From 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 21 Dec 2014 22:27:55 +0000
Subject: upstream commit

Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
---
 krl.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'krl.c')

diff --git a/krl.c b/krl.c
index 5a5cdde02..3439e9c29 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.20 2014/12/04 01:49:59 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.21 2014/12/21 22:27:56 djm Exp $ */
 
 #include "includes.h"
 
@@ -36,6 +36,7 @@
 #include "misc.h"
 #include "log.h"
 #include "ssherr.h"
+#include "digest.h"
 
 #include "krl.h"
 
@@ -411,7 +412,8 @@ ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const struct sshkey *key)
 	int r;
 
 	debug3("%s: revoke type %s by sha1", __func__, sshkey_type(key));
-	if ((r = sshkey_fingerprint_raw(key, SSH_FP_SHA1, &blob, &len)) != 0)
+	if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA1,
+	    &blob, &len)) != 0)
 		return r;
 	return revoke_blob(&krl->revoked_sha1s, blob, len);
 }
@@ -1151,7 +1153,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
 
 	/* Check explicitly revoked hashes first */
 	memset(&rb, 0, sizeof(rb));
-	if ((r = sshkey_fingerprint_raw(key, SSH_FP_SHA1,
+	if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA1,
 	    &rb.blob, &rb.len)) != 0)
 		return r;
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
-- 
cgit v1.2.3