Description: Make hostbased auth with ECDSA keys work correctly Author: Harv Author: Damien Miller Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1858 Bug-Debian: http://bugs.debian.org/633368 Origin: upstream, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6327 Applied-Upstream: yes Forwarded: not-needed Last-Update: 2011-07-17 Index: b/ssh-keysign.c =================================================================== --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -150,9 +150,10 @@ { Buffer b; Options options; - Key *keys[2], *key = NULL; +#define NUM_KEYTYPES 3 + Key *keys[NUM_KEYTYPES], *key = NULL; struct passwd *pw; - int key_fd[2], i, found, version = 2, fd; + int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; u_char *signature, *data; char *host; u_int slen, dlen; @@ -165,8 +166,10 @@ if (fd > 2) close(fd); - key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); - key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); + i = 0; + key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); original_real_uid = getuid(); /* XXX readconf.c needs this */ if ((pw = getpwuid(original_real_uid)) == NULL) @@ -191,7 +194,11 @@ fatal("ssh-keysign not enabled in %s", _PATH_HOST_CONFIG_FILE); - if (key_fd[0] == -1 && key_fd[1] == -1) + for (i = found = 0; i < NUM_KEYTYPES; i++) { + if (key_fd[i] != -1) + found = 1; + } + if (found == 0) fatal("could not open any host key"); OpenSSL_add_all_algorithms(); @@ -200,7 +207,7 @@ RAND_seed(rnd, sizeof(rnd)); found = 0; - for (i = 0; i < 2; i++) { + for (i = 0; i < NUM_KEYTYPES; i++) { keys[i] = NULL; if (key_fd[i] == -1) continue; @@ -230,7 +237,7 @@ xfree(host); found = 0; - for (i = 0; i < 2; i++) { + for (i = 0; i < NUM_KEYTYPES; i++) { if (keys[i] != NULL && key_equal_public(key, keys[i])) { found = 1;