diff options
| author |   markus <markus@openbsd.org> | 2019-11-13 07:53:10 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2019-11-13 07:53:10 +0000 |
| commit | d3c68393d78899c96f18a7d321d9ac2085c47a51 (patch) | |
| tree | e50ddc2992903346b2a084c5b7230f52cc83ffc1 /usr.bin/ssh/ssh-agent.c | |
| parent | drm/i915/cmdparser: Fix jump whitelist clearing (diff) | |
| download | wireguard-openbsd-d3c68393d78899c96f18a7d321d9ac2085c47a51.tar.xz wireguard-openbsd-d3c68393d78899c96f18a7d321d9ac2085c47a51.zip | |
fix shield/unshield for xmss keys:
- in ssh-agent we need to delay the call to shield
until we have received key specific options.
- when serializing xmss keys for shield we need to deal with
all optional components (e.g. state might not be loaded).
ok djm@
Diffstat (limited to 'usr.bin/ssh/ssh-agent.c')
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index cd9d9997cef..ed4bbbe1c21 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.241 2019/11/12 22:36:44 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.242 2019/11/13 07:53:10 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -545,10 +545,6 @@ process_add_identity(SocketEntry *e) error("%s: decode private key: %s", __func__, ssh_err(r)); goto err; } - if ((r = sshkey_shield_private(k)) != 0) { - error("%s: shield private key: %s", __func__, ssh_err(r)); - goto err; - } while (sshbuf_len(e->request)) { if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { error("%s: buffer error: %s", __func__, ssh_err(r)); @@ -630,6 +626,10 @@ process_add_identity(SocketEntry *e) goto send; } } + if ((r = sshkey_shield_private(k)) != 0) { + error("%s: shield private key: %s", __func__, ssh_err(r)); + goto err; + } success = 1; if (lifetime && !death) |