KEX graceful failure

Damien Miller djm at mindrot.org
Sun Jun 29 19:11:34 EST 2008


On Sat, 28 Jun 2008, Georgi Chulkov wrote:

> Dear all,
>
> I am currently implementing an experimental key exchange (KEX)
> algorithm. Unlike current algorithms like DH, mine needs to be able
> to fail gracefully, and in case of failure, continue with whatever
> algorithm would have been negotiated if mine was not selected.
>
> My strategy for graceful failure is to remove my KEX algorithm from
> myproposal[KEX_DEFAULT_KEX] and to initiate a new key exchange.
>
> My question is whether it is safe (and a good idea) to simply call
> do_ssh2_kex (server) / ssh2_kex (client) in order to do another
> exchange, and whether there are any negative consequences of doing so
> (e.g. security or reliability).

I'm pretty sure this function was not written with the intent of
being run more than once, though some of the function that is calls
via the dispatch loop are (for key re-exchange). You might leak some
memory and at worst leave some sensitive data in memory, so you should
check this carefully. Also be careful of re-entering the kex functions,
I don't think they were ever written with that in mind either (though
they may be safe).

-d


More information about the openssh-unix-dev mailing list