Граф коммитов

99 Коммитов

Автор SHA1 Сообщение Дата
Simon Tatham 14d825d42f OS X Leopard, it turns out, has a new and exciting strategy for
addressing X displays. Update PuTTY's display-name-to-Unix-socket-
path translation code to cope with it, thus causing X forwarding to
start working again on Leopard.

[originally from svn r8020]
2008-05-28 19:23:57 +00:00
Ben Harris dad558a1e5 Add support for RFC 4432 RSA key exchange, the patch for which has been
lying around in my home directory for _years_.

[originally from svn r7496]
2007-04-30 22:09:26 +00:00
Jacob Nevins cd94e3bc3c Patch from Colin Watson intended to give a clean Unix compile with GCC 4.
(Since we choose to compile with -Werror, this is particularly important.)

I haven't yet checked that the resulting source actually compiles cleanly with
GCC 4, hence not marking `gcc4-warnings' as fixed just yet.

[originally from svn r7041]
2006-12-30 23:00:14 +00:00
Jacob Nevins 078c516a45 Dimitry Andric spotted that DH gex with SHA-256 was overflowing a buffer.
Fixed, and added paranoia so that this shouldn't happen again.

[originally from svn r6606]
[this svn revision also touched putty-wishlist]
2006-03-12 19:24:05 +00:00
Jacob Nevins 2cf27e43bb Log the hash used for DH kex (now there's a choice).
[originally from svn r6605]
2006-03-12 15:39:19 +00:00
Jacob Nevins c14f259ba2 Allow rsakey_pubblob() to return the key comment.
(like r6433 but for SSH-1)

[originally from svn r6434]
[r6433 == 49d2cf19ac]
2005-10-30 15:16:42 +00:00
Jacob Nevins 49d2cf19ac Add ability for ssh2_userkey_loadpub() to return the key comment.
(Not actually used currently, but it makes life easier for a patch I'm
working on.)

[originally from svn r6433]
2005-10-30 13:42:36 +00:00
Ben Harris c0d36aa00a Implement hmac-sha1-96. It's RECOMMENDED in the current transport draft,
and we don't have any strong reason not to implement it, for all that it's
rather pointless.

[originally from svn r6284]
2005-09-10 16:19:53 +00:00
Ben Harris a42d103cf9 Restructure things so that a single entry in the KEX preference list can
correspond to multiple SSH-2 KEX algorithms.  We already do the equivalent
for cipher algorithms.

[originally from svn r6262]
2005-09-03 13:41:43 +00:00
Ben Harris 8d0c333946 SHA-256 implementation, for use in future KEX algorithms, in particular
diffie-hellman-group-exchange-sha256, which the last DHGEX draft defined.
Code lifted from Simon's "crypto" directory, with changes to make it look
more like sshsh512.c.

[originally from svn r6252]
2005-08-31 21:48:22 +00:00
Ben Harris a59356aa74 Add infrastructure for supporting multiple hashes in key exchange.
Nothing very surprising here.

[originally from svn r6251]
2005-08-31 20:43:06 +00:00
Ben Harris 11d5c791ac Rename ssh_md5 and ssh_sha1 to ssh_hmac_md5 and ssh_hmac_sha1 respectively.
This is to make room for a hash abstraction that's likely to want to use
ssh_sha1, at least.

[originally from svn r6249]
2005-08-31 19:11:19 +00:00
Ben Harris f2b0335c48 Now that we've got at least some SDCTR modes working (and aes256-ctr is our
default preferred cipher), add code to inject SSH_MSG_IGNOREs to randomise
the IV when using CBC-mode ciphers.  Each cipher has a flag to indicate
whether it needs this workaround, and the SSH packet output maze has gained
some extra complexity to implement it.

[originally from svn r5659]
2005-04-23 16:22:51 +00:00
Ben Harris 09951c6078 Implement my experimental arcfour modes. The 256-bit version is disabled
until I can test it against someone else's implementation.

[originally from svn r5633]
2005-04-14 22:58:29 +00:00
Jacob Nevins 5aa719d16e Consistently use a single notation to refer to SSH protocol versions, as
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>

[originally from svn r5480]
2005-03-10 16:36:05 +00:00
Jacob Nevins bd6eadd196 Improvements to PuTTYgen error reporting:
- will now display a reason when it fails to load a key
 - uses existing error return from native keys
 - import.c had a lot of error descriptions which weren't going anywhere;
   since the strings are probably taking up space in the binary, we
   may as well use them

[originally from svn r5408]
2005-02-27 23:01:11 +00:00
Simon Tatham 5e2305bdc9 Owen tells me the Mac compiler complains at a char / unsigned char
mismatch in the invocation of hmacmd5_key(). Do it properly with a
void * argument.

[originally from svn r5117]
2005-01-16 14:02:56 +00:00
Simon Tatham 6daf6faede Integrate unfix.org's IPv6 patches up to level 10, with rather a lot
of polishing to bring them to what I think should in principle be
release quality. Unlike the unfix.org patches themselves, this
checkin enables IPv6 by default; if you want to leave it out, you
have to build with COMPAT=-DNO_IPV6.

I have tested that this compiles on Visual C 7 (so the nightlies
_should_ acquire IPv6 support without missing a beat), but since I
don't have IPv6 set up myself I haven't actually tested that it
_works_. It still seems to make correct IPv4 connections, but that's
all I've been able to verify for myself. Further testing is needed.

[originally from svn r5047]
[this svn revision also touched putty-wishlist]
2004-12-30 16:45:11 +00:00
Simon Tatham 81df0d4253 SSH port forwarding is now configurable in mid-session. After doing
Change Settings, the port forwarding setup function is run again,
and tags all existing port forwardings as `do not keep'. Then it
iterates through the config in the normal way; when it encounters a
port forwarding which is already in the tree, it tags it `keep'
rather than setting it up from scratch. Finally, it goes through the
tree and removes any that haven't been labelled `keep'. Hence,
editing the list of forwardings in Change Settings has the effect of
cancelling any forwardings you remove, and adding any new ones.

The SSH panel now appears in the reconfig box, and is empty apart
from a message explaining that it has to be there for subpanels of
it to exist. Better wording for this message would be welcome.

[originally from svn r5030]
2004-12-28 14:07:05 +00:00
Simon Tatham 56d5dc7eec Support diffie-hellman-group14-sha1 group exchange. Tested against
locally built OpenSSH 3.9, and seems to work fine.

[originally from svn r5018]
2004-12-22 10:53:58 +00:00
Jacob Nevins 98028c746f X forwarding changes:
- new function platform_get_x_display() to find a sensible local display.
   On Unix, the Gtk apps weren't taking account of --display when
   determining where to send forwarded X traffic.
 - explicitly document that leaving X display location blank in config tries
   to do something sensible (and that it's now blank by default)
 - don't override X11Display setting in plink, since that's more properly
   done later

[originally from svn r4604]
2004-10-06 22:31:07 +00:00
Jacob Nevins fb92f118bd Mention the negotiated SSH-2 MAC algorithm(s) in the Event Log.
(It should be possible to at least see what MAC is in use without going to a
SSH packet log.)

[originally from svn r4591]
2004-09-29 23:57:03 +00:00
Simon Tatham 3af7d33340 Malcolm Smith's patch to support CHAP (digest-based) authentication
when talking to SOCKS 5 proxies. Configures itself transparently (if
the proxy offers CHAP it will use it, otherwise it falls back to
ordinary cleartext passwords).

[originally from svn r4517]
2004-08-30 13:11:17 +00:00
Simon Tatham 4217269931 Merged SSH1 robustness changes from 0.55 release branch on to trunk.
[originally from svn r4379]
2004-08-01 12:07:11 +00:00
Simon Tatham a2acc6ae0d RJK's patch to enable PuTTY's X forwarding to connect to local X
servers using Unix sockets (on Unix only, obviously!).

[originally from svn r4263]
2004-05-31 14:01:52 +00:00
Simon Tatham 2d1287b9ca Added a command-line key generation tool. Currently builds and runs
on Linux, but the (very few) platform-specific bits are already
abstracted out of the main code, so it should port to other
platforms with a minimum of fuss.

[originally from svn r3762]
2004-01-22 19:15:32 +00:00
Jacob Nevins eebc7529ed Work towards wish `keyfile-diagnostic'. Many sshpubk.c keyfile-loading
functions have sprouted `**errorstr' arguments, which if non-NULL can
return a textual error message. The interface additions are patchy and
ad-hoc since this seemed to suit the style of the existing interfaces.

I've since realised that most of this is masked by sanity-checking that
gets done before these functions are called, but it will at least report
MAC failures and the like (tested on Unix), which was the original point
of the exercise.

Note that not everyone who could be using this information is at the
moment.

[originally from svn r3430]
2003-08-29 22:52:57 +00:00
Simon Tatham 06e6997a74 Rename crc32() to crc32_compute(), to avoid clashing catastrophically
with the crc32() function in the zlib interface. (Not that PuTTY
itself _uses_ zlib, but on Unix it's linked against libgtk which
uses libpng which uses zlib. And zlib has poor namespace management
so it defines this ridiculously intrusive function name. Arrrrgh.)

[originally from svn r3191]
2003-05-13 18:23:43 +00:00
Simon Tatham 6bb121ecb9 Colin's const-fixing Patch Of Death. Seems to build fine on Windows
as well as Unix, so it can go in.

[originally from svn r3162]
2003-05-04 14:18:18 +00:00
Simon Tatham afd4b4d662 Added framework to sshbn.c to make it possible to vary the
underlying integer type forming the Bignum. Using this, arranged
that gcc/x86 uses 32-bit chunks rather than the guaranteed ANSI-
portable 16-bit chunks. This has gained another 30% on key exchanges
by my measurements, but I'm not yet convinced that it's all
perfectly robust - it seems to work fine for SSH1 and SSH2/RSA but
I haven't ensured that every bignum routine is actually being
tested, so it may yet show up problems in DSA or key generation.

[originally from svn r3135]
2003-04-23 14:48:57 +00:00
Simon Tatham 8a3ff2bf3e Dynamic port forwarding by means of a local SOCKS server. Fully
supports SOCKS 4, SOCKS 4A and SOCKS 5 (well, actually IPv6 in SOCKS
5 isn't supported, but it'll be no difficulty once I actually get
round to it). Thanks to Chas Honton for his `stone soup' patch: I
didn't end up actually using any of his code, but it galvanised me
into doing it properly myself :-)

[originally from svn r3055]
2003-04-05 11:45:21 +00:00
Simon Tatham f26b7aa0d3 Created new data types `Filename' and `FontSpec', intended to be
opaque to all platform-independent modules and only handled within
per-platform code. `Filename' is there because the Mac has a magic
way to store filenames (though currently this checkin doesn't
support it!); `FontSpec' is there so that all the auxiliary stuff
such as font height and charset and so on which is needed under
Windows but not Unix can be kept where it belongs, and so that I can
have a hope in hell of dealing with a font chooser in the forthcoming
cross-platform config box code, and best of all it gets the horrid
font height wart out of settings.c and into the Windows code where
it should be.
The Mac part of this checkin is a bunch of random guesses which will
probably not quite compile, but which look roughly right to me.
Sorry if I screwed it up, Ben :-)

[originally from svn r2765]
2003-02-01 12:54:40 +00:00
Ben Harris 694aafa071 Add the ability to close sessions. This adds *_free() functions to most
areas of the code.  Not all back-ends have been tested, but Telnet and SSH
behave reasonably.

Incidentally, almost all of this patch was written through Mac PuTTY,
admittedly over a Telnet connection.

[originally from svn r2615]
2003-01-15 23:30:21 +00:00
Simon Tatham 952857fca3 proxy.c now no longer refers to `cfg'. Instead, each of the three
proxy-indirection network functions (name_lookup, new_connection,
new_listener) takes a `const Config *' as an argument, and extracts
enough information from it before returning to handle that
particular network operation in accordance with the proxy settings
it specifies. This involved {win,ux}net.c due to a `const'
repercussion.

[originally from svn r2567]
2003-01-12 15:26:10 +00:00
Simon Tatham 5ecbac2441 There's no real need for portfwd.c to reference `cfg' directly, when
it only needs one item from it and that can easily be passed in from
the call site in ssh.c.

[originally from svn r2564]
2003-01-12 14:56:19 +00:00
Simon Tatham fee1624c69 Support for XDM-AUTHORIZATION-1 at the SSH server end, making use of
the remote IP/port data provided by the server for forwarded
connections. Disabled by default, since it's incompatible with SSH2,
probably incompatible with some X clients, and tickles a bug in
at least one version of OpenSSH.

[originally from svn r2554]
2003-01-12 14:11:38 +00:00
Ben Harris 3aec19fa72 Move the prototype for platform_get_x11_auth() from x11fwd.c to ssh.h so that
it can be checked against the implementation.

[originally from svn r2542]
2003-01-11 14:20:00 +00:00
Simon Tatham 87f9446a26 Support XDM-AUTHORIZATION-1 for connecting to local X servers. If
we're going to be a security program, we can at least make a token
effort to use the most secure local X auth available! And I'm still
half-tempted to see if I can support it for remote X servers too...

[originally from svn r2537]
2003-01-11 09:31:54 +00:00
Simon Tatham 86977efa81 Introduce framework for authenticating with the local X server.
Windows and Mac backends have acquired auth-finding functions which
do nothing; Unix backend has acquired one which actually works, so
Plink can now do X forwarding believably.
(This checkin stretches into some unlikely parts of the code because
there have been one or two knock-on effects involving `const'. Bah.)

[originally from svn r2536]
2003-01-10 18:33:35 +00:00
Ben Harris a6c994ca94 Move prototypes for base64_decode_atom(), base64_lines(), and base64_encode()
from import.c to ssh.h, so that the implementation can see them.  This
necessitates ssh.h's including <stdio.h>.
Also remove a spare prototype for base64_encode_atom() from import.c.

[originally from svn r2481]
2003-01-05 23:28:02 +00:00
Ben Harris 3f055f22d8 Move x11fwd and portfwd prototypes from ssh.c into ssh.h so they can be seen
by (and checked against) the definitions.

[originally from svn r2474]
2003-01-05 22:53:23 +00:00
Simon Tatham 4756c15fc9 Yet more global-removal. The static variables in logging.c are now
absent, and also (I think) all the frontend request functions (such
as request_resize) take a context pointer, so that multiple windows
can be handled sensibly. I wouldn't swear to this, but I _think_
that only leaves the Unicode stuff as the last stubborn holdout.

[originally from svn r2147]
2002-10-26 12:58:13 +00:00
Simon Tatham 24530b945e Port forwarding module now passes backend handles around properly.
As a result I've now been able to turn the global variables `back'
and `backhandle' into module-level statics in the individual front
ends. Now _that's_ progress!

[originally from svn r2142]
2002-10-26 10:33:59 +00:00
Simon Tatham 5df8e45c2e The Zlib module now uses dynamically allocated contexts. I think
that completes the static-removal in the crypto library. Ooh.

[originally from svn r2136]
2002-10-25 13:26:33 +00:00
Simon Tatham db7196c174 Diffie-Hellman key exchange now uses a dynamically allocated context.
[originally from svn r2135]
2002-10-25 13:08:01 +00:00
Simon Tatham 107d1d875d SSH CRC attack detector now uses a dynamically allocated context.
[originally from svn r2132]
2002-10-25 12:58:21 +00:00
Simon Tatham 8f91f07599 SSH2 MACs now use dynamically allocated contexts.
[originally from svn r2131]
2002-10-25 12:51:28 +00:00
Simon Tatham 9848062b86 SSH ciphers now use dynamically allocated contexts.
[originally from svn r2130]
2002-10-25 12:35:22 +00:00
Simon Tatham 72ff571148 Major destabilisation, phase 2. This time it's the backends' turn:
each backend now stores all its internal variables in a big struct,
and each backend function gets a pointer to this struct passed to
it. This still isn't the end of the work - lots of subsidiary things
still use globals, notably all the cipher and compressor modules and
the X11 forwarding authentication stuff. But ssh.c itself has now
been transformed, and that was the really painful bit, so from here
on it all ought to be a sequence of much smaller and simpler pieces
of work.

[originally from svn r2127]
2002-10-25 11:30:33 +00:00
Simon Tatham ed29fdc91c Add some basic framework code preparatory to adding key export.
[originally from svn r1675]
2002-05-13 16:56:11 +00:00