upstream commit Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@

commit: 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 [log] [tgz]
author: djm@openbsd.org <djm@openbsd.org> Sun Dec 21 22:27:55 2014 +0000
committer: Damien Miller <djm@mindrot.org> Mon Dec 22 09:32:29 2014 +1100
tree: 700a872e702c686c1815bb1049eb93e88079b598
parent: 058f839fe15c51be8b3a844a76ab9a8db550be4f [diff] [blame]
diff --git a/krl.c b/krl.c
index 5a5cdde..3439e9c 100644
--- a/krl.c
+++ b/krl.c

@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.20 2014/12/04 01:49:59 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.21 2014/12/21 22:27:56 djm Exp $ */
 
 #include "includes.h"
 
@@ -36,6 +36,7 @@
 #include "misc.h"
 #include "log.h"
 #include "ssherr.h"
+#include "digest.h"
 
 #include "krl.h"
 
@@ -411,7 +412,8 @@
 	int r;
 
 	debug3("%s: revoke type %s by sha1", __func__, sshkey_type(key));
-	if ((r = sshkey_fingerprint_raw(key, SSH_FP_SHA1, &blob, &len)) != 0)
+	if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA1,
+	    &blob, &len)) != 0)
 		return r;
 	return revoke_blob(&krl->revoked_sha1s, blob, len);
 }
@@ -1151,7 +1153,7 @@
 
 	/* Check explicitly revoked hashes first */
 	memset(&rb, 0, sizeof(rb));
-	if ((r = sshkey_fingerprint_raw(key, SSH_FP_SHA1,
+	if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA1,
 	    &rb.blob, &rb.len)) != 0)
 		return r;
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
commit	56d1c83cdd1ac76f1c6bd41e01e80dad834f3994	[log] [tgz]
author	djm@openbsd.org <djm@openbsd.org>	Sun Dec 21 22:27:55 2014 +0000
committer	Damien Miller <djm@mindrot.org>	Mon Dec 22 09:32:29 2014 +1100
tree	700a872e702c686c1815bb1049eb93e88079b598
parent	058f839fe15c51be8b3a844a76ab9a8db550be4f [diff] [blame]