From c8fc193f3d0fbc08561b71d793df1c62ce946fc2 Mon Sep 17 00:00:00 2001
From: Stanislav Zidek <szidek@redhat.com>
Date: Tue, 23 Sep 2014 10:59:03 +0200
Subject: [PATCH] sshd-keygen - don't generate DSA and ED25519 host keys in
 FIPS mode

---
 sshd-keygen | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sshd-keygen b/sshd-keygen
index eaf14f8..a1143f3 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -71,7 +71,7 @@ do_rsa_keygen() {
 }
 
 do_dsa_keygen() {
-	if [ ! -s $DSA_KEY ]; then
+	if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then
 		echo -n $"Generating SSH2 DSA host key: "
 		rm -f $DSA_KEY
 		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
@@ -113,7 +113,7 @@ do_ecdsa_keygen() {
 }
 
 do_ed25519_keygen() {
-	if [ ! -s $ED25519_KEY ]; then
+	if [ ! -s $ED25519_KEY -a `fips_enabled` -eq 0 ]; then
 		echo -n $"Generating SSH2 ED25519 host key: "
 		rm -f $ED25519_KEY
 		if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then