kentpeacock / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
ac6e5f
diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
ac6e5f
--- openssh-8.6p1/sshkey.c.fips	2021-05-06 12:08:36.493926838 +0200
ac6e5f
+++ openssh-8.6p1/sshkey.c	2021-05-06 12:08:36.502926908 +0200
ac6e5f
@@ -1705,6 +1707,8 @@ rsa_generate_private_key(u_int bits, RSA
ac6e5f
		goto out;
ac6e5f
ac6e5f
	if (EVP_PKEY_keygen(ctx, &res) <= 0) {
ac6e5f
+		if (FIPS_mode())
ac6e5f
+			logit_f("the key length might be unsupported by FIPS mode approved key generation method");
ac6e5f
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
ac6e5f
 		goto out;
ac6e5f
 	}