2 files changed, 81 insertions, 0 deletions

diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 320dc032..f6cce1e4 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -564,6 +564,7 @@ LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key,
 
 LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key);
 
+LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len);
 LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
 LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
 LIBSSH_API int ssh_send_debug (ssh_session session, const char *message, int always_display);
diff --git a/src/dh.c b/src/dh.c
index bf1ade8b..66a0e704 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -1098,6 +1098,38 @@ out:
 }
 
 /**
+ * @internal
+ *
+ * @brief Convert a buffer into an unpadded base64 string.
+ * The caller has to free the memory.
+ *
+ * @param  hash         What should be converted to a base64 string.
+ *
+ * @param  len          Length of the buffer to convert.
+ *
+ * @return              The base64 string or NULL on error.
+ *
+ * @see ssh_string_free_char()
+ */
+static char *ssh_get_b64_unpadded(const unsigned char *hash, size_t len)
+{
+    char *b64_padded = NULL;
+    char *b64_unpadded = NULL;
+    size_t k;
+
+    b64_padded = (char *)bin_to_base64(hash, (int)len);
+    if (b64_padded == NULL) {
+        return NULL;
+    }
+    for (k = strlen(b64_padded); k != 0 && b64_padded[k-1] == '='; k--);
+
+    b64_unpadded = strndup(b64_padded, k);
+    SAFE_FREE(b64_padded);
+
+    return b64_unpadded;
+}
+
+/**
  * @brief Convert a buffer into a colon separated hex string.
  * The caller has to free the memory.
  *
@@ -1135,6 +1167,54 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
 }
 
 /**
+ * @brief Print a hash as a human-readable hex- or base64-string.
+ *
+ * This function prints hex strings if the given hash is a md5 sum.
+ * But prints unpadded base64 strings for sha sums.
+ * Either way, the output is prepended by the hash-type.
+ *
+ * @param  type         Which sort of hash is given.
+ *
+ * @param  hash         What should be converted to a base64 string.
+ *
+ * @param  len          Length of the buffer to convert.
+ */
+void ssh_print_hash(enum ssh_publickey_hash_type type,
+                    unsigned char *hash,
+                    size_t len) {
+    const char *prefix = "UNKNOWN";
+    char *fingerprint = NULL;
+
+    switch (type) {
+    case SSH_PUBLICKEY_HASH_SHA1:
+    case SSH_PUBLICKEY_HASH_SHA256:
+        fingerprint = ssh_get_b64_unpadded(hash, len);
+        break;
+    case SSH_PUBLICKEY_HASH_MD5:
+        fingerprint = ssh_get_hexa(hash, len);
+        break;
+    }
+    if (fingerprint == NULL) {
+        return;
+    }
+
+    switch (type) {
+    case SSH_PUBLICKEY_HASH_MD5:
+        prefix = "MD5";
+        break;
+    case SSH_PUBLICKEY_HASH_SHA1:
+        prefix = "SHA1";
+        break;
+    case SSH_PUBLICKEY_HASH_SHA256:
+        prefix = "SHA256";
+        break;
+    }
+    fprintf(stderr, "%s:%s\n", prefix, fingerprint);
+
+    SAFE_FREE(fingerprint);
+}
+
+/**
  * @brief Print a buffer as colon separated hex string.
  *
  * @param  descr        Description printed in front of the hex string.