From 75c78d0608bb80c39ac776b952411ff01f96f11c Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Fri, 21 Jul 2023 15:46:21 -0700
Subject: [PATCH 1/2] fix for SFTP interop

---
 src/internal.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 54c969080..f05f97ae5 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5842,6 +5842,11 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
                 authFailure = 1;
                 ret = WS_SUCCESS;
             }
+            else if (ret == WOLFSSH_USERAUTH_INVALID_USER) {
+                WLOG(WS_LOG_DEBUG, "DUARPK: public key user rejected");
+                authFailure = 1;
+                ret = WS_SUCCESS;
+            }
             else {
                 authFailure = 1;
             }
@@ -7632,7 +7637,7 @@ int DoReceive(WOLFSSH* ssh)
                                     + peerBlockSz,
                                 ssh->inputBuffer.buffer + ssh->inputBuffer.idx
                                     + peerBlockSz,
-                                ssh->curSz - peerBlockSz);
+                                UINT32_SZ + ssh->curSz - peerBlockSz);
                     }
                     else {
                         /* Entire packet fit in one block, don't need

From c651fc72e50c518483a5b9ff176ca1b51ab60342 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Thu, 3 Aug 2023 16:12:04 -0700
Subject: [PATCH 2/2] handle all unexpected public key auth callback return
 values and send auth failure to peer

---
 src/internal.c | 43 ++++++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 13 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index f05f97ae5..102221f8e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5834,22 +5834,39 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
             ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
                                        authData, ssh->userAuthCtx);
             WLOG(WS_LOG_DEBUG, "DUARPK: callback result = %d", ret);
-            if (ret == WOLFSSH_USERAUTH_SUCCESS) {
-                ret = WS_SUCCESS;
-            }
-            else if (ret == WOLFSSH_USERAUTH_INVALID_PUBLICKEY) {
-                WLOG(WS_LOG_DEBUG, "DUARPK: client key rejected");
-                authFailure = 1;
-                ret = WS_SUCCESS;
-            }
-            else if (ret == WOLFSSH_USERAUTH_INVALID_USER) {
-                WLOG(WS_LOG_DEBUG, "DUARPK: public key user rejected");
-                authFailure = 1;
-                ret = WS_SUCCESS;
+        #ifdef DEBUG_WOLFSSH
+            switch (ret) {
+                case WOLFSSH_USERAUTH_INVALID_PUBLICKEY:
+                    WLOG(WS_LOG_DEBUG, "DUARPK: client key invalid");
+                    break;
+
+                case WOLFSSH_USERAUTH_INVALID_USER:
+                    WLOG(WS_LOG_DEBUG, "DUARPK: public key user rejected");
+                    break;
+
+
+                case WOLFSSH_USERAUTH_FAILURE:
+                    WLOG(WS_LOG_DEBUG, "DUARPK: public key general failure");
+                    break;
+
+                case WOLFSSH_USERAUTH_INVALID_AUTHTYPE:
+                    WLOG(WS_LOG_DEBUG, "DUARPK: public key invalid auth type");
+                    break;
+
+                case WOLFSSH_USERAUTH_REJECTED:
+                    WLOG(WS_LOG_DEBUG, "DUARPK: public key rejected");
+                    break;
+
+                default:
+                    WLOG(WS_LOG_DEBUG,
+                        "Unexpected return value from Auth callback");
             }
-            else {
+        #endif
+
+            if (ret != WOLFSSH_USERAUTH_SUCCESS) {
                 authFailure = 1;
             }
+            ret = WS_SUCCESS;
         }
         else {
             WLOG(WS_LOG_DEBUG, "DUARPK: no userauth callback set");