fixes #3551 (Update libssh2 to 1.11.0)

author: George Hazan <george.hazan@gmail.com> 2023-06-09 21:40:16 +0300
committer: George Hazan <george.hazan@gmail.com> 2023-06-09 21:40:16 +0300
commit: 927f00cc19b7239a1fe12abe30b472d61b753d8d (patch)
tree: 68a190dd83dc2dcceb82464a1953f2701af2a109 /libs/libssh2/src/openssl.h
parent: 1b241cad53b8c3c5300409fe681de18e636dcf3d (diff)
1 files changed, 125 insertions, 62 deletions
diff --git a/libs/libssh2/src/openssl.h b/libs/libssh2/src/openssl.h
index 15518e0a66..ad256a18c3 100644
--- a/libs/libssh2/src/openssl.h
+++ b/libs/libssh2/src/openssl.h
@@ -1,7 +1,8 @@
-/* Copyright (C) 2009, 2010 Simon Josefsson
- * Copyright (C) 2006, 2007 The Written Word, Inc.  All rights reserved.
- *
- * Author: Simon Josefsson
+#ifndef __LIBSSH2_OPENSSL_H
+#define __LIBSSH2_OPENSSL_H
+/* Copyright (C) Simon Josefsson
+ * Copyright (C) The Written Word, Inc.
+ * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
  * with or without modification, are permitted provided
@@ -35,8 +36,48 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
  * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
  * OF SUCH DAMAGE.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
  */
 
+#define LIBSSH2_CRYPTO_ENGINE libssh2_openssl
+
+/* disable deprecated warnings in OpenSSL 3 */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#ifdef LIBSSH2_WOLFSSL
+
+#include <wolfssl/options.h>
+#include <openssl/ecdh.h>
+
+#if defined(NO_DSA) || defined(HAVE_FIPS)
+#define OPENSSL_NO_DSA
+#endif
+
+#if defined(NO_MD5) || defined(HAVE_FIPS)
+#define OPENSSL_NO_MD5
+#endif
+
+#if !defined(WOLFSSL_RIPEMD) || defined(HAVE_FIPS)
+#define OPENSSL_NO_RIPEMD
+#endif
+
+#if defined(NO_RC4) || defined(HAVE_FIPS)
+#define OPENSSL_NO_RC4
+#endif
+
+#ifdef NO_DES3
+#define OPENSSL_NO_DES
+#endif
+
+/* wolfSSL doesn't support Blowfish or CAST. */
+#define OPENSSL_NO_BF
+#define OPENSSL_NO_CAST
+/* wolfSSL has no engine framework. */
+#define OPENSSL_NO_ENGINE
+
+#endif /* LIBSSH2_WOLFSSL */
+
 #include <openssl/opensslconf.h>
 #include <openssl/sha.h>
 #include <openssl/rsa.h>
@@ -49,21 +90,29 @@
 #ifndef OPENSSL_NO_MD5
 #include <openssl/md5.h>
 #endif
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/bn.h>
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-    !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+    !defined(LIBRESSL_VERSION_NUMBER)) || defined(LIBSSH2_WOLFSSL) || \
+    LIBRESSL_VERSION_NUMBER >= 0x3050000fL
+/* For wolfSSL, whether the structs are truly opaque or not, it's best to not
+ * rely on their internal data members being exposed publicly. */
 # define HAVE_OPAQUE_STRUCTS 1
 #endif
 
 #ifdef OPENSSL_NO_RSA
 # define LIBSSH2_RSA 0
+# define LIBSSH2_RSA_SHA1 0
+# define LIBSSH2_RSA_SHA2 0
 #else
 # define LIBSSH2_RSA 1
+# define LIBSSH2_RSA_SHA1 1
+# define LIBSSH2_RSA_SHA2 1
 #endif
 
 #ifdef OPENSSL_NO_DSA
@@ -72,14 +121,16 @@
 # define LIBSSH2_DSA 1
 #endif
 
-#ifdef OPENSSL_NO_ECDSA
+#if defined(OPENSSL_NO_ECDSA) || defined(OPENSSL_NO_EC)
 # define LIBSSH2_ECDSA 0
 #else
 # define LIBSSH2_ECDSA 1
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && \
-!defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
+    !defined(LIBRESSL_VERSION_NUMBER)) || \
+    (defined(LIBRESSL_VERSION_NUMBER) && \
+    LIBRESSL_VERSION_NUMBER >= 0x3070000fL)
 # define LIBSSH2_ED25519 1
 #else
 # define LIBSSH2_ED25519 0
@@ -92,7 +143,7 @@
 # define LIBSSH2_MD5 1
 #endif
 
-#ifdef OPENSSL_NO_RIPEMD
+#if defined(OPENSSL_NO_RIPEMD) || defined(OPENSSL_NO_RMD160)
 # define LIBSSH2_HMAC_RIPEMD 0
 #else
 # define LIBSSH2_HMAC_RIPEMD 1
@@ -101,12 +152,21 @@
 #define LIBSSH2_HMAC_SHA256 1
 #define LIBSSH2_HMAC_SHA512 1
 
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)) || \
+    (defined(LIBSSH2_WOLFSSL) && defined(WOLFSSL_AES_COUNTER))
 # define LIBSSH2_AES_CTR 1
-# define LIBSSH2_AES 1
+# define LIBSSH2_AES_CBC 1
 #else
 # define LIBSSH2_AES_CTR 0
-# define LIBSSH2_AES 0
+# define LIBSSH2_AES_CBC 0
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x01010100fL && !defined(OPENSSL_NO_AES)) || \
+    (defined(LIBSSH2_WOLFSSL) && \
+    defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM))
+# define LIBSSH2_AES_GCM 1
+#else
+# define LIBSSH2_AES_GCM 0
 #endif
 
 #ifdef OPENSSL_NO_BF
@@ -135,7 +195,8 @@
 
 #define EC_MAX_POINT_LEN ((528 * 2 / 8) + 1)
 
-#define _libssh2_random(buf, len) RAND_bytes ((buf), (len))
+#define _libssh2_random(buf, len) \
+    _libssh2_openssl_random((buf), (len))
 
 #define libssh2_prepare_iovec(vec, len)  /* Empty. */
 
@@ -158,7 +219,7 @@ int _libssh2_sha1_init(libssh2_sha1_ctx *ctx);
 #define libssh2_sha1_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len)
 #define libssh2_sha1_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
 #endif
-int _libssh2_sha1(const unsigned char *message, unsigned long len,
+int _libssh2_sha1(const unsigned char *message, size_t len,
                   unsigned char *out);
 #define libssh2_sha1(x,y,z) _libssh2_sha1(x,y,z)
 
@@ -182,8 +243,8 @@ int _libssh2_sha256_init(libssh2_sha256_ctx *ctx);
     EVP_DigestUpdate(&(ctx), data, len)
 #define libssh2_sha256_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
 #endif
-int _libssh2_sha256(const unsigned char *message, unsigned long len,
-                  unsigned char *out);
+int _libssh2_sha256(const unsigned char *message, size_t len,
+                    unsigned char *out);
 #define libssh2_sha256(x,y,z) _libssh2_sha256(x,y,z)
 
 #ifdef HAVE_OPAQUE_STRUCTS
@@ -206,7 +267,7 @@ int _libssh2_sha384_init(libssh2_sha384_ctx *ctx);
     EVP_DigestUpdate(&(ctx), data, len)
 #define libssh2_sha384_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
 #endif
-int _libssh2_sha384(const unsigned char *message, unsigned long len,
+int _libssh2_sha384(const unsigned char *message, size_t len,
                     unsigned char *out);
 #define libssh2_sha384(x,y,z) _libssh2_sha384(x,y,z)
 
@@ -230,7 +291,7 @@ int _libssh2_sha512_init(libssh2_sha512_ctx *ctx);
     EVP_DigestUpdate(&(ctx), data, len)
 #define libssh2_sha512_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
 #endif
-int _libssh2_sha512(const unsigned char *message, unsigned long len,
+int _libssh2_sha512(const unsigned char *message, size_t len,
                     unsigned char *out);
 #define libssh2_sha512(x,y,z) _libssh2_sha512(x,y,z)
 
@@ -258,37 +319,43 @@ int _libssh2_md5_init(libssh2_md5_ctx *ctx);
 #define libssh2_hmac_ctx HMAC_CTX *
 #define libssh2_hmac_ctx_init(ctx) ctx = HMAC_CTX_new()
 #define libssh2_hmac_sha1_init(ctx, key, keylen) \
-  HMAC_Init_ex(*(ctx), key, keylen, EVP_sha1(), NULL)
+    HMAC_Init_ex(*(ctx), key, (int)keylen, EVP_sha1(), NULL)
 #define libssh2_hmac_md5_init(ctx, key, keylen) \
-  HMAC_Init_ex(*(ctx), key, keylen, EVP_md5(), NULL)
+    HMAC_Init_ex(*(ctx), key, (int)keylen, EVP_md5(), NULL)
 #define libssh2_hmac_ripemd160_init(ctx, key, keylen) \
-  HMAC_Init_ex(*(ctx), key, keylen, EVP_ripemd160(), NULL)
+    HMAC_Init_ex(*(ctx), key, (int)keylen, EVP_ripemd160(), NULL)
 #define libssh2_hmac_sha256_init(ctx, key, keylen) \
-  HMAC_Init_ex(*(ctx), key, keylen, EVP_sha256(), NULL)
+    HMAC_Init_ex(*(ctx), key, (int)keylen, EVP_sha256(), NULL)
 #define libssh2_hmac_sha512_init(ctx, key, keylen) \
-  HMAC_Init_ex(*(ctx), key, keylen, EVP_sha512(), NULL)
+    HMAC_Init_ex(*(ctx), key, (int)keylen, EVP_sha512(), NULL)
 
+#ifdef LIBSSH2_WOLFSSL
+/* FIXME: upstream bug as of v5.6.0: datalen is int instead of size_t */
+#define libssh2_hmac_update(ctx, data, datalen) \
+    HMAC_Update(ctx, data, (int)datalen)
+#else
 #define libssh2_hmac_update(ctx, data, datalen) \
-  HMAC_Update(ctx, data, datalen)
+    HMAC_Update(ctx, data, datalen)
+#endif /* LIBSSH2_WOLFSSL */
 #define libssh2_hmac_final(ctx, data) HMAC_Final(ctx, data, NULL)
 #define libssh2_hmac_cleanup(ctx) HMAC_CTX_free(*(ctx))
 #else
 #define libssh2_hmac_ctx HMAC_CTX
 #define libssh2_hmac_ctx_init(ctx) \
-  HMAC_CTX_init(&ctx)
+    HMAC_CTX_init(&ctx)
 #define libssh2_hmac_sha1_init(ctx, key, keylen) \
-  HMAC_Init_ex(ctx, key, keylen, EVP_sha1(), NULL)
+    HMAC_Init_ex(ctx, key, (int)keylen, EVP_sha1(), NULL)
 #define libssh2_hmac_md5_init(ctx, key, keylen) \
-  HMAC_Init_ex(ctx, key, keylen, EVP_md5(), NULL)
+    HMAC_Init_ex(ctx, key, (int)keylen, EVP_md5(), NULL)
 #define libssh2_hmac_ripemd160_init(ctx, key, keylen) \
-  HMAC_Init_ex(ctx, key, keylen, EVP_ripemd160(), NULL)
+    HMAC_Init_ex(ctx, key, (int)keylen, EVP_ripemd160(), NULL)
 #define libssh2_hmac_sha256_init(ctx, key, keylen) \
-  HMAC_Init_ex(ctx, key, keylen, EVP_sha256(), NULL)
+    HMAC_Init_ex(ctx, key, (int)keylen, EVP_sha256(), NULL)
 #define libssh2_hmac_sha512_init(ctx, key, keylen) \
-  HMAC_Init_ex(ctx, key, keylen, EVP_sha512(), NULL)
+    HMAC_Init_ex(ctx, key, (int)keylen, EVP_sha512(), NULL)
 
 #define libssh2_hmac_update(ctx, data, datalen) \
-  HMAC_Update(&(ctx), data, datalen)
+    HMAC_Update(&(ctx), data, datalen)
 #define libssh2_hmac_final(ctx, data) HMAC_Final(&(ctx), data, NULL)
 #define libssh2_hmac_cleanup(ctx) HMAC_cleanup(ctx)
 #endif
@@ -298,15 +365,19 @@ extern void _libssh2_openssl_crypto_exit(void);
 #define libssh2_crypto_init() _libssh2_openssl_crypto_init()
 #define libssh2_crypto_exit() _libssh2_openssl_crypto_exit()
 
+#if LIBSSH2_RSA
 #define libssh2_rsa_ctx RSA
 
 #define _libssh2_rsa_free(rsactx) RSA_free(rsactx)
+#endif
 
+#if LIBSSH2_DSA
 #define libssh2_dsa_ctx DSA
 
 #define _libssh2_dsa_free(dsactx) DSA_free(dsactx)
+#endif
 
-#ifdef LIBSSH2_ECDSA
+#if LIBSSH2_ECDSA
 #define libssh2_ecdsa_ctx EC_KEY
 #define _libssh2_ecdsa_free(ecdsactx) EC_KEY_free(ecdsactx)
 #define _libssh2_ec_key EC_KEY
@@ -321,27 +392,10 @@ libssh2_curve_type;
 #define _libssh2_ec_key void
 #endif /* LIBSSH2_ECDSA */
 
-#ifdef LIBSSH2_ED25519
-
-typedef struct {
-    EVP_PKEY *public_key;
-    EVP_PKEY *private_key;
-} libssh2_curve25519_keys;
-
-#define libssh2_ed25519_ctx libssh2_curve25519_keys
-#define libssh2_x25519_ctx libssh2_curve25519_keys
-
-#define _libssh2_ed25519_new_ctx() calloc(1, sizeof(libssh2_ed25519_ctx))
-#define _libssh2_ed25519_free(ctx) do { \
- if(ctx) { \
-  if(ctx->public_key) EVP_PKEY_free(ctx->public_key); \
-  if(ctx->private_key) EVP_PKEY_free(ctx->private_key); \
-  free(ctx); \
- } \
-} while(0)
-
-#define _libssh2_x25519_free(ctx) _libssh2_ed25519_free(ctx)
+#if LIBSSH2_ED25519
+#define libssh2_ed25519_ctx EVP_PKEY
 
+#define _libssh2_ed25519_free(ctx) EVP_PKEY_free(ctx)
 #endif /* ED25519 */
 
 #define _libssh2_cipher_type(name) const EVP_CIPHER *(*name)(void)
@@ -351,18 +405,15 @@ typedef struct {
 #define _libssh2_cipher_ctx EVP_CIPHER_CTX
 #endif
 
+#define _libssh2_cipher_aes256gcm EVP_aes_256_gcm
+#define _libssh2_cipher_aes128gcm EVP_aes_128_gcm
+
 #define _libssh2_cipher_aes256 EVP_aes_256_cbc
 #define _libssh2_cipher_aes192 EVP_aes_192_cbc
 #define _libssh2_cipher_aes128 EVP_aes_128_cbc
-#ifdef HAVE_EVP_AES_128_CTR
 #define _libssh2_cipher_aes128ctr EVP_aes_128_ctr
 #define _libssh2_cipher_aes192ctr EVP_aes_192_ctr
 #define _libssh2_cipher_aes256ctr EVP_aes_256_ctr
-#else
-#define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr
-#define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
-#define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
-#endif
 #define _libssh2_cipher_blowfish EVP_bf_cbc
 #define _libssh2_cipher_arcfour EVP_rc4
 #define _libssh2_cipher_cast5 EVP_cast5_cbc
@@ -381,18 +432,26 @@ typedef struct {
 #define _libssh2_bn_init() BN_new()
 #define _libssh2_bn_init_from_bin() _libssh2_bn_init()
 #define _libssh2_bn_set_word(bn, val) BN_set_word(bn, val)
-#define _libssh2_bn_from_bin(bn, len, val) BN_bin2bn(val, len, bn)
+#define _libssh2_bn_from_bin(bn, len, val) BN_bin2bn(val, (int)len, bn)
 #define _libssh2_bn_to_bin(bn, val) BN_bn2bin(bn, val)
 #define _libssh2_bn_bytes(bn) BN_num_bytes(bn)
 #define _libssh2_bn_bits(bn) BN_num_bits(bn)
 #define _libssh2_bn_free(bn) BN_clear_free(bn)
 
+/* Default generate and safe prime sizes for
+   diffie-hellman-group-exchange-sha1 */
+#define LIBSSH2_DH_GEX_MINGROUP     2048
+#define LIBSSH2_DH_GEX_OPTGROUP     4096
+#define LIBSSH2_DH_GEX_MAXGROUP     8192
+
+#define LIBSSH2_DH_MAX_MODULUS_BITS 16384
+
 #define _libssh2_dh_ctx BIGNUM *
 #define libssh2_dh_init(dhctx) _libssh2_dh_init(dhctx)
 #define libssh2_dh_key_pair(dhctx, public, g, p, group_order, bnctx) \
-        _libssh2_dh_key_pair(dhctx, public, g, p, group_order, bnctx)
+    _libssh2_dh_key_pair(dhctx, public, g, p, group_order, bnctx)
 #define libssh2_dh_secret(dhctx, secret, f, p, bnctx) \
-        _libssh2_dh_secret(dhctx, secret, f, p, bnctx)
+    _libssh2_dh_secret(dhctx, secret, f, p, bnctx)
 #define libssh2_dh_dtor(dhctx) _libssh2_dh_dtor(dhctx)
 extern void _libssh2_dh_init(_libssh2_dh_ctx *dhctx);
 extern int _libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
@@ -404,6 +463,10 @@ extern int _libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
                               _libssh2_bn_ctx *bnctx);
 extern void _libssh2_dh_dtor(_libssh2_dh_ctx *dhctx);
 
+extern int _libssh2_openssl_random(void *buf, size_t len);
+
 const EVP_CIPHER *_libssh2_EVP_aes_128_ctr(void);
 const EVP_CIPHER *_libssh2_EVP_aes_192_ctr(void);
 const EVP_CIPHER *_libssh2_EVP_aes_256_ctr(void);
+
+#endif /* __LIBSSH2_OPENSSL_H */
author	George Hazan <george.hazan@gmail.com>	2023-06-09 21:40:16 +0300
committer	George Hazan <george.hazan@gmail.com>	2023-06-09 21:40:16 +0300
commit	927f00cc19b7239a1fe12abe30b472d61b753d8d (patch)
tree	68a190dd83dc2dcceb82464a1953f2701af2a109 /libs/libssh2/src/openssl.h
parent	1b241cad53b8c3c5300409fe681de18e636dcf3d (diff)