diff options
author | Daniel P. Berrangé <berrange@redhat.com> | 2021-06-22 12:51:56 +0100 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2021-06-30 12:45:32 +0200 |
commit | bf783261f0aee6e81af3916bff7606d71ccdc153 (patch) | |
tree | 5759aec7d24a5cfa48ecf27830ac60c7bd461f8c /block | |
parent | 7170170866f74f3ee9e3a143c959c97c2bc5897e (diff) |
block/ssh: add support for sha256 host key fingerprints
Currently the SSH block driver supports MD5 and SHA1 for host key
fingerprints. This is a cryptographically sensitive operation and
so these hash algorithms are inadequate by modern standards. This
adds support for SHA256 which has been supported in libssh since
the 0.8.1 release.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210622115156.138458-1-berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block')
-rw-r--r-- | block/ssh.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/block/ssh.c b/block/ssh.c index b51a031620..d008caf059 100644 --- a/block/ssh.c +++ b/block/ssh.c @@ -442,6 +442,9 @@ static int check_host_key(BDRVSSHState *s, SshHostKeyCheck *hkc, Error **errp) } else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA1) { return check_host_key_hash(s, hkc->u.hash.hash, SSH_PUBLICKEY_HASH_SHA1, errp); + } else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA256) { + return check_host_key_hash(s, hkc->u.hash.hash, + SSH_PUBLICKEY_HASH_SHA256, errp); } g_assert_not_reached(); break; |