FIPS mode fixes for TLS

openssl-1.1.0-fips.patch

@@ -12018,6 +12018,28 @@ diff -up openssl-1.1.0c/include/openssl/rsa.h.fips openssl-1.1.0c/include/openss
  # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
  # define RSA_R_PADDING_CHECK_FAILED                       114
  # define RSA_R_PKCS_DECODING_ERROR                        159
+diff -up openssl-1.1.0c/ssl/ssl_ciph.c.fips openssl-1.1.0c/ssl/ssl_ciph.c
+--- openssl-1.1.0c/ssl/ssl_ciph.c.fips	2016-11-30 15:31:14.000000000 +0100
++++ openssl-1.1.0c/ssl/ssl_ciph.c	2016-12-02 16:01:58.250067386 +0100
+@@ -404,7 +404,8 @@ void ssl_load_ciphers(void)
+         }
+     }
+     /* Make sure we can access MD5 and SHA1 */
+-    OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL);
++    if (!FIPS_mode())
++        OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL);
+     OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL);
+ 
+     disabled_mkey_mask = 0;
+@@ -687,7 +688,7 @@ static void ssl_cipher_collect_ciphers(c
+         /* drop those that use any of that is not available */
+         if (c == NULL || !c->valid)
+             continue;
+-        if (FIPS_mode() && (c->algo_strength & SSL_FIPS))
++        if (FIPS_mode() && !(c->algo_strength & SSL_FIPS))
+             continue;
+         if ((c->algorithm_mkey & disabled_mkey) ||
+             (c->algorithm_auth & disabled_auth) ||
 diff -up openssl-1.1.0c/ssl/ssl_init.c.fips openssl-1.1.0c/ssl/ssl_init.c
 --- openssl-1.1.0c/ssl/ssl_init.c.fips	2016-11-10 15:03:46.000000000 +0100
 +++ openssl-1.1.0c/ssl/ssl_init.c	2016-11-11 13:31:51.379604771 +0100
@@ -12064,6 +12086,34 @@ diff -up openssl-1.1.0c/ssl/ssl_init.c.fips openssl-1.1.0c/ssl/ssl_init.c
  #ifndef OPENSSL_NO_COMP
  # ifdef OPENSSL_INIT_DEBUG
      fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+diff -up openssl-1.1.0c/ssl/ssl_lib.c.fips openssl-1.1.0c/ssl/ssl_lib.c
+--- openssl-1.1.0c/ssl/ssl_lib.c.fips	2016-11-30 15:31:14.000000000 +0100
++++ openssl-1.1.0c/ssl/ssl_lib.c	2016-12-02 16:31:12.108604595 +0100
+@@ -2405,13 +2405,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+     if (ret->param == NULL)
+         goto err;
+ 
+-    if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
+-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+-        goto err2;
+-    }
+-    if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
+-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+-        goto err2;
++    if (!FIPS_mode()) {
++        if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
++            SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
++            goto err2;
++        }
++        if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
++            SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
++            goto err2;
++        }
++    } else {
++        ret->min_proto_version = TLS1_VERSION;
+     }
+ 
+     if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
 diff -up openssl-1.1.0c/test/dsatest.c.fips openssl-1.1.0c/test/dsatest.c
 --- openssl-1.1.0c/test/dsatest.c.fips	2016-11-10 15:03:47.000000000 +0100
 +++ openssl-1.1.0c/test/dsatest.c	2016-11-11 13:31:51.380604793 +0100

openssl.spec

@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.0c
-Release: 3%{?dist}
+Release: 4%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -430,6 +430,9 @@ export LD_LIBRARY_PATH
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Fri Dec  2 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-4
+- FIPS mode fixes for TLS
+
 * Wed Nov 30 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-3
 - revert SSL_read() behavior change - patch from upstream (#1394677)
 - fix behavior on client certificate request in renegotiation (#1393579)