comparison svr-kex.c @ 1678:4b4cfc92c5b7

Make server send SSH_MSG_EXT_INFO Ensure that only valid hostkey algorithms are sent in the first kex guess
author Matt Johnston <matt@ucc.asn.au>
date Thu, 21 May 2020 23:00:22 +0800
parents ba6fc7afe1c5
children 435cfb9ec96e
comparison
equal deleted inserted replaced
1677:e05c0e394f1d 1678:4b4cfc92c5b7
84 buf_free(ecdh_qs); 84 buf_free(ecdh_qs);
85 ecdh_qs = NULL; 85 ecdh_qs = NULL;
86 } 86 }
87 87
88 send_msg_newkeys(); 88 send_msg_newkeys();
89
90 if (ses.allow_ext_info) {
91 send_msg_ext_info();
92 }
93
89 ses.requirenext = SSH_MSG_NEWKEYS; 94 ses.requirenext = SSH_MSG_NEWKEYS;
90 TRACE(("leave recv_msg_kexdh_init")) 95 TRACE(("leave recv_msg_kexdh_init"))
91 } 96 }
92 97
93 98
240 encrypt_packet(); 245 encrypt_packet();
241 246
242 TRACE(("leave send_msg_kexdh_reply")) 247 TRACE(("leave send_msg_kexdh_reply"))
243 } 248 }
244 249
250 /* Only used for server-sig-algs on the server side */
251 void send_msg_ext_info(void) {
252 TRACE(("enter send_msg_ext_info"))
253
254 buf_putbyte(ses.writepayload, SSH_MSG_EXT_INFO);
255 /* nr-extensions */
256 buf_putint(ses.writepayload, 1);
257
258 buf_putstring(ses.writepayload, SSH_SERVER_SIG_ALGS, strlen(SSH_SERVER_SIG_ALGS));
259 buf_put_algolist_all(ses.writepayload, sigalgs, 1);
260
261 encrypt_packet();
262
263 TRACE(("leave send_msg_ext_info"))
264
265 }