Do not generate dsa and ed25519 key types when crypto FIPS mode is enabled (#2142) (!47) · Merge requests · Red Hat / centos-stream / src / cloud-init

Ani Sinha requested to merge anisinha/cloud-init:bz2187164 into c9s May 02, 2023

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2187164

Cherry-pick the following upstream commit without conflicts. One minor change needed to be made in file cloudinit/config/cc_ssh.py. LOG was replaced by log as that is what is used in our version of the file.

Do not generate dsa and ed25519 key types when crypto FIPS mode is enabled (#2142)
    
    DSA and ED25519 key types are not supported when FIPS is enabled in crypto.
    Check if FIPS has been enabled on the system and if so, do not generate those
    key types. Presently the check is only available on Linux systems.
    
    LP: 2017761
    RHBZ: 2187164
    
    Signed-off-by: Ani Sinha <anisinha@redhat.com>
    (cherry picked from commit c53f04aeb2acf9526a2ebf3d3320f149ac46caa6)

Edited May 02, 2023 by Ani Sinha

Do not generate dsa and ed25519 key types when crypto FIPS mode is enabled (#2142)

Merge request reports