most a single error response after the file has been opened. Otherwise the
source() and sink() can become desyncronised. Reported by Daniel Goujot,
Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035
On some platforms (at least older HP-UXes such as 11.11, possibly others)
setting SA_RESTART on signal handers will cause it to not interrupt
select(), at least for calls that do not specify a timeout. Try to
detect this and if found, don't use SA_RESTART.
POSIX says "If SA_RESTART has been set for the interrupting signal, it
is implementation-dependent whether select() restarts or returns with
[EINTR]" so this behaviour is within spec.
hashing in the middleware layer rather than in ssh code. This allows
middlewares that call APIs that perform the hashing implicitly (including
Microsoft's AFAIK). ok markus@
OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
If the config contained 'RDomain %D' on a platform that did not support
it, the error would not be detected until runtime resulting in a broken
sshd. Detect this earlier and error out if found. bz#3126, based on a
patch from jjelen at redhat.com, tweaks and ok djm@
because nothing sets in_non_blocking_mode any more. Patch from
michaael.meeks at collabora.com, ok djm@
OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c
fingerprint of old-format key, key comments were not being displayed. Spotted
by loic AT venez.fr, ok dtucker
OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
comment after regression caused by my recent pubkey loading refactor.
Reported by loic AT venez.fr, ok dtucker@
OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand
if no key was found in a file. Document this order here; bz3134
OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow
.shosts files but not .rhosts. ok dtucker@
OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
In some architecture/libc configurations we need to explicitly include
sys/syscall.h for the syscall number (__NR_xxx) definitions. bz#3085,
patch from blowfist at xroutine.net.
duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key
type check in the ECDSA_CERT parsing path.
feedback and ok markus@
OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
when used for Unix domain socket forwarding. Factor out the code for the
config keywords that use the most common subset of TOKENS into its own
function. bz#3014, ok jmc@ (man page bits) djm@
OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
unencrypted envelope of private key files if not sidecar public key file is
present.
ok markus@
OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
Extracts a public key from the unencrypted envelope of a new-style
OpenSSH private key.
ok markus@
OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
Try new format parser for all key types first, fall back to PEM
parser only for invalid format errors.
ok markus@
OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
Split out the base64 decoding and private section decryption steps in
to separate functions. This will make the decryption step easier to fuzz
as well as making it easier to write a "load public key from new-format
private key" function.
ok markus@
OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
djm@openbsd.org
Darren Tucker
Damien Miller
jmc@openbsd.org
markus@openbsd.org
dtucker@openbsd.org