Mercurial > dropbear
comparison common-kex.c @ 1681:435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
- other fixes for rsa pubkey auth
- only include ext-info handling when rsa pubkey auth is compiled
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 24 May 2020 14:16:58 +0800 |
| parents | 4b4cfc92c5b7 |
| children | 41bf8f216644 |
comparison
equal
deleted
inserted
replaced
| 1680:5e763ad6e2e0 | 1681:435cfb9ec96e |
|---|---|
| 173 encrypt_packet(); | 173 encrypt_packet(); |
| 174 | 174 |
| 175 | 175 |
| 176 /* set up our state */ | 176 /* set up our state */ |
| 177 ses.kexstate.sentnewkeys = 1; | 177 ses.kexstate.sentnewkeys = 1; |
| 178 if (ses.kexstate.donefirstkex) { | |
| 179 ses.kexstate.donesecondkex = 1; | |
| 180 } | |
| 178 ses.kexstate.donefirstkex = 1; | 181 ses.kexstate.donefirstkex = 1; |
| 179 ses.dataallowed = 1; /* we can send other packets again now */ | 182 ses.dataallowed = 1; /* we can send other packets again now */ |
| 180 gen_new_keys(); | 183 gen_new_keys(); |
| 181 switch_keys(); | 184 switch_keys(); |
| 182 | 185 |
| 195 } | 198 } |
| 196 | 199 |
| 197 | 200 |
| 198 /* Set up the kex for the first time */ | 201 /* Set up the kex for the first time */ |
| 199 void kexfirstinitialise() { | 202 void kexfirstinitialise() { |
| 200 ses.kexstate.donefirstkex = 0; | |
| 201 | |
| 202 #ifdef DISABLE_ZLIB | 203 #ifdef DISABLE_ZLIB |
| 203 ses.compress_algos = ssh_nocompress; | 204 ses.compress_algos = ssh_nocompress; |
| 204 #else | 205 #else |
| 205 switch (opts.compress_mode) | 206 switch (opts.compress_mode) |
| 206 { | 207 { |
| 831 if (buf_has_algo(ses.payload, KEXGUESS2_ALGO_NAME) == DROPBEAR_SUCCESS) { | 832 if (buf_has_algo(ses.payload, KEXGUESS2_ALGO_NAME) == DROPBEAR_SUCCESS) { |
| 832 kexguess2 = 1; | 833 kexguess2 = 1; |
| 833 } | 834 } |
| 834 #endif | 835 #endif |
| 835 | 836 |
| 837 #if DROPBEAR_EXT_INFO | |
| 836 /* Determine if SSH_MSG_EXT_INFO messages should be sent. | 838 /* Determine if SSH_MSG_EXT_INFO messages should be sent. |
| 837 Should be done for the first key exchange. Only required on server side | 839 Should be done for the first key exchange. Only required on server side |
| 838 for server-sig-algs */ | 840 for server-sig-algs */ |
| 839 if (IS_DROPBEAR_SERVER) { | 841 if (IS_DROPBEAR_SERVER) { |
| 840 if (!ses.kexstate.donefirstkex) { | 842 if (!ses.kexstate.donefirstkex) { |
| 841 if (buf_has_algo(ses.payload, SSH_EXT_INFO_C) == DROPBEAR_SUCCESS) { | 843 if (buf_has_algo(ses.payload, SSH_EXT_INFO_C) == DROPBEAR_SUCCESS) { |
| 842 ses.allow_ext_info = 1; | 844 ses.allow_ext_info = 1; |
| 843 } | 845 } |
| 844 } | 846 } |
| 845 } | 847 } |
| 848 #endif | |
| 846 | 849 |
| 847 algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); | 850 algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); |
| 848 allgood &= goodguess; | 851 allgood &= goodguess; |
| 849 if (algo == NULL || algo->data == NULL) { | 852 if (algo == NULL || algo->data == NULL) { |
| 850 /* kexguess2, ext-info-c, ext-info-s should not match negotiation */ | 853 /* kexguess2, ext-info-c, ext-info-s should not match negotiation */ |