1 files changed, 18 insertions, 7 deletions

diff --git a/ssh-keygen.c b/ssh-keygen.c
index ac34f314..030b3684 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.361 2019/11/08 03:54:02 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.362 2019/11/12 19:33:08 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -287,6 +287,10 @@ ask_filename(struct passwd *pw, const char *prompt)
 		case KEY_ED25519_CERT:
 			name = _PATH_SSH_CLIENT_ID_ED25519;
 			break;
+		case KEY_ED25519_SK:
+		case KEY_ED25519_SK_CERT:
+			name = _PATH_SSH_CLIENT_ID_ED25519_SK;
+			break;
 		case KEY_XMSS:
 		case KEY_XMSS_CERT:
 			name = _PATH_SSH_CLIENT_ID_XMSS;
@@ -3255,16 +3259,23 @@ main(int argc, char **argv)
 		printf("Generating public/private %s key pair.\n",
 		    key_type_name);
 	if (type == KEY_ECDSA_SK) {
+	switch (type) {
+	case KEY_ECDSA_SK:
+	case KEY_ED25519_SK:
 #ifndef ENABLE_SK
 		fatal("Security key support was disabled at compile time");
 #else /* ENABLE_SK */
-		if (sshsk_enroll(sk_provider,
-		    cert_key_id == NULL ? "ssh:" : cert_key_id,
-		    sk_flags, NULL, &private, NULL) != 0)
-			exit(1); /* error message already printed */
+		if (sshsk_enroll(type, sk_provider,
+ 		    cert_key_id == NULL ? "ssh:" : cert_key_id,
+ 		    sk_flags, NULL, &private, NULL) != 0)
+ 			exit(1); /* error message already printed */
+		break;
 #endif /* ENABLE_SK */
-	} else if ((r = sshkey_generate(type, bits, &private)) != 0)
-		fatal("sshkey_generate failed");
+	default:
+		if ((r = sshkey_generate(type, bits, &private)) != 0)
+			fatal("sshkey_generate failed");
+		break;
+	}
 	if ((r = sshkey_from_private(private, &public)) != 0)
 		fatal("sshkey_from_private failed: %s\n", ssh_err(r));