Age | Commit message (Collapse) | Author |
|
Refuse to create a certificate with an unusable number of
principals; Prompted by gdestuynder via github
OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
|
|
fatal if we're unable to write all the public key; previously
we would silently ignore errors writing the comment and terminating newline.
Prompted by github PR from WillerZ; ok dtucker
OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831
|
|
Remove some #ifdef notyet code from OpenSSL 0.9.8 days.
These functions have never appeared in OpenSSL and are likely never to do
so.
"kill it with fire" djm@
OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e
|
|
pass negotiated signing algorithm though to
sshkey_verify() and check that the negotiated algorithm matches the type in
the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
|
|
allow certificate validity intervals that specify only a
start or stop time (we already support specifying both or neither)
OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
|
|
When generating all hostkeys (ssh-keygen -A), clobber
existing keys if they exist but are zero length. zero-length keys could
previously be made if ssh-keygen failed part way through generating them, so
avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@
Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
|
|
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
|
|
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus
Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
|
|
remove unused wrapper functions from key.[ch]; ok djm@
Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e
|
|
Refuse RSA keys <1024 bits in length. Improve reporting
for keys that do not meet this requirement. ok markus@
Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
|
|
remove KEY_RSA1
ok markus@
Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
|
|
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
|
|
allow ssh-keygen to include arbitrary string or flag
certificate extensions and critical options. ok markus@ dtucker@
Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
|
|
ensure hostname is lower-case before hashing it;
bz#2591 reported by Griff Miller II; ok dtucker@
Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
|
|
Check l->hosts before dereferencing; fixes potential null
pointer deref. ok djm@
Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
|
|
linenum is unsigned long so use %lu in log formats. ok
deraadt@
Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08
|
|
fix ssh-keygen -H accidentally corrupting known_hosts that
contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
hostkeys_foreach() when hostname matching is in use, so we need to look for
the hash marker explicitly.
Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
|
|
Do not show rsa1 key type in usage when compiled without
SSH1 support.
Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57
|
|
Sanitise escape sequences in key comments sent to printf
but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@
Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e
|
|
Avoid printf %s NULL. From semarie@, OK djm@
Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c
|
|
|
|
|
|
|
|
|
|
Spaces->tabs.
Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7
|
|
Style whitespace fix. Also happens to remove a no-op
diff with portable.
Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3
|
|
These were incorrectly removed in the 1d9a2e28 sync commit.
|
|
support SHA256 and SHA512 RSA signatures in certificates;
ok markus@
Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
|
|
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
|
|
Add a function to enable security-related malloc_options.
With and ok deraadt@, something similar has been in the snaps for a while.
Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
|
|
use SSH_MAX_PUBKEY_BYTES consistently as buffer size when
reading key files. Increase it to match the size of the buffers already being
used.
Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae
|
|
Remove NULL-checks before sshkey_free().
ok djm@
Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
|
|
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
|
|
do not leak temp file if there is no known_hosts file
from craig leres, ok djm
Upstream-ID: c820497fd5574844c782e79405c55860f170e426
|
|
allow comment change for all supported formats
ok djm@
Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b
|
|
trailing whitespace
Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051
|
|
move the certificate validity formatting code to
sshkey.[ch]
Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
|
|
fix "ssh-keygen -l" of private key, broken in support for
multiple plain keys on stdin
Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d
|
|
Allow fingerprinting from standard input "ssh-keygen -lf
-"
Support fingerprinting multiple plain keys in a file and authorized_keys
files too (bz#1319)
ok markus@
Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77
|
|
support multiple certificates (one per line) and
reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
|
|
fixed unlink([uninitialised memory]) reported by Mateusz
Kocielski; ok markus@
Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
|
|
refuse to generate or accept RSA keys smaller than 1024
bits; feedback and ok dtucker@
Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
|
|
delete support for legacy v00 certificates; "sure"
markus@ dtucker@
Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
|
|
wrap all moduli-related code in #ifdef WITH_OPENSSL.
based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf
|
|
make ssh-keygen default to ed25519 keys when compiled
without OpenSSL; bz#2388, ok dtucker@
Upstream-ID: 85a471fa6d3fa57a7b8e882d22cfbfc1d84cdc71
|
|
Support "ssh-keygen -lF hostname" to find search known_hosts
and print key hashes. Already advertised by ssh-keygen(1), but not delivered
by code; ok dtucker@
Upstream-ID: 459e0e2bf39825e41b0811c336db2d56a1c23387
|
|
fix compilation with OPENSSL=no; ok dtucker@
|
|
rename xrealloc() to xreallocarray() since it follows
that form. ok djm
|
|
use error/logit/fatal instead of fprintf(stderr, ...)
and exit(0), fix a few errors that were being printed to stdout instead of
stderr and a few non-errors that were going to stderr instead of stdout
bz#2325; ok dtucker
|
|
Comments are only supported for RSA1 keys. If a user
tried to add one and entered his passphrase, explicitly clear it before exit.
This is done in all other error paths, too.
ok djm
|