simon-git: putty (main): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Tue Aug 30 18:54:54 BST 2022 

TL;DR:
  c6d7ffda Fix crash in GSSAPI key exchange.
  b88057d0 ECDH kex: remove pointless NULL check.
  031d86ed Add RFC8268 / RFC3126 Diffie-Hellman group{15,16,17,18}.
  cec8c876 Support elliptic-curve Diffie-Hellman GSS KEX.
  5e2acd9a New bug workaround: KEXINIT filtering.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2022-08-30 18:54:54

commit c6d7ffda68ee9ec82c4235efa5c6559889ba6d86
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=c6d7ffda68ee9ec82c4235efa5c6559889ba6d86;hp=d2e982efa727544b54628e37916c2497fe72cf21
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Aug 29 13:43:07 2022 +0100

    Fix crash in GSSAPI key exchange.
    
    Introduced recently by commit 42740a54550476e, in which I decided to
    call ssh_key_cache_str() even on certified host keys. But that call
    was conditional on s->hkey being non-NULL (which happens in GSS KEX)
    as well as on it not being certified, and I managed to absentmindedly
    remove _both_ conditions. As a result we got a null-pointer
    dereference on any GSS kex.

 ssh/kex2-client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit b88057d09dd84d8b8bba1af391d397ab28106d50
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=b88057d09dd84d8b8bba1af391d397ab28106d50;hp=c6d7ffda68ee9ec82c4235efa5c6559889ba6d86
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Aug 29 11:28:31 2022 +0100

    ECDH kex: remove pointless NULL check.
    
    None of the constructors can fail and return NULL. I think this must
    have come in with a lot of other unnecessary null-pointer checks when
    ECC support was first added. I've got rid of most of them since then,
    but that one apparently escaped my notice.

 ssh/kex2-client.c | 5 -----
 1 file changed, 5 deletions(-)

commit 031d86ed5ba4dd4f7b61af483a20f48f7811f2ab
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=031d86ed5ba4dd4f7b61af483a20f48f7811f2ab;hp=b88057d09dd84d8b8bba1af391d397ab28106d50
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Aug 29 07:44:39 2022 +0100

    Add RFC8268 / RFC3126 Diffie-Hellman group{15,16,17,18}.
    
    These are a new set of larger integer Diffie-Hellman fixed groups,
    using SHA-512 as the hash.

 config.c                |  18 ++++--
 crypto/diffie-hellman.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++
 putty.h                 |   4 ++
 settings.c              |   8 ++-
 ssh.h                   |  19 +++++-
 ssh/transport2.c        |  22 ++++++-
 test/testcrypt-enum.h   |   4 ++
 7 files changed, 230 insertions(+), 13 deletions(-)

commit cec8c87626b3433907d214c91a072f75fbd06c91
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=cec8c87626b3433907d214c91a072f75fbd06c91;hp=031d86ed5ba4dd4f7b61af483a20f48f7811f2ab
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Aug 29 11:35:34 2022 +0100

    Support elliptic-curve Diffie-Hellman GSS KEX.
    
    This is surprisingly simple, because it wasn't necessary to touch the
    GSS parts at all. Nothing changes about the message formats between
    integer DH and ECDH in GSS KEX, except that the mpints sent back and
    forth as part of integer DH are replaced by the opaque strings used in
    ECDH. So I've invented a new KEXTYPE and made it control a bunch of
    small conditionals in the middle of the GSS KEX code, leaving the rest
    unchanged.

 crypto/diffie-hellman.c |  14 -------
 crypto/ecc-ssh.c        |  43 ++++++++++++++++++++
 ssh.h                   |  15 +++++++
 ssh/kex2-client.c       | 104 ++++++++++++++++++++++++++++++++++--------------
 ssh/transport2.c        |   5 ++-
 ssh/transport2.h        |   1 +
 6 files changed, 138 insertions(+), 44 deletions(-)

commit 5e2acd9af7033b681023e026d4607e554f7ab984
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5e2acd9af7033b681023e026d4607e554f7ab984;hp=cec8c87626b3433907d214c91a072f75fbd06c91
Author: Simon Tatham <anakin at pobox.com>
Date:   Tue Aug 30 18:51:33 2022 +0100

    New bug workaround: KEXINIT filtering.
    
    We've occasionally had reports of SSH servers disconnecting as soon as
    they receive PuTTY's KEXINIT. I think all such reports have involved
    the kind of simple ROM-based SSH server software you find in small
    embedded devices.
    
    I've never been able to prove it, but I've always suspected that one
    possible cause of this is simply that PuTTY's KEXINIT is _too long_,
    either in number of algorithms listed or in total length (especially
    given all the ones that end in @very.long.domain.name suffixes).
    
    If I'm right about either of those being the cause, then it's just
    become even more likely to happen, because of all the extra
    Diffie-Hellman groups and GSSAPI algorithms we just threw into our
    already-long list in the previous few commits.
    
    A workaround I've had in mind for ages is to wait for the server's
    KEXINIT, and then filter our own down to just the algorithms the
    server also mentioned. Then our KEXINIT is no longer than that of the
    server, and hence, presumably fits in whatever buffer it has. So I've
    implemented that workaround, in anticipation of it being needed in the
    near future.
    
    (Well ... it's not _quite_ true that our KEXINIT is at most the same
    length as the server. In fact I had to leave in one KEXINIT item that
    won't match anything in the server's list, namely "ext-info-c" which
    gates access to SHA-2 based RSA. So if we turn out to support
    absolutely everything on all the server's lists, then our KEXINIT
    would be a few bytes longer than the server's, even with this
    workaround. But that would only cause trouble if the server's outgoing
    KEXINIT was skating very close to whatever buffer size it has for the
    incoming one, and I'm guessing that's not very likely.)
    
    ((Another possible cause of this kind of disconnection would be a
    server that simply objects to seeing any KEXINIT string it doesn't
    know how to speak. But _surely_ no such server would have survived
    initial testing against any full-featured client at all!))

 config.c         |   4 +++
 doc/config.but   |  26 ++++++++++++++
 putty.h          |   1 +
 settings.c       |   2 ++
 ssh.h            |   1 +
 ssh/transport2.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++++---
 ssh/verstring.c  |   6 ++++
 windows/help.h   |   1 +
 8 files changed, 138 insertions(+), 5 deletions(-)

More information about the tartarus-commits mailing list