diff options
author | markus@openbsd.org <markus@openbsd.org> | 2019-11-13 07:53:10 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-15 08:50:10 +1100 |
commit | bf219920b70cafbf29ebc9890ef67d0efa54e738 (patch) | |
tree | 58f360f1387c7238a4bc1f8c63cdc5ccbfb88dd5 /ssh-agent.c | |
parent | 40598b85d72a509566b7b2a6d57676c7231fed34 (diff) |
upstream: fix shield/unshield for xmss keys: - in ssh-agent we need
to delay the call to shield until we have received key specific options. -
when serializing xmss keys for shield we need to deal with all optional
components (e.g. state might not be loaded). ok djm@
OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index eb17b18b2..c62c263a6 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.241 2019/11/12 22:36:44 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.242 2019/11/13 07:53:10 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -560,10 +560,6 @@ process_add_identity(SocketEntry *e) | |||
560 | error("%s: decode private key: %s", __func__, ssh_err(r)); | 560 | error("%s: decode private key: %s", __func__, ssh_err(r)); |
561 | goto err; | 561 | goto err; |
562 | } | 562 | } |
563 | if ((r = sshkey_shield_private(k)) != 0) { | ||
564 | error("%s: shield private key: %s", __func__, ssh_err(r)); | ||
565 | goto err; | ||
566 | } | ||
567 | while (sshbuf_len(e->request)) { | 563 | while (sshbuf_len(e->request)) { |
568 | if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { | 564 | if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { |
569 | error("%s: buffer error: %s", __func__, ssh_err(r)); | 565 | error("%s: buffer error: %s", __func__, ssh_err(r)); |
@@ -645,6 +641,10 @@ process_add_identity(SocketEntry *e) | |||
645 | goto send; | 641 | goto send; |
646 | } | 642 | } |
647 | } | 643 | } |
644 | if ((r = sshkey_shield_private(k)) != 0) { | ||
645 | error("%s: shield private key: %s", __func__, ssh_err(r)); | ||
646 | goto err; | ||
647 | } | ||
648 | 648 | ||
649 | success = 1; | 649 | success = 1; |
650 | if (lifetime && !death) | 650 | if (lifetime && !death) |