mirror of https://github.com/wolfSSL/wolfssh.git
Maintenance
1. If the public key user authentication fails, don't retry it. 2. Add some more specific logging about the type of a signature getting generated.pull/319/head
parent
88e7919fbf
commit
c26f72cf98
|
@ -2721,6 +2721,7 @@ static int DoKexDhInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
|
||||||
&& ssh->handshake->kexIdGuess != ssh->handshake->kexId) {
|
&& ssh->handshake->kexIdGuess != ssh->handshake->kexId) {
|
||||||
|
|
||||||
/* skip this message. */
|
/* skip this message. */
|
||||||
|
WLOG(WS_LOG_DEBUG, "Skipping the client's KEX init function.");
|
||||||
ssh->handshake->kexPacketFollows = 0;
|
ssh->handshake->kexPacketFollows = 0;
|
||||||
*idx += len;
|
*idx += len;
|
||||||
return WS_SUCCESS;
|
return WS_SUCCESS;
|
||||||
|
@ -6936,7 +6937,8 @@ int SendKexDhReply(WOLFSSH* ssh)
|
||||||
ret = WS_CRYPTO_FAILED;
|
ret = WS_CRYPTO_FAILED;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
WLOG(WS_LOG_INFO, "Signing hash with RSA.");
|
WLOG(WS_LOG_INFO, "Signing hash with %s.",
|
||||||
|
IdToName(ssh->handshake->pubKeyId));
|
||||||
sigSz = wc_RsaSSL_Sign(encSig, encSigSz, sig, sizeof(sig),
|
sigSz = wc_RsaSSL_Sign(encSig, encSigSz, sig, sizeof(sig),
|
||||||
&sigKeyBlock.sk.rsa.key, ssh->rng);
|
&sigKeyBlock.sk.rsa.key, ssh->rng);
|
||||||
if (sigSz <= 0) {
|
if (sigSz <= 0) {
|
||||||
|
@ -6948,7 +6950,8 @@ int SendKexDhReply(WOLFSSH* ssh)
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
#ifndef WOLFSSH_NO_ECDSA
|
#ifndef WOLFSSH_NO_ECDSA
|
||||||
WLOG(WS_LOG_INFO, "Signing hash with ECDSA.");
|
WLOG(WS_LOG_INFO, "Signing hash with %s.",
|
||||||
|
IdToName(ssh->handshake->pubKeyId));
|
||||||
sigSz = sizeof(sig);
|
sigSz = sizeof(sig);
|
||||||
ret = wc_ecc_sign_hash(digest, wc_HashGetDigestSize(sigHashId),
|
ret = wc_ecc_sign_hash(digest, wc_HashGetDigestSize(sigHashId),
|
||||||
sig, &sigSz,
|
sig, &sigSz,
|
||||||
|
@ -8360,8 +8363,9 @@ int SendUserAuthRequest(WOLFSSH* ssh, byte authId, int addSig)
|
||||||
|
|
||||||
if (authId == ID_USERAUTH_PASSWORD)
|
if (authId == ID_USERAUTH_PASSWORD)
|
||||||
ret = PrepareUserAuthRequestPassword(ssh, &payloadSz, &authData);
|
ret = PrepareUserAuthRequestPassword(ssh, &payloadSz, &authData);
|
||||||
else if (authId == ID_USERAUTH_PUBLICKEY) {
|
else if (authId == ID_USERAUTH_PUBLICKEY && !ssh->userAuthPkDone) {
|
||||||
authData.sf.publicKey.hasSignature = 1;
|
authData.sf.publicKey.hasSignature = 1;
|
||||||
|
ssh->userAuthPkDone = 1;
|
||||||
ret = PrepareUserAuthRequestPublicKey(ssh, &payloadSz, &authData,
|
ret = PrepareUserAuthRequestPublicKey(ssh, &payloadSz, &authData,
|
||||||
&keySig);
|
&keySig);
|
||||||
}
|
}
|
||||||
|
|
|
@ -610,6 +610,7 @@ struct WOLFSSH {
|
||||||
word32 peerProtoIdSz;
|
word32 peerProtoIdSz;
|
||||||
void* publicKeyCheckCtx;
|
void* publicKeyCheckCtx;
|
||||||
byte sendTerminalRequest;
|
byte sendTerminalRequest;
|
||||||
|
byte userAuthPkDone;
|
||||||
|
|
||||||
#ifdef USE_WINDOWS_API
|
#ifdef USE_WINDOWS_API
|
||||||
word32 defaultAttr; /* default windows attributes */
|
word32 defaultAttr; /* default windows attributes */
|
||||||
|
|
Loading…
Reference in New Issue