simon-git: putty (main): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Sat Mar 13 13:58:03 GMT 2021
TL;DR:
670f9d86 Windows: new custom host-key verification dialogs.
3c6ab5bb Factor out some common code in {ux,win}cons.c.
cb4f78e6 uxcons: add some missing postmsg().
0bc78dea Console host key prompt: accept 'q' for 'abandon'.
1da353e6 Introduce OpenSSH-compatible SHA256 key fingerprinting.
ef5540c1 cmdgen: support configurable key fingerprint type.
43d70071 Windows PuTTYgen: support configurable fingerprint type.
911ead25 Windows Pageant: configurable fingerprint type.
995e2f71 Add API for getting all of a key's fingerprints.
7cadad4c Unix Pageant: support multiple fingerprint types.
46b23c58 ssh2kex-client.c: get rid of s->fingerprint.
04758cb3 Allow pre-storing host key fingerprints of all types.
34611961 Pass more information to interactive host key check.
1b1a91fa Console host key prompts: add 'more info' action.
5612dfe4 GTK: add a callback to create_message_box.
99a3b0c3 GUI host key prompts: add 'More info' subdialog.
66265d30 Switch default host key format to SHA256.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer: Simon Tatham <anakin at pobox.com>
Date: 2021-03-13 13:58:03
commit 670f9d86206d5b0d971adafc95c0d9c2b99de558
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=670f9d86206d5b0d971adafc95c0d9c2b99de558;hp=ca48e2048c778ff8a34357ce134441e3690a2a9b
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Feb 28 13:40:22 2021 +0000
Windows: new custom host-key verification dialogs.
I've replaced the old versions using the standard MessageBox with new
versions using custom-drawn dialog templates and dialog procedures.
The visible changes are that the acceptance buttons have custom text
describing the actions they'll take, like the GTK versions, instead of
having to stick with bog-standard "Yes" and "No" and hope the user
reads the explanation in the main box text.
Also, this gives me the opportunity to spiff up the looks a bit, by
making the "POTENTIAL SECURITY BREACH" in the wrong-host-key dialog
larger and boldface.
But those are minor cosmetic side effects of my real purpose, which is
to make it possible to add further controls to these boxes in future.
windows/win_res.h | 8 +++
windows/win_res.rc2 | 55 ++++++++++++++++
windows/windlg.c | 185 +++++++++++++++++++++++++++++++++++-----------------
3 files changed, 188 insertions(+), 60 deletions(-)
commit 3c6ab5bbb74223d80bbe42df5378352dcacd9255
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=3c6ab5bbb74223d80bbe42df5378352dcacd9255;hp=670f9d86206d5b0d971adafc95c0d9c2b99de558
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 09:24:17 2021 +0000
Factor out some common code in {ux,win}cons.c.
The assorted host-key and warning prompt messages have no reason to
differ between the two platforms, so let's centralise them. Also,
while I'm here, some basic support functions that are the same in both
modules.
Recipe | 24 ++++---
console.c | 111 +++++++++++++++++++++++++++++++
console.h | 17 +++++
unix/uxcons.c | 196 +++++++++++-------------------------------------------
windows/wincons.c | 182 +++++++++-----------------------------------------
5 files changed, 213 insertions(+), 317 deletions(-)
commit cb4f78e611c467f962bbabfaeed9db38d9392d4a
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=cb4f78e611c467f962bbabfaeed9db38d9392d4a;hp=3c6ab5bbb74223d80bbe42df5378352dcacd9255
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 09:33:56 2021 +0000
uxcons: add some missing postmsg().
These would have left the terminal in the wrong termios state, if a
batch-mode Plink was run from a terminal and had to abort the
connection due to a weak crypto primitive.
unix/uxcons.c | 2 ++
1 file changed, 2 insertions(+)
commit 0bc78dea688a7ca80104f4fe5d9c97d471b36486
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=0bc78dea688a7ca80104f4fe5d9c97d471b36486;hp=cb4f78e611c467f962bbabfaeed9db38d9392d4a
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Mar 7 09:58:15 2021 +0000
Console host key prompt: accept 'q' for 'abandon'.
During testing just now, I found I kept absentmindedly expecting it to
work, and I don't see any reason I shouldn't indulge that expectation.
unix/uxcons.c | 5 ++++-
windows/wincons.c | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
commit 1da353e64936ea7425d43c48eb0b9c4c72d8b629
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=1da353e64936ea7425d43c48eb0b9c4c72d8b629;hp=0bc78dea688a7ca80104f4fe5d9c97d471b36486
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 09:52:56 2021 +0000
Introduce OpenSSH-compatible SHA256 key fingerprinting.
There's a new enumeration of fingerprint types, and you tell
ssh2_fingerprint() or ssh2_fingerprint_blob() which of them to use.
So far, this is only implemented behind the scenes, and exposed for
testcrypt to test. All the call sites of ssh2_fingerprint pass a fixed
default fptype, which is still set to the old MD5. That will change
shortly.
cmdgen.c | 4 +--
pageant.c | 22 +++++++++++------
ssh.h | 13 ++++++++--
ssh2kex-client.c | 8 +++---
sshpubk.c | 72 +++++++++++++++++++++++++++++++++++-------------------
test/cryptsuite.py | 30 +++++++++++++++++++++++
test/testcrypt.py | 2 +-
testcrypt.c | 19 ++++++++++++++
testcrypt.h | 2 ++
windows/winpgen.c | 4 +--
windows/winpgnt.c | 2 +-
11 files changed, 133 insertions(+), 45 deletions(-)
commit ef5540c185a21c06811a95bbec9941372c2552af
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=ef5540c185a21c06811a95bbec9941372c2552af;hp=1da353e64936ea7425d43c48eb0b9c4c72d8b629
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 09:57:02 2021 +0000
cmdgen: support configurable key fingerprint type.
I've added the -E option, similar to ssh-keygen's, and cgtest checks
it against the OpenSSH version to ensure they match.
cgtest.c | 60 +++++++++++++++++++++++++++++++++++-------------------------
cmdgen.c | 17 +++++++++++++++--
2 files changed, 50 insertions(+), 27 deletions(-)
commit 43d70071b3d6a8bfd84f8e8dc2001958152be24e
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=43d70071b3d6a8bfd84f8e8dc2001958152be24e;hp=ef5540c185a21c06811a95bbec9941372c2552af
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 09:58:14 2021 +0000
Windows PuTTYgen: support configurable fingerprint type.
The fingerprint type shown in the PuTTYgen main dialog can now be
selected from the Key menu. Also, I've widened the dialog box, because
SHA256 fingerprints are wider than MD5 ones.
(In a fixed-pitch font, the fingerprint itself is slightly shorter -
43 base64 characters in place of 47 characters of colon-separated hex.
But the "SHA256:" prefix lengthens it, and also, in a non-fixed-pitch
font such as the default one in Windows dialogs, the colons are very
narrow, so the MD5 fingerprint has a far smaller pixel width.)
windows/puttygen.rc | 2 +-
windows/winpgen.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++------
2 files changed, 57 insertions(+), 7 deletions(-)
commit 911ead25e72bc99afb855b698d7b03e41f2b9c39
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=911ead25e72bc99afb855b698d7b03e41f2b9c39;hp=43d70071b3d6a8bfd84f8e8dc2001958152be24e
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 10:05:43 2021 +0000
Windows Pageant: configurable fingerprint type.
There's now a drop-down list box below the key list, from which you
can select a fingerprint type. Also, like GUI PuTTYgen, I've widened
the key list window to make room for wider SHA256 fingerprints.
windows/pageant.rc | 14 ++++++++------
windows/winpgnt.c | 33 +++++++++++++++++++++++++++++++--
2 files changed, 39 insertions(+), 8 deletions(-)
commit 995e2f7164733ef7b7d677ed59bad562de638a99
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=995e2f7164733ef7b7d677ed59bad562de638a99;hp=911ead25e72bc99afb855b698d7b03e41f2b9c39
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 10:15:29 2021 +0000
Add API for getting all of a key's fingerprints.
ssh2_all_fingerprints() and friends will return a small 'char **'
array, containing all the fingerprints of a key that we know how to
generate, indexed by the FingerprintType enum. The result requires
complex freeing, so there's an ssh2_free_all_fingerprints as well.
For SSH-1 RSA keys, we refuse to generate any fingerprint except the
old SSH-1 MD5 version, because there's no other fingerprint type I
know of that anyone else uses. So I've got a function that returns the
same 'char **' for an SSH-1 key, but it only fills in the MD5 slot,
and leaves the rest NULL.
As a result, I also need a dynamic function that takes a fingerprint
list and returns the id of the most preferred fingerprint type in it
_that actually exists_.
NFC: this API is introduced, but not yet used.
ssh.h | 8 ++++++++
sshpubk.c | 24 ++++++++++++++++++++++++
sshrsa.c | 13 +++++++++++++
utils.c | 21 +++++++++++++++++++++
4 files changed, 66 insertions(+)
commit 7cadad4cec32a71a719cff096058f921c2169e41
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=7cadad4cec32a71a719cff096058f921c2169e41;hp=995e2f7164733ef7b7d677ed59bad562de638a99
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 10:27:50 2021 +0000
Unix Pageant: support multiple fingerprint types.
The callback-function API in pageant.h for key enumeration is modified
so that we pass an array of all the available fingerprints for each
key.
In Unix Pageant, that's used by the -l option to print whichever
fingerprint the user asked for. (Unfortunately, the option name -E is
already taken, so for the moment I've called it --fptype. I may
revisit that later.)
Also, when matching a key by fingerprint, we're prepared to match
against any fingerprint type we know, with disambiguating prefixes if
necessary (e.g. you can match "md5:ab:12" or "sha256:Ab12". That has
to be done a bit carefully, because we match MD5 hex fingerprints
case-insensitively, but SHA256 fingerprints are case-sensitive.
pageant.c | 16 ++++----
pageant.h | 6 +--
unix/uxpgnt.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++---------
3 files changed, 115 insertions(+), 30 deletions(-)
commit 46b23c581a660eeff19f007f15383d3a9cc286ac
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=46b23c581a660eeff19f007f15383d3a9cc286ac;hp=7cadad4cec32a71a719cff096058f921c2169e41
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 10:35:07 2021 +0000
ssh2kex-client.c: get rid of s->fingerprint.
There's actually never any need to store a host key fingerprint in the
coroutine state. The only time we pass it outside the coroutine is
when it goes to verify_ssh_manual_host_key, which returns
synchronously without keeping a copy, and when it goes to
seat_verify_ssh_host_key. And in fact all current implementations of
the latter will keep their own copy of the fingerprint, even if
they're going to be asynchronous. So it's safe to free our copy
immediately seat_verify_ssh_host_key returns, even if it's launched an
async dialog box.
The corresponding code in SSH-1 was already working this way. Storing
the fingerprint in the SSH-2 coroutine state was overcautious all
along.
ssh2kex-client.c | 39 +++++++++++++++++++--------------------
ssh2transport.c | 1 -
ssh2transport.h | 2 +-
3 files changed, 20 insertions(+), 22 deletions(-)
commit 04758cb3ec076bc5c17e8c8dd689e2715c78b4ed
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=04758cb3ec076bc5c17e8c8dd689e2715c78b4ed;hp=46b23c581a660eeff19f007f15383d3a9cc286ac
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 10:53:53 2021 +0000
Allow pre-storing host key fingerprints of all types.
verify_ssh_manual_host_key() now takes an array of all key
fingerprints instead of just the default type, which means that an
expected key fingerprint stored in the session configuration can now
be matched against any of them.
misc.c | 33 +++++++++++++++++++++++----------
ssh.h | 3 +--
ssh1login.c | 14 +++++++-------
ssh2kex-client.c | 14 +++++++++-----
sshcommon.c | 36 ++++++++++++++++++------------------
5 files changed, 58 insertions(+), 42 deletions(-)
commit 3461196197fede8f9d1108136966a4f7d4d039ae
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=3461196197fede8f9d1108136966a4f7d4d039ae;hp=04758cb3ec076bc5c17e8c8dd689e2715c78b4ed
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 10:59:47 2021 +0000
Pass more information to interactive host key check.
Now we pass the whole set of fingerprints, and also a displayable
format for the full host public key.
NFC: this commit doesn't modify any of the host key prompts to _use_
any of the new information. That's coming next.
misc.c | 4 ++--
putty.h | 17 +++++++++--------
ssh1login.c | 7 ++++---
ssh2kex-client.c | 9 ++++++---
unix/gtkdlg.c | 14 ++++++++++----
unix/unix.h | 4 ++--
unix/uxcons.c | 9 ++++++---
windows/wincons.c | 9 ++++++---
windows/windlg.c | 7 ++++---
windows/winstuff.h | 4 ++--
10 files changed, 51 insertions(+), 33 deletions(-)
commit 1b1a91fa3d544c062f78310b0503062a6a67dc55
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=1b1a91fa3d544c062f78310b0503062a6a67dc55;hp=3461196197fede8f9d1108136966a4f7d4d039ae
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 11:03:23 2021 +0000
Console host key prompts: add 'more info' action.
Now you can press 'i' at the host key prompt, and it will print all
the key fingerprints we know about, plus the full public key. So if
you wanted to check against a fingerprint type that wasn't the one
shown in the default prompt, you can see all the ones we've got.
console.c | 6 ++++--
unix/uxcons.c | 35 ++++++++++++++++++++++++-----------
windows/wincons.c | 32 +++++++++++++++++++++++---------
3 files changed, 51 insertions(+), 22 deletions(-)
commit 5612dfe419e53bb329138f5adb1a670b3a12ee80
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5612dfe419e53bb329138f5adb1a670b3a12ee80;hp=1b1a91fa3d544c062f78310b0503062a6a67dc55
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 11:05:39 2021 +0000
GTK: add a callback to create_message_box.
This lets the caller of create_message_box modify the dialog in small
ways without having to repeat all the rest of the hard work as well.
unix/gtkdlg.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
commit 99a3b0c38025ef45569e3b1f896f22df036cd5b9
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=99a3b0c38025ef45569e3b1f896f22df036cd5b9;hp=5612dfe419e53bb329138f5adb1a670b3a12ee80
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 11:06:32 2021 +0000
GUI host key prompts: add 'More info' subdialog.
This behaves like the 'i' keystroke I just added to the console host
key prompts: it shows you all fingerprints and the full public key.
unix/gtkdlg.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++-----
windows/win_res.h | 6 ++++
windows/win_res.rc2 | 79 +++++++++++++++++++++++++++++-------------------
windows/windlg.c | 53 +++++++++++++++++++++++++++++---
4 files changed, 183 insertions(+), 42 deletions(-)
commit 66265d30f513c0496d9f3f882cf61b49f4bfff40
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=66265d30f513c0496d9f3f882cf61b49f4bfff40;hp=99a3b0c38025ef45569e3b1f896f22df036cd5b9
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Mar 13 11:07:34 2021 +0000
Switch default host key format to SHA256.
Finally! Now all the previous commits have put the infrastructure in
place to fall back to the old fingerprint if you need to, we can
switch to the new format without a total compatibility break.
ssh.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
More information about the tartarus-commits
mailing list