diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-29 17:53:39 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-29 17:53:39 +1100 |
| commit | 0fa47cfb32c239117632cab41e4db7d3e6de5e91 (patch) | |
| tree | 88bb60a8f050ee849271c7849cbb805705ddadcb | |
| parent | b9a95490daa04cc307589897f95bfaff324ad2c9 (diff) | |
- djm@cvs.openbsd.org 2013/12/29 05:42:16
[ssh.c]
don't forget to load Ed25519 certs too
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | ssh.c | 28 |
2 files changed, 19 insertions, 12 deletions
| @@ -63,6 +63,9 @@ | |||
| 63 | - djm@cvs.openbsd.org 2013/12/29 04:35:50 | 63 | - djm@cvs.openbsd.org 2013/12/29 04:35:50 |
| 64 | [authfile.c] | 64 | [authfile.c] |
| 65 | don't refuse to load Ed25519 certificates | 65 | don't refuse to load Ed25519 certificates |
| 66 | - djm@cvs.openbsd.org 2013/12/29 05:42:16 | ||
| 67 | [ssh.c] | ||
| 68 | don't forget to load Ed25519 certs too | ||
| 66 | 69 | ||
| 67 | 20131221 | 70 | 20131221 |
| 68 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. | 71 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.396 2013/12/06 13:39:49 markus Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -993,7 +993,7 @@ main(int ac, char **av) | |||
| 993 | sensitive_data.external_keysign = 0; | 993 | sensitive_data.external_keysign = 0; |
| 994 | if (options.rhosts_rsa_authentication || | 994 | if (options.rhosts_rsa_authentication || |
| 995 | options.hostbased_authentication) { | 995 | options.hostbased_authentication) { |
| 996 | sensitive_data.nkeys = 8; | 996 | sensitive_data.nkeys = 9; |
| 997 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, | 997 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, |
| 998 | sizeof(Key)); | 998 | sizeof(Key)); |
| 999 | for (i = 0; i < sensitive_data.nkeys; i++) | 999 | for (i = 0; i < sensitive_data.nkeys; i++) |
| @@ -1010,24 +1010,26 @@ main(int ac, char **av) | |||
| 1010 | #endif | 1010 | #endif |
| 1011 | sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, | 1011 | sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, |
| 1012 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | 1012 | _PATH_HOST_RSA_KEY_FILE, "", NULL); |
| 1013 | sensitive_data.keys[4] = key_load_private_type(KEY_DSA, | 1013 | sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519, |
| 1014 | _PATH_HOST_ED25519_KEY_FILE, "", NULL); | ||
| 1015 | sensitive_data.keys[5] = key_load_private_type(KEY_DSA, | ||
| 1014 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); | 1016 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); |
| 1015 | #ifdef OPENSSL_HAS_ECC | 1017 | #ifdef OPENSSL_HAS_ECC |
| 1016 | sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, | 1018 | sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA, |
| 1017 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); | 1019 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); |
| 1018 | #endif | 1020 | #endif |
| 1019 | sensitive_data.keys[6] = key_load_private_type(KEY_RSA, | 1021 | sensitive_data.keys[7] = key_load_private_type(KEY_RSA, |
| 1020 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); | 1022 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); |
| 1021 | sensitive_data.keys[7] = key_load_private_type(KEY_ED25519, | 1023 | sensitive_data.keys[8] = key_load_private_type(KEY_ED25519, |
| 1022 | _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); | 1024 | _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); |
| 1023 | PRIV_END; | 1025 | PRIV_END; |
| 1024 | 1026 | ||
| 1025 | if (options.hostbased_authentication == 1 && | 1027 | if (options.hostbased_authentication == 1 && |
| 1026 | sensitive_data.keys[0] == NULL && | 1028 | sensitive_data.keys[0] == NULL && |
| 1027 | sensitive_data.keys[4] == NULL && | ||
| 1028 | sensitive_data.keys[5] == NULL && | 1029 | sensitive_data.keys[5] == NULL && |
| 1029 | sensitive_data.keys[6] == NULL && | 1030 | sensitive_data.keys[6] == NULL && |
| 1030 | sensitive_data.keys[7] == NULL) { | 1031 | sensitive_data.keys[7] == NULL && |
| 1032 | sensitive_data.keys[8] == NULL) { | ||
| 1031 | sensitive_data.keys[1] = key_load_cert( | 1033 | sensitive_data.keys[1] = key_load_cert( |
| 1032 | _PATH_HOST_DSA_KEY_FILE); | 1034 | _PATH_HOST_DSA_KEY_FILE); |
| 1033 | #ifdef OPENSSL_HAS_ECC | 1035 | #ifdef OPENSSL_HAS_ECC |
| @@ -1036,15 +1038,17 @@ main(int ac, char **av) | |||
| 1036 | #endif | 1038 | #endif |
| 1037 | sensitive_data.keys[3] = key_load_cert( | 1039 | sensitive_data.keys[3] = key_load_cert( |
| 1038 | _PATH_HOST_RSA_KEY_FILE); | 1040 | _PATH_HOST_RSA_KEY_FILE); |
| 1039 | sensitive_data.keys[4] = key_load_public( | 1041 | sensitive_data.keys[4] = key_load_cert( |
| 1042 | _PATH_HOST_ED25519_KEY_FILE); | ||
| 1043 | sensitive_data.keys[5] = key_load_public( | ||
| 1040 | _PATH_HOST_DSA_KEY_FILE, NULL); | 1044 | _PATH_HOST_DSA_KEY_FILE, NULL); |
| 1041 | #ifdef OPENSSL_HAS_ECC | 1045 | #ifdef OPENSSL_HAS_ECC |
| 1042 | sensitive_data.keys[5] = key_load_public( | 1046 | sensitive_data.keys[6] = key_load_public( |
| 1043 | _PATH_HOST_ECDSA_KEY_FILE, NULL); | 1047 | _PATH_HOST_ECDSA_KEY_FILE, NULL); |
| 1044 | #endif | 1048 | #endif |
| 1045 | sensitive_data.keys[6] = key_load_public( | ||
| 1046 | _PATH_HOST_RSA_KEY_FILE, NULL); | ||
| 1047 | sensitive_data.keys[7] = key_load_public( | 1049 | sensitive_data.keys[7] = key_load_public( |
| 1050 | _PATH_HOST_RSA_KEY_FILE, NULL); | ||
| 1051 | sensitive_data.keys[8] = key_load_public( | ||
| 1048 | _PATH_HOST_ED25519_KEY_FILE, NULL); | 1052 | _PATH_HOST_ED25519_KEY_FILE, NULL); |
| 1049 | sensitive_data.external_keysign = 1; | 1053 | sensitive_data.external_keysign = 1; |
| 1050 | } | 1054 | } |