1 files changed, 28 insertions, 22 deletions

diff --git a/kex.c b/kex.c
index 3d6f3ab54..8cd851d23 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -56,7 +56,7 @@ static void kex_choose_conf(Kex *);
 static void
 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 {
-        int i;
+        u_int i;
 
         buffer_clear(b);
         /*
@@ -105,7 +105,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
 static void
 kex_prop_free(char **proposal)
 {
-        int i;
+        u_int i;
 
         for (i = 0; i < PROPOSAL_MAX; i++)
                 xfree(proposal[i]);
@@ -154,7 +154,7 @@ kex_send_kexinit(Kex *kex)
 {
         u_int32_t rnd = 0;
         u_char *cookie;
-        int i;
+        u_int i;
 
         if (kex == NULL) {
                 error("kex_send_kexinit: no kex, cannot rekey");
@@ -187,8 +187,7 @@ void
 kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
 {
         char *ptr;
-        int dlen;
-        int i;
+        u_int i, dlen;
         Kex *kex = (Kex *)ctxt;
 
         debug("SSH2_MSG_KEXINIT received");
@@ -280,10 +279,12 @@ choose_comp(Comp *comp, char *client, char *server)
         char *name = match_list(client, server, NULL);
         if (name == NULL)
                 fatal("no matching comp found: client %s server %s", client, server);
-        if (strcmp(name, "zlib") == 0) {
-                comp->type = 1;
+        if (strcmp(name, "zlib@openssh.com") == 0) {
+                comp->type = COMP_DELAYED;
+        } else if (strcmp(name, "zlib") == 0) {
+                comp->type = COMP_ZLIB;
         } else if (strcmp(name, "none") == 0) {
-                comp->type = 0;
+                comp->type = COMP_NONE;
         } else {
                 fatal("unsupported comp %s", name);
         }
@@ -302,8 +303,11 @@ choose_kex(Kex *k, char *client, char *server)
         } else if (strcmp(k->name, KEX_DHGEX) == 0) {
                 k->kex_type = KEX_DH_GEX_SHA1;
 #ifdef GSSAPI
-        } else if (strncmp(k->name, KEX_GSS_SHA1, 
-            sizeof(KEX_GSS_SHA1)-1) == 0) {
+        } else if (strncmp(k->name, KEX_GSS_GEX_SHA1_ID,
+            sizeof(KEX_GSS_GEX_SHA1_ID)-1) == 0) {
+                k->kex_type = KEX_GSS_GEX_SHA1;
+        } else if (strncmp(k->name, KEX_GSS_GRP1_SHA1_ID, 
+            sizeof(KEX_GSS_GRP1_SHA1_ID)-1) == 0) {
                 k->kex_type = KEX_GSS_GRP1_SHA1;
 #endif
         } else
@@ -352,9 +356,7 @@ kex_choose_conf(Kex *kex)
         char **my, **peer;
         char **cprop, **sprop;
         int nenc, nmac, ncomp;
-        int mode;
-        int ctos;                               /* direction: if true client-to-server */
-        int need;
+        u_int mode, ctos, need;
         int first_kex_follows, type;
 
         my   = kex_buf2prop(&kex->my, NULL);
@@ -404,7 +406,7 @@ kex_choose_conf(Kex *kex)
 
         /* ignore the next message if the proposals do not match */
         if (first_kex_follows && !proposals_match(my, peer) &&
-           !(datafellows & SSH_BUG_FIRSTKEX)) {
+            !(datafellows & SSH_BUG_FIRSTKEX)) {
                 type = packet_read();
                 debug2("skipping next packet (type %u)", type);
         }
@@ -414,15 +416,19 @@ kex_choose_conf(Kex *kex)
 }
 
 static u_char *
-derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
+derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
 {
         Buffer b;
         const EVP_MD *evp_md = EVP_sha1();
         EVP_MD_CTX md;
         char c = id;
-        int have;
+        u_int have;
         int mdsz = EVP_MD_size(evp_md);
-        u_char *digest = xmalloc(roundup(need, mdsz));
+        u_char *digest;
+
+        if (mdsz < 0)
+                fatal("derive_key: mdsz < 0");
+        digest = xmalloc(roundup(need, mdsz));
 
         buffer_init(&b);
         buffer_put_bignum2(&b, shared_secret);
@@ -464,7 +470,7 @@ void
 kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
 {
         u_char *keys[NKEYS];
-        int i, mode, ctos;
+        u_int i, mode, ctos;
 
         for (i = 0; i < NKEYS; i++)
                 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
@@ -502,13 +508,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
         EVP_DigestInit(&md, evp_md);
 
         len = BN_num_bytes(host_modulus);
-        if (len < (512 / 8) || len > sizeof(nbuf))
+        if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
                 fatal("%s: bad host modulus (len %d)", __func__, len);
         BN_bn2bin(host_modulus, nbuf);
         EVP_DigestUpdate(&md, nbuf, len);
 
         len = BN_num_bytes(server_modulus);
-        if (len < (512 / 8) || len > sizeof(nbuf))
+        if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
                 fatal("%s: bad server modulus (len %d)", __func__, len);
         BN_bn2bin(server_modulus, nbuf);
         EVP_DigestUpdate(&md, nbuf, len);
@@ -527,7 +533,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
 void
 dump_digest(char *msg, u_char *digest, int len)
 {
-        int i;
+        u_int i;
 
         fprintf(stderr, "%s\n", msg);
         for (i = 0; i< len; i++) {