moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-02-28 09:21:50 -05:00
Code Issues Releases Wiki Activity

libssh2: add support for ECDSA and ed25519 knownhost keys

Browse Source 
... if a new enough libssh2 version is present.

Source: https://curl.haxx.se/mail/archive-2019-12/0023.html
Co-Authored-by: Daniel Stenberg
Closes #4714
This commit is contained in:
Santino Keupp 2019-12-13 22:55:18 +01:00 committed by Daniel Stenberg
parent 38797e8811
commit 1d2d3feb21
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 82 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
lib/vssh/libssh2.c
View File

@ -466,9 +466,42 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
struct curl_khkey *knownkeyp = NULL; struct curl_khkey *knownkeyp = NULL;
struct curl_khkey foundkey; struct curl_khkey foundkey;
keybit = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)? switch(keytype) {
LIBSSH2_KNOWNHOST_KEY_SSHRSA:LIBSSH2_KNOWNHOST_KEY_SSHDSS; case LIBSSH2_HOSTKEY_TYPE_RSA:
keybit = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
break;
case LIBSSH2_HOSTKEY_TYPE_DSS:
keybit = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
break;
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
break;
#endif
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_384
case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
break;
#endif
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_521
case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
break;
#endif
#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
case LIBSSH2_HOSTKEY_TYPE_ED25519:
keybit = LIBSSH2_KNOWNHOST_KEY_ED25519;
break;
#endif
default:
infof(data, "unsupported key type, can't check knownhosts!\n");
keybit = 0;
break;
}
if(!keybit)
/* no check means failure! */
rc = CURLKHSTAT_REJECT;
else {
#ifdef HAVE_LIBSSH2_KNOWNHOST_CHECKP #ifdef HAVE_LIBSSH2_KNOWNHOST_CHECKP
keycheck = libssh2_knownhost_checkp(sshc->kh, keycheck = libssh2_knownhost_checkp(sshc->kh,
conn->host.name, conn->host.name,
@ -522,6 +555,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
keymatch, data->set.ssh_keyfunc_userp); keymatch, data->set.ssh_keyfunc_userp);
Curl_set_in_callback(data, false); Curl_set_in_callback(data, false);
} }
}
else else
/* no remotekey means failure! */ /* no remotekey means failure! */
rc = CURLKHSTAT_REJECT; rc = CURLKHSTAT_REJECT;