From bf219920b70cafbf29ebc9890ef67d0efa54e738 Mon Sep 17 00:00:00 2001
From: "markus@openbsd.org" <markus@openbsd.org>
Date: Wed, 13 Nov 2019 07:53:10 +0000
Subject: upstream: fix shield/unshield for xmss keys: - in ssh-agent we need

to delay the call to shield   until we have received key specific options. -
when serializing xmss keys for shield we need to deal with   all optional
components (e.g. state might not be loaded). ok djm@

OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
---
 sshkey.h | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'sshkey.h')

diff --git a/sshkey.h b/sshkey.h
index 1fb8369f0..a34a4cb48 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.38 2019/11/12 19:33:08 markus Exp $ */
+/* $OpenBSD: sshkey.h,v 1.39 2019/11/13 07:53:10 markus Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -87,9 +87,10 @@ enum sshkey_fp_rep {
 /* Private key serialisation formats, used on the wire */
 enum sshkey_serialize_rep {
 	SSHKEY_SERIALIZE_DEFAULT = 0,
-	SSHKEY_SERIALIZE_STATE = 1,
-	SSHKEY_SERIALIZE_FULL = 2,
-	SSHKEY_SERIALIZE_INFO = 254,
+	SSHKEY_SERIALIZE_STATE = 1,	/* only state is serialized */
+	SSHKEY_SERIALIZE_FULL = 2,	/* include keys for saving to disk */
+	SSHKEY_SERIALIZE_SHIELD = 3,	/* everything, for encrypting in ram */
+	SSHKEY_SERIALIZE_INFO = 254,	/* minimal information */
 };
 
 /* Private key disk formats */
-- 
cgit v1.2.3