- Build fix after OpenSSL rebase

Resolves: rhbz#2153626
2022-12-16 11:52:54 +01:00 · 2022-12-16 11:52:54 +01:00 · b0f3205a21
commit b0f3205a21
parent ad9644f74c
2 changed files with 52 additions and 8 deletions
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@ -1,6 +1,14 @@
 diff -up openssh-8.6p1/dh.c.fips openssh-8.6p1/dh.c
 --- openssh-8.6p1/dh.c.fips	2021-04-16 05:55:25.000000000 +0200
 +++ openssh-8.6p1/dh.c	2021-05-06 12:12:10.107634472 +0200
@@ -36,6 +36,7 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 +#include <openssl/fips.h>
 #include "dh.h"
 #include "pathnames.h"
@@ -164,6 +164,12 @@ choose_dh(int min, int wantbits, int max
 	int best, bestcount, which, linenum;
 	struct dhgroup dhg;
@ -67,6 +75,14 @@ diff -up openssh-8.6p1/dh.h.fips openssh-8.6p1/dh.h
 diff -up openssh-8.6p1/kex.c.fips openssh-8.6p1/kex.c
 --- openssh-8.6p1/kex.c.fips	2021-05-06 12:08:36.489926807 +0200
 +++ openssh-8.6p1/kex.c	2021-05-06 12:08:36.498926877 +0200
@@ -39,6 +39,7 @@
 #ifdef WITH_OPENSSL
 #include <openssl/crypto.h>
 +#include <openssl/fips.h>
 #include <openssl/dh.h>
 # ifdef HAVE_EVP_KDF_CTX_NEW_ID
 # include <openssl/kdf.h>
@@ -203,7 +203,10 @@ kex_names_valid(const char *names)
 	for ((p = strsep(&cp, ",")); p && *p != '\0';
 	    (p = strsep(&cp, ","))) {
@ -86,7 +102,7 @@ diff -up openssh-8.6p1/kexgexc.c.fips openssh-8.6p1/kexgexc.c
 #ifdef WITH_OPENSSL
-+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 #include <sys/types.h>
 #include <openssl/dh.h>
@ -154,6 +170,14 @@ diff -up openssh-8.6p1/myproposal.h.fips openssh-8.6p1/myproposal.h
 diff -up openssh-8.6p1/readconf.c.fips openssh-8.6p1/readconf.c
 --- openssh-8.6p1/readconf.c.fips	2021-05-06 12:08:36.428926336 +0200
 +++ openssh-8.6p1/readconf.c	2021-05-06 12:08:36.499926885 +0200
@@ -39,6 +39,7 @@
 #include <string.h>
 #include <stdarg.h>
 #include <unistd.h>
 +#include <openssl/fips.h>
 #ifdef USE_SYSTEM_GLOB
 # include <glob.h>
 #else
@@ -2538,11 +2538,16 @@ fill_default_options(Options * options)
 	all_key = sshkey_alg_list(0, 0, 1, ',');
 	all_sig = sshkey_alg_list(0, 1, 1, ',');
@ -192,6 +216,14 @@ diff -up openssh-8.6p1/sandbox-seccomp-filter.c.fips openssh-8.6p1/sandbox-secco
 diff -up openssh-8.6p1/servconf.c.fips openssh-8.6p1/servconf.c
 --- openssh-8.6p1/servconf.c.fips	2021-05-06 12:08:36.455926545 +0200
 +++ openssh-8.6p1/servconf.c	2021-05-06 12:08:36.500926893 +0200
@@ -38,6 +38,7 @@
 #include <limits.h>
 #include <stdarg.h>
 #include <errno.h>
 +#include <openssl/fips.h>
 #ifdef HAVE_UTIL_H
 #include <util.h>
 #endif
@@ -226,11 +226,16 @@ assemble_algorithms(ServerOptions *o)
 	all_key = sshkey_alg_list(0, 0, 1, ',');
 	all_sig = sshkey_alg_list(0, 1, 1, ',');
@ -221,7 +253,7 @@ diff -up openssh-8.6p1/ssh.c.fips openssh-8.6p1/ssh.c
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #endif
-+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 #include "openbsd-compat/openssl-compat.h"
 #include "openbsd-compat/sys-queue.h"
@ -243,7 +275,7 @@ diff -up openssh-8.6p1/sshconnect2.c.fips openssh-8.6p1/sshconnect2.c
 #include <vis.h>
 #endif
-+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 +
 #include "openbsd-compat/sys-queue.h"
@ -332,7 +364,7 @@ diff -up openssh-8.6p1/sshd.c.fips openssh-8.6p1/sshd.c
 #include <openssl/dh.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
-+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 #include "openbsd-compat/openssl-compat.h"
 #endif
@ -395,7 +427,7 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
-+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 #endif
 #include "crypto_api.h"
@ -482,6 +514,14 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
 diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
 --- openssh-8.6p1/ssh-keygen.c.fips	2021-05-06 12:08:36.467926637 +0200
 +++ openssh-8.6p1/ssh-keygen.c	2021-05-06 12:08:36.503926916 +0200
@@ -20,6 +20,7 @@
 #ifdef WITH_OPENSSL
 #include <openssl/evp.h>
 +#include <openssl/fips.h>
 #include <openssl/pem.h>
 #include "openbsd-compat/openssl-compat.h"
 #endif
@@ -205,6 +205,12 @@ type_bits_valid(int type, const char *na
 #endif
 	}
@ -521,7 +561,7 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
 #include <stdio.h>
 #include <string.h>
 #include <signal.h>
-+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 #include "sshkey.h"
 #include "kex.h"
@ -607,7 +647,7 @@ diff -up openssh-8.7p1/ssh-ed25519.c.fips3 openssh-8.7p1/ssh-ed25519.c
 #include <string.h>
 #include <stdarg.h>
-+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 #include "log.h"
 #include "sshbuf.h"
--- a/openssh.spec
+++ b/openssh.spec
@ -51,7 +51,7 @@
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 24
+%global openssh_rel 25
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
@ -734,6 +734,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 %changelog
 * Fri Dec 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-25
 - Build fix after OpenSSL rebase
  Resolves: rhbz#2153626
 * Fri Sep 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-24
 - Set minimal value of RSA key length via configuration option - support both names
  Resolves: rhbz#2128352