Very basic changes needed to make code compilable and runnable against PuTTY development snapshot 2015-12-22 (51465fa)

Pending: have_ssh_host_key
To backpropagate to thirdparty_dev branch:
- add ne_misc.c
- remove sshecdsag.c

Source commit: cb4f87bbb00e036f123fb2239490772efbde1e77

source/Putty.cbproj

@@ -94,6 +94,9 @@
 		<TASM_Debugging>None</TASM_Debugging>
 	</PropertyGroup>
 	<ItemGroup>
+		<CppCompile Include="putty\be_misc.c">
+			<BuildOrder>47</BuildOrder>
+		</CppCompile>
 		<CppCompile Include="putty\callback.c">
 			<BuildOrder>5</BuildOrder>
 			<BuildOrder>25</BuildOrder>
@@ -149,6 +152,9 @@
 			<BuildOrder>29</BuildOrder>
 			<BuildOrder>21</BuildOrder>
 		</CppCompile>
+		<CppCompile Include="putty\sshbcrypt.c">
+			<BuildOrder>50</BuildOrder>
+		</CppCompile>
 		<CppCompile Include="putty\sshblowf.c">
 			<BuildOrder>34</BuildOrder>
 			<BuildOrder>32</BuildOrder>
@@ -157,6 +163,9 @@
 			<BuildOrder>35</BuildOrder>
 			<BuildOrder>33</BuildOrder>
 		</CppCompile>
+		<CppCompile Include="putty\sshccp.c">
+			<BuildOrder>49</BuildOrder>
+		</CppCompile>
 		<CppCompile Include="putty\sshcrc.c">
 			<BuildOrder>38</BuildOrder>
 			<BuildOrder>36</BuildOrder>
@@ -177,6 +186,9 @@
 			<BuildOrder>50</BuildOrder>
 			<BuildOrder>28</BuildOrder>
 		</CppCompile>
+		<CppCompile Include="putty\sshecc.c">
+			<BuildOrder>48</BuildOrder>
+		</CppCompile>
 		<CppCompile Include="putty\sshgssc.c">
 			<BuildOrder>38</BuildOrder>
 		</CppCompile>

source/core/PuttyIntf.cpp

@@ -131,7 +131,7 @@ int from_backend_eof(void * /*frontend*/)
   return FALSE;
 }
 //---------------------------------------------------------------------------
-int get_userpass_input(prompts_t * p, unsigned char * /*in*/, int /*inlen*/)
+int get_userpass_input(prompts_t * p, const unsigned char * /*in*/, int /*inlen*/)
 {
   DebugAssert(p != NULL);
   TSecureShell * SecureShell = reinterpret_cast<TSecureShell *>(p->frontend);
@@ -216,7 +216,7 @@ void logevent(void * frontend, const char * string)
   }
 }
 //---------------------------------------------------------------------------
-void connection_fatal(void * frontend, char * fmt, ...)
+void connection_fatal(void * frontend, const char * fmt, ...)
 {
   va_list Param;
   char Buf[200];
@@ -229,7 +229,7 @@ void connection_fatal(void * frontend, char * fmt, ...)
   ((TSecureShell *)frontend)->PuttyFatalError(Buf);
 }
 //---------------------------------------------------------------------------
-int verify_ssh_host_key(void * frontend, char * host, int port, char * keytype,
+int verify_ssh_host_key(void * frontend, char * host, int port, const char * keytype,
   char * keystr, char * fingerprint, void (*/*callback*/)(void * ctx, int result),
   void * /*ctx*/)
 {
@@ -274,7 +274,7 @@ static void SSHFatalError(const char * Format, va_list Param)
   throw ESshFatal(NULL, Buf);
 }
 //---------------------------------------------------------------------------
-void fatalbox(char * fmt, ...)
+void fatalbox(const char * fmt, ...)
 {
   va_list Param;
   va_start(Param, fmt);
@@ -282,7 +282,7 @@ void fatalbox(char * fmt, ...)
   va_end(Param);
 }
 //---------------------------------------------------------------------------
-void modalfatalbox(char * fmt, ...)
+void modalfatalbox(const char * fmt, ...)
 {
   va_list Param;
   va_start(Param, fmt);
@@ -290,7 +290,7 @@ void modalfatalbox(char * fmt, ...)
   va_end(Param);
 }
 //---------------------------------------------------------------------------
-void nonfatal(char * fmt, ...)
+void nonfatal(const char * fmt, ...)
 {
   va_list Param;
   va_start(Param, fmt);
@@ -311,14 +311,9 @@ int askappend(void * /*frontend*/, Filename * /*filename*/,
   return 0;
 }
 //---------------------------------------------------------------------------
-void ldisc_send(void * /*handle*/, char * /*buf*/, int len, int /*interactive*/)
+void ldisc_echoedit_update(void * /*handle*/)
 {
-  // This is only here because of the calls to ldisc_send(NULL,
-  // 0) in ssh.c. Nothing in PSCP actually needs to use the ldisc
-  // as an ldisc. So if we get called with any real data, I want
-  // to know about it.
-  DebugAssert(len == 0);
-  DebugUsedParam(len);
+  DebugFail();
 }
 //---------------------------------------------------------------------------
 void agent_schedule_callback(void (* /*callback*/)(void *, void *, int),

source/core/SecureShell.cpp

@@ -168,6 +168,7 @@ Conf * __fastcall TSecureShell::StoreToConfig(TSessionData * Data, bool Simple)
   conf_set_str(conf, CONF_ssh_rekey_data, AnsiString(Data->RekeyData).c_str());
   conf_set_int(conf, CONF_ssh_rekey_time, Data->RekeyTime);
 
+  DebugAssert(CIPHER_MAX == CIPHER_COUNT);
   for (int c = 0; c < CIPHER_COUNT; c++)
   {
     int pcipher;
@@ -178,11 +179,13 @@ Conf * __fastcall TSecureShell::StoreToConfig(TSessionData * Data, bool Simple)
       case cipAES: pcipher = CIPHER_AES; break;
       case cipDES: pcipher = CIPHER_DES; break;
       case cipArcfour: pcipher = CIPHER_ARCFOUR; break;
+      case cipChaCha20: pcipher = CIPHER_CHACHA20; break;
       default: DebugFail();
     }
     conf_set_int_int(conf, CONF_ssh_cipherlist, c, pcipher);
   }
 
+  DebugAssert(KEX_MAX == KEX_COUNT);
   for (int k = 0; k < KEX_COUNT; k++)
   {
     int pkex;
@@ -192,6 +195,7 @@ Conf * __fastcall TSecureShell::StoreToConfig(TSessionData * Data, bool Simple)
       case kexDHGroup14: pkex = KEX_DHGROUP14; break;
       case kexDHGEx: pkex = KEX_DHGEX; break;
       case kexRSA: pkex = KEX_RSA; break;
+      case kexECDH: pkex = KEX_ECDH; break;
       default: DebugFail();
     }
     conf_set_int_int(conf, CONF_ssh_kexlist, k, pkex);

source/core/SessionData.cpp

@@ -22,13 +22,13 @@
 const wchar_t * PingTypeNames = L"Off;Null;Dummy";
 const wchar_t * ProxyMethodNames = L"None;SOCKS4;SOCKS5;HTTP;Telnet;Cmd";
 const wchar_t * DefaultName = L"Default Settings";
-const wchar_t CipherNames[CIPHER_COUNT][10] = {L"WARN", L"3des", L"blowfish", L"aes", L"des", L"arcfour"};
-const wchar_t KexNames[KEX_COUNT][20] = {L"WARN", L"dh-group1-sha1", L"dh-group14-sha1", L"dh-gex-sha1", L"rsa" };
+const wchar_t CipherNames[CIPHER_COUNT][10] = {L"WARN", L"3des", L"blowfish", L"aes", L"des", L"arcfour", L"chacha20"};
+const wchar_t KexNames[KEX_COUNT][20] = {L"WARN", L"dh-group1-sha1", L"dh-group14-sha1", L"dh-gex-sha1", L"rsa", L"ecdh"};
 const wchar_t SshProtList[][10] = {L"1 only", L"1", L"2", L"2 only"};
 const TCipher DefaultCipherList[CIPHER_COUNT] =
-  { cipAES, cipBlowfish, cip3DES, cipWarn, cipArcfour, cipDES };
+  { cipChaCha20, cipAES, cipBlowfish, cip3DES, cipWarn, cipArcfour, cipDES };
 const TKex DefaultKexList[KEX_COUNT] =
-  { kexDHGEx, kexDHGroup14, kexDHGroup1, kexRSA, kexWarn };
+  { kexECDH, kexDHGEx, kexDHGroup14, kexDHGroup1, kexRSA, kexWarn };
 const wchar_t FSProtocolNames[FSPROTOCOL_COUNT][16] = { L"SCP", L"SFTP (SCP)", L"SFTP", L"", L"", L"FTP", L"WebDAV" };
 const int SshPortNumber = 22;
 const int FtpPortNumber = 21;

source/core/SessionData.h

@@ -13,16 +13,16 @@
 #define SET_SESSION_PROPERTY(Property) \
   if (F##Property != value) { F##Property = value; Modify(); }
 //---------------------------------------------------------------------------
-enum TCipher { cipWarn, cip3DES, cipBlowfish, cipAES, cipDES, cipArcfour };
-#define CIPHER_COUNT (cipArcfour+1)
+enum TCipher { cipWarn, cip3DES, cipBlowfish, cipAES, cipDES, cipArcfour, cipChaCha20 };
+#define CIPHER_COUNT (cipChaCha20+1)
 // explicit values to skip obsoleted fsExternalSSH, fsExternalSFTP
 enum TFSProtocol { fsSCPonly = 0, fsSFTP = 1, fsSFTPonly = 2, fsFTP = 5, fsWebDAV = 6 };
 #define FSPROTOCOL_COUNT (fsWebDAV+1)
 extern const wchar_t * ProxyMethodNames;
 enum TProxyMethod { pmNone, pmSocks4, pmSocks5, pmHTTP, pmTelnet, pmCmd };
 enum TSshProt { ssh1only, ssh1, ssh2, ssh2only };
-enum TKex { kexWarn, kexDHGroup1, kexDHGroup14, kexDHGEx, kexRSA };
-#define KEX_COUNT (kexRSA+1)
+enum TKex { kexWarn, kexDHGroup1, kexDHGroup14, kexDHGEx, kexRSA, kexECDH };
+#define KEX_COUNT (kexECDH+1)
 enum TSshBug { sbIgnore1, sbPlainPW1, sbRSA1, sbHMAC2, sbDeriveKey2, sbRSAPad2,
   sbPKSessID2, sbRekey2, sbMaxPkt2, sbIgnore2, sbOldGex2, sbWinAdj };
 #define BUG_COUNT (sbWinAdj+1)

source/forms/SiteAdvanced.cpp

@@ -229,7 +229,7 @@ void __fastcall TSiteAdvancedDialog::LoadSession()
     }
 
     CipherListBox->Items->Clear();
-    DebugAssert(CIPHER_NAME_WARN+CIPHER_COUNT-1 == CIPHER_NAME_ARCFOUR);
+    DebugAssert(CIPHER_NAME_WARN+CIPHER_COUNT-1 == CIPHER_NAME_CHACHA20);
     for (int Index = 0; Index < CIPHER_COUNT; Index++)
     {
       CipherListBox->Items->AddObject(
@@ -240,7 +240,7 @@ void __fastcall TSiteAdvancedDialog::LoadSession()
     // KEX page
 
     KexListBox->Items->Clear();
-    DebugAssert(KEX_NAME_WARN+KEX_COUNT-1 == KEX_NAME_RSA);
+    DebugAssert(KEX_NAME_WARN+KEX_COUNT-1 == KEX_NAME_ECDH);
     for (int Index = 0; Index < KEX_COUNT; Index++)
     {
       KexListBox->Items->AddObject(

source/putty/be_misc.c

@@ -0,0 +1,111 @@
+/*
+ * be_misc.c: helper functions shared between main network backends.
+ */
+
+#include <assert.h>
+#include <string.h>
+
+#define DEFINE_PLUG_METHOD_MACROS
+#include "putty.h"
+#include "network.h"
+
+void backend_socket_log(void *frontend, int type, SockAddr addr, int port,
+                        const char *error_msg, int error_code, Conf *conf,
+                        int session_started)
+{
+    char addrbuf[256], *msg;
+
+    switch (type) {
+      case 0:
+        sk_getaddr(addr, addrbuf, lenof(addrbuf));
+        if (sk_addr_needs_port(addr)) {
+            msg = dupprintf("Connecting to %s port %d", addrbuf, port);
+        } else {
+            msg = dupprintf("Connecting to %s", addrbuf);
+        }
+        break;
+      case 1:
+        sk_getaddr(addr, addrbuf, lenof(addrbuf));
+        msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
+        break;
+      case 2:
+        /* Proxy-related log messages have their own identifying
+         * prefix already, put on by our caller. */
+        {
+            int len, log_to_term;
+
+            /* Suffix \r\n temporarily, so we can log to the terminal. */
+            msg = dupprintf("%s\r\n", error_msg);
+            len = strlen(msg);
+            assert(len >= 2);
+
+            log_to_term = conf_get_int(conf, CONF_proxy_log_to_term);
+            if (log_to_term == AUTO)
+                log_to_term = session_started ? FORCE_OFF : FORCE_ON;
+            if (log_to_term == FORCE_ON)
+                from_backend(frontend, TRUE, msg, len);
+
+            msg[len-2] = '\0';         /* remove the \r\n again */
+        }
+        break;
+      default:
+        msg = NULL;  /* shouldn't happen, but placate optimiser */
+        break;
+    }
+
+    if (msg) {
+        logevent(frontend, msg);
+        sfree(msg);
+    }
+}
+
+void log_proxy_stderr(Plug plug, bufchain *buf, const void *vdata, int len)
+{
+    const char *data = (const char *)vdata;
+    int pos = 0;
+    int msglen;
+    char *nlpos, *msg, *fullmsg;
+
+    /*
+     * This helper function allows us to collect the data written to a
+     * local proxy command's standard error in whatever size chunks we
+     * happen to get from its pipe, and whenever we have a complete
+     * line, we pass it to plug_log.
+     *
+     * Prerequisites: a plug to log to, and a bufchain stored
+     * somewhere to collect the data in.
+     */
+
+    while (pos < len && (nlpos = memchr(data+pos, '\n', len-pos)) != NULL) {
+        /*
+         * Found a newline in the current input buffer. Append it to
+         * the bufchain (which may contain a partial line from last
+         * time).
+         */
+        bufchain_add(buf, data + pos, nlpos - (data + pos));
+
+        /*
+         * Collect the resulting line of data and pass it to plug_log.
+         */
+        msglen = bufchain_size(buf);
+        msg = snewn(msglen+1, char);
+        bufchain_fetch(buf, msg, msglen);
+        bufchain_consume(buf, msglen);
+        msg[msglen] = '\0';
+        fullmsg = dupprintf("proxy: %s", msg);
+        plug_log(plug, 2, NULL, 0, fullmsg, 0);
+        sfree(fullmsg);
+        sfree(msg);
+
+        /*
+         * Advance past the newline.
+         */
+        pos += nlpos+1 - (data + pos);
+    }
+
+    /*
+     * Now any remaining data is a partial line, which we save for
+     * next time.
+     */
+    bufchain_add(buf, data + pos, len - pos);
+}

source/putty/sshecdsag.c

@@ -1,71 +0,0 @@
-/*
- * EC key generation.
- */
-
-#include "ssh.h"
-
-/* Forward reference from sshecc.c */
-struct ec_point *ecp_mul(const struct ec_point *a, const Bignum b);
-
-int ec_generate(struct ec_key *key, int bits, progfn_t pfn,
-                void *pfnparam)
-{
-    struct ec_point *publicKey;
-
-    if (!ec_nist_alg_and_curve_by_bits(bits, &key->publicKey.curve,
-                                       &key->signalg))
-        return 0;
-
-    key->privateKey = bignum_random_in_range(One, key->publicKey.curve->w.n);
-    if (!key->privateKey) return 0;
-
-    publicKey = ec_public(key->privateKey, key->publicKey.curve);
-    if (!publicKey) {
-        freebn(key->privateKey);
-        key->privateKey = NULL;
-        return 0;
-    }
-
-    key->publicKey.x = publicKey->x;
-    key->publicKey.y = publicKey->y;
-    key->publicKey.z = NULL;
-    sfree(publicKey);
-
-    return 1;
-}
-
-int ec_edgenerate(struct ec_key *key, int bits, progfn_t pfn,
-                  void *pfnparam)
-{
-    struct ec_point *publicKey;
-
-    if (!ec_ed_alg_and_curve_by_bits(bits, &key->publicKey.curve,
-                                     &key->signalg))
-        return 0;
-
-    {
-        /* EdDSA secret keys are just 32 bytes of hash preimage; the
-         * 64-byte SHA-512 hash of that key will be used when signing,
-         * but the form of the key stored on disk is the preimage
-         * only. */
-        Bignum privMax = bn_power_2(bits);
-        if (!privMax) return 0;
-        key->privateKey = bignum_random_in_range(Zero, privMax);
-        freebn(privMax);
-        if (!key->privateKey) return 0;
-    }
-
-    publicKey = ec_public(key->privateKey, key->publicKey.curve);
-    if (!publicKey) {
-        freebn(key->privateKey);
-        key->privateKey = NULL;
-        return 0;
-    }
-
-    key->publicKey.x = publicKey->x;
-    key->publicKey.y = publicKey->y;
-    key->publicKey.z = NULL;
-    sfree(publicKey);
-
-    return 1;
-}

source/putty/windows/winstore.c

@@ -498,7 +498,7 @@ int have_ssh_host_key(const char *hostname, int port,
      * If we have a host key, verify_host_key will return 0 or 2.
      * If we don't have one, it'll return 1.
      */
-    return verify_host_key(hostname, port, keytype, "") != 1;
+    return 0;//verify_host_key(hostname, port, keytype, "") != 1;
 }
 
 void store_host_key(const char *hostname, int port,

source/resource/TextsWin.h

@@ -426,11 +426,13 @@
 #define CIPHER_NAME_AES         1797
 #define CIPHER_NAME_DES         1798
 #define CIPHER_NAME_ARCFOUR     1799
-#define KEX_NAME_WARN           1800
-#define KEX_NAME_DHGROUP1       1801
-#define KEX_NAME_DHGROUP14      1802
-#define KEX_NAME_DHGEX          1803
-#define KEX_NAME_RSA            1804
+#define CIPHER_NAME_CHACHA20    1800
+#define KEX_NAME_WARN           1801
+#define KEX_NAME_DHGROUP1       1802
+#define KEX_NAME_DHGROUP14      1803
+#define KEX_NAME_DHGEX          1804
+#define KEX_NAME_RSA            1805
+#define KEX_NAME_ECDH           1806
 #define LOGIN_SELECT_LOCAL_PROXY 1807
 #define LOGIN_PROXY_COMMAND_PATTERNS_HINT 1808
 #define LOGIN_DUPLICATE_SESSION_FOLDER_WORKSPACE 1809

source/resource/TextsWin1.rc

@@ -430,11 +430,13 @@ BEGIN
         CIPHER_NAME_AES, "AES (SSH-2 only)"
         CIPHER_NAME_DES, "DES"
         CIPHER_NAME_ARCFOUR, "Arcfour (SSH-2 only)"
+        CIPHER_NAME_CHACHA20, "ChaCha20 (SSH-2 only)"
         KEX_NAME_WARN, "-- warn below here --"
         KEX_NAME_DHGROUP1, "Diffie-Hellman group 1"
         KEX_NAME_DHGROUP14, "Diffie-Hellman group 14"
         KEX_NAME_DHGEX, "Diffie-Hellman group exchange"
         KEX_NAME_RSA, "RSA-based key exchange"
+        KEX_NAME_ECDH, "ECDH key exchange"
         LOGIN_SELECT_LOCAL_PROXY, "Select local proxy application"
         LOGIN_PROXY_COMMAND_PATTERNS_HINT, "Patterns:\n\\n for new line\n\\r for carriage return\n\\t for tab\n\\xXX for any hex ascii code\n\\\\ for backslash\n%host expands to hostname\n%port expands to port number\n%user expands to proxy username\n%pass expands to proxy password\n%% for percent sign"
         LOGIN_DUPLICATE_SESSION_FOLDER_WORKSPACE, "Site folder or workspace with name '%s' already exists."