simon-git: putty (main): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Fri Aug 5 18:12:14 BST 2022 

TL;DR:
  e711a08d cryptsuite.py: remove some rogue diagnostics.
  cd7f6c44 Certificate-aware handling of key fingerprints.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2022-08-05 18:12:14

commit e711a08dafa678f800a2d70846ef5d36f770f48b
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=e711a08dafa678f800a2d70846ef5d36f770f48b;hp=61a877cce40467cd30cfc1178af3d157cc19ea10
Author: Simon Tatham <anakin at pobox.com>
Date:   Fri Aug 5 12:42:06 2022 +0100

    cryptsuite.py: remove some rogue diagnostics.
    
    I must have left these in by mistake while I was still trying to make
    the certificate tests pass.

 test/cryptsuite.py | 3 ---
 1 file changed, 3 deletions(-)

commit cd7f6c4407ff0df2ee7c9ced4e0ffea3c3dff969
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=cd7f6c4407ff0df2ee7c9ced4e0ffea3c3dff969;hp=e711a08dafa678f800a2d70846ef5d36f770f48b
Author: Simon Tatham <anakin at pobox.com>
Date:   Fri Aug 5 18:08:59 2022 +0100

    Certificate-aware handling of key fingerprints.
    
    OpenSSH, when called on to give the fingerprint of a certified public
    key, will in many circumstances generate the hash of the public blob
    of the _underlying_ key, rather than the hash of the full certificate.
    
    I think the hash of the certificate is also potentially useful (if
    nothing else, it provides a way to tell apart multiple certificates on
    the same key). But I can also see that it's useful to be able to
    recognise a key as the same one 'really' (since all certificates on
    the same key share a private key, so they're unavoidably related).
    
    So I've dealt with this by introducing an extra pair of fingerprint
    types, giving the cross product of {MD5, SHA-256} x {base key only,
    full certificate}. You can manually select which one you want to see
    in some circumstances (notably PuTTYgen), and in others (such as
    diagnostics) both fingerprints will be emitted side by side via the
    new functions ssh2_double_fingerprint[_blob].
    
    The default, following OpenSSH, is to just fingerprint the base key.

 cmdgen.c               |  4 ++++
 crypto/openssh-certs.c |  4 ++--
 pageant.c              | 12 ++++++------
 ssh.h                  | 28 ++++++++++++++++++++++++++-
 ssh/kex2-client.c      | 16 +++++++++-------
 sshpubk.c              | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-
 test/cryptsuite.py     | 29 ++++++++++++++++++++++++++++
 test/testcrypt-enum.h  |  2 ++
 unix/pageant.c         | 18 ++++++++++++++++++
 windows/pageant.c      |  2 ++
 windows/pageant.rc     |  2 +-
 11 files changed, 150 insertions(+), 18 deletions(-)

More information about the tartarus-commits mailing list