simon-git: putty (master): Simon Tatham

Commits to Tartarus CVS repository. tartarus-commits at lists.tartarus.org
Tue May 19 10:06:00 BST 2015 

TL;DR:
  a209b90 Log which elliptic curve we're using for ECDH kex.
  686ce91 Fix construction of the output bignum in Curve25519 kex.
  bcd1e75 Add a reference to a spec for Curve25519.

Repository:     git://git.tartarus.org/simon/putty.git
On the web:     http://tartarus.org/~simon-git/gitweb/?p=putty.git
Branch updated: master
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2015-05-19 10:06:00

commit a209b9044e6536243b4c1b662300b2055776bab2
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=a209b9044e6536243b4c1b662300b2055776bab2;hp=35fde00fd1fdc084a78dc3e4c3f94dbf16bbd236
Author: Simon Tatham <anakin at pobox.com>
Date:   Tue May 19 08:42:23 2015 +0100

    Log which elliptic curve we're using for ECDH kex.
    
    It seems like quite an important thing to mention in the event log!
    Suppose there's a bug affecting only one curve, for example? Fixed-
    group Diffie-Hellman has always logged the group, but the ECDH log
    message just told you the hash and not also the curve.
    
    To implement this, I've added a 'textname' field to all elliptic
    curves, whether they're used for kex or signing or both, suitable for
    use in this log message and any others we might find a need for in
    future.

 ssh.c    |    3 ++-
 ssh.h    |   10 +++++++++-
 sshecc.c |   15 ++++++++++++---
 3 files changed, 23 insertions(+), 5 deletions(-)

commit 686ce919051d3bd47c0a6a881a8ce821d565630a
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=686ce919051d3bd47c0a6a881a8ce821d565630a;hp=a209b9044e6536243b4c1b662300b2055776bab2
Author: Simon Tatham <anakin at pobox.com>
Date:   Tue May 19 09:54:17 2015 +0100

    Fix construction of the output bignum in Curve25519 kex.
    
    We were doing an endianness flip on the output elliptic-curve point.
    Endianness flips of bignums, of course, have to specify how many bytes
    they're imagining the value to have (that's how you decide whether to
    convert 0xA1A2 into 0xA2A1 or 0xA2A10000 or 0xA2A1000000000000 etc),
    and we had chosen our byte count based on the highest set bit in the
    _output value_ - but in fact we should have chosen it based on the
    size of the curve's modulus, leading to a failure about 1/256 of the
    time when the MSB happened to come out zero so the two byte counts
    differed.
    
    (Also added a missing smemclr, while I was there.)

 sshecc.c |   19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

commit bcd1e751b3cfe16d790b875ba2fef14a20d1f2cf
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=bcd1e751b3cfe16d790b875ba2fef14a20d1f2cf;hp=686ce919051d3bd47c0a6a881a8ce821d565630a
Author: Simon Tatham <anakin at pobox.com>
Date:   Tue May 19 09:56:56 2015 +0100

    Add a reference to a spec for Curve25519.
    
    It doesn't seem to be all that good a spec, in that it seems to be
    specified in terms of functions in libssh and hence based on the
    assumption that you already know exactly what those functions do. But
    it's something, at least.

 sshecc.c |    4 ++++
 1 file changed, 4 insertions(+)

More information about the tartarus-commits mailing list