- post GA fixes

2022-02-01 20:31:55 +01:00 · 2022-02-01 20:31:55 +01:00 · 925b18fff9
commit 925b18fff9
parent d8d77a7795
3 changed files with 654 additions and 73 deletions
--- a/libica-4.0.0-fixes.patch
+++ b/libica-4.0.0-fixes.patch
@ -0,0 +1,646 @@
 From 977fe8ac713f9ff3101ce9882e23d0183fb46ec8 Mon Sep 17 00:00:00 2001
 From: Joerg Schmidbauer <jschmidb@de.ibm.com>
 Date: Wed, 15 Dec 2021 16:29:57 +0100
 Subject: [libica PATCH 01/10] RSA: limit RSA key length to 4096
 CEX adapters support RSA up to 4096 bits. Although RSA key generation
 in libica is done via openssl, and therefore even greater key lengths
 would be supported, such keys could not be processed on CEX adapters
 afterwards. With the removal of sw fallbacks this is now a hard
 restriction.
 Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
 ---
 include/ica_api.h |  4 ++++
 src/ica_api.c     | 13 ++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)
 diff --git a/include/ica_api.h b/include/ica_api.h
 index ce27261..6137c4a 100644
 --- a/include/ica_api.h
 +++ b/include/ica_api.h
@@ -1291,6 +1291,7 @@ int ica_ed448_ctx_del(ICA_ED448_CTX **ctx);
  *
  * @return 0 if successful.
  * EINVAL if at least one invalid parameter is given.
 + * EPERM if modulus bit length is greater than 4096 (CEX adapter restriction).
  * EFAULT if OpenSSL key generation should fail.
  */
 ICA_EXPORT
@@ -1319,6 +1320,7 @@ unsigned int ica_rsa_key_generate_mod_expo(ica_adapter_handle_t adapter_handle,
  *
  * @return 0 if successful.
  * EINVAL if at least one invalid parameter is given.
 + * EPERM if modulus bit length is greater than 4096 (CEX adapter restriction).
  * EFAULT if OpenSSL key generation should fail.
  */
 ICA_EXPORT
@@ -1346,6 +1348,7 @@ unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t adapter_handle,
  *
  * @return 0 if successful.
  * EINVAL if at least one invalid parameter is given.
 + * EPERM if key bit length is greater than 4096 (CEX adapter restriction).
  * ENOMEM if memory allocation fails.
  * EIO if the operation fails. This should never happen.
  */
@@ -1375,6 +1378,7 @@ unsigned int ica_rsa_mod_expo(ica_adapter_handle_t adapter_handle,
  *
  * @return 0 if successful.
  * EINVAL if at least one invalid parameter is given.
 + * EPERM if key bit length is greater than 4096 (CEX adapter restriction).
  * ENOMEM if memory allocation fails.
  * EIO if the operation fails. This should never happen.
  */
 diff --git a/src/ica_api.c b/src/ica_api.c
 index 445b0ab..a412052 100644
 --- a/src/ica_api.c
 +++ b/src/ica_api.c
@@ -52,6 +52,8 @@
 #define MAX_VERSION_LENGTH 16
 +#define MAX_RSA_KEY_BITS		4096
 +
 #ifndef NO_SW_FALLBACKS
 int ica_fallbacks_enabled = 1;
 #else
@@ -1071,9 +1073,12 @@ unsigned int ica_rsa_key_generate_mod_expo(ica_adapter_handle_t adapter_handle,
 	/* Keys should comply with modulus_bit_length */
 	if ((modulus_bit_length + 7) / 8 != public_key->key_length)
 		return EINVAL;
 -	/* Minimum length for public exponent is sizeof(unsigned long) */
 +	/* Minimum key length is sizeof(unsigned long) */
 	if (public_key->key_length < sizeof(unsigned long))
 		return EINVAL;
 +	/* Max key bit length is 4096 because of CEX adapter restriction */
 +	if (modulus_bit_length > MAX_RSA_KEY_BITS)
 +		return EPERM;
 	/* OpenSSL takes only exponents of type unsigned long, so we have to
 	 * be sure that we give a value of the right size to OpenSSL.
@@ -1111,6 +1116,8 @@ unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t adapter_handle,
 		return EINVAL;
 	if (public_key->key_length < sizeof(unsigned long))
 		return EINVAL;
 +	if (modulus_bit_length > MAX_RSA_KEY_BITS)
 +		return EPERM;
 	num_ignored_bytes = public_key->key_length - sizeof(unsigned long);
 	public_exponent = public_key->exponent;
@@ -1145,6 +1152,8 @@ unsigned int ica_rsa_mod_expo(ica_adapter_handle_t adapter_handle,
 	if (rsa_key->key_length < sizeof(unsigned long))
 		return EINVAL;
 +	if (rsa_key->key_length * 8 > MAX_RSA_KEY_BITS)
 +		return EPERM;
 	/* fill driver structure */
 	rb.inputdata = (unsigned char *)input_data;
@@ -1264,6 +1273,8 @@ unsigned int ica_rsa_crt(ica_adapter_handle_t adapter_handle,
 	if (rsa_key->key_length < sizeof(unsigned long))
 		return EINVAL;
 +	if (rsa_key->key_length * 8 > MAX_RSA_KEY_BITS)
 +		return EPERM;
 	/* fill driver structure */
 	rb.inputdata = (unsigned char *)input_data;
 -- 
 2.34.1
 From 553977ef505b43c7d17056369ed518a971d43d68 Mon Sep 17 00:00:00 2001
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Date: Wed, 5 Jan 2022 09:07:51 +0100
 Subject: [libica PATCH 02/10] ECC: fix memory leaks in make_eckey()
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 src/s390_ecc.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)
 diff --git a/src/s390_ecc.c b/src/s390_ecc.c
 index bb13944..af121b0 100644
 --- a/src/s390_ecc.c
 +++ b/src/s390_ecc.c
@@ -146,12 +146,12 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen)
 	EC_GROUP *group = NULL;
 	EC_POINT *point = NULL;
 	BIGNUM *bn_priv = NULL;
 -	unsigned char *pub_key = NULL;
 -	unsigned int pub_key_len;
 -	point_conversion_form_t form;
 #if !OPENSSL_VERSION_PREREQ(3, 0)
 	EC_KEY *ec_key;
 #else
 +	unsigned char *pub_key = NULL;
 +	unsigned int pub_key_len;
 +	point_conversion_form_t form;
 	OSSL_PARAM_BLD *tmpl = NULL;
 	int rc;
 #endif
@@ -175,18 +175,13 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen)
 		goto err;
 	}
 -	form = EC_GROUP_get_point_conversion_form(group);
 -	pub_key_len = EC_POINT_point2buf(group, point, form, &pub_key, NULL);
 -	if (pub_key_len == 0) {
 -		goto err;
 -	}
 -
 #if !OPENSSL_VERSION_PREREQ(3, 0)
 	ec_key = EC_KEY_new_by_curve_name(nid);
 	if (ec_key == NULL) {
 		goto err;
 	}
 +	EC_POINT_free(point);
 	point = EC_POINT_new(EC_KEY_get0_group(ec_key));
 	if (point == NULL) {
 		goto err;
@@ -209,6 +204,11 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen)
 	}
 #else
 +	form = EC_GROUP_get_point_conversion_form(group);
 +	pub_key_len = EC_POINT_point2buf(group, point, form, &pub_key, NULL);
 +	if (pub_key_len == 0) {
 +		goto err;
 +	}
 	tmpl = OSSL_PARAM_BLD_new();
 	if (tmpl == NULL) {
@@ -243,6 +243,8 @@ err:
 #else
 	if (tmpl)
 		OSSL_PARAM_BLD_free(tmpl);
 +	if (pub_key)
 +		OPENSSL_free(pub_key);
 #endif
 	if (ok)
 -- 
 2.34.1
 From b41addd200c0938c6c10202da08ad5f7df940e18 Mon Sep 17 00:00:00 2001
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Date: Wed, 5 Jan 2022 09:15:58 +0100
 Subject: [libica PATCH 03/10] ECC: Avoid recursive loop in ec_key_check() with
 OpenSSL 3.0
 Use libica's OpenSSL library context in ec_key_check(), otherwise
 calling EVP_PKEY_fromdata() in build_pkey_from_params() may cause
 a recursive loop, when a provider is used that calls ica_ec_key_init()
 (and thus ec_key_check()) within its key import function.
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 src/s390_ecc.c | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/src/s390_ecc.c b/src/s390_ecc.c
 index af121b0..c0c1549 100644
 --- a/src/s390_ecc.c
 +++ b/src/s390_ecc.c
@@ -2458,6 +2458,8 @@ int ec_key_check(ICA_EC_KEY *ica_key)
 	BIGNUM *d = NULL, *x = NULL, *y = NULL;
 	int privlen, rc = EINVAL;
 +	BEGIN_OPENSSL_LIBCTX(openssl_libctx, rc);
 +
 	if (!ica_key)
 		goto done;
@@ -2489,6 +2491,7 @@ done:
 	if (privkey)
 		EVP_PKEY_free(privkey);
 +	END_OPENSSL_LIBCTX(rc);
 	return rc;
 }
 -- 
 2.34.1
 From 6031ec80a5ada52609822fed4a6bd2cccafe5563 Mon Sep 17 00:00:00 2001
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Date: Wed, 5 Jan 2022 09:26:26 +0100
 Subject: [libica PATCH 04/10] RSA: Fix memory leaks in
 rsa_key_generate_mod_expo()/crt()
 Also fix a compiler warning in rsa_key_generate().
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 src/s390_rsa.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
 diff --git a/src/s390_rsa.c b/src/s390_rsa.c
 index 360c374..cea2ba2 100644
 --- a/src/s390_rsa.c
 +++ b/src/s390_rsa.c
@@ -128,7 +128,8 @@ EVP_PKEY* rsa_key_generate(unsigned int modulus_bit_length,
 		} while (*public_exponent <= 2 || !(*public_exponent % 2));
 	}
 -	e = BN_bin2bn(public_exponent, sizeof(unsigned long), NULL);
 +	e = BN_bin2bn((const unsigned char *)public_exponent,
 +		      sizeof(unsigned long), NULL);
 	if (e == NULL) {
 		goto done;
 	}
@@ -259,6 +260,8 @@ err:
 #if !OPENSSL_VERSION_PREREQ(3, 0)
 	RSA_free(rsa);
 #else
 +	BN_free(n);
 +	BN_free(d);
 	EVP_PKEY_free(pkey);
 #endif
@@ -410,6 +413,12 @@ err:
 #if !OPENSSL_VERSION_PREREQ(3, 0)
 	RSA_free(rsa);
 #else
 +	BN_free(n);
 +	BN_free(p);
 +	BN_free(q);
 +	BN_free(dmp1);
 +	BN_free(dmq1);
 +	BN_free(iqmp);
 	EVP_PKEY_free(pkey);
 #endif
 -- 
 2.34.1
 From b49cf457659a4baf382b3828d89823497bb00f6e Mon Sep 17 00:00:00 2001
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Date: Thu, 13 Jan 2022 10:42:02 +0100
 Subject: [libica PATCH 05/10] EC: Handle unsupported EC curve in
 ica_ec_key_new()
 In case of an unsupported curve nid, privlen_from_nid() returns -1.
 The subsequent calloc() will fail with a size of -3 (0xfffffffffffffffd).
 Also free the already allocated key in case of an error to avoid a
 memory leak.
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 src/ica_api.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 diff --git a/src/ica_api.c b/src/ica_api.c
 index a412052..0a885e2 100644
 --- a/src/ica_api.c
 +++ b/src/ica_api.c
@@ -1336,9 +1336,15 @@ ICA_EC_KEY* ica_ec_key_new(unsigned int nid, unsigned int *privlen)
 	/* allocate clear memory for the 3 key parts */
 	len = privlen_from_nid(nid);
 +	if (len <= 0) {
 +		free(key);
 +		return NULL;
 +	}
 	key->X = calloc(1, 3*len);
 -	if (!key->X)
 +	if (!key->X) {
 +		free(key);
 		return NULL;
 +	}
 	key->nid = nid;
 	key->Y = key->X + len;
 -- 
 2.34.1
 From 7e6e303e6aef019047eb6dfcdedbfe7da2a88526 Mon Sep 17 00:00:00 2001
 From: Joerg Schmidbauer <jschmidb@de.ibm.com>
 Date: Tue, 11 Jan 2022 16:04:15 +0100
 Subject: [libica PATCH 06/10] Compute HMAC from installed library
 The HMAC hash was computed from the libica in the build tree, but
 the runtime check is run against the installed libica and those 2
 files may be different. E.g. if the runtime one has debuginfo stripped
 (and placed into a separate file), the hashes are different.
 This commit introduces a new make target: fipsinstall, which creates
 the HMAC files in the install directory.
 Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
 ---
 Makefile.am     | 9 ++++-----
 src/Makefile.am | 8 +++++++-
 2 files changed, 11 insertions(+), 6 deletions(-)
 diff --git a/Makefile.am b/Makefile.am
 index 2d8ab9e..e14abb5 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -17,11 +17,8 @@ coverage: check
 	cd ${top_builddir}/src && gcov .libs/*.gcda
 if ICA_FIPS
 -install-data-hook:
 -	$(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir)
 -	cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac
 -	$(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir)
 -	cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac
 +fipsinstall:
 +	 $(AM_V_GEN)$(MAKE) -C src fipsinstall
 if ICA_OPENSSL3
 	test -f $(DESTDIR)$(sysconfdir)/libica || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/libica
 	test -f $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || $(INSTALL) -m 644 ${top_builddir}/src/openssl3-fips.cnf $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || true
@@ -38,3 +35,5 @@ if ICA_OPENSSL3
 endif
 endif
 +.PHONY: fipsinstall
 +
 diff --git a/src/Makefile.am b/src/Makefile.am
 index c630048..4c92c96 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
@@ -47,6 +47,12 @@ mp.S	: mp.pl
 	./mp.pl mp.S
 if ICA_FIPS
 +fipsinstall:
 +	$(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica.so.$(VERSION1).hmac
 +	$(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
 +	$(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica-cex.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica-cex.so.$(VERSION1).hmac
 +	$(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
 +
 hmac-file-lnk: hmac-file
 	$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
 	$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
@@ -110,4 +116,4 @@ internal_tests_ec_internal_test_SOURCES = \
 		    include/rng.h ../test/testcase.h
 endif
 -.PHONY: hmac-file hmac-file-lnk
 +.PHONY: hmac-file hmac-file-lnk fipsinstall
 -- 
 2.34.1
 From 28fa931bed9e6847137829952a3e7cc6091bd071 Mon Sep 17 00:00:00 2001
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Date: Mon, 24 Jan 2022 10:24:44 +0100
 Subject: [libica PATCH 07/10] Fix compile warnings
 ... like potentially uninitialized variables or unused functions.
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 src/fips.c     | 4 ++--
 src/ica_api.c  | 2 +-
 src/s390_ecc.c | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)
 diff --git a/src/fips.c b/src/fips.c
 index 934f6f7..505dd0b 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -1304,8 +1304,8 @@ rsa_kat(void)
 	ica_adapter_handle_t ah;
 	const struct rsa_tv *tv;
 	size_t i, keylen, crtparamlen;
 -	unsigned char *out;
 -	libica_func_list_element* libica_func_list;
 +	unsigned char *out = NULL;
 +	libica_func_list_element* libica_func_list = NULL;
 	unsigned int count;
 	if (ica_open_adapter(&ah))
 diff --git a/src/ica_api.c b/src/ica_api.c
 index 0a885e2..a10e139 100644
 --- a/src/ica_api.c
 +++ b/src/ica_api.c
@@ -90,6 +90,7 @@ void ica_set_stats_mode(int stats_mode)
 	ica_stats_enabled = stats_mode ? 1 : 0;
 }
 +#ifndef NO_CPACF
 #ifdef ICA_FIPS
 static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
 	if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64)
@@ -101,7 +102,6 @@ static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
 }
 #endif
 -#ifndef NO_CPACF
 static unsigned int check_des_parms(unsigned int mode,
 				    unsigned long data_length,
 				    const unsigned char *in_data,
 diff --git a/src/s390_ecc.c b/src/s390_ecc.c
 index c0c1549..211db01 100644
 --- a/src/s390_ecc.c
 +++ b/src/s390_ecc.c
@@ -147,7 +147,7 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen)
 	EC_POINT *point = NULL;
 	BIGNUM *bn_priv = NULL;
 #if !OPENSSL_VERSION_PREREQ(3, 0)
 -	EC_KEY *ec_key;
 +	EC_KEY *ec_key = NULL;
 #else
 	unsigned char *pub_key = NULL;
 	unsigned int pub_key_len;
@@ -262,7 +262,7 @@ static EVP_PKEY *make_public_eckey(int nid, unsigned char *pubkey, size_t publen
 {
 	int ok = 0;
 #if !OPENSSL_VERSION_PREREQ(3, 0)
 -	EC_KEY *ec_key;
 +	EC_KEY *ec_key = NULL;
 #else
 	OSSL_PARAM_BLD *tmpl = NULL;
 	int rc;
 -- 
 2.34.1
 From cc44f18383ec6dc01a05abd6c25a1dec8efe84cb Mon Sep 17 00:00:00 2001
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Date: Mon, 24 Jan 2022 10:32:47 +0100
 Subject: [libica PATCH 08/10] Fix memory leaks in test programs
 When configured with --enable-sanitizer some tests fail because
 the address sanitizer reports memory leaks.
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 test/ec_keygen_test.c   |  6 +++++-
 test/ecdh_test.c        | 13 ++++++++++++-
 test/ecdsa_test.c       |  3 +++
 test/icastats_test.c.in |  1 +
 4 files changed, 21 insertions(+), 2 deletions(-)
 diff --git a/test/ec_keygen_test.c b/test/ec_keygen_test.c
 index 43c6092..0445c41 100644
 --- a/test/ec_keygen_test.c
 +++ b/test/ec_keygen_test.c
@@ -115,6 +115,8 @@ int main(int argc, char **argv)
 			rc = ica_ec_key_generate(adapter_handle, eckey);
 			if (rc) {
 +				ica_ec_key_free(eckey);
 +				eckey = NULL;
 				if (rc == EPERM) {
 					V_(printf("Curve %d not supported on this system, skipping ...\n", eckeygen_tests[i].nid));
 					continue;
@@ -156,12 +158,14 @@ int main(int argc, char **argv)
 					}
 				}
 			}
 +
 +			ica_ec_key_free(eckey);
 +			eckey = NULL;
 		}
 		if (test_failed)
 			errors++;
 -		ica_ec_key_free(eckey);
 		unset_env_icapath();
 	}
 diff --git a/test/ecdh_test.c b/test/ecdh_test.c
 index 9a81036..e1191d0 100644
 --- a/test/ecdh_test.c
 +++ b/test/ecdh_test.c
@@ -339,6 +339,8 @@ int main(int argc, char **argv)
 		rc = ica_ec_key_init(ecdh_kats[i].xa, ecdh_kats[i].ya, ecdh_kats[i].da, eckey_A);
 		if (rc != 0) {
 +			ica_ec_key_free(eckey_A);
 +			eckey_A = NULL;
 			if (rc == EPERM) {
 				V_(printf("Curve %d not supported on this system, skipping ...\n", ecdh_kats[i].nid));
 				continue;
@@ -350,11 +352,18 @@ int main(int argc, char **argv)
 		}
 		eckey_B = ica_ec_key_new(ecdh_kats[i].nid, &privlen);
 -		if (!eckey_B)
 +		if (!eckey_B) {
 +			ica_ec_key_free(eckey_A);
 +			eckey_A = NULL;
 			continue;
 +		}
 		rc = ica_ec_key_init(ecdh_kats[i].xb, ecdh_kats[i].yb, ecdh_kats[i].db, eckey_B);
 		if (rc != 0) {
 +			ica_ec_key_free(eckey_B);
 +			eckey_B = NULL;
 +			ica_ec_key_free(eckey_A);
 +			eckey_A = NULL;
 			if (rc == EPERM) {
 				V_(printf("Curve %d not supported on this system, skipping ...\n", ecdh_kats[i].nid));
 				continue;
@@ -415,7 +424,9 @@ int main(int argc, char **argv)
 			errors++;
 		ica_ec_key_free(eckey_A);
 +		eckey_A = NULL;
 		ica_ec_key_free(eckey_B);
 +		eckey_B = NULL;
 		unset_env_icapath();
 	}
 diff --git a/test/ecdsa_test.c b/test/ecdsa_test.c
 index 3b6bda3..2393882 100644
 --- a/test/ecdsa_test.c
 +++ b/test/ecdsa_test.c
@@ -225,6 +225,8 @@ int main(int argc, char **argv)
 		rc = ica_ec_key_init(ecdsa_kats[i].x, ecdsa_kats[i].y, ecdsa_kats[i].d, eckey);
 		if (rc != 0) {
 +			ica_ec_key_free(eckey);
 +			eckey = NULL;
 			if (rc == EPERM) {
 				V_(printf("Curve %d not supported on this system, skipping ...\n", ecdsa_kats[i].nid));
 				continue;
@@ -274,6 +276,7 @@ int main(int argc, char **argv)
 			errors++;
 		ica_ec_key_free(eckey);
 +		eckey = NULL;
 		unset_env_icapath();
 	}
 diff --git a/test/icastats_test.c.in b/test/icastats_test.c.in
 index 98905a9..f0d1212 100644
 --- a/test/icastats_test.c.in
 +++ b/test/icastats_test.c.in
@@ -186,6 +186,7 @@ int is_crypto_card_loaded()
 			}
 			if((c = fgetc(file)) == '1'){
 				fclose(file);
 +				closedir(sysDir);
 				return 1;
 			}
 			fclose(file);
 -- 
 2.34.1
 From 9c6431f49a9fe0d574722954e018b4cba6ab085b Mon Sep 17 00:00:00 2001
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Date: Mon, 24 Jan 2022 14:33:57 +0100
 Subject: [libica PATCH 09/10] FIPS: Calculation of library HMAC may fail
 Initialize length variable before calling EVP_DigestSignFinal().
 If hlen is uninitialized it may cause EVP_DigestSignFinal() to fail.
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 src/fips.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/fips.c b/src/fips.c
 index 505dd0b..129a1a7 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -333,6 +333,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
 		}
 	}
 +	hlen = sizeof(rbuf);
 	if (EVP_DigestSignFinal(mdctx, rbuf, &hlen) <= 0)
 		goto end;
 -- 
 2.34.1
 From 5aa9366c236a6d17570403ef81c65e4f5f91a8af Mon Sep 17 00:00:00 2001
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Date: Wed, 26 Jan 2022 09:29:27 +0100
 Subject: [libica PATCH 10/10] MAKEFILE: Do not install ec_internal_test
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 src/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/Makefile.am b/src/Makefile.am
 index 4c92c96..d6f5c52 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
@@ -90,7 +90,7 @@ icastats_SOURCES = icastats.c icastats_shared.c include/icastats.h
 # internal tests
 if ICA_INTERNAL_TESTS
 -bin_PROGRAMS += internal_tests/ec_internal_test
 +noinst_PROGRAMS = internal_tests/ec_internal_test
 internal_tests_ec_internal_test_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include \
 					 -I${srcdir}/../include	\
 -- 
 2.34.1
--- a/libica-4.0.0-hmac.patch
+++ b/libica-4.0.0-hmac.patch
@ -1,68 +0,0 @@
 From 7e6e303e6aef019047eb6dfcdedbfe7da2a88526 Mon Sep 17 00:00:00 2001
 From: Joerg Schmidbauer <jschmidb@de.ibm.com>
 Date: Tue, 11 Jan 2022 16:04:15 +0100
 Subject: [PATCH] Compute HMAC from installed library
 The HMAC hash was computed from the libica in the build tree, but
 the runtime check is run against the installed libica and those 2
 files may be different. E.g. if the runtime one has debuginfo stripped
 (and placed into a separate file), the hashes are different.
 This commit introduces a new make target: fipsinstall, which creates
 the HMAC files in the install directory.
 Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
 ---
 Makefile.am     | 9 ++++-----
 src/Makefile.am | 8 +++++++-
 2 files changed, 11 insertions(+), 6 deletions(-)
 diff --git a/Makefile.am b/Makefile.am
 index 2d8ab9e..e14abb5 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -17,11 +17,8 @@ coverage: check
 	cd ${top_builddir}/src && gcov .libs/*.gcda
 if ICA_FIPS
 -install-data-hook:
 -	$(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir)
 -	cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac
 -	$(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir)
 -	cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac
 +fipsinstall:
 +	 $(AM_V_GEN)$(MAKE) -C src fipsinstall
 if ICA_OPENSSL3
 	test -f $(DESTDIR)$(sysconfdir)/libica || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/libica
 	test -f $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || $(INSTALL) -m 644 ${top_builddir}/src/openssl3-fips.cnf $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || true
@@ -38,3 +35,5 @@ if ICA_OPENSSL3
 endif
 endif
 +.PHONY: fipsinstall
 +
 diff --git a/src/Makefile.am b/src/Makefile.am
 index c630048..4c92c96 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
@@ -47,6 +47,12 @@ mp.S	: mp.pl
 	./mp.pl mp.S
 if ICA_FIPS
 +fipsinstall:
 +	$(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica.so.$(VERSION1).hmac
 +	$(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
 +	$(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica-cex.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica-cex.so.$(VERSION1).hmac
 +	$(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
 +
 hmac-file-lnk: hmac-file
 	$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
 	$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
@@ -110,4 +116,4 @@ internal_tests_ec_internal_test_SOURCES = \
 		    include/rng.h ../test/testcase.h
 endif
 -.PHONY: hmac-file hmac-file-lnk
 +.PHONY: hmac-file hmac-file-lnk fipsinstall
 -- 
 2.34.1
--- a/libica.spec
+++ b/libica.spec
@ -3,7 +3,7 @@
 Summary: Library for accessing ICA hardware crypto on IBM z Systems
 Name: libica
 Version: 4.0.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: CPL
 URL: https://github.com/opencryptoki/
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
@ -11,8 +11,8 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{v
 # https://bugzilla.redhat.com/show_bug.cgi?id=1630582
 # https://github.com/opencryptoki/libica/pull/24
 Patch0: %{name}-4.0.0-annotate.patch
-# https://github.com/opencryptoki/libica/issues/62
+# post GA fixes, includes HMAC calculation
-Patch1: %{name}-4.0.0-hmac.patch
+Patch1: %{name}-4.0.0-fixes.patch
 BuildRequires: gcc
 BuildRequires: openssl-devel
 BuildRequires: openssl
@ -85,8 +85,8 @@ fi
 %{_bindir}/icainfo-cex
 %{_bindir}/icastats
 %if %{with_fips}
-%if 0%{?fedora} >= 36
+%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9
-# openssl 3.0 is available since Fedora 36
+# openssl 3.0 is available since Fedora 36 and RHEL 9
 %dir %{_sysconfdir}/libica
 %{_sysconfdir}/libica/openssl3-fips.cnf
 %endif
@ -106,6 +106,9 @@ fi
 %changelog
 * Tue Feb 01 2022 Dan Horák <dan[at]danny.cz> - 4.0.0-3
 - post GA fixes
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild