408,6 +412,7 @@ $config{prefix}="";
+@@ -409,6 +413,7 @@ $config{prefix}="";
 $config{openssldir}="";
 $config{processor}="";
 $config{libdir}="";
@ -74,7 +74,7 @@ index 15054f9403..7945d6b750 100755
 my $auto_threads=1;    # enable threads automatically? true by default
 my $default_ranlib;
-@@ -1104,6 +1109,10 @@ while (@argvcopy)
+@@ -1105,6 +1110,10 @@ while (@argvcopy)
                         die "FIPS key too long (64 bytes max)\n"
                            if length $1 > 64;
                         }
@ -106,7 +106,7 @@ index 69195bcdcb..a6e0ede570 100644
 "High" encryption cipher suites. This currently means those with key lengths
 diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index b342079968..0b2232b01c 100644
+index 383c5bc411..d1b00e8454 100644
 --- a/include/openssl/ssl.h.in
 +++ b/include/openssl/ssl.h.in
@@ -209,6 +209,11 @@ extern "C" {
@ -281,10 +281,10 @@ index 6127cb7a4b..19420d6c6a 100644
 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 4c7b62e142..7af3f29cd8 100644
+index 9696a4c55f..4bd3318407 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -679,7 +679,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+@@ -686,7 +686,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
                                 ctx->tls13_ciphersuites,
                                 &(ctx->cipher_list),
                                 &(ctx->cipher_list_by_id),
@ -293,7 +293,7 @@ index 4c7b62e142..7af3f29cd8 100644
     if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
         ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
         return 0;
-@@ -4099,7 +4099,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
+@@ -4136,7 +4136,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
     if (!ssl_create_cipher_list(ret,
                                 ret->tls13_ciphersuites,
                                 &ret->cipher_list, &ret->cipher_list_by_id,
@ -317,5 +317,5 @@ index c46e431b00..19d05e860b 100644
     ADD_TEST(test_default_cipherlist_clear);
     ADD_TEST(test_stdname_cipherlist);
 -- 
-2.49.0
+2.50.0
--- a/0007-RH-Add-FIPS_mode-compatibility-macro.patch
+++ b/0007-RH-Add-FIPS_mode-compatibility-macro.patch
@ -1,7 +1,7 @@
-From 6778626185fb566b9b89f548ff18f481c10ce808 Mon Sep 17 00:00:00 2001
+From 6a1b39542597be9a28f94dad23a8e93285368653 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 07/58] RH: Add FIPS_mode compatibility macro
+Subject: [PATCH 07/53] RH: Add FIPS_mode compatibility macro
 Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
 Patch-id: 8
@ -79,5 +79,5 @@ index 18f8cc8740..6864b1a3c1 100644
     return 1;
 }
 -- 
-2.49.0
+2.50.0
--- a/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
+++ b/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
@ -1,7 +1,7 @@
-From 9df43c7443d85c5685f87c132de448a7c4e652b5 Mon Sep 17 00:00:00 2001
+From 15d44a4f1365532f8ebdf24a69c9da7220d5c704 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 08/58] RH: Add Kernel FIPS mode flag support - FIXSTYLE
+Subject: [PATCH 08/53] RH: Add Kernel FIPS mode flag support - FIXSTYLE
 Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch
 Patch-id: 9
@ -74,10 +74,10 @@ index f15bc3d755..614c8a2c88 100644
         goto err;
 diff --git a/include/internal/provider.h b/include/internal/provider.h
-index 6909a1919c..9d2e355251 100644
+index 7d94346155..c0f1d00da9 100644
 --- a/include/internal/provider.h
 +++ b/include/internal/provider.h
-@@ -111,6 +111,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
+@@ -114,6 +114,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
                                 const OSSL_DISPATCH *in);
 void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
@ -88,5 +88,5 @@ index 6909a1919c..9d2e355251 100644
 }
 # endif
 -- 
-2.49.0
+2.50.0
--- a/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
+++ b/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
@ -1,7 +1,7 @@
-From f9d74e58291461804defa0e2de9635aad76e5d57 Mon Sep 17 00:00:00 2001
+From 68174cf923fbaaa95469e433c29992cd63f24f99 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 09/58] RH: Drop weak curve definitions - RENAMED/SQUASHED
+Subject: [PATCH 09/53] RH: Drop weak curve definitions - RENAMED/SQUASHED
 Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch
 Patch-id: 10
@ -28,7 +28,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
 8 files changed, 10 insertions(+), 1157 deletions(-)
 diff --git a/apps/speed.c b/apps/speed.c
-index f52f2c839d..1edf9b8485 100644
+index 6c1eb59e91..3307a9cb46 100644
 --- a/apps/speed.c
 +++ b/apps/speed.c
@@ -405,7 +405,7 @@ static double ffdh_results[FFDH_NUM][1];  /* 1 op: derivation */
@ -1161,7 +1161,7 @@ index 63fe319025..06b5c0aac5 100644
     {NID_secp224r1, NID_sha224,
      "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
 diff --git a/test/ectest.c b/test/ectest.c
-index 70df89ee2f..0ddbba3b98 100644
+index e1cb59d58d..b852381924 100644
 --- a/test/ectest.c
 +++ b/test/ectest.c
@@ -175,184 +175,26 @@ static int prime_field_tests(void)
@ -1356,7 +1356,7 @@ index 70df89ee2f..0ddbba3b98 100644
                                     "FFFFFFFF000000000000000000000001"))
         || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
         || !TEST_true(BN_hex2bn(&a,         "FFFFFFFFFFFFFFFFFFFFFFFF"
-@@ -3128,7 +2970,7 @@ int setup_tests(void)
+@@ -3130,7 +2972,7 @@ int setup_tests(void)
     ADD_TEST(parameter_test);
     ADD_TEST(ossl_parameter_test);
@ -1425,5 +1425,5 @@ index e6a2c9eb59..861c01e177 100644
 Ctrl = key-check:0
 +Result = KEYGEN_GENERATE_ERROR
 -- 
-2.49.0
+2.50.0
--- a/0010-RH-Disable-explicit-ec-curves.patch
+++ b/0010-RH-Disable-explicit-ec-curves.patch
@ -1,7 +1,7 @@
-From 27fc7dc53e31b3dcd7ff3df40db1060d7a72f126 Mon Sep 17 00:00:00 2001
+From 6a2b78bca595435fcbf72d7b2c8bec004d555016 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 10/58] RH: Disable explicit ec curves
+Subject: [PATCH 10/53] RH: Disable explicit ec curves
 Patch-name: 0012-Disable-explicit-ec.patch
 Patch-id: 12
@ -80,7 +80,7 @@ index b55677fb1f..1df40018ac 100644
         EC_GROUP_free(group);
         group = named_group;
 diff --git a/test/ectest.c b/test/ectest.c
-index 0ddbba3b98..f736d13feb 100644
+index b852381924..6eac5de4fa 100644
 --- a/test/ectest.c
 +++ b/test/ectest.c
@@ -2413,10 +2413,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
@ -134,7 +134,7 @@ index 0ddbba3b98..f736d13feb 100644
     /* Both sides should expect the same shared secret */
     if (!TEST_mem_eq(buf1, sslen, buf2, t))
         goto err;
-@@ -2892,7 +2894,7 @@ static int custom_params_test(int id)
+@@ -2893,7 +2895,7 @@ static int custom_params_test(int id)
             /* compare with previous result */
             || !TEST_mem_eq(buf1, t, buf2, sslen))
         goto err;
@ -240,5 +240,5 @@ index 54b143bead..06ec905be0 100644
 -----BEGIN PRIVATE KEY-----
 MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
 -- 
-2.49.0
+2.50.0
--- a/0011-RH-skipped-tests-EC-curves.patch
+++ b/0011-RH-skipped-tests-EC-curves.patch
@ -1,7 +1,7 @@
-From 2c8e302b4a2f9c4eeec718d2a9d5cef655c28153 Mon Sep 17 00:00:00 2001
+From 60e56b8d5d031a7169aa4ad07b13bca15faf345b Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 11/58] RH: skipped tests EC curves
+Subject: [PATCH 11/53] RH: skipped tests EC curves
 Patch-name: 0013-skipped-tests-EC-curves.patch
 Patch-id: 13
@ -78,5 +78,5 @@ index f722800e27..26a01786bb 100644
 my @basic_cmd = ("cmp_vfy_test",
                  data_file("server.crt"),     data_file("client.crt"),
 -- 
-2.49.0
+2.50.0
--- a/0012-RH-skip-quic-pairwise.patch
+++ b/0012-RH-skip-quic-pairwise.patch
@ -1,7 +1,7 @@
-From e87e9fbc6bcf90d43f6e09f7de46f1805e3e6674 Mon Sep 17 00:00:00 2001
+From e15f0731f753c279a555c6d5d588dbac8dd3f1e4 Mon Sep 17 00:00:00 2001
 From: Dmitry Belyavskiy <dbelyavs@redhat.com>
 Date: Thu, 7 Mar 2024 17:37:09 +0100
-Subject: [PATCH 12/58] RH: skip quic pairwise
+Subject: [PATCH 12/53] RH: skip quic pairwise
 Patch-name: 0115-skip-quic-pairwise.patch
 Patch-id: 115
@ -14,10 +14,10 @@ Patch-status: |
 3 files changed, 12 insertions(+), 3 deletions(-)
 diff --git a/test/quicapitest.c b/test/quicapitest.c
-index 38dd42c184..b2e18522ab 100644
+index b98a940553..3d946ae93c 100644
 --- a/test/quicapitest.c
 +++ b/test/quicapitest.c
-@@ -2761,7 +2761,9 @@ int setup_tests(void)
+@@ -2937,7 +2937,9 @@ int setup_tests(void)
     ADD_TEST(test_cipher_find);
     ADD_TEST(test_version);
 #if defined(DO_SSL_TRACE_TEST)
@ -41,7 +41,7 @@ index 222b1886ae..7e2f65cccb 100644
     note "Duplicates:";
     note join('\n', @duplicates);
 diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t
-index a101a26fb1..43e5396766 100644
+index eaf0dbbb42..21864ad319 100644
 --- a/test/recipes/30-test_pairwise_fail.t
 +++ b/test/recipes/30-test_pairwise_fail.t
@@ -9,7 +9,7 @@
@ -82,5 +82,5 @@ index a101a26fb1..43e5396766 100644
                  "-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])),
        "fips provider dsa keygen pairwise failure test");
 -- 
-2.49.0
+2.50.0
--- a/0013-RH-version-aliasing.patch
+++ b/0013-RH-version-aliasing.patch
@ -1,7 +1,7 @@
-From c63c81754bcf4bf3aeb4049fc5952368764fb303 Mon Sep 17 00:00:00 2001
+From 293b5d1bca91e400a9042cc181d17b7facbed71c Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 13/58] RH: version aliasing
+Subject: [PATCH 13/53] RH: version aliasing
 Patch-name: 0116-version-aliasing.patch
 Patch-id: 116
@ -79,5 +79,5 @@ index ceb4948839..eab3987a6b 100644
 BN_signed_bn2bin                        5568	3_2_0	EXIST::FUNCTION:
 BN_signed_lebin2bn                      5569	3_2_0	EXIST::FUNCTION:
 -- 
-2.49.0
+2.50.0
--- a/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
+++ b/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
@ -1,7 +1,7 @@
-From eeaa8125102427cedfda9a1d5bd663956acd8d63 Mon Sep 17 00:00:00 2001
+From f267ed139ac29efc6d464827024eafb805f06ea2 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Thu, 13 Feb 2025 16:09:09 -0500
-Subject: [PATCH 14/58] RH: Export two symbols for OPENSSL_str[n]casecmp
+Subject: [PATCH 14/53] RH: Export two symbols for OPENSSL_str[n]casecmp
 We accidentally exported the symbols with the incorrect verison number
 in an early version of RHEL-9 so we need to keep the wrong symbols for
@ -104,5 +104,5 @@ index eab3987a6b..d377d542db 100644
 RAND_set0_public                        5559	3_1_0	EXIST::FUNCTION:
 RAND_set0_private                       5560	3_1_0	EXIST::FUNCTION:
 -- 
-2.49.0
+2.50.0
--- a/0015-RH-TMP-KTLS-test-skip.patch
+++ b/0015-RH-TMP-KTLS-test-skip.patch
@ -1,7 +1,7 @@
-From 601c308871191a17620ade34a9edcb8afe969c8d Mon Sep 17 00:00:00 2001
+From 4badd5b30b1caec6c4fd3875cd4c5313ba6095b1 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Thu, 13 Feb 2025 18:11:19 -0500
-Subject: [PATCH 15/58] RH: TMP KTLS test skip
+Subject: [PATCH 15/53] RH: TMP KTLS test skip
 From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9
 ---
@ -9,7 +9,7 @@ From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9
 1 file changed, 3 insertions(+), 2 deletions(-)
 diff --git a/test/sslapitest.c b/test/sslapitest.c
-index 38d58e9387..39118a9162 100644
+index b83dd6c552..250a439137 100644
 --- a/test/sslapitest.c
 +++ b/test/sslapitest.c
@@ -1023,9 +1023,10 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
@ -26,5 +26,5 @@ index 38d58e9387..39118a9162 100644
 static int ping_pong_query(SSL *clientssl, SSL *serverssl)
 -- 
-2.49.0
+2.50.0
--- a/0016-RH-Allow-disabling-of-SHA1-signatures.patch
+++ b/0016-RH-Allow-disabling-of-SHA1-signatures.patch
@ -1,7 +1,7 @@
-From 84c7c05d38e96d003df43527e4e6abc6dbae2683 Mon Sep 17 00:00:00 2001
+From 3e6196d5791ce3443f54a379a5fd679c1066c76a Mon Sep 17 00:00:00 2001
 From: Dmitry Belyavskiy <dbelyavs@redhat.com>
 Date: Mon, 21 Aug 2023 13:07:07 +0200
-Subject: [PATCH 16/58] RH: Allow disabling of SHA1 signatures
+Subject: [PATCH 16/53] RH: Allow disabling of SHA1 signatures
 Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch
 Patch-id: 49
@ -11,7 +11,7 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
 ---
 crypto/context.c                              | 70 +++++++++++++++++++
 crypto/evp/evp_cnf.c                          | 13 ++++
- crypto/evp/m_sigver.c                         | 13 ++++
+ crypto/evp/m_sigver.c                         | 14 ++++
 crypto/evp/pmeth_lib.c                        | 15 ++++
 doc/man5/config.pod                           | 13 ++++
 include/crypto/context.h                      |  8 +++
@ -25,7 +25,7 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
 providers/implementations/signature/rsa_sig.c | 14 +++-
 ssl/t1_lib.c                                  |  8 +++
 util/libcrypto.num                            |  2 +
- 16 files changed, 182 insertions(+), 7 deletions(-)
+ 16 files changed, 183 insertions(+), 7 deletions(-)
 diff --git a/crypto/context.c b/crypto/context.c
 index 614c8a2c88..323615e300 100644
@ -172,7 +172,7 @@ index 0e7fe64cf9..b9d3b6d226 100644
             ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
                            "name=%s, value=%s", oval->name, oval->value);
 diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index 2d1839fedb..6e4685ecc0 100644
+index d5df497da7..53044238a1 100644
 --- a/crypto/evp/m_sigver.c
 +++ b/crypto/evp/m_sigver.c
@@ -15,6 +15,7 @@
@ -183,10 +183,11 @@ index 2d1839fedb..6e4685ecc0 100644
 static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
 {
-@@ -251,6 +252,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -253,6 +254,19 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
         }
     }
     desc = signature->description != NULL ? signature->description : "";
 +
 +    if (ctx->reqdigest != NULL
 +            && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
 +            && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
@ -201,9 +202,9 @@ index 2d1839fedb..6e4685ecc0 100644
 +
     if (ver) {
         if (signature->digest_verify_init == NULL) {
-             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+             ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
 diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index 665cafbc21..84fb95d4ca 100644
+index 08c0d6a7b2..b936ad4447 100644
 --- a/crypto/evp/pmeth_lib.c
 +++ b/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
@ -214,7 +215,7 @@ index 665cafbc21..84fb95d4ca 100644
 #include "evp_local.h"
 #ifndef FIPS_MODULE
-@@ -954,6 +955,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
+@@ -963,6 +964,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
         return -2;
     }
@ -435,7 +436,7 @@ index e75b90840b..645304b951 100644
     if (pmgf1mdname != NULL
         && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 8d0c2647b7..f6117a1fc5 100644
+index 2f71f95438..bea5cab253 100644
 --- a/ssl/t1_lib.c
 +++ b/ssl/t1_lib.c
@@ -21,6 +21,7 @@
@ -446,7 +447,7 @@ index 8d0c2647b7..f6117a1fc5 100644
 #include "internal/nelem.h"
 #include "internal/sizes.h"
 #include "internal/tlsgroups.h"
-@@ -2176,6 +2177,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
+@@ -2178,6 +2179,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
     EVP_PKEY *tmpkey = EVP_PKEY_new();
     int istls;
     int ret = 0;
@ -454,7 +455,7 @@ index 8d0c2647b7..f6117a1fc5 100644
     if (ctx == NULL)
         goto err;
-@@ -2193,6 +2195,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
+@@ -2195,6 +2197,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
         goto err;
     ERR_set_mark();
@ -462,7 +463,7 @@ index 8d0c2647b7..f6117a1fc5 100644
     /* First fill cache and tls12_sigalgs list from legacy algorithm list */
     for (i = 0, lu = sigalg_lookup_tbl;
          i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
-@@ -2213,6 +2216,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
+@@ -2215,6 +2218,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
             cache[i].available = 0;
             continue;
         }
@ -485,5 +486,5 @@ index d377d542db..c2c55129ae 100644
 +ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
 +ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:
 -- 
-2.49.0
+2.50.0
--- a/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch
+++ b/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch
@ -1,7 +1,7 @@
-From 16fdb39036e7e8438c5b97359818cd9bc472196f Mon Sep 17 00:00:00 2001
+From 7b1b68328f640d184d6ac769a07aa436b0c3f318 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Fri, 7 Mar 2025 18:12:33 -0500
-Subject: [PATCH 17/58] FIPS: Red Hat's FIPS module name and version
+Subject: [PATCH 17/53] FIPS: Red Hat's FIPS module name and version
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -9,10 +9,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index 373cd1c2e4..aa1ab85470 100644
+index 4b9a057462..1e90f363af 100644
 --- a/providers/fips/fipsprov.c
 +++ b/providers/fips/fipsprov.c
-@@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
+@@ -200,13 +200,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
                                               OSSL_LIB_CTX_FIPS_PROV_INDEX);
     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
@ -30,5 +30,5 @@ index 373cd1c2e4..aa1ab85470 100644
     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
     if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
 -- 
-2.49.0
+2.50.0
--- a/0018-FIPS-disable-fipsinstall.patch
+++ b/0018-FIPS-disable-fipsinstall.patch
@ -1,7 +1,7 @@
-From f40c27149fd5bb1864d069b3d116ffd88cca5f2f Mon Sep 17 00:00:00 2001
+From 4e6b86b5130552bfee64c7ecaf045ec00749ecbd Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 18/58] FIPS: disable fipsinstall
+Subject: [PATCH 18/53] FIPS: disable fipsinstall
 Patch-name: 0034.fipsinstall_disable.patch
 Patch-id: 34
@ -800,10 +800,10 @@ index a25ced3383..15748c5756 100644
 =head1 COPYRIGHT
 diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
-index 20d35fada8..f8f219d647 100644
+index 571a1e99e0..1e384a4ff3 100644
 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod
 +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
-@@ -575,7 +575,6 @@ want to operate in a FIPS approved manner.  The algorithms are:
+@@ -588,7 +588,6 @@ process.
 =head1 SEE ALSO
@ -866,5 +866,5 @@ index 1f9110ef60..7e80637bd5
 # Compatible options for pedantic FIPS compliance
 -- 
-2.49.0
+2.50.0
--- a/0019-FIPS-Force-fips-provider-on.patch
+++ b/0019-FIPS-Force-fips-provider-on.patch
@ -1,7 +1,7 @@
-From ad031aa2b8ec4042b0081f4179b8a05131bd52df Mon Sep 17 00:00:00 2001
+From a8e98667597d46e69e492779b9d5daa051f6b3b3 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 19/58] FIPS: Force fips provider on
+Subject: [PATCH 19/53] FIPS: Force fips provider on
 Patch-name: 0032-Force-fips.patch
 Patch-id: 32
@ -13,7 +13,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
 1 file changed, 29 insertions(+), 1 deletion(-)
 diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
-index 5ec50f97e4..a2a9786e1c 100644
+index 9649517dd2..1e5053cbce 100644
 --- a/crypto/provider_conf.c
 +++ b/crypto/provider_conf.c
@@ -10,6 +10,8 @@
@ -75,5 +75,5 @@ index 5ec50f97e4..a2a9786e1c 100644
 }
 -- 
-2.49.0
+2.50.0
--- a/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
+++ b/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch
@ -1,7 +1,7 @@
-From ee1a3977388a9ec10aa4998beb67d8e3b4bfdd9e Mon Sep 17 00:00:00 2001
+From fff4084252d07eb17e3b944c6438c00aec471c7f Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 20/58] FIPS: INTEG-CHECK: Embed hmac in fips.so - NOTE
+Subject: [PATCH 20/53] FIPS: INTEG-CHECK: Embed hmac in fips.so - NOTE
 Corrected by squashing in:
 0052-Restore-the-correct-verify_integrity-function.patch
@ -261,5 +261,5 @@ index 0000000000..f05d0dedbe
 +[fips_sect]
 +activate = 1
 -- 
-2.49.0
+2.50.0
--- a/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
+++ b/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch
@ -1,7 +1,7 @@
-From c202200bda962300ebc7d19e62ea0df734488c0c Mon Sep 17 00:00:00 2001
+From 9633d1339e383fdb008c25635baa86c58b3dcdc4 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Thu, 20 Feb 2025 15:30:32 -0500
-Subject: [PATCH 21/58] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so
+Subject: [PATCH 21/53] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so
 This script rewrites the fips.so binary to embed the hmac result into it
 so that after a build it can be called to make the fips.so as modified
@ -28,5 +28,5 @@ index 0000000000..54ae60b07f
 +objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
 +mv providers/fips.so.mac providers/fips.so
 -- 
-2.49.0
+2.50.0
--- a/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
+++ b/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch
@ -1,7 +1,7 @@
-From d0ad196c07d223cbb1dd2419b1ec0b0e4458febb Mon Sep 17 00:00:00 2001
+From 391ce06974d5efaf8485ac2386a857d7644db30a Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 22/58] FIPS: INTEG-CHECK: Execute KATS before HMAC - REVIEW
+Subject: [PATCH 22/53] FIPS: INTEG-CHECK: Execute KATS before HMAC - REVIEW
 Patch-name: 0047-FIPS-early-KATS.patch
 Patch-id: 47
@ -45,5 +45,5 @@ index 8b17b8ca94..0f5074936f 100644
     rng = ossl_rand_get0_private_noncreating(st->libctx);
     if (rng != NULL)
 -- 
-2.49.0
+2.50.0
--- a/0023-FIPS-RSA-encrypt-limits-REVIEW.patch
+++ b/0023-FIPS-RSA-encrypt-limits-REVIEW.patch
@ -1,7 +1,7 @@
-From 19617bb4a510d73e5080d026d22b06b637a6ad1a Mon Sep 17 00:00:00 2001
+From 821f291d29bf73802287ed74922e1d22d840cb46 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 23/58] FIPS: RSA: encrypt limits - REVIEW
+Subject: [PATCH 23/53] FIPS: RSA: encrypt limits - REVIEW
 Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
 Patch-id: 58
@ -981,5 +981,5 @@ index f7be2e1872..568a1ddba4
             }
             next if $protocol eq "-tls1_3";
 -- 
-2.49.0
+2.50.0
--- a/0024-FIPS-RSA-PCTs.patch
+++ b/0024-FIPS-RSA-PCTs.patch
@ -1,7 +1,7 @@
-From 7cb38d617ceb819a58ac14b266787ad3d71f6206 Mon Sep 17 00:00:00 2001
+From 84dc66a182dba38876b2b519a8a5c9d38fd967a3 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Mon, 24 Mar 2025 10:50:37 -0400
-Subject: [PATCH 24/58] FIPS: RSA: PCTs
+Subject: [PATCH 24/53] FIPS: RSA: PCTs
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -153,5 +153,5 @@ index 645304b951..3d5af1046a 100644
     { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
     { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
 -- 
-2.49.0
+2.50.0
--- a/0025-FIPS-RSA-encapsulate-limits.patch
+++ b/0025-FIPS-RSA-encapsulate-limits.patch
@ -1,7 +1,7 @@
-From 158637448165abbde8d4b0c24bf4344744b79adc Mon Sep 17 00:00:00 2001
+From 0e23d3fc43bf4ace817542443d772407a809dd19 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 25/58] FIPS: RSA: encapsulate limits
+Subject: [PATCH 25/53] FIPS: RSA: encapsulate limits
 Patch-name: 0091-FIPS-RSA-encapsulate.patch
 Patch-id: 91
@ -55,5 +55,5 @@ index ecab1454e7..8e5edd35fe 100644
 Op = RSASVE
 +Result = TEST_ENCAPSULATE_LEN_ERROR
 -- 
-2.49.0
+2.50.0
--- a/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
+++ b/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch
@ -1,7 +1,7 @@
-From 9595ceef9fe9a45fca1f970706077712dbb9287f Mon Sep 17 00:00:00 2001
+From bb269a8f52e1be87144247772e2425b2f4911bee Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 26/58] FIPS: RSA: Disallow SHAKE in OAEP and PSS
+Subject: [PATCH 26/53] FIPS: RSA: Disallow SHAKE in OAEP and PSS
 According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms
 must not be used in higher-level algorithms (such as RSA-OAEP and
@ -93,5 +93,5 @@ index a2bc198a89..2833ca50f3 100644
     if (hLen <= 0)
         goto err;
 -- 
-2.49.0
+2.50.0
--- a/0027-FIPS-RSA-size-mode-restrictions.patch
+++ b/0027-FIPS-RSA-size-mode-restrictions.patch
@ -1,7 +1,7 @@
-From 47cf5bdab3a46ecffd3100330781e6c297e83d66 Mon Sep 17 00:00:00 2001
+From f177c315c190537fe6a1bb0620024ae86bb95c8a Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Fri, 7 Mar 2025 18:20:30 -0500
-Subject: [PATCH 27/58] FIPS: RSA: size/mode restrictions
+Subject: [PATCH 27/53] FIPS: RSA: size/mode restrictions
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -437,5 +437,5 @@ index 17ceb59148..972e90f32f 100644
 # Signing with SHA1 is not allowed in fips mode
 Availablein = fips
 -- 
-2.49.0
+2.50.0
--- a/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch
+++ b/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch
@ -1,7 +1,7 @@
-From ae1fcbd1129fc53d4ac72148696efd126e574453 Mon Sep 17 00:00:00 2001
+From bc8584fab56834724a8aa70aba1c1f56f1d794e2 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Mon, 24 Mar 2025 11:03:45 -0400
-Subject: [PATCH 28/58] FIPS: RSA: Mark x931 as not approved by default
+Subject: [PATCH 28/53] FIPS: RSA: Mark x931 as not approved by default
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -22,5 +22,5 @@ index 6bd783eb0a..c1b029de86 100644
 OSSL_FIPS_PARAM(kbkdf_key_check, KBKDF_KEY_CHECK, 0)
 OSSL_FIPS_PARAM(tls13_kdf_key_check, TLS13_KDF_KEY_CHECK, 0)
 -- 
-2.49.0
+2.50.0
--- a/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
+++ b/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch
@ -1,7 +1,7 @@
-From 4ce72cfe8d1e0b37e882766b449af109d9e7c3f8 Mon Sep 17 00:00:00 2001
+From 7a34ce0dbb64dd29e412dffb0628815eed4a8b96 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:16 +0100
-Subject: [PATCH 29/58] FIPS: RSA: Remove X9.31 padding signatures tests
+Subject: [PATCH 29/53] FIPS: RSA: Remove X9.31 padding signatures tests
 The current draft of FIPS 186-5 [1] no longer contains specifications
 for X9.31 signature padding. Instead, it contains the following
@ -278,5 +278,5 @@ index 97ec1ff3e5..31fa0eafc6 100644
         "pss",
         4096,
 -- 
-2.49.0
+2.50.0
--- a/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
+++ b/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch
@ -1,7 +1,7 @@
-From 3a9f2ccf8120cbf5b854a403926dce2d772f5f78 Mon Sep 17 00:00:00 2001
+From c031855ff636806e7811513779e494b92808a1e4 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Wed, 12 Feb 2025 17:12:02 -0500
-Subject: [PATCH 30/58] FIPS: RSA: NEEDS-REWORK:
+Subject: [PATCH 30/53] FIPS: RSA: NEEDS-REWORK:
 FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed
 Signed-off-by: Simo Sorce <simo@redhat.com>
@ -383,5 +383,5 @@ index 0000000000..2833a383c1
 +--
 +
 -- 
-2.49.0
+2.50.0
--- a/0031-FIPS-Deny-SHA-1-signature-verification.patch
+++ b/0031-FIPS-Deny-SHA-1-signature-verification.patch
@ -1,7 +1,7 @@
-From 9b198c3634fd3871dd535389e7b7c2379f6934fb Mon Sep 17 00:00:00 2001
+From 5fd8ab23690e661f785336b95799e74b39089790 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 31/58] FIPS: Deny SHA-1 signature verification
+Subject: [PATCH 31/53] FIPS: Deny SHA-1 signature verification
 For RHEL, we already disable SHA-1 signatures by default in the default
 provider, so it is unexpected that the FIPS provider would have a more
@ -704,5 +704,5 @@ index 568a1ddba4..6332aaec4b 100755
         SKIP: {
             skip "No IPv4 available on this machine", 4
 -- 
-2.49.0
+2.50.0
--- a/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
+++ b/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
@ -1,7 +1,7 @@
-From 39c7eb2e82b9df4ffe58d8e05fbdb9115dde50cc Mon Sep 17 00:00:00 2001
+From 85acc91ca970f6509e67c93b46be12cf261bd3ad Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:16 +0100
-Subject: [PATCH 32/58] FIPS: RAND: FIPS-140-3 DRBG - NEEDS REVIEW
+Subject: [PATCH 32/53] FIPS: RAND: FIPS-140-3 DRBG - NEEDS REVIEW
 providers/implementations/rands/crngt.c is gone
@ -14,9 +14,8 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
 ---
 crypto/rand/prov_seed.c                       |  9 ++-
 providers/implementations/rands/drbg.c        | 11 ++-
 providers/implementations/rands/drbg_local.h  |  2 +-
 .../implementations/rands/seeding/rand_unix.c | 68 ++-----------------
- 4 files changed, 23 insertions(+), 67 deletions(-)
+ 3 files changed, 22 insertions(+), 66 deletions(-)
 diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
 index 2985c7f2d8..3202a28226 100644
@ -68,19 +67,6 @@ index 4925a3b400..1cdb67b22c 100644
     if (reseed_required || prediction_resistance) {
         if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL,
 diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h
 index e591e0b3d1..c7cafba1ea 100644
 --- a/providers/implementations/rands/drbg_local.h
 +++ b/providers/implementations/rands/drbg_local.h
@@ -39,7 +39,7 @@
  *
  * The value is in bytes.
  */
 -#define CRNGT_BUFSIZ    16
 +#define CRNGT_BUFSIZ   32
 /*
  * Maximum input size for the DRBG (entropy, nonce, personalization string)
 diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
 index c3a5d8b3bf..b7b34a9345 100644
 --- a/providers/implementations/rands/seeding/rand_unix.c
@ -168,5 +154,5 @@ index c3a5d8b3bf..b7b34a9345 100644
 #  endif    /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
 -- 
-2.49.0
+2.50.0
--- a/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
+++ b/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch
@ -1,7 +1,7 @@
-From 92c90300747de60df2e805b9fe78fa016f5fd49e Mon Sep 17 00:00:00 2001
+From d2369dfc75e2b121650bc51f5ac3e0e7c9b75a29 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:16 +0100
-Subject: [PATCH 33/58] FIPS: RAND: Forbid truncated hashes & SHA-3
+Subject: [PATCH 33/53] FIPS: RAND: Forbid truncated hashes & SHA-3
 Section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs"
 of the Implementation Guidance for FIPS 140-3 [1] notes that there is no
@ -1191,5 +1191,5 @@ index 9756859c0e..9baecf6f31 100644
 +#Nonce.0 = 15e32abbae6b7433
 +#Output.0 = ee9f
 -- 
-2.49.0
+2.50.0
--- a/0034-FIPS-PBKDF2-Set-minimum-password-length.patch
+++ b/0034-FIPS-PBKDF2-Set-minimum-password-length.patch
@ -1,7 +1,7 @@
-From 5d5521b81a6714c88438e4f1fb0cf30096a0b0b6 Mon Sep 17 00:00:00 2001
+From 1a83f0de8b9aaa1cf5727f0599b089346ffd89f4 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 34/58] FIPS: PBKDF2: Set minimum password length
+Subject: [PATCH 34/53] FIPS: PBKDF2: Set minimum password length
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@ -117,5 +117,5 @@ index b383314064..68f9355b7d 100644
         if (!passed) {
             ERR_raise(ERR_LIB_PROV, error);
 -- 
-2.49.0
+2.50.0
--- a/0035-FIPS-DH-PCT.patch
+++ b/0035-FIPS-DH-PCT.patch
@ -1,7 +1,7 @@
-From 1f54210f4e4de1f2143d02f6d0b56cc388b617cd Mon Sep 17 00:00:00 2001
+From 5276208d8cb9a1504ec5a4f9a9d554daf7918731 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Mon, 24 Mar 2025 10:49:00 -0400
-Subject: [PATCH 35/58] FIPS: DH: PCT
+Subject: [PATCH 35/53] FIPS: DH: PCT
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -69,5 +69,5 @@ index 7132b9b68e..189bfc3e8b 100644
     ok = 1;
  err:
 -- 
-2.49.0
+2.50.0
--- a/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch
+++ b/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch
@ -1,7 +1,7 @@
-From 863cb10f0add28b1d82ec3042d2e7b418169b48a Mon Sep 17 00:00:00 2001
+From ad3ca70961e0067afd8c8b386fdcc61a576ac11b Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 36/58] FIPS: DH: Disable FIPS 186-4 type parameters
+Subject: [PATCH 36/53] FIPS: DH: Disable FIPS 186-4 type parameters
 For DH parameter and key pair generation/verification, the DSA
 procedures specified in FIPS 186-4 are used. With the release of FIPS
@ -156,7 +156,7 @@ index 189bfc3e8b..023d628502 100644
     }
 diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
-index c11ada9826..e279e9d60d 100644
+index 3b75a537b3..6ea7a423d5 100644
 --- a/crypto/dh/dh_pmeth.c
 +++ b/crypto/dh/dh_pmeth.c
@@ -303,13 +303,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx,
@ -326,5 +326,5 @@ index 6332aaec4b..4d8c900c00 100755
                'test sslv2/sslv3 with 1024bit DHE via BIO pair');
           }
 -- 
-2.49.0
+2.50.0
--- a/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch
+++ b/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch
@ -1,7 +1,7 @@
-From 900d90fa1e34bfbbfcc91face57680c0424f2014 Mon Sep 17 00:00:00 2001
+From 14cddfc71e0eae69aafdf84c1dfb073bb69942f1 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 37/58] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE
+Subject: [PATCH 37/53] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE
 NOTE: Enforcement of EMS in non-FIPS mode has been dropped due to code
 change the option to enforce it seem to be available only in FIPS build
@ -25,7 +25,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
 9 files changed, 46 insertions(+), 5 deletions(-)
 diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
-index e2c1e69847..009b683b27 100644
+index 9338ffc01d..911ea21a68 100644
 --- a/doc/man3/SSL_CONF_cmd.pod
 +++ b/doc/man3/SSL_CONF_cmd.pod
@@ -621,6 +621,9 @@ B<ExtendedMasterSecret>: use extended master secret extension, enabled by
@ -63,7 +63,7 @@ index 15748c5756..34cbfbb2ad 100644
 Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
 diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index 0b2232b01c..99b2ad4eb3 100644
+index d1b00e8454..b815f25dae 100644
 --- a/include/openssl/ssl.h.in
 +++ b/include/openssl/ssl.h.in
@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
@ -175,7 +175,7 @@ index 50944328cb..edb2e81273 100644
 KDF = TLS1-PRF
 Ctrl.digest = digest:SHA256
 diff --git a/test/sslapitest.c b/test/sslapitest.c
-index 39118a9162..9522478ad2 100644
+index 250a439137..acc4751095 100644
 --- a/test/sslapitest.c
 +++ b/test/sslapitest.c
@@ -575,7 +575,7 @@ static int test_client_cert_verify_cb(void)
@ -188,5 +188,5 @@ index 39118a9162..9522478ad2 100644
     if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
                                        TLS_client_method(), TLS1_VERSION, 0,
 -- 
-2.49.0
+2.50.0
--- a/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch
+++ b/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch
@ -1,7 +1,7 @@
-From a227572868569ba87b9aef722a8d981ad5feb11b Mon Sep 17 00:00:00 2001
+From ecc156faf9f4d65fd73a8ef7d8ec87f5b4c0ab88 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Thu, 13 Feb 2025 18:08:34 -0500
-Subject: [PATCH 38/58] FIPS: CMS: Set default padding to OAEP
+Subject: [PATCH 38/53] FIPS: CMS: Set default padding to OAEP
 From-dist-git-commit: d508cbed930481c1960d6a6bc1e1a9593252dbbe
 ---
@ -57,5 +57,5 @@ index 375239c78d..e09ad03ece 100644
     if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
 -- 
-2.49.0
+2.50.0
--- a/0039-FIPS-PKCS12-PBMAC1-defaults.patch
+++ b/0039-FIPS-PKCS12-PBMAC1-defaults.patch
@ -1,7 +1,7 @@
-From 6ca4910fa964f135e5a18b31502bddef3aef1304 Mon Sep 17 00:00:00 2001
+From 16b5a03db729e5977ab88b3107f99586be34006b Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Thu, 13 Feb 2025 18:16:29 -0500
-Subject: [PATCH 39/58] FIPS: PKCS12: PBMAC1 defaults
+Subject: [PATCH 39/53] FIPS: PKCS12: PBMAC1 defaults
 From-dist-git-commit: 8fc2d4842385584094d57f6f66fcbc2a07865708
 ---
@ -31,5 +31,5 @@ index 9964faf21a..59439a8cc0 100644
                 if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL,
                                               macsaltlen, maciter,
 -- 
-2.49.0
+2.50.0
--- a/0040-FIPS-Fix-encoder-decoder-negative-test.patch
+++ b/0040-FIPS-Fix-encoder-decoder-negative-test.patch
@ -1,7 +1,7 @@
-From fe12acbd953da37dd25e8abca64582c9bdeadf3c Mon Sep 17 00:00:00 2001
+From eea9e6867012efa55d7ae48ab9a87fd0da382b6b Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Wed, 5 Mar 2025 13:22:03 -0500
-Subject: [PATCH 40/58] FIPS: Fix encoder/decoder negative test
+Subject: [PATCH 40/53] FIPS: Fix encoder/decoder negative test
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -31,5 +31,5 @@ index 2acc980e90..660d4e1115
     my $conf2 = srctop_file("test", "default-and-fips.cnf");
     ok(run(test(['decoder_propq_test', '-config', $conf2,
 -- 
-2.49.0
+2.50.0
--- a/0041-FIPS-EC-DH-DSA-PCTs.patch
+++ b/0041-FIPS-EC-DH-DSA-PCTs.patch
@ -1,7 +1,7 @@
-From a4fc741bd6e43b301121f01ef7c823a589faad39 Mon Sep 17 00:00:00 2001
+From 1e029f27fe022949adaba959ac3fa3c3c1eccb0b Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Mon, 24 Mar 2025 10:50:06 -0400
-Subject: [PATCH 41/58] FIPS: EC: DH/DSA PCTs
+Subject: [PATCH 41/53] FIPS: EC: DH/DSA PCTs
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -176,5 +176,5 @@ index 4e46eaf9bc..4d7c25728a 100644
     { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
     { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
 -- 
-2.49.0
+2.50.0
--- a/0042-FIPS-EC-disable-weak-curves.patch
+++ b/0042-FIPS-EC-disable-weak-curves.patch
@ -1,7 +1,7 @@
-From c3f3de074f9140dd8f5833f7fe3e751ac0838323 Mon Sep 17 00:00:00 2001
+From 92b40ca85bbfa7acc9b16f2c7b370f2ea5fa3ffc Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Fri, 7 Mar 2025 18:06:36 -0500
-Subject: [PATCH 42/58] FIPS: EC: disable weak curves
+Subject: [PATCH 42/53] FIPS: EC: disable weak curves
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -27,5 +27,5 @@ index f0879dfb11..a6042e7d2a 100644
             comment = "CURVE DESCRIPTION NOT AVAILABLE";
         if (sname == NULL)
 -- 
-2.49.0
+2.50.0
--- a/0043-FIPS-NO-DSA-Support.patch
+++ b/0043-FIPS-NO-DSA-Support.patch
@ -1,7 +1,7 @@
-From d923f8b4531718ede24814722a0c0f0f912dca7c Mon Sep 17 00:00:00 2001
+From 2dbc4a1c31e66fd841a87f62834d8d60aff10d45 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Fri, 7 Mar 2025 18:10:52 -0500
-Subject: [PATCH 43/58] FIPS: NO DSA Support
+Subject: [PATCH 43/53] FIPS: NO DSA Support
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -18,10 +18,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
 mode change 100644 => 100755 test/recipes/30-test_evp.t
 diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index aa1ab85470..7999744b5a 100644
+index 1e90f363af..84d8e897cc 100644
 --- a/providers/fips/fipsprov.c
 +++ b/providers/fips/fipsprov.c
-@@ -430,7 +430,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
+@@ -431,7 +431,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
 };
 static const OSSL_ALGORITHM fips_signature[] = {
@ -31,7 +31,7 @@ index aa1ab85470..7999744b5a 100644
     { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
     { PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions },
     { PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions },
-@@ -560,8 +561,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
+@@ -561,8 +562,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
       PROV_DESCS_DHX },
 #endif
 #ifndef OPENSSL_NO_DSA
@ -396,5 +396,5 @@ index ece29485f4..756f90c1bd 100644
         "-signer", $smrsa1,
         "-signer", catfile($smdir, "smrsa2.pem"),
 -- 
-2.49.0
+2.50.0
--- a/0044-FIPS-NO-DES-support.patch
+++ b/0044-FIPS-NO-DES-support.patch
@ -1,7 +1,7 @@
-From ca860bb5c16d9a96afb32e025b54db76e5f8cfd3 Mon Sep 17 00:00:00 2001
+From 8774a96fde9355aa32c040c145e4f35d7c09a5bd Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Fri, 7 Mar 2025 18:15:13 -0500
-Subject: [PATCH 44/58] FIPS: NO DES support
+Subject: [PATCH 44/53] FIPS: NO DES support
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -14,10 +14,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
 6 files changed, 14 insertions(+), 23 deletions(-)
 diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index 7999744b5a..30f0c8ca14 100644
+index 84d8e897cc..4b394c3e39 100644
 --- a/providers/fips/fipsprov.c
 +++ b/providers/fips/fipsprov.c
-@@ -354,7 +354,8 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
+@@ -355,7 +355,8 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
          ossl_cipher_capable_aes_cbc_hmac_sha256),
     ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
          ossl_cipher_capable_aes_cbc_hmac_sha256),
@ -80,7 +80,7 @@ index 2838f343bd..19dd2c6c63 100644
     return 1;
 }
 diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
-index 1947e21f74..119b75d9ce 100644
+index 6c74b65cef..8bcb78cd2d 100644
 --- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt
 +++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
@@ -14,7 +14,7 @@
@ -132,7 +132,7 @@ index 1947e21f74..119b75d9ce 100644
 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
 # Test that DES3 ECB mode encryption is not FIPS approved
-Availablein = fipss
+-Availablein = fips
 -FIPSversion = >=3.4.0
 +Availablein = none
 Cipher = DES-EDE3-ECB
@ -170,5 +170,5 @@ index 756f90c1bd..ac833d2a2f 100644
         "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
         "-stream", "-out", "{output}.cms" ],
 -- 
-2.49.0
+2.50.0
--- a/0045-FIPS-NO-Kmac.patch
+++ b/0045-FIPS-NO-Kmac.patch
@ -1,7 +1,7 @@
-From 3928272f2d86188ef8796c7d18b1ec7d617cae97 Mon Sep 17 00:00:00 2001
+From e466bb4e4fa16481cbf44b410933e6dceb8d27d9 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Fri, 7 Mar 2025 18:22:07 -0500
-Subject: [PATCH 45/58] FIPS: NO Kmac
+Subject: [PATCH 45/53] FIPS: NO Kmac
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -15,10 +15,10 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
 7 files changed, 40 insertions(+), 86 deletions(-)
 diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index 30f0c8ca14..00b7d1e2aa 100644
+index 4b394c3e39..8f00dfa0ef 100644
 --- a/providers/fips/fipsprov.c
 +++ b/providers/fips/fipsprov.c
-@@ -293,10 +293,11 @@ static const OSSL_ALGORITHM fips_digests[] = {
+@@ -294,10 +294,11 @@ static const OSSL_ALGORITHM fips_digests[] = {
      * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
      * KMAC128 and KMAC256.
      */
@ -32,7 +32,7 @@ index 30f0c8ca14..00b7d1e2aa 100644
     { NULL, NULL, NULL }
 };
-@@ -369,8 +370,9 @@ static const OSSL_ALGORITHM fips_macs[] = {
+@@ -370,8 +371,9 @@ static const OSSL_ALGORITHM fips_macs[] = {
 #endif
     { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
     { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
@ -422,5 +422,5 @@ index 831eecbac9..af92ceea98 100644
 -Custom = ""
 -Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
 -- 
-2.49.0
+2.50.0
--- a/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
+++ b/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
@ -1,7 +1,7 @@
-From 50c0087bdd6c15e2c63c8324f35221fd45a10518 Mon Sep 17 00:00:00 2001
+From 0d1de1053dc1b4b9a1e14b622311d0449c64e19e Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Mon, 10 Mar 2025 13:52:50 -0400
-Subject: [PATCH 47/58] FIPS: Fix some tests due to our versioning change
+Subject: [PATCH 46/53] FIPS: Fix some tests due to our versioning change
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -102,5 +102,5 @@ index af47842fd8..21c75033e8 100644
 my @tests_mldsa_tls_1_3 = (
 -- 
-2.49.0
+2.50.0
--- a/0046-FIPS-NO-PQ-ML-SLH-DSA.patch
+++ b/0046-FIPS-NO-PQ-ML-SLH-DSA.patch
@ -1,33 +0,0 @@
 From a6dce07d8e44e79dc3db9538d269bbbc903a8e15 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Fri, 7 Mar 2025 18:24:36 -0500
 Subject: [PATCH 46/58] FIPS: NO PQ (ML/SLH-DSA)
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
 providers/fips/self_test_data.inc | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
 index f3059a8446..9659f10613 100644
 --- a/providers/fips/self_test_data.inc
 +++ b/providers/fips/self_test_data.inc
@@ -3037,6 +3037,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
 #endif /* OPENSSL_NO_DSA */
 #endif
 +#if 0
 #ifndef OPENSSL_NO_ML_DSA
     {
         OSSL_SELF_TEST_DESC_SIGN_ML_DSA,
@@ -3081,6 +3082,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
         slh_dsa_sig_params, slh_dsa_sig_params
     },
 #endif /* OPENSSL_NO_SLH_DSA */
 +#endif
 };
 #if !defined(OPENSSL_NO_ML_DSA)
 -- 
 2.49.0
--- a/0047-Current-Rebase-status.patch
+++ b/0047-Current-Rebase-status.patch
@ -1,7 +1,7 @@
-From 3bc3a6514c078564ac8addbdf24172a5fb90f4d7 Mon Sep 17 00:00:00 2001
+From e47db9280144065c4221537f1d44baa750a25d64 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Wed, 12 Feb 2025 17:25:47 -0500
-Subject: [PATCH 48/58] Current Rebase status
+Subject: [PATCH 47/53] Current Rebase status
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -102,5 +102,5 @@ index 2833a383c1..c8f6c992a8 100644
 +./Configure --prefix=$HOME/tmp/openssl-rebase --openssldir=$HOME/tmp/openssl-rebase/etc/pki/tls enable-ec_nistp_64_gcc_128 --system-ciphers-file=$HOME/tmp/openssl-rebase/etc/crypto-policies/back-ends/opensslcnf.config zlib enable-camellia enable-seed enable-rfc3779 enable-sctp enable-cms enable-md2 enable-rc5 enable-ktls enable-fips no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++ shared linux-x86_64 $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DOPENSSL_PEDANTIC_ZEROIZATION -DREDHAT_FIPS_VENDOR="\"Red Hat Enterprise Linux OpenSSL FIPS Provider\"" -DREDHAT_FIPS_VERSION="\"3.5.0-4c714d97fd77d1a8\""' -Wl,--allow-multiple-definition
 +
 -- 
-2.49.0
+2.50.0
--- a/0048-FIPS-KDF-key-lenght-errors.patch
+++ b/0048-FIPS-KDF-key-lenght-errors.patch
@ -1,7 +1,7 @@
-From 573cde99e796fbd76f9be7f6a553c681abbfb55a Mon Sep 17 00:00:00 2001
+From d0063158bcf9321daec1ffcbfeb3d7b085aebce3 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Mon, 14 Apr 2025 15:25:40 -0400
-Subject: [PATCH 49/58] FIPS: KDF key lenght errors
+Subject: [PATCH 48/53] FIPS: KDF key lenght errors
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -171,5 +171,5 @@ index 1fb2472001..93c07ede7c 100644
 # Test that the key whose length is shorter than 112 bits is reported as
 -- 
-2.49.0
+2.50.0
--- a/0049-FIPS-fix-disallowed-digests-tests.patch
+++ b/0049-FIPS-fix-disallowed-digests-tests.patch
@ -1,7 +1,7 @@
-From 48498bd445161f1d0fffb60bce8d9474acfe840b Mon Sep 17 00:00:00 2001
+From 91000e60a38106701dd76deb37eafe165e7802a3 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Tue, 15 Apr 2025 13:41:42 -0400
-Subject: [PATCH 50/58] FIPS: fix disallowed digests tests
+Subject: [PATCH 49/53] FIPS: fix disallowed digests tests
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
@ -47,5 +47,5 @@ index 6688c217aa..8347f773e6 100644
 # Test that the key whose length is shorter than 112 bits is reported as
 # unapproved
 -- 
-2.49.0
+2.50.0
--- a/0050-Make-openssl-speed-run-in-FIPS-mode.patch
+++ b/0050-Make-openssl-speed-run-in-FIPS-mode.patch
@ -1,14 +1,14 @@
-From 0895e273cacec26a4bd027bef7ab07bae12d9741 Mon Sep 17 00:00:00 2001
+From 99d3ce80ecf3252962a1b79dd57324f08b62cc18 Mon Sep 17 00:00:00 2001
 From: Dmitry Belyavskiy <beldmit@gmail.com>
 Date: Fri, 9 May 2025 15:09:46 +0200
-Subject: [PATCH 51/58] Make `openssl speed` run in FIPS mode
+Subject: [PATCH 50/53] Make `openssl speed` run in FIPS mode
 ---
 apps/speed.c | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)
 diff --git a/apps/speed.c b/apps/speed.c
-index 1edf9b8485..d4e707074c 100644
+index 3307a9cb46..ae2f166d24 100644
 --- a/apps/speed.c
 +++ b/apps/speed.c
@@ -3172,18 +3172,18 @@ int speed_main(int argc, char **argv)
@ -72,5 +72,5 @@ index 1edf9b8485..d4e707074c 100644
     for (i = 0; i < loopargs_len; i++)
 -- 
-2.49.0
+2.50.0
--- a/0051-Backport-upstream-27483-for-PKCS11-needs.patch
+++ b/0051-Backport-upstream-27483-for-PKCS11-needs.patch
@ -1,7 +1,7 @@
-From 120558807e15d3cb2959020bacc928988e512a78 Mon Sep 17 00:00:00 2001
+From 5b20574f75a2c525bf30ea304292ecd93eb72091 Mon Sep 17 00:00:00 2001
 From: Dmitry Belyavskiy <beldmit@gmail.com>
 Date: Mon, 12 May 2025 14:34:39 +0200
-Subject: [PATCH 52/58] Backport upstream #27483 for PKCS11 needs
+Subject: [PATCH 51/53] Backport upstream #27483 for PKCS11 needs
 ---
 .../implementations/skeymgmt/aes_skmgmt.c     |  2 +
@ -142,5 +142,5 @@ index b81df9c8f8..e33bbbe003 100644
     ADD_TEST(test_aes_raw_skey);
 #ifndef OPENSSL_NO_DES
 -- 
-2.49.0
+2.50.0
--- a/0052-Red-Hat-9-FIPS-indicator-defines.patch
+++ b/0052-Red-Hat-9-FIPS-indicator-defines.patch
@ -1,7 +1,7 @@
-From ee9a3d993eb82f98e4670adc9ccb015065b81555 Mon Sep 17 00:00:00 2001
+From fcba6e3c26d76ce26ef140f3d07f9cc15e7d98fa Mon Sep 17 00:00:00 2001
 From: Dmitry Belyavskiy <beldmit@gmail.com>
 Date: Mon, 12 May 2025 16:21:23 +0200
-Subject: [PATCH 53/58] Red Hat 9 FIPS indicator defines
+Subject: [PATCH 52/53] Red Hat 9 FIPS indicator defines
 ---
 include/openssl/evp.h           | 15 +++++++++++++++
@ -125,5 +125,5 @@ index 059b489735..5a1864309d 100644
     'KEM_PARAM_FIPS_KEY_CHECK' =>       '*PKEY_PARAM_FIPS_KEY_CHECK',
     'KEM_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
 -- 
-2.49.0
+2.50.0
--- a/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch
+++ b/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch
@ -1,7 +1,7 @@
-From 26ad3b905a6d4b1fa50b304f21f67aa0d35265e9 Mon Sep 17 00:00:00 2001
+From 75c77ea5f36dbf6d21940ab5bf87dff6acd5b8d6 Mon Sep 17 00:00:00 2001
 From: Dmitry Belyavskiy <beldmit@gmail.com>
 Date: Fri, 30 May 2025 16:17:37 +0200
-Subject: [PATCH 58/58] Allow hybrid MLKEM in FIPS mode
+Subject: [PATCH 53/53] Allow hybrid MLKEM in FIPS mode
 ---
 crypto/ml_kem/ml_kem.c                        | 11 ++--
@ -12,18 +12,18 @@ Subject: [PATCH 58/58] Allow hybrid MLKEM in FIPS mode
 5 files changed, 103 insertions(+), 12 deletions(-)
 diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c
-index ec75233435..8d0cc1a82c 100644
+index 4474af0f87..6eca7dc29d 100644
 --- a/crypto/ml_kem/ml_kem.c
 +++ b/crypto/ml_kem/ml_kem.c
-@@ -1581,6 +1581,7 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
+@@ -1613,6 +1613,7 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
 {
     const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(evp_type);
     ML_KEM_KEY *key;
 +    char *adjusted_propq = NULL;
-     if (vinfo == NULL)
+     if (vinfo == NULL) {
-         return NULL;
+         ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
-@@ -1588,15 +1589,17 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
+@@ -1623,15 +1624,17 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
     if ((key = OPENSSL_malloc(sizeof(*key))) == NULL)
         return NULL;
@ -298,5 +298,5 @@ index bea8783276..aeef0c8f84 100644
                                   key->xinfo->algorithm_name,
                                   key->xinfo->group_name);
 -- 
-2.49.0
+2.50.0
--- a/0054-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch
+++ b/0054-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch
@ -1,58 +0,0 @@
 From 92e50723ae6aa29476b7ebb66d262f78677ee68d Mon Sep 17 00:00:00 2001
 From: Gerd Hoffmann <kraxel@redhat.com>
 Date: Mon, 7 Apr 2025 12:58:54 +0200
 Subject: [PATCH 54/58] crypto: disable OSSL_PARAM_REAL on UEFI
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Floating point types like double can't be used on UEFI.
 Fix build on UEFI by disabling the OSSL_PARAM_REAL branch.
 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
 Reviewed-by: Saša Nedvědický <sashan@openssl.org>
 Reviewed-by: Tomas Mraz <tomas@openssl.org>
 Reviewed-by: Matt Caswell <matt@openssl.org>
 (Merged from https://github.com/openssl/openssl/pull/27284)
 ---
 crypto/params_from_text.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c
 index 7532d4d439..fb25400dc1 100644
 --- a/crypto/params_from_text.c
 +++ b/crypto/params_from_text.c
@@ -220,9 +220,9 @@ int OSSL_PARAM_print_to_bio(const OSSL_PARAM *p, BIO *bio, int print_values)
     BIGNUM *bn;
 #ifndef OPENSSL_SYS_UEFI
     double d;
 +    int dok;
 #endif
     int ok = -1;
 -    int dok;
     /*
      * Iterate through each key in the array printing its key and value
@@ -280,16 +280,16 @@ int OSSL_PARAM_print_to_bio(const OSSL_PARAM *p, BIO *bio, int print_values)
         case OSSL_PARAM_OCTET_STRING:
             ok = BIO_dump(bio, (char *)p->data, p->data_size);
             break;
 +#ifndef OPENSSL_SYS_UEFI
         case OSSL_PARAM_REAL:
             dok = 0;
 -#ifndef OPENSSL_SYS_UEFI
             dok = OSSL_PARAM_get_double(p, &d);
 -#endif
             if (dok == 1)
                 ok = BIO_printf(bio, "%f\n", d);
             else
                 ok = BIO_printf(bio, "error getting value\n");
             break;
 +#endif
         default:
             ok = BIO_printf(bio, "unknown type (%u) of %zu bytes\n",
                             p->data_type, p->data_size);
 -- 
 2.49.0
--- a/0055-hashfunc-add-stddef.h-include.patch
+++ b/0055-hashfunc-add-stddef.h-include.patch
@ -1,36 +0,0 @@
 From fb8649ec423277d50936a6a7848a1b6705e208cc Mon Sep 17 00:00:00 2001
 From: Gerd Hoffmann <kraxel@redhat.com>
 Date: Mon, 7 Apr 2025 13:29:36 +0200
 Subject: [PATCH 55/58] hashfunc: add stddef.h include
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 size_t is declared in stddef.h, so include the header file to
 make sure it is available.  Fixes build on UEFI.
 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
 Reviewed-by: Saša Nedvědický <sashan@openssl.org>
 Reviewed-by: Tomas Mraz <tomas@openssl.org>
 Reviewed-by: Matt Caswell <matt@openssl.org>
 (Merged from https://github.com/openssl/openssl/pull/27284)
 ---
 include/internal/hashfunc.h | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/include/internal/hashfunc.h b/include/internal/hashfunc.h
 index cabc7beed4..fae8a275fa 100644
 --- a/include/internal/hashfunc.h
 +++ b/include/internal/hashfunc.h
@@ -11,6 +11,7 @@
 # define OPENSSL_HASHFUNC_H
 # include <openssl/e_os2.h>
 +# include <stddef.h>
 /**
  * Generalized fnv1a 64 bit hash function
  */
 -- 
 2.49.0
--- a/0056-rio-add-RIO_POLL_METHOD_NONE.patch
+++ b/0056-rio-add-RIO_POLL_METHOD_NONE.patch
@ -1,73 +0,0 @@
 From 60699bc32870a3325a79234158740aac917b39a6 Mon Sep 17 00:00:00 2001
 From: Gerd Hoffmann <kraxel@redhat.com>
 Date: Mon, 7 Apr 2025 14:06:28 +0200
 Subject: [PATCH 56/58] rio: add RIO_POLL_METHOD_NONE
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Fixes build on UEFI.
 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
 Reviewed-by: Saša Nedvědický <sashan@openssl.org>
 Reviewed-by: Tomas Mraz <tomas@openssl.org>
 Reviewed-by: Matt Caswell <matt@openssl.org>
 (Merged from https://github.com/openssl/openssl/pull/27284)
 ---
 ssl/rio/poll_builder.c | 4 +++-
 ssl/rio/poll_builder.h | 4 +++-
 ssl/rio/poll_method.h  | 5 ++++-
 3 files changed, 10 insertions(+), 3 deletions(-)
 diff --git a/ssl/rio/poll_builder.c b/ssl/rio/poll_builder.c
 index 007e360d87..3cfbe3b0ac 100644
 --- a/ssl/rio/poll_builder.c
 +++ b/ssl/rio/poll_builder.c
@@ -16,7 +16,9 @@ OSSL_SAFE_MATH_UNSIGNED(size_t, size_t)
 int ossl_rio_poll_builder_init(RIO_POLL_BUILDER *rpb)
 {
 -#if RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
 +#if RIO_POLL_METHOD == RIO_POLL_METHOD_NONE
 +    return 0;
 +#elif RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
     FD_ZERO(&rpb->rfd);
     FD_ZERO(&rpb->wfd);
     FD_ZERO(&rpb->efd);
 diff --git a/ssl/rio/poll_builder.h b/ssl/rio/poll_builder.h
 index ffc9bbf9fc..985e4713b2 100644
 --- a/ssl/rio/poll_builder.h
 +++ b/ssl/rio/poll_builder.h
@@ -23,7 +23,9 @@
  * FDs.
  */
 typedef struct rio_poll_builder_st {
 -# if RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
 +# if RIO_POLL_METHOD == RIO_POLL_METHOD_NONE
 +    /* nothing */;
 +# elif RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
     fd_set          rfd, wfd, efd;
     int             hwm_fd;
 # elif RIO_POLL_METHOD == RIO_POLL_METHOD_POLL
 diff --git a/ssl/rio/poll_method.h b/ssl/rio/poll_method.h
 index 9a6de89270..d5af8663c2 100644
 --- a/ssl/rio/poll_method.h
 +++ b/ssl/rio/poll_method.h
@@ -14,9 +14,12 @@
 # define RIO_POLL_METHOD_SELECT         1
 # define RIO_POLL_METHOD_POLL           2
 +# define RIO_POLL_METHOD_NONE           3
 # ifndef RIO_POLL_METHOD
 -#  if !defined(OPENSSL_SYS_WINDOWS) && defined(POLLIN)
 +#  if defined(OPENSSL_SYS_UEFI)
 +#   define RIO_POLL_METHOD              RIO_POLL_METHOD_NONE
 +#  elif !defined(OPENSSL_SYS_WINDOWS) && defined(POLLIN)
 #   define RIO_POLL_METHOD              RIO_POLL_METHOD_POLL
 #  else
 #   define RIO_POLL_METHOD              RIO_POLL_METHOD_SELECT
 -- 
 2.49.0
--- a/0057-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch
+++ b/0057-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch
@ -1,62 +0,0 @@
 From d7ab338f85b55ed6aa6d0187123dbab8684551a5 Mon Sep 17 00:00:00 2001
 From: Tomas Mraz <tomas@openssl.org>
 Date: Tue, 20 May 2025 16:34:10 +0200
 Subject: [PATCH 57/58] apps/x509.c: Fix the -addreject option adding trust
 instead of rejection
 Fixes CVE-2025-4575
 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
 Reviewed-by: Paul Dale <ppzgs1@gmail.com>
 (Merged from https://github.com/openssl/openssl/pull/27672)
 ---
 apps/x509.c                 |  2 +-
 test/recipes/25-test_x509.t | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)
 diff --git a/apps/x509.c b/apps/x509.c
 index fdae8f383a..0c340c15b3 100644
 --- a/apps/x509.c
 +++ b/apps/x509.c
@@ -465,7 +465,7 @@ int x509_main(int argc, char **argv)
                            prog, opt_arg());
                 goto opthelp;
             }
 -            if (!sk_ASN1_OBJECT_push(trust, objtmp))
 +            if (!sk_ASN1_OBJECT_push(reject, objtmp))
                 goto end;
             trustout = 1;
             break;
 diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
 index 09b61708ff..dfa0a428f5 100644
 --- a/test/recipes/25-test_x509.t
 +++ b/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 setup("test_x509");
 -plan tests => 134;
 +plan tests => 138;
 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@@ -110,6 +110,16 @@ ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE",
 && run(app(["openssl", "verify", "-no_check_time",
             "-trusted", $ca, "-partial_chain", $caout])));
 +# test trust decoration
 +ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection",
 +            "-out", "ca-trusted.pem"])));
 +cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection",
 +              1, 'trusted use - E-mail Protection');
 +ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection",
 +            "-out", "ca-rejected.pem"])));
 +cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection",
 +              1, 'rejected use - E-mail Protection');
 +
 subtest 'x509 -- x.509 v1 certificate' => sub {
     tconversion( -type => 'x509', -prefix => 'x509v1',
                  -in => srctop_file("test", "testx509.pem") );
 -- 
 2.49.0
--- a/openssl.spec
+++ b/openssl.spec
@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 3.5.0
+Version: 3.5.1
-Release: 8%{?dist}.alma.1
+Release: 1%{?dist}.alma.1
 Epoch: 1
 Source0: openssl-%{version}.tar.gz
 Source1: fips-hmacify.sh
@ -85,20 +85,15 @@ Patch0042: 0042-FIPS-EC-disable-weak-curves.patch
 Patch0043: 0043-FIPS-NO-DSA-Support.patch
 Patch0044: 0044-FIPS-NO-DES-support.patch
 Patch0045: 0045-FIPS-NO-Kmac.patch
-Patch0046: 0046-FIPS-NO-PQ-ML-SLH-DSA.patch
+Patch0046: 0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
-Patch0047: 0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
+Patch0047: 0047-Current-Rebase-status.patch
-Patch0048: 0048-Current-Rebase-status.patch
+Patch0048: 0048-FIPS-KDF-key-lenght-errors.patch
-Patch0049: 0049-FIPS-KDF-key-lenght-errors.patch
+Patch0049: 0049-FIPS-fix-disallowed-digests-tests.patch
-Patch0050: 0050-FIPS-fix-disallowed-digests-tests.patch
+Patch0050: 0050-Make-openssl-speed-run-in-FIPS-mode.patch
-Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch
+Patch0051: 0051-Backport-upstream-27483-for-PKCS11-needs.patch
-Patch0052: 0052-Backport-upstream-27483-for-PKCS11-needs.patch
+Patch0052: 0052-Red-Hat-9-FIPS-indicator-defines.patch
 Patch0053: 0053-Red-Hat-9-FIPS-indicator-defines.patch
 Patch0054: 0054-crypto-disable-OSSL_PARAM_REAL-on-UEFI.patch
 Patch0055: 0055-hashfunc-add-stddef.h-include.patch
 Patch0056: 0056-rio-add-RIO_POLL_METHOD_NONE.patch
 Patch0057: 0057-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch
 %if ( %{defined rhel} && (! %{defined centos}) )
-Patch0058: 0058-Allow-hybrid-MLKEM-in-FIPS-mode.patch
+Patch0053: 0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch
 %endif
 License: Apache-2.0
@ -441,9 +436,17 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
 %ldconfig_scriptlets libs
 %changelog
-* Fri Jun 06 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.0-8.alma.1
+* Wed Jul 02 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.1-1.alma.1
 - Redefine sslarch for x86_64_v2 arch
 * Tue Jul 01 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.1-1
 - Rebasing to OpenSSL 3.5.1
  Resolves: RHEL-90350
  Resolves: RHEL-95613
  Resolves: RHEL-97796
  Resolves: RHEL-99353
  Resolves: RHEL-100168
 * Thu Jun 05 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-8
 - rebuilt
  Related: RHEL-80811
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-3.5.0.tar.gz) = 39cc80e2843a2ee30f3f5de25cd9d0f759ad8de71b0b39f5a679afaaa74f4eb58d285ae50e29e4a27b139b49343ac91d1f05478f96fb0c6b150f16d7b634676f
+SHA512 (openssl-3.5.1.tar.gz) = 0fa152ae59ab5ea066319de039dfb1d24cbb247172d7512feb5dd920db3740f219d76b0195ea562f84fe5eae36c23772302eddfbb3509df13761452b4dafb9d3
`@ -1 +1 @@`
	`SHA512 (openssl-3.5.0.tar.gz) = 39cc80e2843a2ee30f3f5de25cd9d0f759ad8de71b0b39f5a679afaaa74f4eb58d285ae50e29e4a27b139b49343ac91d1f05478f96fb0c6b150f16d7b634676f`	`SHA512 (openssl-3.5.1.tar.gz) = 0fa152ae59ab5ea066319de039dfb1d24cbb247172d7512feb5dd920db3740f219d76b0195ea562f84fe5eae36c23772302eddfbb3509df13761452b4dafb9d3`