diff options
Diffstat (limited to 'hostfile.c')
-rw-r--r-- | hostfile.c | 33 |
1 files changed, 4 insertions, 29 deletions
diff --git a/hostfile.c b/hostfile.c index e23faa969..12f174ff9 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.c,v 1.71 2017/05/31 09:15:42 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -251,7 +251,7 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx) | |||
251 | l->marker == MRK_NONE ? "" : | 251 | l->marker == MRK_NONE ? "" : |
252 | (l->marker == MRK_CA ? "ca " : "revoked "), | 252 | (l->marker == MRK_CA ? "ca " : "revoked "), |
253 | sshkey_type(l->key), l->path, l->linenum); | 253 | sshkey_type(l->key), l->path, l->linenum); |
254 | if ((tmp = reallocarray(hostkeys->entries, | 254 | if ((tmp = recallocarray(hostkeys->entries, hostkeys->num_entries, |
255 | hostkeys->num_entries + 1, sizeof(*hostkeys->entries))) == NULL) | 255 | hostkeys->num_entries + 1, sizeof(*hostkeys->entries))) == NULL) |
256 | return SSH_ERR_ALLOC_FAIL; | 256 | return SSH_ERR_ALLOC_FAIL; |
257 | hostkeys->entries = tmp; | 257 | hostkeys->entries = tmp; |
@@ -346,16 +346,11 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys, | |||
346 | HostStatus end_return = HOST_NEW; | 346 | HostStatus end_return = HOST_NEW; |
347 | int want_cert = sshkey_is_cert(k); | 347 | int want_cert = sshkey_is_cert(k); |
348 | HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; | 348 | HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; |
349 | int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2; | ||
350 | 349 | ||
351 | if (found != NULL) | 350 | if (found != NULL) |
352 | *found = NULL; | 351 | *found = NULL; |
353 | 352 | ||
354 | for (i = 0; i < hostkeys->num_entries; i++) { | 353 | for (i = 0; i < hostkeys->num_entries; i++) { |
355 | if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1) | ||
356 | continue; | ||
357 | if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1) | ||
358 | continue; | ||
359 | if (hostkeys->entries[i].marker != want_marker) | 354 | if (hostkeys->entries[i].marker != want_marker) |
360 | continue; | 355 | continue; |
361 | if (k == NULL) { | 356 | if (k == NULL) { |
@@ -490,13 +485,6 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
490 | return 0; | 485 | return 0; |
491 | } | 486 | } |
492 | 487 | ||
493 | /* XXX might need a knob for this later */ | ||
494 | /* Don't remove RSA1 keys */ | ||
495 | if (l->key->type == KEY_RSA1) { | ||
496 | fprintf(ctx->out, "%s\n", l->line); | ||
497 | return 0; | ||
498 | } | ||
499 | |||
500 | /* | 488 | /* |
501 | * If this line contains one of the keys that we will be | 489 | * If this line contains one of the keys that we will be |
502 | * adding later, then don't change it and mark the key for | 490 | * adding later, then don't change it and mark the key for |
@@ -789,20 +777,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, | |||
789 | break; | 777 | break; |
790 | } | 778 | } |
791 | if (!hostfile_read_key(&cp, &kbits, lineinfo.key)) { | 779 | if (!hostfile_read_key(&cp, &kbits, lineinfo.key)) { |
792 | #ifdef WITH_SSH1 | ||
793 | sshkey_free(lineinfo.key); | ||
794 | lineinfo.key = sshkey_new(KEY_RSA1); | ||
795 | if (lineinfo.key == NULL) { | ||
796 | error("%s: sshkey_new fail", __func__); | ||
797 | r = SSH_ERR_ALLOC_FAIL; | ||
798 | break; | ||
799 | } | ||
800 | if (!hostfile_read_key(&cp, &kbits, | ||
801 | lineinfo.key)) | ||
802 | goto bad; | ||
803 | #else | ||
804 | goto bad; | 780 | goto bad; |
805 | #endif | ||
806 | } | 781 | } |
807 | lineinfo.keytype = lineinfo.key->type; | 782 | lineinfo.keytype = lineinfo.key->type; |
808 | lineinfo.comment = cp; | 783 | lineinfo.comment = cp; |
@@ -817,12 +792,12 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, | |||
817 | lineinfo.keytype = sshkey_type_from_name(ktype); | 792 | lineinfo.keytype = sshkey_type_from_name(ktype); |
818 | 793 | ||
819 | /* | 794 | /* |
820 | * Assume RSA1 if the first component is a short | 795 | * Assume legacy RSA1 if the first component is a short |
821 | * decimal number. | 796 | * decimal number. |
822 | */ | 797 | */ |
823 | if (lineinfo.keytype == KEY_UNSPEC && l < 8 && | 798 | if (lineinfo.keytype == KEY_UNSPEC && l < 8 && |
824 | strspn(ktype, "0123456789") == l) | 799 | strspn(ktype, "0123456789") == l) |
825 | lineinfo.keytype = KEY_RSA1; | 800 | goto bad; |
826 | 801 | ||
827 | /* | 802 | /* |
828 | * Check that something other than whitespace follows | 803 | * Check that something other than whitespace follows |