Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
This commit is contained in:
parent
0d823b2f2a
commit
b17ff3bc91
@ -348,7 +348,7 @@ diff -up openssh-8.6p1/sshd.c.fips openssh-8.6p1/sshd.c
|
|||||||
&key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
|
&key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
|
||||||
do_log2_r(r, ll, "Unable to load host key \"%s\"",
|
do_log2_r(r, ll, "Unable to load host key \"%s\"",
|
||||||
options.host_key_files[i]);
|
options.host_key_files[i]);
|
||||||
+ if (FIPS_mode() && (sshkey_type_plain(key->type) == KEY_ED25519_SK
|
+ if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK
|
||||||
+ || sshkey_type_plain(key->type) == KEY_ED25519)) {
|
+ || sshkey_type_plain(key->type) == KEY_ED25519)) {
|
||||||
+ logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
|
+ logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
|
||||||
+ sshkey_free(key);
|
+ sshkey_free(key);
|
||||||
|
@ -51,7 +51,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.7p1
|
%global openssh_ver 8.7p1
|
||||||
%global openssh_rel 14
|
%global openssh_rel 15
|
||||||
%global pam_ssh_agent_ver 0.10.4
|
%global pam_ssh_agent_ver 0.10.4
|
||||||
%global pam_ssh_agent_rel 4
|
%global pam_ssh_agent_rel 4
|
||||||
|
|
||||||
@ -720,6 +720,10 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-15
|
||||||
|
- Disable ed25519 and ed25519-sk keys in FIPS mode
|
||||||
|
Related: rhbz#2087915
|
||||||
|
|
||||||
* Wed Jul 13 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-14
|
* Wed Jul 13 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-14
|
||||||
- Disable ed25519 and ed25519-sk keys in FIPS mode
|
- Disable ed25519 and ed25519-sk keys in FIPS mode
|
||||||
Related: rhbz#2087915
|
Related: rhbz#2087915
|
||||||
|
Loading…
Reference in New Issue
Block a user