Commit 48c3f7e1 by Anders Borum

ssh: include sha256 host key hash when supported

parent 47dd665a
...@@ -78,6 +78,8 @@ typedef enum { ...@@ -78,6 +78,8 @@ typedef enum {
GIT_CERT_SSH_MD5 = (1 << 0), GIT_CERT_SSH_MD5 = (1 << 0),
/** SHA-1 is available */ /** SHA-1 is available */
GIT_CERT_SSH_SHA1 = (1 << 1), GIT_CERT_SSH_SHA1 = (1 << 1),
/** SHA-256 is available */
GIT_CERT_SSH_SHA256 = (1 << 2),
} git_cert_ssh_t; } git_cert_ssh_t;
/** /**
...@@ -103,6 +105,12 @@ typedef struct { ...@@ -103,6 +105,12 @@ typedef struct {
* have the SHA-1 hash of the hostkey. * have the SHA-1 hash of the hostkey.
*/ */
unsigned char hash_sha1[20]; unsigned char hash_sha1[20];
/**
* Hostkey hash. If type has `GIT_CERT_SSH_SHA256` set, this will
* have the SHA-256 hash of the hostkey.
*/
unsigned char hash_sha256[32];
} git_cert_hostkey; } git_cert_hostkey;
/** /**
......
...@@ -566,6 +566,14 @@ post_extract: ...@@ -566,6 +566,14 @@ post_extract:
cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2; cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
#ifdef LIBSSH2_HOSTKEY_HASH_SHA256
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
if (key != NULL) {
cert.type |= GIT_CERT_SSH_SHA256;
memcpy(&cert.hash_sha256, key, 32);
}
#endif
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
if (key != NULL) { if (key != NULL) {
cert.type |= GIT_CERT_SSH_SHA1; cert.type |= GIT_CERT_SSH_SHA1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment