nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity
8e7e3c5944
putty-source/ssh
History
Simon Tatham 8e7e3c5944 Improve time-safety of XDM-AUTHORIZATION-1 validation. 
While writing the previous patch, I realise that walking along a
decrypted string and stopping to complain about the first mismatch you
find is an anti-pattern. If we're going to deliberately give the same
error message for various mismatches, so as not to give away which
part failed first, then we should also avoid giving away the same
information via a timing leak!

I don't think this is serious enough to warrant the full-on advisory
protocol, because XDM-AUTHORIZATION-1 is rarely used these days and
also DES-based, so there are bigger problems with it. (Plus, why on
earth is it based on encryption anyway, not a MAC?) But since I
spotted it in passing, might as well fix it.
2023-04-01 16:07:29 +01:00
..
agentf.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
bpp1.c New Seat callback, seat_sent(). 2021-06-27 13:52:48 +01:00
bpp2.c Implement AES-GCM using the @openssh.com protocol IDs. 2022-08-16 20:33:58 +01:00
bpp-bare.c New Seat callback, seat_sent(). 2021-06-27 13:52:48 +01:00
bpp.h Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
ca-config.c Documentation for OpenSSH certificates. 2022-08-07 18:44:11 +01:00
censor1.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
censor2.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
channel.h Formatting: normalise back to 4-space indentation. 2022-08-03 20:48:46 +01:00
CMakeLists.txt Move host CA config box out into its own source file. 2022-05-01 10:16:19 +01:00
common.c Tweak another certified-host-key-prompt. 2022-11-06 01:56:20 +00:00
connection1-client.c New Seat query, has_mixed_input_stream(). 2021-11-06 14:48:26 +00:00
connection1-server.c Formatting: normalise back to 4-space indentation. 2022-08-03 20:48:46 +01:00
connection1.c Richer data type for interactive prompt results. 2021-12-28 18:08:31 +00:00
connection1.h Richer data type for interactive prompt results. 2021-12-28 18:08:31 +00:00
connection2-client.c New Seat query, has_mixed_input_stream(). 2021-11-06 14:48:26 +00:00
connection2-server.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
connection2.c Restrict -pwfile / -pw to apply to server prompts only. 2022-10-23 14:13:55 +01:00
connection2.h Richer data type for interactive prompt results. 2021-12-28 18:08:31 +00:00
crc-attack-detector.c Rename 'ret' variables passed from allocation to return. 2022-09-14 16:10:29 +01:00
gss.h Update source file names in comments and docs. 2022-01-22 15:51:31 +00:00
gssc.c GSSAPI fix: don't pass GSS_C_NO_NAME to inquire_cred_by_mech. 2022-09-17 07:55:08 +01:00
gssc.h Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
kex2-client.c Merge GSS EC kex fix and new FAQ from 'pre-0.78'. 2022-09-13 23:53:44 +01:00
kex2-server.c Refactor ecdh_kex into an organised vtable. 2022-04-15 17:46:06 +01:00
login1-server.c Formatting: realign run-on parenthesised stuff. 2022-08-03 20:48:46 +01:00
login1.c Formatting: realign run-on parenthesised stuff. 2022-08-03 20:48:46 +01:00
mainchan.c Formatting: realign run-on parenthesised stuff. 2022-08-03 20:48:46 +01:00
nogss.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
nosharing.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
pgssapi.c Unix GSSAPI: support static linking against Heimdal. 2022-09-17 07:55:08 +01:00
pgssapi.h Formatting: remove spurious spaces in 'type * var'. 2022-08-03 20:48:46 +01:00
portfwd.c Formatting: miscellaneous. 2022-08-03 20:48:46 +01:00
ppl.h New feature: k-i authentication helper plugins. 2022-09-01 20:43:23 +01:00
scpserver.c Rewrite some manual char-buffer-handling code. 2022-09-14 16:10:29 +01:00
server.c New Seat method, seat_nonfatal(). 2022-09-13 11:26:57 +01:00
server.h Update source file names in comments and docs. 2022-01-22 15:51:31 +00:00
sesschan.c Add some missing casts in ctype functions. 2023-03-05 13:15:57 +00:00
sftp.c Rename 'ret' variables passed from allocation to return. 2022-09-14 16:10:29 +01:00
sftp.h Fix a batch of typos in comments and docs. 2022-01-03 06:40:51 +00:00
sftpcommon.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
sftpserver.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
sharing.c Formatting: fix a few mis-spaced assignments. 2022-12-28 15:28:36 +00:00
signal-list.h Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
ssh.c New feature: k-i authentication helper plugins. 2022-09-01 20:43:23 +01:00
transient-hostkey-cache.c Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
transport2.c Uppity: clear the right KEXINIT packet at kex startup! 2022-09-10 10:19:03 +01:00
transport2.h Make rekeys work when KEXINIT filtering is enabled. 2022-09-10 10:15:27 +01:00
ttymode-list.h Move the SSH implementation into its own subdirectory. 2021-04-22 18:09:13 +01:00
userauth2-client.c Add UTF-8 support to the new Windows ConsoleIO system. 2022-11-26 10:49:03 +00:00
userauth2-server.c Uppity: add stunt options for trivial authentication. 2021-06-19 21:34:56 +01:00
verstring.c New bug workaround: KEXINIT filtering. 2022-08-30 18:51:33 +01:00
x11fwd.c Improve time-safety of XDM-AUTHORIZATION-1 validation. 2023-04-01 16:07:29 +01:00
zlib.c Add a batch of missing 'static's. 2022-09-03 12:02:48 +01:00