diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2023-02-10 04:56:30 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2023-02-10 16:12:42 +1100 |
| commit | d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a (patch) | |
| tree | 68af6f6192662f1a1ed98c4234bfde344761eadf /ssh-keygen.c | |
| parent | 18938d11a90b74d63c20b2d3c965d5bd64786ab1 (diff) | |
| download | openssh-git-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.tar.gz | |
upstream: let ssh-keygen and ssh-keyscan accept
-Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm
selection. bz3493 ok dtucker@
OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index ae05440f..5f8337f4 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.461 2022/12/04 23:50:49 cheloha Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.462 2023/02/10 04:56:30 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1479,13 +1479,23 @@ do_change_passphrase(struct passwd *pw) */ static int do_print_resource_record(struct passwd *pw, char *fname, char *hname, - int print_generic) + int print_generic, char * const *opts, size_t nopts) { struct sshkey *public; char *comment = NULL; struct stat st; - int r; + int r, hash = -1; + size_t i; + for (i = 0; i < nopts; i++) { + if (strncasecmp(opts[i], "hashalg=", 8) == 0) { + if ((hash = ssh_digest_alg_by_name(opts[i] + 8)) == -1) + fatal("Unsupported hash algorithm"); + } else { + error("Invalid option \"%s\"", opts[i]); + return SSH_ERR_INVALID_ARGUMENT; + } + } if (fname == NULL) fatal_f("no filename"); if (stat(fname, &st) == -1) { @@ -1495,7 +1505,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname, } if ((r = sshkey_load_public(fname, &public, &comment)) != 0) fatal_r(r, "Failed to read v2 public key from \"%s\"", fname); - export_dns_rr(hname, public, stdout, print_generic); + export_dns_rr(hname, public, stdout, print_generic, hash); sshkey_free(public); free(comment); return 1; @@ -3725,7 +3735,7 @@ main(int argc, char **argv) if (have_identity) { n = do_print_resource_record(pw, identity_file, - rr_hostname, print_generic); + rr_hostname, print_generic, opts, nopts); if (n == 0) fatal("%s: %s", identity_file, strerror(errno)); exit(0); @@ -3733,19 +3743,19 @@ main(int argc, char **argv) n += do_print_resource_record(pw, _PATH_HOST_RSA_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_DSA_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_ECDSA_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_ED25519_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_XMSS_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); if (n == 0) fatal("no keys found."); exit(0); |