From de7903a63308331bb0fdfa8f992cf5cd094edb8b Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 26 Dec 2024 16:12:24 +0100
Subject: [PATCH] Do not import Ed25519 keys in FIPS Mode

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
---
 src/pki.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/pki.c b/src/pki.c
index 28ee3db9..d42a6338 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -1340,6 +1340,12 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
             {
                 ssh_string pubkey = NULL, privkey = NULL;
 
+                if (ssh_fips_mode()) {
+                    SSH_LOG(SSH_LOG_TRACE,
+                            "Ed25519 keys not supported in FIPS mode");
+                    goto fail;
+                }
+
                 rc = ssh_buffer_unpack(buffer, "SS", &pubkey, &privkey);
                 if (rc != SSH_OK){
                     SSH_LOG(SSH_LOG_TRACE, "Unpack error");