pam_ssh_agent_auth: prevent using MD5 in Fips mode
This commit is contained in:
parent
53c9992786
commit
bda184b249
@ -637,3 +637,25 @@ diff -up openssh-7.2p1/sshkey.c.fips openssh-7.2p1/sshkey.c
|
|||||||
ret = SSH_ERR_LIBCRYPTO_ERROR;
|
ret = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
diff --git a/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c b/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c
|
||||||
|
index 688b1b1..a3c1541 100644
|
||||||
|
--- a/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c
|
||||||
|
+++ b/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c
|
||||||
|
@@ -55,6 +55,7 @@
|
||||||
|
#include "secure_filename.h"
|
||||||
|
#include "uidswap.h"
|
||||||
|
#include <unistd.h>
|
||||||
|
+#include <openssl/crypto.h>
|
||||||
|
|
||||||
|
#include "identity.h"
|
||||||
|
|
||||||
|
@@ -104,7 +105,8 @@ pamsshagentauth_check_authkeys_file(FILE * f, char *file, Key * key)
|
||||||
|
found_key = 1;
|
||||||
|
logit("matching key found: file/command %s, line %lu", file,
|
||||||
|
linenum);
|
||||||
|
- fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX);
|
||||||
|
+ fp = sshkey_fingerprint(found, FIPS_mode() ? SSH_DIGEST_SHA1 : SSH_DIGEST_MD5,
|
||||||
|
+ SSH_FP_HEX);
|
||||||
|
logit("Found matching %s key: %s",
|
||||||
|
key_type(found), fp);
|
||||||
|
free(fp);
|
||||||
|
Loading…
Reference in New Issue
Block a user