Further changes for SP 800-56A rev3 requirements

2020-07-17 12:41:39 +02:00 · 2020-07-17 12:41:39 +02:00 · 04d5ef4d72
commit 04d5ef4d72
parent 7f27ca925c
2 changed files with 170 additions and 42 deletions
--- a/openssl-1.1.1-fips-dh.patch
+++ b/openssl-1.1.1-fips-dh.patch
@ -1,6 +1,6 @@
 diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c
 --- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-06-05 17:31:28.044776018 +0200
+++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-07-17 10:36:29.245788441 +0200
@@ -1,13 +1,17 @@
 /*
 - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -479,7 +479,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn
 }
 diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c
 --- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-06-05 17:31:28.044776018 +0200
+++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-07-17 10:36:29.246788449 +0200
@@ -1,7 +1,7 @@
 /*
 - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -1958,7 +1958,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh
 +#endif /* OPENSSL_NO_DH */
 diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c
 --- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-06-05 17:31:28.045776027 +0200
+++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-07-17 10:36:29.246788449 +0200
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
@ -1998,9 +1998,54 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -177,7 +188,7 @@ int DH_check_pub_key_ex(const DH *dh, co
     return errflags == 0;
 }
 -int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
 +static int dh_check_pub_key_int(const DH *dh, const BIGNUM *q, const BIGNUM *pub_key, int *ret)
 {
     int ok = 0;
     BIGNUM *tmp = NULL;
@@ -198,9 +209,9 @@ int DH_check_pub_key(const DH *dh, const
     if (BN_cmp(pub_key, tmp) >= 0)
         *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
 -    if (dh->q != NULL) {
 +    if (q != NULL) {
         /* Check pub_key^q == 1 mod p */
 -        if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
 +        if (!BN_mod_exp(tmp, pub_key, q, dh->p, ctx))
             goto err;
         if (!BN_is_one(tmp))
             *ret |= DH_CHECK_PUBKEY_INVALID;
@@ -212,3 +223,23 @@ int DH_check_pub_key(const DH *dh, const
     BN_CTX_free(ctx);
     return ok;
 }
 +
 +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
 +{
 +    return dh_check_pub_key_int(dh, dh->q, pub_key, ret);
 +}
 +
 +int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret)
 +{
 +    BIGNUM *q = dh->q;
 +
 +    if (q == NULL) {
 +        if (dh_get_known_q(dh, &q) == 0) {
 +            *ret |= DH_CHECK_INVALID_Q_VALUE;
 +            return 0;
 +        }
 +    }
 +
 +    return dh_check_pub_key_int(dh, q, pub_key, ret);
 +}
 +
 diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c
--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-06-05 17:31:27.977775462 +0200
+--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-07-17 10:36:29.182787923 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-06-05 17:31:28.045776027 +0200
+++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-07-17 10:36:29.246788449 +0200
@@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i
                               BN_GENCB *cb)
 {
@ -2031,8 +2076,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g
     if (ctx == NULL)
         goto err;
 diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c
--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-06-05 17:31:27.977775462 +0200
+--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-07-17 10:36:29.182787923 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-06-05 17:31:28.045776027 +0200
+++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-07-17 11:00:07.783777846 +0200
@@ -100,10 +100,18 @@ static int generate_key(DH *dh)
     BIGNUM *pub_key = NULL, *priv_key = NULL;
@ -2073,9 +2118,52 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
             do {
                 if (!BN_priv_rand_range(priv_key, dh->q))
                     goto err;
@@ -175,6 +191,15 @@ static int generate_key(DH *dh)
         }
         /* We MUST free prk before any further use of priv_key */
         BN_clear_free(prk);
 +
 +        if (FIPS_mode()) {
 +            int check_result;
 +
 +            if (!dh_check_pub_key_full(dh, pub_key, &check_result) || check_result) {
 +                DHerr(DH_F_GENERATE_KEY, DH_R_INVALID_PUBKEY);
 +                goto err;
 +            }
 +        }
     }
     dh->pub_key = pub_key;
@@ -197,6 +222,7 @@ static int compute_key(unsigned char *ke
     BN_CTX *ctx = NULL;
     BN_MONT_CTX *mont = NULL;
     BIGNUM *tmp;
 +    BIGNUM *p1;
     int ret = -1;
     int check_result;
@@ -243,6 +269,18 @@ static int compute_key(unsigned char *ke
         DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
         goto err;
     }
 +
 +    if (BN_is_zero(tmp) || BN_is_one(tmp) || BN_is_negative(tmp)) {
 +        DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
 +        goto err;
 +    }
 +
 +    if ((p1 = BN_CTX_get(ctx)) == NULL
 +        || !BN_sub(p1, dh->p, BN_value_one())
 +        || BN_cmp(p1, tmp) <= 0) {
 +        DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
 +        goto err;
 +    }
     ret = BN_bn2bin(tmp, key);
  err:
 diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c
 --- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-06-18 14:13:33.546892717 +0200
+++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-07-17 10:36:29.246788449 +0200
@@ -8,6 +8,7 @@
  */
@ -2093,11 +2181,12 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
     return ret;
  err:
-@@ -205,7 +208,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU
+@@ -205,7 +208,10 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU
         dh->g = g;
     }
 -    if (q != NULL) {
 +    dh->nid = NID_undef;
 +    dh_cache_nid(dh);
 +
 +    if (q != NULL && dh->nid == NID_undef) {
@ -2105,8 +2194,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
     }
 diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h
--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-06-05 17:31:27.763773685 +0200
+--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-07-17 10:36:28.968786163 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-06-05 17:31:28.045776027 +0200
+++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-07-17 10:36:29.246788449 +0200
@@ -35,6 +35,7 @@ struct dh_st {
     const DH_METHOD *meth;
     ENGINE *engine;
@ -2115,15 +2204,20 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh
 };
 struct dh_method {
-@@ -55,3 +56,5 @@ struct dh_method {
+@@ -55,3 +56,10 @@ struct dh_method {
     int (*generate_params) (DH *dh, int prime_len, int generator,
                             BN_GENCB *cb);
 };
 +
 +void dh_cache_nid(DH *dh);
 +/* Obtain known q value based on nid or p */
 +int dh_get_known_q(const DH *dh, BIGNUM **q);
 +/* FIPS mode only check which requires nid set and looks up q based on it. */
 +int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret);
 +
 diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c
 --- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-06-05 17:31:28.045776027 +0200
+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-07-17 10:36:29.246788449 +0200
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
@ -2154,7 +2248,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
     return dh;
 }
-@@ -29,46 +36,115 @@ DH *DH_new_by_nid(int nid)
+@@ -29,46 +36,121 @@ DH *DH_new_by_nid(int nid)
 {
     switch (nid) {
     case NID_ffdhe2048:
@ -2203,52 +2297,52 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
         return NID_undef;
 -    if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p))
 +
-+    if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p)) {
+    if (dh->nid == NID_ffdhe2048 || !BN_cmp(dh->p, &_bignum_ffdhe2048_p)) {
         nid = NID_ffdhe2048;
 -    else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p))
 +        q = &_bignum_ffdhe2048_q;
 +        length = 225;
-+    } else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p)) {
+    } else if (dh->nid == NID_ffdhe3072 || !BN_cmp(dh->p, &_bignum_ffdhe3072_p)) {
         nid = NID_ffdhe3072;
 -    else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p))
 +        q = &_bignum_ffdhe3072_q;
 +        length = 275;
-+    } else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p)) {
+    } else if (dh->nid == NID_ffdhe4096 || !BN_cmp(dh->p, &_bignum_ffdhe4096_p)) {
         nid = NID_ffdhe4096;
 -    else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p))
 +        q = &_bignum_ffdhe4096_q;
 +        length = 325;
-+    } else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p)) {
+    } else if (dh->nid == NID_ffdhe6144 || !BN_cmp(dh->p, &_bignum_ffdhe6144_p)) {
         nid = NID_ffdhe6144;
 -    else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p))
 +        q = &_bignum_ffdhe6144_q;
 +        length = 375;
-+    } else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p)) {
+    } else if (dh->nid == NID_ffdhe8192 || !BN_cmp(dh->p, &_bignum_ffdhe8192_p)) {
         nid = NID_ffdhe8192;
 -    else
 +        q = &_bignum_ffdhe8192_q;
 +        length = 400;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_2048_p)) {
+    } else if (dh->nid == NID_modp_2048 || !BN_cmp(dh->p, &_bignum_modp_2048_p)) {
 +        nid = NID_modp_2048;
 +        q = &_bignum_modp_2048_q;
 +        length = 225;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_3072_p)) {
+    } else if (dh->nid == NID_modp_3072 || !BN_cmp(dh->p, &_bignum_modp_3072_p)) {
 +        nid = NID_modp_3072;
 +        q = &_bignum_modp_3072_q;
 +        length = 275;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_4096_p)) {
+    } else if (dh->nid == NID_modp_4096 || !BN_cmp(dh->p, &_bignum_modp_4096_p)) {
 +        nid = NID_modp_4096;
 +        q = &_bignum_modp_4096_q;
 +        length = 325;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_6144_p)) {
+    } else if (dh->nid == NID_modp_6144 || !BN_cmp(dh->p, &_bignum_modp_6144_p)) {
 +        nid = NID_modp_6144;
 +        q = &_bignum_modp_6144_q;
 +        length = 375;
-+    } else if (!BN_cmp(dh->p, &_bignum_modp_8192_p)) {
+    } else if (dh->nid == NID_modp_8192 || !BN_cmp(dh->p, &_bignum_modp_8192_p)) {
 +        nid = NID_modp_8192;
 +        q = &_bignum_modp_8192_q;
 +        length = 400;
-+    } else if (!FIPS_mode() && !BN_cmp(dh->p, &_bignum_modp_1536_p)) {
+    } else if (!FIPS_mode() && (dh->nid == NID_modp_1536 || !BN_cmp(dh->p, &_bignum_modp_1536_p))) {
 +        nid = NID_modp_1536;
 +        q = &_bignum_modp_1536_q;
 +        length = 175;
@ -2287,9 +2381,40 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
 +{
 +    dh->nid = dh_match_group(dh, NULL, &dh->length);
 +}
 +
 +int dh_get_known_q(const DH *dh, BIGNUM **q)
 +{
 +    return dh_match_group(dh, q, NULL) != NID_undef;
 +}
 +
 diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_key.c
 --- openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh	2020-07-17 10:36:29.183787931 +0200
 +++ openssl-1.1.1g/crypto/ec/ec_key.c	2020-07-17 10:36:29.247788458 +0200
@@ -296,8 +296,20 @@ int ec_key_simple_generate_key(EC_KEY *e
 int ec_key_simple_generate_public_key(EC_KEY *eckey)
 {
 -    return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
 +    BIGNUM *priv_key;
 +    int ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
                         NULL, NULL);
 +
 +    if (ret <= 0 || !FIPS_mode())
 +        return ret;
 +
 +    /* no need to perform private key test, temporarily hide it */
 +    priv_key = eckey->priv_key;
 +    eckey->priv_key = NULL;
 +    ret = EC_KEY_check_key(eckey);
 +    eckey->priv_key = priv_key;
 +
 +    return ret;
 }
 int EC_KEY_check_key(const EC_KEY *eckey)
 diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c
 --- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/evp/p_lib.c	2020-06-05 17:31:28.045776027 +0200
+++ openssl-1.1.1g/crypto/evp/p_lib.c	2020-07-17 10:36:29.247788458 +0200
@@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@ -2301,8 +2426,8 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l
     if (ret)
 diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h
--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-06-05 17:31:28.036775952 +0200
+--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-07-17 10:36:29.239788392 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-06-05 17:31:28.046776035 +0200
+++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-07-17 10:36:29.247788458 +0200
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
 };
@ -2365,8 +2490,8 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o
      173,    /* "name" */
      681,    /* "onBasis" */
 diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt
--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-06-05 17:31:28.037775960 +0200
+--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-07-17 10:36:29.239788392 +0200
-+++ openssl-1.1.1g/crypto/objects/objects.txt	2020-06-05 17:31:28.046776035 +0200
+++ openssl-1.1.1g/crypto/objects/objects.txt	2020-07-17 10:36:29.247788458 +0200
@@ -1657,6 +1657,13 @@ id-pkinit 5                     : pkInit
                             : ffdhe4096
                             : ffdhe6144
@ -2382,8 +2507,8 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto
 # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
 diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num
--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-06-05 17:31:28.037775960 +0200
+--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-07-17 10:36:29.239788392 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-06-05 17:31:28.046776035 +0200
+++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-07-17 10:36:29.248788466 +0200
@@ -1196,3 +1196,9 @@ sshkdf		1195
 kbkdf		1196
 krb5kdf		1197
@ -2396,7 +2521,7 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto
 +modp_8192		1204
 diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod
 --- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-06-05 17:31:28.046776035 +0200
+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-07-17 10:36:29.248788466 +0200
@@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find
  #include <openssl/dh.h>
@ -2417,7 +2542,7 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma
 any named set. It returns the NID corresponding to the matching parameters or
 diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod
 --- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-06-05 17:31:28.046776035 +0200
+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-07-17 10:36:29.248788466 +0200
@@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets
 If B<pad> is zero (the default) then no padding is performed.
@ -2436,7 +2561,7 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do
 The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
 diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h
 --- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-06-05 17:31:28.047776043 +0200
+++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-07-17 10:36:29.248788466 +0200
@@ -1,7 +1,7 @@
 /*
 - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -2486,8 +2611,8 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr
 +extern const BIGNUM _bignum_modp_6144_q;
 +extern const BIGNUM _bignum_modp_8192_q;
 diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h
--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-06-05 17:31:28.038775968 +0200
+--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-07-17 10:36:29.240788400 +0200
-+++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-06-05 17:31:28.047776043 +0200
+++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-07-17 10:36:29.248788466 +0200
@@ -5115,6 +5115,24 @@
 #define SN_ffdhe8192            "ffdhe8192"
 #define NID_ffdhe8192           1130
@ -2514,8 +2639,8 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include
 #define NID_ISO_UA              1150
 #define OBJ_ISO_UA              OBJ_member_body,804L
 diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh	2020-06-05 17:31:27.996775620 +0200
+--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh	2020-07-17 10:36:29.199788063 +0200
-+++ openssl-1.1.1g/ssl/s3_lib.c	2020-06-05 17:31:28.047776043 +0200
+++ openssl-1.1.1g/ssl/s3_lib.c	2020-07-17 10:36:29.248788466 +0200
@@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
 {
@ -2569,8 +2694,8 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
 }
 #endif
 diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-dh openssl-1.1.1g/ssl/t1_lib.c
--- openssl-1.1.1g/ssl/t1_lib.c.fips-dh	2020-06-05 17:31:28.042776002 +0200
+--- openssl-1.1.1g/ssl/t1_lib.c.fips-dh	2020-07-17 10:36:29.243788425 +0200
-+++ openssl-1.1.1g/ssl/t1_lib.c	2020-06-18 14:18:13.518339214 +0200
+++ openssl-1.1.1g/ssl/t1_lib.c	2020-07-17 10:36:29.249788474 +0200
@@ -2511,46 +2511,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP
 #ifndef OPENSSL_NO_DH
 DH *ssl_get_auto_dh(SSL *s)
--- a/openssl.spec
+++ b/openssl.spec
@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1g
-Release: 11%{?dist}
+Release: 12%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -475,6 +475,9 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 %changelog
 * Fri Jul 17 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-12
 - Further changes for SP 800-56A rev3 requirements
 * Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-11
 - Drop long ago obsolete part of the FIPS patch