diff --git a/openssh-7.7p1-cavstest-ctr.patch b/openssh-7.7p1-cavstest-ctr.patch
index e4d6791..6772d5c 100644
--- a/openssh-7.7p1-cavstest-ctr.patch
+++ b/openssh-7.7p1-cavstest-ctr.patch
@@ -28,8 +28,8 @@ index d5c37b5..5d4fcd2 100644
  	$(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
  
 +# FIPS tests
-+cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o
-+	$(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
++cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o cavstest-ctr.o
++	$(LD) -o $@ cavstest-ctr.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2)
 +
  # test driver for the loginrec code - not built by default
  logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
diff --git a/openssh-7.7p1-cavstest-kdf.patch b/openssh-7.7p1-cavstest-kdf.patch
index 1c333f9..c838849 100644
--- a/openssh-7.7p1-cavstest-kdf.patch
+++ b/openssh-7.7p1-cavstest-kdf.patch
@@ -24,11 +24,11 @@ index 5d4fcd2..9eab827 100644
  XMSS_OBJS=\
  	ssh-xmss.o \
 @@ -251,6 +252,9 @@ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
- cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o
- 	$(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o cavstest-ctr.o
+ 	$(LD) -o $@ cavstest-ctr.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2)
  
-+cavstest-kdf$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-kdf.o
-+	$(LD) -o $@ cavstest-kdf.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
++cavstest-kdf$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o cavstest-kdf.o
++	$(LD) -o $@ cavstest-kdf.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2)
 +
  # test driver for the loginrec code - not built by default
  logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
diff --git a/openssh-8.1p1-ed25519-use-openssl-rng.patch b/openssh-8.1p1-ed25519-use-openssl-rng.patch
new file mode 100644
index 0000000..2faf97f
--- /dev/null
+++ b/openssh-8.1p1-ed25519-use-openssl-rng.patch
@@ -0,0 +1,74 @@
+commit d281831d887044ede45d458c3dda74be9ae017e3
+Author: Hans Petter Jansson <hpj@hpjansson.org>
+Date:   Fri Sep 25 23:26:58 2020 +0200
+
+    Use OpenSSL's FIPS approved RAND_bytes() to get randomness for Ed25519
+
+diff --git a/ed25519.c b/ed25519.c
+index 767ec24..5d506a9 100644
+--- a/ed25519.c
++++ b/ed25519.c
+@@ -9,6 +9,13 @@
+ #include "includes.h"
+ #include "crypto_api.h"
+ 
++#ifdef WITH_OPENSSL
++#include <openssl/rand.h>
++#include <openssl/err.h>
++#endif
++
++#include "log.h"
++
+ #include "ge25519.h"
+ 
+ static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen)
+@@ -33,7 +40,15 @@ int crypto_sign_ed25519_keypair(
+   unsigned char extsk[64];
+   int i;
+ 
++#ifdef WITH_OPENSSL
++  /* Use FIPS approved RNG */
++  if (RAND_bytes(sk, 32) <= 0)
++    fatal("Couldn't obtain random bytes (error 0x%lx)",
++          (unsigned long)ERR_get_error());
++#else
+   randombytes(sk, 32);
++#endif
++
+   crypto_hash_sha512(extsk, sk, 32);
+   extsk[0] &= 248;
+   extsk[31] &= 127;
+diff --git a/kexc25519.c b/kexc25519.c
+index f13d766..2604eda 100644
+--- a/kexc25519.c
++++ b/kexc25519.c
+@@ -33,6 +33,13 @@
+ #include <string.h>
+ #include <signal.h>
+ 
++#ifdef WITH_OPENSSL
++#include <openssl/rand.h>
++#include <openssl/err.h>
++#endif
++
++#include "log.h"
++
+ #include "sshkey.h"
+ #include "kex.h"
+ #include "sshbuf.h"
+@@ -51,7 +58,15 @@ kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
+ {
+ 	static const u_char basepoint[CURVE25519_SIZE] = {9};
+ 
++#ifdef WITH_OPENSSL
++	/* Use FIPS approved RNG */
++	if (RAND_bytes(key, CURVE25519_SIZE) <= 0)
++		fatal("Couldn't obtain random bytes (error 0x%lx)",
++		    (unsigned long)ERR_get_error());
++#else
+ 	arc4random_buf(key, CURVE25519_SIZE);
++#endif
++
+ 	crypto_scalarmult_curve25519(pub, key, basepoint);
+ }
+ 
diff --git a/openssh-fips-ensure-approved-moduli.patch b/openssh-fips-ensure-approved-moduli.patch
new file mode 100644
index 0000000..3bbdf89
--- /dev/null
+++ b/openssh-fips-ensure-approved-moduli.patch
@@ -0,0 +1,78 @@
+commit 15c95d6eb2e8bc549719578c9a16541015363360
+Author: Hans Petter Jansson <hpj@hpjansson.org>
+Date:   Mon Oct 26 22:26:46 2020 +0100
+
+    Ensure DHGs are approved in FIPS mode using OpenSSL's DH_check_params()
+
+diff --git a/dh.c b/dh.c
+index 7cb135d..3fe7f75 100644
+--- a/dh.c
++++ b/dh.c
+@@ -143,6 +143,28 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
+ 	return 0;
+ }
+ 
++static int
++dhg_is_approved(const struct dhgroup *dhg)
++{
++	BIGNUM *g, *p;
++	DH *dh;
++	int dh_status;
++	int is_ok = 0;
++
++	/* DH_set0_pqg() transfers ownership of the bignums, so we
++	 * make temporary copies here for simplicity. */
++	g = BN_dup(dhg->g);
++	p = BN_dup(dhg->p);
++	dh = dh_new_group(g, p);
++
++	if (dh) {
++		is_ok = DH_check_params(dh, &dh_status);
++	}
++
++	DH_free(dh);
++	return is_ok;
++}
++
+ DH *
+ choose_dh(int min, int wantbits, int max)
+ {
+@@ -161,12 +183,20 @@ choose_dh(int min, int wantbits, int max)
+ 	linenum = 0;
+ 	best = bestcount = 0;
+ 	while (getline(&line, &linesize, f) != -1) {
++		int dhg_is_ok;
++
+ 		linenum++;
+ 		if (!parse_prime(linenum, line, &dhg))
+ 			continue;
++
++		dhg_is_ok = dhg_is_approved(&dhg);
++
+ 		BN_clear_free(dhg.g);
+ 		BN_clear_free(dhg.p);
+ 
++		if (!dhg_is_ok)
++			continue;
++
+ 		if (dhg.size > max || dhg.size < min)
+ 			continue;
+ 
+@@ -193,10 +223,16 @@ choose_dh(int min, int wantbits, int max)
+ 	linenum = 0;
+ 	bestcount = 0;
+ 	while (getline(&line, &linesize, f) != -1) {
++		int dhg_is_ok;
++
+ 		linenum++;
+ 		if (!parse_prime(linenum, line, &dhg))
+ 			continue;
+-		if ((dhg.size > max || dhg.size < min) ||
++
++		dhg_is_ok = dhg_is_approved(&dhg);
++
++		if (!dhg_is_ok ||
++		    (dhg.size > max || dhg.size < min) ||
+ 		    dhg.size != best ||
+ 		    bestcount++ != which) {
+ 			BN_clear_free(dhg.g);
diff --git a/openssh-link-with-sk.patch b/openssh-link-with-sk.patch
new file mode 100644
index 0000000..6a3ba10
--- /dev/null
+++ b/openssh-link-with-sk.patch
@@ -0,0 +1,15 @@
+diff --git a/Makefile.in b/Makefile.in
+index 6dec09c..25e74ac 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -251,8 +251,8 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
+ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
+ 	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+ 
+-sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS)
+-	$(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o $(SFTPSERVER_OBJS)
++	$(LD) -o $@ $(SFTPSERVER_OBJS) ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2)
+ 
+ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
+ 	$(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
diff --git a/openssh.changes b/openssh.changes
index cd21072..a7ae76d 100644
--- a/openssh.changes
+++ b/openssh.changes
@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Wed Nov 11 20:05:27 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
+
+- Fix build breakage caused by missing security key objects:
+  + Modify openssh-7.7p1-cavstest-ctr.patch.
+  + Modify openssh-7.7p1-cavstest-kdf.patch.
+  + Add openssh-link-with-sk.patch.
+
+-------------------------------------------------------------------
+Wed Nov 11 18:27:55 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
+
+- Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939).
+  This ensures only approved DH parameters are used in FIPS mode.
+
+-------------------------------------------------------------------
+Wed Nov 11 18:27:54 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
+
+- Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799).
+  This uses OpenSSL's RAND_bytes() directly instead of the internal
+  ChaCha20-based implementation to obtain random bytes for Ed25519
+  curve computations. This is required for FIPS compliance.
+
 -------------------------------------------------------------------
 Thu Oct  8 21:38:27 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
 
diff --git a/openssh.spec b/openssh.spec
index 359ae20..fbd1601 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -104,6 +104,9 @@ Patch36:        openssh-8.1p1-seccomp-clock_nanosleep.patch
 Patch37:        openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
 Patch38:        openssh-8.1p1-seccomp-clock_gettime64.patch
 Patch39:        openssh-8.1p1-use-openssl-kdf.patch
+Patch40:        openssh-8.1p1-ed25519-use-openssl-rng.patch
+Patch41:        openssh-fips-ensure-approved-moduli.patch
+Patch42:        openssh-link-with-sk.patch
 BuildRequires:  audit-devel
 BuildRequires:  autoconf
 BuildRequires:  groff