===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/dns.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- src/usr.bin/ssh/dns.c	2022/02/01 23:32:51	1.42
+++ src/usr.bin/ssh/dns.c	2023/02/10 04:56:30	1.43
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.42 2022/02/01 23:32:51 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.43 2023/02/10 04:56:30 djm Exp $ */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -299,7 +299,8 @@
  * Export the fingerprint of a key as a DNS resource record
  */
 int
-export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
+export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic,
+    int alg)
 {
 	u_int8_t rdata_pubkey_algorithm = 0;
 	u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED;
@@ -309,6 +310,8 @@
 	int success = 0;
 
 	for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) {
+		if (alg != -1 && dtype != alg)
+			continue;
 		rdata_digest_type = dtype;
 		if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
 		    &rdata_digest, &rdata_digest_len, key)) {