summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/packet.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Revert the change for bz #1307 as it causes connection aborts if an IGNOREdtucker2008-01-231-6/+7
| | | | | packet arrives while we're waiting in packet_read_expect (and possibly elsewhere).
* Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset thedtucker2007-12-281-7/+6
| | | | | | ServerAlive and ClientAlive timers. Prevents dropping a connection when these are enabled but the peer does not support our keepalives. bz #1307, ok djm@.
* Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, mustpvalchev2007-06-071-6/+3
| | | | | | | | | | specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
* Preserve MAC ctx between packets, saving 2xhash calls per-packet.djm2007-06-051-4/+8
| | | | | | | Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request)
* gc unreachable code; spotted by Tavis Ormandydjm2007-05-311-2/+1
|
* client NULL deref on protocol error; Tavis Ormandy, Google Security Teammarkus2006-09-191-1/+4
|
* limit maximum work performed by the CRC compensation attack detector,djm2006-09-161-4/+11
| | | | | problem reported by Tavis Ormandy, Google Security Team; ok markus@ deraadt@
* Typo in commentdtucker2006-08-051-2/+2
|
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-8/+4
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/param.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/time.h> out of includes.hstevesk2006-07-251-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* move #include <errno.h> out of includes.h; ok markus@stevesk2006-07-111-1/+2
|
* move #include <stdarg.h> out of includes.h; ok markus@stevesk2006-07-101-1/+3
|
* move #include <sys/socket.h> out of includes.hstevesk2006-07-081-1/+2
|
* move #include <netinet/in.h> out of includes.h; ok deraadt@stevesk2006-07-051-1/+3
|
* replace {GET,PUT}_XXBIT macros with functionally similar functions,djm2006-03-301-8/+7
| | | | | | silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@
* remove (char *) casts to a function that accepts void * for the argderaadt2006-03-251-2/+2
|
* needed casts (always will be needed)deraadt2006-03-251-2/+2
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* introduce xcalloc() and xasprintf() failure-checked allocations functionsdjm2006-03-251-2/+2
| | | | | | | | | | and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
* remove IV support from the CRC attack detector, OpenSSH has never useddjm2006-03-221-1/+1
| | | | | | it - it only applied to IDEA-CFB, which we don't support. prompted by NetBSD Coverity report via elad AT netbsd.org; feedback markus@ "nuke it" deraadt@
* spacingderaadt2006-03-201-0/+8
|
* in a switch (), break after return or goto is stupidderaadt2006-03-201-2/+0
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* Set TCP_NODELAY for all connections not just "interactive" ones. Fixesdtucker2006-03-131-3/+2
| | | | | poor performance and protocol stalls under some network conditions (mindrot bugs #556 and #981). Patch originally from markus@, ok djm@
* move #include <netinet/in_systm.h> and <netinet/ip.h> out ofstevesk2006-02-081-1/+4
| | | | includes.h; ok markus@
* no need to escape single quotes in comments, no binary changedjm2005-10-301-2/+2
|
* missing packet_init_compression(); from solarmarkus2005-07-281-1/+2
|
* add a new compression method that delays compression until the usermarkus2005-07-251-2/+54
| | | | | | | | | has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
* make this -Wsign-compare clean; ok avsm@ markus@djm2005-06-171-4/+4
|
* disconnect for invalid (out of range) message types.markus2004-10-201-1/+5
|
* make ssh -Wshadow clean, no functional changesavsm2004-06-211-17/+17
| | | | markus@ ok
* set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@djm2004-06-141-7/+4
|
* improve some code lint did not like; djm millert okderaadt2004-05-111-5/+7
|
* replace fatal_cleanup() and linked list of fatal callbacks with staticmarkus2003-09-231-5/+5
| | | | | | cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* do not call packet_close on fatal; ok deraadtmarkus2003-09-191-4/+1
|
* buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471markus2003-09-191-1/+3
|
* the 2^(blocksize*2) rekeying limit is too expensive for 3DES,markus2003-07-101-2/+9
| | | | blowfish, etc, so enforce a 1GB limit for small blocksizes.
* int -> u_int; ok djm@, deraadt@, mouring@markus2003-06-241-4/+4
|
* mostly ansi cleanup; pval okderaadt2003-06-101-2/+2
|
* rename log() into logit() to avoid name conflict. markus ok, from netbsditojun2003-04-081-9/+9
|
* reapply rekeying chage, tested by henning@, ok djm@markus2003-04-021-22/+123
|
* backout rekeying changes (for 3.6.1)markus2003-04-011-123/+22
|
* rekeying bugfixes and automatic rekeying:markus2003-04-011-22/+123
| | | | | | | | | | | | * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying
* staticmarkus2002-12-101-2/+2
|
* move tos handling to packet_set_tos; ok provos/henning/deraadtmarkus2002-12-101-26/+17
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.