Commit Graph

141 Commits

Author SHA1 Message Date
Darren Tucker
3af2ac56a2 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
[ssh-keygen.c]
     Populate default key sizes before checking them; from & ok tim@
2005-11-29 13:10:24 +11:00
Tim Rice
660c3405f9 - (tim) [ssh-keygen.c] Move DSA length test after setting default when
bits == 0.
2005-11-28 17:45:32 -08:00
Darren Tucker
9f647335d2 [ssh-keygen.1 ssh-keygen.c]
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
     increase minumum RSA key size to 768 bits and update man page to reflect
     these.  Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
     ok djm@, grudging ok deraadt@.
2005-11-28 16:41:46 +11:00
Damien Miller
f14be5ce03 - djm@cvs.openbsd.org 2005/10/31 11:12:49
[ssh-keygen.1 ssh-keygen.c]
     generate a protocol 2 RSA key by default
2005-11-05 15:15:49 +11:00
Damien Miller
788f212aed - djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
     [ssh.c sshconnect.c sshconnect1.c sshd.c]
     no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
Damien Miller
15d72a00a3 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
[ssh-keygen.c ssh.c sshconnect2.c]
     no trailing "\n" for log functions; ok djm@
2005-11-05 15:07:33 +11:00
Damien Miller
3f54a9f5b7 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2005/10/07 11:13:57
     [ssh-keygen.c]
     change DSA default back to 1024, as it's defined for 1024 bits only
     and this causes interop problems with other clients.  moreover,
     in order to improve the security of DSA you need to change more
     components of DSA key generation (e.g. the internal SHA1 hash);
     ok deraadt
2005-11-05 14:52:18 +11:00
Darren Tucker
ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00
Damien Miller
0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
Damien Miller
ac7ef6a736 - djm@cvs.openbsd.org 2005/06/08 03:50:00
[ssh-keygen.1 ssh-keygen.c sshd.8]
     increase default rsa/dsa key length from 1024 to 2048 bits;
     ok markus@ deraadt@
2005-06-16 13:19:06 +10:00
Darren Tucker
2db8ae671e - dtucker@cvs.openbsd.org 2005/05/26 09:08:12
[ssh-keygen.c]
     uint32_t -> u_int32_t for consistency; ok djm@
2005-06-01 23:02:25 +10:00
Damien Miller
02e754f1f0 - avsm@cvs.openbsd.org 2005/05/24 02:05:09
[ssh-keygen.c]
     some style nits from dmiller@, and use a fatal() instead of a printf()/exit
2005-05-26 12:19:39 +10:00
Damien Miller
b089fb5fe1 - avsm@cvs.openbsd.org 2005/05/23 22:44:01
[moduli.c ssh-keygen.c]
     - removes signed/unsigned comparisons in moduli generation
     - use strtonum instead of atoi where its easier
     - check some strlcpy overflow and fatal instead of truncate
2005-05-26 12:16:18 +10:00
Damien Miller
9278ffaf71 - (djm) OpenBSD CVS Sync
- otto@cvs.openbsd.org 2005/04/05 13:45:31
     [ssh-keygen.c]
2005-05-26 11:59:06 +10:00
Darren Tucker
9f438a9d63 - markus@cvs.openbsd.org 2005/03/11 14:59:06
[ssh-keygen.c]
     typo, missing \n; mpech
2005-03-14 23:09:18 +11:00
Darren Tucker
47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
2005-03-14 23:08:12 +11:00
Damien Miller
89eac8010a - djm@cvs.openbsd.org 2005/03/02 01:27:41
[ssh-keygen.c]
     ignore hostnames with metachars when hashing; ok deraadt@
2005-03-02 12:33:04 +11:00
Damien Miller
4b42d7f195 - djm@cvs.openbsd.org 2005/03/01 10:42:49
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
     add tools for managing known_hosts files with hashed hostnames, including
     hashing existing files and deleting hosts by name; ok markus@ deraadt@
2005-03-01 21:48:35 +11:00
Darren Tucker
7cfeecf670 - markus@cvs.openbsd.org 2004/12/23 17:38:07
[ssh-keygen.c]
     leak; from mpech
2005-01-20 10:56:31 +11:00
Darren Tucker
fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker
ba6de952a0 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
   openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c.  Reduces
   diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
Darren Tucker
3f9fdc7121 - avsm@cvs.openbsd.org 2004/06/21 17:36:31
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
     cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
     monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
     ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
     sshpty.c]
     make ssh -Wshadow clean, no functional changes
     markus@ ok

There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
2004-06-22 12:56:01 +10:00
Darren Tucker
770fc01078 - djm@cvs.openbsd.org 2004/05/09 00:06:47
[moduli.c ssh-keygen.c] removed: moduli.h
     zap another tiny header; ok deraadt@
2004-05-13 16:24:32 +10:00
Darren Tucker
e608ca2965 - djm@cvs.openbsd.org 2004/05/08 00:21:31
[clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
     sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
     kill a tiny header; ok deraadt@
2004-05-13 16:15:47 +10:00
Darren Tucker
06930c70ad - djm@cvs.openbsd.org 2003/12/22 09:16:58
[moduli.c ssh-keygen.1 ssh-keygen.c]
     tidy up moduli generation debugging, add -v (verbose/debug) option to
     ssh-keygen; ok markus@
2003-12-31 11:34:51 +11:00
Damien Miller
a4b33dfb6d - djm@cvs.openbsd.org 2003/11/23 23:18:45
[ssh-keygen.c]
     consistency PATH_MAX -> MAXPATHLEN; ok markus@
     (RCS ID sync only)
   - djm@cvs.openbsd.org 2003/11/23 23:21:21
     [scp.c]
     from portable: rename clashing variable limit-> limit_rate; ok markus@
     (RCS ID sync only)
2003-11-24 13:09:27 +11:00
Damien Miller
787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Darren Tucker
dda19d63ff - jakob@cvs.openbsd.org 2003/10/14 19:42:10
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
     include SSHFP lookup code (not enabled by default). ok markus@
2003-10-15 16:00:47 +10:00
Darren Tucker
c0815c927e - miod@cvs.openbsd.org 2003/09/18 13:02:21
[authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
     A few signedness fixes for harmless situations; markus@ ok
2003-09-22 21:05:50 +10:00
Tim Rice
2e0e38e310 [ssh-keygen.c] s/PATH_MAX/MAXPATHLEN/ ok mouring@ 2003-09-08 16:11:33 -07:00
Damien Miller
59d3d5b8b4 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
-lbroken; ok dtucker
2003-08-22 09:34:41 +10:00
Darren Tucker
f4220e6cef - markus@cvs.openbsd.org 2003/08/14 16:08:58
[ssh-keygen.c]
     exit after primetest, ok djm@
2003-08-21 16:44:07 +10:00
Darren Tucker
019cefeaad - djm@cvs.openbsd.org 2003/07/28 09:49:56
[ssh-keygen.1 ssh-keygen.c]
     Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
     Based on code from Phil Karn, William Allen Simpson and Niels Provos.
     ok markus@, thanks jmc@
2003-08-02 22:40:07 +10:00
Damien Miller
ed12a26f0d - djm@cvs.openbsd.org 2003/05/15 03:10:52
[ssh-keygen.c]
     avoid warning; ok jakob@
2003-05-15 13:37:43 +10:00
Damien Miller
37876e913a - jakob@cvs.openbsd.org 2003/05/14 18:16:20
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
     [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
     add experimental support for verifying hos keys using DNS as described
     in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
     ok markus@ and henning@
2003-05-15 10:19:46 +10:00
Damien Miller
db2747259c - markus@cvs.openbsd.org 2003/05/11 16:56:48
[authfile.c ssh-keygen.c]
     change key_load_public to try to read a public from:
     rsa1 private or rsa1 public and ssh2 keys.
     this makes ssh-keygen -e fail for ssh1 keys more gracefully
     for example; report from itojun (netbsd pr 20550).
2003-05-14 13:45:22 +10:00
Damien Miller
d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Ben Lindstrom
e7ee7fe602 - wcobb@cvs.openbsd.org 2002/11/26 00:45:03
[scp.c ssh-keygen.c]
     Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default.
     ok markus@
2002-12-23 02:11:02 +00:00
Kevin Steves
3a8819102c - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng(). 2002-07-20 19:05:40 +00:00
Ben Lindstrom
58d3b7224f - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
[ssh-keygen.c]
     u_int stuff
2002-06-23 21:28:13 +00:00
Ben Lindstrom
cb72e4f6d2 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Ben Lindstrom
05efee1092 - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
   independant of them)
2002-06-09 20:20:58 +00:00
Ben Lindstrom
5a6abdae0f unexpand 2002-06-09 19:41:48 +00:00
Ben Lindstrom
155b981494 - markus@cvs.openbsd.org 2002/03/27 22:21:45
[ssh-keygen.c]
     try to import keys with extra trailing === (seen with ssh.com < 2.0.12)
2002-04-02 20:26:26 +00:00
Ben Lindstrom
0936a5bb72 - markus@cvs.openbsd.org 2002/03/25 17:34:27
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
     change sc_get_key to sc_get_keys and hide smartcard details in scard.c
2002-03-26 03:17:42 +00:00
Ben Lindstrom
266ec63eb3 - rees@cvs.openbsd.org 2002/03/21 21:54:34
[scard.c scard.h ssh-keygen.c]
     Add PIN-protection for secret key.
2002-03-22 03:47:38 +00:00
Ben Lindstrom
70e3ad8231 - markus@cvs.openbsd.org 2002/03/21 16:57:15
[scard.c]
     remove const
2002-03-22 03:33:43 +00:00
Damien Miller
4a10d2e90b - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 2002-03-11 22:53:29 +11:00