From 0fa47cfb32c239117632cab41e4db7d3e6de5e91 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 29 Dec 2013 17:53:39 +1100
Subject:    - djm@cvs.openbsd.org 2013/12/29 05:42:16      [ssh.c]      don't
 forget to load Ed25519 certs too

---
 ChangeLog |  3 +++
 ssh.c     | 28 ++++++++++++++++------------
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3721d3d65..935e9e0a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -63,6 +63,9 @@
    - djm@cvs.openbsd.org 2013/12/29 04:35:50
      [authfile.c]
      don't refuse to load Ed25519 certificates
+   - djm@cvs.openbsd.org 2013/12/29 05:42:16
+     [ssh.c]
+     don't forget to load Ed25519 certs too
 
 20131221
  - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
diff --git a/ssh.c b/ssh.c
index 543a3bafd..5de8fcf43 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.396 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -993,7 +993,7 @@ main(int ac, char **av)
 	sensitive_data.external_keysign = 0;
 	if (options.rhosts_rsa_authentication ||
 	    options.hostbased_authentication) {
-		sensitive_data.nkeys = 8;
+		sensitive_data.nkeys = 9;
 		sensitive_data.keys = xcalloc(sensitive_data.nkeys,
 		    sizeof(Key));
 		for (i = 0; i < sensitive_data.nkeys; i++)
@@ -1010,24 +1010,26 @@ main(int ac, char **av)
 #endif
 		sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
 		    _PATH_HOST_RSA_KEY_FILE, "", NULL);
-		sensitive_data.keys[4] = key_load_private_type(KEY_DSA,
+		sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519,
+		    _PATH_HOST_ED25519_KEY_FILE, "", NULL);
+		sensitive_data.keys[5] = key_load_private_type(KEY_DSA,
 		    _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
 #ifdef OPENSSL_HAS_ECC
-		sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
+		sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA,
 		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
 #endif
-		sensitive_data.keys[6] = key_load_private_type(KEY_RSA,
+		sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
 		    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
-		sensitive_data.keys[7] = key_load_private_type(KEY_ED25519,
+		sensitive_data.keys[8] = key_load_private_type(KEY_ED25519,
 		    _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
 		PRIV_END;
 
 		if (options.hostbased_authentication == 1 &&
 		    sensitive_data.keys[0] == NULL &&
-		    sensitive_data.keys[4] == NULL &&
 		    sensitive_data.keys[5] == NULL &&
 		    sensitive_data.keys[6] == NULL &&
-		    sensitive_data.keys[7] == NULL) {
+		    sensitive_data.keys[7] == NULL &&
+		    sensitive_data.keys[8] == NULL) {
 			sensitive_data.keys[1] = key_load_cert(
 			    _PATH_HOST_DSA_KEY_FILE);
 #ifdef OPENSSL_HAS_ECC
@@ -1036,15 +1038,17 @@ main(int ac, char **av)
 #endif
 			sensitive_data.keys[3] = key_load_cert(
 			    _PATH_HOST_RSA_KEY_FILE);
-			sensitive_data.keys[4] = key_load_public(
+			sensitive_data.keys[4] = key_load_cert(
+			    _PATH_HOST_ED25519_KEY_FILE);
+			sensitive_data.keys[5] = key_load_public(
 			    _PATH_HOST_DSA_KEY_FILE, NULL);
 #ifdef OPENSSL_HAS_ECC
-			sensitive_data.keys[5] = key_load_public(
+			sensitive_data.keys[6] = key_load_public(
 			    _PATH_HOST_ECDSA_KEY_FILE, NULL);
 #endif
-			sensitive_data.keys[6] = key_load_public(
-			    _PATH_HOST_RSA_KEY_FILE, NULL);
 			sensitive_data.keys[7] = key_load_public(
+			    _PATH_HOST_RSA_KEY_FILE, NULL);
+			sensitive_data.keys[8] = key_load_public(
 			    _PATH_HOST_ED25519_KEY_FILE, NULL);
 			sensitive_data.external_keysign = 1;
 		}
-- 
cgit v1.2.3