1 files changed, 78 insertions, 59 deletions
diff --git a/libs/libssh2/src/libgcrypt.h b/libs/libssh2/src/libgcrypt.h
index ec88aded62..77a1b8aba3 100644
--- a/libs/libssh2/src/libgcrypt.h
+++ b/libs/libssh2/src/libgcrypt.h
@@ -1,6 +1,8 @@
+#ifndef __LIBSSH2_LIBGCRYPT_H
+#define __LIBSSH2_LIBGCRYPT_H
 /*
- * Copyright (C) 2008, 2009, 2010 Simon Josefsson
- * Copyright (C) 2006, 2007, The Written Word, Inc.
+ * Copyright (C) Simon Josefsson
+ * Copyright (C) The Written Word, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -35,8 +37,12 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
  * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
  * OF SUCH DAMAGE.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
  */
 
+#define LIBSSH2_CRYPTO_ENGINE libssh2_gcrypt
+
 #include <gcrypt.h>
 
 #define LIBSSH2_MD5 1
@@ -45,17 +51,20 @@
 #define LIBSSH2_HMAC_SHA256 1
 #define LIBSSH2_HMAC_SHA512 1
 
-#define LIBSSH2_AES 1
+#define LIBSSH2_AES_CBC 1
 #define LIBSSH2_AES_CTR 1
+#define LIBSSH2_AES_GCM 1
 #define LIBSSH2_BLOWFISH 1
 #define LIBSSH2_RC4 1
 #define LIBSSH2_CAST 1
 #define LIBSSH2_3DES 1
 
 #define LIBSSH2_RSA 1
+#define LIBSSH2_RSA_SHA1 1
+#define LIBSSH2_RSA_SHA2 1
 #define LIBSSH2_DSA 1
-#define LIBSSH2_ECDSA 0
-#define LIBSSH2_ED25519 0
+#define LIBSSH2_ECDSA 1
+#define LIBSSH2_ED25519 1
 
 #define MD5_DIGEST_LENGTH 16
 #define SHA_DIGEST_LENGTH 20
@@ -65,8 +74,8 @@
 
 #define EC_MAX_POINT_LEN ((528 * 2 / 8) + 1)
 
-#define _libssh2_random(buf, len)                \
-  (gcry_randomize ((buf), (len), GCRY_STRONG_RANDOM), 1)
+#define _libssh2_random(buf, len) \
+    (gcry_randomize((buf), (len), GCRY_STRONG_RANDOM), 0)
 
 #define libssh2_prepare_iovec(vec, len)  /* Empty. */
 
@@ -74,94 +83,94 @@
 
 /* returns 0 in case of failure */
 #define libssh2_sha1_init(ctx) \
-  (GPG_ERR_NO_ERROR == gcry_md_open(ctx,  GCRY_MD_SHA1, 0))
+    (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_SHA1, 0))
 #define libssh2_sha1_update(ctx, data, len) \
-  gcry_md_write(ctx, (unsigned char *) data, len)
+    gcry_md_write(ctx, (unsigned char *) data, len)
 #define libssh2_sha1_final(ctx, out) \
-  memcpy(out, gcry_md_read(ctx, 0), SHA_DIGEST_LENGTH), gcry_md_close(ctx)
+    memcpy(out, gcry_md_read(ctx, 0), SHA_DIGEST_LENGTH), gcry_md_close(ctx)
 #define libssh2_sha1(message, len, out) \
-  gcry_md_hash_buffer(GCRY_MD_SHA1, out, message, len)
+    gcry_md_hash_buffer(GCRY_MD_SHA1, out, message, len)
 
 #define libssh2_sha256_ctx gcry_md_hd_t
 
 #define libssh2_sha256_init(ctx) \
-  (GPG_ERR_NO_ERROR == gcry_md_open(ctx,  GCRY_MD_SHA256, 0))
+    (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_SHA256, 0))
 #define libssh2_sha256_update(ctx, data, len) \
-  gcry_md_write(ctx, (unsigned char *) data, len)
+    gcry_md_write(ctx, (unsigned char *) data, len)
 #define libssh2_sha256_final(ctx, out) \
-  memcpy(out, gcry_md_read(ctx, 0), SHA256_DIGEST_LENGTH), gcry_md_close(ctx)
+    memcpy(out, gcry_md_read(ctx, 0), SHA256_DIGEST_LENGTH), gcry_md_close(ctx)
 #define libssh2_sha256(message, len, out) \
-  gcry_md_hash_buffer(GCRY_MD_SHA256, out, message, len)
+    gcry_md_hash_buffer(GCRY_MD_SHA256, out, message, len)
 
 #define libssh2_sha384_ctx gcry_md_hd_t
 
 #define libssh2_sha384_init(ctx) \
-  (GPG_ERR_NO_ERROR == gcry_md_open(ctx,  GCRY_MD_SHA384, 0))
+    (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_SHA384, 0))
 #define libssh2_sha384_update(ctx, data, len) \
-  gcry_md_write(ctx, (unsigned char *) data, len)
+    gcry_md_write(ctx, (unsigned char *) data, len)
 #define libssh2_sha384_final(ctx, out) \
-  memcpy(out, gcry_md_read(ctx, 0), SHA384_DIGEST_LENGTH), gcry_md_close(ctx)
+    memcpy(out, gcry_md_read(ctx, 0), SHA384_DIGEST_LENGTH), gcry_md_close(ctx)
 #define libssh2_sha384(message, len, out) \
-  gcry_md_hash_buffer(GCRY_MD_SHA384, out, message, len)
+    gcry_md_hash_buffer(GCRY_MD_SHA384, out, message, len)
 
 #define libssh2_sha512_ctx gcry_md_hd_t
 
 #define libssh2_sha512_init(ctx) \
-  (GPG_ERR_NO_ERROR == gcry_md_open(ctx,  GCRY_MD_SHA512, 0))
+    (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_SHA512, 0))
 #define libssh2_sha512_update(ctx, data, len) \
-  gcry_md_write(ctx, (unsigned char *) data, len)
+    gcry_md_write(ctx, (unsigned char *) data, len)
 #define libssh2_sha512_final(ctx, out) \
-  memcpy(out, gcry_md_read(ctx, 0), SHA512_DIGEST_LENGTH), gcry_md_close(ctx)
+    memcpy(out, gcry_md_read(ctx, 0), SHA512_DIGEST_LENGTH), gcry_md_close(ctx)
 #define libssh2_sha512(message, len, out) \
-  gcry_md_hash_buffer(GCRY_MD_SHA512, out, message, len)
+    gcry_md_hash_buffer(GCRY_MD_SHA512, out, message, len)
 
 #define libssh2_md5_ctx gcry_md_hd_t
 
 /* returns 0 in case of failure */
 #define libssh2_md5_init(ctx) \
-  (GPG_ERR_NO_ERROR == gcry_md_open(ctx,  GCRY_MD_MD5, 0))
+    (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_MD5, 0))
 
 #define libssh2_md5_update(ctx, data, len) \
-  gcry_md_write(ctx, (unsigned char *) data, len)
+    gcry_md_write(ctx, (unsigned char *) data, len)
 #define libssh2_md5_final(ctx, out) \
-  memcpy(out, gcry_md_read(ctx, 0), MD5_DIGEST_LENGTH), gcry_md_close(ctx)
+    memcpy(out, gcry_md_read(ctx, 0), MD5_DIGEST_LENGTH), gcry_md_close(ctx)
 #define libssh2_md5(message, len, out) \
-  gcry_md_hash_buffer(GCRY_MD_MD5, out, message, len)
+    gcry_md_hash_buffer(GCRY_MD_MD5, out, message, len)
 
 #define libssh2_hmac_ctx gcry_md_hd_t
 #define libssh2_hmac_ctx_init(ctx)
 #define libssh2_hmac_sha1_init(ctx, key, keylen) \
-  gcry_md_open(ctx, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC), \
+    gcry_md_open(ctx, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC), \
     gcry_md_setkey(*ctx, key, keylen)
 #define libssh2_hmac_md5_init(ctx, key, keylen) \
-  gcry_md_open(ctx, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC), \
+    gcry_md_open(ctx, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC), \
     gcry_md_setkey(*ctx, key, keylen)
 #define libssh2_hmac_ripemd160_init(ctx, key, keylen) \
-  gcry_md_open(ctx, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC), \
+    gcry_md_open(ctx, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC), \
     gcry_md_setkey(*ctx, key, keylen)
 #define libssh2_hmac_sha256_init(ctx, key, keylen) \
-  gcry_md_open(ctx, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC), \
+    gcry_md_open(ctx, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC), \
     gcry_md_setkey(*ctx, key, keylen)
 #define libssh2_hmac_sha512_init(ctx, key, keylen) \
-  gcry_md_open(ctx, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC), \
+    gcry_md_open(ctx, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC), \
     gcry_md_setkey(*ctx, key, keylen)
 #define libssh2_hmac_update(ctx, data, datalen) \
-  gcry_md_write(ctx, (unsigned char *) data, datalen)
+    gcry_md_write(ctx, (unsigned char *) data, datalen)
 #define libssh2_hmac_final(ctx, data) \
-  memcpy(data, gcry_md_read(ctx, 0), \
-      gcry_md_get_algo_dlen(gcry_md_get_algo(ctx)))
-#define libssh2_hmac_cleanup(ctx) gcry_md_close (*ctx);
+    memcpy(data, gcry_md_read(ctx, 0), \
+           gcry_md_get_algo_dlen(gcry_md_get_algo(ctx)))
+#define libssh2_hmac_cleanup(ctx) gcry_md_close(*ctx)
 
-#define libssh2_crypto_init() gcry_control (GCRYCTL_DISABLE_SECMEM)
+#define libssh2_crypto_init() gcry_control(GCRYCTL_DISABLE_SECMEM)
 #define libssh2_crypto_exit()
 
 #define libssh2_rsa_ctx struct gcry_sexp
 
-#define _libssh2_rsa_free(rsactx)  gcry_sexp_release (rsactx)
+#define _libssh2_rsa_free(rsactx)  gcry_sexp_release(rsactx)
 
 #define libssh2_dsa_ctx struct gcry_sexp
 
-#define _libssh2_dsa_free(dsactx)  gcry_sexp_release (dsactx)
+#define _libssh2_dsa_free(dsactx)  gcry_sexp_release(dsactx)
 
 #if LIBSSH2_ECDSA
 #else
@@ -176,25 +185,25 @@
 #define _libssh2_gcry_mode(m) (m & 0xFF)
 
 #define _libssh2_cipher_aes256ctr \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR)
 #define _libssh2_cipher_aes192ctr \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR)
 #define _libssh2_cipher_aes128ctr \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR)
 #define _libssh2_cipher_aes256 \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC)
 #define _libssh2_cipher_aes192 \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC)
 #define _libssh2_cipher_aes128 \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC)
 #define _libssh2_cipher_blowfish \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC)
 #define _libssh2_cipher_arcfour \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM)
 #define _libssh2_cipher_cast5 \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC)
 #define _libssh2_cipher_3des \
-  _libssh2_gcry_ciphermode(GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC)
+    _libssh2_gcry_ciphermode(GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC)
 
 
 #define _libssh2_cipher_dtor(ctx) gcry_cipher_close(*(ctx))
@@ -204,26 +213,35 @@
 #define _libssh2_bn_ctx_new() 0
 #define _libssh2_bn_ctx_free(bnctx) ((void)0)
 #define _libssh2_bn_init() gcry_mpi_new(0)
-#define _libssh2_bn_init_from_bin() NULL /* because gcry_mpi_scan() creates a
-                                            new bignum */
+#define _libssh2_bn_init_from_bin() NULL  /* because gcry_mpi_scan() creates a
+                                             new bignum */
 #define _libssh2_bn_set_word(bn, val) gcry_mpi_set_ui(bn, val)
-#define _libssh2_bn_from_bin(bn, len, val)                      \
+#define _libssh2_bn_from_bin(bn, len, val) \
     gcry_mpi_scan(&((bn)), GCRYMPI_FMT_USG, val, len, NULL)
-#define _libssh2_bn_to_bin(bn, val)                                     \
+#define _libssh2_bn_to_bin(bn, val) \
     gcry_mpi_print(GCRYMPI_FMT_USG, val, _libssh2_bn_bytes(bn), NULL, bn)
-#define _libssh2_bn_bytes(bn)                                           \
-    (gcry_mpi_get_nbits (bn) / 8 +                                      \
-     ((gcry_mpi_get_nbits (bn) % 8 == 0) ? 0 : 1))
-#define _libssh2_bn_bits(bn) gcry_mpi_get_nbits (bn)
+#define _libssh2_bn_bytes(bn) \
+    (gcry_mpi_get_nbits(bn) / 8 + \
+         ((gcry_mpi_get_nbits(bn) % 8 == 0) ? 0 : 1))
+#define _libssh2_bn_bits(bn) gcry_mpi_get_nbits(bn)
 #define _libssh2_bn_free(bn) gcry_mpi_release(bn)
 
+/* Default generate and safe prime sizes for
+   diffie-hellman-group-exchange-sha1 */
+#define LIBSSH2_DH_GEX_MINGROUP     2048
+#define LIBSSH2_DH_GEX_OPTGROUP     4096
+#define LIBSSH2_DH_GEX_MAXGROUP     8192
+
+#define LIBSSH2_DH_MAX_MODULUS_BITS 16384
+
 #define _libssh2_dh_ctx struct gcry_mpi *
 #define libssh2_dh_init(dhctx) _libssh2_dh_init(dhctx)
 #define libssh2_dh_key_pair(dhctx, public, g, p, group_order, bnctx) \
-        _libssh2_dh_key_pair(dhctx, public, g, p, group_order)
+    _libssh2_dh_key_pair(dhctx, public, g, p, group_order)
 #define libssh2_dh_secret(dhctx, secret, f, p, bnctx) \
-        _libssh2_dh_secret(dhctx, secret, f, p)
+    _libssh2_dh_secret(dhctx, secret, f, p)
 #define libssh2_dh_dtor(dhctx) _libssh2_dh_dtor(dhctx)
+extern void _libssh2_init_aes_ctr(void);
 extern void _libssh2_dh_init(_libssh2_dh_ctx *dhctx);
 extern int _libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
                                 _libssh2_bn *g, _libssh2_bn *p,
@@ -232,3 +250,4 @@ extern int _libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
                               _libssh2_bn *f, _libssh2_bn *p);
 extern void _libssh2_dh_dtor(_libssh2_dh_ctx *dhctx);
 
+#endif /* __LIBSSH2_LIBGCRYPT_H */