don't forget to load Ed25519 certs too

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 7291734..e0950c2 100644 (file)
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.396 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -961,7 +961,7 @@ main(int ac, char **av)
        sensitive_data.external_keysign = 0;
        if (options.rhosts_rsa_authentication ||
            options.hostbased_authentication) {
-               sensitive_data.nkeys = 8;
+               sensitive_data.nkeys = 9;
                sensitive_data.keys = xcalloc(sensitive_data.nkeys,
                    sizeof(Key));
 
@@ -974,35 +974,39 @@ main(int ac, char **av)
                    _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
                sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
                    _PATH_HOST_RSA_KEY_FILE, "", NULL);
-               sensitive_data.keys[4] = key_load_private_type(KEY_DSA,
+               sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519,
+                   _PATH_HOST_ED25519_KEY_FILE, "", NULL);
+               sensitive_data.keys[5] = key_load_private_type(KEY_DSA,
                    _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
-               sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
+               sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA,
                    _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
-               sensitive_data.keys[6] = key_load_private_type(KEY_RSA,
+               sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
                    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
-               sensitive_data.keys[7] = key_load_private_type(KEY_ED25519,
+               sensitive_data.keys[8] = key_load_private_type(KEY_ED25519,
                    _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
                PRIV_END;
 
                if (options.hostbased_authentication == 1 &&
                    sensitive_data.keys[0] == NULL &&
-                   sensitive_data.keys[4] == NULL &&
                    sensitive_data.keys[5] == NULL &&
                    sensitive_data.keys[6] == NULL &&
-                   sensitive_data.keys[7] == NULL) {
+                   sensitive_data.keys[7] == NULL &&
+                   sensitive_data.keys[8] == NULL) {
                        sensitive_data.keys[1] = key_load_cert(
                            _PATH_HOST_DSA_KEY_FILE);
                        sensitive_data.keys[2] = key_load_cert(
                            _PATH_HOST_ECDSA_KEY_FILE);
                        sensitive_data.keys[3] = key_load_cert(
                            _PATH_HOST_RSA_KEY_FILE);
-                       sensitive_data.keys[4] = key_load_public(
-                           _PATH_HOST_DSA_KEY_FILE, NULL);
+                       sensitive_data.keys[4] = key_load_cert(
+                           _PATH_HOST_ED25519_KEY_FILE);
                        sensitive_data.keys[5] = key_load_public(
-                           _PATH_HOST_ECDSA_KEY_FILE, NULL);
+                           _PATH_HOST_DSA_KEY_FILE, NULL);
                        sensitive_data.keys[6] = key_load_public(
-                           _PATH_HOST_RSA_KEY_FILE, NULL);
+                           _PATH_HOST_ECDSA_KEY_FILE, NULL);
                        sensitive_data.keys[7] = key_load_public(
+                           _PATH_HOST_RSA_KEY_FILE, NULL);
+                       sensitive_data.keys[8] = key_load_public(
                            _PATH_HOST_ED25519_KEY_FILE, NULL);
                        sensitive_data.external_keysign = 1;
                }