upstream commit
Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.
Feedback and ok naddy@ markus@
diff --git a/krl.c b/krl.c
index 5a5cdde..3439e9c 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.20 2014/12/04 01:49:59 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.21 2014/12/21 22:27:56 djm Exp $ */
#include "includes.h"
@@ -36,6 +36,7 @@
#include "misc.h"
#include "log.h"
#include "ssherr.h"
+#include "digest.h"
#include "krl.h"
@@ -411,7 +412,8 @@
int r;
debug3("%s: revoke type %s by sha1", __func__, sshkey_type(key));
- if ((r = sshkey_fingerprint_raw(key, SSH_FP_SHA1, &blob, &len)) != 0)
+ if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA1,
+ &blob, &len)) != 0)
return r;
return revoke_blob(&krl->revoked_sha1s, blob, len);
}
@@ -1151,7 +1153,7 @@
/* Check explicitly revoked hashes first */
memset(&rb, 0, sizeof(rb));
- if ((r = sshkey_fingerprint_raw(key, SSH_FP_SHA1,
+ if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA1,
&rb.blob, &rb.len)) != 0)
return r;
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);