summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
AgeCommit message (Collapse)Author
2017-03-16upstream commitdtucker@openbsd.org
Check l->hosts before dereferencing; fixes potential null pointer deref. ok djm@ Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 Origin: https://anongit.mindrot.org/openssh.git/commit/?id=18501151cf272a15b5f2c5e777f2e0933633c513 Last-Update: 2017-03-16 Patch-Name: ssh-keygen-null-deref.patch
2017-03-09upstream commitdjm@openbsd.org
fix ssh-keygen -H accidentally corrupting known_hosts that contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by hostkeys_foreach() when hostname matching is in use, so we need to look for the hash marker explicitly. Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 Origin: https://anongit.mindrot.org/openssh.git/commit/?id=12d3767ba4c84c32150cbe6ff6494498780f12c9 Bug-Debian: https://bugs.debian.org/851734 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1668093 Last-Update: 2017-03-09 Patch-Name: ssh-keygen-hash-corruption.patch
2016-09-12Resync ssh-keygen -W error message with upstream.Darren Tucker
2016-09-12Move ssh-keygen -W handling code to match upstreamDarren Tucker
2016-09-12Move ssh-keygen -T handling code to match upstream.Darren Tucker
2016-09-12Move -M handling code to match upstream.Darren Tucker
2016-09-12upstream commitdtucker@openbsd.org
Spaces->tabs. Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7
2016-09-12upstream commitdtucker@openbsd.org
Style whitespace fix. Also happens to remove a no-op diff with portable. Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3
2016-09-12Restore ssh-keygen's -J and -j option handling.Darren Tucker
These were incorrectly removed in the 1d9a2e28 sync commit.
2016-05-02upstream commitdjm@openbsd.org
support SHA256 and SHA512 RSA signatures in certificates; ok markus@ Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
2016-05-02upstream commitdjm@openbsd.org
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@ Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2016-02-16upstream commitdtucker@openbsd.org
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while. Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2015-12-18upstream commitdjm@openbsd.org
use SSH_MAX_PUBKEY_BYTES consistently as buffer size when reading key files. Increase it to match the size of the buffers already being used. Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae
2015-12-18upstream commitmmcc@openbsd.org
Remove NULL-checks before sshkey_free(). ok djm@ Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
2015-12-07upstream commitmarkus@openbsd.org
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@ Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
2015-11-30upstream commitderaadt@openbsd.org
do not leak temp file if there is no known_hosts file from craig leres, ok djm Upstream-ID: c820497fd5574844c782e79405c55860f170e426
2015-11-28upstream commithalex@openbsd.org
allow comment change for all supported formats ok djm@ Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b
2015-11-19upstream commitdjm@openbsd.org
trailing whitespace Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051
2015-11-19upstream commitdjm@openbsd.org
move the certificate validity formatting code to sshkey.[ch] Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
2015-11-18upstream commitdjm@openbsd.org
fix "ssh-keygen -l" of private key, broken in support for multiple plain keys on stdin Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d
2015-11-17upstream commitdjm@openbsd.org
Allow fingerprinting from standard input "ssh-keygen -lf -" Support fingerprinting multiple plain keys in a file and authorized_keys files too (bz#1319) ok markus@ Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77
2015-11-16upstream commitdjm@openbsd.org
support multiple certificates (one per line) and reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@ Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
2015-08-20upstream commitdjm@openbsd.org
fixed unlink([uninitialised memory]) reported by Mateusz Kocielski; ok markus@ Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
2015-07-15upstream commitdjm@openbsd.org
refuse to generate or accept RSA keys smaller than 1024 bits; feedback and ok dtucker@ Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
2015-07-15upstream commitdjm@openbsd.org
delete support for legacy v00 certificates; "sure" markus@ dtucker@ Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-05-28upstream commitdjm@openbsd.org
wrap all moduli-related code in #ifdef WITH_OPENSSL. based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@ Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf
2015-05-28upstream commitdjm@openbsd.org
make ssh-keygen default to ed25519 keys when compiled without OpenSSL; bz#2388, ok dtucker@ Upstream-ID: 85a471fa6d3fa57a7b8e882d22cfbfc1d84cdc71
2015-05-21upstream commitdjm@openbsd.org
Support "ssh-keygen -lF hostname" to find search known_hosts and print key hashes. Already advertised by ssh-keygen(1), but not delivered by code; ok dtucker@ Upstream-ID: 459e0e2bf39825e41b0811c336db2d56a1c23387
2015-04-29upstream commitdjm@openbsd.org
fix compilation with OPENSSL=no; ok dtucker@
2015-04-29upstream commitderaadt@openbsd.org
rename xrealloc() to xreallocarray() since it follows that form. ok djm
2015-04-29upstream commitdjm@openbsd.org
use error/logit/fatal instead of fprintf(stderr, ...) and exit(0), fix a few errors that were being printed to stdout instead of stderr and a few non-errors that were going to stderr instead of stdout bz#2325; ok dtucker
2015-04-01upstream committobias@openbsd.org
Comments are only supported for RSA1 keys. If a user tried to add one and entered his passphrase, explicitly clear it before exit. This is done in all other error paths, too. ok djm
2015-03-23upstream commitdjm@openbsd.org
for ssh-keygen -A, don't try (and fail) to generate ssh v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled without OpenSSL based on patch by Mike Frysinger; bz#2369
2015-02-27upstream commitdjm@openbsd.org
don't printf NULL key comments; reported by Tom Christensen
2015-02-26upstream commitnaddy@openbsd.org
add -v (show ASCII art) to -l's synopsis; ok djm@
2015-02-24upstream commitdjm@openbsd.org
further silence spurious error message even when -v is specified (e.g. to get visual host keys); reported by naddy@
2015-02-24upstream commitdjm@openbsd.org
silence a spurious error message when listing fingerprints for known_hosts; bz#2342
2015-02-18repair --without-openssl; broken in refactorDamien Miller
2015-02-17upstream commitdjm@openbsd.org
Refactor hostkeys_foreach() and dependent code Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
2015-01-30upstream commitdjm@openbsd.org
permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA; ok markus@
2015-01-30upstream commitdjm@openbsd.org
missing parentheses after if in do_convert_from() broke private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
2015-01-29upstream commitdjm@openbsd.org
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
2015-01-20upstream commitderaadt@openbsd.org
djm, your /usr/include tree is old
2015-01-20upstream commitdjm@openbsd.org
some feedback from markus@: comment hostkeys_foreach() context and avoid a member in it.
2015-01-20upstream commitdjm@openbsd.org
make ssh-keygen use hostkeys_foreach(). Removes some horrendous code; ok markus@
2015-01-20upstream commitdjm@openbsd.org
infer key length correctly when user specified a fully- qualified key name instead of using the -b bits option; ok markus@
2015-01-20upstream commitdjm@openbsd.org
regression: incorrect error message on otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
2015-01-16upstream commitderaadt@openbsd.org
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2015-01-15upstream commitdjm@openbsd.org
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
2015-01-15more --without-opensslDamien Miller
fix some regressions caused by upstream merges enable KRLs now that they no longer require BIGNUMs