remove some unused defines; ok djm@

Check pointer for NULL before attempting to deref. None of the existing
callers seem to do that, but it's worth checking. From Coverity CID
291834, ok djm@

Make sure not to fclose() the same fd twice in case of an error.

ok dtucker@

spelling
ok dtucker@

avoid spurious "Unable to load host key" message when sshd can load a
private key but no public counterpart; with & ok markus@

refactor out some duplicate private key loading code; based on
patch from loic AT venez.fr, ok dtucker@

let sshkey_try_load_public() load public keys from the unencrypted
envelope of private key files if not sidecar public key file is
present.

ok markus@

simplify sshkey_try_load_public()

ok markus@

factor out reading/writing sshbufs to dedicated functions;
feedback and ok markus@

add sshkey_save_public(), to save a public key; ok markus@

move advance_past_options to authfile.c and make it public;
ok markus@

Remove now-redundant perm_ok arg since sshkey_load_private_type will
now return SSH_ERR_KEY_BAD_PERMISSIONS in that case. Patch from
jitendra.sharma at intel.com, ok djm@

support PKCS8 as an optional format for storage of private keys,
enabled via "ssh-keygen -m PKCS8" on operations that save private
keys to disk.

The OpenSSH native key format remains the default, bu

support PKCS8 as an optional format for storage of private keys,
enabled via "ssh-keygen -m PKCS8" on operations that save private
keys to disk.

The OpenSSH native key format remains the default, but PKCS8 is a
superior format to PEM if interoperability with non-OpenSSH software
is required, as it may use a less terrible KDF (IIRC PEM uses a single
round of MD5 as a KDF).

adapted from patch by Jakub Jelen via bz3013; ok markus

show more ...

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

show more ...

In sshkey_in_file(), ignore keys that are considered for being too
short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to
be "in the file". This allows key revocation lists to contain

In sshkey_in_file(), ignore keys that are considered for being too
short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to
be "in the file". This allows key revocation lists to contain short
keys without the entire revocation list being considered invalid.

bz#2897; ok dtucker

show more ...

replace cast with call to sshbuf_mutable_ptr(); ok djm@

switch config file parsing to getline(3) as this avoids static limits
noted by gerhard@; ok dtucker@, djm@

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@

show more ...

remove post-SSHv1 removal dead code from rsa.c and merge the
remaining bit that it still used into ssh-rsa.c; ok markus

Switch to recallocarray() for a few operations. Both growth and shrinkage
are handled safely, and there also is no need for preallocation dances.
Future changes in this area will be less error prone

Switch to recallocarray() for a few operations. Both growth and shrinkage
are handled safely, and there also is no need for preallocation dances.
Future changes in this area will be less error prone.
Review and one bug found by markus

show more ...

revise sshkey_load_public(): remove ssh1 related comments, remove extra
open()/close() on keyfile, prevent leak of 'pub' if 'keyp' is NULL,
replace strlcpy+cat with asprintf; ok djm@

unifdef WITH_SSH1
ok markus@

incorrect renditions of this quote bother me

use sshbuf_allocate() to pre-allocate the buffer used for loading
keys. This avoids implicit realloc inside the buffer code, which
might theoretically leave fragments of the key on the heap. This
doe

use sshbuf_allocate() to pre-allocate the buffer used for loading
keys. This avoids implicit realloc inside the buffer code, which
might theoretically leave fragments of the key on the heap. This
doesn't appear to happen in practice for normal sized keys, but
was observed for novelty oversize ones.

Pointed out by Jann Horn of Project Zero; ok markus@

show more ...

make private key loading functions consistently handle NULL
key pointer arguments; ok markus@