- markus@cvs.openbsd.org 2003/05/11 16:56:48

     [authfile.c ssh-keygen.c]
     change key_load_public to try to read a public from:
     rsa1 private or rsa1 public and ssh2 keys.
     this makes ssh-keygen -e fail for ssh1 keys more gracefully
     for example; report from itojun (netbsd pr 20550).

diff --git a/ChangeLog b/ChangeLog
index c7b77b7bf7c156043accb177f7925ebf0a3ad9ca..b535257b6ee22bdfbb46e6c6ee3d2cc43926853b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,12 @@
      [sshd.8]
      fix invalid .Pf macro usage introduced in previous commit
      ok jmc@ mouring@
+   - markus@cvs.openbsd.org 2003/05/11 16:56:48
+     [authfile.c ssh-keygen.c]
+     change key_load_public to try to read a public from:
+     rsa1 private or rsa1 public and ssh2 keys.
+     this makes ssh-keygen -e fail for ssh1 keys more gracefully
+     for example; report from itojun (netbsd pr 20550).
 
 20030512
  - (djm) Redhat spec: Don't install profile.d scripts when not 

diff --git a/authfile.c b/authfile.c
index 90618efdef8894db5fa5cbe60d929ad44ccdddfb..d563abb71a71ced188f2cf63e90af88f46109ff7 100644 (file)
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.53 2003/05/11 16:56:48 markus Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -629,9 +629,18 @@ key_load_public(const char *filename, char **commentp)
        Key *pub;
        char file[MAXPATHLEN];
 
+       /* try rsa1 private key */
        pub = key_load_public_type(KEY_RSA1, filename, commentp);
        if (pub != NULL)
                return pub;
+
+       /* try rsa1 public key */
+       pub = key_new(KEY_RSA1);
+       if (key_try_load_public(pub, filename, commentp) == 1)
+               return pub;
+       key_free(pub);
+
+       /* try ssh2 public key */
        pub = key_new(KEY_UNSPEC);
        if (key_try_load_public(pub, filename, commentp) == 1)
                return pub;

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4bd79af6a7184c1774859ac018a7c200aac9fc09..1d08c7cece96a30a48f53ebab90e916dd32376ed 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.103 2003/04/08 20:21:29 itojun Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.104 2003/05/11 16:56:48 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -163,6 +163,10 @@ do_convert_to_ssh2(struct passwd *pw)
                        exit(1);
                }
        }
+       if (k->type == KEY_RSA1) {
+               fprintf(stderr, "version 1 keys are not supported\n");
+               exit(1);
+       }
        if (key_to_blob(k, &blob, &len) <= 0) {
                fprintf(stderr, "key_to_blob failed\n");
                exit(1);