From e64d4ea7bb9978ae7d2f9df5f36c8029daf528cf Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Fri, 15 Nov 2013 16:13:44 +0100
Subject: [PATCH] additional changes required for FIPS validation

---
 openssl-1.0.1e-new-fips-reqs.patch | 146 +++++++++++++++++++++++++++++
 openssl.spec                       |   7 +-
 2 files changed, 152 insertions(+), 1 deletion(-)
 create mode 100644 openssl-1.0.1e-new-fips-reqs.patch

diff --git a/openssl-1.0.1e-new-fips-reqs.patch b/openssl-1.0.1e-new-fips-reqs.patch
new file mode 100644
index 0000000..96a4a95
--- /dev/null
+++ b/openssl-1.0.1e-new-fips-reqs.patch
@@ -0,0 +1,146 @@
+diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs	2013-11-15 15:01:29.183051556 +0100
++++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c	2013-11-15 15:21:32.041438042 +0100
+@@ -340,6 +340,42 @@ static const unsigned char kat_RSA_X931_
+   0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
+ };
+ 
++static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, int ptlen)
++	{
++	unsigned char *ctbuf = NULL, *ptbuf = NULL;
++	int ret = 0;
++	int len;
++
++	ctbuf = OPENSSL_malloc(RSA_size(rsa));
++	if (!ctbuf)
++		goto err;
++
++	len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
++	if (len <= 0)
++		goto err;
++	/* Check ciphertext doesn't match plaintext */
++	if ((len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
++		goto err;
++
++	ptbuf = OPENSSL_malloc(RSA_size(rsa));
++	if (!ptbuf)
++		goto err;
++
++	len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
++	if (len != ptlen)
++		goto err;
++	if (memcmp(ptbuf, plaintext, len))
++		goto err;
++
++	ret = 1;
++
++	err:
++	if (ctbuf)
++		OPENSSL_free(ctbuf);
++	if (ptbuf)
++		OPENSSL_free(ptbuf);
++	return ret;
++	}
+ 
+ int FIPS_selftest_rsa()
+ 	{
+@@ -353,7 +389,7 @@ int FIPS_selftest_rsa()
+ 	if ((pk=EVP_PKEY_new()) == NULL)
+ 		goto err;
+ 
+-	EVP_PKEY_assign_RSA(pk, key);
++	EVP_PKEY_set1_RSA(pk, key);
+ 
+ 	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ 				kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
+@@ -430,13 +466,15 @@ int FIPS_selftest_rsa()
+ 			"RSA SHA512 X931"))
+ 		goto err;
+ 
++	if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1)
++		goto err;
+ 
+ 	ret = 1;
+ 
+ 	err:
+ 	if (pk)
+ 		EVP_PKEY_free(pk);
+-	else if (key)
++	if (key)
+ 		RSA_free(key);
+ 	return ret;
+ 	}
+diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/modes/gcm128.c
+--- openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/modes/gcm128.c	2013-11-15 16:12:52.626015247 +0100
+@@ -898,6 +898,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
+ # endif
+ #endif
+ 
++	ctx->totlen += len;
++	if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
++		return -1;
++
+ #if 0
+ 	n = (unsigned int)mlen%16; /* alternative to ctx->mres */
+ #endif
+@@ -1200,6 +1204,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
+ # endif
+ #endif
+ 
++	ctx->totlen += len;
++	if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
++		return -1;
++
+ 	mlen += len;
+ 	if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
+ 		return -1;
+diff -up openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1e/crypto/modes/modes_lcl.h
+--- openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs	2013-11-15 15:01:28.000000000 +0100
++++ openssl-1.0.1e/crypto/modes/modes_lcl.h	2013-11-15 15:44:12.351278461 +0100
+@@ -115,6 +115,7 @@ struct gcm128_context {
+ 	unsigned int mres, ares;
+ 	block128_f block;
+ 	void *key;
++	u64 totlen;
+ };
+ 
+ struct xts128_context {
+diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h
+--- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs	2013-11-15 15:01:28.922045831 +0100
++++ openssl-1.0.1e/crypto/rand/rand_lcl.h	2013-11-15 15:01:29.220052368 +0100
+@@ -112,7 +112,7 @@
+ #ifndef HEADER_RAND_LCL_H
+ #define HEADER_RAND_LCL_H
+ 
+-#define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */
++#define ENTROPY_NEEDED 48  /* require 384 bits = 48 bytes of randomness */
+ 
+ 
+ #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c
+--- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rand/rand_lib.c	2013-11-15 15:01:29.220052368 +0100
+@@ -68,6 +68,7 @@
+ #ifdef OPENSSL_FIPS
+ #include <openssl/fips.h>
+ #include <openssl/fips_rand.h>
++#include "../fips/fips_rand_lcl.h"
+ #endif
+ 
+ #ifndef OPENSSL_NO_ENGINE
+@@ -239,12 +240,14 @@ static int drbg_rand_add(DRBG_CTX *ctx,
+ 				double entropy)
+ 	{
+ 	RAND_SSLeay()->add(in, inlen, entropy);
++	ctx->status = DRBG_STATUS_RESEED;
+ 	return 1;
+ 	}
+ 
+ static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
+ 	{
+ 	RAND_SSLeay()->seed(in, inlen);
++	ctx->status = DRBG_STATUS_RESEED;
+ 	return 1;
+ 	}
+ 
diff --git a/openssl.spec b/openssl.spec
index f85f646..36aada5 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 32%{?dist}
+Release: 33%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -75,6 +75,7 @@ Patch71: openssl-1.0.1e-manfix.patch
 Patch72: openssl-1.0.1e-fips-ctor.patch
 Patch73: openssl-1.0.1e-ecc-suiteb.patch
 Patch74: openssl-1.0.1e-no-md5-verify.patch
+Patch75: openssl-1.0.1e-new-fips-reqs.patch
 # Backported fixes including security fixes
 Patch81: openssl-1.0.1-beta2-padlock64.patch
 Patch82: openssl-1.0.1e-backports.patch
@@ -190,6 +191,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch72 -p1 -b .fips-ctor
 %patch73 -p1 -b .suiteb
 %patch74 -p1 -b .no-md5-verify
+%patch75 -p1 -b .fips-reqs
 
 %patch81 -p1 -b .padlock64
 %patch82 -p1 -b .backports
@@ -460,6 +462,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Fri Nov 15 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-33
+- additional changes required for FIPS validation
+
 * Wed Nov 13 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-32
 - disable verification of certificate, CRL, and OCSP signatures
   using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable