mirror of https://github.com/wolfSSL/wolfssh.git
Hide SHA from Echoserver
1. Remove calls to wc_Sha256 Init, Update, and Final and remove the instances of the wc_Sha256 structure. 2. Remove the c32toa function, it isn't used at this point. 3. Add calls to wc_Sha256Hash(). This removes the Sha256 structure off the stack and replaces it with the direct call to the single-shot hash routine. Flattening the size of the hashed data and hashing it in was removed as redundant.pull/301/head
parent
ee139f8e0d
commit
31912462a0
|
@ -31,7 +31,7 @@
|
||||||
#include <wolfssl/options.h>
|
#include <wolfssl/options.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <wolfssl/wolfcrypt/sha256.h>
|
#include <wolfssl/wolfcrypt/hash.h>
|
||||||
#include <wolfssl/wolfcrypt/coding.h>
|
#include <wolfssl/wolfcrypt/coding.h>
|
||||||
#include <wolfssl/wolfcrypt/wc_port.h>
|
#include <wolfssl/wolfcrypt/wc_port.h>
|
||||||
#include <wolfssh/ssh.h>
|
#include <wolfssh/ssh.h>
|
||||||
|
@ -1141,14 +1141,6 @@ static int load_key(byte isEcc, byte* buf, word32 bufSz)
|
||||||
return sz;
|
return sz;
|
||||||
}
|
}
|
||||||
|
|
||||||
static INLINE void c32toa(word32 u32, byte* c)
|
|
||||||
{
|
|
||||||
c[0] = (u32 >> 24) & 0xff;
|
|
||||||
c[1] = (u32 >> 16) & 0xff;
|
|
||||||
c[2] = (u32 >> 8) & 0xff;
|
|
||||||
c[3] = u32 & 0xff;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* Map user names to passwords */
|
/* Map user names to passwords */
|
||||||
/* Use arrays for username and p. The password or public key can
|
/* Use arrays for username and p. The password or public key can
|
||||||
|
@ -1174,9 +1166,6 @@ static PwMap* PwMapNew(PwMapList* list, byte type, const byte* username,
|
||||||
|
|
||||||
map = (PwMap*)malloc(sizeof(PwMap));
|
map = (PwMap*)malloc(sizeof(PwMap));
|
||||||
if (map != NULL) {
|
if (map != NULL) {
|
||||||
wc_Sha256 sha;
|
|
||||||
byte flatSz[4];
|
|
||||||
|
|
||||||
map->type = type;
|
map->type = type;
|
||||||
if (usernameSz >= sizeof(map->username))
|
if (usernameSz >= sizeof(map->username))
|
||||||
usernameSz = sizeof(map->username) - 1;
|
usernameSz = sizeof(map->username) - 1;
|
||||||
|
@ -1185,11 +1174,7 @@ static PwMap* PwMapNew(PwMapList* list, byte type, const byte* username,
|
||||||
map->usernameSz = usernameSz;
|
map->usernameSz = usernameSz;
|
||||||
|
|
||||||
if (type != WOLFSSH_USERAUTH_NONE) {
|
if (type != WOLFSSH_USERAUTH_NONE) {
|
||||||
wc_InitSha256(&sha);
|
wc_Sha256Hash(p, pSz, map->p);
|
||||||
c32toa(pSz, flatSz);
|
|
||||||
wc_Sha256Update(&sha, flatSz, sizeof(flatSz));
|
|
||||||
wc_Sha256Update(&sha, p, pSz);
|
|
||||||
wc_Sha256Final(&sha, map->p);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
map->next = list->head;
|
map->next = list->head;
|
||||||
|
@ -1429,26 +1414,15 @@ static int wsUserAuth(byte authType,
|
||||||
return WOLFSSH_USERAUTH_FAILURE;
|
return WOLFSSH_USERAUTH_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Hash the password or public key with its length. */
|
|
||||||
{
|
|
||||||
wc_Sha256 sha;
|
|
||||||
byte flatSz[4];
|
|
||||||
wc_InitSha256(&sha);
|
|
||||||
if (authType == WOLFSSH_USERAUTH_PASSWORD) {
|
if (authType == WOLFSSH_USERAUTH_PASSWORD) {
|
||||||
c32toa(authData->sf.password.passwordSz, flatSz);
|
wc_Sha256Hash(authData->sf.password.password,
|
||||||
wc_Sha256Update(&sha, flatSz, sizeof(flatSz));
|
authData->sf.password.passwordSz,
|
||||||
wc_Sha256Update(&sha,
|
authHash);
|
||||||
authData->sf.password.password,
|
|
||||||
authData->sf.password.passwordSz);
|
|
||||||
}
|
}
|
||||||
else if (authType == WOLFSSH_USERAUTH_PUBLICKEY) {
|
else if (authType == WOLFSSH_USERAUTH_PUBLICKEY) {
|
||||||
c32toa(authData->sf.publicKey.publicKeySz, flatSz);
|
wc_Sha256Hash(authData->sf.publicKey.publicKey,
|
||||||
wc_Sha256Update(&sha, flatSz, sizeof(flatSz));
|
authData->sf.publicKey.publicKeySz,
|
||||||
wc_Sha256Update(&sha,
|
authHash);
|
||||||
authData->sf.publicKey.publicKey,
|
|
||||||
authData->sf.publicKey.publicKeySz);
|
|
||||||
}
|
|
||||||
wc_Sha256Final(&sha, authHash);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
list = (PwMapList*)ctx;
|
list = (PwMapList*)ctx;
|
||||||
|
|
Loading…
Reference in New Issue