Overview

Request 849311 accepted

- Fix build breakage caused by missing security key objects:
+ Modify openssh-7.7p1-cavstest-ctr.patch.
+ Modify openssh-7.7p1-cavstest-kdf.patch.
+ Add openssh-link-with-sk.patch.

- Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939).
This ensures only approved DH parameters are used in FIPS mode.

- Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799).
This uses OpenSSL's RAND_bytes() directly instead of the internal
ChaCha20-based implementation to obtain random bytes for Ed25519
curve computations. This is required for FIPS compliance.

Staging Bot's avatar
Staging Bot (staging-bot) -

@hpjansson, @vitezslav_cizek: review reminder

Staging Bot's avatar
Staging Bot (staging-bot) -

@hpjansson, @vitezslav_cizek: review reminder

Request History
Hans Petter Jansson's avatar

hpjansson created request

- Fix build breakage caused by missing security key objects:
+ Modify openssh-7.7p1-cavstest-ctr.patch.
+ Modify openssh-7.7p1-cavstest-kdf.patch.
+ Add openssh-link-with-sk.patch.

- Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939).
This ensures only approved DH parameters are used in FIPS mode.

- Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799).
This uses OpenSSL's RAND_bytes() directly instead of the internal
ChaCha20-based implementation to obtain random bytes for Ed25519
curve computations. This is required for FIPS compliance.

Hans Petter Jansson's avatar

hpjansson accepted request

Accepting my own submission.

openSUSE Build Service is sponsored by
Places