#180: Compression enabled at the wrong time
------------------------------+---------------------------------------------
Reporter: tj@… | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.2.6
Component: protocol | Version: 1.2.6
Keywords: | Blocks:
Blocked By: |
------------------------------+---------------------------------------------
In KEXINIT messages, the client and server agree on, among other things,
whether to use compression. This method agreement occurs in src/kex.c's
kex_agree_methods() function. However, if compression is enabled (either
client->server, server->client, or both), then the compression layer is
initialized in kex_agree_methods() -- before NEWKEYS has been received.
Instead, the initialization of the compression layer should happen after
NEWKEYS has been received. This looks to occur insrc/kex.c's
diffie_hellman_sha1(), which even has the comment:
/* The first key exchange has been performed,
switch to active crypt/comp/mac mode */
There, after NEWKEYS is received, the cipher and mac algorithms are
initialized, and that is where the compression should be initialized as
well.
The current implementation fails if server->client compression is enabled
because most server implementations follow OpenSSH's lead, where
compression is initialized after NEWKEYS. Since the server initializes
compression after NEWKEYS, but libssh2 initializes compression after
KEXINIT (i.e. before NEWKEYS), they are out of sync.
-- Ticket URL: <http://trac.libssh2.org/ticket/180> libssh2 <http://trac.libssh2.org/> C library for writing portable SSH2 clients _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2010-06-19