under SSH-2, don't risk looking at the length field of an incoming packet
until we've successfully MAC'ed the packet.
This requires a change to the MAC mechanics so that we can calculate MACs
incrementally, and output a MAC for the packet so far while still being
able to add more data to the packet later.
[originally from svn r8334]
strings more rigorously, and then we look up the local X authority
data in .Xauthority _ourself_ rather than delegating to an external
xauth program. This is (negligibly) more efficient on Unix, assuming
I haven't got it wrong in some subtle way, but its major benefit is
that we can now support X authority lookups on Windows as well
provided the user points us at an appropriate X authority file in
the standard format. A new Windows-specific config option has been
added for this purpose.
[originally from svn r8305]
addressing X displays. Update PuTTY's display-name-to-Unix-socket-
path translation code to cope with it, thus causing X forwarding to
start working again on Leopard.
[originally from svn r8020]
(Since we choose to compile with -Werror, this is particularly important.)
I haven't yet checked that the resulting source actually compiles cleanly with
GCC 4, hence not marking `gcc4-warnings' as fixed just yet.
[originally from svn r7041]
diffie-hellman-group-exchange-sha256, which the last DHGEX draft defined.
Code lifted from Simon's "crypto" directory, with changes to make it look
more like sshsh512.c.
[originally from svn r6252]
default preferred cipher), add code to inject SSH_MSG_IGNOREs to randomise
the IV when using CBC-mode ciphers. Each cipher has a flag to indicate
whether it needs this workaround, and the SSH packet output maze has gained
some extra complexity to implement it.
[originally from svn r5659]
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>
[originally from svn r5480]
- will now display a reason when it fails to load a key
- uses existing error return from native keys
- import.c had a lot of error descriptions which weren't going anywhere;
since the strings are probably taking up space in the binary, we
may as well use them
[originally from svn r5408]
of polishing to bring them to what I think should in principle be
release quality. Unlike the unfix.org patches themselves, this
checkin enables IPv6 by default; if you want to leave it out, you
have to build with COMPAT=-DNO_IPV6.
I have tested that this compiles on Visual C 7 (so the nightlies
_should_ acquire IPv6 support without missing a beat), but since I
don't have IPv6 set up myself I haven't actually tested that it
_works_. It still seems to make correct IPv4 connections, but that's
all I've been able to verify for myself. Further testing is needed.
[originally from svn r5047]
[this svn revision also touched putty-wishlist]
Change Settings, the port forwarding setup function is run again,
and tags all existing port forwardings as `do not keep'. Then it
iterates through the config in the normal way; when it encounters a
port forwarding which is already in the tree, it tags it `keep'
rather than setting it up from scratch. Finally, it goes through the
tree and removes any that haven't been labelled `keep'. Hence,
editing the list of forwardings in Change Settings has the effect of
cancelling any forwardings you remove, and adding any new ones.
The SSH panel now appears in the reconfig box, and is empty apart
from a message explaining that it has to be there for subpanels of
it to exist. Better wording for this message would be welcome.
[originally from svn r5030]
- new function platform_get_x_display() to find a sensible local display.
On Unix, the Gtk apps weren't taking account of --display when
determining where to send forwarded X traffic.
- explicitly document that leaving X display location blank in config tries
to do something sensible (and that it's now blank by default)
- don't override X11Display setting in plink, since that's more properly
done later
[originally from svn r4604]
when talking to SOCKS 5 proxies. Configures itself transparently (if
the proxy offers CHAP it will use it, otherwise it falls back to
ordinary cleartext passwords).
[originally from svn r4517]
on Linux, but the (very few) platform-specific bits are already
abstracted out of the main code, so it should port to other
platforms with a minimum of fuss.
[originally from svn r3762]
functions have sprouted `**errorstr' arguments, which if non-NULL can
return a textual error message. The interface additions are patchy and
ad-hoc since this seemed to suit the style of the existing interfaces.
I've since realised that most of this is masked by sanity-checking that
gets done before these functions are called, but it will at least report
MAC failures and the like (tested on Unix), which was the original point
of the exercise.
Note that not everyone who could be using this information is at the
moment.
[originally from svn r3430]
with the crc32() function in the zlib interface. (Not that PuTTY
itself _uses_ zlib, but on Unix it's linked against libgtk which
uses libpng which uses zlib. And zlib has poor namespace management
so it defines this ridiculously intrusive function name. Arrrrgh.)
[originally from svn r3191]
underlying integer type forming the Bignum. Using this, arranged
that gcc/x86 uses 32-bit chunks rather than the guaranteed ANSI-
portable 16-bit chunks. This has gained another 30% on key exchanges
by my measurements, but I'm not yet convinced that it's all
perfectly robust - it seems to work fine for SSH1 and SSH2/RSA but
I haven't ensured that every bignum routine is actually being
tested, so it may yet show up problems in DSA or key generation.
[originally from svn r3135]
supports SOCKS 4, SOCKS 4A and SOCKS 5 (well, actually IPv6 in SOCKS
5 isn't supported, but it'll be no difficulty once I actually get
round to it). Thanks to Chas Honton for his `stone soup' patch: I
didn't end up actually using any of his code, but it galvanised me
into doing it properly myself :-)
[originally from svn r3055]
opaque to all platform-independent modules and only handled within
per-platform code. `Filename' is there because the Mac has a magic
way to store filenames (though currently this checkin doesn't
support it!); `FontSpec' is there so that all the auxiliary stuff
such as font height and charset and so on which is needed under
Windows but not Unix can be kept where it belongs, and so that I can
have a hope in hell of dealing with a font chooser in the forthcoming
cross-platform config box code, and best of all it gets the horrid
font height wart out of settings.c and into the Windows code where
it should be.
The Mac part of this checkin is a bunch of random guesses which will
probably not quite compile, but which look roughly right to me.
Sorry if I screwed it up, Ben :-)
[originally from svn r2765]
areas of the code. Not all back-ends have been tested, but Telnet and SSH
behave reasonably.
Incidentally, almost all of this patch was written through Mac PuTTY,
admittedly over a Telnet connection.
[originally from svn r2615]
proxy-indirection network functions (name_lookup, new_connection,
new_listener) takes a `const Config *' as an argument, and extracts
enough information from it before returning to handle that
particular network operation in accordance with the proxy settings
it specifies. This involved {win,ux}net.c due to a `const'
repercussion.
[originally from svn r2567]
the remote IP/port data provided by the server for forwarded
connections. Disabled by default, since it's incompatible with SSH2,
probably incompatible with some X clients, and tickles a bug in
at least one version of OpenSSH.
[originally from svn r2554]
we're going to be a security program, we can at least make a token
effort to use the most secure local X auth available! And I'm still
half-tempted to see if I can support it for remote X servers too...
[originally from svn r2537]
Windows and Mac backends have acquired auth-finding functions which
do nothing; Unix backend has acquired one which actually works, so
Plink can now do X forwarding believably.
(This checkin stretches into some unlikely parts of the code because
there have been one or two knock-on effects involving `const'. Bah.)
[originally from svn r2536]
from import.c to ssh.h, so that the implementation can see them. This
necessitates ssh.h's including <stdio.h>.
Also remove a spare prototype for base64_encode_atom() from import.c.
[originally from svn r2481]
absent, and also (I think) all the frontend request functions (such
as request_resize) take a context pointer, so that multiple windows
can be handled sensibly. I wouldn't swear to this, but I _think_
that only leaves the Unicode stuff as the last stubborn holdout.
[originally from svn r2147]
As a result I've now been able to turn the global variables `back'
and `backhandle' into module-level statics in the individual front
ends. Now _that's_ progress!
[originally from svn r2142]
Ben Harris
Simon Tatham
Jacob Nevins