Skip to content
Snippets Groups Projects
Commit a3c6d153 authored by Deucе's avatar Deucе :ok_hand_tone4: Committed by Rob Swindell
Browse files

Update Cryptlib to 3.4.8

parent 753ec4a9
No related branches found
No related tags found
1 merge request!473Update Cryptlib to 3.4.8
Showing
with 230 additions and 349 deletions
--- ./session/tls_hello.c.orig 2020-01-24 18:02:09.710811000 -0500 --- ./session/tls_hello.c.orig 2024-05-27 00:36:04.000000000 -0400
+++ ./session/tls_hello.c 2020-01-24 18:02:24.220573000 -0500 +++ ./session/tls_hello.c 2024-10-31 00:50:22.021163000 -0400
@@ -223,6 +223,7 @@ @@ -269,6 +269,7 @@
if( cryptStatusError( status ) ) if( cryptStatusError( status ) )
return( status ); return( status );
sessionInfoPtr->cryptBlocksize = queryInfo.blockSize; sessionInfoPtr->cryptBlocksize = queryInfo.blockSize;
+ CLEAR_FLAG( sessionInfoPtr->protocolFlags, TLS_PFLAG_GCM ); + CLEAR_FLAG( sessionInfoPtr->protocolFlags, TLS_PFLAG_GCM );
} }
DEBUG_PRINT(( "Cipher suite set to %s.\n",
return( CRYPT_OK ); cipherSuiteInfoPtr->debugText ));
--- session/ssh2_channel.c.orig 2024-01-21 13:40:11.856563000 -0500 --- ./session/ssh2_channel.c.orig 2024-10-31 00:50:22.893962000 -0400
+++ session/ssh2_channel.c 2024-01-21 13:49:03.319502000 -0500 +++ ./session/ssh2_channel.c 2024-10-31 00:50:23.103563000 -0400
@@ -1043,28 +1043,32 @@ @@ -1043,28 +1043,32 @@
!isChannelActive( sessionInfoPtr, channelID ) ) !isChannelActive( sessionInfoPtr, channelID ) )
return( CRYPT_ERROR_PERMISSION ); return( CRYPT_ERROR_PERMISSION );
......
--- misc/os_detect.h.orig 2023-12-31 10:15:40.782951000 -0500 --- ./misc/os_detect.h.orig 2024-10-23 02:45:14.000000000 -0400
+++ misc/os_detect.h 2023-12-31 10:16:40.940469000 -0500 +++ ./misc/os_detect.h 2024-10-31 00:50:21.539462000 -0400
@@ -658,7 +658,9 @@ @@ -684,7 +684,9 @@
__GNUC__ is defined but the gcc include files aren't present. The __GNUC__ is defined but the gcc include files aren't present. The
above checks catch the most common cases, if there are other pretend- above checks catch the most common cases, if there are other pretend-
gcc's then they'll need to be special-cased before this one */ gcc's then they'll need to be special-cased before this one */
......
--- misc/os_spec.c.orig 2024-10-12 02:22:09.340489000 -0400 --- ./misc/os_spec.c.orig 2024-10-31 00:50:23.673573000 -0400
+++ misc/os_spec.c 2024-10-12 02:23:00.791733000 -0400 +++ ./misc/os_spec.c 2024-10-31 00:50:23.703963000 -0400
@@ -3357,11 +3357,11 @@ @@ -3389,11 +3389,11 @@
/* Walk down the block list checking whether the page(s) contain another /* Walk down the block list checking whether the page(s) contain another
locked block */ locked block */
......
--- misc/os_spec.c.orig 2023-02-26 03:33:34.000000000 -0500 --- ./misc/os_spec.c.orig 2024-10-31 00:50:23.634922000 -0400
+++ misc/os_spec.c 2024-10-12 02:13:21.004004000 -0400 +++ ./misc/os_spec.c 2024-10-31 00:50:23.673573000 -0400
@@ -2147,37 +2147,76 @@ @@ -2179,37 +2179,76 @@
return( sysCaps ); return( sysCaps );
} }
...@@ -96,7 +96,7 @@ ...@@ -96,7 +96,7 @@
CHECK_RETVAL_ENUM( HWINTRINS_FLAG ) \ CHECK_RETVAL_ENUM( HWINTRINS_FLAG ) \
static int getHWIntrins( void ) static int getHWIntrins( void )
{ {
@@ -2185,19 +2224,16 @@ @@ -2217,19 +2256,16 @@
char vendorID[ 12 + 8 ]; char vendorID[ 12 + 8 ];
int *vendorIDptr = ( int * ) vendorID; int *vendorIDptr = ( int * ) vendorID;
unsigned long processorID, featureFlags, featureFlags2; unsigned long processorID, featureFlags, featureFlags2;
...@@ -122,7 +122,7 @@ ...@@ -122,7 +122,7 @@
processorID = cpuidInfo.eax; processorID = cpuidInfo.eax;
featureFlags = cpuidInfo.ecx; featureFlags = cpuidInfo.ecx;
featureFlags2 = cpuidInfo.ebx; featureFlags2 = cpuidInfo.ebx;
@@ -2206,10 +2242,7 @@ @@ -2238,10 +2274,7 @@
if( !memcmp( vendorID, "CentaurHauls", 12 ) ) if( !memcmp( vendorID, "CentaurHauls", 12 ) )
{ {
/* Get the Centaur extended CPUID info and check whether the feature- /* Get the Centaur extended CPUID info and check whether the feature-
...@@ -134,7 +134,7 @@ ...@@ -134,7 +134,7 @@
cpuID( &cpuidInfo, 0xC0000000 ); cpuID( &cpuidInfo, 0xC0000000 );
if( cpuidInfo.eax >= 0xC0000001 ) if( cpuidInfo.eax >= 0xC0000001 )
{ {
@@ -2247,76 +2280,37 @@ @@ -2279,76 +2312,37 @@
return( sysCaps ); return( sysCaps );
} }
...@@ -230,7 +230,7 @@ ...@@ -230,7 +230,7 @@
CHECK_RETVAL_ENUM( HWINTRINS_FLAG ) \ CHECK_RETVAL_ENUM( HWINTRINS_FLAG ) \
static int getHWIntrins( void ) static int getHWIntrins( void )
{ {
@@ -2324,16 +2318,19 @@ @@ -2356,16 +2350,19 @@
char vendorID[ 12 + 8 ]; char vendorID[ 12 + 8 ];
int *vendorIDptr = ( int * ) vendorID; int *vendorIDptr = ( int * ) vendorID;
unsigned long processorID, featureFlags, featureFlags2; unsigned long processorID, featureFlags, featureFlags2;
...@@ -256,7 +256,7 @@ ...@@ -256,7 +256,7 @@
processorID = cpuidInfo.eax; processorID = cpuidInfo.eax;
featureFlags = cpuidInfo.ecx; featureFlags = cpuidInfo.ecx;
featureFlags2 = cpuidInfo.ebx; featureFlags2 = cpuidInfo.ebx;
@@ -2342,7 +2339,10 @@ @@ -2374,7 +2371,10 @@
if( !memcmp( vendorID, "CentaurHauls", 12 ) ) if( !memcmp( vendorID, "CentaurHauls", 12 ) )
{ {
/* Get the Centaur extended CPUID info and check whether the feature- /* Get the Centaur extended CPUID info and check whether the feature-
......
--- misc/os_spec.h.orig 2024-02-20 21:13:23.001994000 -0500 --- ./misc/os_spec.h.orig 2024-10-31 00:50:21.704806000 -0400
+++ misc/os_spec.h 2024-02-20 21:15:43.649318000 -0500 +++ ./misc/os_spec.h 2024-10-31 00:50:23.351105000 -0400
@@ -1164,10 +1164,12 @@ @@ -1168,10 +1168,12 @@
#endif /* OpenBSD safe string functions */ #endif /* OpenBSD safe string functions */
/* Widechar functions */ /* Widechar functions */
...@@ -13,8 +13,8 @@ ...@@ -13,8 +13,8 @@
#if defined( USE_EMBEDDED_OS ) #if defined( USE_EMBEDDED_OS )
/* Support for the thread-safe mbtowc() is practially nonexistent in /* Support for the thread-safe mbtowc() is practially nonexistent in
embedded OSes, but in any case is unlikely to be necessary since embedded OSes, but in any case is unlikely to be necessary since
--- misc/int_string.c.orig 2024-02-20 21:26:17.818569000 -0500 --- ./misc/int_string.c.orig 2023-02-08 05:06:16.000000000 -0500
+++ misc/int_string.c 2024-02-20 21:27:13.057203000 -0500 +++ ./misc/int_string.c 2024-10-31 00:50:23.355033000 -0400
@@ -475,6 +475,7 @@ @@ -475,6 +475,7 @@
****************************************************************************/ ****************************************************************************/
......
--- ./session/ssh2_msgsvr.c.orig 2024-01-22 00:34:35.418900000 -0500 --- ./session/ssh2_msgsvr.c.orig 2024-10-31 00:50:22.441423000 -0400
+++ ./session/ssh2_msgsvr.c 2024-01-22 00:40:38.301267000 -0500 +++ ./session/ssh2_msgsvr.c 2024-10-31 00:50:23.269569000 -0400
@@ -676,7 +676,9 @@ @@ -676,7 +676,9 @@
setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT, status); setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT, status);
break; break;
......
--- session/ssh2_msg.c.orig 2023-12-29 14:59:17.512549000 -0500 --- ./cryptlib.h.orig 2024-10-31 00:50:22.528176000 -0400
+++ session/ssh2_msg.c 2023-12-29 15:00:11.110220000 -0500 +++ ./cryptlib.h 2024-10-31 00:50:22.662806000 -0400
@@ -457,7 +457,7 @@ @@ -1277,6 +1277,7 @@
channelNo ) == CHANNEL_BOTH )
{
status = sendChannelClose( sessionInfoPtr, channelNo,
- CHANNEL_BOTH, TRUE );
+ CHANNEL_READ, TRUE );
}
else
{
@@ -527,6 +538,8 @@
no more channels left to close */
status = deleteChannel( sessionInfoPtr, channelNo, channelType,
closeLastChannel );
+ if( getChannelStatusByChannelNo( sessionInfoPtr, channelNo ) == CHANNEL_NONE )
+ return CRYPT_OK;
if( cryptStatusError( status ) )
{
if( status != OK_SPECIAL )
--- cryptlib.h.orig 2023-12-29 15:55:17.717475000 -0500
+++ cryptlib.h 2023-12-29 15:56:34.124863000 -0500
@@ -1228,6 +1228,7 @@
CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL, /* TERM string sent to remote */ CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL, /* TERM string sent to remote */
CRYPT_SESSINFO_SSH_CHANNEL_WIDTH, /* Terminal width */ CRYPT_SESSINFO_SSH_CHANNEL_WIDTH, /* Terminal width */
CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT, /* Terminal height */ CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT, /* Terminal height */
...@@ -28,7 +8,7 @@ ...@@ -28,7 +8,7 @@
/* Used internally */ /* Used internally */
CRYPT_SESSINFO_LAST, CRYPT_USERINFO_FIRST = 7000, CRYPT_SESSINFO_LAST, CRYPT_USERINFO_FIRST = 7000,
@@ -1374,7 +1375,7 @@ @@ -1439,7 +1440,7 @@
CRYPT_CERTINFO_FIRST_CMS = CRYPT_CERTINFO_CMS_CONTENTTYPE, CRYPT_CERTINFO_FIRST_CMS = CRYPT_CERTINFO_CMS_CONTENTTYPE,
CRYPT_CERTINFO_LAST_CMS = CRYPT_CERTINFO_LAST - 1, CRYPT_CERTINFO_LAST_CMS = CRYPT_CERTINFO_LAST - 1,
CRYPT_SESSINFO_FIRST_SPECIFIC = CRYPT_SESSINFO_REQUEST, CRYPT_SESSINFO_FIRST_SPECIFIC = CRYPT_SESSINFO_REQUEST,
...@@ -37,8 +17,8 @@ ...@@ -37,8 +17,8 @@
/* Point at which private-use values start. Attribute values sometimes /* Point at which private-use values start. Attribute values sometimes
need to be extended with additional pseudo-values in object-specific need to be extended with additional pseudo-values in object-specific
--- ./session/ssh2_channel.c.orig 2023-12-29 19:50:00.990529000 -0500 --- ./session/ssh2_channel.c.orig 2024-10-31 00:50:22.433953000 -0400
+++ ./session/ssh2_channel.c 2023-12-29 19:51:32.502476000 -0500 +++ ./session/ssh2_channel.c 2024-10-31 00:50:22.667097000 -0400
@@ -24,6 +24,7 @@ @@ -24,6 +24,7 @@
#define CHANNEL_FLAG_NONE 0x00 /* No channel flag */ #define CHANNEL_FLAG_NONE 0x00 /* No channel flag */
#define CHANNEL_FLAG_ACTIVE 0x01 /* Channel is active */ #define CHANNEL_FLAG_ACTIVE 0x01 /* Channel is active */
...@@ -47,7 +27,7 @@ ...@@ -47,7 +27,7 @@
/* Per-channel information. SSH channel IDs are 32-bit/4 byte data values /* Per-channel information. SSH channel IDs are 32-bit/4 byte data values
and can be reused during sessions so we provide our own guaranteed-unique and can be reused during sessions so we provide our own guaranteed-unique
@@ -126,6 +127,8 @@ @@ -118,6 +119,8 @@
after */ after */
ENSURES( attributeListPtr->valueLength == sizeof( SSH_CHANNEL_INFO ) ); ENSURES( attributeListPtr->valueLength == sizeof( SSH_CHANNEL_INFO ) );
channelInfoPtr = attributeListPtr->value; channelInfoPtr = attributeListPtr->value;
...@@ -56,7 +36,7 @@ ...@@ -56,7 +36,7 @@
if( isActiveChannel( channelInfoPtr ) && \ if( isActiveChannel( channelInfoPtr ) && \
channelInfoPtr->channelID != excludedChannelID ) channelInfoPtr->channelID != excludedChannelID )
return( TRUE ); return( TRUE );
@@ -149,7 +152,9 @@ @@ -141,7 +144,9 @@
static const CRYPT_ATTRIBUTE_TYPE attributeOrderList[] = { static const CRYPT_ATTRIBUTE_TYPE attributeOrderList[] = {
CRYPT_SESSINFO_SSH_CHANNEL, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, CRYPT_SESSINFO_SSH_CHANNEL, CRYPT_SESSINFO_SSH_CHANNEL_TYPE,
CRYPT_SESSINFO_SSH_CHANNEL_ARG1, CRYPT_SESSINFO_SSH_CHANNEL_ARG2, CRYPT_SESSINFO_SSH_CHANNEL_ARG1, CRYPT_SESSINFO_SSH_CHANNEL_ARG2,
...@@ -67,7 +47,7 @@ ...@@ -67,7 +47,7 @@
CRYPT_ATTRIBUTE_NONE }; CRYPT_ATTRIBUTE_NONE };
SSH_CHANNEL_INFO *channelInfoPtr = attributeListPtr->value; SSH_CHANNEL_INFO *channelInfoPtr = attributeListPtr->value;
CRYPT_ATTRIBUTE_TYPE attributeType = channelInfoPtr->cursorPos; CRYPT_ATTRIBUTE_TYPE attributeType = channelInfoPtr->cursorPos;
@@ -229,6 +234,7 @@ @@ -228,6 +233,7 @@
case CRYPT_SESSINFO_SSH_CHANNEL: case CRYPT_SESSINFO_SSH_CHANNEL:
case CRYPT_SESSINFO_SSH_CHANNEL_TYPE: case CRYPT_SESSINFO_SSH_CHANNEL_TYPE:
case CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE: case CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE:
...@@ -75,7 +55,7 @@ ...@@ -75,7 +55,7 @@
doContinue = FALSE; /* Always present */ doContinue = FALSE; /* Always present */
break; break;
@@ -474,6 +480,8 @@ @@ -476,6 +482,8 @@
{ {
const SSH_CHANNEL_INFO *channelInfoPtr = \ const SSH_CHANNEL_INFO *channelInfoPtr = \
getCurrentChannelInfo( sessionInfoPtr, CHANNEL_READ ); getCurrentChannelInfo( sessionInfoPtr, CHANNEL_READ );
...@@ -84,7 +64,7 @@ ...@@ -84,7 +64,7 @@
assert( isReadPtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) ); assert( isReadPtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
assert( isWritePtr( value, sizeof( int ) ) ); assert( isWritePtr( value, sizeof( int ) ) );
@@ -485,27 +493,38 @@ @@ -487,27 +495,38 @@
/* Clear return values */ /* Clear return values */
*value = 0; *value = 0;
...@@ -129,7 +109,7 @@ ...@@ -129,7 +109,7 @@
return CRYPT_ERROR_NOTFOUND; return CRYPT_ERROR_NOTFOUND;
*value = channelInfoPtr->height; *value = channelInfoPtr->height;
return( CRYPT_OK ); return( CRYPT_OK );
@@ -760,7 +779,7 @@ @@ -765,7 +784,7 @@
channelInfoPtr = findChannelByChannelNo( sessionInfoPtr, channelNo ); channelInfoPtr = findChannelByChannelNo( sessionInfoPtr, channelNo );
return( ( channelInfoPtr == NULL ) ? CHANNEL_NONE : \ return( ( channelInfoPtr == NULL ) ? CHANNEL_NONE : \
( channelInfoPtr->flags & CHANNEL_FLAG_WRITECLOSED ) ? \ ( channelInfoPtr->flags & CHANNEL_FLAG_WRITECLOSED ) ? \
...@@ -138,7 +118,7 @@ ...@@ -138,7 +118,7 @@
} }
CHECK_RETVAL_ENUM( CHANNEL ) STDC_NONNULL_ARG( ( 1 ) ) \ CHECK_RETVAL_ENUM( CHANNEL ) STDC_NONNULL_ARG( ( 1 ) ) \
@@ -780,7 +799,7 @@ @@ -785,7 +804,7 @@
addrInfoLen ); addrInfoLen );
return( ( channelInfoPtr == NULL ) ? CHANNEL_NONE : \ return( ( channelInfoPtr == NULL ) ? CHANNEL_NONE : \
( channelInfoPtr->flags & CHANNEL_FLAG_WRITECLOSED ) ? \ ( channelInfoPtr->flags & CHANNEL_FLAG_WRITECLOSED ) ? \
...@@ -147,7 +127,7 @@ ...@@ -147,7 +127,7 @@
} }
/**************************************************************************** /****************************************************************************
@@ -1001,12 +1020,22 @@ @@ -1013,12 +1032,22 @@
/* Delete the channel entry. If we're only closing the write side we /* Delete the channel entry. If we're only closing the write side we
mark the channel as closed for write but leave the overall channel mark the channel as closed for write but leave the overall channel
open */ open */
...@@ -171,9 +151,9 @@ ...@@ -171,9 +151,9 @@
return( isChannelActive( sessionInfoPtr, \ return( isChannelActive( sessionInfoPtr, \
channelInfoPtr->channelID ) ? \ channelInfoPtr->channelID ) ? \
CRYPT_OK : OK_SPECIAL ); CRYPT_OK : OK_SPECIAL );
--- session/ssh.c.orig 2023-12-31 08:49:41.952161000 -0500 --- ./session/ssh.c.orig 2024-10-31 00:50:22.598316000 -0400
+++ session/ssh.c 2023-12-31 08:50:06.475509000 -0500 +++ ./session/ssh.c 2024-10-31 00:50:22.670528000 -0400
@@ -543,6 +543,7 @@ @@ -556,6 +556,7 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL || \ type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL || \
...@@ -181,7 +161,7 @@ ...@@ -181,7 +161,7 @@
type == CRYPT_SESSINFO_SSH_PREAUTH ); type == CRYPT_SESSINFO_SSH_PREAUTH );
#else #else
REQUIRES( type == CRYPT_SESSINFO_SSH_PREAUTH ); REQUIRES( type == CRYPT_SESSINFO_SSH_PREAUTH );
@@ -567,7 +568,8 @@ @@ -593,7 +594,8 @@
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \ if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \ type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \ type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
...@@ -191,9 +171,29 @@ ...@@ -191,9 +171,29 @@
{ {
status = getChannelAttribute( sessionInfoPtr, type, data ); status = getChannelAttribute( sessionInfoPtr, type, data );
} }
--- kernel/attr_acl.c.orig 2023-12-31 08:49:41.973327000 -0500 --- ./session/ssh2_msg.c.orig 2023-02-26 03:33:24.000000000 -0500
+++ kernel/attr_acl.c 2023-12-31 08:51:13.972549000 -0500 +++ ./session/ssh2_msg.c 2024-10-31 00:50:22.659472000 -0400
@@ -3943,6 +3943,12 @@ @@ -468,7 +468,7 @@
channelNo ) == CHANNEL_BOTH )
{
status = sendChannelClose( sessionInfoPtr, channelNo,
- CHANNEL_BOTH, TRUE );
+ CHANNEL_READ, TRUE );
}
else
{
@@ -527,6 +527,8 @@
no more channels left to close */
status = deleteChannel( sessionInfoPtr, channelNo, channelType,
closeLastChannel );
+ if( getChannelStatusByChannelNo( sessionInfoPtr, channelNo ) == CHANNEL_NONE )
+ return CRYPT_OK;
if( cryptStatusError( status ) )
{
if( status != OK_SPECIAL )
--- ./kernel/attr_acl.c.orig 2024-10-31 00:50:22.593469000 -0400
+++ ./kernel/attr_acl.c 2024-10-31 00:50:22.675666000 -0400
@@ -3980,6 +3980,12 @@
MKPERM_SSH_EXT( RWx_RWx ), MKPERM_SSH_EXT( RWx_RWx ),
ROUTE( OBJECT_TYPE_SESSION ), ROUTE( OBJECT_TYPE_SESSION ),
subACL_SessinfoSSHChannelHeight ), subACL_SessinfoSSHChannelHeight ),
...@@ -206,7 +206,7 @@ ...@@ -206,7 +206,7 @@
MKACL_END(), MKACL_END() MKACL_END(), MKACL_END()
}; };
@@ -4931,7 +4937,7 @@ @@ -4968,7 +4974,7 @@
static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" ); static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" ); static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6017, "Attribute value" ); static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6017, "Attribute value" );
......
--- session/ssh2_crypt.c.orig 2020-04-29 14:08:11.580413000 -0400
+++ session/ssh2_crypt.c 2020-04-29 14:08:27.391588000 -0400
@@ -265,7 +265,7 @@
/* Load the appropriate static ECDH key parameters */
status = krnlSendMessage( iECDHContext, IMESSAGE_SETATTRIBUTE,
( MESSAGE_CAST ) &eccKeySize,
- CRYPT_IATTRIBUTE_KEY_DLPPARAM );
+ CRYPT_IATTRIBUTE_KEY_ECCPARAM );
if( cryptStatusError( status ) )
{
krnlSendNotifier( iECDHContext, IMESSAGE_DECREFCOUNT );
--- session/session.h.orig 2024-02-22 21:46:07.919870000 -0500
+++ session/session.h 2024-02-22 21:54:28.395535000 -0500
@@ -370,6 +370,14 @@
BUFFER_FIXED( KEYID_SIZE ) \
BYTE authUserNameHash[ KEYID_SIZE + 8 ];/* Hashed userID */
/* SSH_AUTHTYPE_TYPE */ int authType; /* Authentication method */
+
+ /* If a header is only partially read, cryptlib takes a shit because
+ it's in a local variable. Store it in the session data instead.
+ Note, we can't use LENGTH_SIZE or MIN_PACKET_SIZE as in the original
+ since it's defined with two different values in tls.h and ssh.h.
+ Just hard-coding 20 here (LENGTH_SIZE + MIN_PACKET_SIZE per ssh.h). */
+ BUFFER_FIXED( 20 ) \
+ BYTE headerBuffer[ 20 + 8 ];
} SSH_INFO;
#endif /* USE_SSH */
--- session/ssh2_rd.c.orig 2023-06-15 04:35:42.000000000 -0400
+++ session/ssh2_rd.c 2024-02-24 13:14:20.946739000 -0500
@@ -407,7 +407,6 @@
const SSH_PROTOSTATE_TYPE protocolState )
{
STREAM stream;
- BYTE headerBuffer[ LENGTH_SIZE + MIN_PACKET_SIZE + 8 ];
const BOOLEAN isHandshake = \
( protocolState == SSH_PROTOSTATE_HANDSHAKE || \
protocolState == SSH_PROTOSTATE_AUTH ) ? TRUE : FALSE;
@@ -460,13 +459,13 @@
conditions due to buggy SSH implementations, to handle these we
check the return code as well as the returned data to see if we
need to process it specially */
- status = readFixedHeaderAtomic( sessionInfoPtr, headerBuffer,
+ status = readFixedHeaderAtomic( sessionInfoPtr, sshInfo->headerBuffer,
headerByteCount );
if( status == CRYPT_ERROR_READ || cryptStatusOK( status ) )
{
const int localStatus = \
checkHandshakePacketStatus( sessionInfoPtr, status,
- headerBuffer, headerByteCount,
+ sshInfo->headerBuffer, headerByteCount,
expectedType );
if( cryptStatusError( localStatus ) )
status = localStatus;
@@ -474,7 +473,7 @@
}
else
{
- status = readFixedHeader( sessionInfoPtr, headerBuffer,
+ status = readFixedHeader( sessionInfoPtr, sshInfo->headerBuffer,
headerByteCount );
}
if( cryptStatusError( status ) )
@@ -500,8 +499,8 @@
of the message we decrypt */
if( isSecureRead )
{
- void *payloadPtr = useETM ? headerBuffer + LENGTH_SIZE : \
- headerBuffer;
+ void *payloadPtr = useETM ? sshInfo->headerBuffer + LENGTH_SIZE : \
+ sshInfo->headerBuffer;
/* If we're using EtM then we have to preserve a copy of the
ciphertext so that we can MAC it later */
@@ -541,7 +540,7 @@
larger than the (remaining) data that we've already read. For
this case we need to check that the data payload is at least as
long as the minimum-length packet */
- sMemConnect( &stream, headerBuffer, headerByteCount );
+ sMemConnect( &stream, sshInfo->headerBuffer, headerByteCount );
status = length = readUint32( &stream );
static_assert( SSH_HEADER_REMAINDER_SIZE == MIN_PACKET_SIZE - \
LENGTH_SIZE, \
@@ -598,8 +597,8 @@
from the stream above but have to manually extract it here */
static_assert( LENGTH_SIZE + 1 + ID_SIZE <= MIN_PACKET_SIZE,
"Header length calculation" );
- sshInfo->padLength = headerBuffer[ LENGTH_SIZE ];
- sshInfo->packetType = headerBuffer[ LENGTH_SIZE + 1 ];
+ sshInfo->padLength = sshInfo->headerBuffer[ LENGTH_SIZE ];
+ sshInfo->packetType = sshInfo->headerBuffer[ LENGTH_SIZE + 1 ];
if( sshInfo->padLength < SSH2_MIN_PADLENGTH_SIZE || \
sshInfo->padLength > 255 )
{
--- test/test.h.orig 2023-12-31 07:11:19.119452000 -0500
+++ test/test.h 2023-12-31 07:11:41.022395000 -0500
@@ -378,6 +378,7 @@
#define THREAD_SLEEP( ms ) Sleep( ms )
typedef unsigned ( __stdcall *THREAD_FUNC )( void *arg );
#elif defined( UNIX_THREADS )
+ #include <sys/select.h>
#define THREAD_HANDLE pthread_t
#define THREAD_EXIT() pthread_exit( ( void * ) 0 )
#define THREAD_SELF() pthread_self()
--- io/tcp.h.orig 2021-12-09 19:31:03.572654000 -0500 --- ./io/tcp.h.orig 2023-08-15 22:03:04.000000000 -0400
+++ io/tcp.h 2021-12-09 19:31:34.740365000 -0500 +++ ./io/tcp.h 2024-10-31 00:50:22.353981000 -0400
@@ -962,15 +962,7 @@ @@ -1114,17 +1114,7 @@
#ifndef INVALID_SOCKET #ifndef INVALID_SOCKET
#define INVALID_SOCKET ( -1 ) #define INVALID_SOCKET ( -1 )
#endif /* INVALID_SOCKET */ #endif /* INVALID_SOCKET */
-#if defined( __WINDOWS__ ) -#if defined( __FreeRTOS__ ) && defined( USE_FREERTOS_SOCKETS )
- #define isBadSocket( socket ) ( ( socket ) == INVALID_SOCKET )
-#elif defined( __WINDOWS__ )
- #define isBadSocket( socket ) ( ( socket ) == INVALID_SOCKET ) - #define isBadSocket( socket ) ( ( socket ) == INVALID_SOCKET )
-#elif defined( STDERR_FILENO ) -#elif defined( STDERR_FILENO )
- #define isBadSocket( socket ) ( ( socket ) <= STDERR_FILENO || \ - #define isBadSocket( socket ) ( ( socket ) <= STDERR_FILENO || \
......
--- crypt/osconfig.h.orig 2024-10-13 06:57:14.810287104 +0000 --- crypt/osconfig.h.orig 2024-10-31 00:53:32.911075000 -0400
+++ crypt/osconfig.h 2024-10-13 06:58:42.890503168 +0000 +++ crypt/osconfig.h 2024-10-31 00:55:38.632254000 -0400
@@ -96,7 +96,7 @@ @@ -310,7 +310,7 @@
identical, even if they differ at a higher level */ identical, even if they differ at a higher level */
#if defined( __FreeBSD__ ) || defined( __bsdi__ ) || \ #elif defined( __FreeBSD__ ) || defined( __bsdi__ ) || \
defined( __OpenBSD__ ) || defined( __NetBSD__ ) || \ defined( __OpenBSD__ ) || defined( __NetBSD__ ) || \
- defined( __linux__ ) - defined( __linux__ )
+ defined( __linux__ ) || defined( __HAIKU__ ) + defined( __linux__ ) || defined( __HAIKU__ )
#if defined( __x86_64__ ) || defined( __amd64__ ) #if defined( __x86_64__ ) || defined( __amd64__ )
/* 64-bit x86 has both 'long' and 'long long' as 64 bits. In addition /* 64-bit x86 has both 'long' and 'long long' as 64 bits. In addition
we use DES_INT since int's are 64-bit. We have to check for the we use DES_INT since int's are 64-bit. We have to check for the
--- io/file.c.orig 2024-10-13 07:30:37.232521728 +0000 --- io/file.c.orig 2024-10-31 00:53:35.106314000 -0400
+++ io/file.c 2024-10-13 07:53:48.930349056 +0000 +++ io/file.c 2024-10-31 00:53:35.251907000 -0400
@@ -4417,7 +4417,7 @@ @@ -4419,7 +4419,7 @@
#if defined( __FreeBSD__ ) #if defined( __FreeBSD__ )
struct timeval timeVals[ 2 ]; struct timeval timeVals[ 2 ];
#elif !( defined( __APPLE__ ) || defined( __FreeBSD__ ) || \ #elif !( defined( __APPLE__ ) || defined( __FreeBSD__ ) || \
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
struct utimbuf timeStamp; struct utimbuf timeStamp;
#endif /* OS-specific variable declarations */ #endif /* OS-specific variable declarations */
#endif /* USE_EMBEDDED_OS */ #endif /* USE_EMBEDDED_OS */
@@ -4480,7 +4480,7 @@ @@ -4482,7 +4482,7 @@
generic DoS that they could perform anyway if they have the user's generic DoS that they could perform anyway if they have the user's
rights */ rights */
#ifndef USE_EMBEDDED_OS /* Embedded systems have no file timestamps */ #ifndef USE_EMBEDDED_OS /* Embedded systems have no file timestamps */
...@@ -29,9 +29,9 @@ ...@@ -29,9 +29,9 @@
sFileClose( &stream ); sFileClose( &stream );
utimes( fileName, NULL ); /* Android's Linux doesn't have futimes() */ utimes( fileName, NULL ); /* Android's Linux doesn't have futimes() */
#elif defined( __APPLE__ ) #elif defined( __APPLE__ )
--- kernel/thread.h.orig 2024-10-13 07:55:48.750518272 +0000 --- kernel/thread.h.orig 2024-10-31 00:53:35.043387000 -0400
+++ kernel/thread.h 2024-10-13 07:57:17.796131328 +0000 +++ kernel/thread.h 2024-10-31 00:53:35.257697000 -0400
@@ -3135,7 +3135,8 @@ @@ -3184,7 +3184,8 @@
#endif /* Slowaris 5.7 / 7.x or newer */ #endif /* Slowaris 5.7 / 7.x or newer */
#elif defined( _AIX ) || defined( __Android__ ) || defined( __CYGWIN__ ) || \ #elif defined( _AIX ) || defined( __Android__ ) || defined( __CYGWIN__ ) || \
( defined( __hpux ) && ( OSVERSION >= 11 ) ) || \ ( defined( __hpux ) && ( OSVERSION >= 11 ) ) || \
...@@ -41,8 +41,8 @@ ...@@ -41,8 +41,8 @@
#define THREAD_YIELD() sched_yield() #define THREAD_YIELD() sched_yield()
#elif defined( __XMK__ ) #elif defined( __XMK__ )
/* The XMK underlying scheduling object is the process context, for which /* The XMK underlying scheduling object is the process context, for which
--- random/unix.c.orig 2024-10-13 07:30:33.515375104 +0000 --- random/unix.c.orig 2024-10-31 00:53:34.685713000 -0400
+++ random/unix.c 2024-10-13 08:15:32.121110528 +0000 +++ random/unix.c 2024-10-31 00:53:35.264083000 -0400
@@ -66,7 +66,8 @@ @@ -66,7 +66,8 @@
memory-based polling with a stub the prints an error message for the memory-based polling with a stub the prints an error message for the
caller */ caller */
...@@ -53,18 +53,7 @@ ...@@ -53,18 +53,7 @@
#define NO_SYSV_SHAREDMEM #define NO_SYSV_SHAREDMEM
#endif /* Android || QNX <= 4.x */ #endif /* Android || QNX <= 4.x */
@@ -80,7 +81,9 @@ @@ -122,7 +123,7 @@
#include <fcntl.h>
#include <pwd.h>
#if !( defined( __QNX__ ) || defined( __MVS__ ) )
- #include <sys/errno.h>
+ #if !(defined( __HAIKU__) )
+ #include <sys/errno.h>
+ #endif
#include <sys/ipc.h>
#endif /* !( QNX || MVS ) */
#include <sys/time.h> /* SCO and SunOS need this before resource.h */
@@ -118,7 +121,7 @@
#include <sys/sem.h> #include <sys/sem.h>
#include <sys/shm.h> #include <sys/shm.h>
#endif /* CYGWIN */ #endif /* CYGWIN */
...@@ -73,7 +62,7 @@ ...@@ -73,7 +62,7 @@
#include <sys/shm.h> #include <sys/shm.h>
#endif /* !( __Android__ || Cygwin || QNX ) */ #endif /* !( __Android__ || Cygwin || QNX ) */
#if defined( __linux__ ) && ( defined(__i386__) || defined(__x86_64__) ) #if defined( __linux__ ) && ( defined(__i386__) || defined(__x86_64__) )
@@ -1948,7 +1951,12 @@ @@ -1950,7 +1951,12 @@
* * * *
****************************************************************************/ ****************************************************************************/
......
--- session/ssh2_authsvr.c.orig 2024-01-21 22:30:02.886716000 -0500 --- ./session/ssh2_authsvr.c.orig 2024-10-31 00:50:23.044734000 -0400
+++ session/ssh2_authsvr.c 2024-01-21 22:32:54.203440000 -0500 +++ ./session/ssh2_authsvr.c 2024-10-31 00:50:23.133300000 -0400
@@ -443,8 +443,11 @@ @@ -443,8 +443,11 @@
} }
if( cryptStatusError( status ) ) if( cryptStatusError( status ) )
......
--- tools/getcompiler.sh.orig 2019-03-04 16:32:44.000000000 -0500 --- ./tools/getcompiler.sh.orig 2024-09-16 20:08:02.000000000 -0400
+++ tools/getcompiler.sh 2020-05-01 03:29:13.645161000 -0400 +++ ./tools/getcompiler.sh 2024-10-31 00:50:22.151792000 -0400
@@ -13,6 +13,8 @@ @@ -13,6 +13,8 @@
# Juggle the args around to get them the way that we want them. # Juggle the args around to get them the way that we want them.
......
--- io/file.c.orig 2024-10-12 01:53:03.081690000 -0400 --- ./io/file.c.orig 2024-10-31 00:50:22.735306000 -0400
+++ io/file.c 2024-10-12 01:53:29.042894000 -0400 +++ ./io/file.c 2024-10-31 00:50:23.628402000 -0400
@@ -5996,7 +5996,7 @@ @@ -6012,7 +6012,7 @@
#if VC_GE_2005( _MSC_VER ) #if VC_GE_2005( _MSC_VER )
#pragma warning( push ) #pragma warning( push )
#pragma warning( disable : 4255 ) /* Errors in VersionHelpers.h */ #pragma warning( disable : 4255 ) /* Errors in VersionHelpers.h */
...@@ -9,9 +9,9 @@ ...@@ -9,9 +9,9 @@
#pragma warning( pop ) #pragma warning( pop )
#endif /* VC++ >= 2005 */ #endif /* VC++ >= 2005 */
#ifdef __WIN64__ #ifdef __WIN64__
--- misc/os_spec.c.orig 2024-10-12 01:53:13.741978000 -0400 --- ./misc/os_spec.c.orig 2023-08-11 09:31:50.000000000 -0400
+++ misc/os_spec.c 2024-10-12 01:53:36.082901000 -0400 +++ ./misc/os_spec.c 2024-10-31 00:50:23.634922000 -0400
@@ -1203,7 +1203,7 @@ @@ -1235,7 +1235,7 @@
#if VC_GE_2005( _MSC_VER ) #if VC_GE_2005( _MSC_VER )
#pragma warning( push ) #pragma warning( push )
#pragma warning( disable : 4255 ) /* Errors in VersionHelpers.h */ #pragma warning( disable : 4255 ) /* Errors in VersionHelpers.h */
......
--- tools/ccopts.sh.orig2 2019-05-31 12:45:50.749075000 -0400 --- ./tools/ccopts.sh.orig 2024-10-05 01:25:46.000000000 -0400
+++ tools/ccopts.sh 2019-05-31 12:46:06.954741000 -0400 +++ ./tools/ccopts.sh 2024-10-31 00:50:21.677475000 -0400
@@ -305,7 +305,7 @@ @@ -700,7 +700,7 @@
if [ $SHARED -gt 0 ] ; then
case $OSNAME in case $OSNAME in
'Darwin') 'Darwin')
- CCARGS="$CCARGS -fPIC -fno-common" ;; - CCARGS="$CCARGS -fPIC -fno-common" ;;
......
--- session/sess_rd.c.orig 2023-05-06 19:14:10.000000000 -0400 --- ./session/ssh2_msgcli.c.orig 2024-10-31 00:50:22.437872000 -0400
+++ session/sess_rd.c 2024-01-13 01:40:38.360167000 -0500 +++ ./session/ssh2_msgcli.c 2024-10-31 00:50:22.889958000 -0400
@@ -739,7 +739,7 @@
/* Remember how much we've copied and, if we've satisfied the
request, exit */
*bytesCopied = bytesToCopy;
- if( bytesToCopy >= length )
+ if( bytesToCopy >= length || sessionInfoPtr->type == CRYPT_SESSION_SSH || sessionInfoPtr->type == CRYPT_SESSION_SSH_SERVER)
{
ENSURES( sanityCheckSessionRead( sessionInfoPtr ) );
@@ -929,6 +929,22 @@
dataPtr += byteCount;
dataLength -= byteCount;
}
+ /*
+ * SyncTERM hack for SSH channels... after a full packet has been received, *and*
+ * some data has been received, always return.
+ *
+ * This ensures that we can never return data from two different channels in the
+ * same cryptPopData() response.
+ */
+ if (*bytesCopied > 0) {
+ if (sessionInfoPtr->type == CRYPT_SESSION_SSH || sessionInfoPtr->type == CRYPT_SESSION_SSH_SERVER)
+ {
+ if (sessionInfoPtr->receiveBufPos <= 0)
+ {
+ status = OK_SPECIAL;
+ }
+ }
+ }
if( status == OK_SPECIAL )
{
/* That was the last of the data, exit */
--- session/ssh2_msg.c.orig 2024-01-13 01:45:16.168554000 -0500
+++ session/ssh2_msg.c 2024-01-13 01:46:42.971186000 -0500
@@ -319,7 +319,10 @@
}
}
break;
-
+ case SSH_MSG_CHANNEL_OPEN_FAILURE:
+ return processChannelOpenFailure(sessionInfoPtr, stream);
+ case SSH_MSG_CHANNEL_OPEN_CONFIRMATION:
+ return processChannelOpenConfirmation(sessionInfoPtr, stream);
default:
{
#ifdef USE_ERRMSGS
@@ -444,10 +447,18 @@
return( OK_SPECIAL );
case SSH_MSG_CHANNEL_WINDOW_ADJUST:
+ {
+ int value;
/* Another noop-equivalent (but a very performance-affecting
one) */
DEBUG_PUTS(( "Processing window adjust message" ));
+ status = getChannelExtAttribute(sessionInfoPtr, SSH_ATTRIBUTE_NEEDWINDOW, &value);
+ if (cryptStatusOK(status) && value)
+ {
+ status = setChannelExtAttribute(sessionInfoPtr, SSH_ATTRIBUTE_NEEDWINDOW, FALSE);
+ }
return( OK_SPECIAL );
+ }
case SSH_MSG_CHANNEL_EOF:
/* According to the SSH docs the EOF packet is a courtesy
--- session/ssh2_msgcli.c.orig 2024-01-14 13:50:16.921501000 -0500
+++ session/ssh2_msgcli.c 2024-01-14 13:50:34.230994000 -0500
@@ -27,13 +27,6 @@ @@ -27,13 +27,6 @@
OPENREQUEST_CHANNELONLY, OPENREQUEST_SESSION, OPENREQUEST_CHANNELONLY, OPENREQUEST_SESSION,
OPENREQUEST_LAST } OPENREQUEST_TYPE; OPENREQUEST_LAST } OPENREQUEST_TYPE;
...@@ -484,8 +417,56 @@ ...@@ -484,8 +417,56 @@
+ return (CRYPT_ENVELOPE_RESOURCE); + return (CRYPT_ENVELOPE_RESOURCE);
} }
#endif /* USE_SSH */ #endif /* USE_SSH */
--- session/ssh2_channel.c.orig 2024-02-09 21:30:28.116630000 -0500 --- ./session/ssh.h.orig 2024-10-19 02:49:44.000000000 -0400
+++ session/ssh2_channel.c 2024-02-09 21:31:00.238043000 -0500 +++ ./session/ssh.h 2024-10-31 00:50:22.898470000 -0400
@@ -315,9 +315,17 @@
SSH_ATTRIBUTE_WINDOWCOUNT, /* Data window count */
SSH_ATTRIBUTE_WINDOWSIZE, /* Data window size */
SSH_ATTRIBUTE_ALTCHANNELNO, /* Secondary channel no. */
+ SSH_ATTRIBUTE_NEEDWINDOW, /* Send session open when window opens */
SSH_ATTRIBUTE_LAST /* Last channel attribute */
} SSH_ATTRIBUTE_TYPE;
+#ifdef USE_SSH_EXTENDED
+typedef enum { SERVICE_NONE, SERVICE_SHELL, SERVICE_PORTFORWARD,
+ SERVICE_SUBSYSTEM, SERVICE_EXEC, SERVICE_LAST } SERVICE_TYPE;
+#else
+typedef enum { SERVICE_NONE, SERVICE_SHELL, SERVICE_LAST } SERVICE_TYPE;
+#endif /* USE_SSH_EXTENDED */
+
/* Check whether a DH/ECDH value is valid for a given server key size. The
check is slightly different for the ECC version because the value is
a composite ECC point with two coordinates, so we have to divide the
@@ -661,7 +669,7 @@
IN_BUFFER( dataLength ) const void *data,
IN_LENGTH_TEXT const int dataLength );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
-int setChannelExtAttribute( const SESSION_INFO *sessionInfoPtr,
+int setChannelExtAttribute( INOUT_PTR SESSION_INFO *sessionInfoPtr,
IN_ATTRIBUTE const SSH_ATTRIBUTE_TYPE attribute,
IN_INT_Z const int value );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
@@ -703,6 +711,18 @@
/* Prototypes for functions in ssh2_msgcli.c */
+CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
+int getServiceType( INOUT_PTR SESSION_INFO *sessionInfoPtr,
+ OUT_ENUM_OPT( SERVICE ) SERVICE_TYPE *serviceType );
+ CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
+int createSessionOpenRequest( INOUT_PTR SESSION_INFO *sessionInfoPtr,
+ INOUT_PTR STREAM *stream,
+ IN_ENUM( SERVICE ) \
+ const SERVICE_TYPE serviceType );
+CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
+int processChannelOpenFailure( INOUT_PTR SESSION_INFO *sessionInfoPtr, INOUT_PTR STREAM *stream );
+CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
+int processChannelOpenConfirmation( INOUT_PTR SESSION_INFO *sessionInfoPtr, INOUT_PTR STREAM *stream );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int sendChannelOpen( INOUT_PTR SESSION_INFO *sessionInfoPtr );
--- ./session/ssh2_channel.c.orig 2024-10-31 00:50:22.667097000 -0400
+++ ./session/ssh2_channel.c 2024-10-31 00:50:22.893962000 -0400
@@ -25,6 +25,7 @@ @@ -25,6 +25,7 @@
#define CHANNEL_FLAG_ACTIVE 0x01 /* Channel is active */ #define CHANNEL_FLAG_ACTIVE 0x01 /* Channel is active */
#define CHANNEL_FLAG_WRITECLOSED 0x02 /* Write-side of ch.closed */ #define CHANNEL_FLAG_WRITECLOSED 0x02 /* Write-side of ch.closed */
...@@ -546,51 +527,70 @@ ...@@ -546,51 +527,70 @@
return( CRYPT_OK ); return( CRYPT_OK );
} }
--- session/ssh.h.orig 2023-05-06 18:55:50.000000000 -0400 --- ./session/sess_rd.c.orig 2024-09-04 01:03:36.000000000 -0400
+++ session/ssh.h 2024-02-09 21:31:35.603926000 -0500 +++ ./session/sess_rd.c 2024-10-31 00:50:22.883113000 -0400
@@ -309,9 +309,17 @@ @@ -744,7 +744,7 @@
SSH_ATTRIBUTE_WINDOWCOUNT, /* Data window count */ /* Remember how much we've copied and, if we've satisfied the
SSH_ATTRIBUTE_WINDOWSIZE, /* Data window size */ request, exit */
SSH_ATTRIBUTE_ALTCHANNELNO, /* Secondary channel no. */ *bytesCopied = bytesToCopy;
+ SSH_ATTRIBUTE_NEEDWINDOW, /* Send session open when window opens */ - if( bytesToCopy >= length )
SSH_ATTRIBUTE_LAST /* Last channel attribute */ + if( bytesToCopy >= length || sessionInfoPtr->type == CRYPT_SESSION_SSH || sessionInfoPtr->type == CRYPT_SESSION_SSH_SERVER)
} SSH_ATTRIBUTE_TYPE; {
ENSURES( sanityCheckSessionRead( sessionInfoPtr ) );
+#ifdef USE_SSH_EXTENDED
+typedef enum { SERVICE_NONE, SERVICE_SHELL, SERVICE_PORTFORWARD,
+ SERVICE_SUBSYSTEM, SERVICE_EXEC, SERVICE_LAST } SERVICE_TYPE;
+#else
+typedef enum { SERVICE_NONE, SERVICE_SHELL, SERVICE_LAST } SERVICE_TYPE;
+#endif /* USE_SSH_EXTENDED */
+
/* Check whether a DH/ECDH value is valid for a given server key size. The
check is slightly different for the ECC version because the value is
a composite ECC point with two coordinates, so we have to divide the
@@ -655,7 +663,7 @@
IN_BUFFER( dataLength ) const void *data,
IN_LENGTH_TEXT const int dataLength );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
-int setChannelExtAttribute( const SESSION_INFO *sessionInfoPtr,
+int setChannelExtAttribute( INOUT_PTR SESSION_INFO *sessionInfoPtr,
IN_ATTRIBUTE const SSH_ATTRIBUTE_TYPE attribute,
IN_INT_Z const int value );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
@@ -697,6 +705,18 @@
/* Prototypes for functions in ssh2_msgcli.c */ @@ -934,6 +934,22 @@
dataPtr += byteCount;
dataLength -= byteCount;
}
+ /*
+ * SyncTERM hack for SSH channels... after a full packet has been received, *and*
+ * some data has been received, always return.
+ *
+ * This ensures that we can never return data from two different channels in the
+ * same cryptPopData() response.
+ */
+ if (*bytesCopied > 0) {
+ if (sessionInfoPtr->type == CRYPT_SESSION_SSH || sessionInfoPtr->type == CRYPT_SESSION_SSH_SERVER)
+ {
+ if (sessionInfoPtr->receiveBufPos <= 0)
+ {
+ status = OK_SPECIAL;
+ }
+ }
+ }
if( status == OK_SPECIAL )
{
/* That was the last of the data, exit */
--- ./session/ssh2_msg.c.orig 2024-10-31 00:50:22.659472000 -0400
+++ ./session/ssh2_msg.c 2024-10-31 00:50:22.886368000 -0400
@@ -319,7 +319,10 @@
}
}
break;
-
+ case SSH_MSG_CHANNEL_OPEN_FAILURE:
+ return processChannelOpenFailure(sessionInfoPtr, stream);
+ case SSH_MSG_CHANNEL_OPEN_CONFIRMATION:
+ return processChannelOpenConfirmation(sessionInfoPtr, stream);
default:
{
#ifdef USE_ERRMSGS
@@ -444,10 +447,18 @@
return( OK_SPECIAL );
+CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ case SSH_MSG_CHANNEL_WINDOW_ADJUST:
+int getServiceType( INOUT_PTR SESSION_INFO *sessionInfoPtr, + {
+ OUT_ENUM_OPT( SERVICE ) SERVICE_TYPE *serviceType ); + int value;
+ CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ /* Another noop-equivalent (but a very performance-affecting
+int createSessionOpenRequest( INOUT_PTR SESSION_INFO *sessionInfoPtr, one) */
+ INOUT_PTR STREAM *stream, DEBUG_PUTS(( "Processing window adjust message" ));
+ IN_ENUM( SERVICE ) \ + status = getChannelExtAttribute(sessionInfoPtr, SSH_ATTRIBUTE_NEEDWINDOW, &value);
+ const SERVICE_TYPE serviceType ); + if (cryptStatusOK(status) && value)
+CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ + {
+int processChannelOpenFailure( INOUT_PTR SESSION_INFO *sessionInfoPtr, INOUT_PTR STREAM *stream ); + status = setChannelExtAttribute(sessionInfoPtr, SSH_ATTRIBUTE_NEEDWINDOW, FALSE);
+CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ + }
+int processChannelOpenConfirmation( INOUT_PTR SESSION_INFO *sessionInfoPtr, INOUT_PTR STREAM *stream ); return( OK_SPECIAL );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ + }
int sendChannelOpen( INOUT_PTR SESSION_INFO *sessionInfoPtr );
case SSH_MSG_CHANNEL_EOF:
/* According to the SSH docs the EOF packet is a courtesy
--- makefile.orig 2021-03-20 14:58:39.488459000 -0400 --- ./makefile.orig 2024-10-31 00:50:21.454187000 -0400
+++ makefile 2021-03-20 14:58:52.381979000 -0400 +++ ./makefile 2024-10-31 00:50:22.293145000 -0400
@@ -1963,12 +1963,12 @@ @@ -2164,7 +2164,7 @@
MINGW32_NT-5.1: MINGW32_NT-5.1:
$(MAKE) OSNAME=win32 target-init $(MAKE) OSNAME=win32 target-init
...@@ -9,9 +9,3 @@ ...@@ -9,9 +9,3 @@
MINGW32_NT-6.1: MINGW32_NT-6.1:
$(MAKE) OSNAME=win32 target-init $(MAKE) OSNAME=win32 target-init
$(MAKE) OSNAME=win32 $(DEFINES) EXTRAOBJS="$(WIN32ASMOBJS)" \
- CFLAGS="$(XCFLAGS) -O2 -Wl,--subsystem,windows,--output-def,cl32.def -DSTATIC_LIB"
+ CFLAGS="$(XCFLAGS) -O2 -m32 -Wl,--subsystem,windows,--output-def,cl32.def -DSTATIC_LIB"
# NCR MP-RAS: Use the NCR cc. The "-DNCR_UST" is needed to enable threading
# (User-Space Threads).
--- ../tmp2/misc/os_detect.h 2019-01-31 14:57:46.000000000 -0500 --- ./misc/os_detect.h.orig 2024-10-31 00:50:21.539462000 -0400
+++ misc/os_detect.h 2019-06-03 18:35:55.358499000 -0400 +++ ./misc/os_detect.h 2024-10-31 00:50:21.864298000 -0400
@@ -241,10 +241,11 @@ @@ -297,10 +297,11 @@
preprocessors get confused if they aren't defined */ preprocessors get confused if they aren't defined */
#define VC_16BIT( version ) 0 #define VC_16BIT( version ) 0
#define VC_LE_VC6( version ) 0 #define VC_LE_VC6( version ) 0
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment