diff options
author | markus@openbsd.org <markus@openbsd.org> | 2018-02-23 15:58:37 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-02-26 11:40:41 +1100 |
commit | 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 (patch) | |
tree | 7e96cb41b5234b9d327f7c8f41392f09aed0994e /ssh-agent.c | |
parent | 7d330a1ac02076de98cfc8fda05353d57b603755 (diff) |
upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@
OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 39888a72c..2a4578b03 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.227 2018/01/23 05:27:21 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.228 2018/02/23 15:58:37 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -245,7 +245,8 @@ process_request_identities(SocketEntry *e) | |||
245 | (r = sshbuf_put_u32(msg, idtab->nentries)) != 0) | 245 | (r = sshbuf_put_u32(msg, idtab->nentries)) != 0) |
246 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 246 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
247 | TAILQ_FOREACH(id, &idtab->idlist, next) { | 247 | TAILQ_FOREACH(id, &idtab->idlist, next) { |
248 | if ((r = sshkey_puts(id->key, msg)) != 0 || | 248 | if ((r = sshkey_puts_opts(id->key, msg, SSHKEY_SERIALIZE_INFO)) |
249 | != 0 || | ||
249 | (r = sshbuf_put_cstring(msg, id->comment)) != 0) { | 250 | (r = sshbuf_put_cstring(msg, id->comment)) != 0) { |
250 | error("%s: put key/comment: %s", __func__, | 251 | error("%s: put key/comment: %s", __func__, |
251 | ssh_err(r)); | 252 | ssh_err(r)); |
@@ -402,7 +403,7 @@ process_add_identity(SocketEntry *e) | |||
402 | { | 403 | { |
403 | Identity *id; | 404 | Identity *id; |
404 | int success = 0, confirm = 0; | 405 | int success = 0, confirm = 0; |
405 | u_int seconds; | 406 | u_int seconds, maxsign; |
406 | char *comment = NULL; | 407 | char *comment = NULL; |
407 | time_t death = 0; | 408 | time_t death = 0; |
408 | struct sshkey *k = NULL; | 409 | struct sshkey *k = NULL; |
@@ -433,6 +434,18 @@ process_add_identity(SocketEntry *e) | |||
433 | case SSH_AGENT_CONSTRAIN_CONFIRM: | 434 | case SSH_AGENT_CONSTRAIN_CONFIRM: |
434 | confirm = 1; | 435 | confirm = 1; |
435 | break; | 436 | break; |
437 | case SSH_AGENT_CONSTRAIN_MAXSIGN: | ||
438 | if ((r = sshbuf_get_u32(e->request, &maxsign)) != 0) { | ||
439 | error("%s: bad maxsign constraint: %s", | ||
440 | __func__, ssh_err(r)); | ||
441 | goto err; | ||
442 | } | ||
443 | if ((r = sshkey_enable_maxsign(k, maxsign)) != 0) { | ||
444 | error("%s: cannot enable maxsign: %s", | ||
445 | __func__, ssh_err(r)); | ||
446 | goto err; | ||
447 | } | ||
448 | break; | ||
436 | default: | 449 | default: |
437 | error("%s: Unknown constraint %d", __func__, ctype); | 450 | error("%s: Unknown constraint %d", __func__, ctype); |
438 | err: | 451 | err: |
@@ -448,14 +461,15 @@ process_add_identity(SocketEntry *e) | |||
448 | death = monotime() + lifetime; | 461 | death = monotime() + lifetime; |
449 | if ((id = lookup_identity(k)) == NULL) { | 462 | if ((id = lookup_identity(k)) == NULL) { |
450 | id = xcalloc(1, sizeof(Identity)); | 463 | id = xcalloc(1, sizeof(Identity)); |
451 | id->key = k; | ||
452 | TAILQ_INSERT_TAIL(&idtab->idlist, id, next); | 464 | TAILQ_INSERT_TAIL(&idtab->idlist, id, next); |
453 | /* Increment the number of identities. */ | 465 | /* Increment the number of identities. */ |
454 | idtab->nentries++; | 466 | idtab->nentries++; |
455 | } else { | 467 | } else { |
456 | sshkey_free(k); | 468 | /* key state might have been updated */ |
469 | sshkey_free(id->key); | ||
457 | free(id->comment); | 470 | free(id->comment); |
458 | } | 471 | } |
472 | id->key = k; | ||
459 | id->comment = comment; | 473 | id->comment = comment; |
460 | id->death = death; | 474 | id->death = death; |
461 | id->confirm = confirm; | 475 | id->confirm = confirm; |