summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog3
-rw-r--r--ssh.c28
2 files changed, 19 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 3721d3d65..935e9e0a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -63,6 +63,9 @@
63 - djm@cvs.openbsd.org 2013/12/29 04:35:50 63 - djm@cvs.openbsd.org 2013/12/29 04:35:50
64 [authfile.c] 64 [authfile.c]
65 don't refuse to load Ed25519 certificates 65 don't refuse to load Ed25519 certificates
66 - djm@cvs.openbsd.org 2013/12/29 05:42:16
67 [ssh.c]
68 don't forget to load Ed25519 certs too
66 69
6720131221 7020131221
68 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. 71 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
diff --git a/ssh.c b/ssh.c
index 543a3bafd..5de8fcf43 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.396 2013/12/06 13:39:49 markus Exp $ */ 1/* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -993,7 +993,7 @@ main(int ac, char **av)
993 sensitive_data.external_keysign = 0; 993 sensitive_data.external_keysign = 0;
994 if (options.rhosts_rsa_authentication || 994 if (options.rhosts_rsa_authentication ||
995 options.hostbased_authentication) { 995 options.hostbased_authentication) {
996 sensitive_data.nkeys = 8; 996 sensitive_data.nkeys = 9;
997 sensitive_data.keys = xcalloc(sensitive_data.nkeys, 997 sensitive_data.keys = xcalloc(sensitive_data.nkeys,
998 sizeof(Key)); 998 sizeof(Key));
999 for (i = 0; i < sensitive_data.nkeys; i++) 999 for (i = 0; i < sensitive_data.nkeys; i++)
@@ -1010,24 +1010,26 @@ main(int ac, char **av)
1010#endif 1010#endif
1011 sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, 1011 sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
1012 _PATH_HOST_RSA_KEY_FILE, "", NULL); 1012 _PATH_HOST_RSA_KEY_FILE, "", NULL);
1013 sensitive_data.keys[4] = key_load_private_type(KEY_DSA, 1013 sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519,
1014 _PATH_HOST_ED25519_KEY_FILE, "", NULL);
1015 sensitive_data.keys[5] = key_load_private_type(KEY_DSA,
1014 _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); 1016 _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
1015#ifdef OPENSSL_HAS_ECC 1017#ifdef OPENSSL_HAS_ECC
1016 sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, 1018 sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA,
1017 _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); 1019 _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
1018#endif 1020#endif
1019 sensitive_data.keys[6] = key_load_private_type(KEY_RSA, 1021 sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
1020 _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); 1022 _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
1021 sensitive_data.keys[7] = key_load_private_type(KEY_ED25519, 1023 sensitive_data.keys[8] = key_load_private_type(KEY_ED25519,
1022 _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); 1024 _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
1023 PRIV_END; 1025 PRIV_END;
1024 1026
1025 if (options.hostbased_authentication == 1 && 1027 if (options.hostbased_authentication == 1 &&
1026 sensitive_data.keys[0] == NULL && 1028 sensitive_data.keys[0] == NULL &&
1027 sensitive_data.keys[4] == NULL &&
1028 sensitive_data.keys[5] == NULL && 1029 sensitive_data.keys[5] == NULL &&
1029 sensitive_data.keys[6] == NULL && 1030 sensitive_data.keys[6] == NULL &&
1030 sensitive_data.keys[7] == NULL) { 1031 sensitive_data.keys[7] == NULL &&
1032 sensitive_data.keys[8] == NULL) {
1031 sensitive_data.keys[1] = key_load_cert( 1033 sensitive_data.keys[1] = key_load_cert(
1032 _PATH_HOST_DSA_KEY_FILE); 1034 _PATH_HOST_DSA_KEY_FILE);
1033#ifdef OPENSSL_HAS_ECC 1035#ifdef OPENSSL_HAS_ECC
@@ -1036,15 +1038,17 @@ main(int ac, char **av)
1036#endif 1038#endif
1037 sensitive_data.keys[3] = key_load_cert( 1039 sensitive_data.keys[3] = key_load_cert(
1038 _PATH_HOST_RSA_KEY_FILE); 1040 _PATH_HOST_RSA_KEY_FILE);
1039 sensitive_data.keys[4] = key_load_public( 1041 sensitive_data.keys[4] = key_load_cert(
1042 _PATH_HOST_ED25519_KEY_FILE);
1043 sensitive_data.keys[5] = key_load_public(
1040 _PATH_HOST_DSA_KEY_FILE, NULL); 1044 _PATH_HOST_DSA_KEY_FILE, NULL);
1041#ifdef OPENSSL_HAS_ECC 1045#ifdef OPENSSL_HAS_ECC
1042 sensitive_data.keys[5] = key_load_public( 1046 sensitive_data.keys[6] = key_load_public(
1043 _PATH_HOST_ECDSA_KEY_FILE, NULL); 1047 _PATH_HOST_ECDSA_KEY_FILE, NULL);
1044#endif 1048#endif
1045 sensitive_data.keys[6] = key_load_public(
1046 _PATH_HOST_RSA_KEY_FILE, NULL);
1047 sensitive_data.keys[7] = key_load_public( 1049 sensitive_data.keys[7] = key_load_public(
1050 _PATH_HOST_RSA_KEY_FILE, NULL);
1051 sensitive_data.keys[8] = key_load_public(
1048 _PATH_HOST_ED25519_KEY_FILE, NULL); 1052 _PATH_HOST_ED25519_KEY_FILE, NULL);
1049 sensitive_data.external_keysign = 1; 1053 sensitive_data.external_keysign = 1;
1050 } 1054 }