upstream commit

switch from Key typedef with struct sshkey; ok djm@

Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f

auth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.120 2017/05/17 01:24:17 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.121 2017/05/30 08:52:19 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -428,7 +428,7 @@ authorized_principals_file(struct passwd *pw)
 
 /* return ok if key exists in sysfile or userfile */
 HostStatus
-check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
     const char *sysfile, const char *userfile)
 {
 	char *user_hostfile;
@@ -695,7 +695,7 @@ getpwnamallow(const char *user)
 
 /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
 int
-auth_key_is_revoked(Key *key)
+auth_key_is_revoked(struct sshkey *key)
 {
 	char *fp = NULL;
 	int r;

auth.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.89 2016/08/13 17:47:41 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.90 2017/05/30 08:52:19 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -117,9 +117,10 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *);
 
 int      auth_password(Authctxt *, const char *);
 
-int	 hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
+int	 hostbased_key_allowed(struct passwd *, const char *, char *,
-int	 user_key_allowed(struct passwd *, Key *, int);
+	    struct sshkey *);
-void	 pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
+int	 user_key_allowed(struct passwd *, struct sshkey *, int);
+void	 pubkey_auth_info(Authctxt *, const struct sshkey *, const char *, ...)
 	    __attribute__((__format__ (printf, 3, 4)));
 void	 auth2_record_userkey(Authctxt *, struct sshkey *);
 int	 auth2_userkey_already_used(Authctxt *, struct sshkey *);
@@ -182,22 +183,22 @@ char	*authorized_principals_file(struct passwd *);
 
 FILE	*auth_openkeyfile(const char *, struct passwd *, int);
 FILE	*auth_openprincipals(const char *, struct passwd *, int);
-int	 auth_key_is_revoked(Key *);
+int	 auth_key_is_revoked(struct sshkey *);
 
 const char	*auth_get_canonical_hostname(struct ssh *, int);
 
 HostStatus
-check_key_in_hostfiles(struct passwd *, Key *, const char *,
+check_key_in_hostfiles(struct passwd *, struct sshkey *, const char *,
     const char *, const char *);
 
 /* hostkey handling */
-Key	*get_hostkey_by_index(int);
+struct sshkey	*get_hostkey_by_index(int);
-Key	*get_hostkey_public_by_index(int, struct ssh *);
+struct sshkey	*get_hostkey_public_by_index(int, struct ssh *);
-Key	*get_hostkey_public_by_type(int, int, struct ssh *);
+struct sshkey	*get_hostkey_public_by_type(int, int, struct ssh *);
-Key	*get_hostkey_private_by_type(int, int, struct ssh *);
+struct sshkey	*get_hostkey_private_by_type(int, int, struct ssh *);
-int	 get_hostkey_index(Key *, int, struct ssh *);
+int	 get_hostkey_index(struct sshkey *, int, struct ssh *);
-int	 sshd_hostkey_sign(Key *, Key *, u_char **, size_t *,
+int	 sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **,
-	     const u_char *, size_t, const char *, u_int);
+	     size_t *, const u_char *, size_t, const char *, u_int);
 
 /* debug messages during authentication */
 void	 auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));

auth2-hostbased.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.26 2016/03/07 19:02:43 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.27 2017/05/30 08:52:19 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -59,7 +59,7 @@ static int
 userauth_hostbased(Authctxt *authctxt)
 {
 	Buffer b;
-	Key *key = NULL;
+	struct sshkey *key = NULL;
 	char *pkalg, *cuser, *chost, *service;
 	u_char *pkblob, *sig;
 	u_int alen, blen, slen;
@@ -158,7 +158,7 @@ done:
 /* return 1 if given hostkey is allowed */
 int
 hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
-    Key *key)
+    struct sshkey *key)
 {
 	struct ssh *ssh = active_state; /* XXX */
 	const char *resolvedname, *ipaddr, *lookup, *reason;

auth2-pubkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.63 2017/05/30 08:52:19 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -78,7 +78,7 @@ static int
 userauth_pubkey(Authctxt *authctxt)
 {
 	Buffer b;
-	Key *key = NULL;
+	struct sshkey *key = NULL;
 	char *pkalg, *userstyle, *fp = NULL;
 	u_char *pkblob, *sig;
 	u_int alen, blen, slen;
@@ -220,7 +220,8 @@ done:
 }
 
 void
-pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
+pubkey_auth_info(Authctxt *authctxt, const struct sshkey *key,
+    const char *fmt, ...)
 {
 	char *fp, *extra;
 	va_list ap;
@@ -761,12 +762,12 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
  * returns 1 if the key is allowed or 0 otherwise.
  */
 static int
-check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
+check_authkeys_file(FILE *f, char *file, struct sshkey* key, struct passwd *pw)
 {
 	char line[SSH_MAX_PUBKEY_BYTES];
 	int found_key = 0;
 	u_long linenum = 0;
-	Key *found;
+	struct sshkey *found;
 
 	found_key = 0;
 
@@ -876,7 +877,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
 
 /* Authenticate a certificate key against TrustedUserCAKeys */
 static int
-user_cert_trusted_ca(struct passwd *pw, Key *key)
+user_cert_trusted_ca(struct passwd *pw, struct sshkey *key)
 {
 	char *ca_fp, *principals_file = NULL;
 	const char *reason;
@@ -942,7 +943,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
  * returns 1 if the key is allowed or 0 otherwise.
  */
 static int
-user_key_allowed2(struct passwd *pw, Key *key, char *file)
+user_key_allowed2(struct passwd *pw, struct sshkey *key, char *file)
 {
 	FILE *f;
 	int found_key = 0;
@@ -965,7 +966,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
  * returns 1 if the key is allowed or 0 otherwise.
  */
 static int
-user_key_command_allowed2(struct passwd *user_pw, Key *key)
+user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key)
 {
 	FILE *f = NULL;
 	int r, ok, found_key = 0;
@@ -1088,7 +1089,7 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
  * Check whether key authenticates and authorises the user.
  */
 int
-user_key_allowed(struct passwd *pw, Key *key, int auth_attempt)
+user_key_allowed(struct passwd *pw, struct sshkey *key, int auth_attempt)
 {
 	u_int success, i;
 	char *file;

monitor.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.168 2017/05/30 08:52:19 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1119,7 +1119,7 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
 int
 mm_answer_keyallowed(int sock, Buffer *m)
 {
-	Key *key;
+	struct sshkey *key;
 	char *cuser, *chost;
 	u_char *blob;
 	u_int bloblen, pubkey_auth_attempt;
@@ -1332,7 +1332,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
 int
 mm_answer_keyverify(int sock, Buffer *m)
 {
-	Key *key;
+	struct sshkey *key;
 	u_char *signature, *data, *blob;
 	u_int signaturelen, datalen, bloblen;
 	int verified = 0;

monitor_wrap.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.90 2017/05/17 01:24:17 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.91 2017/05/30 08:52:19 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -216,7 +216,7 @@ mm_choose_dh(int min, int nbits, int max)
 #endif
 
 int
-mm_key_sign(Key *key, u_char **sigp, u_int *lenp,
+mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
     const u_char *data, u_int datalen, const char *hostkey_alg)
 {
 	struct kex *kex = *pmonitor->m_pkex;
@@ -375,7 +375,8 @@ mm_auth_password(Authctxt *authctxt, char *password)
 }
 
 int
-mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt)
+mm_user_key_allowed(struct passwd *pw, struct sshkey *key,
+    int pubkey_auth_attempt)
 {
 	return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
 	    pubkey_auth_attempt));
@@ -383,14 +384,14 @@ mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt)
 
 int
 mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
-    Key *key)
+    struct sshkey *key)
 {
 	return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0));
 }
 
 int
 mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
-    Key *key, int pubkey_auth_attempt)
+    struct sshkey *key, int pubkey_auth_attempt)
 {
 	Buffer m;
 	u_char *blob;
@@ -435,7 +436,8 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
  */
 
 int
-mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
+mm_key_verify(struct sshkey *key, u_char *sig, u_int siglen, u_char *data,
+    u_int datalen)
 {
 	Buffer m;
 	u_char *blob;

monitor_wrap.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.32 2016/09/28 16:33:07 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.33 2017/05/30 08:52:19 markus Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -40,16 +40,18 @@ struct Authctxt;
 void mm_log_handler(LogLevel, const char *, void *);
 int mm_is_monitor(void);
 DH *mm_choose_dh(int, int, int);
-int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *);
+int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int,
+    const char *);
 void mm_inform_authserv(char *, char *);
 struct passwd *mm_getpwnamallow(const char *);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct Authctxt *, char *);
-int mm_key_allowed(enum mm_keytype, const char *, const char *, Key *, int);
+int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
-int mm_user_key_allowed(struct passwd *, Key *, int);
+    int);
+int mm_user_key_allowed(struct passwd *, struct sshkey *, int);
 int mm_hostbased_key_allowed(struct passwd *, const char *,
-    const char *, Key *);
+    const char *, struct sshkey *);
-int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);
+int mm_key_verify(struct sshkey *, u_char *, u_int, u_char *, u_int);
 
 #ifdef GSSAPI
 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);

ssh-pkcs11-client.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.6 2015/12/11 00:20:04 mmcc Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.7 2017/05/30 08:52:19 markus Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -106,7 +106,7 @@ static int
 pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
     int padding)
 {
-	Key key;
+	struct sshkey key;	/* XXX */
 	u_char *blob, *signature = NULL;
 	u_int blen, slen = 0;
 	int ret = -1;
@@ -186,7 +186,7 @@ pkcs11_start_helper(void)
 int
 pkcs11_add_provider(char *name, char *pin, Key ***keysp)
 {
-	Key *k;
+	struct sshkey *k;
 	int i, nkeys;
 	u_char *blob;
 	u_int blen;

ssh-pkcs11-helper.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.12 2016/02/15 09:47:49 dtucker Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.13 2017/05/30 08:52:19 markus Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -42,7 +42,7 @@
 /* borrows code from sftp-server and ssh-agent */
 
 struct pkcs11_keyinfo {
-	Key		*key;
+	struct sshkey	*key;
 	char		*providername;
 	TAILQ_ENTRY(pkcs11_keyinfo) next;
 };
@@ -60,7 +60,7 @@ Buffer iqueue;
 Buffer oqueue;
 
 static void
-add_key(Key *k, char *name)
+add_key(struct sshkey *k, char *name)
 {
 	struct pkcs11_keyinfo *ki;
 
@@ -87,8 +87,8 @@ del_keys_by_name(char *name)
 }
 
 /* lookup matching 'private' key */
-static Key *
+static struct sshkey *
-lookup_key(Key *k)
+lookup_key(struct sshkey *k)
 {
 	struct pkcs11_keyinfo *ki;
 
@@ -114,7 +114,7 @@ static void
 process_add(void)
 {
 	char *name, *pin;
-	Key **keys;
+	struct sshkey **keys;
 	int i, nkeys;
 	u_char *blob;
 	u_int blen;
@@ -170,7 +170,7 @@ process_sign(void)
 	u_char *blob, *data, *signature = NULL;
 	u_int blen, dlen, slen = 0;
 	int ok = -1;
-	Key *key, *found;
+	struct sshkey *key, *found;
 	Buffer msg;
 
 	blob = get_string(&blen);

ssh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.459 2017/05/02 08:06:33 jmc Exp $ */
+/* $OpenBSD: ssh.c,v 1.460 2017/05/30 08:52:19 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1278,7 +1278,7 @@ main(int ac, char **av)
 	if (options.hostbased_authentication) {
 		sensitive_data.nkeys = 9;
 		sensitive_data.keys = xcalloc(sensitive_data.nkeys,
-		    sizeof(Key));
+		    sizeof(struct sshkey));	/* XXX */
 		for (i = 0; i < sensitive_data.nkeys; i++)
 			sensitive_data.keys[i] = NULL;
 
@@ -1849,16 +1849,16 @@ load_public_identity_files(void)
 {
 	char *filename, *cp, thishost[NI_MAXHOST];
 	char *pwdir = NULL, *pwname = NULL;
-	Key *public;
+	struct sshkey *public;
 	struct passwd *pw;
 	int i;
 	u_int n_ids, n_certs;
 	char *identity_files[SSH_MAX_IDENTITY_FILES];
-	Key *identity_keys[SSH_MAX_IDENTITY_FILES];
+	struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];
 	char *certificate_files[SSH_MAX_CERTIFICATE_FILES];
 	struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
 #ifdef ENABLE_PKCS11
-	Key **keys;
+	struct sshkey **keys;
 	int nkeys;
 #endif /* PKCS11 */
 

sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.278 2017/05/01 02:27:11 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.279 2017/05/30 08:52:19 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -67,7 +67,7 @@
 
 char *client_version_string = NULL;
 char *server_version_string = NULL;
-Key *previous_host_key = NULL;
+struct sshkey *previous_host_key = NULL;
 
 static int matching_host_key_dns = 0;
 
@@ -79,8 +79,8 @@ extern char *__progname;
 extern uid_t original_real_uid;
 extern uid_t original_effective_uid;
 
-static int show_other_keys(struct hostkeys *, Key *);
+static int show_other_keys(struct hostkeys *, struct sshkey *);
-static void warn_changed_key(Key *);
+static void warn_changed_key(struct sshkey *);
 
 /* Expand a proxy command */
 static char *
@@ -667,7 +667,7 @@ confirm(const char *prompt)
 }
 
 static int
-check_host_cert(const char *host, const Key *host_key)
+check_host_cert(const char *host, const struct sshkey *host_key)
 {
 	const char *reason;
 
@@ -765,13 +765,13 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
 #define ROQUIET	2
 static int
 check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
-    Key *host_key, int readonly,
+    struct sshkey *host_key, int readonly,
     char **user_hostfiles, u_int num_user_hostfiles,
     char **system_hostfiles, u_int num_system_hostfiles)
 {
 	HostStatus host_status;
 	HostStatus ip_status;
-	Key *raw_key = NULL;
+	struct sshkey *raw_key = NULL;
 	char *ip = NULL, *host = NULL;
 	char hostline[1000], *hostp, *fp, *ra;
 	char msg[1024];
@@ -1196,7 +1196,7 @@ fail:
 
 /* returns 0 if key verifies or -1 if key does NOT verify */
 int
-verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
+verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
 {
 	u_int i;
 	int r = -1, flags = 0;
@@ -1362,7 +1362,7 @@ ssh_put_password(char *password)
 
 /* print all known host keys for a given host, but skip keys of given type */
 static int
-show_other_keys(struct hostkeys *hostkeys, Key *key)
+show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
 {
 	int type[] = {
 		KEY_RSA,
@@ -1402,7 +1402,7 @@ show_other_keys(struct hostkeys *hostkeys, Key *key)
 }
 
 static void
-warn_changed_key(Key *host_key)
+warn_changed_key(struct sshkey *host_key)
 {
 	char *fp;
 
@@ -1465,7 +1465,7 @@ ssh_local_cmd(const char *args)
 }
 
 void
-maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
+maybe_add_key_to_agent(char *authfile, struct sshkey *private, char *comment,
     char *passphrase)
 {
 	int auth_sock = -1, r;

sshconnect.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.29 2015/11/15 22:26:49 jcs Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.30 2017/05/30 08:52:19 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,9 +26,9 @@
 
 typedef struct Sensitive Sensitive;
 struct Sensitive {
-	Key	**keys;
+	struct sshkey	**keys;
-	int	nkeys;
+	int		nkeys;
-	int	external_keysign;
+	int		external_keysign;
 };
 
 struct addrinfo;
@@ -41,7 +41,7 @@ void	 ssh_login(Sensitive *, const char *, struct sockaddr *, u_short,
 
 void	 ssh_exchange_identification(int);
 
-int	 verify_host_key(char *, struct sockaddr *, Key *);
+int	 verify_host_key(char *, struct sockaddr *, struct sshkey *);
 
 void	 get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short,
     char **, char **);
@@ -55,7 +55,7 @@ void	 ssh_userauth2(const char *, const char *, char *, Sensitive *);
 void	 ssh_put_password(char *);
 int	 ssh_local_cmd(const char *);
 
-void	 maybe_add_key_to_agent(char *, Key *, char *, char *);
+void	 maybe_add_key_to_agent(char *, struct sshkey *, char *, char *);
 
 /*
  * Macros to raise/lower permissions.

sshconnect2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.258 2017/05/05 10:42:49 naddy Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.259 2017/05/30 08:52:20 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -93,7 +93,7 @@ char *xxx_host;
 struct sockaddr *xxx_hostaddr;
 
 static int
-verify_host_key_callback(Key *hostkey, struct ssh *ssh)
+verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
 {
 	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
 		fatal("Host key verification failed.");
@@ -319,7 +319,7 @@ static int sign_and_send_pubkey(Authctxt *, Identity *);
 static void pubkey_prepare(Authctxt *);
 static void pubkey_cleanup(Authctxt *);
 static void pubkey_reset(Authctxt *);
-static Key *load_identity_file(Identity *);
+static struct sshkey *load_identity_file(Identity *);
 
 static Authmethod *authmethod_get(char *authlist);
 static Authmethod *authmethod_lookup(const char *name);
@@ -574,7 +574,7 @@ int
 input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
-	Key *key = NULL;
+	struct sshkey *key = NULL;
 	Identity *id = NULL;
 	Buffer b;
 	int pktype, sent = 0;
@@ -1015,7 +1015,7 @@ static int
 identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen, u_int compat)
 {
-	Key *prv;
+	struct sshkey *prv;
 	int ret;
 
 	/* the agent supports this key */
@@ -1225,10 +1225,10 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
 	return 1;
 }
 
-static Key *
+static struct sshkey *
 load_identity_file(Identity *id)
 {
-	Key *private = NULL;
+	struct sshkey *private = NULL;
 	char prompt[300], *passphrase, *comment;
 	int r, perm_ok = 0, quit = 0, i;
 	struct stat st;

sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.487 2017/04/30 23:18:44 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.488 2017/05/30 08:52:20 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -195,10 +195,10 @@ int have_agent = 0;
  * not very useful.  Currently, memory locking is not implemented.
  */
 struct {
-	Key	**host_keys;		/* all private host keys */
+	struct sshkey	**host_keys;		/* all private host keys */
-	Key	**host_pubkeys;		/* all public host keys */
+	struct sshkey	**host_pubkeys;		/* all public host keys */
-	Key	**host_certificates;	/* all public host certificates */
+	struct sshkey	**host_certificates;	/* all public host certificates */
-	int	have_ssh2_key;
+	int		have_ssh2_key;
 } sensitive_data;
 
 /* This is set to true when a signal is received. */
@@ -486,7 +486,7 @@ destroy_sensitive_data(void)
 void
 demote_sensitive_data(void)
 {
-	Key *tmp;
+	struct sshkey *tmp;
 	int i;
 
 	for (i = 0; i < options.num_host_key_files; i++) {
@@ -686,7 +686,7 @@ list_hostkey_types(void)
 	const char *p;
 	char *ret;
 	int i;
-	Key *key;
+	struct sshkey *key;
 
 	buffer_init(&b);
 	for (i = 0; i < options.num_host_key_files; i++) {
@@ -742,11 +742,11 @@ list_hostkey_types(void)
 	return ret;
 }
 
-static Key *
+static struct sshkey *
 get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
 {
 	int i;
-	Key *key;
+	struct sshkey *key;
 
 	for (i = 0; i < options.num_host_key_files; i++) {
 		switch (type) {
@@ -770,19 +770,19 @@ get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
 	return NULL;
 }
 
-Key *
+struct sshkey *
 get_hostkey_public_by_type(int type, int nid, struct ssh *ssh)
 {
 	return get_hostkey_by_type(type, nid, 0, ssh);
 }
 
-Key *
+struct sshkey *
 get_hostkey_private_by_type(int type, int nid, struct ssh *ssh)
 {
 	return get_hostkey_by_type(type, nid, 1, ssh);
 }
 
-Key *
+struct sshkey *
 get_hostkey_by_index(int ind)
 {
 	if (ind < 0 || ind >= options.num_host_key_files)
@@ -790,7 +790,7 @@ get_hostkey_by_index(int ind)
 	return (sensitive_data.host_keys[ind]);
 }
 
-Key *
+struct sshkey *
 get_hostkey_public_by_index(int ind, struct ssh *ssh)
 {
 	if (ind < 0 || ind >= options.num_host_key_files)
@@ -799,7 +799,7 @@ get_hostkey_public_by_index(int ind, struct ssh *ssh)
 }
 
 int
-get_hostkey_index(Key *key, int compare, struct ssh *ssh)
+get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh)
 {
 	int i;
 
@@ -1366,8 +1366,8 @@ main(int ac, char **av)
 	u_int n;
 	u_int64_t ibytes, obytes;
 	mode_t new_umask;
-	Key *key;
+	struct sshkey *key;
-	Key *pubkey;
+	struct sshkey *pubkey;
 	int keytype;
 	Authctxt *authctxt;
 	struct connection_info *connection_info = get_connection_info(0, 0);
@@ -1655,9 +1655,9 @@ main(int ac, char **av)
 
 	/* load host keys */
 	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
-	    sizeof(Key *));
+	    sizeof(struct sshkey *));
 	sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,
-	    sizeof(Key *));
+	    sizeof(struct sshkey *));
 
 	if (options.host_key_agent) {
 		if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
@@ -1721,7 +1721,7 @@ main(int ac, char **av)
 	 * indices to the public keys that they relate to.
 	 */
 	sensitive_data.host_certificates = xcalloc(options.num_host_key_files,
-	    sizeof(Key *));
+	    sizeof(struct sshkey *));
 	for (i = 0; i < options.num_host_key_files; i++)
 		sensitive_data.host_certificates[i] = NULL;
 
@@ -2109,8 +2109,9 @@ main(int ac, char **av)
 }
 
 int
-sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen,
+sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey,
-    const u_char *data, size_t dlen, const char *alg, u_int flag)
+    u_char **signature, size_t *slen, const u_char *data, size_t dlen,
+    const char *alg, u_int flag)
 {
 	int r;
 	u_int xxx_slen, xxx_dlen = dlen;