remove ext-info-* in the kex.c code, not in callers; with/ok markus@

diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index 050d0df..1e9ad51 100644 (file)
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.184 2023/12/18 14:45:49 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.185 2024/01/08 00:34:33 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -757,10 +757,11 @@ static int
 kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
 {
        struct kex *kex = ssh->kex;
-       int r;
+       int r, initial = (kex->flags & KEX_INITIAL) != 0;
+       char *cp, **prop;
 
        debug("SSH2_MSG_NEWKEYS received");
-       if (kex->ext_info_c && (kex->flags & KEX_INITIAL) != 0)
+       if (kex->ext_info_c && initial)
                ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
        ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
        ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
@@ -768,10 +769,32 @@ kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
                return r;
        if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
                return r;
+       if (initial) {
+               /* Remove initial KEX signalling from proposal for rekeying */
+               if ((r = kex_buf2prop(kex->my, NULL, &prop)) != 0)
+                       return r;
+               if ((cp = match_filter_denylist(prop[PROPOSAL_KEX_ALGS],
+                   kex->server ?
+                   "ext-info-s,kex-strict-s-v00@openssh.com" :
+                   "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) {
+                       error_f("match_filter_denylist failed");
+                       goto fail;
+               }
+               free(prop[PROPOSAL_KEX_ALGS]);
+               prop[PROPOSAL_KEX_ALGS] = cp;
+               if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) {
+                       error_f("kex_prop2buf failed");
+ fail:
+                       kex_proposal_free_entries(prop);
+                       free(prop);
+                       return SSH_ERR_INTERNAL_ERROR;
+               }
+               kex_proposal_free_entries(prop);
+               free(prop);
+       }
        kex->done = 1;
        kex->flags &= ~KEX_INITIAL;
        sshbuf_reset(kex->peer);
-       /* sshbuf_reset(kex->my); */
        kex->flags &= ~KEX_INIT_SENT;
        free(kex->name);
        kex->name = NULL;

diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index dead8d5..020a0f6 100644 (file)
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.371 2023/12/18 14:45:49 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.372 2024/01/08 00:34:34 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -216,7 +216,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
     const struct ssh_conn_info *cinfo)
 {
        char *myproposal[PROPOSAL_MAX];
-       char *s, *all_key, *hkalgs = NULL;
+       char *all_key, *hkalgs = NULL;
        int r, use_known_hosts_order = 0;
 
        xxx_host = host;
@@ -244,14 +244,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
                fatal_fr(r, "kex_assemble_namelist");
        free(all_key);
 
-       if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
-               fatal_f("kex_names_cat");
-
        if (use_known_hosts_order)
                hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
 
-       kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
-           options.macs, compression_alg_list(options.compression),
+       kex_proposal_populate_entries(ssh, myproposal,
+           options.kex_algorithms, options.ciphers, options.macs,
+           compression_alg_list(options.compression),
            hkalgs ? hkalgs : options.hostkeyalgorithms);
 
        free(hkalgs);
@@ -274,13 +272,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
        ssh->kex->verify_host_key=&verify_host_key_callback;
 
        ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
-
-       /* remove ext-info from the KEX proposals for rekeying */
-       free(myproposal[PROPOSAL_KEX_ALGS]);
-       myproposal[PROPOSAL_KEX_ALGS] =
-           compat_kex_proposal(ssh, options.kex_algorithms);
-       if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
-               fatal_r(r, "kex_prop2buf");
+       kex_proposal_free_entries(myproposal);
 
 #ifdef DEBUG_KEXDH
        /* send 1st encrypted/maced/compressed message */
@@ -290,7 +282,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
            (r = ssh_packet_write_wait(ssh)) != 0)
                fatal_fr(r, "send packet");
 #endif
-       kex_proposal_free_entries(myproposal);
 }
 
 /*

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 04b450e..a5d56e9 100644 (file)
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.601 2023/12/18 14:45:49 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.602 2024/01/08 00:34:34 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2261,6 +2261,7 @@ do_ssh2_kex(struct ssh *ssh)
        kex->sign = sshd_hostkey_sign;
 
        ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);
+       kex_proposal_free_entries(myproposal);
 
 #ifdef DEBUG_KEXDH
        /* send 1st encrypted/maced/compressed message */
@@ -2270,7 +2271,6 @@ do_ssh2_kex(struct ssh *ssh)
            (r = ssh_packet_write_wait(ssh)) != 0)
                fatal_fr(r, "send test");
 #endif
-       kex_proposal_free_entries(myproposal);
        debug("KEX done");
 }