From 76c940069807150cbdc239f40f72f84deb3eb21c Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Wed, 30 Mar 2022 17:02:43 +0200 Subject: [PATCH] sendKexInit: evaluate first key exchange only once we need it for both client and server Signed-off-by: Nicola Murino --- ssh/handshake.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ssh/handshake.go b/ssh/handshake.go index 150d53eccb..eb3197fdcb 100644 --- a/ssh/handshake.go +++ b/ssh/handshake.go @@ -457,6 +457,7 @@ func (t *handshakeTransport) sendKexInit() error { io.ReadFull(rand.Reader, msg.Cookie[:]) isServer := len(t.hostKeys) > 0 + firstKeyExchange := t.sessionID == nil if isServer { for _, k := range t.hostKeys { // If k is an AlgorithmSigner, presume it supports all signature algorithms @@ -475,7 +476,7 @@ func (t *handshakeTransport) sendKexInit() error { msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, keyFormat) } } - if firstKeyExchange := t.sessionID == nil; firstKeyExchange { + if firstKeyExchange { msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1) msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...) msg.KexAlgos = append(msg.KexAlgos, extInfoServer) @@ -486,7 +487,7 @@ func (t *handshakeTransport) sendKexInit() error { // As a client we opt in to receiving SSH_MSG_EXT_INFO so we know what // algorithms the server supports for public key authentication. See RFC // 8308, Section 2.1. - if firstKeyExchange := t.sessionID == nil; firstKeyExchange { + if firstKeyExchange { msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1) msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...) msg.KexAlgos = append(msg.KexAlgos, extInfoClient)