This commit was generated by cvs2svn to compensate for changes in r61209,

which included commits to RCS files with non-trunk default branches.
2000-06-03 09:52:37 +00:00 · 2000-06-03 09:52:37 +00:00 · 7513668808
commit 7513668808
parent cfa18fd2ba 2632b0c875
8 changed files with 204 additions and 159 deletions
--- a/crypto/openssh/compat.c
+++ b/crypto/openssh/compat.c
@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: compat.c,v 1.13 2000/05/08 17:42:24 markus Exp $");
+RCSID("$Id: compat.c,v 1.14 2000/05/22 18:42:01 markus Exp $");
 #include "ssh.h"
 #include "packet.h"
@ -80,10 +80,12 @@ compat_datafellows(const char *version)
 int
 proto_spec(const char *spec)
 {
-	char *s = xstrdup(spec);
+	char *s, *p;
 	char *p;
 	int ret = SSH_PROTO_UNKNOWN;
 	if (spec == NULL)
 		return ret;
 	s = xstrdup(spec);
 	for ((p = strtok(s, SEP)); p; (p = strtok(NULL, SEP))) {
 		switch(atoi(p)) {
 		case 1:
--- a/crypto/openssh/kex.c
+++ b/crypto/openssh/kex.c
@ -28,13 +28,14 @@
 */
 #include "includes.h"
-RCSID("$Id: kex.c,v 1.6 2000/05/08 17:42:25 markus Exp $");
+RCSID("$Id: kex.c,v 1.7 2000/05/25 20:45:20 markus Exp $");
 #include "ssh.h"
 #include "ssh2.h"
 #include "xmalloc.h"
 #include "buffer.h"
 #include "bufaux.h"
 #include "packet.h"
 #include "cipher.h"
 #include "compat.h"
@ -49,15 +50,17 @@ RCSID("$Id: kex.c,v 1.6 2000/05/08 17:42:25 markus Exp $");
 #include "kex.h"
 #define KEX_COOKIE_LEN	16
 Buffer *
 kex_init(char *myproposal[PROPOSAL_MAX])
 {
-	char c = 0;
+	int first_kex_packet_follows = 0;
-	unsigned char cookie[16];
+	unsigned char cookie[KEX_COOKIE_LEN];
 	u_int32_t rand = 0;
 	int i;
 	Buffer *ki = xmalloc(sizeof(*ki));
-	for (i = 0; i < 16; i++) {
+	for (i = 0; i < KEX_COOKIE_LEN; i++) {
 		if (i % 4 == 0)
 			rand = arc4random();
 		cookie[i] = rand & 0xff;
@ -67,11 +70,55 @@ kex_init(char *myproposal[PROPOSAL_MAX])
 	buffer_append(ki, (char *)cookie, sizeof cookie);
 	for (i = 0; i < PROPOSAL_MAX; i++)
 		buffer_put_cstring(ki, myproposal[i]);
-	buffer_append(ki, &c, 1); /* boolean   first_kex_packet_follows */
+	buffer_put_char(ki, first_kex_packet_follows);
-	buffer_put_int(ki, 0);    /* uint32    0 (reserved for future extension) */
+	buffer_put_int(ki, 0);				/* uint32 reserved */
 	return ki;
 }
 /* send kexinit, parse and save reply */
 void
 kex_exchange_kexinit(
    Buffer *my_kexinit, Buffer *peer_kexint,
    char *peer_proposal[PROPOSAL_MAX])
 {
 	int i;
 	char *ptr;
 	int plen;
 	debug("send KEXINIT");
 	packet_start(SSH2_MSG_KEXINIT);
 	packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit));	
 	packet_send();
 	packet_write_wait();
 	debug("done");
 	/*
 	 * read and save raw KEXINIT payload in buffer. this is used during
 	 * computation of the session_id and the session keys.
 	 */
 	debug("wait KEXINIT");
 	packet_read_expect(&plen, SSH2_MSG_KEXINIT);
 	ptr = packet_get_raw(&plen);
 	buffer_append(peer_kexint, ptr, plen);
 	/* parse packet and save algorithm proposal */
 	/* skip cookie */
 	for (i = 0; i < KEX_COOKIE_LEN; i++)
 		packet_get_char();
 	/* extract kex init proposal strings */
 	for (i = 0; i < PROPOSAL_MAX; i++) {
 		peer_proposal[i] = packet_get_string(NULL);
 		debug("got kexinit: %s", peer_proposal[i]);
 	}
 	/* first kex follow / reserved */
 	i = packet_get_char();
 	debug("first kex follow: %d ", i);
 	i = packet_get_int();
 	debug("reserved: %d ", i);
 	packet_done();
 	debug("done");
 }
 /* diffie-hellman-group1-sha1 */
 int
@ -133,12 +180,6 @@ dh_new_group1()
 	return dh;
 }
 void
 bignum_print(BIGNUM *b)
 {
 	BN_print_fp(stderr,b);
 }
 void
 dump_digest(unsigned char *digest, int len)
 {
@ -246,10 +287,13 @@ char *
 get_match(char *client, char *server)
 {
 	char *sproposals[MAX_PROP];
-	char *p;
+	char *c, *s, *p, *ret;
 	int i, j, nproposals;
-	for ((p = strtok(server, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
+	c = xstrdup(client);
 	s = xstrdup(server);
 	for ((p = strtok(s, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
 		if (i < MAX_PROP)
 			sproposals[i] = p;
 		else
@ -257,11 +301,18 @@ get_match(char *client, char *server)
 	}
 	nproposals = i;
-	for ((p = strtok(client, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
+	for ((p = strtok(c, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
-		for (j = 0; j < nproposals; j++)
+		for (j = 0; j < nproposals; j++) {
-			if (strcmp(p, sproposals[j]) == 0)
+			if (strcmp(p, sproposals[j]) == 0) {
-				return xstrdup(p);
+				ret = xstrdup(p);
 				xfree(c);
 				xfree(s);
 				return ret;
 			}
 		}
 	}
 	xfree(c);
 	xfree(s);
 	return NULL;
 }
 void
@ -355,7 +406,6 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
 Kex *
 kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server)
 {
 	int i;
 	int mode;
 	int ctos;				/* direction: if true client-to-server */
 	int need;
@ -383,10 +433,6 @@ kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server
 	choose_kex(k, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
 	choose_hostkeyalg(k, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
 	    sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
 	for (i = 0; i < PROPOSAL_MAX; i++) {
 		xfree(cprop[i]);
 		xfree(sprop[i]);
 	}
 	need = 0;
 	for (mode = 0; mode < MODE_MAX; mode++) {
 	    if (need < k->enc[mode].key_len)
@ -396,9 +442,7 @@ kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server
 	    if (need < k->mac[mode].key_len)
 		    need = k->mac[mode].key_len;
 	}
-	/* need runden? */
+	/* XXX need runden? */
 #define WE_NEED 32
 	k->we_need = WE_NEED;
 	k->we_need = need;
 	return k;
 }
--- a/crypto/openssh/kex.h
+++ b/crypto/openssh/kex.h
@ -91,12 +91,17 @@ struct Kex {
 };
 Buffer	*kex_init(char *myproposal[PROPOSAL_MAX]);
 void
 kex_exchange_kexinit(
    Buffer *my_kexinit, Buffer *peer_kexint,
    char *peer_proposal[PROPOSAL_MAX]);
 Kex *
 kex_choose_conf(char *cprop[PROPOSAL_MAX],
    char *sprop[PROPOSAL_MAX], int server);
 int	kex_derive_keys(Kex *k, unsigned char *hash, BIGNUM *shared_secret);
 void	packet_set_kex(Kex *k);
 int	dh_pub_is_valid(DH *dh, BIGNUM *dh_pub);
 DH	*dh_new_group1();
 Kex 	*kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server);
 int	kex_derive_keys(Kex *k, unsigned char *hash, BIGNUM *shared_secret);
 void	bignum_print(BIGNUM *b);
 void	packet_set_kex(Kex *k);
 unsigned char *
 kex_hash(
--- a/crypto/openssh/lib/Makefile
+++ b/crypto/openssh/lib/Makefile
@ -5,7 +5,7 @@ SRCS=   authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \
 	cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \
 	hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
 	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
-	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c
+	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c
 NOPROFILE= yes
 NOPIC=	yes
--- a/crypto/openssh/myproposal.h
+++ b/crypto/openssh/myproposal.h
@ -6,7 +6,7 @@
 #define	KEX_DEFAULT_LANG	""
-static const char *myproposal[PROPOSAL_MAX] = {
+static char *myproposal[PROPOSAL_MAX] = {
 	KEX_DEFAULT_KEX,
 	KEX_DEFAULT_PK_ALG,
 	KEX_DEFAULT_ENCRYPT,
--- a/crypto/openssh/serverloop.c
+++ b/crypto/openssh/serverloop.c
@ -159,33 +159,37 @@ wait_until_can_do_something(fd_set * readset, fd_set * writeset,
 	/* Initialize select() masks. */
 	FD_ZERO(readset);
 	FD_ZERO(writeset);
 	/*
 	 * Read packets from the client unless we have too much buffered
 	 * stdin or channel data.
 	 */
 	if (compat20) {
 		/* wrong: bad condition XXX */
 		if (channel_not_very_much_buffered_data())
 			FD_SET(connection_in, readset);
 	} else {
-		if (buffer_len(&stdin_buffer) < 4096 &&
+		/*
 		 * Read packets from the client unless we have too much
 		 * buffered stdin or channel data.
 		 */
 		if (buffer_len(&stdin_buffer) < buffer_high &&
 		    channel_not_very_much_buffered_data())
 			FD_SET(connection_in, readset);
 		/*
 		 * If there is not too much data already buffered going to
 		 * the client, try to get some more data from the program.
 		 */
 		if (packet_not_very_much_data_to_write()) {
 			if (!fdout_eof)
 				FD_SET(fdout, readset);
 			if (!fderr_eof)
 				FD_SET(fderr, readset);
 		}
 		/*
 		 * If we have buffered data, try to write some of that data
 		 * to the program.
 		 */
 		if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
 			FD_SET(fdin, writeset);
 	}
 	/*
 	 * If there is not too much data already buffered going to the
 	 * client, try to get some more data from the program.
 	 */
 	if (!compat20 && packet_not_very_much_data_to_write()) {
 		if (!fdout_eof)
 			FD_SET(fdout, readset);
 		if (!fderr_eof)
 			FD_SET(fderr, readset);
 	}
 	FD_ZERO(writeset);
 	/* Set masks for channel descriptors. */
 	channel_prepare_select(readset, writeset);
@ -196,11 +200,6 @@ wait_until_can_do_something(fd_set * readset, fd_set * writeset,
 	if (packet_have_data_to_write())
 		FD_SET(connection_out, writeset);
 	/* If we have buffered data, try to write some of that data to the
 	   program. */
 	if (!compat20 && fdin != -1 && buffer_len(&stdin_buffer) > 0)
 		FD_SET(fdin, writeset);
 	/* Update the maximum descriptor number if appropriate. */
 	if (channel_max_fd() > max_fd)
 		max_fd = channel_max_fd();
@ -250,20 +249,15 @@ process_input(fd_set * readset)
 		if (len == 0) {
 			verbose("Connection closed by remote host.");
 			fatal_cleanup();
 		} else if (len < 0) {
 			if (errno != EINTR && errno != EAGAIN) {
 				verbose("Read error from remote host: %.100s", strerror(errno));
 				fatal_cleanup();
 			}
 		} else {
 			/* Buffer any received data. */
 			packet_process_incoming(buf, len);
 		}
 		/*
 		 * There is a kernel bug on Solaris that causes select to
 		 * sometimes wake up even though there is no data available.
 		 */
 		if (len < 0 && errno == EAGAIN)
 			len = 0;
 		if (len < 0) {
 			verbose("Read error from remote host: %.100s", strerror(errno));
 			fatal_cleanup();
 		}
 		/* Buffer any received data. */
 		packet_process_incoming(buf, len);
 	}
 	if (compat20)
 		return;
@ -271,9 +265,11 @@ process_input(fd_set * readset)
 	/* Read and buffer any available stdout data from the program. */
 	if (!fdout_eof && FD_ISSET(fdout, readset)) {
 		len = read(fdout, buf, sizeof(buf));
-		if (len <= 0)
+		if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
 			/* do nothing */
 		} else if (len <= 0) {
 			fdout_eof = 1;
-		else {
+		} else {
 			buffer_append(&stdout_buffer, buf, len);
 			fdout_bytes += len;
 		}
@ -281,10 +277,13 @@ process_input(fd_set * readset)
 	/* Read and buffer any available stderr data from the program. */
 	if (!fderr_eof && FD_ISSET(fderr, readset)) {
 		len = read(fderr, buf, sizeof(buf));
-		if (len <= 0)
+		if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
 			/* do nothing */
 		} else if (len <= 0) {
 			fderr_eof = 1;
-		else
+		} else {
 			buffer_append(&stderr_buffer, buf, len);
 		}
 	}
 }
@ -300,7 +299,9 @@ process_output(fd_set * writeset)
 	if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
 		len = write(fdin, buffer_ptr(&stdin_buffer),
 		    buffer_len(&stdin_buffer));
-		if (len <= 0) {
+		if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
 			/* do nothing */
 		} else if (len <= 0) {
 #ifdef USE_PIPES
 			close(fdin);
 #else
@ -367,6 +368,7 @@ process_buffered_input_packets()
 void
 server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
 {
 	fd_set readset, writeset;
 	int wait_status;	/* Status returned by wait(). */
 	pid_t wait_pid;		/* pid returned by wait(). */
 	int waiting_termination = 0;	/* Have displayed waiting close message. */
@ -386,6 +388,14 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
 	fdin = fdin_arg;
 	fdout = fdout_arg;
 	fderr = fderr_arg;
 	/* nonblocking IO */
 	set_nonblock(fdin);
 	set_nonblock(fdout);
 	/* we don't have stderr for interactive terminal sessions, see below */
 	if (fderr != -1)
 		set_nonblock(fderr);
 	connection_in = packet_get_connection_in();
 	connection_out = packet_get_connection_out();
@ -426,7 +436,6 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
 	/* Main loop of the server for the interactive session mode. */
 	for (;;) {
 		fd_set readset, writeset;
 		/* Process buffered packets from the client. */
 		process_buffered_input_packets();
@ -694,6 +703,9 @@ input_direct_tcpip(void)
 	originator = packet_get_string(NULL);
 	originator_port = packet_get_int();
 	packet_done();
 	debug("open direct-tcpip: from %s port %d to %s port %d",
 	   originator, originator_port, target, target_port);
 	/* XXX check permission */
 	sock = channel_connect_to(target, target_port);
 	xfree(target);
@ -745,7 +757,6 @@ server_input_channel_open(int type, int plen)
 			channel_free(id);
 		}
 	} else if (strcmp(ctype, "direct-tcpip") == 0) {
 		debug("open direct-tcpip");
 		id = input_direct_tcpip();
 		if (id >= 0)
 			c = channel_lookup(id);
--- a/crypto/openssh/ssh2.h
+++ b/crypto/openssh/ssh2.h
@ -1,5 +1,5 @@
 /*
- * draft-ietf-secsh-architecture-04.txt
+ * draft-ietf-secsh-architecture-05.txt
 *
 *   Transport layer protocol:
 *
@ -28,6 +28,7 @@
 *
 *     192-255  Local extensions
 */
 /* RCSID("$OpenBSD: ssh2.h,v 1.3 2000/05/15 07:03:12 markus Exp $"); */
 /* transport layer: generic */
@ -88,6 +89,7 @@
 #define SSH2_DISCONNECT_PROTOCOL_ERROR			2
 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED		3
 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED	4
 #define SSH2_DISCONNECT_RESERVED			4
 #define SSH2_DISCONNECT_MAC_ERROR			5
 #define SSH2_DISCONNECT_COMPRESSION_ERROR		6
 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE		7
@ -95,6 +97,10 @@
 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE		9
 #define SSH2_DISCONNECT_CONNECTION_LOST			10
 #define SSH2_DISCONNECT_BY_APPLICATION			11
 #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS		12
 #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER		13
 #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE	14
 #define SSH2_DISCONNECT_ILLEGAL_USER_NAME		15
 /* misc */
--- a/crypto/openssh/sshconnect2.c
+++ b/crypto/openssh/sshconnect2.c
@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.11 2000/05/25 20:45:20 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@ -68,16 +68,12 @@ unsigned char *session_id2 = NULL;
 int session_id2_len = 0;
 void
-ssh_kex2(char *host, struct sockaddr *hostaddr)
+ssh_kex_dh(Kex *kex, char *host, struct sockaddr *hostaddr,
    Buffer *client_kexinit, Buffer *server_kexinit)
 {
-	Kex *kex;
+	int i;
-	char *cprop[PROPOSAL_MAX];
+	int plen, dlen;
 	char *sprop[PROPOSAL_MAX];
 	Buffer *client_kexinit;
 	Buffer *server_kexinit;
 	int payload_len, dlen;
 	unsigned int klen, kout;
 	char *ptr;
 	char *signature = NULL;
 	unsigned int slen;
 	char *server_host_key_blob = NULL;
@ -86,72 +82,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 	DH *dh;
 	BIGNUM *dh_server_pub = 0;
 	BIGNUM *shared_secret = 0;
 	int i;
 	unsigned char *kbuf;
 	unsigned char *hash;
 /* KEXINIT */
 	debug("Sending KEX init.");
 	if (options.ciphers != NULL) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
 	} else if (options.cipher == SSH_CIPHER_3DES) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] =
 		    cipher_name(SSH_CIPHER_3DES_CBC);
 	} else if (options.cipher == SSH_CIPHER_BLOWFISH) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] =
 		    cipher_name(SSH_CIPHER_BLOWFISH_CBC);
 	}
 	if (options.compression) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
 	} else {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] = "none";
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
 	}
 	for (i = 0; i < PROPOSAL_MAX; i++)
 		cprop[i] = xstrdup(myproposal[i]);
 	client_kexinit = kex_init(cprop);
 	packet_start(SSH2_MSG_KEXINIT);
 	packet_put_raw(buffer_ptr(client_kexinit), buffer_len(client_kexinit));	
 	packet_send();
 	packet_write_wait();
 	debug("done");
 	packet_read_expect(&payload_len, SSH2_MSG_KEXINIT);
 	/* save payload for session_id */
 	server_kexinit = xmalloc(sizeof(*server_kexinit));
 	buffer_init(server_kexinit);
 	ptr = packet_get_raw(&payload_len);
 	buffer_append(server_kexinit, ptr, payload_len);
 	/* skip cookie */
 	for (i = 0; i < 16; i++)
 		(void) packet_get_char();
 	/* kex init proposal strings */
 	for (i = 0; i < PROPOSAL_MAX; i++) {
 		sprop[i] = packet_get_string(NULL);
 		debug("got kexinit string: %s", sprop[i]);
 	}
 	i = (int) packet_get_char();
 	debug("first kex follow == %d", i);
 	i = packet_get_int();
 	debug("reserved == %d", i);
 	packet_done();
 	debug("done read kexinit");
 	kex = kex_choose_conf(cprop, sprop, 0);
 /* KEXDH */
 	debug("Sending SSH2_MSG_KEXDH_INIT.");
 	/* generate and send 'e', client DH public key */
 	dh = dh_new_group1();
 	packet_start(SSH2_MSG_KEXDH_INIT);
@ -172,7 +106,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 	debug("Wait SSH2_MSG_KEXDH_REPLY.");
-	packet_read_expect(&payload_len, SSH2_MSG_KEXDH_REPLY);
+	packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);
 	debug("Got SSH2_MSG_KEXDH_REPLY.");
@ -233,10 +167,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 	    shared_secret
 	);
 	xfree(server_host_key_blob);
-	buffer_free(client_kexinit);
+	DH_free(dh);
 	buffer_free(server_kexinit);
 	xfree(client_kexinit);
 	xfree(server_kexinit);
 #ifdef DEBUG_KEXDH
 	fprintf(stderr, "hash == ");
 	for (i = 0; i< 20; i++)
@ -250,16 +181,61 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 	kex_derive_keys(kex, hash, shared_secret);
 	packet_set_kex(kex);
 	/* have keys, free DH */
 	DH_free(dh);
 	/* save session id */
 	session_id2_len = 20;
 	session_id2 = xmalloc(session_id2_len);
 	memcpy(session_id2, hash, session_id2_len);
 }
 void
 ssh_kex2(char *host, struct sockaddr *hostaddr)
 {
 	int i, plen;
 	Kex *kex;
 	Buffer *client_kexinit, *server_kexinit;
 	char *sprop[PROPOSAL_MAX];
 	if (options.ciphers != NULL) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
 	} else if (options.cipher == SSH_CIPHER_3DES) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] =
 		    (char *) cipher_name(SSH_CIPHER_3DES_CBC);
 	} else if (options.cipher == SSH_CIPHER_BLOWFISH) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] =
 		    (char *) cipher_name(SSH_CIPHER_BLOWFISH_CBC);
 	}
 	if (options.compression) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
 	} else {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] = "none";
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
 	}
 	/* buffers with raw kexinit messages */
 	server_kexinit = xmalloc(sizeof(*server_kexinit));
 	buffer_init(server_kexinit);
 	client_kexinit = kex_init(myproposal);
 	/* algorithm negotiation */
 	kex_exchange_kexinit(client_kexinit, server_kexinit, sprop);
 	kex = kex_choose_conf(myproposal, sprop, 0);
 	for (i = 0; i < PROPOSAL_MAX; i++)
 		xfree(sprop[i]);
 	/* server authentication and session key agreement */
 	ssh_kex_dh(kex, host, hostaddr, client_kexinit, server_kexinit);
 	buffer_free(client_kexinit);
 	buffer_free(server_kexinit);
 	xfree(client_kexinit);
 	xfree(server_kexinit);
 	debug("Wait SSH2_MSG_NEWKEYS.");
-	packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS);
+	packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
 	packet_done();
 	debug("GOT SSH2_MSG_NEWKEYS.");
@ -278,6 +254,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 #endif
 	debug("done: KEX2.");
 }
 /*
 * Authenticate user
 */