9 files changed, 96 insertions, 63 deletions
diff --git a/ChangeLog b/ChangeLog
index 7bb8eaa5c..83c02ecf5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,11 @@
   - markus@cvs.openbsd.org 2001/04/04 15:50:55
     [compat.c]
     f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
+   - markus@cvs.openbsd.org 2001/04/04 20:25:38
+     [channels.c channels.h clientloop.c kex.c kex.h serverloop.c 
+      sshconnect2.c sshd.c]
+     more robust rekeying
+     don't send channel data after rekeying is started.
 20010404
 - OpenBSD CVS Sync
@@ -4851,4 +4856,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1057 2001/04/04 23:43:26 mouring Exp $
+$Id: ChangeLog,v 1.1058 2001/04/04 23:46:07 mouring Exp $
diff --git a/channels.c b/channels.c
index 941556ace..7790564cc 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.99 2001/03/16 19:06:29 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.100 2001/04/04 20:25:35 markus Exp $");
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -1005,7 +1005,8 @@ channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
 }
 void
-channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp)
+channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
+    int rekeying)
 {
        int n;
        u_int sz;
@@ -1025,7 +1026,8 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp)
        memset(*readsetp, 0, sz);
        memset(*writesetp, 0, sz);
-        channel_handler(channel_pre, *readsetp, *writesetp);
+        if (!rekeying)
+                channel_handler(channel_pre, *readsetp, *writesetp);
 }
 void
diff --git a/channels.h b/channels.h
index 493b04aa2..2cd82148e 100644
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* RCSID("$OpenBSD: channels.h,v 1.28 2001/03/16 19:06:29 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.29 2001/04/04 20:25:36 markus Exp $"); */
 #ifndef CHANNELS_H
 #define CHANNELS_H
@@ -171,7 +171,8 @@ void    channel_free(int channel);
 * select bitmasks.
 */
 void
-channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp);
+channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
+    int rekeying);
 /*
 * After select, perform any appropriate operations for channels which have
diff --git a/clientloop.c b/clientloop.c
index 1d09a8dd9..4b87e3b6d 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.55 2001/04/04 14:34:58 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.56 2001/04/04 20:25:37 markus Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -127,6 +127,7 @@ static u_long stdin_bytes, stdout_bytes, stderr_bytes;
 static u_int buffer_high;/* Soft max buffer size. */
 static int connection_in;       /* Connection to server (input). */
 static int connection_out;      /* Connection to server (output). */
+static int need_rekeying;       /* Set to non-zero if rekeying is requested. */
 void    client_init_dispatch(void);
 int     session_ident = -1;
@@ -367,10 +368,10 @@ client_check_window_change(void)
 void
 client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
-    int *maxfdp)
+    int *maxfdp, int rekeying)
 {
        /* Add any selections by the channel mechanism. */
-        channel_prepare_select(readsetp, writesetp, maxfdp);
+        channel_prepare_select(readsetp, writesetp, maxfdp, rekeying);
        if (!compat20) {
                /* Read from the connection, unless our buffers are full. */
@@ -553,8 +554,8 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
                                continue;
                        case 'R':
-                                debug("Rekeying");
+                                if (compat20)
-                                kex_send_kexinit(xxx_kex);
+                                        need_rekeying = 1;
                                continue;
                        case '&':
@@ -794,9 +795,8 @@ int
 client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 {
        fd_set *readset = NULL, *writeset = NULL;
-        int max_fd = 0;
        double start_time, total_time;
-        int len;
+        int max_fd = 0, len, rekeying = 0;
        char buf[100];
        debug("Entering interactive session.");
@@ -858,45 +858,60 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                /* Process buffered packets sent by the server. */
                client_process_buffered_input_packets();
+                rekeying = (xxx_kex != NULL && !xxx_kex->done);
                if (compat20 && !channel_still_open()) {
                        debug2("!channel_still_open.");
                        break;
                }
-                /*
+                if (rekeying) {
-                 * Make packets of buffered stdin data, and buffer them for
+                        debug("rekeying in progress");
-                 * sending to the server.
+                } else {
-                 */
+                        /*
-                if (!compat20)
+                         * Make packets of buffered stdin data, and buffer
-                        client_make_packets_from_stdin_data();
+                         * them for sending to the server.
+                         */
-                /*
+                        if (!compat20)
-                 * Make packets from buffered channel data, and enqueue them
+                                client_make_packets_from_stdin_data();
-                 * for sending to the server.
-                 */
-                if (packet_not_very_much_data_to_write())
-                        channel_output_poll();
-                /*
+                        /*
-                 * Check if the window size has changed, and buffer a message
+                         * Make packets from buffered channel data, and
-                 * about it to the server if so.
+                         * enqueue them for sending to the server.
-                 */
+                         */
-                client_check_window_change();
+                        if (packet_not_very_much_data_to_write())
+                                channel_output_poll();
-                if (quit_pending)
+                        /*
-                        break;
+                         * Check if the window size has changed, and buffer a
+                         * message about it to the server if so.
+                         */
+                        client_check_window_change();
+                        if (quit_pending)
+                                break;
+                }
                /*
                 * Wait until we have something to do (something becomes
                 * available on one of the descriptors).
                 */
-                client_wait_until_can_do_something(&readset, &writeset, &max_fd);
+                client_wait_until_can_do_something(&readset, &writeset,
+                    &max_fd, rekeying);
                if (quit_pending)
                        break;
-                /* Do channel operations. */
+                /* Do channel operations unless rekeying in progress. */
-                channel_after_select(readset, writeset);
+                if (!rekeying) {
+                        channel_after_select(readset, writeset);
+                        if (need_rekeying) {
+                                debug("user requests rekeying");
+                                xxx_kex->done = 0;
+                                kex_send_kexinit(xxx_kex);
+                                need_rekeying = 0;
+                        }
+                }
                /* Buffer input from the connection.  */
                client_process_net_input(readset);
diff --git a/kex.c b/kex.c
index ee1e17e02..da9c56eb0 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.29 2001/04/04 14:34:58 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.30 2001/04/04 20:25:37 markus Exp $");
 #include <openssl/crypto.h>
@@ -136,7 +136,7 @@ kex_finish(Kex *kex)
        debug("waiting for SSH2_MSG_NEWKEYS");
        packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
        debug("SSH2_MSG_NEWKEYS received");
-        kex->newkeys = 1;
+        kex->done = 1;
        buffer_clear(&kex->peer);
        /* buffer_clear(&kex->my); */
        kex->flags &= ~KEX_INIT_SENT;
@@ -153,6 +153,7 @@ kex_send_kexinit(Kex *kex)
                debug("KEX_INIT_SENT");
                return;
        }
+        kex->done = 0;
        packet_start(SSH2_MSG_KEXINIT);
        packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
        packet_send();
@@ -187,7 +188,7 @@ kex_setup(char *proposal[PROPOSAL_MAX])
        buffer_init(&kex->peer);
        buffer_init(&kex->my);
        kex_prop2buf(&kex->my, proposal);
-        kex->newkeys = 0;
+        kex->done = 0;
        kex_send_kexinit(kex);                                  /* we start */
        kex_clear_dispatch();
@@ -307,10 +308,11 @@ kex_choose_conf(Kex *kex)
                sprop=peer;
        }
+        /* Algorithm Negotiation */
        for (mode = 0; mode < MODE_MAX; mode++) {
                newkeys = xmalloc(sizeof(*newkeys));
                memset(newkeys, 0, sizeof(*newkeys));
-                kex->keys[mode] = newkeys;
+                kex->newkeys[mode] = newkeys;
                ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
                nenc  = ctos ? PROPOSAL_ENC_ALGS_CTOS  : PROPOSAL_ENC_ALGS_STOC;
                nmac  = ctos ? PROPOSAL_MAC_ALGS_CTOS  : PROPOSAL_MAC_ALGS_STOC;
@@ -329,7 +331,7 @@ kex_choose_conf(Kex *kex)
            sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
        need = 0;
        for (mode = 0; mode < MODE_MAX; mode++) {
-                newkeys = kex->keys[mode];
+                newkeys = kex->newkeys[mode];
                if (need < newkeys->enc.cipher->key_len)
                        need = newkeys->enc.cipher->key_len;
                if (need < newkeys->enc.cipher->block_size)
@@ -353,19 +355,24 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
        char c = id;
        int have;
        int mdsz = evp_md->md_size;
-        u_char *digest = xmalloc(((need+mdsz-1)/mdsz)*mdsz);
+        u_char *digest = xmalloc(roundup(need, mdsz));
        buffer_init(&b);
        buffer_put_bignum2(&b, shared_secret);
+        /* K1 = HASH(K || H || "A" || session_id) */
        EVP_DigestInit(&md, evp_md);
-        EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));  /* shared_secret K */
+        EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
-        EVP_DigestUpdate(&md, hash, mdsz);              /* transport-06 */
+        EVP_DigestUpdate(&md, hash, mdsz);
-        EVP_DigestUpdate(&md, &c, 1);                   /* key id */
+        EVP_DigestUpdate(&md, &c, 1);
        EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
        EVP_DigestFinal(&md, digest, NULL);
-        /* expand */
+        /*
+         * expand key:
+         * Kn = HASH(K || H || K1 || K2 || ... || Kn-1)
+         * Key = K1 || K2 || ... || Kn
+         */
        for (have = mdsz; need > have; have += mdsz) {
                EVP_DigestInit(&md, evp_md);
                EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
@@ -381,13 +388,12 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
        return digest;
 }
-Newkeys *x_newkeys[MODE_MAX];
+Newkeys *current_keys[MODE_MAX];
 #define NKEYS   6
 void
 kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
 {
-        Newkeys *newkeys;
        u_char *keys[NKEYS];
        int i, mode, ctos;
@@ -396,19 +402,23 @@ kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
        debug("kex_derive_keys");
        for (mode = 0; mode < MODE_MAX; mode++) {
-                newkeys = kex->keys[mode];
+                current_keys[mode] = kex->newkeys[mode];
+                kex->newkeys[mode] = NULL;
                ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
-                newkeys->enc.iv  = keys[ctos ? 0 : 1];
+                current_keys[mode]->enc.iv  = keys[ctos ? 0 : 1];
-                newkeys->enc.key = keys[ctos ? 2 : 3];
+                current_keys[mode]->enc.key = keys[ctos ? 2 : 3];
-                newkeys->mac.key = keys[ctos ? 4 : 5];
+                current_keys[mode]->mac.key = keys[ctos ? 4 : 5];
-                x_newkeys[mode] = newkeys;
        }
 }
 Newkeys *
 kex_get_newkeys(int mode)
 {
-        return x_newkeys[mode];
+        Newkeys *ret;
+        ret = current_keys[mode];
+        current_keys[mode] = NULL;
+        return ret;
 }
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
diff --git a/kex.h b/kex.h
index 54134221f..8758804c5 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: kex.h,v 1.21 2001/04/04 14:34:58 markus Exp $ */
+/*      $OpenBSD: kex.h,v 1.22 2001/04/04 20:25:37 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -95,7 +95,7 @@ struct Newkeys {
 struct Kex {
        u_char  *session_id;
        int     session_id_len;
-        Newkeys *keys[MODE_MAX];
+        Newkeys *newkeys[MODE_MAX];
        int     we_need;
        int     server;
        char    *name;
@@ -103,7 +103,7 @@ struct Kex {
        int     kex_type;
        Buffer  my;
        Buffer  peer;
-        int     newkeys;
+        int     done;
        int     flags;
        char    *client_version_string;
        char    *server_version_string;
diff --git a/serverloop.c b/serverloop.c
index 4ae02fd10..ab7472b77 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.56 2001/04/04 14:34:58 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.57 2001/04/04 20:25:37 markus Exp $");
 #include "xmalloc.h"
 #include "packet.h"
@@ -194,7 +194,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
 retry_select:
        /* Allocate and update select() masks for channel descriptors. */
-        channel_prepare_select(readsetp, writesetp, maxfdp);
+        channel_prepare_select(readsetp, writesetp, maxfdp, 0);
        if (compat20) {
                /* wrong: bad condition XXX */
diff --git a/sshconnect2.c b/sshconnect2.c
index 2f26aa569..918ab38e8 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.65 2001/04/04 14:34:58 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.66 2001/04/04 20:25:38 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -119,7 +119,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        xxx_kex = kex;
-        dispatch_run(DISPATCH_BLOCK, &kex->newkeys, kex);
+        dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
        session_id2 = kex->session_id;
        session_id2_len = kex->session_id_len;
diff --git a/sshd.c b/sshd.c
index ea29e75ac..5b5928858 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.189 2001/04/04 14:34:58 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.190 2001/04/04 20:25:38 markus Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1437,7 +1437,7 @@ do_ssh2_kex(void)
        xxx_kex = kex;
-        dispatch_run(DISPATCH_BLOCK, &kex->newkeys, kex);
+        dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
        session_id2 = kex->session_id;
        session_id2_len = kex->session_id_len;

diff --git a/ChangeLog b/ChangeLog index 7bb8eaa5c..83c02ecf5 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -12,6 +12,11 @@
12	- markus@cvs.openbsd.org 2001/04/04 15:50:55	12	- markus@cvs.openbsd.org 2001/04/04 15:50:55
13	[compat.c]	13	[compat.c]
14	f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov	14	f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
		15	- markus@cvs.openbsd.org 2001/04/04 20:25:38
		16	[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
		17	sshconnect2.c sshd.c]
		18	more robust rekeying
		19	don't send channel data after rekeying is started.
15		20
16	20010404	21	20010404
17	- OpenBSD CVS Sync	22	- OpenBSD CVS Sync
@@ -4851,4 +4856,4 @@
4851	- Wrote replacements for strlcpy and mkdtemp	4856	- Wrote replacements for strlcpy and mkdtemp
4852	- Released 1.0pre1	4857	- Released 1.0pre1
4853		4858
4854	$Id: ChangeLog,v 1.1057 2001/04/04 23:43:26 mouring Exp $	4859	$Id: ChangeLog,v 1.1058 2001/04/04 23:46:07 mouring Exp $


diff --git a/channels.c b/channels.c index 941556ace..7790564cc 100644 --- a/channels.c +++ b/channels.c
@@ -40,7 +40,7 @@
40	*/	40	*/
41		41
42	#include "includes.h"	42	#include "includes.h"
43	RCSID("$OpenBSD: channels.c,v 1.99 2001/03/16 19:06:29 markus Exp $");	43	RCSID("$OpenBSD: channels.c,v 1.100 2001/04/04 20:25:35 markus Exp $");
44		44
45	#include <openssl/rsa.h>	45	#include <openssl/rsa.h>
46	#include <openssl/dsa.h>	46	#include <openssl/dsa.h>
@@ -1005,7 +1005,8 @@ channel_handler(chan_fn ftab[], fd_set readset, fd_set * writeset)
1005	}	1005	}
1006		1006
1007	void	1007	void
1008	channel_prepare_select(fd_set readsetp, fd_set writesetp, int *maxfdp)	1008	channel_prepare_select(fd_set readsetp, fd_set writesetp, int *maxfdp,
		1009	int rekeying)
1009	{	1010	{
1010	int n;	1011	int n;
1011	u_int sz;	1012	u_int sz;
@@ -1025,7 +1026,8 @@ channel_prepare_select(fd_set readsetp, fd_set writesetp, int *maxfdp)
1025	memset(*readsetp, 0, sz);	1026	memset(*readsetp, 0, sz);
1026	memset(*writesetp, 0, sz);	1027	memset(*writesetp, 0, sz);
1027		1028
1028	channel_handler(channel_pre, readsetp, writesetp);	1029	if (!rekeying)
		1030	channel_handler(channel_pre, readsetp, writesetp);
1029	}	1031	}
1030		1032
1031	void	1033	void


diff --git a/channels.h b/channels.h index 493b04aa2..2cd82148e 100644 --- a/channels.h +++ b/channels.h
@@ -32,7 +32,7 @@
32	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	32	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	33	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34	*/	34	*/
35	/* RCSID("$OpenBSD: channels.h,v 1.28 2001/03/16 19:06:29 markus Exp $"); */	35	/* RCSID("$OpenBSD: channels.h,v 1.29 2001/04/04 20:25:36 markus Exp $"); */
36		36
37	#ifndef CHANNELS_H	37	#ifndef CHANNELS_H
38	#define CHANNELS_H	38	#define CHANNELS_H
@@ -171,7 +171,8 @@ void channel_free(int channel);
171	* select bitmasks.	171	* select bitmasks.
172	*/	172	*/
173	void	173	void
174	channel_prepare_select(fd_set readsetp, fd_set writesetp, int *maxfdp);	174	channel_prepare_select(fd_set readsetp, fd_set writesetp, int *maxfdp,
		175	int rekeying);
175		176
176	/*	177	/*
177	* After select, perform any appropriate operations for channels which have	178	* After select, perform any appropriate operations for channels which have


diff --git a/clientloop.c b/clientloop.c index 1d09a8dd9..4b87e3b6d 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -59,7 +59,7 @@
59	*/	59	*/
60		60
61	#include "includes.h"	61	#include "includes.h"
62	RCSID("$OpenBSD: clientloop.c,v 1.55 2001/04/04 14:34:58 markus Exp $");	62	RCSID("$OpenBSD: clientloop.c,v 1.56 2001/04/04 20:25:37 markus Exp $");
63		63
64	#include "ssh.h"	64	#include "ssh.h"
65	#include "ssh1.h"	65	#include "ssh1.h"
@@ -127,6 +127,7 @@ static u_long stdin_bytes, stdout_bytes, stderr_bytes;
127	static u_int buffer_high;/* Soft max buffer size. */	127	static u_int buffer_high;/* Soft max buffer size. */
128	static int connection_in; /* Connection to server (input). */	128	static int connection_in; /* Connection to server (input). */
129	static int connection_out; /* Connection to server (output). */	129	static int connection_out; /* Connection to server (output). */
		130	static int need_rekeying; /* Set to non-zero if rekeying is requested. */
130		131
131	void client_init_dispatch(void);	132	void client_init_dispatch(void);
132	int session_ident = -1;	133	int session_ident = -1;
@@ -367,10 +368,10 @@ client_check_window_change(void)
367		368
368	void	369	void
369	client_wait_until_can_do_something(fd_set readsetp, fd_set writesetp,	370	client_wait_until_can_do_something(fd_set readsetp, fd_set writesetp,
370	int *maxfdp)	371	int *maxfdp, int rekeying)
371	{	372	{
372	/* Add any selections by the channel mechanism. */	373	/* Add any selections by the channel mechanism. */
373	channel_prepare_select(readsetp, writesetp, maxfdp);	374	channel_prepare_select(readsetp, writesetp, maxfdp, rekeying);
374		375
375	if (!compat20) {	376	if (!compat20) {
376	/* Read from the connection, unless our buffers are full. */	377	/* Read from the connection, unless our buffers are full. */
@@ -553,8 +554,8 @@ process_escapes(Buffer bin, Buffer bout, Buffer berr, char buf, int len)
553	continue;	554	continue;
554		555
555	case 'R':	556	case 'R':
556	debug("Rekeying");	557	if (compat20)
557	kex_send_kexinit(xxx_kex);	558	need_rekeying = 1;
558	continue;	559	continue;
559		560
560	case '&':	561	case '&':
@@ -794,9 +795,8 @@ int
794	client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)	795	client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
795	{	796	{
796	fd_set readset = NULL, writeset = NULL;	797	fd_set readset = NULL, writeset = NULL;
797	int max_fd = 0;
798	double start_time, total_time;	798	double start_time, total_time;
799	int len;	799	int max_fd = 0, len, rekeying = 0;
800	char buf[100];	800	char buf[100];
801		801
802	debug("Entering interactive session.");	802	debug("Entering interactive session.");
@@ -858,45 +858,60 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
858	/* Process buffered packets sent by the server. */	858	/* Process buffered packets sent by the server. */
859	client_process_buffered_input_packets();	859	client_process_buffered_input_packets();
860		860
		861	rekeying = (xxx_kex != NULL && !xxx_kex->done);
		862
861	if (compat20 && !channel_still_open()) {	863	if (compat20 && !channel_still_open()) {
862	debug2("!channel_still_open.");	864	debug2("!channel_still_open.");
863	break;	865	break;
864	}	866	}
865		867
866	/*	868	if (rekeying) {
867	* Make packets of buffered stdin data, and buffer them for	869	debug("rekeying in progress");
868	* sending to the server.	870	} else {
869	*/	871	/*
870	if (!compat20)	872	* Make packets of buffered stdin data, and buffer
871	client_make_packets_from_stdin_data();	873	* them for sending to the server.
872		874	*/
873	/*	875	if (!compat20)
874	* Make packets from buffered channel data, and enqueue them	876	client_make_packets_from_stdin_data();
875	* for sending to the server.
876	*/
877	if (packet_not_very_much_data_to_write())
878	channel_output_poll();
879		877
880	/*	878	/*
881	* Check if the window size has changed, and buffer a message	879	* Make packets from buffered channel data, and
882	* about it to the server if so.	880	* enqueue them for sending to the server.
883	*/	881	*/
884	client_check_window_change();	882	if (packet_not_very_much_data_to_write())
		883	channel_output_poll();
885		884
886	if (quit_pending)	885	/*
887	break;	886	* Check if the window size has changed, and buffer a
		887	* message about it to the server if so.
		888	*/
		889	client_check_window_change();
888		890
		891	if (quit_pending)
		892	break;
		893	}
889	/*	894	/*
890	* Wait until we have something to do (something becomes	895	* Wait until we have something to do (something becomes
891	* available on one of the descriptors).	896	* available on one of the descriptors).
892	*/	897	*/
893	client_wait_until_can_do_something(&readset, &writeset, &max_fd);	898	client_wait_until_can_do_something(&readset, &writeset,
		899	&max_fd, rekeying);
894		900
895	if (quit_pending)	901	if (quit_pending)
896	break;	902	break;
897		903
898	/* Do channel operations. */	904	/* Do channel operations unless rekeying in progress. */
899	channel_after_select(readset, writeset);	905	if (!rekeying) {
		906	channel_after_select(readset, writeset);
		907
		908	if (need_rekeying) {
		909	debug("user requests rekeying");
		910	xxx_kex->done = 0;
		911	kex_send_kexinit(xxx_kex);
		912	need_rekeying = 0;
		913	}
		914	}
900		915
901	/* Buffer input from the connection. */	916	/* Buffer input from the connection. */
902	client_process_net_input(readset);	917	client_process_net_input(readset);


diff --git a/kex.c b/kex.c index ee1e17e02..da9c56eb0 100644 --- a/kex.c +++ b/kex.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: kex.c,v 1.29 2001/04/04 14:34:58 markus Exp $");	26	RCSID("$OpenBSD: kex.c,v 1.30 2001/04/04 20:25:37 markus Exp $");
27		27
28	#include <openssl/crypto.h>	28	#include <openssl/crypto.h>
29		29
@@ -136,7 +136,7 @@ kex_finish(Kex *kex)
136	debug("waiting for SSH2_MSG_NEWKEYS");	136	debug("waiting for SSH2_MSG_NEWKEYS");
137	packet_read_expect(&plen, SSH2_MSG_NEWKEYS);	137	packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
138	debug("SSH2_MSG_NEWKEYS received");	138	debug("SSH2_MSG_NEWKEYS received");
139	kex->newkeys = 1;	139	kex->done = 1;
140	buffer_clear(&kex->peer);	140	buffer_clear(&kex->peer);
141	/* buffer_clear(&kex->my); */	141	/* buffer_clear(&kex->my); */
142	kex->flags &= ~KEX_INIT_SENT;	142	kex->flags &= ~KEX_INIT_SENT;
@@ -153,6 +153,7 @@ kex_send_kexinit(Kex *kex)
153	debug("KEX_INIT_SENT");	153	debug("KEX_INIT_SENT");
154	return;	154	return;
155	}	155	}
		156	kex->done = 0;
156	packet_start(SSH2_MSG_KEXINIT);	157	packet_start(SSH2_MSG_KEXINIT);
157	packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));	158	packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
158	packet_send();	159	packet_send();
@@ -187,7 +188,7 @@ kex_setup(char *proposal[PROPOSAL_MAX])
187	buffer_init(&kex->peer);	188	buffer_init(&kex->peer);
188	buffer_init(&kex->my);	189	buffer_init(&kex->my);
189	kex_prop2buf(&kex->my, proposal);	190	kex_prop2buf(&kex->my, proposal);
190	kex->newkeys = 0;	191	kex->done = 0;
191		192
192	kex_send_kexinit(kex); /* we start */	193	kex_send_kexinit(kex); /* we start */
193	kex_clear_dispatch();	194	kex_clear_dispatch();
@@ -307,10 +308,11 @@ kex_choose_conf(Kex *kex)
307	sprop=peer;	308	sprop=peer;
308	}	309	}
309		310
		311	/* Algorithm Negotiation */
310	for (mode = 0; mode < MODE_MAX; mode++) {	312	for (mode = 0; mode < MODE_MAX; mode++) {
311	newkeys = xmalloc(sizeof(*newkeys));	313	newkeys = xmalloc(sizeof(*newkeys));
312	memset(newkeys, 0, sizeof(*newkeys));	314	memset(newkeys, 0, sizeof(*newkeys));
313	kex->keys[mode] = newkeys;	315	kex->newkeys[mode] = newkeys;
314	ctos = (!kex->server && mode == MODE_OUT) \|\| (kex->server && mode == MODE_IN);	316	ctos = (!kex->server && mode == MODE_OUT) \|\| (kex->server && mode == MODE_IN);
315	nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;	317	nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
316	nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC;	318	nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC;
@@ -329,7 +331,7 @@ kex_choose_conf(Kex *kex)
329	sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);	331	sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
330	need = 0;	332	need = 0;
331	for (mode = 0; mode < MODE_MAX; mode++) {	333	for (mode = 0; mode < MODE_MAX; mode++) {
332	newkeys = kex->keys[mode];	334	newkeys = kex->newkeys[mode];
333	if (need < newkeys->enc.cipher->key_len)	335	if (need < newkeys->enc.cipher->key_len)
334	need = newkeys->enc.cipher->key_len;	336	need = newkeys->enc.cipher->key_len;
335	if (need < newkeys->enc.cipher->block_size)	337	if (need < newkeys->enc.cipher->block_size)
@@ -353,19 +355,24 @@ derive_key(Kex kex, int id, int need, u_char hash, BIGNUM *shared_secret)
353	char c = id;	355	char c = id;
354	int have;	356	int have;
355	int mdsz = evp_md->md_size;	357	int mdsz = evp_md->md_size;
356	u_char digest = xmalloc(((need+mdsz-1)/mdsz)mdsz);	358	u_char *digest = xmalloc(roundup(need, mdsz));
357		359
358	buffer_init(&b);	360	buffer_init(&b);
359	buffer_put_bignum2(&b, shared_secret);	361	buffer_put_bignum2(&b, shared_secret);
360		362
		363	/* K1 = HASH(K \|\| H \|\| "A" \|\| session_id) */
361	EVP_DigestInit(&md, evp_md);	364	EVP_DigestInit(&md, evp_md);
362	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); /* shared_secret K */	365	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
363	EVP_DigestUpdate(&md, hash, mdsz); /* transport-06 */	366	EVP_DigestUpdate(&md, hash, mdsz);
364	EVP_DigestUpdate(&md, &c, 1); /* key id */	367	EVP_DigestUpdate(&md, &c, 1);
365	EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);	368	EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
366	EVP_DigestFinal(&md, digest, NULL);	369	EVP_DigestFinal(&md, digest, NULL);
367		370
368	/* expand */	371	/*
		372	* expand key:
		373	* Kn = HASH(K \|\| H \|\| K1 \|\| K2 \|\| ... \|\| Kn-1)
		374	* Key = K1 \|\| K2 \|\| ... \|\| Kn
		375	*/
369	for (have = mdsz; need > have; have += mdsz) {	376	for (have = mdsz; need > have; have += mdsz) {
370	EVP_DigestInit(&md, evp_md);	377	EVP_DigestInit(&md, evp_md);
371	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));	378	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
@@ -381,13 +388,12 @@ derive_key(Kex kex, int id, int need, u_char hash, BIGNUM *shared_secret)
381	return digest;	388	return digest;
382	}	389	}
383		390
384	Newkeys *x_newkeys[MODE_MAX];	391	Newkeys *current_keys[MODE_MAX];
385		392
386	#define NKEYS 6	393	#define NKEYS 6
387	void	394	void
388	kex_derive_keys(Kex kex, u_char hash, BIGNUM *shared_secret)	395	kex_derive_keys(Kex kex, u_char hash, BIGNUM *shared_secret)
389	{	396	{
390	Newkeys *newkeys;
391	u_char *keys[NKEYS];	397	u_char *keys[NKEYS];
392	int i, mode, ctos;	398	int i, mode, ctos;
393		399
@@ -396,19 +402,23 @@ kex_derive_keys(Kex kex, u_char hash, BIGNUM *shared_secret)
396		402
397	debug("kex_derive_keys");	403	debug("kex_derive_keys");
398	for (mode = 0; mode < MODE_MAX; mode++) {	404	for (mode = 0; mode < MODE_MAX; mode++) {
399	newkeys = kex->keys[mode];	405	current_keys[mode] = kex->newkeys[mode];
		406	kex->newkeys[mode] = NULL;
400	ctos = (!kex->server && mode == MODE_OUT) \|\| (kex->server && mode == MODE_IN);	407	ctos = (!kex->server && mode == MODE_OUT) \|\| (kex->server && mode == MODE_IN);
401	newkeys->enc.iv = keys[ctos ? 0 : 1];	408	current_keys[mode]->enc.iv = keys[ctos ? 0 : 1];
402	newkeys->enc.key = keys[ctos ? 2 : 3];	409	current_keys[mode]->enc.key = keys[ctos ? 2 : 3];
403	newkeys->mac.key = keys[ctos ? 4 : 5];	410	current_keys[mode]->mac.key = keys[ctos ? 4 : 5];
404	x_newkeys[mode] = newkeys;
405	}	411	}
406	}	412	}
407		413
408	Newkeys *	414	Newkeys *
409	kex_get_newkeys(int mode)	415	kex_get_newkeys(int mode)
410	{	416	{
411	return x_newkeys[mode];	417	Newkeys *ret;
		418
		419	ret = current_keys[mode];
		420	current_keys[mode] = NULL;
		421	return ret;
412	}	422	}
413		423
414	#if defined(DEBUG_KEX) \|\| defined(DEBUG_KEXDH)	424	#if defined(DEBUG_KEX) \|\| defined(DEBUG_KEXDH)


diff --git a/kex.h b/kex.h index 54134221f..8758804c5 100644 --- a/kex.h +++ b/kex.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kex.h,v 1.21 2001/04/04 14:34:58 markus Exp $ */	1	/* $OpenBSD: kex.h,v 1.22 2001/04/04 20:25:37 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -95,7 +95,7 @@ struct Newkeys {
95	struct Kex {	95	struct Kex {
96	u_char *session_id;	96	u_char *session_id;
97	int session_id_len;	97	int session_id_len;
98	Newkeys *keys[MODE_MAX];	98	Newkeys *newkeys[MODE_MAX];
99	int we_need;	99	int we_need;
100	int server;	100	int server;
101	char *name;	101	char *name;
@@ -103,7 +103,7 @@ struct Kex {
103	int kex_type;	103	int kex_type;
104	Buffer my;	104	Buffer my;
105	Buffer peer;	105	Buffer peer;
106	int newkeys;	106	int done;
107	int flags;	107	int flags;
108	char *client_version_string;	108	char *client_version_string;
109	char *server_version_string;	109	char *server_version_string;


diff --git a/serverloop.c b/serverloop.c index 4ae02fd10..ab7472b77 100644 --- a/serverloop.c +++ b/serverloop.c
@@ -35,7 +35,7 @@
35	*/	35	*/
36		36
37	#include "includes.h"	37	#include "includes.h"
38	RCSID("$OpenBSD: serverloop.c,v 1.56 2001/04/04 14:34:58 markus Exp $");	38	RCSID("$OpenBSD: serverloop.c,v 1.57 2001/04/04 20:25:37 markus Exp $");
39		39
40	#include "xmalloc.h"	40	#include "xmalloc.h"
41	#include "packet.h"	41	#include "packet.h"
@@ -194,7 +194,7 @@ wait_until_can_do_something(fd_set readsetp, fd_set writesetp, int *maxfdp,
194	retry_select:	194	retry_select:
195		195
196	/* Allocate and update select() masks for channel descriptors. */	196	/* Allocate and update select() masks for channel descriptors. */
197	channel_prepare_select(readsetp, writesetp, maxfdp);	197	channel_prepare_select(readsetp, writesetp, maxfdp, 0);
198		198
199	if (compat20) {	199	if (compat20) {
200	/* wrong: bad condition XXX */	200	/* wrong: bad condition XXX */


diff --git a/sshconnect2.c b/sshconnect2.c index 2f26aa569..918ab38e8 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: sshconnect2.c,v 1.65 2001/04/04 14:34:58 markus Exp $");	26	RCSID("$OpenBSD: sshconnect2.c,v 1.66 2001/04/04 20:25:38 markus Exp $");
27		27
28	#include <openssl/bn.h>	28	#include <openssl/bn.h>
29	#include <openssl/md5.h>	29	#include <openssl/md5.h>
@@ -119,7 +119,7 @@ ssh_kex2(char host, struct sockaddr hostaddr)
119		119
120	xxx_kex = kex;	120	xxx_kex = kex;
121		121
122	dispatch_run(DISPATCH_BLOCK, &kex->newkeys, kex);	122	dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
123		123
124	session_id2 = kex->session_id;	124	session_id2 = kex->session_id;
125	session_id2_len = kex->session_id_len;	125	session_id2_len = kex->session_id_len;


diff --git a/sshd.c b/sshd.c index ea29e75ac..5b5928858 100644 --- a/sshd.c +++ b/sshd.c
@@ -40,7 +40,7 @@
40	*/	40	*/
41		41
42	#include "includes.h"	42	#include "includes.h"
43	RCSID("$OpenBSD: sshd.c,v 1.189 2001/04/04 14:34:58 markus Exp $");	43	RCSID("$OpenBSD: sshd.c,v 1.190 2001/04/04 20:25:38 markus Exp $");
44		44
45	#include <openssl/dh.h>	45	#include <openssl/dh.h>
46	#include <openssl/bn.h>	46	#include <openssl/bn.h>
@@ -1437,7 +1437,7 @@ do_ssh2_kex(void)
1437		1437
1438	xxx_kex = kex;	1438	xxx_kex = kex;
1439		1439
1440	dispatch_run(DISPATCH_BLOCK, &kex->newkeys, kex);	1440	dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
1441		1441
1442	session_id2 = kex->session_id;	1442	session_id2 = kex->session_id;
1443	session_id2_len = kex->session_id_len;	1443	session_id2_len = kex->session_id_len;