aboutsummaryrefslogtreecommitdiff
path: root/block
diff options
context:
space:
mode:
authorDaniel P. Berrangé <berrange@redhat.com>2021-06-22 12:51:56 +0100
committerKevin Wolf <kwolf@redhat.com>2021-06-30 12:45:32 +0200
commitbf783261f0aee6e81af3916bff7606d71ccdc153 (patch)
tree5759aec7d24a5cfa48ecf27830ac60c7bd461f8c /block
parent7170170866f74f3ee9e3a143c959c97c2bc5897e (diff)
block/ssh: add support for sha256 host key fingerprints
Currently the SSH block driver supports MD5 and SHA1 for host key fingerprints. This is a cryptographically sensitive operation and so these hash algorithms are inadequate by modern standards. This adds support for SHA256 which has been supported in libssh since the 0.8.1 release. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210622115156.138458-1-berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block')
-rw-r--r--block/ssh.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/block/ssh.c b/block/ssh.c
index b51a031620..d008caf059 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -442,6 +442,9 @@ static int check_host_key(BDRVSSHState *s, SshHostKeyCheck *hkc, Error **errp)
} else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA1) {
return check_host_key_hash(s, hkc->u.hash.hash,
SSH_PUBLICKEY_HASH_SHA1, errp);
+ } else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA256) {
+ return check_host_key_hash(s, hkc->u.hash.hash,
+ SSH_PUBLICKEY_HASH_SHA256, errp);
}
g_assert_not_reached();
break;