Skip to content
Snippets Groups Projects
Commit 2b3c02d6 authored by Deucе's avatar Deucе :ok_hand_tone4: Committed by Rob Swindell
Browse files

Update cryptlib to 3.4.7

parent b33a40e7
No related branches found
No related tags found
1 merge request!388Update cryptlib to 3.4.7
Showing
with 345 additions and 313 deletions
--- random/unix.c.orig 2021-03-15 18:02:42.743073000 -0400
+++ random/unix.c 2021-03-15 18:04:17.393934000 -0400
@@ -398,7 +398,7 @@
#include <net/route.h> /* For CTL_NET:AF_ROUTE:0:AF_INET:\
NET_RT_FLAGS idents */
#include <sys/gmon.h> /* For CTL_KERN:KERN_PROF identifiers */
- #if defined( __NetBSD__ )
+ #if defined( __NetBSD__ ) || defined( __OpenBSD__ )
#include <uvm/uvm_param.h> /* For CTL_VM identifiers */
#else
#include <vm/vm_param.h> /* For CTL_VM identifiers */
@@ -414,7 +414,9 @@
static const SYSCTL_INFO sysctlInfo[] = {
/* Hardware info */
{ 2, { CTL_HW, HW_MACHINE } }, /* Machine class */
+#ifdef HW_MACHINE_ARCH
{ 2, { CTL_HW, HW_MACHINE_ARCH } }, /* Machine architecture */
+#endif
{ 2, { CTL_HW, HW_MODEL } }, /* Machine model */
#ifdef HW_IOSTATS
{ 2, { CTL_HW, HW_IOSTATS } }, /* struct io_sysctl for each device
@@ -517,11 +519,13 @@
/* Terminal chars sent/received */
#endif /* KERN_TKSTAT */
{ 2, { CTL_KERN, KERN_VERSION } }, /* System version string */
+#ifdef KERN_VNODE
{ 2, { CTL_KERN, KERN_VNODE }, 15 },
/* struct xvnode for each vnode, see
/sys/sys/vnode.h. Produces a huge
amount of output so typically gets
truncated at SYSCTL_BUFFER_SIZE */
+#endif
/* Networking info */
{ 6, { CTL_NET, AF_ROUTE, 0, AF_INET, NET_RT_DUMP, 0 }, 5 },
--- ./session/sess_rd.c.orig 2024-01-14 19:55:23.556519000 -0500
+++ ./session/sess_rd.c 2024-01-14 19:55:55.611225000 -0500
@@ -884,28 +884,28 @@
return( status );
}
- /* Update the stream read timeout to the current user-selected read
- timeout in case the user has changed the timeout setting.
-
- This isn't perfect in the case of the extremely chatty SSH protocol
- because what looks like a read to the user can involve several reads
- and writes under the hood, and what gets used for those is the
- overall high-level timeout for the operation as a whole, with the
- hidden internal reads and writes using that as their shared setting.
-
- For example if the code performs a read and hits an SSH channel
- command it has to send back a response, leading possibly to further
- reads and writes, before it can actually read any data. So the top-
- level read command sets a read timeout and then the much lower-level
- code ends up in a hidden long exchange with the other side using the
- same timeout that was set for the overall read before the higher-
- level read code gets to complete the actual read */
- sioctlSet( &sessionInfoPtr->stream, STREAM_IOCTL_READTIMEOUT,
- sessionInfoPtr->readTimeout );
-
LOOP_MAX_REV_INITCHECK( dataLength = dataMaxLength, dataLength > 0 )
{
int byteCount;
+
+ /* Update the stream read timeout to the current user-selected read
+ timeout in case the user has changed the timeout setting.
+
+ This isn't perfect in the case of the extremely chatty SSH protocol
+ because what looks like a read to the user can involve several reads
+ and writes under the hood, and what gets used for those is the
+ overall high-level timeout for the operation as a whole, with the
+ hidden internal reads and writes using that as their shared setting.
+
+ For example if the code performs a read and hits an SSH channel
+ command it has to send back a response, leading possibly to further
+ reads and writes, before it can actually read any data. So the top-
+ level read command sets a read timeout and then the much lower-level
+ code ends up in a hidden long exchange with the other side using the
+ same timeout that was set for the overall read before the higher-
+ level read code gets to complete the actual read */
+ sioctlSet( &sessionInfoPtr->stream, STREAM_IOCTL_READTIMEOUT,
+ sessionInfoPtr->readTimeout );
ENSURES( LOOP_INVARIANT_MAX_REV_XXX( dataLength, 1, dataMaxLength ) );
/* dataLength is decremented by the number of bytes read */
--- tools/ccopts.sh.sbbs 2022-02-25 13:17:06.665485787 +1100
+++ tools/ccopts.sh 2022-02-25 13:03:43.969689324 +1100
@@ -591,7 +591,7 @@
--- tools/ccopts.sh.orig 2023-12-31 08:25:17.141687000 -0500
+++ tools/ccopts.sh 2023-12-31 08:33:58.559121000 -0500
@@ -1055,34 +1055,35 @@
# -march=native. As a result we have to use the pretty bad -march=x86-64
# for most gcc versions, which doesn't even get us native AES support.
if [ "$ARCH" = "i586" ] || [ "$ARCH" = "i686" ] || [ "$ARCH" = "x86_64" ] ; then
if [ "$GCC_VER" -ge 45 ] ; then
- CCARGS="$CCARGS -march=native -mtune=generic" ;
+ CCARGS="$CCARGS -mtune=generic" ;
if [ "$ARCH" = "x86_64" ] ; then
CCARGS="$CCARGS -fPIC" ;
fi ;
-if [ "$ARCH" = "i586" ] || [ "$ARCH" = "i686" ] || [ "$ARCH" = "x86_64" ] ; then
- if [ "$COMPILER_VER" -ge 110 ] ; then
- if [ $GENERICBUILD -gt 0 ] ; then
- echo " (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
- else
- CCARGS="$CCARGS -march=x86-64-v3" ;
- fi
- elif [ "$COMPILER_VER" -ge 45 ] ; then
- if [ $GENERICBUILD -gt 0 ] ; then
- echo " (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
- else
- CCARGS="$CCARGS -march=x86-64" ;
- fi
- elif [ "$COMPILER_VER" -ge 30 ] ; then
- case $ARCH in
- 'x86_64')
- CCARGS="$CCARGS -march=opteron -fPIC" ;;
-
- 'i686')
- CCARGS="$CCARGS -march=pentiumpro" ;;
-
- *)
- CCARGS="$CCARGS -march=pentium" ;;
- esac ;
- else
- CCARGS="$CCARGS -mcpu=pentium" ;
- fi ;
-fi
+# We can't use the generic target because we use an explcit target for mingw
+#if [ "$ARCH" = "i586" ] || [ "$ARCH" = "i686" ] || [ "$ARCH" = "x86_64" ] ; then
+# if [ "$COMPILER_VER" -ge 110 ] ; then
+# if [ $GENERICBUILD -gt 0 ] ; then
+# echo " (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
+# else
+# CCARGS="$CCARGS -march=x86-64-v3" ;
+# fi
+# elif [ "$COMPILER_VER" -ge 45 ] ; then
+# if [ $GENERICBUILD -gt 0 ] ; then
+# echo " (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
+# else
+# CCARGS="$CCARGS -march=x86-64" ;
+# fi
+# elif [ "$COMPILER_VER" -ge 30 ] ; then
+# case $ARCH in
+# 'x86_64')
+# CCARGS="$CCARGS -march=opteron -fPIC" ;;
+#
+# 'i686')
+# CCARGS="$CCARGS -march=pentiumpro" ;;
+#
+# *)
+# CCARGS="$CCARGS -march=pentium" ;;
+# esac ;
+# else
+# CCARGS="$CCARGS -mcpu=pentium" ;
+# fi ;
+#fi
# gcc 4.x for 64-bit architectures has an optimiser bug that removes an
# empty-list check in cryptlib's list-management code (this has been
--- io/tcp.c.orig 2018-03-12 13:47:37.385998000 -0400
+++ io/tcp.c 2018-03-12 13:48:12.696032000 -0400
@@ -402,7 +402,7 @@
return( status );
LOOP_MED( ( selectIterations = 0, status = SOCKET_ERROR ), \
isSocketError( status ) && \
- !checkMonoTimerExpired( &timerInfo ) && \
+ (selectIterations == 0 || !checkMonoTimerExpired( &timerInfo )) && \
selectIterations < 20,
selectIterations++ )
{
--- session/ssh2_chn.c.orig 2019-02-05 18:18:26.000000000 -0500
+++ session/ssh2_chn.c 2023-12-24 08:09:36.669204000 -0500
--- session/ssh2_channel.c.orig 2019-02-05 18:18:26.000000000 -0500
+++ session/ssh2_channel.c 2023-12-24 08:09:36.669204000 -0500
@@ -59,6 +59,9 @@
/* Channel extra data. This contains encoded oddball protocol-specific
......@@ -99,64 +99,8 @@
data, dataLength ) );
}
--- session/ssh.c.orig 2023-12-24 07:59:01.180636000 -0500
+++ session/ssh.c 2023-12-24 08:11:02.562401000 -0500
@@ -978,7 +978,10 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_TYPE || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG1 || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
+ type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL);
if( type == CRYPT_SESSINFO_SSH_OPTIONS )
{
@@ -993,7 +996,9 @@
}
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
+ type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
{
status = getChannelAttribute( sessionInfoPtr, type, data );
}
@@ -1023,12 +1028,17 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG1 || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
type == CRYPT_SESSINFO_SSH_OPTIONS || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
+ type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL);
/* Get the data value if it's an integer parameter */
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
- type == CRYPT_SESSINFO_SSH_OPTIONS)
+ type == CRYPT_SESSINFO_SSH_OPTIONS || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH)
value = *( ( int * ) data );
/* If we're selecting a channel and there's unwritten data from a
@@ -1069,7 +1079,9 @@
return( closeChannel( sessionInfoPtr, FALSE ) );
}
- if( type == CRYPT_SESSINFO_SSH_CHANNEL )
+ if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
status = setChannelAttribute( sessionInfoPtr, type, value );
else
{
--- session/ssh2_msgc.c.orig 2023-12-24 07:59:00.803690000 -0500
+++ session/ssh2_msgc.c 2023-12-24 08:12:21.955372000 -0500
--- session/ssh2_msgcli.c.orig 2023-12-24 07:59:00.803690000 -0500
+++ session/ssh2_msgcli.c 2023-12-24 08:12:21.955372000 -0500
@@ -553,15 +553,15 @@
writeUint32( stream, channelNo );
writeString32( stream, "pty-req", 7 );
......@@ -176,8 +120,8 @@
writeUint32( stream, 48 ); /* 48 x 80 (24 x 80 is so 1970s) */
else
writeUint32( stream, value);
--- session/ssh2_msgs.c.orig 2019-02-05 18:18:26.000000000 -0500
+++ session/ssh2_msgs.c 2023-12-24 08:15:19.887857000 -0500
--- session/ssh2_msgsvr.c.orig 2019-02-05 18:18:26.000000000 -0500
+++ session/ssh2_msgsvr.c 2023-12-24 08:15:19.887857000 -0500
@@ -655,8 +655,20 @@
problem but just deny the request */
switch( requestInfoPtr->requestType )
......@@ -275,9 +219,9 @@
case CRYPT_SESSINFO_USERNAME:
case CRYPT_SESSINFO_PASSWORD:
case CRYPT_SESSINFO_SERVER_NAME:
--- kernel/attr_acl.c.orig 2023-12-24 08:27:15.033674000 -0500
+++ kernel/attr_acl.c 2023-12-24 08:30:04.633826000 -0500
@@ -3564,6 +3564,49 @@
--- kernel/attr_acl.c.orig 2023-12-31 08:42:47.250931000 -0500
+++ kernel/attr_acl.c 2023-12-31 08:43:02.362902000 -0500
@@ -3648,6 +3648,49 @@
MKACL_END_SUBACL(), MKACL_END_SUBACL()
};
......@@ -327,7 +271,7 @@
/* Session attributes */
static const ATTRIBUTE_ACL sessionACL[] = {
@@ -3774,24 +3817,24 @@
@@ -3877,24 +3920,24 @@
MKPERM_TSP( xWD_xWD ),
ROUTE( OBJECT_TYPE_SESSION ), &objectCtxHash ),
......@@ -335,7 +279,7 @@
- CRYPT_SESSINFO_SSH_TERMINAL,
- ST_NONE, ST_NONE, ST_SESS_SSH,
- 0xffffffff /*MKPERM_SSH_EXT( RWD_RWD )*/,
+ MKACL_X( /* SSH client: Read/write */
+ MKACL_ST( /* SSH client: Read/write */
+ CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL,
+ ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR,
+ MKPERM_SSH_EXT( RWx_RWx ),
......@@ -346,7 +290,7 @@
- ST_NONE, ST_NONE, ST_SESS_SSH,
- 0xffffffff /*MKPERM_SSH_EXT( RWD_RWD )*/,
+ subACL_SessinfoSSHChannelTerminal ),
+ MKACL_X( /* SSH client: Read/write */
+ MKACL_ST( /* SSH client: Read/write */
+ CRYPT_SESSINFO_SSH_CHANNEL_WIDTH,
+ ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR,
+ MKPERM_SSH_EXT( RWx_RWx ),
......@@ -357,7 +301,7 @@
- ST_NONE, ST_NONE, ST_SESS_SSH,
- 0xffffffff /*MKPERM_SSH_EXT( RWD_RWD )*/,
+ subACL_SessinfoSSHChannelWidth ),
+ MKACL_X( /* SSH client: Read/write */
+ MKACL_ST( /* SSH client: Read/write */
+ CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT,
+ ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR,
+ MKPERM_SSH_EXT( RWx_RWx ),
......@@ -367,12 +311,67 @@
MKACL_END(), MKACL_END()
};
@@ -4659,7 +4702,7 @@
@@ -4883,7 +4926,7 @@
static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6016, "Attribute value" );
- static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6032, "Attribute value" );
+ static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6035, "Attribute value" );
static_assert( CRYPT_CERTFORMAT_LAST == 12, "Attribute value" );
static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6017, "Attribute value" );
- static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6036, "Attribute value" );
+ static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6039, "Attribute value" );
static_assert( CRYPT_CERTFORMAT_LAST == 13, "Attribute value" );
/* Perform a consistency check on the attribute ACLs. The ACLs are
--- ./session/ssh.c.orig 2024-01-07 21:24:52.912681000 -0500
+++ ./session/ssh.c 2024-01-07 21:25:24.857224000 -0500
@@ -541,6 +541,9 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
type == CRYPT_SESSINFO_SSH_OPTIONS || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL || \
type == CRYPT_SESSINFO_SSH_PREAUTH );
#else
REQUIRES( type == CRYPT_SESSINFO_SSH_PREAUTH );
@@ -576,7 +579,9 @@
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
+ type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
{
status = getChannelAttribute( sessionInfoPtr, type, data );
}
@@ -611,6 +616,9 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
type == CRYPT_SESSINFO_SSH_OPTIONS || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL || \
type == CRYPT_SESSINFO_SSH_PREAUTH );
#else
REQUIRES( type == CRYPT_SESSINFO_SSH_PREAUTH );
@@ -629,7 +637,9 @@
/* Get the data value if it's an integer parameter */
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
- type == CRYPT_SESSINFO_SSH_OPTIONS )
+ type == CRYPT_SESSINFO_SSH_OPTIONS || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH)
value = *( ( int * ) data );
/* If we're selecting a channel and there's unwritten data from a
@@ -680,7 +690,9 @@
return( closeChannel( sessionInfoPtr, FALSE ) );
}
- if( type == CRYPT_SESSINFO_SSH_CHANNEL )
+ if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
status = setChannelAttribute( sessionInfoPtr, type, value );
else
{
--- session/ssh.c.orig 2018-03-12 21:28:40.049142000 -0400
+++ session/ssh.c 2018-03-12 21:28:57.425639000 -0400
@@ -306,8 +306,8 @@
/* Make sure that we got enough data to work with. We need at least
"SSH-" (ID, size SSH_ID_SIZE) + "x.y-" (protocol version) + "xxxxx"
- (software version/ID, of which the shortest-known is "ConfD") */
- if( length < SSH_ID_SIZE + 9 || length > SSH_ID_MAX_SIZE )
+ (software version/ID, of which the shortest-known is "Go") */
+ if( length < SSH_ID_SIZE + 6 || length > SSH_ID_MAX_SIZE )
{
retExt( CRYPT_ERROR_BADDATA,
( CRYPT_ERROR_BADDATA, SESSION_ERRINFO,
--- session/ssh2_crypt.c.orig 2019-01-21 16:56:04.000000000 -0500
+++ session/ssh2_crypt.c 2020-02-14 14:15:11.144585000 -0500
@@ -55,12 +55,12 @@
/* Walk along the counter incrementing each byte if required */
LOOP_MED( i = blockSize - 1, i >= 0, i-- )
{
- if( ctrPtr[ i ]++ != 0 )
+ if( ++ctrPtr[ i ] != 0 )
break;
}
ENSURES( LOOP_BOUND_OK );
ENSURES( ctrMSB != ctrPtr[ blockSize - 1 ] );
- ENSURES( ctrMSB != 0 || ctrMSBnext != ctrPtr[ blockSize - 2 ] );
+ ENSURES( (ctrPtr[ blockSize - 1 ] != 0 || ctrMSBnext != ctrPtr[ blockSize - 2 ]) );
return( CRYPT_OK );
}
@@ -388,7 +388,7 @@
memcpy( sshInfo->writeCTR, buffer, sessionInfoPtr->cryptBlocksize );
else
memcpy( sshInfo->readCTR, buffer, sessionInfoPtr->cryptBlocksize );
- zeroise( buffer, CRYPT_MAX_KEYSIZE );
+ zeroise( buffer, CRYPT_MAX_HASHSIZE );
return( CRYPT_OK );
}
--- session/ssh2.c.orig 2019-01-26 20:39:00.000000000 -0500
+++ session/ssh2.c 2020-02-14 02:31:35.785792000 -0500
@@ -851,6 +851,7 @@
--- ./session/ssh2_algo.c.orig 2024-01-20 16:21:25.993730000 -0500
+++ ./session/ssh2_algo.c 2024-01-20 16:21:59.153489000 -0500
@@ -837,6 +837,7 @@
/* Make sure that any required sub-algorithms are available */
if( algoStringInfo->subAlgo != CRYPT_ALGO_NONE && \
......
--- session/ssl_suites.c.orig 2020-02-17 15:42:41.411268000 -0500
+++ session/ssl_suites.c 2020-02-17 16:05:59.563026000 -0500
@@ -135,7 +135,7 @@
--- session/tls_suites.c.orig 2023-12-31 07:45:33.902489000 -0500
+++ session/tls_suites.c 2023-12-31 07:49:12.514913000 -0500
@@ -129,7 +129,7 @@
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" )
CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
- CRYPT_ALGO_HMAC_SHA2, 0, 32, SHA2MAC_SIZE,
+ CRYPT_ALGO_HMAC_SHA2, 0, 16, SHA2MAC_SIZE,
CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_TLS12 },
/* { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
- CRYPT_ALGO_HMAC_SHA2, 0, 32, SHA2MAC_SIZE, CIPHERSUITE_FLAG_TLS12 },
+ CRYPT_ALGO_HMAC_SHA2, 0, 16, SHA2MAC_SIZE, CIPHERSUITE_FLAG_TLS12 },
#ifdef CONFIG_SUITEB
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" )
@@ -187,11 +187,11 @@
CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE,
CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+/* { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" )
CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
- CRYPT_ALGO_HMAC_SHA2, 48, 16, GCMICV_SIZE,
- CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
+ CRYPT_ALGO_HMAC_SHA2, 48, 32, GCMICV_SIZE,
+ CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },*/
/* AES-GCM with DH */
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -200,9 +200,9 @@
CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE,
CIPHERSUITE_FLAG_DH | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
/* { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
- DESCRIPTION( "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" )
+ DESCRIPTION( "TLS_DHE_RSA_WITH_AES_256_GCM_SHA256" )
CRYPT_ALGO_DH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
- CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE,
+ CRYPT_ALGO_HMAC_SHA2, 0, 32, GCMICV_SIZE,
CIPHERSUITE_FLAG_DH | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 }, */
/* AES-GCM with RSA */
@@ -214,7 +214,7 @@
/* { TLS_RSA_WITH_AES_256_GCM_SHA384,
DESCRIPTION( "TLS_RSA_WITH_AES_256_GCM_SHA384" )
CRYPT_ALGO_RSA, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
- CRYPT_ALGO_HMAC_SHA2, 48, 16, GCMICV_SIZE,
+ CRYPT_ALGO_HMAC_SHA2, 48, 32, GCMICV_SIZE,
CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 }, */
/* End-of-list marker */
--- ./session/ssl_suites.c.orig 2019-07-03 13:16:53.917656000 -0400
+++ ./session/ssl_suites.c 2019-07-03 13:17:06.390635000 -0400
@@ -187,11 +187,11 @@
CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE,
CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+/* { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" )
CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
CRYPT_ALGO_HMAC_SHA2, 48, 16, GCMICV_SIZE,
- CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
+ CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },*/
/* AES-GCM with DH */
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
......@@ -94,9 +94,9 @@ diff -ur ../tmp2/session/sess_attr.c ./session/sess_attr.c
case CRYPT_SESSINFO_USERNAME:
case CRYPT_SESSINFO_PASSWORD:
case CRYPT_SESSINFO_SERVER_NAME:
diff -ur ../tmp2/session/ssh2_msgc.c ./session/ssh2_msgc.c
--- ../tmp2/session/ssh2_msgc.c 2021-03-13 02:55:27.112993000 -0500
+++ ./session/ssh2_msgc.c 2021-03-13 02:56:03.671662000 -0500
diff -ur ../tmp2/session/ssh2_msgcli.c ./session/ssh2_msgcli.c
--- ../tmp2/session/ssh2_msgcli.c 2021-03-13 02:55:27.112993000 -0500
+++ ./session/ssh2_msgcli.c 2021-03-13 02:56:03.671662000 -0500
@@ -448,6 +448,12 @@
CHANNEL_WRITE );
int packetOffset, status;
......
--- bn/bn_lcl.h.orig 2024-01-07 22:16:23.377711000 -0500
+++ bn/bn_lcl.h 2024-01-07 22:16:36.330481000 -0500
@@ -232,7 +232,7 @@
# define PTR_SIZE_INT size_t
# endif /* defined(OPENSSL_SYS_VMS) [else] */
-# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if !defined(PEDANTIC)
/* The original OpenSSL code has a mass of inline asm to handle 64-bit
multiplies across different architectures, however if the compiler
--- session/ssl_cli.c.orig 2014-08-22 03:20:26.000000000 -0700
+++ session/ssl_cli.c 2014-08-22 03:20:53.000000000 -0700
@@ -1342,7 +1342,7 @@
CRYPT_SESSINFO_PASSWORD );
const ATTRIBUTE_LIST *userNamePtr = \
findSessionInfo( sessionInfoPtr->attributeList,
- CRYPT_SESSINFO_PASSWORD );
+ CRYPT_SESSINFO_USERNAME );
REQUIRES( passwordPtr != NULL );
REQUIRES( userNamePtr != NULL );
--- ../tmp2/tools/ccopts.sh 2019-03-04 16:32:32.000000000 -0500
+++ tools/ccopts.sh 2019-06-03 16:30:45.060050000 -0400
@@ -241,13 +241,15 @@
done
# TPM support
- for includepath in $TPMPATHS ; do
- if [ -f $includepath ] ; then
- echo "TPM interface detected, enabling TPM support." >&2 ;
- CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
- break ;
- fi
- done
+ if [ "$(uname -s)" = "Linux" ] ; then
+ for includepath in $TPMPATHS ; do
+ if [ -f $includepath ] ; then
+ echo "TPM interface detected, enabling TPM support." >&2 ;
+ CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
+ break ;
+ fi
+ done
+ fi
# /dev/crypto support
for includepath in $DEVCRYPTOPATHS ; do
--- crypt/brg_types.h.orig 2021-03-15 17:59:00.031496000 -0400
+++ crypt/brg_types.h 2021-03-15 17:59:49.685028000 -0400
@@ -133,7 +133,7 @@
# if ULONG_MAX == 18446744073709551615ul
# define BRG_UI64
# define li_64(h) 0x##h##ul
- #ifndef _UINT64_T /* Apple define their own version - pcg */
+ #if !defined(_UINT64_T) && !defined(_UINT64_T_DEFINED_) /* Apple define their own version - pcg */
typedef unsigned long uint64_t; /* AES-GCM - pcg */
#endif /* !_UINT64_T */
# endif
--- misc/config.h.orig 2024-01-14 23:08:30.593591000 -0500
+++ misc/config.h 2024-01-14 23:10:25.859020000 -0500
@@ -33,6 +33,8 @@
#define PREFER_ECC
#define USE_SSH_CTR
#define CONFIG_NUM_OBJECTS 16384
+#define USE_TLS13
+#define USE_PSS
/****************************************************************************
* *
* Custom Configuration Profiles *
--- crypt32.vcxproj.orig 2018-01-03 01:05:54.648617000 -0500
+++ crypt32.vcxproj 2018-01-03 01:14:08.964397000 -0500
@@ -109,6 +109,8 @@
--- crypt32.vcxproj.orig 2023-06-14 23:54:56.000000000 -0400
+++ crypt32.vcxproj 2023-12-31 06:32:59.386199000 -0500
@@ -208,6 +208,8 @@
<ControlFlowGuard>false</ControlFlowGuard>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<BasicRuntimeChecks>UninitializedLocalUsageCheck</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -216,6 +218,7 @@
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
<ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
<ModuleDefinitionFile>.\crypt32.def</ModuleDefinitionFile>
+ <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<Profile>false</Profile>
</Link>
</ItemDefinitionGroup>
@@ -232,6 +235,8 @@
<ControlFlowGuard>false</ControlFlowGuard>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -240,6 +245,7 @@
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
<ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
<ModuleDefinitionFile>.\crypt32.def</ModuleDefinitionFile>
+ <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<Profile>false</Profile>
</Link>
</ItemDefinitionGroup>
@@ -254,6 +260,8 @@
<SmallerTypeCheck>false</SmallerTypeCheck>
<AdditionalIncludeDirectories>.\</AdditionalIncludeDirectories>
<ControlFlowGuard>false</ControlFlowGuard>
......@@ -9,16 +43,50 @@
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -117,6 +119,7 @@
@@ -262,6 +270,7 @@
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
<ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
<ModuleDefinitionFile>.\crypt32.def</ModuleDefinitionFile>
<ModuleDefinitionFile>.\crypt32_fuzz.def</ModuleDefinitionFile>
+ <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<Profile>false</Profile>
</Link>
</ItemDefinitionGroup>
@@ -276,6 +285,8 @@
<SmallerTypeCheck>false</SmallerTypeCheck>
<AdditionalIncludeDirectories>.\</AdditionalIncludeDirectories>
<ControlFlowGuard>false</ControlFlowGuard>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -284,6 +295,7 @@
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
<ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
<ModuleDefinitionFile>.\crypt32_fuzz.def</ModuleDefinitionFile>
+ <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<Profile>false</Profile>
</Link>
</ItemDefinitionGroup>
@@ -131,6 +134,8 @@
<SmallerTypeCheck>true</SmallerTypeCheck>
@@ -300,6 +312,8 @@
<ControlFlowGuard>false</ControlFlowGuard>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<BasicRuntimeChecks>UninitializedLocalUsageCheck</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -309,6 +323,7 @@
<ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
<ModuleDefinitionFile>
</ModuleDefinitionFile>
+ <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<Profile>false</Profile>
</Link>
<ResourceCompile>
@@ -326,6 +341,8 @@
<SmallerTypeCheck>false</SmallerTypeCheck>
<AdditionalIncludeDirectories>.\</AdditionalIncludeDirectories>
<ControlFlowGuard>false</ControlFlowGuard>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
......@@ -26,7 +94,15 @@
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -160,6 +165,8 @@
@@ -335,6 +352,7 @@
<ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
<ModuleDefinitionFile>
</ModuleDefinitionFile>
+ <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<Profile>false</Profile>
</Link>
<ResourceCompile>
@@ -355,6 +373,8 @@
<ExceptionHandling>false</ExceptionHandling>
<ControlFlowGuard>Guard</ControlFlowGuard>
<WholeProgramOptimization>true</WholeProgramOptimization>
......@@ -35,7 +111,24 @@
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -187,6 +194,8 @@
@@ -367,6 +387,7 @@
<ModuleDefinitionFile>.\crypt32.def</ModuleDefinitionFile>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+ <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
@@ -383,6 +404,8 @@
<ExceptionHandling>false</ExceptionHandling>
<ControlFlowGuard>Guard</ControlFlowGuard>
<WholeProgramOptimization>true</WholeProgramOptimization>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -410,6 +433,8 @@
<ExceptionHandling>false</ExceptionHandling>
<StringPooling>true</StringPooling>
<ControlFlowGuard>Guard</ControlFlowGuard>
......@@ -44,7 +137,15 @@
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -607,4 +616,4 @@
@@ -422,6 +447,7 @@
<ModuleDefinitionFile>
</ModuleDefinitionFile>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+ <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
<ResourceCompile>
<PreprocessorDefinitions>_WIN64</PreprocessorDefinitions>
@@ -896,4 +922,4 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
......
--- io/file.c.orig 2023-12-31 10:28:41.818647000 -0500
+++ io/file.c 2023-12-31 10:28:56.618717000 -0500
@@ -5226,7 +5226,7 @@
CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1 ) ) \
static BOOLEAN isSpecialSID( INOUT_PTR SID *pUserSid )
{
-#if defined( _MSC_VER ) && VC_LT_2005( _MSC_VER )
+#if VC_LT_2005( _MSC_VER )
BYTE sidBuffer[ SID_BUFFER_SIZE + 8 ];
SID *pSid = ( PSID ) sidBuffer;
SID_IDENTIFIER_AUTHORITY identifierAuthority = SECURITY_NT_AUTHORITY;
--- test/certs.c.orig 2018-01-03 02:46:59.742613000 -0500
+++ test/certs.c 2018-01-03 02:47:14.150003000 -0500
@@ -17,7 +17,7 @@
#define _OSSPEC_DEFINED
#if !defined( __WIN32__ ) && ( defined( WIN32 ) || defined( _WIN32 ) )
#define __WIN32__
- #elif !defined( __WIN64__ ) defined( _M_X64 )
+ #elif !defined( __WIN64__ ) && defined( _M_X64 )
#define __WIN64__
#endif /* Win32/Win64 */
#define VC_LT_2005( version ) ( version < 1400 )
--- test/ssh.c.orig 2018-01-03 02:55:55.133827000 -0500
+++ test/ssh.c 2018-01-03 02:56:03.891978000 -0500
@@ -17,7 +17,7 @@
#define _OSSPEC_DEFINED
#if !defined( __WIN32__ ) && ( defined( WIN32 ) || defined( _WIN32 ) )
#define __WIN32__
- #elif !defined( __WIN64__ ) defined( _M_X64 )
+ #elif !defined( __WIN64__ ) && defined( _M_X64 )
#define __WIN64__
#endif /* Win32/Win64 */
#define VC_16BIT( version ) ( version <= 800 )
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment