![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.314 / (download) - annotate - [select for diffs], Fri May 17 00:30:24 2024 UTC (2 hours, 18 minutes ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.313: +89 -1 lines
Diff to previous 1.313 (colored)
Start the process of splitting sshd into separate binaries. This step splits sshd into a listener and a session binary. More splits are planned. After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs. This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary. feedback/ok markus@ deraadt@ NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out.
Revision 1.309.4.1 / (download) - annotate - [select for diffs], Mon Dec 18 14:57:43 2023 UTC (4 months, 4 weeks ago) by bluhm
Branch: OPENBSD_7_3
Changes since 1.309: +59 -44 lines
Diff to previous 1.309 (colored) next main 1.310 (colored)
implement "strict key exchange" in ssh and sshd This adds a protocol extension to improve the integrity of the SSH transport protocol, particular in and around the initial key exchange (KEX) phase. Full details of the extension are in the PROTOCOL file. from djm@; with markus@ this is errata/7.3/024_ssh.patch.sig
Revision 1.312.2.1 / (download) - annotate - [select for diffs], Mon Dec 18 14:56:35 2023 UTC (4 months, 4 weeks ago) by bluhm
Branch: OPENBSD_7_4
Changes since 1.312: +59 -44 lines
Diff to previous 1.312 (colored) next main 1.313 (colored)
implement "strict key exchange" in ssh and sshd This adds a protocol extension to improve the integrity of the SSH transport protocol, particular in and around the initial key exchange (KEX) phase. Full details of the extension are in the PROTOCOL file. from djm@; with markus@ this is errata/7.4/011_ssh.patch.sig
Revision 1.313 / (download) - annotate - [select for diffs], Mon Dec 18 14:45:17 2023 UTC (4 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.312: +59 -44 lines
Diff to previous 1.312 (colored)
implement "strict key exchange" in ssh and sshd This adds a protocol extension to improve the integrity of the SSH transport protocol, particular in and around the initial key exchange (KEX) phase. Full details of the extension are in the PROTOCOL file. with markus@
Revision 1.312 / (download) - annotate - [select for diffs], Mon Aug 28 03:31:16 2023 UTC (8 months, 2 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE
Branch point for: OPENBSD_7_4
Changes since 1.311: +13 -1 lines
Diff to previous 1.311 (colored)
Add keystroke timing obfuscation to the client. This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/ feedback/ok markus@
Revision 1.311 / (download) - annotate - [select for diffs], Mon Aug 28 03:28:43 2023 UTC (8 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.310: +21 -2 lines
Diff to previous 1.310 (colored)
Introduce a transport-level ping facility This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to implement a ping capability. These messages use numbers in the "local extensions" number space and are advertised using a "ping@openssh.com" ext-info message with a string version number of "0". ok markus@
Revision 1.310 / (download) - annotate - [select for diffs], Thu Apr 6 03:21:31 2023 UTC (13 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.309: +2 -2 lines
Diff to previous 1.309 (colored)
remove redundant ssh!=NULL check; we'd already dereferenced it
Revision 1.309 / (download) - annotate - [select for diffs], Fri Mar 3 10:23:42 2023 UTC (14 months, 2 weeks ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE
Branch point for: OPENBSD_7_3
Changes since 1.308: +2 -2 lines
Diff to previous 1.308 (colored)
Ensure ms_remain is always initialized, similar to what we do in ssh_packet_write_wait. bz#2687, from jjelen at redhat.com.
Revision 1.308 / (download) - annotate - [select for diffs], Wed Aug 31 02:56:40 2022 UTC (20 months, 2 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.307: +2 -2 lines
Diff to previous 1.307 (colored)
whitespace
Revision 1.307 / (download) - annotate - [select for diffs], Sat Jan 22 00:49:34 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.306: +26 -1 lines
Diff to previous 1.306 (colored)
add a ssh_packet_process_read() function that reads from a fd directly into the transport input buffer. Use this in the client and server mainloops to avoid unnecessary copying. It also lets us use a more greedy read size without penalty. Yields a 2-3% performance gain on cipher-speed.sh (in a fairly unscientific test tbf) feedback dtucker@ ok markus@
Revision 1.306 / (download) - annotate - [select for diffs], Fri Jan 21 06:58:06 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.305: +4 -5 lines
Diff to previous 1.305 (colored)
correct comment and use local variable instead of long indirection; spotted by dtucker@
Revision 1.305 / (download) - annotate - [select for diffs], Mon Jan 17 22:56:04 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.304: +2 -2 lines
Diff to previous 1.304 (colored)
when decompressing zlib compressed packets, use Z_SYNC_FLUSH instead of Z_PARTIAL_FLUSH as the latter is not actually specified as a valid mode for inflate(). There should be no practical change in behaviour as the compression side ensures a flush that should make all data available to the receiver in all cases. repoted by lamm AT ibm.com via bz3372; ok markus
Revision 1.304 / (download) - annotate - [select for diffs], Sat Jan 1 01:55:30 2022 UTC (2 years, 4 months ago) by jsg
Branch: MAIN
Changes since 1.303: +2 -2 lines
Diff to previous 1.303 (colored)
spelling ok dtucker@
Revision 1.303 / (download) - annotate - [select for diffs], Thu Nov 25 23:02:24 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.302: +6 -6 lines
Diff to previous 1.302 (colored)
debug("func: ...") -> debug_f("...")
Revision 1.302 / (download) - annotate - [select for diffs], Sat Nov 13 21:14:13 2021 UTC (2 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.301: +20 -39 lines
Diff to previous 1.301 (colored)
replace select() with ppoll(), including converting timeval's to timespec's to make things easier. back and forth and ok; djm
Revision 1.301 / (download) - annotate - [select for diffs], Fri Jul 16 09:00:23 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.300: +12 -7 lines
Diff to previous 1.300 (colored)
Explicitly check for and start time-based rekeying in the client and server mainloops. Previously the rekey timeout could expire but rekeying would not start until a packet was sent or received. This could cause us to spin in select() on the rekey timeout if the connection was quiet. ok markus@
Revision 1.300 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:40 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.299: +8 -8 lines
Diff to previous 1.299 (colored)
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
Revision 1.299 / (download) - annotate - [select for diffs], Wed Jan 27 10:05:28 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.298: +5 -6 lines
Diff to previous 1.298 (colored)
make ssh->kex->session_id a sshbuf instead of u_char*/size_t and use that instead of global variables containing copies of it. feedback/ok markus@
Revision 1.298 / (download) - annotate - [select for diffs], Fri Nov 27 00:49:58 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.297: +4 -27 lines
Diff to previous 1.297 (colored)
Set the specified TOS/DSCP for interactive use prior to TCP connect. The connection phase of the SSH session is time-sensitive (due to server side login grace periods) and is frequently interactive (e.g. entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. ok dtucker@
Revision 1.297 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:01 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.296: +24 -27 lines
Diff to previous 1.296 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.296 / (download) - annotate - [select for diffs], Sun Jul 5 23:59:45 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.295: +2 -2 lines
Diff to previous 1.295 (colored)
some language improvements; ok markus
Revision 1.295 / (download) - annotate - [select for diffs], Wed Jul 1 16:28:31 2020 UTC (3 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.294: +3 -1 lines
Diff to previous 1.294 (colored)
free kex in ssh_packet_close; ok djm semarie
Revision 1.294 / (download) - annotate - [select for diffs], Fri Jun 26 11:26:01 2020 UTC (3 years, 10 months ago) by semarie
Branch: MAIN
Changes since 1.293: +1 -3 lines
Diff to previous 1.293 (colored)
backout 1.293 fix kex mem-leak in ssh_packet_close at markus request the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after calling ssh_packet_clear_keys())
Revision 1.293 / (download) - annotate - [select for diffs], Wed Jun 24 15:12:09 2020 UTC (3 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.292: +3 -1 lines
Diff to previous 1.292 (colored)
fix kex mem-leak in ssh_packet_close; ok djm
Revision 1.292 / (download) - annotate - [select for diffs], Wed Jun 24 15:10:38 2020 UTC (3 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.291: +5 -2 lines
Diff to previous 1.291 (colored)
fix ssh -O proxy w/mux which got broken by no longer making ssh->kex optional in packet.c revision 1.278 ok djm@
Revision 1.291 / (download) - annotate - [select for diffs], Fri Mar 6 18:20:44 2020 UTC (4 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.290: +5 -5 lines
Diff to previous 1.290 (colored)
consistently check packet_timeout_ms against 0; ok djm
Revision 1.290 / (download) - annotate - [select for diffs], Thu Jan 30 07:20:05 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.289: +4 -1 lines
Diff to previous 1.289 (colored)
have sshpkt_fatal() save/restore errno before we potentially call strerror() (via ssh_err()); ok dtucker
Revision 1.289 / (download) - annotate - [select for diffs], Thu Jan 23 10:53:04 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.288: +2 -2 lines
Diff to previous 1.288 (colored)
Fix typo in comment.
Revision 1.288 / (download) - annotate - [select for diffs], Thu Jan 23 10:24:29 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.287: +35 -1 lines
Diff to previous 1.287 (colored)
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
Revision 1.287 / (download) - annotate - [select for diffs], Mon Dec 16 13:58:53 2019 UTC (4 years, 5 months ago) by tobhe
Branch: MAIN
Changes since 1.286: +3 -3 lines
Diff to previous 1.286 (colored)
strdup may return NULL if memory allocation fails. Use the safer xstrdup which fatals on allocation failures. ok markus@
Revision 1.286 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.285: +7 -7 lines
Diff to previous 1.285 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.285 / (download) - annotate - [select for diffs], Fri Jun 7 14:18:48 2019 UTC (4 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.284: +2 -2 lines
Diff to previous 1.284 (colored)
Typo and spelling fixes in comments and error messages. Patch from knweiss at gmail.com via -portable.
Revision 1.284 / (download) - annotate - [select for diffs], Thu Apr 18 07:32:57 2019 UTC (5 years, 1 month ago) by dtucker
Branch: MAIN
Changes since 1.283: +1 -2 lines
Diff to previous 1.283 (colored)
Remove crc32.{c,h} which were only used by the now-gone SSH1 protocol.
Patch from yumkam at gmail.com, ok deraadt.
Revision 1.283 / (download) - annotate - [select for diffs], Fri Mar 1 03:29:32 2019 UTC (5 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.282: +7 -5 lines
Diff to previous 1.282 (colored)
in ssh_set_newkeys(), mention the direction that we're keying in debug messages. Previously it would be difficult to tell which direction it was talking about
Revision 1.282 / (download) - annotate - [select for diffs], Mon Jan 21 10:35:09 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.281: +7 -1 lines
Diff to previous 1.281 (colored)
pass values used in KEX hash computation as sshbuf rather than pointer+len suggested by me; implemented by markus@ ok me
Revision 1.281 / (download) - annotate - [select for diffs], Mon Jan 21 09:54:11 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.280: +3 -4 lines
Diff to previous 1.280 (colored)
Make sshpkt_get_bignum2() allocate the bignum it is parsing rather than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@
Revision 1.280 / (download) - annotate - [select for diffs], Sat Jan 19 21:33:14 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.279: +23 -6 lines
Diff to previous 1.279 (colored)
allow sshpkt_fatal() to take a varargs format; we'll use this to give packet-related fatal error messages more context (esp. the remote endpoint) ok markus@
Revision 1.279 / (download) - annotate - [select for diffs], Fri Jan 4 03:23:00 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.278: +3 -3 lines
Diff to previous 1.278 (colored)
fix memory leak of ciphercontext when rekeying; bz#2942 Patch from Markus Schmidt; ok markus@
Revision 1.278 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.277: +20 -22 lines
Diff to previous 1.277 (colored)
move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
Revision 1.277 / (download) - annotate - [select for diffs], Mon Jul 16 03:09:13 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.276: +3 -1 lines
Diff to previous 1.276 (colored)
memleaks; found by valgrind
Revision 1.276 / (download) - annotate - [select for diffs], Mon Jul 9 21:03:30 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.275: +1 -4 lines
Diff to previous 1.275 (colored)
client: switch to sshbuf API; ok djm@
Revision 1.275 / (download) - annotate - [select for diffs], Mon Jul 9 13:37:10 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
Changes since 1.274: +6 -5 lines
Diff to previous 1.274 (colored)
Revert previous two commits It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
Revision 1.274 / (download) - annotate - [select for diffs], Fri Jul 6 09:06:14 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
Changes since 1.273: +4 -4 lines
Diff to previous 1.273 (colored)
Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@
Revision 1.273 / (download) - annotate - [select for diffs], Fri Jul 6 09:05:01 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
Changes since 1.272: +3 -4 lines
Diff to previous 1.272 (colored)
Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
Revision 1.272 / (download) - annotate - [select for diffs], Fri Jul 6 09:03:02 2018 UTC (5 years, 10 months ago) by sf
Branch: MAIN
Changes since 1.271: +1 -22 lines
Diff to previous 1.271 (colored)
Remove unused ssh_packet_start_compression() ok markus@
Revision 1.271 / (download) - annotate - [select for diffs], Fri Jun 1 04:05:29 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.270: +8 -4 lines
Diff to previous 1.270 (colored)
make ssh_remote_ipaddr() capable of being called after the ssh->state has been torn down; bz#2773
Revision 1.270 / (download) - annotate - [select for diffs], Fri May 25 03:20:59 2018 UTC (5 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.269: +5 -3 lines
Diff to previous 1.269 (colored)
If select() fails in ssh_packet_read_seqnr go directly to the error path instead of trying to read from the socket on the way out, which resets errno and causes the true error to be misreported. ok djm@
Revision 1.269 / (download) - annotate - [select for diffs], Mon Dec 18 23:13:42 2017 UTC (6 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.268: +5 -1 lines
Diff to previous 1.268 (colored)
pass kex->hostkey_alg and kex->hostkey_nid from pre-auth to post-auth unpriviledged child processes; ok markus@
Revision 1.268 / (download) - annotate - [select for diffs], Sun Dec 10 05:55:29 2017 UTC (6 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.267: +5 -5 lines
Diff to previous 1.267 (colored)
Put remote client info back into the ClientAlive connection termination message. Based in part on diff from lars.nooden at gmail, ok djm
Revision 1.267 / (download) - annotate - [select for diffs], Sat Nov 25 06:46:22 2017 UTC (6 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.266: +3 -3 lines
Diff to previous 1.266 (colored)
Add monotime_ts and monotime_tv that return monotonic timespec and timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@
Revision 1.266 / (download) - annotate - [select for diffs], Wed Oct 25 00:17:08 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.265: +13 -1 lines
Diff to previous 1.265 (colored)
add sshd_config RDomain keyword to place sshd and the subsequent user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@
Revision 1.265 / (download) - annotate - [select for diffs], Fri Oct 13 21:13:54 2017 UTC (6 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.264: +3 -1 lines
Diff to previous 1.264 (colored)
log debug messages sent to peer; ok deraadt markus
Revision 1.264 / (download) - annotate - [select for diffs], Tue Sep 12 06:32:07 2017 UTC (6 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.263: +38 -30 lines
Diff to previous 1.263 (colored)
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
Revision 1.263 / (download) - annotate - [select for diffs], Sun Jul 23 23:37:02 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.262: +2 -2 lines
Diff to previous 1.262 (colored)
Allow IPQoS=none in ssh/sshd to not set an explicit ToS/DSCP value and just use the operating system default; ok dtucker@
Revision 1.262 / (download) - annotate - [select for diffs], Sat Jun 24 06:38:11 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.261: +5 -9 lines
Diff to previous 1.261 (colored)
don't pass pointer to struct sshcipher between privsep processes, just redo the lookup in each using the already-passed cipher name. bz#2704 based on patch from Brooks Davis; ok markus dtucker
Revision 1.261 / (download) - annotate - [select for diffs], Fri Jun 9 04:40:04 2017 UTC (6 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.260: +6 -2 lines
Diff to previous 1.260 (colored)
Add comments referring to the relevant RFC sections for rekeying behaviour.
Revision 1.260 / (download) - annotate - [select for diffs], Tue Jun 6 09:12:17 2017 UTC (6 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.259: +2 -2 lines
Diff to previous 1.259 (colored)
Fix compression output stats broken in rev 1.201. Patch originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok djm@
Revision 1.259 / (download) - annotate - [select for diffs], Thu Jun 1 06:16:43 2017 UTC (6 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.258: +3 -5 lines
Diff to previous 1.258 (colored)
some warnings spotted by clang; ok markus@
Revision 1.258 / (download) - annotate - [select for diffs], Wed May 31 08:58:52 2017 UTC (6 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.257: +1 -2 lines
Diff to previous 1.257 (colored)
These shutdown() SHUT_RDWR are not needed before close() ok djm markus claudio
Revision 1.257 / (download) - annotate - [select for diffs], Wed May 31 08:09:45 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.256: +61 -35 lines
Diff to previous 1.256 (colored)
clear session keys from memory; ok djm@
Revision 1.256 / (download) - annotate - [select for diffs], Mon May 8 06:03:39 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.255: +2 -1 lines
Diff to previous 1.255 (colored)
helps if I commit the correct version of the file. fix missing return statement.
Revision 1.255 / (download) - annotate - [select for diffs], Mon May 8 00:21:36 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.254: +4 -3 lines
Diff to previous 1.254 (colored)
I was too aggressive with the scalpel in the last commit; unbreak sshd, spotted quickly by naddy@
Revision 1.254 / (download) - annotate - [select for diffs], Sun May 7 23:12:57 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.253: +4 -31 lines
Diff to previous 1.253 (colored)
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
Revision 1.253 / (download) - annotate - [select for diffs], Wed May 3 21:08:09 2017 UTC (7 years ago) by naddy
Branch: MAIN
Changes since 1.252: +2 -19 lines
Diff to previous 1.252 (colored)
remove miscellaneous SSH1 leftovers; ok markus@
Revision 1.252 / (download) - annotate - [select for diffs], Sun Apr 30 23:28:42 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.251: +1 -2 lines
Diff to previous 1.251 (colored)
obliterate ssh1.h and some dead code that used it ok markus@
Revision 1.251 / (download) - annotate - [select for diffs], Sun Apr 30 23:26:16 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.250: +1 -6 lines
Diff to previous 1.250 (colored)
remove the (in)famous SSHv1 CRC compensation attack detector. Despite your cameo in The Matrix movies, you will not be missed. ok markus
Revision 1.250 / (download) - annotate - [select for diffs], Sun Apr 30 23:23:54 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.249: +1 -148 lines
Diff to previous 1.249 (colored)
remove SSHv1 support from packet and buffer APIs ok markus@
Revision 1.249 / (download) - annotate - [select for diffs], Sun Apr 30 23:13:25 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.248: +104 -287 lines
Diff to previous 1.248 (colored)
remove compat20/compat13/compat15 variables ok markus@
Revision 1.248 / (download) - annotate - [select for diffs], Sun Apr 30 23:10:43 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.247: +1 -42 lines
Diff to previous 1.247 (colored)
unifdef WITH_SSH1 ok markus@
Revision 1.247 / (download) - annotate - [select for diffs], Sat Mar 11 13:07:35 2017 UTC (7 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.246: +3 -3 lines
Diff to previous 1.246 (colored)
Don't count the initial block twice when computing how many bytes to discard for the work around for the attacks against CBC-mode. ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
Revision 1.246 / (download) - annotate - [select for diffs], Tue Feb 28 06:10:08 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.245: +5 -3 lines
Diff to previous 1.245 (colored)
small memleak: free fd_set on connection timeout (though we are heading to exit anyway). From Tom Rix in bz#2683
Revision 1.245 / (download) - annotate - [select for diffs], Fri Feb 3 23:03:33 2017 UTC (7 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.244: +45 -17 lines
Diff to previous 1.244 (colored)
add ssh_packet_set_log_preamble() to allow inclusion of a preamble string in disconnect messages; ok markus@
Revision 1.244 / (download) - annotate - [select for diffs], Fri Feb 3 02:56:00 2017 UTC (7 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.243: +5 -5 lines
Diff to previous 1.243 (colored)
Make ssh_packet_set_rekey_limits take u32 for the number of seconds until rekeying (negative values are rejected at config parse time). This allows the removal of some casts and a signed vs unsigned comparison warning. rekey_time is cast to int64 for the comparison which is a no-op on OpenBSD, but should also do the right thing in -portable on anything still using 32bit time_t (until the system time actually wraps, anyway). some early guidance deraadt@, ok djm@
Revision 1.243 / (download) - annotate - [select for diffs], Tue Oct 11 21:47:45 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.242: +16 -1 lines
Diff to previous 1.242 (colored)
Add a per-packet input hook that is called with the decrypted packet contents. This will be used for fuzzing; ok markus@
Revision 1.242 / (download) - annotate - [select for diffs], Fri Sep 30 09:19:13 2016 UTC (7 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.241: +91 -2 lines
Diff to previous 1.241 (colored)
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@
Revision 1.241 / (download) - annotate - [select for diffs], Wed Sep 28 21:44:52 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.240: +4 -3 lines
Diff to previous 1.240 (colored)
put back some pre-auth zlib bits that I shouldn't have removed - they are still used by the client. Spotted by naddy@
Revision 1.240 / (download) - annotate - [select for diffs], Wed Sep 28 20:32:42 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.239: +3 -4 lines
Diff to previous 1.239 (colored)
restore pre-auth compression support in the client -- the previous commit was intended to remove it from the server only. remove a few server-side pre-auth compression bits that escaped adjust wording of Compression directive in sshd_config(5) pointed out by naddy@ ok markus@
Revision 1.239 / (download) - annotate - [select for diffs], Wed Sep 28 16:33:07 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.238: +6 -98 lines
Diff to previous 1.238 (colored)
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
Revision 1.238 / (download) - annotate - [select for diffs], Mon Sep 19 19:02:19 2016 UTC (7 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.237: +2 -4 lines
Diff to previous 1.237 (colored)
move inbound NEWKEYS handling to kex layer; otherwise early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed with & ok djm@
Revision 1.237 / (download) - annotate - [select for diffs], Mon Sep 12 01:22:38 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.236: +4 -5 lines
Diff to previous 1.236 (colored)
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
Revision 1.236 / (download) - annotate - [select for diffs], Tue Sep 6 09:22:56 2016 UTC (7 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.235: +13 -10 lines
Diff to previous 1.235 (colored)
ssh_set_newkeys: print correct block counters on rekeying; ok djm@
Revision 1.235 / (download) - annotate - [select for diffs], Wed Aug 3 05:41:57 2016 UTC (7 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.234: +43 -45 lines
Diff to previous 1.234 (colored)
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
Revision 1.234 / (download) - annotate - [select for diffs], Mon Jul 18 11:35:33 2016 UTC (7 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.233: +23 -14 lines
Diff to previous 1.233 (colored)
Reduce timing attack against obsolete CBC modes by always computing the MAC over a fixed size of data. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@
Revision 1.233 / (download) - annotate - [select for diffs], Mon Jul 18 06:08:01 2016 UTC (7 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.232: +15 -5 lines
Diff to previous 1.232 (colored)
Add some unsigned overflow checks for extra_pad. None of these are reachable with the amount of padding that we use internally. bz#2566, pointed out by Torben Hansen. ok markus@
Revision 1.232 / (download) - annotate - [select for diffs], Fri Jul 15 05:01:58 2016 UTC (7 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.231: +8 -13 lines
Diff to previous 1.231 (colored)
Reduce the syslog level of some relatively common protocol events from LOG_CRIT by replacing fatal() calls with logdie(). Part of bz#2585, ok djm@
Revision 1.231 / (download) - annotate - [select for diffs], Fri Jul 8 03:44:42 2016 UTC (7 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.230: +17 -18 lines
Diff to previous 1.230 (colored)
Improve crypto ordering for Encrypt-then-MAC (EtM) mode MAC algorithms. Previously we were computing the MAC, decrypting the packet and then checking the MAC. This gave rise to the possibility of creating a side-channel oracle in the decryption step, though no such oracle has been identified. This adds a mac_check() function that computes and checks the MAC in one pass, and uses it to advance MAC checking for EtM algorithms to before payload decryption. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. feedback and ok markus@
Revision 1.230 / (download) - annotate - [select for diffs], Mon Mar 7 19:02:43 2016 UTC (8 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.229: +33 -4 lines
Diff to previous 1.229 (colored)
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@
Revision 1.229 / (download) - annotate - [select for diffs], Wed Feb 17 22:20:14 2016 UTC (8 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.228: +3 -3 lines
Diff to previous 1.228 (colored)
rekey refactor broke SSH1; spotted by Tom G. Christensen
Revision 1.228 / (download) - annotate - [select for diffs], Mon Feb 8 10:57:07 2016 UTC (8 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.227: +115 -39 lines
Diff to previous 1.227 (colored)
refactor activation of rekeying This makes automatic rekeying internal to the packet code (previously the server and client loops needed to assist). In doing to it makes application of rekey limits more accurate by accounting for packets about to be sent as well as packets queued during rekeying events themselves. Based on a patch from dtucker@ which was in turn based on a patch Aleksander Adamowski in bz#2521; ok markus@
Revision 1.227 / (download) - annotate - [select for diffs], Thu Feb 4 23:43:48 2016 UTC (8 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.226: +6 -4 lines
Diff to previous 1.226 (colored)
printf argument casts to avoid warnings on strict compilers
Revision 1.226 / (download) - annotate - [select for diffs], Fri Jan 29 05:46:01 2016 UTC (8 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.225: +19 -2 lines
Diff to previous 1.225 (colored)
include packet type of non-data packets in debug3 output; ok markus dtucker
Revision 1.225 / (download) - annotate - [select for diffs], Fri Jan 29 03:31:03 2016 UTC (8 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.224: +3 -8 lines
Diff to previous 1.224 (colored)
Revert "account for packets buffered but not yet processed" change as it breaks for very small RekeyLimit values due to continuous rekeying. ok djm@
Revision 1.224 / (download) - annotate - [select for diffs], Fri Jan 29 02:54:45 2016 UTC (8 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.223: +11 -8 lines
Diff to previous 1.223 (colored)
Allow RekeyLimits in excess of 4G up to 2**63 bits (limited by the return type of scan_scaled). Part of bz#2521, ok djm.
Revision 1.223 / (download) - annotate - [select for diffs], Fri Jan 29 02:42:46 2016 UTC (8 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.222: +8 -3 lines
Diff to previous 1.222 (colored)
Account for packets buffered but not yet processed when computing whether or not it is time to perform rekeying. bz#2521, based loosely on a patch from olo at fb.com, ok djm@
Revision 1.222 / (download) - annotate - [select for diffs], Thu Jan 14 16:17:40 2016 UTC (8 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.221: +7 -77 lines
Diff to previous 1.221 (colored)
remove roaming support; ok djm@
Revision 1.221 / (download) - annotate - [select for diffs], Fri Dec 11 04:21:12 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.220: +5 -9 lines
Diff to previous 1.220 (colored)
Remove NULL-checks before sshbuf_free(). ok djm@
Revision 1.220 / (download) - annotate - [select for diffs], Fri Dec 11 03:24:25 2015 UTC (8 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.219: +44 -22 lines
Diff to previous 1.219 (colored)
include remote port number in a few more messages; makes tying log messages together into a session a bit easier; bz#2503 ok dtucker@
Revision 1.219 / (download) - annotate - [select for diffs], Thu Dec 10 17:08:40 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.218: +5 -9 lines
Diff to previous 1.218 (colored)
Remove NULL-checks before free(). ok dtucker@
Revision 1.218 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.217: +3 -2 lines
Diff to previous 1.217 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
Revision 1.217 / (download) - annotate - [select for diffs], Sun Nov 8 21:59:11 2015 UTC (8 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.216: +2 -1 lines
Diff to previous 1.216 (colored)
fix OOB read in packet code caused by missing return statement found by Ben Hawkes; ok markus@ deraadt@
Revision 1.216 / (download) - annotate - [select for diffs], Wed Oct 21 11:33:03 2015 UTC (8 years, 6 months ago) by gsoares
Branch: MAIN
Changes since 1.215: +4 -2 lines
Diff to previous 1.215 (colored)
fix memory leak in error path ok djm@
Revision 1.215 / (download) - annotate - [select for diffs], Mon Sep 21 04:31:00 2015 UTC (8 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.214: +3 -2 lines
Diff to previous 1.214 (colored)
fix possible hang on closed output; bz#2469 reported by Tomas Kuthan ok markus@
Revision 1.214 / (download) - annotate - [select for diffs], Thu Aug 20 22:32:42 2015 UTC (8 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.213: +3 -3 lines
Diff to previous 1.213 (colored)
Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope ok krw millert
Revision 1.213 / (download) - annotate - [select for diffs], Wed Jul 29 04:43:06 2015 UTC (8 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.212: +12 -1 lines
Diff to previous 1.212 (colored)
include the peer's offer when logging a failure to negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@
Revision 1.212 / (download) - annotate - [select for diffs], Fri May 1 07:10:01 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.211: +13 -3 lines
Diff to previous 1.211 (colored)
refactor ssh_dispatch_run_fatal() to use sshpkt_fatal() to better report error conditions. Teach sshpkt_fatal() about ECONNRESET. Improves error messages on TCP connection resets. bz#2257 ok dtucker@
Revision 1.211 / (download) - annotate - [select for diffs], Mon Apr 27 01:52:30 2015 UTC (9 years ago) by djm
Branch: MAIN
Changes since 1.210: +13 -3 lines
Diff to previous 1.210 (colored)
fix compilation with OPENSSL=no; ok dtucker@
Revision 1.210 / (download) - annotate - [select for diffs], Tue Mar 24 20:10:08 2015 UTC (9 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.209: +13 -10 lines
Diff to previous 1.209 (colored)
don't leak 'setp' on error; noted by Nicholas Lemonias; ok djm@
Revision 1.209 / (download) - annotate - [select for diffs], Wed Mar 11 00:48:39 2015 UTC (9 years, 2 months ago) by jsg
Branch: MAIN
Changes since 1.208: +5 -2 lines
Diff to previous 1.208 (colored)
add back the changes from rev 1.206, djm reverted this by mistake in rev 1.207
Revision 1.208 / (download) - annotate - [select for diffs], Fri Feb 13 18:57:00 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.207: +11 -7 lines
Diff to previous 1.207 (colored)
make rekey_limit for sshd w/privsep work; ok djm@ dtucker@
Revision 1.207 / (download) - annotate - [select for diffs], Wed Feb 11 01:20:38 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.206: +6 -4 lines
Diff to previous 1.206 (colored)
Some packet error messages show the address of the peer, but might be generated after the socket to the peer has suffered a TCP reset. In these cases, getpeername() won't work so cache the address earlier. spotted in the wild via deraadt@ and tedu@
Revision 1.206 / (download) - annotate - [select for diffs], Mon Feb 9 23:22:37 2015 UTC (9 years, 3 months ago) by jsg
Branch: MAIN
Changes since 1.205: +5 -2 lines
Diff to previous 1.205 (colored)
fix some leaks in error paths ok markus@
Revision 1.205 / (download) - annotate - [select for diffs], Fri Jan 30 01:13:33 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.204: +143 -77 lines
Diff to previous 1.204 (colored)
avoid more fatal/exit in the packet.c paths that ssh-keyscan uses; feedback and "looks good" markus@
Revision 1.204 / (download) - annotate - [select for diffs], Wed Jan 28 21:15:47 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.203: +15 -18 lines
Diff to previous 1.203 (colored)
avoid fatal() calls in packet code makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
Revision 1.203 / (download) - annotate - [select for diffs], Tue Jan 20 23:14:00 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.202: +3 -3 lines
Diff to previous 1.202 (colored)
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
Revision 1.202 / (download) - annotate - [select for diffs], Mon Jan 19 20:30:23 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.201: +3 -1 lines
Diff to previous 1.201 (colored)
add experimental api for packet layer; ok djm@
Revision 1.201 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.200: +1690 -977 lines
Diff to previous 1.200 (colored)
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
Revision 1.200 / (download) - annotate - [select for diffs], Tue Jan 13 19:31:40 2015 UTC (9 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.199: +23 -12 lines
Diff to previous 1.199 (colored)
adapt mac.c to ssherr.h return codes (de-fatal) and simplify dependencies ok djm@
Revision 1.199 / (download) - annotate - [select for diffs], Fri Oct 24 02:01:20 2014 UTC (9 years, 6 months ago) by lteo
Branch: MAIN
Changes since 1.198: +1 -2 lines
Diff to previous 1.198 (colored)
Remove unnecessary include: netinet/in_systm.h is not needed by these programs. ok deraadt@ millert@
Revision 1.198 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.197: +2 -2 lines
Diff to previous 1.197 (colored)
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
Revision 1.197 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.196: +24 -14 lines
Diff to previous 1.196 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.196 / (download) - annotate - [select for diffs], Sat May 3 17:20:34 2014 UTC (10 years ago) by markus
Branch: MAIN
Changes since 1.195: +21 -1 lines
Diff to previous 1.195 (colored)
unbreak compression, by re-init-ing the compression code in the post-auth child. the new buffer code is more strict, and requires buffer_init() while the old code was happy after a bzero(); originally from djm@
Revision 1.195 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years ago) by markus
Branch: MAIN
Changes since 1.194: +5 -1 lines
Diff to previous 1.194 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.194 / (download) - annotate - [select for diffs], Mon Apr 28 03:09:18 2014 UTC (10 years ago) by djm
Branch: MAIN
Changes since 1.193: +2 -2 lines
Diff to previous 1.193 (colored)
buffer_get_string_ptr's return should be const to remind callers that futzing with it will futz with the actual buffer contents
Revision 1.193 / (download) - annotate - [select for diffs], Tue Apr 1 05:32:57 2014 UTC (10 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.192: +3 -3 lines
Diff to previous 1.192 (colored)
demote a debug3 to PACKET_DEBUG; ok markus@
Revision 1.192 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:31 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.191: +8 -8 lines
Diff to previous 1.191 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.191 / (download) - annotate - [select for diffs], Fri Dec 6 13:34:54 2013 UTC (10 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.190: +16 -11 lines
Diff to previous 1.190 (colored)
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
Revision 1.190 / (download) - annotate - [select for diffs], Thu Nov 21 00:45:44 2013 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.189: +14 -10 lines
Diff to previous 1.189 (colored)
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
Revision 1.181.2.1 / (download) - annotate - [select for diffs], Fri Nov 8 05:52:21 2013 UTC (10 years, 6 months ago) by djm
Branch: OPENBSD_5_3
Changes since 1.181: +2 -2 lines
Diff to previous 1.181 (colored) next main 1.182 (colored)
openssh-6.4 for the 5.3 branch; reminded by deraadt@
Revision 1.188.2.1 / (download) - annotate - [select for diffs], Fri Nov 8 01:33:56 2013 UTC (10 years, 6 months ago) by djm
Branch: OPENBSD_5_4
Changes since 1.188: +2 -2 lines
Diff to previous 1.188 (colored) next main 1.189 (colored)
cherrypick commit: date: 2013/11/08 00:39:15; author: djm; state: Exp; lines: +2 -2; use calloc for all structure allocations; from markus@
Revision 1.189 / (download) - annotate - [select for diffs], Fri Nov 8 00:39:15 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.188: +2 -2 lines
Diff to previous 1.188 (colored)
use calloc for all structure allocations; from markus@
Revision 1.188 / (download) - annotate - [select for diffs], Fri Jul 12 00:19:58 2013 UTC (10 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE
Branch point for: OPENBSD_5_4
Changes since 1.187: +6 -5 lines
Diff to previous 1.187 (colored)
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
Revision 1.187 / (download) - annotate - [select for diffs], Sat Jun 1 13:15:52 2013 UTC (10 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.186: +5 -5 lines
Diff to previous 1.186 (colored)
Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
Revision 1.186 / (download) - annotate - [select for diffs], Fri May 17 00:13:13 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.185: +15 -15 lines
Diff to previous 1.185 (colored)
bye, bye xfree(); ok markus@
Revision 1.185 / (download) - annotate - [select for diffs], Thu May 16 04:09:13 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.184: +2 -2 lines
Diff to previous 1.184 (colored)
Add RekeyLimit to sshd with the same syntax as the client allowing rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man page.
Revision 1.184 / (download) - annotate - [select for diffs], Thu May 16 02:00:34 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.183: +30 -3 lines
Diff to previous 1.183 (colored)
Add an optional second argument to RekeyLimit in the client to allow rekeying based on elapsed time in addition to amount of traffic. with djm@ jmc@, ok djm
Revision 1.183 / (download) - annotate - [select for diffs], Fri Apr 19 01:06:50 2013 UTC (11 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.182: +3 -3 lines
Diff to previous 1.182 (colored)
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
Revision 1.182 / (download) - annotate - [select for diffs], Thu Apr 11 02:27:50 2013 UTC (11 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.181: +6 -2 lines
Diff to previous 1.181 (colored)
quiet disconnect notifications on the server from error() back to logit() if it is a normal client closure; bz#2057 ok+feedback dtucker@
Revision 1.181 / (download) - annotate - [select for diffs], Sun Feb 10 23:35:24 2013 UTC (11 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE
Branch point for: OPENBSD_5_3
Changes since 1.180: +3 -3 lines
Diff to previous 1.180 (colored)
record "Received disconnect" messages at ERROR rather than INFO priority, since they are abnormal and result in a non-zero ssh exit status; patch from Iain Morgan in bz#2057; ok dtucker@
Revision 1.180 / (download) - annotate - [select for diffs], Tue Jan 8 18:49:04 2013 UTC (11 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.179: +26 -19 lines
Diff to previous 1.179 (colored)
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
Revision 1.179 / (download) - annotate - [select for diffs], Wed Dec 12 16:45:52 2012 UTC (11 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.178: +2 -1 lines
Diff to previous 1.178 (colored)
reset incoming_packet buffer for each new packet in EtM-case, too; this happens if packets are parsed only parially (e.g. ignore messages sent when su/sudo turn off echo); noted by sthen/millert
Revision 1.178 / (download) - annotate - [select for diffs], Tue Dec 11 22:31:18 2012 UTC (11 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.177: +76 -37 lines
Diff to previous 1.177 (colored)
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
Revision 1.177 / (download) - annotate - [select for diffs], Mon Sep 17 13:04:11 2012 UTC (11 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.176: +4 -1 lines
Diff to previous 1.176 (colored)
clear old keys on rekeing; ok djm
Revision 1.176 / (download) - annotate - [select for diffs], Wed Jan 25 19:40:09 2012 UTC (12 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.175: +1 -7 lines
Diff to previous 1.175 (colored)
packet_read_poll() is not used anymore.
Revision 1.175 / (download) - annotate - [select for diffs], Wed Jan 25 19:26:43 2012 UTC (12 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.174: +5 -3 lines
Diff to previous 1.174 (colored)
do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; ok dtucker@, djm@
Revision 1.174 / (download) - annotate - [select for diffs], Wed Dec 7 05:44:38 2011 UTC (12 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.173: +2 -2 lines
Diff to previous 1.173 (colored)
fix some harmless and/or unreachable int overflows; reported Xi Wang, ok markus@
Revision 1.173 / (download) - annotate - [select for diffs], Fri May 6 21:14:05 2011 UTC (13 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.172: +21 -15 lines
Diff to previous 1.172 (colored)
set traffic class for IPv6 traffic as we do for IPv4 TOS; patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@
Revision 1.172 / (download) - annotate - [select for diffs], Sat Nov 13 23:27:50 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.171: +5 -6 lines
Diff to previous 1.171 (colored)
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Revision 1.171 / (download) - annotate - [select for diffs], Fri Nov 5 02:46:47 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.170: +10 -11 lines
Diff to previous 1.170 (colored)
whitespace KNF
Revision 1.170 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.169: +13 -1 lines
Diff to previous 1.169 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.169 / (download) - annotate - [select for diffs], Tue Aug 31 09:58:37 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.168: +8 -1 lines
Diff to previous 1.168 (colored)
Add buffer_get_cstring() and related functions that verify that the string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely.
Revision 1.168 / (download) - annotate - [select for diffs], Tue Jul 13 23:13:16 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.167: +2 -2 lines
Diff to previous 1.167 (colored)
s/timing_safe_cmp/timingsafe_bcmp/g
Revision 1.167 / (download) - annotate - [select for diffs], Tue Jul 13 11:52:06 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.166: +2 -2 lines
Diff to previous 1.166 (colored)
implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
Revision 1.166 / (download) - annotate - [select for diffs], Sat Jun 27 09:29:06 2009 UTC (14 years, 10 months ago) by andreas
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.165: +49 -2 lines
Diff to previous 1.165 (colored)
packet_bacup_state() and packet_restore_state() will be used to temporarily save the current state ren resuming a suspended connection. ok markus@
Revision 1.165 / (download) - annotate - [select for diffs], Fri Jun 12 20:58:32 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.164: +17 -13 lines
Diff to previous 1.164 (colored)
Move some more statics into session_state ok markus@ djm@
Revision 1.164 / (download) - annotate - [select for diffs], Fri Jun 12 20:43:22 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.163: +2 -2 lines
Diff to previous 1.163 (colored)
Fix warnings found by chl@ and djm@ and change roaming_atomicio's return type to match atomicio's Diff from djm@, ok markus@
Revision 1.163 / (download) - annotate - [select for diffs], Thu May 28 16:50:16 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.162: +13 -6 lines
Diff to previous 1.162 (colored)
Keep track of number of bytes read and written. Needed for upcoming changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
Revision 1.162 / (download) - annotate - [select for diffs], Wed May 27 06:36:07 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.161: +15 -1 lines
Diff to previous 1.161 (colored)
Add packet_put_int64() and packet_get_int64(), part of a larger change from Martin Forssen. ok markus@
Revision 1.161 / (download) - annotate - [select for diffs], Mon May 25 06:48:01 2009 UTC (14 years, 11 months ago) by andreas
Branch: MAIN
Changes since 1.160: +486 -385 lines
Diff to previous 1.160 (colored)
Put the globals in packet.c into a struct and don't access it directly from other files. No functional changes. ok markus@ djm@
Revision 1.160 / (download) - annotate - [select for diffs], Fri Feb 13 11:50:21 2009 UTC (15 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.159: +2 -2 lines
Diff to previous 1.159 (colored)
check for enc !=NULL in packet_start_discard
Revision 1.159 / (download) - annotate - [select for diffs], Mon Jan 26 09:58:15 2009 UTC (15 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.158: +65 -7 lines
Diff to previous 1.158 (colored)
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
Revision 1.158 / (download) - annotate - [select for diffs], Fri Nov 21 15:47:38 2008 UTC (15 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.157: +7 -4 lines
Diff to previous 1.157 (colored)
packet_disconnect() on padding error, too. should reduce the success probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18 ok djm@
Revision 1.157 / (download) - annotate - [select for diffs], Thu Jul 10 18:08:11 2008 UTC (15 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.156: +22 -7 lines
Diff to previous 1.156 (colored)
sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@
Revision 1.156 / (download) - annotate - [select for diffs], Fri Jul 4 23:08:25 2008 UTC (15 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.155: +6 -5 lines
Diff to previous 1.155 (colored)
handle EINTR in packet_write_poll()l ok dtucker@
Revision 1.155 / (download) - annotate - [select for diffs], Fri Jun 13 09:44:36 2008 UTC (15 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.154: +3 -2 lines
Diff to previous 1.154 (colored)
compile on older gcc; no decl after code
Revision 1.154 / (download) - annotate - [select for diffs], Thu Jun 12 20:38:28 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.153: +76 -9 lines
Diff to previous 1.153 (colored)
Make keepalive timeouts apply while waiting for a packet, particularly during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
Revision 1.153 / (download) - annotate - [select for diffs], Mon May 19 06:14:02 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.152: +4 -3 lines
Diff to previous 1.152 (colored)
unbreak protocol keepalive timeouts bz#1465; ok dtucker@
Revision 1.152 / (download) - annotate - [select for diffs], Thu May 8 06:59:01 2008 UTC (16 years ago) by markus
Branch: MAIN
Changes since 1.151: +7 -1 lines
Diff to previous 1.151 (colored)
avoid extra malloc/copy/free when receiving data over the net; ~10% speedup for localhost-scp; ok djm@
Revision 1.151 / (download) - annotate - [select for diffs], Fri Feb 22 20:44:02 2008 UTC (16 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.150: +5 -1 lines
Diff to previous 1.150 (colored)
Allow all SSH2 packet types, including UNIMPLEMENTED to reset the keepalive timer (bz #1307). ok markus@
Revision 1.150 / (download) - annotate - [select for diffs], Wed Jan 23 01:56:54 2008 UTC (16 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.149: +6 -5 lines
Diff to previous 1.149 (colored)
Revert the change for bz #1307 as it causes connection aborts if an IGNORE packet arrives while we're waiting in packet_read_expect (and possibly elsewhere).
Revision 1.149 / (download) - annotate - [select for diffs], Fri Dec 28 15:32:24 2007 UTC (16 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.148: +6 -7 lines
Diff to previous 1.148 (colored)
Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the ServerAlive and ClientAlive timers. Prevents dropping a connection when these are enabled but the peer does not support our keepalives. bz #1307, ok djm@.
Revision 1.148 / (download) - annotate - [select for diffs], Thu Jun 7 19:37:34 2007 UTC (16 years, 11 months ago) by pvalchev
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.147: +3 -6 lines
Diff to previous 1.147 (colored)
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
Revision 1.147 / (download) - annotate - [select for diffs], Tue Jun 5 06:52:37 2007 UTC (16 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.146: +8 -4 lines
Diff to previous 1.146 (colored)
Preserve MAC ctx between packets, saving 2xhash calls per-packet. Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request)
Revision 1.146 / (download) - annotate - [select for diffs], Thu May 31 23:34:29 2007 UTC (16 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.145: +1 -2 lines
Diff to previous 1.145 (colored)
gc unreachable code; spotted by Tavis Ormandy
Revision 1.119.2.3 / (download) - annotate - [select for diffs], Wed Nov 8 00:44:05 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.119.2.2: +4 -1 lines
Diff to previous 1.119.2.2 (colored) to branchpoint 1.119 (colored) next main 1.120 (colored)
upgrade to OpenSSH 4.5
Revision 1.144.2.1 / (download) - annotate - [select for diffs], Wed Nov 8 00:42:10 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.144: +4 -1 lines
Diff to previous 1.144 (colored) next main 1.145 (colored)
upgrade to OpenSSH 4.5
Revision 1.121.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 00:17:14 2006 UTC (17 years, 6 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.121.2.1: +4 -1 lines
Diff to previous 1.121.2.1 (colored) to branchpoint 1.121 (colored) next main 1.122 (colored)
upgrade to OpenSSH 4.5
Revision 1.119.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:32 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.119.2.1: +48 -26 lines
Diff to previous 1.119.2.1 (colored) to branchpoint 1.119 (colored)
upgrade to OpenSSH 4.4
Revision 1.121.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:50 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.121: +45 -26 lines
Diff to previous 1.121 (colored)
upgrade to OpenSSH 4.4
Revision 1.145 / (download) - annotate - [select for diffs], Tue Sep 19 21:14:08 2006 UTC (17 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.144: +4 -1 lines
Diff to previous 1.144 (colored)
client NULL deref on protocol error; Tavis Ormandy, Google Security Team
Revision 1.144 / (download) - annotate - [select for diffs], Sat Sep 16 19:53:37 2006 UTC (17 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.143: +11 -4 lines
Diff to previous 1.143 (colored)
limit maximum work performed by the CRC compensation attack detector, problem reported by Tavis Ormandy, Google Security Team; ok markus@ deraadt@
Revision 1.143 / (download) - annotate - [select for diffs], Sat Aug 5 08:34:04 2006 UTC (17 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.142: +2 -2 lines
Diff to previous 1.142 (colored)
Typo in comment
Revision 1.142 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.141: +4 -8 lines
Diff to previous 1.141 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.141 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:47 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.140: +2 -1 lines
Diff to previous 1.140 (colored)
move #include <stdio.h> out of includes.h
Revision 1.140 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.139: +2 -1 lines
Diff to previous 1.139 (colored)
move #include <stdlib.h> out of includes.h
Revision 1.139 / (download) - annotate - [select for diffs], Wed Jul 26 02:35:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.138: +2 -1 lines
Diff to previous 1.138 (colored)
move #include <sys/param.h> out of includes.h
Revision 1.138 / (download) - annotate - [select for diffs], Tue Jul 25 02:59:21 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.137: +2 -1 lines
Diff to previous 1.137 (colored)
move #include <sys/time.h> out of includes.h
Revision 1.137 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.136: +2 -1 lines
Diff to previous 1.136 (colored)
move #include <string.h> out of includes.h
Revision 1.136 / (download) - annotate - [select for diffs], Mon Jul 17 01:31:09 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.135: +2 -1 lines
Diff to previous 1.135 (colored)
move #include <unistd.h> out of includes.h
Revision 1.135 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.134: +2 -1 lines
Diff to previous 1.134 (colored)
move #include <errno.h> out of includes.h; ok markus@
Revision 1.134 / (download) - annotate - [select for diffs], Mon Jul 10 16:37:36 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.133: +3 -1 lines
Diff to previous 1.133 (colored)
move #include <stdarg.h> out of includes.h; ok markus@
Revision 1.133 / (download) - annotate - [select for diffs], Sat Jul 8 21:47:12 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.132: +2 -1 lines
Diff to previous 1.132 (colored)
move #include <sys/socket.h> out of includes.h
Revision 1.132 / (download) - annotate - [select for diffs], Wed Jul 5 02:42:09 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.131: +3 -1 lines
Diff to previous 1.131 (colored)
move #include <netinet/in.h> out of includes.h; ok deraadt@
Revision 1.131 / (download) - annotate - [select for diffs], Thu Mar 30 09:58:16 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.130: +7 -8 lines
Diff to previous 1.130 (colored)
replace {GET,PUT}_XXBIT macros with functionally similar functions,
silencing a heap of lint warnings. also allows them to use
__bounded__ checking which can't be applied to macros; requested
by and feedback from deraadt@
Revision 1.130 / (download) - annotate - [select for diffs], Sat Mar 25 18:56:55 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.129: +2 -2 lines
Diff to previous 1.129 (colored)
remove (char *) casts to a function that accepts void * for the arg
Revision 1.129 / (download) - annotate - [select for diffs], Sat Mar 25 18:29:35 2006 UTC (18 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.128: +2 -2 lines
Diff to previous 1.128 (colored)
needed casts (always will be needed)
Revision 1.128 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.127: +1 -0 lines
Diff to previous 1.127 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.127 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.126: +2 -2 lines
Diff to previous 1.126 (colored)
introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Revision 1.126 / (download) - annotate - [select for diffs], Wed Mar 22 21:27:15 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.125: +1 -1 lines
Diff to previous 1.125 (colored)
remove IV support from the CRC attack detector, OpenSSH has never used it - it only applied to IDEA-CFB, which we don't support. prompted by NetBSD Coverity report via elad AT netbsd.org; feedback markus@ "nuke it" deraadt@
Revision 1.125 / (download) - annotate - [select for diffs], Mon Mar 20 18:48:34 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.124: +8 -0 lines
Diff to previous 1.124 (colored)
spacing
Revision 1.124 / (download) - annotate - [select for diffs], Mon Mar 20 17:10:19 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.123: +0 -2 lines
Diff to previous 1.123 (colored)
in a switch (), break after return or goto is stupid
Revision 1.123 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.122: +0 -1 lines
Diff to previous 1.122 (colored)
RCSID() can die
Revision 1.122 / (download) - annotate - [select for diffs], Mon Mar 13 08:33:00 2006 UTC (18 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.121: +2 -3 lines
Diff to previous 1.121 (colored)
Set TCP_NODELAY for all connections not just "interactive" ones. Fixes poor performance and protocol stalls under some network conditions (mindrot bugs #556 and #981). Patch originally from markus@, ok djm@
Revision 1.121 / (download) - annotate - [select for diffs], Wed Feb 8 14:38:18 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.120: +4 -1 lines
Diff to previous 1.120 (colored)
move #include <netinet/in_systm.h> and <netinet/ip.h> out of includes.h; ok markus@
Revision 1.119.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:56 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.119: +2 -2 lines
Diff to previous 1.119 (colored)
upgrade to OpenSSH 4.3
Revision 1.116.2.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:44 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.116.2.1: +2 -2 lines
Diff to previous 1.116.2.1 (colored) to branchpoint 1.116 (colored) next main 1.117 (colored)
upgrade to OpenSSH 4.3
Revision 1.120 / (download) - annotate - [select for diffs], Sun Oct 30 08:52:17 2005 UTC (18 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.119: +2 -2 lines
Diff to previous 1.119 (colored)
no need to escape single quotes in comments, no binary change
Revision 1.116.2.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:02 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.116: +58 -5 lines
Diff to previous 1.116 (colored)
upgrade to OpenSSH 4.2
Revision 1.115.2.2 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:00 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.115.2.1: +58 -5 lines
Diff to previous 1.115.2.1 (colored) to branchpoint 1.115 (colored) next main 1.116 (colored)
upgrade to OpenSSH 4.2
Revision 1.119 / (download) - annotate - [select for diffs], Thu Jul 28 17:36:22 2005 UTC (18 years, 9 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.118: +2 -1 lines
Diff to previous 1.118 (colored)
missing packet_init_compression(); from solar
Revision 1.118 / (download) - annotate - [select for diffs], Mon Jul 25 11:59:39 2005 UTC (18 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.117: +54 -2 lines
Diff to previous 1.117 (colored)
add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
Revision 1.117 / (download) - annotate - [select for diffs], Fri Jun 17 02:44:32 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.116: +4 -4 lines
Diff to previous 1.116 (colored)
make this -Wsign-compare clean; ok avsm@ markus@
Revision 1.112.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:04 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.112.2.1: +5 -1 lines
Diff to previous 1.112.2.1 (colored) to branchpoint 1.112 (colored) next main 1.113 (colored)
upgrade to OpenSSH 4.0
Revision 1.115.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:27 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.115: +5 -1 lines
Diff to previous 1.115 (colored)
upgrade to OpenSSH 4.0
Revision 1.116 / (download) - annotate - [select for diffs], Wed Oct 20 11:48:53 2004 UTC (19 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_7
Changes since 1.115: +5 -1 lines
Diff to previous 1.115 (colored)
disconnect for invalid (out of range) message types.
Revision 1.109.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:31 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.109.2.1: +26 -27 lines
Diff to previous 1.109.2.1 (colored) to branchpoint 1.109 (colored) next main 1.110 (colored)
upgrade to OpenSSH 3.9
Revision 1.112.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:26 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.112: +26 -27 lines
Diff to previous 1.112 (colored)
upgrade to OpenSSH 3.9
Revision 1.115 / (download) - annotate - [select for diffs], Mon Jun 21 17:36:31 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.114: +17 -17 lines
Diff to previous 1.114 (colored)
make ssh -Wshadow clean, no functional changes markus@ ok
Revision 1.114 / (download) - annotate - [select for diffs], Mon Jun 14 01:44:39 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.113: +4 -7 lines
Diff to previous 1.113 (colored)
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
Revision 1.113 / (download) - annotate - [select for diffs], Tue May 11 19:01:43 2004 UTC (20 years ago) by deraadt
Branch: MAIN
Changes since 1.112: +7 -5 lines
Diff to previous 1.112 (colored)
improve some code lint did not like; djm millert ok
Revision 1.102.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:16 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.102.2.1: +7 -8 lines
Diff to previous 1.102.2.1 (colored) to branchpoint 1.102 (colored) next main 1.103 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.109.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:33 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.109: +7 -8 lines
Diff to previous 1.109 (colored)
upgrade to OpenSSH 3.8
Revision 1.112 / (download) - annotate - [select for diffs], Tue Sep 23 20:17:11 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.111: +5 -5 lines
Diff to previous 1.111 (colored)
replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
Revision 1.111 / (download) - annotate - [select for diffs], Fri Sep 19 11:33:09 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.110: +1 -4 lines
Diff to previous 1.110 (colored)
do not call packet_close on fatal; ok deraadt
Revision 1.110 / (download) - annotate - [select for diffs], Fri Sep 19 09:02:02 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.109: +3 -1 lines
Diff to previous 1.109 (colored)
buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471
Revision 1.97.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:26 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.97.2.1: +142 -34 lines
Diff to previous 1.97.2.1 (colored) to branchpoint 1.97 (colored) next main 1.98 (colored)
upgrade to OpenSSH 3.7
Revision 1.102.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:43 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.102: +142 -34 lines
Diff to previous 1.102 (colored)
upgrade to OpenSSH 3.7
Revision 1.109 / (download) - annotate - [select for diffs], Thu Jul 10 14:42:28 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.108: +9 -2 lines
Diff to previous 1.108 (colored)
the 2^(blocksize*2) rekeying limit is too expensive for 3DES, blowfish, etc, so enforce a 1GB limit for small blocksizes.
Revision 1.108 / (download) - annotate - [select for diffs], Tue Jun 24 08:23:46 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.107: +4 -4 lines
Diff to previous 1.107 (colored)
int -> u_int; ok djm@, deraadt@, mouring@
Revision 1.107 / (download) - annotate - [select for diffs], Tue Jun 10 22:20:52 2003 UTC (20 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.106: +2 -2 lines
Diff to previous 1.106 (colored)
mostly ansi cleanup; pval ok
Revision 1.106 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:29 2003 UTC (21 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.105: +9 -9 lines
Diff to previous 1.105 (colored)
rename log() into logit() to avoid name conflict. markus ok, from netbsd
Revision 1.93.2.3 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:17 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.93.2.2: +25 -33 lines
Diff to previous 1.93.2.2 (colored) to branchpoint 1.93 (colored) next main 1.94 (colored)
Merge OpenSSH 3.6.1
Revision 1.105 / (download) - annotate - [select for diffs], Wed Apr 2 09:48:07 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.104: +123 -22 lines
Diff to previous 1.104 (colored)
reapply rekeying chage, tested by henning@, ok djm@
Revision 1.104 / (download) - annotate - [select for diffs], Tue Apr 1 10:22:21 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.103: +22 -123 lines
Diff to previous 1.103 (colored)
backout rekeying changes (for 3.6.1)
Revision 1.103 / (download) - annotate - [select for diffs], Tue Apr 1 10:10:23 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.102: +123 -22 lines
Diff to previous 1.102 (colored)
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
Revision 1.97.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.97: +25 -33 lines
Diff to previous 1.97 (colored)
Update to OpenSSH 3.6
Revision 1.102 / (download) - annotate - [select for diffs], Tue Dec 10 19:47:14 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.101: +2 -2 lines
Diff to previous 1.101 (colored)
static
Revision 1.101 / (download) - annotate - [select for diffs], Tue Dec 10 19:26:50 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.100: +17 -26 lines
Diff to previous 1.100 (colored)
move tos handling to packet_set_tos; ok provos/henning/deraadt
Revision 1.100 / (download) - annotate - [select for diffs], Thu Nov 21 22:45:31 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.99: +3 -3 lines
Diff to previous 1.99 (colored)
debug->debug2, unify debug messages
Revision 1.99 / (download) - annotate - [select for diffs], Mon Nov 4 10:09:51 2002 UTC (21 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.98: +4 -3 lines
Diff to previous 1.98 (colored)
log before send disconnect; ok djm@
Revision 1.98 / (download) - annotate - [select for diffs], Wed Oct 23 10:32:13 2002 UTC (21 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.97: +4 -4 lines
Diff to previous 1.97 (colored)
use %u for u_int
Revision 1.70.2.6 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:06 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.70.2.5: +11 -2 lines
Diff to previous 1.70.2.5 (colored) to branchpoint 1.70 (colored) next main 1.71 (colored)
Update to OpenSSH 3.5
Revision 1.93.2.2 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:52 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.93.2.1: +11 -2 lines
Diff to previous 1.93.2.1 (colored) to branchpoint 1.93 (colored)
Update to OpenSSH 3.5
Revision 1.97 / (download) - annotate - [select for diffs], Thu Jul 4 08:12:15 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.96: +11 -2 lines
Diff to previous 1.96 (colored)
blah blah minor nothing as i read and re-read and re-read...
Revision 1.70.2.5 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:35 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.70.2.4: +8 -7 lines
Diff to previous 1.70.2.4 (colored) to branchpoint 1.70 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.93.2.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:38 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.93: +28 -8 lines
Diff to previous 1.93 (colored)
Pull in OpenSSH-3.4
Revision 1.96 / (download) - annotate - [select for diffs], Sun Jun 23 21:10:02 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.95: +8 -7 lines
Diff to previous 1.95 (colored)
packet_get_int() returns unsigned for reason & seqnr
Revision 1.70.2.4 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:17 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.70.2.3: +21 -2 lines
Diff to previous 1.70.2.3 (colored) to branchpoint 1.70 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.95 / (download) - annotate - [select for diffs], Wed Jun 19 18:01:00 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.94: +20 -1 lines
Diff to previous 1.94 (colored)
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
Revision 1.94 / (download) - annotate - [select for diffs], Tue Jun 4 23:02:06 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.93: +2 -2 lines
Diff to previous 1.93 (colored)
remove __FUNCTION__
Revision 1.61.2.5 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:10 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.61.2.4: +110 -16 lines
Diff to previous 1.61.2.4 (colored) to branchpoint 1.61 (colored) next main 1.62 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.70.2.3 / (download) - annotate - [select for diffs], Fri May 17 00:03:23 2002 UTC (22 years ago) by miod
Branch: OPENBSD_3_0
Changes since 1.70.2.2: +110 -16 lines
Diff to previous 1.70.2.2 (colored) to branchpoint 1.70 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.93 / (download) - annotate - [select for diffs], Sun Mar 24 16:01:13 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.92: +2 -2 lines
Diff to previous 1.92 (colored)
debug->debug3 for extra padding
Revision 1.92 / (download) - annotate - [select for diffs], Tue Mar 19 10:49:35 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.91: +4 -4 lines
Diff to previous 1.91 (colored)
KNF whitespace
Revision 1.91 / (download) - annotate - [select for diffs], Mon Mar 18 17:16:38 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.90: +109 -15 lines
Diff to previous 1.90 (colored)
export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
Revision 1.61.2.4 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:44 2002 UTC (22 years, 2 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.61.2.3: +119 -106 lines
Diff to previous 1.61.2.3 (colored) to branchpoint 1.61 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.38.2.8 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:42 2002 UTC (22 years, 2 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.38.2.7: +119 -106 lines
Diff to previous 1.38.2.7 (colored) to branchpoint 1.38 (colored) next main 1.39 (colored)
Merge OpenSSH 3.1.
Revision 1.70.2.2 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:46 2002 UTC (22 years, 2 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.70.2.1: +119 -106 lines
Diff to previous 1.70.2.1 (colored) to branchpoint 1.70 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.90 / (download) - annotate - [select for diffs], Wed Feb 27 21:23:13 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.89: +3 -3 lines
Diff to previous 1.89 (colored)
remove unneeded casts in [gs]etsockopt(); ok markus@
Revision 1.89 / (download) - annotate - [select for diffs], Sun Feb 24 16:58:32 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.88: +17 -21 lines
Diff to previous 1.88 (colored)
make 'cp' unsigned and merge with 'ucp'; ok stevesk@
Revision 1.88 / (download) - annotate - [select for diffs], Thu Feb 14 23:41:01 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.87: +30 -22 lines
Diff to previous 1.87 (colored)
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
Revision 1.87 / (download) - annotate - [select for diffs], Thu Jan 24 21:13:23 2002 UTC (22 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.86: +2 -1 lines
Diff to previous 1.86 (colored)
need misc.h for set_nodelay()
Revision 1.86 / (download) - annotate - [select for diffs], Thu Jan 24 21:09:25 2002 UTC (22 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.85: +2 -5 lines
Diff to previous 1.85 (colored)
add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning). no nagle changes just yet; ok djm@ markus@
Revision 1.85 / (download) - annotate - [select for diffs], Fri Jan 18 18:14:17 2002 UTC (22 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.84: +3 -3 lines
Diff to previous 1.84 (colored)
unneeded cast cleanup; ok markus@
Revision 1.84 / (download) - annotate - [select for diffs], Fri Jan 11 10:31:05 2002 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.83: +6 -2 lines
Diff to previous 1.83 (colored)
handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@
Revision 1.83 / (download) - annotate - [select for diffs], Sat Dec 29 21:56:01 2001 UTC (22 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.82: +10 -10 lines
Diff to previous 1.82 (colored)
remove unneeded casts and some char->u_char cleanup; ok markus@
Revision 1.82 / (download) - annotate - [select for diffs], Fri Dec 28 14:50:54 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.81: +14 -22 lines
Diff to previous 1.81 (colored)
packet_read* no longer return the packet length, since it's not used.
Revision 1.81 / (download) - annotate - [select for diffs], Fri Dec 28 14:13:13 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.80: +3 -3 lines
Diff to previous 1.80 (colored)
buffer_get_bignum: int -> void
Revision 1.80 / (download) - annotate - [select for diffs], Fri Dec 28 13:57:33 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.79: +5 -5 lines
Diff to previous 1.79 (colored)
packet_get_bignum* no longer returns a size
Revision 1.79 / (download) - annotate - [select for diffs], Fri Dec 28 12:14:27 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored)
s/packet_done/packet_check_eom/ (end-of-message); ok djm@
Revision 1.78 / (download) - annotate - [select for diffs], Thu Dec 27 20:39:58 2001 UTC (22 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)
get rid of packet_integrity_check, use packet_done() instead.
Revision 1.77 / (download) - annotate - [select for diffs], Thu Dec 20 22:50:24 2001 UTC (22 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.76: +21 -7 lines
Diff to previous 1.76 (colored)
Conformance fix: we should send failing packet sequence number when responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@
Revision 1.76 / (download) - annotate - [select for diffs], Wed Dec 19 17:16:13 2001 UTC (22 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.75: +13 -12 lines
Diff to previous 1.75 (colored)
change the buffer/packet interface to use void* vs. char*; ok markus@
Revision 1.75 / (download) - annotate - [select for diffs], Wed Dec 19 07:18:56 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.74: +4 -4 lines
Diff to previous 1.74 (colored)
basic KNF done while i was looking for something else
Revision 1.74 / (download) - annotate - [select for diffs], Wed Dec 5 10:06:12 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.73: +3 -3 lines
Diff to previous 1.73 (colored)
minor KNF
Revision 1.73 / (download) - annotate - [select for diffs], Wed Dec 5 03:56:39 2001 UTC (22 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.72: +16 -16 lines
Diff to previous 1.72 (colored)
make it compile with more strict prototype checking
Revision 1.61.2.3 / (download) - annotate - [select for diffs], Thu Nov 15 22:51:15 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.61.2.2: +22 -37 lines
Diff to previous 1.61.2.2 (colored) to branchpoint 1.61 (colored)
Merge OpenSSH 3.0.1.
Revision 1.38.2.7 / (download) - annotate - [select for diffs], Thu Nov 15 22:50:30 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.38.2.6: +22 -37 lines
Diff to previous 1.38.2.6 (colored) to branchpoint 1.38 (colored)
Merge OpenSSH 3.0.1. This is likely to be the last commit to the 2.8-STABLE branch.
Revision 1.61.2.2 / (download) - annotate - [select for diffs], Thu Nov 15 00:15:19 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.61.2.1: +2 -1 lines
Diff to previous 1.61.2.1 (colored) to branchpoint 1.61 (colored)
Merge OpenSSH 3.0
Revision 1.38.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 00:14:59 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.38.2.5: +2 -1 lines
Diff to previous 1.38.2.5 (colored) to branchpoint 1.38 (colored)
Merge OpenSSH 3.0
Revision 1.70.2.1 / (download) - annotate - [select for diffs], Wed Nov 14 03:24:38 2001 UTC (22 years, 6 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.70: +22 -37 lines
Diff to previous 1.70 (colored)
Pull in patches from current (Errata 002): Update to OpenSSH-3.0.1 via errata patch (Instead of using release tarball)
Revision 1.72 / (download) - annotate - [select for diffs], Sat Nov 10 13:37:20 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.71: +1 -2 lines
Diff to previous 1.71 (colored)
remove extra debug()
Revision 1.71 / (download) - annotate - [select for diffs], Wed Nov 7 16:03:17 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.70: +23 -37 lines
Diff to previous 1.70 (colored)
pad using the padding field from the ssh2 packet instead of sending extra ignore messages. tested against several other ssh servers.
Revision 1.61.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:54 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.61: +70 -160 lines
Diff to previous 1.61 (colored)
Pull in OpenSSH-2.9.9
Revision 1.70 / (download) - annotate - [select for diffs], Thu Sep 27 11:59:37 2001 UTC (22 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.69: +2 -1 lines
Diff to previous 1.69 (colored)
missing called=1; chombier@mac.com
Revision 1.38.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:42 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.38.2.4: +70 -160 lines
Diff to previous 1.38.2.4 (colored) to branchpoint 1.38 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.69 / (download) - annotate - [select for diffs], Mon Jun 25 08:25:38 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
update copyright for 2001
Revision 1.68 / (download) - annotate - [select for diffs], Sat Jun 23 15:12:19 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.67: +8 -8 lines
Diff to previous 1.67 (colored)
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
Revision 1.67 / (download) - annotate - [select for diffs], Wed Jun 20 13:56:39 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.66: +2 -2 lines
Diff to previous 1.66 (colored)
move from channel_stop_listening to channel_free_all, call channel_free_all before calling waitpid() in serverloop. fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
Revision 1.66 / (download) - annotate - [select for diffs], Tue Jun 12 16:11:26 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
do not log() packet_set_maxsize
Revision 1.65 / (download) - annotate - [select for diffs], Thu Jun 7 20:23:04 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.64: +3 -3 lines
Diff to previous 1.64 (colored)
use xxx_put_cstring()
Revision 1.64 / (download) - annotate - [select for diffs], Thu May 31 10:30:16 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)
undo the .c file split, just merge the header and keep the cvs history
Revision 1.63 / (download) - annotate - [select for diffs], Wed May 30 12:55:11 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.62: +2 -3 lines
Diff to previous 1.62 (colored)
channel layer cleanup: merge header files and split .c files
Revision 1.62 / (download) - annotate - [select for diffs], Mon May 28 23:58:35 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.61: +58 -147 lines
Diff to previous 1.61 (colored)
remove some lines, simplify.
Revision 1.38.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:31 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_8
Changes since 1.38.2.3: +84 -73 lines
Diff to previous 1.38.2.3 (colored) to branchpoint 1.38 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.61 / (download) - annotate - [select for diffs], Thu Apr 5 10:42:51 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.60: +3 -3 lines
Diff to previous 1.60 (colored)
fix whitespace: unexpand + trailing spaces.
Revision 1.60 / (download) - annotate - [select for diffs], Thu Apr 5 10:39:03 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.59: +21 -8 lines
Diff to previous 1.59 (colored)
reset compress state per direction when rekeying.
Revision 1.59 / (download) - annotate - [select for diffs], Wed Apr 4 23:09:18 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.58: +14 -13 lines
Diff to previous 1.58 (colored)
clear+free keys,iv for rekeying. + fix DH mem leaks. ok niels@
Revision 1.58 / (download) - annotate - [select for diffs], Wed Apr 4 09:48:34 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.57: +3 -2 lines
Diff to previous 1.57 (colored)
don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments.
Revision 1.57 / (download) - annotate - [select for diffs], Tue Apr 3 23:32:12 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.56: +52 -56 lines
Diff to previous 1.56 (colored)
undo parts of recent my changes: main part of keyexchange does not need dispatch-callbacks, since application data is delayed until the keyexchange completes (if i understand the drafts correctly). add some infrastructure for re-keying.
Revision 1.38.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:26 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.38.2.2: +86 -14 lines
Diff to previous 1.38.2.2 (colored) to branchpoint 1.38 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.32.2.4 / (download) - annotate - [select for diffs], Wed Mar 21 18:52:55 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.32.2.3: +86 -14 lines
Diff to previous 1.32.2.3 (colored) to branchpoint 1.32 (colored) next main 1.33 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.32.2.3 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:12 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.32.2.2: +82 -78 lines
Diff to previous 1.32.2.2 (colored) to branchpoint 1.32 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.56 / (download) - annotate - [select for diffs], Sat Mar 3 21:41:07 2001 UTC (23 years, 2 months ago) by millert
Branch: MAIN
Changes since 1.55: +21 -11 lines
Diff to previous 1.55 (colored)
Dynamically allocate fd_set; deraadt@ OK
Revision 1.55 / (download) - annotate - [select for diffs], Thu Mar 1 02:45:10 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.54: +3 -3 lines
Diff to previous 1.54 (colored)
KNF
Revision 1.54 / (download) - annotate - [select for diffs], Wed Feb 28 21:27:47 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.53: +12 -4 lines
Diff to previous 1.53 (colored)
use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message use random content in ignore messages.
Revision 1.53 / (download) - annotate - [select for diffs], Wed Feb 28 09:57:06 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.52: +55 -1 lines
Diff to previous 1.52 (colored)
in ssh protocol v2 use ignore messages for padding (instead of trailing \0).
Revision 1.52 / (download) - annotate - [select for diffs], Tue Feb 27 10:35:27 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)
fix random padding
Revision 1.38.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:09 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.38.2.1: +0 -0 lines
Diff to previous 1.38.2.1 (colored) to branchpoint 1.38 (colored)
Pull in OpenSSH-2.5.1
Revision 1.38.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:08 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.38: +82 -78 lines
Diff to previous 1.38 (colored)
Pull in OpenSSH 2.5.0
Revision 1.51 / (download) - annotate - [select for diffs], Mon Feb 12 22:56:09 2001 UTC (23 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.50: +8 -3 lines
Diff to previous 1.50 (colored)
deal with EAGAIN/EINTR selects which were skipped
Revision 1.50 / (download) - annotate - [select for diffs], Sun Feb 11 12:59:25 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.49: +9 -16 lines
Diff to previous 1.49 (colored)
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
Revision 1.49 / (download) - annotate - [select for diffs], Thu Feb 8 19:30:52 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.48: +3 -3 lines
Diff to previous 1.48 (colored)
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
Revision 1.48 / (download) - annotate - [select for diffs], Sun Feb 4 15:32:24 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored)
unexpand and remove end-of-line whitespace; ok markus@
Revision 1.47 / (download) - annotate - [select for diffs], Sun Feb 4 13:30:12 2001 UTC (23 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.46: +1 -2 lines
Diff to previous 1.46 (colored)
remove duplicate #include's; ok markus@
Revision 1.46 / (download) - annotate - [select for diffs], Sun Jan 21 19:05:53 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.45: +3 -2 lines
Diff to previous 1.45 (colored)
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
Revision 1.45 / (download) - annotate - [select for diffs], Fri Jan 19 15:55:11 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.44: +2 -1 lines
Diff to previous 1.44 (colored)
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
Revision 1.44 / (download) - annotate - [select for diffs], Sat Jan 13 18:36:45 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.43: +5 -3 lines
Diff to previous 1.43 (colored)
reorder, typo
Revision 1.43 / (download) - annotate - [select for diffs], Sat Jan 13 18:32:50 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.42: +6 -9 lines
Diff to previous 1.42 (colored)
split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
Revision 1.42 / (download) - annotate - [select for diffs], Tue Jan 9 21:19:50 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.41: +10 -9 lines
Diff to previous 1.41 (colored)
allow TCP_NDELAY for ipv6; from netbsd via itojun@
Revision 1.41 / (download) - annotate - [select for diffs], Tue Jan 2 20:41:02 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.40: +5 -3 lines
Diff to previous 1.40 (colored)
log remote ip on disconnect; PR 1600, from jcs@rt.fm
Revision 1.40 / (download) - annotate - [select for diffs], Tue Dec 19 23:17:57 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.39: +40 -40 lines
Diff to previous 1.39 (colored)
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
Revision 1.39 / (download) - annotate - [select for diffs], Wed Dec 6 22:58:15 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.38: +4 -1 lines
Diff to previous 1.38 (colored)
disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
Revision 1.32.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 21:31:01 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.32.2.1: +60 -46 lines
Diff to previous 1.32.2.1 (colored) to branchpoint 1.32 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.38 / (download) - annotate - [select for diffs], Thu Oct 12 14:21:12 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
remove unused
Revision 1.37 / (download) - annotate - [select for diffs], Wed Oct 11 20:27:23 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.36: +29 -35 lines
Diff to previous 1.36 (colored)
new cipher framework
Revision 1.36 / (download) - annotate - [select for diffs], Tue Oct 3 17:59:57 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.35: +4 -4 lines
Diff to previous 1.35 (colored)
hmac->mac
Revision 1.35 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:52 2000 UTC (23 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.34: +28 -8 lines
Diff to previous 1.34 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.32.2.1 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:21 2000 UTC (23 years, 8 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.34 / (download) - annotate - [select for diffs], Sat Aug 19 02:17:12 2000 UTC (23 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.33: +4 -4 lines
Diff to previous 1.33 (colored)
rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to libz crc32 function yet, because it has ugly "long"'s in it; oneill@cs.sfu.ca
Revision 1.33 / (download) - annotate - [select for diffs], Tue Jun 20 01:39:43 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.32: +1 -1 lines
Diff to previous 1.32 (colored)
OpenBSD tag
Revision 1.32 / (download) - annotate - [select for diffs], Thu May 4 22:22:43 2000 UTC (24 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.31: +9 -4 lines
Diff to previous 1.31 (colored)
clear padding in ssh2
Revision 1.31 / (download) - annotate - [select for diffs], Mon May 1 07:40:03 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.30: +4 -11 lines
Diff to previous 1.30 (colored)
less debug, rm unused
Revision 1.30 / (download) - annotate - [select for diffs], Sun Apr 30 09:12:07 2000 UTC (24 years ago) by markus
Branch: MAIN
Changes since 1.29: +10 -3 lines
Diff to previous 1.29 (colored)
send debug messages in SSH2 format
Revision 1.29 / (download) - annotate - [select for diffs], Fri Apr 14 10:30:32 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.28: +13 -13 lines
Diff to previous 1.28 (colored)
whitespace cleanup
Revision 1.28 / (download) - annotate - [select for diffs], Fri Apr 14 10:09:15 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.27: +7 -1 lines
Diff to previous 1.27 (colored)
check payload for (illegal) extra data
Revision 1.27 / (download) - annotate - [select for diffs], Wed Apr 12 09:39:10 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.26: +4 -4 lines
Diff to previous 1.26 (colored)
#include <ssl/foo.h> -> <openssh/foo.h>
Revision 1.26 / (download) - annotate - [select for diffs], Tue Apr 4 21:37:27 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.25: +5 -5 lines
Diff to previous 1.25 (colored)
remove unused argument, split cipher_mask()
Revision 1.25 / (download) - annotate - [select for diffs], Mon Apr 3 20:12:55 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.24: +438 -44 lines
Diff to previous 1.24 (colored)
ssh2 packet format
Revision 1.24 / (download) - annotate - [select for diffs], Mon Apr 3 07:07:15 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.23: +33 -1 lines
Diff to previous 1.23 (colored)
channel layer support for ssh2
Revision 1.23 / (download) - annotate - [select for diffs], Tue Mar 28 20:31:27 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)
replace big switch() with function tables (prepare for ssh2)
Revision 1.22 / (download) - annotate - [select for diffs], Sat Feb 5 10:13:11 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.21: +8 -4 lines
Diff to previous 1.21 (colored)
missing xfree()
Revision 1.21 / (download) - annotate - [select for diffs], Sat Jan 22 20:20:28 2000 UTC (24 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
getsockname() requires initialized tolen; andy@guildsoftware.com
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jan 20 15:15:18 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)
use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; from Holger.Trapp@Informatik.TU-Chemnitz.DE
Revision 1.19 / (download) - annotate - [select for diffs], Tue Jan 4 00:07:59 2000 UTC (24 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.18: +54 -11 lines
Diff to previous 1.18 (colored)
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
Revision 1.18 / (download) - annotate - [select for diffs], Wed Dec 15 20:03:23 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.17: +5 -3 lines
Diff to previous 1.17 (colored)
"Connection closed by x.x.x.x": fatal() -> log()
Revision 1.17 / (download) - annotate - [select for diffs], Thu Dec 2 20:16:34 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.16: +7 -4 lines
Diff to previous 1.16 (colored)
set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
Revision 1.16 / (download) - annotate - [select for diffs], Wed Nov 24 19:53:48 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.15: +114 -67 lines
Diff to previous 1.15 (colored)
KNF, final part 3
Revision 1.15 / (download) - annotate - [select for diffs], Wed Nov 24 00:26:02 1999 UTC (24 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.14: +15 -15 lines
Diff to previous 1.14 (colored)
much more KNF
Revision 1.14 / (download) - annotate - [select for diffs], Tue Nov 23 22:25:54 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.13: +400 -421 lines
Diff to previous 1.13 (colored)
KNF part 1
Revision 1.13 / (download) - annotate - [select for diffs], Mon Nov 22 21:02:38 1999 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
Revision 1.12 / (download) - annotate - [select for diffs], Fri Nov 19 19:58:18 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.11: +21 -1 lines
Diff to previous 1.11 (colored)
SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@ [hope this time my ISP stays alive during commit]
Revision 1.11 / (download) - annotate - [select for diffs], Mon Nov 15 21:38:54 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.10: +5 -24 lines
Diff to previous 1.10 (colored)
remove support for cipher RC4
Revision 1.10 / (download) - annotate - [select for diffs], Tue Nov 2 19:42:36 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.9: +8 -4 lines
Diff to previous 1.9 (colored)
replace assert() with error, fatal or packet_disconnect
Revision 1.9 / (download) - annotate - [select for diffs], Tue Oct 5 01:23:54 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.8: +23 -1 lines
Diff to previous 1.8 (colored)
crc32 compensation attack fix from CORE-SDI. "it's not crypto..." -- deraadt@
Revision 1.8 / (download) - annotate - [select for diffs], Sun Oct 3 19:22:38 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
use SHUT_* symbols
Revision 1.7 / (download) - annotate - [select for diffs], Fri Oct 1 18:18:40 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
s/long/int/
Revision 1.6 / (download) - annotate - [select for diffs], Thu Sep 30 05:53:04 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.5: +1 -5 lines
Diff to previous 1.5 (colored)
"ssh is a very large program" -- anonymous
Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 30 05:11:29 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.4: +1 -11 lines
Diff to previous 1.4 (colored)
do not bother with dinosaur pacification
Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 30 05:03:04 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +1 -13 lines
Diff to previous 1.3 (colored)
cull more ancient garbage from pre-POSIX days
Revision 1.3 / (download) - annotate - [select for diffs], Wed Sep 29 18:16:19 1999 UTC (24 years, 7 months ago) by dugsong
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
Revision 1.2 / (download) - annotate - [select for diffs], Tue Sep 28 04:45:36 1999 UTC (24 years, 7 months ago) by provos
Branch: MAIN
Changes since 1.1: +80 -46 lines
Diff to previous 1.1 (colored)
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 20:53:36 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.