openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode

Resolves: rhbz#2083240

0045-FIPS-services-minimize.patch

@@ -668,3 +668,16 @@ diff -up openssl-3.0.1/apps/req.c.dfc openssl-3.0.1/apps/req.c
  #endif
  
      prog = opt_init(argc, argv, req_options);
+diff -up openssl-3.0.1/apps/ecparam.c.fips_list_curves openssl-3.0.1/apps/ecparam.c
+--- openssl-3.0.1/apps/ecparam.c.fips_list_curves	2022-05-19 11:46:22.682519422 +0200
++++ openssl-3.0.1/apps/ecparam.c	2022-05-19 11:50:44.559828701 +0200
+@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out)
+         const char *comment = curves[n].comment;
+         const char *sname = OBJ_nid2sn(curves[n].nid);
+ 
++        if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL))
++            continue;
++
+         if (comment == NULL)
+             comment = "CURVE DESCRIPTION NOT AVAILABLE";
+         if (sname == NULL)

openssl.spec

@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.1
-Release: 31%{?dist}
+Release: 32%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -449,6 +449,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
+- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
+- Resolves: rhbz#2083240
+
 * Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31
 - Disable SHA-1 signature verification in FIPS mode
 - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode