WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Maintenance 

1. If the public key user authentication fails, don't retry it.
2. Add some more specific logging about the type of a signature getting generated.
pull/319/head
John Safranek 2020-11-01 19:49:03 -08:00
parent 88e7919fbf
commit c26f72cf98
No known key found for this signature in database
GPG Key ID: 8CE817DE0D3CCB4A
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/internal.c
View File

@ -2721,6 +2721,7 @@ static int DoKexDhInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
&& ssh->handshake->kexIdGuess != ssh->handshake->kexId) { && ssh->handshake->kexIdGuess != ssh->handshake->kexId) {
/* skip this message. */ /* skip this message. */
WLOG(WS_LOG_DEBUG, "Skipping the client's KEX init function.");
ssh->handshake->kexPacketFollows = 0; ssh->handshake->kexPacketFollows = 0;
*idx += len; *idx += len;
return WS_SUCCESS; return WS_SUCCESS;
@ -6936,7 +6937,8 @@ int SendKexDhReply(WOLFSSH* ssh)
ret = WS_CRYPTO_FAILED; ret = WS_CRYPTO_FAILED;
} }
else { else {
WLOG(WS_LOG_INFO, "Signing hash with RSA."); WLOG(WS_LOG_INFO, "Signing hash with %s.",
IdToName(ssh->handshake->pubKeyId));
sigSz = wc_RsaSSL_Sign(encSig, encSigSz, sig, sizeof(sig), sigSz = wc_RsaSSL_Sign(encSig, encSigSz, sig, sizeof(sig),
&sigKeyBlock.sk.rsa.key, ssh->rng); &sigKeyBlock.sk.rsa.key, ssh->rng);
if (sigSz <= 0) { if (sigSz <= 0) {
@ -6948,7 +6950,8 @@ int SendKexDhReply(WOLFSSH* ssh)
} }
else { else {
#ifndef WOLFSSH_NO_ECDSA #ifndef WOLFSSH_NO_ECDSA
WLOG(WS_LOG_INFO, "Signing hash with ECDSA."); WLOG(WS_LOG_INFO, "Signing hash with %s.",
IdToName(ssh->handshake->pubKeyId));
sigSz = sizeof(sig); sigSz = sizeof(sig);
ret = wc_ecc_sign_hash(digest, wc_HashGetDigestSize(sigHashId), ret = wc_ecc_sign_hash(digest, wc_HashGetDigestSize(sigHashId),
sig, &sigSz, sig, &sigSz,
@ -8360,8 +8363,9 @@ int SendUserAuthRequest(WOLFSSH* ssh, byte authId, int addSig)
if (authId == ID_USERAUTH_PASSWORD) if (authId == ID_USERAUTH_PASSWORD)
ret = PrepareUserAuthRequestPassword(ssh, &payloadSz, &authData); ret = PrepareUserAuthRequestPassword(ssh, &payloadSz, &authData);
else if (authId == ID_USERAUTH_PUBLICKEY) { else if (authId == ID_USERAUTH_PUBLICKEY && !ssh->userAuthPkDone) {
authData.sf.publicKey.hasSignature = 1; authData.sf.publicKey.hasSignature = 1;
ssh->userAuthPkDone = 1;
ret = PrepareUserAuthRequestPublicKey(ssh, &payloadSz, &authData, ret = PrepareUserAuthRequestPublicKey(ssh, &payloadSz, &authData,
&keySig); &keySig);
} }

1
wolfssh/internal.h
View File

@ -610,6 +610,7 @@ struct WOLFSSH {
word32 peerProtoIdSz; word32 peerProtoIdSz;
void* publicKeyCheckCtx; void* publicKeyCheckCtx;
byte sendTerminalRequest; byte sendTerminalRequest;
byte userAuthPkDone;
#ifdef USE_WINDOWS_API #ifdef USE_WINDOWS_API
word32 defaultAttr; /* default windows attributes */ word32 defaultAttr; /* default windows attributes */