From 1f920ffc4c4f933e3c4e8c474460385fea131266 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 17 May 2008 07:48:57 +0000
Subject: Check RSA1 keys without the need for a separate blacklist. Thanks to
 Simon Tatham for the idea.

---
 ssh-vulnkey.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'ssh-vulnkey.c')

diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
index 3297c431a..f13eb1619 100644
--- a/ssh-vulnkey.c
+++ b/ssh-vulnkey.c
@@ -86,21 +86,28 @@ describe_key(const char *msg, const Key *key, const char *comment)
 int
 do_key(const Key *key, const char *comment)
 {
+	Key *public;
 	char *blacklist_file;
 	struct stat st;
 	int ret = 1;
 
-	blacklist_file = blacklist_filename(key);
+	public = key_demote(key);
+	if (public->type == KEY_RSA1)
+		public->type = KEY_RSA;
+
+	blacklist_file = blacklist_filename(public);
 	if (stat(blacklist_file, &st) < 0)
 		describe_key("Unknown (no blacklist information)",
 		    key, comment);
-	else if (blacklisted_key(key)) {
+	else if (blacklisted_key(public)) {
 		describe_key("COMPROMISED", key, comment);
 		ret = 0;
 	} else
 		describe_key("Not blacklisted", key, comment);
 	xfree(blacklist_file);
 
+	key_free(public);
+
 	return ret;
 }
 
-- 
cgit v1.2.3