Critical fix: KEXINIT exchange hash encoding (prepend SSH_MSG_KEXINIT byte) · 4778081866 - markbase

Critical fix: KEXINIT exchange hash encoding (prepend SSH_MSG_KEXINIT byte)

Some checks failed

Test / test (push) Has been cancelled

Details

Test / build (push) Has been cancelled

Details

OpenSSH kexgex.c source code analysis:
- KEXINIT payload stored without SSH_MSG_KEXINIT type byte
- Exchange hash prepends SSH_MSG_KEXINIT byte (20) with adjusted length

Before fix:
- client_kexinit_payload included SSH_MSG_KEXINIT byte
- Direct use without prepending

After fix:
- Remove SSH_MSG_KEXINIT byte from payload
- Prepend byte (20) in exchange hash with length+1
- Both kex_exchange.rs and kex_complete.rs updated

Testing result: MAC still fails, indicating additional encoding issues
Next: Detailed comparison of all exchange hash components

This commit is contained in:

Warren

2026-06-14 23:14:14 +08:00

parent 9e4b14a2b7

commit 4778081866

3 changed files with 30 additions and 8 deletions

BIN
data/auth.sqlite

View File

Binary file not shown.

Critical fix: KEXINIT exchange hash encoding (prepend SSH_MSG_KEXINIT byte) Some checks failed Test / test (push) Has been cancelled Details Test / build (push) Has been cancelled Details

BIN data/auth.sqlite View File

Critical fix: KEXINIT exchange hash encoding (prepend SSH_MSG_KEXINIT byte)

Some checks failed

Test / test (push) Has been cancelled

Details

Test / build (push) Has been cancelled

Details

BIN
data/auth.sqlite

View File