Browse Source

Updates to make code compatible with PuTTY 2016-03-31 (7f3c956)

Source commit: 7ad671d8918555d628d4a6a6c51615d2c8e45b8d
Martin Prikryl 9 years ago
parent
commit
0b19717743
5 changed files with 48 additions and 11 deletions
  1. 10 2
      source/core/PuttyIntf.cpp
  2. 26 6
      source/core/SecureShell.cpp
  3. 2 1
      source/putty/puttyexp.h
  4. 7 2
      source/putty/ssh.c
  5. 3 0
      source/putty/sshecc.c

+ 10 - 2
source/core/PuttyIntf.cpp

@@ -258,6 +258,12 @@ int askalg(void * frontend, const char * algtype, const char * algname,
   return 1;
 }
 //---------------------------------------------------------------------------
+int askhk(void * /*frontend*/, const char * /*algname*/, const char * /*betteralgs*/,
+  void (*/*callback*/)(void *ctx, int result), void * /*ctx*/)
+{
+  return 1;
+}
+//---------------------------------------------------------------------------
 void old_keyfile_warning(void)
 {
   // no reference to TSecureShell instace available
@@ -702,11 +708,13 @@ bool __fastcall HasGSSAPI(UnicodeString CustomPath)
 //---------------------------------------------------------------------------
 static void __fastcall DoNormalizeFingerprint(UnicodeString & Fingerprint, UnicodeString & KeyType)
 {
-  int Count = 0;
   const wchar_t NormalizedSeparator = L'-';
+  const int MaxCount = 10;
+  const ssh_signkey * SignKeys[MaxCount];
+  int Count = LENOF(SignKeys);
   // We may use find_pubkey_alg, but it gets complicated with normalized fingerprint
   // as the names have different number of dashes
-  const ssh_signkey ** SignKeys = get_hostkey_algs(&Count);
+  get_hostkey_algs(&Count, SignKeys);
 
   for (int Index = 0; Index < Count; Index++)
   {

+ 26 - 6
source/core/SecureShell.cpp

@@ -138,8 +138,8 @@ Conf * __fastcall TSecureShell::StoreToConfig(TSessionData * Data, bool Simple)
   #define CONF_ssh_cipherlist_MAX CIPHER_MAX
   #define CONF_DEF_INT_NONE(KEY) conf_set_int(conf, KEY, 0);
   #define CONF_DEF_STR_NONE(KEY) conf_set_str(conf, KEY, "");
-  // noop, used only for these and we set the first three explicitly below and latter two are not used in our code
-  #define CONF_DEF_INT_INT(KEY) DebugAssert((KEY == CONF_ssh_cipherlist) || (KEY == CONF_ssh_kexlist) || (KEY == CONF_ssh_gsslist) || (KEY == CONF_colours) || (KEY == CONF_wordness));
+  // noop, used only for these and we set the first four explicitly below and latter two are not used in our code
+  #define CONF_DEF_INT_INT(KEY) DebugAssert((KEY == CONF_ssh_cipherlist) || (KEY == CONF_ssh_kexlist) || (KEY == CONF_ssh_gsslist) || (KEY == CONF_ssh_hklist) || (KEY == CONF_colours) || (KEY == CONF_wordness));
   // noop, used only for these three and they all can handle undef value
   #define CONF_DEF_STR_STR(KEY) DebugAssert((KEY == CONF_ttymodes) || (KEY == CONF_portfwd) || (KEY == CONF_environmt) || (KEY == CONF_ssh_manual_hostkeys));
   // noop, not used in our code
@@ -344,6 +344,14 @@ Conf * __fastcall TSecureShell::StoreToConfig(TSessionData * Data, bool Simple)
     conf_set_int_int(conf, CONF_ssh_gsslist, Index, gsslibkeywords[Index].v);
   }
   conf_set_int(conf, CONF_proxy_log_to_term, FORCE_OFF);
+
+  conf_set_int_int(conf, CONF_ssh_hklist, 0, HK_ED25519);
+  conf_set_int_int(conf, CONF_ssh_hklist, 1, HK_ECDSA);
+  conf_set_int_int(conf, CONF_ssh_hklist, 2, HK_RSA);
+  conf_set_int_int(conf, CONF_ssh_hklist, 3, HK_DSA);
+  conf_set_int_int(conf, CONF_ssh_hklist, 4, HK_WARN);
+  DebugAssert(HK_MAX == 5);
+
   return conf;
 }
 //---------------------------------------------------------------------------
@@ -2329,6 +2337,11 @@ void __fastcall TSecureShell::AskAlg(const UnicodeString AlgType,
     Msg = FMTLOAD(KEX_BELOW_TRESHOLD, (AlgName));
     Error = FMTLOAD(KEX_NOT_VERIFIED, (AlgName));
   }
+  else if (AlgType == L"hostkey type")
+  {
+    // noop as we do not allow host key algorithm configuration,
+    // so no algorithm can get below WARN level
+  }
   else
   {
     int CipherType;
@@ -2347,15 +2360,22 @@ void __fastcall TSecureShell::AskAlg(const UnicodeString AlgType,
     else
     {
       DebugFail();
+      CipherType = 0;
     }
 
-    Msg = FMTLOAD(CIPHER_BELOW_TRESHOLD, (LoadStr(CipherType), AlgName));
-    Error = FMTLOAD(CIPHER_NOT_VERIFIED, (AlgName));
+    if (CipherType != 0)
+    {
+      Msg = FMTLOAD(CIPHER_BELOW_TRESHOLD, (LoadStr(CipherType), AlgName));
+      Error = FMTLOAD(CIPHER_NOT_VERIFIED, (AlgName));
+    }
   }
 
-  if (FUI->QueryUser(Msg, NULL, qaYes | qaNo, NULL, qtWarning) == qaNo)
+  if (!Msg.IsEmpty())
   {
-    FUI->FatalError(NULL, Error);
+    if (FUI->QueryUser(Msg, NULL, qaYes | qaNo, NULL, qtWarning) == qaNo)
+    {
+      FUI->FatalError(NULL, Error);
+    }
   }
 }
 //---------------------------------------------------------------------------

+ 2 - 1
source/putty/puttyexp.h

@@ -21,7 +21,8 @@ int get_ssh_exitcode(void * handle);
 const unsigned int * ssh2_remmaxpkt(void * handle);
 const unsigned int * ssh2_remwindow(void * handle);
 void md5checksum(const char * buffer, int len, unsigned char output[16]);
-const struct ssh_signkey ** get_hostkey_algs(int * count);
+typedef const struct ssh_signkey * cp_ssh_signkey;
+void get_hostkey_algs(int * count, cp_ssh_signkey * SignKeys);
 
 // from wingss.c
 

+ 7 - 2
source/putty/ssh.c

@@ -12128,10 +12128,15 @@ void md5checksum(const char * buffer, int len, unsigned char output[16])
   MD5Final(output, &md5c);
 }
 
-const struct ssh_signkey ** get_hostkey_algs(int * count)
+void get_hostkey_algs(int * count, cp_ssh_signkey * SignKeys)
 {
+  int i;
+  assert(lenof(hostkey_algs) <= *count);
   *count = lenof(hostkey_algs);
-  return hostkey_algs;
+  for (i = 0; i < *count; i++)
+  {
+    *(SignKeys + i) = hostkey_algs[i].alg;
+  }
 }
 
 #endif

+ 3 - 0
source/putty/sshecc.c

@@ -2937,6 +2937,9 @@ const unsigned char *ec_alg_oid(const struct ssh_signkey *alg,
     return extra->oid;
 }
 
+const int ec_nist_curve_lengths[] = { 256, 384, 521 };
+const int n_ec_nist_curve_lengths = lenof(ec_nist_curve_lengths);
+
 const int ec_nist_alg_and_curve_by_bits(int bits,
                                         const struct ec_curve **curve,
                                         const struct ssh_signkey **alg)