Skip to content

Commit

Permalink
Patch for issue #18861
Browse files Browse the repository at this point in the history
golang/go#18861

Forking for now until it's in master
  • Loading branch information
Joel Jensen committed Feb 4, 2017
1 parent dc137be commit 56f5a47
Showing 1 changed file with 26 additions and 19 deletions.
45 changes: 26 additions & 19 deletions ssh/handshake.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ type handshakeTransport struct {
// If the read loop wants to schedule a kex, it pings this
// channel, and the write loop will send out a kex
// message. The boolean is whether this is the first request or not.
requestKex chan bool
requestKex chan struct{}

// If the other side requests or confirms a kex, its kexInit
// packet is sent here for the write loop to find it.
Expand Down Expand Up @@ -102,14 +102,14 @@ func newHandshakeTransport(conn keyingTransport, config *Config, clientVersion,
serverVersion: serverVersion,
clientVersion: clientVersion,
incoming: make(chan []byte, chanSize),
requestKex: make(chan bool, 1),
requestKex: make(chan struct{}, 1),
startKex: make(chan *pendingKex, 1),

config: config,
}

// We always start with a mandatory key exchange.
t.requestKex <- true
t.requestKex <- struct{}{}
return t
}

Expand Down Expand Up @@ -166,6 +166,7 @@ func (t *handshakeTransport) printPacket(p []byte, write bool) {
if write {
action = "sent"
}

if p[0] == msgChannelData || p[0] == msgChannelExtendedData {
log.Printf("%s %s data (packet %d bytes)", t.id(), action, len(p))
} else {
Expand Down Expand Up @@ -230,14 +231,13 @@ func (t *handshakeTransport) recordWriteError(err error) {

func (t *handshakeTransport) requestKeyExchange() {
select {
case t.requestKex <- false:
case t.requestKex <- struct{}{}:
default:
// something already requested a kex, so do nothing.
}
}

func (t *handshakeTransport) kexLoop() {
firstSent := false

write:
for t.getWriteError() == nil {
Expand All @@ -251,26 +251,15 @@ write:
if !ok {
break write
}
case requestFirst := <-t.requestKex:
// For the first key exchange, both
// sides will initiate a key exchange,
// and both channels will fire. To
// avoid doing two key exchanges in a
// row, ignore our own request for an
// initial kex if we have already sent
// it out.
if firstSent && requestFirst {

continue
}
case <-t.requestKex:
break
}

if !sent {
if err := t.sendKexInit(); err != nil {
t.recordWriteError(err)
break
}
firstSent = true
sent = true
}
}
Expand All @@ -287,7 +276,8 @@ write:

// We're not servicing t.startKex, but the remote end
// has just sent us a kexInitMsg, so it can't send
// another key change request.
// another key change request, until we close the done
// channel on the pendingKex request.

err := t.enterKeyExchange(request.otherInit)

Expand All @@ -301,6 +291,23 @@ write:
} else if t.algorithms != nil {
t.writeBytesLeft = t.algorithms.w.rekeyBytes()
}

// we have completed the key exchange. Since the
// reader is still blocked, it is safe to clear out
// the requestKex channel. This avoids the situation
// where: 1) we consumed our own request for the
// initial kex, and 2) the kex from the remote side
// caused another send on the requestKex channel,
clear:
for {
select {
case <-t.requestKex:
//
default:
break clear
}
}

request.done <- t.writeError

// kex finished. Push packets that we received while
Expand Down

0 comments on commit 56f5a47

Please sign in to comment.