summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/key.c
AgeCommit message (Expand)Author
2015-12-04implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)Markus Friedl
2015-07-03delete support for legacy v00 certificates; "sure" markus@ dtucker@Damien Miller
2015-01-28update to new API (key_fingerprint => sshkey_fingerprint)Damien Miller
2015-01-20Reduce use of <sys/param.h> and transition to <limits.h> throughout.Theo de Raadt
2015-01-08deprecate key_load_private_pem() and sshkey_load_private_pem()Damien Miller
2014-12-21Add FingerprintHash option to control algorithm used for keyDamien Miller
2014-12-04key_in_file() wrapper is no longer usedDamien Miller
2014-07-22Prevent spam from key_load_private_pem during hostbased auth. ok djm@Darren Tucker
2014-07-17silence "incorrect passphrase" error spam; reported and ok dtucker@Damien Miller
2014-07-09downgrade more error() to debug() to better match what old authfile.cDamien Miller
2014-06-30suppress spurious error message when loading key with a passphrase;Damien Miller
2014-06-24New key API: refactor key-related functions to be more library-like,Damien Miller
2014-04-29make compiling against OpenSSL optional (make OPENSSL=no);Markus Friedl
2014-02-02convert memset of potentially-private data to explicit_bzero()Damien Miller
2014-01-09Introduce digest API and use it to perform all hashing operationsDamien Miller
2013-12-29to make sure we don't omit any key types as valid CA keys again,Damien Miller
2013-12-29correct comment for key_drop_cert()Damien Miller
2013-12-29correct comment for key_to_certified()Damien Miller
2013-12-29allow ed25519 keys to appear as certificate authoritiesDamien Miller
2013-12-07set k->cert = NULL after freeing itDamien Miller
2013-12-06support ed25519 keys (hostkeys and user identities) using the public domainMarkus Friedl
2013-12-06new private key format, bcrypt as KDF by default; details in PROTOCOL.key;Markus Friedl
2013-12-06move private key (de)serialization to key.c; ok djmMarkus Friedl
2013-12-02make key_to_blob() return a NULL blob on failure; part ofDamien Miller
2013-10-29fix potential stack exhaustion caused by nested certificates;Damien Miller
2013-05-19Standardise logging of supplemental information during userauth. KeysDamien Miller
2013-05-17bye, bye xfree(); ok markus@Damien Miller
2013-05-10memleak in cert_free(), wasn't actually freeing the struct;Damien Miller
2013-04-19add the ability to query supported ciphers, MACs, key type and KEXDamien Miller
2013-01-17add support for Key Revocation Lists (KRLs). These are a compact way toDamien Miller
2012-05-23add support for RFC6594 SSHFP DNS records for ECDSA key types.Damien Miller
2011-10-18remove explict search for \0 in packet strings, this job is now doneDamien Miller
2011-05-17fatal() if asked to generate a legacy ECDSA cert (these don't exist)Damien Miller
2011-02-04fix uninitialised nonce variable; reported by Mateusz KocielskiDamien Miller
2010-11-10use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.Damien Miller
2010-10-28fix a possible NULL deref on loading a corrupt ECDH keyDamien Miller
2010-09-09ECDH/ECDSA compliance fix: these methods vary the hash function they useDamien Miller
2010-08-31Implement Elliptic Curve Cryptography modes for key exchange (ECDH) andDamien Miller
2010-08-31Add buffer_get_cstring() and related functions that verify that theDamien Miller
2010-07-13s/timing_safe_cmp/timingsafe_bcmp/gDamien Miller
2010-07-13implement a timing_safe_cmp() function to compare memory without leakingDamien Miller
2010-05-07add some optional indirection to matching of principal names listedDamien Miller
2010-04-16revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with theDamien Miller
2010-03-15also print certificate type (user or host) for ssh-keygen -LKevin Steves
2010-03-04use buffer_get_string_ptr_ret() where we are checking the returnDamien Miller
2010-03-03reject strings with embedded ASCII nul chars in certificate key IDs,Damien Miller
2010-02-26Add support for certificate key types for users and hosts.Damien Miller
2010-01-13Ignore and log any Protocol 1 keys where the claimed size is not equal toDarren Tucker
2009-12-11switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537Markus Friedl
2008-10-10typo in error message; ok djm@Kevin Steves