Introduce OpenSSH-compatible SHA256 key fingerprinting.

There's a new enumeration of fingerprint types, and you tell
ssh2_fingerprint() or ssh2_fingerprint_blob() which of them to use.

So far, this is only implemented behind the scenes, and exposed for
testcrypt to test. All the call sites of ssh2_fingerprint pass a fixed
default fptype, which is still set to the old MD5. That will change
shortly.

windows/winpgen.c

@@ -1023,7 +1023,7 @@ void load_key_file(HWND hwnd, struct MainDlgState *state,
 
                 savecomment = state->ssh2key.comment;
                 state->ssh2key.comment = NULL;
-                fp = ssh2_fingerprint(state->ssh2key.key);
+                fp = ssh2_fingerprint(state->ssh2key.key, SSH_FPTYPE_DEFAULT);
                 state->ssh2key.comment = savecomment;
 
                 SetDlgItemText(hwnd, IDC_FINGERPRINT, fp);
@@ -1796,7 +1796,7 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
             savecomment = *state->commentptr;
             *state->commentptr = NULL;
             if (state->ssh2)
-                fp = ssh2_fingerprint(state->ssh2key.key);
+                fp = ssh2_fingerprint(state->ssh2key.key, SSH_FPTYPE_DEFAULT);
             else
                 fp = rsa_ssh1_fingerprint(&state->key);
             SetDlgItemText(hwnd, IDC_FINGERPRINT, fp);

windows/winpgnt.c

@@ -353,7 +353,7 @@ void keylist_update(void)
              * stop and leave out a tab character. Urgh.
              */
 
-            p = ssh2_fingerprint(skey->key);
+            p = ssh2_fingerprint(skey->key, SSH_FPTYPE_DEFAULT);
             listentry = dupprintf("%s\t%s", p, skey->comment);
             sfree(p);