diff options
| author | George Hazan <george.hazan@gmail.com> | 2023-06-09 21:40:16 +0300 |
|---|---|---|
| committer | George Hazan <george.hazan@gmail.com> | 2023-06-09 21:40:16 +0300 |
| commit | 927f00cc19b7239a1fe12abe30b472d61b753d8d (patch) | |
| tree | 68a190dd83dc2dcceb82464a1953f2701af2a109 /libs/libssh2/src/libgcrypt.c | |
| parent | 1b241cad53b8c3c5300409fe681de18e636dcf3d (diff) | |
fixes #3551 (Update libssh2 to 1.11.0)
Diffstat (limited to 'libs/libssh2/src/libgcrypt.c')
| -rw-r--r-- | libs/libssh2/src/libgcrypt.c | 237 |
1 files changed, 165 insertions, 72 deletions
diff --git a/libs/libssh2/src/libgcrypt.c b/libs/libssh2/src/libgcrypt.c index 0aff176a61..e463d9e347 100644 --- a/libs/libssh2/src/libgcrypt.c +++ b/libs/libssh2/src/libgcrypt.c @@ -1,5 +1,5 @@ -/* Copyright (C) 2008, 2009, Simon Josefsson - * Copyright (C) 2006, 2007, The Written Word, Inc. +/* Copyright (C) Simon Josefsson + * Copyright (C) The Written Word, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, @@ -34,14 +34,13 @@ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY * OF SUCH DAMAGE. + * + * SPDX-License-Identifier: BSD-3-Clause */ -#include "libssh2_priv.h" - -#ifdef LIBSSH2_LIBGCRYPT /* compile only if we build with libgcrypt */ - -#include <string.h> +#ifdef LIBSSH2_CRYPTO_C /* Compile this via crypto.c */ +#if LIBSSH2_RSA int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa, const unsigned char *edata, @@ -61,17 +60,17 @@ _libssh2_rsa_new(libssh2_rsa_ctx ** rsa, const unsigned char *coeffdata, unsigned long coefflen) { int rc; - (void) e1data; - (void) e1len; - (void) e2data; - (void) e2len; + + (void)e1data; + (void)e1len; + (void)e2data; + (void)e2len; if(ddata) { - rc = gcry_sexp_build - (rsa, NULL, - "(private-key(rsa(n%b)(e%b)(d%b)(q%b)(p%b)(u%b)))", - nlen, ndata, elen, edata, dlen, ddata, plen, pdata, - qlen, qdata, coefflen, coeffdata); + rc = gcry_sexp_build(rsa, NULL, + "(private-key(rsa(n%b)(e%b)(d%b)(q%b)(p%b)(u%b)))", + nlen, ndata, elen, edata, dlen, ddata, plen, pdata, + qlen, qdata, coefflen, coeffdata); } else { rc = gcry_sexp_build(rsa, NULL, "(public-key(rsa(n%b)(e%b)))", @@ -85,11 +84,12 @@ _libssh2_rsa_new(libssh2_rsa_ctx ** rsa, return 0; } +#if LIBSSH2_RSA_SHA1 int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa, const unsigned char *sig, - unsigned long sig_len, - const unsigned char *m, unsigned long m_len) + size_t sig_len, + const unsigned char *m, size_t m_len) { unsigned char hash[SHA_DIGEST_LENGTH]; gcry_sexp_t s_sig, s_hash; @@ -100,12 +100,12 @@ _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa, rc = gcry_sexp_build(&s_hash, NULL, "(data (flags pkcs1) (hash sha1 %b))", SHA_DIGEST_LENGTH, hash); - if(rc != 0) { + if(rc) { return -1; } rc = gcry_sexp_build(&s_sig, NULL, "(sig-val(rsa(s %b)))", sig_len, sig); - if(rc != 0) { + if(rc) { gcry_sexp_release(s_hash); return -1; } @@ -116,7 +116,10 @@ _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa, return (rc == 0) ? 0 : -1; } +#endif +#endif +#if LIBSSH2_DSA int _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx, const unsigned char *p, @@ -132,10 +135,9 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx, int rc; if(x_len) { - rc = gcry_sexp_build - (dsactx, NULL, - "(private-key(dsa(p%b)(q%b)(g%b)(y%b)(x%b)))", - p_len, p, q_len, q, g_len, g, y_len, y, x_len, x); + rc = gcry_sexp_build(dsactx, NULL, + "(private-key(dsa(p%b)(q%b)(g%b)(y%b)(x%b)))", + p_len, p, q_len, q, g_len, g, y_len, y, x_len, x); } else { rc = gcry_sexp_build(dsactx, NULL, @@ -150,16 +152,23 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx, return 0; } +#endif +#if LIBSSH2_RSA int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa, LIBSSH2_SESSION * session, const char *filedata, size_t filedata_len, unsigned const char *passphrase) { + (void)rsa; + (void)filedata; + (void)filedata_len; + (void)passphrase; + return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED, - "Unable to extract private key from memory: " - "Method unimplemented in libgcrypt backend"); + "Unable to extract private key from memory: " + "Method unimplemented in libgcrypt backend"); } int @@ -169,7 +178,7 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, { FILE *fp; unsigned char *data, *save_data; - unsigned int datalen; + size_t datalen; int ret; unsigned char *n, *e, *d, *p, *q, *e1, *e2, *coeff; unsigned int nlen, elen, dlen, plen, qlen, e1len, e2len, coefflen; @@ -195,83 +204,91 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, ret = -1; goto fail; } -/* First read Version field (should be 0). */ + + /* First read Version field (should be 0). */ ret = _libssh2_pem_decode_integer(&data, &datalen, &n, &nlen); - if(ret != 0 || (nlen != 1 && *n != '\0')) { + if(ret || (nlen != 1 && *n != '\0')) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &n, &nlen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &e, &elen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &d, &dlen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &p, &plen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &q, &qlen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &e1, &e1len); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &e2, &e2len); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &coeff, &coefflen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } if(_libssh2_rsa_new(rsa, e, elen, n, nlen, d, dlen, p, plen, - q, qlen, e1, e1len, e2, e2len, coeff, coefflen)) { + q, qlen, e1, e1len, e2, e2len, coeff, coefflen)) { ret = -1; goto fail; } ret = 0; - fail: +fail: LIBSSH2_FREE(session, save_data); return ret; } +#endif +#if LIBSSH2_DSA int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa, LIBSSH2_SESSION * session, const char *filedata, size_t filedata_len, unsigned const char *passphrase) { + (void)dsa; + (void)filedata; + (void)filedata_len; + (void)passphrase; + return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED, - "Unable to extract private key from memory: " - "Method unimplemented in libgcrypt backend"); + "Unable to extract private key from memory: " + "Method unimplemented in libgcrypt backend"); } int @@ -281,7 +298,7 @@ _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, { FILE *fp; unsigned char *data, *save_data; - unsigned int datalen; + size_t datalen; int ret; unsigned char *p, *q, *g, *y, *x; unsigned int plen, qlen, glen, ylen, xlen; @@ -308,44 +325,44 @@ _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, goto fail; } -/* First read Version field (should be 0). */ + /* First read Version field (should be 0). */ ret = _libssh2_pem_decode_integer(&data, &datalen, &p, &plen); - if(ret != 0 || (plen != 1 && *p != '\0')) { + if(ret || (plen != 1 && *p != '\0')) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &p, &plen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &q, &qlen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &g, &glen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &y, &ylen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } ret = _libssh2_pem_decode_integer(&data, &datalen, &x, &xlen); - if(ret != 0) { + if(ret) { ret = -1; goto fail; } - if(datalen != 0) { + if(datalen) { ret = -1; goto fail; } @@ -357,11 +374,14 @@ _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, ret = 0; - fail: +fail: LIBSSH2_FREE(session, save_data); return ret; } +#endif +#if LIBSSH2_RSA +#if LIBSSH2_RSA_SHA1 int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session, libssh2_rsa_ctx * rsactx, @@ -380,8 +400,8 @@ _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session, } if(gcry_sexp_build(&data, NULL, - "(data (flags pkcs1) (hash sha1 %b))", - hash_len, hash)) { + "(data (flags pkcs1) (hash sha1 %b))", + hash_len, hash)) { return -1; } @@ -389,7 +409,7 @@ _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session, gcry_sexp_release(data); - if(rc != 0) { + if(rc) { return -1; } @@ -421,11 +441,14 @@ _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session, return rc; } +#endif +#endif +#if LIBSSH2_DSA int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, const unsigned char *hash, - unsigned long hash_len, unsigned char *sig) + size_t hash_len, unsigned char *sig) { unsigned char zhash[SHA_DIGEST_LENGTH + 1]; gcry_sexp_t sig_sexp; @@ -442,7 +465,7 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, zhash[0] = 0; if(gcry_sexp_build(&data, NULL, "(data (value %b))", - hash_len + 1, zhash)) { + (int)(hash_len + 1), zhash)) { return -1; } @@ -450,13 +473,13 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, gcry_sexp_release(data); - if(ret != 0) { + if(ret) { return -1; } memset(sig, 0, 40); -/* Extract R. */ + /* Extract R. */ data = gcry_sexp_find_token(sig_sexp, "r", 0); if(!data) @@ -478,7 +501,7 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, gcry_sexp_release(data); -/* Extract S. */ + /* Extract S. */ data = gcry_sexp_find_token(sig_sexp, "s", 0); if(!data) @@ -499,10 +522,10 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, memcpy(sig + 20 + (20 - size), tmp, size); goto out; - err: +err: ret = -1; - out: +out: if(sig_sexp) { gcry_sexp_release(sig_sexp); } @@ -515,7 +538,7 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx, const unsigned char *sig, - const unsigned char *m, unsigned long m_len) + const unsigned char *m, size_t m_len) { unsigned char hash[SHA_DIGEST_LENGTH + 1]; gcry_sexp_t s_sig, s_hash; @@ -525,12 +548,12 @@ _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx, hash[0] = 0; if(gcry_sexp_build(&s_hash, NULL, "(data(flags raw)(value %b))", - SHA_DIGEST_LENGTH + 1, hash)) { + SHA_DIGEST_LENGTH + 1, hash)) { return -1; } if(gcry_sexp_build(&s_sig, NULL, "(sig-val(dsa(r %b)(s %b)))", - 20, sig, 20, sig + 20)) { + 20, sig, 20, sig + 20)) { gcry_sexp_release(s_hash); return -1; } @@ -541,6 +564,7 @@ _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx, return (rc == 0) ? 0 : -1; } +#endif int _libssh2_cipher_init(_libssh2_cipher_ctx * h, @@ -550,9 +574,9 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h, int ret; int cipher = _libssh2_gcry_cipher(algo); int mode = _libssh2_gcry_mode(algo); - int keylen = gcry_cipher_get_algo_keylen(cipher); + size_t keylen = gcry_cipher_get_algo_keylen(cipher); - (void) encrypt; + (void)encrypt; ret = gcry_cipher_open(h, cipher, mode, 0); if(ret) { @@ -566,7 +590,7 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h, } if(mode != GCRY_CIPHER_MODE_STREAM) { - int blklen = gcry_cipher_get_algo_blklen(cipher); + size_t blklen = gcry_cipher_get_algo_blklen(cipher); if(mode == GCRY_CIPHER_MODE_CTR) ret = gcry_cipher_setctr(*h, iv, blklen); else @@ -583,11 +607,14 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h, int _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, _libssh2_cipher_type(algo), - int encrypt, unsigned char *block, size_t blklen) + int encrypt, unsigned char *block, size_t blklen, + int firstlast) { - int cipher = _libssh2_gcry_cipher(algo); int ret; + (void)algo; + (void)firstlast; + if(encrypt) { ret = gcry_cipher_encrypt(*ctx, block, blklen, block, blklen); } @@ -607,6 +634,14 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session, size_t privatekeydata_len, const char *passphrase) { + (void)method; + (void)method_len; + (void)pubkeydata; + (void)pubkeydata_len; + (void)privatekeydata; + (void)privatekeydata_len; + (void)passphrase; + return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED, "Unable to extract public key from private " "key in memory: " @@ -622,9 +657,49 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session, const char *privatekey, const char *passphrase) { + (void)method; + (void)method_len; + (void)pubkeydata; + (void)pubkeydata_len; + (void)privatekey; + (void)passphrase; + + return _libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to extract public key from private key file: " + "Method unimplemented in libgcrypt backend"); +} + +int +_libssh2_sk_pub_keyfilememory(LIBSSH2_SESSION *session, + unsigned char **method, + size_t *method_len, + unsigned char **pubkeydata, + size_t *pubkeydata_len, + int *algorithm, + unsigned char *flags, + const char **application, + const unsigned char **key_handle, + size_t *handle_len, + const char *privatekeydata, + size_t privatekeydata_len, + const char *passphrase) +{ + (void)method; + (void)method_len; + (void)pubkeydata; + (void)pubkeydata_len; + (void)algorithm; + (void)flags; + (void)application; + (void)key_handle; + (void)handle_len; + (void)privatekeydata; + (void)privatekeydata_len; + (void)passphrase; + return _libssh2_error(session, LIBSSH2_ERROR_FILE, - "Unable to extract public key from private key file: " - "Method unimplemented in libgcrypt backend"); + "Unable to extract public SK key from private key file: " + "Method unimplemented in libgcrypt backend"); } void _libssh2_init_aes_ctr(void) @@ -664,4 +739,22 @@ _libssh2_dh_dtor(_libssh2_dh_ctx *dhctx) *dhctx = NULL; } -#endif /* LIBSSH2_LIBGCRYPT */ +/* _libssh2_supported_key_sign_algorithms + * + * Return supported key hash algo upgrades, see crypto.h + * + */ + +const char * +_libssh2_supported_key_sign_algorithms(LIBSSH2_SESSION *session, + unsigned char *key_method, + size_t key_method_len) +{ + (void)session; + (void)key_method; + (void)key_method_len; + + return NULL; +} + +#endif /* LIBSSH2_CRYPTO_C */ |