I am retiring my old email address; replace it with my OpenBSD one.

Use the safe idiom of cleaning sensitive data from memory with explicit_bzero,
instead of relying on other methods, after readpassphrase. Some programs on
this diff won't benefit that much since it happens near the terminal path, but
someone might copy the unsafe idiom to another program and place it where it
may leak sensitive data.

Discussed aeons ago with tb@, OK deraadt@ and beck@

We no longer need pledge "wpath" since "tty" allows read-write on
/dev/tty.

Pledge "stdio wpath tty"; "awesome" deraadt@

Remove telnet warnings. Civilization has reached a point where they are no
longer relevant.

OK millert@

Use __progname rather than argv[0]; OK millert@

Replace readpass(3) with readpassphrase(3). This was the only use of
readpass(3) in base...

OK millert@

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert

Remove the (non-default) MD4 hash algorithm from S/Key.
ok millert, man pages ok jmc@

Fix typo in line ending; from Antti Harri

In -x mode, if count was > 1 we would print both the hex and ascii versions
of the response (for count == 1 only the hex version was printed). Make
things consistent and match the docs by only printing the hex mode even
if count > 1. OK otto@

Usage -> usage.

alter spacing of usage() so we don;t get a line break if skey is
invoked as otp-rmd160;

- tidy up SYNOPSIS
- sort options
- sync usage()
- other small tweaks

spacing

Consistently use "secret passphrase" for the passphrase made up by the user
and "one-time password" for the generated passwords.
ok jmc@ millert@

knf

Kill/adjust r(login|exec)d? references now that those are no longer in
the tree.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

Fix hex mode (-x), based on patch from David Gullasch

cosmetic changes and mention RFC2289 which supercedes RFC1938

oops

oflow

back out changes that should not have escaped my local tree

add missing reference to infocmp

Add RIPEMD-160 (rmd160) support to OTP (s/key).

fix thinko wrt otp-* handling

Use new length/size macros.

Give usage and exit if user gave us too many args.

Exit on empty "secret password" like skeyinit does.

Towards RFC 1938 compliance. Works with new libskey and supports SHA.

Added support for MD4/MD5 as an argument.

Now can both MD4 and MD5 skey's.

rcsid

branches: 1.1.1;
Initial revision

Use the safe idiom of cleaning sensitive data from memory with explicit_bzero,
instead of relying on other methods, after readpassphrase. Some programs on
this diff won't benefit that much since it happens near the terminal path, but
someone might copy the unsafe idiom to another program and place it where it
may leak sensitive data.

Discussed aeons ago with tb@, OK deraadt@ and beck@

We no longer need pledge "wpath" since "tty" allows read-write on
/dev/tty.

Pledge "stdio wpath tty"; "awesome" deraadt@

Remove telnet warnings. Civilization has reached a point where they are no
longer relevant.

OK millert@

Use __progname rather than argv[0]; OK millert@

Replace readpass(3) with readpassphrase(3). This was the only use of
readpass(3) in base...

OK millert@

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert

Remove the (non-default) MD4 hash algorithm from S/Key.
ok millert, man pages ok jmc@

Fix typo in line ending; from Antti Harri

In -x mode, if count was > 1 we would print both the hex and ascii versions
of the response (for count == 1 only the hex version was printed). Make
things consistent and match the docs by only printing the hex mode even
if count > 1. OK otto@

Usage -> usage.

alter spacing of usage() so we don;t get a line break if skey is
invoked as otp-rmd160;

- tidy up SYNOPSIS
- sort options
- sync usage()
- other small tweaks

spacing

Consistently use "secret passphrase" for the passphrase made up by the user
and "one-time password" for the generated passwords.
ok jmc@ millert@

knf

Kill/adjust r(login|exec)d? references now that those are no longer in
the tree.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

Fix hex mode (-x), based on patch from David Gullasch

cosmetic changes and mention RFC2289 which supercedes RFC1938

oops

oflow

back out changes that should not have escaped my local tree

add missing reference to infocmp

Add RIPEMD-160 (rmd160) support to OTP (s/key).

fix thinko wrt otp-* handling

Use new length/size macros.

Give usage and exit if user gave us too many args.

Exit on empty "secret password" like skeyinit does.

Towards RFC 1938 compliance. Works with new libskey and supports SHA.

Added support for MD4/MD5 as an argument.

Now can both MD4 and MD5 skey's.

rcsid

branches: 1.1.1;
Initial revision