From bfdbb139b4fc306a5b04e806f8124bee6851c5d9 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Thu, 9 Mar 2023 14:26:19 +0100
Subject: [PATCH] Disable DHX keys completely in FIPS mode

Resolves: rhbz#2178030
---
 0093-FIPS-nodhx.patch | 90 +++++++++++++++++++++++++++++++++++++++++++
 openssl.spec          |  4 ++
 2 files changed, 94 insertions(+)
 create mode 100644 0093-FIPS-nodhx.patch

diff --git a/0093-FIPS-nodhx.patch b/0093-FIPS-nodhx.patch
new file mode 100644
index 0000000..1a20aa3
--- /dev/null
+++ b/0093-FIPS-nodhx.patch
@@ -0,0 +1,90 @@
+diff -up openssl-3.0.7/providers/fips/fipsprov.c.nodhx openssl-3.0.7/providers/fips/fipsprov.c
+--- openssl-3.0.7/providers/fips/fipsprov.c.nodhx	2023-03-09 13:02:21.621694715 +0100
++++ openssl-3.0.7/providers/fips/fipsprov.c	2023-03-09 13:02:34.001791831 +0100
+@@ -486,8 +486,8 @@ static const OSSL_ALGORITHM fips_keymgmt
+ #ifndef OPENSSL_NO_DH
+     { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keymgmt_functions,
+       PROV_DESCS_DH },
+-    { PROV_NAMES_DHX, FIPS_DEFAULT_PROPERTIES, ossl_dhx_keymgmt_functions,
+-      PROV_DESCS_DHX },
++/*    { PROV_NAMES_DHX, FIPS_DEFAULT_PROPERTIES, ossl_dhx_keymgmt_functions,
++      PROV_DESCS_DHX }, */
+ #endif
+ #ifndef OPENSSL_NO_DSA
+     /* We don't certify DSA in our FIPS provider */
+diff -up openssl-3.0.7/test/endecode_test.c.nodhx openssl-3.0.7/test/endecode_test.c
+--- openssl-3.0.7/test/endecode_test.c.nodhx	2023-03-09 13:39:10.826000162 +0100
++++ openssl-3.0.7/test/endecode_test.c	2023-03-09 13:41:26.533073598 +0100
+@@ -1356,7 +1358,9 @@ int setup_tests(void)
+ #ifndef OPENSSL_NO_DH
+     TEST_info("Generating DH keys...");
+     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
++if (is_fips == 0) {
+     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
++}
+ #endif
+ #ifndef OPENSSL_NO_DSA
+     TEST_info("Generating DSA keys...");
+@@ -1386,8 +1390,10 @@ int setup_tests(void)
+ #ifndef OPENSSL_NO_DH
+         ADD_TEST_SUITE(DH);
+         ADD_TEST_SUITE_PARAMS(DH);
++if (is_fips == 0) {
+         ADD_TEST_SUITE(DHX);
+         ADD_TEST_SUITE_PARAMS(DHX);
++}
+         /*
+          * DH has no support for PEM_write_bio_PrivateKey_traditional(),
+          * so no legacy tests.
+@@ -1465,7 +1471,9 @@ void cleanup_tests(void)
+ 
+ #ifndef OPENSSL_NO_DH
+     FREE_DOMAIN_KEYS(DH);
++if (is_fips == 0) {
+     FREE_DOMAIN_KEYS(DHX);
++}
+ #endif
+ #ifndef OPENSSL_NO_DSA
+     FREE_DOMAIN_KEYS(DSA);
+diff -up openssl-3.0.7/test/recipes/80-test_cms.t.nodhx openssl-3.0.7/test/recipes/80-test_cms.t
+--- openssl-3.0.7/test/recipes/80-test_cms.t.nodhx	2023-03-09 13:31:36.851432859 +0100
++++ openssl-3.0.7/test/recipes/80-test_cms.t	2023-03-09 13:32:35.987888417 +0100
+@@ -869,6 +869,8 @@ sub check_availability {
+         if ($no_ec2m && $tnam =~ /K-283/);
+     return "$tnam: skipped, DH disabled\n"
+         if ($no_dh && $tnam =~ /X9\.42/);
++    return "$tnam: skipped, DHX disabled in RHEL\n"
++        if ($provname eq 'fips' && $tnam =~ /X9\.42/);
+     return "$tnam: skipped, RC2 disabled\n"
+         if ($no_rc2 && $tnam =~ /RC2/);
+     return "$tnam: skipped, DES disabled\n"
+diff -up openssl-3.0.7/providers/implementations/exchange/dh_exch.c.nodhx openssl-3.0.7/providers/implementations/exchange/dh_exch.c
+--- openssl-3.0.7/providers/implementations/exchange/dh_exch.c.nodhx	2023-03-09 16:33:07.092040809 +0100
++++ openssl-3.0.7/providers/implementations/exchange/dh_exch.c	2023-03-09 16:42:30.594837565 +0100
+@@ -102,6 +102,11 @@ static int dh_init(void *vpdhctx, void *
+             || vdh == NULL
+             || !DH_up_ref(vdh))
+         return 0;
++#ifdef FIPS_MODULE
++    if (ossl_ffc_numbers_to_dh_named_group(DH_get0_p(vdh),
++        DH_get0_q(vdh), DH_get0_g(vdh)) == NULL)
++        return 0;
++#endif
+     DH_free(pdhctx->dh);
+     pdhctx->dh = vdh;
+     pdhctx->kdf_type = PROV_DH_KDF_NONE;
+diff -up openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c.nodhx openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c
+--- openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c.nodhx	2023-03-09 15:38:04.024555943 +0100
++++ openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c	2023-03-09 16:32:04.142490068 +0100
+@@ -498,6 +499,11 @@ static int dh_gen_set_template(void *gen
+ 
+     if (!ossl_prov_is_running() || gctx == NULL || dh == NULL)
+         return 0;
++#ifdef FIPS_MODULE
++    if (ossl_ffc_numbers_to_dh_named_group(DH_get0_p(dh),
++        DH_get0_q(dh), DH_get0_g(dh)) == NULL)
++        return 0;
++#endif
+     gctx->ffc_params = ossl_dh_get0_params(dh);
+     return 1;
+ }
diff --git a/openssl.spec b/openssl.spec
index e9d0d99..26153ce 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -155,6 +155,8 @@ Patch90: 0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
 Patch91: 0091-FIPS-RSA-encapsulate.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2142517
 Patch92: 0092-provider-improvements.patch
+# FIPS-95
+Patch93: 0093-FIPS-nodhx.patch
 
 # OpenSSL 3.0.8 CVEs
 Patch101: 0101-CVE-2022-4203-nc-match.patch
@@ -517,6 +519,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2178029
 - Pairwise consistency tests should use Digest+Sign/Verify
   Resolves: rhbz#2178034
+- Forbid DHX keys import in FIPS mode
+  Resolves: rhbz#2178030
 
 * Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6
 - Fixes RNG slowdown in FIPS mode