summaryrefslogtreecommitdiff
path: root/packet.h
AgeCommit message (Collapse)Author
2016-10-13upstream commitdjm@openbsd.org
Add a per-packet input hook that is called with the decrypted packet contents. This will be used for fuzzing; ok markus@ Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc
2016-10-01upstream commitmarkus@openbsd.org
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@ Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
2016-09-29upstream commitdjm@openbsd.org
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years. Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
2016-03-08upstream commitdjm@openbsd.org
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
2016-02-08upstream commitdjm@openbsd.org
refactor activation of rekeying This makes automatic rekeying internal to the packet code (previously the server and client loops needed to assist). In doing to it makes application of rekey limits more accurate by accounting for packets about to be sent as well as packets queued during rekeying events themselves. Based on a patch from dtucker@ which was in turn based on a patch Aleksander Adamowski in bz#2521; ok markus@ Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
2016-01-30upstream commitdtucker@openbsd.org
Allow RekeyLimits in excess of 4G up to 2**63 bits (limited by the return type of scan_scaled). Part of bz#2521, ok djm. Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
2016-01-27upstream commitmarkus@openbsd.org
remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2015-12-18upstream commitdjm@openbsd.org
include remote port number in a few more messages; makes tying log messages together into a session a bit easier; bz#2503 ok dtucker@ Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e
2015-02-23cleaner way fix dispatch.h portion of commitTim Rice
a88dd1da119052870bb2654c1a32c51971eade16 (some systems have sig_atomic_t in signal.h, some in sys/signal.h) Sounds good to me djm@
2015-02-24nother sys/queue.h -> sys-queue.h fixDamien Miller
spotted by Tom Christensen
2015-02-18repair --without-openssl; broken in refactorDamien Miller
2015-01-30upstream commitdjm@openbsd.org
avoid more fatal/exit in the packet.c paths that ssh-keyscan uses; feedback and "looks good" markus@
2015-01-29upstream commitdjm@openbsd.org
avoid fatal() calls in packet code makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
2015-01-20upstream commitmarkus@openbsd.org
add experimental api for packet layer; ok djm@
2015-01-20upstream commitmarkus@openbsd.org
move dispatch to struct ssh; ok djm@
2015-01-20upstream commitmarkus@openbsd.org
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
2014-05-15 - markus@cvs.openbsd.org 2014/05/03 17:20:34Damien Miller
[monitor.c packet.c packet.h] unbreak compression, by re-init-ing the compression code in the post-auth child. the new buffer code is more strict, and requires buffer_init() while the old code was happy after a bzero(); originally from djm@
2014-05-15 - djm@cvs.openbsd.org 2014/04/28 03:09:18Damien Miller
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] [ssh-keygen.c] buffer_get_string_ptr's return should be const to remind callers that futzing with it will futz with the actual buffer contents
2013-07-18 - djm@cvs.openbsd.org 2013/07/12 00:19:59Damien Miller
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c] [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c] fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-05-16 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34Darren Tucker
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c ssh_config.5 packet.h] Add an optional second argument to RekeyLimit in the client to allow rekeying based on elapsed time in addition to amount of traffic. with djm@ jmc@, ok djm
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:40:09Damien Miller
[packet.c packet.h] packet_read_poll() is not used anymore.
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:14:05Damien Miller
[packet.c packet.h] set traffic class for IPv6 traffic as we do for IPv4 TOS; patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@
2010-11-20 - djm@cvs.openbsd.org 2010/11/13 23:27:51Damien Miller
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-09-10 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefsDarren Tucker
for missing headers and compiler warnings.
2010-08-31 - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
2010-08-31 - djm@cvs.openbsd.org 2010/08/31 09:58:37Damien Miller
[auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] [packet.h ssh-dss.c ssh-rsa.c] Add buffer_get_cstring() and related functions that verify that the string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely.
2009-07-06 - andreas@cvs.openbsd.org 2009/06/27 09:29:06Darren Tucker
[packet.h packet.c] packet_bacup_state() and packet_restore_state() will be used to temporarily save the current state ren resuming a suspended connection. ok markus@
2009-06-21 - andreas@cvs.openbsd.org 2009/05/27 06:38:16Darren Tucker
[sshconnect.h sshconnect.c] Un-static ssh_exchange_identification(), part of a larger change from Martin Forssen and needed for upcoming changes. ok markus@
2009-06-21 - andreas@cvs.openbsd.org 2009/05/27 06:31:25Darren Tucker
[canohost.h canohost.c] Add clear_cached_addr(), needed for upcoming changes allowing the peer address to change. ok markus@
2008-07-11 - markus@cvs.openbsd.org 2008/07/10 18:08:11Damien Miller
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c] sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@
2008-06-13 - dtucker@cvs.openbsd.org 2008/06/12 20:38:28Darren Tucker
[sshd.c sshconnect.c packet.h misc.c misc.h packet.c] Make keepalive timeouts apply while waiting for a packet, particularly during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
2008-05-19 - markus@cvs.openbsd.org 2008/05/08 06:59:01Damien Miller
[bufaux.c buffer.h channels.c packet.c packet.h] avoid extra malloc/copy/free when receiving data over the net; ~10% speedup for localhost-scp; ok djm@
2008-03-07 - dtucker@cvs.openbsd.org 2008/02/22 20:44:02Damien Miller
[clientloop.c packet.c packet.h serverloop.c] Allow all SSH2 packet types, including UNIMPLEMENTED to reset the keepalive timer (bz #1307). ok markus@
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 22:22:43Damien Miller
[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@
2006-03-15 - stevesk@cvs.openbsd.org 2006/02/07 01:42:00Damien Miller
[channels.c clientloop.c clientloop.h includes.h packet.h] [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c] move #include <termios.h> out of includes.h; ok markus@
2005-07-26 - markus@cvs.openbsd.org 2005/07/25 11:59:40Damien Miller
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] [sshconnect2.c sshd.c sshd_config sshd_config.5] add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
2005-06-17 - djm@cvs.openbsd.org 2005/06/17 02:44:33Damien Miller
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean
2004-05-13 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43Darren Tucker
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] improve some code lint did not like; djm millert ok
2003-06-28 - markus@cvs.openbsd.org 2003/06/24 08:23:46Darren Tucker
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] int -> u_int; ok djm@, deraadt@, mouring@
2003-05-14 - (djm) RCSID sync w/ OpenBSDDamien Miller
2003-04-09*** empty log message ***Damien Miller
2003-04-09 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/04/02 09:48:07 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] reapply rekeying chage, tested by henning@, ok djm@
2003-04-01 - markus@cvs.openbsd.org 2003/04/01 10:10:23Damien Miller
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] rekeying bugfixes and automatic rekeying: * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying - markus@cvs.openbsd.org 2003/04/01 10:22:21 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] backout rekeying changes (for 3.6.1)
2002-06-21 - markus@cvs.openbsd.org 2002/06/19 18:01:00Ben Lindstrom
[cipher.c monitor.c monitor_wrap.c packet.c packet.h] make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
2002-03-22 - markus@cvs.openbsd.org 2002/03/18 17:16:38Ben Lindstrom
[packet.c packet.h] export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
2002-03-13Stupid djm commits experimental code to head instead of branchDamien Miller
revert
2002-03-13Import of Niels Provos' 20020312 ssh-complete.diffDamien Miller
PAM, Cygwin and OSF SIA will not work for sure
2002-03-05 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39Ben Lindstrom
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h uuencode.c xmalloc.h] $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
2002-01-22 - markus@cvs.openbsd.org 2001/12/28 14:50:54Damien Miller
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c] packet_read* no longer return the packet length, since it's not used.
2002-01-22 - markus@cvs.openbsd.org 2001/12/28 13:57:33Damien Miller
[auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c] packet_get_bignum* no longer returns a size