- markus@cvs.openbsd.org 2003/04/01 10:31:26

[compat.c compat.h kex.c]
     bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
     tested by ho@ and myself

ChangeLog

@@ -24,6 +24,10 @@
      [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
      [readconf.h serverloop.c sshconnect2.c]
      backout rekeying changes (for 3.6.1)
+   - markus@cvs.openbsd.org 2003/04/01 10:31:26
+     [compat.c compat.h kex.c]
+     bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; 
+     tested by ho@ and myself
 
 20030326
  - (djm) OpenBSD CVS Sync
@@ -1286,4 +1290,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2644 2003/04/01 11:43:39 djm Exp $
+$Id: ChangeLog,v 1.2645 2003/04/01 11:44:37 djm Exp $

compat.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $");
+RCSID("$OpenBSD: compat.c,v 1.66 2003/04/01 10:31:26 markus Exp $");
 
 #include "buffer.h"
 #include "packet.h"
@@ -85,10 +85,12 @@ compat_datafellows(const char *version)
 		{ "*MindTerm*",		0 },
 		{ "2.1.0*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
 					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
-					SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+					SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+					SSH_BUG_FIRSTKEX },
 		{ "2.1 *",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
 					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
-					SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+					SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+					SSH_BUG_FIRSTKEX },
 		{ "2.0.13*,"
 		  "2.0.14*,"
 		  "2.0.15*,"
@@ -100,26 +102,28 @@ compat_datafellows(const char *version)
 					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
 					SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
 					SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
-					SSH_BUG_DUMMYCHAN },
+					SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
 		{ "2.0.11*,"
 		  "2.0.12*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
 					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
 					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
 					SSH_BUG_PKAUTH|SSH_BUG_PKOK|
 					SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
-					SSH_BUG_DUMMYCHAN },
+					SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
 		{ "2.0.*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
 					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
 					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
 					SSH_BUG_PKAUTH|SSH_BUG_PKOK|
 					SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
-					SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN },
+					SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
+					SSH_BUG_FIRSTKEX },
 		{ "2.2.0*,"
 		  "2.3.0*",		SSH_BUG_HMAC|SSH_BUG_DEBUG|
-					SSH_BUG_RSASIGMD5 },
-		{ "2.3.*",		SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 },
+					SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
+		{ "2.3.*",		SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
+					SSH_BUG_FIRSTKEX },
 		{ "2.4",		SSH_OLD_SESSIONID },	/* Van Dyke */
-		{ "2.*",		SSH_BUG_DEBUG },
+		{ "2.*",		SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
 		{ "3.0.*",		SSH_BUG_DEBUG },
 		{ "3.0 SecureCRT*",	SSH_OLD_SESSIONID },
 		{ "1.7 SecureFX*",	SSH_OLD_SESSIONID },

compat.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $	*/
+/*	$OpenBSD: compat.h,v 1.34 2003/04/01 10:31:26 markus Exp $	*/
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -55,6 +55,7 @@
 #define SSH_BUG_EXTEOF		0x00200000
 #define SSH_BUG_K5USER		0x00400000
 #define SSH_BUG_PROBE		0x00800000
+#define SSH_BUG_FIRSTKEX	0x01000000
 
 void     enable_compat13(void);
 void     enable_compat20(void);

kex.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.54 2003/02/16 17:09:57 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -392,7 +392,8 @@ kex_choose_conf(Kex *kex)
 	kex->we_need = need;
 
 	/* ignore the next message if the proposals do not match */
-	if (first_kex_follows && !proposals_match(my, peer)) {
+	if (first_kex_follows && !proposals_match(my, peer) && 
+	   !(datafellows & SSH_BUG_FIRSTKEX)) {
 		type = packet_read();
 		debug2("skipping next packet (type %u)", type);
 	}