Patchwork [4,of,8] util: add sha256

login
register
mail settings
Submitter Gregory Szorc
Date May 28, 2016, 8:04 p.m.
Message ID <91e745e440f753fb6c04.1464465866@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15232/
State Accepted
Headers show

Comments

Gregory Szorc - May 28, 2016, 8:04 p.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1464465448 25200
#      Sat May 28 12:57:28 2016 -0700
# Node ID 91e745e440f753fb6c04516dfb507cf9aba585fb
# Parent  f38165c251143b5ac249773a12a1f993da539974
util: add sha256

Upcoming patches will teach host fingerprint checking to verify
non-SHA1 fingerprints.

Many x509 certificates these days are SHA-256. And modern browsers
often display the SHA-256 fingerprint for certificates. Since
SHA-256 fingerprints are highly visible and easy to obtain, we
want to support them for fingerprint pinning. So add SHA-256
support to util.

I did not add SHA-256 to DIGESTS and DIGESTS_BY_STRENGTH because
this will advertise the algorithm on the wire protocol. I wasn't
sure if that would be appropriate. I'm playing it safe by leaving
it out for now.

Patch

diff --git a/mercurial/util.py b/mercurial/util.py
--- a/mercurial/util.py
+++ b/mercurial/util.py
@@ -60,16 +60,17 @@  urlreq = pycompat.urlreq
 
 if os.name == 'nt':
     from . import windows as platform
 else:
     from . import posix as platform
 
 md5 = hashlib.md5
 sha1 = hashlib.sha1
+sha256 = hashlib.sha256
 sha512 = hashlib.sha512
 _ = i18n._
 
 cachestat = platform.cachestat
 checkexec = platform.checkexec
 checklink = platform.checklink
 copymode = platform.copymode
 executablepath = platform.executablepath