simon-git: putty (master): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Sun May 5 20:30:55 BST 2019 

TL;DR:
  4fb20b15 Move random_save_seed() into sshrand.c.
  03aeabfb Use a proper PRNG for GTK askpass.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2019-05-05 20:30:55

commit 4fb20b15f31600143a111659b4b0ce1ee5ba4ea4
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4fb20b15f31600143a111659b4b0ce1ee5ba4ea4;hp=5f35f5b4aca8eb879e374cfd9370ac7b0489cf94
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun May 5 19:59:35 2019 +0100

    Move random_save_seed() into sshrand.c.
    
    It's identical in uxnoise and winnoise, being written entirely in
    terms of existing cross-platform functions. Might as well centralise
    it into sshrand.c.

 sshrand.c          | 13 +++++++++++++
 unix/uxnoise.c     | 12 ------------
 windows/winnoise.c | 12 ------------
 3 files changed, 13 insertions(+), 24 deletions(-)

commit 03aeabfbeaa88e802c966e90a425c0af2ccfaca1
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=03aeabfbeaa88e802c966e90a425c0af2ccfaca1;hp=4fb20b15f31600143a111659b4b0ce1ee5ba4ea4
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun May 5 20:22:36 2019 +0100

    Use a proper PRNG for GTK askpass.
    
    Coverity complained that it was wrong to use rand() in a security
    context, and although in this case it's _very_ marginal, I can't
    actually disagree that the choice of which light to light up to avoid
    giving information about passphrase length is a security context.
    
    So, no more rand(); instead we instantiate a shiny Fortuna PRNG
    instance, seed it in more or less the usual way, and use that as an
    overkill-level method of choosing which light to light up next.
    
    (Acknowledging that this is a slightly unusual application and less
    critical than most, I don't actually put the passphrase characters
    themselves into the PRNG, and I don't use a random-seed file.)

 Recipe        |  2 +-
 unix/gtkask.c | 40 +++++++++++++++++++++++++++++++++++-----
 unix/uxpgnt.c |  1 -
 3 files changed, 36 insertions(+), 7 deletions(-)

More information about the tartarus-commits mailing list