From 2f92285054e9e0693defd43dd2918cf38dd1c639 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 2 Dec 2022 11:49:02 -0500
Subject: [PATCH] Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0

---
 .sscg.metadata                                |  1 +
 ...x-the-FIPS_mode-call-for-OpenSSL-3.0.patch | 32 +++++++++++++++++++
 sscg.spec                                     |  7 +++-
 3 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 .sscg.metadata
 create mode 100644 0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch

diff --git a/.sscg.metadata b/.sscg.metadata
new file mode 100644
index 0000000..c5fa789
--- /dev/null
+++ b/.sscg.metadata
@@ -0,0 +1 @@
+81e3b33e118edff96583314ceb4bfde9a1e6b45c sscg-3.0.0.tar.xz
diff --git a/0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch b/0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
new file mode 100644
index 0000000..d35a8a2
--- /dev/null
+++ b/0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
@@ -0,0 +1,32 @@
+From e65a507c487a37dd5a8c90b7dbd1ff3274146239 Mon Sep 17 00:00:00 2001
+From: Simon Chopin <simon.chopin@canonical.com>
+Date: Mon, 13 Dec 2021 15:20:55 +0100
+Subject: [PATCH 5/5] dhparams: Fix the FIPS_mode() call for OpenSSL 3.0
+
+This function has been removed from OpenSSL 3.0, replaced by
+EVP_default_properties_is_fips_enabled().
+
+Closes #50
+---
+ src/dhparams.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/dhparams.c b/src/dhparams.c
+index 5c50128970d48790df910b9f9531e61e1d4c5758..61fd57aeedca47fba49f75d356cd5f42b9586696 100644
+--- a/src/dhparams.c
++++ b/src/dhparams.c
+@@ -231,7 +231,11 @@ is_valid_named_group (const char *group_name)
+     }
+ 
+   /* Check non-FIPS groups */
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+   if (!FIPS_mode ())
++#else
++  if (!EVP_default_properties_is_fips_enabled(NULL))
++#endif
+     {
+       i = 0;
+       while (dh_nonfips_groups[i])
+-- 
+2.31.1
+
diff --git a/sscg.spec b/sscg.spec
index 922c206..eb650f9 100644
--- a/sscg.spec
+++ b/sscg.spec
@@ -9,7 +9,7 @@
 
 Name:           sscg
 Version:        3.0.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Simple SSL certificate generator
 
 License:        GPLv3+ with exceptions
@@ -30,6 +30,7 @@ Patch: 0001-Drop-usage-of-ERR_GET_FUNC.patch
 Patch: 0002-Correct-certificate-lifetime-calculation.patch
 Patch: 0003-Truncate-IP-address-in-SAN.patch
 Patch: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
+Patch: 0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
 
 %description
 A utility to aid in the creation of more secure "self-signed"
@@ -60,6 +61,10 @@ false signatures from the service certificate.
 %{_mandir}/man8/%{name}.8*
 
 %changelog
+* Fri Dec 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
+- Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0
+- Related: rhbz#2083879
+
 * Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
 - Don't fail if default dhparams file can't be created
 - Resolves: rhbz#2149064