simon-git: putty (master): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Sun Dec 15 20:46:47 GMT 2019
TL;DR:
873ec973 Factor out get_rsa_ssh1_priv_agent from Pageant.
e47a337d Fix bug in Uppity RSA kex with short secret values.
859c81e8 Add a test for RSA key exchange.
156762fc Refactor the ssh_hash vtable. (NFC)
3fd334b5 sshhmac.c: stop freeing/remaking persistent ssh_hash objects.
1344d4d1 Adopt the new hash API functions where they're useful.
bac0a4db sclog.c: print 'stores' for memory stores
2804789b testsc: print the address of main().
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer: Simon Tatham <anakin at pobox.com>
Date: 2019-12-15 20:46:47
commit 873ec97302e2d31d40f69fe26d71b4d670e1d64d
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=873ec97302e2d31d40f69fe26d71b4d670e1d64d;hp=7dd0351254fcb0583ea531d1703d5b0207ed88e0
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Dec 15 20:12:36 2019 +0000
Factor out get_rsa_ssh1_priv_agent from Pageant.
The code that reads an SSH1_AGENTC_ADD_RSA_IDENTITY message and parses
an RSA private key out of it now does it by calling a BinarySource
function in sshrsa.c, instead of doing inline in the Pageant message
handler. This has no functional change, except that now I can expose
that separate function in the testcrypt API, where it provides me with
a mechanism for creating a bare RSAKey structure for purposes of
testing RSA key exchange.
marshal.h | 2 ++
pageant.c | 14 +-------------
ssh.h | 1 +
sshrsa.c | 18 ++++++++++++++++++
testcrypt.h | 5 ++++-
5 files changed, 26 insertions(+), 14 deletions(-)
commit e47a337dd785f5da9187d389fce91173f3bcf712
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=e47a337dd785f5da9187d389fce91173f3bcf712;hp=873ec97302e2d31d40f69fe26d71b4d670e1d64d
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Dec 15 20:12:59 2019 +0000
Fix bug in Uppity RSA kex with short secret values.
In ssh_rsakex_decrypt, the code that decodes the buffer after it's
been through RSA decryption and had the OAEP masking undone would
never have worked if there were any padding 0 bytes between the prefix
and suffix of the OAEP preimage.
I must have not noticed before because PuTTY's RSA kex client code
always makes the biggest possible secret integer, so it never _does_
need any padding!
sshrsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 859c81e838452edb3400082e07ea1969ecbbfd7b
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=859c81e838452edb3400082e07ea1969ecbbfd7b;hp=e47a337dd785f5da9187d389fce91173f3bcf712
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Dec 15 20:13:13 2019 +0000
Add a test for RSA key exchange.
It demonstrates a successful round trip from a source integer to
ciphertext and back, and also I've hardcoded the ciphertext I got from
the first attempt so that future changes to the code won't be able to
change it without me noticing.
test/cryptsuite.py | 44 ++++++++++++++++++++++++++++++++++++++++++++
testcrypt.c | 1 +
testcrypt.h | 2 +-
3 files changed, 46 insertions(+), 1 deletion(-)
commit 156762fc0246c4ff587c72eed7010552f9c1e5bb
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=156762fc0246c4ff587c72eed7010552f9c1e5bb;hp=859c81e838452edb3400082e07ea1969ecbbfd7b
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Dec 15 09:30:10 2019 +0000
Refactor the ssh_hash vtable. (NFC)
The idea is to arrange that an ssh_hash object can be reused without
having to free it and allocate a new one. So the 'final' method has
been replaced with 'digest', which does everything except the trailing
free; and there's also a new pair of methods 'reset' and 'copyfrom'
which overwrite the state of a hash with either the starting state or
a copy of another state. Meanwhile, the 'new' allocator function has
stopped performing 'reset' as a side effect; now it _just_ does the
administrative stuff (allocation, setting up vtables), and returns an
object which isn't yet ready to receive any actual data, expecting
that the caller will either reset it or copy another hash state into
it.
In particular, that means that the SHA-384 / SHA-512 pair no longer
need separate 'new' methods, because only the 'reset' part has to
change between them.
This commit makes no change to the user-facing API of wrapper
functions in ssh.h, except to add new functions which nothing yet
calls. The user-facing ssh_hash_new() calls the new and reset methods
in succession, and the copy and final methods still exist to do
new+copy and digest+free.
ssh.h | 26 +++++++++++-----
sshmd5.c | 26 ++++++++--------
sshsh256.c | 100 +++++++++++++++++++++++++++++++++----------------------------
sshsh512.c | 35 ++++++++++------------
sshsha.c | 97 +++++++++++++++++++++++++++++++----------------------------
5 files changed, 154 insertions(+), 130 deletions(-)
commit 3fd334b5caf774787705307b76d1f6c4c3862883
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=3fd334b5caf774787705307b76d1f6c4c3862883;hp=156762fc0246c4ff587c72eed7010552f9c1e5bb
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Dec 15 11:58:33 2019 +0000
sshhmac.c: stop freeing/remaking persistent ssh_hash objects.
The h_outer, h_inner and h_live hash objects in the HMAC
implementation are now no longer freed and reallocated all the time.
Instead, they're reinitialised in place using the new ssh_hash_reset
and ssh_hash_copyfrom API functions.
This is partly a performance optimisation (malloc and free take time),
but also, it should fix an intermittent failure in the side-channel
test system 'testsc', which seems to be happening because of those
free/malloc pairs not happening the same way in successive runs. (In
other words, this didn't reflect a genuine side-channel leakage in the
actual crypto, only a failure of experimental control in the test.)
sshhmac.c | 28 +++-------------------------
testsc.c | 6 ------
2 files changed, 3 insertions(+), 31 deletions(-)
commit 1344d4d1cd84b586b811cf26863dd0ad2c9bb1fd
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=1344d4d1cd84b586b811cf26863dd0ad2c9bb1fd;hp=3fd334b5caf774787705307b76d1f6c4c3862883
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Dec 15 09:57:30 2019 +0000
Adopt the new hash API functions where they're useful.
This commit switches as many ssh_hash_free / ssh_hash_new pairs as
possible to reuse the previous hash object via ssh_hash_reset. Also a
few other cleanups: use the wrapper function hash_simple() where
possible, and I've also introduced ssh_hash_digest_nondestructive()
and switched to that where possible as well.
import.c | 6 +++---
ssh.h | 7 +++++++
ssh2transport.c | 10 +++++-----
sshdss.c | 4 ++--
sshhmac.c | 15 +++++----------
sshprng.c | 4 ++--
sshpubk.c | 8 +++-----
sshrsa.c | 18 ++++++++----------
testcrypt.c | 10 ++++++++++
testcrypt.h | 2 ++
testsc.c | 14 +++++++++-----
windows/winshare.c | 6 +-----
12 files changed, 57 insertions(+), 47 deletions(-)
commit bac0a4dba7b8532c16ec5ca1380e1e3c491cdb3d
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=bac0a4dba7b8532c16ec5ca1380e1e3c491cdb3d;hp=1344d4d1cd84b586b811cf26863dd0ad2c9bb1fd
Author: Pavel I. Kryukov <kryukov at frtk.ru>
Date: Sun Dec 15 13:57:52 2019 +0300
sclog.c: print 'stores' for memory stores
test/sclog/sclog.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 2804789be8640d5d4f0bd72e26c7ed1ff94e279e
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=2804789be8640d5d4f0bd72e26c7ed1ff94e279e;hp=bac0a4dba7b8532c16ec5ca1380e1e3c491cdb3d
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Dec 15 20:39:01 2019 +0000
testsc: print the address of main().
As explained in the comment in the code, this makes it easier to map
addresses in the log files back to addresses in the code, if the
testsc image is built as a position-independent executable.
testsc.c | 9 +++++++++
1 file changed, 9 insertions(+)
More information about the tartarus-commits
mailing list