Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/ssh-keyscan.c,v
rcsdiff: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/ssh-keyscan.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.19
retrieving revision 1.20
diff -u -p -r1.19 -r1.20
--- src/crypto/external/bsd/openssh/dist/ssh-keyscan.c	2017/04/18 18:41:46	1.19
+++ src/crypto/external/bsd/openssh/dist/ssh-keyscan.c	2017/10/07 19:39:19	1.20
@@ -1,5 +1,5 @@
-/*	$NetBSD: ssh-keyscan.c,v 1.19 2017/04/18 18:41:46 christos Exp $	*/
-/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */
+/*	$NetBSD: ssh-keyscan.c,v 1.20 2017/10/07 19:39:19 christos Exp $	*/
+/* $OpenBSD: ssh-keyscan.c,v 1.115 2017/06/30 04:17:23 dtucker Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -9,7 +9,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keyscan.c,v 1.19 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: ssh-keyscan.c,v 1.20 2017/10/07 19:39:19 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -31,7 +31,6 @@ __RCSID("$NetBSD: ssh-keyscan.c,v 1.19 2
 
 #include "xmalloc.h"
 #include "ssh.h"
-#include "ssh1.h"
 #include "sshbuf.h"
 #include "sshkey.h"
 #include "cipher.h"
@@ -53,11 +52,13 @@ int IPv4or6 = AF_UNSPEC;
 
 int ssh_port = SSH_DEFAULT_PORT;
 
-#define KT_RSA1		1
-#define KT_DSA		2
-#define KT_RSA		4
-#define KT_ECDSA	8
-#define KT_ED25519	16
+#define KT_DSA		(1)
+#define KT_RSA		(1<<1)
+#define KT_ECDSA	(1<<2)
+#define KT_ED25519	(1<<3)
+
+#define KT_MIN		KT_DSA
+#define KT_MAX		KT_ED25519
 
 int get_cert = 0;
 int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
@@ -91,7 +92,7 @@ typedef struct Connection {
 	int c_plen;		/* Packet length field for ssh packet */
 	int c_len;		/* Total bytes which must be read. */
 	int c_off;		/* Length of data read so far. */
-	int c_keytype;		/* Only one of KT_RSA1, KT_DSA, or KT_RSA */
+	int c_keytype;		/* Only one of KT_* */
 	sig_atomic_t c_done;	/* SSH2 done */
 	char *c_namebase;	/* Address to free for c_name and c_namelist */
 	char *c_name;		/* Hostname of connection for errors */
@@ -174,52 +175,6 @@ strnnsep(char **stringp, const char *del
 	return (tok);
 }
 
-#ifdef WITH_SSH1
-static struct sshkey *
-keygrab_ssh1(con *c)
-{
-	static struct sshkey *rsa;
-	static struct sshbuf *msg;
-	int r;
-	u_char type;
-
-	if (rsa == NULL) {
-		if ((rsa = sshkey_new(KEY_RSA1)) == NULL) {
-			error("%s: sshkey_new failed", __func__);
-			return NULL;
-		}
-		if ((msg = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new failed", __func__);
-	}
-	if ((r = sshbuf_put(msg, c->c_data, c->c_plen)) != 0 ||
-	    (r = sshbuf_consume(msg, 8 - (c->c_plen & 7))) != 0 || /* padding */
-	    (r = sshbuf_get_u8(msg, &type)) != 0)
-		goto buf_err;
-	if (type != (int) SSH_SMSG_PUBLIC_KEY) {
-		error("%s: invalid packet type", c->c_name);
-		sshbuf_reset(msg);
-		return NULL;
-	}
-	if ((r = sshbuf_consume(msg, 8)) != 0 || /* cookie */
-	    /* server key */
-	    (r = sshbuf_get_u32(msg, NULL)) != 0 ||
-	    (r = sshbuf_get_bignum1(msg, NULL)) != 0 ||
-	    (r = sshbuf_get_bignum1(msg, NULL)) != 0 ||
-	    /* host key */
-	    (r = sshbuf_get_u32(msg, NULL)) != 0 ||
-	    (r = sshbuf_get_bignum1(msg, rsa->rsa->e)) != 0 ||
-	    (r = sshbuf_get_bignum1(msg, rsa->rsa->n)) != 0) {
- buf_err:
-		error("%s: buffer error: %s", __func__, ssh_err(r));
-		sshbuf_reset(msg);
-		return NULL;
-	}
-
-	sshbuf_reset(msg);
-
-	return (rsa);
-}
-#endif
 
 static int
 key_print_wrapper(struct sshkey *hostkey, struct ssh *ssh)
@@ -254,7 +209,6 @@ keygrab_ssh2(con *c)
 	const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 	int r;
 
-	enable_compat20();
 	switch (c->c_keytype) {
 	case KT_DSA:
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
@@ -302,7 +256,7 @@ keygrab_ssh2(con *c)
 	 * do the key-exchange until an error occurs or until
 	 * the key_print_wrapper() callback sets c_done.
 	 */
-	ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done, c->c_ssh);
+	ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done);
 }
 
 static void
@@ -421,7 +375,6 @@ confree(int s)
 {
 	if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
 		fatal("confree: attempt to free bad fdno %d", s);
-	close(s);
 	free(fdcon[s].c_namebase);
 	free(fdcon[s].c_output_name);
 	if (fdcon[s].c_status == CS_KEYS)
@@ -432,7 +385,8 @@ confree(int s)
 		ssh_packet_close(fdcon[s].c_ssh);
 		free(fdcon[s].c_ssh);
 		fdcon[s].c_ssh = NULL;
-	}
+	} else
+		close(s);
 	TAILQ_REMOVE(&tq, &fdcon[s], c_link);
 	FD_CLR(s, read_wait);
 	ncon--;
@@ -467,6 +421,20 @@ congreet(int s)
 	size_t bufsiz;
 	con *c = &fdcon[s];
 
+	/* send client banner */
+	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2);
+	if (n < 0 || (size_t)n >= sizeof(buf)) {
+		error("snprintf: buffer too small");
+		confree(s);
+		return;
+	}
+	if (atomicio(vwrite, s, buf, n) != (size_t)n) {
+		error("write (%s): %s", c->c_name, strerror(errno));
+		confree(s);
+		return;
+	}
+
 	for (;;) {
 		memset(buf, '\0', sizeof(buf));
 		bufsiz = sizeof(buf);
@@ -509,38 +477,14 @@ congreet(int s)
 		c->c_ssh->compat = compat_datafellows(remote_version);
 	else
 		c->c_ssh->compat = 0;
-	if (c->c_keytype != KT_RSA1) {
-		if (!ssh2_capable(remote_major, remote_minor)) {
-			debug("%s doesn't support ssh2", c->c_name);
-			confree(s);
-			return;
-		}
-	} else if (remote_major != 1) {
-		debug("%s doesn't support ssh1", c->c_name);
+	if (!ssh2_capable(remote_major, remote_minor)) {
+		debug("%s doesn't support ssh2", c->c_name);
 		confree(s);
 		return;
 	}
 	fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf));
-	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
-	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
-	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
-	if (n < 0 || (size_t)n >= sizeof(buf)) {
-		error("snprintf: buffer too small");
-		confree(s);
-		return;
-	}
-	if (atomicio(vwrite, s, buf, n) != (size_t)n) {
-		error("write (%s): %s", c->c_name, strerror(errno));
-		confree(s);
-		return;
-	}
-	if (c->c_keytype != KT_RSA1) {
-		keygrab_ssh2(c);
-		confree(s);
-		return;
-	}
-	c->c_status = CS_SIZE;
-	contouch(s);
+	keygrab_ssh2(c);
+	confree(s);
 }
 
 static void
@@ -570,12 +514,6 @@ conread(int s)
 			c->c_data = xmalloc(c->c_len);
 			c->c_status = CS_KEYS;
 			break;
-#ifdef WITH_SSH1
-		case CS_KEYS:
-			keyprint(c, keygrab_ssh1(c));
-			confree(s);
-			return;
-#endif
 		default:
 			fatal("conread: invalid status %d", c->c_status);
 			break;
@@ -644,7 +582,7 @@ do_host(char *host)
 
 	if (name == NULL)
 		return;
-	for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
+	for (j = KT_MIN; j <= KT_MAX; j *= 2) {
 		if (get_keytypes & j) {
 			while (ncon >= MAXCON)
 				conloop();
@@ -739,11 +677,6 @@ main(int argc, char **argv)
 				int type = sshkey_type_from_name(tname);
 
 				switch (type) {
-#ifdef WITH_SSH1
-				case KEY_RSA1:
-					get_keytypes |= KT_RSA1;
-					break;
-#endif
 				case KEY_DSA:
 					get_keytypes |= KT_DSA;
 					break;