don't create RSA1 key in FIPS mode

2012-04-06 21:00:10 +02:00 · 2012-04-06 21:00:10 +02:00 · 2539b1c4f2
commit 2539b1c4f2
parent 7294a991a2
1 changed files with 9 additions and 1 deletions
--- a/10
+++ b/10
@ -17,8 +17,16 @@ RSA1_KEY=/etc/ssh/ssh_host_key
 RSA_KEY=/etc/ssh/ssh_host_rsa_key
 DSA_KEY=/etc/ssh/ssh_host_dsa_key

+fips_enabled() {
+	if [ -r /proc/sys/crypto/fips_enabled ]; then
+		cat /proc/sys/crypto/fips_enabled
+	else
+		echo 0
+	fi
+}
+
 do_rsa1_keygen() {
-	if [ ! -s $RSA1_KEY ]; then
+	if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
 		echo -n $"Generating SSH1 RSA host key: "
 		rm -f $RSA1_KEY
 		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then