Re: [PATCH] kex: server fix to include first_kex_packet_follows
- Subject: Re: [PATCH] kex: server fix to include first_kex_packet_follows
- From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Tue, 15 Apr 2014 09:52:07 +0200
- To: libssh@xxxxxxxxxx
On Wednesday 09 April 2014 16:22:31 Jon Simons wrote:
> On 4/9/14, 2:05 AM, Andreas Schneider wrote:
> > On Tuesday 08 April 2014 17:00:28 Jon Simons wrote:
> >> On 3/27/14, 6:03 PM, Jon Simons wrote:...
> >>> Attached is an updated patch.
> >> There is a bug in the previous patch here -- though that patch fixes
> >> the original problem for the case that 'first_kex_packet_follows' is
> >> set and the client's guessed key exchange algorithm is correct, it
> >> is not complete in that it does not include logic for the case that
> >> the guess is incorrect.
> >> Attached is an updated patch which fixes that by using a field in the
> >> session struct to ignore the first KEX_DHINIT message encountered
> >> after an incorrect guess.
> > The patch doesn't apply on master, it has several issues with dh.c.
> > Is this only for v0-6?
> Ah the previous patch yes was based off of v0-6. I've attached now an
> updated patch that is based off of master
> The main conflict was that on master a few call sites are now converted to
> using 'ssh_buffer_add_data' instead of 'buffer_add_data'; on v0-6 the change
> area is using 'buffer_add_data'.
I'm sorry, but this patch breaks the client with ECDSA!
[2014/04/15 09:49:48.360779, 1] pki_signature_verify: ECDSA error:
If you want to be informed if your patch broke the build you can register at:
I will revert the patch for now.
Andreas Schneider GPG-ID: CC014E3D
Archive administrator: email@example.com