File openssl-FIPS-fix-EMS-support.patch of Package openssl-3.38619

Index: openssl-3.2.4/providers/fips/fipsprov.c
===================================================================
--- openssl-3.2.4.orig/providers/fips/fipsprov.c
+++ openssl-3.2.4/providers/fips/fipsprov.c
@@ -833,8 +833,22 @@ int OSSL_provider_init_int(const OSSL_CO
     }
 
     FIPS_SET_OPTION(fgbl, fips_security_checks);
-    FIPS_SET_OPTION(fgbl, fips_tls1_prf_ems_check);
     FIPS_SET_OPTION(fgbl, fips_restricted_drgb_digests);
+
+    /**
+     * FIX-SUSE: In order to allow RHNoEnforceEMSinFIPS set by crypto-policies
+     * FIPS:NO-ENFORCE-EMS, we need to allow fips_tls1_prf_ems_check.option be
+     * set to zero, in this case, the indicator will be marked as non
+     * compliant. If set to one, no-EMS will be rejected.
+     */
+    if (fgbl->fips_tls1_prf_ems_check.option != ((void*)0)) {
+        if (strcmp(fgbl->fips_tls1_prf_ems_check.option, "1") == 0)
+            fgbl->fips_tls1_prf_ems_check.enabled = 1;
+        else if (strcmp(fgbl->fips_tls1_prf_ems_check.option, "0") == 0)
+            fgbl->fips_tls1_prf_ems_check.enabled = 0;
+        else
+            goto err;
+    }
 #undef FIPS_SET_OPTION
 
     ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);