summaryrefslogtreecommitdiff
path: root/dns.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2014-12-21 22:27:55 +0000
committerDamien Miller <djm@mindrot.org>2014-12-22 09:32:29 +1100
commit56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 (patch)
tree700a872e702c686c1815bb1049eb93e88079b598 /dns.c
parent058f839fe15c51be8b3a844a76ab9a8db550be4f (diff)
upstream commit
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Diffstat (limited to 'dns.c')
-rw-r--r--dns.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/dns.c b/dns.c
index c4d073cf5..4b8ae44cf 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.c,v 1.31 2014/06/24 01:13:21 djm Exp $ */ 1/* $OpenBSD: dns.c,v 1.32 2014/12/21 22:27:56 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -41,6 +41,7 @@
41#include "key.h" 41#include "key.h"
42#include "dns.h" 42#include "dns.h"
43#include "log.h" 43#include "log.h"
44#include "digest.h"
44 45
45static const char *errset_text[] = { 46static const char *errset_text[] = {
46 "success", /* 0 ERRSET_SUCCESS */ 47 "success", /* 0 ERRSET_SUCCESS */
@@ -80,7 +81,7 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
80 u_char **digest, u_int *digest_len, Key *key) 81 u_char **digest, u_int *digest_len, Key *key)
81{ 82{
82 int success = 0; 83 int success = 0;
83 enum fp_type fp_type = 0; 84 int fp_alg = -1;
84 85
85 switch (key->type) { 86 switch (key->type) {
86 case KEY_RSA: 87 case KEY_RSA:
@@ -110,17 +111,17 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
110 111
111 switch (*digest_type) { 112 switch (*digest_type) {
112 case SSHFP_HASH_SHA1: 113 case SSHFP_HASH_SHA1:
113 fp_type = SSH_FP_SHA1; 114 fp_alg = SSH_DIGEST_SHA1;
114 break; 115 break;
115 case SSHFP_HASH_SHA256: 116 case SSHFP_HASH_SHA256:
116 fp_type = SSH_FP_SHA256; 117 fp_alg = SSH_DIGEST_SHA256;
117 break; 118 break;
118 default: 119 default:
119 *digest_type = SSHFP_HASH_RESERVED; /* 0 */ 120 *digest_type = SSHFP_HASH_RESERVED; /* 0 */
120 } 121 }
121 122
122 if (*algorithm && *digest_type) { 123 if (*algorithm && *digest_type) {
123 *digest = key_fingerprint_raw(key, fp_type, digest_len); 124 *digest = key_fingerprint_raw(key, fp_alg, digest_len);
124 if (*digest == NULL) 125 if (*digest == NULL)
125 fatal("dns_read_key: null from key_fingerprint_raw()"); 126 fatal("dns_read_key: null from key_fingerprint_raw()");
126 success = 1; 127 success = 1;