| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | avoid more fatal/exit in the packet.c paths that ssh-keyscan |   djm | 2015-01-30 | 1 | -5/+7 |
| | | | | | uses; feedback and "looks good" markus@ | ||||
| * | avoid fatal() calls in packet code | djm | 2015-01-28 | 1 | -2/+2 |
| | | | | | | makes ssh-keyscan more reliable against server failures ok dtucker@ markus@ | ||||
| * | add experimental api for packet layer; ok djm@ |   markus | 2015-01-19 | 1 | -1/+13 |
| | | |||||
| * | move dispatch to struct ssh; ok djm@ | markus | 2015-01-19 | 1 | -1/+8 |
| | | |||||
| * | update packet.c & isolate, introduce struct ssh | markus | 2015-01-19 | 1 | -95/+133 |
| | | | | | | | | | a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@ | ||||
| * | unbreak compression, by re-init-ing the compression code in the | markus | 2014-05-03 | 1 | -1/+2 |
| | | | | | | | post-auth child. the new buffer code is more strict, and requires buffer_init() while the old code was happy after a bzero(); originally from djm@ | ||||
| * | buffer_get_string_ptr's return should be const to remind | djm | 2014-04-28 | 1 | -2/+2 |
| | | | | | | callers that futzing with it will futz with the actual buffer contents | ||||
| * | fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@ | djm | 2013-07-12 | 1 | -2/+2 |
| | | |||||
| * | Add an optional second argument to RekeyLimit in the client to allow |   dtucker | 2013-05-16 | 1 | -2/+3 |
| | | | | | | rekeying based on elapsed time in addition to amount of traffic. with djm@ jmc@, ok djm | ||||
| * | packet_read_poll() is not used anymore. | markus | 2012-01-25 | 1 | -2/+1 |
| | | |||||
| * | set traffic class for IPv6 traffic as we do for IPv4 TOS; | djm | 2011-05-06 | 1 | -2/+1 |
| | | | | | | patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@ | ||||
| * | allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of | djm | 2010-11-13 | 1 | -2/+2 |
| | | | | | | | hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ | ||||
| * | Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and | djm | 2010-08-31 | 1 | -1/+4 |
| | | | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@ | ||||
| * | Add buffer_get_cstring() and related functions that verify that the | djm | 2010-08-31 | 1 | -1/+2 |
| | | | | | | | | | | | | | | string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely. | ||||
| * | packet_bacup_state() and packet_restore_state() will be used to |   andreas | 2009-06-27 | 1 | -1/+4 |
| | | | | | | temporarily save the current state ren resuming a suspended connection. ok markus@ | ||||
| * | Add packet_put_int64() and packet_get_int64(), part of a larger change | andreas | 2009-05-27 | 1 | -1/+3 |
| | | | | | | from Martin Forssen. ok markus@ | ||||
| * | Put the globals in packet.c into a struct and don't access it directly | andreas | 2009-05-25 | 1 | -4/+8 |
| | | | | | | from other files. No functional changes. ok markus@ djm@ | ||||
| * | sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@ | markus | 2008-07-10 | 1 | -3/+3 |
| | | |||||
| * | Make keepalive timeouts apply while waiting for a packet, particularly during | dtucker | 2008-06-12 | 1 | -1/+2 |
| | | | | | key renegotiation (bz #1363). With djm and Matt Day, ok djm@ | ||||
| * | avoid extra malloc/copy/free when receiving data over the net; | markus | 2008-05-08 | 1 | -1/+2 |
| | | | | | ~10% speedup for localhost-scp; ok djm@ | ||||
| * | Allow all SSH2 packet types, including UNIMPLEMENTED to reset the | dtucker | 2008-02-22 | 1 | -1/+2 |
| | | | | | keepalive timer (bz #1307). ok markus@ | ||||
| * | standardise spacing in $OpenBSD$ tags; requested by deraadt@ | djm | 2006-03-25 | 1 | -1/+1 |
| | | |||||
| * | move #include <termios.h> out of includes.h; ok markus@ |   stevesk | 2006-02-07 | 1 | -1/+3 |
| | | |||||
| * | add a new compression method that delays compression until the user | markus | 2005-07-25 | 1 | -1/+3 |
| | | | | | | | | | | has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@ | ||||
| * | make this -Wsign-compare clean; ok avsm@ markus@ | djm | 2005-06-17 | 1 | -2/+2 |
| | | |||||
| * | improve some code lint did not like; djm millert ok |   deraadt | 2004-05-11 | 1 | -2/+2 |
| | | |||||
| * | int -> u_int; ok djm@, deraadt@, mouring@ | markus | 2003-06-24 | 1 | -3/+3 |
| | | |||||
| * | rename log() into logit() to avoid name conflict. markus ok, from netbsd |   itojun | 2003-04-08 | 1 | -2/+2 |
| | | |||||
| * | reapply rekeying chage, tested by henning@, ok djm@ | markus | 2003-04-02 | 1 | -3/+6 |
| | | |||||
| * | backout rekeying changes (for 3.6.1) | markus | 2003-04-01 | 1 | -6/+3 |
| | | |||||
| * | rekeying bugfixes and automatic rekeying: | markus | 2003-04-01 | 1 | -3/+6 |
| | | | | | | | | | | | | | * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying | ||||
| * | make the monitor sync the transfer ssh1 session key; | markus | 2002-06-19 | 1 | -1/+2 |
| | | | | | | transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken). | ||||
| * | export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep | markus | 2002-03-18 | 1 | -1/+11 |
| | | |||||
| * | $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add | stevesk | 2002-03-04 | 1 | -2/+2 |
| | | | | | | missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@ | ||||
| * | packet_read* no longer return the packet length, since it's not used. | markus | 2001-12-28 | 1 | -6/+6 |
| | | |||||
| * | packet_get_bignum* no longer returns a size | markus | 2001-12-28 | 1 | -3/+3 |
| | | |||||
| * | s/packet_done/packet_check_eom/ (end-of-message); ok djm@ | markus | 2001-12-28 | 1 | -2/+3 |
| | | |||||
| * | get rid of packet_integrity_check, use packet_done() instead. | markus | 2001-12-27 | 1 | -11/+1 |
| | | |||||
| * | Conformance fix: we should send failing packet sequence number when | djm | 2001-12-20 | 1 | -1/+3 |
| | | | | | | responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@ | ||||
| * | change the buffer/packet interface to use void* vs. char*; ok markus@ | stevesk | 2001-12-19 | 1 | -5/+5 |
| | | |||||
| * | pad using the padding field from the ssh2 packet instead of sending | markus | 2001-11-07 | 1 | -2/+2 |
| | | | | | extra ignore messages. tested against several other ssh servers. | ||||
| * | remove comments from .h, since they are cut&paste from the .c files | markus | 2001-06-26 | 1 | -178/+54 |
| | | | | | and out of sync | ||||
| * | prototype pedant. not very creative... | itojun | 2001-06-26 | 1 | -13/+12 |
| | | | | | | - () -> (void) - no variable names | ||||
| * | remove some lines, simplify. | markus | 2001-05-28 | 1 | -5/+2 |
| | | |||||
| * | protocol 2 tty modes support; ok markus@ | stevesk | 2001-04-14 | 1 | -3/+3 |
| | | |||||
| * | use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message | markus | 2001-02-28 | 1 | -1/+4 |
| | | | | | use random content in ignore messages. | ||||
| * | in ssh protocol v2 use ignore messages for padding (instead of trailing \0). | markus | 2001-02-28 | 1 | -1/+4 |
| | | |||||
| * | split out keepalive from packet_interactive (from dale@accentre.com) | markus | 2001-01-13 | 1 | -2/+2 |
| | | | | | set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. | ||||
| * | replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' | markus | 2000-12-19 | 1 | -11/+11 |
| | | | | | with u_char. | ||||
| * | cleanup copyright notices on all files. I have attempted to be accurate with | deraadt | 2000-09-07 | 1 | -8/+6 |
| | | | | | | | | the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. | ||||
 |
index : wireguard-openbsd | |
| WireGuard implementation for the OpenBSD kernel | Matt Dunwoodie |
| summaryrefslogtreecommitdiffstats |