[openssh-commits] [openssh] 10/22: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Mon May 1 12:02:13 AEST 2017


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 873d3e7d9a4707d0934fb4c4299354418f91b541
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Apr 30 23:18:44 2017 +0000

    upstream commit
    
    remove KEY_RSA1
    
    ok markus@
    
    Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
---
 clientloop.c  |  5 ++---
 hostfile.c    | 18 +++--------------
 ssh-agent.c   | 28 +++++++++++---------------
 ssh-keygen.1  |  9 ++++-----
 ssh-keygen.c  | 27 +++++--------------------
 ssh-keyscan.1 |  9 ++-------
 ssh-keyscan.c | 64 ++++++++++++++++++++++++++---------------------------------
 ssh.c         |  5 ++---
 ssh.h         |  4 ++--
 sshconnect.c  |  3 +--
 sshconnect2.c |  7 ++-----
 sshd.c        | 10 +---------
 sshkey.c      | 63 +++++++---------------------------------------------------
 sshkey.h      |  3 +--
 14 files changed, 72 insertions(+), 183 deletions(-)

diff --git a/clientloop.c b/clientloop.c
index 469a2f00..018688a8 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.292 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.293 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1831,8 +1831,7 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
 	size_t i;
 	struct sshkey **tmp;
 
-	if (l->status != HKF_STATUS_MATCHED || l->key == NULL ||
-	    l->key->type == KEY_RSA1)
+	if (l->status != HKF_STATUS_MATCHED || l->key == NULL)
 		return 0;
 
 	/* Mark off keys we've already seen for this host */
diff --git a/hostfile.c b/hostfile.c
index b8f9cd14..1804cff9 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.69 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.70 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -346,16 +346,11 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
 	HostStatus end_return = HOST_NEW;
 	int want_cert = sshkey_is_cert(k);
 	HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE;
-	int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2;
 
 	if (found != NULL)
 		*found = NULL;
 
 	for (i = 0; i < hostkeys->num_entries; i++) {
-		if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1)
-			continue;
-		if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1)
-			continue;
 		if (hostkeys->entries[i].marker != want_marker)
 			continue;
 		if (k == NULL) {
@@ -490,13 +485,6 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx)
 			return 0;
 		}
 
-		/* XXX might need a knob for this later */
-		/* Don't remove RSA1 keys */
-		if (l->key->type == KEY_RSA1) {
-			fprintf(ctx->out, "%s\n", l->line);
-			return 0;
-		}
-
 		/*
 		 * If this line contains one of the keys that we will be
 		 * adding later, then don't change it and mark the key for
@@ -804,12 +792,12 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
 			lineinfo.keytype = sshkey_type_from_name(ktype);
 
 			/*
-			 * Assume RSA1 if the first component is a short
+			 * Assume legacy RSA1 if the first component is a short
 			 * decimal number.
 			 */
 			if (lineinfo.keytype == KEY_UNSPEC && l < 8 &&
 			    strspn(ktype, "0123456789") == l)
-				lineinfo.keytype = KEY_RSA1;
+				goto bad;
 
 			/*
 			 * Check that something other than whitespace follows
diff --git a/ssh-agent.c b/ssh-agent.c
index 6788287b..cc3bffad 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.219 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.220 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -247,6 +247,8 @@ process_request_identities(SocketEntry *e, int version)
 	Identity *id;
 	struct sshbuf *msg;
 	int r;
+	u_char *blob;
+	size_t blen;
 
 	if ((msg = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
@@ -256,21 +258,15 @@ process_request_identities(SocketEntry *e, int version)
 	    (r = sshbuf_put_u32(msg, tab->nentries)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	TAILQ_FOREACH(id, &tab->idlist, next) {
-		if (id->key->type == KEY_RSA1) {
-		} else {
-			u_char *blob;
-			size_t blen;
-
-			if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) {
-				error("%s: sshkey_to_blob: %s", __func__,
-				    ssh_err(r));
-				continue;
-			}
-			if ((r = sshbuf_put_string(msg, blob, blen)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
-			free(blob);
+		if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) {
+			error("%s: sshkey_to_blob: %s", __func__,
+			    ssh_err(r));
+			continue;
 		}
+		if ((r = sshbuf_put_string(msg, blob, blen)) != 0)
+			fatal("%s: buffer error: %s",
+			    __func__, ssh_err(r));
+		free(blob);
 		if ((r = sshbuf_put_cstring(msg, id->comment)) != 0)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	}
@@ -639,7 +635,7 @@ process_add_smartcard_key(SocketEntry *e)
 	count = pkcs11_add_provider(canonical_provider, pin, &keys);
 	for (i = 0; i < count; i++) {
 		k = keys[i];
-		version = k->type == KEY_RSA1 ? 1 : 2;
+		version = 2;
 		tab = idtab_lookup(version);
 		if (lookup_identity(k, version) == NULL) {
 			id = xcalloc(1, sizeof(Identity));
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index a83388a9..be1a169f 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.135 2017/04/29 06:06:01 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.136 2017/04/30 23:18:44 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo at cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 29 2017 $
+.Dd $Mdocdate: April 30 2017 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -207,7 +207,7 @@ There is no way to recover a lost passphrase.
 If the passphrase is lost or forgotten, a new key must be generated
 and the corresponding public key copied to other machines.
 .Pp
-For RSA1 keys and keys stored in the newer OpenSSH format,
+For keys stored in the newer OpenSSH format,
 there is also a comment field in the key file that is only for
 convenience to the user to help identify the key.
 The comment can tell what the key is for, or whatever is useful.
@@ -264,7 +264,7 @@ flag will be ignored.
 Provides a new comment.
 .It Fl c
 Requests changing the comment in the private and public key files.
-This operation is only supported for RSA1 keys and keys stored in the
+This operation is only supported for keys stored in the
 newer OpenSSH format.
 The program will prompt for the file containing the private keys, for
 the passphrase if the key has one, and for the new comment.
@@ -384,7 +384,6 @@ section.
 Prints the contents of one or more certificates.
 .It Fl l
 Show fingerprint of specified public key file.
-Private RSA1 keys are also supported.
 For RSA and DSA keys
 .Nm
 tries to find the matching public key file and prints its fingerprint.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 70d42184..51c24bc5 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.301 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.302 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -246,9 +246,6 @@ ask_filename(struct passwd *pw, const char *prompt)
 		name = _PATH_SSH_CLIENT_ID_RSA;
 	else {
 		switch (sshkey_type_from_name(key_type_name)) {
-		case KEY_RSA1:
-			name = _PATH_SSH_CLIENT_IDENTITY;
-			break;
 		case KEY_DSA_CERT:
 		case KEY_DSA:
 			name = _PATH_SSH_CLIENT_ID_DSA;
@@ -320,8 +317,6 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
 	char comment[61];
 	int r;
 
-	if (k->type == KEY_RSA1)
-		fatal("version 1 keys are not supported");
 	if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
 		fatal("key_to_blob failed: %s", ssh_err(r));
 	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
@@ -343,7 +338,6 @@ static void
 do_convert_to_pkcs8(struct sshkey *k)
 {
 	switch (sshkey_type_plain(k->type)) {
-	case KEY_RSA1:
 	case KEY_RSA:
 		if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
 			fatal("PEM_write_RSA_PUBKEY failed");
@@ -368,7 +362,6 @@ static void
 do_convert_to_pem(struct sshkey *k)
 {
 	switch (sshkey_type_plain(k->type)) {
-	case KEY_RSA1:
 	case KEY_RSA:
 		if (!PEM_write_RSAPublicKey(stdout, k->rsa))
 			fatal("PEM_write_RSAPublicKey failed");
@@ -825,13 +818,6 @@ try_read_key(char **cpp)
 	struct sshkey *ret;
 	int r;
 
-	if ((ret = sshkey_new(KEY_RSA1)) == NULL)
-		fatal("sshkey_new failed");
-	/* Try RSA1 */
-	if ((r = sshkey_read(ret, cpp)) == 0)
-		return ret;
-	/* Try modern */
-	sshkey_free(ret);
 	if ((ret = sshkey_new(KEY_UNSPEC)) == NULL)
 		fatal("sshkey_new failed");
 	if ((r = sshkey_read(ret, cpp)) == 0)
@@ -1442,9 +1428,8 @@ do_change_comment(struct passwd *pw)
 		}
 	}
 
-	if (private->type != KEY_RSA1 && private->type != KEY_ED25519 &&
-	    !use_new_format) {
-		error("Comments are only supported for RSA1 or keys stored in "
+	if (private->type != KEY_ED25519 && !use_new_format) {
+		error("Comments are only supported for keys stored in "
 		    "the new format (-o).");
 		explicit_bzero(passphrase, strlen(passphrase));
 		sshkey_free(private);
@@ -2241,13 +2226,11 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
 	exit(ret);
 }
 
-# define RSA1_USAGE ""
-
 static void
 usage(void)
 {
 	fprintf(stderr,
-	    "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n"
+	    "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n"
 	    "                  [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
 	    "       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
 	    "       ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
@@ -2255,7 +2238,7 @@ usage(void)
 	    "       ssh-keygen -y [-f input_keyfile]\n"
 	    "       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
 	    "       ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
-	    "       ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE);
+	    "       ssh-keygen -B [-f input_keyfile]\n");
 #ifdef ENABLE_PKCS11
 	fprintf(stderr,
 	    "       ssh-keygen -D pkcs11\n");
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index d29d9d90..82bcb5d0 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keyscan.1,v 1.38 2015/11/08 23:24:03 jmc Exp $
+.\"	$OpenBSD: ssh-keyscan.1,v 1.39 2017/04/30 23:18:44 djm Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
 .\"
@@ -6,7 +6,7 @@
 .\" permitted provided that due credit is given to the author and the
 .\" OpenBSD project by leaving this copyright notice intact.
 .\"
-.Dd $Mdocdate: November 8 2015 $
+.Dd $Mdocdate: April 30 2017 $
 .Dt SSH-KEYSCAN 1
 .Os
 .Sh NAME
@@ -127,11 +127,6 @@ Input format:
 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
 .Ed
 .Pp
-Output format for RSA1 keys:
-.Bd -literal
-host-or-namelist bits exponent modulus
-.Ed
-.Pp
 Output format for RSA, DSA, ECDSA, and Ed25519 keys:
 .Bd -literal
 host-or-namelist keytype base64-encoded-key
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 6a929248..d49d79ad 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.111 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.112 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
  *
@@ -54,11 +54,13 @@ int IPv4or6 = AF_UNSPEC;
 
 int ssh_port = SSH_DEFAULT_PORT;
 
-#define KT_RSA1		1
-#define KT_DSA		2
-#define KT_RSA		4
-#define KT_ECDSA	8
-#define KT_ED25519	16
+#define KT_DSA		(1)
+#define KT_RSA		(1<<1)
+#define KT_ECDSA	(1<<2)
+#define KT_ED25519	(1<<3)
+
+#define KT_MIN		KT_DSA
+#define KT_MAX		KT_ED25519
 
 int get_cert = 0;
 int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
@@ -94,7 +96,7 @@ typedef struct Connection {
 	int c_plen;		/* Packet length field for ssh packet */
 	int c_len;		/* Total bytes which must be read. */
 	int c_off;		/* Length of data read so far. */
-	int c_keytype;		/* Only one of KT_RSA1, KT_DSA, or KT_RSA */
+	int c_keytype;		/* Only one of KT_* */
 	sig_atomic_t c_done;	/* SSH2 done */
 	char *c_namebase;	/* Address to free for c_name and c_namelist */
 	char *c_name;		/* Hostname of connection for errors */
@@ -435,6 +437,20 @@ congreet(int s)
 	size_t bufsiz;
 	con *c = &fdcon[s];
 
+	/* send client banner */
+	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2);
+	if (n < 0 || (size_t)n >= sizeof(buf)) {
+		error("snprintf: buffer too small");
+		confree(s);
+		return;
+	}
+	if (atomicio(vwrite, s, buf, n) != (size_t)n) {
+		error("write (%s): %s", c->c_name, strerror(errno));
+		confree(s);
+		return;
+	}
+
 	for (;;) {
 		memset(buf, '\0', sizeof(buf));
 		bufsiz = sizeof(buf);
@@ -477,38 +493,14 @@ congreet(int s)
 		c->c_ssh->compat = compat_datafellows(remote_version);
 	else
 		c->c_ssh->compat = 0;
-	if (c->c_keytype != KT_RSA1) {
-		if (!ssh2_capable(remote_major, remote_minor)) {
-			debug("%s doesn't support ssh2", c->c_name);
-			confree(s);
-			return;
-		}
-	} else if (remote_major != 1) {
-		debug("%s doesn't support ssh1", c->c_name);
+	if (!ssh2_capable(remote_major, remote_minor)) {
+		debug("%s doesn't support ssh2", c->c_name);
 		confree(s);
 		return;
 	}
 	fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf));
-	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
-	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
-	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
-	if (n < 0 || (size_t)n >= sizeof(buf)) {
-		error("snprintf: buffer too small");
-		confree(s);
-		return;
-	}
-	if (atomicio(vwrite, s, buf, n) != (size_t)n) {
-		error("write (%s): %s", c->c_name, strerror(errno));
-		confree(s);
-		return;
-	}
-	if (c->c_keytype != KT_RSA1) {
-		keygrab_ssh2(c);
-		confree(s);
-		return;
-	}
-	c->c_status = CS_SIZE;
-	contouch(s);
+	keygrab_ssh2(c);
+	confree(s);
 }
 
 static void
@@ -606,7 +598,7 @@ do_host(char *host)
 
 	if (name == NULL)
 		return;
-	for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
+	for (j = KT_MIN; j <= KT_MAX; j *= 2) {
 		if (get_keytypes & j) {
 			while (ncon >= MAXCON)
 				conloop();
diff --git a/ssh.c b/ssh.c
index c1316f44..ea394b0c 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.456 2017/04/30 23:15:04 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.457 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1276,8 +1276,7 @@ main(int ac, char **av)
 	sensitive_data.nkeys = 0;
 	sensitive_data.keys = NULL;
 	sensitive_data.external_keysign = 0;
-	if (options.rhosts_rsa_authentication ||
-	    options.hostbased_authentication) {
+	if (options.hostbased_authentication) {
 		sensitive_data.nkeys = 9;
 		sensitive_data.keys = xcalloc(sensitive_data.nkeys,
 		    sizeof(Key));
diff --git a/ssh.h b/ssh.h
index 50467a79..6e27672d 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.h,v 1.83 2015/12/11 03:19:09 djm Exp $ */
+/* $OpenBSD: ssh.h,v 1.84 2017/04/30 23:18:44 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -32,7 +32,7 @@
 
 /*
  * Maximum length of lines in authorized_keys file.
- * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with
+ * Current value permits 16kbit RSA keys and 8kbit DSA keys, with
  * some room for options and comments.
  */
 #define SSH_MAX_PUBKEY_BYTES		16384
diff --git a/sshconnect.c b/sshconnect.c
index d01d2c82..28fd6210 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.276 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.277 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1367,7 +1367,6 @@ static int
 show_other_keys(struct hostkeys *hostkeys, Key *key)
 {
 	int type[] = {
-		KEY_RSA1,
 		KEY_RSA,
 		KEY_DSA,
 		KEY_ECDSA,
diff --git a/sshconnect2.c b/sshconnect2.c
index 7e4cde15..393353db 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.256 2017/04/28 03:24:53 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.257 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1317,8 +1317,6 @@ pubkey_prepare(Authctxt *authctxt)
 	/* list of keys stored in the filesystem and PKCS#11 */
 	for (i = 0; i < options.num_identity_files; i++) {
 		key = options.identity_keys[i];
-		if (key && key->type == KEY_RSA1)
-			continue;
 		if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
 			continue;
 		options.identity_keys[i] = NULL;
@@ -1471,7 +1469,7 @@ try_identity(Identity *id)
 		    key_type(id->key), id->filename);
 		return (0);
 	}
-	return (id->key->type != KEY_RSA1);
+	return 1;
 }
 
 int
@@ -1764,7 +1762,6 @@ userauth_hostbased(Authctxt *authctxt)
 		private = NULL;
 		for (i = 0; i < authctxt->sensitive->nkeys; i++) {
 			if (authctxt->sensitive->keys[i] == NULL ||
-			    authctxt->sensitive->keys[i]->type == KEY_RSA1 ||
 			    authctxt->sensitive->keys[i]->type == KEY_UNSPEC)
 				continue;
 			if (match_pattern_list(
diff --git a/sshd.c b/sshd.c
index d18da6bd..f128912b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.486 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.487 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1676,14 +1676,6 @@ main(int ac, char **av)
 		key = key_load_private(options.host_key_files[i], "", NULL);
 		pubkey = key_load_public(options.host_key_files[i], NULL);
 
-		if ((pubkey != NULL && pubkey->type == KEY_RSA1) ||
-		    (key != NULL && key->type == KEY_RSA1)) {
-			verbose("Ignoring RSA1 key %s",
-			    options.host_key_files[i]);
-			key_free(key);
-			key_free(pubkey);
-			continue;
-		}
 		if (pubkey == NULL && key != NULL)
 			pubkey = key_demote(key);
 		sensitive_data.host_keys[i] = key;
diff --git a/sshkey.c b/sshkey.c
index 1741d9b1..0f646819 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.47 2017/04/30 23:15:04 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.48 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -235,10 +235,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
 	for ((p = strsep(&cp, ",")); p && *p != '\0';
 	    (p = strsep(&cp, ","))) {
 		type = sshkey_type_from_name(p);
-		if (type == KEY_RSA1) {
-			free(s);
-			return 0;
-		}
 		if (type == KEY_UNSPEC) {
 			if (allow_wildcard) {
 				/*
@@ -247,8 +243,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
 				 * the component is accepted.
 				 */
 				for (kt = keytypes; kt->type != -1; kt++) {
-					if (kt->type == KEY_RSA1)
-						continue;
 					if (match_pattern_list(kt->name,
 					    p, 0) != 0)
 						break;
@@ -269,7 +263,6 @@ sshkey_size(const struct sshkey *k)
 {
 	switch (k->type) {
 #ifdef WITH_OPENSSL
-	case KEY_RSA1:
 	case KEY_RSA:
 	case KEY_RSA_CERT:
 		return BN_num_bits(k->rsa->n);
@@ -472,7 +465,6 @@ sshkey_new(int type)
 	k->ed25519_pk = NULL;
 	switch (k->type) {
 #ifdef WITH_OPENSSL
-	case KEY_RSA1:
 	case KEY_RSA:
 	case KEY_RSA_CERT:
 		if ((rsa = RSA_new()) == NULL ||
@@ -530,7 +522,6 @@ sshkey_add_private(struct sshkey *k)
 {
 	switch (k->type) {
 #ifdef WITH_OPENSSL
-	case KEY_RSA1:
 	case KEY_RSA:
 	case KEY_RSA_CERT:
 #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
@@ -586,7 +577,6 @@ sshkey_free(struct sshkey *k)
 		return;
 	switch (k->type) {
 #ifdef WITH_OPENSSL
-	case KEY_RSA1:
 	case KEY_RSA:
 	case KEY_RSA_CERT:
 		if (k->rsa != NULL)
@@ -664,7 +654,6 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
 
 	switch (a->type) {
 #ifdef WITH_OPENSSL
-	case KEY_RSA1:
 	case KEY_RSA_CERT:
 	case KEY_RSA:
 		return a->rsa != NULL && b->rsa != NULL &&
@@ -881,25 +870,7 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg,
 		r = SSH_ERR_INVALID_ARGUMENT;
 		goto out;
 	}
-
-	if (k->type == KEY_RSA1) {
-#ifdef WITH_OPENSSL
-		int nlen = BN_num_bytes(k->rsa->n);
-		int elen = BN_num_bytes(k->rsa->e);
-
-		if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) {
-			r = SSH_ERR_INVALID_FORMAT;
-			goto out;
-		}
-		blob_len = nlen + elen;
-		if ((blob = malloc(blob_len)) == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		BN_bn2bin(k->rsa->n, blob);
-		BN_bn2bin(k->rsa->e, blob + nlen);
-#endif /* WITH_OPENSSL */
-	} else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0)
+	if ((r = to_blob(k, &blob, &blob_len, 1)) != 0)
 		goto out;
 	if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
@@ -1208,8 +1179,6 @@ sshkey_read(struct sshkey *ret, char **cpp)
 	cp = *cpp;
 
 	switch (ret->type) {
-	case KEY_RSA1:
-		break;
 	case KEY_UNSPEC:
 	case KEY_RSA:
 	case KEY_DSA:
@@ -1363,30 +1332,16 @@ sshkey_to_base64(const struct sshkey *key, char **b64p)
 }
 
 static int
-sshkey_format_rsa1(const struct sshkey *key, struct sshbuf *b)
-{
-	int r = SSH_ERR_INTERNAL_ERROR;
-
-	return r;
-}
-
-static int
 sshkey_format_text(const struct sshkey *key, struct sshbuf *b)
 {
 	int r = SSH_ERR_INTERNAL_ERROR;
 	char *uu = NULL;
 
-	if (key->type == KEY_RSA1) {
-		if ((r = sshkey_format_rsa1(key, b)) != 0)
-			goto out;
-	} else {
-		/* Unsupported key types handled in sshkey_to_base64() */
-		if ((r = sshkey_to_base64(key, &uu)) != 0)
-			goto out;
-		if ((r = sshbuf_putf(b, "%s %s",
-		    sshkey_ssh_name(key), uu)) != 0)
-			goto out;
-	}
+	if ((r = sshkey_to_base64(key, &uu)) != 0)
+		goto out;
+	if ((r = sshbuf_putf(b, "%s %s",
+	    sshkey_ssh_name(key), uu)) != 0)
+		goto out;
 	r = 0;
  out:
 	free(uu);
@@ -1602,7 +1557,6 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp)
 		break;
 # endif /* OPENSSL_HAS_ECC */
 	case KEY_RSA:
-	case KEY_RSA1:
 		ret = rsa_generate_private_key(bits, &k->rsa);
 		break;
 #endif /* WITH_OPENSSL */
@@ -1713,7 +1667,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
 		break;
 # endif /* OPENSSL_HAS_ECC */
 	case KEY_RSA:
-	case KEY_RSA1:
 	case KEY_RSA_CERT:
 		if ((n = sshkey_new(k->type)) == NULL)
 			return SSH_ERR_ALLOC_FAIL;
@@ -2183,7 +2136,6 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp)
 		if ((ret = sshkey_cert_copy(k, pk)) != 0)
 			goto fail;
 		/* FALLTHROUGH */
-	case KEY_RSA1:
 	case KEY_RSA:
 		if ((pk->rsa = RSA_new()) == NULL ||
 		    (pk->rsa->e = BN_dup(k->rsa->e)) == NULL ||
@@ -2742,7 +2694,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
 	switch (k->type) {
 	case KEY_RSA:
 	case KEY_RSA_CERT:
-	case KEY_RSA1:
 		if (RSA_blinding_on(k->rsa, NULL) != 1) {
 			r = SSH_ERR_LIBCRYPTO_ERROR;
 			goto out;
diff --git a/sshkey.h b/sshkey.h
index 1b9e42f4..0012f885 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.16 2017/04/30 23:18:44 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -53,7 +53,6 @@ struct sshbuf;
 
 /* Key types */
 enum sshkey_types {
-	KEY_RSA1,
 	KEY_RSA,
 	KEY_DSA,
 	KEY_ECDSA,

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list