summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keygen.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fixed unlink([uninitialised memory]) reported by Mateusz Kocielski;djm2015-08-191-2/+3
| | | | ok markus@
* refuse to generate or accept RSA keys smaller than 1024 bits;djm2015-07-031-3/+3
| | | | feedback and ok dtucker@
* delete support for legacy v00 certificates; "sure" markus@ dtucker@djm2015-07-031-50/+17
|
* wrap all moduli-related code in #ifdef WITH_OPENSSL.djm2015-05-281-39/+52
| | | | | based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
* make ssh-keygen default to ed25519 keys when compiled withoutdjm2015-05-281-2/+8
| | | | OpenSSL; bz#2388, ok dtucker@
* Support "ssh-keygen -lF hostname" to find search known_hosts anddjm2015-05-211-3/+17
| | | | | print key hashes. Already advertised by ssh-keygen(1), but not delivered by code; ok dtucker@
* fix compilation with OPENSSL=no; ok dtucker@djm2015-04-271-2/+6
|
* rename xrealloc() to xreallocarray() since it follows that form.deraadt2015-04-241-2/+2
| | | | ok djm
* use error/logit/fatal instead of fprintf(stderr, ...) and exit(0),djm2015-04-171-153/+94
| | | | | | fix a few errors that were being printed to stdout instead of stderr and a few non-errors that were going to stderr instead of stdout bz#2325; ok dtucker
* Comments are only supported for RSA1 keys. If a user tried to add one andtobias2015-03-311-1/+2
| | | | | | | entered his passphrase, explicitly clear it before exit. This is done in all other error paths, too. ok djm
* for ssh-keygen -A, don't try (and fail) to generatedjm2015-03-231-1/+5
| | | | | | ssh v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled without OpenSSL based on patch by Mike Frysinger; bz#2369
* don't printf NULL key comments; reported by Tom Christensendjm2015-02-261-2/+3
|
* add -v (show ASCII art) to -l's synopsis; ok djm@naddy2015-02-241-2/+2
|
* further silence spurious error message even when -v is specifieddjm2015-02-231-2/+2
| | | | (e.g. to get visual host keys); reported by naddy@
* silence a spurious error message when listing fingerprints fordjm2015-02-231-2/+2
| | | | known_hosts; bz#2342
* Refactor hostkeys_foreach() and dependent codedjm2015-02-161-32/+39
| | | | | | Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
* permit KRLs that revoke certificates by serial number or key IDdjm2015-01-301-11/+15
| | | | without scoping to a particular CA; ok markus@
* missing parentheses after if in do_convert_from() brokedjm2015-01-301-3/+3
| | | | | private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
* update to new API (key_fingerprint => sshkey_fingerprint)djm2015-01-281-4/+14
| | | | | check sshkey_fingerprint return values; ok markus
* djm, your /usr/include tree is oldderaadt2015-01-191-2/+2
|
* some feedback from markus@: comment hostkeys_foreach()djm2015-01-181-10/+11
| | | | context and avoid a member in it.
* make ssh-keygen use hostkeys_foreach(). Removes somedjm2015-01-181-205/+121
| | | | horrendous code; ok markus@
* infer key length correctly when user specified a fully-djm2015-01-181-7/+12
| | | | | qualified key name instead of using the -b bits option; ok markus@
* regression: incorrect error message on otherwise-successfuldjm2015-01-161-3/+3
| | | | ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-6/+6
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* sync ssh-keysign, ssh-keygen and some dependencies to the newdjm2015-01-151-353/+420
| | | | buffer/key API; mostly mechanical, ok markus@
* Add FingerprintHash option to control algorithm used for keydjm2014-12-211-22/+36
| | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* Free resources on error in mkstemp and fdopendoug2014-08-211-1/+3
| | | | ok djm@
* When hashing or removing hosts using ssh-keygen, don't choke ondjm2014-07-031-26/+44
| | | | | @revoked markers and don't remove @cert-authority markers; bz#2241, reported by mlindgren AT runelind.net
* standardise on NI_MAXHOST for gethostname() string lengths; aboutdjm2014-07-031-2/+3
| | | | 1/2 the cases were using it already. Fixes bz#2239 en passant
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-9/+11
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+15
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* buffer_get_string_ptr's return should be const to reminddjm2014-04-281-6/+6
| | | | | callers that futzing with it will futz with the actual buffer contents
* Add support for SSHFP DNS records for ED25519 key types.logan2014-04-201-2/+3
| | | | OK from djm@
* Improve usage() and documentation towards the standard form. In particular,deraadt2014-03-151-49/+28
| | | | | | | this line saves a lot of man page reading time. usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile] ok schwarze jmc
* don't count on things that accept arguments by reference to cleardjm2014-03-121-2/+2
| | | | things for us on error; most things do, but it's unsafe form.
* tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@naddy2014-02-051-2/+2
| | | | while here, fix ordering in usage(); requested by jmc@
* convert memset of potentially-private data to explicit_bzero()djm2014-02-021-17/+17
|
* replace most bzero with explicit_bzero, except a few that cna be memsettedu2014-01-311-2/+2
| | | | ok djm dtucker
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-3/+8
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* new private key format, bcrypt as KDF by default; details in PROTOCOL.key;markus2013-12-061-13/+38
| | | | feedback and lots help from djm; ok djm@
* remove duplicated character ('g') in getopt() string;djm2013-12-061-2/+3
| | | | | document the (few) remaining option characters so we don't have to rummage next time.
* Make code match documentation: relative-specified certificate expiry timedjm2013-10-231-2/+2
| | | | | should be relative to current time and not the validity start time. Reported by Petr Lautrbach; ok deraadt@
* All the instances of arc4random_stir() are bogus, since arc4random()deraadt2013-09-021-6/+1
| | | | | | does this itself, inside itself, and has for a very long time.. Actually, this was probably reducing the entropy available. ok djm
* improve batch processing a bit by making use of the quite flag a bitmikeb2013-08-281-10/+15
| | | | | | | more often and exit with a non zero code if asked to find a hostname in a known_hosts file and it wasn't there; originally from reyk@, ok djm
* another of the same typodjm2013-08-131-2/+2
|
* typo in error message; from Stephan Rickauerdjm2013-08-131-2/+2
|
* More useful error message on missing current user in /etc/passwddjm2013-07-201-2/+2
|
* do_print_resource_record() can never be called with a NULL filename, sodjm2013-07-121-2/+2
| | | | | don't attempt (and bungle) asking for one if it has not been specified bz#2127 ok dtucker@
* fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@djm2013-07-121-3/+4
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.