Allow non-cryptographical use of MD5 in GSS Kex in FIPS mode

Related: RHEL-91181

openssh-9.9p1-fips-gss.patch

@@ -0,0 +1,42 @@
+diff -up openssh-9.9p1-build/openssh-9.9p1/gss-genr.c.xxx openssh-9.9p1-build/openssh-9.9p1/gss-genr.c
+--- a/gss-genr.c.xxx	2025-09-01 17:15:41.070677784 +0200
++++ b/gss-genr.c	2025-09-01 17:31:20.376362078 +0200
+@@ -149,19 +149,29 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
+ 	for (i = 0; i < gss_supported->count; i++) {
+ 		if (gss_supported->elements[i].length < 128 &&
+ 		    (*check)(NULL, &(gss_supported->elements[i]), host, client)) {
++			EVP_MD_CTX * ctx = NULL;
++			EVP_MD *md5 = NULL; /* Here we don't use MD5 for crypto purposes */
++			unsigned int md_size = sizeof(digest);
+ 
+ 			deroid[0] = SSH_GSS_OIDTYPE;
+ 			deroid[1] = gss_supported->elements[i].length;
+-
+-			if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
+-			    (r = ssh_digest_update(md, deroid, 2)) != 0 ||
+-			    (r = ssh_digest_update(md,
+-			        gss_supported->elements[i].elements,
+-			        gss_supported->elements[i].length)) != 0 ||
+-			    (r = ssh_digest_final(md, digest, sizeof(digest))) != 0)
++			if ((md5 = EVP_MD_fetch(NULL, "MD5", "provider=default,-fips")) == NULL)
++				fatal_fr(r, "MD5 fetch failed");
++			if ((ctx = EVP_MD_CTX_new()) == NULL) {
++				EVP_MD_free(md5);
++				fatal_fr(r, "digest ctx failed");
++			}
++			if (EVP_DigestInit(ctx, md5) <= 0
++			    || EVP_DigestUpdate(ctx, deroid, 2) <= 0
++			    || EVP_DigestUpdate(ctx, gss_supported->elements[i].elements,
++				    gss_supported->elements[i].length) <= 0
++			    || EVP_DigestFinal(ctx, digest, &md_size) <= 0) {
++				EVP_MD_free(md5);
++				EVP_MD_CTX_free(ctx);
+ 				fatal_fr(r, "digest failed");
+-			ssh_digest_free(md);
+-			md = NULL;
++			}
++			EVP_MD_free(md5); md5 = NULL;
++			EVP_MD_CTX_free(ctx); ctx = NULL;
+ 
+ 			encoded = xmalloc(ssh_digest_bytes(SSH_DIGEST_MD5)
+ 			    * 2);

openssh.spec

@@ -43,7 +43,7 @@
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
 Version: %{openssh_ver}
-Release: 12%{?dist}
+Release: 13%{?dist}
 URL: http://www.openssh.com/portable.html
 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -214,6 +214,8 @@ Patch1025: openssh-9.9p1-non-supported-keys-err-msg.patch
 Patch1026: openssh-9.9p1-bad-hostkey.patch
 # https://github.com/openssh/openssh-portable/pull/500
 Patch1027: openssh-9.9p1-support-authentication-indicators-in-GSSAPI.patch
+#
+Patch1028: openssh-9.9p1-fips-gss.patch
 
 License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
 Requires: /sbin/nologin
@@ -406,6 +408,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
 %patch -P 1025 -p1 -b .non-supported-keys-err-msg
 %patch -P 1026 -p1 -b .bad-hostkey
 %patch -P 1027 -p1 -b .gss-indicators
+%patch -P 1028 -p1 -b .gss-fips
 
 %patch -P 100 -p1 -b .coverity
 
@@ -686,6 +689,10 @@ test -f %{sysconfig_anaconda} && \
 %attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so
 
 %changelog
+* Mon Sep 01 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-13
+- Allow non-cryptographical use of MD5 in GSS Kex in FIPS mode
+  Related: RHEL-91181
+
 * Mon Aug 04 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-12
 - Relax GSS Kex restriction in FIPS mode
   Resolves: RHEL-91181