summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--clientloop.c5
-rw-r--r--hostfile.c18
-rw-r--r--ssh-agent.c28
-rw-r--r--ssh-keygen.19
-rw-r--r--ssh-keygen.c27
-rw-r--r--ssh-keyscan.19
-rw-r--r--ssh-keyscan.c64
-rw-r--r--ssh.c5
-rw-r--r--ssh.h4
-rw-r--r--sshconnect.c3
-rw-r--r--sshconnect2.c7
-rw-r--r--sshd.c10
-rw-r--r--sshkey.c63
-rw-r--r--sshkey.h3
14 files changed, 72 insertions, 183 deletions
diff --git a/clientloop.c b/clientloop.c
index 469a2f00a..018688a81 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.292 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.293 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1831,8 +1831,7 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
size_t i;
struct sshkey **tmp;
- if (l->status != HKF_STATUS_MATCHED || l->key == NULL ||
- l->key->type == KEY_RSA1)
+ if (l->status != HKF_STATUS_MATCHED || l->key == NULL)
return 0;
/* Mark off keys we've already seen for this host */
diff --git a/hostfile.c b/hostfile.c
index b8f9cd143..1804cff99 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.69 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.70 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -346,16 +346,11 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
HostStatus end_return = HOST_NEW;
int want_cert = sshkey_is_cert(k);
HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE;
- int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2;
if (found != NULL)
*found = NULL;
for (i = 0; i < hostkeys->num_entries; i++) {
- if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1)
- continue;
- if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1)
- continue;
if (hostkeys->entries[i].marker != want_marker)
continue;
if (k == NULL) {
@@ -490,13 +485,6 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx)
return 0;
}
- /* XXX might need a knob for this later */
- /* Don't remove RSA1 keys */
- if (l->key->type == KEY_RSA1) {
- fprintf(ctx->out, "%s\n", l->line);
- return 0;
- }
-
/*
* If this line contains one of the keys that we will be
* adding later, then don't change it and mark the key for
@@ -804,12 +792,12 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
lineinfo.keytype = sshkey_type_from_name(ktype);
/*
- * Assume RSA1 if the first component is a short
+ * Assume legacy RSA1 if the first component is a short
* decimal number.
*/
if (lineinfo.keytype == KEY_UNSPEC && l < 8 &&
strspn(ktype, "0123456789") == l)
- lineinfo.keytype = KEY_RSA1;
+ goto bad;
/*
* Check that something other than whitespace follows
diff --git a/ssh-agent.c b/ssh-agent.c
index 6788287b7..cc3bffad8 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.219 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.220 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -247,6 +247,8 @@ process_request_identities(SocketEntry *e, int version)
Identity *id;
struct sshbuf *msg;
int r;
+ u_char *blob;
+ size_t blen;
if ((msg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
@@ -256,21 +258,15 @@ process_request_identities(SocketEntry *e, int version)
(r = sshbuf_put_u32(msg, tab->nentries)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
TAILQ_FOREACH(id, &tab->idlist, next) {
- if (id->key->type == KEY_RSA1) {
- } else {
- u_char *blob;
- size_t blen;
-
- if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) {
- error("%s: sshkey_to_blob: %s", __func__,
- ssh_err(r));
- continue;
- }
- if ((r = sshbuf_put_string(msg, blob, blen)) != 0)
- fatal("%s: buffer error: %s",
- __func__, ssh_err(r));
- free(blob);
+ if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) {
+ error("%s: sshkey_to_blob: %s", __func__,
+ ssh_err(r));
+ continue;
}
+ if ((r = sshbuf_put_string(msg, blob, blen)) != 0)
+ fatal("%s: buffer error: %s",
+ __func__, ssh_err(r));
+ free(blob);
if ((r = sshbuf_put_cstring(msg, id->comment)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
@@ -639,7 +635,7 @@ process_add_smartcard_key(SocketEntry *e)
count = pkcs11_add_provider(canonical_provider, pin, &keys);
for (i = 0; i < count; i++) {
k = keys[i];
- version = k->type == KEY_RSA1 ? 1 : 2;
+ version = 2;
tab = idtab_lookup(version);
if (lookup_identity(k, version) == NULL) {
id = xcalloc(1, sizeof(Identity));
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index a83388a9f..be1a169f4 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.135 2017/04/29 06:06:01 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.136 2017/04/30 23:18:44 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: April 29 2017 $
+.Dd $Mdocdate: April 30 2017 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -207,7 +207,7 @@ There is no way to recover a lost passphrase.
If the passphrase is lost or forgotten, a new key must be generated
and the corresponding public key copied to other machines.
.Pp
-For RSA1 keys and keys stored in the newer OpenSSH format,
+For keys stored in the newer OpenSSH format,
there is also a comment field in the key file that is only for
convenience to the user to help identify the key.
The comment can tell what the key is for, or whatever is useful.
@@ -264,7 +264,7 @@ flag will be ignored.
Provides a new comment.
.It Fl c
Requests changing the comment in the private and public key files.
-This operation is only supported for RSA1 keys and keys stored in the
+This operation is only supported for keys stored in the
newer OpenSSH format.
The program will prompt for the file containing the private keys, for
the passphrase if the key has one, and for the new comment.
@@ -384,7 +384,6 @@ section.
Prints the contents of one or more certificates.
.It Fl l
Show fingerprint of specified public key file.
-Private RSA1 keys are also supported.
For RSA and DSA keys
.Nm
tries to find the matching public key file and prints its fingerprint.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 70d421844..51c24bc55 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.301 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.302 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -246,9 +246,6 @@ ask_filename(struct passwd *pw, const char *prompt)
name = _PATH_SSH_CLIENT_ID_RSA;
else {
switch (sshkey_type_from_name(key_type_name)) {
- case KEY_RSA1:
- name = _PATH_SSH_CLIENT_IDENTITY;
- break;
case KEY_DSA_CERT:
case KEY_DSA:
name = _PATH_SSH_CLIENT_ID_DSA;
@@ -320,8 +317,6 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
char comment[61];
int r;
- if (k->type == KEY_RSA1)
- fatal("version 1 keys are not supported");
if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
fatal("key_to_blob failed: %s", ssh_err(r));
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
@@ -343,7 +338,6 @@ static void
do_convert_to_pkcs8(struct sshkey *k)
{
switch (sshkey_type_plain(k->type)) {
- case KEY_RSA1:
case KEY_RSA:
if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
fatal("PEM_write_RSA_PUBKEY failed");
@@ -368,7 +362,6 @@ static void
do_convert_to_pem(struct sshkey *k)
{
switch (sshkey_type_plain(k->type)) {
- case KEY_RSA1:
case KEY_RSA:
if (!PEM_write_RSAPublicKey(stdout, k->rsa))
fatal("PEM_write_RSAPublicKey failed");
@@ -825,13 +818,6 @@ try_read_key(char **cpp)
struct sshkey *ret;
int r;
- if ((ret = sshkey_new(KEY_RSA1)) == NULL)
- fatal("sshkey_new failed");
- /* Try RSA1 */
- if ((r = sshkey_read(ret, cpp)) == 0)
- return ret;
- /* Try modern */
- sshkey_free(ret);
if ((ret = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
if ((r = sshkey_read(ret, cpp)) == 0)
@@ -1442,9 +1428,8 @@ do_change_comment(struct passwd *pw)
}
}
- if (private->type != KEY_RSA1 && private->type != KEY_ED25519 &&
- !use_new_format) {
- error("Comments are only supported for RSA1 or keys stored in "
+ if (private->type != KEY_ED25519 && !use_new_format) {
+ error("Comments are only supported for keys stored in "
"the new format (-o).");
explicit_bzero(passphrase, strlen(passphrase));
sshkey_free(private);
@@ -2241,13 +2226,11 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
exit(ret);
}
-# define RSA1_USAGE ""
-
static void
usage(void)
{
fprintf(stderr,
- "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n"
+ "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n"
" [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
" ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
" ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
@@ -2255,7 +2238,7 @@ usage(void)
" ssh-keygen -y [-f input_keyfile]\n"
" ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
" ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
- " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE);
+ " ssh-keygen -B [-f input_keyfile]\n");
#ifdef ENABLE_PKCS11
fprintf(stderr,
" ssh-keygen -D pkcs11\n");
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index d29d9d906..82bcb5d01 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.38 2015/11/08 23:24:03 jmc Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.39 2017/04/30 23:18:44 djm Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
-.Dd $Mdocdate: November 8 2015 $
+.Dd $Mdocdate: April 30 2017 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@@ -127,11 +127,6 @@ Input format:
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
.Ed
.Pp
-Output format for RSA1 keys:
-.Bd -literal
-host-or-namelist bits exponent modulus
-.Ed
-.Pp
Output format for RSA, DSA, ECDSA, and Ed25519 keys:
.Bd -literal
host-or-namelist keytype base64-encoded-key
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 6a9292487..d49d79ad7 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.111 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.112 2017/04/30 23:18:44 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@@ -54,11 +54,13 @@ int IPv4or6 = AF_UNSPEC;
int ssh_port = SSH_DEFAULT_PORT;
-#define KT_RSA1 1
-#define KT_DSA 2
-#define KT_RSA 4
-#define KT_ECDSA 8
-#define KT_ED25519 16
+#define KT_DSA (1)
+#define KT_RSA (1<<1)
+#define KT_ECDSA (1<<2)
+#define KT_ED25519 (1<<3)
+
+#define KT_MIN KT_DSA
+#define KT_MAX KT_ED25519
int get_cert = 0;
int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
@@ -94,7 +96,7 @@ typedef struct Connection {
int c_plen; /* Packet length field for ssh packet */
int c_len; /* Total bytes which must be read. */
int c_off; /* Length of data read so far. */
- int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */
+ int c_keytype; /* Only one of KT_* */
sig_atomic_t c_done; /* SSH2 done */
char *c_namebase; /* Address to free for c_name and c_namelist */
char *c_name; /* Hostname of connection for errors */
@@ -435,6 +437,20 @@ congreet(int s)
size_t bufsiz;
con *c = &fdcon[s];
+ /* send client banner */
+ n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2);
+ if (n < 0 || (size_t)n >= sizeof(buf)) {
+ error("snprintf: buffer too small");
+ confree(s);
+ return;
+ }
+ if (atomicio(vwrite, s, buf, n) != (size_t)n) {
+ error("write (%s): %s", c->c_name, strerror(errno));
+ confree(s);
+ return;
+ }
+
for (;;) {
memset(buf, '\0', sizeof(buf));
bufsiz = sizeof(buf);
@@ -477,38 +493,14 @@ congreet(int s)
c->c_ssh->compat = compat_datafellows(remote_version);
else
c->c_ssh->compat = 0;
- if (c->c_keytype != KT_RSA1) {
- if (!ssh2_capable(remote_major, remote_minor)) {
- debug("%s doesn't support ssh2", c->c_name);
- confree(s);
- return;
- }
- } else if (remote_major != 1) {
- debug("%s doesn't support ssh1", c->c_name);
+ if (!ssh2_capable(remote_major, remote_minor)) {
+ debug("%s doesn't support ssh2", c->c_name);
confree(s);
return;
}
fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf));
- n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
- c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
- c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
- if (n < 0 || (size_t)n >= sizeof(buf)) {
- error("snprintf: buffer too small");
- confree(s);
- return;
- }
- if (atomicio(vwrite, s, buf, n) != (size_t)n) {
- error("write (%s): %s", c->c_name, strerror(errno));
- confree(s);
- return;
- }
- if (c->c_keytype != KT_RSA1) {
- keygrab_ssh2(c);
- confree(s);
- return;
- }
- c->c_status = CS_SIZE;
- contouch(s);
+ keygrab_ssh2(c);
+ confree(s);
}
static void
@@ -606,7 +598,7 @@ do_host(char *host)
if (name == NULL)
return;
- for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
+ for (j = KT_MIN; j <= KT_MAX; j *= 2) {
if (get_keytypes & j) {
while (ncon >= MAXCON)
conloop();
diff --git a/ssh.c b/ssh.c
index c1316f44c..ea394b0c2 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.456 2017/04/30 23:15:04 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.457 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1276,8 +1276,7 @@ main(int ac, char **av)
sensitive_data.nkeys = 0;
sensitive_data.keys = NULL;
sensitive_data.external_keysign = 0;
- if (options.rhosts_rsa_authentication ||
- options.hostbased_authentication) {
+ if (options.hostbased_authentication) {
sensitive_data.nkeys = 9;
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
sizeof(Key));
diff --git a/ssh.h b/ssh.h
index 50467a792..6e27672df 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.h,v 1.83 2015/12/11 03:19:09 djm Exp $ */
+/* $OpenBSD: ssh.h,v 1.84 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -32,7 +32,7 @@
/*
* Maximum length of lines in authorized_keys file.
- * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with
+ * Current value permits 16kbit RSA keys and 8kbit DSA keys, with
* some room for options and comments.
*/
#define SSH_MAX_PUBKEY_BYTES 16384
diff --git a/sshconnect.c b/sshconnect.c
index d01d2c82d..28fd62104 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.276 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.277 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1367,7 +1367,6 @@ static int
show_other_keys(struct hostkeys *hostkeys, Key *key)
{
int type[] = {
- KEY_RSA1,
KEY_RSA,
KEY_DSA,
KEY_ECDSA,
diff --git a/sshconnect2.c b/sshconnect2.c
index 7e4cde151..393353db5 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.256 2017/04/28 03:24:53 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.257 2017/04/30 23:18:44 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1317,8 +1317,6 @@ pubkey_prepare(Authctxt *authctxt)
/* list of keys stored in the filesystem and PKCS#11 */
for (i = 0; i < options.num_identity_files; i++) {
key = options.identity_keys[i];
- if (key && key->type == KEY_RSA1)
- continue;
if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
continue;
options.identity_keys[i] = NULL;
@@ -1471,7 +1469,7 @@ try_identity(Identity *id)
key_type(id->key), id->filename);
return (0);
}
- return (id->key->type != KEY_RSA1);
+ return 1;
}
int
@@ -1764,7 +1762,6 @@ userauth_hostbased(Authctxt *authctxt)
private = NULL;
for (i = 0; i < authctxt->sensitive->nkeys; i++) {
if (authctxt->sensitive->keys[i] == NULL ||
- authctxt->sensitive->keys[i]->type == KEY_RSA1 ||
authctxt->sensitive->keys[i]->type == KEY_UNSPEC)
continue;
if (match_pattern_list(
diff --git a/sshd.c b/sshd.c
index d18da6bdf..f128912b5 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.486 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.487 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1676,14 +1676,6 @@ main(int ac, char **av)
key = key_load_private(options.host_key_files[i], "", NULL);
pubkey = key_load_public(options.host_key_files[i], NULL);
- if ((pubkey != NULL && pubkey->type == KEY_RSA1) ||
- (key != NULL && key->type == KEY_RSA1)) {
- verbose("Ignoring RSA1 key %s",
- options.host_key_files[i]);
- key_free(key);
- key_free(pubkey);
- continue;
- }
if (pubkey == NULL && key != NULL)
pubkey = key_demote(key);
sensitive_data.host_keys[i] = key;
diff --git a/sshkey.c b/sshkey.c
index 1741d9b19..0f6468197 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.47 2017/04/30 23:15:04 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.48 2017/04/30 23:18:44 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -235,10 +235,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
for ((p = strsep(&cp, ",")); p && *p != '\0';
(p = strsep(&cp, ","))) {
type = sshkey_type_from_name(p);
- if (type == KEY_RSA1) {
- free(s);
- return 0;
- }
if (type == KEY_UNSPEC) {
if (allow_wildcard) {
/*
@@ -247,8 +243,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
* the component is accepted.
*/
for (kt = keytypes; kt->type != -1; kt++) {
- if (kt->type == KEY_RSA1)
- continue;
if (match_pattern_list(kt->name,
p, 0) != 0)
break;
@@ -269,7 +263,6 @@ sshkey_size(const struct sshkey *k)
{
switch (k->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA:
case KEY_RSA_CERT:
return BN_num_bits(k->rsa->n);
@@ -472,7 +465,6 @@ sshkey_new(int type)
k->ed25519_pk = NULL;
switch (k->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA:
case KEY_RSA_CERT:
if ((rsa = RSA_new()) == NULL ||
@@ -530,7 +522,6 @@ sshkey_add_private(struct sshkey *k)
{
switch (k->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA:
case KEY_RSA_CERT:
#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
@@ -586,7 +577,6 @@ sshkey_free(struct sshkey *k)
return;
switch (k->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA:
case KEY_RSA_CERT:
if (k->rsa != NULL)
@@ -664,7 +654,6 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
switch (a->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA_CERT:
case KEY_RSA:
return a->rsa != NULL && b->rsa != NULL &&
@@ -881,25 +870,7 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg,
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
-
- if (k->type == KEY_RSA1) {
-#ifdef WITH_OPENSSL
- int nlen = BN_num_bytes(k->rsa->n);
- int elen = BN_num_bytes(k->rsa->e);
-
- if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) {
- r = SSH_ERR_INVALID_FORMAT;
- goto out;
- }
- blob_len = nlen + elen;
- if ((blob = malloc(blob_len)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
- BN_bn2bin(k->rsa->n, blob);
- BN_bn2bin(k->rsa->e, blob + nlen);
-#endif /* WITH_OPENSSL */
- } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0)
+ if ((r = to_blob(k, &blob, &blob_len, 1)) != 0)
goto out;
if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
@@ -1208,8 +1179,6 @@ sshkey_read(struct sshkey *ret, char **cpp)
cp = *cpp;
switch (ret->type) {
- case KEY_RSA1:
- break;
case KEY_UNSPEC:
case KEY_RSA:
case KEY_DSA:
@@ -1363,30 +1332,16 @@ sshkey_to_base64(const struct sshkey *key, char **b64p)
}
static int
-sshkey_format_rsa1(const struct sshkey *key, struct sshbuf *b)
-{
- int r = SSH_ERR_INTERNAL_ERROR;
-
- return r;
-}
-
-static int
sshkey_format_text(const struct sshkey *key, struct sshbuf *b)
{
int r = SSH_ERR_INTERNAL_ERROR;
char *uu = NULL;
- if (key->type == KEY_RSA1) {
- if ((r = sshkey_format_rsa1(key, b)) != 0)
- goto out;
- } else {
- /* Unsupported key types handled in sshkey_to_base64() */
- if ((r = sshkey_to_base64(key, &uu)) != 0)
- goto out;
- if ((r = sshbuf_putf(b, "%s %s",
- sshkey_ssh_name(key), uu)) != 0)
- goto out;
- }
+ if ((r = sshkey_to_base64(key, &uu)) != 0)
+ goto out;
+ if ((r = sshbuf_putf(b, "%s %s",
+ sshkey_ssh_name(key), uu)) != 0)
+ goto out;
r = 0;
out:
free(uu);
@@ -1602,7 +1557,6 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp)
break;
# endif /* OPENSSL_HAS_ECC */
case KEY_RSA:
- case KEY_RSA1:
ret = rsa_generate_private_key(bits, &k->rsa);
break;
#endif /* WITH_OPENSSL */
@@ -1713,7 +1667,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
break;
# endif /* OPENSSL_HAS_ECC */
case KEY_RSA:
- case KEY_RSA1:
case KEY_RSA_CERT:
if ((n = sshkey_new(k->type)) == NULL)
return SSH_ERR_ALLOC_FAIL;
@@ -2183,7 +2136,6 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp)
if ((ret = sshkey_cert_copy(k, pk)) != 0)
goto fail;
/* FALLTHROUGH */
- case KEY_RSA1:
case KEY_RSA:
if ((pk->rsa = RSA_new()) == NULL ||
(pk->rsa->e = BN_dup(k->rsa->e)) == NULL ||
@@ -2742,7 +2694,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
switch (k->type) {
case KEY_RSA:
case KEY_RSA_CERT:
- case KEY_RSA1:
if (RSA_blinding_on(k->rsa, NULL) != 1) {
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
diff --git a/sshkey.h b/sshkey.h
index 1b9e42f45..0012f885d 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.16 2017/04/30 23:18:44 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -53,7 +53,6 @@ struct sshbuf;
/* Key types */
enum sshkey_types {
- KEY_RSA1,
KEY_RSA,
KEY_DSA,
KEY_ECDSA,
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 05:17:37 +0000