@@ -17,7 +17,7 @@ Index: openssl-3.0.4/Configure
===================================================================
--- openssl-3.0.4.orig/Configure
+++ openssl-3.0.4/Configure
-@@ -1423,16 +1423,6 @@ if ($target =~ /^mingw/ && `$config{CC}
+@@ -1423,16 +1423,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
push @{$config{shared_ldflag}}, "-mno-cygwin";
}
@@ -38,7 +38,7 @@ Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl
+++ openssl-3.0.4/Configurations/unix-Makefile.tmpl
-@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl
+@@ -483,13 +483,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
@@ -288,7 +288,7 @@ index c8921acd6e..11a91e62b1 100644
switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) {
case RSA_FLAG_TYPE_RSA:
-@@ -199,6 +202,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+@@ -204,6 +207,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
int ret;
@@ -296,7 +296,7 @@ index c8921acd6e..11a91e62b1 100644
size_t len = RSA_size(prsactx->rsa);
if (!ossl_prov_is_running())
-@@ -276,8 +280,12 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+@@ -281,8 +285,12 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
}
OPENSSL_free(tbuf);
} else {
@@ -311,7 +311,7 @@ index c8921acd6e..11a91e62b1 100644
}
*outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
ret = constant_time_select_int(constant_time_msb(ret), 0, 1);
-@@ -401,6 +409,10 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
+@@ -406,6 +414,10 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version))
return 0;
@@ -322,7 +322,7 @@ index c8921acd6e..11a91e62b1 100644
return 1;
}
-@@ -412,6 +424,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
+@@ -417,6 +429,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
NULL, 0),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
@@ -330,7 +330,7 @@ index c8921acd6e..11a91e62b1 100644
OSSL_PARAM_END
};
-@@ -549,6 +562,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+@@ -554,6 +567,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
return 0;
prsactx->alt_version = alt_version;
}
@@ -345,7 +345,7 @@ index c8921acd6e..11a91e62b1 100644
return 1;
}
-@@ -562,6 +583,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = {
+@@ -567,6 +588,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
@@ -21,7 +21,7 @@ diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes
index 080c4d02af..1405465098 100644
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
-@@ -277,6 +277,414 @@ Derive = RSA-2048
+@@ -278,6 +278,414 @@ Derive = RSA-2048
Result = KEYOP_INIT_ERROR
Reason = operation not supported for this keytype
@@ -35,7 +35,7 @@ index 0ad654fc60..a3d01eec45 100644
# The old FIPS provider doesn't include the workaround (#13817)
FIPSversion = >3.0.0
# Corrupted ciphertext
-@@ -261,6 +269,16 @@ Decrypt = RSA-2048
+@@ -260,6 +268,16 @@ Decrypt = RSA-2048
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff
@@ -32,7 +32,7 @@ index 795a3f2..3e7a811 100644
@@ -387,9 +387,11 @@ static int dh_validate_public(const DH *dh, int checktype)
if (pub_key == NULL)
return 0;
-
+
- /* The partial test is only valid for named group's with q = (p - 1) / 2 */
- if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
- && ossl_dh_is_named_safe_prime_group(dh))
@@ -42,7 +42,7 @@ index 795a3f2..3e7a811 100644
+ */
+ if (ossl_dh_is_named_safe_prime_group(dh))
return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
-
+
return DH_check_pub_key_ex(dh, pub_key);
--
2.40.0
@@ -7,7 +7,7 @@ Index: openssl-3.0.4/Configure
===================================================================
--- openssl-3.0.4.orig/Configure
+++ openssl-3.0.4/Configure
-@@ -1681,20 +1681,7 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-
+@@ -1679,20 +1679,7 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings'
unless ($disabled{afalgeng}) {
$config{afalgeng}="";
if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.0.17.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.18.bb
@@ -25,7 +25,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce"
+SRC_URI[sha256sum] = "d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"