WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated many functions with better error checking.

pull/10/head
John Safranek 2016-07-18 21:21:42 -07:00
parent 1e77d1595b
commit 4041ecf408
2 changed files with 642 additions and 459 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

440
src/internal.c
View File

@ -138,6 +138,9 @@ const char* GetErrorString(int err)
case WS_INVALID_CHANID:
return "peer requested invalid channel id";
case WS_CRYPTO_FAILED:
return "crypto action failed";
default:
return "Unknown error code";
}
@ -566,11 +569,21 @@ static int SendBuffered(WOLFSSH* ssh)
static int SendText(WOLFSSH* ssh, const char* text, uint32_t textLen)
{
GrowBuffer(&ssh->outputBuffer, textLen, 0);
int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = GrowBuffer(&ssh->outputBuffer, textLen, 0);
if (ret == WS_SUCCESS) {
WMEMCPY(ssh->outputBuffer.buffer, text, textLen);
ssh->outputBuffer.length = textLen;
ret = SendBuffered(ssh);
}
return SendBuffered(ssh);
return ret;
}
@ -1421,13 +1434,29 @@ static int GetString(char* s, uint32_t* sSz,
static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
uint8_t* buf, uint32_t len, uint32_t* idx)
{
uint32_t begin = *idx;
WS_UserAuthData_Password* pw = &authData->sf.password;
int ret;
uint32_t begin;
WS_UserAuthData_Password* pw;
int ret = WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPassword()");
if (ssh == NULL || authData == NULL ||
buf == NULL || len == 0 || idx == NULL) {
ret = WS_BAD_ARGUMENT;
}
if (ret == WS_SUCCESS) {
begin = *idx;
pw = &authData->sf.password;
authData->type = WOLFSSH_USERAUTH_PASSWORD;
ret = GetBoolean(&pw->hasNewPassword, buf, len, &begin);
}
if (ret == WS_SUCCESS)
ret = GetUint32(&pw->passwordSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
pw->password = buf + begin;
begin += pw->passwordSz;
@ -1435,9 +1464,11 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
/* Skip the password change. Maybe error out since we aren't
* supporting password changes at this time. */
ret = GetUint32(&pw->newPasswordSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
pw->newPassword = buf + begin;
begin += pw->newPasswordSz;
}
}
else {
pw->newPassword = NULL;
pw->newPasswordSz = 0;
@ -1450,21 +1481,24 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
if (ret == WOLFSSH_USERAUTH_SUCCESS) {
WLOG(WS_LOG_DEBUG, "DUARPW: password check successful");
ssh->clientState = CLIENT_USERAUTH_DONE;
ret = WS_SUCCESS;
}
else {
WLOG(WS_LOG_DEBUG, "DUARPW: password check failed");
if (ret != WOLFSSH_USERAUTH_SUCCESS) {
return SendUserAuthFailure(ssh, 0);
}
ret = SendUserAuthFailure(ssh, 0);
}
}
else {
WLOG(WS_LOG_DEBUG, "DUARPW: No user auth callback");
return SendUserAuthFailure(ssh, 0);
ret = SendUserAuthFailure(ssh, 0);
}
}
if (ret == WS_SUCCESS)
*idx = begin;
return WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestPassword(), ret = %d", ret);
return ret;
}
@ -1481,47 +1515,85 @@ static int DoUserAuthRequestRsa(WOLFSSH* ssh, WS_UserAuthData_PublicKey* pk,
uint8_t* e;
uint32_t eSz = 0;
uint32_t i = 0;
int ret;
int ret = WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestRsa()");
if (ssh == NULL || pk == NULL || digest == NULL || digestSz == 0)
ret = WS_BAD_ARGUMENT;
/* First check that the public key's type matches the one we are
* expecting. */
GetUint32(&publicKeyTypeSz, pk->publicKey, pk->publicKeySz, &i);
if (ret == WS_SUCCESS)
ret = GetUint32(&publicKeyTypeSz, pk->publicKey, pk->publicKeySz, &i);
if (ret == WS_SUCCESS) {
publicKeyType = pk->publicKey + i;
i += publicKeyTypeSz;
if (publicKeyTypeSz != pk->publicKeyTypeSz &&
WMEMCMP(publicKeyType, pk->publicKeyType, publicKeyTypeSz) != 0) {
WLOG(WS_LOG_DEBUG, "Public Key's type does not match public key type");
return WS_INVALID_ALGO_ID;
WLOG(WS_LOG_DEBUG,
"Public Key's type does not match public key type");
ret = WS_INVALID_ALGO_ID;
}
GetUint32(&eSz, pk->publicKey, pk->publicKeySz, &i);
}
if (ret == WS_SUCCESS)
ret = GetUint32(&eSz, pk->publicKey, pk->publicKeySz, &i);
if (ret == WS_SUCCESS) {
e = pk->publicKey + i;
i += eSz;
GetUint32(&nSz, pk->publicKey, pk->publicKeySz, &i);
ret = GetUint32(&nSz, pk->publicKey, pk->publicKeySz, &i);
}
if (ret == WS_SUCCESS) {
n = pk->publicKey + i;
wc_InitRsaKey(&key, ssh->ctx->heap);
ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, &key);
if (ret != 0) {
WLOG(WS_LOG_DEBUG, "Could not decode public key");
ret = WS_CRYPTO_FAILED;
}
}
if (ret == WS_SUCCESS) {
i = 0;
/* First check that the signature's public key type matches the one
* we are expecting. */
GetUint32(&publicKeyTypeSz, pk->publicKey, pk->publicKeySz, &i);
ret = GetUint32(&publicKeyTypeSz, pk->publicKey, pk->publicKeySz, &i);
}
if (ret == WS_SUCCESS) {
publicKeyType = pk->publicKey + i;
i += publicKeyTypeSz;
if (publicKeyTypeSz != pk->publicKeyTypeSz &&
WMEMCMP(publicKeyType, pk->publicKeyType, publicKeyTypeSz) != 0) {
WLOG(WS_LOG_DEBUG, "Signature's type does not match public key type");
return WS_INVALID_ALGO_ID;
WLOG(WS_LOG_DEBUG,
"Signature's type does not match public key type");
ret = WS_INVALID_ALGO_ID;
}
}
GetUint32(&nSz, pk->signature, pk->signatureSz, &i);
if (ret == WS_SUCCESS)
ret = GetUint32(&nSz, pk->signature, pk->signatureSz, &i);
if (ret == WS_SUCCESS) {
n = pk->signature + i;
ret = wc_RsaSSL_Verify(n, nSz, digest, digestSz, &key);
if (ret <= 0) {
WLOG(WS_LOG_DEBUG, "Could not verify signature");
ret = WS_CRYPTO_FAILED;
}
}
wc_FreeRsaKey(&key);
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestRsa(), ret = %d", ret);
return ret;
}
@ -1530,26 +1602,47 @@ static int DoUserAuthRequestRsa(WOLFSSH* ssh, WS_UserAuthData_PublicKey* pk,
static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
uint8_t* buf, uint32_t len, uint32_t* idx)
{
uint32_t begin = *idx;
WS_UserAuthData_PublicKey* pk = &authData->sf.publicKey;
uint32_t begin;
WS_UserAuthData_PublicKey* pk;
int ret = WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPublicKey()");
if (ssh == NULL || authData == NULL ||
buf == NULL || len == 0 || idx == NULL) {
ret = WS_BAD_ARGUMENT;
}
if (ret == WS_SUCCESS) {
begin = *idx;
pk = &authData->sf.publicKey;
authData->type = WOLFSSH_USERAUTH_PUBLICKEY;
GetBoolean(&pk->hasSignature, buf, len, &begin);
GetUint32(&pk->publicKeyTypeSz, buf, len, &begin);
ret = GetBoolean(&pk->hasSignature, buf, len, &begin);
}
if (ret == WS_SUCCESS)
ret = GetUint32(&pk->publicKeyTypeSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
pk->publicKeyType = buf + begin;
begin += pk->publicKeyTypeSz;
GetUint32(&pk->publicKeySz, buf, len, &begin);
ret = GetUint32(&pk->publicKeySz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
pk->publicKey = buf + begin;
begin += pk->publicKeySz;
if (pk->hasSignature) {
GetUint32(&pk->signatureSz, buf, len, &begin);
ret = GetUint32(&pk->signatureSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
pk->signature = buf + begin;
begin += pk->signatureSz;
}
else
goto onError;
}
else {
pk->signature = NULL;
pk->signatureSz = 0;
@ -1562,15 +1655,21 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
authData, ssh->userAuthCtx);
WLOG(WS_LOG_DEBUG, "DUARPK: callback result = %d", ret);
if (ret != WOLFSSH_USERAUTH_SUCCESS) {
return SendUserAuthFailure(ssh, 0);
if (ret == WOLFSSH_USERAUTH_SUCCESS)
ret = WS_SUCCESS;
else {
ret = SendUserAuthFailure(ssh, 0);
goto onError;
}
}
else {
WLOG(WS_LOG_DEBUG, "DUARPK: no userauth callback set");
return SendUserAuthFailure(ssh, 0);
ret = SendUserAuthFailure(ssh, 0);
goto onError;
}
}
if (ret == WS_SUCCESS) {
if (pk->signature == NULL) {
WLOG(WS_LOG_DEBUG, "DUARPK: Send the PK OK");
ret = SendUserAuthPkOk(ssh, pk->publicKeyType, pk->publicKeyTypeSz,
@ -1595,9 +1694,11 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
ret = WS_SUCCESS;
}
{
if (ret == WS_SUCCESS) {
Sha sha;
uint8_t digest[SHA_DIGEST_SIZE];
volatile int compare;
volatile int sizeCompare;
wc_InitSha(&sha);
c32toa(ssh->sessionIdSz, digest);
@ -1617,25 +1718,23 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
encDigestSz = wc_EncodeSignature(encDigest, digest,
SHA_DIGEST_SIZE, SHAh);
}
{
volatile int compare;
volatile int sizeCompare;
compare = ConstantCompare(encDigest, checkDigest, encDigestSz);
sizeCompare = encDigestSz != checkDigestSz;
if (compare || sizeCompare || ret < 0) {
WLOG(WS_LOG_DEBUG, "DUARPK: signature compare failure");
return SendUserAuthFailure(ssh, 0);
ret = SendUserAuthFailure(ssh, 0);
}
else {
ssh->clientState = CLIENT_USERAUTH_DONE;
}
}
}
}
onError:
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestPublicKey(), ret = %d", ret);
return ret;
}
@ -1643,22 +1742,39 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
static int DoUserAuthRequest(WOLFSSH* ssh,
uint8_t* buf, uint32_t len, uint32_t* idx)
{
uint32_t begin = *idx;
int ret;
uint32_t begin;
int ret = WS_SUCCESS;
uint8_t authNameId;
WS_UserAuthData authData;
WMEMSET(&authData, 0, sizeof(authData));
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequest()");
GetUint32(&authData.usernameSz, buf, len, &begin);
if (ssh == NULL || buf == NULL || len == 0 || idx == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
begin = *idx;
WMEMSET(&authData, 0, sizeof(authData));
ret = GetUint32(&authData.usernameSz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
authData.username = buf + begin;
begin += authData.usernameSz;
GetUint32(&authData.serviceNameSz, buf, len, &begin);
ret = GetUint32(&authData.serviceNameSz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
authData.serviceName = buf + begin;
begin += authData.serviceNameSz;
GetUint32(&authData.authNameSz, buf, len, &begin);
ret = GetUint32(&authData.authNameSz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
authData.authName = buf + begin;
begin += authData.authNameSz;
authNameId = NameToId((char*)authData.authName, authData.authNameSz);
@ -1670,12 +1786,15 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
ret = DoUserAuthRequestPublicKey(ssh, &authData, buf, len, &begin);
}
else {
WLOG(WS_LOG_DEBUG, "invalid userauth type: %s", IdToName(authNameId));
WLOG(WS_LOG_DEBUG,
"invalid userauth type: %s", IdToName(authNameId));
ret = SendUserAuthFailure(ssh, 0);
}
*idx = begin;
}
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequest(), ret = %d", ret);
return ret;
}
@ -2323,29 +2442,43 @@ int ProcessClientVersion(WOLFSSH* ssh)
int SendServerVersion(WOLFSSH* ssh)
{
int ret = WS_SUCCESS;
uint32_t sshIdStrSz = (uint32_t)WSTRLEN(sshIdStr);
uint8_t scratch[LENGTH_SZ];
uint8_t sshIdStrSzFlat[LENGTH_SZ];
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
WLOG(WS_LOG_DEBUG, "%s", sshIdStr);
SendText(ssh, sshIdStr, (uint32_t)WSTRLEN(sshIdStr));
sshIdStrSz -= 2; /* Remove the CRLF */
c32toa(sshIdStrSz, scratch);
wc_ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, (const uint8_t*)sshIdStr, sshIdStrSz);
ret = SendText(ssh, sshIdStr, (uint32_t)WSTRLEN(sshIdStr));
}
return WS_SUCCESS;
if (ret == WS_SUCCESS) {
sshIdStrSz -= 2; /* Remove the CRLF */
c32toa(sshIdStrSz, sshIdStrSzFlat);
wc_ShaUpdate(&ssh->handshake->hash, sshIdStrSzFlat, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash,
(const uint8_t*)sshIdStr, sshIdStrSz);
}
return ret;
}
static int PreparePacket(WOLFSSH* ssh, uint32_t payloadSz)
{
int ret;
int ret = WS_SUCCESS;
uint8_t* output;
uint32_t outputSz;
uint32_t packetSz;
uint32_t usedSz;
uint8_t paddingSz;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
/* Minimum value for paddingSz is 4. */
paddingSz = ssh->blockSz -
(LENGTH_SZ + PAD_LENGTH_SZ + payloadSz) % ssh->blockSz;
@ -2356,9 +2489,10 @@ static int PreparePacket(WOLFSSH* ssh, uint32_t payloadSz)
outputSz = LENGTH_SZ + packetSz + ssh->macSz;
usedSz = ssh->outputBuffer.length - ssh->outputBuffer.idx;
if ( (ret = GrowBuffer(&ssh->outputBuffer, outputSz, usedSz)) != WS_SUCCESS)
return ret;
ret = GrowBuffer(&ssh->outputBuffer, outputSz, usedSz);
}
if (ret == WS_SUCCESS) {
ssh->packetStartIdx = ssh->outputBuffer.length;
output = ssh->outputBuffer.buffer + ssh->outputBuffer.length;
@ -2367,6 +2501,7 @@ static int PreparePacket(WOLFSSH* ssh, uint32_t payloadSz)
output[LENGTH_SZ] = paddingSz;
ssh->outputBuffer.length += LENGTH_SZ + PAD_LENGTH_SZ;
}
return ret;
}
@ -2379,6 +2514,10 @@ static int BundlePacket(WOLFSSH* ssh)
uint8_t paddingSz;
int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
paddingSz = ssh->paddingSz;
@ -2387,34 +2526,40 @@ static int BundlePacket(WOLFSSH* ssh)
WLOG(WS_LOG_DEBUG, "BP: paddingSz = %u", paddingSz);
if (ssh->encryptId == ID_NONE)
WMEMSET(output + idx, 0, paddingSz);
else
ret = wc_RNG_GenerateBlock(ssh->rng, output + idx, paddingSz);
else if (wc_RNG_GenerateBlock(ssh->rng, output + idx, paddingSz) < 0)
ret = WS_CRYPTO_FAILED;
}
if (ret == WS_SUCCESS) {
idx += paddingSz;
if (ret != WS_SUCCESS) {
WLOG(WS_LOG_DEBUG, "BP: failed to add padding");
return ret;
}
ret = CreateMac(ssh, ssh->outputBuffer.buffer + ssh->packetStartIdx,
ssh->outputBuffer.length - ssh->packetStartIdx + paddingSz,
ssh->outputBuffer.length -
ssh->packetStartIdx + paddingSz,
output + idx);
idx += ssh->macSz;
if (ret != WS_SUCCESS) {
WLOG(WS_LOG_DEBUG, "BP: failed to add mac");
return ret;
}
else {
WLOG(WS_LOG_DEBUG, "BP: failed to add padding");
}
if (ret == WS_SUCCESS) {
idx += ssh->macSz;
ret = Encrypt(ssh,
ssh->outputBuffer.buffer + ssh->packetStartIdx,
ssh->outputBuffer.buffer + ssh->packetStartIdx,
ssh->outputBuffer.length - ssh->packetStartIdx + paddingSz);
ssh->outputBuffer.length = idx;
if (ret != WS_SUCCESS) {
WLOG(WS_LOG_DEBUG, "BP: failed to encrypt buffer");
return ret;
ssh->outputBuffer.length -
ssh->packetStartIdx + paddingSz);
}
else {
WLOG(WS_LOG_DEBUG, "BP: failed to generate mac");
}
return WS_SUCCESS;
if (ret == WS_SUCCESS)
ssh->outputBuffer.length = idx;
else {
WLOG(WS_LOG_DEBUG, "BP: failed to encrypt buffer");
}
return ret;
}
@ -2453,17 +2598,22 @@ int SendKexInit(WOLFSSH* ssh)
uint8_t* payload;
uint32_t idx = 0;
uint32_t payloadSz;
uint8_t payloadSzFlat[LENGTH_SZ];
int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
payloadSz = MSG_ID_SZ + COOKIE_SZ + (LENGTH_SZ * 11) + BOOLEAN_SZ +
cannedKexAlgoNamesSz + cannedKeyAlgoNamesSz +
(cannedEncAlgoNamesSz * 2) +
(cannedMacAlgoNamesSz * 2) +
(cannedNoneNamesSz * 2);
ret = PreparePacket(ssh, payloadSz);
if (ret != WS_SUCCESS)
return ret;
}
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
payload = output + idx;
@ -2471,9 +2621,10 @@ int SendKexInit(WOLFSSH* ssh)
output[idx++] = MSGID_KEXINIT;
ret = wc_RNG_GenerateBlock(ssh->rng, output + idx, COOKIE_SZ);
}
if (ret == WS_SUCCESS) {
idx += COOKIE_SZ;
if (ret != 0)
return ret;
CopyNameList(output, &idx, cannedKexAlgoNames, cannedKexAlgoNamesSz);
CopyNameList(output, &idx, cannedKeyAlgoNames, cannedKeyAlgoNamesSz);
@ -2493,18 +2644,16 @@ int SendKexInit(WOLFSSH* ssh)
ssh->outputBuffer.length = idx;
{
uint8_t scratchLen[LENGTH_SZ];
c32toa(payloadSz, scratchLen);
ret = wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
if (ret != 0)
return ret;
c32toa(payloadSz, payloadSzFlat);
ret = wc_ShaUpdate(&ssh->handshake->hash, payloadSzFlat, LENGTH_SZ);
}
ret = wc_ShaUpdate(&ssh->handshake->hash, payload, payloadSz);
if (ret != 0)
return ret;
if (ret == WS_SUCCESS)
ret = wc_ShaUpdate(&ssh->handshake->hash, payload, payloadSz);
if (ret == WS_SUCCESS)
ret = BundlePacket(ssh);
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);
@ -2723,12 +2872,15 @@ int SendNewKeys(WOLFSSH* ssh)
{
uint8_t* output;
uint32_t idx = 0;
int ret;
int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -2737,12 +2889,12 @@ int SendNewKeys(WOLFSSH* ssh)
ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
ssh->blockSz = ssh->handshake->blockSz;
ssh->encryptId = ssh->handshake->encryptId;
ssh->macSz = ssh->handshake->macSz;
@ -2762,10 +2914,11 @@ int SendNewKeys(WOLFSSH* ssh)
default:
WLOG(WS_LOG_DEBUG, "SNK: using cipher invalid");
break;
ret = WS_INVALID_ALGO_ID;
}
ssh->txCount = 0;
}
return ret;
}
@ -2775,12 +2928,15 @@ int SendUnimplemented(WOLFSSH* ssh)
{
uint8_t* output;
uint32_t idx = 0;
int ret;
int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + LENGTH_SZ);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -2791,6 +2947,8 @@ int SendUnimplemented(WOLFSSH* ssh)
ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);
@ -2802,12 +2960,15 @@ int SendDisconnect(WOLFSSH* ssh, uint32_t reason)
{
uint8_t* output;
uint32_t idx = 0;
int ret;
int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + UINT32_SZ + (LENGTH_SZ * 2));
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -2822,6 +2983,8 @@ int SendDisconnect(WOLFSSH* ssh, uint32_t reason)
ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);
@ -2833,15 +2996,15 @@ int SendIgnore(WOLFSSH* ssh, const unsigned char* data, uint32_t dataSz)
{
uint8_t* output;
uint32_t idx = 0;
int ret;
int ret = WS_SUCCESS;
if (ssh == NULL || (data == NULL && dataSz > 0))
return WS_BAD_ARGUMENT;
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + LENGTH_SZ + dataSz);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -2856,6 +3019,8 @@ int SendIgnore(WOLFSSH* ssh, const unsigned char* data, uint32_t dataSz)
ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);
@ -2872,19 +3037,20 @@ int SendDebug(WOLFSSH* ssh, byte alwaysDisplay, const char* msg)
uint32_t msgSz;
uint8_t* output;
uint32_t idx = 0;
int ret;
int ret = WS_SUCCESS;
if (ssh == NULL)
return WS_BAD_ARGUMENT;
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
msgSz = (msg != NULL) ? (uint32_t)WSTRLEN(msg) : 0;
ret = PreparePacket(ssh,
MSG_ID_SZ + BOOLEAN_SZ + (LENGTH_SZ * 2) +
msgSz + cannedLangTagSz);
if (ret != WS_SUCCESS)
return ret;
}
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -2904,6 +3070,8 @@ int SendDebug(WOLFSSH* ssh, byte alwaysDisplay, const char* msg)
ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);
@ -2919,16 +3087,17 @@ int SendServiceAccept(WOLFSSH* ssh)
uint32_t nameSz;
uint8_t* output;
uint32_t idx;
int ret;
int ret = WS_SUCCESS;
if (ssh == NULL)
return WS_BAD_ARGUMENT;
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
nameSz = (uint32_t)WSTRLEN(userAuthName);
ret = PreparePacket(ssh, MSG_ID_SZ + LENGTH_SZ + nameSz);
if (ret != WS_SUCCESS)
return ret;
}
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -2941,6 +3110,8 @@ int SendServiceAccept(WOLFSSH* ssh)
ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendUserAuthBanner(ssh);
@ -2956,20 +3127,19 @@ int SendUserAuthFailure(WOLFSSH* ssh, uint8_t partialSuccess)
{
uint8_t* output;
uint32_t idx;
int ret;
(void)partialSuccess;
int ret = WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Entering SendUserAuthFailure()");
if (ssh == NULL)
return WS_BAD_ARGUMENT;
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh,
MSG_ID_SZ + LENGTH_SZ + cannedAuthsSz + BOOLEAN_SZ);
if (ret != WS_SUCCESS)
return ret;
MSG_ID_SZ + LENGTH_SZ +
cannedAuthsSz + BOOLEAN_SZ);
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -2978,11 +3148,13 @@ int SendUserAuthFailure(WOLFSSH* ssh, uint8_t partialSuccess)
idx += LENGTH_SZ;
WMEMCPY(output + idx, cannedAuths, cannedAuthsSz);
idx += cannedAuthsSz;
output[idx++] = 0;
output[idx++] = (partialSuccess != 0);
ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);
@ -2994,15 +3166,15 @@ int SendUserAuthSuccess(WOLFSSH* ssh)
{
uint8_t* output;
uint32_t idx;
int ret;
int ret = WS_SUCCESS;
if (ssh == NULL)
return WS_BAD_ARGUMENT;
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -3011,6 +3183,8 @@ int SendUserAuthSuccess(WOLFSSH* ssh)
ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);
@ -3024,17 +3198,20 @@ int SendUserAuthPkOk(WOLFSSH* ssh,
{
uint8_t* output;
uint32_t idx;
int ret;
int ret = WS_SUCCESS;
if (ssh == NULL ||
algoName == NULL || algoNameSz == 0 ||
publicKey == NULL || publicKeySz == 0) {
return WS_BAD_ARGUMENT;
ret = WS_BAD_ARGUMENT;
}
PreparePacket(ssh, MSG_ID_SZ + (LENGTH_SZ * 2) + algoNameSz + publicKeySz);
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + (LENGTH_SZ * 2) +
algoNameSz + publicKeySz);
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -3050,7 +3227,10 @@ int SendUserAuthPkOk(WOLFSSH* ssh,
ssh->outputBuffer.length = idx;
BundlePacket(ssh);
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);
return ret;
@ -3070,16 +3250,16 @@ int SendUserAuthBanner(WOLFSSH* ssh)
{
uint8_t* output;
uint32_t idx;
int ret;
int ret = WS_SUCCESS;
if (ssh == NULL)
return WS_BAD_ARGUMENT;
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + (LENGTH_SZ * 2) +
cannedBannerSz + cannedLangTagSz);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length;
@ -3096,6 +3276,8 @@ int SendUserAuthBanner(WOLFSSH* ssh)
ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh);

3
wolfssh/error.h
View File

@ -67,7 +67,8 @@ enum WS_ErrorCodes {
WS_RESOURCE_E = -25, /* insufficient resources for new channel */
WS_INVALID_CHANTYPE = -26, /* invalid channel type */
WS_INVALID_CHANID = -27,
WS_INVALID_USERNAME = -28
WS_INVALID_USERNAME = -28,
WS_CRYPTO_FAILED = -29 /* crypto action failed */
};