Convert RSA and ECDSA key to the libcrypto EVP_PKEY API. DSA remains
unconverted as it will be removed within six months.

Based on patches originally from Dmitry Belyavskiy, but significantly
rework

Convert RSA and ECDSA key to the libcrypto EVP_PKEY API. DSA remains
unconverted as it will be removed within six months.

Based on patches originally from Dmitry Belyavskiy, but significantly
reworked based on feedback from Bob Beck, Joel Sing and especially
Theo Buehler (apologies to anyone I've missed).

ok tb@

show more ...

make struct sshbuf private and remove an unused field; ok dtucker

revert previous; it was broken (spotted by Theo)

make SSHBUF_DBG/SSHBUF_TELL (off by default and only enabled via
#define) dump to stderr rather than stdout

Add a sshbuf_read() that attempts to read(2) directly in to a
sshbuf; ok markus@

spelling

support for RFC4648 base64url encoding; ok markus

make sshbuf_dump() args const

Fix comment typo. Patch from mforney at mforney.org.

spelling errors in comments; no code change
from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html

factor out reading/writing sshbufs to dedicated functions;
feedback and ok markus@

fixes for !WITH_OPENSSL compilation; ok dtucker@

let sshbuf_find/cmp take a void* for the search/comparison
argument, instead of a u_char*. Saves callers needing to cast.

remove mostly vestigal uuencode.[ch]; moving the only unique
functionality there (wrapping of base64-encoded data) to sshbuf
functions; feedback and ok markus@

two more bounds-checking sshbuf counterparts to common string
operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like)

feedback and ok markus@

add some functions to perform random-access read/write operations
inside buffers with bounds checking. Intended to replace manual
pointer arithmetic wherever possible.

feedback and ok markus@

Make sshpkt_get_bignum2() allocate the bignum it is parsing rather
than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

remove obsolete (SSH v.1) sshbuf_get/put_bignum1 functions

from markus@ ok djm@

remove legacy buffer API emulation layer; ok djm@

lots of typos in comments/docs. Patch from Karsten Weiss after checking
with codespell tool (https://github.com/lucasdemarchi/codespell)

refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace

refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

show more ...

split allocation out of sshbuf_reserve() into a separate
sshbuf_allocate() function; ok markus@

fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of
strdup(sshbuf_ptr()) with better safety checking;
feedback and ok markus@

Fix a couple "the the" typos. ok dtucker@

improve PEEK/POKE macros: better casts, don't multiply evaluate
arguments; ok deraadt@