Using DigestSign/DigestVerify functions for better FIPS compatibility

Resolves: RHEL-5217
This commit is contained in:
Dmitry Belyavskiy 2023-11-07 17:44:31 +01:00
parent 6c888396c9
commit 2e04a3ede2
2 changed files with 6 additions and 9 deletions

View File

@ -471,7 +471,7 @@ diff -up openssh-7.9p1/sshkey.c.fips openssh-7.9p1/sshkey.c
#include "xmss_fast.h"
@@ -392,13 +394,14 @@ sshkey_calculate_signature(EVP_PKEY *pkey
@@ -392,7 +394,8 @@ sshkey_calculate_signature(EVP_PKEY *pkey
{
EVP_MD_CTX *ctx = NULL;
u_char *sig = NULL;
@ -481,13 +481,6 @@ diff -up openssh-7.9p1/sshkey.c.fips openssh-7.9p1/sshkey.c
if (sigp == NULL || lenp == NULL) {
return SSH_ERR_INVALID_ARGUMENT;
}
- slen = EVP_PKEY_size(pkey);
+ slen = EVP_PKEY_get_size(pkey);
if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
return SSH_ERR_INVALID_ARGUMENT;
@@ -411,9 +414,10 @@ sshkey_calculate_signature(EVP_PKEY *pkey
ret = SSH_ERR_ALLOC_FAIL;
goto error;

View File

@ -66,7 +66,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.0p1
%global openssh_rel 20
%global openssh_rel 21
%global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 7
@ -815,6 +815,10 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
* Tue Nov 07 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-21
- Using DigestSign/DigestVerify functions for better FIPS compatibility
Resolves: RHEL-5217
* Mon Oct 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-20
- Limit artificial delays in sshd while login using AD user
Resolves: RHEL-1684