Граф коммитов

43 Коммитов

Автор SHA1 Сообщение Дата
Jacob Nevins c9326ad81b Make key file import robust against a PPK file that has somehow lost its
final newline. From Debian bug #414784, based on a patch by Justin Pryzby.

[originally from svn r8323]
2008-11-23 20:11:12 +00:00
Simon Tatham 4fa9564c90 Fix `puttygen-unix-perms': f_open(), PuTTY's wrapper on fopen, now
takes a third argument which is TRUE if the file is being opened for
writing and wants to be created in such a way that it's readable
only to the owner. This is used when saving private keys.

While I'm here, I also use this option when writing session logs, on
the general principle that they probably contain _something_
sensitive.

The new argument is only supported on Unix, for the moment. (I think
writing owner-accessible-only files is the default on Windows.)

[originally from svn r7084]
2007-01-09 18:14:30 +00:00
Jacob Nevins cd94e3bc3c Patch from Colin Watson intended to give a clean Unix compile with GCC 4.
(Since we choose to compile with -Werror, this is particularly important.)

I haven't yet checked that the resulting source actually compiles cleanly with
GCC 4, hence not marking `gcc4-warnings' as fixed just yet.

[originally from svn r7041]
2006-12-30 23:00:14 +00:00
Jacob Nevins ff05fb7ccc Fixes to make r6434 actually useful.
[originally from svn r6435]
[r6434 == c14f259ba2]
2005-10-30 16:28:45 +00:00
Jacob Nevins c14f259ba2 Allow rsakey_pubblob() to return the key comment.
(like r6433 but for SSH-1)

[originally from svn r6434]
[r6433 == 49d2cf19ac]
2005-10-30 15:16:42 +00:00
Jacob Nevins 49d2cf19ac Add ability for ssh2_userkey_loadpub() to return the key comment.
(Not actually used currently, but it makes life easier for a patch I'm
working on.)

[originally from svn r6433]
2005-10-30 13:42:36 +00:00
Jacob Nevins 6eec320f0b Unify GET_32BIT()/PUT_32BIT() et al from numerous source files into misc.h.
I've done a bit of testing (not exhaustive), and I don't _think_ I've broken
anything...

[originally from svn r5632]
2005-04-12 20:04:56 +00:00
Jacob Nevins 5aa719d16e Consistently use a single notation to refer to SSH protocol versions, as
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>

[originally from svn r5480]
2005-03-10 16:36:05 +00:00
Jacob Nevins 6be9bb74bb rm incorrect comment
[originally from svn r5429]
2005-03-02 00:31:33 +00:00
Jacob Nevins ec76c24084 Fix off-by-one in memory management of PPK reading routine, which could cause
1-byte buffer overflow when reading .PPK files with long lines (>=128 bytes
in header value -- probably only happened in practice in the comment field).

[originally from svn r5427]
2005-03-01 23:48:45 +00:00
Jacob Nevins d88995b856 The comment that Private-Hash: was not allowed in DSS PuTTY-User-Key-File-1
keys was apparently incorrect; prior to r1413, it was both allowed, and
generated for passphraseless keys. Remove it and associated validation so that
people are able to load such keys into PuTTYgen to upgrade them, as suggested.

[originally from svn r5403]
[r1413 == 6608016fc2]
2005-02-26 15:50:29 +00:00
Simon Tatham 15c96004a7 Trivial bug fix pointed out by Paul Fox: potentially missing fclose().
[originally from svn r4877]
2004-11-22 11:02:44 +00:00
Simon Tatham 4217269931 Merged SSH1 robustness changes from 0.55 release branch on to trunk.
[originally from svn r4379]
2004-08-01 12:07:11 +00:00
Simon Tatham 72083d11ac Reasonably thorough test suite for command-line PuTTYgen, and
several bugs fixed in the process of constructing same.

[originally from svn r3767]
2004-01-24 17:16:37 +00:00
Simon Tatham 2d1287b9ca Added a command-line key generation tool. Currently builds and runs
on Linux, but the (very few) platform-specific bits are already
abstracted out of the main code, so it should port to other
platforms with a minimum of fuss.

[originally from svn r3762]
2004-01-22 19:15:32 +00:00
Simon Tatham a06375ab96 I _think_ this should fix the problem reported by `Stacey': failure
to fclose a private key file.

[originally from svn r3552]
2003-11-19 17:30:16 +00:00
Jacob Nevins 2cde290c77 Oops. Fix a bug in my `keyfile-diagnostic' work which caused SSH-2 key loading
in pageant (and presumably puttygen) to crash.

[originally from svn r3450]
2003-09-10 12:30:10 +00:00
Jacob Nevins 3796897d7c Change an incorrect comment about "PuTTY-User-Key-File-2" private key format
after discussion with Simon.

[originally from svn r3440]
2003-09-02 19:02:06 +00:00
Jacob Nevins 15ac9c09eb When loading SSH-2 key, ignore passphrase argument if key is unencrypted.
This should get rid of a problem that three or four people reported where
PuTTY intermittently reports "Unable to load private key" (MAC failed).

(ssh.c:do_ssh2_authconn() should also initialise its passphrase so it's not
passing garbage passphrases around, of course, but I haven't yet worked out
where the best place in the auth loop to do that would be.)

[originally from svn r3439]
2003-09-02 19:00:17 +00:00
Jacob Nevins eebc7529ed Work towards wish `keyfile-diagnostic'. Many sshpubk.c keyfile-loading
functions have sprouted `**errorstr' arguments, which if non-NULL can
return a textual error message. The interface additions are patchy and
ad-hoc since this seemed to suit the style of the existing interfaces.

I've since realised that most of this is masked by sanity-checking that
gets done before these functions are called, but it will at least report
MAC failures and the like (tested on Unix), which was the original point
of the exercise.

Note that not everyone who could be using this information is at the
moment.

[originally from svn r3430]
2003-08-29 22:52:57 +00:00
Simon Tatham d36a4c3685 Introduced wrapper macros snew(), snewn() and sresize() for the
malloc functions, which automatically cast to the same type they're
allocating the size of. Should prevent any future errors involving
mallocing the size of the wrong structure type, and will also make
life easier if we ever need to turn the PuTTY core code from real C
into C++-friendly C. I haven't touched the Mac frontend in this
checkin because I couldn't compile or test it.

[originally from svn r3014]
2003-03-29 16:14:26 +00:00
Simon Tatham 8aa218fd1d Initialise a variable that might otherwise have caused trouble.
Thanks to Ross Younger.

[originally from svn r2769]
2003-02-01 17:25:06 +00:00
Simon Tatham f26b7aa0d3 Created new data types `Filename' and `FontSpec', intended to be
opaque to all platform-independent modules and only handled within
per-platform code. `Filename' is there because the Mac has a magic
way to store filenames (though currently this checkin doesn't
support it!); `FontSpec' is there so that all the auxiliary stuff
such as font height and charset and so on which is needed under
Windows but not Unix can be kept where it belongs, and so that I can
have a hope in hell of dealing with a font chooser in the forthcoming
cross-platform config box code, and best of all it gets the horrid
font height wart out of settings.c and into the Windows code where
it should be.
The Mac part of this checkin is a bunch of random guesses which will
probably not quite compile, but which look roughly right to me.
Sorry if I screwed it up, Ben :-)

[originally from svn r2765]
2003-02-01 12:54:40 +00:00
Ben Harris 2af5d85989 Fix more unsigned char * vs char * warnings, usually by making implicit
casts explicit.

[originally from svn r2464]
2003-01-05 14:11:14 +00:00
Simon Tatham 442a360fb2 Support username and password authentication when talking to HTTP
proxies.

[originally from svn r1971]
2002-09-21 14:03:05 +00:00
Simon Tatham ff5241c1ed Added export of ssh.com key files.
[originally from svn r1682]
2002-05-15 19:16:45 +00:00
Simon Tatham 8c3a0eb50b Improved error messages if you use the wrong key type: you should
now be told that the key is the wrong type, _and_ what type it is,
rather than being given a blanket `unable to read key file' message.

[originally from svn r1662]
2002-05-11 12:13:42 +00:00
Simon Tatham cf356a9a5f Pageant is now able to avoid asking for the passphrase when asked to
load a key that is already loaded. This makes command lines such as
`pageant mykey -c mycommand' almost infinitely more useful.

[originally from svn r1522]
2001-12-30 15:58:17 +00:00
Simon Tatham 6608016fc2 INCOMPATIBLE CHANGE to the SSH2 private key file format. There is
now a passphrase-keyed MAC covering _all_ important data in the
file, including the public blob and the key comment. Should
conclusively scupper any attacks based on nobbling the key file in
an attempt to sucker the machine that decrypts it. MACing the
comment field also protects against a key-substitution attack (if
someone's worked out a way past our DSA protections and can extract
the private key from a signature, swapping key files and
substituting comments might just enable them to get the signature
they need to do this. Paranoid, but might as well).

[originally from svn r1413]
2001-11-25 14:31:46 +00:00
Simon Tatham d345ebc2a5 Add support for DSA authentication in SSH2, following clever ideas
on how to get round the problem of generating a good k.

[originally from svn r1284]
2001-09-22 20:52:21 +00:00
Simon Tatham 3730ada5ce Run entire source base through GNU indent to tidy up the varying
coding styles of the various contributors! Woohoo!

[originally from svn r1098]
2001-05-06 14:35:20 +00:00
Simon Tatham 522f130391 Pageant interface changes. You can now do `pageant -c command' to
spawn another command after starting Pageant. Also, if Pageant is
already running, `pageant keyfile' and `pageant -c command' will do
the Right Thing, that is, add the key to the _first_ Pageant and/or
run a command and then exit. The only time you now get the `Pageant
is already running' error is if you try to start the second copy
with no arguments.
NB the affected files in this checkin are rather wide-ranging
because I renamed the not really SSH1-specific
`ssh1_bignum_bitcount' function to just `bignum_bitcount'.

[originally from svn r1044]
2001-04-16 11:16:58 +00:00
Simon Tatham e3bcd35a37 Following the recent advisory about attacks on PGP keys based on
tampering with the unencrypted public part of the key but leaving
the private part intact ... we are now ultra-paranoid about RSA key
files, and we check that the public part matches the private part
_before_ we generate any signatures with them.

[originally from svn r1021]
2001-03-22 21:48:33 +00:00
Simon Tatham 6b58ab6ad4 Fix various trivial compiler warnings
[originally from svn r983]
2001-03-05 17:31:36 +00:00
Simon Tatham 28b1fc766c Preliminary support for RSA user authentication in SSH2! Most of the
error messages are currently wrong, and Pageant doesn't yet support
the new key type, and I haven't thoroughly tested that falling back
to password authentication and trying invalid keys etc all work. But
what I have here has successfully performed a public key
authentication, so it's working to at least some extent.

[originally from svn r973]
2001-03-03 11:54:34 +00:00
Simon Tatham d5240d4157 Make memory management uniform: _everything_ now goes through the
smalloc() macros and thence to the safemalloc() functions in misc.c.
This should allow me to plug in a debugging allocator and track
memory leaks and segfaults and things.

[originally from svn r818]
2000-12-12 10:33:13 +00:00
Simon Tatham 384eeb3f76 Fix miscellaneous compiler warnings. Thanks to Jacob Nevins
[originally from svn r755]
2000-10-24 10:47:49 +00:00
Simon Tatham 964e6407e1 Remember to close key files when rsakey_encrypted meets a bogus one
[originally from svn r739]
2000-10-20 17:57:47 +00:00
Simon Tatham 8d0bee8629 PuTTYgen initial version. Still to do are basic user-friendliness
features (prompt for passphrase twice, prompt before overwriting a
file, check the key file was actually saved OK), testing of the
generated keys to make sure I got the file format right, and support
for a variable key size. I think what's already here is basically
sound though.

[originally from svn r715]
2000-10-19 15:43:08 +00:00
Simon Tatham 48795b5896 Remove unnecessary DSS bit
[originally from svn r641]
2000-09-27 16:44:00 +00:00
Simon Tatham 673f2e48a7 Rationalise ordering of authentication operations. Still some work to do,
but at least pscp no longer hangs when prompting for a passphrase

[originally from svn r621]
2000-09-25 10:14:53 +00:00
Simon Tatham c366174cc2 Added Pageant, a first-attempt PuTTY authentication agent
[originally from svn r589]
2000-09-14 15:02:50 +00:00
Simon Tatham 1791da274c Add sshpubk.c to load authenticating keys from files
[originally from svn r573]
2000-09-07 16:40:50 +00:00