===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keysign.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- src/usr.bin/ssh/ssh-keysign.c	2014/12/21 22:27:56	1.44
+++ src/usr.bin/ssh/ssh-keysign.c	2015/01/08 10:14:08	1.45
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.44 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.45 2015/01/08 10:14:08 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -48,6 +48,8 @@
 #include "pathnames.h"
 #include "readconf.h"
 #include "uidswap.h"
+#include "sshkey.h"
+#include "ssherr.h"
 
 /* XXX readconf.c needs these */
 uid_t original_real_uid;
@@ -63,6 +65,8 @@
 	char *pkalg, *p;
 	int pktype, fail;
 
+	if (ret != NULL)
+		*ret = NULL;
 	fail = 0;
 
 	buffer_init(&b);
@@ -147,7 +151,7 @@
 #define NUM_KEYTYPES 4
 	Key *keys[NUM_KEYTYPES], *key = NULL;
 	struct passwd *pw;
-	int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
+	int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
 	u_char *signature, *data;
 	char *host, *fp;
 	u_int slen, dlen;
@@ -198,14 +202,15 @@
 		keys[i] = NULL;
 		if (key_fd[i] == -1)
 			continue;
-#ifdef WITH_OPENSSL
-/* XXX wrong api */
-		keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
-		    NULL, NULL);
-#endif
+		r = sshkey_load_private_type_fd(key_fd[i], KEY_UNSPEC,
+		    NULL, &key, NULL);
 		close(key_fd[i]);
-		if (keys[i] != NULL)
+		if (r != 0)
+			debug("parse key %d: %s", i, ssh_err(r));
+		else if (key != NULL) {
+			keys[i] = key;
 			found = 1;
+		}
 	}
 	if (!found)
 		fatal("no hostkey found");