summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
authormarkus@openbsd.org <markus@openbsd.org>2019-11-13 07:53:10 +0000
committerDamien Miller <djm@mindrot.org>2019-11-15 08:50:10 +1100
commitbf219920b70cafbf29ebc9890ef67d0efa54e738 (patch)
tree58f360f1387c7238a4bc1f8c63cdc5ccbfb88dd5 /ssh-agent.c
parent40598b85d72a509566b7b2a6d57676c7231fed34 (diff)
upstream: fix shield/unshield for xmss keys: - in ssh-agent we need
to delay the call to shield until we have received key specific options. - when serializing xmss keys for shield we need to deal with all optional components (e.g. state might not be loaded). ok djm@ OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index eb17b18b2..c62c263a6 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.241 2019/11/12 22:36:44 djm Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.242 2019/11/13 07:53:10 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -560,10 +560,6 @@ process_add_identity(SocketEntry *e)
560 error("%s: decode private key: %s", __func__, ssh_err(r)); 560 error("%s: decode private key: %s", __func__, ssh_err(r));
561 goto err; 561 goto err;
562 } 562 }
563 if ((r = sshkey_shield_private(k)) != 0) {
564 error("%s: shield private key: %s", __func__, ssh_err(r));
565 goto err;
566 }
567 while (sshbuf_len(e->request)) { 563 while (sshbuf_len(e->request)) {
568 if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { 564 if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) {
569 error("%s: buffer error: %s", __func__, ssh_err(r)); 565 error("%s: buffer error: %s", __func__, ssh_err(r));
@@ -645,6 +641,10 @@ process_add_identity(SocketEntry *e)
645 goto send; 641 goto send;
646 } 642 }
647 } 643 }
644 if ((r = sshkey_shield_private(k)) != 0) {
645 error("%s: shield private key: %s", __func__, ssh_err(r));
646 goto err;
647 }
648 648
649 success = 1; 649 success = 1;
650 if (lifetime && !death) 650 if (lifetime && !death)