From 9833eff277926e0c2ad4654814bca992d4dd0747 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 26 May 2020 09:28:42 +0200
Subject: [PATCH] Use the well known DH groups in TLS

---
 openssl-1.1.1-fips-dh.patch | 141 ++++++++++++++++++++++++++++++------
 openssl.spec                |   5 +-
 2 files changed, 123 insertions(+), 23 deletions(-)

diff --git a/openssl-1.1.1-fips-dh.patch b/openssl-1.1.1-fips-dh.patch
index a42fa44..cf59ca5 100644
--- a/openssl-1.1.1-fips-dh.patch
+++ b/openssl-1.1.1-fips-dh.patch
@@ -1,6 +1,6 @@
 diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c
 --- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-05-25 18:26:46.551079694 +0200
++++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-05-25 18:41:00.478262334 +0200
 @@ -1,13 +1,17 @@
  /*
 - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -479,7 +479,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn
  }
 diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c
 --- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-05-25 18:26:46.552079703 +0200
++++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-05-25 18:41:00.480262350 +0200
 @@ -1,7 +1,7 @@
  /*
 - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
@@ -1958,7 +1958,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh
 +#endif /* OPENSSL_NO_DH */
 diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c
 --- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-05-25 18:30:28.767949811 +0200
++++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-05-25 18:41:00.481262359 +0200
 @@ -10,6 +10,7 @@
  #include <stdio.h>
  #include "internal/cryptlib.h"
@@ -1999,8 +1999,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh
      if (ctx == NULL)
          goto err;
 diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c
---- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-05-25 18:26:46.474079046 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-05-25 18:31:23.679411590 +0200
+--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-05-25 18:41:00.255260458 +0200
++++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-05-25 18:41:00.481262359 +0200
 @@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i
                                BN_GENCB *cb)
  {
@@ -2031,8 +2031,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g
      if (ctx == NULL)
          goto err;
 diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c
---- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-05-25 18:26:46.474079046 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-05-25 18:34:27.954961317 +0200
+--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-05-25 18:41:00.255260458 +0200
++++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-05-25 18:41:00.482262367 +0200
 @@ -100,10 +100,18 @@ static int generate_key(DH *dh)
      BIGNUM *pub_key = NULL, *priv_key = NULL;
  
@@ -2075,7 +2075,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
                      goto err;
 diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c
 --- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-05-25 18:26:46.552079703 +0200
++++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-05-25 18:41:00.482262367 +0200
 @@ -86,6 +86,8 @@ DH *DH_new_method(ENGINE *engine)
          goto err;
      }
@@ -2097,8 +2097,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
      }
  
 diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h
---- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-05-25 18:26:46.235077034 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-05-25 18:26:46.552079703 +0200
+--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-05-25 18:40:59.396253234 +0200
++++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-05-25 18:41:00.482262367 +0200
 @@ -35,6 +35,7 @@ struct dh_st {
      const DH_METHOD *meth;
      ENGINE *engine;
@@ -2115,7 +2115,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh
 +void dh_cache_nid(DH *dh);
 diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c
 --- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-05-25 18:37:58.593732734 +0200
++++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-05-25 18:41:00.483262376 +0200
 @@ -7,6 +7,8 @@
   * https://www.openssl.org/source/license.html
   */
@@ -2281,8 +2281,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
 +    }
 +}
 diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h
---- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-05-25 18:26:46.542079618 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-05-25 18:26:46.553079711 +0200
+--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-05-25 18:41:00.452262115 +0200
++++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-05-25 18:41:00.485262392 +0200
 @@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
      0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
  };
@@ -2345,8 +2345,8 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o
       173,    /* "name" */
       681,    /* "onBasis" */
 diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt
---- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-05-25 18:26:46.542079618 +0200
-+++ openssl-1.1.1g/crypto/objects/objects.txt	2020-05-25 18:26:46.553079711 +0200
+--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-05-25 18:41:00.453262123 +0200
++++ openssl-1.1.1g/crypto/objects/objects.txt	2020-05-25 18:41:00.486262401 +0200
 @@ -1657,6 +1657,13 @@ id-pkinit 5                     : pkInit
                              : ffdhe4096
                              : ffdhe6144
@@ -2362,8 +2362,8 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto
  # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
  
 diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num
---- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-05-25 18:26:46.542079618 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-05-25 18:26:46.553079711 +0200
+--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-05-25 18:41:00.453262123 +0200
++++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-05-25 18:41:00.486262401 +0200
 @@ -1196,3 +1196,9 @@ sshkdf		1195
  kbkdf		1196
  krb5kdf		1197
@@ -2376,7 +2376,7 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto
 +modp_8192		1204
 diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod
 --- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-05-25 18:26:46.554079719 +0200
++++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-05-25 18:41:00.487262409 +0200
 @@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find
  
   #include <openssl/dh.h>
@@ -2397,7 +2397,7 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma
  any named set. It returns the NID corresponding to the matching parameters or
 diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod
 --- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-05-25 18:26:46.554079719 +0200
++++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-05-25 18:41:00.487262409 +0200
 @@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets
  If B<pad> is zero (the default) then no padding is performed.
  
@@ -2416,7 +2416,7 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do
  The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
 diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h
 --- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-05-25 18:26:46.554079719 +0200
++++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-05-25 18:41:00.488262418 +0200
 @@ -1,7 +1,7 @@
  /*
 - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -2466,8 +2466,8 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr
 +extern const BIGNUM _bignum_modp_6144_q;
 +extern const BIGNUM _bignum_modp_8192_q;
 diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h
---- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-05-25 18:26:46.543079627 +0200
-+++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-05-25 18:26:46.554079719 +0200
+--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-05-25 18:41:00.458262165 +0200
++++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-05-25 18:41:00.489262426 +0200
 @@ -5115,6 +5115,24 @@
  #define SN_ffdhe8192            "ffdhe8192"
  #define NID_ffdhe8192           1130
@@ -2493,3 +2493,100 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include
  #define SN_ISO_UA               "ISO-UA"
  #define NID_ISO_UA              1150
  #define OBJ_ISO_UA              OBJ_member_body,804L
+diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
+--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh	2020-05-25 18:41:00.318260988 +0200
++++ openssl-1.1.1g/ssl/s3_lib.c	2020-05-26 08:52:28.102535244 +0200
+@@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
+ EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+ {
+     EVP_PKEY *ret;
++    DH *dhp = NULL;
++
+     if (dh == NULL)
+         return NULL;
++
++    if (FIPS_mode() && DH_get_nid(dh) == NID_undef) {
++        int bits = DH_bits(dh);
++        BIGNUM *p, *g;
++
++        dhp = DH_new();
++        if (dhp == NULL)
++            return NULL;
++        g = BN_new();
++        if (g == NULL || !BN_set_word(g, 2)) {
++            DH_free(dhp);
++            BN_free(g);
++            return NULL;
++        }
++
++        if (bits >= 7000)
++            p = BN_get_rfc3526_prime_8192(NULL);
++        else if (bits >= 5000)
++            p = BN_get_rfc3526_prime_6144(NULL);
++        else if (bits >= 3800)
++            p = BN_get_rfc3526_prime_4096(NULL);
++        else if (bits >= 2500)
++            p = BN_get_rfc3526_prime_3072(NULL);
++        else
++            p = BN_get_rfc3526_prime_2048(NULL);
++        if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
++            DH_free(dhp);
++            BN_free(p);
++            BN_free(g);
++            return NULL;
++        }
++        dh = dhp;
++    }
++
+     ret = EVP_PKEY_new();
+     if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
++        DH_free(dhp);
+         EVP_PKEY_free(ret);
+         return NULL;
+     }
++    DH_free(dhp);
+     return ret;
+ }
+ #endif
+diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-dh openssl-1.1.1g/ssl/t1_lib.c
+--- openssl-1.1.1g/ssl/t1_lib.c.fips-dh	2020-05-25 18:41:00.470262266 +0200
++++ openssl-1.1.1g/ssl/t1_lib.c	2020-05-26 08:48:55.619713737 +0200
+@@ -2482,7 +2482,7 @@ int SSL_check_chain(SSL *s, X509 *x, EVP
+ DH *ssl_get_auto_dh(SSL *s)
+ {
+     int dh_secbits = 80;
+-    if (s->cert->dh_tmp_auto == 2)
++    if (!FIPS_mode() && s->cert->dh_tmp_auto == 2)
+         return DH_get_1024_160();
+     if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
+         if (s->s3->tmp.new_cipher->strength_bits == 256)
+@@ -2495,7 +2495,7 @@ DH *ssl_get_auto_dh(SSL *s)
+         dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
+     }
+ 
+-    if (dh_secbits >= 128) {
++    if (dh_secbits >= 112 || FIPS_mode()) {
+         DH *dhp = DH_new();
+         BIGNUM *p, *g;
+         if (dhp == NULL)
+@@ -2508,8 +2508,10 @@ DH *ssl_get_auto_dh(SSL *s)
+         }
+         if (dh_secbits >= 192)
+             p = BN_get_rfc3526_prime_8192(NULL);
+-        else
++        else if (dh_secbits >= 128)
+             p = BN_get_rfc3526_prime_3072(NULL);
++        else
++            p = BN_get_rfc3526_prime_2048(NULL);
+         if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+             DH_free(dhp);
+             BN_free(p);
+@@ -2518,8 +2520,6 @@ DH *ssl_get_auto_dh(SSL *s)
+         }
+         return dhp;
+     }
+-    if (dh_secbits >= 112)
+-        return DH_get_2048_224();
+     return DH_get_1024_160();
+ }
+ #endif
diff --git a/openssl.spec b/openssl.spec
index 13e5ada..714b1d0 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1g
-Release: 6%{?dist}
+Release: 7%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -467,6 +467,9 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 
 %changelog
+* Tue May 28 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-7
+- Use the well known DH groups in TLS
+
 * Mon May 25 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-6
 - Allow only well known DH groups in the FIPS mode