-
Notifications
You must be signed in to change notification settings - Fork 527
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encryption failure during handshake when using libssh2 and wolfssl #1299
Comments
initial report: #1020 |
@brucsc: Can you make PR out of your fix proposal? You can also find earlier discussions about this in #1020, with |
This should be fixed with my colleague's PR here: wolfSSL/wolfssl#7143 |
@kareem-wolfssl Can you confirm this is the same issue as #1020, or are they different? |
Thanks, also for the info about the fix! I prefer @MichaelBuckley's PR, which replaces that API call with one that works with all wolfSSL versions. The Linux CI runner is still at 5.2.0. |
Great, I was very uncomfortable with what I presented in the initial question since it seemed like I was covering over an issue instead of fixing it. |
I'm getting a -44 error code and message of "Unable to ask for ssh-userauth service" when using wolfssl as the encryption engine during ssh handshake. I've tracked the error to this code on line 584 of openssl.c:
The comment indicates the expectation that EVP_CipherFinal should be equivalent to EVP_Cipher when finalizing the encryption. The EVP_Cipher method resolves to wolfSSL_EVP_Cipher on line 7080 of the wolfssl/wolfcrypt/src/evp.c file. There a check of NULL on the incoming buffers returns a WOLFSSL_FATAL_ERROR. After modifying the code to follow the comment, EVP_CipherFinal is used instead of EVP_Cipher, then the encryption seems to work as expected:
I do not know enough about these internals to know if this is the correct solution or not and would appreciate any assistance in getting this fixed. The comment suggests a break in the interface expectations with wolfssl.
To Reproduce
Extract libssh2 1.11.0, wolfssl 5.6.4. Build wolfssl. Build libssh2 to use wolfssl. Attempt to connect to an ssh server. In my case OpenSSH 8.9.
Expected behavior
For the encryption to work and the ssh handshake to complete.
Version
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: