summaryrefslogtreecommitdiff
path: root/packet.c
AgeCommit message (Collapse)Author
2013-02-12 - djm@cvs.openbsd.org 2013/02/10 23:35:24Damien Miller
[packet.c] record "Received disconnect" messages at ERROR rather than INFO priority, since they are abnormal and result in a non-zero ssh exit status; patch from Iain Morgan in bz#2057; ok dtucker@
2013-01-09 - markus@cvs.openbsd.org 2013/01/08 18:49:04Damien Miller
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] [myproposal.h packet.c ssh_config.5 sshd_config.5] support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
2012-12-13 - markus@cvs.openbsd.org 2012/12/12 16:45:52Damien Miller
[packet.c] reset incoming_packet buffer for each new packet in EtM-case, too; this happens if packets are parsed only parially (e.g. ignore messages sent when su/sudo turn off echo); noted by sthen/millert
2012-12-12 - markus@cvs.openbsd.org 2012/12/11 22:31:18Damien Miller
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] [packet.c ssh_config.5 sshd_config.5] add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
2012-10-05 - markus@cvs.openbsd.org 2012/09/17 13:04:11Darren Tucker
[packet.c] clear old keys on rekeing; ok djm
2012-03-09 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6Damien Miller
addressed connections. ok dtucker@
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:40:09Damien Miller
[packet.c packet.h] packet_read_poll() is not used anymore.
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:26:43Damien Miller
[packet.c] do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; ok dtucker@, djm@
2011-12-19 - djm@cvs.openbsd.org 2011/12/07 05:44:38Damien Miller
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] fix some harmless and/or unreachable int overflows; reported Xi Wang, ok markus@
2011-05-15 - (djm) [packet.c] unbreak portability #endifDamien Miller
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:14:05Damien Miller
[packet.c packet.h] set traffic class for IPv6 traffic as we do for IPv4 TOS; patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@
2010-11-24 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".Darren Tucker
2010-11-20 - djm@cvs.openbsd.org 2010/11/13 23:27:51Damien Miller
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 - djm@cvs.openbsd.org 2010/11/05 02:46:47Damien Miller
[packet.c] whitespace KNF
2010-09-10 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]Damien Miller
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@
2010-08-31 - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
2010-08-31 - djm@cvs.openbsd.org 2010/08/31 09:58:37Damien Miller
[auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] [packet.h ssh-dss.c ssh-rsa.c] Add buffer_get_cstring() and related functions that verify that the string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely.
2010-07-16 - djm@cvs.openbsd.org 2010/07/13 23:13:16Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] [ssh-rsa.c] s/timing_safe_cmp/timingsafe_bcmp/g
2010-07-16 - djm@cvs.openbsd.org 2010/07/13 11:52:06Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
2009-10-02pull in 5.3 release changes from branch:Damien Miller
20090926 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update for release - (djm) [README] update relnotes URL - (djm) [packet.c] Restore EWOULDBLOCK handling that got lost somewhere - (djm) Release 5.3p1
2009-07-06 - andreas@cvs.openbsd.org 2009/06/27 09:29:06Darren Tucker
[packet.h packet.c] packet_bacup_state() and packet_restore_state() will be used to temporarily save the current state ren resuming a suspended connection. ok markus@
2009-06-21 - andreas@cvs.openbsd.org 2009/06/12 20:58:32Darren Tucker
[packet.c] Move some more statics into session_state ok markus@ djm@
2009-06-21 - andreas@cvs.openbsd.org 2009/06/12 20:43:22Darren Tucker
[monitor.c packet.c] Fix warnings found by chl@ and djm@ and change roaming_atomicio's return type to match atomicio's Diff from djm@, ok markus@
2009-06-21 - andreas@cvs.openbsd.org 2009/05/28 16:50:16Darren Tucker
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c monitor.c Added roaming.h roaming_common.c roaming_dummy.c] Keep track of number of bytes read and written. Needed for upcoming changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@ Also, applied appropriate changes to Makefile.in
2009-06-21 - andreas@cvs.openbsd.org 2009/05/27 06:38:16Darren Tucker
[sshconnect.h sshconnect.c] Un-static ssh_exchange_identification(), part of a larger change from Martin Forssen and needed for upcoming changes. ok markus@
2009-06-21 - andreas@cvs.openbsd.org 2009/05/27 06:31:25Darren Tucker
[canohost.h canohost.c] Add clear_cached_addr(), needed for upcoming changes allowing the peer address to change. ok markus@
2009-02-14 - markus@cvs.openbsd.org 2009/02/13 11:50:21Damien Miller
[packet.c] check for enc !=NULL in packet_start_discard
2009-01-28 - markus@cvs.openbsd.org 2009/01/26 09:58:15Damien Miller
[cipher.c cipher.h packet.c] Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
2008-12-01 - markus@cvs.openbsd.org 2008/11/21 15:47:38Darren Tucker
[packet.c] packet_disconnect() on padding error, too. should reduce the success probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18 ok djm@
2008-07-11 - markus@cvs.openbsd.org 2008/07/10 18:08:11Damien Miller
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c] sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@
2008-07-05 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2008/07/04 23:08:25 [packet.c] handle EINTR in packet_write_poll()l ok dtucker@
2008-07-04 - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]Damien Miller
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on some platforms (HP nonstop) it is a distinct errno; bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-06-13 - deraadt@cvs.openbsd.org 2008/06/13 09:44:36Darren Tucker
[packet.c] compile on older gcc; no decl after code
2008-06-13 - dtucker@cvs.openbsd.org 2008/06/12 20:38:28Darren Tucker
[sshd.c sshconnect.c packet.h misc.c misc.h packet.c] Make keepalive timeouts apply while waiting for a packet, particularly during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
2008-06-08 - djm@cvs.openbsd.org 2008/05/19 06:14:02Darren Tucker
[packet.c] unbreak protocol keepalive timeouts bz#1465; ok dtucker@
2008-05-19 - markus@cvs.openbsd.org 2008/05/08 06:59:01Damien Miller
[bufaux.c buffer.h channels.c packet.c packet.h] avoid extra malloc/copy/free when receiving data over the net; ~10% speedup for localhost-scp; ok djm@
2008-03-07 - dtucker@cvs.openbsd.org 2008/02/22 20:44:02Damien Miller
[clientloop.c packet.c packet.h serverloop.c] Allow all SSH2 packet types, including UNIMPLEMENTED to reset the keepalive timer (bz #1307). ok markus@
2008-02-10 - dtucker@cvs.openbsd.org 2008/01/23 01:56:54Damien Miller
[clientloop.c packet.c serverloop.c] Revert the change for bz #1307 as it causes connection aborts if an IGNORE packet arrives while we're waiting in packet_read_expect (and possibly elsewhere).
2007-12-29 - dtucker@cvs.openbsd.org 2007/12/28 15:32:24Darren Tucker
[clientloop.c serverloop.c packet.c] Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the ServerAlive and ClientAlive timers. Prevents dropping a connection when these are enabled but the peer does not support our keepalives. bz #1307, ok djm@.
2007-06-11 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34Damien Miller
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1] [ssh_config.5 sshd.8 sshd_config.5] Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
2007-06-05 - djm@cvs.openbsd.org 2007/06/05 06:52:37Darren Tucker
[kex.c monitor_wrap.c packet.c mac.h kex.h mac.c] Preserve MAC ctx between packets, saving 2xhash calls per-packet. Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request)
2007-06-05 - djm@cvs.openbsd.org 2007/05/31 23:34:29Darren Tucker
[packet.c] gc unreachable code; spotted by Tavis Ormandy
2007-01-17 - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.hDarren Tucker
and multiple including it causes problems on old IRIXes. (It snuck back in during a sync.) Found (again) by Georg Schwarz.
2006-09-22 - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros onDarren Tucker
some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com.
2006-09-21 - markus@cvs.openbsd.org 2006/09/19 21:14:08Darren Tucker
[packet.c] client NULL deref on protocol error; Tavis Ormandy, Google Security Team
2006-09-17 - djm@cvs.openbsd.org 2006/09/16 19:53:37Damien Miller
[deattack.c deattack.h packet.c] limit maximum work performed by the CRC compensation attack detector, problem reported by Tavis Ormandy, Google Security Team; ok markus@ deraadt@
2006-08-05 - dtucker@cvs.openbsd.org 2006/08/05 08:34:04Darren Tucker
[packet.c] Typo in comment
2006-08-05 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 - stevesk@cvs.openbsd.org 2006/08/01 23:22:48Damien Miller
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h
2006-08-05 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17Damien Miller
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include <stdlib.h> out of includes.h