From 04d5ef4d7230ef313a5eed03065ba66278deeaee Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Fri, 17 Jul 2020 12:41:39 +0200
Subject: [PATCH] Further changes for SP 800-56A rev3 requirements

---
 openssl-1.1.1-fips-dh.patch | 207 +++++++++++++++++++++++++++++-------
 openssl.spec                |   5 +-
 2 files changed, 170 insertions(+), 42 deletions(-)

diff --git a/openssl-1.1.1-fips-dh.patch b/openssl-1.1.1-fips-dh.patch
index 9e15289..d827a8a 100644
--- a/openssl-1.1.1-fips-dh.patch
+++ b/openssl-1.1.1-fips-dh.patch
@@ -1,6 +1,6 @@
 diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c
 --- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-06-05 17:31:28.044776018 +0200
++++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-07-17 10:36:29.245788441 +0200
 @@ -1,13 +1,17 @@
  /*
 - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -479,7 +479,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn
  }
 diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c
 --- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-06-05 17:31:28.044776018 +0200
++++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-07-17 10:36:29.246788449 +0200
 @@ -1,7 +1,7 @@
  /*
 - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
@@ -1958,7 +1958,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh
 +#endif /* OPENSSL_NO_DH */
 diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c
 --- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-06-05 17:31:28.045776027 +0200
++++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-07-17 10:36:29.246788449 +0200
 @@ -10,6 +10,7 @@
  #include <stdio.h>
  #include "internal/cryptlib.h"
@@ -1998,9 +1998,54 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh
      ctx = BN_CTX_new();
      if (ctx == NULL)
          goto err;
+@@ -177,7 +188,7 @@ int DH_check_pub_key_ex(const DH *dh, co
+     return errflags == 0;
+ }
+ 
+-int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
++static int dh_check_pub_key_int(const DH *dh, const BIGNUM *q, const BIGNUM *pub_key, int *ret)
+ {
+     int ok = 0;
+     BIGNUM *tmp = NULL;
+@@ -198,9 +209,9 @@ int DH_check_pub_key(const DH *dh, const
+     if (BN_cmp(pub_key, tmp) >= 0)
+         *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
+ 
+-    if (dh->q != NULL) {
++    if (q != NULL) {
+         /* Check pub_key^q == 1 mod p */
+-        if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
++        if (!BN_mod_exp(tmp, pub_key, q, dh->p, ctx))
+             goto err;
+         if (!BN_is_one(tmp))
+             *ret |= DH_CHECK_PUBKEY_INVALID;
+@@ -212,3 +223,23 @@ int DH_check_pub_key(const DH *dh, const
+     BN_CTX_free(ctx);
+     return ok;
+ }
++
++int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
++{
++    return dh_check_pub_key_int(dh, dh->q, pub_key, ret);
++}
++
++int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret)
++{
++    BIGNUM *q = dh->q;
++
++    if (q == NULL) {
++        if (dh_get_known_q(dh, &q) == 0) {
++            *ret |= DH_CHECK_INVALID_Q_VALUE;
++            return 0;
++        }
++    }
++
++    return dh_check_pub_key_int(dh, q, pub_key, ret);
++}
++
 diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c
---- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-06-05 17:31:27.977775462 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-06-05 17:31:28.045776027 +0200
+--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-07-17 10:36:29.182787923 +0200
++++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-07-17 10:36:29.246788449 +0200
 @@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i
                                BN_GENCB *cb)
  {
@@ -2031,8 +2076,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g
      if (ctx == NULL)
          goto err;
 diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c
---- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-06-05 17:31:27.977775462 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-06-05 17:31:28.045776027 +0200
+--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-07-17 10:36:29.182787923 +0200
++++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-07-17 11:00:07.783777846 +0200
 @@ -100,10 +100,18 @@ static int generate_key(DH *dh)
      BIGNUM *pub_key = NULL, *priv_key = NULL;
  
@@ -2073,9 +2118,52 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
              do {
                  if (!BN_priv_rand_range(priv_key, dh->q))
                      goto err;
+@@ -175,6 +191,15 @@ static int generate_key(DH *dh)
+         }
+         /* We MUST free prk before any further use of priv_key */
+         BN_clear_free(prk);
++
++        if (FIPS_mode()) {
++            int check_result;
++
++            if (!dh_check_pub_key_full(dh, pub_key, &check_result) || check_result) {
++                DHerr(DH_F_GENERATE_KEY, DH_R_INVALID_PUBKEY);
++                goto err;
++            }
++        }
+     }
+ 
+     dh->pub_key = pub_key;
+@@ -197,6 +222,7 @@ static int compute_key(unsigned char *ke
+     BN_CTX *ctx = NULL;
+     BN_MONT_CTX *mont = NULL;
+     BIGNUM *tmp;
++    BIGNUM *p1;
+     int ret = -1;
+     int check_result;
+ 
+@@ -243,6 +269,18 @@ static int compute_key(unsigned char *ke
+         DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+         goto err;
+     }
++
++    if (BN_is_zero(tmp) || BN_is_one(tmp) || BN_is_negative(tmp)) {
++        DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    if ((p1 = BN_CTX_get(ctx)) == NULL
++        || !BN_sub(p1, dh->p, BN_value_one())
++        || BN_cmp(p1, tmp) <= 0) {
++        DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
++        goto err;
++    }
+ 
+     ret = BN_bn2bin(tmp, key);
+  err:
 diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c
 --- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-06-18 14:13:33.546892717 +0200
++++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-07-17 10:36:29.246788449 +0200
 @@ -8,6 +8,7 @@
   */
  
@@ -2093,11 +2181,12 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
      return ret;
  
   err:
-@@ -205,7 +208,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU
+@@ -205,7 +208,10 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU
          dh->g = g;
      }
  
 -    if (q != NULL) {
++    dh->nid = NID_undef;
 +    dh_cache_nid(dh);
 +
 +    if (q != NULL && dh->nid == NID_undef) {
@@ -2105,8 +2194,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
      }
  
 diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h
---- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-06-05 17:31:27.763773685 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-06-05 17:31:28.045776027 +0200
+--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-07-17 10:36:28.968786163 +0200
++++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-07-17 10:36:29.246788449 +0200
 @@ -35,6 +35,7 @@ struct dh_st {
      const DH_METHOD *meth;
      ENGINE *engine;
@@ -2115,15 +2204,20 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh
  };
  
  struct dh_method {
-@@ -55,3 +56,5 @@ struct dh_method {
+@@ -55,3 +56,10 @@ struct dh_method {
      int (*generate_params) (DH *dh, int prime_len, int generator,
                              BN_GENCB *cb);
  };
 +
 +void dh_cache_nid(DH *dh);
++/* Obtain known q value based on nid or p */
++int dh_get_known_q(const DH *dh, BIGNUM **q);
++/* FIPS mode only check which requires nid set and looks up q based on it. */
++int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret);
++
 diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c
 --- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-06-05 17:31:28.045776027 +0200
++++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-07-17 10:36:29.246788449 +0200
 @@ -7,6 +7,8 @@
   * https://www.openssl.org/source/license.html
   */
@@ -2154,7 +2248,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
      return dh;
  }
  
-@@ -29,46 +36,115 @@ DH *DH_new_by_nid(int nid)
+@@ -29,46 +36,121 @@ DH *DH_new_by_nid(int nid)
  {
      switch (nid) {
      case NID_ffdhe2048:
@@ -2203,52 +2297,52 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
          return NID_undef;
 -    if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p))
 +
-+    if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p)) {
++    if (dh->nid == NID_ffdhe2048 || !BN_cmp(dh->p, &_bignum_ffdhe2048_p)) {
          nid = NID_ffdhe2048;
 -    else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p))
 +        q = &_bignum_ffdhe2048_q;
 +        length = 225;
-+    } else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p)) {
++    } else if (dh->nid == NID_ffdhe3072 || !BN_cmp(dh->p, &_bignum_ffdhe3072_p)) {
          nid = NID_ffdhe3072;
 -    else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p))
 +        q = &_bignum_ffdhe3072_q;
 +        length = 275;
-+    } else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p)) {
++    } else if (dh->nid == NID_ffdhe4096 || !BN_cmp(dh->p, &_bignum_ffdhe4096_p)) {
          nid = NID_ffdhe4096;
 -    else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p))
 +        q = &_bignum_ffdhe4096_q;
 +        length = 325;
-+    } else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p)) {
++    } else if (dh->nid == NID_ffdhe6144 || !BN_cmp(dh->p, &_bignum_ffdhe6144_p)) {
          nid = NID_ffdhe6144;
 -    else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p))
 +        q = &_bignum_ffdhe6144_q;
 +        length = 375;
-+    } else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p)) {
++    } else if (dh->nid == NID_ffdhe8192 || !BN_cmp(dh->p, &_bignum_ffdhe8192_p)) {
          nid = NID_ffdhe8192;
 -    else
 +        q = &_bignum_ffdhe8192_q;
 +        length = 400;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_2048_p)) {
++    } else if (dh->nid == NID_modp_2048 || !BN_cmp(dh->p, &_bignum_modp_2048_p)) {
 +        nid = NID_modp_2048;
 +        q = &_bignum_modp_2048_q;
 +        length = 225;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_3072_p)) {
++    } else if (dh->nid == NID_modp_3072 || !BN_cmp(dh->p, &_bignum_modp_3072_p)) {
 +        nid = NID_modp_3072;
 +        q = &_bignum_modp_3072_q;
 +        length = 275;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_4096_p)) {
++    } else if (dh->nid == NID_modp_4096 || !BN_cmp(dh->p, &_bignum_modp_4096_p)) {
 +        nid = NID_modp_4096;
 +        q = &_bignum_modp_4096_q;
 +        length = 325;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_6144_p)) {
++    } else if (dh->nid == NID_modp_6144 || !BN_cmp(dh->p, &_bignum_modp_6144_p)) {
 +        nid = NID_modp_6144;
 +        q = &_bignum_modp_6144_q;
 +        length = 375;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_8192_p)) {
++    } else if (dh->nid == NID_modp_8192 || !BN_cmp(dh->p, &_bignum_modp_8192_p)) {
 +        nid = NID_modp_8192;
 +        q = &_bignum_modp_8192_q;
 +        length = 400;
-+    } else if (!FIPS_mode() && !BN_cmp(dh->p, &_bignum_modp_1536_p)) {
++    } else if (!FIPS_mode() && (dh->nid == NID_modp_1536 || !BN_cmp(dh->p, &_bignum_modp_1536_p))) {
 +        nid = NID_modp_1536;
 +        q = &_bignum_modp_1536_q;
 +        length = 175;
@@ -2287,9 +2381,40 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
 +{
 +    dh->nid = dh_match_group(dh, NULL, &dh->length);
 +}
++
++int dh_get_known_q(const DH *dh, BIGNUM **q)
++{
++    return dh_match_group(dh, q, NULL) != NID_undef;
++}
++
+diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_key.c
+--- openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh	2020-07-17 10:36:29.183787931 +0200
++++ openssl-1.1.1g/crypto/ec/ec_key.c	2020-07-17 10:36:29.247788458 +0200
+@@ -296,8 +296,20 @@ int ec_key_simple_generate_key(EC_KEY *e
+ 
+ int ec_key_simple_generate_public_key(EC_KEY *eckey)
+ {
+-    return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
++    BIGNUM *priv_key;
++    int ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
+                         NULL, NULL);
++
++    if (ret <= 0 || !FIPS_mode())
++        return ret;
++
++    /* no need to perform private key test, temporarily hide it */
++    priv_key = eckey->priv_key;
++    eckey->priv_key = NULL;
++    ret = EC_KEY_check_key(eckey);
++    eckey->priv_key = priv_key;
++
++    return ret;
+ }
+ 
+ int EC_KEY_check_key(const EC_KEY *eckey)
 diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c
 --- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/evp/p_lib.c	2020-06-05 17:31:28.045776027 +0200
++++ openssl-1.1.1g/crypto/evp/p_lib.c	2020-07-17 10:36:29.247788458 +0200
 @@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p
  
  int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@@ -2301,8 +2426,8 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l
  
      if (ret)
 diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h
---- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-06-05 17:31:28.036775952 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-06-05 17:31:28.046776035 +0200
+--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-07-17 10:36:29.239788392 +0200
++++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-07-17 10:36:29.247788458 +0200
 @@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
      0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
  };
@@ -2365,8 +2490,8 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o
       173,    /* "name" */
       681,    /* "onBasis" */
 diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt
---- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-06-05 17:31:28.037775960 +0200
-+++ openssl-1.1.1g/crypto/objects/objects.txt	2020-06-05 17:31:28.046776035 +0200
+--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-07-17 10:36:29.239788392 +0200
++++ openssl-1.1.1g/crypto/objects/objects.txt	2020-07-17 10:36:29.247788458 +0200
 @@ -1657,6 +1657,13 @@ id-pkinit 5                     : pkInit
                              : ffdhe4096
                              : ffdhe6144
@@ -2382,8 +2507,8 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto
  # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
  
 diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num
---- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-06-05 17:31:28.037775960 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-06-05 17:31:28.046776035 +0200
+--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-07-17 10:36:29.239788392 +0200
++++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-07-17 10:36:29.248788466 +0200
 @@ -1196,3 +1196,9 @@ sshkdf		1195
  kbkdf		1196
  krb5kdf		1197
@@ -2396,7 +2521,7 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto
 +modp_8192		1204
 diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod
 --- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-06-05 17:31:28.046776035 +0200
++++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-07-17 10:36:29.248788466 +0200
 @@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find
  
   #include <openssl/dh.h>
@@ -2417,7 +2542,7 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma
  any named set. It returns the NID corresponding to the matching parameters or
 diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod
 --- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-06-05 17:31:28.046776035 +0200
++++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-07-17 10:36:29.248788466 +0200
 @@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets
  If B<pad> is zero (the default) then no padding is performed.
  
@@ -2436,7 +2561,7 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do
  The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
 diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h
 --- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-06-05 17:31:28.047776043 +0200
++++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-07-17 10:36:29.248788466 +0200
 @@ -1,7 +1,7 @@
  /*
 - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -2486,8 +2611,8 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr
 +extern const BIGNUM _bignum_modp_6144_q;
 +extern const BIGNUM _bignum_modp_8192_q;
 diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h
---- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-06-05 17:31:28.038775968 +0200
-+++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-06-05 17:31:28.047776043 +0200
+--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-07-17 10:36:29.240788400 +0200
++++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-07-17 10:36:29.248788466 +0200
 @@ -5115,6 +5115,24 @@
  #define SN_ffdhe8192            "ffdhe8192"
  #define NID_ffdhe8192           1130
@@ -2514,8 +2639,8 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include
  #define NID_ISO_UA              1150
  #define OBJ_ISO_UA              OBJ_member_body,804L
 diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
---- openssl-1.1.1g/ssl/s3_lib.c.fips-dh	2020-06-05 17:31:27.996775620 +0200
-+++ openssl-1.1.1g/ssl/s3_lib.c	2020-06-05 17:31:28.047776043 +0200
+--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh	2020-07-17 10:36:29.199788063 +0200
++++ openssl-1.1.1g/ssl/s3_lib.c	2020-07-17 10:36:29.248788466 +0200
 @@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
  EVP_PKEY *ssl_dh_to_pkey(DH *dh)
  {
@@ -2569,8 +2694,8 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
  }
  #endif
 diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-dh openssl-1.1.1g/ssl/t1_lib.c
---- openssl-1.1.1g/ssl/t1_lib.c.fips-dh	2020-06-05 17:31:28.042776002 +0200
-+++ openssl-1.1.1g/ssl/t1_lib.c	2020-06-18 14:18:13.518339214 +0200
+--- openssl-1.1.1g/ssl/t1_lib.c.fips-dh	2020-07-17 10:36:29.243788425 +0200
++++ openssl-1.1.1g/ssl/t1_lib.c	2020-07-17 10:36:29.249788474 +0200
 @@ -2511,46 +2511,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP
  #ifndef OPENSSL_NO_DH
  DH *ssl_get_auto_dh(SSL *s)
diff --git a/openssl.spec b/openssl.spec
index 87baa02..220df7c 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1g
-Release: 11%{?dist}
+Release: 12%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -475,6 +475,9 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri Jul 17 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-12
+- Further changes for SP 800-56A rev3 requirements
+
 * Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-11
 - Drop long ago obsolete part of the FIPS patch