From 744bde79c3361e2153cb395a2ecdcee6c713585d Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Thu, 4 May 2017 06:10:57 +0000
Subject: [PATCH] upstream commit

since a couple of people have asked, leave a comment
explaining why we retain SSH v.1 support in the "delete all keys from agent"
path.

Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
---
 authfd.c  | 6 +++++-
 ssh-add.c | 7 ++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/authfd.c b/authfd.c
index 915a6da48..ea664a167 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.102 2017/05/04 06:10:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -575,6 +575,10 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
 /*
  * Removes all identities from the agent.
  * This call is intended only for use by ssh-add(1) and like applications.
+ *
+ * This supports the SSH protocol 1 message to because, when clearing all
+ * keys from an agent, we generally want to clear both protocol v1 and v2
+ * keys.
  */
 int
 ssh_remove_all_identities(int sock, int version)
diff --git a/ssh-add.c b/ssh-add.c
index 37ce56dfd..5f62420f9 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.129 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.130 2017/05/04 06:10:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -161,6 +161,11 @@ delete_all(int agent_fd)
 {
 	int ret = -1;
 
+	/*
+	 * Since the agent might be forwarded, old or non-OpenSSH, when asked
+	 * to remove all keys, attempt to remove both protocol v.1 and v.2
+	 * keys.
+	 */
 	if (ssh_remove_all_identities(agent_fd, 2) == 0)
 		ret = 0;
 	/* ignore error-code for ssh1 */
-- 
2.47.3