vishalmishra434 / rpms / openssh

Forked from rpms/openssh 3 months ago
Clone
Jakub Jelen 4df30a
From e1d58c44bd911e5ee4dddb6205e16eb9a03cc736 Mon Sep 17 00:00:00 2001
Jakub Jelen 4df30a
From: Jakub Jelen <jjelen@redhat.com>
Jakub Jelen 4df30a
Date: Fri, 7 Aug 2015 10:18:54 +0200
Jakub Jelen 4df30a
Subject: [PATCH] Possibility tu specify more fingerprint algorithms on client
Jakub Jelen 4df30a
 side for smother transition
Jakub Jelen 4df30a
Jakub Jelen 4df30a
---
Jakub Jelen 4df30a
 clientloop.c  |  8 ++++----
Jakub Jelen 4df30a
 readconf.c    | 43 +++++++++++++++++++++++++++++--------------
Jakub Jelen 4df30a
 readconf.h    |  4 +++-
Jakub Jelen 4df30a
 ssh_config.5  |  4 ++--
Jakub Jelen 4df30a
 sshconnect.c  | 48 +++++++++++++++++++++++++++---------------------
Jakub Jelen 4df30a
 sshconnect2.c |  6 +++---
Jakub Jelen 4df30a
 6 files changed, 68 insertions(+), 45 deletions(-)
Jakub Jelen 4df30a
Jakub Jelen 4df30a
diff --git a/clientloop.c b/clientloop.c
Jakub Jelen 4df30a
index 87ceb3d..4553114 100644
Jakub Jelen 4df30a
--- a/clientloop.c
Jakub Jelen 4df30a
+++ b/clientloop.c
Jakub Jelen 4df30a
@@ -2194,7 +2194,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
Jakub Jelen 4df30a
 		if (ctx->keys_seen[i] != 2)
Jakub Jelen 4df30a
 			continue;
Jakub Jelen 4df30a
 		if ((fp = sshkey_fingerprint(ctx->keys[i],
Jakub Jelen 4df30a
-		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
Jakub Jelen 4df30a
+		    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
Jakub Jelen 4df30a
 			fatal("%s: sshkey_fingerprint failed", __func__);
Jakub Jelen 4df30a
 		do_log2(loglevel, "Learned new hostkey: %s %s",
Jakub Jelen 4df30a
 		    sshkey_type(ctx->keys[i]), fp);
Jakub Jelen 4df30a
@@ -2202,7 +2202,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
Jakub Jelen 4df30a
 	}
Jakub Jelen 4df30a
 	for (i = 0; i < ctx->nold; i++) {
Jakub Jelen 4df30a
 		if ((fp = sshkey_fingerprint(ctx->old_keys[i],
Jakub Jelen 4df30a
-		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
Jakub Jelen 4df30a
+		    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
Jakub Jelen 4df30a
 			fatal("%s: sshkey_fingerprint failed", __func__);
Jakub Jelen 4df30a
 		do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
Jakub Jelen 4df30a
 		    sshkey_type(ctx->old_keys[i]), fp);
Jakub Jelen 4df30a
@@ -2245,7 +2245,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
Jakub Jelen 4df30a
 	    (r = hostfile_replace_entries(options.user_hostfiles[0],
Jakub Jelen 4df30a
 	    ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys,
Jakub Jelen 4df30a
 	    options.hash_known_hosts, 0,
Jakub Jelen 4df30a
-	    options.fingerprint_hash)) != 0)
Jakub Jelen 4df30a
+	    options.fingerprint_hash[0])) != 0)
Jakub Jelen 4df30a
 		error("%s: hostfile_replace_entries failed: %s",
Jakub Jelen 4df30a
 		    __func__, ssh_err(r));
Jakub Jelen 4df30a
 }
Jakub Jelen 4df30a
@@ -2358,7 +2358,7 @@ client_input_hostkeys(void)
Jakub Jelen 4df30a
 			error("%s: parse key: %s", __func__, ssh_err(r));
Jakub Jelen 4df30a
 			goto out;
Jakub Jelen 4df30a
 		}
Jakub Jelen 4df30a
-		fp = sshkey_fingerprint(key, options.fingerprint_hash,
Jakub Jelen 4df30a
+		fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
Jakub Jelen 4df30a
 		    SSH_FP_DEFAULT);
Jakub Jelen 4df30a
 		debug3("%s: received %s key %s", __func__,
Jakub Jelen 4df30a
 		    sshkey_type(key), fp);
Jakub Jelen 4df30a
diff --git a/readconf.c b/readconf.c
Jakub Jelen 4df30a
index 1d03bdf..6af4c62 100644
Jakub Jelen 4df30a
--- a/readconf.c
Jakub Jelen 4df30a
+++ b/readconf.c
Jakub Jelen 4df30a
@@ -1471,16 +1471,18 @@ parse_keytypes:
Jakub Jelen 4df30a
 		goto parse_string;
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
 	case oFingerprintHash:
Jakub Jelen 4df30a
-		intptr = &options->fingerprint_hash;
Jakub Jelen 4df30a
-		arg = strdelim(&s);
Jakub Jelen 4df30a
-		if (!arg || *arg == '\0')
Jakub Jelen 4df30a
-			fatal("%.200s line %d: Missing argument.",
Jakub Jelen 4df30a
-			    filename, linenum);
Jakub Jelen 4df30a
-		if ((value = ssh_digest_alg_by_name(arg)) == -1)
Jakub Jelen 4df30a
-			fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
Jakub Jelen 4df30a
-			    filename, linenum, arg);
Jakub Jelen 4df30a
-		if (*activep && *intptr == -1)
Jakub Jelen 4df30a
-			*intptr = value;
Jakub Jelen 4df30a
+		if (*activep && options->num_fingerprint_hash == 0)
Jakub Jelen 4df30a
+			while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
Jakub Jelen 4df30a
+				value = ssh_digest_alg_by_name(arg);
Jakub Jelen 4df30a
+				if (value == -1)
Jakub Jelen 4df30a
+					fatal("%s line %d: unknown fingerprints algorithm specs: %s.",
Jakub Jelen 4df30a
+						filename, linenum, arg);
Jakub Jelen 4df30a
+				if (options->num_fingerprint_hash >= SSH_DIGEST_MAX)
Jakub Jelen 4df30a
+					fatal("%s line %d: too many fingerprints algorithm specs.",
Jakub Jelen 4df30a
+						filename, linenum);
Jakub Jelen 4df30a
+				options->fingerprint_hash[
Jakub Jelen 4df30a
+					options->num_fingerprint_hash++] = value;
Jakub Jelen 4df30a
+			}
Jakub Jelen 4df30a
 		break;
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
 	case oUpdateHostkeys:
Jakub Jelen 4df30a
@@ -1673,7 +1675,7 @@ initialize_options(Options * options)
Jakub Jelen 4df30a
 	options->canonicalize_fallback_local = -1;
Jakub Jelen 4df30a
 	options->canonicalize_hostname = -1;
Jakub Jelen 4df30a
 	options->revoked_host_keys = NULL;
Jakub Jelen 4df30a
-	options->fingerprint_hash = -1;
Jakub Jelen 4df30a
+	options->num_fingerprint_hash = 0;
Jakub Jelen 4df30a
 	options->update_hostkeys = -1;
Jakub Jelen 4df30a
 	options->hostbased_key_types = NULL;
Jakub Jelen 4df30a
 	options->pubkey_key_types = NULL;
Jakub Jelen 4df30a
@@ -1851,8 +1853,10 @@ fill_default_options(Options * options)
Jakub Jelen 4df30a
 		options->canonicalize_fallback_local = 1;
Jakub Jelen 4df30a
 	if (options->canonicalize_hostname == -1)
Jakub Jelen 4df30a
 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
Jakub Jelen 4df30a
-	if (options->fingerprint_hash == -1)
Jakub Jelen 4df30a
-		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
Jakub Jelen 4df30a
+	if (options->num_fingerprint_hash == 0) {
Jakub Jelen 4df30a
+		options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_SHA256;
Jakub Jelen 4df30a
+		options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_MD5;
Jakub Jelen 4df30a
+	}
Jakub Jelen 4df30a
 	if (options->update_hostkeys == -1)
Jakub Jelen 4df30a
 		options->update_hostkeys = 0;
Jakub Jelen 4df30a
 	if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
Jakub Jelen 4df30a
@@ -2189,6 +2193,17 @@ dump_cfg_strarray(OpCodes code, u_int count, char **vals)
Jakub Jelen 4df30a
 }
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
 static void
Jakub Jelen 4df30a
+dump_cfg_fmtarray(OpCodes code, u_int count, int *vals)
Jakub Jelen 4df30a
+{
Jakub Jelen 4df30a
+	u_int i;
Jakub Jelen 4df30a
+
Jakub Jelen 4df30a
+	printf("%s", lookup_opcode_name(code));
Jakub Jelen 4df30a
+	for (i = 0; i < count; i++)
Jakub Jelen 4df30a
+		printf(" %s", fmt_intarg(code, vals[i]));
Jakub Jelen 4df30a
+	printf("\n");
Jakub Jelen 4df30a
+}
Jakub Jelen 4df30a
+
Jakub Jelen 4df30a
+static void
Jakub Jelen 4df30a
 dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)
Jakub Jelen 4df30a
 {
Jakub Jelen 4df30a
 	u_int i;
Jakub Jelen 4df30a
@@ -2259,7 +2274,6 @@ dump_client_config(Options *o, const char *host)
Jakub Jelen 4df30a
 	dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
Jakub Jelen 5878eb
 	dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
Jakub Jelen 4df30a
 	dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
Jakub Jelen 4df30a
-	dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
Jakub Jelen 4df30a
 	dump_cfg_fmtint(oForwardAgent, o->forward_agent);
Jakub Jelen 4df30a
 	dump_cfg_fmtint(oForwardX11, o->forward_x11);
Jakub Jelen 4df30a
 	dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
Jakub Jelen 4df30a
@@ -2328,6 +2342,7 @@ dump_client_config(Options *o, const char *host)
Jakub Jelen 4df30a
 	dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
Jakub Jelen 4df30a
 	dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
Jakub Jelen 4df30a
 	dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
Jakub Jelen 4df30a
+	dump_cfg_fmtarray(oFingerprintHash, o->num_fingerprint_hash, o->fingerprint_hash);
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
 	/* Special cases */
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
diff --git a/readconf.h b/readconf.h
Jakub Jelen 4df30a
index bb2d552..d817f92 100644
Jakub Jelen 4df30a
--- a/readconf.h
Jakub Jelen 4df30a
+++ b/readconf.h
Jakub Jelen 4df30a
@@ -21,6 +21,7 @@
Jakub Jelen 4df30a
 #define MAX_SEND_ENV		256
Jakub Jelen 4df30a
 #define SSH_MAX_HOSTS_FILES	32
Jakub Jelen 4df30a
 #define MAX_CANON_DOMAINS	32
Jakub Jelen 4df30a
+#define MAX_SSH_DIGESTS	32
Jakub Jelen 4df30a
 #define PATH_MAX_SUN		(sizeof((struct sockaddr_un *)0)->sun_path)
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
 struct allowed_cname {
Jakub Jelen 4df30a
@@ -146,7 +147,8 @@ typedef struct {
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
 	char	*revoked_host_keys;
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
-	int	 fingerprint_hash;
Jakub Jelen 4df30a
+	int num_fingerprint_hash;
Jakub Jelen 4df30a
+	int 	fingerprint_hash[MAX_SSH_DIGESTS];
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
 	int	 update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
diff --git a/ssh_config.5 b/ssh_config.5
Jakub Jelen 4df30a
index 5b0975f..e8e6458 100644
Jakub Jelen 4df30a
--- a/ssh_config.5
Jakub Jelen 4df30a
+++ b/ssh_config.5
Jakub Jelen 4df30a
@@ -647,13 +647,13 @@ or
Jakub Jelen 4df30a
 The default is
Jakub Jelen 4df30a
 .Dq no .
Jakub Jelen 4df30a
 .It Cm FingerprintHash
Jakub Jelen 4df30a
-Specifies the hash algorithm used when displaying key fingerprints.
Jakub Jelen 4df30a
+Specifies the hash algorithms used when displaying key fingerprints.
Jakub Jelen 4df30a
 Valid options are:
Jakub Jelen 4df30a
 .Dq md5
Jakub Jelen 4df30a
 and
Jakub Jelen 4df30a
 .Dq sha256 .
Jakub Jelen 4df30a
 The default is
Jakub Jelen 4df30a
-.Dq sha256 .
Jakub Jelen 4df30a
+.Dq "sha256 md5".
Jakub Jelen 4df30a
 .It Cm ForwardAgent
Jakub Jelen 4df30a
 Specifies whether the connection to the authentication agent (if any)
Jakub Jelen 4df30a
 will be forwarded to the remote machine.
Jakub Jelen 4df30a
diff --git a/sshconnect.c b/sshconnect.c
Jakub Jelen 4df30a
index f41960c..e12932f 100644
Jakub Jelen 4df30a
--- a/sshconnect.c
Jakub Jelen 4df30a
+++ b/sshconnect.c
Jakub Jelen 4df30a
@@ -920,9 +920,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
Jakub Jelen 4df30a
 				    "of known hosts.", type, ip);
Jakub Jelen 4df30a
 		} else if (options.visual_host_key) {
Jakub Jelen 4df30a
 			fp = sshkey_fingerprint(host_key,
Jakub Jelen 4df30a
-			    options.fingerprint_hash, SSH_FP_DEFAULT);
Jakub Jelen 4df30a
+			    options.fingerprint_hash[0], SSH_FP_DEFAULT);
Jakub Jelen 4df30a
 			ra = sshkey_fingerprint(host_key,
Jakub Jelen 4df30a
-			    options.fingerprint_hash, SSH_FP_RANDOMART);
Jakub Jelen 4df30a
+			    options.fingerprint_hash[0], SSH_FP_RANDOMART);
Jakub Jelen 4df30a
 			if (fp == NULL || ra == NULL)
Jakub Jelen 4df30a
 				fatal("%s: sshkey_fingerprint fail", __func__);
Jakub Jelen 13073f
 			logit("Host key fingerprint is %s\n%s", fp, ra);
Jakub Jelen 4df30a
@@ -964,12 +964,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
Jakub Jelen 4df30a
 			else
Jakub Jelen 4df30a
 				snprintf(msg1, sizeof(msg1), ".");
Jakub Jelen 4df30a
 			/* The default */
Jakub Jelen 4df30a
-			fp = sshkey_fingerprint(host_key,
Jakub Jelen 4df30a
-			    options.fingerprint_hash, SSH_FP_DEFAULT);
Jakub Jelen 4df30a
-			ra = sshkey_fingerprint(host_key,
Jakub Jelen 4df30a
-			    options.fingerprint_hash, SSH_FP_RANDOMART);
Jakub Jelen 4df30a
-			if (fp == NULL || ra == NULL)
Jakub Jelen 4df30a
-				fatal("%s: sshkey_fingerprint fail", __func__);
Jakub Jelen 4df30a
 			msg2[0] = '\0';
Jakub Jelen 4df30a
 			if (options.verify_host_key_dns) {
Jakub Jelen 4df30a
 				if (matching_host_key_dns)
Jakub Jelen 4df30a
@@ -983,16 +977,28 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
Jakub Jelen 4df30a
 			}
Jakub Jelen 4df30a
 			snprintf(msg, sizeof(msg),
Jakub Jelen 4df30a
 			    "The authenticity of host '%.200s (%s)' can't be "
Jakub Jelen 4df30a
-			    "established%s\n"
Jakub Jelen 4df30a
-			    "%s key fingerprint is %s.%s%s\n%s"
Jakub Jelen 4df30a
+			    "established%s\n", host, ip, msg1);
Jakub Jelen 4df30a
+			for (i = 0; i < options.num_fingerprint_hash; i++) {
Jakub Jelen 4df30a
+				fp = sshkey_fingerprint(host_key,
Jakub Jelen 4df30a
+				    options.fingerprint_hash[i], SSH_FP_DEFAULT);
Jakub Jelen 4df30a
+				ra = sshkey_fingerprint(host_key,
Jakub Jelen 4df30a
+				    options.fingerprint_hash[i], SSH_FP_RANDOMART);
Jakub Jelen 4df30a
+				if (fp == NULL || ra == NULL)
Jakub Jelen 4df30a
+					fatal("%s: sshkey_fingerprint fail", __func__);
Jakub Jelen 4df30a
+				len = strlen(msg);
Jakub Jelen 4df30a
+				snprintf(msg+len, sizeof(msg)-len,
Jakub Jelen 4df30a
+				    "%s key fingerprint is %s.%s%s\n%s",
Jakub Jelen 4df30a
+				    type, fp,
Jakub Jelen 4df30a
+				    options.visual_host_key ? "\n" : "",
Jakub Jelen 4df30a
+				    options.visual_host_key ? ra : "",
Jakub Jelen 4df30a
+				    msg2);
Jakub Jelen 4df30a
+				free(ra);
Jakub Jelen 4df30a
+				free(fp);
Jakub Jelen 4df30a
+			}
Jakub Jelen 4df30a
+			len = strlen(msg);
Jakub Jelen 4df30a
+			snprintf(msg+len, sizeof(msg)-len,
Jakub Jelen 4df30a
 			    "Are you sure you want to continue connecting "
Jakub Jelen 4df30a
-			    "(yes/no)? ",
Jakub Jelen 4df30a
-			    host, ip, msg1, type, fp,
Jakub Jelen 4df30a
-			    options.visual_host_key ? "\n" : "",
Jakub Jelen 4df30a
-			    options.visual_host_key ? ra : "",
Jakub Jelen 4df30a
-			    msg2);
Jakub Jelen 4df30a
-			free(ra);
Jakub Jelen 4df30a
-			free(fp);
Jakub Jelen 4df30a
+			    "(yes/no)? ");
Jakub Jelen 4df30a
 			if (!confirm(msg))
Jakub Jelen 4df30a
 				goto fail;
Jakub Jelen 4df30a
 			hostkey_trusted = 1; /* user explicitly confirmed */
Jakub Jelen 4df30a
@@ -1241,7 +1247,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
Jakub Jelen 4df30a
 	struct sshkey *plain = NULL;
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
 	if ((fp = sshkey_fingerprint(host_key,
Jakub Jelen 4df30a
-	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
Jakub Jelen 4df30a
+	    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
Jakub Jelen 4df30a
 		error("%s: fingerprint host key: %s", __func__, ssh_err(r));
Jakub Jelen 4df30a
 		r = -1;
Jakub Jelen 4df30a
 		goto out;
Jakub Jelen 4df30a
@@ -1405,9 +1411,9 @@ show_other_keys(struct hostkeys *hostkeys, Key *key)
Jakub Jelen 4df30a
 		if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
Jakub Jelen 4df30a
 			continue;
Jakub Jelen 4df30a
 		fp = sshkey_fingerprint(found->key,
Jakub Jelen 4df30a
-		    options.fingerprint_hash, SSH_FP_DEFAULT);
Jakub Jelen 4df30a
+		    options.fingerprint_hash[0], SSH_FP_DEFAULT);
Jakub Jelen 4df30a
 		ra = sshkey_fingerprint(found->key,
Jakub Jelen 4df30a
-		    options.fingerprint_hash, SSH_FP_RANDOMART);
Jakub Jelen 4df30a
+		    options.fingerprint_hash[0], SSH_FP_RANDOMART);
Jakub Jelen 4df30a
 		if (fp == NULL || ra == NULL)
Jakub Jelen 4df30a
 			fatal("%s: sshkey_fingerprint fail", __func__);
Jakub Jelen 4df30a
 		logit("WARNING: %s key found for host %s\n"
Jakub Jelen 4df30a
@@ -1430,7 +1436,7 @@ warn_changed_key(Key *host_key)
Jakub Jelen 4df30a
 {
Jakub Jelen 4df30a
 	char *fp;
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
-	fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
Jakub Jelen 4df30a
+	fp = sshkey_fingerprint(host_key, options.fingerprint_hash[0],
Jakub Jelen 4df30a
 	    SSH_FP_DEFAULT);
Jakub Jelen 4df30a
 	if (fp == NULL)
Jakub Jelen 4df30a
 		fatal("%s: sshkey_fingerprint fail", __func__);
Jakub Jelen 4df30a
diff --git a/sshconnect2.c b/sshconnect2.c
Jakub Jelen 4df30a
index 7751031..82ed92e 100644
Jakub Jelen 4df30a
--- a/sshconnect2.c
Jakub Jelen 4df30a
+++ b/sshconnect2.c
Jakub Jelen 4df30a
@@ -589,7 +589,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
Jakub Jelen 4df30a
 		    key->type, pktype);
Jakub Jelen 4df30a
 		goto done;
Jakub Jelen 4df30a
 	}
Jakub Jelen 4df30a
-	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
Jakub Jelen 4df30a
+	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
Jakub Jelen 4df30a
 	    SSH_FP_DEFAULT)) == NULL)
Jakub Jelen 4df30a
 		goto done;
Jakub Jelen 4df30a
 	debug2("input_userauth_pk_ok: fp %s", fp);
Jakub Jelen 4df30a
@@ -1009,7 +1009,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
Jakub Jelen 13073f
 	int matched, ret = -1, have_sig = 1;
Jakub Jelen 4df30a
 	char *fp;
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
-	if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
Jakub Jelen 4df30a
+	if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0],
Jakub Jelen 4df30a
 	    SSH_FP_DEFAULT)) == NULL)
Jakub Jelen 4df30a
 		return 0;
Jakub Jelen 13073f
 	debug3("%s: %s %s", __func__, key_type(id->key), fp);
Jakub Jelen 4df30a
@@ -1635,7 +1635,7 @@ userauth_hostbased(Authctxt *authctxt)
Jakub Jelen 4df30a
 		goto out;
Jakub Jelen 4df30a
 	}
Jakub Jelen 4df30a
 
Jakub Jelen 4df30a
-	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
Jakub Jelen 4df30a
+	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash[0],
Jakub Jelen 4df30a
 	    SSH_FP_DEFAULT)) == NULL) {
Jakub Jelen 4df30a
 		error("%s: sshkey_fingerprint failed", __func__);
Jakub Jelen 4df30a
 		goto out;
Jakub Jelen c4c52b
diff --git a/ssh-keysign.c b/ssh-keysign.c
Jakub Jelen c4c52b
index 1dca3e2..23bff7d 100644
Jakub Jelen c4c52b
--- a/ssh-keysign.c
Jakub Jelen c4c52b
+++ b/ssh-keysign.c
Jakub Jelen c4c52b
@@ -275,7 +275,7 @@ main(int argc, char **argv)
Jakub Jelen c4c52b
 		}
Jakub Jelen c4c52b
 	}
Jakub Jelen c4c52b
 	if (!found) {
Jakub Jelen c4c52b
-		if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
Jakub Jelen c4c52b
+		if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
Jakub Jelen c4c52b
 		    SSH_FP_DEFAULT)) == NULL)
Jakub Jelen 13073f
 			fatal("%s: sshkey_fingerprint failed", __progname);
Jakub Jelen c4c52b
 		fatal("no matching hostkey found for key %s %s",
Jakub Jelen c4c52b
Jakub Jelen 4df30a
-- 
Jakub Jelen 4df30a
2.1.0
Jakub Jelen 4df30a
Jakub Jelen 4df30a
Jakub Jelen 13073f
diff --git a/sshconnect.c b/sshconnect.c
Jakub Jelen 13073f
index de7ace6..f16e606 100644
Jakub Jelen 13073f
--- a/sshconnect.c
Jakub Jelen 13073f
+++ b/sshconnect.c
Jakub Jelen 13073f
@@ -1262,7 +1262,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
Jakub Jelen 13073f
 
Jakub Jelen 13073f
 	if (sshkey_is_cert(host_key)) {
Jakub Jelen 13073f
 		if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
Jakub Jelen 13073f
-		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
Jakub Jelen 13073f
+		    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
Jakub Jelen 13073f
 			error("%s: fingerprint CA key: %s",
Jakub Jelen 13073f
 			    __func__, ssh_err(r));
Jakub Jelen 13073f
 			r = -1;