Re: [PATCH] kex: server fix to include first_kex_packet_follows

[Andreas Schneider <asn@xxxxxxxxxxxxxx>]

On Wednesday 09 April 2014 16:22:31 Jon Simons wrote:
> On 4/9/14, 2:05 AM, Andreas Schneider wrote:
> > On Tuesday 08 April 2014 17:00:28 Jon Simons wrote:
> >> On 3/27/14, 6:03 PM, Jon Simons wrote:...
> >> 
> >>> Attached is an updated patch.
> >> 
> >> There is a bug in the previous patch here -- though that patch fixes
> >> the original problem for the case that 'first_kex_packet_follows' is
> >> set and the client's guessed key exchange algorithm is correct, it
> >> is not complete in that it does not include logic for the case that
> >> the guess is incorrect.
> >> 
> >> Attached is an updated patch which fixes that by using a field in the
> >> session struct to ignore the first KEX_DHINIT message encountered
> >> after an incorrect guess.
> > 
> > The patch doesn't apply on master, it has several issues with dh.c.
> > 
> > Is this only for v0-6?
> 
> Ah the previous patch yes was based off of v0-6.  I've attached now an
> updated patch that is based off of master
> @ad1313c2e5cf273aec7bf5415876d389ea8d8ae7.
> 
> The main conflict was that on master a few call sites are now converted to
> using 'ssh_buffer_add_data' instead of 'buffer_add_data'; on v0-6 the change
> area is using 'buffer_add_data'.
> 

I'm sorry, but this patch breaks the client with ECDSA!

[2014/04/15 09:49:48.360779, 1] pki_signature_verify:  ECDSA error: 
error:00000000:lib(0):func(0):reason(0)

If you want to be informed if your patch broke the build you can register at:

http://test.libssh.org/index.php?project=libssh


I will revert the patch for now.


	-- andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx