diff options
author | Jeff Forcier <jeff@bitprophet.org> | 2019-06-07 21:57:31 -0400 |
---|---|---|
committer | Jeff Forcier <jeff@bitprophet.org> | 2019-06-07 21:57:31 -0400 |
commit | 73ea805722ffe335b065ce38b439b1f3fd2a391b (patch) | |
tree | 2371c766b659b2c1226a24d7700e3e03472ac926 /paramiko/kex_curve25519.py | |
parent | a60656746edd696df78e1208d2c42647d47c808c (diff) | |
download | paramiko-73ea805722ffe335b065ce38b439b1f3fd2a391b.tar.gz |
Turns out this hash_algo thing is a required part of the Kex 'API'
and it falls back to sha1, which is Very Wrong most of the time
Puts the 'gac' in 'Legacy code'
Diffstat (limited to 'paramiko/kex_curve25519.py')
-rw-r--r-- | paramiko/kex_curve25519.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/paramiko/kex_curve25519.py b/paramiko/kex_curve25519.py index 85448fb6..59710c1a 100644 --- a/paramiko/kex_curve25519.py +++ b/paramiko/kex_curve25519.py @@ -18,6 +18,8 @@ c_MSG_KEXECDH_INIT, c_MSG_KEXECDH_REPLY = [byte_chr(c) for c in range(30, 32)] class KexCurve25519(object): + hash_algo = hashlib.sha256 + def __init__(self, transport): self.transport = transport self.key = None @@ -85,7 +87,7 @@ class KexCurve25519(object): hm.add_string(peer_key_bytes) hm.add_string(exchange_key_bytes) hm.add_mpint(K) - H = hashlib.sha256(hm.asbytes()).digest() + H = self.hash_algo(hm.asbytes()).digest() self.transport._set_K_H(K, H) sig = self.transport.get_server_key().sign_ssh_data(H) # construct reply @@ -122,6 +124,6 @@ class KexCurve25519(object): ) hm.add_string(peer_key_bytes) hm.add_mpint(K) - self.transport._set_K_H(K, hashlib.sha256(hm.asbytes()).digest()) + self.transport._set_K_H(K, self.hash_algo(hm.asbytes()).digest()) self.transport._verify_key(peer_host_key_bytes, sig) self.transport._activate_outbound() |