Simon Tatham [Mon, 9 Apr 2001 11:59:35 +0000 (11:59 +0000)]
Default handling of VT100 line drawing characters in cut and paste is
now to translate them into poor man's characters (+--+ and |). We also
have an option to disable this (and map line drawing characters to the
corresponding ASCII code as before). Thanks to Robert de Bath.
Simon Tatham [Wed, 28 Mar 2001 16:38:40 +0000 (16:38 +0000)]
Oops. The new remote_cmd_ptr points in the wrong place when you copy a
Config structure like plink does at one point. (I'm almost tempted to
say this is where a copy constructor would be handy :-/ )
Simon Tatham [Fri, 23 Mar 2001 13:02:39 +0000 (13:02 +0000)]
Modify the new rsa_verify routine. We now also check the integrity of
the private data (verifying that p > q and that iqmp really is the
inverse of q mod p). In addition, we _no longer_ check that e*d == 1
mod (p-1)(q-1): instead we do separate checks mod (p-1) and mod (q-1),
since the order of the multiplicative group mod n is actually equal to
lcm(p-1,q-1) rather than phi(n)=(p-1)(q-1). (In other words, the
Fermat-Euler theorem doesn't point both ways.)
Simon Tatham [Fri, 23 Mar 2001 10:28:36 +0000 (10:28 +0000)]
Fix the SSH protocol version exchange, which had a weird stack trash
in it which for some reason didn't show up when built with VC++6 but
blew up the nightlies. Should be OK now.
Simon Tatham [Thu, 22 Mar 2001 21:48:33 +0000 (21:48 +0000)]
Following the recent advisory about attacks on PGP keys based on
tampering with the unencrypted public part of the key but leaving
the private part intact ... we are now ultra-paranoid about RSA key
files, and we check that the public part matches the private part
_before_ we generate any signatures with them.
Simon Tatham [Thu, 22 Mar 2001 17:32:40 +0000 (17:32 +0000)]
Remove the length limit on protocol version strings. (In principle, I
could have got away with upping it to 256, but I didn't want a repeat
of the chaos when some server accidentally breaks that limit too...)
Simon Tatham [Mon, 19 Mar 2001 10:27:59 +0000 (10:27 +0000)]
Plink in noninteractive-script mode should not show the `Authenticated
with public key' message in SSH2 (it already doesn't in SSH1). It
shouldn't show the login banner either, since its output is probably
redirected to something which will choke on it.
Simon Tatham [Mon, 19 Mar 2001 10:24:55 +0000 (10:24 +0000)]
Add Norman Brandinger's suggested `-m' option in plink, to read the
remote command from a local file. Advantage: you can have more than
one line in it, so you can remotely run what's effectively a small
script.
Simon Tatham [Fri, 16 Mar 2001 12:09:44 +0000 (12:09 +0000)]
SSH2 channel fix: received WINDOW_ADJUSTs were always applied to the
primary (shell session) channel, rather than the one they were aimed
at. This _despite_ me having deliberately gone and looked the channel
ID up in the B-tree - I was ignoring the result by accident :-/
X forwarding should now work in SSH2 even on non-trivial clients (ie
things other than xdpyinfo).
Simon Tatham [Fri, 16 Mar 2001 11:58:54 +0000 (11:58 +0000)]
Correct handling of SSH1 protocol flags, in particular
PROTOFLAG_SCREEN_NUMBER, without which OpenSSH 2.5.1 was objecting to
my gratuitous inclusion of a screen number in the SSH1 X forwarding
request. Ahem.
Simon Tatham [Thu, 15 Mar 2001 17:14:31 +0000 (17:14 +0000)]
Add support for SSH2 userauth banners. We currently can't deal with
printing them _before_ the username prompt. This apparently isn't very
serious because OpenSSH doesn't _send_ it before the username prompt,
but only in response to USERAUTH_REQUEST "none". Good job we do that!
Simon Tatham [Thu, 15 Mar 2001 12:15:02 +0000 (12:15 +0000)]
At long last: PuTTY will now report its version to the server
sensibly, as a release or a snapshot or a local build. With any luck
this should make bug reporting easier to handle, because anyone who
sends their Event Log should automatically include the version :-)
Simon Tatham [Mon, 12 Mar 2001 12:24:07 +0000 (12:24 +0000)]
Finally fixed the point/pixel confusion in font handling. Thanks to
Roman Surma for pointing me at the relevant bits of documentation. All
font sizes should now be measured in points, and everything should be
consistent, and (with any luck) old Registry settings should adapt
gracefully too.
Simon Tatham [Sat, 10 Mar 2001 11:04:07 +0000 (11:04 +0000)]
Add support for using Diffie-Hellman with short exponents (sshdh.c
contains a reference to a paper on the subject). Reduces time taken
for DH group exchange to the point where it's viable to enable it
all the time, so I have. :-)
Simon Tatham [Mon, 5 Mar 2001 16:38:42 +0000 (16:38 +0000)]
Make the SSH2 traffic analysis defence robust in the face of Zlib
compression. This involves introducing an option to disable Zlib
compression (that is, continue to work within the Zlib format but
output an uncompressed block) for the duration of a single packet.
Simon Tatham [Sat, 3 Mar 2001 16:38:44 +0000 (16:38 +0000)]
Implement OpenSSH's private agent forwarding extension. I believe we
now interoperate with OpenSSH/SSH2 to _exactly_ the same level as we
interoperate with SSH1. Which is pretty cool really.
Simon Tatham [Sat, 3 Mar 2001 13:53:44 +0000 (13:53 +0000)]
The authentication diagnostics in SSH2 should now be better.
Additionally, the ability to switch usernames if you mistype the
first one has been restored (although it didn't actually work
because OpenSSH didn't feel like playing; patch submitted :-).
Simon Tatham [Sat, 3 Mar 2001 11:54:34 +0000 (11:54 +0000)]
Preliminary support for RSA user authentication in SSH2! Most of the
error messages are currently wrong, and Pageant doesn't yet support
the new key type, and I haven't thoroughly tested that falling back
to password authentication and trying invalid keys etc all work. But
what I have here has successfully performed a public key
authentication, so it's working to at least some extent.
Simon Tatham [Fri, 2 Mar 2001 13:55:23 +0000 (13:55 +0000)]
Support for selecting AES from the GUI. In the process, I've had to
introduce another layer of abstraction in SSH2 ciphers, such that a
single `logical cipher' (as desired by a user) can equate to more
than one `physical cipher'. This is because AES comes in several key
lengths (PuTTY will pick the highest supported by the remote end)
and several different SSH2-protocol-level names (aes*-cbc,
rijndael*-cbc, and an unofficial one rijndael-cbc@lysator.liu.se).
Simon Tatham [Thu, 1 Mar 2001 17:55:40 +0000 (17:55 +0000)]
Diffie-Hellman group exchange in SSH2. Currently #ifdeffed out
(change the sense of #ifdef DO_DIFFIE_HELLMAN_GEX in ssh.c) because
it's _far_ too slow. Will be re-enabled once the bignum routines
work a bit faster (or rather a _lot_ faster).
Simon Tatham [Thu, 1 Mar 2001 17:45:31 +0000 (17:45 +0000)]
Add a key length indication to each SSH2 cipher structure, in
preparation for needing to know how much key material each cipher
needs in order to select a suitable Diffie-Hellman group.
Simon Tatham [Thu, 1 Mar 2001 17:41:26 +0000 (17:41 +0000)]
Remove the last lingering knowledge, outside sshbn.c, of the
internal structure of the Bignum type. Bignum is now a fully opaque
type unless you're inside sshbn.c.
Simon Tatham [Tue, 27 Feb 2001 17:02:51 +0000 (17:02 +0000)]
Timestamp every line of the Event Log. The primary reason for this
(generating detail in bug reports when SSH2 repeat key exchange
failed) is no longer an issue, but it might be useful for other
things. It's a _log_ dammit, and logs should be timestamped.
Simon Tatham [Mon, 26 Feb 2001 16:39:15 +0000 (16:39 +0000)]
Moderately evil workaround to compensate for a variation in
behaviour of FXP_REALPATH. (Specifically, BSD and GNU realpath(3)
disagree over whether to return success when computing the realpath
for a putative new file to be created in a valid directory. There's
no way we can tell from (say) the OpenSSH version string because
OpenSSH might have been compiled to use the local realpath _or_ its
own nonbroken one.)
Simon Tatham [Mon, 5 Feb 2001 13:42:33 +0000 (13:42 +0000)]
Modifications to the new Close On Exit option:
- wording change (required a patch to winctrls.c:radioline())
- `only on clean exit' is used when an old-style config says `yes',
on the grounds that it's more generally useful than `always' and
also we want to map the old default to the new default.
Simon Tatham [Thu, 1 Feb 2001 14:11:04 +0000 (14:11 +0000)]
Yet another attempt at OOB handling in the network abstraction. This
version allows you to specify, per socket, which sockets receive OOB
data in-line (so that you know what was before the mark and what was
after) and which receive it out of line (so it's really a one-byte
out-of-band facility rather than discard-to-mark). This reflects the
fact that rlogin appears to make more sense in the latter mode, and
telnet in the former. This patch makes rlogin work right for me.
Simon Tatham [Thu, 1 Feb 2001 11:35:15 +0000 (11:35 +0000)]
Avoid mallocing zero bytes in the event log Copy processing, which
was apparently a problem for compilers other than Visual C. Thanks
to Roman Pompejus for pointing it out.
Simon Tatham [Mon, 29 Jan 2001 13:19:59 +0000 (13:19 +0000)]
Remove a segfault in bombout() macro: don't sk_close() the socket if
it's already NULL. The `Incorrect MAC' problem was causing
ssh2_rdpkt to bombout(), setting s to NULL, and then a secondary
bombout() was happening at the next level up, causing a segfault.