commit eccb9de72aa29da5a3fad87a4287b32438689c1f
author Damien Miller <djm@mindrot.org> Fri Jun 17 12:59:34 2005 +1000
committer Damien Miller <djm@mindrot.org> Fri Jun 17 12:59:34 2005 +1000
tree 9b8ef20a7e454b984e0ad67b54b2bdc5577aa2fa
parent 677257fe07dd2b9a58817e1d42fc2c25bb618a4d

   - djm@cvs.openbsd.org 2005/06/17 02:44:33
     [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean

kex.c

diff --git a/kex.c b/kex.c
index a668346..8736aa2 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: kex.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/crypto.h>
 
@@ -52,7 +52,7 @@
 static void
 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 {
-	int i;
+	u_int i;
 
 	buffer_clear(b);
 	/*
@@ -101,7 +101,7 @@
 static void
 kex_prop_free(char **proposal)
 {
-	int i;
+	u_int i;
 
 	for (i = 0; i < PROPOSAL_MAX; i++)
 		xfree(proposal[i]);
@@ -150,7 +150,7 @@
 {
 	u_int32_t rnd = 0;
 	u_char *cookie;
-	int i;
+	u_int i;
 
 	if (kex == NULL) {
 		error("kex_send_kexinit: no kex, cannot rekey");
@@ -183,8 +183,7 @@
 kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
 {
 	char *ptr;
-	int dlen;
-	int i;
+	u_int i, dlen;
 	Kex *kex = (Kex *)ctxt;
 
 	debug("SSH2_MSG_KEXINIT received");
@@ -343,9 +342,7 @@
 	char **my, **peer;
 	char **cprop, **sprop;
 	int nenc, nmac, ncomp;
-	int mode;
-	int ctos;				/* direction: if true client-to-server */
-	int need;
+	u_int mode, ctos, need;
 	int first_kex_follows, type;
 
 	my   = kex_buf2prop(&kex->my, NULL);
@@ -405,15 +402,19 @@
 }
 
 static u_char *
-derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
+derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
 {
 	Buffer b;
 	const EVP_MD *evp_md = EVP_sha1();
 	EVP_MD_CTX md;
 	char c = id;
-	int have;
+	u_int have;
 	int mdsz = EVP_MD_size(evp_md);
-	u_char *digest = xmalloc(roundup(need, mdsz));
+	u_char *digest;
+	
+	if (mdsz < 0)
+		fatal("derive_key: mdsz < 0");
+	digest = xmalloc(roundup(need, mdsz));
 
 	buffer_init(&b);
 	buffer_put_bignum2(&b, shared_secret);
@@ -455,7 +456,7 @@
 kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
 {
 	u_char *keys[NKEYS];
-	int i, mode, ctos;
+	u_int i, mode, ctos;
 
 	for (i = 0; i < NKEYS; i++)
 		keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
@@ -493,13 +494,13 @@
 	EVP_DigestInit(&md, evp_md);
 
 	len = BN_num_bytes(host_modulus);
-	if (len < (512 / 8) || len > sizeof(nbuf))
+	if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
 		fatal("%s: bad host modulus (len %d)", __func__, len);
 	BN_bn2bin(host_modulus, nbuf);
 	EVP_DigestUpdate(&md, nbuf, len);
 
 	len = BN_num_bytes(server_modulus);
-	if (len < (512 / 8) || len > sizeof(nbuf))
+	if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
 		fatal("%s: bad server modulus (len %d)", __func__, len);
 	BN_bn2bin(server_modulus, nbuf);
 	EVP_DigestUpdate(&md, nbuf, len);
@@ -518,7 +519,7 @@
 void
 dump_digest(char *msg, u_char *digest, int len)
 {
-	int i;
+	u_int i;
 
 	fprintf(stderr, "%s\n", msg);
 	for (i = 0; i< len; i++) {