Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1478462 Details for
Bug 1585191
Cockpit dashboard fails when run on a FIPS 140-2 compliant system.
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch to suppor sha256 hashes for pubkeys on libssh-0.7.x
libssh-0.7.x-sha256-pubkey-hash.patch (text/plain), 5.52 KB, created by
Andreas Schneider
on 2018-08-24 11:14:38 UTC
(
hide
)
Description:
Patch to suppor sha256 hashes for pubkeys on libssh-0.7.x
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2018-08-24 11:14:38 UTC
Size:
5.52 KB
patch
obsolete
>From f371eba701d03a7d7a622289bb434fdc0b278730 Mon Sep 17 00:00:00 2001 >From: Jan-Niklas Burfeind <libssh@aiyionpri.me> >Date: Thu, 9 Aug 2018 11:00:00 +0200 >Subject: [PATCH 1/2] dh: Add SSH_PUBLICKEY_HASH_SHA256 to > ssh_get_publickey_hash() > >Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me> >Reviewed-by: Andreas Schneider <asn@cryptomilk.org> >--- > include/libssh/libssh.h | 3 ++- > src/dh.c | 23 +++++++++++++++++++++++ > 2 files changed, 25 insertions(+), 1 deletion(-) > >diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h >index 37214898..320dc032 100644 >--- a/include/libssh/libssh.h >+++ b/include/libssh/libssh.h >@@ -444,7 +444,8 @@ LIBSSH_API int ssh_get_publickey(ssh_session session, ssh_key *key); > > enum ssh_publickey_hash_type { > SSH_PUBLICKEY_HASH_SHA1, >- SSH_PUBLICKEY_HASH_MD5 >+ SSH_PUBLICKEY_HASH_MD5, >+ SSH_PUBLICKEY_HASH_SHA256 > }; > LIBSSH_API int ssh_get_publickey_hash(const ssh_key key, > enum ssh_publickey_hash_type type, >diff --git a/src/dh.c b/src/dh.c >index d27b66eb..bf1ade8b 100644 >--- a/src/dh.c >+++ b/src/dh.c >@@ -1039,6 +1039,29 @@ int ssh_get_publickey_hash(const ssh_key key, > *hlen = SHA_DIGEST_LEN; > } > break; >+ case SSH_PUBLICKEY_HASH_SHA256: >+ { >+ SHA256CTX ctx; >+ >+ h = malloc(SHA256_DIGEST_LEN); >+ if (h == NULL) { >+ rc = -1; >+ goto out; >+ } >+ >+ ctx = sha256_init(); >+ if (ctx == NULL) { >+ free(h); >+ rc = -1; >+ goto out; >+ } >+ >+ sha256_update(ctx, ssh_string_data(blob), ssh_string_len(blob)); >+ sha256_final(h, ctx); >+ >+ *hlen = SHA256_DIGEST_LEN; >+ } >+ break; > case SSH_PUBLICKEY_HASH_MD5: > { > MD5CTX ctx; >-- >2.18.0 > > >From ab850d2472e360df8edeec06328aaed786fb8a21 Mon Sep 17 00:00:00 2001 >From: Jan-Niklas Burfeind <libssh@aiyionpri.me> >Date: Thu, 9 Aug 2018 11:00:00 +0200 >Subject: [PATCH 2/2] dh: Add ssh_print_hash() function which can deal with > sha256 > >Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me> >Reviewed-by: Andreas Schneider <asn@cryptomilk.org> >--- > include/libssh/libssh.h | 1 + > src/dh.c | 80 +++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 81 insertions(+) > >diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h >index 320dc032..f6cce1e4 100644 >--- a/include/libssh/libssh.h >+++ b/include/libssh/libssh.h >@@ -564,6 +564,7 @@ LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key, > > LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key); > >+LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len); > LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len); > LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data); > LIBSSH_API int ssh_send_debug (ssh_session session, const char *message, int always_display); >diff --git a/src/dh.c b/src/dh.c >index bf1ade8b..66a0e704 100644 >--- a/src/dh.c >+++ b/src/dh.c >@@ -1097,6 +1097,38 @@ out: > return rc; > } > >+/** >+ * @internal >+ * >+ * @brief Convert a buffer into an unpadded base64 string. >+ * The caller has to free the memory. >+ * >+ * @param hash What should be converted to a base64 string. >+ * >+ * @param len Length of the buffer to convert. >+ * >+ * @return The base64 string or NULL on error. >+ * >+ * @see ssh_string_free_char() >+ */ >+static char *ssh_get_b64_unpadded(const unsigned char *hash, size_t len) >+{ >+ char *b64_padded = NULL; >+ char *b64_unpadded = NULL; >+ size_t k; >+ >+ b64_padded = (char *)bin_to_base64(hash, (int)len); >+ if (b64_padded == NULL) { >+ return NULL; >+ } >+ for (k = strlen(b64_padded); k != 0 && b64_padded[k-1] == '='; k--); >+ >+ b64_unpadded = strndup(b64_padded, k); >+ SAFE_FREE(b64_padded); >+ >+ return b64_unpadded; >+} >+ > /** > * @brief Convert a buffer into a colon separated hex string. > * The caller has to free the memory. >@@ -1134,6 +1166,54 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) { > return hexa; > } > >+/** >+ * @brief Print a hash as a human-readable hex- or base64-string. >+ * >+ * This function prints hex strings if the given hash is a md5 sum. >+ * But prints unpadded base64 strings for sha sums. >+ * Either way, the output is prepended by the hash-type. >+ * >+ * @param type Which sort of hash is given. >+ * >+ * @param hash What should be converted to a base64 string. >+ * >+ * @param len Length of the buffer to convert. >+ */ >+void ssh_print_hash(enum ssh_publickey_hash_type type, >+ unsigned char *hash, >+ size_t len) { >+ const char *prefix = "UNKNOWN"; >+ char *fingerprint = NULL; >+ >+ switch (type) { >+ case SSH_PUBLICKEY_HASH_SHA1: >+ case SSH_PUBLICKEY_HASH_SHA256: >+ fingerprint = ssh_get_b64_unpadded(hash, len); >+ break; >+ case SSH_PUBLICKEY_HASH_MD5: >+ fingerprint = ssh_get_hexa(hash, len); >+ break; >+ } >+ if (fingerprint == NULL) { >+ return; >+ } >+ >+ switch (type) { >+ case SSH_PUBLICKEY_HASH_MD5: >+ prefix = "MD5"; >+ break; >+ case SSH_PUBLICKEY_HASH_SHA1: >+ prefix = "SHA1"; >+ break; >+ case SSH_PUBLICKEY_HASH_SHA256: >+ prefix = "SHA256"; >+ break; >+ } >+ fprintf(stderr, "%s:%s\n", prefix, fingerprint); >+ >+ SAFE_FREE(fingerprint); >+} >+ > /** > * @brief Print a buffer as colon separated hex string. > * >-- >2.18.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1478462">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1585191
: 1478462