openssh/openssh-9.0p1-evp-fips-sign.patch

diff -up openssh-9.3p1/ssh-dss.c.evp-fips-sign openssh-9.3p1/ssh-dss.c
--- openssh-9.3p1/ssh-dss.c.evp-fips-sign	2023-04-27 16:46:17.115809116 +0200
+++ openssh-9.3p1/ssh-dss.c	2023-04-27 17:07:40.117253665 +0200
@@ -32,6 +32,8 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
 
 #include <stdarg.h>
 #include <string.h>
@@ -281,9 +283,8 @@ ssh_dss_sign(struct sshkey *key,
 	    sshkey_type_plain(key->type) != KEY_DSA)
 		return SSH_ERR_INVALID_ARGUMENT;
 
-	if ((pkey = EVP_PKEY_new()) == NULL ||
-	    EVP_PKEY_set1_DSA(pkey, key->dsa) != 1)
-		return SSH_ERR_ALLOC_FAIL;
+  	if ((ret = ssh_create_evp_dss(key, &pkey)) != 0)
+    		return ret;
 	ret = sshkey_calculate_signature(pkey, SSH_DIGEST_SHA1, &sigb, &len,
 	    data, datalen);
 	EVP_PKEY_free(pkey);
@@ -411,11 +412,8 @@ ssh_dss_verify(const struct sshkey *key,
 		goto out;
 	}
 
-	if ((pkey = EVP_PKEY_new()) == NULL ||
-	    EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) {
-		ret = SSH_ERR_ALLOC_FAIL;
+  	if ((ret = ssh_create_evp_dss(key, &pkey)) != 0)
 		goto out;
-	}
 	ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, dlen,
 	    sigb, slen);
 	EVP_PKEY_free(pkey);
@@ -432,6 +430,65 @@ ssh_dss_verify(const struct sshkey *key,
 	return ret;
 }
 
+int
+ssh_create_evp_dss(const struct sshkey *k, EVP_PKEY **pkey)
+{
+  	OSSL_PARAM_BLD *param_bld = NULL;
+  	EVP_PKEY_CTX *ctx = NULL;
+  	const BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
+  	int ret = 0;
+
+  	if (k == NULL)
+  		return SSH_ERR_INVALID_ARGUMENT;
+  	if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) == NULL ||
+  	    (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
+  		ret = SSH_ERR_ALLOC_FAIL;
+  	  	goto out;
+  	}
+
+  	DSA_get0_pqg(k->dsa, &p, &q, &g);
+  	DSA_get0_key(k->dsa, &pub, &priv);
+
+  	if (p != NULL &&
+  	    OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) != 1) {
+  		ret = SSH_ERR_LIBCRYPTO_ERROR;
+  		goto out;
+  	}
+  	if (q != NULL &&
+  	    OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) != 1) {
+  		ret = SSH_ERR_LIBCRYPTO_ERROR;
+  		goto out;
+  	}
+  	if (g != NULL &&
+  	    OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) != 1) {
+  		ret = SSH_ERR_LIBCRYPTO_ERROR;
+  		goto out;
+  	}
+  	if (pub != NULL &&
+  	    OSSL_PARAM_BLD_push_BN(param_bld,
+	        OSSL_PKEY_PARAM_PUB_KEY,
+	        pub) != 1) {
+  		ret = SSH_ERR_LIBCRYPTO_ERROR;
+  		goto out;
+  	}
+  	if (priv != NULL &&
+  	    OSSL_PARAM_BLD_push_BN(param_bld,
+	        OSSL_PKEY_PARAM_PRIV_KEY,
+	        priv) != 1) {
+  		ret = SSH_ERR_LIBCRYPTO_ERROR;
+  		goto out;
+  	}
+  	if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
+  		ret = SSH_ERR_LIBCRYPTO_ERROR;
+  		goto out;
+  	}
+
+out:
+  	OSSL_PARAM_BLD_free(param_bld);
+  	EVP_PKEY_CTX_free(ctx);
+  	return ret;
+}
+
 static const struct sshkey_impl_funcs sshkey_dss_funcs = {
 	/* .size = */		ssh_dss_size,
 	/* .alloc = */		ssh_dss_alloc,
diff -up openssh-9.3p1/ssh-ecdsa.c.evp-fips-sign openssh-9.3p1/ssh-ecdsa.c
--- openssh-9.3p1/ssh-ecdsa.c.evp-fips-sign	2023-04-27 16:46:17.127809401 +0200
+++ openssh-9.3p1/ssh-ecdsa.c	2023-04-27 17:08:28.557396513 +0200
@@ -34,6 +34,8 @@
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
 
 #include <string.h>
 
@@ -260,9 +262,8 @@ ssh_ecdsa_sign(struct sshkey *key,
 	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
 		return SSH_ERR_INTERNAL_ERROR;
 
-	if ((pkey = EVP_PKEY_new()) == NULL ||
-	    EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1)
-		return SSH_ERR_ALLOC_FAIL;
+  	if ((ret = ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey)) != 0)
+		return ret;
 	ret = sshkey_calculate_signature(pkey, hash_alg, &sigb, &len, data,
 	    dlen);
 	EVP_PKEY_free(pkey);
@@ -381,11 +382,8 @@ ssh_ecdsa_verify(const struct sshkey *ke
 		goto out;
 	}
 
-	if ((pkey = EVP_PKEY_new()) == NULL ||
-	    EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) {
-		ret =  SSH_ERR_ALLOC_FAIL;
+  	if (ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey) != 0)
 		goto out;
-	}
 	ret = sshkey_verify_signature(pkey, hash_alg, data, dlen, sigb, len);
 	EVP_PKEY_free(pkey);
 
@@ -400,6 +398,79 @@ ssh_ecdsa_verify(const struct sshkey *ke
 	return ret;
 }
 
+int
+ssh_create_evp_ec(EC_KEY *k, int ecdsa_nid, EVP_PKEY **pkey)
+{
+	OSSL_PARAM_BLD *param_bld = NULL;
+	EVP_PKEY_CTX *ctx = NULL;
+  	BN_CTX *bn_ctx = NULL;
+  	uint8_t *pub_ser = NULL; 
+  	const char *group_name;
+  	const EC_POINT *pub = NULL;
+  	const BIGNUM *priv = NULL;
+  	int ret = 0;
+
+	if (k == NULL)
+    		return SSH_ERR_INVALID_ARGUMENT;
+  	if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL ||
+      	    (param_bld = OSSL_PARAM_BLD_new()) == NULL ||
+      	    (bn_ctx = BN_CTX_new()) == NULL) {
+    		ret = SSH_ERR_ALLOC_FAIL;
+    		goto out;
+  	}
+
+	if ((group_name = OSSL_EC_curve_nid2name(ecdsa_nid)) == NULL ||
+     	    OSSL_PARAM_BLD_push_utf8_string(param_bld,
+                OSSL_PKEY_PARAM_GROUP_NAME,
+                group_name,
+                strlen(group_name)) != 1) {
+    		ret = SSH_ERR_LIBCRYPTO_ERROR;
+    		goto out;
+	}
+  	if ((pub = EC_KEY_get0_public_key(k)) != NULL) {
+    		const EC_GROUP *group;
+    		size_t len;
+
+		group = EC_KEY_get0_group(k);
+		len = EC_POINT_point2oct(group, pub,
+		    POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
+		if ((pub_ser = malloc(len)) == NULL) {
+			ret = SSH_ERR_ALLOC_FAIL;
+			goto out;
+		}
+		EC_POINT_point2oct(group,
+		    pub,
+		    POINT_CONVERSION_UNCOMPRESSED,
+		    pub_ser,
+		    len,
+		    bn_ctx);
+		if (OSSL_PARAM_BLD_push_octet_string(param_bld,
+		    OSSL_PKEY_PARAM_PUB_KEY,
+		    pub_ser,
+		    len) != 1) {
+			ret = SSH_ERR_LIBCRYPTO_ERROR;
+			goto out;
+		}
+	}
+  	if ((priv = EC_KEY_get0_private_key(k)) != NULL &&
+	    OSSL_PARAM_BLD_push_BN(param_bld,
+               OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1) {
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+  	}
+  	if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
+    		ret = SSH_ERR_LIBCRYPTO_ERROR;
+    		goto out;
+  	}
+
+out:
+  	OSSL_PARAM_BLD_free(param_bld);
+  	EVP_PKEY_CTX_free(ctx);
+  	BN_CTX_free(bn_ctx);
+  	free(pub_ser);
+  	return ret;
+}
+
 /* NB. not static; used by ECDSA-SK */
 const struct sshkey_impl_funcs sshkey_ecdsa_funcs = {
 	/* .size = */		ssh_ecdsa_size,
diff -up openssh-9.3p1/sshkey.c.evp-fips-sign openssh-9.3p1/sshkey.c
--- openssh-9.3p1/sshkey.c.evp-fips-sign	2023-04-27 16:46:17.139809686 +0200
+++ openssh-9.3p1/sshkey.c	2023-04-27 16:46:17.144809804 +0200
@@ -35,6 +35,8 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/fips.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
 #endif
 
 #include "crypto_api.h"
@@ -527,13 +529,14 @@ sshkey_calculate_signature(EVP_PKEY *pke
 {
 	EVP_MD_CTX *ctx = NULL;
 	u_char *sig = NULL;
-	int ret, slen, len;
+	int ret, slen;
+	size_t len;
 
 	if (sigp == NULL || lenp == NULL) {
 		return SSH_ERR_INVALID_ARGUMENT;
 	}
 
-	slen = EVP_PKEY_size(pkey);
+	slen = EVP_PKEY_get_size(pkey);
 	if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
 		return SSH_ERR_INVALID_ARGUMENT;
 
@@ -546,9 +549,10 @@ sshkey_calculate_signature(EVP_PKEY *pke
 		ret = SSH_ERR_ALLOC_FAIL;
 		goto error;
 	}
-	if (EVP_SignInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
-	    EVP_SignUpdate(ctx, data, datalen) <= 0 ||
-	    EVP_SignFinal(ctx, sig, &len, pkey) <= 0) {
+	if (EVP_DigestSignInit(ctx, NULL, ssh_digest_to_md(hash_alg),
+	        NULL, pkey) != 1 ||
+	    EVP_DigestSignUpdate(ctx, data, datalen) != 1 ||
+	    EVP_DigestSignFinal(ctx, sig, &len) != 1) {
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto error;
 	}
@@ -575,12 +579,13 @@ sshkey_verify_signature(EVP_PKEY *pkey,
 	if ((ctx = EVP_MD_CTX_new()) == NULL) {
 		return SSH_ERR_ALLOC_FAIL;
 	}
-	if (EVP_VerifyInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
-	    EVP_VerifyUpdate(ctx, data, datalen) <= 0) {
+	if (EVP_DigestVerifyInit(ctx, NULL, ssh_digest_to_md(hash_alg),
+	    NULL, pkey) != 1 ||
+	    EVP_DigestVerifyUpdate(ctx, data, datalen) != 1) {
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto done;
 	}
-	ret = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey);
+	ret = EVP_DigestVerifyFinal(ctx, sigbuf, siglen);
 	switch (ret) {
 	case 1:
 		ret = 0;
@@ -3809,3 +3814,27 @@ sshkey_set_filename(struct sshkey *k, co
 	return 0;
 }
 #endif /* WITH_XMSS */
+
+#ifdef WITH_OPENSSL
+EVP_PKEY *
+sshkey_create_evp(OSSL_PARAM_BLD *param_bld, EVP_PKEY_CTX *ctx)
+{
+  	EVP_PKEY *ret = NULL;
+  	OSSL_PARAM *params = NULL;
+  	if (param_bld == NULL || ctx == NULL) {
+  		debug2_f("param_bld or ctx is NULL");
+  		return NULL;
+  	}
+  	if ((params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
+  		debug2_f("Could not build param list");
+  		return NULL;
+  	}
+  	if (EVP_PKEY_fromdata_init(ctx) != 1 ||
+  	    EVP_PKEY_fromdata(ctx, &ret, EVP_PKEY_KEYPAIR, params) != 1) {
+  		debug2_f("EVP_PKEY_fromdata failed");
+  		OSSL_PARAM_free(params);
+  		return NULL;
+  	}
+  	return ret;
+}
+#endif /* WITH_OPENSSL */
diff -up openssh-9.3p1/sshkey.h.evp-fips-sign openssh-9.3p1/sshkey.h
--- openssh-9.3p1/sshkey.h.evp-fips-sign	2023-04-27 16:46:17.133809543 +0200
+++ openssh-9.3p1/sshkey.h	2023-04-27 16:46:17.144809804 +0200
@@ -31,6 +31,9 @@
 #ifdef WITH_OPENSSL
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/param_build.h>
+#include <openssl/core_names.h>
 # ifdef OPENSSL_HAS_ECC
 #  include <openssl/ec.h>
 #  include <openssl/ecdsa.h>
@@ -328,6 +331,13 @@ int	 sshkey_private_serialize_maxsign(st
 
 void	 sshkey_sig_details_free(struct sshkey_sig_details *);
 
+#ifdef WITH_OPENSSL
+EVP_PKEY  *sshkey_create_evp(OSSL_PARAM_BLD *, EVP_PKEY_CTX *);
+int   ssh_create_evp_dss(const struct sshkey *, EVP_PKEY **);
+int   ssh_create_evp_rsa(const struct sshkey *, EVP_PKEY **);
+int   ssh_create_evp_ec(EC_KEY *, int, EVP_PKEY **);
+#endif /* WITH_OPENSSL */
+
 #ifdef SSHKEY_INTERNAL
 int	sshkey_sk_fields_equal(const struct sshkey *a, const struct sshkey *b);
 void	sshkey_sk_cleanup(struct sshkey *k);
diff -up openssh-9.3p1/ssh-rsa.c.evp-fips-sign openssh-9.3p1/ssh-rsa.c
--- openssh-9.3p1/ssh-rsa.c.evp-fips-sign	2023-04-27 16:46:17.139809686 +0200
+++ openssh-9.3p1/ssh-rsa.c	2023-04-27 17:10:30.376270565 +0200
@@ -23,6 +23,8 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
 
 #include <stdarg.h>
 #include <string.h>
@@ -426,9 +428,8 @@ ssh_rsa_sign(struct sshkey *key,
 	if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
 		return SSH_ERR_KEY_LENGTH;
 
-	if ((pkey = EVP_PKEY_new()) == NULL ||
-	    EVP_PKEY_set1_RSA(pkey, key->rsa) != 1)
-		return SSH_ERR_ALLOC_FAIL;
+  	if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0)
+		return ret;
 	ret = sshkey_calculate_signature(pkey, hash_alg, &sig, &len, data,
 	    datalen);
 	EVP_PKEY_free(pkey);
@@ -540,11 +541,9 @@ ssh_rsa_verify(const struct sshkey *key,
 		len = modlen;
 	}
 
-	if ((pkey = EVP_PKEY_new()) == NULL ||
-	    EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) {
-		ret = SSH_ERR_ALLOC_FAIL;
+  	if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0)
 		goto out;
-	}
+
 	ret = openssh_RSA_verify(hash_alg, data, dlen, sigblob, len, pkey);
 	EVP_PKEY_free(pkey);
 
@@ -561,11 +560,9 @@ openssh_RSA_verify(int hash_alg, const u
     u_char *sigbuf, size_t siglen, EVP_PKEY *pkey)
 {
 	size_t rsasize = 0;
-	const RSA *rsa;
 	int ret;
 
-	rsa = EVP_PKEY_get0_RSA(pkey);
-	rsasize = RSA_size(rsa);
+	rsasize = EVP_PKEY_get_size(pkey);
 	if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM ||
 	    siglen == 0 || siglen > rsasize) {
 		ret = SSH_ERR_INVALID_ARGUMENT;
@@ -579,6 +576,89 @@ done:
 	return ret;
 }
 
+int
+ssh_create_evp_rsa(const struct sshkey *k, EVP_PKEY **pkey)
+{
+  	OSSL_PARAM_BLD *param_bld = NULL;
+  	EVP_PKEY_CTX *ctx = NULL;
+  	int ret = 0;
+  	const BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
+  	const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+
+  	if (k == NULL)
+  	  	return SSH_ERR_INVALID_ARGUMENT;
+  	if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) == NULL ||
+  	    (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
+  	  	ret = SSH_ERR_ALLOC_FAIL;
+  	  	goto out;
+  	}
+
+  	RSA_get0_key(k->rsa, &n, &e, &d);
+  	RSA_get0_factors(k->rsa, &p, &q);
+  	RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp);
+
+  	if (n != NULL &&
+  	    OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) != 1) {
+  	  	ret = SSH_ERR_LIBCRYPTO_ERROR;
+  		goto out;
+  	}
+  	if (e != NULL &&
+  	    OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e) != 1) {
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+  	}
+  	if (d != NULL &&
+  	    OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_D, d) != 1) {
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+  	}
+
+  	if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+  	}
+
+  	/* setting this to param_build makes the creation process fail */
+  	if (p != NULL &&
+  	    EVP_PKEY_set_bn_param(*pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, p) != 1) {
+		debug2_f("failed to add 'p' param");
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+  	}
+  	if (q != NULL &&
+  	    EVP_PKEY_set_bn_param(*pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, q) != 1) {
+		debug2_f("failed to add 'q' param");
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+  	}
+  	if (dmp1 != NULL &&
+  	    EVP_PKEY_set_bn_param(*pkey,
+  	        OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1) != 1) {
+		debug2_f("failed to add 'dmp1' param");
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+  	}
+  	if (dmq1 != NULL &&
+  	    EVP_PKEY_set_bn_param(*pkey,
+  	        OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1) != 1) {
+		debug2_f("failed to add 'dmq1' param");
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+  	}
+  	if (iqmp != NULL &&
+  	    EVP_PKEY_set_bn_param(*pkey,
+  	        OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp) != 1) {
+		debug2_f("failed to add 'iqmp' param");
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+  	}
+
+out:
+  	OSSL_PARAM_BLD_free(param_bld);
+  	EVP_PKEY_CTX_free(ctx);
+  	return ret;
+}
+
 static const struct sshkey_impl_funcs sshkey_rsa_funcs = {
 	/* .size = */		ssh_rsa_size,
 	/* .alloc = */		ssh_rsa_alloc,