--- libssh2-1.10.0/src/mbedtls.c 2020-09-28 13:23:35.000000000 +0100 +++ libssh2.mod/libssh2/src/mbedtls.c 2021-12-01 20:52:58.000000000 +0000 @@ -122,10 +122,10 @@ mbedtls_cipher_init(ctx); ret = mbedtls_cipher_setup(ctx, cipher_info); if(!ret) - ret = mbedtls_cipher_setkey(ctx, secret, cipher_info->key_bitlen, op); + ret = mbedtls_cipher_setkey(ctx, secret, cipher_info->MBEDTLS_PRIVATE(key_bitlen), op); if(!ret) - ret = mbedtls_cipher_set_iv(ctx, iv, cipher_info->iv_size); + ret = mbedtls_cipher_set_iv(ctx, iv, cipher_info->MBEDTLS_PRIVATE(iv_size)); return ret == 0 ? 0 : -1; } @@ -331,29 +331,29 @@ ctx = (libssh2_rsa_ctx *) mbedtls_calloc(1, sizeof(libssh2_rsa_ctx)); if(ctx != NULL) { - mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, 0); + mbedtls_rsa_init(ctx); } else return -1; /* !checksrc! disable ASSIGNWITHINCONDITION 1 */ - if((ret = mbedtls_mpi_read_binary(&(ctx->E), edata, elen) ) != 0 || - (ret = mbedtls_mpi_read_binary(&(ctx->N), ndata, nlen) ) != 0) { + if((ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(E)), edata, elen) ) != 0 || + (ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(N)), ndata, nlen) ) != 0) { ret = -1; } if(!ret) { - ctx->len = mbedtls_mpi_size(&(ctx->N)); + ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size(&(ctx->MBEDTLS_PRIVATE(N))); } if(!ret && ddata) { /* !checksrc! disable ASSIGNWITHINCONDITION 1 */ - if((ret = mbedtls_mpi_read_binary(&(ctx->D), ddata, dlen) ) != 0 || - (ret = mbedtls_mpi_read_binary(&(ctx->P), pdata, plen) ) != 0 || - (ret = mbedtls_mpi_read_binary(&(ctx->Q), qdata, qlen) ) != 0 || - (ret = mbedtls_mpi_read_binary(&(ctx->DP), e1data, e1len) ) != 0 || - (ret = mbedtls_mpi_read_binary(&(ctx->DQ), e2data, e2len) ) != 0 || - (ret = mbedtls_mpi_read_binary(&(ctx->QP), coeffdata, coefflen) ) + if((ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(D)), ddata, dlen) ) != 0 || + (ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(P)), pdata, plen) ) != 0 || + (ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(Q)), qdata, qlen) ) != 0 || + (ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(DP)), e1data, e1len) ) != 0 || + (ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(DQ)), e2data, e2len) ) != 0 || + (ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(QP)), coeffdata, coefflen) ) != 0) { ret = -1; } @@ -381,14 +381,16 @@ mbedtls_pk_context pkey; mbedtls_rsa_context *pk_rsa; + *rsa = (libssh2_rsa_ctx *) LIBSSH2_ALLOC(session, sizeof(libssh2_rsa_ctx)); if(*rsa == NULL) return -1; - mbedtls_rsa_init(*rsa, MBEDTLS_RSA_PKCS_V15, 0); + mbedtls_rsa_init(*rsa); mbedtls_pk_init(&pkey); - ret = mbedtls_pk_parse_keyfile(&pkey, filename, (char *)passphrase); + ret = mbedtls_pk_parse_keyfile(&pkey, filename, (char *)passphrase, + mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg); if(ret != 0 || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA) { mbedtls_pk_free(&pkey); mbedtls_rsa_free(*rsa); @@ -436,7 +438,8 @@ pwd_len = passphrase != NULL ? strlen((const char *)passphrase) : 0; ret = mbedtls_pk_parse_key(&pkey, (unsigned char *)filedata_nullterm, filedata_len + 1, - passphrase, pwd_len); + passphrase, pwd_len, + mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg); _libssh2_mbedtls_safe_free(filedata_nullterm, filedata_len); if(ret != 0 || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA) { @@ -468,8 +471,8 @@ if(ret) return -1; /* failure */ - ret = mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_SHA1, SHA_DIGEST_LENGTH, + ret = mbedtls_rsa_pkcs1_verify(rsa, + MBEDTLS_MD_SHA1, SHA_DIGEST_LENGTH, hash, sig); return (ret == 0) ? 0 : -1; @@ -489,13 +492,13 @@ (void)hash_len; - sig_len = rsa->len; + sig_len = rsa->MBEDTLS_PRIVATE(len); sig = LIBSSH2_ALLOC(session, sig_len); if(!sig) { return -1; } - ret = mbedtls_rsa_pkcs1_sign(rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, + ret = mbedtls_rsa_pkcs1_sign(rsa, NULL, NULL, MBEDTLS_MD_SHA1, SHA_DIGEST_LENGTH, hash, sig); if(ret) { @@ -526,8 +529,8 @@ unsigned char *key; unsigned char *p; - e_bytes = mbedtls_mpi_size(&rsa->E); - n_bytes = mbedtls_mpi_size(&rsa->N); + e_bytes = mbedtls_mpi_size(&rsa->MBEDTLS_PRIVATE(E)); + n_bytes = mbedtls_mpi_size(&rsa->MBEDTLS_PRIVATE(N)); /* Key form is "ssh-rsa" + e + n. */ len = 4 + 7 + 4 + e_bytes + 4 + n_bytes; @@ -547,11 +550,11 @@ _libssh2_htonu32(p, e_bytes); p += 4; - mbedtls_mpi_write_binary(&rsa->E, p, e_bytes); + mbedtls_mpi_write_binary(&rsa->MBEDTLS_PRIVATE(E), p, e_bytes); _libssh2_htonu32(p, n_bytes); p += 4; - mbedtls_mpi_write_binary(&rsa->N, p, n_bytes); + mbedtls_mpi_write_binary(&rsa->MBEDTLS_PRIVATE(N), p, n_bytes); *keylen = (size_t)(p - key); return key; @@ -623,7 +626,8 @@ int ret; mbedtls_pk_init(&pkey); - ret = mbedtls_pk_parse_keyfile(&pkey, privatekey, passphrase); + ret = mbedtls_pk_parse_keyfile(&pkey, privatekey, passphrase, + mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg); if(ret != 0) { mbedtls_strerror(ret, (char *)buf, sizeof(buf)); mbedtls_pk_free(&pkey); @@ -670,7 +674,8 @@ ret = mbedtls_pk_parse_key(&pkey, (unsigned char *)privatekeydata_nullterm, privatekeydata_len + 1, - (const unsigned char *)passphrase, pwd_len); + (const unsigned char *)passphrase, pwd_len, + mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg); _libssh2_mbedtls_safe_free(privatekeydata_nullterm, privatekeydata_len); if(ret != 0) { @@ -766,13 +771,13 @@ &_libssh2_mbedtls_ctr_drbg) != 0) goto failed; - plen = 2 * mbedtls_mpi_size(&(*privkey)->grp.P) + 1; + plen = 2 * mbedtls_mpi_size(&(*privkey)->MBEDTLS_PRIVATE(grp).P) + 1; *pubkey_oct = LIBSSH2_ALLOC(session, plen); if(*pubkey_oct == NULL) goto failed; - if(mbedtls_ecp_point_write_binary(&(*privkey)->grp, &(*privkey)->Q, + if(mbedtls_ecp_point_write_binary(&(*privkey)->MBEDTLS_PRIVATE(grp), &(*privkey)->MBEDTLS_PRIVATE(Q), MBEDTLS_ECP_PF_UNCOMPRESSED, pubkey_oct_len, *pubkey_oct, plen) == 0) return 0; @@ -805,13 +810,13 @@ mbedtls_ecdsa_init(*ctx); - if(mbedtls_ecp_group_load(&(*ctx)->grp, (mbedtls_ecp_group_id)curve) != 0) + if(mbedtls_ecp_group_load(&(*ctx)->MBEDTLS_PRIVATE(grp), (mbedtls_ecp_group_id)curve) != 0) goto failed; - if(mbedtls_ecp_point_read_binary(&(*ctx)->grp, &(*ctx)->Q, k, k_len) != 0) + if(mbedtls_ecp_point_read_binary(&(*ctx)->MBEDTLS_PRIVATE(grp), &(*ctx)->MBEDTLS_PRIVATE(Q), k, k_len) != 0) goto failed; - if(mbedtls_ecp_check_pubkey(&(*ctx)->grp, &(*ctx)->Q) == 0) + if(mbedtls_ecp_check_pubkey(&(*ctx)->MBEDTLS_PRIVATE(grp), &(*ctx)->MBEDTLS_PRIVATE(Q)) == 0) return 0; failed: @@ -842,21 +847,21 @@ mbedtls_ecp_point_init(&pubkey); - if(mbedtls_ecp_point_read_binary(&privkey->grp, &pubkey, + if(mbedtls_ecp_point_read_binary(&privkey->MBEDTLS_PRIVATE(grp), &pubkey, server_pubkey, server_pubkey_len) != 0) { rc = -1; goto cleanup; } - if(mbedtls_ecdh_compute_shared(&privkey->grp, *k, - &pubkey, &privkey->d, + if(mbedtls_ecdh_compute_shared(&privkey->MBEDTLS_PRIVATE(grp), *k, + &pubkey, &privkey->MBEDTLS_PRIVATE(d), mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg) != 0) { rc = -1; goto cleanup; } - if(mbedtls_ecp_check_privkey(&privkey->grp, *k) != 0) + if(mbedtls_ecp_check_privkey(&privkey->MBEDTLS_PRIVATE(grp), *k) != 0) rc = -1; cleanup: @@ -871,9 +876,9 @@ unsigned char hsh[SHA##digest_type##_DIGEST_LENGTH]; \ \ if(libssh2_sha##digest_type(m, m_len, hsh) == 0) { \ - rc = mbedtls_ecdsa_verify(&ctx->grp, hsh, \ + rc = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hsh, \ SHA##digest_type##_DIGEST_LENGTH, \ - &ctx->Q, &pr, &ps); \ + &ctx->MBEDTLS_PRIVATE(Q), &pr, &ps); \ } \ \ } @@ -936,7 +941,8 @@ pwd_len = pwd ? strlen((const char *) pwd) : 0; - if(mbedtls_pk_parse_key(pkey, data, data_len, pwd, pwd_len) != 0) + if(mbedtls_pk_parse_key(pkey, data, data_len, pwd, pwd_len, + mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg) != 0) goto failed; if(mbedtls_pk_get_type(pkey) != MBEDTLS_PK_ECKEY) @@ -1001,19 +1007,19 @@ mbedtls_ecdsa_init(*ctx); - if(mbedtls_ecp_group_load(&(*ctx)->grp, (mbedtls_ecp_group_id)type) != 0) + if(mbedtls_ecp_group_load(&(*ctx)->MBEDTLS_PRIVATE(grp), (mbedtls_ecp_group_id)type) != 0) goto failed; - if(mbedtls_mpi_read_binary(&(*ctx)->d, exponent, exponentlen) != 0) + if(mbedtls_mpi_read_binary(&(*ctx)->MBEDTLS_PRIVATE(d), exponent, exponentlen) != 0) goto failed; - if(mbedtls_ecp_mul(&(*ctx)->grp, &(*ctx)->Q, - &(*ctx)->d, &(*ctx)->grp.G, + if(mbedtls_ecp_mul(&(*ctx)->MBEDTLS_PRIVATE(grp), &(*ctx)->MBEDTLS_PRIVATE(Q), + &(*ctx)->MBEDTLS_PRIVATE(d), &(*ctx)->MBEDTLS_PRIVATE(grp).G, mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg) != 0) goto failed; - if(mbedtls_ecp_check_privkey(&(*ctx)->grp, &(*ctx)->d) == 0) + if(mbedtls_ecp_check_privkey(&(*ctx)->MBEDTLS_PRIVATE(grp), &(*ctx)->MBEDTLS_PRIVATE(d)) == 0) goto cleanup; failed: @@ -1157,7 +1163,7 @@ mbedtls_mpi_init(&pr); mbedtls_mpi_init(&ps); - if(mbedtls_ecdsa_sign(&ctx->grp, &pr, &ps, &ctx->d, + if(mbedtls_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &pr, &ps, &ctx->MBEDTLS_PRIVATE(d), hash, hash_len, mbedtls_ctr_drbg_random, &_libssh2_mbedtls_ctr_drbg) != 0) @@ -1204,7 +1210,7 @@ libssh2_curve_type _libssh2_mbedtls_ecdsa_get_curve_type(libssh2_ecdsa_ctx *ctx) { - return (libssh2_curve_type) ctx->grp.id; + return (libssh2_curve_type) ctx->MBEDTLS_PRIVATE(grp).id; } /* _libssh2_ecdsa_curve_type_from_name --- libssh2-1.10.0/src/mbedtls.h 2020-09-28 13:23:35.000000000 +0100 +++ libssh2.mod/libssh2/src/mbedtls.h 2021-11-30 20:54:52.000000000 +0000 @@ -65,12 +65,12 @@ #define LIBSSH2_AES 1 #define LIBSSH2_AES_CTR 1 -#define LIBSSH2_BLOWFISH 1 -#define LIBSSH2_RC4 1 +#define LIBSSH2_BLOWFISH 0 +#define LIBSSH2_RC4 0 #define LIBSSH2_CAST 0 #define LIBSSH2_3DES 1 -#define LIBSSH2_RSA 1 +#define LIBSSH2_RSA 0 #define LIBSSH2_DSA 0 #ifdef MBEDTLS_ECDSA_C # define LIBSSH2_ECDSA 1