- markus@cvs.openbsd.org 2001/04/04 09:48:35

[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
     don't sent multiple kexinit-requests.
     send newkeys, block while waiting for newkeys.
     fix comments.

ChangeLog

@@ -1,3 +1,11 @@
+20010405
+ - OpenBSD CVS Sync                                              
+   - markus@cvs.openbsd.org 2001/04/04 09:48:35                  
+     [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
+     don't sent multiple kexinit-requests.                       
+     send newkeys, block while waiting for newkeys.              
+     fix comments.                                               
+
 20010404
  - OpenBSD CVS Sync
    - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
@@ -4836,4 +4844,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1054 2001/04/04 17:39:19 mouring Exp $
+$Id: ChangeLog,v 1.1055 2001/04/04 17:52:53 mouring Exp $

kex.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.27 2001/04/03 23:32:11 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.28 2001/04/04 09:48:34 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -112,20 +112,17 @@ kex_protocol_error(int type, int plen, void *ctxt)
 }
 
 void
-kex_send_newkeys(void)
+kex_finish(Kex *kex)
 {
+	int i, plen;
+
 	packet_start(SSH2_MSG_NEWKEYS);
 	packet_send();
 	/* packet_write_wait(); */
 	debug("SSH2_MSG_NEWKEYS sent");
-}
-
-void
-kex_input_newkeys(int type, int plen, void *ctxt)
-{
-	Kex *kex = ctxt;
-	int i;
 
+        debug("waiting for SSH2_MSG_NEWKEYS");
+        packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
 	debug("SSH2_MSG_NEWKEYS received");
 	kex->newkeys = 1;
 	for (i = 30; i <= 49; i++)
@@ -138,6 +135,10 @@ kex_input_newkeys(int type, int plen, void *ctxt)
 void
 kex_send_kexinit(Kex *kex)
 {
+	if (kex->flags & KEX_INIT_SENT) {
+		debug("KEX_INIT_SENT");
+		return;
+	}
 	packet_start(SSH2_MSG_KEXINIT);
 	packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
 	packet_send();
@@ -161,7 +162,7 @@ kex_input_kexinit(int type, int plen, void *ctxt)
 }
 
 Kex *
-kex_start(char *proposal[PROPOSAL_MAX])
+kex_setup(char *proposal[PROPOSAL_MAX])
 {
 	Kex *kex;
 	int i;
@@ -179,7 +180,6 @@ kex_start(char *proposal[PROPOSAL_MAX])
 		dispatch_set(i, kex_protocol_error);
 
 	dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
-	dispatch_set(SSH2_MSG_NEWKEYS, &kex_input_newkeys);
 	return kex;
 }
 

kex.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kex.h,v 1.19 2001/04/03 23:32:12 markus Exp $	*/
+/*	$OpenBSD: kex.h,v 1.20 2001/04/04 09:48:34 markus Exp $	*/
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -111,8 +111,9 @@ struct Kex {
 	Key	*(*load_host_key)(int type);
 };
 
-Kex	*kex_start(char *proposal[PROPOSAL_MAX]);
-void	kex_send_newkeys(void);
+Kex	*kex_setup(char *proposal[PROPOSAL_MAX]);
+void	kex_finish(Kex *kex);
+
 void	kex_send_kexinit(Kex *kex);
 void	kex_protocol_error(int type, int plen, void *ctxt);
 void	kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret);

kexdh.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.2 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
 
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
@@ -170,8 +170,8 @@ kexdh_client(Kex *kex)
 	    shared_secret
 	);
 	xfree(server_host_key_blob);
-	DH_free(dh);
 	BN_free(dh_server_pub);
+	DH_free(dh);
 
 	if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
 		fatal("key_verify failed for server_host_key");
@@ -187,7 +187,7 @@ kexdh_client(Kex *kex)
 
 	kex_derive_keys(kex, hash, shared_secret);
 	BN_clear_free(shared_secret);
-	kex_send_newkeys();
+	kex_finish(kex);
 }
 
 /* server */
@@ -283,15 +283,15 @@ kexdh_server(Kex *kex)
 	packet_put_bignum2(dh->pub_key);	/* f */
 	packet_put_string((char *)signature, slen);
 	packet_send();
+
 	xfree(signature);
 	xfree(server_host_key_blob);
+	/* have keys, free DH */
+	DH_free(dh);
 
 	kex_derive_keys(kex, hash, shared_secret);
 	BN_clear_free(shared_secret);
-	kex_send_newkeys();
-
-	/* have keys, free DH */
-	DH_free(dh);
+	kex_finish(kex);
 }
 
 void

kexgex.c

@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.2 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -228,6 +228,8 @@ kexgex_client(Kex *kex)
 	    dh_server_pub,
 	    shared_secret
 	);
+	/* have keys, free DH */
+	DH_free(dh);
 	xfree(server_host_key_blob);
 	BN_free(dh_server_pub);
 
@@ -242,14 +244,10 @@ kexgex_client(Kex *kex)
 		kex->session_id = xmalloc(kex->session_id_len);
 		memcpy(kex->session_id, hash, kex->session_id_len);
 	}
-
 	kex_derive_keys(kex, hash, shared_secret);
 	BN_clear_free(shared_secret);
 
-	kex_send_newkeys();
-
-	/* have keys, free DH */
-	DH_free(dh);
+	kex_finish(kex);
 }
 
 /* server */
@@ -391,14 +389,13 @@ kexgex_server(Kex *kex)
 	packet_send();
 	xfree(signature);
 	xfree(server_host_key_blob);
+	/* have keys, free DH */
+	DH_free(dh);
 
 	kex_derive_keys(kex, hash, shared_secret);
 	BN_clear_free(shared_secret);
 
-	kex_send_newkeys();
-
-	/* have keys, free DH */
-	DH_free(dh);
+	kex_finish(kex);
 }
 
 void

packet.c

@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.57 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.58 2001/04/04 09:48:34 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -525,7 +525,8 @@ set_newkeys(int mode)
 	if (newkeys[mode] != NULL) {
 		debug("newkeys: rekeying");
 		memset(cc, 0, sizeof(*cc));
-		// free old keys, reset compression cipher-contexts;
+		/* todo: free old keys, reset compression/cipher-ctxt; */
+		xfree(newkeys[mode]);
 	}
 	newkeys[mode] = kex_get_newkeys(mode);
 	if (newkeys[mode] == NULL)

sshconnect2.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.63 2001/04/04 00:06:54 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.64 2001/04/04 09:48:35 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
 	}
 
-	kex = kex_start(myproposal);
+	kex = kex_setup(myproposal);
 	kex->client_version_string=client_version_string;
 	kex->server_version_string=server_version_string;
 	kex->check_host_key=&check_host_key_callback;
@@ -254,7 +254,7 @@ ssh_userauth2(const char *server_user, char *host)
 	/* initial userauth request */
 	userauth_none(&authctxt);
 
-	//dispatch_init(&input_userauth_error);
+	/* dispatch_init(&input_userauth_error); */
         for (i = 50; i <= 254; i++) {
                 dispatch_set(i, &input_userauth_error);
         }

sshd.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.187 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.188 2001/04/04 09:48:35 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1425,7 +1425,7 @@ do_ssh2_kex(void)
 	}
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
 
-	kex = kex_start(myproposal);
+	kex = kex_setup(myproposal);
 	kex->server = 1;
 	kex->client_version_string=client_version_string;
 	kex->server_version_string=server_version_string;