Merge branch 'cryptlib-3.4.7' into 'master'

Update cryptlib to 3.4.7

See merge request !388

3rdp/build/GNUmakefile

@@ -88,12 +88,13 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
 $(CRYPT_IDIR): | $(3RDPODIR)
 	$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)
 
-$(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/terminal-params.patch $(3RDP_ROOT)/build/cl-mingw32-static.patch $(3RDP_ROOT)/build/cl-ranlib.patch $(3RDP_ROOT)/build/cl-win32-noasm.patch $(3RDP_ROOT)/build/cl-zz-country.patch $(3RDP_ROOT)/build/cl-algorithms.patch $(3RDP_ROOT)/build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)/build/cl-macosx-minver.patch $(3RDP_ROOT)/build/cl-endian.patch $(3RDP_ROOT)/build/cl-cryptodev.patch $(3RDP_ROOT)/build/cl-posix-me-gently.patch $(3RDP_ROOT)/build/cl-tpm-linux.patch $(3RDP_ROOT)/build/cl-PAM-noprompts.patch $(3RDP_ROOT)/build/cl-zlib.patch $(3RDP_ROOT)/build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)/build/SSL-fix.patch $(3RDP_ROOT)/build/cl-bigger-maxattribute.patch $(3RDP_ROOT)/build/cl-vcxproj.patch $(3RDP_ROOT)/build/cl-mingw-vcver.patch $(3RDP_ROOT)/build/cl-win32-build-fix.patch $(3RDP_ROOT)/build/cl-gcc-non-const-time-val.patch $(3RDP_ROOT)/build/cl-no-odbc.patch $(3RDP_ROOT)/build/cl-noasm-defines.patch $(3RDP_ROOT)/build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)/build/cl-no-RSA-suites.patch $(3RDP_ROOT)/build/cl-fix-ECC-RSA.patch $(3RDP_ROOT)/build/cl-prefer-ECC.patch $(3RDP_ROOT)/build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)/build/cl-more-RSA-ECC-fixes.patch $(3RDP_ROOT)/build/cl-DH-key-init.patch $(3RDP_ROOT)/build/cl-clear-GCM-flag.patch $(3RDP_ROOT)/build/cl-use-ssh-ctr.patch $(3RDP_ROOT)/build/cl-ssh-list-ctr-modes.patch $(3RDP_ROOT)/build/cl-ssh-incCtr.patch $(3RDP_ROOT)/build/cl-ssl-suite-blocksizes.patch $(3RDP_ROOT)/build/cl-no-tpm.patch $(3RDP_ROOT)/build/cl-no-via-aes.patch $(3RDP_ROOT)/build/cl-fix-ssh-ecc-ephemeral.patch $(3RDP_ROOT)/build/cl-just-use-cc.patch $(3RDP_ROOT)/build/cl-learn-numbers.patch $(3RDP_ROOT)/build/cl-no-safe-stack.patch $(3RDP_ROOT)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)/build/cl-uint64_t-redefine.patch $(3RDP_ROOT)/build/cl-random-openbsd.patch $(3RDP_ROOT)/build/cl-openbsd-threads.patch $(3RDP_ROOT)/build/cl-allow-none-auth.patch $(3RDP_ROOT)/build/cl-mingw-add-m32.patch $(3RDP_ROOT)/build/cl-poll-not-select.patch $(3RDP_ROOT)/build/cl-check-before-use.patch $(3RDP_ROOT)/build/cl-linux-yield.patch $(3RDP_ROOT)/build/cl-good-sockets.patch $(3RDP_ROOT)/build/cl-moar-objects.patch $(3RDP_ROOT)/build/cl-pthread_yield.patch $(3RDP_ROOT)/build/cl-check-cert-dont-modify.patch $(3RDP_ROOT)/build/cl-server-term-support.patch $(3RDP_ROOT)/build/cl-add-pubkey-attribute.patch $(3RDP_ROOT)/build/cl-allow-ssh-auth-retries.patch $(3RDP_ROOT)/build/cl-fix-ssh-channel-close.patch | $(CRYPT_SRC) $(CRYPT_IDIR) $(3RDP_ROOT)/build/cl-remove-march.patch
+$(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/cl-fix-test-select.patch $(3RDP_ROOT)/build/cl-terminal-params.patch $(3RDP_ROOT)/build/cl-mingw32-static.patch $(3RDP_ROOT)/build/cl-ranlib.patch $(3RDP_ROOT)/build/cl-win32-noasm.patch $(3RDP_ROOT)/build/cl-zz-country.patch $(3RDP_ROOT)/build/cl-algorithms.patch $(3RDP_ROOT)/build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)/build/cl-macosx-minver.patch $(3RDP_ROOT)/build/cl-posix-me-gently.patch $(3RDP_ROOT)/build/cl-PAM-noprompts.patch $(3RDP_ROOT)/build/cl-zlib.patch $(3RDP_ROOT)/build/cl-Dynamic-linked-static-lib.patch $(3RDP_ROOT)/build/cl-SSL-fix.patch $(3RDP_ROOT)/build/cl-bigger-maxattribute.patch $(3RDP_ROOT)/build/cl-endian.patch $(3RDP_ROOT)/build/cl-vcxproj.patch $(3RDP_ROOT)/build/cl-mingw-vcver.patch $(3RDP_ROOT)/build/cl-win32-build-fix.patch $(3RDP_ROOT)/build/cl-no-odbc.patch $(3RDP_ROOT)/build/cl-noasm-defines.patch $(3RDP_ROOT)/build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)/build/cl-prefer-ECC.patch $(3RDP_ROOT)/build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)/build/cl-clear-GCM-flag.patch $(3RDP_ROOT)/build/cl-use-ssh-ctr.patch $(3RDP_ROOT)/build/cl-ssl-suite-blocksizes.patch $(3RDP_ROOT)/build/cl-no-tpm.patch $(3RDP_ROOT)/build/cl-no-via-aes.patch $(3RDP_ROOT)/build/cl-fix-ssh-ecc-ephemeral.patch $(3RDP_ROOT)/build/cl-just-use-cc.patch $(3RDP_ROOT)/build/cl-no-safe-stack.patch $(3RDP_ROOT)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)/build/cl-openbsd-threads.patch $(3RDP_ROOT)/build/cl-allow-none-auth.patch $(3RDP_ROOT)/build/cl-mingw-add-m32.patch $(3RDP_ROOT)/build/cl-poll-not-select.patch $(3RDP_ROOT)/build/cl-good-sockets.patch $(3RDP_ROOT)/build/cl-moar-objects.patch $(3RDP_ROOT)/build/cl-server-term-support.patch $(3RDP_ROOT)/build/cl-add-pubkey-attribute.patch $(3RDP_ROOT)/build/cl-allow-ssh-auth-retries.patch $(3RDP_ROOT)/build/cl-fix-ssh-channel-close.patch $(3RDP_ROOT)/build/cl-vt-lt-2005-always-defined.patch $(3RDP_ROOT)/build/cl-no-pie.patch $(3RDP_ROOT)/build/cl-no-testobjs.patch $(3RDP_ROOT)/build/cl-win32-lean-and-mean.patch $(3RDP_ROOT)/build/cl-thats-not-asm.patch $(3RDP_ROOT)/build/cl-make-channels-work.patch $(3RDP_ROOT)/build/cl-allow-ssh-2.0-go.patch $(3RDP_ROOT)/build/cl-read-timeout-every-time.patch $(3RDP_ROOT)/build/cl-allow-servercheck-pubkeys.patch $(3RDP_ROOT)/build/cl-pass-after-pubkey.patch $(3RDP_ROOT)/build/cl-ssh-list-ctr-modes.patch | $(CRYPT_SRC) $(CRYPT_IDIR) $(3RDP_ROOT)/build/cl-remove-march.patch
 	@echo Creating $@ ...
 	$(QUIET)-rm -rf $(CRYPT_SRC)/*
 	$(QUIET)unzip -oa $(3RDPDISTDIR)/cryptlib.zip -d $(CRYPT_SRC)
 	$(QUIET)perl -pi.bak -e 's/\r//' $(CRYPT_SRC)/crypt32.vcxproj
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < terminal-params.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-fix-test-select.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-terminal-params.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-mingw32-static.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-ranlib.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-vcxproj.patch
@@ -103,54 +104,50 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/terminal-pa
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-algorithms.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-allow-duplicate-ext.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-macosx-minver.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-cryptodev.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-posix-me-gently.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-tpm-linux.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-PAM-noprompts.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-zlib.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < Dynamic-linked-static-lib.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < SSL-fix.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-Dynamic-linked-static-lib.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-SSL-fix.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-bigger-maxattribute.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-mingw-vcver.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-win32-build-fix.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-gcc-non-const-time-val.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-no-odbc.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-noasm-defines.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-bn-noasm64-fix.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-no-RSA-suites.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-fix-ECC-RSA.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-prefer-ECC.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-prefer-ECC-harder.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-more-RSA-ECC-fixes.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-DH-key-init.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-clear-GCM-flag.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-use-ssh-ctr.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-ssh-list-ctr-modes.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-ssh-incCtr.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-ssl-suite-blocksizes.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-no-tpm.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-no-via-aes.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-fix-ssh-ecc-ephemeral.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-just-use-cc.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-learn-numbers.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-no-safe-stack.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-allow-pkcs12.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-uint64_t-redefine.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-random-openbsd.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-openbsd-threads.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-allow-none-auth.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-mingw-add-m32.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-poll-not-select.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-check-before-use.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-linux-yield.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-good-sockets.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-moar-objects.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-remove-march.patch
-	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-pthread_yield.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-server-term-support.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-add-pubkey-attribute.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-allow-ssh-auth-retries.patch
 	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-fix-ssh-channel-close.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-vt-lt-2005-always-defined.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-no-pie.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-no-testobjs.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-win32-lean-and-mean.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-thats-not-asm.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-make-channels-work.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-allow-ssh-2.0-go.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-read-timeout-every-time.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-pass-after-pubkey.patch
+	$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-allow-servercheck-pubkeys.patch
 ifeq ($(os),win32)
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts

3rdp/build/cl-DH-key-init.patch

---- session/ssl_kmgmt.c.orig	2019-01-11 01:54:56.000000000 -0500
-+++ session/ssl_kmgmt.c	2020-01-23 18:18:40.754040000 -0500
-@@ -448,7 +448,7 @@
- 			status = krnlSendMessage( createInfo.cryptHandle, 
- 									  IMESSAGE_SETATTRIBUTE, 
- 									  ( MESSAGE_CAST ) &eccParams, 
--									  CRYPT_IATTRIBUTE_KEY_DLPPARAM );
-+									  CRYPT_IATTRIBUTE_KEY_ECCPARAM );
- 			}
- 		else
- #endif /* USE_ECDH */

3rdp/build/cl-PAM-noprompts.patch

---- ../tmp2/session/ssh2_authc.c	2018-12-14 17:31:34.000000000 -0500
-+++ session/ssh2_authc.c	2019-06-03 16:41:49.956986000 -0400
+--- ../tmp2/session/ssh2_authcli.c	2018-12-14 17:31:34.000000000 -0500
++++ session/ssh2_authcli.c	2019-06-03 16:41:49.956986000 -0400
 @@ -868,7 +868,7 @@
  		if( !cryptStatusError( status ) )
  			{

3rdp/build/cl-add-pubkey-attribute.patch

-diff -ur ../cl-old/context/ctx_attr.c ./context/ctx_attr.c
---- ../cl-old/context/ctx_attr.c	2023-12-28 05:19:27.058456000 -0500
-+++ ./context/ctx_attr.c	2023-12-28 05:41:08.265717000 -0500
-@@ -419,6 +419,7 @@
- 		case CRYPT_IATTRIBUTE_KEY_SSH:
- 		case CRYPT_IATTRIBUTE_KEY_SSL:
- 		case CRYPT_IATTRIBUTE_KEY_SSL_EXT:
-+		case CRYPT_CTXINFO_SSH_PUBLIC_KEY:
- 			{
- 			const PKC_WRITEKEY_FUNCTION writePublicKeyFunction = \
- 				( PKC_WRITEKEY_FUNCTION ) \
 diff -ur ../cl-old/context/keyload.c ./context/keyload.c
 --- ../cl-old/context/keyload.c	2023-12-28 05:19:27.069792000 -0500
 +++ ./context/keyload.c	2023-12-28 05:41:08.270975000 -0500
@@ -46,3 +35,17 @@ diff -ur ../cl-old/kernel/attr_acl.c ./kernel/attr_acl.c
  	MKACL_END(), MKACL_END()
  	};
  
+--- context/ctx_attr.c.orig	2023-02-08 05:36:06.000000000 -0500
++++ context/ctx_attr.c	2024-01-07 19:38:26.173540000 -0500
+@@ -422,6 +422,11 @@
+ 				}
+ 			STDC_FALLTHROUGH;
+ 
++		case CRYPT_CTXINFO_SSH_PUBLIC_KEY:
++			if ( needsKey( contextInfoPtr ) )
++				return CRYPT_ERROR_NOTFOUND;
++			if (contextType != CONTEXT_PKC)
++				return CRYPT_ERROR_NOTFOUND;
+ 		case CRYPT_IATTRIBUTE_KEY_PGP:
+ 		case CRYPT_IATTRIBUTE_KEY_SSH:
+ 		case CRYPT_IATTRIBUTE_KEY_TLS:

3rdp/build/cl-allow-none-auth.patch

---- ../cl-old/cryptlib.h	2021-03-16 04:15:50.265534000 -0400
-+++ ./cryptlib.h	2021-03-16 06:53:47.582168000 -0400
-@@ -1215,6 +1215,7 @@
- 	CRYPT_SESSINFO_SSH_CHANNEL_ARG1,/* SSH channel argument 1 */
+--- ./cryptlib.h.orig	2023-12-31 09:28:53.203654000 -0500
++++ ./cryptlib.h	2023-12-31 09:38:13.586441000 -0500
+@@ -1262,6 +1262,7 @@
  	CRYPT_SESSINFO_SSH_CHANNEL_ARG2,/* SSH channel argument 2 */
  	CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE,/* SSH channel active */
+ 	CRYPT_SESSINFO_SSH_PREAUTH,		/* SSH pre-authentication value */
 +	CRYPT_SESSINFO_SSH_OPTIONS,		/* SSH protocol options */
- 	CRYPT_SESSINFO_SSL_OPTIONS,		/* SSL/TLS protocol options */
- 	CRYPT_SESSINFO_SSL_SUBPROTOCOL,	/* SSL/TLS additional sub-protocol */
- 	CRYPT_SESSINFO_SSL_WSPROTOCOL,	/* SSL/TLS WebSockets sub-protocol */
-@@ -1680,6 +1681,14 @@
- #define CRYPT_SSLOPTION_SUITEB_256			0x200	/*  vanish in future releases) */
+ 	CRYPT_SESSINFO_TLS_OPTIONS,		/* SSL/TLS protocol options */
+ 		CRYPT_SESSINFO_SSL_OPTIONS = CRYPT_SESSINFO_TLS_OPTIONS,
+ 	CRYPT_SESSINFO_TLS_SUBPROTOCOL,	/* SSL/TLS additional sub-protocol */
+@@ -1762,6 +1763,14 @@
+ #define CRYPT_TLSOPTION_SUITEB_256			0x200	/*  vanish in future releases) */
  #ifdef _CRYPT_DEFINED
- #define CRYPT_SSLOPTION_MAX					0x7F	/* Defines for range checking */
+ #define CRYPT_TLSOPTION_MAX					0x07F	/* Defines for range checking */
 +#endif /* _CRYPT_DEFINED */
 +
 +/* SSH protocol options. */
@@ -23,38 +23,91 @@
  #endif /* _CRYPT_DEFINED */
  
  /****************************************************************************
-diff -ur ../cl-old/kernel/attr_acl.c ./kernel/attr_acl.c
---- ../cl-old/kernel/attr_acl.c	2021-03-16 04:15:50.398060000 -0400
-+++ ./kernel/attr_acl.c	2021-03-16 06:53:47.606473000 -0400
-@@ -3731,6 +3731,12 @@
+--- ./kernel/attr_acl.c.orig	2023-12-31 09:39:13.241750000 -0500
++++ ./kernel/attr_acl.c	2023-12-31 09:40:15.337914000 -0500
+@@ -3883,6 +3883,12 @@
  		ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR,
- 		MKPERM_SSH_EXT( RWx_xxx ),
- 		ROUTE( OBJECT_TYPE_SESSION ) ),
+ 		MKPERM_SSH( Rxx_RWD ),
+ 		ROUTE( OBJECT_TYPE_SESSION ), RANGE( 2, CRYPT_MAX_TEXTSIZE ) ),
 +	MKACL_N(	/* SSH protocol options */
 +		CRYPT_SESSINFO_SSH_OPTIONS,
 +		ST_NONE, ST_NONE, ST_SESS_SSH, 
-+		MKPERM_SSH_EXT( Rxx_RWx ),
++		MKPERM_SESSIONS( Rxx_RWx ),
 +		ROUTE( OBJECT_TYPE_SESSION ),
 +		RANGE( CRYPT_SSHOPTION_NONE, CRYPT_SSHOPTION_MAX ) ),
  
- 	MKACL_N(	/* SSL/TLS protocol options */
- 		CRYPT_SESSINFO_SSL_OPTIONS,
-@@ -4653,7 +4659,7 @@
+ 	MKACL_N(        /* TLS protocol options */
+ 		CRYPT_SESSINFO_TLS_OPTIONS,
+@@ -4883,7 +4889,7 @@
  	static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
  	static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
- 	static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6016, "Attribute value" );
--	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6031, "Attribute value" );
-+	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6032, "Attribute value" );
- 	static_assert( CRYPT_CERTFORMAT_LAST == 12, "Attribute value" );
+ 	static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6017, "Attribute value" );
+-	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6035, "Attribute value" );
++	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6036, "Attribute value" );
+ 	static_assert( CRYPT_CERTFORMAT_LAST == 13, "Attribute value" );
  
  	/* Perform a consistency check on the attribute ACLs.  The ACLs are
-diff -ur ../cl-old/session/ssh.c ./session/ssh.c
---- ../cl-old/session/ssh.c	2021-03-16 04:15:50.257467000 -0400
-+++ ./session/ssh.c	2021-03-16 06:53:47.638940000 -0400
-@@ -980,6 +980,18 @@
- 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
- 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
+--- ./session/ssh2_authcli.c.orig	2023-12-31 09:44:20.876065000 -0500
++++ ./session/ssh2_authcli.c	2023-12-31 09:46:41.813246000 -0500
+@@ -334,13 +334,22 @@
+ 	assert( isWritePtr( authType, sizeof( SSH_AUTHTYPE_TYPE ) ) );
+ 	assert( isWritePtr( furtherAuthRequired, sizeof( BOOLEAN ) ) );
+ 
+-	REQUIRES( isShortIntegerRangeNZ( length ) );
+ 	REQUIRES( isBooleanValue( usedPasswordAuth ) );
+ 
+ 	/* Clear return values */
+ 	*authType = SSH_AUTHTYPE_NONE;
+ 	*furtherAuthRequired = FALSE;
  
++	if (length == 0 && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ) && !usedPasswordAuth)
++		{
++		CLEAR_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH );
++		*furtherAuthRequired = TRUE;
++		*authType = SSH_AUTHTYPE_PASSWORD;
++		return( CRYPT_OK );
++		}
++
++	REQUIRES( isShortIntegerRangeNZ( length ) );
++
+ 	/* Before we can try and interpret the response, we have to check for an
+ 	   empty response */
+ 	if( length >= LENGTH_SIZE && \
+@@ -671,6 +680,8 @@
+ 								  SSH_MSG_USERAUTH_REQUEST );
+ 	if( cryptStatusError( status ) )
+ 		return( status );
++	if (passwordPtr == NULL && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ))
++		return( OK_SPECIAL );
+ 	if( usePasswordAuth )
+ 		{
+ 		/*	byte	type = SSH_MSG_USERAUTH_REQUEST
+@@ -1251,6 +1262,11 @@
+ 	   auth required */
+ 	if( !hasPassword )
+ 		{
++		if (length == 0)
++			{
++			return( reportAuthFailure( sessionInfoPtr, SSH_AUTHTYPE_PASSWORD, 
++									   requiredAuthType, TRUE ) );
++			}
+ 		return( reportAuthFailure( sessionInfoPtr, SSH_AUTHTYPE_PUBKEY, 
+ 								   requiredAuthType, TRUE ) );
+ 		}
+--- session/ssh.c.orig	2023-05-06 19:14:38.000000000 -0400
++++ session/ssh.c	2024-01-07 21:22:26.535903000 -0500
+@@ -540,6 +540,7 @@
+ 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG1 || \
+ 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
+ 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
++			  type == CRYPT_SESSINFO_SSH_OPTIONS || \
+ 			  type == CRYPT_SESSINFO_SSH_PREAUTH );
+ #else
+ 	REQUIRES( type == CRYPT_SESSINFO_SSH_PREAUTH );
+@@ -561,6 +562,19 @@
+ 							   attributeListPtr->valueLength ) );
+ 		}
+ #ifdef USE_SSH_EXTENDED
 +	if( type == CRYPT_SESSINFO_SSH_OPTIONS )
 +		{
 +			int *valuePtr = ( int * ) data;
@@ -66,17 +119,21 @@ diff -ur ../cl-old/session/ssh.c ./session/ssh.c
 +
 +			return( CRYPT_OK );
 +		}
++
 +
  	if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
  		type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
  		{
-@@ -1010,11 +1022,13 @@
- 			  type == CRYPT_SESSINFO_SSH_CHANNEL_TYPE || \
+@@ -596,6 +610,7 @@
  			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG1 || \
  			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
+ 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
 +			  type == CRYPT_SESSINFO_SSH_OPTIONS || \
- 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
- 
+ 			  type == CRYPT_SESSINFO_SSH_PREAUTH );
+ #else
+ 	REQUIRES( type == CRYPT_SESSINFO_SSH_PREAUTH );
+@@ -613,7 +628,8 @@
+ #ifdef USE_SSH_EXTENDED
  	/* Get the data value if it's an integer parameter */
  	if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
 -		type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
@@ -85,7 +142,7 @@ diff -ur ../cl-old/session/ssh.c ./session/ssh.c
  		value = *( ( int * ) data );
  
  	/* If we're selecting a channel and there's unwritten data from a
-@@ -1038,6 +1052,13 @@
+@@ -647,6 +663,13 @@
  		return( createChannel( sessionInfoPtr ) );
  		}
  
@@ -99,8 +156,8 @@ diff -ur ../cl-old/session/ssh.c ./session/ssh.c
  	/* If we 're setting the channel-active attribute, this implicitly
  	   activates or deactivates the channel rather than setting any
  	   attribute value */
-@@ -1165,8 +1186,6 @@
- 		 SESSION_FLAG_NONE,			/* Flags */
+@@ -776,8 +799,6 @@
+ 		 SESSION_PROTOCOL_FIXEDSIZECREDENTIALS,	/* Flags */
  		SSH_PORT,					/* SSH port */
  		SESSION_NEEDS_USERID |		/* Client attributes */
 -			SESSION_NEEDS_PASSWORD | \
@@ -108,51 +165,3 @@ diff -ur ../cl-old/session/ssh.c ./session/ssh.c
  			SESSION_NEEDS_PRIVKEYSIGN,
  				/* The client private key is optional, but if present it has
  				   to be signature-capable */
-diff -ur ../cl-old/session/ssh2_authc.c ./session/ssh2_authc.c
---- ../cl-old/session/ssh2_authc.c	2021-03-16 04:15:50.264206000 -0400
-+++ ./session/ssh2_authc.c	2021-03-16 07:46:47.873769000 -0400
-@@ -315,13 +315,22 @@
- 	assert( isWritePtr( authAlgo, sizeof( CRYPT_ALGO_TYPE ) ) );
- 	assert( isWritePtr( furtherAuthRequired, sizeof( BOOLEAN ) ) );
- 
--	REQUIRES( isShortIntegerRangeNZ( length ) );
- 	REQUIRES( usedPasswordAuth == TRUE || usedPasswordAuth == FALSE );
- 
- 	/* Clear return values */
- 	*authAlgo = CRYPT_ALGO_NONE;
- 	*furtherAuthRequired = FALSE;
- 
-+	if (length == 0 && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ) && !usedPasswordAuth)
-+		{
-+		CLEAR_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH );
-+		*furtherAuthRequired = TRUE;
-+		*authAlgo = CRYPT_PSEUDOALGO_PASSWORD;
-+		return( CRYPT_OK );
-+		}
-+
-+	REQUIRES( isShortIntegerRangeNZ( length ) );
-+
- 	/* Before we can try and interpret the response, we have to check for an
- 	   empty response */
- 	if( length >= LENGTH_SIZE && \
-@@ -647,6 +656,8 @@
- 								  SSH_MSG_USERAUTH_REQUEST );
- 	if( cryptStatusError( status ) )
- 		return( status );
-+	if (passwordPtr == NULL && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ))
-+		return( OK_SPECIAL );
- 	if( usePasswordAuth )
- 		{
- 		/*	byte	type = SSH_MSG_USERAUTH_REQUEST
-@@ -1220,6 +1231,11 @@
- 	   auth required */
- 	if( !hasPassword )
- 		{
-+		if (length == 0)
-+			{
-+			return( reportAuthFailure( sessionInfoPtr, CRYPT_PSEUDOALGO_PASSWORD, 
-+									   requiredAuthAlgo, TRUE ) );
-+			}
- 		return( reportAuthFailure( sessionInfoPtr, CRYPT_ALGO_RSA, 
- 								   requiredAuthAlgo, TRUE ) );
- 		}

3rdp/build/cl-allow-pkcs12.patch

---- misc/config.h.orig	2021-01-25 23:06:22.266896000 -0500
-+++ misc/config.h	2021-01-25 23:31:45.451504000 -0500
-@@ -494,7 +494,7 @@
-    indirectly as a result of any use of cryptlib with this change made.  If
-    you receive the code with the safety features already disabled, you must
-    immediately obtain and use an original, unmodified version */
+--- ./misc/config.h.orig	2023-12-31 08:00:17.038610000 -0500
++++ ./misc/config.h	2023-12-31 08:01:00.988147000 -0500
+@@ -602,7 +602,7 @@
+    manner you must immediately obtain and use an original, unmodified 
+    version */
+ 
 -/* #define USE_PKCS12 */
 +#define USE_PKCS12
+ 
  /* Going beyond the PKCS #12 read capability which exists solely to allow 
     the import of keys supplied in that format by third parties, cryptlib has
-    a PKCS #12 write capability.  This exists purely to allow the export of
-@@ -509,7 +509,7 @@
-    PKCS #12 read capability, as well as the fact that PKCS #12 write is an 
-    unsupported facility with special-case usage restrictions that doesn't 
-    work like any normal keyset */
+@@ -620,7 +620,7 @@
+    PKCS #12 write is an unsupported facility with special-case usage 
+    restrictions that doesn't work like any normal keyset */
+ 
 -/* #define USE_PKCS12_WRITE */
 +#define USE_PKCS12_WRITE
  

3rdp/build/cl-allow-servercheck-pubkeys.patch

+--- cryptlib.h.orig	2024-01-18 23:57:53.642105000 -0500
++++ cryptlib.h	2024-01-18 23:58:23.323178000 -0500
+@@ -1236,6 +1236,7 @@
+ 	CRYPT_SESSINFO_PASSWORD,		/* Password */
+ 	CRYPT_SESSINFO_AUTHTOKEN,		/* Authentication token, e.g. TOTP */
+ 	CRYPT_SESSINFO_PRIVATEKEY,		/* Server/client private key */
++	CRYPT_SESSINFO_PUBLICKEY,		/* Other sides public key */
+ 	CRYPT_SESSINFO_KEYSET,			/* Certificate store */
+ 	CRYPT_SESSINFO_AUTHRESPONSE,	/* Session authorisation OK */
+ 
+--- kernel/attr_acl.c.orig	2024-01-19 00:01:33.318597000 -0500
++++ kernel/attr_acl.c	2024-01-19 00:06:16.927122000 -0500
+@@ -3739,6 +3739,15 @@
+ 		MKPERM_SESSIONS( xWx_xWx ),
+ 		ROUTE( OBJECT_TYPE_SESSION ),
+ 		subACL_SessinfoPrivatekey ),
++	MKACL_S(	/* Other side public key */
++		/* We can read this attribute in the low state because we might be
++		   going back to the caller for confirmation before we transition
++		   into the high state */
++		CRYPT_SESSINFO_PUBLICKEY,
++		ST_NONE, ST_NONE, ST_SESS_SSH_SVR, 
++		MKPERM_SESSIONS( Rxx_Rxx ),
++		ROUTE( OBJECT_TYPE_SESSION ),
++		RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
+ 	MKACL_ST(	/* Certificate store/auth.keyset */
+ 		CRYPT_SESSINFO_KEYSET,
+ 		ST_NONE, ST_NONE, MK_ST_EXCEPTION( ST_SESS_ANY_SVR, ST_SESS_TSP_SVR ) | \
+@@ -4942,8 +4951,8 @@
+ 	static_assert( CRYPT_CERTINFO_LAST_GENERALNAME == 2115, "Attribute value" );
+ 	static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
+ 	static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
+-	static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6017, "Attribute value" );
+-	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6040, "Attribute value" );
++	static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6018, "Attribute value" );
++	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6041, "Attribute value" );
+ 	static_assert( CRYPT_CERTFORMAT_LAST == 13, "Attribute value" );
+ 
+ 	/* Perform a consistency check on the attribute ACLs.  The ACLs are
+--- session/sess_iattr.c.orig	2024-01-19 02:24:29.979555000 -0500
++++ session/sess_iattr.c	2024-01-19 02:25:37.172862000 -0500
+@@ -327,7 +327,8 @@
+ 			attributeListPtr = DATAPTR_GET( attributeListPtr->next );
+ 			if( attributeListPtr == NULL || \
+ 				( attributeListPtr->attributeID != CRYPT_SESSINFO_PASSWORD && \
+-				  attributeListPtr->attributeID != CRYPT_SESSINFO_AUTHTOKEN ) )
++				  attributeListPtr->attributeID != CRYPT_SESSINFO_AUTHTOKEN && \
++				  attributeListPtr->attributeID != CRYPT_SESSINFO_PUBLICKEY ) )
+ 				{
+ 				/* We report the missing attribute as a password, which is 
+ 				   more likely and more understandable than a missing 
+--- session/ssh2_authsvr.c.orig	2023-02-26 03:33:26.000000000 -0500
++++ session/ssh2_authsvr.c	2024-01-19 12:21:51.007398000 -0500
+@@ -396,7 +396,7 @@
+ 	/* If we've already seen a standard authentication method then the new 
+ 	   method must be the same */
+ 	if( sshInfo->authType != authType )
+-		return( CRYPT_ERROR_INVALID );
++		sshInfo->authType = authType;
+ 
+ 	return( CRYPT_OK );
+ 	}
+@@ -511,66 +511,69 @@
+ 	   assume that any certificate present will be a cryptlib-generated one 
+ 	   used as a bit-bagging mechanism to get the key into a database, and
+ 	   therefore that sKID == hash( subjectPublicKey ) */
+-	setMessageData( &msgData, keyID, CRYPT_MAX_HASHSIZE );
+-	status = krnlSendMessage( sessionInfoPtr->iKeyexAuthContext, 
+-							  IMESSAGE_GETATTRIBUTE_S, &msgData, 
+-							  CRYPT_IATTRIBUTE_KEYID );
+-	if( cryptStatusOK( status ) )
++	if (sessionInfoPtr->cryptKeyset != CRYPT_ERROR )
+ 		{
+-		setMessageKeymgmtInfo( &getkeyInfo, CRYPT_IKEYID_KEYID, 
+-							   msgData.data, msgData.length, NULL, 0, 
+-							   KEYMGMT_FLAG_NONE );
+-		status = krnlSendMessage( sessionInfoPtr->cryptKeyset, 
+-								  IMESSAGE_KEY_GETKEY, &getkeyInfo, 
+-								  KEYMGMT_ITEM_PUBLICKEY );
+-		}
+-	if( cryptStatusError( status ) )
+-		{
++		setMessageData( &msgData, keyID, CRYPT_MAX_HASHSIZE );
++		status = krnlSendMessage( sessionInfoPtr->iKeyexAuthContext, 
++								  IMESSAGE_GETATTRIBUTE_S, &msgData, 
++								  CRYPT_IATTRIBUTE_KEYID );
++		if( cryptStatusOK( status ) )
++			{
++			setMessageKeymgmtInfo( &getkeyInfo, CRYPT_IKEYID_KEYID, 
++								   msgData.data, msgData.length, NULL, 0, 
++								   KEYMGMT_FLAG_NONE );
++			status = krnlSendMessage( sessionInfoPtr->cryptKeyset, 
++									  IMESSAGE_KEY_GETKEY, &getkeyInfo, 
++									  KEYMGMT_ITEM_PUBLICKEY );
++			}
++		if( cryptStatusError( status ) )
++			{
+ #ifdef USE_ERRMSGS
+-		char keyIDText[ CRYPT_MAX_TEXTSIZE + 8 ];
++			char keyIDText[ CRYPT_MAX_TEXTSIZE + 8 ];
+ #endif /* USE_ERRMSGS */
+ 
+-		formatHexData( keyIDText, CRYPT_MAX_TEXTSIZE, keyID, 
+-					   msgData.length );
+-		retExt( CRYPT_ERROR_PERMISSION,
+-				( CRYPT_ERROR_PERMISSION, SESSION_ERRINFO, 
+-				  "Client public key with ID '%s' is not trusted for "
+-				  "authentication purposes", keyIDText ) );
+-		}
++			formatHexData( keyIDText, CRYPT_MAX_TEXTSIZE, keyID, 
++						   msgData.length );
++			retExt( CRYPT_ERROR_PERMISSION,
++					( CRYPT_ERROR_PERMISSION, SESSION_ERRINFO, 
++					  "Client public key with ID '%s' is not trusted for "
++					  "authentication purposes", keyIDText ) );
++			}
+ 
+-	/* Check that the name in the certificate matches the supplied user 
+-	   name */
+-	setMessageData( &msgData, holderName, CRYPT_MAX_TEXTSIZE );
+-	status = krnlSendMessage( getkeyInfo.cryptHandle, IMESSAGE_GETATTRIBUTE_S,
++		/* Check that the name in the certificate matches the supplied user 
++		   name */
++		setMessageData( &msgData, holderName, CRYPT_MAX_TEXTSIZE );
++		status = krnlSendMessage( getkeyInfo.cryptHandle, IMESSAGE_GETATTRIBUTE_S,
+ 							  &msgData, CRYPT_IATTRIBUTE_HOLDERNAME );
+-	krnlSendNotifier( getkeyInfo.cryptHandle, IMESSAGE_DESTROY );
+-	if( cryptStatusOK( status ) )
+-		{
+-		holderNameLen = msgData.length;
+-		if( userNameLength != holderNameLen || \
+-			compareDataConstTime( userName, holderName, 
+-								  userNameLength ) != TRUE )
+-			status = CRYPT_ERROR_INVALID;
+-		}
+-	else
+-		{
+-		memcpy( holderName, "<Unknown>", 9 );
+-		holderNameLen = 9;
+-		}
+-	if( cryptStatusError( status ) )
+-		{
+-		BYTE userNameBuffer[ CRYPT_MAX_TEXTSIZE + 8 ];
++		krnlSendNotifier( getkeyInfo.cryptHandle, IMESSAGE_DESTROY );
++		if( cryptStatusOK( status ) )
++			{
++			holderNameLen = msgData.length;
++			if( userNameLength != holderNameLen || \
++				compareDataConstTime( userName, holderName, 
++									  userNameLength ) != TRUE )
++				status = CRYPT_ERROR_INVALID;
++			}
++		else
++			{
++			memcpy( holderName, "<Unknown>", 9 );
++			holderNameLen = 9;
++			}
++		if( cryptStatusError( status ) )
++			{
++			BYTE userNameBuffer[ CRYPT_MAX_TEXTSIZE + 8 ];
+ 
+-		REQUIRES( rangeCheck( userNameLength, 1, CRYPT_MAX_TEXTSIZE ) );
+-		memcpy( userNameBuffer, userName, userNameLength );
+-		retExt( CRYPT_ERROR_INVALID,
+-				( CRYPT_ERROR_INVALID, SESSION_ERRINFO, 
+-				  "Client public key name '%s' doesn't match supplied user "
+-				  "name '%s'", 
+-				  sanitiseString( holderName, CRYPT_MAX_TEXTSIZE, 
+-								  holderNameLen ),
+-				  sanitiseString( userNameBuffer, CRYPT_MAX_TEXTSIZE, 
+-								  userNameLength ) ) );
++			REQUIRES( rangeCheck( userNameLength, 1, CRYPT_MAX_TEXTSIZE ) );
++			memcpy( userNameBuffer, userName, userNameLength );
++			retExt( CRYPT_ERROR_INVALID,
++					( CRYPT_ERROR_INVALID, SESSION_ERRINFO, 
++					  "Client public key name '%s' doesn't match supplied user "
++					  "name '%s'", 
++					  sanitiseString( holderName, CRYPT_MAX_TEXTSIZE, 
++									  holderNameLen ),
++					  sanitiseString( userNameBuffer, CRYPT_MAX_TEXTSIZE, 
++									  userNameLength ) ) );
++			}
+ 		}
+ 
+ 	/* Get a pointer to the portion of the packet that gets signed */
+@@ -662,8 +665,8 @@
+ 							IN_BOOL const BOOLEAN initialAuth )
+ 	{
+ 	STREAM stream;
+-	const BOOLEAN allowPubkeyAuth = \
+-			( sessionInfoPtr->cryptKeyset != CRYPT_ERROR ) ? TRUE : FALSE;
++	// Always allow public key auth...
++	const BOOLEAN allowPubkeyAuth = TRUE;
+ 	const AUTHTYPE_INFO *authTypeInfoTblPtr = allowPubkeyAuth ? \
+ 			authTypeInfoTbl : authTypeInfoPasswordTbl;
+ 	const int authTypeInfoTblSize = allowPubkeyAuth ? \
+@@ -1098,23 +1101,67 @@
+ 			}
+ 		CFI_CHECK_UPDATE( "checkPublicKeySig" );
+ 
+-		/* The user has successfully authenticated, let the client know and 
+-		   indicate this through a failsafe two-value return status (see the 
+-		   comment for processFixedAuth()/processServerAuth() for details) */
+-		status = sendResponseSuccess( sessionInfoPtr );
+-		if( cryptStatusError( status ) )
+-			return( status );
+-		*userAuthInfo = USERAUTH_SUCCESS;
+-		CFI_CHECK_UPDATE( "sendResponseSuccess" );
++		if (sessionInfoPtr->cryptKeyset != CRYPT_ERROR )
++			{
++			/* The user has successfully authenticated, let the client know and 
++			   indicate this through a failsafe two-value return status (see the 
++			   comment for processFixedAuth()/processServerAuth() for details) */
++			status = sendResponseSuccess( sessionInfoPtr );
++			if( cryptStatusError( status ) )
++				return( status );
++			CFI_CHECK_UPDATE( "sendResponseSuccess" );
+ 
+-		ENSURES( CFI_CHECK_SEQUENCE_8( "readAuthPacketSSH2", 
+-									   "checkAuthPacketSSH2", 
+-									   "checkQueryValidity", "readAuthInfo", 
+-									   "findSessionInfoEx", 
+-									   "SSH_AUTHTYPE_QUERY",
+-									   "checkPublicKeySig", 
+-									   "sendResponseSuccess" ) );
+-		return( CRYPT_OK );
++			ENSURES( CFI_CHECK_SEQUENCE_8( "readAuthPacketSSH2", 
++										   "checkAuthPacketSSH2", 
++										   "checkQueryValidity", "readAuthInfo", 
++										   "findSessionInfoEx", 
++										   "SSH_AUTHTYPE_QUERY",
++										   "checkPublicKeySig", 
++										   "sendResponseSuccess" ) );
++			*userAuthInfo = USERAUTH_SUCCESS;
++			return( CRYPT_OK );
++			}
++		else
++			{
++			/* There are no pre-set credentials present to match against, record the 
++			   public key for the caller to check, making it an ephemeral attribute 
++			   since the client could try and re-enter it on a subsequent iteration 
++			   if we tell them that it's incorrect. */
++			MESSAGE_DATA msgData;
++			BYTE keyBuffer[2056];
++			setMessageData( &msgData, keyBuffer, sizeof(keyBuffer) - 8);
++			status = krnlSendMessage( sessionInfoPtr->iKeyexAuthContext, IMESSAGE_GETATTRIBUTE_S, &msgData, CRYPT_IATTRIBUTE_KEY_SSH );
++
++			if( cryptStatusError( status ) )
++				{
++				retExt( status,
++						( status, SESSION_ERRINFO, 
++						  "Error getting public key for user '%s'",
++						  sanitiseString( userNameBuffer, CRYPT_MAX_TEXTSIZE,
++										  userNameLength ) ) );
++				}
++			status = updateSessionInfo( sessionInfoPtr, CRYPT_SESSINFO_PUBLICKEY,
++										msgData.data, msgData.length,
++										sizeof(keyBuffer) - 8, ATTR_FLAG_EPHEMERAL );
++			if( cryptStatusError( status ) )
++				{
++				retExt( status,
++						( status, SESSION_ERRINFO, 
++						  "Error recording public key for user '%s'",
++						  sanitiseString( userNameBuffer, CRYPT_MAX_TEXTSIZE,
++										  userNameLength ) ) );
++				}
++			CFI_CHECK_UPDATE( "updateSessionInfo" );
++			ENSURES( CFI_CHECK_SEQUENCE_8( "readAuthPacketSSH2", 
++										   "checkAuthPacketSSH2", 
++										   "checkQueryValidity", "readAuthInfo", 
++										   "findSessionInfoEx", 
++										   "SSH_AUTHTYPE_QUERY",
++										   "checkPublicKeySig",
++										   "updateSessionInfo" ) );
++			*userAuthInfo = USERAUTH_CALLERCHECK;
++			return( OK_SPECIAL );
++			}
+ 		}
+ 	sMemDisconnect( &stream );
+ 	CFI_CHECK_UPDATE( "SSH_AUTHTYPE_PUBKEY" );
+--- session/sess_attr.c.orig	2024-01-19 15:00:59.583402000 -0500
++++ session/sess_attr.c	2024-01-19 15:01:28.125584000 -0500
+@@ -884,6 +884,7 @@
+ 		case CRYPT_SESSINFO_SERVER_FINGERPRINT_SHA1:
+ 		case CRYPT_SESSINFO_SERVER_NAME:
+ 		case CRYPT_SESSINFO_CLIENT_NAME:
++		case CRYPT_SESSINFO_PUBLICKEY:
+ 			attributeListPtr = findSessionInfo( sessionInfoPtr, attribute );
+ 			if( attributeListPtr == NULL )
+ 				return( exitErrorNotInited( sessionInfoPtr, attribute ) );

3rdp/build/cl-allow-ssh-2.0-go.patch

+--- session/ssh2_id.c.orig	2024-01-14 12:27:01.156907000 -0500
++++ session/ssh2_id.c	2024-01-14 12:26:48.539941000 -0500
+@@ -901,7 +901,7 @@
+ 		versionStringLength = length - startOffset;
+ 		}
+ 	if( cryptStatusError( status ) || \
+-		!isShortIntegerRangeMin( versionStringLength, 3 ) )
++		!isShortIntegerRangeMin( versionStringLength, 2 ) )
+ 		{
+ 		/* We need at least "-x.y" after the initial ID string, we can't 
+ 		   require any more than this because of CuteFTP (see note below).

3rdp/build/cl-allow-ssh-auth-retries.patch

---- ./session/ssh2_authc.c.orig	2023-12-28 09:41:49.741680000 -0500
-+++ ./session/ssh2_authc.c	2023-12-28 09:48:19.999152000 -0500
+--- ./session/ssh2_authcli.c.orig	2023-12-28 09:41:49.741680000 -0500
++++ ./session/ssh2_authcli.c	2023-12-28 09:48:19.999152000 -0500
 @@ -583,7 +583,5 @@
  					  "Server requested password authentication but only a "
  					  "public/private key was available" ) );
@@ -9,33 +9,15 @@
 -				  "Server reported: Invalid public-key authentication" ) );
 +		return CRYPT_ENVELOPE_RESOURCE;
 		}
---- session/sess_attr.c.orig	2023-12-29 10:12:33.284671000 -0500
-+++ session/sess_attr.c	2023-12-29 11:34:14.207575000 -0500
-@@ -292,6 +292,7 @@
- 		   of, and leads to exceptions to exceptions, so we keep it simple 
- 		   and only allow passwords to be added if there's an immediately 
- 		   preceding username */
-+#if 0
- 		if( cryptStatusError( status ) )
- 			{
- 			return( exitErrorNotInited( sessionInfoPtr, 
-@@ -305,6 +301,7 @@
- 			return( exitErrorNotInited( sessionInfoPtr, 
- 										CRYPT_SESSINFO_USERNAME ) );
- 			}
-+#endif
- 		}
- 
- 	/* If it could be an encoded PKI value, check its validity */
 --- kernel/attr_acl.c.orig	2023-12-29 11:53:27.990291000 -0500
 +++ kernel/attr_acl.c	2023-12-29 11:54:01.468829000 -0500
 @@ -3655,7 +3655,7 @@
  		subACL_SessinfoKeyset ),
- 	MKACL_EX(	/* Session authorisation OK */
- 		CRYPT_SESSINFO_AUTHRESPONSE, ATTRIBUTE_VALUE_NUMERIC,
--		ST_NONE, ST_NONE, ST_SESS_SSL | ST_SESS_SSL_SVR | ST_SESS_SSH_SVR, 
-+		ST_NONE, ST_NONE, ST_SESS_SSL | ST_SESS_SSL_SVR | ST_SESS_SSH | ST_SESS_SSH_SVR, 
- 		MKPERM_SESSIONS( RWx_RWx ), 0,
+ 	MKACL_SL(	/* Session authorisation OK */
+ 		CRYPT_SESSINFO_AUTHRESPONSE, 
+-		ST_NONE, ST_NONE, ST_SESS_TLS | ST_SESS_TLS_SVR | ST_SESS_SSH_SVR, 
++		ST_NONE, ST_NONE, ST_SESS_TLS | ST_SESS_TLS_SVR | ST_SESS_SSH | ST_SESS_SSH_SVR, 
+ 		MKPERM_SESSIONS( RWx_RWx ), 
  		ROUTE( OBJECT_TYPE_SESSION ),
  		RANGE_ALLOWEDVALUES, allowedAuthResponses ),
 --- session/ssh.c.orig	2023-12-29 12:02:24.938661000 -0500
@@ -47,7 +29,7 @@
 +	/* If we're completing a handshake that was interrupted while we got
 +	   confirmation of the client auth, skip the initial handshake stages
 +	   and go straight to the handshake completion stage */
-+	if( TEST_FLAG( sessionInfoPtr->flags, SESSION_FLAG_PARTIALOPEN ) )
++	if( (!isServer(sessionInfoPtr)) && TEST_FLAG( sessionInfoPtr->flags, SESSION_FLAG_PARTIALOPEN ) )
 +		{
 +		SSH_HANDSHAKE_INFO handshakeInfo;
 +
@@ -59,24 +41,53 @@
  	shutdownFunction = ( SES_SHUTDOWN_FUNCTION ) \
  					   FNPTR_GET( sessionInfoPtr->shutdownFunction );
  	REQUIRES( shutdownFunction != NULL );
---- session/ssh2_cli.c.orig	2018-12-21 04:12:46.000000000 -0500
-+++ session/ssh2_cli.c	2023-12-29 12:33:18.988457000 -0500
-@@ -963,230 +963,238 @@
+--- ./session/sess_attr.c.orig	2023-12-31 09:02:53.666275000 -0500
++++ ./session/sess_attr.c	2023-12-31 09:06:17.870218000 -0500
+@@ -442,6 +442,7 @@
+ 			   back out of, and leads to exceptions to exceptions, so we 
+ 			   keep it simple and only allow passwords to be added if 
+ 			   there's an immediately preceding username */
++#if 0
+ 			if( cryptStatusError( status ) )
+ 				{
+ 				return( exitErrorNotInited( sessionInfoPtr, 
+@@ -455,6 +456,7 @@
+ 				return( exitErrorNotInited( sessionInfoPtr, 
+ 											CRYPT_SESSINFO_USERNAME ) );
+ 				}
++#endif
  
+ 			break;
+ 
+--- ./session/ssh2_cli.c.orig	2023-02-25 00:51:44.000000000 -0500
++++ ./session/ssh2_cli.c	2023-12-31 09:10:49.225311000 -0500
+@@ -985,232 +985,239 @@
  	REQUIRES( sanityCheckSessionSSH( sessionInfoPtr ) );
+ 	REQUIRES( sanityCheckSSHHandshakeInfo( handshakeInfo ) );
  
 -	/* Set up the security information required for the session */
 -	status = initSecurityInfo( sessionInfoPtr, handshakeInfo );
 -	if( cryptStatusError( status ) )
 -		return( status );
 -	CFI_CHECK_UPDATE( "initSecurityInfo" );
--
++	if( !TEST_FLAG( sessionInfoPtr->flags, SESSION_FLAG_PARTIALOPEN ) )
++		{
++		/* Set up the security information required for the session */
++		status = initSecurityInfo( sessionInfoPtr, handshakeInfo );
++		if( cryptStatusError( status ) )
++			return( status );
++		CFI_CHECK_UPDATE( "initSecurityInfo" );
+ 
 -	/* Build our change cipherspec message and request authentication with
 -	   the server:
--
++		/* Build our change cipherspec message and request authentication with
++		   the server:
+ 
 -		byte	type = SSH_MSG_NEWKEYS
 -		...
--
++			byte	type = SSH_MSG_NEWKEYS
++			...
+ 
 -	   After this point the write channel is in the secure state, so we 
 -	   switch from wrapPlaintextPacketSSH2() to wrapPacketSSH2() */
 -	status = openPacketStreamSSH( &stream, sessionInfoPtr, SSH_MSG_NEWKEYS );
@@ -84,41 +95,82 @@
 -		return( status );
 -	status = wrapPlaintextPacketSSH2( sessionInfoPtr, &stream, 0 );
 -	if( cryptStatusError( status ) )
-+	if( !TEST_FLAG( sessionInfoPtr->flags, SESSION_FLAG_PARTIALOPEN ) )
- 		{
+-		{
 -		sMemDisconnect( &stream );
 -		return( status );
 -		}
 -	SET_FLAG( sessionInfoPtr->flags, SESSION_FLAG_ISSECURE_WRITE );
 -	CFI_CHECK_UPDATE( "SSH_MSG_NEWKEYS" );
-+		/* Set up the security information required for the session */
-+		status = initSecurityInfo( sessionInfoPtr, handshakeInfo );
++		   After this point the write channel is in the secure state, so we 
++		   switch from wrapPlaintextPacketSSH2() to wrapPacketSSH2() */
++		status = openPacketStreamSSH( &stream, sessionInfoPtr, SSH_MSG_NEWKEYS );
 +		if( cryptStatusError( status ) )
 +			return( status );
-+		CFI_CHECK_UPDATE( "initSecurityInfo" );
++		status = wrapPlaintextPacketSSH2( sessionInfoPtr, &stream, 0 );
++		if( cryptStatusError( status ) )
++			{
++			sMemDisconnect( &stream );
++			return( status );
++			}
++		SET_FLAG( sessionInfoPtr->flags, SESSION_FLAG_ISSECURE_WRITE );
++		CFI_CHECK_UPDATE( "SSH_MSG_NEWKEYS" );
  
 -#if 0
 -	/*   byte       SSH_MSG_EXT_INFO
 -	     uint32     nr-extensions
 -	       string   extension-name
 -	       string   extension-value (binary) */
+-	if( !TEST_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_NOEXTINFO ) )
+-		{
 -		status = continuePacketStreamSSH( &stream, SSH_MSG_EXT_INFO, 
 -										  &packetOffset );
 -		if( cryptStatusOK( status ) )
--		{
++#if 0
++		/*   byte       SSH_MSG_EXT_INFO
++		     uint32     nr-extensions
++		       string   extension-name
++		       string   extension-value (binary) */
++		if( !TEST_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_NOEXTINFO ) )
+ 			{
 -			writeUint32( &stream, 1 );
 -			writeString32( &stream, "global-requests-ok", 18 );
 -			status = writeUint32( &stream, 0 );
--		}
--	if( cryptStatusOK( status ) )
--		{
--		status = wrapPacketSSH2( sessionInfoPtr, &stream, packetOffset, 
--								 FALSE );
++			status = continuePacketStreamSSH( &stream, SSH_MSG_EXT_INFO, 
++											  &packetOffset );
++			if( cryptStatusOK( status ) )
++				{
++				writeUint32( &stream, 1 );
++				writeString32( &stream, "global-requests-ok", 18 );
++				status = writeUint32( &stream, 0 );
++				}
++			if( cryptStatusOK( status ) )
++				{
++				status = wrapPacketSSH2( sessionInfoPtr, &stream, packetOffset, 
++										 FALSE );
++				}
+ 			}
++#endif /* Test handling of trigger for global request after authentication */ 
++
++		/*	...
++			byte	type = SSH_MSG_SERVICE_REQUEST
++			string	service_name = "ssh-userauth".
++			
++		   For some reason SSH requires the use of two authentication messages, 
++		   an "I'm about to authenticate" packet and an "I'm authenticating" 
++		   packet, so we have to perform the authentication in two parts (dum 
++		   loquimur, fugerit invida aetas) */
++		status = continuePacketStreamSSH( &stream, SSH_MSG_SERVICE_REQUEST,
++										  &packetOffset );
+ 		if( cryptStatusOK( status ) )
++			status = writeString32( &stream, "ssh-userauth", 12 );
++		if( cryptStatusOK( status ) )
+ 			{
+ 			status = wrapPacketSSH2( sessionInfoPtr, &stream, packetOffset, 
+ 									 FALSE );
+ 			}
 -		}
 -#endif /* Test handling of trigger for global request after authentication */ 
-+		/* Build our change cipherspec message and request authentication with
-+		   the server:
- 
+-
 -	/*	...
 -		byte	type = SSH_MSG_SERVICE_REQUEST
 -		string	service_name = "ssh-userauth".
@@ -142,15 +194,13 @@
 -		return( status );
 -		}
 -	CFI_CHECK_UPDATE( "SSH_MSG_SERVICE_REQUEST" );
-+			byte	type = SSH_MSG_NEWKEYS
-+			...
- 
+-
 -	/* Send the whole mess to the server.  This is yet another place where 
--	   the SSH spec's vagueness over message ordering causes problems.  SSL 
+-	   the SSH spec's vagueness over message ordering causes problems.  TLS 
 -	   at this point uses a Finished message in which the client and server 
 -	   do a mutual proof-of-possession of encryption and MAC keys via a 
 -	   pipeline-stalling message that prevents any further (sensitive) data 
--	   from being exchanged until the PoP has concluded (the SSL Finished 
+-	   from being exchanged until the PoP has concluded (the TLS Finished 
 -	   also authenticates the handshake messages) but SSH doesn't have any
 -	   such requirements.  The signed exchange hash from the server proves 
 -	   to the client that the server knows the master secret but not 
@@ -196,7 +246,7 @@
 -	   authentication" to be "Something completely different from what we're 
 -	   doing here" which means that we could send the two packets together 
 -	   without having to wait for the server, but it's probably better to 
--	   use SSL-tyle Finished semantics at this point even if it adds an 
+-	   use TLS-tyle Finished semantics at this point even if it adds an 
 -	   extra RTT delay */
 -	status = sendPacketSSH2( sessionInfoPtr, &stream );
 -	sMemDisconnect( &stream );
@@ -222,13 +272,7 @@
 -		   packet without looking at the contents */
 -		status = readHSPacketSSH2( sessionInfoPtr, SSH_MSG_SERVICE_ACCEPT, 
 -								   ID_SIZE );
-+		   After this point the write channel is in the secure state, so we 
-+		   switch from wrapPlaintextPacketSSH2() to wrapPacketSSH2() */
-+		status = openPacketStreamSSH( &stream, sessionInfoPtr, SSH_MSG_NEWKEYS );
  		if( cryptStatusError( status ) )
-+			return( status );
-+		status = wrapPlaintextPacketSSH2( sessionInfoPtr, &stream, 0 );
-+		if( cryptStatusError( status ) )
  			{
 -			/* This is the first message after the change cipherspec, a 
 -			   basic packet format error is more likely to be due to an 
@@ -238,7 +282,7 @@
 -						 SESSION_ERRINFO, 
 -						 "Invalid packet data for SSH_MSG_SERVICE_ACCEPT, "
 -						 "probably due to incorrect encryption keys being "
--						 "negotiated during the handshake:" ) );
+-						 "negotiated during the handshake" ) );
 +			sMemDisconnect( &stream );
 +			return( status );
  			}
@@ -246,85 +290,21 @@
 -	else
 -		{
 -		int length;
-+		SET_FLAG( sessionInfoPtr->flags, SESSION_FLAG_ISSECURE_WRITE );
-+		CFI_CHECK_UPDATE( "SSH_MSG_NEWKEYS" );
++		CFI_CHECK_UPDATE( "SSH_MSG_SERVICE_REQUEST" );
  
 -		/* Check the service-accept packet:
-+	#if 0
-+		/*   byte       SSH_MSG_EXT_INFO
-+		     uint32     nr-extensions
-+		       string   extension-name
-+		       string   extension-value (binary) */
-+		status = continuePacketStreamSSH( &stream, SSH_MSG_EXT_INFO, 
-+										  &packetOffset );
-+		if( cryptStatusOK( status ) )
-+			{
-+			writeUint32( &stream, 1 );
-+			writeString32( &stream, "global-requests-ok", 18 );
-+			status = writeUint32( &stream, 0 );
-+			}
-+		if( cryptStatusOK( status ) )
-+			{
-+			status = wrapPacketSSH2( sessionInfoPtr, &stream, packetOffset, 
-+									 FALSE );
-+			}
-+	#endif /* Test handling of trigger for global request after authentication */ 
- 
+-
 -			byte	type = SSH_MSG_SERVICE_ACCEPT
-+		/*	...
-+			byte	type = SSH_MSG_SERVICE_REQUEST
- 			string	service_name = "ssh-userauth".
- 			
+-			string	service_name = "ssh-userauth".
+-			
 -		   This may also be an extension info packet if the server is using 
 -		   extensions: 
--		   
--			byte		type = SSH_MSG_EXT_INFO
--			uint32		no_extensions
--				string	name
--				string	value (binary data) */
--		status = length = \
--			readHSPacketSSH2( sessionInfoPtr, SSH_MSG_SPECIAL_SERVICEACCEPT,
--							  ID_SIZE + UINT32_SIZE );
--		if( cryptStatusError( status ) )
-+		   For some reason SSH requires the use of two authentication messages, 
-+		   an "I'm about to authenticate" packet and an "I'm authenticating" 
-+		   packet, so we have to perform the authentication in two parts (dum 
-+		   loquimur, fugerit invida aetas) */
-+		status = continuePacketStreamSSH( &stream, SSH_MSG_SERVICE_REQUEST,
-+										  &packetOffset );
-+		if( cryptStatusOK( status ) )
-+			status = writeString32( &stream, "ssh-userauth", 12 );
-+		if( cryptStatusOK( status ) )
- 			{
--			/* This is the first message after the change cipherspec, a 
--			   basic packet format error is more likely to be due to an 
--			   incorrect key than an actual format error */
--			retExtErr( CRYPT_ERROR_WRONGKEY,
--					   ( CRYPT_ERROR_WRONGKEY, SESSION_ERRINFO, 
--						 SESSION_ERRINFO, 
--						 "Invalid packet data for SSH_MSG_SERVICE_ACCEPT, "
--						 "probably due to incorrect encryption keys being "
--						 "negotiated during the handshake:" ) );
-+			status = wrapPacketSSH2( sessionInfoPtr, &stream, packetOffset, 
-+									 FALSE );
- 			}
--		if( sessionInfoPtr->sessionSSH->packetType == SSH_MSG_EXT_INFO )
-+		if( cryptStatusError( status ) )
- 			{
--			/* The server sent extension information, process it */
--			sMemConnect( &stream, sessionInfoPtr->receiveBuffer, length );
--			status = readExtensionsSSH( sessionInfoPtr, &stream );
- 			sMemDisconnect( &stream );
-+			return( status );
-+			}
-+		CFI_CHECK_UPDATE( "SSH_MSG_SERVICE_REQUEST" );
-+
 +		/* Send the whole mess to the server.  This is yet another place where 
-+		   the SSH spec's vagueness over message ordering causes problems.  SSL 
++		   the SSH spec's vagueness over message ordering causes problems.  TLS 
 +		   at this point uses a Finished message in which the client and server 
 +		   do a mutual proof-of-possession of encryption and MAC keys via a 
 +		   pipeline-stalling message that prevents any further (sensitive) data 
-+		   from being exchanged until the PoP has concluded (the SSL Finished 
++		   from being exchanged until the PoP has concluded (the TLS Finished 
 +		   also authenticates the handshake messages) but SSH doesn't have any
 +		   such requirements.  The signed exchange hash from the server proves 
 +		   to the client that the server knows the master secret but not 
@@ -335,7 +315,14 @@
 +		   PoP isn't a design goal of the SSH handshake we do it anyway (as far 
 +		   as we can without a proper Finished message), although this 
 +		   introduces a pipeline stall at this point.
-+		   
+ 		   
+-			byte		type = SSH_MSG_EXT_INFO
+-			uint32		no_extensions
+-				string	name
+-				string	value (binary data) */
+-		status = length = \
+-			readHSPacketSSH2( sessionInfoPtr, SSH_MSG_SPECIAL_SERVICEACCEPT,
+-							  ID_SIZE + UINT32_SIZE );
 +		   In addition because of the aforementioned ambiguity over message 
 +		   ordering we have to send our change cipherspec first because some 
 +		   implementations will stop and wait before they send their one, so if 
@@ -370,11 +357,11 @@
 +		   authentication" to be "Something completely different from what we're 
 +		   doing here" which means that we could send the two packets together 
 +		   without having to wait for the server, but it's probably better to 
-+		   use SSL-tyle Finished semantics at this point even if it adds an 
++		   use TLS-tyle Finished semantics at this point even if it adds an 
 +		   extra RTT delay */
 +		status = sendPacketSSH2( sessionInfoPtr, &stream );
 +		sMemDisconnect( &stream );
-+		if( cryptStatusError( status ) )
+ 		if( cryptStatusError( status ) )
 +			return( status );
 +
 +		/* Wait for the server's change cipherspec message.  From this point
@@ -391,13 +378,21 @@
 +		   check the contents if it's a correctly-formatted packet */
 +		if( TEST_FLAG( sessionInfoPtr->protocolFlags, 
 +					   SSH_PFLAG_EMPTYSVCACCEPT ) )
-+			{
+ 			{
+-			/* This is the first message after the change cipherspec, a 
+-			   basic packet format error is more likely to be due to an 
+-			   incorrect key than an actual format error */
+-			retExtErr( CRYPT_ERROR_WRONGKEY,
+-					   ( CRYPT_ERROR_WRONGKEY, SESSION_ERRINFO, 
+-						 SESSION_ERRINFO, 
+-						 "Invalid packet data for SSH_MSG_SERVICE_ACCEPT, "
+-						 "probably due to incorrect encryption keys being "
+-						 "negotiated during the handshake" ) );
 +			/* It's a buggy implementation, just check for the presence of a 
 +			   packet without looking at the contents */
 +			status = readHSPacketSSH2( sessionInfoPtr, SSH_MSG_SERVICE_ACCEPT, 
 +									   ID_SIZE );
- 			if( cryptStatusError( status ) )
--				return( status );
++			if( cryptStatusError( status ) )
 +				{
 +				/* This is the first message after the change cipherspec, a 
 +				   basic packet format error is more likely to be due to an 
@@ -407,11 +402,18 @@
 +							 SESSION_ERRINFO, 
 +							 "Invalid packet data for SSH_MSG_SERVICE_ACCEPT, "
 +							 "probably due to incorrect encryption keys being "
-+							 "negotiated during the handshake:" ) );
-+				}
++							 "negotiated during the handshake" ) );
 +				}
+ 			}
+-		if( sessionInfoPtr->sessionSSH->packetType == SSH_MSG_EXT_INFO )
 +		else
-+			{
+ 			{
+-			/* The server sent extension information, process it */
+-			sMemConnect( &stream, sessionInfoPtr->receiveBuffer, length );
+-			status = readExtensionsSSH( sessionInfoPtr, &stream );
+-			sMemDisconnect( &stream );
+-			if( cryptStatusError( status ) )
+-				return( status );
 +			int length;
  
 -			/* Retry the service-accept read */
@@ -443,7 +445,7 @@
 +							 SESSION_ERRINFO, 
 +							 "Invalid packet data for SSH_MSG_SERVICE_ACCEPT, "
 +							 "probably due to incorrect encryption keys being "
-+							 "negotiated during the handshake:" ) );
++							 "negotiated during the handshake" ) );
 +				}
 +			if( sessionInfoPtr->sessionSSH->packetType == SSH_MSG_EXT_INFO )
 +				{
@@ -493,26 +495,23 @@
 -		}
 -	CFI_CHECK_UPDATE( "serviceAccept" );
 +		CFI_CHECK_UPDATE( "serviceAccept" );
- 
 +		REQUIRES( CFI_CHECK_SEQUENCE_5( "initSecurityInfo", "SSH_MSG_NEWKEYS",
 +										"SSH_MSG_SERVICE_REQUEST",
 +										"readHSPacketSSH2", "serviceAccept") );
 +		CFI_CHECK_VALUE = CFI_CHECK_INIT;
 +	}
-+
+ 
  	/* Try and authenticate ourselves to the server */
  	status = processClientAuth( sessionInfoPtr, handshakeInfo );
- 	if( cryptStatusError( status ) )
-@@ -1210,11 +1218,7 @@
+@@ -1235,10 +1242,7 @@
  		return( status );
  	CFI_CHECK_UPDATE( "sendChannelOpen" );
  
--	REQUIRES( CFI_CHECK_SEQUENCE_7( "initSecurityInfo", "SSH_MSG_NEWKEYS",
+-	ENSURES( CFI_CHECK_SEQUENCE_7( "initSecurityInfo", "SSH_MSG_NEWKEYS",
 -								   "SSH_MSG_SERVICE_REQUEST", 
 -								   "readHSPacketSSH2", "serviceAccept",
 -								   "processClientAuth", 
--									"sendChannelOpen" ) );
-+	REQUIRES( CFI_CHECK_SEQUENCE_2(  "processClientAuth", "sendChannelOpen" ) );
++	ENSURES( CFI_CHECK_SEQUENCE_2( "processClientAuth", 
+ 								   "sendChannelOpen" ) );
  	return( CRYPT_OK );
  #else	/* Test handling of OpenSSH "no-more-sessions@openssh.com" */
- 	status = sendChannelOpen( sessionInfoPtr );

3rdp/build/cl-bn_div.patch

---- bn/bn_div.c.orig	2019-01-21 13:35:22.583819000 -0500
-+++ bn/bn_div.c	2019-01-21 13:35:27.565846000 -0500
-@@ -112,7 +112,7 @@
- /* End changes for cryptlib - pcg */
- 
- /* The old slow way */
--#if 0
-+#if 1
- int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-            BN_CTX *ctx)
- {

3rdp/build/cl-bn_div2.patch

---- bn/bn_div.c.orig	2017-03-23 01:27:30.000000000 -0400
-+++ bn/bn_div.c	2019-01-21 17:23:06.478306000 -0500
-@@ -229,6 +229,9 @@
- #  endif                        /* __GNUC__ */
- # endif                         /* OPENSSL_NO_ASM */
- 
-+#undef REMAINDER_IS_ALREADY_CALCULATED
-+#undef bn_div_words
-+
- /*-
-  * BN_div computes  dv := num / divisor,  rounding towards
-  * zero, and sets up rm  such that  dv*divisor + rm = num  holds.

3rdp/build/cl-check-before-use.patch

-diff -ur ../cl-old/random/unix.c ./random/unix.c
---- ../cl-old/random/unix.c	2021-03-29 22:36:37.000000000 -0700
-+++ ./random/unix.c	2021-03-29 22:38:03.000000000 -0700
-@@ -505,7 +505,9 @@
- 									   amount of output so typically gets
- 									   truncated at SYSCTL_BUFFER_SIZE */
- #endif /* KERN_PROC2 */
-+#ifdef GPROF_COUNT
- 	{ 3, { CTL_KERN, KERN_PROF, GPROF_COUNT }, 10 },
-+#endif
- 									/* If kernel is compiled for profiling, 
- 									   an array of statistical program 
- 									   counter counts.  This typically isn't

3rdp/build/cl-check-cert-dont-modify.patch

-This patch doesn't solve the issue.
---- session/session.c.orig	2023-12-19 14:27:12.836848000 -0500
-+++ session/session.c	2023-12-19 14:29:00.324330000 -0500
-@@ -280,14 +280,19 @@
- 	/* Check whether the certificate is valid at a standard level of 
- 	   compliance, which catches expired certificates and other obvious
- 	   problems */
-+	// Don't mess with the cert!  If the compliance level is crap, do crap checks.
-+#if 0
- 	krnlSendMessage( iServerKey, IMESSAGE_SETATTRIBUTE, 
- 					 ( MESSAGE_CAST ) &complianceLevelStandard, 
- 					 CRYPT_OPTION_CERT_COMPLIANCELEVEL );
-+#endif
- 	status = krnlSendMessage( iServerKey, IMESSAGE_CHECK, NULL, 
- 							  MESSAGE_CHECK_CERT );
-+#if 0
- 	krnlSendMessage( iServerKey, IMESSAGE_SETATTRIBUTE, 
- 					 ( MESSAGE_CAST ) &complianceLevel, 
- 					 CRYPT_OPTION_CERT_COMPLIANCELEVEL );
-+#endif
- 	if( cryptStatusOK( status ) )
- 		return( CRYPT_OK );
- 

3rdp/build/cl-clear-GCM-flag.patch

---- ./session/ssl_hs.c.orig	2020-01-24 18:02:09.710811000 -0500
-+++ ./session/ssl_hs.c	2020-01-24 18:02:24.220573000 -0500
+--- ./session/tls_hello.c.orig	2020-01-24 18:02:09.710811000 -0500
++++ ./session/tls_hello.c	2020-01-24 18:02:24.220573000 -0500
 @@ -223,6 +223,7 @@
  		if( cryptStatusError( status ) )
  			return( status );
  		sessionInfoPtr->cryptBlocksize = queryInfo.blockSize;
-+		CLEAR_FLAG( sessionInfoPtr->protocolFlags, SSL_PFLAG_GCM );
++		CLEAR_FLAG( sessionInfoPtr->protocolFlags, TLS_PFLAG_GCM );
  		}
  
  	return( CRYPT_OK );

3rdp/build/cl-cryptodev.patch

---- ../tmp2/tools/ccopts.sh	2019-03-04 16:32:32.000000000 -0500
-+++ tools/ccopts.sh	2019-06-03 16:22:10.631518000 -0400
-@@ -250,13 +250,13 @@
- 	done
- 
- 	# /dev/crypto support
--	for includepath in $DEVCRYPTOPATHS ; do
--		if [ -f $includepath ] ; then
--			echo "/dev/crypto interface detected, enabling crypto hardware support." >&2 ;
--			CCARGS="$CCARGS -DHAS_DEVCRYPTO -I"$(dirname $includepath)"" ;
--			break ;
--		fi
--	done
-+	#for includepath in $DEVCRYPTOPATHS ; do
-+	#	if [ -f $includepath ] ; then
-+	#		echo "/dev/crypto interface detected, enabling crypto hardware support." >&2 ;
-+	#		CCARGS="$CCARGS -DHAS_DEVCRYPTO -I"$(dirname $includepath)"" ;
-+	#		break ;
-+	#	fi
-+	#done
- 
- fi
- if [ -f /usr/include/zlib.h ] ; then

3rdp/build/cl-do-debug.patch

-Enables debug and adds a BN check
---- makefile.orig	2023-12-19 16:23:32.026350000 -0500
-+++ makefile	2023-12-19 16:24:02.637389000 -0500
-@@ -90,7 +90,7 @@
- # Further cc flags are gathered dynamically at runtime via the ccopts.sh
- # script.
+--- ./bn/bn.h.orig	2023-12-19 17:54:36.449797000 -0500
++++ ./bn/bn.h	2023-12-19 17:54:46.729612000 -0500
+@@ -13,6 +13,7 @@
+ #else
+   #include "crypt/osconfig.h"
+ #endif /* Compiler-specific includes */
++#include "kernel/thread.h"
+ 
+ /****************************************************************************
+ *																*
+@@ -373,6 +373,7 @@
+ 	   explanation in ctx_bn.c for what this is used for */
+ 	int stack[ BN_CTX_ARRAY_SIZE ];
+ 	int stackPos;
++	THREAD_HANDLE owner;
+ 	} BN_CTX;
+ 
+ /****************************************************************************
+--- context/ctx_bn.c.orig	2019-01-23 22:07:38.000000000 -0500
++++ context/ctx_bn.c	2023-12-19 19:41:45.734499000 -0500
+@@ -655,6 +655,8 @@
+ void BN_CTX_start( INOUT BN_CTX *bnCTX )
+ 	{
+ 	assert( isWritePtr( bnCTX, sizeof( BN_CTX ) ) );
++	assert( bnCTX->stackPos == 0 || bnCTX->owner == THREAD_SELF() );
++	bnCTX->owner = THREAD_SELF();
+ 
+ 	REQUIRES_V( sanityCheckBNCTX( bnCTX ) );
+ 
+ /* Instead of the DIY recursive mutexes above it's also possible to use OS
+--- makefile.orig	2024-01-01 13:49:02.463808000 -0500
++++ makefile	2024-01-01 13:50:55.631910000 -0500
+@@ -94,7 +94,7 @@
+ 
+ DEBUG_FLAGS		= -ggdb3 -fno-omit-frame-pointer -Og
  
 -CFLAGS			= -c -D__UNIX__ -DNDEBUG -I.
 +CFLAGS			= -c -D__UNIX__ -g -I.
- CFLAGS_DEBUG	= -c -D__UNIX__ -I. -g -O1
- CFLAGS_DEBUGGCC	= -c -D__UNIX__ -I. -ggdb3 -fno-omit-frame-pointer -O1
- CFLAGS_ANALYSE	= -c -D__UNIX__ -I.
-@@ -144,12 +144,12 @@
+ CFLAGS_DEBUG	= -c -D__UNIX__ -I. -g -Og
+ CFLAGS_DEBUGGCC	= -c -D__UNIX__ -I. $(DEBUG_FLAGS)
+ 
+@@ -160,12 +160,12 @@
  # removed.  The actual values are explicitly given in the rules for each non-
  # Unix target.
  
@@ -25,7 +54,7 @@ Enables debug and adds a BN check
  XSCFLAGS_DEBUG	= -c -I. -g -O0
  XSDEFINES		= $(SLIBNAME) OBJPATH=$(SHARED_OBJ_PATH) CROSSCOMPILE=1
  XSLDFLAGS		= CROSSCOMPILE=1
-@@ -1934,10 +1934,10 @@
+@@ -2104,10 +2104,10 @@
  #
  # make LDFLAGS='-isysroot /Developer/SDKs/MacOSX10.5.sdk' CFLAGS='-c -isysroot \
  # /Developer/SDKs/MacOSX10.5.sdk -Os -mmacosx-version-min=10.5 -arch ppc -arch \
@@ -38,7 +67,7 @@ Enables debug and adds a BN check
  #
  #			This will also require adding $(LDFLAGS) to the dylib build rule.
  #
-@@ -2362,7 +2362,7 @@
+@@ -2546,7 +2546,7 @@
  		CFLAGS="$(XCFLAGS) -DCONFIG_DATA_LITTLEENDIAN -O2 -D__Android__ \
  		-D_REENTRANT -MMD -MP -MF -D__ARM_ARCH_5__ -D__ARM_ARCH_5T__ \
  		-D__ARM_ARCH_5E__ -D__ARM_ARCH_5TE__ -march=armv7-a -mtune=xscale \
@@ -47,7 +76,7 @@ Enables debug and adds a BN check
  		-fno-strict-aliasing -finline-limit=64 \
  		-I$(ANDROID_8D_INCLUDE_SOURCES_PATH)/include \
  		-I$(ANDROID_8D_INCLUDE_SOURCES_PATH)/libs/armeabi-v7a/include \
-@@ -2382,7 +2382,7 @@
+@@ -2566,7 +2566,7 @@
  		CFLAGS="$(XSCFLAGS) -DCONFIG_DATA_LITTLEENDIAN -O2 -D__Android__ \
  		-D_REENTRANT -MMD -MP -MF -D__ARM_ARCH_5__ -D__ARM_ARCH_5T__ \
  		-D__ARM_ARCH_5E__ -D__ARM_ARCH_5TE__ -march=armv7-a -mtune=xscale \
@@ -56,7 +85,7 @@ Enables debug and adds a BN check
  		-fno-strict-aliasing -finline-limit=64 \
  		-I$(ANDROID_9_INCLUDE_PATH)/include \
  		-I$(ANDROID_9_INCLUDE_PATH)/libs/armeabi-v7a/include \
-@@ -2396,7 +2396,7 @@
+@@ -2580,7 +2580,7 @@
  		CFLAGS="$(XSCFLAGS) -DCONFIG_DATA_LITTLEENDIAN -O2 -D__Android__ \
  		-D_REENTRANT -MMD -MP -MF -D__ARM_ARCH_5__ -D__ARM_ARCH_5T__ \
  		-D__ARM_ARCH_5E__ -D__ARM_ARCH_5TE__ -march=armv7-a -mtune=xscale \
@@ -65,7 +94,7 @@ Enables debug and adds a BN check
  		-fno-strict-aliasing -finline-limit=64 \
  		-I$(ANDROID_9_INCLUDE_PATH)/include \
  		-I$(ANDROID_9_INCLUDE_PATH)/libs/armeabi-v7a/include \
-@@ -2426,7 +2426,7 @@
+@@ -2611,7 +2611,7 @@
  
  # eCOS: Gnu toolchain under Unix.  For a standard install you also need
  # to change the XCFLAGS define at the start of this makefile to
@@ -74,7 +103,7 @@ Enables debug and adds a BN check
  
  target-ecos-arm:
  	@$(MAKE) OSNAME=ecos target-init
-@@ -2979,7 +2979,7 @@
+@@ -3217,7 +3217,7 @@
  							  -mno-implicit-fp -DPPC32_fp60x -DCPU=PPC32
  VXWORKS_GCC_PPC_1_DEFS	= $(VXWORKS_GCC_ARCH_DEFS) -DRW_MULTI_THREAD \
  						  -D_REENTRANT=1 -D_POSIX_THREADS -D__VXWORKS_6_2__ \
@@ -83,7 +112,7 @@ Enables debug and adds a BN check
  						  -DTOOL=gnu -D_WRS_KERNEL -DWITH_NONAMESPACES \
  						  -DRW_MULTI_THREAD -DCONFIG_RANDSEED
  VXWORKS_GCC_PATH	= $(WIND_BASE)/target/h
-@@ -3002,7 +3002,7 @@
+@@ -3240,7 +3240,7 @@
  						 -D_VX_CPU=_VX_PPC32 -D_WRS_VX_SMP -D_WRS_CONFIG_SMP \
  						 -DWITH_NONAMESPACES -DPPC32_fp60x -DTOOL_FAMILY=gnu \
  						 -DTOOL=gnu -DCPU_VARIANT=_ppc603_83xx -D__VXWORKS_6_9__ \
@@ -92,33 +121,21 @@ Enables debug and adds a BN check
  						 -D__powerpc__ -DCONFIG_DATA_BIGENDIAN
  
  target-vxworks-ppc-gnu-2:
---- ./bn/bn.h.orig	2023-12-19 17:54:36.449797000 -0500
-+++ ./bn/bn.h	2023-12-19 17:54:46.729612000 -0500
-@@ -13,6 +13,7 @@
- #else
-   #include "crypt/osconfig.h"
- #endif /* Compiler-specific includes */
-+#include "kernel/thread.h"
- 
- /****************************************************************************
- *																*
-@@ -373,6 +373,7 @@
- 	   explanation in ctx_bn.c for what this is used for */
- 	int stack[ BN_CTX_ARRAY_SIZE ];
- 	int stackPos;
-+	THREAD_HANDLE owner;
- 	} BN_CTX;
- 
- /****************************************************************************
---- context/ctx_bn.c.orig	2019-01-23 22:07:38.000000000 -0500
-+++ context/ctx_bn.c	2023-12-19 19:41:45.734499000 -0500
-@@ -655,6 +655,8 @@
- void BN_CTX_start( INOUT BN_CTX *bnCTX )
+--- session/ssh2_channel.c.orig	2024-01-14 18:46:10.151945000 -0500
++++ session/ssh2_channel.c	2024-01-14 18:52:42.636973000 -0500
+@@ -858,6 +858,7 @@
+ 		return( CRYPT_ERROR_NOTFOUND );
+ 	if( !isActiveChannel( channelInfoPtr ) && channelType != CHANNEL_NONE )
+ 		return( CRYPT_ERROR_NOTINITED );
++fprintf(stderr, "Select channel %d (%d) for %s\n", channelInfoPtr->channelID, channelNo, channelType == CHANNEL_READ ? "Read" : (channelType == CHANNEL_WRITE ? "Write" : (channelType == CHANNEL_BOTH ? "Both" : (channelType == CHANNEL_NONE ? "None" : "Unknown!"))));
+ 	switch( channelType )
  		{
- 	assert( isWritePtr( bnCTX, sizeof( BN_CTX ) ) );
-+	assert( bnCTX->stackPos == 0 || bnCTX->owner == THREAD_SELF() );
-+	bnCTX->owner = THREAD_SELF();
+ 		case CHANNEL_READ:
+@@ -1066,6 +1067,7 @@
+ 								 channelInfoPtr->channelID ) ? \
+ 				CRYPT_OK : OK_SPECIAL );
+ 		}
++fprintf(stderr, "Deleting channel info %d (%d)\n", channelID, channelNo);
+ 	deleteSessionInfo( sessionInfoPtr, attributeListPtr );
  
- 	REQUIRES_V( sanityCheckBNCTX( bnCTX ) );
- 
- /* Instead of the DIY recursive mutexes above it's also possible to use OS
+ 	/* If we've deleted the current channel, select a null channel until a

3rdp/build/cl-endian.patch

---- ../tmp2/misc/os_detect.h	2019-01-31 14:57:46.000000000 -0500
-+++ misc/os_detect.h	2019-06-03 18:26:42.394038000 -0400
-@@ -566,6 +566,9 @@
- 	#include <machine/endian.h>
-   #elif defined( __NetBSD__ )
- 	#include <sys/endian.h>
-+  #elif defined( __FreeBSD__ )
-+	#include <sys/endian.h>
-+  #elif defined(__MINGW32__)
-   #else
+--- misc/os_detect.h.orig	2023-12-31 10:15:40.782951000 -0500
++++ misc/os_detect.h	2023-12-31 10:16:40.940469000 -0500
+@@ -658,7 +658,9 @@
+ 	 __GNUC__ is defined but the gcc include files aren't present.  The
+ 	 above checks catch the most common cases, if there are other pretend-
+ 	 gcc's then they'll need to be special-cased before this one */
++#if !defined(__MINGW32__)
    #include <endian.h>
-   #endif /* Apple vs. everyone else */
++#endif
+ #endif /* System-specific endian.h includes */
+ 
+ #if defined( CONFIG_DATA_LITTLEENDIAN ) || defined( CONFIG_DATA_BIGENDIAN )

3rdp/build/cl-fix-ECC-RSA.patch

---- session/ssl_hs.c.orig	2018-11-14 23:22:26.000000000 -0500
-+++ session/ssl_hs.c	2020-01-23 18:23:41.236235000 -0500
-@@ -240,6 +240,7 @@
- 	const CIPHERSUITE_INFO **cipherSuiteInfo;
- 	const BOOLEAN isServer = isServer( sessionInfoPtr ) ? TRUE : FALSE;
- 	BOOLEAN allowDH = algoAvailable( CRYPT_ALGO_DH ) ? TRUE : FALSE;
-+	BOOLEAN allowECCAuth = TRUE;
- 	BOOLEAN allowECC = ( algoAvailable( CRYPT_ALGO_ECDH ) && \
- 						 algoAvailable( CRYPT_ALGO_ECDSA ) ) ? TRUE : FALSE;
- 	BOOLEAN allowRSA = algoAvailable( CRYPT_ALGO_RSA ) ? TRUE : FALSE;
-@@ -268,7 +269,7 @@
- 			{
- 			/* There's no server private key present, we're limited to PSK
- 			   suites */
--			allowECC = allowRSA = FALSE;
-+			allowECC = allowRSA = allowECCAuth = FALSE;
- 			}
- 		else
- 			{
-@@ -278,7 +279,7 @@
- 			   capable */
- 			if( !checkContextCapability( sessionInfoPtr->privateKey,
- 										 MESSAGE_CHECK_PKC_SIGN ) )
--				allowDH = allowECC = FALSE;
-+				allowDH = allowECC = allowECCAuth = FALSE;
- 
- 			/* To be usable for ECC or RSA the server key has to itself be 
- 			   an ECC or RSA key */
-@@ -286,13 +287,16 @@
- 									  IMESSAGE_GETATTRIBUTE, &pkcAlgo,
- 									  CRYPT_CTXINFO_ALGO );
- 			if( cryptStatusError( status ) )
--				allowECC = allowRSA = FALSE;
-+				allowECC = allowRSA = allowECCAuth = FALSE;
- 			else
- 				{
- 				if( !isEccAlgo( pkcAlgo ) )
- 					allowECC = FALSE;
- 				if( pkcAlgo != CRYPT_ALGO_RSA )
-+					{
- 					allowRSA = FALSE;
-+					allowECCAuth = FALSE;
-+					}
- 				}
- 			}
- 		}
-@@ -443,8 +447,13 @@
- 			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_DH ) )
- 			continue;
- 		if( !allowECC && \
--			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_ECC ) )
-+			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_ECC ) && \
-+			( cipherSuiteInfoPtr->authAlgo != CRYPT_ALGO_RSA) )
- 			continue;
-+		if( !allowECCAuth && \
-+			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_ECC ) && \
-+			( cipherSuiteInfoPtr->authAlgo == CRYPT_ALGO_RSA) )
-+			continue;
- 		if( !allowTLS12 && \
- 			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_TLS12 ) )
- 			continue;
-@@ -521,7 +530,7 @@
- 	   find out that we can use it */
- 	if( altSuiteIndex < cipherSuiteInfoSize )
- 		{
--		REQUIRES( allowECC );
-+		REQUIRES( allowECCAuth );
- 
- 		handshakeInfo->eccSuiteInfoPtr = cipherSuiteInfo[ altSuiteIndex ];
- 		}