diff --git a/openssh-6.7p1-coverity.patch b/openssh-6.7p1-coverity.patch
index e372f09..f12f40e 100644
--- a/openssh-6.7p1-coverity.patch
+++ b/openssh-6.7p1-coverity.patch
@@ -74,33 +74,6 @@ diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c
close(c->sock);
c->sock = c->rfd = c->wfd = sock;
channel_find_maxfd(ssh->chanctxt);
-@@ -3804,7 +3804,7 @@ int
- channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd)
- {
- int r, success = 0, idx = -1;
-- char *host_to_connect, *listen_host, *listen_path;
-+ char *host_to_connect = NULL, *listen_host = NULL, *listen_path = NULL;
- int port_to_connect, listen_port;
-
- /* Send the forward request to the remote side. */
-@@ -3832,7 +3832,6 @@ channel_request_remote_forwarding(struct
- success = 1;
- if (success) {
- /* Record that connection to this host/port is permitted. */
-- host_to_connect = listen_host = listen_path = NULL;
- port_to_connect = listen_port = 0;
- if (fwd->connect_path != NULL) {
- host_to_connect = xstrdup(fwd->connect_path);
-@@ -3853,6 +3852,9 @@ channel_request_remote_forwarding(struct
- host_to_connect, port_to_connect,
- listen_host, listen_path, listen_port, NULL);
- }
-+ free(host_to_connect);
-+ free(listen_host);
-+ free(listen_path);
- return idx;
- }
-
diff -up openssh-8.5p1/dns.c.coverity openssh-8.5p1/dns.c
--- openssh-8.5p1/dns.c.coverity 2021-03-02 11:31:47.000000000 +0100
+++ openssh-8.5p1/dns.c 2021-03-24 12:03:33.783968166 +0100
diff --git a/openssh-8.7p1-UTC-time-parse.patch b/openssh-8.7p1-UTC-time-parse.patch
new file mode 100644
index 0000000..1fd953d
--- /dev/null
+++ b/openssh-8.7p1-UTC-time-parse.patch
@@ -0,0 +1,323 @@
+diff --git a/misc.c b/misc.c
+index a8e87430..f2135803 100644
+--- a/misc.c
++++ b/misc.c
+@@ -2399,15 +2399,26 @@ parse_absolute_time(const char *s, uint64_t *tp)
+ struct tm tm;
+ time_t tt;
+ char buf[32], *fmt;
++ const char *cp;
++ size_t l;
++ int is_utc = 0;
+
+ *tp = 0;
+
++ l = strlen(s);
++ if (l > 1 && strcasecmp(s + l - 1, "Z") == 0) {
++ is_utc = 1;
++ l--;
++ } else if (l > 3 && strcasecmp(s + l - 3, "UTC") == 0) {
++ is_utc = 1;
++ l -= 3;
++ }
+ /*
+ * POSIX strptime says "The application shall ensure that there
+ * is white-space or other non-alphanumeric characters between
+ * any two conversion specifications" so arrange things this way.
+ */
+- switch (strlen(s)) {
++ switch (l) {
+ case 8: /* YYYYMMDD */
+ fmt = "%Y-%m-%d";
+ snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6);
+@@ -2427,10 +2438,15 @@ parse_absolute_time(const char *s, uint64_t *tp)
+ }
+
+ memset(&tm, 0, sizeof(tm));
+- if (strptime(buf, fmt, &tm) == NULL)
+- return SSH_ERR_INVALID_FORMAT;
+- if ((tt = mktime(&tm)) < 0)
++ if ((cp = strptime(buf, fmt, &tm)) == NULL || *cp != '\0')
+ return SSH_ERR_INVALID_FORMAT;
++ if (is_utc) {
++ if ((tt = timegm(&tm)) < 0)
++ return SSH_ERR_INVALID_FORMAT;
++ } else {
++ if ((tt = mktime(&tm)) < 0)
++ return SSH_ERR_INVALID_FORMAT;
++ }
+ /* success */
+ *tp = (uint64_t)tt;
+ return 0;
+diff --git a/regress/unittests/misc/test_convtime.c b/regress/unittests/misc/test_convtime.c
+index ef6fd77d..4794dbd9 100644
+--- a/regress/unittests/misc/test_convtime.c
++++ b/regress/unittests/misc/test_convtime.c
+@@ -20,6 +20,7 @@
+
+ #include "log.h"
+ #include "misc.h"
++#include "ssherr.h"
+
+ void test_convtime(void);
+
+@@ -27,6 +28,7 @@ void
+ test_convtime(void)
+ {
+ char buf[1024];
++ uint64_t t;
+
+ TEST_START("misc_convtime");
+ ASSERT_INT_EQ(convtime("0"), 0);
+@@ -56,4 +58,64 @@ test_convtime(void)
+ ASSERT_INT_EQ(convtime("3550w5d3h14m8s"), -1);
+ #endif
+ TEST_DONE();
++
++ /* XXX timezones/DST make verification of this tricky */
++ /* XXX maybe setenv TZ and tzset() to make it unambiguous? */
++ TEST_START("misc_parse_absolute_time");
++ ASSERT_INT_EQ(parse_absolute_time("20000101", &t), 0);
++ ASSERT_INT_EQ(parse_absolute_time("200001011223", &t), 0);
++ ASSERT_INT_EQ(parse_absolute_time("20000101122345", &t), 0);
++
++ /* forced UTC TZ */
++ ASSERT_INT_EQ(parse_absolute_time("20000101Z", &t), 0);
++ ASSERT_U64_EQ(t, 946684800);
++ ASSERT_INT_EQ(parse_absolute_time("200001011223Z", &t), 0);
++ ASSERT_U64_EQ(t, 946729380);
++ ASSERT_INT_EQ(parse_absolute_time("20000101122345Z", &t), 0);
++ ASSERT_U64_EQ(t, 946729425);
++ ASSERT_INT_EQ(parse_absolute_time("20000101UTC", &t), 0);
++ ASSERT_U64_EQ(t, 946684800);
++ ASSERT_INT_EQ(parse_absolute_time("200001011223UTC", &t), 0);
++ ASSERT_U64_EQ(t, 946729380);
++ ASSERT_INT_EQ(parse_absolute_time("20000101122345UTC", &t), 0);
++ ASSERT_U64_EQ(t, 946729425);
++
++ /* Bad month */
++ ASSERT_INT_EQ(parse_absolute_time("20001301", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("20000001", &t),
++ SSH_ERR_INVALID_FORMAT);
++ /* Incomplete */
++ ASSERT_INT_EQ(parse_absolute_time("2", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("2000", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("20000", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("200001", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("2000010", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("200001010", &t),
++ SSH_ERR_INVALID_FORMAT);
++ /* Bad day, hour, minute, second */
++ ASSERT_INT_EQ(parse_absolute_time("20000199", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("200001019900", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("200001010099", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("20000101000099", &t),
++ SSH_ERR_INVALID_FORMAT);
++ /* Invalid TZ specifier */
++ ASSERT_INT_EQ(parse_absolute_time("20000101ZZ", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("20000101PDT", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("20000101U", &t),
++ SSH_ERR_INVALID_FORMAT);
++ ASSERT_INT_EQ(parse_absolute_time("20000101UTCUTC", &t),
++ SSH_ERR_INVALID_FORMAT);
++
++ TEST_DONE();
+ }
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index 5f429813..6aeab1cb 100644
+--- a/ssh-keygen.1
++++ b/ssh-keygen.1
+@@ -511,8 +511,11 @@ Print the full public key to standard output after signature verification.
+ .It Cm verify-time Ns = Ns Ar timestamp
+ Specifies a time to use when validating signatures instead of the current
+ time.
+-The time may be specified as a date in YYYYMMDD format or a time
+-in YYYYMMDDHHMM[SS] format.
++The time may be specified as a date or time in the YYYYMMDD[Z] or
++in YYYYMMDDHHMM[SS][Z] formats.
++Dates and times will be interpreted in the current system time zone unless
++suffixed with a Z character, which causes them to be interpreted in the
++UTC time zone.
+ .El
+ .Pp
+ The
+@@ -603,31 +606,67 @@ A validity interval may consist of a single time, indicating that the
+ certificate is valid beginning now and expiring at that time, or may consist
+ of two times separated by a colon to indicate an explicit time interval.
+ .Pp
+-The start time may be specified as the string
++The start time may be specified as:
++.Bl -bullet -compact
++.It
++The string
+ .Dq always
+-to indicate the certificate has no specified start time,
+-a date in YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format,
+-a relative time (to the current time) consisting of a minus sign followed by
+-an interval in the format described in the
++to indicate the certificate has no specified start time.
++.It
++A date or time in the system time zone formatted as YYYYMMDD or
++YYYYMMDDHHMM[SS].
++.It
++A date or time in the UTC time zone as YYYYMMDDZ or YYYYMMDDHHMM[SS]Z.
++.It
++A relative time before the current system time consisting of a minus sign
++followed by an interval in the format described in the
+ TIME FORMATS section of
+ .Xr sshd_config 5 .
++.It
++A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a hexadecimal
++number beginning with
++.Dq 0x .
++.El
+ .Pp
+-The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMM[SS] time,
+-a relative time starting with a plus character or the string
++The end time may be specified similarly to the start time:
++.Bl -bullet -compact
++.It
++The string
+ .Dq forever
+-to indicate that the certificate has no expiry date.
++to indicate the certificate has no specified end time.
++.It
++A date or time in the system time zone formatted as YYYYMMDD or
++YYYYMMDDHHMM[SS].
++.It
++A date or time in the UTC time zone as YYYYMMDDZ or YYYYMMDDHHMM[SS]Z.
++.It
++A relative time after the current system time consisting of a plus sign
++followed by an interval in the format described in the
++TIME FORMATS section of
++.Xr sshd_config 5 .
++.It
++A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a hexadecimal
++number beginning with
++.Dq 0x .
++.El
+ .Pp
+ For example:
+-.Dq +52w1d
+-(valid from now to 52 weeks and one day from now),
+-.Dq -4w:+4w
+-(valid from four weeks ago to four weeks from now),
+-.Dq 20100101123000:20110101123000
+-(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
+-.Dq -1d:20110101
+-(valid from yesterday to midnight, January 1st, 2011),
+-.Dq -1m:forever
+-(valid from one minute ago and never expiring).
++.Bl -tag -width Ds
++.It +52w1d
++Valid from now to 52 weeks and one day from now.
++.It -4w:+4w
++Valid from four weeks ago to four weeks from now.
++.It 20100101123000:20110101123000
++Valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011.
++.It 20100101123000Z:20110101123000Z
++Similar, but interpreted in the UTC time zone rather than the system time zone.
++.It -1d:20110101
++Valid from yesterday to midnight, January 1st, 2011.
++.It 0x1:0x2000000000
++Valid from roughly early 1970 to May 2033.
++.It -1m:forever
++Valid from one minute ago and never expiring.
++.El
+ .It Fl v
+ Verbose mode.
+ Causes
+@@ -1206,7 +1245,10 @@ signature object and presented on the verification command-line must
+ match the specified list before the key will be considered acceptable.
+ .It Cm valid-after Ns = Ns "timestamp"
+ Indicates that the key is valid for use at or after the specified timestamp,
+-which may be a date in YYYYMMDD format or a time in YYYYMMDDHHMM[SS] format.
++which may be a date or time in the YYYYMMDD[Z] or YYYYMMDDHHMM[SS][Z] formats.
++Dates and times will be interpreted in the current system time zone unless
++suffixed with a Z character, which causes them to be interpreted in the UTC
++time zone.
+ .It Cm valid-before Ns = Ns "timestamp"
+ Indicates that the key is valid for use at or before the specified timestamp.
+ .El
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index 20b321cc..9b2beda0 100644
+--- a/ssh-keygen.c
++++ b/ssh-keygen.c
+@@ -1916,6 +1916,21 @@ parse_relative_time(const char *s, time_t now)
+ return now + (u_int64_t)(secs * mul);
+ }
+
++static void
++parse_hex_u64(const char *s, uint64_t *up)
++{
++ char *ep;
++ unsigned long long ull;
++
++ errno = 0;
++ ull = strtoull(s, &ep, 16);
++ if (*s == '\0' || *ep != '\0')
++ fatal("Invalid certificate time: not a number");
++ if (errno == ERANGE && ull == ULONG_MAX)
++ fatal_fr(SSH_ERR_SYSTEM_ERROR, "Invalid certificate time");
++ *up = (uint64_t)ull;
++}
++
+ static void
+ parse_cert_times(char *timespec)
+ {
+@@ -1938,8 +1953,8 @@ parse_cert_times(char *timespec)
+
+ /*
+ * from:to, where
+- * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "always"
+- * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "forever"
++ * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 0x... | "always"
++ * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 0x... | "forever"
+ */
+ from = xstrdup(timespec);
+ to = strchr(from, ':');
+@@ -1951,6 +1966,8 @@ parse_cert_times(char *timespec)
+ cert_valid_from = parse_relative_time(from, now);
+ else if (strcmp(from, "always") == 0)
+ cert_valid_from = 0;
++ else if (strncmp(from, "0x", 2) == 0)
++ parse_hex_u64(from, &cert_valid_from);
+ else if (parse_absolute_time(from, &cert_valid_from) != 0)
+ fatal("Invalid from time \"%s\"", from);
+
+@@ -1958,6 +1975,8 @@ parse_cert_times(char *timespec)
+ cert_valid_to = parse_relative_time(to, now);
+ else if (strcmp(to, "forever") == 0)
+ cert_valid_to = ~(u_int64_t)0;
++ else if (strncmp(to, "0x", 2) == 0)
++ parse_hex_u64(to, &cert_valid_to);
+ else if (parse_absolute_time(to, &cert_valid_to) != 0)
+ fatal("Invalid to time \"%s\"", to);
+
+diff --git a/sshd.8 b/sshd.8
+index 2b50514e..8ccc5bc0 100644
+--- a/sshd.8
++++ b/sshd.8
+@@ -533,8 +533,9 @@ controlled via the
+ option.
+ .It Cm expiry-time="timespec"
+ Specifies a time after which the key will not be accepted.
+-The time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] time
+-in the system time-zone.
++The time may be specified as a YYYYMMDD[Z] date or a YYYYMMDDHHMM[SS][Z] time.
++Dates and times will be interpreted in the system time zone unless suffixed
++by a Z character, in which case they will be interpreted in the UTC time zone.
+ .It Cm from="pattern-list"
+ Specifies that in addition to public key authentication, either the canonical
+ name of the remote host or its IP address must be present in the
diff --git a/openssh-8.7p1-evp-fips-compl-dh.patch b/openssh-8.7p1-evp-fips-compl-dh.patch
new file mode 100644
index 0000000..ec04910
--- /dev/null
+++ b/openssh-8.7p1-evp-fips-compl-dh.patch
@@ -0,0 +1,292 @@
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/dh.c openssh-8.7p1-patched/dh.c
+--- openssh-8.7p1/dh.c 2023-05-25 09:01:23.295627077 +0200
++++ openssh-8.7p1-patched/dh.c 2023-05-25 09:00:56.519332820 +0200
+@@ -37,6 +37,9 @@
+ #include <openssl/bn.h>
+ #include <openssl/dh.h>
+ #include <openssl/fips.h>
++#include <openssl/evp.h>
++#include <openssl/core_names.h>
++#include <openssl/param_build.h>
+
+ #include "dh.h"
+ #include "pathnames.h"
+@@ -290,10 +293,15 @@
+ int
+ dh_gen_key(DH *dh, int need)
+ {
+- int pbits;
+- const BIGNUM *dh_p, *pub_key;
++ const BIGNUM *dh_p, *dh_g;
++ BIGNUM *pub_key = NULL, *priv_key = NULL;
++ EVP_PKEY *pkey = NULL;
++ EVP_PKEY_CTX *ctx = NULL;
++ OSSL_PARAM_BLD *param_bld = NULL;
++ OSSL_PARAM *params = NULL;
++ int pbits, r = 0;
+
+- DH_get0_pqg(dh, &dh_p, NULL, NULL);
++ DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
+
+ if (need < 0 || dh_p == NULL ||
+ (pbits = BN_num_bits(dh_p)) <= 0 ||
+@@ -301,19 +309,85 @@
+ return SSH_ERR_INVALID_ARGUMENT;
+ if (need < 256)
+ need = 256;
++
++ if ((param_bld = OSSL_PARAM_BLD_new()) == NULL ||
++ (ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)) == NULL) {
++ OSSL_PARAM_BLD_free(param_bld);
++ return SSH_ERR_ALLOC_FAIL;
++ }
++
++ if (OSSL_PARAM_BLD_push_BN(param_bld,
++ OSSL_PKEY_PARAM_FFC_P, dh_p) != 1 ||
++ OSSL_PARAM_BLD_push_BN(param_bld,
++ OSSL_PKEY_PARAM_FFC_G, dh_g) != 1) {
++ error_f("Could not set p,q,g parameters");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
+ /*
+ * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
+ * so double requested need here.
+ */
+- if (!DH_set_length(dh, MINIMUM(need * 2, pbits - 1)))
+- return SSH_ERR_LIBCRYPTO_ERROR;
+-
+- if (DH_generate_key(dh) == 0)
+- return SSH_ERR_LIBCRYPTO_ERROR;
+- DH_get0_key(dh, &pub_key, NULL);
+- if (!dh_pub_is_valid(dh, pub_key))
+- return SSH_ERR_INVALID_FORMAT;
+- return 0;
++ if (OSSL_PARAM_BLD_push_int(param_bld,
++ OSSL_PKEY_PARAM_DH_PRIV_LEN,
++ MINIMUM(need * 2, pbits - 1)) != 1 ||
++ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (EVP_PKEY_fromdata_init(ctx) != 1) {
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (EVP_PKEY_fromdata(ctx, &pkey,
++ EVP_PKEY_KEY_PARAMETERS, params) != 1) {
++ error_f("Failed key generation");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++
++ /* reuse context for key generation */
++ EVP_PKEY_CTX_free(ctx);
++ ctx = NULL;
++
++ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
++ EVP_PKEY_keygen_init(ctx) != 1) {
++ error_f("Could not create or init context");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (EVP_PKEY_generate(ctx, &pkey) != 1) {
++ error_f("Could not generate keys");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (EVP_PKEY_public_check(ctx) != 1) {
++ error_f("The public key is incorrect");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++
++ if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY,
++ &pub_key) != 1 ||
++ EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
++ &priv_key) != 1 ||
++ DH_set0_key(dh, pub_key, priv_key) != 1) {
++ error_f("Could not set pub/priv keys to DH struct");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++
++ /* transferred */
++ pub_key = NULL;
++ priv_key = NULL;
++out:
++ OSSL_PARAM_free(params);
++ OSSL_PARAM_BLD_free(param_bld);
++ EVP_PKEY_CTX_free(ctx);
++ EVP_PKEY_free(pkey);
++ BN_clear_free(pub_key);
++ BN_clear_free(priv_key);
++ return r;
+ }
+
+ DH *
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/kex.c openssh-8.7p1-patched/kex.c
+--- openssh-8.7p1/kex.c 2023-05-25 09:01:23.299627122 +0200
++++ openssh-8.7p1-patched/kex.c 2023-05-25 09:00:56.519332820 +0200
+@@ -1603,3 +1603,47 @@
+ return r;
+ }
+
++#ifdef WITH_OPENSSL
++/*
++ * Creates an EVP_PKEY from the given parameters and keys.
++ * The private key can be omitted.
++ */
++int
++kex_create_evp_dh(EVP_PKEY **pkey, const BIGNUM *p, const BIGNUM *q,
++ const BIGNUM *g, const BIGNUM *pub, const BIGNUM *priv)
++{
++ OSSL_PARAM_BLD *param_bld = NULL;
++ EVP_PKEY_CTX *ctx = NULL;
++ int r = 0;
++
++ /* create EVP_PKEY-DH key */
++ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)) == NULL ||
++ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
++ error_f("EVP_PKEY_CTX or PARAM_BLD init failed");
++ r = SSH_ERR_ALLOC_FAIL;
++ goto out;
++ }
++ if (OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) != 1 ||
++ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) != 1 ||
++ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) != 1 ||
++ OSSL_PARAM_BLD_push_BN(param_bld,
++ OSSL_PKEY_PARAM_PUB_KEY, pub) != 1) {
++ error_f("Failed pushing params to OSSL_PARAM_BLD");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (priv != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld,
++ OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1) {
++ error_f("Failed pushing private key to OSSL_PARAM_BLD");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL)
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++out:
++ OSSL_PARAM_BLD_free(param_bld);
++ EVP_PKEY_CTX_free(ctx);
++ return r;
++}
++#endif /* WITH_OPENSSL */
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/kexdh.c openssh-8.7p1-patched/kexdh.c
+--- openssh-8.7p1/kexdh.c 2023-05-25 09:01:23.237626425 +0200
++++ openssh-8.7p1-patched/kexdh.c 2023-05-25 09:03:21.817957988 +0200
+@@ -35,6 +35,10 @@
+
+ #include "openbsd-compat/openssl-compat.h"
+ #include <openssl/dh.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <openssl/core_names.h>
++#include <openssl/param_build.h>
+
+ #include "sshkey.h"
+ #include "kex.h"
+@@ -83,9 +87,12 @@
+ kex_dh_compute_key(struct kex *kex, BIGNUM *dh_pub, struct sshbuf *out)
+ {
+ BIGNUM *shared_secret = NULL;
++ const BIGNUM *pub, *priv, *p, *q, *g;
++ EVP_PKEY *pkey = NULL, *dh_pkey = NULL;
++ EVP_PKEY_CTX *ctx = NULL;
+ u_char *kbuf = NULL;
+ size_t klen = 0;
+- int kout, r;
++ int kout, r = 0;
+
+ #ifdef DEBUG_KEXDH
+ fprintf(stderr, "dh_pub= ");
+@@ -100,24 +107,59 @@
+ r = SSH_ERR_MESSAGE_INCOMPLETE;
+ goto out;
+ }
+- klen = DH_size(kex->dh);
++
++ DH_get0_key(kex->dh, &pub, &priv);
++ DH_get0_pqg(kex->dh, &p, &q, &g);
++ /* import key */
++ r = kex_create_evp_dh(&pkey, p, q, g, pub, priv);
++ if (r != 0) {
++ error_f("Could not create EVP_PKEY for dh");
++ ERR_print_errors_fp(stderr);
++ goto out;
++ }
++ /* import peer key
++ * the parameters should be the same as with pkey
++ */
++ r = kex_create_evp_dh(&dh_pkey, p, q, g, dh_pub, NULL);
++ if (r != 0) {
++ error_f("Could not import peer key for dh");
++ ERR_print_errors_fp(stderr);
++ goto out;
++ }
++
++ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL) {
++ error_f("Could not init EVP_PKEY_CTX for dh");
++ r = SSH_ERR_ALLOC_FAIL;
++ goto out;
++ }
++ if (EVP_PKEY_derive_init(ctx) != 1 ||
++ EVP_PKEY_derive_set_peer(ctx, dh_pkey) != 1 ||
++ EVP_PKEY_derive(ctx, NULL, &klen) != 1) {
++ error_f("Could not get key size");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
+ if ((kbuf = malloc(klen)) == NULL ||
+ (shared_secret = BN_new()) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+- if ((kout = DH_compute_key(kbuf, dh_pub, kex->dh)) < 0 ||
+- BN_bin2bn(kbuf, kout, shared_secret) == NULL) {
++ if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1 ||
++ BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
++ error_f("Could not derive key");
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ #ifdef DEBUG_KEXDH
+- dump_digest("shared secret", kbuf, kout);
++ dump_digest("shared secret", kbuf, klen);
+ #endif
+ r = sshbuf_put_bignum2(out, shared_secret);
+ out:
+ freezero(kbuf, klen);
+ BN_clear_free(shared_secret);
++ EVP_PKEY_free(pkey);
++ EVP_PKEY_free(dh_pkey);
++ EVP_PKEY_CTX_free(ctx);
+ return r;
+ }
+
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/kex.h openssh-8.7p1-patched/kex.h
+--- openssh-8.7p1/kex.h 2023-05-25 09:01:23.299627122 +0200
++++ openssh-8.7p1-patched/kex.h 2023-05-25 09:00:56.519332820 +0200
+@@ -33,6 +33,9 @@
+ # include <openssl/bn.h>
+ # include <openssl/dh.h>
+ # include <openssl/ecdsa.h>
++# include <openssl/evp.h>
++# include <openssl/core_names.h>
++# include <openssl/param_build.h>
+ # ifdef OPENSSL_HAS_ECC
+ # include <openssl/ec.h>
+ # else /* OPENSSL_HAS_ECC */
+@@ -278,6 +281,8 @@
+ const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)
+ __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
+ __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
++int kex_create_evp_dh(EVP_PKEY **, const BIGNUM *, const BIGNUM *,
++ const BIGNUM *, const BIGNUM *, const BIGNUM *);
+
+ #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
+ void dump_digest(const char *, const u_char *, int);
diff --git a/openssh-8.7p1-evp-fips-compl-ecdh.patch b/openssh-8.7p1-evp-fips-compl-ecdh.patch
new file mode 100644
index 0000000..0313c6f
--- /dev/null
+++ b/openssh-8.7p1-evp-fips-compl-ecdh.patch
@@ -0,0 +1,207 @@
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../openssh-8.7p1/kexecdh.c ./kexecdh.c
+--- ../openssh-8.7p1/kexecdh.c 2021-08-20 06:03:49.000000000 +0200
++++ ./kexecdh.c 2023-04-13 14:30:14.882449593 +0200
+@@ -35,17 +35,57 @@
+ #include <signal.h>
+
+ #include <openssl/ecdh.h>
++#include <openssl/evp.h>
++#include <openssl/core_names.h>
++#include <openssl/param_build.h>
++#include <openssl/err.h>
+
+ #include "sshkey.h"
+ #include "kex.h"
+ #include "sshbuf.h"
+ #include "digest.h"
+ #include "ssherr.h"
++#include "log.h"
+
+ static int
+ kex_ecdh_dec_key_group(struct kex *, const struct sshbuf *, EC_KEY *key,
+ const EC_GROUP *, struct sshbuf **);
+
++static EC_KEY *
++generate_ec_keys(int ec_nid)
++{
++ EC_KEY *client_key = NULL;
++ EVP_PKEY *pkey = NULL;
++ EVP_PKEY_CTX *ctx = NULL;
++ OSSL_PARAM_BLD *param_bld = NULL;
++ OSSL_PARAM *params = NULL;
++ const char *group_name;
++
++ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL ||
++ (param_bld = OSSL_PARAM_BLD_new()) == NULL)
++ goto out;
++ if ((group_name = OSSL_EC_curve_nid2name(ec_nid)) == NULL ||
++ OSSL_PARAM_BLD_push_utf8_string(param_bld,
++ OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
++ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
++ error_f("Could not create OSSL_PARAM");
++ goto out;
++ }
++ if (EVP_PKEY_keygen_init(ctx) != 1 ||
++ EVP_PKEY_CTX_set_params(ctx, params) != 1 ||
++ EVP_PKEY_generate(ctx, &pkey) != 1 ||
++ (client_key = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
++ error_f("Could not generate ec keys");
++ goto out;
++ }
++out:
++ EVP_PKEY_free(pkey);
++ EVP_PKEY_CTX_free(ctx);
++ OSSL_PARAM_BLD_free(param_bld);
++ OSSL_PARAM_free(params);
++ return client_key;
++}
++
+ int
+ kex_ecdh_keypair(struct kex *kex)
+ {
+@@ -55,11 +95,7 @@
+ struct sshbuf *buf = NULL;
+ int r;
+
+- if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
+- r = SSH_ERR_ALLOC_FAIL;
+- goto out;
+- }
+- if (EC_KEY_generate_key(client_key) != 1) {
++ if ((client_key = generate_ec_keys(kex->ec_nid)) == NULL) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+@@ -101,11 +137,7 @@
+ *server_blobp = NULL;
+ *shared_secretp = NULL;
+
+- if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
+- r = SSH_ERR_ALLOC_FAIL;
+- goto out;
+- }
+- if (EC_KEY_generate_key(server_key) != 1) {
++ if ((server_key = generate_ec_keys(kex->ec_nid)) == NULL) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+@@ -140,11 +172,21 @@
+ {
+ struct sshbuf *buf = NULL;
+ BIGNUM *shared_secret = NULL;
+- EC_POINT *dh_pub = NULL;
+- u_char *kbuf = NULL;
+- size_t klen = 0;
++ EVP_PKEY_CTX *ctx = NULL;
++ EVP_PKEY *pkey = NULL, *dh_pkey = NULL;
++ OSSL_PARAM_BLD *param_bld = NULL;
++ OSSL_PARAM *params = NULL;
++ u_char *kbuf = NULL, *pub = NULL;
++ size_t klen = 0, publen;
++ const char *group_name;
+ int r;
+
++ /* import EC_KEY to EVP_PKEY */
++ if ((r = ssh_create_evp_ec(key, kex->ec_nid, &pkey)) != 0) {
++ error_f("Could not create EVP_PKEY");
++ goto out;
++ }
++
+ *shared_secretp = NULL;
+
+ if ((buf = sshbuf_new()) == NULL) {
+@@ -153,45 +195,82 @@
+ }
+ if ((r = sshbuf_put_stringb(buf, ec_blob)) != 0)
+ goto out;
+- if ((dh_pub = EC_POINT_new(group)) == NULL) {
++
++ /* the public key is in the buffer in octet string UNCOMPRESSED
++ * format. See sshbuf_put_ec */
++ if ((r = sshbuf_get_string(buf, &pub, &publen)) != 0)
++ goto out;
++ sshbuf_reset(buf);
++ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
++ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+- if ((r = sshbuf_get_ec(buf, dh_pub, group)) != 0) {
++ if ((group_name = OSSL_EC_curve_nid2name(kex->ec_nid)) == NULL) {
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (OSSL_PARAM_BLD_push_octet_string(param_bld,
++ OSSL_PKEY_PARAM_PUB_KEY, pub, publen) != 1 ||
++ OSSL_PARAM_BLD_push_utf8_string(param_bld,
++ OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
++ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
++ error_f("Failed to set params for dh_pkey");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (EVP_PKEY_fromdata_init(ctx) != 1 ||
++ EVP_PKEY_fromdata(ctx, &dh_pkey,
++ EVP_PKEY_PUBLIC_KEY, params) != 1 ||
++ EVP_PKEY_public_check(ctx) != 1) {
++ error_f("Peer public key import failed");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+- sshbuf_reset(buf);
+
+ #ifdef DEBUG_KEXECDH
+ fputs("public key:\n", stderr);
+- sshkey_dump_ec_point(group, dh_pub);
++ EVP_PKEY_print_public_fp(stderr, dh_pkey, 0, NULL);
+ #endif
+- if (sshkey_ec_validate_public(group, dh_pub) != 0) {
+- r = SSH_ERR_MESSAGE_INCOMPLETE;
++ EVP_PKEY_CTX_free(ctx);
++ ctx = NULL;
++ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
++ EVP_PKEY_derive_init(ctx) != 1 ||
++ EVP_PKEY_derive_set_peer(ctx, dh_pkey) != 1 ||
++ EVP_PKEY_derive(ctx, NULL, &klen) != 1) {
++ error_f("Failed to get derive information");
++ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+- klen = (EC_GROUP_get_degree(group) + 7) / 8;
+- if ((kbuf = malloc(klen)) == NULL ||
+- (shared_secret = BN_new()) == NULL) {
++ if ((kbuf = malloc(klen)) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+- if (ECDH_compute_key(kbuf, klen, dh_pub, key, NULL) != (int)klen ||
+- BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
++ if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ #ifdef DEBUG_KEXECDH
+ dump_digest("shared secret", kbuf, klen);
+ #endif
++ if ((shared_secret = BN_new()) == NULL ||
++ (BN_bin2bn(kbuf, klen, shared_secret) == NULL)) {
++ r = SSH_ERR_ALLOC_FAIL;
++ goto out;
++ }
+ if ((r = sshbuf_put_bignum2(buf, shared_secret)) != 0)
+ goto out;
+ *shared_secretp = buf;
+ buf = NULL;
+ out:
+- EC_POINT_clear_free(dh_pub);
++ EVP_PKEY_CTX_free(ctx);
++ EVP_PKEY_free(pkey);
++ EVP_PKEY_free(dh_pkey);
++ OSSL_PARAM_BLD_free(param_bld);
++ OSSL_PARAM_free(params);
+ BN_clear_free(shared_secret);
+ freezero(kbuf, klen);
++ freezero(pub, publen);
+ sshbuf_free(buf);
+ return r;
+ }
diff --git a/openssh-8.7p1-evp-fips-compl-sign.patch b/openssh-8.7p1-evp-fips-compl-sign.patch
new file mode 100644
index 0000000..fc71678
--- /dev/null
+++ b/openssh-8.7p1-evp-fips-compl-sign.patch
@@ -0,0 +1,468 @@
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/ssh-dss.c ./ssh-dss.c
+--- ../../openssh-8.7p1/ssh-dss.c 2023-03-08 15:35:14.669943335 +0100
++++ ./ssh-dss.c 2023-03-08 15:34:33.508578129 +0100
+@@ -32,6 +32,8 @@
+ #include <openssl/bn.h>
+ #include <openssl/dsa.h>
+ #include <openssl/evp.h>
++#include <openssl/core_names.h>
++#include <openssl/param_build.h>
+
+ #include <stdarg.h>
+ #include <string.h>
+@@ -72,9 +74,8 @@
+ sshkey_type_plain(key->type) != KEY_DSA)
+ return SSH_ERR_INVALID_ARGUMENT;
+
+- if ((pkey = EVP_PKEY_new()) == NULL ||
+- EVP_PKEY_set1_DSA(pkey, key->dsa) != 1)
+- return SSH_ERR_ALLOC_FAIL;
++ if ((ret = ssh_create_evp_dss(key, &pkey)) != 0)
++ return ret;
+ ret = sshkey_calculate_signature(pkey, SSH_DIGEST_SHA1, &sigb, &len,
+ data, datalen);
+ EVP_PKEY_free(pkey);
+@@ -201,11 +202,8 @@
+ goto out;
+ }
+
+- if ((pkey = EVP_PKEY_new()) == NULL ||
+- EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) {
+- ret = SSH_ERR_ALLOC_FAIL;
++ if ((ret = ssh_create_evp_dss(key, &pkey)) != 0)
+ goto out;
+- }
+ ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, datalen,
+ sigb, slen);
+ EVP_PKEY_free(pkey);
+@@ -221,4 +219,63 @@
+ freezero(sigblob, len);
+ return ret;
+ }
++
++int
++ssh_create_evp_dss(const struct sshkey *k, EVP_PKEY **pkey)
++{
++ OSSL_PARAM_BLD *param_bld = NULL;
++ EVP_PKEY_CTX *ctx = NULL;
++ const BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
++ int ret = 0;
++
++ if (k == NULL)
++ return SSH_ERR_INVALID_ARGUMENT;
++ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) == NULL ||
++ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
++ ret = SSH_ERR_ALLOC_FAIL;
++ goto out;
++ }
++
++ DSA_get0_pqg(k->dsa, &p, &q, &g);
++ DSA_get0_key(k->dsa, &pub, &priv);
++
++ if (p != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (q != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (g != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (pub != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld,
++ OSSL_PKEY_PARAM_PUB_KEY,
++ pub) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (priv != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld,
++ OSSL_PKEY_PARAM_PRIV_KEY,
++ priv) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++
++out:
++ OSSL_PARAM_BLD_free(param_bld);
++ EVP_PKEY_CTX_free(ctx);
++ return ret;
++}
+ #endif /* WITH_OPENSSL */
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/ssh-ecdsa.c ./ssh-ecdsa.c
+--- ../../openssh-8.7p1/ssh-ecdsa.c 2023-03-08 15:35:14.669943335 +0100
++++ ./ssh-ecdsa.c 2023-03-08 15:40:52.628201267 +0100
+@@ -34,6 +34,8 @@
+ #include <openssl/ec.h>
+ #include <openssl/ecdsa.h>
+ #include <openssl/evp.h>
++#include <openssl/core_names.h>
++#include <openssl/param_build.h>
+
+ #include <string.h>
+
+@@ -72,9 +74,8 @@
+ if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
+ return SSH_ERR_INTERNAL_ERROR;
+
+- if ((pkey = EVP_PKEY_new()) == NULL ||
+- EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1)
+- return SSH_ERR_ALLOC_FAIL;
++ if ((ret = ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey)) != 0)
++ return ret;
+ ret = sshkey_calculate_signature(pkey, hash_alg, &sigb, &len, data,
+ datalen);
+ EVP_PKEY_free(pkey);
+@@ -193,11 +194,8 @@
+ goto out;
+ }
+
+- if ((pkey = EVP_PKEY_new()) == NULL ||
+- EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) {
+- ret = SSH_ERR_ALLOC_FAIL;
++ if (ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey) != 0)
+ goto out;
+- }
+ ret = sshkey_verify_signature(pkey, hash_alg, data, datalen, sigb, len);
+ EVP_PKEY_free(pkey);
+
+@@ -212,4 +210,76 @@
+ return ret;
+ }
+
++int
++ssh_create_evp_ec(EC_KEY *k, int ecdsa_nid, EVP_PKEY **pkey)
++{
++ OSSL_PARAM_BLD *param_bld = NULL;
++ EVP_PKEY_CTX *ctx = NULL;
++ BN_CTX *bn_ctx = NULL;
++ uint8_t *pub_ser = NULL;
++ const char *group_name;
++ const EC_POINT *pub = NULL;
++ const BIGNUM *priv = NULL;
++ int ret = 0;
++
++ if (k == NULL)
++ return SSH_ERR_INVALID_ARGUMENT;
++ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL ||
++ (param_bld = OSSL_PARAM_BLD_new()) == NULL ||
++ (bn_ctx = BN_CTX_new()) == NULL) {
++ ret = SSH_ERR_ALLOC_FAIL;
++ goto out;
++ }
++
++ if ((group_name = OSSL_EC_curve_nid2name(ecdsa_nid)) == NULL ||
++ OSSL_PARAM_BLD_push_utf8_string(param_bld,
++ OSSL_PKEY_PARAM_GROUP_NAME,
++ group_name,
++ strlen(group_name)) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if ((pub = EC_KEY_get0_public_key(k)) != NULL) {
++ const EC_GROUP *group;
++ size_t len;
++
++ group = EC_KEY_get0_group(k);
++ len = EC_POINT_point2oct(group, pub,
++ POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
++ if ((pub_ser = malloc(len)) == NULL) {
++ ret = SSH_ERR_ALLOC_FAIL;
++ goto out;
++ }
++ EC_POINT_point2oct(group,
++ pub,
++ POINT_CONVERSION_UNCOMPRESSED,
++ pub_ser,
++ len,
++ bn_ctx);
++ if (OSSL_PARAM_BLD_push_octet_string(param_bld,
++ OSSL_PKEY_PARAM_PUB_KEY,
++ pub_ser,
++ len) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ }
++ if ((priv = EC_KEY_get0_private_key(k)) != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld,
++ OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++
++out:
++ OSSL_PARAM_BLD_free(param_bld);
++ EVP_PKEY_CTX_free(ctx);
++ BN_CTX_free(bn_ctx);
++ free(pub_ser);
++ return ret;
++}
+ #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/sshkey.c ./sshkey.c
+--- ../../openssh-8.7p1/sshkey.c 2023-03-08 15:35:14.702943628 +0100
++++ ./sshkey.c 2023-03-08 15:39:03.354082015 +0100
+@@ -35,6 +35,8 @@
+ #include <openssl/err.h>
+ #include <openssl/pem.h>
+ #include <openssl/fips.h>
++#include <openssl/core_names.h>
++#include <openssl/param_build.h>
+ #endif
+
+ #include "crypto_api.h"
+@@ -492,13 +494,14 @@
+ {
+ EVP_MD_CTX *ctx = NULL;
+ u_char *sig = NULL;
+- int ret, slen, len;
++ int ret, slen;
++ size_t len;
+
+ if (sigp == NULL || lenp == NULL) {
+ return SSH_ERR_INVALID_ARGUMENT;
+ }
+
+- slen = EVP_PKEY_size(pkey);
++ slen = EVP_PKEY_get_size(pkey);
+ if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
+ return SSH_ERR_INVALID_ARGUMENT;
+
+@@ -511,9 +514,10 @@
+ ret = SSH_ERR_ALLOC_FAIL;
+ goto error;
+ }
+- if (EVP_SignInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
+- EVP_SignUpdate(ctx, data, datalen) <= 0 ||
+- EVP_SignFinal(ctx, sig, &len, pkey) <= 0) {
++ if (EVP_DigestSignInit(ctx, NULL, ssh_digest_to_md(hash_alg),
++ NULL, pkey) != 1 ||
++ EVP_DigestSignUpdate(ctx, data, datalen) != 1 ||
++ EVP_DigestSignFinal(ctx, sig, &len) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto error;
+ }
+@@ -540,12 +544,13 @@
+ if ((ctx = EVP_MD_CTX_new()) == NULL) {
+ return SSH_ERR_ALLOC_FAIL;
+ }
+- if (EVP_VerifyInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
+- EVP_VerifyUpdate(ctx, data, datalen) <= 0) {
++ if (EVP_DigestVerifyInit(ctx, NULL, ssh_digest_to_md(hash_alg),
++ NULL, pkey) != 1 ||
++ EVP_DigestVerifyUpdate(ctx, data, datalen) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto done;
+ }
+- ret = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey);
++ ret = EVP_DigestVerifyFinal(ctx, sigbuf, siglen);
+ switch (ret) {
+ case 1:
+ ret = 0;
+@@ -5038,3 +5043,27 @@
+ return 0;
+ }
+ #endif /* WITH_XMSS */
++
++#ifdef WITH_OPENSSL
++EVP_PKEY *
++sshkey_create_evp(OSSL_PARAM_BLD *param_bld, EVP_PKEY_CTX *ctx)
++{
++ EVP_PKEY *ret = NULL;
++ OSSL_PARAM *params = NULL;
++ if (param_bld == NULL || ctx == NULL) {
++ debug2_f("param_bld or ctx is NULL");
++ return NULL;
++ }
++ if ((params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
++ debug2_f("Could not build param list");
++ return NULL;
++ }
++ if (EVP_PKEY_fromdata_init(ctx) != 1 ||
++ EVP_PKEY_fromdata(ctx, &ret, EVP_PKEY_KEYPAIR, params) != 1) {
++ debug2_f("EVP_PKEY_fromdata failed");
++ OSSL_PARAM_free(params);
++ return NULL;
++ }
++ return ret;
++}
++#endif /* WITH_OPENSSL */
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/sshkey.h ./sshkey.h
+--- ../../openssh-8.7p1/sshkey.h 2023-03-08 15:35:14.702943628 +0100
++++ ./sshkey.h 2023-03-08 15:34:33.509578138 +0100
+@@ -31,6 +31,9 @@
+ #ifdef WITH_OPENSSL
+ #include <openssl/rsa.h>
+ #include <openssl/dsa.h>
++#include <openssl/evp.h>
++#include <openssl/param_build.h>
++#include <openssl/core_names.h>
+ # ifdef OPENSSL_HAS_ECC
+ # include <openssl/ec.h>
+ # include <openssl/ecdsa.h>
+@@ -293,6 +295,13 @@
+
+ void sshkey_sig_details_free(struct sshkey_sig_details *);
+
++#ifdef WITH_OPENSSL
++EVP_PKEY *sshkey_create_evp(OSSL_PARAM_BLD *, EVP_PKEY_CTX *);
++int ssh_create_evp_dss(const struct sshkey *, EVP_PKEY **);
++int ssh_create_evp_rsa(const struct sshkey *, EVP_PKEY **);
++int ssh_create_evp_ec(EC_KEY *, int, EVP_PKEY **);
++#endif /* WITH_OPENSSL */
++
+ #ifdef SSHKEY_INTERNAL
+ int ssh_rsa_sign(const struct sshkey *key,
+ u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/ssh-rsa.c ./ssh-rsa.c
+--- ../../openssh-8.7p1/ssh-rsa.c 2023-03-08 15:35:14.669943335 +0100
++++ ./ssh-rsa.c 2023-03-08 15:34:33.509578138 +0100
+@@ -23,6 +23,8 @@
+
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
++#include <openssl/core_names.h>
++#include <openssl/param_build.h>
+
+ #include <stdarg.h>
+ #include <string.h>
+@@ -172,9 +174,8 @@
+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+ return SSH_ERR_KEY_LENGTH;
+
+- if ((pkey = EVP_PKEY_new()) == NULL ||
+- EVP_PKEY_set1_RSA(pkey, key->rsa) != 1)
+- return SSH_ERR_ALLOC_FAIL;
++ if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0)
++ return ret;
+ ret = sshkey_calculate_signature(pkey, hash_alg, &sig, &len, data,
+ datalen);
+ EVP_PKEY_free(pkey);
+@@ -285,11 +286,8 @@
+ len = modlen;
+ }
+
+- if ((pkey = EVP_PKEY_new()) == NULL ||
+- EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) {
+- ret = SSH_ERR_ALLOC_FAIL;
++ if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0)
+ goto out;
+- }
+ ret = openssh_RSA_verify(hash_alg, data, datalen, sigblob, len, pkey);
+ EVP_PKEY_free(pkey);
+
+@@ -306,11 +304,9 @@
+ u_char *sigbuf, size_t siglen, EVP_PKEY *pkey)
+ {
+ size_t rsasize = 0;
+- const RSA *rsa;
+ int ret;
+
+- rsa = EVP_PKEY_get0_RSA(pkey);
+- rsasize = RSA_size(rsa);
++ rsasize = EVP_PKEY_get_size(pkey);
+ if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM ||
+ siglen == 0 || siglen > rsasize) {
+ ret = SSH_ERR_INVALID_ARGUMENT;
+@@ -323,4 +319,87 @@
+ done:
+ return ret;
+ }
++
++int
++ssh_create_evp_rsa(const struct sshkey *k, EVP_PKEY **pkey)
++{
++ OSSL_PARAM_BLD *param_bld = NULL;
++ EVP_PKEY_CTX *ctx = NULL;
++ int ret = 0;
++ const BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
++ const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
++
++ if (k == NULL)
++ return SSH_ERR_INVALID_ARGUMENT;
++ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) == NULL ||
++ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
++ ret = SSH_ERR_ALLOC_FAIL;
++ goto out;
++ }
++
++ RSA_get0_key(k->rsa, &n, &e, &d);
++ RSA_get0_factors(k->rsa, &p, &q);
++ RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp);
++
++ if (n != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (e != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (d != NULL &&
++ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_D, d) != 1) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++
++ if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++
++ /* setting this to param_build makes the creation process fail */
++ if (p != NULL &&
++ EVP_PKEY_set_bn_param(*pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, p) != 1) {
++ debug2_f("failed to add 'p' param");
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (q != NULL &&
++ EVP_PKEY_set_bn_param(*pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, q) != 1) {
++ debug2_f("failed to add 'q' param");
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (dmp1 != NULL &&
++ EVP_PKEY_set_bn_param(*pkey,
++ OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1) != 1) {
++ debug2_f("failed to add 'dmp1' param");
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (dmq1 != NULL &&
++ EVP_PKEY_set_bn_param(*pkey,
++ OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1) != 1) {
++ debug2_f("failed to add 'dmq1' param");
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++ if (iqmp != NULL &&
++ EVP_PKEY_set_bn_param(*pkey,
++ OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp) != 1) {
++ debug2_f("failed to add 'iqmp' param");
++ ret = SSH_ERR_LIBCRYPTO_ERROR;
++ goto out;
++ }
++
++out:
++ OSSL_PARAM_BLD_free(param_bld);
++ EVP_PKEY_CTX_free(ctx);
++ return ret;
++}
+ #endif /* WITH_OPENSSL */
diff --git a/openssh-8.7p1-evp-pkcs11.patch b/openssh-8.7p1-evp-pkcs11.patch
new file mode 100644
index 0000000..44e0b8f
--- /dev/null
+++ b/openssh-8.7p1-evp-pkcs11.patch
@@ -0,0 +1,131 @@
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/ssh-ecdsa.c openssh-8.7p1-patched/ssh-ecdsa.c
+--- openssh-8.7p1/ssh-ecdsa.c 2023-05-24 09:39:45.002631174 +0200
++++ openssh-8.7p1-patched/ssh-ecdsa.c 2023-05-24 09:09:34.400853951 +0200
+@@ -74,8 +74,18 @@
+ if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
+ return SSH_ERR_INTERNAL_ERROR;
+
+- if ((ret = ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey)) != 0)
+- return ret;
++#ifdef ENABLE_PKCS11
++ if (is_ecdsa_pkcs11(key->ecdsa)) {
++ if ((pkey = EVP_PKEY_new()) == NULL ||
++ EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1)
++ return SSH_ERR_ALLOC_FAIL;
++ } else {
++#endif
++ if ((ret = ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey)) != 0)
++ return ret;
++#ifdef ENABLE_PKCS11
++ }
++#endif
+ ret = sshkey_calculate_signature(pkey, hash_alg, &sigb, &len, data,
+ datalen);
+ EVP_PKEY_free(pkey);
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/ssh-pkcs11.c openssh-8.7p1-patched/ssh-pkcs11.c
+--- openssh-8.7p1/ssh-pkcs11.c 2023-05-24 09:39:44.950630607 +0200
++++ openssh-8.7p1-patched/ssh-pkcs11.c 2023-05-24 09:33:59.153866357 +0200
+@@ -775,8 +775,24 @@
+
+ return (0);
+ }
++
++int
++is_ecdsa_pkcs11(EC_KEY *ecdsa)
++{
++ if (EC_KEY_get_ex_data(ecdsa, ec_key_idx) != NULL)
++ return 1;
++ return 0;
++}
+ #endif /* HAVE_EC_KEY_METHOD_NEW */
+
++int
++is_rsa_pkcs11(RSA *rsa)
++{
++ if (RSA_get_ex_data(rsa, rsa_idx) != NULL)
++ return 1;
++ return 0;
++}
++
+ /* remove trailing spaces */
+ static void
+ rmspace(u_char *buf, size_t len)
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/ssh-pkcs11-client.c openssh-8.7p1-patched/ssh-pkcs11-client.c
+--- openssh-8.7p1/ssh-pkcs11-client.c 2023-05-24 09:39:44.950630607 +0200
++++ openssh-8.7p1-patched/ssh-pkcs11-client.c 2023-05-24 09:31:16.139092673 +0200
+@@ -225,8 +225,36 @@
+ static RSA_METHOD *helper_rsa;
+ #ifdef HAVE_EC_KEY_METHOD_NEW
+ static EC_KEY_METHOD *helper_ecdsa;
++
++int
++is_ecdsa_pkcs11(EC_KEY *ecdsa)
++{
++ const EC_KEY_METHOD *meth;
++ ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgstlen,
++ const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey) = NULL;
++
++ meth = EC_KEY_get_method(ecdsa);
++ EC_KEY_METHOD_get_sign(meth, NULL, NULL, &sign_sig);
++ if (sign_sig == ecdsa_do_sign)
++ return 1;
++ return 0;
++}
+ #endif /* HAVE_EC_KEY_METHOD_NEW */
+
++int
++is_rsa_pkcs11(RSA *rsa)
++{
++ const RSA_METHOD *meth;
++ int (*priv_enc)(int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding) = NULL;
++
++ meth = RSA_get_method(rsa);
++ priv_enc = RSA_meth_get_priv_enc(meth);
++ if (priv_enc == rsa_encrypt)
++ return 1;
++ return 0;
++}
++
+ /* redirect private key crypto operations to the ssh-pkcs11-helper */
+ static void
+ wrap_key(struct sshkey *k)
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/ssh-pkcs11.h openssh-8.7p1-patched/ssh-pkcs11.h
+--- openssh-8.7p1/ssh-pkcs11.h 2023-05-24 09:39:44.950630607 +0200
++++ openssh-8.7p1-patched/ssh-pkcs11.h 2023-05-24 09:36:49.055714975 +0200
+@@ -39,6 +39,11 @@
+ u_int32_t *);
+ #endif
+
++#ifdef HAVE_EC_KEY_METHOD_NEW
++int is_ecdsa_pkcs11(EC_KEY *ecdsa);
++#endif
++int is_rsa_pkcs11(RSA *rsa);
++
+ #if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11)
+ #undef ENABLE_PKCS11
+ #endif
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/ssh-rsa.c openssh-8.7p1-patched/ssh-rsa.c
+--- openssh-8.7p1/ssh-rsa.c 2023-05-24 09:39:45.003631184 +0200
++++ openssh-8.7p1-patched/ssh-rsa.c 2023-05-24 09:31:37.019319860 +0200
+@@ -174,8 +174,18 @@
+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+ return SSH_ERR_KEY_LENGTH;
+
+- if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0)
+- return ret;
++#ifdef ENABLE_PKCS11
++ if (is_rsa_pkcs11(key->rsa)) {
++ if ((pkey = EVP_PKEY_new()) == NULL ||
++ EVP_PKEY_set1_RSA(pkey, key->rsa) != 1)
++ return SSH_ERR_ALLOC_FAIL;
++ } else {
++#endif
++ if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0)
++ return ret;
++#ifdef ENABLE_PKCS11
++ }
++#endif
+ ret = sshkey_calculate_signature(pkey, hash_alg, &sig, &len, data,
+ datalen);
+ EVP_PKEY_free(pkey);
diff --git a/openssh-8.7p1-man-hostkeyalgos.patch b/openssh-8.7p1-man-hostkeyalgos.patch
new file mode 100644
index 0000000..92c53b1
--- /dev/null
+++ b/openssh-8.7p1-man-hostkeyalgos.patch
@@ -0,0 +1,31 @@
+diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-8.7p1/ssh_config.5 openssh-8.7p1-patched/ssh_config.5
+--- openssh-8.7p1/ssh_config.5 2023-06-02 09:14:40.279373577 +0200
++++ openssh-8.7p1-patched/ssh_config.5 2023-05-30 16:01:04.533848172 +0200
+@@ -989,6 +989,17 @@
+ .Pp
+ The list of available signature algorithms may also be obtained using
+ .Qq ssh -Q HostKeyAlgorithms .
++.Pp
++The proposed
++.Cm HostKeyAlgorithms
++during KEX are limited to the set of algorithms that is defined in
++.Cm PubkeyAcceptedAlgorithms
++and therefore they are indirectly affected by system-wide
++.Xr crypto_policies 7 .
++.Xr crypto_policies 7 can not handle the list of host key algorithms directly as doing so
++would break the order given by the
++.Pa known_hosts
++file.
+ .It Cm HostKeyAlias
+ Specifies an alias that should be used instead of the
+ real host name when looking up or saving the host key
+@@ -1564,6 +1575,9 @@
+ .Pp
+ The list of available signature algorithms may also be obtained using
+ .Qq ssh -Q PubkeyAcceptedAlgorithms .
++.Pp
++This option affects also
++.Cm HostKeyAlgorithms
+ .It Cm PubkeyAuthentication
+ Specifies whether to try public key authentication.
+ The argument to this keyword must be
diff --git a/openssh-8.7p1-nohostsha1proof.patch b/openssh-8.7p1-nohostsha1proof.patch
index a5323e4..5c54e78 100644
--- a/openssh-8.7p1-nohostsha1proof.patch
+++ b/openssh-8.7p1-nohostsha1proof.patch
@@ -43,6 +43,255 @@ diff -up openssh-8.7p1/compat.h.sshrsacheck openssh-8.7p1/compat.h
#define SSH_OLD_SESSIONID 0x00000010
/* #define unused 0x00000020 */
#define SSH_BUG_DEBUG 0x00000040
+diff -up openssh-8.7p1/monitor.c.sshrsacheck openssh-8.7p1/monitor.c
+--- openssh-8.7p1/monitor.c.sshrsacheck 2023-01-20 13:07:54.279676981 +0100
++++ openssh-8.7p1/monitor.c 2023-01-20 15:01:07.007821379 +0100
+@@ -660,11 +660,12 @@ mm_answer_sign(struct ssh *ssh, int sock
+ struct sshkey *key;
+ struct sshbuf *sigbuf = NULL;
+ u_char *p = NULL, *signature = NULL;
+- char *alg = NULL;
++ char *alg = NULL, *effective_alg;
+ size_t datlen, siglen, alglen;
+ int r, is_proof = 0;
+ u_int keyid, compat;
+ const char proof_req[] = "hostkeys-prove-00@openssh.com";
++ const char safe_rsa[] = "rsa-sha2-256";
+
+ debug3_f("entering");
+
+@@ -719,18 +720,30 @@ mm_answer_sign(struct ssh *ssh, int sock
+ }
+
+ if ((key = get_hostkey_by_index(keyid)) != NULL) {
+- if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
++ if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
++ && (sshkey_type_plain(key->type) == KEY_RSA)) {
++ effective_alg = safe_rsa;
++ } else {
++ effective_alg = alg;
++ }
++ if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, effective_alg,
+ options.sk_provider, NULL, compat)) != 0)
+ fatal_fr(r, "sign");
+ } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
+ auth_sock > 0) {
++ if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
++ && (sshkey_type_plain(key->type) == KEY_RSA)) {
++ effective_alg = safe_rsa;
++ } else {
++ effective_alg = alg;
++ }
+ if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen,
+- p, datlen, alg, compat)) != 0)
++ p, datlen, effective_alg, compat)) != 0)
+ fatal_fr(r, "agent sign");
+ } else
+ fatal_f("no hostkey from index %d", keyid);
+
+- debug3_f("%s %s signature len=%zu", alg,
++ debug3_f("%s (effective: %s) %s signature len=%zu", alg, effective_alg,
+ is_proof ? "hostkey proof" : "KEX", siglen);
+
+ sshbuf_reset(m);
+diff -up openssh-8.7p1/regress/cert-userkey.sh.sshrsacheck openssh-8.7p1/regress/cert-userkey.sh
+--- openssh-8.7p1/regress/cert-userkey.sh.sshrsacheck 2023-01-25 14:26:52.885963113 +0100
++++ openssh-8.7p1/regress/cert-userkey.sh 2023-01-25 14:27:25.757219800 +0100
+@@ -7,7 +7,8 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/us
+ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
+
+-PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
++#ssh-dss keys are incompatible with DEFAULT crypto policy
++PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | grep -v 'ssh-dss' | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
+ EXTRA_TYPES=""
+ rsa=""
+
+diff -up openssh-8.7p1/regress/Makefile.sshrsacheck openssh-8.7p1/regress/Makefile
+--- openssh-8.7p1/regress/Makefile.sshrsacheck 2023-01-20 13:07:54.169676051 +0100
++++ openssh-8.7p1/regress/Makefile 2023-01-20 13:07:54.290677074 +0100
+@@ -2,7 +2,8 @@
+
+ tests: prep file-tests t-exec unit
+
+-REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12
++#ssh-dss tests will not pass on DEFAULT crypto-policy because of SHA1, skipping
++REGRESS_TARGETS= t1 t2 t3 t4 t5 t7 t8 t9 t10 t11 t12
+
+ # File based tests
+ file-tests: $(REGRESS_TARGETS)
+diff -up openssh-8.7p1/regress/test-exec.sh.sshrsacheck openssh-8.7p1/regress/test-exec.sh
+--- openssh-8.7p1/regress/test-exec.sh.sshrsacheck 2023-01-25 14:24:54.778040819 +0100
++++ openssh-8.7p1/regress/test-exec.sh 2023-01-25 14:26:39.500858590 +0100
+@@ -581,8 +581,9 @@ maybe_filter_sk() {
+ fi
+ }
+
+-SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk`
+-SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk`
++#ssh-dss keys are incompatible with DEFAULT crypto policy
++SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk | grep -v 'ssh-dss'`
++SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk | grep -v 'ssh-dss'`
+
+ for t in ${SSH_KEYTYPES}; do
+ # generate user key
+diff -up openssh-8.7p1/regress/unittests/kex/test_kex.c.sshrsacheck openssh-8.7p1/regress/unittests/kex/test_kex.c
+--- openssh-8.7p1/regress/unittests/kex/test_kex.c.sshrsacheck 2023-01-26 13:34:52.645743677 +0100
++++ openssh-8.7p1/regress/unittests/kex/test_kex.c 2023-01-26 13:36:56.220745823 +0100
+@@ -97,7 +97,8 @@ do_kex_with_key(char *kex, int keytype,
+ memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
+ if (kex != NULL)
+ kex_params.proposal[PROPOSAL_KEX_ALGS] = kex;
+- keyname = strdup(sshkey_ssh_name(private));
++ keyname = (strcmp(sshkey_ssh_name(private), "ssh-rsa")) ?
++ strdup(sshkey_ssh_name(private)) : strdup("rsa-sha2-256");
+ ASSERT_PTR_NE(keyname, NULL);
+ kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname;
+ ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0);
+@@ -180,7 +181,7 @@ do_kex(char *kex)
+ {
+ #ifdef WITH_OPENSSL
+ do_kex_with_key(kex, KEY_RSA, 2048);
+- do_kex_with_key(kex, KEY_DSA, 1024);
++ /* do_kex_with_key(kex, KEY_DSA, 1024); */
+ #ifdef OPENSSL_HAS_ECC
+ do_kex_with_key(kex, KEY_ECDSA, 256);
+ #endif /* OPENSSL_HAS_ECC */
+diff -up openssh-8.7p1/regress/unittests/sshkey/test_file.c.sshrsacheck openssh-8.7p1/regress/unittests/sshkey/test_file.c
+--- openssh-8.7p1/regress/unittests/sshkey/test_file.c.sshrsacheck 2023-01-26 12:04:55.946343408 +0100
++++ openssh-8.7p1/regress/unittests/sshkey/test_file.c 2023-01-26 12:06:35.235164432 +0100
+@@ -110,6 +110,7 @@ sshkey_file_tests(void)
+ sshkey_free(k2);
+ TEST_DONE();
+
++ /* Skip this test, SHA1 signatures are not supported
+ TEST_START("load RSA cert with SHA1 signature");
+ ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0);
+ ASSERT_PTR_NE(k2, NULL);
+@@ -117,7 +118,7 @@ sshkey_file_tests(void)
+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
+ ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa");
+ sshkey_free(k2);
+- TEST_DONE();
++ TEST_DONE(); */
+
+ TEST_START("load RSA cert with SHA512 signature");
+ ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0);
+diff -up openssh-8.7p1/regress/unittests/sshkey/test_fuzz.c.sshrsacheck openssh-8.7p1/regress/unittests/sshkey/test_fuzz.c
+--- openssh-8.7p1/regress/unittests/sshkey/test_fuzz.c.sshrsacheck 2023-01-26 12:10:37.533168013 +0100
++++ openssh-8.7p1/regress/unittests/sshkey/test_fuzz.c 2023-01-26 12:15:35.637631860 +0100
+@@ -333,13 +333,14 @@ sshkey_fuzz_tests(void)
+ TEST_DONE();
+
+ #ifdef WITH_OPENSSL
++ /* Skip this test, SHA1 signatures are not supported
+ TEST_START("fuzz RSA sig");
+ buf = load_file("rsa_1");
+ ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
+ sshbuf_free(buf);
+ sig_fuzz(k1, "ssh-rsa");
+ sshkey_free(k1);
+- TEST_DONE();
++ TEST_DONE();*/
+
+ TEST_START("fuzz RSA SHA256 sig");
+ buf = load_file("rsa_1");
+@@ -357,6 +358,7 @@ sshkey_fuzz_tests(void)
+ sshkey_free(k1);
+ TEST_DONE();
+
++ /* Skip this test, SHA1 signatures are not supported
+ TEST_START("fuzz DSA sig");
+ buf = load_file("dsa_1");
+ ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
+@@ -364,6 +366,7 @@ sshkey_fuzz_tests(void)
+ sig_fuzz(k1, NULL);
+ sshkey_free(k1);
+ TEST_DONE();
++ */
+
+ #ifdef OPENSSL_HAS_ECC
+ TEST_START("fuzz ECDSA sig");
+diff -up openssh-8.7p1/regress/unittests/sshkey/test_sshkey.c.sshrsacheck openssh-8.7p1/regress/unittests/sshkey/test_sshkey.c
+--- openssh-8.7p1/regress/unittests/sshkey/test_sshkey.c.sshrsacheck 2023-01-26 11:02:52.339413463 +0100
++++ openssh-8.7p1/regress/unittests/sshkey/test_sshkey.c 2023-01-26 11:58:42.324253896 +0100
+@@ -60,6 +60,9 @@ build_cert(struct sshbuf *b, struct sshk
+ u_char *sigblob;
+ size_t siglen;
+
++ /* ssh-rsa implies SHA1, forbidden in DEFAULT cp */
++ int expected = (sig_alg == NULL || strcmp(sig_alg, "ssh-rsa") == 0) ? SSH_ERR_LIBCRYPTO_ERROR : 0;
++
+ ca_buf = sshbuf_new();
+ ASSERT_PTR_NE(ca_buf, NULL);
+ ASSERT_INT_EQ(sshkey_putb(ca_key, ca_buf), 0);
+@@ -101,8 +104,9 @@ build_cert(struct sshbuf *b, struct sshk
+ ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */
+ ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */
+ ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen,
+- sshbuf_ptr(b), sshbuf_len(b), sig_alg, NULL, NULL, 0), 0);
+- ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */
++ sshbuf_ptr(b), sshbuf_len(b), sig_alg, NULL, NULL, 0), expected);
++ if (expected == 0)
++ ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */
+
+ free(sigblob);
+ sshbuf_free(ca_buf);
+@@ -119,16 +123,22 @@ signature_test(struct sshkey *k, struct
+ {
+ size_t len;
+ u_char *sig;
++ /* ssh-rsa implies SHA1, forbidden in DEFAULT cp */
++ int expected = (sig_alg && strcmp(sig_alg, "ssh-rsa") == 0) ? SSH_ERR_LIBCRYPTO_ERROR : 0;
++ if (k && (sshkey_type_plain(k->type) == KEY_DSA || sshkey_type_plain(k->type) == KEY_DSA_CERT))
++ expected = SSH_ERR_LIBCRYPTO_ERROR;
+
+ ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg,
+- NULL, NULL, 0), 0);
+- ASSERT_SIZE_T_GT(len, 8);
+- ASSERT_PTR_NE(sig, NULL);
+- ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
+- ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, NULL, 0, NULL), 0);
+- /* Fuzz test is more comprehensive, this is just a smoke test */
+- sig[len - 5] ^= 0x10;
+- ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
++ NULL, NULL, 0), expected);
++ if (expected == 0) {
++ ASSERT_SIZE_T_GT(len, 8);
++ ASSERT_PTR_NE(sig, NULL);
++ ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
++ ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, NULL, 0, NULL), 0);
++ /* Fuzz test is more comprehensive, this is just a smoke test */
++ sig[len - 5] ^= 0x10;
++ ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
++ }
+ free(sig);
+ }
+
+@@ -514,7 +524,7 @@ sshkey_tests(void)
+ ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
+ NULL), 0);
+ k3 = get_private("rsa_1");
+- build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, NULL);
++ build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, "rsa-sha2-256");
+ ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4),
+ SSH_ERR_KEY_CERT_INVALID_SIGN_KEY);
+ ASSERT_PTR_EQ(k4, NULL);
+diff -up openssh-8.7p1/regress/unittests/sshsig/tests.c.sshrsacheck openssh-8.7p1/regress/unittests/sshsig/tests.c
+--- openssh-8.7p1/regress/unittests/sshsig/tests.c.sshrsacheck 2023-01-26 12:19:23.659513651 +0100
++++ openssh-8.7p1/regress/unittests/sshsig/tests.c 2023-01-26 12:20:28.021044803 +0100
+@@ -102,9 +102,11 @@ tests(void)
+ check_sig("rsa.pub", "rsa.sig", msg, namespace);
+ TEST_DONE();
+
++ /* Skip this test, SHA1 signatures are not supported
+ TEST_START("check DSA signature");
+ check_sig("dsa.pub", "dsa.sig", msg, namespace);
+ TEST_DONE();
++ */
+
+ #ifdef OPENSSL_HAS_ECC
+ TEST_START("check ECDSA signature");
diff -up openssh-8.7p1/serverloop.c.sshrsacheck openssh-8.7p1/serverloop.c
--- openssh-8.7p1/serverloop.c.sshrsacheck 2023-01-12 14:57:08.118400073 +0100
+++ openssh-8.7p1/serverloop.c 2023-01-12 14:59:17.330470518 +0100
@@ -57,6 +306,24 @@ diff -up openssh-8.7p1/serverloop.c.sshrsacheck openssh-8.7p1/serverloop.c
debug3_f("sign %s key (index %d) using sigalg %s",
sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg);
if ((r = sshbuf_put_cstring(sigbuf,
+diff -up openssh-8.7p1/sshconnect2.c.sshrsacheck openssh-8.7p1/sshconnect2.c
+--- openssh-8.7p1/sshconnect2.c.sshrsacheck 2023-01-25 15:33:29.140353651 +0100
++++ openssh-8.7p1/sshconnect2.c 2023-01-25 15:59:34.225364883 +0100
+@@ -1461,6 +1464,14 @@ identity_sign(struct identity *id, u_cha
+ retried = 1;
+ goto retry_pin;
+ }
++ if ((r == SSH_ERR_LIBCRYPTO_ERROR) && strcmp("ssh-rsa", alg)) {
++ char rsa_safe_alg[] = "rsa-sha2-512";
++ debug3_f("trying to fallback to algorithm %s", rsa_safe_alg);
++
++ if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
++ rsa_safe_alg, options.sk_provider, pin, compat)) != 0)
++ debug_fr(r, "sshkey_sign - RSA fallback");
++ }
+ goto out;
+ }
+
diff -up openssh-8.7p1/sshd.c.sshrsacheck openssh-8.7p1/sshd.c
--- openssh-8.7p1/sshd.c.sshrsacheck 2023-01-12 13:29:06.355711140 +0100
+++ openssh-8.7p1/sshd.c 2023-01-12 13:29:06.358711178 +0100
@@ -68,7 +335,7 @@ diff -up openssh-8.7p1/sshd.c.sshrsacheck openssh-8.7p1/sshd.c
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
-@@ -1938,6 +1950,19 @@ main(int ac, char **av)
+@@ -1938,6 +1950,33 @@ main(int ac, char **av)
key = NULL;
continue;
}
@@ -78,13 +345,27 @@ diff -up openssh-8.7p1/sshd.c.sshrsacheck openssh-8.7p1/sshd.c
+ u_char data[] = "Test SHA1 vector";
+ int res;
+
-+ res = ssh_rsa_sign(key, &tmp, &sign_size, data, sizeof(data), NULL);
++ res = sshkey_sign(key, &tmp, &sign_size, data, sizeof(data), NULL, NULL, NULL, 0);
+ free(tmp);
+ if (res == SSH_ERR_LIBCRYPTO_ERROR) {
-+ logit_f("sshd: ssh-rsa algorithm is disabled");
++ verbose_f("sshd: SHA1 in signatures is disabled for RSA keys");
+ forbid_ssh_rsa = 1;
+ }
+ }
++ if (key && (sshkey_type_plain(key->type) == KEY_DSA || sshkey_type_plain(key->type) == KEY_DSA_CERT)) {
++ size_t sign_size = 0;
++ u_char *tmp = NULL;
++ u_char data[] = "Test SHA1 vector";
++ int res;
++
++ res = sshkey_sign(key, &tmp, &sign_size, data, sizeof(data), NULL, NULL, NULL, 0);
++ free(tmp);
++ if (res == SSH_ERR_LIBCRYPTO_ERROR) {
++ logit_f("sshd: ssh-dss is disabled, skipping key file %s", options.host_key_files[i]);
++ key = NULL;
++ continue;
++ }
++ }
if (sshkey_is_sk(key) &&
key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
debug("host key %s requires user presence, ignoring",
@@ -98,3 +379,48 @@ diff -up openssh-8.7p1/sshd.c.sshrsacheck openssh-8.7p1/sshd.c
/* Prepare the channels layer */
channel_init_channels(ssh);
channel_set_af(ssh, options.address_family);
+diff -Nur openssh-8.7p1/ssh-keygen.c openssh-8.7p1_patched/ssh-keygen.c
+--- openssh-8.7p1/ssh-keygen.c 2023-01-18 17:41:47.894515779 +0100
++++ openssh-8.7p1_patched/ssh-keygen.c 2023-01-18 17:41:44.500488818 +0100
+@@ -491,6 +491,8 @@
+ BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
+ BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
++ char rsa_safe_alg[] = "rsa-sha2-256";
++ char *alg = NULL;
+
+ if ((r = sshbuf_get_u32(b, &magic)) != 0)
+ fatal_fr(r, "parse magic");
+@@ -590,6 +592,7 @@ do_convert_private_ssh2(struct sshbuf *b
+ if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
+ fatal_fr(r, "generate RSA parameters");
+ BN_clear_free(rsa_iqmp);
++ alg = rsa_safe_alg;
+ break;
+ }
+ rlen = sshbuf_len(b);
+@@ -598,9 +601,9 @@ do_convert_private_ssh2(struct sshbuf *b
+
+ /* try the key */
+ if (sshkey_sign(key, &sig, &slen, data, sizeof(data),
+- NULL, NULL, NULL, 0) != 0 ||
++ alg, NULL, NULL, 0) != 0 ||
+ sshkey_verify(key, sig, slen, data, sizeof(data),
+- NULL, 0, NULL) != 0) {
++ alg, 0, NULL) != 0) {
+ sshkey_free(key);
+ free(sig);
+ return NULL;
+diff -up openssh-8.7p1/ssh-rsa.c.sshrsacheck openssh-8.7p1/ssh-rsa.c
+--- openssh-8.7p1/ssh-rsa.c.sshrsacheck 2023-01-20 13:07:54.180676144 +0100
++++ openssh-8.7p1/ssh-rsa.c 2023-01-20 13:07:54.290677074 +0100
+@@ -254,7 +254,8 @@ ssh_rsa_verify(const struct sshkey *key,
+ ret = SSH_ERR_INVALID_ARGUMENT;
+ goto out;
+ }
+- if (hash_alg != want_alg) {
++ if (hash_alg != want_alg && want_alg != SSH_DIGEST_SHA1) {
++ debug_f("Unexpected digest algorithm: got %d, wanted %d", hash_alg, want_alg);
+ ret = SSH_ERR_SIGNATURE_INVALID;
+ goto out;
+ }
diff --git a/openssh-9.3p1-upstream-cve-2023-38408.patch b/openssh-9.3p1-upstream-cve-2023-38408.patch
new file mode 100644
index 0000000..5632ba1
--- /dev/null
+++ b/openssh-9.3p1-upstream-cve-2023-38408.patch
@@ -0,0 +1,17 @@
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
+index 6be647ec..ebddf6c3 100644
+--- a/ssh-pkcs11.c
++++ b/ssh-pkcs11.c
+@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
+ error("dlopen %s failed: %s", provider_module, dlerror());
+ goto fail;
+ }
+- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
+- error("dlsym(C_GetFunctionList) failed: %s", dlerror());
+- goto fail;
+- }
++ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
++ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
+
+ p->module->handle = handle;
+ /* setup the pkcs11 callbacks */
diff --git a/openssh.spec b/openssh.spec
index 350d05e..b7b2434 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -55,8 +55,8 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.7p1
-%global openssh_rel 29
-%global hyperscale_rel 6
+%global openssh_rel 34
+%global hyperscale_rel 7
%global pam_ssh_agent_ver 0.10.4
%global pam_ssh_agent_rel 5
@@ -275,6 +275,23 @@ Patch1007: openssh-8.7p1-nohostsha1proof.patch
# to fix 1005
Patch1008: openssh-8.7p1-CVE-2023-25136.patch
+# fips compliance for signing, dh, ecdh
+Patch1009: openssh-8.7p1-evp-fips-compl-sign.patch
+Patch1010: openssh-8.7p1-evp-fips-compl-dh.patch
+Patch1011: openssh-8.7p1-evp-fips-compl-ecdh.patch
+Patch1012: openssh-8.7p1-evp-pkcs11.patch
+
+# clarify rhbz#2068423 on the man page of ssh_config
+Patch1013: openssh-8.7p1-man-hostkeyalgos.patch
+# upstream commits
+# ec1ddb72a146fd66d18df9cd423517453a5d8044
+# b98a42afb69d60891eb0488935990df6ee571c4
+# a00f59a645072e5f5a8d207af15916a7b23e2642
+Patch1014: openssh-8.7p1-UTC-time-parse.patch
+# upsream commit
+# b23fe83f06ee7e721033769cfa03ae840476d280
+Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch
+
# c9s specific logic factored out of openssh-7.7p1-fips.patch
Patch2000: openssh-7.7p1-fips-warning.patch
@@ -524,6 +541,15 @@ popd
%patch1007 -p1 -b .sshrsacheck
%patch1008 -p1 -b .cve-2023-25136
+%patch1009 -p1 -b .evp_fips_sign
+%patch1010 -p1 -b .evp_fips_dh
+%patch1011 -p1 -b .evp_fips_ecdh
+%patch1012 -p1 -b .evp_pkcs11
+
+%patch1013 -p1 -b .man-hostkeyalgos
+%patch1014 -p1 -b .utc_parse
+%patch1015 -p1 -b .cve-2023-38408
+
%if 0%{?facebook} && !0%{?use_quilt}
%patch2010 -p1 -b .log_session_id
%patch2011 -p1 -b .slog
@@ -827,9 +853,51 @@ test -f %{sysconfig_anaconda} && \
%endif
%changelog
+* Thu Aug 3 2023 Raymond Colebaugh <raymondcolebaugh@gmail.com> - 8.7p1-34.7 + 0.10.4-5.7
+- Merge new changes from upstream
+
+* Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-34
+- Avoid remote code execution in ssh-agent PKCS#11 support
+ Resolves: CVE-2023-38408
+
+* Tue Jun 13 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-33
+- Allow specifying validity interval in UTC
+ Resolves: rhbz#2115043
+
+* Wed May 24 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-32
+- Fix pkcs11 issue with the recent changes
+- Delete unnecessary log messages from previous compl-dh patch
+- Add ssh_config man page explanation on rhbz#2068423
+- Resolves: rhbz#2207793, rhbz#2209096
+
+* Tue May 16 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-31
+- Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch:
+- Check return values
+- Use EVP API to get the size of DH
+- Add some log debug lines
+- Related: rhbz#2091694
+
* Mon Apr 24 2023 Raymond Colebaugh <raymondcolebaugh@gmail.com> - 8.7p1-29.6 + 0.10.4-5.6
- Merge new changes from upstream
+* Thu Apr 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-30
+- Some non-terminating processes were listening on ports.
+ Resolves: rhbz#2177768
+- On sshd startup, we check whether signing using the SHA1 for signing is
+ available and don't use it when it isn't.
+- On ssh private key conversion we explicitly use SHA2 for testing RSA keys.
+- In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) )
+ to SHA2 on host keys proof confirmation.
+- On a client side we permit SHA2-based proofs from server when requested SHA1
+ proof (or didn't specify the hash algorithm that implies SHA1 on the client
+ side). It is aligned with already present exception for RSA certificates.
+- We fallback to SHA2 if SHA1 signatures is not available on the client side
+ (file sshconnect2.c).
+- We skip dss-related tests (they don't work without SHA1).
+ Resolves: rhbz#2070163
+- FIPS compliance efforts for dh, ecdh and signing
+ Resolves: rhbz#2091694
+
* Thu Apr 06 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-29
- Resolve possible self-DoS with some clients
Resolves: rhbz#2186473