Attachment #2783 for bug #2521

Lines 1491-1497 client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) Link Here

(-)a/clientloop.c (-15 / +11 lines)
1491	{	1491	{
1492	fd_set readset = NULL, writeset = NULL;	1492	fd_set readset = NULL, writeset = NULL;
1493	double start_time, total_time;	1493	double start_time, total_time;
1494	int r, max_fd = 0, max_fd2 = 0, len, rekeying = 0;	1494	int r, max_fd = 0, max_fd2 = 0, len;
1495	u_int64_t ibytes, obytes;	1495	u_int64_t ibytes, obytes;
1496	u_int nalloc = 0;	1496	u_int nalloc = 0;
1497	char buf[100];	1497	char buf[100];
Lines 1606-1615 client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) Link Here
1606	if (compat20 && session_closed && !channel_still_open())	1606	if (compat20 && session_closed && !channel_still_open())
1607	break;	1607	break;
1608		1608
1609	rekeying = (active_state->kex != NULL && !active_state->kex->done);	1609	if (ssh_packet_is_rekeying(active_state)) {
1610
1611	if (rekeying) {
1612	debug("rekeying in progress");	1610	debug("rekeying in progress");
		1611	} else if (need_rekeying) {
		1612	/* manual rekey request */
		1613	debug("need rekeying");
		1614	if ((r = kex_start_rekex(active_state)) != 0)
		1615	fatal("%s: kex_start_rekex: %s", __func__,
		1616	ssh_err(r));
		1617	need_rekeying = 0;
1613	} else {	1618	} else {
1614	/*	1619	/*
1615	* Make packets of buffered stdin data, and buffer	1620	* Make packets of buffered stdin data, and buffer
Lines 1640-1662 client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) Link Here
1640	*/	1645	*/
1641	max_fd2 = max_fd;	1646	max_fd2 = max_fd;
1642	client_wait_until_can_do_something(&readset, &writeset,	1647	client_wait_until_can_do_something(&readset, &writeset,
1643	&max_fd2, &nalloc, rekeying);	1648	&max_fd2, &nalloc, ssh_packet_is_rekeying(active_state));
1644		1649
1645	if (quit_pending)	1650	if (quit_pending)
1646	break;	1651	break;
1647		1652
1648	/* Do channel operations unless rekeying in progress. */	1653	/* Do channel operations unless rekeying in progress. */
1649	if (!rekeying) {	1654	if (!ssh_packet_is_rekeying(active_state))
1650	channel_after_select(readset, writeset);	1655	channel_after_select(readset, writeset);
1651	if (need_rekeying \|\| packet_need_rekeying()) {
1652	debug("need rekeying");
1653	active_state->kex->done = 0;
1654	if ((r = kex_send_kexinit(active_state)) != 0)
1655	fatal("%s: kex_send_kexinit: %s",
1656	__func__, ssh_err(r));
1657	need_rekeying = 0;
1658	}
1659	}
1660		1656
1661	/* Buffer input from the connection. */	1657	/* Buffer input from the connection. */
1662	client_process_net_input(readset);	1658	client_process_net_input(readset);




	return 0;
}

/*
 * Request key re-exchange, returns 0 on success or a ssherr.h error
 * code otherwise. Must not be called if KEX is incomplete or in-progress.
 */
int
kex_start_rekex(struct ssh *ssh)
{
	if (ssh->kex == NULL) {
		error("%s: no kex", __func__);
		return SSH_ERR_INTERNAL_ERROR;
	}
	if (ssh->kex->done == 0) {
		error("%s: requested twice", __func__);
		return SSH_ERR_INTERNAL_ERROR;
	}
	ssh->kex->done = 0;
	return kex_send_kexinit(ssh);
}

static int
choose_enc(struct sshenc *enc, char *client, char *server)
{

Lines 165-170 int kex_input_ext_info(int, u_int32_t, void *); Link Here

(-)a/kex.h (+1 lines)
165	int kex_derive_keys(struct ssh , u_char , u_int, const struct sshbuf *);	165	int kex_derive_keys(struct ssh , u_char , u_int, const struct sshbuf *);
166	int kex_derive_keys_bn(struct ssh , u_char , u_int, const BIGNUM *);	166	int kex_derive_keys_bn(struct ssh , u_char , u_int, const BIGNUM *);
167	int kex_send_newkeys(struct ssh *);	167	int kex_send_newkeys(struct ssh *);
		168	int kex_start_rekex(struct ssh *);
168		169
169	int kexdh_client(struct ssh *);	170	int kexdh_client(struct ssh *);
170	int kexdh_server(struct ssh *);	171	int kexdh_server(struct ssh *);

Lines 124-131 void packet_read_expect(int expected_type); Link Here

(-)a/opacket.h (-2 lines)
124	sshpkt_add_padding(active_state, (pad))	124	sshpkt_add_padding(active_state, (pad))
125	#define packet_send_ignore(nbytes) \	125	#define packet_send_ignore(nbytes) \
126	ssh_packet_send_ignore(active_state, (nbytes))	126	ssh_packet_send_ignore(active_state, (nbytes))
127	#define packet_need_rekeying() \
128	ssh_packet_need_rekeying(active_state)
129	#define packet_set_server() \	127	#define packet_set_server() \
130	ssh_packet_set_server(active_state)	128	ssh_packet_set_server(active_state)
131	#define packet_set_authenticated() \	129	#define packet_set_authenticated() \

Lines 253-258 ssh_alloc_session_state(void) Link Here

(-)a/packet.c (-38 / +115 lines)
253	return NULL;	253	return NULL;
254	}	254	}
255		255
		256	/* Returns nonzero if rekeying is in progress */
		257	int
		258	ssh_packet_is_rekeying(struct ssh *ssh)
		259	{
		260	return ssh->state->rekeying \|\|
		261	(ssh->kex != NULL && ssh->kex->done == 0);
		262	}
		263
256	/*	264	/*
257	* Sets the descriptors used for communication. Disables encryption until	265	* Sets the descriptors used for communication. Disables encryption until
258	* packet_set_encryption_key is called.	266	* packet_set_encryption_key is called.
Lines 1016-1021 ssh_set_newkeys(struct ssh *ssh, int mode) Link Here
1016	return 0;	1024	return 0;
1017	}	1025	}
1018		1026
		1027	#define MAX_PACKETS (1U<<31)
		1028	static int
		1029	ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
		1030	{
		1031	struct session_state *state = ssh->state;
		1032	u_int32_t out_blocks;
		1033
		1034	/* XXX client can't cope with rekeying pre-auth */
		1035	if (!state->after_authentication)
		1036	return 0;
		1037
		1038	/* Haven't keyed yet or KEX in progress. */
		1039	if (ssh->kex == NULL \|\| ssh_packet_is_rekeying(ssh))
		1040	return 0;
		1041
		1042	/* Peer can't rekey */
		1043	if (ssh->compat & SSH_BUG_NOREKEY)
		1044	return 0;
		1045
		1046	/*
		1047	* Permit one packet in or out per rekey - this allows us to
		1048	* make progress when rekey limits are very small.
		1049	*/
		1050	if (state->p_send.packets == 0 && state->p_read.packets == 0)
		1051	return 0;
		1052
		1053	/* Time-based rekeying */
		1054	if (state->rekey_interval != 0 &&
		1055	state->rekey_time + state->rekey_interval <= monotime())
		1056	return 1;
		1057
		1058	/* Always rekey when MAX_PACKETS sent in either direction */
		1059	if (state->p_send.packets > MAX_PACKETS \|\|
		1060	state->p_read.packets > MAX_PACKETS)
		1061	return 1;
		1062
		1063	/* Rekey after (cipher-specific) maxiumum blocks */
		1064	out_blocks = roundup(outbound_packet_len,
		1065	state->newkeys[MODE_IN]->enc.block_size);
		1066	return (state->max_blocks_out &&
		1067	(state->p_send.blocks + out_blocks > state->max_blocks_out)) \|\|
		1068	(state->max_blocks_in &&
		1069	(state->p_read.blocks > state->max_blocks_in));
		1070	}
		1071
1019	/*	1072	/*
1020	* Delayed compression for SSH2 is enabled after authentication:	1073	* Delayed compression for SSH2 is enabled after authentication:
1021	* This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,	1074	* This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
Lines 1219-1253 ssh_packet_send2_wrapped(struct ssh *ssh) Link Here
1219	return r;	1272	return r;
1220	}	1273	}
1221		1274
		1275	/* returns non-zero if the specified packet type is usec by KEX */
		1276	static int
		1277	ssh_packet_type_is_kex(u_char type)
		1278	{
		1279	return
		1280	type >= SSH2_MSG_TRANSPORT_MIN &&
		1281	type <= SSH2_MSG_TRANSPORT_MAX &&
		1282	type != SSH2_MSG_SERVICE_REQUEST &&
		1283	type != SSH2_MSG_SERVICE_ACCEPT &&
		1284	type != SSH2_MSG_EXT_INFO;
		1285	}
		1286
		1287
1222	int	1288	int
1223	ssh_packet_send2(struct ssh *ssh)	1289	ssh_packet_send2(struct ssh *ssh)
1224	{	1290	{
1225	struct session_state *state = ssh->state;	1291	struct session_state *state = ssh->state;
1226	struct packet *p;	1292	struct packet *p;
1227	u_char type;	1293	u_char type;
1228	int r;	1294	int r, need_rekey;
1229		1295
		1296	if (sshbuf_len(state->outgoing_packet) < 6)
		1297	return SSH_ERR_INTERNAL_ERROR;
1230	type = sshbuf_ptr(state->outgoing_packet)[5];	1298	type = sshbuf_ptr(state->outgoing_packet)[5];
		1299	need_rekey = !ssh_packet_type_is_kex(type) &&
		1300	ssh_packet_need_rekeying(ssh, sshbuf_len(state->outgoing_packet));
1231		1301
1232	/* during rekeying we can only send key exchange messages */	1302	/*
1233	if (state->rekeying) {	1303	* During rekeying we can only send key exchange messages.
1234	if ((type < SSH2_MSG_TRANSPORT_MIN) \|\|	1304	* Queue everything else.
1235	(type > SSH2_MSG_TRANSPORT_MAX) \|\|	1305	*/
1236	(type == SSH2_MSG_SERVICE_REQUEST) \|\|	1306	if ((need_rekey \|\| state->rekeying) && !ssh_packet_type_is_kex(type)) {
1237	(type == SSH2_MSG_SERVICE_ACCEPT) \|\|	1307	if (need_rekey)
1238	(type == SSH2_MSG_EXT_INFO)) {	1308	debug3("%s: rekex triggered", __func__);
1239	debug("enqueue packet: %u", type);	1309	debug("enqueue packet: %u", type);
1240	p = calloc(1, sizeof(*p));	1310	p = calloc(1, sizeof(*p));
1241	if (p == NULL)	1311	if (p == NULL)
1242	return SSH_ERR_ALLOC_FAIL;	1312	return SSH_ERR_ALLOC_FAIL;
1243	p->type = type;	1313	p->type = type;
1244	p->payload = state->outgoing_packet;	1314	p->payload = state->outgoing_packet;
1245	TAILQ_INSERT_TAIL(&state->outgoing, p, next);	1315	TAILQ_INSERT_TAIL(&state->outgoing, p, next);
1246	state->outgoing_packet = sshbuf_new();	1316	state->outgoing_packet = sshbuf_new();
1247	if (state->outgoing_packet == NULL)	1317	if (state->outgoing_packet == NULL)
1248	return SSH_ERR_ALLOC_FAIL;	1318	return SSH_ERR_ALLOC_FAIL;
1249	return 0;	1319	if (need_rekey) {
		1320	/*
		1321	* This packet triggered a rekey, so send the
		1322	* KEXINIT now.
		1323	* NB. reenters this function via kex_start_rekex().
		1324	*/
		1325	return kex_start_rekex(ssh);
1250	}	1326	}
		1327	return 0;
1251	}	1328	}
1252		1329
1253	/* rekeying starts with sending KEXINIT */	1330	/* rekeying starts with sending KEXINIT */
Lines 1263-1272 ssh_packet_send2(struct ssh *ssh) Link Here
1263	state->rekey_time = monotime();	1340	state->rekey_time = monotime();
1264	while ((p = TAILQ_FIRST(&state->outgoing))) {	1341	while ((p = TAILQ_FIRST(&state->outgoing))) {
1265	type = p->type;	1342	type = p->type;
		1343	/*
		1344	* If this packet triggers a rekex, then skip the
		1345	* remaining packets in the queue for now.
		1346	* NB. re-enters this function via kex_start_rekex.
		1347	*/
		1348	if (ssh_packet_need_rekeying(ssh,
		1349	sshbuf_len(p->payload))) {
		1350	debug3("%s: queued packet triggered rekex",
		1351	__func__);
		1352	return kex_start_rekex(ssh);
		1353	}
1266	debug("dequeue packet: %u", type);	1354	debug("dequeue packet: %u", type);
1267	sshbuf_free(state->outgoing_packet);	1355	sshbuf_free(state->outgoing_packet);
1268	state->outgoing_packet = p->payload;	1356	state->outgoing_packet = p->payload;
1269	TAILQ_REMOVE(&state->outgoing, p, next);	1357	TAILQ_REMOVE(&state->outgoing, p, next);
		1358	memset(p, 0, sizeof(*p));
1270	free(p);	1359	free(p);
1271	if ((r = ssh_packet_send2_wrapped(ssh)) != 0)	1360	if ((r = ssh_packet_send2_wrapped(ssh)) != 0)
1272	return r;	1361	return r;
Lines 1770-1775 ssh_packet_read_poll2(struct ssh ssh, u_char typep, u_int32_t *seqnr_p) Link Here
1770	#endif	1859	#endif
1771	/* reset for next packet */	1860	/* reset for next packet */
1772	state->packlen = 0;	1861	state->packlen = 0;
		1862
		1863	/* do we need to rekey? */
		1864	if (ssh_packet_need_rekeying(ssh, 0)) {
		1865	debug3("%s: rekex triggered", __func__);
		1866	if ((r = kex_start_rekex(ssh)) != 0)
		1867	return r;
		1868	}
1773	out:	1869	out:
1774	return r;	1870	return r;
1775	}	1871	}
Lines 2246-2270 ssh_packet_send_ignore(struct ssh *ssh, int nbytes) Link Here
2246	}	2342	}
2247	}	2343	}
2248		2344
2249	#define MAX_PACKETS (1U<<31)
2250	int
2251	ssh_packet_need_rekeying(struct ssh *ssh)
2252	{
2253	struct session_state *state = ssh->state;
2254
2255	if (ssh->compat & SSH_BUG_NOREKEY)
2256	return 0;
2257	return
2258	(state->p_send.packets > MAX_PACKETS) \|\|
2259	(state->p_read.packets > MAX_PACKETS) \|\|
2260	(state->max_blocks_out &&
2261	(state->p_send.blocks > state->max_blocks_out)) \|\|
2262	(state->max_blocks_in &&
2263	(state->p_read.blocks > state->max_blocks_in)) \|\|
2264	(state->rekey_interval != 0 && state->rekey_time +
2265	state->rekey_interval <= monotime());
2266	}
2267
2268	void	2345	void
2269	ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds)	2346	ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds)
2270	{	2347	{

Lines 72-77 int ssh_packet_get_connection_in(struct ssh *); Link Here

(-)a/packet.h (-1 / +1 lines)
72	int ssh_packet_get_connection_out(struct ssh *);	72	int ssh_packet_get_connection_out(struct ssh *);
73	void ssh_packet_close(struct ssh *);	73	void ssh_packet_close(struct ssh *);
74	void ssh_packet_set_encryption_key(struct ssh , const u_char , u_int, int);	74	void ssh_packet_set_encryption_key(struct ssh , const u_char , u_int, int);
		75	int ssh_packet_is_rekeying(struct ssh *);
75	void ssh_packet_set_protocol_flags(struct ssh *, u_int);	76	void ssh_packet_set_protocol_flags(struct ssh *, u_int);
76	u_int ssh_packet_get_protocol_flags(struct ssh *);	77	u_int ssh_packet_get_protocol_flags(struct ssh *);
77	int ssh_packet_start_compression(struct ssh *, int);	78	int ssh_packet_start_compression(struct ssh *, int);
Lines 131-137 int ssh_packet_set_state(struct ssh , struct sshbuf ); Link Here
131	const char ssh_remote_ipaddr(struct ssh );	132	const char ssh_remote_ipaddr(struct ssh );
132	int ssh_remote_port(struct ssh *);	133	int ssh_remote_port(struct ssh *);
133		134
134	int ssh_packet_need_rekeying(struct ssh *);
135	void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t);	135	void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t);
136	time_t ssh_packet_get_rekey_timeout(struct ssh *);	136	time_t ssh_packet_get_rekey_timeout(struct ssh *);
137		137




server_loop2(Authctxt *authctxt)
{
	fd_set *readset = NULL, *writeset = NULL;
	int max_fd;
	u_int nalloc = 0;
	u_int64_t rekey_timeout_ms = 0;


	for (;;) {
		process_buffered_input_packets();

		if (!ssh_packet_is_rekeying(active_state) &&
		    packet_not_very_much_data_to_write())
		if (!rekeying && packet_not_very_much_data_to_write())
			channel_output_poll();
		if (options.rekey_interval > 0 && compat20 &&
		    !ssh_packet_is_rekeying(active_state))
			rekey_timeout_ms = packet_get_rekey_timeout() * 1000;
		else
			rekey_timeout_ms = 0;

		}

		collect_children();
		if (!ssh_packet_is_rekeying(active_state))
			channel_after_select(readset, writeset);
			if (packet_need_rekeying()) {
				debug("need rekeying");
				active_state->kex->done = 0;
				kex_send_kexinit(active_state);
			}
		}
		process_input(readset);
		if (connection_closed)
			break;

Return to bug 2521

Lines 585-590 kex_setup(struct ssh ssh, char proposal[PROPOSAL_MAX]) Link Here

(-)a/kex.c (+19 lines)
585	return 0;	585	return 0;
586	}	586	}
587		587
		588	/*
		589	* Request key re-exchange, returns 0 on success or a ssherr.h error
		590	* code otherwise. Must not be called if KEX is incomplete or in-progress.
		591	*/
		592	int
		593	kex_start_rekex(struct ssh *ssh)
		594	{
		595	if (ssh->kex == NULL) {
		596	error("%s: no kex", __func__);
		597	return SSH_ERR_INTERNAL_ERROR;
		598	}
		599	if (ssh->kex->done == 0) {
		600	error("%s: requested twice", __func__);
		601	return SSH_ERR_INTERNAL_ERROR;
		602	}
		603	ssh->kex->done = 0;
		604	return kex_send_kexinit(ssh);
		605	}
		606
588	static int	607	static int
589	choose_enc(struct sshenc enc, char client, char *server)	608	choose_enc(struct sshenc enc, char client, char *server)
590	{	609	{

Lines 788-794 void Link Here

(-)a/serverloop.c (-12 / +6 lines)
788	server_loop2(Authctxt *authctxt)	788	server_loop2(Authctxt *authctxt)
789	{	789	{
790	fd_set readset = NULL, writeset = NULL;	790	fd_set readset = NULL, writeset = NULL;
791	int rekeying = 0, max_fd;	791	int max_fd;
792	u_int nalloc = 0;	792	u_int nalloc = 0;
793	u_int64_t rekey_timeout_ms = 0;	793	u_int64_t rekey_timeout_ms = 0;
794		794
Lines 815-825 server_loop2(Authctxt *authctxt) Link Here
815	for (;;) {	815	for (;;) {
816	process_buffered_input_packets();	816	process_buffered_input_packets();
817		817
818	rekeying = (active_state->kex != NULL && !active_state->kex->done);	818	if (!ssh_packet_is_rekeying(active_state) &&
819		819	packet_not_very_much_data_to_write())
820	if (!rekeying && packet_not_very_much_data_to_write())
821	channel_output_poll();	820	channel_output_poll();
822	if (options.rekey_interval > 0 && compat20 && !rekeying)	821	if (options.rekey_interval > 0 && compat20 &&
		822	!ssh_packet_is_rekeying(active_state))
823	rekey_timeout_ms = packet_get_rekey_timeout() * 1000;	823	rekey_timeout_ms = packet_get_rekey_timeout() * 1000;
824	else	824	else
825	rekey_timeout_ms = 0;	825	rekey_timeout_ms = 0;
Lines 834-847 server_loop2(Authctxt *authctxt) Link Here
834	}	834	}
835		835
836	collect_children();	836	collect_children();
837	if (!rekeying) {	837	if (!ssh_packet_is_rekeying(active_state))
838	channel_after_select(readset, writeset);	838	channel_after_select(readset, writeset);
839	if (packet_need_rekeying()) {
840	debug("need rekeying");
841	active_state->kex->done = 0;
842	kex_send_kexinit(active_state);
843	}
844	}
845	process_input(readset);	839	process_input(readset);
846	if (connection_closed)	840	if (connection_closed)
847	break;	841	break;