- djm@cvs.openbsd.org 2013/12/29 05:42:16
[ssh.c]
don't forget to load Ed25519 certs too
diff --git a/ssh.c b/ssh.c
index 543a3ba..5de8fcf 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.396 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -993,7 +993,7 @@
sensitive_data.external_keysign = 0;
if (options.rhosts_rsa_authentication ||
options.hostbased_authentication) {
- sensitive_data.nkeys = 8;
+ sensitive_data.nkeys = 9;
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
sizeof(Key));
for (i = 0; i < sensitive_data.nkeys; i++)
@@ -1010,24 +1010,26 @@
#endif
sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL);
- sensitive_data.keys[4] = key_load_private_type(KEY_DSA,
+ sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519,
+ _PATH_HOST_ED25519_KEY_FILE, "", NULL);
+ sensitive_data.keys[5] = key_load_private_type(KEY_DSA,
_PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
#ifdef OPENSSL_HAS_ECC
- sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
+ sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA,
_PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
#endif
- sensitive_data.keys[6] = key_load_private_type(KEY_RSA,
+ sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
- sensitive_data.keys[7] = key_load_private_type(KEY_ED25519,
+ sensitive_data.keys[8] = key_load_private_type(KEY_ED25519,
_PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
PRIV_END;
if (options.hostbased_authentication == 1 &&
sensitive_data.keys[0] == NULL &&
- sensitive_data.keys[4] == NULL &&
sensitive_data.keys[5] == NULL &&
sensitive_data.keys[6] == NULL &&
- sensitive_data.keys[7] == NULL) {
+ sensitive_data.keys[7] == NULL &&
+ sensitive_data.keys[8] == NULL) {
sensitive_data.keys[1] = key_load_cert(
_PATH_HOST_DSA_KEY_FILE);
#ifdef OPENSSL_HAS_ECC
@@ -1036,15 +1038,17 @@
#endif
sensitive_data.keys[3] = key_load_cert(
_PATH_HOST_RSA_KEY_FILE);
- sensitive_data.keys[4] = key_load_public(
+ sensitive_data.keys[4] = key_load_cert(
+ _PATH_HOST_ED25519_KEY_FILE);
+ sensitive_data.keys[5] = key_load_public(
_PATH_HOST_DSA_KEY_FILE, NULL);
#ifdef OPENSSL_HAS_ECC
- sensitive_data.keys[5] = key_load_public(
+ sensitive_data.keys[6] = key_load_public(
_PATH_HOST_ECDSA_KEY_FILE, NULL);
#endif
- sensitive_data.keys[6] = key_load_public(
- _PATH_HOST_RSA_KEY_FILE, NULL);
sensitive_data.keys[7] = key_load_public(
+ _PATH_HOST_RSA_KEY_FILE, NULL);
+ sensitive_data.keys[8] = key_load_public(
_PATH_HOST_ED25519_KEY_FILE, NULL);
sensitive_data.external_keysign = 1;
}