From: Damien Miller Date: Sun, 29 Dec 2013 06:53:39 +0000 (+1100) Subject: - djm@cvs.openbsd.org 2013/12/29 05:42:16 X-Git-Tag: V_6_5_P1~73 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0fa47cfb32c239117632cab41e4db7d3e6de5e91;p=thirdparty%2Fopenssh-portable.git - djm@cvs.openbsd.org 2013/12/29 05:42:16 [ssh.c] don't forget to load Ed25519 certs too --- diff --git a/ChangeLog b/ChangeLog index 3721d3d65..935e9e0a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -63,6 +63,9 @@ - djm@cvs.openbsd.org 2013/12/29 04:35:50 [authfile.c] don't refuse to load Ed25519 certificates + - djm@cvs.openbsd.org 2013/12/29 05:42:16 + [ssh.c] + don't forget to load Ed25519 certs too 20131221 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. diff --git a/ssh.c b/ssh.c index 543a3bafd..5de8fcf43 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.396 2013/12/06 13:39:49 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -993,7 +993,7 @@ main(int ac, char **av) sensitive_data.external_keysign = 0; if (options.rhosts_rsa_authentication || options.hostbased_authentication) { - sensitive_data.nkeys = 8; + sensitive_data.nkeys = 9; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); for (i = 0; i < sensitive_data.nkeys; i++) @@ -1010,24 +1010,26 @@ main(int ac, char **av) #endif sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL); - sensitive_data.keys[4] = key_load_private_type(KEY_DSA, + sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519, + _PATH_HOST_ED25519_KEY_FILE, "", NULL); + sensitive_data.keys[5] = key_load_private_type(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); #ifdef OPENSSL_HAS_ECC - sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, + sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); #endif - sensitive_data.keys[6] = key_load_private_type(KEY_RSA, + sensitive_data.keys[7] = key_load_private_type(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); - sensitive_data.keys[7] = key_load_private_type(KEY_ED25519, + sensitive_data.keys[8] = key_load_private_type(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); PRIV_END; if (options.hostbased_authentication == 1 && sensitive_data.keys[0] == NULL && - sensitive_data.keys[4] == NULL && sensitive_data.keys[5] == NULL && sensitive_data.keys[6] == NULL && - sensitive_data.keys[7] == NULL) { + sensitive_data.keys[7] == NULL && + sensitive_data.keys[8] == NULL) { sensitive_data.keys[1] = key_load_cert( _PATH_HOST_DSA_KEY_FILE); #ifdef OPENSSL_HAS_ECC @@ -1036,15 +1038,17 @@ main(int ac, char **av) #endif sensitive_data.keys[3] = key_load_cert( _PATH_HOST_RSA_KEY_FILE); - sensitive_data.keys[4] = key_load_public( + sensitive_data.keys[4] = key_load_cert( + _PATH_HOST_ED25519_KEY_FILE); + sensitive_data.keys[5] = key_load_public( _PATH_HOST_DSA_KEY_FILE, NULL); #ifdef OPENSSL_HAS_ECC - sensitive_data.keys[5] = key_load_public( + sensitive_data.keys[6] = key_load_public( _PATH_HOST_ECDSA_KEY_FILE, NULL); #endif - sensitive_data.keys[6] = key_load_public( - _PATH_HOST_RSA_KEY_FILE, NULL); sensitive_data.keys[7] = key_load_public( + _PATH_HOST_RSA_KEY_FILE, NULL); + sensitive_data.keys[8] = key_load_public( _PATH_HOST_ED25519_KEY_FILE, NULL); sensitive_data.external_keysign = 1; }