Set output and input encodings separately at end of KEX #205
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Once SSH_MSG_NEWKEYS is sent any subsequent packet sent must use the
new encoding settings. Once SSH_MSG_NEWKEYS is received, the new
encoding settings are to be used for any message received. So set the
cipher/mac/compression separately for outgoing and incoming messages
in sendNewKeys() and handleNewKeys().
Previously, we set both only in handleNewKeys(), i.e., when the peer's
SSH_MSG_NEWKEYS was received. This makes implementing a KEX extension
handler more complicated than necessary since it had to delay sending
the SSH_MSG_EXT_INFO packet until after the peer's SSH_MSG_NEW_KEYS was
received.
RFC 8308 recommends that "the server sends its SSH_MSG_EXT_INFO not
only as the next packet after SSH_MSG_NEWKEYS, but without delay". This
is now possible since the output settings are already set up correctly.
SSH_MSG_EXT_INFO is always sent and received after SSH_MSG_NEWKEY, and
the Apache MINA sshd implementation guarantees that either party handles
the peer's SSH_MSG_NEWKEY after having sent its own SSH_MSG_NEWKEY.