зеркало из https://github.com/github/putty.git
Uppity: get cipher directions the right way round!
The very first thing I tried to test with the new KEXINIT override was to select a non-default cipher in only one of the two connection directions. It failed because both client and server tried to send AES and receive ChaCha20, which doesn't work very well! The server-readiness tweaks in ssh2transport.c included a switching system so that when we scan both KEXINITs to determine the chosen cipher, we can change which one we think is client and which is server. But I'd forgotten to put in a similar switch for the structures into which we put the selected algorithms for client->server and server->client directions. Ahem.
This commit is contained in:
Родитель
b494ecfcfc
Коммит
b5ccdebfb3
|
@ -156,10 +156,14 @@ PacketProtocolLayer *ssh2_transport_new(
|
||||||
s->ssc = ssc;
|
s->ssc = ssc;
|
||||||
s->client_kexinit = s->incoming_kexinit;
|
s->client_kexinit = s->incoming_kexinit;
|
||||||
s->server_kexinit = s->outgoing_kexinit;
|
s->server_kexinit = s->outgoing_kexinit;
|
||||||
|
s->cstrans = &s->in;
|
||||||
|
s->sctrans = &s->out;
|
||||||
s->out.mkkey_adjust = 1;
|
s->out.mkkey_adjust = 1;
|
||||||
} else {
|
} else {
|
||||||
s->client_kexinit = s->outgoing_kexinit;
|
s->client_kexinit = s->outgoing_kexinit;
|
||||||
s->server_kexinit = s->incoming_kexinit;
|
s->server_kexinit = s->incoming_kexinit;
|
||||||
|
s->cstrans = &s->out;
|
||||||
|
s->sctrans = &s->in;
|
||||||
s->in.mkkey_adjust = 1;
|
s->in.mkkey_adjust = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1129,8 +1133,8 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
|
||||||
if (!ssh2_scan_kexinits(
|
if (!ssh2_scan_kexinits(
|
||||||
ptrlen_from_strbuf(s->client_kexinit),
|
ptrlen_from_strbuf(s->client_kexinit),
|
||||||
ptrlen_from_strbuf(s->server_kexinit),
|
ptrlen_from_strbuf(s->server_kexinit),
|
||||||
s->kexlists, &s->kex_alg, &s->hostkey_alg, &s->out, &s->in,
|
s->kexlists, &s->kex_alg, &s->hostkey_alg, s->cstrans,
|
||||||
&s->warn_kex, &s->warn_hk, &s->warn_cscipher,
|
s->sctrans, &s->warn_kex, &s->warn_hk, &s->warn_cscipher,
|
||||||
&s->warn_sccipher, s->ppl.ssh, NULL, &s->ignorepkt, &nhk, hks))
|
&s->warn_sccipher, s->ppl.ssh, NULL, &s->ignorepkt, &nhk, hks))
|
||||||
return; /* false means a fatal error function was called */
|
return; /* false means a fatal error function was called */
|
||||||
|
|
||||||
|
|
|
@ -167,7 +167,7 @@ struct ssh2_transport_state {
|
||||||
strbuf *outgoing_kexinit, *incoming_kexinit;
|
strbuf *outgoing_kexinit, *incoming_kexinit;
|
||||||
strbuf *client_kexinit, *server_kexinit; /* aliases to the above */
|
strbuf *client_kexinit, *server_kexinit; /* aliases to the above */
|
||||||
int kex_init_value, kex_reply_value;
|
int kex_init_value, kex_reply_value;
|
||||||
transport_direction in, out;
|
transport_direction in, out, *cstrans, *sctrans;
|
||||||
ptrlen hostkeydata, sigdata;
|
ptrlen hostkeydata, sigdata;
|
||||||
strbuf *hostkeyblob;
|
strbuf *hostkeyblob;
|
||||||
char *keystr, *fingerprint;
|
char *keystr, *fingerprint;
|
||||||
|
|
Загрузка…
Ссылка в новой задаче