diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | ssh.c | 28 |
2 files changed, 19 insertions, 12 deletions
@@ -63,6 +63,9 @@ | |||
63 | - djm@cvs.openbsd.org 2013/12/29 04:35:50 | 63 | - djm@cvs.openbsd.org 2013/12/29 04:35:50 |
64 | [authfile.c] | 64 | [authfile.c] |
65 | don't refuse to load Ed25519 certificates | 65 | don't refuse to load Ed25519 certificates |
66 | - djm@cvs.openbsd.org 2013/12/29 05:42:16 | ||
67 | [ssh.c] | ||
68 | don't forget to load Ed25519 certs too | ||
66 | 69 | ||
67 | 20131221 | 70 | 20131221 |
68 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. | 71 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.396 2013/12/06 13:39:49 markus Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -993,7 +993,7 @@ main(int ac, char **av) | |||
993 | sensitive_data.external_keysign = 0; | 993 | sensitive_data.external_keysign = 0; |
994 | if (options.rhosts_rsa_authentication || | 994 | if (options.rhosts_rsa_authentication || |
995 | options.hostbased_authentication) { | 995 | options.hostbased_authentication) { |
996 | sensitive_data.nkeys = 8; | 996 | sensitive_data.nkeys = 9; |
997 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, | 997 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, |
998 | sizeof(Key)); | 998 | sizeof(Key)); |
999 | for (i = 0; i < sensitive_data.nkeys; i++) | 999 | for (i = 0; i < sensitive_data.nkeys; i++) |
@@ -1010,24 +1010,26 @@ main(int ac, char **av) | |||
1010 | #endif | 1010 | #endif |
1011 | sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, | 1011 | sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, |
1012 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | 1012 | _PATH_HOST_RSA_KEY_FILE, "", NULL); |
1013 | sensitive_data.keys[4] = key_load_private_type(KEY_DSA, | 1013 | sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519, |
1014 | _PATH_HOST_ED25519_KEY_FILE, "", NULL); | ||
1015 | sensitive_data.keys[5] = key_load_private_type(KEY_DSA, | ||
1014 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); | 1016 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); |
1015 | #ifdef OPENSSL_HAS_ECC | 1017 | #ifdef OPENSSL_HAS_ECC |
1016 | sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, | 1018 | sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA, |
1017 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); | 1019 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); |
1018 | #endif | 1020 | #endif |
1019 | sensitive_data.keys[6] = key_load_private_type(KEY_RSA, | 1021 | sensitive_data.keys[7] = key_load_private_type(KEY_RSA, |
1020 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); | 1022 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); |
1021 | sensitive_data.keys[7] = key_load_private_type(KEY_ED25519, | 1023 | sensitive_data.keys[8] = key_load_private_type(KEY_ED25519, |
1022 | _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); | 1024 | _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); |
1023 | PRIV_END; | 1025 | PRIV_END; |
1024 | 1026 | ||
1025 | if (options.hostbased_authentication == 1 && | 1027 | if (options.hostbased_authentication == 1 && |
1026 | sensitive_data.keys[0] == NULL && | 1028 | sensitive_data.keys[0] == NULL && |
1027 | sensitive_data.keys[4] == NULL && | ||
1028 | sensitive_data.keys[5] == NULL && | 1029 | sensitive_data.keys[5] == NULL && |
1029 | sensitive_data.keys[6] == NULL && | 1030 | sensitive_data.keys[6] == NULL && |
1030 | sensitive_data.keys[7] == NULL) { | 1031 | sensitive_data.keys[7] == NULL && |
1032 | sensitive_data.keys[8] == NULL) { | ||
1031 | sensitive_data.keys[1] = key_load_cert( | 1033 | sensitive_data.keys[1] = key_load_cert( |
1032 | _PATH_HOST_DSA_KEY_FILE); | 1034 | _PATH_HOST_DSA_KEY_FILE); |
1033 | #ifdef OPENSSL_HAS_ECC | 1035 | #ifdef OPENSSL_HAS_ECC |
@@ -1036,15 +1038,17 @@ main(int ac, char **av) | |||
1036 | #endif | 1038 | #endif |
1037 | sensitive_data.keys[3] = key_load_cert( | 1039 | sensitive_data.keys[3] = key_load_cert( |
1038 | _PATH_HOST_RSA_KEY_FILE); | 1040 | _PATH_HOST_RSA_KEY_FILE); |
1039 | sensitive_data.keys[4] = key_load_public( | 1041 | sensitive_data.keys[4] = key_load_cert( |
1042 | _PATH_HOST_ED25519_KEY_FILE); | ||
1043 | sensitive_data.keys[5] = key_load_public( | ||
1040 | _PATH_HOST_DSA_KEY_FILE, NULL); | 1044 | _PATH_HOST_DSA_KEY_FILE, NULL); |
1041 | #ifdef OPENSSL_HAS_ECC | 1045 | #ifdef OPENSSL_HAS_ECC |
1042 | sensitive_data.keys[5] = key_load_public( | 1046 | sensitive_data.keys[6] = key_load_public( |
1043 | _PATH_HOST_ECDSA_KEY_FILE, NULL); | 1047 | _PATH_HOST_ECDSA_KEY_FILE, NULL); |
1044 | #endif | 1048 | #endif |
1045 | sensitive_data.keys[6] = key_load_public( | ||
1046 | _PATH_HOST_RSA_KEY_FILE, NULL); | ||
1047 | sensitive_data.keys[7] = key_load_public( | 1049 | sensitive_data.keys[7] = key_load_public( |
1050 | _PATH_HOST_RSA_KEY_FILE, NULL); | ||
1051 | sensitive_data.keys[8] = key_load_public( | ||
1048 | _PATH_HOST_ED25519_KEY_FILE, NULL); | 1052 | _PATH_HOST_ED25519_KEY_FILE, NULL); |
1049 | sensitive_data.external_keysign = 1; | 1053 | sensitive_data.external_keysign = 1; |
1050 | } | 1054 | } |