Deal with DH keys in FIPS mode according FIPS-140-3 requirements

Related: rhbz#2102536

0044-FIPS-140-3-keychecks.patch

@@ -0,0 +1,61 @@
+diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
+--- openssl-3.0.1/crypto/dh/dh_key.c.fips3	2022-07-18 16:01:41.159543735 +0200
++++ openssl-3.0.1/crypto/dh/dh_key.c	2022-07-18 16:24:30.251388248 +0200
+@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k
+     BN_MONT_CTX *mont = NULL;
+     BIGNUM *z = NULL, *pminus1;
+     int ret = -1;
++#ifdef FIPS_MODULE
++    int validate = 0;
++#endif
+ 
+     if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+         ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
+@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k
+         return 0;
+     }
+ 
++#ifdef FIPS_MODULE
++    if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
++        ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
++        return 0;
++    }
++#endif
++
+     ctx = BN_CTX_new_ex(dh->libctx);
+     if (ctx == NULL)
+         goto err;
+@@ -262,6 +272,9 @@ static int generate_key(DH *dh)
+ #endif
+     BN_CTX *ctx = NULL;
+     BIGNUM *pub_key = NULL, *priv_key = NULL;
++#ifdef FIPS_MODULE
++    int validate = 0;
++#endif
+ 
+     if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+         ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
+@@ -354,8 +367,23 @@ static int generate_key(DH *dh)
+     if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
+         goto err;
+ 
++#ifdef FIPS_MODULE
++    if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
++        ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
++        goto err;
++    }
++#endif
++
+     dh->pub_key = pub_key;
+     dh->priv_key = priv_key;
++#ifdef FIPS_MODULE
++    if (ossl_dh_check_pairwise(dh) <= 0) {
++        dh->pub_key = dh->priv_key = NULL;
++        ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
++        goto err;
++    }
++#endif
++
+     dh->dirty_cnt++;
+     ok = 1;
+  err:

openssl.spec

@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.1
-Release: 39%{?dist}
+Release: 40%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -88,6 +88,8 @@ Patch33: 0033-FIPS-embed-hmac.patch
 Patch34: 0034.fipsinstall_disable.patch
 # Skip unavailable algorithms running `openssl speed`
 Patch35: 0035-speed-skip-unavailable-dgst.patch
+# Extra public/private key checks required by FIPS-140-3
+Patch44: 0044-FIPS-140-3-keychecks.patch
 # Minimize fips services
 Patch45: 0045-FIPS-services-minimize.patch
 # Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486
@@ -483,6 +485,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri Aug 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-40
+- Deal with DH keys in FIPS mode according FIPS-140-3 requirements
+  Related: rhbz#2102536
+
 * Mon Aug 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-39
 - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test
 - Use Use digest_sign & digest_verify in FIPS signature self test