diff options
Diffstat (limited to 'ssh')
| -rw-r--r-- | ssh/handshake.go | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/ssh/handshake.go b/ssh/handshake.go index 86e2755..ae26191 100644 --- a/ssh/handshake.go +++ b/ssh/handshake.go @@ -174,15 +174,7 @@ func (t *handshakeTransport) readOnePacket() ([]byte, error) { t.mu.Lock() - // By default, a key exchange is hidden from higher layers by - // translating it into msgIgnore. - successPacket := []byte{msgIgnore} - if t.sessionID == nil { - // sendKexInit() for the first kex waits for - // msgNewKeys so the authentication process is - // guaranteed to happen over an encrypted transport. - successPacket = []byte{msgNewKeys} - } + firstKex := t.sessionID == nil err = t.enterKeyExchangeLocked(p) if err != nil { @@ -192,7 +184,7 @@ func (t *handshakeTransport) readOnePacket() ([]byte, error) { } if debugHandshake { - log.Printf("%s exited key exchange, err %v", t.id(), err) + log.Printf("%s exited key exchange (first %v), err %v", t.id(), firstKex, err) } // Unblock writers. @@ -207,6 +199,17 @@ func (t *handshakeTransport) readOnePacket() ([]byte, error) { } t.readSinceKex = 0 + + // By default, a key exchange is hidden from higher layers by + // translating it into msgIgnore. + successPacket := []byte{msgIgnore} + if firstKex { + // sendKexInit() for the first kex waits for + // msgNewKeys so the authentication process is + // guaranteed to happen over an encrypted transport. + successPacket = []byte{msgNewKeys} + } + return successPacket, nil } @@ -225,16 +228,15 @@ const ( // close the underlying transport. This function is safe for // concurrent use by multiple goroutines. func (t *handshakeTransport) sendKexInit(isFirst keyChangeCategory) error { + var err error + t.mu.Lock() // If this is the initial key change, but we already have a sessionID, // then do nothing because the key exchange has already completed // asynchronously. - if isFirst && t.sessionID != nil { - t.mu.Unlock() - return nil + if !isFirst || t.sessionID == nil { + _, _, err = t.sendKexInitLocked(isFirst) } - - _, _, err := t.sendKexInitLocked(isFirst) t.mu.Unlock() if err != nil { return err |