- djm@cvs.openbsd.org 2013/12/29 02:28:10

     [key.c]
     allow ed25519 keys to appear as certificate authorities

diff --git a/ChangeLog b/ChangeLog
index fe048ae51bf9dfdb192c77197a8e5df9feb83aaf..3a541c8ee62bda0d1910f646962a731dfcf29dff 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,6 +43,9 @@
    - djm@cvs.openbsd.org 2013/12/27 22:37:18
      [ssh-rsa.c]
      correct comment
+   - djm@cvs.openbsd.org 2013/12/29 02:28:10
+     [key.c]
+     allow ed25519 keys to appear as certificate authorities
 
 20131221
  - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.

diff --git a/key.c b/key.c
index 814f9a001df93d3a8afe496b1459376c00894dbf..ec40cb1522e8e27e55d478f0a2a7d97dd146a8fa 100644 (file)
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.110 2013/12/07 00:19:15 djm Exp $ */
+/* $OpenBSD: key.c,v 1.111 2013/12/29 02:28:10 djm Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1481,7 +1481,8 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen)
        }
        if (key->cert->signature_key->type != KEY_RSA &&
            key->cert->signature_key->type != KEY_DSA &&
-           key->cert->signature_key->type != KEY_ECDSA) {
+           key->cert->signature_key->type != KEY_ECDSA &&
+           key->cert->signature_key->type != KEY_ED25519) {
                error("%s: Invalid signature key type %s (%d)", __func__,
                    key_type(key->cert->signature_key),
                    key->cert->signature_key->type);