diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-04-30 23:18:44 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-05-01 10:05:01 +1000 |
| commit | 873d3e7d9a4707d0934fb4c4299354418f91b541 (patch) | |
| tree | 4fd961131c84ad1626f11ffdcdc4316a26febacb | |
| parent | 788ac799a6efa40517f2ac0d895a610394298ffc (diff) | |
upstream commit
remove KEY_RSA1
ok markus@
Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
| -rw-r--r-- | clientloop.c | 5 | ||||
| -rw-r--r-- | hostfile.c | 18 | ||||
| -rw-r--r-- | ssh-agent.c | 28 | ||||
| -rw-r--r-- | ssh-keygen.1 | 9 | ||||
| -rw-r--r-- | ssh-keygen.c | 27 | ||||
| -rw-r--r-- | ssh-keyscan.1 | 9 | ||||
| -rw-r--r-- | ssh-keyscan.c | 64 | ||||
| -rw-r--r-- | ssh.c | 5 | ||||
| -rw-r--r-- | ssh.h | 4 | ||||
| -rw-r--r-- | sshconnect.c | 3 | ||||
| -rw-r--r-- | sshconnect2.c | 7 | ||||
| -rw-r--r-- | sshd.c | 10 | ||||
| -rw-r--r-- | sshkey.c | 63 | ||||
| -rw-r--r-- | sshkey.h | 3 |
14 files changed, 72 insertions, 183 deletions
diff --git a/clientloop.c b/clientloop.c index 469a2f00a..018688a81 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.292 2017/04/30 23:13:25 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.293 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1831,8 +1831,7 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) | |||
| 1831 | size_t i; | 1831 | size_t i; |
| 1832 | struct sshkey **tmp; | 1832 | struct sshkey **tmp; |
| 1833 | 1833 | ||
| 1834 | if (l->status != HKF_STATUS_MATCHED || l->key == NULL || | 1834 | if (l->status != HKF_STATUS_MATCHED || l->key == NULL) |
| 1835 | l->key->type == KEY_RSA1) | ||
| 1836 | return 0; | 1835 | return 0; |
| 1837 | 1836 | ||
| 1838 | /* Mark off keys we've already seen for this host */ | 1837 | /* Mark off keys we've already seen for this host */ |
diff --git a/hostfile.c b/hostfile.c index b8f9cd143..1804cff99 100644 --- a/hostfile.c +++ b/hostfile.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: hostfile.c,v 1.69 2017/04/30 23:10:43 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.c,v 1.70 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -346,16 +346,11 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys, | |||
| 346 | HostStatus end_return = HOST_NEW; | 346 | HostStatus end_return = HOST_NEW; |
| 347 | int want_cert = sshkey_is_cert(k); | 347 | int want_cert = sshkey_is_cert(k); |
| 348 | HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; | 348 | HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; |
| 349 | int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2; | ||
| 350 | 349 | ||
| 351 | if (found != NULL) | 350 | if (found != NULL) |
| 352 | *found = NULL; | 351 | *found = NULL; |
| 353 | 352 | ||
| 354 | for (i = 0; i < hostkeys->num_entries; i++) { | 353 | for (i = 0; i < hostkeys->num_entries; i++) { |
| 355 | if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1) | ||
| 356 | continue; | ||
| 357 | if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1) | ||
| 358 | continue; | ||
| 359 | if (hostkeys->entries[i].marker != want_marker) | 354 | if (hostkeys->entries[i].marker != want_marker) |
| 360 | continue; | 355 | continue; |
| 361 | if (k == NULL) { | 356 | if (k == NULL) { |
| @@ -490,13 +485,6 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
| 490 | return 0; | 485 | return 0; |
| 491 | } | 486 | } |
| 492 | 487 | ||
| 493 | /* XXX might need a knob for this later */ | ||
| 494 | /* Don't remove RSA1 keys */ | ||
| 495 | if (l->key->type == KEY_RSA1) { | ||
| 496 | fprintf(ctx->out, "%s\n", l->line); | ||
| 497 | return 0; | ||
| 498 | } | ||
| 499 | |||
| 500 | /* | 488 | /* |
| 501 | * If this line contains one of the keys that we will be | 489 | * If this line contains one of the keys that we will be |
| 502 | * adding later, then don't change it and mark the key for | 490 | * adding later, then don't change it and mark the key for |
| @@ -804,12 +792,12 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, | |||
| 804 | lineinfo.keytype = sshkey_type_from_name(ktype); | 792 | lineinfo.keytype = sshkey_type_from_name(ktype); |
| 805 | 793 | ||
| 806 | /* | 794 | /* |
| 807 | * Assume RSA1 if the first component is a short | 795 | * Assume legacy RSA1 if the first component is a short |
| 808 | * decimal number. | 796 | * decimal number. |
| 809 | */ | 797 | */ |
| 810 | if (lineinfo.keytype == KEY_UNSPEC && l < 8 && | 798 | if (lineinfo.keytype == KEY_UNSPEC && l < 8 && |
| 811 | strspn(ktype, "0123456789") == l) | 799 | strspn(ktype, "0123456789") == l) |
| 812 | lineinfo.keytype = KEY_RSA1; | 800 | goto bad; |
| 813 | 801 | ||
| 814 | /* | 802 | /* |
| 815 | * Check that something other than whitespace follows | 803 | * Check that something other than whitespace follows |
diff --git a/ssh-agent.c b/ssh-agent.c index 6788287b7..cc3bffad8 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-agent.c,v 1.219 2017/04/30 23:10:43 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.220 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -247,6 +247,8 @@ process_request_identities(SocketEntry *e, int version) | |||
| 247 | Identity *id; | 247 | Identity *id; |
| 248 | struct sshbuf *msg; | 248 | struct sshbuf *msg; |
| 249 | int r; | 249 | int r; |
| 250 | u_char *blob; | ||
| 251 | size_t blen; | ||
| 250 | 252 | ||
| 251 | if ((msg = sshbuf_new()) == NULL) | 253 | if ((msg = sshbuf_new()) == NULL) |
| 252 | fatal("%s: sshbuf_new failed", __func__); | 254 | fatal("%s: sshbuf_new failed", __func__); |
| @@ -256,21 +258,15 @@ process_request_identities(SocketEntry *e, int version) | |||
| 256 | (r = sshbuf_put_u32(msg, tab->nentries)) != 0) | 258 | (r = sshbuf_put_u32(msg, tab->nentries)) != 0) |
| 257 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 259 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 258 | TAILQ_FOREACH(id, &tab->idlist, next) { | 260 | TAILQ_FOREACH(id, &tab->idlist, next) { |
| 259 | if (id->key->type == KEY_RSA1) { | 261 | if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) { |
| 260 | } else { | 262 | error("%s: sshkey_to_blob: %s", __func__, |
| 261 | u_char *blob; | 263 | ssh_err(r)); |
| 262 | size_t blen; | 264 | continue; |
| 263 | |||
| 264 | if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) { | ||
| 265 | error("%s: sshkey_to_blob: %s", __func__, | ||
| 266 | ssh_err(r)); | ||
| 267 | continue; | ||
| 268 | } | ||
| 269 | if ((r = sshbuf_put_string(msg, blob, blen)) != 0) | ||
| 270 | fatal("%s: buffer error: %s", | ||
| 271 | __func__, ssh_err(r)); | ||
| 272 | free(blob); | ||
| 273 | } | 265 | } |
| 266 | if ((r = sshbuf_put_string(msg, blob, blen)) != 0) | ||
| 267 | fatal("%s: buffer error: %s", | ||
| 268 | __func__, ssh_err(r)); | ||
| 269 | free(blob); | ||
| 274 | if ((r = sshbuf_put_cstring(msg, id->comment)) != 0) | 270 | if ((r = sshbuf_put_cstring(msg, id->comment)) != 0) |
| 275 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 271 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 276 | } | 272 | } |
| @@ -639,7 +635,7 @@ process_add_smartcard_key(SocketEntry *e) | |||
| 639 | count = pkcs11_add_provider(canonical_provider, pin, &keys); | 635 | count = pkcs11_add_provider(canonical_provider, pin, &keys); |
| 640 | for (i = 0; i < count; i++) { | 636 | for (i = 0; i < count; i++) { |
| 641 | k = keys[i]; | 637 | k = keys[i]; |
| 642 | version = k->type == KEY_RSA1 ? 1 : 2; | 638 | version = 2; |
| 643 | tab = idtab_lookup(version); | 639 | tab = idtab_lookup(version); |
| 644 | if (lookup_identity(k, version) == NULL) { | 640 | if (lookup_identity(k, version) == NULL) { |
| 645 | id = xcalloc(1, sizeof(Identity)); | 641 | id = xcalloc(1, sizeof(Identity)); |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index a83388a9f..be1a169f4 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-keygen.1,v 1.135 2017/04/29 06:06:01 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.136 2017/04/30 23:18:44 djm Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -35,7 +35,7 @@ | |||
| 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 37 | .\" | 37 | .\" |
| 38 | .Dd $Mdocdate: April 29 2017 $ | 38 | .Dd $Mdocdate: April 30 2017 $ |
| 39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -207,7 +207,7 @@ There is no way to recover a lost passphrase. | |||
| 207 | If the passphrase is lost or forgotten, a new key must be generated | 207 | If the passphrase is lost or forgotten, a new key must be generated |
| 208 | and the corresponding public key copied to other machines. | 208 | and the corresponding public key copied to other machines. |
| 209 | .Pp | 209 | .Pp |
| 210 | For RSA1 keys and keys stored in the newer OpenSSH format, | 210 | For keys stored in the newer OpenSSH format, |
| 211 | there is also a comment field in the key file that is only for | 211 | there is also a comment field in the key file that is only for |
| 212 | convenience to the user to help identify the key. | 212 | convenience to the user to help identify the key. |
| 213 | The comment can tell what the key is for, or whatever is useful. | 213 | The comment can tell what the key is for, or whatever is useful. |
| @@ -264,7 +264,7 @@ flag will be ignored. | |||
| 264 | Provides a new comment. | 264 | Provides a new comment. |
| 265 | .It Fl c | 265 | .It Fl c |
| 266 | Requests changing the comment in the private and public key files. | 266 | Requests changing the comment in the private and public key files. |
| 267 | This operation is only supported for RSA1 keys and keys stored in the | 267 | This operation is only supported for keys stored in the |
| 268 | newer OpenSSH format. | 268 | newer OpenSSH format. |
| 269 | The program will prompt for the file containing the private keys, for | 269 | The program will prompt for the file containing the private keys, for |
| 270 | the passphrase if the key has one, and for the new comment. | 270 | the passphrase if the key has one, and for the new comment. |
| @@ -384,7 +384,6 @@ section. | |||
| 384 | Prints the contents of one or more certificates. | 384 | Prints the contents of one or more certificates. |
| 385 | .It Fl l | 385 | .It Fl l |
| 386 | Show fingerprint of specified public key file. | 386 | Show fingerprint of specified public key file. |
| 387 | Private RSA1 keys are also supported. | ||
| 388 | For RSA and DSA keys | 387 | For RSA and DSA keys |
| 389 | .Nm | 388 | .Nm |
| 390 | tries to find the matching public key file and prints its fingerprint. | 389 | tries to find the matching public key file and prints its fingerprint. |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 70d421844..51c24bc55 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.301 2017/04/30 23:10:43 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.302 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -246,9 +246,6 @@ ask_filename(struct passwd *pw, const char *prompt) | |||
| 246 | name = _PATH_SSH_CLIENT_ID_RSA; | 246 | name = _PATH_SSH_CLIENT_ID_RSA; |
| 247 | else { | 247 | else { |
| 248 | switch (sshkey_type_from_name(key_type_name)) { | 248 | switch (sshkey_type_from_name(key_type_name)) { |
| 249 | case KEY_RSA1: | ||
| 250 | name = _PATH_SSH_CLIENT_IDENTITY; | ||
| 251 | break; | ||
| 252 | case KEY_DSA_CERT: | 249 | case KEY_DSA_CERT: |
| 253 | case KEY_DSA: | 250 | case KEY_DSA: |
| 254 | name = _PATH_SSH_CLIENT_ID_DSA; | 251 | name = _PATH_SSH_CLIENT_ID_DSA; |
| @@ -320,8 +317,6 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) | |||
| 320 | char comment[61]; | 317 | char comment[61]; |
| 321 | int r; | 318 | int r; |
| 322 | 319 | ||
| 323 | if (k->type == KEY_RSA1) | ||
| 324 | fatal("version 1 keys are not supported"); | ||
| 325 | if ((r = sshkey_to_blob(k, &blob, &len)) != 0) | 320 | if ((r = sshkey_to_blob(k, &blob, &len)) != 0) |
| 326 | fatal("key_to_blob failed: %s", ssh_err(r)); | 321 | fatal("key_to_blob failed: %s", ssh_err(r)); |
| 327 | /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ | 322 | /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ |
| @@ -343,7 +338,6 @@ static void | |||
| 343 | do_convert_to_pkcs8(struct sshkey *k) | 338 | do_convert_to_pkcs8(struct sshkey *k) |
| 344 | { | 339 | { |
| 345 | switch (sshkey_type_plain(k->type)) { | 340 | switch (sshkey_type_plain(k->type)) { |
| 346 | case KEY_RSA1: | ||
| 347 | case KEY_RSA: | 341 | case KEY_RSA: |
| 348 | if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) | 342 | if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) |
| 349 | fatal("PEM_write_RSA_PUBKEY failed"); | 343 | fatal("PEM_write_RSA_PUBKEY failed"); |
| @@ -368,7 +362,6 @@ static void | |||
| 368 | do_convert_to_pem(struct sshkey *k) | 362 | do_convert_to_pem(struct sshkey *k) |
| 369 | { | 363 | { |
| 370 | switch (sshkey_type_plain(k->type)) { | 364 | switch (sshkey_type_plain(k->type)) { |
| 371 | case KEY_RSA1: | ||
| 372 | case KEY_RSA: | 365 | case KEY_RSA: |
| 373 | if (!PEM_write_RSAPublicKey(stdout, k->rsa)) | 366 | if (!PEM_write_RSAPublicKey(stdout, k->rsa)) |
| 374 | fatal("PEM_write_RSAPublicKey failed"); | 367 | fatal("PEM_write_RSAPublicKey failed"); |
| @@ -825,13 +818,6 @@ try_read_key(char **cpp) | |||
| 825 | struct sshkey *ret; | 818 | struct sshkey *ret; |
| 826 | int r; | 819 | int r; |
| 827 | 820 | ||
| 828 | if ((ret = sshkey_new(KEY_RSA1)) == NULL) | ||
| 829 | fatal("sshkey_new failed"); | ||
| 830 | /* Try RSA1 */ | ||
| 831 | if ((r = sshkey_read(ret, cpp)) == 0) | ||
| 832 | return ret; | ||
| 833 | /* Try modern */ | ||
| 834 | sshkey_free(ret); | ||
| 835 | if ((ret = sshkey_new(KEY_UNSPEC)) == NULL) | 821 | if ((ret = sshkey_new(KEY_UNSPEC)) == NULL) |
| 836 | fatal("sshkey_new failed"); | 822 | fatal("sshkey_new failed"); |
| 837 | if ((r = sshkey_read(ret, cpp)) == 0) | 823 | if ((r = sshkey_read(ret, cpp)) == 0) |
| @@ -1442,9 +1428,8 @@ do_change_comment(struct passwd *pw) | |||
| 1442 | } | 1428 | } |
| 1443 | } | 1429 | } |
| 1444 | 1430 | ||
| 1445 | if (private->type != KEY_RSA1 && private->type != KEY_ED25519 && | 1431 | if (private->type != KEY_ED25519 && !use_new_format) { |
| 1446 | !use_new_format) { | 1432 | error("Comments are only supported for keys stored in " |
| 1447 | error("Comments are only supported for RSA1 or keys stored in " | ||
| 1448 | "the new format (-o)."); | 1433 | "the new format (-o)."); |
| 1449 | explicit_bzero(passphrase, strlen(passphrase)); | 1434 | explicit_bzero(passphrase, strlen(passphrase)); |
| 1450 | sshkey_free(private); | 1435 | sshkey_free(private); |
| @@ -2241,13 +2226,11 @@ do_check_krl(struct passwd *pw, int argc, char **argv) | |||
| 2241 | exit(ret); | 2226 | exit(ret); |
| 2242 | } | 2227 | } |
| 2243 | 2228 | ||
| 2244 | # define RSA1_USAGE "" | ||
| 2245 | |||
| 2246 | static void | 2229 | static void |
| 2247 | usage(void) | 2230 | usage(void) |
| 2248 | { | 2231 | { |
| 2249 | fprintf(stderr, | 2232 | fprintf(stderr, |
| 2250 | "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n" | 2233 | "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n" |
| 2251 | " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" | 2234 | " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" |
| 2252 | " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" | 2235 | " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" |
| 2253 | " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" | 2236 | " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" |
| @@ -2255,7 +2238,7 @@ usage(void) | |||
| 2255 | " ssh-keygen -y [-f input_keyfile]\n" | 2238 | " ssh-keygen -y [-f input_keyfile]\n" |
| 2256 | " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" | 2239 | " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" |
| 2257 | " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" | 2240 | " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" |
| 2258 | " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE); | 2241 | " ssh-keygen -B [-f input_keyfile]\n"); |
| 2259 | #ifdef ENABLE_PKCS11 | 2242 | #ifdef ENABLE_PKCS11 |
| 2260 | fprintf(stderr, | 2243 | fprintf(stderr, |
| 2261 | " ssh-keygen -D pkcs11\n"); | 2244 | " ssh-keygen -D pkcs11\n"); |
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index d29d9d906..82bcb5d01 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.38 2015/11/08 23:24:03 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.39 2017/04/30 23:18:44 djm Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
| 4 | .\" | 4 | .\" |
| @@ -6,7 +6,7 @@ | |||
| 6 | .\" permitted provided that due credit is given to the author and the | 6 | .\" permitted provided that due credit is given to the author and the |
| 7 | .\" OpenBSD project by leaving this copyright notice intact. | 7 | .\" OpenBSD project by leaving this copyright notice intact. |
| 8 | .\" | 8 | .\" |
| 9 | .Dd $Mdocdate: November 8 2015 $ | 9 | .Dd $Mdocdate: April 30 2017 $ |
| 10 | .Dt SSH-KEYSCAN 1 | 10 | .Dt SSH-KEYSCAN 1 |
| 11 | .Os | 11 | .Os |
| 12 | .Sh NAME | 12 | .Sh NAME |
| @@ -127,11 +127,6 @@ Input format: | |||
| 127 | 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 | 127 | 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 |
| 128 | .Ed | 128 | .Ed |
| 129 | .Pp | 129 | .Pp |
| 130 | Output format for RSA1 keys: | ||
| 131 | .Bd -literal | ||
| 132 | host-or-namelist bits exponent modulus | ||
| 133 | .Ed | ||
| 134 | .Pp | ||
| 135 | Output format for RSA, DSA, ECDSA, and Ed25519 keys: | 130 | Output format for RSA, DSA, ECDSA, and Ed25519 keys: |
| 136 | .Bd -literal | 131 | .Bd -literal |
| 137 | host-or-namelist keytype base64-encoded-key | 132 | host-or-namelist keytype base64-encoded-key |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 6a9292487..d49d79ad7 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keyscan.c,v 1.111 2017/04/30 23:13:25 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.112 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
| 4 | * | 4 | * |
| @@ -54,11 +54,13 @@ int IPv4or6 = AF_UNSPEC; | |||
| 54 | 54 | ||
| 55 | int ssh_port = SSH_DEFAULT_PORT; | 55 | int ssh_port = SSH_DEFAULT_PORT; |
| 56 | 56 | ||
| 57 | #define KT_RSA1 1 | 57 | #define KT_DSA (1) |
| 58 | #define KT_DSA 2 | 58 | #define KT_RSA (1<<1) |
| 59 | #define KT_RSA 4 | 59 | #define KT_ECDSA (1<<2) |
| 60 | #define KT_ECDSA 8 | 60 | #define KT_ED25519 (1<<3) |
| 61 | #define KT_ED25519 16 | 61 | |
| 62 | #define KT_MIN KT_DSA | ||
| 63 | #define KT_MAX KT_ED25519 | ||
| 62 | 64 | ||
| 63 | int get_cert = 0; | 65 | int get_cert = 0; |
| 64 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; | 66 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; |
| @@ -94,7 +96,7 @@ typedef struct Connection { | |||
| 94 | int c_plen; /* Packet length field for ssh packet */ | 96 | int c_plen; /* Packet length field for ssh packet */ |
| 95 | int c_len; /* Total bytes which must be read. */ | 97 | int c_len; /* Total bytes which must be read. */ |
| 96 | int c_off; /* Length of data read so far. */ | 98 | int c_off; /* Length of data read so far. */ |
| 97 | int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */ | 99 | int c_keytype; /* Only one of KT_* */ |
| 98 | sig_atomic_t c_done; /* SSH2 done */ | 100 | sig_atomic_t c_done; /* SSH2 done */ |
| 99 | char *c_namebase; /* Address to free for c_name and c_namelist */ | 101 | char *c_namebase; /* Address to free for c_name and c_namelist */ |
| 100 | char *c_name; /* Hostname of connection for errors */ | 102 | char *c_name; /* Hostname of connection for errors */ |
| @@ -435,6 +437,20 @@ congreet(int s) | |||
| 435 | size_t bufsiz; | 437 | size_t bufsiz; |
| 436 | con *c = &fdcon[s]; | 438 | con *c = &fdcon[s]; |
| 437 | 439 | ||
| 440 | /* send client banner */ | ||
| 441 | n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", | ||
| 442 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2); | ||
| 443 | if (n < 0 || (size_t)n >= sizeof(buf)) { | ||
| 444 | error("snprintf: buffer too small"); | ||
| 445 | confree(s); | ||
| 446 | return; | ||
| 447 | } | ||
| 448 | if (atomicio(vwrite, s, buf, n) != (size_t)n) { | ||
| 449 | error("write (%s): %s", c->c_name, strerror(errno)); | ||
| 450 | confree(s); | ||
| 451 | return; | ||
| 452 | } | ||
| 453 | |||
| 438 | for (;;) { | 454 | for (;;) { |
| 439 | memset(buf, '\0', sizeof(buf)); | 455 | memset(buf, '\0', sizeof(buf)); |
| 440 | bufsiz = sizeof(buf); | 456 | bufsiz = sizeof(buf); |
| @@ -477,38 +493,14 @@ congreet(int s) | |||
| 477 | c->c_ssh->compat = compat_datafellows(remote_version); | 493 | c->c_ssh->compat = compat_datafellows(remote_version); |
| 478 | else | 494 | else |
| 479 | c->c_ssh->compat = 0; | 495 | c->c_ssh->compat = 0; |
| 480 | if (c->c_keytype != KT_RSA1) { | 496 | if (!ssh2_capable(remote_major, remote_minor)) { |
| 481 | if (!ssh2_capable(remote_major, remote_minor)) { | 497 | debug("%s doesn't support ssh2", c->c_name); |
| 482 | debug("%s doesn't support ssh2", c->c_name); | ||
| 483 | confree(s); | ||
| 484 | return; | ||
| 485 | } | ||
| 486 | } else if (remote_major != 1) { | ||
| 487 | debug("%s doesn't support ssh1", c->c_name); | ||
| 488 | confree(s); | 498 | confree(s); |
| 489 | return; | 499 | return; |
| 490 | } | 500 | } |
| 491 | fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); | 501 | fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); |
| 492 | n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", | 502 | keygrab_ssh2(c); |
| 493 | c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2, | 503 | confree(s); |
| 494 | c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2); | ||
| 495 | if (n < 0 || (size_t)n >= sizeof(buf)) { | ||
| 496 | error("snprintf: buffer too small"); | ||
| 497 | confree(s); | ||
| 498 | return; | ||
| 499 | } | ||
| 500 | if (atomicio(vwrite, s, buf, n) != (size_t)n) { | ||
| 501 | error("write (%s): %s", c->c_name, strerror(errno)); | ||
| 502 | confree(s); | ||
| 503 | return; | ||
| 504 | } | ||
| 505 | if (c->c_keytype != KT_RSA1) { | ||
| 506 | keygrab_ssh2(c); | ||
| 507 | confree(s); | ||
| 508 | return; | ||
| 509 | } | ||
| 510 | c->c_status = CS_SIZE; | ||
| 511 | contouch(s); | ||
| 512 | } | 504 | } |
| 513 | 505 | ||
| 514 | static void | 506 | static void |
| @@ -606,7 +598,7 @@ do_host(char *host) | |||
| 606 | 598 | ||
| 607 | if (name == NULL) | 599 | if (name == NULL) |
| 608 | return; | 600 | return; |
| 609 | for (j = KT_RSA1; j <= KT_ED25519; j *= 2) { | 601 | for (j = KT_MIN; j <= KT_MAX; j *= 2) { |
| 610 | if (get_keytypes & j) { | 602 | if (get_keytypes & j) { |
| 611 | while (ncon >= MAXCON) | 603 | while (ncon >= MAXCON) |
| 612 | conloop(); | 604 | conloop(); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.456 2017/04/30 23:15:04 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.457 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1276,8 +1276,7 @@ main(int ac, char **av) | |||
| 1276 | sensitive_data.nkeys = 0; | 1276 | sensitive_data.nkeys = 0; |
| 1277 | sensitive_data.keys = NULL; | 1277 | sensitive_data.keys = NULL; |
| 1278 | sensitive_data.external_keysign = 0; | 1278 | sensitive_data.external_keysign = 0; |
| 1279 | if (options.rhosts_rsa_authentication || | 1279 | if (options.hostbased_authentication) { |
| 1280 | options.hostbased_authentication) { | ||
| 1281 | sensitive_data.nkeys = 9; | 1280 | sensitive_data.nkeys = 9; |
| 1282 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, | 1281 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, |
| 1283 | sizeof(Key)); | 1282 | sizeof(Key)); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.h,v 1.83 2015/12/11 03:19:09 djm Exp $ */ | 1 | /* $OpenBSD: ssh.h,v 1.84 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -32,7 +32,7 @@ | |||
| 32 | 32 | ||
| 33 | /* | 33 | /* |
| 34 | * Maximum length of lines in authorized_keys file. | 34 | * Maximum length of lines in authorized_keys file. |
| 35 | * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with | 35 | * Current value permits 16kbit RSA keys and 8kbit DSA keys, with |
| 36 | * some room for options and comments. | 36 | * some room for options and comments. |
| 37 | */ | 37 | */ |
| 38 | #define SSH_MAX_PUBKEY_BYTES 16384 | 38 | #define SSH_MAX_PUBKEY_BYTES 16384 |
diff --git a/sshconnect.c b/sshconnect.c index d01d2c82d..28fd62104 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect.c,v 1.276 2017/04/30 23:13:25 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.277 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1367,7 +1367,6 @@ static int | |||
| 1367 | show_other_keys(struct hostkeys *hostkeys, Key *key) | 1367 | show_other_keys(struct hostkeys *hostkeys, Key *key) |
| 1368 | { | 1368 | { |
| 1369 | int type[] = { | 1369 | int type[] = { |
| 1370 | KEY_RSA1, | ||
| 1371 | KEY_RSA, | 1370 | KEY_RSA, |
| 1372 | KEY_DSA, | 1371 | KEY_DSA, |
| 1373 | KEY_ECDSA, | 1372 | KEY_ECDSA, |
diff --git a/sshconnect2.c b/sshconnect2.c index 7e4cde151..393353db5 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.256 2017/04/28 03:24:53 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.257 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -1317,8 +1317,6 @@ pubkey_prepare(Authctxt *authctxt) | |||
| 1317 | /* list of keys stored in the filesystem and PKCS#11 */ | 1317 | /* list of keys stored in the filesystem and PKCS#11 */ |
| 1318 | for (i = 0; i < options.num_identity_files; i++) { | 1318 | for (i = 0; i < options.num_identity_files; i++) { |
| 1319 | key = options.identity_keys[i]; | 1319 | key = options.identity_keys[i]; |
| 1320 | if (key && key->type == KEY_RSA1) | ||
| 1321 | continue; | ||
| 1322 | if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) | 1320 | if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) |
| 1323 | continue; | 1321 | continue; |
| 1324 | options.identity_keys[i] = NULL; | 1322 | options.identity_keys[i] = NULL; |
| @@ -1471,7 +1469,7 @@ try_identity(Identity *id) | |||
| 1471 | key_type(id->key), id->filename); | 1469 | key_type(id->key), id->filename); |
| 1472 | return (0); | 1470 | return (0); |
| 1473 | } | 1471 | } |
| 1474 | return (id->key->type != KEY_RSA1); | 1472 | return 1; |
| 1475 | } | 1473 | } |
| 1476 | 1474 | ||
| 1477 | int | 1475 | int |
| @@ -1764,7 +1762,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 1764 | private = NULL; | 1762 | private = NULL; |
| 1765 | for (i = 0; i < authctxt->sensitive->nkeys; i++) { | 1763 | for (i = 0; i < authctxt->sensitive->nkeys; i++) { |
| 1766 | if (authctxt->sensitive->keys[i] == NULL || | 1764 | if (authctxt->sensitive->keys[i] == NULL || |
| 1767 | authctxt->sensitive->keys[i]->type == KEY_RSA1 || | ||
| 1768 | authctxt->sensitive->keys[i]->type == KEY_UNSPEC) | 1765 | authctxt->sensitive->keys[i]->type == KEY_UNSPEC) |
| 1769 | continue; | 1766 | continue; |
| 1770 | if (match_pattern_list( | 1767 | if (match_pattern_list( |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.486 2017/04/30 23:13:25 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.487 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1676,14 +1676,6 @@ main(int ac, char **av) | |||
| 1676 | key = key_load_private(options.host_key_files[i], "", NULL); | 1676 | key = key_load_private(options.host_key_files[i], "", NULL); |
| 1677 | pubkey = key_load_public(options.host_key_files[i], NULL); | 1677 | pubkey = key_load_public(options.host_key_files[i], NULL); |
| 1678 | 1678 | ||
| 1679 | if ((pubkey != NULL && pubkey->type == KEY_RSA1) || | ||
| 1680 | (key != NULL && key->type == KEY_RSA1)) { | ||
| 1681 | verbose("Ignoring RSA1 key %s", | ||
| 1682 | options.host_key_files[i]); | ||
| 1683 | key_free(key); | ||
| 1684 | key_free(pubkey); | ||
| 1685 | continue; | ||
| 1686 | } | ||
| 1687 | if (pubkey == NULL && key != NULL) | 1679 | if (pubkey == NULL && key != NULL) |
| 1688 | pubkey = key_demote(key); | 1680 | pubkey = key_demote(key); |
| 1689 | sensitive_data.host_keys[i] = key; | 1681 | sensitive_data.host_keys[i] = key; |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshkey.c,v 1.47 2017/04/30 23:15:04 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.48 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
| @@ -235,10 +235,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard) | |||
| 235 | for ((p = strsep(&cp, ",")); p && *p != '\0'; | 235 | for ((p = strsep(&cp, ",")); p && *p != '\0'; |
| 236 | (p = strsep(&cp, ","))) { | 236 | (p = strsep(&cp, ","))) { |
| 237 | type = sshkey_type_from_name(p); | 237 | type = sshkey_type_from_name(p); |
| 238 | if (type == KEY_RSA1) { | ||
| 239 | free(s); | ||
| 240 | return 0; | ||
| 241 | } | ||
| 242 | if (type == KEY_UNSPEC) { | 238 | if (type == KEY_UNSPEC) { |
| 243 | if (allow_wildcard) { | 239 | if (allow_wildcard) { |
| 244 | /* | 240 | /* |
| @@ -247,8 +243,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard) | |||
| 247 | * the component is accepted. | 243 | * the component is accepted. |
| 248 | */ | 244 | */ |
| 249 | for (kt = keytypes; kt->type != -1; kt++) { | 245 | for (kt = keytypes; kt->type != -1; kt++) { |
| 250 | if (kt->type == KEY_RSA1) | ||
| 251 | continue; | ||
| 252 | if (match_pattern_list(kt->name, | 246 | if (match_pattern_list(kt->name, |
| 253 | p, 0) != 0) | 247 | p, 0) != 0) |
| 254 | break; | 248 | break; |
| @@ -269,7 +263,6 @@ sshkey_size(const struct sshkey *k) | |||
| 269 | { | 263 | { |
| 270 | switch (k->type) { | 264 | switch (k->type) { |
| 271 | #ifdef WITH_OPENSSL | 265 | #ifdef WITH_OPENSSL |
| 272 | case KEY_RSA1: | ||
| 273 | case KEY_RSA: | 266 | case KEY_RSA: |
| 274 | case KEY_RSA_CERT: | 267 | case KEY_RSA_CERT: |
| 275 | return BN_num_bits(k->rsa->n); | 268 | return BN_num_bits(k->rsa->n); |
| @@ -472,7 +465,6 @@ sshkey_new(int type) | |||
| 472 | k->ed25519_pk = NULL; | 465 | k->ed25519_pk = NULL; |
| 473 | switch (k->type) { | 466 | switch (k->type) { |
| 474 | #ifdef WITH_OPENSSL | 467 | #ifdef WITH_OPENSSL |
| 475 | case KEY_RSA1: | ||
| 476 | case KEY_RSA: | 468 | case KEY_RSA: |
| 477 | case KEY_RSA_CERT: | 469 | case KEY_RSA_CERT: |
| 478 | if ((rsa = RSA_new()) == NULL || | 470 | if ((rsa = RSA_new()) == NULL || |
| @@ -530,7 +522,6 @@ sshkey_add_private(struct sshkey *k) | |||
| 530 | { | 522 | { |
| 531 | switch (k->type) { | 523 | switch (k->type) { |
| 532 | #ifdef WITH_OPENSSL | 524 | #ifdef WITH_OPENSSL |
| 533 | case KEY_RSA1: | ||
| 534 | case KEY_RSA: | 525 | case KEY_RSA: |
| 535 | case KEY_RSA_CERT: | 526 | case KEY_RSA_CERT: |
| 536 | #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) | 527 | #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) |
| @@ -586,7 +577,6 @@ sshkey_free(struct sshkey *k) | |||
| 586 | return; | 577 | return; |
| 587 | switch (k->type) { | 578 | switch (k->type) { |
| 588 | #ifdef WITH_OPENSSL | 579 | #ifdef WITH_OPENSSL |
| 589 | case KEY_RSA1: | ||
| 590 | case KEY_RSA: | 580 | case KEY_RSA: |
| 591 | case KEY_RSA_CERT: | 581 | case KEY_RSA_CERT: |
| 592 | if (k->rsa != NULL) | 582 | if (k->rsa != NULL) |
| @@ -664,7 +654,6 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) | |||
| 664 | 654 | ||
| 665 | switch (a->type) { | 655 | switch (a->type) { |
| 666 | #ifdef WITH_OPENSSL | 656 | #ifdef WITH_OPENSSL |
| 667 | case KEY_RSA1: | ||
| 668 | case KEY_RSA_CERT: | 657 | case KEY_RSA_CERT: |
| 669 | case KEY_RSA: | 658 | case KEY_RSA: |
| 670 | return a->rsa != NULL && b->rsa != NULL && | 659 | return a->rsa != NULL && b->rsa != NULL && |
| @@ -881,25 +870,7 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, | |||
| 881 | r = SSH_ERR_INVALID_ARGUMENT; | 870 | r = SSH_ERR_INVALID_ARGUMENT; |
| 882 | goto out; | 871 | goto out; |
| 883 | } | 872 | } |
| 884 | 873 | if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) | |
| 885 | if (k->type == KEY_RSA1) { | ||
| 886 | #ifdef WITH_OPENSSL | ||
| 887 | int nlen = BN_num_bytes(k->rsa->n); | ||
| 888 | int elen = BN_num_bytes(k->rsa->e); | ||
| 889 | |||
| 890 | if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { | ||
| 891 | r = SSH_ERR_INVALID_FORMAT; | ||
| 892 | goto out; | ||
| 893 | } | ||
| 894 | blob_len = nlen + elen; | ||
| 895 | if ((blob = malloc(blob_len)) == NULL) { | ||
| 896 | r = SSH_ERR_ALLOC_FAIL; | ||
| 897 | goto out; | ||
| 898 | } | ||
| 899 | BN_bn2bin(k->rsa->n, blob); | ||
| 900 | BN_bn2bin(k->rsa->e, blob + nlen); | ||
| 901 | #endif /* WITH_OPENSSL */ | ||
| 902 | } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) | ||
| 903 | goto out; | 874 | goto out; |
| 904 | if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) { | 875 | if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) { |
| 905 | r = SSH_ERR_ALLOC_FAIL; | 876 | r = SSH_ERR_ALLOC_FAIL; |
| @@ -1208,8 +1179,6 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
| 1208 | cp = *cpp; | 1179 | cp = *cpp; |
| 1209 | 1180 | ||
| 1210 | switch (ret->type) { | 1181 | switch (ret->type) { |
| 1211 | case KEY_RSA1: | ||
| 1212 | break; | ||
| 1213 | case KEY_UNSPEC: | 1182 | case KEY_UNSPEC: |
| 1214 | case KEY_RSA: | 1183 | case KEY_RSA: |
| 1215 | case KEY_DSA: | 1184 | case KEY_DSA: |
| @@ -1363,30 +1332,16 @@ sshkey_to_base64(const struct sshkey *key, char **b64p) | |||
| 1363 | } | 1332 | } |
| 1364 | 1333 | ||
| 1365 | static int | 1334 | static int |
| 1366 | sshkey_format_rsa1(const struct sshkey *key, struct sshbuf *b) | ||
| 1367 | { | ||
| 1368 | int r = SSH_ERR_INTERNAL_ERROR; | ||
| 1369 | |||
| 1370 | return r; | ||
| 1371 | } | ||
| 1372 | |||
| 1373 | static int | ||
| 1374 | sshkey_format_text(const struct sshkey *key, struct sshbuf *b) | 1335 | sshkey_format_text(const struct sshkey *key, struct sshbuf *b) |
| 1375 | { | 1336 | { |
| 1376 | int r = SSH_ERR_INTERNAL_ERROR; | 1337 | int r = SSH_ERR_INTERNAL_ERROR; |
| 1377 | char *uu = NULL; | 1338 | char *uu = NULL; |
| 1378 | 1339 | ||
| 1379 | if (key->type == KEY_RSA1) { | 1340 | if ((r = sshkey_to_base64(key, &uu)) != 0) |
| 1380 | if ((r = sshkey_format_rsa1(key, b)) != 0) | 1341 | goto out; |
| 1381 | goto out; | 1342 | if ((r = sshbuf_putf(b, "%s %s", |
| 1382 | } else { | 1343 | sshkey_ssh_name(key), uu)) != 0) |
| 1383 | /* Unsupported key types handled in sshkey_to_base64() */ | 1344 | goto out; |
| 1384 | if ((r = sshkey_to_base64(key, &uu)) != 0) | ||
| 1385 | goto out; | ||
| 1386 | if ((r = sshbuf_putf(b, "%s %s", | ||
| 1387 | sshkey_ssh_name(key), uu)) != 0) | ||
| 1388 | goto out; | ||
| 1389 | } | ||
| 1390 | r = 0; | 1345 | r = 0; |
| 1391 | out: | 1346 | out: |
| 1392 | free(uu); | 1347 | free(uu); |
| @@ -1602,7 +1557,6 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) | |||
| 1602 | break; | 1557 | break; |
| 1603 | # endif /* OPENSSL_HAS_ECC */ | 1558 | # endif /* OPENSSL_HAS_ECC */ |
| 1604 | case KEY_RSA: | 1559 | case KEY_RSA: |
| 1605 | case KEY_RSA1: | ||
| 1606 | ret = rsa_generate_private_key(bits, &k->rsa); | 1560 | ret = rsa_generate_private_key(bits, &k->rsa); |
| 1607 | break; | 1561 | break; |
| 1608 | #endif /* WITH_OPENSSL */ | 1562 | #endif /* WITH_OPENSSL */ |
| @@ -1713,7 +1667,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) | |||
| 1713 | break; | 1667 | break; |
| 1714 | # endif /* OPENSSL_HAS_ECC */ | 1668 | # endif /* OPENSSL_HAS_ECC */ |
| 1715 | case KEY_RSA: | 1669 | case KEY_RSA: |
| 1716 | case KEY_RSA1: | ||
| 1717 | case KEY_RSA_CERT: | 1670 | case KEY_RSA_CERT: |
| 1718 | if ((n = sshkey_new(k->type)) == NULL) | 1671 | if ((n = sshkey_new(k->type)) == NULL) |
| 1719 | return SSH_ERR_ALLOC_FAIL; | 1672 | return SSH_ERR_ALLOC_FAIL; |
| @@ -2183,7 +2136,6 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) | |||
| 2183 | if ((ret = sshkey_cert_copy(k, pk)) != 0) | 2136 | if ((ret = sshkey_cert_copy(k, pk)) != 0) |
| 2184 | goto fail; | 2137 | goto fail; |
| 2185 | /* FALLTHROUGH */ | 2138 | /* FALLTHROUGH */ |
| 2186 | case KEY_RSA1: | ||
| 2187 | case KEY_RSA: | 2139 | case KEY_RSA: |
| 2188 | if ((pk->rsa = RSA_new()) == NULL || | 2140 | if ((pk->rsa = RSA_new()) == NULL || |
| 2189 | (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || | 2141 | (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || |
| @@ -2742,7 +2694,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
| 2742 | switch (k->type) { | 2694 | switch (k->type) { |
| 2743 | case KEY_RSA: | 2695 | case KEY_RSA: |
| 2744 | case KEY_RSA_CERT: | 2696 | case KEY_RSA_CERT: |
| 2745 | case KEY_RSA1: | ||
| 2746 | if (RSA_blinding_on(k->rsa, NULL) != 1) { | 2697 | if (RSA_blinding_on(k->rsa, NULL) != 1) { |
| 2747 | r = SSH_ERR_LIBCRYPTO_ERROR; | 2698 | r = SSH_ERR_LIBCRYPTO_ERROR; |
| 2748 | goto out; | 2699 | goto out; |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.h,v 1.16 2017/04/30 23:18:44 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -53,7 +53,6 @@ struct sshbuf; | |||
| 53 | 53 | ||
| 54 | /* Key types */ | 54 | /* Key types */ |
| 55 | enum sshkey_types { | 55 | enum sshkey_types { |
| 56 | KEY_RSA1, | ||
| 57 | KEY_RSA, | 56 | KEY_RSA, |
| 58 | KEY_DSA, | 57 | KEY_DSA, |
| 59 | KEY_ECDSA, | 58 | KEY_ECDSA, |