From 43ec3397b6d7aa2b1dc005ac01619b807e70fe51 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 26 May 2018 07:06:33 +0100 Subject: [PATCH] Remove vestiges of attempt at MS Crypto API support. There was a time, back when the USA was more vigorously against cryptography, when we toyed with the idea of having a version of PuTTY that outsourced its cryptographic primitives to the Microsoft optional encryption API, which would effectively create a tool that acted like PuTTY proper on a system with that API installed, but automatically degraded to being PuTTYtel on a system without, and meanwhile (so went the theory) it could be moved freely across national borders with crypto restrictions, because it didn't _contain_ any of the actual crypto. I don't recall that we ever got it working at all. And certainly the vestiges of it here and there in the current code are completely unworkable - they refer to an 'mscrypto.c' that doesn't even exist, and the ifdefs in the definitions of structures like RSAKey and MD5Context are not matched by any corresponding ifdefs in the code. So I ought to have got round to removing it long ago, in order to avoid misleading anyone. --- putty.h | 8 -------- ssh.c | 29 ++++++++++------------------- ssh.h | 17 ----------------- windows/wincons.c | 3 --- windows/window.c | 3 --- 5 files changed, 10 insertions(+), 50 deletions(-) diff --git a/putty.h b/putty.h index 00334f44..c81b6307 100644 --- a/putty.h +++ b/putty.h @@ -1259,14 +1259,6 @@ int mk_wcswidth(const unsigned int *pwcs, size_t n); int mk_wcwidth_cjk(unsigned int ucs); int mk_wcswidth_cjk(const unsigned int *pwcs, size_t n); -/* - * Exports from mscrypto.c - */ -#ifdef MSCRYPTOAPI -int crypto_startup(); -void crypto_wrapup(); -#endif - /* * Exports from pageantc.c. * diff --git a/ssh.c b/ssh.c index ad487595..b4482753 100644 --- a/ssh.c +++ b/ssh.c @@ -1555,7 +1555,7 @@ static void ssh1_rdpkt(Ssh ssh) } st->pktin->maxlen = st->biglen; - st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char); + st->pktin->data = snewn(st->biglen, unsigned char); crMaybeWaitUntilV(bufchain_try_fetch_consume( &ssh->incoming_data, @@ -1594,8 +1594,7 @@ static void ssh1_rdpkt(Ssh ssh) if (st->pktin->maxlen < st->pad + decomplen) { st->pktin->maxlen = st->pad + decomplen; - st->pktin->data = sresize(st->pktin->data, - st->pktin->maxlen + APIEXTRA, + st->pktin->data = sresize(st->pktin->data, st->pktin->maxlen, unsigned char); st->pktin->body = st->pktin->data + st->pad + 1; } @@ -1812,7 +1811,7 @@ static void ssh2_rdpkt(Ssh ssh) */ /* May as well allocate the whole lot now. */ - st->pktin->data = snewn(OUR_V2_PACKETLIMIT + st->maclen + APIEXTRA, + st->pktin->data = snewn(OUR_V2_PACKETLIMIT + st->maclen, unsigned char); /* Read an amount corresponding to the MAC. */ @@ -1853,11 +1852,10 @@ static void ssh2_rdpkt(Ssh ssh) } } st->pktin->maxlen = st->packetlen + st->maclen; - st->pktin->data = sresize(st->pktin->data, - st->pktin->maxlen + APIEXTRA, + st->pktin->data = sresize(st->pktin->data, st->pktin->maxlen, unsigned char); } else if (ssh->scmac && ssh->scmac_etm) { - st->pktin->data = snewn(4 + APIEXTRA, unsigned char); + st->pktin->data = snewn(4, unsigned char); /* * OpenSSH encrypt-then-MAC mode: the packet length is @@ -1897,8 +1895,7 @@ static void ssh2_rdpkt(Ssh ssh) * Allocate memory for the rest of the packet. */ st->pktin->maxlen = st->packetlen + st->maclen; - st->pktin->data = sresize(st->pktin->data, - st->pktin->maxlen + APIEXTRA, + st->pktin->data = sresize(st->pktin->data, st->pktin->maxlen, unsigned char); /* @@ -1925,7 +1922,7 @@ static void ssh2_rdpkt(Ssh ssh) st->pktin->data + 4, st->packetlen - 4); } else { - st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char); + st->pktin->data = snewn(st->cipherblk, unsigned char); /* * Acquire and decrypt the first block of the packet. This will @@ -1964,8 +1961,7 @@ static void ssh2_rdpkt(Ssh ssh) * Allocate memory for the rest of the packet. */ st->pktin->maxlen = st->packetlen + st->maclen; - st->pktin->data = sresize(st->pktin->data, - st->pktin->maxlen + APIEXTRA, + st->pktin->data = sresize(st->pktin->data, st->pktin->maxlen, unsigned char); /* @@ -2026,7 +2022,7 @@ static void ssh2_rdpkt(Ssh ssh) if (st->pktin->maxlen < newlen + 5) { st->pktin->maxlen = newlen + 5; st->pktin->data = sresize(st->pktin->data, - st->pktin->maxlen + APIEXTRA, + st->pktin->maxlen, unsigned char); } st->pktin->length = 5 + newlen; @@ -2311,7 +2307,7 @@ static void ssh_pkt_ensure(struct Packet *pkt, int length) unsigned char *body = pkt->body; int offset = body ? body - pkt->data : 0; pkt->maxlen = length + 256; - pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char); + pkt->data = sresize(pkt->data, pkt->maxlen, unsigned char); if (body) pkt->body = pkt->data + offset; } } @@ -12308,11 +12304,6 @@ static const char *ssh_init(void *frontend_handle, void **backend_handle, *backend_handle = ssh; -#ifdef MSCRYPTOAPI - if (crypto_startup() == 0) - return "Microsoft high encryption pack not installed!"; -#endif - ssh->frontend = frontend_handle; ssh->term_width = conf_get_int(ssh->conf, CONF_width); ssh->term_height = conf_get_int(ssh->conf, CONF_height); diff --git a/ssh.h b/ssh.h index 591c0bb6..e11e2cf8 100644 --- a/ssh.h +++ b/ssh.h @@ -70,12 +70,6 @@ void share_setup_x11_channel(void *csv, void *chanv, #define SSH_CIPHER_3DES 3 #define SSH_CIPHER_BLOWFISH 6 -#ifdef MSCRYPTOAPI -#define APIEXTRA 8 -#else -#define APIEXTRA 0 -#endif - #ifndef BIGNUM_INTERNAL typedef void *Bignum; #endif @@ -83,17 +77,12 @@ typedef void *Bignum; struct RSAKey { int bits; int bytes; -#ifdef MSCRYPTOAPI - unsigned long exponent; - unsigned char *modulus; -#else Bignum modulus; Bignum exponent; Bignum private_exponent; Bignum p; Bignum q; Bignum iqmp; -#endif char *comment; }; @@ -242,14 +231,10 @@ typedef struct { } MD5_Core_State; struct MD5Context { -#ifdef MSCRYPTOAPI - unsigned long hHash; -#else MD5_Core_State core; unsigned char block[64]; int blkused; uint32 lenhi, lenlo; -#endif BinarySink_IMPLEMENTATION; }; @@ -507,9 +492,7 @@ extern const char sshver[]; */ extern int ssh_fallback_cmd(void *handle); -#ifndef MSCRYPTOAPI void SHATransform(word32 * digest, word32 * data); -#endif /* * Check of compiler version diff --git a/windows/wincons.c b/windows/wincons.c index 5c493773..120bffe8 100644 --- a/windows/wincons.c +++ b/windows/wincons.c @@ -26,9 +26,6 @@ void cleanup_exit(int code) sk_cleanup(); random_save_seed(); -#ifdef MSCRYPTOAPI - crypto_wrapup(); -#endif exit(code); } diff --git a/windows/window.c b/windows/window.c index 0a5d9c58..126a0440 100644 --- a/windows/window.c +++ b/windows/window.c @@ -894,9 +894,6 @@ void cleanup_exit(int code) if (conf_get_int(conf, CONF_protocol) == PROT_SSH) { random_save_seed(); -#ifdef MSCRYPTOAPI - crypto_wrapup(); -#endif } shutdown_help();