=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keyscan.c,v retrieving revision 1.149 retrieving revision 1.150 diff -u -r1.149 -r1.150 --- src/usr.bin/ssh/ssh-keyscan.c 2022/12/26 19:16:03 1.149 +++ src/usr.bin/ssh/ssh-keyscan.c 2023/02/10 04:56:30 1.150 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.149 2022/12/26 19:16:03 jmc Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.150 2023/02/10 04:56:30 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -32,6 +32,7 @@ #include "sshbuf.h" #include "sshkey.h" #include "cipher.h" +#include "digest.h" #include "kex.h" #include "compat.h" #include "myproposal.h" @@ -72,6 +73,8 @@ int found_one = 0; /* Successfully found a key */ +int hashalg = -1; /* Hash for SSHFP records or -1 for all */ + #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -294,7 +297,7 @@ found_one = 1; if (print_sshfp) { - export_dns_rr(host, key, stdout, 0); + export_dns_rr(host, key, stdout, 0, hashalg); return; } @@ -678,9 +681,8 @@ usage(void) { fprintf(stderr, - "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" - "\t\t [host | addrlist namelist]\n", - __progname); + "usage: ssh-keyscan [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" + " [-O option] [host | addrlist namelist]\n"); exit(1); } @@ -704,7 +706,7 @@ if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "cDHv46O:p:T:t:f:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; @@ -743,6 +745,14 @@ if (strcmp(optarg, "-") == 0) optarg = NULL; argv[fopt_count++] = optarg; + break; + case 'O': + /* Maybe other misc options in the future too */ + if (strncmp(optarg, "hashalg=", 8) != 0) + fatal("Unsupported -O option"); + if ((hashalg = ssh_digest_alg_by_name( + optarg + 8)) == -1) + fatal("Unsupported hash algorithm"); break; case 't': get_keytypes = 0;