send and handle SSH_MSG_EXT_INFO only at the correct point

- other fixes for rsa pubkey auth
- only include ext-info handling when rsa pubkey auth is compiled

1 files changed, 10 insertions, 4 deletions

diff --git a/svr-kex.c b/svr-kex.c
index 44e10ff..df1008b 100644
--- a/svr-kex.c
+++ b/svr-kex.c
@@ -38,13 +38,15 @@
 #include "gensignkey.h"
 
 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs);
+#if DROPBEAR_EXT_INFO
+static void send_msg_ext_info(void);
+#endif
 
 /* Handle a diffie-hellman key exchange initialisation. This involves
  * calculating a session key reply value, and corresponding hash. These
  * are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls
  * that function, then brings the new keys into use */
 void recv_msg_kexdh_init() {
-
 	DEF_MP_INT(dh_e);
 	buffer *ecdh_qs = NULL;
 
@@ -87,9 +89,12 @@ void recv_msg_kexdh_init() {
 
 	send_msg_newkeys();
 
-	if (ses.allow_ext_info) {
+#if DROPBEAR_EXT_INFO
+	/* Only send it following the first newkeys */
+	if (!ses.kexstate.donesecondkex && ses.allow_ext_info) {
 		send_msg_ext_info();
 	}
+#endif
 
 	ses.requirenext = SSH_MSG_NEWKEYS;
 	TRACE(("leave recv_msg_kexdh_init"))
@@ -247,8 +252,9 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
 	TRACE(("leave send_msg_kexdh_reply"))
 }
 
+#if DROPBEAR_EXT_INFO
 /* Only used for server-sig-algs on the server side */
-void send_msg_ext_info(void) {
+static void send_msg_ext_info(void) {
 	TRACE(("enter send_msg_ext_info"))
 
 	buf_putbyte(ses.writepayload, SSH_MSG_EXT_INFO);
@@ -261,5 +267,5 @@ void send_msg_ext_info(void) {
 	encrypt_packet();
 
 	TRACE(("leave send_msg_ext_info"))
-
 }
+#endif