summaryrefslogtreecommitdiff
path: root/ssh.c
diff options
context:
space:
mode:
authormarkus@openbsd.org <markus@openbsd.org>2018-02-23 15:58:37 +0000
committerDamien Miller <djm@mindrot.org>2018-02-26 11:40:41 +1100
commit1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 (patch)
tree7e96cb41b5234b9d327f7c8f41392f09aed0994e /ssh.c
parent7d330a1ac02076de98cfc8fda05353d57b603755 (diff)
upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
Diffstat (limited to 'ssh.c')
-rw-r--r--ssh.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/ssh.c b/ssh.c
index fa57290be..d3619fe29 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.474 2018/02/23 02:34:33 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.475 2018/02/23 15:58:38 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1384,7 +1384,7 @@ main(int ac, char **av)
1384 sensitive_data.keys = NULL; 1384 sensitive_data.keys = NULL;
1385 sensitive_data.external_keysign = 0; 1385 sensitive_data.external_keysign = 0;
1386 if (options.hostbased_authentication) { 1386 if (options.hostbased_authentication) {
1387 sensitive_data.nkeys = 9; 1387 sensitive_data.nkeys = 11;
1388 sensitive_data.keys = xcalloc(sensitive_data.nkeys, 1388 sensitive_data.keys = xcalloc(sensitive_data.nkeys,
1389 sizeof(struct sshkey)); /* XXX */ 1389 sizeof(struct sshkey)); /* XXX */
1390 for (i = 0; i < sensitive_data.nkeys; i++) 1390 for (i = 0; i < sensitive_data.nkeys; i++)
@@ -1411,6 +1411,10 @@ main(int ac, char **av)
1411 _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); 1411 _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
1412 sensitive_data.keys[8] = key_load_private_type(KEY_DSA, 1412 sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
1413 _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); 1413 _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
1414 sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS,
1415 _PATH_HOST_XMSS_KEY_FILE, "", NULL);
1416 sensitive_data.keys[10] = key_load_private_type(KEY_XMSS,
1417 _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL);
1414 PRIV_END; 1418 PRIV_END;
1415 1419
1416 if (options.hostbased_authentication == 1 && 1420 if (options.hostbased_authentication == 1 &&
@@ -1418,7 +1422,8 @@ main(int ac, char **av)
1418 sensitive_data.keys[5] == NULL && 1422 sensitive_data.keys[5] == NULL &&
1419 sensitive_data.keys[6] == NULL && 1423 sensitive_data.keys[6] == NULL &&
1420 sensitive_data.keys[7] == NULL && 1424 sensitive_data.keys[7] == NULL &&
1421 sensitive_data.keys[8] == NULL) { 1425 sensitive_data.keys[8] == NULL &&
1426 sensitive_data.keys[9] == NULL) {
1422#ifdef OPENSSL_HAS_ECC 1427#ifdef OPENSSL_HAS_ECC
1423 sensitive_data.keys[1] = key_load_cert( 1428 sensitive_data.keys[1] = key_load_cert(
1424 _PATH_HOST_ECDSA_KEY_FILE); 1429 _PATH_HOST_ECDSA_KEY_FILE);
@@ -1439,6 +1444,10 @@ main(int ac, char **av)
1439 _PATH_HOST_RSA_KEY_FILE, NULL); 1444 _PATH_HOST_RSA_KEY_FILE, NULL);
1440 sensitive_data.keys[8] = key_load_public( 1445 sensitive_data.keys[8] = key_load_public(
1441 _PATH_HOST_DSA_KEY_FILE, NULL); 1446 _PATH_HOST_DSA_KEY_FILE, NULL);
1447 sensitive_data.keys[9] = key_load_cert(
1448 _PATH_HOST_XMSS_KEY_FILE);
1449 sensitive_data.keys[10] = key_load_public(
1450 _PATH_HOST_XMSS_KEY_FILE, NULL);
1442 sensitive_data.external_keysign = 1; 1451 sensitive_data.external_keysign = 1;
1443 } 1452 }
1444 } 1453 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 09:14:49 +0000