upstream: fix shield/unshield for xmss keys: - in ssh-agent we need

to delay the call to shield until we have received key specific options. - when serializing xmss keys for shield we need to deal with all optional components (e.g. state might not be loaded). ok djm@ OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
author: markus@openbsd.org <markus@openbsd.org> 2019-11-13 07:53:10 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-15 08:50:10 +1100
commit: bf219920b70cafbf29ebc9890ef67d0efa54e738 (patch)
tree: 58f360f1387c7238a4bc1f8c63cdc5ccbfb88dd5 /sshkey.h
parent: 40598b85d72a509566b7b2a6d57676c7231fed34 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/sshkey.h b/sshkey.h
index 1fb8369f0..a34a4cb48 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.38 2019/11/12 19:33:08 markus Exp $ */
+/* $OpenBSD: sshkey.h,v 1.39 2019/11/13 07:53:10 markus Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -87,9 +87,10 @@ enum sshkey_fp_rep {
 /* Private key serialisation formats, used on the wire */
 enum sshkey_serialize_rep {
        SSHKEY_SERIALIZE_DEFAULT = 0,
-        SSHKEY_SERIALIZE_STATE = 1,
+        SSHKEY_SERIALIZE_STATE = 1,     /* only state is serialized */
-        SSHKEY_SERIALIZE_FULL = 2,
+        SSHKEY_SERIALIZE_FULL = 2,      /* include keys for saving to disk */
-        SSHKEY_SERIALIZE_INFO = 254,
+        SSHKEY_SERIALIZE_SHIELD = 3,    /* everything, for encrypting in ram */
+        SSHKEY_SERIALIZE_INFO = 254,    /* minimal information */
 };
 /* Private key disk formats */
author	markus@openbsd.org <markus@openbsd.org>	2019-11-13 07:53:10 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-15 08:50:10 +1100
commit	bf219920b70cafbf29ebc9890ef67d0efa54e738 (patch)
tree	58f360f1387c7238a4bc1f8c63cdc5ccbfb88dd5 /sshkey.h
parent	40598b85d72a509566b7b2a6d57676c7231fed34 (diff)