mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Merge branch 'pre-0.64'
This commit is contained in:
Simon Tatham
commit
808e414130
2
Buildscr
2
Buildscr
@ -35,7 +35,7 @@ module putty
|
||||
ifeq "$(RELEASE)" "" set Ndate $(!builddate)
|
||||
ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -pe 's/(....)(..)(..)/$$1-$$2-$$3/' > date
|
||||
ifneq "$(Ndate)" "" read Date date
|
||||
set Epoch 6000 # update this at every release
|
||||
set Epoch 15493 # update this at every release
|
||||
ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -ne 'use Time::Local; /(....)(..)(..)/ and print timegm(0,0,0,$$3,$$2-1,$$1) / 86400 - $(Epoch)' > days
|
||||
ifneq "$(Ndate)" "" read Days days
|
||||
|
||||
|
||||
@ -1 +1 @@
|
||||
0.63
|
||||
0.64
|
||||
|
||||
@ -41,7 +41,7 @@ use Plink:
|
||||
|
||||
\c Z:\sysosd>plink
|
||||
\c Plink: command-line connection utility
|
||||
\c Release 0.XX
|
||||
\c Release 0.64
|
||||
\c Usage: plink [options] [user@]host [command]
|
||||
\c ("host" can also be a PuTTY saved session name)
|
||||
\c Options:
|
||||
|
||||
@ -39,7 +39,7 @@ use PSCP:
|
||||
|
||||
\c Z:\owendadmin>pscp
|
||||
\c PuTTY Secure Copy client
|
||||
\c Release 0.XX
|
||||
\c Release 0.64
|
||||
\c Usage: pscp [options] [user@]host:source target
|
||||
\c pscp [options] source [source...] [user@]host:target
|
||||
\c pscp [options] -ls [user@]host:filespec
|
||||
|
||||
7
ssh.c
7
ssh.c
@ -6648,6 +6648,13 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
||||
}
|
||||
ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
|
||||
|
||||
{
|
||||
const char *err = dh_validate_f(ssh->kex_ctx, s->f);
|
||||
if (err) {
|
||||
bombout(("key exchange reply failed validation: %s", err));
|
||||
crStopV;
|
||||
}
|
||||
}
|
||||
s->K = dh_find_K(ssh->kex_ctx, s->f);
|
||||
|
||||
/* We assume everything from now on will be quick, and it might
|
||||
|
||||
1
ssh.h
1
ssh.h
@ -596,6 +596,7 @@ void *dh_setup_group(const struct ssh_kex *kex);
|
||||
void *dh_setup_gex(Bignum pval, Bignum gval);
|
||||
void dh_cleanup(void *);
|
||||
Bignum dh_create_e(void *, int nbits);
|
||||
const char *dh_validate_f(void *handle, Bignum f);
|
||||
Bignum dh_find_K(void *, Bignum f);
|
||||
|
||||
int loadrsakey(const Filename *filename, struct RSAKey *key,
|
||||
|
||||
23
sshdh.c
23
sshdh.c
@ -218,6 +218,29 @@ Bignum dh_create_e(void *handle, int nbits)
|
||||
return ctx->e;
|
||||
}
|
||||
|
||||
/*
|
||||
* DH stage 2-epsilon: given a number f, validate it to ensure it's in
|
||||
* range. (RFC 4253 section 8: "Values of 'e' or 'f' that are not in
|
||||
* the range [1, p-1] MUST NOT be sent or accepted by either side."
|
||||
* Also, we rule out 1 and p-1 too, since that's easy to do and since
|
||||
* they lead to obviously weak keys that even a passive eavesdropper
|
||||
* can figure out.)
|
||||
*/
|
||||
const char *dh_validate_f(void *handle, Bignum f)
|
||||
{
|
||||
struct dh_ctx *ctx = (struct dh_ctx *)handle;
|
||||
if (bignum_cmp(f, One) <= 0) {
|
||||
return "f value received is too small";
|
||||
} else {
|
||||
Bignum pm1 = bigsub(ctx->p, One);
|
||||
int cmp = bignum_cmp(f, pm1);
|
||||
freebn(pm1);
|
||||
if (cmp >= 0)
|
||||
return "f value received is too large";
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* DH stage 2: given a number f, compute K = f^x mod p.
|
||||
*/
|
||||
|
||||
20
sshpubk.c
20
sshpubk.c
@ -67,7 +67,7 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
|
||||
i += 4;
|
||||
|
||||
/* Now the serious stuff. An ordinary SSH-1 public key. */
|
||||
j = makekey(buf + i, len, key, NULL, 1);
|
||||
j = makekey(buf + i, len - i, key, NULL, 1);
|
||||
if (j < 0)
|
||||
goto end; /* overran */
|
||||
i += j;
|
||||
@ -802,6 +802,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
|
||||
goto error;
|
||||
}
|
||||
sfree(public_blob);
|
||||
smemclr(private_blob, private_blob_len);
|
||||
sfree(private_blob);
|
||||
sfree(encryption);
|
||||
if (errorstr)
|
||||
@ -822,8 +823,10 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
|
||||
sfree(mac);
|
||||
if (public_blob)
|
||||
sfree(public_blob);
|
||||
if (private_blob)
|
||||
sfree(private_blob);
|
||||
if (private_blob) {
|
||||
smemclr(private_blob, private_blob_len);
|
||||
sfree(private_blob);
|
||||
}
|
||||
if (errorstr)
|
||||
*errorstr = error;
|
||||
return ret;
|
||||
@ -1112,8 +1115,14 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
|
||||
}
|
||||
|
||||
fp = f_open(filename, "w", TRUE);
|
||||
if (!fp)
|
||||
return 0;
|
||||
if (!fp) {
|
||||
sfree(pub_blob);
|
||||
smemclr(priv_blob, priv_blob_len);
|
||||
sfree(priv_blob);
|
||||
smemclr(priv_blob_encrypted, priv_blob_len);
|
||||
sfree(priv_blob_encrypted);
|
||||
return 0;
|
||||
}
|
||||
fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name);
|
||||
fprintf(fp, "Encryption: %s\n", cipherstr);
|
||||
fprintf(fp, "Comment: %s\n", key->comment);
|
||||
@ -1130,6 +1139,7 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
|
||||
sfree(pub_blob);
|
||||
smemclr(priv_blob, priv_blob_len);
|
||||
sfree(priv_blob);
|
||||
smemclr(priv_blob_encrypted, priv_blob_len);
|
||||
sfree(priv_blob_encrypted);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -13,10 +13,10 @@
|
||||
|
||||
[Setup]
|
||||
AppName=PuTTY
|
||||
AppVerName=PuTTY version 0.63
|
||||
VersionInfoTextVersion=Release 0.63
|
||||
AppVersion=0.63
|
||||
VersionInfoVersion=0.63.0.0
|
||||
AppVerName=PuTTY version 0.64
|
||||
VersionInfoTextVersion=Release 0.64
|
||||
AppVersion=0.64
|
||||
VersionInfoVersion=0.64.0.0
|
||||
AppPublisher=Simon Tatham
|
||||
AppPublisherURL=http://www.chiark.greenend.org.uk/~sgtatham/putty/
|
||||
AppReadmeFile={app}\README.txt
|
||||
|
||||
Loading…
Reference in New Issue
Block a user