diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2023-02-10 04:56:30 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2023-02-10 16:12:42 +1100 |
| commit | d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a (patch) | |
| tree | 68af6f6192662f1a1ed98c4234bfde344761eadf /dns.c | |
| parent | 18938d11a90b74d63c20b2d3c965d5bd64786ab1 (diff) | |
| download | openssh-git-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.tar.gz | |
upstream: let ssh-keygen and ssh-keyscan accept
-Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm
selection. bz3493 ok dtucker@
OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
Diffstat (limited to 'dns.c')
| -rw-r--r-- | dns.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.42 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.43 2023/02/10 04:56:30 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -301,7 +301,8 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, * Export the fingerprint of a key as a DNS resource record */ int -export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) +export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic, + int alg) { u_int8_t rdata_pubkey_algorithm = 0; u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; @@ -311,6 +312,8 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) int success = 0; for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { + if (alg != -1 && dtype != alg) + continue; rdata_digest_type = dtype; if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, &rdata_digest, &rdata_digest_len, key)) { |