There are possibly other circumstances when PSFTP should also return
failure, but that one seems...

While ChaCha20 takes a 64-bit nonce, SSH-2 defines the message
sequence number to wrap at 2^32 a...

This is a null merge (done with '-s ours'), not changing the code on
master at all: it just adds...

If a sharing downstream disconnected while we were still in userauth
(probably by deliberate use...

I removed a vital line of code while fixing the merge conflicts when
cherry-picking 1eb578a488a7...

In many places I was using an 'unsigned int', or an implicit int by
virtue of writing an undecor...

Our config boxes are constructed using the CreateDialog() API
function, rather than the modal Di...

Assorted calls to ssh_pkt_getstring in handling the later parts of key
exchange (post-KEXINIT) w...

gcc and clang both provide a type called __uint128_t when compiling
for 64-bit targets, code-gen...

An unguarded write() in the dputs function caused gcc -Werror to fail
to compile. I'm confused t...

If the real SSH connection goes away and we call sharestate_free with
downstreams still active, ...

Installing this systemwide as the Windows text selection cursor is a
workaround for 'black-point...

The final main loop in do_ssh2_authconn will sometimes loop over all
currently open channels cal...

Turns out it didn't take much googling to find the right API function.

(cherry picked from comm...

The function bignum_random_in_range() is new to sshbn.c since I last
tried to run the bignum tes...

This allows files other than sshbn.c to work with the primitives
necessary to build multi-word a...

When anyone connects to a PuTTY tool's listening socket - whether it's
a user of a local->remote...

Since I've recently published a program that can easily generate the
required digits of pi, and ...

SSH2_MSG_KEX_DH_GEX_REQUEST_OLD and SSH2_MSG_KEX_DH_GEX_REQUEST were
correctly _defined_ as diff...

The memory dangling off ssd->sesslist should be freed when ssd itself
goes away, and the font se...

The last use of it, to store the contents of the saved session name
edit box, was removed nearly...

(cherry picked from commit 16c46ecdaf71e4c9dddcd933778f02d78425f6a5)

Conflicts:
sshsh512.c

Ch...

Now that we have modes in which the MAC verification happens before
any other crypto operation a...

When a winhandl.c input thread returns EOF to the main thread, the
latter might immediately dele...

Patch due to Chris Staite.

(cherry picked from commit 78989c97c94ef45b7081d80df1c35f2cc1edfea0)

It overflowed as a result of the previous commit.

(cherry picked from commit 84e239dd88245cd330...

PuTTY now uses the updated version of Diffie-Hellman group exchange,
except for a few old OpenSS...

Add automatic bug detection. (Versions verified by Matt Johnston.)

(cherry picked from commit 6...

I managed to build from completely the wrong commit this morning, so
make sure to double-check n...

encodelib.py is a Python library which implements some handy SSH-2
encoding primitives; sampleke...

(cherry picked from commit ac27a1468962895d64ebf6d45a74a03b2afa4050)

Mostly I'm rearranging things because of the new workflows that git
makes available - it's now p...

This was an old bug, fixed around 0.59, which apparently regressed
when I rewrote the main event...

I had set up an event object for signalling incoming connections to
the named pipe, and then cal...

A minus sign is illegal at that position in a control sequence, so if
ESC[13t should report some...

(cherry picked from commit 06d2fb5b372ff076d5e339f5baa3d919cb48870f)

To understand the handle leak bug that I fixed in git commit
7549f2da40d3666f2c9527d84d9ed5468e2...

Our config boxes are constructed using the CreateDialog() API
function, rather than the modal Di...

Assorted calls to ssh_pkt_getstring in handling the later parts of key
exchange (post-KEXINIT) w...

gcc and clang both provide a type called __uint128_t when compiling
for 64-bit targets, code-gen...

In many places I was using an 'unsigned int', or an implicit int by
virtue of writing an undecor...

The function bignum_random_in_range() is new to sshbn.c since I last
tried to run the bignum tes...

The final main loop in do_ssh2_authconn will sometimes loop over all
currently open channels cal...

If the real SSH connection goes away and we call sharestate_free with
downstreams still active, ...

This allows files other than sshbn.c to work with the primitives
necessary to build multi-word a...

Rather than doing arithmetic mod 2^130-5 using the general-purpose
Bignum library, which require...

I'd rather see the cipher and MAC named separately, with a hint that
the two are linked together...

No cipher uses this facility yet, but one shortly will.

No cipher uses this facility yet, but one shortly will.

This allows for sharing a bit of code, and it also means that
deduplication of KEXINIT algorithm...

The general plan is that if PuTTY knows a host key for a server, it
should preferentially ask fo...

Installing this systemwide as the Windows text selection cursor is a
workaround for 'black-point...

I think Unix Pageant is now more or less usable, though of course I
wouldn't blame anyone for st...

It seems like quite an important thing to mention in the event log!
Suppose there's a bug affect...

It doesn't seem to be all that good a spec, in that it seems to be
specified in terms of functio...

We were doing an endianness flip on the output elliptic-curve point.
Endianness flips of bignums...

An unguarded write() in the dputs function caused gcc -Werror to fail
to compile. I'm confused t...

All those static arrays giving the curves' constants ought to be
'static const' and go in the da...

Turns out it didn't take much googling to find the right API function.

When anyone connects to a PuTTY tool's listening socket - whether it's
a user of a local->remote...

in_commasep_string() is now implemented in terms of
first_in_commasep_string(), memchr(), and ta...

Caused an embarrassing failure just now trying to run the test program
from a command prompt - I...

The new code remembers the contents and meaning of the outgoing KEXINIT
and uses this to drive t...

The OpenSSH PEM format contains a big integer with the top bit
potentially set, which we handle ...

snew(), and most of the bignum functions, are deliberately written to
fail an assertion and term...

The menu options and radio buttons for key type were not consistently
setting each other when se...

Having found a lot of unfixed constness issues in recent development,
I thought perhaps it was t...

When I did the public-key output revamp, I completely failed to notice
I'd orphaned this functio...

No need to sfree(err) before going to the cleanup code, because the
whole point of shared cleanu...

Removed another set of ad-hoc tests of the key size to decide which
hash to use for the signatur...

The ec_name_to_curve and ec_curve_to_name functions shouldn't really
have had to exist at all: w...

This gives families of public key and kex functions (by which I mean
those sharing a set of meth...

Not all of them, but the ones that don't get a 'void *key' parameter.
This means I can share met...

All the name strings in ssh_cipher, ssh_mac, ssh_hash, ssh_signkey
point to compile-time string ...

The 'bytes' function should take a const void * as input, not a void *.

Adding an extra radio button to the key-type selector caused it to
wrap on to another line and p...

I've no reason to believe it will _currently_ be called with the
'passphrases' tree not even set...

I've written my own analogue of OpenSSH's ssh-askpass. At the moment,
it's contained inside Page...

I'm going to want to reuse it when deciding on a passphrase-prompting
strategy.

I had freed the comment string coming back from pageant_add_keyfile,
but not NULLed out the poin...

I've decided against implementing an option exactly analogous to
'ssh-add -L' (printing the full...

There were ad-hoc functions for fingerprinting a bare key blob in both
cmdgen.c and pageant.c, n...

There was a fair amount of duplication between Windows and Unix
PuTTYgen, and some confusion ove...

Unlike ssh-add, we can identify the key by its comment or by a prefix
of its fingerprint as well...

Obviously PuTTY can't actually do public-key authentication itself, if
you give it a public rath...

The rsakey_pubblob() and ssh2_userkey_loadpub() functions, which
expected to be given a private ...

Basically like Perl's, only we forgive \r\n line endings.

I had wondered why we couldn't just catch SSH_MSG_UNIMPLEMENTED, and
now I know: OpenSSH disconn...

It's just ssh_pkt_addstring_data but using strlen to get the length of
string to add, so make th...

It doesn't look very pretty at the moment, but it lists the keys and
gets the fingerprints right.

You can now load keys at Pageant init time, by putting the key file
names as bare arguments on t...

This brings in the code we'll need to request passphrases from the
terminal, and to talk to an e...

I've moved the setup and running of the actual agent server into
run_agent(), so that main() is ...

Those must have been wrong _forever_, but because Windows Pageant
doesn't mind if the message le...