From b5ccdebfb385b5bbb4ad87fc9b3fff6f4206b1de Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 31 Mar 2019 08:45:30 +0100 Subject: [PATCH] Uppity: get cipher directions the right way round! The very first thing I tried to test with the new KEXINIT override was to select a non-default cipher in only one of the two connection directions. It failed because both client and server tried to send AES and receive ChaCha20, which doesn't work very well! The server-readiness tweaks in ssh2transport.c included a switching system so that when we scan both KEXINITs to determine the chosen cipher, we can change which one we think is client and which is server. But I'd forgotten to put in a similar switch for the structures into which we put the selected algorithms for client->server and server->client directions. Ahem. --- ssh2transport.c | 8 ++++++-- ssh2transport.h | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ssh2transport.c b/ssh2transport.c index ca6ad601..efd948f0 100644 --- a/ssh2transport.c +++ b/ssh2transport.c @@ -156,10 +156,14 @@ PacketProtocolLayer *ssh2_transport_new( s->ssc = ssc; s->client_kexinit = s->incoming_kexinit; s->server_kexinit = s->outgoing_kexinit; + s->cstrans = &s->in; + s->sctrans = &s->out; s->out.mkkey_adjust = 1; } else { s->client_kexinit = s->outgoing_kexinit; s->server_kexinit = s->incoming_kexinit; + s->cstrans = &s->out; + s->sctrans = &s->in; s->in.mkkey_adjust = 1; } @@ -1129,8 +1133,8 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl) if (!ssh2_scan_kexinits( ptrlen_from_strbuf(s->client_kexinit), ptrlen_from_strbuf(s->server_kexinit), - s->kexlists, &s->kex_alg, &s->hostkey_alg, &s->out, &s->in, - &s->warn_kex, &s->warn_hk, &s->warn_cscipher, + s->kexlists, &s->kex_alg, &s->hostkey_alg, s->cstrans, + s->sctrans, &s->warn_kex, &s->warn_hk, &s->warn_cscipher, &s->warn_sccipher, s->ppl.ssh, NULL, &s->ignorepkt, &nhk, hks)) return; /* false means a fatal error function was called */ diff --git a/ssh2transport.h b/ssh2transport.h index effacd19..3b2955cd 100644 --- a/ssh2transport.h +++ b/ssh2transport.h @@ -167,7 +167,7 @@ struct ssh2_transport_state { strbuf *outgoing_kexinit, *incoming_kexinit; strbuf *client_kexinit, *server_kexinit; /* aliases to the above */ int kex_init_value, kex_reply_value; - transport_direction in, out; + transport_direction in, out, *cstrans, *sctrans; ptrlen hostkeydata, sigdata; strbuf *hostkeyblob; char *keystr, *fingerprint;