summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--channels.c8
-rw-r--r--channels.h5
-rw-r--r--clientloop.c75
-rw-r--r--kex.c46
-rw-r--r--kex.h6
-rw-r--r--serverloop.c4
-rw-r--r--sshconnect2.c4
-rw-r--r--sshd.c4
9 files changed, 96 insertions, 63 deletions
diff --git a/ChangeLog b/ChangeLog
index 7bb8eaa5c..83c02ecf5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,11 @@
12 - markus@cvs.openbsd.org 2001/04/04 15:50:55 12 - markus@cvs.openbsd.org 2001/04/04 15:50:55
13 [compat.c] 13 [compat.c]
14 f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov 14 f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
15 - markus@cvs.openbsd.org 2001/04/04 20:25:38
16 [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
17 sshconnect2.c sshd.c]
18 more robust rekeying
19 don't send channel data after rekeying is started.
15 20
1620010404 2120010404
17 - OpenBSD CVS Sync 22 - OpenBSD CVS Sync
@@ -4851,4 +4856,4 @@
4851 - Wrote replacements for strlcpy and mkdtemp 4856 - Wrote replacements for strlcpy and mkdtemp
4852 - Released 1.0pre1 4857 - Released 1.0pre1
4853 4858
4854$Id: ChangeLog,v 1.1057 2001/04/04 23:43:26 mouring Exp $ 4859$Id: ChangeLog,v 1.1058 2001/04/04 23:46:07 mouring Exp $
diff --git a/channels.c b/channels.c
index 941556ace..7790564cc 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: channels.c,v 1.99 2001/03/16 19:06:29 markus Exp $"); 43RCSID("$OpenBSD: channels.c,v 1.100 2001/04/04 20:25:35 markus Exp $");
44 44
45#include <openssl/rsa.h> 45#include <openssl/rsa.h>
46#include <openssl/dsa.h> 46#include <openssl/dsa.h>
@@ -1005,7 +1005,8 @@ channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
1005} 1005}
1006 1006
1007void 1007void
1008channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp) 1008channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
1009 int rekeying)
1009{ 1010{
1010 int n; 1011 int n;
1011 u_int sz; 1012 u_int sz;
@@ -1025,7 +1026,8 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp)
1025 memset(*readsetp, 0, sz); 1026 memset(*readsetp, 0, sz);
1026 memset(*writesetp, 0, sz); 1027 memset(*writesetp, 0, sz);
1027 1028
1028 channel_handler(channel_pre, *readsetp, *writesetp); 1029 if (!rekeying)
1030 channel_handler(channel_pre, *readsetp, *writesetp);
1029} 1031}
1030 1032
1031void 1033void
diff --git a/channels.h b/channels.h
index 493b04aa2..2cd82148e 100644
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */ 34 */
35/* RCSID("$OpenBSD: channels.h,v 1.28 2001/03/16 19:06:29 markus Exp $"); */ 35/* RCSID("$OpenBSD: channels.h,v 1.29 2001/04/04 20:25:36 markus Exp $"); */
36 36
37#ifndef CHANNELS_H 37#ifndef CHANNELS_H
38#define CHANNELS_H 38#define CHANNELS_H
@@ -171,7 +171,8 @@ void channel_free(int channel);
171 * select bitmasks. 171 * select bitmasks.
172 */ 172 */
173void 173void
174channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp); 174channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
175 int rekeying);
175 176
176/* 177/*
177 * After select, perform any appropriate operations for channels which have 178 * After select, perform any appropriate operations for channels which have
diff --git a/clientloop.c b/clientloop.c
index 1d09a8dd9..4b87e3b6d 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.55 2001/04/04 14:34:58 markus Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.56 2001/04/04 20:25:37 markus Exp $");
63 63
64#include "ssh.h" 64#include "ssh.h"
65#include "ssh1.h" 65#include "ssh1.h"
@@ -127,6 +127,7 @@ static u_long stdin_bytes, stdout_bytes, stderr_bytes;
127static u_int buffer_high;/* Soft max buffer size. */ 127static u_int buffer_high;/* Soft max buffer size. */
128static int connection_in; /* Connection to server (input). */ 128static int connection_in; /* Connection to server (input). */
129static int connection_out; /* Connection to server (output). */ 129static int connection_out; /* Connection to server (output). */
130static int need_rekeying; /* Set to non-zero if rekeying is requested. */
130 131
131void client_init_dispatch(void); 132void client_init_dispatch(void);
132int session_ident = -1; 133int session_ident = -1;
@@ -367,10 +368,10 @@ client_check_window_change(void)
367 368
368void 369void
369client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, 370client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
370 int *maxfdp) 371 int *maxfdp, int rekeying)
371{ 372{
372 /* Add any selections by the channel mechanism. */ 373 /* Add any selections by the channel mechanism. */
373 channel_prepare_select(readsetp, writesetp, maxfdp); 374 channel_prepare_select(readsetp, writesetp, maxfdp, rekeying);
374 375
375 if (!compat20) { 376 if (!compat20) {
376 /* Read from the connection, unless our buffers are full. */ 377 /* Read from the connection, unless our buffers are full. */
@@ -553,8 +554,8 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
553 continue; 554 continue;
554 555
555 case 'R': 556 case 'R':
556 debug("Rekeying"); 557 if (compat20)
557 kex_send_kexinit(xxx_kex); 558 need_rekeying = 1;
558 continue; 559 continue;
559 560
560 case '&': 561 case '&':
@@ -794,9 +795,8 @@ int
794client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) 795client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
795{ 796{
796 fd_set *readset = NULL, *writeset = NULL; 797 fd_set *readset = NULL, *writeset = NULL;
797 int max_fd = 0;
798 double start_time, total_time; 798 double start_time, total_time;
799 int len; 799 int max_fd = 0, len, rekeying = 0;
800 char buf[100]; 800 char buf[100];
801 801
802 debug("Entering interactive session."); 802 debug("Entering interactive session.");
@@ -858,45 +858,60 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
858 /* Process buffered packets sent by the server. */ 858 /* Process buffered packets sent by the server. */
859 client_process_buffered_input_packets(); 859 client_process_buffered_input_packets();
860 860
861 rekeying = (xxx_kex != NULL && !xxx_kex->done);
862
861 if (compat20 && !channel_still_open()) { 863 if (compat20 && !channel_still_open()) {
862 debug2("!channel_still_open."); 864 debug2("!channel_still_open.");
863 break; 865 break;
864 } 866 }
865 867
866 /* 868 if (rekeying) {
867 * Make packets of buffered stdin data, and buffer them for 869 debug("rekeying in progress");
868 * sending to the server. 870 } else {
869 */ 871 /*
870 if (!compat20) 872 * Make packets of buffered stdin data, and buffer
871 client_make_packets_from_stdin_data(); 873 * them for sending to the server.
872 874 */
873 /* 875 if (!compat20)
874 * Make packets from buffered channel data, and enqueue them 876 client_make_packets_from_stdin_data();
875 * for sending to the server.
876 */
877 if (packet_not_very_much_data_to_write())
878 channel_output_poll();
879 877
880 /* 878 /*
881 * Check if the window size has changed, and buffer a message 879 * Make packets from buffered channel data, and
882 * about it to the server if so. 880 * enqueue them for sending to the server.
883 */ 881 */
884 client_check_window_change(); 882 if (packet_not_very_much_data_to_write())
883 channel_output_poll();
885 884
886 if (quit_pending) 885 /*
887 break; 886 * Check if the window size has changed, and buffer a
887 * message about it to the server if so.
888 */
889 client_check_window_change();
888 890
891 if (quit_pending)
892 break;
893 }
889 /* 894 /*
890 * Wait until we have something to do (something becomes 895 * Wait until we have something to do (something becomes
891 * available on one of the descriptors). 896 * available on one of the descriptors).
892 */ 897 */
893 client_wait_until_can_do_something(&readset, &writeset, &max_fd); 898 client_wait_until_can_do_something(&readset, &writeset,
899 &max_fd, rekeying);
894 900
895 if (quit_pending) 901 if (quit_pending)
896 break; 902 break;
897 903
898 /* Do channel operations. */ 904 /* Do channel operations unless rekeying in progress. */
899 channel_after_select(readset, writeset); 905 if (!rekeying) {
906 channel_after_select(readset, writeset);
907
908 if (need_rekeying) {
909 debug("user requests rekeying");
910 xxx_kex->done = 0;
911 kex_send_kexinit(xxx_kex);
912 need_rekeying = 0;
913 }
914 }
900 915
901 /* Buffer input from the connection. */ 916 /* Buffer input from the connection. */
902 client_process_net_input(readset); 917 client_process_net_input(readset);
diff --git a/kex.c b/kex.c
index ee1e17e02..da9c56eb0 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.29 2001/04/04 14:34:58 markus Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.30 2001/04/04 20:25:37 markus Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29 29
@@ -136,7 +136,7 @@ kex_finish(Kex *kex)
136 debug("waiting for SSH2_MSG_NEWKEYS"); 136 debug("waiting for SSH2_MSG_NEWKEYS");
137 packet_read_expect(&plen, SSH2_MSG_NEWKEYS); 137 packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
138 debug("SSH2_MSG_NEWKEYS received"); 138 debug("SSH2_MSG_NEWKEYS received");
139 kex->newkeys = 1; 139 kex->done = 1;
140 buffer_clear(&kex->peer); 140 buffer_clear(&kex->peer);
141 /* buffer_clear(&kex->my); */ 141 /* buffer_clear(&kex->my); */
142 kex->flags &= ~KEX_INIT_SENT; 142 kex->flags &= ~KEX_INIT_SENT;
@@ -153,6 +153,7 @@ kex_send_kexinit(Kex *kex)
153 debug("KEX_INIT_SENT"); 153 debug("KEX_INIT_SENT");
154 return; 154 return;
155 } 155 }
156 kex->done = 0;
156 packet_start(SSH2_MSG_KEXINIT); 157 packet_start(SSH2_MSG_KEXINIT);
157 packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); 158 packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
158 packet_send(); 159 packet_send();
@@ -187,7 +188,7 @@ kex_setup(char *proposal[PROPOSAL_MAX])
187 buffer_init(&kex->peer); 188 buffer_init(&kex->peer);
188 buffer_init(&kex->my); 189 buffer_init(&kex->my);
189 kex_prop2buf(&kex->my, proposal); 190 kex_prop2buf(&kex->my, proposal);
190 kex->newkeys = 0; 191 kex->done = 0;
191 192
192 kex_send_kexinit(kex); /* we start */ 193 kex_send_kexinit(kex); /* we start */
193 kex_clear_dispatch(); 194 kex_clear_dispatch();
@@ -307,10 +308,11 @@ kex_choose_conf(Kex *kex)
307 sprop=peer; 308 sprop=peer;
308 } 309 }
309 310
311 /* Algorithm Negotiation */
310 for (mode = 0; mode < MODE_MAX; mode++) { 312 for (mode = 0; mode < MODE_MAX; mode++) {
311 newkeys = xmalloc(sizeof(*newkeys)); 313 newkeys = xmalloc(sizeof(*newkeys));
312 memset(newkeys, 0, sizeof(*newkeys)); 314 memset(newkeys, 0, sizeof(*newkeys));
313 kex->keys[mode] = newkeys; 315 kex->newkeys[mode] = newkeys;
314 ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN); 316 ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
315 nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC; 317 nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
316 nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; 318 nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC;
@@ -329,7 +331,7 @@ kex_choose_conf(Kex *kex)
329 sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]); 331 sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
330 need = 0; 332 need = 0;
331 for (mode = 0; mode < MODE_MAX; mode++) { 333 for (mode = 0; mode < MODE_MAX; mode++) {
332 newkeys = kex->keys[mode]; 334 newkeys = kex->newkeys[mode];
333 if (need < newkeys->enc.cipher->key_len) 335 if (need < newkeys->enc.cipher->key_len)
334 need = newkeys->enc.cipher->key_len; 336 need = newkeys->enc.cipher->key_len;
335 if (need < newkeys->enc.cipher->block_size) 337 if (need < newkeys->enc.cipher->block_size)
@@ -353,19 +355,24 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
353 char c = id; 355 char c = id;
354 int have; 356 int have;
355 int mdsz = evp_md->md_size; 357 int mdsz = evp_md->md_size;
356 u_char *digest = xmalloc(((need+mdsz-1)/mdsz)*mdsz); 358 u_char *digest = xmalloc(roundup(need, mdsz));
357 359
358 buffer_init(&b); 360 buffer_init(&b);
359 buffer_put_bignum2(&b, shared_secret); 361 buffer_put_bignum2(&b, shared_secret);
360 362
363 /* K1 = HASH(K || H || "A" || session_id) */
361 EVP_DigestInit(&md, evp_md); 364 EVP_DigestInit(&md, evp_md);
362 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); /* shared_secret K */ 365 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
363 EVP_DigestUpdate(&md, hash, mdsz); /* transport-06 */ 366 EVP_DigestUpdate(&md, hash, mdsz);
364 EVP_DigestUpdate(&md, &c, 1); /* key id */ 367 EVP_DigestUpdate(&md, &c, 1);
365 EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); 368 EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
366 EVP_DigestFinal(&md, digest, NULL); 369 EVP_DigestFinal(&md, digest, NULL);
367 370
368 /* expand */ 371 /*
372 * expand key:
373 * Kn = HASH(K || H || K1 || K2 || ... || Kn-1)
374 * Key = K1 || K2 || ... || Kn
375 */
369 for (have = mdsz; need > have; have += mdsz) { 376 for (have = mdsz; need > have; have += mdsz) {
370 EVP_DigestInit(&md, evp_md); 377 EVP_DigestInit(&md, evp_md);
371 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); 378 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
@@ -381,13 +388,12 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
381 return digest; 388 return digest;
382} 389}
383 390
384Newkeys *x_newkeys[MODE_MAX]; 391Newkeys *current_keys[MODE_MAX];
385 392
386#define NKEYS 6 393#define NKEYS 6
387void 394void
388kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) 395kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
389{ 396{
390 Newkeys *newkeys;
391 u_char *keys[NKEYS]; 397 u_char *keys[NKEYS];
392 int i, mode, ctos; 398 int i, mode, ctos;
393 399
@@ -396,19 +402,23 @@ kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
396 402
397 debug("kex_derive_keys"); 403 debug("kex_derive_keys");
398 for (mode = 0; mode < MODE_MAX; mode++) { 404 for (mode = 0; mode < MODE_MAX; mode++) {
399 newkeys = kex->keys[mode]; 405 current_keys[mode] = kex->newkeys[mode];
406 kex->newkeys[mode] = NULL;
400 ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN); 407 ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
401 newkeys->enc.iv = keys[ctos ? 0 : 1]; 408 current_keys[mode]->enc.iv = keys[ctos ? 0 : 1];
402 newkeys->enc.key = keys[ctos ? 2 : 3]; 409 current_keys[mode]->enc.key = keys[ctos ? 2 : 3];
403 newkeys->mac.key = keys[ctos ? 4 : 5]; 410 current_keys[mode]->mac.key = keys[ctos ? 4 : 5];
404 x_newkeys[mode] = newkeys;
405 } 411 }
406} 412}
407 413
408Newkeys * 414Newkeys *
409kex_get_newkeys(int mode) 415kex_get_newkeys(int mode)
410{ 416{
411 return x_newkeys[mode]; 417 Newkeys *ret;
418
419 ret = current_keys[mode];
420 current_keys[mode] = NULL;
421 return ret;
412} 422}
413 423
414#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) 424#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
diff --git a/kex.h b/kex.h
index 54134221f..8758804c5 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.21 2001/04/04 14:34:58 markus Exp $ */ 1/* $OpenBSD: kex.h,v 1.22 2001/04/04 20:25:37 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -95,7 +95,7 @@ struct Newkeys {
95struct Kex { 95struct Kex {
96 u_char *session_id; 96 u_char *session_id;
97 int session_id_len; 97 int session_id_len;
98 Newkeys *keys[MODE_MAX]; 98 Newkeys *newkeys[MODE_MAX];
99 int we_need; 99 int we_need;
100 int server; 100 int server;
101 char *name; 101 char *name;
@@ -103,7 +103,7 @@ struct Kex {
103 int kex_type; 103 int kex_type;
104 Buffer my; 104 Buffer my;
105 Buffer peer; 105 Buffer peer;
106 int newkeys; 106 int done;
107 int flags; 107 int flags;
108 char *client_version_string; 108 char *client_version_string;
109 char *server_version_string; 109 char *server_version_string;
diff --git a/serverloop.c b/serverloop.c
index 4ae02fd10..ab7472b77 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.56 2001/04/04 14:34:58 markus Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.57 2001/04/04 20:25:37 markus Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "packet.h" 41#include "packet.h"
@@ -194,7 +194,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
194retry_select: 194retry_select:
195 195
196 /* Allocate and update select() masks for channel descriptors. */ 196 /* Allocate and update select() masks for channel descriptors. */
197 channel_prepare_select(readsetp, writesetp, maxfdp); 197 channel_prepare_select(readsetp, writesetp, maxfdp, 0);
198 198
199 if (compat20) { 199 if (compat20) {
200 /* wrong: bad condition XXX */ 200 /* wrong: bad condition XXX */
diff --git a/sshconnect2.c b/sshconnect2.c
index 2f26aa569..918ab38e8 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.65 2001/04/04 14:34:58 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.66 2001/04/04 20:25:38 markus Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/md5.h> 29#include <openssl/md5.h>
@@ -119,7 +119,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
119 119
120 xxx_kex = kex; 120 xxx_kex = kex;
121 121
122 dispatch_run(DISPATCH_BLOCK, &kex->newkeys, kex); 122 dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
123 123
124 session_id2 = kex->session_id; 124 session_id2 = kex->session_id;
125 session_id2_len = kex->session_id_len; 125 session_id2_len = kex->session_id_len;
diff --git a/sshd.c b/sshd.c
index ea29e75ac..5b5928858 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: sshd.c,v 1.189 2001/04/04 14:34:58 markus Exp $"); 43RCSID("$OpenBSD: sshd.c,v 1.190 2001/04/04 20:25:38 markus Exp $");
44 44
45#include <openssl/dh.h> 45#include <openssl/dh.h>
46#include <openssl/bn.h> 46#include <openssl/bn.h>
@@ -1437,7 +1437,7 @@ do_ssh2_kex(void)
1437 1437
1438 xxx_kex = kex; 1438 xxx_kex = kex;
1439 1439
1440 dispatch_run(DISPATCH_BLOCK, &kex->newkeys, kex); 1440 dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
1441 1441
1442 session_id2 = kex->session_id; 1442 session_id2 = kex->session_id;
1443 session_id2_len = kex->session_id_len; 1443 session_id2_len = kex->session_id_len;