Fix regression related to rekeying

This commit corrects a mistake in a change which went into 2.14.1 that could cause rekeying to fail in some cases where there was activity on the connection. Thanks go to GitHub user eyalgolan1337 for reporting this problem, helping to narrow down the source of it, and testing the fix!
ronf · Jun 6, 2024 · c3dc869 · c3dc869
1 parent 5159542
commit c3dc869
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/asyncssh/connection.py b/asyncssh/connection.py
@@ -1634,7 +1634,9 @@ def send_packet(self, pkttype: int, *args: bytes,
             self._send_kexinit()
             self._kexinit_sent = True
 
-        if ((pkttype == MSG_USERAUTH_BANNER and
+        if (((pkttype in {MSG_SERVICE_REQUEST, MSG_SERVICE_ACCEPT} or
+              pkttype > MSG_KEX_LAST) and not self._kex_complete) or
+                (pkttype == MSG_USERAUTH_BANNER and
                  not (self._auth_in_progress or self._auth_complete)) or
                 (pkttype > MSG_USERAUTH_LAST and not self._auth_complete)):
             self._deferred_packets.append((pkttype, args))

diff --git a/tests/test_connection.py b/tests/test_connection.py
@@ -1136,6 +1136,8 @@ async def test_service_request_before_kex_complete(self):
         def send_newkeys(self, k, h):
             """Finish a key exchange and send a new keys message"""
 
+            self._kex_complete = True
+
             self.send_packet(MSG_SERVICE_REQUEST, String('ssh-userauth'))
 
             asyncssh.connection.SSHConnection.send_newkeys(self, k, h)
@@ -1152,6 +1154,8 @@ async def test_service_accept_before_kex_complete(self):
         def send_newkeys(self, k, h):
             """Finish a key exchange and send a new keys message"""
 
+            self._kex_complete = True
+
             self.send_packet(MSG_SERVICE_ACCEPT, String('ssh-userauth'))
 
             asyncssh.connection.SSHConnection.send_newkeys(self, k, h)
@@ -1438,6 +1442,8 @@ async def test_userauth_before_kex_complete(self):
         def send_newkeys(self, k, h):
             """Finish a key exchange and send a new keys message"""
 
+            self._kex_complete = True
+
             self.send_packet(MSG_USERAUTH_REQUEST, String('guest'),
                              String('ssh-connection'), String('none'))