summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/packet.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* adapt mac.c to ssherr.h return codes (de-fatal) and simplify dependenciesmarkus2015-01-131-12/+23
| | | | ok djm@
* Remove unnecessary include: netinet/in_systm.h is not needed by theselteo2014-10-241-2/+1
| | | | | | programs. ok deraadt@ millert@
* Add support for Unix domain socket forwarding. A remote TCP portmillert2014-07-151-2/+2
| | | | | | | | may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-14/+24
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* unbreak compression, by re-init-ing the compression code in themarkus2014-05-031-1/+21
| | | | | | post-auth child. the new buffer code is more strict, and requires buffer_init() while the old code was happy after a bzero(); originally from djm@
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+5
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* buffer_get_string_ptr's return should be const to reminddjm2014-04-281-2/+2
| | | | | callers that futzing with it will futz with the actual buffer contents
* demote a debug3 to PACKET_DEBUG; ok markus@djm2014-04-011-3/+3
|
* convert memset of potentially-private data to explicit_bzero()djm2014-02-021-8/+8
|
* new private key format, bcrypt as KDF by default; details in PROTOCOL.key;markus2013-12-061-11/+16
| | | | feedback and lots help from djm; ok djm@
* Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"djm2013-11-211-10/+14
| | | | | | | | | | | | | | that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
* use calloc for all structure allocations; from markus@djm2013-11-081-2/+2
|
* fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@djm2013-07-121-5/+6
|
* Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things likedtucker2013-06-011-5/+5
| | | | | keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
* bye, bye xfree(); ok markus@djm2013-05-171-15/+15
|
* Add RekeyLimit to sshd with the same syntax as the client allowing rekeyingdtucker2013-05-161-2/+2
| | | | based on traffic volume or time. ok djm@, help & ok jmc@ for the man page.
* Add an optional second argument to RekeyLimit in the client to allowdtucker2013-05-161-3/+30
| | | | | rekeying based on elapsed time in addition to amount of traffic. with djm@ jmc@, ok djm
* add the ability to query supported ciphers, MACs, key type and KEXdjm2013-04-191-3/+3
| | | | | algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
* quiet disconnect notifications on the server from error() back to logit()djm2013-04-111-2/+6
| | | | if it is a normal client closure; bz#2057 ok+feedback dtucker@
* record "Received disconnect" messages at ERROR rather than INFO priority,djm2013-02-101-3/+3
| | | | | since they are abnormal and result in a non-zero ssh exit status; patch from Iain Morgan in bz#2057; ok dtucker@
* support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)markus2013-01-081-19/+26
| | | | ok and feedback djm@
* reset incoming_packet buffer for each new packet in EtM-case, too;markus2012-12-121-1/+2
| | | | | this happens if packets are parsed only parially (e.g. ignore messages sent when su/sudo turn off echo); noted by sthen/millert
* add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithmsmarkus2012-12-111-37/+76
| | | | | | | that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
* clear old keys on rekeing; ok djmmarkus2012-09-171-1/+4
|
* packet_read_poll() is not used anymore.markus2012-01-251-7/+1
|
* do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;markus2012-01-251-3/+5
| | | | ok dtucker@, djm@
* fix some harmless and/or unreachable int overflows;djm2011-12-071-2/+2
| | | | reported Xi Wang, ok markus@
* set traffic class for IPv6 traffic as we do for IPv4 TOS;djm2011-05-061-15/+21
| | | | | patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@
* allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead ofdjm2010-11-131-6/+5
| | | | | | hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
* whitespace KNFdjm2010-11-051-11/+10
|
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH) anddjm2010-08-311-1/+13
| | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* Add buffer_get_cstring() and related functions that verify that thedjm2010-08-311-1/+8
| | | | | | | | | | | | | string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely.
* s/timing_safe_cmp/timingsafe_bcmp/gdjm2010-07-131-2/+2
|
* implement a timing_safe_cmp() function to compare memory without leakingdjm2010-07-131-2/+2
| | | | | | timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
* packet_bacup_state() and packet_restore_state() will be used toandreas2009-06-271-2/+49
| | | | | temporarily save the current state ren resuming a suspended connection. ok markus@
* Move some more statics into session_stateandreas2009-06-121-13/+17
| | | | ok markus@ djm@
* Fix warnings found by chl@ and djm@ and change roaming_atomicio'sandreas2009-06-121-2/+2
| | | | | return type to match atomicio's Diff from djm@, ok markus@
* Keep track of number of bytes read and written. Needed for upcomingandreas2009-05-281-6/+13
| | | | | changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
* Add packet_put_int64() and packet_get_int64(), part of a larger changeandreas2009-05-271-1/+15
| | | | | from Martin Forssen. ok markus@
* Put the globals in packet.c into a struct and don't access it directlyandreas2009-05-251-385/+486
| | | | | from other files. No functional changes. ok markus@ djm@
* check for enc !=NULL in packet_start_discardmarkus2009-02-131-2/+2
|
* Work around the CPNI-957037 Plaintext Recovery Attack by alwaysmarkus2009-01-261-7/+65
| | | | | | reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
* packet_disconnect() on padding error, too. should reduce the successmarkus2008-11-211-4/+7
| | | | | probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18 ok djm@
* sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@markus2008-07-101-7/+22
|
* handle EINTR in packet_write_poll()l ok dtucker@djm2008-07-041-5/+6
|
* compile on older gcc; no decl after codederaadt2008-06-131-2/+3
|
* Make keepalive timeouts apply while waiting for a packet, particularly duringdtucker2008-06-121-9/+76
| | | | key renegotiation (bz #1363). With djm and Matt Day, ok djm@
* unbreak protocol keepalive timeouts bz#1465; ok dtucker@djm2008-05-191-3/+4
|
* avoid extra malloc/copy/free when receiving data over the net;markus2008-05-081-1/+7
| | | | ~10% speedup for localhost-scp; ok djm@
* Allow all SSH2 packet types, including UNIMPLEMENTED to reset thedtucker2008-02-221-1/+5
| | | | keepalive timer (bz #1307). ok markus@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.