summaryrefslogtreecommitdiff
path: root/hostfile.c
diff options
context:
space:
mode:
Diffstat (limited to 'hostfile.c')
-rw-r--r--hostfile.c33
1 files changed, 4 insertions, 29 deletions
diff --git a/hostfile.c b/hostfile.c
index e23faa969..12f174ff9 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.71 2017/05/31 09:15:42 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -251,7 +251,7 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx)
251 l->marker == MRK_NONE ? "" : 251 l->marker == MRK_NONE ? "" :
252 (l->marker == MRK_CA ? "ca " : "revoked "), 252 (l->marker == MRK_CA ? "ca " : "revoked "),
253 sshkey_type(l->key), l->path, l->linenum); 253 sshkey_type(l->key), l->path, l->linenum);
254 if ((tmp = reallocarray(hostkeys->entries, 254 if ((tmp = recallocarray(hostkeys->entries, hostkeys->num_entries,
255 hostkeys->num_entries + 1, sizeof(*hostkeys->entries))) == NULL) 255 hostkeys->num_entries + 1, sizeof(*hostkeys->entries))) == NULL)
256 return SSH_ERR_ALLOC_FAIL; 256 return SSH_ERR_ALLOC_FAIL;
257 hostkeys->entries = tmp; 257 hostkeys->entries = tmp;
@@ -346,16 +346,11 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
346 HostStatus end_return = HOST_NEW; 346 HostStatus end_return = HOST_NEW;
347 int want_cert = sshkey_is_cert(k); 347 int want_cert = sshkey_is_cert(k);
348 HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; 348 HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE;
349 int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2;
350 349
351 if (found != NULL) 350 if (found != NULL)
352 *found = NULL; 351 *found = NULL;
353 352
354 for (i = 0; i < hostkeys->num_entries; i++) { 353 for (i = 0; i < hostkeys->num_entries; i++) {
355 if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1)
356 continue;
357 if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1)
358 continue;
359 if (hostkeys->entries[i].marker != want_marker) 354 if (hostkeys->entries[i].marker != want_marker)
360 continue; 355 continue;
361 if (k == NULL) { 356 if (k == NULL) {
@@ -490,13 +485,6 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx)
490 return 0; 485 return 0;
491 } 486 }
492 487
493 /* XXX might need a knob for this later */
494 /* Don't remove RSA1 keys */
495 if (l->key->type == KEY_RSA1) {
496 fprintf(ctx->out, "%s\n", l->line);
497 return 0;
498 }
499
500 /* 488 /*
501 * If this line contains one of the keys that we will be 489 * If this line contains one of the keys that we will be
502 * adding later, then don't change it and mark the key for 490 * adding later, then don't change it and mark the key for
@@ -789,20 +777,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
789 break; 777 break;
790 } 778 }
791 if (!hostfile_read_key(&cp, &kbits, lineinfo.key)) { 779 if (!hostfile_read_key(&cp, &kbits, lineinfo.key)) {
792#ifdef WITH_SSH1
793 sshkey_free(lineinfo.key);
794 lineinfo.key = sshkey_new(KEY_RSA1);
795 if (lineinfo.key == NULL) {
796 error("%s: sshkey_new fail", __func__);
797 r = SSH_ERR_ALLOC_FAIL;
798 break;
799 }
800 if (!hostfile_read_key(&cp, &kbits,
801 lineinfo.key))
802 goto bad;
803#else
804 goto bad; 780 goto bad;
805#endif
806 } 781 }
807 lineinfo.keytype = lineinfo.key->type; 782 lineinfo.keytype = lineinfo.key->type;
808 lineinfo.comment = cp; 783 lineinfo.comment = cp;
@@ -817,12 +792,12 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
817 lineinfo.keytype = sshkey_type_from_name(ktype); 792 lineinfo.keytype = sshkey_type_from_name(ktype);
818 793
819 /* 794 /*
820 * Assume RSA1 if the first component is a short 795 * Assume legacy RSA1 if the first component is a short
821 * decimal number. 796 * decimal number.
822 */ 797 */
823 if (lineinfo.keytype == KEY_UNSPEC && l < 8 && 798 if (lineinfo.keytype == KEY_UNSPEC && l < 8 &&
824 strspn(ktype, "0123456789") == l) 799 strspn(ktype, "0123456789") == l)
825 lineinfo.keytype = KEY_RSA1; 800 goto bad;
826 801
827 /* 802 /*
828 * Check that something other than whitespace follows 803 * Check that something other than whitespace follows