requirenext fixup for firstkexfollows

CHANGES

@@ -1,3 +1,39 @@
+2013.57 - 
+
+- Improved initial connection time particularly with high latency connections.
+  The number of round trips has been reduced for both client and server. 
+  CPU time hasn't been changed.
+
+- Client will attempt to send an initial key exchange packet to save a round
+  trip. Dropbear implements an extension kexguess2@matt.ucc.asn.au to allow
+  the first packet guess to succeed in wider circumstances than the standard
+  behaviour. When communicating with other implementations the standard
+  behaviour is used.
+
+- Client side: when public key or password authentication with
+  $DROPBEAR_PASSWORD is used, an initial authentication request will
+  be sent immediately rather than querying the list of available methods.
+  This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default),
+  please let the Dropbear author know if it causes any interoperability
+  problems.
+
+- Implement client escape characters ~. (terminate session) and 
+  ~^Z (background session)
+
+- Server will more reliably clean up utmp when connection is closed
+
+- Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case
+
+- Add "-y -y" client option to skip host key checking, thanks to Hans Harder
+
+- scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen
+
+- Added IUTF8 terminal mode support. Not yet standardised though seems that it
+  will soon be
+
+- Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2
+  enviroment variable is set 
+
 2013.56 - Thursday 21 March 2013
 
 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient

cli-kex.c

@@ -61,8 +61,8 @@ void send_msg_kexdh_init() {
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
 	buf_putmpint(ses.writepayload, cli_ses.dh_e);
 	encrypt_packet();
-	// XXX fixme
+	ses.requirenext[0] = SSH_MSG_KEXDH_REPLY;
-	//ses.requirenext = SSH_MSG_KEXDH_REPLY;
+	ses.requirenext[1] = SSH_MSG_KEXINIT;
 }
 
 /* Handle a diffie-hellman key exchange reply. */
@@ -118,7 +118,8 @@ void recv_msg_kexdh_reply() {
 	hostkey = NULL;
 
 	send_msg_newkeys();
-	ses.requirenext = SSH_MSG_NEWKEYS;
+	ses.requirenext[0] = SSH_MSG_NEWKEYS;
+	ses.requirenext[1] = 0;
 	TRACE(("leave recv_msg_kexdh_init"))
 }
 

common-kex.c

@@ -542,7 +542,7 @@ void recv_msg_kexinit() {
 	    buf_putstring(ses.kexhashbuf,
 			ses.transkexinit->data, ses.transkexinit->len);
 
-		ses.requirenext = SSH_MSG_KEXDH_INIT;
+		ses.requirenext[0] = SSH_MSG_KEXDH_INIT;
 	}
 
 	buf_free(ses.transkexinit);

common-session.c

@@ -82,7 +82,7 @@ void common_session_init(int sock_in, int sock_out) {
 
 	initqueue(&ses.writequeue);
 
-	ses.requirenext = SSH_MSG_KEXINIT;
+	ses.requirenext[0] = SSH_MSG_KEXINIT;
 	ses.dataallowed = 1; /* we can send data until we actually 
 							send the SSH_MSG_KEXINIT */
 	ses.ignorenext = 0;

debug.h

@@ -39,7 +39,7 @@
  * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
  * since the printing may not sanitise strings etc. This will add a reasonable
  * amount to your executable size. */
-#define DEBUG_TRACE
+/* #define DEBUG_TRACE */
 
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're

process-packet.c

@@ -74,14 +74,15 @@ void process_packet() {
 
 	/* This applies for KEX, where the spec says the next packet MUST be
 	 * NEWKEYS */
-	if (ses.requirenext != 0) {
+	if (ses.requirenext[0] != 0) {
-		if (ses.requirenext != type) {
+		if (ses.requirenext[0] != type
-			/* TODO send disconnect? */
+				&& (ses.requirenext[1] == 0 || ses.requirenext[1] != type)) {
 			dropbear_exit("Unexpected packet type %d, expected %d", type,
 					ses.requirenext);
 		} else {
 			/* Got what we expected */
-			ses.requirenext = 0;
+			ses.requirenext[0] = 0;
+			ses.requirenext[1] = 0;
 		}
 	}
 

session.h

@@ -135,8 +135,9 @@ struct sshsession {
 	unsigned dataallowed : 1; /* whether we can send data packets or we are in
 								 the middle of a KEX or something */
 
-	unsigned char requirenext; /* byte indicating what packet we require next, 
+	unsigned char requirenext[2]; /* bytes indicating what packets we require next, 
-								or 0x00 for any */
+									 or 0x00 for any. Second option can only be
+									 used if the first byte is also set */
 
 	unsigned char ignorenext; /* whether to ignore the next packet,
 								 used for kex_follows stuff */

svr-kex.c

@@ -61,7 +61,8 @@ void recv_msg_kexdh_init() {
 	mp_clear(&dh_e);
 
 	send_msg_newkeys();
-	ses.requirenext = SSH_MSG_NEWKEYS;
+	ses.requirenext[0] = SSH_MSG_NEWKEYS;
+	ses.requirenext[1] = 0;
 	TRACE(("leave recv_msg_kexdh_init"))
 }