diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-01-08 10:15:45 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-01-09 00:20:25 +1100 |
| commit | ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf (patch) | |
| tree | 949b24c05f2abd6c848e757a8b2e46a9435e5e8c | |
| parent | 1195f4cb07ef4b0405c839293c38600b3e9bdb46 (diff) | |
upstream commit
reorder hostbased key attempts to better match the
default hostkey algorithms order in myproposal.h; ok markus@
| -rw-r--r-- | ssh.c | 38 |
1 files changed, 19 insertions, 19 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.410 2014/11/18 20:54:28 krw Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.411 2015/01/08 10:15:45 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1149,26 +1149,26 @@ main(int ac, char **av) | |||
| 1149 | PRIV_START; | 1149 | PRIV_START; |
| 1150 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, | 1150 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, |
| 1151 | _PATH_HOST_KEY_FILE, "", NULL, NULL); | 1151 | _PATH_HOST_KEY_FILE, "", NULL, NULL); |
| 1152 | sensitive_data.keys[1] = key_load_private_cert(KEY_DSA, | ||
| 1153 | _PATH_HOST_DSA_KEY_FILE, "", NULL); | ||
| 1154 | #ifdef OPENSSL_HAS_ECC | 1152 | #ifdef OPENSSL_HAS_ECC |
| 1155 | sensitive_data.keys[2] = key_load_private_cert(KEY_ECDSA, | 1153 | sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, |
| 1156 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL); | 1154 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL); |
| 1157 | #endif | 1155 | #endif |
| 1156 | sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519, | ||
| 1157 | _PATH_HOST_ED25519_KEY_FILE, "", NULL); | ||
| 1158 | sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, | 1158 | sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, |
| 1159 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | 1159 | _PATH_HOST_RSA_KEY_FILE, "", NULL); |
| 1160 | sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519, | 1160 | sensitive_data.keys[4] = key_load_private_cert(KEY_DSA, |
| 1161 | _PATH_HOST_ED25519_KEY_FILE, "", NULL); | 1161 | _PATH_HOST_DSA_KEY_FILE, "", NULL); |
| 1162 | sensitive_data.keys[5] = key_load_private_type(KEY_DSA, | ||
| 1163 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); | ||
| 1164 | #ifdef OPENSSL_HAS_ECC | 1162 | #ifdef OPENSSL_HAS_ECC |
| 1165 | sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA, | 1163 | sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, |
| 1166 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); | 1164 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); |
| 1167 | #endif | 1165 | #endif |
| 1166 | sensitive_data.keys[6] = key_load_private_type(KEY_ED25519, | ||
| 1167 | _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); | ||
| 1168 | sensitive_data.keys[7] = key_load_private_type(KEY_RSA, | 1168 | sensitive_data.keys[7] = key_load_private_type(KEY_RSA, |
| 1169 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); | 1169 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); |
| 1170 | sensitive_data.keys[8] = key_load_private_type(KEY_ED25519, | 1170 | sensitive_data.keys[8] = key_load_private_type(KEY_DSA, |
| 1171 | _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); | 1171 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); |
| 1172 | PRIV_END; | 1172 | PRIV_END; |
| 1173 | 1173 | ||
| 1174 | if (options.hostbased_authentication == 1 && | 1174 | if (options.hostbased_authentication == 1 && |
| @@ -1177,26 +1177,26 @@ main(int ac, char **av) | |||
| 1177 | sensitive_data.keys[6] == NULL && | 1177 | sensitive_data.keys[6] == NULL && |
| 1178 | sensitive_data.keys[7] == NULL && | 1178 | sensitive_data.keys[7] == NULL && |
| 1179 | sensitive_data.keys[8] == NULL) { | 1179 | sensitive_data.keys[8] == NULL) { |
| 1180 | sensitive_data.keys[1] = key_load_cert( | ||
| 1181 | _PATH_HOST_DSA_KEY_FILE); | ||
| 1182 | #ifdef OPENSSL_HAS_ECC | 1180 | #ifdef OPENSSL_HAS_ECC |
| 1183 | sensitive_data.keys[2] = key_load_cert( | 1181 | sensitive_data.keys[1] = key_load_cert( |
| 1184 | _PATH_HOST_ECDSA_KEY_FILE); | 1182 | _PATH_HOST_ECDSA_KEY_FILE); |
| 1185 | #endif | 1183 | #endif |
| 1184 | sensitive_data.keys[2] = key_load_cert( | ||
| 1185 | _PATH_HOST_ED25519_KEY_FILE); | ||
| 1186 | sensitive_data.keys[3] = key_load_cert( | 1186 | sensitive_data.keys[3] = key_load_cert( |
| 1187 | _PATH_HOST_RSA_KEY_FILE); | 1187 | _PATH_HOST_RSA_KEY_FILE); |
| 1188 | sensitive_data.keys[4] = key_load_cert( | 1188 | sensitive_data.keys[4] = key_load_cert( |
| 1189 | _PATH_HOST_ED25519_KEY_FILE); | 1189 | _PATH_HOST_DSA_KEY_FILE); |
| 1190 | sensitive_data.keys[5] = key_load_public( | ||
| 1191 | _PATH_HOST_DSA_KEY_FILE, NULL); | ||
| 1192 | #ifdef OPENSSL_HAS_ECC | 1190 | #ifdef OPENSSL_HAS_ECC |
| 1193 | sensitive_data.keys[6] = key_load_public( | 1191 | sensitive_data.keys[5] = key_load_public( |
| 1194 | _PATH_HOST_ECDSA_KEY_FILE, NULL); | 1192 | _PATH_HOST_ECDSA_KEY_FILE, NULL); |
| 1195 | #endif | 1193 | #endif |
| 1194 | sensitive_data.keys[6] = key_load_public( | ||
| 1195 | _PATH_HOST_ED25519_KEY_FILE, NULL); | ||
| 1196 | sensitive_data.keys[7] = key_load_public( | 1196 | sensitive_data.keys[7] = key_load_public( |
| 1197 | _PATH_HOST_RSA_KEY_FILE, NULL); | 1197 | _PATH_HOST_RSA_KEY_FILE, NULL); |
| 1198 | sensitive_data.keys[8] = key_load_public( | 1198 | sensitive_data.keys[8] = key_load_public( |
| 1199 | _PATH_HOST_ED25519_KEY_FILE, NULL); | 1199 | _PATH_HOST_DSA_KEY_FILE, NULL); |
| 1200 | sensitive_data.external_keysign = 1; | 1200 | sensitive_data.external_keysign = 1; |
| 1201 | } | 1201 | } |
| 1202 | } | 1202 | } |