diff options
| author | Justus Winter <justus@g10code.com> | 2017-05-24 17:48:42 +0200 |
|---|---|---|
| committer | Justus Winter <justus@g10code.com> | 2017-05-24 18:09:07 +0200 |
| commit | 525f2c482abb6bc2002eb878b03558fb43e6b004 (patch) | |
| tree | dca357392ca690afe00cf387bd6fce011a74b023 /agent/findkey.c | |
| parent | agent: Write both ssh fingerprints to 'sshcontrol' file. (diff) | |
| download | gnupg2-525f2c482abb6bc2002eb878b03558fb43e6b004.tar.xz gnupg2-525f2c482abb6bc2002eb878b03558fb43e6b004.zip | |
agent: Make digest algorithms for ssh fingerprints configurable.
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--
OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256. This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
Diffstat (limited to 'agent/findkey.c')
| -rw-r--r-- | agent/findkey.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/agent/findkey.c b/agent/findkey.c index 1f547b06d..cff0a7df8 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -412,7 +412,8 @@ agent_modify_description (const char *in, const char *comment, case 'F': /* SSH style fingerprint. */ if (!ssh_fpr && key) - ssh_get_fingerprint_string (key, GCRY_MD_MD5, &ssh_fpr); + ssh_get_fingerprint_string (key, opt.ssh_fingerprint_digest, + &ssh_fpr); if (ssh_fpr) { if (out) |