wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	Better compat matching for WinSCP, add compat matching for	djm	2015-08-19	1	-2/+13
\| \| \| \|	FuTTY (fork of PuTTY); ok markus@ deraadt@
*	add Cisco to the list of clients that choke on the hostkeys update	djm	2015-07-28	1	-2/+3
\| \| \| \|	extension. Pointed out by Howard Kash
*	Add "PuTTY_Local:" to the clients to which we do not offer DH-GEX.	dtucker	2015-07-13	1	-2/+3
\| \| \| \| \| \| \|	This was the string that was used for development versions prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately there are some extant products based on those versions. bx2424 from Jay Rouman, ok markus@ djm@
*	Cap DH-GEX group size at 4kbits for Cisco implementations. Some of them	dtucker	2015-05-26	1	-1/+2
\| \| \| \| \|	will choke when asked for preferred sizes >4k instead of returning the 4k group that they do have. bz#2209, ok djm@
*	Blacklist DH-GEX for specific PuTTY versions known to send non-RFC4419	dtucker	2015-05-06	1	-2/+9
\| \| \| \| \|	DH-GEX messages rather than all versions of PuTTY. According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX messages. ok djm@
*	WinSCP doesn't implement RFC4419 DH-GEX so flag it so we don't offer that	dtucker	2015-05-05	1	-1/+2
\| \| \| \|	KEX method. ok markus@
*	Remove pattern length argument from match_pattern_list(),	djm	2015-05-04	1	-4/+3
\| \| \| \| \| \| \| \| \| \|	we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
*	deprecate ancient, pre-RFC4419 and undocumented	djm	2015-04-13	1	-9/+15
\| \| \| \| \|	SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems reasonable" dtucker@
*	Don't send hostkey advertisments (hostkeys-00@openssh.com) to current	dtucker	2015-04-10	1	-1/+12
\| \| \| \| \|	versions of Tera Term as they can't handle them. Newer versions should be OK. Patch from Bryan Drewery and IWAMOTO Kouichi, ok djm@
*	treat Protocol=1,2\|2,1 as Protocol=2 when compiled without SSH1	djm	2015-04-07	1	-1/+3
\| \| \| \|	support; ok dtucker@ millert@
*	store compat flags in struct ssh; ok djm@	markus	2015-01-19	1	-6/+9
\|
*	another -Wpointer-sign from clang	djm	2014-10-08	1	-2/+2
\|
*	add a canonical 6.6 + curve25519 bignum fix fake version that I can	djm	2014-04-20	1	-1/+2
\| \| \| \|	recommend people use ahead of the openssh-6.7 release
*	missing wildcard; pointed out by naddy@	djm	2014-04-19	1	-2/+2
\|
*	OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections	djm	2014-04-18	1	-2/+16
\| \| \| \| \| \| \| \| \| \|	using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@
*	refuse RSA keys from old proprietary clients/servers that use the	djm	2013-12-30	1	-17/+44
\| \| \| \| \| \|	obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
*	bye, bye xfree(); ok markus@	djm	2013-05-17	1	-3/+3
\|
*	Send client banner immediately, rather than waiting for the server to	djm	2012-08-17	1	-1/+3
\| \| \| \| \|	move first for SSH protocol 2 connections (the default). Patch based on one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
*	unbreak remote portforwarding with dynamic allocated listen ports:	markus	2011-09-23	1	-1/+2
\| \| \| \| \| \| \| \| \|	1) send the actual listen port in the open message (instead of 0). this allows multiple forwardings with a dynamic listen port 2) update the matching permit-open entry, so we can identify where to connect to report: den at skbkontur.ru and P. Szczygielski feedback and ok djm@
*	only send eow and no-more-sessions requests to openssh 5 and newer;	markus	2008-09-11	1	-2/+3
\| \| \| \|	fixes interop problems with broken ssh v2 implementations; ok djm@
*	bz #1019: some ssh.com versions apparently can't cope with the remote port	djm	2006-12-12	1	-2/+3
\| \| \| \| \| \|	forwarding bind_address being a hostname, so send them an address for cases where they are not explicitly specified (wildcard or localhost bind). reported by daveroth AT acm.org; ok dtucker@ deraadt@
*	almost entirely get rid of the culture of ".h files that include .h files"	deraadt	2006-08-03	1	-3/+4
\| \| \| \| \|	ok djm, sort of ok stevesk makes the pain stop in one easy step
*	move #include <stdlib.h> out of includes.h	stevesk	2006-07-26	1	-1/+2
\|
*	move #include <string.h> out of includes.h	stevesk	2006-07-22	1	-1/+3
\|
*	Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that	djm	2006-03-25	1	-0/+1
\| \| \| \|	Theo nuked - our scripts to sync -portable need them in the files
*	RCSID() can die	deraadt	2006-03-19	1	-1/+0
\|
*	bz#413: allow optional specification of bind address for port forwardings.	djm	2005-03-01	1	-8/+12
\| \| \| \| \| \| \| \|	Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. ok markus@
*	remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk	markus	2003-11-02	1	-6/+2
\|
*	SSH_BUG_K5USER is unused; ok henning@	markus	2003-08-29	1	-6/+3
\|
*	support GSS API user authentication; patches from Simon Wilkinson,	markus	2003-08-22	1	-2/+6
\| \| \| \|	stripped down and tested by Jakob and myself.
*	rename log() into logit() to avoid name conflict. markus ok, from netbsd	itojun	2003-04-08	1	-2/+2
\|
*	bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; tested by ho@ and myself	markus	2003-04-01	1	-9/+13
\|
*	add a generic match for a prober, such as sie big brother; idea from stevesk@; markus@ ok	mickey	2002-09-27	1	-1/+3
\|
*	relegate some verbose() to debug(); ok markus@	stevesk	2002-09-19	1	-3/+3
\|
*	strip '@' from username only for KerbV and known broken clients, bug #204	markus	2002-04-10	1	-3/+7
\|
*	don't send stderr data after EOF, accept this from older known (broken)	markus	2002-03-25	1	-9/+15
\| \| \| \|	sshd servers only, fixes http://bugzilla.mindrot.org/show_bug.cgi?id=179
*	undo	markus	2002-03-06	1	-3/+3
\|
*	compat.c	markus	2002-03-06	1	-3/+3
\|
*	remove "rijndael-*", just use "aes-" since this how rijndael is called	markus	2002-01-21	1	-2/+2
\| \| \| \|	in the drafts; ok stevesk@
*	use buffer API and avoid static strings of fixed size; ok provos@/mouring@	markus	2002-01-13	1	-8/+10
\|
*	basic KNF done while i was looking for something else	deraadt	2001-12-19	1	-9/+9
\|
*	make theo and djm happy: bye bye regexp	markus	2001-12-05	1	-47/+57
\|
*	minor KNF	deraadt	2001-12-05	1	-3/+3
\|
*	bug compat: request a dummy channel for -N (no shell) sessions + cleanup; vinschen@redhat.com	markus	2001-09-20	1	-4/+6
\|
*	more versions suffering the SSH_BUG_DEBUG bug;	markus	2001-09-17	1	-4/+6
\| \| \| \|	3.0.x reported by dbutts@maddog.storability.com
*	update copyright for 2001	markus	2001-06-25	1	-2/+2
\|
*	ssh-2.0.10 has the weak-key-bug, too.	markus	2001-04-30	1	-2/+2
\|
*	allow interop with weaker key generation used by ssh-2.0.x, x < 10	markus	2001-04-30	1	-2/+8
\|
*	more ssh.com-2.0.x bug-compat; from per@appgate.com	markus	2001-04-29	1	-3/+3
\|
*	more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now	markus	2001-04-18	1	-2/+3
\| \| \| \|	(however the 2.1.0 server seems to work only if debug is enabled...)