putty-source/ssh at c3aba5d9595e38379f1b6a227199a8c122d7d8aa - putty-source - Gitea: Git with a cup of tea

nhyatt/putty-source

mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-17 04:18:38 -05:00

History

Simon Tatham a02fd09854 Improve time-safety of XDM-AUTHORIZATION-1 validation.

While writing the previous patch, I realise that walking along a
decrypted string and stopping to complain about the first mismatch you
find is an anti-pattern. If we're going to deliberately give the same
error message for various mismatches, so as not to give away which
part failed first, then we should also avoid giving away the same
information via a timing leak!

I don't think this is serious enough to warrant the full-on advisory
protocol, because XDM-AUTHORIZATION-1 is rarely used these days and
also DES-based, so there are bigger problems with it. (Plus, why on
earth is it based on encryption anyway, not a MAC?) But since I
spotted it in passing, might as well fix it.

(cherry picked from commit 8e7e3c59448013be44b8cba2b7f89a894ee34113)

2023-04-19 14:28:36 +01:00

..

agentf.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

bpp1.c

New Seat callback, seat_sent().

2021-06-27 13:52:48 +01:00

bpp2.c

Implement AES-GCM using the @openssh.com protocol IDs.

2022-08-16 20:33:58 +01:00

bpp-bare.c

New Seat callback, seat_sent().

2021-06-27 13:52:48 +01:00

bpp.h

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

ca-config.c

Documentation for OpenSSH certificates.

2022-08-07 18:44:11 +01:00

censor1.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

censor2.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

channel.h

Formatting: normalise back to 4-space indentation.

2022-08-03 20:48:46 +01:00

CMakeLists.txt

Move host CA config box out into its own source file.

2022-05-01 10:16:19 +01:00

common.c

Tweak another certified-host-key-prompt.

2023-04-19 14:19:34 +01:00

connection1-client.c

New Seat query, has_mixed_input_stream().

2021-11-06 14:48:26 +00:00

connection1-server.c

Formatting: normalise back to 4-space indentation.

2022-08-03 20:48:46 +01:00

connection1.c

Richer data type for interactive prompt results.

2021-12-28 18:08:31 +00:00

connection1.h

Richer data type for interactive prompt results.

2021-12-28 18:08:31 +00:00

connection2-client.c

New Seat query, has_mixed_input_stream().

2021-11-06 14:48:26 +00:00

connection2-server.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

connection2.c

Restrict -pwfile / -pw to apply to server prompts only.

2022-10-23 14:13:55 +01:00

connection2.h

Richer data type for interactive prompt results.

2021-12-28 18:08:31 +00:00

crc-attack-detector.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

gss.h

Update source file names in comments and docs.

2022-01-22 15:51:31 +00:00

gssc.c

GSSAPI fix: don't pass GSS_C_NO_NAME to inquire_cred_by_mech.

2022-09-17 07:55:08 +01:00

gssc.h

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

kex2-client.c

GSSAPI kex: don't call dh_is_gex() on ECDH algorithms.

2022-09-13 20:53:03 +01:00

kex2-server.c

Refactor ecdh_kex into an organised vtable.

2022-04-15 17:46:06 +01:00

login1-server.c

Formatting: realign run-on parenthesised stuff.

2022-08-03 20:48:46 +01:00

login1.c

Formatting: realign run-on parenthesised stuff.

2022-08-03 20:48:46 +01:00

mainchan.c

Formatting: realign run-on parenthesised stuff.

2022-08-03 20:48:46 +01:00

nogss.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

nosharing.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

pgssapi.c

Unix GSSAPI: support static linking against Heimdal.

2022-09-17 07:55:08 +01:00

pgssapi.h

Formatting: remove spurious spaces in 'type * var'.

2022-08-03 20:48:46 +01:00

portfwd.c

Formatting: miscellaneous.

2022-08-03 20:48:46 +01:00

ppl.h

New feature: k-i authentication helper plugins.

2022-09-01 20:43:23 +01:00

scpserver.c

Generalise strbuf_catf() into put_fmt().

2021-11-19 11:32:47 +00:00

server.c

Centralise most details of host-key prompting.

2022-07-07 18:05:32 +01:00

server.h

Update source file names in comments and docs.

2022-01-22 15:51:31 +00:00

sesschan.c

Add some missing casts in ctype functions.

2023-04-19 14:28:36 +01:00

sftp.c

Add a batch of missing 'static's.

2022-09-03 12:02:48 +01:00

sftp.h

Fix a batch of typos in comments and docs.

2022-01-03 06:40:51 +00:00

sftpcommon.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

sftpserver.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

sharing.c

Add a batch of missing 'static's.

2022-09-03 12:02:48 +01:00

signal-list.h

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

ssh.c

New feature: k-i authentication helper plugins.

2022-09-01 20:43:23 +01:00

transient-hostkey-cache.c

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

transport2.c

Uppity: clear the right KEXINIT packet at kex startup!

2022-09-10 10:19:03 +01:00

transport2.h

Make rekeys work when KEXINIT filtering is enabled.

2022-09-10 10:15:27 +01:00

ttymode-list.h

Move the SSH implementation into its own subdirectory.

2021-04-22 18:09:13 +01:00

userauth2-client.c

Auth plugin: fix early socket closure.

2022-09-02 18:23:08 +01:00

userauth2-server.c

Uppity: add stunt options for trivial authentication.

2021-06-19 21:34:56 +01:00

verstring.c

New bug workaround: KEXINIT filtering.

2022-08-30 18:51:33 +01:00

x11fwd.c

Improve time-safety of XDM-AUTHORIZATION-1 validation.

2023-04-19 14:28:36 +01:00

zlib.c

Add a batch of missing 'static's.

2022-09-03 12:02:48 +01:00