- markus@cvs.openbsd.org 2001/04/04 00:06:54

     [clientloop.c sshconnect2.c]
     enable client rekeying
        (1) force rekeying with ~R, or
        (2) if the server requests rekeying.
     works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0

diff --git a/ChangeLog b/ChangeLog
index d3364ce00a790a182e7b55a773ffa0912149ab8b..204559de715f154a56d24a56e4ff57ec7c835157 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,12 @@
      need dispatch-callbacks, since application data is delayed until
      the keyexchange completes (if i understand the drafts correctly).
      add some infrastructure for re-keying.
+   - markus@cvs.openbsd.org 2001/04/04 00:06:54
+     [clientloop.c sshconnect2.c]
+     enable client rekeying
+        (1) force rekeying with ~R, or
+        (2) if the server requests rekeying.
+     works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
 
 20010403
  - OpenBSD CVS Sync

diff --git a/clientloop.c b/clientloop.c
index 4805f3c8312f7d3b3211662ecf0bfc94cec5259f..1ed245e22ff6de4c07f8134d6f7a4619a2e9e38f 100644 (file)
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.53 2001/03/06 01:08:27 millert Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.54 2001/04/04 00:06:53 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -73,6 +73,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.53 2001/03/06 01:08:27 millert Exp $");
 #include "buffer.h"
 #include "bufaux.h"
 #include "key.h"
+#include "kex.h"
 #include "log.h"
 #include "readconf.h"
 #include "clientloop.h"
@@ -130,6 +131,9 @@ static int connection_out;  /* Connection to server (output). */
 void   client_init_dispatch(void);
 int    session_ident = -1;
 
+/*XXX*/
+extern Kex *xxx_kex;
+
 /* Returns the user\'s terminal to normal mode if it had been put in raw mode. */
 
 void
@@ -548,6 +552,11 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
                                /* We have been continued. */
                                continue;
 
+                       case 'R':
+                               debug("Rekeying");
+                               kex_send_kexinit(xxx_kex);
+                               continue;
+
                        case '&':
                                /* XXX does not work yet with proto 2 */
                                if (compat20)
@@ -762,7 +771,7 @@ client_process_output(fd_set * writeset)
 void
 client_process_buffered_input_packets(void)
 {
-       dispatch_run(DISPATCH_NONBLOCK, &quit_pending, NULL);
+       dispatch_run(DISPATCH_NONBLOCK, &quit_pending, compat20 ? xxx_kex : NULL);
 }
 
 /* scan buf[] for '~' before sending data to the peer */
@@ -1196,7 +1205,10 @@ client_input_channel_req(int type, int plen, void *ctxt)
 void
 client_init_dispatch_20(void)
 {
-       dispatch_init(&dispatch_protocol_error);
+       int i;
+       /* dispatch_init(&dispatch_protocol_error); */
+       for (i = 50; i <= 254; i++)
+               dispatch_set(i, &dispatch_protocol_error);
        dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
        dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
        dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);

diff --git a/sshconnect2.c b/sshconnect2.c
index dd3f36b57732a1cfd8b1c42057d8255aa7823651..1c52231b953cfe249675d4e62803f94cb0834ded 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.62 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.63 2001/04/04 00:06:54 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -69,6 +69,8 @@ int session_id2_len = 0;
 char *xxx_host;
 struct sockaddr *xxx_hostaddr;
 
+Kex *xxx_kex = NULL;
+
 int
 check_host_key_callback(Key *hostkey)
 {
@@ -114,6 +116,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        kex->server_version_string=server_version_string;
        kex->check_host_key=&check_host_key_callback;
 
+       xxx_kex = kex;
+
        /* start key exchange */
        dispatch_run(DISPATCH_BLOCK, &kex->newkeys, kex);