upstream: let ssh-keygen and ssh-keyscan accept

-Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 ok dtucker@ OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
author: djm@openbsd.org <djm@openbsd.org> 2023-02-10 05:56:30 +0100
committer: Damien Miller <djm@mindrot.org> 2023-02-10 06:12:42 +0100
commit: d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a (patch)
tree: 68af6f6192662f1a1ed98c4234bfde344761eadf /ssh-keygen.c
parent: upstream: add a `sshd -G` option that parses and prints the (diff)
download: openssh-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.tar.xz
openssh-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.zip
1 files changed, 20 insertions, 10 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ae05440f6..5f8337f4e 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.461 2022/12/04 23:50:49 cheloha Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.462 2023/02/10 04:56:30 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1479,13 +1479,23 @@ do_change_passphrase(struct passwd *pw)
  */
 static int
 do_print_resource_record(struct passwd *pw, char *fname, char *hname,
-    int print_generic)
+    int print_generic, char * const *opts, size_t nopts)
 {
 	struct sshkey *public;
 	char *comment = NULL;
 	struct stat st;
-	int r;
+	int r, hash = -1;
+	size_t i;
 
+	for (i = 0; i < nopts; i++) {
+		if (strncasecmp(opts[i], "hashalg=", 8) == 0) {
+			if ((hash = ssh_digest_alg_by_name(opts[i] + 8)) == -1)
+				fatal("Unsupported hash algorithm");
+		} else {
+			error("Invalid option \"%s\"", opts[i]);
+			return SSH_ERR_INVALID_ARGUMENT;
+		}
+	}
 	if (fname == NULL)
 		fatal_f("no filename");
 	if (stat(fname, &st) == -1) {
@@ -1495,7 +1505,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname,
 	}
 	if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
 		fatal_r(r, "Failed to read v2 public key from \"%s\"", fname);
-	export_dns_rr(hname, public, stdout, print_generic);
+	export_dns_rr(hname, public, stdout, print_generic, hash);
 	sshkey_free(public);
 	free(comment);
 	return 1;
@@ -3725,7 +3735,7 @@ main(int argc, char **argv)
 
 		if (have_identity) {
 			n = do_print_resource_record(pw, identity_file,
-			    rr_hostname, print_generic);
+			    rr_hostname, print_generic, opts, nopts);
 			if (n == 0)
 				fatal("%s: %s", identity_file, strerror(errno));
 			exit(0);
@@ -3733,19 +3743,19 @@ main(int argc, char **argv)
 
 			n += do_print_resource_record(pw,
 			    _PATH_HOST_RSA_KEY_FILE, rr_hostname,
-			    print_generic);
+			    print_generic, opts, nopts);
 			n += do_print_resource_record(pw,
 			    _PATH_HOST_DSA_KEY_FILE, rr_hostname,
-			    print_generic);
+			    print_generic, opts, nopts);
 			n += do_print_resource_record(pw,
 			    _PATH_HOST_ECDSA_KEY_FILE, rr_hostname,
-			    print_generic);
+			    print_generic, opts, nopts);
 			n += do_print_resource_record(pw,
 			    _PATH_HOST_ED25519_KEY_FILE, rr_hostname,
-			    print_generic);
+			    print_generic, opts, nopts);
 			n += do_print_resource_record(pw,
 			    _PATH_HOST_XMSS_KEY_FILE, rr_hostname,
-			    print_generic);
+			    print_generic, opts, nopts);
 			if (n == 0)
 				fatal("no keys found.");
 			exit(0);
author	djm@openbsd.org <djm@openbsd.org>	2023-02-10 05:56:30 +0100
committer	Damien Miller <djm@mindrot.org>	2023-02-10 06:12:42 +0100
commit	d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a (patch)
tree	68af6f6192662f1a1ed98c4234bfde344761eadf /ssh-keygen.c
parent	upstream: add a `sshd -G` option that parses and prints the (diff)
download	openssh-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.tar.xz openssh-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.zip