diff options
author | djm@openbsd.org <djm@openbsd.org> | 2014-12-21 22:27:55 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-12-22 09:32:29 +1100 |
commit | 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 (patch) | |
tree | 700a872e702c686c1815bb1049eb93e88079b598 /dns.c | |
parent | 058f839fe15c51be8b3a844a76ab9a8db550be4f (diff) |
upstream commit
Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.
Feedback and ok naddy@ markus@
Diffstat (limited to 'dns.c')
-rw-r--r-- | dns.c | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dns.c,v 1.31 2014/06/24 01:13:21 djm Exp $ */ | 1 | /* $OpenBSD: dns.c,v 1.32 2014/12/21 22:27:56 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. | 4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. |
@@ -41,6 +41,7 @@ | |||
41 | #include "key.h" | 41 | #include "key.h" |
42 | #include "dns.h" | 42 | #include "dns.h" |
43 | #include "log.h" | 43 | #include "log.h" |
44 | #include "digest.h" | ||
44 | 45 | ||
45 | static const char *errset_text[] = { | 46 | static const char *errset_text[] = { |
46 | "success", /* 0 ERRSET_SUCCESS */ | 47 | "success", /* 0 ERRSET_SUCCESS */ |
@@ -80,7 +81,7 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, | |||
80 | u_char **digest, u_int *digest_len, Key *key) | 81 | u_char **digest, u_int *digest_len, Key *key) |
81 | { | 82 | { |
82 | int success = 0; | 83 | int success = 0; |
83 | enum fp_type fp_type = 0; | 84 | int fp_alg = -1; |
84 | 85 | ||
85 | switch (key->type) { | 86 | switch (key->type) { |
86 | case KEY_RSA: | 87 | case KEY_RSA: |
@@ -110,17 +111,17 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, | |||
110 | 111 | ||
111 | switch (*digest_type) { | 112 | switch (*digest_type) { |
112 | case SSHFP_HASH_SHA1: | 113 | case SSHFP_HASH_SHA1: |
113 | fp_type = SSH_FP_SHA1; | 114 | fp_alg = SSH_DIGEST_SHA1; |
114 | break; | 115 | break; |
115 | case SSHFP_HASH_SHA256: | 116 | case SSHFP_HASH_SHA256: |
116 | fp_type = SSH_FP_SHA256; | 117 | fp_alg = SSH_DIGEST_SHA256; |
117 | break; | 118 | break; |
118 | default: | 119 | default: |
119 | *digest_type = SSHFP_HASH_RESERVED; /* 0 */ | 120 | *digest_type = SSHFP_HASH_RESERVED; /* 0 */ |
120 | } | 121 | } |
121 | 122 | ||
122 | if (*algorithm && *digest_type) { | 123 | if (*algorithm && *digest_type) { |
123 | *digest = key_fingerprint_raw(key, fp_type, digest_len); | 124 | *digest = key_fingerprint_raw(key, fp_alg, digest_len); |
124 | if (*digest == NULL) | 125 | if (*digest == NULL) |
125 | fatal("dns_read_key: null from key_fingerprint_raw()"); | 126 | fatal("dns_read_key: null from key_fingerprint_raw()"); |
126 | success = 1; | 127 | success = 1; |