-/* $OpenBSD: clientloop.c,v 1.292 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.293 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
size_t i;
struct sshkey **tmp;
- if (l->status != HKF_STATUS_MATCHED || l->key == NULL ||
- l->key->type == KEY_RSA1)
+ if (l->status != HKF_STATUS_MATCHED || l->key == NULL)
return 0;
/* Mark off keys we've already seen for this host */
-/* $OpenBSD: hostfile.c,v 1.69 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.70 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
HostStatus end_return = HOST_NEW;
int want_cert = sshkey_is_cert(k);
HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE;
- int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2;
if (found != NULL)
*found = NULL;
for (i = 0; i < hostkeys->num_entries; i++) {
- if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1)
- continue;
- if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1)
- continue;
if (hostkeys->entries[i].marker != want_marker)
continue;
if (k == NULL) {
return 0;
}
- /* XXX might need a knob for this later */
- /* Don't remove RSA1 keys */
- if (l->key->type == KEY_RSA1) {
- fprintf(ctx->out, "%s\n", l->line);
- return 0;
- }
-
/*
* If this line contains one of the keys that we will be
* adding later, then don't change it and mark the key for
lineinfo.keytype = sshkey_type_from_name(ktype);
/*
- * Assume RSA1 if the first component is a short
+ * Assume legacy RSA1 if the first component is a short
* decimal number.
*/
if (lineinfo.keytype == KEY_UNSPEC && l < 8 &&
strspn(ktype, "0123456789") == l)
- lineinfo.keytype = KEY_RSA1;
+ goto bad;
/*
* Check that something other than whitespace follows
-/* $OpenBSD: ssh-agent.c,v 1.219 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.220 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
Identity *id;
struct sshbuf *msg;
int r;
+ u_char *blob;
+ size_t blen;
if ((msg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
(r = sshbuf_put_u32(msg, tab->nentries)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
TAILQ_FOREACH(id, &tab->idlist, next) {
- if (id->key->type == KEY_RSA1) {
- } else {
- u_char *blob;
- size_t blen;
-
- if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) {
- error("%s: sshkey_to_blob: %s", __func__,
- ssh_err(r));
- continue;
- }
- if ((r = sshbuf_put_string(msg, blob, blen)) != 0)
- fatal("%s: buffer error: %s",
- __func__, ssh_err(r));
- free(blob);
+ if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) {
+ error("%s: sshkey_to_blob: %s", __func__,
+ ssh_err(r));
+ continue;
}
+ if ((r = sshbuf_put_string(msg, blob, blen)) != 0)
+ fatal("%s: buffer error: %s",
+ __func__, ssh_err(r));
+ free(blob);
if ((r = sshbuf_put_cstring(msg, id->comment)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
count = pkcs11_add_provider(canonical_provider, pin, &keys);
for (i = 0; i < count; i++) {
k = keys[i];
- version = k->type == KEY_RSA1 ? 1 : 2;
+ version = 2;
tab = idtab_lookup(version);
if (lookup_identity(k, version) == NULL) {
id = xcalloc(1, sizeof(Identity));
-.\" $OpenBSD: ssh-keygen.1,v 1.135 2017/04/29 06:06:01 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.136 2017/04/30 23:18:44 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: April 29 2017 $
+.Dd $Mdocdate: April 30 2017 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
If the passphrase is lost or forgotten, a new key must be generated
and the corresponding public key copied to other machines.
.Pp
-For RSA1 keys and keys stored in the newer OpenSSH format,
+For keys stored in the newer OpenSSH format,
there is also a comment field in the key file that is only for
convenience to the user to help identify the key.
The comment can tell what the key is for, or whatever is useful.
Provides a new comment.
.It Fl c
Requests changing the comment in the private and public key files.
-This operation is only supported for RSA1 keys and keys stored in the
+This operation is only supported for keys stored in the
newer OpenSSH format.
The program will prompt for the file containing the private keys, for
the passphrase if the key has one, and for the new comment.
Prints the contents of one or more certificates.
.It Fl l
Show fingerprint of specified public key file.
-Private RSA1 keys are also supported.
For RSA and DSA keys
.Nm
tries to find the matching public key file and prints its fingerprint.
-/* $OpenBSD: ssh-keygen.c,v 1.301 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.302 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
name = _PATH_SSH_CLIENT_ID_RSA;
else {
switch (sshkey_type_from_name(key_type_name)) {
- case KEY_RSA1:
- name = _PATH_SSH_CLIENT_IDENTITY;
- break;
case KEY_DSA_CERT:
case KEY_DSA:
name = _PATH_SSH_CLIENT_ID_DSA;
char comment[61];
int r;
- if (k->type == KEY_RSA1)
- fatal("version 1 keys are not supported");
if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
fatal("key_to_blob failed: %s", ssh_err(r));
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
do_convert_to_pkcs8(struct sshkey *k)
{
switch (sshkey_type_plain(k->type)) {
- case KEY_RSA1:
case KEY_RSA:
if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
fatal("PEM_write_RSA_PUBKEY failed");
do_convert_to_pem(struct sshkey *k)
{
switch (sshkey_type_plain(k->type)) {
- case KEY_RSA1:
case KEY_RSA:
if (!PEM_write_RSAPublicKey(stdout, k->rsa))
fatal("PEM_write_RSAPublicKey failed");
struct sshkey *ret;
int r;
- if ((ret = sshkey_new(KEY_RSA1)) == NULL)
- fatal("sshkey_new failed");
- /* Try RSA1 */
- if ((r = sshkey_read(ret, cpp)) == 0)
- return ret;
- /* Try modern */
- sshkey_free(ret);
if ((ret = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
if ((r = sshkey_read(ret, cpp)) == 0)
}
}
- if (private->type != KEY_RSA1 && private->type != KEY_ED25519 &&
- !use_new_format) {
- error("Comments are only supported for RSA1 or keys stored in "
+ if (private->type != KEY_ED25519 && !use_new_format) {
+ error("Comments are only supported for keys stored in "
"the new format (-o).");
explicit_bzero(passphrase, strlen(passphrase));
sshkey_free(private);
}
#endif
-# define RSA1_USAGE ""
-
static void
usage(void)
{
fprintf(stderr,
- "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n"
+ "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n"
" [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
" ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
" ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
" ssh-keygen -y [-f input_keyfile]\n"
" ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
" ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
- " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE);
+ " ssh-keygen -B [-f input_keyfile]\n");
#ifdef ENABLE_PKCS11
fprintf(stderr,
" ssh-keygen -D pkcs11\n");
-.\" $OpenBSD: ssh-keyscan.1,v 1.38 2015/11/08 23:24:03 jmc Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.39 2017/04/30 23:18:44 djm Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
-.Dd $Mdocdate: November 8 2015 $
+.Dd $Mdocdate: April 30 2017 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
.Ed
.Pp
-Output format for RSA1 keys:
-.Bd -literal
-host-or-namelist bits exponent modulus
-.Ed
-.Pp
Output format for RSA, DSA, ECDSA, and Ed25519 keys:
.Bd -literal
host-or-namelist keytype base64-encoded-key
-/* $OpenBSD: ssh-keyscan.c,v 1.111 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.112 2017/04/30 23:18:44 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
int ssh_port = SSH_DEFAULT_PORT;
-#define KT_RSA1 1
-#define KT_DSA 2
-#define KT_RSA 4
-#define KT_ECDSA 8
-#define KT_ED25519 16
+#define KT_DSA (1)
+#define KT_RSA (1<<1)
+#define KT_ECDSA (1<<2)
+#define KT_ED25519 (1<<3)
+
+#define KT_MIN KT_DSA
+#define KT_MAX KT_ED25519
int get_cert = 0;
int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
int c_plen; /* Packet length field for ssh packet */
int c_len; /* Total bytes which must be read. */
int c_off; /* Length of data read so far. */
- int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */
+ int c_keytype; /* Only one of KT_* */
sig_atomic_t c_done; /* SSH2 done */
char *c_namebase; /* Address to free for c_name and c_namelist */
char *c_name; /* Hostname of connection for errors */
size_t bufsiz;
con *c = &fdcon[s];
+ /* send client banner */
+ n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2);
+ if (n < 0 || (size_t)n >= sizeof(buf)) {
+ error("snprintf: buffer too small");
+ confree(s);
+ return;
+ }
+ if (atomicio(vwrite, s, buf, n) != (size_t)n) {
+ error("write (%s): %s", c->c_name, strerror(errno));
+ confree(s);
+ return;
+ }
+
for (;;) {
memset(buf, '\0', sizeof(buf));
bufsiz = sizeof(buf);
c->c_ssh->compat = compat_datafellows(remote_version);
else
c->c_ssh->compat = 0;
- if (c->c_keytype != KT_RSA1) {
- if (!ssh2_capable(remote_major, remote_minor)) {
- debug("%s doesn't support ssh2", c->c_name);
- confree(s);
- return;
- }
- } else if (remote_major != 1) {
- debug("%s doesn't support ssh1", c->c_name);
+ if (!ssh2_capable(remote_major, remote_minor)) {
+ debug("%s doesn't support ssh2", c->c_name);
confree(s);
return;
}
fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf));
- n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
- c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
- c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
- if (n < 0 || (size_t)n >= sizeof(buf)) {
- error("snprintf: buffer too small");
- confree(s);
- return;
- }
- if (atomicio(vwrite, s, buf, n) != (size_t)n) {
- error("write (%s): %s", c->c_name, strerror(errno));
- confree(s);
- return;
- }
- if (c->c_keytype != KT_RSA1) {
- keygrab_ssh2(c);
- confree(s);
- return;
- }
- c->c_status = CS_SIZE;
- contouch(s);
+ keygrab_ssh2(c);
+ confree(s);
}
static void
if (name == NULL)
return;
- for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
+ for (j = KT_MIN; j <= KT_MAX; j *= 2) {
if (get_keytypes & j) {
while (ncon >= MAXCON)
conloop();
-/* $OpenBSD: ssh.c,v 1.456 2017/04/30 23:15:04 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.457 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
sensitive_data.nkeys = 0;
sensitive_data.keys = NULL;
sensitive_data.external_keysign = 0;
- if (options.rhosts_rsa_authentication ||
- options.hostbased_authentication) {
+ if (options.hostbased_authentication) {
sensitive_data.nkeys = 9;
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
sizeof(Key));
-/* $OpenBSD: ssh.h,v 1.83 2015/12/11 03:19:09 djm Exp $ */
+/* $OpenBSD: ssh.h,v 1.84 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
/*
* Maximum length of lines in authorized_keys file.
- * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with
+ * Current value permits 16kbit RSA keys and 8kbit DSA keys, with
* some room for options and comments.
*/
#define SSH_MAX_PUBKEY_BYTES 16384
-/* $OpenBSD: sshconnect.c,v 1.276 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.277 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
show_other_keys(struct hostkeys *hostkeys, Key *key)
{
int type[] = {
- KEY_RSA1,
KEY_RSA,
KEY_DSA,
KEY_ECDSA,
-/* $OpenBSD: sshconnect2.c,v 1.256 2017/04/28 03:24:53 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.257 2017/04/30 23:18:44 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
/* list of keys stored in the filesystem and PKCS#11 */
for (i = 0; i < options.num_identity_files; i++) {
key = options.identity_keys[i];
- if (key && key->type == KEY_RSA1)
- continue;
if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
continue;
options.identity_keys[i] = NULL;
key_type(id->key), id->filename);
return (0);
}
- return (id->key->type != KEY_RSA1);
+ return 1;
}
int
private = NULL;
for (i = 0; i < authctxt->sensitive->nkeys; i++) {
if (authctxt->sensitive->keys[i] == NULL ||
- authctxt->sensitive->keys[i]->type == KEY_RSA1 ||
authctxt->sensitive->keys[i]->type == KEY_UNSPEC)
continue;
if (match_pattern_list(
-/* $OpenBSD: sshd.c,v 1.486 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.487 2017/04/30 23:18:44 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
key = key_load_private(options.host_key_files[i], "", NULL);
pubkey = key_load_public(options.host_key_files[i], NULL);
- if ((pubkey != NULL && pubkey->type == KEY_RSA1) ||
- (key != NULL && key->type == KEY_RSA1)) {
- verbose("Ignoring RSA1 key %s",
- options.host_key_files[i]);
- key_free(key);
- key_free(pubkey);
- continue;
- }
if (pubkey == NULL && key != NULL)
pubkey = key_demote(key);
sensitive_data.host_keys[i] = key;
-/* $OpenBSD: sshkey.c,v 1.47 2017/04/30 23:15:04 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.48 2017/04/30 23:18:44 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
for ((p = strsep(&cp, ",")); p && *p != '\0';
(p = strsep(&cp, ","))) {
type = sshkey_type_from_name(p);
- if (type == KEY_RSA1) {
- free(s);
- return 0;
- }
if (type == KEY_UNSPEC) {
if (allow_wildcard) {
/*
* the component is accepted.
*/
for (kt = keytypes; kt->type != -1; kt++) {
- if (kt->type == KEY_RSA1)
- continue;
if (match_pattern_list(kt->name,
p, 0) != 0)
break;
{
switch (k->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA:
case KEY_RSA_CERT:
return BN_num_bits(k->rsa->n);
k->ed25519_pk = NULL;
switch (k->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA:
case KEY_RSA_CERT:
if ((rsa = RSA_new()) == NULL ||
{
switch (k->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA:
case KEY_RSA_CERT:
#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
return;
switch (k->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA:
case KEY_RSA_CERT:
if (k->rsa != NULL)
switch (a->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA1:
case KEY_RSA_CERT:
case KEY_RSA:
return a->rsa != NULL && b->rsa != NULL &&
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
-
- if (k->type == KEY_RSA1) {
-#ifdef WITH_OPENSSL
- int nlen = BN_num_bytes(k->rsa->n);
- int elen = BN_num_bytes(k->rsa->e);
-
- if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) {
- r = SSH_ERR_INVALID_FORMAT;
- goto out;
- }
- blob_len = nlen + elen;
- if ((blob = malloc(blob_len)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
- BN_bn2bin(k->rsa->n, blob);
- BN_bn2bin(k->rsa->e, blob + nlen);
-#endif /* WITH_OPENSSL */
- } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0)
+ if ((r = to_blob(k, &blob, &blob_len, 1)) != 0)
goto out;
if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
cp = *cpp;
switch (ret->type) {
- case KEY_RSA1:
- break;
case KEY_UNSPEC:
case KEY_RSA:
case KEY_DSA:
return r;
}
-static int
-sshkey_format_rsa1(const struct sshkey *key, struct sshbuf *b)
-{
- int r = SSH_ERR_INTERNAL_ERROR;
-
- return r;
-}
-
static int
sshkey_format_text(const struct sshkey *key, struct sshbuf *b)
{
int r = SSH_ERR_INTERNAL_ERROR;
char *uu = NULL;
- if (key->type == KEY_RSA1) {
- if ((r = sshkey_format_rsa1(key, b)) != 0)
- goto out;
- } else {
- /* Unsupported key types handled in sshkey_to_base64() */
- if ((r = sshkey_to_base64(key, &uu)) != 0)
- goto out;
- if ((r = sshbuf_putf(b, "%s %s",
- sshkey_ssh_name(key), uu)) != 0)
- goto out;
- }
+ if ((r = sshkey_to_base64(key, &uu)) != 0)
+ goto out;
+ if ((r = sshbuf_putf(b, "%s %s",
+ sshkey_ssh_name(key), uu)) != 0)
+ goto out;
r = 0;
out:
free(uu);
&k->ecdsa);
break;
case KEY_RSA:
- case KEY_RSA1:
ret = rsa_generate_private_key(bits, &k->rsa);
break;
#endif /* WITH_OPENSSL */
}
break;
case KEY_RSA:
- case KEY_RSA1:
case KEY_RSA_CERT:
if ((n = sshkey_new(k->type)) == NULL)
return SSH_ERR_ALLOC_FAIL;
if ((ret = sshkey_cert_copy(k, pk)) != 0)
goto fail;
/* FALLTHROUGH */
- case KEY_RSA1:
case KEY_RSA:
if ((pk->rsa = RSA_new()) == NULL ||
(pk->rsa->e = BN_dup(k->rsa->e)) == NULL ||
switch (k->type) {
case KEY_RSA:
case KEY_RSA_CERT:
- case KEY_RSA1:
if (RSA_blinding_on(k->rsa, NULL) != 1) {
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
-/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.16 2017/04/30 23:18:44 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
/* Key types */
enum sshkey_types {
- KEY_RSA1,
KEY_RSA,
KEY_DSA,
KEY_ECDSA,
projects / openbsd / commitdiff