WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #282 from ejohnstown/optional-build 

Optional Builds
pull/285/head
JacobBarthelmeh 2020-09-08 15:15:22 -06:00 committed by GitHub
parent a859ca4184 9fced1fe7d
commit c4578da7a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 148 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/client/client.c
View File

@ -870,6 +870,10 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
if (username == NULL)
err_sys("client requires a username parameter.");
#ifdef NO_RSA
userEcc = 1;
#endif
#ifdef SINGLE_THREADED
if (keepOpen)
err_sys("Threading needed for terminal session\n");

6
examples/echoserver/echoserver.c
View File

@ -1602,6 +1602,12 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args)
}
#endif
#ifdef NO_RSA
/* If wolfCrypt isn't built with RSA, force ECC on. */
userEcc = 1;
peerEcc = 1;
#endif
if (wolfSSH_Init() != WS_SUCCESS) {
fprintf(stderr, "Couldn't initialize wolfSSH.\n");
exit(EXIT_FAILURE);

5
examples/server/server.c
View File

@ -660,6 +660,11 @@ THREAD_RETURN WOLFSSH_THREAD server_test(void* args)
}
myoptind = 0; /* reset for test cases */
#ifdef NO_RSA
/* If wolfCrypt isn't built with RSA, force ECC on. */
useEcc = 1;
#endif
if (wolfSSH_Init() != WS_SUCCESS) {
fprintf(stderr, "Couldn't initialize wolfSSH.\n");
exit(EXIT_FAILURE);

5
examples/sftpclient/sftpclient.c
View File

@ -1329,6 +1329,11 @@ THREAD_RETURN WOLFSSH_THREAD sftpclient_test(void* args)
if (username == NULL)
err_sys("client requires a username parameter.");
#ifdef NO_RSA
userEcc = 1;
/* peerEcc = 1; */
#endif
if (autopilot != AUTOPILOT_OFF) {
if (apLocal == NULL || apRemote == NULL) {
err_sys("Options -G and -g require both -l and -r.");

6
src/agent.c
View File

@ -379,6 +379,7 @@ static int PostUnlock(WOLFSSH_AGENT_CTX* agent,
}
#ifndef NO_RSA
static int PostAddRsaId(WOLFSSH_AGENT_CTX* agent,
byte keyType, byte* key, word32 keySz,
word32 nSz, word32 eSz, word32 dSz,
@ -457,6 +458,7 @@ static int PostAddRsaId(WOLFSSH_AGENT_CTX* agent,
WLOG_LEAVE(ret);
return ret;
}
#endif
static int PostAddEcdsaId(WOLFSSH_AGENT_CTX* agent,
@ -667,6 +669,7 @@ static int PostSignRequest(WOLFSSH_AGENT_CTX* agent,
int sigSz = sizeof(sig);
if (cur->keyType == ID_SSH_RSA) {
#ifndef NO_RSA
WOLFSSH_AGENT_KEY_RSA* key;
RsaKey rsa;
byte encSig[MAX_ENCODED_SIG_SZ];
@ -708,6 +711,7 @@ static int PostSignRequest(WOLFSSH_AGENT_CTX* agent,
wc_FreeRsaKey(&rsa);
if (ret != 0)
ret = WS_RSA_E;
#endif
}
else if (cur->keyType == ID_ECDSA_SHA2_NISTP256) {
WOLFSSH_AGENT_KEY_ECDSA* key;
@ -942,6 +946,7 @@ static int DoAddIdentity(WOLFSSH_AGENT_CTX* agent,
begin += sz;
if (keyType == ID_SSH_RSA) {
#ifndef NO_RSA
byte* key;
byte* scratch;
word32 keySz, nSz, eSz, dSz, iqmpSz, pSz, qSz, commentSz;
@ -983,6 +988,7 @@ static int DoAddIdentity(WOLFSSH_AGENT_CTX* agent,
ret = PostAddRsaId(agent, keyType, key, keySz,
nSz, eSz, dSz, iqmpSz, pSz, qSz, commentSz);
}
#endif
}
else if (keyType == ID_ECDSA_SHA2_NISTP256 ||
keyType == ID_ECDSA_SHA2_NISTP384 ||

103
src/internal.c
View File

@ -33,7 +33,9 @@
#include <wolfssh/internal.h>
#include <wolfssh/log.h>
#include <wolfssl/wolfcrypt/asn.h>
#ifndef NO_DH
#include <wolfssl/wolfcrypt/dh.h>
#endif
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/hmac.h>
@ -365,9 +367,11 @@ static HandshakeInfo* HandshakeInfoNew(void* heap)
newHs->macId = ID_NONE;
newHs->blockSz = MIN_BLOCK_SZ;
newHs->hashId = WC_HASH_TYPE_NONE;
#ifndef NO_DH
newHs->dhGexMinSz = WOLFSSH_DEFAULT_GEXDH_MIN;
newHs->dhGexPreferredSz = WOLFSSH_DEFAULT_GEXDH_PREFERRED;
newHs->dhGexMaxSz = WOLFSSH_DEFAULT_GEXDH_MAX;
#endif
}
return newHs;
@ -381,8 +385,10 @@ static void HandshakeInfoFree(HandshakeInfo* hs, void* heap)
WLOG(WS_LOG_DEBUG, "Entering HandshakeInfoFree()");
if (hs) {
WFREE(hs->kexInit, heap, DYNTYPE_STRING);
#ifndef NO_DH
WFREE(hs->primeGroup, heap, DYNTYPE_MPINT);
WFREE(hs->generator, heap, DYNTYPE_MPINT);
#endif
ForceZero(hs, sizeof(HandshakeInfo));
WFREE(hs, heap, DYNTYPE_HS);
}
@ -679,12 +685,15 @@ int wolfSSH_ProcessBuffer(WOLFSSH_CTX* ctx,
if (type == BUFTYPE_PRIVKEY && format != WOLFSSH_FORMAT_RAW) {
/* Check RSA key */
union {
#ifndef NO_RSA
RsaKey rsa;
#endif
ecc_key ecc;
} key;
word32 scratch = 0;
int ret;
#ifndef NO_RSA
if (wc_InitRsaKey(&key.rsa, NULL) < 0)
return WS_RSA_E;
@ -692,6 +701,7 @@ int wolfSSH_ProcessBuffer(WOLFSSH_CTX* ctx,
wc_FreeRsaKey(&key.rsa);
if (ret < 0) {
#endif
/* Couldn't decode as RSA key. Try decoding as ECC key. */
scratch = 0;
if (wc_ecc_init_ex(&key.ecc, ctx->heap, INVALID_DEVID) != 0)
@ -714,7 +724,9 @@ int wolfSSH_ProcessBuffer(WOLFSSH_CTX* ctx,
if (ret != 0)
return WS_BAD_FILE_E;
#ifndef NO_RSA
}
#endif
}
return WS_SUCCESS;
@ -2394,7 +2406,7 @@ static int DoKexInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
return ret;
}
#ifndef NO_DH
static const byte dhGenerator[] = { 2 };
static const byte dhPrimeGroup1[] = {
/* SSH DH Group 1 (Oakley Group 2, 1024-bit MODP Group, RFC 2409) */
@ -2454,6 +2466,7 @@ static const byte dhPrimeGroup14[] = {
static const word32 dhGeneratorSz = sizeof(dhGenerator);
static const word32 dhPrimeGroup1Sz = sizeof(dhPrimeGroup1);
static const word32 dhPrimeGroup14Sz = sizeof(dhPrimeGroup14);
#endif
static int DoKexDhInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
@ -2534,9 +2547,11 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
byte useRsa;
word32 keySz;
union {
#ifndef NO_RSA
struct {
RsaKey key;
} rsa;
#endif
struct {
ecc_key key;
} ecc;
@ -2600,6 +2615,7 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
if (ret == WS_SUCCESS)
begin += pubKeySz;
#ifndef NO_DH
/* If using DH-GEX include the GEX specific values. */
if (ret == WS_SUCCESS && ssh->handshake->kexId == ID_DH_GEX_SHA256) {
byte primeGroupPad = 0, generatorPad = 0;
@ -2680,6 +2696,7 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
ssh->handshake->generator,
ssh->handshake->generatorSz);
}
#endif
/* Hash in the size of the client's DH e-value (ECDH Q-value). */
if (ret == 0) {
@ -2733,6 +2750,7 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
sigKeyBlock.useRsa = ssh->handshake->pubKeyId == ID_SSH_RSA;
if (sigKeyBlock.useRsa) {
#ifndef NO_RSA
byte* e;
word32 eSz;
byte* n;
@ -2767,6 +2785,9 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
sigKeyBlock.keySz = sizeof(sigKeyBlock.sk.rsa.key);
else
ret = WS_RSA_E;
#else
(void)tmpIdx;
#endif
}
else {
byte* q;
@ -2817,12 +2838,14 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
/* Generate and hash in the shared secret */
if (ret == 0) {
if (!ssh->handshake->useEcc) {
#ifndef NO_DH
ret = wc_DhAgree(&ssh->handshake->privKey.dh,
ssh->k, &ssh->kSz,
ssh->handshake->x, ssh->handshake->xSz,
f, fSz);
ForceZero(ssh->handshake->x, ssh->handshake->xSz);
wc_FreeDhKey(&ssh->handshake->privKey.dh);
#endif
}
else {
ecc_key key;
@ -2901,6 +2924,7 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
}
if (ret == WS_SUCCESS) {
if (sigKeyBlock.useRsa) {
#ifndef NO_RSA
sig = sig + begin;
/* In the fuzz, sigSz ends up 1 and it has issues. */
sigSz = scratch;
@ -2929,6 +2953,7 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
ret = WS_RSA_E;
}
}
#endif
}
else {
byte* r;
@ -2966,8 +2991,11 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
}
}
if (sigKeyBlock.useRsa)
if (sigKeyBlock.useRsa) {
#ifndef NO_RSA
wc_FreeRsaKey(&sigKeyBlock.sk.rsa.key);
#endif
}
else
wc_ecc_free(&sigKeyBlock.sk.ecc.key);
}
@ -3058,6 +3086,7 @@ static int DoNewKeys(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
}
#ifndef NO_DH
static int DoKexDhGexRequest(WOLFSSH* ssh,
byte* buf, word32 len, word32* idx)
{
@ -3146,6 +3175,7 @@ static int DoKexDhGexGroup(WOLFSSH* ssh,
return ret;
}
#endif
static int DoIgnore(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
@ -3558,7 +3588,7 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
return ret;
}
#ifndef NO_RSA
/* Utility for DoUserAuthRequestPublicKey() */
/* returns negative for error, positive is size of digest. */
static int DoUserAuthRequestRsa(WOLFSSH* ssh, WS_UserAuthData_PublicKey* pk,
@ -3678,6 +3708,7 @@ static int DoUserAuthRequestRsa(WOLFSSH* ssh, WS_UserAuthData_PublicKey* pk,
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestRsa(), ret = %d", ret);
return ret;
}
#endif
/* Utility for DoUserAuthRequestPublicKey() */
@ -3962,9 +3993,12 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
}
if (ret == WS_SUCCESS) {
if (pkTypeId == ID_SSH_RSA)
if (pkTypeId == ID_SSH_RSA) {
#ifndef NO_RSA
ret = DoUserAuthRequestRsa(ssh, pk,
hashId, digest, digestSz);
#endif
}
else if (pkTypeId == ID_ECDSA_SHA2_NISTP256 ||
pkTypeId == ID_ECDSA_SHA2_NISTP384 ||
pkTypeId == ID_ECDSA_SHA2_NISTP521)
@ -4863,7 +4897,7 @@ static int DoPacket(WOLFSSH* ssh)
byte padSz;
byte msg;
word32 payloadIdx = 0;
int ret;
int ret = WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "DoPacket sequence number: %d", ssh->peerSeq);
@ -4942,8 +4976,10 @@ static int DoPacket(WOLFSSH* ssh)
}
if (ssh->handshake->kexId == ID_DH_GEX_SHA256) {
#ifndef NO_DH
WLOG(WS_LOG_DEBUG, "Decoding MSGID_KEXDH_GEX_GROUP");
ret = DoKexDhGexGroup(ssh, buf + idx, payloadSz, &payloadIdx);
#endif
}
else {
WLOG(WS_LOG_DEBUG, "Decoding MSGID_KEXDH_REPLY");
@ -4951,10 +4987,12 @@ static int DoPacket(WOLFSSH* ssh)
}
break;
#ifndef NO_DH
case MSGID_KEXDH_GEX_REQUEST:
WLOG(WS_LOG_DEBUG, "Decoding MSGID_KEXDH_GEX_REQUEST");
ret = DoKexDhGexRequest(ssh, buf + idx, payloadSz, &payloadIdx);
break;
#endif
case MSGID_KEXDH_GEX_INIT:
WLOG(WS_LOG_DEBUG, "Decoding MSGID_KEXDH_GEX_INIT");
@ -5887,8 +5925,9 @@ static const char cannedKexAlgoNames[] =
","
#endif
#if !defined(WOLFSSH_NO_DH_GROUP1_SHA1)
"diffie-hellman-group1-sha1";
"diffie-hellman-group1-sha1"
#endif
; /* This is a little awkward. */
#if defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) && defined(WOLFSSH_NO_DH_GEX_SHA256)\
&& defined(WOLFSSH_NO_DH_GROUP14_SHA1) && defined(WOLFSSH_NO_DH_GROUP1_SHA1)
#warning "You need at least one of ECDH-SHA2-NISTP256, DH-GEX-SHA256, "
@ -6039,10 +6078,12 @@ int SendKexInit(WOLFSSH* ssh)
int SendKexDhReply(WOLFSSH* ssh)
{
/* This function and DoKexDhReply() are unwieldy and in need of refactoring. */
#ifndef NO_DH
const byte* primeGroup = dhPrimeGroup14;
word32 primeGroupSz = dhPrimeGroup14Sz;
const byte* generator = dhGenerator;
word32 generatorSz = dhGeneratorSz;
#endif
byte useEcc = 0;
byte f[257];
@ -6056,6 +6097,7 @@ int SendKexDhReply(WOLFSSH* ssh)
const char *name;
word32 nameSz;
union {
#ifndef NO_RSA
struct {
RsaKey key;
byte e[257];
@ -6065,6 +6107,7 @@ int SendKexDhReply(WOLFSSH* ssh)
word32 nSz;
byte nPad;
} rsa;
#endif
struct {
ecc_key key;
word32 keyBlobSz;
@ -6103,6 +6146,7 @@ int SendKexDhReply(WOLFSSH* ssh)
sigKeyBlock.nameSz = (word32)strlen(sigKeyBlock.name);
switch (ssh->handshake->kexId) {
#ifndef NO_DH
case ID_DH_GROUP1_SHA1:
primeGroup = dhPrimeGroup1;
primeGroupSz = dhPrimeGroup1Sz;
@ -6115,6 +6159,7 @@ int SendKexDhReply(WOLFSSH* ssh)
case ID_DH_GEX_SHA256:
msgId = MSGID_KEXDH_GEX_REPLY;
break;
#endif
case ID_ECDH_SHA2_NISTP256:
case ID_ECDH_SHA2_NISTP384:
@ -6134,6 +6179,7 @@ int SendKexDhReply(WOLFSSH* ssh)
* either be RSA or ECDSA public key blob. */
if (ret == WS_SUCCESS) {
if (sigKeyBlock.useRsa) {
#ifndef NO_RSA
/* Decode the user-configured RSA private key. */
sigKeyBlock.sk.rsa.eSz = sizeof(sigKeyBlock.sk.rsa.e);
sigKeyBlock.sk.rsa.nSz = sizeof(sigKeyBlock.sk.rsa.n);
@ -6223,6 +6269,7 @@ int SendKexDhReply(WOLFSSH* ssh)
enmhashId,
sigKeyBlock.sk.rsa.n,
sigKeyBlock.sk.rsa.nSz);
#endif
}
else {
sigKeyBlock.sk.ecc.primeName =
@ -6295,7 +6342,7 @@ int SendKexDhReply(WOLFSSH* ssh)
sigKeyBlock.sk.ecc.q,
sigKeyBlock.sk.ecc.qSz);
}
#ifndef NO_DH
/* If using DH-GEX include the GEX specific values. */
if (ssh->handshake->kexId == ID_DH_GEX_SHA256) {
byte primeGroupPad = 0, generatorPad = 0;
@ -6370,6 +6417,7 @@ int SendKexDhReply(WOLFSSH* ssh)
enmhashId,
generator, generatorSz);
}
#endif
/* Hash in the size of the client's DH e-value (ECDH Q-value). */
if (ret == 0) {
@ -6386,6 +6434,7 @@ int SendKexDhReply(WOLFSSH* ssh)
/* Or make the server's ECDH private value, and the shared secret K. */
if (ret == 0) {
if (!useEcc) {
#ifndef NO_DH
DhKey privKey;
byte y[MAX_KEX_KEY_SZ];
word32 ySz = sizeof(y);
@ -6402,6 +6451,7 @@ int SendKexDhReply(WOLFSSH* ssh)
ssh->handshake->e, ssh->handshake->eSz);
ForceZero(y, ySz);
wc_FreeDhKey(&privKey);
#endif
}
else {
ecc_key pubKey;
@ -6511,6 +6561,7 @@ int SendKexDhReply(WOLFSSH* ssh)
if (ret == WS_SUCCESS) {
if (sigKeyBlock.useRsa) {
#ifndef NO_RSA
byte encSig[MAX_ENCODED_SIG_SZ];
word32 encSigSz;
@ -6530,6 +6581,7 @@ int SendKexDhReply(WOLFSSH* ssh)
ret = WS_RSA_E;
}
}
#endif
}
else {
WLOG(WS_LOG_INFO, "Signing hash with ECDSA.");
@ -6573,10 +6625,14 @@ int SendKexDhReply(WOLFSSH* ssh)
}
}
if (sigKeyBlock.useRsa)
if (sigKeyBlock.useRsa) {
#ifndef NO_RSA
wc_FreeRsaKey(&sigKeyBlock.sk.rsa.key);
else
#endif
}
else {
wc_ecc_free(&sigKeyBlock.sk.ecc.key);
}
sigBlockSz = (LENGTH_SZ * 2) + sigKeyBlock.nameSz + sigSz;
@ -6605,6 +6661,7 @@ int SendKexDhReply(WOLFSSH* ssh)
WMEMCPY(output + idx, sigKeyBlock.name, sigKeyBlock.nameSz);
idx += sigKeyBlock.nameSz;
if (sigKeyBlock.useRsa) {
#ifndef NO_RSA
c32toa(sigKeyBlock.sk.rsa.eSz + sigKeyBlock.sk.rsa.ePad,
output + idx);
idx += LENGTH_SZ;
@ -6617,6 +6674,7 @@ int SendKexDhReply(WOLFSSH* ssh)
if (sigKeyBlock.sk.rsa.nPad) output[idx++] = 0;
WMEMCPY(output + idx, sigKeyBlock.sk.rsa.n, sigKeyBlock.sk.rsa.nSz);
idx += sigKeyBlock.sk.rsa.nSz;
#endif
}
else {
c32toa(sigKeyBlock.sk.ecc.primeNameSz, output + idx);
@ -6740,6 +6798,7 @@ int SendNewKeys(WOLFSSH* ssh)
}
#ifndef NO_DH
int SendKexDhGexRequest(WOLFSSH* ssh)
{
byte* output;
@ -6855,6 +6914,7 @@ int SendKexDhGexGroup(WOLFSSH* ssh)
WLOG(WS_LOG_DEBUG, "Leaving SendKexDhGexGroup(), ret = %d", ret);
return ret;
}
#endif
int SendKexDhInit(WOLFSSH* ssh)
@ -6862,10 +6922,12 @@ int SendKexDhInit(WOLFSSH* ssh)
byte* output;
word32 idx = 0;
word32 payloadSz;
#ifndef NO_DH
const byte* primeGroup = dhPrimeGroup14;
word32 primeGroupSz = dhPrimeGroup14Sz;
const byte* generator = dhGenerator;
word32 generatorSz = dhGeneratorSz;
#endif
int ret = WS_SUCCESS;
byte msgId = MSGID_KEXDH_INIT;
byte e[MAX_KEX_KEY_SZ+1]; /* plus 1 in case of padding. */
@ -6875,6 +6937,7 @@ int SendKexDhInit(WOLFSSH* ssh)
WLOG(WS_LOG_DEBUG, "Entering SendKexDhInit()");
switch (ssh->handshake->kexId) {
#ifndef NO_DH
case ID_DH_GROUP1_SHA1:
primeGroup = dhPrimeGroup1;
primeGroupSz = dhPrimeGroup1Sz;
@ -6891,6 +6954,7 @@ int SendKexDhInit(WOLFSSH* ssh)
generatorSz = ssh->handshake->generatorSz;
msgId = MSGID_KEXDH_GEX_INIT;
break;
#endif
case ID_ECDH_SHA2_NISTP256:
case ID_ECDH_SHA2_NISTP384:
@ -6907,6 +6971,7 @@ int SendKexDhInit(WOLFSSH* ssh)
if (ret == WS_SUCCESS) {
if (!ssh->handshake->useEcc) {
#ifndef NO_DH
DhKey* privKey = &ssh->handshake->privKey.dh;
ret = wc_InitDhKey(privKey);
@ -6918,6 +6983,7 @@ int SendKexDhInit(WOLFSSH* ssh)
ssh->handshake->x,
&ssh->handshake->xSz,
e, &eSz);
#endif
}
else {
ecc_key* privKey = &ssh->handshake->privKey.ecc;
@ -7282,6 +7348,7 @@ typedef struct WS_KeySignature {
const char *name;
word32 nameSz;
union {
#ifndef NO_RSA
struct {
RsaKey key;
byte e[256];
@ -7291,6 +7358,7 @@ typedef struct WS_KeySignature {
word32 nSz;
byte nPad;
} rsa;
#endif
struct {
ecc_key key;
word32 keyBlobSz;
@ -7352,6 +7420,7 @@ static int BuildUserAuthRequestPassword(WOLFSSH* ssh,
}
#ifndef NO_RSA
static int PrepareUserAuthRequestRsa(WOLFSSH* ssh, word32* payloadSz,
const WS_UserAuthData* authData, WS_KeySignature* keySig)
{
@ -7504,6 +7573,7 @@ static int BuildUserAuthRequestRsa(WOLFSSH* ssh,
return ret;
}
#endif
static int PrepareUserAuthRequestEcc(WOLFSSH* ssh, word32* payloadSz,
@ -7725,8 +7795,11 @@ static int PrepareUserAuthRequestPublicKey(WOLFSSH* ssh, word32* payloadSz,
authData->sf.publicKey.publicKeySz;
}
if (keySig->keySigId == ID_SSH_RSA)
if (keySig->keySigId == ID_SSH_RSA) {
#ifndef NO_RSA
ret = PrepareUserAuthRequestRsa(ssh, payloadSz, authData, keySig);
#endif
}
else if (keySig->keySigId == ID_ECDSA_SHA2_NISTP256 ||
keySig->keySigId == ID_ECDSA_SHA2_NISTP384 ||
keySig->keySigId == ID_ECDSA_SHA2_NISTP521)
@ -7766,9 +7839,12 @@ static int BuildUserAuthRequestPublicKey(WOLFSSH* ssh,
begin += pk->publicKeySz;
if (pk->hasSignature) {
if (keySig->keySigId == ID_SSH_RSA)
if (keySig->keySigId == ID_SSH_RSA) {
#ifndef NO_RSA
ret = BuildUserAuthRequestRsa(ssh, output, &begin,
authData, sigStart, sigStartIdx, keySig);
#endif
}
else if (keySig->keySigId == ID_ECDSA_SHA2_NISTP256 ||
keySig->keySigId == ID_ECDSA_SHA2_NISTP384 ||
keySig->keySigId == ID_ECDSA_SHA2_NISTP521)
@ -7789,8 +7865,11 @@ static int BuildUserAuthRequestPublicKey(WOLFSSH* ssh,
static void CleanupUserAuthRequestPublicKey(WS_KeySignature* keySig)
{
if (keySig != NULL) {
if (keySig->keySigId == ID_SSH_RSA)
if (keySig->keySigId == ID_SSH_RSA) {
#ifndef NO_RSA
wc_FreeRsaKey(&keySig->ks.rsa.key);
#endif
}
else
wc_ecc_free(&keySig->ks.ecc.key);
}

9
src/keygen.c
View File

@ -57,6 +57,8 @@
int wolfSSH_MakeRsaKey(byte* out, word32 outSz,
word32 size, word32 e)
{
#ifndef NO_RSA
int ret = WS_SUCCESS;
WC_RNG rng;
@ -105,6 +107,13 @@ int wolfSSH_MakeRsaKey(byte* out, word32 outSz,
WLOG(WS_LOG_DEBUG, "Leaving wolfSSH_MakeRsaKey(), ret = %d", ret);
return ret;
#else
(void)out;
(void)outSz;
(void)size;
(void)e;
return WS_NOT_COMPILED;
#endif
}

12
src/ssh.c
View File

@ -722,8 +722,11 @@ int wolfSSH_connect(WOLFSSH* ssh)
return WS_FATAL_ERROR;
}
if (ssh->handshake->kexId == ID_DH_GEX_SHA256)
if (ssh->handshake->kexId == ID_DH_GEX_SHA256) {
#ifndef NO_DH
ssh->error = SendKexDhGexRequest(ssh);
#endif
}
else
ssh->error = SendKexDhInit(ssh);
if (ssh->error < WS_SUCCESS) {
@ -1441,7 +1444,9 @@ int wolfSSH_ReadKey_buffer(const byte* in, word32 inSz, int format,
else if (format == WOLFSSH_FORMAT_ASN1) {
byte* newKey;
union {
#ifndef NO_RSA
RsaKey rsa;
#endif
ecc_key ecc;
} testKey;
word32 scratch = 0;
@ -1459,7 +1464,7 @@ int wolfSSH_ReadKey_buffer(const byte* in, word32 inSz, int format,
}
*outSz = inSz;
WMEMCPY(newKey, in, inSz);
#ifndef NO_RSA
/* TODO: This is copied and modified from a function in src/internal.c.
This and that code should be combined into a single function. */
if (wc_InitRsaKey(&testKey.rsa, heap) < 0)
@ -1474,6 +1479,7 @@ int wolfSSH_ReadKey_buffer(const byte* in, word32 inSz, int format,
*outTypeSz = (word32)WSTRLEN((const char*)*outType);
}
else {
#endif
/* Couldn't decode as RSA testKey. Try decoding as ECC testKey. */
scratch = 0;
if (wc_ecc_init_ex(&testKey.ecc, heap, INVALID_DEVID) != 0)
@ -1489,7 +1495,9 @@ int wolfSSH_ReadKey_buffer(const byte* in, word32 inSz, int format,
}
else
return WS_BAD_FILE_E;
#ifndef NO_RSA
}
#endif
}
else
ret = WS_ERROR;

7
tests/api.c
View File

@ -570,9 +570,10 @@ static void test_wolfSSH_CTX_UsePrivateKey_buffer(void)
AssertNotNull(ctx->privateKey);
AssertIntNE(0, ctx->privateKeySz);
AssertIntEQ(ECC_SECP256R1, ctx->useEcc);
#ifndef NO_RSA
lastKey = ctx->privateKey;
lastKeySz = ctx->privateKeySz;
AssertIntEQ(WS_SUCCESS,
wolfSSH_CTX_UsePrivateKey_buffer(ctx, rsaKey, rsaKeySz,
TEST_GOOD_FORMAT_ASN1));
@ -581,6 +582,10 @@ static void test_wolfSSH_CTX_UsePrivateKey_buffer(void)
AssertIntEQ(0, ctx->useEcc);
AssertIntEQ(0, (lastKey == ctx->privateKey));
AssertIntNE(lastKeySz, ctx->privateKeySz);
#else
(void)lastKey;
(void)lastKeySz;
#endif
wolfSSH_CTX_free(ctx);
FreeBins(eccKey, rsaKey, NULL, NULL);

4
wolfssh/internal.h
View File

@ -270,6 +270,7 @@ typedef struct HandshakeInfo {
byte* kexInit;
word32 kexInitSz;
#ifndef NO_DH
word32 dhGexMinSz;
word32 dhGexPreferredSz;
word32 dhGexMaxSz;
@ -277,10 +278,13 @@ typedef struct HandshakeInfo {
word32 primeGroupSz;
byte* generator;
word32 generatorSz;
#endif
byte useEcc;
union {
#ifndef NO_DH
DhKey dh;
#endif
ecc_key ecc;
} privKey;
} HandshakeInfo;