# HG changeset patch # User Matt Johnston # Date 1364921011 -28800 # Node ID 465fefc4f6e04be3c1de2a708354f6e4689ead3d # Parent 15999b098cc9e6e701a7d1c1e94e62bb28e97fa7 Put some #ifdef options around first-follows options in case they need to be disabled diff -r 15999b098cc9 -r 465fefc4f6e0 cli-session.c --- a/cli-session.c Wed Apr 03 00:32:55 2013 +0800 +++ b/cli-session.c Wed Apr 03 00:43:31 2013 +0800 @@ -110,11 +110,12 @@ } +#ifdef USE_KEX_FIRST_FOLLOWS static void cli_send_kex_first_guess() { send_msg_kexdh_init(); dropbear_log(LOG_INFO, "kexdh_init guess sent"); - //cli_ses.kex_state = KEXDH_INIT_SENT; } +#endif static void cli_session_init() { @@ -155,7 +156,9 @@ ses.isserver = 0; +#ifdef USE_KEX_FIRST_FOLLOWS ses.send_kex_first_guess = cli_send_kex_first_guess; +#endif } diff -r 15999b098cc9 -r 465fefc4f6e0 common-algo.c --- a/common-algo.c Wed Apr 03 00:32:55 2013 +0800 +++ b/common-algo.c Wed Apr 03 00:43:31 2013 +0800 @@ -216,7 +216,9 @@ algo_type sshkex[] = { {"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL}, {"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL}, +#ifdef USE_KEXGUESS2 {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL}, +#endif {NULL, 0, NULL, 0, NULL} }; diff -r 15999b098cc9 -r 465fefc4f6e0 common-kex.c --- a/common-kex.c Wed Apr 03 00:32:55 2013 +0800 +++ b/common-kex.c Wed Apr 03 00:43:31 2013 +0800 @@ -692,7 +692,11 @@ memset(ses.newkeys, 0x0, sizeof(*ses.newkeys)); +#ifdef USE_KEXGUESS2 enum kexguess2_used kexguess2 = KEXGUESS2_LOOK; +#else + enum kexguess2_used kexguess2 = KEXGUESS2_NO; +#endif /* kex_algorithms */ algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess); diff -r 15999b098cc9 -r 465fefc4f6e0 sysoptions.h --- a/sysoptions.h Wed Apr 03 00:32:55 2013 +0800 +++ b/sysoptions.h Wed Apr 03 00:43:31 2013 +0800 @@ -23,6 +23,15 @@ #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ #endif +/* A client should try and send an initial key exchange packet guessing + * the algorithm that will match - saves a round trip connecting, has little + * overhead if the guess was "wrong". */ +#define USE_KEX_FIRST_FOLLOWS +/* Use protocol extension to allow "first follows" to succeed more frequently. + * This is currently Dropbear-specific but will gracefully fallback when connecting + * to other implementations. */ +#define USE_KEXGUESS2 + /* Minimum key sizes for DSS and RSA */ #ifndef MIN_DSS_KEYLEN #define MIN_DSS_KEYLEN 512