Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
This commit is contained in:
parent
0d823b2f2a
commit
b17ff3bc91
@ -348,7 +348,7 @@ diff -up openssh-8.6p1/sshd.c.fips openssh-8.6p1/sshd.c
|
||||
&key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
|
||||
do_log2_r(r, ll, "Unable to load host key \"%s\"",
|
||||
options.host_key_files[i]);
|
||||
+ if (FIPS_mode() && (sshkey_type_plain(key->type) == KEY_ED25519_SK
|
||||
+ if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK
|
||||
+ || sshkey_type_plain(key->type) == KEY_ED25519)) {
|
||||
+ logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
|
||||
+ sshkey_free(key);
|
||||
|
@ -51,7 +51,7 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 8.7p1
|
||||
%global openssh_rel 14
|
||||
%global openssh_rel 15
|
||||
%global pam_ssh_agent_ver 0.10.4
|
||||
%global pam_ssh_agent_rel 4
|
||||
|
||||
@ -720,6 +720,10 @@ test -f %{sysconfig_anaconda} && \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jul 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-15
|
||||
- Disable ed25519 and ed25519-sk keys in FIPS mode
|
||||
Related: rhbz#2087915
|
||||
|
||||
* Wed Jul 13 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-14
|
||||
- Disable ed25519 and ed25519-sk keys in FIPS mode
|
||||
Related: rhbz#2087915
|
||||
|
Loading…
Reference in New Issue
Block a user