From 422cdc7b9f4e813f6fb1a5700eb7108af33cac63 Mon Sep 17 00:00:00 2001
From: thegwan <gwan.email@gmail.com>
Date: Mon, 21 Oct 2019 08:31:57 +0000
Subject: [PATCH 1/3] prevent running key exchange if hello-only flag set

---
 lib/ssh/handshake.go | 48 +++++++++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 21 deletions(-)

diff --git a/lib/ssh/handshake.go b/lib/ssh/handshake.go
index 2e50eba..166bbc3 100644
--- a/lib/ssh/handshake.go
+++ b/lib/ssh/handshake.go
@@ -180,29 +180,35 @@ func (t *handshakeTransport) readOnePacket() ([]byte, error) {
 	t.mu.Lock()
 
 	firstKex := t.sessionID == nil
+	if t.config.HelloOnly {
+		t.sentInitMsg = nil
+		t.sentInitPacket = nil
+		t.cond.Broadcast()
+		t.writtenSinceKex = 0
+		t.mu.Unlock()
+	} else {
+		err = t.enterKeyExchangeLocked(p)
+		if err != nil {
+			// drop connection
+			t.conn.Close()
+			t.writeError = err
+		}
 
-	err = t.enterKeyExchangeLocked(p)
-	if err != nil {
-		// drop connection
-		t.conn.Close()
-		t.writeError = err
+		if debugHandshake {
+			log.Printf("%s exited key exchange (first %v), err %v", t.id(), firstKex, err)
+		}
+
+		// Unblock writers.
+		t.sentInitMsg = nil
+		t.sentInitPacket = nil
+		t.cond.Broadcast()
+		t.writtenSinceKex = 0
+		t.mu.Unlock()
+
+		if err != nil {
+			return nil, err
+		}
 	}
-
-	if debugHandshake {
-		log.Printf("%s exited key exchange (first %v), err %v", t.id(), firstKex, err)
-	}
-
-	// Unblock writers.
-	t.sentInitMsg = nil
-	t.sentInitPacket = nil
-	t.cond.Broadcast()
-	t.writtenSinceKex = 0
-	t.mu.Unlock()
-
-	if err != nil {
-		return nil, err
-	}
-
 	t.readSinceKex = 0
 
 	// By default, a key exchange is hidden from higher layers by

From 86e24ff81fe3ca5dd869b47006b0531bcc23ab43 Mon Sep 17 00:00:00 2001
From: David Adrian <davidcadrian@gmail.com>
Date: Mon, 21 Oct 2019 19:38:02 -0400
Subject: [PATCH 2/3] Attempt to fix CI

---
 .travis.yml | 2 +-
 go.sum      | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index ad66e0f..2138f2f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,6 @@
 language: go
 go:
-- 1.9
+- 1.12
 services:
 - docker
 before_install:
diff --git a/go.sum b/go.sum
index 91c9227..f38da41 100644
--- a/go.sum
+++ b/go.sum
@@ -71,8 +71,6 @@ github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhu
 github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is=
 github.com/zmap/zcrypto v0.0.0-20190729165852-9051775e6a2e h1:mvOa4+/DXStR4ZXOks/UsjeFdn5O5JpLUtzqk9U8xXw=
 github.com/zmap/zcrypto v0.0.0-20190729165852-9051775e6a2e/go.mod h1:w7kd3qXHh8FNaczNjslXqvFQiv5mMWRXlL9klTUAHc8=
-github.com/zmap/zflags v1.3.0 h1:Pd79SH44p4j54+YADAFiB6dg94DI5GFUMdQkWR5cIL8=
-github.com/zmap/zflags v1.3.0/go.mod h1:HXDUD+uue8yeLHr0eXx1lvY6CvMiHbTKw5nGmA9OUoo=
 github.com/zmap/zflags v1.4.0-beta.1 h1:jzZ+wKTCksS/ltf9q19gYJ6zJuqRULuRdSWBPueEiZ8=
 github.com/zmap/zflags v1.4.0-beta.1/go.mod h1:HXDUD+uue8yeLHr0eXx1lvY6CvMiHbTKw5nGmA9OUoo=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=

From 31645233a5fa9f91a1328eac7dbb6372da2478e2 Mon Sep 17 00:00:00 2001
From: thegwan <gwan.email@gmail.com>
Date: Wed, 23 Oct 2019 17:45:40 +0000
Subject: [PATCH 3/3] reduce code duplication

---
 lib/ssh/handshake.go | 28 ++++++++++------------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/lib/ssh/handshake.go b/lib/ssh/handshake.go
index 166bbc3..d66526b 100644
--- a/lib/ssh/handshake.go
+++ b/lib/ssh/handshake.go
@@ -176,17 +176,10 @@ func (t *handshakeTransport) readOnePacket() ([]byte, error) {
 	if p[0] != msgKexInit {
 		return p, nil
 	}
-
 	t.mu.Lock()
 
 	firstKex := t.sessionID == nil
-	if t.config.HelloOnly {
-		t.sentInitMsg = nil
-		t.sentInitPacket = nil
-		t.cond.Broadcast()
-		t.writtenSinceKex = 0
-		t.mu.Unlock()
-	} else {
+	if !t.config.HelloOnly {
 		err = t.enterKeyExchangeLocked(p)
 		if err != nil {
 			// drop connection
@@ -197,17 +190,16 @@ func (t *handshakeTransport) readOnePacket() ([]byte, error) {
 		if debugHandshake {
 			log.Printf("%s exited key exchange (first %v), err %v", t.id(), firstKex, err)
 		}
+	}
+	// Unblock writers.
+	t.sentInitMsg = nil
+	t.sentInitPacket = nil
+	t.cond.Broadcast()
+	t.writtenSinceKex = 0
+	t.mu.Unlock()
 
-		// Unblock writers.
-		t.sentInitMsg = nil
-		t.sentInitPacket = nil
-		t.cond.Broadcast()
-		t.writtenSinceKex = 0
-		t.mu.Unlock()
-
-		if err != nil {
-			return nil, err
-		}
+	if err != nil {
+		return nil, err
 	}
 	t.readSinceKex = 0