bind: Complete loading ed25519 in server

Previously, the support was only partial and if the ed25519 key was the only one, the internal checks were failing the tests. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-11-27 13:21:11 +03:00 · 2018-07-13 16:21:29 +02:00
parent e1d2454dd7
commit c8429113fa
1 changed files with 32 additions and 4 deletions
--- a/src/bind.c
+++ b/src/bind.c
@@ -149,9 +149,10 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {

  if (sshbind->ecdsakey == NULL &&
      sshbind->dsakey == NULL &&
-      sshbind->rsakey == NULL) {
+      sshbind->rsakey == NULL &&
+      sshbind->ed25519key == NULL) {
      ssh_set_error(sshbind, SSH_FATAL,
-                    "ECDSA, DSA, or RSA host key file must be set");
+                    "ECDSA, ED25519, DSA, or RSA host key file must be set");
      return SSH_ERROR;
  }

@@ -223,6 +224,27 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
      }
  }

+  if (sshbind->ed25519 == NULL && sshbind->ed25519key != NULL) {
+      rc = ssh_pki_import_privkey_file(sshbind->ed25519key,
+                                       NULL,
+                                       NULL,
+                                       NULL,
+                                       &sshbind->ed25519);
+      if (rc == SSH_ERROR || rc == SSH_EOF) {
+          ssh_set_error(sshbind, SSH_FATAL,
+                  "Failed to import private ED25519 host key");
+          return SSH_ERROR;
+      }
+
+      if (ssh_key_type(sshbind->ed25519) != SSH_KEYTYPE_ED25519) {
+          ssh_set_error(sshbind, SSH_FATAL,
+                  "The ED25519 host key has the wrong type");
+          ssh_key_free(sshbind->ed25519);
+          sshbind->ed25519 = NULL;
+          return SSH_ERROR;
+      }
+  }
+
  return SSH_OK;
 }

@@ -236,7 +258,10 @@ int ssh_bind_listen(ssh_bind sshbind) {
    return -1;
  }

-  if (sshbind->rsa == NULL && sshbind->dsa == NULL && sshbind->ecdsa == NULL) {
+  if (sshbind->rsa == NULL &&
+      sshbind->dsa == NULL &&
+      sshbind->ecdsa == NULL &&
+      sshbind->ed25519 == NULL) {
      rc = ssh_bind_import_keys(sshbind);
      if (rc != SSH_OK) {
          return SSH_ERROR;
@@ -255,6 +280,7 @@ int ssh_bind_listen(ssh_bind sshbind) {
          sshbind->dsa = NULL;
          ssh_key_free(sshbind->rsa);
          sshbind->rsa = NULL;
+          /* XXX should this clear also other structures that were allocated */
          return -1;
      }

@@ -267,6 +293,7 @@ int ssh_bind_listen(ssh_bind sshbind) {
          sshbind->dsa = NULL;
          ssh_key_free(sshbind->rsa);
          sshbind->rsa = NULL;
+          /* XXX should this clear also other structures that were allocated */
          return -1;
      }

@@ -434,7 +461,8 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
     */
    if (sshbind->rsa == NULL &&
        sshbind->dsa == NULL &&
-        sshbind->ecdsa == NULL) {
+        sshbind->ecdsa == NULL &&
+        sshbind->ed25519 == NULL) {
        rc = ssh_bind_import_keys(sshbind);
        if (rc != SSH_OK) {
            return SSH_ERROR;