From b0f3205a21300de9b3cfea940f71e389858779de Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Dec 16 2022 10:52:54 +0000
Subject: - Build fix after OpenSSL rebase


Resolves: rhbz#2153626

---

diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch
index 1466b40..05b2907 100644
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@@ -1,6 +1,14 @@
 diff -up openssh-8.6p1/dh.c.fips openssh-8.6p1/dh.c
 --- openssh-8.6p1/dh.c.fips	2021-04-16 05:55:25.000000000 +0200
 +++ openssh-8.6p1/dh.c	2021-05-06 12:12:10.107634472 +0200
+@@ -36,6 +36,7 @@
+ 
+ #include <openssl/bn.h>
+ #include <openssl/dh.h>
++#include <openssl/fips.h>
+ 
+ #include "dh.h"
+ #include "pathnames.h"
 @@ -164,6 +164,12 @@ choose_dh(int min, int wantbits, int max
  	int best, bestcount, which, linenum;
  	struct dhgroup dhg;
@@ -67,6 +75,14 @@ diff -up openssh-8.6p1/dh.h.fips openssh-8.6p1/dh.h
 diff -up openssh-8.6p1/kex.c.fips openssh-8.6p1/kex.c
 --- openssh-8.6p1/kex.c.fips	2021-05-06 12:08:36.489926807 +0200
 +++ openssh-8.6p1/kex.c	2021-05-06 12:08:36.498926877 +0200
+@@ -39,6 +39,7 @@
+ 
+ #ifdef WITH_OPENSSL
+ #include <openssl/crypto.h>
++#include <openssl/fips.h>
+ #include <openssl/dh.h>
+ # ifdef HAVE_EVP_KDF_CTX_NEW_ID
+ # include <openssl/kdf.h>
 @@ -203,7 +203,10 @@ kex_names_valid(const char *names)
  	for ((p = strsep(&cp, ",")); p && *p != '\0';
  	    (p = strsep(&cp, ","))) {
@@ -86,7 +102,7 @@ diff -up openssh-8.6p1/kexgexc.c.fips openssh-8.6p1/kexgexc.c
  
  #ifdef WITH_OPENSSL
  
-+#include <openssl/crypto.h>
++#include <openssl/fips.h>
  #include <sys/types.h>
  
  #include <openssl/dh.h>
@@ -154,6 +170,14 @@ diff -up openssh-8.6p1/myproposal.h.fips openssh-8.6p1/myproposal.h
 diff -up openssh-8.6p1/readconf.c.fips openssh-8.6p1/readconf.c
 --- openssh-8.6p1/readconf.c.fips	2021-05-06 12:08:36.428926336 +0200
 +++ openssh-8.6p1/readconf.c	2021-05-06 12:08:36.499926885 +0200
+@@ -39,6 +39,7 @@
+ #include <string.h>
+ #include <stdarg.h>
+ #include <unistd.h>
++#include <openssl/fips.h>
+ #ifdef USE_SYSTEM_GLOB
+ # include <glob.h>
+ #else
 @@ -2538,11 +2538,16 @@ fill_default_options(Options * options)
  	all_key = sshkey_alg_list(0, 0, 1, ',');
  	all_sig = sshkey_alg_list(0, 1, 1, ',');
@@ -192,6 +216,14 @@ diff -up openssh-8.6p1/sandbox-seccomp-filter.c.fips openssh-8.6p1/sandbox-secco
 diff -up openssh-8.6p1/servconf.c.fips openssh-8.6p1/servconf.c
 --- openssh-8.6p1/servconf.c.fips	2021-05-06 12:08:36.455926545 +0200
 +++ openssh-8.6p1/servconf.c	2021-05-06 12:08:36.500926893 +0200
+@@ -38,6 +38,7 @@
+ #include <limits.h>
+ #include <stdarg.h>
+ #include <errno.h>
++#include <openssl/fips.h>
+ #ifdef HAVE_UTIL_H
+ #include <util.h>
+ #endif
 @@ -226,11 +226,16 @@ assemble_algorithms(ServerOptions *o)
  	all_key = sshkey_alg_list(0, 0, 1, ',');
  	all_sig = sshkey_alg_list(0, 1, 1, ',');
@@ -221,7 +253,7 @@ diff -up openssh-8.6p1/ssh.c.fips openssh-8.6p1/ssh.c
  #include <openssl/evp.h>
  #include <openssl/err.h>
  #endif
-+#include <openssl/crypto.h>
++#include <openssl/fips.h>
  #include "openbsd-compat/openssl-compat.h"
  #include "openbsd-compat/sys-queue.h"
  
@@ -243,7 +275,7 @@ diff -up openssh-8.6p1/sshconnect2.c.fips openssh-8.6p1/sshconnect2.c
  #include <vis.h>
  #endif
  
-+#include <openssl/crypto.h>
++#include <openssl/fips.h>
 +
  #include "openbsd-compat/sys-queue.h"
  
@@ -332,7 +364,7 @@ diff -up openssh-8.6p1/sshd.c.fips openssh-8.6p1/sshd.c
  #include <openssl/dh.h>
  #include <openssl/bn.h>
  #include <openssl/rand.h>
-+#include <openssl/crypto.h>
++#include <openssl/fips.h>
  #include "openbsd-compat/openssl-compat.h"
  #endif
  
@@ -395,7 +427,7 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
  #include <openssl/evp.h>
  #include <openssl/err.h>
  #include <openssl/pem.h>
-+#include <openssl/crypto.h>
++#include <openssl/fips.h>
  #endif
  
  #include "crypto_api.h"
@@ -482,6 +514,14 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
 diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
 --- openssh-8.6p1/ssh-keygen.c.fips	2021-05-06 12:08:36.467926637 +0200
 +++ openssh-8.6p1/ssh-keygen.c	2021-05-06 12:08:36.503926916 +0200
+@@ -20,6 +20,7 @@
+ 
+ #ifdef WITH_OPENSSL
+ #include <openssl/evp.h>
++#include <openssl/fips.h>
+ #include <openssl/pem.h>
+ #include "openbsd-compat/openssl-compat.h"
+ #endif
 @@ -205,6 +205,12 @@ type_bits_valid(int type, const char *na
  #endif
  	}
@@ -521,7 +561,7 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
  #include <stdio.h>
  #include <string.h>
  #include <signal.h>
-+#include <openssl/crypto.h>
++#include <openssl/fips.h>
  
  #include "sshkey.h"
  #include "kex.h"
@@ -607,7 +647,7 @@ diff -up openssh-8.7p1/ssh-ed25519.c.fips3 openssh-8.7p1/ssh-ed25519.c
  
  #include <string.h>
  #include <stdarg.h>
-+#include <openssl/crypto.h>
++#include <openssl/fips.h>
  
  #include "log.h"
  #include "sshbuf.h"
diff --git a/openssh.spec b/openssh.spec
index d6b2c6b..0baac59 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -51,7 +51,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 24
+%global openssh_rel 25
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
 
@@ -734,6 +734,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Fri Dec 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-25
+- Build fix after OpenSSL rebase
+  Resolves: rhbz#2153626
+
 * Fri Sep 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-24
 - Set minimal value of RSA key length via configuration option - support both names
   Resolves: rhbz#2128352