- djm@cvs.openbsd.org 2013/12/29 05:42:16

author Damien Miller <djm@mindrot.org>

Sun, 29 Dec 2013 06:53:39 +0000 (17:53 +1100)

committer Damien Miller <djm@mindrot.org>

Sun, 29 Dec 2013 06:53:39 +0000 (17:53 +1100)
author Damien Miller <djm@mindrot.org>
Sun, 29 Dec 2013 06:53:39 +0000 (17:53 +1100)
committer Damien Miller <djm@mindrot.org>
Sun, 29 Dec 2013 06:53:39 +0000 (17:53 +1100)
diff --git a/ChangeLog b/ChangeLog

index 3721d3d656c5297acff49f034a3b52b445aae4d8..935e9e0a45c477cf499df8c135349386d76f7242 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -63,6 +63,9 @@
     - djm@cvs.openbsd.org 2013/12/29 04:35:50
       [authfile.c]
       don't refuse to load Ed25519 certificates
+   - djm@cvs.openbsd.org 2013/12/29 05:42:16
+     [ssh.c]
+     don't forget to load Ed25519 certs too
  
  20131221
   - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
diff --git a/ssh.c b/ssh.c

index 543a3bafd509ee4761446d11f5f2d4d37eb5399a..5de8fcf43ff0f49cd592f1d0be13ea4662df645d 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.396 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -993,7 +993,7 @@ main(int ac, char **av)
         sensitive_data.external_keysign = 0;
         if (options.rhosts_rsa_authentication ||
             options.hostbased_authentication) {
-               sensitive_data.nkeys = 8;
+               sensitive_data.nkeys = 9;
                 sensitive_data.keys = xcalloc(sensitive_data.nkeys,
                     sizeof(Key));
                 for (i = 0; i < sensitive_data.nkeys; i++)
@@ -1010,24 +1010,26 @@ main(int ac, char **av)
  #endif
                 sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
                     _PATH_HOST_RSA_KEY_FILE, "", NULL);
-               sensitive_data.keys[4] = key_load_private_type(KEY_DSA,
+               sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519,
+                   _PATH_HOST_ED25519_KEY_FILE, "", NULL);
+               sensitive_data.keys[5] = key_load_private_type(KEY_DSA,
                     _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
  #ifdef OPENSSL_HAS_ECC
-               sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
+               sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA,
                     _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
  #endif
-               sensitive_data.keys[6] = key_load_private_type(KEY_RSA,
+               sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
                     _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
-               sensitive_data.keys[7] = key_load_private_type(KEY_ED25519,
+               sensitive_data.keys[8] = key_load_private_type(KEY_ED25519,
                     _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
                 PRIV_END;
  
                 if (options.hostbased_authentication == 1 &&
                     sensitive_data.keys[0] == NULL &&
-                   sensitive_data.keys[4] == NULL &&
                     sensitive_data.keys[5] == NULL &&
                     sensitive_data.keys[6] == NULL &&
-                   sensitive_data.keys[7] == NULL) {
+                   sensitive_data.keys[7] == NULL &&
+                   sensitive_data.keys[8] == NULL) {
                         sensitive_data.keys[1] = key_load_cert(
                             _PATH_HOST_DSA_KEY_FILE);
  #ifdef OPENSSL_HAS_ECC
@@ -1036,15 +1038,17 @@ main(int ac, char **av)
  #endif
                         sensitive_data.keys[3] = key_load_cert(
                             _PATH_HOST_RSA_KEY_FILE);
-                       sensitive_data.keys[4] = key_load_public(
+                       sensitive_data.keys[4] = key_load_cert(
+                           _PATH_HOST_ED25519_KEY_FILE);
+                       sensitive_data.keys[5] = key_load_public(
                             _PATH_HOST_DSA_KEY_FILE, NULL);
  #ifdef OPENSSL_HAS_ECC
-                       sensitive_data.keys[5] = key_load_public(
+                       sensitive_data.keys[6] = key_load_public(
                             _PATH_HOST_ECDSA_KEY_FILE, NULL);
  #endif
-                       sensitive_data.keys[6] = key_load_public(
-                           _PATH_HOST_RSA_KEY_FILE, NULL);
                         sensitive_data.keys[7] = key_load_public(
+                           _PATH_HOST_RSA_KEY_FILE, NULL);
+                       sensitive_data.keys[8] = key_load_public(
                             _PATH_HOST_ED25519_KEY_FILE, NULL);
                         sensitive_data.external_keysign = 1;
                 }
author	Damien Miller <djm@mindrot.org>
	Sun, 29 Dec 2013 06:53:39 +0000 (17:53 +1100)
committer	Damien Miller <djm@mindrot.org>
	Sun, 29 Dec 2013 06:53:39 +0000 (17:53 +1100)
ChangeLog		patch \| blob \| blame \| history
ssh.c		patch \| blob \| blame \| history