Using DigestSign/DigestVerify functions for better FIPS compatibility

Resolves: RHEL-5217

openssh-7.7p1-fips.patch

@@ -471,7 +471,7 @@ diff -up openssh-7.9p1/sshkey.c.fips openssh-7.9p1/sshkey.c
  
  #include "xmss_fast.h"
  
-@@ -392,13 +394,14 @@ sshkey_calculate_signature(EVP_PKEY *pkey
+@@ -392,7 +394,8 @@ sshkey_calculate_signature(EVP_PKEY *pkey
  {
  	EVP_MD_CTX *ctx = NULL;
  	u_char *sig = NULL;
@@ -481,13 +481,6 @@ diff -up openssh-7.9p1/sshkey.c.fips openssh-7.9p1/sshkey.c
  
  	if (sigp == NULL || lenp == NULL) {
  		return SSH_ERR_INVALID_ARGUMENT;
- 	}
- 
--	slen = EVP_PKEY_size(pkey);
-+	slen = EVP_PKEY_get_size(pkey);
- 	if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
- 		return SSH_ERR_INVALID_ARGUMENT;
- 
 @@ -411,9 +414,10 @@ sshkey_calculate_signature(EVP_PKEY *pkey
  		ret = SSH_ERR_ALLOC_FAIL;
  		goto error;

openssh.spec

@@ -66,7 +66,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.0p1
-%global openssh_rel 20
+%global openssh_rel 21
 %global pam_ssh_agent_ver 0.10.3
 %global pam_ssh_agent_rel 7
 
@@ -815,6 +815,10 @@ getent passwd sshd >/dev/null || \
 %endif
 
 %changelog
+* Tue Nov 07 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-21
+- Using DigestSign/DigestVerify functions for better FIPS compatibility
+  Resolves: RHEL-5217
+
 * Mon Oct 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-20
 - Limit artificial delays in sshd while login using AD user
   Resolves: RHEL-1684