upstream commit

adapt kex to sshbuf and struct ssh; ok djm@

auth.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.79 2014/12/22 07:51:30 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.80 2015/01/19 20:16:15 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -42,6 +42,7 @@
 #include <krb5.h>
 #endif
 
+struct ssh;
 struct sshkey;
 
 typedef struct Authctxt Authctxt;
@@ -202,12 +203,12 @@ check_key_in_hostfiles(struct passwd *, Key *, const char *,
 
 /* hostkey handling */
 Key	*get_hostkey_by_index(int);
-Key	*get_hostkey_public_by_index(int);
-Key	*get_hostkey_public_by_type(int);
-Key	*get_hostkey_private_by_type(int);
-int	 get_hostkey_index(Key *);
+Key	*get_hostkey_public_by_index(int, struct ssh *);
+Key	*get_hostkey_public_by_type(int, struct ssh *);
+Key	*get_hostkey_private_by_type(int, struct ssh *);
+int	 get_hostkey_index(Key *, struct ssh *);
 int	 ssh1_session_key(BIGNUM *);
-void	 sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int);
+int	 sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, u_char *, size_t, u_int);
 
 /* debug messages during authentication */
 void	 auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));

clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.264 2015/01/19 20:07:45 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.265 2015/01/19 20:16:15 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1413,8 +1413,7 @@ client_process_output(fd_set *writeset)
 static void
 client_process_buffered_input_packets(void)
 {
-	dispatch_run(DISPATCH_NONBLOCK, &quit_pending,
-	    compat20 ? active_state->kex : NULL);
+	dispatch_run(DISPATCH_NONBLOCK, &quit_pending, active_state);
 }
 
 /* scan buf[] for '~' before sending data to the peer */
@@ -1468,7 +1467,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 {
 	fd_set *readset = NULL, *writeset = NULL;
 	double start_time, total_time;
-	int max_fd = 0, max_fd2 = 0, len, rekeying = 0;
+	int r, max_fd = 0, max_fd2 = 0, len, rekeying = 0;
 	u_int64_t ibytes, obytes;
 	u_int nalloc = 0;
 	char buf[100];
@@ -1598,7 +1597,9 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 			if (need_rekeying || packet_need_rekeying()) {
 				debug("need rekeying");
 				active_state->kex->done = 0;
-				kex_send_kexinit(active_state->kex);
+				if ((r = kex_send_kexinit(active_state)) != 0)
+					fatal("%s: kex_send_kexinit: %s",
+					    __func__, ssh_err(r));
 				need_rekeying = 0;
 			}
 		}

dh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.53 2013/11/21 00:45:44 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.54 2015/01/19 20:16:15 markus Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -39,6 +39,7 @@
 #include "pathnames.h"
 #include "log.h"
 #include "misc.h"
+#include "ssherr.h"
 
 static int
 parse_prime(int linenum, char *line, struct dhgroup *dhg)
@@ -107,10 +108,11 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 		goto fail;
 	}
 
-	if ((dhg->g = BN_new()) == NULL)
-		fatal("parse_prime: BN_new failed");
-	if ((dhg->p = BN_new()) == NULL)
-		fatal("parse_prime: BN_new failed");
+	if ((dhg->g = BN_new()) == NULL ||
+	    (dhg->p = BN_new()) == NULL) {
+		error("parse_prime: BN_new failed");
+		goto fail;
+	}
 	if (BN_hex2bn(&dhg->g, gen) == 0) {
 		error("moduli:%d: could not parse generator value", linenum);
 		goto fail;
@@ -128,7 +130,6 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 		error("moduli:%d: generator is invalid", linenum);
 		goto fail;
 	}
-
 	return 1;
 
  fail:
@@ -137,7 +138,6 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 	if (dhg->p != NULL)
 		BN_clear_free(dhg->p);
 	dhg->g = dhg->p = NULL;
-	error("Bad prime description in line %d", linenum);
 	return 0;
 }
 
@@ -200,9 +200,11 @@ choose_dh(int min, int wantbits, int max)
 		break;
 	}
 	fclose(f);
-	if (linenum != which+1)
-		fatal("WARNING: line %d disappeared in %s, giving up",
+	if (linenum != which+1) {
+		logit("WARNING: line %d disappeared in %s, giving up",
 		    which, _PATH_DH_PRIMES);
+		return (dh_new_group14());
+	}
 
 	return (dh_new_group(dhg.g, dhg.p));
 }
@@ -251,22 +253,22 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 	return 0;
 }
 
-void
+int
 dh_gen_key(DH *dh, int need)
 {
 	int pbits;
 
-	if (need <= 0)
-		fatal("%s: need <= 0", __func__);
-	if (dh->p == NULL)
-		fatal("%s: dh->p == NULL", __func__);
-	if ((pbits = BN_num_bits(dh->p)) <= 0)
-		fatal("%s: bits(p) <= 0", __func__);
+	if (need < 0 || dh->p == NULL ||
+	    (pbits = BN_num_bits(dh->p)) <= 0 ||
+	    need > INT_MAX / 2 || 2 * need >= pbits)
+		return SSH_ERR_INVALID_ARGUMENT;
 	dh->length = MIN(need * 2, pbits - 1);
-	if (DH_generate_key(dh) == 0)
-		fatal("%s: key generation failed", __func__);
-	if (!dh_pub_is_valid(dh, dh->pub_key))
-		fatal("%s: generated invalid key", __func__);
+	if (DH_generate_key(dh) == 0 ||
+	    !dh_pub_is_valid(dh, dh->pub_key)) {
+		BN_clear_free(dh->priv_key);
+		return SSH_ERR_LIBCRYPTO_ERROR;
+	}
+	return 0;
 }
 
 DH *
@@ -275,13 +277,12 @@ dh_new_group_asc(const char *gen, const char *modulus)
 	DH *dh;
 
 	if ((dh = DH_new()) == NULL)
-		fatal("dh_new_group_asc: DH_new");
-
-	if (BN_hex2bn(&dh->p, modulus) == 0)
-		fatal("BN_hex2bn p");
-	if (BN_hex2bn(&dh->g, gen) == 0)
-		fatal("BN_hex2bn g");
-
+		return NULL;
+	if (BN_hex2bn(&dh->p, modulus) == 0 ||
+	    BN_hex2bn(&dh->g, gen) == 0) {
+		DH_free(dh);
+		return NULL;
+	}
 	return (dh);
 }
 
@@ -296,7 +297,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
 	DH *dh;
 
 	if ((dh = DH_new()) == NULL)
-		fatal("dh_new_group: DH_new");
+		return NULL;
 	dh->p = modulus;
 	dh->g = gen;
 
@@ -344,7 +345,7 @@ dh_new_group14(void)
  * from RFC4419 section 3.
  */
 
-int
+u_int
 dh_estimate(int bits)
 {
 	if (bits <= 112)

dh.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.11 2013/10/08 11:42:13 dtucker Exp $ */
+/* $OpenBSD: dh.h,v 1.12 2015/01/19 20:16:15 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
@@ -38,10 +38,10 @@ DH	*dh_new_group(BIGNUM *, BIGNUM *);
 DH	*dh_new_group1(void);
 DH	*dh_new_group14(void);
 
-void	 dh_gen_key(DH *, int);
+int	 dh_gen_key(DH *, int);
 int	 dh_pub_is_valid(DH *, BIGNUM *);
 
-int	 dh_estimate(int);
+u_int	 dh_estimate(int);
 
 /* Min and max values from RFC4419. */
 #define DH_GRP_MIN	1024