summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/key.c
AgeCommit message (Expand)Author
2014-01-09Introduce digest API and use it to perform all hashing operationsDamien Miller
2013-12-29to make sure we don't omit any key types as valid CA keys again,Damien Miller
2013-12-29correct comment for key_drop_cert()Damien Miller
2013-12-29correct comment for key_to_certified()Damien Miller
2013-12-29allow ed25519 keys to appear as certificate authoritiesDamien Miller
2013-12-07set k->cert = NULL after freeing itDamien Miller
2013-12-06support ed25519 keys (hostkeys and user identities) using the public domainMarkus Friedl
2013-12-06new private key format, bcrypt as KDF by default; details in PROTOCOL.key;Markus Friedl
2013-12-06move private key (de)serialization to key.c; ok djmMarkus Friedl
2013-12-02make key_to_blob() return a NULL blob on failure; part ofDamien Miller
2013-10-29fix potential stack exhaustion caused by nested certificates;Damien Miller
2013-05-19Standardise logging of supplemental information during userauth. KeysDamien Miller
2013-05-17bye, bye xfree(); ok markus@Damien Miller
2013-05-10memleak in cert_free(), wasn't actually freeing the struct;Damien Miller
2013-04-19add the ability to query supported ciphers, MACs, key type and KEXDamien Miller
2013-01-17add support for Key Revocation Lists (KRLs). These are a compact way toDamien Miller
2012-05-23add support for RFC6594 SSHFP DNS records for ECDSA key types.Damien Miller
2011-10-18remove explict search for \0 in packet strings, this job is now doneDamien Miller
2011-05-17fatal() if asked to generate a legacy ECDSA cert (these don't exist)Damien Miller
2011-02-04fix uninitialised nonce variable; reported by Mateusz KocielskiDamien Miller
2010-11-10use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.Damien Miller
2010-10-28fix a possible NULL deref on loading a corrupt ECDH keyDamien Miller
2010-09-09ECDH/ECDSA compliance fix: these methods vary the hash function they useDamien Miller
2010-08-31Implement Elliptic Curve Cryptography modes for key exchange (ECDH) andDamien Miller
2010-08-31Add buffer_get_cstring() and related functions that verify that theDamien Miller
2010-07-13s/timing_safe_cmp/timingsafe_bcmp/gDamien Miller
2010-07-13implement a timing_safe_cmp() function to compare memory without leakingDamien Miller
2010-05-07add some optional indirection to matching of principal names listedDamien Miller
2010-04-16revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with theDamien Miller
2010-03-15also print certificate type (user or host) for ssh-keygen -LKevin Steves
2010-03-04use buffer_get_string_ptr_ret() where we are checking the returnDamien Miller
2010-03-03reject strings with embedded ASCII nul chars in certificate key IDs,Damien Miller
2010-02-26Add support for certificate key types for users and hosts.Damien Miller
2010-01-13Ignore and log any Protocol 1 keys where the claimed size is not equal toDarren Tucker
2009-12-11switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537Markus Friedl
2008-10-10typo in error message; ok djm@Kevin Steves
2008-07-25In random art visualization, make sure to use the end marker only at theAlexander von Gernler
2008-07-07/*NOTREACHED*/ for lint warning:Kevin Steves
2008-06-25add key length to visual fingerprint; zap magical constants;Otto Moerbeek
2008-06-12add my copyright, ok djm@Alexander von Gernler
2008-06-12We already mark the start of the worm, now also mark the end of the wormAlexander von Gernler
2008-06-12supply the key type (rsa1, rsa, dsa) as a caption in the frame of theAlexander von Gernler
2008-06-12use an odd number of rows and columns and a separate start marker, looksOtto Moerbeek
2008-06-11#define statements that are not atoms need braces around them, else theyAlexander von Gernler
2008-06-11simpler way of computing the augmentations; ok grunk@Otto Moerbeek
2008-06-11Introduce SSH Fingerprint ASCII Visualization, a technique inspired by theAlexander von Gernler
2007-07-12Delint: remove some unreachable statements, from Bret Lambert.Ray Lai
2006-11-06add missing checks for openssl return codes; with & ok djm@Markus Friedl
2006-08-03almost entirely get rid of the culture of ".h files that include .h files"Theo de Raadt
2006-08-01move #include <stdio.h> out of includes.hKevin Steves