Check RSA1 keys without the need for a separate blacklist. Thanks to

Simon Tatham for the idea.
author: Colin Watson <cjwatson@debian.org> 2008-05-17 07:48:57 +0000
committer: Colin Watson <cjwatson@debian.org> 2008-05-17 07:48:57 +0000
commit: 1f920ffc4c4f933e3c4e8c474460385fea131266 (patch)
tree: 7c23ed1becb8b315640229ad8eb18405b532151a /ssh-vulnkey.c
parent: 7eb2c79966e70e03a1ecbdf9077d64299241bd3a (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
index 3297c431a..f13eb1619 100644
--- a/ssh-vulnkey.c
+++ b/ssh-vulnkey.c
@@ -86,21 +86,28 @@ describe_key(const char *msg, const Key *key, const char *comment)
 int
 do_key(const Key *key, const char *comment)
 {
+        Key *public;
        char *blacklist_file;
        struct stat st;
        int ret = 1;
-        blacklist_file = blacklist_filename(key);
+        public = key_demote(key);
+        if (public->type == KEY_RSA1)
+                public->type = KEY_RSA;
+        blacklist_file = blacklist_filename(public);
        if (stat(blacklist_file, &st) < 0)
                describe_key("Unknown (no blacklist information)",
                    key, comment);
-        else if (blacklisted_key(key)) {
+        else if (blacklisted_key(public)) {
                describe_key("COMPROMISED", key, comment);
                ret = 0;
        } else
                describe_key("Not blacklisted", key, comment);
        xfree(blacklist_file);
+        key_free(public);
        return ret;
 }
author	Colin Watson <cjwatson@debian.org>	2008-05-17 07:48:57 +0000
committer	Colin Watson <cjwatson@debian.org>	2008-05-17 07:48:57 +0000
commit	1f920ffc4c4f933e3c4e8c474460385fea131266 (patch)
tree	7c23ed1becb8b315640229ad8eb18405b532151a /ssh-vulnkey.c
parent	7eb2c79966e70e03a1ecbdf9077d64299241bd3a (diff)