History log of /openssh-portable/packet.h (Results 1 – 25 of 98)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_8_6_P1, V_8_5_P1, V_8_4_P1, V_8_3_P1
# 714e1cbc 06-Mar-2020 markus@openbsd.org

upstream: sshpkt_fatal() does not return; ok djm

OpenBSD-Commit-ID: 7dfe847e28bd78208eb227b37f29f4a2a0929929


Revision tags: V_8_2_P1, V_8_1_P1
# 670104b9 06-Sep-2019 djm@openbsd.org

upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@

OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f


Revision tags: V_8_0_P1
# 71e67fff 21-Jan-2019 djm@openbsd.org

upstream: pass values used in KEX hash computation as sshbuf

rather than pointer+len

suggested by me; implemented by markus@ ok me

OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0


# 7be8572b 21-Jan-2019 djm@openbsd.org

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commit-ID: 576bf784f9a240f5a1

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9

show more ...


# ad60b117 19-Jan-2019 djm@openbsd.org

upstream: allow sshpkt_fatal() to take a varargs format; we'll

use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@

OpenBSD-Commit-ID: de57211f954

upstream: allow sshpkt_fatal() to take a varargs format; we'll

use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@

OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50

show more ...


# 0fa174eb 19-Jan-2019 djm@openbsd.org

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requi

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4

show more ...


Revision tags: V_7_9_P1, V_7_8_P1
# 89dd615b 09-Jul-2018 markus@openbsd.org

upstream: ttymodes: switch to sshbuf API; ok djm@

OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429


# f28a4d5c 06-Jul-2018 sf@openbsd.org

upstream: Remove unused ssh_packet_start_compression()

ok markus@

OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4


Revision tags: V_7_7_P1
# 48c23a39 10-Dec-2017 dtucker@openbsd.org

upstream commit

Put remote client info back into the ClientAlive
connection termination message. Based in part on diff from lars.nooden at
gmail, ok djm

OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb529

upstream commit

Put remote client info back into the ClientAlive
connection termination message. Based in part on diff from lars.nooden at
gmail, ok djm

OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0

show more ...


# 35eb33fb 24-Oct-2017 djm@openbsd.org

upstream commit

add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)

ok markus@

Upstream-ID:

upstream commit

add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)

ok markus@

Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5

show more ...


Revision tags: V_7_6_P1
# dbee4119 12-Sep-2017 djm@openbsd.org

upstream commit

refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels fu

upstream commit

refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f

show more ...


# 1e0cdf8e 31-May-2017 markus@openbsd.org

upstream commit

clear session keys from memory; ok djm@

Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f


# 5f4082d8 30-May-2017 markus@openbsd.org

upstream commit

sshd: pass struct ssh to auth functions; ok djm@

Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488


# 768405fd 03-May-2017 naddy@openbsd.org

upstream commit

remove miscellaneous SSH1 leftovers; ok markus@

Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c


# 3d6d09f2 30-Apr-2017 djm@openbsd.org

upstream commit

remove SSHv1 support from packet and buffer APIs

ok markus@

Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9


# 97f4d308 30-Apr-2017 djm@openbsd.org

upstream commit

remove compat20/compat13/compat15 variables

ok markus@

Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c


Revision tags: V_7_5_P1
# 07edd7e9 03-Feb-2017 djm@openbsd.org

upstream commit

add ssh_packet_set_log_preamble() to allow inclusion of a
preamble string in disconnect messages; ok markus@

Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead


# c998bf0a 02-Feb-2017 dtucker@openbsd.org

upstream commit

Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a si

upstream commit

Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.

rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).

some early guidance deraadt@, ok djm@

Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c

show more ...


Revision tags: V_7_4_P1
# 39af7b44 11-Oct-2016 djm@openbsd.org

upstream commit

Add a per-packet input hook that is called with the
decrypted packet contents. This will be used for fuzzing; ok markus@

Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc


# 8d057847 30-Sep-2016 markus@openbsd.org

upstream commit

ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel

upstream commit

ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client and server on different machines. feedback
& ok djm@

Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b

show more ...


# 0082fba4 28-Sep-2016 djm@openbsd.org

upstream commit

Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both

upstream commit

Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.

Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.

Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@

NB. pre-auth authentication has been disabled by default in sshd
for >10 years.

Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf

show more ...


Revision tags: V_7_3_P1, V_7_2_P2
# 95767262 07-Mar-2016 djm@openbsd.org

upstream commit

refactor canohost.c: move functions that cache results closer
to the places that use them (authn and session code). After this, no state is
cached in canohost.c

feedback and ok ma

upstream commit

refactor canohost.c: move functions that cache results closer
to the places that use them (authn and session code). After this, no state is
cached in canohost.c

feedback and ok markus@

Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e

show more ...


Revision tags: V_7_2_P1
# 19bcf2ea 08-Feb-2016 djm@openbsd.org

upstream commit

refactor activation of rekeying

This makes automatic rekeying internal to the packet code (previously
the server and client loops needed to assist). In doing to it makes
application

upstream commit

refactor activation of rekeying

This makes automatic rekeying internal to the packet code (previously
the server and client loops needed to assist). In doing to it makes
application of rekey limits more accurate by accounting for packets
about to be sent as well as packets queued during rekeying events
themselves.

Based on a patch from dtucker@ which was in turn based on a patch
Aleksander Adamowski in bz#2521; ok markus@

Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8

show more ...


# 921ff00b 28-Jan-2016 dtucker@openbsd.org

upstream commit

Allow RekeyLimits in excess of 4G up to 2**63 bits
(limited by the return type of scan_scaled). Part of bz#2521, ok djm.

Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979


# a3068638 14-Jan-2016 markus@openbsd.org

upstream commit

remove roaming support; ok djm@

Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56


1234