summaryrefslogtreecommitdiff
path: root/key.c
AgeCommit message (Collapse)Author
2008-06-13 - grunk@cvs.openbsd.org 2008/06/11 21:01:35Darren Tucker
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c sshconnect.c] Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@
2008-02-28 - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSLDarren Tucker
compat glue into openssl-compat.h.
2007-08-08 - ray@cvs.openbsd.org 2007/07/12 05:48:05Damien Miller
[key.c] Delint: remove some unreachable statements, from Bret Lambert. OK markus@ and dtucker@.
2006-11-07 - markus@cvs.openbsd.org 2006/11/06 21:25:28Darren Tucker
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] add missing checks for openssl return codes; with & ok djm@
2006-09-01 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
2006-08-05 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 - stevesk@cvs.openbsd.org 2006/08/01 23:22:48Damien Miller
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h
2006-07-24 - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 00:05:41Damien Miller
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] [xmalloc.c xmalloc.h] introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/20 17:13:16Damien Miller
[key.c] djm did a typo
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/20 17:10:19Damien Miller
[auth.c key.c misc.c packet.c ssh-add.c] in a switch (), break after return or goto is stupid
2006-03-26 - djm@cvs.openbsd.org 2006/03/20 11:38:46Damien Miller
[key.c] (really) last of the Coverity diffs: avoid possible NULL deref in key_free. via elad AT netbsd.org; markus@ ok
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
2005-06-17 - djm@cvs.openbsd.org 2005/06/17 02:44:33Damien Miller
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean
2004-11-05 - djm@cvs.openbsd.org 2004/10/29 23:57:05Darren Tucker
[key.c] use new buffer API to avoid fatal errors on corrupt keys in authorized_keys files; ok markus@
2004-08-12 - markus@cvs.openbsd.org 2004/07/28 09:40:29Darren Tucker
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/
2003-11-17 - jakob@cvs.openbsd.org 2003/11/10 16:23:41Damien Miller
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c] [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c] [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h] constify. ok markus@ & djm@
2003-07-14 - avsm@cvs.openbsd.org 2003/07/09 13:58:19Darren Tucker
[key.c] minor tweak: when generating the hex fingerprint, give strlcat the full bound to the buffer, and add a comment below explaining why the zero-termination is one less than the bound. markus@ ok
2003-06-28 - markus@cvs.openbsd.org 2003/06/24 08:23:46Darren Tucker
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] int -> u_int; ok djm@, deraadt@, mouring@
2003-05-15 - jakob@cvs.openbsd.org 2003/05/14 18:16:20Damien Miller
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c] [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c] add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
2003-02-24 - markus@cvs.openbsd.org 2003/02/12 09:33:04Damien Miller
[key.c key.h ssh-dss.c ssh-rsa.c] merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@
2003-02-24 - markus@cvs.openbsd.org 2003/02/04 09:32:08Damien Miller
[key.c] better debug3 message
2002-09-12 - markus@cvs.openbsd.org 2002/09/09 14:54:15Damien Miller
[channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] signed vs unsigned from -pedantic; ok henning@
2002-07-07 - markus@cvs.openbsd.org 2002/07/04 10:41:47Ben Lindstrom
[key.c monitor_wrap.c ssh-dss.c ssh-rsa.c] don't allocate, copy, and discard if there is not interested in the data; ok deraadt@
2002-07-07 - deraadt@cvs.openbsd.org 2002/07/04 04:15:33Ben Lindstrom
[key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c] patch memory leaks; grendel@zeitbombe.org
2002-07-04 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45Ben Lindstrom
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c sshconnect2.c sshd.c] minor KNF
2002-06-23 - deraadt@cvs.openbsd.org 2002/06/23 03:26:19Ben Lindstrom
[cipher.c key.c] KNF
2002-06-06 - markus@cvs.openbsd.org 2002/05/31 13:16:48Ben Lindstrom
[key.c] add comment: key_verify returns 1 for a correct signature, 0 for an incorrect signature and -1 on error.
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 10:49:35Ben Lindstrom
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c ttymodes.c] KNF whitespace
2002-03-22 - markus@cvs.openbsd.org 2002/03/18 17:23:31Ben Lindstrom
[key.c key.h] add key_demote() for ssh-privsep
2002-03-13Stupid djm commits experimental code to head instead of branchDamien Miller
revert
2002-03-13Import of Niels Provos' 20020312 ssh-complete.diffDamien Miller
PAM, Cygwin and OSF SIA will not work for sure
2002-03-05 - markus@cvs.openbsd.org 2002/02/28 15:46:33Ben Lindstrom
[authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c] add some const EVP_MD for openssl-0.9.7
2002-02-26 - markus@cvs.openbsd.org 2002/02/24 19:14:59Ben Lindstrom
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c] signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-05 - markus@cvs.openbsd.org 2002/01/25 22:07:40Damien Miller
[kex.c kexdh.c kexgex.c key.c mac.c] use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@
2002-01-22 - markus@cvs.openbsd.org 2001/12/27 18:22:16Damien Miller
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c] call fatal() for openssl allocation failures
2002-01-22 - markus@cvs.openbsd.org 2001/12/25 18:49:56Damien Miller
[key.c] be more careful on allocation
2001-12-21 - deraadt@cvs.openbsd.org 2001/12/19 07:18:56Damien Miller
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
2001-12-06 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12Ben Lindstrom
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c] minor KNF
2001-12-06 - markus@cvs.openbsd.org 2001/11/21 15:51:24Ben Lindstrom
[key.c] mem leak
2001-10-10 - markus@cvs.openbsd.org 2001/10/04 14:34:16Damien Miller
[key.c] call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com
2001-09-20 - markus@cvs.openbsd.org 2001/09/19 13:23:29Ben Lindstrom
[key.c] key_read() now returns -1 on type mismatch, too
2001-09-18 - markus@cvs.openbsd.org 2001/09/17 20:50:22Ben Lindstrom
[key.c ssh-keygen.c] better error handling if you try to export a bad key to ssh.com
2001-09-18 - stevesk@cvs.openbsd.org 2001/09/17 19:27:15Ben Lindstrom
[kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c] u_char*/char* cleanup; ok markus
2001-07-04 - markus@cvs.openbsd.org 2001/06/26 20:14:11Ben Lindstrom
[key.c key.h ssh.c sshconnect1.c sshconnect2.c] add smartcard support to the client, too (now you can use both the agent and the client).
2001-07-04 - markus@cvs.openbsd.org 2001/06/25 08:25:41Ben Lindstrom
[channels.c channels.h cipher.c clientloop.c compat.c compat.h hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h] update copyright for 2001
2001-06-25 - itojun@cvs.openbsd.org 2001/06/23 15:12:20Ben Lindstrom
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c canohost.c channels.c cipher.c clientloop.c deattack.c dh.c hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c readpass.c scp.c servconf.c serverloop.c session.c sftp.c sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c ssh-keygen.c ssh-keyscan.c] more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
2001-06-25 - markus@cvs.openbsd.org 2001/06/23 05:26:02Ben Lindstrom
[key.c] handle sigature of size 0 (some broken clients send this).
2001-04-17 - markus@cvs.openbsd.org 2001/04/17 10:53:26Ben Lindstrom
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c] add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@