aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssh/dns.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/dns.c')
-rw-r--r--crypto/openssh/dns.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/openssh/dns.c b/crypto/openssh/dns.c
index f2310bec2b08..939241440777 100644
--- a/crypto/openssh/dns.c
+++ b/crypto/openssh/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.42 2022/02/01 23:32:51 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.44 2023/03/10 04:06:21 dtucker Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -258,6 +258,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
if (!dns_read_key(&hostkey_algorithm, &dnskey_digest_type,
&hostkey_digest, &hostkey_digest_len, hostkey)) {
error("Error calculating key fingerprint.");
+ free(dnskey_digest);
freerrset(fingerprints);
return -1;
}
@@ -301,7 +302,8 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
* Export the fingerprint of a key as a DNS resource record
*/
int
-export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
+export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic,
+ int alg)
{
u_int8_t rdata_pubkey_algorithm = 0;
u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED;
@@ -311,6 +313,8 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
int success = 0;
for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) {
+ if (alg != -1 && dtype != alg)
+ continue;
rdata_digest_type = dtype;
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
&rdata_digest, &rdata_digest_len, key)) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 00:36:28 +0000