summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/ssh-keygen.c
AgeCommit message (Expand)Author
2019-06-21Add protection for private keys at rest in RAM against speculationDamien Miller
2019-06-06Replace calls to ssh_malloc_init() by a static init of malloc_options.Otto Moerbeek
2019-05-29Make the standard output messages of both methods of changing a keyMark Lumsden
2019-03-25Expand comment to document rationale for default key sizes.Darren Tucker
2019-03-25Increase the default RSA key size to 3072 bits. Based on the estimatesDarren Tucker
2019-02-10ssh-keygen -D pkcs11.so needs to initialize pkcs11 interactive,Sebastian Benoit
2019-01-23allow auto-incrementing certificate serial number for certs signedDamien Miller
2019-01-23move a bunch of global flag variables to main(); make the rest staticDamien Miller
2019-01-22add -m to usage(); reminded by jmc@Damien Miller
2018-10-19when printing certificate contents "ssh-keygen -Lf /path/certificate",Damien Miller
2018-09-14garbage-collect moribund ssh_new_private() API.Damien Miller
2018-09-13hold our collective noses and use the openssl-1.1.x API in OpenSSH;Damien Miller
2018-09-12allow key revocation by SHA256 hash and allow ssh-keygen to create KRLsDamien Miller
2018-08-08Use new private key format by default. This format is suported byDamien Miller
2018-07-09replace cast with call to sshbuf_mutable_ptr(); ok djm@Markus Friedl
2018-06-06switch config file parsing to getline(3) as this avoids static limitsMarkus Friedl
2018-06-01whitespaceDamien Miller
2018-06-01return correct exit code when searching for and hashing known_hostsDamien Miller
2018-03-12add valid-before="[time]" authorized_keys option. A simple way ofDamien Miller
2018-02-23Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)Markus Friedl
2018-02-10Refuse to create a certificate with an unusable number of principals;Damien Miller
2018-02-10fatal if we're unable to write all the public key; previously weDamien Miller
2018-02-07Remove some #ifdef notyet code from OpenSSL 0.9.8 days.Joel Sing
2017-12-18pass negotiated signing algorithm though to sshkey_verify() andDamien Miller
2017-11-03allow certificate validity intervals that specify only a start orDamien Miller
2017-07-07When generating all hostkeys (ssh-keygen -A), clobber existing keysDamien Miller
2017-07-01remove post-SSHv1 removal dead code from rsa.c and merge theDamien Miller
2017-06-28Allow ssh-keygen to use a key held in ssh-agent as a CA when signingDamien Miller
2017-05-30remove unused wrapper functions from key.[ch]; ok djm@Markus Friedl
2017-05-07Refuse RSA keys <1024 bits in length. Improve reporting for keys thatDamien Miller
2017-04-30remove KEY_RSA1Damien Miller
2017-04-30unifdef WITH_SSH1Damien Miller
2017-04-29allow ssh-keygen to include arbitrary string or flag certificateDamien Miller
2017-03-10ensure hostname is lower-case before hashing it; bz#2591 reported byDamien Miller
2017-03-06Check l->hosts before dereferencing; fixes potential null pointer deref.Darren Tucker
2017-03-06linenum is unsigned long so use %lu in log formats. ok deraadt@Darren Tucker
2017-03-03fix ssh-keygen -H accidentally corrupting known_hosts that containedDamien Miller
2017-02-17Do not show rsa1 key type in usage when compiled without SSH1 support.Darren Tucker
2017-02-10Sanitise escape sequences in key comments sent to printf but preserveDamien Miller
2017-02-08Avoid printf %s NULL. From semarie@, OK djm@Todd C. Miller
2016-09-12Spaces->tabs.Darren Tucker
2016-09-12Style whitespace fix. Also happens to remove a no-op diff with portable.Darren Tucker
2016-05-02support SHA256 and SHA512 RSA signatures in certificates;Damien Miller
2016-05-02fix signed/unsigned errors reported by clang-3.7; addDamien Miller
2016-02-15Add a function to enable security-related malloc_options. With and okDarren Tucker
2015-12-11use SSH_MAX_PUBKEY_BYTES consistently as buffer size when reading keyDamien Miller
2015-12-11Remove NULL-checks before sshkey_free().mmcc
2015-12-04implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)Markus Friedl
2015-11-28do not leak temp file if there is no known_hosts fileTheo de Raadt
2015-11-20allow comment change for all supported formatsAlexander Hall